ILIAS  Release_4_1_x_branch Revision 61804
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilWebAccessChecker.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 // Prevent a general redirect to the login screen for anonymous users.
5 // The checker will show an error page with login link instead
6 // (see ilInitialisation::InitILIAS() for details)
7 $_GET["baseClass"] = "ilStartUpGUI";
8 
9 // Define a pseudo module to get a correct ILIAS_HTTP_PATH
10 // (needed for links on the error page).
11 // "data" is assumed to be the ILIAS_WEB_DIR
12 // (see ilInitialisation::buildHTTPPath() for details)
13 define("ILIAS_MODULE", substr($_SERVER['PHP_SELF'],
14  strpos($_SERVER['PHP_SELF'], "/data/") + 6));
15 
16 // Define the cookie path to prevent a different session created for web access
17 // (see ilInitialisation::setCookieParams() for details)
18 $GLOBALS['COOKIE_PATH'] = substr($_SERVER['PHP_SELF'], 0,
19  strpos($_SERVER['PHP_SELF'], "/data/"));
20 
21 // Determine the ILIAS client from the web path
22 // This is needed because a session cookie may not yet exist
23 // (see ilINITIALISATION::determineClient() for details)
24 $client_start = strpos($_SERVER['PHP_SELF'], "/data/") + 6;
25 $client_end = strpos($_SERVER['PHP_SELF'], "/", $client_start);
26 $_GET['client_id'] = substr($_SERVER['PHP_SELF'], $client_start, $client_end - $client_start);
27 
28 // Remember if the initial session was empty
29 // Then a new session record should not be written
30 // (see ilSession::_writeData for details)
31 $GLOBALS['WEB_ACCESS_WITHOUT_SESSION'] = (session_id() == "");
32 
33 
34 // Now the ILIAS header can be included
35 require_once "./include/inc.header.php";
36 require_once "./Services/Utilities/classes/class.ilUtil.php";
37 require_once "./classes/class.ilObject.php";
38 require_once "./Services/MediaObjects/classes/class.ilObjMediaObject.php";
39 
40 
54 class ilWebAccessChecker
55 {
56  var $lng;
57  var $ilAccess;
58 
64  var $subpath;
65 
71  var $file;
72 
78  var $params;
79 
80 
86  var $disposition = "inline";
87 
93  var $check_ip = false;
94 
95 
103  var $check_users = array();
104 
110  var $send_mimetype = true;
111 
112 
119  var $mimetype = null;
120 
121 
127  var $errorcode;
128 
129 
135  var $errortext;
136 
137 
142  function ilWebAccessChecker()
143  {
144  global $ilUser, $ilAccess, $lng, $ilLog;
145 
146  $this->lng =& $lng;
147  $this->ilAccess =& $ilAccess;
148  $this->params = array();
149 
150  // get the requested file and its type
151  $uri = parse_url($_SERVER["REQUEST_URI"]);
152  parse_str($uri["query"], $this->params);
153 
154  $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
155  $this->subpath = urldecode(substr($uri["path"], strpos($uri["path"], $pattern)));
156  $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
157 
158  // build url path for virtual function
159  $this->virtual_path = str_replace($pattern, "virtual-" . $pattern, $uri["path"]);
160 
161 
162  // set the parameters provided with the checker call
163  if (isset($_GET['disposition']))
164  {
165  $this->setDisposition($_GET['disposition']);
166  }
167  if (isset($_GET['check_ip']))
168  {
169  $this->setCheckIp($_GET['check_ip']);
170  }
171  if (isset($_GET['send_mimetype']))
