]>
Commit | Line | Data |
---|---|---|
1 | <?php | |
2 | /* vim: set ts=4 tw=0 sw=4 noet: */ | |
3 | require_once $CFG->root .'config.php'; | |
4 | require_once $CFG->root . 'lib/session_handler.inc.php'; | |
5 | ||
6 | class Utils { | |
7 | ||
8 | private $timeout = false; | |
9 | private $settings; | |
10 | private $log_level; | |
11 | private $log_method; | |
12 | private $header = '<!DOCTYPE html> | |
13 | <html> | |
14 | <head> | |
15 | <meta charset="utf-8"> | |
16 | <link rel="stylesheet" href="css/styles.css"> | |
17 | <script> | |
18 | var timeout = __TIMEOUT__; | |
19 | </script> | |
20 | <script src="__ROOT__js/timer.js"></script> | |
21 | <script src="__ROOT__js/checkbox.js"></script> | |
22 | <script src="__ROOT__js/forms.js"></script> | |
23 | <title>__TITLE__</title> | |
24 | </head> | |
25 | <body> | |
26 | <nav> | |
27 | <ul> | |
28 | <li><a href="index.php">Home</a></li> | |
29 | <li> | |
30 | <a href="#">Sections <span class="caret"></span></a> | |
31 | <div> | |
32 | <ul> | |
33 | <li><a href="qtadmin.php">Quarantine admin</a></li> | |
34 | <li><a href="wblist.php">WB list admin</a></li> | |
35 | </ul> | |
36 | </div> | |
37 | </li> | |
38 | <li><a href="about.html">About</a></li> | |
39 | <li><a href="auth.php?op=logout">Logout</a></li> | |
40 | </ul> | |
41 | </nav> | |
42 | <div id="container">'; | |
43 | private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net" | |
44 | title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p> | |
45 | </div></body></html>'; | |
46 | private $heading = '<p id="time" class="time">Session timeout: | |
47 | <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>'; | |
48 | ||
49 | public function __construct() { | |
50 | global $CFG; | |
51 | ||
52 | if (isset($CFG->log_level)) { | |
53 | $this->log_level = $CFG->log_level; | |
54 | } else { | |
55 | $this->log_level = 1; | |
56 | } | |
57 | ||
58 | if (isset($CFG->log_method)) { | |
59 | $this->log_method = $CFG->log_method; | |
60 | } else { | |
61 | $this->log_level = 'syslog'; | |
62 | } | |
63 | ||
64 | $this->log("Init Utils", 4); | |
65 | ||
66 | $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); | |
67 | $this->startSession(); | |
68 | $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); | |
69 | ||
70 | if (! isset($_SESSION['settings'])) { | |
71 | $this->initSettings(); | |
72 | } | |
73 | $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); | |
74 | $this->settings = $_SESSION['settings']; | |
75 | $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); | |
76 | ||
77 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
78 | if (isset($_SERVER['PHP_AUTH_USER'])) { | |
79 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
80 | $this->settings['loginStatus'] = 'OK'; | |
81 | if ($CFG->admin_user == $this->settings['user']) | |
82 | $this->settings['admin'] = true; | |
83 | } | |
84 | } | |
85 | } | |
86 | ||
87 | private function log($message, $level = 1) { | |
88 | global $CFG; | |
89 | ||
90 | if ($level > $this->log_level) | |
91 | return; | |
92 | ||
93 | $time = date('c'); | |
94 | ||
95 | $priority = LOG_INFO; | |
96 | switch ($level) { | |
97 | case 1: $priority = LOG_ERR; break; | |
98 | case 2: $priority = LOG_WARNING; break; | |
99 | case 3: $priority = LOG_INFO; break; | |
100 | case 4: $priority = LOG_DEBUG; break; | |
101 | } | |
102 | ||
103 | switch ($this->log_method) { | |
104 | case 'file': | |
105 | if (isset($CFG->log_file)) { | |
106 | if ($CFG->log_file[0] == '/') { | |
107 | $file = $CFG->log_file; | |
108 | } else { | |
109 | $file = $CFG->root.$CFG->log_file; | |
110 | } | |
111 | } else { | |
112 | $file = $CFG->root.'qtadmin.log'; | |
113 | } | |
114 | file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); | |
115 | chmod($file, 0600); | |
116 | break; | |
117 | case 'stderr': | |
118 | file_put_contents('php://stderr', "[$time]: $message\n"); | |
119 | break; | |
120 | case 'syslog': | |
121 | syslog($priority, $message); | |
122 | break; | |
