/**
* set session cookie params for path, domain, etc.
*/
protected static function setCookieParams()
{
global $ilSetting;
include_once 'Services/Authentication/classes/class.ilAuthFactory.php';
if (ilAuthFactory::getContext() == ilAuthFactory::CONTEXT_HTTP) {
$cookie_path = '/';
} elseif ($GLOBALS['COOKIE_PATH']) {
// use a predefined cookie path from WebAccessChecker
$cookie_path = $GLOBALS['COOKIE_PATH'];
} else {
$cookie_path = dirname($_SERVER['PHP_SELF']);
}
/* if ilias is called directly within the docroot $cookie_path
is set to '/' expecting on servers running under windows..
here it is set to '\'.
in both cases a further '/' won't be appended due to the following regex
*/
$cookie_path .= !preg_match("/[\\/|\\\\]\$/", $cookie_path) ? "/" : "";
if ($cookie_path == "\\") {
$cookie_path = '/';
}
include_once './Services/Http/classes/class.ilHTTPS.php';
$cookie_secure = !$ilSetting->get('https', 0) && ilHTTPS::getInstance()->isDetected();
define('IL_COOKIE_EXPIRE', 0);
define('IL_COOKIE_PATH', $cookie_path);
define('IL_COOKIE_DOMAIN', '');
define('IL_COOKIE_SECURE', $cookie_secure);
// Default Value
// session_set_cookie_params() supports 5th parameter
// only for php version 5.2.0 and above
if (version_compare(PHP_VERSION, '5.2.0', '>=')) {
// PHP version >= 5.2.0
define('IL_COOKIE_HTTPONLY', true);
// Default Value
session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE, IL_COOKIE_HTTPONLY);
} else {
// PHP version < 5.2.0
session_set_cookie_params(IL_COOKIE_EXPIRE, IL_COOKIE_PATH, IL_COOKIE_DOMAIN, IL_COOKIE_SECURE);
}
}
<?php
chdir('..');
define('IL_CERT_SSO', true);
define('IL_COOKIE_PATH', $_REQUEST['cookie_path']);
if ($_REQUEST['ilias_path']) {
define('ILIAS_HTTP_PATH', $_REQUEST['ilias_path']);
}
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$_POST['auth_mode'] = AUTH_APACHE;
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_APACHE);
require_once "include/inc.header.php";
$redirect = $_GET['r'];
$validDomains = array();
$path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
if (file_exists($path) && is_readable($path)) {
foreach (file($path) as $line) {
if (trim($line)) {
$validDomains[] = trim($line);
}
}
}
$P = parse_url($redirect);
$redirectDomain = $P["host"];
$validRedirect = false;
foreach ($validDomains as $validDomain) {
if ($redirectDomain === $validDomain) {
$validRedirect = true;
break;
}
if (strlen($redirectDomain) > strlen($validDomain) + 1) {
<?php
chdir(dirname(__FILE__));
chdir('..');
include_once "Services/Context/classes/class.ilContext.php";
ilContext::init(ilContext::CONTEXT_CRON);
include_once 'Services/Authentication/classes/class.ilAuthFactory.php';
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CRON);
$_COOKIE["ilClientId"] = $_SERVER['argv'][3];
$_POST['username'] = $_SERVER['argv'][1];
$_POST['password'] = $_SERVER['argv'][2];
if ($_SERVER['argc'] < 4) {
die("Usage: cron.php username password client\n");
}
include_once './include/inc.header.php';
// Start checks here
include_once './cron/classes/class.ilCronCheck.php';
$cron_check = new ilCronCheck();
$cron_check->start();
/**
* migrate account
*
* @access public
*
*/
public function migrateAccount()
{
global $lng, $ilClientIniFile, $ilLog, $rbacadmin;
$lng->loadLanguageModule('auth');
if (!isset($_POST['account_migration'])) {
$this->showAccountMigration($lng->txt('err_choose_migration_type'));
return false;
}
if ($_POST['account_migration'] == 1 and (!strlen($_POST['mig_username']) or !strlen($_POST['mig_password']))) {
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
if ($_POST['account_migration'] == 1) {
if (!($user_id = ilObjUser::_lookupId(ilUtil::stripSlashes($_POST['mig_username'])))) {
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
$_POST['username'] = $_POST['mig_username'];
$_POST['password'] = $_POST['mig_password'];
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
$ilAuth->start();
if (!$ilAuth->checkAuth()) {
$ilAuth->logout();
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
$user = new ilObjUser($user_id);
$user->setAuthMode(ilSession::get('tmp_auth_mode'));
$user->setExternalAccount(ilSession::get('tmp_external_account'));
$user->setActive(true);
$user->update();
// Assign to default role
if (is_array(ilSession::get('tmp_roles'))) {
foreach (ilSession::get('tmp_roles') as $role) {
$rbacadmin->assignUser((int) $role, $user->getId());
}
}
// Log migration
$ilLog->write(__METHOD__ . ': Migrated ' . ilSession::get('tmp_external_account') . ' to ILIAS account ' . $user->getLogin() . '.');
} elseif ($_POST['account_migration'] == 2) {
