/**
* Crear un nuevo usuario en la BBDD con los datos de LDAP.
* Esta función crea los usuarios de LDAP en la BBDD para almacenar infomación del mismo
* y utilizarlo en caso de fallo de LDAP
*
* @param User $User
* @return bool
*/
public static function newUserLDAP(User $User)
{
$passdata = UserPass::makeUserPassHash($User->getUserPass());
$groupId = Config::getValue('ldap_defaultgroup', 0);
$profileId = Config::getValue('ldap_defaultprofile', 0);
$query = 'INSERT INTO usrData SET ' . 'user_name = :name,' . 'user_groupId = :groupId,' . 'user_login = :login,' . 'user_pass = :pass,' . 'user_hashSalt = :hashSalt,' . 'user_email = :email,' . 'user_notes = :notes,' . 'user_profileId = :profileId,' . 'user_isLdap = 1,' . 'user_isDisabled = :isDisabled';
$data['name'] = $User->getUserName();
$data['login'] = $User->getUserLogin();
$data['pass'] = $passdata['pass'];
$data['hashSalt'] = $passdata['salt'];
$data['email'] = $User->getUserEmail();
$data['notes'] = _('Usuario de LDAP');
$data['groupId'] = $groupId;
$data['profileId'] = $profileId;
$data['isDisabled'] = $groupId === 0 || $profileId === 0 ? 1 : 0;
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
return false;
}
if (!$groupId || !$profileId) {
$Log = new Log(_('Activación Cuenta'));
$Log->addDescription(_('Su cuenta está pendiente de activación.'));
$Log->addDescription(_('En breve recibirá un email de confirmación.'));
$Log->writeLog();
Email::sendEmail($Log, $User->getUserEmail(), false);
}
Log::writeNewLogAndEmail(_('Nuevo usuario de LDAP'), sprintf("%s (%s)", $User->getUserName(), $User->getUserLogin()));
return true;
}
/**
* Migrar los perfiles con formato anterior a v1.2
*
* @return bool
*/
public static function migrateProfiles()
{
$query = 'SELECT userprofile_id AS id,' . 'userprofile_name AS name,' . 'BIN(userProfile_pView) AS pView,' . 'BIN(userProfile_pViewPass) AS pViewPass,' . 'BIN(userProfile_pViewHistory) AS pViewHistory,' . 'BIN(userProfile_pEdit) AS pEdit,' . 'BIN(userProfile_pEditPass) AS pEditPass,' . 'BIN(userProfile_pAdd) AS pAdd,' . 'BIN(userProfile_pDelete) AS pDelete,' . 'BIN(userProfile_pFiles) AS pFiles,' . 'BIN(userProfile_pConfig) AS pConfig,' . 'BIN(userProfile_pConfigMasterPass) AS pConfigMasterPass,' . 'BIN(userProfile_pConfigBackup) AS pConfigBackup,' . 'BIN(userProfile_pAppMgmtCategories) AS pAppMgmtCategories,' . 'BIN(userProfile_pAppMgmtCustomers) AS pAppMgmtCustomers,' . 'BIN(userProfile_pUsers) AS pUsers,' . 'BIN(userProfile_pGroups) AS pGroups,' . 'BIN(userProfile_pProfiles) AS pProfiles,' . 'BIN(userProfile_pEventlog) AS pEventlog ' . 'FROM usrProfiles';
DB::setReturnArray();
$queryRes = DB::getResults($query, __FUNCTION__);
if ($queryRes === false) {
Log::writeNewLog(_('Migrar Perfiles'), _('Error al obtener perfiles'));
return false;
}
foreach ($queryRes as $oldProfile) {
$profile = new Profile();
$profile->setId($oldProfile->id);
$profile->setName($oldProfile->name);
$profile->setAccAdd($oldProfile->pAdd);
$profile->setAccView($oldProfile->pView);
$profile->setAccViewPass($oldProfile->pViewPass);
$profile->setAccViewHistory($oldProfile->pViewHistory);
$profile->setAccEdit($oldProfile->pEdit);
$profile->setAccEditPass($oldProfile->pEditPass);
$profile->setAccDelete($oldProfile->pDelete);
$profile->setConfigGeneral($oldProfile->pConfig);
$profile->setConfigEncryption($oldProfile->pConfigMasterPass);
$profile->setConfigBackup($oldProfile->pConfigBackup);
$profile->setMgmCategories($oldProfile->pAppMgmtCategories);
$profile->setMgmCustomers($oldProfile->pAppMgmtCustomers);
$profile->setMgmUsers($oldProfile->pUsers);
$profile->setMgmGroups($oldProfile->pGroups);
$profile->setMgmProfiles($oldProfile->pProfiles);
$profile->setEvl($oldProfile->pEventlog);
if ($profile->profileUpdate() === false) {
return false;
}
}
