mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-25 08:00:12 +01:00
added 4eyes feature for auditors
This commit is contained in:
parent
bc8d264778
commit
4356a91b59
@ -236,6 +236,7 @@ $config['CGI_INPUT_FIELD_WIDTH'] = 50;
|
||||
$config['CGI_INPUT_FIELD_HEIGHT'] = 7;
|
||||
|
||||
$config['ADMIN_CAN_POWER_SEARCH'] = 0;
|
||||
$config['FOUR_EYES_LOGIN_FOR_AUDITOR'] = 0;
|
||||
|
||||
$config['MEMCACHED_PREFIX'] = '_piler:';
|
||||
$config['MEMCACHED_TTL'] = 900;
|
||||
|
123
webui/controller/login/foureyes.php
Normal file
123
webui/controller/login/foureyes.php
Normal file
@ -0,0 +1,123 @@
|
||||
<?php
|
||||
|
||||
|
||||
class ControllerLoginFoureyes extends Controller {
|
||||
private $error = array();
|
||||
|
||||
public function index(){
|
||||
|
||||
$this->id = "content";
|
||||
$this->template = "login/foureyes.tpl";
|
||||
$this->layout = "common/layout-empty";
|
||||
|
||||
|
||||
if(Registry::get('username')) {
|
||||
header("Location: search.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
$request = Registry::get('request');
|
||||
$session = Registry::get('session');
|
||||
|
||||
$db = Registry::get('db');
|
||||
|
||||
$this->load->model('user/auth');
|
||||
$this->load->model('user/user');
|
||||
$this->load->model('user/prefs');
|
||||
$this->load->model('domain/domain');
|
||||
$this->load->model('folder/folder');
|
||||
|
||||
if(ENABLE_SAAS == 1) {
|
||||
$this->load->model('saas/ldap');
|
||||
$this->load->model('saas/customer');
|
||||
}
|
||||
|
||||
$this->data['title'] = $this->data['text_login'];
|
||||
$this->data['title_prefix'] = TITLE_PREFIX;
|
||||
|
||||
$this->data['failed_login_count'] = $this->model_user_auth->get_failed_login_count();
|
||||
|
||||
$data = $session->get("auth_data");
|
||||
|
||||
if($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate() == true) {
|
||||
|
||||
if($this->model_user_auth->checkLogin($this->request->post['username'], $_POST['password']) == 1) {
|
||||
$session->remove("four_eyes");
|
||||
|
||||
$this->model_user_auth->apply_user_auth_session($data);
|
||||
$session->remove("auth_data");
|
||||
|
||||
$this->model_user_prefs->get_user_preferences($session->get('username'));
|
||||
|
||||
if(ENABLE_SAAS == 1) {
|
||||
$this->model_saas_customer->online($session->get('email'));
|
||||
}
|
||||
|
||||
LOGGER('logged in');
|
||||
|
||||
if(isAdminUser() == 1) {
|
||||
header("Location: " . SITE_URL . "index.php?route=health/health");
|
||||
exit;
|
||||
}
|
||||
|
||||
header("Location: " . SITE_URL . "search.php");
|
||||
exit;
|
||||
}
|
||||
else {
|
||||
$this->model_user_auth->increment_failed_login_count($this->data['failed_login_count']);
|
||||
$this->data['failed_login_count']++;
|
||||
}
|
||||
|
||||
$this->data['x'] = $this->data['text_invalid_email_or_password'];
|
||||
|
||||
}
|
||||
|
||||
|
||||
$this->render();
|
||||
}
|
||||
|
||||
|
||||
private function check_admin_account() {
|
||||
|
||||
if($this->model_user_auth->checkLogin($this->request->post['username2'], $_POST['password2']) != 1 || isAdminUser() != 1) {
|
||||
$this->error['username'] = 'failed admin login';
|
||||
return 0;
|
||||
}
|
||||
else {
|
||||
$this->model_user_auth->reset_user_auth_session();
|
||||
return 1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
private function validate() {
|
||||
|
||||
if(strlen($this->request->post['username']) < 2){
|
||||
$this->error['username'] = $this->data['text_invalid_username'];
|
||||
}
|
||||
|
||||
|
||||
if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $this->data['failed_login_count'] > CAPTCHA_FAILED_LOGIN_COUNT) {
