ILIAS  trunk Revision v11.0_alpha-1761-g6dbbfa7b760
All Data Structures Namespaces Files Functions Variables Enumerations Enumerator Modules Pages
Public Member Functions | Static Public Member Functions | Data Fields | Static Public Attributes | Protected Attributes | Private Member Functions | Private Attributes | Static Private Attributes
ilSecuritySettings Class Reference

Singleton class that stores all security settings. More...

+ Collaboration diagram for ilSecuritySettings:

Public Member Functions

 setPasswordCharsAndNumbersEnabled (bool $a_chars_and_numbers_enabled)
 set if the passwords have to contain characters and numbers More...
 
 isPasswordCharsAndNumbersEnabled ()
 get boolean if the passwords have to contain characters and numbers More...
 
 setPasswordSpecialCharsEnabled (bool $a_password_special_chars_enabled)
 set if the passwords have to contain special characters More...
 
 isPasswordSpecialCharsEnabled ()
 get boolean if the passwords have to contain special characters More...
 
 setPasswordMinLength (int $a_password_min_length)
 set the minimum length for passwords More...
 
 getPasswordMinLength ()
 get the minimum length for passwords More...
 
 setPasswordMaxLength (int $a_password_max_length)
 set the maximum length for passwords More...
 
 getPasswordMaxLength ()
 get the maximum length for passwords More...
 
 setPasswordMaxAge (int $a_password_max_age)
 set the maximum password age More...
 
 getPasswordMaxAge ()
 get the maximum password age More...
 
 setLoginMaxAttempts (int $a_login_max_attempts)
 set the maximum count of login attempts More...
 
 getLoginMaxAttempts ()
 get the maximum count of login attempts More...
 
 setHTTPSEnabled (bool $value)
 Enable https for certain scripts. More...
 
 isHTTPSEnabled ()
 read access to https enabled property More...
 
 setPasswordChangeOnFirstLoginEnabled (bool $a_password_change_on_first_login_enabled)
 set if the passwords have to be changed by users on first login More...
 
 isPasswordChangeOnFirstLoginEnabled ()
 get boolean if the passwords have to be changed by users on first login More...
 
 isAdminRoleProtected ()
 
 protectedAdminRole (bool $a_stat)
 
 checkAdminRoleAccessible (int $a_usr_id)
 Check if the administrator role is accessible for a specific user. More...
 
 save ()
 Save settings. More...
 
 validate (?ilPropertyFormGUI $a_form=null)
 validate settings More...
 
 isPreventionOfSimultaneousLoginsEnabled ()
 Prevention of simultaneous logins with the same account. More...
 
 setPreventionOfSimultaneousLogins (bool $value)
 Enable/Disable prevention of simultaneous logins with the same account. More...
 
 setPasswordNumberOfUppercaseChars (int $password_ucase_chars_num)
 Set number of uppercase characters required. More...
 
 getPasswordNumberOfUppercaseChars ()
 Returns number of uppercase characters required. More...
 
 setPasswordNumberOfLowercaseChars (int $password_lcase_chars_num)
 Set number of lowercase characters required. More...
 
 getPasswordNumberOfLowercaseChars ()
 Returns number of lowercase characters required. More...
 
 setPasswordMustNotContainLoginnameStatus ($status)
 Set whether the password must not contain the loginname or not. More...
 
 getPasswordMustNotContainLoginnameStatus ()
 Return whether the password must not contain the loginname or not. More...
 

Static Public Member Functions

static _getInstance ()
 Get instance of ilSecuritySettings. More...
 

Data Fields

const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4
 
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5
 
const SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6
 
const SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7
 
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1 = 11
 
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8
 
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9
 
const SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10
 
const DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED = true
 
const DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED = false
 
const DEFAULT_PASSWORD_MIN_LENGTH = 8
 
const DEFAULT_PASSWORD_MAX_LENGTH = 0
 
const DEFAULT_PASSWORD_MAX_AGE = 90
 
const DEFAULT_LOGIN_MAX_ATTEMPTS = 5
 
const MAX_LOGIN_ATTEMPTS = 99
 
const DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED = false
 
const DEFAULT_PREVENT_SIMULTANEOUS_LOGINS = false
 

Static Public Attributes

static int $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1
 
static int $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2
 
static int $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3
 

Protected Attributes

ilHTTPS $https
 

Private Member Functions

 __construct ()
 Private constructor: use _getInstance() More...
 
 read ()
 read settings private More...
 

