/**
* Create new ILIAS account
*
* @access public
*
* @param string external username
*/
public function create($a_username)
{
$this->writer->xmlStartTag('Users');
// Single users
// Required fields
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
// Assign to role only for new users
$this->writer->xmlElement('Role', array('Id' => $this->rad_settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('AuthMode', array('type' => 'radius'), 'radius');
$this->writer->xmlElement('ExternalAccount', array(), $a_username);
$this->writer->xmlEndTag('User');
$this->writer->xmlEndTag('Users');
$this->log->write('Radius: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(array($this->rad_settings->getDefaultRole() => $this->rad_settings->getDefaultRole()));
$importParser->setFolderId(7);
$importParser->startParsing();
return $new_name;
}
/**
* Create new ILIAS account
*
* @access public
*
* @param string external username
*/
public function create($a_username, $a_userdata = array())
{
$a_userdata = $this->parseFullname($a_userdata);
$this->writer->xmlStartTag('Users');
// Single users
// Required fields
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), $new_name = ilAuthUtils::_generateLogin($a_username));
// Assign to role only for new users
$this->writer->xmlElement('Role', array('Id' => $this->settings->getDefaultRole(), 'Type' => 'Global', 'Action' => 'Assign'), '');
if (isset($a_userdata['email'])) {
$this->writer->xmlElement('Email', array(), $a_userdata['email']);
}
if (isset($a_userdata['postcode'])) {
$this->writer->xmlElement('PostalCode', array(), $a_userdata['postcode']);
}
if (isset($a_userdata['dob']) and $a_userdata['dob']) {
$this->writer->xmlElement('Birthday', array(), $a_userdata['dob']);
}
if (isset($a_userdata['gender'])) {
$this->writer->xmlElement('Gender', array(), strtolower($a_userdata['gender']));
}
if (isset($a_userdata['title'])) {
$this->writer->xmlElement('Title', array(), $a_userdata['title']);
}
if (isset($a_userdata['firstname'])) {
$this->writer->xmlElement('Firstname', array(), $a_userdata['firstname']);
}
if (isset($a_userdata['lastname'])) {
$this->writer->xmlElement('Lastname', array(), $a_userdata['lastname']);
}
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
$this->writer->xmlElement('AuthMode', array('type' => 'openid'), 'openid');
$this->writer->xmlElement('ExternalAccount', array(), $a_username);
$this->writer->xmlEndTag('User');
$this->writer->xmlEndTag('Users');
$this->log->write('OpenId: Started creation of user: '******'./Services/User/classes/class.ilUserImportParser.php';
$importParser = new ilUserImportParser();
$importParser->setXMLContent($this->writer->xmlDumpMem(false));
$importParser->setRoleAssignment(array($this->settings->getDefaultRole() => $this->settings->getDefaultRole()));
$importParser->setFolderId(7);
$importParser->startParsing();
// Assign timezone
if (isset($a_userdata['timezone'])) {
include_once './Services/Calendar/classes/class.ilCalendarUtil.php';
$tzs = ilCalendarUtil::_getShortTimeZoneList();
if (isset($tzs[$a_userdata['timezone']])) {
$usr_id = ilObjUser::_lookupId($new_name);
ilObjUser::_writePref($usr_id, 'user_tz', $a_userdata['timezone']);
}
}
return $new_name;
}
/**
* @see ilAuthContainerBase::loginObserver()
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
$ilLog->write(__METHOD__ . ': Successful CAS login.');
// Radius with ldap as data source
include_once './Services/LDAP/classes/class.ilLDAPServer.php';
if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
return $this->handleLDAPDataSource($a_auth, $a_username);
}
include_once "./Services/CAS/lib/CAS.php";
if ($PHPCAS_CLIENT->getUser() != "") {
$username = $PHPCAS_CLIENT->getUser();
$ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$a_auth->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$a_auth->status = AUTH_CAS_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
