227 lines
7.3 KiB
PHP

<?php
class Scores_Auth_Adapter_Ws implements Zend_Auth_Adapter_Interface
{
/**
* Identifiant de l'utilisateur
* @var string
*/
protected $_username;
/**
* Password
* @var string
*/
protected $_password;
/**
* Timeout
* @var int
*/
protected $_timeout = 1800;
/**
* Marqueur de vérification IP (en iponly)
* @var boolean
*/
protected $_checkIp = false;
/**
* Marqueur de vérification de hach
* @var boolean
*/
protected $_checkHach = false;
/**
* Liste des IPs des frontends (proxy)
* @var array
*/
protected $listProxyIp = array(
'62.210.222.34',
);
/**
* Authentification par WS
* @param string $username
* @param string $password
* @param string $mode
*/
public function __construct($username, $password, $mode = null)
{
$this->_username = $username;
$this->_password = $password;
if ($mode == 'hach') {
$this->_checkHach = true;
}
if ($mode == 'iponly'){
$ip = $_SERVER['REMOTE_ADDR'];
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
$this->_password = 'iponly:'.$ip;
$this->_checkIp = true;
}
}
/**
* (non-PHPdoc)
* @see Zend_Auth_Adapter_Interface::authenticate()
*/
public function authenticate()
{
$ip = $_SERVER['REMOTE_ADDR'];
if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && in_array($ip, $this->listProxyIp)) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
}
$ws = new Scores_Ws_Client('gestion', '0.3');
$ws->setHttpLogin($this->_username);
$ws->setHttpPassword($this->_password);
$adressIp = $_SERVER['REMOTE_ADDR'];
$parameters = new stdClass();
$parameters->login = $this->_username;
$parameters->ipUtilisateur = $ip;
$parameters->from = 'auth';
$InfosLogin = $ws->getInfosLogin($parameters);
// --- Renvoi
if ( is_string($InfosLogin) || $InfosLogin->error->errnum != 0 ) {
$message = $InfosLogin;
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $identity, array($message));
}
// --- Assignation identity
elseif ( $InfosLogin !== false && !empty($InfosLogin->result->login)) {
$identity = new stdClass();
if ($this->_checkIp || $this->_checkHach) {
Zend_Registry::get('firebug')->info("IN");
$identity->password = $this->_password;
} else {
$identity->password = md5($InfosLogin->result->login.'|'.$this->_password);
}
Zend_Registry::get('firebug')->info($identity->password);
$identity->username = $InfosLogin->result->login;
$identity->email = $InfosLogin->result->email;
$identity->profil = $InfosLogin->result->profil;
$identity->pref = $InfosLogin->result->pref;
$identity->droits = $InfosLogin->result->droits;
$identity->droitsClients = $InfosLogin->result->droitsClients;
$identity->nom = $InfosLogin->result->nom;
$identity->prenom = $InfosLogin->result->prenom;
$identity->tel = $InfosLogin->result->tel;
$identity->fax = $InfosLogin->result->fax;
$identity->mobile = $InfosLogin->result->mobile;
$identity->id = $InfosLogin->result->id;
$identity->idClient = $InfosLogin->result->idClient;
$identity->reference = $InfosLogin->result->reference;
$identity->nbReponses = $InfosLogin->result->nbReponses;
$identity->typeScore = $InfosLogin->result->typeScore;
$identity->dateValidation = $InfosLogin->result->dateValidation;
$identity->nombreConnexions = $InfosLogin->result->nombreConnexions;
$identity->dateDerniereConnexion = $InfosLogin->result->dateDerniereConnexion;
$identity->dateDebutCompte = $InfosLogin->result->dateDebutCompte;
$identity->dateFinCompte = $InfosLogin->result->dateFinCompte;
$identity->acceptationCGU = $InfosLogin->result->acceptationCGU;
$identity->ip = $ip;
$identity->version = $InfosLogin->result->version;
$identity->modeEdition = false;
$timeout = (!empty($InfosLogin->result->timeout)) ? $InfosLogin->result->timeout : $this->_timeout;
$identity->timeout = $timeout;
$identity->time = time() + $timeout;
$lang = in_array($InfosLogin->result->lang, array('fr','en')) ? $InfosLogin->result->lang : 'fr';
$identity->lang = $lang;
$identity->langtmp = $lang;
// --- Adresse Ip interdites
$ipInterdites =
'81.252.88.0-81.252.88.7' // CTE D AGGLOMERATION DE SOPHIA
. ';' . '195.200.187.163' // PacWan
. ';' . '213.11.81.41' // Verizon France SAS
. ';' . '83.206.171.252' // FR-BASE-D-INFORMATIONS-LEGALES-BI
. ';' . '81.255.32.139'
. ';' . '212.155.191.1*' // Satair A/S
. ';' . '217.70.1*.17' // OJSC "Sibirtelecom"
. ';' . '212.37.196.156' // GENERALE-MULTIMEDIA-SUD
. ';' . '80.245.60.121' // Planete Marseille - Mailclub
. ';' . '213.246.57.101' // IKOULA
. ';' . '193.104.158.0-193.104.158.255' // Altares.fr
. ';' . '195.6.3.0-195.6.3.255' // ORT
. ';' . '217.144.112.0-217.144.116.63' // Coface
;
if ( $this->checkPlagesIp($ipInterdites, $adressIp) ) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity);
}
// --- OK connecté
$this->_username = $identity->username;
$this->_password = $identity->password;
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
} else {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, $identity, array("Identification impossible"));
}
}
/**
* Controle si une adresse IP est dans une liste des IP communiquées sous la forme
* 192.168.3.5-192.68.3.10;192.168.3.*;192.168.3.10
* @param string $strPlageIP
* La plage d'adresses IP
* @param string $adresseIP
* L'adresse IP à tester
* @return boolean
*/
protected function checkPlagesIp($strPlageIP, $adresseIP)
{
$connected = false;
$tabIpAllowed = explode(';', trim($strPlageIP));
if (count($tabIpAllowed)==1 && $tabIpAllowed[0]=='') $tabIpAllowed = array();
foreach ($tabIpAllowed as $ip) {
$tabPlages = explode('-', $ip);
// C'est une plage d'adresse '-'
if (isset($tabPlages[1]))
$connected = $this->in_plage($tabPlages[0],$tabPlages[1],$adresseIP);
else {
// C'est une adresse avec ou sans masque '*'
if (preg_match('/^'.str_replace('*','.*',str_replace('.','\.',$ip)).'$/', $adresseIP) )
$connected=true;
}
if ($connected) break;
}
if (count($tabIpAllowed)==0) return false;
elseif (!$connected) {
return false;
}
return true;
}
/**
* Enter description here ...
* @param unknown_type $plage_1
* @param unknown_type $plage_2
* @param unknown_type $ip
* @return boolean
*/
protected function in_plage($plage_1,$plage_2,$ip)
{
$ip2 = $this->getIpNumber($ip);
if ($ip2>=$this->getIpNumber($plage_1) && $ip2<=$this->getIpNumber($plage_2))
return true;
else
return false;
}
/**
* Converti une IP en nombre
* @param string $ip Adresse IP
* @return integer
*/
protected function getIpNumber($ip)
{
$tab=explode('.', $ip);
return (($tab[0]*256*256*256) + ($tab[1]*256*256) + ($tab[2]*256) + ($tab[3]));
}
}