[2] | 1 | <?php |
---|
| 2 | /**************************************************************************\ |
---|
| 3 | * eGroupWare API - Session management * |
---|
| 4 | * This file written by Dan Kuykendall <seek3r@phpgroupware.org> * |
---|
| 5 | * and Joseph Engo <jengo@phpgroupware.org> * |
---|
| 6 | * and Ralf Becker <ralfbecker@outdoor-training.de> * |
---|
| 7 | * Copyright (C) 2000, 2001 Dan Kuykendall * |
---|
| 8 | * Parts Copyright (C) 2003 Free Software Foundation Inc * |
---|
| 9 | * -------------------------------------------------------------------------* |
---|
| 10 | * This library is part of the eGroupWare API * |
---|
| 11 | * http://www.egroupware.org/api * |
---|
| 12 | * ------------------------------------------------------------------------ * |
---|
| 13 | * This library is free software; you can redistribute it and/or modify it * |
---|
| 14 | * under the terms of the GNU Lesser General Public License as published by * |
---|
| 15 | * the Free Software Foundation; either version 2.1 of the License, * |
---|
| 16 | * or any later version. * |
---|
| 17 | * This library is distributed in the hope that it will be useful, but * |
---|
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * |
---|
| 20 | * See the GNU Lesser General Public License for more details. * |
---|
| 21 | * You should have received a copy of the GNU Lesser General Public License * |
---|
| 22 | * along with this library; if not, write to the Free Software Foundation, * |
---|
| 23 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * |
---|
| 24 | \**************************************************************************/ |
---|
| 25 | |
---|
| 26 | |
---|
| 27 | /* sessions_type setup moved after the class below - milosch */ |
---|
| 28 | |
---|
| 29 | /** |
---|
| 30 | * Session Management Libabray |
---|
| 31 | * |
---|
| 32 | * This allows eGroupWare to use php4 or database sessions |
---|
| 33 | * |
---|
| 34 | * @package phpgwapi |
---|
| 35 | * @subpackage sessions |
---|
| 36 | * @abstract |
---|
| 37 | * @author NetUSE AG Boris Erdmann, Kristian Koehntopp <br> hacked on by phpGW |
---|
| 38 | * @copyright © 1998-2000 NetUSE AG Boris Erdmann, Kristian Koehntopp <br> © 2003 FreeSoftware Foundation |
---|
| 39 | * @license LGPL |
---|
| 40 | * @link http://www.sanisoft.com/phplib/manual/DB_sql.php |
---|
| 41 | * @uses db |
---|
| 42 | */ |
---|
| 43 | |
---|
| 44 | class sessions_ |
---|
| 45 | { |
---|
| 46 | /** |
---|
| 47 | * @var string current user login |
---|
| 48 | */ |
---|
| 49 | var $login; |
---|
| 50 | |
---|
| 51 | /** |
---|
| 52 | * @var string current user password |
---|
| 53 | */ |
---|
| 54 | var $passwd; |
---|
| 55 | |
---|
| 56 | /** |
---|
| 57 | * @var int current user db/ldap account id |
---|
| 58 | */ |
---|
| 59 | var $account_id; |
---|
| 60 | |
---|
| 61 | /** |
---|
| 62 | * @var string current user account login id - ie user@domain |
---|
| 63 | */ |
---|
| 64 | var $account_lid; |
---|
| 65 | |
---|
| 66 | /** |
---|
| 67 | * @var string previous page call id - repost prevention |
---|
| 68 | */ |
---|
| 69 | var $history_id; |
---|
| 70 | |
---|
| 71 | /** |
---|
| 72 | * @var string domain for current user |
---|
| 73 | */ |
---|
| 74 | var $account_domain; |
---|
| 75 | |
---|
| 76 | /** |
---|
| 77 | * @var session type flag, A - anonymous session, N - None, normal session |
---|
| 78 | */ |
---|
| 79 | var $session_flags; |
---|
| 80 | |
---|
| 81 | /** |
---|
| 82 | * @var string current user session id |
---|
| 83 | */ |
---|
| 84 | var $sessionid; |
---|
| 85 | |
---|
| 86 | /** |
---|
| 87 | * @var string not sure what this does, but it is important :) |
---|
| 88 | */ |
---|
| 89 | var $kp3; |
---|
| 90 | |
---|
| 91 | /** |
---|
| 92 | * @var string encryption key? |
---|
| 93 | */ |
---|
| 94 | var $key; |
---|
| 95 | |
---|
| 96 | /** |
---|
| 97 | * @var string iv == ivegotnoidea ;) (skwashd) |
---|
| 98 | */ |
---|
| 99 | var $iv; |
---|
| 100 | |
---|
| 101 | /** |
---|
| 102 | * @var session data |
---|
| 103 | */ |
---|
| 104 | var $data; |
---|
| 105 | |
---|
| 106 | /** |
---|
| 107 | * @var object holder for the database object |
---|
| 108 | */ |
---|
| 109 | var $db; |
---|
| 110 | |
---|
| 111 | /** |
---|
| 112 | * @var array publicly available methods |
---|
| 113 | */ |
---|
| 114 | var $public_functions = array( |
---|
| 115 | 'list_methods' => True, |
---|
| 116 | 'update_dla' => True, |
---|
| 117 | 'list' => True, |
---|
| 118 | 'total' => True |
---|
| 119 | ); |
---|
| 120 | |
---|
| 121 | /** |
---|
| 122 | * @var string domain for cookies |
---|
| 123 | */ |
---|
| 124 | var $cookie_domain; |
---|
| 125 | |
---|
| 126 | /** |
---|
| 127 | * @var name of XML-RPC/SOAP method called |
---|
| 128 | */ |
---|
| 129 | var $xmlrpc_method_called; |
---|
| 130 | |
---|
| 131 | /** |
---|
| 132 | * Constructor just loads up some defaults from cookies |
---|
| 133 | */ |
---|
| 134 | function sessions_() |
---|
| 135 | { |
---|
| 136 | $this->db = $GLOBALS['phpgw']->db; |
---|
| 137 | $this->sessionid = get_var('sessionid',array('GET','COOKIE')); |
---|
| 138 | $this->kp3 = get_var('kp3',array('GET','COOKIE')); |
---|
| 139 | /* Create the crypto object */ |
---|
| 140 | $GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto'); |
---|
| 141 | if ($GLOBALS['phpgw_info']['server']['usecookies']) |
---|
| 142 | { |
---|
| 143 | $this->phpgw_set_cookiedomain(); |
---|
| 144 | } |
---|
| 145 | // verfiy and if necessary create and save our config settings |
---|
| 146 | // |
---|
| 147 | $save_rep = False; |
---|
| 148 | if (!isset($GLOBALS['phpgw_info']['server']['max_access_log_age'])) |
---|
| 149 | { |
---|
| 150 | $GLOBALS['phpgw_info']['server']['max_access_log_age'] = 90; // default 90 days |
---|
| 151 | $save_rep = True; |
---|
| 152 | } |
---|
| 153 | if (!isset($GLOBALS['phpgw_info']['server']['block_time'])) |
---|
| 154 | { |
---|
| 155 | $GLOBALS['phpgw_info']['server']['block_time'] = 30; // default 30min |
---|
| 156 | $save_rep = True; |
---|
| 157 | } |
---|
| 158 | if (!isset($GLOBALS['phpgw_info']['server']['num_unsuccessful_id'])) |
---|
| 159 | { |
---|
| 160 | $GLOBALS['phpgw_info']['server']['num_unsuccessful_id'] = 3; // default 3 trys per id |
---|
| 161 | $save_rep = True; |
---|
| 162 | } |
---|
| 163 | if (!isset($GLOBALS['phpgw_info']['server']['num_unsuccessful_ip'])) |
---|
| 164 | { |
---|
| 165 | $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip'] = $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']; // default same as for id |
---|
| 166 | $save_rep = True; |
---|
| 167 | } |
---|
| 168 | if (!isset($GLOBALS['phpgw_info']['server']['install_id'])) |
---|
| 169 | { |
---|
| 170 | $GLOBALS['phpgw_info']['server']['install_id'] = md5($GLOBALS['phpgw']->common->randomstring(15)); |
---|
| 171 | $save_rep = True; |
---|
| 172 | } |
---|
| 173 | if (!isset($GLOBALS['phpgw_info']['server']['sessions_timeout'])) |
---|
| 174 | { |
---|
| 175 | $GLOBALS['phpgw_info']['server']['sessions_timeout'] = 14400; |
---|
| 176 | $save_rep = True; |
---|
| 177 | } |
---|
| 178 | if (!isset($GLOBALS['phpgw_info']['server']['sessions_app_timeout'])) |
---|
| 179 | { |
---|
