PageRenderTime 47ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/htdocs/admin/security.php

https://bitbucket.org/speedealing/speedealing
PHP | 437 lines | 323 code | 64 blank | 50 comment | 69 complexity | 546191bd9a26401099bb9f997f93a8b5 MD5 | raw file
Possible License(s): LGPL-3.0, LGPL-2.1, GPL-3.0, MIT
  1. <?php
  2. /* Copyright (C) 2004-2009 Laurent Destailleur <eldy@users.sourceforge.net>
  3. * Copyright (C) 2005-2007 Regis Houssin <regis.houssin@capnetworks.com>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation; either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * This program is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public License
  16. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  17. */
  18. /**
  19. * \file htdocs/admin/security.php
  20. * \ingroup setup
  21. * \brief Page de configuration du module securite
  22. */
  23. require '../main.inc.php';
  24. require_once DOL_DOCUMENT_ROOT.'/core/lib/admin.lib.php';
  25. require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
  26. $action=GETPOST('action');
  27. $langs->load("users");
  28. $langs->load("admin");
  29. $langs->load("other");
  30. if (!$user->admin) accessforbidden();
  31. // Allow/Disallow change to clear passwords once passwords are crypted
  32. $allow_disable_encryption=true;
  33. $mesg = '';
  34. /*
  35. * Actions
  36. */
  37. if ($action == 'setgeneraterule')
  38. {
  39. if (! dolibarr_set_const($db, 'USER_PASSWORD_GENERATED',$_GET["value"],'chaine',0,'',$conf->entity))
  40. {
  41. dol_print_error($db);
  42. }
  43. else
  44. {
  45. header("Location: ".$_SERVER["PHP_SELF"]);
  46. exit;
  47. }
  48. }
  49. if ($action == 'activate_encrypt')
  50. {
  51. $error=0;
  52. $db->begin();
  53. dolibarr_set_const($db, "DATABASE_PWD_ENCRYPTED", "1",'chaine',0,'',$conf->entity);
  54. $sql = "SELECT u.rowid, u.pass, u.pass_crypted";
  55. $sql.= " FROM ".MAIN_DB_PREFIX."user as u";
  56. $sql.= " WHERE u.pass IS NOT NULL AND LENGTH(u.pass) < 32"; // Not a MD5 value
  57. $resql=$db->query($sql);
  58. if ($resql)
  59. {
  60. $numrows=$db->num_rows($resql);
  61. $i=0;
  62. while ($i < $numrows)
  63. {
  64. $obj=$db->fetch_object($resql);
  65. if (dol_hash($obj->pass))
  66. {
  67. $sql = "UPDATE ".MAIN_DB_PREFIX."user";
  68. $sql.= " SET pass_crypted = '".dol_hash($obj->pass)."', pass = NULL";
  69. $sql.= " WHERE rowid=".$obj->rowid;
  70. //print $sql;
  71. $resql2 = $db->query($sql);
  72. if (! $resql2)
  73. {
  74. dol_print_error($db);
  75. $error++;
  76. break;
  77. }
  78. $i++;
  79. }
  80. }
  81. }
  82. else dol_print_error($db);
  83. //print $error." ".$sql;
  84. //exit;
  85. if (! $error)
  86. {
  87. $db->commit();
  88. header("Location: security.php");
  89. exit;
  90. }
  91. else
  92. {
  93. $db->rollback();
  94. dol_print_error($db,'');
  95. }
  96. }
  97. else if ($action == 'disable_encrypt')
  98. {
  99. //On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
  100. //Do not allow "disable encryption" as passwords cannot be decrypted
  101. if ($allow_disable_encryption)
  102. {
  103. dolibarr_del_const($db, "DATABASE_PWD_ENCRYPTED",$conf->entity);
  104. }
  105. header("Location: security.php");
  106. exit;
  107. }
  108. if ($action == 'activate_encryptdbpassconf')
  109. {
  110. $result = encodedecode_dbpassconf(1);
