final set of refactoring patches

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@70 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago · 4eb83c4bdc
parent 941a0ddbd4
commit 4eb83c4bdc
1 changed files with 71 additions and 74 deletions
--- a/functions.inc.php
+++ b/functions.inc.php
@ -15,58 +15,86 @@ if (ereg ("functions.inc.php", $_SERVER['PHP_SELF']))
   exit;
 }

-$version = "2.1.1";
+$version = '2.2 SVN';

-//
-// check_session
-// Action: Check if a session already exists, if not redirect to login.php
-// Call: check_session ()
-//
-function check_session ()
+/**
+ * check_session
+ *  Action: Check if a session already exists, if not redirect to login.php
+ * Call: check_session ()
+ * @return String username (e.g. foo@example.com)
+ */
+function authentication_get_username()
 {
   global $CONF;
-   session_start ();
-   session_fixid ();
-   if (!session_is_registered ("sessid"))
-   {
+   if (!isset($_SESSION['sessid'])) {
      header ("Location: " . $CONF['postfix_admin_url'] . "/login.php");
-      exit;
+      exit(0);
   }
   $SESSID_USERNAME = $_SESSION['sessid']['username'];
   return $SESSID_USERNAME;
 }

-function check_user_session ()
-{
+/**
+ * Returns the type of user - either 'user' or 'admin' 
+ * Returns false if neither (E.g. if not logged in)
+ * @return String admin or user or (boolean) false.
+ */
+function authentication_get_usertype() {
+   if(isset($_SESSION['sessid'])) {
+      if(isset($_SESSION['sessid']['type'])) {
+         return $_SESSION['sessid']['type'];
+      }
+   }
+   return false;
+}
+/**
+ *
+ * Used to determine whether a user has a particular role.
+ * @param String role-name. (E.g. admin, global-admin or user)
+ * @return boolean True if they have the requested role in their session.
+ * Note, user < admin < global-admin
+ */
+function authentication_has_role($role) {
   global $CONF;
-   session_start ();
-   session_fixid ();
-   if (!session_is_registered ("userid"))
-   {
-      header ("Location: " . $CONF['postfix_admin_url'] . "/login.php");
-      exit;
+   if(isset($_SESSION['sessid'])) {
+      if(isset($_SESSION['sessid']['roles'])) {
+         if(in_array($role, $_SESSION['sessid']['roles'])) {
+            return true;
+         }
+      }
   }
-   $USERID_USERNAME = $_SESSION['userid']['username'];
-   return $USERID_USERNAME;
+   return false;
 }

-//
-// session_fixid
-// Action: should avoid 'session fixation'
-// Call: session_fixid ()
-//
-function session_fixid ()
-{
-   if (!isset($_SESSION['exist']))
-   {
-      if ( !session_regenerate_id() ) 
-      {
-         die("Couldn't regenerate your session id.");
-      }
-      $_SESSION['exist'] = true;
+/**
+ * Used to enforce that $user has a particular role when 
+ * viewing a page.
+ * If they are lacking a role, redirect them to 
+ * $CONF['postfix_admin_url']/login.php
+ *
+ * Note, user < admin < global-admin
+ */
+function authentication_require_role($role) {
+   // redirect to appropriate page?
+   if(authentication_has_role($role)) {
+      return True;
   }
+   header("Location: " . $CONF['postfix_admin_url'] . "/login.php");
+   exit(0);
+}
+/**
+ * @return boolean TRUE if a admin, FALSE otherwise.
+ */
+function authentication_is_admin() {
+   return authentication_get_usertype() == 'admin';
 }

+/**
+ * @return boolean TRUE if a user, FALSE otherwise.
+ */
+function authentication_is_user() {
+   return authentication_get_usertype() == 'user';
+}


 //
@ -576,7 +604,7 @@ function check_owner ($username, $domain)
 function check_alias_owner ($username, $alias)
 {
   global $CONF;
-   if (check_admin ($username)) return true;
+   if (authentication_has_role('global-admin')) return true;
   $tmp = preg_split('/\@/', $alias);
   if (($CONF['special_alias_control'] == 'NO') && array_key_exists($tmp[0], $CONF['default_aliases']))
   {
@ -646,35 +674,12 @@ function list_domains ()



-//
-// check_admin
-// Action: Checks if the admin is super-admin.
-// Call: check_admin (string admin)
-//
-function check_admin ($username)
-{
-   global $table_domain_admins;
-
-   $result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND domain='ALL' AND active='1'");
-   if ($result['rows'] != 1)
-   {
-      return false;
-   }
-   else
-   {
-      return true;
-   }
-}
-
-

 //
 // admin_exist
 // Action: Checks if the admin already exists.
 // Call: admin_exist (string admin)
 //
-// was check_admin
-//
 function admin_exist ($username)
 {
   global $table_admin;
@ -972,7 +977,7 @@ function pacrypt ($pw, $pw_db="")
      $password = md5crypt ($pw, $salt);
   }

-   if($CONF['encrypt'] == 'md5') {
+   if ($CONF['encrypt'] == 'md5') {
      $password = md5($pw);
   }

@ -999,8 +1004,6 @@ function pacrypt ($pw, $pw_db="")
   return $password;
 }

-
-
 //
 // md5crypt
 // Action: Creates MD5 encrypted password
@ -1214,7 +1217,7 @@ function db_connect ()
         $link = @mysqli_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die ("<p />DEBUG INFORMATION:<br />Connect: " .  mysqli_connect_error () . "$DEBUG_TEXT");
         @mysqli_query($link,"SET CHARACTER SET utf8");
         @mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'");
-         $succes = @mysqli_select_db ($link, $CONF['database_name']) or die ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " .  mysqli_error () . "$DEBUG_TEXT");
+         $success = @mysqli_select_db ($link, $CONF['database_name']) or die ("<p />DEBUG INFORMATION:<br />MySQLi Select Database: " .  mysqli_error ($link) . "$DEBUG_TEXT");
      }
      else
      {
@ -1228,8 +1231,8 @@ function db_connect ()
      if (function_exists ("pg_pconnect"))
      {
         $connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password'];
-         $link = @pg_pconnect ($connect_string) or die ("<p />DEBUG INFORMATION:<br />Connect: " .  pg_last_error () . "$DEBUG_TEXT");
-         pg_set_client_encoding($link, UNICODE);
+         $link = @pg_pconnect ($connect_string) or die ("<p />DEBUG INFORMATION:<br />Connect: " .  pg_last_error($link) . "$DEBUG_TEXT");
+         pg_set_client_encoding($link, 'UNICODE');
      }
      else
      {
@ -1270,14 +1273,8 @@ function db_query ($query)

   if (!is_resource($link)) $link = db_connect ();

-   if ($CONF['database_type'] == "mysql") 
-   {
-      $result = @mysql_query ($query, $link) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysql_error() . "$DEBUG_TEXT");
-   }
-   if ($CONF['database_type'] == "mysqli") 
-   {
-      $result = @mysqli_query ($link, $query) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
-   }
+   if ($CONF['database_type'] == "mysql") $result = @mysql_query ($query, $link) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysql_error($link) . "$DEBUG_TEXT");
+   if ($CONF['database_type'] == "mysqli") $result = @mysqli_query ($link, $query) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . mysqli_error($link) . "$DEBUG_TEXT");
   if ($CONF['database_type'] == "pgsql")
   {
      $result = @pg_query ($link, $query) or die ("<p />DEBUG INFORMATION:<br />Invalid query: " . pg_last_error() . "$DEBUG_TEXT");