. */ /** * @brief Contains all the functions to manage the users groups security * and connexion to the application * * @file * @author Claire Figueras * @date $date$ * @version $Revision$ * @ingroup core */ /** * @brief contains all the functions to manage the users groups security * through session variables * *

Management of application connexion
Management of user rigths

* @ingroup core */ //Requires to launch history functions require_once 'core/class/class_history.php'; require_once 'core/class/SecurityControler.php'; require_once 'core/where_targets.php'; require_once 'core/class/users_controler.php'; if (isset($_SESSION['config'])) { require_once 'apps/' . $_SESSION['config']['app_id'] . '/class/class_business_app_tools.php'; } require_once 'core/class/usergroups_controler.php'; require_once 'core/class/ServiceControler.php'; //require_once('lib/FirePHP/Init.php'); class security extends dbquery { /** * Gets the indice of the collection in the $_SESSION['collections'] array * * @param $coll_id string Collection identifier * @return integer Indice of the collection in the $_SESSION['collections'] or -1 if not found */ public function get_ind_collection($coll_id) { for($i=0;$i< count($_SESSION['collections']); $i++) { if(trim($_SESSION['collections'][$i]['id']) == trim($coll_id)) { return $i; } } return -1; } /** * Logs a user * * @param $s_login string User login * @param $pass string User password */ public function login($s_login,$pass, $method = false, $ra_code=false) { /* $inspector = FirePHP::to('page'); $console = $inspector->console(); $console->log(date('H:i:s').' Login start'); */ $array = array(); $error = ''; $uc = new users_controler(); $s_login = str_replace('\'', '', $s_login); $s_login = str_replace('=', '', $s_login); $s_login = str_replace('"', '', $s_login); $s_login = str_replace('*', '', $s_login); $s_login = str_replace(';', '', $s_login); $s_login = str_replace('--', '', $s_login); $s_login = str_replace(',', '', $s_login); $s_login = str_replace('$', '', $s_login); $s_login = str_replace('>', '', $s_login); $s_login = str_replace('<', '', $s_login); if ($_SESSION['config']['usePDO'] == 'true') { require_once 'core/class/class_db_pdo.php'; $database = new Database(); // #TODO : Not usefull anymore, loginmode field is always in users table //Compatibility test, if loginmode column doesn't exists, Maarch can't crash if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) { // #TODO : do evolution of the loginmethod in sql query if ($method == 'activex') { $comp = " and STATUS <> 'DEL' and loginmode = 'activex'"; } else if ($method == 'ldap') { $comp =" and STATUS <> 'DEL'"; } else { if ($ra_code <> false) { $comp = " and password = :password and ra_code = '" . md5($ra_code) . "' and ra_expiration_date >= '" . date('Y-m-d 00:00:00') . "' and STATUS <> 'DEL' " . "and (loginmode = 'standard' or loginmode = 'sso')"; } else { $comp = " and password = :password and STATUS <> 'DEL' " . "and (loginmode = 'standard' or loginmode = 'sso')"; } $params = array('password' => $pass); } } else { $comp = " and password = :password and STATUS <> 'DEL'"; $params = array('password' => $pass); } $user = $uc->getWithPDO($s_login, $comp, $params); } else { // #TODO : Not usefull anymore, loginmode field is always in users table //Compatibility test, if loginmode column doesn't exists, Maarch can't crash if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) { // #TODO : do evolution of the loginmethod in sql query if ($method == 'activex') { $comp = " and STATUS <> 'DEL' and loginmode = 'activex'"; } else if ($method == 'ldap') { $comp =" and STATUS <> 'DEL'"; } else { if ($ra_code <> false) { $comp = " and password = '" . $pass . "' and ra_code = '" . md5($ra_code) . "' and ra_expiration_date >= '" . date('Y-m-d 00:00:00') . "' and STATUS <> 'DEL' " . "and (loginmode = 'standard' or loginmode = 'sso')"; } else { $comp = " and password = '" . $pass . "' and