]>
Commit | Line | Data |
---|---|---|
6df4b805 | 1 | <?php |
6b3d5ba9 | 2 | /* vim: set ts=4 tw=0 sw=4 noet: */ |
6df4b805 | 3 | require_once $CFG->root .'config.php'; |
6ead258e | 4 | require_once $CFG->root . 'lib/session_handler.inc.php'; |
6df4b805 | 5 | |
3056d117 MR |
6 | class Utils { |
7 | ||
2b6294e9 | 8 | private $timeout = false; |
3056d117 | 9 | private $settings; |
01cc21cf MR |
10 | private $log_level; |
11 | private $log_method; | |
b95d1cdb | 12 | private $header = '<!DOCTYPE html> |
6df4b805 MR |
13 | <html> |
14 | <head> | |
b95d1cdb MR |
15 | <meta charset="utf-8"> |
16 | <link rel="stylesheet" href="css/styles.css"> | |
17 | <script> | |
18 | var timeout = __TIMEOUT__; | |
19 | </script> | |
20 | <script src="__ROOT__js/timer.js"></script> | |
5c7b972e | 21 | <script src="__ROOT__js/checkbox.js"></script> |
7ef22e21 | 22 | <script src="__ROOT__js/forms.js"></script> |
b95d1cdb | 23 | <title>__TITLE__</title> |
6df4b805 | 24 | </head> |
60aad80e MR |
25 | <body><div id="container">'; |
26 | private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net" | |
27 | title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p> | |
3039de29 | 28 | </div></body></html>'; |
b95d1cdb MR |
29 | private $heading = '<p id="time" class="time">Session timeout: |
30 | <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>'; | |
31 | ||
3056d117 | 32 | public function __construct() { |
b95d1cdb MR |
33 | global $CFG; |
34 | ||
01cc21cf MR |
35 | if (isset($CFG->log_level)) { |
36 | $this->log_level = $CFG->log_level; | |
37 | } else { | |
38 | $this->log_level = 1; | |
39 | } | |
40 | ||
41 | if (isset($CFG->log_method)) { | |
42 | $this->log_method = $CFG->log_method; | |
43 | } else { | |
44 | $this->log_level = 'syslog'; | |
45 | } | |
46 | ||
519a15b5 MR |
47 | $this->log("Init Utils", 4); |
48 | ||
9da61a01 | 49 | $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); |
a675b383 | 50 | $this->startSession(); |
9da61a01 | 51 | $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); |
a675b383 | 52 | |
3056d117 MR |
53 | if (! isset($_SESSION['settings'])) { |
54 | $this->initSettings(); | |
55 | } | |
9da61a01 | 56 | $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); |
3056d117 | 57 | $this->settings = $_SESSION['settings']; |
9da61a01 | 58 | $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); |
3056d117 MR |
59 | |
60 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
86fb546e MR |
61 | if (isset($_SERVER['PHP_AUTH_USER'])) { |
62 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
3056d117 MR |
63 | $this->settings['loginStatus'] = 'OK'; |
64 | if ($CFG->admin_user == $this->settings['user']) | |
65 | $this->settings['admin'] = true; | |
b95d1cdb MR |
66 | } |
67 | } | |
b95d1cdb MR |
68 | } |
69 | ||
01cc21cf MR |
70 | private function log($message, $level = 1) { |
71 | global $CFG; | |
72 | ||
73 | if ($level > $this->log_level) | |
74 | return; | |
75 | ||
76 | $time = date('c'); | |
01cc21cf MR |
77 | |
78 | $priority = LOG_INFO; | |
79 | switch ($level) { | |
80 | case 1: $priority = LOG_ERR; break; | |
81 | case 2: $priority = LOG_WARNING; break; | |
82 | case 3: $priority = LOG_INFO; break; | |
83 | case 4: $priority = LOG_DEBUG; break; | |
84 | } | |
85 | ||
86 | switch ($this->log_method) { | |
87 | case 'file': | |
7b561609 MR |
88 | if (isset($CFG->log_file)) { |
89 | if ($CFG->log_file[0] == '/') { | |
