Security functions
This commit is contained in:
Roland Gruber
parent
0d746d6301
commit
d1d23d9a06
|
|
@ -0,0 +1,86 @@
|
||||||
|
<?php
|
||||||
|
/*
|
||||||
|
$Id$
|
||||||
|
|
||||||
|
This code is part of LDAP Account Manager (http://www.sourceforge.net/projects/lam)
|
||||||
|
Copyright (C) 2006 Roland Gruber
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This file includes functions to perform several security checks on each page load.
|
||||||
|
*
|
||||||
|
* @package lib
|
||||||
|
* @author Roland Gruber
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Starts a session and checks the environment.
|
||||||
|
* The script is stopped if one of the checks fail.
|
||||||
|
*/
|
||||||
|
function startSecureSession() {
|
||||||
|
// start session
|
||||||
|
if (isset($_SESSION)) unset($_SESSION);
|
||||||
|
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
|
||||||
|
session_save_path($sessionDir);
|
||||||
|
@session_start();
|
||||||
|
// check session id
|
||||||
|
if (! isset($_SESSION["sec_session_id"]) || ($_SESSION["sec_session_id"] != session_id())) {
|
||||||
|
// session id is invalid
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
// check if client IP has not changed
|
||||||
|
if (!isset($_SESSION["sec_client_ip"]) || ($_SESSION["sec_client_ip"] != $_SERVER['REMOTE_ADDR'])) {
|
||||||
|
// IP is invalid
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
// check if client IP is on the list of valid IPs
|
||||||
|
checkClientIP();
|
||||||
|
// check if session time has not expired
|
||||||
|
// TODO
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if the client's IP address is on the list of allowed IPs.
|
||||||
|
* The script is stopped if the host is not valid.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
function checkClientIP() {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if the user is allowed to access LAM at this time.
|
||||||
|
* The script is stopped if time is exceeded.
|
||||||
|
*
|
||||||
|
* @param unknown_type $dn
|
||||||
|
*/
|
||||||
|
function checkUserTime($dn) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns a list of DNs of valid LAM users.
|
||||||
|
*
|
||||||
|
* @param string $dn configuration DN
|
||||||
|
* @return array $dn user list
|
||||||
|
*/
|
||||||
|
function getValidUserDNs($dn) {
|
||||||
|
return array("uid=test,o=test", "uid=test2,o=test");
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
Loading…
Reference in New Issue