/**
* Create new ILIAS account
*
* @access public
*
* @param string external username
*/
public function create($a_username)
{
$this->writer->xmlStartTag('Users');
// Single users
// Required fields
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
// Assign to role only for new users
$this->writer->xmlElement('Role', array('Id' => $this->rad_settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('AuthMode', array('type' => 'radius'), 'radius');
$this->writer->xmlElement('ExternalAccount', array(), $a_username);
$this->writer->xmlEndTag('User');
$this->writer->xmlEndTag('Users');
$this->log->write('Radius: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(array($this->rad_settings->getDefaultRole() => $this->rad_settings->getDefaultRole()));
$importParser->setFolderId(7);
$importParser->startParsing();
return $new_name;
}
/**
* Create new ILIAS account
*
* @access public
*
* @param string external username
*/
public function create($a_username, $a_userdata = array())
{
$a_userdata = $this->parseFullname($a_userdata);
$this->writer->xmlStartTag('Users');
// Single users
// Required fields
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
// Assign to role only for new users
$this->writer->xmlElement('Role', array('Id' => $this->settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
if (isset($a_userdata['email'])) {
$this->writer->xmlElement('Email', array(), $a_userdata['email']);
}
if (isset($a_userdata['postcode'])) {
$this->writer->xmlElement('PostalCode', array(), $a_userdata['postcode']);
}
if (isset($a_userdata['dob']) and $a_userdata['dob']) {
$this->writer->xmlElement('Birthday', array(), $a_userdata['dob']);
}
if (isset($a_userdata['gender'])) {
$this->writer->xmlElement('Gender', array(), strtolower($a_userdata['gender']));
}
if (isset($a_userdata['title'])) {
$this->writer->xmlElement('Title', array(), $a_userdata['title']);
}
if (isset($a_userdata['firstname'])) {
$this->writer->xmlElement('Firstname', array(), $a_userdata['firstname']);
}
if (isset($a_userdata['lastname'])) {
$this->writer->xmlElement('Lastname', array(), $a_userdata['lastname']);
}
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('AuthMode', array('type' => 'openid'), 'openid');
$this->writer->xmlElement('ExternalAccount', array(), $a_username);
$this->writer->xmlEndTag('User');
$this->writer->xmlEndTag('Users');
$this->log->write('OpenId: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(array($this->settings->getDefaultRole() => $this->settings->getDefaultRole()));
$importParser->setFolderId(7);
$importParser->startParsing();
// Assign timezone
if (isset($a_userdata['timezone'])) {
include_once './Services/Calendar/classes/class.ilCalendarUtil.php';
$tzs = ilCalendarUtil::_getShortTimeZoneList();
if (isset($tzs[$a_userdata['timezone']])) {
$usr_id = ilObjUser::_lookupId($new_name);
ilObjUser::_writePref($usr_id, 'user_tz', $a_userdata['timezone']);
}
}
return $new_name;
}
/**
*
* @return
*/
public function isLocalPasswordInstructionRequired()
{
global $ilUser;
if ($this->pwd_instruction !== NULL) {
return $this->pwd_instruction;
}
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$status = ilAuthUtils::supportsLocalPasswordValidation($ilUser->getAuthMode(true));
if ($status != ilAuthUtils::LOCAL_PWV_USER) {
return $this->pwd_instruction = false;
}
// Check if user has local password
return $this->pwd_instruction = (bool) (!strlen($ilUser->getPasswd()));
}
/**
* Check, whether password change is allowed for user
*/
function allowPasswordChange()
{
global $ilUser, $ilSetting;
return ilAuthUtils::isPasswordModificationEnabled($ilUser->getAuthMode(true));
// Moved to ilAuthUtils
// do nothing if auth mode is not local database
if ($ilUser->getAuthMode(true) != AUTH_LOCAL && ($ilUser->getAuthMode(true) != AUTH_CAS || !$ilSetting->get("cas_allow_local")) && ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || !$ilSetting->get("shib_auth_allow_local")) && ($ilUser->getAuthMode(true) != AUTH_SOAP || !$ilSetting->get("soap_auth_allow_local")) && $ilUser->getAuthMode(true) != AUTH_OPENID) {
return false;
}
if (!$this->userSettingVisible('password') || $this->ilias->getSetting('usr_settings_disable_password')) {
return false;
}
return true;
}
/**
* create new user
*
* @access protected
*/
protected function createUser(ilECSUser $user)
{
global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
$userObj = new ilObjUser();
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
$newUser["login"] = $local_user;
$newUser["firstname"] = $user->getFirstname();
$newUser["lastname"] = $user->getLastname();
$newUser['email'] = $user->getEmail();
$newUser['institution'] = $user->getInstitution();
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
$newUser["auth_mode"] = "ecs";
$newUser["profile_incomplete"] = 0;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(0);
$userObj->setTimeLimitFrom(time() - 5);
$userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
$now = new ilDateTime(time(), IL_CAL_UNIX);
$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
// Create user in DB
$userObj->setOwner(6);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
$userObj->saveAsNew();
$userObj->writePrefs();
if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
$rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
}
ilObject::_writeImportId($userObj->getId(), $user->getImportId());
$ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId());
// Send Mail
#$this->sendNotification($userObj);
return $userObj->getLogin();
}
/**
* check whether external account and authentication method
* matches with a user
*
* @static
*/
public static function _checkExternalAuthAccount($a_auth, $a_account)
{
global $ilDB, $ilSetting;
// Check directly with auth_mode
$r = $ilDB->queryF("SELECT * FROM usr_data WHERE " . " ext_account = %s AND auth_mode = %s", array("text", "text"), array($a_account, $a_auth));
if ($usr = $ilDB->fetchAssoc($r)) {
return $usr["login"];
}
// For compatibility, check for login (no ext_account entry given)
$res = $ilDB->queryF("SELECT login FROM usr_data " . "WHERE login = %s AND auth_mode = %s", array("text", "text"), array($a_account, $a_auth));
if ($usr = $ilDB->fetchAssoc($res)) {
return $usr['login'];
}
// If auth_default == $a_auth => check for login
if (ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) == $a_auth) {
$res = $ilDB->queryF("SELECT login FROM usr_data WHERE " . " ext_account = %s AND auth_mode = %s", array("text", "text"), array($a_account, "default"));
if ($usr = $ilDB->fetchAssoc($res)) {
return $usr["login"];
}
// Search for login (no ext_account given)
$res = $ilDB->queryF("SELECT login FROM usr_data " . "WHERE login = %s AND (ext_account IS NULL OR ext_account = '') AND auth_mode = %s", array("text", "text"), array($a_account, "default"));
if ($usr = $ilDB->fetchAssoc($res)) {
return $usr["login"];
}
}
return false;
}
/**
* Init user / authentification (level 2)
*/
protected static function initUser()
{
global $ilias, $ilAuth, $ilUser;
if (ilContext::usesHTTP()) {
// allow login by submitting user data
// in query string when DEVMODE is enabled
if (DEVMODE && isset($_GET['username']) && strlen($_GET['username']) && isset($_GET['password']) && strlen($_GET['password'])) {
$_POST['username'] = $_GET['username'];
$_POST['password'] = $_GET['password'];
}
}
// $ilAuth
require_once "Auth/Auth.php";
require_once "./Services/AuthShibboleth/classes/class.ilShibboleth.php";
include_once "./Services/Authentication/classes/class.ilAuthUtils.php";
ilAuthUtils::_initAuth();
$ilias->auth = $ilAuth;
// $ilUser
self::initGlobal("ilUser", "ilObjUser", "./Services/User/classes/class.ilObjUser.php");
$ilias->account =& $ilUser;
self::initAccessHandling();
// force login
if (isset($_GET["cmd"]) && $_GET["cmd"] == "force_login") {
$ilAuth->logout();
// we need to do this for the session statistics
// could we use session_destroy() instead?
