webservice/library/WsScore/WsScore.php
Michael RICOIS 4a082b7517 Add security
2012-12-12 17:27:11 +00:00

634 lines
19 KiB
PHP

<?php
require_once 'Metier/insee/classMInsee.php';
require_once 'Metier/insee/classMSirene.php';
require_once 'Metier/partenaires/classMBilans.php';
require_once 'Metier/partenaires/classMBourse.php';
require_once 'Metier/partenaires/classMLiens.php';
require_once 'Metier/partenaires/classMTva.php';
require_once 'Metier/partenaires/classMMap.php';
require_once 'Metier/partenaires/classMGreffes.php';
require_once 'Metier/partenaires/classMPrivileges.php';
require_once 'Metier/scores/classMFinancier.php';
require_once 'Metier/scores/classMSolvabilite.php';
require_once 'framework/mail/sendMail.php';
class WsScore
{
/**
* Database configuration
* @var unknown
*/
protected $dbConfig;
/**
* User information
* @var array
*/
protected $tabInfoUser;
/**
* Name of Service
* @var string
*/
public $serviceName = null;
/**
* Is a customize service
* @var boolean
*/
public $serviceClient = false;
/**
* Name of Client
* @var unknown
*/
public $serviceClientName = null;
/**
* List all application IPs
* @var array
*/
protected $listApplicationIp = array (
'88.191.79.121', //Extranet
'78.31.45.206', //SDSL RAMBOUILLET
);
/**
* List all permission
* @var array
*/
protected $listeDroits = array (
//RECHERCHE
'RECHCSV' => "Export des résultats de la recherche",
'IPARI' => "Investigation par l'image IparI&copy;",
'HISTOBODACC' => "Historique des annonces bodacc",
'INVESTIG' => "Investigation",
//IDENTITE
'IDENTITE' => "Fiche d'identité",
'IDPROCOL' => 'Fiche procédure collective',
'LIENS' => "Liens inter-entreprise",
'ETABLISSEMENTS' => "Liste des établissements",
'GROUPE' => "Informations et organigramme du groupe",
'EVENINSEE' => '&Eacute;vènements INSEE',
'AVISINSEE' => 'Avis de situation INSEE',
//DIRIGEANT
'DIRIGEANTS' => "Liste des dirigeants",
'DIRIGEANTSOP' => "Liste des dirigeants opérationnels",
//FINANCE
'SYNTHESE' => "Synthèse",
'RATIOS' => "Ratios",
'FLUX' => "Flux de trésorerie",
'LIASSE' => "Liasse fiscale",
'LIASSEXLS' => "Export des Liasses au format XLS",
'UPLOADBILAN' => "Saisie de bilan",
'BOURSE' => "Bourse & cotations",
'BANQUE' => "Relations bancaires",
//JURIDIQUE
'ANNONCES' => "Annonces légales",
'INFOSREG' => "Informations réglementée",
'COMPETENCES' => "Compétences territoriales",
'CONVENTIONS' => "Conventions collectives",
'MARQUES' => "Marques déposées",
//EVALUATION
'INDISCORE' => 'indiScore&copy;',
'INDISCORE2' => 'Rapport synthetique',
'INDISCORE3' => 'Rapport complet',
'INDISCOREP' => 'indiScore+',
'INDISCORE2P' => 'Rapport synthetique+',
'INDISCORE3P' => 'Rapport complet+',
'SCORECSF' => 'Score CSF',
'ENQUETEC' => 'Enquête commerciale',
'AVISCREDIT' => 'Avis de crédit personnalisé',
//PIECES
'KBIS' => 'Extrait RCS',
'ACTES' => 'Pièces officielles',
'PRIVILEGES' => 'Privilèges',
//SURVEILLANCES
'SURVANNONCE' => 'Surveillance des annonces légales',
'SURVINSEE' => 'Surveillance des événements INSEE',
'SURVBILAN' => 'Surveillance des bilans',
'SURVSCORE' => 'Surveillance des événements sur le score',
'SURVACTES' => 'Surveillance des actes',
