/**
  * Check if an update is required
  * @return 
  * @param string $a_username
  */
 protected function updateRequired($a_username)
 {
     if (!ilObjUser::_checkExternalAuthAccount("apache", $a_username)) {
         return true;
     }
     // Check attribute mapping on login
     include_once './Services/LDAP/classes/class.ilLDAPAttributeMapping.php';
     if (ilLDAPAttributeMapping::hasRulesForUpdate($this->server->getServerId())) {
         #$GLOBALS['ilLog']->write(__METHOD__.': Required 2');
         return true;
     }
     include_once './Services/LDAP/classes/class.ilLDAPRoleAssignmentRule.php';
     if (ilLDAPRoleAssignmentRule::hasRulesForUpdate()) {
         #$GLOBALS['ilLog']->write(__METHOD__.': Required 3');
         return true;
     }
     return false;
 }
 /**
  * Check if user agreement is accepted
  *
  * @access protected
  * @param string auth_mode local,ldap or cas
  * 
  */
 protected function __checkAgreement($a_auth_mode)
 {
     global $ilDB;
     include_once './Services/User/classes/class.ilObjUser.php';
     include_once './Services/Administration/classes/class.ilSetting.php';
     $GLOBALS['ilSetting'] = new ilSetting();
     if (!($login = ilObjUser::_checkExternalAuthAccount($a_auth_mode, $this->getUsername()))) {
         // User does not exist
         return true;
     }
     if (!ilObjUser::_hasAcceptedAgreement($login)) {
         $this->__setMessage('User agreement no accepted.');
         return false;
     }
     return true;
 }
 /**
  * Refresh status of course member assignments
  * @param object $course_member
  * @param int $obj_id
  */
 protected function refreshAssignmentStatus($course_member, $obj_id, $sub_id, $assigned)
 {
     include_once './Services/WebServices/ECS/classes/Course/class.ilECSCourseMemberAssignment.php';
     $type = ilObject::_lookupType($obj_id);
     if ($type == 'crs') {
         include_once './Modules/Course/classes/class.ilCourseParticipants.php';
         $part = ilCourseParticipants::_getInstanceByObjId($obj_id);
     } else {
         include_once './Modules/Group/classes/class.ilGroupParticipants.php';
         $part = ilGroupParticipants::_getInstanceByObjId($obj_id);
     }
     $course_id = (int) $course_member->lectureID;
     $usr_ids = ilECSCourseMemberAssignment::lookupUserIds($course_id, $sub_id, $obj_id);
     // Delete remote deleted
     foreach ((array) $usr_ids as $usr_id) {
         if (!isset($assigned[$usr_id])) {
             $ass = ilECSCourseMemberAssignment::lookupAssignment($course_id, $sub_id, $obj_id, $usr_id);
             if ($ass instanceof ilECSCourseMemberAssignment) {
                 $acc = ilObjUser::_checkExternalAuthAccount(ilECSSetting::lookupAuthMode(), (string) $usr_id);
                 if ($il_usr_id = ilObjUser::_lookupId($acc)) {
                     // this removes also admin, tutor roles
                     $part->delete($il_usr_id);
                     $GLOBALS['ilLog']->write(__METHOD__ . ': Deassigning user ' . $usr_id . ' ' . 'from course ' . ilObject::_lookupTitle($obj_id));
                 } else {
                     $GLOBALS['ilLog']->write(__METHOD__ . ': Deassigning unknown ILIAS user ' . $usr_id . ' ' . 'from course ' . ilObject::_lookupTitle($obj_id));
                 }
                 $ass->delete();
             }
         }
     }
     // Assign new participants
     foreach ((array) $assigned as $person_id => $person) {
         $role = $this->lookupRole($person['role']);
         $role_info = ilECSMappingUtils::getRoleMappingInfo($role);
         $acc = ilObjUser::_checkExternalAuthAccount(ilECSSetting::lookupAuthMode(), (string) $person_id);
         $GLOBALS['ilLog']->write(__METHOD__ . ': Handling user ' . (string) $person_id);
         if (in_array($person_id, $usr_ids)) {
             if ($il_usr_id = ilObjUser::_lookupId($acc)) {
                 $GLOBALS['ilLog']->write(__METHOD__ . ': ' . print_r($role, true));
                 $part->updateRoleAssignments($il_usr_id, array($role));
                 // Nothing to do, user is member or is locally deleted
             }
         } else {
             if ($il_usr_id = ilObjUser::_lookupId($acc)) {
                 if ($role) {
                     // Add user
                     $GLOBALS['ilLog']->write(__METHOD__ . ': Assigning new user ' . $person_id . ' ' . 'to ' . ilObject::_lookupTitle($obj_id));
                     $part->add($il_usr_id, $role);
                 }
             } else {
                 if ($role_info['create']) {
                     $this->createMember($person_id);
                     $GLOBALS['ilLog']->write(__METHOD__ . ': Added new user ' . $person_id);
                 }
             }
             $assignment = new ilECSCourseMemberAssignment();
             $assignment->setServer($this->getServer()->getServerId());
             $assignment->setMid($this->mid);
             $assignment->setCmsId($course_id);
             $assignment->setCmsSubId($sub_id);
             $assignment->setObjId($obj_id);
             $assignment->setUid($person_id);
             $assignment->save();
         }
     }
     return true;
 }
 /** 
  * Called from base class after successful login
  *
  * @param string username
  */
 public function loginObserver($a_username, $a_auth)
 {
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_RADIUS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     $user_data = array_change_key_case($a_auth->getAuthData(), CASE_LOWER);
