protected function checkOtp()
{
if (IsModuleInstalled('intranet')) {
//OTP not used in Bitrix Intranet Portal
return;
}
if (CSecurityUser::isActive()) {
$dbUser = $this->getAdminUserList();
while ($user = $dbUser->fetch()) {
$userInfo = CSecurityUser::getSecurityUserInfo($user['ID']);
if (!$userInfo) {
$this->addUnformattedDetailError('SECURITY_SITE_CHECKER_ADMIN_OTP_NOT_USED', CSecurityCriticalLevel::MIDDLE);
}
}
} else {
$this->addUnformattedDetailError('SECURITY_SITE_CHECKER_OTP_NOT_USED', CSecurityCriticalLevel::MIDDLE);
}
}
" enctype="multipart/form-data" name="editform">
<?php
echo bitrix_sessid_post();
?>
<input type="hidden" name="lang" value="<?php
echo LANG;
?>
">
<?php
$tabControl->Begin();
$tabControl->BeginNextTab();
?>
<tr>
<td colspan="2" align="left">
<?php
if (CSecurityUser::isActive()) {
?>
<input type="hidden" name="otp_active" value="N">
<input type="submit" name="otp_siteb" value="<?php
echo GetMessage("SEC_OTP_NEW_BUTTON_OFF");
?>
"<?php
if (!$canWrite) {
echo " disabled";
}
?>
>
<?php
} else {
?>
<input type="hidden" name="otp_active" value="Y">
<?php
$securityWarningTmp = "";
if (CModule::IncludeModule("security") && check_bitrix_sessid() && $USER->CanDoOperation('security_edit_user_otp')) {
$arSecurityFields = array("USER_ID" => $ID, "ACTIVE" => $security_ACTIVE, "SECRET" => $security_SECRET, "SYNC1" => $security_SYNC1, "SYNC2" => $security_SYNC2);
$security_res = CSecurityUser::update($arSecurityFields);
}
$rsIPRule = CSecurityIPRule::GetList(array(), array("=RULE_TYPE" => "A", "=ADMIN_SECTION" => "Y", "=SITE_ID" => false, "=SORT" => 10, "=ACTIVE_FROM" => false, "=ACTIVE_TO" => false), array("ID" => "ASC"));
$arIPRule = $rsIPRule->Fetch();
if ($arIPRule) {
$bIPProtection = $arIPRule["ACTIVE"] == "Y";
} else {
$bIPProtection = false;
}
$msgStopListDisabled = CSecurityIPRule::CheckAntiFile(true);
$data['high']['ITEMS'][] = array("IS_OK" => $bIPProtection && $msgStopListDisabled === false, "KPI_NAME" => GetMessage("SEC_PANEL_IPBLOCK_NAME"), "KPI_VALUE" => $bIPProtection && $msgStopListDisabled === false ? GetMessage("SEC_PANEL_IPBLOCK_VALUE_ON") : GetMessage("SEC_PANEL_IPBLOCK_VALUE_OFF"), "KPI_RECOMMENDATION" => $bIPProtection ? $msgStopListDisabled === false ? ' ' : $msgStopListDisabled->Show() : ($USER->CanDoOperation('security_iprule_admin_settings_write') ? '<a href="security_iprule_admin.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION")));
$bSessionsDB = COption::GetOptionString("security", "session") == "Y";
$data['high']['ITEMS'][] = array("IS_OK" => $bSessionsDB, "KPI_NAME" => GetMessage("SEC_PANEL_SESSDB_NAME"), "KPI_VALUE" => $bSessionsDB ? GetMessage("SEC_PANEL_SESSDB_VALUE_ON") : GetMessage("SEC_PANEL_SESSDB_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionsDB ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=savedb">' . GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION")));
$bSessionTTL = COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y" && COption::GetOptionInt("main", "session_id_ttl", 0) > 0;
$data['high']['ITEMS'][] = array("IS_OK" => $bSessionTTL, "KPI_NAME" => GetMessage("SEC_PANEL_SESSID_NAME"), "KPI_VALUE" => $bSessionTTL ? GetMessage("SEC_PANEL_SESSID_VALUE_ON") : GetMessage("SEC_PANEL_SESSID_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionTTL ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=sessid">' . GetMessage("SEC_PANEL_SESSID_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSID_RECOMMENDATION")));
$bRedirect = CSecurityRedirect::IsActive();
