/** * Get https instance * @return */ public static function getInstance() { if (self::$instance) { return self::$instance; } return self::$instance = new ilHTTPS(); }
/** * Creates (or reuses) a password assistance session, and sends a password * assistance mail to the specified user. * Note: To prevent DOS attacks, a new session is created only, if no session * exists, or if the existing session has been expired. * The password assistance mail contains an URL, which points to this script * and contains the following URL parameters: * client_id * key * @param $email * @param $logins */ public function sendUsernameAssistanceMail($email, array $logins) { require_once 'Services/Mail/classes/class.ilMailbox.php'; require_once 'Services/Mail/classes/class.ilMimeMail.php'; require_once 'include/inc.pwassist_session_handler.php'; $protocol = $this->https->isDetected() ? 'https://' : 'http://'; $server_url = $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/'; $login_url = $server_url . 'pwassist.php' . '?client_id=' . $this->ilias->getClientId() . '&lang=' . $this->lng->getLangKey(); $contact_address = $this->settings->get('admin_email'); $mm = new ilMimeMail(); $mm->Subject($this->lng->txt('pwassist_mail_subject')); $mm->From($contact_address); $mm->To($email); $mm->Body(str_replace(array("\\n", "\\t"), array("\n", "\t"), sprintf($this->lng->txt('pwassist_username_mail_body'), join($logins, ",\n"), $server_url, $_SERVER['REMOTE_ADDR'], $email, 'mailto:' . $contact_address, $login_url))); $mm->Send(); }
/** * set session cookie params for path, domain, etc. */ protected static function setCookieParams() { global $ilSetting; include_once 'Services/Authentication/classes/class.ilAuthFactory.php'; if (ilAuthFactory::getContext() == ilAuthFactory::CONTEXT_HTTP) { $cookie_path = '/'; } elseif ($GLOBALS['COOKIE_PATH']) { // use a predefined cookie path from WebAccessChecker $cookie_path = $GLOBALS['COOKIE_PATH']; } else { $cookie_path = dirname($_SERVER['PHP_SELF']); } /* if ilias is called directly within the docroot $cookie_path is set to '/' expecting on servers running under windows.. here it is set to '\'. in both cases a further '/' won't be appended due to the following regex */ $cookie_path .= !preg_match("/[\\/|\\\\]\$/", $cookie_path) ? "/" : ""; if ($cookie_path == "\\") { $cookie_path = '/'; } include_once './Services/Http/classes/class.ilHTTPS.php'; $cookie_secure = !$ilSetting->get('https', 0) && ilHTTPS::getInstance()->isDetected(); define('IL_COOKIE_EXPIRE', 0); define('IL_COOKIE_PATH', $cookie_path); define('IL_COOKIE_DOMAIN', ''); define('IL_COOKIE_SECURE', $cookie_secure); // Default Value // session_set_cookie_params() supports 5th parameter // only for php version 5.2.0 and above if (version_compare(PHP_VERSION, '5.2.0', '>=')) { // PHP version >= 5.2.0 define('IL_COOKIE_HTTPONLY', true); // Default Value session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE, IL_COOKIE_HTTPONLY); } else { // PHP version < 5.2.0 session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE); } }
/** * builds http path */ protected static function buildHTTPPath() { include_once './Services/Http/classes/class.ilHTTPS.php'; $https = new ilHTTPS(); if ($https->isDetected()) { $protocol = 'https://'; } else { $protocol = 'http://'; } $host = $_SERVER['HTTP_HOST']; $rq_uri = $_SERVER['REQUEST_URI']; // security fix: this failed, if the URI contained "?" and following "/" // -> we remove everything after "?" if (is_int($pos = strpos($rq_uri, "?"))) { $rq_uri = substr($rq_uri, 0, $pos); } if (!defined('ILIAS_MODULE')) { $path = pathinfo($rq_uri); if (!$path['extension']) { $uri = $rq_uri; } else { $uri = dirname($rq_uri); } } else { // if in module remove module name from HTTP_PATH $path = dirname($rq_uri); // dirname cuts the last directory from a directory path e.g content/classes return content $module = ilUtil::removeTrailingPathSeparators(ILIAS_MODULE); $dirs = explode('/', $module); $uri = $path; foreach ($dirs as $dir) { $uri = dirname($uri); } } return define('ILIAS_HTTP_PATH', ilUtil::removeTrailingPathSeparators($protocol . $host . $uri)); }
/** * Returns true, if the WebDAV server transfers data over HTTPS. * * @return boolean Returns true if HTTPS is active. */ public function isWebDAVoverHTTPS() { if ($this->isHTTPS == null) { global $ilSetting; require_once './Services/Http/classes/class.ilHTTPS.php'; $https = new ilHTTPS(); $this->isHTTPS = $https->isDetected() || $ilSetting->get('https'); } return $this->isHTTPS; }
