]>
Commit | Line | Data |
---|---|---|
6df4b805 | 1 | <?php |
6b3d5ba9 | 2 | /* vim: set ts=4 tw=0 sw=4 noet: */ |
6df4b805 | 3 | require_once $CFG->root .'config.php'; |
6ead258e | 4 | require_once $CFG->root . 'lib/session_handler.inc.php'; |
6df4b805 | 5 | |
3056d117 MR |
6 | class Utils { |
7 | ||
2b6294e9 | 8 | private $timeout = false; |
3056d117 | 9 | private $settings; |
01cc21cf MR |
10 | private $log_level; |
11 | private $log_method; | |
b95d1cdb | 12 | private $header = '<!DOCTYPE html> |
6df4b805 MR |
13 | <html> |
14 | <head> | |
b95d1cdb MR |
15 | <meta charset="utf-8"> |
16 | <link rel="stylesheet" href="css/styles.css"> | |
17 | <script> | |
18 | var timeout = __TIMEOUT__; | |
19 | </script> | |
20 | <script src="__ROOT__js/timer.js"></script> | |
5c7b972e | 21 | <script src="__ROOT__js/checkbox.js"></script> |
7ef22e21 | 22 | <script src="__ROOT__js/forms.js"></script> |
b95d1cdb | 23 | <title>__TITLE__</title> |
6df4b805 | 24 | </head> |
b70a3d74 MR |
25 | <body> |
26 | <nav> | |
27 | <ul> | |
28 | <li><a href="index.php">Home</a></li> | |
29 | <li> | |
26c51ad5 | 30 | <a href="#">Sections <span class="caret"></span></a> |
b70a3d74 MR |
31 | <div> |
32 | <ul> | |
33 | <li><a href="qtadmin.php">Quarantine admin</a></li> | |
34 | <li><a href="wblist.php">WB list admin</a></li> | |
35 | </ul> | |
36 | </div> | |
37 | </li> | |
38 | <li><a href="about.html">About</a></li> | |
39 | <li><a href="help.html">Help</a></li> | |
40 | </ul> | |
41 | </nav> | |
42 | <div id="container">'; | |
60aad80e MR |
43 | private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net" |
44 | title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p> | |
3039de29 | 45 | </div></body></html>'; |
b95d1cdb MR |
46 | private $heading = '<p id="time" class="time">Session timeout: |
47 | <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>'; | |
48 | ||
3056d117 | 49 | public function __construct() { |
b95d1cdb MR |
50 | global $CFG; |
51 | ||
01cc21cf MR |
52 | if (isset($CFG->log_level)) { |
53 | $this->log_level = $CFG->log_level; | |
54 | } else { | |
55 | $this->log_level = 1; | |
56 | } | |
57 | ||
58 | if (isset($CFG->log_method)) { | |
59 | $this->log_method = $CFG->log_method; | |
60 | } else { | |
61 | $this->log_level = 'syslog'; | |
62 | } | |
63 | ||
519a15b5 MR |
64 | $this->log("Init Utils", 4); |
65 | ||
9da61a01 | 66 | $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); |
a675b383 | 67 | $this->startSession(); |
9da61a01 | 68 | $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); |
a675b383 | 69 | |
3056d117 MR |
70 | if (! isset($_SESSION['settings'])) { |
71 | $this->initSettings(); | |
72 | } | |
9da61a01 | 73 | $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); |
3056d117 | 74 | $this->settings = $_SESSION['settings']; |
9da61a01 | 75 | $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); |
3056d117 MR |
76 | |
77 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
86fb546e MR |
78 | if (isset($_SERVER['PHP_AUTH_USER'])) { |
79 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
3056d117 MR |
80 | $this->settings['loginStatus'] = 'OK'; |
81 | if ($CFG->admin_user == $this->settings['user']) | |
82 | $this->settings['admin'] = true; | |
b95d1cdb MR |
83 | } |
84 | } | |
b95d1cdb MR |
85 | } |
86 | ||
01cc21cf MR |
87 | private function log($message, $level = 1) { |
88 | global $CFG; | |
89 | ||
90 | if ($level > $this->log_level) | |
91 | return; | |
92 | ||
93 | $time = date('c'); | |
01cc21cf MR |
94 | |
95 | $priority = LOG_INFO; | |
