diff --git a/lam/help/help.inc b/lam/help/help.inc
index 55f0049c..a051b145 100644
--- a/lam/help/help.inc
+++ b/lam/help/help.inc
@@ -122,12 +122,14 @@ $helpArray = array (
"Text" => _("This changes the password of the selected profile.")),
"234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
"Text" => _("This changes the profile which is selected by default at login.")),
- "235" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change master password"),
+ "235" => array ("ext" => "FALSE", "Headline" => _("Change master password"),
"Text" => _("If you want to change your master configuration password, please enter it here.")),
- "236" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Master password"),
+ "236" => array ("ext" => "FALSE", "Headline" => _("Master password"),
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
"237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"),
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
+ "238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"),
+ "Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
// 300 - 399
diff --git a/lam/lib/config.inc b/lam/lib/config.inc
index 3d83e33b..9e837a2d 100644
--- a/lam/lib/config.inc
+++ b/lam/lib/config.inc
@@ -718,11 +718,15 @@ class CfgMain {
/** Password to change config.cfg */
var $password;
+
+ /** Time of inactivity before session times out (minutes) */
+ var $sessionTimeout;
/**
* Loads preferences from config file
*/
function CfgMain() {
+ $this->sessionTimeout = 30;
$this->reload();
}
@@ -742,11 +746,15 @@ class CfgMain {
if (($line == "")||($line[0] == "#")) continue; // ignore comments
// search keywords
if (substr($line, 0, 10) == "password: ") {
- $this->password = substr($line, 10, strlen($line)-10);
+ $this->password = substr($line, 10, strlen($line) - 10);
continue;
}
if (substr($line, 0, 9) == "default: ") {
- $this->default = substr($line, 9, strlen($line)-9);
+ $this->default = substr($line, 9, strlen($line) - 9);
+ continue;
+ }
+ if (substr($line, 0, 16) == "sessionTimeout: ") {
+ $this->sessionTimeout = intval(substr($line, 16, strlen($line) - 16));
continue;
}
}
@@ -784,11 +792,17 @@ class CfgMain {
$save_default = True;
continue;
}
+ if (substr($file_array[$i], 0, 16) == "sessionTimeout: ") {
+ $file_array[$i] = "sessionTimeout: " . $this->sessionTimeout . "\n";
+ $save_sessionTimeout = True;
+ continue;
+ }
}
}
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
+ if (!$save_sessionTimeout == True) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
$file = @fopen($conffile, "w");
if ($file) {
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
diff --git a/lam/lib/security.inc b/lam/lib/security.inc
index ed8d3ac7..f3a07545 100644
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@@ -28,11 +28,16 @@ $Id$
* @author Roland Gruber
*/
+/** configuration options */
+include_once('config.inc');
+
/**
* Starts a session and checks the environment.
* The script is stopped if one of the checks fail.
*/
function startSecureSession() {
+ // check if client IP is on the list of valid IPs
+ checkClientIP();
// start session
if (isset($_SESSION)) unset($_SESSION);
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
@@ -48,10 +53,15 @@ function startSecureSession() {
// IP is invalid
die();
}
- // check if client IP is on the list of valid IPs
- checkClientIP();
// check if session time has not expired
- // TODO
+ if (($_SESSION['sec_sessionTime'] + (60 * $_SESSION['cfgMain']->sessionTimeout)) > time()) {
+ // ok, update time
+ $_SESSION['sec_sessionTime'] = time();
+ }
+ else {
+ // session expired, logoff user
+ logoffAndBackToLoginPage();
+ }
}
/**
@@ -83,4 +93,45 @@ function getValidUserDNs($dn) {
return array("uid=test,o=test", "uid=test2,o=test");
}
+/**
+ * Logs off the user and displays the login page.
+ *
+ */
+function logoffAndBackToLoginPage() {
+ // delete key and iv in cookie
+ if (function_exists('mcrypt_create_iv')) {
+ setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
+ setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
+ }
+ // close LDAP connection
+ @$_SESSION["ldap"]->destroy();
+ // link back to login page
+ $paths = array('./', '../', '../../', '../../../');
+ $page = 'login.php';
+ for ($i = 0; $i < sizeof($paths); $i++) {
+ if (file_exists($paths[$i] . $page)) {
+ $page = $paths[$i] . $page;
+ break;
+ }
+ }
+ echo $_SESSION['header'];
+ echo "\n";
+ echo "\n";
+ echo "\n";
+ // print JavaScript refresh
+ echo "\n";
+ // print link if refresh does not work
+ echo "\n";
+ echo "" . _("Your session expired, click here to go back to the login page.") . "\n";
+ echo "
\n";
+ echo "\n";
+ echo "