#============================================================
# MyAuthApplication
#============================================================
package MyAuthApplication;
use MyApplication;
@ISA = qw(MyApplication);
use strict;
use SQLDB;
#==========================================
# 大域変数
#==========================================
my $DefaultSendmail = '/usr/sbin/sendmail';
my $SourceCharCode = Jcode::getcode('月火水木金土日 ');
#============================================================
# 静的関数
#============================================================
#============================================================
# 変数等取得関数
#============================================================
#============================================================
# コンストラクタ、デストラクタ
#============================================================
BEGIN { }
sub new
{
my ($module, $app) = @_;
my $this = {};
bless $this;
# $this->SUPER::new(@_);
return $this;
}
sub DESTROY
{
my $this = shift;
# $this->SUPER::DESTROY(@_);
}
#============================================================
# 継承クラスで定義しなおす関数
#============================================================
#============================================================
# 一般関数
#============================================================
#==========================================
# 認証関係
#==========================================
sub CryptMethod {
my ($this, $cm) = @_;
return $this->{CryptMethod} = $cm;
}
sub CryptPhrase {
my ($this, $phrase) = @_;
return $this->{CryptPhrase} = $phrase;
}
sub SetCryptedHeader {
my ($this, $header) = @_;
return $this->{CryptedHeader} = $header;
}
sub Crypt
{
my ($this, $s, $CryptMethod, $CryptPhrase, $CryptedHeader) = @_;
my $pParams = $this->pParams();
$pParams = {} if(!defined $pParams);
$CryptMethod = $pParams->{CryptMethod} if(!defined $CryptMethod);
$CryptPhrase = $pParams->{CryptPhrase} if(!defined $CryptPhrase);
$CryptedHeader = $pParams->{CryptedHeader} if(!defined $CryptedHeader);
#$this->print("C2: $pParams->{CryptMethod}, $pParams->{CryptPhrase}, $pParams->{CryptedHeader}\n");
#$this->print("C3: $CryptMethod, $CryptPhrase, $CryptedHeader\n");
return $s if($s eq '');
return $s if($CryptedHeader ne '' and $s =~ /^$CryptedHeader/);
# if($this->pParams()->{LogonUserPrivilege} =~ /IPAddressCoded/i) {
if($this->HasPrivilege('IPAddressCoded', 0)) {
my $ip = $this->RemoteIPAddress();
$s = $CryptedHeader . Utils::Crypt($CryptMethod, $CryptPhrase, "$s:/:$ip");
}
else {
$s = $CryptedHeader . Utils::Crypt($CryptMethod, $CryptPhrase, $s);
}
$s =~ s/[\+&\s]/@/g;
return $s;
}
sub CryptForSchedule
{
my ($this, $s, $CryptMethod, $CryptPhrase, $CryptedHeader) = @_;
$CryptMethod = $this->{CryptMethod} if(!defined $CryptMethod);
$CryptPhrase = $this->{CryptPhrase} if(!defined $CryptPhrase);
$CryptedHeader = $this->{CryptedHeader} if(!defined $CryptedHeader);
return $s if($s eq '');
return $s if($CryptedHeader ne '' and $s =~ /^$CryptedHeader/);
# if($this->pParams()->{LogonUserPrivilege} =~ /NoIPAddressCoded/i) {
if($this->HasPrivilege('NoIPAddressCoded', 0)) {
$s = $CryptedHeader . Utils::Crypt($CryptMethod, $CryptPhrase, $s);
}
else {
my $ip = $this->RemoteIPAddress();
$s = $CryptedHeader . Utils::Crypt($CryptMethod, $CryptPhrase, "$s:/:$ip");
}
$s =~ s/[\+&\s]/@/g;
