• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • File List

E:/E/GEAMP/www/openbiz/openbiz/bin/service/securityService.php

00001 <?php
00017 include_once (OPENBIZ_HOME."/messages/securityService.msg");
00018 
00027 class securityService
00028 {  
00029     public $m_Mode = 'DISABLED';
00030     private $_securityFilters = array();
00031     private $_messageFile;
00032     protected $m_ErrorMessage = null;
00033 
00040     function __construct(&$xmlArr)
00041     {
00042         $this->readMetadata($xmlArr);
00043     }
00044 
00051     protected function readMetadata(&$xmlArr)
00052     {
00053         $this->m_Mode =   isset($xmlArr["PLUGINSERVICE"]["SECURITY"]["ATTRIBUTES"]["MODE"]) ? $xmlArr["PLUGINSERVICE"]["SECURITY"]["ATTRIBUTES"]["MODE"] : "DISABLED";
00054         if(strtoupper($this->m_Mode) == 'ENABLED' )
00055         {
00056             $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["URLFILTER"],          "securityFilter",    "URLFilter");
00057             $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["DOMAINFILTER"],       "securityFilter",    "DomainFilter");
00058             $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["IPFILTER"],           "securityFilter",    "IPFilter");
00059             $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["AGENTFILTER"],        "securityFilter",    "AgentFilter");
00060             $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["POSTFILTER"],         "securityFilter",    "PostFilter");
00061             $this->_securityFilters[] = new securityFilter($xmlArr["PLUGINSERVICE"]["SECURITY"]["GETFILTER"],          "securityFilter",    "GetFilter");
00062         }
00063     }
00064 
00070     public function getErrorMessage()
00071     {
00072         return $this->m_ErrorMessage;
00073     }
00074 
00080     public function processFilters()
00081     {
00082         foreach($this->_securityFilters as $filter)
00083         {
00084             $filter->processRules();
00085             if($filter->getErrorMessage())
00086             {
00087                 $this->m_ErrorMessage = $filter->getErrorMessage();
00088                 return false;
00089             }
00090         }
00091         return true;
00092 
00093     }
00094 }
00095 
00104 class securityFilter extends MetaIterator
00105 {
00106     protected $m_Name = null;
00107     protected $m_Mode = 'DISABLED';
00108     protected $m_Rules = null;
00109     protected $m_ErrorMessage = null;
00110 
00111 
00120     function __construct(&$xmlArr, $filterName, $ruleName)
00121     {
00122         $this->readMetadata($xmlArr, $filterName, $ruleName);
00123     }
00124 
00133     protected function readMetadata(&$xmlArr, $filterName, $ruleName)
00134     {
00135         $this->m_Name = $ruleName;
00136         $this->m_Mode =   isset($xmlArr["ATTRIBUTES"]["MODE"]) ? $xmlArr["ATTRIBUTES"]["MODE"] : "DISABLED";
00137         if(strtoupper($this->m_Mode) == 'ENABLED' )
00138         {
00139             $this->m_Rules  = new MetaIterator($xmlArr["RULE"],        $ruleName."Rule",   $this);
00140         }
00141     }
00142 
00148     public function getErrorMessage()
00149     {
00150         return $this->m_ErrorMessage;
00151     }
00152 
00158     public function processRules()
00159     {
00160         if(is_array($this->m_Rules->m_var))
00161         {
00162             foreach($this->m_Rules->m_var as $name=>$obj)
00163             {
00164                 $obj->process();
00165                 if($obj->getErrorMessage())
00166                 {
00167                     $this->m_ErrorMessage = $obj->getErrorMessage();
00168                     return false;
00169                 }
00170             }
00171         }
00172     }
00173 }
00174 
00183 interface iSecurityRule
00184 {
00188     public function process();
00189 }
00190 
00199 class securityRule_Abstract implements iSecurityRule
00200 {
00201     public $m_Name      =   null;
00202     public $m_Action    =   null;
00203     public $m_Match     =   null;
00204     public $m_Status     =  null;
00205     public $m_EffectiveTime =      null;
00206     public $m_ErrorMessage = null;
00207 
00214     function __construct(&$xmlArr)
00215     {
00216         $this->readMetadata($xmlArr);
00217     }
00218 
00225     protected function readMetadata(&$xmlArr)
00226     {
00227         $this->m_Name       = $xmlArr["ATTRIBUTES"]["NAME"];
00228         $this->m_Action     = $xmlArr["ATTRIBUTES"]["ACTION"];
