ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSecuritySettings.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ilSecuritySettings
35 {
36  public static $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1;
37  public static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2;
38  public static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3;
39 
40  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4;
41  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5;
42  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6;
43  const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7;
44  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8;
45  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9;
46  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10;
47 
48 
49  const ACCOUNT_SECURITY_MODE_DEFAULT = 1;
50  const ACCOUNT_SECURITY_MODE_CUSTOMIZED = 2;
51 
52 
53  private static $instance = null;
54  private $db;
55  private $settings;
56 
57  private $https_header_enable;
58  private $https_header_name;
59  private $https_header_value;
60  private $https_enable;
61 
62  const DEFAULT_ACCOUNT_SECURITY_MODE = self::ACCOUNT_SECURITY_MODE_DEFAULT;
63  const DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED = true;
64  const DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED = false;
65  const DEFAULT_PASSWORD_MIN_LENGTH = 8;
66  const DEFAULT_PASSWORD_MAX_LENGTH = 0;
67  const DEFAULT_PASSWORD_MAX_AGE = 90;
68  const DEFAULT_LOGIN_MAX_ATTEMPTS = 5;
69 
70  const DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED = false;
71  const DEFAULT_PREVENT_SIMULTANEOUS_LOGINS = false;
72 
73  private $account_security_mode = self::DEFAULT_ACCOUNT_SECURITY_MODE;
74  private $password_chars_and_numbers_enabled = self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED;
75  private $password_special_chars_enabled = self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED;
76  private $password_min_length = self::DEFAULT_PASSWORD_MIN_LENGTH;
77  private $password_max_length = self::DEFAULT_PASSWORD_MAX_LENGTH;
78  private $password_max_age = self::DEFAULT_PASSWORD_MAX_AGE;
79  private $login_max_attempts = self::DEFAULT_LOGIN_MAX_ATTEMPTS;
80 
81  private $password_change_on_first_login_enabled = self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED;
82  private $prevent_simultaneous_logins = self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS;
83 
91  private function __construct()
92  {
93 
94  global $ilSetting,$ilDB;
95 
96  $this->db = $ilDB;
97  $this->settings = $ilSetting;
98 
99  $this->read();
100  }
101 
109  public static function _getInstance()
110  {
111  if(is_object(self::$instance))
112  {
113  return self::$instance;
114  }
115  return self::$instance = new ilSecuritySettings();
116  }
117 
118  public function getSecuritySettingsRefId()
119  {
120  return $this->ref_id;
121  }
122 
123 
124 
125 
126 
133  public function setAccountSecurityMode($a_mode)
134  {
135  $this->account_security_mode = $a_mode;
136  }
137 
144  public function getAccountSecurityMode()
145  {
146  return $this->account_security_mode;
147  }
148 
156  public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
157  {
158  $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
159  }
160 
168  public function isPasswordCharsAndNumbersEnabled()
169  {
170  return $this->password_chars_and_numbers_enabled;
171  }
172 
180  public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
181  {
182  $this->password_special_chars_enabled = $a_password_special_chars_enabled;
183  }
184 
192  public function isPasswordSpecialCharsEnabled()
193  {
194  return $this->password_special_chars_enabled;
195  }
196 
202  public function setPasswordMinLength($a_password_min_length)
203  {
204  $this->password_min_length = $a_password_min_length;
205  }
206 
212  public function getPasswordMinLength()
213  {
214  return $this->password_min_length;
215  }
216 
222  public function setPasswordMaxLength($a_password_max_length)
223  {
224  $this->password_max_length = $a_password_max_length;
225  }
226 
232  public function getPasswordMaxLength()
233  {
234  return $this->password_max_length;
235  }
236 
242  public function setPasswordMaxAge($a_password_max_age)
243  {
244  $this->password_max_age = $a_password_max_age;
245  }
246 
252  public function getPasswordMaxAge()
253  {
254  return $this->password_max_age;
255  }
256 
262  public function setLoginMaxAttempts($a_login_max_attempts)
263  {
264  $this->login_max_attempts = $a_login_max_attempts;
265  }
266 
272  public function getLoginMaxAttempts()
273  {
274  return $this->login_max_attempts;
275  }
276 
283  public function setAutomaticHTTPSEnabled($varname)
284  {
285  $this->https_header_enable = $varname;
286  }
287 
293  public function setAutomaticHTTPSHeaderName($varname)
294  {
295  $this->https_header_name = $varname;
296  }
297 
303  public function setAutomaticHTTPSHeaderValue($varname)
304  {
305  $this->https_header_value = $varname;
306  }
307 
313  public function getAutomaticHTTPSHeaderName()
314  {
315  return $this->https_header_name;
316  }
317 
323  public function getAutomaticHTTPSHeaderValue()
324  {
325  return $this->https_header_value;
326  }
327 
333  public function isAutomaticHTTPSEnabled()
334  {
335  return $this->https_header_enable;
336  }
337 
343  public function setHTTPSEnabled ($value)
344  {
345  $this->https_enable = $value;
346  }
347 
353  public function isHTTPSEnabled ()
354  {
355  return $this->https_enable;
356  }
357 
365  public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
366  {
367  $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
368  }
369 
377  public function isPasswordChangeOnFirstLoginEnabled()
378  {
379  return $this->password_change_on_first_login_enabled;
380  }
381 
387  public function save()
388  {
389  $this->settings->set('ps_auto_https_enabled',(bool) $this->isAutomaticHTTPSEnabled());
390  $this->settings->set('ps_auto_https_headername',(string) $this->getAutomaticHTTPSHeaderName());
391  $this->settings->set('ps_auto_https_headervalue',(string) $this->getAutomaticHTTPSHeaderValue());
392  $this->settings->set('https',(string) $this->isHTTPSEnabled());
393 
394  $this->settings->set('ps_account_security_mode',(int) $this->getAccountSecurityMode());
395  $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
396  $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
397  $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
398  $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
399  $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
400  $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
401 
402  $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
403  $this->settings->set('ps_prevent_simultaneous_logins', (int)$this->isPreventionOfSimultaneousLoginsEnabled());
404  }
412  private function read()
413  {
414  global $ilDB;
415 
416  $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
417  "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID,'integer')." ".
