function authenticate() { error_log("1) Auth user:{$_SERVER['PHP_AUTH_USER']} password:{$_SERVER['PHP_AUTH_PW']}"); if (!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['PHP_AUTH_PW'])) { return false; } $_POST["artica_username"] = $_SERVER['PHP_AUTH_USER']; $_POST["artica_password"] = $_SERVER['PHP_AUTH_PW']; include "ressources/settings.inc"; if ($_POST["artica_username"] == $_GLOBAL["ldap_admin"]) { if ($_POST["artica_password"] != $_GLOBAL["ldap_password"]) { artica_mysql_events("Failed to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]}", @implode("\n", $notice), "security", "security"); return false; } else { artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as SuperAdmin", @implode("\n", $notice), "security", "security"); //session_start(); $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_POST["artica_password"]; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes" '; return true; } } writelogs('This is not Global admin, so test user...', __FUNCTION__, __FILE__); $u = new user($_POST["artica_username"]); $userPassword = $u->password; if (trim($u->uidNumber) == null) { writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); return false; } if (trim($_POST["artica_password"]) != trim($userPassword)) { return false; } if (trim($_POST["artica_password"]) == trim($userPassword)) { $ldap = new clladp(); $users = new usersMenus(); $privs = new privileges($u->uid); $privileges_array = $privs->privs; setcookie("mem-logon-user", $_POST["artica_username"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["privs"] = $privileges_array; $_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"]; $_SESSION["uid"] = $_POST["artica_username"]; $_SESSION["passwd"] = $_POST["artica_password"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; $_SESSION["groupid"] = $ldap->UserGetGroups($_POST["artica_username"], 1); $_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled; $_SESSION["MailboxActive"] = $u->MailboxActive; $_SESSION["ou"] = $u->ou; $_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas); $lang = new articaLang(); writelogs("[{$_POST["artica_username"]}]: Default organization language={$_SESSION["OU_LANG"]}", __FUNCTION__, __FILE__); if (trim($_SESSION["OU_LANG"]) != null) { $_SESSION["detected_lang"] = $_SESSION["OU_LANG"]; setcookie("artica-language", $_SESSION["OU_LANG"], time() + 172800); } else { setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $lang->get_languages(); } $users->_TranslateRights($privileges_array, true); if (!$users->AsSquidAdministrator) { artica_mysql_events("failed to logon on the Artica Squid Stats Web console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); writelogs("[{$_POST["artica_username"]}]: This is not an user =>admin.index.php", __FUNCTION__, __FILE__); return false; } } return true; }
function logon() { include "ressources/settings.inc"; $sock = new sockets(); $_POST["artica_password"] = url_decode_special($_POST["artica_password"]); writelogs("Testing logon....{$_POST["artica_username"]}", __FUNCTION__, __FILE__, __LINE__); writelogs("Testing logon.... password:{$_POST["artica_password"]}", __FUNCTION__, __FILE__, __LINE__); $_COOKIE["artica-language"] = $_POST["lang"]; $FileCookyKey = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"]); $sock->SET_INFO($FileCookyKey, $_POST["Changelang"]); $socks = new sockets(); if (!$socks->TestArticaPort()) { if (is_file("ressources/logs/boa.start")) { $boa_error = file_get_contents("ressources/logs/boa.start"); } echo "Unable to connect to Artica daemon port:{$boa_error}"; exit; } while (list($index, $value) = each($_SERVER)) { $notice[] = "{$index}:{$value}"; } if ($_POST["artica_username"] == $_GLOBAL["ldap_admin"]) { if ($_POST["artica_password"] != $_GLOBAL["ldap_password"]) { writelogs("Testing logon.... password:{$_POST["artica_password"]}!