| [ Index ] |
PHP Cross Reference of Nucleus CMS 3.64 |
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 License: 4 This software is published under the same license as NucleusCMS, namely 5 the GNU General Public License. See http://www.gnu.org/licenses/gpl.html for 6 details about the conditions of this license. 7 8 In general, this program is free software; you can redistribute it and/or modify 9 it under the terms of the GNU General Public License as published by the Free 10 Software Foundation; either version 2 of the License, or (at your option) any 11 later version. 12 13 This program is distributed in the hope that it will be useful, but WITHOUT ANY 14 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 15 PARTICULAR PURPOSE. See the GNU General Public License for more details. 16 */ 17 class NP_SecurityEnforcer extends NucleusPlugin { 18 19 function getName() { return 'SecurityEnforcer'; } 20 21 function getAuthor() { return 'Frank Truscott + Cacher'; } 22 23 function getURL() { return 'http://revcetera.com/ftruscot'; } 24 25 function getVersion() { return '1.02'; } 26 27 function getDescription() { 28 return _SECURITYENFORCER_DESCRIPTION; 29 } 30 31 function getMinNucleusVersion() { return 350; } 32 33 function supportsFeature($what) { 34 switch($what) { 35 case 'SqlTablePrefix': 36 return 1; 37 /*case 'HelpPage': 38 return 1;*/ 39 default: 40 return 0; 41 } 42 } 43 44 function getTableList() { return array(sql_table('plug_securityenforcer')); } 45 function getEventList() { return array('QuickMenu','PrePasswordSet','CustomLogin','LoginSuccess','LoginFailed','PostRegister','PrePluginOptionsEdit'); } 46 47 function install() { 48 global $CONF; 49 50 // Need to make some options 51 $this->createOption('quickmenu', _SECURITYENFORCER_OPT_QUICKMENU, 'yesno', 'yes'); 52 $this->createOption('del_uninstall_data', _SECURITYENFORCER_OPT_DEL_UNINSTALL_DATA, 'yesno','no'); 53 $this->createOption('enable_security', _SECURITYENFORCER_OPT_ENABLE, 'yesno','yes'); 54 $this->createOption('pwd_min_length', _SECURITYENFORCER_OPT_PWD_MIN_LENGTH, 'text','8'); 55 //$this->createOption('pwd_complexity', _SECURITYENFORCER_OPT_PWD_COMPLEXITY, 'select','0',_SECURITYENFORCER_OPT_SELECT_OFF_COMP.'|0|'._SECURITYENFORCER_OPT_SELECT_ONE_COMP.'|1|'._SECURITYENFORCER_OPT_SELECT_TWO_COMP.'|2|'._SECURITYENFORCER_OPT_SELECT_THREE_COMP.'|3|'._SECURITYENFORCER_OPT_SELECT_FOUR_COMP.'|4'); 56 $this->createOption('pwd_complexity', '_SECURITYENFORCER_OPT_PWD_COMPLEXITY', 'select','0','_SECURITYENFORCER_OPT_SELECT'); 57 $this->createOption('max_failed_login', _SECURITYENFORCER_OPT_MAX_FAILED_LOGIN, 'text', '5'); 58 $this->createOption('login_lockout', _SECURITYENFORCER_OPT_LOGIN_LOCKOUT, 'text', '15'); 59 60 // create needed tables 61 sql_query("CREATE TABLE IF NOT EXISTS ". sql_table('plug_securityenforcer'). 62 " ( 63 `login` varchar(255), 64 `fails` int(11) NOT NULL default '0', 65 `lastfail` bigint NOT NULL default '0', 66 KEY `login` (`login`)) TYPE=MyISAM"); 67 68 } 69 70 function unInstall() { 71 // if requested, delete the data table 72 if ($this->getOption('del_uninstall_data') == 'yes') { 73 sql_query('DROP TABLE '.sql_table('plug_securityenforcer')); 74 } 75 } 76 77 function init() { 78 // include language file for this plugin 79 $language = preg_replace( '@\\|/@', '', getLanguageName()); 80 if (file_exists($this->getDirectory().