/**
* \brief test for siteminder_check()
*/
function test_siteminder_check()
{
$_SERVER['HTTP_SMUNIVERSALID'] = NULL;
$result = siteminder_check();
$this->assertEquals("-1", $result);
$_SERVER['HTTP_SMUNIVERSALID'] = "Test Siteminder";
$result = siteminder_check();
$this->assertEquals("Test Siteminder", $result);
}
/**
* \brief This is where the magic for
* Authentication happens.
*/
function PostInitialize()
{
global $SysConf;
/* if Site Minder enabled core-auth will be disabled*/
if (siteminder_check() != -1) {
return 0;
}
if (!$this->session->isStarted()) {
$this->session->setName('Login');
$this->session->start();
}
if (array_key_exists('selectMemberGroup', $_POST)) {
$selectedGroupId = intval($_POST['selectMemberGroup']);
$this->userDao->setDefaultGroupMembership(intval($_SESSION[Auth::USER_ID]), $selectedGroupId);
$_SESSION[Auth::GROUP_ID] = $selectedGroupId;
$this->session->set(Auth::GROUP_ID, $selectedGroupId);
$SysConf['auth'][Auth::GROUP_ID] = $selectedGroupId;
}
if (array_key_exists(Auth::USER_ID, $_SESSION)) {
$SysConf['auth'][Auth::USER_ID] = $_SESSION[Auth::USER_ID];
}
if (array_key_exists(Auth::GROUP_ID, $_SESSION)) {
$SysConf['auth'][Auth::GROUP_ID] = $_SESSION[Auth::GROUP_ID];
}
$Now = time();
if (!empty($_SESSION['time'])) {
/* Logins older than 60 secs/min * 480 min = 8 hr are auto-logout */
if (@$_SESSION['time'] + 60 * 480 < $Now) {
$this->updateSession("");
}
}
$_SESSION['time'] = $Now;
if (empty($_SESSION['ip'])) {
$_SESSION['ip'] = $this->getIP();
} else {
if (@$_SESSION['checkip'] == 1 && @$_SESSION['ip'] != $this->getIP()) {
/* Sessions are not transferable. */
$this->updateSession("");
$_SESSION['ip'] = $this->getIP();
}
}
if (@$_SESSION[Auth::USER_NAME]) {
/* Recheck the user in case he is suddenly blocked or changed. */
if (empty($_SESSION['time_check'])) {
$_SESSION['time_check'] = time() + 480 * 60;
}
if (time() >= @$_SESSION['time_check']) {
$row = $this->userDao->getUserAndDefaultGroupByUserName(@$_SESSION[Auth::USER_NAME]);
/* Check for instant logouts */
if (empty($row['user_pass'])) {
$row = "";
}
$this->updateSession($row);
}
} else {
$this->updateSession("");
}
/* Disable all plugins with >= level access */
plugin_disable($_SESSION[Auth::USER_LEVEL]);
$this->State = PLUGIN_STATE_READY;
}
/**
* \brief Generate the text for this plugin.
