public static function setAuthentication(CurrentUser $user, $isPersistent = false)
{
/** @var $context \Freetrix\Main\HttpContext */
$context = \Freetrix\Main\Application::getInstance()->getContext();
$context->setUser($user);
static::copyToSession($user);
/** @var $response \Freetrix\Main\HttpResponse */
$response = $context->getResponse();
if (!$user->isAuthenticated()) {
$cookie = new \Freetrix\Main\Web\Cookie("UIDH", "", time() - 3600);
$response->addCookie($cookie);
return;
}
$connection = \Freetrix\Main\Application::getDbConnection();
$sqlHelper = $connection->getSqlHelper();
$connection->queryExecute("UPDATE b_user SET " . " STORED_HASH = NULL, " . " LAST_LOGIN = "******", " . " TIMESTAMP_X = TIMESTAMP_X, " . " LOGIN_ATTEMPTS = 0, " . " TIME_ZONE_OFFSET = " . \CTimeZone::getOffset() . " " . "WHERE ID = " . $user->getUserId() . " ");
$cookie = new \Freetrix\Main\Web\Cookie("LOGIN", $user->getLogin(), time() + 60 * 60 * 24 * 30 * 60);
$cookie->setSpread(\Freetrix\Main\Config\Option::get("main", "auth_multisite", "N") == "Y" ? \Freetrix\Main\Web\Cookie::SPREAD_SITES : \Freetrix\Main\Web\Cookie::SPREAD_DOMAIN);
$response->addCookie($cookie);
if ($isPersistent || \Freetrix\Main\Config\Option::get("main", "auth_multisite", "N") == "Y") {
$hash = $user->getSessionHash();
/** @var $request \Freetrix\Main\HttpRequest */
$request = $context->getRequest();
if ($isPersistent) {
$cookie = new \Freetrix\Main\Web\Cookie("UIDH", $hash, time() + 60 * 60 * 24 * 30 * 60);
} else {
$cookie = new \Freetrix\Main\Web\Cookie("UIDH", $hash, 0);
}
$cookie->setSecure(\Freetrix\Main\Config\Option::get("main", "use_secure_password_cookies", "N") == "Y" && $request->isHttps());
$response->addCookie($cookie);
$storedId = static::getStoredHashId($user, $hash);
if ($storedId) {
$connection->queryExecute("UPDATE b_user_stored_auth SET " . "\tLAST_AUTH = " . $sqlHelper->getCurrentDateTimeFunction() . ", " . "\t" . ($user->getAuthType() === static::AUTHENTICATED_BY_HASH ? "" : "TEMP_HASH='" . ($isPersistent ? "N" : "Y") . "', ") . " " . "\tIP_ADDR = '" . sprintf("%u", ip2long($request->getRemoteAddress())) . "' " . "WHERE ID = " . intval($storedId));
} else {
$sqlTmp1 = "";
$sqlTmp2 = "";
if ($connection->getType() === "oracle") {
$storedId = $connection->getIdentity("sq_b_user_stored_auth");
$sqlTmp1 = "ID, ";
$sqlTmp2 = intval($storedId) . ", ";
}
$sql = "INSERT INTO b_user_stored_auth (" . $sqlTmp1 . "USER_ID, DATE_REG, LAST_AUTH, TEMP_HASH, " . " IP_ADDR, STORED_HASH) " . "VALUES (" . $sqlTmp2 . intval($user->getUserId()) . ", " . $sqlHelper->getCurrentDateTimeFunction() . ", " . " " . $sqlHelper->getCurrentDateTimeFunction() . ", '" . ($isPersistent ? "N" : "Y") . "', " . " '" . $sqlHelper->forSql(sprintf("%u", ip2long($request->getRemoteAddress()))) . "', " . " '" . $sqlHelper->forSql($hash) . "')";
$connection->queryExecute($sql);
if ($connection->getType() !== "oracle") {
$storedId = $connection->getIdentity();
}
}
$user->setStoredAuthId($storedId);
}
$event = new Main\Event("main", "OnUserLogin", array("USER" => $user));
$event->send();
if (\Freetrix\Main\Config\Option::get("main", "event_log_login_success", "N") === "Y") {
\CEventLog::log("SECURITY", "USER_AUTHORIZE", "main", $user->getUserId());
}
}
protected function loadUserSecurityPolicy()
{
$this->policy = static::$defaultGroupPolicy;
if ($this->policy["SESSION_TIMEOUT"] <= 0) {
$this->policy["SESSION_TIMEOUT"] = ini_get("session.gc_maxlifetime") / 60;
}
$connection = Main\Application::getDbConnection();
$sqlHelper = $connection->getSqlHelper();
$sql = "SELECT G.SECURITY_POLICY " . "FROM b_group G " . "WHERE G.ID = 2 ";
if ($this->isAuthenticated) {
$sql .= "UNION " . "SELECT G.SECURITY_POLICY " . "FROM b_group G " . " INNER JOIN b_user_group UG ON (G.ID = UG.GROUP_ID) " . "WHERE UG.USER_ID = " . intval($this->userId) . " " . "\tAND ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= " . $sqlHelper->getCurrentDateTimeFunction() . ")) " . "\tAND ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= " . $sqlHelper->getCurrentDateTimeFunction() . ")) ";
}
$recordset = $connection->query($sql);
while ($record = $recordset->fetch()) {
if (!empty($record["SECURITY_POLICY"])) {
$groupPolicy = unserialize($record["SECURITY_POLICY"]);
} else {
continue;
}
if (!is_array($groupPolicy)) {
continue;
}
foreach ($groupPolicy as $key => $val) {
switch ($key) {
case "STORE_IP_MASK":
case "SESSION_IP_MASK":
if ($this->policy[$key] < $val) {
$this->policy[$key] = $val;
}
break;
case "SESSION_TIMEOUT":
if ($this->policy[$key] <= 0 || $this->policy[$key] > $val) {
$this->policy[$key] = $val;
}
break;
case "PASSWORD_LENGTH":
if ($this->policy[$key] <= 0 || $this->policy[$key] < $val) {
$this->policy[$key] = $val;
}
break;
case "PASSWORD_UPPERCASE":
case "PASSWORD_LOWERCASE":
case "PASSWORD_DIGITS":
case "PASSWORD_PUNCTUATION":
if ($val === "Y") {
$this->policy[$key] = "Y";
}
break;
case "LOGIN_ATTEMPTS":
if ($val > 0 && ($this->policy[$key] <= 0 || $this->policy[$key] > $val)) {
$this->policy[$key] = $val;
}
break;
default:
if ($this->policy[$key] > $val) {
$this->policy[$key] = $val;
}
}
}
}
if ($this->policy["PASSWORD_LENGTH"] === false) {
$this->policy["PASSWORD_LENGTH"] = 6;
}
}