implemented session timeout
This commit is contained in:
parent
d920a663f7
commit
ef8365d787
|
@ -122,12 +122,14 @@ $helpArray = array (
|
||||||
"Text" => _("This changes the password of the selected profile.")),
|
"Text" => _("This changes the password of the selected profile.")),
|
||||||
"234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
|
"234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
|
||||||
"Text" => _("This changes the profile which is selected by default at login.")),
|
"Text" => _("This changes the profile which is selected by default at login.")),
|
||||||
"235" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change master password"),
|
"235" => array ("ext" => "FALSE", "Headline" => _("Change master password"),
|
||||||
"Text" => _("If you want to change your master configuration password, please enter it here.")),
|
"Text" => _("If you want to change your master configuration password, please enter it here.")),
|
||||||
"236" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Master password"),
|
"236" => array ("ext" => "FALSE", "Headline" => _("Master password"),
|
||||||
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
|
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
|
||||||
"237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"),
|
"237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"),
|
||||||
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
|
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
|
||||||
|
"238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"),
|
||||||
|
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
|
||||||
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
|
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
|
||||||
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
|
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
|
||||||
// 300 - 399
|
// 300 - 399
|
||||||
|
|
|
@ -719,10 +719,14 @@ class CfgMain {
|
||||||
/** Password to change config.cfg */
|
/** Password to change config.cfg */
|
||||||
var $password;
|
var $password;
|
||||||
|
|
||||||
|
/** Time of inactivity before session times out (minutes) */
|
||||||
|
var $sessionTimeout;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Loads preferences from config file
|
* Loads preferences from config file
|
||||||
*/
|
*/
|
||||||
function CfgMain() {
|
function CfgMain() {
|
||||||
|
$this->sessionTimeout = 30;
|
||||||
$this->reload();
|
$this->reload();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -742,11 +746,15 @@ class CfgMain {
|
||||||
if (($line == "")||($line[0] == "#")) continue; // ignore comments
|
if (($line == "")||($line[0] == "#")) continue; // ignore comments
|
||||||
// search keywords
|
// search keywords
|
||||||
if (substr($line, 0, 10) == "password: ") {
|
if (substr($line, 0, 10) == "password: ") {
|
||||||
$this->password = substr($line, 10, strlen($line)-10);
|
$this->password = substr($line, 10, strlen($line) - 10);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if (substr($line, 0, 9) == "default: ") {
|
if (substr($line, 0, 9) == "default: ") {
|
||||||
$this->default = substr($line, 9, strlen($line)-9);
|
$this->default = substr($line, 9, strlen($line) - 9);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (substr($line, 0, 16) == "sessionTimeout: ") {
|
||||||
|
$this->sessionTimeout = intval(substr($line, 16, strlen($line) - 16));
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -784,11 +792,17 @@ class CfgMain {
|
||||||
$save_default = True;
|
$save_default = True;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if (substr($file_array[$i], 0, 16) == "sessionTimeout: ") {
|
||||||
|
$file_array[$i] = "sessionTimeout: " . $this->sessionTimeout . "\n";
|
||||||
|
$save_sessionTimeout = True;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
|
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
|
||||||
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
|
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
|
||||||
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
|
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
|
||||||
|
if (!$save_sessionTimeout == True) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
|
||||||
$file = @fopen($conffile, "w");
|
$file = @fopen($conffile, "w");
|
||||||
if ($file) {
|
if ($file) {
|
||||||
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
|
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
|
||||||
|
|
|
@ -28,11 +28,16 @@ $Id$
|
||||||
* @author Roland Gruber
|
* @author Roland Gruber
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/** configuration options */
|
||||||
|
include_once('config.inc');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Starts a session and checks the environment.
|
* Starts a session and checks the environment.
|
||||||
* The script is stopped if one of the checks fail.
|
* The script is stopped if one of the checks fail.
