/**
* Generate Users
*
* @param
* @return
*/
function generateUsers($a_login_base = "learner", $a_start = 1, $a_end = 1000, $a_firstname = "John", $a_lastname_base = "Learner", $a_pw = "learnerpw", $a_email = "*****@*****.**", $a_gender = "m", $a_lang = "en")
{
global $rbacadmin;
// new users
$this->log("Creating Users");
for ($i = $a_start; $i <= $a_end; $i++) {
$this->log($a_login_base . $i);
$user = new ilObjUser();
$user->setLogin($a_login_base . $i);
$user->setFirstname($a_firstname);
$user->setLastname($a_lastname_base . " " . $i);
$user->setGender($a_gender);
$user->setEmail($a_email);
$user->setAgreeDate(ilUtil::now());
$user->setPasswd($a_pw, IL_PASSWD_PLAIN);
$user->setTitle($user->getFullname());
$user->setDescription($user->getEmail());
$user->setLastPasswordChangeTS(time());
$user->setActive(true);
$user->setTimeLimitUnlimited(true);
$user->create();
$user->setLanguage($a_lang);
$user->saveAsNew(false);
$user->writePrefs();
$rbacadmin->assignUser(4, $user->getId(), true);
}
}
public static function _createRandomUserAccount($keyarray)
{
global $ilDB, $ilUser, $ilSetting, $rbacadmin;
if ($_SESSION['create_user_account'] != NULL) {
$obj_user = new ilObjUser($_SESSION['create_user_account']);
return $obj_user;
} else {
$userLogin = array();
$res = $ilDB->query('SELECT sequence FROM object_data_seq');
$row = $ilDB->fetchAssoc($res);
$temp_user_id = (int) $row['sequence'] + 1;
$userLogin['login'] = '******' . $temp_user_id;
$userLogin['passwd'] = ilUtil::generatePasswords(1);
require_once 'Services/User/classes/class.ilObjUser.php';
include_once "Services/Mail/classes/class.ilAccountMail.php";
$obj_user = new ilObjUser();
$obj_user->setId($temp_user_id);
$obj_user->setLogin($userLogin['login']);
$obj_user->setPasswd((string) $userLogin['passwd'][0], IL_PASSWD_PLAIN);
$_SESSION['tmp_user_account']['login'] = $userLogin['login'];
$_SESSION['tmp_user_account']['passwd'] = $userLogin['passwd'];
$obj_user->setFirstname($keyarray['first_name']);
$obj_user->setLastname($keyarray['last_name']);
$obj_user->setEmail($keyarray['payer_email']);
# $obj_user->setEmail('*****@*****.**');
$obj_user->setGender('f');
$obj_user->setLanguage($ilSetting->get("language"));
$obj_user->setActive(true);
$obj_user->setTimeLimitUnlimited(true);
$obj_user->setTitle($obj_user->getFullname());
$obj_user->setDescription($obj_user->getEmail());
$obj_user->setTimeLimitOwner(7);
$obj_user->setTimeLimitUnlimited(1);
$obj_user->setTimeLimitMessage(0);
$obj_user->setApproveDate(date("Y-m-d H:i:s"));
// Set default prefs
$obj_user->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
$obj_user->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
$obj_user->writePrefs();
// at the first login the user must complete profile
$obj_user->setProfileIncomplete(true);
$obj_user->create();
$obj_user->saveAsNew();
$user_role = ilObject::_exists(4, false);
if (!$user_role) {
include_once "./Services/AccessControl/classes/class.ilObjRole.php";
$reg_allowed = ilObjRole::_lookupRegisterAllowed();
$user_role = $reg_allowed[0]['id'];
} else {
$user_role = 4;
}
$rbacadmin->assignUser((int) $user_role, $obj_user->getId(), true);
include_once "Services/Mail/classes/class.ilMimeMail.php";
global $ilias, $lng;
$settings = $ilias->getAllSettings();
$mmail = new ilMimeMail();
$mmail->autoCheck(false);
$mmail->From($settings["admin_email"]);
$mmail->To($obj_user->getEmail());
// mail subject
$subject = $lng->txt("reg_mail_subject");
// mail body
$body = $lng->txt("reg_mail_body_salutation") . " " . $obj_user->getFullname() . ",\n\n" . $lng->txt("reg_mail_body_text1") . "\n\n" . $lng->txt("reg_mail_body_text2") . "\n" . ILIAS_HTTP_PATH . "/login.php?client_id=" . $ilias->client_id . "\n";
$body .= $lng->txt("login") . ": " . $obj_user->getLogin() . "\n";
$body .= $lng->txt("passwd") . ": " . $userLogin['passwd'][0] . "\n";
$body .= "\n";
$body .= $lng->txt("reg_mail_body_text3") . "\n\r";
$body .= $obj_user->getProfileAsString($lng);
$mmail->Subject($subject);
$mmail->Body($body);
$mmail->Send();
$_SESSION['create_user_account'] = $obj_user->getId();
return $obj_user;
}
}
function fetchData($a_username, $password, $isChallengeResponse = false)
{
//var_dump(func_get_args());
//var_dump($_SERVER);
global $lng;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth')) {
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
return false;
}
if (!ilUtil::isLogin($a_username)) {
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
global $ilDB;
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) {
// we have a valid apache auth
global $ilDB;
if ($settings->get('apache_enable_local')) {
$query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
$qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
// if no local user has been found AND ldap lookup is enabled
if ($settings->get('apache_enable_ldap')) {
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
$user_data = $ldapUser[$a_username];
//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if ($this->server->enabledSyncOnLogin()) {
if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'apache';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach ($roles as $info) {
if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
exit;
}
if ($this->updateRequired($a_username)) {
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
} else {
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
