X-Git-Url: http://git.datanom.net/qtadmin.git/blobdiff_plain/258fa28078d7d6c2fc52743fc93beeef2ef41078..65ff42aeaa163cd32fcd953c63f5843a6b966daf:/lib/utils.inc.php diff --git a/lib/utils.inc.php b/lib/utils.inc.php index d61b9e7..62c3be2 100644 --- a/lib/utils.inc.php +++ b/lib/utils.inc.php @@ -1,10 +1,14 @@ root .'config.php'; +require_once $CFG->root . 'lib/session_handler.inc.php'; class Utils { + private $timeout = false; private $settings; + private $log_level; + private $log_method; private $header = ' @@ -15,27 +19,94 @@ class Utils { + __TITLE__ -'; - private $footer = ''; + + + +
'; + private $footer = '
'; private $heading = '

Session timeout:

__TITLE__

'; public function __construct() { global $CFG; + if (isset($CFG->log_level)) { + $this->log_level = $CFG->log_level; + } else { + $this->log_level = 1; + } + + if (isset($CFG->log_method)) { + $this->log_method = $CFG->log_method; + } else { + $this->log_level = 'syslog'; + } + + $this->log("Init Utils", 4); + + $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); $this->startSession(); + $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); if (! isset($_SESSION['settings'])) { $this->initSettings(); } + $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); $this->settings = $_SESSION['settings']; + $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); if ($CFG->auth_method == 'HTTP_AUTH') { - if (isset($this->server['PHP_AUTH_USER'])) { - $this->settings['user'] = $this->server['PHP_AUTH_USER']; + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; $this->settings['loginStatus'] = 'OK'; if ($CFG->admin_user == $this->settings['user']) $this->settings['admin'] = true; @@ -43,17 +114,63 @@ class Utils { } } + private function log($message, $level = 1) { + global $CFG; + + if ($level > $this->log_level) + return; + + $time = date('c'); + + $priority = LOG_INFO; + switch ($level) { + case 1: $priority = LOG_ERR; break; + case 2: $priority = LOG_WARNING; break; + case 3: $priority = LOG_INFO; break; + case 4: $priority = LOG_DEBUG; break; + } + + switch ($this->log_method) { + case 'file': + if (isset($CFG->log_file)) { + if ($CFG->log_file[0] == '/') { + $file = $CFG->log_file; + } else { + $file = $CFG->root.$CFG->log_file; + } + } else { + $file = $CFG->root.'qtadmin.log'; + } + file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); + chmod($file, 0600); + break; + case 'stderr': + file_put_contents('php://stderr', "[$time]: $message\n"); + break; + case 'syslog': + syslog($priority, $message); + break; + } + } + private function initSettings() { + $this->log("InitSettings", 4); + if ('' == session_id()) { $this->startSession(); } + if (false !== $this->timeout) { + $timeout = $this->timeout; + } else { + $timeout = 0; + } + $this->settings = array( - 'server' => $_SERVER, 'user' => null, 'admin' => false, 'loginStatus' => 'Not logged in', - 'timeout' => 0 + 'timeout' => $timeout ); $_SESSION['settings'] = $this->settings; @@ -62,6 +179,8 @@ class Utils { private function startSession() { global $CFG; + $this->log("startSession", 4); + if (isset($CFG->session_timeout)) { $this->timeout = $CFG->session_timeout * 60; } else { @@ -70,8 +189,9 @@ class Utils { if (ini_get('session.gc_maxlifetime') != $this->timeout) ini_set('session.gc_maxlifetime', $this->timeout); - if (ini_get('session.cookie_lifetime') != $this->timeout) - ini_set('session.cookie_lifetime', $this->timeout); + //if (ini_get('session.cookie_lifetime') != $this->timeout) + // ini_set('session.cookie_lifetime', $this->timeout); + ini_set('session.cookie_lifetime', 0); session_start(); } @@ -79,6 +199,8 @@ class Utils { private function checkSession() { global $CFG; + $this->log("checkSession", 4); + if ('' == session_id()) { $this->startSession(); } @@ -86,14 +208,112 @@ class Utils { $time = $_SERVER['REQUEST_TIME']; if (isset($_SESSION['LAST_ACTIVITY']) && ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { - echo 'R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']); + $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. + 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); $this->logout(); } else { $_SESSION['LAST_ACTIVITY'] = $time; } } + private function getCSRFPreventionToken($ticket) { + return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); + } + + private function getRestTicket($username, $password) { + global $CFG; + + $result = false; + $url = $CFG->wblistadm_url . '/ticket'; + + $data = "username=$username&password=$password"; + $response = $this->RESTCall($url, $data, $cookiesIn = ''); + if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { + $data = json_decode($response['content']); + $_SESSION['ticket'] = $data->data; + $_SESSION['cookies'] = $response['cookies']; + $result = true; + } + + return $result; + } + + public function makeRestCall($method, $data = null) { + global $CFG; + + $result; + + $url = $CFG->wblistadm_url . "$method"; + $token = $this->getCSRFPreventionToken($_SESSION['ticket']); + $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); + + if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { + if ($data) { + // HTTP POST + $result = true; + } else { + // HTTP GET + $data = json_decode($response['content']); + $result = $data->data; + } + } else { + $result = ($data) ? false : array(); + } + + return $result; + } + + private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { + $options = array( + CURLOPT_RETURNTRANSFER => true, // return web page + CURLOPT_HEADER => true, //return headers in addition to content + CURLOPT_FOLLOWLOCATION => true, // follow redirects + CURLOPT_ENCODING => "", // handle all encodings + CURLOPT_AUTOREFERER => true, // set referer on redirect + CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect + CURLOPT_TIMEOUT => 120, // timeout on response + CURLOPT_MAXREDIRS => 10, // stop after 10 redirects + CURLINFO_HEADER_OUT => true, + CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks + CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, + CURLOPT_COOKIE => $cookiesIn + ); + + if ($data) { + $options[CURLOPT_POST] = 1; + $options[CURLOPT_POSTFIELDS] = $data; + } + + if ($headers) { + $options[CURLOPT_HTTPHEADER] = $headers; + } + + $ch = curl_init($url); + curl_setopt_array($ch, $options); + $rough_content = curl_exec($ch); + $err = curl_errno($ch); + $errmsg = curl_error($ch); + $header = curl_getinfo($ch); + curl_close($ch); + + $header_content = substr($rough_content, 0, $header['header_size']); + $body_content = trim(str_replace($header_content, '', $rough_content)); + $pattern = "#Set-Cookie:\\s+(?[^=]+=[^;]+)#m"; + preg_match_all($pattern, $header_content, $matches); + $cookiesOut = implode("; ", $matches['cookie']); + + $header['errno'] = $err; + $header['errmsg'] = $errmsg; + $header['headers'] = $header_content; + $header['content'] = $body_content; + $header['cookies'] = $cookiesOut; + + return $header; + } + public function logout() { + $this->log("logout", 4); + if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, @@ -112,6 +332,8 @@ class Utils { public function isAdmin() { $admin = false; + $this->log("isAdmin", 4); + if (isset($this->settings['admin'])) { $admin = $this->settings['admin']; } @@ -123,6 +345,8 @@ class Utils { global $CFG; $result = false; + $this->log("login", 4); + if ('' == session_id()) { $this->startSession(); } @@ -145,15 +369,20 @@ class Utils { $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); $info = @ldap_get_entries($ds, $sr); // array if ($info['count'] > 0) { - $this->settings['user'] = $user; - $result = true; - $this->settings['loginStatus'] = 'OK'; - $admin = 'NO'; - if (isset($info[0]['domainglobaladmin'])) { - $admin = $info[0]['domainglobaladmin'][0]; - $admin = strtoupper($admin); + // Log in to wblistadm server and get CSRFPreventionToken + if ($this->getRestTicket($user, $pw)) { + $this->settings['user'] = $user; + $result = true; + $this->settings['loginStatus'] = 'OK'; + $admin = 'NO'; + if (isset($info[0]['domainglobaladmin'])) { + $admin = $info[0]['domainglobaladmin'][0]; + $admin = strtoupper($admin); + } + $this->settings['admin'] = ($admin == 'YES') ? true : false; + } else { + $this->settings['loginStatus'] = 'Login failed'; } - $this->settings['admin'] = ($admin == 'YES') ? true : false; } else { $this->settings['loginStatus'] = 'Login failed'; } @@ -174,6 +403,8 @@ class Utils { public function getLoginStatus() { $status = 'Not logged in'; + $this->log("getLoginStatus", 4); + if (isset($this->settings['loginStatus'])) { $status = $this->settings['loginStatus']; } @@ -185,19 +416,23 @@ class Utils { global $CFG; $loggedIn = false; + $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); + if ('' == session_id()) { $this->startSession(); } + $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); $this->checkSession(); + $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); if (isset($this->settings['user'])) { if ($this->settings['user'] != null) { $loggedIn = true; } else { if ($CFG->auth_method == 'HTTP_AUTH') { - if (isset($this->server['PHP_AUTH_USER'])) { - $this->settings['user'] = $this->server['PHP_AUTH_USER']; + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; $loggedIn = true; } } @@ -205,9 +440,8 @@ class Utils { } if ($loggedIn == false) { - echo '$this->settings: '.var_export($this->settings, true); - echo 'R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']); - //exit; + $this->log('$this->settings: '.var_export($this->settings, true), 3); + $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); } $_SESSION['settings'] = $this->settings; @@ -218,6 +452,8 @@ class Utils { public function getUser() { $user = null; + $this->log("getUser", 4); + if ($this->isLoggedIn()) { $user = $this->settings['user']; } @@ -225,21 +461,43 @@ class Utils { return $user; } + public function authorized($recipient) { + $authorized = false; + + $this->log("authorized '$recipient'", 3); + + if ($this->isAdmin() || $this->getUser() == $recipient) { + $authorized = true; + } + $msg = ($authorized) ? 'authorize' : 'not authorize'; + $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); + + return $authorized; + } + public function getHeader() { + $this->log("getHeader", 4); + return $this->header; } public function getFooter() { + $this->log("getFooter", 4); + return $this->footer; } public function getHeading() { + $this->log("getHeading", 4); + return $this->heading; } public function setHeading($heading) { global $CFG; + $this->log("setHeading", 4); + $timeout = $CFG->session_timeout * 60 * 1000; $this->heading = str_replace('__TITLE__', $heading, $this->heading); $this->header = str_replace('__TITLE__', $heading, $this->header); @@ -248,6 +506,8 @@ class Utils { } public function convertContent($code) { + $this->log("convertContent", 4); + $table = array( 'V' => 'Virus', 'B' => 'Banned',