'SURVDIRIGEANTS'=> 'Surveillance des dirigeants',
'SURVPAIEMENTS' => 'Surveillance des paiements',
'SURVLIENS' => 'Surveillance des liens financiers',
'SURVPRIV' => 'Surveillance des privilèges',
//OPTIONS
'MONPROFIL' => 'Mon profil',
'EDITION' => 'Mode Edition',
'PORTEFEUILLE' => 'Portefeuille',
'SURVLISTE' => 'Liste des surveillances',
//DIVERS
'INTERNATIONAL' => 'Recherche Internationale',
'BDF' => 'Banque de France',
);
protected $listeCategory = array(
'RECHERCHE' => array(
'label' => "Recherche",
'droits' => array('RECHCSV', 'IPARI', 'HISTOBODACC', 'INVESTIG'),
),
'IDENTITE' => array(
'label' => "Identité",
'droits' => array('IDENTITE','IDPROCOL', 'LIENS', 'ETABLISSEMENTS', 'GROUPE',
'EVENINSEE', 'AVISINSEE'),
),
'DIRIGEANT' => array(
'label' => "Dirigeant",
'droits' => array('DIRIGEANTS','DIRIGEANTSOP'),
),
'FINANCE' => array(
'label' => 'Elements Financiers',
'droits' => array('SYNTHESE','RATIOS','FLUX','LIASSE','LIASSEXLS', 'UPLOADBILAN',
'BOURSE','BANQUE'),
),
'JURIDIQUE' => array(
'label' => 'Elements Juridiques',
'droits' => array('ANNONCES','INFOSREG','COMPETENCES','CONVENTIONS','MARQUES'),
),
'EVALUATION' => array(
'label' => 'Evaluation',
'droits' => array('INDISCORE', 'INDISCORE2', 'INDISCORE3', 'INDISCOREP', 'INDISCORE2P',
'INDISCORE3P','ENQUETEC','AVISCREDIT'),
),
'PIECES' => array(
'label' => 'Pièces officielles',
'droits' => array('KBIS', 'ACTES', 'PRIVILEGES'),
),
'SURVEILLANCES' => array(
'label' => 'Surveillances',
'droits' => array('SURVANNONCE', 'SURVINSEE', 'SURVBILAN', 'SURVSCORE', 'SURVACTES',
'SURVDIRIGEANTS', 'SURVPAIEMENTS', 'SURVLIENS', 'SURVPRIV',
),
),
'OPTIONS' => array(
'label' => 'Options',
'droits' => array('MONPROFIL','SURVLISTE','PORTEFEUILLE','EDITION'),
),
'DIVERS' => array(
'label' => 'Divers',
'droits' => array('INTERNATIONAL', 'BDF'),
),
);
/**
* List preferences
* @var array
*/
protected $listePrefs = array(
'NAF4' => "Afficher les anciens NAF",
'NACE' => "Afficher les codes NACES",
'NEWS' => "Afficher les news Google&copy;",
'MAPPY' => "Afficher les fa&ccedil;ades d'immeubles",
'CARTES' => "Afficher les cartes et les plans",
'VOIRSURV' => "Afficher les entités sous surveillances",
'DEMANDEREF' => "Demande de référence par defaut",
'RECHREF' => "Afficher le formulaire de recherche par référence",
);
/**
* List logs for facturation
* @var unknown_type
*/
protected $logs = array(
'identite' => array(
'label' => "Identité"
),
'liens' => array(
'label' => "Liens Inter-Entreprise"
),
'etablissements' => array(
'label' => "Etablissements"
),
'dirigeants' => array(
'label' => "Dirigeants"
),
'annonces' => array(
'label' => "Annonces légales",
),
'indiscore' => array(
'label' => "Indiscore",
),
'indiscorep' => array(
'label' => "Indiscore+",
),
'indiscore2' => array(
'label' => "Rapport",
),
'indiscore2p' => array(
'label' => "Rapport avec suivi",
),
'indiscore3' => array(
'label' => "Rapport complet",
),
'indiscore3p' => array(
'label' => "Rapport complet avec suivi",
),
'evenements' => array(),
'tva' => array(),
'infosreg' => array(
'label' => "Informations réglementées",
),
'bourse' => array(
'label' => "Information boursière"
),
'bilan' => array(
'label' => "Liasse fiscale",