Private Attributes

ilDBInterface $db
 
ilSetting $settings
 
ilRbacReview $review
 
bool $https_enable
 
bool $password_chars_and_numbers_enabled = self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED
 
bool $password_special_chars_enabled = self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED
 
int $password_min_length = self::DEFAULT_PASSWORD_MIN_LENGTH
 
int $password_max_length = self::DEFAULT_PASSWORD_MAX_LENGTH
 
int $password_max_age = self::DEFAULT_PASSWORD_MAX_AGE
 
int $password_ucase_chars_num = 0
 
int $password_lcase_chars_num = 0
 
int $login_max_attempts = self::DEFAULT_LOGIN_MAX_ATTEMPTS
 
bool $password_must_not_contain_loginname = false
 
bool $password_change_on_first_login_enabled = self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED
 
bool $prevent_simultaneous_logins = self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS
 
bool $protect_admin_role = false
 

Static Private Attributes

static self $instance = null
 

Detailed Description

Singleton class that stores all security settings.

Author
Roland Küstermann rolan.nosp@m.d@ku.nosp@m.ester.nosp@m.mann.nosp@m..com
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e //

Definition at line 27 of file class.ilSecuritySettings.php.

Constructor & Destructor Documentation

◆ __construct()

ilSecuritySettings::__construct ( )
private

Private constructor: use _getInstance()

Definition at line 79 of file class.ilSecuritySettings.php.

References $DIC, read(), and ILIAS\Repository\settings().

80  {
81  global $DIC;
82 
83  $this->db = $DIC->database();
84  $this->settings = $DIC->settings();
85  $this->review = $DIC->rbac()->review();
86  $this->https = $DIC['https'];
87 
88  $this->read();
89  }
$DIC
global $DIC
Definition: shib_login.php:22
ilSecuritySettings\read
read()
read settings private
Definition: class.ilSecuritySettings.php:295
+ Here is the call graph for this function:

Member Function Documentation

◆ _getInstance()

static ilSecuritySettings::_getInstance ( )
static

Get instance of ilSecuritySettings.

Returns
ilSecuritySettings instance public

Definition at line 96 of file class.ilSecuritySettings.php.

Referenced by ilObjRoleFolderGUI\addToExternalSettingsForm(), ilObjUserFolderGUI\addToExternalSettingsForm(), ilAuthFrontend\checkExceededLoginAttempts(), ilObjUserFolderGUI\generalSettingsObject(), ilSecuritySettingsChecker\generatePasswords(), ilSecuritySettingsChecker\getPasswordRequirementsInfo(), ilAuthFrontend\handleAuthenticationSuccess(), ilAuthFrontend\handleLoginAttempts(), ilObjRoleFolderGUI\initSettingsForm(), ilSecuritySettingsChecker\isPassword(), ilObjUser\isPasswordChangeDemanded(), ilObjUser\isPasswordExpired(), ilSecuritySettingsChecker\isPasswordValidForUserContext(), ilRoleAssignmentTableGUI\parse(), ilObjUserFolderGUI\saveGeneralSettingsObject(), ilObjRoleFolderGUI\saveSettingsObject(), ilObjPrivacySecurityGUI\showSecurity(), and ilObjRoleGUI\userassignmentObject().

96  : ilSecuritySettings
97  {
98  if (!self::$instance instanceof self) {
99  self::$instance = new self();
100  }
101  return self::$instance;
102  }
ilSecuritySettings
Singleton class that stores all security settings.
Definition: class.ilSecuritySettings.php:27
+ Here is the caller graph for this function:

◆ checkAdminRoleAccessible()

ilSecuritySettings::checkAdminRoleAccessible ( int  $a_usr_id)

Check if the administrator role is accessible for a specific user.

Definition at line 251 of file class.ilSecuritySettings.php.

References isAdminRoleProtected(), and SYSTEM_ROLE_ID.

251  : bool
252  {
253  if (!$this->isAdminRoleProtected()) {
254  return true;
255  }
256  if ($this->review->isAssigned($a_usr_id, SYSTEM_ROLE_ID)) {
257  return true;
258  }
259  return false;
260  }
SYSTEM_ROLE_ID
const SYSTEM_ROLE_ID
Definition: constants.php:29
+ Here is the call graph for this function:

◆ getLoginMaxAttempts()

ilSecuritySettings::getLoginMaxAttempts ( )

get the maximum count of login attempts

Definition at line 199 of file class.ilSecuritySettings.php.

References $login_max_attempts.

Referenced by save(), and validate().

199  : int
200  {
201  return $this->login_max_attempts;
202  }
+ Here is the caller graph for this function:

◆ getPasswordMaxAge()

ilSecuritySettings::getPasswordMaxAge ( )

get the maximum password age

Definition at line 183 of file class.ilSecuritySettings.php.

References $password_max_age.

Referenced by save(), and validate().

183  : int
184  {
185  return $this->password_max_age;
186  }
+ Here is the caller graph for this function:

◆ getPasswordMaxLength()

ilSecuritySettings::getPasswordMaxLength ( )

get the maximum length for passwords

Definition at line 167 of file class.ilSecuritySettings.php.

References $password_max_length.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), save(), and validate().

167  : int
168  {
169  return $this->password_max_length;
170  }
+ Here is the caller graph for this function:

◆ getPasswordMinLength()

ilSecuritySettings::getPasswordMinLength ( )

get the minimum length for passwords

Definition at line 151 of file class.ilSecuritySettings.php.

References $password_min_length.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), save(), and validate().

151  : int
152  {
153  return $this->password_min_length;
154  }
+ Here is the caller graph for this function:

◆ getPasswordMustNotContainLoginnameStatus()

ilSecuritySettings::getPasswordMustNotContainLoginnameStatus ( )

Return whether the password must not contain the loginname or not.

Definition at line 523 of file class.ilSecuritySettings.php.

References $password_must_not_contain_loginname.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), and save().

523  : bool
524  {
525  return $this->password_must_not_contain_loginname;
526  }
+ Here is the caller graph for this function:

◆ getPasswordNumberOfLowercaseChars()

ilSecuritySettings::getPasswordNumberOfLowercaseChars ( )

Returns number of lowercase characters required.

Definition at line 507 of file class.ilSecuritySettings.php.

References $password_lcase_chars_num.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), save(), and validate().

507  : int
508  {
509  return $this->password_lcase_chars_num;
510  }
+ Here is the caller graph for this function:

◆ getPasswordNumberOfUppercaseChars()

ilSecuritySettings::getPasswordNumberOfUppercaseChars ( )

Returns number of uppercase characters required.

Definition at line 491 of file class.ilSecuritySettings.php.

References $password_ucase_chars_num.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), save(), and validate().

491  : int
492  {
493  return $this->password_ucase_chars_num;
494  }
+ Here is the caller graph for this function:

◆ isAdminRoleProtected()

ilSecuritySettings::isAdminRoleProtected ( )

Definition at line 238 of file class.ilSecuritySettings.php.

References $protect_admin_role.

Referenced by checkAdminRoleAccessible(), and save().

238  : bool
239  {
240  return (bool) $this->protect_admin_role;
241  }
+ Here is the caller graph for this function:

◆ isHTTPSEnabled()

ilSecuritySettings::isHTTPSEnabled ( )

read access to https enabled property

Definition at line 215 of file class.ilSecuritySettings.php.

References $https_enable.

Referenced by save(), and validate().

215  : bool
216  {
217  return $this->https_enable;
218  }
+ Here is the caller graph for this function:

◆ isPasswordChangeOnFirstLoginEnabled()

ilSecuritySettings::isPasswordChangeOnFirstLoginEnabled ( )

get boolean if the passwords have to be changed by users on first login

Definition at line 233 of file class.ilSecuritySettings.php.

References $password_change_on_first_login_enabled.

Referenced by save().

233  : bool
234  {
235  return $this->password_change_on_first_login_enabled;
236  }
+ Here is the caller graph for this function:

◆ isPasswordCharsAndNumbersEnabled()

ilSecuritySettings::isPasswordCharsAndNumbersEnabled ( )

get boolean if the passwords have to contain characters and numbers

Definition at line 117 of file class.ilSecuritySettings.php.

References $password_chars_and_numbers_enabled.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), save(), and validate().

117  : bool
118  {
119  return $this->password_chars_and_numbers_enabled;
120  }
+ Here is the caller graph for this function:

◆ isPasswordSpecialCharsEnabled()

ilSecuritySettings::isPasswordSpecialCharsEnabled ( )

get boolean if the passwords have to contain special characters

Definition at line 135 of file class.ilSecuritySettings.php.

References $password_special_chars_enabled.

Referenced by ilObjUserFolderGUI\getPasswordPolicySettingsMap(), save(), and validate().

135  : bool
136  {
137  return $this->password_special_chars_enabled;
138  }
+ Here is the caller graph for this function:

◆ isPreventionOfSimultaneousLoginsEnabled()

ilSecuritySettings::isPreventionOfSimultaneousLoginsEnabled ( )

Prevention of simultaneous logins with the same account.

Returns
bool true, if prevention of simultaneous logins with the same account is enabled, false otherwise

Definition at line 467 of file class.ilSecuritySettings.php.

References $prevent_simultaneous_logins.

Referenced by save().

467  : bool
468  {
469  return $this->prevent_simultaneous_logins;
470  }
+ Here is the caller graph for this function:

◆ protectedAdminRole()

ilSecuritySettings::protectedAdminRole ( bool  $a_stat)

Definition at line 243 of file class.ilSecuritySettings.php.

243  : void
244  {
245  $this->protect_admin_role = $a_stat;
246  }

◆ read()

ilSecuritySettings::read ( )
private

read settings private

Parameters

Definition at line 295 of file class.ilSecuritySettings.php.

References $res, ilDBConstants\FETCHMODE_ASSOC, ILIAS\Repository\int(), null, ILIAS\Repository\settings(), and SYSTEM_FOLDER_ID.

