ILIAS  release_6 Revision v6.24-5-g0c8bfefb3b8
class.ilSecuritySettings.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
35{
39
48
49 private static $instance = null;
50 private $db;
51 private $settings;
52
54
61
64
74
77
78 private $protect_admin_role = false;
79
87 private function __construct()
88 {
89 global $DIC;
90
91 $ilSetting = $DIC['ilSetting'];
92 $ilDB = $DIC['ilDB'];
93
94 $this->db = $ilDB;
95 $this->settings = $ilSetting;
96
97 $this->read();
98 }
99
107 public static function _getInstance()
108 {
109 if (is_object(self::$instance)) {
110 return self::$instance;
111 }
112 return self::$instance = new ilSecuritySettings();
113 }
114
115 public function getSecuritySettingsRefId()
116 {
117 return $this->ref_id;
118 }
119
127 public function setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
128 {
129 $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
130 }
131
140 {
142 }
143
151 public function setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
152 {
153 $this->password_special_chars_enabled = $a_password_special_chars_enabled;
154 }
155
164 {
166 }
167
173 public function setPasswordMinLength($a_password_min_length)
174 {
175 $this->password_min_length = $a_password_min_length;
176 }
177
183 public function getPasswordMinLength()
184 {
186 }
187
193 public function setPasswordMaxLength($a_password_max_length)
194 {
195 $this->password_max_length = $a_password_max_length;
196 }
197
203 public function getPasswordMaxLength()
204 {
206 }
207
213 public function setPasswordMaxAge($a_password_max_age)
214 {
215 $this->password_max_age = $a_password_max_age;
216 }
217
223 public function getPasswordMaxAge()
224 {
226 }
227
233 public function setLoginMaxAttempts($a_login_max_attempts)
234 {
235 $this->login_max_attempts = $a_login_max_attempts;
236 }
237
243 public function getLoginMaxAttempts()
244 {
246 }
247
253 public function setHTTPSEnabled($value)
254 {
255 $this->https_enable = $value;
256 }
257
263 public function isHTTPSEnabled()
264 {
265 return $this->https_enable;
266 }
267
275 public function setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
276 {
277 $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
278 }
279
288 {
290 }
291
296 public function isAdminRoleProtected()
297 {
298 return (bool) $this->protect_admin_role;
299 }
300
305 public function protectedAdminRole($a_stat)
306 {
307 $this->protect_admin_role = $a_stat;
308 }
309
314 public function checkAdminRoleAccessible($a_usr_id)
315 {
316 global $DIC;
317
318 $rbacreview = $DIC['rbacreview'];
319
320 if (!$this->isAdminRoleProtected()) {
321 return true;
322 }
323 if ($rbacreview->isAssigned($a_usr_id, SYSTEM_ROLE_ID)) {
324 return true;
325 }
326 return false;
327 }
328
334 public function save()
335 {
336 $this->settings->set('https', (int) $this->isHTTPSEnabled());
337
338 $this->settings->set('ps_password_chars_and_numbers_enabled', (bool) $this->isPasswordCharsAndNumbersEnabled());
339 $this->settings->set('ps_password_special_chars_enabled', (bool) $this->isPasswordSpecialCharsEnabled());
340 $this->settings->set('ps_password_min_length', (int) $this->getPasswordMinLength());
341 $this->settings->set('ps_password_max_length', (int) $this->getPasswordMaxLength());
342 $this->settings->set('ps_password_max_age', (int) $this->getPasswordMaxAge());
343 $this->settings->set('ps_login_max_attempts', (int) $this->getLoginMaxAttempts());
344 $this->settings->set('ps_password_uppercase_chars_num', (int) $this->getPasswordNumberOfUppercaseChars());
345 $this->settings->set('ps_password_lowercase_chars_num', (int) $this->getPasswordNumberOfLowercaseChars());
346 $this->settings->set('ps_password_must_not_contain_loginame', (int) $this->getPasswordMustNotContainLoginnameStatus());
347
348 $this->settings->set('ps_password_change_on_first_login_enabled', (bool) $this->isPasswordChangeOnFirstLoginEnabled());
349 $this->settings->set('ps_prevent_simultaneous_logins', (int) $this->isPreventionOfSimultaneousLoginsEnabled());
350 $this->settings->set('ps_protect_admin', (int) $this->isAdminRoleProtected());
351 }
359 private function read()
360 {
361 global $DIC;
362
363 $ilDB = $DIC['ilDB'];
364
365 $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data " .
