/** * Crear un nuevo usuario en la BBDD con los datos de LDAP. * Esta función crea los usuarios de LDAP en la BBDD para almacenar infomación del mismo * y utilizarlo en caso de fallo de LDAP * * @param User $User * @return bool */ public static function newUserLDAP(User $User) { $passdata = UserPass::makeUserPassHash($User->getUserPass()); $groupId = Config::getValue('ldap_defaultgroup', 0); $profileId = Config::getValue('ldap_defaultprofile', 0); $query = 'INSERT INTO usrData SET ' . 'user_name = :name,' . 'user_groupId = :groupId,' . 'user_login = :login,' . 'user_pass = :pass,' . 'user_hashSalt = :hashSalt,' . 'user_email = :email,' . 'user_notes = :notes,' . 'user_profileId = :profileId,' . 'user_isLdap = 1,' . 'user_isDisabled = :isDisabled'; $data['name'] = $User->getUserName(); $data['login'] = $User->getUserLogin(); $data['pass'] = $passdata['pass']; $data['hashSalt'] = $passdata['salt']; $data['email'] = $User->getUserEmail(); $data['notes'] = _('Usuario de LDAP'); $data['groupId'] = $groupId; $data['profileId'] = $profileId; $data['isDisabled'] = $groupId === 0 || $profileId === 0 ? 1 : 0; if (DB::getQuery($query, __FUNCTION__, $data) === false) { return false; } if (!$groupId || !$profileId) { $Log = new Log(_('Activación Cuenta')); $Log->addDescription(_('Su cuenta está pendiente de activación.')); $Log->addDescription(_('En breve recibirá un email de confirmación.')); $Log->writeLog(); Email::sendEmail($Log, $User->getUserEmail(), false); } Log::writeNewLogAndEmail(_('Nuevo usuario de LDAP'), sprintf("%s (%s)", $User->getUserName(), $User->getUserLogin())); return true; }
/** * Migrar los perfiles con formato anterior a v1.2 * * @return bool */ public static function migrateProfiles() { $query = 'SELECT userprofile_id AS id,' . 'userprofile_name AS name,' . 'BIN(userProfile_pView) AS pView,' . 'BIN(userProfile_pViewPass) AS pViewPass,' . 'BIN(userProfile_pViewHistory) AS pViewHistory,' . 'BIN(userProfile_pEdit) AS pEdit,' . 'BIN(userProfile_pEditPass) AS pEditPass,' . 'BIN(userProfile_pAdd) AS pAdd,' . 'BIN(userProfile_pDelete) AS pDelete,' . 'BIN(userProfile_pFiles) AS pFiles,' . 'BIN(userProfile_pConfig) AS pConfig,' . 'BIN(userProfile_pConfigMasterPass) AS pConfigMasterPass,' . 'BIN(userProfile_pConfigBackup) AS pConfigBackup,' . 'BIN(userProfile_pAppMgmtCategories) AS pAppMgmtCategories,' . 'BIN(userProfile_pAppMgmtCustomers) AS pAppMgmtCustomers,' . 'BIN(userProfile_pUsers) AS pUsers,' . 'BIN(userProfile_pGroups) AS pGroups,' . 'BIN(userProfile_pProfiles) AS pProfiles,' . 'BIN(userProfile_pEventlog) AS pEventlog ' . 'FROM usrProfiles'; DB::setReturnArray(); $queryRes = DB::getResults($query, __FUNCTION__); if ($queryRes === false) { Log::writeNewLog(_('Migrar Perfiles'), _('Error al obtener perfiles')); return false; } foreach ($queryRes as $oldProfile) { $profile = new Profile(); $profile->setId($oldProfile->id); $profile->setName($oldProfile->name); $profile->setAccAdd($oldProfile->pAdd); $profile->setAccView($oldProfile->pView); $profile->setAccViewPass($oldProfile->pViewPass); $profile->setAccViewHistory($oldProfile->pViewHistory); $profile->setAccEdit($oldProfile->pEdit); $profile->setAccEditPass($oldProfile->pEditPass); $profile->setAccDelete($oldProfile->pDelete); $profile->setConfigGeneral($oldProfile->pConfig); $profile->setConfigEncryption($oldProfile->pConfigMasterPass); $profile->setConfigBackup($oldProfile->pConfigBackup); $profile->setMgmCategories($oldProfile->pAppMgmtCategories); $profile->setMgmCustomers($oldProfile->pAppMgmtCustomers); $profile->setMgmUsers($oldProfile->pUsers); $profile->setMgmGroups($oldProfile->pGroups); $profile->setMgmProfiles($oldProfile->pProfiles); $profile->setEvl($oldProfile->pEventlog); if ($profile->profileUpdate() === false) { return false; } } $query = 'ALTER TABLE usrProfiles ' . 'DROP COLUMN userProfile_pAppMgmtCustomers,' . 'DROP COLUMN userProfile_pAppMgmtCategories,' . 