()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;'; if (isset($_SERVER['HTTPS']) and ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1) or isset($_SERVER['HTTP_X_FORWARDED_PROTO']) and $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $SITE_PROTOCOL = 'https://'; } else { $SITE_PROTOCOL = 'http://'; } include ("config.inc.php"); # get local settings include ("modules.inc.php"); # module definitions if (substr($SERVER_PATH, -1) != "/") { $SERVER_PATH .= "/"; } $THIS_MODULE_PATH="${SERVER_PATH}${THIS_MODULE}"; $DEFAULT_COOKIE_OPTIONS = array( 'expires' => time()+(60 * $SESSION_TIMEOUT), 'path' => $SERVER_PATH, 'domain' => '', 'secure' => $NO_HTTPS ? FALSE : TRUE, 'samesite' => 'strict' ); validate_passkey_cookie(); if ($REMOTE_HTTP_HEADERS_LOGIN) { login_via_headers(); } else { validate_passkey_cookie(); } ###################################################### function generate_passkey() { $rnd1 = mt_rand(10000000, mt_getrandmax()); $rnd2 = mt_rand(10000000, mt_getrandmax()); $rnd3 = mt_rand(10000000, mt_getrandmax()); return sprintf("%0x",$rnd1) . sprintf("%0x",$rnd2) . sprintf("%0x",$rnd3); } ###################################################### function set_passkey_cookie($user_id,$is_admin) { # Create a random value, store it locally and set it in a cookie. global $SESSION_TIMEOUT, $VALIDATED, $USER_ID, $IS_ADMIN, $log_prefix, $SESSION_DEBUG, $DEFAULT_COOKIE_OPTIONS; $passkey = generate_passkey(); $this_time=time(); $admin_val = 0; if ($is_admin == TRUE ) { $admin_val = 1; $IS_ADMIN = TRUE; } $filename = preg_replace('/[^a-zA-Z0-9]/','_', $user_id); @ file_put_contents("/tmp/$filename","$passkey:$admin_val:$this_time"); setcookie('orf_cookie', "$user_id:$passkey", $DEFAULT_COOKIE_OPTIONS); $sessto_cookie_opts = $DEFAULT_COOKIE_OPTIONS; $sessto_cookie_opts['expires'] = $this_time+7200; setcookie('sessto_cookie', $this_time+(60 * $SESSION_TIMEOUT), $sessto_cookie_opts); if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: user $user_id validated (IS_ADMIN=${IS_ADMIN}), sent orf_cookie to the browser.",0); } $VALIDATED = TRUE; } ###################################################### function login_via_headers() { global $IS_ADMIN, $USER_ID, $VALIDATED, $LDAP; //['admins_group']; $USER_ID = $_SERVER['HTTP_REMOTE_USER']; $remote_groups = explode(',',$_SERVER['HTTP_REMOTE_GROUPS']); $IS_ADMIN = in_array($LDAP['admins_group'],$remote_groups); // users are always validated as we assume, that the auth server does this $VALIDATED = true; } ###################################################### function validate_passkey_cookie() { global $SESSION_TIMEOUT, $IS_ADMIN, $USER_ID, $VALIDATED, $log_prefix, $SESSION_TIMED_OUT, $SESSION_DEBUG; $this_time=time(); if (isset($_COOKIE['orf_cookie'])) { list($user_id,$c_passkey) = explode(":",$_COOKIE['orf_cookie']); $filename = preg_replace('/[^a-zA-Z0-9]/','_', $user_id); $session_file = @ file_get_contents("/tmp/$filename"); if (!$session_file) { $VALIDATED = FALSE; unset($USER_ID); $IS_ADMIN = FALSE; if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: orf_cookie was sent by the client but the session file wasn't found at /tmp/$filename",0); } } else { list($f_passkey,$f_is_admin,$f_time) = explode(":",$session_file); if (!empty($c_passkey) and $f_passkey == $c_passkey and $this_time < $f_time+(60 * $SESSION_TIMEOUT)) { if ($f_is_admin == 1) { $IS_ADMIN = TRUE; } $VALIDATED = TRUE; $USER_ID=$user_id; if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Setup session: Cookie and session file values match for user ${user_id} - VALIDATED (ADMIN = ${IS_ADMIN})",0); } set_passkey_cookie($USER_ID,$IS_ADMIN); } else { if ( $SESSION_DEBUG == TRUE ) { $this_error="$log_prefix Session: orf_cookie was sent by the client and the session file was found at /tmp/$filename, but"; if (empty($c_passkey)) { $this_error .