function osTicketSession($ttl = 0)
 {
     $this->ttl = $ttl ?: ini_get('session.gc_maxlifetime') ?: SESSION_TTL;
     // Set osTicket specific session name.
     session_name('OSTSESSID');
     // Forced cleanup on shutdown
     register_shutdown_function('session_write_close');
     // Set session cleanup time to match TTL
     ini_set('session.gc_maxlifetime', $ttl);
     if (OsticketConfig::getDBVersion()) {
         return session_start();
     }
     # Cookies
     // Avoid setting a cookie domain without a dot, thanks
     // http://stackoverflow.com/a/1188145
     $domain = null;
     if (isset($_SERVER['HTTP_HOST']) && strpos($_SERVER['HTTP_HOST'], '.') !== false && !Validator::is_ip($_SERVER['HTTP_HOST'])) {
         // Remote port specification, as it will make an invalid domain
         list($domain) = explode(':', $_SERVER['HTTP_HOST']);
     }
     session_set_cookie_params($ttl, ROOT_PATH, $domain, osTicket::is_https());
     //Set handlers.
     session_set_save_handler(array(&$this, 'open'), array(&$this, 'close'), array(&$this, 'read'), array(&$this, 'write'), array(&$this, 'destroy'), array(&$this, 'gc'));
     //Start the session.
     session_start();
 }
 function osTicketSession($ttl = 0)
 {
     $this->ttl = $ttl ?: ini_get('session.gc_maxlifetime') ?: SESSION_TTL;
     // Set osTicket specific session name.
     session_name('OSTSESSID');
     // Forced cleanup on shutdown
     register_shutdown_function('session_write_close');
     // Set session cleanup time to match TTL
     ini_set('session.gc_maxlifetime', $ttl);
     if (OsticketConfig::getDBVersion()) {
         return session_start();
     }
     # Cookies
     // Avoid setting a cookie domain without a dot, thanks
     // http://stackoverflow.com/a/1188145
     $domain = null;
     if (isset($_SERVER['HTTP_HOST']) && strpos($_SERVER['HTTP_HOST'], '.') !== false && !Validator::is_ip($_SERVER['HTTP_HOST'])) {
         // Remote port specification, as it will make an invalid domain
         list($domain) = explode(':', $_SERVER['HTTP_HOST']);
     }
     session_set_cookie_params($ttl, ROOT_PATH, $domain, osTicket::is_https());
     if (!defined('SESSION_BACKEND')) {
         define('SESSION_BACKEND', 'db');
     }
     try {
         $bk = SESSION_BACKEND;
         if (!class_exists(self::$backends[$bk])) {
             $bk = 'db';
         }
         $this->backend = new self::$backends[$bk]($this->ttl);
     } catch (Exception $x) {
         // Use the database for sessions
         trigger_error($x->getMessage(), E_USER_WARNING);
         $this->backend = new self::$backends['db']($this->ttl);
     }
     if ($this->backend instanceof SessionBackend) {
         // Set handlers.
         session_set_save_handler(array($this->backend, 'open'), array($this->backend, 'close'), array($this->backend, 'read'), array($this->backend, 'write'), array($this->backend, 'destroy'), array($this->backend, 'gc'));
     }
     // Start the session.