// [this is done after every $ilAuth->logout() call elsewhere]
ilSession::_destroy(session_id(), ilSession::SESSION_CLOSE_LOGIN);
// :TODO: keep session because of cart content?
if (!isset($_GET['forceShoppingCartRedirect'])) {
$_SESSION = array();
} else {
ilSession::set("AccountId", "");
}
}
}
/**
* display settings menu
*
* @access public
*/
function authSettingsObject()
{
global $rbacsystem, $ilSetting;
if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId())) {
$this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
}
$this->tabs_gui->setTabActive('authentication_settings');
$this->setSubTabs('authSettings');
$this->tabs_gui->setSubTabActive("auth_settings");
$this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_general.html", "Services/Authentication");
$this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
$this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
$this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
$this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
$this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
$this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
$this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
$this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
$this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
$this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
$this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
$this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
$this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
$auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
$auth_modes = ilAuthUtils::_getAllAuthModes();
foreach ($auth_modes as $mode => $mode_name) {
//echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
if ($ilSetting->get('auth_mode') == $mode) {
$this->tpl->setVariable("NUM_" . strtoupper($mode_name), (int) $auth_cnt[$mode_name] + $auth_cnt["default"] . " (" . $this->lng->txt("auth_per_default") . ": " . $auth_cnt["default"] . ")");
} else {
$this->tpl->setVariable("NUM_" . strtoupper($mode_name), (int) $auth_cnt[$mode_name]);
}
}
$this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
$this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
$this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
$this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
// local vars
$checked = "checked=\"checked\"";
$disabled = "disabled=\"disabled\"";
$style_disabled = "_disabled";
// icon handlers
$icon_ok = "<img src=\"" . ilUtil::getImagePath("icon_ok.png") . "\" alt=\"" . $this->lng->txt("enabled") . "\" title=\"" . $this->lng->txt("enabled") . "\" border=\"0\" vspace=\"0\"/>";
$icon_not_ok = "<img src=\"" . ilUtil::getImagePath("icon_not_ok.png") . "\" alt=\"" . $this->lng->txt("disabled") . "\" title=\"" . $this->lng->txt("disabled") . "\" border=\"0\" vspace=\"0\"/>";
$this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->tpl->setVariable('AUTH_LDAP_ACTIVE', count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
#$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
$this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
$this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
$this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
$this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
$this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
// alter style and disable buttons depending on current selection
switch ($this->ilias->getSetting('auth_mode')) {
case AUTH_LOCAL:
// default
$this->tpl->setVariable("CHK_LOCAL", $checked);
break;
case AUTH_LDAP:
// LDAP
$this->tpl->setVariable("CHK_LDAP", $checked);
break;
case AUTH_SHIBBOLETH:
// SHIB
$this->tpl->setVariable("CHK_SHIB", $checked);
break;
case AUTH_RADIUS:
// RADIUS
$this->tpl->setVariable("CHK_RADIUS", $checked);
break;
case AUTH_CAS:
// CAS
$this->tpl->setVariable("CHK_CAS", $checked);
break;
case AUTH_SCRIPT:
// script
$this->tpl->setVariable("CHK_SCRIPT", $checked);
break;
case AUTH_APACHE:
// apache
$this->tpl->setVariable("CHK_APACHE", $checked);
break;
}
// auth mode determinitation
if ($this->initAuthModeDetermination()) {
$this->tpl->setVariable('TABLE_AUTH_DETERMINATION', $this->form->getHTML());
}
// roles table
$this->tpl->setVariable("FORMACTION_ROLES", $this->ctrl->getFormAction($this));
$this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
$this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
$this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
$this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
include_once "./Services/AccessControl/classes/class.ilObjRole.php";
$reg_roles = ilObjRole::_lookupRegisterAllowed();
// auth mode selection
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$active_auth_modes = ilAuthUtils::_getActiveAuthModes();
foreach ($reg_roles as $role) {
foreach ($active_auth_modes as $auth_name => $auth_key) {
// do not list auth modes with external login screen
// even not default, because it can easily be set to
// a non-working auth mode
if ($auth_name == "default" || $auth_name == "cas" || $auth_name == "shibboleth" || $auth_name == 'ldap' || $auth_name == 'apache') {
continue;
}
$this->tpl->setCurrentBlock("auth_mode_selection");
if ($auth_name == 'default') {
$name = $this->lng->txt('auth_' . $auth_name) . " (" . $this->lng->txt('auth_' . ilAuthUtils::_getAuthModeName($auth_key)) . ")";
} else {
$name = $this->lng->txt('auth_' . $auth_name);
}
$this->tpl->setVariable("AUTH_MODE_NAME", $name);
$this->tpl->setVariable("AUTH_MODE", $auth_name);
if ($role['auth_mode'] == $auth_name) {
$this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
}
$this->tpl->parseCurrentBlock();
}
// END auth_mode selection
$this->tpl->setCurrentBlock("roles");
$this->tpl->setVariable("ROLE", $role['title']);
$this->tpl->setVariable("ROLE_ID", $role['id']);
$this->tpl->parseCurrentBlock();
}
}
/**
* @see ilAuthContainerBase::loginObserver()
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
$ilLog->write(__METHOD__ . ': Successful CAS login.');
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
return $this->handleLDAPDataSource($a_auth, $a_username);
}
include_once "./Services/CAS/lib/CAS.php";
if ($PHPCAS_CLIENT->getUser() != "") {
$username = $PHPCAS_CLIENT->getUser();
$ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$a_auth->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
} else {
$ilLog->write(__METHOD__ . ': Login failed.');
// This should never occur unless CAS is not configured properly
$a_auth->status = AUTH_WRONG_LOGIN;
return false;
}
return false;
}
/**
* Check input, strip slashes etc. set alert, if input is not ok.
*
* @return boolean Input ok, true/false
*/
function checkInput()
{
global $lng;
$_POST[$this->getPostVar()] = ilUtil::stripSlashes($_POST[$this->getPostVar()]);
$_POST[$this->getPostVar() . "_retype"] = ilUtil::stripSlashes($_POST[$this->getPostVar() . "_retype"]);
if ($this->getRequired() && trim($_POST[$this->getPostVar()]) == "") {
$this->setAlert($lng->txt("msg_input_is_required"));
return false;
}
if ($this->getValidateAuthPost() != "") {
$auth = ilAuthUtils::_getAuthMode($_POST[$this->getValidateAuthPost()]);
// check, if password is required dependent on auth mode
if ($this->getRequiredOnAuth() && ilAuthUtils::_allowPasswordModificationByAuthMode($auth) && trim($_POST[$this->getPostVar()]) == "") {
$this->setAlert($lng->txt("form_password_required_for_auth"));
return false;
}
// check, if password is allowed to be set for given auth mode
if (trim($_POST[$this->getPostVar()]) != "" && !ilAuthUtils::_allowPasswordModificationByAuthMode($auth)) {
$this->setAlert($lng->txt("form_password_not_allowed_for_auth"));
return false;
}
}
if ($this->getRetype() && !$this->getPreSelection() && $_POST[$this->getPostVar()] != $_POST[$this->getPostVar() . "_retype"]) {
$this->setAlert($lng->txt("passwd_not_match"));
return false;
}
if (!$this->getSkipSyntaxCheck() && !ilUtil::isPassword($_POST[$this->getPostVar()], $custom_error) && $_POST[$this->getPostVar()] != "") {
if ($custom_error != '') {
$this->setAlert($custom_error);
} else {
$this->setAlert($lng->txt("passwd_invalid"));
}
return false;
}
return $this->checkSubItemsInput();
}
/**
* Get authentication mapping key
* Default is ldap
* @return string
*/
public function getAuthenticationMappingKey()
{
if ($this->isAuthenticationEnabled() or !$this->getAuthenticationMapping()) {
return 'ldap';
}
return ilAuthUtils::_getAuthModeName($this->getAuthenticationMapping());
}
/**
* Show login form
* @global ilSetting $ilSetting
* @param string $page_editor_html
*/
protected function showLoginForm($page_editor_html)
{
global $ilSetting, $lng, $tpl;
// @todo move this to auth utils.