172  {
173  $this->setSendMimetype($_GET['send_mimetype']);
174  }
175 
176  /* debugging
177  echo "<pre>";
178  echo "REQUEST_URI: ". $_SERVER["REQUEST_URI"]. "\n";
179  echo "Parsed URI: ". $uri["path"]. "\n";
180  echo "DOCUMENT_ROOT: ". $_SERVER["DOCUMENT_ROOT"]. "\n";
181  echo "PHP_SELF: ". $_SERVER["PHP_SELF"]. "\n";
182  echo "SCRIPT_NAME: ". $_SERVER["SCRIPT_NAME"]. "\n";
183  echo "SCRIPT_FILENAME: ". $_SERVER["SCRIPT_FILENAME"]. "\n";
184  echo "PATH_TRANSLATED: ". $_SERVER["PATH_TRANSLATED"]. "\n";
185  echo "ILIAS_WEB_DIR: ". ILIAS_WEB_DIR. "\n";
186  echo "ILIAS_HTTP_PATH: ". ILIAS_HTTP_PATH. "\n";
187  echo "ILIAS_ABSOLUTE_PATH: ". ILIAS_ABSOLUTE_PATH. "\n";
188  echo "CLIENT_ID: ". CLIENT_ID. "\n";
189  echo "CLIENT_WEB_DIR: ". CLIENT_WEB_DIR. "\n";
190  echo "subpath: ". $this->subpath. "\n";
191  echo "file: ". $this->file. "\n";
192  echo "disposition: ". $this->disposition. "\n";
193  echo "ckeck_ip: ". $this->check_ip. "\n";
194  echo "send_mimetype: ". $this->send_mimetype. "\n";
195  echo "</pre>";
196  echo phpinfo();
197  exit;
198  */
199 
200  if (!file_exists($this->file))
201  {
202  $this->errorcode = 404;
203  $this->errortext = $this->lng->txt("url_not_found");
204  return false;
205  }
206  }
207 
211  public function determineUser()
212  {
213  global $ilUser;
214 
215  // a valid user session is found
216  if ($_SESSION["AccountId"])
217  {
218  $this->check_users = array($_SESSION["AccountId"]);
219  return;
220  }
221 
222  // no session cookie was delivered
223  // user identification by ip address is allowed
224  elseif ($GLOBALS['WEB_ACCESS_WITHOUT_SESSION'] and $this->getCheckIp())
225  {
226  $this->check_users = ilSession::_getUsersWithIp($_SERVER['REMOTE_ADDR']);
227 
228  if (count($this->check_users) == 0)
229  {
230  // no user was found for the ip address
231  $this->check_users = array(ANONYMOUS_USER_ID);
232 
233  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
234  $ilUser->setId(ANONYMOUS_USER_ID);
235  $ilUser->read();
236  }
237  elseif (count($this->check_users) == 1)
238  {
239  // exactly one user is found with an active session
240  $_SESSION["AccountId"] = current($this->check_users);
241  $ilUser->setId(current($this->check_users));
242  $ilUser->read();
243  }
244  else
245  {
246  // more than one user found for the ip address
247  // take the anonymous user for the session
248  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
249  $ilUser->setId(ANONYMOUS_USER_ID);
250  $ilUser->read();
251  }
252  return;
253  }
254 
255  // take the anonymous user as fallback
256  else
257  {
258  $this->check_users = array(ANONYMOUS_USER_ID);
259 
260  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
261  $ilUser->setId(ANONYMOUS_USER_ID);
262  $ilUser->read();
263 
264  return;
265  }
266  }
267 
272  public function checkAccess()
273  {
274  global $ilLog, $ilUser, $ilObjDataCache;
275 
276  // an error already occurred at class initialisation
277  if ($this->errorcode)
278  {
279  return false;
280  }
281 
282  // do this here because ip based checking may be set after construction
283  $this->determineUser();
284 
285  // check for type by subdirectory
286  $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
