Singleton class that stores all security settings. More...

Collaboration diagram for ilSecuritySettings:

Public Member Functions
	getSecuritySettingsRefId ()
	setAccountSecurityMode ($a_mode)
	set the account security mode
	getAccountSecurityMode ()
	get the account security mode
	setPasswordCharsAndNumbersEnabled ($a_chars_and_numbers_enabled)
	set if the passwords have to contain characters and numbers
	isPasswordCharsAndNumbersEnabled ()
	get boolean if the passwords have to contain characters and numbers
	setPasswordSpecialCharsEnabled ($a_password_special_chars_enabled)
	set if the passwords have to contain special characters
	isPasswordSpecialCharsEnabled ()
	get boolean if the passwords have to contain special characters
	setPasswordMinLength ($a_password_min_length)
	set the minimum length for passwords
	getPasswordMinLength ()
	get the minimum length for passwords
	setPasswordMaxLength ($a_password_max_length)
	set the maximum length for passwords
	getPasswordMaxLength ()
	get the maximum length for passwords
	setPasswordMaxAge ($a_password_max_age)
	set the maximum password age
	getPasswordMaxAge ()
	get the maximum password age
	setLoginMaxAttempts ($a_login_max_attempts)
	set the maximum count of login attempts
	getLoginMaxAttempts ()
	get the maximum count of login attempts
	setAutomaticHTTPSEnabled ($varname)
	write access to enable automatic https detection
	setAutomaticHTTPSHeaderName ($varname)
	set header name for automatic https detection
	setAutomaticHTTPSHeaderValue ($varname)
	set header value for automatic https detection
	getAutomaticHTTPSHeaderName ()
	read access to header name for automatic https detection
	getAutomaticHTTPSHeaderValue ()
	read access to header value for automatic https detection
	isAutomaticHTTPSEnabled ()
	read access to switch if automatic https detection is enabled
	setHTTPSEnabled ($value)
	Enable https for certain scripts.
	isHTTPSEnabled ()
	read access to https enabled property
	setPasswordChangeOnFirstLoginEnabled ($a_password_change_on_first_login_enabled)
	set if the passwords have to be changed by users on first login
	isPasswordChangeOnFirstLoginEnabled ()
	get boolean if the passwords have to be changed by users on first login
	save ()
	Save settings.
	validate ()
	validate settings
	isPreventionOfSimultaneousLoginsEnabled ()
	Prevention of simultaneous logins with the same account.
	setPreventionOfSimultaneousLogins ($value)
	Enable/Disable prevention of simultaneous logins with the same account.

Static Public Member Functions
static	_getInstance ()
	Get instance of ilSecuritySettings.

Data Fields
const	SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4
const	SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5
const	SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6
const	SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7
const	SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8
const	SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9
const	SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10
const	ACCOUNT_SECURITY_MODE_DEFAULT = 1
const	ACCOUNT_SECURITY_MODE_CUSTOMIZED = 2

Static Public Attributes
static	$SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1
static	$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2
static	$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3

Private Member Functions
	__construct ()
	Private constructor: use _getInstance()
	read ()
	read settings

Private Attributes
	$db
	$settings
	$https_header_enable
	$https_header_name
	$https_header_value
	$https_enable
	$account_security_mode = self::ACCOUNT_SECURITY_MODE_DEFAULT
	$password_chars_and_numbers_enabled = false
	$password_special_chars_enabled = false
	$password_min_length = 0
	$password_max_length = 0
	$password_max_age = 0
	$login_max_attempts = 0
	$password_change_on_first_login_enabled = false
	$prevent_simultaneous_logins = false

Static Private Attributes
static	$instance = null

Detailed Description

Singleton class that stores all security settings.

Author: Roland Küstermann rolan.nosp@m.d@ku.nosp@m.ester.nosp@m.mann.nosp@m..com

Version: $Id$

/

Definition at line 34 of file class.ilSecuritySettings.php.

Constructor & Destructor Documentation

ilSecuritySettings::__construct ( )

private

Private constructor: use _getInstance()

private

Parameters

Definition at line 81 of file class.ilSecuritySettings.php.

References $ilDB, $ilSetting, and read().

        {
                global $ilSetting,$ilDB;
                $this->db = $ilDB;
                $this->settings = $ilSetting;
                $this->read();
        }

Here is the call graph for this function:

Member Function Documentation

static ilSecuritySettings::_getInstance ( )

static

Get instance of ilSecuritySettings.

Returns: ilSecuritySettings instance public

Definition at line 99 of file class.ilSecuritySettings.php.

