File manager

File manager - Edit - /home/c14075/dragmet-ural.ru/www/bitrix/modules/main/classes/general/user.php

Back
<?php /** * Bitrix Framework * @package bitrix * @subpackage main * @copyright 2001-2022 Bitrix / use Bitrix\Main; use Bitrix\Main\Authentication; use Bitrix\Main\Authentication\ShortCode; use Bitrix\Main\Authentication\Device; use Bitrix\Main\Authentication\ApplicationPasswordTable; use Bitrix\Main\Authentication\Internal\UserPasswordTable; use Bitrix\Main\Authentication\Internal\UserDeviceTable; use Bitrix\Main\Authentication\Internal\UserStoredAuthTable; use Bitrix\Main\Authentication\Internal\UserHitAuthTable; use Bitrix\Main\Authentication\Internal\UserDeviceLoginTable; use Bitrix\Main\Authentication\Policy; use Bitrix\Main\UserProfileHistoryTable; use Bitrix\Main\Localization\Loc; use Bitrix\Main\Security\Random; use Bitrix\Main\Security\Password; IncludeModuleLangFile(__FILE__); /* * @deprecated / class CAllUser extends CDBResult { var $LAST_ERROR = ""; protected $admin; /* @var Authentication\Context / protected $context; /* @var Main\Session\SessionInterface / protected static $kernelSession; protected static $CURRENT_USER = false; protected $justAuthorized = false; protected static $userGroupCache = array(); const STATUS_ONLINE = 'online'; const STATUS_OFFLINE = 'offline'; //in seconds const PHONE_CODE_OTP_INTERVAL = 30; const PHONE_CODE_RESEND_INTERVAL = 60; public const PASSWORD_SPECIAL_CHARS = ',.<>/?;:\'"[]{}\\|`~!@#$%^&()_+=-'; /** * CUser constructor. / public function __construct() { static::$kernelSession = Main\Application::getInstance()->getKernelSession(); parent::__construct(); } public function GetParam($name) { if(isset(static::$kernelSession["SESS_AUTH"][$name])) { return static::$kernelSession["SESS_AUTH"][$name]; } else { // compatibility switch ($name) { case 'USER_ID': return (string)$this->getContext()->getUserId(); case 'APPLICATION_ID': return $this->getContext()->getApplicationId(); } } return null; } public function SetParam($name, $value) { static::$kernelSession["SESS_AUTH"][$name] = $value; } public function GetSecurityPolicy() { if(!is_array($this->GetParam("POLICY"))) { $this->SetParam("POLICY", static::getPolicy($this->GetID())->getValues()); } return $this->GetParam("POLICY"); } public function GetID() { if(!isset($this)) { trigger_error("Static call CUser::GetID() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetID(); } return $this->GetParam("USER_ID"); } public function GetLogin() { if(!isset($this)) { trigger_error("Static call CUser::GetLogin() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetLogin(); } return $this->GetParam("LOGIN"); } public function GetEmail() { if(!isset($this)) { trigger_error("Static call CUser::GetEmail() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetEmail(); } return $this->GetParam("EMAIL"); } public function GetFullName() { if(!isset($this)) { trigger_error("Static call CUser::GetFullName() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetFullName(); } return $this->GetParam("NAME"); } public function GetFirstName() { if(!isset($this)) { trigger_error("Static call CUser::GetFirstName() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetFirstName(); } return $this->GetParam("FIRST_NAME"); } public function GetLastName() { if(!isset($this)) { trigger_error("Static call CUser::GetLastName() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetLastName(); } return $this->GetParam("LAST_NAME"); } public function GetSecondName() { if(!isset($this)) { trigger_error("Static call CUser::GetSecondName() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->GetSecondName(); } return $this->GetParam("SECOND_NAME"); } public function GetFormattedName($bUseBreaks = true, $bHTMLSpec = true) { return static::FormatName(CSite::GetNameFormat($bUseBreaks), array( "TITLE" => $this->GetParam("TITLE"), "NAME" => $this->GetFirstName(), "SECOND_NAME" => $this->GetSecondName(), "LAST_NAME" => $this->GetLastName(), "LOGIN" => $this->GetLogin(), ), true, $bHTMLSpec ); } /* * @deprecated Does nothing. / public static function err_mess() { } public function Add($arFields) { /* @global CUserTypeManager $USER_FIELD_MANAGER / global $DB, $USER_FIELD_MANAGER, $CACHE_MANAGER; $ID = 0; if(!$this->CheckFields($arFields)) { $Result = false; $arFields["RESULT_MESSAGE"] = &$this->LAST_ERROR; } else { unset($arFields["ID"]); unset($arFields["STORED_HASH"]); $arFields['ACTIVE'] = (is_set($arFields, 'ACTIVE') && $arFields['ACTIVE'] != 'Y'? 'N' : 'Y'); $arFields['BLOCKED'] = (is_set($arFields, 'BLOCKED') && $arFields['BLOCKED'] == 'Y'? 'Y' : 'N'); $arFields['PASSWORD_EXPIRED'] = (is_set($arFields, 'PASSWORD_EXPIRED') && $arFields['PASSWORD_EXPIRED'] == 'Y'? 'Y' : 'N'); if ($arFields["PERSONAL_GENDER"] != "M" && $arFields["PERSONAL_GENDER"] != "F") { $arFields["PERSONAL_GENDER"] = ""; } $originalPassword = $arFields["PASSWORD"]; $arFields["PASSWORD"] = Password::hash($arFields["PASSWORD"]); $checkword = ($arFields["CHECKWORD"] == ''? Random::getString(32) : $arFields["CHECKWORD"]); $arFields["CHECKWORD"] = Password::hash($checkword); $arFields["~CHECKWORD_TIME"] = $DB->CurrentTimeFunction(); if(is_set($arFields, "WORK_COUNTRY")) $arFields["WORK_COUNTRY"] = intval($arFields["WORK_COUNTRY"]); if(is_set($arFields, "PERSONAL_COUNTRY")) $arFields["PERSONAL_COUNTRY"] = intval($arFields["PERSONAL_COUNTRY"]); if ( array_key_exists("PERSONAL_PHOTO", $arFields) && is_array($arFields["PERSONAL_PHOTO"]) && ( !array_key_exists("MODULE_ID", $arFields["PERSONAL_PHOTO"]) \|\| $arFields["PERSONAL_PHOTO"]["MODULE_ID"] == '' ) ) $arFields["PERSONAL_PHOTO"]["MODULE_ID"] = "main"; CFile::SaveForDB($arFields, "PERSONAL_PHOTO", "main"); if ( array_key_exists("WORK_LOGO", $arFields) && is_array($arFields["WORK_LOGO"]) && ( !array_key_exists("MODULE_ID", $arFields["WORK_LOGO"]) \|\| $arFields["WORK_LOGO"]["MODULE_ID"] == '' ) ) $arFields["WORK_LOGO"]["MODULE_ID"] = "main"; CFile::SaveForDB($arFields, "WORK_LOGO", "main"); $arInsert = $DB->PrepareInsert("b_user", $arFields); if(!is_set($arFields, "DATE_REGISTER")) { $arInsert[0] .= ", DATE_REGISTER"; $arInsert[1] .= ", ".$DB->GetNowFunction(); } $strSql = " INSERT INTO b_user ( ".$arInsert[0]." ) VALUES ( ".$arInsert[1]." ) "; $DB->Query($strSql); $ID = $DB->LastID(); $USER_FIELD_MANAGER->Update("USER", $ID, $arFields); CAccess::RecalculateForUser($ID, CUserAuthProvider::ID); if(is_set($arFields, "GROUP_ID")) static::SetUserGroup($ID, $arFields["GROUP_ID"], true); if(isset($arFields["PHONE_NUMBER"]) && $arFields["PHONE_NUMBER"] <> '') { Main\UserPhoneAuthTable::add(array( "USER_ID" => $ID, "PHONE_NUMBER" => $arFields["PHONE_NUMBER"], )); } //update digest hash for http digest authorization if(COption::GetOptionString('main', 'use_digest_auth', 'N') == 'Y') { static::UpdateDigest($ID, $originalPassword); } //history of passwords UserPasswordTable::add([ "USER_ID" => $ID, "PASSWORD" => $arFields["PASSWORD"], "DATE_CHANGE" => new Main\Type\DateTime(), ]); if(Main\Config\Option::get("main", "user_profile_history") === "Y") { UserProfileHistoryTable::addHistory($ID, UserProfileHistoryTable::TYPE_ADD); } $Result = $ID; $arFields["ID"] = &$ID; $arFields["CHECKWORD"] = $checkword; } $arFields["RESULT"] = &$Result; foreach (GetModuleEvents("main", "OnAfterUserAdd", true) as $arEvent) ExecuteModuleEventEx($arEvent, array(&$arFields)); if($ID > 0 && defined("BX_COMP_MANAGED_CACHE")) { $isRealUser = !$arFields['EXTERNAL_AUTH_ID'] \|\| !in_array($arFields['EXTERNAL_AUTH_ID'], \Bitrix\Main\UserTable::getExternalUserTypes()); $CACHE_MANAGER->ClearByTag("USER_CARD_".intval($ID / TAGGED_user_card_size)); $CACHE_MANAGER->ClearByTag($isRealUser? "USER_CARD": "EXTERNAL_USER_CARD"); $CACHE_MANAGER->ClearByTag("USER_NAME_".$ID); $CACHE_MANAGER->ClearByTag($isRealUser? "USER_NAME": "EXTERNAL_USER_NAME"); } \Bitrix\Main\UserTable::indexRecord($ID); return $Result; } public static function GetDropDownList($strSqlSearch="and ACTIVE='Y'", $strSqlOrder="ORDER BY ID, NAME, LAST_NAME") { global $DB; $strSql = " SELECT ID as REFERENCE_ID, concat('[',ID,'] (',LOGIN,') ',ifnull(NAME,''),' ',ifnull(LAST_NAME,'')) as REFERENCE FROM b_user WHERE 1=1 $strSqlSearch $strSqlOrder "; $res = $DB->Query($strSql); return $res; } public static function GetList($by = '', $order = '', $arFilter = [], $arParams = []) { /* @global CUserTypeManager $USER_FIELD_MANAGER / global $DB, $USER_FIELD_MANAGER; if (is_array($by)) { $arOrder = $by; } else { $arOrder = [$by => $order]; } static $obUserFieldsSql; if (!isset($obUserFieldsSql)) { $obUserFieldsSql = new CUserTypeSQL; $obUserFieldsSql->SetEntity("USER", "U.ID"); $obUserFieldsSql->obWhere->AddFields(array( "F_LAST_NAME" => array( "TABLE_ALIAS" => "U", "FIELD_NAME" => "U.LAST_NAME", "MULTIPLE" => "N", "FIELD_TYPE" => "string", "JOIN" => false, ), )); } if (isset($arParams["SELECT"])) { $obUserFieldsSql->SetSelect($arParams["SELECT"]); } $obUserFieldsSql->SetFilter($arFilter); $obUserFieldsSql->SetOrder($arOrder); $arFields_m = array("ID", "ACTIVE", "LAST_LOGIN", "LOGIN", "EMAIL", "NAME", "LAST_NAME", "SECOND_NAME", "TIMESTAMP_X", "PERSONAL_BIRTHDAY", "IS_ONLINE", "IS_REAL_USER"); $arFields = array( "DATE_REGISTER", "PERSONAL_PROFESSION", "PERSONAL_WWW", "PERSONAL_ICQ", "PERSONAL_GENDER", "PERSONAL_PHOTO", "PERSONAL_PHONE", "PERSONAL_FAX", "PERSONAL_MOBILE", "PERSONAL_PAGER", "PERSONAL_STREET", "PERSONAL_MAILBOX", "PERSONAL_CITY", "PERSONAL_STATE", "PERSONAL_ZIP", "PERSONAL_COUNTRY", "PERSONAL_NOTES", "WORK_COMPANY", "WORK_DEPARTMENT", "WORK_POSITION", "WORK_WWW", "WORK_PHONE", "WORK_FAX", "WORK_PAGER", "WORK_STREET", "WORK_MAILBOX", "WORK_CITY", "WORK_STATE", "WORK_ZIP", "WORK_COUNTRY", "WORK_PROFILE", "WORK_NOTES", "ADMIN_NOTES", "XML_ID", "LAST_NAME", "SECOND_NAME", "STORED_HASH", "CHECKWORD_TIME", "EXTERNAL_AUTH_ID", "CONFIRM_CODE", "LOGIN_ATTEMPTS", "LAST_ACTIVITY_DATE", "AUTO_TIME_ZONE", "TIME_ZONE", "TIME_ZONE_OFFSET", "PASSWORD", "CHECKWORD", "LID", "LANGUAGE_ID", "TITLE", ); $arFields_all = array_merge($arFields_m, $arFields); $arSelectFields = array(); $online_interval = (array_key_exists("ONLINE_INTERVAL", $arParams) && intval($arParams["ONLINE_INTERVAL"]) > 0 ? $arParams["ONLINE_INTERVAL"] : static::GetSecondsForLimitOnline()); if (isset($arParams['FIELDS']) && is_array($arParams['FIELDS']) && count($arParams['FIELDS']) > 0 && !in_array("", $arParams['FIELDS'])) { foreach ($arParams['FIELDS'] as $field) { $field = strtoupper($field); if ($field == 'TIMESTAMP_X' \|\| $field == 'DATE_REGISTER' \|\| $field == 'LAST_LOGIN') $arSelectFields[$field] = $DB->DateToCharFunction("U.".$field)." ".$field.", U.".$field." ".$field."_DATE"; elseif ($field == 'PERSONAL_BIRTHDAY') $arSelectFields[$field] = $DB->DateToCharFunction("U.PERSONAL_BIRTHDAY", "SHORT")." PERSONAL_BIRTHDAY, U.PERSONAL_BIRTHDAY PERSONAL_BIRTHDAY_DATE"; elseif ($field == 'IS_ONLINE') $arSelectFields[$field] = "IF(U.LAST_ACTIVITY_DATE > DATE_SUB(NOW(), INTERVAL ".$online_interval." SECOND), 'Y', 'N') IS_ONLINE"; elseif ($field == 'IS_REAL_USER') $arSelectFields[$field] = "IF(U.EXTERNAL_AUTH_ID IN ('".join("', '", static::GetExternalUserTypes())."'), 'N', 'Y') IS_REAL_USER"; elseif (in_array($field, $arFields_all)) $arSelectFields[$field] = 'U.'.$field; } } if (empty($arSelectFields)) { $arSelectFields[] = 'U.'; $arSelectFields['TIMESTAMP_X'] = $DB->DateToCharFunction("U.TIMESTAMP_X")." TIMESTAMP_X"; $arSelectFields['IS_ONLINE'] = "IF(U.LAST_ACTIVITY_DATE > DATE_SUB(NOW(), INTERVAL ".$online_interval." SECOND), 'Y', 'N') IS_ONLINE"; $arSelectFields['DATE_REGISTER'] = $DB->DateToCharFunction("U.DATE_REGISTER")." DATE_REGISTER"; $arSelectFields['LAST_LOGIN'] = $DB->DateToCharFunction("U.LAST_LOGIN")." LAST_LOGIN"; $arSelectFields['PERSONAL_BIRTHDAY'] = $DB->DateToCharFunction("U.PERSONAL_BIRTHDAY", "SHORT")." PERSONAL_BIRTHDAY"; } $arSqlSearch = Array(); $strJoin = ""; if(is_array($arFilter)) { foreach ($arFilter as $key => $val) { $key = strtoupper($key); if(is_array($val)) { if(count($val) <= 0) continue; } elseif ( $key != "LOGIN_EQUAL_EXACT" && $key != "CONFIRM_CODE" && $key != "!CONFIRM_CODE" && $key != "LAST_ACTIVITY" && $key != "!LAST_ACTIVITY" && $key != "LAST_LOGIN" && $key != "!LAST_LOGIN" && $key != "EXTERNAL_AUTH_ID" && $key != "!EXTERNAL_AUTH_ID" && $key != "IS_REAL_USER" ) { if((string)$val == '' \|\| $val === "NOT_REF") continue; } $match_value_set = array_key_exists($key."_EXACT_MATCH", $arFilter); switch($key) { case "ID": $arSqlSearch[] = GetFilterQuery("U.ID",$val,"N"); break; case ">ID": $arSqlSearch[] = "U.ID > ".intval($val); break; case "!ID": $arSqlSearch[] = "U.ID <> ".intval($val); break; case "ID_EQUAL_EXACT": $arSqlSearch[] = "U.ID='".intval($val)."'"; break; case "TIMESTAMP_1": $arSqlSearch[] = "U.TIMESTAMP_X >= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"D.M.Y"),"d.m.Y")."')"; break; case "TIMESTAMP_2": $arSqlSearch[] = "U.TIMESTAMP_X <= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"D.M.Y")." 23:59:59","d.m.Y")."')"; break; case "TIMESTAMP_X_1": $arSqlSearch[] = "U.TIMESTAMP_X >= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"DD.MM.YYYY HH:MI:SS"),"d.m.Y H:i:s")."')"; break; case "TIMESTAMP_X_2": $arSqlSearch[] = "U.TIMESTAMP_X <= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"DD.MM.YYYY HH:MI:SS"),"d.m.Y H:i:s")."')"; break; case "LAST_LOGIN_1": $arSqlSearch[] = "U.LAST_LOGIN >= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"D.M.Y"),"d.m.Y")."')"; break; case "LAST_LOGIN_2": $arSqlSearch[] = "U.LAST_LOGIN <= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"D.M.Y")." 23:59:59","d.m.Y")."')"; break; case "LAST_LOGIN": if ($val === false) $arSqlSearch[] = "U.LAST_LOGIN IS NULL"; break; case "!LAST_LOGIN": if ($val === false) $arSqlSearch[] = "U.LAST_LOGIN IS NOT NULL"; break; case "DATE_REGISTER_1": $arSqlSearch[] = "U.DATE_REGISTER >= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"D.M.Y"),"d.m.Y")."')"; break; case "DATE_REGISTER_2": $arSqlSearch[] = "U.DATE_REGISTER <= FROM_UNIXTIME('".MkDateTime(FmtDate($val,"D.M.Y")." 23:59:59","d.m.Y")."')"; break; case "ACTIVE": $arSqlSearch[] = ($val=="Y") ? "U.ACTIVE='Y'" : "U.ACTIVE='N'"; break; case "LOGIN_EQUAL": $arSqlSearch[] = GetFilterQuery("U.LOGIN", $val, "N"); break; case "LOGIN": $arSqlSearch[] = GetFilterQuery("U.LOGIN", $val); break; case "EXTERNAL_AUTH_ID": if($val <> '') $arSqlSearch[] = "U.EXTERNAL_AUTH_ID='".$DB->ForSQL($val, 255)."'"; else $arSqlSearch[] = "(U.EXTERNAL_AUTH_ID IS NULL OR U.EXTERNAL_AUTH_ID='')"; break; case "!EXTERNAL_AUTH_ID": if ( is_array($val) && count($val) > 0 ) { $strTmp = ""; foreach($val as $authId) { if ($authId <> '') { $strTmp .= ($strTmp <> '' ? "," : "")."'".$DB->ForSQL($authId, 255)."'"; } } if ($strTmp <> '') { $arSqlSearch[] = "U.EXTERNAL_AUTH_ID NOT IN (".$strTmp.") OR U.EXTERNAL_AUTH_ID IS NULL"; } } elseif (!is_array($val)) { if($val <> '') $arSqlSearch[] = "U.EXTERNAL_AUTH_ID <> '".$DB->ForSql($val, 255)."' OR U.EXTERNAL_AUTH_ID IS NULL"; else $arSqlSearch[] = "(U.EXTERNAL_AUTH_ID IS NOT NULL AND LENGTH(U.EXTERNAL_AUTH_ID) > 0)"; } break; case "LOGIN_EQUAL_EXACT": $arSqlSearch[] = "U.LOGIN='".$DB->ForSql($val)."'"; break; case "XML_ID": $arSqlSearch[] = "U.XML_ID='".$DB->ForSql($val)."'"; break; case "CONFIRM_CODE": if($val <> '') $arSqlSearch[] = "U.CONFIRM_CODE='".$DB->ForSql($val)."'"; else $arSqlSearch[] = "(U.CONFIRM_CODE IS NULL OR LENGTH(U.CONFIRM_CODE) <= 0)"; break; case "!CONFIRM_CODE": if($val <> '') $arSqlSearch[] = "U.CONFIRM_CODE <> '".$DB->ForSql($val)."'"; else $arSqlSearch[] = "(U.CONFIRM_CODE IS NOT NULL AND LENGTH(U.CONFIRM_CODE) > 0)"; break; case "COUNTRY_ID": case "WORK_COUNTRY": $arSqlSearch[] = "U.WORK_COUNTRY=".intval($val); break; case "PERSONAL_COUNTRY": $arSqlSearch[] = "U.PERSONAL_COUNTRY=".intval($val); break; case "NAME": $arSqlSearch[] = GetFilterQuery("U.NAME, U.LAST_NAME, U.SECOND_NAME", $val); break; case "NAME_SEARCH": $arSqlSearch[] = GetFilterQuery("U.NAME, U.LAST_NAME, U.SECOND_NAME, U.EMAIL, U.LOGIN", $val); break; case "EMAIL": $arSqlSearch[] = GetFilterQuery("U.EMAIL", $val, "Y", array("@","_",".","-")); break; case "=EMAIL": $arSqlSearch[] = "U.EMAIL = '".$DB->ForSQL(trim($val))."'"; break; case "GROUP_MULTI": case "GROUPS_ID": if(is_numeric($val) && intval($val)>0) $val = array($val); if(is_array($val) && count($val)>0) { $ar = array(); foreach($val as $id) $ar[intval($id)] = intval($id); $strJoin .= " INNER JOIN (SELECT DISTINCT UG.USER_ID FROM b_user_group UG WHERE UG.GROUP_ID in (".implode(",", $ar).") and (UG.DATE_ACTIVE_FROM is null or UG.DATE_ACTIVE_FROM <= ".$DB->CurrentTimeFunction().") and (UG.DATE_ACTIVE_TO is null or UG.DATE_ACTIVE_TO >= ".$DB->CurrentTimeFunction().") ) UG ON UG.USER_ID=U.ID "; } break; case "PERSONAL_BIRTHDATE_1": $arSqlSearch[] = "U.PERSONAL_BIRTHDATE>=".$DB->CharToDateFunction($val); break; case "PERSONAL_BIRTHDATE_2": $arSqlSearch[] = "U.PERSONAL_BIRTHDATE<=".