implemented session timeout

This commit is contained in:
Roland Gruber 2006-04-18 10:57:16 +00:00
parent d920a663f7
commit ef8365d787
5 changed files with 126 additions and 23 deletions

View File

@ -122,12 +122,14 @@ $helpArray = array (
"Text" => _("This changes the password of the selected profile.")), "Text" => _("This changes the password of the selected profile.")),
"234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"), "234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
"Text" => _("This changes the profile which is selected by default at login.")), "Text" => _("This changes the profile which is selected by default at login.")),
"235" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change master password"), "235" => array ("ext" => "FALSE", "Headline" => _("Change master password"),
"Text" => _("If you want to change your master configuration password, please enter it here.")), "Text" => _("If you want to change your master configuration password, please enter it here.")),
"236" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Master password"), "236" => array ("ext" => "FALSE", "Headline" => _("Master password"),
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")), "Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
"237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"), "237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"),
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")), "Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
"238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"),
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"), "250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")), "Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
// 300 - 399 // 300 - 399

View File

@ -719,10 +719,14 @@ class CfgMain {
/** Password to change config.cfg */ /** Password to change config.cfg */
var $password; var $password;
/** Time of inactivity before session times out (minutes) */
var $sessionTimeout;
/** /**
* Loads preferences from config file * Loads preferences from config file
*/ */
function CfgMain() { function CfgMain() {
$this->sessionTimeout = 30;
$this->reload(); $this->reload();
} }
@ -742,11 +746,15 @@ class CfgMain {
if (($line == "")||($line[0] == "#")) continue; // ignore comments if (($line == "")||($line[0] == "#")) continue; // ignore comments
// search keywords // search keywords
if (substr($line, 0, 10) == "password: ") { if (substr($line, 0, 10) == "password: ") {
$this->password = substr($line, 10, strlen($line)-10); $this->password = substr($line, 10, strlen($line) - 10);
continue; continue;
} }
if (substr($line, 0, 9) == "default: ") { if (substr($line, 0, 9) == "default: ") {
$this->default = substr($line, 9, strlen($line)-9); $this->default = substr($line, 9, strlen($line) - 9);
continue;
}
if (substr($line, 0, 16) == "sessionTimeout: ") {
$this->sessionTimeout = intval(substr($line, 16, strlen($line) - 16));
continue; continue;
} }
} }
@ -784,11 +792,17 @@ class CfgMain {
$save_default = True; $save_default = True;
continue; continue;
} }
if (substr($file_array[$i], 0, 16) == "sessionTimeout: ") {
$file_array[$i] = "sessionTimeout: " . $this->sessionTimeout . "\n";
$save_sessionTimeout = True;
continue;
}
} }
} }
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file) // check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password); if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default); if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
if (!$save_sessionTimeout == True) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
$file = @fopen($conffile, "w"); $file = @fopen($conffile, "w");
if ($file) { if ($file) {
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]); for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);

View File

@ -28,11 +28,16 @@ $Id$
* @author Roland Gruber * @author Roland Gruber
*/ */
/** configuration options */
include_once('config.inc');
/** /**
* Starts a session and checks the environment. * Starts a session and checks the environment.
* The script is stopped if one of the checks fail. * The script is stopped if one of the checks fail.
*/ */
function startSecureSession() { function startSecureSession() {
// check if client IP is on the list of valid IPs
checkClientIP();
// start session // start session
if (isset($_SESSION)) unset($_SESSION); if (isset($_SESSION)) unset($_SESSION);
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess"; $sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
@ -48,10 +53,15 @@ function startSecureSession() {
// IP is invalid // IP is invalid
die(); die();
} }
// check if client IP is on the list of valid IPs
checkClientIP();
// check if session time has not expired // check if session time has not expired
// TODO if (($_SESSION['sec_sessionTime'] + (60 * $_SESSION['cfgMain']->sessionTimeout)) > time()) {
// ok, update time
$_SESSION['sec_sessionTime'] = time();
}
else {
// session expired, logoff user
logoffAndBackToLoginPage();
}
} }
/** /**
@ -83,4 +93,45 @@ function getValidUserDNs($dn) {
return array("uid=test,o=test", "uid=test2,o=test"); return array("uid=test,o=test", "uid=test2,o=test");
} }
/**
* Logs off the user and displays the login page.
*
*/
function logoffAndBackToLoginPage() {
// delete key and iv in cookie
if (function_exists('mcrypt_create_iv')) {
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
}
// close LDAP connection
@$_SESSION["ldap"]->destroy();
// link back to login page
$paths = array('./', '../', '../../', '../../../');
$page = 'login.php';
for ($i = 0; $i < sizeof($paths); $i++) {
if (file_exists($paths[$i] . $page)) {
$page = $paths[$i] . $page;
break;
}
}
echo $_SESSION['header'];
echo "<title></title>\n";
echo "</head>\n";
echo "<body>\n";
// print JavaScript refresh
echo "<script type=\"text/javascript\">\n";
echo "top.location.href = \"" . $page . "\";\n";
echo "</script>\n";
// print link if refresh does not work
echo "<p>\n";
echo "<a target=\"_top\" href=\"" . $page . "\">" . _("Your session expired, click here to go back to the login page.") . "</a>\n";
echo "</p>\n";
echo "</body>\n";
echo "</html>\n";
// destroy session
session_destroy();
unset($_SESSION);
die();
}
?> ?>

