}
}
}
} else {
// handle reloads on auth_process.php after authentication check
// also handles requests with empty $auth
// without this, a form with just username/password is displayed
if (!$auth) {
redirect_to_home_page('modules/admin/auth.php');
}
$pageName = get_auth_info($auth);
// get authentication settings
if ($auth != 6) {
$auth_data = get_auth_settings($auth);
}
// display form
$tool_content .= "<div class='form-wrapper'>
<form class='form-horizontal' name='authmenu' method='post' action='$_SERVER[SCRIPT_NAME]'>
<fieldset>
<input type='hidden' name='auth' value='" . intval($auth) . "'>";
if (!empty($_SESSION['cas_warn']) && $_SESSION['cas_do']) {
$auth = 7;
$tool_content .= "<div class='alert alert-warning'>$langCASnochange</div>";
}
switch ($auth) {
case 1: $tool_content .= eclass_auth_form($auth_data['auth_title'], $auth_data['auth_instructions']);
break;
case 2: require_once 'modules/auth/methods/pop3form.php';
if ($auth != 7 and $auth != 6 and ($uname === '' or $passwd === '')) {
$tool_content .= "<div class='alert alert-danger'>{$ldapempty} {$errormessage}</div>";
draw($tool_content, 0);
exit;
} else {
// try to authenticate user
$auth_method_settings = get_auth_settings($auth);
if ($auth == 6) {
redirect_to_home_page('secure/index_reg.php' . ($prof ? '?p=1' : ''));
}
$is_valid = auth_user_login($auth, $uname, $passwd, $auth_method_settings);
}
if ($auth == 7) {
if (phpCAS::checkAuthentication()) {
$uname = phpCAS::getUser();
$cas = get_auth_settings($auth);
// store CAS released attributes in $GLOBALS['auth_user_info']
get_cas_attrs(phpCAS::getAttributes(), $cas);
if (!empty($uname)) {
$is_valid = true;
}
}
}
}
if ($is_valid) {
// connection successful
$_SESSION['was_validated'] = array('auth' => $auth, 'uname' => $uname, 'uname_exists' => user_exists($uname));
if (isset($GLOBALS['auth_user_info'])) {
$_SESSION['was_validated']['auth_user_info'] = $GLOBALS['auth_user_info'];
}
} else {
}
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
// include HubridAuth libraries
require_once 'modules/auth/methods/hybridauth/config.php';
require_once 'modules/auth/methods/hybridauth/Hybrid/Auth.php';
$config = get_hybridauth_config();
$hybridauth = new Hybrid_Auth( $config );
$hybridauth->logoutAllProviders();
session_destroy();
$uid = 0;
if (defined('CAS')) {
$cas = get_auth_settings(7);
if (isset($cas['cas_ssout']) and intval($cas['cas_ssout']) === 1) {
phpCAS::client(SAML_VERSION_1_1, $cas['cas_host'], intval($cas['cas_port']), $cas['cas_context'], FALSE);
phpCAS::logoutWithRedirectService($urlServer);
}
}
}
// if the user logged in include the correct language files
// in case he has a different language set in his/her profile
if (isset($language)) {
// include_messages
include "lang/$language/common.inc.php";
$extra_messages = "config/{$language_codes[$language]}.inc.php";
if (file_exists($extra_messages)) {
include $extra_messages;
function alt_login($user_info_object, $uname, $pass)
{
global $warning, $auth_ids;
$auth = array_search($user_info_object->password, $auth_ids);
$auth_method_settings = get_auth_settings($auth);
$auth_allow = 1;
// a CAS user might enter a username/password in the form, instead of doing CAS login
// check auth according to the defined alternative authentication method of CAS
if ($auth == 7) {
$cas = explode('|', $auth_method_settings['auth_settings']);
$cas_altauth = intval(str_replace('cas_altauth=', '', $cas[7]));
// check if alt auth is valid and active
if ($cas_altauth > 0 && check_auth_active($cas_altauth)) {
$auth = $cas_altauth;
// fetch settings of alt auth
$auth_method_settings = get_auth_settings($auth);
} else {
return 7;
// Redirect to CAS login
}
}
if ($auth == 6) {
return 6;
// Redirect to Shibboleth login
}
if ($user_info_object->password == $auth_method_settings['auth_name'] || !empty($cas_altauth)) {
$is_valid = auth_user_login($auth, $uname, $pass, $auth_method_settings);
if ($is_valid) {
$is_active = check_activity($user_info_object->id);
// check for admin privileges
$admin_rights = get_admin_rights($user_info_object->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1;
// admin user is always active
$_SESSION['is_admin'] = 1;
} elseif ($admin_rights == POWER_USER) {
$_SESSION['is_power_user'] = 1;
} elseif ($admin_rights == USERMANAGE_USER) {
$_SESSION['is_usermanage_user'] = 1;
} elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
$_SESSION['is_departmentmanage_user'] = 1;
}
if (!empty($is_active)) {
$auth_allow = 1;
} else {
$auth_allow = 3;
$user = $user_info_object->id;
}
} else {
$auth_allow = 2;
// log invalid logins
Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $uname, 'pass' => $pass));
}
if ($auth_allow == 1) {
$_SESSION['uid'] = $user_info_object->id;
$_SESSION['uname'] = $user_info_object->username;
// if ldap entries have changed update database
if (!empty($auth_user_info['firstname']) and !empty($auth_user_info['lastname']) and ($user_info_object->givenname != $auth_user_info['firstname'] or $user_info_object->surname != $auth_user_info['lastname'])) {
Database::get()->query("UPDATE user SET givenname = '" . $auth_user_info['firstname'] . "',\n surname = '" . $auth_user_info['lastname'] . "'\n WHERE id = " . $user_info_object->id . "");
$_SESSION['surname'] = $auth_user_info['firstname'];
$_SESSION['givenname'] = $auth_user_info['lastname'];
} else {
$_SESSION['surname'] = $user_info_object->surname;
$_SESSION['givenname'] = $user_info_object->givenname;
}
$_SESSION['status'] = $user_info_object->status;
$_SESSION['email'] = $user_info_object->email;
$GLOBALS['language'] = $_SESSION['langswitch'] = $user_info_object->lang;
}
} else {
$warning .= "<br>{$langInvalidAuth}<br>";
}
return $auth_allow;
}
