Location: PHPKode > projects > Open Media Collectors Database > functions/auth.php
<?php
/* 	
 	Open Media Collectors Database
	Copyright (C) 2001,2006 by Jason Pell

	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/

include_once("./functions/user.php");
include_once("./functions/utils.php");
include_once("./functions/http.php");
include_once("./functions/config.php");

define('PERM_VIEW_ANNOUNCEMENTS', 'PERM_VIEW_ANNOUNCEMENTS');
define('PERM_VIEW_WHATSNEW', 'PERM_VIEW_WHATSNEW');
define('PERM_VIEW_LISTINGS', 'PERM_VIEW_LISTINGS');
define('PERM_VIEW_STATS', 'PERM_VIEW_STATS');
define('PERM_VIEW_ADVANCED_SEARCH', 'PERM_VIEW_ADVANCED_SEARCH');
define('PERM_VIEW_USER_PROFILE', 'PERM_VIEW_USER_PROFILE');
define('PERM_VIEW_ITEM_DISPLAY', 'PERM_VIEW_ITEM_DISPLAY');
define('PERM_VIEW_ITEM_COVERS', 'PERM_VIEW_ITEM_COVERS');

define('PERM_ADMIN_TOOLS', 'PERM_ADMIN_TOOLS');
define('PERM_USER_BORROWER', 'PERM_USER_BORROWER');
define('PERM_ADMIN_BORROWER', 'PERM_ADMIN_BORROWER');
define('PERM_ADMIN_REVIEWER', 'PERM_ADMIN_REVIEWER');
define('PERM_USER_REVIEWER', 'PERM_USER_REVIEWER');
define('PERM_ADMIN_EXPORT', 'PERM_ADMIN_EXPORT');
define('PERM_USER_EXPORT', 'PERM_USER_EXPORT');
define('PERM_ADMIN_IMPORT', 'PERM_ADMIN_IMPORT');
define('PERM_USER_IMPORT', 'PERM_USER_IMPORT');
define('PERM_ITEM_OWNER', 'PERM_ITEM_OWNER');
define('PERM_ITEM_ADMIN', 'PERM_ITEM_ADMIN');
define('PERM_ADMIN_ANNOUNCEMENTS', 'PERM_ADMIN_ANNOUNCEMENTS');
define('PERM_ADMIN_USER_PROFILE', 'PERM_ADMIN_USER_PROFILE');
define('PERM_ADMIN_USER_LISTING', 'PERM_ADMIN_USER_LISTING');
define('PERM_EDIT_USER_PROFILE', 'PERM_EDIT_USER_PROFILE');
define('PERM_CHANGE_PASSWORD', 'PERM_CHANGE_PASSWORD');
define('PERM_ADMIN_QUICK_CHECKOUT', 'PERM_ADMIN_QUICK_CHECKOUT');
define('PERM_ADMIN_CREATE_USER', 'PERM_ADMIN_CREATE_USER');
define('PERM_ADMIN_CHANGE_PASSWORD', 'PERM_ADMIN_CHANGE_PASSWORD');
define('PERM_ADMIN_LOGIN', 'PERM_ADMIN_LOGIN');
define('PERM_ADMIN_CHANGE_USER', 'PERM_ADMIN_CHANGE_USER');

define('PERM_ADMIN_SEND_EMAIL', 'PERM_ADMIN_SEND_EMAIL');
define('PERM_SEND_EMAIL', 'PERM_SEND_EMAIL');
define('PERM_RECEIVE_EMAIL', 'PERM_RECEIVE_EMAIL');

// todo - cache user_role and permissions list after first call
function is_user_granted_permission($permission, $user_id = NULL)
{
	$user_permissions_clause = format_sql_in_clause($permission);
	
	if(strlen($user_id)==0 && is_site_public_access())
	{
		$query = "SELECT 'X' 
			FROM 	s_role_permission
			WHERE 	role_name = 'PUBLICACCESS' AND
				  	permission_name IN ($user_permissions_clause)";
	}
	else 
	{
		if(strlen($user_id)==0)
			$user_id = get_opendb_session_var('user_id');

		$query = "SELECT 'X' 
			FROM 	s_role_permission srp, 
				 	user u 
			WHERE 	u.user_role = srp.role_name AND
				  	srp.permission_name IN ($user_permissions_clause) AND
				  	u.user_id = '$user_id'";
	}
	
	$result = db_query($query);
	if($result && db_num_rows($result)>0)
	{
		db_free_result($result);
		return TRUE;
	}

	//else
	return FALSE;
}

function is_site_public_access()
{
	if(is_opendb_configured() && !is_opendb_valid_session() && get_opendb_config_var('site.public_access', 'enable') === TRUE)
	{
		return TRUE;
	}
	else
	{
	    return FALSE;
	}
}

function is_site_enabled()
{
    if(is_opendb_configured())
	{
		// if an administrator is logged in, then the site is considered enabled, even if
		// configured to be disabled.
		if(get_opendb_config_var('site', 'enable')!==FALSE)
    	    return TRUE;
		else if(is_user_granted_permission(PERM_ADMIN_LOGIN))
			return TRUE;
		else if(is_user_admin_changed_user())
		{
			return TRUE;
		}
	}

	//else
    return FALSE;
}

function is_user_admin_changed_user()
{
	if(get_opendb_config_var('login', 'enable_change_user')!==FALSE && 
					strlen(get_opendb_session_var('admin_user_id'))>0 && 
						is_user_granted_permission(PERM_ADMIN_LOGIN, get_opendb_session_var('admin_user_id')))
	{
		return TRUE;		
	}
	else
	{
		return FALSE;
	}
}

/**
*/
function is_opendb_valid_session()
{
    if(is_opendb_configured())
    {
		if(get_opendb_session_var('login_time')!=NULL &&
				get_opendb_session_var('last_access_time')!=NULL &&
				get_opendb_session_var('user_id')!=NULL &&
				get_opendb_session_var('hash_check')!=NULL)
		{
			$site_r = get_opendb_config_var('site');
			
			// A valid session as far as the variables go at least.
			if($site_r['security_hash'] == get_opendb_session_var('hash_check'))
			{
				// idle_timeout is how long between requests a login session
				// can remain valid.  If login_timeout is set, then this controls
				// how long a session can remain active overall.
				$current_time = time();

				if (!is_numeric($site_r['login_timeout']) || 
						( ($current_time - get_opendb_session_var('login_time')) < $site_r['login_timeout']) )
				{
					if ( !is_numeric($site_r['idle_timeout']) ||
							( ($current_time - get_opendb_session_var('last_access_time')) < $site_r['idle_timeout']) )
					{
						if(is_user_active(get_opendb_session_var('user_id')))
						{
                            // reset the time, as we are only interested in idle session tests.
                            register_opendb_session_var('last_access_time', $current_time);
							return TRUE;
						}
						else
						{
							opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'Invalid user encountered');
							return FALSE;
						}
					}
				}
			}//if($site_r['security_hash'] == get_opendb_session_var('hash_check'))
			else
			{
				opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'Invalid security-hash login invalidated');
				return FALSE;
			}
		}
	}//if(is_opendb_configured())
	
	//else
	return FALSE;
}
?>
Return current item: Open Media Collectors Database