ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSecuritySettings.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ilSecuritySettings
35 {
36  public static $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1;
37  public static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2;
38  public static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3;
39 
40  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4;
41  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5;
42  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6;
43  const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7;
44  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8;
45  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9;
46  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10;
47 
48 
49  const ACCOUNT_SECURITY_MODE_DEFAULT = 1;
50  const ACCOUNT_SECURITY_MODE_CUSTOMIZED = 2;
51 
52 
53  private static $instance = null;
54  private $db;
55  private $settings;
56 
57  private $https_header_enable;
58  private $https_header_name;
59  private $https_header_value;
60  private $https_enable;
61 
62  private $account_security_mode = self::ACCOUNT_SECURITY_MODE_DEFAULT;
63  private $password_chars_and_numbers_enabled = false;
64  private $password_special_chars_enabled = false;
65  private $password_min_length = 0;
66  private $password_max_length = 0;
67  private $password_max_age = 0;
68  private $login_max_attempts = 0;
69 
70  private $password_change_on_first_login_enabled = false;
71 
72  private $prevent_simultaneous_logins = false;
73 
81  private function __construct()
82  {
83 
84  global $ilSetting,$ilDB;
85 
86  $this->db = $ilDB;
87  $this->settings = $ilSetting;
88 
89  $this->read();
90  }
91 
99  public static function _getInstance()
100  {
101  if(is_object(self::$instance))
102  {
103  return self::$instance;
104  }
105  return self::$instance = new ilSecuritySettings();
106  }
107 
108  public function getSecuritySettingsRefId()
109  {
110  return $this->ref_id;
111  }
112 
113 
114 
115 
116 
123  public function setAccountSecurityMode($a_mode)
124  {
125  $this->account_security_mode = $a_mode;
126  }
127 
134  public function getAccountSecurityMode()
135  {
136  return $this->account_security_mode;
137  }
138 
146  public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
147  {
148  $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
149  }
150 
158  public function isPasswordCharsAndNumbersEnabled()
159  {
160  return $this->password_chars_and_numbers_enabled;
161  }
162 
170  public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
171  {
172  $this->password_special_chars_enabled = $a_password_special_chars_enabled;
173  }
174 
182  public function isPasswordSpecialCharsEnabled()
183  {
184  return $this->password_special_chars_enabled;
185  }
186 
192  public function setPasswordMinLength($a_password_min_length)
193  {
194  $this->password_min_length = $a_password_min_length;
195  }
196 
202  public function getPasswordMinLength()
203  {
204  return $this->password_min_length;
205  }
206 
212  public function setPasswordMaxLength($a_password_max_length)
213  {
214  $this->password_max_length = $a_password_max_length;
215  }
216 
222  public function getPasswordMaxLength()
223  {
224  return $this->password_max_length;
225  }
226 
232  public function setPasswordMaxAge($a_password_max_age)
233  {
234  $this->password_max_age = $a_password_max_age;
235  }
236 
242  public function getPasswordMaxAge()
243  {
244  return $this->password_max_age;
245  }
246 
252  public function setLoginMaxAttempts($a_login_max_attempts)
253  {
254  $this->login_max_attempts = $a_login_max_attempts;
255  }
256 
262  public function getLoginMaxAttempts()
263  {
264  return $this->login_max_attempts;
265  }
266 
273  public function setAutomaticHTTPSEnabled($varname)
274  {
275  $this->https_header_enable = $varname;
276  }
277 
283  public function setAutomaticHTTPSHeaderName($varname)
284  {
285  $this->https_header_name = $varname;
286  }
287 
293  public function setAutomaticHTTPSHeaderValue($varname)
294  {
295  $this->https_header_value = $varname;
296  }
297 
303  public function getAutomaticHTTPSHeaderName()
304  {
305  return $this->https_header_name;
306  }
307 
313  public function getAutomaticHTTPSHeaderValue()
314  {
315  return $this->https_header_value;
316  }
317 
323  public function isAutomaticHTTPSEnabled()
324  {
325  return $this->https_header_enable;
326  }
327 
333  public function setHTTPSEnabled ($value)
334  {
335  $this->https_enable = $value;
336  }
337 
343  public function isHTTPSEnabled ()
344  {
345  return $this->https_enable;
346  }
347 
355  public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
356  {
357  $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
358  }
359 
367  public function isPasswordChangeOnFirstLoginEnabled()
368  {
369  return $this->password_change_on_first_login_enabled;
370  }
371 
377  public function save()
378  {
379  $this->settings->set('ps_auto_https_enabled',(bool) $this->isAutomaticHTTPSEnabled());
380  $this->settings->set('ps_auto_https_headername',(string) $this->getAutomaticHTTPSHeaderName());
381  $this->settings->set('ps_auto_https_headervalue',(string) $this->getAutomaticHTTPSHeaderValue());
382  $this->settings->set('https',(string) $this->isHTTPSEnabled());
383 
384  $this->settings->set('ps_account_security_mode',(int) $this->getAccountSecurityMode());
385  $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
386  $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
387  $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
388  $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
389  $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
390  $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
391 
392  $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
393  $this->settings->set('ps_prevent_simultaneous_logins', (int)$this->isPreventionOfSimultaneousLoginsEnabled());
394  }
402  private function read()
403  {
404  global $ilDB;
405 
406  $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
407  "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID,'integer')." ".
