added 4eyes feature for auditors

webui/config.php

@@ -236,6 +236,7 @@ $config['CGI_INPUT_FIELD_WIDTH'] = 50;
 $config['CGI_INPUT_FIELD_HEIGHT'] = 7;
 
 $config['ADMIN_CAN_POWER_SEARCH'] = 0;
+$config['FOUR_EYES_LOGIN_FOR_AUDITOR'] = 0;
 
 $config['MEMCACHED_PREFIX'] = '_piler:';
 $config['MEMCACHED_TTL'] = 900;

webui/controller/login/foureyes.php

@@ -0,0 +1,123 @@
+<?php
+
+
+class ControllerLoginFoureyes extends Controller {
+   private $error = array();
+
+   public function index(){
+
+      $this->id = "content";
+      $this->template = "login/foureyes.tpl";
+      $this->layout = "common/layout-empty";
+
+
+      if(Registry::get('username')) {
+         header("Location: search.php");
+         exit;
+      }
+
+
+      $request = Registry::get('request');
+      $session = Registry::get('session');
+
+      $db = Registry::get('db');
+
+      $this->load->model('user/auth');
+      $this->load->model('user/user');
+      $this->load->model('user/prefs');
+      $this->load->model('domain/domain');
+      $this->load->model('folder/folder');
+
+      if(ENABLE_SAAS == 1) {
+         $this->load->model('saas/ldap');
+         $this->load->model('saas/customer');
+      }
+
+      $this->data['title'] = $this->data['text_login'];
+      $this->data['title_prefix'] = TITLE_PREFIX;
+
+      $this->data['failed_login_count'] = $this->model_user_auth->get_failed_login_count();
+
+      $data = $session->get("auth_data");
+
+      if($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate() == true) {
+
+         if($this->model_user_auth->checkLogin($this->request->post['username'], $_POST['password']) == 1) {
+            $session->remove("four_eyes");
+
+            $this->model_user_auth->apply_user_auth_session($data);
+            $session->remove("auth_data");
+
+               $this->model_user_prefs->get_user_preferences($session->get('username'));
+
+               if(ENABLE_SAAS == 1) {
+                  $this->model_saas_customer->online($session->get('email'));
+               }
+
+               LOGGER('logged in');
+
+               if(isAdminUser() == 1) {
+                  header("Location: " . SITE_URL . "index.php?route=health/health");
+                  exit;
+               }
+
+               header("Location: " . SITE_URL . "search.php");
+               exit;
+         }
+         else {
+            $this->model_user_auth->increment_failed_login_count($this->data['failed_login_count']);
+            $this->data['failed_login_count']++;
+         }
+
+         $this->data['x'] = $this->data['text_invalid_email_or_password'];
+
+      }
+
+
+      $this->render();
+   }
+
+
+   private function check_admin_account() {
+
+      if($this->model_user_auth->checkLogin($this->request->post['username2'], $_POST['password2']) != 1 || isAdminUser() != 1) {
+         $this->error['username'] = 'failed admin login';
+         return 0;
+      }
+      else {
+         $this->model_user_auth->reset_user_auth_session();
+         return 1;
+      }
+
+   }
+
+
+   private function validate() {
+
+      if(strlen($this->request->post['username']) < 2){
+         $this->error['username'] = $this->data['text_invalid_username'];
+      }
+
+
+      if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $this->data['failed_login_count'] > CAPTCHA_FAILED_LOGIN_COUNT) {
+         require_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
+         $image = new Securimage();
+
+         if($image->check($this->request->post['captcha']) != true) {
+            $this->error['captcha'] = 'captcha error';
+         }
+      }
+
+
+      if (!$this->error) {
+         return true;
+      } else {
+         return false;
+      }
+
+   }
+
+
+}
+
+?>

webui/controller/login/ga.php

@@ -52,6 +52,11 @@ class ControllerLoginGA extends Controller {
 
             $session->set("ga_block", "");
 
+            if($session->get("four_eyes") == 1) {
+               header("Location: " . SITE_URL . "index.php?route=login/foureyes");
+               exit;
+            }
+
             $this->model_user_auth->apply_user_auth_session($data);
             $session->remove("auth_data");
 

webui/controller/login/login.php

@@ -47,6 +47,12 @@ class ControllerLoginLogin extends Controller {
                header("Location: " . SITE_URL . "index.php?route=login/ga");
                exit;
             }
+
+            else if($session->get("four_eyes") == 1) {
+               header("Location: " . SITE_URL . "index.php?route=login/foureyes");
+               exit;
+            }
+
             else {
                $data = $session->get("auth_data");
                $this->model_user_auth->apply_user_auth_session($data);

webui/index.php

@@ -69,6 +69,9 @@ Registry::set('import_status', $import_status);
 if($session->get("ga_block") == 1 && $request->get['route'] != 'login/logout' ) {
    $action = new Router('login/ga');
 }
+else if($session->get("four_eyes") == 1 && $request->get['route'] != 'login/logout' ) {
+   $action = new Router('login/foureyes');
+}
 else if(Registry::get('username')) {
 
    if(isset($request->get['route'])){

webui/model/user/auth.php

@@ -44,10 +44,6 @@ class ModelUserAuth extends Model {
          if($ok == 1) { return $ok; }
       }
 
