From 0da9e6e7d82b2cb758626d1ee4eb6b3297d667b1 Mon Sep 17 00:00:00 2001 From: Michael Rasmussen Date: Wed, 24 Jun 2015 02:19:26 +0200 Subject: [PATCH] prepare for wblistadm server --- index.php | 4 +- lib/utils.inc.php | 162 +++++++++++++++++++++++++++++----------------- quarantine.php | 15 +++-- 3 files changed, 117 insertions(+), 64 deletions(-) diff --git a/index.php b/index.php index 54b82d8..ec831b0 100644 --- a/index.php +++ b/index.php @@ -56,7 +56,7 @@ $action .= "\"Release\""; $action .= " "; $action .= "\"Delete\""; - $action .= " "; + $action .= " "; $action .= "\"Block"; $sender = $row->sender; $received = strftime("%c", $row->time_iso); @@ -102,6 +102,8 @@ onclick="javascript: checkAction(\'release\');"/>'; echo ''; + echo ''; echo "

$first$prev Showing page $pageNum of $maxPage pages $next$last

"; diff --git a/lib/utils.inc.php b/lib/utils.inc.php index f32e209..de2cbfc 100644 --- a/lib/utils.inc.php +++ b/lib/utils.inc.php @@ -169,6 +169,97 @@ class Utils { } } + private function getCSRFPreventionToken($ticket) { + return array('CSRFPreventionToken: ' . $ticket->CSRFPreventionToken); + } + + private function getRestTicket($username, $password) { + $result = false; + $url = $CFG->wblistadm_url . '/ticket'; + + $data = "username=$username&password=$password"; + $response = $this->RESTCall($url, $data, $cookiesIn = ''); + if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { + $data = json_decode($response['content']); + $_SESSION['ticket'] = $data->data; + $_SESSION['cookies'] = $response['cookies']; + $result = true; + } + + return $result; + } + + public function makeRestCall($method, $data = null) { + $result; + + $url = $CFG->wblistadm_url . "/$method"; + $token = $this->getCSRFPreventionToken($_SESSION['ticket']); + $response = $this->RESTCall($url, $data, $_SESSION['cookies'], $token); + + if ($response['http_code'] >= 200 && $response['http_code'] <= 204) { + if ($data) { + // HTTP POST + $result = true; + } else { + // HTTP GET + $data = json_decode($response['content']); + $result = $data->data; + } + } else { + $result = ($data) ? false : array(); + } + + return $result; + } + + private function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { + $options = array( + CURLOPT_RETURNTRANSFER => true, // return web page + CURLOPT_HEADER => true, //return headers in addition to content + CURLOPT_FOLLOWLOCATION => true, // follow redirects + CURLOPT_ENCODING => "", // handle all encodings + CURLOPT_AUTOREFERER => true, // set referer on redirect + CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect + CURLOPT_TIMEOUT => 120, // timeout on response + CURLOPT_MAXREDIRS => 10, // stop after 10 redirects + CURLINFO_HEADER_OUT => true, + CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks + CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, + CURLOPT_COOKIE => $cookiesIn + ); + + if ($data) { + $options[CURLOPT_POST] = 1; + $options[CURLOPT_POSTFIELDS] = $data; + } + + if ($headers) { + $options[CURLOPT_HTTPHEADER] = $headers; + } + + $ch = curl_init($url); + curl_setopt_array($ch, $options); + $rough_content = curl_exec($ch); + $err = curl_errno($ch); + $errmsg = curl_error($ch); + $header = curl_getinfo($ch); + curl_close($ch); + + $header_content = substr($rough_content, 0, $header['header_size']); + $body_content = trim(str_replace($header_content, '', $rough_content)); + $pattern = "#Set-Cookie:\\s+(?[^=]+=[^;]+)#m"; + preg_match_all($pattern, $header_content, $matches); + $cookiesOut = implode("; ", $matches['cookie']); + + $header['errno'] = $err; + $header['errmsg'] = $errmsg; + $header['headers'] = $header_content; + $header['content'] = $body_content; + $header['cookies'] = $cookiesOut; + + return $header; + } + public function logout() { $this->log("logout", 4); @@ -227,18 +318,20 @@ class Utils { $sr = @ldap_search($ds, $CFG->ldap_base_dn, $filter, array('mail','domainglobaladmin')); $info = @ldap_get_entries($ds, $sr); // array if ($info['count'] > 0) { - $this->settings['user'] = $user; - $result = true; - $this->settings['loginStatus'] = 'OK'; - $admin = 'NO'; - if (isset($info[0]['domainglobaladmin'])) { - $admin = $info[0]['domainglobaladmin'][0]; - $admin = strtoupper($admin); - } - $this->settings['admin'] = ($admin == 'YES') ? true : false; - // Log in to wblistadm server and get CSRFPreventionToken - $url = $CFG->wblistadm_host . ':' . $CFG->wblistadm_port . '/ticket'; + if ($this->getRestTicket($user, $pw)) { + $this->settings['user'] = $user; + $result = true; + $this->settings['loginStatus'] = 'OK'; + $admin = 'NO'; + if (isset($info[0]['domainglobaladmin'])) { + $admin = $info[0]['domainglobaladmin'][0]; + $admin = strtoupper($admin); + } + $this->settings['admin'] = ($admin == 'YES') ? true : false; + } else { + $this->settings['loginStatus'] = 'Login failed'; + } } else { $this->settings['loginStatus'] = 'Login failed'; } @@ -384,51 +477,4 @@ class Utils { return $string; } - public function RESTCall($url, $data = null, $cookiesIn = '', $headers = null) { - $options = array( - CURLOPT_RETURNTRANSFER => true, // return web page - CURLOPT_HEADER => true, //return headers in addition to content - CURLOPT_FOLLOWLOCATION => true, // follow redirects - CURLOPT_ENCODING => "", // handle all encodings - CURLOPT_AUTOREFERER => true, // set referer on redirect - CURLOPT_CONNECTTIMEOUT => 120, // timeout on connect - CURLOPT_TIMEOUT => 120, // timeout on response - CURLOPT_MAXREDIRS => 10, // stop after 10 redirects - CURLINFO_HEADER_OUT => true, - CURLOPT_SSL_VERIFYPEER => false, // Disabled SSL Cert checks - CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, - CURLOPT_COOKIE => $cookiesIn - ); - - if ($data) { - $options[CURLOPT_POST] = 1; - $options[CURLOPT_POSTFIELDS] = $data; - } - - if ($headers) { - $options[CURLOPT_HTTPHEADER] = $headers; - } - - $ch = curl_init($url); - curl_setopt_array($ch, $options); - $rough_content = curl_exec($ch); - $err = curl_errno($ch); - $errmsg = curl_error($ch); - $header = curl_getinfo($ch); - curl_close($ch); - - $header_content = substr($rough_content, 0, $header['header_size']); - $body_content = trim(str_replace($header_content, '', $rough_content)); - $pattern = "#Set-Cookie:\\s+(?[^=]+=[^;]+)#m"; - preg_match_all($pattern, $header_content, $matches); - $cookiesOut = implode("; ", $matches['cookie']); - - $header['errno'] = $err; - $header['errmsg'] = $errmsg; - $header['headers'] = $header_content; - $header['content'] = $body_content; - $header['cookies'] = $cookiesOut; - - return $header; - } } diff --git a/quarantine.php b/quarantine.php index dd7fa1a..6a2cf5a 100644 --- a/quarantine.php +++ b/quarantine.php @@ -55,6 +55,7 @@ $query[] = "UPDATE msgrcpt SET rs = 'R' WHERE mail_id = '$mail_id'"; } else if ($request == 'delete') { $query[] = "UPDATE msgrcpt SET rs = 'D' WHERE mail_id = '$mail_id'"; + } else if ($request == 'block') { } else { error("Unknown operation [$request]"); exit; @@ -70,11 +71,15 @@ $request = isset($_GET['op']) ? $_GET['op'] : ''; if ($loggedIn && isset($_GET['id'])) { $ids = explode(',', $_GET['id']); - $query = handleRequest($util, $request, $ids); - $success = $DB->update($query); - if (! $success) { - error("Message not released, contact administrator [$query]"); - exit; + if ($request == 'block') { + // call rest server + } else { + $query = handleRequest($util, $request, $ids); + $success = $DB->update($query); + if (! $success) { + error("Message not released, contact administrator [$query]"); + exit; + } } header('Location: index.php'); } else if ($loggedIn && $request == 'purge') { -- 2.39.2