/**
* Get https instance
* @return
*/
public static function getInstance()
{
if (self::$instance) {
return self::$instance;
}
return self::$instance = new ilHTTPS();
}
/**
* Creates (or reuses) a password assistance session, and sends a password
* assistance mail to the specified user.
* Note: To prevent DOS attacks, a new session is created only, if no session
* exists, or if the existing session has been expired.
* The password assistance mail contains an URL, which points to this script
* and contains the following URL parameters:
* client_id
* key
* @param $email
* @param $logins
*/
public function sendUsernameAssistanceMail($email, array $logins)
{
require_once 'Services/Mail/classes/class.ilMailbox.php';
require_once 'Services/Mail/classes/class.ilMimeMail.php';
require_once 'include/inc.pwassist_session_handler.php';
$protocol = $this->https->isDetected() ? 'https://' : 'http://';
$server_url = $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/')) . '/';
$login_url = $server_url . 'pwassist.php' . '?client_id=' . $this->ilias->getClientId() . '&lang=' . $this->lng->getLangKey();
$contact_address = $this->settings->get('admin_email');
$mm = new ilMimeMail();
$mm->Subject($this->lng->txt('pwassist_mail_subject'));
$mm->From($contact_address);
$mm->To($email);
$mm->Body(str_replace(array("\\n", "\\t"), array("\n", "\t"), sprintf($this->lng->txt('pwassist_username_mail_body'), join($logins, ",\n"), $server_url, $_SERVER['REMOTE_ADDR'], $email, 'mailto:' . $contact_address, $login_url)));
$mm->Send();
}
/**
* set session cookie params for path, domain, etc.
*/
protected static function setCookieParams()
{
global $ilSetting;
include_once 'Services/Authentication/classes/class.ilAuthFactory.php';
if (ilAuthFactory::getContext() == ilAuthFactory::CONTEXT_HTTP) {
$cookie_path = '/';
} elseif ($GLOBALS['COOKIE_PATH']) {
// use a predefined cookie path from WebAccessChecker
$cookie_path = $GLOBALS['COOKIE_PATH'];
} else {
$cookie_path = dirname($_SERVER['PHP_SELF']);
}
/* if ilias is called directly within the docroot $cookie_path
is set to '/' expecting on servers running under windows..
here it is set to '\'.
in both cases a further '/' won't be appended due to the following regex
*/
$cookie_path .= !preg_match("/[\\/|\\\\]\$/", $cookie_path) ? "/" : "";
if ($cookie_path == "\\") {
$cookie_path = '/';
}
include_once './Services/Http/classes/class.ilHTTPS.php';
$cookie_secure = !$ilSetting->get('https', 0) && ilHTTPS::getInstance()->isDetected();
define('IL_COOKIE_EXPIRE', 0);
define('IL_COOKIE_PATH', $cookie_path);
define('IL_COOKIE_DOMAIN', '');
define('IL_COOKIE_SECURE', $cookie_secure);
// Default Value
// session_set_cookie_params() supports 5th parameter
// only for php version 5.2.0 and above
if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
// PHP version >= 5.2.0
define('IL_COOKIE_HTTPONLY', true);
// Default Value
session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE, IL_COOKIE_HTTPONLY);
} else {
// PHP version < 5.2.0
session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE);
}
}
/**
* builds http path
*/
protected static function buildHTTPPath()
{
include_once './Services/Http/classes/class.ilHTTPS.php';
$https = new ilHTTPS();
if ($https->isDetected()) {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
$host = $_SERVER['HTTP_HOST'];
$rq_uri = $_SERVER['REQUEST_URI'];
// security fix: this failed, if the URI contained "?" and following "/"
// -> we remove everything after "?"
if (is_int($pos = strpos($rq_uri, "?"))) {
$rq_uri = substr($rq_uri, 0, $pos);
}
if (!defined('ILIAS_MODULE')) {
$path = pathinfo($rq_uri);
if (!$path['extension']) {
$uri = $rq_uri;
} else {
$uri = dirname($rq_uri);
}
} else {
// if in module remove module name from HTTP_PATH
$path = dirname($rq_uri);
// dirname cuts the last directory from a directory path e.g content/classes return content
$module = ilUtil::removeTrailingPathSeparators(ILIAS_MODULE);
$dirs = explode('/', $module);
$uri = $path;
foreach ($dirs as $dir) {
$uri = dirname($uri);
}
}
return define('ILIAS_HTTP_PATH', ilUtil::removeTrailingPathSeparators($protocol . $host . $uri));
}
/**
* Returns true, if the WebDAV server transfers data over HTTPS.
*
* @return boolean Returns true if HTTPS is active.
*/
public function isWebDAVoverHTTPS()
{
if ($this->isHTTPS == null) {
global $ilSetting;
require_once './Services/Http/classes/class.ilHTTPS.php';
$https = new ilHTTPS();
$this->isHTTPS = $https->isDetected() || $ilSetting->get('https');
}
return $this->isHTTPS;
}
/**
* deliver file for download via browser.
* @param $mime Mime of the file
* @param $isInline Set this to true, if the file shall be shown in browser
* @static
*
*/
public static function deliverFile($a_file, $a_filename, $a_mime = '', $isInline = false, $removeAfterDelivery = false, $a_exit_after = true)
{
// should we fail silently?
if (!file_exists($a_file)) {
return false;
}
if ($isInline) {
$disposition = "inline";
// "inline" to view file in browser
} else {
$disposition = "attachment";
// "attachment" to download to hard disk
//$a_mime = "application/octet-stream"; // override mime type to ensure that no browser tries to show the file anyway.
}
// END WebDAV: Show file in browser or provide it as attachment
if (strlen($a_mime)) {
$mime = $a_mime;
} else {
$mime = "application/octet-stream";
// or whatever the mime type is
}
// BEGIN WebDAV: Removed broken HTTPS code.
// END WebDAV: Removed broken HTTPS code.
if ($disposition == "attachment") {
header("Cache-control: private");
} else {
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
}
$ascii_filename = ilUtil::getASCIIFilename($a_filename);
header("Content-Type: {$mime}");
header("Content-Disposition:{$disposition}; filename=\"" . $ascii_filename . "\"");
header("Content-Description: " . $ascii_filename);
// #7271: if notice gets thrown download will fail in IE
$filesize = @filesize($a_file);
if ($filesize) {
header("Content-Length: " . (string) $filesize);
}
include_once './Services/Http/classes/class.ilHTTPS.php';
#if($_SERVER['HTTPS'])
if (ilHTTPS::getInstance()->isDetected()) {
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
}
header("Connection: close");
ilUtil::readFile($a_file);
if ($removeAfterDelivery) {
unlink($a_file);
}
if ($a_exit_after) {
exit;
}
}
function initIlias($context = "web")
{
global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory;
// remove unsafe characters
$this->removeUnsafeCharacters();
// error reporting
// remove notices from error reporting
if (version_compare(PHP_VERSION, '5.3.0', '>=')) {
error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED);
} else {
error_reporting(ini_get('error_reporting') & ~E_NOTICE);
}
// include common code files
$this->requireCommonIncludes();
global $ilBench;
// set error handler (to do: check preconditions for error handler to work)
$ilBench->start("Core", "HeaderInclude_GetErrorHandler");
$ilErr = new ilErrorHandling();
$GLOBALS['ilErr'] =& $ilErr;
$ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler'));
$ilBench->stop("Core", "HeaderInclude_GetErrorHandler");
// prepare file access to work with safe mode (has been done in class ilias before)
umask(0117);
// set cookie params
$this->setCookieParams();
// $ilIliasIniFile initialisation
$this->initIliasIniFile();
// CLIENT_ID determination
$this->determineClient();
// $ilAppEventHandler initialisation
$this->initEventHandling();
// $ilClientIniFile initialisation
$this->initClientIniFile();
// removed redirection madness the service should respond with SERVICE UNAVAILABLE
// $ilDB initialisation
$this->initDatabase();
// init plugin admin class
include_once "Services/Component/classes/class.ilPluginAdmin.php";
$ilPluginAdmin = new ilPluginAdmin();
$GLOBALS['ilPluginAdmin'] = $ilPluginAdmin;
// set session handler
$this->setSessionHandler();
// $ilSetting initialisation
$this->initSettings();
// $ilLog initialisation
$this->initLog();
// $https initialisation
require_once 'classes/class.ilHTTPS.php';
$https = new ilHTTPS();
$GLOBALS['https'] =& $https;
$https->enableSecureCookies();
$https->checkPort();
if ($this->returnBeforeAuth()) {
return;
}
$ilCtrl = new ilCtrl2();
$GLOBALS['ilCtrl'] =& $ilCtrl;
// $ilAuth initialisation
include_once "Services/Authentication/classes/class.ilAuthUtils.php";
ilAuthUtils::_initAuth();
global $ilAuth;
$this->includePhp5Compliance();
// Do not accept external session ids
if (!ilSession::_exists(session_id())) {
// $_GET["PHPSESSID"] = "";
session_regenerate_id();
}
// $ilias initialisation
global $ilias, $ilBench;
$ilBench->start("Core", "HeaderInclude_GetILIASObject");
$ilias = new ILIAS();
$GLOBALS['ilias'] =& $ilias;
$ilBench->stop("Core", "HeaderInclude_GetILIASObject");
// $ilObjDataCache initialisation
$ilObjDataCache = new ilObjectDataCache();
$GLOBALS['ilObjDataCache'] =& $ilObjDataCache;
// workaround: load old post variables if error handler 'message' was called
if (isset($_SESSION["message"]) && $_SESSION["message"]) {
$_POST = $_SESSION["post_vars"];
}
// put debugging functions here
require_once "include/inc.debug.php";
// $objDefinition initialisation
$ilBench->start("Core", "HeaderInclude_getObjectDefinitions");
$objDefinition = new ilObjectDefinition();
$GLOBALS['objDefinition'] =& $objDefinition;
// $objDefinition->startParsing();
$ilBench->stop("Core", "HeaderInclude_getObjectDefinitions");
// init tree
$tree = new ilTree(ROOT_FOLDER_ID);
$GLOBALS['tree'] =& $tree;
// $ilAccess and $rbac... initialisation
$this->initAccessHandling();
// authenticate & start session
PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler"));
$ilBench->start("Core", "HeaderInclude_Authentication");
//var_dump($_SESSION);
////require_once('Log.php');
////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST');
////$ilAuth->enableLogging = true;
if (!defined("IL_PHPUNIT_TEST")) {
$oldSid = session_id();
$ilAuth->start();
$newSid = session_id();
include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php';
ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid);
}
//var_dump($_SESSION);
$ilias->setAuthError($ilErr->getLastError());
$ilBench->stop("Core", "HeaderInclude_Authentication");
// workaround: force login
if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") {
$ilAuth->logout();
if (!isset($_GET['forceShoppingCartRedirect'])) {
$_SESSION = array();
}
$_SESSION["AccountId"] = "";
$ilAuth->start();
$ilias->setAuthError($ilErr->getLastError());
}
// check correct setup
if (!$ilias->getSetting("setup_ok")) {
die("Setup is not completed. Please run setup routine again.");
}
// $ilUser initialisation (1)
$ilBench->start("Core", "HeaderInclude_getCurrentUser");
$ilUser = new ilObjUser();
$ilias->account =& $ilUser;
$GLOBALS['ilUser'] =& $ilUser;
$ilBench->stop("Core", "HeaderInclude_getCurrentUser");
// $ilCtrl initialisation
//$ilCtrl = new ilCtrl();
// determin current script and up-path to main directory
// (sets $this->script and $this->updir)
$this->determineScriptAndUpDir();
// $styleDefinition initialisation and style handling for login and co.
$this->initStyle();
if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") {
$this->handleStyle();
}
// init locale
$this->initLocale();
// handle ILIAS 2 imported users:
// check ilias 2 password, if authentication failed
// only if AUTH_LOCAL
//echo "A";
if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") {
if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) {
if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) {
$ilAuth->start();
$ilias->setAuthError($ilErr->getLastError());
ilUtil::redirect("index.php");
}
}
}
//
// SUCCESSFUL AUTHENTICATION
//
if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) {
//echo "C"; exit;
$ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData");
//var_dump($_SESSION);
// get user data
$this->initUserAccount();
//var_dump($_SESSION);
// differentiate account security mode
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security_settings = ilSecuritySettings::_getInstance();
if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
// reset counter for failed logins
ilObjUser::_resetLoginAttempts($ilUser->getId());
}
$ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData");
} else {
if (!$ilAuth->getAuth()) {
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
// differentiate account security mode
$security = ilSecuritySettings::_getInstance();
if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) {
$username = ilUtil::stripSlashes($_POST['username']);
$usr_id = ilObjUser::_lookupId($username);
if ($usr_id != ANONYMOUS_USER_ID) {
ilObjUser::_incrementLoginAttempts($usr_id);
$login_attempts = ilObjUser::_getLoginAttempts($usr_id);
$max_attempts = $security->getLoginMaxAttempts();
if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) {
ilObjUser::_setUserInactive($usr_id);
}
}
}
}
}
}
//
// SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...)
//
// $lng initialisation
$this->initLanguage();
// store user language in tree
$GLOBALS['tree']->initLangCode();
// ### AA 03.10.29 added new LocatorGUI class ###
// when locator data array does not exist, initialise
if (!isset($_SESSION["locator_level"])) {
$_SESSION["locator_data"] = array();
$_SESSION["locator_level"] = -1;
}
// initialise global ilias_locator object
// ECS Tasks
include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php';
$scheduler = ilECSTaskScheduler::start();
$ilBench->stop("Core", "HeaderInclude");
}
/**
* validate settings
*
* @return 0, if everything is ok, an error code otherwise
*/
public function validate()
{
if ($this->isAutomaticHTTPSEnabled() && (strlen($this->getAutomaticHTTPSHeaderName()) == 0 || strlen($this->getAutomaticHTTPSHeaderValue()) == 0)) {
return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
}
include_once './Services/Http/classes/class.ilHTTPS.php';
if ($this->isHTTPSEnabled()) {
if (!ilHTTPS::_checkHTTPS()) {
return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
}
} elseif (!ilHTTPS::_checkHTTP()) {
return ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
}
if ($this->getAccountSecurityMode() == self::ACCOUNT_SECURITY_MODE_CUSTOMIZED) {
if ($this->getPasswordMinLength() < 0) {
return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
}
if ($this->getPasswordMaxLength() < 0) {
return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
}
$password_min_length = 1;
if ($this->isPasswordCharsAndNumbersEnabled()) {
$password_min_length++;
$password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
if ($this->isPasswordSpecialCharsEnabled()) {
$password_min_length++;
$password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
}
}
if ($this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length) {
return $password_min_length_error_code;
}
if ($this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength()) {
return self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
}
if ($this->getPasswordMaxAge() < 0) {
return self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
}
if ($this->getLoginMaxAttempts() < 0) {
return self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
}
}
/*
* todo: have to check for local auth if first login password change is enabled??
* than: add errorcode
*/
return 0;
}
/**
* validate settings
*
* @return 0, if everything is ok, an error code otherwise
*/
public function validate(ilPropertyFormGUI $a_form = null)
{
$code = null;
if ($a_form) {
include_once "Services/PrivacySecurity/classes/class.ilObjPrivacySecurityGUI.php";
}
// handled in form itself
if ($this->isAutomaticHTTPSEnabled() && (strlen($this->getAutomaticHTTPSHeaderName()) == 0 || strlen($this->getAutomaticHTTPSHeaderValue()) == 0)) {
return ilSecuritySettings::SECURITY_SETTINGS_ERR_CODE_AUTO_HTTPS;
}
include_once './Services/Http/classes/class.ilHTTPS.php';
if ($this->isHTTPSEnabled()) {
if (!ilHTTPS::_checkHTTPS()) {
$code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTPS_NOT_AVAILABLE;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('https_enabled')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
} elseif (!ilHTTPS::_checkHTTP()) {
$code = ilSecuritySettings::$SECURITY_SETTINGS_ERR_CODE_HTTP_NOT_AVAILABLE;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('https_enabled')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
if ($this->getPasswordMinLength() < 0) {
$code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MIN_LENGTH;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('password_min_length')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
if ($this->getPasswordMaxLength() < 0) {
$code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_LENGTH;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('password_max_length')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
$password_min_length = 1;
if ($this->getPasswordNumberOfUppercaseChars() > 0 || $this->getPasswordNumberOfLowercaseChars() > 0) {
$password_min_length = 0;
if ($this->getPasswordNumberOfUppercaseChars() > 0) {
$password_min_length += $this->getPasswordNumberOfUppercaseChars();
}
if ($this->getPasswordNumberOfLowercaseChars() > 0) {
$password_min_length += $this->getPasswordNumberOfLowercaseChars();
}
$password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN1;
}
if ($this->isPasswordCharsAndNumbersEnabled()) {
$password_min_length++;
$password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN2;
if ($this->isPasswordSpecialCharsEnabled()) {
$password_min_length++;
$password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
}
} else {
if ($password_min_length > 1 && $this->isPasswordSpecialCharsEnabled()) {
$password_min_length++;
$password_min_length_error_code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MIN_LENGTH_MIN3;
}
}
if ($this->getPasswordMinLength() > 0 && $this->getPasswordMinLength() < $password_min_length) {
$code = $password_min_length_error_code;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('password_min_length')->setAlert(sprintf(ilObjPrivacySecurityGUI::getErrorMessage($code), $password_min_length));
}
}
if ($this->getPasswordMaxLength() > 0 && $this->getPasswordMaxLength() < $this->getPasswordMinLength()) {
$code = self::SECURITY_SETTINGS_ERR_CODE_PASSWORD_MAX_LENGTH_LESS_MIN_LENGTH;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('password_max_length')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
if ($this->getPasswordMaxAge() < 0) {
$code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_PASSWORD_MAX_AGE;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('password_max_age')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
if ($this->getLoginMaxAttempts() < 0) {
$code = self::SECURITY_SETTINGS_ERR_CODE_INVALID_LOGIN_MAX_ATTEMPTS;
if (!$a_form) {
return $code;
} else {
$a_form->getItemByPostVar('login_max_attempts')->setAlert(ilObjPrivacySecurityGUI::getErrorMessage($code));
}
}
/*
* todo: have to check for local auth if first login password change is enabled??
* than: add errorcode
*/
if (!$a_form) {
return 0;
} else {
return !(bool) $code;
}
}