-/*
- * TODO: test the CUSTOM_EMAIL_QUERY_FUNCTION feature!
- */
-
       if(ENABLE_IMAP_AUTH == 1) {
          require 'Zend/Mail/Protocol/Imap.php';
          $ok = $this->checkLoginAgainstIMAP($username, $password, $data);
@@ -116,6 +112,8 @@ class ModelUserAuth extends Model {
 
          $this->is_ga_code_needed($username);
 
+         $this->is_four_eye_auth_needed($data['admin_user']);
+
          return 1;
       }
 
@@ -213,6 +211,8 @@ class ModelUserAuth extends Model {
 
                $session->set("auth_data", $data);
 
+               $this->is_four_eye_auth_needed($role);
+
                AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
 
                return 1;
@@ -494,10 +494,10 @@ class ModelUserAuth extends Model {
    }
 
 
-   public function is_four_eye_auth_needed() {
+   public function is_four_eye_auth_needed($admin_user = 0) {
       $session = Registry::get('session');
 
-      if(1 == FOUR_EYES_LOGIN_FOR_AUDITOR && 2 == $session->get("admin_user")) {
+      if(1 == FOUR_EYES_LOGIN_FOR_AUDITOR && 2 == $admin_user) {
          $session->set("four_eyes", 1);
       }
 

webui/view/theme/default/templates/login/foureyes.tpl

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <title><?php if($title_prefix) { print $title_prefix; ?> | <?php } ?><?php print $title; ?></title>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <?php if(SITE_KEYWORDS) { ?><meta name="keywords" content="<?php print SITE_KEYWORDS; ?>" /><?php } ?>
+    <?php if(SITE_DESCRIPTION) { ?><meta name="description" content="<?php print SITE_DESCRIPTION; ?>" /><?php } ?>
+    <?php if(PROVIDED_BY) { ?><meta name="author" content="<?php print PROVIDED_BY; ?>" /><?php } ?>
+
+    <link href="/view/theme/default/assets/css/metro-bootstrap.css" rel="stylesheet">
+
+    <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
+    <!-- original location: http://html5shim.googlecode.com/svn/trunk/html5.js -->
+    <!--[if lt IE 9]>
+      <script src="/view/theme/default/assets/js/html5.js"></script>
+    <![endif]-->
+	
+    <!-- Fav and touch icons -->
+    <link rel="apple-touch-icon-precomposed" sizes="144x144" href="/view/theme/default/assets/ico/apple-touch-icon-144-precomposed.png">
+    <link rel="apple-touch-icon-precomposed" sizes="114x114" href="/view/theme/default/assets/ico/apple-touch-icon-114-precomposed.png">
+    <link rel="apple-touch-icon-precomposed" sizes="72x72" href="/view/theme/default/assets/ico/apple-touch-icon-72-precomposed.png">
+    <link rel="apple-touch-icon-precomposed" href="/view/theme/default/assets/ico/apple-touch-icon-57-precomposed.png">
+    <?php if(BRANDING_FAVICON) { ?><link rel="shortcut icon" href="<?php print BRANDING_FAVICON; ?>" /><?php } ?>
+  </head>
+
+  <body id="loginpage">
+   
+<?php if(!Registry::get('username')) { ?>
+
+    <div id="logincontainer" class="container">
+        <div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="Login" /></div>
+
+        <form name="login" action="index.php?route=login/foureyes" method="post" class="form-signin">
+
+            <h2 class="form-signin-heading">4eyes <?php print $text_login; ?></h2>
+
+            <?php if(isset($x)){ ?><p class="alert alert-error lead"><?php print $x; ?></p><?php } ?>
+            <input type="hidden" name="relocation" value="<?php if(isset($_GET['route']) && !preg_match("/^login/", $_GET['route']) ) { if(isset($_SERVER['REDIRECT_URL'])) { print $_SERVER['REDIRECT_URL']; } else { print $_SERVER['QUERY_STRING']; } } ?>" />
+
+            <input type="text" class="input-block-level" name="username" placeholder="<?php print $text_email; ?>" required autofocus>
+            <input type="password" class="input-block-level" name="password" placeholder="<?php print $text_password; ?>">
+
+        <?php if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $failed_login_count > CAPTCHA_FAILED_LOGIN_COUNT) { ?>
+            <img src="securimage/securimage_show.php" alt="captcha image" id="captcha" />
+            <input type="text" class="input-block-level" name="captcha" placeholder="CAPTCHA" />
+        <?php } ?>
+
+            <button class="btn btn-large btn-primary" type="submit" value="<?php print $text_submit; ?>"><?php print $text_submit; ?></button>
+
+        </form>
+
+
+        <div id="compatibility" class="well well-large">
+            <p><?php print COMPATIBILITY; ?></p>
+        </div>
+
+   </div>
+
+<?php } ?>
+
+<!-- <?php print PILER_LOGIN_HELPER_PLACEHOLDER; ?> -->
+
+  <?php if(TRACKING_CODE) { print TRACKING_CODE; } ?>
+
+  </body>
+</html>

webui/view/theme/mobile/templates/login/foureyes.tpl

@@ -0,0 +1,76 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hu" lang="hu">
+
+<head>
+   <title><?php if($title_prefix) { print $title_prefix; ?> | <?php } ?><?php print $title; ?></title>
+   <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+   <meta http-equiv="Content-Language" content="en" />
+   <?php if(SITE_KEYWORDS) { ?><meta name="keywords" content="<?php print SITE_KEYWORDS; ?>" /><?php } ?>
+   <?php if(SITE_DESCRIPTION) { ?><meta name="description" content="<?php print SITE_DESCRIPTION; ?>" /><?php } ?>
+   <?php if(PROVIDED_BY) { ?><meta name="author" content="<?php print PROVIDED_BY; ?>" /><?php } ?>
+   <meta name="rating" content="general" />
+   <meta name="robots" content="all" />
+
+   <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+   <link href="/bootstrap/css/bootstrap<?php print BOOTSTRAP_THEME; ?>.min.css" rel="stylesheet" media="screen">
+   <link href="/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
+
+   <link rel="stylesheet" type="text/css" href="/view/theme/<?php print THEME; ?>/stylesheet/jquery-ui-custom.min.css" />
+   <link rel="stylesheet" type="text/css" href="/view/theme/<?php print THEME; ?>/stylesheet/style-<?php print THEME; ?>.css" />
+
+   <script type="text/javascript" src="/view/javascript/jquery.min.js"></script>
+   <script type="text/javascript" src="/view/javascript/jquery-ui-custom.min.js"></script>
+   <script type="text/javascript" src="/view/javascript/bootstrap.min.js"></script>
+   <script type="text/javascript" src="/view/javascript/rc-splitter.js"></script>
+   <script type="text/javascript" src="/view/javascript/piler.js"></script>
+
+   <?php if(BRANDING_FAVICON) { ?><link rel="shortcut icon" href="<?php print BRANDING_FAVICON; ?>" /><?php } ?>
+</head>
+
+<body class="loginpage">
+   
+<?php if(!Registry::get('username')) { ?>
+
+    <div id="logincontainer" class="container">
+        <div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="<?php print $text_login; ?>" /></div>
+
+        <form name="login" action="login.php" method="post" class="form-signin">
+
+            <h2 class="form-signin-heading">4eyes <?php print $text_login; ?></h2>
+
+            <?php if(isset($x)){ ?><p class="alert alert-error lead"><?php print $x; ?></p><?php } ?>
+            <input type="hidden" name="relocation" value="<?php if(isset($_GET['route']) && !preg_match("/^login/", $_GET['route']) ) { if(isset($_SERVER['REDIRECT_URL'])) { print $_SERVER['REDIRECT_URL']; } else { print $_SERVER['QUERY_STRING']; } } ?>" />
+
+            <input type="text" class="input-block-level" name="username" placeholder="<?php print $text_email; ?>" required autofocus>
+            <input type="password" class="input-block-level bold" name="password" placeholder="<?php print $text_password; ?>">
+
+         <?php if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $failed_login_count > CAPTCHA_FAILED_LOGIN_COUNT) { ?>
+            <img src="securimage/securimage_show.php" alt="captcha image" id="captcha" />
+            <input type="text" class="input-block-level" name="captcha" placeholder="CAPTCHA" />
+         <?php } ?>
+
+            <button class="btn btn-large btn-primary" type="submit" value="<?php print $text_submit; ?>"><?php print $text_submit; ?></button>
+
+        </form>
+
+        <div id="compatibility" class="well well-large">
+
+        <?php if(ENABLE_GOOGLE_LOGIN == 1) { ?>
+            <p><a href="<?php print $auth_url; ?>"><?php print $text_login_via_google; ?></a></p>
+        <?php } ?>
+
+            <p><?php print COMPATIBILITY; ?></p>
+        </div>
+
+   </div>
+
+<?php } ?>
+
+<!-- <?php print PILER_LOGIN_HELPER_PLACEHOLDER; ?> -->
+
+
+<?php if(TRACKING_CODE) { print TRACKING_CODE; } ?>
+
+</body>
+</html>