[qtadmin.git] / lib / utils.inc.php

<?php
/* vim: set ts=4 tw=0 sw=4 noet: */
require_once $CFG->root .'config.php';
require_once $CFG->root . 'lib/session_handler.inc.php';

class Utils {

    private $timeout = false;
    private $settings;
    private $log_level;
    private $log_method;
    private $header = '<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <link rel="stylesheet" href="css/styles.css">
    <script>
        var timeout = __TIMEOUT__;
    </script>
    <script src="__ROOT__js/timer.js"></script>
    <script src="__ROOT__js/checkbox.js"></script>
    <script src="__ROOT__js/forms.js"></script>
    <title>__TITLE__</title>
</head>
<body>
<!--
<nav>
    <ul>
        <li><a href="index.php">Home</a></li>
        <li>
            <a href="#">Sections <span class="caret"></span></a>
            <div>
                <ul>
                    <li><a href="qtadmin.php">Quarantine admin</a></li>
                    <li><a href="wblist.php">WB list admin</a></li>
                </ul>
            </div>
        </li>
        <li><a href="about.html">About</a></li>
        <li><a href="auth.php?op=logout">Logout</a></li>
    </ul>
</nav>
-->
<nav>
    <ul>
        <li><a href="index.php">Home</a></li>
        <li>
            <a href="#">Sections <span class="caret"></span></a>
            <div>
                <ul>
                    <li>
                        <a href="qtadmin.php">Quarantine admin</span></a>
                    </li>
                    <li><a href="#">WB list admin <span class="caret"></a>
                        <div>
                            <ul>
                                <li><a href="wblist.php?p=show&amp;s=all">Show All</a></li>
                                <li><a href="wblist.php?p=show&amp;s=blacklist">Show Blacklist</a></li>
                                <li><a href="wblist.php?p=show&amp;s=whitelist">Show Whitelist</a></li>
                                <li><a href="wblist.php?p=add">Add Rule</a></li>
                                <li><a href="wblist.php?p=del">Delete Rule</a></li>
                            </ul>
                        </div>
                    </li>
                </ul>
            </div>
        </li>
        <li><a href="about.html">About</a></li>
        <li><a href="auth.php?op=logout">Logout</a></li>
    </ul>
</nav>
    <div id="container">';
    private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p>
    </div></body></html>';
    private $heading = '<p id="time" class="time">Session timeout:
            <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';

    public function __construct() {
        global $CFG;

        if (isset($CFG->log_level)) {
            $this->log_level = $CFG->log_level;
        } else {
            $this->log_level = 1;
        }

        if (isset($CFG->log_method)) {
            $this->log_method = $CFG->log_method;
        } else {
            $this->log_level = 'syslog';
        }

        $this->log("Init Utils", 4);

        $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3);
        $this->startSession();
        $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3);

        if (! isset($_SESSION['settings'])) {
            $this->initSettings();
        }
        $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3);
        $this->settings = $_SESSION['settings'];
        $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3);

        if ($CFG->auth_method == 'HTTP_AUTH') {
            if (isset($_SERVER['PHP_AUTH_USER'])) {
                $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
                $this->settings['loginStatus'] = 'OK';
                if ($CFG->admin_user == $this->settings['user'])
                    $this->settings['admin'] = true;
            }
        }
    }

    private function log($message, $level = 1) {
        global $CFG;

        if ($level > $this->log_level)
            return;

        $time = date('c');

        $priority = LOG_INFO;
        switch ($level) {
            case 1: $priority = LOG_ERR; break;
            case 2: $priority = LOG_WARNING; break;
            case 3: $priority = LOG_INFO; break;
            case 4: $priority = LOG_DEBUG; break;
        }

        switch ($this->log_method) {
            case 'file':
                if (isset($CFG->log_file)) {
                    if ($CFG->log_file[0] == '/') {
                        $file = $CFG->log_file;
                    } else {
                        $file = $CFG->root.$CFG->log_file;
                    }
                } else {
                    $file = $CFG->root.'qtadmin.log';
                }
                file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX);
                chmod($file, 0600);
                break;
            case 'stderr':
                file_put_contents('php://stderr', "[$time]: $message\n");
                break;
            case 'syslog':
                syslog($priority, $message);
                break;
        }
    }

    private function initSettings() {
        $this->log("InitSettings", 4);

        if ('' == session_id()) {
            $this->startSession();
        }

        if (false !== $this->timeout) {
            $timeout = $this->timeout;
        } else {
            $timeout = 0;
        }