     $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("radius", $a_username);
     if (!$user_data['ilInternalAccount']) {
         if ($this->radius_settings->enabledCreation()) {
             if ($this->radius_settings->isAccountMigrationEnabled() and !$this->force_creation) {
                 $a_auth->logout();
                 $_SESSION['tmp_auth_mode'] = 'radius';
                 $_SESSION['tmp_external_account'] = $a_username;
                 $_SESSION['tmp_pass'] = $_POST['password'];
                 $_SESSION['tmp_roles'] = array(0 => $this->radius_settings->getDefaultRole());
                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
             }
             $this->initRADIUSAttributeToUser();
             $new_name = $this->radius_user->create($a_username);
             $a_auth->setAuth($new_name);
             return true;
         } else {
             // No syncronisation allowed => create Error
             $a_auth->status = AUTH_RADIUS_NO_ILIAS_USER;
             $a_auth->logout();
             return false;
         }
     } else {
         $a_auth->setAuth($user_data['ilInternalAccount']);
         return true;
     }
 }
Exemplo n.º 5
0
 /**
  * Read user data 
  * @param bool check dn
  * @param bool use group filter
  * @access private
  */
 private function readUserData($a_name, $a_check_dn = true, $a_try_group_user_filter = false)
 {
     $filter = $this->settings->getFilter();
     if ($a_try_group_user_filter) {
         if ($this->settings->isMembershipOptional()) {
             $filter = $this->settings->getGroupUserFilter();
         }
     }
     // Build filter
     if ($this->settings->enabledGroupMemberIsDN() and $a_check_dn) {
         $dn = $a_name;
         #$res = $this->queryByScope(IL_LDAP_SCOPE_BASE,$dn,$filter,$this->user_fields);
         $fields = array_merge($this->user_fields, array('useraccountcontrol'));
         $res = $this->queryByScope(IL_LDAP_SCOPE_BASE, strtolower($dn), $filter, $fields);
     } else {
         $filter = sprintf('(&(%s=%s)%s)', $this->settings->getUserAttribute(), $a_name, $filter);
         // Build search base
         if (($dn = $this->settings->getSearchBase()) && substr($dn, -1) != ',') {
             $dn .= ',';
         }
         $dn .= $this->settings->getBaseDN();
         $fields = array_merge($this->user_fields, array('useraccountcontrol'));
         $res = $this->queryByScope($this->settings->getUserScope(), strtolower($dn), $filter, $fields);
     }
     $tmp_result = new ilLDAPResult($this->lh, $res);
     if (!$tmp_result->numRows()) {
         $this->log->write('LDAP: No user data found for: ' . $a_name);
         unset($tmp_result);
         return false;
     }
     if ($user_data = $tmp_result->get()) {
         if (isset($user_data['useraccountcontrol'])) {
             if ($user_data['useraccountcontrol'] & 0x2) {
                 $this->log->write(__METHOD__ . ': ' . $a_name . ' account disabled.');
                 return;
             }
         }
         $user_ext = $user_data[strtolower($this->settings->getUserAttribute())];
         // auth mode depends on ldap server settings
         $auth_mode = $this->parseAuthMode();
         $user_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount($auth_mode, $user_ext);
         $this->users[$user_ext] = $user_data;
     }
     return true;
 }
Exemplo n.º 6
0
 /**
  * Auth and email related methods
  * @group IL_Init
  */
 public function testAuthAndEmailMethods()
 {
     include_once "./Services/User/classes/class.ilObjUser.php";
     $value = "";
     // creation
     $user = new ilObjUser();
     $d = array("login" => "aatestuser2", "passwd_type" => IL_PASSWD_PLAIN, "passwd" => "password", "gender" => "f", "firstname" => "Heidi", "lastname" => "Kabel", "email" => "*****@*****.**", "ext_account" => "ext_");
     $user->assignData($d);
     $user->setActive(true);
     $user->create();
     $user->saveAsNew();
     $user->setLanguage("de");
     $user->writePrefs();
     $id = $user->getId();
     ilObjUser::_writeExternalAccount($id, "ext_kabel");
     ilObjUser::_writeAuthMode($id, "cas");
     $ids = ilObjUser::_getUserIdsByEmail("*****@*****.**");
     //var_dump($ids);
     if (is_array($ids) && count($ids) == 1 && $ids[0] == "aatestuser2") {
         $value .= "email1-";
     }
     $uid = ilObjUser::getUserIdByEmail("*****@*****.**");
     if ($uid == $id) {
         $value .= "email2-";
     }
     $acc = ilObjUser::_getExternalAccountsByAuthMode("cas");
     foreach ($acc as $k => $v) {
         if ($k == $id && $v == "ext_kabel") {
             $value .= "auth1-";
         }
     }
     if (ilObjUser::_lookupAuthMode($id) == "cas") {
         $value .= "auth2-";
     }
     if (ilObjUser::_checkExternalAuthAccount("cas", "ext_kabel") == "aatestuser2") {
         $value .= "auth3-";
     }
     if (ilObjUser::_externalAccountExists("ext_kabel", "cas")) {
         $value .= "auth4-";
     }
     ilObjUser::_getNumberOfUsersPerAuthMode();
     $la = ilObjUser::_getLocalAccountsForEmail("*****@*****.**");
     ilObjUser::_incrementLoginAttempts($id);
     ilObjUser::_getLoginAttempts($id);
     ilObjUser::_resetLoginAttempts($id);
     ilObjUser::_setUserInactive($id);
     // deletion
     $user->delete();
     $this->assertEquals("email1-email2-auth1-auth2-auth3-auth4-", $value);
 }
 /**
  * handler for end of element when in verify mode.
