]> git.datanom.net - qtadmin.git/blob - lib/utils.inc.php
projects / qtadmin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add check for valid session
[qtadmin.git] / lib / utils.inc.php
1 <?php
2 /* vim: set ts=4 tw=0 sw=4 noet: */
3 require_once $CFG->root .'config.php';
4
5 class Utils {
6
7 private $settings;
8 private $header = '<!DOCTYPE html>
9 <html>
10 <head>
11 <meta charset="utf-8">
12 <link rel="stylesheet" href="css/styles.css">
13 <script>
14 var timeout = __TIMEOUT__;
15 </script>
16 <script src="__ROOT__js/timer.js"></script>
17 <script src="__ROOT__js/checkbox.js"></script>
18 <title>__TITLE__</title>
19 </head>
20 <body>';
21 private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
22 title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
23 private $heading = '<p id="time" class="time">Session timeout:
24 <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
25
26 public function __construct() {
27 global $CFG;
28
29 $this->startSession();
30
31 if (! isset($_SESSION['settings'])) {
32 $this->initSettings();
33 }
34 $this->settings = $_SESSION['settings'];
35
36 if ($CFG->auth_method == 'HTTP_AUTH') {
37 if (isset($this->server['PHP_AUTH_USER'])) {
38 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
39 $this->settings['loginStatus'] = 'OK';
40 if ($CFG->admin_user == $this->settings['user'])
41 $this->settings['admin'] = true;
42 }
43 }
44 }
45
46 private function initSettings() {
47 if ('' == session_id()) {
48 $this->startSession();
49 }
50
51 $this->settings = array(
52 'server' => $_SERVER,
53 'user' => null,
54 'admin' => false,
55 'loginStatus' => 'Not logged in',
56 'timeout' => 0
57 );
58
59 $_SESSION['settings'] = $this->settings;
60 }
61
62 private function startSession() {
63 global $CFG;
64
65 if (isset($CFG->session_timeout)) {
66 $this->settings['timeout'] = $CFG->session_timeout * 60;
67 } else {
68 $this->settings['timeout'] = 20 * 60;
69 }
70
71 if (ini_get('session.gc_maxlifetime') != $this->settings['timeout'])
72 ini_set('session.gc_maxlifetime', $this->settings['timeout']);
73 if (ini_get('session.cookie_lifetime') != $this->settings['timeout'])
74 ini_set('session.cookie_lifetime', $this->settings['timeout']);
75
76 $_SESSION['settings'] = $this->settings;
77
78 session_start();
79 }
80
81 private function checkSession() {
82 global $CFG;
83
84 if ('' == session_id()) {
85 $this->startSession();
86 }
87
88 $time = $_SERVER['REQUEST_TIME'];
89 if (isset($_SESSION['LAST_ACTIVITY']) &&
90 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
91 echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
92 $this->logout();
93 } else {
94 $_SESSION['LAST_ACTIVITY'] = $time;
95 }
96 }
97
98 public function logout() {
99 if (ini_get('session.use_cookies')) {
100 $params = session_get_cookie_params();
101 setcookie(session_name(), '', time() - 42000,
102 $params['path'], $params['domain'],
103 $params['secure'], $params['httponly']);
104 }
105
106 if ('' != session_id()) {
107 $_SESSION = array();
108 session_unset();
109 session_destroy();
110 }
111 $this->settings = array();
112 }
113
114 public function isAdmin() {
115 $admin = false;
116
117 if (isset($this->settings['admin'])) {
118 $admin = $this->settings['admin'];
119 }
120
121 return $admin;
122 }
123
124 public function login($user, $pw) {
125 global $CFG;
126 $result = false;
127
128 if ('' == session_id()) {
129 $this->startSession();
130 }
131
132 $this->settings['user'] = null;
133 $this->settings['admin'] = false;
134
135 $p = explode('@', $user);
136 if (count($p) != 2) {
137 $this->settings['loginStatus'] = 'Bad username';
138 } else {
139 $domain = $p[1];
140 $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
141 $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
142 $ds = @ldap_connect($CFG->ldap_dsn);
143 if ($ds) {
144 @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
145 $r = @ldap_bind($ds, $dn, $pw);
146 if ($r) {
147 $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
148 $info = @ldap_get_entries($ds, $sr); // array
149 if ($info['count'] > 0) {
150 $this->settings['user'] = $user;
151 $result = true;
152 $this->settings['loginStatus'] = 'OK';
153 $admin = 'NO';
154 if (isset($info[0]['domainglobaladmin'])) {
155 $admin = $info[0]['domainglobaladmin'][0];
156 $admin = strtoupper($admin);
157 }
158 $this->settings['admin'] = ($admin == 'YES') ? true : false;
159 } else {
160 $this->settings['loginStatus'] = 'Login failed';
161 }
162 } else {
163 $this->settings['loginStatus'] = ldap_error($ds);
164 }
165 @ldap_close($ds);
166 } else {
167 $this->settings['loginStatus'] = 'Connect to LDAP server failed';
168 }
169 }
170
171 $_SESSION['settings'] = $this->settings;
172
173 return $result;
174 }
175
176 public function getLoginStatus() {
177 $status = 'Not logged in';
178
179 if (isset($this->settings['loginStatus'])) {
180 $status = $this->settings['loginStatus'];
181 }
182
183 return $status;
184 }
185
186 public function isLoggedIn() {
187 global $CFG;
188 $loggedIn = false;
189
190 if ('' == session_id()) {
191 $this->startSession();
192 }
193
194 $this->checkSession();
195
196 if (isset($this->settings['user'])) {
197 if ($this->settings['user'] != null) {
198 $loggedIn = true;
199 } else {
200 if ($CFG->auth_method == 'HTTP_AUTH') {
201 if (isset($this->server['PHP_AUTH_USER'])) {
202 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
203 $loggedIn = true;
204 }
205 }
206 }
207 }
208
209 if ($loggedIn == false) {
210 echo '$this->settings: '.var_export($this->settings, true);
211 echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
212 //exit;
213 }
214
215 $_SESSION['settings'] = $this->settings;
216
217 return $loggedIn;
218 }
219
220 public function getUser() {
221 $user = null;
222
223 if ($this->isLoggedIn()) {
224 $user = $this->settings['user'];
225 }
226
227 return $user;
228 }
229
230 public function getHeader() {
231 return $this->header;
232 }
233
234 public function getFooter() {
235 return $this->footer;
236 }
237
238 public function getHeading() {
239 return $this->heading;
240 }
241
242 public function setHeading($heading) {
243 global $CFG;
244
245 $timeout = $CFG->session_timeout * 60 * 1000;
246 $this->heading = str_replace('__TITLE__', $heading, $this->heading);
247 $this->header = str_replace('__TITLE__', $heading, $this->header);
248 $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
249 $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
250 }
251
252 public function convertContent($code) {
253 $table = array(
254 'V' => 'Virus',
255 'B' => 'Banned',
256 'U' => 'Unchecked',
257 'S' => 'Spam',
258 'Y' => 'Spammy',
259 'M' => 'Bad Mime',
260 'H' => 'Bad Header',
261 'O' => 'Over sized',
262 'T' => 'MTA err',
263 'C' => 'Clean'
264 );
265
266 $string = $table[$code];
267 if (empty($string))
268 $string = 'Unknown';
269
270 return $string;
271 }
272
273 }
An Amavisd qurantine administration interface
This page took 0.087393 seconds and 6 git commands to generate.