        $this->settings = array(
            'user' => null,
            'admin' => false,
            'loginStatus' => 'Not logged in',
            'timeout' => $timeout
        );

        $_SESSION['settings'] = $this->settings;
    }

    private function startSession() {
        global $CFG;

        $this->log("startSession", 4);

        if (isset($CFG->session_timeout)) {
            $this->timeout = $CFG->session_timeout * 60;
        } else {
            $this->timeout = 20 * 60;
        }

        if (ini_get('session.gc_maxlifetime') != $this->timeout)
            ini_set('session.gc_maxlifetime', $this->timeout);
        //if (ini_get('session.cookie_lifetime') != $this->timeout)
        //    ini_set('session.cookie_lifetime', $this->timeout);
        ini_set('session.cookie_lifetime', 0);

        session_start();
    }

    private function checkSession() {
        global $CFG;

        $this->log("checkSession", 4);

        if ('' == session_id()) {
            $this->startSession();
        }

        $time = $_SERVER['REQUEST_TIME'];
        if (isset($_SESSION['LAST_ACTIVITY']) &&
                ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
            $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
            'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3);
            $this->logout();
        } else {
            $_SESSION['LAST_ACTIVITY'] = $time;
        }
    }

    private function getCSRFPreventionToken($ticket) {
        return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken);
    }

    private function getRestTicket($username, $password) {
        global $CFG;

        $result = false;
        $url = $CFG->wblistadm_url . '/ticket';

        $data = "username=$username&password=$password";
        $response = $this->RESTCall($url, $data, $cookiesIn = '');
        if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
            $data = json_decode($response['content']);
            $_SESSION['ticket'] = $data->data;
            $_SESSION['cookies'] = $response['cookies'];
            $result = true;
        }

        return $result;
    }

    public function makeRestCall($method, $data = null) {
        global $CFG;

        $result;

        $url = $CFG->wblistadm_url . "$method";
        $token = $this->getCSRFPreventionToken($_SESSION['ticket']);
        $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token);

        if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
            if ($data) {
                // HTTP POST
                $result = true;
            } else {
                // HTTP GET
                $data = json_decode($response['content']);
                if (is_object($data)) {
                    $result = $data->data;
                } else {
                    $result = array('No result');
                }
            }
        } else {
            $result = ($data) ? false : array();
        }

        return $result;
    }

    private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) {
        $options = array(
            CURLOPT_RETURNTRANSFER => true,     // return web page
            CURLOPT_HEADER         => true,     //return headers in addition to content
            CURLOPT_FOLLOWLOCATION => true,     // follow redirects
            CURLOPT_ENCODING       => "",       // handle all encodings
            CURLOPT_AUTOREFERER    => true,     // set referer on redirect
            CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
            CURLOPT_TIMEOUT        => 120,      // timeout on response
            CURLOPT_MAXREDIRS      => 10,       // stop after 10 redirects
            CURLINFO_HEADER_OUT    => true,
            CURLOPT_SSL_VERIFYPEER => false,     // Disabled SSL Cert checks
            CURLOPT_HTTP_VERSION   => CURL_HTTP_VERSION_1_1,
            CURLOPT_COOKIE         => $cookiesIn
        );

        if ($data) {
            $options[CURLOPT_POST] = 1;
            $options[CURLOPT_POSTFIELDS] = $data;
        }

        if ($headers) {
            $options[CURLOPT_HTTPHEADER] = $headers;
        }

        $ch = curl_init($url);
        curl_setopt_array($ch, $options);
        $rough_content = curl_exec($ch);
        $err = curl_errno($ch);
        $errmsg = curl_error($ch);
        $header = curl_getinfo($ch);
        curl_close($ch);

        $header_content = substr($rough_content, 0, $header['header_size']);
        $body_content = trim(str_replace($header_content, '', $rough_content));
        $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m";
        preg_match_all($pattern, $header_content, $matches);
        $cookiesOut = implode("; ", $matches['cookie']);