// login via ILIAS (this also includes radius and ldap)
// If local authentication is enabled for shibboleth users, we
// display the login form for ILIAS here.
if (($ilSetting->get("auth_mode") != AUTH_SHIBBOLETH || $ilSetting->get("shib_auth_allow_local")) && $ilSetting->get("auth_mode") != AUTH_CAS) {
include_once "Services/Form/classes/class.ilPropertyFormGUI.php";
$form = new ilPropertyFormGUI();
//$form->setTableWidth('500');
$form->setFormAction($this->ctrl->getFormAction($this, ''));
$form->setName("formlogin");
$form->setShowTopButtons(false);
$form->setTitle($lng->txt("login_to_ilias"));
// auth selection
include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
$visible_auth_methods = array();
$radg = new ilRadioGroupInputGUI($lng->txt("auth_selection"), "auth_mode");
foreach (ilAuthUtils::_getMultipleAuthModeOptions($lng) as $key => $option) {
if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
continue;
}
$op1 = new ilRadioOption($option['txt'], $key);
$radg->addOption($op1);
if (isset($option['checked'])) {
$radg->setValue($key);
}
$visible_auth_methods[] = $op1;
}
if (count($visible_auth_methods) == 1) {
$first_auth_method = current($visible_auth_methods);
$hidden_auth_method = new ilHiddenInputGUI("auth_mode");
$hidden_auth_method->setValue($first_auth_method->getValue());
$form->addItem($hidden_auth_method);
} else {
$form->addItem($radg);
}
}
$ti = new ilTextInputGUI($lng->txt("username"), "username");
$ti->setSize(20);
$ti->setRequired(true);
$form->addItem($ti);
$pi = new ilPasswordInputGUI($lng->txt("password"), "password");
$pi->setRetype(false);
$pi->setSize(20);
$pi->setDisableHtmlAutoComplete(false);
$pi->setRequired(true);
$form->addItem($pi);
$form->addCommandButton("showLogin", $lng->txt("log_in"));
require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
if (ilCaptchaUtil::isActiveForLogin()) {
require_once 'Services/Captcha/classes/class.ilCaptchaInputGUI.php';
$captcha = new ilCaptchaInputGUI($lng->txt('captcha_code'), 'captcha_code');
$captcha->setRequired(true);
$form->addItem($captcha);
}
return $this->substituteLoginPageElements($tpl, $page_editor_html, $form->getHTML(), '[list-login-form]', 'LOGIN_FORM');
}
return $page_editor_html;
}
/**
* Does input checks and updates a user account if everything is fine.
* @access public
*/
function updateObjectOld()
{
global $ilias, $rbacsystem, $rbacadmin, $ilUser;
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
//load ILIAS settings
$settings = $ilias->getAllSettings();
// User folder
if ($this->usrf_ref_id == USER_FOLDER_ID and !$rbacsystem->checkAccess('visible,read,write', $this->usrf_ref_id)) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
}
// if called from local administration $this->usrf_ref_id is category id
// Todo: this has to be fixed. Do not mix user folder id and category id
if ($this->usrf_ref_id != USER_FOLDER_ID) {
// check if user is assigned to category
if (!$rbacsystem->checkAccess('cat_administrate_users', $this->object->getTimeLimitOwner())) {
$this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
}
}
foreach ($_POST["Fobject"] as $key => $val) {
$_POST["Fobject"][$key] = ilUtil::stripSlashes($val);
}
// check dynamically required fields
foreach ($settings as $key => $val) {
$field = substr($key, 8);
switch ($field) {
case 'passwd':
case 'passwd2':
if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
$require_keys[] = $field;
}
break;
default:
$require_keys[] = $field;
break;
}
}
foreach ($require_keys as $key => $val) {
// exclude required system and registration-only fields
$system_fields = array("default_role");
if (!in_array($val, $system_fields)) {
if (isset($settings["require_" . $val]) && $settings["require_" . $val]) {
if (empty($_POST["Fobject"][$val])) {
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt($val), $this->ilias->error_obj->MESSAGE);
}
}
}
}
if (!$this->__checkUserDefinedRequiredFields()) {
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
}
// validate login
if ($this->object->getLogin() != $_POST["Fobject"]["login"] && !ilUtil::isLogin($_POST["Fobject"]["login"])) {
$this->ilias->raiseError($this->lng->txt("login_invalid"), $this->ilias->error_obj->MESSAGE);
}
// check loginname
if (ilObjUser::_loginExists($_POST["Fobject"]["login"], $this->id)) {
$this->ilias->raiseError($this->lng->txt("login_exists"), $this->ilias->error_obj->MESSAGE);
}
if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
if ($_POST['Fobject']['passwd'] == "********" and !strlen($this->object->getPasswd())) {
$this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt('password'), $this->ilias->error_obj->MESSAGE);
}
// check passwords
if ($_POST["Fobject"]["passwd"] != $_POST["Fobject"]["passwd2"]) {
$this->ilias->raiseError($this->lng->txt("passwd_not_match"), $this->ilias->error_obj->MESSAGE);
}
// validate password
if (!ilUtil::isPassword($_POST["Fobject"]["passwd"])) {
$this->ilias->raiseError($this->lng->txt("passwd_invalid"), $this->ilias->error_obj->MESSAGE);
}
} else {
// Password will not be changed...
$_POST['Fobject']['passwd'] = "********";
}
if (ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
if (!strlen($_POST['Fobject']['ext_account'])) {
$this->ilias->raiseError($this->lng->txt('ext_acccount_required'), $this->ilias->error_obj->MESSAGE);
}
}
if ($_POST['Fobject']['ext_account'] && ($elogin = ilObjUser::_checkExternalAuthAccount($_POST['Fobject']['auth_mode'], $_POST['Fobject']['ext_account']))) {
if ($elogin != $this->object->getLogin()) {
$this->ilias->raiseError(sprintf($this->lng->txt("err_auth_ext_user_exists"), $_POST["Fobject"]["ext_account"], $_POST['Fobject']['auth_mode'], $elogin), $this->ilias->error_obj->MESSAGE);
}
}
// The password type is not passed with the post data. Therefore we
// append it here manually.
