ILIAS  Release_4_3_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjPrivacySecurityGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 include_once("./Services/Object/classes/class.ilObjectGUI.php");
4 include_once('./Services/PrivacySecurity/classes/class.ilPrivacySettings.php');
5 include_once('./Services/PrivacySecurity/classes/class.ilSecuritySettings.php');
6 
18 class ilObjPrivacySecurityGUI extends ilObjectGUI
19 {
20  private static $ERROR_MESSAGE;
26  public function __construct($a_data, $a_id, $a_call_by_reference = true, $a_prepare_output = true)
27  {
28  $this->type = 'ps';
29  parent::ilObjectGUI($a_data, $a_id, $a_call_by_reference, $a_prepare_output);
30 
31  $this->lng->loadLanguageModule('ps');
32 
33  ilObjPrivacySecurityGUI::$ERROR_MESSAGE = array (
34  ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS => $this->lng->txt("ps_error_message_https_header_missing"),
35  ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE => $this->lng->txt('https_not_possible'),
36  ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE => $this->lng->txt('http_not_possible'),
37  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH => $this->lng->txt('ps_error_message_invalid_password_min_length'),
38  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH => $this->lng->txt('ps_error_message_invalid_password_max_length'),
39  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE => $this->lng->txt('ps_error_message_invalid_password_max_age'),
40  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS => $this->lng->txt('ps_error_message_invalid_login_max_attempts'),
41  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 => $this->lng->txt('ps_error_message_password_min2_because_chars_numbers'),
42  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 => $this->lng->txt('ps_error_message_password_min3_because_chars_numbers_sc'),
43  ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH => $this->lng->txt('ps_error_message_password_max_less_min')
44  );
45  }
46 
53  public function executeCommand()
54  {
55  global $rbacsystem,$ilErr,$ilAccess;
56 
57  $next_class = $this->ctrl->getNextClass($this);
58  $cmd = $this->ctrl->getCmd();
59 
60  $this->prepareOutput();
61 
62  if(!$ilAccess->checkAccess('read','',$this->object->getRefId()))
63  {
64  $ilErr->raiseError($this->lng->txt('no_permission'),$ilErr->WARNING);
65  }
66 
67  switch($next_class)
68  {
69  case 'ilpermissiongui':
70  $this->tabs_gui->setTabActive('perm_settings');
71  include_once("Services/AccessControl/classes/class.ilPermissionGUI.php");
72  $perm_gui =& new ilPermissionGUI($this);
73  $ret =& $this->ctrl->forwardCommand($perm_gui);
74  break;
75 
76  default:
77  if(!$cmd || $cmd == 'view')
78  {
79  $cmd = "showPrivacy";
80  }
81 
82  $this->$cmd();
83  break;
84  }
85  return true;
86  }
87 
94  public function getAdminTabs()
95  {
96  global $rbacsystem;
97 
98  if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
99  {
100  $this->tabs_gui->addTarget("show_privacy",
101  $this->ctrl->getLinkTarget($this, "showPrivacy"),
102  'showPrivacy');
103  $this->tabs_gui->addTarget("show_security",
104  $this->ctrl->getLinkTarget($this, "showSecurity"),
105  'showSecurity');
106 
107  }
108 
109  if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
110  {
111  $this->tabs_gui->addTarget("perm_settings",
112  $this->ctrl->getLinkTargetByClass('ilpermissiongui',"perm"),
113  array(),'ilpermissiongui');
114  }
115  }
116 
122  public function showPrivacy()
123  {
124  $privacy = ilPrivacySettings::_getInstance();
125 
