ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilWebAccessChecker.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 require_once "./include/inc.header.php";
24 require_once "./Services/Utilities/classes/class.ilUtil.php";
25 require_once "./classes/class.ilObject.php";
26 require_once "./Services/MediaObjects/classes/class.ilObjMediaObject.php";
27 
28 //var_dump($_SESSION);
29 
44 class ilWebAccessChecker
45 {
46  var $lng;
47  var $ilAccess;
48  var $checked_list;
49 
55  var $subpath;
56 
62  var $file;
63 
69  var $params;
70 
71 
77  var $disposition = "inline";
78 
79 
85  var $mimetype;
86 
92  var $errorcode;
93 
94 
100  var $errortext;
101 
102 
107  function ilWebAccessChecker()
108  {
109  global $ilAccess, $lng, $ilLog;
110 
111  $this->lng =& $lng;
112  $this->ilAccess =& $ilAccess;
113  $this->checked_list = & $_SESSION["WebAccessChecked"];
114  $this->params = array();
115 
116  // set the anonymous user if no user is set
117  if (!$_SESSION["AccountId"])
118  {
119  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
120  $ilUser->setId(ANONYMOUS_USER_ID);
121  $ilUser->read();
122  }
123 
124  // get the requested file and its type
125  $uri = parse_url($_SERVER["REQUEST_URI"]);
126  parse_str($uri["query"], $this->params);
127 
128  $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
129  $this->subpath = urldecode(substr($uri["path"], strpos($uri["path"], $pattern)));
130  $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
131 
132  /* debugging
133  echo "<pre>";
134  echo "REQUEST_URI: ". $_SERVER["REQUEST_URI"]. "\n";
135  echo "Parsed URI: ". $uri["path"]. "\n";
136  echo "DOCUMENT_ROOT: ". $_SERVER["DOCUMENT_ROOT"]. "\n";
137  echo "PHP_SELF: ". $_SERVER["PHP_SELF"]. "\n";
138  echo "SCRIPT_NAME: ". $_SERVER["SCRIPT_NAME"]. "\n";
139  echo "SCRIPT_FILENAME: ". $_SERVER["SCRIPT_FILENAME"]. "\n";
140  echo "PATH_TRANSLATED: ". $_SERVER["PATH_TRANSLATED"]. "\n";
141  echo "ILIAS_WEB_DIR: ". ILIAS_WEB_DIR. "\n";
142  echo "ILIAS_HTTP_PATH: ". ILIAS_HTTP_PATH. "\n";
143  echo "ILIAS_ABSOLUTE_PATH: ". ILIAS_ABSOLUTE_PATH. "\n";
144  echo "CLIENT_ID: ". CLIENT_ID. "\n";
145  echo "CLIENT_WEB_DIR: ". CLIENT_WEB_DIR. "\n";
146  echo "subpath: ". $this->subpath. "\n";
147  echo "file: ". $this->file. "\n";
148  echo "</pre>";
149  exit;
150  */
151 
152  if (file_exists($this->file))
153  {
154  //$this->mimetype = ilObjMediaObject::getMimeType($this->file);
155  $this->mimetype = $this->getMimeType();
156  }
157  else
158  {
159  $this->errorcode = 404;
160  $this->errortext = $this->lng->txt("url_not_found");
161  return false;
162  }
163  }
164 
169  function checkAccess()
170  {
171  global $ilLog, $ilUser, $ilObjDataCache;
172  $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
173  $pos2 = strpos($this->subpath, "mobs/mm_") + 8;
174  $pos3 = strpos($this->subpath, "usr_images/") + 11;
175 
176  $obj_id = 0;
177  $type = 'none';
178  // trying to access data within a learning module folder
179  if ($pos1 > 11)
180  {
181  $type = 'lm';
182  $seperator = strpos($this->subpath, '/', $pos1);
183  $obj_id = substr($this->subpath, $pos1, ($seperator > 0 ? $seperator : strlen($this->subpath))-$pos1);
184  }
185  //trying to access media data
186  else if ($pos2 > 8)
187  {
188  $type = 'mob';
189  $seperator = strpos($this->subpath, '/', $pos2);
190  $obj_id = substr($this->subpath, $pos2, ($seperator > 0 ? $seperator : strlen($this->subpath))-$pos2);
191  }
192  // trying to access a user image
193  elseif ($pos3 > 11)
194  {
195  $type = 'user_image';
196  // user images may be:
197  // upload_123pic, upload_123
198  // usr_123.jpg, usr_123_small.jpg, usr_123_xsmall.jpg, usr_123_xxsmall.jpg
199  $seperator = strpos($this->subpath, '_', $pos3);
200  $obj_id = (int) substr($this->subpath, $seperator + 1);
201  }
202 
203  if (!$obj_id || $type == 'none')
204  return false;
205 
206  switch($type)
207  {
208  case 'lm':
209  return $this->checkAccessLM($obj_id, 'lm');
210  break;
211  case 'mob':
212  $usages = ilObjMediaObject::lookupUsages($obj_id);
213  foreach($usages as $usage)
214  {
215  $oid = ilObjMediaObject::getParentObjectIdForUsage($usage, true);
216  switch($usage['type'])
217  {
218  case 'lm:pg':
219  if ($oid > 0)
220  {
221  if ($this->checkAccessLM($oid, 'lm', $usage['id']))
222  return true;
223  }
224  break;
225  case 'news':
226  // media objects in news (media casts)
227 
228  include_once("./Modules/MediaCast/classes/class.ilObjMediaCastAccess.php");
229  include_once("./Services/News/classes/class.ilNewsItem.php");
230 
231  if (ilObjMediaCastAccess::_lookupPublicFiles($oid) && ilNewsItem::_lookupVisibility($usage["id"]) == NEWS_PUBLIC)
232  {
233  return true;
234  }