return $s;
}
sub IsIncluded
{
my ($this, $key, $KeyList, $separator) = @_;
$separator = "[,\\|\\s]+" if(!defined $separator);
my @keys = Utils::Split($separator, $KeyList);
for(my $i = 0 ; $i < @keys ; $i++) {
return 1 if($key eq $keys[$i]);
}
return 0;
}
sub MergePrivileges
{
my ($this, $priv1, $priv2) = @_;
my @p = (Utils::Split("[,\\|\\s]+", $priv1), Utils::Split("[,\\|\\s]+", $priv2));
my %h;
for(my $i = 0 ; $i < @p ; $i++) {
$h{$p[$i]}++;
}
my $s = '';
foreach my $key (sort keys %h) {
if($s eq '') {
$s .= $key;
}
else {
$s .= ",$key";
}
}
#$this->print("s: [$priv1][$priv2][$s]\n");
#$this->print("s: [$s]\n");
return $s;
}
sub IsPrivilegeIncluded
{
my ($this, $Privilege, $PrivilegeList) = @_;
my @Privileges = Utils::Split("[,\\|\\s]+", $PrivilegeList);
#$this->print("TargetPrivilege:[$Privilege]\n");
for(my $i = 0 ; $i < @Privileges ; $i++) {
#$this->print("$i: [$Privileges[$i]]/[$Privilege]\n");
return 1 if($Privilege eq $Privileges[$i]);
}
return 0;
}
sub GetPrivilege
{
my ($this, $DB, $EMail, $UsersTableName, $pPrivilegesList) = @_;
return '' if(!$DB);
my $pParams = $this->pParams();
$pPrivilegesList = $pParams->{pPrivilegesList} if(!defined $pPrivilegesList);
$pParams = {} if(!defined $pParams);
$UsersTableName = $pParams->{UsersTableName} if(!defined $UsersTableName);
my $priv = '';
my $category = '';
if($DB) {
my $ret = $DB->Search($UsersTableName, "EMail=\'$EMail\' order by sn desc", "");
my %Hit = $DB->GetNextHit();
$priv = $Hit{Privilege};
$category = $Hit{Category};
#$this->print("p: $priv/$pPrivilegesList\n");
}
#=====================================================================
#
# .iniファイルで個別に追加
#Privilege::ByCategory::Everyone=Logon
#Privilege::ByCategory::Secretary=LogonLevel2
#Privilege::ByCategory::Committee=LogonLevel1
#Privilege::ByPrivilege::Everyone=Logon
#Privilege::ByPrivilege::LogonLevel1=Logon
#
#=====================================================================
#Privilege::ByCategory
#Privilege::ByCategory::Everyone
my $s = $pParams->{"Privilege::ByCategory::Everyone"};
$priv = $this->MergePrivileges($priv, $s) if($s);
#Privilege::ByCategory::{Category}
#$this->print("Category[$category]\n");
my @cat = Utils::Split(",", $category);
foreach my $cat (@cat) {
my $s = $pParams->{"Privilege::ByCategory::${cat}"};
next if(!$s);
#$this->print("PC[$cat][$s]\n");
$priv = $this->MergePrivileges($priv, $s);
if($s =~ /^LogonLevel(\d+)$/) {
$priv = $this->MergePrivileges($priv, $pPrivilegesList->[$1]);
}
}
if($pPrivilegesList) {
my $pParams = $this->pParams();
#$this->H3("PL[$pParams->{LogonLevel}]\n");
if(defined $pParams and defined $pParams->{LogonLevel} and $pParams->{LogonLevel} > 0) {
for(my $i = $pParams->{LogonLevel} ; $i < @$pPrivilegesList ; $i++) {
$priv = $this->MergePrivileges($priv, $pPrivilegesList->[$i]);
}
$priv = $this->MergePrivileges($priv, "LogonLevel$pParams->{LogonLevel}");
}
}
#$this->print("p2: $priv\n");
#Privilege::ByPrivilege
#Privilege::ByPrivilege::Everyone
$s = $pParams->{"Privilege::ByPrivilege::Everyone"};
$priv = $this->MergePrivileges($priv, $s) if($s);
#Privilege::ByPrivilege::{Privilege}
my @prv = Utils::Split("\\s*,\\s*", $priv);
foreach my $prv (@prv) {
#$this->print("Prv[$prv]\n");
my $s = $pParams->{"Privilege::ByPrivilege::${prv}"};
next if(!$s);
