]> git.datanom.net - qtadmin.git/blobdiff - lib/utils.inc.php
Enhance security
[qtadmin.git] / lib / utils.inc.php
index 2f1671dcc8c867c37b0da0b718d7e796b457dd34..0b9fe701e4a17199b9807c8e44f39e7363c91457 100644 (file)
@@ -1,14 +1,14 @@
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
 require_once $CFG->root .'config.php';
+require_once $CFG->root . 'lib/session_handler.inc.php';
 
 class Utils {
 
-    private static $_instance = null;
-    private $server;
-    private $user;
-    private $is_admin;
-    private $loginStatus;
+    private $timeout = false;
+    private $settings;
+    private $log_level;
+    private $log_method;
     private $header = '<!DOCTYPE html>
 <html>
 <head>
@@ -18,190 +18,335 @@ class Utils {
         var timeout = __TIMEOUT__;
     </script>
     <script src="__ROOT__js/timer.js"></script>
+    <script src="__ROOT__js/checkbox.js"></script>
+    <script src="__ROOT__js/forms.js"></script>
     <title>__TITLE__</title>
 </head>
-<body>';
-    private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net">
-            QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
+<body><div id="container">';
+    private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
+            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p>
+    </div></body></html>';
     private $heading = '<p id="time" class="time">Session timeout:
             <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
 
-    private function __construct() {
+    public function __construct() {
         global $CFG;
 
-        $this->server = $_SERVER;
-        session_start();
-
-        $this->user = null;
-        $this->is_admin = false;
-        $this->loginStatus = 'Not logged in';
+        if (isset($CFG->log_level)) {
+            $this->log_level = $CFG->log_level;
+        } else {
+            $this->log_level = 1;
+        }
 
-        if (isset($_SESSION['user'])) {
-            $this->user = $_SESSION['user'];
-            $this->loginStatus = 'OK';
-            $this->is_admin = $_SESSION['is_admin'];
+        if (isset($CFG->log_method)) {
+            $this->log_method = $CFG->log_method;
         } else {
-            if ($CFG->auth_method == 'HTTP_AUTH') {
-                if (isset($this->server['PHP_AUTH_USER'])) {
-                    $this->user = $this->server['PHP_AUTH_USER'];
-                    $this->loginStatus = 'OK';
-                    if ($CFG->admin_user == $this->user)
-                        $this->is_admin = true;
-                }
+            $this->log_level = 'syslog';
+        }
+
+        $this->log("Init Utils", 4);
+
+        $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3);
+        $this->startSession();
+        $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3);
+
+        if (! isset($_SESSION['settings'])) {
+            $this->initSettings();
+        }
+        $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3);
+        $this->settings = $_SESSION['settings'];
+        $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3);
+
+        if ($CFG->auth_method == 'HTTP_AUTH') {
+            if (isset($_SERVER['PHP_AUTH_USER'])) {
+                $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
+                $this->settings['loginStatus'] = 'OK';
+                if ($CFG->admin_user == $this->settings['user'])
+                    $this->settings['admin'] = true;
             }
         }
-        $_SESSION['user'] = $this->user;
-        $_SESSION['is_admin'] = $this->is_admin;
     }
 
-    private function __clone() {}
-
-    public static function getInstance() {
+    private function log($message, $level = 1) {
         global $CFG;
 
-        if (!is_object(self::$_instance)) {
-            self::$_instance = new Utils();
+        if ($level > $this->log_level)
+            return;
+
+        $time = date('c');
+
+        $priority = LOG_INFO;
+        switch ($level) {
+            case 1: $priority = LOG_ERR; break;
+            case 2: $priority = LOG_WARNING; break;
+            case 3: $priority = LOG_INFO; break;
+            case 4: $priority = LOG_DEBUG; break;
+        }
+
+        switch ($this->log_method) {
+            case 'file':
+                if (isset($CFG->log_file)) {
+                    if ($CFG->log_file[0] == '/') {
+                        $file = $CFG->log_file;
+                    } else {
+                        $file = $CFG->root.$CFG->log_file;
+                    }
+                } else {
+                    $file = $CFG->root.'qtadmin.log';
+                }
+                file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX);
+                chmod($file, 0600);
+                break;
+            case 'stderr':
+                file_put_contents('php://stderr', "[$time]: $message\n");
+                break;
+            case 'syslog':
+                syslog($priority, $message);
+                break;
+        }
+    }
+
+    private function initSettings() {
+        $this->log("InitSettings", 4);
+
+        if ('' == session_id()) {
+            $this->startSession();
         }
-        // Session timeout handler
-        if ('' == session_id())
-            session_start();
+
+        if (false !== $this->timeout) {
+            $timeout = $this->timeout;
+        } else {
+            $timeout = 0;
+        }
+
+        $this->settings = array(
+            'user' => null,
+            'admin' => false,
+            'loginStatus' => 'Not logged in',
+            'timeout' => $timeout
+        );
+
+        $_SESSION['settings'] = $this->settings;
+    }
+
+    private function startSession() {
+        global $CFG;
+
+        $this->log("startSession", 4);
+
         if (isset($CFG->session_timeout)) {
-            $timeout = $CFG->session_timeout * 60;
+            $this->timeout = $CFG->session_timeout * 60;
         } else {
-            $timeout = 20 * 60;
+            $this->timeout = 20 * 60;
         }
 
