00001 <?php
00017 include_once (OPENBIZ_HOME."/messages/securityService.msg");
00018
00027 class securityService
00028 {
00029 public $m_Mode = 'DISABLED';
00030 private $_securityFilters = array();
00031 private $_messageFile;
00032 protected $m_ErrorMessage = null;
00033
00040 function __construct(&$xmlArr)
00041 {
00042 $this->readMetadata($xmlArr);
00043 }
00044
00051 protected function readMetadata(&$xmlArr)
00052 {
00053 $this->m_Mode = isset($xmlArr["PLUGINSERVICE"]["SECURITY"]["ATTRIBUTES"]["MODE"]) ? $xmlArr["PLUGINSERVICE"]["SECURITY"]["ATTRIBUTES"]["MODE"] : "DISABLED";
00054 if(strtoupper($this->m_Mode) == 'ENABLED' )
00055 {
00056 $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["URLFILTER"], "securityFilter", "URLFilter");
00057 $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["DOMAINFILTER"], "securityFilter", "DomainFilter");
00058 $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["IPFILTER"], "securityFilter", "IPFilter");
00059 $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["AGENTFILTER"], "securityFilter", "AgentFilter");
00060 $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["POSTFILTER"], "securityFilter", "PostFilter");
00061 $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["GETFILTER"], "securityFilter", "GetFilter");
00062 }
00063 }
00064
00070 public function getErrorMessage()
00071 {
00072 return $this->m_ErrorMessage;
00073 }
00074
00080 public function processFilters()
00081 {
00082 foreach($this->_securityFilters as $filter)
00083 {
00084 $filter->processRules();
00085 if($filter->getErrorMessage())
00086 {
00087 $this->m_ErrorMessage = $filter->getErrorMessage();
00088 return false;
00089 }
00090 }
00091 return true;
00092
00093 }
00094 }
00095
00104 class securityFilter extends MetaIterator
00105 {
00106 protected $m_Name = null;
00107 protected $m_Mode = 'DISABLED';
00108 protected $m_Rules = null;
00109 protected $m_ErrorMessage = null;
00110
00111
00120 function __construct(&$xmlArr, $filterName, $ruleName)
00121 {
00122 $this->readMetadata($xmlArr, $filterName, $ruleName);
00123 }
00124
00133 protected function readMetadata(&$xmlArr, $filterName, $ruleName)
00134 {
00135 $this->m_Name = $ruleName;
00136 $this->m_Mode = isset($xmlArr["ATTRIBUTES"]["MODE"]) ? $xmlArr["ATTRIBUTES"]["MODE"] : "DISABLED";
00137 if(strtoupper($this->m_Mode) == 'ENABLED' )
00138 {
00139 $this->m_Rules = new MetaIterator($xmlArr["RULE"], $ruleName."Rule", $this);
00140 }
00141 }
00142
00148 public function getErrorMessage()
00149 {
00150 return $this->m_ErrorMessage;
00151 }
00152
00158 public function processRules()
00159 {
00160 if(is_array($this->m_Rules->m_var))
00161 {
00162 foreach($this->m_Rules->m_var as $name=>$obj)
00163 {
00164 $obj->process();
00165 if($obj->getErrorMessage())
00166 {
00167 $this->m_ErrorMessage = $obj->getErrorMessage();
00168 return false;
00169 }
00170 }
00171 }
00172 }
00173 }
00174
00183 interface iSecurityRule
00184 {
00188 public function process();
00189 }
00190
00199 class securityRule_Abstract implements iSecurityRule
00200 {
00201 public $m_Name = null;
00202 public $m_Action = null;
00203 public $m_Match = null;
00204 public $m_Status = null;
00205 public $m_EffectiveTime = null;
00206 public $m_ErrorMessage = null;
00207
00214 function __construct(&$xmlArr)
00215 {
00216 $this->readMetadata($xmlArr);
00217 }
00218
00225 protected function readMetadata(&$xmlArr)
00226 {
00227 $this->m_Name = $xmlArr["ATTRIBUTES"]["NAME"];
00228 $this->m_Action = $xmlArr["ATTRIBUTES"]["ACTION"];
00229 $this->m_Status = $xmlArr["ATTRIBUTES"]["STATUS"];
00230 $this->m_Match = $xmlArr["ATTRIBUTES"]["MATCH"];
00231 $this->m_EffectiveTime = $xmlArr["ATTRIBUTES"]["EFFECTIVETIME"];
00232 }
00233
00239 public function process()
00240 {
00241 return true;
00242 }
00243
00249 public function getErrorMessage()
00250 {
00251 return $this->m_ErrorMessage;
00252 }
00253
00259 public function checkEffectiveTime()
00260 {
00261 sscanf( $this->m_EffectiveTime, "%2d%2d-%2d%2d",
00262 $start_hour, $start_min,
00263 $end_hour, $end_min
00264 );
00265
00266 $startTime = strtotime(date("Y-m-d ").$start_hour.":".$start_min) ? strtotime(date("Y-m-d ").$start_hour.":".$start_min) : strtotime(date("Y-m-d 00:00"));
00267 $endTime = strtotime(date("Y-m-d ").$end_hour.":".$end_min) ? strtotime(date("Y-m-d ").$end_hour.":".$end_min) : strtotime(date("Y-m-d 23:59:59"));
00268
00269 $nowTime = time();
00270
00271 if($startTime>0 && $endTime>0)
00272 {
00273
00274 if($endTime < $startTime)
00275 {
