From f70027ffbedce10f412868a7bf9b0b67b113f1b1 Mon Sep 17 00:00:00 2001 From: M.Gergo Date: Sun, 20 Jan 2019 11:48:48 +0100 Subject: Rev: 4423 --- mayor-installer-orig/log/mayor-installer.rev | 2 +- mayor-orig/install/base/mysql/mayor-login.sql | 15 + mayor-orig/log/mayor-base.rev | 2 +- mayor-orig/log/mayor-naplo.rev | 2 +- mayor-orig/log/mayor-portal.rev | 2 +- mayor-orig/update/pre004412-1-mayor_login.sql | 27 + mayor-orig/www/include/base/log.php | 2 +- mayor-orig/www/include/base/login.php | 23 +- mayor-orig/www/include/base/rights.php | 69 +- mayor-orig/www/include/modules/auth/base/token.php | 116 ++ .../www/include/modules/portal/share/hirek.php | 1 + .../www/include/modules/session/accountInfo.php | 16 + mayor-orig/www/include/share/auth/base.php | 6 +- mayor-orig/www/include/share/session/base.php | 8 +- mayor-orig/www/include/share/session/close.php | 2 + .../policy/private/naplo/intezmeny/terem-pre.php | 3 + .../www/policy/private/naplo/intezmeny/terem.php | 2 +- .../www/policy/private/portal/hirek/hirek-pre.php | 5 +- .../policy/private/portal/portal/portal-pre.php | 8 +- .../www/policy/private/session/accountInfo-pre.php | 23 +- .../www/policy/private/session/accountInfo.php | 2 + .../www/policy/private/session/eduroam-pre.php | 5 + mayor-orig/www/policy/private/session/eduroam.php | 0 .../private/session/search/searchAccount-pre.php | 1 + .../private/session/search/searchAccount.php | 2 +- .../public/password/changeMyPassword-pre.php | 3 + .../www/policy/public/portal/portal/portal-pre.php | 22 +- .../www/policy/public/session/logout-pre.php | 1 + mayor-orig/www/skin/classic/base/css/base.css | 2 +- mayor-orig/www/skin/classic/base/html/base.phtml | 2 +- .../www/skin/classic/base/img/Eduroam_Logo.svg | 2063 ++++++++++++++++++++ .../module-naplo/html/intezmeny/terem.phtml | 7 +- .../www/skin/classic/module-portal/css/portal.css | 16 +- .../classic/module-portal/html/share/hirek.phtml | 39 +- .../classic/module-session/html/accountInfo.phtml | 31 +- mayor-orig/www/skin/default/base/html/base.phtml | 11 +- rev.txt | 2 +- 37 files changed, 2442 insertions(+), 101 deletions(-) create mode 100644 mayor-orig/update/pre004412-1-mayor_login.sql create mode 100644 mayor-orig/www/include/modules/auth/base/token.php create mode 100644 mayor-orig/www/policy/private/session/eduroam-pre.php create mode 100644 mayor-orig/www/policy/private/session/eduroam.php create mode 100644 mayor-orig/www/skin/classic/base/img/Eduroam_Logo.svg diff --git a/mayor-installer-orig/log/mayor-installer.rev b/mayor-installer-orig/log/mayor-installer.rev index 4a3510ca..e2ba7ca0 100644 --- a/mayor-installer-orig/log/mayor-installer.rev +++ b/mayor-installer-orig/log/mayor-installer.rev @@ -1 +1 @@ -4412 +4423 diff --git a/mayor-orig/install/base/mysql/mayor-login.sql b/mayor-orig/install/base/mysql/mayor-login.sql index d0f12845..d61e3404 100644 --- a/mayor-orig/install/base/mysql/mayor-login.sql +++ b/mayor-orig/install/base/mysql/mayor-login.sql @@ -182,3 +182,18 @@ CREATE TABLE `eduroam` ( UNIQUE KEY `eduroamUID` (`eduroamUID`), UNIQUE KEY `userAccount` (`userAccount`,`policy`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_hungarian_ci; + +CREATE TABLE `authToken` ( + `tokenId` int(11) unsigned NOT NULL AUTO_INCREMENT, + `policy` enum('private','parent','public') COLLATE utf8_hungarian_ci NOT NULL, + `userAccount` varchar(32) COLLATE utf8_hungarian_ci NOT NULL, + `userCn` varchar(64) COLLATE utf8_hungarian_ci NOT NULL, + `studyId` bigint(20) unsigned DEFAULT NULL, + `selector` char(16) COLLATE utf8_hungarian_ci DEFAULT NULL, + `token` char(64) COLLATE utf8_hungarian_ci DEFAULT NULL, + `expires` datetime DEFAULT NULL, + `ipAddress` varchar(64) COLLATE utf8_hungarian_ci DEFAULT NULL, + `activity` datetime