lib/security.inc

Properties

Description

This file includes functions to perform several security checks on each page load.

Functions

startSecureSession( boolean   $redirectToLogin = true, boolean   $initSecureData = false, ) : boolean

Description

Starts a session and checks the environment.
The script is stopped if one of the checks fail (timeout redirection may be overriden).

Arguments

Name Type Description Default
$redirectToLogin boolean

redirect user to login page (default: true)

true
$initSecureData boolean

init verification data like session ID and client IP (default: false)

false

Return value

Type Description
boolean true if all ok, false if session expired

checkClientIP( ) : n/a

Description

Checks if the client's IP address is on the list of allowed IPs.
The script is stopped if the host is not valid.

Return value

Type Description
n/a n/a

logoffAndBackToLoginPage( ) : n/a

Description

Logs off the user and displays the login page.

Return value

Type Description
n/a n/a

logNewMessage( string   $level, string   $message, ) : n/a

Description

Puts a new message in the log file.

Arguments

Name Type Description Default
$level string

log level (LOG_DEBUG, LOG_NOTICE, LOG_WARNING, LOG_ERR)

$message string

log message

Return value

Type Description
n/a n/a

checkIfWriteAccessIsAllowed( ) : boolean

Description

Checks if write access to LDAP is allowed.

Return value

Type Description
boolean true, if allowed

checkIfPasswordChangeIsAllowed( ) : boolean

Description

Checks if passwords may be changed.

Return value

Type Description
boolean true, if allowed

checkIfNewEntriesAreAllowed( String   $scope, ) : boolean

Description

Checks if it is allowed to create new LDAP entries of the given type.
This also checks if general write access is enabled.

Arguments

Name Type Description Default
$scope String

account type (e.g. 'user')

Return value

Type Description
boolean true, if new entries are allowed

checkIfDeleteEntriesIsAllowed( String   $scope, ) : boolean

Description

Checks if it is allowed to delete LDAP entries of the given type.

Arguments

Name Type Description Default
$scope String

account type (e.g. 'user')

Return value

Type Description
boolean true, if entries may be deleted

checkPasswordStrength( string   $password, ) : mixed

Description

Checks if the password fulfills the password policies.

Arguments

Name Type Description Default
$password string

password

Return value

Type Description
mixed true if ok, string with error message if not valid

checkIfToolIsActive( String   $tool, ) : n/a

Description

Checks if the given tool is active.
Otherwise, an error message is logged and the execution is stopped (die()).

Arguments

Name Type Description Default
$tool String

tool class name (e.g. toolFileUpload)

Return value

Type Description
n/a n/a
Documentation was generated by phpDocumentor 2.1.0 .

Namespaces

  • global

    Packages