        $header['errno']   = $err;
        $header['errmsg']  = $errmsg;
        $header['headers'] = $header_content;
        $header['content'] = $body_content;
        $header['cookies'] = $cookiesOut;

        return $header;
    }

    public function logout() {
        $this->log("logout", 4);

        if (ini_get('session.use_cookies')) {
            $params = session_get_cookie_params();
            setcookie(session_name(), '', time() - 42000,
                $params['path'], $params['domain'],
                $params['secure'], $params['httponly']);
        }

        if ('' != session_id()) {
            $_SESSION = array();
            session_unset();
            session_destroy();
        }
        $this->settings = array();
    }

    public function isAdmin() {
        $admin = false;

        $this->log("isAdmin", 4);

        if (isset($this->settings['admin'])) {
            $admin = $this->settings['admin'];
        }

        return $admin;
    }

    public function login($user, $pw) {
        global $CFG;
        $result = false;

        $this->log("login", 4);

        if ('' == session_id()) {
            $this->startSession();
        }

        $this->settings['user'] = null;
        $this->settings['admin'] = false;

        $p = explode('@', $user);
        if (count($p) != 2) {
           $this->settings['loginStatus'] = 'Bad username';
        } else {
            $domain = $p[1];
            $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
            $this->log('dn: '.var_export($dn, true), 4);
            $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
            $this->log('filter: '.var_export($filter, true), 4);
            $ds = @ldap_connect($CFG->ldap_dsn);
            if ($ds) {
                @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
                $r = @ldap_bind($ds, $dn, $pw);
                if ($r) {
                    $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
                    $this->log('sr: '.var_export($sr, true), 4);
                    $info = @ldap_get_entries($ds, $sr); // array
                    $this->log('info: '.var_export($info, true), 4);
                    if ($info['count'] > 0) {
                        // Log in to wblistadm server and get CSRFPreventionToken
                        if ($this->getRestTicket($user, $pw)) {
                            $this->settings['user'] = $user;
                            $result = true;
                            $this->settings['loginStatus'] = 'OK';
                            $admin = 'NO';
                            if (isset($info[0]['domainglobaladmin'])) {
                                $admin = $info[0]['domainglobaladmin'][0];
                                $admin = strtoupper($admin);
                            }
                            $this->settings['admin'] = ($admin == 'YES') ? true : false;
                        } else {
                            $this->settings['loginStatus'] = 'Login to wblistadm REST server failed';
                        }
                    } else {
                        $this->settings['loginStatus'] = 'Login failed';
                    }
                } else {
                    $this->settings['loginStatus'] = ldap_error($ds);
                }
                @ldap_close($ds);
            } else {
                $this->settings['loginStatus'] = 'Connect to LDAP server failed';
            }
        }

        $_SESSION['settings'] = $this->settings;

        return $result;
    }

    public function getLoginStatus() {
        $status = 'Not logged in';

        $this->log("getLoginStatus", 4);

        if (isset($this->settings['loginStatus'])) {
            $status = $this->settings['loginStatus'];
        }

        return $status;
    }

    public function isLoggedIn() {
        global $CFG;
        $loggedIn = false;

        $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3);

        if ('' == session_id()) {
            $this->startSession();
        }

        $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3);
        $this->checkSession();
        $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3);

        if (isset($this->settings['user'])) {
            if ($this->settings['user'] != null) {
                $loggedIn = true;
            } else {
                if ($CFG->auth_method == 'HTTP_AUTH') {
                    if (isset($_SERVER['PHP_AUTH_USER'])) {
                        $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
                        $loggedIn = true;
                    }
                }
            }
        }

        if ($loggedIn == false) {
            $this->log('$this->settings: '.var_export($this->settings, true), 3);
            $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
        }

        $_SESSION['settings'] = $this->settings;

        return $loggedIn;
    }

    public function getUser() {
        $user = null;

        $this->log("getUser", 4);

        if ($this->isLoggedIn()) {
            $user = $this->settings['user'];
        }

        return $user;
    }

    public function authorized($recipient) {
        $authorized = false;

        $this->log("authorized '$recipient'", 3);

        if ($this->isAdmin() || $this->getUser() == $recipient) {
            $authorized = true;
        }
        $msg = ($authorized) ? 'authorize' : 'not authorize';
        $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3);

        return $authorized;
    }

    public function getHeader() {
        $this->log("getHeader", 4);

        return $this->header;
    }

    public function getFooter() {
        $this->log("getFooter", 4);

        return $this->footer;
    }

    public function getHeading() {
        $this->log("getHeading", 4);

        return $this->heading;
    }

    public function setHeading($heading) {
        global $CFG;

