1176 lines
37 KiB
PHP
Raw Normal View History

2015-06-22 13:53:34 +00:00
<?php
class Scores_Ws_Server
{
/**
* User information
* @var array
*/
protected $User;
/**
* Is user authenticated
* @var boolean
*/
protected $authenticated = false;
/**
* Authenticated method (Basic, SoapHeader)
* @var string
*/
protected $authMethod = null;
/**
* Nom de l'application d'ou provient la demande d'authentification
* @var string
*/
protected $authApp = null;
/**
* IP du client
* @var string
*/
protected $authIp = null;
/**
* Name of Service
* @var string
*/
public $serviceName = null;
/**
* Is a customize service
* @var boolean
*/
public $serviceClient = false;
/**
* Name of Client
* @var string
*/
public $serviceClientName = null;
/**
* Version of service
* @var string
*/
public $serviceVersion = null;
/**
* List all application IPs
* @var array
*/
protected $listApplicationIp = array (
'195.154.174.221', //Extranet - sd-46528
'91.121.157.194', //Extranet - ns359466
'78.31.45.206', //SDSL RAMBOUILLET
'127.0.0.1',
2015-07-10 08:42:07 +00:00
'192.168.33.10',
2015-06-22 13:53:34 +00:00
);
protected $listProxyIp = array(
'62.210.222.34',
);
/**
* List all permission
* @var array
*
* category
*
* acces
* code | label | category
*
*/
protected $listeDroits = array (
//RECHERCHE
'RECHCSV' => "Export des résultats de la recherche",
'IPARI' => "Investigation par l'image IparI&copy;",
'HISTOBODACC' => "Historique des annonces bodacc",
'INVESTIG' => "Investigation",
'SEARCHENT' => "Recherche Entreprise",
'SEARCHDIR' => "Recherche Dirigeant",
'SEARCHACT' => "Recherche Actionnaire",
//IDENTITE
'IDENTITE' => "Fiche d'identité",
'IDPROCOL' => 'Fiche procédure collective',
'LIENS' => "Liens inter-entreprise",
'ETABLISSEMENTS' => "Liste des établissements",
'GROUPE' => "Informations et organigramme du groupe",
'EVENINSEE' => '&Eacute;vènements INSEE',
'AVISINSEE' => 'Avis de situation INSEE',
'AVISRNCS' => 'Avis de situation RNCS',
'RNVP' => "Normalisation postale",
//DIRIGEANT
'DIRIGEANTS' => "Liste des dirigeants",
'DIRIGEANTSOP' => "Liste des dirigeants opérationnels",
//FINANCE
'SYNTHESE' => "Synthèse",
'RATIOS' => "Ratios",
'FLUX' => "Flux de trésorerie",
'LIASSE' => "Liasse fiscale",
'LIASSEXLS' => "Export des Liasses au format XLS",
'UPLOADBILAN' => "Saisie de bilan",
'BOURSE' => "Bourse & cotations",
'BANQUE' => "Relations bancaires",
//JURIDIQUE
'ANNONCES' => "Annonces légales",
'INFOSREG' => "Informations réglementée",
'COMPETENCES' => "Compétences territoriales",
'CONVENTIONS' => "Conventions collectives",
'MARQUES' => "Marques déposées",
//EVALUATION
'INDISCORE' => "indiScore&copy;",
'INDISCORE2' => "Rapport synthetique",
'INDISCORE3' => "Rapport complet",
'INDISCOREP' => "indiScore+",
'INDISCORE2P' => "Rapport synthetique+",
'INDISCORE3P' => "Rapport complet+",
'VALORISATION' => "Valorisation",
'SCORECSF' => "Score CSF",
'ENQUETEC' => "Enquête commerciale",
'AVISCREDIT' => "Avis de crédit personnalisé",
//PIECES
'KBIS' => "Extrait RCS",
'ACTES' => "Pièces officielles",
'PRIVILEGES' => "Privilèges",
//SURVEILLANCES
'SURVANNONCE' => "Surveillance des annonces légales",
'SURVINSEE' => "Surveillance des événements INSEE",
'SURVBILAN' => "Surveillance des bilans saisies (liasse fiscale)",
'SURVSCORE' => "Surveillance des événements sur le score",
'SURVACTES' => "Surveillance des pieces officielles (comptes annuels, actes)",
