Location: PHPKode > projects > astwebpanel > web/index.php
<?php
/**
 * 
 * Copyright (C) 2004 - 2006, John Tarlton.
 *
 * This file is part of AstWebPanel - A web management user interface for Asterisk.
 *
 * AstWebPanel is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * AstWebPanel is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with AstWebPanel; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 * \file index.php
 *
 * This is the master page controller.
 * All pages are accessed via this page. It provides session management,
 * user authentication and page serving. Other pages are specified using
 * parameters passed in the url e.g. 'index.php?page=docs/userguide'.
 * Pages are specified in a two level hierachy: section and subsection
 * and are resolved to filenames using the ModuleManager.
 *
 */

require('./php/errorhandler.php');

require_once('./conf/config.php');
require_once('./php/dbase.php'); 
require_once('./dao/SessionLogDao.php');
require_once('./dao/UserDao.php');

/**  
 * Clear the session vars
 */
function session_reset()
{
	$_SESSION['username'] = "";
	$_SESSION['userrole'] = "";   /* admin, user ...*/
	$_SESSION['logged_in'] = 0;  
}

/**
 * Initialise a new session
 */
function session_init($username, $userrole)
{
	$_SESSION['username'] = $username;
	$_SESSION['userrole'] = $userrole;
	$_SESSION['logged_in'] = 1;

	/* TODO: save time for logging and so we can timeout the session ,
	 * log the ip address GetRemoteIP() 
	 */
}

/**
 * Process a login request.
 */
function login()
{
	if (isset($_POST['username']))
	{
		$sessionlog_dao = new SessionLogDao;
		$user = new UserDao;
		$userdata  = array();

		if ($user->get($_POST['username'], $userdata) )
		{
			if (!strcmp($_POST['password'], $userdata['passwd']))   // XXX md5/sha1 
			{
				if ($userdata['enable'])
				{
					session_init($userdata['username'], $userdata['role']);   // XXX lookup from roles table
					$sessionlog_dao->update($userdata['username'], "Login from: " . GetRemoteIP());
				}
				else
					$sessionlog_dao->update($userdata['username'], "Denied login from: " . GetRemoteIP() .  " - Account disabled");
			}
			else
				$sessionlog_dao->update($userdata['username'], "Denied login from: " . GetRemoteIP() .  " - Bad password");
		}
		else
		{
			$sessionlog_dao->update($_POST['username'], "Denied login from: " . GetRemoteIP() .  " - Unknown user");
		}

		if (!$_SESSION['logged_in'])
		{
			$login_denied = 1;			/* login.inc.php checks this var */
			require('./php/login.inc.php');   
			return FALSE;
		}			
	}
	else
	{
		require('./php/login.inc.php');
		return FALSE;
	}
	return TRUE;
}

/**
 * Log out the user, destroy the session.
 */
function logout()
{
	$sessionlog_dao = new SessionLogDao;
	$sessionlog_dao->update($_SESSION['username'], "Logout");

	/* Cleanup this session. */
	$_SESSION = array(); 
	if (isset($_COOKIE[session_name()])) 
	{
		setcookie(session_name(), '', time()-42000, '/');
	}
	session_destroy();

	/* Go back to the login page.*/
	require('./php/login.inc.php');
}


/**
 * Get the IP address of the user
 */
function GetRemoteIP()
{
	if (getenv("HTTP_CLIENT_IP") && strcasecmp(getenv("HTTP_CLIENT_IP"), "unknown"))
		$ip = getenv("HTTP_CLIENT_IP");
	else if (getenv("HTTP_X_FORWARDED_FOR") && strcasecmp(getenv("HTTP_X_FORWARDED_FOR"), "unknown"))
		$ip = getenv("HTTP_X_FORWARDED_FOR");
	else if (getenv("REMOTE_ADDR") && strcasecmp(getenv("REMOTE_ADDR"), "unknown"))
		$ip = getenv("REMOTE_ADDR");
	else if (isset($_SERVER['REMOTE_ADDR']) && $_SERVER['REMOTE_ADDR'] && strcasecmp($_SERVER['REMOTE_ADDR'], "unknown"))
		$ip = $_SERVER['REMOTE_ADDR'];
	else
		$ip = "unknown";
	return($ip);
}

/* Disable magic quotes - would be more efficient to control this with php.ini
*/
function disableMagicQuotes()
{
	if (get_magic_quotes_gpc()) 
	{
	   function stripslashes_deep($value)
	   {
	       $value = is_array($value) ?
	                   array_map('stripslashes_deep', $value) :
	                   stripslashes($value);

	       return $value;
	   }

	   $_POST = array_map('stripslashes_deep', $_POST);
	   $_GET = array_map('stripslashes_deep', $_GET);
	   $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
	}
}

////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////

session_start();

disableMagicQuotes();

/* Create session vars, first time in.  */
if (!isset($_SESSION['logged_in']))
{
	session_reset();
}

/* Check if logged in. */
if (!$_SESSION['logged_in'])
{
	if (!login())
		exit();
}

/* Parse out the section and subsection from the url. page=section/subsection */

$url ='';
$page_array = array();
if (isset($_REQUEST['page']))
{
	$url = $_REQUEST[ 'page' ]; 
	$page_array = explode("/", $url);
}
$section = '';
$subsection = '';

/* If no subsection was found, check if a logout was requested and handle it.
 * otherwise pass the request to the default 'entry' page.
 */
if (count($page_array) == 1)   
{
	if ($page_array[0] == 'logout')
	{
		logout();
		exit();
	}
}  
else if (count($page_array) == 2)  /* normal pages */
{
	$section = $page_array[0];
	$subsection = $page_array[1];
}

/* Use the ModuleManager to resolve the page spec */

require('./conf/module-conf.php'); 

if (empty($section) || empty($subsection))
	$module_manager->getDefault($_SESSION['userrole'], $section, $subsection);

$m = $module_manager->findModule($_SESSION['userrole'], $section, $subsection); 

if ( !empty($m) )
{
	$self = "./index.php?page=$section/$subsection"; 

	require("./modules/" . $m->page); 
	$page_classname = $m->id;
	$page_classname .= '_page';
	$page = new $page_classname(array('self' => $self, 'section' => $section, 'subsection' => $subsection));
	$page->renderHtml();
}
else
{
	/* custom 404 page */
	header("HTTP/1.1 404 Not Found");
	require('error404.html');
}

?>

Return current item: astwebpanel