==\"{$_GLOBAL["ldap_password"]}\"", __FUNCTION__, __FILE__, __LINE__); artica_mysql_events("Failed to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]}", @implode("\n", $notice), "security", "security"); echo "bad password"; return null; } else { artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as SuperAdmin", @implode("\n", $notice), "security", "security"); //session_start(); $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_POST["artica_password"]; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes" '; $tpl = new templates(); echo "location:admin.index.php"; exit; } } writelogs('This is not Global admin, so test user...', __FUNCTION__, __FILE__); $u = new user($_POST["artica_username"]); $userPassword = $u->password; if (trim($u->uidNumber) == null) { writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); echo "Unknown user"; return null; } if (trim($_POST["artica_password"]) == trim($userPassword)) { $ldap = new clladp(); $users = new usersMenus(); $privs = new privileges($u->uid); $privileges_array = $privs->privs; setcookie("mem-logon-user", $_POST["artica_username"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["privs"] = $privileges_array; $_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"]; $_SESSION["uid"] = $_POST["artica_username"]; $_SESSION["passwd"] = $_POST["artica_password"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; $_SESSION["groupid"] = $ldap->UserGetGroups($_POST["artica_username"], 1); $_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled; $_SESSION["MailboxActive"] = $u->MailboxActive; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; $_SESSION["ou"] = $u->ou; $_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas); $lang = new articaLang(); writelogs("[{$_POST["artica_username"]}]: Default organization language={$_SESSION["OU_LANG"]}", __FUNCTION__, __FILE__); if (trim($_SESSION["OU_LANG"]) != null) { $_SESSION["detected_lang"] = $_SESSION["OU_LANG"]; setcookie("artica-language", $_SESSION["OU_LANG"], time() + 172800); } else { setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $lang->get_languages(); } $users->_TranslateRights($privileges_array, true); if (!$users->IfIsAnuser(true)) { artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); writelogs("[{$_POST["artica_username"]}]: This is not an user =>admin.index.php", __FUNCTION__, __FILE__); echo "location:admin.index.php"; return null; } writelogs("[{$_POST["artica_username"]}]: IS AN USER =>../user-backup/logon.php", __FUNCTION__, __FILE__); $tpl = new templates(); $array["USERNAME"] = $_POST["artica_username"]; $array["PASSWORD"] = md5($_POST["artica_username"]); $credentials = base64_encode(serialize($array)); artica_mysql_events("Success to redirect on the end-user management console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); echo "location:../user-backup/logon.php?credentials={$credentials}"; return null; exit; } else { writelogs("[{$_POST["artica_username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__); artica_mysql_events("Failed to logon on the management console as user from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security"); echo "bad password"; return null; } }
function checklogon($Aspost = false) { include_once dirname(__FILE__) . "/ressources/class.user.inc"; include "ressources/settings.inc"; $username = $_POST["username"]; $_POST["password"] = url_decode_special_tool($_POST["password"]); $password = trim($_POST["password"]); $users = new usersMenus(); if ($users->WEBSTATS_APPLIANCE) { $users->SQUID_INSTALLED = true; } //echo $username."\n$password\n"; if ($password == null) { if ($Aspost) { MainPage("Bad password"); return; } echo "Bad password"; return; } if (trim(strtolower($username)) == trim(strtolower($_GLOBAL["ldap_admin"]))) { $passwordMD = md5(trim($_GLOBAL["ldap_password"])); if ($password == $passwordMD) { $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_GLOBAL["ldap_password"]; $_SESSION["CORP"] = $users->CORP_LICENSE; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes"'; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; $_SESSION["AsWebStatisticsAdministrator"] = true; if ($Aspost) { header("location:miniadm.index.php"); return; } return; } } if ($users->SQUID_INSTALLED) { $q = new