} else {
$ilLog->write(__METHOD__ . ': Login failed.');
// This should never occur unless CAS is not configured properly
$a_auth->status = AUTH_WRONG_LOGIN;
return false;
}
return false;
}
/**
* create new user
*
* @access protected
*/
protected function createUser(ilECSUser $user)
{
global $ilClientIniFile, $ilSetting, $rbacadmin, $ilLog;
$userObj = new ilObjUser();
include_once './Services/Authentication/classes/class.ilAuthUtils.php';
$local_user = ilAuthUtils::_generateLogin($this->getAbreviation() . '_' . $user->getLogin());
$newUser["login"] = $local_user;
$newUser["firstname"] = $user->getFirstname();
$newUser["lastname"] = $user->getLastname();
$newUser['email'] = $user->getEmail();
$newUser['institution'] = $user->getInstitution();
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
$newUser["auth_mode"] = "ecs";
$newUser["profile_incomplete"] = 0;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(0);
$userObj->setTimeLimitFrom(time() - 5);
$userObj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
$now = new ilDateTime(time(), IL_CAL_UNIX);
$userObj->setAgreeDate($now->get(IL_CAL_DATETIME));
// Create user in DB
$userObj->setOwner(6);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
$userObj->saveAsNew();
$userObj->writePrefs();
if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
$rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $userObj->getId(), true);
}
ilObject::_writeImportId($userObj->getId(), $user->getImportId());
$ilLog->write(__METHOD__ . ': Created new remote user with usr_id: ' . $user->getImportId());
// Send Mail
#$this->sendNotification($userObj);
return $userObj->getLogin();
}
/**
* Called after login and successful call of fetch data
* @return
* @param object $a_username
* @param object $a_auth
*/
public function loginObserver($a_username, $a_auth)
{
global $ilias, $rbacadmin, $lng, $ilSetting;
$GLOBALS['ilLog']->write(__METHOD__ . ': SOAP login observer called');
// TODO: handle passed credentials via GET
/*
if (empty($_GET["ext_uid"]) || empty($_GET["soap_pw"]))
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
// Not required anymore
/*
$validation_data = $this->validateSoapUser($_GET["ext_uid"], $_GET["soap_pw"]);
if (!$validation_data["valid"])
{
$this->status = AUTH_WRONG_LOGIN;
return;
}
*/
$local_user = $this->response["local_user"];
if ($local_user != "") {
// to do: handle update of user
$a_auth->setAuth($local_user);
return true;
}
if (!$ilSetting->get("soap_auth_create_users")) {
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER;
$a_auth->logout();
return false;
}
//echo "1";
// try to map external user via e-mail to ILIAS user
if ($this->response["email"] != "") {
//echo "2";
//var_dump ($_POST);
$email_user = ilObjUser::_getLocalAccountsForEmail($this->response["email"]);
// check, if password has been provided in user mapping screen
// (see ilStartUpGUI::showUserMappingSelection)
// FIXME
if ($_POST["LoginMappedUser"] != "") {
if (count($email_user) > 0) {
$user = ilObjectFactory::getInstanceByObjId($_POST["usr_id"]);
require_once 'Services/User/classes/class.ilUserPasswordManager.php';
if (ilUserPasswordManager::getInstance()->verifyPassword($user, ilUtil::stripSlashes($_POST["password"]))) {
// password is correct -> map user
//$this->setAuth($local_user); (use login not id)
ilObjUser::_writeExternalAccount($_POST["usr_id"], $_GET["ext_uid"]);
ilObjUser::_writeAuthMode($_POST["usr_id"], "soap");
$_GET["cmd"] = $_POST["cmd"] = $_GET["auth_stat"] = "";
$local_user = ilObjUser::_lookupLogin($_POST["usr_id"]);
$a_auth->status = '';
$a_auth->setAuth($local_user);
return true;
} else {
//echo "6"; exit;
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->setSubStatus(AUTH_WRONG_LOGIN);
$a_auth->logout();
