ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilWebAccessChecker.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2010 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
4 // Prevent a general redirect to the login screen for anonymous users.
5 // The checker will show an error page with login link instead
6 // (see ilInitialisation::InitILIAS() for details)
7 $_GET["baseClass"] = "ilStartUpGUI";
8 
9 // Define a pseudo module to get a correct ILIAS_HTTP_PATH
10 // (needed for links on the error page).
11 // "data" is assumed to be the ILIAS_WEB_DIR
12 // (see ilInitialisation::buildHTTPPath() for details)
13 define("ILIAS_MODULE", substr($_SERVER['PHP_SELF'],
14  strpos($_SERVER['PHP_SELF'], "/data/") + 6));
15 
16 // Define the cookie path to prevent a different session created for web access
17 // (see ilInitialisation::setCookieParams() for details)
18 $GLOBALS['COOKIE_PATH'] = substr($_SERVER['PHP_SELF'], 0,
19  strpos($_SERVER['PHP_SELF'], "/data/"));
20 
21 // Determine the ILIAS client from the web path
22 // This is needed because a session cookie may not yet exist
23 // (see ilINITIALISATION::determineClient() for details)
24 $client_start = strpos($_SERVER['PHP_SELF'], "/data/") + 6;
25 $client_end = strpos($_SERVER['PHP_SELF'], "/", $client_start);
26 $_GET['client_id'] = substr($_SERVER['PHP_SELF'], $client_start, $client_end - $client_start);
27 
28 // Remember if the initial session was empty
29 // Then a new session record should not be written
30 // (see ilSession::_writeData for details)
31 $GLOBALS['WEB_ACCESS_WITHOUT_SESSION'] = (session_id() == "");
32 
33 
34 // Now the ILIAS header can be included
35 require_once "./include/inc.header.php";
36 require_once "./Services/Utilities/classes/class.ilUtil.php";
37 require_once "./classes/class.ilObject.php";
38 require_once "./Services/MediaObjects/classes/class.ilObjMediaObject.php";
39 
40 
54 class ilWebAccessChecker
55 {
56  var $lng;
57  var $ilAccess;
58 
64  var $subpath;
65 
71  var $file;
72 
78  var $params;
79 
80 
86  var $disposition = "inline";
87 
93  var $check_ip = false;
94 
95 
103  var $check_users = array();
104 
110  var $send_mimetype = true;
111 
112 
119  var $mimetype = null;
120 
121 
127  var $errorcode;
128 
129 
135  var $errortext;
136 
137 
142  function ilWebAccessChecker()
143  {
144  global $ilUser, $ilAccess, $lng, $ilLog;
145 
146  $this->lng =& $lng;
147  $this->ilAccess =& $ilAccess;
148  $this->params = array();
149 
150  // get the requested file and its type
151  $uri = parse_url($_SERVER["REQUEST_URI"]);
152  parse_str($uri["query"], $this->params);
153 
154  $pattern = ILIAS_WEB_DIR . "/" . CLIENT_ID;
155  $this->subpath = urldecode(substr($uri["path"], strpos($uri["path"], $pattern)));
156  $this->file = realpath(ILIAS_ABSOLUTE_PATH . "/". $this->subpath);
157 
158  // build url path for virtual function
159  $this->virtual_path = str_replace($pattern, "virtual-" . $pattern, $uri["path"]);
160 
161 
162  // set the parameters provided with the checker call
163  if (isset($_GET['disposition']))
164  {
165  $this->setDisposition($_GET['disposition']);
166  }
167  if (isset($_GET['check_ip']))
168  {
