/**
* migrate account
*
* @access public
*
*/
public function migrateAccount()
{
global $lng, $ilClientIniFile, $ilLog, $rbacadmin;
$lng->loadLanguageModule('auth');
if (!isset($_POST['account_migration'])) {
$this->showAccountMigration($lng->txt('err_choose_migration_type'));
return false;
}
if ($_POST['account_migration'] == 1 and (!strlen($_POST['mig_username']) or !strlen($_POST['mig_password']))) {
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
if ($_POST['account_migration'] == 1) {
if (!($user_id = ilObjUser::_lookupId(ilUtil::stripSlashes($_POST['mig_username'])))) {
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
$_POST['username'] = $_POST['mig_username'];
$_POST['password'] = $_POST['mig_password'];
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$ilAuth = ilAuthFactory::factory(new ilAuthContainerMDB2());
$ilAuth->start();
if (!$ilAuth->checkAuth()) {
$ilAuth->logout();
$this->showAccountMigration($lng->txt('err_wrong_login'));
return false;
}
$user = new ilObjUser($user_id);
$user->setAuthMode(ilSession::get('tmp_auth_mode'));
$user->setExternalAccount(ilSession::get('tmp_external_account'));
$user->setActive(true);
$user->update();
// Assign to default role
if (is_array(ilSession::get('tmp_roles'))) {
foreach (ilSession::get('tmp_roles') as $role) {
$rbacadmin->assignUser((int) $role, $user->getId());
}
}
// Log migration
$ilLog->write(__METHOD__ . ': Migrated ' . ilSession::get('tmp_external_account') . ' to ILIAS account ' . $user->getLogin() . '.');
} elseif ($_POST['account_migration'] == 2) {
switch (ilSession::get('tmp_auth_mode')) {
case 'apache':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once 'Services/AuthApache/classes/class.ilAuthContainerApache.php';
$container = new ilAuthContainerApache();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'ldap':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once 'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
$container = new ilAuthContainerLDAP();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'radius':
$_POST['username'] = ilSession::get('tmp_external_account');
$_POST['password'] = ilSession::get('tmp_pass');
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
$container = new ilAuthContainerRadius();
$container->forceCreation(true);
$ilAuth = ilAuthFactory::factory($container);
$ilAuth->start();
break;
case 'openid':
$_POST['username'] = ilSession::get('dummy');
$_POST['password'] = ilSession::get('dummy');
$_POST['oid_username'] = ilSession::get('tmp_oid_username');
$_POST['oid_provider'] = ilSession::get('tmp_oid_provider');
//ilSession::set('force_creation', true);
include_once './Services/Authentication/classes/class.ilAuthFactory.php';
include_once './Services/OpenId/classes/class.ilAuthContainerOpenId.php';
$container = new ilAuthContainerOpenId();
$container->forceCreation(true);
ilAuthFactory::setContext(ilAuthFactory::CONTEXT_OPENID);
include_once './Services/OpenId/classes/class.ilAuthOpenId.php';
$ilAuth = ilAuthFactory::factory($container);
// logout first to initiate a new login session
$ilAuth->logout();
ilSession::_destroy(session_id());
ilSession::set('force_creation', true);
$ilAuth->start();
}
// Redirect to acceptance
ilUtil::redirect("ilias.php?baseClass=ilStartUpGUI&cmdClass=ilstartupgui&target=" . $_GET["target"] . "&cmd=getAcceptance");
}
// show personal desktop
ilUtil::redirect('ilias.php?baseClass=ilPersonalDesktopGUI');
}
/**
* Creates a user, sets preferences, lookups data, delete user
* @group IL_Init
*/
public function testCreateSetLookupDelete()
{
include_once "./Services/User/classes/class.ilObjUser.php";
// delete all aatestuser from previous runs
while (($i = ilObjUser::_lookupId("aatestuser")) > 0) {
$user = new ilObjUser($i);
$user->delete();
}
$user = new ilObjUser();
// creation
$d = array("login" => "aatestuser", "passwd_type" => IL_PASSWD_PLAIN, "passwd" => "password", "gender" => "m", "firstname" => "Max", "lastname" => "Mutzke", "email" => "*****@*****.**", "client_ip" => "1.2.3.4", "ext_account" => "ext_mutzke");
