implemented session timeout
This commit is contained in:
parent
d920a663f7
commit
ef8365d787
|
@ -122,12 +122,14 @@ $helpArray = array (
|
|||
"Text" => _("This changes the password of the selected profile.")),
|
||||
"234" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change default profile"),
|
||||
"Text" => _("This changes the profile which is selected by default at login.")),
|
||||
"235" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Change master password"),
|
||||
"235" => array ("ext" => "FALSE", "Headline" => _("Change master password"),
|
||||
"Text" => _("If you want to change your master configuration password, please enter it here.")),
|
||||
"236" => array ("ext" => "FALSE", "Headline" => _("Profile management") . " - " . _("Master password"),
|
||||
"236" => array ("ext" => "FALSE", "Headline" => _("Master password"),
|
||||
"Text" => _("Please enter the master configuration password. This is NOT your LDAP password. It is stored in your config.cfg file. If this is the first time you log in, enter \"lam\".")),
|
||||
"237" => array ("ext" => "FALSE", "Headline" => _("Configuration wizard") . " - " . _("Base module"),
|
||||
"Text" => _("Every account type needs exactly one base module. This module provides a structural object class.")),
|
||||
"238" => array ("ext" => "FALSE", "Headline" => _("Session timeout"),
|
||||
"Text" => _("This is the time (in minutes) of inactivity after which a user is automatically logged off.")),
|
||||
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
|
||||
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
|
||||
// 300 - 399
|
||||
|
|
|
@ -719,10 +719,14 @@ class CfgMain {
|
|||
/** Password to change config.cfg */
|
||||
var $password;
|
||||
|
||||
/** Time of inactivity before session times out (minutes) */
|
||||
var $sessionTimeout;
|
||||
|
||||
/**
|
||||
* Loads preferences from config file
|
||||
*/
|
||||
function CfgMain() {
|
||||
$this->sessionTimeout = 30;
|
||||
$this->reload();
|
||||
}
|
||||
|
||||
|
@ -742,11 +746,15 @@ class CfgMain {
|
|||
if (($line == "")||($line[0] == "#")) continue; // ignore comments
|
||||
// search keywords
|
||||
if (substr($line, 0, 10) == "password: ") {
|
||||
$this->password = substr($line, 10, strlen($line)-10);
|
||||
$this->password = substr($line, 10, strlen($line) - 10);
|
||||
continue;
|
||||
}
|
||||
if (substr($line, 0, 9) == "default: ") {
|
||||
$this->default = substr($line, 9, strlen($line)-9);
|
||||
$this->default = substr($line, 9, strlen($line) - 9);
|
||||
continue;
|
||||
}
|
||||
if (substr($line, 0, 16) == "sessionTimeout: ") {
|
||||
$this->sessionTimeout = intval(substr($line, 16, strlen($line) - 16));
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
@ -784,11 +792,17 @@ class CfgMain {
|
|||
$save_default = True;
|
||||
continue;
|
||||
}
|
||||
if (substr($file_array[$i], 0, 16) == "sessionTimeout: ") {
|
||||
$file_array[$i] = "sessionTimeout: " . $this->sessionTimeout . "\n";
|
||||
$save_sessionTimeout = True;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
}
|
||||
// check if we have to add new entries (e.g. if user upgraded LAM and has an old config file)
|
||||
if (!$save_password == True) array_push($file_array, "\n\n# password to add/delete/rename configuration profiles\n" . "password: " . $this->password);
|
||||
if (!$save_default == True) array_push($file_array, "\n\n# default profile, without \".conf\"\n" . "default: " . $this->default);
|
||||
if (!$save_sessionTimeout == True) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
|
||||
$file = @fopen($conffile, "w");
|
||||
if ($file) {
|
||||
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
|
||||
|
|
|
@ -28,11 +28,16 @@ $Id$
|
|||
* @author Roland Gruber
|
||||
*/
|
||||
|
||||
/** configuration options */
|
||||
include_once('config.inc');
|
||||
|
||||
/**
|
||||
* Starts a session and checks the environment.