169  $this->setCheckIp($_GET['check_ip']);
170  }
171  if (isset($_GET['send_mimetype']))
172  {
173  $this->setSendMimetype($_GET['send_mimetype']);
174  }
175 
176  /* debugging
177  echo "<pre>";
178  echo "REQUEST_URI: ". $_SERVER["REQUEST_URI"]. "\n";
179  echo "Parsed URI: ". $uri["path"]. "\n";
180  echo "DOCUMENT_ROOT: ". $_SERVER["DOCUMENT_ROOT"]. "\n";
181  echo "PHP_SELF: ". $_SERVER["PHP_SELF"]. "\n";
182  echo "SCRIPT_NAME: ". $_SERVER["SCRIPT_NAME"]. "\n";
183  echo "SCRIPT_FILENAME: ". $_SERVER["SCRIPT_FILENAME"]. "\n";
184  echo "PATH_TRANSLATED: ". $_SERVER["PATH_TRANSLATED"]. "\n";
185  echo "ILIAS_WEB_DIR: ". ILIAS_WEB_DIR. "\n";
186  echo "ILIAS_HTTP_PATH: ". ILIAS_HTTP_PATH. "\n";
187  echo "ILIAS_ABSOLUTE_PATH: ". ILIAS_ABSOLUTE_PATH. "\n";
188  echo "CLIENT_ID: ". CLIENT_ID. "\n";
189  echo "CLIENT_WEB_DIR: ". CLIENT_WEB_DIR. "\n";
190  echo "subpath: ". $this->subpath. "\n";
191  echo "file: ". $this->file. "\n";
192  echo "disposition: ". $this->disposition. "\n";
193  echo "ckeck_ip: ". $this->check_ip. "\n";
194  echo "send_mimetype: ". $this->send_mimetype. "\n";
195  echo "</pre>";
196  echo phpinfo();
197  exit;
198  */
199 
200  if (!file_exists($this->file))
201  {
202  $this->errorcode = 404;
203  $this->errortext = $this->lng->txt("url_not_found");
204  return false;
205  }
206  }
207 
211  public function determineUser()
212  {
213  global $ilUser;
214 
215  // a valid user session is found
216  if ($_SESSION["AccountId"])
217  {
218  $this->check_users = array($_SESSION["AccountId"]);
219  return;
220  }
221 
222  // no session cookie was delivered
223  // user identification by ip address is allowed
224  elseif ($GLOBALS['WEB_ACCESS_WITHOUT_SESSION'] and $this->getCheckIp())
225  {
226  $this->check_users = ilSession::_getUsersWithIp($_SERVER['REMOTE_ADDR']);
227 
228  if (count($this->check_users) == 0)
229  {
230  // no user was found for the ip address
231  $this->check_users = array(ANONYMOUS_USER_ID);
232 
233  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
234  $ilUser->setId(ANONYMOUS_USER_ID);
235  $ilUser->read();
236  }
237  elseif (count($this->check_users) == 1)
238  {
239  // exactly one user is found with an active session
240  $_SESSION["AccountId"] = current($this->check_users);
241  $ilUser->setId(current($this->check_users));
242  $ilUser->read();
243  }
244  else
245  {
246  // more than one user found for the ip address
247  // take the anonymous user for the session
248  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
249  $ilUser->setId(ANONYMOUS_USER_ID);
250  $ilUser->read();
251  }
252  return;
253  }
254 
255  // take the anonymous user as fallback
256  else
257  {
258  $this->check_users = array(ANONYMOUS_USER_ID);
259 
260  $_SESSION["AccountId"] = ANONYMOUS_USER_ID;
261  $ilUser->setId(ANONYMOUS_USER_ID);
262  $ilUser->read();
263 
264  return;
265  }
266  }
267 
272  public function checkAccess()
273  {
274  global $ilLog, $ilUser, $ilObjDataCache;
275 
276  // an error already occurred at class initialisation
277  if ($this->errorcode)
278  {
279  return false;
280  }
281 
282  // do this here because ip based checking may be set after construction