$user->assignData($d);
$user->create();
$user->saveAsNew();
$user->setLanguage("no");
$user->writePrefs();
$id = $user->getId();
$value .= $user->getFirstname() . "-";
// update
$user->setFirstname("Maxi");
$user->update();
$value .= $user->getFirstname() . "-";
// other update methods
$user->refreshLogin();
// lookups
$value .= ilObjUser::_lookupEmail($id) . "-";
$value .= ilObjUser::_lookupGender($id) . "-";
$value .= ilObjUser::_lookupClientIP($id) . "-";
$n = ilObjUser::_lookupName($id);
$value .= $n["lastname"] . "-";
ilObjUser::_lookupFields($id);
$value .= ilObjUser::_lookupLogin($id) . "-";
$value .= ilObjUser::_lookupExternalAccount($id) . "-";
$value .= ilObjUser::_lookupId("aatestuser") . "-";
ilObjUser::_lookupLastLogin($id);
$value .= ilObjUser::_lookupLanguage($id) . "-";
ilObjUser::_readUsersProfileData(array($id));
if (ilObjUser::_loginExists("aatestuser")) {
$value .= "le-";
}
// preferences...
$user->writePref("testpref", "pref1");
$value .= ilObjUser::_lookupPref($id, "testpref") . "-";
$user->deletePref("testpref");
if (ilObjUser::_lookupPref($id, "testpref") == "") {
$value .= "pref2" . "-";
}
// activation
$user->setActive(false);
if (!ilObjUser::getStoredActive($id)) {
}
$value .= "act1-";
$user->setActive(true);
if (ilObjUser::getStoredActive($id)) {
}
$value .= "act2-";
ilObjUser::_toggleActiveStatusOfUsers(array($id), false);
if (!ilObjUser::getStoredActive($id)) {
}
$value .= "act3-";
// deletion
$user->delete();
$this->assertEquals("Max-Maxi-de@de.de-m-1.2.3.4-Mutzke-aatestuser-ext_mutzke-{$id}-no-le-" . "pref1-pref2-act1-act2-act3-", $value);
}
/** Reads the submitted data from the password assistance form.
*
* The following form fields are read as HTTP POST parameters:
* key
* username
* password1
* password2
*
* The key is used to retrieve the password assistance session.
* If the key is missing, or if the password assistance session has expired, the
* password assistance form will be shown instead of this form.
*
* If the password assistance session is valid, and if the username matches the
* username, for which the password assistance has been requested, and if the
* new password is valid, ILIAS assigns the password to the user.
*
* Note: To prevent replay attacks, the session is deleted when the
* password has been assigned successfully.
*/
function submitAssignPasswordForm()
{
global $tpl, $ilias, $lng, $rbacadmin, $rbacreview;
require_once "include/inc.pwassist_session_handler.php";
// Retrieve form data
$pwassist_id = ilUtil::stripSlashes($_POST["key"]);
$username = ilUtil::stripSlashes($_POST["username"]);
$password1 = ilUtil::stripSlashes($_POST["password1"]);
$password2 = ilUtil::stripSlashes($_POST["password2"]);
// Retrieve the session
$pwassist_session = db_pwassist_session_read($pwassist_id);
if (count($pwassist_session) == 0 || $pwassist_session["expires"] < time()) {
$this->showAssistanceForm($lng->txt("pwassist_session_expired"));
} else {
$is_successful = true;
$message = "";
$userObj = new ilObjUser($pwassist_session["user_id"]);
// Validate the entries of the user
// ----------------------------------
// check if the user still exists
if ($userObj == null) {
$message = $lng->txt("user_does_not_exist");
$is_successful = false;
}
// check if the username entered by the user matches the
// one of the user object.
if ($is_successful && strcasecmp($userObj->getLogin(), $username) != 0) {
$message = $lng->txt("pwassist_login_not_match");
$is_successful = false;
}
// check if the user entered the password correctly into the
// two entry fields.
if ($is_successful && $password1 != $password2) {
$message = $lng->txt("passwd_not_match");
$is_successful = false;
}
// validate the password
if ($is_successful && !ilUtil::isPassword($password1)) {
$message = $lng->txt("passwd_invalid");
$is_successful = false;
}
// End of validation
// If the validation was successful, we change the password of the
// user.