        $this->log("setHeading", 4);

        $timeout = $CFG->session_timeout * 60 * 1000;
        $this->heading = str_replace('__TITLE__', $heading, $this->heading);
        $this->header = str_replace('__TITLE__', $heading, $this->header);
        $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
        $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
    }

    public function convertContent($code) {
        $this->log("convertContent", 4);

        $table = array(
            'V' => 'Virus',
            'B' => 'Banned',
            'U' => 'Unchecked',
            'S' => 'Spam',
            'Y' => 'Spammy',
            'M' => 'Bad Mime',
            'H' => 'Bad Header',
            'O' => 'Over sized',
            'T' => 'MTA err',
            'C' => 'Clean'
        );

        $string = $table[$code];
        if (empty($string))
            $string = 'Unknown';

        return $string;
    }

}
Commit	Line	Data
6df4b805	1	<?php
6b3d5ba9	2	/* vim: set ts=4 tw=0 sw=4 noet: */
6df4b805	3	require_once $CFG->root .'config.php';
6ead258e	4	require_once $CFG->root . 'lib/session_handler.inc.php';
6df4b805	5
3056d117 MR	6	class Utils {
3056d117 MR	7
2b6294e9	8	private $timeout = false;
3056d117	9	private $settings;
01cc21cf MR	10	private $log_level;
01cc21cf MR	11	private $log_method;
b95d1cdb	12	private $header = '<!DOCTYPE html>
6df4b805 MR	13	<html>
6df4b805 MR	14	<head>
b95d1cdb MR	15	<meta charset="utf-8">
	16	<link rel="stylesheet" href="css/styles.css">
	17	<script>
	18	var timeout = __TIMEOUT__;
	19	</script>
	20	<script src="__ROOT__js/timer.js"></script>
5c7b972e	21	<script src="__ROOT__js/checkbox.js"></script>
7ef22e21	22	<script src="__ROOT__js/forms.js"></script>
b95d1cdb	23	<title>__TITLE__</title>
6df4b805	24	</head>
b70a3d74	25	<body>
65ff42ae	26	<!--
b70a3d74	27	<nav>
ba9876ed MR	28	<ul>
	29	<li><a href="index.php">Home</a></li>
	30	<li>
	31	<a href="#">Sections <span class="caret"></span></a>
	32	<div>
	33	<ul>
	34	<li><a href="qtadmin.php">Quarantine admin</a></li>
	35	<li><a href="wblist.php">WB list admin</a></li>
	36	</ul>
	37	</div>
	38	</li>
	39	<li><a href="about.html">About</a></li>
	40	<li><a href="auth.php?op=logout">Logout</a></li>
	41	</ul>
65ff42ae MR	42	</nav>
	43	-->
	44	<nav>
ba9876ed MR	45	<ul>
	46	<li><a href="index.php">Home</a></li>
	47	<li>
	48	<a href="#">Sections <span class="caret"></span></a>
	49	<div>
	50	<ul>
	51	<li>
	52	<a href="qtadmin.php">Quarantine admin</span></a>
	53	</li>
	54	<li><a href="#">WB list admin <span class="caret"></a>
	55	<div>
	56	<ul>
	57	<li><a href="wblist.php?p=show&s=all">Show All</a></li>
	58	<li><a href="wblist.php?p=show&s=blacklist">Show Blacklist</a></li>
	59	<li><a href="wblist.php?p=show&s=whitelist">Show Whitelist</a></li>
	60	<li><a href="wblist.php?p=add">Add Rule</a></li>
	61	<li><a href="wblist.php?p=del">Delete Rule</a></li>
	62	</ul>
	63	</div>
	64	</li>
	65	</ul>
	66	</div>
	67	</li>
	68	<li><a href="about.html">About</a></li>
	69	<li><a href="auth.php?op=logout">Logout</a></li>
	70	</ul>
b70a3d74	71	</nav>
ba9876ed	72	<div id="container">';
60aad80e MR	73	private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
60aad80e MR	74	title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p>
3039de29	75	</div></body></html>';
b95d1cdb MR	76	private $heading = '<p id="time" class="time">Session timeout:
	77	<span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
	78
3056d117	79	public function __construct() {
b95d1cdb MR	80	global $CFG;
b95d1cdb MR	81
01cc21cf MR	82	if (isset($CFG->log_level)) {
	83	$this->log_level = $CFG->log_level;