  */
 function verifyEndTag($a_xml_parser, $a_name)
 {
     global $lng, $ilAccess, $ilSetting, $ilObjDataCache;
     switch ($a_name) {
         case "Role":
             $this->roles[$this->current_role_id]["name"] = $this->cdata;
             $this->roles[$this->current_role_id]["type"] = $this->current_role_type;
             $this->roles[$this->current_role_id]["action"] = $this->current_role_action;
             break;
         case "User":
             $this->userObj->setFullname();
             if ($this->user_id != -1 && $this->action == "Update") {
                 $user_exists = !is_null(ilObjUser::_lookupLogin($this->user_id));
             } else {
                 $user_exists = ilObjUser::getUserIdByLogin($this->userObj->getLogin()) != 0;
             }
             if (is_null($this->userObj->getLogin())) {
                 $this->logFailure("---", sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Login", "Insert"));
             }
             switch ($this->action) {
                 case "Insert":
                     if ($user_exists and $this->conflict_rule == IL_FAIL_ON_CONFLICT) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_insert"));
                     }
                     if (is_null($this->userObj->getGender()) && $this->isFieldRequired("gender")) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Gender", "Insert"));
                     }
                     if (is_null($this->userObj->getFirstname())) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Firstname", "Insert"));
                     }
                     if (is_null($this->userObj->getLastname())) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Lastname", "Insert"));
                     }
                     if (count($this->roles) == 0) {
                         $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_for_action_required"), "Role", "Insert"));
                     } else {
                         $has_global_role = false;
                         foreach ($this->roles as $role) {
                             if ($role['type'] == 'Global') {
                                 $has_global_role = true;
                                 break;
                             }
                         }
                         if (!$has_global_role) {
                             $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_global_role_for_action_required"), "Insert"));
                         }
                     }
                     break;
                 case "Update":
                     if (!$user_exists) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_update"));
                     } elseif ($this->user_id != -1 && !is_null($this->userObj->getLogin())) {
                         $someonesId = ilObjUser::_lookupId($this->userObj->getLogin());
                         if (is_numeric($someonesId) && $someonesId != $this->user_id) {
                             $this->logFailure($this->userObj->getLogin(), $lng->txt("usrimport_login_is_not_unique"));
                         }
                     }
                     break;
                 case "Delete":
                     if (!$user_exists) {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_cant_delete"));
                     }
                     break;
             }
             // init role array for next user
             $this->roles = array();
             break;
         case "Login":
             if (array_key_exists($this->cdata, $this->logins)) {
                 $this->logWarning($this->cdata, $lng->txt("usrimport_login_is_not_unique"));
             } else {
                 $this->logins[$this->cdata] = $this->cdata;
             }
             $this->userObj->setLogin($this->cdata);
             break;
         case "Password":
             switch ($this->currPasswordType) {
                 case "ILIAS2":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_CRYPT);
                     break;
                 case "ILIAS3":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_MD5);
                     break;
                 case "PLAIN":
                     $this->userObj->setPasswd($this->cdata, IL_PASSWD_PLAIN);
                     $this->acc_mail->setUserPassword($this->currPassword);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_attribute_value_illegal"), "Type", "Password", $this->currPasswordType));
                     break;
             }
             break;
         case "Firstname":
             $this->userObj->setFirstname($this->cdata);
             break;
         case "Lastname":
             $this->userObj->setLastname($this->cdata);
             break;
         case "Title":
             $this->userObj->setUTitle($this->cdata);
             break;
         case "Gender":
             if ($this->cdata != "m" && $this->cdata != "f") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Gender", $this->cdata));
             }
             $this->userObj->setGender($this->cdata);
             break;
         case "Email":
             $this->userObj->setEmail($this->cdata);
             break;
         case "Institution":
             $this->userObj->setInstitution($this->cdata);
             break;
         case "Street":
             $this->userObj->setStreet($this->cdata);
             break;
         case "City":
             $this->userObj->setCity($this->cdata);
             break;
         case "PostalCode":
             $this->userObj->setZipCode($this->cdata);
             break;
         case "Country":
             $this->userObj->setCountry($this->cdata);
             break;
         case "PhoneOffice":
             $this->userObj->setPhoneOffice($this->cdata);
             break;
         case "PhoneHome":
             $this->userObj->setPhoneHome($this->cdata);
             break;
         case "PhoneMobile":
             $this->userObj->setPhoneMobile($this->cdata);
             break;
         case "Fax":
             $this->userObj->setFax($this->cdata);