  111. if ($result > 0)
  112. {
  113. // database value not required
  114. //dolibarr_set_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED", "1");
  115. header("Location: security.php");
  116. exit;
  117. }
  118. else
  119. {
  120. $mesg='<div class="warning">'.$langs->trans('InstrucToEncodePass',dol_encode($dolibarr_main_db_pass)).'</div>';
  121. }
  122. }
  123. else if ($action == 'disable_encryptdbpassconf')
  124. {
  125. $result = encodedecode_dbpassconf(0);
  126. if ($result > 0)
  127. {
  128. // database value not required
  129. //dolibarr_del_const($db, "MAIN_DATABASE_PWD_CONFIG_ENCRYPTED",$conf->entity);
  130. header("Location: security.php");
  131. exit;
  132. }
  133. else
  134. {
  135. $mesg='<div class="warning">'.$langs->trans('InstrucToClearPass',$dolibarr_main_db_pass).'</div>';
  136. }
  137. }
  138. if ($action == 'activate_pdfsecurity')
  139. {
  140. dolibarr_set_const($db, "PDF_SECURITY_ENCRYPTION", "1",'chaine',0,'',$conf->entity);
  141. header("Location: security.php");
  142. exit;
  143. }
  144. else if ($action == 'disable_pdfsecurity')
  145. {
  146. dolibarr_del_const($db, "PDF_SECURITY_ENCRYPTION",$conf->entity);
  147. header("Location: security.php");
  148. exit;
  149. }
  150. if ($action == 'activate_MAIN_SECURITY_DISABLEFORGETPASSLINK')
  151. {
  152. dolibarr_set_const($db, "MAIN_SECURITY_DISABLEFORGETPASSLINK", '1','chaine',0,'',$conf->entity);
  153. header("Location: security.php");
  154. exit;
  155. }
  156. else if ($action == 'disable_MAIN_SECURITY_DISABLEFORGETPASSLINK')
  157. {
  158. dolibarr_del_const($db, "MAIN_SECURITY_DISABLEFORGETPASSLINK",$conf->entity);
  159. header("Location: security.php");
  160. exit;
  161. }
  162. /*
  163. * View
  164. */
  165. $form = new Form($db);
  166. llxHeader('',$langs->trans("Passwords"));
  167. print_fiche_titre($langs->trans("SecuritySetup"),'','setup');
  168. dol_htmloutput_mesg($mesg);
  169. print $langs->trans("GeneratedPasswordDesc")."<br>\n";
  170. print "<br>\n";
  171. $head=security_prepare_head();
  172. dol_fiche_head($head, 'passwords', $langs->trans("Security"));
  173. $var=false;
  174. // Choix du gestionnaire du generateur de mot de passe
  175. print '<form action="'.$_SERVER["PHP_SELF"].'" method="POST">';
  176. print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
  177. print '<input type="hidden" name="action" value="update">';
  178. print '<input type="hidden" name="constname" value="USER_PASSWORD_GENERATED">';
  179. print '<input type="hidden" name="consttype" value="yesno">';
  180. // Charge tableau des modules generation
  181. $dir = "../core/modules/security/generate";
  182. clearstatcache();
  183. $handle=opendir($dir);
  184. $i=1;
  185. if (is_resource($handle))
  186. {
  187. while (($file = readdir($handle))!==false)
  188. {
  189. if (preg_match('/(modGeneratePass[a-z]+)\.class\.php/i',$file,$reg))
  190. {
  191. // Chargement de la classe de numerotation
  192. $classname = $reg[1];
  193. require_once $dir.'/'.$file;
  194. $obj = new $classname($db,$conf,$langs,$user);
  195. $arrayhandler[$obj->id]=$obj;
  196. $i++;
  197. }
  198. }
  199. closedir($handle);
  200. }
  201. print '<table class="noborder" width="100%">';
  202. print '<tr class="liste_titre">';
  203. print '<td colspan="2">'.$langs->trans("RuleForGeneratedPasswords").'</td>';
