implemented session timeout

This commit is contained in:
Roland Gruber 2006-04-18 10:57:16 +00:00
parent d920a663f7
commit ef8365d787
5 changed files with 126 additions and 23 deletions

View File

@ -122,12 +122,14 @@ $helpArray = array (
"Text" => _("This changes the password of the selected profile.")),
"234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
"Text" => _("This changes the profile which is selected by default at login.")),
"235" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change master password"),
"235" => array ("ext" => "FALSE", "Headline" => _("Change master password"),
"Text" => _("If you want to change your master configuration password, please enter it here.")),
"236" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Master password"),
"236" => array ("ext" => "FALSE", "Headline" => _("Master password"),
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
"237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"),
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
"238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"),
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
// 300 - 399

View File

@ -719,10 +719,14 @@ class CfgMain {
/** Password to change config.cfg */
var $password;
/** Time of inactivity before session times out (minutes) */
var $sessionTimeout;
/**
* Loads preferences from config file
*/
function CfgMain() {
$this->sessionTimeout = 30;
$this->reload();
}
@ -742,11 +746,15 @@ class CfgMain {
if (($line == "")||($line[0] == "#")) continue; // ignore comments
// search keywords
if (substr($line, 0, 10) == "password: ") {
$this->password = substr($line, 10, strlen($line)-10);
$this->password = substr($line, 10, strlen($line) - 10);
continue;
}
if (substr($line, 0, 9) == "default: ") {
$this->default = substr($line, 9, strlen($line)-9);
$this->default = substr($line, 9, strlen($line) - 9);
continue;
}
if (substr($line, 0, 16) == "sessionTimeout: ") {
$this->sessionTimeout = intval(substr($line, 16, strlen($line) - 16));
continue;
}
}
@ -784,11 +792,17 @@ class CfgMain {
$save_default = True;
continue;
}
if (substr($file_array[$i], 0, 16) == "sessionTimeout: ") {
$file_array[$i] = "sessionTimeout: " . $this->sessionTimeout . "\n";
$save_sessionTimeout = True;
continue;
}
}
}
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
if (!$save_sessionTimeout == True) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
$file = @fopen($conffile, "w");
if ($file) {
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);

View File

@ -28,11 +28,16 @@ $Id$
* @author Roland Gruber
*/
/** configuration options */
include_once('config.inc');
/**
* Starts a session and checks the environment.
* The script is stopped if one of the checks fail.
*/
function startSecureSession() {
// check if client IP is on the list of valid IPs
checkClientIP();
// start session
if (isset($_SESSION)) unset($_SESSION);
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
@ -48,10 +53,15 @@ function startSecureSession() {
// IP is invalid
die();
}
// check if client IP is on the list of valid IPs
checkClientIP();
// check if session time has not expired
// TODO
if (($_SESSION['sec_sessionTime'] + (60 * $_SESSION['cfgMain']->sessionTimeout)) > time()) {
// ok, update time
$_SESSION['sec_sessionTime'] = time();
}
else {
// session expired, logoff user
logoffAndBackToLoginPage();
}
}
/**
@ -83,4 +93,45 @@ function getValidUserDNs($dn) {
return array("uid=test,o=test", "uid=test2,o=test");
}
/**
* Logs off the user and displays the login page.
*
*/
function logoffAndBackToLoginPage() {
// delete key and iv in cookie
if (function_exists('mcrypt_create_iv')) {
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
}
// close LDAP connection
@$_SESSION["ldap"]->destroy();
// link back to login page
$paths = array('./', '../', '../../', '../../../');
$page = 'login.php';
for ($i = 0; $i < sizeof($paths); $i++) {
if (file_exists($paths[$i] . $page)) {
$page = $paths[$i] . $page;
break;
}
}
echo $_SESSION['header'];
echo "<title></title>\n";
echo "</head>\n";
echo "<body>\n";
// print JavaScript refresh
echo "<script type=\"text/javascript\">\n";
echo "top.location.href = \"" . $page . "\";\n";
echo "</script>\n";
// print link if refresh does not work
echo "<p>\n";
echo "<a target=\"_top\" href=\"" . $page . "\">" . _("Your session expired, click here to go back to the login page.") . "</a>\n";
echo "</p>\n";
echo "</body>\n";
echo "</html>\n";
// destroy session
session_destroy();
unset($_SESSION);
die();
}
?>