}
}
if ($user_data['ilInternalAccount']) {
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
return true;
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
// no local user, no ldap match or ldap not activated
// if (!self::$force_creation)
// {
// $_SESSION['tmp_auth_mode'] = 'apache';
// $_SESSION['tmp_external_account'] = $a_username;
// $_SESSION['tmp_pass'] = $_POST['password'];
//ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
// }
// else
// {
global $ilIliasIniFile;
if ($_GET['r']) {
$_SESSION['profile_complete_redirect'] = $_GET['r'];
}
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by ilSecuritySettings
$user->setLastPasswordChangeTS(time());
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
global $rbacadmin;
$rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
return true;
// }
}
} else {
if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
}
return false;
}
/**
* @param $a_username
* @param $password
* @param bool $isChallengeResponse
* @return bool|void
* @throws ilLDAPQueryException
*/
function fetchData($a_username, $password, $isChallengeResponse = false)
{
/**
* @var $ilDB ilDB
* @var $ilSetting ilSetting
* @var $rbacadmin ilRbacAdmin
*/
global $ilDB, $ilSetting, $rbacadmin;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth')) {
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
return false;
}
if (!ilUtil::isLogin($a_username)) {
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) {
// we have a valid apache auth
$list = array($ilSetting->get('auth_mode'));
// Respect the auth method sequence
include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) {
$list = array();
foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
$list[] = $auth_mode;
}
}
foreach ($list as $auth_mode) {
if (AUTH_LDAP == $auth_mode) {
// if no local user has been found AND ldap lookup is enabled
if ($settings->get('apache_enable_ldap')) {
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$query->bind();
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
$user_data = $ldapUser[$a_username];
//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if ($this->server->enabledSyncOnLogin()) {
if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'ldap';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach ($roles as $info) {
if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
if ($this->updateRequired($a_username)) {
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
} else {
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
}
}
if ($user_data['ilInternalAccount']) {
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
$this->_auth_obj->username = $user_data['ilInternalAccount'];
return true;
}
}
}
} else {
if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) {
$condition = '';
if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') {
$condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
}
$query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}";
$qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
if ($_GET['r']) {
$_SESSION['profile_complete_redirect'] = $_GET['r'];
}
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by ilSecuritySettings
$user->setLastPasswordChangeTS(time());
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
$rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
return true;
}
} else {
if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
}
return false;
}
/**
* Clipboard
* @group IL_Init
*/
public function testClipboard()
{
$value = "";
// creation
$user = new ilObjUser();
$d = array("login" => "aatestuser3", "passwd_type" => IL_PASSWD_PLAIN, "passwd" => "password", "gender" => "f", "firstname" => "Heidi", "lastname" => "Kabel", "email" => "*****@*****.**");
$user->assignData($d);
$user->setActive(true);
$user->create();
$user->saveAsNew();
$user->setLanguage("de");
$user->writePrefs();
$id = $user->getId();
$user->addObjectToClipboard($id, "user", "aatestuser");
$user->addObjectToClipboard(56, "mump", "mumpitz");
if ($user->clipboardHasObjectsOfType("user")) {
$value .= "clip1-";
}
$user->clipboardDeleteObjectsOfType("user");
if ($user->clipboardHasObjectsOfType("mump") && !$user->clipboardHasObjectsOfType("user")) {
$value .= "clip2-";
}
$objs = $user->getClipboardObjects("mump");
if (is_array($objs) && count($objs) == 1 && $objs[0]["id"] == 56) {
$value .= "clip3-";
}
$objs = $user->getClipboardChilds(56, "2008-10-10");
$us = ilObjUser::_getUsersForClipboadObject("mump", 56);
if (is_array($us) && count($us) == 1 && $us[0] == $id) {
$value .= "clip4-";
}
$user->delete();
$this->assertEquals("clip1-clip2-clip3-clip4-", $value);
}
/**
* @see ilAuthContainerBase::loginObserver()
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
$ilLog->write(__METHOD__ . ': Successful CAS login.');
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
return $this->handleLDAPDataSource($a_auth, $a_username);
}
include_once "./Services/CAS/lib/CAS.php";
if ($PHPCAS_CLIENT->getUser() != "") {
$username = $PHPCAS_CLIENT->getUser();
$ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$a_auth->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
} else {
$ilLog->write(__METHOD__ . ': Login failed.');
// This should never occur unless CAS is not configured properly
$a_auth->status = AUTH_WRONG_LOGIN;
return false;
}
return false;
}
/**
* handler for end of element when in import user mode.