287  $pos2 = strpos($this->subpath, "mobs/mm_") + 8;
288  $pos3 = strpos($this->subpath, "usr_images/") + 11;
289 
290  $obj_id = 0;
291  $type = 'none';
292  // trying to access data within a learning module folder
293  if ($pos1 > 11)
294  {
295  $type = 'lm';
296  $seperator = strpos($this->subpath, '/', $pos1);
297  $obj_id = substr($this->subpath, $pos1, ($seperator > 0 ? $seperator : strlen($this->subpath))-$pos1);
298  }
299  //trying to access media data
300  else if ($pos2 > 8)
301  {
302  $type = 'mob';
303  $seperator = strpos($this->subpath, '/', $pos2);
304  $obj_id = substr($this->subpath, $pos2, ($seperator > 0 ? $seperator : strlen($this->subpath))-$pos2);
305  }
306  // trying to access a user image
307  elseif ($pos3 > 11)
308  {
309  $type = 'user_image';
310  // user images may be:
311  // upload_123pic, upload_123
312  // usr_123.jpg, usr_123_small.jpg, usr_123_xsmall.jpg, usr_123_xxsmall.jpg
313  $seperator = strpos($this->subpath, '_', $pos3);
314  $obj_id = (int) substr($this->subpath, $seperator + 1);
315  }
316 
317  if (!$obj_id || $type == 'none')
318  {
319  $this->errorcode = 404;
320  $this->errortext = $this->lng->txt("obj_not_found");
321  return false;
322  }
323 
324  switch($type)
325  {
326  // SCORM or HTML learning module
327  case 'lm':
328  if ($this->checkAccessObject($obj_id))
329  {
330  return true;
331  }
332  break;
333 
334  // media object
335  case 'mob':
336  $usages = ilObjMediaObject::lookupUsages($obj_id);
337 
338  foreach($usages as $usage)
339  {
340  $oid = ilObjMediaObject::getParentObjectIdForUsage($usage, true);
341 
342  switch($usage['type'])
343  {
344  case 'lm:pg':
345  if ($oid > 0)
346  {
347  if ($this->checkAccessLM($oid, 'lm', $usage['id']))
348  {
349  return true;
350  }
351  }
352  break;
353  case 'news':
354  // media objects in news (media casts)
355  include_once("./Modules/MediaCast/classes/class.ilObjMediaCastAccess.php");
356  include_once("./Services/News/classes/class.ilNewsItem.php");
357 
358  if ($this->checkAccessObject($oid, 'mcst'))
359  {
360  return true;
361  }
362  elseif (ilObjMediaCastAccess::_lookupPublicFiles($oid) && ilNewsItem::_lookupVisibility($usage["id"]) == NEWS_PUBLIC)
363  {
364  return true;
365  }
366  break;
367 
368 
369  case 'frm~:html':
370  // $oid = userid
371  foreach ($this->check_users as $user_id)
372  {
373  if ($ilObjDataCache->lookupType($oid) == 'usr' && $oid == $user_id)
374  {
375  return true;
376  }
377  }
378  break;
379 
380  case 'qpl:pg':
381  case 'qpl:html':
382  // test questions
383  if ($this->checkAccessTestQuestion($oid, $usage['id']))
384  {
385  return true;
386  }
387  break;
388 
389  case 'gdf:pg':
390  // special check for glossary terms
391  if ($this->checkAccessGlossaryTerm($oid, $usage['id']))
392  {
393  return true;
394  }
395  break;
396 
397  case 'sahs:pg':
398  // check for scorm pages
399  if ($this->checkAccessObject($oid, 'sahs'))
400  {
401  return true;
402  }
403  break;
404 
405  default:
406  // standard object check
407  if ($this->checkAccessObject($oid))
408  {
409  return true;
410  }
411  break;
412  }
413  }
414  break;
415 
416  // image in user profile
417  case 'user_image':
418  if ($this->checkAccessUserImage($obj_id))
