示例#1
0
/**
 * A single method to setup Session information regardless which authentication method was used.
 * @param $userRecord FileMaker user record handle
 * @param $site_prefix String site URL address
 */
function setSessionData($userRecord, $site_prefix)
{
    global $log, $onWebPlugin, $companyLogoSmallPropertyName, $imageDir, $appConfigName, $imageSmallFileName, $imageSplashFileName, $companyLogoSplashPropertyName, $root;
    if (!session_id()) {
        session_start();
    }
    $log->debug("setSessionData - Session was started now populate session Array");
    $_SESSION['authenticated'] = true;
    $_SESSION['firstName'] = $userRecord->getField('User_FirstName_ct');
    $_SESSION['lastName'] = $userRecord->getField('User_LastName_ct');
    $accessLevel = $userRecord->getField('User_Privs_t');
    $log->debug("User Privi Set: " . $accessLevel);
    $_SESSION['accessLevel'] = convertPipeToArray($accessLevel);
    $_SESSION['userName'] = $userRecord->getField('User_Name_ct');
    $_SESSION['LAST_ACTIVITY'] = time();
    $pipeInstalledPlugins = $userRecord->getField('z_SYS_LicensedPlugins_ct');
    //Force the Array items to uppercase just in case the character case was mixed at entry
    $_SESSION['installedPlugins'] = array_map("strtoupper", convertPipeToArray($pipeInstalledPlugins));
    //New values to capture from [WEB] Login view to be used when determining which users can view Spots
    // based on account name and we also need to capture PK for the contact ID
    $_SESSION['contact_pk'] = $userRecord->getField('User_Contact__pk_ID_ct');
    //System preference apply if 1 or else value is null
    $_SESSION['system_preference'] = $userRecord->getField('z_PRO_SeparateWorkByPrograming_cn');
    //Accounts associated with user in cr delaminated field
    //$_SESSION['user_accounts'] = array(stripControlChars($userRecord->getField('User_Contact_Programming_Type_Associations_ct')));
    $_SESSION['user_accounts'] = explodedCrString($userRecord->getField('User_Contact_Programming_Type_Associations_ct'));
    foreach ($_SESSION['user_accounts'] as $account) {
        $log->debug("User: "******" has an account: " . $account);
    }
    //Now test for ON-WEB from the PLUGIN array to validate that the user has the License authority to access web
    validatePlugin($_SESSION['userName'], $_SESSION['installedPlugins'], $onWebPlugin);
    //Now the login ands plugin validation is processed now write the tdc-app-config.php and set small logo location
    //Only perform this operation if the tdc-app-conf.php is not present in the directory. If the file exists then
    //it is ass-u-me(d) that the logo name and location 'was' resolved and is available to the presentation layer
    //This is a run once method as once the file is written is should never run unless the file is deleted
    //TODO remove these comments lines after the authentication flow is resolved
    //        if(!file_exists($root .$appConfigName)){
    //            writeFilesDynamically($userRecord, $imageDir, $imageSmallFileName,$companyLogoSmallPropertyName,
    //                $imageSplashFileName,$companyLogoSplashPropertyName, $appConfigName);
    //        }
    if (!empty($_SESSION['forwardingUrl'])) {
        $log->debug("setSessionData - User logged in and is being forwarded to: " . $_SESSION['forwardingUrl']);
        //added this fix to forward user to page they expected to see prior to login. Assigned session item to var
        //then unset session item then forward user
        $forwardingUrl = $_SESSION['forwardingUrl'];
        unset($_SESSION['forwardingUrl']);
        header("location:" . $forwardingUrl);
        exit;
    } else {
        $log->debug("setSessionData - No previous forwarding is defined so go to index page");
        header("location: " . $site_prefix . "index.php");
        exit;
    }
}
示例#2
0
function validateUser($site_prefix, $fullUrl, $siteSection, $viewCheck, $pluginToValidate)
{
    global $log;
    //currently set at 2 hour time out and is only checked per page load
    $sessionTimeoutMax = 7200;
    $log->debug("validateUser() - method called for section: " . $siteSection);
    if (!session_id()) {
        session_start();
    }
    //Added this method to detect session timeout of no more than hours now if set
    if (isset($_SESSION['LAST_ACTIVITY']) && time() - $_SESSION['LAST_ACTIVITY'] > $sessionTimeoutMax) {
        $log->debug("Session timed out Username: "******"You have been logged out due to inactivity. Please login.";
        session_unset();
        session_destroy();
        if (!session_id()) {
            session_start();
        }
        $_SESSION['forwardingUrl'] = urldecode($fullUrl);
        header("location: " . $site_prefix . "login.php?error=" . $errorMsg);
        exit;
    }
    if (!isset($_SESSION['authenticated'])) {
        $log->debug("user is not authenticated for page: " . urldecode($fullUrl));
        $indexPage = "index.php";
        $phpSuffix = "php";
        if (!strpos(urldecode($fullUrl), $phpSuffix) || strpos(urldecode($fullUrl), $indexPage)) {
            header("location: " . $site_prefix . "login.php");
            exit;
        } else {
            $_SESSION['forwardingUrl'] = urldecode($fullUrl);
            $errorMsg = "User must be logged in to access the site";
            header("location: " . $site_prefix . "login.php?error=" . $errorMsg);
            exit;
        }
    }
    //Test if user has licensed ON-SPOT plugin on user record. If not redirect the user to error page
    //Note this validation was moved below authentication check
    validatePlugin($_SESSION['userName'], $_SESSION['installedPlugins'], $pluginToValidate);
    if (empty($_SESSION['accessLevel'])) {
        $log->debug("validateUser() - user access level is set to null/empty send that user to error page");
        $errorMessage = "You do not have the necessary access rights in " . strtoupper($siteSection);
        $messageTitle = "Access Denied";
        processError($errorMessage, "N/A", "user_validate.php", "N/A", $messageTitle);
    } else {
        if ($siteSection == "View") {
            $log->debug("Validate user can View or edit spot viewer");
            //this test is specific to OnSpot/OnSpotView for viewing the page
            //TODO we need to figure out the privs for Request side of the site. For now we skip this as can edit method controls this
            if (!canViewOrEdit($_SESSION['accessLevel'], $siteSection, $viewCheck)) {
                $log->debug("User does not have access privilege to the site section: " . $siteSection . " Username: "******"You do not have the necessary access rights in " . strtoupper($siteSection);
                $messageTitle = "Access Denied";
                processError($errorMessage, "N/A", "user_validate.php", "N/A", $messageTitle);
            }
        }
    }
    //Update session timer for each page visited. Once the session is dormant for 2 hours the test for session
    //session timeout is caught by timeout test ahead of this reset method
    resetSessionTimeout();
    $log->debug("User is fully validated so redirect to page URL: " . urldecode($fullUrl));
}