'DROP COLUMN userProfile_pAppMgmtMenu,' . 'DROP COLUMN userProfile_pUsersMenu,' . 'DROP COLUMN userProfile_pConfigMenu,' . 'DROP COLUMN userProfile_pFiles,' . 'DROP COLUMN userProfile_pViewHistory,' . 'DROP COLUMN userProfile_pEventlog,' . 'DROP COLUMN userProfile_pEditPass,' . 'DROP COLUMN userProfile_pViewPass,' . 'DROP COLUMN userProfile_pDelete,' . 'DROP COLUMN userProfile_pProfiles,' . 'DROP COLUMN userProfile_pGroups,' . 'DROP COLUMN userProfile_pUsers,' . 'DROP COLUMN userProfile_pConfigBackup,' . 'DROP COLUMN userProfile_pConfigMasterPass,' . 'DROP COLUMN userProfile_pConfig,' . 'DROP COLUMN userProfile_pAdd,' . 'DROP COLUMN userProfile_pEdit,' . 'DROP COLUMN userProfile_pView'; $queryRes = DB::getQuery($query, __FUNCTION__); $log = new Log(_('Migrar Perfiles')); if ($queryRes) { $log->addDescription(_('Operación realizada correctamente')); } else { $log->addDescription(_('Migrar Perfiles'), _('Fallo al realizar la operación')); } $log->writeLog(); Email::sendEmail($log); return $queryRes; }
/** * Actualizar la clave de un usuario desde phpPMS. * * @param string $userLogin con el login del usuario * @param string $userPass con la clave del usuario * @return bool * * Esta función actualiza la clave de un usuario que ha sido migrado desde phpPMS */ public static function migrateUser($userLogin, $userPass) { $passdata = UserPass::makeUserPassHash($userPass); $query = 'UPDATE usrData SET ' . 'user_pass = :pass,' . 'user_hashSalt = :salt,' . 'user_lastUpdate = NOW(),' . 'user_isMigrate = 0 ' . 'WHERE user_login = :login ' . 'AND user_isMigrate = 1 ' . 'AND (user_pass = SHA1(CONCAT(user_hashSalt,:passOld)) ' . 'OR user_pass = MD5(:passOldMd5)) LIMIT 1'; $data['pass'] = $passdata['pass']; $data['salt'] = $passdata['salt']; $data['login'] = $userLogin; $data['passOld'] = $userPass; $data['passOldMd5'] = $userPass; if (DB::getQuery($query, __FUNCTION__, $data) === false) { return false; } $log = new Log(__FUNCTION__); $log->addDescription(_('Usuario actualizado')); $log->addDescription('Login: ' . $userLogin); $log->writeLog(); Email::sendEmail($log); return true; }
/** * Enviar un email utilizando la clase PHPMailer. * * @param Log $log con el objeto del tipo Log * @param string $mailTo con el destinatario * @param bool $isEvent para indicar si es um * @return bool */ public static function sendEmail(Log $log, $mailTo = '', $isEvent = true) { if (!Util::mailIsEnabled()) { return false; } $mail = self::getEmailObject($mailTo, utf8_decode($log->getAction())); if (!is_object($mail)) { return false; } $mail->isHTML(); $log->setNewLineHtml(true); if ($isEvent === true) { $performer = Session::getUserLogin() ? Session::getUserLogin() : _('N/D'); $body[] = Html::strongText(_('Acción') . ": ") . utf8_decode($log->getAction()); $body[] = Html::strongText(_('Realizado por') . ": ") . $performer . ' (' . $_SERVER['REMOTE_ADDR'] . ')'; $mail->addCC(Config::getValue('mail_from')); } $body[] = utf8_decode($log->getDescription()); $body[] = ''; $body[] = '--'; $body[] = Util::getAppInfo('appname') . ' - ' . Util::getAppInfo('appdesc'); $body[] = Html::anchorText(Init::$WEBURI); $mail->Body = implode(Log::NEWLINE_HTML, $body); $sendMail = $mail->send(); $logEmail = new Log(_('Enviar Email')); // Enviar correo if ($sendMail) { $logEmail->addDescription(_('Correo enviado')); } else { $logEmail->addDescription(_('Error al enviar correo')); $logEmail->addDescription('ERROR: ' . $mail->ErrorInfo); } $logEmail->addDescription(_('Destinatario') . ': ' . $mailTo); if ($isEvent === true) { $logEmail->addDescription(_('CC') . ': ' . Config::getValue('mail_from')); } $logEmail->writeLog(); return $sendMail; }