),
'sirenExiste' => array(),
'ratios' => array(
'label' => "Ratios",
),
'rapport1' => array(
'label' => "Rapport complet 1",
),
'rapport2' => array(
'label' => "Rapport complet 2",
),
'rapport3' => array(
'label' => "Rapport complet 3",
),
'banque' => array(
'label' => "Relations banquaires",
),
'competences' => array(),
'privdetail' => array(
'label' => "Détails des privilèges",
),
'privcumul' => array(
'label' => "Privilèges cumulés",
),
'conventions' => array(
'label' => "Conventions collectives",
),
'marques' => array(
'label' => "Marques déposés",
),
'kbis' => array(
'label' => "Extrait RCS",
),
'dirigeantsop' => array(
'label' => "Dirigeants opérationels",
),
'groupesarbo' => array(
'label' => "Arborescence de groupes",
),
'groupeinfos' => array(
'label' => "Informations groupe",
),
);
/**
* List of error code send as SoapFault
* @var unknown_type
*/
public $listError = array(
'0900' => "Identifiant ou mot de passe incorrect",
'0901' => "Accès WS non authorisé pour cet utilisateur",
'0902' => "Méthode non authorisée dans votre profil",
'0903' => "Période d'accès au service invalide",
'0904' => "Adresse IP Invalide",
'1010' => 'Siren invalide',
'1011' => 'Identifiant invalide',
'1020' => 'Siren inexistant',
'1021' => 'Type d\'identifiant inexistant',
'1030' => 'Aucun résultat pour ce siren en base',
'3000' => 'Service disponible',
'9000' => 'Service S&D indisponible',
'9001' => 'Service partenaire indisponible',
'9002' => 'Méthode provisoirement indisponible',
'9003' => 'Version du service désactivé',
'9004' => 'Version du service inexistant',
'9010' => 'Fichier indisponible',
'9020' => 'Requête incorrecte',
);
public function __construct()
{
define ('DATETIME', date('YmdHis'));
define ('DATE', substr(DATETIME,0,8));
define ('TIME', substr(DATETIME,8,6));
define ('DATE_LISIBLE', substr(DATETIME,6,2).'/'.substr(DATETIME,4,2).'/'.substr(DATETIME,0,4));
define ('TIME_LISIBLE', substr(DATETIME,8,2).':'.substr(DATETIME,10,2).':'.substr(DATETIME,12,2));
//Load database configuration
$c = Zend_Registry::get('config');
$this->dbConfig = $c->profil;
}
/**
* Send SoapFault with code and messade define
* @param string $code
* @throws SoapFault
*/
protected function sendError($code)
{
$message = 'Erreur inconnue';
if (array_key_exists($code, $this->listError)){
$message = $this->listError[$code];
}
throw new SoapFault($code,$message);
exit;
}
/**
* Enregistre l'appel utilisateur à une méthode
* @param $service
* @param $siret
* @param $ref
* @return void
*/
protected function wsLog($service, $siret='', $ref='')
{
$iDbCrm = new WDB('sdv1');
//Is it a test
if ($this->tabInfoUser['clientTest']=='Oui' || $this->tabInfoUser['typeCompte']=='TEST') {
$test=1;
} else {
$test=0;
}
//Update count access to a service
$sql = "UPDATE logsCount SET conso=conso+1 WHERE jour=CURDATE() AND idClient=".$this->tabInfoUser['idClient'].
" AND service='".$pricing[0]['service']."' AND login='".$pricing[0]['login']."' AND log='".$service."'";
$iDbCrm->query($sql);
$updateOk = $iDbCrm->getAffectedRows();
//If not insert
if ($updateOk==0) {
$sql = "INSERT INTO logsCount (jour, idClient, service, login, log, conso) ".