             break;
         case "Hobby":
             $this->userObj->setHobby($this->cdata);
             break;
         case "Comment":
             $this->userObj->setComment($this->cdata);
             break;
         case "Department":
             $this->userObj->setDepartment($this->cdata);
             break;
         case "Matriculation":
             $this->userObj->setMatriculation($this->cdata);
             break;
         case "ExternalAccount":
             //echo "-".$this->userObj->getAuthMode()."-".$this->userObj->getLogin()."-";
             $am = $this->userObj->getAuthMode() == "default" || $this->userObj->getAuthMode() == "" ? ilAuthUtils::_getAuthModeName($ilSetting->get('auth_mode')) : $this->userObj->getAuthMode();
             $loginForExternalAccount = trim($this->cdata) == "" ? "" : ilObjUser::_checkExternalAuthAccount($am, trim($this->cdata));
             switch ($this->action) {
                 case "Insert":
                     if ($loginForExternalAccount != "") {
                         $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_insert_ext_account_exists") . " (" . $this->cdata . ")");
                     }
                     break;
                 case "Update":
                     if ($loginForExternalAccount != "") {
                         $externalAccountHasChanged = trim($this->cdata) != ilObjUser::_lookupExternalAccount($this->user_id);
                         if ($externalAccountHasChanged && trim($loginForExternalAccount) != trim($this->userObj->getLogin())) {
                             $this->logWarning($this->userObj->getLogin(), $lng->txt("usrimport_no_update_ext_account_exists") . " (" . $this->cdata . " for " . $loginForExternalAccount . ")");
                         }
                     }
                     break;
             }
             if ($externalAccountHasChanged) {
                 $this->userObj->setExternalAccount(trim($this->cdata));
             }
             break;
         case "Active":
             if ($this->cdata != "true" && $this->cdata != "false") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "Active", $this->cdata));
             }
             $this->currActive = $this->cdata;
             break;
         case "TimeLimitOwner":
             if (!preg_match("/\\d+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             } elseif (!$ilAccess->checkAccess('cat_administrate_users', '', $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             } elseif ($ilObjDataCache->lookupType($ilObjDataCache->lookupObjId($this->cdata)) != 'cat' && !(int) $this->cdata == USER_FOLDER_ID) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitOwner", $this->cdata));
             }
             $this->userObj->setTimeLimitOwner($this->cdata);
             break;
         case "TimeLimitUnlimited":
             switch (strtolower($this->cdata)) {
                 case "true":
                 case "1":
                     $this->userObj->setTimeLimitUnlimited(1);
                     break;
                 case "false":
                 case "0":
                     $this->userObj->setTimeLimitUnlimited(0);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUnlimited", $this->cdata));
                     break;
             }
             break;
         case "TimeLimitFrom":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitFrom", $this->cdata));
             }
             $this->userObj->setTimeLimitFrom($this->cdata);
             break;
         case "TimeLimitUntil":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitUntil", $this->cdata));
             }
             $this->userObj->setTimeLimitUntil($this->cdata);
             break;
         case "TimeLimitMessage":
             switch (strtolower($this->cdata)) {
                 case "1":
                     $this->userObj->setTimeLimitMessage(1);
                     break;
                 case "0":
                     $this->userObj->setTimeLimitMessage(0);
                     break;
                 default:
                     $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "TimeLimitMessage", $this->cdata));
                     break;
             }
             break;
         case "ApproveDate":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "ApproveDate", $this->cdata));
             }
             break;
         case "AgreeDate":
             // Accept datetime or Unix timestamp
             if (strtotime($this->cdata) === false && !is_numeric($this->cdata) && !$this->cdata == "0000-00-00 00:00:00") {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "AgreeDate", $this->cdata));
             }
             break;
         case "iLincID":
             if (!preg_match("/\\d+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincID", $this->cdata));
             }
             break;
         case "iLincUser":
             if (!preg_match("/\\w+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincUser", $this->cdata));
             }
             break;
         case "iLincPasswd":
             if (!preg_match("/\\w+/", $this->cdata)) {
                 $this->logFailure($this->userObj->getLogin(), sprintf($lng->txt("usrimport_xml_element_content_illegal"), "iLincPasswd", $this->cdata));
             }
             break;
         case "Pref":
             if ($this->currentPrefKey != null) {
                 $this->verifyPref($this->currentPrefKey, $this->cdata);
             }
             $this->currentPrefKey == null;
     }
 }
 /**
  * @see ilAuthContainerBase::loginObserver()
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilias, $rbacadmin, $ilSetting, $ilLog, $PHPCAS_CLIENT;
     $ilLog->write(__METHOD__ . ': Successful CAS login.');
     // Radius with ldap as data source
     include_once './Services/LDAP/classes/class.ilLDAPServer.php';
     if (ilLDAPServer::isDataSourceActive(AUTH_CAS)) {
         return $this->handleLDAPDataSource($a_auth, $a_username);