include_once './Services/User/classes/class.ilObjUser.php';
$_POST["Fobject"]["passwd_type"] = IL_PASSWD_PLAIN;
// validate email
if (strlen($_POST['Fobject']['email']) and !ilUtil::is_email($_POST["Fobject"]["email"])) {
$this->ilias->raiseError($this->lng->txt("email_not_valid"), $this->ilias->error_obj->MESSAGE);
}
$start = $this->__toUnix($_POST["time_limit"]["from"]);
$end = $this->__toUnix($_POST["time_limit"]["until"]);
// validate time limit
if (!$_POST["time_limit"]["unlimited"] and $start > $end) {
$this->ilias->raiseError($this->lng->txt("time_limit_not_valid"), $this->ilias->error_obj->MESSAGE);
}
if (!$this->ilias->account->getTimeLimitUnlimited()) {
if ($start < $this->ilias->account->getTimeLimitFrom() or $end > $this->ilias->account->getTimeLimitUntil() or $_POST['time_limit']['unlimited']) {
$_SESSION['error_post_vars'] = $_POST;
ilUtil::sendFailure($this->lng->txt('time_limit_not_within_owners'));
$this->editObject();
return false;
}
}
// TODO: check length of login and passwd
// checks passed. save user
$_POST['Fobject']['time_limit_owner'] = $this->object->getTimeLimitOwner();
$_POST['Fobject']['time_limit_unlimited'] = (int) $_POST['time_limit']['unlimited'];
$_POST['Fobject']['time_limit_from'] = $this->__toUnix($_POST['time_limit']['from']);
$_POST['Fobject']['time_limit_until'] = $this->__toUnix($_POST['time_limit']['until']);
if ($_POST['Fobject']['time_limit_unlimited'] != $this->object->getTimeLimitUnlimited() or $_POST['Fobject']['time_limit_from'] != $this->object->getTimeLimitFrom() or $_POST['Fobject']['time_limit_until'] != $this->object->getTimeLimitUntil()) {
$_POST['Fobject']['time_limit_message'] = 0;
} else {
$_POST['Fobject']['time_limit_message'] = $this->object->getTimeLimitMessage();
}
$this->object->assignData($_POST["Fobject"]);
$this->object->setUserDefinedData($_POST['udf']);
try {
$this->object->updateLogin($_POST['Fobject']['login']);
} catch (ilUserException $e) {
ilUtil::sendFailure($e->getMessage());
$this->form_gui->setValuesByPost();
return $tpl->setContent($this->form_gui->getHtml());
}
$this->object->setTitle($this->object->getFullname());
$this->object->setDescription($this->object->getEmail());
$this->object->setLanguage($_POST["Fobject"]["language"]);
//set user skin and style
$sknst = explode(":", $_POST["Fobject"]["skin_style"]);
if ($this->object->getPref("style") != $sknst[1] || $this->object->getPref("skin") != $sknst[0]) {
$this->object->setPref("skin", $sknst[0]);
$this->object->setPref("style", $sknst[1]);
}
// set hits per pages
$this->object->setPref("hits_per_page", $_POST["Fobject"]["hits_per_page"]);
// set show users online
$this->object->setPref("show_users_online", $_POST["Fobject"]["show_users_online"]);
// set hide_own_online_status
if ($_POST["Fobject"]["hide_own_online_status"]) {
$this->object->setPref("hide_own_online_status", $_POST["Fobject"]["hide_own_online_status"]);
} else {
$this->object->setPref("hide_own_online_status", "n");
}
$this->update = $this->object->update();
//$rbacadmin->updateDefaultRole($_POST["Fobject"]["default_role"], $this->object->getId());
// BEGIN DiskQuota: Remember the state of the "send info mail" checkbox
global $ilUser;
$ilUser->setPref('send_info_mails', $_POST['send_mail'] == 'y' ? 'y' : 'n');
$ilUser->writePrefs();
// END DiskQuota: Remember the state of the "send info mail" checkbox
$mail_message = $this->__sendProfileMail();
$msg = $this->lng->txt('saved_successfully') . $mail_message;
// feedback
ilUtil::sendSuccess($msg, true);
if (strtolower($_GET["baseClass"]) == 'iladministrationgui') {
$this->ctrl->redirectByClass("ilobjuserfoldergui", "view");
} else {
$this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers');
}
}
/**
* get client information from current as xml result set
*
* @param string $sid current session id
*
* @return XMLResultSet containing columns installation_id, installation_version, installation_url, installation_description, installation_default_language
*/
function getNIC($sid)
{
$this->initAuth($sid);
$this->initIlias();
if (!$this->__checkSession($sid)) {
return $this->__raiseError($this->__getMessage(), $this->__getMessageCode());
}
global $rbacsystem, $rbacreview, $ilLog, $rbacadmin, $ilSetting, $ilClientIniFile;
if (!is_object($ilClientIniFile)) {
return $this->__raiseError("Client ini is not initialized", "Server");
}
$auth_modes = ilAuthUtils::_getActiveAuthModes();
$auth_mode_default = strtoupper(ilAuthUtils::_getAuthModeName(array_shift($auth_modes)));
$auth_mode_names = array();
foreach ($auth_modes as $mode) {
$auth_mode_names[] = strtoupper(ilAuthUtils::_getAuthModeName($mode));
}
include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecord.php';
include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecordXMLWriter.php';
// create advanced meta data record xml
$record_ids = array();
$record_types = ilAdvancedMDRecord::_getAssignableObjectTypes();
foreach ($record_types as $type) {
$records = ilAdvancedMDRecord::_getActivatedRecordsByObjectType($type);
foreach ($records as $record) {
$record_ids[] = $record->getRecordId();
}
}
$record_ids = array_unique($record_ids);
$advmwriter = new ilAdvancedMDRecordXMLWriter($record_ids);
$advmwriter->write();
// create user defined fields record xml, simulate empty user records
include_once "./Services/User/classes/class.ilUserXMLWriter.php";
$udfWriter = new ilUserXMLWriter();
$users = array();
$udfWriter->setObjects($users);
$udfWriter->start();
// todo: get information from client id, read from ini file specificied
$client_details[] = array("installation_id" => IL_INST_ID, "installation_version" => ILIAS_VERSION, "installation_url" => ILIAS_HTTP_PATH, "installation_description" => $ilClientIniFile->readVariable("client", "description"), "installation_language_default" => $ilClientIniFile->readVariable("language", "default"), "installation_session_expire" => $ilClientIniFile->readVariable("session", "expire"), "installation_php_postmaxsize" => $this->return_bytes(ini_get("post_max_size")), "authentication_methods" => join(",", $auth_mode_names), "authentication_default_method" => $auth_mode_default, "installation_udf_xml" => $udfWriter->getXML(), "installation_advmd_xml" => $advmwriter->xmlDumpMem(false));
// store into xml result set
include_once './webservice/soap/classes/class.ilXMLResultSet.php';
$xmlResult = new ilXMLResultSet();
$xmlResult->addArray($client_details, true);
// create writer and return xml
include_once './webservice/soap/classes/class.ilXMLResultSetWriter.php';
$xmlResultWriter = new ilXMLResultSetWriter($xmlResult);
$xmlResultWriter->start();
return $xmlResultWriter->getXML();
}
/**
* Read settings
*
* @access private
* @param
*
*/
private function read()
{
global $ilSetting;
$this->kind = $this->settings->get('kind', self::TYPE_MANUAL);
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$ldap_active = ilLDAPServer::_getFirstActiveServer();
include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
$rad_settings = ilRadiusSettings::_getInstance();
$rad_active = $rad_settings->isActive();
$soap_active = $ilSetting->get('soap_auth_active', false);
// apache settings
$apache_settings = new ilSetting('apache_auth');
$apache_active = $apache_settings->get('apache_enable_auth');
// Check if active
for ($i = 0; $i < 5; $i++) {
if ($auth_mode = $this->settings->get((string) $i, 0)) {
switch ($auth_mode) {
case AUTH_LOCAL:
$this->position[] = $auth_mode;
break;
case AUTH_LDAP:
if ($ldap_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_RADIUS:
if ($rad_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_SOAP:
if ($soap_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_APACHE:
if ($apache_active) {
$this->position[] = $auth_mode;
}
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
default:
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
if ($pl->isAuthActive($auth_mode)) {
$this->position[] = $auth_mode;
}
}
break;
// end-patch auth_plugin
}
}
}
// Append missing active auth modes
if (!in_array(AUTH_LOCAL, $this->position)) {
$this->position[] = AUTH_LOCAL;
}
if ($ldap_active) {
if (!in_array(AUTH_LDAP, $this->position)) {
$this->position[] = AUTH_LDAP;
}
}
if ($rad_active) {
