fix: DOMPDF related security bugs, language control system and sessio…

…n handling (#152)

* Uniformed files (644) and dirs (755) permissions.

* Replaced old DOMPDF 0.5.1 with 0.6.2 to address some severe security issue.

* Improved language control system

* improved session handling and login/logout for the operator(s)

* Improved session handling and login/logout for users

* fixed missing update after login of the lastlogin time for the operator

* refreshed operator login page look

* refreshed user login page look and fixed some CSS issue

* uniformed version numbers in conf and sample.conf files

* fix: update version

Co-authored-by: Filippo Lauria <[email protected]>
Co-authored-by: root <[email protected]>
Co-authored-by: Liran Tal <[email protected]>

css/style.css

@@ -0,0 +1,95 @@
+#main {
+    width: 100%;
+    padding: 5px;
+    margin: 5px;
+}
+
+.form-header {
+    color: #79B933;
+    font: 105% sans-serif;
+    font-weight: bold;
+    margin: 50px auto 0;
+    display: block;
+    text-align: center;
+}
+
+.text-title {
+    color: black;
+    font: 95% sans-serif;
+    font-weight: bold;
+    margin: 0;
+}
+
+.error-title {
+    color: #FF8040;
+}
+
+.success-title {
+    color: #79B933;
+}
+
+.form-box {
+    width: 400px;
+    margin: 0 auto;
+    padding: 10px;
+    border: 1px solid black;
+    background: #333;
+    color: #7f7f7f;
+    border-radius: 5px;
+}
+
+.form-caption {
+    display: block;
+    margin: 2px auto;
+    text-align: center;
+}
+
+#inner-box {
+    width: 600px;
+    margin: 20px auto;
+    border: 1px solid #e0e0e0;
+    border-radius: 5px;
+    background-color: #f2f2f2;
+    padding: 20px;
+}
+
+hr.inner-separator {
+    border-top: 1px solid #e0e0e0;
+    margin: 10px auto;
+}
+
+.form-input {
+    font: 100% sans-serif;
+    width: 100%;
+    padding: 12px 20px;
+    margin: 8px 0;
+    display: inline-block;
+    border: 1px solid #222222;
+    color: white;
+    background: #2c2c2c;
+    border-radius: 4px;
+    box-sizing: border-box;
+}
+
+.form-input:focus {
+    font: 100% sans-serif;
+    background: #4d4d4d;
+}
+
+.form-submit {
+    font: 100% sans-serif;
+    width: 100%;
+    border: 1px solid #222222;
+    color: white;
+    background: #1f1f1f;
+    padding: 14px 20px;
+    margin: 8px 0;
+    border: none;
+    border-radius: 4px;
+    cursor: pointer;
+}
+
+.form-submit:hover {
+    font: 100% sans-serif;
+    background-color: #79B933;
+}

daloradius-users/dologin.php

@@ -1,6 +1,6 @@
 <?php
 /*
- *********************************************************************************************************
+ *******************************************************************************
  * daloRADIUS - RADIUS Web Platform
  * Copyright (C) 2007 - Liran Tal <[email protected]> All Rights Reserved.
  *
@@ -13,63 +13,51 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
- *********************************************************************************************************
+ *******************************************************************************
  * Description:
- * 		performs the logging-in authorization. First creates a random session_id to be assigned to this session and then
- *		validates the operators credentials in the database
+ * 		performs the logging-in authorization. First creates a random
+ *      session_id to be assigned to this session and then validates the
+ *      operators credentials in the database
  *
  * Authors:	Liran Tal <[email protected]>
  *
- *********************************************************************************************************
+ *******************************************************************************
  */
 
-// first we create a random session key
-$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];							// get client ip address
-srand((double)microtime()*1000000 );							// initialize random seed
-$rand = rand(1,9);												// generate a random number between 1 to 9
-$session_id = $rand.substr(md5($REMOTE_ADDR), 0, 11+$rand);		/* append the random number to the beginning
-of the session_id string followed by a substring of the md5 ip address hash with a dynamic length of anything between 11 to 16 digits (the max length of
-the md5 hash) */
-$session_id .= substr(md5(rand(1,1000000)), rand(1,32-$rand), 21-$rand);	// further add a dynamic length digits to 
-																		// to the session_id string composed of the
-																		// md5 hash for random number
-session_id($session_id);							// apply the session_id that we created
-session_start();									// initiate the session
+include('library/sessions.php');
+
+dalo_session_start();
+dalo_session_regenerate_id();
 
