"Export des résultats de la recherche", 'IPARI' => "Investigation par l'image IparI©", 'HISTOBODACC' => "Historique des annonces bodacc", 'INVESTIG' => "Investigation", 'SEARCHENT' => "Recherche Entreprise", 'SEARCHDIR' => "Recherche Dirigeant", 'SEARCHACT' => "Recherche Actionnaire", //IDENTITE 'IDENTITE' => "Fiche d'identité", 'IDPROCOL' => 'Fiche procédure collective', 'LIENS' => "Liens inter-entreprise", 'ETABLISSEMENTS' => "Liste des établissements", 'GROUPE' => "Informations et organigramme du groupe", 'EVENINSEE' => 'Évènements INSEE', 'AVISINSEE' => 'Avis de situation INSEE', //DIRIGEANT 'DIRIGEANTS' => "Liste des dirigeants", 'DIRIGEANTSOP' => "Liste des dirigeants opérationnels", //FINANCE 'SYNTHESE' => "Synthèse", 'RATIOS' => "Ratios", 'FLUX' => "Flux de trésorerie", 'LIASSE' => "Liasse fiscale", 'LIASSEXLS' => "Export des Liasses au format XLS", 'UPLOADBILAN' => "Saisie de bilan", 'BOURSE' => "Bourse & cotations", 'BANQUE' => "Relations bancaires", //JURIDIQUE 'ANNONCES' => "Annonces légales", 'INFOSREG' => "Informations réglementée", 'COMPETENCES' => "Compétences territoriales", 'CONVENTIONS' => "Conventions collectives", 'MARQUES' => "Marques déposées", //EVALUATION 'INDISCORE' => "indiScore©", 'INDISCORE2' => "Rapport synthetique", 'INDISCORE3' => "Rapport complet", 'INDISCOREP' => "indiScore+", 'INDISCORE2P' => "Rapport synthetique+", 'INDISCORE3P' => "Rapport complet+", 'VALORISATION' => "Valorisation", 'SCORECSF' => "Score CSF", 'ENQUETEC' => "Enquête commerciale", 'AVISCREDIT' => "Avis de crédit personnalisé", //PIECES 'KBIS' => "Extrait RCS", 'ACTES' => "Pièces officielles", 'PRIVILEGES' => "Privilèges", //SURVEILLANCES 'SURVANNONCE' => "Surveillance des annonces légales", 'SURVINSEE' => "Surveillance des événements INSEE", 'SURVBILAN' => "Surveillance des bilans saisies (liasse fiscale)", 'SURVSCORE' => "Surveillance des événements sur le score", 'SURVACTES' => "Surveillance des pieces officielles (comptes annuels, actes)", 'SURVDIRIGEANTS'=> "Surveillance des dirigeants", 'SURVPAIEMENTS' => "Surveillance des paiements", 'SURVLIENS' => "Surveillance des liens financiers", 'SURVPRIV' => "Surveillance des privilèges", //OPTIONS 'MONPROFIL' => "Mon profil", 'EDITION' => "Mode Edition", 'PORTEFEUILLE' => "Portefeuille", 'SURVLISTE' => "Liste des surveillances", //DIVERS 'INTERNATIONAL' => "Recherche Internationale", 'BDF' => "Banque de France", 'WORLDCHECK' => "World-Check Risk Intelligence", ); protected $listeCategory = array( 'RECHERCHE' => array( 'label' => "Recherche", 'droits' => array('RECHCSV', 'IPARI', 'HISTOBODACC', 'INVESTIG', 'SEARCHENT', 'SEARCHDIR', 'SEARCHACT'), ), 'IDENTITE' => array( 'label' => "Identité", 'droits' => array('IDENTITE','IDPROCOL', 'LIENS', 'ETABLISSEMENTS', 'GROUPE', 'EVENINSEE', 'AVISINSEE'), ), 'DIRIGEANT' => array( 'label' => "Dirigeant", 'droits' => array('DIRIGEANTS','DIRIGEANTSOP', 'WORLDCHECK'), ), 'FINANCE' => array( 'label' => 'Elements Financiers', 'droits' => array('SYNTHESE','RATIOS','FLUX','LIASSE','LIASSEXLS', 'UPLOADBILAN', 'BOURSE','BANQUE'), ), 'JURIDIQUE' => array( 'label' => 'Elements Juridiques', 'droits' => array('ANNONCES','INFOSREG','COMPETENCES','CONVENTIONS','MARQUES'), ), 'EVALUATION' => array( 'label' => 'Evaluation', 'droits' => array('INDISCORE', 'INDISCORE2', 'INDISCORE3', 'INDISCOREP', 'INDISCORE2P', 'INDISCORE3P','VALORISATION','ENQUETEC','AVISCREDIT'), ), 'PIECES' => array( 'label' => 'Pièces officielles', 'droits' => array('KBIS', 'ACTES', 'PRIVILEGES'), ), 'SURVEILLANCES' => array( 'label' => 'Surveillances', 