From ce8192b9aeecc30873fc56b0cd6750e4ac3b8439 Mon Sep 17 00:00:00 2001
From: Michael RICOIS <mricois@scores-decisions.com>
Date: Thu, 14 Jun 2012 13:43:23 +0000
Subject: [PATCH] issue #0001097 : Simplify auth request and remove access for
 user with accesWS define

---
 library/WsScore/WsScore.php | 53 +++++++++++++++++--------------------
 1 file changed, 25 insertions(+), 28 deletions(-)

diff --git a/library/WsScore/WsScore.php b/library/WsScore/WsScore.php
index 82ddf3c5..7e52ee29 100644
--- a/library/WsScore/WsScore.php
+++ b/library/WsScore/WsScore.php
@@ -18,6 +18,16 @@ class WsScore
 	protected $dbConfig; 		//Configuration BDD Zend
 	protected $tabInfoUser;		//Stockage des informations utilisateurs
 
+	/**
+	 * List all application IPs
+	 * @var array
+	 */
+	protected $listApplicationIp = array (
+		'127.0.0.1', 		//Development, and WebService himself
+		'88.191.79.121', 	//Extranet
+		'78.31.45.206', 	//SDSL RAMBOUILLET
+	);
+
 	protected $listeDroits = array(
 		'KBIS'			=> 'Extrait RCS',
 		'ACTES'			=> 'Pièces officielles',
@@ -104,7 +114,7 @@ class WsScore
 		define ('DATE_LISIBLE',	substr(DATETIME,6,2).'/'.substr(DATETIME,4,2).'/'.substr(DATETIME,0,4));
 		define ('TIME_LISIBLE',	substr(DATETIME,8,2).':'.substr(DATETIME,10,2).':'.substr(DATETIME,12,2));
 
-		$dbConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/databases.ini', APPLICATION_ENV);
+		$dbConfig = new Zend_Config_Ini(APPLICATION_PATH . '/configs/databases.ini');
 		$this->dbConfig = $dbConfig->db;
 	}
 
@@ -279,13 +289,10 @@ class WsScore
 		$iDbCrm = new WDB('sdv1');
 		$rep = $iDbCrm->select(
 			'utilisateurs u, clients c',
-			'u.login, u.id, u.email, u.password, u.idClient, u.typeCompte, u.actif, u.filtre_ip, u.civilite,'.
-			' u.nom, u.prenom, u.tel, u.fax, u.mobile, u.profil, u.raisonSociale, u.siret, u.adrNum,'.
-			' u.adrIndRep, u.adrTypeVoie, u.adrLibVoie, u.adrCp, u.adrVille, u.adrComp, u.tel, u.fax,'.
-			' u.mobile, u.pref, u.rechRefType, u.profil, u.dateInscription, u.dateValidation, u.nombreConnexions,'.
-			' u.dateDerniereConnexion, u.droits, u.referenceParDefaut, u.nbReponses, u.formatMail,'.
-			' u.dateDebutCompte, u.dateFinCompte, u.maxFicheId, c.droits AS droitsClients, c.test AS clientTest,'.
-			' c.typeScore, c.timeout',
+			'u.login, u.id, u.email, u.password, u.idClient, u.typeCompte, u.actif, u.filtre_ip, u.profil,'.
+			' u.pref, u.rechRefType, u.profil, u.nombreConnexions, u.dateDerniereConnexion, u.droits,'.
+			' u.referenceParDefaut, u.nbReponses, u.formatMail, u.dateDebutCompte, u.dateFinCompte, u.accesWS,'.
+			' c.droits AS droitsClients, c.test AS clientTest, c.typeScore, c.timeout',
 			"u.login='$login' AND u.idClient=c.id AND u.actif=1 AND u.deleted=0 AND c.actif='Oui'",
 			false, MYSQL_ASSOC
 		);
@@ -307,28 +314,10 @@ class WsScore
 					'typeCompte'			=> $tabRep['typeCompte'],
 					'idClient'				=> $tabRep['idClient'],
 					'filtre_ip'				=> $tabRep['filtre_ip'],
-					'ipPasserelle'			=> '',
 					'ipConnexion'			=> $ipConnexion,
-					'civilite'				=> $tabRep['civilite'],
-					'nom'					=> $tabRep['nom'],
-					'prenom'				=> $tabRep['prenom'],
-					'raisonSociale'			=> $tabRep['raisonSociale'],
-					'siret'					=> $tabRep['siret'],
-					'adrNum'				=> $tabRep['adrNum'],
-					'adrIndRep'				=> $tabRep['adrIndRep'],
-					'adrTypeVoie'			=> $tabRep['adrTypeVoie'],
-					'adrLibVoie'			=> $tabRep['adrLibVoie'],
-					'adrCp'					=> $tabRep['adrCp'],
-					'adrVille'				=> $tabRep['adrVille'],
-					'adrComp'				=> $tabRep['adrComp'],
-					'tel'					=> $tabRep['tel'],
-					'fax'					=> $tabRep['fax'],
-					'mobile'				=> $tabRep['mobile'],
 					'pref'					=> $tabRep['pref'],
 					'rechRefType'			=> $tabRep['rechRefType'],
 					'profil'				=> $tabRep['profil'],
-					'dateInscription'		=> $tabRep['dateInscription'],
-					'dateValidation'		=> $tabRep['dateValidation'],
 					'nombreConnexions'		=> $tabRep['nombreConnexions'],
 					'dateDerniereConnexion'	=> $tabRep['dateDerniereConnexion'],
 					'droits'				=> $tabRep['droits'],
@@ -341,8 +330,6 @@ class WsScore
 					'referenceParDefaut'	=> $tabRep['referenceParDefaut'],
 					'dateDebutCompte'		=> $tabRep['dateDebutCompte'],
 					'dateFinCompte'			=> $tabRep['dateFinCompte'],
-					'maxFicheId'			=> $tabRep['maxFicheId'],
-					'typeScore' 			=> $tabRep['typeScore'],
 				);
 				debugLog('W',"CheckAuth $login/$password OK", __LINE__,__FILE__, __FUNCTION__, __CLASS__);
 
@@ -368,6 +355,16 @@ class WsScore
 					}
 				}
 
+				/**
+				 * Acces WS, block access to other apps
+				 */
+				if ($tabRep['accesWS']==1) {
+					if ( in_array($ipConnexion, $this->listApplicationIp) && $tabRep['idClient']!=1 ) {
+						file_put_contents('test.log', 'ERREUR', FILE_APPEND);
+						return '0901';
+					}
+				}
+
 				return true;
 			}
 			debugLog('W',"CheckAuth $login/$password incorrect (IP=$ipConnexion)", __LINE__,__FILE__, __FUNCTION__, __CLASS__);