maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

use TwoFactorAuth via composer

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2018-12-19 14:12:42 +01:00
parent 28f24fda72
commit 4c4b2a6df3
29 changed files with 264 additions and 1130 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
lib/classes/2FA/.gitignore vendored
View File

@@ -1,189 +0,0 @@
## Ignore Visual Studio temporary files, build results, and
## files generated by popular Visual Studio add-ons.
# User-specific files
*.suo
*.user
*.sln.docstates
# Build results
[Dd]ebug/
[Dd]ebugPublic/
[Rr]elease/
[Rr]eleases/
x64/
x86/
build/
bld/
[Bb]in/
[Oo]bj/
# Roslyn cache directories
*.ide/
# MSTest test Results
[Tt]est[Rr]esult*/
[Bb]uild[Ll]og.*
#NUNIT
*.VisualState.xml
TestResult.xml
# Build Results of an ATL Project
[Dd]ebugPS/
[Rr]eleasePS/
dlldata.c
*_i.c
*_p.c
*_i.h
*.ilk
*.meta
*.obj
*.pch
*.pdb
*.pgc
*.pgd
*.rsp
*.sbr
*.tlb
*.tli
*.tlh
*.tmp
*.tmp_proj
*.log
*.vspscc
*.vssscc
.builds
*.pidb
*.svclog
*.scc
# Chutzpah Test files
_Chutzpah*
# Visual C++ cache files
ipch/
*.aps
*.ncb
*.opensdf
*.sdf
*.cachefile
# Visual Studio profiler
*.psess
*.vsp
*.vspx
# TFS 2012 Local Workspace
$tf/
# Guidance Automation Toolkit
*.gpState
# ReSharper is a .NET coding add-in
_ReSharper*/
*.[Rr]e[Ss]harper
*.DotSettings.user
# JustCode is a .NET coding addin-in
.JustCode
# TeamCity is a build add-in
_TeamCity*
# DotCover is a Code Coverage Tool
*.dotCover
# NCrunch
_NCrunch_*
.*crunch*.local.xml
# MightyMoose
*.mm.*
AutoTest.Net/
# Web workbench (sass)
.sass-cache/
# Installshield output folder
[Ee]xpress/
# DocProject is a documentation generator add-in
DocProject/buildhelp/
DocProject/Help/*.HxT
DocProject/Help/*.HxC
DocProject/Help/*.hhc
DocProject/Help/*.hhk
DocProject/Help/*.hhp
DocProject/Help/Html2
DocProject/Help/html
# Click-Once directory
publish/
# Publish Web Output
*.[Pp]ublish.xml
*.azurePubxml
# TODO: Comment the next line if you want to checkin your web deploy settings
# but database connection strings (with potential passwords) will be unencrypted
*.pubxml
*.publishproj
# NuGet Packages
*.nupkg
# The packages folder can be ignored because of Package Restore
**/packages/*
# except build/, which is used as an MSBuild target.
!**/packages/build/
# If using the old MSBuild-Integrated Package Restore, uncomment this:
#!**/packages/repositories.config
# Windows Azure Build Output
csx/
*.build.csdef
# Windows Store app package directory
AppPackages/
# Others
sql/
*.Cache
ClientBin/
[Ss]tyle[Cc]op.*
~$*
*~
*.dbmdl
*.dbproj.schemaview
*.pfx
*.publishsettings
node_modules/
# RIA/Silverlight projects
Generated_Code/
# Backup & report files from converting an old project file
# to a newer Visual Studio version. Backup files are not needed,
# because we have git ;-)
_UpgradeReport_Files/
Backup*/
UpgradeLog*.XML
UpgradeLog*.htm
# SQL Server files
*.mdf
*.ldf
# Business Intelligence projects
*.rdl.data
*.bim.layout
*.bim_*.settings
# Microsoft Fakes
FakesAssemblies/
# Composer
/vendor
# .vs
.vs/

38
lib/classes/2FA/class.FroxlorTwoFactorAuth.php
View File

@@ -1,38 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package API
* @since 0.10.0
*
*/
require_once __DIR__ . '/lib/TwoFactorAuthException.php';
require_once __DIR__ . '/lib/Providers/Rng/RNGException.php';
require_once __DIR__ . '/lib/Providers/Rng/IRNGProvider.php';
require_once __DIR__ . '/lib/Providers/Rng/CSRNGProvider.php';
require_once __DIR__ . '/lib/Providers/Rng/HashRNGProvider.php';
require_once __DIR__ . '/lib/Providers/Rng/MCryptRNGProvider.php';
require_once __DIR__ . '/lib/Providers/Rng/OpenSSLRNGProvider.php';
require_once __DIR__ . '/lib/Providers/Qr/QRException.php';
require_once __DIR__ . '/lib/Providers/Qr/IQRCodeProvider.php';
require_once __DIR__ . '/lib/Providers/Qr/BaseHTTPQRCodeProvider.php';
require_once __DIR__ . '/lib/Providers/Qr/GoogleQRCodeProvider.php';
require_once __DIR__ . '/lib/Providers/Time/TimeException.php';
require_once __DIR__ . '/lib/Providers/Time/ITimeProvider.php';
require_once __DIR__ . '/lib/Providers/Time/LocalMachineTimeProvider.php';
require_once __DIR__ . '/lib/Providers/Time/HttpTimeProvider.php';
require_once __DIR__ . '/lib/Providers/Time/NTPTimeProvider.php';
require_once __DIR__ . '/lib/TwoFactorAuth.php';
class FroxlorTwoFactorAuth extends \RobThree\Auth\TwoFactorAuth
{
}

27
lib/classes/2FA/lib/Providers/Qr/BaseHTTPQRCodeProvider.php
View File

@@ -1,27 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Qr;
abstract class BaseHTTPQRCodeProvider implements IQRCodeProvider
{
protected $verifyssl;
protected function getContent($url)
{
$curlhandle = curl_init();
curl_setopt_array($curlhandle, array(
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_CONNECTTIMEOUT => 10,
CURLOPT_DNS_CACHE_TIMEOUT => 10,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => $this->verifyssl,
CURLOPT_USERAGENT => 'TwoFactorAuth'
));
$data = curl_exec($curlhandle);
curl_close($curlhandle);
return $data;
}
}

