/**
* Single method to reduce footprint (included files, created instances)
* @return self
*/
public static function getInstance()
{
if (self::$instance instanceof self) {
return self::$instance;
}
/**
* @var $ilClientIniFile ilIniFile
*/
global $ilClientIniFile;
require_once 'Services/User/classes/class.ilUserPasswordEncoderFactory.php';
$password_manager = new ilUserPasswordManager(array('encoder_factory' => new ilUserPasswordEncoderFactory(array('default_password_encoder' => 'md5', 'ignore_security_flaw' => true)), 'password_encoder' => $ilClientIniFile->readVariable('auth', 'password_encoder') ? $ilClientIniFile->readVariable('auth', 'password_encoder') : 'md5'));
self::$instance = $password_manager;
return self::$instance;
}
/**
* process client login
* @param array
* @return boolean
*/
function loginAsClient($a_auth_data)
{
global $ilDB;
if (empty($a_auth_data["client_id"])) {
$this->error = "no_client_id";
return false;
}
if (empty($a_auth_data["username"])) {
$this->error = "no_username";
return false;
}
if (empty($a_auth_data["password"])) {
$this->error = "no_password";
return false;
}
if (!$this->newClient($a_auth_data["client_id"])) {
$this->error = "unknown_client_id";
unset($this->client);
return false;
}
if (!$this->client->db_exists) {
$this->error = "no_db_connect_consult_admin";
unset($this->client);
return false;
}
$s1 = $this->client->db->query("SELECT value from settings WHERE keyword = " . $this->client->db->quote('system_role_id', 'text'));
$r1 = $this->client->db->fetchAssoc($s1);
$system_role_id = $r1["value"];
$q = "SELECT usr_data.usr_id, usr_data.passwd, usr_data.passwd_enc_type, usr_data.passwd_salt " . "FROM usr_data " . "LEFT JOIN rbac_ua ON rbac_ua.usr_id=usr_data.usr_id " . "WHERE rbac_ua.rol_id = " . $this->client->db->quote((int) $system_role_id, 'integer') . " " . "AND usr_data.login="******"username"], 'text');
$r = $this->client->db->query($q);
if (!$this->client->db->numRows($r)) {
$this->error = 'login_invalid';
return false;
}
$data = $this->client->db->fetchAssoc($r);
global $ilClientIniFile;
$ilClientIniFile = $this->client->ini;
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
$crypt_type = ilUserPasswordManager::getInstance()->getEncoderName();
if (ilUserPasswordManager::getInstance()->isEncodingTypeSupported($crypt_type)) {
require_once 'setup/classes/class.ilObjSetupUser.php';
$user = new ilObjSetupUser();
$user->setPasswd($data['passwd'], IL_PASSWD_CRYPTED);
$user->setPasswordEncodingType($data['passwd_enc_type']);
$user->setPasswordSalt($data['passwd_salt']);
$password_valid = ilUserPasswordManager::getInstance()->verifyPassword($user, $a_auth_data['password']);
} else {
$password_valid = $data['passwd'] == md5($a_auth_data['password']);
}
if ($password_valid) {
// all checks passed -> user valid
$_SESSION['auth'] = true;
$_SESSION['auth_path'] = ILIAS_HTTP_PATH;
$_SESSION['access_mode'] = 'client';
$_SESSION['ClientId'] = $this->client->getId();
return true;
} else {
$this->error = 'login_invalid';
return false;
}
}
/**
*
*/
public function testPasswordManagerNeverMigratesPasswordOnFailedVerificationWithVariantEncoders()
{
$user_mock = $this->getMockBuilder('ilObjUser')->disableOriginalConstructor()->getMock();
$encoder = $this->getMockBuilder('ilBasePasswordEncoder')->disableOriginalConstructor()->getMock();
$factory_mock = $this->getMockBuilder('ilUserPasswordEncoderFactory')->disableOriginalConstructor()->getMock();
$user_mock->expects($this->once())->method('getPasswordSalt')->will($this->returnValue('asuperrandomsalt'));
$user_mock->expects($this->once())->method('getPasswordEncodingType')->will($this->returnValue('second_mockencoder'));
$user_mock->expects($this->once())->method('getPasswd')->will($this->returnValue(self::ENCODED_PASSWORD));
$user_mock->expects($this->never())->method('resetPassword');
$encoder->expects($this->once())->method('getName')->will($this->returnValue('second_mockencoder'));
$encoder->expects($this->once())->method('isPasswordValid')->with($this->equalTo(self::ENCODED_PASSWORD), $this->equalTo(self::PASSWORD), $this->isType('string'))->will($this->returnValue(false));
$factory_mock->expects($this->once())->method('getEncoderByName')->will($this->returnValue($encoder));
$password_manager = new ilUserPasswordManager(array('password_encoder' => 'mockencoder', 'encoder_factory' => $factory_mock));
$this->assertFalse($password_manager->verifyPassword($user_mock, self::PASSWORD));
}
/**
* Save password form
*
*/
public function savePassword()
{
global $tpl, $lng, $ilCtrl, $ilUser, $ilSetting;
// normally we should not end up here
if (!$this->allowPasswordChange()) {
$ilCtrl->redirect($this, "showPersonalData");
return;
}
$this->initPasswordForm();
if ($this->form->checkInput()) {
$cp = $this->form->getItemByPostVar("current_password");
$np = $this->form->getItemByPostVar("new_password");
$error = false;
// The old password needs to be checked for verification
// unless the user uses Shibboleth authentication with additional
// local authentication for WebDAV.
