ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilSecuritySettings.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
35{
39
48
49 private static $instance = null;
50 private $db;
51 private $settings;
52
54
61
64
74
77
78 private $protect_admin_role = false;
79
87 private function __construct()
88 {
89
90 global $ilSetting,$ilDB;
91
92 $this->db = $ilDB;
93 $this->settings = $ilSetting;
94
95 $this->read();
96 }
97
105 public static function _getInstance()
106 {
107 if(is_object(self::$instance))
108 {
109 return self::$instance;
110 }
111 return self::$instance = new ilSecuritySettings();
112 }
113
114 public function getSecuritySettingsRefId()
115 {
116 return $this->ref_id;
117 }
118
126 public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
127 {
128 $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
129 }
130
139 {
141 }
142
150 public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
151 {
152 $this->password_special_chars_enabled = $a_password_special_chars_enabled;
153 }
154
163 {
165 }
166
172 public function setPasswordMinLength($a_password_min_length)
173 {
174 $this->password_min_length = $a_password_min_length;
175 }
176
182 public function getPasswordMinLength()
183 {
185 }
186
192 public function setPasswordMaxLength($a_password_max_length)
193 {
194 $this->password_max_length = $a_password_max_length;
195 }
196
202 public function getPasswordMaxLength()
203 {
205 }
206
212 public function setPasswordMaxAge($a_password_max_age)
213 {
214 $this->password_max_age = $a_password_max_age;
215 }
216
222 public function getPasswordMaxAge()
223 {
225 }
226
232 public function setLoginMaxAttempts($a_login_max_attempts)
233 {
234 $this->login_max_attempts = $a_login_max_attempts;
235 }
236
242 public function getLoginMaxAttempts()
243 {
245 }
246
252 public function setHTTPSEnabled ($value)
253 {
254 $this->https_enable = $value;
255 }
256
262 public function isHTTPSEnabled ()
263 {
264 return $this->https_enable;
265 }
266
274 public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
275 {
276 $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
277 }
278
287 {
289 }
290
295 public function isAdminRoleProtected()
296 {
297 return (bool) $this->protect_admin_role;
298 }
299
304 public function protectedAdminRole($a_stat)
305 {
306 $this->protect_admin_role = $a_stat;
307 }
308
313 public function checkAdminRoleAccessible($a_usr_id)
314 {
315 global $rbacreview;
316
317 if(!$this->isAdminRoleProtected())
318 {
319 return true;
320 }
321 if($rbacreview->isAssigned($a_usr_id,SYSTEM_ROLE_ID))
322 {
323 return true;
324 }
325 return false;
326 }
327
333 public function save()
334 {
335 $this->settings->set('https',(int) $this->isHTTPSEnabled());
336
337 $this->settings->set('ps_password_chars_and_numbers_enabled',(bool) $this->isPasswordCharsAndNumbersEnabled());
338 $this->settings->set('ps_password_special_chars_enabled',(bool) $this->isPasswordSpecialCharsEnabled());
339 $this->settings->set('ps_password_min_length',(int) $this->getPasswordMinLength());
340 $this->settings->set('ps_password_max_length',(int) $this->getPasswordMaxLength());
341 $this->settings->set('ps_password_max_age',(int) $this->getPasswordMaxAge());
342 $this->settings->set('ps_login_max_attempts',(int) $this->getLoginMaxAttempts());
343 $this->settings->set('ps_password_uppercase_chars_num', (int) $this->getPasswordNumberOfUppercaseChars());
344 $this->settings->set('ps_password_lowercase_chars_num', (int) $this->getPasswordNumberOfLowercaseChars());
345 $this->settings->set('ps_password_must_not_contain_loginame', (int) $this->getPasswordMustNotContainLoginnameStatus());
346
347 $this->settings->set('ps_password_change_on_first_login_enabled',(bool) $this->isPasswordChangeOnFirstLoginEnabled());
348 $this->settings->set('ps_prevent_simultaneous_logins', (int)$this->isPreventionOfSimultaneousLoginsEnabled());
349 $this->settings->set('ps_protect_admin', (int) $this->isAdminRoleProtected());
350 }
358 private function read()
359 {
360 global $ilDB;
361
362 $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data ".
