]> git.datanom.net - qtadmin.git/blobdiff - lib/utils.inc.php
Fix bug in session handler
[qtadmin.git] / lib / utils.inc.php
index ec842b873b6657a7d7b18e2662ed75c8051bbdb4..a792bd5214b75ed5415497f7ad9de997927e3fea 100644 (file)
@@ -4,145 +4,158 @@ require_once $CFG->root .'config.php';
 
 class Utils {
 
-       private static $_instance = null;
-       private $server;
-       private $user;
-       private $is_admin;
-       private $loginStatus;
-       private $header = '<!DOCTYPE html>
+    private static $_instance = null;
+    private $server;
+    private $user;
+    private $is_admin;
+    private $loginStatus;
+    private $timeout;
+    private $header = '<!DOCTYPE html>
 <html>
 <head>
-       <meta charset="utf-8">
-       <link rel="stylesheet" href="css/styles.css">
-       <script>
-               var timeout = __TIMEOUT__;
-       </script>
-       <script src="__ROOT__js/timer.js"></script>
-       <title>__TITLE__</title>
+    <meta charset="utf-8">
+    <link rel="stylesheet" href="css/styles.css">
+    <script>
+        var timeout = __TIMEOUT__;
+    </script>
+    <script src="__ROOT__js/timer.js"></script>
+    <script src="__ROOT__js/checkbox.js"></script>
+    <title>__TITLE__</title>
 </head>
 <body>';
-       private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net">
-                       QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
-       private $heading = '<p id="time" class="time">Session timeout: 
-                       <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
-
-       private function __construct() {
-               global $CFG;
-
-               $this->server = $_SERVER;
-               session_start();
-                
-               $this->user = null;
-               $this->is_admin = false;
-               $this->loginStatus = 'Not logged in';
-
-               if (isset($_SESSION['user'])) {
-                       $this->user = $_SESSION['user'];
-                       $this->loginStatus = 'OK';
-                       $this->is_admin = $_SESSION['is_admin'];
-               } else {
-                       if ($CFG->auth_method == 'HTTP_AUTH') {
-                               if (isset($this->server['PHP_AUTH_USER'])) {
-                                       $this->user = $this->server['PHP_AUTH_USER'];
-                                       $this->loginStatus = 'OK';
-                                       if ($CFG->admin_user == $this->user)
-                                               $this->is_admin = true;
-                               }
-                       }
-               }
-               $_SESSION['user'] = $this->user;
-               $_SESSION['is_admin'] = $this->is_admin;
-       }
-
-       private function __clone() {}
-
-       public static function getInstance() {
-               global $CFG;
-
-               if (!is_object(self::$_instance)) {
-                       self::$_instance = new Utils();
-               }
-               // Session timeout handler
-               if ('' == session_id())
-                       session_start();
-               if (isset($CFG->session_timeout)) {
-                       $timeout = $CFG->session_timeout * 60;
-               } else {
-                       $timeout = 20 * 60;
-               }
-               
-               if (ini_get('session.gc_maxlifetime') != $timeout)
-                       ini_set('session.gc_maxlifetime', $timeout);
-               if (ini_get('session.cookie_lifetime') != $timeout)
-                       ini_set('session.cookie_lifetime', $timeout);
-               $time = $_SERVER['REQUEST_TIME'];
-               if (isset($_SESSION['LAST_ACTIVITY']) && ($time - $_SESSION['LAST_ACTIVITY']) >= $timeout) {
-                       session_unset();
-                       session_destroy();
-                       session_start();
-                       self::$_instance->user = null;
-                       self::$_instance->is_admin = false;
-               }
-               $_SESSION['LAST_ACTIVITY'] = $time;
-
-               return self::$_instance; 
-       }
-
-       public function logout() {
-               $_SESSION = array();
-               if (ini_get('session.use_cookies')) {
-                       $params = session_get_cookie_params();
-                       setcookie(session_name(), '', time() - 42000,
-                               $params['path'], $params['domain'],
-                               $params['secure'], $params['httponly']);
-               }
-               session_unset();
-               session_destroy();
-               $this->user = null;
-               $this->is_admin = false;
-       }
-
-       public function isAdmin() {
-               //file_put_contents('/tmp/login.txt', var_export($this, true));
-               return $this->is_admin;
-       }
-
-       public function login($user, $pw) {
-               global $CFG;
-               $result = false;
-
-               unset($_SESSION['user']);
-               unset($_SESSION['is_admin']);
-               $this->user = null;
-               $this->is_admin = false;
-               
-               $p = explode('@', $user);
-               if (count($p) != 2) {
-                       $this->loginStatus = 'Bad username';
-                       return false;
-               }
-               $domain = $p[1];
-               $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
+    private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
+            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
