ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSecuritySettings.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ilSecuritySettings
35 {
36  public static $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1;
37  public static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2;
38  public static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3;
39 
40  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4;
41  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5;
42  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6;
43  const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7;
44  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1 = 11;
45  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8;
46  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9;
47  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10;
48 
49  private static $instance = null;
50  private $db;
51  private $settings;
52 
53  private $https_header_enable;
54  private $https_header_name;
55  private $https_header_value;
56  private $https_enable;
57 
58  const DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED = true;
59  const DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED = false;
60  const DEFAULT_PASSWORD_MIN_LENGTH = 8;
61  const DEFAULT_PASSWORD_MAX_LENGTH = 0;
62  const DEFAULT_PASSWORD_MAX_AGE = 90;
63  const DEFAULT_LOGIN_MAX_ATTEMPTS = 5;
64 
65  const DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED = false;
66  const DEFAULT_PREVENT_SIMULTANEOUS_LOGINS = false;
67 
68  private $password_chars_and_numbers_enabled = self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED;
69  private $password_special_chars_enabled = self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED;
70  private $password_min_length = self::DEFAULT_PASSWORD_MIN_LENGTH;
71  private $password_max_length = self::DEFAULT_PASSWORD_MAX_LENGTH;
72  private $password_max_age = self::DEFAULT_PASSWORD_MAX_AGE;
73  private $password_ucase_chars_num = 0;
74  private $password_lcase_chars_num = 0;
75  private $login_max_attempts = self::DEFAULT_LOGIN_MAX_ATTEMPTS;
76  private $password_must_not_contain_loginname = false;
77 
78  private $password_change_on_first_login_enabled = self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED;
79  private $prevent_simultaneous_logins = self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS;
80 
81  private $protect_admin_role = false;
82 
90  private function __construct()
91  {
92 
93  global $ilSetting,$ilDB;
94 
95  $this->db = $ilDB;
96  $this->settings = $ilSetting;
97 
98  $this->read();
99  }
100 
108  public static function _getInstance()
109  {
110  if(is_object(self::$instance))
111  {
112  return self::$instance;
113  }
114  return self::$instance = new ilSecuritySettings();
115  }
116 
117  public function getSecuritySettingsRefId()
118  {
119  return $this->ref_id;
120  }
121 
129  public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
130  {
131  $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
132  }
133 
141  public function isPasswordCharsAndNumbersEnabled()
142  {
143  return $this->password_chars_and_numbers_enabled;
144  }
145 
153  public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
154  {
155  $this->password_special_chars_enabled = $a_password_special_chars_enabled;
156  }
157 
165  public function isPasswordSpecialCharsEnabled()
166  {
167  return $this->password_special_chars_enabled;
168  }
169 
175  public function setPasswordMinLength($a_password_min_length)
176  {
177  $this->password_min_length = $a_password_min_length;
178  }
179 
185  public function getPasswordMinLength()
186  {
187  return $this->password_min_length;
188  }
189 
195  public function setPasswordMaxLength($a_password_max_length)
196  {
197  $this->password_max_length = $a_password_max_length;
198  }
199 
205  public function getPasswordMaxLength()
206  {
207  return $this->password_max_length;
208  }
209 
215  public function setPasswordMaxAge($a_password_max_age)
216  {
217  $this->password_max_age = $a_password_max_age;
218  }
219 
225  public function getPasswordMaxAge()
226  {
227  return $this->password_max_age;
228  }
229 
235  public function setLoginMaxAttempts($a_login_max_attempts)
236  {
237  $this->login_max_attempts = $a_login_max_attempts;
238  }
239 
245  public function getLoginMaxAttempts()
246  {
247  return $this->login_max_attempts;
248  }
249 
256  public function setAutomaticHTTPSEnabled($varname)
257  {
258  $this->https_header_enable = $varname;
259  }
260 
266  public function setAutomaticHTTPSHeaderName($varname)
267  {
268  $this->https_header_name = $varname;
269  }
270 
276  public function setAutomaticHTTPSHeaderValue($varname)
277  {
278  $this->https_header_value = $varname;
279  }
280 
286  public function getAutomaticHTTPSHeaderName()
287  {
288  return $this->https_header_name;
289  }
290 
296  public function getAutomaticHTTPSHeaderValue()
297  {
298  return $this->https_header_value;
299  }
300 
306  public function isAutomaticHTTPSEnabled()
307  {
308  return $this->https_header_enable;
309  }
310 
316  public function setHTTPSEnabled ($value)
317  {
318  $this->https_enable = $value;
319  }
320 
326  public function isHTTPSEnabled ()
327  {
328  return $this->https_enable;
329  }
330 
338  public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
339  {
340  $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
341  }
342 
350  public function isPasswordChangeOnFirstLoginEnabled()
351  {
352  return $this->password_change_on_first_login_enabled;
353  }
354 
359  public function isAdminRoleProtected()
360  {
361  return (bool) $this->protect_admin_role;
362  }
363 
368  public function protectedAdminRole($a_stat)
369  {
370  $this->protect_admin_role = $a_stat;
371  }
372 
377  public function checkAdminRoleAccessible($a_usr_id)
378  {
379  global $rbacreview;
380 
381  if(!$this->isAdminRoleProtected())
382  {
383  return true;
384  }
385  if($rbacreview->isAssigned($a_usr_id,SYSTEM_ROLE_ID))
386  {
387  return true;
388  }
389  return false;
390  }
391 
397  public function save()
398  {
399  $this->settings->set('ps_auto_https_enabled',(bool) $this->isAutomaticHTTPSEnabled());
400  $this->settings->set('ps_auto_https_headername',(string) $this->getAutomaticHTTPSHeaderName());
401  $this->settings->set('ps_auto_https_headervalue',(string) $this->getAutomaticHTTPSHeaderValue());
402  $this->settings->set('https',(string) $this->isHTTPSEnabled());
403 
404  $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
405  $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
406  $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
407  $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
408  $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
409  $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
410  $this->settings->set('ps_password_uppercase_chars_num', (int) $this->getPasswordNumberOfUppercaseChars());
411  $this->settings->set('ps_password_lowercase_chars_num', (int) $this->getPasswordNumberOfLowercaseChars());
412  $this->settings->set('ps_password_must_not_contain_loginame', (int) $this->getPasswordMustNotContainLoginnameStatus());
413 
414  $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
415  $this->settings->set('ps_prevent_simultaneous_logins', (int)$this->isPreventionOfSimultaneousLoginsEnabled());
416  $this->settings->set('ps_protect_admin', (int) $this->isAdminRoleProtected());
417  }
425  private function read()
426  {
427  global $ilDB;
428 
429  $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
430  "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID,'integer')." ".
431  "AND object_data.type = 'ps' ".
432  "AND object_reference.ref_id = tree.child ".
433  "AND object_reference.obj_id = object_data.obj_id";
434  $res = $this->db->query($query);
435  $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
436  $this->ref_id = $row["ref_id"];
437 
438  $this->https_header_enable = (bool) $this->settings->get('ps_auto_https_enabled',false);
439  $this->https_header_name = (string) $this->settings->get('ps_auto_https_headername',"ILIAS_HTTPS_ENABLED");
440  $this->https_header_value = (string) $this->settings->get('ps_auto_https_headervalue',"1");
441  $this->https_enable = (boolean) $this->settings->get('https', false);
442 
443  $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled', self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED);
444  $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled', self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED);
445  $this->password_min_length = (int) $this->settings->get('ps_password_min_length', self::DEFAULT_PASSWORD_MIN_LENGTH);
446  $this->password_max_length = (int) $this->settings->get('ps_password_max_length', self::DEFAULT_PASSWORD_MAX_LENGTH);
447  $this->password_max_age = (int) $this->settings->get('ps_password_max_age', self::DEFAULT_PASSWORD_MAX_AGE);
448  $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts', self::DEFAULT_LOGIN_MAX_ATTEMPTS);
449  $this->password_ucase_chars_num = (int) $this->settings->get('ps_password_uppercase_chars_num', 0);
450  $this->password_lcase_chars_num = (int) $this->settings->get('ps_password_lowercase_chars_num', 0);
451  $this->password_must_not_contain_loginname = $this->settings->get('ps_password_must_not_contain_loginame', 0) == '1' ? true : false;
452 
453  $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled', self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED);
454  $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS);
455 
456  $this->protect_admin_role = (bool) $this->settings->get('ps_protect_admin',$this->protect_admin_role);
457  }
458 
464  public function validate(ilPropertyFormGUI $a_form = null)
465  {
466  $code = null;
467 
468  if ($a_form)
469  {
470  include_once "Services/PrivacySecurity/classes/class.ilObjPrivacySecurityGUI.php";
471  }
472 
473  // handled in form itself
474  if ($this->isAutomaticHTTPSEnabled() &&
475  (strlen($this->getAutomaticHTTPSHeaderName()) == 0 ||
476  strlen($this->getAutomaticHTTPSHeaderValue()) == 0)
477  )
478  {
479  return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
