protected function doPostProcessActions() { if ( $this->isBlockNeeded() && $this->blockCurrentUser() && CSecurityIPRule::IsActive() ) { CSecurityIPRule::OnPageStart(true); } }
} ob_start(); $Update = $_REQUEST["Update"] . $_REQUEST["Apply"]; require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/admin/group_rights2.php"; ob_end_clean(); if ($_REQUEST["back_url_settings"] != "") { if ($_REQUEST["Update"] != "") { LocalRedirect($_REQUEST["back_url_settings"]); } $returnUrl = $_GET["return_url"] ? urlencode($_GET["return_url"]) : ""; LocalRedirect($APPLICATION->GetCurPage() . "?mid=" . urlencode($module_id) . "&lang=" . urlencode(LANGUAGE_ID) . "&back_url_settings=" . $returnUrl . "&" . $tabControl->ActiveTabParam()); } else { LocalRedirect($APPLICATION->GetCurPage() . "?mid=" . urlencode($module_id) . "&lang=" . urlencode(LANGUAGE_ID) . "&" . $tabControl->ActiveTabParam()); } } $message = CSecurityIPRule::CheckAntiFile(true); if ($message) { echo $message->Show(); } $availableMessagePlaceholders = CSecurityEventMessageFormatter::getAvailableMessagePlaceholders(); $availableUserInfoPlaceholders = CSecurityEventMessageFormatter::getAvailableUserInfoPlaceholders(); ?> <form method="post" action="<?php echo $APPLICATION->GetCurPage(); ?> ?mid=<?php echo urlencode($module_id); ?> &lang=<?php echo LANGUAGE_ID; ?>
$lAdmin->AddHeaders($arHeaders); $arSelectedFields = $lAdmin->GetVisibleHeaderColumns(); if (!is_array($arSelectedFields) || count($arSelectedFields) < 1) { $arSelectedFields = array("ID", "RULE_TYPE", "ACTIVE", "ADMIN_SECTION", "SITE_ID", "SORT", "NAME", "ACTIVE_FROM", "ACTIVE_TO"); } $arVisibleColumnsMap = array(); foreach ($arSelectedFields as $value) { $arVisibleColumnsMap[$value] = true; } if (array_key_exists("ACTIVE_FROM", $arVisibleColumnsMap)) { $arSelectedFields[] = "ACTIVE_FROM_TIMESTAMP"; } if (array_key_exists("ACTIVE_TO", $arVisibleColumnsMap)) { $arSelectedFields[] = "ACTIVE_TO_TIMESTAMP"; } $cData = new CSecurityIPRule(); $rsData = $cData->GetList($arSelectedFields, $arFilter, array($by => $order, "ID" => "DESC")); $rsData = new CAdminResult($rsData, $sTableID); $rsData->NavStart(); $lAdmin->NavText($rsData->GetNavPrint(GetMessage("SEC_IP_LIST_PAGER"))); $current_time = time(); while ($arRes = $rsData->NavNext(true, "f_")) { $row =& $lAdmin->AddRow($f_ID, $arRes); $row->AddViewField("ADMIN_SECTION", $f_ADMIN_SECTION == "Y" ? GetMessage("MAIN_YES") : GetMessage("MAIN_NO")); $row->AddViewField("RULE_TYPE", $arAccessTypes[$f_RULE_TYPE]); if ($f_ACTIVE == "Y" && ($f_ACTIVE_FROM == "" || intval($f_ACTIVE_FROM_TIMESTAMP) < $current_time) && ($f_ACTIVE_TO == "" || intval($f_ACTIVE_TO_TIMESTAMP) > $current_time)) { $row->AddViewField("ACTIVE", '<div class="lamp-green"></div>'); } else { $row->AddViewField("ACTIVE", '<div class="lamp-red"></div>'); } if (array_key_exists("INCL_PATH", $arVisibleColumnsMap)) {