References $instance.

Referenced by ilUtil\generatePasswords(), ilUtil\getPasswordRequirementsInfo(), ilInitialisation\initILIAS(), ilUtil\isPassword(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\isPasswordExpired(), ilObjPrivacySecurityGUI\save_security(), ilObjPrivacySecurityGUI\showSecurity(), and ilObjUserGUI\updateObject().

        {
                if(is_object(self::$instance))
                {
                        return self::$instance;
                }
                return self::$instance = new ilSecuritySettings();
        }

Here is the caller graph for this function:

ilSecuritySettings::getAccountSecurityMode ( )

get the account security mode

Returns: integer account security mode

Definition at line 134 of file class.ilSecuritySettings.php.

References $account_security_mode.

Referenced by save(), and validate().

         {
                return $this->account_security_mode;
         }

Here is the caller graph for this function:

ilSecuritySettings::getAutomaticHTTPSHeaderName ( )

read access to header name for automatic https detection

Returns: string header name

Definition at line 303 of file class.ilSecuritySettings.php.

References $https_header_name.

Referenced by save(), and validate().

        {
            return $this->https_header_name;
        }

Here is the caller graph for this function:

ilSecuritySettings::getAutomaticHTTPSHeaderValue ( )

read access to header value for automatic https detection

Returns: string header value

Definition at line 313 of file class.ilSecuritySettings.php.

References $https_header_value.

Referenced by save(), and validate().

        {
            return $this->https_header_value;
        }

Here is the caller graph for this function:

ilSecuritySettings::getLoginMaxAttempts ( )

get the maximum count of login attempts

Returns: integer password max login attempts

Definition at line 262 of file class.ilSecuritySettings.php.

References $login_max_attempts.

Referenced by save(), and validate().

        {
            return $this->login_max_attempts;
        }

Here is the caller graph for this function:

ilSecuritySettings::getPasswordMaxAge ( )

get the maximum password age

Returns: integer password max age

Definition at line 242 of file class.ilSecuritySettings.php.

References $password_max_age.

Referenced by save(), and validate().

        {
            return $this->password_max_age;
        }

Here is the caller graph for this function:

ilSecuritySettings::getPasswordMaxLength ( )

get the maximum length for passwords

Returns: integer password max length

Definition at line 222 of file class.ilSecuritySettings.php.

References $password_max_length.

Referenced by save(), and validate().

        {
            return $this->password_max_length;
        }

Here is the caller graph for this function:

ilSecuritySettings::getPasswordMinLength ( )

get the minimum length for passwords

Returns: integer password min length

Definition at line 202 of file class.ilSecuritySettings.php.

References $password_min_length.

Referenced by save(), and validate().

        {
            return $this->password_min_length;
        }

Here is the caller graph for this function:

ilSecuritySettings::getSecuritySettingsRefId ( )

Definition at line 108 of file class.ilSecuritySettings.php.

References $ref_id.

        {
                return $this->ref_id;
        }

ilSecuritySettings::isAutomaticHTTPSEnabled ( )

read access to switch if automatic https detection is enabled

Returns: boolean true, if detection is enabled, false otherwise

Definition at line 323 of file class.ilSecuritySettings.php.

References $https_header_enable.

Referenced by save(), and validate().

        {
            return $this->https_header_enable;
        }

Here is the caller graph for this function:

ilSecuritySettings::isHTTPSEnabled ( )

read access to https enabled property

Returns: boolean true, if enabled, false otherwise

Definition at line 343 of file class.ilSecuritySettings.php.

References $https_enable.

Referenced by save(), and validate().

    {
        return $this->https_enable;
    }

Here is the caller graph for this function:

ilSecuritySettings::isPasswordChangeOnFirstLoginEnabled ( )

get boolean if the passwords have to be changed by users on first login

Returns: boolean password change on first login enabled

Definition at line 367 of file class.ilSecuritySettings.php.

References $password_change_on_first_login_enabled.

Referenced by save().

         {
                return $this->password_change_on_first_login_enabled;
         }

Here is the caller graph for this function:

ilSecuritySettings::isPasswordCharsAndNumbersEnabled ( )

get boolean if the passwords have to contain characters and numbers

Returns: boolean characters and numbers enabled

Definition at line 158 of file class.ilSecuritySettings.php.

References $password_chars_and_numbers_enabled.

Referenced by save(), and validate().

