]> git.datanom.net - qtadmin.git/blobdiff - lib/utils.inc.php
prepare for wblistadm server
[qtadmin.git] / lib / utils.inc.php
index 71f0071291f0e1d60aebe7ba8db84988db27fdc2..6cea76ef1943fbc4d3c551f9e4eb27307f175248 100644 (file)
@@ -1,6 +1,7 @@
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
 require_once $CFG->root .'config.php';
+require_once $CFG->root . 'lib/session_handler.inc.php';
 
 class Utils {
 
@@ -18,11 +19,13 @@ class Utils {
     </script>
     <script src="__ROOT__js/timer.js"></script>
     <script src="__ROOT__js/checkbox.js"></script>
+    <script src="__ROOT__js/forms.js"></script>
     <title>__TITLE__</title>
 </head>
-<body>';
-    private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
-            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
+<body><div id="container">';
+    private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
+            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p>
+    </div></body></html>';
     private $heading = '<p id="time" class="time">Session timeout:
             <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
 
@@ -55,8 +58,8 @@ class Utils {
         $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3);
 
         if ($CFG->auth_method == 'HTTP_AUTH') {
-            if (isset($this->server['PHP_AUTH_USER'])) {
-                $this->settings['user'] = $this->server['PHP_AUTH_USER'];
+            if (isset($_SERVER['PHP_AUTH_USER'])) {
+                $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
                 $this->settings['loginStatus'] = 'OK';
                 if ($CFG->admin_user == $this->settings['user'])
                     $this->settings['admin'] = true;
@@ -82,7 +85,21 @@ class Utils {
 
         switch ($this->log_method) {
             case 'file':
+                if (isset($CFG->log_file)) {
+                    if ($CFG->log_file[0] == '/') {
+                        $file = $CFG->log_file;
+                    } else {
+                        $file = $CFG->root.$CFG->log_file;
+                    }
+                } else {
+                    $file = $CFG->root.'qtadmin.log';
+                }
+                file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX);
+                chmod($file, 0600);
+                break;
             case 'stderr':
+                file_put_contents('php://stderr', "[$time]: $message\n");
+                break;
             case 'syslog':
                 syslog($priority, $message);
                 break;
@@ -103,7 +120,6 @@ class Utils {
         }
 
         $this->settings = array(
-            'server' => $_SERVER,
             'user' => null,
             'admin' => false,
             'loginStatus' => 'Not logged in',
@@ -126,8 +142,9 @@ class Utils {
 
         if (ini_get('session.gc_maxlifetime') != $this->timeout)
             ini_set('session.gc_maxlifetime', $this->timeout);
-        if (ini_get('session.cookie_lifetime') != $this->timeout)
-            ini_set('session.cookie_lifetime', $this->timeout);
+        //if (ini_get('session.cookie_lifetime') != $this->timeout)
+        //    ini_set('session.cookie_lifetime', $this->timeout);
+        ini_set('session.cookie_lifetime', 0);
 
         session_start();
     }
@@ -144,13 +161,109 @@ class Utils {
         $time = $_SERVER['REQUEST_TIME'];
         if (isset($_SESSION['LAST_ACTIVITY']) &&
                 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
-            echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+            $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
+            'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3);
             $this->logout();
         } else {
             $_SESSION['LAST_ACTIVITY'] = $time;
         }
     }
 