123 | } | |
124 | } | |
125 | ||
126 | private function initSettings() { | |
127 | $this->log("InitSettings", 4); | |
128 | ||
129 | if ('' == session_id()) { | |
130 | $this->startSession(); | |
131 | } | |
132 | ||
133 | if (false !== $this->timeout) { | |
134 | $timeout = $this->timeout; | |
135 | } else { | |
136 | $timeout = 0; | |
137 | } | |
138 | ||
139 | $this->settings = array( | |
140 | 'user' => null, | |
141 | 'admin' => false, | |
142 | 'loginStatus' => 'Not logged in', | |
143 | 'timeout' => $timeout | |
144 | ); | |
145 | ||
146 | $_SESSION['settings'] = $this->settings; | |
147 | } | |
148 | ||
149 | private function startSession() { | |
150 | global $CFG; | |
151 | ||
152 | $this->log("startSession", 4); | |
153 | ||
154 | if (isset($CFG->session_timeout)) { | |
155 | $this->timeout = $CFG->session_timeout * 60; | |
156 | } else { | |
157 | $this->timeout = 20 * 60; | |
158 | } | |
159 | ||
160 | if (ini_get('session.gc_maxlifetime') != $this->timeout) | |
161 | ini_set('session.gc_maxlifetime', $this->timeout); | |
162 | //if (ini_get('session.cookie_lifetime') != $this->timeout) | |
163 | // ini_set('session.cookie_lifetime', $this->timeout); | |
164 | ini_set('session.cookie_lifetime', 0); | |
165 | ||
166 | session_start(); | |
167 | } | |
168 | ||
169 | private function checkSession() { | |
170 | global $CFG; | |
171 | ||
172 | $this->log("checkSession", 4); | |
173 | ||
174 | if ('' == session_id()) { | |
175 | $this->startSession(); | |
176 | } | |
177 | ||
178 | $time = $_SERVER['REQUEST_TIME']; | |
179 | if (isset($_SESSION['LAST_ACTIVITY']) && | |
180 | ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { | |
181 | $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. | |
182 | 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); | |
183 | $this->logout(); | |
184 | } else { | |
185 | $_SESSION['LAST_ACTIVITY'] = $time; | |
186 | } | |
187 | } | |
188 | ||
189 | private function getCSRFPreventionToken($ticket) { | |
190 | return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); | |
191 | } | |
192 | ||
193 | private function getRestTicket($username, $password) { | |
194 | global $CFG; | |
195 | ||
196 | $result = false; | |
197 | $url = $CFG->wblistadm_url . '/ticket'; | |
198 | ||
199 | $data = "username=$username&password=$password"; | |
200 | $response = $this->RESTCall($url, $data, $cookiesIn = ''); | |
201 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
202 | $data = json_decode($response['content']); | |
203 | $_SESSION['ticket'] = $data->data; | |
204 | $_SESSION['cookies'] = $response['cookies']; | |
205 | $result = true; | |
206 | } | |
207 | ||
208 | return $result; | |
209 | } | |
210 | ||
211 | public function makeRestCall($method, $data = null) { | |
212 | global $CFG; | |
213 | ||
214 | $result; | |
215 | ||
216 | $url = $CFG->wblistadm_url . "$method"; | |
217 | $token = $this->getCSRFPreventionToken($_SESSION['ticket']); | |
218 | $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); | |
219 | ||
220 | if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { | |
221 | if ($data) { | |
222 | // HTTP POST | |
223 | $result = true; | |
224 | } else { | |
225 | // HTTP GET | |
226 | $data = json_decode($response['content']); | |
227 | $result = $data->data; | |
228 | } | |
229 | } else { | |
230 | $result = ($data) ? false : array(); | |
231 | } | |
232 | ||
233 | return $result; | |
234 | } | |
235 | ||
236 | private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { | |
237 | $options = array( | |
238 | CURLOPT_RETURNTRANSFER => true, // return web page | |
239 | CURLOPT_HEADER => true, //return headers in addition to content | |
240 | CURLOPT_FOLLOWLOCATION => true, // follow redirects | |
241 | CURLOPT_ENCODING => "", // handle all encodings | |
242 | CURLOPT_AUTOREFERER => true, // set referer on redirect | |
243 | CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect | |
244 | CURLOPT_TIMEOUT => 120, // timeout on response | |