mysql_squid_builder(); $passwordMD = md5($password); $sql = "SELECT webfilters_sqitems.gpid AS maingpid\n\t\t\tFROM webfilters_sqacllinks, webfilters_sqgroups, webfilters_sqitems, webfilters_sqacls\n\t\t\tWHERE webfilters_sqacllinks.gpid = webfilters_sqgroups.ID\n\t\t\tAND webfilters_sqacllinks.aclid = webfilters_sqacls.ID\n\t\t\tAND webfilters_sqgroups.ID = webfilters_sqitems.gpid\n\t\t\tAND webfilters_sqacls.enabled =1\n\t\t\tAND webfilters_sqgroups.enabled =1\n\t\t\tAND webfilters_sqitems.enabled =1\n\t\t\tAND webfilters_sqgroups.GroupType = 'dynamic_acls'\n\t\t\tAND webfilters_sqitems.pattern = '{$username}:{$passwordMD}'"; $results = $q->QUERY_SQL($sql); if (!$q->mysql_error) { echo $q->mysql_error; } $CountDerules = mysql_num_rows($results); writelogs("{$username}::webfilters_sqitems:: {$CountDerules} rules", __FUNCTION__, __FILE__, __LINE__); if ($CountDerules > 0) { writelogs("{$username}::webfilters_sqitems:: Building rules....", __FUNCTION__, __FILE__, __LINE__); while ($ligne = mysql_fetch_assoc($results)) { $_SESSION["SQUID_DYNAMIC_ACLS_VIRTUALS"][$ligne["maingpid"]] = true; } $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; $_SESSION["VirtAclUser"] = true; $_SESSION["ou"] = "Proxy Service"; $_SESSION["CORP"] = $users->CORP_LICENSE; setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $username; $_SESSION["privileges"]["ArticaGroupPrivileges"] = array(); BuildSession($username); if ($Aspost) { header("location:miniadm.index.php"); return; } return; } } writelogs("{$username}:: Continue, processing....", __FUNCTION__, __FILE__, __LINE__); $ldap = new clladp(); $IsKerbAuth = $ldap->IsKerbAuth(); writelogs("{$username}:: Is AD -> {$IsKerbAuth}", __FUNCTION__, __FILE__, __LINE__); if ($ldap->IsKerbAuth()) { $external_ad_search = new external_ad_search(); if ($external_ad_search->CheckUserAuth($username, $password)) { $users = new usersMenus(); $privs = new privileges($_POST["username-logon"]); $privileges_array = $privs->privs; $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; $_SESSION["VirtAclUser"] = false; setcookie("mem-logon-user", $_POST["username-logon"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $_POST["username-logon"]; $_SESSION["passwd"] = $_POST["username-logon"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; BuildSession($username); if ($Aspost) { header("location:miniadm.index.php"); return; } return; } writelogs("{$username}:: Checks Active Directory failed, continue processing...", __FUNCTION__, __FILE__, __LINE__); } writelogs("{$username}:: Continue, processing....", __FUNCTION__, __FILE__, __LINE__); $q = new mysql(); $sql = "SELECT `username`,`value`,id FROM radcheck WHERE `username`='{$username}' AND `attribute`='Cleartext-Password' LIMIT 0,1"; writelogs("{$username}:: Is a RADIUS users \"{$sql}\"", __FUNCTION__, __FILE__, __LINE__); $ligne = mysql_fetch_array($q->QUERY_SQL($sql, "artica_backup")); if (!is_numeric($ligne["id"])) { $ligne["id"] = 0; } if (!$q->ok) { writelogs("{$username}:: {$q->mysql_error}", __FUNCTION__, __FILE__, __LINE__); } writelogs("{$username}:: {$password} <> " . md5($ligne["value"]), __FUNCTION__, __FILE__, __LINE__); if ($ligne["id"] > 0) { $checkRadiusPass = false; if (md5($ligne["value"]) == $password) { writelogs("{$username}:: RADIUS Password true for no MD5", __FUNCTION__, __FILE__, __LINE__); $checkRadiusPass = true; } if (md5($ligne["value"]) == $passwordMD) { writelogs("{$username}:: RADIUS Password true for yes MD5", __FUNCTION__, __FILE__, __LINE__); $checkRadiusPass = true; } if ($checkRadiusPass) { writelogs("{$username}:: Authenticated as a RADIUS users id={$ligne["id"]}", __FUNCTION__, __FILE__, __LINE__); $privs = new privileges($_POST["username-logon"], null, $ligne["id"]); $privileges_array = $privs->privs; $_SESSION["CORP"] = $users->CORP_LICENSE; $_SESSION["InterfaceType"] = "{ARTICA_MINIADM}"; setcookie("mem-logon-user", $username, time() + 172800); $_SESSION["privileges_array"] = $privs->privs; while (list($key, $val) = each($_SESSION["privileges_array"])) { if (!isset($_SESSION[$key])) { $_SESSION[$key] = $val; } } reset($_SESSION["privileges_array"]); $_SESSION["uid"] = $username; $_SESSION["RADIUS_ID"] = $ligne["id"]; BuildSession($username); if ($Aspost) { header("location:miniadm.index.php"); return; } return; } } writelogs("{$username}::Finally Is LOCAL LDAP ? -> {$IsKerbAuth}", __FUNCTION__, __FILE__, __LINE__); $u = new user($username); $tpl = new templates(); $userPassword = $u->password; if (trim($u->uidNumber) == null) { writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); if ($Aspost) { MainPage("Unknown user (" . __LINE__ . ")"); return; } echo "Unknown user (" . __LINE__ . ")"; die; } writelogs("{$username}:: Password match ? Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); if ($Aspost) { if (trim($password) != trim($userPassword)) { writelogs("{$username}:: Password match NO Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); MainPage("Bad password (" . __LINE__ . ")"); return; } } if (!$Aspost) { if (trim($password) != md5(trim($userPassword))) { writelogs("{$username}:: Password match NO Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); writelogs("[{$_POST["username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__); artica_mysql_events("Failed to logon on the management console as user `{$username}` from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security"); if ($Aspost) { MainPage("Bad password (" . __LINE__ . ")"); return; } echo "Error: (" . __LINE__ . ") bad password"; return null; } } writelogs("{$username}:: Password match YES Aspost = {$Aspost}", __FUNCTION__, __FILE__, __LINE__); $ldap = new clladp(); $users = new usersMenus(); $_SESSION["CORP"] = $users->CORP_LICENSE; $privs = new privileges($u->uid); $privs->SearchPrivileges(); $privileges_array = $privs->privs; $_SESSION["VirtAclUser"] = false; $_SESSION["privileges_array"] = $privs->privs; $_SESSION["privs"] = $privileges_array; if (isset($privileges_array["ForceLanguageUsers"])) { $_SESSION["OU_LANG"] = $privileges_array["ForceLanguageUsers"]; } $_SESSION["uid"] = $username; $_SESSION["privileges"]["ArticaGroupPrivileges"] = $privs->content; $_SESSION["groupid"] = $ldap->UserGetGroups($_POST["username"], 1); $_SESSION["DotClearUserEnabled"] = $u->DotClearUserEnabled; $_SESSION["MailboxActive"] = $u->MailboxActive; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; $_SESSION["ou"] = $u->ou; $_SESSION["UsersInterfaceDatas"] = trim($u->UsersInterfaceDatas); include_once dirname(__FILE__) . "/ressources/class.translate.rights.inc"; $cr = new TranslateRights(null, null); $r = $cr->GetPrivsArray(); while (list($key, $val) = each($r)) { if ($users->{$key}) { $_SESSION[$key] = $users->{$key}; } } if (is_array($_SESSION["privs"])) { $r = $_SESSION["privs"]; while (list($key, $val) = each($r)) { $t[$key] = $val; $_SESSION[$key] = $val; } } if (!isset($_SESSION["OU_LANG"])) { $_SESSION["OU_LANG"] = null; } if (!isset($_SESSION["ASDCHPAdmin"])) { $_SESSION["ASDCHPAdmin"] = false; } if (trim($_SESSION["OU_LANG"]) != null) { $_SESSION["detected_lang"] = $_SESSION["OU_LANG"]; } else { include_once dirname(__FILE__) . "/ressources/class.langages.inc"; $lang = new articaLang(); $_SESSION["detected_lang"] = $lang->get_languages(); } if (isset($GLOBALS["FixedLanguage"])) { $sock = new sockets(); $GLOBALS["FixedLanguage"] = $sock->GET_INFO("FixedLanguage"); } if (trim($GLOBALS["FixedLanguage"]) != null) { $_SESSION["detected_lang"] = $GLOBALS["FixedLanguage"]; } if ($Aspost) { header("location:miniadm.index.php"); return; } }
