'title' => $langBack, 'icon' => 'fa-reply', 'level' => 'primary-label', 'url' => 'auth.php' ))); // You have to logout from CAS and preferably close your browser // to change CAS settings if (!empty($_SESSION['cas_warn']) and $auth == 7) { $tool_content .= "<div class='alert alert-warning'>$langCASnochange</div>"; } if ($submit or ! empty($_SESSION['cas_do'])) { if (!empty($_SESSION['cas_do']) and empty($_SESSION['cas_warn'])) { // test new CAS settings $cas_ret = cas_authenticate(7, true, $_SESSION['cas_host'], $_SESSION['cas_port'], $_SESSION['cas_context'], $_SESSION['cas_cachain']); if (phpCAS::checkAuthentication()) { $test_username = phpCAS::getUser(); if (!empty($test_username)) { $cas_valid = true; $_SESSION['cas_warn'] = true; } else { $cas_valid = false; } } else { $cas_valid = false; } if (!empty($cas_ret['error'])) $tool_content .= "<div class='alert alert-warning'>$cas_ret[error]</div>"; }
function auth_user_login($auth, $test_username, $test_password, $settings) { global $webDir; $testauth = false; switch ($auth) { case '1': $unamewhere = get_config('case_insensitive_usernames') ? "= " : "COLLATE utf8_bin = "; $result = Database::get()->querySingle("SELECT password FROM user WHERE username {$unamewhere} ?s", $test_username); if ($result) { foreach ($result as $myrow) { $hasher = new PasswordHash(8, false); if ($hasher->CheckPassword($test_password, $myrow->password)) { $testauth = true; } else { if (strlen($myrow->password) < 60 && md5($test_password) == $myrow->password) { $testauth = true; // password is in old md5 format, update transparently $password_encrypted = $hasher->HashPassword($test_password); Database::get()->query("UPDATE user SET password = ?s WHERE username COLLATE utf8_bin = ?s", $password_encrypted, $test_username); } } } } break; case '2': $pop3 = new pop3_class(); $pop3->hostname = $settings['pop3host']; // POP 3 server host name $pop3->port = 110; // POP 3 server host port $user = $test_username; // Authentication user name $password = $test_password; // Authentication password $pop3->realm = ''; // Authentication realm or domain $pop3->workstation = ''; // Workstation for NTLM authentication $apop = 0; // Use APOP authentication $pop3->authentication_mechanism = 'USER'; // SASL authentication mechanism $pop3->debug = 0; // Output debug information $pop3->html_debug = 1; // Debug information is in HTML $pop3->join_continuation_header_lines = 1; // Concatenate headers split in multiple lines if (($error = $pop3->Open()) == '') { if (($error = $pop3->Login($user, $password, $apop)) == '') { if ($error == '' and ($error = $pop3->Close()) == '') { $testauth = true; } } } if ($error != '') { $testauth = false; } break; case '3': $imaphost = $settings['imaphost']; $imapauth = imap_auth($imaphost, $test_username, $test_password); if ($imapauth) { $testauth = true; } break; case '4': $ldap = ldap_connect($settings['ldaphost']); if (!$ldap) { $GLOBALS['auth_errors'] = 'Error connecting to LDAP host'; return false; } else { // LDAP connection established - now search for user dn @ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3); if (@ldap_bind($ldap, $settings['ldapbind_dn'], $settings['ldapbind_pw'])) { if (empty($settings['ldap_login_attr2'])) { $search_filter = "({$settings['ldap_login_attr']}={$test_username})"; } else { $search_filter = "(|({$settings['ldap_login_attr']}={$test_username})\n ({$settings['ldap_login_attr2']}={$test_username}))"; } $userinforequest = ldap_search($ldap, $settings['ldap_base'], $search_filter); if ($entry_id = ldap_first_entry($ldap, $userinforequest)) { $user_dn = ldap_get_dn($ldap, $entry_id); if (@ldap_bind($ldap, $user_dn, $test_password)) { $testauth = true; $userinfo = ldap_get_entries($ldap, $userinforequest); if ($userinfo['count'] == 1) { $lastname = get_ldap_attribute($userinfo, 'sn'); $firstname = get_ldap_attribute($userinfo, 'givenname'); if (empty($firstname)) { $cn = get_ldap_attribute($userinfo, 'cn'); $firstname = trim(str_replace($lastname, '', $cn)); } $GLOBALS['auth_user_info'] = array('firstname' => $firstname, 'lastname' => $lastname, 'email' => get_ldap_attribute($userinfo, 'mail')); } } } } else { $GLOBALS['auth_errors'] = ldap_error($ldap); return false; } @ldap_unbind($ldap); } break; case '5': $link = new Database($settings['dbhost'], $settings['dbname'], $settings['dbuser'], $settings['dbpass']); if ($link) { if ($link) { $res = $link->querySingle("SELECT `{$settings['dbfieldpass']}`\n FROM `{$settings['dbtable']}`\n WHERE `{$settings['dbfielduser']}` = ?s", $test_username); if ($res) { $testauth = external_DB_Check_Pass($test_password, $res->{$settings}['dbfieldpass'], $settings['dbpassencr']); } } } break; case '6': $path = "{$webDir}secure/"; if (!file_exists($path)) { if (!mkdir($path, 0700)) { $testauth = false; } } else { $indexfile = $path . 'index.php'; $index_regfile = $path . 'index_reg.php'; // creation of secure/index.php file $f = fopen($indexfile, 'w'); $filecontents = '<?php session_start(); $_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . '; $_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . '; $_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . '; header("Location: ../index.php"); '; if (fwrite($f, $filecontents)) { $testauth = true; } fclose($f); // creation of secure/index_reg.php // used in professor request registration process via shibboleth $f = fopen($index_regfile, "w"); $filecontents = '<?php session_start(); $_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . '; $_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . '; $_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . '; $_SESSION[\'shib_status\'] = $_SERVER[\'unscoped-affiliation\']; $_SESSION[\'shib_auth\'] = true; header("Location: ../modules/auth/altsearch.php" . (isset($_GET["p"]) && $_GET["p"]? "?p=1": "")); '; if (fwrite($f, $filecontents)) { $testauth = true; } fclose($f); } break; case '7': cas_authenticate($auth); if (phpCAS::checkAuthentication()) { $testauth = true; } break; } return $testauth; }
* Public License) as published by the Free Software Foundation. * The full license can be read in "/info/license/license_gpl.txt". * * Contact address: GUnet Asynchronous eLearning Group, * Network Operations Center, University of Athens, * Panepistimiopolis Ilissia, 15784, Athens, Greece * e-mail: info@openeclass.org * ======================================================================== */ /* * Authors: Giannis Kapetanakis <*****@*****.**> */ require_once '../include/baseTheme.php'; require_once 'include/CAS/CAS.php'; require_once 'modules/auth/auth.inc.php'; $auth = 7; cas_authenticate($auth); if (phpCAS::checkAuthentication()) { $cas = get_auth_settings($auth); $attrs = get_cas_attrs(phpCAS::getAttributes(), $cas); $_SESSION['cas_uname'] = phpCAS::getUser(); if (!empty($_SESSION['cas_uname'])) { $_SESSION['uname'] = $_SESSION['cas_uname']; } if (!empty($attrs['casuserlastattr'])) { $_SESSION['cas_surname'] = $attrs['casuserlastattr']; } if (!empty($attrs['casuserfirstattr'])) { $_SESSION['cas_givenname'] = $attrs['casuserfirstattr']; } if (!empty($attrs['casusermailattr'])) { $_SESSION['cas_email'] = $attrs['casusermailattr'];
} else { message(lang('database_error')); } } } } if ($proceed) { echo '<CENTER> <TABLE class="or_formtable" style="width: auto;"><TR><TD>'; show_message(); $_REQUEST['subpool_id'] = $_SESSION['subpool_id']; if ($_REQUEST['subpool_id'] == 2) { // user is a student. redirect to CAS $ticket = $_GET['ticket']; $page = "http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . '/'; $login = cas_authenticate($page . "public/participant_create.php", $conn, $ticket); message(lang('successfully_registered')); header("Location: " . $page . "public/"); exit; } else { $extra = ''; $pwfields = ''; $captcha = ''; if ($settings['subject_authentication'] != 'token') { if (isset($_SESSION['pauthdata']['pw_provided']) && $_SESSION['pauthdata']['pw_provided']) { $pwfields .= participant__password_form_fields(false, true); } else { $pwfields .= participant__password_form_fields(false, false); } } $captcha = '<TR><TD>' . lang('captcha_text') . '<br><IMG src="captcha.php"><BR>