forked from extern/egroupware
missing files from filemanager mount GUI
This commit is contained in:
parent
52be5da6a5
commit
621d69f921
@ -1995,27 +1995,6 @@ class Session
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a hash from user and pw
|
|
||||||
*
|
|
||||||
* Can be used to check setup config user/password inside egroupware:
|
|
||||||
*
|
|
||||||
* if (Api\Session::user_pw_hash($user,$pw) === $GLOBALS['egw_info']['server']['config_hash'])
|
|
||||||
*
|
|
||||||
* @param string $user username
|
|
||||||
* @param string $password password or md5 hash of password if $allow_password_md5
|
|
||||||
* @param boolean $allow_password_md5 =false can password alread be an md5 hash
|
|
||||||
* @return string
|
|
||||||
*/
|
|
||||||
static function user_pw_hash($user,$password,$allow_password_md5=false)
|
|
||||||
{
|
|
||||||
$password_md5 = $allow_password_md5 && preg_match('/^[a-f0-9]{32}$/',$password) ? $password : md5($password);
|
|
||||||
|
|
||||||
$hash = sha1(strtolower($user).$password_md5);
|
|
||||||
|
|
||||||
return $hash;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialise the used session handler
|
* Initialise the used session handler
|
||||||
*
|
*
|
||||||
|
@ -112,15 +112,9 @@ $GLOBALS['egw_info']['server'] += $GLOBALS['egw_domain'][$GLOBALS['egw_info']['u
|
|||||||
// the egw-object instanciates all sub-classes (eg. $GLOBALS['egw']->db) and the egw_info array
|
// the egw-object instanciates all sub-classes (eg. $GLOBALS['egw']->db) and the egw_info array
|
||||||
$GLOBALS['egw'] = new Egw(array_keys($GLOBALS['egw_domain']));
|
$GLOBALS['egw'] = new Egw(array_keys($GLOBALS['egw_domain']));
|
||||||
|
|
||||||
// store domain config user&pw as a hash (originals get unset)
|
|
||||||
$GLOBALS['egw_info']['server']['config_hash'] = Session::user_pw_hash($GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['config_user'],
|
|
||||||
$GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']]['config_passwd'],true);
|
|
||||||
|
|
||||||
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && !$GLOBALS['egw_info']['server']['show_domain_selectbox'])
|
if ($GLOBALS['egw_info']['flags']['currentapp'] != 'login' && !$GLOBALS['egw_info']['server']['show_domain_selectbox'])
|
||||||
{
|
{
|
||||||
unset($GLOBALS['egw_domain']); // we kill this for security reasons
|
unset($GLOBALS['egw_domain']); // we kill this for security reasons
|
||||||
unset($GLOBALS['egw_info']['server']['header_admin_user']);
|
|
||||||
unset($GLOBALS['egw_info']['server']['header_admin_password']);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// saving the the egw_info array and the egw-object in the session
|
// saving the the egw_info array and the egw-object in the session
|
||||||
|
@ -283,10 +283,8 @@ class setup
|
|||||||
$auth_type = strtolower($_auth_type);
|
$auth_type = strtolower($_auth_type);
|
||||||
$GLOBALS['egw_info']['setup']['HeaderLoginMSG'] = $GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = '';
|
$GLOBALS['egw_info']['setup']['HeaderLoginMSG'] = $GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = '';
|
||||||
|
|
||||||
if(!$this->checkip(isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
|
if (($GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = self::checkip()))
|
||||||
$_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR']))
|
|
||||||
{
|
{
|
||||||
//error_log(__METHOD__."('$auth_type') invalid IP");
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -405,15 +403,19 @@ class setup
|
|||||||
* Check for correct IP, if an IP address should be enforced
|
* Check for correct IP, if an IP address should be enforced
|
||||||
*
|
*
|
||||||
* @param string $remoteip
|
* @param string $remoteip
|
||||||
* @return boolean
|
* @return string error-message or null on success
|
||||||
*/
|
*/
|
||||||
function checkip($remoteip='')
|
public static function checkip($remoteip=null)
|
||||||
{
|
{
|
||||||
|
if (!isset($remoteip))
|
||||||
|
{
|
||||||
|
$remoteip = $_SERVER['HTTP_X_FORWARDED_FOR'] ?: $_SERVER['REMOTE_ADDR'];
|
||||||
|
}
|
||||||
//echo "<p>setup::checkip($remoteip) against setup_acl='".$GLOBALS['egw_info']['server']['setup_acl']."'</p>\n";
|
//echo "<p>setup::checkip($remoteip) against setup_acl='".$GLOBALS['egw_info']['server']['setup_acl']."'</p>\n";
|
||||||
$allowed_ips = explode(',',@$GLOBALS['egw_info']['server']['setup_acl']);
|
$allowed_ips = explode(',',@$GLOBALS['egw_info']['server']['setup_acl']);
|
||||||
if(empty($GLOBALS['egw_info']['server']['setup_acl']) || !is_array($allowed_ips))
|
if(empty($GLOBALS['egw_info']['server']['setup_acl']) || !is_array($allowed_ips))
|
||||||
{
|
{
|
||||||
return True; // no test
|
return null; // no test
|
||||||
}
|
}
|
||||||
$remotes = explode('.',$remoteip);
|
$remotes = explode('.',$remoteip);
|
||||||
foreach($allowed_ips as $value)
|
foreach($allowed_ips as $value)
|
||||||
@ -433,12 +435,11 @@ class setup
|
|||||||
}
|
}
|
||||||
if ($i == count($values))
|
if ($i == count($values))
|
||||||
{
|
{
|
||||||
return True; // match
|
return null; // match
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$GLOBALS['egw_info']['setup']['ConfigLoginMSG'] = lang('Invalid IP address').' '.$remoteip;
|
|
||||||
error_log(__METHOD__.'-> checking IP failed:'.print_r($remoteip,true));
|
error_log(__METHOD__.'-> checking IP failed:'.print_r($remoteip,true));
|
||||||
return False;
|
return lang('Invalid IP address').' '.$remoteip;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
Loading…
Reference in New Issue
Block a user