126  $this->tabs_gui->setTabActive('show_privacy');
127 
128  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
129  $form = new ilPropertyFormGUI();
130  $form->setFormAction($this->ctrl->getFormAction($this));
131  $form->setTitle($this->lng->txt('ps_privacy_protection'));
132 
133  include_once('Services/Membership/classes/class.ilMemberAgreement.php');
134  if(ilMemberAgreement::_hasAgreements())
135  {
136  $html = new ilNonEditableValueGUI();
137  $html->setValue($this->lng->txt('ps_warning_modify'));
138  $form->addItem($html);
139  }
140 
141  $value = array();
142  if($privacy->enabledCourseExport())
143  {
144  $value[] = "export_course";
145  }
146  if($privacy->enabledGroupExport())
147  {
148  $value[] = "export_group";
149  }
150  if($privacy->courseConfirmationRequired())
151  {
152  $value[] = "export_confirm_course";
153  }
154  if($privacy->groupConfirmationRequired())
155  {
156  $value[] = "export_confirm_group";
157  }
158  if($privacy->enabledGroupAccessTimes())
159  {
160  $value[] = "grp_access_times";
161  }
162  if($privacy->enabledCourseAccessTimes())
163  {
164  $value[] = "crs_access_times";
165  }
166  $group = new ilCheckboxGroupInputGUI($this->lng->txt('ps_profile_export'),'profile_protection');
167  $group->setValue($value);
168  $check = new ilCheckboxOption();
169  $check->setTitle($this->lng->txt('ps_export_course'));
170  $check->setValue('export_course');
171  $group->addOption($check);
172  $check = new ilCheckboxOption();
173  $check->setTitle($this->lng->txt('ps_export_groups'));
174  $check->setValue('export_group');
175  $group->addOption($check);
176  $check = new ilCheckboxOption();
177  $check->setTitle($this->lng->txt('ps_export_confirm'));
178  $check->setValue('export_confirm_course');
179  $group->addOption($check);
180  $check = new ilCheckboxOption();
181  $check->setTitle($this->lng->txt('ps_export_confirm_group'));
182  $check->setValue('export_confirm_group');
183  $group->addOption($check);
184  $check = new ilCheckboxOption();
185  $check->setTitle($this->lng->txt('ps_show_grp_access'));
186  $check->setValue('grp_access_times');
187  $group->addOption($check);
188  $check = new ilCheckboxOption();
189  $check->setTitle($this->lng->txt('ps_show_crs_access'));
190  $check->setValue('crs_access_times');
191  $group->addOption($check);
192  $form->addItem($group);
193 
194  $check = new ilCheckboxInputGui($this->lng->txt('enable_fora_statistics'), 'fora_statistics');
195  $check->setInfo($this->lng->txt('enable_fora_statistics_desc'));
196  $check->setChecked($privacy->enabledForaStatistics());
197  $form->addItem($check);
198 
199  $check = new ilCheckboxInputGui($this->lng->txt('enable_anonymous_fora'), 'anonymous_fora');
200  $check->setInfo($this->lng->txt('enable_anonymous_fora_desc'));
201  $check->setChecked($privacy->enabledAnonymousFora());
202  $form->addItem($check);
203 
204  $check = new ilCheckboxInputGui($this->lng->txt('enable_sahs_protocol_data'), 'enable_sahs_pd');
205  $check->setInfo($this->lng->txt('enable_sahs_protocol_data_desc'));
206  $check->setChecked($privacy->enabledSahsProtocolData());
207  $form->addItem($check);
208 
209  $check = new ilCheckboxInputGui($this->lng->txt('rbac_log'), 'rbac_log');
210  $check->setInfo($this->lng->txt('rbac_log_info'));
211  $check->setChecked($privacy->enabledRbacLog());
212  $form->addItem($check);
213 
214  $age = new ilNumberInputGUI($this->lng->txt('rbac_log_age'),'rbac_log_age');
215  $age->setInfo($this->lng->txt('rbac_log_age_info'));
216  $age->setValue($privacy->getRbacLogAge());
217  $age->setMinValue(1);