39
lib/classes/2FA/lib/Providers/Qr/GoogleQRCodeProvider.php
View File

@@ -1,39 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Qr;
// https://developers.google.com/chart/infographics/docs/qr_codes
class GoogleQRCodeProvider extends BaseHTTPQRCodeProvider
{
public $errorcorrectionlevel;
public $margin;
function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 1)
{
if (!is_bool($verifyssl))
throw new \QRException('VerifySSL must be bool');
$this->verifyssl = $verifyssl;
$this->errorcorrectionlevel = $errorcorrectionlevel;
$this->margin = $margin;
}
public function getMimeType()
{
return 'image/png';
}
public function getQRCodeImage($qrtext, $size)
{
return $this->getContent($this->getUrl($qrtext, $size));
}
public function getUrl($qrtext, $size)
{
return 'https://www.google.com/chart?cht=qr'
. '&chs=' . $size . 'x' . $size
. '&chld=' . $this->errorcorrectionlevel . '|' . $this->margin
. '&chl=' . rawurlencode($qrtext);
}
}

9
lib/classes/2FA/lib/Providers/Qr/IQRCodeProvider.php
View File

@@ -1,9 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Qr;
interface IQRCodeProvider
{
public function getQRCodeImage($qrtext, $size);
public function getMimeType();
}

5
lib/classes/2FA/lib/Providers/Qr/QRException.php
View File

@@ -1,5 +0,0 @@
<?php
use RobThree\Auth\TwoFactorAuthException;
class QRException extends TwoFactorAuthException {}

71
lib/classes/2FA/lib/Providers/Qr/QRServerProvider.php
View File

@@ -1,71 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Qr;
// http://goqr.me/api/doc/create-qr-code/
class QRServerProvider extends BaseHTTPQRCodeProvider
{
public $errorcorrectionlevel;
public $margin;
public $qzone;
public $bgcolor;
public $color;
public $format;
function __construct($verifyssl = false, $errorcorrectionlevel = 'L', $margin = 4, $qzone = 1, $bgcolor = 'ffffff', $color = '000000', $format = 'png')
{
if (!is_bool($verifyssl))
throw new QRException('VerifySSL must be bool');
$this->verifyssl = $verifyssl;
$this->errorcorrectionlevel = $errorcorrectionlevel;
$this->margin = $margin;
$this->qzone = $qzone;
$this->bgcolor = $bgcolor;
$this->color = $color;
$this->format = $format;
}
public function getMimeType()
{
switch (strtolower($this->format))
{
case 'png':
return 'image/png';
case 'gif':
return 'image/gif';
case 'jpg':
case 'jpeg':
return 'image/jpeg';
case 'svg':
return 'image/svg+xml';
case 'eps':
return 'application/postscript';
}
throw new \QRException(sprintf('Unknown MIME-type: %s', $this->format));
}
public function getQRCodeImage($qrtext, $size)
{
return $this->getContent($this->getUrl($qrtext, $size));
}
private function decodeColor($value)
{
return vsprintf('%d-%d-%d', sscanf($value, "%02x%02x%02x"));
}
public function getUrl($qrtext, $size)
{
return 'https://api.qrserver.com/v1/create-qr-code/'
. '?size=' . $size . 'x' . $size
. '&ecc=' . strtoupper($this->errorcorrectionlevel)
. '&margin=' . $this->margin
. '&qzone=' . $this->qzone
. '&bgcolor=' . $this->decodeColor($this->bgcolor)
. '&color=' . $this->decodeColor($this->color)
. '&format=' . strtolower($this->format)
. '&data=' . rawurlencode($qrtext);
}
}

54
lib/classes/2FA/lib/Providers/Qr/QRicketProvider.php
View File

@@ -1,54 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Qr;
// http://qrickit.com/qrickit_apps/qrickit_api.php
class QRicketProvider extends BaseHTTPQRCodeProvider
{
public $errorcorrectionlevel;
public $margin;
public $qzone;
public $bgcolor;
public $color;
public $format;
function __construct($errorcorrectionlevel = 'L', $bgcolor = 'ffffff', $color = '000000', $format = 'p')
{
$this->verifyssl = false;
$this->errorcorrectionlevel = $errorcorrectionlevel;
$this->bgcolor = $bgcolor;
$this->color = $color;
$this->format = $format;
}
public function getMimeType()
{
switch (strtolower($this->format))
{
case 'p':
return 'image/png';
case 'g':
return 'image/gif';
case 'j':
return 'image/jpeg';
}
throw new \QRException(sprintf('Unknown MIME-type: %s', $this->format));
}
public function getQRCodeImage($qrtext, $size)
{
return $this->getContent($this->getUrl($qrtext, $size));
}
public function getUrl($qrtext, $size)
{
return 'http://qrickit.com/api/qr'
. '?qrsize=' . $size
. '&e=' . strtolower($this->errorcorrectionlevel)
. '&bgdcolor=' . $this->bgcolor
. '&fgdcolor=' . $this->color
. '&t=' . strtolower($this->format)
. '&d=' . rawurlencode($qrtext);
}
}

14
lib/classes/2FA/lib/Providers/Rng/CSRNGProvider.php
View File

@@ -1,14 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Rng;
class CSRNGProvider implements IRNGProvider
{
public function getRandomBytes($bytecount) {
return random_bytes($bytecount); // PHP7+
}
public function isCryptographicallySecure() {
return true;
}
}

28
lib/classes/2FA/lib/Providers/Rng/HashRNGProvider.php
View File

@@ -1,28 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Rng;
class HashRNGProvider implements IRNGProvider
{
private $algorithm;
function __construct($algorithm = 'sha256' ) {
$algos = array_values(hash_algos());
if (!in_array($algorithm, $algos, true))
throw new \RNGException('Unsupported algorithm specified');
$this->algorithm = $algorithm;
}
public function getRandomBytes($bytecount) {
$result = '';
$hash = mt_rand();
for ($i = 0; $i < $bytecount; $i++) {
$hash = hash($this->algorithm, $hash.mt_rand(), true);
$result .= $hash[mt_rand(0, strlen($hash)-1)];
}
return $result;
}
public function isCryptographicallySecure() {
return false;
}
}

