WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

check if user is logged in

This commit is contained in:
Roland Gruber 2017-02-11 17:11:37 +01:00
parent 5274f7d048
commit f405f7910b
28 changed files with 100 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lam/lib/account.inc
View File

@ -1467,6 +1467,22 @@ function validateReCAPTCHA($secretKey) {
return $responseJSON->{'success'} === true; return $responseJSON->{'success'} === true;
} }
/**
* Checks if the user is logged in. Stops script execution if not.
*
* @param boolean $check2ndFactor check if the 2nd factor was provided if required
*/
function enforceUserIsLoggedIn($check2ndFactor = true) {
if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login: ' . $_SERVER["SCRIPT_FILENAME"]);
die();
}
if ($check2ndFactor && isset($_SESSION['2factorRequired'])) {
die();
logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login (2nd factor not provided): ' . $_SERVER["SCRIPT_FILENAME"]);
}
}
class LAMException extends Exception { class LAMException extends Exception {
private $title; private $title;

1
lam/templates/3rdParty/pla/lib/session_functions.php vendored
View File

@ -21,6 +21,7 @@ function app_session_start() {
include_once '../../../../lib/config.inc'; include_once '../../../../lib/config.inc';
include_once '../../../../lib/ldap.inc'; include_once '../../../../lib/ldap.inc';
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
$config_file = CONFDIR.'config.php'; $config_file = CONFDIR.'config.php';
$config = check_config($config_file); $config = check_config($config_file);
# If we came via index.php, then set our $config. # If we came via index.php, then set our $config.

3
lam/templates/account/edit.php
View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2016 Roland Gruber 2005 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -47,6 +47,7 @@ include_once('../../lib/modules.inc');
// Start session // Start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// Redirect to startpage if user is not loged in // Redirect to startpage if user is not loged in
if (!isLoggedIn()) { if (!isLoggedIn()) {

1
lam/templates/delete.php
View File

@ -49,6 +49,7 @@ include_once('../lib/modules.inc');
// Start session // Start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
if (!checkIfWriteAccessIsAllowed()) { if (!checkIfWriteAccessIsAllowed()) {
die(); die();

3
lam/templates/initsuff.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2015 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
if (!checkIfWriteAccessIsAllowed()) { if (!checkIfWriteAccessIsAllowed()) {
die(); die();

3
lam/templates/lists/deletelink.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2007 - 2013 Roland Gruber Copyright (C) 2007 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
setlanguage(); setlanguage();

3
lam/templates/lists/list.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -38,6 +38,7 @@ include_once("../../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
setlanguage(); setlanguage();

3
lam/templates/lists/userlink.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2010 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
setlanguage(); setlanguage();

3
lam/templates/logout.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -44,6 +44,7 @@ include_once("../lib/ldap.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// log message // log message
$ldapUser = $_SESSION['ldap']->decrypt_login(); $ldapUser = $_SESSION['ldap']->decrypt_login();

3
lam/templates/main.php
View File

@ -4,7 +4,7 @@ namespace LAM\INIT;
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,6 +36,7 @@ include_once '../lib/profiles.inc';
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
setlanguage(); setlanguage();

8
lam/templates/misc/ajax.php
View File

@ -63,6 +63,7 @@ class lamAjax {
validateSecurityToken(false); validateSecurityToken(false);
if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) { if (isset($_GET['module']) && isset($_GET['scope']) && in_array($_GET['module'], getAvailableModules($_GET['scope']))) {
enforceUserIsLoggedIn();
if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) { if (isset($_GET['useContainer']) && ($_GET['useContainer'] == '1')) {
if (!isset($_SESSION['account'])) die(); if (!isset($_SESSION['account'])) die();
$module = $_SESSION['account']->getAccountModule($_GET['module']); $module = $_SESSION['account']->getAccountModule($_GET['module']);
@ -82,12 +83,13 @@ class lamAjax {
} }
$jsonInput = $_POST['jsonInput']; $jsonInput = $_POST['jsonInput'];
if ($function == 'passwordStrengthCheck') {
lamAjax::checkPasswordStrength($jsonInput);
}
enforceUserIsLoggedIn();
if ($function == 'passwordChange') { if ($function == 'passwordChange') {
lamAjax::managePasswordChange($jsonInput); lamAjax::managePasswordChange($jsonInput);
} }
elseif ($function == 'passwordStrengthCheck') {
lamAjax::checkPasswordStrength($jsonInput);
}
elseif ($function == 'upload') { elseif ($function == 'upload') {
include_once('../../lib/upload.inc'); include_once('../../lib/upload.inc');
$typeManager = new \LAM\TYPES\TypeManager(); $typeManager = new \LAM\TYPES\TypeManager();

