File Source for checkuser.phpinc

<?php
/**
* checkuser include
*
* usese $SEC_REQ settings to verify user rights and connect to database
* if $SEC_REQ['DBCONN'] is TRUE.
*
*
* @project Open CSP-Management
* @package user
*
* @author Peter Krebs <pitlinz@users.sourceforge.net>
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
* @todo $SEC_REQ['GROUPRIGHTS'] (media)
*
* version pk-03-12-30 new user object
* @version pk-04-09-16 user object changed
* @version pk-04-09-28 do not overwrite existing USER Object
* @version pk-05-06-21 check of $_POST['LOGIN'] added
* @version pk-05-07-02
* @version pk-07-04-12
* @version pk-07-08-24
* @version pk-08-11-18 SEC_REQ['CONTENTTYPE'] added
*
* @version $Id: checkuser.phpinc,v 1.18 2008/11/19 07:40:08 pitlinz Exp $
*
* @global OCSP_OBJ
*
*
*
*
*
*/
/**
* ---------------------------------------------------
*
* common settings and requirements
*
*/
if (!function_exists('pcf_require_class'))
{
require_once __OCSP_PHPINCPATH__ . "common" . _OCSP_DIRSEP_ . "pcf.phpinc";
}
pcf_require_class('OCSP_USER',"user/");
pcf_require_class('OCSP_SESSION',"common/");
if (!isset($debug))
{
$debug=false;
}
$SEC_REQ['PUBLIC']=(isset($SEC_REQ['PUBLIC']) ? $SEC_REQ['PUBLIC'] : FALSE);
$SEC_REQ['DBCONN']=(isset($SEC_REQ['DBCONN']) ? $SEC_REQ['DBCONN'] : FALSE);
if ($debug) echoDebugLine(__FILE__,__LINE__,"checkuser: <pre>".print_r($SEC_REQ,TRUE)."</pre>");
/**
* ---------------------------------------------------
*
* common functions
*
*/
/**
* ---------------------------------------------------
*
* main functions
*
*/
global $OCSP_OBJ;
global $OCSP_CONF;
global $OCSP_VAL;
if (!is_array($OCSP_OBJ)) $OCSP_OBJ=array();
$OCSP_OBJ['SESSION'] = OCSP_SESSION::getInstance(true);
if ((isset($_GET['LOGOUT'])) && (intval($_GET['LOGOUT'])))
{
if (OCSP_OBJ::currentUser())
{
OCSP_SESSION::getInstance()->clearUser($debug);
OCSP_SESSION::getInstance()->closeSession();
}
header("Location: /");
exit();
}
// $debug=($_SERVER['HTTP_HOST']=="faktor60.w4c.at");echoDebugLine(__FILE__,__LINE__,"Debug ON <pre>" . print_r($_SERVER,True) . "</pre>");
if (isset($_POST['LOGIN']) && is_array($_POST['LOGIN']) && !empty($_POST['LOGIN']['USR_LOGIN']))
{
// we have a login form submit -> check the user
$l=(isset($_POST['LOGIN']['USR_LOGIN']) ? $_POST['LOGIN']['USR_LOGIN'] : "");
$p=(isset($_POST['LOGIN']['USR_PWD']) ? $_POST['LOGIN']['USR_PWD'] : "");
if (OCSP_USER::factoryCurrentFromLoginPasswd($l,$p,NULL,$debug))
{
OCSP_OBJ::currentUser()->touch(true,$debug);
OCSP_SESSION::getInstance(True)->unsetValue('LOGIN_POST');
OCSP_SESSION::getInstance(True)->unsetValue('LOGIN_FILE');
OCSP_SESSION::getInstance(True)->unsetValue('LOGIN_REFERER');
} else {
//throw new Exception(_OCSP_EXCEP_LOGINFAILED_);
if ($debug) echoDebugLine(__FILE__,__LINE__,"Login failed");
}
OCSP_SESSION::getInstance(True)->unsetValue('LOGIN');
} else if (OCSP_OBJ::currentUser()->isPublic()) {
}
if (isset($_GET['LOGIN']) && !empty($_GET['LOGIN']))
{
$SEC_REQ['PUBLIC']=False;
}
if ((!$SEC_REQ['PUBLIC']) && OCSP_OBJ::currentUser()->isPublic($debug))
{
do {
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER']))
{
if (OCSP_USER::factoryCurrentFromLoginPasswd($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'],NULL,$debug))
{
OCSP_OBJ::currentUser()->touch(true,$debug);
OCSP_SESSION::getInstance(True)->unsetValue('LOGIN_POST');
OCSP_SESSION::getInstance()->unsetValue('LOGIN_FILE');
OCSP_SESSION::getInstance()->unsetValue('LOGIN_REFERER');
break;
}
}
OCSP_USER::echoLoginForm($SEC_REQ);
exit();
} while(False);
}
if (!OCSP_OBJ::currentUser(True)->isValid())
{
throw new Exception(_OCSP_EXCEP_NOUSER_ . ": User is not valid");
}
if (!OCSP_OBJ::currentUser()->isEnabled())
{
throw new Exception(_OCSP_EXCEP_NOUSER_ . ": User is disabled");
}
OCSP_OBJ::currentUser()->setSecRequireArr($SEC_REQ);
if (!OCSP_OBJ::currentUser()->isAllowed(NULL,$debug))
{
throw new Exception(_OCSP_EXCEP_NOTALLOWD_ . ":" . print_r($SEC_REQ,true));
}
OCSP_OBJ::currentUser()->sessSave($debug);
// old style global vars
$GLOBALS['USER']=OCSP_OBJ::currentUser();
$GLOBALS['OCSP_OBJ']['USER']=&$OCSP_OBJ['USER'];
/**
* ----------------------------- DB CONNECTION --------------------------------
*/
if ($SEC_REQ['DBCONN'])
{
if (!OCSP_OBJ::currentUser()->isConnected(true))
{
throw new Execption(_OCSP_EXCEP_NODBCONN_);
}
// old style global vars
$GLOBALS['USRDB']=OCSP_OBJ::defaultDBObj();
$GLOBALS['OCSP_OBJ']['USRDB']=&$OCSP_OBJ['USRDB'];
}
OCSP_SESSION::getInstance(true)->unsetValue('LOGINERROR');
if ($debug) echoDebugLine(__FILE__,__LINE__,"<p>checkuser done</p><pre>".print_r($_SESSION,TRUE)."</pre>");
?>

Source for file checkuser.phpinc