9
lib/classes/2FA/lib/Providers/Rng/IRNGProvider.php
View File

@@ -1,9 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Rng;
interface IRNGProvider
{
public function getRandomBytes($bytecount);
public function isCryptographicallySecure();
}

23
lib/classes/2FA/lib/Providers/Rng/MCryptRNGProvider.php
View File

@@ -1,23 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Rng;
class MCryptRNGProvider implements IRNGProvider
{
private $source;
function __construct($source = MCRYPT_DEV_URANDOM) {
$this->source = $source;
}
public function getRandomBytes($bytecount) {
$result = @mcrypt_create_iv($bytecount, $this->source);
if ($result === false)
throw new \RNGException('mcrypt_create_iv returned an invalid value');
return $result;
}
public function isCryptographicallySecure() {
return true;
}
}

25
lib/classes/2FA/lib/Providers/Rng/OpenSSLRNGProvider.php
View File

@@ -1,25 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Rng;
class OpenSSLRNGProvider implements IRNGProvider
{
private $requirestrong;
function __construct($requirestrong = true) {
$this->requirestrong = $requirestrong;
}
public function getRandomBytes($bytecount) {
$result = openssl_random_pseudo_bytes($bytecount, $crypto_strong);
if ($this->requirestrong && ($crypto_strong === false))
throw new \RNGException('openssl_random_pseudo_bytes returned non-cryptographically strong value');
if ($result === false)
throw new \RNGException('openssl_random_pseudo_bytes returned an invalid value');
return $result;
}
public function isCryptographicallySecure() {
return $this->requirestrong;
}
}

5
lib/classes/2FA/lib/Providers/Rng/RNGException.php
View File

@@ -1,5 +0,0 @@
<?php
use RobThree\Auth\TwoFactorAuthException;
class RNGException extends TwoFactorAuthException {}

54
lib/classes/2FA/lib/Providers/Time/HttpTimeProvider.php
View File

@@ -1,54 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Time;
/**
* Takes the time from any webserver by doing a HEAD request on the specified URL and extracting the 'Date:' header
*/
class HttpTimeProvider implements ITimeProvider
{
public $url;
public $options;
public $expectedtimeformat;
function __construct($url = 'https://google.com', $expectedtimeformat = 'D, d M Y H:i:s O+', array $options = null)
{
$this->url = $url;
$this->expectedtimeformat = $expectedtimeformat;
$this->options = $options;
if ($this->options === null) {
$this->options = array(
'http' => array(
'method' => 'HEAD',
'follow_location' => false,
'ignore_errors' => true,
'max_redirects' => 0,
'request_fulluri' => true,
'header' => array(
'Connection: close',
'User-agent: TwoFactorAuth HttpTimeProvider (https://github.com/RobThree/TwoFactorAuth)',
'Cache-Control: no-cache'
)
)
);
}
}
public function getTime() {
try {
$context = stream_context_create($this->options);
$fd = fopen($this->url, 'rb', false, $context);
$headers = stream_get_meta_data($fd);
fclose($fd);
foreach ($headers['wrapper_data'] as $h) {
if (strcasecmp(substr($h, 0, 5), 'Date:') === 0)
return \DateTime::createFromFormat($this->expectedtimeformat, trim(substr($h,5)))->getTimestamp();
}
throw new \TimeException(sprintf('Unable to retrieve time from %s (Invalid or no "Date:" header found)', $this->url));
}
catch (Exception $ex) {
throw new \TimeException(sprintf('Unable to retrieve time from %s (%s)', $this->url, $ex->getMessage()));
}
}
}

8
lib/classes/2FA/lib/Providers/Time/ITimeProvider.php
View File

@@ -1,8 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Time;
interface ITimeProvider
{
public function getTime();
}

9
lib/classes/2FA/lib/Providers/Time/LocalMachineTimeProvider.php
View File

@@ -1,9 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Time;
class LocalMachineTimeProvider implements ITimeProvider {
public function getTime() {
return time();
}
}

52
lib/classes/2FA/lib/Providers/Time/NTPTimeProvider.php
View File

@@ -1,52 +0,0 @@
<?php
namespace RobThree\Auth\Providers\Time;
/**
* Takes the time from any NTP server
*/
class NTPTimeProvider implements ITimeProvider
{
public $host;
public $port;
public $timeout;
function __construct($host = 'pool.ntp.org', $port = 123, $timeout = 1)
{
$this->host = $host;
if (!is_int($port) || $port <= 0 || $port > 65535)
throw new \TimeException('Port must be 0 < port < 65535');
$this->port = $port;
if (!is_int($timeout) || $timeout < 0)
throw new \TimeException('Timeout must be >= 0');
$this->timeout = $timeout;
}
public function getTime() {
try {
/* Create a socket and connect to NTP server */
$sock = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP);
socket_connect($sock, $this->host, $this->port);
/* Send request */
$msg = "\010" . str_repeat("\0", 47);
socket_send($sock, $msg, strlen($msg), 0);
/* Receive response and close socket */
socket_recv($sock, $recv, 48, MSG_WAITALL);
socket_close($sock);
/* Interpret response */
$data = unpack('N12', $recv);
$timestamp = sprintf('%u', $data[9]);
/* NTP is number of seconds since 0000 UT on 1 January 1900 Unix time is seconds since 0000 UT on 1 January 1970 */
return $timestamp - 2208988800;
}
catch (Exception $ex) {
throw new \TimeException(sprintf('Unable to retrieve time from %s (%s)', $this->host, $ex->getMessage()));
}
}
}

5
lib/classes/2FA/lib/Providers/Time/TimeException.php
View File

@@ -1,5 +0,0 @@
<?php
use RobThree\Auth\TwoFactorAuthException;
class TimeException extends TwoFactorAuthException {}

