\r
RewriteRule ^download - [L]\r
\r
- # Docs\r
- RewriteCond %{REQUEST_FILENAME} !-d\r
- RewriteCond %{REQUEST_FILENAME} !-f\r
- RewriteRule ^fluidbook/docs/(.*)$ /fluidbook/docs1/$1 [L]\r
-\r
# Favicon\r
RewriteCond %{HTTP_HOST} cubedesigners\r
RewriteRule ^favicon.ico$ images/extranet/favicon.ico [L]\r
\r
RewriteRule ^index.php/(.*)$ - [L]\r
\r
- RewriteRule ^voir_book/(.*)$ viewer1/$1 [L,R=301]\r
+ RewriteRule ^viewerh/([0-9a-f\-]+)_([0-9a-fA-F]+)_([0-9]+)/(.+)$ index.php/relayfb/$1/$2/$4 [L]\r
+ RewriteRule ^viewers/([0-9a-f\-]+)_([0-9a-fA-F]+)_([0-9]+)/(.+)$ index.php/relayfb/$1/$2/$4 [L]\r
+\r
+ RewriteRule ^(fluidbook/.*)$ index.php/relay/$1 [L]\r
\r
RewriteRule ^ajax/supprimeFichier/([0-9]+)/(.*)$ index.php/ajax/supprimeFichier/$1/$2 [L]\r
RewriteRule ^telecharger/([0-9a-fA-F]+)/([0-9]+)/(.*)$ index.php/telecharger/$1/$2/$3 [L]\r
RewriteRule ^telechargerr/([0-9a-fA-F]+)/([0-9]+)/(.*)$ index.php/telechargerr/$1/$2/$3 [L]\r
\r
- RewriteRule ^viewerh/([0-9a-f\-]+)_([0-9a-fA-F]+)_([0-9]+)/(.+)$ fluidbook/books/html5/$1/$4 [L]\r
- RewriteRule ^viewers/([0-9a-f\-]+)_([0-9a-fA-F]+)_([0-9]+)/(.+)$ fluidbook/books/html5/$1/$4 [L]\r
-\r
- RewriteRule ^fluidbook - [L]\r
-\r
# Ignore static files or directories\r
RewriteCond %{REQUEST_FILENAME} -s [OR]\r
RewriteCond %{REQUEST_FILENAME} -l [OR]\r
{\r
\r
public $grades;\r
+ /**\r
+ * @var commonUtilisateur\r
+ */\r
public $user;\r
public $agences;\r
public $categories;\r
// Si c'est le cas, on les copie dans la session\r
$_SESSION['errorLogin'] = false;\r
if (isset($_REQUEST['user_email'])) {\r
+ $_SESSION['u'] = null;\r
$_SESSION['user_email'] = $_REQUEST['user_email'];\r
}\r
\r
if (isset($_REQUEST['user_password']) || isset($_REQUEST['api_token'])) {\r
+ $_SESSION['u'] = null;\r
$_SESSION['user_password'] = $_REQUEST['user_password'] ?? $_REQUEST['api_token'];\r
}\r
// Maintenant on vérifie si ces variables sont présentes dans la session\r
if (!isset($_SESSION['user_email']) || !isset($_SESSION['user_password']) || empty($_SESSION['user_email']) || empty($_SESSION['user_password'])) {\r
// Ce n'est pas le cas, on place la variable connected à false\r
// Et on s'arrête là\r
+ $_SESSION['u'] = null;\r
$this->user = null;\r
return;\r
}\r
\r
+ if (isset($_SESSION['u']) && $_SESSION['u']) {\r
+ $this->user = unserialize($_SESSION['u']);\r
+ return;\r
+ }\r
// Les variables sont présentes on vérifie la validité des informations\r
// Dans la base de données\r
// Utilisateur connecté à l'interface\r
$dao = new commonDAOUtilisateur($this->con);\r
$this->user = $dao->selectByLoginPassword($_SESSION['user_email'], $_SESSION['user_password']);\r
if ($this->user == false) {\r
+ $_SESSION['u'] = null;\r
$_SESSION['errorLogin'] = true;\r
return;\r
}\r
$daoClient = new commonDAOClient($this->con);\r
$this->user->collegues = $daoClient->getColleguesList($this->user->utilisateur_id);\r
}\r
+ $_SESSION['u'] = serialize($this->user);\r
+\r
}\r
\r
/**\r
// Si l'utilisateur n'est pas connecté, on affiche le formulaire\r
// de login\r
\r
- $bypass = array('stats', 'telecharger', 'telechargerr', 'orpiref', 'resetPassword');\r
+ $bypass = array('stats', 'telecharger', 'telechargerr', 'orpiref', 'resetPassword','relay','relayfb');\r
\r
if ((!isset($args[0]) || !in_array($args[0], $bypass)) && (is_null($core->user) || !$core->user)) {\r
$args = array('login');\r
wsMaintenance::exportPublicationSettings($books, $title);
}
+
+ public static function relay($args, $ok = 'auto')
+ {
+ global $core;
+
+ array_shift($args);
+ $file = ROOT . '/' . implode('/', $args);
+
+ self::_relay($file, $ok);
+ }
+
+ protected function _relay($file, $ok = 'auto')
+ {
+ global $core;
+
+ ob_end_clean();
+
+ if ($ok === 'auto') {
+ $ok = true;
+ if (null === $core->user) {
+ $ok = false;
+ } else {
+ if (!self::_checkRightsFBFile($file)) {
+ $ok = false;
+ }
+ }
+ if (!$ok) {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+ }
+ }
+ if (!file_exists($file)) {
+ header('HTTP/1.0 404 Not Found');
+ exit;
+ }
+ header('Content-Length: ' . filesize($file));
+ header('Content-Type: ' . files::getMimeType($file));
+ header('X-Sendfile: ' . $file);
+ }
+
+
+ public static function _checkRightsFBFile($file)
+ {
+ global $core;
+ if (wsDroits::admin()) {
+ return true;
+ }
+ $e = explode('/', str_replace(ROOT . '/', '', $file));
+ if ($e[0] === 'books') {
+ return wsDroits::hasRightsOnBook($e[2]);
+ } else if ($e[0] === 'docs') {
+ $r = $core->con->select('SELECT book_id FROM book_pages WHERE document_id=' . $e[1]);
+ while ($r->fetch()) {
+ return wsDroits::hasRightsOnBook($r->book_id);
+ }
+ }
+ return true;
+ }
+
+ public function relayfb($args)
+ {
+ global $core;
+ array_shift($args);
+ $fb = array_shift($args);
+ $hash = array_shift($args);
+ $file = ROOT . '/fluidbook/books/html5/' . $fb . '/' . implode('/', $args);
+
+ $dao = new wsDAOBook($core->con);
+ $book = $dao->selectById($fb, true);
+ if ($book->hash !== $hash && $hash !== 'bcf26f9cf4a795ec00b9a44f42750d58') {
+ header('HTTP/1.0 403 Forbidden');
+ exit;
+ }
+ return self::_relay($file, true);
+ }
}
\ No newline at end of file
projects / cubeextranet.git / commitdiff