480  }
481 
482  include_once './Services/Http/classes/class.ilHTTPS.php';
483 
484  if ($this->isHTTPSEnabled())
485  {
486  if(!ilHTTPS::_checkHTTPS())
487  {
488  $code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
489  if(!$a_form)
490  {
491  return $code;
492  }
493  else
494  {
495  $a_form->getItemByPostVar('https_enabled')
496  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
497  }
498  }
499  }
500  /*
501  elseif(!ilHTTPS::_checkHTTP())
502  {
503  $code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
504  if(!$a_form)
505  {
506  return $code;
507  }
508  else
509  {
510  $a_form->getItemByPostVar('https_enabled')
511  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
512  }
513  }
514  */
515  if( $this->getPasswordMinLength() < 0 )
516  {
517  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
518  if(!$a_form)
519  {
520  return $code;
521  }
522  else
523  {
524  $a_form->getItemByPostVar('password_min_length')
525  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
526  }
527  }
528 
529  if( $this->getPasswordMaxLength() < 0 )
530  {
531  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
532  if(!$a_form)
533  {
534  return $code;
535  }
536  else
537  {
538  $a_form->getItemByPostVar('password_max_length')
539  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
540  }
541  }
542 
543  $password_min_length = 1;
544 
545  if($this->getPasswordNumberOfUppercaseChars() > 0 || $this->getPasswordNumberOfLowercaseChars() > 0)
546  {
547  $password_min_length = 0;
548  if($this->getPasswordNumberOfUppercaseChars() > 0)
549  {
550  $password_min_length += $this->getPasswordNumberOfUppercaseChars();
551  }
552  if($this->getPasswordNumberOfLowercaseChars() > 0)
553  {
554  $password_min_length += $this->getPasswordNumberOfLowercaseChars();
555  }
556  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1;
557  }
558 
559  if( $this->isPasswordCharsAndNumbersEnabled() )
560  {
561  $password_min_length++;
562  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
563 
564  if( $this->isPasswordSpecialCharsEnabled() )
565  {
566  $password_min_length++;
567  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
568  }
569  }
570  else if($password_min_length > 1 && $this->isPasswordSpecialCharsEnabled())
571  {
572  $password_min_length++;
573  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
574  }
575 
576  if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
577  {
578  $code = $password_min_length_error_code;
579  if(!$a_form)
580  {
581  return $code;
582  }
583  else
584  {
585  $a_form->getItemByPostVar('password_min_length')
586  ->setAlert(sprintf(ilObjPrivacySecurityGUI::getErrorMessage($code), $password_min_length));
587  }
588  }
589  if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
590  {
591  $code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
592  if(!$a_form)
593  {
594  return $code;
595  }
596  else
597  {
598  $a_form->getItemByPostVar('password_max_length')
599  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
600  }
601  }
602 
603  if( $this->getPasswordMaxAge() < 0 )
604  {
605  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
606  if(!$a_form)
607  {
608  return $code;
609  }
610  else
611  {
612  $a_form->getItemByPostVar('password_max_age')
613  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
614  }
615  }
616 
617  if( $this->getLoginMaxAttempts() < 0 )
618  {
619  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
620  if(!$a_form)
621  {
622  return $code;
623  }
624  else
625  {
626  $a_form->getItemByPostVar('login_max_attempts')
627  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
628  }
629  }
630 
631  /*
632  * todo: have to check for local auth if first login password change is enabled??
633  * than: add errorcode
634  */
635 
636  if(!$a_form)
637  {
638  return 0;
639  }
640  else
641  {
642  return !(bool)$code;
643  }
644  }
645 
651  public function isPreventionOfSimultaneousLoginsEnabled()
652  {
653  return (bool)$this->prevent_simultaneous_logins;
654  }
655 
661  public function setPreventionOfSimultaneousLogins($value)
662  {
663  $this->prevent_simultaneous_logins = (bool)$value;
664  }
665 
670  public function setPasswordNumberOfUppercaseChars($password_ucase_chars_num)
671  {
672  $this->password_ucase_chars_num = $password_ucase_chars_num;
673  }
674 
679  public function getPasswordNumberOfUppercaseChars()
680  {
681  return $this->password_ucase_chars_num;
682  }
683 
688  public function setPasswordNumberOfLowercaseChars($password_lcase_chars_num)
689  {
690  $this->password_lcase_chars_num = $password_lcase_chars_num;
691  }
692 
697  public function getPasswordNumberOfLowercaseChars()
698  {
699  return $this->password_lcase_chars_num;
700  }
701 
706  public function setPasswordMustNotContainLoginnameStatus($status)
707  {
708  $this->password_must_not_contain_loginname = $status;
709  }
710 
715  public function getPasswordMustNotContainLoginnameStatus()
716  {
717  return $this->password_must_not_contain_loginname;
718  }
719 }
720 ?>