256
lib/classes/2FA/lib/TwoFactorAuth.php
View File

@@ -1,256 +0,0 @@
<?php
namespace RobThree\Auth;
use RobThree\Auth\Providers\Qr\IQRCodeProvider;
use RobThree\Auth\Providers\Rng\IRNGProvider;
use RobThree\Auth\Providers\Time\ITimeProvider;
// Based on / inspired by: https://github.com/PHPGangsta/GoogleAuthenticator
// Algorithms, digits, period etc. explained: https://github.com/google/google-authenticator/wiki/Key-Uri-Format
class TwoFactorAuth
{
private $algorithm;
private $period;
private $digits;
private $issuer;
private $qrcodeprovider = null;
private $rngprovider = null;
private $timeprovider = null;
private static $_base32dict = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567=';
private static $_base32;
private static $_base32lookup = array();
private static $_supportedalgos = array('sha1', 'sha256', 'sha512', 'md5');
function __construct($issuer = null, $digits = 6, $period = 30, $algorithm = 'sha1', IQRCodeProvider $qrcodeprovider = null, IRNGProvider $rngprovider = null, ITimeProvider $timeprovider = null)
{
$this->issuer = $issuer;
if (!is_int($digits) || $digits <= 0)
throw new TwoFactorAuthException('Digits must be int > 0');
$this->digits = $digits;
if (!is_int($period) || $period <= 0)
throw new TwoFactorAuthException('Period must be int > 0');
$this->period = $period;
$algorithm = strtolower(trim($algorithm));
if (!in_array($algorithm, self::$_supportedalgos))
throw new TwoFactorAuthException('Unsupported algorithm: ' . $algorithm);
$this->algorithm = $algorithm;
$this->qrcodeprovider = $qrcodeprovider;
$this->rngprovider = $rngprovider;
$this->timeprovider = $timeprovider;
self::$_base32 = str_split(self::$_base32dict);
self::$_base32lookup = array_flip(self::$_base32);
}
/**
* Create a new secret
*/
public function createSecret($bits = 80, $requirecryptosecure = true)
{
$secret = '';
$bytes = ceil($bits / 5); //We use 5 bits of each byte (since we have a 32-character 'alphabet' / BASE32)
$rngprovider = $this->getRngprovider();
if ($requirecryptosecure && !$rngprovider->isCryptographicallySecure())
throw new TwoFactorAuthException('RNG provider is not cryptographically secure');
$rnd = $rngprovider->getRandomBytes($bytes);
for ($i = 0; $i < $bytes; $i++)
$secret .= self::$_base32[ord($rnd[$i]) & 31]; //Mask out left 3 bits for 0-31 values
return $secret;
}
/**
* Calculate the code with given secret and point in time
*/
public function getCode($secret, $time = null)
{
$secretkey = $this->base32Decode($secret);
$timestamp = chr(0).chr(0).chr(0).chr(0) . pack('N*', $this->getTimeSlice($this->getTime($time))); // Pack time into binary string
$hashhmac = hash_hmac($this->algorithm, $timestamp, $secretkey, true); // Hash it with users secret key
$hashpart = substr($hashhmac, ord(substr($hashhmac, -1)) & 0x0F, 4); // Use last nibble of result as index/offset and grab 4 bytes of the result
$value = unpack('N', $hashpart); // Unpack binary value
$value = $value[1] & 0x7FFFFFFF; // Drop MSB, keep only 31 bits
return str_pad($value % pow(10, $this->digits), $this->digits, '0', STR_PAD_LEFT);
}
/**
* Check if the code is correct. This will accept codes starting from ($discrepancy * $period) sec ago to ($discrepancy * period) sec from now
*/
public function verifyCode($secret, $code, $discrepancy = 1, $time = null, &$timeslice = 0)
{
$timetamp = $this->getTime($time);
$timeslice = 0;
// To keep safe from timing-attacks we iterate *all* possible codes even though we already may have
// verified a code is correct. We use the timeslice variable to hold either 0 (no match) or the timeslice
// of the match. Each iteration we either set the timeslice variable to the timeslice of the match
// or set the value to itself. This is an effort to maintain constant execution time for the code.
for ($i = -$discrepancy; $i <= $discrepancy; $i++) {
$ts = $timetamp + ($i * $this->period);
$slice = $this->getTimeSlice($ts);
$timeslice = $this->codeEquals($this->getCode($secret, $ts), $code) ? $slice : $timeslice;
}
return $timeslice > 0;
}
/**
* Timing-attack safe comparison of 2 codes (see http://blog.ircmaxell.com/2014/11/its-all-about-time.html)
*/
private function codeEquals($safe, $user) {
if (function_exists('hash_equals')) {
return hash_equals($safe, $user);
}
// In general, it's not possible to prevent length leaks. So it's OK to leak the length. The important part is that
// we don't leak information about the difference of the two strings.
if (strlen($safe)===strlen($user)) {
$result = 0;
for ($i = 0; $i < strlen($safe); $i++)
$result |= (ord($safe[$i]) ^ ord($user[$i]));
return $result === 0;
}
return false;
}
/**
* Get data-uri of QRCode
*/
public function getQRCodeImageAsDataUri($label, $secret, $size = 200)
{
if (!is_int($size) || $size <= 0)
throw new TwoFactorAuthException('Size must be int > 0');
$qrcodeprovider = $this->getQrCodeProvider();
return 'data:'
. $qrcodeprovider->getMimeType()
. ';base64,'
. base64_encode($qrcodeprovider->getQRCodeImage($this->getQRText($label, $secret), $size));
}
/**
* Compare default timeprovider with specified timeproviders and ensure the time is within the specified number of seconds (leniency)
*/
public function ensureCorrectTime(array $timeproviders = null, $leniency = 5)
{
if ($timeproviders != null && !is_array($timeproviders))
throw new TwoFactorAuthException('No timeproviders specified');
if ($timeproviders == null)
$timeproviders = array(
new Providers\Time\NTPTimeProvider(),
new Providers\Time\HttpTimeProvider()
);
// Get default time provider
$timeprovider = $this->getTimeProvider();
// Iterate specified time providers
foreach ($timeproviders as $t) {
if (!($t instanceof ITimeProvider))
throw new TwoFactorAuthException('Object does not implement ITimeProvider');
// Get time from default time provider and compare to specific time provider and throw if time difference is more than specified number of seconds leniency
if (abs($timeprovider->getTime() - $t->getTime()) > $leniency)
throw new TwoFactorAuthException(sprintf('Time for timeprovider is off by more than %d seconds when compared to %s', $leniency, get_class($t)));
}
}
private function getTime($time)
{
return ($time === null) ? $this->getTimeProvider()->getTime() : $time;
}
private function getTimeSlice($time = null, $offset = 0)
{
return (int)floor($time / $this->period) + ($offset * $this->period);
}
/**
* Builds a string to be encoded in a QR code
*/
public function getQRText($label, $secret)
{
return 'otpauth://totp/' . rawurlencode($label)
. '?secret=' . rawurlencode($secret)
. '&issuer=' . rawurlencode($this->issuer)
. '&period=' . intval($this->period)
. '&algorithm=' . rawurlencode(strtoupper($this->algorithm))
. '&digits=' . intval($this->digits);
}
private function base32Decode($value)
{
if (strlen($value)==0) return '';
if (preg_match('/[^'.preg_quote(self::$_base32dict).']/', $value) !== 0)
throw new TwoFactorAuthException('Invalid base32 string');
$buffer = '';
foreach (str_split($value) as $char)
{
if ($char !== '=')
$buffer .= str_pad(decbin(self::$_base32lookup[$char]), 5, 0, STR_PAD_LEFT);
}
$length = strlen($buffer);
$blocks = trim(chunk_split(substr($buffer, 0, $length - ($length % 8)), 8, ' '));
$output = '';
foreach (explode(' ', $blocks) as $block)
$output .= chr(bindec(str_pad($block, 8, 0, STR_PAD_RIGHT)));
return $output;
}
/**
* @return IQRCodeProvider
* @throws TwoFactorAuthException
*/
public function getQrCodeProvider()
{
// Set default QR Code provider if none was specified
if (null === $this->qrcodeprovider) {
return $this->qrcodeprovider = new Providers\Qr\GoogleQRCodeProvider();
}
return $this->qrcodeprovider;
}
/**
* @return IRNGProvider
* @throws TwoFactorAuthException
*/
public function getRngprovider()
{
if (null !== $this->rngprovider) {
return $this->rngprovider;
}
if (function_exists('random_bytes')) {
return $this->rngprovider = new Providers\Rng\CSRNGProvider();
}
if (function_exists('mcrypt_create_iv')) {
return $this->rngprovider = new Providers\Rng\MCryptRNGProvider();
}
if (function_exists('openssl_random_pseudo_bytes')) {
return $this->rngprovider = new Providers\Rng\OpenSSLRNGProvider();
}
if (function_exists('hash')) {
return $this->rngprovider = new Providers\Rng\HashRNGProvider();
}
throw new TwoFactorAuthException('Unable to find a suited RNGProvider');
}
/**
* @return ITimeProvider
* @throws TwoFactorAuthException
*/
public function getTimeProvider()
{
// Set default time provider if none was specified
if (null === $this->timeprovider) {
return $this->timeprovider = new Providers\Time\LocalMachineTimeProvider();
}
return $this->timeprovider;
}
}