STATUS <> 'DEL' " . "and (loginmode = 'standard' or loginmode = 'sso')"; } } } else { $comp = " and password = '" . $pass . "' and STATUS <> 'DEL'"; } $user = $uc->get($s_login, $comp); } if (isset($user)) { if ($user->__get('enabled') == 'Y') { $ugc = new usergroups_controler(); $sec_controler = new SecurityControler(); $serv_controler = new ServiceControler(); if (isset($_SESSION['modules_loaded']['visa'])) { if ($user->__get('signature_path') <> '' && $user->__get('signature_file_name') <> '' ) { $_SESSION['user']['signature_path'] = $user->__get('signature_path'); $_SESSION['user']['signature_file_name'] = $user->__get('signature_file_name'); $db = new dbquery(); $db->connect(); $query = "select path_template from " . _DOCSERVERS_TABLE_NAME . " where docserver_id = 'TEMPLATES'"; $db->query($query); $resDs = $db->fetch_object(); $pathToDs = $resDs->path_template; $_SESSION['user']['pathToSignature'] = $pathToDs . str_replace( "#", DIRECTORY_SEPARATOR, $_SESSION['user']['signature_path'] ) . $_SESSION['user']['signature_file_name']; } } $array = array( 'change_pass' => $user->__get('change_password'), 'UserId' => $user->__get('user_id'), 'FirstName' => $user->__get('firstname'), 'LastName' => $user->__get('lastname'), 'Phone' => $user->__get('phone'), 'Mail' => $user->__get('mail'), 'department' => $user->__get('department'), 'thumbprint' => $user->__get('thumbprint'), 'signature_path' => $user->__get('signature_path'), 'signature_file_name' => $user->__get('signature_file_name'), 'pathToSignature' => $_SESSION['user']['pathToSignature'], 'Status' => $user->__get('status'), ); // $_SESSION['error'] = ''; setcookie( 'maarch', 'UserId=' . $array['UserId'] . '&key=' . $user->__get('cookie_key'), time() - 3600000, 0, 0, $_SERVER["HTTPS"], 1 ); $key = md5( time() . '%' . $array['FirstName'] . '%' . $array['UserId'] . '%' . $array['UserId'] . '%' . date('dmYHmi') . '%' ); $user->__set('cookie_key', functions::protect_string_db($key)); if ($_SESSION['config']['databasetype'] == 'ORACLE') { $user->__set('cookie_date', 'SYSDATE'); } else { $user->__set( 'cookie_date', date('Y-m-d') . ' ' . date('H:m:i') ); } // #TODO : usefull ? $uc->save($user, 'up'); setcookie( 'maarch', 'UserId=' . $array['UserId'] . '&key=' . $key, time() + ($_SESSION['config']['cookietime'] * 1000), 0, 0, $_SERVER["HTTPS"], 1 ); $array['primarygroup'] = $ugc ->getPrimaryGroup( $array['UserId'] ); $tmp = $sec_controler->load_security( $array['UserId'] ); $array['collections'] = $tmp['collections']; $array['security'] = $tmp['security']; $serv_controler->loadEnabledServices(); $business_app_tools = new business_app_tools(); $core_tools = new core_tools(); $business_app_tools->load_app_var_session($array); $core_tools->load_var_session($_SESSION['modules'], $array); /************Temporary fix*************/ // #TODO : revoir les functions load_var_session dans class_modules_tools pour ne plus charger en session les infos if (isset($_SESSION['user']['baskets'])) { $array['baskets'] = $_SESSION['user']['baskets']; } if (isset($_SESSION['user']['entities'])) { $array['entities'] = $_SESSION['user']['entities']; } if (isset($_SESSION['user']['primaryentity'])) { $array['primaryentity'] = $_SESSION['user']['primaryentity']; } if (isset($_SESSION['user']['redirect_groupbasket'])) { $array['redirect_groupbasket'] = $_SESSION['user']['redirect_groupbasket']; } /*************************************/ $array['services'] = $serv_controler->loadUserServices( $array['UserId'] ); if ($_SESSION['history']['userlogin'] == 'true') { //add new instance in history table for the user's connexion $hist = new history(); $ip = $_SERVER['REMOTE_ADDR']; $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']); $_SESSION['user']['UserId'] = $s_login; $_SESSION['user']['department'] = $array['department']; $_SESSION['user']['thumbprint'] = $array['thumbprint']; $_SESSION['user']['primarygroup'] = $array['primarygroup']; /*echo '