218  $age->setMaxValue(24);
219  $age->setSize(2);
220  $age->setMaxLength(2);
221  $check->addSubItem($age);
222 
223  $form->addCommandButton('save_privacy',$this->lng->txt('save'));
224  $this->tpl->setContent($form->getHTML());
225  }
226 
232  public function showSecurity()
233  {
234  global $ilSetting, $ilUser, $rbacreview;
235 
236  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
237 
238  $security = ilSecuritySettings::_getInstance();
239 
240  $this->tabs_gui->setTabActive('show_security');
241 
242  $form = new ilPropertyFormGUI();
243  $form->setFormAction($this->ctrl->getFormAction($this));
244  $form->setTitle($this->lng->txt('ps_security_protection'));
245 
246  // Form checkbox
247  $check = new ilCheckboxInputGUI($this->lng->txt('ps_auto_https'),'auto_https_detect_enabled');
248  $check->setOptionTitle($this->lng->txt('ps_auto_https_description'));
249  $check->setChecked($security->isAutomaticHTTPSEnabled() ? 1 : 0);
250  $check->setValue(1);
251 
252  $text = new ilTextInputGUI($this->lng->txt('ps_auto_https_header_name'),'auto_https_detect_header_name');
253  $text->setValue($security->getAutomaticHTTPSHeaderName());
254  $text->setSize(24);
255  $text->setMaxLength(64);
256  $check->addSubItem($text);
257 
258  $text = new ilTextInputGUI($this->lng->txt('ps_auto_https_header_value'),'auto_https_detect_header_value');
259  $text->setValue($security->getAutomaticHTTPSHeaderValue());
260  $text->setSize(24);
261  $text->setMaxLength(64);
262  $check->addSubItem($text);
263 
264  $form->addItem($check);
265 
266  $check2 = new ilCheckboxInputGUI($this->lng->txt('activate_https'),'https_enabled');
267  $check2->setChecked($security->isHTTPSEnabled() ? 1 : 0);
268  $check2->setValue(1);
269  $form->addItem($check2);
270 
271  $radio_group = new ilRadioGroupInputGUI($this->lng->txt('ps_account_security_mode'), 'account_security_mode' );
272  $radio_group->setValue($security->getAccountSecurityMode());
273 
274  $radio_opt = new ilRadioOption($this->lng->txt('ps_account_security_mode_default'),ilSecuritySettings::ACCOUNT_SECURITY_MODE_DEFAULT);
275  $radio_group->addOption($radio_opt);
276 
277  $radio_opt = new ilRadioOption($this->lng->txt('ps_account_security_mode_customized'),ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED);
278 
279  $check = new ilCheckboxInputGUI($this->lng->txt('ps_password_chars_and_numbers_enabled'),'password_chars_and_numbers_enabled');
280  $check->setChecked( $security->isPasswordCharsAndNumbersEnabled() ? 1 : 0 );
281  //$check->setOptionTitle($this->lng->txt('ps_password_chars_and_numbers_enabled'));
282  $check->setInfo($this->lng->txt('ps_password_chars_and_numbers_enabled_info'));
283  $radio_opt->addSubItem($check);
284 
285  $check = new ilCheckboxInputGUI($this->lng->txt('ps_password_special_chars_enabled'),'password_special_chars_enabled');
286  $check->setChecked( $security->isPasswordSpecialCharsEnabled() ? 1 : 0 );
287  //$check->setOptionTitle($this->lng->txt('ps_password_special_chars_enabled'));
288  $check->setInfo($this->lng->txt('ps_password_special_chars_enabled_info'));
289  $radio_opt->addSubItem($check);
290 
291  $text = new ilTextInputGUI($this->lng->txt('ps_password_min_length'),'password_min_length');
292  $text->setInfo($this->lng->txt('ps_password_min_length_info'));
293  $text->setValue( $security->getPasswordMinLength() );
294  $text->setSize(1);
295  $text->setMaxLength(2);
296  $radio_opt->addSubItem($text);
297 
298  $text = new ilTextInputGUI($this->lng->txt('ps_password_max_length'),'password_max_length');