/** * Guardar un parámetro de configuración en la BBDD. * * @param string $param con el parámetro a guardar * @param string $value con el valor a guardar * @param bool $email enviar email? * @return bool */ public static function setValue($param, $value, $email = true) { $query = "INSERT INTO config " . "SET config_parameter = :param," . "config_value = :value " . "ON DUPLICATE KEY UPDATE config_value = :valuedup"; $data['param'] = $param; $data['value'] = $value; $data['valuedup'] = $value; if (DB::getQuery($query, __FUNCTION__, $data) === false) { return false; } $log = new Log(_('Configuración')); $log->addDescription(_('Modificar configuración')); $log->addDescription(_('Parámetro') . ': ' . $param); $log->addDescription(_('Valor') . ': ' . $value); $log->writeLog(); if ($email === true) { Email::sendEmail($log); } return true; }
/** * Proceso para la recuperación de clave. * * @param string $login con el login del usuario * @param string $email con el email del usuario * @return bool */ public static function mailPassRecover($login, $email) { if (UserUtil::checkUserMail($login, $email) && !UserUtil::checkUserIsDisabled($login) && !UserLdap::checkUserIsLDAP($login) && !UserPassRecover::checkPassRecoverLimit($login)) { $hash = Util::generate_random_bytes(); $log = new Log(_('Cambio de Clave')); $log->addDescription(Html::strongText(_('Se ha solicitado el cambio de su clave de usuario.'))); $log->addDescription(); $log->addDescription(_('Para completar el proceso es necesario que acceda a la siguiente URL:')); $log->addDescription(); $log->addDescription(Html::anchorText(Init::$WEBURI . '/index.php?a=passreset&h=' . $hash . '&t=' . time())); $log->addDescription(''); $log->addDescription(_('Si no ha solicitado esta acción, ignore este mensaje.')); return Email::sendEmail($log, $email, false) && UserPassRecover::addPassRecover($login, $hash); } else { return false; } }
/** * Actualizar los datos encriptados con una nueva clave * * @param string $currentMasterPass La clave maestra actual * @param string $newMasterPassword La nueva clave maestra * @return bool * @throws SPException */ public static function updateCustomFieldsCrypt($currentMasterPass, $newMasterPassword) { $Log = new Log(); $Log->setAction(_('Campos Personalizados')); $query = 'SELECT customfielddata_id, customfielddata_data, customfielddata_iv FROM customFieldsData'; DB::setReturnArray(); $queryRes = DB::getResults($query, __FUNCTION__); if ($queryRes === false) { $Log->addDescription(_('Fin')); $Log->writeLog(); return true; } $Log->addDescription(_('Actualizando datos encriptados')); $Log->writeLog(true); $errors = array(); $success = array(); foreach ($queryRes as $customField) { $fieldData = Crypt::getDecrypt($customField->customfielddata_data, $customField->customfielddata_iv, $currentMasterPass); $fieldCryptData = Crypt::encryptData($fieldData, $newMasterPassword); $query = 'UPDATE customFieldsData SET ' . 'customfielddata_data = :data, ' . 'customfielddata_iv = :iv ' . 'WHERE customfielddata_id = :id '; $data['id'] = $customField->customfielddata_id; $data['data'] = $fieldCryptData['data']; $data['iv'] = $fieldCryptData['iv']; if (DB::getQuery($query, __FUNCTION__, $data) === false) { $errors[] = $customField->customfielddata_id; } else { $success[] = $customField->customfielddata_id; } } if (count($errors) > 0) { $Log->addDescription(_('Registros no actualizados') . ': ' . implode(',', $errors)); $Log->writeLog(true); } if (count($success) > 0) { $Log->addDescription(_('Registros actualizados') . ': ' . implode(',', $success)); $Log->writeLog(true); } $Log->addDescription(_('Fin')); $Log->writeLog(); return count($errors) === 0; }
