1 | <?php |
---|
2 | /**************************************************************************\ |
---|
3 | * eGroupWare API - Session management * |
---|
4 | * This file written by Dan Kuykendall <seek3r@phpgroupware.org> * |
---|
5 | * and Joseph Engo <jengo@phpgroupware.org> * |
---|
6 | * and Ralf Becker <ralfbecker@outdoor-training.de> * |
---|
7 | * Copyright (C) 2000, 2001 Dan Kuykendall * |
---|
8 | * Parts Copyright (C) 2003 Free Software Foundation Inc * |
---|
9 | * -------------------------------------------------------------------------* |
---|
10 | * This library is part of the eGroupWare API * |
---|
11 | * http://www.egroupware.org/api * |
---|
12 | * ------------------------------------------------------------------------ * |
---|
13 | * This library is free software; you can redistribute it and/or modify it * |
---|
14 | * under the terms of the GNU Lesser General Public License as published by * |
---|
15 | * the Free Software Foundation; either version 2.1 of the License, * |
---|
16 | * or any later version. * |
---|
17 | * This library is distributed in the hope that it will be useful, but * |
---|
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * |
---|
20 | * See the GNU Lesser General Public License for more details. * |
---|
21 | * You should have received a copy of the GNU Lesser General Public License * |
---|
22 | * along with this library; if not, write to the Free Software Foundation, * |
---|
23 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * |
---|
24 | \**************************************************************************/ |
---|
25 | |
---|
26 | |
---|
27 | /* sessions_type setup moved after the class below - milosch */ |
---|
28 | |
---|
29 | /** |
---|
30 | * Session Management Libabray |
---|
31 | * |
---|
32 | * This allows eGroupWare to use php4 or database sessions |
---|
33 | * |
---|
34 | * @package phpgwapi |
---|
35 | * @subpackage sessions |
---|
36 | * @abstract |
---|
37 | * @author NetUSE AG Boris Erdmann, Kristian Koehntopp <br> hacked on by phpGW |
---|
38 | * @copyright © 1998-2000 NetUSE AG Boris Erdmann, Kristian Koehntopp <br> © 2003 FreeSoftware Foundation |
---|
39 | * @license LGPL |
---|
40 | * @link http://www.sanisoft.com/phplib/manual/DB_sql.php |
---|
41 | * @uses db |
---|
42 | */ |
---|
43 | |
---|
44 | class sessions_ |
---|
45 | { |
---|
46 | /** |
---|
47 | * @var string current user login |
---|
48 | */ |
---|
49 | var $login; |
---|
50 | |
---|
51 | /** |
---|
52 | * @var string current user password |
---|
53 | */ |
---|
54 | var $passwd; |
---|
55 | |
---|
56 | /** |
---|
57 | * @var int current user db/ldap account id |
---|
58 | */ |
---|
59 | var $account_id; |
---|
60 | |
---|
61 | /** |
---|
62 | * @var string current user account login id - ie user@domain |
---|
63 | */ |
---|
64 | var $account_lid; |
---|
65 | |
---|
66 | /** |
---|
67 | * @var string previous page call id - repost prevention |
---|
68 | */ |
---|
69 | var $history_id; |
---|
70 | |
---|
71 | /** |
---|
72 | * @var string domain for current user |
---|
73 | */ |
---|
74 | var $account_domain; |
---|
75 | |
---|
76 | /** |
---|
77 | * @var session type flag, A - anonymous session, N - None, normal session |
---|
78 | */ |
---|
79 | var $session_flags; |
---|
80 | |
---|
81 | /** |
---|
82 | * @var string current user session id |
---|
83 | */ |
---|
84 | var $sessionid; |
---|
85 | |
---|
86 | /** |
---|
87 | * @var string not sure what this does, but it is important :) |
---|
88 | */ |
---|
89 | var $kp3; |
---|
90 | |
---|
91 | /** |
---|
92 | * @var string encryption key? |
---|
93 | */ |
---|
94 | var $key; |
---|
95 | |
---|
96 | /** |
---|
97 | * @var string iv == ivegotnoidea ;) (skwashd) |
---|
98 | */ |
---|
99 | var $iv; |
---|
100 | |
---|
101 | /** |
---|
102 | * @var session data |
---|
103 | */ |
---|
104 | var $data; |
---|
105 | |
---|
106 | /** |
---|
107 | * @var object holder for the database object |
---|
108 | */ |
---|
109 | var $db; |
---|
110 | |
---|
111 | /** |
---|
112 | * @var array publicly available methods |
---|
113 | */ |
---|
114 | var $public_functions = array( |
---|
115 | 'list_methods' => True, |
---|
116 | 'update_dla' => True, |
---|
117 | 'list' => True, |
---|
118 | 'total' => True |
---|
119 | ); |
---|
120 | |
---|
121 | /** |
---|
122 | * @var string domain for cookies |
---|
123 | */ |
---|
124 | var $cookie_domain; |
---|
125 | |
---|
126 | /** |
---|
127 | * @var name of XML-RPC/SOAP method called |
---|
128 | */ |
---|
129 | var $xmlrpc_method_called; |
---|
130 | |
---|
131 | /** |
---|
132 | * Constructor just loads up some defaults from cookies |
---|
133 | */ |
---|
134 | function sessions_() |
---|
135 | { |
---|
136 | $this->db = $GLOBALS['phpgw']->db; |
---|
137 | $this->sessionid = get_var('sessionid',array('GET','COOKIE')); |
---|
138 | $this->kp3 = get_var('kp3',array('GET','COOKIE')); |
---|
139 | /* Create the crypto object */ |
---|
140 | $GLOBALS['phpgw']->crypto = CreateObject('phpgwapi.crypto'); |
---|
141 | if ($GLOBALS['phpgw_info']['server']['usecookies']) |
---|
142 | { |
---|
143 | $this->phpgw_set_cookiedomain(); |
---|
144 | } |
---|
145 | // verfiy and if necessary create and save our config settings |
---|
146 | // |
---|
147 | $save_rep = False; |
---|
148 | if (!isset($GLOBALS['phpgw_info']['server']['max_access_log_age'])) |
---|
149 | { |
---|
150 | $GLOBALS['phpgw_info']['server']['max_access_log_age'] = 90; // default 90 days |
---|
151 | $save_rep = True; |
---|
152 | } |
---|
153 | if (!isset($GLOBALS['phpgw_info']['server']['block_time'])) |
---|
154 | { |
---|
155 | $GLOBALS['phpgw_info']['server']['block_time'] = 30; // default 30min |
---|
156 | $save_rep = True; |
---|
157 | } |
---|
158 | if (!isset($GLOBALS['phpgw_info']['server']['num_unsuccessful_id'])) |
---|
159 | { |
---|
160 | $GLOBALS['phpgw_info']['server']['num_unsuccessful_id'] = 3; // default 3 trys per id |
---|
161 | $save_rep = True; |
---|
162 | } |
---|
163 | if (!isset($GLOBALS['phpgw_info']['server']['num_unsuccessful_ip'])) |
---|
164 | { |
---|
165 | $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip'] = $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']; // default same as for id |
---|
166 | $save_rep = True; |
---|
167 | } |
---|
168 | if (!isset($GLOBALS['phpgw_info']['server']['install_id'])) |
---|
169 | { |
---|
170 | $GLOBALS['phpgw_info']['server']['install_id'] = md5($GLOBALS['phpgw']->common->randomstring(15)); |
---|
171 | $save_rep = True; |
---|
172 | } |
---|
173 | if (!isset($GLOBALS['phpgw_info']['server']['sessions_timeout'])) |
---|
174 | { |
---|
175 | $GLOBALS['phpgw_info']['server']['sessions_timeout'] = 14400; |
---|
176 | $save_rep = True; |
---|
177 | } |
---|
178 | if (!isset($GLOBALS['phpgw_info']['server']['sessions_app_timeout'])) |
---|
179 | { |
---|
180 | $GLOBALS['phpgw_info']['server']['sessions_app_timeout'] = 86400; |
---|
181 | $save_rep = True; |
---|
182 | } |
---|
183 | if (!isset($GLOBALS['phpgw_info']['server']['max_history'])) |