90 | $file = $CFG->log_file; | |
91 | } else { | |
92 | $file = $CFG->root.$CFG->log_file; | |
93 | } | |
94 | } else { | |
95 | $file = $CFG->root.'qtadmin.log'; | |
96 | } | |
815fed0c | 97 | file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); |
ecc5e773 | 98 | chmod($file, 0600); |
7b561609 | 99 | break; |
01cc21cf | 100 | case 'stderr': |
815fed0c | 101 | file_put_contents('php://stderr', "[$time]: $message\n"); |
7b561609 | 102 | break; |
01cc21cf | 103 | case 'syslog': |
2dd58fe8 | 104 | syslog($priority, $message); |
01cc21cf | 105 | break; |
d6be2d1a | 106 | } |
01cc21cf MR |
107 | } |
108 | ||
3056d117 | 109 | private function initSettings() { |
2dd58fe8 MR |
110 | $this->log("InitSettings", 4); |
111 | ||
3056d117 MR |
112 | if ('' == session_id()) { |
113 | $this->startSession(); | |
114 | } | |
b95d1cdb | 115 | |
2b6294e9 MR |
116 | if (false !== $this->timeout) { |
117 | $timeout = $this->timeout; | |
118 | } else { | |
119 | $timeout = 0; | |
120 | } | |
121 | ||
3056d117 | 122 | $this->settings = array( |
3056d117 MR |
123 | 'user' => null, |
124 | 'admin' => false, | |
125 | 'loginStatus' => 'Not logged in', | |
2b6294e9 | 126 | 'timeout' => $timeout |
3056d117 | 127 | ); |
6072c905 | 128 | |
3056d117 | 129 | $_SESSION['settings'] = $this->settings; |
6072c905 MR |
130 | } |
131 | ||
a675b383 | 132 | private function startSession() { |
b95d1cdb MR |
133 | global $CFG; |
134 | ||
2dd58fe8 MR |
135 | $this->log("startSession", 4); |
136 | ||
b95d1cdb | 137 | if (isset($CFG->session_timeout)) { |
2b6294e9 | 138 | $this->timeout = $CFG->session_timeout * 60; |
b95d1cdb | 139 | } else { |
2b6294e9 | 140 | $this->timeout = 20 * 60; |
b95d1cdb MR |
141 | } |
142 | ||
2b6294e9 MR |
143 | if (ini_get('session.gc_maxlifetime') != $this->timeout) |
144 | ini_set('session.gc_maxlifetime', $this->timeout); | |
7b561609 MR |
145 | //if (ini_get('session.cookie_lifetime') != $this->timeout) |
146 | // ini_set('session.cookie_lifetime', $this->timeout); | |
147 | ini_set('session.cookie_lifetime', 0); | |
a675b383 MR |
148 | |
149 | session_start(); | |
7d9c7fe2 MR |
150 | } |
151 | ||
3056d117 | 152 | private function checkSession() { |
7d9c7fe2 MR |
153 | global $CFG; |
154 | ||
2dd58fe8 MR |
155 | $this->log("checkSession", 4); |
156 | ||
39023189 MR |
157 | if ('' == session_id()) { |
158 | $this->startSession(); | |
159 | } | |
160 | ||
b95d1cdb | 161 | $time = $_SERVER['REQUEST_TIME']; |
7d9c7fe2 | 162 | if (isset($_SESSION['LAST_ACTIVITY']) && |
3056d117 | 163 | ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { |
07124c37 MR |
164 | $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. |
165 | 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); | |
3056d117 | 166 | $this->logout(); |
a675b383 MR |
167 | } else { |
168 | $_SESSION['LAST_ACTIVITY'] = $time; | |
169 | } | |
b95d1cdb MR |
170 | } |
171 | ||
0da9e6e7 MR |
172 | private function getCSRFPreventionToken($ticket) { |
173 | return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); | |
174 | } | |
175 | ||
176 | private function getRestTicket($username, $password) { | |
177 | $result = false; | |
178 | $url = $CFG->wblistadm_url . '/ticket'; | |
179 | ||
180 | $data = "username=$username&password=$password"; | |
181 | $response = $this->RESTCall($url, $data, $cookiesIn = ''); | |
182 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
183 | $data = json_decode($response['content']); | |
184 | $_SESSION['ticket'] = $data->data; | |
185 | $_SESSION['cookies'] = $response['cookies']; | |
186 | $result = true; | |
187 | } | |
188 | ||
189 | return $result; | |
190 | } | |
191 | ||
192 | public function makeRestCall($method, $data = null) { | |
193 | $result; | |
194 | ||
195 | $url = $CFG->wblistadm_url . "/$method"; | |
196 | $token = $this->getCSRFPreventionToken($_SESSION['ticket']); | |
197 | $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); | |
198 | ||
199 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
200 | if ($data) { | |
201 | // HTTP POST | |
202 | $result = true; | |
203 | } else { | |
204 | // HTTP GET | |
205 | $data = json_decode($response['content']); | |
206 | $result = $data->data; | |
207 | } | |
208 | } else { | |
209 | $result = ($data) ? false : array(); | |
210 | } | |
211 | ||
212 | return $result; | |
213 | } | |
214 | ||
215 | private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { | |
216 | $options = array( | |
217 | CURLOPT_RETURNTRANSFER => true, // return web page | |
218 | CURLOPT_HEADER => true, //return headers in addition to content | |
219 | CURLOPT_FOLLOWLOCATION => true, // follow redirects | |
220 | CURLOPT_ENCODING => "", // handle all encodings | |
221 | CURLOPT_AUTOREFERER => true, // set referer on redirect | |
222 | CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect | |
223 | CURLOPT_TIMEOUT => 120, // timeout on response | |
224 | CURLOPT_MAXREDIRS => 10, // stop after 10 redirects | |
225 | CURLINFO_HEADER_OUT => true, | |
226 | CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks | |
227 | CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, | |
228 | CURLOPT_COOKIE => $cookiesIn | |
229 | ); | |
230 | ||
231 | if ($data) { | |
232 | $options[CURLOPT_POST] = 1; | |
233 | $options[CURLOPT_POSTFIELDS] = $data; | |
234 | } | |
235 | ||
236 | if ($headers) { | |
237 | $options[CURLOPT_HTTPHEADER] = $headers; | |
238 | } | |
239 | ||
240 | $ch = curl_init($url); | |
241 | curl_setopt_array($ch, $options); | |
242 | $rough_content = curl_exec($ch); | |
243 | $err = curl_errno($ch); | |
244 | $errmsg = curl_error($ch); | |
245 | $header = curl_getinfo($ch); | |
246 | curl_close($ch); | |
247 | ||
248 | $header_content = substr($rough_content, 0, $header['header_size']); | |
249 | $body_content = trim(str_replace($header_content, '', $rough_content)); | |
250 | $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m"; | |
251 | preg_match_all($pattern, $header_content, $matches); | |
252 | $cookiesOut = implode("; ", $matches['cookie']); | |
253 | ||
254 | $header['errno'] = $err; | |
255 | $header['errmsg'] = $errmsg; | |
256 | $header['headers'] = $header_content; | |
257 | $header['content'] = $body_content; | |
258 | $header['cookies'] = $cookiesOut; | |
259 | ||
260 | return $header; | |
261 | } | |
262 | ||
b95d1cdb | 263 | public function logout() { |
2dd58fe8 MR |
264 | $this->log("logout", 4); |
265 | ||
b95d1cdb MR |
266 | if (ini_get('session.use_cookies')) { |
267 | $params = session_get_cookie_params(); | |
268 | setcookie(session_name(), '', time() - 42000, | |
269 | $params['path'], $params['domain'], | |
270 | $params['secure'], $params['httponly']); | |
271 | } | |
39023189 MR |
272 | |
273 | if ('' != session_id()) { | |
274 | $_SESSION = array(); | |
275 | session_unset(); | |
276 | session_destroy(); | |
277 | } | |
