'title' => $langBack,
'icon' => 'fa-reply',
'level' => 'primary-label',
'url' => 'auth.php'
)));
// You have to logout from CAS and preferably close your browser
// to change CAS settings
if (!empty($_SESSION['cas_warn']) and $auth == 7) {
$tool_content .= "<div class='alert alert-warning'>$langCASnochange</div>";
}
if ($submit or ! empty($_SESSION['cas_do'])) {
if (!empty($_SESSION['cas_do']) and empty($_SESSION['cas_warn'])) {
// test new CAS settings
$cas_ret = cas_authenticate(7, true, $_SESSION['cas_host'], $_SESSION['cas_port'], $_SESSION['cas_context'], $_SESSION['cas_cachain']);
if (phpCAS::checkAuthentication()) {
$test_username = phpCAS::getUser();
if (!empty($test_username)) {
$cas_valid = true;
$_SESSION['cas_warn'] = true;
} else {
$cas_valid = false;
}
} else {
$cas_valid = false;
}
if (!empty($cas_ret['error']))
$tool_content .= "<div class='alert alert-warning'>$cas_ret[error]</div>";
}
function auth_user_login($auth, $test_username, $test_password, $settings)
{
global $webDir;
$testauth = false;
switch ($auth) {
case '1':
$unamewhere = get_config('case_insensitive_usernames') ? "= " : "COLLATE utf8_bin = ";
$result = Database::get()->querySingle("SELECT password FROM user WHERE username {$unamewhere} ?s", $test_username);
if ($result) {
foreach ($result as $myrow) {
$hasher = new PasswordHash(8, false);
if ($hasher->CheckPassword($test_password, $myrow->password)) {
$testauth = true;
} else {
if (strlen($myrow->password) < 60 && md5($test_password) == $myrow->password) {
$testauth = true;
// password is in old md5 format, update transparently
$password_encrypted = $hasher->HashPassword($test_password);
Database::get()->query("UPDATE user SET password = ?s WHERE username COLLATE utf8_bin = ?s", $password_encrypted, $test_username);
}
}
}
}
break;
case '2':
$pop3 = new pop3_class();
$pop3->hostname = $settings['pop3host'];
// POP 3 server host name
$pop3->port = 110;
// POP 3 server host port
$user = $test_username;
// Authentication user name
$password = $test_password;
// Authentication password
$pop3->realm = '';
// Authentication realm or domain
$pop3->workstation = '';
// Workstation for NTLM authentication
$apop = 0;
// Use APOP authentication
$pop3->authentication_mechanism = 'USER';
// SASL authentication mechanism
$pop3->debug = 0;
// Output debug information
$pop3->html_debug = 1;
// Debug information is in HTML
$pop3->join_continuation_header_lines = 1;
// Concatenate headers split in multiple lines
if (($error = $pop3->Open()) == '') {
if (($error = $pop3->Login($user, $password, $apop)) == '') {
if ($error == '' and ($error = $pop3->Close()) == '') {
$testauth = true;
}
}
}
if ($error != '') {
$testauth = false;
}
break;
case '3':
$imaphost = $settings['imaphost'];
$imapauth = imap_auth($imaphost, $test_username, $test_password);
if ($imapauth) {
$testauth = true;
}
break;
case '4':
$ldap = ldap_connect($settings['ldaphost']);
if (!$ldap) {
$GLOBALS['auth_errors'] = 'Error connecting to LDAP host';
return false;
} else {
// LDAP connection established - now search for user dn
@ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
if (@ldap_bind($ldap, $settings['ldapbind_dn'], $settings['ldapbind_pw'])) {
if (empty($settings['ldap_login_attr2'])) {
$search_filter = "({$settings['ldap_login_attr']}={$test_username})";
} else {
$search_filter = "(|({$settings['ldap_login_attr']}={$test_username})\n ({$settings['ldap_login_attr2']}={$test_username}))";
}
$userinforequest = ldap_search($ldap, $settings['ldap_base'], $search_filter);
if ($entry_id = ldap_first_entry($ldap, $userinforequest)) {
$user_dn = ldap_get_dn($ldap, $entry_id);
if (@ldap_bind($ldap, $user_dn, $test_password)) {
$testauth = true;
$userinfo = ldap_get_entries($ldap, $userinforequest);
if ($userinfo['count'] == 1) {
$lastname = get_ldap_attribute($userinfo, 'sn');
$firstname = get_ldap_attribute($userinfo, 'givenname');
if (empty($firstname)) {
$cn = get_ldap_attribute($userinfo, 'cn');
$firstname = trim(str_replace($lastname, '', $cn));
}
$GLOBALS['auth_user_info'] = array('firstname' => $firstname, 'lastname' => $lastname, 'email' => get_ldap_attribute($userinfo, 'mail'));
}
}
}
} else {
$GLOBALS['auth_errors'] = ldap_error($ldap);
return false;
}
@ldap_unbind($ldap);
}
break;
case '5':
$link = new Database($settings['dbhost'], $settings['dbname'], $settings['dbuser'], $settings['dbpass']);
if ($link) {
if ($link) {
$res = $link->querySingle("SELECT `{$settings['dbfieldpass']}`\n FROM `{$settings['dbtable']}`\n WHERE `{$settings['dbfielduser']}` = ?s", $test_username);
if ($res) {
$testauth = external_DB_Check_Pass($test_password, $res->{$settings}['dbfieldpass'], $settings['dbpassencr']);
}
}
}
break;
case '6':
$path = "{$webDir}secure/";
if (!file_exists($path)) {
if (!mkdir($path, 0700)) {
$testauth = false;
}
} else {
$indexfile = $path . 'index.php';
$index_regfile = $path . 'index_reg.php';
// creation of secure/index.php file
$f = fopen($indexfile, 'w');
$filecontents = '<?php
session_start();
$_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . ';
$_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . ';
$_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . ';
header("Location: ../index.php");
';
if (fwrite($f, $filecontents)) {
$testauth = true;
}
fclose($f);
// creation of secure/index_reg.php
// used in professor request registration process via shibboleth
$f = fopen($index_regfile, "w");
$filecontents = '<?php
session_start();
$_SESSION[\'shib_email\'] = ' . $settings['shibemail'] . ';
$_SESSION[\'shib_uname\'] = ' . $settings['shibuname'] . ';
$_SESSION[\'shib_surname\'] = ' . $settings['shibcn'] . ';
$_SESSION[\'shib_status\'] = $_SERVER[\'unscoped-affiliation\'];
$_SESSION[\'shib_auth\'] = true;
header("Location: ../modules/auth/altsearch.php" . (isset($_GET["p"]) && $_GET["p"]? "?p=1": ""));
';
if (fwrite($f, $filecontents)) {
$testauth = true;
}
fclose($f);
}
break;
case '7':
cas_authenticate($auth);
if (phpCAS::checkAuthentication()) {
$testauth = true;
}
break;
}
return $testauth;
}
* Public License) as published by the Free Software Foundation.
* The full license can be read in "/info/license/license_gpl.txt".
*
* Contact address: GUnet Asynchronous eLearning Group,
* Network Operations Center, University of Athens,
* Panepistimiopolis Ilissia, 15784, Athens, Greece
* e-mail: info@openeclass.org
* ======================================================================== */
/*
* Authors: Giannis Kapetanakis <*****@*****.**>
*/
require_once '../include/baseTheme.php';
require_once 'include/CAS/CAS.php';
require_once 'modules/auth/auth.inc.php';
$auth = 7;
cas_authenticate($auth);
if (phpCAS::checkAuthentication()) {
$cas = get_auth_settings($auth);
$attrs = get_cas_attrs(phpCAS::getAttributes(), $cas);
$_SESSION['cas_uname'] = phpCAS::getUser();
if (!empty($_SESSION['cas_uname'])) {
$_SESSION['uname'] = $_SESSION['cas_uname'];
}
if (!empty($attrs['casuserlastattr'])) {
$_SESSION['cas_surname'] = $attrs['casuserlastattr'];
}
if (!empty($attrs['casuserfirstattr'])) {
$_SESSION['cas_givenname'] = $attrs['casuserfirstattr'];
}
if (!empty($attrs['casusermailattr'])) {
$_SESSION['cas_email'] = $attrs['casusermailattr'];
} else {
message(lang('database_error'));
}
}
}
}
if ($proceed) {
echo '<CENTER>
<TABLE class="or_formtable" style="width: auto;"><TR><TD>';
show_message();
$_REQUEST['subpool_id'] = $_SESSION['subpool_id'];
if ($_REQUEST['subpool_id'] == 2) {
// user is a student. redirect to CAS
$ticket = $_GET['ticket'];
$page = "http" . ($_SERVER['HTTPS'] ? "s" : "") . "://" . $_SERVER['HTTP_HOST'] . '/';
$login = cas_authenticate($page . "public/participant_create.php", $conn, $ticket);
message(lang('successfully_registered'));
header("Location: " . $page . "public/");
exit;
} else {
$extra = '';
$pwfields = '';
$captcha = '';
if ($settings['subject_authentication'] != 'token') {
if (isset($_SESSION['pauthdata']['pw_provided']) && $_SESSION['pauthdata']['pw_provided']) {
$pwfields .= participant__password_form_fields(false, true);
} else {
$pwfields .= participant__password_form_fields(false, false);
}
}
$captcha = '<TR><TD>' . lang('captcha_text') . '<br><IMG src="captcha.php"><BR>