$DB->CharToDateFunction($val." 23:59:59"); break; case "PERSONAL_BIRTHDAY_1": $arSqlSearch[] = "U.PERSONAL_BIRTHDAY>=".$DB->CharToDateFunction($DB->ForSql($val), "SHORT"); break; case "PERSONAL_BIRTHDAY_2": $arSqlSearch[] = "U.PERSONAL_BIRTHDAY<=".$DB->CharToDateFunction($DB->ForSql($val), "SHORT"); break; case "PERSONAL_BIRTHDAY_DATE": $arSqlSearch[] = "DATE_FORMAT(U.PERSONAL_BIRTHDAY, '%m-%d') = '".$DB->ForSql($val)."'"; break; case "KEYWORDS": $arSqlSearch[] = GetFilterQuery(implode(",",$arFields), $val); break; case "CHECK_SUBORDINATE": if(is_array($val)) { $strSubord = "0"; foreach($val as $grp) $strSubord .= ",".intval($grp); if(intval($arFilter["CHECK_SUBORDINATE_AND_OWN"]) > 0) $arSqlSearch[] = "(U.ID=".intval($arFilter["CHECK_SUBORDINATE_AND_OWN"])." OR NOT EXISTS(SELECT 'x' FROM b_user_group UGS WHERE UGS.USER_ID=U.ID AND UGS.GROUP_ID NOT IN (".$strSubord.")))"; else $arSqlSearch[] = "NOT EXISTS(SELECT 'x' FROM b_user_group UGS WHERE UGS.USER_ID=U.ID AND UGS.GROUP_ID NOT IN (".$strSubord."))"; } break; case "NOT_ADMIN": if($val !== true) break; $arSqlSearch[] = "not exists (SELECT FROM b_user_group UGNA WHERE UGNA.USER_ID=U.ID AND UGNA.GROUP_ID = 1)"; break; case "LAST_ACTIVITY": if ($val === false) $arSqlSearch[] = "U.LAST_ACTIVITY_DATE IS NULL"; elseif (intval($val)>0) $arSqlSearch[] = "U.LAST_ACTIVITY_DATE > DATE_SUB(NOW(), INTERVAL ".intval($val)." SECOND)"; break; case "!LAST_ACTIVITY": if ($val === false) $arSqlSearch[] = "U.LAST_ACTIVITY_DATE IS NOT NULL"; break; case "INTRANET_USERS": $arSqlSearch[] = "U.ACTIVE = 'Y' AND U.LAST_LOGIN IS NOT NULL AND EXISTS(SELECT 'x' FROM b_utm_user UF1, b_user_field F1 WHERE F1.ENTITY_ID = 'USER' AND F1.FIELD_NAME = 'UF_DEPARTMENT' AND UF1.FIELD_ID = F1.ID AND UF1.VALUE_ID = U.ID AND UF1.VALUE_INT IS NOT NULL AND UF1.VALUE_INT <> 0)"; break; case "IS_REAL_USER": if($val === true \|\| $val === 'Y') { $arSqlSearch[] = "U.EXTERNAL_AUTH_ID NOT IN ('".join("', '", static::GetExternalUserTypes())."') OR U.EXTERNAL_AUTH_ID IS NULL"; } else { $arSqlSearch[] = "U.EXTERNAL_AUTH_ID IN ('".join("', '", static::GetExternalUserTypes())."')"; } break; default: if(in_array($key, $arFields)) $arSqlSearch[] = GetFilterQuery('U.'.$key, $val, ($arFilter[$key."_EXACT_MATCH"]=="Y" && $match_value_set? "N" : "Y")); } } } $arSqlOrder = array(); foreach ($arOrder as $field => $dir) { $field = strtoupper($field); if(strtolower($dir) != "asc") { $dir = "desc"; } if($field == "CURRENT_BIRTHDAY") { $cur_year = intval(date('Y')); $arSqlOrder[$field] = "IF(ISNULL(U.PERSONAL_BIRTHDAY), '9999-99-99', IF ( DATE_FORMAT(U.PERSONAL_BIRTHDAY, '".$cur_year."-%m-%d') < DATE_FORMAT(DATE_ADD(".$DB->CurrentTimeFunction().", INTERVAL ".CTimeZone::GetOffset()." SECOND), '%Y-%m-%d'), DATE_FORMAT(U.PERSONAL_BIRTHDAY, '".($cur_year + 1)."-%m-%d'), DATE_FORMAT(U.PERSONAL_BIRTHDAY, '".$cur_year."-%m-%d') )) ".$dir; } elseif($field == "IS_ONLINE") { $arSelectFields[$field] = "IF(U.LAST_ACTIVITY_DATE > DATE_SUB(NOW(), INTERVAL ".$online_interval." SECOND), 'Y', 'N') IS_ONLINE"; $arSqlOrder[$field] = "IS_ONLINE ".$dir; } elseif(in_array($field,$arFields_all)) { $arSqlOrder[$field] = "U.".$field." ".$dir; } elseif($s = $obUserFieldsSql->GetOrder($field)) { $arSqlOrder[$field] = strtoupper($s)." ".$dir; } elseif(preg_match('/^RATING_(\d+)$/i', $field, $matches)) { $ratingId = intval($matches[1]); if ($ratingId > 0) { $arSqlOrder[$field] = $field."_ISNULL ASC, ".$field." ".$dir; $arParams['SELECT'][] = $field; } else { $field = "TIMESTAMP_X"; $arSqlOrder[$field] = "U.".$field." ".$dir; } } elseif ($field == 'FULL_NAME') { $arSqlOrder[$field] = sprintf( "IF(U.LAST_NAME IS NULL OR U.LAST_NAME = '', 1, 0) %1\$s, IF(U.LAST_NAME IS NULL OR U.LAST_NAME = '', 1, U.LAST_NAME) %1\$s, IF(U.NAME IS NULL OR U.NAME = '', 1, 0) %1\$s, IF(U.NAME IS NULL OR U.NAME = '', 1, U.NAME) %1\$s, IF(U.SECOND_NAME IS NULL OR U.SECOND_NAME = '', 1, 0) %1\$s, IF(U.SECOND_NAME IS NULL OR U.SECOND_NAME = '', 1, U.SECOND_NAME) %1\$s, U.LOGIN %1\$s", $dir ); } } $userFieldsSelect = $obUserFieldsSql->GetSelect(); $arSqlSearch[] = $obUserFieldsSql->GetFilter(); $strSqlSearch = GetFilterSqlSearch($arSqlSearch); $sSelect = ($obUserFieldsSql->GetDistinct()? "DISTINCT " : "") .implode(', ',$arSelectFields)." ".$userFieldsSelect." "; if (isset($arParams['SELECT']) && is_array($arParams['SELECT'])) { $arRatingInSelect = array(); foreach ($arParams['SELECT'] as $column) { if(preg_match('/^RATING_(\d+)$/i', $column, $matches)) { $ratingId = intval($matches[1]); if ($ratingId > 0 && !in_array($ratingId, $arRatingInSelect)) { $sSelect .= ", RR".$ratingId.".CURRENT_POSITION IS NULL as RATING_".$ratingId."_ISNULL"; $sSelect .= ", RR".$ratingId.".CURRENT_VALUE as RATING_".$ratingId; $sSelect .= ", RR".$ratingId.".CURRENT_VALUE as RATING_".$ratingId."_CURRENT_VALUE"; $sSelect .= ", RR".$ratingId.".PREVIOUS_VALUE as RATING_".$ratingId."_PREVIOUS_VALUE"; $sSelect .= ", RR".$ratingId.".CURRENT_POSITION as RATING_".$ratingId."_CURRENT_POSITION"; $sSelect .= ", RR".$ratingId.".PREVIOUS_POSITION as RATING_".$ratingId."_PREVIOUS_POSITION"; $strJoin .= " LEFT JOIN b_rating_results RR".$ratingId." ON RR".$ratingId.".RATING_ID=".$ratingId." and RR".$ratingId.".ENTITY_TYPE_ID = 'USER' and RR".$ratingId.".ENTITY_ID = U.ID "; $arRatingInSelect[] = $ratingId; } } } } $strFrom = " FROM b_user U ".$obUserFieldsSql->GetJoin("U.ID")." ".$strJoin." WHERE ".$strSqlSearch." "; $strSqlOrder = ''; if (!empty($arSqlOrder)) $strSqlOrder = 'ORDER BY '.implode(', ', $arSqlOrder); $strSql = "SELECT ".$sSelect.$strFrom.$strSqlOrder; if(array_key_exists("NAV_PARAMS", $arParams) && is_array($arParams["NAV_PARAMS"])) { $nTopCount = intval($arParams['NAV_PARAMS']['nTopCount']); if($nTopCount > 0) { $strSql = $DB->TopSql($strSql, $nTopCount); $res = $DB->Query($strSql); if($userFieldsSelect <> '') $res->SetUserFields($USER_FIELD_MANAGER->GetUserFields("USER")); } else { $res_cnt = $DB->Query("SELECT COUNT(".($obUserFieldsSql->GetDistinct()? "DISTINCT ":"")."U.ID) as C ".$strFrom); $res_cnt = $res_cnt->Fetch(); $res = new CDBResult(); if($userFieldsSelect <> '') $res->SetUserFields($USER_FIELD_MANAGER->GetUserFields("USER")); $res->NavQuery($strSql, $res_cnt["C"], $arParams["NAV_PARAMS"]); } } else { $res = $DB->Query($strSql); if($userFieldsSelect <> '') $res->SetUserFields($USER_FIELD_MANAGER->GetUserFields("USER")); } $res->is_filtered = IsFiltered($strSqlSearch); return $res; } public static function IsOnLine($id, $interval = null) { global $DB; $id = intval($id); if ($id <= 0) { return false; } if (is_null($interval)) { $interval = static::GetSecondsForLimitOnline(); } else { $interval = intval($interval); if ($interval <= 0) { $interval = static::GetSecondsForLimitOnline(); } } $dbRes = $DB->Query("SELECT 'x' FROM b_user WHERE ID = ".$id." AND LAST_ACTIVITY_DATE > DATE_SUB(NOW(), INTERVAL ".$interval." SECOND)"); return $arRes = $dbRes->Fetch()? true: false; } public function GetUserGroupArray() { $groups = $this->GetParam("GROUPS"); if(!is_array($groups) \|\| empty($groups)) { return [2]; } //always unique and sorted, containing group ID=2 return $groups; } public function SetUserGroupArray($arr) { $arr = array_map("intval", $arr); $arr = array_filter($arr); $arr[] = 2; $arr = array_values(array_unique($arr)); sort($arr); $this->SetParam("GROUPS", $arr); } public function GetUserGroupString() { return $this->GetGroups(); } public function GetGroups() { return implode(",", $this->GetUserGroupArray()); } public function RequiredHTTPAuthBasic($Realm = "Bitrix") { header("WWW-Authenticate: Basic realm=\"{$Realm}\""); if(stristr(php_sapi_name(), "cgi") !== false) header("Status: 401 Unauthorized"); else header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized"); return false; } public function LoginByCookies() { if(COption::GetOptionString("main", "store_password", "Y") == "Y") { if (!isset($_REQUEST["logout"]) \|\| strtolower($_REQUEST["logout"]) != "yes") { $prefix = COption::GetOptionString('main', 'cookie_name', 'BITRIX_SM'); $login = (string)($_COOKIE[$prefix.'_UIDL'] ?? ''); $password = (string)($_COOKIE[$prefix.'_UIDH'] ?? ''); if($login != '' && $password != '') { if($login != $this->GetLogin() \|\| $password !== $this->getContext()->getStoredAuthHash()) { $this->LoginByHash($login, $password); } } } } } public function LoginByHash($login, $hash) { /** @global CMain $APPLICATION / global $DB, $APPLICATION; $result_message = true; $userId = 0; $arParams = array( "LOGIN" => $login, "HASH" => $hash, ); $APPLICATION->ResetException(); $bOk = true; foreach(GetModuleEvents("main", "OnBeforeUserLoginByHash", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arParams))===false) { if($err = $APPLICATION->GetException()) $result_message = array("MESSAGE"=>$err->GetString()."<br>", "TYPE"=>"ERROR"); else { $APPLICATION->ThrowException("Unknown error"); $result_message = array("MESSAGE"=>"Unknown error"."<br>", "TYPE"=>"ERROR"); } $bOk = false; break; } } if($bOk && $arParams['HASH'] <> '') { $strSql = "SELECT U.ID, U.ACTIVE, U.EXTERNAL_AUTH_ID, U.BLOCKED ". "FROM b_user U ". "WHERE U.LOGIN = '".$DB->ForSQL($arParams['LOGIN'], 50)."' "; $result = $DB->Query($strSql); $userFound = false; $hashFound = false; while(($arUser = $result->Fetch())) { $userFound = true; $userId = $arUser['ID']; //there is no stored auth for external authorization, but domain spread auth should work $bExternal = ($arUser["EXTERNAL_AUTH_ID"] <> ''); $bAllowExternalSave = COption::GetOptionString("main", "allow_external_auth_stored_hash", "N") == "Y"; $tempHash = $bExternal && !$bAllowExternalSave; $context = (new Authentication\Context()) ->setUserId($userId) ; if (static::CheckStoredHash($context, $arParams['HASH'], $tempHash)) { $hashFound = true; if ($arUser["ACTIVE"] == 'Y' && $arUser["BLOCKED"] != 'Y') { $this->Authorize($context, !$tempHash); } else { $APPLICATION->ThrowException(GetMessage("LOGIN_BLOCK")); $result_message = array("MESSAGE"=>GetMessage("LOGIN_BLOCK")."<br>", "TYPE"=>"ERROR"); } break; } } if (!$userFound \|\| !$hashFound) { $APPLICATION->ThrowException(GetMessage("WRONG_LOGIN")); $result_message = array("MESSAGE"=>GetMessage("WRONG_LOGIN")."<br>", "TYPE"=>"ERROR"); } } $arParams["USER_ID"] = $userId; $arParams["RESULT_MESSAGE"] = $result_message; foreach (GetModuleEvents("main", "OnAfterUserLoginByHash", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array(&$arParams)); } if ($result_message !== true && COption::GetOptionString("main", "event_log_login_fail", "N") === "Y") { CEventLog::Log("SECURITY", "USER_LOGINBYHASH", "main", $login, $result_message["MESSAGE"]); } return $arParams["RESULT_MESSAGE"]; } public function LoginByHttpAuth() { $arAuth = Bitrix\Main\Context::getCurrent()->getServer()->parseAuthRequest(); foreach(GetModuleEvents("main", "onBeforeUserLoginByHttpAuth", true) as $arEvent) { $res = ExecuteModuleEventEx($arEvent, array(&$arAuth)); if($res !== null) { return $res; } } if(isset($arAuth["basic"]) && $arAuth["basic"]["username"] <> '' && $arAuth["basic"]["password"] <> '') { // Authorize user, if it is http basic authorization, with no remembering if(!$this->IsAuthorized() \|\| $this->GetLogin() <> $arAuth["basic"]["username"]) { return $this->Login($arAuth["basic"]["username"], $arAuth["basic"]["password"], "N"); } } elseif(isset($arAuth["digest"]) && $arAuth["digest"]["username"] <> '' && COption::GetOptionString('main', 'use_digest_auth', 'N') == 'Y') { // Authorize user by http digest authorization if(!$this->IsAuthorized() \|\| $this->GetLogin() <> $arAuth["digest"]["username"]) { return $this->LoginByDigest($arAuth["digest"]); } } return null; } public function LoginByDigest($arDigest) { //array("username"=>"", "nonce"=>"", "uri"=>"", "response"=>"") /* @global CMain $APPLICATION / global $DB, $APPLICATION; $APPLICATION->ResetException(); $strSql = "SELECT U.ID, U.PASSWORD, UD.DIGEST_HA1, U.EXTERNAL_AUTH_ID ". "FROM b_user U LEFT JOIN b_user_digest UD ON UD.USER_ID=U.ID ". "WHERE U.LOGIN='".$DB->ForSQL($arDigest["username"])."' "; $res = $DB->Query($strSql); if($arUser = $res->Fetch()) { $method = (isset($_SERVER['REDIRECT_REQUEST_METHOD']) ? $_SERVER['REDIRECT_REQUEST_METHOD'] : $_SERVER['REQUEST_METHOD']); $HA2 = md5($method.':'.$arDigest['uri']); if($arUser["EXTERNAL_AUTH_ID"] == '' && $arUser["DIGEST_HA1"] <> '') { //digest is for internal authentication only static::$kernelSession["BX_HTTP_DIGEST_ABSENT"] = false; $HA1 = $arUser["DIGEST_HA1"]; $valid_response = md5($HA1.':'.$arDigest['nonce'].':'.$HA2); if($arDigest["response"] === $valid_response) { //regular user password return $this->Login($arDigest["username"], $arUser["PASSWORD"], "N", "N"); } } //check for an application password, including external users if(($appPassword = ApplicationPasswordTable::findDigestPassword($arUser["ID"], $arDigest)) !== false) { return $this->Login($arDigest["username"], $appPassword["PASSWORD"], "N", "N"); } if($arUser["DIGEST_HA1"] == '') { //this indicates that we still have no user digest hash static::$kernelSession["BX_HTTP_DIGEST_ABSENT"] = true; } } $APPLICATION->ThrowException(GetMessage("USER_AUTH_DIGEST_ERR")); return array("MESSAGE"=>GetMessage("USER_AUTH_DIGEST_ERR")."<br>", "TYPE"=>"ERROR"); } public static function UpdateDigest($ID, $pass) { global $DB; $ID = intval($ID); $res = $DB->Query(" SELECT U.LOGIN, UD.DIGEST_HA1 FROM b_user U LEFT JOIN b_user_digest UD on UD.USER_ID=U.ID WHERE U.ID=".$ID ); if($arRes = $res->Fetch()) { if(defined('BX_HTTP_AUTH_REALM')) $realm = BX_HTTP_AUTH_REALM; else $realm = "Bitrix Site Manager"; $digest = md5($arRes["LOGIN"].':'.$realm.':'.$pass); if($arRes["DIGEST_HA1"] == '') { //new digest $DB->Query("insert into b_user_digest (user_id, digest_ha1) values('".$ID."', '".$DB->ForSQL($digest)."')"); } else { //update digest (login, password or realm were changed) if($arRes["DIGEST_HA1"] !== $digest) $DB->Query("update b_user_digest set digest_ha1='".$DB->ForSQL($digest)."' where user_id=".$ID); } } } public function LoginHitByHash($hash, $closeSession = true, $delete = false, $remember = false) { global $APPLICATION; $hash = trim($hash); if ($hash == '') { return false; } $APPLICATION->ResetException(); $request = Main\Context::getCurrent()->getRequest(); $url = str_replace('%', '%%', $request->getRequestedPage()); $connection = Main\Application::getConnection(); $helper = $connection->getSqlHelper(); $query = UserHitAuthTable::query() ->setSelect(['ID', 'USER_ID', 'HASH', 'VALID_UNTIL']) ->where('USER.ACTIVE', 'Y') ->where('USER.BLOCKED', 'N') ->where('HASH', $hash) ->whereExpr("%s = left('" . $helper->forSql($url) . "', length(%s))", ['URL', 'URL']) ; if (!defined("ADMIN_SECTION") \|\| ADMIN_SECTION !== true) { $query->where('SITE_ID', SITE_ID); } if($hashData = $query->fetch()) { // case sensitive if ($hashData['HASH'] === $hash) { if ($hashData['VALID_UNTIL'] instanceof Main\Type\DateTime) { if ((new Main\Type\DateTime())->getTimestamp() > $hashData['VALID_UNTIL']->getTimestamp()) { UserHitAuthTable::delete($hashData['ID']); return false; } } setSessionExpired($closeSession); $context = (new Authentication\Context()) ->setUserId($hashData["USER_ID"]) ->setHitAuthId($hashData["ID"]) ; $this->Authorize($context, $remember); if ($delete) { UserHitAuthTable::delete($hashData['ID']); } else { UserHitAuthTable::update($hashData['ID'], ['TIMESTAMP_X' => new Main\Type\DateTime()]); } return true; } } return false; } public static function AddHitAuthHash($url, $user_id = false, $site_id = false, $ttl = null) { global $USER; if ($url == '') { return false; } if (!$user_id) { $user_id = $USER->GetID(); } if (!$site_id && (!defined("ADMIN_SECTION") \|\| ADMIN_SECTION !== true)) { $site_id = SITE_ID; } $hash = false; if ($user_id) { $hash = Random::getString(32, true); $fields = [ 'USER_ID' => $user_id, 'URL' => trim($url), 'HASH' => $hash, 'SITE_ID' => trim($site_id), 'TIMESTAMP_X' => new Main\Type\DateTime(), ]; if ($ttl > 0) { $fields['VALID_UNTIL'] = (new Main\Type\DateTime())->add('T' . (int)$ttl . 'S'); } UserHitAuthTable::add($fields); } return $hash; } public static function GetHitAuthHash($urlMask, $userID = false, $siteId = null) { global $USER; $urlMask = trim($urlMask); if ($urlMask == '') { return false; } if (!$userID) { $userID = $USER->GetID(); } if ($userID <= 0) { return false; } $query = UserHitAuthTable::query() ->setSelect(['ID', 'HASH', 'VALID_UNTIL']) ->where('URL', $urlMask) ->where('USER_ID', $userID) ; if ($siteId !== null) { $query->where('SITE_ID', $siteId); } if($hashData = $query->fetch()) { if ($hashData['VALID_UNTIL'] instanceof Main\Type\DateTime) { if ((new Main\Type\DateTime())->getTimestamp() > $hashData['VALID_UNTIL']->getTimestamp()) { UserHitAuthTable::delete($hashData['ID']); return false; } } return $hashData['HASH']; } return false; } public static function CleanUpHitAuthAgent() { $cleanupDays = COption::GetOptionInt('main', 'hit_auth_cleanup_days', 30); if ($cleanupDays > 0) { UserHitAuthTable::deleteByFilter(['<=TIMESTAMP_X' => (new Main\Type\DateTime())->add("-{$cleanupDays}D")]); } return 'CUser::CleanUpHitAuthAgent();'; } protected function UpdateSessionData(Authentication\Context $context, $onlyActive = true) { global $DB, $APPLICATION; unset(static::$kernelSession["SESS_OPERATIONS"]); $APPLICATION->SetNeedCAPTHA(false); $strSql = "SELECT U. ". "FROM b_user U ". "WHERE U.ID = " . $context->getUserId(); if ($onlyActive) { $strSql .= " AND U.ACTIVE = 'Y' AND U.BLOCKED <> 'Y' "; } $result = $DB->Query($strSql); if($arUser = $result->Fetch()) { $data = [ "LOGIN" => $arUser["LOGIN"], "EMAIL" => $arUser["EMAIL"], "TITLE" => $arUser["TITLE"], "NAME" => $arUser["NAME"].($arUser["NAME"] == '' \|\| $arUser["LAST_NAME"] == ''? "":" ").$arUser["LAST_NAME"], "FIRST_NAME" => $arUser["NAME"], "SECOND_NAME" => $arUser["SECOND_NAME"], "LAST_NAME" => $arUser["LAST_NAME"], "PERSONAL_PHOTO" => $arUser["PERSONAL_PHOTO"], "PERSONAL_GENDER" => $arUser["PERSONAL_GENDER"], "EXTERNAL_AUTH_ID" => $arUser["EXTERNAL_AUTH_ID"], "XML_ID" => $arUser["XML_ID"], "ADMIN" => false, "POLICY" => static::getPolicy($arUser["ID"])->getValues(), "AUTO_TIME_ZONE" => trim($arUser["AUTO_TIME_ZONE"]), "TIME_ZONE" => $arUser["TIME_ZONE"], "GROUPS" => Main\UserTable::getUserGroupIds($arUser["ID"]), "CONTEXT" => json_encode($context), ]; foreach ($data["GROUPS"] as $groupId) { if ($groupId == 1) { $data["ADMIN"] = true; break; } } static::$kernelSession["SESS_AUTH"] = $data; // flag for IsAdmin() optimization $this->admin = null; $this->context = $context; return $arUser; } return false; } /** * Performs the user authorization: * fills session parameters; * remembers auth; * spreads auth through sites. * @param Authentication\Context\|int $context Contains user id. * @param bool $bSave Save authorization in cookies. * @param bool $bUpdate Update last login information in DB. * @param string\|null $applicationId An application password ID. * @return bool / public function Authorize($context, $bSave = false, $bUpdate = true, $applicationId = null, $onlyActive = true) { global $DB; // compatibility magic if (!($context instanceof Authentication\Context)) { $context = (new Authentication\Context()) ->setUserId($context) ->setApplicationId($applicationId) ; } $arUser = $this->UpdateSessionData($context, $onlyActive); if($arUser !== false) { $regenerateIdAfterLogin = Main\Config\Configuration::getInstance()->get('session')['regenerateIdAfterLogin'] ?? false; if ($regenerateIdAfterLogin === true) { Main\Application::getInstance()->getCompositeSessionManager()->regenerateId(); } self::$CURRENT_USER = false; $this->justAuthorized = true; //sometimes we don't need to update db (REST) if($bUpdate) { $tz = ''; if (CTimeZone::Enabled()) { if (!CTimeZone::IsAutoTimeZone(trim($arUser["AUTO_TIME_ZONE"])) \|\| CTimeZone::getTzCookie() !== null) { $tz = ', TIME_ZONE_OFFSET = ' . CTimeZone::GetOffset(); } } $bxUid = ''; if (!empty($_COOKIE['BX_USER_ID']) && preg_match('/^[0-9a-f]{32}$/', $_COOKIE['BX_USER_ID'])) { if ($_COOKIE['BX_USER_ID'] != $arUser['BX_USER_ID']) { // save new bxuid value $bxUid = ", BX_USER_ID = '".$_COOKIE['BX_USER_ID']."'"; $arUser['BX_USER_ID'] = $_COOKIE['BX_USER_ID']; } } $languageId = ''; if ($arUser['LANGUAGE_ID'] === '') { $arUser['LANGUAGE_ID'] = LANGUAGE_ID; $languageId = ", LANGUAGE_ID='".$DB->ForSql(LANGUAGE_ID)."'"; } $DB->Query(" UPDATE b_user SET STORED_HASH = NULL, LAST_LOGIN = ".$DB->GetNowFunction().", TIMESTAMP_X = TIMESTAMP_X, LOGIN_ATTEMPTS = 0 ".$tz." ".$bxUid." ".$languageId." WHERE ID=".$arUser["ID"] ); if ($bSave \|\| COption::GetOptionString("main", "auth_multisite", "N") == "Y") { if (($hash = $context->getStoredAuthHash()) === null) { $hash = Random::getString(32, true); } $this->setStoredAuthCookies($arUser["LOGIN"], $hash, $bSave); $date = new Main\Type\DateTime(); $ipAddress = new Main\Web\IpAddress(Main\Context::getCurrent()->getServer()->getRemoteAddr()); $ipExpr = new Main\DB\SqlExpression($ipAddress->toUnsigned()); if($context->getStoredAuthId() > 0) { UserStoredAuthTable::update($context->getStoredAuthId(), [ 'LAST_AUTH' => $date, 'IP_ADDR' => $ipExpr, ]); } else { UserStoredAuthTable::add([ 'USER_ID' => $arUser["ID"], 'DATE_REG' => $date, 'LAST_AUTH' => $date, 'TEMP_HASH' => ($bSave? 'N' : 'Y'), 'IP_ADDR' => $ipExpr, 'STORED_HASH' => $hash, ]); } } if(($applicationPassId = $context->getApplicationPasswordId()) !== null) { //update usage statistics for the application ApplicationPasswordTable::update($applicationPassId, array( 'DATE_LOGIN' => new Main\Type\DateTime(), 'LAST_IP' => $_SERVER["REMOTE_ADDR"], )); } if(COption::GetOptionString("main", "event_log_login_success", "N") === "Y") { CEventLog::Log("SECURITY", "USER_AUTHORIZE", "main", $arUser["ID"], $context->getApplicationId()); } if(COption::GetOptionString('main', 'user_device_history', 'N') === 'Y') { Device::addLogin($context, $arUser); } } $arParams = array( "user_fields" => $arUser, "save" => $bSave, "update" => $bUpdate, "applicationId" => $context->getApplicationId(), ); foreach (GetModuleEvents("main", "OnAfterUserAuthorize", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($arParams)); } foreach (GetModuleEvents("main", "OnUserLogin", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($this->GetID(), $arParams)); } if($bUpdate) { Main\Composite\Engine::onUserLogin(); } //we need it mostrly for the $this->justAuthorized flag $this->CheckAuthActions(); return true; } return false; } protected function setStoredAuthCookies($login, $hash, $save) { $context = Main\Context::getCurrent(); $response = $context->getResponse(); $request = $context->getRequest(); $secure = (COption::GetOptionString('main', 'use_secure_password_cookies', 'N') == 'Y' && $request->isHttps()); if ($save) { $period = time() + 60 60 * 24 * 30 * 12; $spread = Main\Web\Cookie::SPREAD_SITES \| Main\Web\Cookie::SPREAD_DOMAIN; } else { $period = 0; $spread = Main\Web\Cookie::SPREAD_SITES; } $cookie = new Bitrix\Main\Web\Cookie('UIDH', $hash, $period); $cookie->setSecure($secure) ->setSpread($spread) ->setHttpOnly(true); $response->addCookie($cookie); $cookie = new Bitrix\Main\Web\Cookie('UIDL', $login, $period); $cookie->setSecure($secure) ->setSpread($spread) ->setHttpOnly(true); $response->addCookie($cookie); } /** * @deprecated Does nothing. / public function GetSessionHash() { } /* * @deprecated Does nothing. / public function GetPasswordHash($PASSWORD_HASH) { } /* * @deprecated Does nothing. / public function SavePasswordHash() { } /* * Authenticates the user and then authorizes him * @param string $login * @param string $password * @param string $remember * @param string $password_original * @return array\|bool / public function Login($login, $password, $remember="N", $password_original="Y") { global $APPLICATION; $result_message = true; $user_id = 0; $context = new Authentication\Context(); $arParams = array( "LOGIN" => &$login, "PASSWORD" => &$password, "REMEMBER" => &$remember, "PASSWORD_ORIGINAL" => &$password_original, ); unset(static::$kernelSession["SESS_OPERATIONS"]); $APPLICATION->SetNeedCAPTHA(false); $bOk = true; $APPLICATION->ResetException(); foreach(GetModuleEvents("main", "OnBeforeUserLogin", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arParams))===false) { if($err = $APPLICATION->GetException()) { $result_message = array("MESSAGE"=>$err->GetString()."<br>", "TYPE"=>"ERROR"); } else { $APPLICATION->ThrowException("Unknown login error"); $result_message = array("MESSAGE"=>"Unknown login error"."<br>", "TYPE"=>"ERROR"); } $bOk = false; break; } } if($bOk) { //external authentication foreach(GetModuleEvents("main", "OnUserLoginExternal", true) as $arEvent) { $user_id = ExecuteModuleEventEx($arEvent, array(&$arParams)); if(isset($arParams["RESULT_MESSAGE"])) { $result_message = $arParams["RESULT_MESSAGE"]; } if($user_id > 0) { break; } } if($user_id <= 0) { //internal authentication OR application password for external user $user_id = static::LoginInternal($arParams, $result_message, $context); if($user_id <= 0) { //no user found by login - try to find an external user foreach(GetModuleEvents("main", "OnFindExternalUser", true) as $arEvent) { if(($external_user_id = intval(ExecuteModuleEventEx($arEvent, array($arParams["LOGIN"])))) > 0) { //external user authentication //let's try to find application password for the external user if(($appPassword = ApplicationPasswordTable::findPassword($external_user_id, $arParams["PASSWORD"], ($arParams["PASSWORD_ORIGINAL"] == "Y"))) !== false) { //bingo, the user has the application password $user_id = $external_user_id; $result_message = true; $context ->setApplicationId($appPassword["APPLICATION_ID"]) ->setApplicationPasswordId($appPassword["ID"]) ; } break; } } } } } // All except Admin if ($user_id > 1 && (!isset($arParams["CONTROLLER_ADMIN"]) \|\| $arParams["CONTROLLER_ADMIN"] !== "Y")) { if(!static::CheckUsersCount($user_id)) { $user_id = 0; $APPLICATION->ThrowException(GetMessage("LIMIT_USERS_COUNT")); $result_message = array( "MESSAGE" => GetMessage("LIMIT_USERS_COUNT")."<br>", "TYPE" => "ERROR", ); } } $arParams["USER_ID"] = $user_id; $doAuthorize = true; if($user_id > 0) { if($context->getApplicationId() === null && CModule::IncludeModule("security")) { / MFA can allow or disallow authorization. Allowed if: - OTP is not active for the user; - correct "OTP" in the $arParams (filled by the OnBeforeUserLogin event handler). Disallowed if: - OTP is not provided; - OTP is not correct. When authorization is disallowed the OTP form will be shown on the next hit. Note: there is no MFA check for an application password. / $arParams["CAPTCHA_WORD"] = $_REQUEST["captcha_word"] ?? ''; $arParams["CAPTCHA_SID"] = $_REQUEST["captcha_sid"] ?? ''; $doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser($arParams); } if($doAuthorize) { $context->setUserId($user_id); $this->Authorize($context, ($arParams["REMEMBER"] == "Y")); } else { $result_message = false; } if($context->getApplicationId() === null && $arParams["LOGIN"] <> '') { //the cookie is for authentication forms mostly, does not make sense for applications $cookie = new Bitrix\Main\Web\Cookie("LOGIN", $arParams["LOGIN"], time()+6060243012); Main\Context::getCurrent()->getResponse()->addCookie($cookie); } } else { if(CModule::IncludeModule("security")) { //disable OTP from if login was incorrect \Bitrix\Security\Mfa\Otp::setDeferredParams(null); } } $arParams["RESULT_MESSAGE"] = $result_message; $APPLICATION->ResetException(); foreach(GetModuleEvents("main", "OnAfterUserLogin", true) as $arEvent) ExecuteModuleEventEx($arEvent, array(&$arParams)); if($doAuthorize == true && $result_message !== true && (COption::GetOptionString("main", "event_log_login_fail", "N") === "Y")) CEventLog::Log("SECURITY", "USER_LOGIN", "main", $login, $result_message["MESSAGE"]); return $arParams["RESULT_MESSAGE"]; } /* * Internal authentication by login and password. * @param array $arParams * @param array\|bool $result_message * @param Authentication\Context\|null $context * @return int User ID on success or 0 on failure. Additionally, $result_message will hold an error. / public static function LoginInternal(&$arParams, &$result_message = true, $context = null) { global $DB, $APPLICATION; $user_id = 0; $message = GetMessage("WRONG_LOGIN"); $errorType = "LOGIN"; $strSql = "SELECT U.ID, U.LOGIN, U.ACTIVE, U.BLOCKED, U.PASSWORD, U.PASSWORD_EXPIRED, U.LOGIN_ATTEMPTS, U.CONFIRM_CODE, U.EMAIL ". "FROM b_user U ". "WHERE U.LOGIN='".$DB->ForSQL($arParams["LOGIN"])."' "; if(isset($arParams["EXTERNAL_AUTH_ID"]) && $arParams["EXTERNAL_AUTH_ID"] <> '') { //external user $strSql .= " AND EXTERNAL_AUTH_ID='".$DB->ForSql($arParams["EXTERNAL_AUTH_ID"])."'"; } else { //internal user (by default) $strSql .= " AND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') "; } $result = $DB->Query($strSql); if(($arUser = $result->Fetch())) { $passwordCorrect = false; $policy = null; $applicationId = null; $original = isset($arParams["PASSWORD_ORIGINAL"]) && $arParams["PASSWORD_ORIGINAL"] === "Y"; $loginAttempts = intval($arUser["LOGIN_ATTEMPTS"]) + 1; if($arUser["BLOCKED"] <> "Y") { $policy = static::getPolicy($arUser["ID"]); //show captcha after a serial of incorrect login attempts $correctCaptcha = true; $policyLoginAttempts = (int)$policy->getLoginAttempts(); if($policyLoginAttempts > 0 && $loginAttempts > $policyLoginAttempts) { $APPLICATION->SetNeedCAPTHA(true); if(!$APPLICATION->CaptchaCheckCode($_REQUEST["captcha_word"] ?? '', $_REQUEST["captcha_sid"] ?? '')) { $correctCaptcha = false; } } if($correctCaptcha) { $passwordCorrect = Password::equals($arUser["PASSWORD"], $arParams["PASSWORD"], $original); if(!$passwordCorrect) { if(isset($arParams["OTP"]) && $arParams["OTP"] <> '' && $original) { //may be we have OTP added to the password $passwordWithoutOtp = mb_substr($arParams["PASSWORD"], 0, -6); $passwordCorrect = Password::equals($arUser["PASSWORD"], $passwordWithoutOtp); } } else { //this password has no added otp for sure $arParams["OTP"] = ''; } if(!$passwordCorrect) { //let's try to find application password if(($appPassword = ApplicationPasswordTable::findPassword($arUser["ID"], $arParams["PASSWORD"], $original)) !== false) { $passwordCorrect = true; $applicationId = $appPassword["APPLICATION_ID"]; if ($context instanceof Authentication\Context) { $context ->setApplicationId($applicationId) ->setApplicationPasswordId($appPassword["ID"]) ; } } } } if(!$passwordCorrect) { //block the user after numerous incorrect login attempts $policyBlockAttempts = (int)$policy->getBlockLoginAttempts(); $policyBlockTime = (int)$policy->getBlockTime(); if($policyBlockAttempts > 0 && $policyBlockTime > 0 && $loginAttempts >= $policyBlockAttempts) { if($arUser["ACTIVE"] == "Y") { static::blockUser($arUser["ID"], $policyBlockTime, $loginAttempts); } } } } if($passwordCorrect) { //applied only to "human" passwords if($applicationId === null) { //only for original passwords if($original) { //update the old password hash to the new one with a salt if(Password::needRehash($arUser["PASSWORD"])) { $newPassword = Password::hash($arParams["PASSWORD"]); $DB->Query("UPDATE b_user SET PASSWORD='".$DB->ForSQL($newPassword)."', TIMESTAMP_X = TIMESTAMP_X WHERE ID = ".intval($arUser["ID"])); } //update digest hash for http digest authorization if(COption::GetOptionString('main', 'use_digest_auth', 'N') == 'Y') { static::UpdateDigest($arUser["ID"], $arParams["PASSWORD"]); } } $passwordExpired = false; if ($arUser['PASSWORD_EXPIRED'] == 'Y') { //require to change the password right now $passwordExpired = true; } if (!$passwordExpired && $original && $policy->getPasswordCheckPolicy()) { $passwordErrors = static::CheckPasswordAgainstPolicy($arParams["PASSWORD"], $policy->getValues()); if (!empty($passwordErrors)) { //require to change the password because it doesn't match the group policy $passwordExpired = true; } } if (!$passwordExpired) { $policyChangeDays = (int)$policy->getPasswordChangeDays(); if($policyChangeDays > 0) { //require to change the password after N days if(UserPasswordTable::passwordExpired($arUser["ID"], $policyChangeDays)) { $passwordExpired = true; } } } if ($passwordExpired) { $passwordCorrect = false; $message = GetMessage("MAIN_LOGIN_CHANGE_PASSWORD"); $errorType = "CHANGE_PASSWORD"; } } if($passwordCorrect) { if($arUser["ACTIVE"] == "Y") { //success $user_id = $arUser["ID"]; } else { //something wrong with the inactive user if($arUser["CONFIRM_CODE"] <> '') { //unconfirmed email registration $message = GetMessage("MAIN_LOGIN_EMAIL_CONFIRM", array("#EMAIL#" => $arUser["EMAIL"])); } else { //user deactivated $message = GetMessage("LOGIN_BLOCK"); //or possibly unconfirmed phone registration if(COption::GetOptionString("main", "new_user_phone_auth", "N") == "Y") { $row = Main\UserPhoneAuthTable::getRowById($arUser["ID"]); if($row && $row["CONFIRMED"] == 'N') { $message = GetMessage("main_login_need_phone_confirmation", array("#PHONE#" => $row["PHONE_NUMBER"])); } } } } } } else { //incorrect password $DB->Query("UPDATE b_user SET LOGIN_ATTEMPTS = ".$loginAttempts.", TIMESTAMP_X = TIMESTAMP_X WHERE ID = ".intval($arUser["ID"])); } } if($user_id == 0) { $APPLICATION->ThrowException($message); $result_message = array("MESSAGE" => $message."