  204. print '<td>'.$langs->trans("Example").'</td>';
  205. print '<td align="center">'.$langs->trans("Activated").'</td>';
  206. print '</tr>';
  207. foreach ($arrayhandler as $key => $module)
  208. {
  209. // Show modules according to features level
  210. if ($module->version == 'development' && $conf->global->MAIN_FEATURES_LEVEL < 2) continue;
  211. if ($module->version == 'experimental' && $conf->global->MAIN_FEATURES_LEVEL < 1) continue;
  212. if ($module->isEnabled())
  213. {
  214. $var = !$var;
  215. print '<tr '.$bc[$var].'><td width="100">';
  216. print ucfirst($key);
  217. print "</td><td>\n";
  218. print $module->getDescription().'<br>';
  219. print $langs->trans("MinLength").': '.$module->length;
  220. print '</td>';
  221. // Show example of numbering module
  222. print '<td nowrap="nowrap">';
  223. $tmp=$module->getExample();
  224. if (preg_match('/^Error/',$tmp)) { $langs->load("errors"); print '<div class="error">'.$langs->trans($tmp).'</div>'; }
  225. elseif ($tmp=='NotConfigured') print $langs->trans($tmp);
  226. else print $tmp;
  227. print '</td>'."\n";
  228. print '<td width="100" align="center">';
  229. if ($conf->global->USER_PASSWORD_GENERATED == $key)
  230. {
  231. print img_picto('','tick');
  232. }
  233. else
  234. {
  235. print '<a href="'.$_SERVER['PHP_SELF'].'?action=setgeneraterule&amp;value='.$key.'">'.$langs->trans("Activate").'</a>';
  236. }
  237. print "</td></tr>\n";
  238. }
  239. }
  240. print '</table>';
  241. print '</form>';
  242. // Cryptage mot de passe
  243. print '<br>';
  244. $var=true;
  245. print "<form method=\"post\" action=\"security.php\">";
  246. print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">';
  247. print "<input type=\"hidden\" name=\"action\" value=\"encrypt\">";
  248. print '<table class="noborder" width="100%">';
  249. print '<tr class="liste_titre">';
  250. print '<td colspan="3">'.$langs->trans("Parameters").'</td>';
  251. print '<td align="center">'.$langs->trans("Activated").'</td>';
  252. print '<td align="center">'.$langs->trans("Action").'</td>';
  253. print '</tr>';
  254. // Disable clear password in database
  255. $var=!$var;
  256. print "<tr ".$bc[$var].">";
  257. print '<td colspan="3">'.$langs->trans("DoNotStoreClearPassword").'</td>';
  258. print '<td align="center" width="60">';
  259. if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
  260. {
  261. print img_picto($langs->trans("Active"),'tick');
  262. }
  263. print '</td>';
  264. if (! $conf->global->DATABASE_PWD_ENCRYPTED)
  265. {
  266. print '<td align="center" width="100">';
  267. print '<a href="security.php?action=activate_encrypt">'.$langs->trans("Activate").'</a>';
  268. print "</td>";
  269. }
  270. if (! empty($conf->global->DATABASE_PWD_ENCRYPTED))
  271. {
  272. print '<td align="center" width="100">';
  273. if ($allow_disable_encryption)
  274. {
  275. //On n'autorise pas l'annulation de l'encryption car les mots de passe ne peuvent pas etre decodes
  276. //Do not allow "disable encryption" as passwords cannot be decrypted
  277. print '<a href="security.php?action=disable_encrypt">'.$langs->trans("Disable").'</a>';
  278. }
  279. else
  280. {
  281. print '-';
  282. }
  283. print "</td>";
  284. }
  285. print "</td>";
  286. print '</tr>';
  287. // Cryptage du mot de base de la base dans conf.php
