mirror of
https://github.com/usmannasir/cyberpanel.git
synced 2026-01-28 18:29:05 +01:00
286 lines
8.9 KiB
PHP
286 lines
8.9 KiB
PHP
<?php
|
|
|
|
require_once('blowfish.php') ;
|
|
|
|
class CAuthorizer
|
|
{
|
|
|
|
private $_id ;
|
|
private $_id_field ;
|
|
private $_pass ;
|
|
private $_pass_field ;
|
|
private static $_instance = NULL ;
|
|
|
|
// prevent an object from being constructed
|
|
private function __construct()
|
|
{
|
|
$label = preg_replace('/\W/', '_', SERVER_ROOT) ;
|
|
$this->_id_field = "{$label}_uid" ;
|
|
$this->_pass_field = "{$label}_pass" ;
|
|
|
|
session_name("{$label}WEBUI") ; // to prevent conflicts with other app sessions
|
|
session_start() ;
|
|
|
|
if ( ! array_key_exists('changed', $_SESSION) ) {
|
|
$_SESSION['changed'] = FALSE ;
|
|
}
|
|
|
|
|
|
if ( ! array_key_exists('valid', $_SESSION) ) {
|
|
$_SESSION['valid'] = FALSE ;
|
|
}
|
|
|
|
if ( ! array_key_exists('token', $_SESSION) ) {
|
|
$_SESSION['token'] = microtime() ;
|
|
}
|
|
|
|
if ( $_SESSION['valid'] ) {
|
|
|
|
if ( array_key_exists('lastaccess', $_SESSION) ) {
|
|
|
|
if ( isset($_SESSION['timeout']) && $_SESSION['timeout'] > 0 && time() - $_SESSION['lastaccess'] > $_SESSION['timeout'] ) {
|
|
$this->clear() ;
|
|
if ( strpos($_SERVER['SCRIPT_NAME'], '/view/') !== FALSE ) {
|
|
echo json_encode(array( 'login_timeout' => 1 )) ;
|
|
}
|
|
else {
|
|
header("location:/login.php?timedout=1") ;
|
|
}
|
|
die() ;
|
|
}
|
|
|
|
$this->_id = UIBase::GrabGoodInput('cookie', $this->_id_field) ;
|
|
$this->_pass = UIBase::GrabInput('cookie', $this->_pass_field) ;
|
|
}
|
|
if ( ! defined('NO_UPDATE_ACCESS') )
|
|
$this->updateAccessTime() ;
|
|
}
|
|
}
|
|
|
|
public static function singleton()
|
|
{
|
|
|
|
if ( ! isset(self::$_instance) ) {
|
|
$c = __CLASS__ ;
|
|
self::$_instance = new $c ;
|
|
}
|
|
|
|
return self::$_instance ;
|
|
}
|
|
|
|
public static function Authorize()
|
|
{
|
|
$auth = CAuthorizer::singleton() ;
|
|
if ( ! $auth->IsValid() ) {
|
|
$auth->clear() ;
|
|
if ( strpos($_SERVER['SCRIPT_NAME'], '/view/') !== FALSE ) {
|
|
echo json_encode(array( 'login_timeout' => 1 )) ;
|
|
}
|
|
else {
|
|
header("location:/login.php") ;
|
|
}
|
|
die() ;
|
|
}
|
|
}
|
|
|
|
public function IsValid()
|
|
{
|
|
return ! ( ($_SESSION['valid'] !== TRUE) || (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) === FALSE)) ;
|
|
}
|
|
|
|
public static function GetToken()
|
|
{
|
|
return $_SESSION['token'] ;
|
|
}
|
|
|
|
public static function SetTimeout( $timeout )
|
|
{
|
|
$_SESSION['timeout'] = (int) $timeout ;
|
|
}
|
|
|
|
public static function HasSetTimeout()
|
|
{
|
|
return (isset($_SESSION['timeout']) && $_SESSION['timeout'] >= 60) ;
