projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Moving to GitHub.
[platal.git] / include / security.inc.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2014 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 /******************************************************************************
23 * Security functions
24 *****************************************************************************/
25
26 function check_ip($level)
27 {
28 if (empty($_SERVER['REMOTE_ADDR'])) {
29 return false;
30 }
31 if (empty($_SESSION['check_ip'])) {
32 $ips = array();
33 if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
34 $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
35 }
36 $ips[] = $_SERVER['REMOTE_ADDR'];
37 foreach ($ips as $key=>$ip) {
38 $v = ip_to_uint($ip);
39 if (is_null($v)) {
40 unset($ips[$key]);
41 } else {
42 $ips[$key] = '(ip & mask) = (' . $v . '& mask)';
43 }
44 }
45 $res = XDB::query('SELECT state, description
46 FROM ip_watch
47 WHERE ' . implode(' OR ', $ips) . '
48 ORDER BY state DESC');
49 if ($res->numRows()) {
50 $state = $res->fetchOneAssoc();
51 $_SESSION['check_ip'] = $state['state'];
52 $_SESSION['check_ip_desc'] = $state['description'];
53 } else {
54 $_SESSION['check_ip'] = 'safe';
55 }
56 }
57 $test = array();
58 switch ($level) {
59 case 'unsafe': $test[] = 'unsafe';
60 case 'dangerous': $test[] = 'dangerous';
61 case 'ban': $test[] = 'ban'; break;
62 default: return false;
63 }
64 return in_array($_SESSION['check_ip'], $test);
65 }
66
67 function check_email($email, $message)
68 {
69 $res = XDB::fetchOneCell('SELECT COUNT(*)
70 FROM email_watch
71 WHERE state != \'safe\' AND email = {?}',
72 $email);
73 if ($res) {
74 send_warning_mail($message);
75 return true;
76 }
77 return false;
78 }
79
80 function check_account()
81 {
82 if (S::user()) {
83 return S::user()->watch;
84 }
85 return false;
86 }
87
88 function check_redirect($red = null)
89 {
90 require_once 'emails.inc.php';
91 if (is_null($red)) {
92 $user = S::user();
93 $red = new Redirect($user);
94 }
95 if ($red->get_uid() == S::v('uid')) {
96 $_SESSION['no_redirect'] = !$red->other_active('');
97 $_SESSION['mx_failures'] = $red->get_broken_mx();
98 }
99 }
100
101 function send_warning_mail($title, $body = '')
102 {
103 global $globals;
104 $mailer = new PlMailer();
105 $mailer->setFrom("webmaster@" . $globals->mail->domain);
106 $mailer->addTo($globals->core->admin_email);
107 $mailer->setSubject("[Plat/al Security Alert] $title");
108 // Note: we can't do $session = var_export($_SESSION, true) as var_export
109 // doesn't handle circular dependency correctly.
110 ob_start();
111 var_dump($_SESSION);
112 $session = ob_get_clean();
113 $mailer->setTxtBody($body . "Identifiants de session :\n" . $session . "\n\n"
114 ."Identifiants de connexion :\n" . var_export($_SERVER, true));
115 $mailer->send();
116 }
117
118 function kill_sessions()
119 {
120 assert(S::admin());
121 shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh');
122 }
123
124 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
125 ?>
plat/al