glFusion Wiki

Site Tools


glfusion:development:api:sec:functions

SEC_ Functions

SEC_addUserToGroup

boolean SEC_addUserToGroup( string $uid, string $gname)

Add user to a group

Parameters

string $uid Their user id
string $gname The group name

Return

status, true or false

top

SEC_authenticate

int SEC_authenticate( string $username, string $password, &$uid, int $uid)

Checks a users username and password against the database. Returns users status.

Parameters

string $username who is logging in?
string $password what they claim is their password
int $uid This is an OUTPUT param, pass by ref, sends back UID inside it.
&$uid

Return

user status, -1 for fail

top

SEC_buildAccessSql

string SEC_buildAccessSql( [string $clause = 'AND'])

Common function used to build group access SQL

Parameters

string $clause Optional parm 'WHERE' - default is 'AND'

Return

Formatted SQL string to be appended in calling script SQL statement

top

SEC_checkToken

boolean SEC_checkToken( )

Check a security token.

Checks the POST and GET data for a security token, if one exists, validates that it's for this user and URL.

Return

true if the token is valid and for this user.

top

SEC_checkUserStatus

int SEC_checkUserStatus( int $userid)

Return the current user status for a user.

NOTE: May not return for banned/non-approved users.

Parameters

int $userid Valid uid value.

Return

user status, 0-3

Notes

May not return for banned/non-approved users.

top

SEC_collectRemoteAuthenticationModules

array SEC_collectRemoteAuthenticationModules( )

Return available modules for Remote Authentication

Return

Names of available remote authentication modules

top

SEC_createToken

string SEC_createToken( [$ttl $ttl = 1200])

Generate a security token.

This generates and stores a one time security token. Security tokens are added to forms and urls in the admin section as a non-cookie double-check that the admin user really wanted to do that…

Parameters

$ttl $ttl int Time to live for token in seconds. Default is 20 minutes.

Return

Generated token, it'll be an MD5 hash (32chars)

top

SEC_encryptPassword

string SEC_encryptPassword( string $password)

Encrypt password

For now, this is only a wrapper function to get all the direct calls to md5() out of the core code so that we can switch to another method of encoding / encrypting our passwords in some future release …

Parameters

string $password the password to encrypt, in clear text

Return

encrypted password

top

SEC_getFeatureGroup

int SEC_getFeatureGroup( string $feature, [int $uid = ''])

Return the group to a given feature.

Scenario: We have a feature and we want to know from which group the user got this feature. Always returns the lowest group ID, in case the feature has been inherited from more than one group.

Parameters

string $feature the feature, e.g 'story.edit'
int $uid (optional) user ID

Return

group ID or 0

top

SEC_getGroupDropdown

string SEC_getGroupDropdown( int $group_id, int $access)

Create a group dropdown

Creates the group dropdown menu that's used on pretty much every admin page

Parameters

int $group_id current group id (to be selected)
int $access access permission

Return

HTML for the dropdown

top

SEC_getPermissionsHTML

string SEC_getPermissionsHTML( int $perm_owner, int $perm_group, int $perm_members, int $perm_anon)

Shows security control for an object

This will return the HTML needed to create the security control see on the admin screen for GL objects (i.e. stories, etc)

Parameters

int $perm_owner Permissions the owner has 1 = edit 2 = read 3 = read/edit
int $perm_group Permission the group has
int $perm_members Permissions logged in members have
int $perm_anon Permissions anonymous users have

Return

needed HTML (table) in HTML $perm_owner = array of permissions [edit,read], etc edit = 1 if permission, read = 2 if permission

top

SEC_getPermissionValue

int SEC_getPermissionValue( array $perm_x)

Converts permission array into numeric value

This function converts an array of permissions for either the owner/group/members/anon and returns the numeric equivalent. This is typically called by the admin screens to prepare the permissions to be save to the database

Parameters

array $perm_x Array of permission values

Return

int representation of a permission array 2 = read 3 = edit/read

See Also

SEC_getPermissionValues()

top

SEC_getPermissionValues

array SEC_getPermissionValues( array $perm_owner, array $perm_group, array $perm_members, array $perm_anon)

Converts permissions to numeric values

This function will take all permissions for an object and get the numeric value that can then be used to save the database.

Parameters

array $perm_owner Array of owner permissions These arrays are set up by SEC_getPermissionsHTML
array $perm_group Array of group permissions
array $perm_members Array of member permissions
array $perm_anon Array of anonymous user permissions

Return

returns numeric equivalent for each permissions array (2 = read, 3=edit/read)

See Also

SEC_getPermissionValue()

SEC_getPermissionsHTML()

top

SEC_getUserGroups

array SEC_getUserGroups( [int $uid = ''])

Returns the groups a user belongs to

This is part of the GL security implementation. This function returns all the groups a user belongs to. This function is called recursively as groups can belong to other groups

Note: this is an expensive function – if you are concerned about speed it should only be used once at the beginning of a page. The resulting array $_GROUPS can then be used through out the page.

Parameters

int $uid User ID to get information for. If empty current user.

