/**
* Called after successful login
* @return
* @param array $a_username
* @param object $a_auth
*/
protected function loginObserver($a_username, $a_auth)
{
global $ilLog, $ilAppEventHandler, $ilSetting;
if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
// validate user
include_once "Services/User/classes/class.ilObjUser.php";
$user_id = ilObjUser::_loginExists($a_auth->getUsername());
if ($user_id != ANONYMOUS_USER_ID) {
$user = new ilObjUser($user_id);
// check if profile is complete
include_once "Services/User/classes/class.ilUserProfile.php";
if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
$user->setProfileIncomplete(true);
$user->update();
}
// --- extended user validation
//
// we only have a single status, so abort after each one
// order from highest priority to lowest
// active?
if (!$user->getActive()) {
$this->status = AUTH_USER_INACTIVE;
$a_auth->logout();
return;
}
// time limit
if (!$user->checkTimeLimit()) {
$this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
// #16327
$this->exceeded_user_name = $this->getUserName();
$a_auth->logout();
return;
}
// check client ip
$clientip = $user->getClientIP();
if (trim($clientip) != "") {
$clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
$clientip = str_replace(".", "\\.", $clientip);
$clientip = str_replace(array("?", "*", ","), array("[0-9]", "[0-9]*", "|"), $clientip);
if (!preg_match("/^" . $clientip . "\$/", $_SERVER["REMOTE_ADDR"])) {
$this->status = AUTH_USER_WRONG_IP;
$a_auth->logout();
return;
}
}
// simultaneous login
if ($ilSetting->get('ps_prevent_simultaneous_logins') && ilObjUser::hasActiveSession($user_id)) {
$this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
$a_auth->logout();
return;
}
include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
ilOnlineTracking::addUser($user_id);
include_once 'Modules/Forum/classes/class.ilObjForum.php';
ilObjForum::_updateOldAccess($user_id);
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security_settings = ilSecuritySettings::_getInstance();
// determine first login of user for setting an indicator
// which still is available in PersonalDesktop, Repository, ...
// (last login date is set to current date in next step)
if ($security_settings->isPasswordChangeOnFirstLoginEnabled() && $user->getLastLogin() == null) {
$user->resetLastPasswordChange();
}
$user->refreshLogin();
// reset counter for failed logins
ilObjUser::_resetLoginAttempts($user_id);
}
// --- anonymous/registered user
$ilLog->write(__METHOD__ . ': logged in as ' . $a_auth->getUsername() . ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] . ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']);
ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
$ilAppEventHandler->raise('Services/Authentication', 'afterLogin', array('username' => $a_auth->getUsername()));
}
}
/**
* set session cookie params for path, domain, etc.
*/
protected static function setCookieParams()
{
global $ilSetting;
include_once 'Services/Authentication/classes/class.ilAuthFactory.php';
if (ilAuthFactory::getContext() == ilAuthFactory::CONTEXT_HTTP) {
$cookie_path = '/';
} elseif ($GLOBALS['COOKIE_PATH']) {
// use a predefined cookie path from WebAccessChecker
$cookie_path = $GLOBALS['COOKIE_PATH'];
} else {
$cookie_path = dirname($_SERVER['PHP_SELF']);
}
/* if ilias is called directly within the docroot $cookie_path
is set to '/' expecting on servers running under windows..
here it is set to '\'.
in both cases a further '/' won't be appended due to the following regex
*/
$cookie_path .= !preg_match("/[\\/|\\\\]\$/", $cookie_path) ? "/" : "";
if ($cookie_path == "\\") {
$cookie_path = '/';
}
include_once './Services/Http/classes/class.ilHTTPS.php';
$cookie_secure = !$ilSetting->get('https', 0) && ilHTTPS::getInstance()->isDetected();
define('IL_COOKIE_EXPIRE', 0);
define('IL_COOKIE_PATH', $cookie_path);
define('IL_COOKIE_DOMAIN', '');
define('IL_COOKIE_SECURE', $cookie_secure);
// Default Value
// session_set_cookie_params() supports 5th parameter
// only for php version 5.2.0 and above
if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
// PHP version >= 5.2.0
define('IL_COOKIE_HTTPONLY', true);
// Default Value
session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE, IL_COOKIE_HTTPONLY);
} else {
// PHP version < 5.2.0
session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE);
}
}
/**
* shortcut for print_r
*
* @author Björn Heyser <*****@*****.**>
* @access public
* @param mixed any number of parameters
* @param string name of variable (optional)
*/
function pr($var, $name = '')
{
if ($name != '') {
$name .= ' = ';
}
$print = $name . print_r($var, true);
if (ilAuthFactory::getContext() == ilAuthFactory::CONTEXT_CRON) {
$hr = "\n---------------------------------------------------------------\n";
echo $hr . $print . $hr;
} else {
echo '<pre>' . $print . '</pre>';
}
// BH: php 5.3 seems to not flushing the output consequently so following redirects are still performed
// and the output of vd() would be lost in nirvana if we not flush the output manualy
flush();
ob_flush();
}
