/**
* Attempt to authenticate the current request based on request params and basic auth
* @param iclicker_controller $cntlr the controller instance
* @throws ClickerSecurityException if authentication is impossible given the request values
* @throws ClickerSSLRequiredException if the auth request is bad (requires SSL but SSL not used)
*/
function iclicker_handle_authn($cntlr)
{
global $CFG;
// extract the authn params
$auth_username = optional_param(iclicker_controller::LOGIN, NULL, PARAM_NOTAGS);
$auth_password = optional_param(iclicker_controller::PASSWORD, NULL, PARAM_NOTAGS);
if (empty($auth_username) && isset($_SERVER['PHP_AUTH_USER'])) {
// no username found in normal params so try to get basic auth
$auth_username = $_SERVER['PHP_AUTH_USER'];
$auth_password = $_SERVER['PHP_AUTH_PW'];
if (empty($auth_username)) {
// attempt to get it from the header as a final try
list($auth_username, $auth_password) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
}
if (iclicker_service::$block_iclicker_sso_enabled && !empty($auth_password)) {
// when SSO is enabled and the password is set it means this is not actually a user password so we can proceed without requiring SSL
} else {
// this is a user password so https must be used if the loginhttps option is enabled
$ssl_request = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443;
$ssl_required = isset($CFG->forcehttps) && $CFG->forcehttps == true || isset($CFG->loginhttps) && $CFG->loginhttps == true;
if ($ssl_required && !$ssl_request) {
throw new ClickerSSLRequiredException('SSL is required when performing a user login (and sending user passwords)');
}
}
//$session_id = optional_param(iclicker_controller::SESSION_ID, NULL, PARAM_NOTAGS);
if (!empty($auth_username)) {
$sso_key = optional_param(iclicker_controller::SSO_KEY, NULL, PARAM_NOTAGS);
iclicker_service::authenticate_user($auth_username, $auth_password, $sso_key);
// throws exception if fails
//} else if ($session_id) {
// $valid = FALSE; // validate the session key
// if (! $valid) {
// throw new SecurityException("Invalid "+iclicker_controller::SESSION_ID+" provided, session may have expired, send new login credentials");
// }
}
$current_user_id = iclicker_service::get_current_user_id();
if (isset($current_user_id)) {
$cntlr->setHeader(iclicker_controller::SESSION_ID, sesskey());
$cntlr->setHeader('_userId', $current_user_id);
}
}