419  {
420  return true;
421  }
422  break;
423  }
424 
425  // none of the checks above gives access
426  $this->errorcode = 403;
427  $this->errortext = $this->lng->txt('msg_no_perm_read');
428  return false;
429  }
430 
439  private function checkAccessLM($obj_id, $obj_type, $page = 0)
440  {
441  global $lng;
442 
443  //if (!$page)
444  //{
445  $ref_ids = ilObject::_getAllReferences($obj_id);
446  foreach($ref_ids as $ref_id)
447  {
448  foreach ($this->check_users as $user_id)
449  {
450  if ($this->ilAccess->checkAccessOfUser($user_id, "read", "view", $ref_id, $obj_id, $obj_type))
451  {
452  return true;
453  }
454  }
455  }
456  return false;
457  //}
458  //else
459  //{
460  // $ref_ids = ilObject::_getAllReferences($obj_id);
461  // foreach($ref_ids as $ref_id)
462  // {
463  // if ($this->ilAccess->checkAccess("read", "", $ref_id))
464  // {
465  // require_once 'Modules/LearningModule/classes/class.ilObjLearningModule.php';
466  // $lm = new ilObjLearningModule($obj_id,false);
467  // if ($lm->_checkPreconditionsOfPage($ref_id, $obj_id, $page))
468  // return true;
469  // }
470  // }
471  // return false;
472  //}
473  }
474 
481  private function checkAccessObject($obj_id, $obj_type = '')
482  {
483  global $ilAccess;
484 
485  if (!$obj_type)
486  {
487  $obj_type = ilObject::_lookupType($obj_id);
488  }
489  $ref_ids = ilObject::_getAllReferences($obj_id);
490 
491  foreach($ref_ids as $ref_id)
492  {
493  foreach ($this->check_users as $user_id)
494  {
495  if ($ilAccess->checkAccessOfUser($user_id, "read", "view", $ref_id, $obj_type, $obj_id))
496  {
497  return true;
498  }
499  }
500  }
501  return false;
502  }
503 
504 
513  private function checkAccessTestQuestion($obj_id, $usage_id = 0)
514  {
515  global $ilAccess;
516 
517  // give access if direct usage is readable
518  if ($this->checkAccessObject($obj_id))
519  {
520  return true;
521  }
522 
523  $obj_type = ilObject::_lookupType($obj_id);
524  if ($obj_type == 'qpl')
525  {
526  // give access if question pool is used by readable test
527  // for random selection of questions
528  include_once('./Modules/Test/classes/class.ilObjTestAccess.php');
529  $tests = ilObjTestAccess::_getRandomTestsForQuestionPool($obj_id);
530  foreach ($tests as $test_id)
531  {
532  if ($this->checkAccessObject($test_id, 'tst'))
533  {
534  return true;
535  }
536  }
537  }
538  return false;
539  }
540 
541 
550  private function checkAccessGlossaryTerm($obj_id, $page_id)
551  {
552  // give access if glossary is readable
553  if ($this->checkAccessObject($obj_id))
554  {
555  return true;
556  }
557 
558  include_once("./Modules/Glossary/classes/class.ilGlossaryDefinition.php");
559  include_once("./Modules/Glossary/classes/class.ilGlossaryTerm.php");
560  $term_id = ilGlossaryDefinition::_lookupTermId($page_id);
561 
562  include_once('./Services/COPage/classes/class.ilInternalLink.php');
563  $sources = ilInternalLink::_getSourcesOfTarget('git',$term_id, 0);
564 
565  if ($sources)
566  {
567  foreach ($sources as $src)
568  {
569  switch ($src['type'])
570  {
571  // Give access if term is linked by a learning module with read access.
572  // The term including media is shown by the learning module presentation!
