composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Enhancement : new configuration option (secure_conenction_required) to force the use of HTTPS to connect to iTop. The redirection http -> https is still buggy but the usage of https is enforced anyway.

Browse Source 
SVN:trunk[324]
This commit is contained in:
Denis Flaven
2010-04-12 12:19:12 +00:00
parent c4a51c31c9
commit 37ccd94828
3 changed files with 72 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
application/loginwebpage.class.inc.php
View File

@@ -75,21 +75,50 @@ h1 {
}
// Finally, destroy the session.
session_destroy();
}
static function SecureConnectionRequired()
{
$oConfig = new Config(ITOP_CONFIG_FILE);
return $oConfig->GetSecureConnectionRequired();
}
static function IsConnectionSecure()
{
$bSecured = false;
if ( !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!= 'off') )
{
$bSecured = true;
}
return $bSecured;
}
static function DoLogin()
{
$operation = utils::ReadParam('loginop', '');
if (self::SecureConnectionRequired() && !self::IsConnectionSecure())
{
// Non secured URL... redirect to a secured one
$sUrl = Utils::GetAbsoluteUrl(true /* query string */, true /* force HTTPS */);
header("Location: $sUrl");
exit;
}
$operation = utils::ReadParam('loginop', '');
session_start();
if ($operation == 'logoff')
{
self::ResetSession();
}
if (!isset($_SESSION['auth_user']) || !isset($_SESSION['auth_pwd']))
{
if ($operation == 'login')
if ($operation == 'loginurl')
{
$sAuthUser = utils::ReadParam('auth_user', '', 'get');
$sAuthPwd = utils::ReadParam('auth_pwd', '', 'get');
}
else if ($operation == 'login')
{
$sAuthUser = utils::ReadParam('auth_user', '', 'post');
$sAuthPwd = utils::ReadParam('auth_pwd', '', 'post');
@@ -106,9 +135,9 @@ h1 {
{
$sAuthUser = $_SESSION['auth_user'];
$sAuthPwd = $_SESSION['auth_pwd'];
}
}
if (!UserRights::Login($sAuthUser, $sAuthPwd))
{
{
self::ResetSession();
$oPage = new LoginWebPage();
$oPage->DisplayLoginForm( true /* failed attempt */);
@@ -119,8 +148,8 @@ h1 {
{
$_SESSION['auth_user'] = $sAuthUser ;
$_SESSION['auth_pwd'] = $sAuthPwd;
}
}
}
} // End of class
?>

26
application/utils.inc.php
View File

@@ -153,18 +153,26 @@ class utils
* @param $bQueryString bool True to also get the query string, false otherwise
* @return string The absolute URL to the current page
*/
static public function GetAbsoluteUrl($bQueryString = true)
static public function GetAbsoluteUrl($bQueryString = true, $bForceHTTPS = false)
{
// Build an absolute URL to this page on this server/port
$sServerName = $_SERVER['SERVER_NAME'];
$sProtocol = isset($_SERVER['HTTPS']) ? 'https' : 'http';
if ($sProtocol == 'http')
{
$sPort = ($_SERVER['SERVER_PORT'] == 80) ? '' : ':'.$_SERVER['SERVER_PORT'];
$sServerName = $_SERVER['SERVER_NAME'];
if ($bForceHTTPS)
{
$sProtocol = 'https';
$sPort = '';
}
else
{
$sPort = ($_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
else
{
$sProtocol = isset($_SERVER['HTTPS']) ? 'https' : 'http';
if ($sProtocol == 'http')
{
$sPort = ($_SERVER['SERVER_PORT'] == 80) ? '' : ':'.$_SERVER['SERVER_PORT'];
}
else
{
$sPort = ($_SERVER['SERVER_PORT'] == 443) ? '' : ':'.$_SERVER['SERVER_PORT'];
}
}
// $_SERVER['REQUEST_URI'] is empty when running on IIS
// Let's use Ivan Tcholakov's fix (found on www.dokeos.com)

19
core/config.class.inc.php
View File

@@ -20,6 +20,7 @@ define ('DEFAULT_MIN_DISPLAY_LIMIT', 10);
define ('DEFAULT_MAX_DISPLAY_LIMIT', 15);
define ('DEFAULT_STANDARD_RELOAD_INTERVAL', 5*60);
define ('DEFAULT_FAST_RELOAD_INTERVAL', 1*60);
define ('DEFAULT_SECURE_CONNECTION_REQUIRED', false);
class Config
{
@@ -54,6 +55,11 @@ class Config
*/
protected $m_iFastReloadInterval;
/**
* @var boolean Whether or not a secure connection is required for using the application
*/
protected $m_bSecureConnectionRequired;
public function __construct($sConfigFile, $bLoadConfig = true)
{
$this->m_sFile = $sConfigFile;
@@ -70,6 +76,7 @@ class Config
$this->m_iMaxDisplayLimit = DEFAULT_MAX_DISPLAY_LIMIT;
$this->m_iStandardReloadInterval = DEFAULT_STANDARD_RELOAD_INTERVAL;
$this->m_iFastReloadInterval = DEFAULT_FAST_RELOAD_INTERVAL;
$this->m_bSecureConnectionRequired = DEFAULT_SECURE_CONNECTION_REQUIRED;
if ($bLoadConfig)
{
$this->Load($sConfigFile);
@@ -151,6 +158,7 @@ class Config
$this->m_iMaxDisplayLimit = isset($MySettings['max_display_limit']) ? trim($MySettings['max_display_limit']) : DEFAULT_MAX_DISPLAY_LIMIT;
$this->m_iStandardReloadInterval = isset($MySettings['standard_reload_interval']) ? trim($MySettings['standard_reload_interval']) : DEFAULT_STANDARD_RELOAD_INTERVAL;
$this->m_iFastReloadInterval = isset($MySettings['fast_reload_interval']) ? trim($MySettings['fast_reload_interval']) : DEFAULT_FAST_RELOAD_INTERVAL;
$this->m_bSecureConnectionRequired = isset($MySettings['secure_connection_required']) ? trim($MySettings['secure_connection_required']) : DEFAULT_SECURE_CONNECTION_REQUIRED;
}
protected function Verify()
@@ -229,6 +237,11 @@ class Config
return $this->m_iFastReloadInterval;
}
public function GetSecureConnectionRequired()
{
return $this->m_bSecureConnectionRequired;
}
public function SetDBHost($sDBHost)
{
$this->m_sDBHost = $sDBHost;
@@ -274,6 +287,11 @@ class Config
$this->m_iFastReloadInterval = $iFastReloadInterval;
}
public function SetSecureConnectionRequired($bSecureConnectionRequired)
{
$this->m_bSecureConnectionRequired = $bSecureConnectionRequired;
}
public function FileIsWritable()
{
return is_writable($this->m_sFile);
@@ -315,6 +333,7 @@ class Config
fwrite($hFile, "\t'max_display_limit' => {$this->m_iMaxDisplayLimit},\n");
fwrite($hFile, "\t'standard_reload_interval' => {$this->m_iStandardReloadInterval},\n");
fwrite($hFile, "\t'fast_reload_interval' => {$this->m_iFastReloadInterval},\n");
fwrite($hFile, "\t'secure_connection_required' => ".($this->m_bSecureConnectionRequired ? 'true' : 'false').",\n");
fwrite($hFile, ");\n");
fwrite($hFile, "\n/**\n");