*/
function importEndTag($a_xml_parser, $a_name)
{
global $ilias, $rbacadmin, $rbacreview, $ilUser, $lng, $ilSetting;
switch ($a_name) {
case "Role":
$this->roles[$this->current_role_id]["name"] = $this->cdata;
$this->roles[$this->current_role_id]["type"] = $this->current_role_type;
$this->roles[$this->current_role_id]["action"] = $this->current_role_action;
break;
case "PersonalPicture":
switch ($this->personalPicture["encoding"]) {
case "Base64":
$this->personalPicture["content"] = base64_decode($this->cdata);
break;
case "UUEncode":
// this only works with PHP >= 5
if (version_compare(PHP_VERSION, '5', '>=')) {
$this->personalPicture["content"] = convert_uudecode($this->cdata);
}
break;
}
break;
case "User":
$this->userObj->setFullname();
// Fetch the user_id from the database, if we didn't have it in xml file
// fetch as well, if we are trying to insert -> recognize duplicates!
if ($this->user_id == -1 || $this->action == "Insert") {
$user_id = ilObjUser::getUserIdByLogin($this->userObj->getLogin());
} else {
$user_id = $this->user_id;
}
//echo $user_id.":".$this->userObj->getLogin();
// Handle conflicts
switch ($this->conflict_rule) {
case IL_FAIL_ON_CONFLICT:
// do not change action
break;
case IL_UPDATE_ON_CONFLICT:
switch ($this->action) {
case "Insert":
if ($user_id) {
$this->logWarning($this->userObj->getLogin(), sprintf($lng->txt("usrimport_action_replaced"), "Insert", "Update"));
$this->action = "Update";
}
break;
case "Update":
if (!$user_id) {
$this->logWarning($this->userObj->getLogin(), sprintf($lng->txt("usrimport_action_replaced"), "Update", "Insert"));
$this->action = "Insert";
}
break;
case "Delete":
if (!$user_id) {
$this->logWarning($this->userObj->getLogin(), sprintf($lng->txt("usrimport_action_ignored"), "Delete"));
$this->action = "Ignore";
}
break;
}
break;
case IL_IGNORE_ON_CONFLICT:
switch ($this->action) {
case "Insert":
if ($user_id) {
$this->logWarning($this->userObj->getLogin(), sprintf($lng->txt("usrimport_action_ignored"), "Insert"));
$this->action = "Ignore";
}
break;
case "Update":
if (!$user_id) {
$this->logWarning($this->userObj->getLogin(), sprintf($lng->txt("usrimport_action_ignored"), "Update"));
$this->action = "Ignore";
}
break;
case "Delete":
if (!$user_id) {
$this->logWarning($this->userObj->getLogin(), sprintf($lng->txt("usrimport_action_ignored"), "Delete"));
$this->action = "Ignore";
}
break;
}
break;
}
// check external account conflict (if external account is already used)
// note: we cannot apply conflict rules in the same manner as to logins here
// so we ignore records with already existing external accounts.
//echo $this->userObj->getAuthMode().'h';
$am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
$loginForExternalAccount = $this->userObj->getExternalAccount() == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, $this->userObj->getExternalAccount());
switch ($this->action) {
case "Insert":
if ($loginForExternalAccount != "") {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->userObj->getExternalAccount() . ")");
$this->action = "Ignore";
}
break;
case "Update":
// this variable describes the ILIAS login which belongs to the given external account!!!
// it is NOT nescessarily the ILIAS login of the current user record !!
// so if we found an ILIAS login according to the authentication method
// check if the ILIAS login belongs to the current user record, otherwise somebody else is using it!
if ($loginForExternalAccount != "") {
// check if we changed the value!
$externalAccountHasChanged = $this->userObj->getExternalAccount() != ilObjUser::_lookupExternalAccount($this->user_id);
// if it has changed and the external login
if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->userObj->getExternalAccount() . ")");
$this->action = "Ignore";
}
}
break;
}
// Perform the action
switch ($this->action) {
case "Insert":
if ($user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
} else {
if (!strlen($this->currPassword) == 0) {
switch ($this->currPasswordType) {
case "ILIAS2":
$this->userObj->setPasswd($this->currPassword, IL_PASSWD_CRYPT);
break;
case "ILIAS3":
$this->userObj->setPasswd($this->currPassword, IL_PASSWD_MD5);
break;
case "PLAIN":
$this->userObj->setPasswd($this->currPassword, IL_PASSWD_PLAIN);
$this->acc_mail->setUserPassword($this->currPassword);
break;
}
} else {
// this does the trick for empty passwords
// since a MD5 string has always 32 characters,
// no hashed password combination will ever equal to
// an empty string
$this->userObj->setPasswd("", IL_PASSWD_MD5);
}
$this->userObj->setTitle($this->userObj->getFullname());
$this->userObj->setDescription($this->userObj->getEmail());
if (!$this->time_limit_owner_set) {
$this->userObj->setTimeLimitOwner($this->getFolderId());
}
// default time limit settings
if (!$this->time_limit_set) {
$this->userObj->setTimeLimitUnlimited(1);
$this->userObj->setTimeLimitMessage(0);
if (!$this->approve_date_set) {
$this->userObj->setApproveDate(date("Y-m-d H:i:s"));
}
}
$this->userObj->setActive($this->currActive == 'true' || is_null($this->currActive));
// Finally before saving new user.
