. */ /** * @brief Contains all the functions to manage the users groups security * and connexion to the application * * @file * @author Claire Figueras * @date $date$ * @version $Revision$ * @ingroup core */ /** * @brief contains all the functions to manage the users groups security * through session variables * * * @ingroup core */ //Requires to launch history functions require_once 'core/class/class_db_pdo.php'; require_once 'core/class/class_history.php'; require_once 'core/class/SecurityControler.php'; require_once 'core/class/class_core_tools.php'; require_once 'core/where_targets.php'; require_once 'core/class/users_controler.php'; if (isset($_SESSION['config']['app_id'])) { require_once 'apps/' . $_SESSION['config']['app_id'] . '/class/class_business_app_tools.php'; } require_once 'core/class/usergroups_controler.php'; require_once 'core/class/ServiceControler.php'; //require_once('lib/FirePHP/Init.php'); class security extends Database { /** * Gets the indice of the collection in the $_SESSION['collections'] array * * @param $coll_id string Collection identifier * @return integer Indice of the collection in the $_SESSION['collections'] or -1 if not found */ public function get_ind_collection($coll_id) { for($i=0;$i< count($_SESSION['collections']); $i++) { if(trim($_SESSION['collections'][$i]['id']) == trim($coll_id)) { return $i; } } return -1; } /** * Logs a user * * @param $s_login string User login * @param $pass string User password */ public function login($s_login,$pass, $method = false, $ra_code=false) { $array = array(); $error = ''; $uc = new users_controler(); $s_login = str_replace('\'', '', $s_login); $s_login = str_replace('=', '', $s_login); $s_login = str_replace('"', '', $s_login); $s_login = str_replace('*', '', $s_login); $s_login = str_replace(';', '', $s_login); $s_login = str_replace('--', '', $s_login); $s_login = str_replace(',', '', $s_login); $s_login = str_replace('$', '', $s_login); $s_login = str_replace('>', '', $s_login); $s_login = str_replace('<', '', $s_login); $database = new Database(); // #TODO : Not usefull anymore, loginmode field is always in users table //Compatibility test, if loginmode column doesn't exists, Maarch can't crash if ($this->test_column($_SESSION['tablename']['users'], 'loginmode')) { // #TODO : do evolution of the loginmethod in sql query if ($method == 'activex') { $comp = " and STATUS <> 'DEL' and loginmode = 'activex'"; } else if ($method == 'ldap') { $comp =" and STATUS <> 'DEL'"; } else { if ($ra_code <> false) { $comp = " and password = :password and " . "ra_code = :ra_code and ra_expiration_date >= :ra_expiration_date " . "and status <> :status " . "and (loginmode = :loginmode1 or loginmode = :loginmode2)"; $params = array( 'password' => $pass, 'ra_code' => $this->getPasswordHash($ra_code), 'ra_expiration_date' => date('Y-m-d 00:00:00'), 'status' => 'DEL', 'loginmode1' => 'standard', 'loginmode2' => 'sso', ); } else { $comp = " and password = :password and STATUS <> 'DEL' " . "and (loginmode = 'standard' or loginmode = 'sso')"; $params = array('password' => $pass); } } } else { $comp = " and password = :password and STATUS <> 'DEL'"; $params = array('password' => $pass); } $user = $uc->getWithComp($s_login, $comp, $params); if (isset($user)) { if ($user->__get('enabled') == 'Y') { $ugc = new usergroups_controler(); $sec_controler = new SecurityControler(); $serv_controler = new ServiceControler(); if (isset($_SESSION['modules_loaded']['visa'])) { if ($user->__get('signature_path') <> '' && $user->__get('signature_file_name') <> '' ) { $_SESSION['user']['signature_path'] = $user->__get('signature_path'); $_SESSION['user']['signature_file_name'] = $user->__get('signature_file_name'); $db = new Database(); $query = "select path_template from " . _DOCSERVERS_TABLE_NAME . " where docserver_id = 'TEMPLATES'"; $stmt = $db->query($query); $resDs = $stmt->fetchObject(); $pathToDs = $resDs->path_template; $_SESSION['user']['pathToSignature'] = $pathToDs . str_replace( "#", DIRECTORY_SEPARATOR, $_SESSION['user']['signature_path'] ) . $_SESSION['user']['signature_file_name']; } } $array = array( 'change_pass' => $user->__get('change_password'), 'UserId' => $user->__get('user_id'), 'FirstName' => $user->__get('firstname'), 'LastName' => $user->__get('lastname'), 'Initials' => $user->__get('initials'), 'Phone' => $user->__get('phone'), 'Mail' => $user->__get('mail'), 'department' => $user->__get('department'), 'thumbprint' => $user->__get('thumbprint'), 'signature_path' => $user->__get('signature_path'), 'signature_file_name' => $user->__get('signature_file_name'), 'pathToSignature' => $_SESSION['user']['pathToSignature'], 'Status' => $user->__get('status'), 'cookie_date' => $user->__get('cookie_date'), ); // $_SESSION['error'] = ''; /*setcookie( 'maarch', 'UserId=' . $array['UserId'] . '&key=' . $user->__get('cookie_key'), time() - 3600000, 0, 0, $_SERVER["HTTPS"], 1 );*/ $key = md5( time() . '%' . $array['FirstName'] . '%' . $array['UserId'] . '%' . $array['UserId'] . '%' . date('dmYHmi') . '%' ); $user->__set('cookie_key', $key); if ($_SESSION['config']['databasetype'] == 'ORACLE') { $user->__set('cookie_date', 'SYSDATE'); } else { $user->__set( 'cookie_date', date('Y-m-d') . ' ' . date('H:m:i') ); } // #TODO : usefull ? $uc->save($user, 'up'); /*setcookie( 'maarch', 'UserId=' . $array['UserId'] . '&key=' . $key, time() + ($_SESSION['config']['cookietime'] * 1000), 0, 0, $_SERVER["HTTPS"], 1 );*/ $array['primarygroup'] = $ugc ->getPrimaryGroup( $array['UserId'] ); $tmp = $sec_controler->load_security( $array['UserId'] ); $array['collections'] = $tmp['collections']; $array['security'] = $tmp['security']; $serv_controler->loadEnabledServices(); $business_app_tools = new business_app_tools(); $core_tools = new core_tools(); $business_app_tools->load_app_var_session($array); $core_tools->load_var_session($_SESSION['modules'], $array); /************Temporary fix*************/ // #TODO : revoir les functions load_var_session dans class_modules_tools pour ne plus charger en session les infos if (isset($_SESSION['user']['baskets'])) { $array['baskets'] = $_SESSION['user']['baskets']; } if (isset($_SESSION['user']['entities'])) { $array['entities'] = $_SESSION['user']['entities']; } if (isset($_SESSION['user']['primaryentity'])) { $array['primaryentity'] = $_SESSION['user']['primaryentity']; } if (isset($_SESSION['user']['redirect_groupbasket'])) { $array['redirect_groupbasket'] = $_SESSION['user']['redirect_groupbasket']; } /*************************************/ $array['services'] = $serv_controler->loadUserServices( $array['UserId'] ); if ($_SESSION['history']['userlogin'] == 'true') { //add new instance in history table for the user's connexion $hist = new history(); $ip = $_SERVER['REMOTE_ADDR']; $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']); $_SESSION['user']['UserId'] = $s_login; $_SESSION['user']['department'] = $array['department']; $_SESSION['user']['thumbprint'] = $array['thumbprint']; $_SESSION['user']['primarygroup'] = $array['primarygroup']; $hist->add( $_SESSION['tablename']['users'], $s_login, 'LOGIN','userlogin', _LOGIN_HISTORY . ' '. $s_login . ' IP : ' . $ip, $_SESSION['config']['databasetype'] ); } if ($array['change_pass'] == 'Y') { return