-        if (ini_get('session.gc_maxlifetime') != $timeout)
-            ini_set('session.gc_maxlifetime', $timeout);
-        if (ini_get('session.cookie_lifetime') != $timeout)
-            ini_set('session.cookie_lifetime', $timeout);
-        $time = $_SERVER['REQUEST_TIME'];
-        if (isset($_SESSION['LAST_ACTIVITY']) && ($time - $_SESSION['LAST_ACTIVITY']) >= $timeout) {
-            session_unset();
-            session_destroy();
-            session_start();
-            self::$_instance->user = null;
-            self::$_instance->is_admin = false;
+        if (ini_get('session.gc_maxlifetime') != $this->timeout)
+            ini_set('session.gc_maxlifetime', $this->timeout);
+        //if (ini_get('session.cookie_lifetime') != $this->timeout)
+        //    ini_set('session.cookie_lifetime', $this->timeout);
+        ini_set('session.cookie_lifetime', 0);
+
+        session_start();
+    }
+
+    private function checkSession() {
+        global $CFG;
+
+        $this->log("checkSession", 4);
+
+        if ('' == session_id()) {
+            $this->startSession();
         }
-        $_SESSION['LAST_ACTIVITY'] = $time;
 
-        return self::$_instance;
+        $time = $_SERVER['REQUEST_TIME'];
+        if (isset($_SESSION['LAST_ACTIVITY']) &&
+                ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
+            $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
+            'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3);
+            $this->logout();
+        } else {
+            $_SESSION['LAST_ACTIVITY'] = $time;
+        }
     }
 
     public function logout() {
-        $_SESSION = array();
+        $this->log("logout", 4);
+
         if (ini_get('session.use_cookies')) {
             $params = session_get_cookie_params();
             setcookie(session_name(), '', time() - 42000,
                 $params['path'], $params['domain'],
                 $params['secure'], $params['httponly']);
         }
-        session_unset();
-        session_destroy();
-        $this->user = null;
-        $this->is_admin = false;
+
+        if ('' != session_id()) {
+            $_SESSION = array();
+            session_unset();
+            session_destroy();
+        }
+        $this->settings = array();
     }
 
     public function isAdmin() {
-        //file_put_contents('/tmp/login.txt', var_export($this, true));
-        return $this->is_admin;
+        $admin = false;
+
+        $this->log("isAdmin", 4);
+
+        if (isset($this->settings['admin'])) {
+            $admin = $this->settings['admin'];
+        }
+
+        return $admin;
     }
 
     public function login($user, $pw) {
         global $CFG;
         $result = false;
 
-        unset($_SESSION['user']);
-        unset($_SESSION['is_admin']);
-        $this->user = null;
-        $this->is_admin = false;
+        $this->log("login", 4);
+
+        if ('' == session_id()) {
+            $this->startSession();
+        }
+
+        $this->settings['user'] = null;
+        $this->settings['admin'] = false;
 
