function fetchData($a_username, $password, $isChallengeResponse = false)
{
//var_dump(func_get_args());
//var_dump($_SERVER);
global $lng;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth')) {
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
return false;
}
if (!ilUtil::isLogin($a_username)) {
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
global $ilDB;
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && $_SERVER[$settings->get('apache_auth_indicator_name')] == $settings->get('apache_auth_indicator_value')) {
// we have a valid apache auth
global $ilDB;
if ($settings->get('apache_enable_local')) {
$query = 'SELECT * FROM usr_data WHERE login = %s OR (auth_mode = %s AND ext_account = %s)';
$qres = $ilDB->queryF($query, array('text', 'text', 'text'), array($a_username, 'apache', $a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
//var_dump($userRow);
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
// if no local user has been found AND ldap lookup is enabled
if ($settings->get('apache_enable_ldap')) {
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
$user_data = $ldapUser[$a_username];
//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if ($this->server->enabledSyncOnLogin()) {
if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'apache';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach ($roles as $info) {
if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
exit;
}
if ($this->updateRequired($a_username)) {
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
} else {
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("apache", $a_username);
}
}
if ($user_data['ilInternalAccount']) {
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
return true;
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
// no local user, no ldap match or ldap not activated
// if (!self::$force_creation)
// {
// $_SESSION['tmp_auth_mode'] = 'apache';
// $_SESSION['tmp_external_account'] = $a_username;
// $_SESSION['tmp_pass'] = $_POST['password'];
//ilUtil::redirect('https://lernwelt.janposselt.de/ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
// }
// else
// {
global $ilIliasIniFile;
if ($_GET['r']) {
$_SESSION['profile_complete_redirect'] = $_GET['r'];
}
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by ilSecuritySettings
$user->setLastPasswordChangeTS(time());
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
global $rbacadmin;
$rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
return true;
// }
}
} else {
if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
}
return false;
}
/**
* handler for end of element when in verify mode.
*/
function verifyEndTag($a_xml_parser, $a_name)
{
global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
switch ($a_name) {
case "Role":
$this->roles[$this->current_role_id]["name"] = $this->cdata;
$this->roles[$this->current_role_id]["type"] = $this->current_role_type;
$this->roles[$this->current_role_id]["action"] = $this->current_role_action;
break;
case "User":
$this->userObj->setFullname();
if ($this->user_id != -1 && $this->action == "Update") {
$user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
} else {
$user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
}
if (is_null($this->userObj->getLogin())) {
$this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
}
switch ($this->action) {
case "Insert":
if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
}
if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
}
if (is_null($this->userObj->getFirstname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
}
if (is_null($this->userObj->getLastname())) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
}
if (count($this->roles) == 0) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
} else {
$has_global_role = false;
foreach ($this->roles as $role) {
if ($role['type'] == 'Global') {
$has_global_role = true;
break;
}
}
if (!$has_global_role) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
}
}
break;
case "Update":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
} elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
$someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
if (is_numeric($someonesId) && $someonesId != $this->user_id) {
$this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
}
}
break;
case "Delete":
if (!$user_exists) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
}
break;
}
// init role array for next user
$this->roles = array();
break;
case "Login":
if (array_key_exists($this->cdata, $this->logins)) {
$this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
} else {
$this->logins[$this->cdata] = $this->cdata;
}
$this->userObj->setLogin($this->cdata);
break;
case "Password":
switch ($this->currPasswordType) {
case "ILIAS2":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
break;
case "ILIAS3":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
break;
case "PLAIN":
$this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
$this->acc_mail->setUserPassword($this->currPassword);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
break;
}
break;
case "Firstname":
$this->userObj->setFirstname($this->cdata);
break;
case "Lastname":
$this->userObj->setLastname($this->cdata);
break;
case "Title":
$this->userObj->setUTitle($this->cdata);
break;
case "Gender":
if ($this->cdata != "m" && $this->cdata != "f") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
}
$this->userObj->setGender($this->cdata);
break;
case "Email":
$this->userObj->setEmail($this->cdata);
break;
case "Institution":
$this->userObj->setInstitution($this->cdata);
break;
case "Street":
$this->userObj->setStreet($this->cdata);
break;
case "City":
$this->userObj->setCity($this->cdata);
break;
case "PostalCode":
$this->userObj->setZipCode($this->cdata);
break;
case "Country":
$this->userObj->setCountry($this->cdata);
break;
case "PhoneOffice":
$this->userObj->setPhoneOffice($this->cdata);
break;
case "PhoneHome":
$this->userObj->setPhoneHome($this->cdata);
break;
case "PhoneMobile":
$this->userObj->setPhoneMobile($this->cdata);
break;
case "Fax":
$this->userObj->setFax($this->cdata);
break;
case "Hobby":
$this->userObj->setHobby($this->cdata);
break;
case "Comment":
$this->userObj->setComment($this->cdata);
break;
case "Department":
$this->userObj->setDepartment($this->cdata);
break;
case "Matriculation":
$this->userObj->setMatriculation($this->cdata);