function DirectorySize() { $unix = new unix(); $pid_path = "/etc/artica-postfix/pids/" . __FILE__ . "." . __FUNCTION__; $oldpid = @file_get_contents($pid_path); if ($unix->process_exists($oldpid)) { die; } $childpid = posix_getpid(); @file_put_contents($pid_path, $childpid); $filetim = file_time_min("/etc/artica-postfix/croned.1/" . __FILE__ . "." . __FUNCTION__); if ($filetim < 240) { die; } $partition_default = $unix->IMAPD_GET("partition-default"); artica_mysql_events("Starting calculate - {$partition_default} - disk size", null, __FILE__, "mailbox"); if (strlen($partition_default) < 3) { return; } if (!is_dir($partition_default)) { return; } $GLOBALS["NICE"] = EXEC_NICE(); $du_bin = $unix->find_program("du"); exec("{$GLOBALS["NICE"]}{$du_bin} -h -s {$partition_default} 2>&1", $results); $r = implode("", $results); if (preg_match("#^(.+?)\\s+#", $r, $re)) { $sock = new sockets(); $sock->SET_INFO("CyrusImapPartitionDefaultSize", $re[1]); send_email_events("Mailboxes size on your server: {$re['1']}", "Mailboxes size on your server: {$re['1']}", "mailbox"); if ($partition_default == "/var/spool/cyrus/mail") { $sock->SET_INFO("CyrusImapPartitionDefaultDirSize", $re[1]); return; } unset($results); exec("{$GLOBALS["NICE"]}{$du_bin} -h -s /var/spool/cyrus/mail 2>&1", $results); $r = implode("", $results); if (preg_match("#^(.+?)\\s+#", $r, $re)) { $sock->SET_INFO("CyrusImapPartitionDefaultDirSize", $re[1]); } } }
function logon() { include "ressources/settings.inc"; $sock = new sockets(); $_POST["artica_password"] = url_decode_special($_POST["artica_password"]); writelogs("Testing logon....{$_POST["artica_username"]}", __FUNCTION__, __FILE__, __LINE__); writelogs("Testing logon.... password:{$_POST["artica_password"]}", __FUNCTION__, __FILE__, __LINE__); $_COOKIE["artica-language"] = $_POST["lang"]; $FileCookyKey = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"]); $sock->SET_INFO($FileCookyKey, $_POST["Changelang"]); $FixedLanguage = $sock->GET_INFO("FixedLanguage"); $q = new mysql_squid_builder(); $langAutodetect = new articaLang(); unset($_SESSION); $DetectedLanguage = $langAutodetect->get_languages(); if ($GLOBALS["DEBUG_TEMPLATE"]) { error_log("[{$_SESSION["uid"]}]::LANGUAGE: _SESSION[detected_lang]=`{$DetectedLanguage}` function:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); } $GLOBALS["FIXED_LANGUAGE"] = $DetectedLanguage; $tpl = new templates(); $tpl->language = $DetectedLanguage; $page = CurrentPageName(); $md5submitted = $_POST["artica_password"]; $_POST["artica_username"] = trim(strtolower($_POST["artica_username"])); $sql = "SELECT userid,user_password,email,enabled FROM usersisp WHERE email='{$_POST["artica_username"]}' ORDER BY enabled DESC"; $ligne = @mysql_fetch_array($q->QUERY_SQL($sql)); error_log("[{$_SESSION["uid"]}]::{$sql} ({$q->mysql_error}) function:" . __FUNCTION__ . " in " . __FILE__ . " line " . __LINE__); if (!is_numeric($ligne["userid"])) { $ligne["userid"] = 0; } if ($ligne["userid"] == 0) { echo $tpl->javascript_parse_text("{unknown_user}"); die; } if ($ligne["enabled"] == 0) { echo $tpl->javascript_parse_text("{account_disabled}"); die; } if ($ligne["user_password"] != $md5submitted) { if ($GLOBALS["DEBUG_TEMPLATE"]) { error_log("[{$_SESSION["uid"]}]::LANG:[{$_SESSION["detected_lang"]}]:: `{$ligne["user_password"]}` did not match submited `{$md5submitted}` function:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); } echo $tpl->javascript_parse_text("{failed_login}"); die; } while (list($index, $value) = each($_SERVER)) { $notice[] = "{$index}:{$value}"; } if (trim($FixedLanguage) != null) { $_POST["lang"] = $FixedLanguage; } artica_mysql_events("Success to logon on the Artica End-user Web proxy console from {$_SERVER["REMOTE_HOST"]} as {$_POST["artica_username"]}", @implode("\n", $notice), "security", "security"); session_start(); $_SESSION["uid"] = $ligne["userid"]; $_SESSION["groupid"] = '0'; $_SESSION["email"] = $_POST["artica_username"]; $_SESSION["passwd"] = $md5submitted; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; if ($GLOBALS["DEBUG_TEMPLATE"]) { error_log("[{$_SESSION["uid"]}]::LANGUAGE: _SESSION[detected_lang]=`{$_SESSION["detected_lang"]}` function:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); } $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="no" [AllowAddUsers]="no" [AllowChangeKav]="no" [AllowChangeKas]="no" [AllowChangeUserPassword]="no" [AllowEditAliases]="no" [AllowEditAsWbl]="no" [AsSystemAdministrator]="no" [AsPostfixAdministrator]="no" [AsArticaAdministrator]="no" '; $arraySession["email"] = $_POST["artica_username"]; $arraySession["uid"] = $ligne["userid"]; $tpl = new templates(); error_log("[{$_SESSION["uid"]}]::uid:`{$_SESSION["uid"]}` -> squid.users.index.php function:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); $sessionDatas = base64_encode(serialize($arraySession)); if ($GLOBALS["DEBUG_TEMPLATE"]) { error_log("[{$_SESSION["uid"]}]::FINISH:LANG:[{$_SESSION["detected_lang"]}] => language: _COOKIE=`{$_COOKIE["artica-language"]}` _SESSION=`{$_SESSION["detected_lang"]}` function:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); } echo "location:squid.users.index.php?phpsess={$sessionDatas}"; die; }