/** * deliver file for download via browser. * @param $mime Mime of the file * @param $isInline Set this to true, if the file shall be shown in browser * @static * */ public static function deliverFile($a_file, $a_filename, $a_mime = '', $isInline = false, $removeAfterDelivery = false, $a_exit_after = true) { // should we fail silently? if (!file_exists($a_file)) { return false; } if ($isInline) { $disposition = "inline"; // "inline" to view file in browser } else { $disposition = "attachment"; // "attachment" to download to hard disk //$a_mime = "application/octet-stream"; // override mime type to ensure that no browser tries to show the file anyway. } // END WebDAV: Show file in browser or provide it as attachment if (strlen($a_mime)) { $mime = $a_mime; } else { $mime = "application/octet-stream"; // or whatever the mime type is } // BEGIN WebDAV: Removed broken HTTPS code. // END WebDAV: Removed broken HTTPS code. if ($disposition == "attachment") { header("Cache-control: private"); } else { header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); } $ascii_filename = ilUtil::getASCIIFilename($a_filename); header("Content-Type: {$mime}"); header("Content-Disposition:{$disposition}; filename=\"" . $ascii_filename . "\""); header("Content-Description: " . $ascii_filename); // #7271: if notice gets thrown download will fail in IE $filesize = @filesize($a_file); if ($filesize) { header("Content-Length: " . (string) $filesize); } include_once './Services/Http/classes/class.ilHTTPS.php'; #if($_SERVER['HTTPS']) if (ilHTTPS::getInstance()->isDetected()) { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } header("Connection: close"); ilUtil::readFile($a_file); if ($removeAfterDelivery) { unlink($a_file); } if ($a_exit_after) { exit; } }
function initIlias($context = "web") { global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory; // remove unsafe characters $this->removeUnsafeCharacters(); // error reporting // remove notices from error reporting if (version_compare(PHP_VERSION, '5.3.0', '>=')) { error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED); } else { error_reporting(ini_get('error_reporting') & ~E_NOTICE); } // include common code files $this->requireCommonIncludes(); global $ilBench; // set error handler (to do: check preconditions for error handler to work) $ilBench->start("Core", "HeaderInclude_GetErrorHandler"); $ilErr = new ilErrorHandling(); $GLOBALS['ilErr'] =& $ilErr; $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler')); $ilBench->stop("Core", "HeaderInclude_GetErrorHandler"); // prepare file access to work with safe mode (has been done in class ilias before) umask(0117); // set cookie params $this->setCookieParams(); // $ilIliasIniFile initialisation $this->initIliasIniFile(); // CLIENT_ID determination $this->determineClient(); // $ilAppEventHandler initialisation $this->initEventHandling(); // $ilClientIniFile initialisation $this->initClientIniFile(); // removed redirection madness the service should respond with SERVICE UNAVAILABLE // $ilDB initialisation $this->initDatabase(); // init plugin admin class include_once "Services/Component/classes/class.ilPluginAdmin.php"; $ilPluginAdmin = new ilPluginAdmin(); $GLOBALS['ilPluginAdmin'] = $ilPluginAdmin; // set session handler $this->setSessionHandler(); // $ilSetting initialisation $this->initSettings(); // $ilLog initialisation $this->initLog(); // $https initialisation require_once 'classes/class.ilHTTPS.php'; $https = new ilHTTPS(); $GLOBALS['https'] =& $https; $https->enableSecureCookies(); $https->checkPort(); if ($this->returnBeforeAuth()) { return; } $ilCtrl = new ilCtrl2(); $GLOBALS['ilCtrl'] =& $ilCtrl; // $ilAuth initialisation include_once "Services/Authentication/classes/class.ilAuthUtils.php"; ilAuthUtils::_initAuth(); global $ilAuth; $this->includePhp5Compliance(); // Do not accept external session ids if (!ilSession::_exists(session_id())) { // $_GET["PHPSESSID"] = ""; session_regenerate_id(); } // $ilias initialisation global $ilias, $ilBench; $ilBench->start("Core", "HeaderInclude_GetILIASObject"); $ilias = new ILIAS(); $GLOBALS['ilias'] =& $ilias; $ilBench->stop("Core", "HeaderInclude_GetILIASObject"); // $ilObjDataCache initialisation $ilObjDataCache = new ilObjectDataCache(); $GLOBALS['ilObjDataCache'] =& $ilObjDataCache; // workaround: load old post variables if error handler 'message' was called if (isset($_SESSION["message"]) && $_SESSION["message"]) { $_POST = $_SESSION["post_vars"]; } // put debugging functions here require_once "include/inc.debug.php"; // $objDefinition initialisation $ilBench->start("Core", "HeaderInclude_getObjectDefinitions"); $objDefinition = new ilObjectDefinition(); $GLOBALS['objDefinition'] =& $objDefinition; // $objDefinition->startParsing(); $ilBench->stop("Core", "HeaderInclude_getObjectDefinitions"); // init tree $tree = new ilTree(ROOT_FOLDER_ID); $GLOBALS['tree'] =& $tree; // $ilAccess and $rbac... initialisation $this->initAccessHandling(); // authenticate & start session PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler")); $ilBench->start("Core", "HeaderInclude_Authentication"); //var_dump($_SESSION); ////require_once('Log.php'); ////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST'); ////$ilAuth->enableLogging = true; if (!defined("IL_PHPUNIT_TEST")) { $oldSid = session_id(); $ilAuth->start(); $newSid = session_id(); include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php'; ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid); } //var_dump($_SESSION); $ilias->setAuthError($ilErr->getLastError()); $ilBench->stop("Core", "HeaderInclude_Authentication"); // workaround: force login if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") { $ilAuth->logout(); if (!isset($_GET['forceShoppingCartRedirect'])) { $_SESSION = array(); } $_SESSION["AccountId"] = ""; $ilAuth->start(); $ilias->setAuthError($ilErr->getLastError()); } // check correct setup if (!$ilias->getSetting("setup_ok")) { die("Setup is not completed. Please run setup routine again."); } // $ilUser initialisation (1) $ilBench->start("Core", "HeaderInclude_getCurrentUser"); $ilUser = new ilObjUser(); $ilias->account =& $ilUser; $GLOBALS['ilUser'] =& $ilUser; $ilBench->stop("Core", "HeaderInclude_getCurrentUser"); // $ilCtrl initialisation //$ilCtrl = new ilCtrl(); // determin current script and up-path to main directory // (sets $this->script and $this->updir) $this->determineScriptAndUpDir(); // $styleDefinition initialisation and style handling for login and co. $this->initStyle(); if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") { $this->handleStyle(); } // init locale $this->initLocale(); // handle ILIAS 2 imported users: // check ilias 2 password, if authentication failed // only if AUTH_LOCAL //echo "A"; if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") { if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) { if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) { $ilAuth->start(); $ilias->setAuthError($ilErr->getLastError()); ilUtil::redirect("index.php"); } } } // // SUCCESSFUL AUTHENTICATION // if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) { //echo "C"; exit; $ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData"); //var_dump($_SESSION); // get user data $this->initUserAccount(); //var_dump($_SESSION); // differentiate account security mode require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security_settings = ilSecuritySettings::_getInstance(); if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { // reset counter for failed logins ilObjUser::_resetLoginAttempts($ilUser->getId()); } $ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData"); } else { if (!$ilAuth->getAuth()) { require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; // differentiate account security mode $security = ilSecuritySettings::_getInstance(); if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) { $username = ilUtil::stripSlashes($_POST['username']); $usr_id = ilObjUser::_lookupId($username); if ($usr_id != ANONYMOUS_USER_ID) { ilObjUser::_incrementLoginAttempts($usr_id); $login_attempts = ilObjUser::_getLoginAttempts($usr_id); $max_attempts = $security->getLoginMaxAttempts(); if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) { ilObjUser::_setUserInactive($usr_id); } } } } } } // // SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...) // // $lng initialisation $this->initLanguage(); // store user language in tree $GLOBALS['tree']->initLangCode(); // ### AA 03.10.29 added new LocatorGUI class ### // when locator data array does not exist, initialise if (!isset($_SESSION["locator_level"])) { $_SESSION["locator_data"] = array(); $_SESSION["locator_level"] = -1; } // initialise global ilias_locator object // ECS Tasks include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php'; $scheduler = ilECSTaskScheduler::start(); $ilBench->stop("Core", "HeaderInclude"); }
/** * validate settings * * @return 0, if everything is ok, an error code otherwise */ public function validate() { if ($this->isAutomaticHTTPSEnabled() && (strlen($this->getAutomaticHTTPSHeaderName()) == 0 || strlen($this->getAutomaticHTTPSHeaderValue()) == 0)) { return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS; } include_once './Services/Http/classes/class.ilHTTPS.php'; if ($this->isHTTPSEnabled()) { if (!ilHTTPS::_checkHTTPS()) { return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE; } } elseif (!ilHTTPS::_checkHTTP()) { return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE; } if ($this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { if ($this->getPasswordMinLength() < 0) { return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH; } if ($this->getPasswordMaxLength() < 0) { return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH; } $password_min_length = 1; if ($this->isPasswordCharsAndNumbersEnabled()) { $password_min_length++; $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2; if ($this->isPasswordSpecialCharsEnabled()) { $password_min_length++; $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3; } } if ($this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length) { return $password_min_length_error_code; } if ($this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength()) { return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH; } if ($this->getPasswordMaxAge() < 0) { return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE; } if ($this->getLoginMaxAttempts() < 0) { return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS; } } /* * todo: have to check for local auth if first login password change is enabled?? * than: add errorcode */ return 0; }
/** * validate settings * * @return 0, if everything is ok, an error code otherwise */ public function validate(ilPropertyFormGUI $a_form = null) { $code = null; if ($a_form) { include_once "Services/PrivacySecurity/classes/class.ilObjPrivacySecurityGUI.php"; } // handled in form itself if ($this->isAutomaticHTTPSEnabled() && (strlen($this->getAutomaticHTTPSHeaderName()) == 0 || strlen($this->getAutomaticHTTPSHeaderValue()) == 0)) { return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS; } include_once './Services/Http/classes/class.ilHTTPS.php'; if ($this->isHTTPSEnabled()) { if (!ilHTTPS::_checkHTTPS()) { $code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('https_enabled')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } } elseif (!ilHTTPS::_checkHTTP()) { $code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('https_enabled')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } if ($this->getPasswordMinLength() < 0) { $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('password_min_length')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } if ($this->getPasswordMaxLength() < 0) { $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('password_max_length')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } $password_min_length = 1; if ($this->getPasswordNumberOfUppercaseChars() > 0 || $this->getPasswordNumberOfLowercaseChars() > 0) { $password_min_length = 0; if ($this->getPasswordNumberOfUppercaseChars() > 0) { $password_min_length += $this->getPasswordNumberOfUppercaseChars(); } if ($this->getPasswordNumberOfLowercaseChars() > 0) { $password_min_length += $this->getPasswordNumberOfLowercaseChars(); } $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1; } if ($this->isPasswordCharsAndNumbersEnabled()) { $password_min_length++; $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2; if ($this->isPasswordSpecialCharsEnabled()) { $password_min_length++; $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3; } } else { if ($password_min_length > 1 && $this->isPasswordSpecialCharsEnabled()) { $password_min_length++; $password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3; } } if ($this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length) { $code = $password_min_length_error_code; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('password_min_length')->setAlert(sprintf(ilObjPrivacySecurityGUI::getErrorMessage($code), $password_min_length)); } } if ($this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength()) { $code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('password_max_length')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } if ($this->getPasswordMaxAge() < 0) { $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('password_max_age')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } if ($this->getLoginMaxAttempts() < 0) { $code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS; if (!$a_form) { return $code; } else { $a_form->getItemByPostVar('login_max_attempts')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code)); } } /* * todo: have to check for local auth if first login password change is enabled?? * than: add errorcode */ if (!$a_form) { return 0; } else { return !(bool) $code; } }