return false;
}
}
}
if (count($email_user) > 0 && $_POST["CreateUser"] == "") {
$_GET["email"] = $this->response["email"];
$a_auth->status = AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL;
$a_auth->logout();
return false;
}
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($a_username);
$newUser["firstname"] = $this->response["firstname"];
$newUser["lastname"] = $this->response["lastname"];
$newUser["email"] = $this->response["email"];
$newUser["login"] = $local_user;
// to do: set valid password and send mail
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_CRYPTED;
// generate password, if local authentication is allowed
// and account mail is activated
$pw = "";
if ($ilSetting->get("soap_auth_allow_local") && $ilSetting->get("soap_auth_account_mail")) {
$pw = ilUtil::generatePasswords(1);
$pw = $pw[0];
$newUser["passwd"] = $pw;
$newUser["passwd_type"] = IL_PASSWD_PLAIN;
}
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "soap";
$newUser["ext_account"] = $a_username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($lng->lang_default);
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew(false);
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('soap_auth_user_default_role'), $userObj->getId(), true);
// send account mail
if ($ilSetting->get("soap_auth_account_mail")) {
include_once './Services/User/classes/class.ilObjUserFolder.php';
$amail = ilObjUserFolder::_lookupNewAccountMail($ilSetting->get("language"));
if (trim($amail["body"]) != "" && trim($amail["subject"]) != "") {
include_once "Services/Mail/classes/class.ilAccountMail.php";
$acc_mail = new ilAccountMail();
if ($pw != "") {
$acc_mail->setUserPassword($pw);
}
$acc_mail->setUser($userObj);
$acc_mail->send();
}
}
unset($userObj);
$a_auth->setAuth($local_user);
return true;
}
/**
* Create xml string of user according to mapping rules
*
* @access private
*
*/
private function usersToXML()
{
include_once './Services/Xml/classes/class.ilXmlWriter.php';
$this->writer = new ilXmlWriter();
$this->writer->xmlStartTag('Users');
$cnt_update = 0;
$cnt_create = 0;
// Single users
foreach ($this->user_data as $external_account => $user) {
$user['ilExternalAccount'] = $external_account;
// Required fields
if ($user['ilInternalAccount']) {
$usr_id = ilObjUser::_lookupId($user['ilInternalAccount']);
++$cnt_update;
// User exists
$this->writer->xmlStartTag('User', array('Id' => $usr_id, 'Action' => 'Update'));
$this->writer->xmlElement('Login', array(), $user['ilInternalAccount']);
$this->writer->xmlElement('ExternalAccount', array(), $external_account);
$this->writer->xmlElement('AuthMode', array(type => $this->getNewUserAuthMode()), null);
$rules = $this->mapping->getRulesForUpdate();
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
foreach (ilLDAPRoleAssignmentRules::getAssignmentsForUpdate($usr_id, $external_account, $user) as $role_data) {
$this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
}
} else {
++$cnt_create;
// Create user
$this->writer->xmlStartTag('User', array('Action' => 'Insert'));
$this->writer->xmlElement('Login', array(), ilAuthUtils::_generateLogin($external_account));
include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRules.php';
foreach (ilLDAPRoleAssignmentRules::getAssignmentsForCreation($external_account, $user) as $role_data) {
$this->writer->xmlElement('Role', array('Id' => $role_data['id'], 'Type' => $role_data['type'], 'Action' => $role_data['action']), '');
}
$rules = $this->mapping->getRules();
}
$this->writer->xmlElement('Active', array(), "true");
$this->writer->xmlElement('TimeLimitOwner', array(), 7);
$this->writer->xmlElement('TimeLimitUnlimited', array(), 1);
$this->writer->xmlElement('TimeLimitFrom', array(), time());
$this->writer->xmlElement('TimeLimitUntil', array(), time());
// only for new users.