// ------------------
if ($is_successful) {
$is_successful = $userObj->resetPassword($password1, $password2);
if (!$is_successful) {
$message = $lng->txt("passwd_invalid");
}
}
// If we are successful so far, we update the user object.
// ------------------
if ($is_successful) {
$is_successfull = $userObj->update();
if (!$is_successful) {
$message = $lng->txt("update_error");
}
}
// If we are successful, we destroy the password assistance
// session and redirect to the login page.
// Else we display the form again along with an error message.
// ------------------
if ($is_successful) {
db_pwassist_session_destroy($pwassist_id);
$this->showMessageForm(null, sprintf($lng->txt("pwassist_password_assigned"), $username));
} else {
$this->showAssignPasswordForm($message, $username, $password1, $password2, $pwassist_id);
}
}
}
/**
* Login function
*
* @access private
* @return void
*/
function login()
{
global $ilias, $rbacadmin, $ilSetting;
if (!empty($_SERVER[$ilias->getSetting('shib_login')])) {
// Store user's Shibboleth sessionID for logout
$this->session['shibboleth_session_id'] = $_SERVER['Shib-Session-ID'];
// Get loginname of user, new login name is generated if user is new
$username = $this->generateLogin();
// Authorize this user
$this->setAuth($username);
$userObj = new ilObjUser();
// Check wether this account exists already, if not create it
if (!ilObjUser::getUserIdByLogin($username)) {
$newUser["firstname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]);
$newUser["lastname"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]);
$newUser["login"] = $username;
// Password must be random to prevent users from manually log in using the login data from Shibboleth users
$newUser["passwd"] = md5(end(ilUtil::generatePasswords(1)));
$newUser["passwd_type"] = IL_PASSWD_MD5;
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$newUser["gender"] = $_SERVER[$ilias->getSetting('shib_gender')];
}
// Save mapping between ILIAS user and Shibboleth uniqueID
$newUser["ext_account"] = $_SERVER[$ilias->getSetting('shib_login')];
// other data
$newUser["title"] = $_SERVER[$ilias->getSetting('shib_title')];
$newUser["institution"] = $_SERVER[$ilias->getSetting('shib_institution')];
$newUser["department"] = $_SERVER[$ilias->getSetting('shib_department')];
$newUser["street"] = $_SERVER[$ilias->getSetting('shib_street')];
$newUser["city"] = $_SERVER[$ilias->getSetting('shib_city')];
$newUser["zipcode"] = $_SERVER[$ilias->getSetting('shib_zipcode')];
$newUser["country"] = $_SERVER[$ilias->getSetting('shib_country')];
$newUser["phone_office"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]);
$newUser["phone_home"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]);
$newUser["phone_mobile"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]);
$newUser["fax"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_fax')]);
$newUser["matriculation"] = $_SERVER[$ilias->getSetting('shib_matriculation')];
$newUser["email"] = $this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]);
$newUser["hobby"] = $_SERVER[$ilias->getSetting('shib_hobby')];
$newUser["auth_mode"] = "shibboleth";
// system data
$userObj->assignData($newUser);
$userObj->setTitle($userObj->getFullname());
$userObj->setDescription($userObj->getEmail());
$userObj->setLanguage($this->getFirstString($_SERVER[$ilias->getSetting('shib_language')]));
// Time limit
$userObj->setTimeLimitOwner(7);
$userObj->setTimeLimitUnlimited(1);
$userObj->setTimeLimitFrom(time());
$userObj->setTimeLimitUntil(time());
// Modify user data before creating the user
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
// Create use in DB
$userObj->create();
$userObj->setActive(1);
$userObj->updateOwner();
//insert user data in table user_data
$userObj->saveAsNew();
// store acceptance of user agreement
//$userObj->writeAccepted();
// Default prefs
$userObj->setPref('hits_per_page', $ilSetting->get('hits_per_page', 30));
$userObj->setPref('show_users_online', $ilSetting->get('show_users_online', 'y'));
// setup user preferences
$userObj->writePrefs();
//set role entries
#$rbacadmin->assignUser($ilias->getSetting('shib_user_default_role'), $userObj->getId(),true);
// New role assignment
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::doAssignments($userObj->getId(), $_SERVER);
// Authorize this user
$this->setAuth($userObj->getLogin());
} else {
// Update user account
$uid = $userObj->checkUserId();
$userObj->setId($uid);
$userObj->read($uid);
if ($ilias->getSetting('shib_update_gender') && ($_SERVER[$ilias->getSetting('shib_gender')] == 'm' || $_SERVER[$ilias->getSetting('shib_gender')] == 'f')) {
$userObj->setGender($_SERVER[$ilias->getSetting('shib_gender')]);
}
if ($ilias->getSetting('shib_update_title')) {
$userObj->setTitle($_SERVER[$ilias->getSetting('shib_title')]);
}
$userObj->setFirstname($this->getFirstString($_SERVER[$ilias->getSetting('shib_firstname')]));
$userObj->setLastname($this->getFirstString($_SERVER[$ilias->getSetting('shib_lastname')]));
$userObj->setFullname();
if ($ilias->getSetting('shib_update_institution')) {
$userObj->setInstitution($_SERVER[$ilias->getSetting('shib_institution')]);
}
if ($ilias->getSetting('shib_update_department')) {
$userObj->setDepartment($_SERVER[$ilias->getSetting('shib_department')]);
}
if ($ilias->getSetting('shib_update_street')) {
$userObj->setStreet($_SERVER[$ilias->getSetting('shib_street')]);
}
if ($ilias->getSetting('shib_update_city')) {
$userObj->setCity($_SERVER[$ilias->getSetting('shib_city')]);
}
if ($ilias->getSetting('shib_update_zipcode')) {
$userObj->setZipcode($_SERVER[$ilias->getSetting('shib_zipcode')]);
}
if ($ilias->getSetting('shib_update_country')) {
$userObj->setCountry($_SERVER[$ilias->getSetting('shib_country')]);
}
if ($ilias->getSetting('shib_update_phone_office')) {
$userObj->setPhoneOffice($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_office')]));
}
if ($ilias->getSetting('shib_update_phone_home')) {
$userObj->setPhoneHome($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_home')]));
}
if ($ilias->getSetting('shib_update_phone_mobile')) {
$userObj->setPhoneMobile($this->getFirstString($_SERVER[$ilias->getSetting('shib_phone_mobile')]));
}
if ($ilias->getSetting('shib_update_fax')) {
$userObj->setFax($_SERVER[$ilias->getSetting('shib_fax')]);
}
if ($ilias->getSetting('shib_update_matriculation')) {
$userObj->setMatriculation($_SERVER[$ilias->getSetting('shib_matriculation')]);
}
if ($ilias->getSetting('shib_update_email')) {
$userObj->setEmail($this->getFirstString($_SERVER[$ilias->getSetting('shib_email')]));
}
if ($ilias->getSetting('shib_update_hobby')) {
$userObj->setHobby($_SERVER[$ilias->getSetting('shib_hobby')]);
}
if ($ilias->getSetting('shib_update_language')) {
$userObj->setLanguage($_SERVER[$ilias->getSetting('shib_language')]);
}
// Include custom code that can be used to further modify
// certain Shibboleth user attributes
if ($ilias->getSetting('shib_data_conv') && $ilias->getSetting('shib_data_conv') != '' && is_readable($ilias->getSetting('shib_data_conv'))) {