|
|
}
|
|
|
|
public function GetCmdHeader()
|
|
{
|
|
if ( isset($_SESSION['secret']) && is_array($_SESSION['secret']) ) {
|
|
$uid = PMA_blowfish_decrypt($this->_id, $_SESSION['secret'][0]) ;
|
|
$password = PMA_blowfish_decrypt($this->_pass, $_SESSION['secret'][1]) ;
|
|
return "auth:$uid:$password\n" ;
|
|
}
|
|
else
|
|
return '' ;
|
|
}
|
|
|
|
public function GenKeyPair()
|
|
{
|
|
$keyfile = Service::ServiceData(SInfo::DATA_ADMIN_KEYFILE) ;
|
|
$mykeys = NULL ;
|
|
$keyLength = 512 ;
|
|
|
|
if ( file_exists($keyfile) ) {
|
|
$str = file_get_contents($keyfile) ;
|
|
if ( $str != '' )
|
|
$mykeys = unserialize($str) ;
|
|
}
|
|
if ( $mykeys == NULL ) {
|
|
$jCryption = new jCryption() ;
|
|
$keys = $jCryption->generateKeypair($keyLength) ;
|
|
$e_hex = $jCryption->dec2string($keys['e'], 16) ;
|
|
$n_hex = $jCryption->dec2string($keys['n'], 16) ;
|
|
$mykeys = array( 'e_hex' => $e_hex, 'n_hex' => $n_hex, 'd_int' => $keys['d'], 'n_int' => $keys['n'] ) ;
|
|
$serialized_str = serialize($mykeys) ;
|
|
file_put_contents($keyfile, $serialized_str) ;
|
|
chmod($keyfile, 0600) ;
|
|
}
|
|
$_SESSION['d_int'] = $mykeys['d_int'] ;
|
|
$_SESSION['n_int'] = $mykeys['n_int'] ;
|
|
|
|
return '{"e":"' . $mykeys['e_hex'] . '","n":"' . $mykeys['n_hex'] . '","maxdigits":"' . intval($keyLength * 2 / 16 + 3) . '"}' ;
|
|
}
|
|
|
|
public function ShowLogin( $is_https, &$msg )
|
|
{
|
|
$timedout = UIBase::GrabInput('get', 'timedout', 'int') ;
|
|
$logoff = UIBase::GrabInput('get', 'logoff', 'int') ;
|
|
$msg = '' ;
|
|
|
|
if ( $timedout == 1 || $logoff == 1 ) {
|
|
$this->clear() ;
|
|
|
|
if ( $timedout == 1 ) {
|
|
$msg = DMsg::Err('err_sessiontimeout') ;
|
|
}
|
|
else {
|
|
$msg = DMsg::Err('err_loggedoff') ;
|
|
}
|
|
}
|
|
else if ( $this->IsValid() ) {
|
|
return FALSE ;
|
|
}
|
|
|
|
$userid = NULL ;
|
|
$pass = NULL ;
|
|
|
|
if ( isset($_POST['jCryption']) ) {
|
|
$jCryption = new jCryption() ;
|
|
$var = $jCryption->decrypt($_POST['jCryption'], $_SESSION['d_int'], $_SESSION['n_int']) ;
|
|
unset($_SESSION['d_int']) ;
|
|
unset($_SESSION['n_int']) ;
|
|
parse_str($var, $result) ;
|
|
$userid = $result['userid'] ;
|
|
$pass = $result['pass'] ;
|
|
}
|
|
else if ( $is_https && isset($_POST['userid']) ) {
|
|
$userid = UIBase::GrabGoodInput('POST', 'userid') ;
|
|
$pass = UIBase::GrabInput('POST', 'pass') ;
|
|
}
|
|
|
|
if ( $userid != NULL ) {
|
|
if ( $this->authenticate($userid, $pass) === TRUE )
|
|
return FALSE ;
|
|
else
|
|
$msg = DMsg::Err('err_login') ;
|
|
}
|
|
return TRUE ;
|
|
}
|
|
|
|
private function updateAccessTime( $secret = NULL )
|
|
{
|
|
$_SESSION['lastaccess'] = time() ;
|
|