$language.'.php')) 81 include_once($this->getDirectory().$language.'.php'); 82 else 83 include_once($this->getDirectory().'english.php'); 84 85 $this->enable_security = $this->getOption('enable_security'); 86 $this->pwd_min_length = intval($this->getOption('pwd_min_length')); 87 $this->pwd_complexity = intval($this->getOption('pwd_complexity')); 88 $this->max_failed_login = intval($this->getOption('max_failed_login')); 89 $this->login_lockout = intval($this->getOption('login_lockout')); 90 } 91 function hasAdminArea() { return 1; } 92 93 function event_QuickMenu(&$data) { 94 // only show when option enabled 95 global $member; 96 if ($this->getOption('quickmenu') != 'yes' || !$member->isAdmin()) return; 97 //global $member; 98 if (!($member->isLoggedIn())) return; 99 array_push($data['options'], 100 array('title' => 'Security Enforcer', 101 'url' => $this->getAdminURL(), 102 'tooltip' => _SECURITYENFORCER_ADMIN_TOOLTIP)); 103 } 104 105 function event_PrePasswordSet(&$data) { 106 //password, errormessage, valid 107 if ($this->enable_security == 'yes') { 108 $password = $data['password']; 109 // conditional below not needed in 3.60 or higher. Used to keep from setting off error when password not being changed 110 if (postVar('action') == 'changemembersettings') 111 $emptyAllowed = true; 112 else 113 $emptyAllowed = false; 114 if ((!$emptyAllowed)||$password){ 115 $message = $this->_validate_and_messsage($password,$this->pwd_min_length, $this->pwd_complexity); 116 if ($message) { 117 $data['errormessage'] = _SECURITYENFORCER_INSUFFICIENT_COMPLEXITY . $message. "<br /><br />\n"; 118 $data['valid'] = false; 119 } 120 } 121 } 122 } 123 124 function event_PostRegister(&$data) { 125 if ($this->enable_security == 'yes') { 126 $password = postVar('password'); 127 if(postVar('action') == 'memberadd'){ 128 $message = $this->_validate_and_messsage($password,$this->pwd_min_length, $this->pwd_complexity); 129 if ($message) { 130 $errormessage = _SECURITYENFORCER_ACCOUNT_CREATED. $message. "<br /><br />\n"; 131 global $admin; 132 $admin->error($errormessage); 133 } 134 } 135 } 136 } 137 138 function event_CustomLogin(&$data) { 139 //login,password,success,allowlocal 140 if ($this->enable_security == 'yes' && $this->max_failed_login > 0) { 141 global $_SERVER; 142 $login = $data['login']; 143 $ip = $_SERVER['REMOTE_ADDR']; 144 sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE lastfail < ".(time() - ($this->login_lockout * 60))); 145 $query = "SELECT fails as result FROM ".sql_table('plug_securityenforcer')." "; 146 $query .= "WHERE login='".sql_real_escape_string($login)."'"; 147 $flogin = quickQuery($query); 148 $query = "SELECT fails as result FROM ".sql_table('plug_securityenforcer')." "; 149 $query .= "WHERE login='".sql_real_escape_string($ip)."'"; 150 $fip = quickQuery($query); 151 if ($flogin >= $this->max_failed_login || $fip >= $this->max_failed_login) { 152 $data['success'] = 0; 153 $data['allowlocal'] = 0; 154 $info = sprintf(_SECURITYENFORCER_LOGIN_DISALLOWED, htmlspecialchars($login), htmlspecialchars($ip)); 155 ACTIONLOG::add(INFO, $info); 156 } 157 } 158 } 159 160 function event_LoginSuccess(&$data) { 161 //member(obj),username 162 if ($this->enable_security == 'yes' && $this->max_failed_login > 0) { 163 global $_SERVER; 164 $login = $data['username']; 165 $ip = $_SERVER['REMOTE_ADDR']; 166 sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($login)."'"); 167 sql_query("DELETE FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($ip)."'"); 168 } 169 } 170 171 function event_LoginFailed(&$data) { 172 //username 173 if ($this->enable_security == 'yes' && $this->max_failed_login > 0) { 174 global $_SERVER; 175 $login = $data['username']; 176 $ip = $_SERVER['REMOTE_ADDR']; 177 $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($login)."'"); 178 if (sql_num_rows($lres)) { 179 sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".sql_real_escape_string($login)."'"); 180 } 181 else { 182 sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".sql_real_escape_string($login)."',1,".time().")"); 183 } 184 $lres = sql_query("SELECT * FROM ".sql_table('plug_securityenforcer')." WHERE login='".sql_real_escape_string($ip)."'"); 185 if (sql_num_rows($lres)) { 186 sql_query("UPDATE ".sql_table('plug_securityenforcer')." SET fails=fails+1, lastfail=".time()." WHERE login='".sql_real_escape_string($ip)."'"); 187 } 188 else { 189 sql_query("INSERT INTO ".sql_table('plug_securityenforcer')." (login,fails,lastfail) VALUES ('".sql_real_escape_string($ip)."',1,".time().")"); 190 } 191 } 192 } 193 194 function event_PrePluginOptionsEdit($data) { 195 if ($data['plugid'] === $this->getID()) { 196 foreach($data['options'] as $key => $value){ 197 if (defined($value['description'])) { 198 $data['options'][$key]['description'] = constant($value['description']); 199 } 200 if (!strcmp($value['type'], 'select') && defined($value['typeinfo'])) { 201 $data['options'][$key]['typeinfo'] = constant($value['typeinfo']); 202 } 203 } 204 } 205 } 206 207 /* Helper Functions */ 208 209 function _validate_passwd($passwd,$minlength = 6,$complexity = 0) { 210 $minlength = intval($minlength); 211 $complexity = intval($complexity); 212 213 if ($minlength < 6 ) $minlength = 6; 214 if (strlen($passwd) < $minlength) return false; 215 216 if ($complexity > 4) $complexity = 4; 217 $ucchars = "[A-Z]"; 218 $lcchars = "[a-z]"; 219 $numchars = "[0-9]"; 220 $ochars = "[-~!@#$%^&*()_+=,.<>?:;|]"; 221 $chartypes = array($ucchars, $lcchars, $numchars, $ochars); 222 $tot = array(0,0,0,0); 223 $i = 0; 224 foreach ($chartypes as $value) { 225 $tot[$i] = preg_match("/".$value."/", $passwd); 226 $i = $i + 1; 227 } 228 229 if (array_sum($tot) >= $complexity) return true; 230 else return false; 231 } 232 233 function _validate_and_messsage($passwd,$minlength = 6,$complexity = 0) { 234 $minlength = intval($minlength); 235 $complexity = intval($complexity); 236 237 if ($minlength < 6 ) $minlength = 6; 238 if (strlen($passwd) < $minlength) { 239 $message = _SECURITYENFORCER_MIN_PWD_LENGTH . $this->pwd_min_length; 240 } 241 242 if ($complexity > 4) $complexity = 4; 243 $ucchars = "[A-Z]"; 244 $lcchars = "[a-z]"; 245 $numchars = "[0-9]"; 246 $ochars = "[-~!@#$%^&*()_+=,.<>?:;|]"; 247 $chartypes = array($ucchars, $lcchars, $numchars, $ochars); 248 $tot = array(0,0,0,0); 249 $i = 0; 250 foreach ($chartypes as $value) { 251 $tot[$i] = preg_match("/".$value."/", $passwd); 252 $i = $i + 1; 253 } 254 255 if (array_sum($tot) < $complexity) { 256 $message .= _SECURITYENFORCER_PWD_COMPLEXITY . $this->pwd_complexity; 257 } 258 return $message; 259 } 260 } 261 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon May 2 16:14:08 2011 | Cross-referenced by PHPXref 0.7.1 |