ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilWebAccessChecker.php
Go to the documentation of this file.
1<?php
2require_once('./Services/WebAccessChecker/classes/class.ilWACSignedPath.php');
3require_once('./Services/WebAccessChecker/classes/class.ilWACPath.php');
4require_once('./Services/WebAccessChecker/classes/class.ilWACSecurePath.php');
5require_once('./Services/WebAccessChecker/classes/class.ilWACLog.php');
6require_once('./Services/Init/classes/class.ilInitialisation.php');
7require_once('./Services/FileDelivery/classes/class.ilFileDelivery.php');
8require_once('./Services/WebAccessChecker/classes/class.ilWACCookie.php');
9
16class ilWebAccessChecker {
17
18 const DISPOSITION = 'disposition';
19 const STATUS_CODE = 'status_code';
20 const REVALIDATE = 'revalidate';
21 const CM_FILE_TOKEN = 1;
22 const CM_FOLDER_TOKEN = 2;
23 const CM_CHECKINGINSTANCE = 3;
24 const CM_SECFOLDER = 4;
28 protected $path_object = null;
32 protected $checked = false;
36 protected $disposition = ilFileDelivery::DISP_INLINE;
40 protected $override_mimetype = '';
44 protected $send_status_code = false;
48 protected $initialized = false;
52 protected $revalidate_folder_tokens = true;
56 protected static $DEBUG = false;
60 protected static $use_seperate_logfile = false;
64 protected $cookie = null;
68 protected $applied_checking_methods = array();
69
70
77 public function __construct($path, ilWACCookieInterface $ilWACCookieInterface = null) {
78 $this->setPathObject(new ilWACPath($path));
79 $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
80 }
81
82
87 public function check() {
88 ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
89 if (!$this->getPathObject()) {
90 throw new ilWACException(ilWACException::CODE_NO_PATH);
91 }
92
93 // Check if Path has been signed with a token
94 $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
95 if ($ilWACSignedPath->isSignedPath()) {
96 $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
97 if ($ilWACSignedPath->isSignedPathValid()) {
98 $this->setChecked(true);
99 ilWACLog::getInstance()->write('checked using token');
100 $this->sendHeader('checked using token');
101
102 return true;
103 }
104 }
105
106 // Check if the whole secured folder has been signed
107 if ($ilWACSignedPath->isFolderSigned()) {
108 $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
109 if ($ilWACSignedPath->isFolderTokenValid()) {
110 if ($this->isRevalidateFolderTokens()) {
111 $ilWACSignedPath->revalidatingFolderToken();
112 }
113 $this->setChecked(true);
114 ilWACLog::getInstance()->write('checked using secure folder');
115 $this->sendHeader('checked using secure folder');
116
117 return true;
118 }
119 }
120
121 // Fallback, have to initiate ILIAS
122 $this->initILIAS();
123
124 // Maybe the path has been registered, lets check
125 $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
126 if ($checkingInstance instanceof ilWACCheckingClass) {
127 $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
128 ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
129 $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
130 if ($canBeDelivered) {
131 ilWACLog::getInstance()->write('checked using fallback');
132 $this->sendHeader('checked using fallback');
133 if ($ilWACSignedPath->isFolderSigned()&& $this->isRevalidateFolderTokens()) {
134 $ilWACSignedPath->revalidatingFolderToken();
135 }
136
137 $this->setChecked(true);
138
139 return true;
140 } else {
141 ilWACLog::getInstance()->write('checking-instance denied access');
142 $this->setChecked(true);
143
144 return false;
145 }
146 }
147
148 // none of the checking mechanisms could have been applied. no access
149 $this->setChecked(true);
150 ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
151 if ($this->getPathObject()->isInSecFolder()) {
152 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
153 ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
154
155 return false;
156 } else {
157 $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
158 ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
159
160 return true;
161 }
162 }
163
164
169 public function initILIAS() {
170 if ($this->isInitialized()) {
171 return true;
172 }
173 $GLOBALS['COOKIE_PATH'] = '/';
174 $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
175 ilContext::init(ilContext::CONTEXT_WAC);
176 try {
177 ilWACLog::getInstance()->write('init ILIAS');
178 ilInitialisation::initILIAS();
179 $this->checkPublicSection();
180 $this->checkUser();
181 } catch (Exception $e) {
182 if (($e instanceof ilWACException && $e->getCode() == ilWACException::ACCESS_DENIED_NO_LOGIN)
183 || ($e instanceof Exception && $e->getMessage() == 'Authentication failed.')) {
184 $_REQUEST["baseClass"] = "ilStartUpGUI";
185 // @todo authentication: fix request show login
186 $_REQUEST["cmd"] = "showLogin";
187
188 $_POST['username'] = 'anonymous';
189 $_POST['password'] = 'anonymous';
190 ilWACLog::getInstance()->write('reinit ILIAS');
191 ilInitialisation::reinitILIAS();
192 $this->checkPublicSection();
193 $this->checkUser();
194 } elseif ($e instanceof ilWACException) {
195 throw $e;
196 }
197 }
198 $this->setInitialized(true);
199 }
200
201
202 protected function checkPublicSection() {
