Mambo > Projects > Mambo CMS > SVN

Annotation of /mambo/branches/4.6/includes/mambo.php

Revision 1756 - (view) (download)

1 :	elpie	1756	<?php
2 :			/**
3 :			* Main file for Mambo
4 :			* @package Mambo
5 :			* @author Mambo Foundation Inc see README.php
6 :			* @copyright (C) 2000 - 2009 Mambo Foundation Inc.
7 :			* See COPYRIGHT.php for copyright notices and details.
8 :			* @license GNU/GPL Version 2, see LICENSE.php
9 :			*
10 :			* Redistributions of files must retain the above copyright notice.
11 :			*
12 :			* Mambo is free software; you can redistribute it and/or
13 :			* modify it under the terms of the GNU General Public License
14 :			* as published by the Free Software Foundation; version 2 of the License.
15 :			*/
16 :
17 :			defined( '_VALID_MOS' ) or die( 'Direct Access to this location is not allowed.' );
18 :
19 :			class mosAuthoriser {
20 :			var $connection = '';
21 :			var $perm_found;
22 :			var $permissions = array();
23 :			var $assignments = array();
24 :
25 :			function mosAuthoriser () {
26 :			$this->connection =& mamboDatabase::getInstance();
27 :			}
28 :
29 :			function &getInstance () {
30 :			static $instance;
31 :			if (!is_object($instance)) {
32 :			$instance =& new mosAuthoriser();
33 :			}
34 :			return $instance;
35 :			}
36 :
37 :			function doSQL ($sql) {
38 :			$this->connection->setQuery($sql);
39 :			if (!$this->connection->query()) {
40 :			echo "<script> alert('".$this->connection->getErrorMsg()."'); window.history.go(-1); </script>\n";
41 :			exit();
42 :			}
43 :			}
44 :
45 :			function getAccessorData ($type, $id) {
46 :			if (isset($this->perm_found[$type][$id])) return;
47 :			$sql = "SELECT a.*, p.control, p.action, p.subject_type, p.subject_id, p.system FROM #__assignments AS a LEFT JOIN #__permissions AS p ON p.role=a.role WHERE a.access_type='$type'";
48 :			if (isset($this->perm_found[$type])) $sql .= " AND a.access_id='$id'";
49 :			else $sql .= " AND (a.access_id='$id' OR a.access_id='*' OR a.access_id='+')";
50 :			$this->doSQL($sql);
51 :			$new_permissions = $this->connection->loadObjectList();
52 :			if ($new_permissions) $this->permissions = array_merge($this->permissions, $new_permissions);
53 :			$this->perm_found[$type][$id] = 1;
54 :			}
55 :
56 :			function &getRoles ($type, $id) {
57 :			$this->getAccessorData ($type, $id);
58 :			$rolenames = array();
59 :			foreach ($this->permissions as $role) {
60 :			if (strcasecmp($role->access_type, $type) == 0
61 :			AND ($role->access_id == $id OR $role->access_id == '*' OR ($role->access_id == '+' AND $id != 0))
62 :			AND !in_array($role->role,$rolenames)) $rolenames[] = $role->role;
63 :			}
64 :			return $rolenames;
65 :			}
66 :
67 :			function accessorPermissionOrControl ($mask, $a_type, $a_id, $action, $s_type='', $s_id='') {
68 :			$this->getAccessorData ($a_type, $a_id);
69 :			foreach ($this->permissions as $permission) {
70 :			if ((strcasecmp($permission->access_type,$a_type) == 0 OR $permission->access_type == '*')
71 :			AND (strcasecmp($permission->access_id,$a_id) == 0 OR $permission->access_id == '*')
72 :			AND (strcasecmp($permission->action,$action)==0 OR $permission->action == '' OR $action == '')
73 :			AND (strcasecmp($permission->subject_type,$s_type)==0 OR $s_type=='*')
74 :			AND (strcasecmp($permission->subject_id,$s_id)==0 OR $permission->subject_id == '*')
75 :			AND ($permission->control&$mask)) return 1;
76 :			}
77 :			return 0;
78 :			}
79 :
80 :			function checkPermission ($a_type, $a_id, $action, $s_type='', $s_id='') {
81 :			return $this->accessorPermissionOrControl(2, $a_type, $a_id, $action, $s_type='', $s_id='');