| 180 | $GLOBALS['phpgw_info']['server']['sessions_app_timeout'] = 86400; |
---|
| 181 | $save_rep = True; |
---|
| 182 | } |
---|
| 183 | if (!isset($GLOBALS['phpgw_info']['server']['max_history'])) |
---|
| 184 | { |
---|
| 185 | $GLOBALS['phpgw_info']['server']['max_history'] = 20; |
---|
| 186 | $save_rep = True; |
---|
| 187 | } |
---|
[370] | 188 | |
---|
| 189 | // jakjr: ? usando o hardcode, para evitar sempre 2 chamadas ao banco. |
---|
| 190 | /* |
---|
[2] | 191 | if ($save_rep) |
---|
| 192 | { |
---|
| 193 | $config = CreateObject('phpgwapi.config','phpgwapi'); |
---|
| 194 | $config->read_repository(); |
---|
| 195 | $config->value('max_access_log_age',$GLOBALS['phpgw_info']['server']['max_access_log_age']); |
---|
| 196 | $config->value('block_time',$GLOBALS['phpgw_info']['server']['block_time']); |
---|
| 197 | $config->value('num_unsuccessful_id',$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']); |
---|
| 198 | $config->value('num_unsuccessful_ip',$GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']); |
---|
| 199 | $config->value('install_id',$GLOBALS['phpgw_info']['server']['install_id']); |
---|
| 200 | $config->value('sessions_timeout',$GLOBALS['phpgw_info']['server']['sessions_timeout']); |
---|
| 201 | $config->value('sessions_app_timeout',$GLOBALS['phpgw_info']['server']['sessions_app_timeout']); |
---|
| 202 | $config->save_repository(); |
---|
| 203 | unset($config); |
---|
[370] | 204 | }*/ |
---|
[2] | 205 | } |
---|
| 206 | |
---|
| 207 | /** |
---|
| 208 | * Introspection for XML-RPC/SOAP |
---|
| 209 | * Diabled - why?? |
---|
| 210 | * |
---|
| 211 | * @param string $_type tpye of introspection being sought |
---|
| 212 | * @return array available methods and args |
---|
| 213 | */ |
---|
| 214 | function DONTlist_methods($_type) |
---|
| 215 | { |
---|
| 216 | if (is_array($_type)) |
---|
| 217 | { |
---|
| 218 | $_type = $_type['type']; |
---|
| 219 | } |
---|
| 220 | |
---|
| 221 | switch($_type) |
---|
| 222 | { |
---|
| 223 | case 'xmlrpc': |
---|
| 224 | $xml_functions = array( |
---|
| 225 | 'list_methods' => array( |
---|
| 226 | 'function' => 'list_methods', |
---|
| 227 | 'signature' => array(array(xmlrpcStruct,xmlrpcString)), |
---|
| 228 | 'docstring' => lang('Read this list of methods.') |
---|
| 229 | ), |
---|
| 230 | 'update_dla' => array( |
---|
| 231 | 'function' => 'update_dla', |
---|
| 232 | 'signature' => array(array(xmlrpcBoolean)), |
---|
| 233 | 'docstring' => lang('Returns an array of todo items') |
---|
| 234 | ) |
---|
| 235 | ); |
---|
| 236 | return $xml_functions; |
---|
| 237 | break; |
---|
| 238 | case 'soap': |
---|
| 239 | return $this->soap_functions; |
---|
| 240 | break; |
---|
| 241 | default: |
---|
| 242 | return array(); |
---|
| 243 | break; |
---|
| 244 | } |
---|
| 245 | } |
---|
| 246 | |
---|
| 247 | function split_login_domain($both,&$login,&$domain) |
---|
| 248 | { |
---|
| 249 | $parts = explode('@',$both); |
---|
| 250 | $domain = count($parts) > 1 ? array_pop($parts) : |
---|
| 251 | $GLOBALS['phpgw_info']['server']['default_domain']; |
---|
| 252 | $login = implode('@',$parts); |
---|
| 253 | } |
---|
| 254 | |
---|
| 255 | /** |
---|
| 256 | * Check to see if a session is still current and valid |
---|
| 257 | * |
---|
| 258 | * @param string $sessionid session id to be verfied |
---|
| 259 | * @param string $kp3 ?? to be verified |
---|
| 260 | * @return bool is the session valid? |
---|
| 261 | */ |
---|
| 262 | function verify($sessionid='',$kp3='') |
---|
| 263 | { |
---|
| 264 | if(empty($sessionid) || !$sessionid) |
---|
| 265 | { |
---|
| 266 | $sessionid = get_var('sessionid',array('GET','COOKIE')); |
---|
| 267 | $kp3 = get_var('kp3',array('GET','COOKIE')); |
---|
| 268 | } |
---|
| 269 | |
---|
| 270 | $this->sessionid = $sessionid; |
---|
| 271 | $this->kp3 = $kp3; |
---|
| 272 | |
---|
| 273 | $session = $this->read_session(); |
---|
| 274 | //echo "<pre>session::verify(id='$sessionid'): \n".print_r($session,True)."</pre>\n"; |
---|
| 275 | /* |
---|
| 276 | $fp = fopen('/tmp/session_verify','a+'); |
---|
| 277 | fwrite($fp,"session::verify(id='$sessionid'): \n".print_r($session,True)."\n\n"); |
---|
| 278 | fclose($fp); |
---|
| 279 | */ |
---|
| 280 | if ($session['session_dla'] <= (time() - $GLOBALS['phpgw_info']['server']['sessions_timeout'])) |
---|
| 281 | { |
---|
| 282 | $this->destroy($sessionid,$kp3); |
---|
| 283 | return False; |
---|
| 284 | } |
---|
| 285 | |
---|
| 286 | $this->session_flags = $session['session_flags']; |
---|
| 287 | |
---|
| 288 | sessions_::split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain); |
---|
| 289 | |
---|
| 290 | $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; |
---|
| 291 | |
---|
| 292 | $this->update_dla(); |
---|
| 293 | $this->account_id = $GLOBALS['phpgw']->accounts->name2id($this->account_lid); |
---|
| 294 | if (!$this->account_id) |
---|
| 295 | { |
---|
| 296 | return False; |
---|
| 297 | } |
---|
| 298 | |
---|
| 299 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
| 300 | |
---|
| 301 | /* init the crypto object before appsession call below */ |
---|
| 302 | $this->key = md5($this->kp3 . $this->sessionid . @$GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
| 303 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
| 304 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
| 305 | |
---|
| 306 | $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); |
---|
| 307 | |
---|
| 308 | if ($this->user['expires'] != -1 && $this->user['expires'] < time()) |
---|
| 309 | { |
---|
| 310 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 311 | { |
---|
| 312 | $GLOBALS['phpgw']->log->message(array( |
---|
| 313 | 'text' => 'W-VerifySession, account loginid %1 is expired', |
---|
| 314 | 'p1' => $this->account_lid, |
---|
| 315 | 'line' => __LINE__, |
---|
| 316 | 'file' => __FILE__ |
---|
| 317 | )); |
---|
| 318 | $GLOBALS['phpgw']->log->commit(); |
---|
| 319 | } |
---|
| 320 | return False; |
---|
| 321 | } |
---|
| 322 | |
---|
| 323 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
| 324 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
| 325 | |
---|
| 326 | $GLOBALS['phpgw_info']['user']['session_ip'] = $session['session_ip']; |
---|
| 327 | $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); |
---|
| 328 | |
---|
| 329 | if ($this->account_domain != $GLOBALS['phpgw_info']['user']['domain']) |
---|
| 330 | { |
---|
| 331 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 332 | { |
---|
| 333 | $GLOBALS['phpgw']->log->message(array( |
---|
| 334 | 'text' => 'W-VerifySession, the domains %1 and %2 don\'t match', |
---|
| 335 | 'p1' => $userid_array[1], |
---|
| 336 | 'p2' => $GLOBALS['phpgw_info']['user']['domain'], |
---|
| 337 | 'line' => __LINE__, |
---|
| 338 | 'file' => __FILE__ |
---|
| 339 | )); |
---|
| 340 | $GLOBALS['phpgw']->log->commit(); |
---|
| 341 | } |
---|
| 342 | return False; |
---|
| 343 | } |
---|
| 344 | |
---|
| 345 | $GLOBALS['phpgw']->acl->acl($this->account_id); |
---|
| 346 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
| 347 | $GLOBALS['phpgw']->preferences->preferences($this->account_id); |
---|
| 348 | $GLOBALS['phpgw']->applications->applications($this->account_id); |
