public function __construct($host = UL_LDAP_DEFAULT_HOST, $port = UL_LDAP_DEFAULT_PORT, $enc = UL_LDAP_DEFAULT_ENCRYPTION)
{
$constr = "{$host}:{$port}";
if ($enc == 'SSL') {
if (!ulUtils::BeginsWith($host, 'ldaps:')) {
$constr = "ldaps://{$constr}";
}
} else {
if (!ulUtils::BeginsWith($host, 'ldaps:')) {
$constr = "ldap://{$constr}";
}
}
$this->con = ldap_connect($constr, $port);
if ($this->con === false) {
return;
}
if (!ldap_set_option($this->con, LDAP_OPT_PROTOCOL_VERSION, 3)) {
$this->Fail();
}
if (!ldap_set_option($this->con, LDAP_OPT_REFERRALS, 0)) {
$this->Fail();
}
if ($enc == 'TLS' && !ldap_start_tls($this->con)) {
$this->Fail();
}
}
public static function Clean()
{
// We have found a nonce, invalidate it
$now = ulUtils::nowstring();
$stmt = ulPdoDb::Prepare('session', 'DELETE FROM ul_nonces WHERE nonce_expires<?');
if (!ulPdoDb::BindExec($stmt, NULL, array(&$now, 'str'))) {
ul_db_fail();
return false;
}
return true;
}
public static function SetBlock($ip, $block)
{
$stmt = NULL;
$query_ret = true;
if ($block > 0) {
// Insert new IP, or extend block if it already exists
$block_expires = ulUtils::date_seconds_add(new DateTime(), $block)->format(UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('log', 'INSERT INTO ul_blocked_ips (ip, block_expires) VALUES (?, ?)');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str', &$block_expires, 'str'));
if (!$query_ret && ulPdoDb::ErrorCode() == '23000') {
// IP already in the list, so update
$stmt = ulPdoDb::Prepare('log', 'UPDATE ul_blocked_ips SET block_expires=? WHERE ip=?');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$ip, 'str'));
}
} else {
$stmt = ulPdoDb::Prepare('log', 'DELETE FROM ul_blocked_ips WHERE ip=?');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$ip, 'str'));
}
if (!$query_ret || $stmt->rowCount() == 0) {
ul_db_fail();
return false;
}
return true;
}
public static function CurrentURL($per_client = false, $prot = NULL)
{
$host = NULL;
if ($per_client) {
$host = $_SERVER['HTTP_HOST'];
} else {
$host = UL_DOMAIN;
if (empty($host)) {
$host = SERVER_NAME;
}
}
if ($prot == NULL) {
if (ulUtils::IsHTTPS()) {
$prot = 'https';
} else {
$prot = 'http';
}
}
return $prot . '://' . $host . $_SERVER['REQUEST_URI'];
}
public function SetAutologin($username, $enable)
{
// Set SSL level
$httpsOnly = ulUtils::IsHTTPS();
// Cookie-name
$autologin_name = 'AutoLogin';
if ($enable == true) {
if (!$this->Backend->IsAutoLoginAllowed()) {
return false;
}
// Validate user input
if (!self::ValidateUsername($username)) {
return false;
}
// Check whetehr the user exists
$uid = $this->Uid($username);
if ($uid === false) {
return false;
}
// Cookie expiry
$expire = time() + UL_AUTOLOGIN_EXPIRE;
// We store a nonce in the cookie so that it can only be used once
$nonce = ulNonce::Create("{$username}-autologin", UL_AUTOLOGIN_EXPIRE, true);
// HMAC
// Used to verify that cookie really comes from us
$hmac = hash_hmac(UL_HMAC_FUNC, "{$username}:::{$nonce}", UL_SITE_KEY);
// Construct contents
$autologin_data = "{$username}:::{$nonce}:::{$hmac}";
// Set autologin cookie
setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true);
} else {
// Cookie expiry
$expire = time() - 3600 * 24 * 365;
$autologin_data = '';
// Set autologin cookie
setcookie($autologin_name, $autologin_data, $expire, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, $httpsOnly, true);
}
return true;
}
public static function GetFrequencyForIp($ip, $action, $window)
{
if (UL_LOG == false) {
// We don't have the required information
return false;
}
// Get the number of login attempts to an account
$ip_login_attempts = 0;
$time_before_window = ulUtils::date_seconds_sub(new DateTime(), $window)->format(UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('log', 'SELECT COUNT(*) FROM ul_log WHERE action=? AND timestamp>? AND ip=?');
