* Initialisierung der Session-Variablen ausgelagert * Rollen als Bitmaske * Ein user kann mehrere Rollen parallel annehmen * Primärer User erhält auch die Rechte des entsprechenden Kundenaccounts
bernd

bernd commited on 2007-07-30 13:00:58
Zeige 9 geänderte Dateien mit 75 Einfügungen und 60 Löschungen.


git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@564 87cf0b9e-d624-0410-a070-f6ee81989793
... ...
@@ -8,19 +8,10 @@ require_once('class/domain.php');
8 8
 
9 9
 require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
10 10
 
11
-switch ($_SESSION['role'])
12
-{
13
-  case ROLE_SYSTEMUSER:
14
-    $user_domains = get_domain_list($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']);
15
-    $info = 'userinfo';
16
-    break;
17
-  case ROLE_CUSTOMER:
11
+if ($_SESSION['role'] & ROLE_CUSTOMER)
18 12
   $user_domains = get_domain_list($_SESSION['customerinfo']['customerno']);
19
-    break;
20
-  default:
21
-    $info = NULL;
22
-    break;
23
-}
13
+else
14
+  $user_domains = get_domain_list($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']);
24 15
 
25 16
 $title = "Domainüberblick";
26 17
 
... ...
@@ -4,13 +4,10 @@ $menu = array();
4 4
 
5 5
 $role = $_SESSION['role'];
6 6
 
7
-switch ($role)
7
+
8
+if (($role & ROLE_CUSTOMER) || ($role & ROLE_SYSTEMUSER))
8 9
 {
9
-  case ROLE_ANONYMOUS:
10
-    break;
11
-  default:
12 10
   $menu["domains_domains"] = array("label" => "Domains", "file" => "domains.php", "weight" => 1);
13
-    
14 11
 }
15 12
 
16 13
 if (empty($menu))
... ...
@@ -4,11 +4,9 @@ $menu = array();
4 4
 
5 5
 $role = $_SESSION['role'];
6 6
 
7
-switch ($role)
7
+if ($role & ROLE_SYSTEMUSER)
8 8
 {
9
-  case ROLE_SYSTEMUSER:
10 9
   $menu["imap_accounts"] = array("label" => "IMAP/POP3", "file" => "accounts.php", "weight" => 10);
11
-    
12 10
 }
13 11
 
14 12
 if (empty($menu))
... ...
@@ -12,15 +12,11 @@ if ($_POST['password1'] != '')
12 12
 {
13 13
   check_form_token('index_chpass');
14 14
   $result = NULL;
15
-  switch ($_SESSION['role'])
16
-  {
17
-    case ROLE_SYSTEMUSER:
15
+  if ($_SESSION['role'] & ROLE_SYSTEMUSER)
18 16
     $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']);
19
-      break;
20
-    case ROLE_CUSTOMER:
17
+  else
21 18
     $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']);
22
-      break;
23
-  }
19
+
24 20
   if ($result == NULL)
25 21
     input_error('Das bisherige Passwort ist nicht korrekt!');
26 22
   elseif ($_POST['password2'] != $_POST['password1'])
... ...
@@ -38,7 +34,7 @@ if ($_POST['password1'] != '')
38 34
     elseif ($result === ROLE_CUSTOMER)
39 35
       set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']);
40 36
     else
41
-      system_failure("WTF?!");
37
+      system_failure("WTF?! (\$result={$result})");
42 38
     
43 39
     if (! $debugmode)
44 40
       header('Location: index.php');
... ...
@@ -49,7 +45,7 @@ if ($_POST['password1'] != '')
49 45
 
50 46
 
51 47
 
52
-if ($_SESSION['role'] == ROLE_SYSTEMUSER)
48
+if ($_SESSION['role'] & ROLE_SYSTEMUSER)
53 49
   warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).');
54 50
 
55 51
 output('<h3>Passwort &auml;ndern</h3>
... ...
@@ -24,6 +24,14 @@ case ROLE_SYSTEMUSER:
24 24
 case ROLE_CUSTOMER:
25 25
   $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde";
26 26
   break;
27
+case ROLE_CUSTOMER | ROLE_SYSTEMUSER:
28
+  $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde und Benutzer";
29
+  break;
30
+case ROLE_CUSTOMER | ROLE_SYSTEMUSER | ROLE_SYSADMIN:
31
+  $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde, Benutzer und Administrator";
32
+  break;
33
+default:
34
+  system_failure('Interner Fehler (»Unbekannte Rolle: '.$_SESSION['role'].'«)');
27 35
 }
28 36
 
29 37
 
... ...
@@ -3,9 +3,8 @@ $menu = array();
3 3
 
4 4
 $role = $_SESSION['role'];
5 5
 
6
-switch ($role)
6
+if ($role & ROLE_SYSTEMUSER)
7 7
 {
8
-  case ROLE_SYSTEMUSER:
9 8
   $menu["mysql_databases"] = array("label" => "MySQL-Datenbank", "file" => "databases.php", "weight" => 20);
10 9
     
11 10
 }
... ...
@@ -4,11 +4,9 @@ $menu = array();
4 4
 
5 5
 $role = $_SESSION['role'];
6 6
 
7
-switch ($role)
7
+if ($role & ROLE_CUSTOMER)
8 8
 {
9
-  case ROLE_CUSTOMER:
10 9
   $menu["systemuser"] = array("label" => "Benutzeraccounts", "file" => "accounts.php", "weight" => 30);
11
-    
12 10
 }
13 11
 
