/**
  * Generate Users
  *
  * @param
  * @return
  */
 function generateUsers($a_login_base = "learner", $a_start = 1, $a_end = 1000, $a_firstname = "John", $a_lastname_base = "Learner", $a_pw = "learnerpw", $a_email = "*****@*****.**", $a_gender = "m", $a_lang = "en")
 {
     global $rbacadmin;
     // new users
     $this->log("Creating Users");
     for ($i = $a_start; $i <= $a_end; $i++) {
         $this->log($a_login_base . $i);
         $user = new ilObjUser();
         $user->setLogin($a_login_base . $i);
         $user->setFirstname($a_firstname);
         $user->setLastname($a_lastname_base . " " . $i);
         $user->setGender($a_gender);
         $user->setEmail($a_email);
         $user->setAgreeDate(ilUtil::now());
         $user->setPasswd($a_pw, IL_PASSWD_PLAIN);
         $user->setTitle($user->getFullname());
         $user->setDescription($user->getEmail());
         $user->setLastPasswordChangeTS(time());
         $user->setActive(true);
         $user->setTimeLimitUnlimited(true);
         $user->create();
         $user->setLanguage($a_lang);
         $user->saveAsNew(false);
         $user->writePrefs();
         $rbacadmin->assignUser(4, $user->getId(), true);
     }
 }
 public static function _createRandomUserAccount($keyarray)
 {
     global $ilDB, $ilUser, $ilSetting, $rbacadmin;
     if ($_SESSION['create_user_account'] != NULL) {
         $obj_user = new ilObjUser($_SESSION['create_user_account']);
         return $obj_user;
     } else {
         $userLogin = array();
         $res = $ilDB->query('SELECT sequence FROM object_data_seq');
         $row = $ilDB->fetchAssoc($res);
         $temp_user_id = (int) $row['sequence'] + 1;
         $userLogin['login'] = '******' . $temp_user_id;
         $userLogin['passwd'] = ilUtil::generatePasswords(1);
         require_once 'Services/User/classes/class.ilObjUser.php';
         include_once "Services/Mail/classes/class.ilAccountMail.php";
         $obj_user = new ilObjUser();
         $obj_user->setId($temp_user_id);
         $obj_user->setLogin($userLogin['login']);
         $obj_user->setPasswd((string) $userLogin['passwd'][0], IL_PASSWD_PLAIN);
         $_SESSION['tmp_user_account']['login'] = $userLogin['login'];
         $_SESSION['tmp_user_account']['passwd'] = $userLogin['passwd'];
         $obj_user->setFirstname($keyarray['first_name']);
         $obj_user->setLastname($keyarray['last_name']);
         $obj_user->setEmail($keyarray['payer_email']);
         #	$obj_user->setEmail('*****@*****.**');
         $obj_user->setGender('f');
         $obj_user->setLanguage($ilSetting->get("language"));
         $obj_user->setActive(true);
         $obj_user->setTimeLimitUnlimited(true);
         $obj_user->setTitle($obj_user->getFullname());
         $obj_user->setDescription($obj_user->getEmail());
         $obj_user->setTimeLimitOwner(7);
         $obj_user->setTimeLimitUnlimited(1);
         $obj_user->setTimeLimitMessage(0);
         $obj_user->setApproveDate(date("Y-m-d H:i:s"));
         // Set default prefs
         $obj_user->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
         $obj_user->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
         $obj_user->writePrefs();
         // at the first login the user must complete profile
         $obj_user->setProfileIncomplete(true);
         $obj_user->create();
         $obj_user->saveAsNew();
         $user_role = ilObject::_exists(4, false);
         if (!$user_role) {
             include_once "./Services/AccessControl/classes/class.ilObjRole.php";
             $reg_allowed = ilObjRole::_lookupRegisterAllowed();
             $user_role = $reg_allowed[0]['id'];
         } else {
             $user_role = 4;
         }
         $rbacadmin->assignUser((int) $user_role, $obj_user->getId(), true);
         include_once "Services/Mail/classes/class.ilMimeMail.php";
         global $ilias, $lng;
         $settings = $ilias->getAllSettings();
         $mmail = new ilMimeMail();
         $mmail->autoCheck(false);
         $mmail->From($settings["admin_email"]);
         $mmail->To($obj_user->getEmail());
         // mail subject
         $subject = $lng->txt("reg_mail_subject");
         // mail body
         $body = $lng->txt("reg_mail_body_salutation") . " " . $obj_user->getFullname() . ",\n\n" . $lng->txt("reg_mail_body_text1") . "\n\n" . $lng->txt("reg_mail_body_text2") . "\n" . ILIAS_HTTP_PATH . "/login.php?client_id=" . $ilias->client_id . "\n";
         $body .= $lng->txt("login") . ": " . $obj_user->getLogin() . "\n";
         $body .= $lng->txt("passwd") . ": " . $userLogin['passwd'][0] . "\n";
         $body .= "\n";
         $body .= $lng->txt("reg_mail_body_text3") . "\n\r";
         $body .= $obj_user->getProfileAsString($lng);
         $mmail->Subject($subject);
         $mmail->Body($body);
         $mmail->Send();
         $_SESSION['create_user_account'] = $obj_user->getId();
         return $obj_user;
     }
 }
 function fetchData($a_username, $password, $isChallengeResponse = false)
 {
     //var_dump(func_get_args());
     //var_dump($_SERVER);
     global $lng;
     $settings = new ilSetting('apache_auth');
     if (!$settings->get('apache_enable_auth')) {
         return false;
     }
     if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
         return false;
     }
     if (!ilUtil::isLogin($a_username)) {
         return false;
     }
     if ($a_username == 'anonymous' && $password == 'anonymous') {
         global $ilDB;
         $query = 'SELECT * FROM usr_data WHERE login = %s';
         $qres = $ilDB->queryF($query, array('text'), array($a_username));
         $userRow = $ilDB->fetchAssoc($qres);
         if (is_array($userRow) && $userRow['usr_id']) {
             // user as a local account...
             // fetch logindata
             $this->activeUser = $userRow['login'];
             foreach ($userRow as $key => $value) {