363 "WHERE tree.parent = ".$ilDB->quote(SYSTEM_FOLDER_ID,'integer')." ".
364 "AND object_data.type = 'ps' ".
365 "AND object_reference.ref_id = tree.child ".
366 "AND object_reference.obj_id = object_data.obj_id";
367 $res = $this->db->query($query);
368 $row = $res->fetchRow(DB_FETCHMODE_ASSOC);
369 $this->ref_id = $row["ref_id"];
370
371 $this->https_enable = (boolean) $this->settings->get('https', false);
372
373 $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled', self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED);
374 $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled', self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED);
375 $this->password_min_length = (int) $this->settings->get('ps_password_min_length', self::DEFAULT_PASSWORD_MIN_LENGTH);
376 $this->password_max_length = (int) $this->settings->get('ps_password_max_length', self::DEFAULT_PASSWORD_MAX_LENGTH);
377 $this->password_max_age = (int) $this->settings->get('ps_password_max_age', self::DEFAULT_PASSWORD_MAX_AGE);
378 $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts', self::DEFAULT_LOGIN_MAX_ATTEMPTS);
379 $this->password_ucase_chars_num = (int) $this->settings->get('ps_password_uppercase_chars_num', 0);
380 $this->password_lcase_chars_num = (int) $this->settings->get('ps_password_lowercase_chars_num', 0);
381 $this->password_must_not_contain_loginname = $this->settings->get('ps_password_must_not_contain_loginame', 0) == '1' ? true : false;
382
383 $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled', self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED);
384 $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS);
385
386 $this->protect_admin_role = (bool) $this->settings->get('ps_protect_admin',$this->protect_admin_role);
387 }
388
394 public function validate(ilPropertyFormGUI $a_form = null)
395 {
396 $code = null;
397
398 if ($a_form)
399 {
400 include_once "Services/PrivacySecurity/classes/class.ilObjPrivacySecurityGUI.php";
401 }
402
403 include_once './Services/Http/classes/class.ilHTTPS.php';
404
405 if ($this->isHTTPSEnabled())
406 {
408 {
410 if(!$a_form)
411 {
412 return $code;
413 }
414 else
415 {
416 $a_form->getItemByPostVar('https_enabled')
418 }
419 }
420 }
421
422 if( $this->getPasswordMinLength() < 0 )
423 {
425 if(!$a_form)
426 {
427 return $code;
428 }
429 else
430 {
431 $a_form->getItemByPostVar('password_min_length')
433 }
434 }
435
436 if( $this->getPasswordMaxLength() < 0 )
437 {
439 if(!$a_form)
440 {
441 return $code;
442 }
443 else
444 {
445 $a_form->getItemByPostVar('password_max_length')
447 }
448 }
449
451
453 {
455 if($this->getPasswordNumberOfUppercaseChars() > 0)
456 {
458 }
459 if($this->getPasswordNumberOfLowercaseChars() > 0)
460 {
462 }
463 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1;
464 }
465
467 {
469 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
470
471 if( $this->isPasswordSpecialCharsEnabled() )
472 {
474 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
475 }
476 }
478 {
480 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
481 }
482
483 if( $this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length )
484 {
485 $code = $password_min_length_error_code;
486 if(!$a_form)
487 {
488 return $code;
489 }
490 else
491 {
492 $a_form->getItemByPostVar('password_min_length')
494 }
495 }
496 if( $this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength() )
497 {
499 if(!$a_form)
500 {
501 return $code;
502 }
503 else
504 {
505 $a_form->getItemByPostVar('password_max_length')
507 }
508 }
509
510 if( $this->getPasswordMaxAge() < 0 )
511 {
513 if(!$a_form)
514 {
515 return $code;
516 }
517 else
518 {
519 $a_form->getItemByPostVar('password_max_age')
521 }
522 }
523
524 if( $this->getLoginMaxAttempts() < 0 )
525 {
527 if(!$a_form)
528 {
529 return $code;
530 }
531 else
532 {
533 $a_form->getItemByPostVar('login_max_attempts')
535 }
536 }
537
538 /*
539 * todo: have to check for local auth if first login password change is enabled??