';
                    print_r($_SESSION['user']);
                    echo '';exit;*/
                    $hist->add(
                        $_SESSION['tablename']['users'],
                        $s_login,
                        'LOGIN','userlogin',
                        _LOGIN_HISTORY . ' '. $s_login . ' IP : ' . $ip,
                        $_SESSION['config']['databasetype']
                    );
                }

                if ($array['change_pass'] == 'Y') {
                    return array(
                        'user'  => $array,
                        'error' => $error,
                        'url'   => 'index.php?display=true&page=change_pass'
                    );
                }else if (isset($_SESSION['requestUri'])
                    && trim($_SESSION['requestUri']) <> ''
                    && ! preg_match('/page=login/', $_SESSION['requestUri'])) {
                    return array(
                        'user'  => $array,
                        'error' => $error,
                        'url'   => 'index.php?' . $_SESSION['requestUri']
                    );
                } else {
                    return array(
                        'user'  => $array,
                        'error' => $error,
                        'url'   => 'index.php'
                    );
                }
            } else {
                $error = _SUSPENDED_ACCOUNT . '. ' . _MORE_INFOS
                    . " " . $_SESSION['config']['adminname'] . "";
                return array(
                    'user'  => $array,
                    'error' => $error,
                    'url'   => 'index.php'
                );
            }
        } else {
            $error = _BAD_LOGIN_OR_PSW . '…';
            return array(
                'user'  => $array,
                'error' => $error,
                'url'   => 'index.php?display=true&page=login&coreurl='
                                   . $_SESSION['config']['coreurl']
            );
        }
    }

    /**
    * Reopens a session with the user's cookie
    *
    * @param  $s_UserId  string User identifier
    * @param  $s_key string Cookie key
    */
    public function reopen($s_UserId,$s_key)
    {
        $this->connect();

        $comp = " and cookie_key = '".$s_key."' and STATUS <> 'DEL'";
        $uc = new users_controler();
        $user = users_controler::get($s_login, $comp);
        if(isset($user))
        {
            if($user->__get('enabled')  == "Y")
            {
                $serv_controler = new ServiceControler();
                $_SESSION['user']['change_pass'] = $user->__get('change_password');
                $_SESSION['user']['UserId'] = $user->__get('user_id');
                $_SESSION['user']['FirstName'] = $user->__get('firstname');
                $_SESSION['user']['LastName'] = $user->__get('lastname');
                $_SESSION['user']['Phone'] = $user->__get('phone');
                $_SESSION['user']['Mail'] = $user->__get('mail');
                $_SESSION['user']['department'] = $user->__get('department');
                $_SESSION['user']['thumbprint'] = $user->__get('thumbprint');
                if (isset($_SESSION['modules_loaded']['visa'])) {
                    if ($user->__get('signature_path') <> '' 
                        && $user->__get('signature_file_name') <> '' 
                    ) {
                        $_SESSION['user']['signature_path'] = $user->__get('signature_path');
                        $_SESSION['user']['signature_file_name'] = $user->__get('signature_file_name');
                        $db = new dbquery();
                        $db->connect();
                        $query = "select path_template from " 
                            . _DOCSERVERS_TABLE_NAME 
                            . " where docserver_id = 'TEMPLATES'";
                        $db->query($query);
                        $resDs = $db->fetch_object();
                        $pathToDs = $resDs->path_template;
                        $_SESSION['user']['pathToSignature'] = $pathToDs . str_replace(
                                "#", 
                                DIRECTORY_SEPARATOR, 
                                $_SESSION['user']['signature_path']
                            )
                            . $_SESSION['user']['signature_file_name'];
                    }
                }

                $_SESSION['error'] =  "";
                setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->cookie_key,time()-3600000, 0, 0, $_SERVER["HTTPS"], 1);
                $key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%");

                $user->__set('cookie_key', functions::protect_string_db($key));
                if ($_SESSION['config']['databasetype'] == "ORACLE")
                    $user->__set('cookie_date', 'SYSDATE');
                else
                    $user->__set('cookie_date',date("Y-m-d")." ".date("H:m:i"));

                $uc->save($user, 'up');
                setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+($_SESSION['config']['cookietime']*60), 0, 0, $_SERVER["HTTPS"], 1);

                $_SESSION['user']['primarygroup'] =  $ugc->getPrimaryGroup($_SESSION['user']['UserId']);
                $sec_controler = new SecurityControler();
                $tmp = $sec_controler->load_security($_SESSION['user']['UserId']);
                $_SESSION['user']['collections'] = $tmp['collections'];
                $_SESSION['user']['security'] = $tmp['security'];
                $serv_controler->loadEnabledServices();

                $business_app_tools = new business_app_tools();
                $core_tools = new core_tools();
                $business_app_tools->load_app_var_session($array);
                $core_tools->load_var_session($_SESSION['modules'], $array);