'SURVDIRIGEANTS'=> "Surveillance des dirigeants",
'SURVPAIEMENTS' => "Surveillance des paiements",
'SURVLIENS' => "Surveillance des liens financiers",
'SURVPRIV' => "Surveillance des privilèges",
//OPTIONS
'MONPROFIL' => "Mon profil",
'EDITION' => "Mode Edition",
'PORTEFEUILLE' => "Portefeuille",
'SURVLISTE' => "Liste des surveillances",
//DIVERS
'INTERNATIONAL' => "Recherche Internationale",
'BDF' => "Banque de France",
'WORLDCHECK' => "World-Check Risk Intelligence",
);
protected $listeCategory = array(
'RECHERCHE' => array(
'label' => "Recherche",
'droits' => array('RECHCSV', 'IPARI', 'HISTOBODACC', 'INVESTIG', 'SEARCHENT',
'SEARCHDIR', 'SEARCHACT'),
),
'IDENTITE' => array(
'label' => "Identité",
'droits' => array('IDENTITE','IDPROCOL', 'LIENS', 'ETABLISSEMENTS', 'GROUPE',
'EVENINSEE', 'AVISINSEE', 'AVISRNCS', 'RNVP'),
),
'DIRIGEANT' => array(
'label' => "Dirigeant",
'droits' => array('DIRIGEANTS','DIRIGEANTSOP', 'WORLDCHECK'),
),
'FINANCE' => array(
'label' => 'Elements Financiers',
'droits' => array('SYNTHESE','RATIOS','FLUX','LIASSE','LIASSEXLS', 'UPLOADBILAN',
'BOURSE','BANQUE'),
),
'JURIDIQUE' => array(
'label' => 'Elements Juridiques',
'droits' => array('ANNONCES','INFOSREG','COMPETENCES','CONVENTIONS','MARQUES'),
),
'EVALUATION' => array(
'label' => 'Evaluation',
'droits' => array('INDISCORE', 'INDISCORE2', 'INDISCORE3', 'INDISCOREP', 'INDISCORE2P',
'INDISCORE3P','VALORISATION','ENQUETEC','AVISCREDIT'),
),
'PIECES' => array(
'label' => 'Pièces officielles',
'droits' => array('KBIS', 'ACTES', 'PRIVILEGES'),
),
'SURVEILLANCES' => array(
'label' => 'Surveillances',
'droits' => array('SURVANNONCE', 'SURVINSEE', 'SURVBILAN', 'SURVSCORE', 'SURVACTES',
'SURVDIRIGEANTS', 'SURVPAIEMENTS', 'SURVLIENS', 'SURVPRIV',
),
),
'OPTIONS' => array(
'label' => 'Options',
'droits' => array('MONPROFIL','SURVLISTE','PORTEFEUILLE','EDITION'),
),
'DIVERS' => array(
'label' => 'Divers',
'droits' => array('INTERNATIONAL', 'BDF'),
),
);
/**
* List preferences
* @var array
*/
protected $listePrefs = array(
'NAF4' => "Afficher les anciens NAF",
'NACE' => "Afficher les codes NACES",
'NEWS' => "Afficher les news Google&copy;",
'MAPPY' => "Afficher les fa&ccedil;ades d'immeubles",
'CARTES' => "Afficher les cartes et les plans",
'VOIRSURV' => "Afficher les entités sous surveillances",
'DEMANDEREF' => "Demande de référence par defaut",
'RECHREF' => "Afficher le formulaire de recherche par référence",
);
/**
* List logs for facturation
* @var array
*/
protected $logs = array(
'identite' => array(
'label' => "Identité"
),
'liens' => array(
'label' => "Liens Inter-Entreprise"
),
'etablissements' => array(
'label' => "Etablissements"
),
'dirigeants' => array(
'label' => "Dirigeants"
),
'annonces' => array(
'label' => "Annonces légales",
),
'indiscore' => array(
'label' => "Indiscore",
),
'indiscorep' => array(
'label' => "Indiscore+",
),
'indiscore2' => array(
'label' => "Rapport",
),
'indiscore2p' => array(
'label' => "Rapport avec suivi",
),
'indiscore3' => array(
'label' => "Rapport complet",
),
'indiscore3p' => array(
'label' => "Rapport complet avec suivi",
),
'evenements' => array(
'label' => "Modifications Insee",
),
'tva' => array(
'label' => "Numéro de TVA intracommunautaire",
),
'infosreg' => array(
'label' => "Informations réglementées",
),
'bourse' => array(
'label' => "Information boursière"
),
'bilan' => array(
'label' => "Liasse fiscale",