     session_start();
 }
 function add($ip, &$errors)
 {
     global $cfg;
     $passphrase = $cfg->getAPIPassphrase();
     if (!$passphrase) {
         $errors['err'] = 'Senha API faltando.';
     }
     if (!$ip || !Validator::is_ip($ip)) {
         $errors['ip'] = 'IP válido obrigatório';
     } elseif (Api::getKey($ip)) {
         $errors['ip'] = 'Chave API para o IP já existe';
     }
     $id = 0;
     if (!$errors) {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET created=NOW(), updated=NOW(), isactive=1' . ',ipaddr=' . db_input($ip) . ',apikey=' . db_input(strtoupper(md5($ip . md5($passphrase))));
         //Security of the apikey is not as critical at the moment
         if (db_query($sql)) {
             $id = db_insert_id();
         }
     }
     return $id;
 }
 function add($ip, &$errors)
 {
     global $cfg;
     $passphrase = $cfg->getAPIPassphrase();
     if (!$passphrase) {
         $errors['err'] = 'API passphrase missing.';
     }
     if (!$ip || !Validator::is_ip($ip)) {
         $errors['ip'] = 'Valid IP required';
     } elseif (Api::getKey($ip)) {
         $errors['ip'] = 'API key for the IP already exists';
     }
     $id = 0;
     if (!$errors) {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET created=NOW(), updated=NOW(), isactive=1' . ',ipaddr=' . db_input($ip) . ',apikey=' . db_input(strtoupper(md5($ip . md5($passphrase))));
         //Security of the apikey is not as critical at the moment
         if (db_query($sql)) {
             $id = db_insert_id();
         }
     }
     return $id;
 }
 function add($ip, &$errors)
 {
     global $cfg;
     $passphrase = $cfg->getAPIPassphrase();
     if (!$passphrase) {
         $errors['err'] = 'Falta la frase secreta de la API.';
     }
     if (!$ip || !Validator::is_ip($ip)) {
         $errors['ip'] = 'Se requiere una IP válida';
     } elseif (Api::getKey($ip)) {
         $errors['ip'] = 'Clave API para esta IP ya existe';
     }
     $id = 0;
     if (!$errors) {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET created=NOW(), updated=NOW(), isactive=1' . ',ipaddr=' . db_input($ip) . ',apikey=' . db_input(strtoupper(md5($ip . md5($passphrase))));
         //Security of the apikey is not as critical at the moment
         if (db_query($sql)) {
             $id = db_insert_id();
         }
     }
     return $id;
 }
Beispiel #6
0
            case EX_NOINPUT:
            default:
                Http::response(416, $code, 'text/plain');
        }
    }
    exit($code);
}
//Remote hosts need authorization.
if ($remotehost) {
    //Upto 10 consecutive errors allowed...before a 5 minute timeout.
    //One more error during timeout and timeout starts a new clock
    if ($_SESSION['api']['errors'] > 10 && time() - $_SESSION['api']['time'] <= 5 * 50) {
        // timeout!
        api_exit(EX_NOPERM, 'Host in Timeout');
    }
    //Check IP
    $ip = $_SERVER['REMOTE_ADDR'];
    if (!Validator::is_ip($ip) || !$cfg->isKnownHost($ip)) {
        //unknown IP
        api_exit(EX_NOPERM, 'Unknown remote host [' . $ip . ']');
    }
    //For added security...check API pass phrase.
    $key = $_SERVER['HTTP_USER_AGENT'];
    //pulling all tricks.
    if (empty($key) || strcasecmp($key, md5($cfg->getAPIKey()))) {
        api_exit(EX_NOPERM, 'Invalid API Key [' . $key . ']');
    }
    //At this point we know the remote host/IP is allowed.
    $_SESSION['api']['errors'] = 0;
    //clear errors for the session.
}
Beispiel #7
0
                break;
            case EX_NOPERM:
                Http::response(403, $code, 'text/plain');
                break;
            case EX_DATAERR:
            case EX_NOINPUT:
            default:
                Http::response(416, $code, 'text/plain');
        }
    }
    exit($code);
}
//Remote hosts need authorization.
if ($remotehost) {
    $ip = $_SERVER['REMOTE_ADDR'];
    $key = $_SERVER['HTTP_USER_AGENT'];
    //pulling all tricks.
    //Upto 10 consecutive errors allowed...before a 5 minute timeout.
    //One more error during timeout and timeout starts a new clock
    if ($_SESSION['api']['errors'] > 10 && time() - $_SESSION['api']['time'] <= 5 * 60) {
        // timeout!
        api_exit(EX_NOPERM, "Remote host [{$ip}] in timeout - error #" . $_SESSION['api']['errors']);
    }
    //Check API key & ip
    if (!Validator::is_ip($ip) || !Api::validate($key, $ip)) {
        api_exit(EX_NOPERM, 'Unknown remote host [' . $ip . '] or invalid API key [' . $key . ']');
    }
    //At this point we know the remote host/IP is allowed.