break;
case "ExternalAccount":
//echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
$am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
$loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
switch ($this->action) {
case "Insert":
if ($loginForExternalAccount != "") {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
}
break;
case "Update":
if ($loginForExternalAccount != "") {
$externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
$this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
}
}
break;
}
if ($externalAccountHasChanged) {
$this->userObj->setExternalAccount(trim($this->cdata));
}
break;
case "Active":
if ($this->cdata != "true" && $this->cdata != "false") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
}
$this->currActive = $this->cdata;
break;
case "TimeLimitOwner":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
} elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
}
$this->userObj->setTimeLimitOwner($this->cdata);
break;
case "TimeLimitUnlimited":
switch (strtolower($this->cdata)) {
case "true":
case "1":
$this->userObj->setTimeLimitUnlimited(1);
break;
case "false":
case "0":
$this->userObj->setTimeLimitUnlimited(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
break;
}
break;
case "TimeLimitFrom":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
}
$this->userObj->setTimeLimitFrom($this->cdata);
break;
case "TimeLimitUntil":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
}
$this->userObj->setTimeLimitUntil($this->cdata);
break;
case "TimeLimitMessage":
switch (strtolower($this->cdata)) {
case "1":
$this->userObj->setTimeLimitMessage(1);
break;
case "0":
$this->userObj->setTimeLimitMessage(0);
break;
default:
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
break;
}
break;
case "ApproveDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
}
break;
case "AgreeDate":
// Accept datetime or Unix timestamp
if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
}
break;
case "iLincID":
if (!preg_match("/\\d+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
}
break;
case "iLincUser":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
}
break;
case "iLincPasswd":
if (!preg_match("/\\w+/", $this->cdata)) {
$this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
}
break;
case "Pref":
if ($this->currentPrefKey != null) {
$this->verifyPref($this->currentPrefKey, $this->cdata);
}
$this->currentPrefKey == null;
}
}
/**
* @param $a_username
* @param $password
* @param bool $isChallengeResponse
* @return bool|void
* @throws ilLDAPQueryException
*/
function fetchData($a_username, $password, $isChallengeResponse = false)
{
/**
* @var $ilDB ilDB
* @var $ilSetting ilSetting
* @var $rbacadmin ilRbacAdmin
*/
global $ilDB, $ilSetting, $rbacadmin;
$settings = new ilSetting('apache_auth');
if (!$settings->get('apache_enable_auth')) {
return false;
}
if (!$settings->get('apache_auth_indicator_name') || !$settings->get('apache_auth_indicator_value')) {
return false;
}
if (!ilUtil::isLogin($a_username)) {
return false;
}
if ($a_username == 'anonymous' && $password == 'anonymous') {
$query = 'SELECT * FROM usr_data WHERE login = %s';
$qres = $ilDB->queryF($query, array('text'), array($a_username));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
return false;
}
if (!$_SESSION['login_invalid'] && in_array($_SERVER[$settings->get('apache_auth_indicator_name')], array_filter(array_map('trim', str_getcsv($settings->get('apache_auth_indicator_value')))))) {
// we have a valid apache auth
$list = array($ilSetting->get('auth_mode'));
// Respect the auth method sequence
include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if (!$det->isManualSelection() && $det->getCountActiveAuthModes() > 1) {
$list = array();
foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
$list[] = $auth_mode;
}
}
foreach ($list as $auth_mode) {
if (AUTH_LDAP == $auth_mode) {
// if no local user has been found AND ldap lookup is enabled
if ($settings->get('apache_enable_ldap')) {
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$this->server = new ilLDAPServer(ilLDAPServer::_getFirstActiveServer());
$this->server->doConnectionCheck();
$config = $this->server->toPearAuthArray();
$query = new ilLDAPQuery($this->server);
$query->bind();
$ldapUser = $query->fetchUser($a_username);
if ($ldapUser && $ldapUser[$a_username] && $ldapUser[$a_username][$config['userattr']] == $a_username) {
$ldapUser[$a_username]['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
$user_data = $ldapUser[$a_username];
//array_change_key_case($a_auth->getAuthData(),CASE_LOWER);
if ($this->server->enabledSyncOnLogin()) {
if (!$user_data['ilInternalAccount'] && $this->server->isAccountMigrationEnabled() && !self::$force_creation) {
$this->_auth_obj->logout();
$_SESSION['tmp_auth_mode'] = 'ldap';
$_SESSION['tmp_external_account'] = $a_username;
$_SESSION['tmp_pass'] = $_POST['password'];
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
$roles = ilLDAPRoleAssignmentRules::getAssignmentsForCreation($a_username, $user_data);
$_SESSION['tmp_roles'] = array();
foreach ($roles as $info) {
if ($info['action'] == ilLDAPRoleAssignmentRules::ROLE_ACTION_ASSIGN) {
$_SESSION['tmp_roles'][] = $info['id'];
}
}
ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&cmd=showAccountMigration');
}
if ($this->updateRequired($a_username)) {
$this->initLDAPAttributeToUser();
$this->ldap_attr_to_user->setUserData($ldapUser);
$this->ldap_attr_to_user->refresh();
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
} else {
// User exists and no update required
$user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("ldap", $a_username);
}
}
if ($user_data['ilInternalAccount']) {
$this->_auth_obj->setAuth($user_data['ilInternalAccount']);
$this->_auth_obj->username = $user_data['ilInternalAccount'];
return true;
}
}
}
} else {
if (AUTH_APACHE != $auth_mode && $settings->get('apache_enable_local')) {
$condition = '';
if ($ilSetting->get("auth_mode") && $ilSetting->get("auth_mode") == 'ldap') {
$condition = " AND auth_mode != " . $ilDB->quote('default', 'text') . " ";
}
$query = "SELECT * FROM usr_data WHERE login = %s AND auth_mode != %s {$condition}";
$qres = $ilDB->queryF($query, array('text', 'text'), array($a_username, 'ldap'));
$userRow = $ilDB->fetchAssoc($qres);
if (is_array($userRow) && $userRow['usr_id']) {
// user as a local account...