7
lib/classes/2FA/lib/TwoFactorAuthException.php
View File

@@ -1,7 +0,0 @@
<?php
namespace RobThree\Auth;
use Exception;
class TwoFactorAuthException extends \Exception {}

254
lib/classes/bulk/abstract.BulkAction.php
View File

@@ -1,254 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.10.0
*
*/
/**
* Abstract Class BulkAction to mass-import entities
*
* @author Michael Kaufmann (d00p) <d00p@froxlor.org>
*
*/
abstract class BulkAction
{
/**
* complete path including filename of file to be imported
*
* @var string
*/
private $_impFile = null;
/**
* customer id of the user the entity is being added to
*
* @var int
*/
private $_custId = null;
/**
* array of customer data read from the database
*
* @var array
*/
private $_custData = null;
/**
* api-function to call for addingg entity
*
* @var string
*/
private $api_call = null;
/**
* api-function parameter names, read from import-file (first line)
*
* @var array
*/
private $api_params = null;
/**
* errors while importing
*
* @var array
*/
private $errors = array();
/**
* class constructor, optionally sets file and customer-id
*
* @param string $import_file
* @param int $customer_id
*
* @return object BulkAction instance
*/
protected function __construct($import_file = null, $customer_id = 0)
{
if (! empty($import_file)) {
$this->_impFile = makeCorrectFile($import_file);
}
$this->_custId = $customer_id;
}
/**
* import the parsed import file data with an optional separator other then semicolon
* and offset (maybe for header-line in csv or similar)
*
* @param string $separator
* @param int $offset
*
* @return array 'all' => amount of records processed, 'imported' => number of imported records
*/
abstract public function doImport($separator = ";", $offset = 0);
/**
* setter for import-file
*
* @param string $import_file
*
* @return void
*/
public function setImportFile($import_file = null)
{
$this->_impFile = makeCorrectFile($import_file);
}
/**
* setter for customer-id
*
* @param int $customer_id
*
* @return void
*/
public function setCustomer($customer_id = 0)
{
$this->_custId = $customer_id;
}
/**
* return the list of errors
*
* @return array
*/
public function getErrors()
{
return $this->errors;
}
/**
* setter for api_call
*
* @param string $api_call
*
* @return void
*/
protected function setApiCall($api_call = "")
{
$this->api_call = $api_call;
}
protected function importEntity($data_array = null)
{
global $userinfo;
$module = substr($this->api_call, 0, strpos($this->api_call, "."));
$function = substr($this->api_call, strpos($this->api_call, ".") + 1);
$new_data = array();
foreach ($this->api_params as $idx => $param) {
if (isset($data_array[$idx]) && !empty($data_array[$idx]))
{
$new_data[$param] = $data_array[$idx];
}
}
$result = null;
try {
$json_result = $module::getLocal($userinfo, $new_data)->$function();
$result = json_decode($json_result, true)['data'];
} catch (Exception $e) {
$this->errors[] = $e->getMessage();
}
return !empty($result);
}
/**
* reads in the csv import file and returns an array with
* all the entites to be imported
*
* @param string $separator
*
* @return array
*/
protected function _parseImportFile($separator = ";")
{
if (empty($this->_impFile)) {
throw new Exception("No file was given for import");
}
if (! file_exists($this->_impFile)) {
throw new Exception("The file '" . $this->_impFile . "' could not be found");
}
if (! is_readable($this->_impFile)) {
throw new Exception("Unable to read file '" . $this->_impFile . "'");
}
$file_data = array();
$is_params_line = true;
$fh = @fopen($this->_impFile, "r");
if ($fh) {
while (($line = fgets($fh)) !== false) {
$tmp_arr = explode($separator, $line);
$data_arr = array();
foreach ($tmp_arr as $idx => $data) {
if ($is_params_line) {
$this->api_params[$idx] = $data;
} else {
$data_arr[$idx] = $data;
}
}
if ($is_params_line) {
$is_params_line = false;
continue;
}
$file_data[] = array_map("trim", $data_arr);
}
$this->api_params = array_map("trim", $this->api_params);
} else {
throw new Exception("Unable to open file '" . $this->_impFile . "'");
}
fclose($fh);
return $file_data;
}
/**
* to be called first in doImport() to read in customer and entity data
*/
protected function preImport()
{
$this->_readCustomerData();
if ($this->_custId <= 0) {
throw new Exception("Invalid customer selected");
}
if (is_null($this->_custData)) {
throw new Exception("Failed to read customer data");
}
}
/**
* reads customer data from panel_customer by $_custId
*
* @return bool
*/
protected function _readCustomerData()
{
$cust_stmt = Database::prepare("SELECT * FROM `" . TABLE_PANEL_CUSTOMERS . "` WHERE `customerid` = :cid");
$this->_custData = Database::pexecute_first($cust_stmt, array(
'cid' => $this->_custId
));
if (is_array($this->_custData) && isset($this->_custData['customerid']) && $this->_custData['customerid'] == $this->_custId) {
return true;
}
$this->_custData = null;
return false;
}
}