/** * Actualiza la BBDD según la versión. * * @param int $version con la versión a actualizar * @returns bool */ private static function upgradeTo($version) { $log = new Log(_('Actualizar BBDD')); switch ($version) { case 110: $queries[] = 'ALTER TABLE `accFiles` CHANGE COLUMN `accfile_name` `accfile_name` VARCHAR(100) NOT NULL'; $queries[] = 'ALTER TABLE `accounts` ADD COLUMN `account_otherGroupEdit` BIT(1) NULL DEFAULT 0 AFTER `account_dateEdit`, ADD COLUMN `account_otherUserEdit` BIT(1) NULL DEFAULT 0 AFTER `account_otherGroupEdit`;'; $queries[] = 'CREATE TABLE `accUsers` (`accuser_id` INT NOT NULL AUTO_INCREMENT,`accuser_accountId` INT(10) UNSIGNED NOT NULL,`accuser_userId` INT(10) UNSIGNED NOT NULL, PRIMARY KEY (`accuser_id`), INDEX `idx_account` (`accuser_accountId` ASC)) DEFAULT CHARSET=utf8;'; $queries[] = 'ALTER TABLE `accHistory` ADD COLUMN `accHistory_otherUserEdit` BIT NULL AFTER `acchistory_mPassHash`, ADD COLUMN `accHistory_otherGroupEdit` VARCHAR(45) NULL AFTER `accHistory_otherUserEdit`;'; $queries[] = 'ALTER TABLE `accFiles` CHANGE COLUMN `accfile_type` `accfile_type` VARCHAR(100) NOT NULL ;'; break; case 1121: $queries[] = 'ALTER TABLE `categories` ADD COLUMN `category_description` VARCHAR(255) NULL AFTER `category_name`;'; $queries[] = 'ALTER TABLE `usrProfiles` ADD COLUMN `userProfile_pAppMgmtMenu` BIT(1) NULL DEFAULT b\'0\' AFTER `userProfile_pUsersMenu`,CHANGE COLUMN `userProfile_pConfigCategories` `userProfile_pAppMgmtCategories` BIT(1) NULL DEFAULT b\'0\' AFTER `userProfile_pAppMgmtMenu`,ADD COLUMN `userProfile_pAppMgmtCustomers` BIT(1) NULL DEFAULT b\'0\' AFTER `userProfile_pAppMgmtCategories`;'; break; case 1122: $queries[] = 'ALTER TABLE `usrData` CHANGE COLUMN `user_login` `user_login` VARCHAR(50) NOT NULL ,CHANGE COLUMN `user_email` `user_email` VARCHAR(80) NULL DEFAULT NULL ;'; break; case 1123: $queries[] = 'CREATE TABLE `usrPassRecover` (`userpassr_id` INT UNSIGNED NOT NULL AUTO_INCREMENT, `userpassr_userId` SMALLINT UNSIGNED NOT NULL,`userpassr_hash` VARBINARY(40) NOT NULL,`userpassr_date` INT UNSIGNED NOT NULL,`userpassr_used` BIT(1) NOT NULL DEFAULT b\'0\', PRIMARY KEY (`userpassr_id`),INDEX `IDX_userId` (`userpassr_userId` ASC, `userpassr_date` ASC)) DEFAULT CHARSET=utf8;'; $queries[] = 'ALTER TABLE `log` ADD COLUMN `log_ipAddress` VARCHAR(45) NOT NULL AFTER `log_userId`;'; $queries[] = 'ALTER TABLE `usrData` ADD COLUMN `user_isChangePass` BIT(1) NULL DEFAULT b\'0\' AFTER `user_isMigrate`;'; break; case 11213: $queries[] = 'ALTER TABLE `usrData` CHANGE COLUMN `user_mPass` `user_mPass` VARBINARY(32) NULL DEFAULT NULL ,CHANGE COLUMN `user_lastLogin` `user_lastLogin` DATETIME NULL DEFAULT NULL ,CHANGE COLUMN `user_lastUpdate` `user_lastUpdate` DATETIME NULL DEFAULT NULL, CHANGE COLUMN `user_mIV` `user_mIV` VARBINARY(32) NULL ;'; $queries[] = 'ALTER TABLE `accounts` CHANGE COLUMN `account_login` `account_login` VARCHAR(50) NULL DEFAULT NULL ;'; break; case 11219: $queries[] = 'ALTER TABLE `accounts` CHANGE COLUMN `account_pass` `account_pass` VARBINARY(255) NOT NULL ;'; $queries[] = 'ALTER TABLE `accHistory` CHANGE COLUMN `acchistory_pass` `acchistory_pass` VARBINARY(255) NOT NULL ;'; break; case 11220: $queries[] = 'ALTER TABLE `usrData` CHANGE COLUMN `user_pass` `user_pass` VARBINARY(255) NOT NULL,CHANGE COLUMN `user_mPass` `user_mPass` VARBINARY(255) DEFAULT NULL ;'; break; case 12001: $queries[] = 'ALTER TABLE `accounts` CHANGE COLUMN `account_userEditId` `account_userEditId` TINYINT(3) UNSIGNED NULL DEFAULT NULL, CHANGE COLUMN `account_dateEdit` `account_dateEdit` DATETIME NULL DEFAULT NULL;'; $queries[] = 'ALTER TABLE `accHistory` CHANGE COLUMN `acchistory_userEditId` `acchistory_userEditId` TINYINT(3) UNSIGNED NULL DEFAULT NULL, CHANGE COLUMN `acchistory_dateEdit` `acchistory_dateEdit` DATETIME NULL DEFAULT NULL;'; $queries[] = 'ALTER TABLE `accHistory` CHANGE COLUMN `accHistory_otherGroupEdit` `accHistory_otherGroupEdit` BIT NULL DEFAULT b\'0\';'; $queries[] = 'ALTER TABLE `usrProfiles` ADD COLUMN `userProfile_profile` BLOB NOT NULL;'; $queries[] = 'ALTER TABLE `usrData` ADD `user_preferences` BLOB NULL;'; $queries[] = 'CREATE TABLE usrToGroups (usertogroup_id INT UNSIGNED PRIMARY KEY NOT NULL AUTO_INCREMENT,usertogroup_userId INT UNSIGNED NOT NULL,usertogroup_groupId INT UNSIGNED NOT NULL) DEFAULT CHARSET=utf8;'; $queries[] = 'CREATE INDEX