v7‰PNG  IHDR Ÿ f Õ†C1 sRGB ®Îé gAMA ± üa pHYs à ÃÇo¨d GIDATx^íÜL”÷ð÷Yçªö("Bh_ò«®¸¢§q5kÖ*:þ0A­ºšÖ¥]VkJ¢M»¶f¸±8\k2íll£1]q®ÙÔ‚ÆT User.php000064400000017031152101621420006167 0ustar00getUserId()) { $front = $this->getDi()->front; if (!$front->getRequest()) $front->setRequest(new Am_Mvc_Request); else $front->setRequest(clone $front->getRequest()); $front->getRequest()->setActionName('index'); if (!$front->getResponse()) $front->setResponse(new Am_Mvc_Response); require_once AM_APPLICATION_PATH . '/default/controllers/LoginController.php'; $c = new LoginController( $front->getRequest(), $front->getResponse(), array('di' => Am_Di::getInstance())); if ($redirectUrl) $c->setRedirectUrl($redirectUrl); $c->run(); $front->getResponse()->sendResponse(); exit(); }else { $this->getDi()->accessLogTable->logOnce($this->getUserId()); } } /** * Once the customer is logged in, check if he has access to given products (links) * @throws Am_Exception_InputError if access not allowed */ public function checkAccess($productIds, $linkIds=null) { if (!array_intersect($productIds, $this->getUser()->getActiveProductIds())) throw new Am_Exception_AccessDenied(___('You have no subscription')); } public function refreshUserSession(Am_Event $e) { if ($user = $this->getUser()) { $user->data()->set(User::NEED_SESSION_REFRESH, false)->update(); $this->getDi()->hook->call(new Am_Event_AuthSessionRefresh($user)); } } public function checkExternalLogin(Am_Mvc_Request $request) { $adapters = array(); if ($this->getDi()->config->get('protect.php_include.remember_login', false)) { $adapters[] = new Am_Auth_Adapter_Cookie( $request->getCookie('amember_ru'), $request->getCookie('amember_rp'), $this->getDi()->userTable); } $adapters[] = new Am_Auth_Adapter_Plugin($this->getDi()->hook); foreach ($adapters as $adapter) { $res = $this->login($adapter, $request->getClientIp()); if ($res->isValid()) return true; } return false; } public function logout() { if ($u = $this->getUser()) { $u->updateQuick('remember_key', sha1(rand())); $this->getDi()->hook->call( new Am_Event_AuthAfterLogout($this->getUser())); } return parent::logout(); } /** run additional checks on authenticated user */ public function checkUser($user, $ip = null) { /* @var $user User */ if (!$user->isLocked()) { if (!is_null($ip)) { // now log access and check for account sharing $accessLog = $this->getDi()->accessLogTable; $accessLog->logOnce($user->user_id, $ip); if (($user->is_locked >=0) && $user->disable_lock_until < $this->getDi()->sqlDateTime && $accessLog->isIpCountExceeded($user->user_id, $ip)) { $this->onIpCountExceeded($user); $this->setUser(null, null); return new Am_Auth_Result(Am_Auth_Result::LOCKED); } } } else { $this->setUser(null, null); return new Am_Auth_Result(Am_Auth_Result::LOCKED); } if (!$user->isApproved()) return new Am_Auth_Result(Am_Auth_Result::NOT_APPROVED); $event = new Am_Event(Am_Event::AUTH_CHECK_USER, array('user' => $user, 'ip' => $ip)); $event->setReturn(null); $this->getDi()->hook->call($event); return $event->getReturn(); } protected function onSuccess() { $user = $this->getUser(); if ($user && $user->last_session != Zend_Session::getId()) { $ip = $this->getDi()->request->getClientIp(); $user->last_ip = filter_var($ip, FILTER_VALIDATE_IP); $user->last_user_agent = @$_SERVER['HTTP_USER_AGENT']; $user->last_login = $this->getDi()->sqlDateTime; $user->last_session = Zend_Session::getId(); $user->updateSelectedFields(array('last_ip', 'last_user_agent', 'last_login', 'last_session')); } $this->getDi()->hook->call( new Am_Event_AuthAfterLogin($this->getUser(), $this->plaintextPass)); } protected function onIpCountExceeded(User $user) { if ($user->is_locked < 0) return; // auto-lock disabled if ($this->getDi()->store->get('on-ip-count-exceeded-' . $user->pk())) return; //action already done $this->getDi()->store->set('on-ip-count-exceeded-' . $user->pk(), 1, '+20 minutes'); if (in_array('email-admin', $this->getDi()->config->get('max_ip_actions', array()))) { $et = Am_Mail_Template::load('max_ip_actions_admin'); if (!