---|
| 349 | |
---|
| 350 | if (! $this->account_lid) |
---|
| 351 | { |
---|
| 352 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 353 | { |
---|
| 354 | // This needs some better wording |
---|
| 355 | $GLOBALS['phpgw']->log->message(array( |
---|
| 356 | 'text' => 'W-VerifySession, account_id is empty', |
---|
| 357 | 'line' => __LINE__, |
---|
| 358 | 'file' => __FILE__ |
---|
| 359 | )); |
---|
| 360 | $GLOBALS['phpgw']->log->commit(); |
---|
| 361 | } |
---|
| 362 | //echo 'DEBUG: Sessions: account_id is empty!<br>'."\n"; |
---|
| 363 | return False; |
---|
| 364 | } |
---|
| 365 | return True; |
---|
| 366 | } |
---|
| 367 | |
---|
| 368 | /** |
---|
| 369 | * Functions for creating and verifying the session |
---|
| 370 | */ |
---|
| 371 | |
---|
| 372 | /** |
---|
| 373 | * Get the ip address of current users |
---|
| 374 | * |
---|
[2850] | 375 | * @return string HTTP_X_FORWARDED_FOR (if exists) and REMOTE_ADDR ip addresses. |
---|
[2] | 376 | */ |
---|
| 377 | function getuser_ip() |
---|
| 378 | { |
---|
[2850] | 379 | return (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : "").$_SERVER['REMOTE_ADDR']; |
---|
[2] | 380 | } |
---|
| 381 | |
---|
| 382 | /** |
---|
| 383 | * Set the domain used for cookies |
---|
| 384 | * |
---|
| 385 | * @return string domain |
---|
| 386 | */ |
---|
| 387 | function phpgw_set_cookiedomain() |
---|
| 388 | { |
---|
| 389 | // Use HTTP_X_FORWARDED_HOST if set, which is the case behind a none-transparent proxy |
---|
| 390 | $this->cookie_domain = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST']; |
---|
| 391 | |
---|
| 392 | // remove port from HTTP_HOST |
---|
| 393 | if (preg_match("/^(.*):(.*)$/",$this->cookie_domain,$arr)) |
---|
| 394 | { |
---|
| 395 | $this->cookie_domain = $arr[1]; |
---|
| 396 | } |
---|
| 397 | if (count(explode('.',$this->cookie_domain)) <= 1) |
---|
| 398 | { |
---|
| 399 | // setcookie dont likes domains without dots, leaving it empty, gets setcookie to fill the domain in |
---|
| 400 | $this->cookie_domain = ''; |
---|
| 401 | } |
---|
| 402 | print_debug('COOKIE_DOMAIN',$this->cookie_domain,'api'); |
---|
| 403 | |
---|
| 404 | $this->set_cookie_params($this->cookie_domain); // for php4 sessions necessary |
---|
| 405 | } |
---|
| 406 | |
---|
| 407 | /** |
---|
| 408 | * Set a cookie |
---|
| 409 | * |
---|
| 410 | * @param string $cookiename name of cookie to be set |
---|
| 411 | * @param string $cookievalue value to be used, if unset cookie is cleared (optional) |
---|
| 412 | * @param int $cookietime when cookie should expire, 0 for session only (optional) |
---|
| 413 | */ |
---|
| 414 | function phpgw_setcookie($cookiename,$cookievalue='',$cookietime=0) |
---|
| 415 | { |
---|
| 416 | if (!$this->cookie_domain) |
---|
| 417 | { |
---|
| 418 | $this->phpgw_set_cookiedomain(); |
---|
| 419 | } |
---|
[1057] | 420 | setcookie($cookiename,$cookievalue,$cookietime,'/',$this->cookie_domain,null,true); |
---|
[2] | 421 | } |
---|
| 422 | |
---|
| 423 | /** |
---|
| 424 | * Create a new session |
---|
| 425 | * |
---|
| 426 | * @param string $login user login |
---|
| 427 | * @param string $passwd user password |
---|
| 428 | * @param string $passwd_type type of password being used, ie plaintext, md5, sha1 |
---|
| 429 | * @return string session id |
---|
| 430 | */ |
---|
| 431 | function create($login,$passwd = '',$passwd_type = '') |
---|
| 432 | { |
---|
| 433 | if (is_array($login)) |
---|
| 434 | { |
---|
| 435 | $this->login = $login['login']; |
---|
| 436 | $this->passwd = $login['passwd']; |
---|
| 437 | $this->passwd_type = $login['passwd_type']; |
---|
| 438 | $login = $this->login; |
---|
| 439 | } |
---|
| 440 | else |
---|
| 441 | { |
---|
| 442 | $this->login = $login; |
---|
| 443 | $this->passwd = $passwd; |
---|
| 444 | $this->passwd_type = $passwd_type; |
---|
| 445 | } |
---|
| 446 | |
---|
| 447 | $this->clean_sessions(); |
---|
[370] | 448 | //sessions_::split_login_domain($login,$this->account_lid,$this->account_domain); |
---|
| 449 | // jakjr: allow uid with (@); |
---|
| 450 | $this->account_lid = $login; |
---|
| 451 | $this->account_domain = 'default'; |
---|
[2] | 452 | |
---|
| 453 | $now = time(); |
---|
| 454 | |
---|
| 455 | //echo "<p>session::create(login='$login'): lid='$this->account_lid', domain='$this->account_domain'</p>\n"; |
---|
| 456 | $user_ip = $this->getuser_ip(); |
---|
| 457 | |
---|
| 458 | $this->account_id = $GLOBALS['phpgw']->accounts->name2id($this->account_lid); |
---|
| 459 | |
---|
| 460 | if (($blocked = $this->login_blocked($login,$user_ip)) || // too many unsuccessful attempts |
---|
| 461 | $GLOBALS['phpgw_info']['server']['global_denied_users'][$this->account_lid] || |
---|
| 462 | !$GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type) || |
---|
| 463 | $this->account_id && $GLOBALS['phpgw']->accounts->get_type($this->account_id) == 'g') |
---|
| 464 | { |
---|
| 465 | $this->reason = $blocked ? 'blocked, too many attempts' : 'bad login or password'; |
---|
| 466 | $this->cd_reason = $blocked ? 99 : 5; |
---|
| 467 | |
---|
| 468 | $this->log_access($this->reason,$login,$user_ip,0); // log unsuccessfull login |
---|
| 469 | return False; |
---|
| 470 | } |
---|
[597] | 471 | // Só verifica tempo de inatividade do usuário, caso esteja configurado no Administrador. |
---|
| 472 | if(isset($GLOBALS['phpgw_info']['server']['time_to_account_expires']) && |
---|
| 473 | $this->account_id !=null && $this->account_lid != "expresso-admin") { |
---|
| 474 | $last_access = $this->get_last_access_on_history($this->account_id); |
---|
| 475 | $this->read_repositories(False); |
---|
| 476 | if ($last_access && ($last_access+($GLOBALS['phpgw_info']['server']['time_to_account_expires']*86400) < time())) |
---|
[548] | 477 | { |
---|
| 478 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 479 | { |
---|
| 480 | $GLOBALS['phpgw']->log->message(array( |
---|
| 481 | 'text' => 'W-LoginFailure, account loginid %1 is expired for innativity', |
---|
| 482 | 'p1' => $this->account_lid, |
---|
| 483 | 'line' => __LINE__, |
---|
| 484 | 'file' => __FILE__ |
---|
| 485 | )); |
---|
| 486 | $GLOBALS['phpgw']->log->commit(); |
---|
| 487 | } |
---|
| 488 | $this->reason = 'account is expired'; |
---|
| 489 | $this->cd_reason = 98; |
---|
| 490 | |
---|
| 491 | return False; |
---|
| 492 | } |
---|
| 493 | } |
---|
| 494 | |
---|
[370] | 495 | /* jakjr: Expresso does not use auto-create account. |
---|
[2] | 496 | if (!$this->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'] == True) |
---|
| 497 | { |
---|
| 498 | $this->account_id = $GLOBALS['phpgw']->accounts->auto_add($this->account_lid, $passwd); |
---|
| 499 | } |
---|
[370] | 500 | */ |
---|
[2] | 501 | |
---|
| 502 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
| 503 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
| 504 | $this->sessionid = $this->new_session_id(); |
---|
| 505 | $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); |
---|
| 506 | |
---|
| 507 | if ($GLOBALS['phpgw_info']['server']['usecookies']) |
---|
| 508 | { |
---|
| 509 | $this->phpgw_setcookie('sessionid',$this->sessionid); |
---|
| 510 | $this->phpgw_setcookie('kp3',$this->kp3); |
---|
| 511 | $this->phpgw_setcookie('domain',$this->account_domain); |
---|
| 512 | } |
---|
| 513 | if ($GLOBALS['phpgw_info']['server']['usecookies'] || isset($_COOKIE['last_loginid'])) |
---|
| 514 | { |
---|
| 515 | $this->phpgw_setcookie('last_loginid', $this->account_lid ,$now+1209600); /* For 2 weeks */ |
---|
| 516 | $this->phpgw_setcookie('last_domain',$this->account_domain,$now+1209600); |
---|
| 517 | $this->phpgw_setcookie('last_organization',$_POST['organization'],$now+1209600); |
---|
| 518 | } |
---|
| 519 | unset($GLOBALS['phpgw_info']['server']['default_domain']); /* we kill this for security reasons */ |
---|
| 520 | |
---|
| 521 | /* init the crypto object */ |
---|
| 522 | $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
| 523 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
| 524 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
| 525 | |
---|
| 526 | $this->read_repositories(False); |
---|
| 527 | if ($this->user['expires'] != -1 && $this->user['expires'] < time()) |
---|
| 528 | { |
---|
| 529 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 530 | { |
---|
| 531 | $GLOBALS['phpgw']->log->message(array( |
---|
| 532 | 'text' => 'W-LoginFailure, account loginid %1 is expired', |
---|
| 533 | 'p1' => $this->account_lid, |
---|
| 534 | 'line' => __LINE__, |
---|
| 535 | 'file' => __FILE__ |
---|
| 536 | )); |
---|
| 537 | $GLOBALS['phpgw']->log->commit(); |
---|
| 538 | } |
---|
| 539 | $this->reason = 'account is expired'; |
---|
| 540 | $this->cd_reason = 98; |
---|
| 541 | |
---|
| 542 | return False; |
---|
| 543 | } |
---|
| 544 | |
---|
| 545 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
| 546 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
| 547 | |
---|
| 548 | $this->appsession('password','phpgwapi',base64_encode($this->passwd)); |
---|
| 549 | if ($GLOBALS['phpgw']->acl->check('anonymous',1,'phpgwapi')) |
---|
| 550 | { |
---|
| 551 | $session_flags = 'A'; |
---|
| 552 | } |
---|
| 553 | else |
---|
| 554 | { |
---|
| 555 | $session_flags = 'N'; |
---|
| 556 | } |
---|
| 557 | |
---|
| 558 | $GLOBALS['phpgw']->db->transaction_begin(); |
---|
| 559 | $this->register_session($login,$user_ip,$now,$session_flags); |
---|
| 560 | if ($session_flags != 'A') // dont log anonymous sessions |
---|
| 561 | { |
---|
| 562 | $this->log_access($this->sessionid,$login,$user_ip,$this->account_id); |
---|
| 563 | } |
---|
| 564 | $this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login); |
---|
| 565 | // Expresso |
---|
| 566 | //$GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip); |
---|
| 567 | $GLOBALS['phpgw']->db->transaction_commit(); |
---|
| 568 | |
---|
| 569 | //if (!$this->sessionid) echo "<p>session::create(login='$login') = '$this->sessionid': lid='$this->account_lid', domain='$this->account_domain'</p>\n"; |
---|
| 570 | |
---|
| 571 | return $this->sessionid; |
---|
| 572 | } |
---|
| 573 | |
---|
| 574 | /** |
---|
[597] | 575 | * Retorna o UNIX DATE do ultimo acesso dessa conta, baseado na tabela de histórico. |
---|
| 576 | */ |
---|
[548] | 577 | function get_last_access_on_history($account_id) { |
---|
| 578 | $GLOBALS['phpgw']->db->query("select li from phpgw_access_log where account_id='$account_id' order by li desc limit 1",__LINE__,__FILE__); |
---|
| 579 | if(!$GLOBALS['phpgw']->db->next_record()) |
---|
| 580 | return false; |
---|
| 581 | return $GLOBALS['phpgw']->db->f('li'); |
---|
| 582 | } |
---|
| 583 | |
---|
| 584 | /** |
---|
[2] | 585 | * Write or update (for logout) the access_log |
---|
| 586 | * |
---|
| 587 | * @param string $sessionid id of session or 0 for unsuccessful logins |
---|
| 588 | * @param string $login account_lid (evtl. with domain) or '' for settion the logout-time |
---|
| 589 | * @param string $user_ip ip to log |
---|
| 590 | * @param int $account_id numerical account_id |
---|
| 591 | */ |
---|
| 592 | function log_access($sessionid,$login='',$user_ip='',$account_id='') |
---|
| 593 | { |
---|
| 594 | $now = time(); |
---|
| 595 | |
---|
| 596 | if ($login != '') |
---|
| 597 | { |
---|
| 598 | if (strlen($login) > 30) |
---|
| 599 | { |
---|
| 600 | $login = substr($login,0,30); |
---|
| 601 | } |
---|
[1036] | 602 | $GLOBALS['phpgw']->db->query('INSERT INTO phpgw_access_log(sessionid,loginid,ip,li,lo,account_id,browser)' |
---|
[2] | 603 | . " VALUES ('" . $sessionid . "','" . $this->db->db_addslashes($login). "','" |
---|
[1469] | 604 | . $this->db->db_addslashes($user_ip) . "',$now,0," . (int)$account_id .",'".$this->db->db_addslashes(substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199))."')",__LINE__,__FILE__); |
---|
[2] | 605 | } |
---|
[694] | 606 | else if($sessionid != 'bad login or password') |
---|
[2] | 607 | { |
---|
| 608 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET lo=" . $now . " WHERE sessionid='" |
---|
| 609 | . $sessionid . "'",__LINE__,__FILE__); |
---|
| 610 | } |
---|
[1282] | 611 | |
---|
[370] | 612 | /* jakjr: Clean phpgw_access_log with a crontab event. |
---|
[2] | 613 | if ($GLOBALS['phpgw_info']['server']['max_access_log_age']) |
---|
| 614 | { |
---|
| 615 | $max_age = $now - $GLOBALS['phpgw_info']['server']['max_access_log_age'] * 24 * 60 * 60; |
---|
| 616 | |
---|
| 617 | $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_access_log WHERE li < $max_age"); |
---|
[1282] | 618 | } |
---|
[1292] | 619 | */ |
---|
[2] | 620 | } |
---|
| 621 | |
---|
| 622 | /** |
---|
| 623 | * Protect against brute force attacks, block login if too many unsuccessful login attmepts |
---|
| 624 | * |
---|
| 625 | * @param string $login account_lid (evtl. with domain) |
---|
| 626 | * @param string $ip ip of the user |
---|
| 627 | * @returns bool login blocked? |
---|
| 628 | */ |
---|
| 629 | function login_blocked($login,$ip) |
---|
| 630 | { |
---|
[370] | 631 | /*jakjr: Disable this protection. When block an proxy server ip, all the sub-network will be blocking.*/ |
---|
[1387] | 632 | return false; |
---|
[1282] | 633 | |
---|
[2] | 634 | $blocked = False; |
---|
| 635 | $block_time = time() - $GLOBALS['phpgw_info']['server']['block_time'] * 60; |
---|
[1387] | 636 | |
---|
[2] | 637 | $ip = $this->db->db_addslashes($ip); |
---|
| 638 | $this->db->query("SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND ip='$ip' AND li > $block_time",__LINE__,__FILE__); |
---|
| 639 | $this->db->next_record(); |
---|
| 640 | if (($false_ip = $this->db->f(0)) > $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']) |
---|
| 641 | { |
---|
| 642 | //echo "<p>login_blocked: ip='$ip' ".$this->db->f(0)." trys (".$GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']." max.) since ".date('Y/m/d H:i',$block_time)."</p>\n"; |
---|
| 643 | $blocked = True; |
---|
| 644 | } |
---|
[1387] | 645 | |
---|
[2] | 646 | $login = $this->db->db_addslashes($login); |
---|
| 647 | $this->db->query("SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND (loginid='$login' OR loginid LIKE '$login@%') AND li > $block_time",__LINE__,__FILE__); |
---|
| 648 | $this->db->next_record(); |
---|
| 649 | if (($false_id = $this->db->f(0)) > $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']) |
---|
| 650 | { |
---|
| 651 | //echo "<p>login_blocked: login='$login' ".$this->db->f(0)." trys (".$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']." max.) since ".date('Y/m/d H:i',$block_time)."</p>\n"; |
---|
| 652 | $blocked = True; |
---|
| 653 | } |
---|
| 654 | if ($blocked && $GLOBALS['phpgw_info']['server']['admin_mails'] && |
---|
| 655 | // max. one mail each 5mins |
---|
| 656 | $GLOBALS['phpgw_info']['server']['login_blocked_mail_time'] < time()-5*60) |
---|
| 657 | { |
---|
| 658 | // notify admin(s) via email |
---|
| 659 | $from = 'eGroupWare@'.$GLOBALS['phpgw_info']['server']['mail_suffix']; |
---|
| 660 | $subject = lang("eGroupWare: login blocked for user '%1', IP %2",$login,$ip); |
---|
| 661 | $body = lang("Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4",$false_id,$login,$false_ip,$ip); |
---|
| 662 | |
---|
| 663 | if(!is_object($GLOBALS['phpgw']->send)) |
---|
| 664 | { |
---|
| 665 | $GLOBALS['phpgw']->send = CreateObject('phpgwapi.send'); |
---|
| 666 | } |
---|
| 667 | $subject = $GLOBALS['phpgw']->send->encode_subject($subject); |
---|
| 668 | $admin_mails = explode(',',$GLOBALS['phpgw_info']['server']['admin_mails']); |
---|
| 669 | foreach($admin_mails as $to) |
---|
| 670 | { |
---|
| 671 | $GLOBALS['phpgw']->send->msg('email',$to,$subject,$body,'','','',$from,$from); |
---|
| 672 | } |
---|
| 673 | // save time of mail, to not send to many mails |
---|
| 674 | $config = CreateObject('phpgwapi.config','phpgwapi'); |
---|
| 675 | $config->read_repository(); |
---|
| 676 | $config->value('login_blocked_mail_time',time()); |
---|
| 677 | $config->save_repository(); |
---|
| 678 | } |
---|
| 679 | return $blocked; |
---|
| 680 | } |
---|
| 681 | |
---|
| 682 | /** |
---|
| 683 | * Verfy a peer server access request |
---|
| 684 | * |
---|
| 685 | * @param string $sessionid session id to verfiy |
---|
| 686 | * @param string $kp3 ?? |
---|
| 687 | * @return bool verfied? |
---|
| 688 | */ |
---|
| 689 | function verify_server($sessionid, $kp3) |
---|
| 690 | { |
---|
| 691 | $GLOBALS['phpgw']->interserver = CreateObject('phpgwapi.interserver'); |
---|
| 692 | $this->sessionid = $sessionid; |
---|
| 693 | $this->kp3 = $kp3; |
---|
| 694 | |
---|
| 695 | $session = $this->read_session(); |
---|
| 696 | $this->session_flags = $session['session_flags']; |
---|
| 697 | |
---|
| 698 | list($this->account_lid,$this->account_domain) = explode('@', $session['session_lid']); |
---|
| 699 | |
---|
| 700 | if ($this->account_domain == '') |
---|
| 701 | { |
---|
| 702 | $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; |
---|
| 703 | } |
---|
| 704 | |
---|
| 705 | $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; |
---|
| 706 | $phpgw_info_flags = $GLOBALS['phpgw_info']['flags']; |
---|
| 707 | |
---|
| 708 | $GLOBALS['phpgw_info']['flags'] = $phpgw_info_flags; |
---|
| 709 | |
---|
| 710 | $this->update_dla(); |
---|
| 711 | $this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid); |
---|
| 712 | |
---|
| 713 | if (!$this->account_id) |
---|
| 714 | { |
---|
| 715 | return False; |
---|
| 716 | } |
---|
| 717 | |
---|
| 718 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
| 719 | |
---|
| 720 | $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); |
---|
| 721 | |
---|
| 722 | /* init the crypto object before appsession call below */ |
---|
| 723 | $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
| 724 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
| 725 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
| 726 | |
---|
| 727 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
| 728 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
| 729 | |
---|
| 730 | $GLOBALS['phpgw_info']['user']['session_ip'] = $session['session_ip']; |
---|
| 731 | $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); |
---|
| 732 | |
---|
| 733 | if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain']) |
---|
| 734 | { |
---|
| 735 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 736 | { |
---|
| 737 | $GLOBALS['phpgw']->log->message(array( |
---|
| 738 | 'text' => 'W-VerifySession, the domains %1 and %2 don\t match', |
---|
| 739 | 'p1' => $userid_array[1], |
---|
| 740 | 'p2' => $GLOBALS['phpgw_info']['user']['domain'], |
---|
| 741 | 'line' => __LINE__, |
---|
| 742 | 'file' => __FILE__ |
---|
| 743 | )); |
---|
| 744 | $GLOBALS['phpgw']->log->commit(); |
---|
| 745 | } |
---|
| 746 | |
---|
| 747 | if(is_object($GLOBALS['phpgw']->crypto)) |
---|
| 748 | { |
---|
| 749 | $GLOBALS['phpgw']->crypto->cleanup(); |
---|
| 750 | unset($GLOBALS['phpgw']->crypto); |
---|
| 751 | } |
---|
| 752 | return False; |
---|
| 753 | } |
---|
| 754 | |
---|
| 755 | if(@$GLOBALS['phpgw_info']['server']['sessions_checkip']) |
---|
| 756 | { |
---|
| 757 | if((PHP_OS != 'Windows') && (PHP_OS != 'WINNT') && |
---|
| 758 | (!$GLOBALS['phpgw_info']['user']['session_ip'] || $GLOBALS['phpgw_info']['user']['session_ip'] != $this->getuser_ip()) |
---|
| 759 | ) |
---|
| 760 | { |
---|
| 761 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 762 | { |
---|
| 763 | // This needs some better wording |
---|
| 764 | $GLOBALS['phpgw']->log->message(array( |
---|
| 765 | 'text' => 'W-VerifySession, IP %1 doesn\'t match IP %2 in session table', |
---|
| 766 | 'p1' => $this->getuser_ip(), |
---|
| 767 | 'p2' => $GLOBALS['phpgw_info']['user']['session_ip'], |
---|
| 768 | 'line' => __LINE__, |
---|
| 769 | 'file' => __FILE__ |
---|
| 770 | )); |
---|
| 771 | $GLOBALS['phpgw']->log->commit(); |
---|
| 772 | } |
---|
| 773 | |
---|
| 774 | if(is_object($GLOBALS['phpgw']->crypto)) |
---|
| 775 | { |
---|
| 776 | $GLOBALS['phpgw']->crypto->cleanup(); |
---|
| 777 | unset($GLOBALS['phpgw']->crypto); |
---|
| 778 | } |
---|
| 779 | return False; |
---|
| 780 | } |
---|
| 781 | } |
---|
| 782 | |
---|
| 783 | $GLOBALS['phpgw']->acl->acl($this->account_id); |
---|
| 784 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
| 785 | $GLOBALS['phpgw']->preferences->preferences($this->account_id); |
---|
| 786 | $GLOBALS['phpgw']->applications->applications($this->account_id); |
---|
| 787 | |
---|
| 788 | if (! $this->account_lid) |
---|
| 789 | { |
---|
| 790 | if(is_object($GLOBALS['phpgw']->log)) |
---|
| 791 | { |
---|
| 792 | // This needs some better wording |
---|
| 793 | $GLOBALS['phpgw']->log->message(array( |
---|
| 794 | 'text' => 'W-VerifySession, account_id is empty', |
---|
| 795 | 'line' => __LINE__, |
---|
| 796 | 'file' => __FILE__ |
---|
| 797 | )); |
---|
| 798 | $GLOBALS['phpgw']->log->commit(); |
---|
| 799 | } |
---|
| 800 | |
---|
| 801 | if(is_object($GLOBALS['phpgw']->crypto)) |
---|
| 802 | { |
---|
| 803 | $GLOBALS['phpgw']->crypto->cleanup(); |
---|
| 804 | unset($GLOBALS['phpgw']->crypto); |
---|
| 805 | } |
---|
| 806 | return False; |
---|
| 807 | } |
---|
| 808 | else |
---|
| 809 | { |
---|
| 810 | return True; |
---|
| 811 | } |
---|
| 812 | } |
---|
| 813 | |
---|
| 814 | /** |
---|
| 815 | * Validate a peer server login request |
---|
| 816 | * |
---|
| 817 | * @param string $login login name |
---|
| 818 | * @param string $password password |
---|
| 819 | * @return bool login ok? |
---|
| 820 | */ |
---|
| 821 | function create_server($login,$passwd) |
---|
| 822 | { |
---|