#$this->print("PP[$prv][$s]\n");
$priv = $this->MergePrivileges($priv, $s);
if($s =~ /^LogonLevel(\d+)$/) {
$priv = $this->MergePrivileges($priv, $pPrivilegesList->[$1]);
}
}
#$this->print("p3: $priv/$pPrivilegesList\n");
return $priv;
}
sub CheckPrivilege
{
my ($this, $DB, $EMail, $priv, $Password, $UsersTableName) = @_;
return 0 if(!$DB);
my $pParams = $this->pParams();
$pParams = {} if(!defined $pParams);
$UsersTableName = $pParams->{UsersTableName} if(!defined $UsersTableName);
my $ret = $DB->Search($UsersTableName, "EMail=\'$EMail\' order by sn desc", "");
my %Hit = $DB->GetNextHit();
#$App->print("EMail : $Hit{EMail} [$EMail]\n");
#$App->print("Password : $Hit{Password} [$Password]\n");
#$App->print("Privilege: $Hit{Privilege}\n");
return -1 unless($Password eq $Hit{Password} or $Password eq $this->Crypt($Hit{Password}));
return 1 if($Hit{Privilege} =~ /$priv/i);
# if($App->IsAdministrator($DB, $EMail)) {
# return 0 if($priv =~ /^LimitedByIPAddress$/i);
# return 1; #$Hit{Privilege};
# }
return 0;
}
sub HasPriviledge { return HasPrivilege(@_); }
sub HasPrivilege {
my ($this, $key, $IsPrint) = @_;
$IsPrint = 1 if(!defined $IsPrint);
my $pParams = $this->pParams();
$pParams = {} if(!defined $pParams);
#$this->print("MyCGIApplication::HasPrivilege: key=[$key]\n");
if($pParams->{LogonLevel} <= 0) {
if($IsPrint) {
$this->mlPrintRawHTML('en' => "$key is not allowed for non-logon user
",
'jp' => "$keyを実行するにはログオンする必要があります
");
}
return 0;
}
if($key eq 'IPAddressCoded' or $key eq 'NoIPAddressCoded') {
return $this->IsPrivilegeIncluded($key, $pParams->{LogonUserPrivilege});
}
#$this->print("MyCGIApplication::HasPrivilege: LogonLevel=[$pParams->{LogonLevel}] for [$pParams->{EMail}] [$pParams->{LogonUserPrivilege}]\n");
if($pParams->{LogonLevel} == 1 or
$this->IsPrivilegeIncluded('Admin', $pParams->{LogonUserPrivilege}) or
$this->IsPrivilegeIncluded($key, $pParams->{LogonUserPrivilege}) ) {
# $pParams->{LogonUserPrivilege} =~ /Admin/ or
# $pParams->{LogonUserPrivilege} =~ /$key/) {
return 1;
}
for(my $i = $pParams->{LogonLevel} ; $i <= 6 ; $i++) {
#$this->print("P: [$PrivilegesList[$i]] : |$key|\n");
# if($PrivilegesList[$i] =~ /\|$key\|/) {
if($this->IsPrivilegeIncluded($key, $pParams->{LogonUserPrivilege}) ) {
return 1;
}
}
if($IsPrint) {
my $ip = $this->RemoteIPAddress();
$this->mlPrintRawHTML('en' => "[$pParams->{EMail}:$pParams->{LogonLevel} ($ip)] is not authorized to execute $key
",
'jp' => "[$pParams->{EMail}:$pParams->{LogonLevel} ($ip)]には$keyを実行する権限がありません
");
}
return 0;
}
sub GetLogonLevelText
{
my ($App, $LogonLevel) = @_;
if($App->Language() eq 'jp') {
return '管理者' if($LogonLevel == 1);
return "一般ユーザー (ログオンレベル:$LogonLevel)" if($LogonLevel > 1);
return 'SQL Error' if($LogonLevel == -1);
return '登録されていないアカウント' if($LogonLevel == -2);
return '空白パスワード' if($LogonLevel == -3);
return '不正なパスワード' if($LogonLevel == -4);
return '不正なIPアドレス' if($LogonLevel == -6);
return '空白パスワード' if($LogonLevel == -7);
}
else {
return 'Administrator' if($LogonLevel == 1);
return "User (LogonLevel:$LogonLevel)" if($LogonLevel > 1);
return 'SQL Error' if($LogonLevel == -1);
return 'Non-registered Account' if($LogonLevel == -2);
return 'Blank Password' if($LogonLevel == -3);
return 'Invalid Password' if($LogonLevel == -4);
