* Initialisierung der Session-Variablen ausgelagert * Rollen als Bitmaske * Ein user kann mehrere Rollen parallel annehmen * Primärer User erhält auch die Rechte des entsprechenden Kundenaccounts
bernd commited on 2007-07-30 13:00:58
Zeige 9 geänderte Dateien mit 75 Einfügungen und 60 Löschungen.
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@564 87cf0b9e-d624-0410-a070-f6ee81989793
- modules/domains/domains.php d8095ed..ee9c7ad
- modules/domains/menu.php 84186fd..3a47e39
- modules/imap/menu.php 28d41f8..49bd2dd
- modules/index/chpass.php 3788f03..e44c82b
- modules/index/index.php 78542a0..ed7bd50
- modules/mysql/menu.php 243b65a..82bb69a
- modules/systemuser/menu.php 450971f..fd418a0
- session/checkuser.php 524e538..a976e05
- session/start.php 25ee072..1ca5fb8
| ... | ... |
@@ -8,19 +8,10 @@ require_once('class/domain.php');
|
| 8 | 8 |
|
| 9 | 9 |
require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER)); |
| 10 | 10 |
|
| 11 |
-switch ($_SESSION['role']) |
|
| 12 |
-{
|
|
| 13 |
- case ROLE_SYSTEMUSER: |
|
| 14 |
- $user_domains = get_domain_list($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']); |
|
| 15 |
- $info = 'userinfo'; |
|
| 16 |
- break; |
|
| 17 |
- case ROLE_CUSTOMER: |
|
| 11 |
+if ($_SESSION['role'] & ROLE_CUSTOMER) |
|
| 18 | 12 |
$user_domains = get_domain_list($_SESSION['customerinfo']['customerno']); |
| 19 |
- break; |
|
| 20 |
- default: |
|
| 21 |
- $info = NULL; |
|
| 22 |
- break; |
|
| 23 |
-} |
|
| 13 |
+else |
|
| 14 |
+ $user_domains = get_domain_list($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']); |
|
| 24 | 15 |
|
| 25 | 16 |
$title = "Domainüberblick"; |
| 26 | 17 |
|
| ... | ... |
@@ -4,13 +4,10 @@ $menu = array(); |
| 4 | 4 |
|
| 5 | 5 |
$role = $_SESSION['role']; |
| 6 | 6 |
|
| 7 |
-switch ($role) |
|
| 7 |
+ |
|
| 8 |
+if (($role & ROLE_CUSTOMER) || ($role & ROLE_SYSTEMUSER)) |
|
| 8 | 9 |
{
|
| 9 |
- case ROLE_ANONYMOUS: |
|
| 10 |
- break; |
|
| 11 |
- default: |
|
| 12 | 10 |
$menu["domains_domains"] = array("label" => "Domains", "file" => "domains.php", "weight" => 1);
|
| 13 |
- |
|
| 14 | 11 |
} |
| 15 | 12 |
|
| 16 | 13 |
if (empty($menu)) |
| ... | ... |
@@ -4,11 +4,9 @@ $menu = array(); |
| 4 | 4 |
|
| 5 | 5 |
$role = $_SESSION['role']; |
| 6 | 6 |
|
| 7 |
-switch ($role) |
|
| 7 |
+if ($role & ROLE_SYSTEMUSER) |
|
| 8 | 8 |
{
|
| 9 |
- case ROLE_SYSTEMUSER: |
|
| 10 | 9 |
$menu["imap_accounts"] = array("label" => "IMAP/POP3", "file" => "accounts.php", "weight" => 10);
|
| 11 |
- |
|
| 12 | 10 |
} |
| 13 | 11 |
|
| 14 | 12 |
if (empty($menu)) |
| ... | ... |
@@ -12,15 +12,11 @@ if ($_POST['password1'] != '') |
| 12 | 12 |
{
|
| 13 | 13 |
check_form_token('index_chpass');
|
| 14 | 14 |
$result = NULL; |
| 15 |
- switch ($_SESSION['role']) |
|
| 16 |
- {
|
|
| 17 |
- case ROLE_SYSTEMUSER: |
|
| 15 |
+ if ($_SESSION['role'] & ROLE_SYSTEMUSER) |
|
| 18 | 16 |
$result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']); |
| 19 |
- break; |
|
| 20 |
- case ROLE_CUSTOMER: |
|
| 17 |
+ else |
|
| 21 | 18 |
$result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']); |
| 22 |
- break; |
|
| 23 |
- } |
|
| 19 |
+ |
|
| 24 | 20 |
if ($result == NULL) |
| 25 | 21 |
input_error('Das bisherige Passwort ist nicht korrekt!');
|
| 26 | 22 |
elseif ($_POST['password2'] != $_POST['password1']) |
| ... | ... |
@@ -38,7 +34,7 @@ if ($_POST['password1'] != '') |
| 38 | 34 |
elseif ($result === ROLE_CUSTOMER) |
| 39 | 35 |
set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']); |
