function __isAuthenticated()
{
return true;
if (array_key_exists('HTTP_AUTH_KEY', $_SERVER)) {
$authKey = $_SERVER['HTTP_AUTH_KEY'];
} elseif (array_key_exists('auth_key', $_GET)) {
$authKey = $_GET['auth_key'];
} else {
throw new RestException(401, 'Authentication Required');
}
$sessions = new Sessions();
$session = $sessions->verifySession($authKey);
if (is_array($session)) {
$sesInfo = $sessions->getSessionUser($authKey);
self::$userId = $sesInfo['USR_UID'];
self::$authKey = $authKey;
return true;
}
throw new RestException(401, 'Wrong Credentials!');
}
$noLoginFiles[] = 'heartbeatStatus';
$noLoginFiles[] = 'showLogoFile';
$noLoginFiles[] = 'forgotPassword';
$noLoginFiles[] = 'retrivePassword';
$noLoginFiles[] = 'defaultAjaxDynaform';
$noLoginFiles[] = 'dynaforms_checkDependentFields';
$noLoginFolders[] = 'services';
$noLoginFolders[] = 'tracker';
$noLoginFolders[] = 'installer';
// This sentence is used when you lost the Session
if (!in_array(SYS_TARGET, $noLoginFiles) && !in_array(SYS_COLLECTION, $noLoginFolders) && $bWE != true && $collectionPlugin != 'services') {
$bRedirect = true;
if (isset($_GET['sid'])) {
G::LoadClass('sessions');
$oSessions = new Sessions();
if ($aSession = $oSessions->verifySession($_GET['sid'])) {
require_once 'classes/model/Users.php';
$oUser = new Users();
$aUser = $oUser->load($aSession['USR_UID']);
$_SESSION['USER_LOGGED'] = $aUser['USR_UID'];
$_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME'];
$bRedirect = false;
$RBAC->initRBAC();
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
$memKey = 'rbacSession' . session_id();
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
}
}
if ($bRedirect) {
if (substr(SYS_SKIN, 0, 2) == 'ux' && SYS_SKIN != 'uxs') {
// verify if the current skin is a 'ux' variant
/**
* **********
* #added By Erik AO <*****@*****.**> in datetime 26.06.2008 10:00:00
* # modified 12-01-2010 by erik
*/
function isValidSession($sessionId)
{
G::LoadClass('sessions');
$oSessions = new Sessions();
$session = $oSessions->verifySession($sessionId);
if (is_array($session)) {
return new wsResponse(0, G::LoadTranslation('ID_SESSION_ACTIVE'));
} else {
return new wsResponse(9, G::LoadTranslation('ID_SESSION_EXPIRED'));
}
}
function ifSessionExpiredBreakThis($sessionId)
{
#added By Erik AO <*****@*****.**> in datetime 26.06.2008 10:00:00
G::LoadClass('sessions');
$oSessions = new Sessions();
$session = $oSessions->verifySession($sessionId);
if ($session == '') {
G::LoadClass('wsResponse');
return new wsResponse(9, G::LoadTranslation('ID_SESSION_EXPIRED'));
}
}
/**
* **********
* #added By Erik AO <*****@*****.**> in datetime 26.06.2008 10:00:00
* # modified 12-01-2010 by erik
*/
function isValidSession($sessionId)
{
G::LoadClass('sessions');
$oSessions = new Sessions();
$session = $oSessions->verifySession($sessionId);
if (is_array($session)) {
return new wsResponse(0, 'Session active');
} else {
return new wsResponse(9, 'Session expired');
}
}
public function verifyUserSession($target, $collection)
{
// this is the blank list to allow execute scripts with no login (without session started)
$noLoginFiles = $noLoginFolders = array();
$noLoginFiles[] = 'login';
$noLoginFiles[] = 'authentication';
$noLoginFiles[] = 'login_Ajax';
$noLoginFiles[] = 'dbInfo';
$noLoginFiles[] = 'sysLoginVerify';
$noLoginFiles[] = 'processes_Ajax';
$noLoginFiles[] = 'updateTranslation';
$noLoginFiles[] = 'autoinstallProcesses';
$noLoginFiles[] = 'autoinstallPlugins';
$noLoginFiles[] = 'heartbeatStatus';
$noLoginFiles[] = 'showLogoFile';
$noLoginFiles[] = 'forgotPassword';
$noLoginFiles[] = 'retrivePassword';
$noLoginFiles[] = 'defaultAjaxDynaform';
$noLoginFiles[] = 'dynaforms_checkDependentFields';
$noLoginFolders[] = 'services';
$noLoginFolders[] = 'tracker';
$noLoginFolders[] = 'installer';
// This sentence is used when you lost the Session
if (!in_array(SYS_TARGET, $noLoginFiles) && !in_array(SYS_COLLECTION, $noLoginFolders) && $bWE != true && $collectionPlugin != 'services' && !$isRestRequest) {
$bRedirect = true;
if (isset($_GET['sid'])) {
G::LoadClass('sessions');
$oSessions = new Sessions();
if ($aSession = $oSessions->verifySession($_GET['sid'])) {
require_once 'classes/model/Users.php';
$oUser = new Users();
$aUser = $oUser->load($aSession['USR_UID']);
$_SESSION['USER_LOGGED'] = $aUser['USR_UID'];
$_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME'];
$bRedirect = false;
$RBAC->initRBAC();
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
$memKey = 'rbacSession' . session_id();
$memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS);
}
}
if ($bRedirect) {
if (substr(SYS_SKIN, 0, 2) == 'ux' && SYS_SKIN != 'uxs') {
// verify if the current skin is a 'ux' variant
$loginUrl = 'main/login';
} else {
if (strpos($_SERVER['REQUEST_URI'], '/home') !== false) {
//verify is it is using the uxs skin for simplified interface
$loginUrl = 'home/login';
} else {
$loginUrl = 'login/login';
// just set up the classic login
}
}
if (empty($_POST)) {
header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']));
} else {
if ($isControllerCall) {
header("HTTP/1.0 302 session lost in controller");
} else {
header('location: ' . SYS_URI . $loginUrl);
}
}
die;
}
}
}