return 'Invalid IPAddress' if($LogonLevel == -6);
return 'Null Password' if($LogonLevel == -7);
}
}
# @PrivilegedAccount で指定されているかどうかのチェック
sub IsAdministrator
{
my($this, $DB, $EMail, $Password, $CheckIPAddress, $pPrivilegedAccount, $pPrivilegedIPAddress) = @_;
# return 0 if(!$DB);
#$this->print("EMail[$EMail] PW[$Password]\n");
$CheckIPAddress = 1 if(!defined $CheckIPAddress);
my $pParams = $this->pParams();
$pParams = {} if(!defined $pParams);
$pPrivilegedAccount = $pParams->{pPrivilegedAccount} if(!defined $pPrivilegedAccount);
$pPrivilegedIPAddress = $pParams->{pPrivilegedIPAddress} if(!defined $pPrivilegedIPAddress);
#$this->print("pP=$pPrivilegedAccount, $pPrivilegedIPAddress\n");
my $ip = $this->RemoteIPAddress();
my @PrivilegedAccount = @$pPrivilegedAccount;
#$this->print("PA: ", @PrivilegedAccount, "\n");
my @PrivilegedIPAddress = @$pPrivilegedIPAddress;
for(my $i = 0 ; $i < @PrivilegedAccount ; $i++) {
my ($account, $pass, $level) = Utils::Split(":", $PrivilegedAccount[$i]);
#$this->H3("i=$i: Acount[$EMail] [$account] Level[$level]\n");
my $CryptPassword = $this->Crypt($pass);
#$this->H3("i=$i: Password: [$Password] [$CryptPassword][$pass]\n");
if($account eq $EMail and ($pass eq $Password or $CryptPassword eq $Password)) {
if(!$CheckIPAddress) {
#$this->print("ip2: return level=$level\n");
return $level;
}
my ($IPAddress, $IPAddressLevel);
my $MinAllowedLevel = 1000;
for(my $j = 0 ; $j < @PrivilegedIPAddress ; $j++) {
($IPAddress, $IPAddressLevel) = Utils::Split(":", $PrivilegedIPAddress[$j]);
#$this->print("ip: $IPAddress [$ip], $IPAddressLevel >= $level?\n");
if($ip =~ /^$IPAddress$/) {
if($IPAddressLevel <= $level) {
return $level;
}
else {
$this->H2("IPAddress [$ip] is not allowed for priviledged access [$level] from the rule [$IPAddress:$IPAddressLevel].")
if(!$pParams->{NoMessageForLogonLevelWarning});
$MinAllowedLevel = $IPAddressLevel if($MinAllowedLevel > $IPAddressLevel);
}
}
}
# IPアドレス制限が定義されている場合、許される最高の権限(最小のLevel)を返す
#$this->print("MinAllowedLevel: $MinAllowedLevel\n");
if($MinAllowedLevel < 1000) {
return $MinAllowedLevel;
}
# $this->H2("IPAddress [$ip] is not allowed for priviledged access [$level].");
# return -1;
}
}
# IPアドレス制限が定義されていない場合、0を返す
return 0;
}
sub IsPrivilegedIPAddress
{
my ($this, $ip, $pPrivilegedIPAddress) = (@_);
my $pParams = $this->pParams();
$pParams = {} if(!defined $pParams);
$pPrivilegedIPAddress = $pParams->{pPrivilegedIPAddress} if(!defined $pPrivilegedIPAddress);
$ip = $this->RemoteIPAddress() unless(defined $ip);
my @PrivilegedIPAddress = @$pPrivilegedIPAddress;
if($this->{AllowedIPAddress}) {
my @AllowedIPArray = Utils::Split(";", $this->{AllowedIPAddress});
@PrivilegedIPAddress = (@AllowedIPArray, @PrivilegedIPAddress);
}
for(my $i = 0 ; $i < @PrivilegedIPAddress ; $i++) {
my ($IPAddress, $Level) = Utils::Split(":", $PrivilegedIPAddress[$i]);
return $Level if($ip =~ /^$IPAddress$/);
}
return 0;
}
sub IsPrivilegedIPAddressForConference2
{
my ($this, $ip, $pPrivilegedIPAddress) = (@_);
$pPrivilegedIPAddress = $this->{pPrivilegedIPAddress} if(!defined $pPrivilegedIPAddress);
$ip = $this->RemoteIPAddress() unless(defined $ip);
my @PrivilegedIPAddress = @$pPrivilegedIPAddress;
for(my $i = 0 ; $i < @PrivilegedIPAddress ; $i++) {
my ($IPAddress, $Level) = Utils::Split(":", $PrivilegedIPAddress[$i]);