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/securimage/securimage.php';
|
||||
$image = new Securimage();
|
||||
|
||||
if($image->check($this->request->post['captcha']) != true) {
|
||||
$this->error['captcha'] = 'captcha error';
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!$this->error) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
?>
|
@ -52,6 +52,11 @@ class ControllerLoginGA extends Controller {
|
||||
|
||||
$session->set("ga_block", "");
|
||||
|
||||
if($session->get("four_eyes") == 1) {
|
||||
header("Location: " . SITE_URL . "index.php?route=login/foureyes");
|
||||
exit;
|
||||
}
|
||||
|
||||
$this->model_user_auth->apply_user_auth_session($data);
|
||||
$session->remove("auth_data");
|
||||
|
||||
|
@ -47,6 +47,12 @@ class ControllerLoginLogin extends Controller {
|
||||
header("Location: " . SITE_URL . "index.php?route=login/ga");
|
||||
exit;
|
||||
}
|
||||
|
||||
else if($session->get("four_eyes") == 1) {
|
||||
header("Location: " . SITE_URL . "index.php?route=login/foureyes");
|
||||
exit;
|
||||
}
|
||||
|
||||
else {
|
||||
$data = $session->get("auth_data");
|
||||
$this->model_user_auth->apply_user_auth_session($data);
|
||||
|
@ -69,6 +69,9 @@ Registry::set('import_status', $import_status);
|
||||
if($session->get("ga_block") == 1 && $request->get['route'] != 'login/logout' ) {
|
||||
$action = new Router('login/ga');
|
||||
}
|
||||
else if($session->get("four_eyes") == 1 && $request->get['route'] != 'login/logout' ) {
|
||||
$action = new Router('login/foureyes');
|
||||
}
|
||||
else if(Registry::get('username')) {
|
||||
|
||||
if(isset($request->get['route'])){
|
||||
|
@ -44,10 +44,6 @@ class ModelUserAuth extends Model {
|
||||
if($ok == 1) { return $ok; }
|
||||
}
|
||||
|
||||
/*
|
||||
* TODO: test the CUSTOM_EMAIL_QUERY_FUNCTION feature!
|
||||
*/
|
||||
|
||||
if(ENABLE_IMAP_AUTH == 1) {
|
||||
require 'Zend/Mail/Protocol/Imap.php';
|
||||
$ok = $this->checkLoginAgainstIMAP($username, $password, $data);
|
||||
@ -116,6 +112,8 @@ class ModelUserAuth extends Model {
|
||||
|
||||
$this->is_ga_code_needed($username);
|
||||
|
||||
$this->is_four_eye_auth_needed($data['admin_user']);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -213,6 +211,8 @@ class ModelUserAuth extends Model {
|
||||
|
||||
$session->set("auth_data", $data);
|
||||
|
||||
$this->is_four_eye_auth_needed($role);
|
||||
|
||||
AUDIT(ACTION_LOGIN, $username, '', '', 'successful auth against LDAP');
|
||||
|
||||
return 1;
|
||||
@ -494,10 +494,10 @@ class ModelUserAuth extends Model {
|
||||
}
|
||||
|
||||
|
||||
public function is_four_eye_auth_needed() {
|
||||
public function is_four_eye_auth_needed($admin_user = 0) {
|
||||
$session = Registry::get('session');
|
||||
|
||||
if(1 == FOUR_EYES_LOGIN_FOR_AUDITOR && 2 == $session->get("admin_user")) {
|
||||
if(1 == FOUR_EYES_LOGIN_FOR_AUDITOR && 2 == $admin_user) {
|
||||
$session->set("four_eyes", 1);
|
||||
}
|
||||
|
||||
|
67
webui/view/theme/default/templates/login/foureyes.tpl
Normal file
67
webui/view/theme/default/templates/login/foureyes.tpl
Normal file
@ -0,0 +1,67 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title><?php if($title_prefix) { print $title_prefix; ?> | <?php } ?><?php print $title; ?></title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<?php if(SITE_KEYWORDS) { ?><meta name="keywords" content="<?php print SITE_KEYWORDS; ?>" /><?php } ?>
|
||||
<?php if(SITE_DESCRIPTION) { ?><meta name="description" content="<?php print SITE_DESCRIPTION; ?>" /><?php } ?>