---|
184 | { |
---|
185 | $GLOBALS['phpgw_info']['server']['max_history'] = 20; |
---|
186 | $save_rep = True; |
---|
187 | } |
---|
188 | |
---|
189 | // jakjr: ? usando o hardcode, para evitar sempre 2 chamadas ao banco. |
---|
190 | /* |
---|
191 | if ($save_rep) |
---|
192 | { |
---|
193 | $config = CreateObject('phpgwapi.config','phpgwapi'); |
---|
194 | $config->read_repository(); |
---|
195 | $config->value('max_access_log_age',$GLOBALS['phpgw_info']['server']['max_access_log_age']); |
---|
196 | $config->value('block_time',$GLOBALS['phpgw_info']['server']['block_time']); |
---|
197 | $config->value('num_unsuccessful_id',$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']); |
---|
198 | $config->value('num_unsuccessful_ip',$GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']); |
---|
199 | $config->value('install_id',$GLOBALS['phpgw_info']['server']['install_id']); |
---|
200 | $config->value('sessions_timeout',$GLOBALS['phpgw_info']['server']['sessions_timeout']); |
---|
201 | $config->value('sessions_app_timeout',$GLOBALS['phpgw_info']['server']['sessions_app_timeout']); |
---|
202 | $config->save_repository(); |
---|
203 | unset($config); |
---|
204 | }*/ |
---|
205 | } |
---|
206 | |
---|
207 | /** |
---|
208 | * Introspection for XML-RPC/SOAP |
---|
209 | * Diabled - why?? |
---|
210 | * |
---|
211 | * @param string $_type tpye of introspection being sought |
---|
212 | * @return array available methods and args |
---|
213 | */ |
---|
214 | function DONTlist_methods($_type) |
---|
215 | { |
---|
216 | if (is_array($_type)) |
---|
217 | { |
---|
218 | $_type = $_type['type']; |
---|
219 | } |
---|
220 | |
---|
221 | switch($_type) |
---|
222 | { |
---|
223 | case 'xmlrpc': |
---|
224 | $xml_functions = array( |
---|
225 | 'list_methods' => array( |
---|
226 | 'function' => 'list_methods', |
---|
227 | 'signature' => array(array(xmlrpcStruct,xmlrpcString)), |
---|
228 | 'docstring' => lang('Read this list of methods.') |
---|
229 | ), |
---|
230 | 'update_dla' => array( |
---|
231 | 'function' => 'update_dla', |
---|
232 | 'signature' => array(array(xmlrpcBoolean)), |
---|
233 | 'docstring' => lang('Returns an array of todo items') |
---|
234 | ) |
---|
235 | ); |
---|
236 | return $xml_functions; |
---|
237 | break; |
---|
238 | case 'soap': |
---|
239 | return $this->soap_functions; |
---|
240 | break; |
---|
241 | default: |
---|
242 | return array(); |
---|
243 | break; |
---|
244 | } |
---|
245 | } |
---|
246 | |
---|
247 | function split_login_domain($both,&$login,&$domain) |
---|
248 | { |
---|
249 | $parts = explode('@',$both); |
---|
250 | $domain = count($parts) > 1 ? array_pop($parts) : |
---|
251 | $GLOBALS['phpgw_info']['server']['default_domain']; |
---|
252 | $login = implode('@',$parts); |
---|
253 | } |
---|
254 | |
---|
255 | /** |
---|
256 | * Check to see if a session is still current and valid |
---|
257 | * |
---|
258 | * @param string $sessionid session id to be verfied |
---|
259 | * @param string $kp3 ?? to be verified |
---|
260 | * @return bool is the session valid? |
---|
261 | */ |
---|
262 | function verify($sessionid='',$kp3='') |
---|
263 | { |
---|
264 | if(empty($sessionid) || !$sessionid) |
---|
265 | { |
---|
266 | $sessionid = get_var('sessionid',array('GET','COOKIE')); |
---|
267 | $kp3 = get_var('kp3',array('GET','COOKIE')); |
---|
268 | } |
---|
269 | |
---|
270 | $this->sessionid = $sessionid; |
---|
271 | $this->kp3 = $kp3; |
---|
272 | |
---|
273 | $session = $this->read_session(); |
---|
274 | //echo "<pre>session::verify(id='$sessionid'): \n".print_r($session,True)."</pre>\n"; |
---|
275 | /* |
---|
276 | $fp = fopen('/tmp/session_verify','a+'); |
---|
277 | fwrite($fp,"session::verify(id='$sessionid'): \n".print_r($session,True)."\n\n"); |
---|
278 | fclose($fp); |
---|
279 | */ |
---|
280 | if ($session['session_dla'] <= (time() - $GLOBALS['phpgw_info']['server']['sessions_timeout'])) |
---|
281 | { |
---|
282 | $this->destroy($sessionid,$kp3); |
---|
283 | return False; |
---|
284 | } |
---|
285 | |
---|
286 | $this->session_flags = $session['session_flags']; |
---|
287 | |
---|
288 | sessions_::split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain); |
---|
289 | |
---|
290 | $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; |
---|
291 | |
---|
292 | $this->update_dla(); |
---|
293 | if (isset($_SESSION['phpgw_session']['account_id'])) |
---|
294 | $this->account_id = $_SESSION['phpgw_session']['account_id']; |
---|
295 | else |
---|
296 | $this->account_id = $GLOBALS['phpgw']->accounts->name2id($this->account_lid); |
---|
297 | if (!$this->account_id) |
---|
298 | { |
---|
299 | return False; |
---|
300 | } |
---|
301 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
302 | $_SESSION['phpgw_session']['account_id'] = $this->account_id; |
---|
303 | |
---|
304 | /* init the crypto object before appsession call below */ |
---|
305 | $this->key = md5($this->kp3 . $this->sessionid . @$GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
306 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
307 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
308 | |
---|
309 | $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); |
---|
310 | if (strlen($this->user['expires']) == 0) |
---|
311 | $this->user['expires'] = $_SESSION['phpgw_session']['expires_account']; |
---|
312 | if ($this->user['expires'] != -1 && $this->user['expires'] < time()) |
---|
313 | { |
---|
314 | if(is_object($GLOBALS['phpgw']->log)) |
---|
315 | { |
---|
316 | $GLOBALS['phpgw']->log->message(array( |
---|
317 | 'text' => 'W-VerifySession, account loginid %1 is expired', |
---|
318 | 'p1' => $this->account_lid, |
---|
319 | 'line' => __LINE__, |
---|
320 | 'file' => __FILE__ |
---|
321 | )); |
---|
322 | $GLOBALS['phpgw']->log->commit(); |
---|
323 | } |
---|
324 | return False; |
---|
325 | } |
---|
326 | $_SESSION['phpgw_session']['expires_account'] = $this->user['expires']; |
---|
327 | |
---|
328 | |
---|
329 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
330 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
331 | |
---|
332 | $GLOBALS['phpgw_info']['user']['session_ip'] = $session['session_ip']; |
---|
333 | $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); |
---|
334 | |
---|
335 | if ($this->account_domain != $GLOBALS['phpgw_info']['user']['domain']) |
---|
336 | { |
---|
337 | if(is_object($GLOBALS['phpgw']->log)) |
---|
338 | { |
---|
339 | $GLOBALS['phpgw']->log->message(array( |
---|
340 | 'text' => 'W-VerifySession, the domains %1 and %2 don\'t match', |
---|
341 | 'p1' => $userid_array[1], |
---|
342 | 'p2' => $GLOBALS['phpgw_info']['user']['domain'], |
---|
343 | 'line' => __LINE__, |
---|
344 | 'file' => __FILE__ |
---|
345 | )); |
---|
346 | $GLOBALS['phpgw']->log->commit(); |
---|
347 | } |
---|
348 | return False; |
---|
349 | } |
---|
350 | |
---|
351 | |
---|
352 | $GLOBALS['phpgw']->acl->acl($this->account_id); |
---|
353 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