Referenced by __construct().

295  : void
296  {
297  $query = "SELECT object_reference.ref_id FROM object_reference,tree,object_data " .
298  "WHERE tree.parent = " . $this->db->quote(SYSTEM_FOLDER_ID, 'integer') . " " .
299  "AND object_data.type = 'ps' " .
300  "AND object_reference.ref_id = tree.child " .
301  "AND object_reference.obj_id = object_data.obj_id";
302  $res = $this->db->query($query);
303  $row = $res->fetchRow(ilDBConstants::FETCHMODE_ASSOC);
304 
305  $this->https_enable = (bool) $this->settings->get('https', null);
306 
307  $this->password_chars_and_numbers_enabled = (bool) $this->settings->get(
308  'ps_password_chars_and_numbers_enabled',
309  (string) self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED
310  );
311  $this->password_special_chars_enabled = (bool) $this->settings->get(
312  'ps_password_special_chars_enabled',
313  (string) self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED
314  );
315  $this->password_min_length = (int) $this->settings->get(
316  'ps_password_min_length',
317  (string) self::DEFAULT_PASSWORD_MIN_LENGTH
318  );
319  $this->password_max_length = (int) $this->settings->get(
320  'ps_password_max_length',
321  (string) self::DEFAULT_PASSWORD_MAX_LENGTH
322  );
323  $this->password_max_age = (int) $this->settings->get('ps_password_max_age', (string) self::DEFAULT_PASSWORD_MAX_AGE);
324  $this->login_max_attempts = (int) $this->settings->get(
325  'ps_login_max_attempts',
326  (string) self::DEFAULT_LOGIN_MAX_ATTEMPTS
327  );
328  $this->password_ucase_chars_num = (int) $this->settings->get('ps_password_uppercase_chars_num', "0");
329  $this->password_lcase_chars_num = (int) $this->settings->get('ps_password_lowercase_chars_num', "0");
330  $this->password_must_not_contain_loginname = (bool) $this->settings->get(
331  'ps_password_must_not_contain_loginame',
332  null
333  );
334  $this->password_change_on_first_login_enabled = (bool) $this->settings->get(
335  'ps_password_change_on_first_login_enabled',
336  (string) self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED
337  );
338  $this->prevent_simultaneous_logins = (bool) $this->settings->get(
339  'ps_prevent_simultaneous_logins',
340  (string) self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS
341  );
342  $this->protect_admin_role = (bool) $this->settings->get('ps_protect_admin', (string) $this->protect_admin_role);
343  }
$res
$res
Definition: ltiservices.php:66
SYSTEM_FOLDER_ID
const SYSTEM_FOLDER_ID
Definition: constants.php:35
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ save()

ilSecuritySettings::save ( )

Save settings.

Definition at line 265 of file class.ilSecuritySettings.php.

References getLoginMaxAttempts(), getPasswordMaxAge(), getPasswordMaxLength(), getPasswordMinLength(), getPasswordMustNotContainLoginnameStatus(), getPasswordNumberOfLowercaseChars(), getPasswordNumberOfUppercaseChars(), isAdminRoleProtected(), isHTTPSEnabled(), isPasswordChangeOnFirstLoginEnabled(), isPasswordCharsAndNumbersEnabled(), isPasswordSpecialCharsEnabled(), isPreventionOfSimultaneousLoginsEnabled(), and ILIAS\Repository\settings().

