docmd: Not logged in - cannot run command
"; return simplexml_load_string('xCAT submit request socket error: $errno - $errstr
"; } if(! $cleanexit){ if (preg_match('/^\s*(Error) xCAT response ended prematurely: ", htmlentities($response), "
"; $rsp = FALSE; } } return $rsp; } /** * Enable password storage to split between cookie and session variable * * @param $data * $key * @return */ function xorcrypt($data,$key) { $datalen = strlen($data); $keylen = strlen($key); for ($i=0;$i<$datalen;$i++) { $data[$i] = chr(ord($data[$i])^ord($key[$i])); } return $data; } /** * Get password * * @param Nothing * @return */ function getpassword() { if (isset($GLOBALS['xcatauthsecret'])) { $cryptext = $GLOBALS['xcatauthsecret']; } else if (isset($_COOKIE["xcatauthsecret"])) { $cryptext = $_COOKIE["xcatauthsecret"]; } else { return false; } return xorcrypt($_SESSION["secretkey"], base64_decode($cryptext)); } /** * Get the password splitting knowledge between server * and client side persistant storage. Caller should regenerate * session id when contemplating a new user/password, to preclude * session fixation, though fixation is limited without the secret. * * @param $password Password * @return Nothing */ function setpassword($password) { $randlen = strlen($password); $key = getrandchars($randlen); $cryptext = xorcrypt($password,$key); // Non-ascii characters, encode it in base64 $cryptext = base64_encode($cryptext); setcookie("xcatauthsecret",$cryptext,0,'/'); $GLOBALS["xcatauthsecret"] = $cryptext; $_SESSION["secretkey"] = $key; } /** * Get RAND characters. * * @param $length Length of characters * @return RAND characters */ function getrandchars($length) { $charset = '0123456789abcdefghijklmnopqrstuvwxyz!@#$%^&*'; $charsize = strlen($charset); srand(); $chars = ''; for ($i=0;$i<$length;$i++) { $num=rand()%$charsize; $chars=$chars.substr($charset,$num,1); } return $chars; } /** * Determine if a user/password session exists * * @param Nothing * @return True If user has a session. * False Otherwise */ function is_logged() { if (isset($_SESSION["username"]) and !is_bool(getpassword())) { return true; } else { return false; } } /** * Determine if a user is currently logged in successfully * * @param Nothing * @return True If the user is currently logged in successfully * False Otherwise */ function isAuthenticated() { if (is_logged()) { if ($_SESSION["xcatpassvalid"] != 1) { $testcred = docmd("authcheck", "", NULL); if (isset($testcred->{'xcatresponse'}->{'data'})) { $result = "".$testcred->{'xcatresponse'}->{'data'}; if (is_numeric(strpos("Authenticated",$result))) { // Logged in successfully $_SESSION["xcatpassvalid"] = 1; } else { // Not logged in $_SESSION["xcatpassvalid"] = 0; } } } } if (isset($_SESSION["xcatpassvalid"]) and $_SESSION["xcatpassvalid"]==1) { return true; } else { return false; } } /** * Log out of the current user session * * @param Nothing * @return Nothing */ function logout() { // Clear the secret cookie from browser if (isset($_COOKIE["xcatauthsecret"])) { setcookie("xcatauthsecret",'',time()-86400*7,'/'); } // Expire session cookie if (isset($_COOKIE[session_name()])) { setcookie(session_name(),"",time()-86400*7,"/"); } // Clear server store of data $_SESSION=array(); session_destroy(); } ?>