	84	} else {
	85	$this->log_level = 1;
	86	}
	87
	88	if (isset($CFG->log_method)) {
	89	$this->log_method = $CFG->log_method;
	90	} else {
	91	$this->log_level = 'syslog';
	92	}
	93
519a15b5 MR	94	$this->log("Init Utils", 4);
519a15b5 MR	95
9da61a01	96	$this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3);
a675b383	97	$this->startSession();
9da61a01	98	$this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3);
a675b383	99
3056d117 MR	100	if (! isset($_SESSION['settings'])) {
	101	$this->initSettings();
	102	}
9da61a01	103	$this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3);
3056d117	104	$this->settings = $_SESSION['settings'];
9da61a01	105	$this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3);
3056d117 MR	106
3056d117 MR	107	if ($CFG->auth_method == 'HTTP_AUTH') {
86fb546e MR	108	if (isset($_SERVER['PHP_AUTH_USER'])) {
86fb546e MR	109	$this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
3056d117 MR	110	$this->settings['loginStatus'] = 'OK';
	111	if ($CFG->admin_user == $this->settings['user'])
	112	$this->settings['admin'] = true;
b95d1cdb MR	113	}
b95d1cdb MR	114	}
b95d1cdb MR	115	}
b95d1cdb MR	116
01cc21cf MR	117	private function log($message, $level = 1) {
	118	global $CFG;
	119
	120	if ($level > $this->log_level)
	121	return;
	122
	123	$time = date('c');
01cc21cf MR	124
	125	$priority = LOG_INFO;
	126	switch ($level) {
	127	case 1: $priority = LOG_ERR; break;
	128	case 2: $priority = LOG_WARNING; break;
	129	case 3: $priority = LOG_INFO; break;
	130	case 4: $priority = LOG_DEBUG; break;
	131	}
	132
	133	switch ($this->log_method) {
	134	case 'file':
7b561609 MR	135	if (isset($CFG->log_file)) {
	136	if ($CFG->log_file[0] == '/') {
	137	$file = $CFG->log_file;
	138	} else {
	139	$file = $CFG->root.$CFG->log_file;
	140	}
	141	} else {
	142	$file = $CFG->root.'qtadmin.log';
	143	}
815fed0c	144	file_put_contents($file, "[$time]: $message\n", FILE_APPEND \| LOCK_EX);
ecc5e773	145	chmod($file, 0600);
7b561609	146	break;
01cc21cf	147	case 'stderr':
815fed0c	148	file_put_contents('php://stderr', "[$time]: $message\n");
7b561609	149	break;
01cc21cf	150	case 'syslog':
2dd58fe8	151	syslog($priority, $message);
01cc21cf	152	break;
d6be2d1a	153	}
01cc21cf MR	154	}
01cc21cf MR	155
3056d117	156	private function initSettings() {
2dd58fe8 MR	157	$this->log("InitSettings", 4);
2dd58fe8 MR	158
3056d117 MR	159	if ('' == session_id()) {
	160	$this->startSession();
	161	}
b95d1cdb	162
2b6294e9 MR	163	if (false !== $this->timeout) {
	164	$timeout = $this->timeout;
	165	} else {
	166	$timeout = 0;
	167	}
	168
3056d117	169	$this->settings = array(
3056d117 MR	170	'user' => null,
	171	'admin' => false,
	172	'loginStatus' => 'Not logged in',
2b6294e9	173	'timeout' => $timeout
3056d117	174	);
6072c905	175
3056d117	176	$_SESSION['settings'] = $this->settings;
6072c905 MR	177	}
6072c905 MR	178
a675b383	179	private function startSession() {
b95d1cdb MR	180	global $CFG;
b95d1cdb MR	181
2dd58fe8 MR	182	$this->log("startSession", 4);
2dd58fe8 MR	183
b95d1cdb	184	if (isset($CFG->session_timeout)) {
2b6294e9	185	$this->timeout = $CFG->session_timeout * 60;
b95d1cdb	186	} else {
2b6294e9	187	$this->timeout = 20 * 60;
b95d1cdb MR	188	}
b95d1cdb MR	189
2b6294e9 MR	190	if (ini_get('session.gc_maxlifetime') != $this->timeout)
2b6294e9 MR	191	ini_set('session.gc_maxlifetime', $this->timeout);
7b561609 MR	192	//if (ini_get('session.cookie_lifetime') != $this->timeout)
	193	// ini_set('session.cookie_lifetime', $this->timeout);
	194	ini_set('session.cookie_lifetime', 0);
a675b383 MR	195
a675b383 MR	196	session_start();