408  "AND object_data.type = 'ps' ".
409  "AND object_reference.ref_id = tree.child ".
410  "AND object_reference.obj_id = object_data.obj_id";
411  $res = $this->db->query($query);
412  $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
413  $this->ref_id = $row["ref_id"];
414 
415  $this->https_header_enable = (bool) $this->settings->get('ps_auto_https_enabled',false);
416  $this->https_header_name = (string) $this->settings->get('ps_auto_https_headername',"ILIAS_HTTPS_ENABLED");
417  $this->https_header_value = (string) $this->settings->get('ps_auto_https_headervalue',"1");
418  $this->https_enable = (boolean) $this->settings->get('https', false);
419 
420  $this->account_security_mode = (int) $this->settings->get('ps_account_security_mode',0);
421  $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled',false);
422  $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled',false);
423  $this->password_min_length = (int) $this->settings->get('ps_password_min_length',0);
424  $this->password_max_length = (int) $this->settings->get('ps_password_max_length',0);
425  $this->password_max_age = (int) $this->settings->get('ps_password_max_age',0);
426  $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts',0);
427 
428  $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled',false);
429  $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', false);
430  }
431 
437  public function validate()
438  {
439  if ($this->isAutomaticHTTPSEnabled() &&
440  (strlen($this->getAutomaticHTTPSHeaderName()) == 0 ||
441  strlen($this->getAutomaticHTTPSHeaderValue()) == 0)
442  )
443  {
444  return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
445  }
446  include_once './classes/class.ilHTTPS.php';
447 
448  if ($this->isHTTPSEnabled())
449  {
450  if(!ilHTTPS::_checkHTTPS())
451  {
452  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
453  }
454  }
455  elseif(!ilHTTPS::_checkHTTP())
456  {
457  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
458  }
459 
460  if( $this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED )
461  {
462  if( $this->getPasswordMinLength() < 0 )
463  {
464  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
465  }
466 
467  if( $this->getPasswordMaxLength() < 0 )
468  {
469  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
470  }
471 
472  $password_min_length = 1;
473  if( $this->isPasswordCharsAndNumbersEnabled() )
474  {
475  $password_min_length++;
476  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
477 
478  if( $this->isPasswordSpecialCharsEnabled() )
479  {
480  $password_min_length++;
481  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
482  }
483  }
484  if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
485  {
486  return $password_min_length_error_code;
487  }
488  if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
489  {
490  return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
491  }
492 
493  if( $this->getPasswordMaxAge() < 0 )
494  {
495  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
496  }
497 
498  if( $this->getLoginMaxAttempts() < 0 )
499  {
500  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
501  }
502  }
503 
504  /*
505  * todo: have to check for local auth if first login password change is enabled??
506  * than: add errorcode
507  */
508 
509  return 0;
510  }
511 
517  public function isPreventionOfSimultaneousLoginsEnabled()
518  {
519  return (bool)$this->prevent_simultaneous_logins;
520  }
521 
527  public function setPreventionOfSimultaneousLogins($value)
528  {
529  $this->prevent_simultaneous_logins = (bool)$value;
530  }
531 }
532 ?>