Update of the security module synchronization application

Update of the security module synchronization application

In order to improve security in our projects, we made several changes to the application files. One of these changes affected a crucial file that tells applications how to sync.

To ensure that the synchronization continues to work correctly, we made a modification to the onValidate event code of the synchronization application. All future modules will follow this fix in the code, which will provide greater security and efficiency in our projects.

However, for users who are using a previous version of the security module, it will be necessary to perform a small adjustment in their application to ensure correct operation.

Here is the steps to follow:

1- Access the sync application:


In development, inside the security folder, open the application: "app_sync_apps" .
By default, the application has the name app_sync_apps, however it is possible to change the application prefix when creating the security module. If the application with the default name is not found, use only the end of the application name: sync_apps

2- New code for the app_sync_apps application

The app_sync_apps application is created by generating modules of the types: Group, Applications and LDAP - Total Control.
Make sure the type of module being used before replacing the codes.

For modules of the type: Group 

Copy the code below:
  1. $arr_apps  = array();
  2. $_arr_apps = array_diff(scandir($this->Ini->path_aplicacao . "../_lib/_app_data/"), array('.','..', 'index.php', 'index.html'));
  3. foreach($_arr_apps as $k => $v)
  4. {
  5. if(substr($v, -12) != "_mob_ini.php")
  6. {
  7. $arr_apps[] = substr($v, 0, -8);
  8. }
  9. }

  11. if({check_deleted} == 'Y')
  12. {
  13.     foreach($arr_apps as $k => $app)
  14.     {
  15. require($this->Ini->path_aplicacao . "../_lib/_app_data/". $app . '_ini.php');
  16. $app = (isset($arr_data['friendly_url']) && !empty($arr_data['friendly_url']))?$arr_data['friendly_url']:$app;
  17.      if( !is_dir($this->Ini->path_aplicacao . "../" . $app) )
  18.         {
  19.             unset($arr_apps[$k]);
  20.         }
  21.     }
  22. }

  24. sc_select(rs, "SELECT app_name FROM sec_apps");

  26. $arr_apps_db = array();
  27. while(!$rs->EOF)
  28. {
  29.     $arr_apps_db[] = $rs->fields[0];
  30.     $rs->MoveNext();
  31. }
  32. $rs->Close();
  33. $arr_apps = array_diff($arr_apps, $arr_apps_db);

  35. //========= Groups =========
  36. $arr_grp = array();
  37. sc_select(rs, "SELECT group_id FROM sec_groups");
  38. while(!$rs->EOF)
  39. {
  40.     $arr_grp[] = $rs->fields[0];
  41.     $rs->MoveNext();
  42. }
  43. $rs->Close();

  45. foreach($arr_apps as $k => $app)
  46. {
  47. require($this->Ini->path_aplicacao . "../_lib/_app_data/". $app . '_ini.php');
  48. $app_type = isset($arr_data['type'])?$arr_data['type']:'';
  49.     
  50. $sql = "SELECT count(*) FROM sec_apps WHERE app_name = '". $app ."' ";
  51. sc_lookup(rs, $sql);
  52. if({rs[0][0]} == 0)
  53. {
  54. $sql = "INSERT INTO sec_apps(app_name, app_type) VALUES ('". $app ."', '".$app_type."')";
  55. sc_exec_sql( $sql );
  56. foreach($arr_grp as $grp)
  57. {
  58. $sql = "INSERT INTO sec_groups_apps(app_name, group_id) VALUES ('". $app ."', '". $grp ."')";
  59. sc_exec_sql( $sql );
  60. }
  61. }
  62. }
For modules of the type: Application 

Copy the code below:

  1. $arr_apps  = array();
$_arr_apps = array_diff(scandir($this->Ini->path_aplicacao . "../_lib/_app_data/"), array('.','..', 'index.php', 'index.html'));
foreach($_arr_apps as $k => $v)
{
	if(substr($v, -12) != "_mob_ini.php")
	{
		$arr_apps[] = substr($v, 0, -8);
	}
}

if({check_deleted} == 'Y')
{
    foreach($arr_apps as $k => $app)
    {
		require($this->Ini->path_aplicacao . "../_lib/_app_data/". $app . '_ini.php');
		
		$app = (isset($arr_data['friendly_url']) && !empty($arr_data['friendly_url']))?$arr_data['friendly_url']:$app;
		
    	if( !is_dir($this->Ini->path_aplicacao . "../" . $app) )
        {
            unset($arr_apps[$k]);
        }
    }
}

sc_select(rs, "SELECT app_name FROM sec_apps");

$arr_apps_db = array();
while(!$rs->EOF)
{
    $arr_apps_db[] = $rs->fields[0];
    $rs->MoveNext();
}
$rs->Close();
$arr_apps = array_diff($arr_apps, $arr_apps_db);