} $data['std']['ITEMS'][] = array("IS_OK" => $error_level == GetMessage("SEC_PANEL_ERROR1") || $error_level == GetMessage("SEC_PANEL_ERROR3"), "KPI_NAME" => GetMessage("SEC_PANEL_ERROR_NAME"), "KPI_VALUE" => $error_level, "KPI_RECOMMENDATION" => $error_level == GetMessage("SEC_PANEL_ERROR1") || $error_level == GetMessage("SEC_PANEL_ERROR3") ? ' ' : ($USER->CanDoOperation('edit_other_settings') ? '<a href="settings.php?lang=' . LANGUAGE_ID . '&mid=main&back_url_settings=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ERROR1") . '</a>' : GetMessage("SEC_PANEL_ERROR1"))); global $DB; $data['std']['ITEMS'][] = array("IS_OK" => !$DB->debug, "KPI_NAME" => GetMessage("SEC_PANEL_QUERY_DEBUG"), "KPI_VALUE" => $DB->debug ? GetMessage("SEC_PANEL_QUERY_DEBUG_VALUE_ON") : GetMessage("SEC_PANEL_QUERY_DEBUG_VALUE_OFF"), "KPI_RECOMMENDATION" => !$DB->debug ? ' ' : (IsModuleInstalled('fileman') && ($USER->CanDoOperation('fileman_admin_files') || $USER->CanDoOperation('fileman_edit_existent_files')) ? GetMessage("SEC_PANEL_QUERY_DEBUG_RECOMMENDATION_WITH_HREF", array("#HREF#" => '/bitrix/admin/fileman_file_edit.php?lang=' . LANGUAGE_ID . '&full_src=Y&path=' . urlencode(BX_PERSONAL_ROOT . '/php_interface/dbconn.php') . '&back_url=' . urlencode('/bitrix/admin/security_panel.php?lang=' . LANGUAGE_ID))) : GetMessage("SEC_PANEL_QUERY_DEBUG_RECOMMENDATION_WO_HREF"))); $bEventLog = COption::GetOptionString("main", "event_log_logout", "N") === "Y" && COption::GetOptionString("main", "event_log_login_success", "N") === "Y" && COption::GetOptionString("main", "event_log_login_fail", "N") === "Y" && COption::GetOptionString("main", "event_log_register", "N") === "Y" && COption::GetOptionString("main", "event_log_register_fail", "N") === "Y" && COption::GetOptionString("main", "event_log_password_request", "N") === "Y" && COption::GetOptionString("main", "event_log_password_change", "N") === "Y" && COption::GetOptionString("main", "event_log_user_delete", "N") === "Y" && COption::GetOptionString("main", "event_log_user_groups", "N") === "Y" && COption::GetOptionString("main", "event_log_group_policy", "N") === "Y" && COption::GetOptionString("main", "event_log_module_access", "N") === "Y" && COption::GetOptionString("main", "event_log_file_access", "N") === "Y" && COption::GetOptionString("main", "event_log_task", "N") === "Y"; $data['high']['ITEMS'][] = array("IS_OK" => $bEventLog, "KPI_NAME" => GetMessage("SEC_PANEL_EVENT_LOG_NAME"), "KPI_VALUE" => $bEventLog ? GetMessage("SEC_PANEL_EVENT_LOG_VALUE_ON") : GetMessage("SEC_PANEL_EVENT_LOG_VALUE_OFF"), "KPI_RECOMMENDATION" => $bEventLog ? ' ' : ($USER->CanDoOperation('edit_other_settings') ? '<a href="settings.php?lang=' . LANGUAGE_ID . '&mid=main&back_url_settings=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=edit8">' . GetMessage("SEC_PANEL_EVENT_LOG_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_EVENT_LOG_RECOMMENDATION"))); $bSecurityFrame = CSecurityFrame::IsActive(); $data['high']['ITEMS'][] = array("IS_OK" => $bSecurityFrame, "KPI_NAME" => GetMessage("SEC_PANEL_FRAME_NAME"), "KPI_VALUE" => $bSecurityFrame ? GetMessage("SEC_PANEL_FRAME_VALUE_ON") : GetMessage("SEC_PANEL_FRAME_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFrame ? ' ' : ($USER->CanDoOperation('security_frame_settings_write') ? '<a href="security_frame.