                 if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                     continue;
                 }
                 // Use reference to the auth object if exists
                 // This is because the auth session variable can change so a static call to setAuthData does not make sense
                 $this->_auth_obj->setAuthData($key, $value);
             }
             //var_dump($userRow);
             $this->_auth_obj->setAuth($userRow['login']);
             return true;
         }
         return false;
     }
     if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) {
         // we have a valid apache auth
         global $ilDB;
         if ($settings->get('apache_enable_local')) {
             $query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
             $qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
             $userRow = $ilDB->fetchAssoc($qres);
             if (is_array($userRow) && $userRow['usr_id']) {
                 // user as a local account...
                 // fetch logindata
                 $this->activeUser = $userRow['login'];
                 foreach ($userRow as $key => $value) {
                     if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                         continue;
                     }
                     // Use reference to the auth object if exists
                     // This is because the auth session variable can change so a static call to setAuthData does not make sense
                     $this->_auth_obj->setAuthData($key, $value);
                 }
                 //var_dump($userRow);
                 $this->_auth_obj->setAuth($userRow['login']);
                 return true;
             }
         }
         // if no local user has been found AND ldap lookup is enabled
         if ($settings->get('apache_enable_ldap')) {
             include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
             $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
             $this->server->doConnectionCheck();
             $config = $this->server->toPearAuthArray();
             $query = new ilLDAPQuery($this->server);
             $ldapUser = $query->fetchUser($a_username);
             if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
                 $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                 $user_data = $ldapUser[$a_username];
                 //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
                 if ($this->server->enabledSyncOnLogin()) {
                     if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
                         $this->_auth_obj->logout();
                         $_SESSION['tmp_auth_mode'] = 'apache';
                         $_SESSION['tmp_external_account'] = $a_username;
                         $_SESSION['tmp_pass'] = $_POST['password'];
                         include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                         $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
                         $_SESSION['tmp_roles'] = array();
                         foreach ($roles as $info) {
                             if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
                                 $_SESSION['tmp_roles'][] = $info['id'];
                             }
                         }
                         ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
                         exit;
                     }
                     if ($this->updateRequired($a_username)) {
                         $this->initLDAPAttributeToUser();
                         $this->ldap_attr_to_user->setUserData($ldapUser);
                         $this->ldap_attr_to_user->refresh();
                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                     } else {
                         // User exists and no update required
                         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
                     }
                 }
                 if ($user_data['ilInternalAccount']) {
                     $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
                     return true;
                 }
             }
         }
         if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
             // no local user, no ldap match or ldap not activated
             //				if (!self::$force_creation)
             //				{
             //					$_SESSION['tmp_auth_mode'] = 'apache';
             //					$_SESSION['tmp_external_account'] = $a_username;
             //					$_SESSION['tmp_pass'] = $_POST['password'];
             //ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
             //				}
             //				else
             //				{
             global $ilIliasIniFile;
             if ($_GET['r']) {
                 $_SESSION['profile_complete_redirect'] = $_GET['r'];
             }
             $user = new ilObjUser();
             $user->setLogin($a_username);
             $user->setExternalAccount($a_username);
             $user->setProfileIncomplete(true);
             $user->create();
             $user->setAuthMode('apache');
             // set a timestamp for last_password_change
             // this ts is needed by ilSecuritySettings
             $user->setLastPasswordChangeTS(time());
             $user->setTimeLimitUnlimited(1);
             $user->setActive(1);
             //insert user data in table user_data
             $user->saveAsNew();
             $user->writePrefs();
             global $rbacadmin;
             $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
             return true;
             //				}
         }
     } else {
         if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
             define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
         }
     }
     return false;
 }
 /**
  * @param      $a_username
  * @param      $password