14 12
 if (empty($menu))
... ...
@@ -9,13 +9,13 @@ require_once('inc/db_connect.php');
9 9
 define('ROLE_ANONYMOUS', 0);
10 10
 define('ROLE_DOMAINADMIN', 1);
11 11
 define('ROLE_SYSTEMUSER', 2);
12
-define('ROLE_CUSTOMER', 3);
13
-define('ROLE_SYSADMIN', 4);
12
+define('ROLE_CUSTOMER', 4);
13
+define('ROLE_SYSADMIN', 8);
14 14
 
15 15
 
16 16
 // Gibt die Rolle aus, wenn das Passwort stimmt
17 17
 
18
-function find_role($login, $password)
18
+function find_role($login, $password, $i_am_admin = False)
19 19
 {
20 20
   $login = mysql_real_escape_string($login);
21 21
   // Domain-Admin?  <not implemented>
... ...
@@ -23,19 +23,29 @@ function find_role($login, $password)
23 23
   $uid = (int) $login;
24 24
   if ($uid == 0)
25 25
     $uid = 'NULL';
26
-  $result = db_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;");
26
+  $result = db_query("SELECT passwort AS password, (u.uid = (SELECT min(uid) FROM system.v_useraccounts AS acc WHERE acc.kunde=u.kunde)) AS  `primary`, ((SELECT acc.uid FROM system.v_useraccounts AS acc LEFT JOIN system.gruppenzugehoerigkeit USING (uid) LEFT JOIN system.gruppen AS g ON (g.gid=gruppenzugehoerigkeit.gid) WHERE g.name='admin' AND acc.uid=u.uid) IS NOT NULL) AS admin FROM system.v_useraccounts AS u LEFT JOIN system.passwoerter USING(uid) WHERE u.uid={$uid} OR username='{$login}' LIMIT 1;");
27 27
   if (@mysql_num_rows($result) > 0)
28 28
   {
29
-    $db_password = mysql_fetch_object($result)->password;
29
+    $entry = mysql_fetch_object($result);
30
+    $db_password = $entry->password;
30 31
     $hash = crypt($password, $db_password);
31
-    if ($hash == $db_password)
32
-      return ROLE_SYSTEMUSER;
32
+    if ($hash == $db_password || $i_am_admin)
33
+    {
34
+      $role = ROLE_SYSTEMUSER;
35
+      if ($entry->primary)
36
+        $role = $role | ROLE_CUSTOMER;
37
+      if ($entry->admin)
38
+        $role = $role | ROLE_SYSADMIN;
39
+      return $role;
40
+    }
33 41
   }
34 42
 
35 43
   // Customer?
36 44
   $customerno = (int) $login;
37 45
   $pass = sha1($password);
38 46
   $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';");
47
+  if ($i_am_admin)
48
+    $result = db_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno}");
39 49
   if (@mysql_num_rows($result) > 0)
40 50
   {
41 51
     return ROLE_CUSTOMER;
... ...
@@ -46,11 +56,23 @@ function find_role($login, $password)
46 56
 }
47 57
 
48 58
 
49
-function get_customer_info($customerno)
59
+function get_customer_info($customer)
50 60
 {
61
+  if (! $_SESSION['role'] & ROLE_CUSTOMER)
62
+    return array();
51 63
   $ret = array();
52
-  $customerno = (int) $customerno;
64
+  $customerno = (int) $customer;
65
+  if ($customerno != 0)
66
+  {
67
+    DEBUG('Looking up customerinfo for customer no. '.$customerno);
53 68
     $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;");
69
+  }
70
+  else
71
+  {
72
+    $username = mysql_real_escape_string($customer);
73
+    DEBUG('looking up customer info for username '.$username);
74
+    $result = db_query("SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden AS k JOIN system.v_useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
75
+  }
54 76
   if (@mysql_num_rows($result) == 0)
55 77
     system_failure("Konnte Kundendaten nicht auslesen!");
56 78
   $data = mysql_fetch_object($result);
... ...
@@ -127,4 +149,26 @@ function set_systemuser_password($uid, $newpass)
127 149
   logger("session/checkuser.php", "pwchange", "changed user's password.");
128 150
 }
129 151
 
152
+
153
+function setup_session($role, $useridentity)
154
+{
155
+  session_regenerate_id();
156
+  $_SESSION['role'] = $role;
157
+  if ($role & ROLE_SYSTEMUSER)
158
+  {
159
+    DEBUG("We are system user");
160
+    $info = get_user_info($useridentity);
161
+    $_SESSION['userinfo'] = $info;
162
+    logger("session/start.php", "login", "logged in user »{$info['username']}«");
163
+    $useridentity = $info['customerno'];
164
+  }
165
+  if ($role & ROLE_CUSTOMER)
166
+  {
167
+    $info = get_customer_info($useridentity);
168
+    $_SESSION['customerinfo'] = $info;
169
+    set_customer_lastlogin($info['customerno']);
170
+    logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
171
+  }
172
+}
173
+
130 174
 ?>
... ...
@@ -32,23 +32,7 @@ if (isset($_POST['username']) && isset($_POST['password']))
32 32
   }
33 33
   else
34 34
   {
35
-    session_regenerate_id();
36
-    $_SESSION['role'] = $role;
37
-
38
-    switch ($role)
39
-    {
40
-    case ROLE_SYSTEMUSER:
41
-      $info = get_user_info($_POST['username']);
42
-      $_SESSION['userinfo'] = $info;
43
-      logger("session/start.php", "login", "logged in user »{$info['username']}«");
44
-      break;
45
-    case ROLE_CUSTOMER:
46
-      $info = get_customer_info($_POST['username']);
47
-      $_SESSION['customerinfo'] = $info;
48
-      set_customer_lastlogin($info['customerno']);
49
-      logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
50
-      break;
51
-    }
35
+    setup_session($role, $_POST['username']);
52 36
   }
53 37
   unset($_POST['username']);
54 38
   unset($_POST['password']);
55 39