     }
     include_once "./Services/CAS/lib/CAS.php";
     if ($PHPCAS_CLIENT->getUser() != "") {
         $username = $PHPCAS_CLIENT->getUser();
         $ilLog->write(__METHOD__ . ': Username: '******'./Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $a_auth->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $a_auth->status = AUTH_CAS_NO_ILIAS_USER;
                 $a_auth->logout();
                 return false;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $a_auth->setAuth($local_user);
             return true;
         }
     } else {
         $ilLog->write(__METHOD__ . ': Login failed.');
         // This should never occur unless CAS is not configured properly
         $a_auth->status = AUTH_WRONG_LOGIN;
         return false;
     }
     return false;
 }
 function authenticate()
 {
     include_once "./Services/Init/classes/class.ilInitialisation.php";
     $this->init = new ilInitialisation();
     $this->init->requireCommonIncludes();
     //$init->initSettings();
     if (!$this->getClient()) {
         $this->__setMessage('No client given');
         return false;
     }
     if (!$this->getUsername()) {
         $this->__setMessage('No username given');
         return false;
     }
     // Read ilias ini
     if (!$this->__buildDSN()) {
         $this->__setMessage('Error building dsn/Wrong client Id?');
         return false;
     }
     if (!$this->__setSessionSaveHandler()) {
         return false;
     }
     if (!$this->__checkAgreement('cas')) {
         return false;
     }
     if (!$this->__buildAuth()) {
         return false;
     }
     if ($this->soap_check and !$this->__checkSOAPEnabled()) {
         $this->__setMessage('SOAP is not enabled in ILIAS administration for this client');
         $this->__setMessageCode('Server');
         return false;
     }
     // check whether authentication is valid
     //if (!$this->auth->checkCASAuth())
     if (!phpCAS::checkAuthentication()) {
         $this->__setMessage('ilSOAPAuthenticationCAS::authenticate(): No valid CAS authentication.');
         return false;
     }
     $this->auth->forceCASAuth();
     if ($this->getUsername() != $this->auth->getCASUser()) {
         $this->__setMessage('ilSOAPAuthenticationCAS::authenticate(): SOAP CAS user does not match to ticket user.');
         return false;
     }
     include_once './Services/User/classes/class.ilObjUser.php';
     $local_user = ilObjUser::_checkExternalAuthAccount("cas", $this->auth->getCASUser());
     if ($local_user == "") {
         $this->__setMessage('ilSOAPAuthenticationCAS::authenticate(): SOAP CAS user authenticated but not existing in ILIAS user database.');
         return false;
     }
     /*
     		$init->initIliasIniFile();
     		$init->initSettings();
     		$ilias =& new ILIAS();
     		$GLOBALS['ilias'] =& $ilias;*/
     $this->auth->start();
     if (!$this->auth->getAuth()) {
         $this->__getAuthStatus();
         return false;
     }
     $this->setSid(session_id());
     return true;
 }
 /**
  * Read internal account of user
  * @throws UnexpectedValueException
  */
 protected function readInternalAccount()
 {
     if (!$this->getExternalAccount()) {
         throw new UnexpectedValueException('No external account given.');
     }
     $this->intaccount = ilObjUser::_checkExternalAuthAccount($this->getAuthMode(), $this->getExternalAccount());
 }
Exemplo n.º 11
0
 /**
  * Automatically generates the username/screenname of a Shibboleth user or returns
  * the user's already existing username
  *
  * @access private
  * @return String Generated username
  */
 function generateLogin()
 {
     global $ilias, $ilDB;
     $shibID = $_SERVER[$ilias->getSetting('shib_login')];
     $lastname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
     $firstname = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
     if (trim($shibID) == "") {
         return;
     }
     //***********************************************//
     // For backwards compatibility with previous versions
     // We use the passwd field as mapping attribute for Shibboleth users
     // because they don't need a password
     $ilias->db->query("UPDATE usr_data SET auth_mode='shibboleth', passwd=" . $ilDB->quote(md5(end(ilUtil::generatePasswords(1)))) . ", ext_account=" . $ilDB->quote($shibID) . " WHERE passwd=" . $ilDB->quote($shibID));
     //***********************************************//
     // Let's see if user already is registered
     $local_user = ilObjUser::_checkExternalAuthAccount("shibboleth", $shibID);
     if ($local_user) {
         return $local_user;
     }
     // Let's see if user already is registered but authenticates by ldap
     $local_user = ilObjUser::_checkExternalAuthAccount("ldap", $shibID);
     if ($local_user) {
         return $local_user;
     }
     // User doesn't seem to exist yet
     // Generate new username
     // This can be overruled by the data conversion API but you have
     // to do it yourself in that case
     // Generate the username out of the first character of firstname and the
     // first word in lastname (adding the second one if the login is too short,
     // avoiding meaningless last names like 'von' or 'd' and eliminating
     // non-ASCII-characters, spaces, dashes etc.
     $ln_arr = preg_split("/[ '-;]/", $lastname);
     $login = substr($this->toAscii($firstname), 0, 1) . "." . $this->toAscii($ln_arr[0]);
     if (strlen($login) < 6) {
         $login .= $this->toAscii($ln_arr[1]);
     }
     $prefix = strtolower($login);
     // If the user name didn't contain any ASCII characters, assign the
     // name 'shibboleth' followed by a number, starting with 1.
     if (strlen($prefix) == 0) {
         $prefix = 'shibboleth';
         $number = 1;
     } else {
         // Try if the login name is not already taken
         if (!ilObjUser::getUserIdByLogin($prefix)) {
             return $prefix;
         }
         // If the login name is in use, append a number, starting with 2.
