]> git.datanom.net - qtadmin.git/blobdiff - lib/utils.inc.php
projects / qtadmin.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Enhance security
[qtadmin.git] / lib / utils.inc.php
diff --git a/lib/utils.inc.php b/lib/utils.inc.php
index da1cdfb3d42430a6486a6a196c046d507bc60110..eec51cd2674dee5b65cfbba17a205147cb56b0b8 100644 (file)
--- a/lib/utils.inc.php
+++ b/lib/utils.inc.php
@@ -1,6 +1,7 @@
 <?php
 /* vim: set ts=4 tw=0 sw=4 noet: */
 require_once $CFG->root .'config.php';
+require_once $CFG->root . 'lib/session_handler.inc.php';
 
 class Utils {
 
@@ -18,19 +19,19 @@ class Utils {
     </script>
     <script src="__ROOT__js/timer.js"></script>
     <script src="__ROOT__js/checkbox.js"></script>
+    <script src="__ROOT__js/forms.js"></script>
     <title>__TITLE__</title>
 </head>
-<body>';
-    private $footer = '<p class="footer">Powered by <a href="https://qtadmin.datanom.net"
-            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p></body></html>';
+<body><div id="container">';
+    private $footer = '</div><div id="footer"><p>Powered by <a href="https://qtadmin.datanom.net"
+            title="Goto QtAdmin homepage">QtAdmin</a>. &copy; 2015 by Michael Rasmussen</p>
+    </div></body></html>';
     private $heading = '<p id="time" class="time">Session timeout:
             <span id="timer"></span></p><h1 class="h1">__TITLE__</h1>';
 
     public function __construct() {
         global $CFG;
 
-        $this->log("Init Utils", 4);
-
         if (isset($CFG->log_level)) {
             $this->log_level = $CFG->log_level;
         } else {
@@ -43,16 +44,22 @@ class Utils {
             $this->log_level = 'syslog';
         }
 
+        $this->log("Init Utils", 4);
+
+        $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3);
         $this->startSession();
+        $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3);
 
         if (! isset($_SESSION['settings'])) {
             $this->initSettings();
         }
+        $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3);
         $this->settings = $_SESSION['settings'];
+        $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3);
 
         if ($CFG->auth_method == 'HTTP_AUTH') {
-            if (isset($this->server['PHP_AUTH_USER'])) {
-                $this->settings['user'] = $this->server['PHP_AUTH_USER'];
+            if (isset($_SERVER['PHP_AUTH_USER'])) {
+                $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
                 $this->settings['loginStatus'] = 'OK';
                 if ($CFG->admin_user == $this->settings['user'])
                     $this->settings['admin'] = true;
@@ -67,7 +74,6 @@ class Utils {
             return;
 
         $time = date('c');
-        $msg = "[$time] $message";
 
         $priority = LOG_INFO;
         switch ($level) {
@@ -79,14 +85,30 @@ class Utils {
 
         switch ($this->log_method) {
             case 'file':
+                if (isset($CFG->log_file)) {
+                    if ($CFG->log_file[0] == '/') {
+                        $file = $CFG->log_file;
+                    } else {
+                        $file = $CFG->root.$CFG->log_file;
+                    }
+                } else {
+                    $file = $CFG->root.'qtadmin.log';
+                }
+                file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX);
+                chmod($file, 0600);
+                break;
             case 'stderr':
+                file_put_contents('php://stderr', "[$time]: $message\n");
+                break;
             case 'syslog':
-                syslog($priority,$msg);
+                syslog($priority, $message);
                 break;
         }
     }
 
     private function initSettings() {
+        $this->log("InitSettings", 4);
+
         if ('' == session_id()) {
             $this->startSession();
         }
@@ -98,7 +120,6 @@ class Utils {
         }
 
         $this->settings = array(
-            'server' => $_SERVER,
             'user' => null,
             'admin' => false,
             'loginStatus' => 'Not logged in',
@@ -111,6 +132,8 @@ class Utils {
     private function startSession() {
         global $CFG;
 
+        $this->log("startSession", 4);
+
         if (isset($CFG->session_timeout)) {
             $this->timeout = $CFG->session_timeout * 60;
         } else {
@@ -119,8 +142,9 @@ class Utils {
 
         if (ini_get('session.gc_maxlifetime') != $this->timeout)
             ini_set('session.gc_maxlifetime', $this->timeout);
-        if (ini_get('session.cookie_lifetime') != $this->timeout)
-            ini_set('session.cookie_lifetime', $this->timeout);
+        //if (ini_get('session.cookie_lifetime') != $this->timeout)
+        //    ini_set('session.cookie_lifetime', $this->timeout);
+        ini_set('session.cookie_lifetime', 0);
 
         session_start();
     }
@@ -128,6 +152,8 @@ class Utils {
     private function checkSession() {
         global $CFG;
 
+        $this->log("checkSession", 4);
+
         if ('' == session_id()) {
             $this->startSession();
         }
@@ -135,7 +161,8 @@ class Utils {
         $time = $_SERVER['REQUEST_TIME'];
         if (isset($_SESSION['LAST_ACTIVITY']) &&
                 ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) {
-            echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
+            $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY'].
+            'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3);
             $this->logout();
         } else {
             $_SESSION['LAST_ACTIVITY'] = $time;
@@ -143,6 +170,8 @@ class Utils {
     }
 
     public function logout() {
+        $this->log("logout", 4);
+
         if (ini_get('session.use_cookies')) {
             $params = session_get_cookie_params();
             setcookie(session_name(), '', time() - 42000,
@@ -161,6 +190,8 @@ class Utils {
     public function isAdmin() {
         $admin = false;
 
+        $this->log("isAdmin", 4);
+
         if (isset($this->settings['admin'])) {
             $admin = $this->settings['admin'];
         }
@@ -172,6 +203,8 @@ class Utils {
         global $CFG;
         $result = false;
 
+        $this->log("login", 4);
+
         if ('' == session_id()) {
             $this->startSession();
         }
@@ -223,6 +256,8 @@ class Utils {
     public function getLoginStatus() {
         $status = 'Not logged in';
 
+        $this->log("getLoginStatus", 4);
+
         if (isset($this->settings['loginStatus'])) {
             $status = $this->settings['loginStatus'];
         }
@@ -234,19 +269,23 @@ class Utils {
         global $CFG;
         $loggedIn = false;
 
+        $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3);
+
         if ('' == session_id()) {
             $this->startSession();
         }
 
+        $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3);
         $this->checkSession();
+        $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3);
 
         if (isset($this->settings['user'])) {
             if ($this->settings['user'] != null) {
                 $loggedIn = true;
             } else {
                 if ($CFG->auth_method == 'HTTP_AUTH') {
-                    if (isset($this->server['PHP_AUTH_USER'])) {
-                        $this->settings['user'] = $this->server['PHP_AUTH_USER'];
+                    if (isset($_SERVER['PHP_AUTH_USER'])) {
+                        $this->settings['user'] = $_SERVER['PHP_AUTH_USER'];
                         $loggedIn = true;
                     }
                 }
@@ -254,9 +293,8 @@ class Utils {
         }
 
         if ($loggedIn == false) {
-            echo '$this->settings: '.var_export($this->settings, true);
-            echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']);
-            //exit;
+            $this->log('$this->settings: '.var_export($this->settings, true), 3);
+            $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3);
         }
 
         $_SESSION['settings'] = $this->settings;
@@ -267,6 +305,8 @@ class Utils {
     public function getUser() {
         $user = null;
 
+        $this->log("getUser", 4);
+
         if ($this->isLoggedIn()) {
             $user = $this->settings['user'];
         }
@@ -274,21 +314,42 @@ class Utils {
         return $user;
     }
 
+    public function authorized($recipient) {
+        $authorized = false;
+
+        $this->log("authorized '$recipient'", 3);
+
+        if ($this->isAdmin() || $this->getUser() == $recipient) {
+            $authorized = true;
+        }
+        $this->log("authorized '".$this->getUser()."'", 3);
+
+        return $authorized;
+    }
+
     public function getHeader() {
+        $this->log("getHeader", 4);
+
         return $this->header;
     }
 
     public function getFooter() {
+        $this->log("getFooter", 4);
+
         return $this->footer;
     }
 
     public function getHeading() {
+        $this->log("getHeading", 4);
+
         return $this->heading;
     }
 
     public function setHeading($heading) {
         global $CFG;
 
+        $this->log("setHeading", 4);
+
         $timeout = $CFG->session_timeout * 60 * 1000;
         $this->heading = str_replace('__TITLE__', $heading, $this->heading);
         $this->header = str_replace('__TITLE__', $heading, $this->header);
@@ -297,6 +358,8 @@ class Utils {
     }
 
     public function convertContent($code) {
+        $this->log("convertContent", 4);
+
         $table = array(
             'V' => 'Virus',
             'B' => 'Banned',
An Amavisd qurantine administration interface
This page took 0.061569 seconds and 5 git commands to generate.