$data['high']['ITEMS'][] = array("IS_OK" => $bRedirect, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIFISHING_NAME"), "KPI_VALUE" => $bRedirect ? GetMessage("SEC_PANEL_ANTIFISHING_VALUE_ON") : GetMessage("SEC_PANEL_ANTIFISHING_VALUE_OFF"), "KPI_RECOMMENDATION" => $bRedirect ? ' ' : ($USER->CanDoOperation('security_redirect_settings_write') ? '<a href="security_redirect.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION")));
$bOTP = CSecurityUser::isActive();
$data['very_high']['ITEMS'][] = array("IS_OK" => $bOTP, "KPI_NAME" => GetMessage("SEC_PANEL_OTP_NAME"), "KPI_VALUE" => $bOTP ? GetMessage("SEC_PANEL_OTP_VALUE_ON") : GetMessage("SEC_PANEL_OTP_VALUE_OFF"), "KPI_RECOMMENDATION" => $bOTP ? ' ' : ($USER->CanDoOperation('security_otp_settings_write') ? '<a href="security_otp.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_OTP_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_OTP_RECOMMENDATION")));
$timeFC = COption::GetOptionInt("security", "last_files_check", -1);
$data['very_high']['ITEMS'][] = array("IS_OK" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600, "KPI_NAME" => GetMessage("SEC_PANEL_FILES_NAME"), "KPI_VALUE" => $timeFC < 0 ? GetMessage("SEC_PANEL_FILES_VALUE_NEVER") : (time() - $timeFC > 24 * 3600 ? GetMessage("SEC_PANEL_FILES_VALUE_LONGTIMEAGO") : GetMessage("SEC_PANEL_FILES_VALUE_ACTUAL")), "KPI_RECOMMENDATION" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600 ? ' ' : ($USER->CanDoOperation('security_file_verifier_verify') ? '<a href="security_file_verifier.php?lang=' . LANGUAGE_ID . '">' . GetMessage("SEC_PANEL_FILES_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILES_RECOMMENDATION")));
$bSecurityAV = CSecurityAntiVirus::IsActive();
$data['very_high']['ITEMS'][] = array("IS_OK" => $bSecurityAV, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIVIRUS_NAME"), "KPI_VALUE" => $bSecurityAV ? GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_ON") : GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityAV ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION")));
$strSecurityAVAction = COption::GetOptionString("security", "antivirus_action");
$data['very_high']['ITEMS'][] = array("IS_OK" => $strSecurityAVAction !== "notify_only", "KPI_NAME" => GetMessage("SEC_PANEL_AV_ACTION_NAME"), "KPI_VALUE" => $strSecurityAVAction === "notify_only" ? GetMessage("SEC_PANEL_AV_ACTION_VALUE_NOTIFY") : GetMessage("SEC_PANEL_AV_ACTION_VALUE_ACT"), "KPI_RECOMMENDATION" => $strSecurityAVAction !== "notify_only" ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=params">' . GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION")));
$rsSecurityWhiteList = CSecurityAntiVirus::GetWhiteList();
if ($rsSecurityWhiteList->Fetch()) {
$bSecurityWhiteList = true;
} else {
$bSecurityWhiteList = false;
}
$data['very_high']['ITEMS'][] = array("IS_OK" => !$bSecurityWhiteList, "KPI_NAME" => GetMessage("SEC_PANEL_AV_WHITE_LIST_NAME"), "KPI_VALUE" => $bSecurityWhiteList ? GetMessage("SEC_PANEL_AV_WHITE_LIST_VALUE_ON") : GetMessage("SEC_PANEL_AV_WHITE_LIST_VALUE_OFF"), "KPI_RECOMMENDATION" => !$bSecurityWhiteList ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=exceptions">' . GetMessage("SEC_PANEL_AV_WHITE_LIST_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_WHITE_LIST_RECOMMENDATION")));
$days = COption::GetOptionInt("main", "event_log_cleanup_days", 7);
header('Access-Control-Max-Age: 60');
//header('Access-Control-Allow-Headers: *');
header('Access-Control-Allow-Headers: X-Requested-With, Content-Type, Accept');
die('');
}
define("ADMIN_SECTION", false);
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_before.php";
if ($_POST['action'] != 'register' && $_POST['action'] != 'unregister' || $_POST['secret'] == "") {
