deon/khosb
Archived
1
0
Fork 0
Code Issues 6 Pull Requests Packages Projects Releases Wiki Activity

Initial Commit of AgileBill Open Source

Browse Source
This commit is contained in:
unknown
2008-11-26 14:50:40 -08:00
parent ae5a0fc25e
commit 02306ccc47
2954 changed files with 410976 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/htaccess/auth.inc.php Normal file
View File

@@ -0,0 +1,10 @@
<?php
### public methods for this module:
$auth_methods = Array
(
Array ('module' => 'htaccess', 'method' => 'list_dirs'),
Array ('module' => 'htaccess', 'method' => 'check_smarty')
);
?>

362
modules/htaccess/htaccess.inc.php Normal file
View File

@@ -0,0 +1,362 @@
<?php
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <tony@agileco.com>
* @package AgileBill
* @version 1.4.93
*/
class htaccess
{
# Open the constructor for this mod
function htaccess()
{
# name of this module:
$this->module = "htaccess";
# location of the construct XML file:
$this->xml_construct = PATH_MODULES . "" . $this->module . "/" . $this->module . "_construct.xml";
# open the construct file for parsing
$C_xml = new CORE_xml;
$construct = $C_xml->xml_to_array($this->xml_construct);
$this->method = $construct["construct"]["method"];
$this->trigger = $construct["construct"]["trigger"];
$this->field = $construct["construct"]["field"];
$this->table = $construct["construct"]["table"];
$this->module = $construct["construct"]["module"];
$this->cache = $construct["construct"]["cache"];
$this->order_by = $construct["construct"]["order_by"];
$this->limit = $construct["construct"]["limit"];
}
##############################
## LIST AUTH HTACCESS URLS ##
##############################
function list_dirs($VAR)
{
global $smarty, $C_auth;
$ii = 0;
### Get a list of htaccess groups:
$db = &DB();
$sql = 'SELECT id,group_avail
FROM ' . AGILE_DB_PREFIX . 'htaccess WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
status = ' . $db->qstr('1');
$result = $db->Execute($sql);
if($result->RecordCount() == 0)
{
$smarty->assign('htaccess_display', false);
return false;
}
while(!$result->EOF)
{
@$arr = unserialize($result->fields['group_avail']);
$id = $result->fields['id'];
$this_show = false;
for($i=0; $i<count($arr); $i++)
{
if($C_auth->auth_group_by_id($arr[$i]))
{
$this_show = true;
$i=count($arr);
}
}
if($this_show)
{
### Get each directory and add it to the array:
$db = &DB();
$sql = 'SELECT *
FROM ' . AGILE_DB_PREFIX . 'htaccess_dir WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
htaccess_id = ' . $db->qstr($id) . ' AND
status = ' . $db->qstr('1');
$result_dir = $db->Execute($sql);
while(!$result_dir->EOF)
{
$arr_smarty[] = Array (
'id' => $result_dir->fields['id'],
'name' => $result_dir->fields['name'],
'description' => $result_dir->fields['description'],
'url' => $result_dir->fields['url']
);
$ii++;
$result_dir->MoveNext();
}
}
$result->MoveNext();
}
if($ii == "0")
{
$smarty->assign('htaccess_display', false);
return false;
}
else
{
$smarty->assign('htaccess_display', true);
$smarty->assign('htaccess_results', $arr_smarty);
return true;
}
}
##############################
## Smarty Authentication ##
##############################
function check_smarty($VAR)
{
global $smarty, $C_translate;
if($this->check_auth($VAR['_htaccess_id']) )
{
if(isset($VAR['_htaccess_dir_id']))
{
## Get the URL for this htaccess area:
$db = &DB();
$sql = 'SELECT url FROM ' . AGILE_DB_PREFIX . 'htaccess_dir WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($VAR['_htaccess_dir_id']);
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
$smarty->assign('htaccess_url', $result->fields['url']);
$smarty->assign('htaccess_auth', "1");
return true;
}
}
$smarty->assign('htaccess_auth', "0");
return false;
}
##############################
## Check Authentication ##
##############################
function check_auth($id)
{
### Check if user is a member of one of the authorized groups:
$db = &DB();
$sql = 'SELECT status,group_avail FROM ' . AGILE_DB_PREFIX . 'htaccess WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($id);
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
{
if ($result->fields['status'] != '1') return false;
@$arr = unserialize($result->fields['group_avail']);
global $C_auth;
for($i=0; $i<count($arr); $i++)
if($C_auth->auth_group_by_id($arr[$i])) return true;
}
return false;
}
##############################
## ADD ##
##############################
function add($VAR)
{
$type = "add";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$id = $db->add($VAR, $this, $type);
if(isset($id) && $id > 0)
{
# Create the php index file for the Apache mod_auth_remote module:
/*
$GroupArray = '';
for($i=0; $i<count($VAR['htaccess_group_avail']); $i++)
{
if($i > 0) $GroupArray .= ',';
$GroupArray .= $VAR['htaccess_group_avail'][$i];
}
$data = '<?php
$Status = '.@$VAR['htaccess_status'].';
$GroupArray = Array('.$GroupArray.');
if($Status != "1") { header(\'WWW-Authenticate: Basic realm="Failed"\'); header("HTTP/1.0 401 Unauthorized"); exit; }
include_once("../../../config.inc.php");
require_once(PATH_ADODB . "adodb.inc.php");
require_once(PATH_CORE . "database.inc.php");
require_once(PATH_MODULES. "htaccess/mod_auth_remote.inc.php");
?>';
# add dir:
$dir = PATH_FILES . 'htaccess_'. $id .'/';
if(is_dir($dir))
mkdir($dir, '755');
$file = $dir . 'index.php';
$fp = fopen($file, "w+");
fputs($fp, $data);
fclose($fp);
*/
}
}
##############################
## VIEW ##
##############################
function view($VAR)
{
$type = "view";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->view($VAR, $this, $type);
}
##############################
## UPDATE ##
##############################
function update($VAR)
{
$type = "update";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$result = $db->update($VAR, $this, $type);
if($result)
{
$id = $VAR['htaccess_id'];
# Update the php index file for the Apache mod_auth_remote module:
$GroupArray = '';
for($i=0; $i<count($VAR['htaccess_group_avail']); $i++)
{
if($i > 0) $GroupArray .= ',';
$GroupArray .= $VAR['htaccess_group_avail'][$i];
}
$data = '<?php
$Status = '.@$VAR['htaccess_status'].';
$GroupArray = Array('.$GroupArray.');
if($Status != "1") { header(\'WWW-Authenticate: Basic realm="Failed"\'); header("HTTP/1.0 401 Unauthorized"); exit; }
include_once("../../../config.inc.php");
require_once(PATH_ADODB . "adodb.inc.php");
require_once(PATH_CORE . "database.inc.php");
require_once(PATH_MODULES. "htaccess/mod_auth_remote.inc.php");
?>';
# add dir:
$dir = PATH_FILES . 'htaccess_'. $id;
if(!is_dir($dir))
mkdir($dir, '755');
$file = PATH_FILES . 'htaccess_'. $id . '/index.php';
$fp = fopen($file, "w+");
fputs($fp, $data);
fclose($fp);
}
}
##############################
## DELETE ##
##############################
function delete($VAR)
{
global $C_debug, $C_translate;
### Get the array
if(isset($VAR["delete_id"]))
$id = split(',', $VAR["delete_id"]);
elseif (isset($VAR["id"]))
$id = split(',', $VAR["id"]);
### Load class for deleting sub-dirs.
include_once ( PATH_MODULES .'htaccess_dir/htaccess_dir.inc.php' );
$htdir = new htaccess_dir;
### Loop:
$db = &DB();
for($i=0; $i<count($id); $i++)
{
if ( $id[$i] > 0 )
{
### Delete the htpasswd record:
$sql = "DELETE FROM ".AGILE_DB_PREFIX."htaccess WHERE
site_id = ".$db->qstr(DEFAULT_SITE)." AND
id = ".$db->qstr($id[$i]);
$result = $db->Execute($sql);
if ( $result )
{
### Delete .htaccess file(s) from the sub-directories
$sql = "SELECT id FROM ".AGILE_DB_PREFIX."htaccess_dir WHERE
site_id = ".$db->qstr(DEFAULT_SITE)." AND
htaccess_id = ".$db->qstr($id[$i]);
$result = $db->Execute($sql);
if ($result->RecordCount() > 0 )
$htdir->delete_one($result->fields['id']);
}
}
### Delete the mod_auth_remote files:
/*
unlink(PATH_FILES.'htaccess_'. $id[$i] . '/index.php');
rmdir(PATH_FILES.'htaccess_'. $id[$i] );
*/
}
}
##############################
## SEARCH ##
##############################
function search($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->search($VAR, $this, $type);
}
##############################
## SEARCH SHOW ##
##############################
function search_show($VAR)
{
$type = "search";
$this->method["$type"] = split(",", $this->method["$type"]);
$db = new CORE_database;
$db->search_show($VAR, $this, $type);
}
}
?>