  * @param bool $isChallengeResponse
  * @return bool|void
  * @throws ilLDAPQueryException
  */
 function fetchData($a_username, $password, $isChallengeResponse = false)
 {
     /**
      * @var $ilDB      ilDB
      * @var $ilSetting ilSetting
      * @var $rbacadmin ilRbacAdmin
      */
     global $ilDB, $ilSetting, $rbacadmin;
     $settings = new ilSetting('apache_auth');
     if (!$settings->get('apache_enable_auth')) {
         return false;
     }
     if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
         return false;
     }
     if (!ilUtil::isLogin($a_username)) {
         return false;
     }
     if ($a_username == 'anonymous' && $password == 'anonymous') {
         $query = 'SELECT * FROM usr_data WHERE login = %s';
         $qres = $ilDB->queryF($query, array('text'), array($a_username));
         $userRow = $ilDB->fetchAssoc($qres);
         if (is_array($userRow) && $userRow['usr_id']) {
             // user as a local account...
             // fetch logindata
             $this->activeUser = $userRow['login'];
             foreach ($userRow as $key => $value) {
                 if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                     continue;
                 }
                 // Use reference to the auth object if exists
                 // This is because the auth session variable can change so a static call to setAuthData does not make sense
                 $this->_auth_obj->setAuthData($key, $value);
             }
             $this->_auth_obj->setAuth($userRow['login']);
             return true;
         }
         return false;
     }
     if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) {
         // we have a valid apache auth
         $list = array($ilSetting->get('auth_mode'));
         // Respect the auth method sequence
         include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
         $det = ilAuthModeDetermination::_getInstance();
         if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) {
             $list = array();
             foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
                 $list[] = $auth_mode;
             }
         }
         foreach ($list as $auth_mode) {
             if (AUTH_LDAP == $auth_mode) {
                 // if no local user has been found AND ldap lookup is enabled
                 if ($settings->get('apache_enable_ldap')) {
                     include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
                     $this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
                     $this->server->doConnectionCheck();
                     $config = $this->server->toPearAuthArray();
                     $query = new ilLDAPQuery($this->server);
                     $query->bind();
                     $ldapUser = $query->fetchUser($a_username);
                     if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
                         $ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                         $user_data = $ldapUser[$a_username];
                         //array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
                         if ($this->server->enabledSyncOnLogin()) {
                             if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
                                 $this->_auth_obj->logout();
                                 $_SESSION['tmp_auth_mode'] = 'ldap';
                                 $_SESSION['tmp_external_account'] = $a_username;
                                 $_SESSION['tmp_pass'] = $_POST['password'];
                                 include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
                                 $roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
                                 $_SESSION['tmp_roles'] = array();
                                 foreach ($roles as $info) {
                                     if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
                                         $_SESSION['tmp_roles'][] = $info['id'];
                                     }
                                 }
                                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
                             }
                             if ($this->updateRequired($a_username)) {
                                 $this->initLDAPAttributeToUser();
                                 $this->ldap_attr_to_user->setUserData($ldapUser);
                                 $this->ldap_attr_to_user->refresh();
                                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                             } else {
                                 // User exists and no update required
                                 $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
                             }
                         }
                         if ($user_data['ilInternalAccount']) {
                             $this->_auth_obj->setAuth($user_data['ilInternalAccount']);
                             $this->_auth_obj->username = $user_data['ilInternalAccount'];
                             return true;
                         }
                     }
                 }
             } else {
                 if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) {
                     $condition = '';
                     if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') {
                         $condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
                     }
                     $query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}";
                     $qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
                     $userRow = $ilDB->fetchAssoc($qres);
                     if (is_array($userRow) && $userRow['usr_id']) {
                         // user as a local account...
