diff --git a/api/src/Session.php b/api/src/Session.php index 1fae673db4..4e5be655bc 100644 --- a/api/src/Session.php +++ b/api/src/Session.php @@ -1995,27 +1995,6 @@ class Session } } - /** - * Create a hash from user and pw - * - * Can be used to check setup config user/password inside egroupware: - * - * if (Api\Session::user_pw_hash($user,$pw) === $GLOBALS['egw_info']['server']['config_hash']) - * - * @param string $user username - * @param string $password password or md5 hash of password if $allow_password_md5 - * @param boolean $allow_password_md5 =false can password alread be an md5 hash - * @return string - */ - static function user_pw_hash($user,$password,$allow_password_md5=false) - { - $password_md5 = $allow_password_md5 && preg_match('/^[a-f0-9]{32}$/',$password) ? $password : md5($password); - - $hash = sha1(strtolower($user).$password_md5); - - return $hash; - } - /** * Initialise the used session handler * diff --git a/api/src/loader.php b/api/src/loader.php index 881e595e7d..da84d77aae 100644 --- a/api/src/loader.php +++ b/api/src/loader.php @@ -112,15 +112,9 @@ $GLOBALS['egw_info']['server'] += $GLOBALS['egw_domain'][$GLOBALS['egw_info']['u // the egw-object instanciates all sub-classes (eg. $GLOBALS['egw']->db) and the egw_info array $GLOBALS['egw'] = new Egw(array_keys($GLOBALS['egw_domain'])); -// store domain config user&pw as a hash (originals get unset) -$GLOBALS['egw_info']['server']['config_hash'] = Session::user_pw_hash($GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['config_user'], - $GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['config_passwd'],true); - if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && !$GLOBALS['egw_info']['server']['show_domain_selectbox']) { unset($GLOBALS['egw_domain']); // we kill this for security reasons - unset($GLOBALS['egw_info']['server']['header_admin_user']); - unset($GLOBALS['egw_info']['server']['header_admin_password']); } // saving the the egw_info array and the egw-object in the session diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php index 0fbe3d8413..149bb3d8be 100644 --- a/setup/inc/class.setup.inc.php +++ b/setup/inc/class.setup.inc.php @@ -283,10 +283,8 @@ class setup $auth_type = strtolower($_auth_type); $GLOBALS['egw_info']['setup']['HeaderLoginMSG'] = $GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = ''; - if(!$this->checkip(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? - $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'])) + if (($GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = self::checkip())) { - //error_log(__METHOD__."('$auth_type') invalid IP"); return false; } @@ -405,15 +403,19 @@ class setup * Check for correct IP, if an IP address should be enforced * * @param string $remoteip - * @return boolean + * @return string error-message or null on success */ - function checkip($remoteip='') + public static function checkip($remoteip=null) { + if (!isset($remoteip)) + { + $remoteip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?: $_SERVER['REMOTE_ADDR']; + } //echo "

setup::checkip($remoteip) against setup_acl='".$GLOBALS['egw_info']['server']['setup_acl']."'

\n"; $allowed_ips = explode(',',@$GLOBALS['egw_info']['server']['setup_acl']); if(empty($GLOBALS['egw_info']['server']['setup_acl']) || !is_array($allowed_ips)) { - return True; // no test + return null; // no test } $remotes = explode('.',$remoteip); foreach($allowed_ips as $value) @@ -433,12 +435,11 @@ class setup } if ($i == count($values)) { - return True; // match + return null; // match } } - $GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = lang('Invalid IP address').' '.$remoteip; error_log(__METHOD__.'-> checking IP failed:'.print_r($remoteip,true)); - return False; + return lang('Invalid IP address').' '.$remoteip; } /**