3056d117 | 278 | $this->settings = array(); |
b95d1cdb MR |
279 | } |
280 | ||
281 | public function isAdmin() { | |
3056d117 MR |
282 | $admin = false; |
283 | ||
2dd58fe8 MR |
284 | $this->log("isAdmin", 4); |
285 | ||
3056d117 MR |
286 | if (isset($this->settings['admin'])) { |
287 | $admin = $this->settings['admin']; | |
288 | } | |
289 | ||
290 | return $admin; | |
b95d1cdb MR |
291 | } |
292 | ||
293 | public function login($user, $pw) { | |
294 | global $CFG; | |
295 | $result = false; | |
296 | ||
2dd58fe8 MR |
297 | $this->log("login", 4); |
298 | ||
3056d117 MR |
299 | if ('' == session_id()) { |
300 | $this->startSession(); | |
301 | } | |
302 | ||
303 | $this->settings['user'] = null; | |
304 | $this->settings['admin'] = false; | |
b95d1cdb MR |
305 | |
306 | $p = explode('@', $user); | |
307 | if (count($p) != 2) { | |
3056d117 MR |
308 | $this->settings['loginStatus'] = 'Bad username'; |
309 | } else { | |
310 | $domain = $p[1]; | |
311 | $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; | |
312 | $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; | |
313 | $ds = @ldap_connect($CFG->ldap_dsn); | |
314 | if ($ds) { | |
315 | @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); | |
316 | $r = @ldap_bind($ds, $dn, $pw); | |
317 | if ($r) { | |
318 | $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); | |
319 | $info = @ldap_get_entries($ds, $sr); // array | |
320 | if ($info['count'] > 0) { | |
5ec97892 | 321 | // Log in to wblistadm server and get CSRFPreventionToken |
0da9e6e7 MR |
322 | if ($this->getRestTicket($user, $pw)) { |
323 | $this->settings['user'] = $user; | |
324 | $result = true; | |
325 | $this->settings['loginStatus'] = 'OK'; | |
326 | $admin = 'NO'; | |
327 | if (isset($info[0]['domainglobaladmin'])) { | |
328 | $admin = $info[0]['domainglobaladmin'][0]; | |
329 | $admin = strtoupper($admin); | |
330 | } | |
331 | $this->settings['admin'] = ($admin == 'YES') ? true : false; | |
332 | } else { | |
333 | $this->settings['loginStatus'] = 'Login failed'; | |
334 | } | |
3056d117 MR |
335 | } else { |
336 | $this->settings['loginStatus'] = 'Login failed'; | |
b95d1cdb | 337 | } |
6df4b805 | 338 | } else { |
3056d117 | 339 | $this->settings['loginStatus'] = ldap_error($ds); |
6df4b805 | 340 | } |
3056d117 | 341 | @ldap_close($ds); |
6df4b805 | 342 | } else { |
3056d117 | 343 | $this->settings['loginStatus'] = 'Connect to LDAP server failed'; |
6df4b805 | 344 | } |
6df4b805 MR |
345 | } |
346 | ||
3056d117 | 347 | $_SESSION['settings'] = $this->settings; |
6e081c5f | 348 | |
b95d1cdb MR |
349 | return $result; |
350 | } | |
351 | ||
352 | public function getLoginStatus() { | |
3056d117 MR |
353 | $status = 'Not logged in'; |
354 | ||
2dd58fe8 MR |
355 | $this->log("getLoginStatus", 4); |
356 | ||
3056d117 MR |
357 | if (isset($this->settings['loginStatus'])) { |
358 | $status = $this->settings['loginStatus']; | |
359 | } | |
360 | ||
361 | return $status; | |
b95d1cdb MR |
362 | } |
363 | ||
364 | public function isLoggedIn() { | |
365 | global $CFG; | |
366 | $loggedIn = false; | |
367 | ||
65f27692 | 368 | $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); |
2dd58fe8 | 369 | |
3056d117 MR |
370 | if ('' == session_id()) { |
371 | $this->startSession(); | |
372 | } | |
373 | ||
65f27692 | 374 | $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); |
39023189 | 375 | $this->checkSession(); |
