util.php File Reference

Misc. utility functions. More...

Go to the source code of this file.

Functions

 check_input ($user_input, $validation_info, $strict_mode=TRUE)
 check input data against a set of rules (regular expressions)
 do_template ($smarty, $template, $kw, $remember_me=FALSE)
 Display a Smarty template.
 get_html_options ($tables, $db, $key="id", $value="description", $order_by="description", $default=array())
 get_item_owner ($item, $id, $db)
 determine the "owner" of an item
 send_email ($smarty, $template, $kw, $email_to)
 Send an email, using a Smarty template as the body text.
 get_new_expiry_date ()
 Suggest an expiry date.
 check_acl ($acl_list, $item, $id, $db)
 Evaluate an ACL (access control list).
 set_random_pw ($uid, $dblink)
 Set a random password for a user account.
 smarty_init ()
 initialize the Smarty template engine
 guess_mime_type ($fn)
 guess a mime type from a file name

Detailed Description

Misc. utility functions.

Definition in file util.php.

Function Documentation

check_acl ( acl_list,
item,
id,
db 
)

Evaluate an ACL (access control list).

Check whether the user has access to an object, according to specfications in an access control list (ACL).

This function's purpose is to decide whether or not access to a specific item is granted. This function is used in action.php to decide whether or not to allow specific actions (e.g. 'delete') on an item. The decision is based on an access control list ($acl_list) that contains rules for access.

Parameters:
$item - item type (e.g. "book")
$id - id number of the item
$db - database handle
$acl_list - access control list (ACL)
$acl_list is an associative array, where the key is the item type, and the value is a string, containing a comma-separated list of statemensts.

Recognized statements in ACLs include:

Example for an ACL list:

     $acl_list = array (
   		"any" => 	"owner" 
   		"book" => 	"owner,role=admin" 
   		"url" =>  	"any" 
   		"article" =>  	"user=admin" 
     )

In this (fictional) example,

A statement's meaning can be negated by prepending an exclamation mark, e.g. "!owner" will allow access to anybody but the owner.

Ownership is decided based upon the result of the get_item_owner() function.

Definition at line 387 of file util.php.

References get_item_owner().

Referenced by do_action().

00387                                                {
00388         global $_SESSION;
00389 
00390         if (isset($acl_list[$item])) {
00391                 $acl = $acl_list[$item];
00392         } else if (isset($acl_list['any'])) {
00393                 $acl = $acl_list['any'];
00394         } else {
00395                 return FALSE;
00396         }
00397 
00398         foreach (split(',', $acl) as $a) {
00399 
00400                 list($k, $v) = split('=', $a);
00401 
00402                 $inverse = false;
00403 
00404                 switch($k) {
00405                 case "!owner":
00406                         $inverse = TRUE;
00407                 case "owner":
00408 
00409                         if ($id != "") {
00410                                 $u = $_SESSION['user'];
00411                                 $o = get_item_owner($item, $id, $db); 
00412                                 $ok = ($u['id'] == $o['id']);
00413                         }
00414 
00415                         break;
00416 
00417                 case "!role":
00418                         $inverse = TRUE;
00419                 case "role":
00420                         $u = $_SESSION['user'];
00421                         $ok = ($u['role_name'] == $v);
00422                         break;
00423 
00424                 case "!any":
00425                         $inverse = TRUE;
00426                 case "any":
00427                         $ok = TRUE;
00428                         break;
00429                 default:
00430                         user_error("acl syntax error: $k" , 
00431                         E_USER_ERROR); 
00432                 }
00433 
00434                 if ($inverse) {
00435                         $ok = (!$ok);
00436                 }
00437 
00438                 if ($ok) {
00439                         break;
00440                 }       
00441         }
00442 
00443         return $ok;
00444 }

Here is the call graph for this function:

check_input ( user_input,
validation_info,
strict_mode = TRUE 
)

check input data against a set of rules (regular expressions)

Parameters:
$user_input -- an associative array with input data, e.g. $_GET, $_POST, etc.
$validation_info -- an associative array that contains keys and regular expressions.
$user_input -- input data to be checked for validity
$strict_mode -- request stricter checking (see below).
Note:
$user_input is considered valid input data if the string $user_input[$k] matches the regular expression $validation_info[$k].

If there is a key $k in $user_input[], but $validation_info[$k] does not exist, it depends on the value of $strict_mode whether the validation fails.

Definition at line 31 of file util.php.

References $validation_info.

Referenced by del_item(), do_action(), do_login(), edit_item(), setpw(), show_collection(), show_index(), and view_email().

