/** * Auth and email related methods * @group IL_Init */ public function testAuthAndEmailMethods() { include_once "./Services/User/classes/class.ilObjUser.php"; $value = ""; // creation $user = new ilObjUser(); $d = array("login" => "aatestuser2", "passwd_type" => IL_PASSWD_PLAIN, "passwd" => "password", "gender" => "f", "firstname" => "Heidi", "lastname" => "Kabel", "email" => "*****@*****.**", "ext_account" => "ext_"); $user->assignData($d); $user->setActive(true); $user->create(); $user->saveAsNew(); $user->setLanguage("de"); $user->writePrefs(); $id = $user->getId(); ilObjUser::_writeExternalAccount($id, "ext_kabel"); ilObjUser::_writeAuthMode($id, "cas"); $ids = ilObjUser::_getUserIdsByEmail("*****@*****.**"); //var_dump($ids); if (is_array($ids) && count($ids) == 1 && $ids[0] == "aatestuser2") { $value .= "email1-"; } $uid = ilObjUser::getUserIdByEmail("*****@*****.**"); if ($uid == $id) { $value .= "email2-"; } $acc = ilObjUser::_getExternalAccountsByAuthMode("cas"); foreach ($acc as $k => $v) { if ($k == $id && $v == "ext_kabel") { $value .= "auth1-"; } } if (ilObjUser::_lookupAuthMode($id) == "cas") { $value .= "auth2-"; } if (ilObjUser::_checkExternalAuthAccount("cas", "ext_kabel") == "aatestuser2") { $value .= "auth3-"; } if (ilObjUser::_externalAccountExists("ext_kabel", "cas")) { $value .= "auth4-"; } ilObjUser::_getNumberOfUsersPerAuthMode(); $la = ilObjUser::_getLocalAccountsForEmail("*****@*****.**"); ilObjUser::_incrementLoginAttempts($id); ilObjUser::_getLoginAttempts($id); ilObjUser::_resetLoginAttempts($id); ilObjUser::_setUserInactive($id); // deletion $user->delete(); $this->assertEquals("email1-email2-auth1-auth2-auth3-auth4-", $value); }
/** * Called after successful login * @return * @param array $a_username * @param object $a_auth */ protected function loginObserver($a_username, $a_auth) { global $ilLog, $ilAppEventHandler, $ilSetting; if ($this->getContainer()->loginObserver($a_username, $a_auth)) { // validate user include_once "Services/User/classes/class.ilObjUser.php"; $user_id = ilObjUser::_loginExists($a_auth->getUsername()); if ($user_id != ANONYMOUS_USER_ID) { $user = new ilObjUser($user_id); // check if profile is complete include_once "Services/User/classes/class.ilUserProfile.php"; if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) { $user->setProfileIncomplete(true); $user->update(); } // --- extended user validation // // we only have a single status, so abort after each one // order from highest priority to lowest // active? if (!$user->getActive()) { $this->status = AUTH_USER_INACTIVE; $a_auth->logout(); return; } // time limit if (!$user->checkTimeLimit()) { $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED; // #16327 $this->exceeded_user_name = $this->getUserName(); $a_auth->logout(); return; } // check client ip $clientip = $user->getClientIP(); if (trim($clientip) != "") { $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip); $clientip = str_replace(".", "\\.", $clientip); $clientip = str_replace(array("?", "*", ","), array("[0-9]", "[0-9]*", "|"), $clientip); if (!preg_match("/^" . $clientip . "\$/", $_SERVER["REMOTE_ADDR"])) { $this->status = AUTH_USER_WRONG_IP; $a_auth->logout(); return; } } // simultaneous login if ($ilSetting->get('ps_prevent_simultaneous_logins') && ilObjUser::hasActiveSession($user_id)) { $this->status = AUTH_USER_SIMULTANEOUS_LOGIN; $a_auth->logout(); return; } include_once 'Services/Tracking/classes/class.ilOnlineTracking.php'; ilOnlineTracking::addUser($user_id); include_once 'Modules/Forum/classes/class.ilObjForum.php'; ilObjForum::_updateOldAccess($user_id); require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security_settings = ilSecuritySettings::_getInstance(); // determine first login of user for setting an indicator // which still is available in PersonalDesktop, Repository, ... // (last login date is set to current date in next step) if ($security_settings->isPasswordChangeOnFirstLoginEnabled() && $user->getLastLogin() == null) { $user->resetLastPasswordChange(); } $user->refreshLogin(); // reset counter for failed logins ilObjUser::_resetLoginAttempts($user_id); } // --- anonymous/registered user $ilLog->write(__METHOD__ . ': logged in as ' . $a_auth->getUsername() . ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] . ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']); ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth); $ilAppEventHandler->raise('Services/Authentication', 'afterLogin', array('username' => $a_auth->getUsername())); } }