245 | CURLOPT_MAXREDIRS => 10, // stop after 10 redirects | |
246 | CURLINFO_HEADER_OUT => true, | |
247 | CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks | |
248 | CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, | |
249 | CURLOPT_COOKIE => $cookiesIn | |
250 | ); | |
251 | ||
252 | if ($data) { | |
253 | $options[CURLOPT_POST] = 1; | |
254 | $options[CURLOPT_POSTFIELDS] = $data; | |
255 | } | |
256 | ||
257 | if ($headers) { | |
258 | $options[CURLOPT_HTTPHEADER] = $headers; | |
259 | } | |
260 | ||
261 | $ch = curl_init($url); | |
262 | curl_setopt_array($ch, $options); | |
263 | $rough_content = curl_exec($ch); | |
264 | $err = curl_errno($ch); | |
265 | $errmsg = curl_error($ch); | |
266 | $header = curl_getinfo($ch); | |
267 | curl_close($ch); | |
268 | ||
269 | $header_content = substr($rough_content, 0, $header['header_size']); | |
270 | $body_content = trim(str_replace($header_content, '', $rough_content)); | |
271 | $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m"; | |
272 | preg_match_all($pattern, $header_content, $matches); | |
273 | $cookiesOut = implode("; ", $matches['cookie']); | |
274 | ||
275 | $header['errno'] = $err; | |
276 | $header['errmsg'] = $errmsg; | |
277 | $header['headers'] = $header_content; | |
278 | $header['content'] = $body_content; | |
279 | $header['cookies'] = $cookiesOut; | |
280 | ||
281 | return $header; | |
282 | } | |
283 | ||
284 | public function logout() { | |
285 | $this->log("logout", 4); | |
286 | ||
287 | if (ini_get('session.use_cookies')) { | |
288 | $params = session_get_cookie_params(); | |
289 | setcookie(session_name(), '', time() - 42000, | |
290 | $params['path'], $params['domain'], | |
291 | $params['secure'], $params['httponly']); | |
292 | } | |
293 | ||
294 | if ('' != session_id()) { | |
295 | $_SESSION = array(); | |
296 | session_unset(); | |
297 | session_destroy(); | |
298 | } | |
299 | $this->settings = array(); | |
300 | } | |
301 | ||
302 | public function isAdmin() { | |
303 | $admin = false; | |
304 | ||
305 | $this->log("isAdmin", 4); | |
306 | ||
307 | if (isset($this->settings['admin'])) { | |
308 | $admin = $this->settings['admin']; | |
309 | } | |
310 | ||
311 | return $admin; | |
312 | } | |
313 | ||
314 | public function login($user, $pw) { | |
315 | global $CFG; | |
316 | $result = false; | |
317 | ||
318 | $this->log("login", 4); | |
319 | ||
320 | if ('' == session_id()) { | |
321 | $this->startSession(); | |
322 | } | |
323 | ||
324 | $this->settings['user'] = null; | |
325 | $this->settings['admin'] = false; | |
326 | ||
327 | $p = explode('@', $user); | |
328 | if (count($p) != 2) { | |
329 | $this->settings['loginStatus'] = 'Bad username'; | |
330 | } else { | |
331 | $domain = $p[1]; | |
332 | $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; | |
333 | $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; | |
334 | $ds = @ldap_connect($CFG->ldap_dsn); | |
335 | if ($ds) { | |
336 | @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); | |
337 | $r = @ldap_bind($ds, $dn, $pw); | |
338 | if ($r) { | |
339 | $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); | |
340 | $info = @ldap_get_entries($ds, $sr); // array | |
341 | if ($info['count'] > 0) { | |
342 | // Log in to wblistadm server and get CSRFPreventionToken | |
343 | if ($this->getRestTicket($user, $pw)) { | |
344 | $this->settings['user'] = $user; | |
345 | $result = true; | |
346 | $this->settings['loginStatus'] = 'OK'; | |
347 | $admin = 'NO'; | |
348 | if (isset($info[0]['domainglobaladmin'])) { | |
349 | $admin = $info[0]['domainglobaladmin'][0]; | |
350 | $admin = strtoupper($admin); | |
351 | } | |
352 | $this->settings['admin'] = ($admin == 'YES') ? true : false; | |
353 | } else { | |
354 | $this->settings['loginStatus'] = 'Login failed'; | |
355 | } | |
356 | } else { | |
357 | $this->settings['loginStatus'] = 'Login failed'; | |
358 | } | |
359 | } else { | |
360 | $this->settings['loginStatus'] = ldap_error($ds); | |
361 | } | |
362 | @ldap_close($ds); | |
363 | } else { | |
364 | $this->settings['loginStatus'] = 'Connect to LDAP server failed'; | |
365 | } | |
366 | } | |
367 | ||
368 | $_SESSION['settings'] = $this->settings; | |
369 | ||
370 | return $result; | |
371 | } | |
372 | ||
373 | public function getLoginStatus() { | |
374 | $status = 'Not logged in'; | |
375 | ||
376 | $this->log("getLoginStatus", 4); | |
377 | ||
378 | if (isset($this->settings['loginStatus'])) { | |
379 | $status = $this->settings['loginStatus']; | |
380 | } | |
381 | ||
382 | return $status; | |
383 | } | |
384 | ||
385 | public function isLoggedIn() { | |
386 | global $CFG; | |
387 | $loggedIn = false; | |
388 | ||
389 | $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); | |
390 | ||
391 | if ('' == session_id()) { | |
392 | $this->startSession(); | |
393 | } | |
394 | ||
395 | $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); | |
396 | $this->checkSession(); | |
397 | $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); | |
398 | ||
399 | if (isset($this->settings['user'])) { | |
400 | if ($this->settings['user'] != null) { | |
401 | $loggedIn = true; | |
402 | } else { | |
403 | if ($CFG->auth_method == 'HTTP_AUTH') { | |
404 | if (isset($_SERVER['PHP_AUTH_USER'])) { | |
405 | $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; | |
406 | $loggedIn = true; | |
407 | } | |
408 | } | |
409 | } | |
410 | } | |
411 | ||
412 | if ($loggedIn == false) { | |
413 | $this->log('$this->settings: '.var_export($this->settings, true), 3); | |
414 | $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); | |
415 | } | |
416 | ||
417 | $_SESSION['settings'] = $this->settings; | |
418 | ||
419 | return $loggedIn; | |
420 | } | |
421 | ||
422 | public function getUser() { | |
423 | $user = null; | |
424 | ||
425 | $this->log("getUser", 4); | |
426 | ||
427 | if ($this->isLoggedIn()) { | |
428 | $user = $this->settings['user']; | |
429 | } | |
430 | ||
431 | return $user; | |
432 | } | |
433 | ||
434 | public function authorized($recipient) { | |
435 | $authorized = false; | |
436 | ||
437 | $this->log("authorized '$recipient'", 3); | |
438 | ||
439 | if ($this->isAdmin() || $this->getUser() == $recipient) { | |
440 | $authorized = true; | |
441 | } | |
442 | $msg = ($authorized) ? 'authorize' : 'not authorize'; | |
443 | $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); | |
444 | ||
445 | return $authorized; | |
446 | } | |
447 | ||
448 | public function getHeader() { | |
449 | $this->log("getHeader", 4); | |
450 | ||
451 | return $this->header; | |
452 | } | |
453 | ||
454 | public function getFooter() { | |
455 | $this->log("getFooter", 4); | |
456 | ||
457 | return $this->footer; | |
458 | } | |
459 | ||
460 | public function getHeading() { | |
461 | $this->log("getHeading", 4); | |
462 | ||
463 | return $this->heading; | |
464 | } | |
465 | ||
466 | public function setHeading($heading) { | |
467 | global $CFG; | |
468 | ||
469 | $this->log("setHeading", 4); | |
470 | ||
471 | $timeout = $CFG->session_timeout * 60 * 1000; | |
472 | $this->heading = str_replace('__TITLE__', $heading, $this->heading); | |
473 | $this->header = str_replace('__TITLE__', $heading, $this->header); | |
474 | $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header); | |
475 | $this->header = str_replace('__TIMEOUT__', $timeout, $this->header); | |
476 | } | |
477 | ||
478 | public function convertContent($code) { | |
479 | $this->log("convertContent", 4); | |
480 | ||
481 | $table = array( | |
482 | 'V' => 'Virus', | |
483 | 'B' => 'Banned', | |
484 | 'U' => 'Unchecked', | |
485 | 'S' => 'Spam', | |
486 | 'Y' => 'Spammy', | |
487 | 'M' => 'Bad Mime', | |
488 | 'H' => 'Bad Header', | |
489 | 'O' => 'Over sized', | |
490 | 'T' => 'MTA err', | |
491 | 'C' => 'Clean' | |
492 | ); | |
493 | ||
494 | $string = $table[$code]; | |
495 | if (empty($string)) | |
496 | $string = 'Unknown'; | |
497 | ||
498 | return $string; | |
499 | } | |
500 | ||
501 | } |