/**
* checks if the user already get a session
* @return the user login if the user already has a session ,false otherwise
**/
function cas_is_authenticated()
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
global $PHPCAS_CLIENT;
global $logout;
if (!cas_configured()) {
return;
}
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::setNoCasServerValidation();
}
$auth = phpCAS::checkAuthentication();
if ($auth) {
$login = trim(phpCAS::getUser());
/*
Get user attributes. Here are the attributes for crdp platform
sn => name
ENTPersonMailInterne => mail
ENTPersonAlias => login
ENTPersonProfils => profil
givenName => first name
*/
/*$user=phpCAS::getAttributes();
$firstName = trim($user['givenName']);
$lastName = trim($user['sn']);
$login = trim($user['ENTPersonAlias']);
$profil = trim($user['ENTPersonProfils']);
$email = trim($user['ENTPersonMailInterne']);
$satus=5;
switch ($profil){
case 'admin_etab':
$status=3; //Session admin
break;
case 'admin_sie':
$status=3; //Session admin
break;
case 'National_3':
$status=1; // Teacher
break;
case 'National_1':
$status=5; // Student
break;
default:
$status=5; // Student
}*/
if (!$logout) {
// get user info from username
$tab_user_info = UserManager::get_user_info($login);
// user found in the chamilo database
if (is_array($tab_user_info)) {
// if option is on we update user automatically from ldap server
if (api_get_setting("update_user_info_cas_with_ldap") == "true") {
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldap_user !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['user_id'] = $tab_user_info['user_id'];
$chamilo_user['status'] = $tab_user_info['status'];
UserManager::update_user($chamilo_user["user_id"], $chamilo_user["firstname"], $chamilo_user["lastname"], $login, null, null, $chamilo_user["email"], $chamilo_user["status"], '', '', '', '', 1, null, 0, null, '');
}
}
return $login;
} else {
// if option is on we can ADD user automatically from ldap server or by modify own profil
$user_added = false;
switch (api_get_setting("cas_add_user_activate")) {
case PLATFORM_AUTH_SOURCE:
// user will have to modify firstname, lastname, email in chamilo profil edit
$userdata = get_lang("EditInProfil");
UserManager::create_user($userdata, $userdata, '5', $userdata, $login, 'casplaceholder', '', '', '', '', CAS_AUTH_SOURCE);
$user_added = $login;
break;
case LDAP_AUTH_SOURCE:
// user info are read from ldap connexion
// get user info from ldap server
// user has already been authenticated by CAS
// If user not found in LDAP, user not created
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldap_user !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['username'] = $login;
$chamilo_user['auth_source'] = CAS_AUTH_SOURCE;
$chamilo_uid = external_add_user($chamilo_user);
$user_added = $login;
}
break;
default:
break;
}
return $user_added;
}
}
// //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap
// if (! $logout){
// $user_table = Database::get_main_table(TABLE_MAIN_USER);
// $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ".
// "FROM $user_table ".
// "WHERE username = '******' ";
//
// $result = Database::query($sql,__FILE__,__LINE__);
// if(mysql_num_rows($result) == 0) {
// require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php');
// $rnumber=rand(0,256000);
// UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE);
// }
// else {
// $user = mysql_fetch_assoc($result);
// $user_id = intval($user['user_id']);
// //echo "deb : $status";
// UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ;
//
// }
// }
return $login;
} else {
return false;
}
}
function ldap_add_user_by_array($data, $update_if_exists = true)
{
$lastname = api_convert_encoding($data['sn'][0], api_get_system_encoding(), 'UTF-8');
$firstname = api_convert_encoding($data['cn'][0], api_get_system_encoding(), 'UTF-8');
$email = $data['mail'][0];
// Get uid from dn
$dn_array = ldap_explode_dn($data['dn'], 1);
$username = $dn_array[0];
// uid is first key
$outab[] = $data['edupersonprimaryaffiliation'][0];
// Here, "student"
//$val = ldap_get_values_len($ds, $entry, "userPassword");
//$val = ldap_get_values_len($ds, $data, "userPassword");
//$password = $val[0];
// TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that.