'droits' => array('SURVANNONCE', 'SURVINSEE', 'SURVBILAN', 'SURVSCORE', 'SURVACTES', 'SURVDIRIGEANTS', 'SURVPAIEMENTS', 'SURVLIENS', 'SURVPRIV', ), ), 'OPTIONS' => array( 'label' => 'Options', 'droits' => array('MONPROFIL','SURVLISTE','PORTEFEUILLE','EDITION'), ), 'DIVERS' => array( 'label' => 'Divers', 'droits' => array('INTERNATIONAL', 'BDF'), ), ); /** * List preferences * @var array */ protected $listePrefs = array( 'NAF4' => "Afficher les anciens NAF", 'NACE' => "Afficher les codes NACES", 'NEWS' => "Afficher les news Google©", 'MAPPY' => "Afficher les façades d'immeubles", 'CARTES' => "Afficher les cartes et les plans", 'VOIRSURV' => "Afficher les entités sous surveillances", 'DEMANDEREF' => "Demande de référence par defaut", 'RECHREF' => "Afficher le formulaire de recherche par référence", ); /** * List logs for facturation * @var array */ protected $logs = array( 'identite' => array( 'label' => "Identité" ), 'liens' => array( 'label' => "Liens Inter-Entreprise" ), 'etablissements' => array( 'label' => "Etablissements" ), 'dirigeants' => array( 'label' => "Dirigeants" ), 'annonces' => array( 'label' => "Annonces légales", ), 'indiscore' => array( 'label' => "Indiscore", ), 'indiscorep' => array( 'label' => "Indiscore+", ), 'indiscore2' => array( 'label' => "Rapport", ), 'indiscore2p' => array( 'label' => "Rapport avec suivi", ), 'indiscore3' => array( 'label' => "Rapport complet", ), 'indiscore3p' => array( 'label' => "Rapport complet avec suivi", ), 'evenements' => array( 'label' => "Modifications Insee", ), 'tva' => array( 'label' => "Numéro de TVA intracommunautaire", ), 'infosreg' => array( 'label' => "Informations réglementées", ), 'bourse' => array( 'label' => "Information boursière" ), 'bilan' => array( 'label' => "Liasse fiscale", ), 'sirenExiste' => array( 'label' => "Controle du SIREN", ), 'ratios' => array( 'label' => "Ratios", ), 'rapport1' => array( 'label' => "Rapport complet 1", ), 'rapport2' => array( 'label' => "Rapport complet 2", ), 'rapport3' => array( 'label' => "Rapport complet 3", ), 'banque' => array( 'label' => "Relations banquaires", ), 'competences' => array( 'label' => "Competences territoriales", ), 'privdetail' => array( 'label' => "Détails des privilèges", ), 'privcumul' => array( 'label' => "Privilèges cumulés", ), 'conventions' => array( 'label' => "Conventions collectives", ), 'marques' => array( 'label' => "Marques déposés", ), 'kbis' => array( 'label' => "Extrait RCS", ), 'dirigeantsop' => array( 'label' => "Dirigeants opérationels", ), 'groupesarbo' => array( 'label' => "Arborescence de groupes", ), 'groupeinfos' => array( 'label' => "Informations groupe", ), 'valorisation' => array( 'label' => "Valorisation", ), ); /** * List of error code send as SoapFault * @var unknown_type */ public $listError = array( '0900' => "Identifiant ou mot de passe incorrect", '0901' => "Accès WS non authorisé pour cet utilisateur", '0902' => "Méthode non authorisée dans votre profil", '0903' => "Période d'accès au service invalide", '0904' => "Adresse IP Invalide", '0905' => "Accès environnement de test non autorisé", '1010' => 'Siren invalide', '1011' => 'Identifiant invalide', '1020' => 'Siren inexistant', '1021' => 'Type d\'identifiant inexistant', '1030' => 'Aucun résultat pour ce siren en base', '3000' => 'Service disponible', '9000' => 'Service S&D indisponible', '9001' => 'Service partenaire indisponible', '9002' => 'Méthode provisoirement indisponible', '9003' => 'Version du service désactivé', '9004' => 'Version du service inexistant', '9010' => 'Fichier indisponible', '9020' => 'Requête incorrecte', ); public function __construct() { defined('DATETIME') || define ('DATETIME', date('YmdHis')); defined('DATE') || define ('DATE', substr(DATETIME,0,8)); defined('TIME') || define ('TIME', substr(DATETIME,8,6)); defined('DATE_LISIBLE') || define ('DATE_LISIBLE', substr(DATETIME,6,2).'