function login($client, $username, $password) { $_COOKIE['ilClientId'] = $client; $_POST['username'] = $username; $_POST['password'] = $password; unset($_COOKIE['PHPSESSID']); try { include_once './include/inc.header.php'; } catch (Exception $e) { return $this->__raiseError($e->getMessage(), 'Server'); } ilUtil::setCookie('ilClientId', $client); global $ilUser; if (!$ilUser->hasAcceptedUserAgreement()) { return $this->__raiseError('User agreement not accepted', 'Server'); } return session_id() . '::' . $client; }
/** * This method provides a global instance of class ilIniFile for the * client.ini.php file in variable $ilClientIniFile. * * It initializes a lot of constants accordingly to the settings in * the client.ini.php file. * * Preconditions: ILIAS_WEB_DIR and CLIENT_ID must be set. * * @return boolean true, if no error occured with client init file * otherwise false */ protected static function initClientIniFile() { global $ilIliasIniFile; // check whether ILIAS_WEB_DIR is set. if (ILIAS_WEB_DIR == "") { self::abortAndDie("Fatal Error: ilInitialisation::initClientIniFile called without ILIAS_WEB_DIR."); } // check whether CLIENT_ID is set. if (CLIENT_ID == "") { self::abortAndDie("Fatal Error: ilInitialisation::initClientIniFile called without CLIENT_ID."); } $ini_file = "./" . ILIAS_WEB_DIR . "/" . CLIENT_ID . "/client.ini.php"; // get settings from ini file require_once "./Services/Init/classes/class.ilIniFile.php"; $ilClientIniFile = new ilIniFile($ini_file); $ilClientIniFile->read(); // invalid client id / client ini if ($ilClientIniFile->ERROR != "") { $c = $_COOKIE["ilClientId"]; $default_client = $ilIliasIniFile->readVariable("clients", "default"); ilUtil::setCookie("ilClientId", $default_client); if (CLIENT_ID != "" && CLIENT_ID != $default_client) { $mess = array("en" => "Client does not exist.", "de" => "Mandant ist ungültig."); self::redirect("index.php?client_id=" . $default_client, null, $mess); } else { self::abortAndDie("Invalid client"); } } self::initGlobal("ilClientIniFile", $ilClientIniFile); // set constants define("SESSION_REMINDER_LEADTIME", 30); define("DEBUG", $ilClientIniFile->readVariable("system", "DEBUG")); define("DEVMODE", $ilClientIniFile->readVariable("system", "DEVMODE")); define("SHOWNOTICES", $ilClientIniFile->readVariable("system", "SHOWNOTICES")); define("ROOT_FOLDER_ID", $ilClientIniFile->readVariable('system', 'ROOT_FOLDER_ID')); define("SYSTEM_FOLDER_ID", $ilClientIniFile->readVariable('system', 'SYSTEM_FOLDER_ID')); define("ROLE_FOLDER_ID", $ilClientIniFile->readVariable('system', 'ROLE_FOLDER_ID')); define("MAIL_SETTINGS_ID", $ilClientIniFile->readVariable('system', 'MAIL_SETTINGS_ID')); // this is for the online help installation, which sets OH_REF_ID to the // ref id of the online module define("OH_REF_ID", $ilClientIniFile->readVariable("system", "OH_REF_ID")); define("SYSTEM_MAIL_ADDRESS", $ilClientIniFile->readVariable('system', 'MAIL_SENT_ADDRESS')); // Change SS define("MAIL_REPLY_WARNING", $ilClientIniFile->readVariable('system', 'MAIL_REPLY_WARNING')); // Change SS // see ilObject::TITLE_LENGTH, ilObject::DESC_LENGTH // define ("MAXLENGTH_OBJ_TITLE",125);#$ilClientIniFile->readVariable('system','MAXLENGTH_OBJ_TITLE')); // define ("MAXLENGTH_OBJ_DESC",$ilClientIniFile->readVariable('system','MAXLENGTH_OBJ_DESC')); define("CLIENT_DATA_DIR", ILIAS_DATA_DIR . "/" . CLIENT_ID); define("CLIENT_WEB_DIR", ILIAS_ABSOLUTE_PATH . "/" . ILIAS_WEB_DIR . "/" . CLIENT_ID); define("CLIENT_NAME", $ilClientIniFile->readVariable('client', 'name')); // Change SS $val = $ilClientIniFile->readVariable("db", "type"); if ($val == "") { define("IL_DB_TYPE", "mysql"); } else { define("IL_DB_TYPE", $val); } return true; }