82 :			}
83 :
84 :			function checkControl ($a_type, $a_id, $action, $s_type='', $s_id='') {
85 :			return $this->accessorPermissionOrControl(1, $a_type, $a_id, $action, $s_type='', $s_id='');
86 :			}
87 :
88 :			function checkGrant ($a_type, $a_id, $action, $s_type='', $s_id='') {
89 :			return $this->accessorPermissionOrControl(4, $a_type, $a_id, $action, $s_type='', $s_id='');
90 :			}
91 :
92 :			function rolePermissionOrControl ($mask, $role, $action, $s_type, $s_id) {
93 :			$sql = "SELECT * FROM #__permissions WHERE role='$role'";
94 :			$this->connection->setQuery($sql);
95 :			$permissions = $this->connection->loadObjectList();
96 :			if ($permissions) {
97 :			foreach ($permissions as $permission) {
98 :			if (strcasecmp($permission->role,$role) == 0
99 :			AND (strcasecmp($permission->action,$action)==0 OR $permission->action == '*')
100 :			AND (strcasecmp($permission->subject_type,$s_type)==0)
101 :			AND (strcasecmp($permission->subject_id,$s_id)==0 OR $permission->subject_id == '*')
102 :			AND ($permission->control&$mask)) return 1;
103 :			}
104 :			}
105 :			return 0;
106 :			}
107 :
108 :			function checkRolePermission ($role, $action, $s_type, $s_id) {
109 :			return $this->rolePermissionOrControl(2, $role, $action, $s_type, $s_id);
110 :			}
111 :
112 :			function checkRoleControl ($role, $action, $s_type, $s_id) {
113 :			return $this->rolePermissionOrControl(1, $role, $action, $s_type, $s_id);
114 :			}
115 :
116 :			function checkRoleGrant ($role, $action, $s_type, $s_id) {
117 :			return $this->rolePermissionOrControl(4, $role, $action, $s_type, $s_id);
118 :			}
119 :
120 :			function &listPermissions ($a_type, $a_id, $action, $property) {
121 :			$this->getAccessorData ($a_type, $a_id);
122 :			$results = array();
123 :			foreach ($this->permissions as $permission) {
124 :			if (strcasecmp($permission->access_type,$a_type) == 0
125 :			AND (strcasecmp($permission->access_id,$a_id) == 0 OR $permission->access_id == '*' OR ($permission->access_id == '+' AND $a_id != 0))
126 :			AND (strcasecmp($permission->action,$action) == 0 OR $permission->action == '*')
127 :			AND $permission->subject_type != null AND $permission->subject_id != null) {
128 :			$results[] = $permission->$property;
129 :			}
130 :			}
131 :			return $results;
132 :			}
133 :
134 :			}
135 :
136 :			class mosAuthorisationAdmin {
137 :			var $connection;
138 :			var $roles = array();
139 :
140 :			function mosAuthorisationAdmin () {
141 :			$this->connection =& mamboDatabase::getInstance();
142 :			}
143 :
144 :			function &getInstance () {
145 :			static $instance;
146 :			if (!is_object($instance)) {
147 :			$instance =& new mosAuthorisationAdmin();
148 :			}
149 :			return $instance;
150 :			}
151 :
152 :			function doSQL ($sql) {
153 :			$this->connection->setQuery($sql);
154 :			if (!$this->connection->query()) {
155 :			echo "<script> alert('".$this->connection->getErrorMsg()."'); window.history.go(-1); </script>\n";
156 :			exit();
157 :			}
158 :			}
159 :
160 :			function getRoles () {
161 :			if (count($this->roles) == 0) {
162 :			$sql = "SELECT DISTINCT role FROM #__assignments";
163 :			$this->connection->setQuery($sql);
164 :			$this->roles = $this->connection->loadResultArray();
165 :			$sql = "SELECT DISTINCT role FROM #__permissions";
166 :			$this->connection->setQuery($sql);
167 :			$more = $this->connection->loadResultArray();
168 :			foreach ($more as $role) $this->addRole($role);
169 :			}
170 :			return $this->roles;
171 :			}
172 :
173 :			function addRole ($role) {
