root .'config.php'; require_once $CFG->root . 'lib/session_handler.inc.php'; class Utils { private $timeout = false; private $settings; private $log_level; private $log_method; private $header = ' __TITLE__
'; private $footer = '
'; private $heading = '

Session timeout:

__TITLE__

'; public function __construct() { global $CFG; if (isset($CFG->log_level)) { $this->log_level = $CFG->log_level; } else { $this->log_level = 1; } if (isset($CFG->log_method)) { $this->log_method = $CFG->log_method; } else { $this->log_level = 'syslog'; } $this->log("Init Utils", 4); $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); $this->startSession(); $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); if (! isset($_SESSION['settings'])) { $this->initSettings(); } $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); $this->settings = $_SESSION['settings']; $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); if ($CFG->auth_method == 'HTTP_AUTH') { if (isset($_SERVER['PHP_AUTH_USER'])) { $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; $this->settings['loginStatus'] = 'OK'; if ($CFG->admin_user == $this->settings['user']) $this->settings['admin'] = true; } } } private function log($message, $level = 1) { global $CFG; if ($level > $this->log_level) return; $time = date('c'); $priority = LOG_INFO; switch ($level) { case 1: $priority = LOG_ERR; break; case 2: $priority = LOG_WARNING; break; case 3: $priority = LOG_INFO; break; case 4: $priority = LOG_DEBUG; break; } switch ($this->log_method) { case 'file': if (isset($CFG->log_file)) { if ($CFG->log_file[0] == '/') { $file = $CFG->log_file; } else { $file = $CFG->root.$CFG->log_file; } } else { $file = $CFG->root.'qtadmin.log'; } file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); chmod($file, 0600); break; case 'stderr': file_put_contents('php://stderr', "[$time]: $message\n"); break; case 'syslog': syslog($priority, $message); break; } } private function initSettings() { $this->log("InitSettings", 4); if ('' == session_id()) { $this->startSession(); } if (false !== $this->timeout) { $timeout = $this->timeout; } else { $timeout = 0; } $this->settings = array( 'user' => null, 'admin' => false, 'loginStatus' => 'Not logged in', 'timeout' => $timeout ); $_SESSION['settings'] = $this->settings; } private function startSession() { global $CFG; $this->log("startSession", 4); if (isset($CFG->session_timeout)) { $this->timeout = $CFG->session_timeout * 60; } else { $this->timeout = 20 * 60; } if (ini_get('session.gc_maxlifetime') != $this->timeout) ini_set('session.gc_maxlifetime', $this->timeout); //if (ini_get('session.cookie_lifetime') != $this->timeout) // ini_set('session.cookie_lifetime', $this->timeout); ini_set('session.cookie_lifetime', 0); session_start(); } private function checkSession() { global $CFG; $this->log("checkSession", 4); if ('' == session_id()) { $this->startSession(); } $time = $_SERVER['REQUEST_TIME']; if (isset($_SESSION['LAST_ACTIVITY']) && ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); $this->logout(); } else { $_SESSION['LAST_ACTIVITY'] = $time; } } private function getCSRFPreventionToken($ticket) { return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); } private function getRestTicket($username, $password) { global $CFG; $result = false; $url = $CFG->wblistadm_url . '/ticket'; $data = "username=$username&password=$password"; $response = $this->RESTCall($url, $data, $cookiesIn = ''); if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { $data = json_decode($response['content']); $_SESSION['ticket'] = $data->data; $_SESSION['cookies'] = $response['cookies']; $result = true; } return $result; } public function makeRestCall($method, $data = null) { global $CFG; $result; $url = $CFG->wblistadm_url . "$method"; $token = $this->getCSRFPreventionToken($_SESSION['ticket']); $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { if ($data) { // HTTP POST $result = true; } else { // HTTP GET $data = json_decode($response['content']); if (is_object($data)) { $result = $data->data; } else { $result = array('No result'); } } } else { $result = ($data) ? false : array(); } return $result; } private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { $options = array( CURLOPT_RETURNTRANSFER => true, // return web page CURLOPT_HEADER => true, //return headers in addition to content CURLOPT_FOLLOWLOCATION => true, // follow redirects CURLOPT_ENCODING => "", // handle all encodings CURLOPT_AUTOREFERER => true, // set referer on redirect CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect CURLOPT_TIMEOUT => 120, // timeout on response CURLOPT_MAXREDIRS => 10, // stop after 10 redirects CURLINFO_HEADER_OUT => true, CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_COOKIE => $cookiesIn ); if ($data) { $options[CURLOPT_POST] = 1; $options[CURLOPT_POSTFIELDS] = $data; } if ($headers) { $options[CURLOPT_HTTPHEADER] = $headers; } $ch = curl_init($url); curl_setopt_array($ch, $options); $rough_content = curl_exec($ch); $err = curl_errno($ch); $errmsg = curl_error($ch); $header = curl_getinfo($ch); curl_close($ch); $header_content = substr($rough_content, 0, $header['header_size']); $body_content = trim(str_replace($header_content, '', $rough_content)); $pattern = "#Set-Cookie:\\s+(?[^=]+=[^;]+)#m"; preg_match_all($pattern, $header_content, $matches); $cookiesOut = implode("; ", $matches['cookie']); $header['errno'] = $err; $header['errmsg'] = $errmsg; $header['headers'] = $header_content; $header['content'] = $body_content; $header['cookies'] = $cookiesOut; return $header; } public function logout() { $this->log("logout", 4); if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); } if ('' != session_id()) { $_SESSION = array(); session_unset(); session_destroy(); } $this->settings = array(); } public function isAdmin() { $admin = false; $this->log("isAdmin", 4); if (isset($this->settings['admin'])) { $admin = $this->settings['admin']; } return $admin; } public function login($user, $pw) { global $CFG; $result = false; $this->log("login", 4); if ('' == session_id()) { $this->startSession(); } $this->settings['user'] = null; $this->settings['admin'] = false; $p = explode('@', $user); if (count($p) != 2) { $this->settings['loginStatus'] = 'Bad username'; } else { $domain = $p[1]; $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; $this->log('dn: '.var_export($dn, true), 4); $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; $this->log('filter: '.var_export($filter, true), 4); $ds = @ldap_connect($CFG->ldap_dsn); if ($ds) { @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); $r = @ldap_bind($ds, $dn, $pw); if ($r) { $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); $this->log('sr: '.var_export($sr, true), 4); $info = @ldap_get_entries($ds, $sr); // array $this->log('info: '.var_export($info, true), 4); if ($info['count'] > 0) { // Log in to wblistadm server and get CSRFPreventionToken if ($this->getRestTicket($user, $pw)) { $this->settings['user'] = $user; $result = true; $this->settings['loginStatus'] = 'OK'; $admin = 'NO'; if (isset($info[0]['domainglobaladmin'])) { $admin = $info[0]['domainglobaladmin'][0]; $admin = strtoupper($admin); } $this->settings['admin'] = ($admin == 'YES') ? true : false; } else { $this->settings['loginStatus'] = 'Login to wblistadm REST server failed'; } } else { $this->settings['loginStatus'] = 'Login failed'; } } else { $this->settings['loginStatus'] = ldap_error($ds); } @ldap_close($ds); } else { $this->settings['loginStatus'] = 'Connect to LDAP server failed'; } } $_SESSION['settings'] = $this->settings; return $result; } public function getLoginStatus() { $status = 'Not logged in'; $this->log("getLoginStatus", 4); if (isset($this->settings['loginStatus'])) { $status = $this->settings['loginStatus']; } return $status; } public function isLoggedIn() { global $CFG; $loggedIn = false; $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); if ('' == session_id()) { $this->startSession(); } $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); $this->checkSession(); $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); if (isset($this->settings['user'])) { if ($this->settings['user'] != null) { $loggedIn = true; } else { if ($CFG->auth_method == 'HTTP_AUTH') { if (isset($_SERVER['PHP_AUTH_USER'])) { $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; $loggedIn = true; } } } } if ($loggedIn == false) { $this->log('$this->settings: '.var_export($this->settings, true), 3); $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); } $_SESSION['settings'] = $this->settings; return $loggedIn; } public function getUser() { $user = null; $this->log("getUser", 4); if ($this->isLoggedIn()) { $user = $this->settings['user']; } return $user; } public function authorized($recipient) { $authorized = false; $this->log("authorized '$recipient'", 3); if ($this->isAdmin() || $this->getUser() == $recipient) { $authorized = true; } $msg = ($authorized) ? 'authorize' : 'not authorize'; $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); return $authorized; } public function getHeader() { $this->log("getHeader", 4); return $this->header; } public function getFooter() { $this->log("getFooter", 4); return $this->footer; } public function getHeading() { $this->log("getHeading", 4); return $this->heading; } public function setHeading($heading) { global $CFG; $this->log("setHeading", 4); $timeout = $CFG->session_timeout * 60 * 1000; $this->heading = str_replace('__TITLE__', $heading, $this->heading); $this->header = str_replace('__TITLE__', $heading, $this->header); $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header); $this->header = str_replace('__TIMEOUT__', $timeout, $this->header); } public function convertContent($code) { $this->log("convertContent", 4); $table = array( 'V' => 'Virus', 'B' => 'Banned', 'U' => 'Unchecked', 'S' => 'Spam', 'Y' => 'Spammy', 'M' => 'Bad Mime', 'H' => 'Bad Header', 'O' => 'Over sized', 'T' => 'MTA err', 'C' => 'Clean' ); $string = $table[$code]; if (empty($string)) $string = 'Unknown'; return $string; } }