if (!in_array(AUTH_RADIUS, $this->position)) {
$this->position[] = AUTH_RADIUS;
}
}
if ($soap_active) {
if (!in_array(AUTH_SOAP, $this->position)) {
$this->position[] = AUTH_SOAP;
}
}
if ($apache_active) {
if (!in_array(AUTH_APACHE, $this->position)) {
$this->position[] = AUTH_APACHE;
}
}
// begin-patch auth_plugin
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
foreach ($pl->getAuthIds() as $auth_id) {
if ($pl->isAuthActive($auth_id)) {
if (!in_array($auth_id, $this->position)) {
$this->position[] = $auth_id;
}
}
}
}
// end-patch auth_plugin
}
/**
* Check if local password validation is supported
* @param object $a_authmode
* @return
*/
public static function supportsLocalPasswordValidation($a_authmode)
{
switch ($a_authmode) {
case AUTH_LDAP:
case AUTH_LOCAL:
case AUTH_RADIUS:
return ilAuthUtils::LOCAL_PWV_FULL;
case AUTH_SHIBBOLETH:
case AUTH_SOAP:
case AUTH_CAS:
if (!ilAuthUtils::isPasswordModificationEnabled($a_authmode)) {
return ilAuthUtils::LOCAL_PWV_NO;
}
return ilAuthUtils::LOCAL_PWV_USER;
case AUTH_ECS:
case AUTH_OPENID:
case AUTH_SCRIPT:
case AUTH_APACHE:
default:
return ilAuthUtils::LOCAL_PWV_USER;
}
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (phpCAS::getUser() != "") {
$username = phpCAS::getUser();
// Authorize this user
include_once './Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$this->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$this->status = AUTH_CAS_NO_ILIAS_USER;
$this->logout();
return;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$this->setAuth($local_user);
}
} else {
// This should never occur unless CAS is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
function initIlias($context = "web")
{
global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory;
// remove unsafe characters
$this->removeUnsafeCharacters();
// error reporting
// remove notices from error reporting
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED);
} else {
error_reporting(ini_get('error_reporting') & ~E_NOTICE);
}
// include common code files
$this->requireCommonIncludes();
global $ilBench;
// set error handler (to do: check preconditions for error handler to work)
$ilBench->start("Core", "HeaderInclude_GetErrorHandler");
$ilErr = new ilErrorHandling();
$GLOBALS['ilErr'] =& $ilErr;
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler'));
$ilBench->stop("Core", "HeaderInclude_GetErrorHandler");
// prepare file access to work with safe mode (has been done in class ilias before)
umask(0117);
// set cookie params
$this->setCookieParams();
// $ilIliasIniFile initialisation
$this->initIliasIniFile();
// CLIENT_ID determination
$this->determineClient();
// $ilAppEventHandler initialisation
$this->initEventHandling();
// $ilClientIniFile initialisation
$this->initClientIniFile();
// removed redirection madness the service should respond with SERVICE UNAVAILABLE
// $ilDB initialisation
$this->initDatabase();
// init plugin admin class
include_once "Services/Component/classes/class.ilPluginAdmin.php";
$ilPluginAdmin = new ilPluginAdmin();
$GLOBALS['ilPluginAdmin'] = $ilPluginAdmin;
// set session handler
$this->setSessionHandler();
// $ilSetting initialisation
$this->initSettings();
// $ilLog initialisation
$this->initLog();
// $https initialisation
require_once 'classes/class.ilHTTPS.php';
$https = new ilHTTPS();
$GLOBALS['https'] =& $https;
$https->enableSecureCookies();
$https->checkPort();
if ($this->returnBeforeAuth()) {
return;
}
$ilCtrl = new ilCtrl2();
$GLOBALS['ilCtrl'] =& $ilCtrl;
// $ilAuth initialisation
include_once "Services/Authentication/classes/class.ilAuthUtils.php";
ilAuthUtils::_initAuth();
global $ilAuth;
$this->includePhp5Compliance();
// Do not accept external session ids
if (!ilSession::_exists(session_id())) {
// $_GET["PHPSESSID"] = "";
session_regenerate_id();
}
// $ilias initialisation
global $ilias, $ilBench;
$ilBench->start("Core", "HeaderInclude_GetILIASObject");
$ilias = new ILIAS();
$GLOBALS['ilias'] =& $ilias;
$ilBench->stop("Core", "HeaderInclude_GetILIASObject");
// $ilObjDataCache initialisation
$ilObjDataCache = new ilObjectDataCache();
$GLOBALS['ilObjDataCache'] =& $ilObjDataCache;
// workaround: load old post variables if error handler 'message' was called
if (isset($_SESSION["message"]) && $_SESSION["message"]) {
$_POST = $_SESSION["post_vars"];
}
// put debugging functions here
require_once "include/inc.debug.php";
// $objDefinition initialisation
$ilBench->start("Core", "HeaderInclude_getObjectDefinitions");
$objDefinition = new ilObjectDefinition();
$GLOBALS['objDefinition'] =& $objDefinition;
// $objDefinition->startParsing();
$ilBench->stop("Core", "HeaderInclude_getObjectDefinitions");
// init tree
$tree = new ilTree(ROOT_FOLDER_ID);
$GLOBALS['tree'] =& $tree;
// $ilAccess and $rbac... initialisation
$this->initAccessHandling();
// authenticate & start session
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler"));
$ilBench->start("Core", "HeaderInclude_Authentication");
//var_dump($_SESSION);
////require_once('Log.php');
////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST');
////$ilAuth->enableLogging = true;
if (!defined("IL_PHPUNIT_TEST")) {
$oldSid = session_id();
$ilAuth->start();
$newSid = session_id();
include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php';
ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid);
}
//var_dump($_SESSION);
$ilias->setAuthError($ilErr->getLastError());
$ilBench->stop("Core", "HeaderInclude_Authentication");
// workaround: force login
if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") {
$ilAuth->logout();
if (!isset($_GET['forceShoppingCartRedirect'])) {
$_SESSION = array();
}
$_SESSION["AccountId"] = "";
$ilAuth->start();
$ilias->setAuthError($ilErr->getLastError());
}
// check correct setup
if (!$ilias->getSetting("setup_ok")) {
die("Setup is not completed. Please run setup routine again.");
}
// $ilUser initialisation (1)
$ilBench->start("Core", "HeaderInclude_getCurrentUser");
$ilUser = new ilObjUser();
$ilias->account =& $ilUser;
$GLOBALS['ilUser'] =& $ilUser;
$ilBench->stop("Core", "HeaderInclude_getCurrentUser");
// $ilCtrl initialisation
//$ilCtrl = new ilCtrl();
// determin current script and up-path to main directory
// (sets $this->script and $this->updir)
$this->determineScriptAndUpDir();
// $styleDefinition initialisation and style handling for login and co.
$this->initStyle();
if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") {
$this->handleStyle();
}
// init locale
$this->initLocale();
// handle ILIAS 2 imported users:
// check ilias 2 password, if authentication failed
// only if AUTH_LOCAL
//echo "A";
if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") {
if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) {
if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) {
$ilAuth->start();
$ilias->setAuthError($ilErr->getLastError());
ilUtil::redirect("index.php");
}
}
}
//
// SUCCESSFUL AUTHENTICATION
//
if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) {
//echo "C"; exit;
$ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData");
//var_dump($_SESSION);
// get user data
$this->initUserAccount();
//var_dump($_SESSION);
// differentiate account security mode
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security_settings = ilSecuritySettings::_getInstance();
if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
// reset counter for failed logins
ilObjUser::_resetLoginAttempts($ilUser->getId());
}
$ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData");
} else {
if (!$ilAuth->getAuth()) {
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
// differentiate account security mode
$security = ilSecuritySettings::_getInstance();
if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) {
$username = ilUtil::stripSlashes($_POST['username']);
$usr_id = ilObjUser::_lookupId($username);
if ($usr_id != ANONYMOUS_USER_ID) {
ilObjUser::_incrementLoginAttempts($usr_id);
$login_attempts = ilObjUser::_getLoginAttempts($usr_id);
$max_attempts = $security->getLoginMaxAttempts();
if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) {
ilObjUser::_setUserInactive($usr_id);
}
}
}
}
}
}
//
// SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...)