265  : void
266  {
267  $this->settings->set('https', (string) $this->isHTTPSEnabled());
268 
269  $this->settings->set('ps_password_chars_and_numbers_enabled', (string) $this->isPasswordCharsAndNumbersEnabled());
270  $this->settings->set('ps_password_special_chars_enabled', (string) $this->isPasswordSpecialCharsEnabled());
271  $this->settings->set('ps_password_min_length', (string) $this->getPasswordMinLength());
272  $this->settings->set('ps_password_max_length', (string) $this->getPasswordMaxLength());
273  $this->settings->set('ps_password_max_age', (string) $this->getPasswordMaxAge());
274  $this->settings->set('ps_login_max_attempts', (string) $this->getLoginMaxAttempts());
275  $this->settings->set('ps_password_uppercase_chars_num', (string) $this->getPasswordNumberOfUppercaseChars());
276  $this->settings->set('ps_password_lowercase_chars_num', (string) $this->getPasswordNumberOfLowercaseChars());
277  $this->settings->set(
278  'ps_password_must_not_contain_loginame',
279  (string) $this->getPasswordMustNotContainLoginnameStatus()
280  );
281 
282  $this->settings->set(
283  'ps_password_change_on_first_login_enabled',
284  (string) $this->isPasswordChangeOnFirstLoginEnabled()
285  );
286  $this->settings->set('ps_prevent_simultaneous_logins', (string) $this->isPreventionOfSimultaneousLoginsEnabled());
287  $this->settings->set('ps_protect_admin', (string) $this->isAdminRoleProtected());
288  }
ilSecuritySettings\isHTTPSEnabled
isHTTPSEnabled()
read access to https enabled property
Definition: class.ilSecuritySettings.php:215
ilSecuritySettings\isPasswordCharsAndNumbersEnabled
isPasswordCharsAndNumbersEnabled()
get boolean if the passwords have to contain characters and numbers
Definition: class.ilSecuritySettings.php:117
ilSecuritySettings\getPasswordMaxLength
getPasswordMaxLength()
get the maximum length for passwords
Definition: class.ilSecuritySettings.php:167
ilSecuritySettings\isPasswordChangeOnFirstLoginEnabled
isPasswordChangeOnFirstLoginEnabled()
get boolean if the passwords have to be changed by users on first login
Definition: class.ilSecuritySettings.php:233
ilSecuritySettings\getPasswordNumberOfLowercaseChars
getPasswordNumberOfLowercaseChars()
Returns number of lowercase characters required.
Definition: class.ilSecuritySettings.php:507
ilSecuritySettings\getPasswordNumberOfUppercaseChars
getPasswordNumberOfUppercaseChars()
Returns number of uppercase characters required.
Definition: class.ilSecuritySettings.php:491
ilSecuritySettings\isPasswordSpecialCharsEnabled
isPasswordSpecialCharsEnabled()
get boolean if the passwords have to contain special characters
Definition: class.ilSecuritySettings.php:135
ilSecuritySettings\getPasswordMinLength
getPasswordMinLength()
get the minimum length for passwords
Definition: class.ilSecuritySettings.php:151
ilSecuritySettings\getPasswordMaxAge
getPasswordMaxAge()
get the maximum password age
Definition: class.ilSecuritySettings.php:183
ilSecuritySettings\isPreventionOfSimultaneousLoginsEnabled
isPreventionOfSimultaneousLoginsEnabled()
Prevention of simultaneous logins with the same account.
Definition: class.ilSecuritySettings.php:467
ilSecuritySettings\getLoginMaxAttempts
getLoginMaxAttempts()
get the maximum count of login attempts
Definition: class.ilSecuritySettings.php:199
ilSecuritySettings\getPasswordMustNotContainLoginnameStatus
getPasswordMustNotContainLoginnameStatus()
Return whether the password must not contain the loginname or not.
Definition: class.ilSecuritySettings.php:523
+ Here is the call graph for this function:

◆ setHTTPSEnabled()

ilSecuritySettings::setHTTPSEnabled ( bool  $value)

Enable https for certain scripts.

Definition at line 207 of file class.ilSecuritySettings.php.

207  : void
208  {
209  $this->https_enable = $value;
210  }

◆ setLoginMaxAttempts()

ilSecuritySettings::setLoginMaxAttempts ( int  $a_login_max_attempts)

set the maximum count of login attempts

Definition at line 191 of file class.ilSecuritySettings.php.

191  : void
192  {
193  $this->login_max_attempts = $a_login_max_attempts;
194  }

◆ setPasswordChangeOnFirstLoginEnabled()

ilSecuritySettings::setPasswordChangeOnFirstLoginEnabled ( bool  $a_password_change_on_first_login_enabled)

set if the passwords have to be changed by users on first login

Definition at line 224 of file class.ilSecuritySettings.php.

224  : void
225  {
226  $this->password_change_on_first_login_enabled = $a_password_change_on_first_login_enabled;
227  }

◆ setPasswordCharsAndNumbersEnabled()

ilSecuritySettings::setPasswordCharsAndNumbersEnabled ( bool  $a_chars_and_numbers_enabled)

set if the passwords have to contain characters and numbers

Definition at line 108 of file class.ilSecuritySettings.php.

108  : void
109  {
110  $this->password_chars_and_numbers_enabled = $a_chars_and_numbers_enabled;
111  }

◆ setPasswordMaxAge()

ilSecuritySettings::setPasswordMaxAge ( int  $a_password_max_age)

set the maximum password age

Definition at line 175 of file class.ilSecuritySettings.php.

175  : void
176  {
177  $this->password_max_age = $a_password_max_age;
178  }

◆ setPasswordMaxLength()

ilSecuritySettings::setPasswordMaxLength ( int  $a_password_max_length)

set the maximum length for passwords

Definition at line 159 of file class.ilSecuritySettings.php.

159  : void
160  {
161  $this->password_max_length = $a_password_max_length;
162  }

◆ setPasswordMinLength()

ilSecuritySettings::setPasswordMinLength ( int  $a_password_min_length)

set the minimum length for passwords

Definition at line 143 of file class.ilSecuritySettings.php.