<br>", "TYPE" => "ERROR", "ERROR_TYPE" => $errorType); } return $user_id; } protected static function blockUser($userId, $blockTime, $loginAttempts) { $user = new CUser(); $user->Update($userId, ["BLOCKED" => "Y"], false); $unblockDate = new Main\Type\DateTime(); $unblockDate->add("T{$blockTime}M"); //minutes CAgent::AddAgent("CUser::UnblockAgent({$userId});", "main", "Y", 0, "", "Y", $unblockDate->toString()); if(COption::GetOptionString("main", "event_log_block_user", "N") === "Y") { CEventLog::Log("SECURITY", "USER_BLOCKED", "main", $userId, "Attempts: {$loginAttempts}, Block period: {$blockTime}"); } } protected static function CheckUsersCount($user_id) { $limitUsersCount = intval(COption::GetOptionInt("main", "PARAM_MAX_USERS", 0)); if ($limitUsersCount > 0) { // users logged in today $today = new Main\Type\Date(); $count = Main\UserTable::getActiveUsersCount($today); if ($count >= $limitUsersCount) { // additional check for the current user $select = ["LAST_LOGIN"]; $intranet = Main\ModuleManager::isModuleInstalled("intranet"); if ($intranet) { $select[] = "UF_DEPARTMENT"; } // last_login in server time CTimeZone::Disable(); $query = static::GetList('id', 'asc', ["ID_EQUAL_EXACT" => intval($user_id)], ["SELECT" => $select] ); CTimeZone::Enable(); if($currentUser = $query->Fetch()) { if($currentUser["LAST_LOGIN"] != '') { $loginDate = new Main\Type\DateTime($currentUser["LAST_LOGIN"]); if($loginDate->getTimestamp() > $today->getTimestamp()) { // if the user already logged in today, he is allowed return true; } } if($intranet && empty($currentUser["UF_DEPARTMENT"])) { // only intranet users are countable return true; } } return false; } } return true; } public function LoginByOtp($otp, $remember_otp = "N", $captcha_word = "", $captcha_sid = "") { if(!CModule::IncludeModule("security") \|\| !\Bitrix\Security\Mfa\Otp::isOtpRequired()) { return array("MESSAGE" => GetMessage("USER_LOGIN_OTP_ERROR")."<br>", "TYPE" => "ERROR"); } $userParams = \Bitrix\Security\Mfa\Otp::getDeferredParams(); $userParams["OTP"] = $otp; $userParams["OTP_REMEMBER"] = ($remember_otp === "Y"); $userParams["CAPTCHA_WORD"] = $captcha_word; $userParams["CAPTCHA_SID"] = $captcha_sid; if(!\Bitrix\Security\Mfa\Otp::verifyUser($userParams)) { return array("MESSAGE" => GetMessage("USER_LOGIN_OTP_INCORRECT")."<br>", "TYPE" => "ERROR"); } $this->Authorize($userParams["USER_ID"], ($userParams["REMEMBER"] == "Y")); return true; } public function AuthorizeWithOtp($user_id, $bSave = false) { $doAuthorize = true; if(CModule::IncludeModule("security")) { / MFA can allow or disallow authorization. Allowed only if: - OTP is not active for the user; When authorization is disallowed the OTP form will be shown on the next hit. / $doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser(array("USER_ID" => $user_id)); } if($doAuthorize) { return $this->Authorize($user_id, $bSave); } return false; } public function ChangePassword($LOGIN, $CHECKWORD, $PASSWORD, $CONFIRM_PASSWORD, $SITE_ID=false, $captcha_word = "", $captcha_sid = 0, $authActions = true, $phoneNumber = "", $currentPassword = "") { /* @global CMain $APPLICATION / global $DB, $APPLICATION; $arParams = array( "LOGIN" => &$LOGIN, "CHECKWORD" => &$CHECKWORD, "PASSWORD" => &$PASSWORD, "CONFIRM_PASSWORD" => &$CONFIRM_PASSWORD, "SITE_ID" => &$SITE_ID, "PHONE_NUMBER" => &$phoneNumber, "CURRENT_PASSWORD" => &$currentPassword, ); $APPLICATION->ResetException(); foreach(GetModuleEvents("main", "OnBeforeUserChangePassword", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) { if($err = $APPLICATION->GetException()) { return array("MESSAGE"=>$err->GetString()."<br>", "TYPE"=>"ERROR"); } return array("MESSAGE"=>GetMessage("main_change_pass_error")."<br>", "TYPE"=>"ERROR"); } } if(COption::GetOptionString("main", "captcha_restoring_password", "N") == "Y") { if (!($APPLICATION->CaptchaCheckCode($captcha_word, $captcha_sid))) { return array("MESSAGE"=>GetMessage("main_user_captcha_error")."<br>", "TYPE"=>"ERROR"); } } $phoneAuth = ($arParams["PHONE_NUMBER"] <> '' && COption::GetOptionString("main", "new_user_phone_auth", "N") == "Y"); $strAuthError = ""; if(mb_strlen($arParams["LOGIN"]) < 3 && !$phoneAuth) { $strAuthError .= GetMessage('MIN_LOGIN')."<br>"; } if($arParams["CHECKWORD"] == '' && $arParams["CURRENT_PASSWORD"] == '') { $strAuthError .= GetMessage("main_change_pass_empty_checkword")."<br>"; } if($arParams["PASSWORD"] <> $arParams["CONFIRM_PASSWORD"]) { $strAuthError .= GetMessage('WRONG_CONFIRMATION')."<br>"; } if($strAuthError <> '') { return array("MESSAGE"=>$strAuthError, "TYPE"=>"ERROR"); } $updateFields = array( "PASSWORD" => $arParams["PASSWORD"], ); $res = []; if($phoneAuth) { $userId = static::VerifyPhoneCode($arParams["PHONE_NUMBER"], $arParams["CHECKWORD"]); if(!$userId) { return array("MESSAGE" => GetMessage("main_change_pass_code_error"), "TYPE" => "ERROR"); } //activate user after phone number confirmation $updateFields["ACTIVE"] = "Y"; } else { CTimeZone::Disable(); $db_check = $DB->Query( "SELECT ID, LID, CHECKWORD, ".$DB->DateToCharFunction("CHECKWORD_TIME", "FULL")." as CHECKWORD_TIME, PASSWORD, LOGIN_ATTEMPTS, ACTIVE, BLOCKED ". "FROM b_user ". "WHERE LOGIN='".$DB->ForSql($arParams["LOGIN"], 0)."'". ( // $arParams["EXTERNAL_AUTH_ID"] can be changed in the OnBeforeUserChangePassword event $arParams["EXTERNAL_AUTH_ID"] <> ''? " AND EXTERNAL_AUTH_ID='".$DB->ForSQL($arParams["EXTERNAL_AUTH_ID"])."' " : " AND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') " ) ); CTimeZone::Enable(); if(!($res = $db_check->Fetch())) { return array("MESSAGE" => GetMessage('LOGIN_NOT_FOUND1'), "TYPE"=>"ERROR", "FIELD" => "LOGIN"); } $userId = $res["ID"]; } $policy = static::getPolicy($userId); $arPolicy = $policy->getValues(); $passwordErrors = static::CheckPasswordAgainstPolicy($arParams["PASSWORD"], $arPolicy); if (!empty($passwordErrors)) { return array("MESSAGE" => implode("<br>", $passwordErrors)."<br>", "TYPE" => "ERROR"); } if(!$phoneAuth) { if($arParams["CHECKWORD"] <> '') { //change the password using the checkword if($res["CHECKWORD"] == '' \|\| !Password::equals($res["CHECKWORD"], $arParams["CHECKWORD"])) { return array("MESSAGE" => GetMessage("CHECKWORD_INCORRECT1")."<br>", "TYPE"=>"ERROR", "FIELD"=>"CHECKWORD"); } $site_format = CSite::GetDateFormat(); if(time() - $policy->getCheckwordTimeout() 60 > MakeTimeStamp($res["CHECKWORD_TIME"], $site_format)) { return array("MESSAGE" => GetMessage("CHECKWORD_EXPIRE")."<br>", "TYPE"=>"ERROR", "FIELD"=>"CHECKWORD_EXPIRE"); } } else { //change the password using the current password $loginAttempts = intval($res["LOGIN_ATTEMPTS"]) + 1; //show captcha after a serial of incorrect login attempts $policyLoginAttempts = (int)$policy->getLoginAttempts(); if($policyLoginAttempts > 0 && $loginAttempts > $policyLoginAttempts) { $APPLICATION->SetNeedCAPTHA(true); if(!$APPLICATION->CaptchaCheckCode($captcha_word, $captcha_sid)) { return array("MESSAGE"=>GetMessage("main_user_captcha_error")."<br>", "TYPE"=>"ERROR"); } } $passwordCorrect = false; if($res["BLOCKED"] <> "Y") { $passwordCorrect = Password::equals($res["PASSWORD"], $arParams["CURRENT_PASSWORD"]); if(!$passwordCorrect) { //block the user after numerous incorrect login attempts $policyBlockAttempts = (int)$policy->getBlockLoginAttempts(); $policyBlockTime = (int)$policy->getBlockTime(); if($policyBlockAttempts > 0 && $policyBlockTime > 0 && $loginAttempts >= $policyBlockAttempts) { if($res["ACTIVE"] == "Y") { static::blockUser($res["ID"], $policyBlockTime, $loginAttempts); } } } if($passwordCorrect) { $passwordErrors = static::CheckPasswordAgainstPolicy($arParams["PASSWORD"], $arPolicy, $res["ID"]); if (!empty($passwordErrors)) { return array("MESSAGE" => implode("<br>", $passwordErrors)."<br>", "TYPE" => "ERROR"); } $APPLICATION->SetNeedCAPTHA(false); } } if(!$passwordCorrect) { //incorrect password $DB->Query("UPDATE b_user SET LOGIN_ATTEMPTS = ".$loginAttempts.", TIMESTAMP_X = TIMESTAMP_X WHERE ID = ".intval($res["ID"])); return array("MESSAGE"=>GetMessage("main_change_pass_incorrect_pass")."<br>", "TYPE"=>"ERROR", "FIELD"=>"CURRENT_PASSWORD"); } } if($arParams["SITE_ID"] === false) { if(defined("ADMIN_SECTION") && ADMIN_SECTION===true) $arParams["SITE_ID"] = CSite::GetDefSite($res["LID"]); else $arParams["SITE_ID"] = SITE_ID; } } // change the password $obUser = new CUser; $res = $obUser->Update($userId, $updateFields, $authActions); if(!$res && $obUser->LAST_ERROR <> '') { return array("MESSAGE"=>$obUser->LAST_ERROR."<br>", "TYPE"=>"ERROR"); } if($phoneAuth) { return array("MESSAGE"=>GetMessage("main_change_pass_changed")."<br>", "TYPE"=>"OK"); } else { static::SendUserInfo($userId, $arParams["SITE_ID"], GetMessage('CHANGE_PASS_SUCC'), true, 'USER_PASS_CHANGED'); return array("MESSAGE"=>GetMessage('PASSWORD_CHANGE_OK')."<br>", "TYPE"=>"OK"); } } public static function GeneratePasswordByPolicy(array $groups) { $policy = static::getPolicy($groups); $passwordChars = Random::ALPHABET_NUM \| Random::ALPHABET_ALPHALOWER \| Random::ALPHABET_ALPHAUPPER; if ($policy->getPasswordPunctuation()) { $passwordChars \|= Random::ALPHABET_SPECIAL; } $length = (int)$policy->getPasswordLength(); return Random::getStringByAlphabet($length, $passwordChars, true); } public static function CheckPasswordAgainstPolicy($password, $arPolicy, $userId = null) { $errors = []; $passwordMinLength = intval($arPolicy['PASSWORD_LENGTH']); if ($passwordMinLength <= 0) { $passwordMinLength = 6; } if (mb_strlen($password) < $passwordMinLength) { $errors[] = GetMessage('MAIN_FUNCTION_REGISTER_PASSWORD_LENGTH', array('#LENGTH#' => $arPolicy['PASSWORD_LENGTH'])); } if (($arPolicy['PASSWORD_UPPERCASE'] === 'Y') && !preg_match('/[A-Z]/', $password)) { $errors[] = GetMessage('MAIN_FUNCTION_REGISTER_PASSWORD_UPPERCASE'); } if (($arPolicy['PASSWORD_LOWERCASE'] === 'Y') && !preg_match('/[a-z]/', $password)) { $errors[] = GetMessage('MAIN_FUNCTION_REGISTER_PASSWORD_LOWERCASE'); } if (($arPolicy['PASSWORD_DIGITS'] === 'Y') && !preg_match('/[0-9]/', $password)) { $errors[] = GetMessage('MAIN_FUNCTION_REGISTER_PASSWORD_DIGITS'); } if (($arPolicy['PASSWORD_PUNCTUATION'] === 'Y') && !preg_match('/[' . preg_quote(static::PASSWORD_SPECIAL_CHARS, '/') . ']/', $password)) { $errors[] = GetMessage('MAIN_FUNCTION_REGISTER_PASSWORD_PUNCTUATION', ['#SPECIAL_CHARS#' => static::PASSWORD_SPECIAL_CHARS]); } if (($arPolicy['PASSWORD_CHECK_WEAK'] === 'Y')) { if (COption::GetOptionString('main', 'custom_weak_passwords') === 'Y') { $uploadDir = COption::GetOptionString('main', 'upload_dir', 'upload'); $path = "{$_SERVER['DOCUMENT_ROOT']}/{$uploadDir}/main/weak_passwords"; } else { $path = "{$_SERVER['DOCUMENT_ROOT']}/bitrix/modules/main/data/weak_passwords"; } if (Policy\WeakPassword::exists($password, $path)) { $errors[] = GetMessage('main_check_password_weak'); } } if ($userId !== null && $arPolicy['PASSWORD_UNIQUE_COUNT'] > 0) { $passwords = UserPasswordTable::getUserPasswords($userId, $arPolicy['PASSWORD_UNIQUE_COUNT']); foreach ($passwords as $previousPassword) { if (Password::equals($previousPassword['PASSWORD'], $password)) { $errors[] = GetMessage('MAIN_FUNCTION_REGISTER_PASSWORD_UNIQUE'); break; } } } return $errors; } /** * Sends a profile information to email / public static function SendUserInfo($ID, $SITE_ID, $MSG, $bImmediate=false, $eventName="USER_INFO", $checkword = null) { global $DB; $arParams = [ "ID" => $ID, "SITE_ID" => $SITE_ID, ]; foreach(GetModuleEvents("main", "OnBeforeSendUserInfo", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) { return; } } $ID = intval($ID); if($checkword === null) { // change CHECKWORD $checkword = Random::getString(32); $strSql = "UPDATE b_user SET ". " CHECKWORD = '".Password::hash($checkword)."', ". " CHECKWORD_TIME = ".$DB->CurrentTimeFunction().", ". " LID = '".$DB->ForSql($SITE_ID, 2)."', ". " TIMESTAMP_X = TIMESTAMP_X ". "WHERE ID = '".$ID."'". ( // $arParams["EXTERNAL_AUTH_ID"] can be changed in the OnBeforeSendUserInfo event isset($arParams["EXTERNAL_AUTH_ID"]) && $arParams["EXTERNAL_AUTH_ID"] <> ''? " AND EXTERNAL_AUTH_ID='".$DB->ForSQL($arParams["EXTERNAL_AUTH_ID"])."' " : " AND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') " ); $DB->Query($strSql); } $res = $DB->Query( "SELECT u. ". "FROM b_user u ". "WHERE ID='".$ID."'". ( isset($arParams["EXTERNAL_AUTH_ID"]) && $arParams["EXTERNAL_AUTH_ID"] <> ''? " AND EXTERNAL_AUTH_ID='".$DB->ForSQL($arParams["EXTERNAL_AUTH_ID"])."' " : " AND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') " ) ); if($res_array = $res->Fetch()) { $event = new CEvent; $arFields = array( "USER_ID"=>$res_array["ID"], "STATUS"=>($res_array["ACTIVE"]=="Y"?GetMessage("STATUS_ACTIVE"):GetMessage("STATUS_BLOCKED")), "MESSAGE"=>$MSG, "LOGIN"=>$res_array["LOGIN"], "URL_LOGIN"=>urlencode($res_array["LOGIN"]), "CHECKWORD"=>$checkword, "NAME"=>$res_array["NAME"], "LAST_NAME"=>$res_array["LAST_NAME"], "EMAIL"=>$res_array["EMAIL"] ); $arParams = array( "FIELDS" => &$arFields, "USER_FIELDS" => $res_array, "SITE_ID" => &$SITE_ID, "EVENT_NAME" => &$eventName, ); foreach (GetModuleEvents("main", "OnSendUserInfo", true) as $arEvent) ExecuteModuleEventEx($arEvent, array(&$arParams)); if (!$bImmediate) $event->Send($eventName, $SITE_ID, $arFields, "Y", "", array(), $res_array["LANGUAGE_ID"]); else $event->SendImmediate($eventName, $SITE_ID, $arFields, "Y", "", array(), $res_array["LANGUAGE_ID"]); } } public static function SendPassword($LOGIN, $EMAIL, $SITE_ID = false, $captcha_word = "", $captcha_sid = 0, $phoneNumber = "", $shortCode = false) { /** @global CMain $APPLICATION / global $DB, $APPLICATION; $arParams = array( "LOGIN" => $LOGIN, "EMAIL" => $EMAIL, "SITE_ID" => $SITE_ID, "PHONE_NUMBER" => $phoneNumber, "SHORT_CODE" => $shortCode, ); $result_message = array("MESSAGE"=>GetMessage('ACCOUNT_INFO_SENT')."<br>", "TYPE"=>"OK"); $APPLICATION->ResetException(); $bOk = true; foreach(GetModuleEvents("main", "OnBeforeUserSendPassword", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arParams))===false) { if($err = $APPLICATION->GetException()) $result_message = array("MESSAGE"=>$err->GetString()."<br>", "TYPE"=>"ERROR"); $bOk = false; break; } } if($bOk && $arParams["SHORT_CODE"] == false && COption::GetOptionString("main", "captcha_restoring_password", "N") == "Y") { if (!($APPLICATION->CaptchaCheckCode($captcha_word, $captcha_sid))) { $result_message = array("MESSAGE"=>GetMessage("main_user_captcha_error")."<br>", "TYPE"=>"ERROR"); $bOk = false; } } if($bOk) { $found = false; if($arParams["PHONE_NUMBER"] <> '') { //user registered by phone number $siteId = ($arParams["SITE_ID"] === false? null : $arParams["SITE_ID"]); $result = static::SendPhoneCode($arParams["PHONE_NUMBER"], "SMS_USER_RESTORE_PASSWORD", $siteId); if($result->isSuccess()) { $found = true; $result_message = array("MESSAGE"=>GetMessage("main_user_pass_request_sent")."<br>", "TYPE"=>"OK", "TEMPLATE" => "SMS_USER_RESTORE_PASSWORD"); if(COption::GetOptionString("main", "event_log_password_request", "N") === "Y") { $data = $result->getData(); CEventLog::Log("SECURITY", "USER_INFO", "main", $data["USER_ID"]); } } else { if($result->getErrorCollection()->getErrorByCode("ERR_NOT_FOUND") === null) { //user found but there is another error $found = true; $result_message = array("MESSAGE"=>implode("<br>", $result->getErrorMessages()), "TYPE"=>"ERROR"); } } } elseif($arParams["LOGIN"] <> '' \|\| $arParams["EMAIL"] <> '') { $confirmation = (COption::GetOptionString("main", "new_user_registration_email_confirmation", "N") == "Y"); $strSql = ""; if($arParams["LOGIN"] <> '') { $strSql = "SELECT ID, LID, ACTIVE, BLOCKED, CONFIRM_CODE, LOGIN, EMAIL, NAME, LAST_NAME, LANGUAGE_ID ". "FROM b_user u ". "WHERE LOGIN='".$DB->ForSQL($arParams["LOGIN"])."' ". " AND (ACTIVE='Y' OR NOT(CONFIRM_CODE IS NULL OR CONFIRM_CODE='')) ". ( // $arParams["EXTERNAL_AUTH_ID"] can be changed in the OnBeforeUserSendPassword event isset($arParams["EXTERNAL_AUTH_ID"]) && $arParams["EXTERNAL_AUTH_ID"] <> ''? " AND EXTERNAL_AUTH_ID='".$DB->ForSQL($arParams["EXTERNAL_AUTH_ID"])."' " : " AND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') " ); } if($arParams["EMAIL"] <> '') { if($strSql <> '') { $strSql .= "\nUNION\n"; } $strSql .= "SELECT ID, LID, ACTIVE, BLOCKED, CONFIRM_CODE, LOGIN, EMAIL, NAME, LAST_NAME, LANGUAGE_ID ". "FROM b_user u ". "WHERE EMAIL='".$DB->ForSQL($arParams["EMAIL"])."' ". " AND (ACTIVE='Y' OR NOT(CONFIRM_CODE IS NULL OR CONFIRM_CODE='')) ". ( isset($arParams["EXTERNAL_AUTH_ID"]) && $arParams["EXTERNAL_AUTH_ID"] <> ''? " AND EXTERNAL_AUTH_ID='".$DB->ForSQL($arParams["EXTERNAL_AUTH_ID"])."' " : " AND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') " ); } $res = $DB->Query($strSql); while($arUser = $res->Fetch()) { if($arParams["SITE_ID"]===false) { if(defined("ADMIN_SECTION") && ADMIN_SECTION===true) $arParams["SITE_ID"] = CSite::GetDefSite($arUser["LID"]); else $arParams["SITE_ID"] = SITE_ID; } if($arUser["ACTIVE"] == "Y") { if($arUser["BLOCKED"] <> "Y") { $found = true; if($arParams["SHORT_CODE"] == true) { $result = static::SendEmailCode($arUser["ID"], $arParams["SITE_ID"]); if($result->isSuccess()) { $result_message = array("MESSAGE"=>GetMessage("main_send_password_email_code")."