|
||||
<?php if(PROVIDED_BY) { ?><meta name="author" content="<?php print PROVIDED_BY; ?>" /><?php } ?>
|
||||
|
||||
<link href="/view/theme/default/assets/css/metro-bootstrap.css" rel="stylesheet">
|
||||
|
||||
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
|
||||
<!-- original location: http://html5shim.googlecode.com/svn/trunk/html5.js -->
|
||||
<!--[if lt IE 9]>
|
||||
<script src="/view/theme/default/assets/js/html5.js"></script>
|
||||
<![endif]-->
|
||||
|
||||
<!-- Fav and touch icons -->
|
||||
<link rel="apple-touch-icon-precomposed" sizes="144x144" href="/view/theme/default/assets/ico/apple-touch-icon-144-precomposed.png">
|
||||
<link rel="apple-touch-icon-precomposed" sizes="114x114" href="/view/theme/default/assets/ico/apple-touch-icon-114-precomposed.png">
|
||||
<link rel="apple-touch-icon-precomposed" sizes="72x72" href="/view/theme/default/assets/ico/apple-touch-icon-72-precomposed.png">
|
||||
<link rel="apple-touch-icon-precomposed" href="/view/theme/default/assets/ico/apple-touch-icon-57-precomposed.png">
|
||||
<?php if(BRANDING_FAVICON) { ?><link rel="shortcut icon" href="<?php print BRANDING_FAVICON; ?>" /><?php } ?>
|
||||
</head>
|
||||
|
||||
<body id="loginpage">
|
||||
|
||||
<?php if(!Registry::get('username')) { ?>
|
||||
|
||||
<div id="logincontainer" class="container">
|
||||
<div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="Login" /></div>
|
||||
|
||||
<form name="login" action="index.php?route=login/foureyes" method="post" class="form-signin">
|
||||
|
||||
<h2 class="form-signin-heading">4eyes <?php print $text_login; ?></h2>
|
||||
|
||||
<?php if(isset($x)){ ?><p class="alert alert-error lead"><?php print $x; ?></p><?php } ?>
|
||||
<input type="hidden" name="relocation" value="<?php if(isset($_GET['route']) && !preg_match("/^login/", $_GET['route']) ) { if(isset($_SERVER['REDIRECT_URL'])) { print $_SERVER['REDIRECT_URL']; } else { print $_SERVER['QUERY_STRING']; } } ?>" />
|
||||
|
||||
<input type="text" class="input-block-level" name="username" placeholder="<?php print $text_email; ?>" required autofocus>
|
||||
<input type="password" class="input-block-level" name="password" placeholder="<?php print $text_password; ?>">
|
||||
|
||||
<?php if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $failed_login_count > CAPTCHA_FAILED_LOGIN_COUNT) { ?>
|
||||
<img src="securimage/securimage_show.php" alt="captcha image" id="captcha" />
|
||||
<input type="text" class="input-block-level" name="captcha" placeholder="CAPTCHA" />
|
||||
<?php } ?>
|
||||
|
||||
<button class="btn btn-large btn-primary" type="submit" value="<?php print $text_submit; ?>"><?php print $text_submit; ?></button>
|
||||
|
||||
</form>
|
||||
|
||||
|
||||
<div id="compatibility" class="well well-large">
|
||||
<p><?php print COMPATIBILITY; ?></p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
<!-- <?php print PILER_LOGIN_HELPER_PLACEHOLDER; ?> -->
|
||||
|
||||
<?php if(TRACKING_CODE) { print TRACKING_CODE; } ?>
|
||||
|
||||
</body>
|
||||
</html>
|
76
webui/view/theme/mobile/templates/login/foureyes.tpl
Normal file
76
webui/view/theme/mobile/templates/login/foureyes.tpl
Normal file
@ -0,0 +1,76 @@
|
||||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="hu" lang="hu">
|
||||
|
||||
<head>
|
||||
<title><?php if($title_prefix) { print $title_prefix; ?> | <?php } ?><?php print $title; ?></title>
|
||||
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||||
<meta http-equiv="Content-Language" content="en" />
|
||||
<?php if(SITE_KEYWORDS) { ?><meta name="keywords" content="<?php print SITE_KEYWORDS; ?>" /><?php } ?>
|
||||
<?php if(SITE_DESCRIPTION) { ?><meta name="description" content="<?php print SITE_DESCRIPTION; ?>" /><?php } ?>
|
||||
<?php if(PROVIDED_BY) { ?><meta name="author" content="<?php print PROVIDED_BY; ?>" /><?php } ?>
|
||||
<meta name="rating" content="general" />
|
||||
<meta name="robots" content="all" />
|
||||
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<link href="/bootstrap/css/bootstrap<?php print BOOTSTRAP_THEME; ?>.min.css" rel="stylesheet" media="screen">
|
||||
<link href="/bootstrap/css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
|
||||
|
||||
<link rel="stylesheet" type="text/css" href="/view/theme/<?php print THEME; ?>/stylesheet/jquery-ui-custom.min.css" />
|
||||
<link rel="stylesheet" type="text/css" href="/view/theme/<?php print THEME; ?>/stylesheet/style-<?php print THEME; ?>.css" />
|
||||
|
||||
<script type="text/javascript" src="/view/javascript/jquery.min.js"></script>
|
||||
<script type="text/javascript" src="/view/javascript/jquery-ui-custom.min.js"></script>
|
||||
<script type="text/javascript" src="/view/javascript/bootstrap.min.js"></script>
|
||||
<script type="text/javascript" src="/view/javascript/rc-splitter.js"></script>
|
||||
<script type="text/javascript" src="/view/javascript/piler.js"></script>
|
||||
|
||||
<?php if(BRANDING_FAVICON) { ?><link rel="shortcut icon" href="<?php print BRANDING_FAVICON; ?>" /><?php } ?>
|
||||
</head>
|
||||
|
||||
<body class="loginpage">
|
||||
|
||||
<?php if(!Registry::get('username')) { ?>
|
||||
|
||||
<div id="logincontainer" class="container">
|
||||
<div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="<?php print $text_login; ?>" /></div>
|
||||
|
||||
<form name="login" action="login.php" method="post" class="form-signin">
|
||||
|
||||
<h2 class="form-signin-heading">4eyes <?php print $text_login; ?></h2>
|
||||
|
||||
<?php if(isset($x)){ ?><p class="alert alert-error lead"><?php print $x; ?></p><?php } ?>
|
||||
<input type="hidden" name="relocation" value="<?php if(isset($_GET['route']) && !preg_match("/^login/", $_GET['route']) ) { if(isset($_SERVER['REDIRECT_URL'])) { print $_SERVER['REDIRECT_URL']; } else { print $_SERVER['QUERY_STRING']; } } ?>" />
|
||||
|
||||
<input type="text" class="input-block-level" name="username" placeholder="<?php print $text_email; ?>" required autofocus>
|
||||
<input type="password" class="input-block-level bold" name="password" placeholder="<?php print $text_password; ?>">
|
||||
|
||||
<?php if(CAPTCHA_FAILED_LOGIN_COUNT > 0 && $failed_login_count > CAPTCHA_FAILED_LOGIN_COUNT) { ?>
|
||||
<img src="securimage/securimage_show.php" alt="captcha image" id="captcha" />
|
||||
<input type="text" class="input-block-level" name="captcha" placeholder="CAPTCHA" />
|
||||
<?php } ?>
|
||||
|
||||
<button class="btn btn-large btn-primary" type="submit" value="<?php print $text_submit; ?>"><?php print $text_submit; ?></button>
|
||||
|
||||
</form>
|
||||
|
||||
<div id="compatibility" class="well well-large">
|
||||
|
||||
<?php if(ENABLE_GOOGLE_LOGIN == 1) { ?>
|
||||
<p><a href="<?php print $auth_url; ?>"><?php print $text_login_via_google; ?></a></p>
|
||||
<?php } ?>
|
||||
|
||||
<p><?php print COMPATIBILITY; ?></p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
<!-- <?php print PILER_LOGIN_HELPER_PLACEHOLDER; ?> -->
|
||||
|
||||
|
||||
<?php if(TRACKING_CODE) { print TRACKING_CODE; } ?>
|
||||
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user