*/
function Output()
{
if ($this->State != PLUGIN_STATE_READY) {
return;
}
global $PG_CONN;
global $PERM_NAMES;
$V = "";
switch ($this->OutputType) {
case "XML":
break;
case "HTML":
/* If this is a POST, then process the request. */
$User = GetParm('username', PARM_TEXT);
if (!empty($User)) {
$rc = $this->Edit();
if (empty($rc)) {
/* Need to refresh the screen */
$text = _("User information updated.");
$V .= displayMessage($text);
} else {
$V .= displayMessage($rc);
}
}
// Get the user data
$sql = "SELECT * FROM users WHERE user_pk='" . @$_SESSION['UserId'] . "';";
$result = pg_query($PG_CONN, $sql);
DBCheckResult($result, $sql, __FILE__, __LINE__);
$R = pg_fetch_assoc($result);
pg_free_result($result);
/* Build HTML form */
$V .= "<form name='formy' method='POST'>\n";
// no url = this url
/* if login by siteminder, didn't show this in page*/
if (siteminder_check() == -1) {
$V .= _("You <font color='red'>must</font> provide your current password in order to make any changes.<br />\n");
$text = _("Enter your password");
$V .= "{$text}: <input type='password' name='pass0' size=20>\n";
$V .= "<hr>\n";
}
$V .= _("To change user information, edit the following fields. You do not need to edit every field. Only fields with edits will be changed.<P />\n");
$Style = "<tr><td colspan=2 style='background:black;'></td></tr><tr>";
$V .= "<table style='border:1px solid black; text-align:left; background:lightyellow;' width='100%'>";
$Val = htmlentities($R['user_name'], ENT_QUOTES);
$text = _("Username");
$V .= "{$Style}<th width='25%'>{$text}</th>";
$V .= "<td><input type='text' value='{$Val}' name='username' size=20></td>\n";
$V .= "</tr>\n";
$Val = htmlentities($R['user_desc'], ENT_QUOTES);
$text = _("Description, full name, contact, etc. (optional) ");
$V .= "{$Style}<th>{$text}</th>\n";
$V .= "<td><input type='text' name='description' value='{$Val}' size=60></td>\n";
$V .= "</tr>\n";
$Val = htmlentities($R['user_email'], ENT_QUOTES);
$text = _("Email address (optional)");
$V .= "{$Style}<th>{$text}</th>\n";
$V .= "<td><input type='text' name='email' value='{$Val}' size=60></td>\n";
$V .= "</tr>\n";
$text = _("Password");
$text1 = _("Re-enter password");
$V .= "{$Style}<th>{$text}<br>{$text1}</th><td>";
$V .= "<input type='password' name='pass1' size=20><br />\n";
$V .= "<input type='password' name='pass2' size=20></td>\n";
$V .= "</tr>\n";
if (empty($R['email_notify'])) {
$Checked = "";
} else {
$Checked = "checked='checked'";
}
$text = _("E-mail Notification");
$V .= "{$Style}<th>{$text}</th><td>\n";
$V .= "<input name='emailnotify' type='checkbox' {$Checked}>";
$V .= "</tr>\n";
if (@$_SESSION['UserLevel'] > PLUGIN_DB_READ) {
$text = _("Default scans");
$V .= "{$Style}<th>{$text}\n</th><td>\n";
/*
* added this code so the form makes sense. You can have an admin define default agents
* but if you don't have Analyze or better permissions, then those agents are not available to
* you! With out this code the default agent text was there, but nothing else... this way
* the form at least makes sense. Turns out agent unpack is always around so both
* conditions must be checked.
*/
$AgentList = menu_find("Agents", $Depth);
if (!empty($AgentList)) {
foreach ($AgentList as $AgentItem) {
$uri = $AgentItem->URI;
}
if ($uri == "agent_unpack" && count($AgentList) == 1) {
$text = _("You do not have permission to change your default agents");
$V .= "<h3>{$text}</h3>\n";
} else {
$V .= AgentCheckBoxMake(-1, array("agent_unpack", "agent_adj2nest", "wget_agent"));
}
}
$V .= "</td></tr>\n";
$text = _("Default bucketpool");
$V .= "{$Style}<th>{$text}</th>";
$V .= "<td>";
$Val = htmlentities($R['default_bucketpool_fk'], ENT_QUOTES);
$V .= SelectBucketPool($Val);
$V .= "</td>";
$V .= "</tr>\n";
/*
/****** New Upload Group ****** /
/ * Get master array of groups * /
