function login($client, $username, $password)
{
$_COOKIE['ilClientId'] = $client;
$_POST['username'] = $username;
$_POST['password'] = $password;
unset($_COOKIE['PHPSESSID']);
try {
include_once './include/inc.header.php';
} catch (Exception $e) {
return $this->__raiseError($e->getMessage(), 'Server');
}
ilUtil::setCookie('ilClientId', $client);
global $ilUser;
if (!$ilUser->hasAcceptedUserAgreement()) {
return $this->__raiseError('User agreement not accepted', 'Server');
}
return session_id() . '::' . $client;
}
/**
* This method provides a global instance of class ilIniFile for the
* client.ini.php file in variable $ilClientIniFile.
*
* It initializes a lot of constants accordingly to the settings in
* the client.ini.php file.
*
* Preconditions: ILIAS_WEB_DIR and CLIENT_ID must be set.
*
* @return boolean true, if no error occured with client init file
* otherwise false
*/
protected static function initClientIniFile()
{
global $ilIliasIniFile;
// check whether ILIAS_WEB_DIR is set.
if (ILIAS_WEB_DIR == "") {
self::abortAndDie("Fatal Error: ilInitialisation::initClientIniFile called without ILIAS_WEB_DIR.");
}
// check whether CLIENT_ID is set.
if (CLIENT_ID == "") {
self::abortAndDie("Fatal Error: ilInitialisation::initClientIniFile called without CLIENT_ID.");
}
$ini_file = "./" . ILIAS_WEB_DIR . "/" . CLIENT_ID . "/client.ini.php";
// get settings from ini file
require_once "./Services/Init/classes/class.ilIniFile.php";
$ilClientIniFile = new ilIniFile($ini_file);
$ilClientIniFile->read();
// invalid client id / client ini
if ($ilClientIniFile->ERROR != "") {
$c = $_COOKIE["ilClientId"];
$default_client = $ilIliasIniFile->readVariable("clients", "default");
ilUtil::setCookie("ilClientId", $default_client);
if (CLIENT_ID != "" && CLIENT_ID != $default_client) {
$mess = array("en" => "Client does not exist.", "de" => "Mandant ist ungültig.");
self::redirect("index.php?client_id=" . $default_client, null, $mess);
} else {
self::abortAndDie("Invalid client");
}
}
self::initGlobal("ilClientIniFile", $ilClientIniFile);
// set constants
define("SESSION_REMINDER_LEADTIME", 30);
define("DEBUG", $ilClientIniFile->readVariable("system", "DEBUG"));
define("DEVMODE", $ilClientIniFile->readVariable("system", "DEVMODE"));
define("SHOWNOTICES", $ilClientIniFile->readVariable("system", "SHOWNOTICES"));
define("ROOT_FOLDER_ID", $ilClientIniFile->readVariable('system', 'ROOT_FOLDER_ID'));
define("SYSTEM_FOLDER_ID", $ilClientIniFile->readVariable('system', 'SYSTEM_FOLDER_ID'));
define("ROLE_FOLDER_ID", $ilClientIniFile->readVariable('system', 'ROLE_FOLDER_ID'));
define("MAIL_SETTINGS_ID", $ilClientIniFile->readVariable('system', 'MAIL_SETTINGS_ID'));
// this is for the online help installation, which sets OH_REF_ID to the
// ref id of the online module
define("OH_REF_ID", $ilClientIniFile->readVariable("system", "OH_REF_ID"));
define("SYSTEM_MAIL_ADDRESS", $ilClientIniFile->readVariable('system', 'MAIL_SENT_ADDRESS'));
// Change SS
define("MAIL_REPLY_WARNING", $ilClientIniFile->readVariable('system', 'MAIL_REPLY_WARNING'));
// Change SS
// see ilObject::TITLE_LENGTH, ilObject::DESC_LENGTH
// define ("MAXLENGTH_OBJ_TITLE",125);#$ilClientIniFile->readVariable('system','MAXLENGTH_OBJ_TITLE'));
// define ("MAXLENGTH_OBJ_DESC",$ilClientIniFile->readVariable('system','MAXLENGTH_OBJ_DESC'));
define("CLIENT_DATA_DIR", ILIAS_DATA_DIR . "/" . CLIENT_ID);
define("CLIENT_WEB_DIR", ILIAS_ABSOLUTE_PATH . "/" . ILIAS_WEB_DIR . "/" . CLIENT_ID);
define("CLIENT_NAME", $ilClientIniFile->readVariable('client', 'name'));
// Change SS
$val = $ilClientIniFile->readVariable("db", "type");
if ($val == "") {
define("IL_DB_TYPE", "mysql");
} else {
define("IL_DB_TYPE", $val);
}
return true;
}
public function confirmRegistration()
{
global $lng, $ilias, $ilLog;
ilUtil::setCookie('iltest', 'cookie', false);
if (!isset($_GET['rh']) || !strlen(trim($_GET['rh']))) {
ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=reg_confirmation_hash_not_passed');
}
try {
require_once 'Services/Registration/classes/class.ilRegistrationSettings.php';
$oRegSettings = new ilRegistrationSettings();
$usr_id = ilObjUser::_verifyRegistrationHash(trim($_GET['rh']));
$oUser = ilObjectFactory::getInstanceByObjId($usr_id);
$oUser->setActive(true);
if ($oRegSettings->passwordGenerationEnabled()) {
$passwd = ilUtil::generatePasswords(1);
$password = $passwd[0];
$oUser->setPasswd($password, IL_PASSWD_PLAIN);
$oUser->setLastPasswordChangeTS(time());
}
$oUser->update();
$usr_lang = $oUser->getPref('language');
if ($lng->getLangKey() != $usr_lang) {
$lng = new ilLanguage($usr_lang);
}
// send email
// try individual account mail in user administration
include_once "Services/Mail/classes/class.ilAccountMail.php";
include_once './Services/User/classes/class.ilObjUserFolder.php';
$amail = ilObjUserFolder::_lookupNewAccountMail($usr_lang);
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
$acc_mail = new ilAccountMail();
$acc_mail->setUser($oUser);
if ($oRegSettings->passwordGenerationEnabled()) {
$acc_mail->setUserPassword($password);
}
$acc_mail->send();
} else {
include_once 'Services/Mail/classes/class.ilMail.php';
$mail_obj = new ilMail(ANONYMOUS_USER_ID);
// mail subject
$subject = $lng->txt("reg_mail_subject");
// mail body
$body = $lng->txt("reg_mail_body_salutation") . " " . $oUser->getFullname() . ",\n\n" . $lng->txt("reg_mail_body_text1") . "\n\n" . $lng->txt("reg_mail_body_text2") . "\n" . ILIAS_HTTP_PATH . "/login.php?client_id=" . CLIENT_ID . "\n";
$body .= $lng->txt("login") . ": " . $oUser->getLogin() . "\n";
if ($oRegSettings->passwordGenerationEnabled()) {
$body .= $lng->txt("passwd") . ": " . $password . "\n";
}
$body .= "\n";
$body .= $lng->txt('reg_mail_body_forgot_password_info') . "\n";
$body .= "\n";
$body .= $lng->txt("reg_mail_body_text3") . "\n\r";
$body .= $oUser->getProfileAsString($lng);
$mail_obj->enableSoap(false);
$mail_obj->appendInstallationSignature(true);
$mail_obj->sendMail($oUser->getEmail(), '', '', $subject, $body, array(), array('normal'));
}
ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=reg_account_confirmation_successful&lang=' . $usr_lang);
} catch (ilRegConfirmationLinkExpiredException $exception) {
include_once 'Services/WebServices/SOAP/classes/class.ilSoapClient.php';
$soap_client = new ilSoapClient();
$soap_client->setResponseTimeout(1);
$soap_client->enableWSDL(true);
$soap_client->init();
$ilLog->write(__METHOD__ . ': Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...');
$soap_client->call('deleteExpiredDualOptInUserObjects', array($_COOKIE['PHPSESSID'] . '::' . $_COOKIE['ilClientId'], $exception->getCode()));
ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=' . $exception->getMessage() . "&lang=" . $usr_lang);
} catch (ilRegistrationHashNotFoundException $exception) {
ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=' . $exception->getMessage() . "&lang=" . $usr_lang);
}
}
/**
* Checks if there is a session with valid auth information.
*
* @access public
* @return boolean Whether or not the user is authenticated.
*/
function checkAuth()
{
$this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG);
$this->authChecks++;
if (isset($this->session)) {
// Check if authentication session is expired
if ($this->expire > 0 && isset($this->session['timestamp']) && $this->session['timestamp'] + $this->expire < time()) {
$this->log('Session Expired', AUTH_LOG_INFO);
$this->expired = true;
$this->status = AUTH_EXPIRED;
$this->logout();
return false;
}
// Check if maximum idle time is reached
if ($this->idle > 0 && isset($this->session['idle']) && $this->session['idle'] + $this->idle < time()) {
$this->log('Session Idle Time Reached', AUTH_LOG_INFO);
$this->idled = true;
$this->status = AUTH_IDLED;
$this->logout();
return false;
}
if (isset($this->session['registered']) && isset($this->session['username']) && $this->session['registered'] == true && $this->session['username'] != '') {
Auth::updateIdle();
if ($this->_isAdvancedSecurityEnabled()) {
$this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG);
// Only Generate the challenge once
if ($this->authChecks == 1 && $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) {
$this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG);
$this->session['challengecookieold'] = $this->session['challengecookie'];
$this->session['challengecookie'] = md5($this->session['challengekey'] . microtime());
//setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
require_once 'Services/Utilities/classes/class.ilUtil.php';
ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
}
// Check for ip change
if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK) && isset($this->server['REMOTE_ADDR']) && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
$this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO);
// Check if the IP of the user has changed, if so we
// assume a man in the middle attack and log him out
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
return false;
}
// Check for ip change (if connected via proxy)
if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK) && isset($this->server['HTTP_X_FORWARDED_FOR']) && $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
$this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO);
// Check if the IP of the user connecting via proxy has
// changed, if so we assume a man in the middle attack
// and log him out.
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
return false;
}
// Check for useragent change
if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT) && isset($this->server['HTTP_USER_AGENT']) && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
$this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO);
// Check if the User-Agent of the user has changed, if
// so we assume a man in the middle attack and log him out
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
return false;
}
// Check challenge cookie here, if challengecookieold is not set
// this is the first time and check is skipped
// TODO when user open two pages similtaneuly (open in new window,open
// in tab) auth breach is caused find out a way around that if possible
if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE) && isset($this->session['challengecookieold']) && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
$this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO);
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
$this->login();
return false;
}
}
if (is_callable($this->checkAuthCallback)) {
$this->log('Calling checkAuthCallback (' . $this->checkAuthCallback . ').', AUTH_LOG_DEBUG);
$checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
if ($checkCallback == false) {
$this->log('checkAuthCallback failed.', AUTH_LOG_INFO);
$this->expired = true;
$this->status = AUTH_CALLBACK_ABORT;
$this->logout();
return false;
}
}
$this->log('Session OK.', AUTH_LOG_INFO);
return true;
}
} else {
$this->log('Unable to locate session storage.', AUTH_LOG_DEBUG);
return false;
}
$this->log('No login session.', AUTH_LOG_DEBUG);
return false;
}
/**
* removes a session cookie, so it is not sent by browser anymore
*/
private static function removeSessionCookie()
{
ilUtil::setCookie(session_name(), 'deleted', true, true);
self::debug('Session cookie has been removed');
}