<br>", "TYPE"=>"OK", "USER_ID" => $arUser["ID"], "RESULT" => $result); } else { $result_message = array("MESSAGE"=>implode("<br>", $result->getErrorMessages()), "TYPE"=>"ERROR", "RESULT" => $result); } } else { static::SendUserInfo($arUser["ID"], $arParams["SITE_ID"], GetMessage("INFO_REQ"), true, 'USER_PASS_REQUEST'); } } } elseif($confirmation) { $found = true; //unconfirmed registration - resend confirmation email $arFields = array( "USER_ID" => $arUser["ID"], "LOGIN" => $arUser["LOGIN"], "EMAIL" => $arUser["EMAIL"], "NAME" => $arUser["NAME"], "LAST_NAME" => $arUser["LAST_NAME"], "CONFIRM_CODE" => $arUser["CONFIRM_CODE"], "USER_IP" => $_SERVER["REMOTE_ADDR"], "USER_HOST" => @gethostbyaddr($_SERVER["REMOTE_ADDR"]), ); $event = new CEvent; $event->SendImmediate("NEW_USER_CONFIRM", $arParams["SITE_ID"], $arFields, "Y", "", array(), $arUser["LANGUAGE_ID"]); $result_message = array("MESSAGE"=>GetMessage("MAIN_SEND_PASS_CONFIRM")."<br>", "TYPE"=>"OK"); } if(COption::GetOptionString("main", "event_log_password_request", "N") === "Y") { CEventLog::Log("SECURITY", "USER_INFO", "main", $arUser["ID"]); } } } if(!$found) { return array("MESSAGE"=>GetMessage('DATA_NOT_FOUND1')."<br>", "TYPE"=>"ERROR"); } } return $result_message; } public function Register($USER_LOGIN, $USER_NAME, $USER_LAST_NAME, $USER_PASSWORD, $USER_CONFIRM_PASSWORD, $USER_EMAIL, $SITE_ID = false, $captcha_word = "", $captcha_sid = 0, $bSkipConfirm = false, $USER_PHONE_NUMBER = "") { /* * @global CMain $APPLICATION * @global CUserTypeManager $USER_FIELD_MANAGER / global $APPLICATION, $DB, $USER_FIELD_MANAGER; $APPLICATION->ResetException(); if(defined("ADMIN_SECTION") && ADMIN_SECTION===true && $SITE_ID!==false) { $APPLICATION->ThrowException(GetMessage("MAIN_FUNCTION_REGISTER_NA_INADMIN")); return array("MESSAGE"=>GetMessage("MAIN_FUNCTION_REGISTER_NA_INADMIN"), "TYPE"=>"ERROR"); } $strError = ""; if (COption::GetOptionString("main", "captcha_registration", "N") == "Y") { if (!($APPLICATION->CaptchaCheckCode($captcha_word, $captcha_sid))) { $strError .= GetMessage("MAIN_FUNCTION_REGISTER_CAPTCHA")."<br>"; } } if($strError) { if(COption::GetOptionString("main", "event_log_register_fail", "N") === "Y") { CEventLog::Log("SECURITY", "USER_REGISTER_FAIL", "main", false, $strError); } $APPLICATION->ThrowException($strError); return array("MESSAGE"=>$strError, "TYPE"=>"ERROR"); } if($SITE_ID === false) $SITE_ID = SITE_ID; $bConfirmReq = !$bSkipConfirm && (COption::GetOptionString("main", "new_user_registration_email_confirmation", "N") == "Y" && COption::GetOptionString("main", "new_user_email_required", "Y") <> "N"); $phoneRegistration = (COption::GetOptionString("main", "new_user_phone_auth", "N") == "Y"); $phoneRequired = ($phoneRegistration && COption::GetOptionString("main", "new_user_phone_required", "N") == "Y"); $active = ($bConfirmReq \|\| $phoneRequired? "N": "Y"); $arFields = array( "LOGIN" => $USER_LOGIN, "NAME" => $USER_NAME, "LAST_NAME" => $USER_LAST_NAME, "PASSWORD" => $USER_PASSWORD, "CHECKWORD" => Random::getString(32), "~CHECKWORD_TIME" => $DB->CurrentTimeFunction(), "CONFIRM_PASSWORD" => $USER_CONFIRM_PASSWORD, "EMAIL" => $USER_EMAIL, "PHONE_NUMBER" => $USER_PHONE_NUMBER, "ACTIVE" => $active, "CONFIRM_CODE" => ($bConfirmReq? Random::getString(8, true): ""), "SITE_ID" => $SITE_ID, "LANGUAGE_ID" => LANGUAGE_ID, "USER_IP" => $_SERVER["REMOTE_ADDR"], "USER_HOST" => @gethostbyaddr($_SERVER["REMOTE_ADDR"]), ); $USER_FIELD_MANAGER->EditFormAddFields("USER", $arFields); $def_group = COption::GetOptionString("main", "new_user_registration_def_group", ""); if($def_group!="") $arFields["GROUP_ID"] = explode(",", $def_group); $bOk = true; $result_message = true; foreach(GetModuleEvents("main", "OnBeforeUserRegister", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arFields)) === false) { if($err = $APPLICATION->GetException()) { $result_message = array("MESSAGE"=>$err->GetString()."<br>", "TYPE"=>"ERROR"); } else { $APPLICATION->ThrowException("Unknown error"); $result_message = array("MESSAGE"=>"Unknown error"."<br>", "TYPE"=>"ERROR"); } $bOk = false; break; } } $ID = false; $phoneReg = false; if($bOk) { if($arFields["SITE_ID"] === false) { $arFields["SITE_ID"] = CSite::GetDefSite(); } $arFields["LID"] = $arFields["SITE_ID"]; if($ID = $this->Add($arFields)) { if($phoneRegistration && $arFields["PHONE_NUMBER"] <> '') { $phoneReg = true; //added the phone number for the user, now sending a confirmation SMS list($code, $phoneNumber) = static::GeneratePhoneCode($ID); $sms = new \Bitrix\Main\Sms\Event( "SMS_USER_CONFIRM_NUMBER", [ "USER_PHONE" => $phoneNumber, "CODE" => $code, ] ); $sms->setSite($arFields["SITE_ID"]); $smsResult = $sms->send(true); $signedData = \Bitrix\Main\Controller\PhoneAuth::signData(['phoneNumber' => $phoneNumber]); if($smsResult->isSuccess()) { $result_message = array( "MESSAGE" => GetMessage("main_register_sms_sent"), "TYPE" => "OK", "SIGNED_DATA" => $signedData, "ID" => $ID, ); } else { $result_message = array( "MESSAGE" => $smsResult->getErrorMessages(), "TYPE" => "ERROR", "SIGNED_DATA" => $signedData, "ID" => $ID, ); } } else { $result_message = array( "MESSAGE" => GetMessage("USER_REGISTER_OK"), "TYPE" => "OK", "ID" => $ID ); } $arFields["USER_ID"] = $ID; $arEventFields = $arFields; unset($arEventFields["PASSWORD"]); unset($arEventFields["CONFIRM_PASSWORD"]); unset($arEventFields["~CHECKWORD_TIME"]); $event = new CEvent; $event->SendImmediate("NEW_USER", $arEventFields["SITE_ID"], $arEventFields); if($bConfirmReq) { $event->SendImmediate("NEW_USER_CONFIRM", $arEventFields["SITE_ID"], $arEventFields); } } else { $APPLICATION->ThrowException($this->LAST_ERROR); $result_message = array("MESSAGE"=>$this->LAST_ERROR, "TYPE"=>"ERROR"); } } if(is_array($result_message)) { if($result_message["TYPE"] == "OK") { if(COption::GetOptionString("main", "event_log_register", "N") === "Y") { $res_log["user"] = ($USER_NAME != "" \|\| $USER_LAST_NAME != "") ? trim($USER_NAME." ".$USER_LAST_NAME) : $USER_LOGIN; CEventLog::Log("SECURITY", "USER_REGISTER", "main", $ID, serialize($res_log)); } } else { if(COption::GetOptionString("main", "event_log_register_fail", "N") === "Y") { CEventLog::Log("SECURITY", "USER_REGISTER_FAIL", "main", $ID, $result_message["MESSAGE"]); } } } //authorize succesfully registered user, except email or phone confirmation is required $isAuthorize = false; if($ID !== false && $arFields["ACTIVE"] === "Y" && $phoneReg === false) { $isAuthorize = $this->Authorize($ID); } $agreementId = intval(COption::getOptionString("main", "new_user_agreement", "")); if ($agreementId && $isAuthorize) { $agreementObject = new \Bitrix\Main\UserConsent\Agreement($agreementId); if ($agreementObject->isExist() && $agreementObject->isActive() && $_REQUEST["USER_AGREEMENT"] == "Y") { \Bitrix\Main\UserConsent\Consent::addByContext($agreementId, "main/reg", "register"); } } $arFields["RESULT_MESSAGE"] = $result_message; foreach (GetModuleEvents("main", "OnAfterUserRegister", true) as $arEvent) ExecuteModuleEventEx($arEvent, array(&$arFields)); return $arFields["RESULT_MESSAGE"]; } public function SimpleRegister($USER_EMAIL, $SITE_ID = false) { /* @global CMain $APPLICATION / global $APPLICATION, $DB; $APPLICATION->ResetException(); if(defined("ADMIN_SECTION") && ADMIN_SECTION===true && $SITE_ID===false) { $APPLICATION->ThrowException(GetMessage("MAIN_FUNCTION_SIMPLEREGISTER_NA_INADMIN")); return array("MESSAGE"=>GetMessage("MAIN_FUNCTION_SIMPLEREGISTER_NA_INADMIN"), "TYPE"=>"ERROR"); } if($SITE_ID===false) $SITE_ID = SITE_ID; global $REMOTE_ADDR; $arFields = array( "CHECKWORD" => Random::getString(32), "~CHECKWORD_TIME" => $DB->CurrentTimeFunction(), "EMAIL" => $USER_EMAIL, "ACTIVE" => "Y", "NAME"=>"", "LAST_NAME"=>"", "USER_IP"=>$REMOTE_ADDR, "USER_HOST"=>@gethostbyaddr($REMOTE_ADDR), "SITE_ID" => $SITE_ID, "LANGUAGE_ID" => LANGUAGE_ID, ); $def_group = COption::GetOptionString("main", "new_user_registration_def_group", ""); if($def_group!="") { $arFields["GROUP_ID"] = explode(",", $def_group); } else { $arFields["GROUP_ID"] = array(); } $arFields["PASSWORD"] = $arFields["CONFIRM_PASSWORD"] = static::GeneratePasswordByPolicy($arFields["GROUP_ID"]); $bOk = true; $result_message = false; foreach(GetModuleEvents("main", "OnBeforeUserSimpleRegister", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arFields)) === false) { if($err = $APPLICATION->GetException()) $result_message = array("MESSAGE"=>$err->GetString()."<br>", "TYPE"=>"ERROR"); else { $APPLICATION->ThrowException("Unknown error"); $result_message = array("MESSAGE"=>"Unknown error"."<br>", "TYPE"=>"ERROR"); } $bOk = false; break; } } $bRandLogin = false; if(!is_set($arFields, "LOGIN")) { $arFields["LOGIN"] = Random::getString(50); $bRandLogin = true; } $ID = 0; if($bOk) { $arFields["LID"] = $arFields["SITE_ID"]; if($ID = $this->Add($arFields)) { if($bRandLogin) { $this->Update($ID, array("LOGIN"=>"user".$ID)); $arFields["LOGIN"] = "user".$ID; } $this->Authorize($ID); $event = new CEvent; $arFields["USER_ID"] = $ID; $arEventFields = $arFields; unset($arEventFields["PASSWORD"]); unset($arEventFields["CONFIRM_PASSWORD"]); $event->SendImmediate("NEW_USER", $arEventFields["SITE_ID"], $arEventFields); static::SendUserInfo($ID, $arEventFields["SITE_ID"], GetMessage("USER_REGISTERED_SIMPLE"), true); $result_message = array("MESSAGE"=>GetMessage("USER_REGISTER_OK"), "TYPE"=>"OK"); } else $result_message = array("MESSAGE"=>$this->LAST_ERROR, "TYPE"=>"ERROR"); } if(is_array($result_message)) { if($result_message["TYPE"] == "OK") { if(COption::GetOptionString("main", "event_log_register", "N") === "Y") { $res_log["user"] = $arFields["LOGIN"]; CEventLog::Log("SECURITY", "USER_REGISTER", "main", $ID, serialize($res_log)); } } else { if(COption::GetOptionString("main", "event_log_register_fail", "N") === "Y") { CEventLog::Log("SECURITY", "USER_REGISTER_FAIL", "main", $ID, $result_message["MESSAGE"]); } } } $arFields["RESULT_MESSAGE"] = $result_message; foreach(GetModuleEvents("main", "OnAfterUserSimpleRegister", true) as $arEvent) ExecuteModuleEventEx($arEvent, array(&$arFields)); return $arFields["RESULT_MESSAGE"]; } public function IsAuthorized() { if(!isset($this)) { trigger_error("Static call CUser::IsAuthorized() is deprecated, will be removed soon. Use global \$USER.", E_USER_WARNING); global $USER; return $USER->IsAuthorized(); } return ($this->GetID() > 0); } public function HasNoAccess() { if (!$this->IsAuthorized()) { return true; } $filePath = \Bitrix\Main\Context::getCurrent()->getRequest()->getScriptFile(); return !$this->CanDoFileOperation('fm_view_file', [SITE_ID, $filePath]); } public function IsJustAuthorized() { return $this->justAuthorized; } public function IsJustBecameOnline() { if(!$this->GetParam('PREV_LAST_ACTIVITY')) { return true; } else { return (($this->GetParam('SET_LAST_ACTIVITY') - $this->GetParam('PREV_LAST_ACTIVITY')) > Main\UserTable::getSecondsForLimitOnline()); } } public function IsAdmin() { if ($this->admin === null) { if( COption::GetOptionString("main", "controller_member", "N") == "Y" && COption::GetOptionString("main", "~controller_limited_admin", "N") == "Y" ) { $this->admin = ($this->GetParam("CONTROLLER_ADMIN") === true); } else { $this->admin = ($this->GetParam("ADMIN") === true); } } return $this->admin; } public function SetControllerAdmin($isAdmin = true) { $this->SetParam("CONTROLLER_ADMIN", (bool)$isAdmin); } /* * @param array\|true $deleteParms Parameters to delete; if true, delete all * @return string / public static function getLogoutParams($deleteParms = []) { $logout = 'logout=yes'; if(Main\Config\Option::get("main", "secure_logout", "N") == "Y") { $logout .= '&'.bitrix_sessid_get(); } if($deleteParms !== true) { if(($s = DeleteParam(array_merge($deleteParms, ["logout", "sessid"]))) <> '') { $logout .= '&'.$s; } } return $logout; } public function Logout() { /* @global CMain $APPLICATION / global $APPLICATION; $USER_ID = $this->GetID(); $arParams = array( "USER_ID" => &$USER_ID ); $APPLICATION->ResetException(); $bOk = true; foreach(GetModuleEvents("main", "OnBeforeUserLogout", true) as $arEvent) { if(ExecuteModuleEventEx($arEvent, array(&$arParams))===false) { if(!($APPLICATION->GetException())) { $APPLICATION->ThrowException("Unknown logout error"); } $bOk = false; break; } } if($bOk) { foreach(GetModuleEvents("main", "OnUserLogout", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($USER_ID)); } if(($storedAuthId = $this->getContext()->getStoredAuthId()) > 0) { UserStoredAuthTable::delete($storedAuthId); } $this->justAuthorized = false; $this->admin = null; $this->context = null; static::$kernelSession["SESS_AUTH"] = array(); unset(static::$kernelSession["SESS_AUTH"]); unset(static::$kernelSession["SESS_OPERATIONS"]); unset(static::$kernelSession['fixed_session_id']); $application = Main\Application::getInstance(); //change session id for security reason after logout $compositeSessionManager = $application->getCompositeSessionManager(); //todo here was session_regenerate_id(true). Should we delete old? $compositeSessionManager->regenerateId(); $response = Main\Context::getCurrent()->getResponse(); $spread = (COption::GetOptionString("main", "auth_multisite", "N") == "Y"? (Main\Web\Cookie::SPREAD_SITES \| Main\Web\Cookie::SPREAD_DOMAIN) : Main\Web\Cookie::SPREAD_DOMAIN); $cookie = new Main\Web\Cookie("UIDH", "", 0); $cookie->setSpread($spread); $cookie->setHttpOnly(true); $response->addCookie($cookie); $cookie = new Main\Web\Cookie("UIDL", "", 0); $cookie->setSpread($spread); $cookie->setHttpOnly(true); $response->addCookie($cookie); Main\Composite\Engine::onUserLogout(); } $arParams["SUCCESS"] = $bOk; foreach(GetModuleEvents("main", "OnAfterUserLogout", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array(&$arParams)); } if(COption::GetOptionString("main", "event_log_logout", "N") === "Y") { CEventLog::Log("SECURITY", "USER_LOGOUT", "main", $USER_ID); } } public static function GetUserGroup($ID) { $ID = (int)$ID; if (!isset(self::$userGroupCache[$ID])) { $arr = array(); $res = static::GetUserGroupEx($ID); while ($r = $res->Fetch()) $arr[] = $r["GROUP_ID"]; self::$userGroupCache[$ID] = $arr; } return self::$userGroupCache[$ID]; } public static function GetUserGroupEx($ID) { global $DB; $strSql = " SELECT UG.GROUP_ID, G.STRING_ID, ".$DB->DateToCharFunction("UG.DATE_ACTIVE_FROM", "FULL")." as DATE_ACTIVE_FROM, ".$DB->DateToCharFunction("UG.DATE_ACTIVE_TO", "FULL")." as DATE_ACTIVE_TO FROM b_user_group UG INNER JOIN b_group G ON G.ID=UG.GROUP_ID WHERE UG.USER_ID = ".intval($ID)." and ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= ".$DB->CurrentTimeFunction().")) and ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= ".$DB->CurrentTimeFunction().")) and G.ACTIVE = 'Y' UNION SELECT 2, 'everyone', NULL, NULL "; $res = $DB->Query($strSql); return $res; } public static function GetUserGroupList($ID) { global $DB; $strSql = " SELECT UG.GROUP_ID, ".$DB->DateToCharFunction("UG.DATE_ACTIVE_FROM", "FULL")." as DATE_ACTIVE_FROM, ".$DB->DateToCharFunction("UG.DATE_ACTIVE_TO", "FULL")." as DATE_ACTIVE_TO FROM b_user_group UG WHERE UG.USER_ID = ".intval($ID)." UNION SELECT 2, NULL, NULL "; $res = $DB->Query($strSql); return $res; } public function CheckFields(&$arFields, $ID = false) { /* * @global CMain $APPLICATION * @global CUserTypeManager $USER_FIELD_MANAGER / global $DB, $APPLICATION, $USER_FIELD_MANAGER; $this->LAST_ERROR = ""; $bInternal = true; if(is_set($arFields, "EXTERNAL_AUTH_ID")) { if(trim($arFields["EXTERNAL_AUTH_ID"]) <> '') { $bInternal = false; } } else { if($ID > 0) { $dbr = $DB->Query("SELECT EXTERNAL_AUTH_ID FROM b_user WHERE ID=".intval($ID)); if(($ar = $dbr->Fetch())) { if($ar['EXTERNAL_AUTH_ID'] <> '') { $bInternal = false; } } } } if($bInternal) { $this->LAST_ERROR .= static::CheckInternalFields($arFields, $ID); } else { if(is_set($arFields, "EMAIL")) { if($arFields["EMAIL"] <> '' && !check_email($arFields["EMAIL"], true)) { $this->LAST_ERROR .= GetMessage("WRONG_EMAIL")."<br>"; } } } if( is_set($arFields, "PERSONAL_PHOTO") && (!isset($arFields["PERSONAL_PHOTO"]["name"]) \|\| $arFields["PERSONAL_PHOTO"]["name"] == '') && (!isset($arFields["PERSONAL_PHOTO"]["del"]) \|\| $arFields["PERSONAL_PHOTO"]["del"] == '') ) { unset($arFields["PERSONAL_PHOTO"]); } $maxWidth = COption::GetOptionInt("main", "profile_image_width", 0); $maxHeight = COption::GetOptionInt("main", "profile_image_height", 0); $maxSize = COption::GetOptionInt("main", "profile_image_size", 0); if(is_set($arFields, "PERSONAL_PHOTO")) { $res = CFile::CheckImageFile($arFields["PERSONAL_PHOTO"], $maxSize, $maxWidth, $maxHeight); if($res <> '') { $this->LAST_ERROR .= $res."<br>"; } } if(is_set($arFields, "PERSONAL_BIRTHDAY") && $arFields["PERSONAL_BIRTHDAY"] <> '' && !CheckDateTime($arFields["PERSONAL_BIRTHDAY"])) { $this->LAST_ERROR .= GetMessage("WRONG_PERSONAL_BIRTHDAY")."<br>"; } if( is_set($arFields, "WORK_LOGO") && (!isset($arFields["WORK_LOGO"]["name"]) \|\| $arFields["WORK_LOGO"]["name"] == '') && (!isset($arFields["WORK_LOGO"]["del"]) \|\| $arFields["WORK_LOGO"]["del"] == '') ) { unset($arFields["WORK_LOGO"]); } if(is_set($arFields, "WORK_LOGO")) { $res = CFile::CheckImageFile($arFields["WORK_LOGO"], $maxSize, $maxWidth, $maxHeight); if($res <> '') { $this->LAST_ERROR .= $res."