00276 $tmpTime = $startTime;
00277 $startTime = $endTime;
00278 $endTime = $tmpTime;
00279 }
00280
00281 if($startTime < $nowTime && $nowTime < $endTime )
00282 {
00283 return true;
00284 }
00285 else
00286 {
00287 return false;
00288 }
00289 }
00290 }
00291 }
00292
00302 class URLFilterRule extends securityRule_Abstract
00303 {
00304
00312 public function process()
00313 {
00314 if(strtoupper($this->m_Status)=='ENABLE')
00315 {
00316 parent::process();
00317 if(!$this->checkEffectiveTime())
00318 {
00319 return true;
00320 }
00321 else
00322 {
00323 $url = $_SERVER['REQUEST_URI'];
00324 if(preg_match("/".$this->m_Match."/si",$url))
00325 {
00326 if(strtoupper($this->m_Action)=='DENY')
00327 {
00328 $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_URL_DENIED');
00329 return false;
00330 }elseif(strtoupper($this->m_Action)=='ALLOW')
00331 {
00332 return true;
00333 }
00334 return false;
00335 }
00336 }
00337 }
00338 }
00339 }
00340
00349 class DomainFilterRule extends securityRule_Abstract
00350 {
00351
00359 public function process()
00360 {
00361 if(strtoupper($this->m_Status)=='ENABLE')
00362 {
00363 parent::process();
00364 if(!$this->checkEffectiveTime())
00365 {
00366 return true;
00367 }
00368 else
00369 {
00370 $url = $_SERVER['HTTP_HOST'];
00371 if(preg_match("/".$this->m_Match."/si",$url))
00372 {
00373 if(strtoupper($this->m_Action)=='DENY')
00374 {
00375 $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_DOMAIN_DENIED');
00376 return false;
00377 }
00378 elseif(strtoupper($this->m_Action)=='ALLOW')
00379 {
00380 return true;
00381 }
00382 return false;
00383 }
00384 }
00385 }
00386 }
00387 }
00388
00397 class AgentFilterRule extends securityRule_Abstract
00398 {
00406 public function process()
00407 {
00408 if(strtoupper($this->m_Status)=='ENABLE')
00409 {
00410 parent::process();
00411 if(!$this->checkEffectiveTime())
00412 {
00413 return true;
00414 }
00415 else
00416 {
00417 $url = $_SERVER['HTTP_USER_AGENT'];
00418 if(preg_match("/".$this->m_Match."/si",$url))
00419 {
00420 if(strtoupper($this->m_Action)=='DENY')
00421 {
00422 $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_AGENT_DENIED');
00423 return false;
00424 }
00425 elseif(strtoupper($this->m_Action)=='ALLOW')
00426 {
00427 return true;
00428 }
00429 return false;
00430 }
00431 }
00432 }
00433 }
00434 }
00435
00444 class IPFilterRule extends securityRule_Abstract
00445 {
00453 public function process()
00454 {
00455 if(strtoupper($this->m_Status)=='ENABLE')
00456 {
00457 parent::process();
00458 if(!$this->checkEffectiveTime())
00459 {
00460 return true;
00461 }
00462 else
00463 {
00464 $url = $_SERVER['REMOTE_ADDR'];
00465 if(preg_match("/".$this->m_Match."/si",$url))
00466 {
00467 if(strtoupper($this->m_Action)=='DENY')
00468 {
00469 $this->m_ErrorMessage = BizSystem::getMessage('SECURITYSVC_IPADDR_DENIED');
00470 return false;
00471 }
00472 elseif(strtoupper($this->m_Action)=='ALLOW')
00473 {
00474 return true;
00475 }
00476 return false;
00477 }
00478 }
00479 }
00480 }
00481 }
00482
00491 class PostFilterRule extends securityRule_Abstract
00492 {
00493
00501 public function process()
00502 {
00503 if(strtoupper($this->m_Status)=='ENABLE')
00504 {
00505 parent::process();
00506 if(!$this->checkEffectiveTime())
00507 {
00508 return true;
00509 }
00510 else
00511 {
00512 $post_str = serialize($_POST);
00513 if($this->m_Match!="")
00514 {
00515 if(preg_match("/".$this->m_Match."/si",$post_str))
00516 {
00517 if(strtoupper($this->m_Action)=='DENY')
00518 {
00519 $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_POST_DENIED');
00520 return false;
00521 }
00522 elseif(strtoupper($this->m_Action)=='ALLOW')
00523 {
00524 return true;
00525 }
00526 return false;
00527 }
00528 }
00529 else
00530 {
00531 return false;
00532 }
00533 }
00534 }
00535 }
00536 }
00537
00546 class GetFilterRule extends securityRule_Abstract
00547 {
00548
00556 public function process()
00557 {
00558 if(strtoupper($this->m_Status)=='ENABLE')
00559 {
00560 parent::process();
00561 if(!$this->checkEffectiveTime())
00562 {
00563 return true;
00564 }
00565 else
00566 {
00567 $get_str = serialize($_GET);
00568 if(preg_match("/".$this->m_Match."/si",$get_str))
00569 {
00570 if(strtoupper($this->m_Action)=='DENY')
00571 {
00572 $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_GET_DENIED');
00573 return false;
00574 }
00575 elseif(strtoupper($this->m_Action)=='ALLOW')
00576 {
00577 return true;
00578 }
00579 return false;
00580 }
00581 }
00582 }
00583 }
00584 }
00585 ?>