ILIAS Release_3_7_x_branch .rev 46817: content/classes/class.ilWebAccessChecker.php Source File

Go to the documentation of this file.
00001 <?php
00002 /*
00003         +-----------------------------------------------------------------------------+
00004         | ILIAS open source                                                           |
00005         +-----------------------------------------------------------------------------+
00006         | Copyright (c) 1998-2001 ILIAS open source, University of Cologne            |
00007         |                                                                             |
00008         | This program is free software; you can redistribute it and/or               |
00009         | modify it under the terms of the GNU General Public License                 |
00010         | as published by the Free Software Foundation; either version 2              |
00011         | of the License, or (at your option) any later version.                      |
00012         |                                                                             |
00013         | This program is distributed in the hope that it will be useful,             |
00014         | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
00015         | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
00016         | GNU General Public License for more details.                                |
00017         |                                                                             |
00018         | You should have received a copy of the GNU General Public License           |
00019         | along with this program; if not, write to the Free Software                 |
00020         | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
00021         +-----------------------------------------------------------------------------+
00022 */
00023 
00024 require_once "./include/inc.header.php";
00025 require_once "./classes/class.ilUtil.php";
00026 require_once "./classes/class.ilObject.php";
00027 require_once "./content/classes/Media/class.ilObjMediaObject.php";
00028 
00044 class ilWebAccessChecker
00045 {
00046         var $lng;
00047         var $ilAccess;
00048         var $checked_list;
00049         
00055         var $subpath;
00056 
00062         var $file;
00063 
00064 
00070         var $mimetype;      
00071 
00077         var $errorcode;
00078 
00079             
00085         var $errortext;
00086 
00087 
00092         function ilWebAccessChecker()
00093         {
00094                 global $ilAccess, $lng;
00095 
00096                 $this->lng =& $lng;
00097                 $this->ilAccess =& $ilAccess;
00098                 $this->checked_list = & $_SESSION["WebAccessChecked"];
00099 
00100                 // get the requested file and its type
00101                 $uri = parse_url($_SERVER["REQUEST_URI"]);
00102 
00103                 $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
00104                 $this->subpath = substr($uri["path"], strpos($uri["path"], $pattern));
00105                 $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
00106                 
00107                 /* debugging
00108                 echo "<pre>";
00109                 echo "REQUEST_URI:         ". $_SERVER["REQUEST_URI"]. "\n";
00110                 echo "Parsed URI:          ". $uri["path"]. "\n";
00111                 echo "DOCUMENT_ROOT:       ". $_SERVER["DOCUMENT_ROOT"]. "\n";
00112                 echo "PHP_SELF:            ". $_SERVER["PHP_SELF"]. "\n";
00113                 echo "SCRIPT_NAME:         ". $_SERVER["SCRIPT_NAME"]. "\n";
00114                 echo "SCRIPT_FILENAME:     ". $_SERVER["SCRIPT_FILENAME"]. "\n";
00115                 echo "PATH_TRANSLATED:     ". $_SERVER["PATH_TRANSLATED"]. "\n";
00116                 echo "ILIAS_WEB_DIR:       ". ILIAS_WEB_DIR. "\n";
00117                 echo "ILIAS_HTTP_PATH:     ". ILIAS_HTTP_PATH. "\n";
00118                 echo "ILIAS_ABSOLUTE_PATH: ". ILIAS_ABSOLUTE_PATH. "\n";
00119                 echo "CLIENT_ID:           ". CLIENT_ID. "\n";
00120                 echo "CLIENT_WEB_DIR:      ". CLIENT_WEB_DIR. "\n";
00121                 echo "subpath:             ". $this->subpath. "\n";
00122                 echo "file:                ". $this->file. "\n";
00123                 echo "</pre>";
00124                 exit;
00125                 */
00126 
00127                 if (file_exists($this->file))
00128                 {
00129                         $this->mimetype = ilObjMediaObject::getMimeType($this->file);
00130                 }
00131                 else
00132                 {
00133                         $this->errorcode = 404;
00134                         $this->errortext = $this->lng->txt("url_not_found");
00135                         return false;
00136                 }
00137         }
00138 
00143         function checkAccess()
00144         {
00145                 // extract the object id (currently only for learning modules)
00146                 $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
00147                 $pos2 = strpos($this->subpath, "/", $pos1);
00148                 if ($pos1 === false or $pos2 === false)
00149                 {
00150                         $this->errorcode = 404;
00151                         $this->errortext = $this->lng->txt("url_not_found");
00152                         return false;
00153                 }
00154                 $obj_id = substr($this->subpath, $pos1, $pos2-$pos1);
00155                 if (!is_numeric($obj_id))
00156                 {
00157                         $this->errorcode = 404;
00158                         $this->errortext = $this->lng->txt("obj_not_found");
00159                         return false;
00160                 }
00161 
00162                 // look in cache, if already checked
00163                 if (is_array($this->checked_list))
00164                 {
00165                         if (in_array($obj_id, $this->checked_list))
00166                         {
00167                                 return true;
00168                         }
00169                 }
00170 
00171                 // find the object references
00172                 $obj_type = ilObject::_lookupType($obj_id);
00173                 $ref_ids  = ilObject::_getAllReferences($obj_id);
00174                 if (!$ref_ids)
00175                 {
00176                         $this->errorcode = 403;
00177                         $this->errortext = $this->lng->txt("permission_denied");
00178                         return false;
00179                 }
00180 
00181                 // check, if one of the references is readable
00182                 $readable = false;
00183                 foreach($ref_ids as $ref_id)
00184                 {
00185                         if ($this->ilAccess->checkAccess("read", "view", $ref_id, $obj_type, $obj_id))
00186                         {
00187                                 $readable = true;
00188                                 break;
00189                         }
00190                 }
00191                 if ($readable)
00192                 {
00193                         //add object to cache
00194                         $this->checked_list[] = $obj_id;
00195                         return true;
00196                 }
00197                 else
00198                 {
00199                         $this->errorcode = 403;
00200                         $this->errortext = $this->lng->txt("permission_denied");
00201                         return false;
00202                 }
00203         }
00204         
00209         function sendFile()
00210         {
00211                 if (isset($_SERVER["HTTPS"]))
00212                 {
00217                         header("Pragma: ");
00218                         header("Cache-Control: ");
00219                         header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
00220                         header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
00221                         header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1
00222                         header("Cache-Control: post-check=0, pre-check=0", false);
00223                 }
00224                 else
00225                 {
00226                         header("Cache-Control: no-cache, must-revalidate");
00227                         header("Pragma: no-cache");
00228                 }
00229                 header("Content-Type: " . $this->mimetype);
00230                 header("Content-Length: ".(string)(filesize($this->file)));
00231                 header("Connection: close");
00232 
00233                 ilUtil::readFile( $this->file );
00234                 exit;
00235         }
00236         
00241         function sendError()
00242         {
00243                 switch ($this->errorcode)
00244                 {
00245                         case 403:
00246                                 header("HTTP/1.0: 403 Forbidden");
00247                                 break;
00248                         case 404:
00249                                 header("HTTP/1.0: 404 Not Found");
00250                                 break;
00251                 }
00252                 exit($this->errortext);
00253         }
00254 }
00255 ?>