%PDF- %PDF-
Direktori : /proc/thread-self/root/proc/self/root/usr/local/lsws/admin/html/classes/ws/ |
Current File : //proc/thread-self/root/proc/self/root/usr/local/lsws/admin/html/classes/ws/CLIENT.php |
<?php class CLIENT { const UTYPE = 'LSWS' ; private $id = '' ; private $id_field = "lsws_uid" ; private $pass = '' ; private $pass_field = "lsws_pass" ; private $secret = null ; private $token = '' ; private $timeout = 0 ; private $valid = false ; private $changed = false ; //limit array size per stat.. private $stat_limit = 60 ; private static $_instance = null ; // prevent an object from being constructed private function __construct() { } public static function singleton() { if ( ! isset(self::$_instance) ) { $c = __CLASS__ ; self::$_instance = new $c ; self::$_instance->init() ; } return self::$_instance ; } public function getToken() { return $this->token ; } public function hasChanged() { return $this->changed ; } public function setChanged($changed=true) { $this->changed = $changed; } public function init() { session_name(self::UTYPE . 'WEBUI') ; // to prevent conflicts with other app sessions session_start() ; if ( ! array_key_exists('secret', $_SESSION) ) { $_SESSION['secret'] = 'litespeedrocks' ; } if ( ! array_key_exists('changed', $_SESSION) ) { $_SESSION['changed'] = false ; } if ( ! array_key_exists('valid', $_SESSION) ) { $_SESSION['valid'] = false ; } if ( ! array_key_exists('timeout', $_SESSION) ) { $_SESSION['timeout'] = 0 ; } if ( ! array_key_exists('token', $_SESSION) ) { $_SESSION['token'] = microtime() ; } $this->valid = &$_SESSION['valid'] ; $this->changed = &$_SESSION['changed'] ; $this->secret = &$_SESSION['secret'] ; $this->timeout = &$_SESSION['timeout'] ; $this->token = $_SESSION['token'] ; if ( $this->valid == true ) { if ( array_key_exists('lastaccess', $_SESSION) ) { if ( $this->timeout > 0 && time() - $_SESSION['lastaccess'] > $this->timeout ) { $this->clear() ; header("location:/login.php?timedout=1") ; die() ; } $this->id = DUtil::grab_input('cookie', $this->id_field) ; $this->pass = DUtil::grab_input('cookie', $this->pass_field) ; } $this->updateAccessTime() ; } } public function isValid() { if ($this->valid !== true) { return false; } // otherwise enforce referrer exists if (!isset($_SERVER['HTTP_REFERER'])) { return false; } if (strpos($_SERVER['HTTP_REFERER'], $_SERVER['HTTP_HOST']) === false) { return false; } return true; } public function store( $uid, $pass ) { $domain = $_SERVER['HTTP_HOST']; if ($pos = strpos($domain, ':')) { $domain = substr($domain, 0, $pos); } $secure = !empty($_SERVER['HTTPS']); $httponly = true; setcookie($this->id_field, $uid, 0, '/', $domain, $secure, $httponly) ; setcookie($this->pass_field, $pass, 0, '/', $domain, $secure, $httponly) ; $this->updateAccessTime() ; $this->valid = true ; } public function getIdData() { return array('id' => $this->id, 'pass' => $this->pass, 'sec0' => $this->secret[0], 'sec1' => $this->secret[1]); } public function setSecret( $secret ) { $this->secret = $secret ; } public function getTimeout() { return $this->timeout ; } public function setTimeout( $timeout ) { $this->timeout = (int) $timeout ; } public function updateAccessTime() { $_SESSION['lastaccess'] = time() ; } public function clear() { $this->valid = false ; session_destroy() ; session_unset() ; $outdated = time() - 3600 * 24 * 30 ; setcookie($this->id_field, '', $outdated, "/") ; setcookie($this->pass_field, '', $outdated, "/") ; setcookie(session_name(), '', $outdated, "/") ; } private function authuser( $authUser, $authPass ) { $auth = false ; $authUser1 = escapeshellcmd($authUser); if (($authUser === $authUser1) && !preg_match('/[:\/]/', $authUser) && strlen($authUser) && strlen($authPass) ) { $filename = DUtil::grab_input("server", "LS_SERVER_ROOT") . 