ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
ilWebAccessChecker Class Reference

Class ilWebAccessChecker. More...

+ Collaboration diagram for ilWebAccessChecker:

Public Member Functions

 __construct ($path, ilWACCookieInterface $ilWACCookieInterface=null)
 ilWebAccessChecker constructor. More...
 
 check ()
 
 initILIAS ()
 
 isChecked ()
 
 setChecked ($checked)
 
 getPathObject ()
 
 setPathObject ($path_object)
 
 getDisposition ()
 
 setDisposition ($disposition)
 
 getOverrideMimetype ()
 
 setOverrideMimetype ($override_mimetype)
 
 isInitialized ()
 
 setInitialized ($initialized)
 
 isSendStatusCode ()
 
 setSendStatusCode ($send_status_code)
 
 isRevalidateFolderTokens ()
 
 setRevalidateFolderTokens ($revalidate_folder_tokens)
 
 getCookie ()
 
 setCookie ($cookie)
 
 getAppliedCheckingMethods ()
 
 setAppliedCheckingMethods ($applied_checking_methods)
 

Static Public Member Functions

static isDEBUG ()
 
static setDEBUG ($DEBUG)
 
static isUseSeperateLogfile ()
 
static setUseSeperateLogfile ($use_seperate_logfile)
 

Data Fields

const DISPOSITION = 'disposition'
 
const STATUS_CODE = 'status_code'
 
const REVALIDATE = 'revalidate'
 
const CM_FILE_TOKEN = 1
 
const CM_FOLDER_TOKEN = 2
 
const CM_CHECKINGINSTANCE = 3
 
const CM_SECFOLDER = 4
 

Protected Member Functions

 checkPublicSection ()
 
 checkUser ()
 
 addAppliedCheckingMethod ($method)
 
 sendHeader ($message)
 

Protected Attributes

 $path_object = null
 
 $checked = false
 
 $disposition = ilFileDelivery::DISP_INLINE
 
 $override_mimetype = ''
 
 $send_status_code = false
 
 $initialized = false
 
 $revalidate_folder_tokens = true
 
 $cookie = null
 
 $applied_checking_methods = array()
 

Static Protected Attributes

static $DEBUG = false
 
static $use_seperate_logfile = false
 

Detailed Description

Class ilWebAccessChecker.

Author
Fabian Schmid fs@st.nosp@m.uder.nosp@m.-raim.nosp@m.ann..nosp@m.ch
Version
1.0.0

Definition at line 16 of file class.ilWebAccessChecker.php.

Constructor & Destructor Documentation

◆ __construct()

ilWebAccessChecker::__construct (   $path,
ilWACCookieInterface  $ilWACCookieInterface = null 
)

ilWebAccessChecker constructor.

Parameters
$path
\ilWACCookieInterface | null$ilWACCookieInterface

Definition at line 77 of file class.ilWebAccessChecker.php.

References $path, setCookie(), and setPathObject().

77  {
78  $this->setPathObject(new ilWACPath($path));
79  $this->setCookie($ilWACCookieInterface ? $ilWACCookieInterface : new ilWACCookie());
80  }
Class ilWACPath.
Class ilWACCookie.
$path
Definition: index.php:22
+ Here is the call graph for this function:

Member Function Documentation

◆ addAppliedCheckingMethod()

ilWebAccessChecker::addAppliedCheckingMethod (   $method)
protected
Parameters
int$method

Definition at line 398 of file class.ilWebAccessChecker.php.

Referenced by check().

398  {
399  $this->applied_checking_methods[] = $method;
400  }
+ Here is the caller graph for this function:

◆ check()

ilWebAccessChecker::check ( )
Returns
bool
Exceptions
ilWACException

Definition at line 87 of file class.ilWebAccessChecker.php.

References addAppliedCheckingMethod(), ilWACException\CODE_NO_PATH, ilWACLog\getInstance(), getPathObject(), initILIAS(), isRevalidateFolderTokens(), sendHeader(), and setChecked().

Referenced by ilWebAccessCheckerDelivery\handleRequest().

