[171] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | * ACL.inc.php |
---|
| 4 | * |
---|
| 5 | * Uses the ARO/ACO/AXO model of Access Control Lists. |
---|
| 6 | * Includes a command-line tool for managing rights. |
---|
| 7 | * |
---|
| 8 | * Code by Strangecode :: www.strangecode.com :: This document contains copyrighted information. |
---|
| 9 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 10 | * @version 1.0 |
---|
| 11 | * @since 14 Jun 2006 22:35:11 |
---|
| 12 | */ |
---|
| 13 | |
---|
| 14 | class ACL { |
---|
| 15 | |
---|
| 16 | // Configuration parameters for this object. |
---|
| 17 | var $_params = array( |
---|
| 18 | |
---|
| 19 | // Automatically create table and verify columns. Better set to false after site launch. |
---|
| 20 | 'create_table' => false, |
---|
| 21 | ); |
---|
| 22 | |
---|
| 23 | /** |
---|
| 24 | * Prefs constructor. |
---|
| 25 | */ |
---|
| 26 | function ACL() |
---|
| 27 | { |
---|
| 28 | $app =& App::getInstance(); |
---|
| 29 | |
---|
| 30 | // Get create tables config from global context. |
---|
| 31 | if (!is_null($app->getParam('db_create_tables'))) { |
---|
| 32 | $this->setParam(array('create_table' => $app->getParam('db_create_tables'))); |
---|
| 33 | } |
---|
| 34 | } |
---|
| 35 | |
---|
| 36 | /** |
---|
| 37 | * This method enforces the singleton pattern for this class. |
---|
| 38 | * |
---|
| 39 | * @return object Reference to the global ACL object. |
---|
| 40 | * @access public |
---|
| 41 | * @static |
---|
| 42 | */ |
---|
| 43 | function &getInstance() |
---|
| 44 | { |
---|
| 45 | static $instance = null; |
---|
| 46 | |
---|
| 47 | if ($instance === null) { |
---|
| 48 | $instance = new ACL(); |
---|
| 49 | } |
---|
| 50 | |
---|
| 51 | return $instance; |
---|
| 52 | } |
---|
| 53 | |
---|
| 54 | /** |
---|
| 55 | * Set (or overwrite existing) parameters by passing an array of new parameters. |
---|
| 56 | * |
---|
| 57 | * @access public |
---|
| 58 | * |
---|
| 59 | * @param array $params Array of parameters (key => val pairs). |
---|
| 60 | */ |
---|
| 61 | function setParam($params) |
---|
| 62 | { |
---|
| 63 | $app =& App::getInstance(); |
---|
| 64 | |
---|
| 65 | if (isset($params) && is_array($params)) { |
---|
| 66 | // Merge new parameters with old overriding only those passed. |
---|
| 67 | $this->_params = array_merge($this->_params, $params); |
---|
| 68 | } else { |
---|
| 69 | $app->logMsg(sprintf('Parameters are not an array: %s', $params), LOG_ERR, __FILE__, __LINE__); |
---|
| 70 | } |
---|
| 71 | } |
---|
| 72 | |
---|
| 73 | /** |
---|
| 74 | * Return the value of a parameter, if it exists. |
---|
| 75 | * |
---|
| 76 | * @access public |
---|
| 77 | * @param string $param Which parameter to return. |
---|
| 78 | * @return mixed Configured parameter value. |
---|
| 79 | */ |
---|
| 80 | function getParam($param) |
---|
| 81 | { |
---|
| 82 | $app =& App::getInstance(); |
---|
| 83 | |
---|
| 84 | if (isset($this->_params[$param])) { |
---|
| 85 | return $this->_params[$param]; |
---|
| 86 | } else { |
---|
