/** * A single method to setup Session information regardless which authentication method was used. * @param $userRecord FileMaker user record handle * @param $site_prefix String site URL address */ function setSessionData($userRecord, $site_prefix) { global $log, $onWebPlugin, $companyLogoSmallPropertyName, $imageDir, $appConfigName, $imageSmallFileName, $imageSplashFileName, $companyLogoSplashPropertyName, $root; if (!session_id()) { session_start(); } $log->debug("setSessionData - Session was started now populate session Array"); $_SESSION['authenticated'] = true; $_SESSION['firstName'] = $userRecord->getField('User_FirstName_ct'); $_SESSION['lastName'] = $userRecord->getField('User_LastName_ct'); $accessLevel = $userRecord->getField('User_Privs_t'); $log->debug("User Privi Set: " . $accessLevel); $_SESSION['accessLevel'] = convertPipeToArray($accessLevel); $_SESSION['userName'] = $userRecord->getField('User_Name_ct'); $_SESSION['LAST_ACTIVITY'] = time(); $pipeInstalledPlugins = $userRecord->getField('z_SYS_LicensedPlugins_ct'); //Force the Array items to uppercase just in case the character case was mixed at entry $_SESSION['installedPlugins'] = array_map("strtoupper", convertPipeToArray($pipeInstalledPlugins)); //New values to capture from [WEB] Login view to be used when determining which users can view Spots // based on account name and we also need to capture PK for the contact ID $_SESSION['contact_pk'] = $userRecord->getField('User_Contact__pk_ID_ct'); //System preference apply if 1 or else value is null $_SESSION['system_preference'] = $userRecord->getField('z_PRO_SeparateWorkByPrograming_cn'); //Accounts associated with user in cr delaminated field //$_SESSION['user_accounts'] = array(stripControlChars($userRecord->getField('User_Contact_Programming_Type_Associations_ct'))); $_SESSION['user_accounts'] = explodedCrString($userRecord->getField('User_Contact_Programming_Type_Associations_ct')); foreach ($_SESSION['user_accounts'] as $account) { $log->debug("User: "******" has an account: " . $account); } //Now test for ON-WEB from the PLUGIN array to validate that the user has the License authority to access web validatePlugin($_SESSION['userName'], $_SESSION['installedPlugins'], $onWebPlugin); //Now the login ands plugin validation is processed now write the tdc-app-config.php and set small logo location //Only perform this operation if the tdc-app-conf.php is not present in the directory. If the file exists then //it is ass-u-me(d) that the logo name and location 'was' resolved and is available to the presentation layer //This is a run once method as once the file is written is should never run unless the file is deleted //TODO remove these comments lines after the authentication flow is resolved // if(!file_exists($root .$appConfigName)){ // writeFilesDynamically($userRecord, $imageDir, $imageSmallFileName,$companyLogoSmallPropertyName, // $imageSplashFileName,$companyLogoSplashPropertyName, $appConfigName); // } if (!empty($_SESSION['forwardingUrl'])) { $log->debug("setSessionData - User logged in and is being forwarded to: " . $_SESSION['forwardingUrl']); //added this fix to forward user to page they expected to see prior to login. Assigned session item to var //then unset session item then forward user $forwardingUrl = $_SESSION['forwardingUrl']; unset($_SESSION['forwardingUrl']); header("location:" . $forwardingUrl); exit; } else { $log->debug("setSessionData - No previous forwarding is defined so go to index page"); header("location: " . $site_prefix . "index.php"); exit; } }
function validateUser($site_prefix, $fullUrl, $siteSection, $viewCheck, $pluginToValidate) { global $log; //currently set at 2 hour time out and is only checked per page load $sessionTimeoutMax = 7200; $log->debug("validateUser() - method called for section: " . $siteSection); if (!session_id()) { session_start(); } //Added this method to detect session timeout of no more than hours now if set if (isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > $sessionTimeoutMax) { $log->debug("Session timed out Username: "******"You have been logged out due to inactivity. Please login."; session_unset(); session_destroy(); if (!session_id()) { session_start(); } $_SESSION['forwardingUrl'] = urldecode($fullUrl); header("location: " . $site_prefix . "login.php?error=" . $errorMsg); exit; } if (!isset($_SESSION['authenticated'])) { $log->debug("user is not authenticated for page: " . urldecode($fullUrl)); $indexPage = "index.php"; $phpSuffix = "php"; if (!strpos(urldecode($fullUrl), $phpSuffix) || strpos(urldecode($fullUrl), $indexPage)) { header("location: " . $site_prefix . "login.php"); exit; } else { $_SESSION['forwardingUrl'] = urldecode($fullUrl); $errorMsg = "User must be logged in to access the site"; header("location: " . $site_prefix . "login.php?error=" . $errorMsg); exit; } } //Test if user has licensed ON-SPOT plugin on user record. If not redirect the user to error page //Note this validation was moved below authentication check validatePlugin($_SESSION['userName'], $_SESSION['installedPlugins'], $pluginToValidate); if (empty($_SESSION['accessLevel'])) { $log->debug("validateUser() - user access level is set to null/empty send that user to error page"); $errorMessage = "You do not have the necessary access rights in " . strtoupper($siteSection); $messageTitle = "Access Denied"; processError($errorMessage, "N/A", "user_validate.php", "N/A", $messageTitle); } else { if ($siteSection == "View") { $log->debug("Validate user can View or edit spot viewer"); //this test is specific to OnSpot/OnSpotView for viewing the page //TODO we need to figure out the privs for Request side of the site. For now we skip this as can edit method controls this if (!canViewOrEdit($_SESSION['accessLevel'], $siteSection, $viewCheck)) { $log->debug("User does not have access privilege to the site section: " . $siteSection . " Username: "******"You do not have the necessary access rights in " . strtoupper($siteSection); $messageTitle = "Access Denied"; processError($errorMessage, "N/A", "user_validate.php", "N/A", $messageTitle); } } } //Update session timer for each page visited. Once the session is dormant for 2 hours the test for session //session timeout is caught by timeout test ahead of this reset method resetSessionTimeout(); $log->debug("User is fully validated so redirect to page URL: " . urldecode($fullUrl)); }