$password = $data['userPassword'][0];
$structure = $data['edupersonprimaryorgunitdn'][0];
$array_structure = explode(",", $structure);
$array_val = explode("=", $array_structure[0]);
$etape = $array_val[1];
$array_val = explode("=", $array_structure[1]);
$annee = $array_val[1];
// To ease management, we add the step-year (etape-annee) code
$official_code = $etape . "-" . $annee;
$auth_source = 'ldap';
// No expiration date for students (recover from LDAP's shadow expiry)
$expiration_date = '0000-00-00 00:00:00';
$active = 1;
if (empty($status)) {
$status = 5;
}
if (empty($phone)) {
$phone = '';
}
if (empty($picture_uri)) {
$picture_uri = '';
}
// Adding user
$user_id = 0;
if (UserManager::is_username_available($username)) {
$user_id = UserManager::create_user($firstname, $lastname, $status, $email, $username, $password, $official_code, api_get_setting('platformLanguage'), $phone, $picture_uri, $auth_source, $expiration_date, $active);
} else {
if ($update_if_exists) {
$user = UserManager::get_user_info($username);
$user_id = $user['user_id'];
UserManager::update_user($user_id, $firstname, $lastname, $username, null, null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active);
}
}
return $user_id;
}
/**
* Adds a user to the Dokeos database or updates its data
* @param string username (and uid inside LDAP)
* @author Mustapha Alouani
*/
function ldap_add_user($login)
{
global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass;
$ds = ldap_connect($ldap_host, $ldap_port);
ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);
if ($ds) {
$str_query = "(uid=" . $login . ")";
$r = false;
$res = ldap_handle_bind($ds, $r);
$sr = ldap_search($ds, $ldap_basedn, $str_query);
//echo "Le nombre de resultats est : ".ldap_count_entries($ds,$sr)."<p>";
$info = ldap_get_entries($ds, $sr);
for ($key = 0; $key < $info['count']; $key++) {
$lastname = api_convert_encoding($info[$key]['sn'][0], api_get_system_encoding(), 'UTF-8');
$firstname = api_convert_encoding($info[$key]['givenname'][0], api_get_system_encoding(), 'UTF-8');
$email = $info[$key]['mail'][0];
// Get uid from dn
$dn_array = ldap_explode_dn($info[$key]['dn'], 1);
$username = $dn_array[0];
// uid is first key
$outab[] = $info[$key]['edupersonprimaryaffiliation'][0];
// Ici "student"
//$val = ldap_get_values_len($ds, $entry, "userPassword");
//$val = ldap_get_values_len($ds, $info[$key], "userPassword");
//$password = $val[0];
// TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that.
$password = $info[$key]['userPassword'][0];
$structure = $info[$key]['edupersonprimaryorgunitdn'][0];
$array_structure = explode(",", $structure);
$array_val = explode("=", $array_structure[0]);
$etape = $array_val[1];
$array_val = explode("=", $array_structure[1]);
$annee = $array_val[1];
// Pour faciliter la gestion on ajoute le code "etape-annee"
$official_code = $etape . "-" . $annee;
$auth_source = 'ldap';
// Pas de date d'expiration d'etudiant (a recuperer par rapport au shadow expire LDAP)
$expiration_date = '0000-00-00 00:00:00';
$active = 1;
if (empty($status)) {
$status = 5;
}
if (empty($phone)) {
$phone = '';
}
if (empty($picture_uri)) {
$picture_uri = '';
}
// Ajout de l'utilisateur
if (UserManager::is_username_available($username)) {
$user_id = UserManager::create_user($firstname, $lastname, $status, $email, $username, $password, $official_code, api_get_setting('platformLanguage'), $phone, $picture_uri, $auth_source, $expiration_date, $active);
} else {
$user = UserManager::get_user_info($username);
$user_id = $user['user_id'];
UserManager::update_user($user_id, $firstname, $lastname, $username, null, null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active);
}
}
} else {
Display::display_error_message(get_lang('LDAPConnectionError'));
}
return $user_id;
}
/**
*
* This file is included in main/inc/local.inc.php at user login if the user
* have 'ws' in his auth_source field instead of 'platform'.
*/
use ChamiloSession as Session;
// Configure the web service URL here. e.g. http://174.1.1.19:8020/login.asmx?WSDL
$wsUrl = '';
// include common authentication functions
require_once dirname(__FILE__) . '/functions.inc.php';
// call the login checker (defined below)
$isValid = loginWSAuthenticate($login, $password, $wsUrl);
// if the authentication was successful, proceed
if ($isValid === 1) {
//error_log('WS authentication worked');
$chamiloUser = UserManager::get_user_info($login);
$loginFailed = false;
$_user['user_id'] = $chamiloUser['user_id'];
$_user['status'] = isset($chamiloUser['status']) ? $chamiloUser['status'] : 5;
$_user['uidReset'] = true;
Session::write('_user', $_user);
$uidReset = true;
$logging_in = true;
Event::event_login($_user['user_id']);
} else {
//error_log('WS authentication error - user not approved by external WS');
$loginFailed = true;
$uidReset = false;
if (isset($_user) && isset($_user['user_id'])) {
unset($_user['user_id']);
}
function WSGetUserFromUsername($params)
{
global $debug;
if ($debug) {
error_log('WSGetUserFromUsername');
}
if ($debug) {
error_log('$params: ' . print_r($params, 1));
}
if (!WSHelperVerifyKey($params)) {
return return_error(WS_ERROR_SECRET_KEY);
}
$result = array();
// Get user id
$user_data = UserManager::get_user_info($params['username']);
if (empty($user_data)) {
// If user was not found, there was a problem
$result['user_id'] = '';
$result['firstname'] = '';
$result['lastname'] = '';
} else {
$result['user_id'] = $user_data['user_id'];
$result['firstname'] = $user_data['firstname'];
$result['lastname'] = $user_data['lastname'];
}
return $result;
}
/**
* Insert users from an array of user fields
*/
function extldap_add_user_by_array($data, $update_if_exists = true)
{
global $extldap_user_correspondance;
$lastname = api_convert_encoding($data[$extldap_user_correspondance['lastname']][0], api_get_system_encoding(), 'UTF-8');
$firstname = api_convert_encoding($data[$extldap_user_correspondance['firstname']][0], api_get_system_encoding(), 'UTF-8');
$email = $data[$extldap_user_correspondance['email']][0];
$username = $data[$extldap_user_correspondance['username']][0];
// TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that.
$passwordKey = isset($extldap_user_correspondance['password']) ? $extldap_user_correspondance['password'] : '******';
$password = $data[$passwordKey][0];
// To ease management, we add the step-year (etape-annee) code
//$official_code = $etape."-".$annee;
$official_code = api_convert_encoding($data[$extldap_user_correspondance['official_code']][0], api_get_system_encoding(), 'UTF-8');
$auth_source = 'ldap';
// No expiration date for students (recover from LDAP's shadow expiry)
$expiration_date = '0000-00-00 00:00:00';
$active = 1;
if (empty($status)) {
$status = 5;
}
if (empty($phone)) {
$phone = '';
}
if (empty($picture_uri)) {
$picture_uri = '';
}
// Adding user
$user_id = 0;
if (UserManager::is_username_available($username)) {
//echo "$username\n";
$user_id = UserManager::create_user($firstname, $lastname, $status, $email, $username, $password, $official_code, api_get_setting('platformLanguage'), $phone, $picture_uri, $auth_source, $expiration_date, $active);
} else {
if ($update_if_exists) {
$user = UserManager::get_user_info($username);
$user_id = $user['user_id'];
//echo "$username\n";
UserManager::update_user($user_id, $firstname, $lastname, $username, null, null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active);
}
}
return $user_id;
}
$outab[] = $info[$key]["edupersonprimaryaffiliation"][0];
// Ici "student"
$val = ldap_get_values_len($ds, $sr, "userPassword");
$password = $val[0];
// Pour faciliter la gestion on ajoute le code "etape-annee"
$official_code = $etape . "-" . $annee;
$auth_source = "ldap";
// Pas de date d'expiration d'etudiant (a recuperer par rapport au shadow expire LDAP)
$expiration_date = '0000-00-00 00:00:00';
$active = 1;
// Ajout de l'utilisateur
if (UserManager::is_username_available($username)) {
$user_id = UserManager::create_user($firstname, $lastname, $status, $email, $username, $password, $official_code, api_get_setting('platformLanguage'), $phone, $picture_uri, $auth_source, $expiration_date, $active);
$UserAdd[] = $user_id;
} else {
$user = UserManager::get_user_info($username);
$user_id = $user['user_id'];
UserManager::update_user($user_id, $firstname, $lastname, $username, null, null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active);
$UserUpdate[] = $user_id;
}
$UserList[] = $user_id;
}
//}
}
if (isset($included) && $included) {
$message .= "> {$name_session}: " . count($UserAdd) . " " . get_lang('Added') . ' ' . get_lang('And') . ' ' . count($UserUpdate) . ' ' . get_lang('Modified') . '<br/>';
} else {
print "> {$name_session}: " . count($UserAdd) . get_lang('Added') . ' ' . get_lang('And') . ' ' . count($UserUpdate) . ' ' . get_lang('Modified') . "\n";
}
// Une fois les utilisateurs importer dans la base des utilisateurs, on peux les affecter a� la session
$result = Database::query("SELECT course_code FROM {$tbl_session_rel_course} " . "WHERE id_session='{$id_session}'");
/**
* @depends testCreateUser
*/
public function testDelete_user2()
{
$user_info = UserManager::get_user_info('jmontoya666');
$this->assertSame(false, UserManager::delete_user($user_info['user_id']));
}
