]> git.datanom.net - qtadmin.git/blobdiff - lib/utils.inc.php
Enhance security
[qtadmin.git] / lib / utils.inc.php
index dcdd8518eb4d7b458876edf51d49eb23f80fb6ea..197b26f8632aa52fa4c44c3f51696282c6baefa8 100644 (file)
@@ -1,6 +1,7 @@
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
 require_once $CFG->root .'config.php';
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
 require_once $CFG->root .'config.php';
+require_once $CFG->root . 'lib/session_handler.inc.php';
 
 class Utils {
 
 
 class Utils {
 
@@ -18,11 +19,13 @@ class Utils {
     </script>
     <script src="__ROOT__js/timer.js"></script>
     <script src="__ROOT__js/checkbox.js"></script>
     </script>
     <script src="__ROOT__js/timer.js"></script>
     <script src="__ROOT__js/checkbox.js"></script>
+    <script src="__ROOT__js/forms.js"></script>
     <title>__TITLE__</title>
 </head>
     <title>__TITLE__</title>
 </head>
-<body>';
-    private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
-            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
+<body><div id="container">';
+    private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
+            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p>
+    </div></body></html>';
     private $heading = '<p id="time" class="time">Session timeout:
             <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
 
     private $heading = '<p id="time" class="time">Session timeout:
             <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
 
@@ -82,7 +85,21 @@ class Utils {
 
         switch ($this->log_method) {
             case 'file':
 
         switch ($this->log_method) {
             case 'file':
+                if (isset($CFG->log_file)) {
+                    if ($CFG->log_file[0] == '/') {
+                        $file = $CFG->log_file;
+                    } else {
+                        $file = $CFG->root.$CFG->log_file;
+                    }
+                } else {
+                    $file = $CFG->root.'qtadmin.log';
+                }
+                file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX);
+                chmod($file, 0600);
+                break;
             case 'stderr':
             case 'stderr':
+                file_put_contents('php://stderr', "[$time]: $message\n");
+                break;
             case 'syslog':
                 syslog($priority, $message);
                 break;
             case 'syslog':
                 syslog($priority, $message);
                 break;
@@ -125,8 +142,9 @@ class Utils {
 
         if (ini_get('session.gc_maxlifetime') != $this->timeout)
             ini_set('session.gc_maxlifetime', $this->timeout);
 
         if (ini_get('session.gc_maxlifetime') != $this->timeout)
             ini_set('session.gc_maxlifetime', $this->timeout);
-        if (ini_get('session.cookie_lifetime') != $this->timeout)
-            ini_set('session.cookie_lifetime', $this->timeout);
+        //if (ini_get('session.cookie_lifetime') != $this->timeout)
+        //    ini_set('session.cookie_lifetime', $this->timeout);
+        ini_set('session.cookie_lifetime', 0);
 
         session_start();
     }
 
         session_start();
     }
@@ -275,9 +293,8 @@ class Utils {
         }
 
         if ($loggedIn == false) {
         }
 
         if ($loggedIn == false) {
-            echo '$this->settings: '.var_export($this->settings, true);
-            echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
-            //exit;
+            $this->log('$this->settings: '.var_export($this->settings, true), 3);
+            $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
         }
 
         $_SESSION['settings'] = $this->settings;
         }
 
         $_SESSION['settings'] = $this->settings;
@@ -297,6 +314,19 @@ class Utils {
         return $user;
     }
 
         return $user;
     }
 
+    public function authorized($recipient) {
+        $authorized = false;
+
+        $this->log("authorized '$recipient'", 3);
+
+        if ($this->isAdmin() || $this->getUser() == $recipient) {
+            $authorized = true;
+        }
+        $this->log("authorize '".$this->getUser()."' rcpt '$recipient'", 3);
+
+        return $authorized;
+    }
+
     public function getHeader() {
         $this->log("getHeader", 4);
 
     public function getHeader() {
         $this->log("getHeader", 4);
 
This page took 0.068446 seconds and 5 git commands to generate.