]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | /* vim: set ts=4 tw=0 sw=4 noet: */ | |
3 | require_once $CFG->root .'config.php'; | |
4 | require_once $CFG->root . 'lib/session_handler.inc.php'; | |
5 | ||
6 | class Utils { | |
7 | ||
8 | private $timeout = false; | |
9 | private $settings; | |
10 | private $log_level; | |
11 | private $log_method; | |
12 | private $header = '<!DOCTYPE html> | |
13 | <html> | |
14 | <head> | |
15 | <meta charset="utf-8"> | |
16 | <link rel="stylesheet" href="css/styles.css"> | |
17 | <script> | |
18 | var timeout = __TIMEOUT__; | |
19 | </script> | |
20 | <script src="__ROOT__js/timer.js"></script> | |
21 | <script src="__ROOT__js/checkbox.js"></script> | |
22 | <script src="__ROOT__js/forms.js"></script> | |
23 | <title>__TITLE__</title> | |
24 | </head> | |
25 | <body> | |
26 | <!-- | |
27 | <nav> | |
28 | <ul> | |
29 | <li><a href="index.php">Home</a></li> | |
30 | <li> | |
31 | <a href="#">Sections <span class="caret"></span></a> | |
32 | <div> | |
33 | <ul> | |
34 | <li><a href="qtadmin.php">Quarantine admin</a></li> | |
35 | <li><a href="wblist.php">WB list admin</a></li> | |
36 | </ul> | |
37 | </div> | |
38 | </li> | |
39 | <li><a href="about.html">About</a></li> | |
40 | <li><a href="auth.php?op=logout">Logout</a></li> | |
41 | </ul> | |
42 | </nav> | |
43 | --> | |
44 | <nav> | |
45 | <ul> | |
46 | <li><a href="index.php">Home</a></li> | |
47 | <li> | |
48 | <a href="#">Sections <span class="caret"></span></a> | |
49 | <div> | |
50 | <ul> | |
51 | <li> | |
52 | <a href="qtadmin.php">Quarantine admin</span></a> | |
53 | </li> | |
54 | <li><a href="#">WB list admin <span class="caret"></a> | |
55 | <div> | |
56 | <ul> | |
57 | <li><a href="wblist.php?p=show&s=all">Show All</a></li> | |
58 | <li><a href="wblist.php?p=show&s=blacklist">Show Blacklist</a></li> | |
59 | <li><a href="wblist.php?p=show&s=whitelist">Show Whitelist</a></li> | |
60 | <li><a href="wblist.php?p=add">Add Rule</a></li> | |
61 | <li><a href="wblist.php?p=del">Delete Rule</a></li> | |
62 | </ul> | |
63 | </div> | |
64 | </li> | |
65 | </ul> | |
66 | </div> | |
67 | </li> | |
68 | <li><a href="about.html">About</a></li> | |
69 | <li><a href="auth.php?op=logout">Logout</a></li> | |
70 | </ul> | |
71 | </nav> | |
72 | <div id="container">'; | |
73 | private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net" | |
74 | title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p> | |
75 | </div></body></html>'; | |
76 | private $heading = '<p id="time" class="time">Session timeout: | |
77 | <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>'; | |
78 | ||
79 | public function __construct() { | |
80 | global $CFG; | |
81 | ||
82 | if (isset($CFG->log_level)) { | |
83 | $this->log_level = $CFG->log_level; | |
84 | } else { | |
85 | $this->log_level = 1; | |
86 | } | |
87 | ||
88 | if (isset($CFG->log_method)) { | |
89 | $this->log_method = $CFG->log_method; | |
90 | } else { | |
91 | $this->log_level = 'syslog'; | |
92 | } | |
93 | ||
94 | $this->log("Init Utils", 4); | |
95 | ||
96 | $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); | |
97 | $this->startSession(); | |
98 | $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); | |
99 | ||
100 | if (! isset($_SESSION['settings'])) { | |
101 | $this->initSettings(); | |
102 | } | |
103 | $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); | |
104 | $this->settings = $_SESSION['settings']; | |
105 | $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); | |
106 | ||
107 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
108 | if (isset($_SERVER['PHP_AUTH_USER'])) { | |
109 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
110 | $this->settings['loginStatus'] = 'OK'; | |
111 | if ($CFG->admin_user == $this->settings['user']) | |
112 | $this->settings['admin'] = true; | |
113 | } | |
114 | } | |
115 | } | |
116 | ||
117 | private function log($message, $level = 1) { | |
118 | global $CFG; | |
119 | ||
120 | if ($level > $this->log_level) | |
121 | return; | |
122 | ||
123 | $time = date('c'); | |
124 | ||
125 | $priority = LOG_INFO; | |
126 | switch ($level) { | |
127 | case 1: $priority = LOG_ERR; break; | |
128 | case 2: $priority = LOG_WARNING; break; | |