// Check if profile is incomplete
// #8759
if (count($this->udf_data)) {
$this->userObj->setUserDefinedData($this->udf_data);
}
$this->userObj->setProfileIncomplete($this->checkProfileIncomplete($this->userObj));
$this->userObj->create();
//insert user data in table user_data
$this->userObj->saveAsNew(false);
// Set default prefs
$this->userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
$this->userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
if (count($this->prefs)) {
foreach ($this->prefs as $key => $value) {
if ($key != "mail_incoming_type" && $key != "mail_signature" && $key != "mail_linebreak") {
$this->userObj->setPref($key, $value);
}
}
}
$this->userObj->writePrefs();
// update mail preferences, to be extended
$this->updateMailPreferences($this->userObj->getId());
if (is_array($this->personalPicture)) {
if (strlen($this->personalPicture["content"])) {
$extension = "jpg";
if (preg_match("/.*(png|jpg|gif|jpeg)\$/", $this->personalPicture["imagetype"], $matches)) {
$extension = $matches[1];
}
$tmp_name = $this->saveTempImage($this->personalPicture["content"], ".{$extension}");
if (strlen($tmp_name)) {
ilObjUser::_uploadPersonalPicture($tmp_name, $this->userObj->getId());
unlink($tmp_name);
}
}
}
if ($this->ilincdata["id"]) {
include_once 'Modules/ILinc/classes/class.ilObjiLincUser.php';
$ilinc_user = new ilObjiLincUser($this->userObj);
$ilinc_user->setVar("id", $this->ilincdata["id"]);
$ilinc_user->setVar("login", $this->ilincdata["login"]);
$ilinc_user->setVar("passwd", $this->ilincdata["password"]);
$ilinc_user->update();
}
//set role entries
foreach ($this->roles as $role_id => $role) {
if ($this->role_assign[$role_id]) {
$this->assignToRole($this->userObj, $this->role_assign[$role_id]);
}
}
if (count($this->udf_data)) {
include_once './Services/User/classes/class.ilUserDefinedData.php';
$udd = new ilUserDefinedData($this->userObj->getId());
foreach ($this->udf_data as $field => $value) {
$udd->set("f_" . $field, $value);
}
$udd->update();
}
$this->sendAccountMail();
$this->logSuccess($this->userObj->getLogin(), $this->userObj->getId(), "Insert");
// reset account mail object
$this->acc_mail->reset();
}
break;
case "Update":
if (!$user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
} else {
$updateUser = new ilObjUser($user_id);
$updateUser->read();
$updateUser->readPrefs();
if ($this->currPassword != null) {
switch ($this->currPasswordType) {
case "ILIAS2":
$updateUser->setPasswd($this->currPassword, IL_PASSWD_CRYPT);
break;
case "ILIAS3":
$updateUser->setPasswd($this->currPassword, IL_PASSWD_MD5);
break;
case "PLAIN":
$updateUser->setPasswd($this->currPassword, IL_PASSWD_PLAIN);
$this->acc_mail->setUserPassword($this->currPassword);
break;
}
}
if (!is_null($this->userObj->getFirstname())) {
$updateUser->setFirstname($this->userObj->getFirstname());
}
if (!is_null($this->userObj->getLastname())) {
$updateUser->setLastname($this->userObj->getLastname());
}
if (!is_null($this->userObj->getUTitle())) {
$updateUser->setUTitle($this->userObj->getUTitle());
}
if (!is_null($this->userObj->getGender())) {
$updateUser->setGender($this->userObj->getGender());
}
if (!is_null($this->userObj->getEmail())) {
$updateUser->setEmail($this->userObj->getEmail());
}
if (!is_null($this->userObj->getBirthday())) {
$updateUser->setBirthday($this->userObj->getBirthday());
}
if (!is_null($this->userObj->getInstitution())) {
$updateUser->setInstitution($this->userObj->getInstitution());
}
if (!is_null($this->userObj->getStreet())) {
$updateUser->setStreet($this->userObj->getStreet());
}
if (!is_null($this->userObj->getCity())) {
$updateUser->setCity($this->userObj->getCity());
}
if (!is_null($this->userObj->getZipCode())) {
$updateUser->setZipCode($this->userObj->getZipCode());
}
if (!is_null($this->userObj->getCountry())) {
$updateUser->setCountry($this->userObj->getCountry());
}
if (!is_null($this->userObj->getPhoneOffice())) {
$updateUser->setPhoneOffice($this->userObj->getPhoneOffice());
}
if (!is_null($this->userObj->getPhoneHome())) {
$updateUser->setPhoneHome($this->userObj->getPhoneHome());
}
if (!is_null($this->userObj->getPhoneMobile())) {
$updateUser->setPhoneMobile($this->userObj->getPhoneMobile());
}
if (!is_null($this->userObj->getFax())) {
$updateUser->setFax($this->userObj->getFax());
}
if (!is_null($this->userObj->getHobby())) {
$updateUser->setHobby($this->userObj->getHobby());
}
if (!is_null($this->userObj->getComment())) {
$updateUser->setComment($this->userObj->getComment());
}
if (!is_null($this->userObj->getDepartment())) {
$updateUser->setDepartment($this->userObj->getDepartment());
}
if (!is_null($this->userObj->getMatriculation())) {
$updateUser->setMatriculation($this->userObj->getMatriculation());
}
if (!is_null($this->currActive)) {
$updateUser->setActive($this->currActive == "true", is_object($ilUser) ? $ilUser->getId() : 0);
}
if (!is_null($this->userObj->getClientIP())) {
$updateUser->setClientIP($this->userObj->getClientIP());
}
if (!is_null($this->userObj->getTimeLimitUnlimited())) {
$updateUser->setTimeLimitUnlimited($this->userObj->getTimeLimitUnlimited());
}
if (!is_null($this->userObj->getTimeLimitFrom())) {
$updateUser->setTimeLimitFrom($this->userObj->getTimeLimitFrom());