354 | $GLOBALS['phpgw']->preferences->preferences($this->account_id); |
---|
355 | $GLOBALS['phpgw']->applications->applications($this->account_id); |
---|
356 | |
---|
357 | if (! $this->account_lid) |
---|
358 | { |
---|
359 | if(is_object($GLOBALS['phpgw']->log)) |
---|
360 | { |
---|
361 | // This needs some better wording |
---|
362 | $GLOBALS['phpgw']->log->message(array( |
---|
363 | 'text' => 'W-VerifySession, account_id is empty', |
---|
364 | 'line' => __LINE__, |
---|
365 | 'file' => __FILE__ |
---|
366 | )); |
---|
367 | $GLOBALS['phpgw']->log->commit(); |
---|
368 | } |
---|
369 | //echo 'DEBUG: Sessions: account_id is empty!<br>'."\n"; |
---|
370 | return False; |
---|
371 | } |
---|
372 | return True; |
---|
373 | } |
---|
374 | |
---|
375 | /** |
---|
376 | * Functions for creating and verifying the session |
---|
377 | */ |
---|
378 | |
---|
379 | /** |
---|
380 | * Get the ip address of current users |
---|
381 | * |
---|
382 | * @return string ip address |
---|
383 | */ |
---|
384 | function getuser_ip() |
---|
385 | { |
---|
386 | $ip = (isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR']."," : "").$_SERVER['REMOTE_ADDR']; |
---|
387 | if(strlen($ip)>30) { |
---|
388 | $ip_exploded = explode(",",$ip); |
---|
389 | $ip = ""; |
---|
390 | for($i=0;$i<2;$i++) |
---|
391 | $ip .= isset($ip_exploded[$i])?(($i==1?",":"").trim($ip_exploded[$i])):(""); |
---|
392 | if(strlen($ip)>30) |
---|
393 | $ip = $ip_exploded[0]; |
---|
394 | } |
---|
395 | |
---|
396 | return $ip; |
---|
397 | } |
---|
398 | |
---|
399 | /** |
---|
400 | * Set the domain used for cookies |
---|
401 | * |
---|
402 | * @return string domain |
---|
403 | */ |
---|
404 | function phpgw_set_cookiedomain() |
---|
405 | { |
---|
406 | // Use HTTP_X_FORWARDED_HOST if set, which is the case behind a none-transparent proxy |
---|
407 | //$this->cookie_domain = isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : $_SERVER['HTTP_HOST']; |
---|
408 | //Modificacao feita para que o Expresso redirecione para o primeiro proxy caso haja um encadeamento de mais de um proxy. |
---|
409 | $this->cookie_domain = nearest_to_me(); |
---|
410 | |
---|
411 | // remove port from HTTP_HOST |
---|
412 | if (preg_match("/^(.*):(.*)$/",$this->cookie_domain,$arr)) |
---|
413 | { |
---|
414 | $this->cookie_domain = $arr[1]; |
---|
415 | } |
---|
416 | if (count(explode('.',$this->cookie_domain)) <= 1) |
---|
417 | { |
---|
418 | // setcookie dont likes domains without dots, leaving it empty, gets setcookie to fill the domain in |
---|
419 | $this->cookie_domain = ''; |
---|
420 | } |
---|
421 | print_debug('COOKIE_DOMAIN',$this->cookie_domain,'api'); |
---|
422 | |
---|
423 | $this->set_cookie_params($this->cookie_domain); // for php4 sessions necessary |
---|
424 | } |
---|
425 | |
---|
426 | /** |
---|
427 | * Set a cookie |
---|
428 | * |
---|
429 | * @param string $cookiename name of cookie to be set |
---|
430 | * @param string $cookievalue value to be used, if unset cookie is cleared (optional) |
---|
431 | * @param int $cookietime when cookie should expire, 0 for session only (optional) |
---|
432 | */ |
---|
433 | function phpgw_setcookie($cookiename,$cookievalue='',$cookietime=0) |
---|
434 | { |
---|
435 | if (!$this->cookie_domain) |
---|
436 | { |
---|
437 | $this->phpgw_set_cookiedomain(); |
---|
438 | } |
---|
439 | setcookie($cookiename,$cookievalue,$cookietime,'/',$this->cookie_domain,null,true); |
---|
440 | } |
---|
441 | |
---|
442 | /** |
---|
443 | * Create a new session |
---|
444 | * |
---|
445 | * @param string $login user login |
---|
446 | * @param string $passwd user password |
---|
447 | * @param string $passwd_type type of password being used, ie plaintext, md5, sha1 |
---|
448 | * @return string session id |
---|
449 | */ |
---|
450 | function create($login,$passwd = '',$passwd_type = '') |
---|
451 | { |
---|
452 | if (is_array($login)) |
---|
453 | { |
---|
454 | $this->login = $login['login']; |
---|
455 | $this->passwd = $login['passwd']; |
---|
456 | $this->passwd_type = $login['passwd_type']; |
---|
457 | $login = $this->login; |
---|
458 | } |
---|
459 | else |
---|
460 | { |
---|
461 | $this->login = $login; |
---|
462 | $this->passwd = $passwd; |
---|
463 | $this->passwd_type = $passwd_type; |
---|
464 | } |
---|
465 | |
---|
466 | $this->clean_sessions(); |
---|
467 | //sessions_::split_login_domain($login,$this->account_lid,$this->account_domain); |
---|
468 | // jakjr: allow uid with (@); |
---|
469 | $this->account_lid = $login; |
---|
470 | $this->account_domain = 'default'; |
---|
471 | |
---|
472 | $now = time(); |
---|
473 | |
---|
474 | //echo "<p>session::create(login='$login'): lid='$this->account_lid', domain='$this->account_domain'</p>\n"; |
---|
475 | $user_ip = $this->getuser_ip(); |
---|
476 | |
---|
477 | $this->account_id = $GLOBALS['phpgw']->accounts->name2id($this->account_lid); |
---|
478 | |
---|
479 | if (($blocked = $this->login_blocked($login,$user_ip)) || // too many unsuccessful attempts |
---|
480 | $GLOBALS['phpgw_info']['server']['global_denied_users'][$this->account_lid] || |
---|
481 | !$GLOBALS['phpgw']->auth->authenticate($this->account_lid, $this->passwd, $this->passwd_type) || |
---|
482 | $this->account_id && $GLOBALS['phpgw']->accounts->get_type($this->account_id) == 'g') |
---|
483 | { |
---|
484 | $this->reason = $blocked ? 'blocked, too many attempts' : 'bad login or password'; |
---|
485 | $this->cd_reason = $blocked ? 99 : 5; |
---|
486 | |
---|
487 | $this->log_access($this->reason,$login,$user_ip,0); // log unsuccessfull login |
---|
488 | return False; |
---|
489 | } |
---|
490 | // Só verifica tempo de inatividade do usuário, caso esteja configurado no Administrador. |
---|
491 | if(isset($GLOBALS['phpgw_info']['server']['time_to_account_expires']) && |
---|
492 | $this->account_id !=null && $this->account_lid != "expresso-admin") { |
---|
493 | $last_access = $this->get_last_access_on_history($this->account_id); |
---|
494 | $this->read_repositories(False); |
---|
495 | if ($last_access && ($last_access+($GLOBALS['phpgw_info']['server']['time_to_account_expires']*86400) < time())) |
---|
496 | { |
---|
497 | if(is_object($GLOBALS['phpgw']->log)) |
---|
498 | { |
---|
499 | $GLOBALS['phpgw']->log->message(array( |
---|
500 | 'text' => 'W-LoginFailure, account loginid %1 is expired for innativity', |
---|
501 | 'p1' => $this->account_lid, |
---|
502 | 'line' => __LINE__, |
---|
503 | 'file' => __FILE__ |
---|
504 | )); |
---|
505 | $GLOBALS['phpgw']->log->commit(); |
---|
506 | } |
---|
507 | $this->reason = 'account is expired'; |
---|
508 | $this->cd_reason = 98; |
---|
509 | |
---|
510 | return False; |
---|
511 | } |
---|
512 | } |
---|
513 | |
---|
514 | /* jakjr: Expresso does not use auto-create account. |
---|
515 | if (!$this->account_id && $GLOBALS['phpgw_info']['server']['auto_create_acct'] == True) |
---|
516 | { |
---|
517 | $this->account_id = $GLOBALS['phpgw']->accounts->auto_add($this->account_lid, $passwd); |