//========= Users =====
$arr_usr = array();
sc_select(rs, "SELECT login FROM sec_users");
while(!$rs->EOF)
{
    $arr_usr[] = $rs->fields[0];
    $rs->MoveNext();
}
$rs->Close();

foreach($arr_apps as $k => $app)
{
	require($this->Ini->path_aplicacao . "../_lib/_app_data/". $app . '_ini.php');
	$app_type = isset($arr_data['type'])?$arr_data['type']:'';
	
	$sql = "SELECT count(*) FROM sec_apps WHERE app_name = '". $app ."' ";
	sc_lookup(rs, $sql);
	if({rs[0][0]} == 0)
	{   
		sc_exec_sql("INSERT INTO sec_apps(app_name, app_type) VALUES ('". $app ."', '".$app_type."')");
		foreach($arr_usr as $usr)
		{
			sc_exec_sql("INSERT INTO sec_users_apps(app_name, login) VALUES ('". $app ."', '".$usr."')");   
		}
	}
}


For modules of types: LDAP - Total Control

Copy the code below:$arr_apps  = array();
  1. $_arr_apps = array_diff(scandir($this->Ini->path_aplicacao . "../_lib/_app_data/"), array('.','..', 'index.php', 'index.html'));
  2. foreach($_arr_apps as $k => $v)
  3. {
  4. if(substr($v, -12) != "_mob_ini.php")
  5. {
  6. $arr_apps[] = substr($v, 0, -8);
  7. }
  8. }

  10. if({check_deleted} == 'Y')
  11. {
  12.     foreach($arr_apps as $k => $app)
  13.     {
  14. require($this->Ini->path_aplicacao . "../_lib/_app_data/". $app . '_ini.php');
  15. $app = (isset($arr_data['friendly_url']) && !empty($arr_data['friendly_url']))?$arr_data['friendly_url']:$app;
  16.     if( !is_dir($this->Ini->path_aplicacao . "../" . $app) )
  17.         {
  18.             unset($arr_apps[$k]);
  19.         }
  20.     }
  21. }
  22.    
  23. sc_select(rs, "SELECT app_name FROM sec_apps");

  25. $arr_apps_db = array();
  26. while(!$rs->EOF)
  27. {
  28.     $arr_apps_db[] = $rs->fields[0];
  29.     $rs->MoveNext();
  30. }
  31. $rs->Close();
  32. $arr_apps = array_diff($arr_apps, $arr_apps_db);

  34. //========= Users =========
  35. $arr_usr = array();
  36. sc_select(rs, "SELECT login FROM sec_users");
  37. while(!$rs->EOF)
  38. {
  39.     $arr_usr[] = $rs->fields[0];
  40.     $rs->MoveNext();
  41. }
  42. $rs->Close();

  44. foreach($arr_apps as $k => $app)
  45. {
  46. require($this->Ini->path_aplicacao . "../_lib/_app_data/". $app . '_ini.php');
  47. $app_type = isset($arr_data['type'])?$arr_data['type']:'';

  49. $sql = "SELECT count(*) FROM sec_apps WHERE app_name = '". $app ."' ";
  50. sc_lookup(rs, $sql);
  51. if({rs[0][0]} == 0)
  52. {
  53. sc_exec_sql("INSERT INTO sec_apps(app_name, app_type) VALUES ('". $app ."', '".$app_type."')");
  54. foreach($arr_usr as $usr)
  55. {
  56. sc_exec_sql("INSERT INTO sec_users_apps(app_name, login) VALUES ('". $app ."', '".$usr."')");   
  57. }
  58. }
  59. }


3- Replace the "onValidate" event:



In the events folder, select the "onValidate" event. Replace the existing code with the one you copied in step 2.
In the provided code, the tables are prefixed with "sec_" pattern which is generated by the security module. In case you changed the prefix during the generation of your module, it is necessary to adjust the code, replacing "sec_" by the used prefix.

4- Generate the source code 


After completing these steps and generating the source code, you are ready to synchronize the applications.

If you have any questions, please contact our support.





    • Related Articles

    • Manual Update - Linux

      Before performing any procedure we recommend performing a backup of your projects. To back up Scriptcase: Go to Options > Settings, in the side menu go to Services > Backup. A file (.ZIP) will be generated with all your projects, save this file to a ...

    • Security module password recovery error

      To fix the error during the security module password recovery process, you need to follow the steps below: Only available when using the option to email the change new password link. 1- Access the application app_change_pswd By default, when ...

    • Security Module Two-Factor Authentication - Google Authenticator

      Google Authenticator generates 2-step verification codes on your smartphone. Two-Step Verification provides greater security for your account as it requires a second verification step at login. In addition to the password, you will need a code ...

    • Upgrading the Security Module: how to migrate from the old to the new

      Web application attacks are constantly evolving. With data being such a valuable asset, it is crucial to keep system security updated to avoid losses. The new security module, besides being extremely flexible and intuitive, implements several ...

    • Enabling Two-Factor Authentication (2FA) in the Security of our Project

      Two-factor authentication (2FA) provides more security for projects developed in ScriptCase, as well as for users of this project. In this article, we'll look at how to enable the use of two-factor authentication (2FA) when creating the project's ...