IDX_accountId ON usrToGroups (usertogroup_userId)'; $queries[] = 'ALTER TABLE `accFiles` ADD `accFile_thumb` BLOB NULL;'; $queries[] = 'CREATE TABLE `authTokens` (`authtoken_id` int(11) NOT NULL AUTO_INCREMENT,`authtoken_userId` int(11) NOT NULL,`authtoken_token` varbinary(100) NOT NULL,`authtoken_actionId` smallint(5) unsigned NOT NULL,`authtoken_createdBy` smallint(5) unsigned NOT NULL,`authtoken_startDate` int(10) unsigned NOT NULL,PRIMARY KEY (`authtoken_id`),UNIQUE KEY `unique_authtoken_id` (`authtoken_id`),KEY `IDX_checkToken` (`authtoken_userId`,`authtoken_actionId`,`authtoken_token`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;'; $queries[] = 'CREATE TABLE `customFieldsDef` (`customfielddef_id` int(10) unsigned NOT NULL AUTO_INCREMENT, `customfielddef_module` smallint(5) unsigned NOT NULL, `customfielddef_field` blob NOT NULL, PRIMARY KEY (`customfielddef_id`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;'; $queries[] = 'CREATE TABLE `customFieldsData` (`customfielddata_id` int(10) unsigned NOT NULL AUTO_INCREMENT,`customfielddata_moduleId` smallint(5) unsigned NOT NULL,`customfielddata_itemId` int(10) unsigned NOT NULL,`customfielddata_defId` int(10) unsigned NOT NULL,`customfielddata_data` longblob,`customfielddata_iv` varbinary(128) DEFAULT NULL, PRIMARY KEY (`customfielddata_id`), KEY `IDX_DEFID` (`customfielddata_defId`), KEY `IDX_DELETE` (`customfielddata_itemId`,`customfielddata_moduleId`), KEY `IDX_UPDATE` (`customfielddata_moduleId`,`customfielddata_itemId`,`customfielddata_defId`), KEY `IDX_ITEM` (`customfielddata_itemId`), KEY `IDX_MODULE` (`customfielddata_moduleId`)) ENGINE=InnoDB DEFAULT CHARSET=utf8;'; break; case 12002: $queries[] = 'ALTER TABLE config CHANGE config_value config_value VARCHAR(255);'; $queries[] = 'ALTER TABLE usrData CHANGE user_pass user_pass VARBINARY(255);'; $queries[] = 'ALTER TABLE usrData CHANGE user_hashSalt user_hashSalt VARBINARY(128);'; $queries[] = 'ALTER TABLE accHistory CHANGE acchistory_mPassHash acchistory_mPassHash VARBINARY(255);'; break; default: $log->addDescription(_('No es necesario actualizar la Base de Datos.')); return true; } foreach ($queries as $query) { try { DB::getQuery($query, __FUNCTION__); } catch (SPException $e) { $log->addDescription(_('Error al aplicar la actualización de la Base de Datos.') . ' (v' . $version . ')'); $log->addDescription('ERROR: ' . $e->getMessage() . ' (' . $e->getCode() . ')'); $log->writeLog(); Email::sendEmail($log); return false; } } $log->addDescription(_('Actualización de la Base de Datos realizada correctamente.') . ' (v' . $version . ')'); $log->writeLog(); Email::sendEmail($log); return true; }
/** * Migrar la configuración desde phpPMS. * * @return array resultado */ private static function migrateConfig() { // Obtener la configuración actual self::getSourceConfig(); $skip = array('version', 'installed', 'install', 'dbhost', 'dbname', 'dbuser', 'dbpass', 'siteroot', 'sitelang', 'sitename', 'siteshortname', 'md5_pass', 'password_show', 'lastupdatempass', 'passwordsalt'); $totalParams = count(self::$_oldConfig); $num = 0; // Guardar la nueva configuración foreach (self::$_oldConfig as $key => $value) { if (array_key_exists($key, $skip)) { continue; } Config::setValue($key, $value); $num++; } $log = new Log(_('Importar Configuración')); $log->addDescription('OK'); $log->addDescription(_('Registros') . ': ' . $num . '/' . $totalParams); $log->writeLog(); }
