ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilSecuritySettings.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
34 class ilSecuritySettings
35 {
36  public static $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1;
37  public static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2;
38  public static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3;
39 
40  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4;
41  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5;
42  const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6;
43  const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7;
44  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8;
45  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9;
46  const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10;
47 
48 
49  const ACCOUNT_SECURITY_MODE_DEFAULT = 1;
50  const ACCOUNT_SECURITY_MODE_CUSTOMIZED = 2;
51 
52  /* Change Sn */
53  const DEFAULT_EXAM_USERAGENT = '';
54  const DEFAULT_EXAM_ROLE_ID = 4;
55  const DEFAULT_EXAM_SKIN = 'naviless';
56 
57 
58  private static $instance = null;
59  private $db;
60  private $settings;
61 
62  private $https_header_enable;
63  private $https_header_name;
64  private $https_header_value;
65  private $https_enable;
66 
67  private $account_security_mode = self::ACCOUNT_SECURITY_MODE_DEFAULT;
68  private $password_chars_and_numbers_enabled = false;
69  private $password_special_chars_enabled = false;
70  private $password_min_length = 0;
71  private $password_max_length = 0;
72  private $password_max_age = 0;
73  private $login_max_attempts = 0;
74 
75  private $password_change_on_first_login_enabled = false;
76 
77  private $prevent_simultaneous_logins = false;
78 
79  /* Change Sn */
80  private $exam_useragent = '';
81  private $exam_role_id = 0; // Default User role_id
82  private $exam_skin = '';
83 
91  private function __construct()
92  {
93 
94  global $ilSetting,$ilDB;
95 
96  $this->db = $ilDB;
97  $this->settings = $ilSetting;
98 
99  $this->read();
100  }
101 
109  public static function _getInstance()
110  {
111  if(is_object(self::$instance))
112  {
113  return self::$instance;
114  }
115  return self::$instance = new ilSecuritySettings();
116  }
117 
118  public function getSecuritySettingsRefId()
119  {
120  return $this->ref_id;
121  }
122 
123 
130  public function setAccountSecurityMode($a_mode)
131  {
132  $this->account_security_mode = $a_mode;
133  }
134 
141  public function getAccountSecurityMode()
142  {
143  return $this->account_security_mode;
144  }
145 
153  public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
154  {
155  $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
156  }
157 
165  public function isPasswordCharsAndNumbersEnabled()
166  {
167  return $this->password_chars_and_numbers_enabled;
168  }
169 
177  public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
178  {
179  $this->password_special_chars_enabled = $a_password_special_chars_enabled;
180  }
181 
189  public function isPasswordSpecialCharsEnabled()
190  {
191  return $this->password_special_chars_enabled;
192  }
193 
199  public function setPasswordMinLength($a_password_min_length)
200  {
201  $this->password_min_length = $a_password_min_length;
202  }
203 
209  public function getPasswordMinLength()
210  {
211  return $this->password_min_length;
212  }
213 
219  public function setPasswordMaxLength($a_password_max_length)
220  {
221  $this->password_max_length = $a_password_max_length;
222  }
223 
229  public function getPasswordMaxLength()
230  {
231  return $this->password_max_length;
232  }
233 
239  public function setPasswordMaxAge($a_password_max_age)
240  {
241  $this->password_max_age = $a_password_max_age;
242  }
243 
249  public function getPasswordMaxAge()
250  {
251  return $this->password_max_age;
252  }
253 
259  public function setLoginMaxAttempts($a_login_max_attempts)
260  {
261  $this->login_max_attempts = $a_login_max_attempts;
262  }
263 
269  public function getLoginMaxAttempts()
270  {
271  return $this->login_max_attempts;
272  }
273 
280  public function setAutomaticHTTPSEnabled($varname)
281  {
282  $this->https_header_enable = $varname;
283  }
284 
290  public function setAutomaticHTTPSHeaderName($varname)
291  {
292  $this->https_header_name = $varname;
293  }
294 
300  public function setAutomaticHTTPSHeaderValue($varname)
301  {
302  $this->https_header_value = $varname;
303  }
304 
310  public function getAutomaticHTTPSHeaderName()
311  {
312  return $this->https_header_name;
313  }
314 
320  public function getAutomaticHTTPSHeaderValue()
321  {
322  return $this->https_header_value;
323  }
324 
330  public function isAutomaticHTTPSEnabled()
331  {
332  return $this->https_header_enable;
333  }
334 
340  public function setHTTPSEnabled ($value)
341  {
342  $this->https_enable = $value;
343  }
344 
350  public function isHTTPSEnabled ()
351  {
352  return $this->https_enable;
353  }
354 
362  public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
363  {
364  $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
365  }
366 
374  public function isPasswordChangeOnFirstLoginEnabled()
375  {
376  return $this->password_change_on_first_login_enabled;
377  }
378 
384  public function save()
385  {
386  $this->settings->set('ps_auto_https_enabled',(bool) $this->isAutomaticHTTPSEnabled());
387  $this->settings->set('ps_auto_https_headername',(string) $this->getAutomaticHTTPSHeaderName());
388  $this->settings->set('ps_auto_https_headervalue',(string) $this->getAutomaticHTTPSHeaderValue());
389  $this->settings->set('https',(string) $this->isHTTPSEnabled());
390 
391  $this->settings->set('ps_account_security_mode',(int) $this->getAccountSecurityMode());
392  $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
393  $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
394  $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
395  $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
396  $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
397  $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
398 
399  $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
400  $this->settings->set('ps_prevent_simultaneous_logins', (int)$this->isPreventionOfSimultaneousLoginsEnabled());
401 
402  /* Change Sn */
403  $this->settings->set('ps_exam_useragent', (string)$this->getExamUserAgent());
404  $this->settings->set('ps_exam_role_id', (int)$this->getExamRoleId());
405  $this->settings->set('ps_exam_skin', (string)$this->getExamSkin());
406 
407  }
415  private function read()
416  {
417  global $ilDB;
418 
419  $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
420  "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID,'integer')." ".