),
'sirenExiste' => array(
'label' => "Controle du SIREN",
),
'ratios' => array(
'label' => "Ratios",
),
'rapport1' => array(
'label' => "Rapport complet 1",
),
'rapport2' => array(
'label' => "Rapport complet 2",
),
'rapport3' => array(
'label' => "Rapport complet 3",
),
'banque' => array(
'label' => "Relations banquaires",
),
'competences' => array(
'label' => "Competences territoriales",
),
'privdetail' => array(
'label' => "Détails des privilèges",
),
'privcumul' => array(
'label' => "Privilèges cumulés",
),
'conventions' => array(
'label' => "Conventions collectives",
),
'marques' => array(
'label' => "Marques déposés",
),
'kbis' => array(
'label' => "Extrait RCS",
),
'dirigeantsop' => array(
'label' => "Dirigeants opérationels",
),
'groupesarbo' => array(
'label' => "Arborescence de groupes",
),
'groupeinfos' => array(
'label' => "Informations groupe",
),
'valorisation' => array(
'label' => "Valorisation",
),
'rnvp' => array(
'label' => "Normalisation postale",
),
);
/**
* List of error code send as SoapFault
* @var unknown_type
*/
public $listError = array(
2015-09-01 09:49:45 +00:00
'0000' => "Erreur indeterminé",
2015-06-22 13:53:34 +00:00
'0900' => "Identifiant ou mot de passe incorrect",
'0901' => "Accès WS non authorisé pour cet utilisateur",
'0902' => "Méthode non authorisée dans votre profil",
'0903' => "Période d'accès au service invalide",
'0904' => "Adresse IP Invalide",
'0905' => "Accès environnement de test non autorisé",
'0906' => "Erreur configuration utilisateur",
'1010' => "Siren invalide",
'1011' => "Identifiant invalide",
'1020' => "Siren inexistant",
'1021' => "Type d'identifiant inexistant",
'1030' => "Aucun résultat pour ce siren en base",
'3000' => "Service disponible",
'9000' => "Service S&D indisponible",
'9001' => "Service partenaire indisponible",
'9002' => "Méthode provisoirement indisponible",
'9003' => "Version du service désactivé",
'9004' => "Version du service inexistant",
'9010' => "Fichier indisponible",
'9020' => "Requête incorrecte",
);
public function __construct()
{
defined('DATETIME')
|| define ('DATETIME', date('YmdHis'));
defined('DATE')
|| define ('DATE', substr(DATETIME,0,8));
defined('TIME')
|| define ('TIME', substr(DATETIME,8,6));
defined('DATE_LISIBLE')
|| define ('DATE_LISIBLE', substr(DATETIME,6,2).'/'.substr(DATETIME,4,2).'/'.substr(DATETIME,0,4));
defined('TIME_LISIBLE')
|| define ('TIME_LISIBLE', substr(DATETIME,8,2).':'.substr(DATETIME,10,2).':'.substr(DATETIME,12,2));
}
/**
* Send SoapFault with code and messade define
* @param string $code
* @throws SoapFault
*/
protected function sendError($code)
{
$message = 'Erreur inconnue';
if (array_key_exists($code, $this->listError)){
$message = $this->listError[$code];
}
throw new SoapFault($code,$message);
exit;
}
/**
* Enregistre l'appel utilisateur à une méthode
* @param $service
* @param $siret
* @param $ref
* @return void
*/
protected function wsLog($service, $siret='', $ref='')
{
//Is it a test
if ( $this->User->clientTest=='Oui' || $this->User->typeCompte=='TEST' ) {
$test=1;
} else {
$test=0;
}
2015-06-30 09:39:47 +00:00
$siren = 0;
2015-06-22 13:53:34 +00:00
if ( strlen($siret) == 14 ) {
$siren = substr($siret,0,9);
$nic = substr($siret,9,5);
} elseif ( strlen($siret) == 9 ) {
$siren = $siret;
$nic = '';
}
// Set data by default
$dataInsert = array(
'login' => $this->User->login,