| 87 | $app->logMsg(sprintf('Parameter is not set: %s', $param), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 88 | return null; |
---|
| 89 | } |
---|
| 90 | } |
---|
| 91 | |
---|
| 92 | /** |
---|
| 93 | * Setup the database table for this class. |
---|
| 94 | * |
---|
| 95 | * @access public |
---|
| 96 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 97 | * @since 04 Jun 2006 16:41:42 |
---|
| 98 | */ |
---|
| 99 | function initDB($recreate_db=false) |
---|
| 100 | { |
---|
| 101 | $app =& App::getInstance(); |
---|
| 102 | $db =& DB::getInstance(); |
---|
| 103 | |
---|
| 104 | static $_db_tested = false; |
---|
| 105 | |
---|
| 106 | if ($recreate_db || !$_db_tested && $this->getParam('create_table')) { |
---|
| 107 | |
---|
| 108 | if ($recreate_db) { |
---|
| 109 | $db->query("DROP TABLE IF EXISTS acl_tbl"); |
---|
| 110 | $db->query("DROP TABLE IF EXISTS aro_tbl"); |
---|
| 111 | $db->query("DROP TABLE IF EXISTS aco_tbl"); |
---|
| 112 | $db->query("DROP TABLE IF EXISTS axo_tbl"); |
---|
| 113 | $app->logMsg(sprintf('Dropping and recreating tables acl_tbl, aro_tbl, aco_tbl, axo_tbl.', null), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 114 | } |
---|
| 115 | |
---|
| 116 | // acl_tbl |
---|
| 117 | $db->query("CREATE TABLE IF NOT EXISTS acl_tbl ( |
---|
| 118 | aro_id SMALLINT(11) UNSIGNED NOT NULL DEFAULT '0', |
---|
| 119 | aco_id SMALLINT(11) UNSIGNED NOT NULL DEFAULT '0', |
---|
| 120 | axo_id SMALLINT(11) UNSIGNED NOT NULL DEFAULT '0', |
---|
| 121 | access ENUM('allow', 'deny') DEFAULT NULL, |
---|
| 122 | added_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', |
---|
| 123 | UNIQUE KEY (aro_id, aco_id, axo_id), |
---|
| 124 | KEY (access) |
---|
| 125 | ) ENGINE=MyISAM |
---|
| 126 | "); |
---|
| 127 | if (!$db->columnExists('acl_tbl', array( |
---|
| 128 | 'aro_id', |
---|
| 129 | 'aco_id', |
---|
| 130 | 'axo_id', |
---|
| 131 | 'access', |
---|
| 132 | 'added_datetime', |
---|
| 133 | ), false, false)) { |
---|
| 134 | $app->logMsg(sprintf('Database table acl_tbl has invalid columns. Please update this table manually.', null), LOG_ALERT, __FILE__, __LINE__); |
---|
| 135 | trigger_error(sprintf('Database table acl_tbl has invalid columns. Please update this table manually.', null), E_USER_ERROR); |
---|
| 136 | } |
---|
| 137 | |
---|
| 138 | // The tuples of objects. |
---|
| 139 | foreach (array('aro', 'aco', 'axo') as $a_o) { |
---|
| 140 | // Each of these uses Modified Preorder Tree Traversal to maintain a tree-structure in a flat format. |
---|
| 141 | // See: http://www.sitepoint.com/print/hierarchical-data-database |
---|
| 142 | $db->query("CREATE TABLE IF NOT EXISTS {$a_o}_tbl ( |
---|
| 143 | {$a_o}_id SMALLINT UNSIGNED NOT NULL PRIMARY KEY AUTO_INCREMENT, |
---|
| 144 | name VARCHAR(32) NOT NULL DEFAULT '', |
---|
| 145 | lft MEDIUMINT(9) UNSIGNED NOT NULL DEFAULT '0', |
---|
| 146 | rgt MEDIUMINT(9) UNSIGNED NOT NULL DEFAULT '0', |
---|
| 147 | added_datetime DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00', |
---|
| 148 | UNIQUE name (name), |
---|
| 149 | KEY transversal (lft, rgt) |
---|
| 150 | ) ENGINE=MyISAM; |
---|
| 151 | "); |
---|
| 152 | |
---|
| 153 | $qid = $db->query("SELECT 1 FROM {$a_o}_tbl WHERE name = 'root'"); |
---|
| 154 | if (mysql_num_rows($qid) == 0) { |
---|
| 155 | // Insert root node data. |
---|
| 156 | $qid = $db->query("REPLACE INTO {$a_o}_tbl (name, lft, rgt, added_datetime) VALUES ('root', 1, 2, NOW())"); |
---|
| 157 | } |
---|
| 158 | |
---|
| 159 | if (!$db->columnExists("{$a_o}_tbl", array( |
---|
| 160 | "{$a_o}_id", |
---|
| 161 | 'name', |
---|
| 162 | 'lft', |
---|
| 163 | 'rgt', |
---|
| 164 | 'added_datetime', |
---|
| 165 | ), false, false)) { |
---|
| 166 | $app->logMsg(sprintf('Database table %s has invalid columns. Please update this table manually.', "{$a_o}_tbl"), LOG_ALERT, __FILE__, __LINE__); |
---|
| 167 | trigger_error(sprintf('Database table %s has invalid columns. Please update this table manually.', "{$a_o}_tbl"), E_USER_ERROR); |
---|
| 168 | } |
---|
| 169 | } |
---|
| 170 | } |
---|
| 171 | $_db_tested = true; |
---|
| 172 | } |
---|
| 173 | |
---|
| 174 | /* |
---|
| 175 | * |
---|
| 176 | * |
---|
| 177 | * @access public |
---|
| 178 | * @param |
---|
| 179 | * @return |
---|
| 180 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 181 | * @version 1.0 |
---|
| 182 | * @since 14 Jun 2006 22:39:29 |
---|
| 183 | */ |
---|
| 184 | function add($name, $parent=null, $type) |
---|
| 185 | { |
---|
| 186 | $app =& App::getInstance(); |
---|
| 187 | $db =& DB::getInstance(); |
---|
| 188 | |
---|
| 189 | $this->initDB(); |
---|
| 190 | |
---|
| 191 | switch ($type) { |
---|
| 192 | case 'aro' : |
---|
| 193 | $tbl = 'aro_tbl'; |
---|
| 194 | break; |
---|
| 195 | case 'aco' : |
---|
| 196 | $tbl = 'aco_tbl'; |
---|
| 197 | break; |
---|
| 198 | case 'axo' : |
---|
| 199 | $tbl = 'axo_tbl'; |
---|
| 200 | break; |
---|
| 201 | default : |
---|
| 202 | $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__); |
---|
| 203 | return false; |
---|
| 204 | break; |
---|
| 205 | } |
---|
| 206 | |
---|
| 207 | // If $parent is null, use root object. |
---|
| 208 | if (is_null($parent)) { |
---|
| 209 | $parent = 'root'; |
---|
| 210 | } |
---|
| 211 | |
---|
| 212 | // Ensure node and parent name aren't empty. |
---|
| 213 | if ('' == trim($name) || '' == trim($parent)) { |
---|
| 214 | $app->logMsg(sprintf('Cannot add node, parent (%s) or name (%s) missing.', $name, $parent), LOG_WARNING, __FILE__, __LINE__); |
---|
| 215 | return false; |
---|
| 216 | } |
---|
| 217 | |
---|
| 218 | // Ensure node is unique. |
---|
| 219 | $qid = $db->query("SELECT 1 FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); |
---|
| 220 | if (mysql_num_rows($qid) > 0) { |
---|
| 221 | $app->logMsg(sprintf('Cannot add %s node, name exists: %s', $type, $name), LOG_WARNING, __FILE__, __LINE__); |
---|
| 222 | return false; |
---|
| 223 | } |
---|
| 224 | |
---|
| 225 | // Select the rgt of $parent. |
---|
| 226 | $qid = $db->query("SELECT rgt FROM $tbl WHERE name = '" . $db->escapeString($parent) . "'"); |
---|
| 227 | if (!list($rgt) = mysql_fetch_row($qid)) { |
---|
| 228 | $app->logMsg(sprintf('Cannot add %s node to nonexistant parent: %s', $type, $parent), LOG_WARNING, __FILE__, __LINE__); |
---|
| 229 | return false; |
---|
| 230 | } |
---|
| 231 | // Update transversal numbers for all nodes to the rgt of $parent. |
---|
| 232 | $db->query("UPDATE $tbl SET lft = lft + 2 WHERE lft >= $rgt"); |
---|
| 233 | $db->query("UPDATE $tbl SET rgt = rgt + 2 WHERE rgt >= $rgt"); |
---|
| 234 | |
---|
| 235 | // Insert new node just below parent. Lft is parent's old rgt. |
---|
| 236 | $db->query(" |
---|
| 237 | INSERT INTO $tbl (name, lft, rgt, added_datetime) |
---|
| 238 | VALUES ('" . $db->escapeString($name) . "', $rgt, $rgt + 1, NOW()) |
---|
| 239 | "); |
---|
| 240 | |
---|
| 241 | $app->logMsg(sprintf('Added %s node %s to parent %s.', $type, $name, $parent), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 242 | return mysql_insert_id($db->getDBH()); |
---|
| 243 | } |
---|
| 244 | |
---|
| 245 | // Alias functions for the different object types. |
---|
| 246 | function addARO($name, $parent=null) |
---|
| 247 | { |
---|
| 248 | return $this->add($name, $parent, 'aro'); |
---|
| 249 | } |
---|
| 250 | function addACO($name, $parent=null) |
---|
| 251 | { |
---|
| 252 | return $this->add($name, $parent, 'aco'); |
---|
| 253 | } |
---|
| 254 | function addAXO($name, $parent=null) |
---|
| 255 | { |
---|
| 256 | return $this->add($name, $parent, 'axo'); |
---|
| 257 | } |
---|
| 258 | |
---|
| 259 | /* |
---|
| 260 | * |
---|
| 261 | * |
---|
| 262 | * @access public |
---|
| 263 | * @param |
---|
| 264 | * @return |
---|
| 265 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 266 | * @version 1.0 |
---|
| 267 | * @since 14 Jun 2006 22:39:29 |
---|
| 268 | */ |
---|
| 269 | function remove($name, $type) |
---|
| 270 | { |
---|
| 271 | $app =& App::getInstance(); |
---|
| 272 | $db =& DB::getInstance(); |
---|
| 273 | |
---|
| 274 | $this->initDB(); |
---|
| 275 | |
---|
| 276 | switch ($type) { |
---|
| 277 | case 'aro' : |
---|
| 278 | $tbl = 'aro_tbl'; |
---|
| 279 | break; |
---|
| 280 | case 'aco' : |
---|
| 281 | $tbl = 'aco_tbl'; |
---|
| 282 | break; |
---|
| 283 | case 'axo' : |
---|
| 284 | $tbl = 'axo_tbl'; |
---|
| 285 | break; |
---|
| 286 | default : |
---|
| 287 | $app->logMsg(sprintf('Invalid access object type: %s', $type), LOG_ERR, __FILE__, __LINE__); |
---|
| 288 | return false; |
---|
| 289 | break; |
---|
| 290 | } |
---|
| 291 | |
---|
| 292 | // Ensure node name isn't empty. |
---|
| 293 | if ('' == trim($name)) { |
---|
| 294 | $app->logMsg(sprintf('Cannot add node, name missing.', null), LOG_WARNING, __FILE__, __LINE__); |
---|
| 295 | return false; |
---|
| 296 | } |
---|
| 297 | |
---|
| 298 | // Select the lft of $name |
---|
| 299 | $qid = $db->query("SELECT lft, rgt FROM $tbl WHERE name = '" . $db->escapeString($name) . "'"); |
---|
| 300 | if (!list($lft, $rgt) = mysql_fetch_row($qid)) { |
---|
| 301 | $app->logMsg(sprintf('Cannot delete nonexistant %s name: %s', $type, $name), LOG_WARNING, __FILE__, __LINE__); |
---|
| 302 | return false; |
---|
| 303 | } |
---|
| 304 | |
---|
| 305 | // Remove node and all children of node. |
---|
| 306 | $db->query("DELETE FROM $tbl WHERE lft BETWEEN $lft AND $rgt"); |
---|
| 307 | $num_deleted_nodes = mysql_affected_rows($db->getDBH()); |
---|
| 308 | |
---|
| 309 | // Update transversal numbers for all nodes to the rgt of $parent, taking in to account the absence of it's children. |
---|
| 310 | $db->query("UPDATE $tbl SET lft = lft - ($rgt - $lft + 1) WHERE lft > $lft"); |
---|
| 311 | $db->query("UPDATE $tbl SET rgt = rgt - ($rgt - $lft + 1) WHERE rgt > $rgt"); |
---|
| 312 | |
---|
| 313 | $app->logMsg(sprintf('Removed %s node %s along with %s children.', $type, $name, $num_deleted_nodes), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 314 | return true; |
---|
| 315 | } |
---|
| 316 | |
---|
| 317 | // Alias functions for the different object types. |
---|
| 318 | function removeUser($name, $parent=null) |
---|
| 319 | { |
---|
| 320 | return $this->remove($name, $parent, 'aro'); |
---|
| 321 | } |
---|
| 322 | function removeAction($name, $parent=null) |
---|
| 323 | { |
---|
| 324 | return $this->remove($name, $parent, 'aco'); |
---|
| 325 | } |
---|
| 326 | function removeObject($name, $parent=null) |
---|
| 327 | { |
---|
| 328 | return $this->remove($name, $parent, 'axo'); |
---|
| 329 | } |
---|
| 330 | |
---|
| 331 | /* |
---|
| 332 | * |
---|
| 333 | * |
---|
| 334 | * @access public |
---|
| 335 | * @param |
---|
| 336 | * @return |
---|
| 337 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 338 | * @version 1.0 |
---|
| 339 | * @since 15 Jun 2006 01:58:48 |
---|
| 340 | */ |
---|
| 341 | function grant($aro=null, $aco=null, $axo=null, $access='allow') |
---|
| 342 | { |
---|
| 343 | $app =& App::getInstance(); |
---|
| 344 | $db =& DB::getInstance(); |
---|
| 345 | |
---|
| 346 | $this->initDB(); |
---|
| 347 | |
---|
| 348 | // If any access objects are null, assume using root values. |
---|
| 349 | $aro = is_null($aro) ? 'root' : $aro; |
---|
| 350 | $aco = is_null($aco) ? 'root' : $aco; |
---|
| 351 | $axo = is_null($axo) ? 'root' : $axo; |
---|
| 352 | |
---|
| 353 | // Ensure values exist. |
---|
| 354 | $qid = $db->query("SELECT aro_tbl.aro_id FROM aro_tbl WHERE aro_tbl.name = '" . $db->escapeString($aro) . "'"); |
---|
| 355 | if (!list($aro_id) = mysql_fetch_row($qid)) { |
---|
| 356 | $app->logMsg(sprintf('Grant failed, aro_tbl.name %s does not exist.', $aro), LOG_WARNING, __FILE__, __LINE__); |
---|
| 357 | return false; |
---|
| 358 | } |
---|
| 359 | $qid = $db->query("SELECT aco_tbl.aco_id FROM aco_tbl WHERE aco_tbl.name = '" . $db->escapeString($aco) . "'"); |
---|
| 360 | if (!list($aco_id) = mysql_fetch_row($qid)) { |
---|
| 361 | $app->logMsg(sprintf('Grant failed, aco_tbl.name %s does not exist.', $aco), LOG_WARNING, __FILE__, __LINE__); |
---|
| 362 | return false; |
---|
| 363 | } |
---|
| 364 | $qid = $db->query("SELECT axo_tbl.axo_id FROM axo_tbl WHERE axo_tbl.name = '" . $db->escapeString($axo) . "'"); |
---|
| 365 | if (!list($axo_id) = mysql_fetch_row($qid)) { |
---|
| 366 | $app->logMsg(sprintf('Grant failed, axo_tbl.name %s does not exist.', $axo), LOG_WARNING, __FILE__, __LINE__); |
