webcraftmedia/system
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed security track logins, saimod_sys_security

Browse Source
This commit is contained in:
Ulf Gebhardt 2013-05-24 20:07:15 +02:00
parent 137ebdefb9
commit f24738e5d3
4 changed files with 49 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
sai/autoload.inc.php
View File

@ -6,12 +6,11 @@ $autoload->registerFolder(dirname(__FILE__).'/sai','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/page','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/page/default_page','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/page/default_module','SYSTEM\SAI');
//$autoload->registerFolder(dirname(__FILE__).'/page/login_page','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/modules','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/modules/saimod_sys_sai','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/modules/saimod_sys_login','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/modules/saimod_sys_error','SYSTEM\SAI');
//$autoload->registerFolder(dirname(__FILE__).'/modules/badge_creator','SYSTEM\SAI');
$autoload->registerFolder(dirname(__FILE__).'/modules/saimod_sys_security','SYSTEM\SAI');
require_once dirname(__FILE__).'/modules/register_modules.php';

2
sai/modules/register_modules.php
View File

@ -3,8 +3,8 @@
\SYSTEM\SAI\sai::getInstance()->register_sys('\SYSTEM\SAI\saimod_sys_sai');
\SYSTEM\SAI\sai::getInstance()->register_sys('\SYSTEM\SAI\saimod_sys_login');
\SYSTEM\SAI\sai::getInstance()->register_sys('\SYSTEM\SAI\saimod_sys_error');
\SYSTEM\SAI\sai::getInstance()->register_sys('\SYSTEM\SAI\saimod_sys_security');
//\SYSTEM\SAI\sai::getInstance()->register('\SYSTEM\SAI\saimod_sys_sys');
//\SYSTEM\SAI\sai::getInstance()->register('\SYSTEM\SAI\saimod_sys_api');
//\SYSTEM\SAI\sai::getInstance()->register('\SYSTEM\SAI\saimod_sys_page');
//\SYSTEM\SAI\sai::getInstance()->register('\SYSTEM\SAI\saimod_sys_security');
//\SYSTEM\SAI\sai::getInstance()->register('\SYSTEM\SAI\saimod_sys_docu');

40
sai/modules/saimod_sys_security/saimod_sys_security.php Normal file
View File

@ -0,0 +1,40 @@
<?php
namespace SYSTEM\SAI;
class saimod_sys_security extends \SYSTEM\SAI\SaiModule {
public static function html_content(){
$con = new \SYSTEM\DB\Connection(\SYSTEM\system::getSystemDBInfo());
$res = $con->query('SELECT id,username,email,joindate,locale,last_active,account_flag FROM system.user ORDER BY last_active DESC;');
$now = microtime(true);
$result = '<table class="table table-hover table-condensed" style="overflow: auto;">'.
'<tr>'.'<th>'.'ID'.'</th>'.'<th>'.'Username'.'</th>'.'<th>'.'EMail'.'</th>'.'<th>'.'JoinDate'.'</th>'.'<th>'.'Locale'.'</th>'.'<th>'.'Last Active'.'</th>'.'<th>'.'Flag'.'</th>'.'<th>'.'Rights'.'</th>'.'</tr>';
while($r = $res->next()){
$result .= '<tr class="'.self::tablerow_class($r['last_active']).'">'.'<td>'.$r['id'].'</td>'.'<td>'.$r['username'].'</td>'.'<td>'.$r['email'].'</td>'.'<td>'.$r['joindate'].'</td>'.'<td>'.$r['locale'].'</td>'.'<td>'.$r['last_active'].'</td>'.'<td>'.$r['account_flag'].'</td>'.'<td>'.'BUTTON'.'</td>'.'</tr>';
}
$result .= '</table>';
return $result;
}
private static function tablerow_class($last_active){
$time = time() - strtotime($last_active);
if($time <= 60*60){
return 'success';}
if($time <= 60*60*24){
return 'info';}
if($time <= 60*60*24*7){
return 'warning';}
return 'error';
}
public static function html_li_menu(){return '<li><a href="#" id=".SYSTEM.SAI.saimod_sys_security">SYS Security</a></li>';}
public static function right_public(){return false;}
public static function right_right(){return \SYSTEM\SECURITY\Security::check(\SYSTEM\system::getSystemDBInfo(), \SYSTEM\SECURITY\RIGHTS::SYS_SAI);}
public static function src_css(){}
public static function src_js(){}
}

14
security/Security.php
View File

@ -61,13 +61,13 @@ class Security {
//Database check
if(!$result){
self::trackLogins($dbinfo, NULL, self::LOGIN_FAIL);
new \SYSTEM\LOG\WARNING("Login Failed, Db result was not valid");
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
$row = $result->next();
if(!$row){
self::trackLogins($dbinfo, NULL, self::LOGIN_FAIL);
new \SYSTEM\LOG\WARNING("Login Failed, User was not found in db");
$_SESSION['user'] = NULL;
return self::LOGIN_FAIL;}
@ -93,16 +93,16 @@ class Security {
if(isset($locale)){
\SYSTEM\locale::set($locale);}
// track succesful user login
self::trackLogins($dbinfo, $row[\SYSTEM\DBD\UserTable::FIELD_ID], self::LOGIN_OK);
self::trackLogins($dbinfo, $row[\SYSTEM\DBD\UserTable::FIELD_ID]);
return ($advancedResult ? $row : self::LOGIN_OK);
}
private static function trackLogins(\SYSTEM\DB\DBInfo $dbinfo, $userID, $succ){
private static function trackLogins(\SYSTEM\DB\DBInfo $dbinfo, $userID){
$con = new \SYSTEM\DB\Connection($dbinfo);
$con->prepare( 'trackLoginAccountStmt',
'INSERT INTO '.\SYSTEM\DBD\UserLoginsTable::NAME.' ("'.\SYSTEM\DBD\UserLoginsTable::FIELD_USERID.'","'.
\SYSTEM\DBD\UserLoginsTable::FIELD_IP.'",'.\SYSTEM\DBD\UserLoginsTable::FIELD_SUCC.') VALUES ($1,$2,$3)',
array(isset($userID) ? $userID : -1, getenv('REMOTE_ADDR'), (int)$succ ));
'UPDATE '.\SYSTEM\DBD\UserTable::NAME_PG.' SET '.\SYSTEM\DBD\UserTable::FIELD_LAST_ACTIVE.'= to_timestamp($1) '.
'WHERE '.\SYSTEM\DBD\UserTable::FIELD_ID.' = $2;',
array(microtime(true), $userID));
}
public static function getUser(){