Menu
▾
▴
[Meshdb-cvs] www/ipdb/include authroles.php,NONE,1.1 globals.php,NONE,1.1
|
From: <ma...@pr...> - 2004-08-29 14:31:33
|
Update of /cvsroot/meshdb/www/ipdb/include In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv1744/include Added Files: authroles.php globals.php Log Message: added login/logout, cleaned up include file handling, added auth roles --- NEW FILE: authroles.php --- <?php function getUserRoles($user) { global $meship; if (isset($user)) { /* get auth id */ $queryAuthId = sprintf("SELECT authid FROM auth WHERE userid = '%s'", $user); $authId = mysql_query($queryAuthId, $meship) or die(mysql_error()); $row_authId = mysql_fetch_assoc($authId); $totalRows_authId = mysql_num_rows($authId); if ($totalRows_authId == 1) { /* keep an array of roles */ $retVal = array(); /* get list of roles for this user */ $queryRoleList = sprintf("SELECT roleid FROM role_mappings WHERE authid = %s", $row_authId['authid']); $roleList = mysql_query($queryRoleList, $meship) or die(mysql_error()); $row_roleList = mysql_fetch_assoc($roleList); $totalRows_roleList = mysql_num_rows($roleList); if ($totalRows_roleList > 0) { do { $queryRoleDetail = sprintf("SELECT * FROM role_names WHERE roleid = %s ORDER BY name ASC", $row_roleList['roleid']); $roleDetail = mysql_query($queryRoleDetail, $meship) or die(mysql_error()); $row_roleDetail = mysql_fetch_assoc($roleDetail); $index_name = ""; if (isset($row_roleDetail['qualifier'])) { $index_name = $row_roleDetail['name'] . "-" . $row_roleDetail['qualifier']; } else { $index_name = $row_roleDetail['name']; } $retVal[$index_name] = $row_roleDetail; } while ($row_roleList = mysql_fetch_assoc($roleList)); } mysql_free_result($authId); mysql_free_result($roleDetail); mysql_free_result($roleList); return $retVal; } else { # user has no authid (ie. no entry in "auth" table) mysql_free_result($authId); #die ("the user '" . getSessionVariable("username") . "' does not exist"); return array(); } } else { # no user logged in # die ("no username in session (not logged in)"); return ""; } } function isUserInRole($user, $role, $qualifier=-1) { $roles = getUserRoles($user); if (isset($roles)) { if ($qualifier != -1) { $index_name = $role . "-" . $qualifier; } else { $index_name = $role; } return isset($roles[$index_name]); } else { return ""; // false } } function auth_check($role, $qualifier=-1) { if (!isUserInRole(getSessionVariable("username"), "admin")) { header("Location: http://" . getServerVariable("HTTP_HOST") . dirname(getServerVariable("PHP_SELF")) . "/index.php"); die("evil person detected!"); } } ?> --- NEW FILE: globals.php --- <?php require_once("Connections/meship.php"); ?> <?php require_once("include/network.php"); ?> <?php require_once("include/variables.php"); ?> <?php require_once("include/stringutils.php"); ?> <?php require_once("include/authroles.php"); ?> <?php /* the login page starts it's own session */ $pageName = after_last("/", getServerVariable("PHP_SELF")); if ($pageName != "login.php") { session_start(); /* login.php uses this to detect cookies */ setSessionVariable("cookieTest", "OK"); } ?> |