// If auth_mode is 'default' (ldap) this status should remain.
if (!$user['ilInternalAccount']) {
$this->writer->xmlElement('AuthMode', array('type' => $this->getNewUserAuthMode()), $this->getNewUserAuthMode());
$this->writer->xmlElement('ExternalAccount', array(), $external_account);
}
foreach ($rules as $field => $data) {
// Do Mapping: it is possible to assign multiple ldap attribute to one user data field
if (!($value = $this->doMapping($user, $data))) {
continue;
}
switch ($field) {
case 'gender':
switch (strtolower($value)) {
case 'm':
case 'male':
$this->writer->xmlElement('Gender', array(), 'm');
break;
case 'f':
case 'female':
default:
$this->writer->xmlElement('Gender', array(), 'f');
break;
}
break;
case 'firstname':
$this->writer->xmlElement('Firstname', array(), $value);
break;
case 'lastname':
$this->writer->xmlElement('Lastname', array(), $value);
break;
case 'hobby':
$this->writer->xmlElement('Hobby', array(), $value);
break;
case 'title':
$this->writer->xmlElement('Title', array(), $value);
break;
case 'institution':
$this->writer->xmlElement('Institution', array(), $value);
break;
case 'department':
$this->writer->xmlElement('Department', array(), $value);
break;
case 'street':
$this->writer->xmlElement('Street', array(), $value);
break;
case 'city':
$this->writer->xmlElement('City', array(), $value);
break;
case 'zipcode':
$this->writer->xmlElement('PostalCode', array(), $value);
break;
case 'country':
$this->writer->xmlElement('Country', array(), $value);
break;
case 'phone_office':
$this->writer->xmlElement('PhoneOffice', array(), $value);
break;
case 'phone_home':
$this->writer->xmlElement('PhoneHome', array(), $value);
break;
case 'phone_mobile':
$this->writer->xmlElement('PhoneMobile', array(), $value);
break;
case 'fax':
$this->writer->xmlElement('Fax', array(), $value);
break;
case 'email':
$this->writer->xmlElement('Email', array(), $value);
break;
case 'matriculation':
$this->writer->xmlElement('Matriculation', array(), $value);
break;
/*
case 'photo':
$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
base64_encode($this->convertInput($user[$value])));
break;
*/
/*
case 'photo':
$this->writer->xmlElement('PersonalPicture',array('encoding' => 'Base64','imagetype' => 'image/jpeg'),
base64_encode($this->convertInput($user[$value])));
break;
*/
default:
// Handle user defined fields
if (substr($field, 0, 4) != 'udf_') {
continue;
}
$id_data = explode('_', $field);
if (!isset($id_data[1])) {
continue;
}
$this->initUserDefinedFields();
$definition = $this->udf->getDefinition($id_data[1]);
$this->writer->xmlElement('UserDefinedField', array('Id' => $definition['il_id'], 'Name' => $definition['field_name']), $value);
break;
}
}
$this->writer->xmlEndTag('User');
}
if ($cnt_create) {
$this->log->write('LDAP: Started creation of ' . $cnt_create . ' users.');
}
if ($cnt_update) {
$this->log->write('LDAP: Started update of ' . $cnt_update . ' users.');
}
$this->writer->xmlEndTag('Users');
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (phpCAS::getUser() != "") {
$username = phpCAS::getUser();
// Authorize this user
include_once './Services/User/classes/class.ilObjUser.php';
$local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
if ($local_user != "") {
$this->setAuth($local_user);
} else {
if (!$ilSetting->get("cas_create_users")) {
$this->status = AUTH_CAS_NO_ILIAS_USER;
$this->logout();
return;
}
$userObj = new ilObjUser();
$local_user = ilAuthUtils::_generateLogin($username);
$newUser["firstname"] = $local_user;
$newUser["lastname"] = "";
$newUser["login"] = $local_user;
// set "plain md5" password (= no valid password)
$newUser["passwd"] = "";
$newUser["passwd_type"] = IL_PASSWD_MD5;
//$newUser["gender"] = "m";
$newUser["auth_mode"] = "cas";
$newUser["ext_account"] = $username;
$newUser["profile_incomplete"] = 1;
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
// set user language to system language
$userObj->setLanguage($ilSetting->get("language"));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Create user in DB
$userObj->setOwner(0);
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// setup user preferences
$userObj->writePrefs();
// to do: test this
$rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
unset($userObj);
$this->setAuth($local_user);
}
} else {
// This should never occur unless CAS is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