7d9c7fe2 MR	197	}
7d9c7fe2 MR	198
3056d117	199	private function checkSession() {
7d9c7fe2 MR	200	global $CFG;
7d9c7fe2 MR	201
2dd58fe8 MR	202	$this->log("checkSession", 4);
2dd58fe8 MR	203
39023189 MR	204	if ('' == session_id()) {
	205	$this->startSession();
	206	}
	207
b95d1cdb	208	$time = $_SERVER['REQUEST_TIME'];
7d9c7fe2	209	if (isset($_SESSION['LAST_ACTIVITY']) &&
3056d117	210	($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
07124c37 MR	211	$this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
07124c37 MR	212	'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3);
3056d117	213	$this->logout();
a675b383 MR	214	} else {
	215	$_SESSION['LAST_ACTIVITY'] = $time;
	216	}
b95d1cdb MR	217	}
b95d1cdb MR	218
0da9e6e7 MR	219	private function getCSRFPreventionToken($ticket) {
	220	return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken);
	221	}
	222
	223	private function getRestTicket($username, $password) {
6ba8e4d3 MR	224	global $CFG;
6ba8e4d3 MR	225
0da9e6e7 MR	226	$result = false;
	227	$url = $CFG->wblistadm_url . '/ticket';
	228
	229	$data = "username=$username&password=$password";
	230	$response = $this->RESTCall($url, $data, $cookiesIn = '');
	231	if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
	232	$data = json_decode($response['content']);
	233	$_SESSION['ticket'] = $data->data;
	234	$_SESSION['cookies'] = $response['cookies'];
	235	$result = true;
	236	}
	237
	238	return $result;
	239	}
	240
	241	public function makeRestCall($method, $data = null) {
6ba8e4d3 MR	242	global $CFG;
6ba8e4d3 MR	243
0da9e6e7 MR	244	$result;
0da9e6e7 MR	245
f1c0988b	246	$url = $CFG->wblistadm_url . "$method";
0da9e6e7 MR	247	$token = $this->getCSRFPreventionToken($_SESSION['ticket']);
	248	$response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token);
	249
	250	if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
	251	if ($data) {
	252	// HTTP POST
	253	$result = true;
	254	} else {
	255	// HTTP GET
	256	$data = json_decode($response['content']);
840f130b MR	257	if (is_object($data)) {
	258	$result = $data->data;
	259	} else {
	260	$result = array('No result');
	261	}
0da9e6e7 MR	262	}
	263	} else {
	264	$result = ($data) ? false : array();
	265	}
	266
	267	return $result;
	268	}
	269
	270	private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) {
	271	$options = array(
	272	CURLOPT_RETURNTRANSFER => true, // return web page
	273	CURLOPT_HEADER => true, //return headers in addition to content
	274	CURLOPT_FOLLOWLOCATION => true, // follow redirects
	275	CURLOPT_ENCODING => "", // handle all encodings
	276	CURLOPT_AUTOREFERER => true, // set referer on redirect
	277	CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
	278	CURLOPT_TIMEOUT => 120, // timeout on response
	279	CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
	280	CURLINFO_HEADER_OUT => true,
	281	CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks
	282	CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
	283	CURLOPT_COOKIE => $cookiesIn
	284	);
	285
	286	if ($data) {
	287	$options[CURLOPT_POST] = 1;
	288	$options[CURLOPT_POSTFIELDS] = $data;
	289	}
	290
	291	if ($headers) {
	292	$options[CURLOPT_HTTPHEADER] = $headers;
	293	}
	294
	295	$ch = curl_init($url);
	296	curl_setopt_array($ch, $options);
	297	$rough_content = curl_exec($ch);
	298	$err = curl_errno($ch);
	299	$errmsg = curl_error($ch);
	300	$header = curl_getinfo($ch);
	301	curl_close($ch);
	302
	303	$header_content = substr($rough_content, 0, $header['header_size']);
	304	$body_content = trim(str_replace($header_content, '', $rough_content));