299  $text->setInfo($this->lng->txt('ps_password_max_length_info'));
300  $text->setValue( $security->getPasswordMaxLength() );
301  $text->setSize(2);
302  $text->setMaxLength(3);
303  $radio_opt->addSubItem($text);
304 
305  $text = new ilTextInputGUI($this->lng->txt('ps_password_max_age'),'password_max_age');
306  $text->setInfo($this->lng->txt('ps_password_max_age_info'));
307  $text->setValue( $security->getPasswordMaxAge() );
308  $text->setSize(2);
309  $text->setMaxLength(3);
310  $radio_opt->addSubItem($text);
311 
312  $text = new ilTextInputGUI($this->lng->txt('ps_login_max_attempts'),'login_max_attempts');
313  $text->setInfo($this->lng->txt('ps_login_max_attempts_info'));
314  $text->setValue( $security->getLoginMaxAttempts() );
315  $text->setSize(1);
316  $text->setMaxLength(2);
317  $radio_opt->addSubItem($text);
318 
319  $radio_group->addOption($radio_opt);
320  $form->addItem($radio_group);
321 
322  $check = new ilCheckboxInputGUI($this->lng->txt('ps_password_change_on_first_login_enabled'),'password_change_on_first_login_enabled');
323  $check->setInfo($this->lng->txt('ps_password_change_on_first_login_enabled_info'));
324  $check->setChecked( $security->isPasswordChangeOnFirstLoginEnabled() ? 1 : 0 );
325  $form->addItem($check);
326 
327  // file suffix replacement
328  $ti = new ilTextInputGUI($this->lng->txt("file_suffix_repl"), "suffix_repl_additional");
329  $ti->setMaxLength(200);
330  $ti->setSize(40);
331  $ti->setInfo($this->lng->txt("file_suffix_repl_info")." ".SUFFIX_REPL_DEFAULT);
332  $ti->setValue($ilSetting->get("suffix_repl_additional"));
333  $form->addItem($ti);
334 
335  // prevent login from multiple pcs at the same time
336  $objCb = new ilCheckboxInputGUI($this->lng->txt('ps_prevent_simultaneous_logins'), 'ps_prevent_simultaneous_logins');
337  $objCb->setChecked((int)$security->isPreventionOfSimultaneousLoginsEnabled());
338  $objCb->setValue(1);
339  $objCb->setOptionTitle($this->lng->txt('ps_prevent_simultaneous_logins_info'));
340  $form->addItem($objCb);
341 
342  // protected admin
343  $admin = new ilCheckboxInputGUI($GLOBALS['lng']->txt('adm_adm_role_protect'),'admin_role');
344  $admin->setDisabled(!$rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID));
345  $admin->setInfo($GLOBALS['lng']->txt('adm_adm_role_protect_info'));
346  $admin->setChecked((int) $security->isAdminRoleProtected());
347  $admin->setValue(1);
348  $form->addItem($admin);
349 
350  $form->addCommandButton('save_security',$this->lng->txt('save'));
351  $this->tpl->setContent($form->getHTML());
352  }
353 
360  public function save_privacy()
361  {
362  global $ilErr,$ilAccess, $ilSetting;
363 
364  if(!$ilAccess->checkAccess('write','',$this->object->getRefId()))
365  {
366  $ilErr->raiseError($this->lng->txt('no_permission'),$ilErr->WARNING);
367  }
368 
369  if((int) $_POST['rbac_log_age'] > 24)
370  {
371  $_POST['rbac_log_age'] = 24;
372  }
373  else if((int) $_POST['rbac_log_age'] < 1)
374  {
375  $_POST['rbac_log_age'] = 1;
376  }
377 
378  $_POST['profile_protection'] = isset($_POST['profile_protection']) ? $_POST['profile_protection'] : array();
379 
380  $privacy = ilPrivacySettings::_getInstance();
381  $privacy->enableCourseExport((int) in_array('export_course', $_POST['profile_protection']));
382  $privacy->enableGroupExport((int) in_array('export_group', $_POST['profile_protection']));
383  $privacy->setCourseConfirmationRequired((int) in_array('export_confirm_course', $_POST['profile_protection']));
384  $privacy->setGroupConfirmationRequired((int) in_array('export_confirm_group', $_POST['profile_protection']));