$query = 'ALTER TABLE usrProfiles ' . 'DROP COLUMN userProfile_pAppMgmtCustomers,' . 'DROP COLUMN userProfile_pAppMgmtCategories,' . 'DROP COLUMN userProfile_pAppMgmtMenu,' . 'DROP COLUMN userProfile_pUsersMenu,' . 'DROP COLUMN userProfile_pConfigMenu,' . 'DROP COLUMN userProfile_pFiles,' . 'DROP COLUMN userProfile_pViewHistory,' . 'DROP COLUMN userProfile_pEventlog,' . 'DROP COLUMN userProfile_pEditPass,' . 'DROP COLUMN userProfile_pViewPass,' . 'DROP COLUMN userProfile_pDelete,' . 'DROP COLUMN userProfile_pProfiles,' . 'DROP COLUMN userProfile_pGroups,' . 'DROP COLUMN userProfile_pUsers,' . 'DROP COLUMN userProfile_pConfigBackup,' . 'DROP COLUMN userProfile_pConfigMasterPass,' . 'DROP COLUMN userProfile_pConfig,' . 'DROP COLUMN userProfile_pAdd,' . 'DROP COLUMN userProfile_pEdit,' . 'DROP COLUMN userProfile_pView';
$queryRes = DB::getQuery($query, __FUNCTION__);
$log = new Log(_('Migrar Perfiles'));
if ($queryRes) {
$log->addDescription(_('Operación realizada correctamente'));
} else {
$log->addDescription(_('Migrar Perfiles'), _('Fallo al realizar la operación'));
}
$log->writeLog();
Email::sendEmail($log);
return $queryRes;
}
/**
* Actualizar la clave de un usuario desde phpPMS.
*
* @param string $userLogin con el login del usuario
* @param string $userPass con la clave del usuario
* @return bool
*
* Esta función actualiza la clave de un usuario que ha sido migrado desde phpPMS
*/
public static function migrateUser($userLogin, $userPass)
{
$passdata = UserPass::makeUserPassHash($userPass);
$query = 'UPDATE usrData SET ' . 'user_pass = :pass,' . 'user_hashSalt = :salt,' . 'user_lastUpdate = NOW(),' . 'user_isMigrate = 0 ' . 'WHERE user_login = :login ' . 'AND user_isMigrate = 1 ' . 'AND (user_pass = SHA1(CONCAT(user_hashSalt,:passOld)) ' . 'OR user_pass = MD5(:passOldMd5)) LIMIT 1';
$data['pass'] = $passdata['pass'];
$data['salt'] = $passdata['salt'];
$data['login'] = $userLogin;
$data['passOld'] = $userPass;
$data['passOldMd5'] = $userPass;
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
return false;
}
$log = new Log(__FUNCTION__);
$log->addDescription(_('Usuario actualizado'));
$log->addDescription('Login: ' . $userLogin);
$log->writeLog();
Email::sendEmail($log);
return true;
}
/**
* Enviar un email utilizando la clase PHPMailer.
*
* @param Log $log con el objeto del tipo Log
* @param string $mailTo con el destinatario
* @param bool $isEvent para indicar si es um
* @return bool
*/
public static function sendEmail(Log $log, $mailTo = '', $isEvent = true)
{
if (!Util::mailIsEnabled()) {
return false;
}
$mail = self::getEmailObject($mailTo, utf8_decode($log->getAction()));
if (!is_object($mail)) {
return false;
}
$mail->isHTML();
$log->setNewLineHtml(true);
if ($isEvent === true) {
$performer = Session::getUserLogin() ? Session::getUserLogin() : _('N/D');
$body[] = Html::strongText(_('Acción') . ": ") . utf8_decode($log->getAction());
$body[] = Html::strongText(_('Realizado por') . ": ") . $performer . ' (' . $_SERVER['REMOTE_ADDR'] . ')';
$mail->addCC(Config::getValue('mail_from'));
}
$body[] = utf8_decode($log->getDescription());
$body[] = '';
$body[] = '--';
$body[] = Util::getAppInfo('appname') . ' - ' . Util::getAppInfo('appdesc');
$body[] = Html::anchorText(Init::$WEBURI);
$mail->Body = implode(Log::NEWLINE_HTML, $body);
$sendMail = $mail->send();
$logEmail = new Log(_('Enviar Email'));
// Enviar correo
if ($sendMail) {
$logEmail->addDescription(_('Correo enviado'));
} else {
$logEmail->addDescription(_('Error al enviar correo'));
$logEmail->addDescription('ERROR: ' . $mail->ErrorInfo);
}
$logEmail->addDescription(_('Destinatario') . ': ' . $mailTo);
if ($isEvent === true) {
$logEmail->addDescription(_('CC') . ': ' . Config::getValue('mail_from'));
}
$logEmail->writeLog();
return $sendMail;
}
/**
* Guardar un parámetro de configuración en la BBDD.
