public function __construct($host = UL_LDAP_DEFAULT_HOST, $port = UL_LDAP_DEFAULT_PORT, $enc = UL_LDAP_DEFAULT_ENCRYPTION) { $constr = "{$host}:{$port}"; if ($enc == 'SSL') { if (!ulUtils::BeginsWith($host, 'ldaps:')) { $constr = "ldaps://{$constr}"; } } else { if (!ulUtils::BeginsWith($host, 'ldaps:')) { $constr = "ldap://{$constr}"; } } $this->con = ldap_connect($constr, $port); if ($this->con === false) { return; } if (!ldap_set_option($this->con, LDAP_OPT_PROTOCOL_VERSION, 3)) { $this->Fail(); } if (!ldap_set_option($this->con, LDAP_OPT_REFERRALS, 0)) { $this->Fail(); } if ($enc == 'TLS' && !ldap_start_tls($this->con)) { $this->Fail(); } }
public static function Clean() { // We have found a nonce, invalidate it $now = ulUtils::nowstring(); $stmt = ulPdoDb::Prepare('session', 'DELETE FROM ul_nonces WHERE nonce_expires<?'); if (!ulPdoDb::BindExec($stmt, NULL, array(&$now, 'str'))) { ul_db_fail(); return false; } return true; }
public static function SetBlock($ip, $block) { $stmt = NULL; $query_ret = true; if ($block > 0) { // Insert new IP, or extend block if it already exists $block_expires = ulUtils::date_seconds_add(new DateTime(), $block)->format(UL_DATETIME_FORMAT); $stmt = ulPdoDb::Prepare('log', 'INSERT INTO ul_blocked_ips (ip, block_expires) VALUES (?, ?)'); $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str', &$block_expires, 'str')); if (!$query_ret && ulPdoDb::ErrorCode() == '23000') { // IP already in the list, so update $stmt = ulPdoDb::Prepare('log', 'UPDATE ul_blocked_ips SET block_expires=? WHERE ip=?'); $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$ip, 'str')); } } else { $stmt = ulPdoDb::Prepare('log', 'DELETE FROM ul_blocked_ips WHERE ip=?'); $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str')); } if (!$query_ret || $stmt->rowCount() == 0) { ul_db_fail(); return false; } return true; }
public static function CurrentURL($per_client = false, $prot = NULL) { $host = NULL; if ($per_client) { $host = $_SERVER['HTTP_HOST']; } else { $host = UL_DOMAIN; if (empty($host)) { $host = SERVER_NAME; } } if ($prot == NULL) { if (ulUtils::IsHTTPS()) { $prot = 'https'; } else { $prot = 'http'; } } return $prot . '://' . $host . $_SERVER['REQUEST_URI']; }
public function SetAutologin($username, $enable) { // Set SSL level $httpsOnly = ulUtils::IsHTTPS(); // Cookie-name $autologin_name = 'AutoLogin'; if ($enable == true) { if (!$this->Backend->IsAutoLoginAllowed()) { return false; } // Validate user input if (!self::ValidateUsername($username)) { return false; } // Check whetehr the user exists $uid = $this->Uid($username); if ($uid === false) { return false; } // Cookie expiry $expire = time() + UL_AUTOLOGIN_EXPIRE; // We store a nonce in the cookie so that it can only be used once $nonce = ulNonce::Create("{$username}-autologin", UL_AUTOLOGIN_EXPIRE, true); // HMAC // Used to verify that cookie really comes from us $hmac = hash_hmac(UL_HMAC_FUNC, "{$username}:::{$nonce}", UL_SITE_KEY); // Construct contents $autologin_data = "{$username}:::{$nonce}:::{$hmac}"; // Set autologin cookie setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true); } else { // Cookie expiry $expire = time() - 3600 * 24 * 365; $autologin_data = ''; // Set autologin cookie setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true); } return true; }
public static function GetFrequencyForIp($ip, $action, $window) { if (UL_LOG == false) { // We don't have the required information return false; } // Get the number of login attempts to an account $ip_login_attempts = 0; $time_before_window = ulUtils::date_seconds_sub(new DateTime(), $window)->format(UL_DATETIME_FORMAT); $stmt = ulPdoDb::Prepare('log', 'SELECT COUNT(*) FROM ul_log WHERE action=? AND timestamp>? AND ip=?'); if (!ulPdoDb::BindExec($stmt, array(&$ip_login_attempts, 'int'), array(&$action, 'str', &$time_before_window, 'str', &$ip, 'str'))) { return false; } ulPdoDb::Fetch($stmt); return $ip_login_attempts; }
