Collaboration diagram for ilWebAccessChecker:

Public Member Functions
	__construct ($path, ilWACCookieInterface $ilWACCookieInterface=null)
	ilWebAccessChecker constructor. More...

	check ()

	initILIAS ()

	isChecked ()

	setChecked ($checked)

	getPathObject ()

	setPathObject ($path_object)

	getDisposition ()

	setDisposition ($disposition)

	getOverrideMimetype ()

	setOverrideMimetype ($override_mimetype)

	isInitialized ()

	setInitialized ($initialized)

	isSendStatusCode ()

	setSendStatusCode ($send_status_code)

	isRevalidateFolderTokens ()

	setRevalidateFolderTokens ($revalidate_folder_tokens)

	getCookie ()

	setCookie ($cookie)

	getAppliedCheckingMethods ()

	setAppliedCheckingMethods ($applied_checking_methods)

Static Public Member Functions
static	isDEBUG ()

static	setDEBUG ($DEBUG)

static	isUseSeperateLogfile ()

static	setUseSeperateLogfile ($use_seperate_logfile)

Data Fields
const	DISPOSITION = 'disposition'

const	STATUS_CODE = 'status_code'

const	REVALIDATE = 'revalidate'

const	CM_FILE_TOKEN = 1

const	CM_FOLDER_TOKEN = 2

const	CM_CHECKINGINSTANCE = 3

const	CM_SECFOLDER = 4

Protected Member Functions
	checkPublicSection ()

	checkUser ()

	addAppliedCheckingMethod ($method)

	sendHeader ($message)

Protected Attributes
	$path_object = null

	$checked = false

	$disposition = ilFileDelivery::DISP_INLINE

	$override_mimetype = ''

	$send_status_code = false

	$initialized = false

	$revalidate_folder_tokens = true

	$cookie = null

	$applied_checking_methods = array()

Static Protected Attributes
static	$DEBUG = false

static	$use_seperate_logfile = false

Detailed Description

Class ilWebAccessChecker.

Author: Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch

Version: 1.0.0

Definition at line 16 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct	(		$path,
		ilWACCookieInterface	$ilWACCookieInterface = `null`
	)

ilWebAccessChecker constructor.

Parameters

	$path
\ilWACCookieInterface \| null	$ilWACCookieInterface

Definition at line 77 of file class.ilWebAccessChecker.php.

                                                                                              {
                $this->setPathObject(new ilWACPath($path));
                $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
        }

References $path, setCookie(), and setPathObject().

Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod ( $method )

protected

Parameters

int $method

Definition at line 398 of file class.ilWebAccessChecker.php.

                                                             {
                $this->applied_checking_methods[] = $method;
        }

Referenced by check().

Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )

Returns: bool

Exceptions

ilWACException

Definition at line 87 of file class.ilWebAccessChecker.php.

                                {
                ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
                if (!$this->getPathObject()) {
                        throw new ilWACException(ilWACException::CODE_NO_PATH);
                }
 
                // Check if Path has been signed with a token
                $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
                if ($ilWACSignedPath->isSignedPath()) {
                        $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
                        if ($ilWACSignedPath->isSignedPathValid()) {
                                $this->setChecked(true);
                                ilWACLog::getInstance()->write('checked using token');
                                $this->sendHeader('checked using token');
 
                                return true;
                        }
                }
 
                // Check if the whole secured folder has been signed
                if ($ilWACSignedPath->isFolderSigned()) {
                        $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
                        if ($ilWACSignedPath->isFolderTokenValid()) {
                                if ($this->isRevalidateFolderTokens()) {
                                        $ilWACSignedPath->revalidatingFolderToken();
                                }
                                $this->setChecked(true);
                                ilWACLog::getInstance()->write('checked using secure folder');
                                $this->sendHeader('checked using secure folder');
 
                                return true;
                        }
                }
 
                // Fallback, have to initiate ILIAS
                $this->initILIAS();
 
                // Maybe the path has been registered, lets check
                $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
                if ($checkingInstance instanceof ilWACCheckingClass) {
                        $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
                        ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
                        $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
                        if ($canBeDelivered) {
                                ilWACLog::getInstance()->write('checked using fallback');
                                $this->sendHeader('checked using fallback');
                                if ($ilWACSignedPath->isFolderSigned()&& $this->isRevalidateFolderTokens()) {
                                        $ilWACSignedPath->revalidatingFolderToken();
                                }
 
                                $this->setChecked(true);
 
                                return true;
                        } else {
                                ilWACLog::getInstance()->write('checking-instance denied access');
                                $this->setChecked(true);
 
                                return false;
                        }
                }
 
                // none of the checking mechanisms could have been applied. no access
                $this->setChecked(true);
                ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
                if ($this->getPathObject()->isInSecFolder()) {
                        $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
                        ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
 
                        return false;
                } else {
                        $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
                        ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
 
                        return true;
                }
        }

References addAppliedCheckingMethod(), ilWACException\CODE_NO_PATH, ilWACLog\getInstance(), getPathObject(), initILIAS(), isRevalidateFolderTokens(), sendHeader(), and setChecked().

