-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathuser.php
executable file
·120 lines (81 loc) · 3.4 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
/*
**************************************************************************************************************************
** CORAL Usage Statistics Module
**
** Copyright (c) 2010 University of Notre Dame
**
** This file is part of CORAL.
**
** CORAL is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
**
** CORAL is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
**
** You should have received a copy of the GNU General Public License along with CORAL. If not, see <http://www.gnu.org/licenses/>.
**
**************************************************************************************************************************
*/
$util = new Utility();
$config = new Configuration();
$addURL = '';
//if set to use auth module
if ($config->settings->authModule == 'Y'){
//check if a cookie has been set for this user in a session
$loginID = $util->getLoginCookie();
//load user and verify they have a valid open session
$user = new User(new NamedArguments(array('primaryKey' => $loginID)));
//if the user has an open session
if (($loginID) && ($user->hasOpenSession())){
session_start();
$_SESSION['loginID'] = $loginID;
//no open session
}else{
//redirect to auth page
if (isset($user->loginID)) {
$addURL = '&timeout';
}else{
if (($loginID) && (!isset($user->loginID))){
$addURL = '?invalid&service=';
}else{
$addURL = '?service=';
}
}
$authURL = $util->getCORALURL() . "auth/" . $addURL . htmlentities($_SERVER['REQUEST_URI']);
header('Location: ' . $authURL, true);
exit; //PREVENT SECURITY HOLE
}
//otherwise plug into apache server variable
}else{
//get login id from server
if (!isset($_SESSION['loginID']) || ($_SESSION['loginID'] == '')){
$varName = $config->settings->remoteAuthVariableName;
//the following code takes the remote auth variable name from the config settings and evaluates it to get the actual value from web server
//if the first character is a $ it needs to be stripped off for the eval to work
$theVarStem = ltrim($varName, "$");
//evaluate the remote variable
$remoteAuth=eval("return \$$theVarStem;");
//use the split in case the remote login is supplied as an email address
if (strpos($remoteAuth,'@') !== false) {
list ($loginID,$restofAddr) = explode("@", $remoteAuth);
} else {
$loginID = $remoteAuth;
}
session_start();
$_SESSION['loginID'] = $loginID;
}else{
$loginID = $_SESSION['loginID'];
}
}
//for the usage statistics module we require that the user exists in the database before granting access
//thus, setuser.php is not used
if ($loginID){
//Load user
$user = new User(new NamedArguments(array('primaryKey' => $loginID)));
$privilege = new Privilege(new NamedArguments(array('primaryKey' => $user->privilegeID)));
//if the user doesn't exist in database we need to redirect them to a page to give instructions on how to be added
if ($user->privilegeID == ""){
header('Location: not_avail.php');
exit; //PREVENT SECURITY HOLE
}
}
?>