*
* @param string $param con el parámetro a guardar
* @param string $value con el valor a guardar
* @param bool $email enviar email?
* @return bool
*/
public static function setValue($param, $value, $email = true)
{
$query = "INSERT INTO config " . "SET config_parameter = :param," . "config_value = :value " . "ON DUPLICATE KEY UPDATE config_value = :valuedup";
$data['param'] = $param;
$data['value'] = $value;
$data['valuedup'] = $value;
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
return false;
}
$log = new Log(_('Configuración'));
$log->addDescription(_('Modificar configuración'));
$log->addDescription(_('Parámetro') . ': ' . $param);
$log->addDescription(_('Valor') . ': ' . $value);
$log->writeLog();
if ($email === true) {
Email::sendEmail($log);
}
return true;
}
/**
* Proceso para la recuperación de clave.
*
* @param string $login con el login del usuario
* @param string $email con el email del usuario
* @return bool
*/
public static function mailPassRecover($login, $email)
{
if (UserUtil::checkUserMail($login, $email) && !UserUtil::checkUserIsDisabled($login) && !UserLdap::checkUserIsLDAP($login) && !UserPassRecover::checkPassRecoverLimit($login)) {
$hash = Util::generate_random_bytes();
$log = new Log(_('Cambio de Clave'));
$log->addDescription(Html::strongText(_('Se ha solicitado el cambio de su clave de usuario.')));
$log->addDescription();
$log->addDescription(_('Para completar el proceso es necesario que acceda a la siguiente URL:'));
$log->addDescription();
$log->addDescription(Html::anchorText(Init::$WEBURI . '/index.php?a=passreset&h=' . $hash . '&t=' . time()));
$log->addDescription('');
$log->addDescription(_('Si no ha solicitado esta acción, ignore este mensaje.'));
return Email::sendEmail($log, $email, false) && UserPassRecover::addPassRecover($login, $hash);
} else {
return false;
}
}
/**
* Actualizar los datos encriptados con una nueva clave
*
* @param string $currentMasterPass La clave maestra actual
* @param string $newMasterPassword La nueva clave maestra
* @return bool
* @throws SPException
*/
public static function updateCustomFieldsCrypt($currentMasterPass, $newMasterPassword)
{
$Log = new Log();
$Log->setAction(_('Campos Personalizados'));
$query = 'SELECT customfielddata_id, customfielddata_data, customfielddata_iv FROM customFieldsData';
DB::setReturnArray();
$queryRes = DB::getResults($query, __FUNCTION__);
if ($queryRes === false) {
$Log->addDescription(_('Fin'));
$Log->writeLog();
return true;
}
$Log->addDescription(_('Actualizando datos encriptados'));
$Log->writeLog(true);
$errors = array();
$success = array();
foreach ($queryRes as $customField) {
$fieldData = Crypt::getDecrypt($customField->customfielddata_data, $customField->customfielddata_iv, $currentMasterPass);
$fieldCryptData = Crypt::encryptData($fieldData, $newMasterPassword);
$query = 'UPDATE customFieldsData SET ' . 'customfielddata_data = :data, ' . 'customfielddata_iv = :iv ' . 'WHERE customfielddata_id = :id ';
$data['id'] = $customField->customfielddata_id;
$data['data'] = $fieldCryptData['data'];
$data['iv'] = $fieldCryptData['iv'];
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
$errors[] = $customField->customfielddata_id;
} else {
$success[] = $customField->customfielddata_id;
}
}
if (count($errors) > 0) {
$Log->addDescription(_('Registros no actualizados') . ': ' . implode(',', $errors));
$Log->writeLog(true);
}
if (count($success) > 0) {
$Log->addDescription(_('Registros actualizados') . ': ' . implode(',', $success));
$Log->writeLog(true);
}
$Log->addDescription(_('Fin'));
$Log->writeLog();
return count($errors) === 0;
}
/**
* Actualiza la BBDD según la versión.