View File

@ -70,30 +70,30 @@ echo $_SESSION['header'];
// check if submit button was pressed
if ($_POST['submit']) {
$errors = array();
// set master password
if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) {
if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) {
$cfg->password = $_POST['masterpassword'];
$cfg->save();
$msg = _("New master password set successfully.");
unset($_SESSION["mainconf_password"]);
}
else $error = _("Master passwords are different or empty!");
else $errors[] = _("Master passwords are different or empty!");
}
// set session timeout
$cfg->sessionTimeout = $_POST['sessionTimeout'];
// save settings
$cfg->save();
// print messages
if (sizeof($errors) > 0) {
for ($i = 0; $i < sizeof($errors); $i++) StatusMessage("ERROR", $errors[$i]);
}
else {
$msg = _("No changes were made.");
}
// print messages
if ($error || $msg) {
if ($error) StatusMessage("ERROR", "", $error);
if ($msg) {
StatusMessage("INFO", "", $msg);
StatusMessage("INFO", _("Your settings were successfully saved."));
// back to login page
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
exit();
}
}
else exit;
}
?>
@ -102,6 +102,40 @@ if ($_POST['submit']) {
<form action="mainmanage.php" method="post">
<table border="0">
<tr><td>
<fieldset>
<legend><b> <?php echo _("Security settings"); ?> </b></legend>
<p>
<table cellspacing="0" border="0">
<!-- session timeout -->
<tr>
<td align="right">
<?php echo _("Session timeout"); ?>
<SELECT name="sessionTimeout">
<?php
$options = array(5, 10, 20, 30, 60);
for ($i = 0; $i < sizeof($options); $i++) {
if ($cfg->sessionTimeout == $options[$i]) {
echo "<option selected>" . $cfg->sessionTimeout . "</option>";
}
else {
echo "<option>" . $options[$i] . "</option>";
}
}
?>
</SELECT>
</td>
<td>&nbsp;
<?PHP
// help link
echo "<a href=\"../help.php?HelpNumber=238\" target=\"lamhelp\">";
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
echo "</a>\n";
?>
</td>
</tr>
</table>
</fieldset>
<BR>
<fieldset>
<legend><b> <?php echo _("Change master password"); ?> </b></legend>
<p>
@ -110,7 +144,7 @@ if ($_POST['submit']) {
<tr>
<td align="right">
<FONT color="Red"><B>
<?php echo _("New master password") . ":"; ?>
<?php echo _("New master password"); ?>
</B></FONT>
<input type="password" name="masterpassword">
</td>
@ -126,7 +160,7 @@ if ($_POST['submit']) {
<tr>
<td align="right">
<FONT color="Red"><B>
<?php echo _("Reenter new master password") . ":"; ?>
<?php echo _("Reenter new master password"); ?>
</B></FONT>
<input type="password" name="masterpassword2">
</td>

View File

@ -367,6 +367,7 @@ if(!empty($_POST['checklogin']))
// set security settings for session
$_SESSION['sec_session_id'] = session_id();
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['sec_sessionTime'] = time();
// Load main frame
include("./main.php");
}
@ -407,6 +408,7 @@ else
$default_Config = new CfgMain();
$default_Profile = $default_Config->default;
$_SESSION["config"] = new Config($default_Profile); // Create new Config object
$_SESSION["cfgMain"] = $default_Config; // Create new CfgMain object
display_LoginPage($_SESSION["config"]); // Load Login page
}