190 lines
6.6 KiB
PHP
190 lines
6.6 KiB
PHP
<?php
|
|
class Scores_Auth_Adapter_Ws implements Zend_Auth_Adapter_Interface
|
|
{
|
|
/**
|
|
* Identifiant de l'utilisateur
|
|
* @var string
|
|
*/
|
|
protected $_username;
|
|
|
|
/**
|
|
* Password
|
|
* @var string
|
|
*/
|
|
protected $_password;
|
|
|
|
/**
|
|
* Timeout
|
|
* @var int
|
|
*/
|
|
protected $_timeout = 1800;
|
|
|
|
/**
|
|
* Marqueur de vérification IP (en iponly)
|
|
* @var boolean
|
|
*/
|
|
protected $_checkIp = false;
|
|
|
|
/**
|
|
* Marqueur de vérification de hach
|
|
* @var boolean
|
|
*/
|
|
protected $_checkHach = false;
|
|
|
|
/**
|
|
* Liste des IPs des frontends (proxy)
|
|
* @var array
|
|
*/
|
|
protected $listProxyIp = array(
|
|
'62.210.222.34',
|
|
);
|
|
|
|
/**
|
|
* Authentification par WS
|
|
* @param string $username
|
|
* @param string $password
|
|
* @param string $mode
|
|
*/
|
|
public function __construct($username, $password, $mode = null)
|
|
{
|
|
$this->_username = $username;
|
|
$this->_password = $password;
|
|
|
|
if ($mode == 'hach') {
|
|
$this->_checkHach = true;
|
|
}
|
|
|
|
if ($mode == 'iponly'){
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
}
|
|
$this->_password = 'iponly:'.$ip;
|
|
$this->_checkIp = true;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* (non-PHPdoc)
|
|
* @see Zend_Auth_Adapter_Interface::authenticate()
|
|
*/
|
|
public function authenticate()
|
|
{
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
}
|
|
|
|
$ws = new Scores_Ws_Client('gestion', '0.3');
|
|
$ws->setHttpLogin($this->_username);
|
|
$ws->setHttpPassword($this->_password);
|
|
$adressIp = $_SERVER['REMOTE_ADDR'];
|
|
$parameters = new stdClass();
|
|
$parameters->login = $this->_username;
|
|
$parameters->ipUtilisateur = $ip;
|
|
$parameters->from = 'auth';
|
|
$InfosLogin = $ws->getInfosLogin($parameters);
|
|
|
|
// --- Renvoi
|
|
if ( is_string($InfosLogin) || $InfosLogin->error->errnum != 0 ) {
|
|
$message = $InfosLogin;
|
|
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message));
|
|
}
|
|
// --- Assignation identity
|
|
elseif ( $InfosLogin !== false && !empty($InfosLogin->result->login)) {
|
|
$identity = new stdClass();
|
|
if ($this->_checkIp || $this->_checkHach) {
|
|
Zend_Registry::get('firebug')->info("IN");
|
|
$identity->password = $this->_password;
|
|
} else {
|
|
$identity->password = md5($InfosLogin->result->login.'|'.$this->_password);
|
|
}
|
|
Zend_Registry::get('firebug')->info($identity->password);
|
|
$identity->username = $InfosLogin->result->login;
|
|
$identity->email = $InfosLogin->result->email;
|
|
$identity->profil = $InfosLogin->result->profil;
|
|
$identity->pref = $InfosLogin->result->pref;
|
|
$identity->droits = $InfosLogin->result->droits;
|
|
$identity->droitsClients = $InfosLogin->result->droitsClients;
|
|
$identity->nom = $InfosLogin->result->nom;
|
|
$identity->prenom = $InfosLogin->result->prenom;
|
|
$identity->tel = $InfosLogin->result->tel;
|
|
$identity->fax = $InfosLogin->result->fax;
|
|
$identity->mobile = $InfosLogin->result->mobile;
|
|
$identity->id = $InfosLogin->result->id;
|
|
$identity->idClient = $InfosLogin->result->idClient;
|
|
$identity->reference = $InfosLogin->result->reference;
|
|
$identity->nbReponses = $InfosLogin->result->nbReponses;
|
|
$identity->typeScore = $InfosLogin->result->typeScore;
|
|
$identity->dateValidation = $InfosLogin->result->dateValidation;
|
|
$identity->nombreConnexions = $InfosLogin->result->nombreConnexions;
|
|
$identity->dateDerniereConnexion = $InfosLogin->result->dateDerniereConnexion;
|
|
$identity->dateDebutCompte = $InfosLogin->result->dateDebutCompte;
|
|
$identity->dateFinCompte = $InfosLogin->result->dateFinCompte;
|
|
$identity->acceptationCGU = $InfosLogin->result->acceptationCGU;
|
|
$identity->ip = $ip;
|
|
$identity->version = $InfosLogin->result->version;
|
|
$identity->modeEdition = false;
|
|
|
|
$timeout = (!empty($InfosLogin->result->timeout)) ? $InfosLogin->result->timeout : $this->_timeout;
|
|
$identity->timeout = $timeout;
|
|
$identity->time = time() + $timeout;
|
|
$lang = in_array($InfosLogin->result->lang, array('fr','en')) ? $InfosLogin->result->lang : 'fr';
|
|
$identity->lang = $lang;
|
|
$identity->langtmp = $lang;
|
|
|
|
// --- Adresse Ip interdites
|
|
$ipInterdites = array(
|
|
'81.252.88.0-81.252.88.7', // CTE D AGGLOMERATION DE SOPHIA
|
|
'195.200.187.163', // PacWan
|
|
'213.11.81.41', // Verizon France SAS
|
|
'83.206.171.252', // FR-BASE-D-INFORMATIONS-LEGALES-BI
|
|
'81.255.32.139',
|
|
'212.155.191.100-212.155.191.199', // Satair A/S
|
|
'212.37.196.156', // GENERALE-MULTIMEDIA-SUD
|
|
'80.245.60.121', // Planete Marseille - Mailclub
|
|
'213.246.57.101', // IKOULA
|
|
'193.104.158.0-193.104.158.255', // Altares.fr
|
|
'195.6.3.0-195.6.3.255', // ORT
|
|
'217.144.112.0-217.144.116.63', // Coface
|
|
);
|
|
|
|
// --- Validation IP
|
|
$overallIpValidate = false;
|
|
foreach ( $ipInterdites as $filtre ) {
|
|
if ( strpos($filtre, '*') ) {
|
|
$filtre = str_replace('*', '0', $filtre) . '-' . str_replace('*', '255', $filtre);
|
|
}
|
|
// Is it a range ?
|
|
if ( strpos($filtre, '-') ) {
|
|
$validateIp = new Scores_Validate_IpInNetwork();
|
|
$validateIp->setNetworkNotation($filtre);
|
|
$overallIpValidate = $validateIp->isValid($ipToValidate);
|
|
}
|
|
// Ip only
|
|
else {
|
|
if ( $filtre === $ipToValidate ) {
|
|
$overallIpValidate = true;
|
|
}
|
|
}
|
|
// Break foreach
|
|
if ( $overallIpValidate === true ) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
// Exit with error
|
|
if ( $overallIpValidate === false ) {
|
|
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity);
|
|
}
|
|
|
|
// --- OK connecté
|
|
$this->_username = $identity->username;
|
|
$this->_password = $identity->password;
|
|
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
|
|
|
|
} else {
|
|
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity, array("Identification impossible"));
|
|
}
|
|
}
|
|
} |