*
* @param int $version con la versión a actualizar
* @returns bool
*/
private static function upgradeTo($version)
{
$log = new Log(_('Actualizar BBDD'));
switch ($version) {
case 110:
$queries[] = 'ALTER TABLE `accFiles` CHANGE COLUMN `accfile_name` `accfile_name` VARCHAR(100) NOT NULL';
$queries[] = 'ALTER TABLE `accounts` ADD COLUMN `account_otherGroupEdit` BIT(1) NULL DEFAULT 0 AFTER `account_dateEdit`, ADD COLUMN `account_otherUserEdit` BIT(1) NULL DEFAULT 0 AFTER `account_otherGroupEdit`;';
$queries[] = 'CREATE TABLE `accUsers` (`accuser_id` INT NOT NULL AUTO_INCREMENT,`accuser_accountId` INT(10) UNSIGNED NOT NULL,`accuser_userId` INT(10) UNSIGNED NOT NULL, PRIMARY KEY (`accuser_id`), INDEX `idx_account` (`accuser_accountId` ASC)) DEFAULT CHARSET=utf8;';
$queries[] = 'ALTER TABLE `accHistory` ADD COLUMN `accHistory_otherUserEdit` BIT NULL AFTER `acchistory_mPassHash`, ADD COLUMN `accHistory_otherGroupEdit` VARCHAR(45) NULL AFTER `accHistory_otherUserEdit`;';
$queries[] = 'ALTER TABLE `accFiles` CHANGE COLUMN `accfile_type` `accfile_type` VARCHAR(100) NOT NULL ;';
break;
case 1121:
$queries[] = 'ALTER TABLE `categories` ADD COLUMN `category_description` VARCHAR(255) NULL AFTER `category_name`;';
$queries[] = 'ALTER TABLE `usrProfiles` ADD COLUMN `userProfile_pAppMgmtMenu` BIT(1) NULL DEFAULT b\'0\' AFTER `userProfile_pUsersMenu`,CHANGE COLUMN `userProfile_pConfigCategories` `userProfile_pAppMgmtCategories` BIT(1) NULL DEFAULT b\'0\' AFTER `userProfile_pAppMgmtMenu`,ADD COLUMN `userProfile_pAppMgmtCustomers` BIT(1) NULL DEFAULT b\'0\' AFTER `userProfile_pAppMgmtCategories`;';
break;
case 1122:
$queries[] = 'ALTER TABLE `usrData` CHANGE COLUMN `user_login` `user_login` VARCHAR(50) NOT NULL ,CHANGE COLUMN `user_email` `user_email` VARCHAR(80) NULL DEFAULT NULL ;';
break;
case 1123:
$queries[] = 'CREATE TABLE `usrPassRecover` (`userpassr_id` INT UNSIGNED NOT NULL AUTO_INCREMENT, `userpassr_userId` SMALLINT UNSIGNED NOT NULL,`userpassr_hash` VARBINARY(40) NOT NULL,`userpassr_date` INT UNSIGNED NOT NULL,`userpassr_used` BIT(1) NOT NULL DEFAULT b\'0\', PRIMARY KEY (`userpassr_id`),INDEX `IDX_userId` (`userpassr_userId` ASC, `userpassr_date` ASC)) DEFAULT CHARSET=utf8;';
$queries[] = 'ALTER TABLE `log` ADD COLUMN `log_ipAddress` VARCHAR(45) NOT NULL AFTER `log_userId`;';
$queries[] = 'ALTER TABLE `usrData` ADD COLUMN `user_isChangePass` BIT(1) NULL DEFAULT b\'0\' AFTER `user_isMigrate`;';
break;
case 11213:
$queries[] = 'ALTER TABLE `usrData` CHANGE COLUMN `user_mPass` `user_mPass` VARBINARY(32) NULL DEFAULT NULL ,CHANGE COLUMN `user_lastLogin` `user_lastLogin` DATETIME NULL DEFAULT NULL ,CHANGE COLUMN `user_lastUpdate` `user_lastUpdate` DATETIME NULL DEFAULT NULL, CHANGE COLUMN `user_mIV` `user_mIV` VARBINARY(32) NULL ;';
$queries[] = 'ALTER TABLE `accounts` CHANGE COLUMN `account_login` `account_login` VARCHAR(50) NULL DEFAULT NULL ;';
break;
case 11219:
$queries[] = 'ALTER TABLE `accounts` CHANGE COLUMN `account_pass` `account_pass` VARBINARY(255) NOT NULL ;';
$queries[] = 'ALTER TABLE `accHistory` CHANGE COLUMN `acchistory_pass` `acchistory_pass` VARBINARY(255) NOT NULL ;';
break;
case 11220:
$queries[] = 'ALTER TABLE `usrData` CHANGE COLUMN `user_pass` `user_pass` VARBINARY(255) NOT NULL,CHANGE COLUMN `user_mPass` `user_mPass` VARBINARY(255) DEFAULT NULL ;';
break;
case 12001:
$queries[] = 'ALTER TABLE `accounts` CHANGE COLUMN `account_userEditId` `account_userEditId` TINYINT(3) UNSIGNED NULL DEFAULT NULL, CHANGE COLUMN `account_dateEdit` `account_dateEdit` DATETIME NULL DEFAULT NULL;';
