_username = $username; $this->_password = $password; if ($mode == 'hach') { $this->_checkHach = true; } if ($mode == 'iponly'){ $ip = $_SERVER['REMOTE_ADDR']; if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } $this->_password = 'iponly:'.$ip; $this->_checkIp = true; } } /** * (non-PHPdoc) * @see Zend_Auth_Adapter_Interface::authenticate() */ public function authenticate() { $ip = $_SERVER['REMOTE_ADDR']; if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } $ws = new Scores_Ws_Client('gestion', '0.3'); $ws->setHttpLogin($this->_username); $ws->setHttpPassword($this->_password); $adressIp = $_SERVER['REMOTE_ADDR']; $parameters = new stdClass(); $parameters->login = $this->_username; $parameters->ipUtilisateur = $ip; $parameters->from = 'auth'; $InfosLogin = $ws->getInfosLogin($parameters); // --- Renvoi if ( is_string($InfosLogin) || $InfosLogin->error->errnum != 0 ) { $message = $InfosLogin; return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message)); } // --- Assignation identity elseif ( $InfosLogin !== false && !empty($InfosLogin->result->login)) { $identity = new stdClass(); if ($this->_checkIp || $this->_checkHach) { Zend_Registry::get('firebug')->info("IN"); $identity->password = $this->_password; } else { $identity->password = md5($InfosLogin->result->login.'|'.$this->_password); } Zend_Registry::get('firebug')->info($identity->password); $identity->username = $InfosLogin->result->login; $identity->email = $InfosLogin->result->email; $identity->profil = $InfosLogin->result->profil; $identity->pref = $InfosLogin->result->pref; $identity->droits = $InfosLogin->result->droits; $identity->droitsClients = $InfosLogin->result->droitsClients; $identity->nom = $InfosLogin->result->nom; $identity->prenom = $InfosLogin->result->prenom; $identity->tel = $InfosLogin->result->tel; $identity->fax = $InfosLogin->result->fax; $identity->mobile = $InfosLogin->result->mobile; $identity->id = $InfosLogin->result->id; $identity->idClient = $InfosLogin->result->idClient; $identity->reference = $InfosLogin->result->reference; $identity->nbReponses = $InfosLogin->result->nbReponses; $identity->typeScore = $InfosLogin->result->typeScore; $identity->dateValidation = $InfosLogin->result->dateValidation; $identity->nombreConnexions = $InfosLogin->result->nombreConnexions; $identity->dateDerniereConnexion = $InfosLogin->result->dateDerniereConnexion; $identity->dateDebutCompte = $InfosLogin->result->dateDebutCompte; $identity->dateFinCompte = $InfosLogin->result->dateFinCompte; $identity->acceptationCGU = $InfosLogin->result->acceptationCGU; $identity->ip = $ip; $identity->version = $InfosLogin->result->version; $identity->modeEdition = false; $timeout = (!empty($InfosLogin->result->timeout)) ? $InfosLogin->result->timeout : $this->_timeout; $identity->timeout = $timeout; $identity->time = time() + $timeout; $lang = in_array($InfosLogin->result->lang, array('fr','en')) ? $InfosLogin->result->lang : 'fr'; $identity->lang = $lang; $identity->langtmp = $lang; // --- Adresse Ip interdites $ipInterdites = '81.252.88.0-81.252.88.7' // CTE D AGGLOMERATION DE SOPHIA . ';' . '195.200.187.163' // PacWan . ';' . '213.11.81.41' // Verizon France SAS . ';' . '83.206.171.252' // FR-BASE-D-INFORMATIONS-LEGALES-BI . ';' . '81.255.32.139' . ';' . '212.155.191.1*' // Satair A/S . ';' . '217.70.1*.17' // OJSC "Sibirtelecom" . ';' . '212.37.196.156' // GENERALE-MULTIMEDIA-SUD . ';' . '80.245.60.121' // Planete Marseille - Mailclub . ';' . '213.246.57.101' // IKOULA . ';' . '193.104.158.0-193.104.158.255' // Altares.fr . ';' . '195.6.3.0-195.6.3.255' // ORT . ';' . '217.144.112.0-217.144.116.63' // Coface ; if ( $this->checkPlagesIp($ipInterdites, $adressIp) ) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity); } // --- OK connecté $this->_username = $identity->username; $this->_password = $identity->password; return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity); } else { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity, array("Identification impossible")); } } /** * Controle si une adresse IP est dans une liste des IP communiquées sous la forme * 192.168.3.5-192.68.3.10;192.168.3.*;192.168.3.10 * @param string $strPlageIP * La plage d'adresses IP * @param string $adresseIP * L'adresse IP à tester * @return boolean */ protected function checkPlagesIp($strPlageIP, $adresseIP) { $connected = false; $tabIpAllowed = explode(';', trim($strPlageIP)); if (count($tabIpAllowed)==1 && $tabIpAllowed[0]=='') $tabIpAllowed = array(); foreach ($tabIpAllowed as $ip) { $tabPlages = explode('-', $ip); // C'est une plage d'adresse '-' if (isset($tabPlages[1])) $connected = $this->in_plage($tabPlages[0],$tabPlages[1],$adresseIP); else { // C'est une adresse avec ou sans masque '*' if (preg_match('/^'.str_replace('*','.*',str_replace('.','\.',$ip)).'$/', $adresseIP) ) $connected=true; } if ($connected) break; } if (count($tabIpAllowed)==0) return false; elseif (!$connected) { return false; } return true; } /** * Enter description here ... * @param unknown_type $plage_1 * @param unknown_type $plage_2 * @param unknown_type $ip * @return boolean */ protected function in_plage($plage_1,$plage_2,$ip) { $ip2 = $this->getIpNumber($ip); if ($ip2>=$this->getIpNumber($plage_1) && $ip2<=$this->getIpNumber($plage_2)) return true; else return false; } /** * Converti une IP en nombre * @param string $ip Adresse IP * @return integer */ protected function getIpNumber($ip) { $tab=explode('.', $ip); return (($tab[0]*256*256*256) + ($tab[1]*256*256) + ($tab[2]*256) + ($tab[3])); } }