/** * the function "__construct()" automatically starts whenever an object of this class is created, * you know, when you do "$auth = new Auth();" */ public function __construct(User $userRepo) { $this->userRepo = $userRepo; // create/read session, absolutely necessary $this->session = new SecureSessionHandler('adsr'); if (!$this->session->isValid(60)) { $this->session->forget(); } setupSession($this->session); $this->session->start(); }
<?php require_once "inc/functions.inc.php"; if (!loggedIn()) { setupSession(); } echo "<?xml version=\"1.0\"?>\n"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title><?php echo $PageName; ?> </title> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="0" style="table-layout:fixed"> <tr> <td nowrap="nowrap" valign="top" align="left"> <img src="icons/logo_large.png" alt="Logo" /> </td> <td nowrap="nowrap" valign="bottom" align="right"> <?php echo $_SESSION["user"]->loginname . "<br />"; echo "<a href=\"logout.php\">Abmelden</a>"; ?> </td>
function initGlobals() { global $mode, $user, $remoteIP, $authed, $oldmode, $viewmode, $semid; global $semislocked, $days, $phpVer, $keys, $pemkey, $AUTHERROR; global $passwdArray, $skin, $contdata, $lastmode, $inContinuation; global $totalQueries, $ERRORS, $queryTimes, $actions; define("SECINDAY", 86400); define("SECINWEEK", 604800); define("SECINMONTH", 2678400); define("SECINYEAR", 31536000); $mode = processInputVar("mode", ARG_STRING, 'main'); $totalQueries = 0; $inContinuation = 0; $contdata = array(); $queryTimes = array(); $contuserid = ''; $continuation = processInputVar('continuation', ARG_STRING); if (!empty($continuation)) { # TODO handle AJ errors $tmp = getContinuationsData($continuation); if (empty($tmp)) { abort(11); } elseif (array_key_exists('error', $tmp)) { $mode = "continuationsError"; $contdata = $tmp; } else { $inContinuation = 1; $contuserid = $tmp['userid']; $lastmode = $tmp['frommode']; $mode = $tmp['nextmode']; $contdata = $tmp['data']; } } $submitErr = 0; $submitErrMsg = array(); $remoteIP = $_SERVER["REMOTE_ADDR"]; $days = array('Sunday', 'Monday', 'Tuesday', 'Wednesday', 'Thursday', 'Friday', 'Saturday'); $phpVerArr = explode('.', phpversion()); $phpVer = $phpVerArr[0]; if ($phpVer == 5) { require_once ".ht-inc/php5extras.php"; } $passwdArray = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'); if (array_key_exists('VCLAUTH', $_COOKIE) || $mode == 'submitLogin') { // open keys $fp = fopen(".ht-inc/keys.pem", "r"); $key = fread($fp, 8192); fclose($fp); $keys["private"] = openssl_pkey_get_private($key, $pemkey); if (!$keys['private']) { abort(6); } $fp = fopen(".ht-inc/pubkey.pem", "r"); $key = fread($fp, 8192); fclose($fp); $keys["public"] = openssl_pkey_get_public($key); if (!$keys['public']) { abort(7); } } # USING A SINGLE USER WITHOUT LOGGING IN: # to automatically log in to vcl with the same user # every time, comment out from this comment block to # the 'end auth check' comment, then, right after # that, set $authed = 1 and $userid to the id from # the user table corresponding to the user you want # logged in # start auth check $authed = 0; if (array_key_exists("VCLAUTH", $_COOKIE)) { $userid = readAuthCookie(); if (!is_null($userid)) { $authed = 1; } } elseif (preg_match('/_shibsession/', join(',', array_keys($_COOKIE)))) { # redirect to shibauth directory header('Location: ' . BASEURL . "/shibauth/"); dbDisconnect(); exit; } # end auth check if ($authed && $mode == 'selectauth') { $mode = 'home'; } if (!