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FRAME_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FRAME_RECOMMENDATION"))); $rsIPRule = CSecurityIPRule::GetList(array(), array("=RULE_TYPE" => "A", "=ADMIN_SECTION" => "Y", "=SITE_ID" => false, "=SORT" => 10, "=ACTIVE_FROM" => false, "=ACTIVE_TO" => false), array("ID" => "ASC")); $arIPRule = $rsIPRule->Fetch(); if ($arIPRule) { $bIPProtection = $arIPRule["ACTIVE"] == "Y"; } else { $bIPProtection = false; } $msgStopListDisabled = CSecurityIPRule::CheckAntiFile(true); $data['high']['ITEMS'][] = array("IS_OK" => $bIPProtection && $msgStopListDisabled === false, "KPI_NAME" => GetMessage("SEC_PANEL_IPBLOCK_NAME"), "KPI_VALUE" => $bIPProtection && $msgStopListDisabled === false ? GetMessage("SEC_PANEL_IPBLOCK_VALUE_ON") : GetMessage("SEC_PANEL_IPBLOCK_VALUE_OFF"), "KPI_RECOMMENDATION" => $bIPProtection ? $msgStopListDisabled === false ? ' ' : $msgStopListDisabled->Show() : ($USER->CanDoOperation('security_iprule_admin_settings_write') ? '<a href="security_iprule_admin.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION"))); $bSessionsDB = COption::GetOptionString("security", "session") == "Y"; $data['high']['ITEMS'][] = array("IS_OK" => $bSessionsDB, "KPI_NAME" => GetMessage("SEC_PANEL_SESSDB_NAME"), "KPI_VALUE" => $bSessionsDB ? GetMessage("SEC_PANEL_SESSDB_VALUE_ON") : GetMessage("SEC_PANEL_SESSDB_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionsDB ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=savedb">' . GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION"))); $bSessionTTL = COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y" && COption::GetOptionInt("main", "session_id_ttl", 0) > 0; $data['high']['ITEMS'][] = array("IS_OK" => $bSessionTTL, "KPI_NAME" => GetMessage("SEC_PANEL_SESSID_NAME"), "KPI_VALUE" => $bSessionTTL ? GetMessage("SEC_PANEL_SESSID_VALUE_ON") : GetMessage("SEC_PANEL_SESSID_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionTTL ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=sessid">' . GetMessage("SEC_PANEL_SESSID_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSID_RECOMMENDATION"))); $bRedirect = CSecurityRedirect::IsActive(); $data['high']['ITEMS'][] = array("IS_OK" => $bRedirect, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIFISHING_NAME"), "KPI_VALUE" => $bRedirect ? GetMessage("SEC_PANEL_ANTIFISHING_VALUE_ON") : GetMessage("SEC_PANEL_ANTIFISHING_VALUE_OFF"), "KPI_RECOMMENDATION" => $bRedirect ? ' ' : ($USER->CanDoOperation('security_redirect_settings_write') ? '<a href="security_redirect.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION"))); $bOTP = CSecurityUser::isActive(); $data['very_high']['ITEMS'][] = array("IS_OK" => $bOTP, "KPI_NAME" => GetMessage("SEC_PANEL_OTP_NAME"), "KPI_VALUE" => $bOTP ? GetMessage("SEC_PANEL_OTP_VALUE_ON") : GetMessage("SEC_PANEL_OTP_VALUE_OFF"), "KPI_RECOMMENDATION" => $bOTP ? ' ' : ($USER->CanDoOperation('security_otp_settings_write') ? '<a href="security_otp.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_OTP_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_OTP_RECOMMENDATION"))); $timeFC = COption::GetOptionInt("security", "last_files_check", -1); $data['very_high']['ITEMS'][] = array("IS_OK" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600, "KPI_NAME" => GetMessage("SEC_PANEL_FILES_NAME"), "KPI_VALUE" => $timeFC < 0 ? GetMessage("SEC_PANEL_FILES_VALUE_NEVER") : (time() - $timeFC > 24 * 3600 ? GetMessage("SEC_PANEL_FILES_VALUE_LONGTIMEAGO") : GetMessage("SEC_PANEL_FILES_VALUE_ACTUAL")), "KPI_RECOMMENDATION" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600 ? ' ' : ($USER->CanDoOperation('security_file_verifier_verify') ? '<a href="security_file_verifier.php?lang=' . LANGUAGE_ID . '">' . GetMessage("SEC_PANEL_FILES_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILES_RECOMMENDATION"))); $bSecurityAV = CSecurityAntiVirus::IsActive(); $data['very_high']['ITEMS'][] = array("IS_OK" => $bSecurityAV, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIVIRUS_NAME"), "KPI_VALUE" => $bSecurityAV ? GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_ON") : GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityAV ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION"))); $strSecurityAVAction = COption::GetOptionString("security", "antivirus_action"); $data['very_high']['ITEMS'][] = array("IS_OK" => $strSecurityAVAction !== "notify_only", "KPI_NAME" => GetMessage("SEC_PANEL_AV_ACTION_NAME"), "KPI_VALUE" => $strSecurityAVAction === "notify_only" ? GetMessage("SEC_PANEL_AV_ACTION_VALUE_NOTIFY") : GetMessage("SEC_PANEL_AV_ACTION_VALUE_ACT"), "KPI_RECOMMENDATION" => $strSecurityAVAction !== "notify_only" ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=params">' . GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION")));
function CleanUpAgent() { $agentName = "CSecurityIPRule::CleanUpAgent();"; $cleanupDays = 2; $activeTo = ConvertTimeStamp(time() - $cleanupDays * 24 * 60 * 60, "FULL"); if (!$activeTo) { return $agentName; } $rs = CSecurityIPRule::GetList(array("ID"), array("=RULE_TYPE" => "A", "<=ACTIVE_TO" => $activeTo), array("ID" => "ASC")); while ($ar = $rs->Fetch()) { CSecurityIPRule::Delete($ar["ID"]); } return $agentName; }
$ID = $arIPRule["ID"]; $ACTIVE = $arIPRule["ACTIVE"]; } else { $ID = 0; $ACTIVE = "N"; } $exclMasks = array(); foreach (GetModuleEvents("security", "OnIPRuleAdmin", true) as $event) { $exclMasks = array_merge($exclMasks, ExecuteModuleEventEx($event)); } $strError = ""; $bVarsFromForm = false; $bShowForce = false; $message = CSecurityIPRule::CheckAntiFile(true); if ($REQUEST_METHOD == "POST" && ($save != "" || $apply != "" || $activate_iprule != "" || $deactivate_iprule != "") && $RIGHT_W && check_bitrix_sessid()) { $ob = new CSecurityIPRule(); if (!$activate_iprule && $deactivate_iprule) { //When rule is going to be deactivated we will no check for IP $noExclIPS = false; $selfBlock = false; } else { //Otherwise check if ANY input supplied $noExclIPS = true; foreach ($_POST["EXCL_IPS"] as $ip) { if (strlen(trim($ip)) > 0) { $noExclIPS = false; break; } } //AND it is not selfblocking rule $INCL_IPS = array("0.0.0.1-255.255.255.255");
function CleanUpAgent() { $cleanup_days = 2; $rs = CSecurityIPRule::GetList(array("ID"), array("=RULE_TYPE" => "A", "<=ACTIVE_TO" => ConvertTimeStamp(time() - $cleanup_days * 24 * 60 * 60, "FULL")), array("ID" => "ASC")); while ($ar = $rs->Fetch()) { CSecurityIPRule::Delete($ar["ID"]); } return "CSecurityIPRule::CleanUpAgent();"; }
/** * @param array $originalPostVars */ protected function doPostProccessActions($originalPostVars = array()) { if ($this->currentUserHaveRightsForSkip() && $this->isNeedShowForm()) { $this->showForm($originalPostVars); } elseif ($this->isUserBlocked && CSecurityIPRule::IsActive()) { CSecurityIPRule::OnPageStart(true); } }