---|
518 | } |
---|
519 | */ |
---|
520 | |
---|
521 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
522 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
523 | $this->sessionid = $this->new_session_id(); |
---|
524 | $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); |
---|
525 | |
---|
526 | if ($GLOBALS['phpgw_info']['server']['usecookies']) |
---|
527 | { |
---|
528 | $this->phpgw_setcookie('sessionid',$this->sessionid); |
---|
529 | $this->phpgw_setcookie('kp3',$this->kp3); |
---|
530 | $this->phpgw_setcookie('domain',$this->account_domain); |
---|
531 | } |
---|
532 | if ($GLOBALS['phpgw_info']['server']['usecookies'] || isset($_COOKIE['last_loginid'])) |
---|
533 | { |
---|
534 | $this->phpgw_setcookie('last_loginid', $this->account_lid ,$now+1209600); /* For 2 weeks */ |
---|
535 | $this->phpgw_setcookie('last_domain',$this->account_domain,$now+1209600); |
---|
536 | $this->phpgw_setcookie('last_organization',$_POST['organization'],$now+1209600); |
---|
537 | } |
---|
538 | unset($GLOBALS['phpgw_info']['server']['default_domain']); /* we kill this for security reasons */ |
---|
539 | |
---|
540 | /* init the crypto object */ |
---|
541 | $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
542 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
543 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
544 | |
---|
545 | $this->read_repositories(False); |
---|
546 | if ($this->user['expires'] != -1 && $this->user['expires'] < time()) |
---|
547 | { |
---|
548 | if(is_object($GLOBALS['phpgw']->log)) |
---|
549 | { |
---|
550 | $GLOBALS['phpgw']->log->message(array( |
---|
551 | 'text' => 'W-LoginFailure, account loginid %1 is expired', |
---|
552 | 'p1' => $this->account_lid, |
---|
553 | 'line' => __LINE__, |
---|
554 | 'file' => __FILE__ |
---|
555 | )); |
---|
556 | $GLOBALS['phpgw']->log->commit(); |
---|
557 | } |
---|
558 | $this->reason = 'account is expired'; |
---|
559 | $this->cd_reason = 98; |
---|
560 | |
---|
561 | return False; |
---|
562 | } |
---|
563 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
564 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
565 | |
---|
566 | $this->appsession('password','phpgwapi',base64_encode($this->passwd)); |
---|
567 | if ($GLOBALS['phpgw']->acl->check('anonymous',1,'phpgwapi')) |
---|
568 | { |
---|
569 | $session_flags = 'A'; |
---|
570 | } |
---|
571 | else |
---|
572 | { |
---|
573 | $session_flags = 'N'; |
---|
574 | } |
---|
575 | |
---|
576 | $GLOBALS['phpgw']->db->transaction_begin(); |
---|
577 | $this->register_session($login,$user_ip,$now,$session_flags); |
---|
578 | if ($session_flags != 'A') // dont log anonymous sessions |
---|
579 | { |
---|
580 | $this->log_access($this->sessionid,$login,$user_ip,$this->account_id); |
---|
581 | } |
---|
582 | $this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login); |
---|
583 | // Expresso |
---|
584 | //$GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip); |
---|
585 | $GLOBALS['phpgw']->db->transaction_commit(); |
---|
586 | |
---|
587 | //if (!$this->sessionid) echo "<p>session::create(login='$login') = '$this->sessionid': lid='$this->account_lid', domain='$this->account_domain'</p>\n"; |
---|
588 | |
---|
589 | return $this->sessionid; |
---|
590 | } |
---|
591 | |
---|
592 | /** |
---|
593 | * Retorna o UNIX DATE do ultimo acesso dessa conta, baseado na tabela de histórico. |
---|
594 | */ |
---|
595 | function get_last_access_on_history($account_id) { |
---|
596 | $GLOBALS['phpgw']->db->query("select li from phpgw_access_log where account_id='$account_id' order by li desc limit 1",__LINE__,__FILE__); |
---|
597 | if(!$GLOBALS['phpgw']->db->next_record()) |
---|
598 | return false; |
---|
599 | return $GLOBALS['phpgw']->db->f('li'); |
---|
600 | } |
---|
601 | |
---|
602 | /** |
---|
603 | * Write or update (for logout) the access_log |
---|
604 | * |
---|
605 | * @param string $sessionid id of session or 0 for unsuccessful logins |
---|
606 | * @param string $login account_lid (evtl. with domain) or '' for settion the logout-time |
---|
607 | * @param string $user_ip ip to log |
---|
608 | * @param int $account_id numerical account_id |
---|
609 | */ |
---|
610 | function log_access($sessionid,$login='',$user_ip='',$account_id='') |
---|
611 | { |
---|
612 | $now = time(); |
---|
613 | |
---|
614 | if ($login != '') |
---|
615 | { |
---|
616 | if (strlen($login) > 30) |
---|
617 | { |
---|
618 | $login = substr($login,0,30); |
---|
619 | } |
---|
620 | $GLOBALS['phpgw']->db->query('INSERT INTO phpgw_access_log(sessionid,loginid,ip,li,lo,account_id,browser)' |
---|
621 | . " VALUES ('" . $sessionid . "','" . $this->db->db_addslashes($login). "','" |
---|
622 | . $this->db->db_addslashes($user_ip) . "',$now,0," . (int)$account_id .",'".$this->db->db_addslashes(substr($_SERVER[ 'HTTP_USER_AGENT' ],0,199))."')",__LINE__,__FILE__); |
---|
623 | } |
---|
624 | else if($sessionid != 'bad login or password') |
---|
625 | { |
---|
626 | $GLOBALS['phpgw']->db->query("UPDATE phpgw_access_log SET lo=" . $now . " WHERE sessionid='" |
---|
627 | . $sessionid . "'",__LINE__,__FILE__); |
---|
628 | } |
---|
629 | |
---|
630 | /* jakjr: Clean phpgw_access_log with a crontab event. |
---|
631 | if ($GLOBALS['phpgw_info']['server']['max_access_log_age']) |
---|
632 | { |
---|
633 | $max_age = $now - $GLOBALS['phpgw_info']['server']['max_access_log_age'] * 24 * 60 * 60; |
---|
634 | |
---|
635 | $GLOBALS['phpgw']->db->query("DELETE FROM phpgw_access_log WHERE li < $max_age"); |
---|
636 | } |
---|
637 | */ |
---|
638 | } |
---|
639 | |
---|
640 | /** |
---|
641 | * Protect against brute force attacks, block login if too many unsuccessful login attmepts |
---|
642 | * |
---|
643 | * @param string $login account_lid (evtl. with domain) |
---|
644 | * @param string $ip ip of the user |
---|
645 | * @returns bool login blocked? |
---|
646 | */ |
---|
647 | function login_blocked($login,$ip) |
---|
648 | { |
---|
649 | /*jakjr: Disable this protection. When block an proxy server ip, all the sub-network will be blocking.*/ |
---|
650 | //return false; // |
---|
651 | |
---|
652 | $blocked = False; |
---|
653 | $block_time = time() - $GLOBALS['phpgw_info']['server']['block_time'] * 60; |
---|
654 | /* |
---|
655 | $ip = $this->db->db_addslashes($ip); |
---|
656 | $this->db->query("SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND ip='$ip' AND li > $block_time",__LINE__,__FILE__); |
---|
657 | $this->db->next_record(); |
---|
658 | if (($false_ip = $this->db->f(0)) > $GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']) |
---|
659 | { |
---|
660 | //echo "<p>login_blocked: ip='$ip' ".$this->db->f(0)." trys (".$GLOBALS['phpgw_info']['server']['num_unsuccessful_ip']." max.) since ".date('Y/m/d H:i',$block_time)."</p>\n"; |
---|
661 | $blocked = True; |
---|
662 | } |
---|
663 | */ |
---|
664 | $login = $this->db->db_addslashes($login); |
---|
665 | $this->db->query("SELECT count(*) FROM phpgw_access_log WHERE account_id=0 AND (loginid='$login' OR loginid LIKE '$login@%') AND li > $block_time",__LINE__,__FILE__); |