         $p = explode('@', $user);
         if (count($p) != 2) {
-            $this->loginStatus = 'Bad username';
-            return false;
-        }
-        $domain = $p[1];
-        $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
-        $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
-        $ds = @ldap_connect($CFG->ldap_dsn);
-        if ($ds) {
-            @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
-            $r = @ldap_bind($ds, $dn, $pw);
-            if ($r) {
-                $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
-                $info = @ldap_get_entries($ds, $sr); // array
-                if ($info['count'] > 0) {
-                    $_SESSION['user'] = $user;
-                    $this->user = $user;
-                    $result = true;
-                    $this->loginStatus = 'OK';
-                    $admin = 'NO';
-                    if (isset($info[0]['domainglobaladmin'])) {
-                        $admin = $info[0]['domainglobaladmin'][0];
-                        $admin = strtoupper($admin);
+           $this->settings['loginStatus'] = 'Bad username';
+        } else {
+            $domain = $p[1];
+            $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn";
+            $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))";
+            $ds = @ldap_connect($CFG->ldap_dsn);
+            if ($ds) {
+                @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+                $r = @ldap_bind($ds, $dn, $pw);
+                if ($r) {
+                    $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin'));
+                    $info = @ldap_get_entries($ds, $sr); // array
+                    if ($info['count'] > 0) {
+                        $this->settings['user'] = $user;
+                        $result = true;
+                        $this->settings['loginStatus'] = 'OK';
+                        $admin = 'NO';
+                        if (isset($info[0]['domainglobaladmin'])) {
+                            $admin = $info[0]['domainglobaladmin'][0];
+                            $admin = strtoupper($admin);
+                        }
+                        $this->settings['admin'] = ($admin == 'YES') ? true : false;
+                    } else {
+                        $this->settings['loginStatus'] = 'Login failed';
                     }
-                    $this->is_admin = ($admin == 'YES') ? true : false;
-                    $_SESSION['is_admin'] = $this->is_admin;
                 } else {
-                    $this->loginStatus = 'Login failed';
+                    $this->settings['loginStatus'] = ldap_error($ds);
                 }
+                @ldap_close($ds);
             } else {
-                $this->loginStatus = ldap_error($ds);
+                $this->settings['loginStatus'] = 'Connect to LDAP server failed';
             }
-            @ldap_close($ds);
-        } else {
-            $this->loginStatus = 'Connect to LDAP server failed';
         }
 
+        $_SESSION['settings'] = $this->settings;
+
         return $result;
     }
 
     public function getLoginStatus() {
-        return $this->loginStatus;
+        $status = 'Not logged in';
+
+        $this->log("getLoginStatus", 4);
+
+        if (isset($this->settings['loginStatus'])) {
+            $status = $this->settings['loginStatus'];
+        }
+
+        return $status;
     }
 
     public function isLoggedIn() {
         global $CFG;
         $loggedIn = false;
 
-        if ($this->user) {
-            $loggedIn = true;
-        } else if (isset($_SESSION['user'])) {
-            $this->user = $_SESSION['user'];
-            $loggedIn = true;
-        } else {
-            if ($CFG->auth_method == 'HTTP_AUTH') {
-                if (isset($this->server['PHP_AUTH_USER'])) {
-                    $this->user = $this->server['PHP_AUTH_USER'];
-                    $loggedIn = true;
+        $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3);
+
+        if ('' == session_id()) {
+            $this->startSession();
+        }
+
+        $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3);
+        $this->checkSession();
+        $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3);
+
+        if (isset($this->settings['user'])) {
+            if ($this->settings['user'] != null) {
+                $loggedIn = true;
+            } else {
+                if ($CFG->auth_method == 'HTTP_AUTH') {
+                    if (isset($_SERVER['PHP_AUTH_USER'])) {
+                        $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
+                        $loggedIn = true;
+                    }
                 }
             }
         }
 
+        if ($loggedIn == false) {
+            $this->log('$this->settings: '.var_export($this->settings, true), 3);
+            $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
+        }
+
+        $_SESSION['settings'] = $this->settings;
+
         return $loggedIn;
     }
 
     public function getUser() {
-        $this->isLoggedIn();
-        return $this->user;
+        $user = null;
+
+        $this->log("getUser", 4);
+
+        if ($this->isLoggedIn()) {
+            $user = $this->settings['user'];
+        }
+
+        return $user;
+    }
+
+    public function authorized($recipient) {
+        $authorized = false;
+
+        if ($this->isAdmin() || $this->getUser() == $recipient) {
+            $authorized = true;
+        }
+
+        return $authorized;
     }
 
     public function getHeader() {
+        $this->log("getHeader", 4);
+
         return $this->header;
     }
 
     public function getFooter() {
+        $this->log("getFooter", 4);
+
         return $this->footer;
     }
 
     public function getHeading() {
+        $this->log("getHeading", 4);
+
         return $this->heading;
     }
 
     public function setHeading($heading) {
         global $CFG;
 
+        $this->log("setHeading", 4);
+
         $timeout = $CFG->session_timeout * 60 * 1000;
         $this->heading = str_replace('__TITLE__', $heading, $this->heading);
         $this->header = str_replace('__TITLE__', $heading, $this->header);
@@ -210,6 +355,8 @@ class Utils {
     }
 
     public function convertContent($code) {
+        $this->log("convertContent", 4);
+
         $table = array(
             'V' => 'Virus',
             'B' => 'Banned',
This page took 0.085611 seconds and 5 git commands to generate.