421  "AND object_data.type = 'ps' ".
422  "AND object_reference.ref_id = tree.child ".
423  "AND object_reference.obj_id = object_data.obj_id";
424  $res = $this->db->query($query);
425  $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
426  $this->ref_id = $row["ref_id"];
427 
428  $this->https_header_enable = (bool) $this->settings->get('ps_auto_https_enabled',false);
429  $this->https_header_name = (string) $this->settings->get('ps_auto_https_headername',"ILIAS_HTTPS_ENABLED");
430  $this->https_header_value = (string) $this->settings->get('ps_auto_https_headervalue',"1");
431  $this->https_enable = (boolean) $this->settings->get('https', false);
432 
433  $this->account_security_mode = (int) $this->settings->get('ps_account_security_mode',0);
434  $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled',false);
435  $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled',false);
436  $this->password_min_length = (int) $this->settings->get('ps_password_min_length',0);
437  $this->password_max_length = (int) $this->settings->get('ps_password_max_length',0);
438  $this->password_max_age = (int) $this->settings->get('ps_password_max_age',0);
439  $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts',0);
440 
441  $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled',false);
442  $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', false);
443 
444  /* Change Sn */
445  $this->exam_useragent = (string) $this->settings->get('ps_exam_useragent', self::DEFAULT_EXAM_USERAGENT);
446  $this->exam_role_id = (int) $this->settings->get('ps_exam_role_id', self::DEFAULT_EXAM_ROLE_ID);
447  $this->exam_skin = (string) $this->settings->get('ps_exam_skin', "");
448  }
449 
455  public function validate()
456  {
457  if ($this->isAutomaticHTTPSEnabled() &&
458  (strlen($this->getAutomaticHTTPSHeaderName()) == 0 ||
459  strlen($this->getAutomaticHTTPSHeaderValue()) == 0)
460  )
461  {
462  return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
463  }
464  include_once './classes/class.ilHTTPS.php';
465 
466  if ($this->isHTTPSEnabled())
467  {
468  if(!ilHTTPS::_checkHTTPS())
469  {
470  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
471  }
472  }
473  elseif(!ilHTTPS::_checkHTTP())
474  {
475  return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
476  }
477 
478  if( $this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED )
479  {
480  if( $this->getPasswordMinLength() < 0 )
481  {
482  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
483  }
484 
485  if( $this->getPasswordMaxLength() < 0 )
486  {
487  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
488  }
489 
490  $password_min_length = 1;
491  if( $this->isPasswordCharsAndNumbersEnabled() )
492  {
493  $password_min_length++;
494  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
495 
496  if( $this->isPasswordSpecialCharsEnabled() )
497  {
498  $password_min_length++;
499  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
500  }
501  }
502  if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
503  {
504  return $password_min_length_error_code;
505  }
506  if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
507  {
508  return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
509  }
510 
511  if( $this->getPasswordMaxAge() < 0 )
512  {
513  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
514  }
515 
516  if( $this->getLoginMaxAttempts() < 0 )
517  {
518  return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
519  }
520  }
521 
522  /*
523  * todo: have to check for local auth if first login password change is enabled??
524  * than: add errorcode
525  */
526 
527  return 0;
528  }
529 
535  public function isPreventionOfSimultaneousLoginsEnabled()
536  {
537  return (bool)$this->prevent_simultaneous_logins;
538  }
539 
545  public function setPreventionOfSimultaneousLogins($value)
546  {
547  $this->prevent_simultaneous_logins = (bool)$value;
548  }
549 
550  /* Change Sn */
556  public function getExamUserAgent()
557  {
558  return $this->exam_useragent;
559  }
560 
566  public function setExamUserAgent($a_useragent)
567  {
568  $this->exam_useragent = $a_useragent;
569  }
575  public function getExamRoleId()
576  {
577  return $this->exam_role_id;
578  }
579 
585  public function setExamRoleId($a_role_id)
586  {
587  $this->exam_role_id = $a_role_id;
588  }
589 
595  public function getExamSkin()
596  {
597  return $this->exam_skin;
598  }
599 
605  public function setExamSkin($a_exam_skin)
606  {
607  $this->exam_skin = $a_exam_skin;
608  }
609 }
610 ?>