235  break;
236  case 'frm~:html':
237  // $oid = userid
238  if ($ilObjDataCache->lookupType($oid) == 'usr' && $oid == $ilUser->getId())
239  {
240  return true;
241  }
242  break;
243  default:
244  $ref_ids = ilObject::_getAllReferences($oid);
245  $obj_type = ilObject::_lookupType($oid);
246  foreach($ref_ids as $ref_id)
247  {
248  if ($this->ilAccess->checkAccess("read", "view", $ref_id, $obj_type, $oid))
249  return true;
250  }
251  break;
252  }
253  }
254  break;
255 
256  case 'user_image':
257  if ($this->checkAccessUserImage($obj_id))
258  {
259  return true;
260  }
261  break;
262  }
263  }
264 
265  private function checkAccessLM($obj_id, $obj_type, $page = 0)
266  {
267  //if (!$page)
268  //{
269  $ref_ids = ilObject::_getAllReferences($obj_id);
270  foreach($ref_ids as $ref_id)
271  {
272  if ($this->ilAccess->checkAccess("read", "", $ref_id))
273  return true;
274  }
275  return false;
276  //}
277  //else
278  //{
279  // $ref_ids = ilObject::_getAllReferences($obj_id);
280  // foreach($ref_ids as $ref_id)
281  // {
282  // if ($this->ilAccess->checkAccess("read", "", $ref_id))
283  // {
284  // require_once 'Modules/LearningModule/classes/class.ilObjLearningModule.php';
285  // $lm = new ilObjLearningModule($obj_id,false);
286  // if ($lm->_checkPreconditionsOfPage($ref_id, $obj_id, $page))
287  // return true;
288  // }
289  // }
290  // return false;
291  //}
292  }
293 
294 
301  private function checkAccessUserImage($usr_id)
302  {
303  global $ilUser, $ilSetting;
304 
305  // check if own image is viewed
306  if ($usr_id == $ilUser->getId())
307  {
308  return true;
309  }
310 
311  // check if image is in the public profile
312  $public_upload = ilObjUser::_lookupPref($usr_id, 'public_upload');
313  if ($public_upload != 'y')
314  {
315  return false;
316  }
317 
318  // check the publication status of the profile
319  $public_profile = ilObjUser::_lookupPref($usr_id, 'public_profile');
320 
321  if ($public_profile == 'g'
322  and $ilSetting->get('enable_global_profiles')
323  and $ilSetting->get('pub_section'))
324  {
325  // globally public
326  return true;
327  }
328  elseif (($public_profile == 'y' or $public_profile == 'g')
329  and $ilUser->getId() != ANONYMOUS_USER_ID)
330  {
331  // public for logged in users
332  return true;
333  }
334  else
335  {
336  // not public
337  return false;
338  }
339  }
340 
341 
347  function setDisposition($a_disposition = "inline")
348  {
349  $this->disposition = $a_disposition;
350  }
351 
357  function getDisposition()
358  {
359  return $this->disposition;
360  }
361 
362 
367  function sendFile()
368  {
369  //$system_use_xsendfile = true;
370  $xsendfile_available = false;
371 
372  //if (function_exists('apache_get_modules'))
373  //{
374  // $modules = apache_get_modules();
375  // $xsendfile_available = in_array('mod_xsendfile', $modules);
376  //}
377 
378  //$xsendfile_available = $system_use_xsendfile & $xsendfile_available;
379 
380  if ($this->getDisposition() == "attachment")
381  {
382  if ($xsendfile_available)
383  {
384  header('x-sendfile: ' . $this->file);
385  header("Content-Type: application/octet-stream");
386  }
387  else
388  ilUtil::deliverFile($this->file, basename($this->file));
389  exit;
390  }
391  else
392  {
393  if (!isset($_SERVER["HTTPS"]))
394  {
395  header("Cache-Control: no-cache, must-revalidate");
396  header("Pragma: no-cache");
397  }
398 
399  header("Content-Type: " . $this->mimetype);
400  header("Content-Length: ".(string)(filesize($this->file)));
401 
402  if (isset($_SERVER["HTTPS"]))
403  {
404  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
405  header('Pragma: public');
406  }
407 
408  header("Connection: close");
409 
410  if ($xsendfile_available)
411  {
412  header('x-sendfile: ' . $this->file);
413  header("Content-Type: " . $this->mimetype);
414  }
415  else
416  {
417  ilUtil::readFile( $this->file);
418  }
419 
420  exit;
421  }
422  }
423 
428  function sendError()
429  {
430  switch ($this->errorcode)
431  {
432  case 404:
433  header("HTTP/1.0: 404 Not Found");
434  break;
435  case 403:
436  default:
437  header("HTTP/1.0: 403 Forbidden");
438  break;
439  }
440  exit($this->errortext);
441  }
442 
443  public function getMimeType($default = 'application/octet-stream')
444  {
445  $mime = '';
446  if (extension_loaded('Fileinfo'))
447  {
448  $finfo = finfo_open(FILEINFO_MIME);
449  $mime = finfo_file($finfo, $this->file);
450  finfo_close($finfo);
451  if ($pos = strpos($mime, ' '))
452  {
453  $mime = substr($mime, 0, $pos);
454  }
455  }
456  else
457  $mime = ilObjMediaObject::getMimeType($this->file);
458 
459  $this->mimetype = $mime ? $mime : $default;
460  }
461 
462 
463 }
464 ?>