include $ilias->getSetting('shib_data_conv');
}
$userObj->update();
// Update role assignments
include_once './Services/AuthShibboleth/classes/class.ilShibbolethRoleAssignmentRules.php';
ilShibbolethRoleAssignmentRules::updateAssignments($userObj->getId(), $_SERVER);
}
// we are authenticated: redirect, if possible
if ($_GET["target"] != "") {
ilUtil::redirect("goto.php?target=" . $_GET["target"] . "&client_id=" . CLIENT_ID);
}
} else {
// This should never occur unless Shibboleth is not configured properly
$this->status = AUTH_WRONG_LOGIN;
}
}
/**
* Extend account
* @param ilECSSetting $server
* @param ilObjUser $user
*/
protected static function extendAccount(ilECSSetting $settings, ilObjUser $user)
{
$end = new ilDateTime(time(), IL_CAL_UNIX);
$end->increment(IL_CAL_MONTH, $settings->getDuration());
$GLOBALS['ilLog']->write(__METHOD__ . ': account extension ' . (string) $end);
if ($user->getTimeLimitUntil() < $end->get(IL_CAL_UNIX)) {
$user->setTimeLimitUntil($end->get(IL_CAL_UNIX));
$user->update();
}
}
/**
* update existing user
*
* @access protected
*/
protected function updateUser(ilECSUser $user, $a_local_user_id)
{
global $ilClientIniFile, $ilLog, $rbacadmin;
$user_obj = new ilObjUser($a_local_user_id);
$user_obj->setFirstname($user->getFirstname());
$user_obj->setLastname($user->getLastname());
$user_obj->setEmail($user->getEmail());
$user_obj->setInstitution($user->getInstitution());
$user_obj->setActive(true);
$until = $user_obj->getTimeLimitUntil();
$user_obj->setTimeLimitFrom(time() - 5);
if ($until < time() + $ilClientIniFile->readVariable('session', 'expire')) {
$user_obj->setTimeLimitUntil(time() + $ilClientIniFile->readVariable("session", "expire"));
}
$user_obj->update();
$user_obj->refreshLogin();
if ($global_role = $this->getCurrentServer()->getGlobalRole()) {
$rbacadmin->assignUser($this->getCurrentServer()->getGlobalRole(), $user_obj->getId(), true);
}
$ilLog->write(__METHOD__ . ': Finished update of remote user with usr_id: ' . $user->getImportId());
return $user_obj->getLogin();
}
/**
* set user language
*/
function setUserLanguageObject()
{
$this->lng->loadLanguageModule("meta");
require_once './Services/User/classes/class.ilObjUser.php';
if (!isset($_POST["id"])) {
$this->ilias->raiseError($this->lng->txt("no_checkbox"), $this->ilias->error_obj->MESSAGE);
}
if (count($_POST["id"]) != 1) {
$this->ilias->raiseError($this->lng->txt("choose_only_one_language") . "<br/>" . $this->lng->txt("action_aborted"), $this->ilias->error_obj->MESSAGE);
}
$obj_id = $_POST["id"][0];
$newUserLangObj = new ilObjLanguage($obj_id);
if ($newUserLangObj->isUserLanguage()) {
$this->ilias->raiseError($this->lng->txt("meta_l_" . $newUserLangObj->getKey()) . " " . $this->lng->txt("is_already_your") . " " . $this->lng->txt("user_language") . "<br/>" . $this->lng->txt("action_aborted"), $this->ilias->error_obj->MESSAGE);
}
if ($newUserLangObj->isInstalled() == false) {
$this->ilias->raiseError($this->lng->txt("meta_l_" . $newUserLangObj->getKey()) . " " . $this->lng->txt("language_not_installed") . "<br/>" . $this->lng->txt("action_aborted"), $this->ilias->error_obj->MESSAGE);
}
$curUser = new ilObjUser($_SESSION["AccountId"]);
$curUser->setLanguage($newUserLangObj->getKey());
$curUser->update();
//$this->setUserLanguage($new_lang_key);
$this->data = $this->lng->txt("user_language") . " " . $this->lng->txt("changed_to") . " " . $this->lng->txt("meta_l_" . $newUserLangObj->getKey()) . ".";
$this->out();
}
