gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
f187dff23a
seeddms-code/inc/inc.Authentication.php
Uwe Steinmann f187dff23a auto login user if not already logged in 
the user won't have a session, but will be granted access for the
http request
2015-07-14 21:23:54 +02:00

144 lines
4.8 KiB
PHP
Raw Blame History

<?php
/**
* Do authentication of users and session management
*
* @category DMS
* @package SeedDMS
* @license GPL 2
* @version @version@
* @author Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
* @copyright Copyright (C) 2002-2005 Markus Westphal,
* 2006-2008 Malcolm Cowe, 2010 Uwe Steinmann
* @version Release: @package_version@
*/
$refer = $_SERVER["REQUEST_URI"];
if (!strncmp("/op", $refer, 3)) {
$refer="";
} else {
$refer = urlencode($refer);
}
require_once("inc.Utils.php");
require_once("inc.ClassEmail.php");
require_once("inc.ClassSession.php");
if (!isset($_COOKIE["mydms_session"])) {
if($settings->_autoLoginUser) {
if(!($user = $dms->getUser($settings->_autoLoginUser))/* || !$user->isGuest()*/) {
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
$theme = $user->getTheme();
if (strlen($theme)==0) {
$theme = $settings->_theme;
$user->setTheme($theme);
}
$lang = $user->getLanguage();
if (strlen($lang)==0) {
$lang = $settings->_language;
$user->setLanguage($lang);
}
$session = new SeedDMS_Session($db);
if(!$id = $session->create(array('userid'=>$user->getID(), 'theme'=>$theme, 'lang'=>$lang))) {
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
/*
if($settings->_cookieLifetime)
$lifetime = time() + intval($settings->_cookieLifetime);
else
$lifetime = 0;
setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
*/
} else {
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
} else {
/* Load session */
$dms_session = $_COOKIE["mydms_session"];
$session = new SeedDMS_Session($db);
if(!$resArr = $session->load($dms_session)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
/* Update last access time */
$session->updateAccess($dms_session);
/* Load user data */
$user = $dms->getUser($resArr["userID"]);
/* Check if user was substituted */
if($resArr["su"] && $su = $dms->getUser($resArr["su"])) {
/* Admin may always substitute the user, but regular users are*/
if($user->isAdmin() || $user->maySwitchToUser($su)) {
$user = $su;
} else {
$session->resetSu();
}
}
if (!is_object($user)) {
setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot); //delete cookie
header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer);
exit;
}
$theme = $resArr["theme"];
$lang = $resArr["language"];
}
$dms->setUser($user);
if($settings->_enableEmail) {
$notifier = new SeedDMS_Email($settings->_smtpSendFrom, $settings->_smtpServer, $settings->_smtpPort, $settings->_smtpUser, $settings->_smtpPassword);
$notifier->setSender($user);
} else {
$notifier = null;
}
/* Include the language file as specified in the session. If that is not
* available use the language from the settings
*/
/*
if(file_exists($settings->_rootDir . "languages/" . $resArr["language"] . "/lang.inc")) {
include $settings->_rootDir . "languages/" . $resArr["language"] . "/lang.inc";
$session->setLanguage($resArr["language"]);
} else {
include $settings->_rootDir . "languages/" . $settings->_language . "/lang.inc";
$session->setLanguage($settings->_language);
}
*/
if(file_exists($settings->_rootDir . "view/".$theme."/languages/" . $lang . "/lang.inc")) {
include $settings->_rootDir . "view/".$theme."/languages/" . $lang . "/lang.inc";
}
/* Check if password needs to be changed because it expired. If it needs
* to be changed redirect to out/out.ForcePasswordChange.php. Do this
* check only if password expiration is turned on, we are not on the
* page to change the password or the page that changes the password, and
* it is not admin */
if (!$user->isAdmin()) {
if($settings->_passwordExpiration > 0) {
if(basename($_SERVER['SCRIPT_NAME']) != 'out.ForcePasswordChange.php' && basename($_SERVER['SCRIPT_NAME']) != 'op.EditUserData.php') {
$pwdexp = $user->getPwdExpiration();
if(substr($pwdexp, 0, 10) != '0000-00-00') {
$pwdexpts = strtotime($pwdexp); // + $pwdexp*86400;
if($pwdexpts > 0 && $pwdexpts < time()) {
header("Location: ../out/out.ForcePasswordChange.php");
exit;
}
}
}
}
}
/* Update cookie lifetime */
if($settings->_cookieLifetime) {
$lifetime = time() + intval($settings->_cookieLifetime);
/* Turn off http only cookies if jumploader is enabled */
setcookie("mydms_session", $dms_session, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload);
}
?>
Reference in New Issue View Git Blame Copy Permalink