Beispiel #1
0
 public static function setAuthentication(CurrentUser $user, $isPersistent = false)
 {
     /** @var $context \Freetrix\Main\HttpContext */
     $context = \Freetrix\Main\Application::getInstance()->getContext();
     $context->setUser($user);
     static::copyToSession($user);
     /** @var $response \Freetrix\Main\HttpResponse */
     $response = $context->getResponse();
     if (!$user->isAuthenticated()) {
         $cookie = new \Freetrix\Main\Web\Cookie("UIDH", "", time() - 3600);
         $response->addCookie($cookie);
         return;
     }
     $connection = \Freetrix\Main\Application::getDbConnection();
     $sqlHelper = $connection->getSqlHelper();
     $connection->queryExecute("UPDATE b_user SET " . "   STORED_HASH = NULL, " . "   LAST_LOGIN = "******", " . "   TIMESTAMP_X = TIMESTAMP_X,  " . "   LOGIN_ATTEMPTS = 0, " . "   TIME_ZONE_OFFSET = " . \CTimeZone::getOffset() . " " . "WHERE ID = " . $user->getUserId() . " ");
     $cookie = new \Freetrix\Main\Web\Cookie("LOGIN", $user->getLogin(), time() + 60 * 60 * 24 * 30 * 60);
     $cookie->setSpread(\Freetrix\Main\Config\Option::get("main", "auth_multisite", "N") == "Y" ? \Freetrix\Main\Web\Cookie::SPREAD_SITES : \Freetrix\Main\Web\Cookie::SPREAD_DOMAIN);
     $response->addCookie($cookie);
     if ($isPersistent || \Freetrix\Main\Config\Option::get("main", "auth_multisite", "N") == "Y") {
         $hash = $user->getSessionHash();
         /** @var $request \Freetrix\Main\HttpRequest */
         $request = $context->getRequest();
         if ($isPersistent) {
             $cookie = new \Freetrix\Main\Web\Cookie("UIDH", $hash, time() + 60 * 60 * 24 * 30 * 60);
         } else {
             $cookie = new \Freetrix\Main\Web\Cookie("UIDH", $hash, 0);
         }
         $cookie->setSecure(\Freetrix\Main\Config\Option::get("main", "use_secure_password_cookies", "N") == "Y" && $request->isHttps());
         $response->addCookie($cookie);
         $storedId = static::getStoredHashId($user, $hash);
         if ($storedId) {
             $connection->queryExecute("UPDATE b_user_stored_auth SET " . "\tLAST_AUTH = " . $sqlHelper->getCurrentDateTimeFunction() . ", " . "\t" . ($user->getAuthType() === static::AUTHENTICATED_BY_HASH ? "" : "TEMP_HASH='" . ($isPersistent ? "N" : "Y") . "', ") . " " . "\tIP_ADDR = '" . sprintf("%u", ip2long($request->getRemoteAddress())) . "' " . "WHERE ID = " . intval($storedId));
         } else {
             $sqlTmp1 = "";
             $sqlTmp2 = "";
             if ($connection->getType() === "oracle") {
                 $storedId = $connection->getIdentity("sq_b_user_stored_auth");
                 $sqlTmp1 = "ID, ";
                 $sqlTmp2 = intval($storedId) . ", ";
             }
             $sql = "INSERT INTO b_user_stored_auth (" . $sqlTmp1 . "USER_ID, DATE_REG, LAST_AUTH, TEMP_HASH, " . "   IP_ADDR, STORED_HASH) " . "VALUES (" . $sqlTmp2 . intval($user->getUserId()) . ", " . $sqlHelper->getCurrentDateTimeFunction() . ", " . "   " . $sqlHelper->getCurrentDateTimeFunction() . ", '" . ($isPersistent ? "N" : "Y") . "', " . "   '" . $sqlHelper->forSql(sprintf("%u", ip2long($request->getRemoteAddress()))) . "', " . "   '" . $sqlHelper->forSql($hash) . "')";
             $connection->queryExecute($sql);
             if ($connection->getType() !== "oracle") {
                 $storedId = $connection->getIdentity();
             }
         }
         $user->setStoredAuthId($storedId);
     }
     $event = new Main\Event("main", "OnUserLogin", array("USER" => $user));
     $event->send();
     if (\Freetrix\Main\Config\Option::get("main", "event_log_login_success", "N") === "Y") {
         \CEventLog::log("SECURITY", "USER_AUTHORIZE", "main", $user->getUserId());
     }
 }
Beispiel #2
0
 protected function loadUserSecurityPolicy()
 {
     $this->policy = static::$defaultGroupPolicy;
     if ($this->policy["SESSION_TIMEOUT"] <= 0) {
         $this->policy["SESSION_TIMEOUT"] = ini_get("session.gc_maxlifetime") / 60;
     }
     $connection = Main\Application::getDbConnection();
     $sqlHelper = $connection->getSqlHelper();
     $sql = "SELECT G.SECURITY_POLICY " . "FROM b_group G " . "WHERE G.ID = 2 ";
     if ($this->isAuthenticated) {
         $sql .= "UNION " . "SELECT G.SECURITY_POLICY " . "FROM b_group G " . "   INNER JOIN b_user_group UG ON (G.ID = UG.GROUP_ID) " . "WHERE UG.USER_ID = " . intval($this->userId) . " " . "\tAND ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= " . $sqlHelper->getCurrentDateTimeFunction() . ")) " . "\tAND ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= " . $sqlHelper->getCurrentDateTimeFunction() . ")) ";
     }
     $recordset = $connection->query($sql);
     while ($record = $recordset->fetch()) {
         if (!empty($record["SECURITY_POLICY"])) {
             $groupPolicy = unserialize($record["SECURITY_POLICY"]);
         } else {
             continue;
         }
         if (!is_array($groupPolicy)) {
             continue;
         }
         foreach ($groupPolicy as $key => $val) {
             switch ($key) {
                 case "STORE_IP_MASK":
                 case "SESSION_IP_MASK":
                     if ($this->policy[$key] < $val) {
                         $this->policy[$key] = $val;
                     }
                     break;
                 case "SESSION_TIMEOUT":
                     if ($this->policy[$key] <= 0 || $this->policy[$key] > $val) {
                         $this->policy[$key] = $val;
                     }
                     break;
                 case "PASSWORD_LENGTH":
                     if ($this->policy[$key] <= 0 || $this->policy[$key] < $val) {
                         $this->policy[$key] = $val;
                     }
                     break;
                 case "PASSWORD_UPPERCASE":
                 case "PASSWORD_LOWERCASE":
                 case "PASSWORD_DIGITS":
                 case "PASSWORD_PUNCTUATION":
                     if ($val === "Y") {
                         $this->policy[$key] = "Y";
                     }
                     break;
                 case "LOGIN_ATTEMPTS":
                     if ($val > 0 && ($this->policy[$key] <= 0 || $this->policy[$key] > $val)) {
                         $this->policy[$key] = $val;
                     }
                     break;
                 default:
                     if ($this->policy[$key] > $val) {
                         $this->policy[$key] = $val;
                     }
             }
         }
     }
     if ($this->policy["PASSWORD_LENGTH"] === false) {
         $this->policy["PASSWORD_LENGTH"] = 6;
     }
 }