DEFAULT NULL, + PRIMARY KEY (`tokenId`), + UNIQUE KEY `selector` (`selector`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_hungarian_ci; diff --git a/mayor-orig/log/mayor-base.rev b/mayor-orig/log/mayor-base.rev index 4a3510ca..e2ba7ca0 100644 --- a/mayor-orig/log/mayor-base.rev +++ b/mayor-orig/log/mayor-base.rev @@ -1 +1 @@ -4412 +4423 diff --git a/mayor-orig/log/mayor-naplo.rev b/mayor-orig/log/mayor-naplo.rev index 4a3510ca..e2ba7ca0 100644 --- a/mayor-orig/log/mayor-naplo.rev +++ b/mayor-orig/log/mayor-naplo.rev @@ -1 +1 @@ -4412 +4423 diff --git a/mayor-orig/log/mayor-portal.rev b/mayor-orig/log/mayor-portal.rev index 4a3510ca..e2ba7ca0 100644 --- a/mayor-orig/log/mayor-portal.rev +++ b/mayor-orig/log/mayor-portal.rev @@ -1 +1 @@ -4412 +4423 diff --git a/mayor-orig/update/pre004412-1-mayor_login.sql b/mayor-orig/update/pre004412-1-mayor_login.sql new file mode 100644 index 00000000..b1b414ae --- /dev/null +++ b/mayor-orig/update/pre004412-1-mayor_login.sql @@ -0,0 +1,27 @@ +DELIMITER $$ +DROP PROCEDURE IF EXISTS upgrade_database_4412 $$ +CREATE PROCEDURE upgrade_database_4412() +BEGIN + IF NOT EXISTS ( + SELECT * FROM information_schema.TABLES WHERE TABLE_SCHEMA=DATABASE() AND TABLE_NAME='authToken' + ) THEN + +CREATE TABLE `authToken` ( + `tokenId` int(11) unsigned NOT NULL AUTO_INCREMENT, + `policy` enum('private','parent','public') COLLATE utf8_hungarian_ci NOT NULL, + `userAccount` varchar(32) COLLATE utf8_hungarian_ci NOT NULL, + `userCn` varchar(64) COLLATE utf8_hungarian_ci NOT NULL, + `studyId` bigint(20) unsigned DEFAULT NULL, + `selector` char(16) COLLATE utf8_hungarian_ci DEFAULT NULL, + `token` char(64) COLLATE utf8_hungarian_ci DEFAULT NULL, + `expires` datetime DEFAULT NULL, + `ipAddress` varchar(64) COLLATE utf8_hungarian_ci DEFAULT NULL, + `activity` datetime DEFAULT NULL, + PRIMARY KEY (`tokenId`), + UNIQUE KEY `selector` (`selector`) +) ENGINE=InnoDB AUTO_INCREMENT=23 DEFAULT CHARSET=utf8 COLLATE=utf8_hungarian_ci; + +END IF; +END $$ +DELIMITER ; $$ +CALL upgrade_database_4412(); diff --git a/mayor-orig/www/include/base/log.php b/mayor-orig/www/include/base/log.php index 0b8f6fd1..14e214a9 100644 --- a/mayor-orig/www/include/base/log.php +++ b/mayor-orig/www/include/base/log.php @@ -5,7 +5,7 @@ function naploz($aCode) function szamlal($policy,$page) */ - + define('CLIENTIPADDRESS',_clientIp()); function _clientIp() { return ($_SERVER['HTTP_X_FORWARDED_FOR']!='')?$_SERVER['HTTP_X_FORWARDED_FOR']:$_SERVER['REMOTE_ADDR']; } diff --git a/mayor-orig/www/include/base/login.php b/mayor-orig/www/include/base/login.php index da3217a9..4624a92a 100644 --- a/mayor-orig/www/include/base/login.php +++ b/mayor-orig/www/include/base/login.php @@ -1,6 +1,6 @@ $userAccount, 'policy'=>$toPolicy, 'userCn'=>$accountInformation['cn'], 'studyId'=>$accountInformation['studyId'])); // --TODO untrusted clients if ($toSkin == '') $toSkin = $skin; header('Location: '.location("index.php?page=$toPage&sub=$toSub&f=$toF&sessionID=$sessionID&policy=$toPolicy&lang=$lang&skin=$toSkin", array('alertOLD'))); break; diff --git a/mayor-orig/www/include/base/rights.php b/mayor-orig/www/include/base/rights.php index 1f3eed0f..dc6b7aa7 100644 --- a/mayor-orig/www/include/base/rights.php +++ b/mayor-orig/www/include/base/rights.php @@ -1,4 +1,9 @@ md5($sessionID), 'value'=>$value, 'store'=> $extraHash, 'pwHash'=>$pwHash); + return array('name'=>($sessionID), 'value'=>$value, 'store'=> $extraHash, 'pwHash'=>$pwHash); } function sessionCookieDecode($sessionID) { - return explode('g',base64_decode($_COOKIE[md5($sessionID)])); + return explode('g',base64_decode($_COOKIE[($sessionID)])); } function pseudoTokenGenerator() { @@ -68,10 +71,8 @@ function pseudoTokenGenerator() { # Azonosított user ellenőrzése a session tábla alapján ###################################################################### - - function validUser($sessionID,$policy,$skin='',$lang='') { - + global $page; if (_RUNLEVEL === 'cron') { define('_USERPASSWORD','MaYoR-cron'); define('_USERACCOUNT','MaYoR-cron'); @@ -82,31 +83,25 @@ function validUser($sessionID,$policy,$skin='',$lang='') { return true; } +// if ($sessionID == '' || $MAYORAPIAUTH['valid']!