Go to the documentation of this file.00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 require_once "./include/inc.header.php";
00025 require_once "./classes/class.ilUtil.php";
00026 require_once "./classes/class.ilObject.php";
00027 require_once "./content/classes/Media/class.ilObjMediaObject.php";
00028
00044 class ilWebAccessChecker
00045 {
00046 var $lng;
00047 var $ilAccess;
00048 var $checked_list;
00049
00055 var $subpath;
00056
00062 var $file;
00063
00064
00070 var $mimetype;
00071
00077 var $errorcode;
00078
00079
00085 var $errortext;
00086
00087
00092 function ilWebAccessChecker()
00093 {
00094 global $ilAccess, $lng;
00095
00096 $this->lng =& $lng;
00097 $this->ilAccess =& $ilAccess;
00098 $this->checked_list = & $_SESSION["WebAccessChecked"];
00099
00100
00101 $uri = parse_url($_SERVER["REQUEST_URI"]);
00102
00103 $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
00104 $this->subpath = substr($uri["path"], strpos($uri["path"], $pattern));
00105 $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
00106
00107
00108
00109
00110
00111
00112
00113
00114
00115
00116
00117
00118
00119
00120
00121
00122
00123
00124
00125
00126
00127 if (file_exists($this->file))
00128 {
00129 $this->mimetype = ilObjMediaObject::getMimeType($this->file);
00130 }
00131 else
00132 {
00133 $this->errorcode = 404;
00134 $this->errortext = $this->lng->txt("url_not_found");
00135 return false;
00136 }
00137 }
00138
00143 function checkAccess()
00144 {
00145
00146 $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
00147 $pos2 = strpos($this->subpath, "/", $pos1);
00148 if ($pos1 === false or $pos2 === false)
00149 {
00150 $this->errorcode = 404;
00151 $this->errortext = $this->lng->txt("url_not_found");
00152 return false;
00153 }
00154 $obj_id = substr($this->subpath, $pos1, $pos2-$pos1);
00155 if (!is_numeric($obj_id))
00156 {
00157 $this->errorcode = 404;
00158 $this->errortext = $this->lng->txt("obj_not_found");
00159 return false;
00160 }
00161
00162
00163 if (is_array($this->checked_list))
00164 {
00165 if (in_array($obj_id, $this->checked_list))
00166 {
00167 return true;
00168 }
00169 }
00170
00171
00172 $obj_type = ilObject::_lookupType($obj_id);
00173 $ref_ids = ilObject::_getAllReferences($obj_id);
00174 if (!$ref_ids)
00175 {
00176 $this->errorcode = 403;
00177 $this->errortext = $this->lng->txt("permission_denied");
00178 return false;
00179 }
00180
00181
00182 $readable = false;
00183 foreach($ref_ids as $ref_id)
00184 {
00185 if ($this->ilAccess->checkAccess("read", "view", $ref_id, $obj_type, $obj_id))
00186 {
00187 $readable = true;
00188 break;
00189 }
00190 }
00191 if ($readable)
00192 {
00193
00194 $this->checked_list[] = $obj_id;
00195 return true;
00196 }
00197 else
00198 {
00199 $this->errorcode = 403;
00200 $this->errortext = $this->lng->txt("permission_denied");
00201 return false;
00202 }
00203 }
00204
00209 function sendFile()
00210 {
00211 if (isset($_SERVER["HTTPS"]))
00212 {
00217 header("Pragma: ");
00218 header("Cache-Control: ");
00219 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
00220 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
00221 header("Cache-Control: no-store, no-cache, must-revalidate");
00222 header("Cache-Control: post-check=0, pre-check=0", false);
00223 }
00224 else
00225 {
00226 header("Cache-Control: no-cache, must-revalidate");
00227 header("Pragma: no-cache");
00228 }
00229 header("Content-Type: " . $this->mimetype);
00230 header("Content-Length: ".(string)(filesize($this->file)));
00231 header("Connection: close");
00232
00233 ilUtil::readFile( $this->file );
00234 exit;
00235 }
00236
00241 function sendError()
00242 {
00243 switch ($this->errorcode)
00244 {
00245 case 403:
00246 header("HTTP/1.0: 403 Forbidden");
00247 break;
00248 case 404:
00249 header("HTTP/1.0: 404 Not Found");
00250 break;
00251 }
00252 exit($this->errortext);
00253 }
00254 }
00255 ?>