return $Level if($ip =~ /^$IPAddress$/);
}
return 0;
}
sub GetAdministratorAccount
{
my ($App, $pParams, $Password, $CheckIPAddress, $pPrivilegedAccount, $pPrivilegedIPAddress) = @_;
$pPrivilegedAccount = $pParams->{pPrivilegedAccount} if(!defined $pPrivilegedAccount);
$pPrivilegedIPAddress = $pParams->{pPrivilegedIPAddress} if(!defined $pPrivilegedIPAddress);
my $AdministratorAccount = 'Administrator';
my $ip = $App->RemoteIPAddress();
my @PrivilegedAccount = ($pPrivilegedAccount)? @$pPrivilegedAccount : ();
my @PrivilegedIPAddress = ($pPrivilegedIPAddress)? @$pPrivilegedIPAddress : ();
for(my $i = 0 ; $i < @PrivilegedAccount ; $i++) {
my ($account, $pass, $level) = Utils::Split(":", $PrivilegedAccount[$i]);
#$this->H3("i=$i: Acount[$EMail] [$account] Level[$level]\n");
next if($account ne $AdministratorAccount);
my $CryptPassword = $App->Crypt($pass);
#$this->H3("i=$i: Password: [$Password] [$CryptPassword][$pass]\n");
if($pass eq $Password or $CryptPassword eq $Password) {
if(!$CheckIPAddress) {
#$this->print("ip2: return level=$level\n");
return ($account, $pass, $level);
}
my ($IPAddress, $IPAddressLevel);
my $MinAllowedLevel = 1000;
for(my $j = 0 ; $j < @PrivilegedIPAddress ; $j++) {
($IPAddress, $IPAddressLevel) = Utils::Split(":", $PrivilegedIPAddress[$j]);
#$this->print("ip: $IPAddress [$ip], $IPAddressLevel >= $level?\n");
if($ip =~ /^$IPAddress$/) {
if($IPAddressLevel <= $level) {
return $level;
}
else {
$App->H2("IPAddress [$ip] is not allowed for priviledged access [$level] from the rule [$IPAddress:$IPAddressLevel].")
if(!$pParams->{NoMessageForLogonLevelWarning});
$MinAllowedLevel = $IPAddressLevel if($MinAllowedLevel > $IPAddressLevel);
}
}
}
# IPアドレス制限が定義されている場合、許される最高の権限(最小のLevel)を返す
#$this->print("MinAllowedLevel: $MinAllowedLevel\n");
if($MinAllowedLevel < 1000) {
return ($account, $pass, $MinAllowedLevel);
}
# $this->H2("IPAddress [$ip] is not allowed for priviledged access [$level].");
# return -1;
}
}
# IPアドレス制限が定義されていない場合、0を返す
return ();
}
sub IsRegisteredNickName
{
my ($App, $nn) = @_;
my $pParams = $App->pParams();
my $db = $App->DuplicateDB();
#$App->H1("db=$db Table=$pParams->{DBRegistersTableName}
\n");
$db->Search($pParams->{DBRegistersTableName}, "EMail=\'$pParams->{EMail}\' order by sn", "*");
my %Me = $db->GetNextHit();
my $db2 = $App->DuplicateDB();
$db2->Search($pParams->{DBRegistersTableName}, "NickName = \'$pParams->{NickName}\' order by sn", "*");
my $n = $db2->nHit();
for(my $i = 0 ; $i < $n ; $i++) {
my %h = $db2->GetNextHit();
next if($h{sn} == $Me{sn});
if(uc $h{NickName} eq uc $pParams->{NickName}) {
return 1;
}
}
return 0;
}
sub IsValidNickName
{
my ($App, $nn) = @_;
return 0 if($nn =~ /^(submit|update)$/i);
return 1;
}
sub IsValidPasscode
{
my ($App, $pc) = @_;
#$App->print("pc[$pc]\n");
return 1 if($pc =~ /^\d{4,}$/);
return 0;
}
sub NicknameAuthorization
{
my($App, $DB, $pParams) = @_;
#$App->print("submit[$pParams->{submit}] Table[$pParams->{UsersTableName}] Allow[$pParams->{AllowNicknameLogon} ]\n");
return (-1, 'Nickname logon not allowed', $pParams->{EMail}, $pParams->{Password})
if(!$pParams->{AllowNicknameLogon});
return (-1, 'Not nickname logon', $pParams->{EMail}, $pParams->{Password})
if($pParams->{submit} eq '' or $pParams->{submit} =~ /^(submit|update)$/i);
$DB->Search($pParams->{UsersTableName}, "NickName='$pParams->{submit}' order by sn", "*");
my $n = $DB->nHit();
if($n == 0) {
$App->mlPrintRawHTML(
'en' => "Error in Nickname authorization: Nickname [$pParams->{submit}] is not found
\n",
'jp' => "エラー (Nickname authorization): Nickname [$pParams->{submit}] が見つかりません
\n",
);
return (0, 'Nickname not found', undef, undef);
}
my %h = $DB->GetNextHit();
#$App->print("pw[$h{Passcode}] [$pParams->{Passcode}] hit [$h{EMail}] [$h{Password}]\n");
if($pParams->{Passcode} eq $h{Passcode}) {
# $App->H2("Nickname and passcode have passed the authorization.\n");
return (1, 'Authorized', $h{EMail}, $h{Password});
}
$App->mlPrintRawHTML(
'en' => "Error in Nickname authorization: Wrong passcode
\n",
'jp' => "エラー (Nickname authorization): Passcodeを間違えてます
\n",
);
return (0, 'Wrong passcode', undef, undef);
}
sub UserAuthorization
{
my($App, $DB, $EMail, $Password, $CryptedHeader, $AdditionalCondition) = @_;
my $pParams = $App->pParams();
$pParams = {} if(!defined $pParams);
# return $pParams->{LogonLevel} = 6 if(!$DB);
$pParams->{Password} = $App->Crypt($pParams->{Password});
$pParams->{IPAddressLevel} = $App->IsPrivilegedIPAddress($pParams->{IPAddress});
$pParams->{AuthorizationLevel} = $App->UserAuthorization2($DB, $EMail, $Password, $CryptedHeader, $AdditionalCondition);
# IPAddressLevelが0の場合は、IPAddressによる制限は行わない
#$App->print("IPAddressLevel: $pParams->{IPAddressLevel} AuthorizationLevel: $pParams->{AuthorizationLevel}\n");
if($pParams->{AuthorizationLevel} <= 0 or $pParams->{IPAddressLevel} == 0 or
$pParams->{IPAddressLevel} <= $pParams->{AuthorizationLevel}) {
$pParams->{LogonLevel} = $pParams->{AuthorizationLevel};
}
else {
$pParams->{LogonLevel} = $pParams->{IPAddressLevel};
}
$pParams->{LogonUserPrivilege} = $App->GetPrivilege($DB, $pParams->{EMail}, undef, $pParams->{pPrivilegesList});
$pParams->{LogonLevelText} = $App->GetLogonLevelText($pParams->{LogonLevel});
return $pParams->{LogonLevel};
}
sub UserAuthorization2
{
my($App, $DB, $EMail, $Password, $CryptedHeader, $AdditionalCondition) = @_;
my $pParams = $App->pParams();
# return $pParams->{LogonLevel} = 6 if(!$DB);
$pParams = {} if(!defined $pParams);
$CryptedHeader = $pParams->{CryptedHeader} if(!defined $CryptedHeader);
$CryptedHeader = '' if(!defined $CryptedHeader);
if($pParams->{Password} eq '' or $pParams->{Password} eq $App->Crypt('')) {
$App->mlPrintRawHTML('en' => "Null password is not allowed
",
'jp' => "空白パスワードです
");
return $pParams->{LogonLevel} = -7;
}
# @PrivilegedAccount で指定されている情報とマッチしたら、Logon OK
my $pParams = ($App->{pParams})? $App->{pParams} : {};
my $CheckPrivilegedIPAddress = $pParams->{CheckPrivilegedIPAddress};
#$App->print("CheckPrivilegedIPAddress=$CheckPrivilegedIPAddress\n");
my $AdministratorLevelWithoutIPCheck = $App->IsAdministrator($DB, $EMail, $Password, 0);
#$App->print("AdministratorLevel=$AdministratorLevelWithoutIPCheck\n");
my $AdministratorLevel = $App->IsAdministrator($DB, $EMail, $Password, $CheckPrivilegedIPAddress);
#$App->print("AdministratorLevel=$AdministratorLevel\n");
$pParams->{AdministratorLevel} = $AdministratorLevel;
return $AdministratorLevel if($AdministratorLevel > 0);
my $IPAddressLevel = $App->IsPrivilegedIPAddress($App->RemoteIPAddress());