$sql = "select group_pk, group_name from groups order by group_name";
$groupresult = pg_query($PG_CONN, $sql);
DBCheckResult($groupresult, $sql, __FILE__, __LINE__);
$GroupArray = array();
while ($GroupRow = pg_fetch_assoc($groupresult))
$GroupArray[$GroupRow['group_pk']] = $GroupRow['group_name'];
pg_free_result($groupresult);
$text = _("Group to give access permission for every new upload");
$V.= "$Style<th>$text</th>";
$V.= "<td>";
$V .= Array2SingleSelect($GroupArray, "new_upload_group_fk", $R['new_upload_group_fk'], true, false);
$V.= "</td>";
$V .= "</tr>\n";
/ ****** New Upload Permissions ****** /
$text = _("Access Permission to give the above group");
$V.= "$Style<th>$text</th>";
$V.= "<td>";
$Selected = (empty($R['new_upload_perm'])) ? -1 : $R['new_upload_perm'];
$V .= Array2SingleSelect($PERM_NAMES, "new_upload_perm", $Selected, true, false);
$V.= "</td>";
$V .= "</tr>\n";
*/
}
$V .= "</table><P />";
$text = _("Update Account");
$V .= "<input type='submit' value='{$text}'>\n";
$V .= "</form>\n";
break;
case "Text":
break;
default:
break;
}
if (!$this->OutputToStdout) {
return $V;
}
print "{$V}";
return;
}
/**
* \brief generate the output for this plug-in
*/
function Output()
{
global $SysConf;
if ($this->State != PLUGIN_STATE_READY) {
return;
}
$V = "";
if (siteminder_check() == -1) {
return;
}
$UID = siteminder_check();
if ($this->OutputType == "HTML") {
/* TODO:logout need to clear SiteMinder session */
$_SESSION['User'] = NULL;
$_SESSION[Auth::USER_ID] = NULL;
$SysConf['auth'][Auth::USER_ID] = NULL;
$_SESSION[Auth::USER_LEVEL] = NULL;
$_SESSION['UserEmail'] = NULL;
$_SESSION['Folder'] = NULL;
$_SESSION['UiPref'] = NULL;
$Uri = Traceback_uri() . "logout.html?" . rand();
//$Uri = Traceback_uri() . "?mod=refresh&remod=default";
$V .= "<script language='javascript'>\n";
$V .= "window.open('{$Uri}','_top');\n";
$V .= "</script>\n";
}
if (!$this->OutputToStdout) {
return $V;
}
print $V;
return;
}
/**
* \brief This is where the magic for
* Authentication happens.
*/
function PostInitialize()
{
global $Plugins;
global $PG_CONN;
global $SysConf;
if (empty($PG_CONN)) {
return 0;
}
/* if Site Minder enabled core-auth will be disabled*/
if (siteminder_check() != -1) {
return 0;
}
session_name("Login");
$mysess = session_id();
if (empty($mysess)) {
session_start();
}
if (array_key_exists('UserId', $_SESSION)) {
$SysConf['auth']['UserId'] = $_SESSION['UserId'];
}
$Now = time();
if (!empty($_SESSION['time'])) {
/* Logins older than 60 secs/min * 480 min = 8 hr are auto-logout */
if (@$_SESSION['time'] + 60 * 480 < $Now) {
$this->UpdateSess("");
}
}
$_SESSION['time'] = $Now;
if (empty($_SESSION['ip'])) {
$_SESSION['ip'] = $this->GetIP();
} else {
if (@$_SESSION['checkip'] == 1 && @$_SESSION['ip'] != $this->GetIP()) {
/* Sessions are not transferable. */
$this->UpdateSess("");
$_SESSION['ip'] = $this->GetIP();
}
}
/* Enable or disable plugins based on login status */
$Level = PLUGIN_DB_NONE;
if (@$_SESSION['User']) {
/* If you are logged in, then the default level is "Download". */
if ("X" . $_SESSION['UserLevel'] == "X") {
$Level = PLUGIN_DB_WRITE;
} else {
$Level = @$_SESSION['UserLevel'];
}
/* Recheck the user in case he is suddenly blocked or changed. */
if (empty($_SESSION['time_check'])) {
$_SESSION['time_check'] = time() + 480 * 60;
}
if (time() >= @$_SESSION['time_check']) {
$sql = "SELECT * FROM users WHERE user_pk='" . @$_SESSION['UserId'] . "';";
$result = pg_query($PG_CONN, $sql);
DBCheckResult($result, $sql, __FILE__, __LINE__);
$R = pg_fetch_assoc($result);
pg_free_result($result);
$this->UpdateSess($R);
/* Check for instant logouts */
if (empty($R['user_pass'])) {
$this->UpdateSess("");
}
}
} else {
$this->UpdateSess("");
}
/* Disable all plugins with >= level access */
plugin_disable($_SESSION['UserLevel']);
$this->State = PLUGIN_STATE_READY;
}