<br>"; } } if (is_set($arFields, 'LOGIN')) { $res = $DB->Query( "SELECT 'x' FROM b_user " . "WHERE LOGIN = '{$DB->ForSql($arFields["LOGIN"], 50)}' " . ($ID === false ? '' : ' AND ID <> ' . (int)$ID) . ( !$bInternal ? " AND EXTERNAL_AUTH_ID = '{$DB->ForSql($arFields["EXTERNAL_AUTH_ID"])}' " : " AND (EXTERNAL_AUTH_ID IS NULL OR {$DB->Length("EXTERNAL_AUTH_ID")} <= 0)" ) ); if ($res->Fetch()) { $this->LAST_ERROR .= str_replace('#LOGIN#', htmlspecialcharsbx($arFields['LOGIN']), GetMessage('USER_EXIST')) . '<br>'; } } if(is_object($APPLICATION)) { $APPLICATION->ResetException(); if($ID === false) { $events = GetModuleEvents("main", "OnBeforeUserAdd", true); } else { $arFields["ID"] = $ID; $events = GetModuleEvents("main", "OnBeforeUserUpdate", true); } foreach($events as $arEvent) { $bEventRes = ExecuteModuleEventEx($arEvent, array(&$arFields)); if($bEventRes === false) { if($err = $APPLICATION->GetException()) { $this->LAST_ERROR .= $err->GetString()." "; } else { $APPLICATION->ThrowException("Unknown error"); $this->LAST_ERROR .= "Unknown error. "; } break; } } } if(is_object($APPLICATION)) { $APPLICATION->ResetException(); } if (!$USER_FIELD_MANAGER->CheckFields("USER", $ID, $arFields)) { if(is_object($APPLICATION) && $APPLICATION->GetException()) { $e = $APPLICATION->GetException(); $this->LAST_ERROR .= $e->GetString(); $APPLICATION->ResetException(); } else { $this->LAST_ERROR .= "Unknown error. "; } } if($this->LAST_ERROR <> '') { return false; } return true; } /* * @param array $arFields * @param int\|bool $ID * @return string / public static function CheckInternalFields($arFields, $ID = false) { global $DB; $resultError = ''; $emailRequired = (COption::GetOptionString("main", "new_user_email_required", "Y") <> "N"); $phoneRequired = (COption::GetOptionString("main", "new_user_phone_required", "N") == "Y"); if($ID === false) { if(!isset($arFields["LOGIN"])) { $resultError .= GetMessage("user_login_not_set")."<br>"; } if(!isset($arFields["PASSWORD"])) { $resultError .= GetMessage("user_pass_not_set")."<br>"; } if($emailRequired && !isset($arFields["EMAIL"])) { $resultError .= GetMessage("user_email_not_set")."<br>"; } if($phoneRequired && !isset($arFields["PHONE_NUMBER"])) { $resultError .= GetMessage("main_user_check_no_phone")."<br>"; } } if(is_set($arFields, "LOGIN") && $arFields["LOGIN"] <> trim($arFields["LOGIN"])) { $resultError .= GetMessage("LOGIN_WHITESPACE")."<br>"; } if(is_set($arFields, "LOGIN") && mb_strlen($arFields["LOGIN"]) < 3) { $resultError .= GetMessage("MIN_LOGIN")."<br>"; } if(is_set($arFields, "PASSWORD")) { if(is_set($arFields, "CONFIRM_PASSWORD") && $arFields["PASSWORD"] !== $arFields["CONFIRM_PASSWORD"]) { //we shouldn't show that password is correct $resultError .= GetMessage("WRONG_CONFIRMATION")."<br>"; } else { if(array_key_exists("GROUP_ID", $arFields)) { $arGroups = array(); if(is_array($arFields["GROUP_ID"])) { foreach($arFields["GROUP_ID"] as $arGroup) { if(is_array($arGroup)) { $arGroups[] = $arGroup["GROUP_ID"]; } else { $arGroups[] = $arGroup; } } } $policy = static::getPolicy($arGroups); } elseif($ID !== false) { $policy = static::getPolicy($ID); } else { $policy = static::getPolicy([]); } $passwordErrors = static::CheckPasswordAgainstPolicy($arFields["PASSWORD"], $policy->getValues(), ($ID !== false? $ID : null)); if(!empty($passwordErrors)) { $resultError .= implode("<br>", $passwordErrors)."<br>"; } } } if(is_set($arFields, "EMAIL")) { if(($emailRequired && mb_strlen($arFields["EMAIL"]) < 3) \|\| ($arFields["EMAIL"] <> '' && !check_email($arFields["EMAIL"], true))) { $resultError .= GetMessage("WRONG_EMAIL")."<br>"; } elseif(COption::GetOptionString("main", "new_user_email_uniq_check", "N") === "Y") { if($arFields["EMAIL"] <> '') { $oldEmail = ''; if($ID > 0) { //the option 'new_user_email_uniq_check' might have been switched on after the DB already contained identical emails //so we let a user to have the old email, but not the existing new one $dbr = $DB->Query("SELECT EMAIL FROM b_user WHERE ID=".intval($ID)); if(($ar = $dbr->Fetch())) { $oldEmail = $ar['EMAIL']; } } if($ID == false \|\| $arFields["EMAIL"] <> $oldEmail) { $res = static::GetList('', '', array( "=EMAIL" => $arFields["EMAIL"], "EXTERNAL_AUTH_ID" => $arFields["EXTERNAL_AUTH_ID"] ), array( "FIELDS" => array("ID") ) ); while($ar = $res->Fetch()) { if(intval($ar["ID"]) !== intval($ID)) { $resultError .= GetMessage("USER_WITH_EMAIL_EXIST", array("#EMAIL#" => htmlspecialcharsbx($arFields["EMAIL"])))."<br>"; } } } } } } if(isset($arFields["PHONE_NUMBER"])) { if($phoneRequired && $arFields["PHONE_NUMBER"] == '') { $resultError .= GetMessage("main_user_check_no_phone")."<br>"; } elseif($arFields["PHONE_NUMBER"] <> '') { //normalize the number: we need it normalized for validation $phoneNumber = Main\UserPhoneAuthTable::normalizePhoneNumber($arFields["PHONE_NUMBER"]); //validation $field = Main\UserPhoneAuthTable::getEntity()->getField("PHONE_NUMBER"); $result = new Main\ORM\Data\Result(); $primary = ($ID === false? [] : ["USER_ID" => $ID]); $field->validateValue($phoneNumber, $primary, [], $result); if(!$result->isSuccess()) { $resultError .= implode("<br>", $result->getErrorMessages()); } } } if (isset($arFields["GROUP_ID"]) && is_array($arFields["GROUP_ID"]) && count($arFields["GROUP_ID"]) > 0) { if (isset($arFields["GROUP_ID"][0]) && is_array($arFields["GROUP_ID"][0]) && count($arFields["GROUP_ID"][0]) > 0) { foreach($arFields["GROUP_ID"] as $arGroup) { if($arGroup["DATE_ACTIVE_FROM"] <> '' && !CheckDateTime($arGroup["DATE_ACTIVE_FROM"])) { $error = str_replace("#GROUP_ID#", $arGroup["GROUP_ID"], GetMessage("WRONG_DATE_ACTIVE_FROM")); $resultError .= $error."<br>"; } if($arGroup["DATE_ACTIVE_TO"] <> '' && !CheckDateTime($arGroup["DATE_ACTIVE_TO"])) { $error = str_replace("#GROUP_ID#", $arGroup["GROUP_ID"], GetMessage("WRONG_DATE_ACTIVE_TO")); $resultError .= $error."<br>"; } } } } return $resultError; } public static function GetByID($ID) { global $USER; $ID = intval($ID); if($ID < 1) { //actually, here should be an exception $rs = new CDBResult; $rs->InitFromArray([]); return $rs; } $userID = (is_object($USER)? intval($USER->GetID()): 0); if($userID > 0 && $ID == $userID && is_array(self::$CURRENT_USER)) { $rs = new CDBResult; $rs->InitFromArray(self::$CURRENT_USER); } else { $rs = static::GetList('id', 'asc', array("ID_EQUAL_EXACT"=>intval($ID)), array("SELECT"=>array("UF_"))); if($userID > 0 && $ID == $userID) { self::$CURRENT_USER = array($rs->Fetch()); $rs = new CDBResult; $rs->InitFromArray(self::$CURRENT_USER); } } return $rs; } public static function GetByLogin($LOGIN) { $rs = static::GetList('id', 'asc', array("LOGIN_EQUAL_EXACT"=>$LOGIN), array("SELECT"=>array("UF_"))); return $rs; } public function Update($ID, $arFields, $authActions = true) { /* @global CUserTypeManager $USER_FIELD_MANAGER / global $DB, $USER_FIELD_MANAGER, $CACHE_MANAGER, $USER; $ID = intval($ID); if ($ID <= 0) { return false; } if(!$this->CheckFields($arFields, $ID)) { $result = false; $arFields["RESULT_MESSAGE"] = &$this->LAST_ERROR; } else { unset($arFields["ID"]); if(is_set($arFields, "ACTIVE") && $arFields["ACTIVE"] != "Y") $arFields["ACTIVE"] = "N"; if(is_set($arFields, "BLOCKED") && $arFields["BLOCKED"] != "Y") $arFields["BLOCKED"] = "N"; if(is_set($arFields, "PASSWORD_EXPIRED") && $arFields["PASSWORD_EXPIRED"] != "Y") $arFields["PASSWORD_EXPIRED"] = "N"; if(is_set($arFields, "PERSONAL_GENDER") && ($arFields["PERSONAL_GENDER"]!="M" && $arFields["PERSONAL_GENDER"]!="F")) $arFields["PERSONAL_GENDER"] = ""; $saveHistory = (Main\Config\Option::get("main", "user_profile_history") === "Y"); //we need old values for some actions $arUser = null; if((isset($arFields["ACTIVE"]) && $arFields["ACTIVE"] == "N") \|\| isset($arFields["PASSWORD"]) \|\| $saveHistory) { $rUser = static::GetByID($ID); $arUser = $rUser->Fetch(); } $originalPassword = ''; $passwordChanged = false; if(is_set($arFields, "PASSWORD")) { $originalPassword = $arFields["PASSWORD"]; $arFields["PASSWORD"] = Password::hash($arFields["PASSWORD"]); if($arUser) { if(!Password::equals($arUser["PASSWORD"], $originalPassword)) { //password changed, remove stored authentication UserStoredAuthTable::deleteByFilter(['=USER_ID' => $ID]); $passwordChanged = true; } } if(COption::GetOptionString("main", "event_log_password_change", "N") === "Y") { CEventLog::Log("SECURITY", "USER_PASSWORD_CHANGED", "main", $ID); } if (!isset($arFields['PASSWORD_EXPIRED'])) { // reset the flag on password change $arFields['PASSWORD_EXPIRED'] = 'N'; } } unset($arFields["STORED_HASH"]); $checkword = ''; if(!is_set($arFields, "CHECKWORD")) { if(is_set($arFields, "PASSWORD") \|\| is_set($arFields, "EMAIL") \|\| is_set($arFields, "LOGIN") \|\| is_set($arFields, "ACTIVE")) { $checkword = Random::getString(32); $arFields["CHECKWORD"] = Password::hash($checkword); } } else { $checkword = $arFields["CHECKWORD"]; $arFields["CHECKWORD"] = Password::hash($checkword); } if(is_set($arFields, "CHECKWORD") && !is_set($arFields, "CHECKWORD_TIME")) $arFields["~CHECKWORD_TIME"] = $DB->CurrentTimeFunction(); if(is_set($arFields, "WORK_COUNTRY")) $arFields["WORK_COUNTRY"] = intval($arFields["WORK_COUNTRY"]); if(is_set($arFields, "PERSONAL_COUNTRY")) $arFields["PERSONAL_COUNTRY"] = intval($arFields["PERSONAL_COUNTRY"]); if ( array_key_exists("PERSONAL_PHOTO", $arFields) && is_array($arFields["PERSONAL_PHOTO"]) && ( !array_key_exists("MODULE_ID", $arFields["PERSONAL_PHOTO"]) \|\| $arFields["PERSONAL_PHOTO"]["MODULE_ID"] == '' ) ) { $arFields["PERSONAL_PHOTO"]["MODULE_ID"] = "main"; } CFile::SaveForDB($arFields, "PERSONAL_PHOTO", "main"); if ( array_key_exists("WORK_LOGO", $arFields) && is_array($arFields["WORK_LOGO"]) && ( !array_key_exists("MODULE_ID", $arFields["WORK_LOGO"]) \|\| $arFields["WORK_LOGO"]["MODULE_ID"] == '' ) ) { $arFields["WORK_LOGO"]["MODULE_ID"] = "main"; } CFile::SaveForDB($arFields, "WORK_LOGO", "main"); $strUpdate = $DB->PrepareUpdate("b_user", $arFields); if(!is_set($arFields, "TIMESTAMP_X")) $strUpdate .= ($strUpdate <> ""? ",":"")." TIMESTAMP_X = ".$DB->GetNowFunction(); $strSql = "UPDATE b_user SET ".$strUpdate." WHERE ID=".$ID; $DB->Query($strSql); $USER_FIELD_MANAGER->Update("USER", $ID, $arFields); if(isset($arFields["PHONE_NUMBER"])) { $numberExists = false; if($arFields["PHONE_NUMBER"] <> '') { $arFields["PHONE_NUMBER"] = Main\UserPhoneAuthTable::normalizePhoneNumber($arFields["PHONE_NUMBER"]); $numberExists = Main\UserPhoneAuthTable::getList(["filter" => [ "=USER_ID" => $ID, "=PHONE_NUMBER" => $arFields["PHONE_NUMBER"], ]])->fetch(); } if($arFields["PHONE_NUMBER"] == '' \|\| !$numberExists) { //number changed or added Main\UserPhoneAuthTable::delete($ID); if($arFields["PHONE_NUMBER"] <> '') { Main\UserPhoneAuthTable::add([ "USER_ID" => $ID, "PHONE_NUMBER" => $arFields["PHONE_NUMBER"], ]); } } } if(COption::GetOptionString("main", "event_log_user_edit", "N") === "Y") { $res_log["user"] = ($arFields["NAME"] != "" \|\| $arFields["LAST_NAME"] != "") ? trim($arFields["NAME"]." ".$arFields["LAST_NAME"]) : $arFields["LOGIN"]; CEventLog::Log("SECURITY", "USER_EDIT", "main", $ID, serialize($res_log)); } if(is_set($arFields, "GROUP_ID")) { static::SetUserGroup($ID, $arFields["GROUP_ID"]); } if($arUser && $passwordChanged) { if(COption::GetOptionString('main', 'use_digest_auth', 'N') == 'Y') { //update digest hash for http digest authorization static::UpdateDigest($arUser["ID"], $originalPassword); } //history of passwords UserPasswordTable::add([ "USER_ID" => $arUser["ID"], "PASSWORD" => $arFields["PASSWORD"], "DATE_CHANGE" => new Main\Type\DateTime(), ]); } if($arUser && $authActions == true) { $authAction = false; if(isset($arFields["ACTIVE"]) && $arUser["ACTIVE"] == "Y" && $arFields["ACTIVE"] == "N") { $authAction = true; } $internalUser = true; if(isset($arFields["EXTERNAL_AUTH_ID"])) { if($arFields["EXTERNAL_AUTH_ID"] <> '') { $internalUser = false; } } elseif($arUser["EXTERNAL_AUTH_ID"] <> '') { $internalUser = false; } if($internalUser && isset($arFields["PASSWORD"]) && $passwordChanged) { $authAction = true; if(is_object($USER) && $USER->GetID() == $ID) { //changed password by himself $USER->SetParam("AUTH_ACTION_SKIP_LOGOUT", true); } } if($authAction) { Main\UserAuthActionTable::addLogoutAction($ID); } } $result = true; $arFields["CHECKWORD"] = $checkword; //update session information and cache for current user if(is_object($USER) && $USER->GetID() == $ID) { static $arSessFields = [ 'LOGIN' => 'LOGIN', 'EMAIL' => 'EMAIL', 'TITLE' => 'TITLE', 'FIRST_NAME' => 'NAME', 'SECOND_NAME' => 'SECOND_NAME', 'LAST_NAME' => 'LAST_NAME', 'PERSONAL_PHOTO' => 'PERSONAL_PHOTO', 'PERSONAL_GENDER' => 'PERSONAL_GENDER', 'AUTO_TIME_ZONE' => 'AUTO_TIME_ZONE', 'TIME_ZONE' => 'TIME_ZONE', ]; foreach($arSessFields as $key => $val) if(isset($arFields[$val])) $USER->SetParam($key, $arFields[$val]); $name = $USER->GetParam("FIRST_NAME"); $last_name = $USER->GetParam("LAST_NAME"); $USER->SetParam("NAME", $name.($name == '' \|\| $last_name == ''? "":" ").$last_name); //cache for GetByID() self::$CURRENT_USER = false; } if($saveHistory && $arUser) { $rUser = static::GetByID($ID); $newUser = $rUser->Fetch(); UserProfileHistoryTable::addHistory($ID, UserProfileHistoryTable::TYPE_UPDATE, $arUser, $newUser); } } $arFields["ID"] = $ID; $arFields["RESULT"] = &$result; foreach (GetModuleEvents("main", "OnAfterUserUpdate", true) as $arEvent) ExecuteModuleEventEx($arEvent, array(&$arFields)); if($arFields["RESULT"] == true) { \Bitrix\Main\UserTable::indexRecord($ID); if(defined("BX_COMP_MANAGED_CACHE")) { $userData = \Bitrix\Main\UserTable::getById($ID)->fetch(); $isRealUser = !$userData['EXTERNAL_AUTH_ID'] \|\| !in_array($userData['EXTERNAL_AUTH_ID'], \Bitrix\Main\UserTable::getExternalUserTypes()); $CACHE_MANAGER->ClearByTag("USER_CARD_".intval($ID / TAGGED_user_card_size)); $CACHE_MANAGER->ClearByTag($isRealUser? "USER_CARD": "EXTERNAL_USER_CARD"); static $arNameFields = [ "NAME", "LAST_NAME", "SECOND_NAME", "ACTIVE", "LOGIN", "EMAIL", "PERSONAL_GENDER", "PERSONAL_PHOTO", "WORK_POSITION", "PERSONAL_PROFESSION", "PERSONAL_WWW", "PERSONAL_BIRTHDAY", "TITLE", "EXTERNAL_AUTH_ID", "UF_DEPARTMENT", "AUTO_TIME_ZONE", "TIME_ZONE", "TIME_ZONE_OFFSET" ]; $bClear = false; foreach($arNameFields as $val) { if(isset($arFields[$val])) { $bClear = true; break; } } if ($bClear) { $CACHE_MANAGER->ClearByTag("USER_NAME_".$ID); $CACHE_MANAGER->ClearByTag($isRealUser? "USER_NAME": "EXTERNAL_USER_NAME"); } } } return $result; } public static function SetUserGroup($USER_ID, $arGroups, $newUser = false) { $connection = Main\Application::getConnection(); $helper = $connection->getSqlHelper(); $USER_ID = intval($USER_ID); if ($USER_ID === 0) { return false; } //remember previous groups of the user $aPrevGroups = array(); $res = static::GetUserGroupList($USER_ID); while($res_arr = $res->Fetch()) if($res_arr["GROUP_ID"] <> 2) $aPrevGroups[$res_arr["GROUP_ID"]] = $res_arr; $inserted = []; $values = []; if (is_array($arGroups)) { foreach ($arGroups as $group) { if (!is_array($group)) { $group = array("GROUP_ID" => $group); } //we must preserve fields order for the insertion sql $groupFields = [ "GROUP_ID" => $group["GROUP_ID"], "DATE_ACTIVE_FROM" => (isset($group["DATE_ACTIVE_FROM"])? $group["DATE_ACTIVE_FROM"] : ''), "DATE_ACTIVE_TO" => (isset($group["DATE_ACTIVE_TO"])? $group["DATE_ACTIVE_TO"] : ''), ]; $group_id = intval($groupFields["GROUP_ID"]); if ($group_id > 0 && $group_id <> 2 && !isset($inserted[$group_id])) { $arInsert = $GLOBALS['DB']->PrepareInsert("b_user_group", $groupFields); $values[] = "(".$USER_ID.", ".$arInsert[1].")"; $inserted[$group_id] = $groupFields; } } } $connection->startTransaction(); $connection->query("DELETE FROM b_user_group WHERE USER_ID=".$USER_ID); if (!empty($values)) { $strSql = " INSERT IGNORE INTO b_user_group (USER_ID, GROUP_ID, DATE_ACTIVE_FROM, DATE_ACTIVE_TO) VALUES ".implode(", ", $values); $connection->query($strSql); } $connection->commitTransaction(); static::clearUserGroupCache($USER_ID); foreach (GetModuleEvents("main", "OnAfterSetUserGroup", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($USER_ID, $inserted)); } if($aPrevGroups <> $inserted) { if($newUser == false) { $authActionCommon = false; $now = new Main\Type\DateTime(); foreach($inserted as $group) { foreach(array("DATE_ACTIVE_FROM", "DATE_ACTIVE_TO") as $field) { if($group[$field] <> '') { $date = Main\Type\DateTime::createFromUserTime($group[$field]); if($date->getTimestamp() > $now->getTimestamp()) { //group membership is in the future, we need separate records for each group Main\UserAuthActionTable::addUpdateAction($USER_ID, $date); } else { $authActionCommon = true; } } else { $authActionCommon = true; } } } if($authActionCommon == true) { //one action for all groups without dates in the future Main\UserAuthActionTable::addUpdateAction($USER_ID); } } if(COption::GetOptionString("main", "event_log_user_groups", "N") === "Y") { $UserName = ''; $rsUser = static::GetByID($USER_ID); if($arUser = $rsUser->GetNext()) $UserName = ($arUser["NAME"] != "" \|\| $arUser["LAST_NAME"] != "") ? trim($arUser["NAME"]." ".