scores/odea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Modification complete de l'authentification

Browse Source
This commit is contained in:
Michael RICOIS 2012-04-24 10:17:18 +00:00
parent 286ad446cf
commit 77368058b1
8 changed files with 242 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
application/configs/application.ini
View File

@ -4,6 +4,10 @@ phpSettings.display_startup_errors = 0
phpSettings.display_errors = 0
bootstrap.path = APPLICATION_PATH "/Bootstrap.php"
bootstrap.class = "Bootstrap"
resources.session.save_path = APPLICATION_PATH "/../cache/sessions"
resources.session.gc_maxlifetime = 86400
resources.session.cookie_lifetime = 86400
resources.session.remember_me_seconds = 86400
; so auto-loading will find our classes in library/App
autoloaderNamespaces[] = "Structure_" ;Les structures de données
@ -16,6 +20,7 @@ resources.frontController.defaultControllerName = "index"
resources.frontController.defaultAction = "index"
resources.frontController.defaultModule = "frontend"
autoloaderNamespaces[] = "Scores_"
autoloaderNamespaces[] = "Application_"
resources.frontController.plugins.Comptage = "Application_Controller_Plugin_Comptage"
resources.frontController.plugins.Auth = "Application_Controller_Plugin_Auth"

79
application/modules/frontend/controllers/UserController.php
View File

@ -1,5 +1,4 @@
<?php
class UserController extends Libs_Controller
{
@ -10,21 +9,24 @@ class UserController extends Libs_Controller
require_once 'Scores/WsScores.php';
}
/**
* Gestion de l'authentification
*/
public function loginAction()
{
//@todo : gestion des affichages particuliers pour les clients
$this->view->headTitle()->append('Connexion');
$form = new Form_Login();
$this->view->form = $form;
$request = $this->getRequest();
//print_r($request->getParams());exit;
if ($request->isPost()) {
$formData = $request->getPost();
$formData = $request->getPost ();
if ($form->isValid($formData)) {
$login = $form->getValue('login');
$pass = $form->getValue('pass');
$auth = Zend_Auth::getInstance();
$authAdapter = new WebAuthAdapter($login, md5($login.'|'.$pass));
$authAdapter = new Scores_AuthAdapter($login, md5($login.'|'.$pass));
$result = $auth->authenticate($authAdapter);
if (!$result->isValid()){
$this->view->message = '';
@ -33,62 +35,43 @@ class UserController extends Libs_Controller
$this->view->message.= $message."<br/>";
}
} else {
$timeout = $auth->getIdentity()->timeout;
//Ecrit un cookie persistant valide pendant le temps definit
Zend_Session::rememberMe($timeout);
$storage = new Zend_Auth_Storage_Session();
$sessionNamespace = new Zend_Session_Namespace($storage->getNamespace());
$sessionNamespace->setExpirationSeconds($timeout);
$auth->setStorage($storage);
$url = '';
if (Zend_Session::namespaceIsset('login')){
$session = new Zend_Session_Namespace('login');
if (isset($session->url)) {
$url = $session->url;
}
}
if (!empty($url) &&
$url!='/user/login' &&
$url!='/localauth' &&
$url != '/user/logout'
&& $url!='/favicon.ico')
{
$url = '';
if (Zend_Session::namespaceIsset('login')){
$session = new Zend_Session_Namespace('login');
if (isset($session->url)) {
$url = $session->url;
}
}
if (!empty($url) && $url!='/user/login' && $url!='/localauth'){
$this->_redirect($url);
}
$this->_redirect('/');
}
}
}
}
$this->_helper->layout()->disableLayout();
$this->render('login');
}
/**
* Gestion de la déconnexion
*/
public function logoutAction()
{
//Suppression des critères de comptage en session
require_once 'Scores/SessionCiblage.php';
$session = new SessionCiblage();
$session->clearCiblage();
//Suppression de l'identité
Zend_Auth::getInstance()->clearIdentity();
$this->_helper->layout()->disableLayout();
$url = 'http://www.scores-decisions.com/';
$refresh = 5;
if (APPLICATION_ENV != 'production'){
$url = 'http://'.$_SERVER['SERVER_NAME'].$this->view->url(array(
'controller' => 'user',
'action' => 'login',
));
}
$request = $this->getRequest();
$message = $request->getParam('message');
$this->view->assign('message', $message);
$url = 'http://'.$_SERVER['SERVER_NAME'].$this->view->url(array(
'controller' => 'user',
'action' => 'login',
));
$this->view->assign('url', $url);
$this->view->headMeta()->appendHttpEquiv('refresh', '5; url='.$url);
$this->view->headMeta()->appendHttpEquiv('refresh', '5; url='.$url);
$this->render('logout');
}

16
application/modules/frontend/views/scripts/user/login.phtml
View File

@ -1,3 +1,13 @@
<?php
echo $this->form;
?>
<?=$this->doctype();?>
<html>
<head>
<?=$this->headMeta();?>
<?=$this->headTitle();?>
<link rel="shortcut icon" type="image/x-icon" href="<?='http://'.$_SERVER['SERVER_NAME']?>/favicon.ico" />
</head>
<body>
<h2>CONNEXION ODEA</h2>
<?=$this->message?>
<?=$this->form?>
</body>
</html>

16
application/modules/frontend/views/scripts/user/logout.phtml Normal file
View File

@ -0,0 +1,16 @@
<?=$this->doctype();?>
<html>
<head>
<?=$this->headMeta();?>
<?=$this->headTitle();?>
</head>
<body>
<h4 class="logout">Vous avez été déconnecté.</h4>
<p><?=$this->message?></p>
<h5 class="logout">
Si cette page ne disparait pas au bout de <?=$this->refresh?> seconde(s),
veuillez cliquer <a href="<?=$this->url?>">ici</a>
</h5>
</body>
</html>

4
config/configure.php
View File

@ -62,6 +62,10 @@ elseif(isset($opts->install))
$configDir.'/'.$hostname.'/configuration.ini' . ' ' .
$appconfigDir.'/configuration.ini');
//Création du répertoire de stockage des sessions
passthru('chown -R www-data: '.APPLICATION_PATH.'/../cache');
passthru('chown -R www-data: '.APPLICATION_PATH.'/../cache/sessions');
//Modification des permissions
passthru('chown -R www-data: '.APPLICATION_PATH.'/');
}

61
library/Application/Controller/Plugin/Auth.php
View File

@ -25,70 +25,63 @@ class Application_Controller_Plugin_Auth extends Zend_Controller_Plugin_Abstract
//Est ce que l'on a checkIp=only lors de la requête
$iponly = false;
if ($checkIp=='only') {
if ($checkIp=='only') {
$hach = 'iponly:'.$_SERVER['REMOTE_ADDR'];
$iponly = true;
}
//On vérifie le tout lors d'une connexion par url
if ( !empty($login) && !empty($hach) ) {
require_once 'Scores/WebAuthAdapter.php';
if ( !empty($login) && !empty($hach) ) {
$authAdapter = new WebAuthAdapter($login, $hach, $iponly);
$authAdapter = new Scores_AuthAdapter($login, $hach, $iponly);
$result = $auth->authenticate($authAdapter);
if (!$result->isValid()) {
$messageF = '';
foreach ($result->getMessages() as $message) {
$messageF.= $message."<br/>";
}
$request->setModuleName('default')
->setControllerName('user')
->setActionName('logout');
} else {
$timeout = $auth->getIdentity()->timeout;
Zend_Session::rememberMe($timeout);
->setActionName('logout')
->setParam('message', $messageF);
} else {
$storage = new Zend_Auth_Storage_Session();
$sessionNamespace = new Zend_Session_Namespace($storage->getNamespace());
$sessionNamespace->setExpirationSeconds($timeout);
$auth->setStorage($storage);
$session = new Zend_Session_Namespace($storage->getNamespace());
//$session->setExpirationSeconds(86400);
$auth->setStorage($storage);
}
//Sinon on reste sur le standard
} else {
//Pas authentifié
if (!$auth->hasIdentity()) {
if ( !$auth->hasIdentity() || time() > $auth->getIdentity()->time ) {
$auth->clearIdentity();
$session = new Zend_Session_Namespace('login');
$session->url = $_SERVER['REQUEST_URI'];
$layout = Zend_Layout::getMVCInstance();
if (!$layout->isEnabled()){
$this->_response->setRedirect('/user/logout')->sendResponse();
}
$this->_response->setRedirect('/user/login')->sendResponse();
if ( !$layout->isEnabled() ) {
echo "Identification incorrect ou périmé.";
} else {
$this->_response->setRedirect('/user/login')->sendResponse();
}
//Authentifié => on met à jour la session
} else {
$timeout = $auth->getIdentity()->timeout;
$storage = new Zend_Auth_Storage_Session();
$sessionNamespace = new Zend_Session_Namespace($storage->getNamespace());
$sessionNamespace->setExpirationSeconds($timeout);
$auth->setStorage($storage);
$identity = $auth->getIdentity();
$identity->time = time() + $identity->timeout;
$auth->getStorage()->write($identity);
if (Zend_Session::namespaceIsset('login')){
Zend_Session::namespaceUnset('login');
}
}
}
if ( APPLICATION_ENV=='development' && $auth && $auth->getIdentity()->idClient==1 ) {
$layout = Zend_Layout::getMVCInstance();
$view = $layout->getView();
$view->admin = true;
} elseif ( $auth && $auth->getIdentity()->profil=='SuperAdministrateur' ){
$layout = Zend_Layout::getMVCInstance();
$view = $layout->getView();
$view->admin = true;
}
}
}
}

146
library/Scores/AuthAdapter.php Normal file
View File

@ -0,0 +1,146 @@
<?php
class Scores_AuthAdapter implements Zend_Auth_Adapter_Interface
{
protected $_username;
protected $_password;
protected $_timeout = 1800;
protected $_checkIp = false;
public function __construct($username, $password, $iponly = false)
{
$this->_username = $username;
$this->_password = $password;
if ($iponly){
$this->_password = 'iponly:'.$_SERVER['REMOTE_ADDR'];
}
$this->_checkIp = $iponly;
}
public function authenticate()
{
$adressIp = $_SERVER['REMOTE_ADDR'];
require_once 'Scores/WsScores.php';
$ws = new WsScores($this->_username, $this->_password);
$InfosLogin = $ws->getInfosLogin($this->_username, $adressIp);
$identity = new stdClass();
$identity->username = $this->_username;
$identity->password = $this->_password;
$identity->email = $InfosLogin->result->email;
$identity->profil = $InfosLogin->result->profil;
$identity->pref = $InfosLogin->result->pref;
$identity->droits = $InfosLogin->result->droits;
$identity->droitsClients = $InfosLogin->result->droitsClients;
$identity->nom = $InfosLogin->result->nom;
$identity->prenom = $InfosLogin->result->prenom;
$identity->tel = $InfosLogin->result->tel;
$identity->fax = $InfosLogin->result->fax;
$identity->mobile = $InfosLogin->result->mobile;
$identity->id = $InfosLogin->result->id;
$identity->idClient = $InfosLogin->result->idClient;
$identity->reference = $InfosLogin->result->reference;
$identity->nbReponses = $InfosLogin->result->nbReponses;
$identity->typeScore = $InfosLogin->result->typeScore;
$identity->dateValidation = $InfosLogin->result->dateValidation;
$identity->nombreConnexions = $InfosLogin->result->nombreConnexions;
$identity->dateDerniereConnexion = $InfosLogin->result->dateDerniereConnexion;
$identity->dateDebutCompte = $InfosLogin->result->dateDebutCompte;
$identity->dateFinCompte = $InfosLogin->result->dateFinCompte;
$identity->ip = $adressIp;
$identity->modeEdition = false;
$timeout = (!empty($InfosLogin->result->timeout)) ? $InfosLogin->result->timeout : $this->_timeout;
$identity->timeout = $timeout;
$identity->time = time() + $timeout;
/*
* Adresse Ip interdites
*/
$ipInterdites =
'81.252.88.0-81.252.88.7' // CTE D AGGLOMERATION DE SOPHIA
. ';' . '195.200.187.163' // PacWan
. ';' . '213.11.81.41' // Verizon France SAS
. ';' . '83.206.171.252' // FR-BASE-D-INFORMATIONS-LEGALES-BI
. ';' . '81.255.32.139'
. ';' . '212.155.191.1*' // Satair A/S
. ';' . '217.70.1*.17' // OJSC "Sibirtelecom"
. ';' . '212.37.196.156' // GENERALE-MULTIMEDIA-SUD
. ';' . '80.245.60.121' // Planete Marseille - Mailclub
. ';' . '213.246.57.101' // IKOULA
. ';' . '193.104.158.0-193.104.158.255' // Altares.fr
. ';' . '195.6.3.0-195.6.3.255' // ORT
. ';' . '217.144.112.0-217.144.116.63' // Coface
;
if ( $this->checkPlagesIp($ipInterdites, $adressIp) ) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity);
}
// Renvoi
if ( is_string($InfosLogin) || $InfosLogin->error->errnum!=0){
$message = $InfosLogin;
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message));
} elseif ($this->_username == $InfosLogin->result->login) {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
} else {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity);
}
}
/**
* Controle si une adresse IP est dans une liste des IP communiquées sous la forme 192.168.3.5-192.68.3.10;192.168.3.*;192.168.3.10
* @param string $strPlageIP La plage d'adresses IP
* @param string $adresseIP L'adresse IP à tester
*/
protected function checkPlagesIp($strPlageIP, $adresseIP)
{
$connected = false;
$tabIpAllowed = explode(';', trim($strPlageIP));
if (count($tabIpAllowed)==1 && $tabIpAllowed[0]=='') $tabIpAllowed = array();
foreach ($tabIpAllowed as $ip) {
$tabPlages = explode('-', $ip);
// C'est une plage d'adresse '-'
if (isset($tabPlages[1]))
$connected = $this->in_plage($tabPlages[0],$tabPlages[1],$adresseIP);
else {
// C'est une adresse avec ou sans masque '*'
if (preg_match('/^'.str_replace('*','.*',str_replace('.','\.',$ip)).'$/', $adresseIP) )
$connected=true;
}
if ($connected) break;
}
if (count($tabIpAllowed)==0) return false;
elseif (!$connected) {
return false;
}
return true;
}
/**
* Enter description here ...
* @param unknown_type $plage_1
* @param unknown_type $plage_2
* @param unknown_type $ip
* @return boolean
*/
protected function in_plage($plage_1,$plage_2,$ip)
{
$ip2 = $this->getIpNumber($ip);
if ($ip2>=$this->getIpNumber($plage_1) && $ip2<=$this->getIpNumber($plage_2))
return true;
else
return false;
}
/**
* Converti une IP en nombre
* @param string $ip Adresse IP
* @return integer
*/
protected function getIpNumber($ip) {
$tab=explode('.', $ip);
return (($tab[0]*256*256*256) + ($tab[1]*256*256) + ($tab[2]*256) + ($tab[3]));
}
}

62
library/Scores/WebAuthAdapter.php
View File

@ -1,62 +0,0 @@
<?php
class WebAuthAdapter implements Zend_Auth_Adapter_Interface
{
protected $_username;
protected $_password;
protected $_timeout = 1800;
protected $_checkIp = false;
public function __construct($username, $password, $iponly = false)
{
$this->_username = $username;
$this->_password = $password;
if ($iponly){
$this->_password = 'iponly:'.$_SERVER['REMOTE_ADDR'];
}
$this->_checkIp = $iponly;
}
public function authenticate()
{
$adressIp = $_SERVER['REMOTE_ADDR'];
require_once 'Scores/WsScores.php';
$ws = new WsScores($this->_username, $this->_password);
$InfosLogin = $ws->getInfosLogin($this->_username, $adressIp);
$identity = new stdClass();
$identity->username = $this->_username;
$identity->password = $this->_password;
$identity->email = $InfosLogin->result->email;
$identity->profil = $InfosLogin->result->profil;
$identity->pref = $InfosLogin->result->pref;
$identity->droits = $InfosLogin->result->droits;
$identity->droitsClients = $InfosLogin->result->droitsClients;
$identity->nom = $InfosLogin->result->nom;
$identity->prenom = $InfosLogin->result->prenom;
$identity->tel = $InfosLogin->result->tel;
$identity->fax = $InfosLogin->result->fax;
$identity->mobile = $InfosLogin->result->mobile;
$identity->id = $InfosLogin->result->id;
$identity->idClient = $InfosLogin->result->idClient;
$identity->reference = $InfosLogin->result->reference;
$identity->nbReponses = $InfosLogin->result->nbReponses;
$identity->typeScore = $InfosLogin->result->typeScore;
$identity->timeout = (!empty($InfosLogin->result->timeout)) ?
$InfosLogin->result->timeout : $this->_timeout;
$identity->ip = $adressIp;
$identity->modeEdition = false;
if ( (is_string($InfosLogin) && !empty($InfosLogin)) || $InfosLogin->error->errnum!=0){
if (is_string($InfosLogin)){
$message = $InfosLogin;
} else {
$message = 'Erreur lors de la connexion';
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message));
} elseif ($this->_username == $InfosLogin->result->login) {
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
} else {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity);
}
}
}