| 823 | $GLOBALS['phpgw']->interserver = CreateObject('phpgwapi.interserver'); |
---|
| 824 | $this->login = $login; |
---|
| 825 | $this->passwd = $passwd; |
---|
| 826 | $this->clean_sessions(); |
---|
| 827 | $login_array = explode('@', $login); |
---|
| 828 | $this->account_lid = $login_array[0]; |
---|
| 829 | $now = time(); |
---|
| 830 | |
---|
| 831 | if ($login_array[1] != '') |
---|
| 832 | { |
---|
| 833 | $this->account_domain = $login_array[1]; |
---|
| 834 | } |
---|
| 835 | else |
---|
| 836 | { |
---|
| 837 | $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; |
---|
| 838 | } |
---|
| 839 | |
---|
| 840 | $serverdata = array( |
---|
| 841 | 'server_name' => $this->account_domain, |
---|
| 842 | 'username' => $this->account_lid, |
---|
| 843 | 'password' => $passwd |
---|
| 844 | ); |
---|
| 845 | if (!$GLOBALS['phpgw']->interserver->auth($serverdata)) |
---|
| 846 | { |
---|
| 847 | return False; |
---|
| 848 | exit; |
---|
| 849 | } |
---|
| 850 | |
---|
| 851 | if (!$GLOBALS['phpgw']->interserver->exists($this->account_lid)) |
---|
| 852 | { |
---|
| 853 | $this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid); |
---|
| 854 | } |
---|
| 855 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
| 856 | $GLOBALS['phpgw']->interserver->serverid = $this->account_id; |
---|
| 857 | |
---|
| 858 | $this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10)); |
---|
| 859 | $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); |
---|
| 860 | |
---|
| 861 | /* re-init the crypto object */ |
---|
| 862 | $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
| 863 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
| 864 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
| 865 | |
---|
| 866 | //$this->read_repositories(False); |
---|
| 867 | |
---|
| 868 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
| 869 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
| 870 | |
---|
| 871 | $this->appsession('password','phpgwapi',base64_encode($this->passwd)); |
---|
| 872 | $session_flags = 'S'; |
---|
| 873 | |
---|
| 874 | $user_ip = $this->getuser_ip(); |
---|
| 875 | |
---|
| 876 | $GLOBALS['phpgw']->db->transaction_begin(); |
---|
| 877 | $this->register_session($login,$user_ip,$now,$session_flags); |
---|
| 878 | |
---|
| 879 | $this->log_access($this->sessionid,$login,$user_ip,$this->account_id); |
---|
| 880 | |
---|
| 881 | $this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login); |
---|
| 882 | $GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip); |
---|
| 883 | $GLOBALS['phpgw']->db->transaction_commit(); |
---|
| 884 | |
---|
| 885 | return array($this->sessionid,$this->kp3); |
---|
| 886 | } |
---|
| 887 | |
---|
| 888 | /** |
---|
| 889 | * Functions for appsession data and session cache |
---|
| 890 | */ |
---|
| 891 | |
---|
| 892 | /** |
---|
| 893 | * Is this also useless?? (skwashd) |
---|
| 894 | */ |
---|
| 895 | function read_repositories($cached='',$write_cache=True) |
---|
| 896 | { |
---|
| 897 | $GLOBALS['phpgw']->acl->acl($this->account_id); |
---|
| 898 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
| 899 | $GLOBALS['phpgw']->preferences->preferences($this->account_id); |
---|
| 900 | $GLOBALS['phpgw']->applications->applications($this->account_id); |
---|
| 901 | |
---|
| 902 | if(@$cached) |
---|
| 903 | { |
---|
| 904 | $this->user = $this->appsession('phpgw_info_cache','phpgwapi'); |
---|
| 905 | if(!empty($this->user)) |
---|
| 906 | { |
---|
| 907 | $GLOBALS['phpgw']->preferences->data = $this->user['preferences']; |
---|
| 908 | if (!isset($GLOBALS['phpgw_info']['apps']) || !is_array($GLOBALS['phpgw_info']['apps'])) |
---|
| 909 | { |
---|
| 910 | $GLOBALS['phpgw']->applications->read_installed_apps(); |
---|
| 911 | } |
---|
| 912 | } |
---|
| 913 | else |
---|
| 914 | { |
---|
| 915 | $this->setup_cache($write_cache); |
---|
| 916 | } |
---|
| 917 | } |
---|
| 918 | else |
---|
| 919 | { |
---|
| 920 | $this->setup_cache($write_cache); |
---|
| 921 | } |
---|
| 922 | $this->hooks = $GLOBALS['phpgw']->hooks->read(); |
---|
| 923 | } |
---|
| 924 | |
---|
| 925 | /** |
---|
| 926 | * Is this also useless?? (skwashd) |
---|
| 927 | */ |
---|
| 928 | function setup_cache($write_cache=True) |
---|
| 929 | { |
---|
| 930 | $this->user = $GLOBALS['phpgw']->accounts->read_repository(); |
---|
| 931 | $this->user['acl'] = $GLOBALS['phpgw']->acl->read_repository(); |
---|
| 932 | $this->user['preferences'] = $GLOBALS['phpgw']->preferences->read_repository(); |
---|
| 933 | $this->user['apps'] = $GLOBALS['phpgw']->applications->read_repository(); |
---|
| 934 | //@reset($this->data['user']['apps']); |
---|
| 935 | |
---|
| 936 | $this->user['domain'] = $this->account_domain; |
---|
| 937 | $this->user['sessionid'] = $this->sessionid; |
---|
| 938 | $this->user['kp3'] = $this->kp3; |
---|
| 939 | $this->user['session_ip'] = $this->getuser_ip(); |
---|
| 940 | $this->user['session_lid'] = $this->account_lid.'@'.$this->account_domain; |
---|
| 941 | $this->user['account_id'] = $this->account_id; |
---|
| 942 | $this->user['account_lid'] = $this->account_lid; |
---|
| 943 | $this->user['userid'] = $this->account_lid; |
---|
| 944 | $this->user['passwd'] = @$this->passwd; |
---|
| 945 | if(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info'] && $write_cache) |
---|
| 946 | { |
---|
| 947 | $this->delete_cache(); |
---|
| 948 | $this->appsession('phpgw_info_cache','phpgwapi',$this->user); |
---|
| 949 | } |
---|
| 950 | } |
---|
| 951 | |
---|
| 952 | /** |
---|
| 953 | * This looks to be useless |
---|
| 954 | * This will capture everything in the $GLOBALS['phpgw_info'] including server info, |
---|
| 955 | * and store it in appsessions. This is really incompatible with any type of restoring |
---|
| 956 | * from appsession as the saved user info is really in ['user'] rather than the root of |
---|
| 957 | * the structure, which is what this class likes. |
---|
| 958 | */ |
---|
| 959 | function save_repositories() |
---|
| 960 | { |
---|
| 961 | $phpgw_info_temp = $GLOBALS['phpgw_info']; |
---|
| 962 | $phpgw_info_temp['user']['kp3'] = ''; |
---|
| 963 | $phpgw_info_temp['flags'] = array(); |
---|
| 964 | |
---|
| 965 | if ($GLOBALS['phpgw_info']['server']['cache_phpgw_info']) |
---|
| 966 | { |
---|
| 967 | $this->appsession('phpgw_info_cache','phpgwapi',$phpgw_info_temp); |
---|
| 968 | } |
---|
| 969 | } |
---|
| 970 | |
---|
| 971 | function restore() |
---|
| 972 | { |
---|
| 973 | $sessionData = $this->appsession('sessiondata'); |
---|
| 974 | |
---|
| 975 | if (!empty($sessionData) && is_array($sessionData)) |
---|
| 976 | { |
---|
| 977 | foreach($sessionData as $key => $value) |
---|
| 978 | { |
---|
| 979 | global $$key; |
---|
| 980 | $$key = $value; |
---|
| 981 | $this->variableNames[$key] = 'registered'; |
---|
| 982 | // echo 'restored: '.$key.', ' . $value . '<br>'; |
---|
| 983 | } |
---|
| 984 | } |
---|
| 985 | } |
---|
| 986 | |
---|
| 987 | /** |
---|
| 988 | * Save the current values of all registered variables |
---|
| 989 | */ |
---|
| 990 | function save() |
---|
| 991 | { |
---|
| 992 | if (is_array($this->variableNames)) |
---|
| 993 | { |
---|
| 994 | reset($this->variableNames); |
---|
| 995 | while(list($key, $value) = each($this->variableNames)) |
---|
| 996 | { |
---|
| 997 | if ($value == 'registered') |
---|
| 998 | { |
---|
| 999 | global $$key; |
---|
| 1000 | $sessionData[$key] = $$key; |
---|
| 1001 | } |
---|
| 1002 | } |
---|
| 1003 | $this->appsession('sessiondata','',$sessionData); |
---|
| 1004 | } |
---|
| 1005 | } |
---|
| 1006 | |
---|
| 1007 | /** |
---|
| 1008 | * Create a list a variable names, which data needs to be restored |
---|
| 1009 | * |
---|
| 1010 | * @param string $_variableName name of variable to be registered |
---|
| 1011 | */ |
---|
| 1012 | function register($_variableName) |
---|
| 1013 | { |
---|
| 1014 | $this->variableNames[$_variableName]='registered'; |
---|
| 1015 | #print 'registered '.$_variableName.'<br>'; |
---|
| 1016 | } |
---|
| 1017 | |
---|
| 1018 | /** |
---|
| 1019 | * Mark variable as unregistered |
---|
| 1020 | * |
---|
| 1021 | * @param string $_variableName name of variable to deregister |
---|
| 1022 | */ |
---|
| 1023 | function unregister($_variableName) |
---|
| 1024 | { |
---|
| 1025 | $this->variableNames[$_variableName]='unregistered'; |
---|
| 1026 | #print 'unregistered '.$_variableName.'<br>'; |
---|
| 1027 | } |
---|
| 1028 | |
---|
| 1029 | /** |
---|
| 1030 | * Check if we have a variable registred already |
---|
| 1031 | * |
---|
| 1032 | * @param string $_variableName name of variable to check |
---|
| 1033 | * @return bool was the variable found? |
---|
| 1034 | */ |
---|
| 1035 | function is_registered($_variableName) |
---|
| 1036 | { |
---|
| 1037 | if ($this->variableNames[$_variableName] == 'registered') |
---|
| 1038 | { |
---|
| 1039 | return True; |
---|
| 1040 | } |
---|
| 1041 | else |
---|
| 1042 | { |
---|
| 1043 | return False; |
---|
| 1044 | } |
---|
| 1045 | } |
---|
| 1046 | /** |
---|
| 1047 | * Additional tracking of user actions - prevents reposts/use of back button |
---|
| 1048 | * |
---|
| 1049 | * @author skwashd |
---|
| 1050 | * @return string current history id |
---|
| 1051 | */ |
---|
| 1052 | function generate_click_history() |
---|
| 1053 | { |
---|
| 1054 | if(!isset($this->history_id)) |
---|
| 1055 | { |
---|
| 1056 | $this->history_id = md5($this->login . time()); |
---|
| 1057 | $history = $this->appsession($location = 'history', $appname = 'phpgwapi'); |
---|
| 1058 | |
---|
| 1059 | if(count($history) >= $GLOBALS['phpgw_info']['server']['max_history']) |
---|
| 1060 | { |
---|
| 1061 | array_shift($history); |
---|
| 1062 | $this->appsession($location = 'history', $appname = 'phpgwapi', $history); |
---|
| 1063 | } |
---|
| 1064 | } |
---|
| 1065 | return $this->history_id; |
---|
| 1066 | } |
---|
| 1067 | |
---|
| 1068 | /** |
---|
| 1069 | * Detects if the page has already been called before - good for forms |
---|
| 1070 | * |
---|
| 1071 | * @author skwashd |
---|
| 1072 | * @param bool $diplay_error when implemented will use the generic error handling code |
---|
| 1073 | * @return True if called previously, else False - call ok |
---|
| 1074 | */ |
---|
| 1075 | function is_repost($display_error = False) |
---|
| 1076 | { |
---|
| 1077 | $history = $this->appsession($location = 'history', $appname = 'phpgwapi'); |
---|
| 1078 | if(isset($history[$_GET['click_history']])) |
---|
| 1079 | { |
---|
| 1080 | if($display_error) |
---|
| 1081 | { |
---|
| 1082 | $GLOBALS['phpgw']->redirect_link('/error.php', 'type=repost');//more on this later :) |
---|
| 1083 | } |
---|
| 1084 | else |
---|
| 1085 | { |
---|
| 1086 | return True; //handled by the app |
---|
| 1087 | } |
---|
| 1088 | } |
---|
| 1089 | else |
---|
| 1090 | { |
---|
| 1091 | $history[$_GET['click_history']] = True; |
---|
| 1092 | $this->appsession($location = 'history', $appname = 'phpgwapi', $history); |
---|
| 1093 | return False; |
---|
| 1094 | } |
---|
| 1095 | } |
---|
| 1096 | |
---|
| 1097 | /** |
---|
| 1098 | * Generate a url which supports url or cookies based sessions |
---|
| 1099 | * |
---|
| 1100 | * @param string $url a url relative to the egroupware install root |
---|
| 1101 | * @param array $extravars query string arguements |
---|
| 1102 | * @return string generated url |
---|
| 1103 | */ |
---|
| 1104 | function link($url, $extravars = '') |
---|
| 1105 | { |
---|
| 1106 | //echo "<p>session::link(url='".print_r($url,True)."',extravars='".print_r($extravars,True)."')"; |
---|
| 1107 | /* first we process the $url to build the full scriptname */ |
---|
| 1108 | $full_scriptname = True; |
---|
| 1109 | |
---|
| 1110 | $url_firstchar = substr($url ,0,1); |
---|
| 1111 | if ($url_firstchar == '/' && $GLOBALS['phpgw_info']['server']['webserver_url'] == '/') |
---|
| 1112 | { |
---|
| 1113 | $full_scriptname = False; |
---|
| 1114 | } |
---|
| 1115 | |
---|
| 1116 | if ($url_firstchar != '/') |
---|
| 1117 | { |
---|
| 1118 | $app = $GLOBALS['phpgw_info']['flags']['currentapp']; |
---|
| 1119 | if ($app != 'home' && $app != 'login' && $app != 'logout') |
---|
| 1120 | { |
---|
| 1121 | $url = $app.'/'.$url; |
---|
| 1122 | } |
---|
| 1123 | } |
---|
| 1124 | |
---|
| 1125 | if($full_scriptname) |
---|
| 1126 | { |
---|
| 1127 | $webserver_url_count = strlen($GLOBALS['phpgw_info']['server']['webserver_url'])-1; |
---|
| 1128 | if(substr($GLOBALS['phpgw_info']['server']['webserver_url'] ,$webserver_url_count,1) != '/' && $url_firstchar != '/') |
---|
| 1129 | { |
---|
| 1130 | $url = $GLOBALS['phpgw_info']['server']['webserver_url'] .'/'. $url; |
---|
| 1131 | } |
---|
| 1132 | else |
---|
| 1133 | { |
---|
| 1134 | $url = $GLOBALS['phpgw_info']['server']['webserver_url'] . $url; |
---|
| 1135 | } |
---|
| 1136 | } |
---|
| 1137 | |
---|
| 1138 | if(@isset($GLOBALS['phpgw_info']['server']['enforce_ssl']) && $GLOBALS['phpgw_info']['server']['enforce_ssl']) // && !$_SERVER['HTTPS']) imho https should always be a full path - skwashd |
---|
| 1139 | { |
---|
| 1140 | if(substr($url ,0,4) != 'http') |
---|
| 1141 | { |
---|
| 1142 | $url = 'https://'.$GLOBALS['phpgw_info']['server']['hostname'].$url; |
---|
| 1143 | } |
---|
| 1144 | else |
---|
| 1145 | { |
---|
| 1146 | $url = str_replace ( 'http:', 'https:', $url); |
---|
| 1147 | } |
---|
| 1148 | } |
---|
| 1149 | |
---|
| 1150 | /* Now we process the extravars into a proper url format */ |
---|
| 1151 | /* if its not an array, then we turn it into one */ |
---|
| 1152 | /* We do this to help prevent any duplicates from being sent. */ |
---|
| 1153 | if (!is_array($extravars) && $extravars != '') |
---|
| 1154 | { |
---|
| 1155 | $new_extravars = Array(); |
---|
| 1156 | |
---|
| 1157 | $a = explode('&', $extravars); |
---|
| 1158 | $i = 0; |
---|
| 1159 | while ($i < count($a)) |
---|
| 1160 | { |
---|
| 1161 | $b = split('=', $a[$i],2); |
---|
| 1162 | // Check if this value doesn't already exist in new_extravars |
---|
| 1163 | if(array_key_exists($b[0], $new_extravars)) |
---|
| 1164 | { |
---|
| 1165 | // print "Debug::Error !!! " . $b[0] . " ($i) already exists<br>"; |
---|
| 1166 | if( eregi("\[\]", $b[0]) ) |
---|
| 1167 | { |
---|
| 1168 | $b[0] = eregi_replace("\[\]", "[$i]", $b[0]); |
---|
| 1169 | } |
---|
| 1170 | } |
---|
| 1171 | |
---|
| 1172 | $new_extravars[$b[0]] = $b[1]; |
---|
| 1173 | $i++; |
---|
| 1174 | } |
---|
| 1175 | $extravars = $new_extravars; |
---|
| 1176 | unset($new_extravars); |
---|
| 1177 | } |
---|
| 1178 | |
---|
| 1179 | /* if using frames we make sure there is a framepart */ |
---|
| 1180 | if(@defined('PHPGW_USE_FRAMES') && PHPGW_USE_FRAMES) |
---|
| 1181 | { |
---|
| 1182 | if (!isset($extravars['framepart'])) |
---|
| 1183 | { |
---|
| 1184 | $extravars['framepart']='body'; |
---|
| 1185 | } |
---|
| 1186 | } |
---|
| 1187 | |
---|
| 1188 | /* add session params if not using cookies */ |
---|
| 1189 | if (@!$GLOBALS['phpgw_info']['server']['usecookies']) |
---|
| 1190 | { |
---|
| 1191 | $extravars['sessionid'] = $this->sessionid; |
---|
| 1192 | $extravars['kp3'] = $this->kp3; |
---|
| 1193 | $extravars['domain'] = $this->account_domain; |
---|
| 1194 | } |
---|
| 1195 | |
---|
| 1196 | //used for repost prevention |
---|
| 1197 | // $extravars['click_history'] = $this->generate_click_history(); |
---|
| 1198 | |
---|
| 1199 | /* if we end up with any extravars then we generate the url friendly string */ |
---|
| 1200 | if (is_array($extravars)) |
---|
| 1201 | { |
---|
| 1202 | $new_extravars = ''; |
---|
| 1203 | foreach($extravars as $key => $value) |
---|
| 1204 | { |
---|
| 1205 | if (!empty($new_extravars)) |
---|
| 1206 | { |
---|
| 1207 | $new_extravars .= '&'; |
---|
| 1208 | } |
---|
| 1209 | $new_extravars .= $key.'='.urlencode($value); |
---|
| 1210 | } |
---|
| 1211 | $url .= '?' . $new_extravars; |
---|
| 1212 | } |
---|
| 1213 | //echo " = '$url'</p>\n"; |
---|
| 1214 | return $url; |
---|
| 1215 | } |
---|
| 1216 | |
---|
| 1217 | /** |
---|
| 1218 | * The remaining methods are abstract - as they are unique for each session handler |
---|
| 1219 | */ |
---|
| 1220 | |
---|
| 1221 | /** |
---|
| 1222 | * Load user's session information |
---|
| 1223 | * |
---|
| 1224 | * The sessionid of the session to read is passed in the class-var $this->sessionid |
---|
| 1225 | * |
---|
| 1226 | * @return mixed the session data |
---|
| 1227 | */ |
---|
| 1228 | function read_session() |
---|
| 1229 | {} |
---|
| 1230 | |
---|
| 1231 | /** |
---|
| 1232 | * Remove stale sessions out of the database |
---|
| 1233 | */ |
---|
| 1234 | function clean_sessions() |
---|
| 1235 | {} |
---|
| 1236 | |
---|
| 1237 | /** |
---|
| 1238 | * Set paramaters for cookies - only implemented in PHP4 sessions |
---|
| 1239 | * |
---|
| 1240 | * @param string $domain domain name to use in cookie |
---|
| 1241 | */ |
---|
| 1242 | |
---|
| 1243 | function set_cookie_params($domain) |
---|
| 1244 | {} |
---|
| 1245 | |
---|
| 1246 | /** |
---|
| 1247 | * Create a new session id |
---|
| 1248 | * |
---|
| 1249 | * @return string a new session id |
---|
| 1250 | */ |
---|
| 1251 | function new_session_id() |
---|
| 1252 | {} |
---|
| 1253 | |
---|
| 1254 | /** |
---|
| 1255 | * Create a new session |
---|
| 1256 | * |
---|
| 1257 | * @param string $login user login |
---|
| 1258 | * @param string $user_ip users ip address |
---|
| 1259 | * @param int $now time now as a unix timestamp |
---|
| 1260 | * @param string $session_flags A = Anonymous, N = Normal |
---|
| 1261 | */ |
---|
| 1262 | function register_session($login,$user_ip,$now,$session_flags) |
---|
| 1263 | {} |
---|
| 1264 | |
---|
| 1265 | /** |
---|
| 1266 | * Update the date last active info for the session, so the login does not expire |
---|
| 1267 | * |
---|
| 1268 | * @return bool did it suceed? |
---|
| 1269 | */ |
---|
| 1270 | function update_dla() |
---|
| 1271 | {} |
---|
| 1272 | |
---|
| 1273 | /** |
---|
| 1274 | * Terminate a session |
---|
| 1275 | * |
---|
| 1276 | * @param string $sessionid the id of the session to be terminated |
---|
| 1277 | * @param string $kp3 - NOT SURE |
---|
| 1278 | * @return bool did it suceed? |
---|
| 1279 | */ |
---|
| 1280 | function destroy($sessionid, $kp3) |
---|
| 1281 | {} |
---|
| 1282 | |
---|
| 1283 | /** |
---|
| 1284 | * Functions for appsession data and session cache |
---|
| 1285 | */ |
---|
| 1286 | |
---|
| 1287 | /** |
---|
| 1288 | * Delete all data from the session cache for a user |
---|
| 1289 | * |
---|
| 1290 | * @param int $accountid user account id, defaults to current user (optional) |
---|
| 1291 | */ |
---|
| 1292 | function delete_cache($accountid='') |
---|
| 1293 | {} |
---|
| 1294 | |
---|
| 1295 | /** |
---|
| 1296 | * Stores or retrieves information from the sessions cache |
---|
| 1297 | * |
---|
| 1298 | * @param string $location identifier for data |
---|
| 1299 | * @param string $appname name of app which is responsbile for the data |
---|
| 1300 | * @param mixed $data data to be stored, if left blank data is retreived (optional) |
---|
| 1301 | * @return mixed data from cache, only returned if $data arg is not used |
---|
| 1302 | */ |
---|
| 1303 | function appsession($location = 'default', $appname = '', $data = '##NOTHING##') |
---|
| 1304 | {} |
---|
| 1305 | |
---|
| 1306 | /** |
---|
| 1307 | * Get list of normal / non-anonymous sessions |
---|
| 1308 | * Note: The data from the session-files get cached in the app_session phpgwapi/php4_session_cache |
---|
| 1309 | * |
---|
| 1310 | * @author ralfbecker |
---|
| 1311 | * @param int $start session to start at |
---|
| 1312 | * @param string $order field to sort on |
---|
| 1313 | * @param string $sort sort order |
---|
| 1314 | * @param bool $all_no_sort list all with out sorting (optional) default False |
---|
| 1315 | * @return array info for all current sessions |
---|
| 1316 | */ |
---|
| 1317 | function list_sessions($start,$order,$sort,$all_no_sort = False) |
---|
| 1318 | {} |
---|
| 1319 | |
---|
| 1320 | /** |
---|
| 1321 | * Get the number of normal / non-anonymous sessions |
---|
| 1322 | * |
---|
| 1323 | * @author ralfbecker |
---|
| 1324 | * @return int number of sessions |
---|
| 1325 | */ |
---|
| 1326 | function total() |
---|
| 1327 | {} |
---|
| 1328 | } |
---|
| 1329 | |
---|
| 1330 | if(empty($GLOBALS['phpgw_info']['server']['sessions_type'])) |
---|
| 1331 | { |
---|
| 1332 | $GLOBALS['phpgw_info']['server']['sessions_type'] = 'php4'; // the more performant default |
---|
| 1333 | } |
---|
| 1334 | // for php4 sessions, check if the extension is loaded, try loading it and fallback to db sessions if not |
---|
| 1335 | if ($GLOBALS['phpgw_info']['server']['sessions_type'] == 'php4' && !extension_loaded('session')) |
---|
| 1336 | { |
---|
| 1337 | // some constanst for pre php4.3 |
---|
| 1338 | if (!defined('PHP_SHLIB_SUFFIX')) |
---|
| 1339 | { |
---|
| 1340 | define('PHP_SHLIB_SUFFIX',strtoupper(substr(PHP_OS, 0,3)) == 'WIN' ? 'dll' : 'so'); |
---|
| 1341 | } |
---|
| 1342 | if (!defined('PHP_SHLIB_PREFIX')) |
---|
| 1343 | { |
---|
| 1344 | define('PHP_SHLIB_PREFIX',PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : ''); |
---|
| 1345 | } |
---|
| 1346 | if (!function_exists('dl') || !@dl(PHP_SHLIB_PREFIX.'session'.'.'.PHP_SHLIB_SUFFIX)) |
---|
| 1347 | { |
---|
| 1348 | $GLOBALS['phpgw_info']['server']['sessions_type'] = 'db'; // fallback if we have no php4 sessions support |
---|
| 1349 | } |
---|
| 1350 | } |
---|
| 1351 | include_once(PHPGW_API_INC.'/class.sessions_'.$GLOBALS['phpgw_info']['server']['sessions_type'].'.inc.php'); |
---|