"- uncnown -","userid"=>0); $USER_RIGHTS = array(); if(isset($_COOKIE["sessionid"])) $sessionid = $_COOKIE["sessionid"]; else unset($sessionid); if(isset($sessionid)) { $sql = "select u.* from sessions s,users u". " where s.sessionid=".zbx_dbstr($sessionid)." and s.userid=u.userid". " and ((s.lastaccess+u.autologout>".time().") or (u.autologout=0))"; } else { $sql = "select u.* from users u where u.alias='guest'"; } $db_users = DBselect($sql); if(DBnum_rows($db_users) == 1) { if(isset($sessionid)) { setcookie("sessionid",$sessionid); DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); } $USER_DETAILS = DBfetch($db_users); $USER_RIGHTS = array(); $db_rights = DBselect("select * from rights where userid=".$USER_DETAILS["userid"]); while($db_right = DBfetch($db_rights)) { $usr_right = array( "name"=> $db_right["name"], "id"=> $db_right["id"], "permission"=> $db_right["permission"] ); array_push($USER_RIGHTS,$usr_right); } return; } // Incorrect login if(isset($sessionid)) { setcookie("sessionid",$sessionid,time()-3600); unset($_COOKIE["sessionid"]); } //TODO make a javascript function for redirection!!! if($page["file"]!="index.php") { echo ""; exit; } show_header("Login",0,0,1); show_error_message("Login name or password is incorrect"); insert_login_form(); show_page_footer(); //Redirect("index.php"); //TODO make a javascript function for redirection!!! //END TODO exit; } function permission2int($permission) { $int_rights = array( "A" => 3, "U" => 2, "R" => 1, "H" => 0 ); if(isset($int_rights[$permission])) return ($int_rights[$permission]); return ($int_rights["R"]); } function permission_min($permission1, $permission2) // NOTE: only for integer permissions !!! see: permission2int { if(is_null($permission1) && is_null($permission2)) return NULL; if(is_null($permission1)) return $permission2; if(is_null($permission2)) return $permission1; return min($permission1,$permission2); } function permission_max($permission1, $permission2) // NOTE: only for integer permissions !!! see: permission2int { if(is_null($permission1) && is_null($permission2)) return NULL; if(is_null($permission1)) return $permission2; if(is_null($permission2)) return $permission1; return max($permission1,$permission2); } function check_right($right,$permission,$id = GROUP_RIGHT) { global $USER_RIGHTS; $default_permission = permission2int("H"); $group_permission = NULL; $id_permission = NULL; $any_permission = NULL; $permission = permission2int($permission); if(count($USER_RIGHTS) > 0) { foreach($USER_RIGHTS as $usr_right) { $int_permision = permission2int($usr_right["permission"]); if($usr_right["name"] == $right) { if($usr_right["id"] == $id) $id_permission = permission_max($id_permission, $int_permision); if($usr_right["id"] == GROUP_RIGHT) $group_permission = permission_max($group_permission, $int_permision); else $any_permission = permission_max($any_permission, $int_permision); } if($usr_right["name"] == 'Default permission') { $default_permission = permission_max($default_permission, $int_permision); } } } if($id == ANY_ELEMENT_RIGHT) $access = $any_permission; else $access = $id_permission; if(is_null($access)) $access = $group_permission; if(is_null($access)) $access = $default_permission; //SDI($right.": ".$access." >= ".$permission); return (($access >= $permission) ? 1 : 0); } function check_anyright($right,$permission) { return check_right($right,$permission, ANY_ELEMENT_RIGHT); } ?>