View File

@ -70,30 +70,30 @@ echo $_SESSION['header'];
// check if submit button was pressed // check if submit button was pressed
if ($_POST['submit']) { if ($_POST['submit']) {
$errors = array();
// set master password // set master password
if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) { if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) {
if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) { if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) {
$cfg->password = $_POST['masterpassword']; $cfg->password = $_POST['masterpassword'];
$cfg->save();
$msg = _("New master password set successfully."); $msg = _("New master password set successfully.");
unset($_SESSION["mainconf_password"]); unset($_SESSION["mainconf_password"]);
} }
else $error = _("Master passwords are different or empty!"); else $errors[] = _("Master passwords are different or empty!");
}
// set session timeout
$cfg->sessionTimeout = $_POST['sessionTimeout'];
// save settings
$cfg->save();
// print messages
if (sizeof($errors) > 0) {
for ($i = 0; $i < sizeof($errors); $i++) StatusMessage("ERROR", $errors[$i]);
} }
else { else {
$msg = _("No changes were made."); StatusMessage("INFO", _("Your settings were successfully saved."));
// back to login page
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
exit();
} }
// print messages
if ($error || $msg) {
if ($error) StatusMessage("ERROR", "", $error);
if ($msg) {
StatusMessage("INFO", "", $msg);
// back to login page
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
exit();
}
}
else exit;
} }
?> ?>
@ -102,6 +102,40 @@ if ($_POST['submit']) {
<form action="mainmanage.php" method="post"> <form action="mainmanage.php" method="post">
<table border="0"> <table border="0">
<tr><td> <tr><td>
<fieldset>
<legend><b> <?php echo _("Security settings"); ?> </b></legend>
<p>
<table cellspacing="0" border="0">
<!-- session timeout -->
<tr>
<td align="right">
<?php echo _("Session timeout"); ?>
<SELECT name="sessionTimeout">
<?php
$options = array(5, 10, 20, 30, 60);
for ($i = 0; $i < sizeof($options); $i++) {
if ($cfg->sessionTimeout == $options[$i]) {
echo "<option selected>" . $cfg->sessionTimeout . "</option>";
}
else {
echo "<option>" . $options[$i] . "</option>";
}
}
?>
</SELECT>
</td>
<td>&nbsp;
<?PHP
// help link
echo "<a href=\"../help.php?HelpNumber=238\" target=\"lamhelp\">";
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "</a>\n";
?>
</td>
</tr>
</table>
</fieldset>
<BR>
<fieldset> <fieldset>
<legend><b> <?php echo _("Change master password"); ?> </b></legend> <legend><b> <?php echo _("Change master password"); ?> </b></legend>
<p> <p>
@ -110,7 +144,7 @@ if ($_POST['submit']) {
<tr> <tr>
<td align="right"> <td align="right">
<FONT color="Red"><B> <FONT color="Red"><B>
<?php echo _("New master password") . ":"; ?> <?php echo _("New master password"); ?>
</B></FONT> </B></FONT>
<input type="password" name="masterpassword"> <input type="password" name="masterpassword">
</td> </td>
@ -126,7 +160,7 @@ if ($_POST['submit']) {
<tr> <tr>
<td align="right"> <td align="right">
<FONT color="Red"><B> <FONT color="Red"><B>
<?php echo _("Reenter new master password") . ":"; ?> <?php echo _("Reenter new master password"); ?>
</B></FONT> </B></FONT>
<input type="password" name="masterpassword2"> <input type="password" name="masterpassword2">
</td> </td>

View File

@ -367,6 +367,7 @@ if(!empty($_POST['checklogin']))
// set security settings for session // set security settings for session
$_SESSION['sec_session_id'] = session_id(); $_SESSION['sec_session_id'] = session_id();
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['sec_sessionTime'] = time();
// Load main frame // Load main frame
include("./main.php"); include("./main.php");
} }
@ -407,6 +408,7 @@ else
$default_Config = new CfgMain(); $default_Config = new CfgMain();
$default_Profile = $default_Config->default; $default_Profile = $default_Config->default;
$_SESSION["config"] = new Config($default_Profile); // Create new Config object $_SESSION["config"] = new Config($default_Profile); // Create new Config object
$_SESSION["cfgMain"] = $default_Config; // Create new CfgMain object
display_LoginPage($_SESSION["config"]); // Load Login page display_LoginPage($_SESSION["config"]); // Load Login page
} }