forked from NetCommons3/NetCommons
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathNetCommonsSecurity.php
More file actions
125 lines (107 loc) · 3 KB
/
NetCommonsSecurity.php
File metadata and controls
125 lines (107 loc) · 3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
/**
* NetCommonsセキュリティ Utility
*
* @author Noriko Arai <arai@nii.ac.jp>
* @author Shohei Nakajima <nakajimashouhei@gmail.com>
* @link http://www.netcommons.org NetCommons Project
* @license http://www.netcommons.org/license.txt NetCommons License
* @copyright Copyright 2014, NetCommons Project
*/
App::uses('Current', 'NetCommons.Utility');
App::uses('SiteSettingUtil', 'SiteManager.Utility');
/**
* NetCommonsセキュリティ Utility
*
* @author Shohei Nakajima <nakajimashouhei@gmail.com>
* @package NetCommons\NetCommons\Utility
*/
class NetCommonsSecurity {
/**
* コンストラクタ
*
* セキュリティチェックで使用するモデルをセットする
*
* @return void
*/
public function __construct() {
$this->SiteSetting = ClassRegistry::init('SiteManager.SiteSetting');
}
/**
* IP変動の禁止チェック
*
* @return bool
*/
public function denyIpMove() {
$ips = explode('|', SiteSettingUtil::read('Security.deny_ip_move', ''));
$userRoleKey = Current::read('User.role_key');
if (! in_array($userRoleKey, $ips, true)) {
return true;
}
$currentId = $this->SiteSetting->getCurrentIp();
if (! $currentId) {
return true;
}
$sessionIp = CakeSession::read('Security.current_ip');
if (! $sessionIp) {
CakeSession::write('Security.current_ip', $currentId);
$sessionIp = $currentId;
}
return ($currentId === $sessionIp);
}
/**
* IPアドレスの不正アクセスチェック
*
* @return bool
*/
public function enableBadIps() {
if (SiteSettingUtil::read('Security.enable_bad_ips')) {
$ips = SiteSettingUtil::read('Security.bad_ips');
if ($this->SiteSetting->hasCurrentIp($ips)) {
return false;
}
}
return true;
}
/**
* IPアドレスによる管理画面のアクセスチェック
*
* @return bool
*/
public function enableAllowSystemPluginIps() {
if (SiteSettingUtil::read('Security.enable_allow_system_plugin_ips')) {
$ips = SiteSettingUtil::read('Security.allow_system_plugin_ips');
if (! $this->SiteSetting->hasCurrentIp($ips)) {
return false;
}
}
return true;
}
/**
* サイト停止チェック
*
* @param CakeRequest $request CakeRequest
* @return bool
*/
public function isCloseSite(CakeRequest $request) {
$allowUrls = array(
['plugin' => 'auth', 'controller' => 'auth', 'action' => 'login'],
['plugin' => 'auth_general', 'controller' => 'auth_general', 'action' => 'login'],
['plugin' => 'net_commons', 'controller' => 'site_close', 'action' => 'index'],
);
//サイト停止画面、ログイン画面のみ許可する
foreach ($allowUrls as $url) {
if ($request->params['plugin'] === $url['plugin'] &&
$request->params['controller'] === $url['controller'] &&
$request->params['action'] === $url['action']) {
return false;
}
}
//サイト管理が使えるユーザはOKとする
if (Current::allowSystemPlugin('site_manager')) {
return false;
}
//サイト閉鎖のチェック
return (bool)SiteSettingUtil::read('App.close_site');
}
}