function logon() { include "ressources/settings.inc"; include_once 'ressources/class.sockets.inc'; include_once 'ressources/class.ldap.inc'; include_once 'ressources/class.user.inc'; include_once 'ressources/class.langages.inc'; $sock = new sockets(); $tpl = new templates(); $_POST["artica_password"] = url_decode_special($_POST["artica_password"]); writelogs("Testing logon....{$_POST["artica_username"]}", __FUNCTION__, __FILE__, __LINE__); //writelogs("Testing logon.... password:{$_POST["artica_password"]}",__FUNCTION__,__FILE__,__LINE__); $_COOKIE["artica-language"] = $_POST["lang"]; $FileCookyKey = md5($_SERVER["REMOTE_ADDR"] . $_SERVER["HTTP_USER_AGENT"]); $sock->SET_INFO($FileCookyKey, $_POST["Changelang"]); if (!isset($GLOBALS["FixedLanguage"])) { $GLOBALS["FixedLanguage"] = $sock->GET_INFO("FixedLanguage"); } $VIA_API = false; if (isset($_POST["VIA_API"])) { $VIA_API = true; } if ($_SESSION["uid"] != null) { if (!$VIA_API) { echo "location:admin.index.php"; return; } } $socks = new sockets(); while (list($index, $value) = each($_SERVER)) { $notice[] = "{$index}:{$value}"; } if ($_GLOBAL["ldap_admin"] == null) { $sock->getFrameWork("services.php?process1-tenir=yes?MyCURLTIMEOUT=120"); include "ressources/settings.inc"; } if ($_GLOBAL["ldap_admin"] == null) { if ($VIA_API) { echo "FALSE"; return; } $tpl = new templates(); echo $tpl->javascript_parse_text("{ldap_username_corrupt_text}"); return null; } $md5submitted = $_POST["artica_password"]; if ($VIA_API) { $md5submitted = md5($_POST["artica_password"]); } $md5Manager = md5(trim($_GLOBAL["ldap_password"])); if (trim($GLOBALS["FixedLanguage"]) != null) { $_POST["lang"] = $GLOBALS["FixedLanguage"]; } $trimed_artica_username = trim(strtolower($_POST["artica_username"])); $trimed_ldap_admin = trim(strtolower($_GLOBAL["ldap_admin"])); writelogs("Manager -> {$trimed_artica_username} ?=== {$trimed_ldap_admin}", _FUNCTION__, __FILE__, __LINE__); if ($trimed_artica_username == $trimed_ldap_admin) { writelogs("Manager: `YES`", __FUNCTION__, __FILE__, __LINE__); if ($md5Manager != $md5submitted) { $tpl = new templates(); //writelogs("Testing logon.... password:{$_POST["artica_password"]}!==\"{$_GLOBAL["ldap_password"]}\"",__FUNCTION__,__FILE__,__LINE__); artica_mysql_events("Failed to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]}", @implode("\n", $notice), "security", "security"); if ($VIA_API) { echo "FALSE"; return; } echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return null; } else { $users = new usersMenus(); artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as SuperAdmin", @implode("\n", $notice), "security", "security"); //session_start(); $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_GLOBAL["ldap_password"]; $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["CORP"] = $users->CORP_LICENSE; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes" [AsArticaMetaAdmin]="yes" '; if ($VIA_API) { writelogs("VIA API = TRUE -> BUILD SESSION", _FUNCTION__, __FILE__, __LINE__); BuildSession($_SESSION["uid"]); echo "TRUE"; return; } $tpl = new templates(); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); writelogs("OK it is a global admin -> location:admin.index.php", _FUNCTION__, __FILE__, __LINE__); echo "location:admin.index.php"; exit; } } $ldap = new clladp(); if ($ldap->IsKerbAuth()) { $userPassword = $_POST["artica_password"]; if (isset($_POST["artica_password_crypted"])) { $userPassword = $_POST["artica_password_crypted"]; include_once