174 :			if (!in_array($role, $this->roles)) $this->roles[] = $role;
175 :			}
176 :
177 :			function removeRole ($role) {
178 :			$key = array_search($role, $this->roles);
179 :			if ($key !== false) unset($this->roles[$key]);
180 :			}
181 :
182 :			function &permissionHolders ($subject_type, $subject_id) {
183 :			$sql = "SELECT role, action, control FROM #__permissions";
184 :			if ($subject_type != '') $where[] = "(subject_type='$subject_type' OR subject_type='')";
185 :			if ($subject_id != '') $where[] = "(subject_id='$subject_id' OR subject_id='')";
186 :			if (isset($where)) $sql .= " WHERE ".implode(' AND ', $where);
187 :			$this->connection->setQuery($sql);
188 :			$result = $this->connection->loadObjectList();
189 :			if (!$result) $result = array();
190 :			return $result;
191 :			}
192 :
193 :			function &nonLocalPermissionHolders ($subject_type, $subject_id) {
194 :			$sql = "SELECT role, action, control FROM #__permissions WHERE (action='' OR subject_type='' OR subject_id='') AND ((subject_type='$subject_type' OR subject_type='') AND (subject_id='$subject_id' OR subject_id='*'))";
195 :			$this->connection->setQuery($sql);
196 :			$result = $this->connection->loadObjectList();
197 :			if (!$result) $result = array();
198 :			return $result;
199 :			}
200 :
201 :			function permitSQL ($role, $control, $action, $subject_type, $subject_id) {
202 :			$sql = "REPLACE INTO #__permissions (role, control, action, subject_type, subject_id) VALUES ('$role', '$control', '$action', '$subject_type', '$subject_id');";
203 :			return $sql;
204 :			}
205 :
206 :			function permit ($role, $control, $action, $subject_type, $subject_id) {
207 :			$sql = $this->permitSQL($role, $control, $action, $subject_type, $subject_id);
208 :			$this->doSQL($sql);
209 :			$this->addRole($role);
210 :			}
211 :
212 :			function assign ($role, $access_type, $access_id) {
213 :			$sql = "REPLACE INTO #__assignments (role, access_type, access_id) VALUES ('$role', '$access_type', '$access_id')";
214 :			$this->doSQL($sql);
215 :			$this->addRole($role);
216 :			}
217 :
218 :			function dropAccess ($access_type, $access_id) {
219 :			$sql = "DELETE FROM #__assignments WHERE access_type='$access_type' AND access_id='$access_id'";
220 :			$this->doSQL($sql);
221 :			}
222 :
223 :			function &getControllingRoles ($access_type, $access_id, $action, $subject_type, $subject_id) {
224 :			$sql = "SELECT a.role FROM #__permissions AS p, #__assignments AS a WHERE a.access_type='$access_type'"
225 :			." AND a.access_id='$access_id' AND a.role=p.role AND (p.control&1)"
226 :			." AND p.action='$action' AND p.subject_type='$subject_type' AND p.subject_id='$subject_id'";
227 :			$this->doSQL($sql);
228 :			$roles = $this->connection->loadResultArray();
229 :			return $roles;
230 :			}
231 :
232 :			function &getMyPermissions ($access_type, $access_id) {
233 :			$sql = 'SELECT p.action, p.subject_type, p.subject_id, control FROM #__permissions AS p, #__assignments AS a'
234 :			. " WHERE p.role=a.role AND a.access_type='$access_type' AND (a.access_id='$access_id' OR a.access_id='*')"
235 :			. ' AND (p.control&1)';
236 :			$this->doSQL($sql);
237 :			$permissions =& $this->connection->loadObjectList();
238 :			return $permissions;
239 :			}
240 :
241 :			function getJointPermissions ($access_type, $access_id, $role) {
242 :			$sql = "SELECT p2.control AS hiscontrol, p1.control AS mycontrol, p1.action, p1.subject_type, p1.subject_id"
243 :			." FROM `#__assignments` AS a, `#__permissions` AS p1 LEFT JOIN `#__permissions` AS p2"