---|
666 | $this->db->next_record(); |
---|
667 | if (($false_id = $this->db->f(0)) > $GLOBALS['phpgw_info']['server']['num_unsuccessful_id']) |
---|
668 | { |
---|
669 | //echo "<p>login_blocked: login='$login' ".$this->db->f(0)." trys (".$GLOBALS['phpgw_info']['server']['num_unsuccessful_id']." max.) since ".date('Y/m/d H:i',$block_time)."</p>\n"; |
---|
670 | $blocked = True; |
---|
671 | } |
---|
672 | if ($blocked && $GLOBALS['phpgw_info']['server']['admin_mails'] && |
---|
673 | // max. one mail each 5mins |
---|
674 | $GLOBALS['phpgw_info']['server']['login_blocked_mail_time'] < time()-5*60) |
---|
675 | { |
---|
676 | // notify admin(s) via email |
---|
677 | $from = 'eGroupWare@'.$GLOBALS['phpgw_info']['server']['mail_suffix']; |
---|
678 | $subject = lang("eGroupWare: login blocked for user '%1', IP %2",$login,$ip); |
---|
679 | $body = lang("Too many unsucessful attempts to login: %1 for the user '%2', %3 for the IP %4",$false_id,$login,$false_ip,$ip); |
---|
680 | |
---|
681 | if(!is_object($GLOBALS['phpgw']->send)) |
---|
682 | { |
---|
683 | $GLOBALS['phpgw']->send = CreateObject('phpgwapi.send'); |
---|
684 | } |
---|
685 | $subject = $GLOBALS['phpgw']->send->encode_subject($subject); |
---|
686 | $admin_mails = explode(',',$GLOBALS['phpgw_info']['server']['admin_mails']); |
---|
687 | foreach($admin_mails as $to) |
---|
688 | { |
---|
689 | $GLOBALS['phpgw']->send->msg('email',$to,$subject,$body,'','','',$from,$from); |
---|
690 | } |
---|
691 | // save time of mail, to not send to many mails |
---|
692 | $config = CreateObject('phpgwapi.config','phpgwapi'); |
---|
693 | $config->read_repository(); |
---|
694 | $config->value('login_blocked_mail_time',time()); |
---|
695 | $config->save_repository(); |
---|
696 | } |
---|
697 | return $blocked; |
---|
698 | } |
---|
699 | |
---|
700 | /** |
---|
701 | * Verfy a peer server access request |
---|
702 | * |
---|
703 | * @param string $sessionid session id to verfiy |
---|
704 | * @param string $kp3 ?? |
---|
705 | * @return bool verfied? |
---|
706 | */ |
---|
707 | function verify_server($sessionid, $kp3) |
---|
708 | { |
---|
709 | $GLOBALS['phpgw']->interserver = CreateObject('phpgwapi.interserver'); |
---|
710 | $this->sessionid = $sessionid; |
---|
711 | $this->kp3 = $kp3; |
---|
712 | |
---|
713 | $session = $this->read_session(); |
---|
714 | $this->session_flags = $session['session_flags']; |
---|
715 | |
---|
716 | list($this->account_lid,$this->account_domain) = explode('@', $session['session_lid']); |
---|
717 | |
---|
718 | if ($this->account_domain == '') |
---|
719 | { |
---|
720 | $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; |
---|
721 | } |
---|
722 | |
---|
723 | $GLOBALS['phpgw_info']['user']['kp3'] = $this->kp3; |
---|
724 | $phpgw_info_flags = $GLOBALS['phpgw_info']['flags']; |
---|
725 | |
---|
726 | $GLOBALS['phpgw_info']['flags'] = $phpgw_info_flags; |
---|
727 | |
---|
728 | $this->update_dla(); |
---|
729 | $this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid); |
---|
730 | |
---|
731 | if (!$this->account_id) |
---|
732 | { |
---|
733 | return False; |
---|
734 | } |
---|
735 | |
---|
736 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
737 | |
---|
738 | $this->read_repositories(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info']); |
---|
739 | |
---|
740 | /* init the crypto object before appsession call below */ |
---|
741 | $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
742 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
743 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
744 | |
---|
745 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
746 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
747 | |
---|
748 | $GLOBALS['phpgw_info']['user']['session_ip'] = $session['session_ip']; |
---|
749 | $GLOBALS['phpgw_info']['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); |
---|
750 | |
---|
751 | if ($userid_array[1] != $GLOBALS['phpgw_info']['user']['domain']) |
---|
752 | { |
---|
753 | if(is_object($GLOBALS['phpgw']->log)) |
---|
754 | { |
---|
755 | $GLOBALS['phpgw']->log->message(array( |
---|
756 | 'text' => 'W-VerifySession, the domains %1 and %2 don\t match', |
---|
757 | 'p1' => $userid_array[1], |
---|
758 | 'p2' => $GLOBALS['phpgw_info']['user']['domain'], |
---|
759 | 'line' => __LINE__, |
---|
760 | 'file' => __FILE__ |
---|
761 | )); |
---|
762 | $GLOBALS['phpgw']->log->commit(); |
---|
763 | } |
---|
764 | |
---|
765 | if(is_object($GLOBALS['phpgw']->crypto)) |
---|
766 | { |
---|
767 | $GLOBALS['phpgw']->crypto->cleanup(); |
---|
768 | unset($GLOBALS['phpgw']->crypto); |
---|
769 | } |
---|
770 | return False; |
---|
771 | } |
---|
772 | |
---|
773 | if(@$GLOBALS['phpgw_info']['server']['sessions_checkip']) |
---|
774 | { |
---|
775 | if((PHP_OS != 'Windows') && (PHP_OS != 'WINNT') && |
---|
776 | (!$GLOBALS['phpgw_info']['user']['session_ip'] || $GLOBALS['phpgw_info']['user']['session_ip'] != $this->getuser_ip()) |
---|
777 | ) |
---|
778 | { |
---|
779 | if(is_object($GLOBALS['phpgw']->log)) |
---|
780 | { |
---|
781 | // This needs some better wording |
---|
782 | $GLOBALS['phpgw']->log->message(array( |
---|
783 | 'text' => 'W-VerifySession, IP %1 doesn\'t match IP %2 in session table', |
---|
784 | 'p1' => $this->getuser_ip(), |
---|
785 | 'p2' => $GLOBALS['phpgw_info']['user']['session_ip'], |
---|
786 | 'line' => __LINE__, |
---|
787 | 'file' => __FILE__ |
---|
788 | )); |
---|
789 | $GLOBALS['phpgw']->log->commit(); |
---|
790 | } |
---|
791 | |
---|
792 | if(is_object($GLOBALS['phpgw']->crypto)) |
---|
793 | { |
---|
794 | $GLOBALS['phpgw']->crypto->cleanup(); |
---|
795 | unset($GLOBALS['phpgw']->crypto); |
---|
796 | } |
---|
797 | return False; |
---|
798 | } |
---|
799 | } |
---|
800 | |
---|
801 | $GLOBALS['phpgw']->acl->acl($this->account_id); |
---|
802 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
803 | $GLOBALS['phpgw']->preferences->preferences($this->account_id); |
---|
804 | $GLOBALS['phpgw']->applications->applications($this->account_id); |
---|
805 | |
---|
806 | if (! $this->account_lid) |
---|
807 | { |
---|
808 | if(is_object($GLOBALS['phpgw']->log)) |
---|
809 | { |
---|
810 | // This needs some better wording |
---|
811 | $GLOBALS['phpgw']->log->message(array( |
---|
812 | 'text' => 'W-VerifySession, account_id is empty', |
---|
813 | 'line' => __LINE__, |
---|
814 | 'file' => __FILE__ |
---|
815 | )); |
---|
816 | $GLOBALS['phpgw']->log->commit(); |
---|
817 | } |
---|
818 | |
---|
819 | if(is_object($GLOBALS['phpgw']->crypto)) |
---|
820 | { |
---|
821 | $GLOBALS['phpgw']->crypto->cleanup(); |
---|
822 | unset($GLOBALS['phpgw']->crypto); |
---|
823 | } |
---|
824 | return False; |
---|
825 | } |
---|
826 | else |
---|
827 | { |
---|
828 | return True; |
---|
829 | } |
---|
830 | } |
---|
831 | |
---|
832 | /** |
---|
833 | * Validate a peer server login request |
---|
834 | * |
---|