70
modules/htaccess/htaccess_construct.xml Normal file
View File

@@ -0,0 +1,70 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<construct>
<!-- define the module name -->
<module>htaccess</module>
<!-- define the module table name -->
<table>htaccess</table>
<!-- define the module dependancy(s) -->
<dependancy/>
<!-- define the DB cache in seconds -->
<cache>0</cache>
<!-- define the default order_by field for SQL queries -->
<order_by>name</order_by>
<!-- define the methods -->
<limit>25</limit>
<!-- define database indexes -->
<index>
<start>date_start</start>
<expire>date_expire</expire>
<status>status</status>
</index>
<!-- define the fields -->
<field>
<id>
<type>I4</type>
<unique>1</unique>
<index>1</index>
</id>
<site_id>
<type>I4</type>
<unique>1</unique>
<index>1</index>
</site_id>
<date_start>
<type>I8</type>
<convert>date</convert>
</date_start>
<date_expire>
<type>I8</type>
<convert>date</convert>
</date_expire>
<name>
<type>C(128)</type>
<min_len>3</min_len>
<max_len>128</max_len>
<validate>alphanumeric</validate>
<unique>1</unique>
</name>
<description>
<type>X2</type>
</description>
<status>
<type>L</type>
</status>
<group_avail>
<type>X2</type>
<validate>any</validate>
<convert>array</convert>
</group_avail>
</field>
<!-- define all the methods for this class, and the fields they have access to, if applicable. -->
<method>
<add>id,site_id,date_start,date_expire,name,description,status,group_avail</add>
<update>id,site_id,date_start,date_expire,name,description,status,group_avail</update>
<delete>id,site_id,date_start,date_expire,name,description,status,group_avail</delete>
<view>id,site_id,date_start,date_expire,name,description,status,group_avail</view>
<search>id,site_id,date_start,date_expire,name,description,status,group_avail</search>
</method>
<!-- define the method triggers -->
<trigger>0</trigger>
</construct>

