better session timeout support for self service

This commit is contained in:
Roland Gruber 2013-02-28 17:42:09 +00:00
parent 94bb540b2c
commit 43199cd804
2 changed files with 22 additions and 9 deletions

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2012 Roland Gruber Copyright (C) 2006 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -113,25 +113,38 @@ function checkClientIP() {
*/ */
function logoffAndBackToLoginPage() { function logoffAndBackToLoginPage() {
// log message // log message
if (isset($_SESSION['ldap'])) {
$ldapUser = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->decrypt_login();
logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.'); logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.');
// close LDAP connection
@$_SESSION["ldap"]->destroy();
}
elseif (isset($_SESSION['selfService_clientDN'])) {
logNewMessage(LOG_WARNING, 'Self service session of DN ' . Ldap::decrypt($_SESSION['selfService_clientDN'], 'SelfService') . ' expired.');
}
// delete key and iv in cookie // delete key and iv in cookie
if (function_exists('mcrypt_create_iv')) { if (function_exists('mcrypt_create_iv')) {
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/"); setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/"); setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
} }
// close LDAP connection
@$_SESSION["ldap"]->destroy();
// link back to login page // link back to login page
$paths = array('./', '../', '../../', '../../../'); $paths = array('./', '../', '../../', '../../../');
$page = 'login.php'; $page = 'login.php?expired=yes';
if (isset($_SESSION['selfService_clientDN'])) {
$scope = $_GET['scope'];
$name = $_GET['name'];
if (!preg_match('/^[0-9a-zA-Z _-]+$/', $scope) || !preg_match('/^[0-9a-zA-Z _-]+$/', $name)) {
logNewMessage(LOG_ERR, 'GET parameters invalid: ' . $name . ' ' . $scope);
die();
}
$page = 'selfServiceLogin.php?expired=yes&scope=' . $scope . '&name=' . $name;
}
for ($i = 0; $i < sizeof($paths); $i++) { for ($i = 0; $i < sizeof($paths); $i++) {
if (file_exists($paths[$i] . $page)) { if (file_exists($paths[$i] . $page)) {
$page = $paths[$i] . $page; $page = $paths[$i] . $page;
break; break;
} }
} }
$page .= "?expired=yes";
echo $_SESSION['header']; echo $_SESSION['header'];
echo "<title></title>\n"; echo "<title></title>\n";
echo "</head>\n"; echo "</head>\n";

View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2012 Roland Gruber Copyright (C) 2003 - 2013 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -197,7 +197,7 @@ $container->addElement(new htmlSpacer(null, '20px'), true);
// security settings // security settings
$securityTable = new htmlTable(); $securityTable = new htmlTable();
$options = array(5, 10, 20, 30, 60); $options = array(5, 10, 20, 30, 60, 90, 120, 240);
$securityTable->addElement(new htmlTableExtendedSelect('sessionTimeout', $options, array($cfg->sessionTimeout), _("Session timeout"), '238'), true); $securityTable->addElement(new htmlTableExtendedSelect('sessionTimeout', $options, array($cfg->sessionTimeout), _("Session timeout"), '238'), true);
$securityTable->addElement(new htmlTableExtendedInputTextarea('allowedHosts', implode("\n", explode(",", $cfg->allowedHosts)), '30', '7', _("Allowed hosts"), '241'), true); $securityTable->addElement(new htmlTableExtendedInputTextarea('allowedHosts', implode("\n", explode(",", $cfg->allowedHosts)), '30', '7', _("Allowed hosts"), '241'), true);
$securityField = new htmlFieldset($securityTable, _("Security settings")); $securityField = new htmlFieldset($securityTable, _("Security settings"));