diff --git a/application/models/CustomControllerAclManager.php b/application/models/CustomControllerAclManager.php index e8c24a6a..0e4d1e26 100755 --- a/application/models/CustomControllerAclManager.php +++ b/application/models/CustomControllerAclManager.php @@ -1,96 +1,103 @@ -'','controller' => 'account', - 'action' => 'login'); - public function __construct(Zend_Auth $auth) - { - $this->db=Zend_Registry::get('db'); - $this->auth = $auth; - $this->acl = new Zend_Acl(); - // add the different user roles - $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole)); - $this->acl->addRole(new Zend_Acl_Role('member')); - $this->acl->addRole(new Zend_Acl_Role('administrator'), 'member'); - // add the resources we want to have control over - $this->acl->add(new Zend_Acl_Resource('account')); - $this->acl->add(new Zend_Acl_Resource('data')); - $this->acl->add(new Zend_Acl_Resource('water')); - $this->acl->add(new Zend_Acl_Resource('admin')); - // allow access to everything for all users by default - // except for the account management and administration areas - $this->acl->allow(); - $this->acl->deny(null, 'account'); - $this->acl->deny(null, 'admin'); - // add an exception so guests can log in or register - // in order to gain privilege - $this->acl->allow('guest', 'account', array('login', - 'fetchpwd', - 'register', - 'registercomplete')); - $this->acl->deny('guest','data',array('download','order')); - $this->acl->deny('guest','water',array('download','order')); - // allow members access to the account management area - $this->acl->allow('member', 'account'); - // allows administrators access to the admin area - $this->acl->allow('administrator', 'admin'); - - } - /** - * preDispatch - * - * Before an action is dispatched, check if the current user - * has sufficient privileges. If not, dispatch the default - * action instead - * - * @param Zend_Controller_Request_Abstract $request - */ - public function preDispatch(Zend_Controller_Request_Abstract $request) - { - // check if a user is logged in and has a valid role, - // otherwise, assign them the default role (guest) - $mb = new member(); - $mb->db=$this->db; - - if($mb->checkcookie()) - { - $auth = Zend_Auth::getInstance(); - $authAdapter = new Zend_Auth_Adapter_DbTable($this->db); - $authAdapter->setTableName('users') - ->setIdentityColumn('username') - ->setCredentialColumn('password'); - $authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd); - $result = $auth->authenticate($authAdapter); - if ($result->isValid()) { - $data = $authAdapter->getResultRowObject(null,'password'); - $auth->getStorage()->write($data); - $this->db->query("update users set ts_last_login=now() where username=?",array($mb->user)); - } - } - - if ($this->auth->hasIdentity()) - $role = $this->auth->getIdentity()->usertype; - else - $role = $this->_defaultRole; - if (!$this->acl->hasRole($role)) - $role = $this->_defaultRole; - // the ACL resource is the requested controller name - $resource = $request->controller; - if ($request->module<>"default") $resource=$request->module; - // the ACL privilege is the requested action name - $privilege = $request->action; - // if we haven't explicitly added the resource, check - // the default global permissions - if (!$this->acl->has($resource)) - $resource = null; - // access denied - reroute the request to the default action handler - if (!$this->acl->isAllowed($role, $resource, $privilege)) { - $request->setModuleName($this->_authController['module']); - $request->setControllerName($this->_authController['controller']); - $request->setActionName($this->_authController['action']); - } - } - } +'','controller' => 'account', + 'action' => 'login'); + public function __construct(Zend_Auth $auth) + { + $this->db=Zend_Registry::get('db'); + $this->auth = $auth; + $this->acl = new Zend_Acl(); + // add the different user roles + $this->acl->addRole(new Zend_Acl_Role($this->_defaultRole)); + $this->acl->addRole(new Zend_Acl_Role('member')); + $this->acl->addRole(new Zend_Acl_Role('administrator'), 'member'); + // add the resources we want to have control over + $this->acl->add(new Zend_Acl_Resource('account')); + $this->acl->add(new Zend_Acl_Resource('data')); + $this->acl->add(new Zend_Acl_Resource('water')); + $this->acl->add(new Zend_Acl_Resource('admin')); + $this->acl->add(new Zend_Acl_Resource('upload')); + // allow access to everything for all users by default + // except for the account management and administration areas + $this->acl->allow(); + $this->acl->deny(null, 'account'); + $this->acl->deny(null, 'admin'); + // add an exception so guests can log in or register + // in order to gain privilege + $this->acl->allow('guest', 'account', array('login', + 'fetchpwd', + 'register', + 'registercomplete')); + $this->acl->deny('guest','data',array('download','order')); + $this->acl->deny('guest','water',array('download','order')); + // allow members access to the account management area + $this->acl->allow('member', 'account'); + // allows administrators access to the admin area + $this->acl->allow('administrator', 'admin'); + } + /** + * preDispatch + * + * Before an action is dispatched, check if the current user + * has sufficient privileges. If not, dispatch the default + * action instead + * + * @param Zend_Controller_Request_Abstract $request + */ + public function preDispatch(Zend_Controller_Request_Abstract $request) + { + + $phpSessId = $request->getParam('PHPSESSID'); + if (!empty($phpSessId) && session_id() != $phpSessId) { + session_destroy(); + session_id($phpSessId); + session_start(); + } + // check if a user is logged in and has a valid role, + // otherwise, assign them the default role (guest) + $mb = new member(); + $mb->db=$this->db; + + if($mb->checkcookie()) + { + $auth = Zend_Auth::getInstance(); + $authAdapter = new Zend_Auth_Adapter_DbTable($this->db); + $authAdapter->setTableName('users') + ->setIdentityColumn('username') + ->setCredentialColumn('password'); + $authAdapter->setIdentity($mb->user)->setCredential($mb->srpwd); + $result = $auth->authenticate($authAdapter); + if ($result->isValid()) { + $data = $authAdapter->getResultRowObject(null,'password'); + $auth->getStorage()->write($data); + $this->db->query("update users set ts_last_login=now() where username=?",array($mb->user)); + } + } + + if ($this->auth->hasIdentity()) + $role = $this->auth->getIdentity()->usertype; + else + $role = $this->_defaultRole; + if (!$this->acl->hasRole($role)) + $role = $this->_defaultRole; + // the ACL resource is the requested controller name + $resource = $request->controller; + if ($request->module<>"default") $resource=$request->module; + // the ACL privilege is the requested action name + $privilege = $request->action; + // if we haven't explicitly added the resource, check + // the default global permissions + if (!$this->acl->has($resource)) + $resource = null; + // access denied - reroute the request to the default action handler + if (!$this->acl->isAllowed($role, $resource, $privilege)) { + $request->setModuleName($this->_authController['module']); + $request->setControllerName($this->_authController['controller']); + $request->setActionName($this->_authController['action']); + } + } + }