00229         $this->m_Status     = $xmlArr["ATTRIBUTES"]["STATUS"];
00230         $this->m_Match      = $xmlArr["ATTRIBUTES"]["MATCH"];
00231         $this->m_EffectiveTime = $xmlArr["ATTRIBUTES"]["EFFECTIVETIME"];
00232     }
00233 
00239     public function process()
00240     {
00241         return true;
00242     }
00243 
00249     public function getErrorMessage()
00250     {
00251         return $this->m_ErrorMessage;
00252     }
00253 
00259     public function checkEffectiveTime()
00260     {
00261         sscanf( $this->m_EffectiveTime, "%2d%2d-%2d%2d",
00262                 $start_hour, $start_min,
00263                 $end_hour, $end_min
00264         );
00265 
00266         $startTime  = strtotime(date("Y-m-d ").$start_hour.":".$start_min) ? strtotime(date("Y-m-d ").$start_hour.":".$start_min) : strtotime(date("Y-m-d 00:00"));
00267         $endTime    = strtotime(date("Y-m-d ").$end_hour.":".$end_min) ? strtotime(date("Y-m-d ").$end_hour.":".$end_min) : strtotime(date("Y-m-d 23:59:59"));
00268 
00269         $nowTime    = time();
00270 
00271         if($startTime>0 && $endTime>0)
00272         {
00273             //auto convert start time and end time
00274             if($endTime < $startTime)
00275             {
00276                 $tmpTime = $startTime;
00277                 $startTime = $endTime;
00278                 $endTime = $tmpTime;
00279             }
00280 
00281             if($startTime < $nowTime && $nowTime < $endTime )
00282             {
00283                 return true;
00284             }
00285             else
00286             {
00287                 return false;
00288             }
00289         }
00290     }
00291 }
00292 
00302 class URLFilterRule extends securityRule_Abstract
00303 {
00304 
00312     public function process()
00313     {
00314        if(strtoupper($this->m_Status)=='ENABLE')
00315        {
00316                parent::process();
00317                if(!$this->checkEffectiveTime())
00318                {
00319                    return true;
00320                }
00321                else
00322                {
00323                    $url = $_SERVER['REQUEST_URI'];
00324                    if(preg_match("/".$this->m_Match."/si",$url))
00325                    {
00326                        if(strtoupper($this->m_Action)=='DENY')
00327                        {
00328                            $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_URL_DENIED');
00329                            return false;
00330                        }elseif(strtoupper($this->m_Action)=='ALLOW')
00331                        {
00332                            return true;
00333                        }
00334                        return false;
00335                    }
00336                }
00337        }
00338     }
00339 }
00340 
00349 class DomainFilterRule extends securityRule_Abstract
00350 {
00351 
00359     public function process()
00360     {
00361        if(strtoupper($this->m_Status)=='ENABLE')
00362        {
00363                parent::process();
00364                if(!$this->checkEffectiveTime())
00365                {
00366                    return true;
00367                }
00368                else
00369                {
00370                    $url = $_SERVER['HTTP_HOST'];
00371                    if(preg_match("/".$this->m_Match."/si",$url))
00372                    {
00373                        if(strtoupper($this->m_Action)=='DENY')
00374                        {
00375                            $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_DOMAIN_DENIED');
00376                            return false;
00377                        }
00378                        elseif(strtoupper($this->m_Action)=='ALLOW')
00379                        {
00380                            return true;
00381                        }
00382                        return false;
00383                    }
00384                }
00385        }
00386     }
00387 }
00388 
00397 class AgentFilterRule extends securityRule_Abstract
00398 {
00406     public function process()
00407     {
00408        if(strtoupper($this->m_Status)=='ENABLE')
00409        {
00410                parent::process();
00411                if(!$this->checkEffectiveTime())
00412                {
00413                    return true;
00414                }
00415                else
00416                {
00417                    $url = $_SERVER['HTTP_USER_AGENT'];
00418                    if(preg_match("/".$this->m_Match."/si",$url))