96 | switch ($level) { | |
97 | case 1: $priority = LOG_ERR; break; | |
98 | case 2: $priority = LOG_WARNING; break; | |
99 | case 3: $priority = LOG_INFO; break; | |
100 | case 4: $priority = LOG_DEBUG; break; | |
101 | } | |
102 | ||
103 | switch ($this->log_method) { | |
104 | case 'file': | |
7b561609 MR |
105 | if (isset($CFG->log_file)) { |
106 | if ($CFG->log_file[0] == '/') { | |
107 | $file = $CFG->log_file; | |
108 | } else { | |
109 | $file = $CFG->root.$CFG->log_file; | |
110 | } | |
111 | } else { | |
112 | $file = $CFG->root.'qtadmin.log'; | |
113 | } | |
815fed0c | 114 | file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); |
ecc5e773 | 115 | chmod($file, 0600); |
7b561609 | 116 | break; |
01cc21cf | 117 | case 'stderr': |
815fed0c | 118 | file_put_contents('php://stderr', "[$time]: $message\n"); |
7b561609 | 119 | break; |
01cc21cf | 120 | case 'syslog': |
2dd58fe8 | 121 | syslog($priority, $message); |
01cc21cf | 122 | break; |
d6be2d1a | 123 | } |
01cc21cf MR |
124 | } |
125 | ||
3056d117 | 126 | private function initSettings() { |
2dd58fe8 MR |
127 | $this->log("InitSettings", 4); |
128 | ||
3056d117 MR |
129 | if ('' == session_id()) { |
130 | $this->startSession(); | |
131 | } | |
b95d1cdb | 132 | |
2b6294e9 MR |
133 | if (false !== $this->timeout) { |
134 | $timeout = $this->timeout; | |
135 | } else { | |
136 | $timeout = 0; | |
137 | } | |
138 | ||
3056d117 | 139 | $this->settings = array( |
3056d117 MR |
140 | 'user' => null, |
141 | 'admin' => false, | |
142 | 'loginStatus' => 'Not logged in', | |
2b6294e9 | 143 | 'timeout' => $timeout |
3056d117 | 144 | ); |
6072c905 | 145 | |
3056d117 | 146 | $_SESSION['settings'] = $this->settings; |
6072c905 MR |
147 | } |
148 | ||
a675b383 | 149 | private function startSession() { |
b95d1cdb MR |
150 | global $CFG; |
151 | ||
2dd58fe8 MR |
152 | $this->log("startSession", 4); |
153 | ||
b95d1cdb | 154 | if (isset($CFG->session_timeout)) { |
2b6294e9 | 155 | $this->timeout = $CFG->session_timeout * 60; |
b95d1cdb | 156 | } else { |
2b6294e9 | 157 | $this->timeout = 20 * 60; |
b95d1cdb MR |
158 | } |
159 | ||
2b6294e9 MR |
160 | if (ini_get('session.gc_maxlifetime') != $this->timeout) |
161 | ini_set('session.gc_maxlifetime', $this->timeout); | |
7b561609 MR |
162 | //if (ini_get('session.cookie_lifetime') != $this->timeout) |
163 | // ini_set('session.cookie_lifetime', $this->timeout); | |
164 | ini_set('session.cookie_lifetime', 0); | |
a675b383 MR |
165 | |
166 | session_start(); | |
7d9c7fe2 MR |
167 | } |
168 | ||
3056d117 | 169 | private function checkSession() { |
7d9c7fe2 MR |
170 | global $CFG; |
171 | ||
2dd58fe8 MR |
172 | $this->log("checkSession", 4); |
173 | ||
39023189 MR |
174 | if ('' == session_id()) { |
175 | $this->startSession(); | |
176 | } | |
177 | ||
b95d1cdb | 178 | $time = $_SERVER['REQUEST_TIME']; |
7d9c7fe2 | 179 | if (isset($_SESSION['LAST_ACTIVITY']) && |
3056d117 | 180 | ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { |
07124c37 MR |
181 | $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. |
182 | 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); | |
3056d117 | 183 | $this->logout(); |
a675b383 MR |
184 | } else { |
185 | $_SESSION['LAST_ACTIVITY'] = $time; | |
186 | } | |
b95d1cdb MR |
187 | } |
188 | ||
0da9e6e7 MR |
189 | private function getCSRFPreventionToken($ticket) { |
190 | return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); | |
191 | } | |
192 | ||
193 | private function getRestTicket($username, $password) { | |
6ba8e4d3 MR |
194 | global $CFG; |