573  case 'lm:pg':
574  include_once("./Modules/LearningModule/classes/class.ilLMObject.php");
575  $src_obj_id = ilLMObject::_lookupContObjID($src['id']);
576  if ($this->checkAccessObject($src_obj_id, 'lm'))
577  {
578  return true;
579  }
580  break;
581 
582  // Don't yet give access if the term is linked by another glossary
583  // The link will lead to the origin glossary which is already checked
584  /*
585  case 'gdf:pg':
586  $src_term_id = ilGlossaryDefinition::_lookupTermId($src['id']);
587  $src_obj_id = ilGlossaryTerm::_lookGlossaryID($src_term_id);
588  if ($this->checkAccessObject($src_obj_id, 'glo'))
589  {
590  return true;
591  }
592  break;
593  */
594  }
595  }
596  }
597  }
598 
599 
609  private function checkAccessUserImage($usr_id)
610  {
611  global $ilUser, $ilSetting;
612 
613  // check if own image is viewed
614  if ($usr_id == $ilUser->getId())
615  {
616  return true;
617  }
618 
619  // check if image is in the public profile
620  $public_upload = ilObjUser::_lookupPref($usr_id, 'public_upload');
621  if ($public_upload != 'y')
622  {
623  return false;
624  }
625 
626  // check the publication status of the profile
627  $public_profile = ilObjUser::_lookupPref($usr_id, 'public_profile');
628 
629  if ($public_profile == 'g'
630  and $ilSetting->get('enable_global_profiles')
631  and $ilSetting->get('pub_section'))
632  {
633  // globally public
634  return true;
635  }
636  elseif (($public_profile == 'y' or $public_profile == 'g')
637  and $ilUser->getId() != ANONYMOUS_USER_ID)
638  {
639  // public for logged in users
640  return true;
641  }
642  else
643  {
644  // not public
645  return false;
646  }
647  }
648 
649 
655  public function setDisposition($a_disposition)
656  {
657  if (in_array(strtolower($a_disposition), array('inline','attachment','virtual')))
658  {
659  $this->disposition = strtolower($a_disposition);
660  }
661  else
662  {
663  $this->disposition = 'inline';
664  }
665  }
666 
672  public function getDisposition()
673  {
674  return $this->disposition;
675  }
676 
682  public function setSendMimetype($a_send_mimetype)
683  {
684  if (in_array(strtolower($a_send_mimetype), array('','0','off','false')))
685  {
686  $this->mimetype = null;
687  $this->send_mimetype = false;
688  }
689  elseif (in_array(strtolower($a_send_mimetype), array('1','on','true')))
690  {
691  $this->mimetype = null;
692  $this->send_mimetype = true;
693  }
694  else
695  {
696  $this->mimetype = $a_send_mimetype;
697  $this->send_mimetype = true;
698  }
699  }
700 
705  public function getSendMimetype()
706  {
707  return $this->send_mimetype;
708  }
709 
710 
716  public function setCheckIp($a_check_ip)
717  {
718  if (in_array(strtolower($a_check_ip), array('','0','off','false')))
719  {
720  $this->check_ip = false;
721  }
722  elseif (in_array(strtolower($a_check_ip), array('1','on','true')))
723  {
724  $this->check_ip = true;
725  }
726  }
727 
732  public function getCheckIp()
733  {
734  return $this->check_ip;
735  }
736 
737 
742  public function sendFile()
743  {
744  //$system_use_xsendfile = true;
745  $xsendfile_available = false;
746 
747  //if (function_exists('apache_get_modules'))
748  //{
749  // $modules = apache_get_modules();
750  // $xsendfile_available = in_array('mod_xsendfile', $modules);
751  //}
752 
753  //$xsendfile_available = $system_use_xsendfile & $xsendfile_available;
754 
755 
756  // delivery via apache virtual function
757  if ($this->getDisposition() == "virtual")
758  {
759  $this->sendFileVirtual();
760  exit;
761  }
762  // delivery for download dialogue
763  elseif ($this->getDisposition() == "attachment")
764  {
765  if ($xsendfile_available)
766  {
767  header('x-sendfile: ' . $this->file);
768  header("Content-Type: application/octet-stream");
769  }
770  else