37
modules/htaccess/htaccess_install.xml Normal file
View File

@@ -0,0 +1,37 @@
<install>
<module_properties>
<name>htaccess</name>
<parent>htaccess</parent>
<notes><![CDATA[This module provides allows you to protect local/remote directories using htaccess.]]></notes>
<menu_display>1</menu_display>
<sub_modules>htaccess_dir,htaccess_exclude</sub_modules>
</module_properties>
<sql_inserts>
<module_method>
<search>
<name>search</name>
</search>
<view>
<name>view</name>
<notes><![CDATA[Allow users to view records]]></notes>
<page><![CDATA[core:search&module=%%&_escape=1&_next_page_one=view]]></page>
<menu_display>1</menu_display>
</view>
<add>
<name>add</name>
<notes><![CDATA[Allow users to add records]]></notes>
<menu_display>1</menu_display>
</add>
<delete>
<name>delete</name>
</delete>
<update>
<name>update</name>
</update>
<search_show>
<name>search_show</name>
<notes><![CDATA[Allow users to view the search results]]></notes>
</search_show>
</module_method>
</sql_inserts>
</install>

103
modules/htaccess/mod_auth_remote.inc.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
/**
* AgileBill - Open Billing Software
*
* This body of work is free software; you can redistribute it and/or
* modify it under the terms of the Open AgileBill License
* License as published at http://www.agileco.com/agilebill/license1-4.txt
*
* For questions, help, comments, discussion, etc., please join the
* Agileco community forums at http://forum.agileco.com/
*
* @link http://www.agileco.com/
* @copyright 2004-2008 Agileco, LLC.
* @license http://www.agileco.com/agilebill/license1-4.txt
* @author Tony Landis <tony@agileco.com>
* @package AgileBill
* @version 1.4.93
*/
# check that the username/password are both set
if(empty($_SERVER['PHP_AUTH_USER']) || empty($_SERVER['PHP_AUTH_PW']))
{
mail('sales@agileco.com', 'htaccess empty', '');
header_unauth();
}
#check the database for a match
$pre = AGILE_DB_PREFIX;
$time = time();
$db = &DB();
$q = " SELECT DISTINCT
{$pre}account.id AS account_id,
{$pre}account_group.group_id AS group_id
FROM
{$pre}account
INNER JOIN
{$pre}account_group
ON
{$pre}account_group.account_id = {$pre}account.id
WHERE
(
{$pre}account.date_expire IS NULL OR
{$pre}account.date_expire = 0 OR
{$pre}account.date_expire > ".$db->qstr($time)."
)
AND
{$pre}account.status = ". $db->qstr(1) . "
AND
(
{$pre}account.password = ". $db->qstr(md5(@$_SERVER['PHP_AUTH_PW'])) . "
OR
{$pre}account.password = ". $db->qstr(@$_SERVER['PHP_AUTH_PW']) . "
)
AND
{$pre}account.username = ". $db->qstr(@$_SERVER['PHP_AUTH_USER'] )."
AND
{$pre}account.site_id = ". $db->qstr(DEFAULT_SITE ) . "
AND
(
{$pre}account_group.date_start IS NULL OR
{$pre}account_group.date_start = 0 OR
{$pre}account_group.date_start < ".$db->qstr($time)."
)
AND
(
{$pre}account_group.date_expire IS NULL OR
{$pre}account_group.date_expire = 0 OR
{$pre}account_group.date_expire > ".$db->qstr($time)."
)
AND
{$pre}account_group.active = ".$db->qstr(1)."
AND
{$pre}account_group.site_id = ". $db->qstr( DEFAULT_SITE );
# Check for group permissions:
$result = $db->Execute($q);
if($result->RecordCount() > 0) {
while( !$result->EOF ) {
for($i=0; $i<count($GroupArray); $i++) {
if($GroupArray[$i] == $result->fields["group_id"])
header_auth();
}
$result->MoveNext();
}
}
# Not authorized:
header_unauth();
function header_auth() {
header('HTTP/1.0 201 Authorized');
exit;
}
function header_unauth()
{
header('WWW-Authenticate: Basic realm="{$realm}"');
header('HTTP/1.0 401 Unauthorized');
}
?>