195 | ||
0da9e6e7 MR |
196 | $result = false; |
197 | $url = $CFG->wblistadm_url . '/ticket'; | |
198 | ||
199 | $data = "username=$username&password=$password"; | |
200 | $response = $this->RESTCall($url, $data, $cookiesIn = ''); | |
201 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
202 | $data = json_decode($response['content']); | |
203 | $_SESSION['ticket'] = $data->data; | |
204 | $_SESSION['cookies'] = $response['cookies']; | |
205 | $result = true; | |
206 | } | |
207 | ||
208 | return $result; | |
209 | } | |
210 | ||
211 | public function makeRestCall($method, $data = null) { | |
6ba8e4d3 MR |
212 | global $CFG; |
213 | ||
0da9e6e7 MR |
214 | $result; |
215 | ||
f1c0988b | 216 | $url = $CFG->wblistadm_url . "$method"; |
0da9e6e7 MR |
217 | $token = $this->getCSRFPreventionToken($_SESSION['ticket']); |
218 | $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); | |
219 | ||
220 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
221 | if ($data) { | |
222 | // HTTP POST | |
223 | $result = true; | |
224 | } else { | |
225 | // HTTP GET | |
226 | $data = json_decode($response['content']); | |
227 | $result = $data->data; | |
228 | } | |
229 | } else { | |
230 | $result = ($data) ? false : array(); | |
231 | } | |
232 | ||
233 | return $result; | |
234 | } | |
235 | ||
236 | private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { | |
237 | $options = array( | |
238 | CURLOPT_RETURNTRANSFER => true, // return web page | |
239 | CURLOPT_HEADER => true, //return headers in addition to content | |
240 | CURLOPT_FOLLOWLOCATION => true, // follow redirects | |
241 | CURLOPT_ENCODING => "", // handle all encodings | |
242 | CURLOPT_AUTOREFERER => true, // set referer on redirect | |
243 | CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect | |
244 | CURLOPT_TIMEOUT => 120, // timeout on response | |
245 | CURLOPT_MAXREDIRS => 10, // stop after 10 redirects | |
246 | CURLINFO_HEADER_OUT => true, | |
247 | CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks | |
248 | CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, | |
249 | CURLOPT_COOKIE => $cookiesIn | |
250 | ); | |
251 | ||
252 | if ($data) { | |
253 | $options[CURLOPT_POST] = 1; | |
254 | $options[CURLOPT_POSTFIELDS] = $data; | |
255 | } | |
256 | ||
257 | if ($headers) { | |
258 | $options[CURLOPT_HTTPHEADER] = $headers; | |
259 | } | |
260 | ||
261 | $ch = curl_init($url); | |
262 | curl_setopt_array($ch, $options); | |
263 | $rough_content = curl_exec($ch); | |
264 | $err = curl_errno($ch); | |
265 | $errmsg = curl_error($ch); | |
266 | $header = curl_getinfo($ch); | |
267 | curl_close($ch); | |
268 | ||
269 | $header_content = substr($rough_content, 0, $header['header_size']); | |
270 | $body_content = trim(str_replace($header_content, '', $rough_content)); | |
271 | $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m"; | |
272 | preg_match_all($pattern, $header_content, $matches); | |
273 | $cookiesOut = implode("; ", $matches['cookie']); | |
274 | ||
275 | $header['errno'] = $err; | |
276 | $header['errmsg'] = $errmsg; | |
277 | $header['headers'] = $header_content; | |
278 | $header['content'] = $body_content; | |
279 | $header['cookies'] = $cookiesOut; | |
280 | ||
281 | return $header; | |
282 | } | |
283 | ||
b95d1cdb | 284 | public function logout() { |
2dd58fe8 MR |
285 | $this->log("logout", 4); |
286 | ||
b95d1cdb MR |
287 | if (ini_get('session.use_cookies')) { |
288 | $params = session_get_cookie_params(); | |
289 | setcookie(session_name(), '', time() - 42000, | |