$queries[] = 'ALTER TABLE `accHistory` CHANGE COLUMN `acchistory_userEditId` `acchistory_userEditId` TINYINT(3) UNSIGNED NULL DEFAULT NULL, CHANGE COLUMN `acchistory_dateEdit` `acchistory_dateEdit` DATETIME NULL DEFAULT NULL;';
$queries[] = 'ALTER TABLE `accHistory` CHANGE COLUMN `accHistory_otherGroupEdit` `accHistory_otherGroupEdit` BIT NULL DEFAULT b\'0\';';
$queries[] = 'ALTER TABLE `usrProfiles` ADD COLUMN `userProfile_profile` BLOB NOT NULL;';
$queries[] = 'ALTER TABLE `usrData` ADD `user_preferences` BLOB NULL;';
$queries[] = 'CREATE TABLE usrToGroups (usertogroup_id INT UNSIGNED PRIMARY KEY NOT NULL AUTO_INCREMENT,usertogroup_userId INT UNSIGNED NOT NULL,usertogroup_groupId INT UNSIGNED NOT NULL) DEFAULT CHARSET=utf8;';
$queries[] = 'CREATE INDEX IDX_accountId ON usrToGroups (usertogroup_userId)';
$queries[] = 'ALTER TABLE `accFiles` ADD `accFile_thumb` BLOB NULL;';
$queries[] = 'CREATE TABLE `authTokens` (`authtoken_id` int(11) NOT NULL AUTO_INCREMENT,`authtoken_userId` int(11) NOT NULL,`authtoken_token` varbinary(100) NOT NULL,`authtoken_actionId` smallint(5) unsigned NOT NULL,`authtoken_createdBy` smallint(5) unsigned NOT NULL,`authtoken_startDate` int(10) unsigned NOT NULL,PRIMARY KEY (`authtoken_id`),UNIQUE KEY `unique_authtoken_id` (`authtoken_id`),KEY `IDX_checkToken` (`authtoken_userId`,`authtoken_actionId`,`authtoken_token`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;';
$queries[] = 'CREATE TABLE `customFieldsDef` (`customfielddef_id` int(10) unsigned NOT NULL AUTO_INCREMENT, `customfielddef_module` smallint(5) unsigned NOT NULL, `customfielddef_field` blob NOT NULL, PRIMARY KEY (`customfielddef_id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;';
$queries[] = 'CREATE TABLE `customFieldsData` (`customfielddata_id` int(10) unsigned NOT NULL AUTO_INCREMENT,`customfielddata_moduleId` smallint(5) unsigned NOT NULL,`customfielddata_itemId` int(10) unsigned NOT NULL,`customfielddata_defId` int(10) unsigned NOT NULL,`customfielddata_data` longblob,`customfielddata_iv` varbinary(128) DEFAULT NULL, PRIMARY KEY (`customfielddata_id`), KEY `IDX_DEFID` (`customfielddata_defId`), KEY `IDX_DELETE` (`customfielddata_itemId`,`customfielddata_moduleId`), KEY `IDX_UPDATE` (`customfielddata_moduleId`,`customfielddata_itemId`,`customfielddata_defId`), KEY `IDX_ITEM` (`customfielddata_itemId`), KEY `IDX_MODULE` (`customfielddata_moduleId`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;';
break;
case 12002:
$queries[] = 'ALTER TABLE config CHANGE config_value config_value VARCHAR(255);';
$queries[] = 'ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(255);';
$queries[] = 'ALTER TABLE usrData CHANGE user_hashSalt user_hashSalt VARBINARY(128);';
$queries[] = 'ALTER TABLE accHistory CHANGE acchistory_mPassHash acchistory_mPassHash VARBINARY(255);';
break;
default:
$log->addDescription(_('No es necesario actualizar la Base de Datos.'));
return true;
}
foreach ($queries as $query) {
try {
DB::getQuery($query, __FUNCTION__);
} catch (SPException $e) {
$log->addDescription(_('Error al aplicar la actualización de la Base de Datos.') . ' (v' . $version . ')');
$log->addDescription('ERROR: ' . $e->getMessage() . ' (' . $e->getCode() . ')');
$log->writeLog();
Email::sendEmail($log);
return false;
}
}
$log->addDescription(_('Actualización de la Base de Datos realizada correctamente.') . ' (v' . $version . ')');
$log->writeLog();
Email::sendEmail($log);
return true;
}
/**
* Migrar la configuración desde phpPMS.