00031                                                                            {
00032 
00033         global $debug_level;
00034 
00035         $err_info = array();
00036 
00037         foreach ($validation_info as $k => $dummy) {
00038                 if (!isset($user_input[$k])) {
00039                         $user_input[$k] = ""; 
00040                 }
00041         }
00042 
00043 
00044         if ($debug_level > 20) {
00045                 print "<hr><pre>";
00046                 print "check_input():\n\n";
00047         }
00048 
00049         foreach ($user_input as $k => $v) {
00050 
00051                 $type = gettype($v);
00052 
00053                 switch($type) {
00054 
00055                 case "string":
00056 
00057                         if (isset($validation_info[$k])) {
00058                                 $ok = preg_match($validation_info[$k], $v);
00059                         } else {
00060                                 $ok = ($strict_mode) ? FALSE : TRUE;
00061                         }
00062                         break;
00063 
00064                 case "array":
00065                         $ok = TRUE;
00066                         break;
00067 
00068                 default:
00069                         $ok = FALSE;
00070                 }
00071         
00072 
00073                 if ($debug_level > 20) {
00074                         print "key: $k\n" ;
00075                         print "value: $v\n" ;
00076                         print "regexp: " . $validation_info[$k]. "\n"; 
00077                         print "ok: " ;
00078                         print (($ok) ? "yes" : "no" ) . "\n\n"; 
00079                 }
00080 
00081 
00082                 if (!$ok) { 
00083                         $err_info[] = $k; 
00084                 }
00085         }
00086 
00087         if ($debug_level > 20) {
00088                 print "</pre></hr>";
00089         }
00090 
00091         return $err_info;
00092 }

do_template ( smarty,
template,
kw,
remember_me = FALSE 
)

Display a Smarty template.

This is a wrapper for the Smarty display() method, and is used throughout this program to handle things like standard headers and footers, debugging, etc.

Parameters:
$smarty -- a handle for the Smarty template engine
$template -- the file name for a template to be displayed
$kw -- an associative array. It's contents will be passed as Smarty variables.
$remember_me -- If $remember_me is true, the current URL will be stored in the PHP session variable $_SESSION['last_page'] for future reference. This can be used to implement a "go back" functionality, and is used in action.php.

Definition at line 111 of file util.php.

Referenced by del_item(), do_login(), edit_item(), send_reminder(), set_item_state(), setpw(), show_collection(), show_index(), show_users(), upload(), view_email(), and view_item().

00111                                                                      {
00112 
00113         global $_SESSION, $_SERVER, $debug_level;
00114         
00115         $smarty->compile_check = TRUE;
00116 
00117         # turn on debugging if so requested
00118 
00119         if ($debug_level > 5) {
00120                 $smarty->debugging = true;
00121         }
00122 
00123         # assign smarty variables
00124 
00125         foreach ($kw as $k => $v)  {
00126                 $smarty->assign($k, $v);
00127         }
00128 
00129         # add a header and a footer
00130 
00131         $smarty->display('header.tpl');
00132         $smarty->display($template);
00133         $smarty->display('footer.tpl');
00134 
00135         # clean up
00136 
00137         foreach ($kw as $k => $v)  {
00138                 $smarty->clear_assign($k, $v);
00139         }
00140 
00141         # remember current page
00142 
00143         if ($remember_me) {
00144                 $_SESSION['last_page'] = $_SERVER['REQUEST_URI'];
00145         }
00146 }

get_item_owner ( item,
id,
db 
)

determine the "owner" of an item

Parameters:
$item -- item type (e.g. "book")
$id -- item id
$db -- database handle
Returns:
an associative array that contains information about o the item's owner

Definition at line 190 of file util.php.

References sql_query().

Referenced by check_acl(), edit_item(), send_reminder(), and set_item_state().

00190                                           {
00191 
00192         switch($item) {
00193 
00194                 case "user":
00195                         $p = array ( tables => "user,degree", 
00196                         columns => "user.*,degree.description AS degree_description",
00197                         cond => "user.id = $id AND degree.id = user.degree_id");
00198                         $ans = sql_query('select',$p, $db);
00199 
00200                         if (empty($ans)) {
00201                                 user_error("database query failed" , 
00202                                 E_USER_ERROR); 
00203                         }
00204 
00205                         $user = $ans[0];
00206                         
00207                         break;
00208 
00209                 case "collection":
00210 
00211                         $p = array (tables => "collection",cond => "id = $id");
00212                         $ans = sql_query('select',$p, $db);
00213 
00214                         if (empty($ans)) {
00215                                 user_error("database query failed" , 
00216                                 E_USER_ERROR); 
00217                         }
00218 
00219                         $user = get_item_owner("user", $ans[0]['user_id'], $db);
00220                         break;
00221 
00222                 case "email":
00223 
00224                         $p = array (tables => "email", cond => "id = $id");
00225                         $ans = sql_query('select',$p, $db);
00226 
00227                         $user = get_item_owner("document", 
00228                                         $ans[0]['document_id'], $db);
00229                         break;
00230 
00231                 default:
00232                         $p = array (tables => "document",cond => "id = $id");
00233                         $ans = sql_query('select', $p, $db);
00234 
00235                         if (empty($ans)) {
00236                                 user_error("database query failed" , 
00237                                 E_USER_ERROR); 
00238                         }
00239 
00240                         $user = get_item_owner("collection", 
00241                                 $ans[0]['collection_id'], $db);
00242                         break;
00243         }
00244 
00245         return $user;
00246 }

Here is the call graph for this function:

get_new_expiry_date (  ) 

Suggest an expiry date.

This function suggests a date in the future for expiry of a document collection (usually the end of next term).

Returns:
the suggested expiry date, in the format "YYYYMMDD"
Warning:
This function contains hard-coded dates. At our site, summer term ends in September, and winter term ends in March. Your mileage may vary.

Definition at line 298 of file util.php.

Referenced by edit_item(), extend_loan(), and set_item_state().

00298                                {
00299 
00300         # At TU Braunschweig, the semester ends on March and September, so 
00301         # we choose the beginning of the next semester as an expiration date.
00302 
00303         $t = getdate();
00304 
00305         $t['mday'] = 1; 
00306 
00307         if ($t['mon'] <= 2) { 
00308                 $t['mon'] = 4; 
00309         } else if ($t['mon'] <= 7) { 
00310                 $t['mon'] = 10; 
00311         } else {
00312                 $t['mon'] = 4; 
00313                 $t['year']++; 
00314         }
00315 
00316         $ans = sprintf("%04d%02d%02d", $t['year'] , $t['mon'] , $t['mday']);
00317         
00318         return $ans;
00319 
00320 }

guess_mime_type ( fn  ) 

guess a mime type from a file name

Parameters:
$fn -- file name
Returns:
mime type
This function uses the $mime_types[] table defined in const.php.

Definition at line 506 of file util.php.

References $mime_types.

Referenced by view_item().

00506                               {
00507         global $mime_types;
00508 
00509         #normalize filename
00510 
00511         $fn = strtolower(basename(strtolower($fn)));
00512 
00513         $mime_type='application/octet-stream'; # catch-all
00514 
00515         foreach ($mime_types as $preg => $value ) {
00516                 if (preg_match($preg, $fn) > 0) {
00517                         $mime_type = $value;
00518                         break;
00519                 } 
00520         }
00521         
00522         return $mime_type;
00523 }

send_email ( smarty,
template,
kw,
email_to 
)

Send an email, using a Smarty template as the body text.

Parameters:
$smarty -- a handle for the Smarty template engine
$template -- the file name for a template to be used as the email body
$kw -- an associative array. It's contents will be passed to the e-mail template via Smarty variables.
$email_to -- the recipient's email address

Definition at line 258 of file util.php.

Referenced by edit_item(), report(), send_reminder(), and set_item_state().

00258                                                          {
00259 
00260         global $_SESSION, $default_email_from, $default_email_subject;
00261 
00262         $email_from = $default_email_from;
00263 
00264         if (isset($_SESSION['user'])) {
00265 
00266                 $u = $_SESSION['user'];
00267                 $email_from =   $u['forename'] . " " . $u['surname'] .  
00268                                 " <" . $u['email'] . ">";
00269 
00270         }
00271 
00272         foreach ($kw as $k => $v)  {
00273                 $smarty->assign($k, $v);
00274         }
00275 
00276         $email_txt = $smarty->fetch($template); 
00277 
00278 
00279         foreach ($kw as $k => $v)  {
00280                 $smarty->clear_assign($k, $v);
00281         }
00282 
00283         $headers = "From: $email_from\r\n\r\n";
00284         mail(  $email_to, $default_email_subject, $email_txt, $headers);
00285 }

set_random_pw ( uid,
dblink 
)

Set a random password for a user account.

Parameters:
$uid -- user id that needs a new password
$dblin -- database handle
Returns:
the new password
The password consists of six random lower-case letters and digits.

Definition at line 454 of file util.php.

References sql_query().

Referenced by send_reminder(), and set_item_state().

00454                                       {
00455  
00456         $keychars = "abcdefghijklmnopqrstuvwxyz0123456789";
00457         $length = 6;
00458 
00459         $passwd = "";
00460         $max=strlen($keychars)-1;
00461 
00462         for ($i=0 ; $i<=$length ; $i++) {
00463                 $passwd .= substr($keychars, rand(0, $max), 1);
00464         }
00465 
00466         $pw_crypt = "{SHA1}" . sha1($passwd);
00467 
00468         # set login / password
00469 
00470         $param = array (
00471                 "tables" => "user" ,
00472                 "data" => array ( "password" => $pw_crypt ), 
00473                  cond => "id = " . $uid,
00474         );
00475 
00476 
00477         sql_query('update', $param, $dblink);
00478 
00479         return $passwd;
00480 }

Here is the call graph for this function:

smarty_init (  ) 

initialize the Smarty template engine

Returns:
a Smarty handle

Definition at line 485 of file util.php.

Referenced by do_action(), do_login(), error_handler(), logout(), redirect(), show_collection(), show_help(), show_index(), and show_users().

00485                        {
00486         global $templates_compile_dir;
00487 
00488         $smarty =& new Smarty;
00489         $smarty->compile_check = true;
00490         #$smarty->debugging = true;
00491 
00492         # set paths
00493         $smarty->template_dir = "../templates";
00494         $smarty->compile_dir = $templates_compile_dir;
00495         $smarty->config_dir = "../configs";
00496 
00497         return $smarty;
00498 }

Generated on Fri Jul 14 17:39:00 2006 for semapp by  doxygen 1.4.7