'admin/conf/htpasswd' ; $fd = fopen($filename, 'r') ; if ( ! $fd ) { return false ; } $all = trim(fread($fd, filesize($filename))) ; fclose($fd) ; $lines = explode("\n", $all) ; foreach ( $lines as $line ) { list($user, $hash) = explode(':', $line) ; if ( $user == $authUser ) { $encypt = crypt($authPass, $hash) ; if ( $hash == $encypt ) { $auth = true ; break ; } } } } return $auth ; } public function authenticate( $authUser, $authPass ) { $auth = $this->authuser($authUser, $authPass); if ( ! $auth ) { $this->emailNotify(escapeshellcmd($authUser)); } return $auth ; } public function reauthenticate() { $uid = PMA_blowfish_decrypt( $this->id, $this->secret[0]); $password = PMA_blowfish_decrypt( $this->pass, $this->secret[1]); if (!$this->authuser($uid, $password)) { $this->clear() ; header("location:/login.php?timedout=2") ; die() ; } } protected function emailNotify($userid) { // log in error log $ip = $_SERVER["REMOTE_ADDR"]; $uri = $_SERVER['SCRIPT_URI']; error_log("[WebAdmin Console] Failed Login Attempt - username: $userid ip: $ip url: $uri\n"); // email notice $confcenter = ConfCenter::singleton(); $emails = $confcenter->GetAdminEmails(); if ($emails != '') { $date = date("F j, Y, g:i a"); $subject = 'LiteSpeed Web Server Admin Console Failed Login Attempt'; $contents = "A recent login attempt to LiteSpeed Web Server WebAdmin console failed. Details of the attempt are below.\n Date/Time: $date Username: $userid IP Address: $ip URL: $uri If you do not recognize the IP address, please follow below recommended ways to secure your admin console: 1. set access allowed list to limit certain IP that can access under WebConsole->Admin->Security tab; 2. change the listener port from default value 7080; 3. do not use simple password; 4. use a real SSL certificate for admin console to replace the default self-signed one. "; $result = mail($emails, $subject, $contents); } } //persistent stats public function &getStat( $key ) { $key = "stat_$key" ; if ( isset($_SESSION[$key]) ) { return $_SESSION[$key] ; } else { $temp = null ; return $temp ; } } public function addStat( $key, &$data ) { $result = &$this->getStat($key) ; $sess_key = "stat_$key" ; $sess_keylock = "{$key}_lock_" ; if ( $result != null ) { $curtime = time() ; $time_span = $curtime - $_SESSION[$sess_keylock] ; if ( isset($_SESSION[$sess_keylock]) ) { if ( $time_span <= 1 ) { //multiple stats windows open...check locks echo("multiple stats windows open\n") ; return false ; } elseif ( $time_span > 70 ) { //data is stale $_SESSION[$sess_key] = null ; echo ("data is stale\n") ; return false ; } } //incoming data's column set does not match that of store data if ( count($data) != count($result) ) { echo("incoming data's column set does not match that of the stored data.\n") ; return false ; } //max item 30 reached...shorten array by 1 from head if ( count($result[0]) >= $this->stat_limit ) { foreach ( $result as $index => $set ) { while ( count($result[$index]) >= $this->stat_limit ) { array_shift($result[$index]) ; } } } //add data foreach ( $result as $index => $set ) { $result[$index][] = $data[$index] ; } $_SESSION[$sess_keylock] = $curtime ; return true ; } else { $result = [] ; //init data foreach ( $data as $index => $value ) { $result[$index] = [] ; $result[$index][] = $value ; } $_SESSION[$sess_key] = &$result ; $_SESSION[$sess_keylock] = $curtime ; return true ; } } }