         $number = 2;
     }
     // Append a number, if the username is already taken
     while (ilObjUser::getUserIdByLogin($prefix . $number)) {
         $number++;
     }
     return $prefix . $number;
 }
Exemplo n.º 12
0
 /**
  *  Call is isValidSession of soap server
  * @return bool 
  * @param string $a_username
  * @param string $a_password
  * @param bool $isChallengeResponse[optional]
  */
 public function fetchData($a_username, $a_password, $isChallengeResponse = false)
 {
     $GLOBALS['ilLog']->write(__METHOD__ . ': Soap auth fetch data');
     // check whether external user exists in ILIAS database
     $local_user = ilObjUser::_checkExternalAuthAccount("soap", $a_username);
     if ($local_user == "") {
         $new_user = true;
     } else {
         $new_user = false;
     }
     $soapAction = "";
     $nspref = "";
     if ($this->use_dotnet) {
         $soapAction = $this->server_nms . "/isValidSession";
         $nspref = "ns1:";
     }
     $valid = $this->client->call('isValidSession', array($nspref . 'ext_uid' => $a_username, $nspref . 'soap_pw' => $a_password, $nspref . 'new_user' => $new_user), $this->server_nms, $soapAction);
     //echo "<br>== Request ==";
     //echo '<br><pre>' . htmlspecialchars($this->soap_client->request, ENT_QUOTES) . '</pre><br>';
     //echo "<br>== Response ==";
     //echo "<br>Valid: -".$valid["valid"]."-";
     //echo '<br><pre>' . htmlspecialchars($this->soap_client->response, ENT_QUOTES) . '</pre>';
     if (trim($valid["valid"]) == "false") {
         $valid["valid"] = false;
     }
     // to do check SOAP error!?
     $valid["local_user"] = $local_user;
     $this->response = $valid;
     return $valid['valid'] == true;
 }
 /**
  * @see ilAuthContainerBase::loginObserver()
  */
 public function loginObserver($a_username, $a_auth)
 {
     global $ilLog;
     $GLOBALS['ilLog']->write(__METHOD__ . ': Login observer called for openid');
     $this->initSettings();
     $this->response_data['ilInternalAccount'] = ilObjUser::_checkExternalAuthAccount("openid", $this->response_data['nickname']);
     if (!$this->response_data['ilInternalAccount']) {
         if ($this->settings->isCreationEnabled()) {
             if ($this->settings->isAccountMigrationEnabled() and !$this->force_creation and !$_SESSION['force_creation']) {
                 //$a_auth->logout();
                 $_SESSION['tmp_auth_mode'] = 'openid';
                 $_SESSION['tmp_oid_username'] = urldecode($_GET['openid_identity']);
                 $_SESSION['tmp_oid_provider'] = $_POST['oid_provider'];
                 $_SESSION['tmp_external_account'] = $this->response_data['nickname'];
                 $_SESSION['tmp_pass'] = $_POST['password'];
                 $_SESSION['tmp_roles'] = array(0 => $this->settings->getDefaultRole());
                 $GLOBALS['ilLog']->write(__METHOD__ . ': Redirect migration');
                 ilUtil::redirect('ilias.php?baseClass=ilStartUpGUI&cmd=showAccountMigration&cmdClass=ilstartupgui');
             }
             include_once './Services/OpenId/classes/class.ilOpenIdAttributeToUser.php';
             $new_user = new ilOpenIdAttributeToUser();
             $new_name = $new_user->create($this->response_data['nickname'], $this->response_data);
             $GLOBALS['ilLog']->write(__METHOD__ . ': Create user with name:' . $new_name);
             $a_auth->setAuth($new_name);
             return true;
         } else {
             // No syncronisation allowed => create Error
             $a_auth->status = AUTH_OPENID_NO_ILIAS_USER;
             $a_auth->logout();
             $GLOBALS['ilLog']->write(__METHOD__ . ': No creation');
             return false;
         }
     } else {
         $GLOBALS['ilLog']->write(__METHOD__ . ': Using old name: ' . $this->response_data['ilInternalAccount']);
         $a_auth->setAuth($this->response_data['ilInternalAccount']);
         return true;
     }
     return false;
 }
Exemplo n.º 14
0
 /**
  * Login function
  *
  * @access private
  * @return void
  */
 function login()
 {
     global $ilias, $rbacadmin, $ilSetting;
     if (phpCAS::getUser() != "") {
         $username = phpCAS::getUser();
         // Authorize this user
         include_once './Services/User/classes/class.ilObjUser.php';
         $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
         if ($local_user != "") {
             $this->setAuth($local_user);
         } else {
             if (!$ilSetting->get("cas_create_users")) {
                 $this->status = AUTH_CAS_NO_ILIAS_USER;
                 $this->logout();
                 return;
             }
             $userObj = new ilObjUser();
             $local_user = ilAuthUtils::_generateLogin($username);
             $newUser["firstname"] = $local_user;
             $newUser["lastname"] = "";
             $newUser["login"] = $local_user;
             // set "plain md5" password (= no valid password)
             $newUser["passwd"] = "";
             $newUser["passwd_type"] = IL_PASSWD_MD5;
             //$newUser["gender"] = "m";
             $newUser["auth_mode"] = "cas";
             $newUser["ext_account"] = $username;
             $newUser["profile_incomplete"] = 1;
             // system data
             $userObj->assignData($newUser);
             $userObj->setTitle($userObj->getFullname());
             $userObj->setDescription($userObj->getEmail());
             // set user language to system language
             $userObj->setLanguage($ilSetting->get("language"));
             // Time limit
             $userObj->setTimeLimitOwner(7);
             $userObj->setTimeLimitUnlimited(1);
             $userObj->setTimeLimitFrom(time());
             $userObj->setTimeLimitUntil(time());
             // Create user in DB
             $userObj->setOwner(0);
             $userObj->create();
             $userObj->setActive(1);
             $userObj->updateOwner();
             //insert user data in table user_data
             $userObj->saveAsNew();
             // setup user preferences
             $userObj->writePrefs();
             // to do: test this
             $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
             unset($userObj);
             $this->setAuth($local_user);
         }
     } else {
         // This should never occur unless CAS is not configured properly
         $this->status = AUTH_WRONG_LOGIN;
     }
 }
Exemplo n.º 15
0
 /**
  * Does input checks and updates a user account if everything is fine.