418  "AND object_data.type = 'ps' ".
419  "AND object_reference.ref_id = tree.child ".
420  "AND object_reference.obj_id = object_data.obj_id";
421  $res = $this->db->query($query);
422  $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
423  $this->ref_id = $row["ref_id"];
424 
425  $this->https_header_enable = (bool) $this->settings->get('ps_auto_https_enabled',false);
426  $this->https_header_name = (string) $this->settings->get('ps_auto_https_headername',"ILIAS_HTTPS_ENABLED");
427  $this->https_header_value = (string) $this->settings->get('ps_auto_https_headervalue',"1");
428  $this->https_enable = (boolean) $this->settings->get('https', false);
429 
430  $this->account_security_mode = (int) $this->settings->get('ps_account_security_mode', self::DEFAULT_ACCOUNT_SECURITY_MODE);
431  $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled', self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED);
432  $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled', self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED);
433  $this->password_min_length = (int) $this->settings->get('ps_password_min_length', self::DEFAULT_PASSWORD_MIN_LENGTH);
434  $this->password_max_length = (int) $this->settings->get('ps_password_max_length', self::DEFAULT_PASSWORD_MAX_LENGTH);
435  $this->password_max_age = (int) $this->settings->get('ps_password_max_age', self::DEFAULT_PASSWORD_MAX_AGE);
436  $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts', self::DEFAULT_LOGIN_MAX_ATTEMPTS);
437 
438  $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled', self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED);
439  $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS);
440  }
441 
447  public function validate()
448  {
449  if ($this->isAutomaticHTTPSEnabled() &&
450  (strlen($this->getAutomaticHTTPSHeaderName()) == 0 ||
451  strlen($this->getAutomaticHTTPSHeaderValue()) == 0)
452  )
453  {
454  return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
455  }
456  include_once './classes/class.ilHTTPS.php';
457 
458  if ($this->isHTTPSEnabled())
459  {
460  if(!ilHTTPS::_checkHTTPS())
461  {
462  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
463  }
464  }
465  elseif(!ilHTTPS::_checkHTTP())
466  {
467  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
468  }
469 
470  if( $this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED )
471  {
472  if( $this->getPasswordMinLength() < 0 )
473  {
474  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
475  }
476 
477  if( $this->getPasswordMaxLength() < 0 )
478  {
479  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
480  }
481 
482  $password_min_length = 1;
483  if( $this->isPasswordCharsAndNumbersEnabled() )
484  {
485  $password_min_length++;
486  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
487 
488  if( $this->isPasswordSpecialCharsEnabled() )
489  {
490  $password_min_length++;
491  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
492  }
493  }
494  if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
495  {
496  return $password_min_length_error_code;
497  }
498  if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
499  {
500  return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
501  }
502 
503  if( $this->getPasswordMaxAge() < 0 )
504  {
505  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
506  }
507 
508  if( $this->getLoginMaxAttempts() < 0 )
509  {
510  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
511  }
512  }
513 
514  /*
515  * todo: have to check for local auth if first login password change is enabled??
516  * than: add errorcode
517  */
518 
519  return 0;
520  }
521 
527  public function isPreventionOfSimultaneousLoginsEnabled()
528  {
529  return (bool)$this->prevent_simultaneous_logins;
530  }
531 
537  public function setPreventionOfSimultaneousLogins($value)
538  {
539  $this->prevent_simultaneous_logins = (bool)$value;
540  }
541 }
542 ?>