3
lam/templates/multiEdit.php
View File

@ -21,7 +21,7 @@ use \htmlInputTextarea;
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2013 - 2016 Roland Gruber Copyright (C) 2013 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -57,6 +57,7 @@ include_once("../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

1
lam/templates/ou_edit.php
View File

@ -50,6 +50,7 @@ include_once("../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

4
lam/templates/pdfedit/pdfmain.php
View File

@ -15,13 +15,12 @@ use \htmlInputFileUpload;
use \htmlHelpLink; use \htmlHelpLink;
use \htmlInputField; use \htmlInputField;
use \htmlHiddenInput; use \htmlHiddenInput;
use \htmlDiv;
/* /*
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner Copyright (C) 2003 - 2006 Michael Duergner
2005 - 2016 Roland Gruber 2005 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -60,6 +59,7 @@ include_once("../../lib/modules.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/pdfedit/pdfpage.php
View File

@ -19,7 +19,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner Copyright (C) 2003 - 2006 Michael Duergner
2007 - 2016 Roland Gruber 2007 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -62,6 +62,7 @@ include_once('../../lib/xml_parser.inc');
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/profedit/profilemain.php
View File

@ -18,7 +18,7 @@ use \htmlInputField;
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -54,6 +54,7 @@ include_once("../../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/profedit/profilepage.php
View File

@ -12,7 +12,7 @@ use \htmlHiddenInput;
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2016 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -52,6 +52,7 @@ include_once("../../lib/status.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/schema/schema.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
Copyright (C) 2004 David Smith Copyright (C) 2004 David Smith
modified to fit for LDAP Account Manager 2005 - 2012 Roland Gruber modified to fit for LDAP Account Manager 2005 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -42,6 +42,7 @@ require_once("../../lib/schema.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
checkIfToolIsActive('toolSchemaBrowser'); checkIfToolIsActive('toolSchemaBrowser');

3
lam/templates/serverInfo.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2009 - 2012 Roland Gruber Copyright (C) 2009 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -35,6 +35,7 @@ include_once("../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
checkIfToolIsActive('toolServerInformation'); checkIfToolIsActive('toolServerInformation');

3
lam/templates/tests/index.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2012 Roland Gruber Copyright (C) 2006 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -35,6 +35,7 @@ include_once("../../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/tests/lamdaemonTest.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2006 - 2016 Roland Gruber Copyright (C) 2006 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,6 +36,7 @@ include_once("../../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/tests/schemaTest.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2007 - 2016 Roland Gruber Copyright (C) 2007 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -39,6 +39,7 @@ include_once("../../lib/schema.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// die if no write access // die if no write access
if (!checkIfWriteAccessIsAllowed()) die(); if (!checkIfWriteAccessIsAllowed()) die();

3
lam/templates/tools.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2011 Roland Gruber Copyright (C) 2003 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -37,6 +37,7 @@ include_once("../lib/tools.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
setlanguage(); setlanguage();

3
lam/templates/tree/treeViewContainer.php
View File

@ -3,7 +3,7 @@
$Id$ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2010 - 2011 Roland Gruber Copyright (C) 2010 - 2017 Roland Gruber
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,6 +36,7 @@ include_once("../../lib/config.inc");
// start session // start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
setlanguage(); setlanguage();

1
lam/templates/upload/massBuildAccounts.php
View File

@ -48,6 +48,7 @@ include_once('../../lib/modules.inc');
// Start session // Start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// check if this tool may be run // check if this tool may be run
checkIfToolIsActive('toolFileUpload'); checkIfToolIsActive('toolFileUpload');

1
lam/templates/upload/massDoUpload.php
View File

@ -45,6 +45,7 @@ include_once('../../lib/pdf.inc');
// Start session // Start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// check if this tool may be run // check if this tool may be run
checkIfToolIsActive('toolFileUpload'); checkIfToolIsActive('toolFileUpload');

1
lam/templates/upload/masscreate.php
View File

@ -62,6 +62,7 @@ include_once('../../lib/upload.inc');
// Start session // Start session
startSecureSession(); startSecureSession();
enforceUserIsLoggedIn();
// check if this tool may be run // check if this tool may be run
checkIfToolIsActive('toolFileUpload'); checkIfToolIsActive('toolFileUpload');

1
lam/tmp/.gitignore vendored
View File

@ -1 +0,0 @@
/*.jpg