    $_SESSION['api']['errors'] = 0;
    //clear errors for the session.
}
Beispiel #8
0
 function save($id, $vars, &$errors)
 {
     if (!$id && (!$vars['ipaddr'] || !Validator::is_ip($vars['ipaddr']))) {
         $errors['ipaddr'] = 'Valid IP required';
     }
     if ($errors) {
         return false;
     }
     $sql = ' updated=NOW() ' . ',isactive=' . db_input($vars['isactive']) . ',can_create_tickets=' . db_input($vars['can_create_tickets']) . ',can_exec_cron=' . db_input($vars['can_exec_cron']) . ',notes=' . db_input($vars['notes']);
     if ($id) {
         $sql = 'UPDATE ' . API_KEY_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id);
         if (db_query($sql)) {
             return true;
         }
         $errors['err'] = 'Unable to update API key. Internal error occurred';
     } else {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET ' . $sql . ',created=NOW() ' . ',ipaddr=' . db_input($vars['ipaddr']) . ',apikey=' . db_input(strtoupper(md5(time() . $vars['ipaddr'] . md5(Misc::randCode(16)))));
         if (db_query($sql) && ($id = db_insert_id())) {
             return $id;
         }
         $errors['err'] = 'Unable to add API key. Try again!';
     }
     return false;
 }
Beispiel #9
0
 function save($id, $vars, &$errors)
 {
     if (!$id && (!$vars['ipaddr'] || !Validator::is_ip($vars['ipaddr']))) {
         $errors['ipaddr'] = __('Valid IP is required');
     }
     if ($errors) {
         return false;
     }
     $sql = ' updated=NOW() ' . ',isactive=' . db_input($vars['isactive']) . ',can_create_tickets=' . db_input($vars['can_create_tickets']) . ',can_exec_cron=' . db_input($vars['can_exec_cron']) . ',notes=' . db_input(Format::sanitize($vars['notes']));
     if ($id) {
         $sql = 'UPDATE ' . API_KEY_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id);
         if (db_query($sql)) {
             return true;
         }
         $errors['err'] = sprintf(__('Unable to update %s.'), __('this API key')) . ' ' . __('Internal error occurred');
     } else {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET ' . $sql . ',created=NOW() ' . ',ipaddr=' . db_input($vars['ipaddr']) . ',apikey=' . db_input(strtoupper(md5(time() . $vars['ipaddr'] . md5(Misc::randCode(16)))));
         if (db_query($sql) && ($id = db_insert_id())) {
             return $id;
         }
         $errors['err'] = sprintf(__('Unable to add %s. Correct error(s) below and try again.'), __('this API key'));
     }
     return false;
 }
Beispiel #10
0
 function save($id, $vars, &$errors)
 {
     if (!$id) {
         if (!$vars['ipaddr'] || !Validator::is_ip($vars['ipaddr'])) {
             $errors['ipaddr'] = 'Valid IP required';
         } elseif (API::getKeyByIPAddr($vars['ipaddr'])) {
             $errors['ipaddr'] = 'API key for the IP already exists';
         }
     }
     if ($errors) {
         return false;
     }
     $sql = ' updated=NOW() ' . ',isactive=' . db_input($vars['isactive']) . ',notes=' . db_input($vars['notes']);
     if ($id) {
         $sql = 'UPDATE ' . API_KEY_TABLE . ' SET ' . $sql . ' WHERE id=' . db_input($id);
         if (db_query($sql)) {
             return true;
         }
         $errors['err'] = 'Unable to update API key. Internal error occurred';
     } else {
         $sql = 'INSERT INTO ' . API_KEY_TABLE . ' SET ' . $sql . ',created=NOW() ' . ',ipaddr=' . db_input($vars['ipaddr']) . ',apikey=' . db_input(strtoupper(md5(time() . $vars['ipaddr'] . md5(Misc::randcode(16)))));
         if (db_query($sql) && ($id = db_insert_id())) {
             return $id;
         }
         $errors['err'] = 'Unable to add API key. Internal error';
     }
     return false;
 }