ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSecuritySettings.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ilSecuritySettings
35 {
36  public static $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1;
37  public static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2;
38  public static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3;
39 
40  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4;
41  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5;
42  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6;
43  const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7;
44  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8;
45  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9;
46  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10;
47 
48 
49  const ACCOUNT_SECURITY_MODE_DEFAULT = 1;
50  const ACCOUNT_SECURITY_MODE_CUSTOMIZED = 2;
51 
52 
53  private static $instance = null;
54  private $db;
55  private $settings;
56 
57  private $https_header_enable;
58  private $https_header_name;
59  private $https_header_value;
60  private $https_enable;
61 
62  private $account_security_mode = self::ACCOUNT_SECURITY_MODE_DEFAULT;
63  private $password_chars_and_numbers_enabled = false;
64  private $password_special_chars_enabled = false;
65  private $password_min_length = 0;
66  private $password_max_length = 0;
67  private $password_max_age = 0;
68  private $login_max_attempts = 0;
69 
70  private $password_change_on_first_login_enabled = false;
71 
79  private function __construct()
80  {
81 
82  global $ilSetting,$ilDB;
83 
84  $this->db = $ilDB;
85  $this->settings = $ilSetting;
86 
87  $this->read();
88  }
89 
97  public static function _getInstance()
98  {
99  if(is_object(self::$instance))
100  {
101  return self::$instance;
102  }
103  return self::$instance = new ilSecuritySettings();
104  }
105 
106  public function getSecuritySettingsRefId()
107  {
108  return $this->ref_id;
109  }
110 
111 
112 
113 
114 
121  public function setAccountSecurityMode($a_mode)
122  {
123  $this->account_security_mode = $a_mode;
124  }
125 
132  public function getAccountSecurityMode()
133  {
134  return $this->account_security_mode;
135  }
136 
144  public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
145  {
146  $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
147  }
148 
156  public function isPasswordCharsAndNumbersEnabled()
157  {
158  return $this->password_chars_and_numbers_enabled;
159  }
160 
168  public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
169  {
170  $this->password_special_chars_enabled = $a_password_special_chars_enabled;
171  }
172 
180  public function isPasswordSpecialCharsEnabled()
181  {
182  return $this->password_special_chars_enabled;
183  }
184 
190  public function setPasswordMinLength($a_password_min_length)
191  {
192  $this->password_min_length = $a_password_min_length;
193  }
194 
200  public function getPasswordMinLength()
201  {
202  return $this->password_min_length;
203  }
204 
210  public function setPasswordMaxLength($a_password_max_length)
211  {
212  $this->password_max_length = $a_password_max_length;
213  }
214 
220  public function getPasswordMaxLength()
221  {
222  return $this->password_max_length;
223  }
224 
230  public function setPasswordMaxAge($a_password_max_age)
231  {
232  $this->password_max_age = $a_password_max_age;
233  }
234 
240  public function getPasswordMaxAge()
241  {
242  return $this->password_max_age;
243  }
244 
250  public function setLoginMaxAttempts($a_login_max_attempts)
251  {
252  $this->login_max_attempts = $a_login_max_attempts;
253  }
254 
260  public function getLoginMaxAttempts()
261  {
262  return $this->login_max_attempts;
263  }
264 
271  public function setAutomaticHTTPSEnabled($varname)
272  {
273  $this->https_header_enable = $varname;
274  }
275 
281  public function setAutomaticHTTPSHeaderName($varname)
282  {
283  $this->https_header_name = $varname;
284  }
285 
291  public function setAutomaticHTTPSHeaderValue($varname)
292  {
293  $this->https_header_value = $varname;
294  }
295 
301  public function getAutomaticHTTPSHeaderName()
302  {
303  return $this->https_header_name;
304  }
305 
311  public function getAutomaticHTTPSHeaderValue()
312  {
313  return $this->https_header_value;
314  }
315 
321  public function isAutomaticHTTPSEnabled()
322  {
323  return $this->https_header_enable;
324  }
325 
331  public function setHTTPSEnabled ($value)
332  {
333  $this->https_enable = $value;
334  }
335 
341  public function isHTTPSEnabled ()
342  {
343  return $this->https_enable;
344  }
345 
353  public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
354  {
355  $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
356  }
357 
365  public function isPasswordChangeOnFirstLoginEnabled()
366  {
367  return $this->password_change_on_first_login_enabled;
368  }
369 
375  public function save()
376  {
377  $this->settings->set('ps_auto_https_enabled',(bool) $this->isAutomaticHTTPSEnabled());
378  $this->settings->set('ps_auto_https_headername',(string) $this->getAutomaticHTTPSHeaderName());
379  $this->settings->set('ps_auto_https_headervalue',(string) $this->getAutomaticHTTPSHeaderValue());
380  $this->settings->set('https',(string) $this->isHTTPSEnabled());
381 
382  $this->settings->set('ps_account_security_mode',(int) $this->getAccountSecurityMode());
383  $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
384  $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
385  $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
386  $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
387  $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
388  $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
389 
390  $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
391  }
399  private function read()
400  {
401  global $ilDB;
402 
403  $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
404  "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID)." ".