==true) { if ($sessionID == '') { - - if ($policy == _POLICY) { + $MAYORAPIAUTH = mayorApiAuth(); // van-e hosszulejáratu session-je + if ($policy == _POLICY && $MAYORAPIAUTH['valid']!==true) { define('_USERPASSWORD',''); define('_USERACCOUNT',''); define('_USERCN',''); define('_STUDYID',''); -// define('_SKIN',$skin); define('_LANG',$lang); define('_SESSIONID',''); } return false; - } else { $lr = db_connect('login', array('fv' => 'validUser')); if ($lr === false) die('A keretrendeszer adatbázisa nem érhető el! (validUser)'); // ha nem tudta beállítani a sütit, akkor az $_sc üres lesz így a dt feltétel 1970-01-01, ami nem gond. -// pwHash -// list($_sessionDt,$_sessionCookie) = sessionCookieDecode($sessionID); list($_sessionDt,$_sessionCookie,$_sessionPwHash) = sessionCookieDecode($sessionID); -// pwHash -// $query = "SELECT userAccount, userCn, studyId, decode(userPassword, '"._MYSQL_ENCODE_STR."'), skin, lang, activity, dt -// FROM session WHERE sessionID='%s' AND policy='%s'"; $query = "SELECT userAccount, userCn, studyId, aes_decrypt(userPassword, '%s'), skin, lang, activity, dt FROM session WHERE sessionID='%s' AND policy='%s'"; // [SECURITY-002] quickfix from marton.drotos@sztaki.hu @@ -116,12 +111,30 @@ function validUser($sessionID,$policy,$skin='',$lang='') { $query .= " AND sessionCookie='%s'"; $ret = db_query($query, array('fv' => 'validUser', 'modul' => 'login', 'result' => 'indexed', 'values' => array($_sessionPwHash, $sessionID, $policy, $_sessionCookie)), $lr); - $num = count($ret); + $sessionMode = 1; + + // ha nincs találat, nézzük meg, van-e a kliensnek hosszú lejáratú tokenje, kivéve, ha ... + if ($num !== 1 && $page!='password') { + $MAYORAPIAUTH = mayorApiAuth(); + if ($MAYORAPIAUTH['valid'] === true) { + global $sessionMode; + $sessionMode = 2; + // reauth AS: + $toPolicy = $MAYORAPIAUTH['policy']; + $userAccount = $MAYORAPIAUTH['userAccount']; + $userCn = $MAYORAPIAUTH['userCn']; + $studyId = $MAYORAPIAUTH['studyId']; + $userPassword = ''; + $lang = _DEFAULT_LANG; + } else { + unsetTokenCookies(); + } + } // --token vizsgálat vége + if ($num == 1) { - list($userAccount, $userCn, $studyId, $userPassword, $savedSkin, $lang, $activity, $dt) = array_values($ret[0]); - /* PDA */ + if ($sessionMode == 1) list($userAccount, $userCn, $studyId, $userPassword, $savedSkin, $lang, $activity, $dt) = array_values($ret[0]); global $SKINS; if (_USER_AGENT!=='ppc' && @in_array($savedSkin,$SKINS) ) $skin=$savedSkin; if ($policy == _POLICY) { @@ -133,7 +146,8 @@ function validUser($sessionID,$policy,$skin='',$lang='') { define('_LANG',$lang); define('_SESSIONID',$sessionID); } - // Aktivitás figyelése! + + // Aktivitás figyelése! // hopp, nem biztos, hogy van session! $query = "UPDATE session SET activity = NOW() WHERE sessionID = '%s'"; db_query($query, array('fv' => 'validUser', 'modul' => 'login', 'values' => array($sessionID)), $lr); db_close($lr); @@ -247,7 +261,10 @@ function validUser($sessionID,$policy,$skin='',$lang='') { unset($_POST['action']); unset($action); } - } else { // klasszikus ellenőrzés, fallback // TODO BEGIN DEPRECATED BLOCK + } else { // klasszikus ellenőrzés, fallback + echo 'FATAL ERROR 696'; + die(); + /* // $_JSON['result'] = false; // ITT gátolhatjuk a működést if ($_COOKIE[__SALTNAME]=='') { // a session átállásig - ez semmitől nem véd, adott nevű sütit generálni bárki tud $_SESSION['alert'][] = 'message:not_valid_form:no cookie'.