array( 'user' => $array, 'error' => $error, 'url' => 'index.php?display=true&page=change_pass' ); }else if (isset($_SESSION['requestUri']) && trim($_SESSION['requestUri']) <> '' && ! preg_match('/page=login/', $_SESSION['requestUri'])) { return array( 'user' => $array, 'error' => $error, 'url' => 'index.php?' . $_SESSION['requestUri'] ); } else { return array( 'user' => $array, 'error' => $error, 'url' => 'index.php' ); } } else { $error = _SUSPENDED_ACCOUNT . '. ' . _MORE_INFOS . " " . $_SESSION['config']['adminname'] . ""; return array( 'user' => $array, 'error' => $error, 'url' => 'index.php' ); } } else { $error = _BAD_LOGIN_OR_PSW; return array( 'user' => $array, 'error' => $error, 'url' => 'index.php?display=true&page=login' ); } } /** * Reopens a session with the user's cookie * * @param $s_UserId string User identifier * @param $s_key string Cookie key */ public function reopen($s_UserId,$s_key) { $comp = " and cookie_key = '".$s_key."' and STATUS <> 'DEL'"; $uc = new users_controler(); $user = users_controler::get($s_login, $comp); if(isset($user)) { if($user->__get('enabled') == "Y") { $serv_controler = new ServiceControler(); $_SESSION['user']['change_pass'] = $user->__get('change_password'); $_SESSION['user']['UserId'] = $user->__get('user_id'); $_SESSION['user']['FirstName'] = $user->__get('firstname'); $_SESSION['user']['LastName'] = $user->__get('lastname'); $_SESSION['user']['Phone'] = $user->__get('phone'); $_SESSION['user']['Mail'] = $user->__get('mail'); $_SESSION['user']['department'] = $user->__get('department'); $_SESSION['user']['thumbprint'] = $user->__get('thumbprint'); if (isset($_SESSION['modules_loaded']['visa'])) { if ($user->__get('signature_path') <> '' && $user->__get('signature_file_name') <> '' ) { $_SESSION['user']['signature_path'] = $user->__get('signature_path'); $_SESSION['user']['signature_file_name'] = $user->__get('signature_file_name'); $db = new Database(); $query = "select path_template from " . _DOCSERVERS_TABLE_NAME . " where docserver_id = 'TEMPLATES'"; $stmt = $db->query($query); $resDs = $stmt->fetchObject(); $pathToDs = $resDs->path_template; $_SESSION['user']['pathToSignature'] = $pathToDs . str_replace( "#", DIRECTORY_SEPARATOR, $_SESSION['user']['signature_path'] ) . $_SESSION['user']['signature_file_name']; } } $_SESSION['error'] = ""; /*setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$line->cookie_key,time()-3600000, 0, 0, $_SERVER["HTTPS"], 1);*/ $key = md5(time()."%".$_SESSION['user']['FirstName']."%".$_SESSION['user']['UserId']."%".$_SESSION['user']['UserId']."%".date("dmYHmi")."%"); $user->__set('cookie_key', $key); if ($_SESSION['config']['databasetype'] == "ORACLE") $user->__set('cookie_date', 'SYSDATE'); else $user->__set('cookie_date',date("Y-m-d")." ".date("H:m:i")); $uc->save($user, 'up'); /*setcookie("maarch", "UserId=".$_SESSION['user']['UserId']."&key=".$key,time()+($_SESSION['config']['cookietime']*60), 0, 0, $_SERVER["HTTPS"], 1);*/ $_SESSION['user']['primarygroup'] = $ugc->getPrimaryGroup($_SESSION['user']['UserId']); $sec_controler = new SecurityControler(); $tmp = $sec_controler->load_security($_SESSION['user']['UserId']); $_SESSION['user']['collections'] = $tmp['collections']; $_SESSION['user']['security'] = $tmp['security']; $serv_controler->loadEnabledServices(); $business_app_tools = new business_app_tools(); $core_tools = new core_tools(); $business_app_tools->load_app_var_session($array); $core_tools->load_var_session($_SESSION['modules'], $array); $_SESSION['user']['services'] = $serv_controler->loadUserServices($_SESSION['user']['UserId']); $core_tools->load_menu($_SESSION['modules']); /* if($_SESSION['history']['userlogin'] == "true") { //add new instance in history table for the user's connexion $hist = new history(); $ip = $_SERVER['REMOTE_ADDR']; $navigateur = addslashes($_SERVER['HTTP_USER_AGENT']); $hist->add($_SESSION['tablename']['users'],$_SESSION['user']['UserId'],"LOGIN","IP : ".