//
// $lng initialisation
$this->initLanguage();
// store user language in tree
$GLOBALS['tree']->initLangCode();
// ### AA 03.10.29 added new LocatorGUI class ###
// when locator data array does not exist, initialise
if (!isset($_SESSION["locator_level"])) {
$_SESSION["locator_data"] = array();
$_SESSION["locator_level"] = -1;
}
// initialise global ilias_locator object
// ECS Tasks
include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php';
$scheduler = ilECSTaskScheduler::start();
$ilBench->stop("Core", "HeaderInclude");
}
function __validateUserData(&$user_data, $check_complete = true)
{
global $lng, $styleDefinition, $ilLog;
$this->__setMessage('');
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$allow_empty_password = ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($user_data['auth_mode']));
if ($check_complete) {
if (!isset($user_data['login'])) {
$this->__appendMessage('No login given.');
}
if (!isset($user_data['passwd']) and !$allow_empty_password) {
$this->__appendMessage('No password given.');
}
if (!isset($user_data['email'])) {
$this->__appendMessage('No email given');
}
if (!isset($user_data['user_language'])) {
$user_data['user_language'] = $lng->getDefaultLanguage();
}
}
foreach ($user_data as $field => $value) {
switch ($field) {
case 'login':
if (!ilUtil::isLogin($value)) {
$this->__appendMessage('Login invalid.');
}
// check loginname
if ($check_complete) {
if (ilObjUser::_loginExists($value)) {
$this->__appendMessage('Login already exists.');
}
}
break;
case 'passwd':
if (!strlen($value) and $allow_empty_password) {
break;
}
if (!ilUtil::isPassword($value)) {
$this->__appendMessage('Password invalid.');
}
break;
case 'email':
if (!ilUtil::is_email($value)) {
$this->__appendMessage('Email invalid.');
}
break;
case 'time_limit_unlimited':
if ($value != 1) {
if ($user_data['time_limit_from'] >= $user_data['time_limit_until']) {
$this->__appendMessage('Time limit invalid');
}
}
break;
case 'user_language':
$lang_inst = $lng->getInstalledLanguages();
if (!in_array($user_data['user_language'], $lang_inst)) {
$this->__appendMessage('Language: ' . $user_data['user_language'] . ' is not installed');
}
break;
case 'user_skin':
case 'user_style':
if ($user_data['user_skin'] and !$user_data['user_style'] or !$user_data['user_skin'] and $user_data['user_style']) {
$this->__appendMessage('user_skin, user_style not valid.');
} elseif ($user_data['user_skin'] and $user_data['user_style']) {
$ok = false;
$templates = $styleDefinition->getAllTemplates();
if (count($templates) > 0 && is_array($templates)) {
foreach ($templates as $template) {
$styleDef =& new ilStyleDefinition($template["id"]);
$styleDef->startParsing();
$styles = $styleDef->getStyles();
foreach ($styles as $style) {
if ($user_data['user_skin'] == $template["id"] && $user_data['user_style'] == $style["id"]) {
$ok = true;
}
}
}
if (!$ok) {
$this->__appendMessage('user_skin, user_style not valid.');
}
}
}
break;
case 'time_limit_owner':
$type = ilObject::_lookupType($user_data['time_limit_owner'], true);
if ($type != 'cat' and $type != 'usrf') {
$this->__appendMessage('time_limit_owner must be ref_id of category or user folder' . $type);
}
break;
default:
continue;
}
}
return strlen($this->__getMessage()) ? false : true;
}
/**
* handler for end of element when in verify mode.
*/
function verifyEndTag($a_xml_parser, $a_name)
{
global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
switch ($a_name) {
case "Role":
$this->roles[$this->current_role_id]["name"] = $this->cdata;
$this->roles[$this->current_role_id]["type"] = $this->current_role_type;
$this->roles[$this->current_role_id]["action"] = $this->current_role_action;
break;
case "User":
$this->userObj->setFullname();
if ($this->user_id != -1 && $this->action == "Update") {
$user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
} else {
$user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
}
if (is_null($this->userObj->getLogin())) {
$this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
}
switch ($this->action) {
case "Insert":
if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
}
if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
}
if (is_null($this->userObj->getFirstname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
}
if (is_null($this->userObj->getLastname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
}
if (count($this->roles) == 0) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
} else {
$has_global_role = false;
foreach ($this->roles as $role) {
if ($role['type'] == 'Global') {
$has_global_role = true;
break;
}
}
if (!$has_global_role) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
}
}
break;
case "Update":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
} elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
$someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
if (is_numeric($someonesId) && $someonesId != $this->user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
}
}
break;
case "Delete":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
}
break;
}
// init role array for next user
$this->roles = array();
break;
case "Login":
if (array_key_exists($this->cdata, $this->logins)) {
$this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
} else {
$this->logins[$this->cdata] = $this->cdata;
}
$this->userObj->setLogin($this->cdata);
break;
case "Password":
switch ($this->currPasswordType) {
case "ILIAS2":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
break;
case "ILIAS3":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
break;
case "PLAIN":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
$this->acc_mail->setUserPassword($this->currPassword);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
break;
}
break;
case "Firstname":
$this->userObj->setFirstname($this->cdata);
break;
case "Lastname":
$this->userObj->setLastname($this->cdata);
break;
case "Title":
$this->userObj->setUTitle($this->cdata);
break;
case "Gender":
if ($this->cdata != "m" && $this->cdata != "f") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
}
$this->userObj->setGender($this->cdata);
break;
case "Email":
$this->userObj->setEmail($this->cdata);
break;
case "Institution":
$this->userObj->setInstitution($this->cdata);
break;
case "Street":
$this->userObj->setStreet($this->cdata);
break;
case "City":
$this->userObj->setCity($this->cdata);
break;
case "PostalCode":
$this->userObj->setZipCode($this->cdata);
break;
case "Country":
$this->userObj->setCountry($this->cdata);
break;
case "PhoneOffice":
$this->userObj->setPhoneOffice($this->cdata);
break;
case "PhoneHome":
$this->userObj->setPhoneHome($this->cdata);
break;
case "PhoneMobile":
$this->userObj->setPhoneMobile($this->cdata);
break;
case "Fax":
$this->userObj->setFax($this->cdata);
break;
case "Hobby":
$this->userObj->setHobby($this->cdata);
break;
case "Comment":
$this->userObj->setComment($this->cdata);
break;
case "Department":
$this->userObj->setDepartment($this->cdata);
break;
case "Matriculation":
$this->userObj->setMatriculation($this->cdata);
break;
case "ExternalAccount":
//echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
$am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
$loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
switch ($this->action) {
case "Insert":
if ($loginForExternalAccount != "") {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
}
break;
case "Update":
if ($loginForExternalAccount != "") {
$externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
}
}
break;
}
if ($externalAccountHasChanged) {
$this->userObj->setExternalAccount(trim($this->cdata));
}
break;
case "Active":
if ($this->cdata != "true" && $this->cdata != "false") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
}
$this->currActive = $this->cdata;
break;
case "TimeLimitOwner":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
}
$this->userObj->setTimeLimitOwner($this->cdata);
break;
case "TimeLimitUnlimited":
switch (strtolower($this->cdata)) {
case "true":
case "1":
$this->userObj->setTimeLimitUnlimited(1);
break;
case "false":
case "0":
$this->userObj->setTimeLimitUnlimited(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
break;
}
break;
case "TimeLimitFrom":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
}
$this->userObj->setTimeLimitFrom($this->cdata);
break;
case "TimeLimitUntil":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
}
$this->userObj->setTimeLimitUntil($this->cdata);
break;
case "TimeLimitMessage":
switch (strtolower($this->cdata)) {
case "1":
$this->userObj->setTimeLimitMessage(1);
break;
case "0":
$this->userObj->setTimeLimitMessage(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
break;
}
break;
case "ApproveDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
}
break;
case "AgreeDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
}
break;
case "iLincID":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
}
break;
case "iLincUser":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
}
break;
case "iLincPasswd":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
}
break;
case "Pref":
if ($this->currentPrefKey != null) {
$this->verifyPref($this->currentPrefKey, $this->cdata);
}
$this->currentPrefKey == null;
}
}
/**
* Create xml string of user according to mapping rules
*
* @access private
*
*/
private function usersToXML()
{
include_once './Services/Xml/classes/class.ilXmlWriter.php';
$this->writer = new ilXmlWriter();
$this->writer->xmlStartTag('Users');
$cnt_update = 0;
$cnt_create = 0;
// Single users
foreach ($this->user_data as $external_account => $user) {
$user['ilExternalAccount'] = $external_account;
// Required fields
if ($user['ilInternalAccount']) {
$usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
++$cnt_update;
// User exists
$this->writer->xmlStartTag('User', array('Id' => $usr_id, 'Action' => 'Update'));
$this->writer->xmlElement('Login', array(), $user['ilInternalAccount']);
$this->writer->xmlElement('ExternalAccount', array(), $external_account);
$this->writer->xmlElement('AuthMode', array(type => $this->getNewUserAuthMode()), null);
$rules = $this->mapping->getRulesForUpdate();
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate($usr_id, $external_account, $user) as $role_data) {
$this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
}
} else {
++$cnt_create;
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), ilAuthUtils::_generateLogin($external_account));
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation($external_account, $user) as $role_data) {
$this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
}
$rules = $this->mapping->getRules();
}
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
// only for new users.