if (!ulPdoDb::BindExec($stmt, array(&$ip_login_attempts, 'int'), array(&$action, 'str', &$time_before_window, 'str', &$ip, 'str'))) {
return false;
}
ulPdoDb::Fetch($stmt);
return $ip_login_attempts;
}
function generate_keys()
{
for ($i = 0; $i < 10; ++$i) {
$key = ulUtils::RandomBytes(42, true);
echo "{$key}<br>";
}
}
public function gc()
{
$now = ulUtils::nowstring();
// Delete old sessions
$stmt = ulPdoDb::Prepare('session', 'DELETE FROM ul_sessions WHERE session_expires<=?');
ulPdoDb::BindExec($stmt, NULL, array(&$now, 'str'));
return true;
}
public static function sessionDestroy()
{
ulLog::DebugLog('Destroying session data.', 1);
$_SESSION = array();
setcookie(session_name(), '', time() - 42000, '/', UL_DOMAIN === 'localhost' ? '' : UL_DOMAIN, ulUtils::IsHTTPS(), true);
session_destroy();
self::$SessionStore = NULL;
self::$SessionRunning = false;
}
<?php
if (php_sapi_name() != 'cli') {
if (UL_PREVENT_CLICKJACK) {
header('X-Frame-Options: SAMEORIGIN');
}
if (UL_HTTPS || UL_HSTS > 0) {
if (!ulUtils::IsHTTPS()) {
header('HTTP/1.1 301 Moved Permanently');
header('Location: ' . ulUtils::CurrentURL(true, 'https'));
exit(0);
} else {
if (UL_HSTS > 0) {
header('Strict-Transport-Security: max-age=' . (string) UL_HSTS);
}
}
}
}
public function BlockUser($uid, $block_secs)
{
$stmt = NULL;
$query_ret = true;
if ($block_secs > 0) {
$block_expires = ulUtils::date_seconds_add(new DateTime(), $block_secs)->format(UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('update', 'UPDATE ul_logins SET block_expires=? WHERE id=?');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$block_expires, 'str', &$uid, 'int'));
} else {
$past = date_format(date_create('1000 years ago'), UL_DATETIME_FORMAT);
$stmt = ulPdoDb::Prepare('update', 'UPDATE ul_logins SET block_expires=? WHERE id=?');
$query_ret = ulPdoDb::BindExec($stmt, NULL, array(&$past, 'str', &$uid, 'int'));
}
if ($query_ret === false) {
ul_db_fail();
return ulLoginBackend::BACKEND_ERROR;
}
if ($stmt->rowCount() == 0) {
return ulLoginBackend::NO_SUCH_USER;
}
return true;
}
public static function Create($action, $expire = UL_NONCE_EXPIRE, $persistent = false)
{
$code = ulUtils::RandomBytes(16, true);
$hashed_code = hash(UL_HMAC_FUNC, $code);
if ($persistent === true) {
self::StorePersistent($action, $hashed_code, $expire);
} else {
self::StoreVolatile($action, $hashed_code, $expire);
}
return $code;
}
<?php
// ********************************
// DO NOT MODIFY
// ********************************
$returnUrl = ulUtils::CurrentURL();
$sig_request = Duo::signRequest(UL_DUOSEC_IKEY, UL_DUOSEC_SKEY, UL_DUOSEC_AKEY, $uid);
// ********************************
// MAKE MODIFICATION BELOW WHERE NOTED
// If possible, only insert but do not modify
// ********************************
// ********************************
// Your HTML here
// doctype, head, title etc.
// ********************************
?>
<script src="<?php
echo UL_DUOSEC_JQUERY_URI;
?>
"></script>
<script src="<?php
echo UL_DUOSEC_JS_URL;
?>
"></script>
<script>
Duo.init({
'host':'<?php
echo UL_DUOSEC_HOST;
?>
',
'post_action':'<?php
private static function GetSaltFromHash($hash)
{
if (ulUtils::BeginsWith($hash, '{SSHA}')) {
$hash = base64_decode(substr($hash, 6));
return '{SSHA}' . substr($hash, 20);
} else {
if (ulUtils::BeginsWith($hash, '{SHA}')) {
return '{SHA}';
} else {
if (ulUtils::BeginsWith($hash, '{SMD5}')) {
$hash = base64_decode(substr($hash, 6));
return '{SMD5}' . substr($hash, 16);
} else {
if (ulUtils::BeginsWith($hash, '{MD5}')) {
return '{MD5}';
} else {
if (ulUtils::BeginsWith($hash, '{CRYPT}')) {
$hash = substr($hash, 7);
return '{CRYPT}' . substr($hash, 0, 29);
} else {
if (ulUtils::BeginsWith($hash, '{PBKDF2}')) {
$parts = explode(':', $hash);
array_pop($parts);
return implode(':', $parts);
} else {
return substr($hash, 0, 29);
}
}
}
}
}
}
}