"VALUES (NOW(), ".$this->tabInfoUser['idClient'].", '".$pricing[0]['service']."', '".$pricing[0]['login']."', '".$service."', 1) ";
$iDbCrm->query($sql);
}
if (strlen($siret)==14) {
$siren = substr($siret,0,9);
$nic = substr($siret,9,5);
} elseif (strlen($siret)==9) {
$siren=$siret;
$nic='';
}
$rs = '';
$cp = '';
$vil = '';
$tabRdvInsee = array();
if (in_array($service, array(
'identite',
'greffe_bilans',
'greffe_actes',
'liens',
'dirigeants',
'etablissements',
'dirigeantsOp',
'kbis',
'indiscore', 'indiscore2', 'indiscore3', 'rapport2', 'rapport3'))
) {
if (intval($siren)>1000 && intval($nic)>9) $strNic=" AND nic=$nic ";
elseif (intval($siren)==0 && $ref>0) $strNic=" AND id=$ref ";
elseif (intval($siren)>1000) $strNic=" AND siege=1 ORDER BY actif DESC, nic DESC ";
else return;
$rep = $iDbCrm->select('jo.etablissements',
'siren, nic, actif, siege, raisonSociale, adr_cp, adr_ville, source',
"siren=$siren $strNic", false, MYSQL_ASSOC);
$tabRep = $rep[0];
$rs = $tabRep['raisonSociale'];
$cp = $tabRep['adr_cp'];
$vil = $tabRep['adr_ville'];
$tabRdvInsee['source']=$tabRep['source'];
if ($tabRep['actif']==0)
$tabRdvInsee['actifInsee']=0;
elseif (intval($siren)>1000) {
$tabRdvInsee['actifInsee']=1;
$rep=$iDbCrm->select('jo.rncs_entrep', 'count(*) AS nb', "siren=$siren", false, MYSQL_ASSOC);
$tabRep=$rep[0];
if ($tabRep['nb']>0) $tabRdvInsee['source']=5;
}
}
$tabInsert = array(
'login' => $this->tabInfoUser['login'],
'idClient' => $this->tabInfoUser['idClient'],
'page' => $service,
'siren' => $siren,
'nic' => $nic,
'params' => $ref,
'test' => $test,
'raisonSociale' => $rs,
'cp' => $cp,
'ville' => $vil,
'ipClient' => $this->tabInfoUser['ipConnexion'],
);
$rep = $iDbCrm->insert('logs', array_merge($tabInsert,$tabRdvInsee), false, true);
}
/**
* Retourne une erreur soap lors d'une mauvaise authentification
* @throws SoapFault
*/
protected function authenticate()
{
$auth = $this->checkAuth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $_SERVER['REMOTE_ADDR']);
if ( $auth === false ) {
$this->sendError('0900');
} elseif ( $auth !== true ) {
$this->sendError($auth);
}
}
protected function permission($perm)
{
if ( !$this->checkPerm($perm) ){
$this->sendError('0902');
}
}
protected function checkLimit($log)
{
//Read if client has pricing for this service
$pricing = $iDbCrm->select('clientsTarif', 'login, service',
"log='".$log."' AND idClient=" . $this->tabInfoUser['idClient'] .
" AND (service='".$this->tabInfoUser['service']."' OR service='') AND (login='".$this->tabInfoUser['login']."' OR login='') ".
" ORDER BY service, login DESC LIMIT 1");
if ( count($pricing)>0 ) {
//Limit
}
}
/**
* checkAccesWS
* @throws SoapFault
*/
protected function checkAccesWS()
{
//Vérifier que l'utilisateur à le droit accesWS (clients/utilisateurs)
$accesWs = $this->tabInfoUser['accesWS'];
if ($accesWs){
$this->sendError('0901');
}
}
/**
* checPerm
* @param string $perm
* @throws SoapFault
*/
protected function checkPerm($perm)
{
$droits = $this->tabInfoUser['droits'];
$output = false;
if ( preg_match('/\b'.$perm.'\b/i', $droits) ){
$output = true;
}
return $output;
}
/**
* Check if the user could edit data
*/
protected function checkEdition()
{
if ($this->tabInfoUser['idClient']==1)
return true;
if ($this->checkPerm('edition'))
return true;
return false;
}
/**
* checkAuth
* @param string $login
* @param string $password
* @param string $ipConnexion
* @return mixed
*/
protected function checkAuth($login, $password, $ipConnexion)
{
$iDbCrm = new WDB('sdv1');
$rep = $iDbCrm->select(
'utilisateurs u, clients c',
'u.login, u.id, u.email, u.password, u.idClient, u.typeCompte, u.actif, u.filtre_ip, u.profil, '.
'u.civilite, u.nom, u.prenom, u.tel, u.fax, u.mobile, '.
'u.pref, u.rechRefType, u.profil, u.nombreConnexions, u.dateDerniereConnexion, u.droits, '.
'u.referenceParDefaut, u.nbReponses, u.formatMail, u.dateDebutCompte, u.dateFinCompte, u.accesWS, '.
'u.acceptationCGU, '.