283  $this->determineUser();
284 
285  // check for type by subdirectory
286  $pos1 = strpos($this->subpath, "lm_data/lm_") + 11;
287  $pos2 = strpos($this->subpath, "mobs/mm_") + 8;
288  $pos3 = strpos($this->subpath, "usr_images/") + 11;
289 
290  $obj_id = 0;
291  $type = 'none';
292  // trying to access data within a learning module folder
293  if ($pos1 > 11)
294  {
295  $type = 'lm';
296  $seperator = strpos($this->subpath, '/', $pos1);
297  $obj_id = substr($this->subpath, $pos1, ($seperator > 0 ? $seperator : strlen($this->subpath))-$pos1);
298  }
299  //trying to access media data
300  else if ($pos2 > 8)
301  {
302  $type = 'mob';
303  $seperator = strpos($this->subpath, '/', $pos2);
304  $obj_id = substr($this->subpath, $pos2, ($seperator > 0 ? $seperator : strlen($this->subpath))-$pos2);
305  }
306  // trying to access a user image
307  elseif ($pos3 > 11)
308  {
309  $type = 'user_image';
310  // user images may be:
311  // upload_123pic, upload_123
312  // usr_123.jpg, usr_123_small.jpg, usr_123_xsmall.jpg, usr_123_xxsmall.jpg
313  $seperator = strpos($this->subpath, '_', $pos3);
314  $obj_id = (int) substr($this->subpath, $seperator + 1);
315  }
316 
317  if (!$obj_id || $type == 'none')
318  {
319  $this->errorcode = 404;
320  $this->errortext = $this->lng->txt("obj_not_found");
321  return false;
322  }
323 
324  switch($type)
325  {
326  // SCORM or HTML learning module
327  case 'lm':
328  if ($this->checkAccessObject($obj_id))
329  {
330  return true;
331  }
332  break;
333 
334  // media object
335  case 'mob':
336  $usages = ilObjMediaObject::lookupUsages($obj_id);
337 
338  foreach($usages as $usage)
339  {
340  $oid = ilObjMediaObject::getParentObjectIdForUsage($usage, true);
341 
342  switch($usage['type'])
343  {
344  case 'lm:pg':
345  if ($oid > 0)
346  {
347  if ($this->checkAccessLM($oid, 'lm', $usage['id']))
348  {
349  return true;
350  }
351  }
352  break;
353  case 'news':
354  // media objects in news (media casts)
355  include_once("./Modules/MediaCast/classes/class.ilObjMediaCastAccess.php");
356  include_once("./Services/News/classes/class.ilNewsItem.php");
357 
358  if ($this->checkAccessObject($oid, 'mcst'))
359  {
360  return true;
361  }
362  elseif (ilObjMediaCastAccess::_lookupPublicFiles($oid) && ilNewsItem::_lookupVisibility($usage["id"]) == NEWS_PUBLIC)
363  {
364  return true;
365  }
366  break;
367 
368  case 'qpl:pg':
369  case 'qpl:html':
370  // test questions
371  if ($this->checkAccessTestQuestion($oid, $usage['id']))
372  {
373  return true;
374  }
375  break;
376 
377  case 'gdf:pg':
378  // special check for glossary terms
379  if ($this->checkAccessGlossaryTerm($oid, $usage['id']))
380  {
381  return true;
382  }
383  break;
384 
385  case 'sahs:pg':
386  // check for scorm pages
387  if ($this->checkAccessObject($oid, 'sahs'))
388  {
389  return true;
390  }
391  break;
392 
393  default:
394  // standard object check
395  if ($this->checkAccessObject($oid))
396  {
397  return true;
398  }
399  break;
400  }
401  }
402  break;
403 
404  // image in user profile
405  case 'user_image':
406  if ($this->checkAccessUserImage($obj_id))
407  {
408  return true;
409  }
410  break;