/** * Actualiza la clave de una cuenta en la BBDD. * * @param bool $isMassive para no actualizar el histórico ni enviar mensajes * @param bool $isRestore indica si es una restauración * @return bool */ public function updateAccountPass($isMassive = false, $isRestore = false) { $Log = new Log(__FUNCTION__); // No actualizar el histórico si es por cambio de clave maestra o restauración if (!$isMassive && !$isRestore) { // Guardamos una copia de la cuenta en el histórico if (!AccountHistory::addHistory($this->getAccountId(), false)) { $Log->addDescription(_('Error al actualizar el historial')); $Log->writeLog(); return false; } } $query = 'UPDATE accounts SET ' . 'account_pass = :accountPass,' . 'account_IV = :accountIV,' . 'account_userEditId = :accountUserEditId,' . 'account_dateEdit = NOW() ' . 'WHERE account_id = :accountId'; $data['accountPass'] = $this->getAccountPass(); $data['accountIV'] = $this->getAccountIV(); $data['accountUserEditId'] = $this->getAccountUserEditId(); $data['accountId'] = $this->getAccountId(); if (DB::getQuery($query, __FUNCTION__, $data) === false) { return false; } // No escribir en el log ni enviar correos si la actualización es // por cambio de clave maestra o restauración if (!$isMassive && !$isRestore) { $accountInfo = array('customer_name', 'account_name'); $this->getAccountInfoById($accountInfo); $Log->setAction(_('Modificar Clave')); $Log->addDescription(Html::strongText(_('Cliente') . ': ') . $this->_cacheParams['customer_name']); $Log->addDescription(Html::strongText(_('Cuenta') . ': ') . $this->_cacheParams['account_name'] . " (" . $this->getAccountId() . ")"); $Log->writeLog(); Email::sendEmail($Log); } return true; }
/** * Método para registar los eventos de BD en el log * * @param $query string La consulta que genera el error * @param $errorMsg string El mensaje de error * @param $errorCode int El código de error */ private static function logDBException($query, $errorMsg, $errorCode, $querySource) { $Log = new Log($querySource); $Log->addDescription($errorMsg . '(' . $errorCode . ')'); $Log->addDescription("SQL: " . self::escape($query)); $Log->writeLog(); error_log($query); error_log($errorMsg); }
/** * Buscar al usuario en un grupo. * * @param string $userDN con el RDN del usuario * @throws \Exception * @return bool */ public static function searchUserInGroup($userDN) { $log = new Log(__FUNCTION__); $ldapGroup = Config::getValue('ldap_group'); // Comprobar el filtro de grupo y obtener el nombre if (empty($ldapGroup) || !($groupDN = self::getGroupName())) { return true; } $userDN = self::escapeLdapDN($userDN); $filter = '(&(cn=' . $groupDN . ')(|(member=' . $userDN . ')(uniqueMember=' . $userDN . '))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=group)))'; $filterAttr = array("member", "uniqueMember"); $searchRes = @ldap_search(self::$_ldapConn, self::$_searchBase, $filter, $filterAttr); if (!$searchRes) { $log->addDescription(_('Error al buscar el grupo de usuarios')); $log->addDescription(sprintf('%s: %s', _('Grupo'), $ldapGroup)); $log->addDescription(sprintf('LDAP ERROR: %s (%d)', ldap_error(self::$_ldapConn), ldap_errno(self::$_ldapConn))); $log->addDescription('LDAP FILTER: ' . $filter); $log->writeLog(); throw new \Exception(_('Error al buscar el grupo de usuarios')); } if (@ldap_count_entries(self::$_ldapConn, $searchRes) === 0) { return false; } $log->addDescription(_('Usuario verificado en grupo')); $log->writeLog(); return true; }
/** * Actualiza las claves de todas las cuentas en el histórico con la nueva clave maestra. * * @param string $currentMasterPass con la clave maestra actual * @param string $newMasterPass con la nueva clave maestra * @param string $newHash con el nuevo hash de la clave maestra * @return bool */ public function updateAccountsMasterPass($currentMasterPass, $newMasterPass, $newHash = null) { $idOk = array(); $errorCount = 0; $demoEnabled = Util::demoIsEnabled(); $log = new Log(_('Actualizar Clave Maestra (H)')); $log->addDescription(_('Inicio')); $log->writeLog(); $log->resetDescription(); if (!Crypt::checkCryptModule()) { $log->addDescription(_('Error en el módulo de encriptación')); $log->writeLog(); return false; } $accountsPass = $this->getAccountsPassData(); if (!