$authed) { # set $skin based on cookie (so it gets set before user logs in # later, we set it by affiliation (helps with 'view as user') if (preg_match('/^152\\.9\\./', $_SERVER['REMOTE_ADDR']) || array_key_exists('VCLSKIN', $_COOKIE) && $_COOKIE['VCLSKIN'] == 'EXAMPLE1') { $skin = 'example1'; } elseif (array_key_exists('VCLSKIN', $_COOKIE)) { switch ($_COOKIE['VCLSKIN']) { case 'EXAMPLE2': $skin = 'example2'; break; default: $skin = 'default'; break; } } else { $skin = 'default'; } if ($mode != 'selectauth' && $mode != 'submitLogin') { require_once "themes/{$skin}/page.php"; } require_once ".ht-inc/requests.php"; if ($mode != "logout" && $mode != "shiblogout" && $mode != "vcldquery" && $mode != "xmlrpccall" && $mode != "xmlrpcaffiliations" && $mode != "selectauth" && $mode != "submitLogin") { $oldmode = $mode; $mode = "auth"; } if ($mode == "vcldquery" || $mode == 'xmlrpccall' || $mode == 'xmlrpcaffiliations') { // get the semaphore id if (!($semid = sem_get(SEMKEY, 1, 0666, 1))) { abort(2); } $semislocked = 0; require_once ".ht-inc/xmlrpcWrappers.php"; require_once ".ht-inc/requests.php"; require_once ".ht-inc/groups.php"; setupSession(); } return; } setupSession(); if (array_key_exists('user', $_SESSION)) { $user = $_SESSION['user']; if (!empty($contuserid) && $user['id'] != $contuserid) { abort(51); } } else { # get info about user if (!($user = getUserInfo($userid))) { $ERRORS[1] = "Failed to get user info from database. userid was {$userid}"; abort(1); } if ($user['adminlevel'] == 'developer' && array_key_exists('VCLTESTUSER', $_COOKIE)) { $userid = $_COOKIE['VCLTESTUSER']; if ($userid != "{$user['unityid']}@{$user['affiliation']}") { if ($testuser = getUserInfo($userid)) { $user = $testuser; } } } if (!empty($contuserid) && $user['id'] != $contuserid) { abort(51); } $_SESSION['user'] = $user; } $viewmode = getViewMode($user); $affil = $user['affiliation']; # setskin switch ($affil) { case 'EXAMPLE1': $skin = 'example1'; require_once 'themes/example1/page.php'; break; case 'EXAMPLE2': $skin = 'example1'; require_once 'themes/example2/page.php'; break; default: $skin = 'default'; require_once 'themes/default/page.php'; break; } $_SESSION['mode'] = $mode; // check for and possibly clear dirty permission cache $dontClearModes = array('AJchangeUserPrivs', 'AJchangeUserGroupPrivs', 'AJchangeResourcePrivs'); if (!in_array($mode, $dontClearModes) && array_key_exists('dirtyprivs', $_SESSION) && $_SESSION['dirtyprivs']) { clearPrivCache(); $_SESSION['dirtyprivs'] = 0; } // get the semaphore id if (!($semid = sem_get(SEMKEY, 1, 0666, 1))) { abort(2); } $semislocked = 0; # include appropriate files switch ($actions['pages'][$mode]) { case 'manageComputers': require_once ".ht-inc/computers.php"; break; case 'managementNodes': require_once ".ht-inc/managementnodes.php"; break; case 'manageImages': require_once ".ht-inc/images.php"; require_once ".ht-inc/requests.php"; break; case 'manageSchedules': require_once ".ht-inc/schedules.php"; break; case 'help': require_once ".ht-inc/help.php"; break; case 'userPreferences': require_once ".ht-inc/userpreferences.php"; break; case 'statistics': require_once ".ht-inc/statistics.php"; break; case 'manageGroups': require_once ".ht-inc/groups.php"; break; case 'privileges': case 'userLookup': require_once ".ht-inc/privileges.php"; break; case 'vm': require_once ".ht-inc/vm.php"; break; default: require_once ".ht-inc/requests.php"; } }
