/**
* builds the security notes while checking some security issues
* these notes should be displayed!
*
* @return array returns the security issues, or null if none found!
* @author Andreas Morsing
*
* @internal rev :
**/
function getSecurityNotes(&$db)
{
$repository['type'] = config_get('repositoryType');
$repository['path'] = config_get('repositoryPath');
$securityNotes = null;
if (checkForInstallDir()) {
$securityNotes[] = lang_get("sec_note_remove_install_dir");
}
$authCfg = config_get('authentication');
if ('LDAP' == $authCfg['method']) {
if (!checkForLDAPExtension()) {
$securityNotes[] = lang_get("ldap_extension_not_loaded");
}
} else {
if (checkForAdminDefaultPwd($db)) {
$securityNotes[] = lang_get("sec_note_admin_default_pwd");
}
}
if (!checkForBTSConnection()) {
$securityNotes[] = lang_get("bts_connection_problems");
}
if ($repository['type'] == TL_REPOSITORY_TYPE_FS) {
$ret = checkForRepositoryDir($repository['path']);
if (!$ret['status_ok']) {
$securityNotes[] = $ret['msg'];
}
}
// Needed when schemas change has been done.
// This call can be removed when release is stable
$res = checkSchemaVersion($db);
$msg = $res['msg'];
if ($msg != "") {
$securityNotes[] = $msg;
}
$msg = checkEmailConfig();
if (!is_null($msg)) {
foreach ($msg as $detail) {
$securityNotes[] = $detail;
}
}
checkForExtensions($securityNotes);
if (!is_null($securityNotes)) {
$user_feedback = config_get('config_check_warning_mode');
switch ($user_feedback) {
case 'SCREEN':
break;
case 'FILE':
case 'SILENT':
$warnings = '';
$filename = config_get('log_path') . 'config_check.txt';
if (@($handle = fopen($filename, 'w'))) {
$warnings = implode("\n", $securityNotes);
@fwrite($handle, $warnings);
@fclose($handle);
}
$securityNotes = null;
if ($user_feedback == 'FILE') {
$securityNotes[] = sprintf(lang_get('config_check_warnings'), $filename);
}
break;
}
}
return $securityNotes;
}
/**
* doBlockingChecks
*
* wrong Schema version will BLOCK ANY login action
*
* @param &$dbHandler DataBase Handler
* @param &$guiObj some gui elements that will be used to give feedback
*
*/
function doBlockingChecks(&$dbHandler, &$guiObj)
{
$op = checkSchemaVersion($dbHandler);
if ($op['status'] < tl::OK) {
// Houston we have a problem
// This check to kill session was added to avoid following situation
// TestLink 1.9.5 installed
// Install TestLink 1.9.6 in another folder, pointing to same OLD DB
// you logged in TL 1.9.5 => session is created
// you try to login to 1.9.6, you get the Update DB Schema message but
// anyway because a LIVE AND VALID session you are allowed to login => BAD
if (isset($op['kill_session']) && $op['kill_session']) {
session_unset();
session_destroy();
}
$guiObj->note = $op['msg'];
renderLoginScreen($guiObj);
}
}
$gui->hint_text = $gui->link_to_op = '';
$smarty->assign('gui', $gui);
$smarty->display('workAreaSimple.tpl');
tLog('Connection fail page shown.', 'ERROR');
exit;
}
$args = init_args();
$gui = init_gui($db, $args);
switch ($args->action) {
case 'doLogin':
case 'ajaxlogin':
doSessionStart();
unset($_SESSION['basehref']);
setPaths();
// check if db scheme is up to date else deny login
$op = checkSchemaVersion($db);
// only try to authorize user if scheme version is OK
if ($op['status'] == tl::OK) {
$op = doAuthorize($db, $args->login, $args->pwd);
}
if ($op['status'] < tl::OK) {
$gui->note = is_null($op['msg']) ? lang_get('bad_user_passwd') : $op['msg'];
if ($args->action == 'ajaxlogin') {
echo json_encode(array('success' => false, 'reason' => $gui->note));
} else {
$doRender = true;
}
} else {
// Login successful, redirect to destination
$args->currentUser = $_SESSION['currentUser'];
logAuditEvent(TLS("audit_login_succeeded", $args->login, $_SERVER['REMOTE_ADDR']), "LOGIN", $args->currentUser->dbID, "users");
