]> git.datanom.net - qtadmin.git/blob - lib/utils.inc.php
projects / qtadmin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add check for valid session
[qtadmin.git] / lib / utils.inc.php
1 <?php
2 /* vim: set ts=4 tw=0 sw=4 noet: */
3 require_once $CFG->root .'config.php';
4
5 class Utils {
6
7 private $timeout = false;
8 private $settings;
9 private $header = '<!DOCTYPE html>
10 <html>
11 <head>
12 <meta charset="utf-8">
13 <link rel="stylesheet" href="css/styles.css">
14 <script>
15 var timeout = __TIMEOUT__;
16 </script>
17 <script src="__ROOT__js/timer.js"></script>
18 <script src="__ROOT__js/checkbox.js"></script>
19 <title>__TITLE__</title>
20 </head>
21 <body>';
22 private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
23 title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
24 private $heading = '<p id="time" class="time">Session timeout:
25 <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
26
27 public function __construct() {
28 global $CFG;
29
30 $this->startSession();
31
32 if (! isset($_SESSION['settings'])) {
33 $this->initSettings();
34 }
35 $this->settings = $_SESSION['settings'];
36
37 if ($CFG->auth_method == 'HTTP_AUTH') {
38 if (isset($this->server['PHP_AUTH_USER'])) {
39 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
40 $this->settings['loginStatus'] = 'OK';
41 if ($CFG->admin_user == $this->settings['user'])
42 $this->settings['admin'] = true;
43 }
44 }
45 }
46
47 private function initSettings() {
48 if ('' == session_id()) {
49 $this->startSession();
50 }
51
52 if (false !== $this->timeout) {
53 $timeout = $this->timeout;
54 } else {
55 $timeout = 0;
56 }
57
58 $this->settings = array(
59 'server' => $_SERVER,
60 'user' => null,
61 'admin' => false,
62 'loginStatus' => 'Not logged in',
63 'timeout' => $timeout
64 );
65
66 $_SESSION['settings'] = $this->settings;
67 }
68
69 private function startSession() {
70 global $CFG;
71
72 if (isset($CFG->session_timeout)) {
73 $this->timeout = $CFG->session_timeout * 60;
74 } else {
75 $this->timeout = 20 * 60;
76 }
77
78 if (ini_get('session.gc_maxlifetime') != $this->timeout)
79 ini_set('session.gc_maxlifetime', $this->timeout);
80 if (ini_get('session.cookie_lifetime') != $this->timeout)
81 ini_set('session.cookie_lifetime', $this->timeout);
82
83 session_start();
84 }
85
86 private function checkSession() {
87 global $CFG;
88
89 if ('' == session_id()) {
90 $this->startSession();
91 }
92
93 $time = $_SERVER['REQUEST_TIME'];
94 if (isset($_SESSION['LAST_ACTIVITY']) &&
95 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
96 echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
97 $this->logout();
98 } else {
99 $_SESSION['LAST_ACTIVITY'] = $time;
100 }
101 }
102
103 public function logout() {
104 if (ini_get('session.use_cookies')) {
105 $params = session_get_cookie_params();
106 setcookie(session_name(), '', time() - 42000,
107 $params['path'], $params['domain'],
108 $params['secure'], $params['httponly']);
109 }
110
111 if ('' != session_id()) {
112 $_SESSION = array();
113 session_unset();
114 session_destroy();
115 }
116 $this->settings = array();
117 }
118
119 public function isAdmin() {
120 $admin = false;
121
122 if (isset($this->settings['admin'])) {
123 $admin = $this->settings['admin'];
124 }
125
126 return $admin;
127 }
128
129 public function login($user, $pw) {
130 global $CFG;
131 $result = false;
132
133 if ('' == session_id()) {
134 $this->startSession();
135 }
136
137 $this->settings['user'] = null;
138 $this->settings['admin'] = false;
139
140 $p = explode('@', $user);
141 if (count($p) != 2) {
142 $this->settings['loginStatus'] = 'Bad username';
143 } else {
144 $domain = $p[1];
145 $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
146 $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
147 $ds = @ldap_connect($CFG->ldap_dsn);
148 if ($ds) {
149 @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
150 $r = @ldap_bind($ds, $dn, $pw);
151 if ($r) {
152 $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
153 $info = @ldap_get_entries($ds, $sr); // array
154 if ($info['count'] > 0) {
155 $this->settings['user'] = $user;
156 $result = true;
157 $this->settings['loginStatus'] = 'OK';
158 $admin = 'NO';
159 if (isset($info[0]['domainglobaladmin'])) {
160 $admin = $info[0]['domainglobaladmin'][0];
161 $admin = strtoupper($admin);
162 }
163 $this->settings['admin'] = ($admin == 'YES') ? true : false;
164 } else {
165 $this->settings['loginStatus'] = 'Login failed';
166 }
167 } else {
168 $this->settings['loginStatus'] = ldap_error($ds);
169 }
170 @ldap_close($ds);
171 } else {
172 $this->settings['loginStatus'] = 'Connect to LDAP server failed';
173 }
174 }
175
176 $_SESSION['settings'] = $this->settings;
177
178 return $result;
179 }
180
181 public function getLoginStatus() {
182 $status = 'Not logged in';
183
184 if (isset($this->settings['loginStatus'])) {
185 $status = $this->settings['loginStatus'];
186 }
187
188 return $status;
189 }
190
191 public function isLoggedIn() {
192 global $CFG;
193 $loggedIn = false;
194
195 if ('' == session_id()) {
196 $this->startSession();
197 }
198
199 $this->checkSession();
200
201 if (isset($this->settings['user'])) {
202 if ($this->settings['user'] != null) {
203 $loggedIn = true;
204 } else {
205 if ($CFG->auth_method == 'HTTP_AUTH') {
206 if (isset($this->server['PHP_AUTH_USER'])) {
207 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
208 $loggedIn = true;
209 }
210 }
211 }
212 }
213
214 if ($loggedIn == false) {
215 echo '$this->settings: '.var_export($this->settings, true);
216 echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
217 //exit;
218 }
219
220 $_SESSION['settings'] = $this->settings;
221
222 return $loggedIn;
223 }
224
225 public function getUser() {
226 $user = null;
227
228 if ($this->isLoggedIn()) {
229 $user = $this->settings['user'];
230 }
231
232 return $user;
233 }
234
235 public function getHeader() {
236 return $this->header;
237 }
238
239 public function getFooter() {
240 return $this->footer;
241 }
242
243 public function getHeading() {
244 return $this->heading;
245 }
246
247 public function setHeading($heading) {
248 global $CFG;
249
250 $timeout = $CFG->session_timeout * 60 * 1000;
251 $this->heading = str_replace('__TITLE__', $heading, $this->heading);
252 $this->header = str_replace('__TITLE__', $heading, $this->header);
253 $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
254 $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
255 }
256
257 public function convertContent($code) {
258 $table = array(
259 'V' => 'Virus',
260 'B' => 'Banned',
261 'U' => 'Unchecked',
262 'S' => 'Spam',
263 'Y' => 'Spammy',
264 'M' => 'Bad Mime',
265 'H' => 'Bad Header',
266 'O' => 'Over sized',
267 'T' => 'MTA err',
268 'C' => 'Clean'
269 );
270
271 $string = $table[$code];
272 if (empty($string))
273 $string = 'Unknown';
274
275 return $string;
276 }
277
278 }
An Amavisd qurantine administration interface
This page took 0.090603 seconds and 6 git commands to generate.