function initIlias($context = "web") { global $ilDB, $ilUser, $ilLog, $ilErr, $ilClientIniFile, $ilIliasIniFile, $ilSetting, $ilias, $https, $ilObjDataCache, $ilLog, $objDefinition, $lng, $ilCtrl, $ilBrowser, $ilHelp, $ilTabs, $ilMainMenu, $rbacsystem, $ilNavigationHistory; // remove unsafe characters $this->removeUnsafeCharacters(); // error reporting // remove notices from error reporting if (version_compare(PHP_VERSION, '5.3.0', '>=')) { error_reporting(ini_get("error_reporting") & ~E_NOTICE & ~E_DEPRECATED); } else { error_reporting(ini_get('error_reporting') & ~E_NOTICE); } // include common code files $this->requireCommonIncludes(); global $ilBench; // set error handler (to do: check preconditions for error handler to work) $ilBench->start("Core", "HeaderInclude_GetErrorHandler"); $ilErr = new ilErrorHandling(); $GLOBALS['ilErr'] =& $ilErr; $ilErr->setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, 'errorHandler')); $ilBench->stop("Core", "HeaderInclude_GetErrorHandler"); // prepare file access to work with safe mode (has been done in class ilias before) umask(0117); // set cookie params $this->setCookieParams(); // $ilIliasIniFile initialisation $this->initIliasIniFile(); // CLIENT_ID determination $this->determineClient(); // $ilAppEventHandler initialisation $this->initEventHandling(); // $ilClientIniFile initialisation $this->initClientIniFile(); // removed redirection madness the service should respond with SERVICE UNAVAILABLE // $ilDB initialisation $this->initDatabase(); // init plugin admin class include_once "Services/Component/classes/class.ilPluginAdmin.php"; $ilPluginAdmin = new ilPluginAdmin(); $GLOBALS['ilPluginAdmin'] = $ilPluginAdmin; // set session handler $this->setSessionHandler(); // $ilSetting initialisation $this->initSettings(); // $ilLog initialisation $this->initLog(); // $https initialisation require_once 'classes/class.ilHTTPS.php'; $https = new ilHTTPS(); $GLOBALS['https'] =& $https; $https->enableSecureCookies(); $https->checkPort(); if ($this->returnBeforeAuth()) { return; } $ilCtrl = new ilCtrl2(); $GLOBALS['ilCtrl'] =& $ilCtrl; // $ilAuth initialisation include_once "Services/Authentication/classes/class.ilAuthUtils.php"; ilAuthUtils::_initAuth(); global $ilAuth; $this->includePhp5Compliance(); // Do not accept external session ids if (!ilSession::_exists(session_id())) { // $_GET["PHPSESSID"] = ""; session_regenerate_id(); } // $ilias initialisation global $ilias, $ilBench; $ilBench->start("Core", "HeaderInclude_GetILIASObject"); $ilias = new ILIAS(); $GLOBALS['ilias'] =& $ilias; $ilBench->stop("Core", "HeaderInclude_GetILIASObject"); // $ilObjDataCache initialisation $ilObjDataCache = new ilObjectDataCache(); $GLOBALS['ilObjDataCache'] =& $ilObjDataCache; // workaround: load old post variables if error handler 'message' was called if (isset($_SESSION["message"]) && $_SESSION["message"]) { $_POST = $_SESSION["post_vars"]; } // put debugging functions here require_once "include/inc.debug.php"; // $objDefinition initialisation $ilBench->start("Core", "HeaderInclude_getObjectDefinitions"); $objDefinition = new ilObjectDefinition(); $GLOBALS['objDefinition'] =& $objDefinition; // $objDefinition->startParsing(); $ilBench->stop("Core", "HeaderInclude_getObjectDefinitions"); // init tree $tree = new ilTree(ROOT_FOLDER_ID); $GLOBALS['tree'] =& $tree; // $ilAccess and $rbac... initialisation $this->initAccessHandling(); // authenticate & start session PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, array($ilErr, "errorHandler")); $ilBench->start("Core", "HeaderInclude_Authentication"); //var_dump($_SESSION); ////require_once('Log.php'); ////$ilAuth->logger = Log::singleton('error_log',PEAR_LOG_TYPE_SYSTEM,'TEST'); ////$ilAuth->enableLogging = true; if (!defined("IL_PHPUNIT_TEST")) { $oldSid = session_id(); $ilAuth->start(); $newSid = session_id(); include_once 'Services/Payment/classes/class.ilPaymentShoppingCart.php'; ilPaymentShoppingCart::_migrateShoppingCart($oldSid, $newSid); } //var_dump($_SESSION); $ilias->setAuthError($ilErr->getLastError()); $ilBench->stop("Core", "HeaderInclude_Authentication"); // workaround: force login if (!empty($_GET["cmd"]) && $_GET["cmd"] == "force_login" || $this->script == "login.php") { $ilAuth->logout(); if (!isset($_GET['forceShoppingCartRedirect'])) { $_SESSION = array(); } $_SESSION["AccountId"] = ""; $ilAuth->start(); $ilias->setAuthError($ilErr->getLastError()); } // check correct setup if (!