00419                    {
00420                        if(strtoupper($this->m_Action)=='DENY')
00421                        {
00422                            $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_AGENT_DENIED');
00423                            return false;
00424                        }
00425                        elseif(strtoupper($this->m_Action)=='ALLOW')
00426                        {
00427                            return true;
00428                        }
00429                        return false;
00430                    }
00431                }
00432        }
00433     }
00434 }
00435 
00444 class IPFilterRule extends securityRule_Abstract
00445 {
00453     public function process()
00454     {
00455        if(strtoupper($this->m_Status)=='ENABLE')
00456        {
00457               parent::process();
00458                if(!$this->checkEffectiveTime())
00459                {
00460                    return true;
00461                }
00462                else
00463                {
00464                    $url = $_SERVER['REMOTE_ADDR'];
00465                    if(preg_match("/".$this->m_Match."/si",$url))
00466                    {
00467                        if(strtoupper($this->m_Action)=='DENY')
00468                        {
00469                            $this->m_ErrorMessage = BizSystem::getMessage('SECURITYSVC_IPADDR_DENIED');
00470                            return false;
00471                        }
00472                        elseif(strtoupper($this->m_Action)=='ALLOW')
00473                        {
00474                            return true;
00475                        }
00476                        return false;
00477                    }
00478                }
00479        }
00480     }
00481 }
00482 
00491 class PostFilterRule extends securityRule_Abstract
00492 {
00493 
00501     public function process()
00502     {
00503        if(strtoupper($this->m_Status)=='ENABLE')
00504        {
00505                parent::process();
00506                if(!$this->checkEffectiveTime())
00507                {
00508                    return true;
00509                }
00510                else
00511                {
00512                    $post_str = serialize($_POST);
00513                    if($this->m_Match!="")
00514                    {
00515                        if(preg_match("/".$this->m_Match."/si",$post_str))
00516                        {
00517                            if(strtoupper($this->m_Action)=='DENY')
00518                            {
00519                                $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_POST_DENIED');
00520                                return false;
00521                            }
00522                            elseif(strtoupper($this->m_Action)=='ALLOW')
00523                            {
00524                                return true;
00525                            }
00526                            return false;
00527                        }
00528                    }
00529                    else
00530                    {
00531                        return false;
00532                    }
00533                }
00534        }
00535     }
00536 }
00537 
00546 class GetFilterRule extends securityRule_Abstract
00547 {
00548 
00556     public function process()
00557     {
00558        if(strtoupper($this->m_Status)=='ENABLE')
00559        {
00560                parent::process();
00561                if(!$this->checkEffectiveTime())
00562                {
00563                    return true;
00564                }
00565                else
00566                {
00567                    $get_str = serialize($_GET);
00568                    if(preg_match("/".$this->m_Match."/si",$get_str))
00569                    {
00570                        if(strtoupper($this->m_Action)=='DENY')
00571                        {
00572                            $this->m_ErrorMessage=BizSystem::getMessage('SECURITYSVC_GET_DENIED');
00573                            return false;
00574                        }
00575                        elseif(strtoupper($this->m_Action)=='ALLOW')
00576                        {
00577                            return true;
00578                        }
00579                        return false;
00580                    }
00581                }
00582        }
00583     }
00584 }
00585 ?>

Generated on Thu Apr 19 2012 17:09:13 for openbiz by  doxygen 1.7.2