+    private $heading = '<p id="time" class="time">Session timeout:
+            <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
+
+    private function __construct() {
+        global $CFG;
+
+        $this->server = $_SERVER;
+
+        $this->user = null;
+        $this->is_admin = false;
+        $this->loginStatus = 'Not logged in';
+
+        $this->startSession();
+
+        if (isset($_SESSION['user'])) {
+            $this->user = $_SESSION['user'];
+            $this->loginStatus = 'OK';
+            $this->is_admin = $_SESSION['is_admin'];
+        } else {
+            if ($CFG->auth_method == 'HTTP_AUTH') {
+                if (isset($this->server['PHP_AUTH_USER'])) {
+                    $this->user = $this->server['PHP_AUTH_USER'];
+                    $this->loginStatus = 'OK';
+                    if ($CFG->admin_user == $this->user)
+                        $this->is_admin = true;
+                }
+            }
+        }
+        $_SESSION['user'] = $this->user;
+        $_SESSION['is_admin'] = $this->is_admin;
+    }
+
+    private function __clone() {}
+
+    private function startSession() {
+        global $CFG;
+
+        if (isset($CFG->session_timeout)) {
+            $this->timeout = $CFG->session_timeout * 60;
+        } else {
+            $this->timeout = 20 * 60;
+        }
+
+        if (ini_get('session.gc_maxlifetime') != $this->timeout)
+            ini_set('session.gc_maxlifetime', $this->timeout);
+        if (ini_get('session.cookie_lifetime') != $this->timeout)
+            ini_set('session.cookie_lifetime', $this->timeout);
+
+        session_start();
+
+        //echo ini_get('session.gc_maxlifetime').':'.ini_get('session.cookie_lifetime');
+    }
+
+    public static function getInstance() {
+        global $CFG;
+
+        if (!is_object(self::$_instance)) {
+            self::$_instance = new Utils();
+        }
+
+        $time = $_SERVER['REQUEST_TIME'];
+        if (isset($_SESSION['LAST_ACTIVITY']) &&
+                ($time - $_SESSION['LAST_ACTIVITY']) >= self::$_instance->timeout) {
+            echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+            exit;
+            session_unset();
+            session_destroy();
+            self::$_instance->user = null;
+            self::$_instance->is_admin = false;
+        } else {
+            $_SESSION['LAST_ACTIVITY'] = $time;
+        }
+
+        return self::$_instance;
+    }
+
+    public function logout() {
+        $_SESSION = array();
+        if (ini_get('session.use_cookies')) {
+            $params = session_get_cookie_params();
+            setcookie(session_name(), '', time() - 42000,
+                $params['path'], $params['domain'],
+                $params['secure'], $params['httponly']);
+        }
+        session_unset();
+        session_destroy();
+        $this->user = null;
+        $this->is_admin = false;
+    }
+
+    public function isAdmin() {
+        //file_put_contents('/tmp/login.txt', var_export($this, true));
+        return $this->is_admin;
+    }
+
+    public function login($user, $pw) {
+        global $CFG;
+        $result = false;
+
+        unset($_SESSION['user']);
+        unset($_SESSION['is_admin']);
+        $this->user = null;
+        $this->is_admin = false;
+
+        $p = explode('@', $user);
+        if (count($p) != 2) {
+            $this->loginStatus = 'Bad username';
+            return false;
+        }
+        $domain = $p[1];
+        $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
         $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
         $ds = @ldap_connect($CFG->ldap_dsn);
         if ($ds) {
-                       @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+            @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
             $r = @ldap_bind($ds, $dn, $pw);
             if ($r) {
                 $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
                 $info = @ldap_get_entries($ds, $sr); // array
                 if ($info['count'] > 0) {
-                                       $_SESSION['user'] = $user;
-                               $this->user = $user;
-                                       $result = true;
-                                       $this->loginStatus = 'OK';
-                                       $admin = 'NO';
-                                       if (isset($info[0]['domainglobaladmin'])) {
-                                               $admin = $info[0]['domainglobaladmin'][0];
-                                               $admin = strtoupper($admin);
-                                       } 
-                                       $this->is_admin = ($admin == 'YES') ? true : false;
-                                       $_SESSION['is_admin'] = $this->is_admin;
+                    $_SESSION['user'] = $user;
+                    $this->user = $user;
+                    $result = true;
+                    $this->loginStatus = 'OK';
+                    $admin = 'NO';
+                    if (isset($info[0]['domainglobaladmin'])) {
+                        $admin = $info[0]['domainglobaladmin'][0];
+                        $admin = strtoupper($admin);
+                    }
+                    $this->is_admin = ($admin == 'YES') ? true : false;
+                    $_SESSION['is_admin'] = $this->is_admin;
                 } else {
                     $this->loginStatus = 'Login failed';
                 }
@@ -154,79 +167,85 @@ class Utils {
             $this->loginStatus = 'Connect to LDAP server failed';
         }
 
-               return $result;
-       }
-
-       public function getLoginStatus() {
-               return $this->loginStatus;
-       }
-
-       public function isLoggedIn() {
-               global $CFG;
-               $loggedIn = false;
-
-               if ($this->user) {
-                       $loggedIn = true;
-               } else if (isset($_SESSION['user'])) {
-                       $this->user = $_SESSION['user'];
-                       $loggedIn = true;
-               } else {
-                       if ($CFG->auth_method == 'HTTP_AUTH') {
-                               if (isset($this->server['PHP_AUTH_USER'])) {
-                                       $this->user = $this->server['PHP_AUTH_USER'];
-                                       $loggedIn = true;
-                               }
-                       }
-               }
-
-               return $loggedIn;
-       }
-
-       public function getUser() {
-               $this->isLoggedIn();
-               return $this->user;
-       }
-
-       public function getHeader() {
-               return $this->header;
-       }
-
-        public function getFooter() {
-                return $this->footer;
-        }
+        return $result;
+    }
 
-        public function getHeading() {
-                return $this->heading;
-        }
+    public function getLoginStatus() {
+        return $this->loginStatus;
+    }
+
+    public function isLoggedIn() {
+        global $CFG;
+        $loggedIn = false;
 
-        public function setHeading($heading) {
-                       global $CFG;
+        echo '$this->user: '.$this->user.' $_SESSION['user']: '.$_SESSION['user'];
+        if ($this->user) {
+            $loggedIn = true;
+        } else if (isset($_SESSION['user'])) {
+            $this->user = $_SESSION['user'];
+            $loggedIn = true;
+        } else {
+            if ($CFG->auth_method == 'HTTP_AUTH') {
+                if (isset($this->server['PHP_AUTH_USER'])) {
+                    $this->user = $this->server['PHP_AUTH_USER'];
+                    $loggedIn = true;
+                }
+            }
+        }
 
-                       $timeout = $CFG->session_timeout * 60 * 1000;
-            $this->heading = str_replace('__TITLE__', $heading, $this->heading);
-                       $this->header = str_replace('__TITLE__', $heading, $this->header);
-                       $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
-                       $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
+        if ($loggedIn == false {
+            echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+            exit;
         }
+        return $loggedIn;
+    }
+
+    public function getUser() {
+        $this->isLoggedIn();
+        return $this->user;
+    }
+
+    public function getHeader() {
+        return $this->header;
+    }
+
+    public function getFooter() {
+        return $this->footer;
+    }
+
+    public function getHeading() {
+        return $this->heading;
+    }
+
+    public function setHeading($heading) {
+        global $CFG;
+
+        $timeout = $CFG->session_timeout * 60 * 1000;
+        $this->heading = str_replace('__TITLE__', $heading, $this->heading);
+        $this->header = str_replace('__TITLE__', $heading, $this->header);
+        $this->header = str_replace('__ROOT__', $CFG->wwwroot, $this->header);
+        $this->header = str_replace('__TIMEOUT__', $timeout, $this->header);
+    }
+
+    public function convertContent($code) {
+        $table = array(
+            'V' => 'Virus',
+            'B' => 'Banned',
+            'U' => 'Unchecked',
+            'S' => 'Spam',
+            'Y' => 'Spammy',
+            'M' => 'Bad Mime',
+            'H' => 'Bad Header',
+            'O' => 'Over sized',
+            'T' => 'MTA err',
+            'C' => 'Clean'
+        );
+
+        $string = $table[$code];
+        if (empty($string))
+            $string = 'Unknown';
+
+        return $string;
+    }
 
-               public function convertContent($code) {
-                       $table = array(
-                               'V' => 'Virus',
-                               'B' => 'Banned',
-                               'U' => 'Unchecked',
-                               'S' => 'Spam',
-                               'Y' => 'Spammy',
-                               'M' => 'Bad Mime',
-                               'H' => 'Bad Header',
-                               'O' => 'Over sized',
-                               'T' => 'MTA err',
-                               'C' => 'Clean'
-                       );
-                       
-                       $string = $table[$code];
-                       if (empty($string))
-                               $string = 'Unknown';
-
-                       return $string;
-               }
 }
This page took 0.073262 seconds and 5 git commands to generate.