  288. $var=!$var;
  289. print "<tr ".$bc[$var].">";
  290. print '<td colspan="3">'.$langs->trans("MainDbPasswordFileConfEncrypted").'</td>';
  291. print '<td align="center" width="60">';
  292. if (preg_match('/crypted:/i',$dolibarr_main_db_pass) || ! empty($dolibarr_main_db_encrypted_pass))
  293. {
  294. print img_picto($langs->trans("Active"),'tick');
  295. }
  296. print '</td>';
  297. print '<td align="center" width="100">';
  298. if (empty($dolibarr_main_db_pass) && empty($dolibarr_main_db_encrypted_pass))
  299. {
  300. $langs->load("errors");
  301. print img_warning($langs->trans("WarningPassIsEmpty"));
  302. }
  303. else
  304. {
  305. if (empty($dolibarr_main_db_encrypted_pass))
  306. {
  307. print '<a href="security.php?action=activate_encryptdbpassconf">'.$langs->trans("Activate").'</a>';
  308. }
  309. if (! empty($dolibarr_main_db_encrypted_pass))
  310. {
  311. print '<a href="security.php?action=disable_encryptdbpassconf">'.$langs->trans("Disable").'</a>';
  312. }
  313. }
  314. print "</td>";
  315. print "</td>";
  316. print '</tr>';
  317. // Encryption et protection des PDF
  318. $var=!$var;
  319. print "<tr ".$bc[$var].">";
  320. print '<td colspan="3">';
  321. $text = $langs->trans("ProtectAndEncryptPdfFiles");
  322. $desc = $form->textwithpicto($text,$langs->transnoentities("ProtectAndEncryptPdfFilesDesc"),1);
  323. print $desc;
  324. print '</td>';
  325. print '<td align="center" width="60">';
  326. if($conf->global->PDF_SECURITY_ENCRYPTION == 1)
  327. {
  328. print img_picto($langs->trans("Active"),'tick');
  329. }
  330. print '</td>';
  331. print '<td align="center" width="100">';
  332. if ($conf->global->PDF_SECURITY_ENCRYPTION == 0)
  333. {
  334. print '<a href="security.php?action=activate_pdfsecurity">'.$langs->trans("Activate").'</a>';
  335. }
  336. if($conf->global->PDF_SECURITY_ENCRYPTION == 1)
  337. {
  338. print '<a href="security.php?action=disable_pdfsecurity">'.$langs->trans("Disable").'</a>';
  339. }
  340. print "</td>";
  341. print "</td>";
  342. print '</tr>';
  343. // Disable link "Forget password" on logon
  344. $var=!$var;
  345. print "<tr ".$bc[$var].">";
  346. print '<td colspan="3">'.$langs->trans("DisableForgetPasswordLinkOnLogonPage").'</td>';
  347. print '<td align="center" width="60">';
  348. if($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 1)
  349. {
  350. print img_picto($langs->trans("Active"),'tick');
  351. }
  352. print '</td>';
  353. if ($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 0)
  354. {
  355. print '<td align="center" width="100">';
  356. print '<a href="security.php?action=activate_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Activate").'</a>';
  357. print "</td>";
  358. }
  359. if($conf->global->MAIN_SECURITY_DISABLEFORGETPASSLINK == 1)
  360. {
  361. print '<td align="center" width="100">';
  362. print '<a href="security.php?action=disable_MAIN_SECURITY_DISABLEFORGETPASSLINK">'.$langs->trans("Disable").'</a>';
  363. print "</td>";
  364. }
  365. print "</td>";
  366. print '</tr>';
  367. print '</table>';
  368. print '</form>';
  369. //print '<tr><td colspan="2" align="center"><input type="submit" class="button" value="'.$langs->trans("Save").'"></td></tr>';
  370. print '</div>';
  371. llxFooter();
  372. $db->close();
  373. ?>