109
lib/classes/bulk/class.DomainBulkAction.php
View File

@@ -1,109 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2010 the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Michael Kaufmann <mkaufmann@nutime.de>
* @author Froxlor team <team@froxlor.org> (2010-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Cron
*
* @since 0.9.33
*
*/
/**
* Class DomainBulkAction to mass-import domains for a given customer
*
* @author Michael Kaufmann (d00p) <d00p@froxlor.org>
*
*/
class DomainBulkAction extends BulkAction
{
/**
*
* @return object DomainBulkAction instance
*/
public function __construct($import_file = null, $customer_id = 0)
{
parent::__construct($import_file, $customer_id);
$this->setApiCall('Domains.add');
}
/**
* import the parsed import file data with an optional separator other then semicolon
* and offset (maybe for header-line in csv or similar)
*
* @param string $separator
* @param int $offset
*
* @return array 'all' => amount of records processed, 'imported' => number of imported records
*/
public function doImport($separator = ";", $offset = 0)
{
$this->preImport();
// get the admins userinfo to check for domains_used, etc.
global $userinfo;
if ($userinfo['domains'] == "-1") {
$dom_unlimited = true;
} else {
$dom_unlimited = false;
}
$domains_used = (int) $userinfo['domains_used'];
$domains_avail = (int) $userinfo['domains'];
if (empty($separator) || strlen($separator) != 1) {
throw new Exception("Invalid separator specified: '" . $separator . "'");
}
if (! is_int($offset) || $offset < 0) {
throw new Exception("Invalid offset specified");
}
try {
$domain_array = $this->_parseImportFile($separator);
} catch (Exception $e) {
throw $e;
}
if (count($domain_array) <= 0) {
throw new Exception("No domains were read from the file.");
}
$global_counter = 0;
$import_counter = 0;
$note = '';
foreach ($domain_array as $idx => $dom) {
if ($idx >= $offset) {
if ($dom_unlimited || (! $dom_unlimited && $domains_used < $domains_avail)) {
$result = $this->importEntity($dom);
if ($result) {
$import_counter ++;
$domains_used ++;
}
} else {
$note .= 'You have reached your maximum allocation of domains (' . $domains_avail . ').';
break;
}
}
$global_counter ++;
}
return array(
'all' => $global_counter,
'imported' => $import_counter,
'notice' => $note
);
}
}