244 :			." ON (p2.role='$role' AND p1.action=p2.action AND p1.subject_type=p2.subject_type AND p1.subject_id=p2.subject_id)"
245 :			." WHERE (p1.control&1) AND p1.role=a.role AND a.access_type='$access_type' AND (a.access_id='$access_id' OR a.access_id='*')";
246 :			$this->doSQL($sql);
247 :			$permissions =& $this->connection->loadObjectList();
248 :			return $permissions;
249 :			}
250 :
251 :			function getAccessLists ($access_type, $access_id, $action, $subject_type, $subject_id) {
252 :			$authoriser =& mosAuthoriser::getInstance();
253 :			if ($authoriser->checkControl($access_type, $access_id, $action, $subject_type, $subject_id)) {
254 :			$cangrant = $authoriser->checkGrant($access_type, $access_id, $action, $subject_type, $subject_id);
255 :			$permissions = $this->permissionHolders($subject_type, $subject_id);
256 :			$allroles = $this->getRoles();
257 :			foreach ($allroles as $role) {
258 :			$itemc[] = $optionc = mosHTML::makeOption($role, $role);
259 :			$itema[] = $optiona = mosHTML::makeOption($role, $role);
260 :			if ($cangrant) $itemg[] = $optiong = mosHTML::makeOption($role, $role);
261 :			foreach ($permissions as $permission) {
262 :			if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) {
263 :			if ($permission->control & 1) $cselected[] = $optionc;
264 :			if ($permission->control & 2) $aselected[] = $optiona;
265 :			if ($cangrant AND $permission->control & 4) $gselected[] = $optiong;
266 :			}
267 :			}
268 :			}
269 :			$results[] = mosHTML::selectList($itema, $action.'_arole[]', 'multiple="multiple"', 'value', 'text', $aselected);
270 :			$results[] = mosHTML::selectList($itemc, $action.'_crole[]', 'multiple="multiple"', 'value', 'text', $cselected);
271 :			if ($cangrant) $results[] = mosHTML::selectList($itemg, $action.'_grole[]', 'multiple="multiple"', 'value', 'text', $gselected);
272 :			}
273 :			else $results = array();
274 :			return $results;
275 :			}
276 :
277 :			function resetPermissions ($action, $subject_type, $subject_id) {
278 :			$control_types = array ('crole', 'arole', 'grole');
279 :			$control_values = array (1,2,4);
280 :			$permissions = $this->nonLocalPermissionHolders($subject_type, $subject_id);
281 :			$this->dropPermissions($action, $subject_type, $subject_id);
282 :			foreach ($control_types as $i=>$type) {
283 :			$key = $action.'_'.$type;
284 :			if (isset($_POST[$key])) {
285 :			foreach ($_POST[$key] as $role) {
286 :			$value = isset($newpermits[$role]) ? $newpermits[$role] : 0;
287 :			$newpermits[$role] = $value \| $control_values[$i];
288 :			}
289 :			}
290 :			}
291 :			$sql = '';
292 :			foreach ($newpermits as $role=>$value) {
293 :			$needed = true;
294 :			foreach ($permissions as $permission) {
295 :			if (($permission->action == '*' OR $permission->action == $action) AND $permission->role == $role) {
296 :			if (($value & $permission->control) === $value) {
297 :			$needed = false;
298 :			break;
299 :			}
300 :			}
301 :			}
302 :			if ($needed) $sql .= $this->permitSQL ($role, $value, $action, $subject_type, $subject_id);
303 :			}
304 :			if ($sql) $this->doSQL($sql);
305 :			}
306 :
307 :			function roleExists ($role) {
308 :			$sql = "SELECT COUNT(role) FROM #__permissions WHERE role='$role' GROUP BY role";
309 :			$this->doSQL($sql);
310 :			if ($this->connection->loadResult()) return true;
311 :			$sql = "SELECT COUNT(role) FROM #__assignments WHERE role='$role' GROUP BY role";
312 :			$this->doSQL($sql);
313 :			if ($this->connection->loadResult()) return true;
314 :			else return false;
315 :			}
316 :
317 :			function dropRole ($role) {
318 :			$sql = "DELETE FROM #__permissions WHERE action='administer' AND subject_type='$role' AND system=0";
319 :			$this->doSQL($sql);
320 :			$sql = "DELETE a FROM #__assignments AS a LEFT JOIN #__permissions AS p ON a.role=p.role WHERE a.role='$role' AND (p.system=0 OR p.system=NULL)";
321 :			$this->doSQL($sql);
322 :			$this->dropRolePermissions($role);
323 :			$this->removeRole($role);
324 :			}
325 :
326 :			function dropRolePermissions ($role) {
327 :			$sql = "DELETE FROM #__permissions WHERE role='$role' AND system=0";
328 :			$this->doSQL($sql);
329 :			$this->roles = array();
330 :			}
331 :
332 :			function dropPermissions ($action, $subject_type, $subject_id) {
333 :			$sql = "DELETE FROM #__permissions WHERE action='$action' AND subject_type='$subject_type'AND subject_id='$subject_id' AND system=0";
334 :			$this->doSQL($sql);
335 :			$this->roles = array();
336 :			}
337 :
338 :			}
339 :
340 :			/**
341 :			* Extended input filter that uses language character set in the decode() function - al warren
342 :			*/
343 :			// make sure Php Input Filter base class is loaded
344 :			require_once(mamboCore::get('mosConfig_absolute_path').'/includes/phpInputFilter/class.inputfilter.php');
345 :			class mosInputFilter extends InputFilter {
346 :			var $charset=null;
347 :			function mosInputFilter() {
348 :			static $filter;
349 :			if (!isset($filter)) {
350 :			$filter = new InputFilter();
351 :			foreach(get_object_vars($filter) as $key=>$value) {
352 :			$this->$key = $value;
353 :			}
354 :			$filter = null;
355 :			}
356 :			$configuration =& mamboCore::getMamboCore();
357 :			$this->charset = $configuration->current_language->charset; // could handle this easier?
358 :			}
359 :
360 :			function getInstance() {
361 :			static $instance;
362 :			if (!isset($instance)) $instance = new mosInputFilter();
363 :			return $instance;
364 :			}
365 :
366 :			function decode($source) {
367 :			// make sure were using a valid character set for html_entity_decode
368 :			$charset = $this->mosFilterCharset($this->charset);
369 :
370 :			// url decode
371 :			$source = html_entity_decode($source, ENT_QUOTES, $charset);
372 :			// convert decimal
373 :			$source = preg_replace('/&#(\d+);/me',"chr(\\1)", $source); // decimal notation
374 :			// convert hex
375 :			$source = preg_replace('/&#x([a-f0-9]+);/mei',"chr(0x\\1)", $source); // hex notation
376 :			return $source;
377 :			}
378 :
379 :			// make sure we're working with a valid character set. return default if not.
380 :			function mosFilterCharset($charset) {
381 :			static $validSets;
382 :			if (!isset($validSets)) {
383 :			$validSets = array(
384 :			'iso-8859-1','iso-8859-15','utf-8',
385 :			'cp866','ibm866','866',
386 :			'cp1251','windows-1251','win-1251','1251',
387 :			'cp1252','windows-1252','1252',
388 :			'koi8-r','koi8-ru','koi8r',
389 :			'big5','950',
390 :			'gb2312','936',
391 :			'big5-hkscs',
392 :			'shift_jis','sjis','932',
393 :			'euc-jp','eucjp'
394 :			);
395 :			}
396 :			if(in_array(strtolower($charset), $validSets)) {
397 :			return $charset;
398 :			}
399 :			// php default for html_entity_decode
400 :			return 'ISO-8859-1';
401 :			}
402 :			}
403 :
404 :
405 :			// ----- NO MORE CLASSES OR FUNCTIONS PASSED THIS POINT -----
406 :			// Post class declaration initialisations
407 :			// some version of PHP don't allow the instantiation of classes
408 :			// before they are defined
409 :
410 :	andphe	915	?>

	ViewVC Help
Powered by ViewVC 1.0.0

Web Hosting provided by Network Redux.

MyGforge Home

Mambo CMS

Annotation of /mambo/branches/4.6/includes/mambo.php