411  }
412 
413  // none of the checks above gives access
414  $this->errorcode = 403;
415  $this->errortext = $this->lng->txt('msg_no_perm_read');
416  return false;
417  }
418 
427  private function checkAccessLM($obj_id, $obj_type, $page = 0)
428  {
429  global $lng;
430 
431  //if (!$page)
432  //{
433  $ref_ids = ilObject::_getAllReferences($obj_id);
434  foreach($ref_ids as $ref_id)
435  {
436  foreach ($this->check_users as $user_id)
437  {
438  if ($this->ilAccess->checkAccessOfUser($user_id, "read", "view", $ref_id, $obj_id, $obj_type))
439  {
440  return true;
441  }
442  }
443  }
444  return false;
445  //}
446  //else
447  //{
448  // $ref_ids = ilObject::_getAllReferences($obj_id);
449  // foreach($ref_ids as $ref_id)
450  // {
451  // if ($this->ilAccess->checkAccess("read", "", $ref_id))
452  // {
453  // require_once 'Modules/LearningModule/classes/class.ilObjLearningModule.php';
454  // $lm = new ilObjLearningModule($obj_id,false);
455  // if ($lm->_checkPreconditionsOfPage($ref_id, $obj_id, $page))
456  // return true;
457  // }
458  // }
459  // return false;
460  //}
461  }
462 
469  private function checkAccessObject($obj_id, $obj_type = '')
470  {
471  global $ilAccess;
472 
473  if (!$obj_type)
474  {
475  $obj_type = ilObject::_lookupType($obj_id);
476  }
477  $ref_ids = ilObject::_getAllReferences($obj_id);
478  foreach($ref_ids as $ref_id)
479  {
480  foreach ($this->check_users as $user_id)
481  {
482  if ($ilAccess->checkAccessOfUser($user_id, "read", "view", $ref_id, $obj_type, $obj_id))
483  {
484  return true;
485  }
486  }
487  }
488  return false;
489  }
490 
491 
500  private function checkAccessTestQuestion($obj_id, $usage_id = 0)
501  {
502  global $ilAccess;
503 
504  // give access if direct usage is readable
505  if ($this->checkAccessObject($obj_id))
506  {
507  return true;
508  }
509 
510  $obj_type = ilObject::_lookupType($obj_id);
511  if ($obj_type == 'qpl')
512  {
513  // give access if question pool is used by readable test
514  // for random selection of questions
515  include_once('./Modules/Test/classes/class.ilObjTestAccess.php');
516  $tests = ilObjTestAccess::_getRandomTestsForQuestionPool($obj_id);
517  foreach ($tests as $test_id)
518  {
519  if ($this->checkAccessObject($test_id, 'tst'))
520  {
521  return true;
522  }
523  }
524  }
525  return false;
526  }
527 
528 
537  private function checkAccessGlossaryTerm($obj_id, $page_id)
538  {
539  // give access if glossary is readable
540  if ($this->checkAccessObject($obj_id))
541  {
542  return true;
543  }
544 
545  include_once("./Modules/Glossary/classes/class.ilGlossaryDefinition.php");
546  include_once("./Modules/Glossary/classes/class.ilGlossaryTerm.php");
547  $term_id = ilGlossaryDefinition::_lookupTermId($page_id);
548 
549  include_once('./Services/COPage/classes/class.ilInternalLink.php');
550  $sources = ilInternalLink::_getSourcesOfTarget('git',$term_id, 0);
551 
552  if ($sources)
553  {
554  foreach ($sources as $src)
555  {
556  switch ($src['type'])
557  {
558  // Give access if term is linked by a learning module with read access.
559  // The term including media is shown by the learning module presentation!