'page' => $service,
'params' => $ref,
'idClient' => $this->User->idClient,
'test' => $test,
'actifInsee' => 0,
'source' => 0,
'raisonSociale' => '',
'cp' => '',
'ville' => '',
'ipClient' => $this->User->ipConnexion,
);
$db = Zend_Db_Table_Abstract::getDefaultAdapter();
$pageRS = array(
'identite',
'greffe_bilans',
'greffe_actes',
'liens',
'dirigeants',
'etablissements',
'dirigeantsOp',
'kbis',
'indiscore',
'indiscore2',
'indiscore3',
'rapport2',
'rapport3'
);
if ( intval($siren)!=0 ) {
$dataInsert['siren'] = $siren;
$dataInsert['nic'] = $nic;
}
if ( intval($siren)!=0 && in_array($service, $pageRS) ) {
$sql = $db->select()->from('jo.etablissements', array('siren', 'nic', 'actif', 'siege', 'raisonSociale',
'adr_cp', 'adr_ville', 'source'))->where('siren=?', $siren);
if ( intval($siren)>1000 && intval($nic)>9 ) {
$sql->where('nic=?', $nic);
} elseif ( intval($siren)==0 && $ref>0 ) {
$sql->where('id=?', $ref);
} elseif ( intval($siren)>1000 ) {
$sql->where('siege=1')->order('actif DESC')->order('nic DESC');
} else {
return;
}
try {
$result = $db->fetchRow($sql, null, Zend_Db::FETCH_OBJ);
if ( $result !== null ) {
//file_put_contents('lecture.log', print_r($result,1));
$dataInsert['raisonSociale'] = $result->raisonSociale;
$dataInsert['cp'] = $result->adr_cp;
$dataInsert['ville'] = $result->adr_ville;
$dataInsert['source'] = $result->source;
if ( $result->actif == 0 ) {
$dataInsert['actifInsee'] = 0;
} elseif ( intval($siren)>1000 ) {
$dataInsert['actifInsee'] = 1;
$sql = $db->select()->from('jo.rncs_entrep', 'count(*) AS nb')->where('siren=?', $siren);
$result = $db->fetchRow($sql, null, Zend_Db::FETCH_OBJ);
if ( $result !== null ) {
if ($result->nb>0 ) {
$dataInsert['source'] = 5;
}
}
}
}
} catch(Zend_Db_Exception $e) {
//@todo : log exception
//file_put_contents('test.log', $e->getMessage());
}
}
try {
//file_put_contents('insert.log', print_r($dataInsert,1));
$db->insert('sdv1.logs', $dataInsert);
} catch(Zend_Db_Exception $e) {
//@todo : log exception
//file_put_contents('test.log', $e->getMessage());
}
}
/**
* Authenticate with SoapHeader, Optional (Authentication could be done by sending HTTP Basic header - see the doc)
* @param string $username
* @param string $password
* @throws SoapFault
*/
public function authenticate($username = null, $password = null)
{
if ( $this->authenticated === false )
{
if ( empty($username) )
{
/**
* @todo : Digest auth
*/
$this->authMethod = 'basic';
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
else
{
/**
* Auth Header in client
* $ns = 'auth';
* //Create our Auth Object to pass to the SOAP service with our values
* $auth = new StdClass();
* $auth->username = 'yourlogin';
* $auth->password = 'yourpassword';
* $creds = new SoapVar($auth, SOAP_ENC_OBJECT);
*
* //The 2nd variable, 'authenticate' is a method that exists inside of the SOAP service (you must create it, see next example)
* $authenticate = new SoapHeader($ns, 'authenticate', $creds, false);
*
* $client->__setSoapHeaders($authenticate);
*
*/
$this->authMethod = 'soapheader';
}
/**
* With proxy get the original IP
* $request->getClientIp(true);
* Si IP Proxy regarder la valeur HTTP_X_FORWARDED_FOR
*/
$ip = $_SERVER['REMOTE_ADDR'];
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
/**
* Lors d'une demande d'authentification depuis une application on garde l'IP en mémoire,
* c'est donc celle là qu'il faut utiliser.
*/
if ($this->authIp !== null) {
$ip = $this->authIp;
}
/**
* Check authentication from the database
*/
$this->authenticated = $this->checkAuth($username, $password, $ip);
if ( $this->authenticated === false ) {
$this->sendError('0900');
} elseif ( is_string($this->authenticated) ) {
$this->sendError($this->authenticated);
}
}
}
/**
* Check permission
* @param string $perm
*/
protected function permission($perm)
{
if ( !$this->checkPerm($perm) ){
$this->sendError('0902');
}
}
/**
* Check if user has the right to access WebService
* @throws SoapFault
*/
protected function checkAccesWS()
{
//Vérifier que l'utilisateur à le droit accesWS (clients/utilisateurs)
$accesWs = $this->User->accesWS;
if ($accesWs){
$this->sendError('0901');
}
}
/**
* Check if the user has the right to acces this functionality
* @param string $perm
* @throws SoapFault
*/
protected function checkPerm($perm)
{
$output = false;
$droits = $this->User->droits;
if ( is_array($droits) ) {
2016-04-08 15:54:24 +02:00
if ( in_array(strtolower($perm), $droits) ){
2015-06-22 13:53:34 +00:00
$output = true;
}
} else {
if ( preg_match('/\b'.$perm.'\b/i', $droits) ){
$output = true;
}
}
return $output;
}
/**
* Check if the user could edit data
*/
protected function checkEdition()
{
if ($this->User->idClient==1)
return true;
if ($this->checkPerm('edition'))
return true;
return false;
}
/**
* checkAuth
* @param string $login
* @param string $password
* @param string $ipConnexion
* @return mixed
*/
protected function checkAuth($login, $password, $ip)
{
if (empty($login)) {
$this->sendError('0900');
}
/**
* User information
*/
$userM = new Application_Model_Sdv1Utilisateurs();
$sql = $userM->select()
->setIntegrityCheck(false)
->from(array('u'=>'utilisateurs'), array(
'u.login', 'u.id', 'u.email', 'u.password', 'u.idClient', 'u.typeCompte', 'u.actif',
'u.filtre_ip', 'u.profil', 'u.civilite', 'u.nom', 'u.prenom', 'u.tel', 'u.fax',
'u.mobile', 'u.pref', 'u.rechRefType', 'u.profil', 'u.nombreConnexions',
'u.dateDerniereConnexion', 'u.droits', 'u.referenceParDefaut', 'u.nbReponses', 'u.lang',
'u.formatMail', 'u.dateDebutCompte', 'u.dateFinCompte', 'u.accesWS', 'u.acceptationCGU'))
->join(array('c'=>'clients'), 'u.idClient = c.id', array(
'c.droits AS droitsClients', 'c.test AS clientTest', 'c.typeScore', 'c.timeout',
))
->joinLeft(array('s'=>'sdv1.utilisateurs_service'), 'u.login=s.login', array('Service AS serviceCode'))
->joinLeft(array('v'=>'sdv1.clients_version'), 'u.idClient=v.clientId', array('version'))
->where('u.actif=?', 1)
->where('u.deleted=?', 0)
->where('c.actif=?','Oui');
/**
* Connexion avec login = email
*/
if (strstr($login, '@') !== false) {
$sql->where('u.email=?', $login);
}
/**
* Connexion standard
*/
else {
$sql->where('u.login=?', $login);
}
2015-09-01 09:49:45 +00:00
try {
$resultId = $userM->fetchAll($sql);
} catch (Zend_Db_Exception $e) {
$c = Zend_Registry::get('config');
2016-04-08 15:54:24 +02:00
file_put_contents($c->profil->path->shared.'/log/application.log',
2015-09-01 09:49:45 +00:00
date('Y-m-d H:i:s').'- AUTH : '.$e->getMessage()."\n", FILE_APPEND);
return '0000';
}
2015-06-22 13:53:34 +00:00
/**
* No user, deleted or disable
*/
if ( null === $resultId ) {
return false;
}
/**
* Multiple compte
*/
if ( count($resultId) > 1 ) {
return '0906';
}
$result = $resultId[0];
/**
* Date de debut de compte
*/
if ( !empty($result->dateDebutCompte) && $result->dateDebutCompte!='0000-00-00' ) {
$today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$dateDebutCompte = mktime(0, 0, 0, substr($result->dateDebutCompte,5,2), substr($result->dateDebutCompte,8,2), substr($result->dateDebutCompte,0,4));
if ( $today < $dateDebutCompte ) {
return '0903';
}
}
/**
* Date de fin de compte
*/
if ( !empty($result->dateFinCompte) && $result->dateFinCompte!='0000-00-00' ) {
$today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$dateFinCompte = mktime(0, 0, 0, substr($result->dateFinCompte,5,2), substr($result->dateFinCompte,8,2), substr($result->dateFinCompte,0,4));
if ( $today > $dateFinCompte) {
return '0903';
}
}
/**
* Service fallback
*/
if ($result->serviceCode === null) {
$result->serviceCode = 'DEFAULT';
}
/**
* Select authentication version
*/
if ($result->version == 2) {
$authResult = $this->authV2($result, $password, $ip);
} else {
$authResult = $this->authV1($result, $password, $ip);
}
$this->authLog($result->login, $authResult, $ip);
return $authResult;
}
/**
* Authentification v1
* @param object $userInfos
* @param string $password
* @param string $ip
* @return string|boolean
*/
protected function authV1($userInfos, $password, $ip)
{
/**
* Acces WS, block access to other apps
*/
if ($userInfos->accesWS == 1 && $userInfos->idClient != 1) {
// --- Webservice user don't need access to others apps
if ( in_array($ip, $this->listApplicationIp) ) {
return '0901';
} elseif ($ip != '127.0.0.1') {
2015-07-10 08:42:07 +00:00
// --- For customized version, check user is in the good service
2015-06-22 13:53:34 +00:00
$clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php';
$wsClients = array();
foreach( $clients as $section => $params ){
if ($params['actif']) {
2015-07-10 08:42:07 +00:00
if (count($params['idClient']) > 0) {
foreach ($params['idClient'] as $idClient) {
$wsClients[$idClient] = $section;
}
}
2015-06-22 13:53:34 +00:00
}
}
2015-07-10 08:42:07 +00:00
if ( array_key_exists($userInfos->idClient, $wsClients) && ( $this->serviceClient === false
2015-06-22 13:53:34 +00:00
|| strtolower($this->serviceClientName) != $wsClients[$userInfos->idClient] ) ){
return '0901';
}
}
}
/**
* Protect staging environment
* - No webservice access
* - Not in production
* - Not idClient 1 or 147
*/
if ( APPLICATION_ENV=='staging' && !in_array($userInfos->idClient, array(1,147)) && $userInfos->accesWS==0 ) {
return '0905';
}
/**
* IP Validation
* Get an array of IP and IP range
* 192.168.3.5-192.68.3.10;192.168.3.*;192.168.3.10
*/
2015-07-10 08:42:07 +00:00
if ( !in_array($ip, $this->listApplicationIp) ) {
if ( !empty($userInfos->filtre_ip) ) {
$filtreIp = explode(';', trim($userInfos->filtre_ip, ';'));
if ( count($filtreIp)>0 ) {
// Extranet
if ( substr($password,0,7)=='iponly:' ) {
$ipToValidate = substr($password,7);
2015-06-22 13:53:34 +00:00
}
2015-07-10 08:42:07 +00:00
// WebService
2015-06-22 13:53:34 +00:00
else {
2015-07-10 08:42:07 +00:00
$ipToValidate = $ip;
}
//Validation
$overallIpValidate = false;
foreach ( $filtreIp as $filtre ) {
if ( strpos($filtre, '*') ) {
$filtre = str_replace('*', '0', $filtre) . '-' . str_replace('*', '255', $filtre);
}
// Is it a range ?
if ( strpos($filtre, '-') ) {
$validateIp = new Scores_Validate_IpInNetwork();
$validateIp->setNetworkNotation($filtre);
$overallIpValidate = $validateIp->isValid($ipToValidate);
}
// Ip only
else {
if ( $filtre === $ipToValidate ) {
$overallIpValidate = true;
}
}
// Break foreach
if ( $overallIpValidate === true ) {
break;
2015-06-22 13:53:34 +00:00
}
}
2015-07-10 08:42:07 +00:00
// Exit with error
if ( $overallIpValidate === false ) {
return '0904';
2015-06-22 13:53:34 +00:00
}
}
}
}
// Check password with database informations
if ( $userInfos->password == $password //password sent in clear
|| md5($userInfos->password) == $password //password sent with md5
|| md5($userInfos->login.'|'.$userInfos->password) == $password //password sent concat with login and crypt by md5
|| substr($password,0,7) == 'iponly:'
) {
//Timeout
$timeout = $userInfos->timeout;
if ($timeout==0) $timeout = 1800;
//Infos utilisateur
$this->User = new stdClass();
$this->User->login = $userInfos->login;
$this->User->id = $userInfos->id;
$this->User->civilite = $userInfos->civilite;
$this->User->nom = $userInfos->nom;
$this->User->prenom = $userInfos->prenom;
$this->User->tel = $userInfos->tel;
$this->User->fax = $userInfos->fax;
$this->User->mobile = $userInfos->mobile;
$this->User->email = $userInfos->email;
$this->User->typeCompte = $userInfos->typeCompte;
$this->User->idClient = $userInfos->idClient;
$this->User->serviceCode = $userInfos->serviceCode;
$this->User->filtre_ip = $userInfos->filtre_ip;
$this->User->ipConnexion = $ip;
$this->User->pref = $userInfos->pref;
$this->User->rechRefType = $userInfos->rechRefType;
$this->User->profil = $userInfos->profil;
$this->User->nombreConnexions = $userInfos->nombreConnexions;
$this->User->dateDerniereConnexion = $userInfos->dateDerniereConnexion;
$this->User->droits = $userInfos->droits;
$this->User->droitsClients = $userInfos->droitsClients;
$this->User->timeout = $timeout;
$this->User->clientTest = $userInfos->clientTest;
$this->User->typeScore = $userInfos->typeScore;
$this->User->nbReponses = $userInfos->nbReponses;
$this->User->lang = $userInfos->lang;
$this->User->formatMail = $userInfos->formatMail;
$this->User->referenceParDefaut = $userInfos->referenceParDefaut;
$this->User->dateDebutCompte = $userInfos->dateDebutCompte;
$this->User->dateFinCompte = $userInfos->dateFinCompte;
$this->User->acceptationCGU = $userInfos->acceptationCGU;
$this->User->version = $userInfos->version;
return true;
}
return false;
}
/**
* Authentification v2
* @param object $userInfos
* @param string $credential
* @param string $ip
* @return string|boolean
*/
protected function authV2($userInfos, $credential, $ip)
{
$serviceM = new Application_Model_Sdv1ClientsServices();
$sql = $serviceM->select()
->where('IdClient=?', $userInfos->idClient)
->where('Code=?', $userInfos->serviceCode);
$result = $serviceM->fetchRow($sql);
// Aucun service
if ($result === null) {
return '0906';
}
// Service inactif
if ($result->Active == 0) {
return '0906';
}
// Block WebService User on Apps
if ($result->AppWebservice == 1 && $this->authApp !== null && $userInfos->idClient != 1) {
return '0901';
}
// WebService customize version
if ($result->AppWebservice == 1) {
// For customized version, check user is in the good service
$clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php';
foreach( $clients as $section => $params ){
if ($params['actif']) {
$wsClients[$params['idClient']] = $section;
}
}
if ( array_key_exists($userInfos->idClient, $wsClients)
&& ( $this->serviceClient == false
|| strtolower($this->serviceClientName) != $wsClients[$userInfos->idClient] ) ){
return '0901';
}
}
//Infos utilisateur
$this->User = new stdClass();
$this->User->login = $userInfos->login;
$this->User->id = $userInfos->id;
$this->User->civilite = $userInfos->civilite;
$this->User->nom = $userInfos->nom;
$this->User->prenom = $userInfos->prenom;
$this->User->tel = $userInfos->tel;
$this->User->fax = $userInfos->fax;
$this->User->mobile = $userInfos->mobile;
$this->User->email = $userInfos->email;
$this->User->typeCompte = $userInfos->typeCompte;
$this->User->idClient = $userInfos->idClient;
$this->User->serviceCode = $userInfos->serviceCode;
$this->User->ipConnexion = $ip;
$this->User->pref = $userInfos->pref;
$this->User->rechRefType = $userInfos->rechRefType;
$this->User->profil = $userInfos->profil;
$this->User->droits = $userInfos->droits;
$this->User->clientTest = $userInfos->clientTest;
$this->User->typeScore = $userInfos->typeScore;
$this->User->nbReponses = $userInfos->nbReponses;
$this->User->lang = $userInfos->lang;
$this->User->formatMail = $userInfos->formatMail;
$this->User->referenceParDefaut = $userInfos->referenceParDefaut;
$this->User->dateDebutCompte = $userInfos->dateDebutCompte;
$this->User->dateFinCompte = $userInfos->dateFinCompte;
$this->User->acceptationCGU = $userInfos->acceptationCGU;
$this->User->version = $userInfos->version;
//Add Service Parameter to user definition
$this->User->typeScore = $result->TypeScore;
$this->User->timeout = $result->Timeout;
/**
* Type de connexion
* userPassword => Vérifier le mot de passe
* userPasswordCrypt => Vérifier le mot de passe crypté
* userIP => Vérifier uniquement l'utilisateur et son IP de connexion
*/
switch($result->TypeAcces) {
case 'userPassword':
if ($this->authIP($ip) === false) {
return '0904';
}
if ($this->authPassword($userInfos, $credential) === true) {
$this->User->droits = $this->getAccessList($userInfos->idClient, $userInfos->serviceCode);
return true;
}
break;
case 'userPasswordCrypt':
if ($this->authIP($ip) === false) {
return '0904';
}
if ($this->authPasswordCrypt($userInfos, $credential) === true) {
$this->User->droits = $this->getAccessList($userInfos->idClient, $userInfos->serviceCode);
return true;
}
break;
case 'userIP':
if (substr($credential,0,7) == 'iponly:') {
$ip = substr($credential,7);
if ($this->authIP($ip) === true) {
$this->User->droits = $this->getAccessList($userInfos->idClient, $userInfos->serviceCode);
return true;
}
}
break;
}
return false;
}
/**
* Check password
* @todo :
* Check how password is check
* md5 => standard method md5 ( login | password )
* key => get associated key with crypt method
* cert => get associated certificat
* @param unknown $userInfos
* @param unknown $password
* @return boolean
*/
protected function authPassword($userInfos, $password)
{
if ( $userInfos->password == $password //password sent in clear
|| md5($userInfos->password) == $password //password sent with md5
|| md5($userInfos->login.'|'.$userInfos->password) == $password //password sent concat with login and crypt by md5
) {
return true;
}
return false;
}
/**
* Check password
* @param object $userInfos
* @param string $password
*/
protected function authPasswordCrypt($userInfos, $password)
{
if ( substr($password, 0, 4) == '$2y$' && strlen($password) == 60 && $password == $userInfos->password ) {
return true;
}
elseif ( password_verify($password, $userInfos->password) === true ) {
return true;
}
return false;
}
/**
* Check ip
* @param string $ip
* @return string
*/
protected function authIP($ip)
{
//Check IP
if (!in_array($ip, $this->listApplicationIp)) {
$serviceIPM = new Application_Model_Sdv1ClientsServicesIP();
$sql = $serviceIPM->select(true)->columns('IP')
->where('IdClient=?', $this->User->idClient)
->where('Service=?', $this->User->serviceCode);
$ipResult = $serviceIPM->fetchAll($sql);
if (count($ipResult) > 0) {
//Validation
$overallIpValidate = false;
foreach ($ipResult->IP as $filtre) {
if (trim($filtre) != '') {
// Is it a range ?
if ( strpos($filtre, '-') ) {
$validateIp = new Scores_Validate_IpInNetwork();
$validateIp->setNetworkNotation($filtre);
$overallIpValidate = $validateIp->isValid($ip);
}
// Ip only
else {
if ( $filtre === $ip ) {
$overallIpValidate = true;
}
}
// Break foreach
if ( $overallIpValidate === true ) {
break;
}
}
}
// Exit with error
if ( $overallIpValidate === false ) {
return '0904';
}
}
}
}
/**
* Log les erreurs d'authentification
* @param mixed $result
* @param string $ip
* @return void
*/
protected function authLog($login, $result, $ip)
{
$authenticate = null;
if ($result === false) {
$authenticate = 'KO';
} else if (is_string($result)) {
$authenticate = $result;
}
if ($authenticate !== null) {
$data = array(
'login' => $login,
'authenticate' => $authenticate,
'ip' => $ip,
2015-09-01 09:49:45 +00:00
'dateInsert' => date('YmdHis'),
2015-06-22 13:53:34 +00:00
);
try {
$authLogM = new Application_Model_Sdv1UtilisateursAuthLog();
$authLogM->insert($data);
} catch (Zend_Db_Exception $e) {}
}
}
/**
* Get Service Access List
* @param int $clientId
* @param string $serviceCode
* @return array
*/
protected function getAccessList($clientId, $serviceCode)
{
$accesM = new Application_Model_Sdv1ClientsServicesDroits();
$sql = $accesM->select(true)->columns(array('Acces'))
->where('IdClient=?', $this->User->idClient)
->where('Service=?', $this->User->serviceCode);
try {
$accesResult = $accesM->fetchAll($sql);
} catch ( Zend_Db_Exception $e ) {
}
$list = array();
if (count($accesResult) > 0 ) {
foreach ($accesResult as $row) {
$list[] = $row->Acces;
}
}
return $list;
}
protected function trigger($event, $args)
{
//Est ce que l'utilisateur à un trigger
//Pour chaque trigger - Executer l'action
}
}