$_SESSION[__SALTNAME]; @@ -264,13 +281,17 @@ function validUser($sessionID,$policy,$skin='',$lang='') { unset($_POST['action']); unset($action); } + */ } // END DEPRECATED BLOCK } // eredeti post kezelés + ETAG prevent cache if (($_SERVER['HTTPS']!=='on') || (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']!='' && substr($_SERVER['HTTP_REFERER'],4,1)!=='s')) $_ssl = false; else $_ssl=true; - if (@setcookie(__SALTNAME,__SALTVALUE,time()+60*60*_SESSION_MAX_IDLE_TIME,'/','',$_ssl, true) == false) { - $_SESSION['alert'][] = 'message:no_cookie:unabletoset'; - } + +//4400 if (@setcookie('xxxDEPRECATEDxxx_'.__SALTNAME,__SALTVALUE,time()+60*60*_SESSION_MAX_IDLE_TIME,'/','',$_ssl, true) == false) { +//4400 $_SESSION['alert'][] = 'message:no_cookie:unabletoset'; +//4400 } + + /* /XSRF2 previous revision: r4138 */ // betöltjük az össes config-ot... (lásd még widgets) diff --git a/mayor-orig/www/include/modules/auth/base/token.php b/mayor-orig/www/include/modules/auth/base/token.php new file mode 100644 index 00000000..72cbcffb --- /dev/null +++ b/mayor-orig/www/include/modules/auth/base/token.php @@ -0,0 +1,116 @@ +=0) { + $selector = bin2hex(openssl_random_pseudo_bytes(8)); + $token = openssl_random_pseudo_bytes(32); + } elseif (version_compare(PHP_VERSION,'7.0.0')>=0) { + $selector = bin2hex(random_bytes(8)); + $token = random_bytes(32); + } else { + return false; // nem támogatjuk + } + + if (isset($_COOKIE['t_selector'])===true && isset($_COOKIE['t_validator'])===true) return true; // már van selector/validator elmentve + + $lr = db_connect('login'); + db_start_trans($lr); + + $q = "DELETE FROM authToken WHERE expires <= NOW() - INTERVAL 10 DAY"; + db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete'),$lr); + + $q = "INSERT INTO authToken (policy, userAccount, + userCn, studyId, + selector, token, expires, activity, ipAddress) VALUES ('%s', '%s', '%s', '%s', '%s','%s',NOW() + INTERVAL 30 DAY,NOW(),'%s')"; + $v = array($accountData['policy'], $accountData['userAccount'], + $accountData['userCn'], $accountData['studyId'], + $selector, + hash('sha256', $token), + CLIENTIPADDRESS + ); + $Id = db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'insert', 'values'=>$v),$lr); + db_commit($lr); + db_close($lr); + + if ($Id !== false) { + setcookie('t_selector',$selector,time()+604800*5,'/','',TRUE,TRUE); + setcookie('t_validator',bin2hex($token),time()+604800*5,'/','',TRUE,TRUE); + $_SESSION['mayorapiauth'] = true; + return true; + } else { + return false; + } + } + + function unsetTokenCookies() { // + MS_* + $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null)); + if ($selector!='') { + $q = "DELETE FROM authToken WHERE selector='%s'"; + $values = array($selector); + db_query($q, array('debug'=>false,'fv' => 'na', 'modul'=>'login', 'result'=>'delete', 'values'=>$values),$lr); + } + setcookie('t_selector','',time() - 3600,'/','',TRUE,TRUE); + setcookie('t_validator','',time() - 3600,'/','',TRUE,TRUE); + if (is_array($_COOKIE)) { + foreach($_COOKIE as $key => $value) { + if (substr($key,0,3) == 'MS_') { + setcookie($key,'',time() - 3600,'/','',TRUE,TRUE); + } + } + } + $_SESSION['mayorapiauth'] = false; + } + + function mayorApiAuth() { + + // $MAYORAPIDATA tömb feltöltése + $selector = readVariable($_COOKIE['t_selector'], 'string', readVariable($_GET['t_selector'], 'hexa', null)); + $validator = readVariable($_COOKIE['t_validator'], 'string', readVariable($_GET['t_validator'], 'hexa', null)); + if ($selector!='' && $validator!