Source for file QueryFilterAuthzEngine.php
Documentation is available at QueryFilterAuthzEngine.php
* @copyright Copyright 2005-2010 RedIRIS, http://www.rediris.es/
* This file is part of phpPoA2.
* phpPoA2 is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* phpPoA2 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with phpPoA2. If not, see <http://www.gnu.org/licenses/>.
* @license http://www.gnu.org/licenses/gpl.html GNU General Public License
* @author Jaime Perez <jaime.perez@rediris.es>
* This hook is executed right after retrieving the current URI, the params (both GET and POST) and
* the arrays of allowed and denied patterns that will be checked inmediately.
* It can be used to alter parameters and the URL, and also to configure the filters on runtime.
* The hook receives the URI string, an array of parameters, the allowed and the denied patterns.
* Functions for this hook must be defined like this:
* function queryBeforeFilterHook(&$uri, &$params, &$allowed, &$denied);
* Please bear in mind that hooks must return TRUE or they'll keep other hooks from executing.
define("QUERY_BEFORE_FILTERS", "QUERY_BEFORE_FILTERS");
* Authorization engine that works by checking the query string of the request.
* @subpackage QueryFilterAuthorizationEngine
$uri = $_SERVER['SERVER_NAME']. $_SERVER['REQUEST_URI'];
$params = $this->getQueryParams();
$allowed = $this->cfg->getAllowedPatterns();
$denied = $this->cfg->getDeniedPatterns();
// run hook before checking patterns
$args = array($uri, $params, $allowed, $denied);
// check patterns against the current URI
foreach ($allowed as $pattern) { // allowed URIs
trigger_error(msg('allowed-pattern-match', array($uri, $pattern)), E_USER_WARNING);
foreach ($denied as $pattern) {
trigger_error(msg('denied-pattern-match', array($uri, $pattern)), E_USER_WARNING);
// check patterns against the request params
foreach ($params as $param) {
foreach ($allowed as $pattern) {
trigger_error(msg('allowed-pattern-match', array($param, $pattern)), E_USER_WARNING);
foreach ($denied as $pattern) {
trigger_error(msg('denied-pattern-match', array($param, $pattern)), E_USER_WARNING);
return $this->cfg->getDefaultBehaviour();
return $this->cfg->getAllowedPatterns();
public function getPendingInvites() {
public function authorize($user, $attrs, $ref, $expires = 0) {
public function revoke($mail) {
public function invite($mail, $expires = 0) {
public function removeInvite($ref) {
* Get all the parameters of the current query, either
private function getQueryParams() {
$data = explode("&", $_SERVER['QUERY_STRING']);
if ($_SERVER['REQUEST_METHOD'] === "POST") {
|