129 | case 3: $priority = LOG_INFO; break; | |
130 | case 4: $priority = LOG_DEBUG; break; | |
131 | } | |
132 | ||
133 | switch ($this->log_method) { | |
134 | case 'file': | |
135 | if (isset($CFG->log_file)) { | |
136 | if ($CFG->log_file[0] == '/') { | |
137 | $file = $CFG->log_file; | |
138 | } else { | |
139 | $file = $CFG->root.$CFG->log_file; | |
140 | } | |
141 | } else { | |
142 | $file = $CFG->root.'qtadmin.log'; | |
143 | } | |
144 | file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); | |
145 | chmod($file, 0600); | |
146 | break; | |
147 | case 'stderr': | |
148 | file_put_contents('php://stderr', "[$time]: $message\n"); | |
149 | break; | |
150 | case 'syslog': | |
151 | syslog($priority, $message); | |
152 | break; | |
153 | } | |
154 | } | |
155 | ||
156 | private function initSettings() { | |
157 | $this->log("InitSettings", 4); | |
158 | ||
159 | if ('' == session_id()) { | |
160 | $this->startSession(); | |
161 | } | |
162 | ||
163 | if (false !== $this->timeout) { | |
164 | $timeout = $this->timeout; | |
165 | } else { | |
166 | $timeout = 0; | |
167 | } | |
168 | ||
169 | $this->settings = array( | |
170 | 'user' => null, | |
171 | 'admin' => false, | |
172 | 'loginStatus' => 'Not logged in', | |
173 | 'timeout' => $timeout | |
174 | ); | |
175 | ||
176 | $_SESSION['settings'] = $this->settings; | |
177 | } | |
178 | ||
179 | private function startSession() { | |
180 | global $CFG; | |
181 | ||
182 | $this->log("startSession", 4); | |
183 | ||
184 | if (isset($CFG->session_timeout)) { | |
185 | $this->timeout = $CFG->session_timeout * 60; | |
186 | } else { | |
187 | $this->timeout = 20 * 60; | |
188 | } | |
189 | ||
190 | if (ini_get('session.gc_maxlifetime') != $this->timeout) | |
191 | ini_set('session.gc_maxlifetime', $this->timeout); | |
192 | //if (ini_get('session.cookie_lifetime') != $this->timeout) | |
193 | // ini_set('session.cookie_lifetime', $this->timeout); | |
194 | ini_set('session.cookie_lifetime', 0); | |
195 | ||
196 | session_start(); | |
197 | } | |
198 | ||
199 | private function checkSession() { | |
200 | global $CFG; | |
201 | ||
202 | $this->log("checkSession", 4); | |
203 | ||
204 | if ('' == session_id()) { | |
205 | $this->startSession(); | |
206 | } | |
207 | ||
208 | $time = $_SERVER['REQUEST_TIME']; | |
209 | if (isset($_SESSION['LAST_ACTIVITY']) && | |
210 | ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { | |
211 | $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. | |
212 | 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); | |
213 | $this->logout(); | |
214 | } else { | |
215 | $_SESSION['LAST_ACTIVITY'] = $time; | |
216 | } | |
217 | } | |
218 | ||
219 | private function getCSRFPreventionToken($ticket) { | |
220 | return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); | |
221 | } | |
222 | ||
223 | private function getRestTicket($username, $password) { | |
224 | global $CFG; | |
225 | ||
226 | $result = false; | |
227 | $url = $CFG->wblistadm_url . '/ticket'; | |
228 | ||
229 | $data = "username=$username&password=$password"; | |
230 | $response = $this->RESTCall($url, $data, $cookiesIn = ''); | |
231 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
232 | $data = json_decode($response['content']); | |
233 | $_SESSION['ticket'] = $data->data; | |
234 | $_SESSION['cookies'] = $response['cookies']; | |
235 | $result = true; | |
236 | } | |
237 | ||
238 | return $result; | |
239 | } | |
240 | ||
241 | public function makeRestCall($method, $data = null) { | |
242 | global $CFG; | |
243 | ||
244 | $result; | |
245 | ||
246 | $url = $CFG->wblistadm_url . "$method"; | |
247 | $token = $this->getCSRFPreventionToken($_SESSION['ticket']); | |
248 | $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); | |
249 | ||
250 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
251 | if ($data) { | |
252 | // HTTP POST | |
253 | $result = true; | |
254 | } else { | |
255 | // HTTP GET | |
256 | $data = json_decode($response['content']); | |
257 | $result = $data->data; | |
258 | } | |
259 | } else { | |
260 | $result = ($data) ? false : array(); | |
261 | } | |
262 | ||
263 | return $result; | |
264 | } | |
265 | ||
266 | private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { | |
267 | $options = array( | |
268 | CURLOPT_RETURNTRANSFER => true, // return web page | |
269 | CURLOPT_HEADER => true, //return headers in addition to content | |
270 | CURLOPT_FOLLOWLOCATION => true, // follow redirects | |
271 | CURLOPT_ENCODING => "", // handle all encodings | |
272 | CURLOPT_AUTOREFERER => true, // set referer on redirect | |
273 | CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect | |
274 | CURLOPT_TIMEOUT => 120, // timeout on response | |
275 | CURLOPT_MAXREDIRS => 10, // stop after 10 redirects | |
276 | CURLINFO_HEADER_OUT => true, | |
277 | CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks | |
278 | CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, | |
279 | CURLOPT_COOKIE => $cookiesIn | |
280 | ); | |
281 | ||
282 | if ($data) { | |
283 | $options[CURLOPT_POST] = 1; | |
284 | $options[CURLOPT_POSTFIELDS] = $data; | |
285 | } | |
286 | ||
287 | if ($headers) { | |
288 | $options[CURLOPT_HTTPHEADER] = $headers; | |
289 | } | |
290 | ||
291 | $ch = curl_init($url); | |
292 | curl_setopt_array($ch, $options); | |
293 | $rough_content = curl_exec($ch); | |
294 | $err = curl_errno($ch); | |
295 | $errmsg = curl_error($ch); | |
296 | $header = curl_getinfo($ch); | |
297 | curl_close($ch); | |
298 | ||
299 | $header_content = substr($rough_content, 0, $header['header_size']); | |
300 | $body_content = trim(str_replace($header_content, '', $rough_content)); | |
301 | $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m"; | |
302 | preg_match_all($pattern, $header_content, $matches); | |
303 | $cookiesOut = implode("; ", $matches['cookie']); | |
304 | ||
305 | $header['errno'] = $err; | |
306 | $header['errmsg'] = $errmsg; | |
307 | $header['headers'] = $header_content; | |
308 | $header['content'] = $body_content; | |
309 | $header['cookies'] = $cookiesOut; | |
310 | ||
311 | return $header; | |
312 | } | |
313 | ||
314 | public function logout() { | |
315 | $this->log("logout", 4); | |
316 | ||
317 | if (ini_get('session.use_cookies')) { | |
318 | $params = session_get_cookie_params(); | |
319 | setcookie(session_name(), '', time() - 42000, | |
320 | $params['path'], $params['domain'], | |
321 | $params['secure'], $params['httponly']); | |
322 | } | |
323 | ||
324 | if ('' != session_id()) { | |
325 | $_SESSION = array(); | |
326 | session_unset(); | |
327 | session_destroy(); | |
328 | } | |
329 | $this->settings = array(); | |
330 | } | |
331 | ||
332 | public function isAdmin() { | |
333 | $admin = false; | |
334 | ||
335 | $this->log("isAdmin", 4); | |
336 | ||
337 | if (isset($this->settings['admin'])) { | |
338 | $admin = $this->settings['admin']; | |
339 | } | |
340 | ||
341 | return $admin; | |
342 | } | |
343 | ||
344 | public function login($user, $pw) { | |
345 | global $CFG; | |
346 | $result = false; | |
347 | ||
348 | $this->log("login", 4); | |
349 | ||
350 | if ('' == session_id()) { | |
351 | $this->startSession(); | |
352 | } | |
353 | ||
354 | $this->settings['user'] = null; | |
355 | $this->settings['admin'] = false; | |
356 | ||
357 | $p = explode('@', $user); | |
358 | if (count($p) != 2) { | |
359 | $this->settings['loginStatus'] = 'Bad username'; | |
360 | } else { | |
361 | $domain = $p[1]; | |
362 | $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; | |
363 | $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; | |
364 | $ds = @ldap_connect($CFG->ldap_dsn); | |
365 | if ($ds) { | |
366 | @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); | |
367 | $r = @ldap_bind($ds, $dn, $pw); | |
368 | if ($r) { | |
369 | $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); | |
370 | $info = @ldap_get_entries($ds, $sr); // array | |
371 | if ($info['count'] > 0) { | |
372 | // Log in to wblistadm server and get CSRFPreventionToken | |
373 | if ($this->getRestTicket($user, $pw)) { | |
374 | $this->settings['user'] = $user; | |
375 | $result = true; | |
376 | $this->settings['loginStatus'] = 'OK'; | |
377 | $admin = 'NO'; | |
378 | if (isset($info[0]['domainglobaladmin'])) { | |
379 | $admin = $info[0]['domainglobaladmin'][0]; | |
380 | $admin = strtoupper($admin); | |
381 | } | |
382 | $this->settings['admin'] = ($admin == 'YES') ? true : false; | |
383 | } else { | |