dirname(__FILE__) . "/ressources/class.cryptform.inc"; $userPassword = logon_decrypt($userPassword); } writelogs("*** TEST Active Directory user {$_POST["artica_username"]} ****", __FUNCTION__, __FILE__, __LINE__); $external_ad_search = new external_ad_search(); if ($external_ad_search->CheckUserAuth($_POST["artica_username"], $userPassword)) { writelogs("*** TEST Active Directory user {$_POST["artica_username"]} success ****", __FUNCTION__, __FILE__, __LINE__); $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["CORP"] = $users->CORP_LICENSE; $users = new usersMenus(); $privs = new privileges($_POST["artica_username"]); $privileges_array = $privs->privs; DumpPrivileges($_POST["artica_username"], $privileges_array); $users->_TranslateRights($privileges_array, true); setcookie("mem-logon-user", $_POST["artica_username"], time() + 172800); $_SESSION["privileges_array"] = $privs->privs; $_SESSION["uid"] = $_POST["artica_username"]; BuildSession($_POST["artica_username"]); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } echo "location:admin.index.php"; return; } else { if (is_array($GLOBALS["CLASS_ACTV"])) { while (list($key, $line) = each($GLOBALS["CLASS_ACTV"])) { writelogs("*** Active Directory {$line}", __FUNCTION__, __FILE__, __LINE__); } } } } if (Radius_admins($_POST["artica_username"], $md5submitted)) { writelogs('*** TEST RADIUS USER ****', __FUNCTION__, __FILE__, __LINE__); $tpl = new templates(); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); writelogs("OK it is a global admin -> location:admin.index.php", _FUNCTION__, __FILE__, __LINE__); if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } echo "location:admin.index.php"; exit; } writelogs('This is not Global admin, so test user...', __FUNCTION__, __FILE__, __LINE__); $u = new user($_POST["artica_username"]); $userPassword = $u->password; if (trim($u->uidNumber) == null) { if ($VIA_API) { echo "FALSE"; return; } writelogs('Unable to get user infos abort', __FUNCTION__, __FILE__); echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return null; } $tpl = new templates(); if (trim($_POST["artica_password"]) == md5(trim($userPassword))) { BuildSession($u->uid); $ldap = new clladp(); $users = new usersMenus(); $privs = new privileges($u->uid); $privileges_array = $privs->privs; if (trim($FixedLanguage) != null) { $_SESSION["detected_lang"] = $FixedLanguage; } $users->_TranslateRights($privileges_array, true); if (!$users->IfIsAnuser(true)) { if ($VIA_API) { echo "TRUE"; return; } artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); writelogs("[{$_POST["artica_username"]}]: This is not an user =>admin.index.php", __FUNCTION__, __FILE__); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); $_SESSION["MINIADM"] = false; setcookie("MINIADM", "No", time() + 1000); if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } echo "location:admin.index.php"; return null; } if ($VIA_API) { BuildSession($_SESSION["uid"]); echo "TRUE"; return; } writelogs("[{$_POST["artica_username"]}]: IS AN USER =>../user-backup/logon.php", __FUNCTION__, __FILE__); $array["USERNAME"] = $_POST["artica_username"]; $array["PASSWORD"] = md5($_POST["artica_username"]); $credentials = base64_encode(serialize($array)); artica_mysql_events("Success to redirect on the end-user management console from {$_SERVER["REMOTE_HOST"]} as User", @implode("\n", $notice), "security", "security"); echo "location:../miniadm.logon.php?credentials={$credentials}"; return null; exit; } else { if ($VIA_API) { echo "FALSE"; return; } writelogs("[{$_POST["artica_username"]}]: The password typed is not the same in ldap database...", __FUNCTION__, __FILE__); artica_mysql_events("Failed to logon on the management console as user from {$_SERVER["REMOTE_HOST"]} (bad password)", @implode("\n", $notice), "security", "security"); echo $tpl->javascript_parse_text("{wrong_password_or_username}"); return null; } }