$accountsPass) { $log->addDescription(_('Error al obtener las claves de las cuentas')); $log->writeLog(); return false; } foreach ($accountsPass as $account) { $this->setAccountId($account->acchistory_id); // No realizar cambios si está en modo demo if ($demoEnabled) { $idOk[] = $account->acchistory_id; continue; } if (!$this->checkAccountMPass()) { $errorCount++; $log->addDescription(_('La clave maestra del registro no coincide') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name); continue; } if (strlen($account->acchistory_pass) === 0) { $log->addDescription(_('Clave de cuenta vacía') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name); continue; } if (strlen($account->acchistory_IV) < 32) { $log->addDescription(_('IV de encriptación incorrecto') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name); } $decryptedPass = Crypt::getDecrypt($account->acchistory_pass, $account->acchistory_IV); $this->setAccountPass(Crypt::mkEncrypt($decryptedPass, $newMasterPass)); $this->setAccountIV(Crypt::$strInitialVector); if ($this->getAccountPass() === false) { $errorCount++; $log->addDescription(_('No es posible desencriptar la clave de la cuenta') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name); continue; } if (!$this->updateAccountPass($account->acchistory_id, $newHash)) { $errorCount++; $log->addDescription(_('Fallo al actualizar la clave del histórico') . ' (' . $account->acchistory_id . ') ' . $account->acchistory_name); continue; } $idOk[] = $account->acchistory_id; } // Vaciar el array de mensaje de log if (count($log->getDescription()) > 0) { $log->writeLog(); $log->resetDescription(); } if ($idOk) { $log->addDescription(_('Registros actualizados') . ': ' . implode(',', $idOk)); $log->writeLog(); $log->resetDescription(); } $log->addDescription(_('Fin')); $log->writeLog(); return true; }
/** * Obtener los datos de las entradas de sysPass y crearlas * * @throws SPException */ protected function processAccounts() { $line = 0; $lines = $this->_file->getFileContent(); foreach ($lines as $data) { $line++; $fields = explode($this->_fieldDelimiter, $data); $numfields = count($fields); // Comprobar el número de campos de la línea if ($numfields !== $this->_numFields) { throw new SPException(SPException::SP_CRITICAL, sprintf(_('El número de campos es incorrecto (%d)'), $numfields), sprintf(_('Compruebe el formato del archivo CSV en línea %s'), $line)); } // Eliminar las " del principio/fin de los campos array_walk($fields, function (&$value, $key) { $value = trim($value, '"'); }); // Asignar los valores del array a variables list($accountName, $customerName, $categoryName, $url, $login, $password, $notes) = $fields; // Obtener los ids de cliente, categoría y la clave encriptada $customerId = Customer::addCustomerReturnId($customerName); $categoryId = Category::addCategoryReturnId($categoryName); $pass = Crypt::encryptData($password); // Crear la nueva cuenta $this->setAccountName($accountName); $this->setAccountLogin($login); $this->setCategoryId($categoryId); $this->setCustomerId($customerId); $this->setAccountNotes($notes); $this->setAccountUrl($url); $this->setAccountPass($pass['data']); $this->setAccountPassIV($pass['iv']); if (!$this->addAccount()) { $log = new Log(_('Importar Cuentas')); $log->addDescription(_('Error importando cuenta')); $log->addDescription(sprintf(_('Error procesando línea %s'), $line)); $log->writeLog(); } else { Log::writeNewLog(_('Importar Cuentas'), sprintf(_('Cuenta importada: %s'), $accountName)); } } }