                         // fetch logindata
                         $this->activeUser = $userRow['login'];
                         foreach ($userRow as $key => $value) {
                             if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
                                 continue;
                             }
                             // Use reference to the auth object if exists
                             // This is because the auth session variable can change so a static call to setAuthData does not make sense
                             $this->_auth_obj->setAuthData($key, $value);
                         }
                         $this->_auth_obj->setAuth($userRow['login']);
                         return true;
                     }
                 }
             }
         }
         if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
             if ($_GET['r']) {
                 $_SESSION['profile_complete_redirect'] = $_GET['r'];
             }
             $user = new ilObjUser();
             $user->setLogin($a_username);
             $user->setExternalAccount($a_username);
             $user->setProfileIncomplete(true);
             $user->create();
             $user->setAuthMode('apache');
             // set a timestamp for last_password_change
             // this ts is needed by ilSecuritySettings
             $user->setLastPasswordChangeTS(time());
             $user->setTimeLimitUnlimited(1);
             $user->setActive(1);
             //insert user data in table user_data
             $user->saveAsNew();
             $user->writePrefs();
             $rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
             return true;
         }
     } else {
         if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
             define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
         }
     }
     return false;
 }
 public static function applyAccessLimits(ilObjUser $user, $code)
 {
     include_once './Services/Registration/classes/class.ilRegistrationCode.php';
     $code_data = ilRegistrationCode::getCodeData($code);
     if ($code_data["alimit"]) {
         switch ($code_data["alimit"]) {
             case "absolute":
                 $end = new ilDateTime($code_data['alimitdt'], IL_CAL_DATE);
                 //$user->setTimeLimitFrom(time());
                 $user->setTimeLimitUntil($end->get(IL_CAL_UNIX));
                 $user->setTimeLimitUnlimited(0);
                 break;
             case "relative":
                 $rel = unserialize($code_data["alimitdt"]);
                 include_once './Services/Calendar/classes/class.ilDateTime.php';
                 $end = new ilDateTime(time(), IL_CAL_UNIX);
                 if ($rel['y'] > 0) {
                     $end->increment(IL_CAL_YEAR, $rel['y']);
                 }
                 if ($rel['m'] > 0) {
                     $end->increment(IL_CAL_MONTH, $rel['m']);
                 }
                 if ($rel['d'] > 0) {
                     $end->increment(IL_CAL_DAY, $rel['d']);
                 }
                 //$user->setTimeLimitFrom(time());
                 $user->setTimeLimitUntil($end->get(IL_CAL_UNIX));
                 $user->setTimeLimitUnlimited(0);
                 break;
             case 'unlimited':
                 $user->setTimeLimitUnlimited(1);
                 break;
         }
     } else {
         $user->setTimeLimitUnlimited(1);
     }
 }
 /**
  * @see ilAuthContainerBase::loginObserver()
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
     $ilLog->write(__METHOD__ . ': Successful CAS login.');
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     include_once "./Services/CAS/lib/CAS.php";
     if ($PHPCAS_CLIENT->getUser() != "") {
         $username = $PHPCAS_CLIENT->getUser();
         $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $a_auth->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
                 $a_auth->logout();
                 return false;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $a_auth->setAuth($local_user);
             return true;
         }
     } else {
         $ilLog->write(__METHOD__ . ': Login failed.');
         // This should never occur unless CAS is not configured properly
         $a_auth->status = AUTH_WRONG_LOGIN;
         return false;
     }
     return false;
 }
 /**
  * handler for end of element when in verify mode.