366 "WHERE tree.parent = " . $ilDB->quote(SYSTEM_FOLDER_ID, 'integer') . " " .
367 "AND object_data.type = 'ps' " .
368 "AND object_reference.ref_id = tree.child " .
369 "AND object_reference.obj_id = object_data.obj_id";
370 $res = $this->db->query($query);
371 $row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
372 $this->ref_id = $row["ref_id"];
373
374 $this->https_enable = (boolean) $this->settings->get('https', false);
375
376 $this->password_chars_and_numbers_enabled = (bool) $this->settings->get('ps_password_chars_and_numbers_enabled', self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED);
377 $this->password_special_chars_enabled = (bool) $this->settings->get('ps_password_special_chars_enabled', self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED);
378 $this->password_min_length = (int) $this->settings->get('ps_password_min_length', self::DEFAULT_PASSWORD_MIN_LENGTH);
379 $this->password_max_length = (int) $this->settings->get('ps_password_max_length', self::DEFAULT_PASSWORD_MAX_LENGTH);
380 $this->password_max_age = (int) $this->settings->get('ps_password_max_age', self::DEFAULT_PASSWORD_MAX_AGE);
381 $this->login_max_attempts = (int) $this->settings->get('ps_login_max_attempts', self::DEFAULT_LOGIN_MAX_ATTEMPTS);
382 $this->password_ucase_chars_num = (int) $this->settings->get('ps_password_uppercase_chars_num', 0);
383 $this->password_lcase_chars_num = (int) $this->settings->get('ps_password_lowercase_chars_num', 0);
384 $this->password_must_not_contain_loginname = $this->settings->get('ps_password_must_not_contain_loginame', 0) == '1' ? true : false;
385
386 $this->password_change_on_first_login_enabled = (bool) $this->settings->get('ps_password_change_on_first_login_enabled', self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED);
387 $this->prevent_simultaneous_logins = (bool) $this->settings->get('ps_prevent_simultaneous_logins', self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS);
388
389 $this->protect_admin_role = (bool) $this->settings->get('ps_protect_admin', $this->protect_admin_role);
390 }
391
397 public function validate(ilPropertyFormGUI $a_form = null)
398 {
399 $code = null;
400
401 if ($a_form) {
402 include_once "Services/PrivacySecurity/classes/class.ilObjPrivacySecurityGUI.php";
403 }
404
405 include_once './Services/Http/classes/class.ilHTTPS.php';
406
407 if ($this->isHTTPSEnabled()) {
408 if (!ilHTTPS::_checkHTTPS()) {
410 if (!$a_form) {
411 return $code;
412 } else {
413 $a_form->getItemByPostVar('https_enabled')
415 }
416 }
417 }
418
419 if ($this->getPasswordMinLength() < 0) {
421 if (!$a_form) {
422 return $code;
423 } else {
424 $a_form->getItemByPostVar('password_min_length')
426 }
427 }
428
429 if ($this->getPasswordMaxLength() < 0) {
431 if (!$a_form) {
432 return $code;
433 } else {
434 $a_form->getItemByPostVar('password_max_length')
436 }
437 }
438
440
443 if ($this->getPasswordNumberOfUppercaseChars() > 0) {
445 }
446 if ($this->getPasswordNumberOfLowercaseChars() > 0) {
448 }
449 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1;
450 }
451
454 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
455
456 if ($this->isPasswordSpecialCharsEnabled()) {
458 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
459 }
460 } elseif ($password_min_length > 1 && $this->isPasswordSpecialCharsEnabled()) {
462 $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
463 }
464
465 if ($this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length) {
466 $code = $password_min_length_error_code;
467 if (!$a_form) {
468 return $code;
469 } else {
470 $a_form->getItemByPostVar('password_min_length')
472 }
473 }
474 if ($this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength()) {
476 if (!$a_form) {
477 return $code;
478 } else {
479 $a_form->getItemByPostVar('password_max_length')
481 }
482 }
483
484 if ($this->getPasswordMaxAge() < 0) {
486 if (!$a_form) {
487 return $code;
488 } else {
489 $a_form->getItemByPostVar('password_max_age')
491 }
492 }
493
494 if ($this->getLoginMaxAttempts() < 0) {
496 if (!$a_form) {
497 return $code;
498 } else {
499 $a_form->getItemByPostVar('login_max_attempts')
501 }
502 }
503
504 /*
505 * todo: have to check for local auth if first login password change is enabled??
