/**
  * initialises $ilAuth 
  */
 function _initAuth()
 {
     global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile, $ilBench;
     $user_auth_mode = false;
     $ilBench->start('Auth', 'initAuth');
     // get default auth mode
     //$default_auth_mode = $this->getSetting("auth_mode");
     define("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
     // determine authentication method if no session is found and username & password is posted
     // does this if statement make any sense? we enter this block nearly everytime.
     if (empty($_SESSION) || (!isset($_SESSION['_authsession']['registered']) || $_SESSION['_authsession']['registered'] !== true)) {
         // no sesssion found
         if (isset($_POST['username']) and $_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url']) or isset($_POST['oid_username']) or isset($_GET['oid_check_status'])) {
             $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
             if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local")) {
                 $user_auth_mode = AUTH_LOCAL;
             }
             if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local")) {
                 $user_auth_mode = AUTH_LOCAL;
             }
             if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local")) {
                 $user_auth_mode = AUTH_LOCAL;
             }
         } else {
             if ($_POST['auth_mode'] == AUTH_APACHE) {
                 $user_auth_mode = AUTH_APACHE;
             }
         }
     }
     // to do: other solution?
     if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP) {
         $user_auth_mode = AUTH_LOCAL;
     }
     if ($ilSetting->get("cas_active") && $_GET['forceCASLogin']) {
         ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CAS);
         $user_auth_mode = AUTH_CAS;
     }
     if ($ilSetting->get("apache_active") && $user_auth_mode == AUTH_APACHE) {
         ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
         $user_auth_mode = AUTH_APACHE;
     }
     // BEGIN WebDAV: Share session between browser and WebDAV client.
     // The realm is needed to support a common session between Auth_HTTP and Auth.
     // It also helps us to distinguish between parallel sessions run on different clients.
     // Common session only works if we use a common session name starting with "_authhttp".
     // We must use the "_authttp" prefix, because it is hardcoded in the session name of
     // class Auth_HTTP.
     // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
     // it interfers with the session mechanism of the other Auth modules. If we would
     // keep this switched on, then users could steal each others session, which would cause
     // a major security breach.
     // Note: The realm and sessionName used here, must be the same as in
     //       class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
     //       in to ILIAS.
     $realm = CLIENT_ID;
     //$this->writelog('ilias.php realm='.$realm);
     // END WebDAV: Share session between browser and WebDAV client.
     //var_dump($_SESSION);
     //echo "1-".$ilSetting->get("soap_auth_active")."-";
     // if soap authentication activated and soap credentials given
     if ($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"]) && !empty($_GET["soap_pw"]) || $user_auth_mode == AUTH_SOAP) {
         define('AUTH_CURRENT', AUTH_SOAP);
     } else {
         if ($ilSetting->get("shib_active") && $_SERVER[$ilSetting->get("shib_login")]) {
             define("AUTH_CURRENT", AUTH_SHIBBOLETH);
         } else {
             define("AUTH_CURRENT", $user_auth_mode);
         }
     }
     //var_dump($_SESSION);
     // Determine the authentication method to use
     if (defined("WebDAV_Authentication") && WebDAV_Authentication == 'HTTP') {
         // Since WebDAV clients create the login form by
         // themselves, we can not provide buttons on the form for
         // choosing an authentication method.
         // If the user is already logged in, we continue using
         // the current authentication method. If the user is
         // not logged in yet, we use the "multiple authentication"
         // method using a predefined sequence of authentication methods.
         $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
     } else {
         $authmode = AUTH_CURRENT;
     }
     //var_dump($authmode);
     // if no auth mode selected AND default mode is AUTH_APACHE then use it...
     if ($authmode == null && AUTH_DEFAULT == AUTH_APACHE) {
         $authmode = AUTH_APACHE;
     }
     switch ($authmode) {
         case AUTH_LDAP:
             include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerLDAP());
             break;
         case AUTH_RADIUS:
             include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerRadius());
             break;
         case AUTH_SHIBBOLETH:
             // build option string for SHIB::Auth
             $auth_params = array();
             $auth_params['sessionName'] = "_authhttp" . md5($realm);
             $ilAuth = new ShibAuth($auth_params, true);
             break;
         case AUTH_CAS:
             include_once './Services/CAS/classes/class.ilAuthContainerCAS.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerCAS());
             break;
         case AUTH_SOAP:
             include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerSOAP());
             break;
         case AUTH_MULTIPLE:
             include_once './Services/Authentication/classes/class.ilAuthContainerMultiple.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerMultiple());
             break;
         case AUTH_ECS:
             include_once './Services/WebServices/ECS/classes/class.ilAuthContainerECS.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerECS());
             break;
         case AUTH_OPENID:
             include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerOpenId());
             break;
         case AUTH_INACTIVE:
             require_once './Services/Authentication/classes/class.ilAuthInactive.php';
             $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
             break;
         case AUTH_APACHE:
             include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
             ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerApache());
             break;
             // begin-patch auth_plugin
         // begin-patch auth_plugin
         case AUTH_LOCAL:
             global $ilLog;
             include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
             break;
         default:
             // check for plugin
             if ($authmode) {
                 foreach (self::getAuthPlugins() as $pl) {
                     $container = $pl->getContainer($authmode);
                     if ($container instanceof Auth_Container) {
                         $GLOBALS['ilLog']->write(__METHOD__ . ' Using plugin authentication with auth_mode ' . $authmode);
                         $ilAuth = ilAuthFactory::factory($container);
                         break 2;
                     }
                 }
             }
             #$GLOBALS['ilLog']->write(__METHOD__.' Using default authentication');
             // default for logged in users
             include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
             $ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
             break;
             // end-patch auth_plugin
     }
     // Due to a bug in Pear Auth_HTTP, we can't use idle time
     // with WebDAV clients. If we used it, users could never log
     // back into ILIAS once their session idled out. :(
     if (!defined("WebDAV_Authentication") || WebDAV_Authentication != 'HTTP') {
         $ilAuth->setIdle(ilSession::getIdleValue(), false);
     }
     $ilAuth->setExpire(0);
     ini_set("session.cookie_lifetime", "0");
     //echo "-".get_class($ilAuth)."-";
     $GLOBALS['ilAuth'] =& $ilAuth;
     ilSessionControl::checkExpiredSession();
     $ilBench->stop('Auth', 'initAuth');
 }