451
lib/classes/integrity/class.IntegrityCheck.php
View File

@@ -1,451 +0,0 @@
<?php
/**
* This file is part of the Froxlor project.
* Copyright (c) 2003-2009 the SysCP Team (see authors).
* Copyright (c) 2014- the Froxlor Team (see authors).
*
* For the full copyright and license information, please view the COPYING
* file that was distributed with this source code. You can also view the
* COPYING file online at http://files.froxlor.org/misc/COPYING.txt
*
* @copyright (c) the authors
* @author Florian Aders <eleras@froxlor.org>
* @author Froxlor team <team@froxlor.org> (2014-)
* @license GPLv2 http://files.froxlor.org/misc/COPYING.txt
* @package Integrity
*
* IntegrityCheck - class
*/
class IntegrityCheck {
// Store all available checks
public $available = array();
// logger object
private $_log = null;
/**
* Constructor
* Parses all available checks into $this->available
*/
public function __construct() {
global $userinfo;
if (!isset($userinfo) || !is_array($userinfo)) {
$userinfo = array('loginname' => 'integrity-check');
}
$this->_log = FroxlorLogger::getInstanceOf($userinfo);
$this->available = get_class_methods($this);
unset($this->available[array_search('__construct', $this->available)]);
unset($this->available[array_search('checkAll', $this->available)]);
unset($this->available[array_search('fixAll', $this->available)]);
sort($this->available);
}
/**
* Check all occurring integrity problems at once
*/
public function checkAll() {
$integrityok = true;
foreach ($this->available as $check) {
$integrityok = $this->$check() ? $integrityok : false;
}
return $integrityok;
}
/**
* Fix all occurring integrity problems at once with default settings
*/
public function fixAll() {
$integrityok = true;
foreach ($this->available as $check) {
$integrityok = $this->$check(true) ? $integrityok : false;
}
return $integrityok;
}
/**
* check whether the froxlor database and its tables are in utf-8 character-set
*
* @param bool $fix fix db charset/collation if not utf8
*
* @return boolean
*/
public function DatabaseCharset($fix = false) {
// get characterset
$cs_stmt = Database::prepare('SELECT default_character_set_name FROM information_schema.SCHEMATA WHERE schema_name = :dbname');
$resp = Database::pexecute_first($cs_stmt, array('dbname' => Database::getDbName()));
$charset = isset($resp['default_character_set_name']) ? $resp['default_character_set_name'] : null;
if (!empty($charset) && strtolower($charset) != 'utf8') {
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "database charset seems to be different from UTF-8, integrity-check can fix that");
if ($fix) {
// fix database
Database::query('ALTER DATABASE `' . Database::getDbName() . '` CHARACTER SET utf8 COLLATE utf8_general_ci');
// fix all tables
$handle = Database::query('SHOW FULL TABLES WHERE Table_type != "VIEW"');
while ($row = $handle->fetch(PDO::FETCH_BOTH)) {
$table = $row[0];
Database::query('ALTER TABLE `' . $table . '` CONVERT TO CHARACTER SET utf8 COLLATE utf8_general_ci;');
}
$this->_log->logAction(ADM_ACTION, LOG_WARNING, "database charset was different from UTF-8, integrity-check fixed that");
} else {
return false;
}
}
if ($fix) {
return $this->DatabaseCharset();
}
return true;
}
/**
* Check the integrity of the domain to ip/port - association
* @param $fix Fix everything found directly
*/
public function DomainIpTable($fix = false) {
$ips = array();
$domains = array();
$ipstodomains = array();
$admips = array();
if ($fix) {
// Prepare insert / delete statement for the fixes
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_DOMAINTOIP . "`
WHERE `id_domain` = :domainid AND `id_ipandports` = :ipandportid "
);
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_DOMAINTOIP . "`
SET `id_domain` = :domainid, `id_ipandports` = :ipandportid "
);
// Cache all IPs the admins have assigned
$adm_stmt = Database::prepare("SELECT `adminid`, `ip` FROM `" . TABLE_PANEL_ADMINS . "` ORDER BY `adminid` ASC");
Database::pexecute($adm_stmt);
$default_ips = explode(',', Settings::Get('system.defaultip'));
$default_ssl_ips = explode(',', Settings::Get('system.defaultsslip'));
while ($row = $adm_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row['ip'] < 0 || is_null($row['ip']) || empty($row['ip'])) {
// Admin uses default-IP
$admips[$row['adminid']] = array_merge($default_ips, $default_ssl_ips);
} else {
$admips[$row['adminid']] = array($row['ip']);
}
}
}
// Cache all available ip/port - combinations
$result_stmt = Database::prepare("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` ORDER BY `id` ASC");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
}
// Cache all configured domains
$result_stmt = Database::prepare("SELECT `id`, `adminid` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$domains[$row['id']] = $row['adminid'];
}
// Check if every domain to ip/port - association is valid in TABLE_DOMAINTOIP
$result_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "`");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if (!array_key_exists($row['id_ipandports'], $ips)) {
if ($fix) {
Database::pexecute($del_stmt, array('domainid' => $row['id_domain'], 'ipandportid' => $row['id_ipandports']));
$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found an ip/port-id in domain <> ip table which does not exist, integrity check fixed this");
} else {
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found an ip/port-id in domain <> ip table which does not exist, integrity check can fix this");
return false;
}
}
if (!array_key_exists($row['id_domain'], $domains)) {
if ($fix) {
Database::pexecute($del_stmt, array('domainid' => $row['id_domain'], 'ipandportid' => $row['id_ipandports']));
$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a domain-id in domain <> ip table which does not exist, integrity check fixed this");
} else {
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a domain-id in domain <> ip table which does not exist, integrity check can fix this");
return false;
}
}
// Save one IP/Port combination per domain, so we know, if one domain is missing an IP
$ipstodomains[$row['id_domain']] = $row['id_ipandports'];
}
// Check that all domains have at least one IP/Port combination
foreach ($domains as $domainid => $adminid) {
if (!array_key_exists($domainid, $ipstodomains)) {
if ($fix) {
foreach ($admips[$adminid] as $defaultip) {
Database::pexecute($ins_stmt, array('domainid' => $domainid, 'ipandportid' => $defaultip));
}
$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a domain-id with no entry in domain <> ip table, integrity check fixed this");
} else {
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a domain-id with no entry in domain <> ip table, integrity check can fix this");
return false;
}
}
}
if ($fix) {
return $this->DomainIpTable();
} else {
return true;
}
}
/**
* Check if all subdomains have ssl-redirect = 0 if domain has no ssl-port
* @param $fix Fix everything found directly
*/
public function SubdomainSslRedirect($fix = false) {
$ips = array();
$parentdomains = array();
$subdomains = array();
if ($fix) {
// Prepare update statement for the fixes
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "`
SET `ssl_redirect` = 0 WHERE `parentdomainid` = :domainid"
);
}
// Cache all ssl ip/port - combinations
$result_stmt = Database::prepare("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl` = 1 ORDER BY `id` ASC");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
}
// Cache all configured domains
$result_stmt = Database::prepare("SELECT `id`, `parentdomainid`, `ssl_redirect` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