/** * Buscar al usuario en un grupo. * * @param string $userLogin con el login del usuario * @throws \Exception * @return bool */ public static function searchADUserInGroup($userLogin) { if (Ldap::$_isADS === false) { return false; } $log = new Log(__FUNCTION__); $ldapGroup = Config::getValue('ldap_group'); // El filtro de grupo no está establecido if (empty($ldapGroup)) { return true; } // Obtenemos el DN del grupo if (!($groupDN = Ldap::searchGroupDN())) { return false; } $filter = '(memberof:1.2.840.113556.1.4.1941:=' . $groupDN . ')'; $filterAttr = array("sAMAccountName"); $searchRes = @ldap_search(Ldap::$_ldapConn, Ldap::$_searchBase, $filter, $filterAttr); if (!$searchRes) { $log->addDescription(_('Error al buscar el grupo de usuarios')); $log->addDescription('LDAP ERROR: ' . ldap_error(Ldap::$_ldapConn) . '(' . ldap_errno(Ldap::$_ldapConn) . ')'); $log->addDescription('LDAP FILTER: ' . $filter); $log->writeLog(); throw new \Exception(_('Error al buscar el grupo de usuarios')); } if (@ldap_count_entries(Ldap::$_ldapConn, $searchRes) === 0) { $log->addDescription(_('No se encontró el grupo con ese nombre')); $log->addDescription('LDAP ERROR: ' . ldap_error(Ldap::$_ldapConn) . '(' . ldap_errno(Ldap::$_ldapConn) . ')'); $log->addDescription('LDAP FILTER: ' . $filter); $log->writeLog(); throw new \Exception(_('No se encontró el grupo con ese nombre')); } foreach (ldap_get_entries(Ldap::$_ldapConn, $searchRes) as $entry) { if ($userLogin === $entry['samaccountname'][0]) { return true; } } return false; }
/** * Eliminar un grupo. * * @return bool */ public static function deleteGroup() { $groupName = self::getGroupNameById(self::$groupId); $query = 'DELETE FROM usrGroups WHERE usergroup_id = :id LIMIT 1'; $data['id'] = self::$groupId; if (DB::getQuery($query, __FUNCTION__, $data) === false) { return false; } self::$queryLastId = DB::$lastId; $Log = new Log(_('Eliminar Grupo')); if (!Groups::deleteUsersForGroup(self::$groupId)) { $Log->addDescription(_('Error al eliminar los usuarios del grupo')); } $Log->addDescription(sprintf('%s : %s', Html::strongText(_('Grupo')), $groupName)); $Log->writeLog(); Email::sendEmail($Log); return true; }
/** * Modificar un usuario. * * @return bool */ public function updateUser() { $query = 'UPDATE usrData SET ' . 'user_name = :name,' . 'user_login = :login,' . 'user_email = :email,' . 'user_notes = :notes,' . 'user_groupId = :groupId,' . 'user_profileId = :profileId,' . 'user_isAdminApp = :isAdminApp,' . 'user_isAdminAcc = :isAdminAcc,' . 'user_isDisabled = :isDisabled,' . 'user_isChangePass = :isChangePass,' . 'user_lastUpdate = NOW() ' . 'WHERE user_id = :id LIMIT 1'; $data['name'] = $this->_userName; $data['login'] = $this->_userLogin; $data['email'] = $this->_userEmail; $data['notes'] = $this->_userNotes; $data['groupId'] = $this->_userGroupId; $data['profileId'] = $this->_userProfileId; $data['isAdminApp'] = intval($this->_userIsAdminApp); $data['isAdminAcc'] = intval($this->_userIsAdminAcc); $data['isDisabled'] = intval($this->_userIsDisabled); $data['isChangePass'] = intval($this->_userChangePass); $data['id'] = $this->_userId; if (DB::getQuery($query, __FUNCTION__, $data) === false) { return false; } $this->queryLastId = DB::$lastId; $Log = new Log(_('Modificar Usuario')); $Log->addDescription(sprintf('%s: %s (%s)', Html::strongText(_('Usuario')), $this->_userName, $this->_userLogin)); if ($this->_userChangePass) { if (!Auth::mailPassRecover(DB::escape($this->_userLogin), DB::escape($this->_userEmail))) { $Log->addDescription(Html::strongText(_('No se pudo realizar la petición de cambio de clave.'))); } } $Log->writeLog(); Email::sendEmail($Log); return true; }
/** * Eliminar un archivo de la BBDD. * * @param int $fileId con el Id del archivo * @return bool */ public static function fileDelete($fileId) { $fileInfo = self::getFileInfo($fileId); // Eliminamos el archivo de la BBDD $query = 'DELETE FROM accFiles WHERE accfile_id = :id LIMIT 1'; $data['id'] = $fileId; if (DB::getQuery($query, __FUNCTION__, $data) === true) { $log = new Log(_('Eliminar Archivo')); $log->addDescription(_('ID') . ": " . $fileId); $log->addDescription(_('Archivo') . ": " . $fileInfo->accfile_name); $log->addDescription(_('Tipo') . ": " . $fileInfo->accfile_type); $log->addDescription(_('Tamaño') . ": " . round($fileInfo->accfile_size / 1024, 2) . " KB"); $log->writeLog(); Email::sendEmail($log); return true; } return false; }