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )

protected

Definition at line 202 of file class.ilWebAccessChecker.php.

                                                {
                global $ilSetting, $ilUser;
                if (!$ilSetting instanceof ilSetting || ($ilUser->getId() == ANONYMOUS_USER_ID && !$ilSetting->get('pub_section'))) {
                        ilWACLog::getInstance()->write('public section not activated');
                        throw new ilWACException(ilWACException::ACCESS_DENIED_NO_PUB);
                }
        }

References $ilSetting, $ilUser, ilWACException\ACCESS_DENIED_NO_PUB, and ilWACLog\getInstance().

Referenced by initILIAS().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )

protected

Definition at line 211 of file class.ilWebAccessChecker.php.

                                       {
                global $ilUser;
                if (!$ilUser instanceof ilObjUser || ($ilUser->getId() == 0 && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false)) {
                        throw new ilWACException(ilWACException::ACCESS_DENIED_NO_LOGIN);
                }
        }

References $_SERVER, $ilUser, and ilWACException\ACCESS_DENIED_NO_LOGIN.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )

Returns: array

Definition at line 382 of file class.ilWebAccessChecker.php.

                                                    {
                return $this->applied_checking_methods;
        }

References $applied_checking_methods.

◆ getCookie()

ilWebAccessChecker::getCookie ( )

Returns: \ilWACCookieInterface

Definition at line 366 of file class.ilWebAccessChecker.php.

                                    {
                return $this->cookie;
        }

References $cookie.

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )

Returns: string

Definition at line 254 of file class.ilWebAccessChecker.php.

                                         {
                return $this->disposition;
        }

References $disposition.

Referenced by ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), and ilWebAccessCheckerDelivery\deliverDummyVideo().

Here is the caller graph for this function:

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )

Returns: string

Definition at line 270 of file class.ilWebAccessChecker.php.

                                              {
                return $this->override_mimetype;
        }

References $override_mimetype.

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )

Returns: ilWACPath

Definition at line 238 of file class.ilWebAccessChecker.php.

                                        {
                return $this->path_object;
        }

References $path_object.

Referenced by check(), ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), ilWebAccessCheckerDelivery\deliverDummyVideo(), ilWebAccessCheckerDelivery\handleAccessErrors(), and initILIAS().

Here is the caller graph for this function:

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )

Returns: bool

Exceptions

ilWACException

Definition at line 169 of file class.ilWebAccessChecker.php.

                                    {
                if ($this->isInitialized()) {
                        return true;
                }
                $GLOBALS['COOKIE_PATH'] = '/';
                $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
                ilContext::init(ilContext::CONTEXT_WAC);
                try {
                        ilWACLog::getInstance()->write('init ILIAS');
                        ilInitialisation::initILIAS();
                        $this->checkPublicSection();
                        $this->checkUser();
                } catch (Exception $e) {
                        if (($e instanceof ilWACException && $e->getCode() == ilWACException::ACCESS_DENIED_NO_LOGIN)
                                || ($e instanceof Exception && $e->getMessage() == 'Authentication failed.')) {
                                $_REQUEST["baseClass"] = "ilStartUpGUI";
                                // @todo authentication: fix request show login
                                $_REQUEST["cmd"] = "showLogin";
 
                                $_POST['username'] = 'anonymous';
                                $_POST['password'] = 'anonymous';
                                ilWACLog::getInstance()->write('reinit ILIAS');
                                ilInitialisation::reinitILIAS();
                                $this->checkPublicSection();
                                $this->checkUser();
                        } elseif ($e instanceof ilWACException) {
                                throw  $e;
                        }
                }
                $this->setInitialized(true);
        }

References $_POST, $_REQUEST, $GLOBALS, ilWACException\ACCESS_DENIED_NO_LOGIN, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, ilWACLog\getInstance(), getPathObject(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), ilInitialisation\reinitILIAS(), and setInitialized().

Referenced by check(), and ilWebAccessCheckerDelivery\handleAccessErrors().

Here is the call graph for this function:

Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )

Returns: boolean

Definition at line 222 of file class.ilWebAccessChecker.php.

                                    {
                return $this->checked;
        }

References $checked.

Referenced by ilWebAccessCheckerDelivery\deliver(), and ilWebAccessCheckerDelivery\deny().

