/** * reads session settings from db * * @return array session_settings */ function getSessionSettings() { require_once 'Services/Authentication/classes/class.ilSessionControl.php'; $db = $this->client->getDB(); $setting_fields = ilSessionControl::getSettingFields(); $query = "SELECT * FROM settings WHERE module = %s " . "AND " . $db->in('keyword', $setting_fields, false, 'text'); $res = $db->queryF($query, array('text'), array('common')); $session_settings = array(); while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) { $session_settings[$row['keyword']] = $row['value']; } foreach ($setting_fields as $field) { if (!isset($session_settings[$field])) { $value = 1; switch ($field) { case 'session_max_count': $value = ilSessionControl::DEFAULT_MAX_COUNT; break; case 'session_min_idle': $value = ilSessionControl::DEFAULT_MIN_IDLE; break; case 'session_max_idle': $value = ilSessionControl::DEFAULT_MAX_IDLE; break; case 'session_max_idle_after_first_request': $value = ilSessionControl::DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST; break; case 'session_allow_client_maintenance': $value = ilSessionControl::DEFAULT_ALLOW_CLIENT_MAINTENANCE; break; } $session_settings[$field] = $value; } } return $session_settings; }
/** * display sessions form and process form input */ function displaySessions() { require_once 'Services/Authentication/classes/class.ilSessionControl.php'; $this->checkDisplayMode("setup_sessions"); if (!$this->setup->getClient()->db_installed) { // program should never come to this place $message = "No database found! Please install database first."; ilUtil::sendInfo($message); } $setting_fields = ilSessionControl::getSettingFields(); $valid = true; $settings = array(); foreach ($setting_fields as $field) { if ($field == 'session_allow_client_maintenance') { if (isset($_POST[$field])) { $_POST[$field] = '1'; } else { $_POST[$field] = '0'; } } if (isset($_POST[$field]) && $_POST[$field] != '') { $settings[$field] = $_POST[$field]; } else { $valid = false; break; } } if ($valid) { $this->setup->setSessionSettings($settings); } $settings = $this->setup->getSessionSettings(); include_once "Services/Form/classes/class.ilPropertyFormGUI.php"; $form = new ilPropertyFormGUI(); include_once 'Services/Authentication/classes/class.ilSession.php'; // BEGIN SESSION SETTINGS // create session handling radio group $ssettings = new ilRadioGroupInputGUI($this->lng->txt('sess_mode'), 'session_handling_type'); $ssettings->setValue($settings['session_handling_type'], ilSession::SESSION_HANDLING_FIXED); // first option, fixed session duration $fixed = new ilRadioOption($this->lng->txt('sess_fixed_duration'), ilSession::SESSION_HANDLING_FIXED); // add session handling to radio group $ssettings->addOption($fixed); // second option, session control $ldsh = new ilRadioOption($this->lng->txt('sess_load_dependent_session_handling'), ilSession::SESSION_HANDLING_LOAD_DEPENDENT); // this is the max count of active sessions // that are getting started simlutanously $ti = new ilTextInputGUI($this->lng->txt('sess_max_session_count'), "session_max_count"); $ti->setInfo($this->lng->txt('sess_max_session_count_info')); $ti->setMaxLength(5); $ti->setSize(5); $ti->setValue($settings['session_max_count']); $ldsh->addSubItem($ti); // after this (min) idle time the session can be deleted, // if there are further requests for new sessions, // but max session count is reached yet $ti = new ilTextInputGUI($this->lng->txt('sess_min_session_idle'), "session_min_idle"); $ti->setInfo($this->lng->txt('sess_min_session_idle_info')); $ti->setMaxLength(5); $ti->setSize(5); $ti->setValue($settings['session_min_idle']); $ldsh->addSubItem($ti); // after this (max) idle timeout the session expires // and become invalid, so it is not considered anymore // when calculating current count of active sessions $ti = new ilTextInputGUI($this->lng->txt('sess_max_session_idle'), "session_max_idle"); $ti->setInfo($this->lng->txt('sess_max_session_idle_info')); $ti->setMaxLength(5); $ti->setSize(5); $ti->setValue($settings['session_max_idle']); $ldsh->addSubItem($ti); // this is the max duration that can elapse between the first and the secnd // request to the system before the session is immidietly deleted $ti = new ilTextInputGUI($this->lng->txt('sess_max_session_idle_after_first_request'), "session_max_idle_after_first_request"); $ti->setInfo($this->lng->txt('sess_max_session_idle_after_first_request_info')); $ti->setMaxLength(5); $ti->setSize(5); $ti->setValue($settings['session_max_idle_after_first_request']); $ldsh->addSubItem($ti); // add session control to radio group $ssettings->addOption($ldsh); $form->addItem($ssettings); // controls the ability t maintenance the following // settings in client administration $chkb = new ilCheckboxInputGUI($this->lng->txt('sess_allow_client_maintenance'), "session_allow_client_maintenance"); $chkb->setInfo($this->lng->txt('sess_allow_client_maintenance_info')); $chkb->setChecked($settings['session_allow_client_maintenance'] ? true : false); $form->addItem($chkb); // END SESSION SETTINGS // save and cancel commands $form->addCommandButton("sess", $this->lng->txt('save')); $form->setTitle($this->lng->txt("sess_sessions")); $form->setFormAction('setup.php?client_id=' . $this->client_id . '&cmd=sess'); $this->tpl->setVariable("TXT_SETUP_TITLE", ucfirst(trim($this->lng->txt('sess_sessions')))); $this->tpl->setVariable("TXT_INFO", ''); $this->tpl->setVariable("SETUP_CONTENT", $form->getHTML()); /*$this->setButtonPrev("db"); if($this->setup->checkClientSessionSettings($this->client,true)) { $this->setButtonNext("lang"); }*/ $this->checkPanelMode(); }