}
if (!is_null($this->userObj->getTimeLimitUntil())) {
$updateUser->setTimeLimitUntil($this->userObj->getTimeLimitUntil());
}
if (!is_null($this->userObj->getTimeLimitMessage())) {
$updateUser->setTimeLimitMessage($this->userObj->getTimeLimitMessage());
}
if (!is_null($this->userObj->getApproveDate())) {
$updateUser->setApproveDate($this->userObj->getApproveDate());
}
if (!is_null($this->userObj->getAgreeDate())) {
$updateUser->setAgreeDate($this->userObj->getAgreeDate());
}
if (!is_null($this->userObj->getLanguage())) {
$updateUser->setLanguage($this->userObj->getLanguage());
}
if (!is_null($this->userObj->getExternalAccount())) {
$updateUser->setExternalAccount($this->userObj->getExternalAccount());
}
// Fixed: if auth_mode is not set, it was always overwritten with auth_default
#if (! is_null($this->userObj->getAuthMode())) $updateUser->setAuthMode($this->userObj->getAuthMode());
if ($this->auth_mode_set) {
$updateUser->setAuthMode($this->userObj->getAuthMode());
}
if (!is_null($this->userObj->getInstantMessengerId("aim"))) {
$updateUser->setInstantMessengerId("aim", $this->userObj->getInstantMessengerId("aim"));
}
if (!is_null($this->userObj->getInstantMessengerId("msn"))) {
$updateUser->setInstantMessengerId("msn", $this->userObj->getInstantMessengerId("msn"));
}
if (!is_null($this->userObj->getInstantMessengerId("icq"))) {
$updateUser->setInstantMessengerId("icq", $this->userObj->getInstantMessengerId("icq"));
}
if (!is_null($this->userObj->getInstantMessengerId("yahoo"))) {
$updateUser->setInstantMessengerId("yahoo", $this->userObj->getInstantMessengerId("yahoo"));
}
if (!is_null($this->userObj->getInstantMessengerId("skype"))) {
$updateUser->setInstantMessengerId("skype", $this->userObj->getInstantMessengerId("skype"));
}
if (!is_null($this->userObj->getInstantMessengerId("jabber"))) {
$updateUser->setInstantMessengerId("jabber", $this->userObj->getInstantMessengerId("jabber"));
}
if (!is_null($this->userObj->getInstantMessengerId("voip"))) {
$updateUser->setInstantMessengerId("voip", $this->userObj->getInstantMessengerId("voip"));
}
// Special handlin since it defaults to 7 (USER_FOLDER_ID)
if ($this->time_limit_owner_set) {
$updateUser->setTimeLimitOwner($this->userObj->getTimeLimitOwner());
}
if (count($this->prefs)) {
foreach ($this->prefs as $key => $value) {
if ($key != "mail_incoming_type" && $key != "mail_signature" && $key != "mail_linebreak") {
$updateUser->setPref($key, $value);
}
}
}
// save user preferences (skin and style)
if ($this->updateLookAndSkin) {
$updateUser->setPref("skin", $this->userObj->getPref("skin"));
$updateUser->setPref("style", $this->userObj->getPref("style"));
}
$updateUser->writePrefs();
// update mail preferences, to be extended
$this->updateMailPreferences($updateUser->getId());
// #8759
if (count($this->udf_data)) {
$updateUser->setUserDefinedData($this->udf_data);
}
$updateUser->setProfileIncomplete($this->checkProfileIncomplete($updateUser));
$updateUser->setTitle($updateUser->getFullname());
$updateUser->setDescription($updateUser->getEmail());
$updateUser->update();
if ($this->ilincdata["id"]) {
include_once 'Modules/ILinc/classes/class.ilObjiLincUser.php';
$ilinc_user = new ilObjiLincUser($updateUser);
$ilinc_user->setVar("id", $this->ilincdata["id"]);
$ilinc_user->setVar("login", $this->ilincdata["login"]);
$ilinc_user->setVar("passwd", $this->ilincdata["password"]);
$ilinc_user->update();
}
if (count($this->udf_data)) {
include_once './Services/User/classes/class.ilUserDefinedData.php';
$udd = new ilUserDefinedData($updateUser->getId());
foreach ($this->udf_data as $field => $value) {
$udd->set("f_" . $field, $value);
}
$udd->update();
}
// update login
if (!is_null($this->userObj->getLogin()) && $this->user_id != -1) {
try {
$updateUser->updateLogin($this->userObj->getLogin());
} catch (ilUserException $e) {
}
}
// if language has changed
if (is_array($this->personalPicture)) {
if (strlen($this->personalPicture["content"])) {
$extension = "jpg";
if (preg_match("/.*(png|jpg|gif|jpeg)\$/", $this->personalPicture["imagetype"], $matches)) {
$extension = $matches[1];
}
$tmp_name = $this->saveTempImage($this->personalPicture["content"], ".{$extension}");
if (strlen($tmp_name)) {
ilObjUser::_uploadPersonalPicture($tmp_name, $this->userObj->getId());
unlink($tmp_name);
}
}
}
//update role entries
//-------------------
foreach ($this->roles as $role_id => $role) {
if ($this->role_assign[$role_id]) {
switch ($role["action"]) {
case "Assign":
$this->assignToRole($updateUser, $this->role_assign[$role_id]);
break;
case "AssignWithParents":
$this->assignToRoleWithParents($updateUser, $this->role_assign[$role_id]);
break;
case "Detach":
$this->detachFromRole($updateUser, $this->role_assign[$role_id]);
break;
}
}
}
$this->logSuccess($updateUser->getLogin(), $user_id, "Update");
}
break;
case "Delete":
if (!$user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
} else {
$deleteUser = new ilObjUser($user_id);
$deleteUser->delete();
$this->logSuccess($this->userObj->getLogin(), $user_id, "Delete");
}
break;
}
// init role array for next user
$this->roles = array();
break;
case "Login":
$this->userObj->setLogin($this->cdata);
break;
case "Password":
