hostname = "https://" . API_HOST_NAME . ":" . API_HESTIA_PORT . "/api/"; $this->key = API_KEY; $this->pma_key = PHPMYADMIN_KEY; } /* Creates curl request */ public function request($postvars) { $postdata = http_build_query($postvars); $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $this->hostname); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_POSTFIELDS, $postdata); $answer = curl_exec($curl); return $answer; } /* Creates an new temp user in mysql */ public function create_temp_user($database, $user, $host) { $post_request = [ "hash" => $this->key, "returncode" => "no", "cmd" => "v-add-database-temp-user", "arg1" => $user, "arg2" => $database, "arg3" => "mysql", "arg4" => $host, ]; $request = $this->request($post_request); $json = json_decode($request); if (json_last_error() == JSON_ERROR_NONE) { return $json; } else { trigger_error("Unable to connect over API please check api connection", E_USER_WARNING); return false; } } /* Delete an new temp user in mysql */ public function delete_temp_user($database, $user, $dbuser, $host) { $post_request = [ "hash" => $this->key, "returncode" => "yes", "cmd" => "v-delete-database-temp-user", "arg1" => $user, "arg2" => $database, "arg3" => $dbuser, "arg4" => "mysql", "arg5" => $host, ]; $request = $this->request($post_request); if (is_numeric($request) && $request == 0) { return true; } else { return false; } } public function get_user_ip() { // Saving user IPs to the session for preventing session hijacking $user_combined_ip = []; if ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) { $user_combined_ip[] = $_SERVER["REMOTE_ADDR"]; } if (isset($_SERVER["HTTP_CLIENT_IP"])) { $user_combined_ip .= "|" . $_SERVER["HTTP_CLIENT_IP"]; } if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { if ($_SERVER["REMOTE_ADDR"] != $_SERVER["HTTP_X_FORWARDED_FOR"]) { $user_combined_ip[] = $_SERVER["HTTP_X_FORWARDED_FOR"]; } } if (isset($_SERVER["HTTP_FORWARDED_FOR"])) { if ($_SERVER["REMOTE_ADDR"] != $_SERVER["HTTP_FORWARDED_FOR"]) { $user_combined_ip[] = $_SERVER["HTTP_FORWARDED_FOR"]; } } if (isset($_SERVER["HTTP_X_FORWARDED"])) { if ($_SERVER["REMOTE_ADDR"] != $_SERVER["HTTP_X_FORWARDED"]) { $user_combined_ip[] = $_SERVER["HTTP_X_FORWARDED"]; } } if (isset($_SERVER["HTTP_FORWARDED"])) { if ($_SERVER["REMOTE_ADDR"] != $_SERVER["HTTP_FORWARDED"]) { $user_combined_ip[] = "|" . $_SERVER["HTTP_FORWARDED"]; } } if (isset($_SERVER["HTTP_CF_CONNECTING_IP"])) { if (!empty($_SERVER["HTTP_CF_CONNECTING_IP"])) { $user_combined_ip[] = $_SERVER["HTTP_CF_CONNECTING_IP"]; } } return implode("|", $user_combined_ip); } } function verify_token($database, $user, $ip, $time, $token) { if (!password_verify($database . $user . $ip . $time . PHPMYADMIN_KEY, $token)) { if ( !password_verify( $database . $user . $_SERVER["SERVER_ADDR"] . "|" . $ip . $time . PHPMYADMIN_KEY, $token, ) ) { trigger_error( "Access denied: There is a security token mismatch " . $time, E_USER_WARNING, ); session_invalid(); } } return; } /* Need to have cookie visible from parent directory */ session_set_cookie_params(0, "/", "", true, true); /* Create signon session */ $session_name = "SignonSession"; session_name($session_name); @session_start(); function session_invalid() { global $session_name; //delete all current sessions session_destroy(); setcookie($session_name, null, -1, "/"); header("Location: " . dirname($_SERVER["PHP_SELF"]) . "/index.php"); die(); } $api = new Hestia_API(); if (!empty($_GET)) { if (isset($_GET["logout"])) { $api->delete_temp_user( $_SESSION["HESTIA_sso_database"], $_SESSION["HESTIA_sso_user"], $_SESSION["PMA_single_signon_user"], $_SESSION["HESTIA_sso_host"], ); //remove session session_invalid(); } else { if (isset($_GET["user"]) && isset($_GET["hestia_token"])) { $database = $_GET["database"]; $user = $_GET["user"]; $host = "localhost"; $token = $_GET["hestia_token"]; if (is_numeric($_GET["exp"])) { $time = $_GET["exp"]; } else { $time = 0; } if ($time + 60 > time()) { //note: Possible issues with cloudflare due to ip obfuscation $ip = $api->get_user_ip(); verify_token($database, $user, $ip, $time, $token); $id = session_id(); //create a new temp user $data = $api->create_temp_user($database, $user, $host); if ($data) { $_SESSION["PMA_single_signon_user"] = $data->login->user; $_SESSION["PMA_single_signon_password"] = $data->login->password; $_SESSION["PMA_single_signon_host"] = $host; //save database / username to be used for sending logout notification. $_SESSION["HESTIA_sso_user"] = $user; $_SESSION["HESTIA_sso_database"] = $database; $_SESSION["HESTIA_sso_host"] = $host; @session_write_close(); setcookie($session_name, $id, 0, "/"); header("Location: " . dirname($_SERVER["PHP_SELF"]) . "/index.php"); die(); } else { session_invalid(); } } else { trigger_error( "Link has been expired: System time: " . time() . " / Time provided in link: " . $time, E_USER_WARNING, ); session_invalid(); } } } } else { session_invalid(); }