Introduced IP based access control for groups.

[timetracker.git] / WEB-INF / lib / common.lib.php

diff --git a/WEB-INF/lib/common.lib.php b/WEB-INF/lib/common.lib.php
index 5621492228ff0f780510be76ccfeb80b22b4b19f..210ec41cd14cae02784ad85a65c04877f9e37f73 100644 (file)
--- a/WEB-INF/lib/common.lib.php
+++ b/WEB-INF/lib/common.lib.php
@@ -325,30 +325,9 @@ function ttValidCondition($val, $emptyValid = true)
   return true;
 }
 
   return true;
 }
 

-// ttAccessCheck is used to check whether user is allowed to proceed. This function is used
-// as an initial check on all publicly available pages.
-function ttAccessCheck($required_rights)
-{
-  global $auth;
-  global $user;
-  
-  // Redirect to login page if user is not authenticated.
-  if (!$auth->isAuthenticated()) {
-    header('Location: login.php');
-    exit();
-  }
-  
-  // Check rights.
-  if (!($required_rights & $user->rights_mask))
-    return false;
-    
-  return true;
-}
-

 // ttAccessAllowed checks whether user is allowed access to a particular page.
 // ttAccessAllowed checks whether user is allowed access to a particular page.

-// This function is a replacement for ttAccessCheck above as part of roles revamp.
-// To be used as an initial check on all publicly available pages
-// (except login.php and register.php where we don't have to check).
+// It is used as an initial check on all publicly available pages
+// (except login.php, register.php, and others where we don't have to check).

 function ttAccessAllowed($required_right)
 {
   global $auth;
 function ttAccessAllowed($required_right)
 {
   global $auth;


@@ -360,9 +339,27 @@ function ttAccessAllowed($required_right)
     exit();
   }
 
     exit();
   }
 

+  // Check IP restriction, if set.
+  if ($user->allow_ip && !$user->can('override_allow_ip')) {
+    $access_allowed = false;
+    $user_ip = $_SERVER['REMOTE_ADDR'];
+    $allowed_ip_array = explode(',', $user->allow_ip);
+    foreach ($allowed_ip_array as $allowed_ip) {
+      $len = strlen($allowed_ip);
+      if (substr($user_ip, 0, $len) === $allowed_ip) {
+         $access_allowed = true;
+         break;
+      }
+    }
+    if (!$access_allowed) return false;
+  }
+

   // Check if user has the right.
   // Check if user has the right.

-  if (in_array($required_right, $user->rights))
+  if (in_array($required_right, $user->rights)) {
+    import('ttUserHelper');
+    ttUserHelper::updateLastAccess();

     return true;
     return true;

+  }

 
   return false;
 
   return false;

-}
\ No newline at end of file
+}