|
||||
* The script is stopped if one of the checks fail.
|
||||
*/
|
||||
function startSecureSession() {
|
||||
// check if client IP is on the list of valid IPs
|
||||
checkClientIP();
|
||||
// start session
|
||||
if (isset($_SESSION)) unset($_SESSION);
|
||||
$sessionDir = substr(__FILE__, 0, strlen(__FILE__) - 17) . "/sess";
|
||||
|
@ -48,10 +53,15 @@ function startSecureSession() {
|
|||
// IP is invalid
|
||||
die();
|
||||
}
|
||||
// check if client IP is on the list of valid IPs
|
||||
checkClientIP();
|
||||
// check if session time has not expired
|
||||
// TODO
|
||||
if (($_SESSION['sec_sessionTime'] + (60 * $_SESSION['cfgMain']->sessionTimeout)) > time()) {
|
||||
// ok, update time
|
||||
$_SESSION['sec_sessionTime'] = time();
|
||||
}
|
||||
else {
|
||||
// session expired, logoff user
|
||||
logoffAndBackToLoginPage();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -83,4 +93,45 @@ function getValidUserDNs($dn) {
|
|||
return array("uid=test,o=test", "uid=test2,o=test");
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs off the user and displays the login page.
|
||||
*
|
||||
*/
|
||||
function logoffAndBackToLoginPage() {
|
||||
// delete key and iv in cookie
|
||||
if (function_exists('mcrypt_create_iv')) {
|
||||
setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
||||
setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/");
|
||||
}
|
||||
// close LDAP connection
|
||||
@$_SESSION["ldap"]->destroy();
|
||||
// link back to login page
|
||||
$paths = array('./', '../', '../../', '../../../');
|
||||
$page = 'login.php';
|
||||
for ($i = 0; $i < sizeof($paths); $i++) {
|
||||
if (file_exists($paths[$i] . $page)) {
|
||||
$page = $paths[$i] . $page;
|
||||
break;
|
||||
}
|
||||
}
|
||||
echo $_SESSION['header'];
|
||||
echo "<title></title>\n";
|
||||
echo "</head>\n";
|
||||
echo "<body>\n";
|
||||
// print JavaScript refresh
|
||||
echo "<script type=\"text/javascript\">\n";
|
||||
echo "top.location.href = \"" . $page . "\";\n";
|
||||
echo "</script>\n";
|
||||
// print link if refresh does not work
|
||||
echo "<p>\n";
|
||||
echo "<a target=\"_top\" href=\"" . $page . "\">" . _("Your session expired, click here to go back to the login page.") . "</a>\n";
|
||||
echo "</p>\n";
|
||||
echo "</body>\n";
|
||||
echo "</html>\n";
|
||||
// destroy session
|
||||
session_destroy();
|
||||
unset($_SESSION);
|
||||
die();
|
||||
}
|
||||
|
||||
?>
|
|
@ -70,30 +70,30 @@ echo $_SESSION['header'];
|
|||
|
||||
// check if submit button was pressed
|
||||
if ($_POST['submit']) {
|
||||
$errors = array();
|
||||
// set master password
|
||||
if (isset($_POST['masterpassword']) && ($_POST['masterpassword'] != "")) {
|
||||
if ($_POST['masterpassword'] && $_POST['masterpassword2'] && ($_POST['masterpassword'] == $_POST['masterpassword2'])) {
|
||||
$cfg->password = $_POST['masterpassword'];
|
||||
$cfg->save();
|
||||
$msg = _("New master password set successfully.");
|
||||
unset($_SESSION["mainconf_password"]);
|
||||
}
|
||||
else $error = _("Master passwords are different or empty!");
|
||||
else $errors[] = _("Master passwords are different or empty!");
|
||||
}
|
||||
// set session timeout
|
||||
$cfg->sessionTimeout = $_POST['sessionTimeout'];
|
||||
// save settings
|
||||
$cfg->save();
|
||||
// print messages
|
||||
if (sizeof($errors) > 0) {
|
||||
for ($i = 0; $i < sizeof($errors); $i++) StatusMessage("ERROR", $errors[$i]);
|
||||
}
|
||||
else {
|
||||
$msg = _("No changes were made.");
|
||||
StatusMessage("INFO", _("Your settings were successfully saved."));
|
||||
// back to login page
|
||||
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
|
||||
exit();
|
||||
}
|
||||
// print messages
|
||||
if ($error || $msg) {
|
||||
if ($error) StatusMessage("ERROR", "", $error);
|
||||
if ($msg) {
|
||||
StatusMessage("INFO", "", $msg);
|
||||
// back to login page
|
||||
echo "<p><a href=\"../login.php\">" . _("Back to login") . "</a></p>";
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else exit;
|
||||
}
|
||||
?>
|
||||
|
||||
|
@ -102,6 +102,40 @@ if ($_POST['submit']) {
|
|||
<form action="mainmanage.php" method="post">
|
||||
<table border="0">
|
||||
<tr><td>
|
||||
<fieldset>
|
||||
<legend><b> <?php echo _("Security settings"); ?> </b></legend>
|
||||
<p>
|
||||
<table cellspacing="0" border="0">
|
||||
<!-- session timeout -->
|
||||
<tr>
|
||||
<td align="right">
|
||||
<?php echo _("Session timeout"); ?>
|
||||
<SELECT name="sessionTimeout">
|
||||
<?php
|
||||
$options = array(5, 10, 20, 30, 60);
|
||||
for ($i = 0; $i < sizeof($options); $i++) {
|
||||
if ($cfg->sessionTimeout == $options[$i]) {
|
||||
echo "<option selected>" . $cfg->sessionTimeout . "</option>";
|
||||
}
|
||||
else {
|
||||
echo "<option>" . $options[$i] . "</option>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
</SELECT>
|
||||
</td>
|
||||
<td>
|
||||
<?PHP
|
||||
// help link
|
||||
echo "<a href=\"../help.php?HelpNumber=238\" target=\"lamhelp\">";
|
||||
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
|
||||
echo "</a>\n";
|
||||
?>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</fieldset>
|
||||
<BR>
|
||||
<fieldset>
|
||||
<legend><b> <?php echo _("Change master password"); ?> </b></legend>
|
||||
<p>
|
||||
|
@ -110,7 +144,7 @@ if ($_POST['submit']) {
|
|||
<tr>
|
||||
<td align="right">
|
||||
<FONT color="Red"><B>
|
||||
<?php echo _("New master password") . ":"; ?>
|
||||
<?php echo _("New master password"); ?>
|
||||
</B></FONT>
|
||||
<input type="password" name="masterpassword">
|
||||
</td>
|
||||
|
@ -126,7 +160,7 @@ if ($_POST['submit']) {
|
|||
<tr>
|
||||
<td align="right">
|
||||
<FONT color="Red"><B>
|
||||
<?php echo _("Reenter new master password") . ":"; ?>
|
||||
<?php echo _("Reenter new master password"); ?>
|
||||
</B></FONT>
|
||||
<input type="password" name="masterpassword2">
|
||||
</td>
|
||||
|
|
|
@ -367,6 +367,7 @@ if(!empty($_POST['checklogin']))
|
|||
// set security settings for session
|
||||
$_SESSION['sec_session_id'] = session_id();
|
||||
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
|
||||
$_SESSION['sec_sessionTime'] = time();
|
||||
// Load main frame
|
||||
include("./main.php");
|
||||
}
|
||||
|
@ -407,6 +408,7 @@ else
|
|||
$default_Config = new CfgMain();
|
||||
$default_Profile = $default_Config->default;
|
||||
$_SESSION["config"] = new Config($default_Profile); // Create new Config object
|
||||
$_SESSION["cfgMain"] = $default_Config; // Create new CfgMain object
|
||||
|
||||
display_LoginPage($_SESSION["config"]); // Load Login page
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue