]> git.datanom.net - qtadmin.git/blob - lib/utils.inc.php
projects / qtadmin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add check for valid session
[qtadmin.git] / lib / utils.inc.php
1 <?php
2 /* vim: set ts=4 tw=0 sw=4 noet: */
3 require_once $CFG->root .'config.php';
4
5 class Utils {
6
7 private $settings;
8 private $header = '<!DOCTYPE html>
9 <html>
10 <head>
11 <meta charset="utf-8">
12 <link rel="stylesheet" href="css/styles.css">
13 <script>
14 var timeout = __TIMEOUT__;
15 </script>
16 <script src="__ROOT__js/timer.js"></script>
17 <script src="__ROOT__js/checkbox.js"></script>
18 <title>__TITLE__</title>
19 </head>
20 <body>';
21 private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
22 title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
23 private $heading = '<p id="time" class="time">Session timeout:
24 <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
25
26 public function __construct() {
27 global $CFG;
28
29 $this->startSession();
30
31 if (! isset($_SESSION['settings'])) {
32 $this->initSettings();
33 }
34 $this->settings = $_SESSION['settings'];
35
36 if ($CFG->auth_method == 'HTTP_AUTH') {
37 if (isset($this->server['PHP_AUTH_USER'])) {
38 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
39 $this->settings['loginStatus'] = 'OK';
40 if ($CFG->admin_user == $this->settings['user'])
41 $this->settings['admin'] = true;
42 }
43 }
44 }
45
46 private function initSettings() {
47 if ('' == session_id()) {
48 $this->startSession();
49 }
50
51 $this->settings = array(
52 'server' => $_SERVER,
53 'user' => null,
54 'admin' => false,
55 'loginStatus' => 'Not logged in',
56 'timeout' => 0
57 );
58
59 $_SESSION['settings'] = $this->settings;
60 }
61
62 private function startSession() {
63 global $CFG;
64
65 if (isset($CFG->session_timeout)) {
66 $this->timeout = $CFG->session_timeout * 60;
67 } else {
68 $this->timeout = 20 * 60;
69 }
70
71 if (ini_get('session.gc_maxlifetime') != $this->timeout)
72 ini_set('session.gc_maxlifetime', $this->timeout);
73 if (ini_get('session.cookie_lifetime') != $this->timeout)
74 ini_set('session.cookie_lifetime', $this->timeout);
75
76 session_start();
77 }
78
79 private function checkSession() {
80 global $CFG;
81
82 if ('' == session_id()) {
83 $this->startSession();
84 }
85
86 $time = $_SERVER['REQUEST_TIME'];
87 if (isset($_SESSION['LAST_ACTIVITY']) &&
88 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
89 echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
90 $this->logout();
91 } else {
92 $_SESSION['LAST_ACTIVITY'] = $time;
93 }
94 }
95
96 public function logout() {
97 if (ini_get('session.use_cookies')) {
98 $params = session_get_cookie_params();
99 setcookie(session_name(), '', time() - 42000,
100 $params['path'], $params['domain'],
101 $params['secure'], $params['httponly']);
102 }
103
104 if ('' != session_id()) {
105 $_SESSION = array();
106 session_unset();
107 session_destroy();
108 }
109 $this->settings = array();
110 }
111
112 public function isAdmin() {
113 $admin = false;
114
115 if (isset($this->settings['admin'])) {
116 $admin = $this->settings['admin'];
117 }
118
119 return $admin;
120 }
121
122 public function login($user, $pw) {
123 global $CFG;
124 $result = false;
125
126 if ('' == session_id()) {
127 $this->startSession();
128 }
129
130 $this->settings['user'] = null;
131 $this->settings['admin'] = false;
132
133 $p = explode('@', $user);
134 if (count($p) != 2) {
135 $this->settings['loginStatus'] = 'Bad username';
136 } else {
137 $domain = $p[1];
138 $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
139 $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
140 $ds = @ldap_connect($CFG->ldap_dsn);
141 if ($ds) {
142 @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
143 $r = @ldap_bind($ds, $dn, $pw);
144 if ($r) {
145 $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
146 $info = @ldap_get_entries($ds, $sr); // array
147 if ($info['count'] > 0) {
148 $this->settings['user'] = $user;
149 $result = true;
150 $this->settings['loginStatus'] = 'OK';
151 $admin = 'NO';
152 if (isset($info[0]['domainglobaladmin'])) {
153 $admin = $info[0]['domainglobaladmin'][0];
154 $admin = strtoupper($admin);
155 }
156 $this->settings['admin'] = ($admin == 'YES') ? true : false;
157 } else {
158 $this->settings['loginStatus'] = 'Login failed';
159 }
160 } else {
161 $this->settings['loginStatus'] = ldap_error($ds);
162 }
163 @ldap_close($ds);
164 } else {
165 $this->settings['loginStatus'] = 'Connect to LDAP server failed';
166 }
167 }
168
169 $_SESSION['settings'] = $this->settings;
170
171 return $result;
172 }
173
174 public function getLoginStatus() {
175 $status = 'Not logged in';
176
177 if (isset($this->settings['loginStatus'])) {
178 $status = $this->settings['loginStatus'];
179 }
180
181 return $status;
182 }
183
184 public function isLoggedIn() {
185 global $CFG;
186 $loggedIn = false;
187
188 if ('' == session_id()) {
189 $this->startSession();
190 }
191
192 $this->checkSession();
193
194 if (isset($this->settings['user'])) {
195 if ($this->settings['user'] != null) {
196 $loggedIn = true;
197 } else {
198 if ($CFG->auth_method == 'HTTP_AUTH') {
199 if (isset($this->server['PHP_AUTH_USER'])) {
200 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
201 $loggedIn = true;
202 }
203 }
204 }
205 }
206
207 if ($loggedIn == false) {
208 echo '$this->settings: '.var_export($this->settings, true);
209 echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
210 //exit;
211 }
212
213 $_SESSION['settings'] = $this->settings;
214
215 return $loggedIn;
216 }
217
218 public function getUser() {
219 $user = null;
220
221 if ($this->isLoggedIn()) {
222 $user = $this->settings['user'];
223 }
224
225 return $user;
226 }
227
228 public function getHeader() {
229 return $this->header;
230 }
231
232 public function getFooter() {
233 return $this->footer;
234 }
235
236 public function getHeading() {
237 return $this->heading;
238 }
239
240 public function setHeading($heading) {
241 global $CFG;
242
243 $timeout = $CFG->session_timeout * 60 * 1000;
244 $this->heading = str_replace('__TITLE__', $heading, $this->heading);
245 $this->header = str_replace('__TITLE__', $heading, $this->header);
246 $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
247 $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
248 }
249
250 public function convertContent($code) {
251 $table = array(
252 'V' => 'Virus',
253 'B' => 'Banned',
254 'U' => 'Unchecked',
255 'S' => 'Spam',
256 'Y' => 'Spammy',
257 'M' => 'Bad Mime',
258 'H' => 'Bad Header',
259 'O' => 'Over sized',
260 'T' => 'MTA err',
261 'C' => 'Clean'
262 );
263
264 $string = $table[$code];
265 if (empty($string))
266 $string = 'Unknown';
267
268 return $string;
269 }
270
271 }
An Amavisd qurantine administration interface
This page took 0.087329 seconds and 6 git commands to generate.