         {
                return $this->password_chars_and_numbers_enabled;
         }

Here is the caller graph for this function:

ilSecuritySettings::isPasswordSpecialCharsEnabled ( )

get boolean if the passwords have to contain special characters

Returns: boolean password special chars enabled

Definition at line 182 of file class.ilSecuritySettings.php.

References $password_special_chars_enabled.

Referenced by save(), and validate().

         {
                return $this->password_special_chars_enabled;
         }

Here is the caller graph for this function:

ilSecuritySettings::isPreventionOfSimultaneousLoginsEnabled ( )

Prevention of simultaneous logins with the same account.

Returns: boolean true, if prevention of simultaneous logins with the same account is enabled, false otherwise

Definition at line 517 of file class.ilSecuritySettings.php.

References $prevent_simultaneous_logins.

Referenced by save().

    {
        return (bool)$this->prevent_simultaneous_logins;
    }

Here is the caller graph for this function:

ilSecuritySettings::read ( )

private

read settings

private

Parameters

Definition at line 402 of file class.ilSecuritySettings.php.

References $ilDB, $query, $res, $row, and DB_FETCHMODE_ASSOC.

Referenced by __construct().

        {
                global $ilDB;
            $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
                                "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID,'integer')." ".
                                "AND object_data.type = 'ps' ".
                                "AND object_reference.ref_id = tree.child ".
                                "AND object_reference.obj_id = object_data.obj_id";
                $res = $this->db->query($query);
                $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
                $this->ref_id = $row["ref_id"];
        $this->https_header_enable = (bool) $this->settings->get('ps_auto_https_enabled',false);
                $this->https_header_name = (string) $this->settings->get('ps_auto_https_headername',"ILIAS_HTTPS_ENABLED");
                $this->https_header_value = (string) $this->settings->get('ps_auto_https_headervalue',"1");
                $this->https_enable = (boolean) $this->settings->get('https', false);
                $this->account_security_mode = (int) $this->settings->get('ps_account_security_mode',0);
                $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled',false);
                $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled',false);
                $this->password_min_length = (int) $this->settings->get('ps_password_min_length',0);
                $this->password_max_length = (int)  $this->settings->get('ps_password_max_length',0);
                $this->password_max_age = (int) $this->settings->get('ps_password_max_age',0);
                $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts',0);
                $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled',false);
                $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', false);
        }

Here is the caller graph for this function:

ilSecuritySettings::save ( )

Save settings.

Definition at line 377 of file class.ilSecuritySettings.php.

References getAccountSecurityMode(), getAutomaticHTTPSHeaderName(), getAutomaticHTTPSHeaderValue(), getLoginMaxAttempts(), getPasswordMaxAge(), getPasswordMaxLength(), getPasswordMinLength(), isAutomaticHTTPSEnabled(), isHTTPSEnabled(), isPasswordChangeOnFirstLoginEnabled(), isPasswordCharsAndNumbersEnabled(), isPasswordSpecialCharsEnabled(), and isPreventionOfSimultaneousLoginsEnabled().

        {
                $this->settings->set('ps_auto_https_enabled',(bool) $this->isAutomaticHTTPSEnabled());
                $this->settings->set('ps_auto_https_headername',(string) $this->getAutomaticHTTPSHeaderName());
                $this->settings->set('ps_auto_https_headervalue',(string) $this->getAutomaticHTTPSHeaderValue());
                $this->settings->set('https',(string) $this->isHTTPSEnabled());
                $this->settings->set('ps_account_security_mode',(int) $this->getAccountSecurityMode());
                $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
                $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
                $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
                $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
                $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
                $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
                $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
                $this->settings->set('ps_prevent_simultaneous_logins', (int)$this->isPreventionOfSimultaneousLoginsEnabled());
        }

Here is the call graph for this function:

ilSecuritySettings::setAccountSecurityMode ( $a_mode )

set the account security mode

Parameters

integer $a_mode

Definition at line 123 of file class.ilSecuritySettings.php.

         {
                $this->account_security_mode = $a_mode;
         }

ilSecuritySettings::setAutomaticHTTPSEnabled ( $varname )

write access to enable automatic https detection

Parameters

boolean $varname

Definition at line 273 of file class.ilSecuritySettings.php.

        {
            $this->https_header_enable = $varname;
        }

ilSecuritySettings::setAutomaticHTTPSHeaderName ( $varname )

set header name for automatic https detection

Parameters

string $varname

Definition at line 283 of file class.ilSecuritySettings.php.