203 global $ilSetting, $ilUser;
204 if (!$ilSetting instanceof ilSetting || ($ilUser->getId() == ANONYMOUS_USER_ID && !$ilSetting->get('pub_section'))) {
205 ilWACLog::getInstance()->write('public section not activated');
206 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
207 }
208 }
209
210
211 protected function checkUser() {
212 global $ilUser;
213 if (!$ilUser instanceof ilObjUser || ($ilUser->getId() == 0 && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false)) {
214 throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
215 }
216 }
217
218
222 public function isChecked() {
223 return $this->checked;
224 }
225
226
230 public function setChecked($checked) {
231 $this->checked = $checked;
232 }
233
234
238 public function getPathObject() {
239 return $this->path_object;
240 }
241
242
246 public function setPathObject($path_object) {
247 $this->path_object = $path_object;
248 }
249
250
254 public function getDisposition() {
255 return $this->disposition;
256 }
257
258
262 public function setDisposition($disposition) {
263 $this->disposition = $disposition;
264 }
265
266
270 public function getOverrideMimetype() {
271 return $this->override_mimetype;
272 }
273
274
278 public function setOverrideMimetype($override_mimetype) {
279 $this->override_mimetype = $override_mimetype;
280 }
281
282
286 public function isInitialized() {
287 return $this->initialized;
288 }
289
290
294 public function setInitialized($initialized) {
295 $this->initialized = $initialized;
296 }
297
298
302 public function isSendStatusCode() {
303 return $this->send_status_code;
304 }
305
306
310 public function setSendStatusCode($send_status_code) {
311 $this->send_status_code = $send_status_code;
312 }
313
314
318 public function isRevalidateFolderTokens() {
319 return $this->revalidate_folder_tokens;
320 }
321
322
326 public function setRevalidateFolderTokens($revalidate_folder_tokens) {
327 $this->revalidate_folder_tokens = $revalidate_folder_tokens;
328 }
329
330
334 public static function isDEBUG() {
335 return self::$DEBUG;
336 }
337
338
342 public static function setDEBUG($DEBUG) {
343 self::$DEBUG = $DEBUG;
344 }
345
346
350 public static function isUseSeperateLogfile() {
351 return self::$use_seperate_logfile;
352 }
353
354
358 public static function setUseSeperateLogfile($use_seperate_logfile) {
359 self::$use_seperate_logfile = $use_seperate_logfile;
360 }
361
362
366 public function getCookie() {
367 return $this->cookie;
368 }
369
370
374 public function setCookie($cookie) {
375 $this->cookie = $cookie;
376 }
377
378
382 public function getAppliedCheckingMethods() {
383 return $this->applied_checking_methods;
384 }
385
386
390 public function setAppliedCheckingMethods($applied_checking_methods) {
391 $this->applied_checking_methods = $applied_checking_methods;
392 }
393
394
398 protected function addAppliedCheckingMethod($method) {
399 $this->applied_checking_methods[] = $method;
400 }
401
402
406 protected function sendHeader($message) {
407 header('X-ILIAS-WebAccessChecker: ' . $message);
408 }
409}
ilContext\init
static init($a_type)
Init context by type.
Definition: class.ilContext.php:39
ilContext\CONTEXT_WAC
const CONTEXT_WAC
Definition: class.ilContext.php:31
ilInitialisation\initILIAS
static initILIAS()
ilias initialisation
Definition: class.ilInitialisation.php:860
ilSetting
ILIAS Setting Class.
Definition: class.ilSetting.php:33
ilWACCookie
Class ilWACCookie.
Definition: class.ilWACCookie.php:9
ilWACException
Class ilWACException.
Definition: class.ilWACException.php:10
ilWACLog\getInstance
static getInstance()
Definition: class.ilWACLog.php:39
ilWACPath
Class ilWACPath.
Definition: class.ilWACPath.php:9
ilWACSignedPath
Class ilWACSignedPath.
Definition: class.ilWACSignedPath.php:13
ilWebAccessChecker
Class ilWebAccessChecker.
Definition: class.ilWebAccessChecker.php:16
ilWebAccessChecker\setUseSeperateLogfile
static setUseSeperateLogfile($use_seperate_logfile)
Definition: class.ilWebAccessChecker.php:358
ilWebAccessChecker\setSendStatusCode
setSendStatusCode($send_status_code)
Definition: class.ilWebAccessChecker.php:310
ilWebAccessChecker\setRevalidateFolderTokens
setRevalidateFolderTokens($revalidate_folder_tokens)
Definition: class.ilWebAccessChecker.php:326
ilWebAccessChecker\__construct
__construct($path, ilWACCookieInterface $ilWACCookieInterface=null)
ilWebAccessChecker constructor.
Definition: class.ilWebAccessChecker.php:77
ilWebAccessChecker\setAppliedCheckingMethods
setAppliedCheckingMethods($applied_checking_methods)
Definition: class.ilWebAccessChecker.php:390
ilWebAccessChecker\setOverrideMimetype
setOverrideMimetype($override_mimetype)
Definition: class.ilWebAccessChecker.php:278
$_POST
$_POST['username']
Definition: cron.php:12
$GLOBALS
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
ilWACCheckingClass
Class ilWACCheckingClass.
Definition: interface.ilWACCheckingClass.php:10
ilWACCookieInterface
Class ilWACCookieInterface.
Definition: interface.ilWACCookieInterface.php:8
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$path
$path
Definition: index.php:22
$_REQUEST
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
$ilUser
global $ilUser
Definition: imgupload.php:15