Esempio n. 1
0
 /**
  * Grants admin access for console commands (#1908).
  * This avoids subsequent permission problems from any components used.
  */
 protected function loginAsAdministrator()
 {
     $adminId = 2;
     // no need to do anything if there is already an admin login
     if (\UserUtil::isLoggedIn()) {
         if (\UserUtil::getVar('uid') == $adminId) {
             return;
         }
         if (\SecurityUtil::checkPermission('::', '::', ACCESS_ADMIN)) {
             return;
         }
     }
     // login / impersonate now
     \UserUtil::setUserByUid($adminId);
     // check if it worked
     if (!\UserUtil::isLoggedIn()) {
         throw new AccessDeniedException(__('Error! Auto login failed.'));
     }
     // check if permissions have become available
     if (!\SecurityUtil::checkPermission('::', '::', ACCESS_ADMIN)) {
         throw new AccessDeniedException(__('Error! Insufficient permissions after auto login.'));
     }
 }
Esempio n. 2
0
    /**
     * When Zikula authentication has failed, start SiriusXtecAuth
     * 
     * @return bool true authetication succesful
     */
    public static function trySiriusXtecAuth(Zikula_Event $event)
    {
        $authentication_info = FormUtil::getPassedValue('authentication_info', isset($args['authentication_info']) ? $args['authentication_info'] : null, 'POST');
        // Argument check
        if ($authentication_info['login_id'] == '' || $authentication_info['pass'] == '') {
            LogUtil::registerError(__('Usuari o contrasenya en blanc.'));
            return System::redirect(System::getHomepageUrl());
        }

        $uname = $authentication_info['login_id'];
        $pass = $authentication_info['pass'];

        // check if ldap is active
        if (!ModUtil::getVar('SiriusXtecAuth','ldap_active',false)) return false;
        // checking new users case
        $userid = UserUtil::getIdFromName($uname);
        if (($userid === false) && (ModUtil::getVar('SiriusXtecAuth','users_creation',false) === false)) return false;
        
        // connect to ldap server
        if (!$ldap_ds = ldap_connect(ModUtil::getVar('SiriusXtecAuth', 'ldap_server'))) {
            LogUtil::registerError(__('No ha pogut connectar amb el servidor ldap.'));
            return false;
        }        
        ///////////////////
        // Checking ldap validation
        $ldaprdn = ModUtil::getVar('SiriusXtecAuth', 'ldap_searchattr') . '=' . $uname . ',' . ModUtil::getVar('SiriusXtecAuth', 'ldap_basedn');
        $bind = @ldap_bind($ldap_ds, $ldaprdn, $pass);
        if (!$bind) {
            LogUtil::registerError(__('La informació introduïda no correspon a cap validació manual ni XTEC.'));
            return false;
        }
        LogUtil::getErrorMessages();
        // Case new users
        if ($userid === false) {
            $userLdapFields = array ('cn', 'uid', 'givenname', 'sn', 'mail');
            // search the directory for our user
            if (!$ldap_sr = ldap_search($ldap_ds, ModUtil::getVar('SiriusXtecAuth', 'ldap_basedn'), ModUtil::getVar('SiriusXtecAuth', 'ldap_searchattr') . '=' . DataUtil::formatForStore($uname),$userLdapFields)) {
                LogUtil::registerError(__('Problemes en la creació d\'un nou usuari de Sirus des de la validació XTEC (I).'));
                return false;
            }
            $info = ldap_get_entries($ldap_ds, $ldap_sr);
            if (!$info || $info['count'] == 0) {
                LogUtil::registerError('Problemes en la creació d\'un nou usuari de Sirus des de la validació XTEC (II).');
                return false;
            } else {
                if (!isset($info[0]['dn'])) {
                    LogUtil::registerError('Problemes en la creació d\'un nou usuari de Sirus des de la validació XTEC (III).');
                    return false;
                }
            }
            
            $user['zk']['uname'] =$uname;
            $user['zk']['email'] = $info[0]['mail'][0];
            if (ModUtil::getVar('SiriusXtecAuth','iw_write',false) && ModUtil::available('IWusers')) {
                $user['iw']['nom'] = ucwords(strtolower($info[0]['givenname'][0]));
                $cognom_separator = strpos($info[0]['sn'][0],' ');
                if ($cognom_separator && ModUtil::getVar('SiriusXtecAuth','iw_lastnames',false)) {
                    $user['iw']['cognom1'] = ucwords(strtolower(substr($info[0]['sn'][0],0,$cognom_separator)));
                    $user['iw']['cognom2'] = ucwords(strtolower(substr($info[0]['sn'][0],$cognom_separator+1)));
                } else{
                    $user['iw']['cognom1'] = ucwords(strtolower($info[0]['sn'][0]));
                    $user['iw']['cognom1'] = '';
                }
            }
            if (ModUtil::getVar('SiriusXtecAuth','new_users_activation', false)) {
                $user['zk']['activated'] = 1;
            }else {
                $user['zk']['activated'] = 0;
            }
            $user['gr'] = ModUtil::getVar('SiriusXtecAuth','new_users_groups');
            
            $userid = ModUtil::apifunc('SiriusXtecAuth', 'listeners', 'createUser', $user);
            if (!$userid) {
                LogUtil::registerError(__('No s\'ha pogut crear l\'usuari. Torneu a validar-vos.'));
                return false;
            }
            
        }
        
        @ldap_unbind($ldap_ds);
        UserUtil::setUserByUid($userid);
        
        if (!ModUtil::getVar('SiriusXtecAuth','loginXtecApps',false)) {
            return System::redirect(System::getHomepageUrl());
        } else {
			$pass_e = urlencode(base64_encode($pass));
            return System::redirect(ModUtil::url('SiriusXtecAuth', 'user', 'logingXtecApps',array('uname'=>$uname,'pass'=>$pass_e,'logtype'=>'in')));
        }

    }