| 40 | 36 |
else |
| 41 |
- system_failure("WTF?!");
|
|
| 37 |
+ system_failure("WTF?! (\$result={$result})");
|
|
| 42 | 38 |
|
| 43 | 39 |
if (! $debugmode) |
| 44 | 40 |
header('Location: index.php');
|
| ... | ... |
@@ -49,7 +45,7 @@ if ($_POST['password1'] != '') |
| 49 | 45 |
|
| 50 | 46 |
|
| 51 | 47 |
|
| 52 |
-if ($_SESSION['role'] == ROLE_SYSTEMUSER) |
|
| 48 |
+if ($_SESSION['role'] & ROLE_SYSTEMUSER) |
|
| 53 | 49 |
warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).');
|
| 54 | 50 |
|
| 55 | 51 |
output('<h3>Passwort ändern</h3>
|
| ... | ... |
@@ -24,6 +24,14 @@ case ROLE_SYSTEMUSER: |
| 24 | 24 |
case ROLE_CUSTOMER: |
| 25 | 25 |
$role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde";
|
| 26 | 26 |
break; |
| 27 |
+case ROLE_CUSTOMER | ROLE_SYSTEMUSER: |
|
| 28 |
+ $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde und Benutzer";
|
|
| 29 |
+ break; |
|
| 30 |
+case ROLE_CUSTOMER | ROLE_SYSTEMUSER | ROLE_SYSADMIN: |
|
| 31 |
+ $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde, Benutzer und Administrator";
|
|
| 32 |
+ break; |
|
| 33 |
+default: |
|
| 34 |
+ system_failure('Interner Fehler (»Unbekannte Rolle: '.$_SESSION['role'].'«)');
|
|
| 27 | 35 |
} |
| 28 | 36 |
|
| 29 | 37 |
|
| ... | ... |
@@ -4,11 +4,9 @@ $menu = array(); |
| 4 | 4 |
|
| 5 | 5 |
$role = $_SESSION['role']; |
| 6 | 6 |
|
| 7 |
-switch ($role) |
|
| 7 |
+if ($role & ROLE_CUSTOMER) |
|
| 8 | 8 |
{
|
| 9 |
- case ROLE_CUSTOMER: |
|
| 10 | 9 |
$menu["systemuser"] = array("label" => "Benutzeraccounts", "file" => "accounts.php", "weight" => 30);
|
| 11 |
- |
|
| 12 | 10 |
} |
| 13 | 11 |
|
| 14 | 12 |
if (empty($menu)) |
| ... | ... |
@@ -9,13 +9,13 @@ require_once('inc/db_connect.php');
|
| 9 | 9 |
define('ROLE_ANONYMOUS', 0);
|
| 10 | 10 |
define('ROLE_DOMAINADMIN', 1);
|
| 11 | 11 |
define('ROLE_SYSTEMUSER', 2);
|
| 12 |
-define('ROLE_CUSTOMER', 3);
|
|
| 13 |
-define('ROLE_SYSADMIN', 4);
|
|
| 12 |
+define('ROLE_CUSTOMER', 4);
|
|
| 13 |
+define('ROLE_SYSADMIN', 8);
|
|
| 14 | 14 |
|
| 15 | 15 |
|
| 16 | 16 |
// Gibt die Rolle aus, wenn das Passwort stimmt |
| 17 | 17 |
|
| 18 |
-function find_role($login, $password) |
|
| 18 |
+function find_role($login, $password, $i_am_admin = False) |
|
| 19 | 19 |
{
|
| 20 | 20 |
$login = mysql_real_escape_string($login); |
| 21 | 21 |
// Domain-Admin? <not implemented> |
| ... | ... |
@@ -23,19 +23,29 @@ function find_role($login, $password) |
| 23 | 23 |
$uid = (int) $login; |
| 24 | 24 |
if ($uid == 0) |
| 25 | 25 |
$uid = 'NULL'; |
| 26 |
- $result = db_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
|
|
| 26 |
+ $result = db_query("SELECT passwort AS password, (u.uid = (SELECT min(uid) FROM system.v_useraccounts AS acc WHERE acc.kunde=u.kunde)) AS `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
|
|
| 27 | 27 |
if (@mysql_num_rows($result) > 0) |
| 28 | 28 |
{
|
| 29 |
- $db_password = mysql_fetch_object($result)->password; |
|
| 29 |
+ $entry = mysql_fetch_object($result); |
|
| 30 |
+ $db_password = $entry->password; |
|
| 30 | 31 |
$hash = crypt($password, $db_password); |
| 31 |
- if ($hash == $db_password) |
|
| 32 |
- return ROLE_SYSTEMUSER; |
|
| 32 |
+ if ($hash == $db_password || $i_am_admin) |
|
| 33 |
+ {
|
|
| 34 |
+ $role = ROLE_SYSTEMUSER; |
|
| 35 |
+ if ($entry->primary) |
|
| 36 |
+ $role = $role | ROLE_CUSTOMER; |
|
| 37 |
+ if ($entry->admin) |
|
| 38 |
+ $role = $role | ROLE_SYSADMIN; |
|
| 39 |
+ return $role; |
|
| 40 |
+ } |
|
| 33 | 41 |
} |
| 34 | 42 |
|
| 35 | 43 |