        {
            $this->https_header_name = $varname;
        }

ilSecuritySettings::setAutomaticHTTPSHeaderValue ( $varname )

set header value for automatic https detection

Parameters

string $varname

Definition at line 293 of file class.ilSecuritySettings.php.

        {
            $this->https_header_value = $varname;
        }

ilSecuritySettings::setHTTPSEnabled ( $value )

Enable https for certain scripts.

Parameters

boolean $value

Definition at line 333 of file class.ilSecuritySettings.php.

    {
        $this->https_enable = $value;
    }

ilSecuritySettings::setLoginMaxAttempts ( $a_login_max_attempts )

set the maximum count of login attempts

Parameters

integer $a_login_max_attempts

Definition at line 252 of file class.ilSecuritySettings.php.

        {
            $this->login_max_attempts = $a_login_max_attempts;
        }

ilSecuritySettings::setPasswordChangeOnFirstLoginEnabled ( $a_password_change_on_first_login_enabled )

set if the passwords have to be changed by users on first login

Parameters

boolean $a_password_change_on_first_login_enabled

Definition at line 355 of file class.ilSecuritySettings.php.

         {
                $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
         }

ilSecuritySettings::setPasswordCharsAndNumbersEnabled ( $a_chars_and_numbers_enabled )

set if the passwords have to contain characters and numbers

Parameters

boolean $a_chars_and_numbers_enabled

Definition at line 146 of file class.ilSecuritySettings.php.

         {
                $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
         }

ilSecuritySettings::setPasswordMaxAge ( $a_password_max_age )

set the maximum password age

Parameters

integer $a_password_max_age

Definition at line 232 of file class.ilSecuritySettings.php.

        {
            $this->password_max_age = $a_password_max_age;
        }

ilSecuritySettings::setPasswordMaxLength ( $a_password_max_length )

set the maximum length for passwords

Parameters

integer $a_password_max_length

Definition at line 212 of file class.ilSecuritySettings.php.

        {
            $this->password_max_length = $a_password_max_length;
        }

ilSecuritySettings::setPasswordMinLength ( $a_password_min_length )

set the minimum length for passwords

Parameters

integer $a_password_min_length

Definition at line 192 of file class.ilSecuritySettings.php.

        {
            $this->password_min_length = $a_password_min_length;
        }

ilSecuritySettings::setPasswordSpecialCharsEnabled ( $a_password_special_chars_enabled )

set if the passwords have to contain special characters

Parameters

boolean $a_password_special_chars_enabled

Definition at line 170 of file class.ilSecuritySettings.php.

         {
                $this->password_special_chars_enabled = $a_password_special_chars_enabled;
         }

ilSecuritySettings::setPreventionOfSimultaneousLogins ( $value )

Enable/Disable prevention of simultaneous logins with the same account.

Parameters

boolean $value

Definition at line 527 of file class.ilSecuritySettings.php.

    {
        $this->prevent_simultaneous_logins = (bool)$value;
    }

ilSecuritySettings::validate ( )

validate settings

Returns: 0, if everything is ok, an error code otherwise

Definition at line 437 of file class.ilSecuritySettings.php.

        {
            if ($this->isAutomaticHTTPSEnabled() &&
                (strlen($this->getAutomaticHTTPSHeaderName()) == 0 ||
                 strlen($this->getAutomaticHTTPSHeaderValue()) == 0)
                )
        {
                return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
            }
        include_once './classes/class.ilHTTPS.php';
            if ($this->isHTTPSEnabled())
            {
                        if(!ilHTTPS::_checkHTTPS())
                        {
                                return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
                        }
            } 
                elseif(!ilHTTPS::_checkHTTP())
                {
                    return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
                }
                if( $this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED )
                {
                        if( $this->getPasswordMinLength() < 0 )
                        {
                                return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
                        }
                        if( $this->getPasswordMaxLength() < 0 )
                        {
                                return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
                        }
                        $password_min_length = 1;
                        if( $this->isPasswordCharsAndNumbersEnabled() )
                        {
                                $password_min_length++;
                                $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
                                if( $this->isPasswordSpecialCharsEnabled() )
                                {
                                        $password_min_length++;
                                        $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
                                }
                        }
                        if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
                        {
                                return $password_min_length_error_code;
                        }
                        if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
                        {
                                return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
                        }
                        if( $this->getPasswordMaxAge() < 0 )
                        {
                                return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
                        }
                        if( $this->getLoginMaxAttempts() < 0 )
                        {
                                return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
                        }
                }
                /*
                 * todo: have to check for local auth if first login password change is enabled??
                 * than: add errorcode
                 */
            return 0;
        }