143  : void
144  {
145  $this->password_min_length = $a_password_min_length;
146  }

◆ setPasswordMustNotContainLoginnameStatus()

ilSecuritySettings::setPasswordMustNotContainLoginnameStatus (   $status)

Set whether the password must not contain the loginname or not.

Definition at line 515 of file class.ilSecuritySettings.php.

515  : void
516  {
517  $this->password_must_not_contain_loginname = (bool) $status;
518  }

◆ setPasswordNumberOfLowercaseChars()

ilSecuritySettings::setPasswordNumberOfLowercaseChars ( int  $password_lcase_chars_num)

Set number of lowercase characters required.

Definition at line 499 of file class.ilSecuritySettings.php.

References $password_lcase_chars_num.

499  : void
500  {
501  $this->password_lcase_chars_num = $password_lcase_chars_num;
502  }

◆ setPasswordNumberOfUppercaseChars()

ilSecuritySettings::setPasswordNumberOfUppercaseChars ( int  $password_ucase_chars_num)

Set number of uppercase characters required.

Definition at line 483 of file class.ilSecuritySettings.php.

References $password_ucase_chars_num.

483  : void
484  {
485  $this->password_ucase_chars_num = $password_ucase_chars_num;
486  }

◆ setPasswordSpecialCharsEnabled()

ilSecuritySettings::setPasswordSpecialCharsEnabled ( bool  $a_password_special_chars_enabled)

set if the passwords have to contain special characters

Definition at line 126 of file class.ilSecuritySettings.php.

126  : void
127  {
128  $this->password_special_chars_enabled = $a_password_special_chars_enabled;
129  }

◆ setPreventionOfSimultaneousLogins()

ilSecuritySettings::setPreventionOfSimultaneousLogins ( bool  $value)

Enable/Disable prevention of simultaneous logins with the same account.

Definition at line 475 of file class.ilSecuritySettings.php.

475  : void
476  {
477  $this->prevent_simultaneous_logins = $value;
478  }

◆ validate()

ilSecuritySettings::validate ( ?ilPropertyFormGUI  $a_form = null)

validate settings

Parameters
ilPropertyFormGUI | null$a_form
Returns
int|null 0, if everything is ok, an error code otherwise

Definition at line 350 of file class.ilSecuritySettings.php.

References $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE, ilObjPrivacySecurityGUI\getErrorMessage(), getLoginMaxAttempts(), getPasswordMaxAge(), getPasswordMaxLength(), getPasswordMinLength(), getPasswordNumberOfLowercaseChars(), getPasswordNumberOfUppercaseChars(), isHTTPSEnabled(), isPasswordCharsAndNumbersEnabled(), isPasswordSpecialCharsEnabled(), and null.