|
||||||
*/
|
*/
|
||||||
function startSecureSession() {
|
function startSecureSession() {
|
||||||
|
// check if client IP is on the list of valid IPs
|
||||||
|
checkClientIP();
|
||||||
// start session
|
// start session
|
||||||
if (isset($_SESSION)) unset($_SESSION);
|
if (isset($_SESSION)) unset($_SESSION);
|
||||||
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
|
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
|
||||||
|
@ -48,10 +53,15 @@ function startSecureSession() {
|
||||||
// IP is invalid
|
// IP is invalid
|
||||||
die();
|
die();
|
||||||
}
|
}
|
||||||
// check if client IP is on the list of valid IPs
|
|
||||||
checkClientIP();
|
|
||||||
// check if session time has not expired
|
// check if session time has not expired
|
||||||
// TODO
|
if (($_SESSION['sec_sessionTime'] + (60 * $_SESSION['cfgMain']->sessionTimeout)) > time()) {
|
||||||
|
// ok, update time
|
||||||
|
$_SESSION['sec_sessionTime'] = time();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
// session expired, logoff user
|
||||||
|
logoffAndBackToLoginPage();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -83,4 +93,45 @@ function getValidUserDNs($dn) {
|
||||||
return array("uid=test,o=test", "uid=test2,o=test");
|
return array("uid=test,o=test", "uid=test2,o=test");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Logs off the user and displays the login page.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
function logoffAndBackToLoginPage() {
|
||||||
|
// delete key and iv in cookie
|
||||||
|
if (function_exists('mcrypt_create_iv')) {
|
||||||
|
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
||||||
|
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
||||||
|
}
|
||||||
|
// close LDAP connection
|
||||||
|
@$_SESSION["ldap"]->destroy();
|
||||||
|
// link back to login page
|
||||||
|
$paths = array('./', '../', '../../', '../../../');
|
||||||
|
$page = 'login.php';
|
||||||
|
for ($i = 0; $i < sizeof($paths); $i++) {
|
||||||
|
if (file_exists($paths[$i] . $page)) {
|
||||||
|
$page = $paths[$i] . $page;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
echo $_SESSION['header'];
|
||||||
|
echo "<title></title>\n";
|
||||||
|
echo "</head>\n";
|
||||||
|
echo "<body>\n";
|
||||||
|
// print JavaScript refresh
|
||||||
|
echo "<script type=\"text/javascript\">\n";
|
||||||
|
echo "top.location.href = \"" . $page . "\";\n";
|
||||||
|
echo "</script>\n";
|
||||||
|
// print link if refresh does not work
|
||||||
|
echo "<p>\n";
|
||||||
|
echo "<a target=\"_top\" href=\"" . $page . "\">" . _("Your session expired, click here to go back to the login page.") . "</a>\n";
|
||||||
|
echo "</p>\n";
|
||||||
|
echo "</body>\n";
|
||||||
|
echo "</html>\n";
|
||||||
|
// destroy session
|
||||||
|
session_destroy();
|
||||||
|
unset($_SESSION);
|
||||||
|
die();
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
|
@ -70,30 +70,30 @@ echo $_SESSION['header'];
|
||||||
|
|
||||||
// check if submit button was pressed
|
// check if submit button was pressed
|
||||||
if ($_POST['submit']) {
|
if ($_POST['submit']) {
|
||||||
|
$errors = array();
|
||||||
// set master password
|
// set master password
|
||||||
if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) {
|
if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) {
|
||||||
if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) {
|
if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) {
|
||||||
$cfg->password = $_POST['masterpassword'];
|
$cfg->password = $_POST['masterpassword'];
|
||||||
$cfg->save();
|
|
||||||
$msg = _("New master password set successfully.");
|
$msg = _("New master password set successfully.");
|
||||||
unset($_SESSION["mainconf_password"]);
|
unset($_SESSION["mainconf_password"]);
|
||||||
}
|
}
|
||||||
else $error = _("Master passwords are different or empty!");
|
else $errors[] = _("Master passwords are different or empty!");
|
||||||
|
}
|
||||||
|
// set session timeout
|
||||||
|
$cfg->sessionTimeout = $_POST['sessionTimeout'];
|
||||||
|
// save settings
|
||||||
|
$cfg->save();
|
||||||
|
// print messages
|
||||||
|
if (sizeof($errors) > 0) {
|
||||||
|
for ($i = 0; $i < sizeof($errors); $i++) StatusMessage("ERROR", $errors[$i]);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$msg = _("No changes were made.");