='') { + $q = "SELECT * FROM authToken WHERE selector = '%s' AND expires >= NOW()"; + $r = db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'record','values'=>array($selector))); + } + if (is_array($r)) { + $calc = hash('sha256', hex2bin($validator)); + if (hash_equals($calc, $r['token'])) { // valid token + global $sessionMode; + $sessionMode = 2; + // reauth AS: + $toPolicy = $r['policy']; + $userAccount = $r['userAccount']; + $userCn = $r['userCn']; + $studyId = $r['studyId']; + $userPassword = ''; // ??? + $lang = _DEFAULT_LANG; + $data = $r; + $_SESSION['mayorapiauth'] = true; + $q = "UPDATE authToken SET activity=NOW(), ipAddress='%s' WHERE selector = '%s'"; + $v = array(CLIENTIPADDRESS,$selector); + db_query($q, array('fv'=>'rights/xltoken','modul'=>'login','result'=>'update','values'=>$v)); + return array('userAccount'=>$data['userAccount'],'toPolicy'=>$data['policy'],'studyId'=>$data['studyId'],'userCn'=>$data['userCn'],'valid'=>true); + } else { + unsetTokenCookies(); + } + } else { + unsetTokenCookies(); + } + return false; + } + + function getMyActivity() { + $q = "SELECT ipAddress,activity FROM authToken WHERE userAccount ='%s' AND policy='%s'"; + $v = array(_USERACCOUNT,_POLICY); + return db_query($q, array('fv'=>'rights/getMyActivity','modul'=>'login','result'=>'indexed','values'=>$v)); + } + + function revokeTokens() { + unsetTokenCookies(); + $q = "DELETE FROM authToken WHERE userAccount ='%s' AND policy='%s'"; + $v = array(_USERACCOUNT,_POLICY); + return db_query($q, array('fv'=>'rights/revokeTokens','modul'=>'login','result'=>'delete','values'=>$v)); + } + +?> diff --git a/mayor-orig/www/include/modules/portal/share/hirek.php b/mayor-orig/www/include/modules/portal/share/hirek.php index f9a64f62..5aa3bdc9 100644 --- a/mayor-orig/www/include/modules/portal/share/hirek.php +++ b/mayor-orig/www/include/modules/portal/share/hirek.php @@ -14,6 +14,7 @@ } function getHirek($SET = array('all'=>true,'tolDt'=>'', 'igDt'=>'', 'id' => '', 'flag'=>array(), 'class'=>array(), 'cid'=>array(), 'limit'=>'', 'lang'=>'hu_HU') ) { + $tolDt = $SET['tolDt']; $igDt = $SET['igDt']; if ($tolDt!='') $W[] = "kdt<='$tolDt'"; if ($igDt!='') $W[] = "vdt>='$igDt'"; diff --git a/mayor-orig/www/include/modules/session/accountInfo.php b/mayor-orig/www/include/modules/session/accountInfo.php index b670312f..b14a8edb 100644 --- a/mayor-orig/www/include/modules/session/accountInfo.php +++ b/mayor-orig/www/include/modules/session/accountInfo.php @@ -56,6 +56,22 @@ } + function createEduroamSettings($ADAT) { + + $q = "INSERT INTO eduroam (userAccount,policy,eduroamUID,eduroamPASSWORD,eduroamAFFILIATION,eduroamDOMAIN) + VALUES ('%s','%s','%s','%s','%s','%s')"; + $values = array( + $ADAT['userAccount'], + $ADAT['policy'], + $ADAT['eduroamUID'], + $ADAT['eduroamPASSWORD'], + $ADAT['eduroamAFFILIATION'], + $ADAT['eduroamDOMAIN'], + ); + $res = db_query($q, array('modul'=>'login','values'=>$values)); + return $res; + } + function getEduroamSettings($userAccount,$toPolicy,$ADAT) { $res = false; diff --git a/mayor-orig/www/include/share/auth/base.php b/mayor-orig/www/include/share/auth/base.php index 9b4fa21a..8ff27f5e 100644 --- a/mayor-orig/www/include/share/auth/base.php +++ b/mayor-orig/www/include/share/auth/base.php @@ -93,7 +93,7 @@ db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'values' => array($sessionID, $policy)), $lr); } $now = date('Y-m-d H:i:s'); - $_SC = sessionCookieEncode($sessionID, $now); + $_SC = sessionCookieEncode($sessionID, $now); // TODO $_studyId = ($studyId=='') ? 