290 | $params['path'], $params['domain'], | |
291 | $params['secure'], $params['httponly']); | |
292 | } | |
39023189 MR |
293 | |
294 | if ('' != session_id()) { | |
295 | $_SESSION = array(); | |
296 | session_unset(); | |
297 | session_destroy(); | |
298 | } | |
3056d117 | 299 | $this->settings = array(); |
b95d1cdb MR |
300 | } |
301 | ||
302 | public function isAdmin() { | |
3056d117 MR |
303 | $admin = false; |
304 | ||
2dd58fe8 MR |
305 | $this->log("isAdmin", 4); |
306 | ||
3056d117 MR |
307 | if (isset($this->settings['admin'])) { |
308 | $admin = $this->settings['admin']; | |
309 | } | |
310 | ||
311 | return $admin; | |
b95d1cdb MR |
312 | } |
313 | ||
314 | public function login($user, $pw) { | |
315 | global $CFG; | |
316 | $result = false; | |
317 | ||
2dd58fe8 MR |
318 | $this->log("login", 4); |
319 | ||
3056d117 MR |
320 | if ('' == session_id()) { |
321 | $this->startSession(); | |
322 | } | |
323 | ||
324 | $this->settings['user'] = null; | |
325 | $this->settings['admin'] = false; | |
b95d1cdb MR |
326 | |
327 | $p = explode('@', $user); | |
328 | if (count($p) != 2) { | |
3056d117 MR |
329 | $this->settings['loginStatus'] = 'Bad username'; |
330 | } else { | |
331 | $domain = $p[1]; | |
332 | $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; | |
333 | $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; | |
334 | $ds = @ldap_connect($CFG->ldap_dsn); | |
335 | if ($ds) { | |
336 | @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); | |
337 | $r = @ldap_bind($ds, $dn, $pw); | |
338 | if ($r) { | |
339 | $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); | |
340 | $info = @ldap_get_entries($ds, $sr); // array | |
341 | if ($info['count'] > 0) { | |
5ec97892 | 342 | // Log in to wblistadm server and get CSRFPreventionToken |
0da9e6e7 MR |
343 | if ($this->getRestTicket($user, $pw)) { |
344 | $this->settings['user'] = $user; | |
345 | $result = true; | |
346 | $this->settings['loginStatus'] = 'OK'; | |
347 | $admin = 'NO'; | |
348 | if (isset($info[0]['domainglobaladmin'])) { | |
349 | $admin = $info[0]['domainglobaladmin'][0]; | |
350 | $admin = strtoupper($admin); | |
351 | } | |
352 | $this->settings['admin'] = ($admin == 'YES') ? true : false; | |
353 | } else { | |
354 | $this->settings['loginStatus'] = 'Login failed'; | |
355 | } | |
3056d117 MR |
356 | } else { |
357 | $this->settings['loginStatus'] = 'Login failed'; | |
b95d1cdb | 358 | } |
6df4b805 | 359 | } else { |
3056d117 | 360 | $this->settings['loginStatus'] = ldap_error($ds); |
6df4b805 | 361 | } |
3056d117 | 362 | @ldap_close($ds); |
6df4b805 | 363 | } else { |
3056d117 | 364 | $this->settings['loginStatus'] = 'Connect to LDAP server failed'; |
6df4b805 | 365 | } |
6df4b805 MR |
366 | } |
367 | ||
3056d117 | 368 | $_SESSION['settings'] = $this->settings; |
6e081c5f | 369 | |
b95d1cdb MR |
370 | return $result; |
371 | } | |
372 | ||
373 | public function getLoginStatus() { | |
3056d117 MR |
374 | $status = 'Not logged in'; |
375 | ||
2dd58fe8 MR |
376 | $this->log("getLoginStatus", 4); |
377 | ||
3056d117 MR |
378 | if (isset($this->settings['loginStatus'])) { |
379 | $status = $this->settings['loginStatus']; | |
380 | } | |
381 | ||
382 | return $status; | |
b95d1cdb MR |
383 | } |
384 | ||
385 | public function isLoggedIn() { | |
386 | global $CFG; | |
387 | $loggedIn = false; | |
388 | ||
65f27692 | 389 | $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); |
2dd58fe8 | 390 | |
3056d117 MR |
391 | if ('' == session_id()) { |
392 | $this->startSession(); | |
393 | } | |
394 | ||