 $errorMessage = '';
-include 'library/opendb.php';
+include('library/opendb.php');
 
 $login_user = $_POST['login_user'];
 $login_pass = $_POST['login_pass'];
 
-// check if the user id and password combination exist in database
-$sql = "SELECT ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].".UserName FROM ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].
-		" WHERE UserName = '".
-		$dbSocket->escapeSimple($login_user)."' AND ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].".portalloginpassword = '".
-		$dbSocket->escapeSimple($login_pass)."'"." AND ".$configValues['CONFIG_DB_TBL_DALOUSERINFO'].".enableportallogin = 1";
+$sqlFormat = "select * from %s where username='%s' "
+    . "and portalloginpassword='%s' and enableportallogin=1";
+$sql = sprintf($sqlFormat,
+    $configValues['CONFIG_DB_TBL_DALOUSERINFO'], 
+    $dbSocket->escapeSimple($login_user),
+    $dbSocket->escapeSimple($login_pass));
 $res = $dbSocket->query($sql);
 
-/*
-if (PEAR::isError($res)) {
-	die($res->getMessage() . ', ' . $res->getDebugInfo());
-}
-*/
+$numRows = $res->numRows();
+include('library/closedb.php');
 
-if ($res->numRows() == 1) {
-	// the user id and password match,
-	// set the session
-
-	$_SESSION['logged_in'] = true;
-	$_SESSION['login_user'] = $login_user;
+if ($numRows != 1) {
+    $_SESSION['logged_in'] = false;
+    $_SESSION['login_error'] = true;
+    header('Location: login.php');
+    exit;
+}
 
-	// after login we move to the main page
-	header('Location: index.php');
-	exit;
-} else {
-	header('Location: login.php?error=an error occured');
-	exit;
+if (array_key_exists('login_error', $_SESSION)) {
+    unset($_SESSION['login_error']);
 }
+$_SESSION['logged_in'] = true;
+$_SESSION['login_user'] = $login_user;
+header('Location: index.php');
 
-include 'library/closedb.php';
-
 ?>

daloradius-users/index.php

@@ -1,6 +1,6 @@
 <?php
 /*
- *********************************************************************************************************
+ *******************************************************************************
  * daloRADIUS - RADIUS Web Platform
  * Copyright (C) 2007 - Liran Tal <[email protected]> All Rights Reserved.
  *
@@ -13,54 +13,49 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
- *********************************************************************************************************
+ *******************************************************************************
  *
  * Authors:	Liran Tal <[email protected]>
  *
- *********************************************************************************************************
+ *******************************************************************************
  */
 
-    include ("library/checklogin.php");
-    $login = $_SESSION['login_user'];
+include ("library/checklogin.php");
+$login = $_SESSION['login_user'];
 
-    include ("menu-home.php");
+include ("menu-home.php");
 
-	include_once('library/config_read.php');
-    $log = "visited page: ";
-    include('include/config/logging.php');
+include_once('library/config_read.php');
+$log = "visited page: ";
+include('include/config/logging.php');
 
 ?>
 
 <script src="library/javascript/pages_common.js" type="text/javascript"></script>
 
-	<div id="contentnorightbar">
-
-		<h2 id="Intro"><a href="#"></a></h2>
-		<p>
+                <div id="contentnorightbar">
+                    <h2 id="Intro"><a href="#"></a></h2>
+                    <p>
 