function generate_keys() { for ($i = 0; $i < 10; ++$i) { $key = ulUtils::RandomBytes(42, true); echo "{$key}<br>"; } }
public function gc() { $now = ulUtils::nowstring(); // Delete old sessions $stmt = ulPdoDb::Prepare('session', 'DELETE FROM ul_sessions WHERE session_expires<=?'); ulPdoDb::BindExec($stmt, NULL, array(&$now, 'str')); return true; }
public static function sessionDestroy() { ulLog::DebugLog('Destroying session data.', 1); $_SESSION = array(); setcookie(session_name(), '', time() - 42000, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, ulUtils::IsHTTPS(), true); session_destroy(); self::$SessionStore = NULL; self::$SessionRunning = false; }
<?php if (php_sapi_name() != 'cli') { if (UL_PREVENT_CLICKJACK) { header('X-Frame-Options: SAMEORIGIN'); } if (UL_HTTPS || UL_HSTS > 0) { if (!ulUtils::IsHTTPS()) { header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . ulUtils::CurrentURL(true, 'https')); exit(0); } else { if (UL_HSTS > 0) { header('Strict-Transport-Security: max-age=' . (string) UL_HSTS); } } } }
public function BlockUser($uid, $block_secs) { $stmt = NULL; $query_ret = true; if ($block_secs > 0) { $block_expires = ulUtils::date_seconds_add(new DateTime(), $block_secs)->format(UL_DATETIME_FORMAT); $stmt = ulPdoDb::Prepare('update', 'UPDATE ul_logins SET block_expires=? WHERE id=?'); $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$uid, 'int')); } else { $past = date_format(date_create('1000 years ago'), UL_DATETIME_FORMAT); $stmt = ulPdoDb::Prepare('update', 'UPDATE ul_logins SET block_expires=? WHERE id=?'); $query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$past, 'str', &$uid, 'int')); } if ($query_ret === false) { ul_db_fail(); return ulLoginBackend::BACKEND_ERROR; } if ($stmt->rowCount() == 0) { return ulLoginBackend::NO_SUCH_USER; } return true; }
public static function Create($action, $expire = UL_NONCE_EXPIRE, $persistent = false) { $code = ulUtils::RandomBytes(16, true); $hashed_code = hash(UL_HMAC_FUNC, $code); if ($persistent === true) { self::StorePersistent($action, $hashed_code, $expire); } else { self::StoreVolatile($action, $hashed_code, $expire); } return $code; }
<?php // ******************************** // DO NOT MODIFY // ******************************** $returnUrl = ulUtils::CurrentURL(); $sig_request = Duo::signRequest(UL_DUOSEC_IKEY, UL_DUOSEC_SKEY, UL_DUOSEC_AKEY, $uid); // ******************************** // MAKE MODIFICATION BELOW WHERE NOTED // If possible, only insert but do not modify // ******************************** // ******************************** // Your HTML here // doctype, head, title etc. // ******************************** ?> <script src="<?php echo UL_DUOSEC_JQUERY_URI; ?> "></script> <script src="<?php echo UL_DUOSEC_JS_URL; ?> "></script> <script> Duo.init({ 'host':'<?php echo UL_DUOSEC_HOST; ?> ', 'post_action':'<?php
private static function GetSaltFromHash($hash) { if (ulUtils::BeginsWith($hash, '{SSHA}')) { $hash = base64_decode(substr($hash, 6)); return '{SSHA}' . substr($hash, 20); } else { if (ulUtils::BeginsWith($hash, '{SHA}')) { return '{SHA}'; } else { if (ulUtils::BeginsWith($hash, '{SMD5}')) { $hash = base64_decode(substr($hash, 6)); return '{SMD5}' . substr($hash, 16); } else { if (ulUtils::BeginsWith($hash, '{MD5}')) { return '{MD5}'; } else { if (ulUtils::BeginsWith($hash, '{CRYPT}')) { $hash = substr($hash, 7); return '{CRYPT}' . substr($hash, 0, 29); } else { if (ulUtils::BeginsWith($hash, '{PBKDF2}')) { $parts = explode(':', $hash); array_pop($parts); return implode(':', $parts); } else { return substr($hash, 0, 29); } } } } } } }