// If auth_mode is 'default' (ldap) this status should remain.
if (!$user['ilInternalAccount']) {
$this->writer->xmlElement('AuthMode', array('type' => $this->getNewUserAuthMode()), $this->getNewUserAuthMode());
$this->writer->xmlElement('ExternalAccount', array(), $external_account);
}
foreach ($rules as $field => $data) {
// Do Mapping: it is possible to assign multiple ldap attribute to one user data field
if (!($value = $this->doMapping($user, $data))) {
continue;
}
switch ($field) {
case 'gender':
switch (strtolower($value)) {
case 'm':
case 'male':
$this->writer->xmlElement('Gender', array(), 'm');
break;
case 'f':
case 'female':
default:
$this->writer->xmlElement('Gender', array(), 'f');
break;
}
break;
case 'firstname':
$this->writer->xmlElement('Firstname', array(), $value);
break;
case 'lastname':
$this->writer->xmlElement('Lastname', array(), $value);
break;
case 'hobby':
$this->writer->xmlElement('Hobby', array(), $value);
break;
case 'title':
$this->writer->xmlElement('Title', array(), $value);
break;
case 'institution':
$this->writer->xmlElement('Institution', array(), $value);
break;
case 'department':
$this->writer->xmlElement('Department', array(), $value);
break;
case 'street':
$this->writer->xmlElement('Street', array(), $value);
break;
case 'city':
$this->writer->xmlElement('City', array(), $value);
break;
case 'zipcode':
$this->writer->xmlElement('PostalCode', array(), $value);
break;
case 'country':
$this->writer->xmlElement('Country', array(), $value);
break;
case 'phone_office':
$this->writer->xmlElement('PhoneOffice', array(), $value);
break;
case 'phone_home':
$this->writer->xmlElement('PhoneHome', array(), $value);
break;
case 'phone_mobile':
$this->writer->xmlElement('PhoneMobile', array(), $value);
break;
case 'fax':
$this->writer->xmlElement('Fax', array(), $value);
break;
case 'email':
$this->writer->xmlElement('Email', array(), $value);
break;
case 'matriculation':
$this->writer->xmlElement('Matriculation', array(), $value);
break;
/*
case 'photo':
$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
base64_encode($this->convertInput($user[$value])));
break;
*/
/*
case 'photo':
$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
base64_encode($this->convertInput($user[$value])));
break;
*/
default:
// Handle user defined fields
if (substr($field, 0, 4) != 'udf_') {
continue;
}
$id_data = explode('_', $field);
if (!isset($id_data[1])) {
continue;
}
$this->initUserDefinedFields();
$definition = $this->udf->getDefinition($id_data[1]);
$this->writer->xmlElement('UserDefinedField', array('Id' => $definition['il_id'], 'Name' => $definition['field_name']), $value);
break;
}
}
$this->writer->xmlEndTag('User');
}
if ($cnt_create) {
$this->log->write('LDAP: Started creation of ' . $cnt_create . ' users.');
}
if ($cnt_update) {
$this->log->write('LDAP: Started update of ' . $cnt_update . ' users.');
}
$this->writer->xmlEndTag('Users');
}
/**
* Parse authentication mode
* @return string auth mode
*/
private function parseAuthMode()
{
if ($this->settings->isAuthenticationEnabled() or !$this->settings->getAuthenticationMapping()) {
return 'ldap';
}
return ilAuthUtils::_getAuthModeName($this->settings->getAuthenticationMapping());
}
/**
* Called after login and successful call of fetch data
* @return
* @param object $a_username
* @param object $a_auth
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $lng, $ilSetting;
$GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
// TODO: handle passed credentials via GET
/*
if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
// Not required anymore
/*
$validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
if (!$validation_data["valid"])
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
$local_user = $this->response["local_user"];
if ($local_user != "") {
// to do: handle update of user
$a_auth->setAuth($local_user);
return true;
}
if (!$ilSetting->get("soap_auth_create_users")) {
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
//echo "1";
// try to map external user via e-mail to ILIAS user
if ($this->response["email"] != "") {
//echo "2";
//var_dump ($_POST);
$email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
// check, if password has been provided in user mapping screen
// (see ilStartUpGUI::showUserMappingSelection)
// FIXME
if ($_POST["LoginMappedUser"] != "") {
if (count($email_user) > 0) {
$user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
// password is correct -> map user
//$this->setAuth($local_user); (use login not id)
ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
$_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
$local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
$a_auth->status = '';
$a_auth->setAuth($local_user);
return true;
} else {
//echo "6"; exit;
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->setSubStatus(AUTH_WRONG_LOGIN);
$a_auth->logout();
return false;
}
}
}
if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
$_GET["email"] = $this->response["email"];
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->logout();
return false;
}
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($a_username);
$newUser["firstname"] = $this->response["firstname"];
$newUser["lastname"] = $this->response["lastname"];
$newUser["email"] = $this->response["email"];
$newUser["login"] = $local_user;
// to do: set valid password and send mail
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_CRYPTED;
// generate password, if local authentication is allowed
// and account mail is activated
$pw = "";
if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
$pw = ilUtil::generatePasswords(1);
$pw = $pw[0];
$newUser["passwd"] = $pw;
$newUser["passwd_type"] = IL_PASSWD_PLAIN;
}
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "soap";
$newUser["ext_account"] = $a_username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($lng->lang_default);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew(false);
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
// send account mail
if ($ilSetting->get("soap_auth_account_mail")) {
include_once './Services/User/classes/class.ilObjUserFolder.php';
$amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
include_once "Services/Mail/classes/class.ilAccountMail.php";
$acc_mail = new ilAccountMail();
if ($pw != "") {
$acc_mail->setUserPassword($pw);
}
$acc_mail->setUser($userObj);
$acc_mail->send();
}
}
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
/**
* init auth mode determinitation form
*
* @access protected
*/
protected function initAuthModeDetermination()
{
if (is_object($this->form)) {
return true;
}
// Are there any authentication methods that support automatic determination ?
include_once 'Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if ($det->getCountActiveAuthModes() <= 1) {
return false;
}
include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
$this->form = new ilPropertyFormGUI();
$this->form->setFormAction($this->ctrl->getFormAction($this));
$this->form->setTableWidth('100%');
$this->form->setTitle($this->lng->txt('auth_auth_settings'));
$this->form->addCommandButton('updateAuthModeDetermination', $this->lng->txt('save'));
require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
$cap = new ilCheckboxInputGUI($this->lng->txt('adm_captcha_anonymous_short'), 'activate_captcha_anonym');
$cap->setInfo($this->lng->txt('adm_captcha_anonymous_auth'));
$cap->setValue(1);
if (!ilCaptchaUtil::checkFreetype()) {
$cap->setAlert(ilCaptchaUtil::getPreconditionsMessage());
}
$cap->setChecked(ilCaptchaUtil::isActiveForLogin());
$this->form->addItem($cap);
$header = new ilFormSectionHeaderGUI();
$header->setTitle($this->lng->txt('auth_auth_mode_determination'));
$this->form->addItem($header);
$kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'), 'kind');
$kind->setInfo($this->lng->txt('auth_mode_determination_info'));
$kind->setValue($det->getKind());
$kind->setRequired(true);
$option_user = new ilRadioOption($this->lng->txt('auth_by_user'), 0);
$kind->addOption($option_user);
$option_determination = new ilRadioOption($this->lng->txt('auth_automatic'), 1);
include_once 'Services/Authentication/classes/class.ilAuthUtils.php';
$auth_sequenced = $det->getAuthModeSequence();
$counter = 1;
foreach ($auth_sequenced as $auth_mode) {
switch ($auth_mode) {
case AUTH_LDAP:
$text = $this->lng->txt('auth_ldap');
break;
case AUTH_RADIUS:
$text = $this->lng->txt('auth_radius');
break;
case AUTH_LOCAL:
$text = $this->lng->txt('auth_local');
break;
case AUTH_SOAP:
$text = $this->lng->txt('auth_soap');
break;
case AUTH_APACHE:
$text = $this->lng->txt('auth_apache');
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
default:
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
$option = $pl->getMultipleAuthModeOptions($auth_mode);
$text = $option[$auth_mode]['txt'];
}
break;
// end-patch auth_plugin
}
$pos = new ilTextInputGUI($text, 'position[' . $auth_mode . ']');
$pos->setValue($counter++);
$pos->setSize(1);
$pos->setMaxLength(1);
$option_determination->addSubItem($pos);
}
$kind->addOption($option_determination);
$this->form->addItem($kind);
return true;
}
/**
* Called from fetchData after successful login.