#if ($ilUser->getAuthMode(true) != AUTH_SHIBBOLETH || ! $ilSetting->get("shib_auth_allow_local"))
if ($ilUser->getAuthMode(true) == AUTH_LOCAL) {
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (!ilUserPasswordManager::getInstance()->verifyPassword($ilUser, ilUtil::stripSlashes($_POST['current_password']))) {
$error = true;
$cp->setAlert($this->lng->txt('passwd_wrong'));
}
}
// select password from auto generated passwords
if ($this->ilias->getSetting("passwd_auto_generate") == 1 && !ilUtil::isPassword($_POST["new_password"])) {
$error = true;
$np->setAlert($this->lng->txt("passwd_not_selected"));
}
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPassword($_POST["new_password"], $custom_error)) {
$error = true;
if ($custom_error != '') {
$np->setAlert($custom_error);
} else {
$np->setAlert($this->lng->txt("passwd_invalid"));
}
}
$error_lng_var = '';
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && !ilUtil::isPasswordValidForUserContext($_POST["new_password"], $ilUser, $error_lng_var)) {
ilUtil::sendFailure($this->lng->txt('form_input_not_valid'));
$np->setAlert($this->lng->txt($error_lng_var));
$error = true;
}
if ($this->ilias->getSetting("passwd_auto_generate") != 1 && ($ilUser->isPasswordExpired() || $ilUser->isPasswordChangeDemanded()) && $_POST["current_password"] == $_POST["new_password"]) {
$error = true;
$np->setAlert($this->lng->txt("new_pass_equals_old_pass"));
}
if (!$error) {
$ilUser->resetPassword($_POST["new_password"], $_POST["new_password"]);
if ($_POST["current_password"] != $_POST["new_password"]) {
$ilUser->setLastPasswordChangeToNow();
}
if (ilSession::get('orig_request_target')) {
ilUtil::sendSuccess($this->lng->txt('saved_successfully'), true);
$target = ilSession::get('orig_request_target');
ilSession::set('orig_request_target', '');
ilUtil::redirect($target);
} else {
ilUtil::sendSuccess($this->lng->txt('saved_successfully'));
$this->showPassword(true, true);
return;
}
}
}
$this->form->setValuesByPost();
$this->showPassword(true);
}
/**
* Called after login and successful call of fetch data
* @return
* @param object $a_username
* @param object $a_auth
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $lng, $ilSetting;
$GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
// TODO: handle passed credentials via GET
/*
if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
// Not required anymore
/*
$validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
if (!$validation_data["valid"])
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
$local_user = $this->response["local_user"];
if ($local_user != "") {
// to do: handle update of user
$a_auth->setAuth($local_user);
return true;
}
if (!$ilSetting->get("soap_auth_create_users")) {
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
//echo "1";
// try to map external user via e-mail to ILIAS user
if ($this->response["email"] != "") {
//echo "2";
//var_dump ($_POST);
$email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
// check, if password has been provided in user mapping screen
// (see ilStartUpGUI::showUserMappingSelection)
// FIXME
if ($_POST["LoginMappedUser"] != "") {
if (count($email_user) > 0) {
$user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
// password is correct -> map user
//$this->setAuth($local_user); (use login not id)
ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
$_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
$local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
$a_auth->status = '';
$a_auth->setAuth($local_user);
return true;
} else {
//echo "6"; exit;
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->setSubStatus(AUTH_WRONG_LOGIN);
$a_auth->logout();
return false;
}
}
}
if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
$_GET["email"] = $this->response["email"];
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->logout();
return false;
}
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($a_username);
$newUser["firstname"] = $this->response["firstname"];
$newUser["lastname"] = $this->response["lastname"];
$newUser["email"] = $this->response["email"];
$newUser["login"] = $local_user;
// to do: set valid password and send mail
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_CRYPTED;
// generate password, if local authentication is allowed
// and account mail is activated
$pw = "";
if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
$pw = ilUtil::generatePasswords(1);
$pw = $pw[0];
$newUser["passwd"] = $pw;
$newUser["passwd_type"] = IL_PASSWD_PLAIN;
}
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "soap";
$newUser["ext_account"] = $a_username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($lng->lang_default);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew(false);
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
// send account mail
if ($ilSetting->get("soap_auth_account_mail")) {
include_once './Services/User/classes/class.ilObjUserFolder.php';
$amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
include_once "Services/Mail/classes/class.ilAccountMail.php";
$acc_mail = new ilAccountMail();
if ($pw != "") {
$acc_mail->setUserPassword($pw);
}
$acc_mail->setUser($userObj);
$acc_mail->send();
}
}
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
/**
* Resets the user password
* @param string $raw Password as plaintext
* @param string $raw_retype Retyped password as plaintext
* @return boolean true on success otherwise false
* @access public
*/
public function resetPassword($raw, $raw_retype)
{
/**
* @var $ilDB ilDB
*/
global $ilDB;
if (func_num_args() != 2) {
return false;
}
if (!isset($raw) || !isset($raw_retype)) {
return false;
}
if ($raw != $raw_retype) {
return false;
}
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
ilUserPasswordManager::getInstance()->encodePassword($this, $raw);
$ilDB->manipulateF('UPDATE usr_data
SET passwd = %s, passwd_enc_type = %s, passwd_salt = %s
WHERE usr_id = %s', array('text', 'text', 'text', 'integer'), array($this->getPasswd(), $this->getPasswordEncodingType(), $this->getPasswordSalt(), $this->getId()));
return true;
}
/**
* change user password
*/
function changeFeedSettings()
{
global $ilCtrl, $lng, $ilUser;
$form = $this->initPrivateSettingsForm();
if ($form->checkInput()) {
// Deactivate private Feed - just delete the password
if (!$form->getInput("enable_private_feed")) {
$ilUser->_setFeedPass($ilUser->getId(), "");
ilUtil::sendSuccess($lng->txt("priv_feed_disabled"), true);
// $ilCtrl->returnToParent($this);
$ilCtrl->redirect($this, "showFeedUrl");
} else {
$passwd = $form->getInput("desired_password");
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (ilUserPasswordManager::getInstance()->verifyPassword($ilUser, $passwd)) {
$form->getItemByPostVar("desired_password")->setAlert($lng->txt("passwd_equals_ilpasswd"));
ilUtil::sendFailure($lng->txt("form_input_not_valid"));
} else {
$ilUser->_setFeedPass($ilUser->getId(), $passwd);
ilUtil::sendSuccess($lng->txt("saved_successfully"), true);
// $ilCtrl->returnToParent($this);
$ilCtrl->redirect($this, "showFeedUrl");
}
}
}
$form->setValuesByPost();
return $this->editSettings($form);
}
function getCreditCard()
{
if ($_POST["card_holder"] == "" || $_POST["card_number"]["block_1"] == "" || $_POST["card_number"]["block_2"] == "" || $_POST["card_number"]["block_3"] == "" || $_POST["card_number"]["block_4"] == "" || $_POST["validity"]["month"] == "" || $_POST["validity"]["year"] == "" || $_POST["validity"]["year"] . "-" . $_POST["validity"]["month"] < date("Y-m")) {
$this->error = $this->lng->txt('pay_bmf_credit_card_not_valid');
ilUtil::sendInfo($this->error);
$this->showCreditCard();
return;
}
if ($_POST["terms_conditions"] != 1) {
$this->error = $this->lng->txt('pay_bmf_check_terms_conditions');
ilUtil::sendInfo($this->error);
$this->showCreditCard();
return;
}
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
$verified_passwd = ilUserPasswordManager::getInstance()->verifyPassword($this->user_obj, ilUtil::stripSlashes($_POST["password"]));
if ($_POST["password"] == "" || $verified_passwd == false) {
$this->error = $this->lng->txt('pay_bmf_password_not_valid');
ilUtil::sendInfo($this->error);
$this->showCreditCard();
return;
}
$_SESSION["bmf"]["credit_card"]["gueltigkeit"]["monat"] = $_POST["validity"]["month"];
$_SESSION["bmf"]["credit_card"]["gueltigkeit"]["jahr"] = $_POST["validity"]["year"];
$_SESSION["bmf"]["credit_card"]["karteninhaber"] = $_POST["card_holder"];
$_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_1"] = $_POST["card_number"]["block_1"];
$_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_2"] = $_POST["card_number"]["block_2"];
$_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_3"] = $_POST["card_number"]["block_3"];
$_SESSION["bmf"]["credit_card"]["kreditkartenNr"]["block_4"] = $_POST["card_number"]["block_4"];
$_SESSION["bmf"]["credit_card"]["kartenpruefnummer"] = $_POST["check_number"];
/**/
# zum testen
$this->error = "";
$this->sendCreditCard();
}
/**
* @param string $raw
* @param string $encoded
* @param string string $cryptType
* @return bool
*/
public function verifyPassword($raw, $encoded, $crypt_type = 'md5')
{
$this->log(__METHOD__ . ' called.', AUTH_LOG_DEBUG);
if (in_array($crypt_type, array('none', ''))) {
return parent::verifyPassword($raw, $encoded, $crypt_type);
}
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
$crypt_type = ilUserPasswordManager::getInstance()->getEncoderName();
if (ilUserPasswordManager::getInstance()->isEncodingTypeSupported($crypt_type)) {
/**
* @var $user ilObjUser
*/
$user = ilObjectFactory::getInstanceByObjId(ilObjUser::_loginExists($this->_auth_obj->username));
$user->setPasswd($encoded, IL_PASSWD_CRYPTED);
return ilUserPasswordManager::getInstance()->verifyPassword($user, $raw);
}
// Fall through: Let pear verify the password
return parent::verifyPassword($raw, $encoded, $crypt_type);
}