$ilias->getSetting("setup_ok")) { die("Setup is not completed. Please run setup routine again."); } // $ilUser initialisation (1) $ilBench->start("Core", "HeaderInclude_getCurrentUser"); $ilUser = new ilObjUser(); $ilias->account =& $ilUser; $GLOBALS['ilUser'] =& $ilUser; $ilBench->stop("Core", "HeaderInclude_getCurrentUser"); // $ilCtrl initialisation //$ilCtrl = new ilCtrl(); // determin current script and up-path to main directory // (sets $this->script and $this->updir) $this->determineScriptAndUpDir(); // $styleDefinition initialisation and style handling for login and co. $this->initStyle(); if (in_array($this->script, array("login.php", "register.php", "view_usr_agreement.php")) || $_GET["baseClass"] == "ilStartUpGUI") { $this->handleStyle(); } // init locale $this->initLocale(); // handle ILIAS 2 imported users: // check ilias 2 password, if authentication failed // only if AUTH_LOCAL //echo "A"; if (AUTH_CURRENT == AUTH_LOCAL && !$ilAuth->getAuth() && $this->script == "login.php" && $_POST["username"] != "") { if (ilObjUser::_lookupHasIlias2Password(ilUtil::stripSlashes($_POST["username"]))) { if (ilObjUser::_switchToIlias3Password(ilUtil::stripSlashes($_POST["username"]), ilUtil::stripSlashes($_POST["password"]))) { $ilAuth->start(); $ilias->setAuthError($ilErr->getLastError()); ilUtil::redirect("index.php"); } } } // // SUCCESSFUL AUTHENTICATION // if ($ilAuth->getStatus() == '' && $ilias->account->isCurrentUserActive() || defined("IL_PHPUNIT_TEST") && DEVMODE) { //echo "C"; exit; $ilBench->start("Core", "HeaderInclude_getCurrentUserAccountData"); //var_dump($_SESSION); // get user data $this->initUserAccount(); //var_dump($_SESSION); // differentiate account security mode require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; $security_settings = ilSecuritySettings::_getInstance(); if ($security_settings->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { // reset counter for failed logins ilObjUser::_resetLoginAttempts($ilUser->getId()); } $ilBench->stop("Core", "HeaderInclude_getCurrentUserAccountData"); } else { if (!$ilAuth->getAuth()) { require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php'; // differentiate account security mode $security = ilSecuritySettings::_getInstance(); if ($security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED) { if (isset($_POST['username']) && $_POST['username'] && $ilUser->getId() == 0) { $username = ilUtil::stripSlashes($_POST['username']); $usr_id = ilObjUser::_lookupId($username); if ($usr_id != ANONYMOUS_USER_ID) { ilObjUser::_incrementLoginAttempts($usr_id); $login_attempts = ilObjUser::_getLoginAttempts($usr_id); $max_attempts = $security->getLoginMaxAttempts(); if ($login_attempts >= $max_attempts && $usr_id != SYSTEM_USER_ID && $max_attempts > 0) { ilObjUser::_setUserInactive($usr_id); } } } } } } // // SUCCESSFUL AUTHENTICATED or NON-AUTH-AREA (Login, Registration, ...) // // $lng initialisation $this->initLanguage(); // store user language in tree $GLOBALS['tree']->initLangCode(); // ### AA 03.10.29 added new LocatorGUI class ### // when locator data array does not exist, initialise if (!isset($_SESSION["locator_level"])) { $_SESSION["locator_data"] = array(); $_SESSION["locator_level"] = -1; } // initialise global ilias_locator object // ECS Tasks include_once 'Services/WebServices/ECS/classes/class.ilECSTaskScheduler.php'; $scheduler = ilECSTaskScheduler::start(); $ilBench->stop("Core", "HeaderInclude"); }