506 * than: add errorcode
507 */
508
509 if (!$a_form) {
510 return 0;
511 } else {
512 return !(bool) $code;
513 }
514 }
515
522 {
524 }
525
531 public function setPreventionOfSimultaneousLogins($value)
532 {
533 $this->prevent_simultaneous_logins = (bool) $value;
534 }
535
541 {
542 $this->password_ucase_chars_num = $password_ucase_chars_num;
543 }
544
550 {
552 }
553
559 {
560 $this->password_lcase_chars_num = $password_lcase_chars_num;
561 }
562
568 {
570 }
571
577 {
578 $this->password_must_not_contain_loginname = $status;
579 }
580
586 {
588 }
589}
An exception for terminatinating execution or to throw for unit testing.
static _checkHTTPS()
static method to check if https connections are possible for this server @access public
static getErrorMessage($code)
return error message for error code
This class represents a property form user interface.
Singleton class that stores all security settings.
setLoginMaxAttempts($a_login_max_attempts)
set the maximum count of login attempts
setPasswordMaxAge($a_password_max_age)
set the maximum password age
checkAdminRoleAccessible($a_usr_id)
Check if the administrator role is accessible for a specific user.
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2
validate(ilPropertyFormGUI $a_form=null)
validate settings
setPasswordMaxLength($a_password_max_length)
set the maximum length for passwords
isPasswordSpecialCharsEnabled()
get boolean if the passwords have to contain special characters
isAdminRoleProtected()
Check if admin role is protected.
getLoginMaxAttempts()
get the maximum count of login attempts
setPasswordCharsAndNumbersEnabled($a_chars_and_numbers_enabled)
set if the passwords have to contain characters and numbers
getPasswordMustNotContainLoginnameStatus()
Return whether the password must not contain the loginname or not.
const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS
getPasswordMinLength()
get the minimum length for passwords
setPasswordNumberOfUppercaseChars($password_ucase_chars_num)
Set number of uppercase characters required.
protectedAdminRole($a_stat)
Set admin role protection status.
static $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3
setPasswordChangeOnFirstLoginEnabled($a_password_change_on_first_login_enabled)
set if the passwords have to be changed by users on first login
getPasswordMaxLength()
get the maximum length for passwords
setPasswordMustNotContainLoginnameStatus($status)
Set whether the password must not contain the loginname or not.
isPreventionOfSimultaneousLoginsEnabled()
Prevention of simultaneous logins with the same account.
setPasswordSpecialCharsEnabled($a_password_special_chars_enabled)
set if the passwords have to contain special characters
getPasswordNumberOfUppercaseChars()
Returns number of uppercase characters required.
isHTTPSEnabled()
read access to https enabled property
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE
isPasswordCharsAndNumbersEnabled()
get boolean if the passwords have to contain characters and numbers
isPasswordChangeOnFirstLoginEnabled()
get boolean if the passwords have to be changed by users on first login
setHTTPSEnabled($value)
Enable https for certain scripts.
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH
setPreventionOfSimultaneousLogins($value)
Enable/Disable prevention of simultaneous logins with the same account.
getPasswordMaxAge()
get the maximum password age
const DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED
setPasswordNumberOfLowercaseChars($password_lcase_chars_num)
Set number of lowercase characters required.
setPasswordMinLength($a_password_min_length)
set the minimum length for passwords
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH
static $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE
static _getInstance()
Get instance of ilSecuritySettings.
getPasswordNumberOfLowercaseChars()
Returns number of lowercase characters required.
__construct()
Private constructor: use _getInstance()
global $ilSetting
Definition: privfeed.php:17
$query
foreach($_POST as $key=> $value) $res
settings()
Definition: settings.php:2
global $ilDB
$DIC
Definition: xapitoken.php:46