  * @access	public
  */
 function updateObjectOld()
 {
     global $ilias, $rbacsystem, $rbacadmin, $ilUser;
     include_once './Services/Authentication/classes/class.ilAuthUtils.php';
     //load ILIAS settings
     $settings = $ilias->getAllSettings();
     // User folder
     if ($this->usrf_ref_id == USER_FOLDER_ID and !$rbacsystem->checkAccess('visible,read,write', $this->usrf_ref_id)) {
         $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
     }
     // if called from local administration $this->usrf_ref_id is category id
     // Todo: this has to be fixed. Do not mix user folder id and category id
     if ($this->usrf_ref_id != USER_FOLDER_ID) {
         // check if user is assigned to category
         if (!$rbacsystem->checkAccess('cat_administrate_users', $this->object->getTimeLimitOwner())) {
             $this->ilias->raiseError($this->lng->txt("msg_no_perm_modify_user"), $this->ilias->error_obj->MESSAGE);
         }
     }
     foreach ($_POST["Fobject"] as $key => $val) {
         $_POST["Fobject"][$key] = ilUtil::stripSlashes($val);
     }
     // check dynamically required fields
     foreach ($settings as $key => $val) {
         $field = substr($key, 8);
         switch ($field) {
             case 'passwd':
             case 'passwd2':
                 if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
                     $require_keys[] = $field;
                 }
                 break;
             default:
                 $require_keys[] = $field;
                 break;
         }
     }
     foreach ($require_keys as $key => $val) {
         // exclude required system and registration-only fields
         $system_fields = array("default_role");
         if (!in_array($val, $system_fields)) {
             if (isset($settings["require_" . $val]) && $settings["require_" . $val]) {
                 if (empty($_POST["Fobject"][$val])) {
                     $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt($val), $this->ilias->error_obj->MESSAGE);
                 }
             }
         }
     }
     if (!$this->__checkUserDefinedRequiredFields()) {
         $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"), $this->ilias->error_obj->MESSAGE);
     }
     // validate login
     if ($this->object->getLogin() != $_POST["Fobject"]["login"] && !ilUtil::isLogin($_POST["Fobject"]["login"])) {
         $this->ilias->raiseError($this->lng->txt("login_invalid"), $this->ilias->error_obj->MESSAGE);
     }
     // check loginname
     if (ilObjUser::_loginExists($_POST["Fobject"]["login"], $this->id)) {
         $this->ilias->raiseError($this->lng->txt("login_exists"), $this->ilias->error_obj->MESSAGE);
     }
     if (ilAuthUtils::_allowPasswordModificationByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
         if ($_POST['Fobject']['passwd'] == "********" and !strlen($this->object->getPasswd())) {
             $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields") . ": " . $this->lng->txt('password'), $this->ilias->error_obj->MESSAGE);
         }
         // check passwords
         if ($_POST["Fobject"]["passwd"] != $_POST["Fobject"]["passwd2"]) {
             $this->ilias->raiseError($this->lng->txt("passwd_not_match"), $this->ilias->error_obj->MESSAGE);
         }
         // validate password
         if (!ilUtil::isPassword($_POST["Fobject"]["passwd"])) {
             $this->ilias->raiseError($this->lng->txt("passwd_invalid"), $this->ilias->error_obj->MESSAGE);
         }
     } else {
         // Password will not be changed...