/** * Update user */ public function updateObject() { global $tpl, $rbacsystem, $ilias, $ilUser, $ilSetting; // User folder if ($this->usrf_ref_id == USER_FOLDER_ID and !$rbacsystem->checkAccess('visible,read,write', $this->usrf_ref_id)) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE); } // if called from local administration $this->usrf_ref_id is category id // Todo: this has to be fixed. Do not mix user folder id and category id if ($this->usrf_ref_id != USER_FOLDER_ID) { // check if user is assigned to category if (!$rbacsystem->checkAccess('cat_administrate_users', $this->object->getTimeLimitOwner())) { $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE); } } $this->initForm("edit"); // we do not want to store this dates, they are only printed out unset($_POST['approve_date']); $_POST['agree_date'] = $this->object->getAgreeDate(); unset($_POST['last_login']); // Manipulate form so ignore required fields are no more required. This has to be done before ilPropertyFormGUI::checkInput() is called. $profileMaybeIncomplete = false; if ($this->form_gui->getInput('ignore_rf', false)) { $profileMaybeIncomplete = $this->handleIgnoredRequiredFields(); } if ($this->form_gui->checkInput()) { // @todo: external account; time limit // if not allowed or empty -> do no change password if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['auth_mode'])) && trim($_POST['passwd']) != "") { $this->object->setPasswd($_POST['passwd'], IL_PASSWD_PLAIN); } /* * reset counter for failed logins * if $_POST['active'] is set to 1 */ if ($_POST['active'] == 1) { ilObjUser::_resetLoginAttempts($this->object->getId()); } #$this->object->assignData($_POST); $this->loadValuesFromForm('update'); $udf = array(); foreach ($_POST as $k => $v) { if (substr($k, 0, 4) == "udf_") { $udf[substr($k, 4)] = $v; } } $this->object->setUserDefinedData($udf); try { $this->object->updateLogin($_POST['login']); } catch (ilUserException $e) { ilUtil::sendFailure($e->getMessage()); $this->form_gui->setValuesByPost(); return $tpl->setContent($this->form_gui->getHtml()); } $this->object->setTitle($this->object->getFullname()); $this->object->setDescription($this->object->getEmail()); if ($this->isSettingChangeable('language')) { $this->object->setLanguage($this->form_gui->getInput('language')); } require_once 'Services/WebDAV/classes/class.ilDiskQuotaActivationChecker.php'; if (ilDiskQuotaActivationChecker::_isActive()) { // set disk quota $this->object->setPref("disk_quota", $_POST["disk_quota"] * ilFormat::_getSizeMagnitude() * ilFormat::_getSizeMagnitude()); } if (ilDiskQuotaActivationChecker::_isPersonalWorkspaceActive()) { // set personal workspace disk quota $this->object->setPref("wsp_disk_quota", $_POST["wsp_disk_quota"] * ilFormat::_getSizeMagnitude() * ilFormat::_getSizeMagnitude()); } if ($this->isSettingChangeable('skin_style')) { //set user skin and style $sknst = explode(":", $_POST["skin_style"]); if ($this->object->getPref("style") != $sknst[1] || $this->object->getPref("skin") != $sknst[0]) { $this->object->setPref("skin", $sknst[0]); $this->object->setPref("style", $sknst[1]); } } if ($this->isSettingChangeable('hits_per_page')) { $this->object->setPref("hits_per_page", $_POST["hits_per_page"]); } if ($this->isSettingChangeable('show_users_online')) { $this->object->setPref("show_users_online", $_POST["show_users_online"]); } if ($this->isSettingChangeable('hide_own_online_status')) { $this->object->setPref("hide_own_online_status", $_POST["hide_own_online_status"] ? 'y' : 'n'); } // set a timestamp for last_password_change // this ts is needed by ilSecuritySettings $this->object->setLastPasswordChangeTS(time()); global $ilSetting; if ((int) $ilSetting->get('session_reminder_enabled')) { $this->object->setPref('session_reminder_enabled', (int) $_POST['session_reminder_enabled']); } // #10054 - profile may have been completed, check below is only for incomplete $this->object->setProfileIncomplete(false); $this->update = $this->object->update(); // If the current user is editing its own user account, // we update his preferences. if ($ilUser->getId() == $this->object->getId()) { $ilUser->readPrefs(); } $ilUser->setPref('send_info_mails', $_POST['send_mail'] == 'y' ? 'y' : 'n'); $ilUser->writePrefs(); $mail_message = $this->__sendProfileMail(); $msg = $this->lng->txt('saved_successfully') . $mail_message; // same personal image if ($this->isSettingChangeable('upload')) { $this->uploadUserPictureObject(); } if ($profileMaybeIncomplete) { include_once 'Services/User/classes/class.ilUserProfile.php'; if (ilUserProfile::isProfileIncomplete($this->object)) { $this->object->setProfileIncomplete(true); $this->object->update(); } } // feedback ilUtil::sendSuccess($msg, true); if (strtolower($_GET["baseClass"]) == 'iladministrationgui') { $this->ctrl->redirectByClass("ilobjuserfoldergui", "view"); } else { $this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers'); } } else { $this->form_gui->setValuesByPost(); $tpl->setContent($this->form_gui->getHtml()); } }