/'.substr(DATETIME,4,2).'/'.substr(DATETIME,0,4)); defined('TIME_LISIBLE') || define ('TIME_LISIBLE', substr(DATETIME,8,2).':'.substr(DATETIME,10,2).':'.substr(DATETIME,12,2)); } /** * Send SoapFault with code and messade define * @param string $code * @throws SoapFault */ protected function sendError($code) { $message = 'Erreur inconnue'; if (array_key_exists($code, $this->listError)){ $message = $this->listError[$code]; } throw new SoapFault($code,$message); exit; } /** * Enregistre l'appel utilisateur à une méthode * @param $service * @param $siret * @param $ref * @return void */ protected function wsLog($service, $siret='', $ref='') { //Is it a test if ( $this->User->clientTest=='Oui' || $this->User->typeCompte=='TEST' ) { $test=1; } else { $test=0; } if ( strlen($siret) == 14 ) { $siren = substr($siret,0,9); $nic = substr($siret,9,5); } elseif ( strlen($siret) == 9 ) { $siren = $siret; $nic = ''; } // Set data by default $dataInsert = array( 'login' => $this->User->login, 'page' => $service, 'siren' => $siren, 'nic' => $nic, 'params' => $ref, 'idClient' => $this->User->idClient, 'test' => $test, 'actifInsee' => 0, 'source' => 0, 'raisonSociale' => '', 'cp' => '', 'ville' => '', 'ipClient' => $this->User->ipConnexion, ); $db = Zend_Db_Table_Abstract::getDefaultAdapter(); if ( in_array($service, array('identite', 'greffe_bilans', 'greffe_actes', 'liens', 'dirigeants', 'etablissements', 'dirigeantsOp', 'kbis', 'indiscore', 'indiscore2', 'indiscore3', 'rapport2', 'rapport3')) ) { $sql = $db->select()->from('jo.etablissements', array('siren', 'nic', 'actif', 'siege', 'raisonSociale', 'adr_cp', 'adr_ville', 'source'))->where('siren=?', $siren); if ( intval($siren)>1000 && intval($nic)>9 ) { $sql->where('nic=?', $nic); } elseif ( intval($siren)==0 && $ref>0 ) { $sql->where('id=?', $ref); } elseif ( intval($siren)>1000 ) { $sql->where('siege=1')->order('actif DESC')->order('nic DESC'); } else { return; } try { $result = $db->fetchRow($sql, null, Zend_Db::FETCH_OBJ); } catch(Zend_Db_Exception $e) { //@todo : log exception //file_put_contents('test.log', $e->getMessage()); } if ( $result !== null ) { //file_put_contents('lecture.log', print_r($result,1)); $dataInsert['raisonSociale'] = $result->raisonSociale; $dataInsert['cp'] = $result->adr_cp; $dataInsert['ville'] = $result->adr_ville; $dataInsert['source'] = $result->source; if ( $result->actif == 0 ) { $dataInsert['actifInsee'] = 0; } elseif ( intval($siren)>1000 ) { $dataInsert['actifInsee'] = 1; $sql = $db->select()->from('jo.rncs_entrep', 'count(*) AS nb')->where('siren=?', $siren); $result = $db->fetchRow($sql, null, Zend_Db::FETCH_OBJ); if ( $result !== null ) { if ($result->nb>0 ) { $dataInsert['source'] = 5; } } } } } try { //file_put_contents('insert.log', print_r($dataInsert,1)); $db->insert('sdv1.logs', $dataInsert); } catch(Zend_Db_Exception $e) { //@todo : log exception //file_put_contents('test.log', $e->getMessage()); } } /** * Authenticate the Soap Request * @param mixed $auth */ public function authenticate($auth = null) { if ( $this->authenticated===false ) { if ( empty($auth) ) { /** * @todo : Digest auth */ $this->authMethod = 'basic'; $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; } else { /** * Auth Header