771  ilUtil::deliverFile($this->file, basename($this->file));
772  exit;
773  }
774  // inline delivery
775  else
776  {
777  if (!isset($_SERVER["HTTPS"]))
778  {
779  header("Cache-Control: no-cache, must-revalidate");
780  header("Pragma: no-cache");
781  }
782 
783  if ($this->getSendMimetype())
784  {
785  header("Content-Type: " . $this->getMimeType());
786  }
787  header("Content-Length: ".(string)(filesize($this->file)));
788 
789  if (isset($_SERVER["HTTPS"]))
790  {
791  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
792  header('Pragma: public');
793  }
794 
795  header("Connection: close");
796 
797  if ($xsendfile_available)
798  {
799  header('x-sendfile: ' . $this->file);
800  if ($this->getSendMimetype())
801  {
802  header("Content-Type: " . $this->getMimeType());
803  }
804  }
805  else
806  {
807  ilUtil::readFile( $this->file);
808  }
809 
810  exit;
811  }
812  }
813 
823  public function sendFileVirtual()
824  {
825  header('Last-Modified: '. date ("D, j M Y H:i:s", filemtime($this->file)). " GMT");
826  header('ETag: "'. md5(filemtime($this->file).filesize($this->file)).'"');
827  header('Accept-Ranges: bytes');
828  header("Content-Length: ".(string)(filesize($this->file)));
829  if ($this->getSendMimetype())
830  {
831  header("Content-Type: " . $this->getMimeType());
832  }
833 
834  apache_setenv('ILIAS_CHECKED','1');
835  virtual($this->virtual_path);
836  exit;
837  }
838 
839 
844  public function sendError()
845  {
846  global $ilSetting, $ilUser, $tpl, $lng, $tree;
847 
848  switch ($this->errorcode)
849  {
850  case 404:
851  header("HTTP/1.0 404 Not Found");
852  break;
853  case 403:
854  default:
855  header("HTTP/1.0 403 Forbidden");
856  break;
857  }
858 
859  // set the page base to the ILIAS directory
860  // to get correct references for images and css files
861  $tpl->setCurrentBlock("HeadBaseTag");
862  $tpl->setVariable('BASE', ILIAS_HTTP_PATH . '/error.php');
863  $tpl->parseCurrentBlock();
864  $tpl->addBlockFile("CONTENT", "content", "tpl.error.html");
865 
866  // Check if user is logged in
867  $anonymous = ($ilUser->getId() == ANONYMOUS_USER_ID);
868 
869  if ($anonymous)
870  {
871  // Provide a link to the login screen for anonymous users
872 
873  $tpl->SetCurrentBlock("ErrorLink");
874  $tpl->SetVariable("TXT_LINK", $lng->txt('login_to_ilias'));
875  $tpl->SetVariable("LINK", ILIAS_HTTP_PATH. '/login.php?cmd=force_login&client_id='.CLIENT_ID);
876  $tpl->ParseCurrentBlock();
877  }
878  else
879  {
880  // Provide a link to the repository for authentified users
881 
882  $nd = $tree->getNodeData(ROOT_FOLDER_ID);
883  $txt = $nd['title'] == 'ILIAS' ? $lng->txt('repository') : $nd['title'];
884 
885  $tpl->SetCurrentBlock("ErrorLink");
886  $tpl->SetVariable("TXT_LINK", $txt);
887  $tpl->SetVariable("LINK", ILIAS_HTTP_PATH. '/repository.php?client_id='.CLIENT_ID);
888  $tpl->ParseCurrentBlock();
889  }
890 
891  $tpl->setCurrentBlock("content");
892  $tpl->setVariable("ERROR_MESSAGE",($this->errortext));
893  $tpl->setVariable("SRC_IMAGE", ilUtil::getImagePath("mess_failure.gif"));
894  $tpl->parseCurrentBlock();
895 
896  $tpl->show();
897  exit;
898  }
899 
906  public function getMimeType($default = 'application/octet-stream')
907  {
908  // take a previously set mimetype
909  if (isset($this->mimetype))
910  {
911  return $this->mimetype;
912  }
913 
914  $mime = '';
915  if (extension_loaded('Fileinfo'))
916  {
917  $finfo = finfo_open(FILEINFO_MIME);
918  $mime = finfo_file($finfo, $this->file);
919  finfo_close($finfo);
920  if ($pos = strpos($mime, ' '))
921  {
922  $mime = substr($mime, 0, $pos);
923  }
924  }
925  else
926  {
927  $mime = ilObjMediaObject::getMimeType($this->file);
928  }
929 
930  // set and return the mime type
931  $this->mimetype = $mime ? $mime : $default;
932  return $this->mimetype;
933  }
934 }
935 ?>