ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilWebAccessChecker.php
Go to the documentation of this file.
1 <?php
2 require_once('./Services/WebAccessChecker/classes/class.ilWACSignedPath.php');
3 require_once('./Services/WebAccessChecker/classes/class.ilWACPath.php');
4 require_once('./Services/WebAccessChecker/classes/class.ilWACSecurePath.php');
5 require_once('./Services/WebAccessChecker/classes/class.ilWACLog.php');
6 require_once('./Services/Init/classes/class.ilInitialisation.php');
7 require_once('./Services/FileDelivery/classes/class.ilFileDelivery.php');
8 require_once('./Services/WebAccessChecker/classes/class.ilWACCookie.php');
9 
17 
18  const DISPOSITION = 'disposition';
19  const STATUS_CODE = 'status_code';
20  const REVALIDATE = 'revalidate';
21  const CM_FILE_TOKEN = 1;
22  const CM_FOLDER_TOKEN = 2;
24  const CM_SECFOLDER = 4;
28  protected $path_object = null;
32  protected $checked = false;
40  protected $override_mimetype = '';
44  protected $send_status_code = false;
48  protected $initialized = false;
52  protected $revalidate_folder_tokens = true;
56  protected static $DEBUG = false;
60  protected static $use_seperate_logfile = false;
64  protected $cookie = null;
68  protected $applied_checking_methods = array();
69 
70 
77  public function __construct($path, ilWACCookieInterface $ilWACCookieInterface = null) {
78  $this->setPathObject(new ilWACPath($path));
79  $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
80  }
81 
82 
87  public function check() {
88  ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
89  if (!$this->getPathObject()) {
91  }
92 
93  // Check if Path has been signed with a token
94  $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
95  if ($ilWACSignedPath->isSignedPath()) {
96  $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
97  if ($ilWACSignedPath->isSignedPathValid()) {
98  $this->setChecked(true);
99  ilWACLog::getInstance()->write('checked using token');
100  $this->sendHeader('checked using token');
101 
102  return true;
103  }
104  }
105 
106  // Check if the whole secured folder has been signed
107  if ($ilWACSignedPath->isFolderSigned()) {
108  $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
109  if ($ilWACSignedPath->isFolderTokenValid()) {
110  if ($this->isRevalidateFolderTokens()) {
111  $ilWACSignedPath->revalidatingFolderToken();
112  }
113  $this->setChecked(true);
114  ilWACLog::getInstance()->write('checked using secure folder');
115  $this->sendHeader('checked using secure folder');
116 
117  return true;
118  }
119  }
120 
121  // Fallback, have to initiate ILIAS
122  $this->initILIAS();
123 
124  // Maybe the path has been registered, lets check
125  $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
126  if ($checkingInstance instanceof ilWACCheckingClass) {
127  $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
128  ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
129  $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
130  if ($canBeDelivered) {
131  ilWACLog::getInstance()->write('checked using fallback');
132  $this->sendHeader('checked using fallback');
133  if ($ilWACSignedPath->isFolderSigned()&& $this->isRevalidateFolderTokens()) {
134  $ilWACSignedPath->revalidatingFolderToken();
135  }
136 
137  $this->setChecked(true);
138 
139  return true;
140  } else {
141  ilWACLog::getInstance()->write('checking-instance denied access');
142  $this->setChecked(true);
143 
144  return false;
145  }
146  }
147 
148  // none of the checking mechanisms could have been applied. no access
149  $this->setChecked(true);
150  ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
151  if ($this->getPathObject()->isInSecFolder()) {
152  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
153  ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
154 
155  return false;
156  } else {
157  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
158  ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
159 
160  return true;
161  }
162  }
163 
164 
169  public function initILIAS() {
170  if ($this->isInitialized()) {
171  return true;
172  }
173  $GLOBALS['COOKIE_PATH'] = '/';
174  $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
176  try {
177  ilWACLog::getInstance()->write('init ILIAS');