	305	$pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m";
	306	preg_match_all($pattern, $header_content, $matches);
	307	$cookiesOut = implode("; ", $matches['cookie']);
	308
	309	$header['errno'] = $err;
	310	$header['errmsg'] = $errmsg;
	311	$header['headers'] = $header_content;
	312	$header['content'] = $body_content;
	313	$header['cookies'] = $cookiesOut;
	314
	315	return $header;
	316	}
	317
b95d1cdb	318	public function logout() {
2dd58fe8 MR	319	$this->log("logout", 4);
2dd58fe8 MR	320
b95d1cdb MR	321	if (ini_get('session.use_cookies')) {
	322	$params = session_get_cookie_params();
	323	setcookie(session_name(), '', time() - 42000,
	324	$params['path'], $params['domain'],
	325	$params['secure'], $params['httponly']);
	326	}
39023189 MR	327
	328	if ('' != session_id()) {
	329	$_SESSION = array();
	330	session_unset();
	331	session_destroy();
	332	}
3056d117	333	$this->settings = array();
b95d1cdb MR	334	}
	335
	336	public function isAdmin() {
3056d117 MR	337	$admin = false;
3056d117 MR	338
2dd58fe8 MR	339	$this->log("isAdmin", 4);
2dd58fe8 MR	340
3056d117 MR	341	if (isset($this->settings['admin'])) {
	342	$admin = $this->settings['admin'];
	343	}
	344
	345	return $admin;
b95d1cdb MR	346	}
	347
	348	public function login($user, $pw) {
	349	global $CFG;
	350	$result = false;
	351
2dd58fe8 MR	352	$this->log("login", 4);
2dd58fe8 MR	353
3056d117 MR	354	if ('' == session_id()) {
	355	$this->startSession();
	356	}
	357
	358	$this->settings['user'] = null;
	359	$this->settings['admin'] = false;
b95d1cdb MR	360
	361	$p = explode('@', $user);
	362	if (count($p) != 2) {
3056d117 MR	363	$this->settings['loginStatus'] = 'Bad username';
	364	} else {
	365	$domain = $p[1];
	366	$dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
9295c161	367	$this->log('dn: '.var_export($dn, true), 4);
3056d117	368	$filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
9295c161	369	$this->log('filter: '.var_export($filter, true), 4);
3056d117 MR	370	$ds = @ldap_connect($CFG->ldap_dsn);
	371	if ($ds) {
	372	@ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
	373	$r = @ldap_bind($ds, $dn, $pw);
	374	if ($r) {
	375	$sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
9295c161	376	$this->log('sr: '.var_export($sr, true), 4);
3056d117	377	$info = @ldap_get_entries($ds, $sr); // array
9295c161	378	$this->log('info: '.var_export($info, true), 4);
3056d117	379	if ($info['count'] > 0) {
5ec97892	380	// Log in to wblistadm server and get CSRFPreventionToken
0da9e6e7 MR	381	if ($this->getRestTicket($user, $pw)) {
	382	$this->settings['user'] = $user;
	383	$result = true;
	384	$this->settings['loginStatus'] = 'OK';
	385	$admin = 'NO';
	386	if (isset($info[0]['domainglobaladmin'])) {
	387	$admin = $info[0]['domainglobaladmin'][0];
	388	$admin = strtoupper($admin);
	389	}
	390	$this->settings['admin'] = ($admin == 'YES') ? true : false;
	391	} else {
9295c161	392	$this->settings['loginStatus'] = 'Login to wblistadm REST server failed';
0da9e6e7	393	}
3056d117 MR	394	} else {
3056d117 MR	395	$this->settings['loginStatus'] = 'Login failed';
b95d1cdb	396	}
6df4b805	397	} else {
3056d117	398	$this->settings['loginStatus'] = ldap_error($ds);
6df4b805	399	}
3056d117	400	@ldap_close($ds);
6df4b805	401	} else {
3056d117	402	$this->settings['loginStatus'] = 'Connect to LDAP server failed';
6df4b805	403	}
6df4b805 MR	404	}
6df4b805 MR	405
3056d117	406	$_SESSION['settings'] = $this->settings;
6e081c5f	407
b95d1cdb MR	408	return $result;
	409	}
	410
	411	public function getLoginStatus() {
3056d117 MR	412	$status = 'Not logged in';
3056d117 MR	413
2dd58fe8 MR	414	$this->log("getLoginStatus", 4);