405  "AND object_data.type = 'ps' ".
406  "AND object_reference.ref_id = tree.child ".
407  "AND object_reference.obj_id = object_data.obj_id";
408  $res = $this->db->query($query);
409  $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
410  $this->ref_id = $row["ref_id"];
411 
412  $this->https_header_enable = (bool) $this->settings->get('ps_auto_https_enabled',false);
413  $this->https_header_name = (string) $this->settings->get('ps_auto_https_headername',"ILIAS_HTTPS_ENABLED");
414  $this->https_header_value = (string) $this->settings->get('ps_auto_https_headervalue',"1");
415  $this->https_enable = (boolean) $this->settings->get('https', false);
416 
417  $this->account_security_mode = (int) $this->settings->get('ps_account_security_mode',0);
418  $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled',false);
419  $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled',false);
420  $this->password_min_length = (int) $this->settings->get('ps_password_min_length',0);
421  $this->password_max_length = (int) $this->settings->get('ps_password_max_length',0);
422  $this->password_max_age = (int) $this->settings->get('ps_password_max_age',0);
423  $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts',0);
424 
425  $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled',false);
426  }
427 
433  public function validate()
434  {
435  if ($this->isAutomaticHTTPSEnabled() &&
436  (strlen($this->getAutomaticHTTPSHeaderName()) == 0 ||
437  strlen($this->getAutomaticHTTPSHeaderValue()) == 0)
438  )
439  {
440  return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
441  }
442  include_once './classes/class.ilHTTPS.php';
443 
444  if ($this->isHTTPSEnabled())
445  {
446  if(!ilHTTPS::_checkHTTPS())
447  {
448  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
449  }
450  } elseif(!ilHTTPS::_checkHTTP())
451  {
452  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
453  }
454 
455  if( $this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED )
456  {
457  if( $this->getPasswordMinLength() < 0 )
458  {
459  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
460  }
461 
462  if( $this->getPasswordMaxLength() < 0 )
463  {
464  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
465  }
466 
467  $password_min_length = 1;
468  if( $this->isPasswordCharsAndNumbersEnabled() )
469  {
470  $password_min_length++;
471  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
472 
473  if( $this->isPasswordSpecialCharsEnabled() )
474  {
475  $password_min_length++;
476  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
477  }
478  }
479  if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
480  {
481  return $password_min_length_error_code;
482  }
483  if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
484  {
485  return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
486  }
487 
488  if( $this->getPasswordMaxAge() < 0 )
489  {
490  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
491  }
492 
493  if( $this->getLoginMaxAttempts() < 0 )
494  {
495  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
496  }
497  }
498 
499  /*
500  * todo: have to check for local auth if first login password change is enabled??
501  * than: add errorcode
502  */
503 
504  return 0;
505  }
506 
507 
508 }
509 ?>