         $_POST['Fobject']['passwd'] = "********";
     }
     if (ilAuthUtils::_needsExternalAccountByAuthMode(ilAuthUtils::_getAuthMode($_POST['Fobject']['auth_mode']))) {
         if (!strlen($_POST['Fobject']['ext_account'])) {
             $this->ilias->raiseError($this->lng->txt('ext_acccount_required'), $this->ilias->error_obj->MESSAGE);
         }
     }
     if ($_POST['Fobject']['ext_account'] && ($elogin = ilObjUser::_checkExternalAuthAccount($_POST['Fobject']['auth_mode'], $_POST['Fobject']['ext_account']))) {
         if ($elogin != $this->object->getLogin()) {
             $this->ilias->raiseError(sprintf($this->lng->txt("err_auth_ext_user_exists"), $_POST["Fobject"]["ext_account"], $_POST['Fobject']['auth_mode'], $elogin), $this->ilias->error_obj->MESSAGE);
         }
     }
     // The password type is not passed with the post data.  Therefore we
     // append it here manually.
     include_once './Services/User/classes/class.ilObjUser.php';
     $_POST["Fobject"]["passwd_type"] = IL_PASSWD_PLAIN;
     // validate email
     if (strlen($_POST['Fobject']['email']) and !ilUtil::is_email($_POST["Fobject"]["email"])) {
         $this->ilias->raiseError($this->lng->txt("email_not_valid"), $this->ilias->error_obj->MESSAGE);
     }
     $start = $this->__toUnix($_POST["time_limit"]["from"]);
     $end = $this->__toUnix($_POST["time_limit"]["until"]);
     // validate time limit
     if (!$_POST["time_limit"]["unlimited"] and $start > $end) {
         $this->ilias->raiseError($this->lng->txt("time_limit_not_valid"), $this->ilias->error_obj->MESSAGE);
     }
     if (!$this->ilias->account->getTimeLimitUnlimited()) {
         if ($start < $this->ilias->account->getTimeLimitFrom() or $end > $this->ilias->account->getTimeLimitUntil() or $_POST['time_limit']['unlimited']) {
             $_SESSION['error_post_vars'] = $_POST;
             ilUtil::sendFailure($this->lng->txt('time_limit_not_within_owners'));
             $this->editObject();
             return false;
         }
     }
     // TODO: check length of login and passwd
     // checks passed. save user
     $_POST['Fobject']['time_limit_owner'] = $this->object->getTimeLimitOwner();
     $_POST['Fobject']['time_limit_unlimited'] = (int) $_POST['time_limit']['unlimited'];
     $_POST['Fobject']['time_limit_from'] = $this->__toUnix($_POST['time_limit']['from']);
     $_POST['Fobject']['time_limit_until'] = $this->__toUnix($_POST['time_limit']['until']);
     if ($_POST['Fobject']['time_limit_unlimited'] != $this->object->getTimeLimitUnlimited() or $_POST['Fobject']['time_limit_from'] != $this->object->getTimeLimitFrom() or $_POST['Fobject']['time_limit_until'] != $this->object->getTimeLimitUntil()) {
         $_POST['Fobject']['time_limit_message'] = 0;
     } else {
         $_POST['Fobject']['time_limit_message'] = $this->object->getTimeLimitMessage();
     }
     $this->object->assignData($_POST["Fobject"]);
     $this->object->setUserDefinedData($_POST['udf']);
     try {
         $this->object->updateLogin($_POST['Fobject']['login']);
     } catch (ilUserException $e) {
         ilUtil::sendFailure($e->getMessage());
         $this->form_gui->setValuesByPost();
         return $tpl->setContent($this->form_gui->getHtml());
     }
     $this->object->setTitle($this->object->getFullname());
     $this->object->setDescription($this->object->getEmail());
     $this->object->setLanguage($_POST["Fobject"]["language"]);
     //set user skin and style
     $sknst = explode(":", $_POST["Fobject"]["skin_style"]);
     if ($this->object->getPref("style") != $sknst[1] || $this->object->getPref("skin") != $sknst[0]) {
         $this->object->setPref("skin", $sknst[0]);
         $this->object->setPref("style", $sknst[1]);
     }
     // set hits per pages
     $this->object->setPref("hits_per_page", $_POST["Fobject"]["hits_per_page"]);
     // set show users online
     $this->object->setPref("show_users_online", $_POST["Fobject"]["show_users_online"]);
     // set hide_own_online_status
     if ($_POST["Fobject"]["hide_own_online_status"]) {
         $this->object->setPref("hide_own_online_status", $_POST["Fobject"]["hide_own_online_status"]);
     } else {
         $this->object->setPref("hide_own_online_status", "n");
     }
     $this->update = $this->object->update();
     //$rbacadmin->updateDefaultRole($_POST["Fobject"]["default_role"], $this->object->getId());
     // BEGIN DiskQuota: Remember the state of the "send info mail" checkbox
     global $ilUser;
     $ilUser->setPref('send_info_mails', $_POST['send_mail'] == 'y' ? 'y' : 'n');
     $ilUser->writePrefs();
     // END DiskQuota: Remember the state of the "send info mail" checkbox
     $mail_message = $this->__sendProfileMail();
     $msg = $this->lng->txt('saved_successfully') . $mail_message;
     // feedback
     ilUtil::sendSuccess($msg, true);
     if (strtolower($_GET["baseClass"]) == 'iladministrationgui') {
         $this->ctrl->redirectByClass("ilobjuserfoldergui", "view");
     } else {
         $this->ctrl->redirectByClass('ilobjcategorygui', 'listUsers');
     }
 }