MRBS - Meeting Room Booking System

From RavenWiki
Jump to navigationJump to search
The Raven-related software described on this page is NOT supported or maintained by University Information Services. It is provided here in the hope that it may be useful, but it may contain bugs and security vulnerabilities. It may be supported and maintained by others. You should evaluate whether it meets you particular needs before using it.

MRBS - Meeting Room Booking System, version 1.2.3

This is a very simple booking system that is OSS: MRBS Home Page

To use Raven authentication you could put in your own PHP code, or take the quicker approach and use Apache Raven authentication combined with a simple code change in session_php.inc, in the function "getUserName":

//        if (isset($HTTP_SESSION_VARS["UserName"]) && ($HTTP_SESSION_VARS["UserName"] != ""))
//            return $HTTP_SESSION_VARS["UserName"];
       if (isset($_SERVER['REMOTE_USER']) && ($_SERVER['REMOTE_USER'] != ""))
           return $_SERVER['REMOTE_USER'];

for version 1.2.4 the code is very similar, but with a few more { and } in it.


and this bit of configuration in config.inc.php :

$auth["session"] = "php";
$auth["type"] = "none";

The .htaccess file is very simple:

<Limit GET>
order deny,allow
deny from all
AuthType Ucam-WebAuth
Require valid-user
Satisfy any
</Limit>

From Martin Lucas-Smith:

You could probably simplifying this by adding to your .htaccess file:

php_value auto_prepend_file prepended.php

and creating a file prepended.php (as referenced above) which contains merely:

<?php $HTTP_SESSION_VARS['UserName'] = $_SERVER['REMOTE_USER']; ?>

I've not tried it but I suspect this would probably work. If it does work, it would have the benefit that you avoid having to make any changes to the code itself.

Hope that is useful.

Martin Lucas-Smith www.geog.cam.ac.uk/~mvl22 --mr349 15:58, 19 June 2008 (BST)


Two access levels (very simple)

Since everyone is logged in, listed admins should be level 2 (read-write everyone) with everyone else at level 1 (read-write own entries)

No code changes are necessary but add admin users in config.inc.php

Two access levels (simple)

Since everyone is logged in, listed admins should be level 2 (read-write everyone) with everyone else at level 0 (read-only) instead of 1 (read-write own entries)

In auth_none.inc function authGetUserLevel change:

   // Everybody else is access level '0'
   return 0;

and add admin users in config.inc.php

Three access levels

not-tested --mr349 16:32, 19 June 2008 (BST)

Listed admins should be level 2 (read-write everyone) with listed users at level 1 (read-write own entries) and everyone else at level 0 (read-only)

In auth_none.inc function authGetUserLevel

function authGetUserLevel($user, $lev2_admin, $lev1_admin) {

   // User not logged in, user level '0'
   if(!isset($user))
   return 0;
   // Check if the user is level '2'
   for($i = 0; isset($lev2_admin[$i]); $i++)
   {
   if(strcasecmp($user, $lev2_admin[$i]) == 0)
       return 2;
   }
   // Check if the user is level '1'
   for($i = 0; isset($lev1_admin[$i]); $i++)
   {
   if(strcasecmp($user, $lev1_admin[$i]) == 0)
       return 1;
   }
   // Everybody else is access level '0'
   return 0;

}

In mrbs_auth.inc function getAuthorised change:

   return authGetUserLevel($user, $auth["admin"], $auth["mortal"]) >= $level;

and add both admin and mortal users in config.inc.php


MRBS version 1.4.1

https://www.physiol.ox.ac.uk/~trp/webauth-mrbs/


MRBS version 1.4.5

edit config.inc.php and add this to the end, before ?> :

$auth['session']  = 'remote_user';
$auth['type'] = 'none';

Also define admin users like so:

$auth["admin"][] = "mr349";

For authenticated (Raven) users to have readonly authorisation edit auth_none.inc:

  // Everybody else is access level '1'
# return 1;
# mr349, access level 0 please
  return 0;
}