CHTTP::SetStatus("403 Forbidden");
die;
}
if ($USER->Login($_POST['login'], $_POST['password']) !== true) {
if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) {
$CAPTCHA_CODE = $APPLICATION->CaptchaGetCode();
echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};";
}
CHTTP::SetStatus("401 Unauthorized");
die;
}
if (!CModule::IncludeModule("security")) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if ($_POST['action'] != 'register') {
$_POST['secret'] = "";
}
if (!CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y"))) {
//print_r($APPLICATION->GetException());
}
$USER->Logout();
/**
* @param bool $pActive
*/
public static function setActive($pActive = false)
{
if($pActive)
{
if(!CSecurityUser::isActive())
{
RegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin", "100");
$f = fopen($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/options_user_settings.php", "w");
fwrite($f, "<?include(\$_SERVER[\"DOCUMENT_ROOT\"].\"/bitrix/modules/security/options_user_settings_1.php\");?>");
fclose($f);
}
}
else
{
if(CSecurityUser::isActive())
{
UnRegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin");
unlink($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/security/options_user_settings.php");
}
}
}
$cache_id = 'user_otp_' . intval($USER->GetID() / 100);
$cache_dir = '/otp/user_id';
$obCache = new CPHPCache();
if ($obCache->InitCache($ttl, $cache_id, $cache_dir)) {
$arUserOtp = $obCache->GetVars();
} else {
$arUserOtp = array("ACTIVE" => CSecurityUser::IsUserOtpActive($USER->GetID()));
if (defined("BX_COMP_MANAGED_CACHE")) {
global $CACHE_MANAGER;
$CACHE_MANAGER->StartTagCache($cache_dir);
$CACHE_MANAGER->RegisterTag("USER_OTP_" . intval($USER->GetID() / 100));
$CACHE_MANAGER->EndTagCache();
}
if ($obCache->StartDataCache()) {
$obCache->EndDataCache($arUserOtp);
}
}
$arParams["PATH_TO_PROFILE_SECURITY"] = trim($arParams["PATH_TO_PROFILE_SECURITY"]);
if (strlen($arParams["PATH_TO_PROFILE_SECURITY"]) <= 0) {
$arParams["PATH_TO_PROFILE_SECURITY"] = SITE_DIR . "company/personal/user/#user_id#/security/";
}
$arResult["PATH_TO_PROFILE_SECURITY"] = CComponentEngine::MakePathFromTemplate($arParams["PATH_TO_PROFILE_SECURITY"], array("user_id" => $USER->GetID()));
//for all mandatory
$IsUserSkipMandatoryRights = CSecurityUser::IsUserSkipMandatoryRights($USER->GetID());
$dateDeactivate = CSecurityUser::GetDeactivateUntil($USER->GetID());
if (!$arUserOtp["ACTIVE"] && !isset($_SESSION["OTP_MANDATORY_INFO"]) && !$IsUserSkipMandatoryRights && $dateDeactivate) {
$arResult["POPUP_NAME"] = "otp_mandatory_info";
$_SESSION["OTP_MANDATORY_INFO"] = "Y";
$arResult["USER"]["OTP_DAYS_LEFT"] = $dateDeactivate ? FormatDate("ddiff", time() - 60 * 60 * 24, MakeTimeStamp($dateDeactivate)) : "";
$this->IncludeComponentTemplate();
}
$arJsonData["error"] = "Y";
}
break;
case "activate":
if (CModule::IncludeModule("security")) {
$res = CSecurityUser::ActivateUserOtp($userId);
if ($res) {
$arJsonData["success"] = "Y";
} else {
$arJsonData["error"] = "Y";
}
} else {
$arJsonData["error"] = "Y";
}
break;
case "defer":
if (CModule::IncludeModule("security")) {
$numDays = intval($_POST["numDays"]);
$res = CSecurityUser::DeferUserOtp($userId, $numDays);
if ($res) {
$arJsonData["success"] = "Y";
} else {
$arJsonData["error"] = "Y";
}
} else {
$arJsonData["error"] = "Y";
}
break;
}
echo \Bitrix\Main\Web\Json::encode($arJsonData);
}
/**
* @param bool $pActive
*/
public static function setActive($pActive = false)
{
$otpRecheckAgent = 'Bitrix\\Security\\Mfa\\OtpEvents::onRecheckDeactivate();';
if ($pActive) {
if (!CSecurityUser::isActive()) {
RegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin", "100");
RegisterModuleDependences("main", "OnAfterUserLogout", "security", "CSecurityUser", "OnAfterUserLogout", "100");
CAgent::RemoveAgent($otpRecheckAgent, "security");
CAgent::Add(array("NAME" => $otpRecheckAgent, "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 3600, "IS_PERIOD" => "N"));
$f = fopen($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/options_user_settings.php", "w");
fwrite($f, "<?include(\$_SERVER[\"DOCUMENT_ROOT\"].\"/bitrix/modules/security/options_user_settings_1.php\");?>");
fclose($f);
COption::SetOptionString('security', 'otp_enabled', 'Y');
}
} else {
if (CSecurityUser::isActive()) {
UnRegisterModuleDependences("main", "OnBeforeUserLogin", "security", "CSecurityUser", "OnBeforeUserLogin");
UnRegisterModuleDependences("main", "OnAfterUserLogout", "security", "CSecurityUser", "OnAfterUserLogout");
CAgent::RemoveAgent($otpRecheckAgent, "security");
unlink($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/options_user_settings.php");
COption::SetOptionString('security', 'otp_enabled', 'N');
}
}
}
}
}
$arResult["tasks"] = array("SHOW" => false, "TITLE" => GetMessage("SONET_C39_TASKS_TITLE"));
if (array_key_exists("tasks", $arResult["ActiveFeatures"]) && (CSocNetFeaturesPerms::CanPerformOperation($USER->GetID(), SONET_ENTITY_USER, $arResult["User"]["ID"], "tasks", "view", CSocNetUser::IsCurrentUserModuleAdmin()) || $APPLICATION->GetGroupRight("intranet") >= "W") && CModule::IncludeModule("intranet")) {
$arResult["tasks"]["SHOW"] = true;
if (StrLen($arResult["ActiveFeatures"]["tasks"]) > 0) {
$arResult["tasks"]["TITLE"] = $arResult["ActiveFeatures"]["tasks"];
}
}
}
}
if (array_key_exists("RatingMultiple", $arResult) && count($arResult["RatingMultiple"]) > 0) {
foreach ($arParams["RATING_ID_ARR"] as $rating_id) {
if (array_key_exists($rating_id, $arResult["RatingMultiple"])) {
$arResult["RatingMultiple"][$rating_id]["VALUE"] = $arResult["User"]["RATING_" . $rating_id . "_CURRENT_VALUE"];
}
}
}
//otp
if (CModule::IncludeModule("security")) {
$arResult["User"]["OTP"]["IS_MANDATORY"] = CSecurityUser::IsOtpMandatory();
$arResult["User"]["OTP"]["IS_ACTIVE"] = CSecurityUser::IsUserOtpActive($arResult["User"]["ID"]);
$arResult["User"]["OTP"]["IS_EXIST"] = CSecurityUser::IsUserOtpExist($arResult["User"]["ID"]);
$arResult["User"]["OTP"]["ARE_RECOVERY_CODES_ENABLED"] = Bitrix\Security\Mfa\Otp::isRecoveryCodesEnabled();
$dateDeactivate = CSecurityUser::GetDeactivateUntil($arResult["User"]["ID"]);
$arResult["User"]["OTP"]["NUM_LEFT_DAYS"] = $dateDeactivate ? FormatDate("ddiff", time() - 60 * 60 * 24, MakeTimeStamp($dateDeactivate)) : "";
}
}
}
$this->IncludeComponentTemplate();
return array("NAME" => $arResult["User"]["NAME_FORMATTED"]);
die;
}
if ($USER->Login($_POST['login'], $_POST['password']) !== true) {
if ($APPLICATION->NeedCAPTHAForLogin($_POST['login'])) {
$CAPTCHA_CODE = $APPLICATION->CaptchaGetCode();
echo "{'captchaCode': '" . $CAPTCHA_CODE . "'};";
}
CHTTP::SetStatus("401 Unauthorized");
die;
}
if (!CModule::IncludeModule("security")) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if (!\Bitrix\Security\Mfa\Otp::isOtpEnabled()) {
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
if ($_POST['action'] != 'register') {
$_POST['secret'] = "";
}
$isUpdated = CSecurityUser::update(array("USER_ID" => $USER->GetID(), "SECRET" => $_POST['secret'], "ACTIVE" => "Y", "TYPE" => \Bitrix\Security\Mfa\Otp::TYPE_HOTP));
if (!$isUpdated) {
//print_r($APPLICATION->GetException());
CHTTP::SetStatus("403 Forbidden");
$USER->Logout();
die;
}
$USER->Logout();