*
* @return array resultado
*/
private static function migrateConfig()
{
// Obtener la configuración actual
self::getSourceConfig();
$skip = array('version', 'installed', 'install', 'dbhost', 'dbname', 'dbuser', 'dbpass', 'siteroot', 'sitelang', 'sitename', 'siteshortname', 'md5_pass', 'password_show', 'lastupdatempass', 'passwordsalt');
$totalParams = count(self::$_oldConfig);
$num = 0;
// Guardar la nueva configuración
foreach (self::$_oldConfig as $key => $value) {
if (array_key_exists($key, $skip)) {
continue;
}
Config::setValue($key, $value);
$num++;
}
$log = new Log(_('Importar Configuración'));
$log->addDescription('OK');
$log->addDescription(_('Registros') . ': ' . $num . '/' . $totalParams);
$log->writeLog();
}
/**
* Actualiza la clave de una cuenta en la BBDD.
*
* @param bool $isMassive para no actualizar el histórico ni enviar mensajes
* @param bool $isRestore indica si es una restauración
* @return bool
*/
public function updateAccountPass($isMassive = false, $isRestore = false)
{
$Log = new Log(__FUNCTION__);
// No actualizar el histórico si es por cambio de clave maestra o restauración
if (!$isMassive && !$isRestore) {
// Guardamos una copia de la cuenta en el histórico
if (!AccountHistory::addHistory($this->getAccountId(), false)) {
$Log->addDescription(_('Error al actualizar el historial'));
$Log->writeLog();
return false;
}
}
$query = 'UPDATE accounts SET ' . 'account_pass = :accountPass,' . 'account_IV = :accountIV,' . 'account_userEditId = :accountUserEditId,' . 'account_dateEdit = NOW() ' . 'WHERE account_id = :accountId';
$data['accountPass'] = $this->getAccountPass();
$data['accountIV'] = $this->getAccountIV();
$data['accountUserEditId'] = $this->getAccountUserEditId();
$data['accountId'] = $this->getAccountId();
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
return false;
}
// No escribir en el log ni enviar correos si la actualización es
// por cambio de clave maestra o restauración
if (!$isMassive && !$isRestore) {
$accountInfo = array('customer_name', 'account_name');
$this->getAccountInfoById($accountInfo);
$Log->setAction(_('Modificar Clave'));
$Log->addDescription(Html::strongText(_('Cliente') . ': ') . $this->_cacheParams['customer_name']);
$Log->addDescription(Html::strongText(_('Cuenta') . ': ') . $this->_cacheParams['account_name'] . " (" . $this->getAccountId() . ")");
$Log->writeLog();
Email::sendEmail($Log);
}
return true;
}
/**
* Método para registar los eventos de BD en el log
*
* @param $query string La consulta que genera el error
* @param $errorMsg string El mensaje de error
* @param $errorCode int El código de error
*/
private static function logDBException($query, $errorMsg, $errorCode, $querySource)
{
$Log = new Log($querySource);
$Log->addDescription($errorMsg . '(' . $errorCode . ')');
$Log->addDescription("SQL: " . self::escape($query));
$Log->writeLog();
error_log($query);
error_log($errorMsg);
}
/**
* Buscar al usuario en un grupo.
*
* @param string $userDN con el RDN del usuario
* @throws \Exception
* @return bool
*/
public static function searchUserInGroup($userDN)
{
$log = new Log(__FUNCTION__);
$ldapGroup = Config::getValue('ldap_group');
// Comprobar el filtro de grupo y obtener el nombre
if (empty($ldapGroup) || !($groupDN = self::getGroupName())) {
return true;
}
$userDN = self::escapeLdapDN($userDN);
$filter = '(&(cn=' . $groupDN . ')(|(member=' . $userDN . ')(uniqueMember=' . $userDN . '))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=group)))';
$filterAttr = array("member", "uniqueMember");
$searchRes = @ldap_search(self::$_ldapConn, self::$_searchBase, $filter, $filterAttr);
if (!$searchRes) {
$log->addDescription(_('Error al buscar el grupo de usuarios'));
$log->addDescription(sprintf('%s: %s', _('Grupo'), $ldapGroup));
$log->addDescription(sprintf('LDAP ERROR: %s (%d)', ldap_error(self::$_ldapConn), ldap_errno(self::$_ldapConn)));
$log->addDescription('LDAP FILTER: ' . $filter);
$log->writeLog();
throw new \Exception(_('Error al buscar el grupo de usuarios'));
}
if (@ldap_count_entries(self::$_ldapConn, $searchRes) === 0) {
return false;
}
$log->addDescription(_('Usuario verificado en grupo'));
$log->writeLog();
return true;
}
/**
* Actualiza las claves de todas las cuentas en el histórico con la nueva clave maestra.
*
* @param string $currentMasterPass con la clave maestra actual
* @param string $newMasterPass con la nueva clave maestra
* @param string $newHash con el nuevo hash de la clave maestra
* @return bool
*/
public function updateAccountsMasterPass($currentMasterPass, $newMasterPass, $newHash = null)
{
$idOk = array();
$errorCount = 0;
$demoEnabled = Util::demoIsEnabled();
$log = new Log(_('Actualizar Clave Maestra (H)'));
$log->addDescription(_('Inicio'));
$log->writeLog();
$log->resetDescription();
if (!Crypt::checkCryptModule()) {
$log->addDescription(_('Error en el módulo de encriptación'));
$log->writeLog();
return false;
}
$accountsPass = $this->getAccountsPassData();
if (!$accountsPass) {
$log->addDescription(_('Error al obtener las claves de las cuentas'));
$log->writeLog();
return false;
}
foreach ($accountsPass as $account) {
$this->setAccountId($account->acchistory_id);
// No realizar cambios si está en modo demo
if ($demoEnabled) {
$idOk[] = $account->acchistory_id;
continue;
}
if (!$this->checkAccountMPass()) {
$errorCount++;
$log->addDescription(_('La clave maestra del registro no coincide') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
continue;
}
if (strlen($account->acchistory_pass) === 0) {
$log->addDescription(_('Clave de cuenta vacía') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
continue;
}
if (strlen($account->acchistory_IV) < 32) {
$log->addDescription(_('IV de encriptación incorrecto') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
}
$decryptedPass = Crypt::getDecrypt($account->acchistory_pass, $account->acchistory_IV);
$this->setAccountPass(Crypt::mkEncrypt($decryptedPass, $newMasterPass));
$this->setAccountIV(Crypt::$strInitialVector);
if ($this->getAccountPass() === false) {
$errorCount++;
$log->addDescription(_('No es posible desencriptar la clave de la cuenta') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
continue;
}
if (!$this->updateAccountPass($account->acchistory_id, $newHash)) {
$errorCount++;
$log->addDescription(_('Fallo al actualizar la clave del histórico') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name);
continue;
}
$idOk[] = $account->acchistory_id;
}
// Vaciar el array de mensaje de log
if (count($log->getDescription()) > 0) {
$log->writeLog();
$log->resetDescription();
}
if ($idOk) {
$log->addDescription(_('Registros actualizados') . ': ' . implode(',', $idOk));
$log->writeLog();
$log->resetDescription();
}
$log->addDescription(_('Fin'));
$log->writeLog();
return true;
}
/**
* Obtener los datos de las entradas de sysPass y crearlas
*
* @throws SPException
*/
protected function processAccounts()
{
$line = 0;
$lines = $this->_file->getFileContent();
foreach ($lines as $data) {
$line++;
$fields = explode($this->_fieldDelimiter, $data);
$numfields = count($fields);
// Comprobar el número de campos de la línea
if ($numfields !== $this->_numFields) {
throw new SPException(SPException::SP_CRITICAL, sprintf(_('El número de campos es incorrecto (%d)'), $numfields), sprintf(_('Compruebe el formato del archivo CSV en línea %s'), $line));
}
// Eliminar las " del principio/fin de los campos
array_walk($fields, function (&$value, $key) {
$value = trim($value, '"');
});
// Asignar los valores del array a variables
list($accountName, $customerName, $categoryName, $url, $login, $password, $notes) = $fields;
// Obtener los ids de cliente, categoría y la clave encriptada
$customerId = Customer::addCustomerReturnId($customerName);
$categoryId = Category::addCategoryReturnId($categoryName);
$pass = Crypt::encryptData($password);
// Crear la nueva cuenta
$this->setAccountName($accountName);
$this->setAccountLogin($login);
$this->setCategoryId($categoryId);
$this->setCustomerId($customerId);
$this->setAccountNotes($notes);
$this->setAccountUrl($url);
$this->setAccountPass($pass['data']);
$this->setAccountPassIV($pass['iv']);
if (!$this->addAccount()) {
$log = new Log(_('Importar Cuentas'));
$log->addDescription(_('Error importando cuenta'));
$log->addDescription(sprintf(_('Error procesando línea %s'), $line));
$log->writeLog();
} else {
Log::writeNewLog(_('Importar Cuentas'), sprintf(_('Cuenta importada: %s'), $accountName));
}
}
}
/**
* Buscar al usuario en un grupo.