$arUser["LAST_NAME"]) : $arUser["LOGIN"]; $res_log = array( "groups" => serialize($aPrevGroups)." => ".serialize($inserted), "user" => $UserName ); CEventLog::Log("SECURITY", "USER_GROUP_CHANGED", "main", $USER_ID, serialize($res_log)); } } return null; } /* * Appends groups to the list of existing user's groups. * * @param int $user_id * @param array\|int $groups A single number, or an array of numbers, or an array of arrays("GROUP_ID"=>$val, "DATE_ACTIVE_FROM"=>$val, "DATE_ACTIVE_TO"=>$val) / public static function AppendUserGroup($user_id, $groups) { $arGroups = array(); $res = static::GetUserGroupList($user_id); while($res_arr = $res->Fetch()) { $arGroups[] = array( "GROUP_ID" => $res_arr["GROUP_ID"], "DATE_ACTIVE_FROM" => $res_arr["DATE_ACTIVE_FROM"], "DATE_ACTIVE_TO" => $res_arr["DATE_ACTIVE_TO"], ); } if(!is_array($groups)) { $groups = array($groups); } foreach($groups as $group) { if(!is_array($group)) { $group = array("GROUP_ID" => $group); } $arGroups[] = $group; } static::SetUserGroup($user_id, $arGroups); } public static function GetCount() { global $DB; $r = $DB->Query("SELECT COUNT('x') as C FROM b_user"); $r = $r->Fetch(); return intval($r["C"]); } public static function Delete($ID) { global $DB, $APPLICATION, $USER_FIELD_MANAGER, $CACHE_MANAGER; $ID = intval($ID); $rsUser = $DB->Query(" SELECT ID, LOGIN, NAME, LAST_NAME, EXTERNAL_AUTH_ID, PERSONAL_PHOTO, WORK_LOGO FROM b_user WHERE ID = {$ID} AND ID <> 1 "); $arUser = $rsUser->Fetch(); if(!$arUser) { return false; } $events = array_merge(GetModuleEvents("main", "OnBeforeUserDelete", true), GetModuleEvents("main", "OnUserDelete", true)); foreach($events as $arEvent) { if(ExecuteModuleEventEx($arEvent, array($ID))===false) { $err = GetMessage("MAIN_BEFORE_DEL_ERR1").' '.$arEvent['TO_MODULE_ID']; if($ex = $APPLICATION->GetException()) $err .= ': '.$ex->GetString(); $APPLICATION->throwException($err); if(COption::GetOptionString("main", "event_log_user_delete", "N") === "Y") { $UserName = ($arUser["NAME"] != "" \|\| $arUser["LAST_NAME"] != "") ? trim($arUser["NAME"]." ".$arUser["LAST_NAME"]) : $arUser["LOGIN"]; $res_log = array( "user" => $UserName, "err" => $err ); CEventLog::Log("SECURITY", "USER_DELETE", "main", $ID, serialize($res_log)); } return false; } } if ($arUser['PERSONAL_PHOTO'] > 0) { CFile::Delete($arUser['PERSONAL_PHOTO']); } if ($arUser['WORK_LOGO'] > 0) { CFile::Delete($arUser['WORK_LOGO']); } CAccess::OnUserDelete($ID); $DB->Query("DELETE FROM b_user_group WHERE USER_ID=".$ID); $DB->Query("DELETE FROM b_user_digest WHERE USER_ID=".$ID); $userFilter = ['=USER_ID' => $ID]; ApplicationPasswordTable::deleteByFilter($userFilter); Main\UserPhoneAuthTable::delete($ID); ShortCode::deleteByUser($ID); UserPasswordTable::deleteByFilter($userFilter); UserStoredAuthTable::deleteByFilter($userFilter); UserHitAuthTable::deleteByFilter($userFilter); UserDeviceTable::deleteByFilter($userFilter); $USER_FIELD_MANAGER->Delete("USER", $ID); if(COption::GetOptionString("main", "event_log_user_delete", "N") === "Y") { $res_log["user"] = ($arUser["NAME"] != "" \|\| $arUser["LAST_NAME"] != "") ? trim($arUser["NAME"]." ".$arUser["LAST_NAME"]) : $arUser["LOGIN"]; CEventLog::Log("SECURITY", "USER_DELETE", "main", $arUser["LOGIN"], serialize($res_log)); } if(!$DB->Query("DELETE FROM b_user WHERE ID=".$ID." AND ID<>1")) { return false; } if(defined("BX_COMP_MANAGED_CACHE")) { $isRealUser = !$arUser['EXTERNAL_AUTH_ID'] \|\| !in_array($arUser['EXTERNAL_AUTH_ID'], \Bitrix\Main\UserTable::getExternalUserTypes()); $CACHE_MANAGER->ClearByTag("USER_CARD_".intval($ID / TAGGED_user_card_size)); $CACHE_MANAGER->ClearByTag($isRealUser? "USER_CARD": "EXTERNAL_USER_CARD"); $CACHE_MANAGER->ClearByTag("USER_NAME_".$ID); $CACHE_MANAGER->ClearByTag($isRealUser? "USER_NAME": "EXTERNAL_USER_CARD"); } static::clearUserGroupCache($ID); Main\UserAuthActionTable::addLogoutAction($ID); UserProfileHistoryTable::deleteByFilter($userFilter); if(Main\Config\Option::get("main", "user_profile_history") === "Y") { UserProfileHistoryTable::addHistory($ID, UserProfileHistoryTable::TYPE_DELETE); } Main\UserTable::deleteIndexRecord($ID); foreach(GetModuleEvents("main", "OnAfterUserDelete", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($ID)); } return true; } public static function GetExternalAuthList() { $arAll = array(); foreach(GetModuleEvents("main", "OnExternalAuthList", true) as $arEvent) { $arRes = ExecuteModuleEventEx($arEvent); if(is_array($arRes)) { foreach($arRes as $v) { $arAll[] = $v; } } } $result = new CDBResult; $result->InitFromArray($arAll); return $result; } public static function GetGroupPolicy($iUserId) { $policy = static::getPolicy($iUserId); $arPolicy = $policy->getValues(); $ar = [ GetMessage("MAIN_GP_PASSWORD_LENGTH", ["#LENGTH#" => (int)$arPolicy["PASSWORD_LENGTH"]]) ]; if ($arPolicy["PASSWORD_UPPERCASE"] === "Y") { $ar[] = GetMessage("MAIN_GP_PASSWORD_UPPERCASE"); } if ($arPolicy["PASSWORD_LOWERCASE"] === "Y") { $ar[] = GetMessage("MAIN_GP_PASSWORD_LOWERCASE"); } if ($arPolicy["PASSWORD_DIGITS"] === "Y") { $ar[] = GetMessage("MAIN_GP_PASSWORD_DIGITS"); } if ($arPolicy["PASSWORD_PUNCTUATION"] === "Y") { $ar[] = GetMessage("MAIN_GP_PASSWORD_PUNCTUATION", ["#SPECIAL_CHARS#" => static::PASSWORD_SPECIAL_CHARS]); } $arPolicy["PASSWORD_REQUIREMENTS"] = implode(", ", $ar)."."; return $arPolicy; } /* * @param mixed $userId User ID or array of groups * @return Policy\RulesCollection / public static function getPolicy($userId) { global $DB, $CACHE_MANAGER; static $cache = []; $cacheId = md5(serialize($userId)); if (isset($cache[$cacheId])) { return $cache[$cacheId]; } $arPolicies = []; / Group 2 managed cache / $sql = "SELECT G.ID GROUP_ID, G.SECURITY_POLICY FROM b_group G WHERE G.ID=2"; if (CACHED_b_group === false) { $res = $DB->Query($sql); $group2Policy = $res->Fetch(); } elseif ($CACHE_MANAGER->Read(CACHED_b_group, "b_group2", "b_group")) { $group2Policy = $CACHE_MANAGER->Get("b_group2"); } else { $rs = $DB->Query($sql); $group2Policy = $rs->Fetch(); $CACHE_MANAGER->Set("b_group2", $group2Policy); } if ($group2Policy) { $arPolicies[] = $group2Policy; } if (is_array($userId)) { $arGroups = array(); foreach ($userId as $value) { $value = intval($value); if ($value > 0 && $value != 2) $arGroups[$value] = $value; } if ($arGroups) { $sql = "SELECT G.ID GROUP_ID, G.SECURITY_POLICY ". "FROM b_group G ". "WHERE G.ID in (".implode(", ", $arGroups).")" ; $rs = $DB->Query($sql); while ($ar = $rs->Fetch()) { $arPolicies[] = $ar; } } } elseif (intval($userId) > 0) { $sql = "SELECT UG.GROUP_ID, G.SECURITY_POLICY ". "FROM b_user_group UG, b_group G ". "WHERE UG.USER_ID = ".intval($userId)." ". "AND UG.GROUP_ID = G.ID ". "AND ((UG.DATE_ACTIVE_FROM IS NULL) OR (UG.DATE_ACTIVE_FROM <= ".$DB->CurrentTimeFunction().")) ". "AND ((UG.DATE_ACTIVE_TO IS NULL) OR (UG.DATE_ACTIVE_TO >= ".$DB->CurrentTimeFunction().")) " ; $rs = $DB->Query($sql); while ($ar = $rs->Fetch()) { $arPolicies[] = $ar; } } // default policy $policy = new Policy\RulesCollection(); foreach($arPolicies as $ar) { if($ar["SECURITY_POLICY"]) { $arGroupPolicy = unserialize($ar["SECURITY_POLICY"], ['allowed_classes' => false]); } else { continue; } if(!is_array($arGroupPolicy)) { continue; } foreach ($arGroupPolicy as $key => $val) { $rule = $policy[$key]; if ($rule !== null) { if ($rule->assignValue($val)) { // now we know from which group the rule was last applied $rule->setGroupId((int)$ar['GROUP_ID']); } } } } if (count($cache) <= 10) { $cache[$cacheId] = $policy; } return $policy; } public static function CheckStoredHash($context, $hash, $tempHash = false) { if (!($context instanceof Authentication\Context)) { $context = (new Authentication\Context()) ->setUserId($context) ; } $cnt = 0; $hashId = false; $res = UserStoredAuthTable::query() ->setSelect(['']) ->where('USER_ID', $context->getUserId()) ->setOrder(['LAST_AUTH' => 'DESC']) ->exec() ; $policy = static::getPolicy($context->getUserId()); $maxStoreNum = $policy->getMaxStoreNum(); $storeTimeout = $policy->getStoreTimeout(); $sessionTimeout = $policy->getSessionTimeout(); $storeIpMask = ip2long($policy->getStoreIpMask()); $ipAddress = Main\Context::getCurrent()->getServer()->getRemoteAddr(); while($ar = $res->fetch()) { if ($ar["TEMP_HASH"] == "N") { $cnt++; } $lastAuthTime = 0; if ($ar["LAST_AUTH"] instanceof Main\Type\DateTime) { $lastAuthTime = $ar["LAST_AUTH"]->getTimestamp(); } if ( $cnt > $maxStoreNum \|\| ($ar["TEMP_HASH"] == "N" && time() - ($storeTimeout * 60) > $lastAuthTime) \|\| ($ar["TEMP_HASH"] == "Y" && time() - ($sessionTimeout * 60) > $lastAuthTime) ) { UserStoredAuthTable::delete($ar['ID']); } elseif (!$hashId) { //for domain spreaded external auth we should check only temporary hashes if ($tempHash == false \|\| $ar["TEMP_HASH"] == "Y") { $remote_net = $storeIpMask & ip2long($ipAddress); $stored_net = $storeIpMask & (float)$ar["IP_ADDR"]; if ($hash === $ar["STORED_HASH"] && $remote_net == $stored_net) { $hashId = $ar["ID"]; $context ->setStoredAuthId($hashId) ->setStoredAuthHash($hash) ; } } } } return $hashId; } public function GetAllOperations($arGroups = false) { global $DB; if (is_array($arGroups)) { $userGroups = "2,".implode(",", array_map("intval", $arGroups)); } else { $userGroups = $this->GetGroups(); } $sql_str = " SELECT O.NAME OPERATION_NAME FROM b_group_task GT INNER JOIN b_task_operation T_O ON T_O.TASK_ID=GT.TASK_ID INNER JOIN b_operation O ON O.ID=T_O.OPERATION_ID WHERE GT.GROUP_ID IN(".$userGroups.") UNION SELECT O.NAME OPERATION_NAME FROM b_option OP INNER JOIN b_task_operation T_O ON T_O.TASK_ID=".$DB->ToChar("OP.VALUE", 18)." INNER JOIN b_operation O ON O.ID=T_O.OPERATION_ID WHERE OP.NAME='GROUP_DEFAULT_TASK' UNION SELECT O.NAME OPERATION_NAME FROM b_option OP INNER JOIN b_task T ON T.MODULE_ID=OP.MODULE_ID AND T.BINDING='module' AND T.LETTER=".$DB->ToChar("OP.VALUE", 1)." AND T.SYS='Y' INNER JOIN b_task_operation T_O ON T_O.TASK_ID=T.ID INNER JOIN b_operation O ON O.ID=T_O.OPERATION_ID WHERE OP.NAME='GROUP_DEFAULT_RIGHT' "; $z = $DB->Query($sql_str); $arr = array(); while($r = $z->Fetch()) $arr[$r['OPERATION_NAME']] = $r['OPERATION_NAME']; return $arr; } public function CanDoOperation($op_name, $user_id = 0) { if ($user_id > 0) { $arGroups = array(); $rsGroups = $this->GetUserGroupEx($user_id); while ($group = $rsGroups->Fetch()) { $arGroups[] = $group["GROUP_ID"]; } if (!$arGroups) return false; $op = $this->GetAllOperations($arGroups); return isset($op[$op_name]); } else { if ($this->IsAdmin()) return true; if(!isset(static::$kernelSession["SESS_OPERATIONS"])) static::$kernelSession["SESS_OPERATIONS"] = $this->GetAllOperations(); return isset(static::$kernelSession["SESS_OPERATIONS"][$op_name]); } } public static function GetFileOperations($arPath, $arGroups=false) { /** @global CMain $APPLICATION / global $APPLICATION; $ar = $APPLICATION->GetFileAccessPermission($arPath, $arGroups, true); $arFileOperations = array(); for ($i = 0, $len = count($ar); $i < $len; $i++) $arFileOperations = array_merge($arFileOperations, CTask::GetOperations($ar[$i], true)); $arFileOperations = array_values(array_unique($arFileOperations)); return $arFileOperations; } public function CanDoFileOperation($op_name, $arPath) { global $APPLICATION, $USER; if ($this->IsAdmin()) return true; if(!isset($APPLICATION->FILEMAN_OPERATION_CACHE)) $APPLICATION->FILEMAN_OPERATION_CACHE = array(); $k = addslashes($arPath[0].'\|'.$arPath[1]); if(array_key_exists($k, $APPLICATION->FILEMAN_OPERATION_CACHE)) { $arFileOperations = $APPLICATION->FILEMAN_OPERATION_CACHE[$k]; } else { $arFileOperations = $this->GetFileOperations($arPath); $APPLICATION->FILEMAN_OPERATION_CACHE[$k] = $arFileOperations; } $arAlowedOperations = array('fm_delete_file','fm_rename_folder','fm_view_permission'); if(mb_substr($arPath[1], -10) == "/.htaccess" && !$USER->CanDoOperation('edit_php') && !in_array($op_name,$arAlowedOperations)) return false; if(mb_substr($arPath[1], -12) == "/.access.php") return false; return in_array($op_name, $arFileOperations); } public static function UserTypeRightsCheck($entity_id) { global $USER; if($entity_id == "USER" && $USER->CanDoOperation('edit_other_settings')) { return "W"; } else return "D"; } public function CanAccess($arCodes) { if(!is_array($arCodes) \|\| empty($arCodes)) return false; if(in_array('G2', $arCodes)) return true; if($this->IsAuthorized() && in_array('AU', $arCodes)) return true; $bEmpty = true; foreach($arCodes as $code) { if(trim($code) <> '') { $bEmpty = false; break; } } if($bEmpty) return false; $res = CAccess::GetUserCodes($this->GetID(), array("ACCESS_CODE"=>$arCodes)); if($res->Fetch()) return true; return false; } public function GetAccessCodes() { if(!$this->IsAuthorized()) return array('G2'); static $arCodes = array(); $USER_ID = intval($this->GetID()); if(!array_key_exists($USER_ID, $arCodes)) { $arCodes[$USER_ID] = CAccess::GetUserCodesArray($USER_ID); if($this->IsAuthorized()) $arCodes[$USER_ID][] = "AU"; } return $arCodes[$USER_ID]; } public static function CleanUpAgent() { $cleanup_days = COption::GetOptionInt("main", "new_user_registration_cleanup_days", 7); if($cleanup_days > 0) { $date = new Main\Type\Date(); $date->add("-{$cleanup_days}D"); if(COption::GetOptionString("main", "new_user_registration_email_confirmation", "N") === "Y") { //unconfirmed email confirmations $filter = array( "!CONFIRM_CODE" => false, "=ACTIVE" => "N", "<DATE_REGISTER" => $date, ); $users = Main\UserTable::getList([ "filter" => $filter, "select" => ["ID"], ]); while($user = $users->fetch()) { static::Delete($user["ID"]); } } if(COption::GetOptionString("main", "new_user_phone_auth", "N") === "Y") { //unconfirmed phone confirmations $filter = array( '=\Bitrix\Main\UserPhoneAuthTable:USER.CONFIRMED' => "N", "=ACTIVE" => "N", "<DATE_REGISTER" => $date, ); $users = Main\UserTable::getList([ "filter" => $filter, "select" => ["ID"], ]); while($user = $users->fetch()) { static::Delete($user["ID"]); } } } $historyCleanupDays = COption::GetOptionInt("main", "profile_history_cleanup_days", 0); if($historyCleanupDays > 0) { $date = new Main\Type\Date(); $date->add("-{$historyCleanupDays}D"); UserProfileHistoryTable::deleteByFilter(["<DATE_INSERT" => $date]); } $deviceCleanupDays = COption::GetOptionInt("main", "device_history_cleanup_days", 180); if($deviceCleanupDays > 0) { $date = new Main\Type\Date(); $date->add("-{$deviceCleanupDays}D"); UserDeviceLoginTable::deleteByFilter(["<LOGIN_DATE" => $date]); } return "CUser::CleanUpAgent();"; } public static function DeactivateAgent() { $blockDays = COption::GetOptionInt("main", "inactive_users_block_days", 0); if($blockDays > 0) { $log = (COption::GetOptionString("main", "event_log_block_user", "N") === "Y"); $userObj = new CUser(); $date = new Main\Type\Date(); $date->add("-{$blockDays}D"); $filter = array( "=ACTIVE" => "Y", "=BLOCKED" => "N", "<LAST_LOGIN" => $date, ); $users = Main\UserTable::getList([ "filter" => $filter, "select" => ["ID"], ]); while($user = $users->fetch()) { $groups = static::GetUserGroup($user["ID"]); $admin = in_array(1, $groups); //admins shouldn't be blocked if($admin == false) { $userObj->Update($user["ID"], ["BLOCKED" => "Y"], false); if($log) { CEventLog::Log("SECURITY", "USER_BLOCKED", "main", $user["ID"], "Inactive days: {$blockDays}"); } } } } return "CUser::DeactivateAgent();"; } public static function UnblockAgent($userId) { $user = new CUser(); $user->Update($userId, ["BLOCKED" => "N"]); return ""; } public static function GetActiveUsersCount() { return Main\UserTable::getActiveUsersCount(); } public static function SetLastActivityDate($userId = null, $cache = false) { global $USER; if (is_null($userId)) { $userId = $USER->GetId(); } $userId = intval($userId); if ($userId <= 0) { return false; } if($userId == $USER->GetId()) { if ($cache) { if (intval($USER->GetParam('SET_LAST_ACTIVITY'))+60 > time()) { return false; } } $USER->SetParam('PREV_LAST_ACTIVITY', $USER->GetParam('SET_LAST_ACTIVITY')); $USER->SetParam('SET_LAST_ACTIVITY', time()); } static::SetLastActivityDateByArray(array($userId), $_SERVER['REMOTE_ADDR']); return true; } public static function SetLastActivityDateByArray($arUsers, $ip = null) { global $DB; if (!is_array($arUsers) \|\| count($arUsers) <= 0) return false; $strSqlPrefix = "UPDATE b_user SET ". "TIMESTAMP_X = TIMESTAMP_X, ". "LAST_ACTIVITY_DATE = ".$DB->CurrentTimeFunction()." WHERE ID IN ("; $strSqlPostfix = ")"; $maxValuesLen = 2048; $strSqlValues = ""; $arUsers = array_map("intval", $arUsers); foreach($arUsers as $userId) { $strSqlValues .= ",$userId"; if(mb_strlen($strSqlValues) > $maxValuesLen) { $DB->Query($strSqlPrefix.mb_substr($strSqlValues, 1).$strSqlPostfix, false, "", array("ignore_dml"=>true)); $strSqlValues = ""; } } if($strSqlValues <> '') { $DB->Query($strSqlPrefix.mb_substr($strSqlValues, 1).