$this->currPassword = $this->cdata;
break;
case "Firstname":
$this->userObj->setFirstname($this->cdata);
break;
case "Lastname":
$this->userObj->setLastname($this->cdata);
break;
case "Title":
$this->userObj->setUTitle($this->cdata);
break;
case "Gender":
$this->userObj->setGender($this->cdata);
break;
case "Email":
$this->userObj->setEmail($this->cdata);
break;
case "Birthday":
$timestamp = strtotime($this->cdata);
if ($timestamp !== false) {
$this->userObj->setBirthday($this->cdata);
}
break;
case "Institution":
$this->userObj->setInstitution($this->cdata);
break;
case "Street":
$this->userObj->setStreet($this->cdata);
break;
case "City":
$this->userObj->setCity($this->cdata);
break;
case "PostalCode":
$this->userObj->setZipCode($this->cdata);
break;
case "Country":
$this->userObj->setCountry($this->cdata);
break;
case "PhoneOffice":
$this->userObj->setPhoneOffice($this->cdata);
break;
case "PhoneHome":
$this->userObj->setPhoneHome($this->cdata);
break;
case "PhoneMobile":
$this->userObj->setPhoneMobile($this->cdata);
break;
case "Fax":
$this->userObj->setFax($this->cdata);
break;
case "Hobby":
$this->userObj->setHobby($this->cdata);
break;
case "Comment":
$this->userObj->setComment($this->cdata);
break;
case "Department":
$this->userObj->setDepartment($this->cdata);
break;
case "Matriculation":
$this->userObj->setMatriculation($this->cdata);
break;
case "Active":
$this->currActive = $this->cdata;
break;
case "ClientIP":
$this->userObj->setClientIP($this->cdata);
break;
case "TimeLimitOwner":
$this->time_limit_owner_set = true;
$this->userObj->setTimeLimitOwner($this->cdata);
break;
case "TimeLimitUnlimited":
$this->time_limit_set = true;
$this->userObj->setTimeLimitUnlimited($this->cdata);
break;
case "TimeLimitFrom":
if (is_numeric($this->cdata)) {
// Treat cdata as a unix timestamp
$this->userObj->setTimeLimitFrom($this->cdata);
} else {
// Try to convert cdata into unix timestamp, or ignore it
$timestamp = strtotime($this->cdata);
if ($timestamp !== false && trim($this->cdata) != "0000-00-00 00:00:00") {
$this->userObj->setTimeLimitFrom($timestamp);
} elseif ($this->cdata == "0000-00-00 00:00:00") {
$this->userObj->setTimeLimitFrom(null);
}
}
break;
case "TimeLimitUntil":
if (is_numeric($this->cdata)) {
// Treat cdata as a unix timestamp
$this->userObj->setTimeLimitUntil($this->cdata);
} else {
// Try to convert cdata into unix timestamp, or ignore it
$timestamp = strtotime($this->cdata);
if ($timestamp !== false && trim($this->cdata) != "0000-00-00 00:00:00") {
$this->userObj->setTimeLimitUntil($timestamp);
} elseif ($this->cdata == "0000-00-00 00:00:00") {
$this->userObj->setTimeLimitUntil(null);
}
}
break;
case "TimeLimitMessage":
$this->userObj->setTimeLimitMessage($this->cdata);
break;
case "ApproveDate":
$this->approve_date_set = true;
if (is_numeric($this->cdata)) {
// Treat cdata as a unix timestamp
$tmp_date = new ilDateTime($this->cdata, IL_CAL_UNIX);
$this->userObj->setApproveDate($tmp_date->get(IL_CAL_DATETIME));
} else {
// Try to convert cdata into unix timestamp, or ignore it
$timestamp = strtotime($this->cdata);
if ($timestamp !== false && trim($this->cdata) != "0000-00-00 00:00:00") {
$tmp_date = new ilDateTime($timestamp, IL_CAL_UNIX);
$this->userObj->setApproveDate($tmp_date->get(IL_CAL_DATETIME));
} elseif ($this->cdata == "0000-00-00 00:00:00") {
$this->userObj->setApproveDate(null);
}
}
break;
case "AgreeDate":
if (is_numeric($this->cdata)) {
// Treat cdata as a unix timestamp
$tmp_date = new ilDateTime($this->cdata, IL_CAL_UNIX);
$this->userObj->setAgreeDate($tmp_date->get(IL_CAL_DATETIME));
} else {
// Try to convert cdata into unix timestamp, or ignore it
$timestamp = strtotime($this->cdata);
if ($timestamp !== false && trim($this->cdata) != "0000-00-00 00:00:00") {
$tmp_date = new ilDateTime($timestamp, IL_CAL_UNIX);
$this->userObj->setAgreeDate($tmp_date->get(IL_CAL_DATETIME));
} elseif ($this->cdata == "0000-00-00 00:00:00") {
$this->userObj->setAgreeDate(null);
}
}
break;
case "iLincID":
$this->ilincdata["id"] = $this->cdata;
break;
case "iLincLogin":
$this->{$ilincdata}["login"] = $this->cdata;
break;
case "iLincPasswd":
$this->{$ilincdata}["password"] = $this->cdata;
//$this->userObj->setiLincData($this->ilincdata);
break;
case "ExternalAccount":
$this->userObj->setExternalAccount($this->cdata);
break;
case "Look":
$this->updateLookAndSkin = false;
if (!$this->hideSkin) {
// TODO: what to do with disabled skins? is it possible to change the skin via import?
if (strlen($this->skin) > 0 && strlen($this->style) > 0) {
if (is_array($this->userStyles)) {
if (in_array($this->skin . ":" . $this->style, $this->userStyles)) {
$this->userObj->setPref("skin", $this->skin);
$this->userObj->setPref("style", $this->style);
$this->updateLookAndSkin = true;
}
}
}
}
break;
case 'UserDefinedField':
include_once './Services/User/classes/class.ilUserDefinedFields.php';
$udf = ilUserDefinedFields::_getInstance();
if ($field_id = $udf->fetchFieldIdFromImportId($this->tmp_udf_id)) {
$this->udf_data[$field_id] = $this->cdata;
} elseif ($field_id = $udf->fetchFieldIdFromName($this->tmp_udf_name)) {
$this->udf_data[$field_id] = $this->cdata;
}
break;
case 'AccountInfo':
if ($this->current_messenger_type == "delicious") {
$this->userObj->setDelicious($this->cdata);
} elseif ($this->current_messenger_type == "external") {
$this->userObj->setExternalAccount($this->cdata);
} else {
$this->userObj->setInstantMessengerId($this->current_messenger_type, $this->cdata);
}
break;
case 'Pref':
if ($this->currentPrefKey != null && strlen(trim($this->cdata)) > 0 && ilUserXMLWriter::isPrefExportable($this->currentPrefKey)) {
$this->prefs[$this->currentPrefKey] = trim($this->cdata);
}
$this->currentPrefKey = null;
break;
}
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
// Store user's Shibboleth sessionID for logout
$this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
// Get loginname of user, new login name is generated if user is new
$username = $this->generateLogin();
// Authorize this user
$this->setAuth($username);
$userObj = new ilObjUser();
// Check wether this account exists already, if not create it
if (!ilObjUser::getUserIdByLogin($username)) {
$newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
$newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$newUser["login"] = $username;
// Password must be random to prevent users from manually log in using the login data from Shibboleth users
$newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
$newUser["passwd_type"] = IL_PASSWD_MD5;
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
}
// Save mapping between ILIAS user and Shibboleth uniqueID
$newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
// other data
$newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
$newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
$newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
$newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
$newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
$newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
$newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
$newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
$newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
$newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
$newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
$newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
$newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
$newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
$newUser["auth_mode"] = "shibboleth";
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
$userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
// Create use in DB
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// store acceptance of user agreement
//$userObj->writeAccepted();
// Default prefs
$userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
$userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
// setup user preferences
$userObj->writePrefs();
//set role entries
#$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
// New role assignment
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
// Authorize this user
$this->setAuth($userObj->getLogin());
} else {
// Update user account
$uid = $userObj->checkUserId();
$userObj->setId($uid);
$userObj->read($uid);
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
}
if ($ilias->getSetting('shib_update_title')) {
$userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
}
$userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
$userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
$userObj->setFullname();
if ($ilias->getSetting('shib_update_institution')) {
$userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
}
if ($ilias->getSetting('shib_update_department')) {
$userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
}
if ($ilias->getSetting('shib_update_street')) {
$userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
}
if ($ilias->getSetting('shib_update_city')) {
$userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
}
if ($ilias->getSetting('shib_update_zipcode')) {
$userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
}
if ($ilias->getSetting('shib_update_country')) {
$userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
}
if ($ilias->getSetting('shib_update_phone_office')) {
$userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
}
if ($ilias->getSetting('shib_update_phone_home')) {
$userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
}
if ($ilias->getSetting('shib_update_phone_mobile')) {
$userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
}
if ($ilias->getSetting('shib_update_fax')) {
$userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
}
if ($ilias->getSetting('shib_update_matriculation')) {
$userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
}
if ($ilias->getSetting('shib_update_email')) {
$userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
}
if ($ilias->getSetting('shib_update_hobby')) {
$userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
}
if ($ilias->getSetting('shib_update_language')) {
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
}
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
$userObj->update();
// Update role assignments
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
}
// we are authenticated: redirect, if possible
