Go to the documentation of this file.00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024 require_once "./include/inc.header.php";
00025 require_once "./Services/Utilities/classes/class.ilUtil.php";
00026 require_once "./classes/class.ilObject.php";
00027 require_once "./Services/MediaObjects/classes/class.ilObjMediaObject.php";
00028
00043 class ilWebAccessChecker
00044 {
00045 var $lng;
00046 var $ilAccess;
00047 var $checked_list;
00048
00054 var $subpath;
00055
00061 var $file;
00062
00068 var $params;
00069
00070
00076 var $disposition = "inline";
00077
00078
00084 var $mimetype;
00085
00091 var $errorcode;
00092
00093
00099 var $errortext;
00100
00101
00106 function ilWebAccessChecker()
00107 {
00108 global $ilAccess, $lng, $ilLog;
00109
00110 $this->lng =& $lng;
00111 $this->ilAccess =& $ilAccess;
00112 $this->checked_list = & $_SESSION["WebAccessChecked"];
00113 $this->params = array();
00114
00115
00116 $uri = parse_url($_SERVER["REQUEST_URI"]);
00117 parse_str($uri["query"], $this->params);
00118
00119 $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
00120 $this->subpath = urldecode(substr($uri["path"], strpos($uri["path"], $pattern)));
00121 $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
00122
00123
00124
00125
00126
00127
00128
00129
00130
00131
00132
00133
00134
00135
00136
00137
00138
00139
00140
00141
00142
00143 if (file_exists($this->file))
00144 {
00145 $this->mimetype = ilObjMediaObject::getMimeType($this->file);
00146 }
00147 else
00148 {
00149 $this->errorcode = 404;
00150 $this->errortext = $this->lng->txt("url_not_found");
00151 return false;
00152 }
00153 }
00154
00159 function checkAccess()
00160 {
00161 global $ilLog;
00162
00163
00164 $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
00165 $pos2 = strpos($this->subpath, "/", $pos1);
00166
00167 if ($pos1 == 11 or $pos2 === false)
00168 {
00169
00170 $pos1 = strpos($this->subpath, "mobs/mm_") + 8;
00171 $pos2 = strpos($this->subpath, "/", $pos1);
00172 if ($pos1 === false or $pos2 === false)
00173 {
00174 $this->errorcode = 404;
00175 $this->errortext = $this->lng->txt("url_not_found");
00176 return false;
00177 }
00178 else
00179 {
00180 $mob_id = substr($this->subpath, $pos1, $pos2-$pos1);
00181 include_once("./Services/MediaObjects/classes/class.ilObjMediaObject.php");
00182 $usages = ilObjMediaObject::lookupUsages($mob_id);
00183 foreach($usages as $usage)
00184 {
00185
00186 $oid = ilObjMediaObject::getParentObjectIdForUsage($usage, true);
00187
00188 if ($oid > 0)
00189 {
00190 $obj_ids[] = $oid;
00191
00192
00193 if ($usage["type"] == "news")
00194 {
00195 include_once("./Modules/MediaCast/classes/class.ilObjMediaCastAccess.php");
00196 include_once("./Services/News/classes/class.ilNewsItem.php");
00197
00198 if (ilObjMediaCastAccess::_lookupPublicFiles($oid) &&
00199 ilNewsItem::_lookupVisibility($usage["id"]) == NEWS_PUBLIC)
00200 {
00201 return true;
00202 }
00203 }
00204 }
00205 }
00206 }
00207 }
00208 $obj_ids[] = substr($this->subpath, $pos1, $pos2-$pos1);
00209 foreach($obj_ids as $obj_id)
00210 {
00211 if (!is_numeric($obj_id))
00212 {
00213 $this->errorcode = 404;
00214 $this->errortext = $this->lng->txt("obj_not_found");
00215 return false;
00216 }
00217
00218
00219 if (is_array($this->checked_list))
00220 {
00221 if (in_array($obj_id, $this->checked_list))
00222 {
00223
00224 }
00225 }
00226
00227
00228 $obj_type = ilObject::_lookupType($obj_id);
00229 $ref_ids = ilObject::_getAllReferences($obj_id);
00230 if (!$ref_ids)
00231 {
00232 $this->errorcode = 403;
00233 $this->errortext = $this->lng->txt("permission_denied");
00234 return false;
00235 }
00236
00237
00238 $readable = false;
00239
00240 foreach($ref_ids as $ref_id)
00241 {
00242 if ($this->ilAccess->checkAccess("read", "view", $ref_id, $obj_type, $obj_id))
00243 {
00244 $readable = true;
00245 break;
00246 }
00247 }
00248 if ($readable)
00249 {
00250
00251 $this->checked_list[] = $obj_id;
00252 return true;
00253 }
00254 }
00255
00256 $this->errorcode = 403;
00257 $this->errortext = $this->lng->txt("permission_denied");
00258 return false;
00259 }
00260
00261
00267 function setDisposition($a_disposition = "inline")
00268 {
00269 $this->disposition = $a_disposition;
00270 }
00271
00277 function getDisposition()
00278 {
00279 return $this->disposition;
00280 }
00281
00282
00287 function sendFile()
00288 {
00289 if ($this->getDisposition() == "attachment")
00290 {
00291 ilUtil::deliverFile($this->file, basename($this->file));
00292 exit;
00293 }
00294 else
00295 {
00296 if (!isset($_SERVER["HTTPS"]))
00297 {
00298 header("Cache-Control: no-cache, must-revalidate");
00299 header("Pragma: no-cache");
00300 }
00301
00302 header("Content-Type: " . $this->mimetype);
00303 header("Content-Length: ".(string)(filesize($this->file)));
00304
00305 if (isset($_SERVER["HTTPS"]))
00306 {
00307 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
00308 header('Pragma: public');
00309 }
00310
00311 header("Connection: close");
00312
00313 ilUtil::readFile( $this->file);
00314 exit;
00315 }
00316 }
00317
00322 function sendError()
00323 {
00324 switch ($this->errorcode)
00325 {
00326 case 403:
00327 header("HTTP/1.0: 403 Forbidden");
00328 break;
00329 case 404:
00330 header("HTTP/1.0: 404 Not Found");
00331 break;
00332 }
00333 exit($this->errortext);
00334 }
00335 }
00336 ?>