in client * $ns = "auth"; * //Create our Auth Object to pass to the SOAP service with our values * $auth->username = 'yourlogin'; * $auth->password = 'yourpassword'; * $creds = new SoapVar($auth, SOAP_ENC_OBJECT); * * //The 2nd variable, 'authenticate' is a method that exists inside of the SOAP service (you must create it, see next example) * $authenticate = new SoapHeader($ns, 'authenticate', $creds, false); * * $client = new SoapClient($wsdl,array('cache_wsdl' => 0)); * $client->__setSoapHeaders(array($authenticate)); * */ $this->authMethod = 'soapheader'; $username = $auth->username; $password = $auth->password; } /** * @todo : proxy get the original IP * $request->getClientIp(true); */ $this->authenticated = $this->checkAuth($username, $password, $_SERVER['REMOTE_ADDR']); if ( $this->authenticated === false ) { $this->sendError('0900'); } elseif ( $this->authenticated !== true ) { $this->sendError($isAuth); } } } /** * Check permission * @param string $perm */ protected function permission($perm) { if ( !$this->checkPerm($perm) ){ $this->sendError('0902'); } } /** * Check if user has the right to access WebService * @throws SoapFault */ protected function checkAccesWS() { //Vérifier que l'utilisateur à le droit accesWS (clients/utilisateurs) $accesWs = $this->User->accesWS; if ($accesWs){ $this->sendError('0901'); } } /** * Check if the user has the right to acces this functionality * @param string $perm * @throws SoapFault */ protected function checkPerm($perm) { $droits = $this->User->droits; $output = false; if ( preg_match('/\b'.$perm.'\b/i', $droits) ){ $output = true; } return $output; } /** * Check if the user could edit data */ protected function checkEdition() { if ($this->User->idClient==1) return true; if ($this->checkPerm('edition')) return true; return false; } /** * checkAuth * @param string $login * @param string $password * @param string $ipConnexion * @return mixed */ protected function checkAuth($login, $password, $ipConnexion) { $userM = new Application_Model_Sdv1Utilisateurs(); $sql = $userM->select() ->setIntegrityCheck(false) ->from(array('u'=>'utilisateurs'), array( 'u.login', 'u.id', 'u.email', 'u.password', 'u.idClient', 'u.typeCompte', 'u.actif', 'u.filtre_ip', 'u.profil', 'u.civilite', 'u.nom', 'u.prenom', 'u.tel', 'u.fax', 'u.mobile', 'u.pref', 'u.rechRefType', 'u.profil', 'u.nombreConnexions', 'u.dateDerniereConnexion', 'u.droits', 'u.referenceParDefaut', 'u.nbReponses', 'u.lang', 'u.formatMail', 'u.dateDebutCompte', 'u.dateFinCompte', 'u.accesWS', 'u.acceptationCGU')) ->join(array('c'=>'clients'), 'u.idClient = c.id', array( 'c.droits AS droitsClients', 'c.test AS clientTest', 'c.typeScore', 'c.timeout', )) ->joinLeft(array('s'=>'sdv1.utilisateurs_service'), 'u.login=s.login', array('Service')) ->where('u.login=?', $login) ->where('u.actif=?', 1) ->where('u.deleted=?', 0) ->where('c.actif=?','Oui'); $result = $userM->fetchRow($sql); if ( null === $result ) { debugLog('W',"CheckAuth $login/$password inexistant ou inactif (IP=$ipConnexion)", __LINE__,__FILE__, __FUNCTION__, __CLASS__); return false; } /** * @todo : * Check how password is check * md5 => standard method md5 ( login | password ) * key => get associated key with crypt method * cert => get associated certificat */ // Check password with database informations if ( $result->password == $password //password sent in clear || md5($result->password) == $password //password sent with md5 || md5($result->login.'|'.