<?php
/**
*
* Copyright (C) 2004 - 2006, John Tarlton.
*
* This file is part of AstWebPanel - A web management user interface for Asterisk.
*
* AstWebPanel is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* AstWebPanel is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with AstWebPanel; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* \file index.php
*
* This is the master page controller.
* All pages are accessed via this page. It provides session management,
* user authentication and page serving. Other pages are specified using
* parameters passed in the url e.g. 'index.php?page=docs/userguide'.
* Pages are specified in a two level hierachy: section and subsection
* and are resolved to filenames using the ModuleManager.
*
*/
require('./php/errorhandler.php');
require_once('./conf/config.php');
require_once('./php/dbase.php');
require_once('./dao/SessionLogDao.php');
require_once('./dao/UserDao.php');
/**
* Clear the session vars
*/
function session_reset()
{
$_SESSION['username'] = "";
$_SESSION['userrole'] = ""; /* admin, user ...*/
$_SESSION['logged_in'] = 0;
}
/**
* Initialise a new session
*/
function session_init($username, $userrole)
{
$_SESSION['username'] = $username;
$_SESSION['userrole'] = $userrole;
$_SESSION['logged_in'] = 1;
/* TODO: save time for logging and so we can timeout the session ,
* log the ip address GetRemoteIP()
*/
}
/**
* Process a login request.
*/
function login()
{
if (isset($_POST['username']))
{
$sessionlog_dao = new SessionLogDao;
$user = new UserDao;
$userdata = array();
if ($user->get($_POST['username'], $userdata) )
{
if (!strcmp($_POST['password'], $userdata['passwd'])) // XXX md5/sha1
{
if ($userdata['enable'])
{
session_init($userdata['username'], $userdata['role']); // XXX lookup from roles table
$sessionlog_dao->update($userdata['username'], "Login from: " . GetRemoteIP());
}
else
$sessionlog_dao->update($userdata['username'], "Denied login from: " . GetRemoteIP() . " - Account disabled");
}
else
$sessionlog_dao->update($userdata['username'], "Denied login from: " . GetRemoteIP() . " - Bad password");
}
else
{
$sessionlog_dao->update($_POST['username'], "Denied login from: " . GetRemoteIP() . " - Unknown user");
}
if (!$_SESSION['logged_in'])
{
$login_denied = 1; /* login.inc.php checks this var */
require('./php/login.inc.php');
return FALSE;
}
}
else
{
require('./php/login.inc.php');
return FALSE;
}
return TRUE;
}
/**
* Log out the user, destroy the session.
*/
function logout()
{
$sessionlog_dao = new SessionLogDao;
$sessionlog_dao->update($_SESSION['username'], "Logout");
/* Cleanup this session. */
$_SESSION = array();
if (isset($_COOKIE[session_name()]))
{
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();
/* Go back to the login page.*/
require('./php/login.inc.php');
}
/**
* Get the IP address of the user
*/
function GetRemoteIP()
{
if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
$ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
$ip = getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
$ip = getenv("REMOTE_ADDR");
else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
$ip = $_SERVER['REMOTE_ADDR'];
else
$ip = "unknown";
return($ip);
}
/* Disable magic quotes - would be more efficient to control this with php.ini
*/
function disableMagicQuotes()
{
if (get_magic_quotes_gpc())
{
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
$_POST = array_map('stripslashes_deep', $_POST);
$_GET = array_map('stripslashes_deep', $_GET);
$_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
}
////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////
session_start();
disableMagicQuotes();
/* Create session vars, first time in. */
if (!isset($_SESSION['logged_in']))
{
session_reset();
}
/* Check if logged in. */
if (!$_SESSION['logged_in'])
{
if (!login())
exit();
}
/* Parse out the section and subsection from the url. page=section/subsection */
$url ='';
$page_array = array();
if (isset($_REQUEST['page']))
{
$url = $_REQUEST[ 'page' ];
$page_array = explode("/", $url);
}
$section = '';
$subsection = '';
/* If no subsection was found, check if a logout was requested and handle it.
* otherwise pass the request to the default 'entry' page.
*/
if (count($page_array) == 1)
{
if ($page_array[0] == 'logout')
{
logout();
exit();
}
}
else if (count($page_array) == 2) /* normal pages */
{
$section = $page_array[0];
$subsection = $page_array[1];
}
/* Use the ModuleManager to resolve the page spec */
require('./conf/module-conf.php');
if (empty($section) || empty($subsection))
$module_manager->getDefault($_SESSION['userrole'], $section, $subsection);
$m = $module_manager->findModule($_SESSION['userrole'], $section, $subsection);
if ( !empty($m) )
{
$self = "./index.php?page=$section/$subsection";
require("./modules/" . $m->page);
$page_classname = $m->id;
$page_classname .= '_page';
$page = new $page_classname(array('self' => $self, 'section' => $section, 'subsection' => $subsection));
$page->renderHtml();
}
else
{
/* custom 404 page */
header("HTTP/1.1 404 Not Found");
require('error404.html');
}
?>