2dd58fe8 MR	415
3056d117 MR	416	if (isset($this->settings['loginStatus'])) {
	417	$status = $this->settings['loginStatus'];
	418	}
	419
	420	return $status;
b95d1cdb MR	421	}
	422
	423	public function isLoggedIn() {
	424	global $CFG;
	425	$loggedIn = false;
	426
65f27692	427	$this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3);
2dd58fe8	428
3056d117 MR	429	if ('' == session_id()) {
	430	$this->startSession();
	431	}
	432
65f27692	433	$this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3);
39023189	434	$this->checkSession();
65f27692	435	$this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3);
39023189	436
3056d117 MR	437	if (isset($this->settings['user'])) {
	438	if ($this->settings['user'] != null) {
	439	$loggedIn = true;
	440	} else {
	441	if ($CFG->auth_method == 'HTTP_AUTH') {
86fb546e MR	442	if (isset($_SERVER['PHP_AUTH_USER'])) {
86fb546e MR	443	$this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
3056d117 MR	444	$loggedIn = true;
3056d117 MR	445	}
b95d1cdb MR	446	}
	447	}
	448	}
	449
85ec6a84	450	if ($loggedIn == false) {
7b561609 MR	451	$this->log('$this->settings: '.var_export($this->settings, true), 3);
7b561609 MR	452	$this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
18d80742	453	}
6e081c5f	454
3056d117	455	$_SESSION['settings'] = $this->settings;
6e081c5f	456
b95d1cdb MR	457	return $loggedIn;
	458	}
	459
	460	public function getUser() {
3056d117 MR	461	$user = null;
3056d117 MR	462
2dd58fe8 MR	463	$this->log("getUser", 4);
2dd58fe8 MR	464
3056d117 MR	465	if ($this->isLoggedIn()) {
	466	$user = $this->settings['user'];
	467	}
	468
	469	return $user;
b95d1cdb MR	470	}
b95d1cdb MR	471
3039de29 MR	472	public function authorized($recipient) {
	473	$authorized = false;
	474
cdd7c88a MR	475	$this->log("authorized '$recipient'", 3);
cdd7c88a MR	476
3039de29 MR	477	if ($this->isAdmin() \|\| $this->getUser() == $recipient) {
	478	$authorized = true;
	479	}
181e3b1f MR	480	$msg = ($authorized) ? 'authorize' : 'not authorize';
181e3b1f MR	481	$this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3);
3039de29 MR	482
	483	return $authorized;
	484	}
	485
b95d1cdb	486	public function getHeader() {
2dd58fe8 MR	487	$this->log("getHeader", 4);
2dd58fe8 MR	488
b95d1cdb MR	489	return $this->header;
	490	}
	491
	492	public function getFooter() {
2dd58fe8 MR	493	$this->log("getFooter", 4);
2dd58fe8 MR	494
b95d1cdb MR	495	return $this->footer;
	496	}
	497
	498	public function getHeading() {
2dd58fe8 MR	499	$this->log("getHeading", 4);
2dd58fe8 MR	500
b95d1cdb MR	501	return $this->heading;
	502	}
	503
	504	public function setHeading($heading) {
	505	global $CFG;
	506
2dd58fe8 MR	507	$this->log("setHeading", 4);
2dd58fe8 MR	508
b95d1cdb MR	509	$timeout = $CFG->session_timeout * 60 * 1000;
	510	$this->heading = str_replace('__TITLE__', $heading, $this->heading);
	511	$this->header = str_replace('__TITLE__', $heading, $this->header);
	512	$this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
	513	$this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
	514	}
	515
	516	public function convertContent($code) {
2dd58fe8 MR	517	$this->log("convertContent", 4);
2dd58fe8 MR	518
b95d1cdb MR	519	$table = array(
	520	'V' => 'Virus',
	521	'B' => 'Banned',
	522	'U' => 'Unchecked',
	523	'S' => 'Spam',
	524	'Y' => 'Spammy',
	525	'M' => 'Bad Mime',
	526	'H' => 'Bad Header',
	527	'O' => 'Over sized',
	528	'T' => 'MTA err',
	529	'C' => 'Clean'
	530	);
	531
	532	$string = $table[$code];
	533	if (empty($string))
	534	$string = 'Unknown';
	535
	536	return $string;
	537	}
6df4b805	538
6df4b805	539	}