$result->password) == $password //password sent concat with login and crypt by md5 // Block access with IPs || ( substr($password,0,7)=='iponly:' && !empty($result->filtre_ip) && checkPlagesIp($result->filtre_ip, substr($password,7))) ) { //Timeout $timeout = $result->timeout; if ($timeout==0) $timeout = 1800; //Infos utilisateur $this->User->login = $result->login; $this->User->id = $result->id; $this->User->civilite = $result->civilite; $this->User->nom = $result->nom; $this->User->prenom = $result->prenom; $this->User->tel = $result->tel; $this->User->fax = $result->fax; $this->User->mobile = $result->mobile; $this->User->email = $result->email; $this->User->typeCompte = $result->typeCompte; $this->User->idClient = $result->idClient; $this->User->Service = $result->Service; $this->User->filtre_ip = $result->filtre_ip; $this->User->ipConnexion = $ipConnexion; $this->User->pref = $result->pref; $this->User->rechRefType = $result->rechRefType; $this->User->profil = $result->profil; $this->User->nombreConnexions = $result->nombreConnexions; $this->User->dateDerniereConnexion = $result->dateDerniereConnexion; $this->User->droits = $result->droits; $this->User->droitsClients = $result->droitsClients; $this->User->timeout = $timeout; $this->User->clientTest = $result->clientTest; $this->User->typeScore = $result->typeScore; $this->User->nbReponses = $result->nbReponses; $this->User->lang = $result->lang; $this->User->formatMail = $result->formatMail; $this->User->referenceParDefaut = $result->referenceParDefaut; $this->User->dateDebutCompte = $result->dateDebutCompte; $this->User->dateFinCompte = $result->dateFinCompte; $this->User->acceptationCGU = $result->acceptationCGU; /** * Date de debut de compte */ if ( !empty($result->dateDebutCompte) && $result->dateDebutCompte!='0000-00-00' ) { $today = mktime(0, 0, 0, date('m'), date('d'), date('Y')); $dateDebutCompte = mktime(0, 0, 0, substr($result->dateDebutCompte,5,2), substr($result->dateDebutCompte,8,2), substr($result->dateDebutCompte,0,4)); if ( $today < $dateDebutCompte ) { return '0903'; } } /** * Date de fin de compte */ if ( !empty($result->dateFinCompte) && $result->dateFinCompte!='0000-00-00' ) { $today = mktime(0, 0, 0, date('m'), date('d'), date('Y')); $dateFinCompte = mktime(0, 0, 0, substr($result->dateFinCompte,5,2), substr($result->dateFinCompte,8,2), substr($result->dateFinCompte,0,4)); if ( $today > $dateFinCompte) { return '0903'; } } /** * Acces WS, block access to other apps */ if ($result->accesWS==1 && $result->idClient!=1) { // Webservice user don't need access to others apps if ( in_array($ipConnexion, $this->listApplicationIp) && $tabRep['idClient']!=1 ) { return '0901'; } elseif ($ipConnexion!='127.0.0.1') { // For customized version, check user is in the good service $clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php'; foreach( $clients as $section => $params ){ if ($params['actif']) { $wsClients[$params['idClient']] = $section; } } if ( array_key_exists($result->idClient, $wsClients) && ( $this->serviceClient == false || strtolower($this->serviceClientName)!=$wsClients[$result->idClient] ) ){ return '0901'; } } } /** * Protect staging environment * - No webservice access * - Not in production * - Not idClient 1 or 147 */ if ( $result->accesWS==0 && APPLICATION_ENV=='staging' && !in_array($result->idClient, array(1,147)) ) { return '0905'; } return true; } debugLog('W',"CheckAuth $login/$password incorrect (IP=$ipConnexion)", __LINE__,__FILE__, __FUNCTION__, __CLASS__); return false; } protected function trigger($event, $args) { //Est ce que l'utilisateur à un trigger //Pour chaque trigger - Executer l'action } }