[system-view:external] #START-CODE <?php /* Copyright (C) Hannon Hill Corporation, hannonhill.com, July 2006 This is a script from hannonhill.com. You will find this and many other scripts at our website as part of our content management system. Terms of use: You are free to use this script as long as the copyright message is kept intact. However, you may not redistribute, sell or repost it without our permission. There are no warranties and you use it at your own risk. */ /* Add [system-asset-page] tags around filename and give specific folder path. Do not add .php file extension after [/system-asset:page] */ $configFileName = "[system-asset:page]/test/files/access-rights-config.xml[/system-asset:page]"; $myPath = $_SERVER["ORIG_PATH_INFO"]; $extension = ".php"; /* Get the path the files and pages from the configuration file */ $configFile = new domDocument; $configFile->load($configFileName); $logInPage = ""; $logInIncorrectPage = ""; $permissionDeniedPage = ""; $cmsAddress = ""; $item0 = $configFile->getElementsByTagName("system-data-structure"); foreach($item0 as $item) foreach($item->childNodes as $item2) { if ($item2->nodeName==="logInPage") foreach($item2->childNodes as $item3) if ($item3->nodeName==="path") $logInPage = $item3->nodeValue; if ($item2->nodeName==="logInIncorrectPage") foreach($item2->childNodes as $item3) if ($item3->nodeName==="path") $logInIncorrectPage = $item3->nodeValue; if ($item2->nodeName==="permissionDenied") foreach($item2->childNodes as $item3) if ($item3->nodeName==="path") $permissionDeniedPage = $item3->nodeValue; if ($item2->nodeName==="cmsAddress") $cmsAddress = $item2->nodeValue; } $logInPage = translateToRelative($logInPage, $myPath).$extension; $logInIncorrectPage = translateToRelative($logInIncorrectPage, $myPath).$extension; $permissionDeniedPage = translateToRelative($permissionDeniedPage, $myPath).$extension; $pageRights = array(); $i =0 ; $pageRights[$i] = ''; $i++; function translateToRelative($target, $current) { for($i = strlen($target);($i>0 and strpos($current, substr($target, 0, $i))===false);$i=$i-1); $reminder = substr($current, $i); $result = ""; for($j = 0; $j<substr_count($reminder,"/");$j++) $result.="../"; $result.=substr($target, $i); return $result; } function goToLogInPage() { global $logInPage; $_SESSION['referer'] = "http://".$_SERVER['HTTP_HOST'].$_SERVER['ORIG_PATH_INFO']; echo '#END-CODE#START-CODE'; exit; } function goToLogInPageIncorrect() { global $logInIncorrectPage; echo '#END-CODE#START-CODE'; exit; } function getUserGroups($usernameToGet) { global $username; global $password; global $clientRead; $create_params = array ( 'authentication' => array( 'password' => $password, 'username' => $username ), 'identifier' => array( 'id' =>$usernameToGet, 'type' => "user" )); $clientRead->read($create_params); $xml = $clientRead->__getLastResponse(); $xmlFile = new domDocument(); $xmlFile->loadXML($xml); $answer = array(); $XMLuser = $xmlFile->getElementsByTagName("groups"); foreach($XMLuser as $XMLuserValues) { $groupsString = $XMLuserValues->nodeValue; while(strpos($groupsString, ";")!=NULL) { array_push($answer,substr($groupsString,0,strpos($groupsString, ";"))); $groupsString=substr($groupsString, strpos($groupsString, ";")+1); } array_push($answer,$groupsString); } return $answer; } session_start(); $username = ""; $password = ""; $givenPassword = ""; $gotIt = false; $usernameExists = false; $pageValidated = false; /* if someone just logged in, check if the username and password are correct and add them to the session */ if (($_POST["_logInSubmit"])!==NULL) { $username = $_POST["username"]; $password = $_POST["password"]; $_SESSION['username'] = $username; $_SESSION['password'] = $password; } else { $username = $_SESSION['username']; $password = $_SESSION['password']; } if ($_SESSION['username']==NULL) goToLogInPage(); /* validate the existing username and password */ $rootAddress = $cmsAddress; $cmsAddress = $cmsAddress."/ws/services/SecurityService?wsdl"; $client = new SoapClient($cmsAddress, array('trace' => 1)); $cmsAddressRead = $rootAddress."/ws/services/AssetOperationService?wsdl"; $clientRead = new SoapClient($cmsAddressRead, array('trace' => 1)); $create_params = array ('authentication' => array( 'password' => $password, 'username' => $username)); $client->authenticate($create_params); $response = $client->__getLastResponse(); if (strpos($response, "<authenticated>true</authenticated>")===FALSE) goToLogInPageIncorrect(); $_SESSION['referer']=NULL; /* validate the page whether it can be viewed or not */ $usersRights = getUserGroups($username); for($i=0;$i<sizeof($pageRights);$i++) for($j=0;$j<sizeof($usersRights);$j++) if ($pageRights[$i] === $usersRights[$j]) $pageValidated = true; if (!$pageValidated) { echo '#END-CODE#START-CODE'; exit; } ?> #END-CODE [/system-view:external]