Here is the caller graph for this function:

◆ isDEBUG()

static ilWebAccessChecker::isDEBUG ( )

static

Returns: boolean

Definition at line 334 of file class.ilWebAccessChecker.php.

                                         {
                return self::$DEBUG;
        }

References $DEBUG.

Referenced by ilWACLog\getInstance(), and ilWACToken\isDEBUG().

Here is the caller graph for this function:

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )

Returns: boolean

Definition at line 286 of file class.ilWebAccessChecker.php.

                                        {
                return $this->initialized;
        }

References $initialized.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )

Returns: boolean

Definition at line 318 of file class.ilWebAccessChecker.php.

                                                   {
                return $this->revalidate_folder_tokens;
        }

References $revalidate_folder_tokens.

Referenced by check().

Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )

Returns: boolean

Definition at line 302 of file class.ilWebAccessChecker.php.

                                           {
                return $this->send_status_code;
        }

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleAccessErrors().

Here is the caller graph for this function:

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )

static

Returns: boolean

Definition at line 350 of file class.ilWebAccessChecker.php.

                                                      {
                return self::$use_seperate_logfile;
        }

References $use_seperate_logfile.

Referenced by ilWACLog\getInstance().

Here is the caller graph for this function:

◆ sendHeader()

ilWebAccessChecker::sendHeader ( $message )

protected

Parameters

$message

Definition at line 406 of file class.ilWebAccessChecker.php.

                                                {
                header('X-ILIAS-WebAccessChecker: ' . $message);
        }

Referenced by check().

Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods ( $applied_checking_methods )

Parameters

array $applied_checking_methods

Definition at line 390 of file class.ilWebAccessChecker.php.

                                                                             {
                $this->applied_checking_methods = $applied_checking_methods;
        }

References $applied_checking_methods.

◆ setChecked()

ilWebAccessChecker::setChecked ( $checked )

Parameters

boolean $checked

Definition at line 230 of file class.ilWebAccessChecker.php.

                                             {
                $this->checked = $checked;
        }

References $checked.

Referenced by check().

Here is the caller graph for this function:

◆ setCookie()

ilWebAccessChecker::setCookie ( $cookie )

Parameters

\ilWACCookieInterface $cookie

Definition at line 374 of file class.ilWebAccessChecker.php.

                                           {
                $this->cookie = $cookie;
        }

References $cookie.

Referenced by __construct().

Here is the caller graph for this function:

◆ setDEBUG()

static ilWebAccessChecker::setDEBUG ( $DEBUG )

static

Parameters

boolean $DEBUG

Definition at line 342 of file class.ilWebAccessChecker.php.

                                                {
                self::$DEBUG = $DEBUG;
        }

References $DEBUG.

◆ setDisposition()

ilWebAccessChecker::setDisposition ( $disposition )

Parameters

string $disposition

Definition at line 262 of file class.ilWebAccessChecker.php.

                                                     {
                $this->disposition = $disposition;
        }

References $disposition.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the caller graph for this function:

◆ setInitialized()

ilWebAccessChecker::setInitialized ( $initialized )

Parameters

boolean $initialized

Definition at line 294 of file class.ilWebAccessChecker.php.

                                                     {
                $this->initialized = $initialized;
        }

References $initialized.

Referenced by initILIAS().

Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype ( $override_mimetype )

Parameters

string $override_mimetype

Definition at line 278 of file class.ilWebAccessChecker.php.

                                                                {
                $this->override_mimetype = $override_mimetype;
        }

References $override_mimetype.

◆ setPathObject()

ilWebAccessChecker::setPathObject ( $path_object )

Parameters

ilWACPath $path_object

Definition at line 246 of file class.ilWebAccessChecker.php.

                                                    {
                $this->path_object = $path_object;
        }

References $path_object.

Referenced by __construct().

Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens ( $revalidate_folder_tokens )

Parameters

boolean $revalidate_folder_tokens

Definition at line 326 of file class.ilWebAccessChecker.php.

                                                                             {
                $this->revalidate_folder_tokens = $revalidate_folder_tokens;
        }

References $revalidate_folder_tokens.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the caller graph for this function:

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode ( $send_status_code )

Parameters

boolean $send_status_code

Definition at line 310 of file class.ilWebAccessChecker.php.

                                                             {
                $this->send_status_code = $send_status_code;
        }

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

Here is the caller graph for this function:

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile ( $use_seperate_logfile )

static

Parameters

boolean $use_seperate_logfile

Definition at line 358 of file class.ilWebAccessChecker.php.

                                                                            {
                self::$use_seperate_logfile = $use_seperate_logfile;
        }

References $use_seperate_logfile.