'c.droits AS droitsClients, c.test AS clientTest, c.typeScore, c.timeout',
"u.login='$login' AND u.idClient=c.id AND u.actif=1 AND u.deleted=0 AND c.actif='Oui'",
false, MYSQL_ASSOC
);
if (count($rep)>0)
{
// Récupération des informations de connexion
$tabRep = $rep[0];
if ( $tabRep['password']==$password
|| $tabRep['password']==md5($password)
|| $password==md5($login.'|'.$tabRep['password'])
|| ( substr($password,0,7)=='iponly:' && checkPlagesIp($tabRep['filtre_ip'], substr($password,7))) )
{
$timeOutSec = $tabRep['timeout'];
if ($timeOutSec==0) $timeOutSec=1800;
$this->tabInfoUser = array(
'login' => $login,
'id' => $tabRep['id'],
'civilite' => $tabRep['civilite'],
'nom' => $tabRep['nom'],
'prenom' => $tabRep['prenom'],
'tel' => $tabRep['tel'],
'fax' => $tabRep['fax'],
'mobile' => $tabRep['mobile'],
'email' => $tabRep['email'],
'typeCompte' => $tabRep['typeCompte'],
'idClient' => $tabRep['idClient'],
'filtre_ip' => $tabRep['filtre_ip'],
'ipConnexion' => $ipConnexion,
'pref' => $tabRep['pref'],
'rechRefType' => $tabRep['rechRefType'],
'profil' => $tabRep['profil'],
'nombreConnexions' => $tabRep['nombreConnexions'],
'dateDerniereConnexion' => $tabRep['dateDerniereConnexion'],
'droits' => $tabRep['droits'],
'droitsClients' => $tabRep['droitsClients'],
'timeout' => $timeOutSec,
'clientTest' => $tabRep['clientTest'],
'typeScore' => $tabRep['typeScore'],
'nbReponses' => $tabRep['nbReponses'],
'formatMail' => $tabRep['formatMail'],
'referenceParDefaut' => $tabRep['referenceParDefaut'],
'dateDebutCompte' => $tabRep['dateDebutCompte'],
'dateFinCompte' => $tabRep['dateFinCompte'],
'acceptationCGU' => $tabRep['acceptationCGU']
);
debugLog('W',"CheckAuth $login/$password OK", __LINE__,__FILE__, __FUNCTION__, __CLASS__);
/**
* Date de debut de compte
*/
if ( !empty($tabRep['dateDebutCompte']) && $tabRep['dateDebutCompte']!='0000-00-00' ) {
$today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$dateDebutCompte = mktime(0, 0, 0, substr($tabRep['dateDebutCompte'],5,2), substr($tabRep['dateDebutCompte'],8,2), substr($tabRep['dateDebutCompte'],0,4));
if ( $today < $dateDebutCompte ) {
return '0903';
}
}
/**
* Date de fin de compte
*/
if ( !empty($tabRep['dateFinCompte']) && $tabRep['dateFinCompte']!='0000-00-00' ) {
$today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
$dateFinCompte = mktime(0, 0, 0, substr($tabRep['dateFinCompte'],5,2), substr($tabRep['dateFinCompte'],8,2), substr($tabRep['dateFinCompte'],0,4));
if ( $today > $dateFinCompte) {
return '0903';
}
}
/**
* Acces WS, block access to other apps
*/
if ($tabRep['accesWS']==1) {
// Webservice user don't need access to others apps
if ( in_array($ipConnexion, $this->listApplicationIp) && $tabRep['idClient']!=1 ) {
return '0901';
}
// For customized version, check user is in the good service
$clients = include APPLICATION_PATH . '/../library/WsScore/Clients/ClientsConfig.php';
foreach( $clients as $section => $params ){
if ($params['actif']) {
$wsClients[$params['idClient']] = $section;
}
}
if ( array_key_exists($this->tabInfoUser['idClient'], $wsClients) && ( $this->serviceClient == false
|| strtolower($this->serviceClientName)!=$wsClients[$this->tabInfoUser['idClient']] ) ){
return '0901';
}
}
return true;
}
debugLog('W',"CheckAuth $login/$password incorrect (IP=$ipConnexion)", __LINE__,__FILE__, __FUNCTION__, __CLASS__);
return false;
}
debugLog('W',"CheckAuth $login/$password inexistant ou inactif (IP=$ipConnexion)", __LINE__,__FILE__, __FUNCTION__, __CLASS__);
return false;
}
}