385  $privacy->showGroupAccessTimes((int) in_array('grp_access_times', $_POST['profile_protection']));
386  $privacy->showCourseAccessTimes((int) in_array('crs_access_times', $_POST['profile_protection']));
387  $privacy->enableForaStatistics ((int) $_POST['fora_statistics']);
388  $privacy->enableAnonymousFora ((int) $_POST['anonymous_fora']);
389  $privacy->enableRbacLog((int) $_POST['rbac_log']);
390  $privacy->setRbacLogAge((int) $_POST['rbac_log_age']);
391  $privacy->enableSahsProtocolData((int) $_POST['enable_sahs_pd']);
392 
393  // validate settings
394  $code = $privacy->validate();
395 
396  // if error code != 0, display error and do not save
397  if ($code != 0)
398  {
399  $msg = $this->getErrorMessage ($code);
400  ilUtil::sendFailure($msg);
401  }
402  else
403  {
404  $privacy->save();
405  include_once('Services/Membership/classes/class.ilMemberAgreement.php');
406  ilMemberAgreement::_reset();
407  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
408  }
409 
410  $this->showPrivacy();
411  }
412 
419  public function save_security()
420  {
421  global $ilErr,$ilAccess, $ilSetting, $rbacreview, $ilUser;
422 
423  if(!$ilAccess->checkAccess('write','',$this->object->getRefId()))
424  {
425  $ilErr->raiseError($this->lng->txt('no_permission'),$ilErr->WARNING);
426  }
427 
428 
429  $security = ilSecuritySettings::_getInstance();
430 
431  // auto https detection settings
432  $security->setAutomaticHTTPSEnabled((int) $_POST["auto_https_detect_enabled"]);
433  $security->setAutomaticHTTPSHeaderName(ilUtil::stripSlashes($_POST["auto_https_detect_header_name"]));
434  $security->setAutomaticHTTPSHeaderValue(ilUtil::stripSlashes($_POST["auto_https_detect_header_value"]));
435 
436  // prevention of simultaneous logins with the same account
437  $security->setPreventionOfSimultaneousLogins((bool)$_POST['ps_prevent_simultaneous_logins']);
438 
439  // ilias https handling settings
440  $security->setHTTPSEnabled($_POST["https_enabled"]);
441 
442  // account security settings
443  $security->setAccountSecurityMode((int) $_POST["account_security_mode"]);
444  $security->setPasswordCharsAndNumbersEnabled((bool) $_POST["password_chars_and_numbers_enabled"]);
445  $security->setPasswordSpecialCharsEnabled((bool) $_POST["password_special_chars_enabled"]);
446  $security->setPasswordMinLength((int) $_POST["password_min_length"]);
447  $security->setPasswordMaxLength((int) $_POST["password_max_length"]);
448  $security->setPasswordMaxAge((int) $_POST["password_max_age"]);
449  $security->setLoginMaxAttempts((int) $_POST["login_max_attempts"]);
450 
451  // change password on first login settings
452  $security->setPasswordChangeOnFirstLoginEnabled((bool) $_POST['password_change_on_first_login_enabled']);
453 
454  // file suffic replacements
455  $ilSetting->set("suffix_repl_additional", $_POST["suffix_repl_additional"]);
456 
457  // validate settings
458  if($rbacreview->isAssigned($ilUser->getId(),SYSTEM_ROLE_ID))
459  {
460  $security->protectedAdminRole((int) $_POST['admin_role']);
461  }
462 
463  $code = $security->validate();
464 
465  // if error code != 0, display error and do not save
466  if ($code != 0)
467  {
468  $msg = $this->getErrorMessage ($code);
469  ilUtil::sendFailure($msg);
470  } else
471  {
472  $security->save();
473  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
474  }
475 
476  $this->showSecurity();
477  }
478 
479 
487  private static function getErrorMessage ($code) {
488  return ilObjPrivacySecurityGUI::$ERROR_MESSAGE[$code];
489  }
490 }
491 ?>