/**
* reads session settings from db
*
* @return array session_settings
*/
function getSessionSettings()
{
require_once 'Services/Authentication/classes/class.ilSessionControl.php';
$db = $this->client->getDB();
$setting_fields = ilSessionControl::getSettingFields();
$query = "SELECT * FROM settings WHERE module = %s " . "AND " . $db->in('keyword', $setting_fields, false, 'text');
$res = $db->queryF($query, array('text'), array('common'));
$session_settings = array();
while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
$session_settings[$row['keyword']] = $row['value'];
}
foreach ($setting_fields as $field) {
if (!isset($session_settings[$field])) {
$value = 1;
switch ($field) {
case 'session_max_count':
$value = ilSessionControl::DEFAULT_MAX_COUNT;
break;
case 'session_min_idle':
$value = ilSessionControl::DEFAULT_MIN_IDLE;
break;
case 'session_max_idle':
$value = ilSessionControl::DEFAULT_MAX_IDLE;
break;
case 'session_max_idle_after_first_request':
$value = ilSessionControl::DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST;
break;
case 'session_allow_client_maintenance':
$value = ilSessionControl::DEFAULT_ALLOW_CLIENT_MAINTENANCE;
break;
}
$session_settings[$field] = $value;
}
}
return $session_settings;
}
/**
* display sessions form and process form input
*/
function displaySessions()
{
require_once 'Services/Authentication/classes/class.ilSessionControl.php';
$this->checkDisplayMode("setup_sessions");
if (!$this->setup->getClient()->db_installed) {
// program should never come to this place
$message = "No database found! Please install database first.";
ilUtil::sendInfo($message);
}
$setting_fields = ilSessionControl::getSettingFields();
$valid = true;
$settings = array();
foreach ($setting_fields as $field) {
if ($field == 'session_allow_client_maintenance') {
if (isset($_POST[$field])) {
$_POST[$field] = '1';
} else {
$_POST[$field] = '0';
}
}
if (isset($_POST[$field]) && $_POST[$field] != '') {
$settings[$field] = $_POST[$field];
} else {
$valid = false;
break;
}
}
if ($valid) {
$this->setup->setSessionSettings($settings);
}
$settings = $this->setup->getSessionSettings();
include_once "Services/Form/classes/class.ilPropertyFormGUI.php";
$form = new ilPropertyFormGUI();
include_once 'Services/Authentication/classes/class.ilSession.php';
// BEGIN SESSION SETTINGS
// create session handling radio group
$ssettings = new ilRadioGroupInputGUI($this->lng->txt('sess_mode'), 'session_handling_type');
$ssettings->setValue($settings['session_handling_type'], ilSession::SESSION_HANDLING_FIXED);
// first option, fixed session duration
$fixed = new ilRadioOption($this->lng->txt('sess_fixed_duration'), ilSession::SESSION_HANDLING_FIXED);
// add session handling to radio group
$ssettings->addOption($fixed);
// second option, session control
$ldsh = new ilRadioOption($this->lng->txt('sess_load_dependent_session_handling'), ilSession::SESSION_HANDLING_LOAD_DEPENDENT);
// this is the max count of active sessions
// that are getting started simlutanously
$ti = new ilTextInputGUI($this->lng->txt('sess_max_session_count'), "session_max_count");
$ti->setInfo($this->lng->txt('sess_max_session_count_info'));
$ti->setMaxLength(5);
$ti->setSize(5);
$ti->setValue($settings['session_max_count']);
$ldsh->addSubItem($ti);
// after this (min) idle time the session can be deleted,
// if there are further requests for new sessions,
// but max session count is reached yet
$ti = new ilTextInputGUI($this->lng->txt('sess_min_session_idle'), "session_min_idle");
$ti->setInfo($this->lng->txt('sess_min_session_idle_info'));
$ti->setMaxLength(5);
$ti->setSize(5);
$ti->setValue($settings['session_min_idle']);
$ldsh->addSubItem($ti);
// after this (max) idle timeout the session expires
// and become invalid, so it is not considered anymore
// when calculating current count of active sessions
$ti = new ilTextInputGUI($this->lng->txt('sess_max_session_idle'), "session_max_idle");
$ti->setInfo($this->lng->txt('sess_max_session_idle_info'));
$ti->setMaxLength(5);
$ti->setSize(5);
$ti->setValue($settings['session_max_idle']);
$ldsh->addSubItem($ti);
// this is the max duration that can elapse between the first and the secnd
// request to the system before the session is immidietly deleted
$ti = new ilTextInputGUI($this->lng->txt('sess_max_session_idle_after_first_request'), "session_max_idle_after_first_request");
$ti->setInfo($this->lng->txt('sess_max_session_idle_after_first_request_info'));
$ti->setMaxLength(5);
$ti->setSize(5);
$ti->setValue($settings['session_max_idle_after_first_request']);
$ldsh->addSubItem($ti);
// add session control to radio group
$ssettings->addOption($ldsh);
$form->addItem($ssettings);
// controls the ability t maintenance the following
// settings in client administration
$chkb = new ilCheckboxInputGUI($this->lng->txt('sess_allow_client_maintenance'), "session_allow_client_maintenance");
$chkb->setInfo($this->lng->txt('sess_allow_client_maintenance_info'));
$chkb->setChecked($settings['session_allow_client_maintenance'] ? true : false);
$form->addItem($chkb);
// END SESSION SETTINGS
// save and cancel commands
$form->addCommandButton("sess", $this->lng->txt('save'));
$form->setTitle($this->lng->txt("sess_sessions"));
$form->setFormAction('setup.php?client_id=' . $this->client_id . '&cmd=sess');
$this->tpl->setVariable("TXT_SETUP_TITLE", ucfirst(trim($this->lng->txt('sess_sessions'))));
$this->tpl->setVariable("TXT_INFO", '');
$this->tpl->setVariable("SETUP_CONTENT", $form->getHTML());
/*$this->setButtonPrev("db");
if($this->setup->checkClientSessionSettings($this->client,true))
{
$this->setButtonNext("lang");
}*/
$this->checkPanelMode();
}
protected function renderCurrentBasics()
{
global $ilSetting, $lng, $ilCtrl, $ilAccess;
// basic data - not time related
include_once "Services/Authentication/classes/class.ilSessionControl.php";
$active = (int) ilSessionControl::getExistingSessionCount(ilSessionControl::$session_types_controlled);
$control_active = $ilSetting->get('session_handling_type', 0) == 1;
if ($control_active) {
$control_max_sessions = (int) $ilSetting->get('session_max_count', ilSessionControl::DEFAULT_MAX_COUNT);
$control_min_idle = (int) $ilSetting->get('session_min_idle', ilSessionControl::DEFAULT_MIN_IDLE);
$control_max_idle = (int) $ilSetting->get('session_max_idle', ilSessionControl::DEFAULT_MAX_IDLE);
$control_max_idle_first = (int) $ilSetting->get('session_max_idle_after_first_request', ilSessionControl::DEFAULT_MAX_IDLE_AFTER_FIRST_REQUEST);
}
$last_maxed_out = new ilDateTime(ilSessionStatistics::getLastMaxedOut(), IL_CAL_UNIX);
$last_aggr = new ilDateTime(ilSessionStatistics::getLastAggregation(), IL_CAL_UNIX);
// build left column
$left = new ilTemplate("tpl.session_statistics_left.html", true, true, "Services/Authentication");
$left->setVariable("CAPTION_CURRENT", $lng->txt("users_online"));
$left->setVariable("VALUE_CURRENT", $active);
$left->setVariable("CAPTION_LAST_AGGR", $lng->txt("trac_last_aggregation"));
$left->setVariable("VALUE_LAST_AGGR", ilDatePresentation::formatDate($last_aggr));
$left->setVariable("CAPTION_LAST_MAX", $lng->txt("trac_last_maxed_out_sessions"));
$left->setVariable("VALUE_LAST_MAX", ilDatePresentation::formatDate($last_maxed_out));
$left->setVariable("CAPTION_SESSION_CONTROL", $lng->txt("sess_load_dependent_session_handling"));
if (!$control_active) {
$left->setVariable("VALUE_SESSION_CONTROL", $lng->txt("no"));
} else {
$left->setVariable("VALUE_SESSION_CONTROL", $lng->txt("yes"));
$left->setCurrentBlock("control_details");
$left->setVariable("CAPTION_SESSION_CONTROL_LIMIT", $lng->txt("session_max_count"));
$left->setVariable("VALUE_SESSION_CONTROL_LIMIT", $control_max_sessions);
$left->setVariable("CAPTION_SESSION_CONTROL_IDLE_MIN", $lng->txt("session_min_idle"));
$left->setVariable("VALUE_SESSION_CONTROL_IDLE_MIN", $control_min_idle);
$left->setVariable("CAPTION_SESSION_CONTROL_IDLE_MAX", $lng->txt("session_max_idle"));
$left->setVariable("VALUE_SESSION_CONTROL_IDLE_MAX", $control_max_idle);
$left->setVariable("CAPTION_SESSION_CONTROL_IDLE_FIRST", $lng->txt("session_max_idle_after_first_request"));
$left->setVariable("VALUE_SESSION_CONTROL_IDLE_FIRST", $control_max_idle_first);
$left->parseCurrentBlock();
}
// sync button
if ($ilAccess->checkAccess("write", "", (int) $_REQUEST["ref_id"])) {
$left->setVariable("URL_SYNC", $ilCtrl->getFormAction($this, "adminSync"));
$left->setVariable("CMD_SYNC", "adminSync");
$left->setVariable("TXT_SYNC", $lng->txt("trac_sync_session_stats"));
}
return $left->get();
}
/**
* Called after logout
* @return
* @param array $a_username
* @param object $a_auth
*/
protected function logoutObserver($a_username, $a_auth)
{
global $ilLog;
$ilLog->write(__METHOD__ . ': Logout observer called');
ilSessionControl::handleLogoutEvent();
return $this->getContainer()->logoutObserver($a_username, $a_auth);
}
/**
* initialises $ilAuth
*/
function _initAuth()
{
global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile, $ilBench;
$user_auth_mode = false;
$ilBench->start('Auth', 'initAuth');
// get default auth mode
//$default_auth_mode = $this->getSetting("auth_mode");
define("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
// determine authentication method if no session is found and username & password is posted
// does this if statement make any sense? we enter this block nearly everytime.
if (empty($_SESSION) || (!isset($_SESSION['_authsession']['registered']) || $_SESSION['_authsession']['registered'] !== true)) {
// no sesssion found
if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status'])) {
$user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local")) {
$user_auth_mode = AUTH_LOCAL;
}
if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local")) {
$user_auth_mode = AUTH_LOCAL;
}
if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local")) {
$user_auth_mode = AUTH_LOCAL;
}
} else {
if ($_POST['auth_mode'] == AUTH_APACHE) {
$user_auth_mode = AUTH_APACHE;
}
}
}
// to do: other solution?
if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP) {
$user_auth_mode = AUTH_LOCAL;
}
if ($ilSetting->get("cas_active") && $_GET['forceCASLogin']) {
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
$user_auth_mode = AUTH_CAS;
}
if ($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE) {
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
$user_auth_mode = AUTH_APACHE;
}
// BEGIN WebDAV: Share session between browser and WebDAV client.
// The realm is needed to support a common session between Auth_HTTP and Auth.
// It also helps us to distinguish between parallel sessions run on different clients.
// Common session only works if we use a common session name starting with "_authhttp".
// We must use the "_authttp" prefix, because it is hardcoded in the session name of
// class Auth_HTTP.
// Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
// it interfers with the session mechanism of the other Auth modules. If we would
// keep this switched on, then users could steal each others session, which would cause
// a major security breach.
// Note: The realm and sessionName used here, must be the same as in
// class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
// in to ILIAS.
$realm = CLIENT_ID;
//$this->writelog('ilias.php realm='.$realm);
// END WebDAV: Share session between browser and WebDAV client.
//var_dump($_SESSION);
//echo "1-".$ilSetting->get("soap_auth_active")."-";
// if soap authentication activated and soap credentials given
if ($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"]) && !empty($_GET["soap_pw"]) || $user_auth_mode == AUTH_SOAP) {
define('AUTH_CURRENT', AUTH_SOAP);
} else {
if ($ilSetting->get("shib_active") && $_SERVER[$ilSetting->get("shib_login")]) {
define("AUTH_CURRENT", AUTH_SHIBBOLETH);
} else {
define("AUTH_CURRENT", $user_auth_mode);
}
}
//var_dump($_SESSION);
// Determine the authentication method to use
if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
// Since WebDAV clients create the login form by
// themselves, we can not provide buttons on the form for
// choosing an authentication method.
// If the user is already logged in, we continue using
// the current authentication method. If the user is
// not logged in yet, we use the "multiple authentication"
// method using a predefined sequence of authentication methods.
$authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
} else {
$authmode = AUTH_CURRENT;
}
//var_dump($authmode);
// if no auth mode selected AND default mode is AUTH_APACHE then use it...
if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE) {
$authmode = AUTH_APACHE;
}
switch ($authmode) {
case AUTH_LDAP:
include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP());
break;
case AUTH_RADIUS:
include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
break;
case AUTH_SHIBBOLETH:
// build option string for SHIB::Auth
$auth_params = array();
$auth_params['sessionName'] = "_authhttp" . md5($realm);
$ilAuth = new ShibAuth($auth_params, true);
break;
case AUTH_CAS:
include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
break;
case AUTH_SOAP:
include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
break;
case AUTH_MULTIPLE:
include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
break;
case AUTH_ECS:
include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
break;
case AUTH_OPENID:
include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId());
break;
case AUTH_INACTIVE:
require_once './Services/Authentication/classes/class.ilAuthInactive.php';
$ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
break;
case AUTH_APACHE:
include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
$ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
case AUTH_LOCAL:
global $ilLog;
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
break;
default:
// check for plugin
if ($authmode) {
foreach (self::getAuthPlugins() as $pl) {
$container = $pl->getContainer($authmode);
if ($container instanceof Auth_Container) {
$GLOBALS['ilLog']->write(__METHOD__ . ' Using plugin authentication with auth_mode ' . $authmode);
$ilAuth = ilAuthFactory::factory($container);
break 2;
}
}
}
#$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
// default for logged in users
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
break;
// end-patch auth_plugin
}
// Due to a bug in Pear Auth_HTTP, we can't use idle time
// with WebDAV clients. If we used it, users could never log
// back into ILIAS once their session idled out. :(
if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP') {
$ilAuth->setIdle(ilSession::getIdleValue(), false);
}
$ilAuth->setExpire(0);
ini_set("session.cookie_lifetime", "0");
//echo "-".get_class($ilAuth)."-";
$GLOBALS['ilAuth'] =& $ilAuth;
ilSessionControl::checkExpiredSession();
$ilBench->stop('Auth', 'initAuth');
}