if ($_GET["target"] != "") {
ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
}
} else {
// This should never occur unless Shibboleth is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
/**
* create new user
*
* @access protected
*/
protected function createUser(ilECSUser $user)
{
global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
$userObj = new ilObjUser();
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
$newUser["login"] = $local_user;
$newUser["firstname"] = $user->getFirstname();
$newUser["lastname"] = $user->getLastname();
$newUser['email'] = $user->getEmail();
$newUser['institution'] = $user->getInstitution();
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
$newUser["auth_mode"] = "ecs";
$newUser["profile_incomplete"] = 0;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(0);
$userObj->setTimeLimitFrom(time() - 5);
$userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
$now = new ilDateTime(time(), IL_CAL_UNIX);
$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
// Create user in DB
$userObj->setOwner(6);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
$userObj->saveAsNew();
$userObj->writePrefs();
if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
$rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
}
ilObject::_writeImportId($userObj->getId(), $user->getImportId());
$ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId());
// Send Mail
#$this->sendNotification($userObj);
return $userObj->getLogin();
}
/**
* Called after login and successful call of fetch data
* @return
* @param object $a_username
* @param object $a_auth
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $lng, $ilSetting;
$GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
// TODO: handle passed credentials via GET
/*
if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
// Not required anymore
/*
$validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
if (!$validation_data["valid"])
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
$local_user = $this->response["local_user"];
if ($local_user != "") {
// to do: handle update of user
$a_auth->setAuth($local_user);
return true;
}
if (!$ilSetting->get("soap_auth_create_users")) {
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
//echo "1";
// try to map external user via e-mail to ILIAS user
if ($this->response["email"] != "") {
//echo "2";
//var_dump ($_POST);
$email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
// check, if password has been provided in user mapping screen
// (see ilStartUpGUI::showUserMappingSelection)
// FIXME
if ($_POST["LoginMappedUser"] != "") {
if (count($email_user) > 0) {
$user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
// password is correct -> map user
//$this->setAuth($local_user); (use login not id)
ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
$_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
$local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
$a_auth->status = '';
$a_auth->setAuth($local_user);
return true;
} else {
//echo "6"; exit;
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->setSubStatus(AUTH_WRONG_LOGIN);
$a_auth->logout();
return false;
}
}
}
if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
$_GET["email"] = $this->response["email"];
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->logout();
return false;
}
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($a_username);
$newUser["firstname"] = $this->response["firstname"];
$newUser["lastname"] = $this->response["lastname"];
$newUser["email"] = $this->response["email"];
$newUser["login"] = $local_user;
// to do: set valid password and send mail
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_CRYPTED;
// generate password, if local authentication is allowed
// and account mail is activated
$pw = "";
if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
$pw = ilUtil::generatePasswords(1);
$pw = $pw[0];
$newUser["passwd"] = $pw;
$newUser["passwd_type"] = IL_PASSWD_PLAIN;
}
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "soap";
$newUser["ext_account"] = $a_username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($lng->lang_default);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew(false);
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
// send account mail
if ($ilSetting->get("soap_auth_account_mail")) {
include_once './Services/User/classes/class.ilObjUserFolder.php';
$amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
include_once "Services/Mail/classes/class.ilAccountMail.php";
$acc_mail = new ilAccountMail();
if ($pw != "") {
$acc_mail->setUserPassword($pw);
}
$acc_mail->setUser($userObj);
$acc_mail->send();
}
}
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (phpCAS::getUser() != "") {
$username = phpCAS::getUser();
// Authorize this user
include_once './Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$this->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$this->status = AUTH_CAS_NO_ILIAS_USER;
$this->logout();
return;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$this->setAuth($local_user);
}
} else {
// This should never occur unless CAS is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}