// Customer? |
| 36 | 44 |
$customerno = (int) $login; |
| 37 | 45 |
$pass = sha1($password); |
| 38 | 46 |
$result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
|
| 47 |
+ if ($i_am_admin) |
|
| 48 |
+ $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}");
|
|
| 39 | 49 |
if (@mysql_num_rows($result) > 0) |
| 40 | 50 |
{
|
| 41 | 51 |
return ROLE_CUSTOMER; |
| ... | ... |
@@ -46,11 +56,23 @@ function find_role($login, $password) |
| 46 | 56 |
} |
| 47 | 57 |
|
| 48 | 58 |
|
| 49 |
-function get_customer_info($customerno) |
|
| 59 |
+function get_customer_info($customer) |
|
| 50 | 60 |
{
|
| 61 |
+ if (! $_SESSION['role'] & ROLE_CUSTOMER) |
|
| 62 |
+ return array(); |
|
| 51 | 63 |
$ret = array(); |
| 52 |
- $customerno = (int) $customerno; |
|
| 64 |
+ $customerno = (int) $customer; |
|
| 65 |
+ if ($customerno != 0) |
|
| 66 |
+ {
|
|
| 67 |
+ DEBUG('Looking up customerinfo for customer no. '.$customerno);
|
|
| 53 | 68 |
$result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
|
| 69 |
+ } |
|
| 70 |
+ else |
|
| 71 |
+ {
|
|
| 72 |
+ $username = mysql_real_escape_string($customer); |
|
| 73 |
+ DEBUG('looking up customer info for username '.$username);
|
|
| 74 |
+ $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
|
|
| 75 |
+ } |
|
| 54 | 76 |
if (@mysql_num_rows($result) == 0) |
| 55 | 77 |
system_failure("Konnte Kundendaten nicht auslesen!");
|
| 56 | 78 |
$data = mysql_fetch_object($result); |
| ... | ... |
@@ -127,4 +149,26 @@ function set_systemuser_password($uid, $newpass) |
| 127 | 149 |
logger("session/checkuser.php", "pwchange", "changed user's password.");
|
| 128 | 150 |
} |
| 129 | 151 |
|
| 152 |
+ |
|
| 153 |
+function setup_session($role, $useridentity) |
|
| 154 |
+{
|
|
| 155 |
+ session_regenerate_id(); |
|
| 156 |
+ $_SESSION['role'] = $role; |
|
| 157 |
+ if ($role & ROLE_SYSTEMUSER) |
|
| 158 |
+ {
|
|
| 159 |
+ DEBUG("We are system user");
|
|
| 160 |
+ $info = get_user_info($useridentity); |
|
| 161 |
+ $_SESSION['userinfo'] = $info; |
|
| 162 |
+ logger("session/start.php", "login", "logged in user »{$info['username']}«");
|
|
| 163 |
+ $useridentity = $info['customerno']; |
|
| 164 |
+ } |
|
| 165 |
+ if ($role & ROLE_CUSTOMER) |
|
| 166 |
+ {
|
|
| 167 |
+ $info = get_customer_info($useridentity); |
|
| 168 |
+ $_SESSION['customerinfo'] = $info; |
|
| 169 |
+ set_customer_lastlogin($info['customerno']); |
|
| 170 |
+ logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
|
|
| 171 |
+ } |
|
| 172 |
+} |
|
| 173 |
+ |
|
| 130 | 174 |
?> |
| ... | ... |
@@ -32,23 +32,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 32 | 32 |
} |
| 33 | 33 |
else |
| 34 | 34 |
{
|
| 35 |
- session_regenerate_id(); |
|
| 36 |
- $_SESSION['role'] = $role; |
|
| 37 |
- |
|
| 38 |
- switch ($role) |
|
| 39 |
- {
|
|
| 40 |
- case ROLE_SYSTEMUSER: |
|
| 41 |
- $info = get_user_info($_POST['username']); |
|
| 42 |
- $_SESSION['userinfo'] = $info; |
|
| 43 |
- logger("session/start.php", "login", "logged in user »{$info['username']}«");
|
|
| 44 |
- break; |
|
| 45 |
- case ROLE_CUSTOMER: |
|
| 46 |
- $info = get_customer_info($_POST['username']); |
|
| 47 |
- $_SESSION['customerinfo'] = $info; |
|
| 48 |
- set_customer_lastlogin($info['customerno']); |
|
| 49 |
- logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
|
|
| 50 |
- break; |
|
| 51 |
- } |
|
| 35 |
+ setup_session($role, $_POST['username']); |
|
| 52 | 36 |
} |
| 53 | 37 |
unset($_POST['username']); |
| 54 | 38 |
unset($_POST['password']); |
| 55 | 39 |