Location: PHPKode > projects > Blandware AtLeap Lite - CMS on PHP > atleaplite/include/security.php
<?php
/*
 *  Copyright 2008 Blandware (http://www.blandware.com)
 *
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

/**
 * Contains some auth and autorization utilities.
 *
 * @package     AtleapLite
 * @author      Roman Puchkovskiy
 * @license     http://www.apache.org/licenses/LICENSE-2.0  Apache License, Version 2.0
 */

/**
 * Array of identifiers of permissions that are allowed to all users
 */
$allowedToAll = array('showPage', 'viewMainPage',
        'showNewsArchive', 'showResources', 'showCategory',
        'showCommodity', 'showImage', 'viewSiteMap');
/**
 * Array of identifiers of permissions that are allowed to anonymous users
 */
$allowedToAnonymous = array('login');
/**
 * Array of identifiers of permissions that are allowed to registered users
 */
$allowedToRegistered = array('logout', 'showAdminConsole', 'updateMyself');

/**
 * Tries to authenticate a user.
 *
 * @param string $login     user login
 * @param string $password  user password
 */
function auth($login, $password)
{
    global $dsn;

    configurateDataObject($dsn);
    $tempUser =& getDao('user');
    $tempUser->login = $login;
    $tempUser->setPassword($password);
    if ($tempUser->find(true) > 0) {
        $result = true;
    } else {
        $result = false;
    }
    return $result;
}

/**
 * Returns whether current user has a given permission.
 *
 * @global string database URL
 * @global array array of identifiers of permissions allowed to all users
 * @global array array of identifiers of permissions allowed to anonymous users
 * @global array array of identifiers of permissions allowed to registered users
 * @param string $permId    identifier of permission
 * @return bool true if current user has given permission
 */
function allowed($permId) {
    global $dsn, $allowedToAll, $allowedToAnonymous, $allowedToRegistered;

    configurateDataObject($dsn);
    if (array_search($permId, $allowedToAll) !== false) {
        return true;
    }
    if (isAnonymous()) {
        // Anonymous user
        if (array_search($permId, $allowedToAnonymous) !== false) {
            return true;
        }
    } else {
        // Registered user
        if (array_search($permId, $allowedToRegistered) !== false) {
            return true;
        }
        $user =& DB_DataObject::factory('user');
        $user->login = $_SESSION['login'];
        if ($user->find() < 1) {
            return false;
        }
        $user->fetch();
        $role = $user->getRole();
        return allowedForRole($role, $permId);
    }
}

/**
 * Returns true if given role has given permission.
 *
 * @param object $role      role object
 * @param string $permId    identifier of permission
 */
function allowedForRole($role, $permId)
{
    $permission =& DB_DataObject::factory('permission');
    $permission->identifier = $permId;
    if ($permission->find() < 1) {
        return false;
    }
    $permission->fetch();
    $rolePermission = DB_DataObject::factory('role_permission');
    $rolePermission->role_id = $role->id;
    $rolePermission->permission_id = $permission->id;
    $result = ($rolePermission->find(true) > 0);
    return $result;
}

/**
 * Returns whether given user is admin (i.e. his role is admin role). If no
 * user is specified, current user is considered.
 *
 * @param string $login optional    user login
 * @return bool true if user is admin
 */
function isAdmin($login = '')
{
    global $dsn;

    if ($_SESSION['anonymous']) {
        return false;
    }
    if ($login == '') {
        $login = $_SESSION['login'];
    }
    configurateDataObject($dsn);
    $user = DB_DataObject::factory('user');
    $user->login = $login;
    $user->find();
    if ($user->fetch() < 1) {
        return false;
    }
    return $user->isAdmin();
}

/**
 * Returns whether current user is anonymous.
 *
 * @return bool true if current user is anonymous
 */
function isAnonymous() {
    return $_SESSION['anonymous'];
}

/**
 * Takes array of links and removes those for which current user has no right.
 *
 * @param array $links array of links
 */
function checkLinks(&$links)
{
    foreach($links as $key => $value) {
        if (!allowed($value['permId'])) {
            unset($links[$key]);
        }
    }
}

/**
 * Returns the current user name.
 *
 * @return string user login or null if anonymous
 */
function getCurrentUser() {
    return $_SESSION['login'];
}

/**
 * Returns the current user ID.
 *
 * @return string user ID or null if anonymous
 */
function getCurrentUserId() {
    return $_SESSION['userId'];
}

?>
Return current item: Blandware AtLeap Lite - CMS on PHP