179  $this->checkPublicSection();
180  $this->checkUser();
181  } catch (Exception $e) {
182  if (($e instanceof ilWACException && $e->getCode() == ilWACException::ACCESS_DENIED_NO_LOGIN)
183  || ($e instanceof Exception && $e->getMessage() == 'Authentication failed.')) {
184  $_REQUEST["baseClass"] = "ilStartUpGUI";
185  // @todo authentication: fix request show login
186  $_REQUEST["cmd"] = "showLogin";
187 
188  $_POST['username'] = 'anonymous';
189  $_POST['password'] = 'anonymous';
190  ilWACLog::getInstance()->write('reinit ILIAS');
192  $this->checkPublicSection();
193  $this->checkUser();
194  } elseif ($e instanceof ilWACException) {
195  throw $e;
196  }
197  }
198  $this->setInitialized(true);
199  }
200 
201 
202  protected function checkPublicSection() {
203  global $ilSetting, $ilUser;
204  if (!$ilSetting instanceof ilSetting || ($ilUser->getId() == ANONYMOUS_USER_ID && !$ilSetting->get('pub_section'))) {
205  ilWACLog::getInstance()->write('public section not activated');
207  }
208  }
209 
210 
211  protected function checkUser() {
212  global $ilUser;
213  if (!$ilUser instanceof ilObjUser || ($ilUser->getId() == 0 && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false)) {
215  }
216  }
217 
218 
222  public function isChecked() {
223  return $this->checked;
224  }
225 
226 
230  public function setChecked($checked) {
231  $this->checked = $checked;
232  }
233 
234 
238  public function getPathObject() {
239  return $this->path_object;
240  }
241 
242 
246  public function setPathObject($path_object) {
247  $this->path_object = $path_object;
248  }
249 
250 
254  public function getDisposition() {
255  return $this->disposition;
256  }
257 
258 
262  public function setDisposition($disposition) {
263  $this->disposition = $disposition;
264  }
265 
266 
270  public function getOverrideMimetype() {
272  }
273 
274 
279  $this->override_mimetype = $override_mimetype;
280  }
281 
282 
286  public function isInitialized() {
287  return $this->initialized;
288  }
289 
290 
294  public function setInitialized($initialized) {
295  $this->initialized = $initialized;
296  }
297 
298 
302  public function isSendStatusCode() {
304  }
305 
306 
311  $this->send_status_code = $send_status_code;
312  }
313 
314 
318  public function isRevalidateFolderTokens() {
320  }
321 
322 
327  $this->revalidate_folder_tokens = $revalidate_folder_tokens;
328  }
329 
330 
334  public static function isDEBUG() {
335  return self::$DEBUG;
336  }
337 
338 
342  public static function setDEBUG($DEBUG) {
343  self::$DEBUG = $DEBUG;
344  }
345 
346 
350  public static function isUseSeperateLogfile() {
351  return self::$use_seperate_logfile;
352  }
353 
354 
359  self::$use_seperate_logfile = $use_seperate_logfile;
360  }
361 
362 
366  public function getCookie() {
367  return $this->cookie;
368  }
369 
370 
374  public function setCookie($cookie) {
375  $this->cookie = $cookie;
376  }
377 
378 
382  public function getAppliedCheckingMethods() {
384  }
385 
386 
391  $this->applied_checking_methods = $applied_checking_methods;
392  }
393 
394 
398  protected function addAppliedCheckingMethod($method) {
399  $this->applied_checking_methods[] = $method;
400  }
401 
402 
406  protected function sendHeader($message) {
407  header('X-ILIAS-WebAccessChecker: ' . $message);
408  }
409 }
static setUseSeperateLogfile($use_seperate_logfile)
ILIAS Setting Class.
__construct($path, ilWACCookieInterface $ilWACCookieInterface=null)
ilWebAccessChecker constructor.
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Class ilWACException.
const CONTEXT_WAC
$_POST['username']
Definition: cron.php:12
setAppliedCheckingMethods($applied_checking_methods)
Class ilWACCookieInterface.
static getInstance()
Class ilWACPath.
setRevalidateFolderTokens($revalidate_folder_tokens)
static initILIAS()
ilias initialisation
Class ilWACCookie.
Class ilWebAccessChecker.
setSendStatusCode($send_status_code)
Class ilWACSignedPath.
Class ilWACCheckingClass.
setOverrideMimetype($override_mimetype)
static init($a_type)
Init context by type.
global $ilUser
Definition: imgupload.php:15
global $ilSetting
Definition: privfeed.php:40
$path
Definition: index.php:22
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276