protected function renderCurrentBasics() { global $ilSetting, $lng, $ilCtrl, $ilAccess; // basic data - not time related include_once "Services/Authentication/classes/class.ilSessionControl.php"; $active = (int) ilSessionControl::getExistingSessionCount(ilSessionControl::$session_types_controlled); $control_active = $ilSetting->get('session_handling_type', 0) == 1; if ($control_active) { $control_max_sessions = (int) $ilSetting->get('session_max_count', ilSessionControl::DEFAULT_MAX_COUNT); $control_min_idle = (int) $ilSetting->get('session_min_idle', ilSessionControl::DEFAULT_MIN_IDLE); $control_max_idle = (int) $ilSetting->get('session_max_idle', ilSessionControl::DEFAULT_MAX_IDLE); $control_max_idle_first = (int) $ilSetting->get('session_max_idle_after_first_request', ilSessionControl::DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST); } $last_maxed_out = new ilDateTime(ilSessionStatistics::getLastMaxedOut(), IL_CAL_UNIX); $last_aggr = new ilDateTime(ilSessionStatistics::getLastAggregation(), IL_CAL_UNIX); // build left column $left = new ilTemplate("tpl.session_statistics_left.html", true, true, "Services/Authentication"); $left->setVariable("CAPTION_CURRENT", $lng->txt("users_online")); $left->setVariable("VALUE_CURRENT", $active); $left->setVariable("CAPTION_LAST_AGGR", $lng->txt("trac_last_aggregation")); $left->setVariable("VALUE_LAST_AGGR", ilDatePresentation::formatDate($last_aggr)); $left->setVariable("CAPTION_LAST_MAX", $lng->txt("trac_last_maxed_out_sessions")); $left->setVariable("VALUE_LAST_MAX", ilDatePresentation::formatDate($last_maxed_out)); $left->setVariable("CAPTION_SESSION_CONTROL", $lng->txt("sess_load_dependent_session_handling")); if (!$control_active) { $left->setVariable("VALUE_SESSION_CONTROL", $lng->txt("no")); } else { $left->setVariable("VALUE_SESSION_CONTROL", $lng->txt("yes")); $left->setCurrentBlock("control_details"); $left->setVariable("CAPTION_SESSION_CONTROL_LIMIT", $lng->txt("session_max_count")); $left->setVariable("VALUE_SESSION_CONTROL_LIMIT", $control_max_sessions); $left->setVariable("CAPTION_SESSION_CONTROL_IDLE_MIN", $lng->txt("session_min_idle")); $left->setVariable("VALUE_SESSION_CONTROL_IDLE_MIN", $control_min_idle); $left->setVariable("CAPTION_SESSION_CONTROL_IDLE_MAX", $lng->txt("session_max_idle")); $left->setVariable("VALUE_SESSION_CONTROL_IDLE_MAX", $control_max_idle); $left->setVariable("CAPTION_SESSION_CONTROL_IDLE_FIRST", $lng->txt("session_max_idle_after_first_request")); $left->setVariable("VALUE_SESSION_CONTROL_IDLE_FIRST", $control_max_idle_first); $left->parseCurrentBlock(); } // sync button if ($ilAccess->checkAccess("write", "", (int) $_REQUEST["ref_id"])) { $left->setVariable("URL_SYNC", $ilCtrl->getFormAction($this, "adminSync")); $left->setVariable("CMD_SYNC", "adminSync"); $left->setVariable("TXT_SYNC", $lng->txt("trac_sync_session_stats")); } return $left->get(); }
/** * Called after logout * @return * @param array $a_username * @param object $a_auth */ protected function logoutObserver($a_username, $a_auth) { global $ilLog; $ilLog->write(__METHOD__ . ': Logout observer called'); ilSessionControl::handleLogoutEvent(); return $this->getContainer()->logoutObserver($a_username, $a_auth); }
/** * initialises $ilAuth */ function _initAuth() { global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile, $ilBench; $user_auth_mode = false; $ilBench->start('Auth', 'initAuth'); // get default auth mode //$default_auth_mode = $this->getSetting("auth_mode"); define("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL); // determine authentication method if no session is found and username & password is posted // does this if statement make any sense? we enter this block nearly everytime. if (empty($_SESSION) || (!isset($_SESSION['_authsession']['registered']) || $_SESSION['_authsession']['registered'] !== true)) { // no sesssion found if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status'])) { $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB); if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local")) { $user_auth_mode = AUTH_LOCAL; } if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local")) { $user_auth_mode = AUTH_LOCAL; } if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local")) { $user_auth_mode = AUTH_LOCAL; } } else { if ($_POST['auth_mode'] == AUTH_APACHE) { $user_auth_mode = AUTH_APACHE; } } } // to do: other solution? if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP) { $user_auth_mode = AUTH_LOCAL; } if ($ilSetting->get("cas_active") && $_GET['forceCASLogin']) { ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS); $user_auth_mode = AUTH_CAS; } if ($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE) { ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE); $user_auth_mode = AUTH_APACHE; } // BEGIN WebDAV: Share session between browser and WebDAV client. // The realm is needed to support a common session between Auth_HTTP and Auth. // It also helps us to distinguish between parallel sessions run on different clients. // Common session only works if we use a common session name starting with "_authhttp". // We must use the "_authttp" prefix, because it is hardcoded in the session name of // class Auth_HTTP. // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because // it interfers with the session mechanism of the other Auth modules. If we would // keep this switched on, then users could steal each others session, which would cause // a major security breach. // Note: The realm and sessionName used here, must be the same as in // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log // in to ILIAS. $realm = CLIENT_ID; //$this->writelog('ilias.php realm='.$realm); // END WebDAV: Share session between browser and WebDAV client. //var_dump($_SESSION); //echo "1-".$ilSetting->get("soap_auth_active")."-"; // if soap authentication activated and soap credentials given if ($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"]) && !empty($_GET["soap_pw"]) || $user_auth_mode == AUTH_SOAP) { define('AUTH_CURRENT', AUTH_SOAP); } else { if ($ilSetting->get("shib_active") && $_SERVER[$ilSetting->get("shib_login")]) { define("AUTH_CURRENT", AUTH_SHIBBOLETH); } else { define("AUTH_CURRENT", $user_auth_mode); } } //var_dump($_SESSION); // Determine the authentication method to use if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') { // Since WebDAV clients create the login form by // themselves, we can not provide buttons on the form for // choosing an authentication method. // If the user is already logged in, we continue using // the current authentication method. If the user is // not logged in yet, we use the "multiple authentication" // method using a predefined sequence of authentication methods. $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE; } else { $authmode = AUTH_CURRENT; } //var_dump($authmode); // if no auth mode selected AND default mode is AUTH_APACHE then use it... if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE) { $authmode = AUTH_APACHE; } switch ($authmode) { case AUTH_LDAP: include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP()); break; case AUTH_RADIUS: include_once './Services/Radius/classes/class.ilAuthContainerRadius.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius()); break; case AUTH_SHIBBOLETH: // build option string for SHIB::Auth $auth_params = array(); $auth_params['sessionName'] = "_authhttp" . md5($realm); $ilAuth = new ShibAuth($auth_params, true); break; case AUTH_CAS: include_once './Services/CAS/classes/class.ilAuthContainerCAS.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS()); break; case AUTH_SOAP: include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP()); break; case AUTH_MULTIPLE: include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple()); break; case AUTH_ECS: include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS()); break; case AUTH_OPENID: include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId()); break; case AUTH_INACTIVE: require_once './Services/Authentication/classes/class.ilAuthInactive.php'; $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE); break; case AUTH_APACHE: include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php'; ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE); $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache()); break; // begin-patch auth_plugin // begin-patch auth_plugin case AUTH_LOCAL: global $ilLog; include_once './Services/Database/classes/class.ilAuthContainerMDB2.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2()); break; default: // check for plugin if ($authmode) { foreach (self::getAuthPlugins() as $pl) { $container = $pl->getContainer($authmode); if ($container instanceof Auth_Container) { $GLOBALS['ilLog']->write(__METHOD__ . ' Using plugin authentication with auth_mode ' . $authmode); $ilAuth = ilAuthFactory::factory($container); break 2; } } } #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication'); // default for logged in users include_once './Services/Database/classes/class.ilAuthContainerMDB2.php'; $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2()); break; // end-patch auth_plugin } // Due to a bug in Pear Auth_HTTP, we can't use idle time // with WebDAV clients. If we used it, users could never log // back into ILIAS once their session idled out. :( if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP') { $ilAuth->setIdle(ilSession::getIdleValue(), false); } $ilAuth->setExpire(0); ini_set("session.cookie_lifetime", "0"); //echo "-".get_class($ilAuth)."-"; $GLOBALS['ilAuth'] =& $ilAuth; ilSessionControl::checkExpiredSession(); $ilBench->stop('Auth', 'initAuth'); }