function initGlobals() { global $mode, $user, $remoteIP, $authed, $oldmode, $semid; global $days, $phpVer, $keys, $pemkey, $AUTHERROR; global $passwdArray, $skin, $contdata, $lastmode, $inContinuation; global $ERRORS, $actions; global $affilValFunc, $addUserFunc, $updateUserFunc, $addUserFuncArgs; global $uniqid; define("SECINDAY", 86400); define("SECINWEEK", 604800); define("SECINMONTH", 2678400); define("SECINYEAR", 31536000); # TODO validate security of this if (array_key_exists("PATH_INFO", $_SERVER)) { $pathdata = explode("/", $_SERVER["PATH_INFO"]); $tmp = explode('.', $pathdata[1]); $_GET["mode"] = $tmp[0]; } $mode = processInputVar("mode", ARG_STRING, 'main'); $inContinuation = 0; $contdata = array(); $contuserid = ''; $continuation = processInputVar('continuation', ARG_STRING); if (!empty($continuation)) { $tmp = getContinuationsData($continuation); if (empty($tmp)) { abort(11); } elseif (array_key_exists('error', $tmp)) { $mode = "continuationsError"; $contdata = $tmp; } else { $inContinuation = 1; $contuserid = $tmp['userid']; $lastmode = $tmp['frommode']; $mode = $tmp['nextmode']; $contdata = $tmp['data']; } } $submitErr = 0; $submitErrMsg = array(); $remoteIP = $_SERVER["REMOTE_ADDR"]; $days = array(i('Sunday'), i('Monday'), i('Tuesday'), i('Wednesday'), i('Thursday'), i('Friday'), i('Saturday')); $phpVerArr = explode('.', phpversion()); $phpVer = $phpVerArr[0]; $uniqid = uniqid($_SERVER['HTTP_HOST'] . "-" . getmypid() . "-"); $passwdArray = array('A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'); if (array_key_exists('VCLAUTH', $_COOKIE) || $mode == 'submitLogin') { // open keys $fp = fopen(".ht-inc/keys.pem", "r"); $key = fread($fp, 8192); fclose($fp); $keys["private"] = openssl_pkey_get_private($key, $pemkey); if (!$keys['private']) { abort(6); } $fp = fopen(".ht-inc/pubkey.pem", "r"); $key = fread($fp, 8192); fclose($fp); $keys["public"] = openssl_pkey_get_public($key); if (!$keys['public']) { abort(7); } } # USING A SINGLE USER WITHOUT LOGGING IN: # to automatically log in to vcl with the same user # every time, comment out from this comment block to # the 'end auth check' comment, then, right after # that, set $authed = 1 and $userid to the id from # the user table corresponding to the user you want # logged in # start auth check $authed = 0; if (array_key_exists("VCLAUTH", $_COOKIE)) { $userid = readAuthCookie(); if (!is_null($userid)) { $authed = 1; } } elseif (preg_match('/_shibsession/', join(',', array_keys($_COOKIE)))) { # redirect to shibauth directory header('Location: ' . BASEURL . "/shibauth/"); dbDisconnect(); exit; } # end auth check if ($authed && $mode == 'selectauth') { $mode = 'home'; } if (!$authed) { # set $skin based on cookie (so it gets set before user logs in # later, we set it by affiliation (helps with 'view as user') if (preg_match('/^152\\.9\\./', $_SERVER['REMOTE_ADDR']) || array_key_exists('VCLSKIN', $_COOKIE) && $_COOKIE['VCLSKIN'] == 'EXAMPLE1') { $skin = 'example1'; } elseif (array_key_exists('VCLSKIN', $_COOKIE)) { switch ($_COOKIE['VCLSKIN']) { case 'EXAMPLE2': $skin = 'example2'; break; default: $skin = DEFAULTTHEME; break; } } else { $skin = DEFAULTTHEME; } if ($mode != 'selectauth' && $mode != 