#$App->print("PPP: $pParams->{pPrivilegesList}\n");
my $Privileges = $App->GetPrivilege($DB, $EMail, undef, $pParams->{pPrivilegesList});
$pParams->{LogonUserPrivilege} = $Privileges;
$pParams->{IPAddressLevel} = $IPAddressLevel;
$pParams->{LogonLevel} = 0;
# return $pParams->{LogonLevel} = 7;
if(!$DB) {
$App->H2("Error in MyAuthApplication::UserAuthorization2: DB object can not be obtained.\n");
$App->H2(" Probably your password for Administrator would be wrong.\n");
return $pParams->{LogonLevel} = -1;
}
my $condition = "EMail='$EMail' order by sn";# desc";
if($AdditionalCondition ne '') {
$condition = "$AdditionalCondition and EMail='$EMail' order by sn;# desc";
}
#$App->print("Cond: [$condition][$pParams->{UsersTableName}]\n");
my $ret = $DB->Search($pParams->{UsersTableName}, $condition, "*");
if(!$ret) {
$App->print("Execute Select: Error\n");
return $pParams->{LogonLevel} = -1;
}
my $nHit = $DB->nHit;
#$App->print("nHit=$nHit\n");
return $pParams->{LogonLevel} = -2 if($nHit == 0);
my %Hit = $DB->GetNextHit();
#$App->print("Privilege(sn=$Hit{sn}): $Hit{Privilege}\n");
#foreach my $key (sort keys %Hit) {
#$App->print("$key: $Hit{$key}\n");
#}
my $DBPassword = $Hit{Password};
my $CryptDBPassword = $App->Crypt($DBPassword);
#$App->print("P: [$Password] [$DBPassword] [$CryptDBPassword]\n");
if($DBPassword =~ /^\s*$/ and $Password eq '') {
$App->mlPrintRawHTML('en' => "Blank password is not allowed
",
'jp' => "空白パスワードは認識されません
");
Utils::MergeHash($App->{pParams}, \%Hit);
return $pParams->{LogonLevel} = -3;
}
#$App->print("P: [$Password] [$DBPassword] [$CryptDBPassword]\n");
if($DBPassword eq '' and $AdministratorLevelWithoutIPCheck) {
my $ip = $App->RemoteIPAddress();
$App->mlPrintRawHTML('en' => "Invalid IPAddress [$ip] for Administartor
",
'jp' => "管理者アクセスには不正なIPアドレスです [$ip]
");
return $pParams->{LogonLevel} = -6;
}
elsif($Password eq $DBPassword or $Password eq $CryptDBPassword or "$CryptedHeader$Password" eq $CryptDBPassword) {
}
else {
# PrivilegedAccountのAdministratorのパスワードと一致していたらOK
my ($AdministratorAccount, $AdministratorPassword, $AdministratorLevel) = $App->GetAdministratorAccount($pParams, $Password);
#$App->print("A[$AdministratorLevel]\n");
if($AdministratorLevel) {
$pParams->{LogonLevel} = $AdministratorLevel if($pParams->{LogonLevel} > 0 and $AdministratorLevel > $pParams->{LogonLevel});
}
else {
$App->mlPrintRawHTML('en' => "Invalid password
",
'jp' => "不正なパスワードです
");
return $pParams->{LogonLevel} = -4;
}
}
# Passwordチェックをクリアーしたら、LimitedByIPAddressの確認
if($Password eq $DBPassword or $Password eq $CryptDBPassword) {
my $ret = $App->CheckPrivilege($DB, $EMail, "LimitedByIPAddress", $Password);
if($ret == 1) {
#LimitedByIPAddressが設定されていて、PrivilegedIPAddress以外からのアクセスなら承認しない
if($IPAddressLevel == 0) {
return $pParams->{LogonLevel} = -6;
}
}
}
#$App->print("P1: $Hit{Privilege}\n");
# if($Hit{Privilege} =~ /Admin/ and $IPAddressLevel == 1) {
if($App->IsPrivilegeIncluded('Admin', $Hit{Privilege}) and $IPAddressLevel == 1) {
return $pParams->{LogonLevel} = 1;
}
#$App->print("P2: $Hit{Privilege}\n");
if($Hit{Privilege} =~ /LogonLevel(\d)/) {
my $level = $1;
if($IPAddressLevel > $level) {
return $pParams->{LogonLevel} = $IPAddressLevel;
}
else {
return $pParams->{LogonLevel} = $level;
}
}
return $pParams->{LogonLevel} = 6;
}
1;