2 /* vim: set ts=4 tw=0 sw=4 noet: */
3 require_once $CFG->root
.'config.php';
4 require_once $CFG->root
. 'lib/session_handler.inc.php';
8 private $timeout = false;
12 private $header = '<!DOCTYPE html>
15 <meta charset="utf-8">
16 <link rel="stylesheet" href="css/styles.css">
18 var timeout = __TIMEOUT__;
20 <script src="__ROOT__js/timer.js"></script>
21 <script src="__ROOT__js/checkbox.js"></script>
22 <script src="__ROOT__js/forms.js"></script>
23 <title>__TITLE__</title>
28 <li><a href="index.php">Home</a></li>
30 <a href="#">Sections <span class="caret"></span></a>
33 <li><a href="qtadmin.php">Quarantine admin</a></li>
34 <li><a href="wblist.php">WB list admin</a></li>
38 <li><a href="about.html">About</a></li>
39 <li><a href="help.html">Help</a></li>
42 <div id="container">';
43 private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
44 title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p>
45 </div></body></html>';
46 private $heading = '<p id="time" class="time">Session timeout:
47 <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
49 public function __construct() {
52 if (isset($CFG->log_level
)) {
53 $this->log_level
= $CFG->log_level
;
58 if (isset($CFG->log_method
)) {
59 $this->log_method
= $CFG->log_method
;
61 $this->log_level
= 'syslog';
64 $this->log("Init Utils", 4);
66 $this->log("__construct[1]: user ".var_export($this->settings
['user'], true), 3);
67 $this->startSession();
68 $this->log("__construct[2]: user ".var_export($this->settings
['user'], true), 3);
70 if (! isset($_SESSION['settings'])) {
71 $this->initSettings();
73 $this->log("__construct[3]: user ".var_export($this->settings
['user'], true), 3);
74 $this->settings
= $_SESSION['settings'];
75 $this->log("__construct[4]: user ".var_export($this->settings
['user'], true), 3);
77 if ($CFG->auth_method
== 'HTTP_AUTH') {
78 if (isset($_SERVER['PHP_AUTH_USER'])) {
79 $this->settings
['user'] = $_SERVER['PHP_AUTH_USER'];
80 $this->settings
['loginStatus'] = 'OK';
81 if ($CFG->admin_user
== $this->settings
['user'])
82 $this->settings
['admin'] = true;
87 private function log($message, $level = 1) {
90 if ($level > $this->log_level
)
97 case 1: $priority = LOG_ERR
; break;
98 case 2: $priority = LOG_WARNING
; break;
99 case 3: $priority = LOG_INFO
; break;
100 case 4: $priority = LOG_DEBUG
; break;
103 switch ($this->log_method
) {
105 if (isset($CFG->log_file
)) {
106 if ($CFG->log_file
[0] == '/') {
107 $file = $CFG->log_file
;
109 $file = $CFG->root
.$CFG->log_file
;
112 $file = $CFG->root
.'qtadmin.log';
114 file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX
);
118 file_put_contents('php://stderr', "[$time]: $message\n");
121 syslog($priority, $message);
126 private function initSettings() {
127 $this->log("InitSettings", 4);
129 if ('' == session_id()) {
130 $this->startSession();
133 if (false !== $this->timeout
) {
134 $timeout = $this->timeout
;
139 $this->settings
= array(
142 'loginStatus' => 'Not logged in',
143 'timeout' => $timeout
146 $_SESSION['settings'] = $this->settings
;
149 private function startSession() {
152 $this->log("startSession", 4);
154 if (isset($CFG->session_timeout
)) {
155 $this->timeout
= $CFG->session_timeout
* 60;
157 $this->timeout
= 20 * 60;
160 if (ini_get('session.gc_maxlifetime') != $this->timeout
)
161 ini_set('session.gc_maxlifetime', $this->timeout
);
162 //if (ini_get('session.cookie_lifetime') != $this->timeout)
163 // ini_set('session.cookie_lifetime', $this->timeout);
164 ini_set('session.cookie_lifetime', 0);
169 private function checkSession() {
172 $this->log("checkSession", 4);
174 if ('' == session_id()) {
175 $this->startSession();
178 $time = $_SERVER['REQUEST_TIME'];
179 if (isset($_SESSION['LAST_ACTIVITY']) &&
180 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings
['timeout']) {
181 $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
182 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings
['timeout'], 3);
185 $_SESSION['LAST_ACTIVITY'] = $time;
189 private function getCSRFPreventionToken($ticket) {
190 return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken
);
193 private function getRestTicket($username, $password) {
197 $url = $CFG->wblistadm_url
. '/ticket';
199 $data = "username=$username&password=$password";
200 $response = $this->RESTCall($url, $data, $cookiesIn = '');
201 if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
202 $data = json_decode($response['content']);
203 $_SESSION['ticket'] = $data->data
;
204 $_SESSION['cookies'] = $response['cookies'];
211 public function makeRestCall($method, $data = null) {
216 $url = $CFG->wblistadm_url
. "$method";
217 $token = $this->getCSRFPreventionToken($_SESSION['ticket']);
218 $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token);
220 if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
226 $data = json_decode($response['content']);
227 $result = $data->data
;
230 $result = ($data) ?
false : array();
236 private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) {
238 CURLOPT_RETURNTRANSFER
=> true, // return web page
239 CURLOPT_HEADER
=> true, //return headers in addition to content
240 CURLOPT_FOLLOWLOCATION
=> true, // follow redirects
241 CURLOPT_ENCODING
=> "", // handle all encodings
242 CURLOPT_AUTOREFERER
=> true, // set referer on redirect
243 CURLOPT_CONNECTTIMEOUT
=> 120, // timeout on connect
244 CURLOPT_TIMEOUT
=> 120, // timeout on response
245 CURLOPT_MAXREDIRS
=> 10, // stop after 10 redirects
246 CURLINFO_HEADER_OUT
=> true,
247 CURLOPT_SSL_VERIFYPEER
=> false, // Disabled SSL Cert checks
248 CURLOPT_HTTP_VERSION
=> CURL_HTTP_VERSION_1_1
,
249 CURLOPT_COOKIE
=> $cookiesIn
253 $options[CURLOPT_POST
] = 1;
254 $options[CURLOPT_POSTFIELDS
] = $data;
258 $options[CURLOPT_HTTPHEADER
] = $headers;
261 $ch = curl_init($url);
262 curl_setopt_array($ch, $options);
263 $rough_content = curl_exec($ch);
264 $err = curl_errno($ch);
265 $errmsg = curl_error($ch);
266 $header = curl_getinfo($ch);
269 $header_content = substr($rough_content, 0, $header['header_size']);
270 $body_content = trim(str_replace($header_content, '', $rough_content));
271 $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m";
272 preg_match_all($pattern, $header_content, $matches);
273 $cookiesOut = implode("; ", $matches['cookie']);
275 $header['errno'] = $err;
276 $header['errmsg'] = $errmsg;
277 $header['headers'] = $header_content;
278 $header['content'] = $body_content;
279 $header['cookies'] = $cookiesOut;
284 public function logout() {
285 $this->log("logout", 4);
287 if (ini_get('session.use_cookies')) {
288 $params = session_get_cookie_params();
289 setcookie(session_name(), '', time() - 42000,
290 $params['path'], $params['domain'],
291 $params['secure'], $params['httponly']);
294 if ('' != session_id()) {
299 $this->settings
= array();
302 public function isAdmin() {
305 $this->log("isAdmin", 4);
307 if (isset($this->settings
['admin'])) {
308 $admin = $this->settings
['admin'];
314 public function login($user, $pw) {
318 $this->log("login", 4);
320 if ('' == session_id()) {
321 $this->startSession();
324 $this->settings
['user'] = null;
325 $this->settings
['admin'] = false;
327 $p = explode('@', $user);
328 if (count($p) != 2) {
329 $this->settings
['loginStatus'] = 'Bad username';
332 $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
333 $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
334 $ds = @ldap_connect
($CFG->ldap_dsn
);
336 @ldap_set_option
($ds, LDAP_OPT_PROTOCOL_VERSION
, 3);
337 $r = @ldap_bind
($ds, $dn, $pw);
339 $sr = @ldap_search
($ds, $CFG->ldap_base_dn
, $filter, array('mail','domainglobaladmin'));
340 $info = @ldap_get_entries
($ds, $sr); // array
341 if ($info['count'] > 0) {
342 // Log in to wblistadm server and get CSRFPreventionToken
343 if ($this->getRestTicket($user, $pw)) {
344 $this->settings
['user'] = $user;
346 $this->settings
['loginStatus'] = 'OK';
348 if (isset($info[0]['domainglobaladmin'])) {
349 $admin = $info[0]['domainglobaladmin'][0];
350 $admin = strtoupper($admin);
352 $this->settings
['admin'] = ($admin == 'YES') ?
true : false;
354 $this->settings
['loginStatus'] = 'Login failed';
357 $this->settings
['loginStatus'] = 'Login failed';
360 $this->settings
['loginStatus'] = ldap_error($ds);
364 $this->settings
['loginStatus'] = 'Connect to LDAP server failed';
368 $_SESSION['settings'] = $this->settings
;
373 public function getLoginStatus() {
374 $status = 'Not logged in';
376 $this->log("getLoginStatus", 4);
378 if (isset($this->settings
['loginStatus'])) {
379 $status = $this->settings
['loginStatus'];
385 public function isLoggedIn() {
389 $this->log("isLoggedIn[1]: user ".var_export($this->settings
['user'], true), 3);
391 if ('' == session_id()) {
392 $this->startSession();
395 $this->log("isLoggedIn[2]: user ".var_export($this->settings
['user'], true), 3);
396 $this->checkSession();
397 $this->log("isLoggedIn[3]: user ".var_export($this->settings
['user'], true), 3);
399 if (isset($this->settings
['user'])) {
400 if ($this->settings
['user'] != null) {
403 if ($CFG->auth_method
== 'HTTP_AUTH') {
404 if (isset($_SERVER['PHP_AUTH_USER'])) {
405 $this->settings
['user'] = $_SERVER['PHP_AUTH_USER'];
412 if ($loggedIn == false) {
413 $this->log('$this->settings: '.var_export($this->settings
, true), 3);
414 $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
417 $_SESSION['settings'] = $this->settings
;
422 public function getUser() {
425 $this->log("getUser", 4);
427 if ($this->isLoggedIn()) {
428 $user = $this->settings
['user'];
434 public function authorized($recipient) {
437 $this->log("authorized '$recipient'", 3);
439 if ($this->isAdmin() ||
$this->getUser() == $recipient) {
442 $msg = ($authorized) ?
'authorize' : 'not authorize';
443 $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3);
448 public function getHeader() {
449 $this->log("getHeader", 4);
451 return $this->header
;
454 public function getFooter() {
455 $this->log("getFooter", 4);
457 return $this->footer
;
460 public function getHeading() {
461 $this->log("getHeading", 4);
463 return $this->heading
;
466 public function setHeading($heading) {
469 $this->log("setHeading", 4);
471 $timeout = $CFG->session_timeout
* 60 * 1000;
472 $this->heading
= str_replace('__TITLE__', $heading, $this->heading
);
473 $this->header
= str_replace('__TITLE__', $heading, $this->header
);
474 $this->header
= str_replace('__ROOT__', $CFG->wwwroot
, $this->header
);
475 $this->header
= str_replace('__TIMEOUT__', $timeout, $this->header
);
478 public function convertContent($code) {
479 $this->log("convertContent", 4);
494 $string = $table[$code];