835 | * @param string $login login name |
---|
836 | * @param string $password password |
---|
837 | * @return bool login ok? |
---|
838 | */ |
---|
839 | function create_server($login,$passwd) |
---|
840 | { |
---|
841 | $GLOBALS['phpgw']->interserver = CreateObject('phpgwapi.interserver'); |
---|
842 | $this->login = $login; |
---|
843 | $this->passwd = $passwd; |
---|
844 | $this->clean_sessions(); |
---|
845 | $login_array = explode('@', $login); |
---|
846 | $this->account_lid = $login_array[0]; |
---|
847 | $now = time(); |
---|
848 | |
---|
849 | if ($login_array[1] != '') |
---|
850 | { |
---|
851 | $this->account_domain = $login_array[1]; |
---|
852 | } |
---|
853 | else |
---|
854 | { |
---|
855 | $this->account_domain = $GLOBALS['phpgw_info']['server']['default_domain']; |
---|
856 | } |
---|
857 | |
---|
858 | $serverdata = array( |
---|
859 | 'server_name' => $this->account_domain, |
---|
860 | 'username' => $this->account_lid, |
---|
861 | 'password' => $passwd |
---|
862 | ); |
---|
863 | if (!$GLOBALS['phpgw']->interserver->auth($serverdata)) |
---|
864 | { |
---|
865 | return False; |
---|
866 | exit; |
---|
867 | } |
---|
868 | |
---|
869 | if (!$GLOBALS['phpgw']->interserver->exists($this->account_lid)) |
---|
870 | { |
---|
871 | $this->account_id = $GLOBALS['phpgw']->interserver->name2id($this->account_lid); |
---|
872 | } |
---|
873 | $GLOBALS['phpgw_info']['user']['account_id'] = $this->account_id; |
---|
874 | $GLOBALS['phpgw']->interserver->serverid = $this->account_id; |
---|
875 | |
---|
876 | $this->sessionid = md5($GLOBALS['phpgw']->common->randomstring(10)); |
---|
877 | $this->kp3 = md5($GLOBALS['phpgw']->common->randomstring(15)); |
---|
878 | |
---|
879 | /* re-init the crypto object */ |
---|
880 | $this->key = md5($this->kp3 . $this->sessionid . $GLOBALS['phpgw_info']['server']['encryptkey']); |
---|
881 | $this->iv = $GLOBALS['phpgw_info']['server']['mcrypt_iv']; |
---|
882 | $GLOBALS['phpgw']->crypto->init(array($this->key,$this->iv)); |
---|
883 | |
---|
884 | //$this->read_repositories(False); |
---|
885 | |
---|
886 | $GLOBALS['phpgw_info']['user'] = $this->user; |
---|
887 | $GLOBALS['phpgw_info']['hooks'] = $this->hooks; |
---|
888 | |
---|
889 | $this->appsession('password','phpgwapi',base64_encode($this->passwd)); |
---|
890 | $session_flags = 'S'; |
---|
891 | |
---|
892 | $user_ip = $this->getuser_ip(); |
---|
893 | |
---|
894 | $GLOBALS['phpgw']->db->transaction_begin(); |
---|
895 | $this->register_session($login,$user_ip,$now,$session_flags); |
---|
896 | |
---|
897 | $this->log_access($this->sessionid,$login,$user_ip,$this->account_id); |
---|
898 | |
---|
899 | $this->appsession('account_previous_login','phpgwapi',$GLOBALS['phpgw']->auth->previous_login); |
---|
900 | $GLOBALS['phpgw']->auth->update_lastlogin($this->account_id,$user_ip); |
---|
901 | $GLOBALS['phpgw']->db->transaction_commit(); |
---|
902 | |
---|
903 | return array($this->sessionid,$this->kp3); |
---|
904 | } |
---|
905 | |
---|
906 | /** |
---|
907 | * Functions for appsession data and session cache |
---|
908 | */ |
---|
909 | |
---|
910 | /** |
---|
911 | * Is this also useless?? (skwashd) |
---|
912 | */ |
---|
913 | function read_repositories($cached='',$write_cache=True) |
---|
914 | { |
---|
915 | $GLOBALS['phpgw']->acl->acl($this->account_id); |
---|
916 | $GLOBALS['phpgw']->accounts->accounts($this->account_id); |
---|
917 | $GLOBALS['phpgw']->preferences->preferences($this->account_id); |
---|
918 | $GLOBALS['phpgw']->applications->applications($this->account_id); |
---|
919 | |
---|
920 | if(@$cached) |
---|
921 | { |
---|
922 | $this->user = $this->appsession('phpgw_info_cache','phpgwapi'); |
---|
923 | if(!empty($this->user)) |
---|
924 | { |
---|
925 | $GLOBALS['phpgw']->preferences->data = $this->user['preferences']; |
---|
926 | if (!isset($GLOBALS['phpgw_info']['apps']) || !is_array($GLOBALS['phpgw_info']['apps'])) |
---|
927 | { |
---|
928 | $GLOBALS['phpgw']->applications->read_installed_apps(); |
---|
929 | } |
---|
930 | } |
---|
931 | else |
---|
932 | { |
---|
933 | $this->setup_cache($write_cache); |
---|
934 | } |
---|
935 | } |
---|
936 | else |
---|
937 | { |
---|
938 | $this->setup_cache($write_cache); |
---|
939 | } |
---|
940 | $this->hooks = $GLOBALS['phpgw']->hooks->read(); |
---|
941 | } |
---|
942 | |
---|
943 | /** |
---|
944 | * Is this also useless?? (skwashd) |
---|
945 | */ |
---|
946 | function setup_cache($write_cache=True) |
---|
947 | { |
---|
948 | $this->user = $GLOBALS['phpgw']->accounts->read_repository(); |
---|
949 | $this->user['acl'] = $GLOBALS['phpgw']->acl->read_repository(); |
---|
950 | $this->user['preferences'] = $GLOBALS['phpgw']->preferences->read_repository(); |
---|
951 | $this->user['apps'] = $GLOBALS['phpgw']->applications->read_repository(); |
---|
952 | //@reset($this->data['user']['apps']); |
---|
953 | |
---|
954 | $this->user['domain'] = $this->account_domain; |
---|
955 | $this->user['sessionid'] = $this->sessionid; |
---|
956 | $this->user['kp3'] = $this->kp3; |
---|
957 | $this->user['session_ip'] = $this->getuser_ip(); |
---|
958 | $this->user['session_lid'] = $this->account_lid.'@'.$this->account_domain; |
---|
959 | $this->user['account_id'] = $this->account_id; |
---|
960 | $this->user['account_lid'] = $this->account_lid; |
---|
961 | $this->user['userid'] = $this->account_lid; |
---|
962 | $this->user['passwd'] = @$this->passwd; |
---|
963 | if(@$GLOBALS['phpgw_info']['server']['cache_phpgw_info'] && $write_cache) |
---|
964 | { |
---|
965 | $this->delete_cache(); |
---|
966 | $this->appsession('phpgw_info_cache','phpgwapi',$this->user); |
---|
967 | } |
---|
968 | } |
---|
969 | |
---|
970 | /** |
---|
971 | * This looks to be useless |
---|
972 | * This will capture everything in the $GLOBALS['phpgw_info'] including server info, |
---|
973 | * and store it in appsessions. This is really incompatible with any type of restoring |
---|
974 | * from appsession as the saved user info is really in ['user'] rather than the root of |
---|
975 | * the structure, which is what this class likes. |
---|
976 | */ |
---|
977 | function save_repositories() |
---|
978 | { |
---|
979 | $phpgw_info_temp = $GLOBALS['phpgw_info']; |
---|
980 | $phpgw_info_temp['user']['kp3'] = ''; |
---|
981 | $phpgw_info_temp['flags'] = array(); |
---|
982 | |
---|
983 | if ($GLOBALS['phpgw_info']['server']['cache_phpgw_info']) |
---|
984 | { |
---|
985 | $this->appsession('phpgw_info_cache','phpgwapi',$phpgw_info_temp); |
---|
986 | } |
---|
987 | } |
---|
988 | |
---|
989 | function restore() |
---|
990 | { |
---|
991 | $sessionData = $this->appsession('sessiondata'); |
---|
992 | |
---|
993 | if (!empty($sessionData) && is_array($sessionData)) |
---|
994 | { |
---|
995 | foreach($sessionData as $key => $value) |
---|
996 | { |
---|
997 | global $$key; |
---|
998 | $$key = $value; |
---|
999 | $this->variableNames[$key] = 'registered'; |
---|
1000 | // echo 'restored: '.$key.', ' . $value . '<br>'; |
---|
1001 | } |
---|
1002 | } |
---|
1003 | } |
---|
1004 | |
---|
1005 | /** |
---|
1006 | * Save the current values of all registered variables |
---|
1007 | */ |
---|
1008 | function save() |
---|
1009 | { |
---|
1010 | if (is_array($this->variableNames)) |
---|
1011 | { |
---|
1012 | reset($this->variableNames); |
---|
1013 | while(list($key, $value) = each($this->variableNames)) |
---|
1014 | { |
---|
1015 | if ($value == 'registered') |
---|
1016 | { |
---|
1017 | global $$key; |
---|
1018 | $sessionData[$key] = $$key; |
---|
1019 | } |
---|
1020 | } |
---|
1021 | $this->appsession('sessiondata','',$sessionData); |
---|
1022 | } |
---|
1023 | } |
---|
1024 | |
---|
1025 | /** |
---|
1026 | * Create a list a variable names, which data needs to be restored |
---|
1027 | * |
---|
1028 | * @param string $_variableName name of variable to be registered |
---|
1029 | */ |
---|
1030 | function register($_variableName) |
---|
1031 | { |
---|
1032 | $this->variableNames[$_variableName]='registered'; |
---|
1033 | #print 'registered '.$_variableName.'<br>'; |
---|
1034 | } |
---|
1035 | |
---|
1036 | /** |
---|
1037 | * Mark variable as unregistered |
---|
1038 | * |
---|
1039 | * @param string $_variableName name of variable to deregister |
---|
1040 | */ |
---|
1041 | function unregister($_variableName) |
---|
1042 | { |
---|
1043 | $this->variableNames[$_variableName]='unregistered'; |
---|
1044 | #print 'unregistered '.$_variableName.'<br>'; |
---|
1045 | } |
---|
1046 | |
---|
1047 | /** |
---|
1048 | * Check if we have a variable registred already |
---|
1049 | * |
---|
1050 | * @param string $_variableName name of variable to check |
---|
1051 | * @return bool was the variable found? |
---|
1052 | */ |
---|
1053 | function is_registered($_variableName) |
---|
1054 | { |
---|
1055 | if ($this->variableNames[$_variableName] == 'registered') |
---|
1056 | { |
---|
1057 | return True; |
---|
1058 | } |
---|
1059 | else |
---|
1060 | { |
---|
1061 | return False; |
---|
1062 | } |
---|
1063 | } |
---|
1064 | /** |
---|
1065 | * Additional tracking of user actions - prevents reposts/use of back button |
---|
1066 | * |
---|
1067 | * @author skwashd |
---|
1068 | * @return string current history id |
---|
1069 | */ |
---|
1070 | function generate_click_history() |
---|
1071 | { |
---|
1072 | if(!isset($this->history_id)) |
---|
1073 | { |
---|
1074 | $this->history_id = md5($this->login . time()); |
---|
1075 | $history = $this->appsession($location = 'history', $appname = 'phpgwapi'); |
---|
1076 | |
---|
1077 | if(count($history) >= $GLOBALS['phpgw_info']['server']['max_history']) |
---|
1078 | { |
---|
1079 | array_shift($history); |
---|
1080 | $this->appsession($location = 'history', $appname = 'phpgwapi', $history); |
---|
1081 | } |
---|
1082 | } |
---|
1083 | return $this->history_id; |
---|
1084 | } |
---|
1085 | |
---|
1086 | /** |
---|
1087 | * Detects if the page has already been called before - good for forms |
---|
1088 | * |
---|
1089 | * @author skwashd |
---|
1090 | * @param bool $diplay_error when implemented will use the generic error handling code |
---|
1091 | * @return True if called previously, else False - call ok |
---|
1092 | */ |
---|
1093 | function is_repost($display_error = False) |
---|
1094 | { |
---|
1095 | $history = $this->appsession($location = 'history', $appname = 'phpgwapi'); |
---|
1096 | if(isset($history[$_GET['click_history']])) |
---|
1097 | { |
---|
1098 | if($display_error) |
---|
1099 | { |
---|
1100 | $GLOBALS['phpgw']->redirect_link('/error.php', 'type=repost');//more on this later :) |
---|
1101 | } |
---|
1102 | else |
---|
1103 | { |
---|
1104 | return True; //handled by the app |
---|
1105 | } |
---|
1106 | } |
---|
1107 | else |
---|
1108 | { |
---|
1109 | $history[$_GET['click_history']] = True; |
---|
1110 | $this->appsession($location = 'history', $appname = 'phpgwapi', $history); |
---|
1111 | return False; |
---|
1112 | } |
---|
1113 | } |
---|
1114 | |
---|
1115 | /** |
---|
1116 | * Generate a url which supports url or cookies based sessions |
---|
1117 | * |
---|
1118 | * @param string $url a url relative to the egroupware install root |
---|
1119 | * @param array $extravars query string arguements |
---|
1120 | * @return string generated url |
---|
1121 | */ |
---|
1122 | function link($url, $extravars = '') |
---|
1123 | { |
---|
1124 | //echo "<p>session::link(url='".print_r($url,True)."',extravars='".print_r($extravars,True)."')"; |
---|
1125 | /* first we process the $url to build the full scriptname */ |
---|
1126 | $full_scriptname = True; |
---|
1127 | |
---|
1128 | $url_firstchar = substr($url ,0,1); |
---|
1129 | if ($url_firstchar == '/' && $GLOBALS['phpgw_info']['server']['webserver_url'] == '/') |
---|
1130 | { |
---|
1131 | $full_scriptname = False; |
---|
1132 | } |
---|
1133 | |
---|
1134 | if ($url_firstchar != '/') |
---|
1135 | { |
---|
1136 | $app = $GLOBALS['phpgw_info']['flags']['currentapp']; |
---|
1137 | if ($app != 'home' && $app != 'login' && $app != 'logout') |
---|
1138 | { |
---|
1139 | $url = $app.'/'.$url; |
---|
1140 | } |
---|
1141 | } |
---|
1142 | |
---|
1143 | if($full_scriptname) |
---|
1144 | { |
---|
1145 | $webserver_url_count = strlen($GLOBALS['phpgw_info']['server']['webserver_url'])-1; |
---|
1146 | if(substr($GLOBALS['phpgw_info']['server']['webserver_url'] ,$webserver_url_count,1) != '/' && $url_firstchar != '/') |
---|
1147 | { |
---|
1148 | $url = $GLOBALS['phpgw_info']['server']['webserver_url'] .'/'. $url; |
---|
1149 | } |
---|
1150 | else |
---|
1151 | { |
---|
1152 | $url = $GLOBALS['phpgw_info']['server']['webserver_url'] . $url; |
---|
1153 | } |
---|
1154 | } |
---|
1155 | |
---|
1156 | if(@isset($GLOBALS['phpgw_info']['server']['enforce_ssl']) && $GLOBALS['phpgw_info']['server']['enforce_ssl']) // && !$_SERVER['HTTPS']) imho https should always be a full path - skwashd |
---|
1157 | { |
---|
1158 | if(substr($url ,0,4) != 'http') |
---|
1159 | { |
---|
1160 | $url = 'https://'.$GLOBALS['phpgw_info']['server']['hostname'].$url; |
---|
1161 | } |
---|
1162 | else |
---|
1163 | { |
---|
1164 | $url = str_replace ( 'http:', 'https:', $url); |
---|
1165 | } |
---|
1166 | } |
---|
1167 | |
---|
1168 | /* Now we process the extravars into a proper url format */ |
---|
1169 | /* if its not an array, then we turn it into one */ |
---|
1170 | /* We do this to help prevent any duplicates from being sent. */ |
---|
1171 | if (!is_array($extravars) && $extravars != '') |
---|
1172 | { |
---|
1173 | $new_extravars = Array(); |
---|
1174 | |
---|
1175 | $a = explode('&', $extravars); |
---|
1176 | $i = 0; |
---|
1177 | while ($i < count($a)) |
---|
1178 | { |
---|
1179 | $b = preg_split('/=/', $a[$i],2); |
---|
1180 | // Check if this value doesn't already exist in new_extravars |
---|
1181 | if(array_key_exists($b[0], $new_extravars)) |
---|
1182 | { |
---|
1183 | // print "Debug::Error !!! " . $b[0] . " ($i) already exists<br>"; |
---|
1184 | if( preg_match('/\[\]/i', $b[0]) ) |
---|
1185 | { |
---|