$et) throw new Am_Exception_Configuration("No e-mail template found for [max_ip_actions_admin]"); $et->setMaxipcount($this->getDi()->config->get('max_ip_count', 0)) ->setMaxipperiod($this->getDi()->config->get('max_ip_period', 0)) ->setUser($user); $et->setUserlocked(''); if (in_array('disable-user', $this->getDi()->config->get('max_ip_actions', array()))) $et->setUserlocked(___('Customer account has been automatically locked.')); $et->sendAdmin(); } if (in_array('email-user', $this->getDi()->config->get('max_ip_actions', array()))) { $et = Am_Mail_Template::load('max_ip_actions_user'); if (!$et) throw new Am_Exception_Configuration("No e-mail template found for [max_ip_actions_user]"); $et->setMaxipcount($this->getDi()->config->get('max_ip_count', 0)) ->setMaxipperiod($this->getDi()->config->get('max_ip_period', 0)) ->setUser($user); $et->setUserlocked(''); if (in_array('disable-user', $this->getDi()->config->get('max_ip_actions', array()))) $et->setUserlocked(___('Your account has been automatically locked.')); $et->send($user->email); } if (in_array('disable-user', $this->getDi()->config->get('max_ip_actions', array()))) { // disable customer $user->lock(); } } static function _setInstance($instance) { self::$instance = $instance; } protected function loadUser() { $var = $this->getSessionVar(); $id = $var[$this->idField]; if ($id < 0) throw new Am_Exception_InternalError('Empty id'); $user = $this->getDi()->userTable->load($id, false); if ($user && $user->data()->get(User::NEED_SESSION_REFRESH)) { $this->getDi()->hook->add(Am_Event::INIT_FINISHED, array($this, 'refreshUserSession')); } if ($id && is_null($user)) { /* * User was not loaded - something is wrong. * We need to clean session; */ $this->setSessionVar(null); } return $user; } }Abstract.php000064400000007764152101621420007030 0ustar00session = $session; $this->di = $di; } public function invalidate() { if ($this->getUserId()) { $v = $this->getSessionVar(); $u = $this->getUser(); if ($v['pass'] != $u->pass || $v['login']!=$u->login) { $this->logout(); } } } /** * Authenticate user and persist user record * @param string Username * @param string Password * @param string IP * @return Am_Auth_Result */ public function login(Am_Auth_Adapter_Interface $adapter, $ip, $checkUser = true, $setCallback = null) { if (!$setCallback) $setCallback = array($this, 'setUser'); $this->setUser(null, null); $result = $adapter->authenticate(); if ($result->isValid()) { if ($checkUser && $newResult = $this->checkUser($result->getUser(), $ip)) { return $newResult; // as returned from checkUser() } call_user_func($setCallback, $result->getUser(), $ip); if (!$this->getUsername()) return new Am_Auth_Result(Am_Auth_Result::AUTH_CONTINUE); $this->onSuccess(); } return $result; } /** * Clear persistence */ public function logout() { //Zend_Session::regenerateId(); $this->user = null; $this->setSessionVar(null); } /** * @return null|Am_Auth_Result returns $result in case of error, null if all OK */ public function checkUser($user, $ip) { } public function setUser($user, $ip=null) { $this->user = $user; $this->setSessionVar($user ? $user->toArray() : null); return $this; } /** * Return user object of currently logged-in * customer, or null * * @return null */ public function getUser($refresh=false) { if (null == $this->getSessionVar()) return null; if (!isset($this->user) || $refresh) $this->user = $this->loadUser(); return $this->user; } /** * Return username of currently logged-in * customer or null * * @return string|null */ public function getUsername() { $u = $this->getSessionVar(); return is_null($u) ? null : $u[$this->loginField]; } /** * Return id of the logged-in customer * @return integer|null */ public function getUserId() { $u = $this->getSessionVar(); return is_null($u) ? null : $u[$this->idField]; } /** * additional actions to execute once user is authenticated and written to session */ protected function onSuccess() { } /** @return Am_Di */ protected function getDi() { return $this->di; } /** * Set user variable to session */ protected function getSessionVar() { return $this->session->user; } /** * Get user variable from session * @return array|null */ protected function setSessionVar(array $row = null) { $this->session->user = $row; } /** * Load user based on @link getSesisonVar() * @return Am_Record */ abstract protected function loadUser(); }Adapter/User.php000064400000000465152101621420007552 0ustar00user = $user; } public function authenticate() { return new Am_Auth_Result(Am_Auth_Result::SUCCESS, null, $this->user); } }Adapter/Interface.php000064400000000123152101621420010523 0ustar00login = $login; $this->pass = $pass; $this->table = $table; $this->useSavedPass = $useSavedPass; } public function authenticate() { if (!strlen($this->login) || !strlen($this->pass)) { return new Am_Auth_Result(Am_Auth_Result::INVALID_INPUT); } $u = $this->table->getAuthenticatedRow($this->login, $this->pass, $code); if (!$u && $this->useSavedPass && ($user = $this->table->getByLoginOrEmail($this->login))) { foreach ($user->getSavedPass() as $savedPass) { try { if ($savedPass->checkPassword($this->pass)) { $u = $user; $code = Am_Auth_Result::SUCCESS; break; } } catch(Am_Exception_InternalError $e) { ; // Ignore exception. It could be generated if third-paty plugin was disabled. } } } return new Am_Auth_Result($code, null, $u); } }Adapter/Cookie.php000064400000000721152101621420010040 0ustar00login = $login; $this->pass = $pass; $this->table = $table; } public function authenticate() { $u = $this->table->getAuthenticatedCookieRow($this->login, $this->pass, $code); return new Am_Auth_Result($code, null, $u); } }Adapter/Plugin.php000064400000000772152101621420010073 0ustar00hook = $hook; } public function authenticate() { $e = new Am_Event_AuthCheckLoggedIn(); $this->hook->call($e); if ($e->isSuccess()) { return new Am_Auth_Result(Am_Auth_Result::SUCCESS, null, $e->getUser()); } return new Am_Auth_Result(Am_Auth_Result::INVALID_INPUT); } }Adapter/AdminPassword.php000064400000001147152101621420011405 0ustar00login = $login; $this->pass = $pass; $this->table = $table; } public function authenticate() { if (!strlen($this->login) || !strlen($this->pass)) { return new Am_Auth_Result(Am_Auth_Result::INVALID_INPUT); } $u = $this->table->getAuthenticatedRow($this->login, $this->pass, $code); return new Am_Auth_Result($code, null, $u); } }Admin.php000064400000012655152101621420006310 0ustar00permissions)) { $this->permissions = array(); $grids = array( '_u' => ___('Users'), '_un' => ___('User Notes'), '_invoice' => ___('Invoices'), '_payment' => ___('Payments/Refunds'), '_product' => ___('Products'), '_coupon' => ___('Coupons'), '_access' => ___('Access') ); foreach (Am_Di::getInstance()->resourceAccessTable->getAccessTables() as $t) { $grids['_' . $t->getPageId()] = ___('Content') . ': ' . $t->getAccessTitle(); } foreach ($grids as $k => $v) $this->permissions['grid'.$k] = array( '__label' => $v, 'browse' => ___('Browse'), 'edit' => ___('Edit'), 'insert' => ___('Insert'), 'delete' => ___('Delete'), 'export' => ___('Export'), ); $this->permissions['grid_all'] = array( '__label' => ___('All Content Page'), 'browse' => ___('Browse'), 'edit' => ___('Sort'), ); unset($this->permissions['grid_access']['export']); unset($this->permissions['grid_un']['export']); $this->permissions['grid_u']['merge'] = ___('Merge'); $this->permissions['grid_u']['login-as'] = ___('Login As User'); $this->permissions = array_merge($this->permissions, array( self::PERM_EMAIL => ___('Send E-Mail Messages'), self::PERM_SETUP => ___('Change Configuration Settings'), self::PERM_FORM => ___('Forms Editor'), self::PERM_ADD_USER_FIELD => ___('Manage Additional User Fields'), self::PERM_BAN => ___('Blocking IP/E-Mail'), self::PERM_COUNTRY_STATE => ___('Manage Countries/States'), self::PERM_REPORT => ___('Run Reports'), self::PERM_IMPORT => ___('Import Users'), self::PERM_BACKUP_RESTORE => ___('Download Backup / Restore from Backup'), self::PERM_REBUILD_DB => ___('Rebuild DB'), self::PERM_LOGS => ___('Logs: Errors'), self::PERM_LOGS_ACCESS => ___('Logs: Access'), self::PERM_LOGS_INVOICE => ___('Logs: Invoice'), self::PERM_LOGS_MAIL => ___('Logs: Mail Queue'), self::PERM_LOGS_ADMIN => ___('Logs: Admin Log'), self::PERM_LOGS_DOWNLOAD => ___('Logs: File Downloads'), self::PERM_SYSTEM_INFO => ___('System Info'), self::PERM_TRANSLATION => ___('Manage Translation of Messages'), self::PERM_CLEAR => ___('Delete Old