350  : ?int
351  {
352  $code = null;
353 
354  if ($this->isHTTPSEnabled()) {
355  if (!$this->https->checkHTTPS()) {
356  $code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
357  if (!$a_form) {
358  return $code;
359  } else {
360  $a_form->getItemByPostVar('https_enabled')
361  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
362  }
363  }
364  }
365 
366  if ($this->getPasswordMinLength() < 0) {
367  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
368  if (!$a_form) {
369  return $code;
370  } else {
371  $a_form->getItemByPostVar('password_min_length')
372  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
373  }
374  }
375 
376  if ($this->getPasswordMaxLength() < 0) {
377  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
378  if (!$a_form) {
379  return $code;
380  } else {
381  $a_form->getItemByPostVar('password_max_length')
382  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
383  }
384  }
385 
386  $password_min_length = 1;
387  $password_min_length_error_code = null;
388 
389  if ($this->getPasswordNumberOfUppercaseChars() > 0 || $this->getPasswordNumberOfLowercaseChars() > 0) {
390  $password_min_length = 0;
391  if ($this->getPasswordNumberOfUppercaseChars() > 0) {
392  $password_min_length += $this->getPasswordNumberOfUppercaseChars();
393  }
394  if ($this->getPasswordNumberOfLowercaseChars() > 0) {
395  $password_min_length += $this->getPasswordNumberOfLowercaseChars();
396  }
397  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1;
398  }
399 
400  if ($this->isPasswordCharsAndNumbersEnabled()) {
401  $password_min_length++;
402  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
403 
404  if ($this->isPasswordSpecialCharsEnabled()) {
405  $password_min_length++;
406  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
407  }
408  } elseif ($password_min_length > 1 && $this->isPasswordSpecialCharsEnabled()) {
409  $password_min_length++;
410  $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
411  }
412 
413  if ($this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length) {
414  $code = $password_min_length_error_code;
415  if (!$a_form) {
416  return $code;
417  } else {
418  $a_form->getItemByPostVar('password_min_length')
419  ->setAlert(sprintf(ilObjPrivacySecurityGUI::getErrorMessage($code), $password_min_length));
420  }
421  }
422  if ($this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength()) {
423  $code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
424  if (!$a_form) {
425  return $code;
426  } else {
427  $a_form->getItemByPostVar('password_max_length')
428  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
429  }
430  }
431  if ($this->getPasswordMaxAge() < 0) {
432  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
433  if (!$a_form) {
434  return $code;
435  } else {
436  $a_form->getItemByPostVar('password_max_age')
437  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
438  }
439  }
440 
441  if ($this->getLoginMaxAttempts() < 0) {
442  $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
443  if (!$a_form) {
444  return $code;
445  } else {
446  $a_form->getItemByPostVar('login_max_attempts')
447  ->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
448  }
449  }
450 
451  /*
452  * todo: have to check for local auth if first login password change is enabled??
453  * than: add errorcode
454  */
455 
456  if (!$a_form) {
457  return 0;
458  } else {
459  return $code;
460  }
461  }
ilSecuritySettings\isHTTPSEnabled
isHTTPSEnabled()
read access to https enabled property
Definition: class.ilSecuritySettings.php:215
ilSecuritySettings\isPasswordCharsAndNumbersEnabled
isPasswordCharsAndNumbersEnabled()
get boolean if the passwords have to contain characters and numbers
Definition: class.ilSecuritySettings.php:117
ilSecuritySettings\getPasswordMaxLength
getPasswordMaxLength()
get the maximum length for passwords
Definition: class.ilSecuritySettings.php:167
null
while($session_entry=$r->fetchRow(ilDBConstants::FETCHMODE_ASSOC)) return null
Definition: shib_logout.php:142
ilSecuritySettings\getPasswordNumberOfLowercaseChars
getPasswordNumberOfLowercaseChars()
Returns number of lowercase characters required.
Definition: class.ilSecuritySettings.php:507
ilObjPrivacySecurityGUI\getErrorMessage
static getErrorMessage(int $code)
return error message for error code
Definition: class.ilObjPrivacySecurityGUI.php:353
ilSecuritySettings\getPasswordNumberOfUppercaseChars
getPasswordNumberOfUppercaseChars()
Returns number of uppercase characters required.
Definition: class.ilSecuritySettings.php:491
ilSecuritySettings\isPasswordSpecialCharsEnabled
isPasswordSpecialCharsEnabled()
get boolean if the passwords have to contain special characters
Definition: class.ilSecuritySettings.php:135
ilSecuritySettings\getPasswordMinLength
getPasswordMinLength()
get the minimum length for passwords
Definition: class.ilSecuritySettings.php:151
ilSecuritySettings\getPasswordMaxAge
getPasswordMaxAge()
get the maximum password age
Definition: class.ilSecuritySettings.php:183
ilSecuritySettings\$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE
static int $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE
Definition: class.ilSecuritySettings.php:31
ilSecuritySettings\getLoginMaxAttempts
getLoginMaxAttempts()
get the maximum count of login attempts
Definition: class.ilSecuritySettings.php:199
+ Here is the call graph for this function:

Field Documentation

◆ $db

ilDBInterface ilSecuritySettings::$db
private

Definition at line 43 of file class.ilSecuritySettings.php.

◆ $https

ilHTTPS ilSecuritySettings::$https
protected

Definition at line 46 of file class.ilSecuritySettings.php.

◆ $https_enable

bool ilSecuritySettings::$https_enable
private

Definition at line 48 of file class.ilSecuritySettings.php.

Referenced by isHTTPSEnabled().

◆ $instance

self ilSecuritySettings::$instance = null
staticprivate

Definition at line 42 of file class.ilSecuritySettings.php.

◆ $login_max_attempts

int ilSecuritySettings::$login_max_attempts = self::DEFAULT_LOGIN_MAX_ATTEMPTS
private

Definition at line 68 of file class.ilSecuritySettings.php.

Referenced by getLoginMaxAttempts().

◆ $password_change_on_first_login_enabled

bool ilSecuritySettings::$password_change_on_first_login_enabled = self::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED
private

Definition at line 71 of file class.ilSecuritySettings.php.

Referenced by isPasswordChangeOnFirstLoginEnabled().

◆ $password_chars_and_numbers_enabled

bool ilSecuritySettings::$password_chars_and_numbers_enabled = self::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED
private

Definition at line 61 of file class.ilSecuritySettings.php.

Referenced by isPasswordCharsAndNumbersEnabled().

◆ $password_lcase_chars_num

int ilSecuritySettings::$password_lcase_chars_num = 0
private

Definition at line 67 of file class.ilSecuritySettings.php.

Referenced by getPasswordNumberOfLowercaseChars(), and setPasswordNumberOfLowercaseChars().

◆ $password_max_age

int ilSecuritySettings::$password_max_age = self::DEFAULT_PASSWORD_MAX_AGE
private

Definition at line 65 of file class.ilSecuritySettings.php.