---|
| 367 | return false; |
---|
| 368 | } |
---|
| 369 | |
---|
| 370 | // Access must be 'allow' or 'deny'. |
---|
| 371 | $allow = 'allow' == $access ? 'allow' : 'deny'; |
---|
| 372 | |
---|
| 373 | $db->query("REPLACE INTO acl_tbl VALUES ('$aro_id', '$aco_id', '$axo_id', '$allow', NOW())"); |
---|
| 374 | |
---|
| 375 | return true; |
---|
| 376 | } |
---|
| 377 | |
---|
| 378 | /* |
---|
| 379 | * |
---|
| 380 | * |
---|
| 381 | * @access public |
---|
| 382 | * @param |
---|
| 383 | * @return |
---|
| 384 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 385 | * @version 1.0 |
---|
| 386 | * @since 15 Jun 2006 04:35:54 |
---|
| 387 | */ |
---|
| 388 | function revoke($aro=null, $aco=null, $axo=null) |
---|
| 389 | { |
---|
| 390 | return $this->grant($aro, $aco, $axo, 'deny'); |
---|
| 391 | } |
---|
| 392 | |
---|
| 393 | /* |
---|
| 394 | * |
---|
| 395 | * |
---|
| 396 | * @access public |
---|
| 397 | * @param |
---|
| 398 | * @return |
---|
| 399 | * @author Quinn Comendant <quinn@strangecode.com> |
---|
| 400 | * @version 1.0 |
---|
| 401 | * @since 15 Jun 2006 03:58:23 |
---|
| 402 | */ |
---|
| 403 | function check($aro, $aco=null, $axo=null) |
---|
| 404 | { |
---|
| 405 | $app =& App::getInstance(); |
---|
| 406 | $db =& DB::getInstance(); |
---|
| 407 | |
---|
| 408 | $this->initDB(); |
---|
| 409 | |
---|
| 410 | // If any access objects are null, assume using root values. |
---|
| 411 | $aro = is_null($aro) ? 'root' : $aro; |
---|
| 412 | $aco = is_null($aco) ? 'root' : $aco; |
---|
| 413 | $axo = is_null($axo) ? 'root' : $axo; |
---|
| 414 | |
---|
| 415 | $qid = $db->query(" |
---|
| 416 | SELECT acl_tbl.access |
---|
| 417 | FROM acl_tbl |
---|
| 418 | LEFT JOIN aro_tbl ON (acl_tbl.aro_id = aro_tbl.aro_id) |
---|
| 419 | LEFT JOIN aco_tbl ON (acl_tbl.aco_id = aco_tbl.aco_id) |
---|
| 420 | LEFT JOIN axo_tbl ON (acl_tbl.axo_id = axo_tbl.axo_id) |
---|
| 421 | WHERE aro_tbl.lft <= (SELECT lft FROM aro_tbl WHERE name = '" . $db->escapeString($aro) . "') |
---|
| 422 | AND aco_tbl.lft <= (SELECT lft FROM aco_tbl WHERE name = '" . $db->escapeString($aco) . "') |
---|
| 423 | AND axo_tbl.lft <= (SELECT lft FROM axo_tbl WHERE name = '" . $db->escapeString($axo) . "') |
---|
| 424 | ORDER BY aro_tbl.aro_id DESC, aco_tbl.aco_id DESC, axo_tbl.axo_id DESC |
---|
| 425 | LIMIT 1 |
---|
| 426 | "); |
---|
| 427 | if (!list($access) = mysql_fetch_row($qid)) { |
---|
| 428 | $app->logMsg(sprintf('Access denyed: %s -> %s -> %s. No records found.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 429 | return false; |
---|
| 430 | } |
---|
| 431 | |
---|
| 432 | if ('allow' == $access) { |
---|
| 433 | $app->logMsg(sprintf('Access granted: %s -> %s -> %s.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 434 | return true; |
---|
| 435 | } else { |
---|
| 436 | $app->logMsg(sprintf('Access denyed: %s -> %s -> %s.', $aro, $aco, $axo), LOG_DEBUG, __FILE__, __LINE__); |
---|
| 437 | return false; |
---|
| 438 | } |
---|
| 439 | } |
---|
| 440 | |
---|
| 441 | } // End class. |
---|
| 442 | |
---|
| 443 | |
---|
| 444 | ?> |
---|