540 * than: add errorcode
541 */
542
543 if(!$a_form)
544 {
545 return 0;
546 }
547 else
548 {
549 return !(bool)$code;
550 }
551 }
552
559 {
561 }
562
568 public function setPreventionOfSimultaneousLogins($value)
569 {
570 $this->prevent_simultaneous_logins = (bool)$value;
571 }
572
578 {
579 $this->password_ucase_chars_num = $password_ucase_chars_num;
580 }
581
587 {
589 }
590
596 {
597 $this->password_lcase_chars_num = $password_lcase_chars_num;
598 }
599
605 {
607 }
608
614 {
615 $this->password_must_not_contain_loginname = $status;
616 }
617
623 {
625 }
626}
627?>
const DB_FETCHMODE_ASSOC
Definition: class.ilDB.php:10
_checkHTTPS()
static method to check if https connections are possible for this server @access public
static getErrorMessage($code)
return error message for error code
This class represents a property form user interface.
Singleton class that stores all security settings.
setLoginMaxAttempts($a_login_max_attempts)
set the maximum count of login attempts
setPasswordMaxAge($a_password_max_age)
set the maximum password age
checkAdminRoleAccessible($a_usr_id)
Check if the administrator role is accessible for a specific user.
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2
validate(ilPropertyFormGUI $a_form=null)
validate settings
setPasswordMaxLength($a_password_max_length)
set the maximum length for passwords
isPasswordSpecialCharsEnabled()
get boolean if the passwords have to contain special characters
isAdminRoleProtected()
Check if admin role is protected.
getLoginMaxAttempts()
get the maximum count of login attempts
setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
set if the passwords have to contain characters and numbers
getPasswordMustNotContainLoginnameStatus()
Return whether the password must not contain the loginname or not.
const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS
getPasswordMinLength()
get the minimum length for passwords
setPasswordNumberOfUppercaseChars($password_ucase_chars_num)
Set number of uppercase characters required.
protectedAdminRole($a_stat)
Set admin role protection status.
static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3
setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
set if the passwords have to be changed by users on first login
getPasswordMaxLength()
get the maximum length for passwords
setPasswordMustNotContainLoginnameStatus($status)
Set whether the password must not contain the loginname or not.
isPreventionOfSimultaneousLoginsEnabled()
Prevention of simultaneous logins with the same account.
setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
set if the passwords have to contain special characters
getPasswordNumberOfUppercaseChars()
Returns number of uppercase characters required.
isHTTPSEnabled()
read access to https enabled property
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE
isPasswordCharsAndNumbersEnabled()
get boolean if the passwords have to contain characters and numbers
isPasswordChangeOnFirstLoginEnabled()
get boolean if the passwords have to be changed by users on first login
setHTTPSEnabled($value)
Enable https for certain scripts.
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH
setPreventionOfSimultaneousLogins($value)
Enable/Disable prevention of simultaneous logins with the same account.
getPasswordMaxAge()
get the maximum password age
const DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED
setPasswordNumberOfLowercaseChars($password_lcase_chars_num)
Set number of lowercase characters required.
setPasswordMinLength($a_password_min_length)
set the minimum length for passwords
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH
static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE
static _getInstance()
Get instance of ilSecuritySettings.
getPasswordNumberOfLowercaseChars()
Returns number of lowercase characters required.
__construct()
Private constructor: use _getInstance()
$code
Definition: example_050.php:99
global $ilSetting
Definition: privfeed.php:40
$ref_id
Definition: sahs_server.php:39
global $ilDB