  */
 function verifyEndTag($a_xml_parser, $a_name)
 {
     global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
     switch ($a_name) {
         case "Role":
             $this->roles[$this->current_role_id]["name"] = $this->cdata;
             $this->roles[$this->current_role_id]["type"] = $this->current_role_type;
             $this->roles[$this->current_role_id]["action"] = $this->current_role_action;
             break;
         case "User":
             $this->userObj->setFullname();
             if ($this->user_id != -1 && $this->action == "Update") {
                 $user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
             } else {
                 $user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
             }
             if (is_null($this->userObj->getLogin())) {
                 $this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
             }
             switch ($this->action) {
                 case "Insert":
                     if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
                     }
                     if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
                     }
                     if (is_null($this->userObj->getFirstname())) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
                     }
                     if (is_null($this->userObj->getLastname())) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
                     }
                     if (count($this->roles) == 0) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
                     } else {
                         $has_global_role = false;
                         foreach ($this->roles as $role) {
                             if ($role['type'] == 'Global') {
                                 $has_global_role = true;
                                 break;
                             }
                         }
                         if (!$has_global_role) {
                             $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
                         }
                     }
                     break;
                 case "Update":
                     if (!$user_exists) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
                     } elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
                         $someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
                         if (is_numeric($someonesId) && $someonesId != $this->user_id) {
                             $this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
                         }
                     }
                     break;
                 case "Delete":
                     if (!$user_exists) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
                     }
                     break;
             }
             // init role array for next user
             $this->roles = array();
             break;
         case "Login":
             if (array_key_exists($this->cdata, $this->logins)) {
                 $this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
             } else {
                 $this->logins[$this->cdata] = $this->cdata;
             }
             $this->userObj->setLogin($this->cdata);
             break;
         case "Password":
             switch ($this->currPasswordType) {
                 case "ILIAS2":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
                     break;
                 case "ILIAS3":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
                     break;
                 case "PLAIN":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
                     $this->acc_mail->setUserPassword($this->currPassword);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
                     break;
             }
             break;
         case "Firstname":
             $this->userObj->setFirstname($this->cdata);
             break;
         case "Lastname":
             $this->userObj->setLastname($this->cdata);
             break;
         case "Title":
             $this->userObj->setUTitle($this->cdata);
             break;
         case "Gender":
             if ($this->cdata != "m" && $this->cdata != "f") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
             }
             $this->userObj->setGender($this->cdata);
             break;
         case "Email":
             $this->userObj->setEmail($this->cdata);
             break;
         case "Institution":
             $this->userObj->setInstitution($this->cdata);
             break;
         case "Street":
             $this->userObj->setStreet($this->cdata);
             break;
         case "City":
             $this->userObj->setCity($this->cdata);
             break;
         case "PostalCode":
             $this->userObj->setZipCode($this->cdata);
             break;
         case "Country":
             $this->userObj->setCountry($this->cdata);
             break;
         case "PhoneOffice":
             $this->userObj->setPhoneOffice($this->cdata);
             break;
         case "PhoneHome":
             $this->userObj->setPhoneHome($this->cdata);
             break;
         case "PhoneMobile":
             $this->userObj->setPhoneMobile($this->cdata);
             break;
         case "Fax":
             $this->userObj->setFax($this->cdata);
             break;
         case "Hobby":
             $this->userObj->setHobby($this->cdata);
             break;
         case "Comment":
             $this->userObj->setComment($this->cdata);
             break;
         case "Department":
             $this->userObj->setDepartment($this->cdata);
             break;
         case "Matriculation":
             $this->userObj->setMatriculation($this->cdata);
             break;
         case "ExternalAccount":
             //echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
             $am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
             $loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
             switch ($this->action) {
                 case "Insert":
                     if ($loginForExternalAccount != "") {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
                     }
                     break;
                 case "Update":
                     if ($loginForExternalAccount != "") {
                         $externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
                         if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
                             $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
                         }
                     }
                     break;
             }
             if ($externalAccountHasChanged) {
                 $this->userObj->setExternalAccount(trim($this->cdata));
             }
             break;
         case "Active":
             if ($this->cdata != "true" && $this->cdata != "false") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
             }
             $this->currActive = $this->cdata;
             break;
         case "TimeLimitOwner":
             if (!preg_match("/\\d+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             } elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             } elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             }
             $this->userObj->setTimeLimitOwner($this->cdata);
             break;
         case "TimeLimitUnlimited":
             switch (strtolower($this->cdata)) {
                 case "true":
                 case "1":
                     $this->userObj->setTimeLimitUnlimited(1);
                     break;
                 case "false":
                 case "0":
                     $this->userObj->setTimeLimitUnlimited(0);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
                     break;
             }
             break;
         case "TimeLimitFrom":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
             }
             $this->userObj->setTimeLimitFrom($this->cdata);
             break;
         case "TimeLimitUntil":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
             }
             $this->userObj->setTimeLimitUntil($this->cdata);
             break;
         case "TimeLimitMessage":
             switch (strtolower($this->cdata)) {
                 case "1":
                     $this->userObj->setTimeLimitMessage(1);
                     break;
                 case "0":
                     $this->userObj->setTimeLimitMessage(0);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
                     break;
             }
             break;
         case "ApproveDate":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
             }
             break;
         case "AgreeDate":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
             }
             break;
         case "iLincID":
             if (!preg_match("/\\d+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
             }
             break;
         case "iLincUser":
             if (!preg_match("/\\w+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
             }
             break;
         case "iLincPasswd":
             if (!preg_match("/\\w+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
             }
             break;
         case "Pref":
             if ($this->currentPrefKey != null) {
                 $this->verifyPref($this->currentPrefKey, $this->cdata);
             }
             $this->currentPrefKey == null;
     }
 }
 protected function processCode()
 {
     global $lng, $ilAuth, $ilCtrl;
     $uname = $_POST["uname"];
     $form = $this->initCodeForm($uname);
     if ($uname && $form->checkInput()) {
         $code = $form->getInput("code");
         include_once "Services/User/classes/class.ilAccountCode.php";
         if (ilAccountCode::isUnusedCode($code)) {
             $valid_until = ilAccountCode::getCodeValidUntil($code);
             if (!($user_id = ilObjUser::_lookupId($uname))) {
                 $this->showLogin();
                 return false;
             }
             $invalid_code = false;
             $user = new ilObjUser($user_id);
             if ($valid_until === "0") {
                 $user->setTimeLimitUnlimited(true);
             } else {
                 if (is_numeric($valid_until)) {
                     $valid_until = strtotime("+" . $valid_until . "days");
                 } else {
                     $valid_until = explode("-", $valid_until);
                     $valid_until = mktime(23, 59, 59, $valid_until[1], $valid_until[2], $valid_until[0]);
                     if ($valid_until < time()) {
                         $invalid_code = true;
                     }
                 }
                 if (!$invalid_code) {
                     $user->setTimeLimitUnlimited(false);
                     $user->setTimeLimitUntil($valid_until);
                 }
             }
             if (!$invalid_code) {
                 $user->setActive(true);
                 ilAccountCode::useCode($code);
                 // apply registration code role assignments
                 ilAccountCode::applyRoleAssignments($user, $code);
                 // apply registration code time limits
                 ilAccountCode::applyAccessLimits($user, $code);
                 $user->update();
                 $ilCtrl->setParameter($this, "cu", 1);
                 $ilCtrl->redirect($this, "showLogin");
             }
         }
         $lng->loadLanguageModule("user");
         $field = $form->getItemByPostVar("code");
         $field->setAlert($lng->txt("user_account_code_not_valid"));
     }
     $form->setValuesByPost();
     $this->showCodeForm($uname, $form);
 }
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
         // Store user's Shibboleth sessionID for logout
         $this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
         // Get loginname of user, new login name is generated if user is new
         $username = $this->generateLogin();
         // Authorize this user
         $this->setAuth($username);
         $userObj = new ilObjUser();
         // Check wether this account exists already, if not create it
         if (!ilObjUser::getUserIdByLogin($username)) {
             $newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
             $newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
             $newUser["login"] = $username;
             // Password must be random to prevent users from manually log in using the login data from Shibboleth users
             $newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
                 $newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
             }
             // Save mapping between ILIAS user and Shibboleth uniqueID
             $newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
             // other data
             $newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
             $newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
             $newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
             $newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
             $newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
             $newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
             $newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
             $newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
             $newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
             $newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
             $newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
             $newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
             $newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
             $newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
             $newUser["auth_mode"] = "shibboleth";
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             $userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Modify user data before creating the user
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             // Create use in DB
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // store acceptance of user agreement
             //$userObj->writeAccepted();
             // Default prefs
             $userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
             $userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
             // setup user preferences
             $userObj->writePrefs();
             //set role entries
             #$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
             // New role assignment
             include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
             ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
             // Authorize this user
             $this->setAuth($userObj->getLogin());
         } else {
             // Update user account
             $uid = $userObj->checkUserId();
             $userObj->setId($uid);
             $userObj->read($uid);
             if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
                 $userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
             }
             if ($ilias->getSetting('shib_update_title')) {
                 $userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
             }
             $userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
             $userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
             $userObj->setFullname();
             if ($ilias->getSetting('shib_update_institution')) {
                 $userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
             }
             if ($ilias->getSetting('shib_update_department')) {
                 $userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
             }
             if ($ilias->getSetting('shib_update_street')) {
                 $userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
             }
             if ($ilias->getSetting('shib_update_city')) {
                 $userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
             }
             if ($ilias->getSetting('shib_update_zipcode')) {
                 $userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
             }
             if ($ilias->getSetting('shib_update_country')) {
                 $userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
             }
             if ($ilias->getSetting('shib_update_phone_office')) {
                 $userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
             }
             if ($ilias->getSetting('shib_update_phone_home')) {
                 $userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
             }
             if ($ilias->getSetting('shib_update_phone_mobile')) {
                 $userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
             }
             if ($ilias->getSetting('shib_update_fax')) {
                 $userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
             }
             if ($ilias->getSetting('shib_update_matriculation')) {
                 $userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
             }
             if ($ilias->getSetting('shib_update_email')) {
                 $userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
             }
             if ($ilias->getSetting('shib_update_hobby')) {
                 $userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
             }
             if ($ilias->getSetting('shib_update_language')) {
                 $userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
             }
             // Include custom code that can be used to further modify
             // certain Shibboleth user attributes
             if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
                 include $ilias->getSetting('shib_data_conv');
             }
             $userObj->update();
             // Update role assignments
             include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
             ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
         }
         // we are authenticated: redirect, if possible
         if ($_GET["target"] != "") {
             ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
         }
     } else {
         // This should never occur unless Shibboleth is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
 /**
  * create new user
  *
  * @access protected
  */
 protected function createUser(ilECSUser $user)
 {
     global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
     $userObj = new ilObjUser();
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     $local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
     $newUser["login"] = $local_user;
     $newUser["firstname"] = $user->getFirstname();
     $newUser["lastname"] = $user->getLastname();
     $newUser['email'] = $user->getEmail();
     $newUser['institution'] = $user->getInstitution();
     // set "plain md5" password (= no valid password)
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_MD5;
     $newUser["auth_mode"] = "ecs";
     $newUser["profile_incomplete"] = 0;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($ilSetting->get("language"));
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(0);
     $userObj->setTimeLimitFrom(time() - 5);
     $userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
     $now = new ilDateTime(time(), IL_CAL_UNIX);
     $userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
     // Create user in DB
     $userObj->setOwner(6);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     $userObj->saveAsNew();
     $userObj->writePrefs();
     if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
         $rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
     }
     ilObject::_writeImportId($userObj->getId(), $user->getImportId());
     $ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId());
     // Send Mail
     #$this->sendNotification($userObj);
     return $userObj->getLogin();
 }
 /**
  * Called after login and successful call of fetch data
  * @return 
  * @param object $a_username
  * @param object $a_auth
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $lng, $ilSetting;
     $GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
     // TODO: handle passed credentials via GET
     /*
     if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     // Not required anymore
     /*
     $validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
     
     if (!$validation_data["valid"])
     {
     	$this->status = AUTH_WRONG_LOGIN;
     	return;
     }
     */
     $local_user = $this->response["local_user"];
     if ($local_user != "") {
         // to do: handle update of user
         $a_auth->setAuth($local_user);
         return true;
     }
     if (!$ilSetting->get("soap_auth_create_users")) {
         $a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
         $a_auth->logout();
         return false;
     }
     //echo "1";
     // try to map external user via e-mail to ILIAS user
     if ($this->response["email"] != "") {
         //echo "2";
         //var_dump ($_POST);
         $email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
         // check, if password has been provided in user mapping screen
         // (see ilStartUpGUI::showUserMappingSelection)
         // FIXME
         if ($_POST["LoginMappedUser"] != "") {
             if (count($email_user) > 0) {
                 $user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
                 require_once 'Services/User/classes/class.ilUserPasswordManager.php';
                 if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
                     // password is correct -> map user
                     //$this->setAuth($local_user); (use login not id)
                     ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
                     ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
                     $_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
                     $local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
                     $a_auth->status = '';
                     $a_auth->setAuth($local_user);
                     return true;
                 } else {
                     //echo "6"; exit;
                     $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
                     $a_auth->setSubStatus(AUTH_WRONG_LOGIN);
                     $a_auth->logout();
                     return false;
                 }
             }
         }
         if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
             $_GET["email"] = $this->response["email"];
             $a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
             $a_auth->logout();
             return false;
         }
     }
     $userObj = new ilObjUser();
     $local_user = ilAuthUtils::_generateLogin($a_username);
     $newUser["firstname"] = $this->response["firstname"];
     $newUser["lastname"] = $this->response["lastname"];
     $newUser["email"] = $this->response["email"];
     $newUser["login"] = $local_user;
     // to do: set valid password and send mail
     $newUser["passwd"] = "";
     $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
     // generate password, if local authentication is allowed
     // and account mail is activated
     $pw = "";
     if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
         $pw = ilUtil::generatePasswords(1);
         $pw = $pw[0];
         $newUser["passwd"] = $pw;
         $newUser["passwd_type"] = IL_PASSWD_PLAIN;
     }
     //$newUser["gender"] = "m";
     $newUser["auth_mode"] = "soap";
     $newUser["ext_account"] = $a_username;
     $newUser["profile_incomplete"] = 1;
     // system data
     $userObj->assignData($newUser);
     $userObj->setTitle($userObj->getFullname());
     $userObj->setDescription($userObj->getEmail());
     // set user language to system language
     $userObj->setLanguage($lng->lang_default);
     // Time limit
     $userObj->setTimeLimitOwner(7);
     $userObj->setTimeLimitUnlimited(1);
     $userObj->setTimeLimitFrom(time());
     $userObj->setTimeLimitUntil(time());
     // Create user in DB
     $userObj->setOwner(0);
     $userObj->create();
     $userObj->setActive(1);
     $userObj->updateOwner();
     //insert user data in table user_data
     $userObj->saveAsNew(false);
     // setup user preferences
     $userObj->writePrefs();
     // to do: test this
     $rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
     // send account mail
     if ($ilSetting->get("soap_auth_account_mail")) {
         include_once './Services/User/classes/class.ilObjUserFolder.php';
         $amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
         if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
             include_once "Services/Mail/classes/class.ilAccountMail.php";
             $acc_mail = new ilAccountMail();
             if ($pw != "") {
                 $acc_mail->setUserPassword($pw);
             }
             $acc_mail->setUser($userObj);
             $acc_mail->send();
         }
     }
     unset($userObj);
     $a_auth->setAuth($local_user);
     return true;
 }
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (phpCAS::getUser() != "") {
         $username = phpCAS::getUser();
         // Authorize this user
         include_once './Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $this->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $this->status = AUTH_CAS_NO_ILIAS_USER;
                 $this->logout();
                 return;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $this->setAuth($local_user);
         }
     } else {
         // This should never occur unless CAS is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }