gitlabFork/ISPConfig3.git - Solinfo Gitblit

Till Brehm

2015-06-03 5af0cfd99a13fda9afad3380b0c50a3428acd299

commit \| author \| age
532ae5	1	<?php
L	2
	3	/*
	4	Copyright (c) 2007, Till Brehm, projektfarm Gmbh
	5	All rights reserved.
	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
	31	class auth {
	32	var $client_limits = null;
	33
	34	public function get_user_id()
	35	{
5308a8	36	global $app;
604c0c	37	return $app->functions->intval($_SESSION['s']['user']['userid']);
532ae5	38	}
7fe908	39
532ae5	40	public function is_admin() {
L	41	if($_SESSION['s']['user']['typ'] == 'admin') {
	42	return true;
	43	} else {
	44	return false;
	45	}
7fe908	46	}
19b5e0	47
TB	48	public function is_superadmin() {
9edea9	49	if($_SESSION['s']['user']['typ'] == 'admin' && $_SESSION['s']['user']['userid'] == 1) {
19b5e0	50	return true;
TB	51	} else {
	52	return false;
	53	}
	54	}
7fe908	55
532ae5	56	public function has_clients($userid) {
L	57	global $app, $conf;
7fe908	58
65ea2e	59	$userid = $app->functions->intval($userid);
532ae5	60	$client = $app->db->queryOneRecord("SELECT client.limit_client FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
71c5c2	61	if($client['limit_client'] != 0) {
532ae5	62	return true;
L	63	} else {
	64	return false;
	65	}
	66	}
7fe908	67
532ae5	68	//** This function adds a given group id to a given user.
7fe908	69	public function add_group_to_user($userid, $groupid) {
532ae5	70	global $app;
7fe908	71
65ea2e	72	$userid = $app->functions->intval($userid);
M	73	$groupid = $app->functions->intval($groupid);
7fe908	74
532ae5	75	if($userid > 0 && $groupid > 0) {
L	76	$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
7fe908	77	$groups = explode(',', $user['groups']);
MC	78	if(!in_array($groupid, $groups)) $groups[] = $groupid;
	79	$groups_string = implode(',', $groups);
532ae5	80	$sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
L	81	$app->db->query($sql);
	82	return true;
	83	} else {
	84	return false;
	85	}
	86	}
	87
	88	//** This function returns given client limit as integer, -1 means no limit
	89	public function get_client_limit($userid, $limitname)
	90	{
	91	global $app;
604c0c	92
TB	93	$userid = $app->functions->intval($userid);
19b5e0	94	if(!preg_match('/^[a-zA-Z0-9\-\_]{1,64}$/',$limitname)) $app->error('Invalid limit name '.$limitname);
604c0c	95
532ae5	96	// simple query cache
7fe908	97	if($this->client_limits===null)
532ae5	98	$this->client_limits = $app->db->queryOneRecord("SELECT client.* FROM sys_user, client WHERE sys_user.userid = $userid AND sys_user.client_id = client.client_id");
7fe908	99
532ae5	100	// isn't client -> no limit
L	101	if(!$this->client_limits)
	102	return -1;
7fe908	103
532ae5	104	if(isset($this->client_limits['limit_'.$limitname])) {
L	105	return $this->client_limits['limit_'.$limitname];
7fe908	106	}
MC	107	}
	108
532ae5	109	//** This function removes a given group id from a given user.
7fe908	110	public function remove_group_from_user($userid, $groupid) {
532ae5	111	global $app;
7fe908	112
65ea2e	113	$userid = $app->functions->intval($userid);
M	114	$groupid = $app->functions->intval($groupid);
7fe908	115
532ae5	116	if($userid > 0 && $groupid > 0) {
L	117	$user = $app->db->queryOneRecord("SELECT * FROM sys_user WHERE userid = $userid");
7fe908	118	$groups = explode(',', $user['groups']);
MC	119	$key = array_search($groupid, $groups);
532ae5	120	unset($groups[$key]);
7fe908	121	$groups_string = implode(',', $groups);
532ae5	122	$sql = "UPDATE sys_user SET groups = '$groups_string' WHERE userid = $userid";
L	123	$app->db->query($sql);
	124	return true;
	125	} else {
	126	return false;
	127	}
	128	}
7fe908	129
532ae5	130	public function check_module_permissions($module) {
L	131	// Check if the current user has the permissions to access this module
19b5e0	132	$user_modules = explode(',',$_SESSION["s"]["user"]["modules"]);
TB	133	if(!in_array($module,$user_modules)) {
532ae5	134	// echo "LOGIN_REDIRECT:/index.php";
L	135	header("Location: /index.php");
	136	exit;
	137	}
	138	}
9edea9	139
TB	140	public function check_security_permissions($permission) {
	141
	142	global $app;
	143
	144	$app->uses('getconf');
	145	$security_config = $app->getconf->get_security_config('permissions');
	146
	147	$security_check = false;
	148	if($security_config[$permission] == 'yes') $security_check = true;
	149	if($security_config[$permission] == 'superadmin' && $app->auth->is_superadmin()) $security_check = true;
	150	if($security_check !== true) {
	151	$app->error($app->lng('security_check1_txt').' '.$permission.' '.$app->lng('security_check2_txt'));
	152	}
	153
	154	}
7fe908	155
9c7907	156	public function get_random_password($minLength = 8, $special = false) {
MC	157	if($minLength < 8) $minLength = 8;
	158	$maxLength = $minLength + 5;
	159	$length = mt_rand($minLength, $maxLength);
	160
	161	$alphachars = "abcdefghijklmnopqrstuvwxyz";
	162	$upperchars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
	163	$numchars = "1234567890";
	164	$specialchars = "!@#_";
	165
	166	$num_special = 0;
	167	if($special == true) {
	168	$num_special = intval(mt_rand(0, round($length / 4))) + 1;
f9c7f3	169	}
9c7907	170	$numericlen = mt_rand(1, 2);
MC	171	$alphalen = $length - $num_special - $numericlen;
	172	$upperlen = intval($alphalen / 2);
	173	$alphalen = $alphalen - $upperlen;
	174	$password = '';
	175
	176	for($i = 0; $i < $alphalen; $i++) {
	177	$password .= substr($alphachars, mt_rand(0, strlen($alphachars) - 1), 1);
	178	}
	179
	180	for($i = 0; $i < $upperlen; $i++) {
	181	$password .= substr($upperchars, mt_rand(0, strlen($upperchars) - 1), 1);
	182	}
	183
	184	for($i = 0; $i < $num_special; $i++) {
	185	$password .= substr($specialchars, mt_rand(0, strlen($specialchars) - 1), 1);
	186	}
	187
	188	for($i = 0; $i < $numericlen; $i++) {
	189	$password .= substr($numchars, mt_rand(0, strlen($numchars) - 1), 1);
	190	}
	191
	192	return str_shuffle($password);
f9c7f3	193	}
7fe908	194
c614f1	195	public function crypt_password($cleartext_password) {
T	196	$salt="$1$";
	197	$base64_alphabet='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
	198	for ($n=0;$n<8;$n++) {
7fe908	199	$salt.=$base64_alphabet[mt_rand(0, 63)];
c614f1	200	}
T	201	$salt.="$";
7fe908	202	return crypt($cleartext_password, $salt);
c614f1	203	}
5af0cf	204
TB	205	public function csrf_token_get($form_name) {
	206	/* CSRF PROTECTION */
	207	// generate csrf protection id and key
	208	$_csrf_id = uniqid($form_name . '_'); // form id
	209	$_csrf_key = sha1(uniqid(microtime(true), true)); // the key
	210	if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
	211	if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
	212	$_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
	213	$_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
	214
	215	return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
	216	}
	217
	218	public function csrf_token_check() {
	219	global $app;
	220
	221	if(isset($_POST) && is_array($_POST)) {
	222	$_csrf_valid = false;
	223	if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
	224	$_csrf_id = trim($_POST['_csrf_id']);
	225	$_csrf_key = trim($_POST['_csrf_key']);
	226	if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
	227	if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
	228	}
	229	}
	230	if($_csrf_valid !== true) {
	231	$app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
	232	$app->error($app->lng('err_csrf_attempt_blocked'));
	233	}
	234	$_SESSION['_csrf'][$_csrf_id] = null;
	235	$_SESSION['_csrf_timeout'][$_csrf_id] = null;
	236	unset($_SESSION['_csrf'][$_csrf_id]);
	237	unset($_SESSION['_csrf_timeout'][$_csrf_id]);
	238
	239	if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
	240	$to_unset = array();
	241	foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
	242	if($timeout < time()) $to_unset[] = $_csrf_id;
	243	}
	244	foreach($to_unset as $_csrf_id) {
	245	$_SESSION['_csrf'][$_csrf_id] = null;
	246	$_SESSION['_csrf_timeout'][$_csrf_id] = null;
	247	unset($_SESSION['_csrf'][$_csrf_id]);
	248	unset($_SESSION['_csrf_timeout'][$_csrf_id]);
	249	}
	250	unset($to_unset);
	251	}
	252	}
	253	}
7fe908	254
532ae5	255	}
L	256
7fe908	257	?>