560  case 'lm:pg':
561  include_once("./Modules/LearningModule/classes/class.ilLMObject.php");
562  $src_obj_id = ilLMObject::_lookupContObjID($src['id']);
563  if ($this->checkAccessObject($src_obj_id, 'lm'))
564  {
565  return true;
566  }
567  break;
568 
569  // Don't yet give access if the term is linked by another glossary
570  // The link will lead to the origin glossary which is already checked
571  /*
572  case 'gdf:pg':
573  $src_term_id = ilGlossaryDefinition::_lookupTermId($src['id']);
574  $src_obj_id = ilGlossaryTerm::_lookGlossaryID($src_term_id);
575  if ($this->checkAccessObject($src_obj_id, 'glo'))
576  {
577  return true;
578  }
579  break;
580  */
581  }
582  }
583  }
584  }
585 
586 
596  private function checkAccessUserImage($usr_id)
597  {
598  global $ilUser, $ilSetting;
599 
600  // check if own image is viewed
601  if ($usr_id == $ilUser->getId())
602  {
603  return true;
604  }
605 
606  // check if image is in the public profile
607  $public_upload = ilObjUser::_lookupPref($usr_id, 'public_upload');
608  if ($public_upload != 'y')
609  {
610  return false;
611  }
612 
613  // check the publication status of the profile
614  $public_profile = ilObjUser::_lookupPref($usr_id, 'public_profile');
615 
616  if ($public_profile == 'g'
617  and $ilSetting->get('enable_global_profiles')
618  and $ilSetting->get('pub_section'))
619  {
620  // globally public
621  return true;
622  }
623  elseif (($public_profile == 'y' or $public_profile == 'g')
624  and $ilUser->getId() != ANONYMOUS_USER_ID)
625  {
626  // public for logged in users
627  return true;
628  }
629  else
630  {
631  // not public
632  return false;
633  }
634  }
635 
636 
642  public function setDisposition($a_disposition)
643  {
644  if (in_array(strtolower($a_disposition), array('inline','attachment','virtual')))
645  {
646  $this->disposition = strtolower($a_disposition);
647  }
648  else
649  {
650  $this->disposition = 'inline';
651  }
652  }
653 
659  public function getDisposition()
660  {
661  return $this->disposition;
662  }
663 
669  public function setSendMimetype($a_send_mimetype)
670  {
671  if (in_array(strtolower($a_send_mimetype), array('','0','off','false')))
672  {
673  $this->mimetype = null;
674  $this->send_mimetype = false;
675  }
676  elseif (in_array(strtolower($a_send_mimetype), array('1','on','true')))
677  {
678  $this->mimetype = null;
679  $this->send_mimetype = true;
680  }
681  else
682  {
683  $this->mimetype = $a_send_mimetype;
684  $this->send_mimetype = true;
685  }
686  }
687 
692  public function getSendMimetype()
693  {
694  return $this->send_mimetype;
695  }
696 
697 
703  public function setCheckIp($a_check_ip)
704  {
705  if (in_array(strtolower($a_check_ip), array('','0','off','false')))
706  {
707  $this->check_ip = false;
708  }
709  elseif (in_array(strtolower($a_check_ip), array('1','on','true')))
710  {
711  $this->check_ip = true;
712  }
713  }
714 
719  public function getCheckIp()
720  {
721  return $this->check_ip;
722  }
723 
724 
729  public function sendFile()
730  {
731  //$system_use_xsendfile = true;
732  $xsendfile_available = false;
733 
734  //if (function_exists('apache_get_modules'))
735  //{
736  // $modules = apache_get_modules();
737  // $xsendfile_available = in_array('mod_xsendfile', $modules);
738  //}
739 
740  //$xsendfile_available = $system_use_xsendfile & $xsendfile_available;
741 
742 
743  // delivery via apache virtual function
744  if ($this->getDisposition() == "virtual")
745  {
746  $this->sendFileVirtual();
747  exit;
748  }
749  // delivery for download dialogue
750  elseif ($this->getDisposition() == "attachment")
751  {
752  if ($xsendfile_available)
753  {
754  header('x-sendfile: ' . $this->file);
755  header("Content-Type: application/octet-stream");
756  }
757  else
758  ilUtil::deliverFile($this->file, basename($this->file));