'NULL' : $studyId; if ($studyId=='') { $query="INSERT INTO session @@ -109,9 +109,7 @@ db_query($query, array('fv' => 'newSession', 'modul' => 'login', 'values' => $v), $lr); db_close($lr); - // Megjegyzés: a sessionID elhashelése nem jelent semmiféle védelmet, így tökéletesen megfelelő az md5 is - // értékénél viszont a $now alkalmazása tökéletesen hibás, hiszen a lejárati dátumból 1:1-ben reprodukálható - + // Megjegyzés: a sessionID elhashelése nem jelent semmiféle védelmet, így tökéletesen megfelelő a gyenge hash is, de now alkalmazása hibás setcookie($_SC['name'],$_SC['value'],time()+60*60*_SESSION_MAX_TIME,'/','',_SECURECOOKIE); return $sessionID; diff --git a/mayor-orig/www/include/share/session/base.php b/mayor-orig/www/include/share/session/base.php index 706a9ef9..337c72df 100644 --- a/mayor-orig/www/include/share/session/base.php +++ b/mayor-orig/www/include/share/session/base.php @@ -115,9 +115,11 @@ db_query($q, array('fv' => 'cache', 'modul' => 'login', 'result' => 'indexed', 'values'=>$v)); } - - - + function _clearSessionCache($sessionID) { + $q = "DELETE FROM `cache` WHERE sessionID IN ('%s','%s')"; + $v = array(_SESSIONID,$sessionID); + db_query($q, array('debug'=>false,'fv' => 'cache', 'modul' => 'login', 'result' => 'indexed', 'values'=>$v)); + } ###################################################### # getBackendAttrs - az adott policy backend-jéhez tartozó attribútumok - session modul diff --git a/mayor-orig/www/include/share/session/close.php b/mayor-orig/www/include/share/session/close.php index 146a038e..2c321ef0 100644 --- a/mayor-orig/www/include/share/session/close.php +++ b/mayor-orig/www/include/share/session/close.php @@ -30,6 +30,8 @@ function closeSession($sessionID = '') { // _SESSIONID csak validUser esetén van, de mi lehet, hogy másik policy-ből jöttünk! if ($sessionID == '') $sessionID = $_REQUEST['sessionID']; + _clearSessionCache($sessionID); + unsetTokenCookies(); $q = "DELETE FROM session WHERE sessionID='%s'"; return db_query($q, array('fv' => 'closeSession', 'modul' => 'login', 'result' => 'affected rows', 'values' => array($sessionID))); } diff --git a/mayor-orig/www/policy/private/naplo/intezmeny/terem-pre.php b/mayor-orig/www/policy/private/naplo/intezmeny/terem-pre.php index 2fc6e2de..3afa9ce2 100644 --- a/mayor-orig/www/policy/private/naplo/intezmeny/terem-pre.php +++ b/mayor-orig/www/policy/private/naplo/intezmeny/terem-pre.php @@ -37,6 +37,9 @@ $ADAT['teremAdat'] = getTermek(array('result' => 'assoc', 'keyfield' => 'teremId', 'telephelyId' => $telephelyId)); $TOOL['telephelySelect'] = array('tipus'=>'cella','paramName' => 'telephelyId', 'post' => array('tanev')); + if ($ADAT['teremId']!='' || $ADAT['teremId']!='') { + $TOOL['vissza']['icon'] = 'arrow-left'; + } getToolParameters(); } ?> diff --git a/mayor-orig/www/policy/private/naplo/intezmeny/terem.php b/mayor-orig/www/policy/private/naplo/intezmeny/terem.php index f36fb11b..207141cb 100644 --- a/mayor-orig/www/policy/private/naplo/intezmeny/terem.php +++ b/mayor-orig/www/policy/private/naplo/intezmeny/terem.php @@ -8,6 +8,6 @@ putTeremForm($ADAT); } else { putTeremLista($ADAT); -//NEM TESZTELT! putTeremForm($ADAT); + putTeremForm($ADAT); } ?> diff --git a/mayor-orig/www/policy/private/portal/hirek/hirek-pre.php b/mayor-orig/www/policy/private/portal/hirek/hirek-pre.php index 247d10d9..db6e321f 100644 --- a/mayor-orig/www/policy/private/portal/hirek/hirek-pre.php +++ b/mayor-orig/www/policy/private/portal/hirek/hirek-pre.php @@ -1,7 +1,8 @@ date('Y-m-d'), 'igDt'=>date('Y-m-d'),'flag'=>array(1))); + $FILTER=array('tolDt'=>date('Y-m-d H:i:s'), 'igDt'=>date('Y-m-d H:i:s'),'flag'=>array(1),'class'=>array(1,6)); + $ADAT['hirek'] = getHirek($FILTER); ?