'submitLogin') { require_once "themes/{$skin}/page.php"; } require_once ".ht-inc/requests.php"; if ($mode != "logout" && $mode != "shiblogout" && $mode != "xmlrpccall" && $mode != "xmlrpcaffiliations" && $mode != "selectauth" && $mode != "submitLogin" && $mode != "changeLocale") { $oldmode = $mode; $mode = "auth"; } if ($mode == 'xmlrpccall' || $mode == 'xmlrpcaffiliations') { require_once ".ht-inc/xmlrpcWrappers.php"; require_once ".ht-inc/requests.php"; require_once ".ht-inc/serverprofiles.php"; require_once ".ht-inc/groups.php"; setupSession(); } return; } setupSession(); if (array_key_exists('user', $_SESSION)) { $user = $_SESSION['user']; if (!empty($contuserid) && $user['id'] != $contuserid) { abort(51); } } else { # get info about user if (!($user = getUserInfo($userid))) { // if first call to getUserInfo fails, try calling with $noupdate set if (!($user = getUserInfo($userid, 1))) { $ERRORS[1] = i("Failed to get user info from database. userid was ") . "{$userid}"; abort(1); } } if (!empty($contuserid) && $user['id'] != $contuserid) { abort(51); } $_SESSION['user'] = $user; } # setskin $skin = getAffiliationTheme($user['affiliationid']); require_once "themes/{$skin}/page.php"; $_SESSION['mode'] = $mode; // check for and possibly clear dirty permission cache $dontClearModes = array('AJchangeUserPrivs', 'AJchangeUserGroupPrivs', 'AJchangeResourcePrivs'); if (!in_array($mode, $dontClearModes) && array_key_exists('dirtyprivs', $_SESSION) && $_SESSION['dirtyprivs']) { clearPrivCache(); $_SESSION['dirtyprivs'] = 0; } # set up $affilValFunc, $addUserFunc, $updateUserFunc for any shibonly affiliations $query = "SELECT id FROM affiliation WHERE shibonly = 1"; $qh = doQuery($query); while ($row = mysql_fetch_assoc($qh)) { $id = $row['id']; if (!array_key_exists($id, $affilValFunc)) { if (ALLOWADDSHIBUSERS) { $affilValFunc[$id] = create_function('', 'return 1;'); } else { $affilValFunc[$id] = create_function('', 'return 0;'); } } if (!array_key_exists($id, $addUserFunc)) { if (ALLOWADDSHIBUSERS) { $addUserFunc[$id] = 'addShibUserStub'; $addUserFuncArgs[$id] = $id; } else { $addUserFunc[$id] = create_function('', 'return 0;'); } } if (!array_key_exists($id, $updateUserFunc)) { $updateUserFunc[$id] = create_function('', 'return NULL;'); } } # include appropriate files switch ($actions['pages'][$mode]) { case 'blockAllocations': require_once ".ht-inc/blockallocations.php"; break; case 'help': require_once ".ht-inc/help.php"; break; case 'userPreferences': require_once ".ht-inc/userpreferences.php"; break; case 'statistics': require_once ".ht-inc/statistics.php"; break; case 'manageGroups': require_once ".ht-inc/groups.php"; break; case 'privileges': case 'userLookup': require_once ".ht-inc/privileges.php"; break; case 'sitemaintenance': require_once ".ht-inc/sitemaintenance.php"; break; case 'vm': require_once ".ht-inc/vm.php"; break; case 'dashboard': require_once ".ht-inc/dashboard.php"; break; case 'siteconfig': require_once ".ht-inc/siteconfig.php"; break; case 'resource': case 'config': case 'image': case 'computer': case 'managementnode': case 'schedule': require_once ".ht-inc/resource.php"; break; case 'storebackend': require_once ".ht-inc/storebackend.php"; break; case 'serverProfiles': require_once ".ht-inc/serverprofiles.php"; require_once ".ht-inc/requests.php"; break; default: require_once ".ht-inc/requests.php"; } }