Return

Associative Array grp_name → ug_main_grp_id of group ID's user belongs to

Notes

this is an expensive function – if you are concerned about speed it should only be used once at the beginning of a page. The resulting array $_GROUPS can then be used through out the page.

top

SEC_getUserPermissions

string SEC_getUserPermissions( [int $grp_id = ''], [int $uid = ''])

Gets everything a user has permissions to within the system

This is part of the glFusion security implementation. This function will get all the permissions the current user has. Calls itself recursively.

Parameters

int $grp_id DO NOT USE (Used for recursion) Current group function is working on
int $uid User to check, if empty current user.

Return

returns comma delimited list of features the user has access to

top

SEC_groupIsRemoteUserAndHaveAccess

boolean SEC_groupIsRemoteUserAndHaveAccess( groupid $groupid, groups $groups)

Checks to see if a user has admin access to the “Remote Users” group

Admin users will probably not be members, but, User Admin, Root, and group admin will have access to it. However, we can not be sure what the group id for “Remote User” group is, because it's a later static group, and upgraded systems could have it in any id slot.

Parameters

groupid $groupid int The id of a group, which might be the remote users group
groups $groups array Array of group ids the user has access to.

top

SEC_hasAccess

int SEC_hasAccess( int $owner_id, int $group_id, int $perm_owner, int $perm_group, int $perm_members, int $perm_anon)

Checks if current user has access to the given object

This function takes the access info from a glFusion object and let's us know if they have access to the object returns 3 for read/edit, 2 for read only and 0 for no access

Parameters

int $owner_id ID of the owner of object
int $group_id ID of group object belongs to
int $perm_owner Permissions the owner has
int $perm_group Permissions the gorup has
int $perm_members Permissions logged in members have
int $perm_anon Permissions anonymous users have

Return

returns 3 for read/edit 2 for read only 0 for no access

top

SEC_hasRights

boolean SEC_hasRights( string|array $features, [string $operator = 'AND'])

Checks if current user has rights to a feature

Takes either a single feature or an array of features and returns an array of whether the user has those rights

Parameters

string|array $features Features to check
string $operator Either 'and' or 'or'. Default is 'and'. Used if checking more than one feature.

Return

Return true if current user has access to feature(s), otherwise false.

top

SEC_hasTopicAccess

int SEC_hasTopicAccess( string $tid)

Checks to see if current user has access to a topic

Checks to see if current user has access to a topic

Parameters

string $tid ID for topic to check on

Return

returns 3 for read/edit 2 for read only 0 for no access

top

SEC_inGroup

boolean SEC_inGroup( string $grp_to_verify, [int $uid = ''], [string $cur_grp_id = ''])

Determines if user belongs to specified group

This is part of the glFusion security implementation. This function looks up whether a user belongs to a specified group

Parameters

string $grp_to_verify Group we want to see if user belongs to
int $uid ID for user to check. If empty current user.
string $cur_grp_id NOT USED Current group we are working with in hierarchy

Return

true if user is in group, otherwise false

top

SEC_isModerator

boolean SEC_isModerator( )

Determines if current user is a moderator of any kind

Checks to see if this user is a moderator for any of the GL features OR GL plugins

Return

return: returns if user has any .moderate rights

top

SEC_remoteAuthentication

int SEC_remoteAuthentication( &$loginname, string $passwd, $service, &$uid, string $loginname, string $server, string $uid)

Check to see if we can authenticate this user with a remote server

A user has not managed to login localy, but has an @ in their user name and we have enabled distributed authentication. Firstly, try to see if we have cached the module that we used to authenticate them when they signed up (i.e. they've actualy changed their password elsewhere and we need to synch.) If not, then try to authenticate them with /every/ authentication module. If this suceeds, create a user for them.

Parameters

string $loginname Their username
string $passwd The password entered
string $server The server portion of $username
string $uid OUTPUT parameter, pass it by ref to get uid back.
&$loginname
$service
&$uid

Return

user status, -1 for fail.

top

SEC_removeFeatureFromDB

void SEC_removeFeatureFromDB( string $feature_name, [boolean $logging = false])

Remove a feature from the database entirely.

This function can be used by plugins during uninstall.

Parameters

string $feature_name name of the feature, e.g. 'foo.edit'
boolean $logging whether to log progress in error.log

top

SEC_setCookie

void SEC_setCookie( string $name, string $value, [int $expire = 0], [string $path = null], [string $domain = null], [bool $secure = null])

Set a cookie using the HttpOnly flag

Use this function to set “important” cookies (session, password, …). Browsers that support the HttpOnly flag will not allow JavaScript access to such a cookie.

Parameters

string $name cookie name
string $value cookie value
int $expire expire time
string $path path on the server or $_CONF['cookie_path']
string $domain domain or $_CONF['cookiedomain']
bool $secure whether to use HTTPS or $_CONF['cookiesecure']

top

SEC_setDefaultPermissions

void SEC_setDefaultPermissions( &$A, [array $use_permissions = array ()], array $A)

Set default permissions for an object

Parameters

array $A target array
array $use_permissions permissions to set
&$A
glfusion/development/api/sec/functions.txt · Last modified: 2017/04/12 21:15 (external edit)

Page Tools