function checkLogin() { include "ressources/settings.inc"; $sock = new sockets(); writelogs("Testing logon....{$_POST["artica_username"]}", __FUNCTION__, __FILE__, __LINE__); writelogs("Testing logon.... password:{$_POST["artica_password"]}", __FUNCTION__, __FILE__, __LINE__); $FixedLanguage = $sock->GET_INFO("FixedLanguage"); if ($_SESSION["uid"] != null) { echo "location:android.index.php"; return; } while (list($index, $value) = each($_SERVER)) { $notice[] = "{$index}:{$value}"; } if ($_GLOBAL["ldap_admin"] == null) { $tpl = new templates(); echo $tpl->javascript_parse_text("{ldap_username_corrupt_text}"); return null; } $md5submitted = $_POST["artica_password"]; $md5Manager = md5(trim($_GLOBAL["ldap_password"])); if (trim($FixedLanguage) != null) { $_POST["lang"] = $FixedLanguage; } if (trim(strtolower($_POST["artica_username"])) == trim(strtolower($_GLOBAL["ldap_admin"]))) { if ($md5Manager != $md5submitted) { writelogs("Testing logon.... password:{$_POST["artica_password"]}!==\"{$_GLOBAL["ldap_password"]}\"", __FUNCTION__, __FILE__, __LINE__); artica_mysql_events("Failed to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]}", @implode("\n", $notice), "security", "security"); echo "Bad password"; return null; } else { artica_mysql_events("Success to logon on the Artica Web console from {$_SERVER["REMOTE_HOST"]} as SuperAdmin", @implode("\n", $notice), "security", "security"); //session_start(); $_SESSION["uid"] = '-100'; $_SESSION["groupid"] = '-100'; $_SESSION["passwd"] = $_GLOBAL["ldap_password"]; $_SESSION["InterfaceType"] = "{APP_ARTICA_ADM}"; setcookie("artica-language", $_POST["lang"], time() + 172800); $_SESSION["detected_lang"] = $_POST["lang"]; $_SESSION["privileges"]["ArticaGroupPrivileges"] = ' [AllowAddGroup]="yes" [AllowAddUsers]="yes" [AllowChangeKav]="yes" [AllowChangeKas]="yes" [AllowChangeUserPassword]="yes" [AllowEditAliases]="yes" [AllowEditAsWbl]="yes" [AsSystemAdministrator]="yes" [AsPostfixAdministrator]="yes" [AsArticaAdministrator]="yes" '; $tpl = new templates(); $sock->getFrameWork("squid.php?clean-catz-cache=yes"); echo "location:android.index.php"; exit; } } echo "location:android.logon.php"; }
function DirectorySize() { $unix = new unix(); $pid_path = "/etc/artica-postfix/pids/" . basename(__FILE__) . "." . __FUNCTION__; $timePath = "/etc/artica-postfix/croned.1/" . basename(__FILE__) . "." . __FUNCTION__ . ".time"; $pid = @file_get_contents($pid_path); if (!$GLOBALS["FORCE"]) { if ($unix->process_exists($pid)) { die; } $childpid = posix_getpid(); @file_put_contents($pid_path, $childpid); if (system_is_overloaded()) { if ($GLOBALS["VERBOSE"]) { echo "Overloaded system.\n"; } return; } } $filetim = $unix->file_time_min($timePath); if ($GLOBALS["VERBOSE"]) { echo "Time File: {$timePath} ({$filetim}Mn)\n"; } if (!$GLOBALS["FORCE"]) { if ($filetim < 240) { return; } } $partition_default = $unix->IMAPD_GET("partition-default"); if (is_link($partition_default)) { $partition_default = readlink($partition_default); } @file_put_contents($timePath, time()); if ($GLOBALS["VERBOSE"]) { echo "partition_default = {$partition_default}\n"; } artica_mysql_events("Starting calculate - {$partition_default} - disk size", null, __FILE__, "mailbox"); if (strlen($partition_default) < 3) { return; } if (!is_dir($partition_default)) { return; } $currentsize = $unix->DIRSIZE_BYTES($partition_default) / 1024 / 1024; $PartInfo = $unix->DIRPART_INFO($partition_default); $totalMB = $PartInfo["TOT"]; $totalMB = round($totalMB / 1048576); if ($GLOBALS["VERBOSE"]) { echo "partition_default = {$currentsize}MB/{$totalMB}MB\n"; } $sock = new sockets(); $currentsize = round($currentsize); $sock->SET_INFO("CyrusImapPartitionDefaultSize", $currentsize); $sock->SET_INFO("CyrusImapPartitionDefaultSizeTime", time()); $sock->SET_INFO("CyrusImapPartitionDiskSize", $totalMB); send_email_events("Mailboxes size on your server: {$currentsize} MB", "Mailboxes size on your server: {$currentsize} MB", "mailbox"); if ($partition_default == "/var/spool/cyrus/mail") { $sock->SET_INFO("CyrusImapPartitionDefaultDirSize", $currentsize); return; } $currentsize = $unix->DIRSIZE_BYTES("/var/spool/cyrus/mail") / 1024 / 1024; $sock->SET_INFO("CyrusImapPartitionDefaultDirSize", $currentsize); }