65f27692 | 376 | $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); |
39023189 | 377 | |
3056d117 MR |
378 | if (isset($this->settings['user'])) { |
379 | if ($this->settings['user'] != null) { | |
380 | $loggedIn = true; | |
381 | } else { | |
382 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
86fb546e MR |
383 | if (isset($_SERVER['PHP_AUTH_USER'])) { |
384 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
3056d117 MR |
385 | $loggedIn = true; |
386 | } | |
b95d1cdb MR |
387 | } |
388 | } | |
389 | } | |
390 | ||
85ec6a84 | 391 | if ($loggedIn == false) { |
7b561609 MR |
392 | $this->log('$this->settings: '.var_export($this->settings, true), 3); |
393 | $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); | |
18d80742 | 394 | } |
6e081c5f | 395 | |
3056d117 | 396 | $_SESSION['settings'] = $this->settings; |
6e081c5f | 397 | |
b95d1cdb MR |
398 | return $loggedIn; |
399 | } | |
400 | ||
401 | public function getUser() { | |
3056d117 MR |
402 | $user = null; |
403 | ||
2dd58fe8 MR |
404 | $this->log("getUser", 4); |
405 | ||
3056d117 MR |
406 | if ($this->isLoggedIn()) { |
407 | $user = $this->settings['user']; | |
408 | } | |
409 | ||
410 | return $user; | |
b95d1cdb MR |
411 | } |
412 | ||
3039de29 MR |
413 | public function authorized($recipient) { |
414 | $authorized = false; | |
415 | ||
cdd7c88a MR |
416 | $this->log("authorized '$recipient'", 3); |
417 | ||
3039de29 MR |
418 | if ($this->isAdmin() || $this->getUser() == $recipient) { |
419 | $authorized = true; | |
420 | } | |
181e3b1f MR |
421 | $msg = ($authorized) ? 'authorize' : 'not authorize'; |
422 | $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); | |
3039de29 MR |
423 | |
424 | return $authorized; | |
425 | } | |
426 | ||
b95d1cdb | 427 | public function getHeader() { |
2dd58fe8 MR |
428 | $this->log("getHeader", 4); |
429 | ||
b95d1cdb MR |
430 | return $this->header; |
431 | } | |
432 | ||
433 | public function getFooter() { | |
2dd58fe8 MR |
434 | $this->log("getFooter", 4); |
435 | ||
b95d1cdb MR |
436 | return $this->footer; |
437 | } | |
438 | ||
439 | public function getHeading() { | |
2dd58fe8 MR |
440 | $this->log("getHeading", 4); |
441 | ||
b95d1cdb MR |
442 | return $this->heading; |
443 | } | |
444 | ||
445 | public function setHeading($heading) { | |
446 | global $CFG; | |
447 | ||
2dd58fe8 MR |
448 | $this->log("setHeading", 4); |
449 | ||
b95d1cdb MR |
450 | $timeout = $CFG->session_timeout * 60 * 1000; |
451 | $this->heading = str_replace('__TITLE__', $heading, $this->heading); | |
452 | $this->header = str_replace('__TITLE__', $heading, $this->header); | |
453 | $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header); | |
454 | $this->header = str_replace('__TIMEOUT__', $timeout, $this->header); | |
455 | } | |
456 | ||
457 | public function convertContent($code) { | |
2dd58fe8 MR |
458 | $this->log("convertContent", 4); |
459 | ||
b95d1cdb MR |
460 | $table = array( |
461 | 'V' => 'Virus', | |
462 | 'B' => 'Banned', | |
463 | 'U' => 'Unchecked', | |
464 | 'S' => 'Spam', | |
465 | 'Y' => 'Spammy', | |
466 | 'M' => 'Bad Mime', | |
467 | 'H' => 'Bad Header', | |
468 | 'O' => 'Over sized', | |
469 | 'T' => 'MTA err', | |
470 | 'C' => 'Clean' | |
471 | ); | |
472 | ||
473 | $string = $table[$code]; | |
474 | if (empty($string)) | |
475 | $string = 'Unknown'; | |
476 | ||
477 | return $string; | |
478 | } | |
6df4b805 | 479 | |
6df4b805 | 480 | } |