Referenced by getPasswordMaxAge().

◆ $password_max_length

int ilSecuritySettings::$password_max_length = self::DEFAULT_PASSWORD_MAX_LENGTH
private

Definition at line 64 of file class.ilSecuritySettings.php.

Referenced by getPasswordMaxLength().

◆ $password_min_length

int ilSecuritySettings::$password_min_length = self::DEFAULT_PASSWORD_MIN_LENGTH
private

Definition at line 63 of file class.ilSecuritySettings.php.

Referenced by getPasswordMinLength().

◆ $password_must_not_contain_loginname

bool ilSecuritySettings::$password_must_not_contain_loginname = false
private

Definition at line 69 of file class.ilSecuritySettings.php.

Referenced by getPasswordMustNotContainLoginnameStatus().

◆ $password_special_chars_enabled

bool ilSecuritySettings::$password_special_chars_enabled = self::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED
private

Definition at line 62 of file class.ilSecuritySettings.php.

Referenced by isPasswordSpecialCharsEnabled().

◆ $password_ucase_chars_num

int ilSecuritySettings::$password_ucase_chars_num = 0
private

Definition at line 66 of file class.ilSecuritySettings.php.

Referenced by getPasswordNumberOfUppercaseChars(), and setPasswordNumberOfUppercaseChars().

◆ $prevent_simultaneous_logins

bool ilSecuritySettings::$prevent_simultaneous_logins = self::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS
private

Definition at line 72 of file class.ilSecuritySettings.php.

Referenced by isPreventionOfSimultaneousLoginsEnabled().

◆ $protect_admin_role

bool ilSecuritySettings::$protect_admin_role = false
private

Definition at line 74 of file class.ilSecuritySettings.php.

Referenced by isAdminRoleProtected().

◆ $review

ilRbacReview ilSecuritySettings::$review
private

Definition at line 45 of file class.ilSecuritySettings.php.

◆ $SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS

int ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS = 1
static

Definition at line 29 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ $SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE

int ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE = 2
static

Definition at line 30 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ $SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE

int ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE = 3
static

Definition at line 31 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages(), and validate().

◆ $settings

ilSetting ilSecuritySettings::$settings
private

Definition at line 44 of file class.ilSecuritySettings.php.

◆ DEFAULT_LOGIN_MAX_ATTEMPTS

const ilSecuritySettings::DEFAULT_LOGIN_MAX_ATTEMPTS = 5

Definition at line 55 of file class.ilSecuritySettings.php.

◆ DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED

const ilSecuritySettings::DEFAULT_PASSWORD_CHANGE_ON_FIRST_LOGIN_ENABLED = false

Definition at line 58 of file class.ilSecuritySettings.php.

◆ DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED

const ilSecuritySettings::DEFAULT_PASSWORD_CHARS_AND_NUMBERS_ENABLED = true

Definition at line 50 of file class.ilSecuritySettings.php.

◆ DEFAULT_PASSWORD_MAX_AGE

const ilSecuritySettings::DEFAULT_PASSWORD_MAX_AGE = 90

Definition at line 54 of file class.ilSecuritySettings.php.

◆ DEFAULT_PASSWORD_MAX_LENGTH

const ilSecuritySettings::DEFAULT_PASSWORD_MAX_LENGTH = 0

Definition at line 53 of file class.ilSecuritySettings.php.

◆ DEFAULT_PASSWORD_MIN_LENGTH

const ilSecuritySettings::DEFAULT_PASSWORD_MIN_LENGTH = 8

Definition at line 52 of file class.ilSecuritySettings.php.

◆ DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED

const ilSecuritySettings::DEFAULT_PASSWORD_SPECIAL_CHARS_ENABLED = false

Definition at line 51 of file class.ilSecuritySettings.php.

◆ DEFAULT_PREVENT_SIMULTANEOUS_LOGINS

const ilSecuritySettings::DEFAULT_PREVENT_SIMULTANEOUS_LOGINS = false

Definition at line 59 of file class.ilSecuritySettings.php.

◆ MAX_LOGIN_ATTEMPTS

const ilSecuritySettings::MAX_LOGIN_ATTEMPTS = 99

Definition at line 56 of file class.ilSecuritySettings.php.

Referenced by ilObjUserFolderGUI\initFormGeneralSettings(), and ILIAS\User\Setup\DBUpdateSteps10\step_4().

◆ SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS = 7

Definition at line 36 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE = 6

Definition at line 35 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH = 5

Definition at line 34 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH = 4

Definition at line 33 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH = 10

Definition at line 40 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1 = 11

Definition at line 37 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2 = 8

Definition at line 38 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

◆ SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3

const ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3 = 9

Definition at line 39 of file class.ilSecuritySettings.php.

Referenced by ilObjPrivacySecurityGUI\initErrorMessages().

The documentation for this class was generated from the following file: