diff --git a/library/Scores/Auth/Adapter/Db.php b/library/Scores/Auth/Adapter/Db.php new file mode 100644 index 0000000..8772f87 --- /dev/null +++ b/library/Scores/Auth/Adapter/Db.php @@ -0,0 +1,102 @@ +_username = $username; + $this->_password = $password; + $this->_hash = md5($username.'|'.$password); + $this->checkWs = $checkWs; + } + + /** + * Limit access to only client IDs + * @param array $id + */ + public function limitClient($id = null) + { + if (is_array($id) && count($id)>0) { + $this->clients = $id; + } + } + + /** + * Override the timeout + * @param integer $seconds + */ + public function setTimeout($seconds = null) + { + if ($seconds===null) + return; + + $this->_timeout = $seconds; + } + + /** + * (non-PHPdoc) + * @see Zend_Auth_Adapter_Interface::authenticate() + */ + public function authenticate() + { + $userM = new Application_Model_Sdv1Utilisateurs(); + + $sql = $userM->select() + ->setIntegrityCheck(false) + ->from(array('u'=>'sdv1.utilisateurs'), array('u.idClient', 'u.id', 'u.login', 'u.password')) + ->join(array('c'=>'sdv1.clients'), 'u.idClient = c.id', array('c.timeout')) + ->where('u.login=?', $this->_username) + ->where('u.actif=?', 1) + ->where('u.deleted=?', 0) + ->where('c.actif=?','Oui'); + + if ( count($this->clients) > 0 ) { + $sql->where('u.idClient IN('.join(',',$this->clients).')'); + } + + if ($this->checkWs) { + $sql->where('u.accesWS=?',1); + } + + $result = $userM->fetchRow($sql); + + $identity = new stdClass(); + $identity->username = $this->_username; + $identity->hash = $this->_hash; + + if ( null === $result ) { + return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $identity); + } else { + if ( $this->_password == $result->password + || $this->_password == md5($result->login.'|'.$result->password) ) { + + $identity->id = $result->id; + $identity->idClient = $result->idClient; + $timeout = (!empty($result->timeout)) ? $result->timeout : $this->_timeout; + $identity->timeout = $timeout; + $identity->time = time() + $timeout; + return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity); + + } else { + return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity); + } + } + } +} \ No newline at end of file diff --git a/library/Scores/Auth/Adapter/Ws.php b/library/Scores/Auth/Adapter/Ws.php new file mode 100644 index 0000000..1e6938a --- /dev/null +++ b/library/Scores/Auth/Adapter/Ws.php @@ -0,0 +1,179 @@ +_username = $username; + $this->_password = $password; + if ($iponly){ + $this->_password = 'iponly:'.$_SERVER['REMOTE_ADDR']; + } + $this->_checkIp = $iponly; + } + + /** + * (non-PHPdoc) + * @see Zend_Auth_Adapter_Interface::authenticate() + */ + public function authenticate() + { + $adressIp = $_SERVER['REMOTE_ADDR']; + + require_once 'Scores/WsScores.php'; + $ws = new WsScores($this->_username, $this->_password); + $InfosLogin = $ws->getInfosLogin($this->_username, $adressIp); + $identity = new stdClass(); + $identity->username = $this->_username; + $identity->password = $this->_password; + $identity->email = $InfosLogin->result->email; + $identity->profil = $InfosLogin->result->profil; + $identity->pref = $InfosLogin->result->pref; + $identity->droits = $InfosLogin->result->droits; + $identity->droitsClients = $InfosLogin->result->droitsClients; + $identity->nom = $InfosLogin->result->nom; + $identity->prenom = $InfosLogin->result->prenom; + $identity->tel = $InfosLogin->result->tel; + $identity->fax = $InfosLogin->result->fax; + $identity->mobile = $InfosLogin->result->mobile; + $identity->id = $InfosLogin->result->id; + $identity->idClient = $InfosLogin->result->idClient; + $identity->reference = $InfosLogin->result->reference; + $identity->nbReponses = $InfosLogin->result->nbReponses; + $identity->typeScore = $InfosLogin->result->typeScore; + $identity->dateValidation = $InfosLogin->result->dateValidation; + $identity->nombreConnexions = $InfosLogin->result->nombreConnexions; + $identity->dateDerniereConnexion = $InfosLogin->result->dateDerniereConnexion; + $identity->dateDebutCompte = $InfosLogin->result->dateDebutCompte; + $identity->dateFinCompte = $InfosLogin->result->dateFinCompte; + $identity->acceptationCGU = $InfosLogin->result->acceptationCGU; + $identity->ip = $adressIp; + $identity->modeEdition = false; + + $timeout = (!empty($InfosLogin->result->timeout)) ? $InfosLogin->result->timeout : $this->_timeout; + $identity->timeout = $timeout; + + $identity->time = time() + $timeout; + + $lang = in_array($InfosLogin->result->lang, array('fr','en')) ? $InfosLogin->result->lang : 'fr'; + $identity->lang = $lang; + $identity->langtmp = $lang; + + /* + * Adresse Ip interdites + */ + $ipInterdites = + '81.252.88.0-81.252.88.7' // CTE D AGGLOMERATION DE SOPHIA + . ';' . '195.200.187.163' // PacWan + . ';' . '213.11.81.41' // Verizon France SAS + . ';' . '83.206.171.252' // FR-BASE-D-INFORMATIONS-LEGALES-BI + . ';' . '81.255.32.139' + . ';' . '212.155.191.1*' // Satair A/S + . ';' . '217.70.1*.17' // OJSC "Sibirtelecom" + . ';' . '212.37.196.156' // GENERALE-MULTIMEDIA-SUD + . ';' . '80.245.60.121' // Planete Marseille - Mailclub + . ';' . '213.246.57.101' // IKOULA + . ';' . '193.104.158.0-193.104.158.255' // Altares.fr + . ';' . '195.6.3.0-195.6.3.255' // ORT + . ';' . '217.144.112.0-217.144.116.63' // Coface + ; + if ( $this->checkPlagesIp($ipInterdites, $adressIp) ) { + return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity); + } + + // Renvoi + if ( is_string($InfosLogin) || $InfosLogin->error->errnum!=0){ + $message = $InfosLogin; + return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message)); + } elseif ($this->_username == $InfosLogin->result->login) { + return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity); + } else { + return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity); + } + } + + /** + * Controle si une adresse IP est dans une liste des IP communiquées sous la forme + * 192.168.3.5-192.68.3.10;192.168.3.*;192.168.3.10 + * @param string $strPlageIP + * La plage d'adresses IP + * @param string $adresseIP + * L'adresse IP à tester + * @return boolean + */ + protected function checkPlagesIp($strPlageIP, $adresseIP) + { + $connected = false; + $tabIpAllowed = explode(';', trim($strPlageIP)); + if (count($tabIpAllowed)==1 && $tabIpAllowed[0]=='') $tabIpAllowed = array(); + + foreach ($tabIpAllowed as $ip) { + $tabPlages = explode('-', $ip); + // C'est une plage d'adresse '-' + if (isset($tabPlages[1])) + $connected = $this->in_plage($tabPlages[0],$tabPlages[1],$adresseIP); + else { + // C'est une adresse avec ou sans masque '*' + if (preg_match('/^'.str_replace('*','.*',str_replace('.','\.',$ip)).'$/', $adresseIP) ) + $connected=true; + } + if ($connected) break; + } + if (count($tabIpAllowed)==0) return false; + elseif (!$connected) { + return false; + } + return true; + } + + /** + * Enter description here ... + * @param unknown_type $plage_1 + * @param unknown_type $plage_2 + * @param unknown_type $ip + * @return boolean + */ + protected function in_plage($plage_1,$plage_2,$ip) + { + $ip2 = $this->getIpNumber($ip); + if ($ip2>=$this->getIpNumber($plage_1) && $ip2<=$this->getIpNumber($plage_2)) + return true; + else + return false; + } + + /** + * Converti une IP en nombre + * @param string $ip Adresse IP + * @return integer + */ + protected function getIpNumber($ip) + { + $tab=explode('.', $ip); + return (($tab[0]*256*256*256) + ($tab[1]*256*256) + ($tab[2]*256) + ($tab[3])); + } + +} \ No newline at end of file