87  {
88  ilWACLog::getInstance()->write('Checking File: ' . $this->getPathObject()->getPathWithoutQuery());
89  if (!$this->getPathObject()) {
91  }
92 
93  // Check if Path has been signed with a token
94  $ilWACSignedPath = new ilWACSignedPath($this->getPathObject(), $this->cookie);
95  if ($ilWACSignedPath->isSignedPath()) {
96  $this->addAppliedCheckingMethod(self::CM_FILE_TOKEN);
97  if ($ilWACSignedPath->isSignedPathValid()) {
98  $this->setChecked(true);
99  ilWACLog::getInstance()->write('checked using token');
100  $this->sendHeader('checked using token');
101 
102  return true;
103  }
104  }
105 
106  // Check if the whole secured folder has been signed
107  if ($ilWACSignedPath->isFolderSigned()) {
108  $this->addAppliedCheckingMethod(self::CM_FOLDER_TOKEN);
109  if ($ilWACSignedPath->isFolderTokenValid()) {
110  if ($this->isRevalidateFolderTokens()) {
111  $ilWACSignedPath->revalidatingFolderToken();
112  }
113  $this->setChecked(true);
114  ilWACLog::getInstance()->write('checked using secure folder');
115  $this->sendHeader('checked using secure folder');
116 
117  return true;
118  }
119  }
120 
121  // Fallback, have to initiate ILIAS
122  $this->initILIAS();
123 
124  // Maybe the path has been registered, lets check
125  $checkingInstance = ilWACSecurePath::getCheckingInstance($this->getPathObject());
126  if ($checkingInstance instanceof ilWACCheckingClass) {
127  $this->addAppliedCheckingMethod(self::CM_CHECKINGINSTANCE);
128  ilWACLog::getInstance()->write('has checking instance: ' . get_class($checkingInstance));
129  $canBeDelivered = $checkingInstance->canBeDelivered($this->getPathObject());
130  if ($canBeDelivered) {
131  ilWACLog::getInstance()->write('checked using fallback');
132  $this->sendHeader('checked using fallback');
133  if ($ilWACSignedPath->isFolderSigned()&& $this->isRevalidateFolderTokens()) {
134  $ilWACSignedPath->revalidatingFolderToken();
135  }
136 
137  $this->setChecked(true);
138 
139  return true;
140  } else {
141  ilWACLog::getInstance()->write('checking-instance denied access');
142  $this->setChecked(true);
143 
144  return false;
145  }
146  }
147 
148  // none of the checking mechanisms could have been applied. no access
149  $this->setChecked(true);
150  ilWACLog::getInstance()->write('none of the checking mechanisms could have been applied. access depending on sec folder');
151  if ($this->getPathObject()->isInSecFolder()) {
152  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
153  ilWACLog::getInstance()->write('file is in sec-folder, no delivery');
154 
155  return false;
156  } else {
157  $this->addAppliedCheckingMethod(self::CM_SECFOLDER);
158  ilWACLog::getInstance()->write('file is not in sec-folder, delivery');
159 
160  return true;
161  }
162  }
Class ilWACException.
static getInstance()
Class ilWACSignedPath.
Class ilWACCheckingClass.
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkPublicSection()

ilWebAccessChecker::checkPublicSection ( )
protected

Definition at line 202 of file class.ilWebAccessChecker.php.

References $ilSetting, $ilUser, ilWACException\ACCESS_DENIED_NO_PUB, and ilWACLog\getInstance().

Referenced by initILIAS().

202  {
203  global $ilSetting, $ilUser;
204  if (!$ilSetting instanceof ilSetting || ($ilUser->getId() == ANONYMOUS_USER_ID && !$ilSetting->get('pub_section'))) {
205  ilWACLog::getInstance()->write('public section not activated');
207  }
208  }
ILIAS Setting Class.
Class ilWACException.
static getInstance()
global $ilUser
Definition: imgupload.php:15
global $ilSetting
Definition: privfeed.php:40
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ checkUser()

ilWebAccessChecker::checkUser ( )
protected

Definition at line 211 of file class.ilWebAccessChecker.php.

References $_SERVER, $ilUser, and ilWACException\ACCESS_DENIED_NO_LOGIN.

Referenced by initILIAS().

211  {
212  global $ilUser;
213  if (!$ilUser instanceof ilObjUser || ($ilUser->getId() == 0 && strpos($_SERVER['HTTP_REFERER'], 'login.php') === false)) {
215  }
216  }
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Class ilWACException.
global $ilUser
Definition: imgupload.php:15
+ Here is the caller graph for this function:

◆ getAppliedCheckingMethods()

ilWebAccessChecker::getAppliedCheckingMethods ( )
Returns
array

Definition at line 382 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

◆ getCookie()

ilWebAccessChecker::getCookie ( )
Returns

Definition at line 366 of file class.ilWebAccessChecker.php.

References $cookie.

366  {
367  return $this->cookie;
368  }

◆ getDisposition()

ilWebAccessChecker::getDisposition ( )
Returns
string

Definition at line 254 of file class.ilWebAccessChecker.php.

References $disposition.

Referenced by ilWebAccessCheckerDelivery\deliver(), ilWebAccessCheckerDelivery\deliverDummyImage(), and ilWebAccessCheckerDelivery\deliverDummyVideo().

254  {
255  return $this->disposition;
256  }
+ Here is the caller graph for this function:

◆ getOverrideMimetype()

ilWebAccessChecker::getOverrideMimetype ( )
Returns
string

Definition at line 270 of file class.ilWebAccessChecker.php.

References $override_mimetype.

270  {
272  }

◆ getPathObject()

ilWebAccessChecker::getPathObject ( )

◆ initILIAS()

ilWebAccessChecker::initILIAS ( )
Returns
bool
Exceptions

Definition at line 169 of file class.ilWebAccessChecker.php.

References $_POST, $_REQUEST, $GLOBALS, ilWACException\ACCESS_DENIED_NO_LOGIN, checkPublicSection(), checkUser(), ilContext\CONTEXT_WAC, ilWACLog\getInstance(), getPathObject(), ilContext\init(), ilInitialisation\initILIAS(), isInitialized(), ilInitialisation\reinitILIAS(), and setInitialized().

Referenced by check(), and ilWebAccessCheckerDelivery\handleAccessErrors().

169  {
170  if ($this->isInitialized()) {
171  return true;
172  }
173  $GLOBALS['COOKIE_PATH'] = '/';
174  $this->cookie->set('ilClientId', $this->getPathObject()->getClient(), 0, '/');
176  try {
177  ilWACLog::getInstance()->write('init ILIAS');
179  $this->checkPublicSection();
180  $this->checkUser();
181  } catch (Exception $e) {
182  if (($e instanceof ilWACException && $e->getCode() == ilWACException::ACCESS_DENIED_NO_LOGIN)
183  || ($e instanceof Exception && $e->getMessage() == 'Authentication failed.')) {
184  $_REQUEST["baseClass"] = "ilStartUpGUI";
185  // @todo authentication: fix request show login
186  $_REQUEST["cmd"] = "showLogin";
187 
188  $_POST['username'] = 'anonymous';
189  $_POST['password'] = 'anonymous';
190  ilWACLog::getInstance()->write('reinit ILIAS');
192  $this->checkPublicSection();
193  $this->checkUser();
194  } elseif ($e instanceof ilWACException) {
195  throw $e;
196  }
197  }
198  $this->setInitialized(true);
199  }
Class ilWACException.
const CONTEXT_WAC
$_POST['username']
Definition: cron.php:12
static getInstance()
static initILIAS()
ilias initialisation
static init($a_type)
Init context by type.
if($_REQUEST['ilias_path']) define('ILIAS_HTTP_PATH' $_REQUEST['ilias_path']
Definition: index.php:7
$GLOBALS['PHPCAS_CLIENT']
This global variable is used by the interface class phpCAS.
Definition: CAS.php:276
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ isChecked()

ilWebAccessChecker::isChecked ( )
Returns
boolean

Definition at line 222 of file class.ilWebAccessChecker.php.

References $checked.

Referenced by ilWebAccessCheckerDelivery\deliver(), and ilWebAccessCheckerDelivery\deny().

222  {
223  return $this->checked;
224  }
+ Here is the caller graph for this function:

◆ isDEBUG()

static ilWebAccessChecker::isDEBUG ( )
static
Returns
boolean

Definition at line 334 of file class.ilWebAccessChecker.php.

Referenced by ilWACLog\getInstance(), and ilWACToken\isDEBUG().

334  {
335  return self::$DEBUG;
336  }
+ Here is the caller graph for this function:

◆ isInitialized()

ilWebAccessChecker::isInitialized ( )
Returns
boolean

Definition at line 286 of file class.ilWebAccessChecker.php.

References $initialized.

Referenced by initILIAS().

286  {
287  return $this->initialized;
288  }
+ Here is the caller graph for this function:

◆ isRevalidateFolderTokens()

ilWebAccessChecker::isRevalidateFolderTokens ( )
Returns
boolean

Definition at line 318 of file class.ilWebAccessChecker.php.

References $revalidate_folder_tokens.

Referenced by check().

+ Here is the caller graph for this function:

◆ isSendStatusCode()

ilWebAccessChecker::isSendStatusCode ( )
Returns
boolean

Definition at line 302 of file class.ilWebAccessChecker.php.

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleAccessErrors().

302  {
304  }
+ Here is the caller graph for this function:

◆ isUseSeperateLogfile()

static ilWebAccessChecker::isUseSeperateLogfile ( )
static
Returns
boolean

Definition at line 350 of file class.ilWebAccessChecker.php.

Referenced by ilWACLog\getInstance().

350  {
351  return self::$use_seperate_logfile;
352  }
+ Here is the caller graph for this function:

◆ sendHeader()

ilWebAccessChecker::sendHeader (   $message)
protected
Parameters
$message

Definition at line 406 of file class.ilWebAccessChecker.php.

Referenced by check().

406  {
407  header('X-ILIAS-WebAccessChecker: ' . $message);
408  }
+ Here is the caller graph for this function:

◆ setAppliedCheckingMethods()

ilWebAccessChecker::setAppliedCheckingMethods (   $applied_checking_methods)
Parameters
array$applied_checking_methods

Definition at line 390 of file class.ilWebAccessChecker.php.

References $applied_checking_methods.

390  {
391  $this->applied_checking_methods = $applied_checking_methods;
392  }

◆ setChecked()

ilWebAccessChecker::setChecked (   $checked)
Parameters
boolean$checked

Definition at line 230 of file class.ilWebAccessChecker.php.

References $checked.

Referenced by check().

230  {
231  $this->checked = $checked;
232  }
+ Here is the caller graph for this function:

◆ setCookie()

ilWebAccessChecker::setCookie (   $cookie)
Parameters
\ilWACCookieInterface$cookie

Definition at line 374 of file class.ilWebAccessChecker.php.

References $cookie.

Referenced by __construct().

374  {
375  $this->cookie = $cookie;
376  }
+ Here is the caller graph for this function:

◆ setDEBUG()

static ilWebAccessChecker::setDEBUG (   $DEBUG)
static
Parameters
boolean$DEBUG

Definition at line 342 of file class.ilWebAccessChecker.php.

References $DEBUG.

342  {
343  self::$DEBUG = $DEBUG;
344  }

◆ setDisposition()

ilWebAccessChecker::setDisposition (   $disposition)
Parameters
string$disposition

Definition at line 262 of file class.ilWebAccessChecker.php.

References $disposition.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

262  {
263  $this->disposition = $disposition;
264  }
+ Here is the caller graph for this function:

◆ setInitialized()

ilWebAccessChecker::setInitialized (   $initialized)
Parameters
boolean$initialized

Definition at line 294 of file class.ilWebAccessChecker.php.

References $initialized.

Referenced by initILIAS().

294  {
295  $this->initialized = $initialized;
296  }
+ Here is the caller graph for this function:

◆ setOverrideMimetype()

ilWebAccessChecker::setOverrideMimetype (   $override_mimetype)
Parameters
string$override_mimetype

Definition at line 278 of file class.ilWebAccessChecker.php.

References $override_mimetype.

278  {
279  $this->override_mimetype = $override_mimetype;
280  }

◆ setPathObject()

ilWebAccessChecker::setPathObject (   $path_object)
Parameters
ilWACPath$path_object

Definition at line 246 of file class.ilWebAccessChecker.php.

References $path_object.

Referenced by __construct().

246  {
247  $this->path_object = $path_object;
248  }
+ Here is the caller graph for this function:

◆ setRevalidateFolderTokens()

ilWebAccessChecker::setRevalidateFolderTokens (   $revalidate_folder_tokens)
Parameters
boolean$revalidate_folder_tokens

Definition at line 326 of file class.ilWebAccessChecker.php.