759  exit;
760  }
761  // inline delivery
762  else
763  {
764  if (!isset($_SERVER["HTTPS"]))
765  {
766  header("Cache-Control: no-cache, must-revalidate");
767  header("Pragma: no-cache");
768  }
769 
770  if ($this->getSendMimetype())
771  {
772  header("Content-Type: " . $this->getMimeType());
773  }
774  header("Content-Length: ".(string)(filesize($this->file)));
775 
776  if (isset($_SERVER["HTTPS"]))
777  {
778  header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
779  header('Pragma: public');
780  }
781 
782  header("Connection: close");
783 
784  if ($xsendfile_available)
785  {
786  header('x-sendfile: ' . $this->file);
787  if ($this->getSendMimetype())
788  {
789  header("Content-Type: " . $this->getMimeType());
790  }
791  }
792  else
793  {
794  ilUtil::readFile( $this->file);
795  }
796 
797  exit;
798  }
799  }
800 
810  public function sendFileVirtual()
811  {
812  header('Last-Modified: '. date ("D, j M Y H:i:s", filemtime($this->file)). " GMT");
813  header('ETag: "'. md5(filemtime($this->file).filesize($this->file)).'"');
814  header('Accept-Ranges: bytes');
815  header("Content-Length: ".(string)(filesize($this->file)));
816  if ($this->getSendMimetype())
817  {
818  header("Content-Type: " . $this->getMimeType());
819  }
820 
821  apache_setenv('ILIAS_CHECKED','1');
822  virtual($this->virtual_path);
823  exit;
824  }
825 
826 
831  public function sendError()
832  {
833  global $ilSetting, $ilUser, $tpl, $lng, $tree;
834 
835  switch ($this->errorcode)
836  {
837  case 404:
838  header("HTTP/1.0 404 Not Found");
839  break;
840  case 403:
841  default:
842  header("HTTP/1.0 403 Forbidden");
843  break;
844  }
845 
846  // set the page base to the ILIAS directory
847  // to get correct references for images and css files
848  $tpl->setCurrentBlock("HeadBaseTag");
849  $tpl->setVariable('BASE', ILIAS_HTTP_PATH . '/error.php');
850  $tpl->parseCurrentBlock();
851  $tpl->addBlockFile("CONTENT", "content", "tpl.error.html");
852 
853  // Check if user is logged in
854  $anonymous = ($ilUser->getId() == ANONYMOUS_USER_ID);
855 
856  if ($anonymous)
857  {
858  // Provide a link to the login screen for anonymous users
859 
860  $tpl->SetCurrentBlock("ErrorLink");
861  $tpl->SetVariable("TXT_LINK", $lng->txt('login_to_ilias'));
862  $tpl->SetVariable("LINK", ILIAS_HTTP_PATH. '/login.php?cmd=force_login&client_id='.CLIENT_ID);
863  $tpl->ParseCurrentBlock();
864  }
865  else
866  {
867  // Provide a link to the repository for authentified users
868 
869  $nd = $tree->getNodeData(ROOT_FOLDER_ID);
870  $txt = $nd['title'] == 'ILIAS' ? $lng->txt('repository') : $nd['title'];
871 
872  $tpl->SetCurrentBlock("ErrorLink");
873  $tpl->SetVariable("TXT_LINK", $txt);
874  $tpl->SetVariable("LINK", ILIAS_HTTP_PATH. '/repository.php?client_id='.CLIENT_ID);
875  $tpl->ParseCurrentBlock();
876  }
877 
878  $tpl->setCurrentBlock("content");
879  $tpl->setVariable("ERROR_MESSAGE",($this->errortext));
880  $tpl->setVariable("SRC_IMAGE", ilUtil::getImagePath("mess_failure.gif"));
881  $tpl->parseCurrentBlock();
882 
883  $tpl->show();
884  exit;
885  }
886 
893  public function getMimeType($default = 'application/octet-stream')
894  {
895  // take a previously set mimetype
896  if (isset($this->mimetype))
897  {
898  return $this->mimetype;
899  }
900 
901  $mime = '';
902  if (extension_loaded('Fileinfo'))
903  {
904  $finfo = finfo_open(FILEINFO_MIME);
905  $mime = finfo_file($finfo, $this->file);
906  finfo_close($finfo);
907  if ($pos = strpos($mime, ' '))
908  {
909  $mime = substr($mime, 0, $pos);
910  }
911  }
912  else
913  {
914  $mime = ilObjMediaObject::getMimeType($this->file);
915  }
916 
917  // set and return the mime type
918  $this->mimetype = $mime ? $mime : $default;
919  return $this->mimetype;
920  }
921 }
922 ?>