]> git.datanom.net - qtadmin.git/blob - lib/utils.inc.php
projects / qtadmin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add check for valid session
[qtadmin.git] / lib / utils.inc.php
1 <?php
2 /* vim: set ts=4 tw=0 sw=4 noet: */
3 require_once $CFG->root .'config.php';
4
5 class Utils {
6
7 private $timeout = false;
8 private $settings;
9 private $log_level;
10 private $log_method;
11 private $header = '<!DOCTYPE html>
12 <html>
13 <head>
14 <meta charset="utf-8">
15 <link rel="stylesheet" href="css/styles.css">
16 <script>
17 var timeout = __TIMEOUT__;
18 </script>
19 <script src="__ROOT__js/timer.js"></script>
20 <script src="__ROOT__js/checkbox.js"></script>
21 <title>__TITLE__</title>
22 </head>
23 <body>';
24 private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
25 title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
26 private $heading = '<p id="time" class="time">Session timeout:
27 <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
28
29 public function __construct() {
30 global $CFG;
31
32 if (isset($CFG->log_level)) {
33 $this->log_level = $CFG->log_level;
34 } else {
35 $this->log_level = 1;
36 }
37
38 if (isset($CFG->log_method)) {
39 $this->log_method = $CFG->log_method;
40 } else {
41 $this->log_level = 'syslog';
42 }
43
44 $this->log("Init Utils", 4);
45
46 $this->startSession();
47
48 if (! isset($_SESSION['settings'])) {
49 $this->initSettings();
50 }
51 $this->settings = $_SESSION['settings'];
52
53 if ($CFG->auth_method == 'HTTP_AUTH') {
54 if (isset($this->server['PHP_AUTH_USER'])) {
55 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
56 $this->settings['loginStatus'] = 'OK';
57 if ($CFG->admin_user == $this->settings['user'])
58 $this->settings['admin'] = true;
59 }
60 }
61 }
62
63 private function log($message, $level = 1) {
64 global $CFG;
65
66 if ($level > $this->log_level)
67 return;
68
69 $time = date('c');
70
71 $priority = LOG_INFO;
72 switch ($level) {
73 case 1: $priority = LOG_ERR; break;
74 case 2: $priority = LOG_WARNING; break;
75 case 3: $priority = LOG_INFO; break;
76 case 4: $priority = LOG_DEBUG; break;
77 }
78
79 switch ($this->log_method) {
80 case 'file':
81 case 'stderr':
82 case 'syslog':
83 syslog($priority, $message);
84 break;
85 }
86 }
87
88 private function initSettings() {
89 $this->log("InitSettings", 4);
90
91 if ('' == session_id()) {
92 $this->startSession();
93 }
94
95 if (false !== $this->timeout) {
96 $timeout = $this->timeout;
97 } else {
98 $timeout = 0;
99 }
100
101 $this->settings = array(
102 'server' => $_SERVER,
103 'user' => null,
104 'admin' => false,
105 'loginStatus' => 'Not logged in',
106 'timeout' => $timeout
107 );
108
109 $_SESSION['settings'] = $this->settings;
110 }
111
112 private function startSession() {
113 global $CFG;
114
115 $this->log("startSession", 4);
116
117 if (isset($CFG->session_timeout)) {
118 $this->timeout = $CFG->session_timeout * 60;
119 } else {
120 $this->timeout = 20 * 60;
121 }
122
123 if (ini_get('session.gc_maxlifetime') != $this->timeout)
124 ini_set('session.gc_maxlifetime', $this->timeout);
125 if (ini_get('session.cookie_lifetime') != $this->timeout)
126 ini_set('session.cookie_lifetime', $this->timeout);
127
128 session_start();
129 }
130
131 private function checkSession() {
132 global $CFG;
133
134 $this->log("checkSession", 4);
135
136 if ('' == session_id()) {
137 $this->startSession();
138 }
139
140 $time = $_SERVER['REQUEST_TIME'];
141 if (isset($_SESSION['LAST_ACTIVITY']) &&
142 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
143 echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
144 $this->logout();
145 } else {
146 $_SESSION['LAST_ACTIVITY'] = $time;
147 }
148 }
149
150 public function logout() {
151 $this->log("logout", 4);
152
153 if (ini_get('session.use_cookies')) {
154 $params = session_get_cookie_params();
155 setcookie(session_name(), '', time() - 42000,
156 $params['path'], $params['domain'],
157 $params['secure'], $params['httponly']);
158 }
159
160 if ('' != session_id()) {
161 $_SESSION = array();
162 session_unset();
163 session_destroy();
164 }
165 $this->settings = array();
166 }
167
168 public function isAdmin() {
169 $admin = false;
170
171 $this->log("isAdmin", 4);
172
173 if (isset($this->settings['admin'])) {
174 $admin = $this->settings['admin'];
175 }
176
177 return $admin;
178 }
179
180 public function login($user, $pw) {
181 global $CFG;
182 $result = false;
183
184 $this->log("login", 4);
185
186 if ('' == session_id()) {
187 $this->startSession();
188 }
189
190 $this->settings['user'] = null;
191 $this->settings['admin'] = false;
192
193 $p = explode('@', $user);
194 if (count($p) != 2) {
195 $this->settings['loginStatus'] = 'Bad username';
196 } else {
197 $domain = $p[1];
198 $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
199 $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
200 $ds = @ldap_connect($CFG->ldap_dsn);
201 if ($ds) {
202 @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
203 $r = @ldap_bind($ds, $dn, $pw);
204 if ($r) {
205 $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
206 $info = @ldap_get_entries($ds, $sr); // array
207 if ($info['count'] > 0) {
208 $this->settings['user'] = $user;
209 $result = true;
210 $this->settings['loginStatus'] = 'OK';
211 $admin = 'NO';
212 if (isset($info[0]['domainglobaladmin'])) {
213 $admin = $info[0]['domainglobaladmin'][0];
214 $admin = strtoupper($admin);
215 }
216 $this->settings['admin'] = ($admin == 'YES') ? true : false;
217 } else {
218 $this->settings['loginStatus'] = 'Login failed';
219 }
220 } else {
221 $this->settings['loginStatus'] = ldap_error($ds);
222 }
223 @ldap_close($ds);
224 } else {
225 $this->settings['loginStatus'] = 'Connect to LDAP server failed';
226 }
227 }
228
229 $_SESSION['settings'] = $this->settings;
230
231 return $result;
232 }
233
234 public function getLoginStatus() {
235 $status = 'Not logged in';
236
237 $this->log("getLoginStatus", 4);
238
239 if (isset($this->settings['loginStatus'])) {
240 $status = $this->settings['loginStatus'];
241 }
242
243 return $status;
244 }
245
246 public function isLoggedIn() {
247 global $CFG;
248 $loggedIn = false;
249
250 $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3);
251
252 if ('' == session_id()) {
253 $this->startSession();
254 }
255
256 $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3);
257 $this->checkSession();
258 $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3);
259
260 if (isset($this->settings['user'])) {
261 if ($this->settings['user'] != null) {
262 $loggedIn = true;
263 } else {
264 if ($CFG->auth_method == 'HTTP_AUTH') {
265 if (isset($this->server['PHP_AUTH_USER'])) {
266 $this->settings['user'] = $this->server['PHP_AUTH_USER'];
267 $loggedIn = true;
268 }
269 }
270 }
271 }
272
273 if ($loggedIn == false) {
274 echo '$this->settings: '.var_export($this->settings, true);
275 echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
276 //exit;
277 }
278
279 $_SESSION['settings'] = $this->settings;
280
281 return $loggedIn;
282 }
283
284 public function getUser() {
285 $user = null;
286
287 $this->log("getUser", 4);
288
289 if ($this->isLoggedIn()) {
290 $user = $this->settings['user'];
291 }
292
293 return $user;
294 }
295
296 public function getHeader() {
297 $this->log("getHeader", 4);
298
299 return $this->header;
300 }
301
302 public function getFooter() {
303 $this->log("getFooter", 4);
304
305 return $this->footer;
306 }
307
308 public function getHeading() {
309 $this->log("getHeading", 4);
310
311 return $this->heading;
312 }
313
314 public function setHeading($heading) {
315 global $CFG;
316
317 $this->log("setHeading", 4);
318
319 $timeout = $CFG->session_timeout * 60 * 1000;
320 $this->heading = str_replace('__TITLE__', $heading, $this->heading);
321 $this->header = str_replace('__TITLE__', $heading, $this->header);
322 $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
323 $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
324 }
325
326 public function convertContent($code) {
327 $this->log("convertContent", 4);
328
329 $table = array(
330 'V' => 'Virus',
331 'B' => 'Banned',
332 'U' => 'Unchecked',
333 'S' => 'Spam',
334 'Y' => 'Spammy',
335 'M' => 'Bad Mime',
336 'H' => 'Bad Header',
337 'O' => 'Over sized',
338 'T' => 'MTA err',
339 'C' => 'Clean'
340 );
341
342 $string = $table[$code];
343 if (empty($string))
344 $string = 'Unknown';
345
346 return $string;
347 }
348
349 }
An Amavisd qurantine administration interface
This page took 0.093927 seconds and 6 git commands to generate.