|
StatusMessage("INFO", _("Your settings were successfully saved."));
|
||||||
|
// back to login page
|
||||||
|
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
// print messages
|
|
||||||
if ($error || $msg) {
|
|
||||||
if ($error) StatusMessage("ERROR", "", $error);
|
|
||||||
if ($msg) {
|
|
||||||
StatusMessage("INFO", "", $msg);
|
|
||||||
// back to login page
|
|
||||||
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
|
|
||||||
exit();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else exit;
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
|
@ -102,6 +102,40 @@ if ($_POST['submit']) {
|
||||||
<form action="mainmanage.php" method="post">
|
<form action="mainmanage.php" method="post">
|
||||||
<table border="0">
|
<table border="0">
|
||||||
<tr><td>
|
<tr><td>
|
||||||
|
<fieldset>
|
||||||
|
<legend><b> <?php echo _("Security settings"); ?> </b></legend>
|
||||||
|
<p>
|
||||||
|
<table cellspacing="0" border="0">
|
||||||
|
<!-- session timeout -->
|
||||||
|
<tr>
|
||||||
|
<td align="right">
|
||||||
|
<?php echo _("Session timeout"); ?>
|
||||||
|
<SELECT name="sessionTimeout">
|
||||||
|
<?php
|
||||||
|
$options = array(5, 10, 20, 30, 60);
|
||||||
|
for ($i = 0; $i < sizeof($options); $i++) {
|
||||||
|
if ($cfg->sessionTimeout == $options[$i]) {
|
||||||
|
echo "<option selected>" . $cfg->sessionTimeout . "</option>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "<option>" . $options[$i] . "</option>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</SELECT>
|
||||||
|
</td>
|
||||||
|
<td>
|
||||||
|
<?PHP
|
||||||
|
// help link
|
||||||
|
echo "<a href=\"../help.php?HelpNumber=238\" target=\"lamhelp\">";
|
||||||
|
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
|
||||||
|
echo "</a>\n";
|
||||||
|
?>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
</fieldset>
|
||||||
|
<BR>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend><b> <?php echo _("Change master password"); ?> </b></legend>
|
<legend><b> <?php echo _("Change master password"); ?> </b></legend>
|
||||||
<p>
|
<p>
|
||||||
|
@ -110,7 +144,7 @@ if ($_POST['submit']) {
|
||||||
<tr>
|
<tr>
|
||||||
<td align="right">
|
<td align="right">
|
||||||
<FONT color="Red"><B>
|
<FONT color="Red"><B>
|
||||||
<?php echo _("New master password") . ":"; ?>
|
<?php echo _("New master password"); ?>
|
||||||
</B></FONT>
|
</B></FONT>
|
||||||
<input type="password" name="masterpassword">
|
<input type="password" name="masterpassword">
|
||||||
</td>
|
</td>
|
||||||
|
@ -126,7 +160,7 @@ if ($_POST['submit']) {
|
||||||
<tr>
|
<tr>
|
||||||
<td align="right">
|
<td align="right">
|
||||||
<FONT color="Red"><B>
|
<FONT color="Red"><B>
|
||||||
<?php echo _("Reenter new master password") . ":"; ?>
|
<?php echo _("Reenter new master password"); ?>
|
||||||
</B></FONT>
|
</B></FONT>
|
||||||
<input type="password" name="masterpassword2">
|
<input type="password" name="masterpassword2">
|
||||||
</td>
|
</td>
|
||||||
|
|
|
@ -367,6 +367,7 @@ if(!empty($_POST['checklogin']))
|
||||||
// set security settings for session
|
// set security settings for session
|
||||||
$_SESSION['sec_session_id'] = session_id();
|
$_SESSION['sec_session_id'] = session_id();
|
||||||
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
|
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
|
||||||
|
$_SESSION['sec_sessionTime'] = time();
|
||||||
// Load main frame
|
// Load main frame
|
||||||
include("./main.php");
|
include("./main.php");
|
||||||
}
|
}
|
||||||
|
@ -407,6 +408,7 @@ else
|
||||||
$default_Config = new CfgMain();
|
$default_Config = new CfgMain();
|
||||||
$default_Profile = $default_Config->default;
|
$default_Profile = $default_Config->default;
|
||||||
$_SESSION["config"] = new Config($default_Profile); // Create new Config object
|
$_SESSION["config"] = new Config($default_Profile); // Create new Config object
|
||||||
|
$_SESSION["cfgMain"] = $default_Config; // Create new CfgMain object
|
||||||
|
|
||||||
display_LoginPage($_SESSION["config"]); // Load Login page
|
display_LoginPage($_SESSION["config"]); // Load Login page
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue