Example #1
0
    function OnBeforeProlog()
    {
        global $USER, $APPLICATION;
        if (isset($_SERVER["PHP_AUTH_USER"]) && (!defined("NOT_CHECK_PERMISSIONS") || NOT_CHECK_PERMISSIONS !== true) && (CWebDavBase::IsDavHeaders("check_all") || !$USER->IsAuthorized())) {
            if (strlen($_SERVER["PHP_AUTH_USER"]) > 0 and strlen($_SERVER["PHP_AUTH_PW"]) > 0) {
                if (strpos($_SERVER["PHP_AUTH_USER"], $_SERVER['HTTP_HOST'] . "\\") === 0) {
                    $_SERVER["PHP_AUTH_USER"] = str_replace($_SERVER['HTTP_HOST'] . "\\", "", $_SERVER["PHP_AUTH_USER"]);
                } elseif (strpos($_SERVER["PHP_AUTH_USER"], $_SERVER['SERVER_NAME'] . "\\") === 0) {
                    $_SERVER["PHP_AUTH_USER"] = str_replace($_SERVER['SERVER_NAME'] . "\\", "", $_SERVER["PHP_AUTH_USER"]);
                }
                $arAuthResult = $USER->Login($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"], "N");
                $APPLICATION->arAuthResult = $arAuthResult;
            }
        }
        if (($_SERVER['REQUEST_METHOD'] == 'OPTIONS' || $_SERVER['REQUEST_METHOD'] == 'PROPFIND') && (strlen($_SERVER["REAL_FILE_PATH"]) <= 0 && substr($_SERVER['REQUEST_URI'], -1, 1) == '/' || strpos($_SERVER['REQUEST_URI'], 'personal') !== false && strlen($_SERVER["REAL_FILE_PATH"]) <= 0 && !file_exists($_SERVER['DOCUMENT_ROOT'] . $_SERVER['REQUEST_URI']))) {
            $res = CUrlRewriter::GetList(array("QUERY" => $_SERVER['REQUEST_URI']));
            $good_res = true;
            $file_path = "";
            foreach ($res as $res_detail) {
                if (strpos($res_detail["ID"], "webdav") !== false || strpos($res_detail["ID"], "socialnetwork") !== false) {
                    $good_res = !$USER->IsAuthorized();
                    break;
                }
            }
            if ($good_res) {
                header("MS-Author-Via: DAV");
                if (strpos($_SERVER['HTTP_USER_AGENT'], "Microsoft-WebDAV-MiniRedir") !== false && $_SERVER['REQUEST_METHOD'] == "OPTIONS") {
                    CWebDavBase::base_OPTIONS();
                    die;
                }
                if ($_SERVER['REQUEST_METHOD'] != 'PROPFIND') {
                    if (!$USER->IsAuthorized()) {
                        CWebDavBase::SetAuthHeader();
                        die;
                    }
                    CWebDavBase::base_OPTIONS();
                    die;
                }
                if ($_SERVER['REQUEST_METHOD'] == 'PROPFIND') {
                    if (!$USER->IsAuthorized()) {
                        CWebDavBase::SetAuthHeader();
                        die;
                    }
                    CWebDavBase::SetStatus('207 Multi-Status');
                    echo '<?xml version="1.0" encoding="utf-8" ?>
<D:multistatus xmlns:D="DAV:" xmlns:Office="urn:schemas-microsoft-com:office:office" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:Z="urn:schemas-microsoft-com:">
<D:response>
	<D:href>http://' . htmlspecialcharsbx($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) . '</D:href>
	<D:propstat>
		<D:prop>
			<D:displayname></D:displayname>
			<D:lockdiscovery/><D:supportedlock/>
			<D:isFolder>t</D:isFolder>
			<D:iscollection>1</D:iscollection>
			<D:ishidden>0</D:ishidden>
			<D:getcontenttype>application/octet-stream</D:getcontenttype>
			<D:getcontentlength>0</D:getcontentlength>
			<D:resourcetype><D:collection/></D:resourcetype>
			<Repl:authoritative-directory>t</Repl:authoritative-directory>
			<D:getlastmodified>2008-10-29T13:58:59Z</D:getlastmodified>
			<D:creationdate>2008-10-29T13:58:59Z</D:creationdate>
			<Repl:repl-uid>rid:{D77F5F6A-44A9-4015-AB49-4D3A439808C1}</Repl:repl-uid>
			<Repl:resourcetag>rt:D77F5F6A-44A9-4015-AB49-4D3A439808C1@00000000000</Repl:resourcetag>
			<D:getetag>&quot;{D77F5F6A-44A9-4015-AB49-4D3A439808C1},0&quot;</D:getetag>
		</D:prop>
		<D:status>HTTP/1.1 200 OK</D:status>
	</D:propstat>
</D:response>
</D:multistatus>';
                    die;
                }
            }
        } elseif (CWebDavBase::IsDavHeaders("check_all")) {
            if (!$USER->IsAuthorized()) {
                $res = CUrlRewriter::GetList(array("QUERY" => $_SERVER['REQUEST_URI']));
                $good_res = true;
                $file_path = "";
                foreach ($res as $res_detail) {
                    if (strpos($res_detail["ID"], "webdav") !== false || strpos($res_detail["ID"], "socialnetwork") !== false) {
                        $good_res = !$USER->IsAuthorized();
                        break;
                    }
                }
                if ($good_res) {
                    CWebDavBase::SetAuthHeader();
                    die;
                }
            }
            return true;
        }
    }