                $_SESSION['user']['services'] = $serv_controler->loadUserServices($_SESSION['user']['UserId']);
                $core_tools->load_menu($_SESSION['modules']);
/*
                if($_SESSION['history']['userlogin'] == "true")
                {
                    //add new instance in history table for the user's connexion
                    $hist = new history();
                    $ip = $_SERVER['REMOTE_ADDR'];
                    $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']);

                    $hist->add($_SESSION['tablename']['users'],$_SESSION['user']['UserId'],"LOGIN","IP : ".$ip.", BROWSER : ".$navigateur , $_SESSION['config']['databasetype']);
                }
*/
                if($_SESSION['user']['change_pass'] == 'Y')
                {
                    header("location: ".$_SESSION['config']['businessappurl']."index.php?display=true&page=change_pass");
                    exit();
                }
                /*if($_SESSION['origin'] == "scan")
                {
                    header("location: ../../modules/indexing_searching/index_file.php");
                    exit();
                }
                elseif($_SESSION['origin'] == "files")
                {
                    header("location: ../../modules/indexing_searching/index_file.php");
                    exit();
                }*/
                else
                {
                    header("location: ".$_SESSION['config']['businessappurl']."index.php");
                    exit();
                }
            }
            else
            {
                $_SESSION['error'] = _SUSPENDED_ACCOUNT.'. '._MORE_INFOS." ".$_SESSION['config']['adminname']."";
                header("location: ".$_SESSION['config']['businessappurl']."index.php");
                exit();
            }
        }
        else
        {
            $_SESSION['error'] = _ERROR;
            header("location: ".$_SESSION['config']['businessappurl']."index.php?display=true&page=login&coreurl=".$_SESSION['config']['coreurl']);
            exit();
        }
    }

    /******************* COLLECTION MANAGEMENT FUNCTIONS *******************/

    /**
    * Returns all collections where we can insert new documents (with tables)
    *
    * @return array Collections where inserts are allowed
    */
    public function retrieve_insert_collections()
    {
        $arr = array();
        for($i=0; $iget_ind_collection($_SESSION['user']['security'][$i]['coll_id']);
                array_push($arr, array('coll_id'=> $_SESSION['user']['security'][$i]['coll_id'], 'label_coll' => $_SESSION['collections'][$ind]['label'] , 'table' => $_SESSION['user']['security'][$i]['table']));
            }
        }
        return $arr;
    }


    /**
    * Checks if the current user can do the action on the collection
    *
    * @param string $coll_id  Collection identifier
    * @param string $action  can_insert, can_update, can_delete
    * @return True if the user can do the action on the collection, False otherwise
    */
    public function collection_user_right($coll_id, $action)
    {
        if(!isset($coll_id))
        {
            return false;
        }
        $func = new functions();
        $flag = false;
        for($i=0; $iretrieve_view_from_coll_id($coll_id);
        if (empty($view)) {
            $view = $this->retrieve_table_from_coll($coll_id);
        }
        $where_clause = $this->get_where_clause_from_coll_id($coll_id);
        $query = "select res_id from " . $view . " where res_id = " . $s_id;
        if (!empty($where_clause)) {
            $query .= " and (" . $where_clause . ") ";
        }
        $this->connect();
        $this->query($query);
        if ($this->nb_result() < 1) {
            //NOT IN THE DOC PERIMETER SO TEST IT IN THE BASKETS
            $basketQuery = '';
            for (
                $ind_bask = 0;
                $ind_bask < count($_SESSION['user']['baskets']);
                $ind_bask++
            ) {
                if (
                    $_SESSION['user']['baskets'][$ind_bask]['coll_id'] == $coll_id
                ) {
                    if(
                        isset($_SESSION['user']['baskets'][$ind_bask]['clause']) 
                        && trim($_SESSION['user']['baskets'][$ind_bask]['clause']
                        ) <> '' 
                        && $_SESSION['user']['baskets'][$ind_bask]['is_folder_basket'] == 'N'
                    ) {
                        $basketQuery .= ' or (' 
                            . $_SESSION['user']['baskets'][$ind_bask]['clause'] 
                            . ')';
                    }
                 }
            }
            if ($basketQuery <> '') {
                $basketQuery = preg_replace('/^ or/', '', $basketQuery);
                $query = "select res_id from " 
                    . $view . " where (" . $basketQuery . ") and res_id = " . $s_id;
                $this->connect();
                $this->query($query);
                if ($this->nb_result() < 1) {
                    return false;
                } else {
                    return true;
                }
            } else {
                return false;
            }
        } else {
            return true;
        }
    }
}