$strSqlPostfix, false, "", array("ignore_dml"=>true)); } $event = new \Bitrix\Main\Event("main", "OnUserSetLastActivityDate", array($arUsers, $ip)); $event->send(); return true; } public static function GetSecondsForLimitOnline() { return \Bitrix\Main\UserTable::getSecondsForLimitOnline(); } public static function GetExternalUserTypes() { return Main\UserTable::getExternalUserTypes(); } public static function GetOnlineStatus($userId, $lastseen, $now = false) { $userId = intval($userId); if ($lastseen instanceof \Bitrix\Main\Type\DateTime) { $lastseen = $lastseen->getTimestamp(); } else if (is_int($lastseen)) { $lastseen = intval($lastseen); } else { $lastseen = 0; } if ($now === false) { $now = time(); } else if ($now instanceof \Bitrix\Main\Type\DateTime) { $now = $now->getTimestamp(); } else { $now = intval($now); } $result = Array( 'IS_ONLINE' => false, 'STATUS' => self::STATUS_OFFLINE, 'STATUS_TEXT' => GetMessage('USER_STATUS_OFFLINE'), 'LAST_SEEN' => $lastseen, 'LAST_SEEN_TEXT' => "", 'NOW' => $now, ); if ($lastseen === false) { return $result; } $result['IS_ONLINE'] = $now - $lastseen <= static::GetSecondsForLimitOnline(); $result['STATUS'] = $result['IS_ONLINE']? self::STATUS_ONLINE: self::STATUS_OFFLINE; $result['STATUS_TEXT'] = GetMessage('USER_STATUS_'.strtoupper($result['STATUS'])); if ($lastseen && $now - $lastseen > 300) { $result['LAST_SEEN_TEXT'] = static::FormatLastActivityDate($lastseen, $now); } if ($userId > 0) { if ($result['IS_ONLINE']) { foreach(GetModuleEvents("main", "OnUserOnlineStatusGetCustomOnlineStatus", true) as $arEvent) { $customStatus = ExecuteModuleEventEx($arEvent, array($userId, $lastseen, $now, self::STATUS_ONLINE)); if (is_array($customStatus)) { if (!empty($customStatus['STATUS']) && !empty($customStatus['STATUS_TEXT'])) { $result['STATUS'] = strtolower($customStatus['STATUS']); $result['STATUS_TEXT'] = $customStatus['STATUS_TEXT']; } if (isset($customStatus['LAST_SEEN']) && intval($customStatus['LAST_SEEN']) > 0) { $result['LAST_SEEN'] = intval($customStatus['LAST_SEEN']); } if (isset($customStatus['LAST_SEEN_TEXT'])) { $result['LAST_SEEN_TEXT'] = $customStatus['LAST_SEEN_TEXT']; } } } } else { foreach(GetModuleEvents("main", "OnUserOnlineStatusGetCustomOfflineStatus", true) as $arEvent) { $customStatus = ExecuteModuleEventEx($arEvent, array($userId, $lastseen, $now, self::STATUS_OFFLINE)); if (is_array($customStatus)) { if (!empty($customStatus['STATUS']) && !empty($customStatus['STATUS_TEXT'])) { $result['STATUS'] = strtolower($customStatus['STATUS']); $result['STATUS_TEXT'] = $customStatus['STATUS_TEXT']; } if (isset($customStatus['LAST_SEEN']) && intval($customStatus['LAST_SEEN']) > 0) { $result['LAST_SEEN'] = intval($customStatus['LAST_SEEN']); } if (isset($customStatus['LAST_SEEN_TEXT'])) { $result['LAST_SEEN_TEXT'] = $customStatus['LAST_SEEN_TEXT']; } } } } } return $result; } /* * @param int\|bool\|\Bitrix\Main\Type\DateTime $timestamp * @param int\|bool\|\Bitrix\Main\Type\DateTime $now * * @return string / public static function FormatLastActivityDate($timestamp, $now = false) { global $DB; if ($timestamp instanceof \Bitrix\Main\Type\DateTime) { $timestamp = $timestamp->getTimestamp(); } else if (is_int($timestamp)) { $timestamp = intval($timestamp); } else { return ""; } if ($now === false) { $now = time(); } else if ($now instanceof \Bitrix\Main\Type\DateTime) { $now = $now->getTimestamp(); } else { $now = intval($now); } $ampm = IsAmPmMode(true); $timeFormat = ($ampm === AM_PM_LOWER? "g:i a" : ($ampm === AM_PM_UPPER? "g:i A" : "H:i")); $formattedDate = FormatDate(array( "tomorrow" => "#01#{$timeFormat}", "now" => "#02#", "todayFuture" => "#03#{$timeFormat}", "yesterday" => "#04#{$timeFormat}", "-" => preg_replace('/:s$/', '', $DB->DateFormatToPHP(CSite::GetDateFormat("FULL"))), "s60" => "sago", "i60" => "iago", "H5" => "Hago", "H24" => "#03#{$timeFormat}", "d31" => "dago", "m12>1" => "mago", "m12>0" => "dago", "" => "#05#", ), $timestamp, $now); if (preg_match('/^#(\d+)#(.)/', $formattedDate, $match)) { switch($match[1]) { case "01": $formattedDate = str_replace("#TIME#", $match[2], GetMessage('USER_LAST_SEEN_TOMORROW')); break; case "02": $formattedDate = GetMessage('USER_LAST_SEEN_NOW'); break; case "03": $formattedDate = str_replace("#TIME#", $match[2], GetMessage('USER_LAST_SEEN_TODAY')); break; case "04": $formattedDate = str_replace("#TIME#", $match[2], GetMessage('USER_LAST_SEEN_YESTERDAY')); break; case "05": $formattedDate = GetMessage('USER_LAST_SEEN_MORE_YEAR'); break; default: $formattedDate = $match[2]; break; } } return $formattedDate; } public static function SearchUserByName($arName, $email = "", $bLoginMode = false) { global $DB; $arNameReady = array(); foreach ($arName as $s) { $s = Trim($s); if ($s <> '') $arNameReady[] = $s; } if (Count($arNameReady) <= 0) return false; $strSqlWhereEMail = (($email <> '') ? " AND upper(U.EMAIL) = upper('".$DB->ForSql($email)."') " : ""); if ($bLoginMode) { if (count($arNameReady) > 3) { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE ("; $bFirst = true; for ($i = 0; $i < 4; $i++) { for ($j = 0; $j < 4; $j++) { if ($i == $j) continue; for ($k = 0; $k < 4; $k++) { if ($i == $k \|\| $j == $k) continue; for ($l = 0; $l < 4; $l++) { if ($i == $l \|\| $j == $l \|\| $k == $l) continue; if (!$bFirst) $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$j])."%') ". "AND U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$k])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$l])."%'))"; $bFirst = false; } } } } $strSql .= ")"; } elseif (Count($arNameReady) == 3) { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE ("; $bFirst = true; for ($i = 0; $i < 3; $i++) { for ($j = 0; $j < 3; $j++) { if ($i == $j) continue; for ($k = 0; $k < 3; $k++) { if ($i == $k \|\| $j == $k) continue; if (!$bFirst) $strSql .= " OR "; $strSql .= "("; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$j])."%') ". "AND U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$k])."%'))"; $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$j])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$k])."%'))"; $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$j])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$k])."%'))"; $strSql .= " OR "; $strSql .= "(U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$j])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$k])."%'))"; $strSql .= ")"; $bFirst = false; } } } $strSql .= ")"; } elseif (Count($arNameReady) == 2) { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE ("; $bFirst = true; for ($i = 0; $i < 2; $i++) { for ($j = 0; $j < 2; $j++) { if ($i == $j) continue; if (!$bFirst) $strSql .= " OR "; $strSql .= "("; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$j])."%'))"; $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$j])."%'))"; $strSql .= " OR "; $strSql .= "(U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$j])."%'))"; $strSql .= " OR "; $strSql .= "(U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$j])."%'))"; $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$j])."%'))"; $strSql .= " OR "; $strSql .= "(U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[$j])."%'))"; $strSql .= ")"; $bFirst = false; } } $strSql .= ")"; } else { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE (U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[0])."%') ". " OR U.LOGIN IS NOT NULL AND upper(U.LOGIN) LIKE upper('".$DB->ForSql($arNameReady[0])."%') ". " OR U.EMAIL IS NOT NULL AND upper(U.EMAIL) LIKE upper('".$DB->ForSql($arNameReady[0])."%') ". " OR U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[0])."%')) "; } $strSql .= $strSqlWhereEMail; } else { if (Count($arNameReady) >= 3) { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE "; $bFirst = true; for ($i = 0; $i < 3; $i++) { for ($j = 0; $j < 3; $j++) { if ($i == $j) continue; for ($k = 0; $k < 3; $k++) { if ($i == $k \|\| $j == $k) continue; if (!$bFirst) $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$j])."%') ". "AND U.SECOND_NAME IS NOT NULL AND upper(U.SECOND_NAME) LIKE upper('".$DB->ForSql($arNameReady[$k])."%')".$strSqlWhereEMail.")"; $bFirst = false; } } } } elseif (Count($arNameReady) == 2) { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE "; $bFirst = true; for ($i = 0; $i < 2; $i++) { for ($j = 0; $j < 2; $j++) { if ($i == $j) continue; if (!$bFirst) $strSql .= " OR "; $strSql .= "(U.NAME IS NOT NULL AND upper(U.NAME) LIKE upper('".$DB->ForSql($arNameReady[$i])."%') ". "AND U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[$j])."%')".$strSqlWhereEMail.")"; $bFirst = false; } } } else { $strSql = "SELECT U.ID, U.NAME, U.LAST_NAME, U.SECOND_NAME, U.LOGIN, U.EMAIL ". "FROM b_user U ". "WHERE U.LAST_NAME IS NOT NULL AND upper(U.LAST_NAME) LIKE upper('".$DB->ForSql($arNameReady[0])."%') ". $strSqlWhereEMail; } } $dbRes = $DB->Query($strSql); return $dbRes; } public static function FormatName($NAME_TEMPLATE, $arUser, $bUseLogin = false, $bHTMLSpec = true, $enabledEmptyNameStub = true) { if (isset($arUser["ID"])) $ID = intval($arUser['ID']); else $ID = ''; $NAME_SHORT = (($arUser['NAME'] ?? '') <> ''? mb_substr($arUser['NAME'], 0, 1).'.' : ''); $LAST_NAME_SHORT = (($arUser['LAST_NAME'] ?? '') <> ''? mb_substr($arUser['LAST_NAME'], 0, 1).'.' : ''); $SECOND_NAME_SHORT = (($arUser['SECOND_NAME'] ?? '') <> ''? mb_substr($arUser['SECOND_NAME'], 0, 1).'.' : ''); $res = str_replace( array('#TITLE#', '#NAME#', '#LAST_NAME#', '#SECOND_NAME#', '#NAME_SHORT#', '#LAST_NAME_SHORT#', '#SECOND_NAME_SHORT#', '#EMAIL#', '#ID#'), array(($arUser['TITLE'] ?? ''), ($arUser['NAME'] ?? ''), ($arUser['LAST_NAME'] ?? ''), ($arUser['SECOND_NAME'] ?? ''), $NAME_SHORT, $LAST_NAME_SHORT, $SECOND_NAME_SHORT, ($arUser['EMAIL'] ?? ''), $ID), $NAME_TEMPLATE ); while(strpos($res, " ") !== false) { $res = str_replace(" ", " ", $res); } $res = trim($res); $res_check = ""; if (mb_strpos($NAME_TEMPLATE, '#NAME#') !== false \|\| mb_strpos($NAME_TEMPLATE, '#NAME_SHORT#') !== false) $res_check .= $arUser['NAME']; if (mb_strpos($NAME_TEMPLATE, '#LAST_NAME#') !== false \|\| mb_strpos($NAME_TEMPLATE, '#LAST_NAME_SHORT#') !== false) $res_check .= $arUser['LAST_NAME']; if (mb_strpos($NAME_TEMPLATE, '#SECOND_NAME#') !== false \|\| mb_strpos($NAME_TEMPLATE, '#SECOND_NAME_SHORT#') !== false) $res_check .= $arUser['SECOND_NAME']; if (trim($res_check) == '') { if ($bUseLogin && $arUser['LOGIN'] <> '') $res = $arUser['LOGIN']; else if($enabledEmptyNameStub) $res = GetMessage('FORMATNAME_NONAME'); else $res = ''; if (mb_strpos($NAME_TEMPLATE, '[#ID#]') !== false) $res .= " [".$ID."]"; } if ($bHTMLSpec) $res = htmlspecialcharsbx($res); $res = str_replace(array('#NOBR#', '#/NOBR#'), '', $res); return $res; } public static function clearUserGroupCache($ID = false) { if ($ID === false) { self::$userGroupCache = array(); } else { $ID = (int)$ID; if (isset(self::$userGroupCache[$ID])) unset(self::$userGroupCache[$ID]); } } public function CheckAuthActions() { if(!$this->IsAuthorized()) { return; } if(!is_array(static::$kernelSession["AUTH_ACTIONS_PERFORMED"])) { static::$kernelSession["AUTH_ACTIONS_PERFORMED"] = array(); } $now = new Main\Type\DateTime(); $actions = Main\UserAuthActionTable::getList(array( "filter" => array("=USER_ID" => $this->getContext()->getUserId()), "order" => array("USER_ID" => "ASC", "PRIORITY" => "ASC", "ID" => "DESC"), "cache" => array("ttl" => 3600), )); while($action = $actions->fetch()) { if(isset(static::$kernelSession["AUTH_ACTIONS_PERFORMED"][$action["ID"]])) { //already processed the action in this session continue; } if($action["APPLICATION_ID"] <> '' && $this->getContext()->getApplicationId() <> $action["APPLICATION_ID"]) { //this action is for the specific application only continue; } /** @var Main\Type\DateTime() $actionDate / $actionDate = $action["ACTION_DATE"]; if($actionDate <= $now) { //remember that we already did the action static::$kernelSession["AUTH_ACTIONS_PERFORMED"][$action["ID"]] = true; if($this->IsJustAuthorized()) { //no need to update the session continue; } switch($action["ACTION"]) { case Main\UserAuthActionTable::ACTION_LOGOUT: if($this->GetParam("AUTH_ACTION_SKIP_LOGOUT") == true) { //user's changed password by himself, skip logout $this->SetParam("AUTH_ACTION_SKIP_LOGOUT", false); break; } //redirect is possible $this->Logout(); break; case Main\UserAuthActionTable::ACTION_UPDATE: $this->UpdateSessionData($this->getContext()); break; } //we need to process only the first action by proirity break; } } } public static function AuthActionsCleanUpAgent() { $date = new Main\Type\DateTime(); $date->add("-1D"); Main\UserAuthActionTable::deleteByFilter(array("<ACTION_DATE" => $date)); return 'CUser::AuthActionsCleanUpAgent();'; } /* * @param int $userId * @return array\|bool [code, phone_number] / public static function GeneratePhoneCode($userId) { $row = Main\UserPhoneAuthTable::getRowById($userId); if($row && $row["OTP_SECRET"] <> '') { $totp = new Main\Security\Mfa\TotpAlgorithm(); $totp->setInterval(self::PHONE_CODE_OTP_INTERVAL); $totp->setSecret($row["OTP_SECRET"]); $timecode = $totp->timecode(time()); $code = $totp->generateOTP($timecode); Main\UserPhoneAuthTable::update($userId, array( "ATTEMPTS" => 0, "DATE_SENT" => new Main\Type\DateTime(), )); return [$code, $row["PHONE_NUMBER"]]; } return false; } /* * @param string $phoneNumber * @param string $code * @return bool\|int User ID on success, false on error / public static function VerifyPhoneCode($phoneNumber, $code) { if($code == '') { return false; } $phoneNumber = Main\UserPhoneAuthTable::normalizePhoneNumber($phoneNumber); $row = Main\UserPhoneAuthTable::getList(["filter" => ["=PHONE_NUMBER" => $phoneNumber]])->fetch(); if($row && $row["OTP_SECRET"] <> '') { if($row["ATTEMPTS"] >= 3) { return false; } $totp = new Main\Security\Mfa\TotpAlgorithm(); $totp->setInterval(self::PHONE_CODE_OTP_INTERVAL); $totp->setSecret($row["OTP_SECRET"]); try { list($result, ) = $totp->verify($code); } catch(Main\ArgumentException $e) { return false; } $data = array(); if($result) { if($row["CONFIRMED"] == "N") { $data["CONFIRMED"] = "Y"; } $data['DATE_SENT'] = ''; } else { $data["ATTEMPTS"] = (int)$row["ATTEMPTS"] + 1; } if(!empty($data)) { Main\UserPhoneAuthTable::update($row["USER_ID"], $data); } if($result) { return $row["USER_ID"]; } } return false; } /* * @param string $phoneNumber * @param string $smsTemplate * @param string\|null $siteId * @return Main\Result / public static function SendPhoneCode($phoneNumber, $smsTemplate, $siteId = null) { $result = new Main\Result(); $phoneNumber = Main\UserPhoneAuthTable::normalizePhoneNumber($phoneNumber); $select = ["USER_ID", "DATE_SENT", "USER.LANGUAGE_ID"]; if($siteId === null) { $context = Main\Context::getCurrent(); $siteId = $context->getSite(); if($siteId === null) { $select[] = "USER.LID"; } } $userPhone = Main\UserPhoneAuthTable::getList([ "select" => $select, "filter" => [ "=PHONE_NUMBER" => $phoneNumber ] ])->fetchObject(); if(!$userPhone) { $result->addError(new Main\Error(Loc::getMessage("main_register_no_user"), "ERR_NOT_FOUND")); return $result; } //alowed only once in a minute if($userPhone->getDateSent()) { $currentDateTime = new Main\Type\DateTime(); if(($currentDateTime->getTimestamp() - $userPhone->getDateSent()->getTimestamp()) < static::PHONE_CODE_RESEND_INTERVAL) { $result->addError(new Main\Error(Loc::getMessage("main_register_timeout"), "ERR_TIMEOUT")); return $result; } } list($code, $phoneNumber) = static::GeneratePhoneCode($userPhone->getUserId()); if($siteId === null) { $siteId = CSite::GetDefSite($userPhone->getUser()->getLid()); } $language = $userPhone->getUser()->getLanguageId(); $sms = new Main\Sms\Event( $smsTemplate, [ "USER_PHONE" => $phoneNumber, "CODE" => $code, ] ); $sms->setSite($siteId); if($language <> '') { //user preferred language $sms->setLanguage($language); } $result = $sms->send(true); $result->setData(["USER_ID" => $userPhone->getUserId()]); return $result; } protected static function SendEmailCode($userId, $siteId) { $result = new Main\Result(); $context = new Authentication\Context(); $context->setUserId($userId); $shortCode = new ShortCode($context); //alowed only once in a minute $check = $shortCode->checkDateSent(); if($check->isSuccess()) { $code = $shortCode->generate(); static::SendUserInfo($userId, $siteId, "", true, 'USER_CODE_REQUEST', $code); $shortCode->saveDateSent(); } else { $result->addError(new Main\Error(Loc::getMessage("main_register_timeout"), "ERR_TIMEOUT")); } $result->setData($check->getData()); return $result; } /* * Returns the current authentication context, stored in the session. * @return Authentication\Context */ public function getContext() { if ($this->context === null) { $this->context = Authentication\Context::jsonDecode((string)$this->GetParam('CONTEXT')); } return $this->context; } } class CUser extends CAllUser { }

| ver. 1.4 | Github | . | PHP 7.4.33 | Generation time: 0.24 | proxy | phpinfo | Settings