65f27692 | 395 | $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); |
39023189 | 396 | $this->checkSession(); |
65f27692 | 397 | $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); |
39023189 | 398 | |
3056d117 MR |
399 | if (isset($this->settings['user'])) { |
400 | if ($this->settings['user'] != null) { | |
401 | $loggedIn = true; | |
402 | } else { | |
403 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
86fb546e MR |
404 | if (isset($_SERVER['PHP_AUTH_USER'])) { |
405 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
3056d117 MR |
406 | $loggedIn = true; |
407 | } | |
b95d1cdb MR |
408 | } |
409 | } | |
410 | } | |
411 | ||
85ec6a84 | 412 | if ($loggedIn == false) { |
7b561609 MR |
413 | $this->log('$this->settings: '.var_export($this->settings, true), 3); |
414 | $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); | |
18d80742 | 415 | } |
6e081c5f | 416 | |
3056d117 | 417 | $_SESSION['settings'] = $this->settings; |
6e081c5f | 418 | |
b95d1cdb MR |
419 | return $loggedIn; |
420 | } | |
421 | ||
422 | public function getUser() { | |
3056d117 MR |
423 | $user = null; |
424 | ||
2dd58fe8 MR |
425 | $this->log("getUser", 4); |
426 | ||
3056d117 MR |
427 | if ($this->isLoggedIn()) { |
428 | $user = $this->settings['user']; | |
429 | } | |
430 | ||
431 | return $user; | |
b95d1cdb MR |
432 | } |
433 | ||
3039de29 MR |
434 | public function authorized($recipient) { |
435 | $authorized = false; | |
436 | ||
cdd7c88a MR |
437 | $this->log("authorized '$recipient'", 3); |
438 | ||
3039de29 MR |
439 | if ($this->isAdmin() || $this->getUser() == $recipient) { |
440 | $authorized = true; | |
441 | } | |
181e3b1f MR |
442 | $msg = ($authorized) ? 'authorize' : 'not authorize'; |
443 | $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); | |
3039de29 MR |
444 | |
445 | return $authorized; | |
446 | } | |
447 | ||
b95d1cdb | 448 | public function getHeader() { |
2dd58fe8 MR |
449 | $this->log("getHeader", 4); |
450 | ||
b95d1cdb MR |
451 | return $this->header; |
452 | } | |
453 | ||
454 | public function getFooter() { | |
2dd58fe8 MR |
455 | $this->log("getFooter", 4); |
456 | ||
b95d1cdb MR |
457 | return $this->footer; |
458 | } | |
459 | ||
460 | public function getHeading() { | |
2dd58fe8 MR |
461 | $this->log("getHeading", 4); |
462 | ||
b95d1cdb MR |
463 | return $this->heading; |
464 | } | |
465 | ||
466 | public function setHeading($heading) { | |
467 | global $CFG; | |
468 | ||
2dd58fe8 MR |
469 | $this->log("setHeading", 4); |
470 | ||
b95d1cdb MR |
471 | $timeout = $CFG->session_timeout * 60 * 1000; |
472 | $this->heading = str_replace('__TITLE__', $heading, $this->heading); | |
473 | $this->header = str_replace('__TITLE__', $heading, $this->header); | |
474 | $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header); | |
475 | $this->header = str_replace('__TIMEOUT__', $timeout, $this->header); | |
476 | } | |
477 | ||
478 | public function convertContent($code) { | |
2dd58fe8 MR |
479 | $this->log("convertContent", 4); |
480 | ||
b95d1cdb MR |
481 | $table = array( |
482 | 'V' => 'Virus', | |
483 | 'B' => 'Banned', | |
484 | 'U' => 'Unchecked', | |
485 | 'S' => 'Spam', | |
486 | 'Y' => 'Spammy', | |
487 | 'M' => 'Bad Mime', | |
488 | 'H' => 'Bad Header', | |
489 | 'O' => 'Over sized', | |
490 | 'T' => 'MTA err', | |
491 | 'C' => 'Clean' | |
492 | ); | |
493 | ||
494 | $string = $table[$code]; | |
495 | if (empty($string)) | |
496 | $string = 'Unknown'; | |
497 | ||
498 | return $string; | |
499 | } | |
6df4b805 | 500 | |
6df4b805 | 501 | } |