*
* @param string $userLogin con el login del usuario
* @throws \Exception
* @return bool
*/
public static function searchADUserInGroup($userLogin)
{
if (Ldap::$_isADS === false) {
return false;
}
$log = new Log(__FUNCTION__);
$ldapGroup = Config::getValue('ldap_group');
// El filtro de grupo no está establecido
if (empty($ldapGroup)) {
return true;
}
// Obtenemos el DN del grupo
if (!($groupDN = Ldap::searchGroupDN())) {
return false;
}
$filter = '(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . ')';
$filterAttr = array("sAMAccountName");
$searchRes = @ldap_search(Ldap::$_ldapConn, Ldap::$_searchBase, $filter, $filterAttr);
if (!$searchRes) {
$log->addDescription(_('Error al buscar el grupo de usuarios'));
$log->addDescription('LDAP ERROR: ' . ldap_error(Ldap::$_ldapConn) . '(' . ldap_errno(Ldap::$_ldapConn) . ')');
$log->addDescription('LDAP FILTER: ' . $filter);
$log->writeLog();
throw new \Exception(_('Error al buscar el grupo de usuarios'));
}
if (@ldap_count_entries(Ldap::$_ldapConn, $searchRes) === 0) {
$log->addDescription(_('No se encontró el grupo con ese nombre'));
$log->addDescription('LDAP ERROR: ' . ldap_error(Ldap::$_ldapConn) . '(' . ldap_errno(Ldap::$_ldapConn) . ')');
$log->addDescription('LDAP FILTER: ' . $filter);
$log->writeLog();
throw new \Exception(_('No se encontró el grupo con ese nombre'));
}
foreach (ldap_get_entries(Ldap::$_ldapConn, $searchRes) as $entry) {
if ($userLogin === $entry['samaccountname'][0]) {
return true;
}
}
return false;
}
/**
* Eliminar un grupo.
*
* @return bool
*/
public static function deleteGroup()
{
$groupName = self::getGroupNameById(self::$groupId);
$query = 'DELETE FROM usrGroups WHERE usergroup_id = :id LIMIT 1';
$data['id'] = self::$groupId;
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
return false;
}
self::$queryLastId = DB::$lastId;
$Log = new Log(_('Eliminar Grupo'));
if (!Groups::deleteUsersForGroup(self::$groupId)) {
$Log->addDescription(_('Error al eliminar los usuarios del grupo'));
}
$Log->addDescription(sprintf('%s : %s', Html::strongText(_('Grupo')), $groupName));
$Log->writeLog();
Email::sendEmail($Log);
return true;
}
/**
* Modificar un usuario.
*
* @return bool
*/
public function updateUser()
{
$query = 'UPDATE usrData SET ' . 'user_name = :name,' . 'user_login = :login,' . 'user_email = :email,' . 'user_notes = :notes,' . 'user_groupId = :groupId,' . 'user_profileId = :profileId,' . 'user_isAdminApp = :isAdminApp,' . 'user_isAdminAcc = :isAdminAcc,' . 'user_isDisabled = :isDisabled,' . 'user_isChangePass = :isChangePass,' . 'user_lastUpdate = NOW() ' . 'WHERE user_id = :id LIMIT 1';
$data['name'] = $this->_userName;
$data['login'] = $this->_userLogin;
$data['email'] = $this->_userEmail;
$data['notes'] = $this->_userNotes;
$data['groupId'] = $this->_userGroupId;
$data['profileId'] = $this->_userProfileId;
$data['isAdminApp'] = intval($this->_userIsAdminApp);
$data['isAdminAcc'] = intval($this->_userIsAdminAcc);
$data['isDisabled'] = intval($this->_userIsDisabled);
$data['isChangePass'] = intval($this->_userChangePass);
$data['id'] = $this->_userId;
if (DB::getQuery($query, __FUNCTION__, $data) === false) {
return false;
}
$this->queryLastId = DB::$lastId;
$Log = new Log(_('Modificar Usuario'));
$Log->addDescription(sprintf('%s: %s (%s)', Html::strongText(_('Usuario')), $this->_userName, $this->_userLogin));
if ($this->_userChangePass) {
if (!Auth::mailPassRecover(DB::escape($this->_userLogin), DB::escape($this->_userEmail))) {
$Log->addDescription(Html::strongText(_('No se pudo realizar la petición de cambio de clave.')));
}
}
$Log->writeLog();
Email::sendEmail($Log);
return true;
}
/**
* Eliminar un archivo de la BBDD.
*
* @param int $fileId con el Id del archivo
* @return bool
*/
public static function fileDelete($fileId)
{
$fileInfo = self::getFileInfo($fileId);
// Eliminamos el archivo de la BBDD
$query = 'DELETE FROM accFiles WHERE accfile_id = :id LIMIT 1';
$data['id'] = $fileId;
if (DB::getQuery($query, __FUNCTION__, $data) === true) {
$log = new Log(_('Eliminar Archivo'));
$log->addDescription(_('ID') . ": " . $fileId);
$log->addDescription(_('Archivo') . ": " . $fileInfo->accfile_name);
$log->addDescription(_('Tipo') . ": " . $fileInfo->accfile_type);
$log->addDescription(_('Tamaño') . ": " . round($fileInfo->accfile_size / 1024, 2) . " KB");
$log->writeLog();
Email::sendEmail($log);
return true;
}
return false;
}