public function confirmRegistration() { global $lng, $ilias, $ilLog; ilUtil::setCookie('iltest', 'cookie', false); if (!isset($_GET['rh']) || !strlen(trim($_GET['rh']))) { ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=reg_confirmation_hash_not_passed'); } try { require_once 'Services/Registration/classes/class.ilRegistrationSettings.php'; $oRegSettings = new ilRegistrationSettings(); $usr_id = ilObjUser::_verifyRegistrationHash(trim($_GET['rh'])); $oUser = ilObjectFactory::getInstanceByObjId($usr_id); $oUser->setActive(true); if ($oRegSettings->passwordGenerationEnabled()) { $passwd = ilUtil::generatePasswords(1); $password = $passwd[0]; $oUser->setPasswd($password, IL_PASSWD_PLAIN); $oUser->setLastPasswordChangeTS(time()); } $oUser->update(); $usr_lang = $oUser->getPref('language'); if ($lng->getLangKey() != $usr_lang) { $lng = new ilLanguage($usr_lang); } // send email // try individual account mail in user administration include_once "Services/Mail/classes/class.ilAccountMail.php"; include_once './Services/User/classes/class.ilObjUserFolder.php'; $amail = ilObjUserFolder::_lookupNewAccountMail($usr_lang); if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") { $acc_mail = new ilAccountMail(); $acc_mail->setUser($oUser); if ($oRegSettings->passwordGenerationEnabled()) { $acc_mail->setUserPassword($password); } $acc_mail->send(); } else { include_once 'Services/Mail/classes/class.ilMail.php'; $mail_obj = new ilMail(ANONYMOUS_USER_ID); // mail subject $subject = $lng->txt("reg_mail_subject"); // mail body $body = $lng->txt("reg_mail_body_salutation") . " " . $oUser->getFullname() . ",\n\n" . $lng->txt("reg_mail_body_text1") . "\n\n" . $lng->txt("reg_mail_body_text2") . "\n" . ILIAS_HTTP_PATH . "/login.php?client_id=" . CLIENT_ID . "\n"; $body .= $lng->txt("login") . ": " . $oUser->getLogin() . "\n"; if ($oRegSettings->passwordGenerationEnabled()) { $body .= $lng->txt("passwd") . ": " . $password . "\n"; } $body .= "\n"; $body .= $lng->txt('reg_mail_body_forgot_password_info') . "\n"; $body .= "\n"; $body .= $lng->txt("reg_mail_body_text3") . "\n\r"; $body .= $oUser->getProfileAsString($lng); $mail_obj->enableSoap(false); $mail_obj->appendInstallationSignature(true); $mail_obj->sendMail($oUser->getEmail(), '', '', $subject, $body, array(), array('normal')); } ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=reg_account_confirmation_successful&lang=' . $usr_lang); } catch (ilRegConfirmationLinkExpiredException $exception) { include_once 'Services/WebServices/SOAP/classes/class.ilSoapClient.php'; $soap_client = new ilSoapClient(); $soap_client->setResponseTimeout(1); $soap_client->enableWSDL(true); $soap_client->init(); $ilLog->write(__METHOD__ . ': Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...'); $soap_client->call('deleteExpiredDualOptInUserObjects', array($_COOKIE['PHPSESSID'] . '::' . $_COOKIE['ilClientId'], $exception->getCode())); ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=' . $exception->getMessage() . "&lang=" . $usr_lang); } catch (ilRegistrationHashNotFoundException $exception) { ilUtil::redirect('./login.php?cmd=force_login®_confirmation_msg=' . $exception->getMessage() . "&lang=" . $usr_lang); } }
/** * Checks if there is a session with valid auth information. * * @access public * @return boolean Whether or not the user is authenticated. */ function checkAuth() { $this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG); $this->authChecks++; if (isset($this->session)) { // Check if authentication session is expired if ($this->expire > 0 && isset($this->session['timestamp']) && $this->session['timestamp'] + $this->expire < time()) { $this->log('Session Expired', AUTH_LOG_INFO); $this->expired = true; $this->status = AUTH_EXPIRED; $this->logout(); return false; } // Check if maximum idle time is reached if ($this->idle > 0 && isset($this->session['idle']) && $this->session['idle'] + $this->idle < time()) { $this->log('Session Idle Time Reached', AUTH_LOG_INFO); $this->idled = true; $this->status = AUTH_IDLED; $this->logout(); return false; } if (isset($this->session['registered']) && isset($this->session['username']) && $this->session['registered'] == true && $this->session['username'] != '') { Auth::updateIdle(); if ($this->_isAdvancedSecurityEnabled()) { $this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG); // Only Generate the challenge once if ($this->authChecks == 1 && $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) { $this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG); $this->session['challengecookieold'] = $this->session['challengecookie']; $this->session['challengecookie'] = md5($this->session['challengekey'] . microtime()); //setcookie('authchallenge', $this->session['challengecookie'], 0, '/'); require_once 'Services/Utilities/classes/class.ilUtil.php'; ilUtil::setCookie('authchallenge', $this->session['challengecookie']); } // Check for ip change if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK) && isset($this->server['REMOTE_ADDR']) && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) { $this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO); // Check if the IP of the user has changed, if so we // assume a man in the middle attack and log him out $this->expired = true; $this->status = AUTH_SECURITY_BREACH; $this->logout(); return false; } // Check for ip change (if connected via proxy) if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK) && isset($this->server['HTTP_X_FORWARDED_FOR']) && $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) { $this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO); // Check if the IP of the user connecting via proxy has // changed, if so we assume a man in the middle attack // and log him out. $this->expired = true; $this->status = AUTH_SECURITY_BREACH; $this->logout(); return false; } // Check for useragent change if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT) && isset($this->server['HTTP_USER_AGENT']) && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) { $this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO); // Check if the User-Agent of the user has changed, if // so we assume a man in the middle attack and log him out $this->expired = true; $this->status = AUTH_SECURITY_BREACH; $this->logout(); return false; } // Check challenge cookie here, if challengecookieold is not set // this is the first time and check is skipped // TODO when user open two pages similtaneuly (open in new window,open // in tab) auth breach is caused find out a way around that if possible if ($this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE) && isset($this->session['challengecookieold']) && $this->session['challengecookieold'] != $this->cookie['authchallenge']) { $this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO); $this->expired = true; $this->status = AUTH_SECURITY_BREACH; $this->logout(); $this->login(); return false; } } if (is_callable($this->checkAuthCallback)) { $this->log('Calling checkAuthCallback (' . $this->checkAuthCallback . ').', AUTH_LOG_DEBUG); $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this)); if ($checkCallback == false) { $this->log('checkAuthCallback failed.', AUTH_LOG_INFO); $this->expired = true; $this->status = AUTH_CALLBACK_ABORT; $this->logout(); return false; } } $this->log('Session OK.', AUTH_LOG_INFO); return true; } } else { $this->log('Unable to locate session storage.', AUTH_LOG_DEBUG); return false; } $this->log('No login session.', AUTH_LOG_DEBUG); return false; }
/** * removes a session cookie, so it is not sent by browser anymore */ private static function removeSessionCookie() { ilUtil::setCookie(session_name(), 'deleted', true, true); self::debug('Session cookie has been removed'); }