1186 | $b[0] = eregi_replace("\[\]", "[$i]", $b[0]); |
---|
1187 | } |
---|
1188 | } |
---|
1189 | |
---|
1190 | $new_extravars[$b[0]] = $b[1]; |
---|
1191 | $i++; |
---|
1192 | } |
---|
1193 | $extravars = $new_extravars; |
---|
1194 | unset($new_extravars); |
---|
1195 | } |
---|
1196 | |
---|
1197 | /* if using frames we make sure there is a framepart */ |
---|
1198 | if(@defined('PHPGW_USE_FRAMES') && PHPGW_USE_FRAMES) |
---|
1199 | { |
---|
1200 | if (!isset($extravars['framepart'])) |
---|
1201 | { |
---|
1202 | $extravars['framepart']='body'; |
---|
1203 | } |
---|
1204 | } |
---|
1205 | |
---|
1206 | /* add session params if not using cookies */ |
---|
1207 | if (@!$GLOBALS['phpgw_info']['server']['usecookies']) |
---|
1208 | { |
---|
1209 | $extravars['sessionid'] = $this->sessionid; |
---|
1210 | $extravars['kp3'] = $this->kp3; |
---|
1211 | $extravars['domain'] = $this->account_domain; |
---|
1212 | } |
---|
1213 | |
---|
1214 | //used for repost prevention |
---|
1215 | // $extravars['click_history'] = $this->generate_click_history(); |
---|
1216 | |
---|
1217 | /* if we end up with any extravars then we generate the url friendly string */ |
---|
1218 | if (is_array($extravars)) |
---|
1219 | { |
---|
1220 | $new_extravars = ''; |
---|
1221 | foreach($extravars as $key => $value) |
---|
1222 | { |
---|
1223 | if (!empty($new_extravars)) |
---|
1224 | { |
---|
1225 | $new_extravars .= '&'; |
---|
1226 | } |
---|
1227 | $new_extravars .= $key.'='.urlencode($value); |
---|
1228 | } |
---|
1229 | $url .= '?' . $new_extravars; |
---|
1230 | } |
---|
1231 | //echo " = '$url'</p>\n"; |
---|
1232 | return $url; |
---|
1233 | } |
---|
1234 | |
---|
1235 | /** |
---|
1236 | * The remaining methods are abstract - as they are unique for each session handler |
---|
1237 | */ |
---|
1238 | |
---|
1239 | /** |
---|
1240 | * Load user's session information |
---|
1241 | * |
---|
1242 | * The sessionid of the session to read is passed in the class-var $this->sessionid |
---|
1243 | * |
---|
1244 | * @return mixed the session data |
---|
1245 | */ |
---|
1246 | function read_session() |
---|
1247 | {} |
---|
1248 | |
---|
1249 | /** |
---|
1250 | * Remove stale sessions out of the database |
---|
1251 | */ |
---|
1252 | function clean_sessions() |
---|
1253 | {} |
---|
1254 | |
---|
1255 | /** |
---|
1256 | * Set paramaters for cookies - only implemented in PHP4 sessions |
---|
1257 | * |
---|
1258 | * @param string $domain domain name to use in cookie |
---|
1259 | */ |
---|
1260 | |
---|
1261 | function set_cookie_params($domain) |
---|
1262 | {} |
---|
1263 | |
---|
1264 | /** |
---|
1265 | * Create a new session id |
---|
1266 | * |
---|
1267 | * @return string a new session id |
---|
1268 | */ |
---|
1269 | function new_session_id() |
---|
1270 | {} |
---|
1271 | |
---|
1272 | /** |
---|
1273 | * Create a new session |
---|
1274 | * |
---|
1275 | * @param string $login user login |
---|
1276 | * @param string $user_ip users ip address |
---|
1277 | * @param int $now time now as a unix timestamp |
---|
1278 | * @param string $session_flags A = Anonymous, N = Normal |
---|
1279 | */ |
---|
1280 | function register_session($login,$user_ip,$now,$session_flags) |
---|
1281 | {} |
---|
1282 | |
---|
1283 | /** |
---|
1284 | * Update the date last active info for the session, so the login does not expire |
---|
1285 | * |
---|
1286 | * @return bool did it suceed? |
---|
1287 | */ |
---|
1288 | function update_dla() |
---|
1289 | {} |
---|
1290 | |
---|
1291 | /** |
---|
1292 | * Terminate a session |
---|
1293 | * |
---|
1294 | * @param string $sessionid the id of the session to be terminated |
---|
1295 | * @param string $kp3 - NOT SURE |
---|
1296 | * @return bool did it suceed? |
---|
1297 | */ |
---|
1298 | function destroy($sessionid, $kp3) |
---|
1299 | {} |
---|
1300 | |
---|
1301 | /** |
---|
1302 | * Functions for appsession data and session cache |
---|
1303 | */ |
---|
1304 | |
---|
1305 | /** |
---|
1306 | * Delete all data from the session cache for a user |
---|
1307 | * |
---|
1308 | * @param int $accountid user account id, defaults to current user (optional) |
---|
1309 | */ |
---|
1310 | function delete_cache($accountid='') |
---|
1311 | {} |
---|
1312 | |
---|
1313 | /** |
---|
1314 | * Stores or retrieves information from the sessions cache |
---|
1315 | * |
---|
1316 | * @param string $location identifier for data |
---|
1317 | * @param string $appname name of app which is responsbile for the data |
---|
1318 | * @param mixed $data data to be stored, if left blank data is retreived (optional) |
---|
1319 | * @return mixed data from cache, only returned if $data arg is not used |
---|
1320 | */ |
---|
1321 | function appsession($location = 'default', $appname = '', $data = '##NOTHING##') |
---|
1322 | {} |
---|
1323 | |
---|
1324 | /** |
---|
1325 | * Get list of normal / non-anonymous sessions |
---|
1326 | * Note: The data from the session-files get cached in the app_session phpgwapi/php4_session_cache |
---|
1327 | * |
---|
1328 | * @author ralfbecker |
---|
1329 | * @param int $start session to start at |
---|
1330 | * @param string $order field to sort on |
---|
1331 | * @param string $sort sort order |
---|
1332 | * @param bool $all_no_sort list all with out sorting (optional) default False |
---|
1333 | * @return array info for all current sessions |
---|
1334 | */ |
---|
1335 | function list_sessions($start,$order,$sort,$all_no_sort = False) |
---|
1336 | {} |
---|
1337 | |
---|
1338 | /** |
---|
1339 | * Get the number of normal / non-anonymous sessions |
---|
1340 | * |
---|
1341 | * @author ralfbecker |
---|
1342 | * @return int number of sessions |
---|
1343 | */ |
---|
1344 | function total() |
---|
1345 | {} |
---|
1346 | } |
---|
1347 | |
---|
1348 | if(empty($GLOBALS['phpgw_info']['server']['sessions_type'])) |
---|
1349 | { |
---|
1350 | $GLOBALS['phpgw_info']['server']['sessions_type'] = 'php4'; // the more performant default |
---|
1351 | } |
---|
1352 | // for php4 sessions, check if the extension is loaded, try loading it and fallback to db sessions if not |
---|
1353 | if ($GLOBALS['phpgw_info']['server']['sessions_type'] == 'php4' && !extension_loaded('session')) |
---|
1354 | { |
---|
1355 | // some constanst for pre php4.3 |
---|
1356 | if (!defined('PHP_SHLIB_SUFFIX')) |
---|
1357 | { |
---|
1358 | define('PHP_SHLIB_SUFFIX',strtoupper(substr(PHP_OS, 0,3)) == 'WIN' ? 'dll' : 'so'); |
---|
1359 | } |
---|
1360 | if (!defined('PHP_SHLIB_PREFIX')) |
---|
1361 | { |
---|
1362 | define('PHP_SHLIB_PREFIX',PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : ''); |
---|
1363 | } |
---|
1364 | if (!function_exists('dl') || !@dl(PHP_SHLIB_PREFIX.'session'.'.'.PHP_SHLIB_SUFFIX)) |
---|
1365 | { |
---|
1366 | $GLOBALS['phpgw_info']['server']['sessions_type'] = 'db'; // fallback if we have no php4 sessions support |
---|
1367 | } |
---|
1368 | } |
---|
1369 | include_once(PHPGW_API_INC.'/class.sessions_'.$GLOBALS['phpgw_info']['server']['sessions_type'].'.inc.php'); |
---|