switch (ilSession::get('tmp_auth_mode')) {
case 'apache':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once 'Services/AuthApache/classes/class.ilAuthContainerApache.php';
$container = new ilAuthContainerApache();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'ldap':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once 'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
$container = new ilAuthContainerLDAP();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'radius':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
$container = new ilAuthContainerRadius();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'openid':
$_POST['username'] = ilSession::get('dummy');
$_POST['password'] = ilSession::get('dummy');
$_POST['oid_username'] = ilSession::get('tmp_oid_username');
$_POST['oid_provider'] = ilSession::get('tmp_oid_provider');
//ilSession::set('force_creation', true);
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
$container = new ilAuthContainerOpenId();
$container->forceCreation(true);
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
include_once './Services/OpenId/classes/class.ilAuthOpenId.php';
$ilAuth = ilAuthFactory::factory($container);
// logout first to initiate a new login session
$ilAuth->logout();
ilSession::_destroy(session_id());
ilSession::set('force_creation', true);
$ilAuth->start();
}
// Redirect to acceptance
ilUtil::redirect("ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&target=" . $_GET["target"] . "&cmd=getAcceptance");
}
// show personal desktop
ilUtil::redirect('ilias.php?baseClass=ilPersonalDesktopGUI');
}
/**
* set context
* @param int $a_context
* @return
*/
public static function setContext($a_context)
{
self::$context = $a_context;
}
/**
* shortcut for print_r
*
* @author Björn Heyser <*****@*****.**>
* @access public
* @param mixed any number of parameters
* @param string name of variable (optional)
*/
function pr($var, $name = '')
{
if ($name != '') {
$name .= ' = ';
}
$print = $name . print_r($var, true);
if (ilAuthFactory::getContext() == ilAuthFactory::CONTEXT_CRON) {
$hr = "\n---------------------------------------------------------------\n";
echo $hr . $print . $hr;
} else {
echo '<pre>' . $print . '</pre>';
}
// BH: php 5.3 seems to not flushing the output consequently so following redirects are still performed
// and the output of vd() would be lost in nirvana if we not flush the output manualy
flush();
ob_flush();
}
/**
* Called after successful login
* @return
* @param array $a_username
* @param object $a_auth
*/
protected function loginObserver($a_username, $a_auth)
{
global $ilLog, $ilAppEventHandler, $ilSetting;
if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
// validate user
include_once "Services/User/classes/class.ilObjUser.php";
$user_id = ilObjUser::_loginExists($a_auth->getUsername());
if ($user_id != ANONYMOUS_USER_ID) {
$user = new ilObjUser($user_id);
// check if profile is complete
include_once "Services/User/classes/class.ilUserProfile.php";
if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
$user->setProfileIncomplete(true);
$user->update();
}
// --- extended user validation
//
// we only have a single status, so abort after each one
// order from highest priority to lowest
// active?
if (!$user->getActive()) {
$this->status = AUTH_USER_INACTIVE;
$a_auth->logout();
return;
}
// time limit
if (!$user->checkTimeLimit()) {
$this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
// #16327
$this->exceeded_user_name = $this->getUserName();
$a_auth->logout();
return;
}
// check client ip
$clientip = $user->getClientIP();
if (trim($clientip) != "") {
$clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
$clientip = str_replace(".", "\\.", $clientip);
$clientip = str_replace(array("?", "*", ","), array("[0-9]", "[0-9]*", "|"), $clientip);
if (!preg_match("/^" . $clientip . "\$/", $_SERVER["REMOTE_ADDR"])) {
$this->status = AUTH_USER_WRONG_IP;
$a_auth->logout();
return;
}
}
// simultaneous login
if ($ilSetting->get('ps_prevent_simultaneous_logins') && ilObjUser::hasActiveSession($user_id)) {
$this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
$a_auth->logout();
return;
}
include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
ilOnlineTracking::addUser($user_id);
include_once 'Modules/Forum/classes/class.ilObjForum.php';
ilObjForum::_updateOldAccess($user_id);
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security_settings = ilSecuritySettings::_getInstance();
// determine first login of user for setting an indicator
// which still is available in PersonalDesktop, Repository, ...