References $revalidate_folder_tokens.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

326  {
327  $this->revalidate_folder_tokens = $revalidate_folder_tokens;
328  }
+ Here is the caller graph for this function:

◆ setSendStatusCode()

ilWebAccessChecker::setSendStatusCode (   $send_status_code)
Parameters
boolean$send_status_code

Definition at line 310 of file class.ilWebAccessChecker.php.

References $send_status_code.

Referenced by ilWebAccessCheckerDelivery\handleRequest().

310  {
311  $this->send_status_code = $send_status_code;
312  }
+ Here is the caller graph for this function:

◆ setUseSeperateLogfile()

static ilWebAccessChecker::setUseSeperateLogfile (   $use_seperate_logfile)
static
Parameters
boolean$use_seperate_logfile

Definition at line 358 of file class.ilWebAccessChecker.php.

References $use_seperate_logfile.

358  {
359  self::$use_seperate_logfile = $use_seperate_logfile;
360  }

Field Documentation

◆ $applied_checking_methods

ilWebAccessChecker::$applied_checking_methods = array()
protected

◆ $checked

ilWebAccessChecker::$checked = false
protected

Definition at line 32 of file class.ilWebAccessChecker.php.

Referenced by isChecked(), and setChecked().

◆ $cookie

ilWebAccessChecker::$cookie = null
protected

Definition at line 64 of file class.ilWebAccessChecker.php.

Referenced by getCookie(), and setCookie().

◆ $DEBUG

ilWebAccessChecker::$DEBUG = false
staticprotected

Definition at line 56 of file class.ilWebAccessChecker.php.

Referenced by setDEBUG().

◆ $disposition

ilWebAccessChecker::$disposition = ilFileDelivery::DISP_INLINE
protected

Definition at line 36 of file class.ilWebAccessChecker.php.

Referenced by getDisposition(), and setDisposition().

◆ $initialized

ilWebAccessChecker::$initialized = false
protected

Definition at line 48 of file class.ilWebAccessChecker.php.

Referenced by isInitialized(), and setInitialized().

◆ $override_mimetype

ilWebAccessChecker::$override_mimetype = ''
protected

Definition at line 40 of file class.ilWebAccessChecker.php.

Referenced by getOverrideMimetype(), and setOverrideMimetype().

◆ $path_object

ilWebAccessChecker::$path_object = null
protected

Definition at line 28 of file class.ilWebAccessChecker.php.

Referenced by getPathObject(), and setPathObject().

◆ $revalidate_folder_tokens

ilWebAccessChecker::$revalidate_folder_tokens = true
protected

◆ $send_status_code

ilWebAccessChecker::$send_status_code = false
protected

Definition at line 44 of file class.ilWebAccessChecker.php.

Referenced by isSendStatusCode(), and setSendStatusCode().

◆ $use_seperate_logfile

ilWebAccessChecker::$use_seperate_logfile = false
staticprotected

Definition at line 60 of file class.ilWebAccessChecker.php.

Referenced by setUseSeperateLogfile().

◆ CM_CHECKINGINSTANCE

const ilWebAccessChecker::CM_CHECKINGINSTANCE = 3

Definition at line 23 of file class.ilWebAccessChecker.php.

◆ CM_FILE_TOKEN

const ilWebAccessChecker::CM_FILE_TOKEN = 1

Definition at line 21 of file class.ilWebAccessChecker.php.

◆ CM_FOLDER_TOKEN

const ilWebAccessChecker::CM_FOLDER_TOKEN = 2

Definition at line 22 of file class.ilWebAccessChecker.php.

◆ CM_SECFOLDER

const ilWebAccessChecker::CM_SECFOLDER = 4

Definition at line 24 of file class.ilWebAccessChecker.php.

◆ DISPOSITION

const ilWebAccessChecker::DISPOSITION = 'disposition'

◆ REVALIDATE

const ilWebAccessChecker::REVALIDATE = 'revalidate'

◆ STATUS_CODE

const ilWebAccessChecker::STATUS_CODE = 'status_code'

The documentation for this class was generated from the following file: