<?php
/* vim: set ts=4 tw=0 sw=4 noet: */
require_once $CFG->root .'config.php';
+require_once $CFG->root . 'lib/session_handler.inc.php';
class Utils {
+ private $timeout = false;
private $settings;
+ private $log_level;
+ private $log_method;
private $header = '<!DOCTYPE html>
<html>
<head>
</script>
<script src="__ROOT__js/timer.js"></script>
<script src="__ROOT__js/checkbox.js"></script>
+ <script src="__ROOT__js/forms.js"></script>
<title>__TITLE__</title>
</head>
-<body>';
- private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
- title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p></body></html>';
+<body>
+<nav>
+ <ul>
+ <li><a href="index.php">Home</a></li>
+ <li>
+ <a href="index.php">Sections <span class="caret"></span></a>
+ <div>
+ <ul>
+ <li><a href="qtadmin.php">Quarantine admin</a></li>
+ <li><a href="wblist.php">WB list admin</a></li>
+ </ul>
+ </div>
+ </li>
+ <li><a href="about.html">About</a></li>
+ <li><a href="help.html">Help</a></li>
+ </ul>
+</nav>
+ <div id="container">';
+ private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
+ title="Goto QtAdmin homepage">QtAdmin</a>. © 2015 by Michael Rasmussen</p>
+ </div></body></html>';
private $heading = '<p id="time" class="time">Session timeout:
<span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
public function __construct() {
global $CFG;
+ if (isset($CFG->log_level)) {
+ $this->log_level = $CFG->log_level;
+ } else {
+ $this->log_level = 1;
+ }
+
+ if (isset($CFG->log_method)) {
+ $this->log_method = $CFG->log_method;
+ } else {
+ $this->log_level = 'syslog';
+ }
+
+ $this->log("Init Utils", 4);
+
+ $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3);
$this->startSession();
+ $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3);
if (! isset($_SESSION['settings'])) {
$this->initSettings();
}
+ $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3);
$this->settings = $_SESSION['settings'];
+ $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3);
if ($CFG->auth_method == 'HTTP_AUTH') {
- if (isset($this->server['PHP_AUTH_USER'])) {
- $this->settings['user'] = $this->server['PHP_AUTH_USER'];
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
$this->settings['loginStatus'] = 'OK';
if ($CFG->admin_user == $this->settings['user'])
$this->settings['admin'] = true;
}
}
+ private function log($message, $level = 1) {
+ global $CFG;
+
+ if ($level > $this->log_level)
+ return;
+
+ $time = date('c');
+
+ $priority = LOG_INFO;
+ switch ($level) {
+ case 1: $priority = LOG_ERR; break;
+ case 2: $priority = LOG_WARNING; break;
+ case 3: $priority = LOG_INFO; break;
+ case 4: $priority = LOG_DEBUG; break;
+ }
+
+ switch ($this->log_method) {
+ case 'file':
+ if (isset($CFG->log_file)) {
+ if ($CFG->log_file[0] == '/') {
+ $file = $CFG->log_file;
+ } else {
+ $file = $CFG->root.$CFG->log_file;
+ }
+ } else {
+ $file = $CFG->root.'qtadmin.log';
+ }
+ file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX);
+ chmod($file, 0600);
+ break;
+ case 'stderr':
+ file_put_contents('php://stderr', "[$time]: $message\n");
+ break;
+ case 'syslog':
+ syslog($priority, $message);
+ break;
+ }
+ }
+
private function initSettings() {
+ $this->log("InitSettings", 4);
+
if ('' == session_id()) {
$this->startSession();
}
+ if (false !== $this->timeout) {
+ $timeout = $this->timeout;
+ } else {
+ $timeout = 0;
+ }
+
$this->settings = array(
- 'server' => $_SERVER,
'user' => null,
'admin' => false,
'loginStatus' => 'Not logged in',
- 'timeout' => 0
+ 'timeout' => $timeout
);
$_SESSION['settings'] = $this->settings;
private function startSession() {
global $CFG;
+ $this->log("startSession", 4);
+
if (isset($CFG->session_timeout)) {
- $this->settings['timeout'] = $CFG->session_timeout * 60;
+ $this->timeout = $CFG->session_timeout * 60;
} else {
- $this->settings['timeout'] = 20 * 60;
+ $this->timeout = 20 * 60;
}
- if (ini_get('session.gc_maxlifetime') != $this->settings['timeout'])
- ini_set('session.gc_maxlifetime', $this->settings['timeout']);
- if (ini_get('session.cookie_lifetime') != $this->settings['timeout'])
- ini_set('session.cookie_lifetime', $this->settings['timeout']);
-
- $_SESSION['settings'] = $this->settings;
+ if (ini_get('session.gc_maxlifetime') != $this->timeout)
+ ini_set('session.gc_maxlifetime', $this->timeout);
+ //if (ini_get('session.cookie_lifetime') != $this->timeout)
+ // ini_set('session.cookie_lifetime', $this->timeout);
+ ini_set('session.cookie_lifetime', 0);
session_start();
}
private function checkSession() {
global $CFG;
+ $this->log("checkSession", 4);
+
if ('' == session_id()) {
$this->startSession();
}
$time = $_SERVER['REQUEST_TIME'];
if (isset($_SESSION['LAST_ACTIVITY']) &&
($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
- echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+ $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
+ 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3);
$this->logout();
} else {
$_SESSION['LAST_ACTIVITY'] = $time;
}
}
+ private function getCSRFPreventionToken($ticket) {
+ return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken);
+ }
+
+ private function getRestTicket($username, $password) {
+ global $CFG;
+
+ $result = false;
+ $url = $CFG->wblistadm_url . '/ticket';
+
+ $data = "username=$username&password=$password";
+ $response = $this->RESTCall($url, $data, $cookiesIn = '');
+ if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
+ $data = json_decode($response['content']);
+ $_SESSION['ticket'] = $data->data;
+ $_SESSION['cookies'] = $response['cookies'];
+ $result = true;
+ }
+
+ return $result;
+ }
+
+ public function makeRestCall($method, $data = null) {
+ global $CFG;
+
+ $result;
+
+ $url = $CFG->wblistadm_url . "$method";
+ $token = $this->getCSRFPreventionToken($_SESSION['ticket']);
+ $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token);
+
+ if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
+ if ($data) {
+ // HTTP POST
+ $result = true;
+ } else {
+ // HTTP GET
+ $data = json_decode($response['content']);
+ $result = $data->data;
+ }
+ } else {
+ $result = ($data) ? false : array();
+ }
+
+ return $result;
+ }
+
+ private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) {
+ $options = array(
+ CURLOPT_RETURNTRANSFER => true, // return web page
+ CURLOPT_HEADER => true, //return headers in addition to content
+ CURLOPT_FOLLOWLOCATION => true, // follow redirects
+ CURLOPT_ENCODING => "", // handle all encodings
+ CURLOPT_AUTOREFERER => true, // set referer on redirect
+ CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect
+ CURLOPT_TIMEOUT => 120, // timeout on response
+ CURLOPT_MAXREDIRS => 10, // stop after 10 redirects
+ CURLINFO_HEADER_OUT => true,
+ CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks
+ CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
+ CURLOPT_COOKIE => $cookiesIn
+ );
+
+ if ($data) {
+ $options[CURLOPT_POST] = 1;
+ $options[CURLOPT_POSTFIELDS] = $data;
+ }
+
+ if ($headers) {
+ $options[CURLOPT_HTTPHEADER] = $headers;
+ }
+
+ $ch = curl_init($url);
+ curl_setopt_array($ch, $options);
+ $rough_content = curl_exec($ch);
+ $err = curl_errno($ch);
+ $errmsg = curl_error($ch);
+ $header = curl_getinfo($ch);
+ curl_close($ch);
+
+ $header_content = substr($rough_content, 0, $header['header_size']);
+ $body_content = trim(str_replace($header_content, '', $rough_content));
+ $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m";
+ preg_match_all($pattern, $header_content, $matches);
+ $cookiesOut = implode("; ", $matches['cookie']);
+
+ $header['errno'] = $err;
+ $header['errmsg'] = $errmsg;
+ $header['headers'] = $header_content;
+ $header['content'] = $body_content;
+ $header['cookies'] = $cookiesOut;
+
+ return $header;
+ }
+
public function logout() {
+ $this->log("logout", 4);
+
if (ini_get('session.use_cookies')) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
public function isAdmin() {
$admin = false;
+ $this->log("isAdmin", 4);
+
if (isset($this->settings['admin'])) {
$admin = $this->settings['admin'];
}
global $CFG;
$result = false;
+ $this->log("login", 4);
+
if ('' == session_id()) {
$this->startSession();
}
$sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
$info = @ldap_get_entries($ds, $sr); // array
if ($info['count'] > 0) {
- $this->settings['user'] = $user;
- $result = true;
- $this->settings['loginStatus'] = 'OK';
- $admin = 'NO';
- if (isset($info[0]['domainglobaladmin'])) {
- $admin = $info[0]['domainglobaladmin'][0];
- $admin = strtoupper($admin);
+ // Log in to wblistadm server and get CSRFPreventionToken
+ if ($this->getRestTicket($user, $pw)) {
+ $this->settings['user'] = $user;
+ $result = true;
+ $this->settings['loginStatus'] = 'OK';
+ $admin = 'NO';
+ if (isset($info[0]['domainglobaladmin'])) {
+ $admin = $info[0]['domainglobaladmin'][0];
+ $admin = strtoupper($admin);
+ }
+ $this->settings['admin'] = ($admin == 'YES') ? true : false;
+ } else {
+ $this->settings['loginStatus'] = 'Login failed';
}
- $this->settings['admin'] = ($admin == 'YES') ? true : false;
} else {
$this->settings['loginStatus'] = 'Login failed';
}
public function getLoginStatus() {
$status = 'Not logged in';
+ $this->log("getLoginStatus", 4);
+
if (isset($this->settings['loginStatus'])) {
$status = $this->settings['loginStatus'];
}
global $CFG;
$loggedIn = false;
+ $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3);
+
if ('' == session_id()) {
$this->startSession();
}
+ $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3);
$this->checkSession();
+ $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3);
if (isset($this->settings['user'])) {
if ($this->settings['user'] != null) {
$loggedIn = true;
} else {
if ($CFG->auth_method == 'HTTP_AUTH') {
- if (isset($this->server['PHP_AUTH_USER'])) {
- $this->settings['user'] = $this->server['PHP_AUTH_USER'];
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
$loggedIn = true;
}
}
}
if ($loggedIn == false) {
- echo '$this->settings: '.var_export($this->settings, true);
- echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
- //exit;
+ $this->log('$this->settings: '.var_export($this->settings, true), 3);
+ $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
}
$_SESSION['settings'] = $this->settings;
public function getUser() {
$user = null;
+ $this->log("getUser", 4);
+
if ($this->isLoggedIn()) {
$user = $this->settings['user'];
}
return $user;
}
+ public function authorized($recipient) {
+ $authorized = false;
+
+ $this->log("authorized '$recipient'", 3);
+
+ if ($this->isAdmin() || $this->getUser() == $recipient) {
+ $authorized = true;
+ }
+ $msg = ($authorized) ? 'authorize' : 'not authorize';
+ $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3);
+
+ return $authorized;
+ }
+
public function getHeader() {
+ $this->log("getHeader", 4);
+
return $this->header;
}
public function getFooter() {
+ $this->log("getFooter", 4);
+
return $this->footer;
}
public function getHeading() {
+ $this->log("getHeading", 4);
+
return $this->heading;
}
public function setHeading($heading) {
global $CFG;
+ $this->log("setHeading", 4);
+
$timeout = $CFG->session_timeout * 60 * 1000;
$this->heading = str_replace('__TITLE__', $heading, $this->heading);
$this->header = str_replace('__TITLE__', $heading, $this->header);
}
public function convertContent($code) {
+ $this->log("convertContent", 4);
+
$table = array(
'V' => 'Virus',
'B' => 'Banned',
projects / qtadmin.git / blobdiff