if ( isset($secret) ) {
|
|
$_SESSION['valid'] = TRUE ;
|
|
$_SESSION['secret'] = $secret ;
|
|
}
|
|
}
|
|
|
|
private function clear()
|
|
{
|
|
session_destroy() ;
|
|
session_unset() ;
|
|
$outdated = time() - 3600 * 24 * 30 ;
|
|
setcookie($this->_id_field, '', $outdated, "/") ;
|
|
setcookie($this->_pass_field, '', $outdated, "/") ;
|
|
setcookie(session_name(), '', $outdated, "/") ;
|
|
}
|
|
|
|
private function authenticate( $authUser, $authPass )
|
|
{
|
|
$auth = FALSE ;
|
|
if ( strlen($authUser) && strlen($authPass) ) {
|
|
$filename = SERVER_ROOT . 'admin/conf/htpasswd' ;
|
|
$fd = fopen($filename, 'r') ;
|
|
if ( ! $fd ) {
|
|
return FALSE ;
|
|
}
|
|
|
|
$all = trim(fread($fd, filesize($filename))) ;
|
|
fclose($fd) ;
|
|
|
|
$lines = explode("\n", $all) ;
|
|
foreach ( $lines as $line ) {
|
|
list($user, $pass) = explode(':', $line) ;
|
|
if ( $user == $authUser ) {
|
|
if ( $pass[0] != '$' )
|
|
$salt = substr($pass, 0, 2) ;
|
|
else
|
|
$salt = substr($pass, 0, 12) ;
|
|
$encypt = crypt($authPass, $salt) ;
|
|
if ( $pass == $encypt ) {
|
|
$auth = TRUE ;
|
|
break ;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( $auth ) {
|
|
$temp = gettimeofday() ;
|
|
$start = (int) $temp['usec'] ;
|
|
$secretKey0 = mt_rand() . $start . mt_rand() ;
|
|
$secretKey1 = mt_rand() . mt_rand() . $start ;
|
|
|
|
$domain = $_SERVER['HTTP_HOST'];
|
|
if ($pos = strpos($domain, ':')) {
|
|
$domain = substr($domain, 0, $pos);
|
|
}
|
|
$secure = !empty($_SERVER['HTTPS']);
|
|
$httponly = true;
|
|
|
|
setcookie($this->_id_field, PMA_blowfish_encrypt($authUser, $secretKey0), 0, "/", $domain, $secure, $httponly) ;
|
|
setcookie($this->_pass_field, PMA_blowfish_encrypt($authPass, $secretKey1), 0, "/", $domain, $secure, $httponly) ;
|
|
|
|
$this->updateAccessTime(array( $secretKey0, $secretKey1 )) ;
|
|
}
|
|
else {
|
|
$this->emailFailedLogin($authUser) ;
|
|
}
|
|
|
|
return $auth ;
|
|
}
|
|
|
|
private function emailFailedLogin( $authUser )
|
|
{
|
|
$ip = $_SERVER['REMOTE_ADDR'] ;
|
|
$url = UIBase::GrabGoodInput('server', 'SCRIPT_URI') ;
|
|
|
|
error_log("[WebAdmin Console] Failed Login Attempt - username:$authUser ip:$ip url:$url\n") ;
|
|
|
|
$emails = Service::ServiceData(SInfo::DATA_ADMIN_EMAIL) ;
|
|
if ( $emails != NULL ) {
|
|
$hostname = gethostbyaddr($ip) ;
|
|
$date = date("F j, Y, g:i a") ;
|
|
|
|
$repl = array( '%%date%%' => $date, '%%authUser%%' => $authUser, '%%ip%%' => $ip,
|
|
'%%hostname%%' => $hostname, '%%url%%' => $url ) ;
|
|
|
|
$subject = DMsg::UIStr('mail_failedlogin') ;
|
|
$contents = DMsg::UIStr('mail_failedlogin_c', $repl) ;
|
|
mail($emails, $subject, $contents) ;
|
|
}
|
|
}
|
|
|
|
}
|