*
* @param string username
*/
public function loginObserver($a_username, $a_auth)
{
$usr_id = ilObjUser::_lookupId($a_username);
$auth_mode = ilObjUser::_lookupAuthMode($usr_id);
$auth_id = ilAuthUtils::_getAuthMode($auth_mode);
$GLOBALS['ilLog']->write(__METHOD__ . ': auth id = ' . $auth_id);
switch ($auth_id) {
case AUTH_APACHE:
case AUTH_LOCAL:
return true;
default:
if (ilAuthUtils::isPasswordModificationEnabled($auth_id)) {
return true;
}
}
$a_auth->status = AUTH_WRONG_LOGIN;
$a_auth->logout();
return false;
}
/**
* create client tag
*
* @param ilSetting $setting
*/
private function __buildClient($setting)
{
$auth_modes = ilAuthUtils::_getActiveAuthModes();
$auth_mode_default = strtoupper(ilAuthUtils::_getAuthModeName(array_shift($auth_modes)));
$auth_mode_names = array();
foreach ($auth_modes as $mode) {
$auth_mode_names[] = strtoupper(ilAuthUtils::_getAuthModeName($mode));
}
// determine skins/styles
$skin_styles = array();
include_once "./Services/Style/classes/class.ilStyleDefinition.php";
$styleDefinition = new ilStyleDefinition();
include_once "./Services/Style/classes/class.ilObjStyleSettings.php";
$templates = $styleDefinition->getAllTemplates();
if (is_array($templates)) {
foreach ($templates as $template) {
// get styles information of template
$styleDef =& new ilStyleDefinition($template["id"]);
$styleDef->startParsing();
$styles = $styleDef->getStyles();
foreach ($styles as $style) {
if (!ilObjStyleSettings::_lookupActivatedStyle($template["id"], $style["id"])) {
continue;
}
$skin_styles[] = $template["id"] . ":" . $style["id"];
}
}
}
// timezones
include_once 'Services/Calendar/classes/class.ilTimeZone.php';
$this->xmlStartTag("Client", array("inst_id" => $setting->get("inst_id"), "id" => $setting->clientid, "enabled" => $setting->access == 1 ? "TRUE" : "FALSE", "default_lang" => $setting->language));
$this->xmlEndTag("Client");
return;
// END here due to security reasons.
$this->xmlElement("Name", null, $setting->get("inst_name"));
$this->xmlElement("Description", null, $setting->description);
$this->xmlElement("Institution", null, $setting->get("inst_institution"));
$this->xmlStartTag("Responsible");
$this->xmlElement("Firstname", null, $setting->get("admin_firstname"));
$this->xmlElement("Lastname", null, $setting->get("admin_lastname"));
$this->xmlElement("Title", null, $setting->get("admin_title"));
$this->xmlElement("Institution", null, $setting->get("admin_institution"));
$this->xmlElement("Position", null, $setting->get("admin_position"));
$this->xmlElement("Email", null, $setting->get("admin_email"));
$this->xmlElement("Street ", null, $setting->get("admin_street"));
$this->xmlElement("ZipCode ", null, $setting->get("admin_zipcode"));
$this->xmlElement("City", null, $setting->get("admin_city"));
$this->xmlElement("Country", null, $setting->get("admin_country"));
$this->xmlElement("Phone", null, $setting->get("admin_phone"));
$this->xmlEndTag("Responsible");
$this->xmlStartTag("Settings");
$this->xmlElement("Setting", array("key" => "error_recipient"), $setting->get("error_recipient"));
$this->xmlElement("Setting", array("key" => "feedback_recipient"), $setting->get("feedback_recipient"));
$this->xmlElement("Setting", array("key" => "session_expiration"), $setting->session);
$this->xmlElement("Setting", array("key" => "soap_enabled"), $setting->get("soap_user_administration"));
$this->xmlElement("Setting", array("key" => "authentication_methods"), join(",", $auth_mode_names));
$this->xmlElement("Setting", array("key" => "authentication_default_method"), $auth_mode_default);
$this->xmlElement("Setting", array("key" => "skins"), join(",", $skin_styles));
$this->xmlElement("Setting", array("key" => "default_skin"), $setting->default_skin_style);
$this->xmlElement("Setting", array("key" => "default_timezone"), ilTimeZone::_getDefaultTimeZone());
$this->xmlElement("Setting", array("key" => "default_hits_per_page"), $setting->default_hits_per_page);
$this->xmlElement("Setting", array("key" => "default_show_users_online"), $setting->default_show_users_online);
$this->xmlEndTag("Settings");
if ($this->exportAdvMDDefs) {
// create advanced meta data record xml
include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecord.php';
include_once 'Services/AdvancedMetaData/classes/class.ilAdvancedMDRecordXMLWriter.php';
$record_ids = array();
$record_types = ilAdvancedMDRecord::_getAssignableObjectTypes();
foreach ($record_types as $type) {
$records = ilAdvancedMDRecord::_getActivatedRecordsByObjectType($type);
foreach ($records as $record) {
$record_ids[] = $record->getRecordId();
}
}
$record_ids = array_unique($record_ids);
$this->xmlStartTag('AdvancedMetaDataRecords');
if (count($record_ids) > 0) {
foreach ($record_ids as $record_id) {
$record_obj = ilAdvancedMDRecord::_getInstanceByrecordId($record_id);
$record_obj->toXML($this);
}
}
$this->xmlEndTag('AdvancedMetaDataRecords');
}
if ($this->exportUDFDefs) {
// create user defined fields record xml
include_once "./Services/User/classes/class.ilUserDefinedFields.php";
$udf_data =& ilUserDefinedFields::_newInstance();
$udf_data->addToXML($this);
}
$this->xmlEndTag("Client");
}
public function fetchData($user, $pass)
{
foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
if ($_REQUEST['force_mode_apache']) {
$this->log('Container Apache: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
$this->current_container = new ilAuthContainerApache();
$auth = new ilAuthApache($this->current_container);
} else {
switch ($auth_mode) {
case AUTH_LDAP:
$this->log('Container LDAP: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
$this->current_container = new ilAuthContainerLDAP();
break;
case AUTH_LOCAL:
$this->log('Container MDB2: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$this->current_container = new ilAuthContainerMDB2();
break;
case AUTH_SOAP:
$this->log('Container SOAP: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
$this->current_container = new ilAuthContainerSOAP();
break;
case AUTH_RADIUS:
$this->log('Container Radius: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
$this->current_container = new ilAuthContainerRadius();
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
default:
$this->log('Container Plugin: Trying new container', AUTH_LOG_DEBUG);
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
$container = $pl->getContainer($auth_mode);
if ($container instanceof Auth_Container) {
$this->current_container = $container;
break;
}
}
break;
// end-patch auth_plugin
}
}
$this->current_container->_auth_obj = $this->_auth_obj;
$result = $this->current_container->fetchData($user, $pass);
if (PEAR::isError($result)) {
$this->log('Container ' . $key . ': ' . $result->getMessage(), AUTH_LOG_ERR);
// Do not return here, otherwise wrong configured auth modes might block ilias database authentication
} elseif ($result == true) {
$this->log('Container ' . $key . ': Authentication successful.', AUTH_LOG_DEBUG);
return true;
} else {
$this->log('Container ' . $key . ': Authentication failed.', AUTH_LOG_DEBUG);
}
}
return false;
}