> diff --git a/mayor-orig/www/policy/private/portal/portal/portal-pre.php b/mayor-orig/www/policy/private/portal/portal/portal-pre.php index 2f8d7772..dc4e79d5 100644 --- a/mayor-orig/www/policy/private/portal/portal/portal-pre.php +++ b/mayor-orig/www/policy/private/portal/portal/portal-pre.php @@ -5,9 +5,15 @@ require_once('include/modules/portal/share/kerdoiv.php'); require_once('include/modules/session/groupInfo.php'); - $ADAT['hirek'] = getHirek(array('tolDt'=>date('Y-m-d H:i:s'), 'igDt'=>date('Y-m-d H:i:s'),'flag'=>array(1),'class'=>array(6),'csoport'=>$AUTH['my']['categories'])); + $ADAT['hirek'] = getHirek(array('cid'=>array(0),'tolDt'=>date('Y-m-d H:i:s'), 'igDt'=>date('Y-m-d H:i:s'),'flag'=>array(1),'class'=>array(1,6),'csoport'=>$AUTH['my']['categories'])); $ADAT['kerdoiv'] = getKerdoiv(_POLICY); + $ev=date('Y');$honap=date('m');$nap=date('d'); + if ($ev % 4 ==0) {if ($ev % 100 !==0) {$szokoev=true;} else {if ($ev % 400==0) {$szokoev=true;}}} else {$szokoev=false;} + if (!$szokoev && $honap==2 && $nap>=24) {$nap=$nap+1;} + $ADAT['nevnap']['ma'] = getNevnap($honap,$nap); + $ADAT['nevnap']['holnap'] = getNevnap($honap,$nap+1); + if (in_array($AUTH[_POLICY]['backend'],array('mysql','ads')) && _POLICY=='private') { $ADAT['hirekAdmin'] = getGroupInfo('hirekadmin','private',array('withNewAccounts' => false)); $ADAT['vezetoseg'] = getGroupInfo('vezetoseg','private',array('withNewAccounts' => false)); diff --git a/mayor-orig/www/policy/private/session/accountInfo-pre.php b/mayor-orig/www/policy/private/session/accountInfo-pre.php index 226ecd26..9b54adf5 100644 --- a/mayor-orig/www/policy/private/session/accountInfo-pre.php +++ b/mayor-orig/www/policy/private/session/accountInfo-pre.php @@ -34,21 +34,40 @@ changeAccountInfo($userAccount, $toPolicy); + } elseif ($action=='tokenLogout') { + + revokeTokens(); + } elseif ($action=='userSettingsModify') { $changeSkinTo = readVariable($_POST['changeSkinTo'],'enum',null,$SKINSSHOW); setUserSettings($userAccount, $toPolicy, array('skin'=>$changeSkinTo)); } elseif ($action=='generateEduroamId') { - + $eduroamDOMAIN = readVariable($_POST['eduroamDOMAIN'],'enum',null,$eduroamDOMAINS); + $eduroamPASSWORD = @exec('pwgen'); + if (__TANAR===true) { + $eduroamAFFILIATION = 'faculty'; + } elseif (__DIAK===true) { + $eduroamAFFILIATION = 'student'; + } else { + $eduroamAFFILIATION = 'staff'; + } + createEduroamSettings(array('userAccount'=>$userAccount,'policy'=> $toPolicy, + 'eduroamUID' => $userAccount, + 'eduroamDOMAIN'=>$eduroamDOMAIN, + 'eduroamAFFILIATION'=>$eduroamAFFILIATION, + 'eduroamPASSWORD'=>$eduroamPASSWORD)); } elseif ($action=='modoifyEduroamId') { - + } $userInfo = getUserInfo($userAccount, $toPolicy); // keretrendszer attribútumai $accountInfo = getAccountInfo($userAccount, $toPolicy); // backend attribútumai $ADAT = getUserSettings($userAccount, $toPolicy); + $ADAT['activity'] = getMyActivity(); + if ($toPolicy=='private' && _POLICY ==='private') { $ADAT['eduroamAdat'] = getEduroamSettings($userAccount, $toPolicy); // dump($ADAT); diff --git a/mayor-orig/www/policy/private/session/accountInfo.php b/mayor-orig/www/policy/private/session/accountInfo.php index e072907b..66642ef3 100644 --- a/mayor-orig/www/policy/private/session/accountInfo.php +++ b/mayor-orig/www/policy/private/session/accountInfo.php @@ -12,6 +12,8 @@ putEduroamForm($ADAT); + putAccountActivityForm($ADAT); + putAccountInfoForm($userInfo, $accountInfo, $backendAttrDef, $toPolicy); ?> diff --git a/mayor-orig/www/policy/private/session/eduroam-pre.php b/mayor-orig/www/policy/private/session/eduroam-pre.php new file mode 100644 index 00000000..40a406cd --- /dev/null +++ b/mayor-orig/www/policy/private/session/eduroam-pre.php @@ -0,0 +1,5 @@ + \ No newline at end of file diff --git a/mayor-orig/www/policy/private/session/eduroam.php b/mayor-orig/www/policy/private/session/eduroam.php new file mode 100644 index 00000000..e69de29b diff --git a/mayor-orig/www/policy/private/session/search/searchAccount-pre.php b/mayor-orig/www/policy/private/session/search/searchAccount-pre.php index 2108f631..1ef93e95 100644 --- a/mayor-orig/www/policy/private/session/search/searchAccount-pre.php +++ b/mayor-orig/www/policy/private/session/search/searchAccount-pre.php @@ -25,4 +25,5 @@ echo $action; } + ?