$ip_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :domainid");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row['parentdomainid'] == 0) {
// All parentdomains by default have no ssl - ip/port
$parentdomains[$row['id']] = false;
Database::pexecute($ip_stmt, array('domainid' => $row['id']));
while ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {
// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to "true"
if (array_key_exists($iprow['id_ipandports'], $ips)) { $parentdomains[$row['id']] = true; }
}
} elseif ($row['ssl_redirect'] == 1) {
// All subdomains with enabled ssl_redirect enabled are stored
if (!isset($subdomains[$row['parentdomainid']])) { $subdomains[$row['parentdomainid']] = array(); }
$subdomains[$row['parentdomainid']][] = $row['id'];
}
}
// Check if every parentdomain with enabled ssl_redirect as SSL enabled
foreach ($parentdomains as $id => $sslavailable) {
// This parentdomain has no subdomains
if (!isset($subdomains[$id])) { continue; }
// This parentdomain has SSL enabled, doesn't matter what status the subdomains have
if ($sslavailable) { continue; }
// At this point only parentdomains reside which have ssl_redirect enabled subdomains
if ($fix) {
// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled
Database::pexecute($upd_stmt, array('domainid' => $id));
$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a subdomain with ssl_redirect=1 but parent-domain has ssl=0, integrity check fixed this");
} else {
// It's just the check, let the function fail
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a subdomain with ssl_redirect=1 but parent-domain has ssl=0, integrity check can fix this");
return false;
}
}
if ($fix) {
return $this->SubdomainSslRedirect();
} else {
return true;
}
}
/**
* Check if all subdomain have letsencrypt = 0 if domain has no ssl-port
* @param $fix Fix everything found directly
*/
public function SubdomainLetsencrypt($fix = false) {
$ips = array();
$parentdomains = array();
$subdomains = array();
if ($fix) {
// Prepare update statement for the fixes
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "`
SET `letsencrypt` = 0 WHERE `parentdomainid` = :domainid"
);
}
// Cache all ssl ip/port - combinations
$result_stmt = Database::prepare("SELECT `id`, `ip`, `port` FROM `" . TABLE_PANEL_IPSANDPORTS . "` WHERE `ssl` = 1 ORDER BY `id` ASC");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$ips[$row['id']] = $row['ip'] . ':' . $row['port'];
}
// Cache all configured domains
$result_stmt = Database::prepare("SELECT `id`, `parentdomainid`, `letsencrypt` FROM `" . TABLE_PANEL_DOMAINS . "` ORDER BY `id` ASC");
$ip_stmt = Database::prepare("SELECT `id_domain`, `id_ipandports` FROM `" . TABLE_DOMAINTOIP . "` WHERE `id_domain` = :domainid");
Database::pexecute($result_stmt);
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
if ($row['parentdomainid'] == 0) {
// All parentdomains by default have no ssl - ip/port
$parentdomains[$row['id']] = false;
Database::pexecute($ip_stmt, array('domainid' => $row['id']));
while ($iprow = $ip_stmt->fetch(PDO::FETCH_ASSOC)) {
// If the parentdomain has an ip/port assigned which we know is SSL enabled, set the parentdomain to "true"
if (array_key_exists($iprow['id_ipandports'], $ips)) { $parentdomains[$row['id']] = true; }
}
} elseif ($row['letsencrypt'] == 1) {
// All subdomains with enabled letsencrypt enabled are stored
if (!isset($subdomains[$row['parentdomainid']])) { $subdomains[$row['parentdomainid']] = array(); }
$subdomains[$row['parentdomainid']][] = $row['id'];
}
}
// Check if every parentdomain with enabled letsencrypt as SSL enabled
foreach ($parentdomains as $id => $sslavailable) {
// This parentdomain has no subdomains
if (!isset($subdomains[$id])) { continue; }
// This parentdomain has SSL enabled, doesn't matter what status the subdomains have
if ($sslavailable) { continue; }
// At this point only parentdomains reside which have letsencrypt enabled subdomains
if ($fix) {
// We make a blanket update to all subdomains of this parentdomain, doesn't matter which one is wrong, all have to be disabled
Database::pexecute($upd_stmt, array('domainid' => $id));
$this->_log->logAction(ADM_ACTION, LOG_WARNING, "found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check fixed this");
} else {
// It's just the check, let the function fail
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "found a subdomain with letsencrypt=1 but parent-domain has ssl=0, integrity check can fix this");
return false;
}
}
if ($fix) {
return $this->SubdomainLetsencrypt();
} else {
return true;
}
}
/**
* check whether the webserveruser is in
* the customers groups when fcgid / php-fpm is used
*
* @param bool $fix fix member/groups
*
* @return boolean
*/
public function WebserverGroupMemberForFcgidPhpFpm($fix = false) {
if (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0) {
return true;
}
// get all customers that don't have the webserver-user in their group
$cwg_stmt = Database::prepare("
SELECT `id` FROM `".TABLE_FTP_GROUPS."` WHERE NOT FIND_IN_SET(:webserveruser, `members`)
");
Database::pexecute($cwg_stmt, array('webserveruser' => Settings::Get('system.httpuser')));
if ($cwg_stmt->rowCount() > 0) {
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "Customers are missing the webserver-user as group-member, integrity-check can fix that");
if ($fix) {
// prepare update statement
$upd_stmt = Database::prepare("
UPDATE `".TABLE_FTP_GROUPS."` SET `members` = CONCAT(`members`, :additionaluser)
WHERE `id` = :id
");
$upd_data = array('additionaluser' => ",".Settings::Get('system.httpuser'));
while ($cwg_row = $cwg_stmt->fetch()) {
$upd_data['id'] = $cwg_row['id'];
Database::pexecute($upd_stmt, $upd_data);
}
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "Customers were missing the webserver-user as group-member, integrity-check fixed that");
} else {
return false;
}
}
if ($fix) {
return $this->WebserverGroupMemberForFcgidPhpFpm();
}
return true;
}
/**
* check whether the local froxlor user is in
* the customers groups when fcgid / php-fpm and
* fcgid/fpm in froxlor vhost is used
*
* @param bool $fix fix member/groups
*
* @return boolean
*/
public function FroxlorLocalGroupMemberForFcgidPhpFpm($fix = false) {
if (Settings::Get('system.mod_fcgid') == 0 && Settings::Get('phpfpm.enabled') == 0) {
return true;
}
if (Settings::get('system.mod_fcgid') == 1) {
if (Settings::get('system.mod_fcgid_ownvhost') == 0) {
return true;
} else {
$localuser = Settings::Get('system.mod_fcgid_httpuser');
}
}
if (Settings::get('phpfpm.enabled') == 1) {
if (Settings::get('phpfpm.enabled_ownvhost') == 0) {
return true;
} else {
$localuser = Settings::Get('phpfpm.vhost_httpuser');
}
}
// get all customers that don't have the webserver-user in their group
$cwg_stmt = Database::prepare("
SELECT `id` FROM `".TABLE_FTP_GROUPS."` WHERE NOT FIND_IN_SET(:localuser, `members`)
");
Database::pexecute($cwg_stmt, array('localuser' => $localuser));
if ($cwg_stmt->rowCount() > 0) {
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "Customers are missing the local froxlor-user as group-member, integrity-check can fix that");
if ($fix) {
// prepare update statement
$upd_stmt = Database::prepare("
UPDATE `".TABLE_FTP_GROUPS."` SET `members` = CONCAT(`members`, :additionaluser)
WHERE `id` = :id
");
$upd_data = array('additionaluser' => ",".$localuser);
while ($cwg_row = $cwg_stmt->fetch()) {
$upd_data['id'] = $cwg_row['id'];
Database::pexecute($upd_stmt, $upd_data);
}
$this->_log->logAction(ADM_ACTION, LOG_NOTICE, "Customers were missing the local froxlor-user as group-member, integrity-check fixed that");
} else {
return false;
}
}
if ($fix) {
return $this->FroxlorLocalGroupMemberForFcgidPhpFpm();
}
return true;
}
}