sessionTimeout)) > time()) { // ok, update time $_SESSION['sec_sessionTime'] = time(); } else { // session expired, logoff user logoffAndBackToLoginPage(); } } /** * Checks if the client's IP address is on the list of allowed IPs. * The script is stopped if the host is not valid. * */ function checkClientIP() { if (isset($_SESSION['cfgMain'])) $cfg = $_SESSION['cfgMain']; else $cfg = new LAMCfgMain(); $allowedHosts = $cfg->allowedHosts; // skip test if no hosts are defined if ($allowedHosts == "") return; $allowedHosts = explode(",", $allowedHosts); $grantAccess = false; for ($i = 0; $i < sizeof($allowedHosts); $i++) { $host = $allowedHosts[$i]; $ipRegex = '^[0-9\\.\\*]+$'; if (!ereg($ipRegex, $host)) continue; $hostRegex = str_replace(".", "\\.", $host); $hostRegex = '^' . str_replace("*", ".*", $hostRegex) . '$'; $clientIP = $_SERVER['REMOTE_ADDR']; if (ereg($hostRegex, $clientIP)) { // client is allowed to access LAM $grantAccess = true; } } // stop script is client may not access LAM if (!$grantAccess) die(); } /** * Logs off the user and displays the login page. * */ function logoffAndBackToLoginPage() { // log message $ldapUser = $_SESSION['ldap']->decrypt_login(); logNewMessage(LOG_WARNING, 'Session of user ' . $ldapUser[0] . ' expired.'); // delete key and iv in cookie if (function_exists('mcrypt_create_iv')) { setcookie("Key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/"); setcookie("IV", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", 0, "/"); } // close LDAP connection @$_SESSION["ldap"]->destroy(); // link back to login page $paths = array('./', '../', '../../', '../../../'); $page = 'login.php'; for ($i = 0; $i < sizeof($paths); $i++) { if (file_exists($paths[$i] . $page)) { $page = $paths[$i] . $page; break; } } $page .= "?expired=yes"; echo $_SESSION['header']; echo "
\n"; echo "" . _("Your session expired, click here to go back to the login page.") . "\n"; echo "
\n"; echo "\n"; echo "