+    private function getCSRFPreventionToken($ticket) {
+        return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken);
+    }
+
+    private function getRestTicket($username, $password) {
+        global $CFG;
+
+        $result = false;
+        $url = $CFG->wblistadm_url . '/ticket';
+
+        $data = "username=$username&password=$password";
+        $response = $this->RESTCall($url, $data, $cookiesIn = '');
+        if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
+            $data = json_decode($response['content']);
+            $_SESSION['ticket'] = $data->data;
+            $_SESSION['cookies'] = $response['cookies'];
+            $result = true;
+        }
+
+        return $result;
+    }
+
+    public function makeRestCall($method, $data = null) {
+        global $CFG;
+
+        $result;
+
+        $url = $CFG->wblistadm_url . "$method";
+        $token = $this->getCSRFPreventionToken($_SESSION['ticket']);
+        $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token);
+
+        if ($response['http_code'] >= 200 && $response['http_code'] <= 204) {
+            if ($data) {
+                // HTTP POST
+                $result = true;
+            } else {
+                // HTTP GET
+                $data = json_decode($response['content']);
+                $result = $data->data;
+            }
+        } else {
+            $result = ($data) ? false : array();
+        }
+
+        return $result;
+    }
+
+    private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) {
+        $options = array(
+            CURLOPT_RETURNTRANSFER => true,     // return web page
+            CURLOPT_HEADER         => true,     //return headers in addition to content
+            CURLOPT_FOLLOWLOCATION => true,     // follow redirects
+            CURLOPT_ENCODING       => "",       // handle all encodings
+            CURLOPT_AUTOREFERER    => true,     // set referer on redirect
+            CURLOPT_CONNECTTIMEOUT => 120,      // timeout on connect
+            CURLOPT_TIMEOUT        => 120,      // timeout on response
+            CURLOPT_MAXREDIRS      => 10,       // stop after 10 redirects
+            CURLINFO_HEADER_OUT    => true,
+            CURLOPT_SSL_VERIFYPEER => false,     // Disabled SSL Cert checks
+            CURLOPT_HTTP_VERSION   => CURL_HTTP_VERSION_1_1,
+            CURLOPT_COOKIE         => $cookiesIn
+        );
+
+        if ($data) {
+            $options[CURLOPT_POST] = 1;
+            $options[CURLOPT_POSTFIELDS] = $data;
+        }
+
+        if ($headers) {
+            $options[CURLOPT_HTTPHEADER] = $headers;
+        }
+
+        $ch = curl_init($url);
+        curl_setopt_array($ch, $options);
+        $rough_content = curl_exec($ch);
+        $err = curl_errno($ch);
+        $errmsg = curl_error($ch);
+        $header = curl_getinfo($ch);
+        curl_close($ch);
+
+        $header_content = substr($rough_content, 0, $header['header_size']);
+        $body_content = trim(str_replace($header_content, '', $rough_content));
+        $pattern = "#Set-Cookie:\\s+(?<cookie>[^=]+=[^;]+)#m";
+        preg_match_all($pattern, $header_content, $matches);
+        $cookiesOut = implode("; ", $matches['cookie']);
+
+        $header['errno']   = $err;
+        $header['errmsg']  = $errmsg;
+        $header['headers'] = $header_content;
+        $header['content'] = $body_content;
+        $header['cookies'] = $cookiesOut;
+
+        return $header;
+    }
+
     public function logout() {
         $this->log("logout", 4);
 
@@ -209,15 +322,20 @@ class Utils {
                     $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
                     $info = @ldap_get_entries($ds, $sr); // array
                     if ($info['count'] > 0) {
-                        $this->settings['user'] = $user;
-                        $result = true;
-                        $this->settings['loginStatus'] = 'OK';
-                        $admin = 'NO';
-                        if (isset($info[0]['domainglobaladmin'])) {
-                            $admin = $info[0]['domainglobaladmin'][0];
-                            $admin = strtoupper($admin);
+                        // Log in to wblistadm server and get CSRFPreventionToken
+                        if ($this->getRestTicket($user, $pw)) {
+                            $this->settings['user'] = $user;
+                            $result = true;
+                            $this->settings['loginStatus'] = 'OK';
+                            $admin = 'NO';
+                            if (isset($info[0]['domainglobaladmin'])) {
+                                $admin = $info[0]['domainglobaladmin'][0];
+                                $admin = strtoupper($admin);
+                            }
+                            $this->settings['admin'] = ($admin == 'YES') ? true : false;
+                        } else {
+                            $this->settings['loginStatus'] = 'Login failed';
                         }
-                        $this->settings['admin'] = ($admin == 'YES') ? true : false;
                     } else {
                         $this->settings['loginStatus'] = 'Login failed';
                     }
@@ -266,8 +384,8 @@ class Utils {
                 $loggedIn = true;
             } else {
                 if ($CFG->auth_method == 'HTTP_AUTH') {
-                    if (isset($this->server['PHP_AUTH_USER'])) {
-                        $this->settings['user'] = $this->server['PHP_AUTH_USER'];
+                    if (isset($_SERVER['PHP_AUTH_USER'])) {
+                        $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
                         $loggedIn = true;
                     }
                 }
@@ -275,9 +393,8 @@ class Utils {
         }
 
         if ($loggedIn == false) {
-            echo '$this->settings: '.var_export($this->settings, true);
-            echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
-            //exit;
+            $this->log('$this->settings: '.var_export($this->settings, true), 3);
+            $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
         }
 
         $_SESSION['settings'] = $this->settings;
@@ -297,6 +414,20 @@ class Utils {
         return $user;
     }
 
+    public function authorized($recipient) {
+        $authorized = false;
+
+        $this->log("authorized '$recipient'", 3);
+
+        if ($this->isAdmin() || $this->getUser() == $recipient) {
+            $authorized = true;
+        }
+        $msg = ($authorized) ? 'authorize' : 'not authorize';
+        $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3);
+
+        return $authorized;
+    }
+
     public function getHeader() {
         $this->log("getHeader", 4);
 
This page took 0.072539 seconds and 5 git commands to generate.