ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilWebAccessChecker.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 require_once "./include/inc.header.php";
25 require_once "./Services/Utilities/classes/class.ilUtil.php";
26 require_once "./classes/class.ilObject.php";
27 require_once "./Services/MediaObjects/classes/class.ilObjMediaObject.php";
28 
43 class ilWebAccessChecker
44 {
45  var $lng;
46  var $ilAccess;
47  var $checked_list;
48 
54  var $subpath;
55 
61  var $file;
62 
68  var $params;
69 
70 
76  var $disposition = "inline";
77 
78 
84  var $mimetype;
85 
91  var $errorcode;
92 
93 
99  var $errortext;
100 
101 
106  function ilWebAccessChecker()
107  {
108  global $ilAccess, $lng, $ilLog;
109 
110  $this->lng =& $lng;
111  $this->ilAccess =& $ilAccess;
112  $this->checked_list = & $_SESSION["WebAccessChecked"];
113  $this->params = array();
114 
115  // get the requested file and its type
116  $uri = parse_url($_SERVER["REQUEST_URI"]);
117  parse_str($uri["query"], $this->params);
118 
119  $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
120  $this->subpath = urldecode(substr($uri["path"], strpos($uri["path"], $pattern)));
121  $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
122 
123  /* debugging
124  echo "<pre>";
125  echo "REQUEST_URI: ". $_SERVER["REQUEST_URI"]. "\n";
126  echo "Parsed URI: ". $uri["path"]. "\n";
127  echo "DOCUMENT_ROOT: ". $_SERVER["DOCUMENT_ROOT"]. "\n";
128  echo "PHP_SELF: ". $_SERVER["PHP_SELF"]. "\n";
129  echo "SCRIPT_NAME: ". $_SERVER["SCRIPT_NAME"]. "\n";
130  echo "SCRIPT_FILENAME: ". $_SERVER["SCRIPT_FILENAME"]. "\n";
131  echo "PATH_TRANSLATED: ". $_SERVER["PATH_TRANSLATED"]. "\n";
132  echo "ILIAS_WEB_DIR: ". ILIAS_WEB_DIR. "\n";
133  echo "ILIAS_HTTP_PATH: ". ILIAS_HTTP_PATH. "\n";
134  echo "ILIAS_ABSOLUTE_PATH: ". ILIAS_ABSOLUTE_PATH. "\n";
135  echo "CLIENT_ID: ". CLIENT_ID. "\n";
136  echo "CLIENT_WEB_DIR: ". CLIENT_WEB_DIR. "\n";
137  echo "subpath: ". $this->subpath. "\n";
138  echo "file: ". $this->file. "\n";
139  echo "</pre>";
140  exit;
141  */
142 
143  if (file_exists($this->file))
144  {
145  $this->mimetype = ilObjMediaObject::getMimeType($this->file);
146  }
147  else
148  {
149  $this->errorcode = 404;
150  $this->errortext = $this->lng->txt("url_not_found");
151  return false;
152  }
153  }
154 
159  function checkAccess()
160  {
161  global $ilLog;
162 
163  // extract the object id (html/scorm learning modules)
164  $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
165  $pos2 = strpos($this->subpath, "/", $pos1);
166 
167  if ($pos1 == 11 or $pos2 === false)
168  {
169  // media object
170  $pos1 = strpos($this->subpath, "mobs/mm_") + 8;
171  $pos2 = strpos($this->subpath, "/", $pos1);
172  if ($pos1 === false or $pos2 === false)
173  {
174  $this->errorcode = 404;
175  $this->errortext = $this->lng->txt("url_not_found");
176  return false;
177  }
178  else
179  {
180  $mob_id = substr($this->subpath, $pos1, $pos2-$pos1);
181  include_once("./Services/MediaObjects/classes/class.ilObjMediaObject.php");
182  $usages = ilObjMediaObject::lookupUsages($mob_id);
183  foreach($usages as $usage)
184  {
185  //var_dump($usage);
186  $oid = ilObjMediaObject::getParentObjectIdForUsage($usage, true);
187  //var_dump($oid);
188  if ($oid > 0)
189  {
190  $obj_ids[] = $oid;
191 
192  // media objects in news (media casts)
193  if ($usage["type"] == "news")
194  {
195  include_once("./Modules/MediaCast/classes/class.ilObjMediaCastAccess.php");
196  include_once("./Services/News/classes/class.ilNewsItem.php");
197 
198  if (ilObjMediaCastAccess::_lookupPublicFiles($oid) &&
199  ilNewsItem::_lookupVisibility($usage["id"]) == NEWS_PUBLIC)
200  {
201  return true;
202  }
203  }
204  }
205  }
206  }
207  }
208  $obj_ids[] = substr($this->subpath, $pos1, $pos2-$pos1);
209  foreach($obj_ids as $obj_id)
210  {
211  if (!is_numeric($obj_id))
212  {
213  $this->errorcode = 404;
214  $this->errortext = $this->lng->txt("obj_not_found");
215  return false;
216  }
217 
218  // look in cache, if already checked
219  if (is_array($this->checked_list))
220  {
221  if (in_array($obj_id, $this->checked_list))
222  {
223  // return true;
224  }
225  }
226 
227  // find the object references
228  $obj_type = ilObject::_lookupType($obj_id);
229  $ref_ids = ilObject::_getAllReferences($obj_id);
230  if (!$ref_ids)
231  {
232  $this->errorcode = 403;
233  $this->errortext = $this->lng->txt("permission_denied");
234  return false;
235  }
236 
237  // check, if one of the references is readable
238  $readable = false;
239 
240  foreach($ref_ids as $ref_id)
241  {
242  if ($this->ilAccess->checkAccess("read", "view", $ref_id, $obj_type, $obj_id))
243  {
244  $readable = true;
245  break;
246  }
247  }
248  if ($readable)
249  {
250  //add object to cache
251  $this->checked_list[] = $obj_id;
252  return true;
253  }
254  }
255 
256  $this->errorcode = 403;
257  $this->errortext = $this->lng->txt("permission_denied");
258  return false;
259  }
260 
261 
267  function setDisposition($a_disposition = "inline")
268  {
269  $this->disposition = $a_disposition;
270  }
271 
277  function getDisposition()
278  {
279  return $this->disposition;
280  }
281 
282 
287  function sendFile()
288  {
289  if ($this->getDisposition() == "attachment")
290  {
291  ilUtil::deliverFile($this->file, basename($this->file));
292  exit;
293  }
294  else
295  {
296  if (!isset($_SERVER["HTTPS"]))
297  {
298  header("Cache-Control: no-cache, must-revalidate");
299  header("Pragma: no-cache");
300  }
301 
302  header("Content-Type: " . $this->mimetype);
303  header("Content-Length: ".(string)(filesize($this->file)));
304 
305  if (isset($_SERVER["HTTPS"]))
306  {
307  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
308  header('Pragma: public');
309  }
310 
311  header("Connection: close");
312 
313  ilUtil::readFile( $this->file);
314  exit;
315  }
316  }
317 
322  function sendError()
323  {
324  switch ($this->errorcode)
325  {
326  case 403:
327  header("HTTP/1.0: 403 Forbidden");
328  break;
329  case 404:
330  header("HTTP/1.0: 404 Not Found");
331  break;
332  }
333  exit($this->errortext);
334  }
335 }
336 ?>