/** * @param string $severity * @param string $auditType * @param string $itemName * @param string $itemDescription * @return bool */ public function doLog($severity, $auditType, $itemName, $itemDescription) { $savedInDB = $savedInFile = $savedInSyslog = false; if ($this->isDBEngineActive) { $savedInDB = CEventLog::log($severity, $auditType, "security", $itemName, base64_encode($itemDescription)); } $message = ""; if ($this->isSyslogEngineActive) { $message = $this->messageFormatter->format($auditType, $itemName, $itemDescription); $savedInSyslog = syslog($this->syslogPriority, $message); } if ($this->isFileEngineActive) { if (!$message) { $message = $this->messageFormatter->format($auditType, $itemName, $itemDescription); } $message .= "\n"; $savedInFile = file_put_contents($this->filePath, $message, FILE_APPEND) > 0; } return $savedInDB || $savedInSyslog || $savedInFile; }
/** * @param string $pSeverity * @param string $pAuditType * @param string $pItemName * @param string $pItemDescription * @return bool */ public function doLog($pSeverity, $pAuditType, $pItemName, $pItemDescription) { $savedInDB = $savedInFile = $savedInSyslog = false; if ($this->isDBEngineActive) { $savedInDB = CEventLog::log($pSeverity, $pAuditType, "security", $pItemName, $pItemDescription); } if ($this->isSyslogEngineActive) { $message = self::formatMessage($pAuditType, $pItemName, $pItemDescription, $this->isUserInfoNeeded); $savedInSyslog = syslog($this->syslogPriority, $message); } if ($this->isFileEngineActive) { $message = self::formatMessage($pAuditType, $pItemName, $pItemDescription, $this->isUserInfoNeeded); $message .= "\n"; $savedInFile = file_put_contents($this->filePath, $message, FILE_APPEND) > 0; } return $savedInDB || $savedInSyslog || $savedInFile; }
public static function setAuthentication(CurrentUser $user, $isPersistent = false) { /** @var $context \Freetrix\Main\HttpContext */ $context = \Freetrix\Main\Application::getInstance()->getContext(); $context->setUser($user); static::copyToSession($user); /** @var $response \Freetrix\Main\HttpResponse */ $response = $context->getResponse(); if (!$user->isAuthenticated()) { $cookie = new \Freetrix\Main\Web\Cookie("UIDH", "", time() - 3600); $response->addCookie($cookie); return; } $connection = \Freetrix\Main\Application::getDbConnection(); $sqlHelper = $connection->getSqlHelper(); $connection->queryExecute("UPDATE b_user SET " . " STORED_HASH = NULL, " . " LAST_LOGIN = "******", " . " TIMESTAMP_X = TIMESTAMP_X, " . " LOGIN_ATTEMPTS = 0, " . " TIME_ZONE_OFFSET = " . \CTimeZone::getOffset() . " " . "WHERE ID = " . $user->getUserId() . " "); $cookie = new \Freetrix\Main\Web\Cookie("LOGIN", $user->getLogin(), time() + 60 * 60 * 24 * 30 * 60); $cookie->setSpread(\Freetrix\Main\Config\Option::get("main", "auth_multisite", "N") == "Y" ? \Freetrix\Main\Web\Cookie::SPREAD_SITES : \Freetrix\Main\Web\Cookie::SPREAD_DOMAIN); $response->addCookie($cookie); if ($isPersistent || \Freetrix\Main\Config\Option::get("main", "auth_multisite", "N") == "Y") { $hash = $user->getSessionHash(); /** @var $request \Freetrix\Main\HttpRequest */ $request = $context->getRequest(); if ($isPersistent) { $cookie = new \Freetrix\Main\Web\Cookie("UIDH", $hash, time() + 60 * 60 * 24 * 30 * 60); } else { $cookie = new \Freetrix\Main\Web\Cookie("UIDH", $hash, 0); } $cookie->setSecure(\Freetrix\Main\Config\Option::get("main", "use_secure_password_cookies", "N") == "Y" && $request->isHttps()); $response->addCookie($cookie); $storedId = static::getStoredHashId($user, $hash); if ($storedId) { $connection->queryExecute("UPDATE b_user_stored_auth SET " . "\tLAST_AUTH = " . $sqlHelper->getCurrentDateTimeFunction() . ", " . "\t" . ($user->getAuthType() === static::AUTHENTICATED_BY_HASH ? "" : "TEMP_HASH='" . ($isPersistent ? "N" : "Y") . "', ") . " " . "\tIP_ADDR = '" . sprintf("%u", ip2long($request->getRemoteAddress())) . "' " . "WHERE ID = " . intval($storedId)); } else { $sqlTmp1 = ""; $sqlTmp2 = ""; if ($connection->getType() === "oracle") { $storedId = $connection->getIdentity("sq_b_user_stored_auth"); $sqlTmp1 = "ID, "; $sqlTmp2 = intval($storedId) . ", "; } $sql = "INSERT INTO b_user_stored_auth (" . $sqlTmp1 . "USER_ID, DATE_REG, LAST_AUTH, TEMP_HASH, " . " IP_ADDR, STORED_HASH) " . "VALUES (" . $sqlTmp2 . intval($user->getUserId()) . ", " . $sqlHelper->getCurrentDateTimeFunction() . ", " . " " . $sqlHelper->getCurrentDateTimeFunction() . ", '" . ($isPersistent ? "N" : "Y") . "', " . " '" . $sqlHelper->forSql(sprintf("%u", ip2long($request->getRemoteAddress()))) . "', " . " '" . $sqlHelper->forSql($hash) . "')"; $connection->queryExecute($sql); if ($connection->getType() !== "oracle") { $storedId = $connection->getIdentity(); } } $user->setStoredAuthId($storedId); } $event = new Main\Event("main", "OnUserLogin", array("USER" => $user)); $event->send(); if (\Freetrix\Main\Config\Option::get("main", "event_log_login_success", "N") === "Y") { \CEventLog::log("SECURITY", "USER_AUTHORIZE", "main", $user->getUserId()); } }