$ip.", BROWSER : ".$navigateur , $_SESSION['config']['databasetype']); } */ if($_SESSION['user']['change_pass'] == 'Y') { header("location: ".$_SESSION['config']['businessappurl']."index.php?display=true&page=change_pass"); exit(); } /*if($_SESSION['origin'] == "scan") { header("location: ../../modules/indexing_searching/index_file.php"); exit(); } elseif($_SESSION['origin'] == "files") { header("location: ../../modules/indexing_searching/index_file.php"); exit(); }*/ else { header("location: ".$_SESSION['config']['businessappurl']."index.php"); exit(); } } else { $_SESSION['error'] = _SUSPENDED_ACCOUNT; header("location: ".$_SESSION['config']['businessappurl']."index.php"); exit(); } } else { $_SESSION['error'] = _ERROR; header("location: ".$_SESSION['config']['businessappurl']."index.php?display=true&page=login"); exit(); } } /******************* COLLECTION MANAGEMENT FUNCTIONS *******************/ /** * Returns all collections where we can insert new documents (with tables) * * @return array Collections where inserts are allowed */ public function retrieve_insert_collections() { $arr = array(); for($i=0; $iget_ind_collection($_SESSION['user']['security'][$i]['coll_id']); array_push($arr, array('coll_id'=> $_SESSION['user']['security'][$i]['coll_id'], 'label_coll' => $_SESSION['collections'][$ind]['label'] , 'table' => $_SESSION['user']['security'][$i]['table'])); } } return $arr; } /** * Checks if the current user can do the action on the collection * * @param string $coll_id Collection identifier * @param string $action can_insert, can_update, can_delete * @return True if the user can do the action on the collection, False otherwise */ public function collection_user_right($coll_id, $action) { if(!isset($coll_id)) { return false; } $func = new functions(); $flag = false; for($i=0; $iretrieve_view_from_coll_id($coll_id); if (empty($view)) { $view = $this->retrieve_table_from_coll($coll_id); } $entitiesTab = $this->getEntitiesForCurrentUser(); $where_clause = $this->get_where_clause_from_coll_id($coll_id); $query = "select res_id from " . $view . " where res_id = ?"; if (!empty($entitiesTab)) { if (!empty($where_clause)) { $query .= " and (" . $where_clause . " or folder_destination in (?)) "; } $stmt = $this->query($query, array($s_id, $entitiesTab)); } else { if (!empty($where_clause)) { $query .= " and (" . $where_clause . ") "; } $stmt = $this->query($query, array($s_id)); } if ($stmt->rowCount() < 1) { //NOT IN THE DOC PERIMETER SO TEST IT IN THE BASKETS $basketQuery = ''; for ( $ind_bask = 0; $ind_bask < count($_SESSION['user']['baskets']); $ind_bask++ ) { if ( $_SESSION['user']['baskets'][$ind_bask]['coll_id'] == $coll_id ) { if( isset($_SESSION['user']['baskets'][$ind_bask]['clause']) && trim($_SESSION['user']['baskets'][$ind_bask]['clause'] ) <> '' && $_SESSION['user']['baskets'][$ind_bask]['is_folder_basket'] == 'N' ) { $basketQuery .= ' or (' . $_SESSION['user']['baskets'][$ind_bask]['clause'] . ')'; } } } if ($basketQuery <> '') { $basketQuery = preg_replace('/^ or/', '', $basketQuery); $query = "select res_id from " . $view . " where (" . $basketQuery . ") and res_id = ?"; $stmt = $this->query($query, array($s_id)); if ($stmt->rowCount() < 1) { return false; } else { return true; } } else { return false; } } else { return true; } } }