 <?php
-	include 'library/exten-welcome_page.php';
+	include('library/exten-welcome_page.php');
 	include_once('include/management/userReports.php');
 	userPlanInformation($login, 1);
-	userSubscriptionAnalysis($login, 1);			// userSubscriptionAnalysis with argument set to 1 for drawing the table
-	userConnectionStatus($login, 1);			// userConnectionStatus (same as above)
+    // userSubscriptionAnalysis with argument set to 1 for drawing the table
+	userSubscriptionAnalysis($login, 1);
+    // userConnectionStatus (same as above)
+	userConnectionStatus($login, 1);
 ?>
-		</p>
-	</div>
+                    </p>
+                </div>
 
 
 
-		<div id="footer">
-
-<?php
-	include 'page-footer.php';
-?>
-
-		</div>
-
-</div>
-</div>
-
+                <div id="footer">
+                    <?php include('page-footer.php'); ?>
+                </div>
 
-</body>
+            </div>
+        </div>
+    </body>
 </html>

daloradius-users/lang/main.php

@@ -1,6 +1,6 @@
 <?php
 /*
- *********************************************************************************************************
+ *******************************************************************************
  * daloRADIUS - RADIUS Web Platform
  * Copyright (C) 2007 - Liran Tal <[email protected]> All Rights Reserved.
  *
@@ -13,56 +13,65 @@
  * along with this program; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
  *
- *********************************************************************************************************
+ *******************************************************************************
  *
  * Authors:	Liran Tal <[email protected]>
  *
- *********************************************************************************************************
+ *******************************************************************************
  */
+$langDir = dirname(__FILE__);
 
-	include_once('library/config_read.php');
+$langList = array_filter(scandir($langDir), function($fileName) {
+    global $langDir;
+
+    $skipList = array(
+        ".", "..", "main.php",
+        "ro.php" // FIXME ro.php is currently broken and needs a fix...
+    );
+
+    if (in_array($fileName, $skipList)) {
+        return false;
+    }
+
+    $ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
+    return !($ext == "php" and is_file("$langDir/$fileName"));
+});
 
-	switch($configValues['CONFIG_LANG']) {
+include_once("$langDir/../library/daloradius.conf.php");
+$langFile = $configValues["CONFIG_LANG"] . ".php";
 
-		case "en":
-			include (dirname(__FILE__)."/en.php");
-			break;
-		case "ru":
-			include (dirname(__FILE__)."/ru.php");
-			break;
-		case "ro":
-			include (dirname(__FILE__)."/ro.php");
-			break;
-		default:
-			include (dirname(__FILE__)."/en.php");
-			break;
-	}
+if (!in_array($langFile, $langList)) {
+    $langFile = "en.php"; // default language is english
+}
 
-	// Translation function
-	function t($a, $b = null, $c = null, $d = null)
-	{
-		global $l;
+// $langCode can be used in html tag elements like lang and/or xml:lang
+$langCode = str_replace("_", "-", pathinfo($langFile, PATHINFO_FILENAME));
+include("$langDir/$langFile");
 
-		$t = null;
+// Translation function
+function t($a, $b = null, $c = null, $d = null) {
+    global $l;
 
-		if($b === null) {
-			$t = isset($l[$a]) ? $l[$a] : null;
-		}
-		else if($c === null) {
-			$t = isset($l[$a][$b]) ? $l[$a][$b] : null;
-		}
-		else if($d === null) {
-			$t = isset($l[$a][$b][$c]) ? $l[$a][$b][$c] : null;
-		}
-		else {
-			$t = isset($l[$a][$b][$c][$d]) ? $l[$a][$b][$c][$d] : null;
-		}
+    $t = null;
 
-		if($t === null) {
-			$t = 'Lang Error!';
-		}
+    if($b === null) {
+        $t = isset($l[$a]) ? $l[$a] : null;
+    }
+    else if($c === null) {
+        $t = isset($l[$a][$b]) ? $l[$a][$b] : null;
+    }
+    else if($d === null) {
+        $t = isset($l[$a][$b][$c]) ? $l[$a][$b][$c] : null;
+    }
+    else {
+        $t = isset($l[$a][$b][$c][$d]) ? $l[$a][$b][$c][$d] : null;
+    }
 
-		return $t;
-	}
+    if($t === null) {
+        $t = "Lang Error!";
+    }
+
+    return $t;
+}
 
 ?>