= " the cookie passkey wasn't set;"; } if ($c_passkey != $f_passkey) { $this_error .= " the session file passkey didn't match the cookie passkey;"; } $this_error.=" Cookie: ${_COOKIE['orf_cookie']} - Session file contents: $session_file"; error_log($this_error,0); } } } } else { if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: orf_cookie wasn't sent by the client.",0); } if (isset($_COOKIE['sessto_cookie'])) { $this_session_timeout = $_COOKIE['sessto_cookie']; if ($this_time >= $this_session_timeout) { $SESSION_TIMED_OUT = TRUE; if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: The session had timed-out (over $SESSION_TIMEOUT mins idle).",0); } } } } } ###################################################### function set_setup_cookie() { # Create a random value, store it locally and set it in a cookie. global $SESSION_TIMEOUT, $IS_SETUP_ADMIN, $log_prefix, $SESSION_DEBUG, $DEFAULT_COOKIE_OPTIONS; $passkey = generate_passkey(); $this_time=time(); $IS_SETUP_ADMIN = TRUE; @ file_put_contents("/tmp/ldap_setup","$passkey:$this_time"); setcookie('setup_cookie', $passkey, $DEFAULT_COOKIE_OPTIONS); if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Setup session: sent setup_cookie to the client.",0); } } ###################################################### function validate_setup_cookie() { global $SESSION_TIMEOUT, $IS_SETUP_ADMIN, $log_prefix, $SESSION_DEBUG; if (isset($_COOKIE['setup_cookie'])) { $c_passkey = $_COOKIE['setup_cookie']; $session_file = file_get_contents("/tmp/ldap_setup"); if (!$session_file) { $IS_SETUP_ADMIN = FALSE; if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Setup session: setup_cookie was sent by the client but the session file wasn't found at /tmp/ldap_setup",0); } } list($f_passkey,$f_time) = explode(":",$session_file); $this_time=time(); if (!empty($c_passkey) and $f_passkey == $c_passkey and $this_time < $f_time+(60 * $SESSION_TIMEOUT)) { $IS_SETUP_ADMIN = TRUE; if ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Setup session: Cookie and session file values match - VALIDATED ",0); } set_setup_cookie(); } elseif ( $SESSION_DEBUG == TRUE) { $this_error="$log_prefix Setup session: setup_cookie was sent by the client and the session file was found at /tmp/ldap_setup, but"; if (empty($c_passkey)) { $this_error .= " the cookie passkey wasn't set;"; } if ($c_passkey != $f_passkey) { $this_error .= " the session file passkey didn't match the cookie passkey;"; } $this_error += " Cookie: ${_COOKIE['setup_cookie']} - Session file contents: $session_file"; error_log($this_error,0); } } elseif ( $SESSION_DEBUG == TRUE) { error_log("$log_prefix Session: setup_cookie wasn't sent by the client.",0); } } ###################################################### function log_out($method='normal') { # Delete the passkey from the database and the passkey cookie global $USER_ID, $SERVER_PATH, $DEFAULT_COOKIE_OPTIONS; $this_time=time(); $orf_cookie_opts = $DEFAULT_COOKIE_OPTIONS; $orf_cookie_opts['expires'] = $this_time-20000; $sessto_cookie_opts = $DEFAULT_COOKIE_OPTIONS; $sessto_cookie_opts['expires'] = $this_time-20000; setcookie('orf_cookie', "", $DEFAULT_COOKIE_OPTIONS); setcookie('sessto_cookie', "", $DEFAULT_COOKIE_OPTIONS); $filename = preg_replace('/[^a-zA-Z0-9]/','_', $USER_ID); @ unlink("/tmp/$filename"); if ($method == 'auto') { $options = "?logged_out"; } else { $options = ""; } header("Location: //${_SERVER["HTTP_HOST"]}${SERVER_PATH}index.php$options\n\n"); } ###################################################### function render_header($title="",$menu=TRUE) { global $SITE_NAME, $IS_ADMIN, $SENT_HEADERS, $SERVER_PATH; if (empty($title)) { $title = $SITE_NAME; } #Initialise the HTML output for the page. ?>
You've logged in successfully.