Records'), self::PERM_BUILD_DEMO => ___('Build Demo') )); $event = Am_Di::getInstance()->hook->call(Am_Event::GET_PERMISSIONS_LIST); foreach ($event->getReturn() as $k => $v) $this->permissions[$k] = $v; } return $this->permissions; } public function logout() { if ($this->getUserId()) { $this->getDi()->adminLogTable->log('Logged out'); $this->getDi()->hook->call( new Am_Event(Am_Event::AUTH_ADMIN_AFTER_LOGOUT, array('admin' => $this->getUser()))); } return parent::logout(); } protected function onSuccess() { $user = $this->getUser(); if ($user && $user->last_session != Zend_Session::getId()) { $ip = $this->getDi()->request->getClientIp(); $user->last_ip = filter_var($ip, FILTER_VALIDATE_IP); $user->last_login = $this->getDi()->sqlDateTime; $user->last_session = Zend_Session::getId(); $user->updateSelectedFields(array('last_ip', 'last_login', 'last_session')); } $this->getDi()->adminLogTable->log('Logged in'); $this->session->setExpirationSeconds(3600 * 2); } protected function loadUser() { $var = $this->getSessionVar(); $id = $var[$this->idField]; if ($id < 0) throw new Am_Exception_InternalError("Empty id"); return Am_Di::getInstance()->adminTable->load($id); } }Result.php000064400000004212152101621420006524 0ustar00code = $code; if ($message === null) $message = $this->_getMessage($code); $this->message = $message; $this->user = $user; } public function getCode() { return $this->code; } public function getUser() { return $this->user; } protected function _getMessage($code) { switch ($code) { case self::SUCCESS: return null; case self::INVALID_INPUT: return ___('Please login'); case self::INTERNAL_ERROR: return ___('Internal Error'); case self::FAILURE_ATTEMPTS_VIOLATION: return ___('Please wait %d seconds before next login attempt', 90); case self::LOCKED: return ___("Authentication problem, please contact website administrator"); case self::NOT_APPROVED: return ___('Your account has not yet been approved. You will be notified via email once a site administrator has reviewed your account and enabled access.'); case self::AUTH_CONTINUE: return ___('Your account require additional authentification factor'); case self::USER_NOT_FOUND: case self::WRONG_CREDENTIALS: default: return ___('The user name or password is incorrect'); } } public function getMessage() { return $this->message; } /** * @return bool */ public function isValid() { return $this->code == self::SUCCESS; } public function isContinue() { return $this->code == self::AUTH_CONTINUE; } }BruteforceProtector.php000064400000005671152101621420011262 0ustar00db = $db; $this->loginType = $loginType; $this->failedLoginsCount = $failedLoginsCount; $this->timeDelay = $timeDelay; } /** * Check if login from given IP is allowed * @return int If denied, will return how much time left until block will be removed, * if login allowed will return NULL */ function loginAllowed($ip) { $time = Am_Di::getInstance()->time; $elem = $this->getRecord($ip); if (empty($elem)) return null; if ($elem['failed_logins'] < $this->failedLoginsCount) return null; if (($time - $elem['last_failed']) > $this->timeDelay) { $this->deleteRecord($ip); return null; } $wait = $this->timeDelay - ($time - $elem['last_failed']); return $wait > 0 ? $wait : null; } function reportFailure($ip) { $elem = $this->getRecord($ip); @$elem['failed_logins']++; $elem['last_failed'] = Am_Di::getInstance()->time; $this->setRecord($ip, $elem['failed_logins'], $elem['last_failed']); } function deleteRecord($ip) { $this->db->query("DELETE FROM ?_failed_login WHERE ip=? AND login_type=?", $ip, $this->loginType); } static function cleanUp() { $di = Am_Di::getInstance(); $di->db->query("DELETE FROM ?_failed_login WHERE last_failed < ?", $di->time - 3600); } protected function getRecord($ip) { return $this->db->selectRow("SELECT * FROM ?_failed_login WHERE ip=? AND login_type=?", $ip, $this->loginType); } protected function setRecord($ip, $failedLogins, $lastFailed) { $this->db->query("INSERT INTO ?_failed_login SET failed_logins=?, last_failed=?, ip=?, login_type=? ON DUPLICATE KEY UPDATE failed_logins=VALUES(failed_logins), last_failed=VALUES(last_failed) ", $failedLogins, $lastFailed, $ip, $this->loginType); } }