// fetch logindata
$this->activeUser = $userRow['login'];
foreach ($userRow as $key => $value) {
if ($key == $this->options['passwordcol'] || $key == $this->options['usernamecol']) {
continue;
}
// Use reference to the auth object if exists
// This is because the auth session variable can change so a static call to setAuthData does not make sense
$this->_auth_obj->setAuthData($key, $value);
}
$this->_auth_obj->setAuth($userRow['login']);
return true;
}
}
}
}
if ($settings->get('apache_enable_local') && $settings->get('apache_local_autocreate')) {
if ($_GET['r']) {
$_SESSION['profile_complete_redirect'] = $_GET['r'];
}
$user = new ilObjUser();
$user->setLogin($a_username);
$user->setExternalAccount($a_username);
$user->setProfileIncomplete(true);
$user->create();
$user->setAuthMode('apache');
// set a timestamp for last_password_change
// this ts is needed by ilSecuritySettings
$user->setLastPasswordChangeTS(time());
$user->setTimeLimitUnlimited(1);
$user->setActive(1);
//insert user data in table user_data
$user->saveAsNew();
$user->writePrefs();
$rbacadmin->assignUser($settings->get('apache_default_role', 4), $user->getId(), true);
return true;
}
} else {
if (defined('IL_CERT_SSO') && IL_CERT_SSO) {
define('APACHE_ERRORCODE', AUTH_APACHE_FAILED);
}
}
return false;
}
/**
* migrate account
*
* @access public
*
*/
public function migrateAccount()
{
global $lng, $ilClientIniFile, $ilLog, $rbacadmin;
$lng->loadLanguageModule('auth');
if (!isset($_POST['account_migration'])) {
$this->showAccountMigration($lng->txt('err_choose_migration_type'));
return false;
}
if ($_POST['account_migration'] == 1 and (!strlen($_POST['mig_username']) or !strlen($_POST['mig_password']))) {
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
if ($_POST['account_migration'] == 1) {
if (!($user_id = ilObjUser::_lookupId(ilUtil::stripSlashes($_POST['mig_username'])))) {
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
$_POST['username'] = $_POST['mig_username'];
$_POST['password'] = $_POST['mig_password'];
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
$ilAuth->start();
if (!$ilAuth->checkAuth()) {
$ilAuth->logout();
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
$user = new ilObjUser($user_id);
$user->setAuthMode(ilSession::get('tmp_auth_mode'));
$user->setExternalAccount(ilSession::get('tmp_external_account'));
$user->setActive(true);
$user->update();
// Assign to default role
if (is_array(ilSession::get('tmp_roles'))) {
foreach (ilSession::get('tmp_roles') as $role) {
$rbacadmin->assignUser((int) $role, $user->getId());
}
}
// Log migration
$ilLog->write(__METHOD__ . ': Migrated ' . ilSession::get('tmp_external_account') . ' to ILIAS account ' . $user->getLogin() . '.');
} elseif ($_POST['account_migration'] == 2) {
switch (ilSession::get('tmp_auth_mode')) {
case 'apache':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once 'Services/AuthApache/classes/class.ilAuthContainerApache.php';
$container = new ilAuthContainerApache();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'ldap':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once 'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
$container = new ilAuthContainerLDAP();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'radius':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
$container = new ilAuthContainerRadius();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'openid':
$_POST['username'] = ilSession::get('dummy');
$_POST['password'] = ilSession::get('dummy');
$_POST['oid_username'] = ilSession::get('tmp_oid_username');
$_POST['oid_provider'] = ilSession::get('tmp_oid_provider');
//ilSession::set('force_creation', true);
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
$container = new ilAuthContainerOpenId();
$container->forceCreation(true);
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
include_once './Services/OpenId/classes/class.ilAuthOpenId.php';
$ilAuth = ilAuthFactory::factory($container);
// logout first to initiate a new login session
$ilAuth->logout();
ilSession::_destroy(session_id());
ilSession::set('force_creation', true);
$ilAuth->start();
}
// Redirect to acceptance
ilUtil::redirect("ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&target=" . $_GET["target"] . "&cmd=getAcceptance");
}
// show personal desktop
ilUtil::redirect('ilias.php?baseClass=ilPersonalDesktopGUI');
}