// (last login date is set to current date in next step)
if ($security_settings->isPasswordChangeOnFirstLoginEnabled() && $user->getLastLogin() == null) {
$user->resetLastPasswordChange();
}
$user->refreshLogin();
// reset counter for failed logins
ilObjUser::_resetLoginAttempts($user_id);
}
// --- anonymous/registered user
$ilLog->write(__METHOD__ . ': logged in as ' . $a_auth->getUsername() . ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] . ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']);
ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
$ilAppEventHandler->raise('Services/Authentication', 'afterLogin', array('username' => $a_auth->getUsername()));
}
}
protected function initIlias()
{
include_once "Services/Context/classes/class.ilContext.php";
ilContext::init(ilContext::CONTEXT_ICAL);
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_CALENDAR_TOKEN);
$_POST['username'] = '******';
$_POST['password'] = '******';
require_once "Services/Init/classes/class.ilInitialisation.php";
ilInitialisation::initILIAS();
$GLOBALS['lng']->loadLanguageModule('dateplaner');
}
function __initAuthenticationObject($a_auth_mode = AUTH_LOCAL)
{
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_SOAP);
}
function _getAuthModeOfUser($a_username, $a_password, $a_db_handler = '')
{
global $ilDB;
if (isset($_GET['ecs_hash']) or isset($_GET['ecs_hash_url'])) {
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_ECS);
return AUTH_ECS;
}
if (isset($_POST['auth_mode'])) {
return (int) $_POST['auth_mode'];
}
if (isset($_POST['oid_username']) or $_GET['oid_check_status']) {
$GLOBALS['ilLog']->write(__METHOD__ . ' set context to open id');
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
return AUTH_OPENID;
}
include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if (!$det->isManualSelection() and $det->getCountActiveAuthModes() > 1) {
return AUTH_MULTIPLE;
}
$db =& $ilDB;
if ($a_db_handler != '') {
$db =& $a_db_handler;
}
// Is it really necessary to check the auth mode with password ?
// Changed: smeyer
$q = "SELECT auth_mode FROM usr_data WHERE " . "login = "******"passwd = ".$ilDB->quote(md5($a_password))."";
$r = $db->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
//echo "+".$row->auth_mode."+";
$auth_mode = self::_getAuthMode($row->auth_mode, $db);
return in_array($auth_mode, self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
}
<?php
/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
chdir('../../..');
include_once 'Services/Authentication/classes/class.ilAuthFactory.php';
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_SOAP);
include_once 'Services/Init/classes/class.ilInitialisation.php';
$ilInit = new ilInitialisation();
$GLOBALS['ilInit'] = $ilInit;
$ilInit->initILIAS('webdav');
include_once './Services/WebServices/Rest/classes/class.ilRestServer.php';
$server = new ilRestServer();
$server->config('debug', true);
$server->init();
$server->run();
*/
// Initialize
// -----------------------------------------------------
// Retrieve the client id from PATH_INFO
// Component 1 contains the ILIAS client_id.
$path_info_components = explode('/', $_SERVER['PATH_INFO']);
$client_id = $path_info_components[1];
// For all requests, except for GET-Requests for files, we enforce HTTP
// authentication for the WebDAV protocol.
#if ($_SERVER['REQUEST_METHOD'] != 'GET' ||
# count($path_info_components) < 3 ||
# substr($path_info_components[2],0,5) != 'file_') {
# define ('WebDAV_Authentication', 'HTTP');
#}
define('WebDAV_Authentication', 'HTTP');
// Set context for authentication
include_once 'Services/Authentication/classes/class.ilAuthFactory.php';
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_HTTP);
// Launch ILIAS using the client id we have determined
// -----------------------------------------------------
$_COOKIE["ilClientId"] = $client_id;
include_once "Services/Context/classes/class.ilContext.php";
ilContext::init(ilContext::CONTEXT_WEBDAV);
require_once "Services/Init/classes/class.ilInitialisation.php";
ilInitialisation::initILIAS();
// Launch the WebDAV Server
// -----------------------------------------------------
include_once "Services/WebDAV/classes/class.ilDAVServer.php";
$server = new ilDAVServer();
$server->ServeRequest();
// END WebDAV
