X-Git-Url: http://git.datanom.net/qtadmin.git/blobdiff_plain/b706c65f2c5aed113735217c0728771f21f6e45a..ae9516bf2903b82920fb96e424cd796a878535ea:/lib/utils.inc.php?ds=sidebyside diff --git a/lib/utils.inc.php b/lib/utils.inc.php index dca39a6..fdeab70 100644 --- a/lib/utils.inc.php +++ b/lib/utils.inc.php @@ -1,14 +1,14 @@ root .'config.php'; +require_once $CFG->root . 'lib/session_handler.inc.php'; class Utils { - private static $_instance = null; - private $server; - private $user; - private $is_admin; - private $loginStatus; + private $timeout = false; + private $settings; + private $log_level; + private $log_method; private $header = ' @@ -18,190 +18,456 @@ class Utils { var timeout = __TIMEOUT__; + + __TITLE__ -'; - private $footer = ''; + + +
'; + private $footer = '
'; private $heading = '

Session timeout:

__TITLE__

'; - private function __construct() { + public function __construct() { global $CFG; - $this->server = $_SERVER; - session_start(); - - $this->user = null; - $this->is_admin = false; - $this->loginStatus = 'Not logged in'; + if (isset($CFG->log_level)) { + $this->log_level = $CFG->log_level; + } else { + $this->log_level = 1; + } - if (isset($_SESSION['user'])) { - $this->user = $_SESSION['user']; - $this->loginStatus = 'OK'; - $this->is_admin = $_SESSION['is_admin']; + if (isset($CFG->log_method)) { + $this->log_method = $CFG->log_method; } else { - if ($CFG->auth_method == 'HTTP_AUTH') { - if (isset($this->server['PHP_AUTH_USER'])) { - $this->user = $this->server['PHP_AUTH_USER']; - $this->loginStatus = 'OK'; - if ($CFG->admin_user == $this->user) - $this->is_admin = true; - } + $this->log_level = 'syslog'; + } + + $this->log("Init Utils", 4); + + $this->log("__construct[1]: user ".var_export($this->settings['user'], true), 3); + $this->startSession(); + $this->log("__construct[2]: user ".var_export($this->settings['user'], true), 3); + + if (! isset($_SESSION['settings'])) { + $this->initSettings(); + } + $this->log("__construct[3]: user ".var_export($this->settings['user'], true), 3); + $this->settings = $_SESSION['settings']; + $this->log("__construct[4]: user ".var_export($this->settings['user'], true), 3); + + if ($CFG->auth_method == 'HTTP_AUTH') { + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; + $this->settings['loginStatus'] = 'OK'; + if ($CFG->admin_user == $this->settings['user']) + $this->settings['admin'] = true; } } - $_SESSION['user'] = $this->user; - $_SESSION['is_admin'] = $this->is_admin; } - private function __clone() {} - - public static function getInstance() { + private function log($message, $level = 1) { global $CFG; - if (!is_object(self::$_instance)) { - self::$_instance = new Utils(); + if ($level > $this->log_level) + return; + + $time = date('c'); + + $priority = LOG_INFO; + switch ($level) { + case 1: $priority = LOG_ERR; break; + case 2: $priority = LOG_WARNING; break; + case 3: $priority = LOG_INFO; break; + case 4: $priority = LOG_DEBUG; break; } - // Session timeout handler - if ('' == session_id()) - session_start(); + + switch ($this->log_method) { + case 'file': + if (isset($CFG->log_file)) { + if ($CFG->log_file[0] == '/') { + $file = $CFG->log_file; + } else { + $file = $CFG->root.$CFG->log_file; + } + } else { + $file = $CFG->root.'qtadmin.log'; + } + file_put_contents($file, "[$time]: $message\n", FILE_APPEND | LOCK_EX); + chmod($file, 0600); + break; + case 'stderr': + file_put_contents('php://stderr', "[$time]: $message\n"); + break; + case 'syslog': + syslog($priority, $message); + break; + } + } + + private function initSettings() { + $this->log("InitSettings", 4); + + if ('' == session_id()) { + $this->startSession(); + } + + if (false !== $this->timeout) { + $timeout = $this->timeout; + } else { + $timeout = 0; + } + + $this->settings = array( + 'user' => null, + 'admin' => false, + 'loginStatus' => 'Not logged in', + 'timeout' => $timeout + ); + + $_SESSION['settings'] = $this->settings; + } + + private function startSession() { + global $CFG; + + $this->log("startSession", 4); + if (isset($CFG->session_timeout)) { - $timeout = $CFG->session_timeout * 60; + $this->timeout = $CFG->session_timeout * 60; } else { - $timeout = 20 * 60; + $this->timeout = 20 * 60; + } + + if (ini_get('session.gc_maxlifetime') != $this->timeout) + ini_set('session.gc_maxlifetime', $this->timeout); + //if (ini_get('session.cookie_lifetime') != $this->timeout) + // ini_set('session.cookie_lifetime', $this->timeout); + ini_set('session.cookie_lifetime', 0); + + session_start(); + } + + private function checkSession() { + global $CFG; + + $this->log("checkSession", 4); + + if ('' == session_id()) { + $this->startSession(); } - if (ini_get('session.gc_maxlifetime') != $timeout) - ini_set('session.gc_maxlifetime', $timeout); - if (ini_get('session.cookie_lifetime') != $timeout) - ini_set('session.cookie_lifetime', $timeout); $time = $_SERVER['REQUEST_TIME']; - if (isset($_SESSION['LAST_ACTIVITY']) && ($time - $_SESSION['LAST_ACTIVITY']) >= $timeout) { - session_unset(); - session_destroy(); - session_start(); - self::$_instance->user = null; - self::$_instance->is_admin = false; + if (isset($_SESSION['LAST_ACTIVITY']) && + ($time - $_SESSION['LAST_ACTIVITY']) >= $this->settings['timeout']) { + $this->log('R_TIME: '.date('c', $time).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']. + 'Test: '.($time - $_SESSION['LAST_ACTIVITY'])).' >= '.$this->settings['timeout'], 3); + $this->logout(); + } else { + $_SESSION['LAST_ACTIVITY'] = $time; } - $_SESSION['LAST_ACTIVITY'] = $time; + } - return self::$_instance; + private function getCSRFPreventionToken($ticket) { + return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); + } + + private function getRestTicket($username, $password) { + global $CFG; + + $result = false; + $url = $CFG->wblistadm_url . '/ticket'; + + $data = "username=$username&password=$password"; + $response = $this->RESTCall($url, $data, $cookiesIn = ''); + if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { + $data = json_decode($response['content']); + $_SESSION['ticket'] = $data->data; + $_SESSION['cookies'] = $response['cookies']; + $result = true; + } + + return $result; + } + + public function makeRestCall($method, $data = null) { + global $CFG; + + $result; + + $url = $CFG->wblistadm_url . "$method"; + $token = $this->getCSRFPreventionToken($_SESSION['ticket']); + $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); + + if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { + if ($data) { + // HTTP POST + $result = true; + } else { + // HTTP GET + $data = json_decode($response['content']); + $result = $data->data; + } + } else { + $result = ($data) ? false : array(); + } + + return $result; + } + + private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { + $options = array( + CURLOPT_RETURNTRANSFER => true, // return web page + CURLOPT_HEADER => true, //return headers in addition to content + CURLOPT_FOLLOWLOCATION => true, // follow redirects + CURLOPT_ENCODING => "", // handle all encodings + CURLOPT_AUTOREFERER => true, // set referer on redirect + CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect + CURLOPT_TIMEOUT => 120, // timeout on response + CURLOPT_MAXREDIRS => 10, // stop after 10 redirects + CURLINFO_HEADER_OUT => true, + CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks + CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, + CURLOPT_COOKIE => $cookiesIn + ); + + if ($data) { + $options[CURLOPT_POST] = 1; + $options[CURLOPT_POSTFIELDS] = $data; + } + + if ($headers) { + $options[CURLOPT_HTTPHEADER] = $headers; + } + + $ch = curl_init($url); + curl_setopt_array($ch, $options); + $rough_content = curl_exec($ch); + $err = curl_errno($ch); + $errmsg = curl_error($ch); + $header = curl_getinfo($ch); + curl_close($ch); + + $header_content = substr($rough_content, 0, $header['header_size']); + $body_content = trim(str_replace($header_content, '', $rough_content)); + $pattern = "#Set-Cookie:\\s+(?[^=]+=[^;]+)#m"; + preg_match_all($pattern, $header_content, $matches); + $cookiesOut = implode("; ", $matches['cookie']); + + $header['errno'] = $err; + $header['errmsg'] = $errmsg; + $header['headers'] = $header_content; + $header['content'] = $body_content; + $header['cookies'] = $cookiesOut; + + return $header; } public function logout() { - $_SESSION = array(); + $this->log("logout", 4); + if (ini_get('session.use_cookies')) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']); } - session_unset(); - session_destroy(); - $this->user = null; - $this->is_admin = false; + + if ('' != session_id()) { + $_SESSION = array(); + session_unset(); + session_destroy(); + } + $this->settings = array(); } public function isAdmin() { - //file_put_contents('/tmp/login.txt', var_export($this, true)); - return $this->is_admin; + $admin = false; + + $this->log("isAdmin", 4); + + if (isset($this->settings['admin'])) { + $admin = $this->settings['admin']; + } + + return $admin; } public function login($user, $pw) { global $CFG; $result = false; - unset($_SESSION['user']); - unset($_SESSION['is_admin']); - $this->user = null; - $this->is_admin = false; + $this->log("login", 4); + + if ('' == session_id()) { + $this->startSession(); + } + + $this->settings['user'] = null; + $this->settings['admin'] = false; $p = explode('@', $user); if (count($p) != 2) { - $this->loginStatus = 'Bad username'; - return false; - } - $domain = $p[1]; - $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; - $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; - $ds = @ldap_connect($CFG->ldap_dsn); - if ($ds) { - @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - $r = @ldap_bind($ds, $dn, $pw); - if ($r) { - $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); - $info = @ldap_get_entries($ds, $sr); // array - if ($info['count'] > 0) { - $_SESSION['user'] = $user; - $this->user = $user; - $result = true; - $this->loginStatus = 'OK'; - $admin = 'NO'; - if (isset($info[0]['domainglobaladmin'])) { - $admin = $info[0]['domainglobaladmin'][0]; - $admin = strtoupper($admin); + $this->settings['loginStatus'] = 'Bad username'; + } else { + $domain = $p[1]; + $dn = "mail=$user,ou=Users,domainName=$domain,$CFG->ldap_base_dn"; + $filter = "(&(objectclass=mailUser)(accountStatus=active)(mail=$user))"; + $ds = @ldap_connect($CFG->ldap_dsn); + if ($ds) { + @ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + $r = @ldap_bind($ds, $dn, $pw); + if ($r) { + $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); + $info = @ldap_get_entries($ds, $sr); // array + if ($info['count'] > 0) { + // Log in to wblistadm server and get CSRFPreventionToken + if ($this->getRestTicket($user, $pw)) { + $this->settings['user'] = $user; + $result = true; + $this->settings['loginStatus'] = 'OK'; + $admin = 'NO'; + if (isset($info[0]['domainglobaladmin'])) { + $admin = $info[0]['domainglobaladmin'][0]; + $admin = strtoupper($admin); + } + $this->settings['admin'] = ($admin == 'YES') ? true : false; + } else { + $this->settings['loginStatus'] = 'Login failed'; + } + } else { + $this->settings['loginStatus'] = 'Login failed'; } - $this->is_admin = ($admin == 'YES') ? true : false; - $_SESSION['is_admin'] = $this->is_admin; } else { - $this->loginStatus = 'Login failed'; + $this->settings['loginStatus'] = ldap_error($ds); } + @ldap_close($ds); } else { - $this->loginStatus = ldap_error($ds); + $this->settings['loginStatus'] = 'Connect to LDAP server failed'; } - @ldap_close($ds); - } else { - $this->loginStatus = 'Connect to LDAP server failed'; } + $_SESSION['settings'] = $this->settings; + return $result; } public function getLoginStatus() { - return $this->loginStatus; + $status = 'Not logged in'; + + $this->log("getLoginStatus", 4); + + if (isset($this->settings['loginStatus'])) { + $status = $this->settings['loginStatus']; + } + + return $status; } public function isLoggedIn() { global $CFG; $loggedIn = false; - if ($this->user) { - $loggedIn = true; - } else if (isset($_SESSION['user'])) { - $this->user = $_SESSION['user']; - $loggedIn = true; - } else { - if ($CFG->auth_method == 'HTTP_AUTH') { - if (isset($this->server['PHP_AUTH_USER'])) { - $this->user = $this->server['PHP_AUTH_USER']; - $loggedIn = true; + $this->log("isLoggedIn[1]: user ".var_export($this->settings['user'], true), 3); + + if ('' == session_id()) { + $this->startSession(); + } + + $this->log("isLoggedIn[2]: user ".var_export($this->settings['user'], true), 3); + $this->checkSession(); + $this->log("isLoggedIn[3]: user ".var_export($this->settings['user'], true), 3); + + if (isset($this->settings['user'])) { + if ($this->settings['user'] != null) { + $loggedIn = true; + } else { + if ($CFG->auth_method == 'HTTP_AUTH') { + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->settings['user'] = $_SERVER['PHP_AUTH_USER']; + $loggedIn = true; + } } } } + if ($loggedIn == false) { + $this->log('$this->settings: '.var_export($this->settings, true), 3); + $this->log('R_TIME: '.date('c', $_SERVER['REQUEST_TIME']).' L_ACT: '.date('c', $_SESSION['LAST_ACTIVITY']), 3); + } + + $_SESSION['settings'] = $this->settings; + return $loggedIn; } public function getUser() { - $this->isLoggedIn(); - return $this->user; + $user = null; + + $this->log("getUser", 4); + + if ($this->isLoggedIn()) { + $user = $this->settings['user']; + } + + return $user; + } + + public function authorized($recipient) { + $authorized = false; + + $this->log("authorized '$recipient'", 3); + + if ($this->isAdmin() || $this->getUser() == $recipient) { + $authorized = true; + } + $msg = ($authorized) ? 'authorize' : 'not authorize'; + $this->log("$msg '".$this->getUser()."' rcpt '$recipient'", 3); + + return $authorized; } public function getHeader() { + $this->log("getHeader", 4); + return $this->header; } public function getFooter() { + $this->log("getFooter", 4); + return $this->footer; } public function getHeading() { + $this->log("getHeading", 4); + return $this->heading; } public function setHeading($heading) { global $CFG; + $this->log("setHeading", 4); + $timeout = $CFG->session_timeout * 60 * 1000; $this->heading = str_replace('__TITLE__', $heading, $this->heading); $this->header = str_replace('__TITLE__', $heading, $this->header); @@ -210,6 +476,8 @@ class Utils { } public function convertContent($code) { + $this->log("convertContent", 4); + $table = array( 'V' => 'Virus', 'B' => 'Banned',