> diff --git a/mayor-orig/www/policy/private/session/search/searchAccount.php b/mayor-orig/www/policy/private/session/search/searchAccount.php index 8cfe1d75..727706ee 100644 --- a/mayor-orig/www/policy/private/session/search/searchAccount.php +++ b/mayor-orig/www/policy/private/session/search/searchAccount.php @@ -5,7 +5,7 @@ if (_RIGHTS_OK !== true) die(); - global $attr, $pattern, $searchResult, $searchAttrList, $toPolicy; + global $attr, $pattern, $searchResult, $searchAttrList, $toPolicy, $ADAT; putSearchAccountForm($attr, $pattern, $searchAttrList, $toPolicy); diff --git a/mayor-orig/www/policy/public/password/changeMyPassword-pre.php b/mayor-orig/www/policy/public/password/changeMyPassword-pre.php index f7c68879..e9ef2f3c 100644 --- a/mayor-orig/www/policy/public/password/changeMyPassword-pre.php +++ b/mayor-orig/www/policy/public/password/changeMyPassword-pre.php @@ -2,6 +2,9 @@ if (_RIGHTS_OK !== true) die(); + _clearSessionCache($sessionID); + unsetTokenCookies(); // ha valaki ide tévedne, visszavonjuk a Tokenjét és a cache-t is vissza kell + $toPolicy = readVariable($_REQUEST['toPolicy'], 'enum', 'private', $POLICIES); $userAccount = readVariable($_REQUEST['userAccount'], 'emptystringnull', (defined('_USERACCOUNT'))?_USERACCOUNT:null); diff --git a/mayor-orig/www/policy/public/portal/portal/portal-pre.php b/mayor-orig/www/policy/public/portal/portal/portal-pre.php index 7ef3ebca..d02f5484 100644 --- a/mayor-orig/www/policy/public/portal/portal/portal-pre.php +++ b/mayor-orig/www/policy/public/portal/portal/portal-pre.php @@ -4,25 +4,9 @@ require_once('include/modules/portal/share/nevnap.php'); require_once('include/modules/portal/share/kerdoiv.php'); - $ev=date('Y'); - $honap=date('m'); - $nap=date('d'); - - if ($ev % 4 ==0) { - if ($ev % 100 !==0) { - $szokoev=true; - } else { - if ($ev % 400==0) { - $szokoev=true; - } - } - } else { - $szokoev=false; - } - - if (!$szokoev && $honap==2 && $nap>=24) { - $nap=$nap+1; - } + $ev=date('Y');$honap=date('m');$nap=date('d'); + if ($ev % 4 ==0) {if ($ev % 100 !==0) {$szokoev=true;} else {if ($ev % 400==0) {$szokoev=true;}}} else {$szokoev=false;} + if (!$szokoev && $honap==2 && $nap>=24) {$nap=$nap+1;} $ADAT['nevnap']['ma'] = getNevnap($honap,$nap); $ADAT['nevnap']['holnap'] = getNevnap($honap,$nap+1); diff --git a/mayor-orig/www/policy/public/session/logout-pre.php b/mayor-orig/www/policy/public/session/logout-pre.php index ac344fee..013be18c 100644 --- a/mayor-orig/www/policy/public/session/logout-pre.php +++ b/mayor-orig/www/policy/public/session/logout-pre.php @@ -21,6 +21,7 @@ session_destroy(); session_write_close(); setcookie(session_name(),'',0,'/'); + setcookie($sessionID,'',0,'/'); session_regenerate_id(true); header('Location: index.php'); } diff --git a/mayor-orig/www/skin/classic/base/css/base.css b/mayor-orig/www/skin/classic/base/css/base.css index c384dd76..a550588b 100644 --- a/mayor-orig/www/skin/classic/base/css/base.css +++ b/mayor-orig/www/skin/classic/base/css/base.css @@ -185,7 +185,7 @@ #settings { width: 100%; margin-top: 5px; position:relative; right: 0px; - background: #eeeeee; + background: #eee; border-width: 0px 1px 1px 1px; border-style: solid; border-color: rgb(230,230,230); diff --git a/mayor-orig/www/skin/classic/base/html/base.phtml b/mayor-orig/www/skin/classic/base/html/base.phtml index 82f1c181..5ae07424 100644 --- a/mayor-orig/www/skin/classic/base/html/base.phtml +++ b/mayor-orig/www/skin/classic/base/html/base.phtml @@ -352,7 +352,7 @@ function html_mayor_head($sessionID,$page,$sub,$f,$lang,$MENU,$skin = _DEFAULT_S //echo $loginout_img; //echo ''; echo ' '; - echo '