384 | $this->settings['loginStatus'] = 'Login failed'; | |
385 | } | |
386 | } else { | |
387 | $this->settings['loginStatus'] = 'Login failed'; | |
388 | } | |
389 | } else { | |
390 | $this->settings['loginStatus'] = ldap_error($ds); | |
391 | } | |
392 | @ldap_close($ds); | |
393 | } else { | |
394 | $this->settings['loginStatus'] = 'Connect to LDAP server failed'; | |
395 | } | |
396 | } | |
397 | ||
398 | $_SESSION['settings'] = $this->settings; | |
399 | ||
400 | return $result; | |
401 | } | |
402 | ||
403 | public function getLoginStatus() { | |
404 | $status = 'Not logged in'; | |
405 | ||
406 | $this->log("getLoginStatus", 4); | |
407 | ||
408 | if (isset($this->settings['loginStatus'])) { | |
409 | $status = $this->settings['loginStatus']; | |
410 | } | |
411 | ||
412 | return $status; | |
413 | } | |
414 | ||
415 | public function isLoggedIn() { | |
416 | global $CFG; | |
417 | $loggedIn = false; | |
418 | ||
419 | $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); | |
420 | ||
421 | if ('' == session_id()) { | |
422 | $this->startSession(); | |
423 | } | |
424 | ||
425 | $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); | |
426 | $this->checkSession(); | |
427 | $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); | |
428 | ||
429 | if (isset($this->settings['user'])) { | |
430 | if ($this->settings['user'] != null) { | |
431 | $loggedIn = true; | |
432 | } else { | |
433 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
434 | if (isset($_SERVER['PHP_AUTH_USER'])) { | |
435 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
436 | $loggedIn = true; | |
437 | } | |
438 | } | |
439 | } | |
440 | } | |
441 | ||
442 | if ($loggedIn == false) { | |
443 | $this->log('$this->settings: '.var_export($this->settings, true), 3); | |
444 | $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); | |
445 | } | |
446 | ||
447 | $_SESSION['settings'] = $this->settings; | |
448 | ||
449 | return $loggedIn; | |
450 | } | |
451 | ||
452 | public function getUser() { | |
453 | $user = null; | |
454 | ||
455 | $this->log("getUser", 4); | |
456 | ||
457 | if ($this->isLoggedIn()) { | |
458 | $user = $this->settings['user']; | |
459 | } | |
460 | ||
461 | return $user; | |
462 | } | |
463 | ||
464 | public function authorized($recipient) { | |
465 | $authorized = false; | |
466 | ||
467 | $this->log("authorized '$recipient'", 3); | |
468 | ||
469 | if ($this->isAdmin() || $this->getUser() == $recipient) { | |
470 | $authorized = true; | |
471 | } | |
472 | $msg = ($authorized) ? 'authorize' : 'not authorize'; | |
473 | $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); | |
474 | ||
475 | return $authorized; | |
476 | } | |
477 | ||
478 | public function getHeader() { | |
479 | $this->log("getHeader", 4); | |
480 | ||
481 | return $this->header; | |
482 | } | |
483 | ||
484 | public function getFooter() { | |
485 | $this->log("getFooter", 4); | |
486 | ||
487 | return $this->footer; | |
488 | } | |
489 | ||
490 | public function getHeading() { | |
491 | $this->log("getHeading", 4); | |
492 | ||
493 | return $this->heading; | |
494 | } | |
495 | ||
496 | public function setHeading($heading) { | |
497 | global $CFG; | |
498 | ||
499 | $this->log("setHeading", 4); | |
500 | ||
501 | $timeout = $CFG->session_timeout * 60 * 1000; | |
502 | $this->heading = str_replace('__TITLE__', $heading, $this->heading); | |
503 | $this->header = str_replace('__TITLE__', $heading, $this->header); | |
504 | $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header); | |
505 | $this->header = str_replace('__TIMEOUT__', $timeout, $this->header); | |
506 | } | |
507 | ||
508 | public function convertContent($code) { | |
509 | $this->log("convertContent", 4); | |
510 | ||
511 | $table = array( | |
512 | 'V' => 'Virus', | |
513 | 'B' => 'Banned', | |
514 | 'U' => 'Unchecked', | |
515 | 'S' => 'Spam', | |
516 | 'Y' => 'Spammy', | |
517 | 'M' => 'Bad Mime', | |
518 | 'H' => 'Bad Header', | |
519 | 'O' => 'Over sized', | |
520 | 'T' => 'MTA err', | |
521 | 'C' => 'Clean' | |
522 | ); | |
523 | ||
524 | $string = $table[$code]; | |
525 | if (empty($string)) | |
526 | $string = 'Unknown'; | |
527 | ||
528 | return $string; | |
529 | } | |
530 | ||
531 | } |