* Contact address: GUnet Asynchronous eLearning Group,
* Network Operations Center, University of Athens,
* Panepistimiopolis Ilissia, 15784, Athens, Greece
* e-mail: info@openeclass.org
* ======================================================================== */
include '../../include/baseTheme.php';
include 'auth.inc.php';
$user_registration = get_config('user_registration');
$eclass_prof_reg = get_config('eclass_prof_reg');
$alt_auth_prof_reg = get_config('alt_auth_prof_reg');
$eclass_stud_reg = get_config('eclass_stud_reg');
// student registration via eclass
$alt_auth_stud_reg = get_config('alt_auth_stud_reg');
//user registration via alternative auth methods
$pageName = $langNewUser;
$auth = get_auth_active_methods();
if ($user_registration) {
// student registration
if ($eclass_stud_reg != FALSE or $alt_auth_stud_reg != FALSE) {
$tool_content .= "<table class='table table-striped table-bordered table-hover'>";
$tool_content .= "<tr><th width='160'>{$langOfStudent}</th></tr>";
if ($eclass_stud_reg == 2) {
// allow student registration via eclass
$tool_content .= "<tr><td><a href='newuser.php'>{$langUserAccountInfo2}</a></td></tr>";
} elseif ($eclass_stud_reg == 1) {
// allow student registration via request
$tool_content .= "<tr><td><a href='formuser.php'>{$langUserAccountInfo1}</a></td></tr>";
}
if (count($auth) > 1 and $alt_auth_stud_reg != FALSE) {
// allow user registration via alt auth methods
if ($alt_auth_stud_reg == 2) {
function process_login()
{
global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails;
if (isset($_POST['uname'])) {
$posted_uname = canonicalize_whitespace($_POST['uname']);
} else {
$posted_uname = '';
}
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$auth = get_auth_active_methods();
$is_eclass_unique = is_eclass_unique();
if (isset($_POST['submit'])) {
unset($_SESSION['uid']);
$auth_allow = 0;
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$auth_allow = 8;
} else {
$sqlLogin = "******";
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname);
//print_r($result);
// cas might have alternative authentication defined
$exists = 0;
if (!isset($_COOKIE) or count($_COOKIE) == 0) {
// Disallow login when cookies are disabled
$auth_allow = 5;
} elseif ($pass === '') {
// Disallow login with empty password
$auth_allow = 4;
} else {
if ($myrow) {
$exists = 1;
if (!empty($auth)) {
if (in_array($myrow->password, $auth_ids)) {
// alternate methods login
$auth_allow = alt_login($myrow, $posted_uname, $pass);
} else {
// eclass login
$auth_allow = login($myrow, $posted_uname, $pass);
}
} else {
$tool_content .= "<br>{$langInvalidAuth}<br>";
}
}
}
if (!$exists and !$auth_allow) {
Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass));
$auth_allow = 4;
}
}
if (!isset($_SESSION['uid'])) {
switch ($auth_allow) {
case 1:
$warning .= "";
session_regenerate_id();
break;
case 2:
$warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
break;
case 3:
$warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>";
break;
case 4:
$warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
increaseLoginFailure();
break;
case 5:
$warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>";
break;
case 6:
$warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>";
break;
case 7:
$warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>";
break;
case 8:
$warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>";
break;
default:
break;
}
} else {
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')");
if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
$next = "modules/auth/mail_verify_change.php";
} elseif (isset($_POST['next'])) {
$next = $_POST['next'];
} else {
$next = '';
}
resetLoginFailure();
redirect_to_home_page($next);
}
}
// end of user authentication
}
$newpass = '******';
} else {
$newpass = $auth_ids[$auth];
}
$tool_content .= "</div>";
Database::get()->query("UPDATE user SET password = ?s WHERE id = ?s", $newpass, $u);
$info->password = $newpass;
}
// change user authentication method
if (isset($_GET['edit']) and $_GET['edit'] = 'auth') {
$navigation[] = array('url' => "$_SERVER[SCRIPT_NAME]?u=$u", 'name' => $langEditUser);
$pageName = "$langEditAuth ". q($info->username);
$current_auth = 1;
$auth_names[1] = get_auth_info(1);
foreach (get_auth_active_methods() as $auth) {
if($auth < 8) {
$auth_names[$auth] = get_auth_info($auth);
if ($info->password == $auth_ids[$auth]) {
$current_auth = $auth;
}
}
}
$tool_content .= "<div class='form-wrapper'>
<form class='form-horizontal' role='form' method='post' action='$_SERVER[SCRIPT_NAME]'>
<fieldset>
<div class='form-group'>
<label class='col-sm-2 control-label'>$langEditAuthMethod:</label>
<div class='col-sm-10'>" . selection($auth_names, 'auth', intval($current_auth), "class='form-control'") . "</div>
</div>
<div class='col-sm-offset-2 col-sm-10'>
Session::Messages(($q? $langActSuccess: $langDeactSuccess) . get_auth_info($auth), 'alert-success');
}
redirect_to_home_page('modules/admin/auth.php');
} elseif (isset($_GET['p'])) {// modify primary authentication method
if ($_GET['p'] == 1) {
Database::get()->query("UPDATE auth SET auth_default = 1 WHERE auth_default <> 0");
Database::get()->query("UPDATE auth SET auth_default = 2 WHERE auth_id = ?d", $auth);
Session::Messages($langPrimaryAuthTypeChanged, 'alert-success');
} else {
Database::get()->query("UPDATE auth SET auth_default = 1 WHERE auth_id = ?d", $auth);
Session::Messages($langSecondaryAuthTypeChanged, 'alert-success');
}
redirect_to_home_page('modules/admin/auth.php');
}
} else {
$auth_active_ids = get_auth_active_methods();
$tool_content .= "<div class='alert alert-info'><label>$langMethods</label><ul>";
foreach ($auth_ids as $auth_id => $auth_name) {
$auth_count = count_auth_users($auth_id);
$auth_active = in_array($auth_id, $auth_active_ids);
if ($auth_count > 0 or $auth_active) {
$auth_search_link = ($auth_count == 0)? '0':
"<a href='listusers.php?fname=&lname=&am=&user_type=0&auth_type=$auth_id&reg_flag=1&user_registered_at=&verified_mail=3&email=&uname=&department=0'>$auth_count</a>";
if ($auth_id != 1 and $auth_count > 0) {
$auth_change_link = " - <a href='auth_change.php?auth=$auth_id'>$langAuthChangeUser</a>";
} else {
$auth_change_link = '';
}
if (!$auth_active) {
$auth_warn = "<br><span class='label label-warning'>$langAuthWarnInactive</span>";
} else {
}
$tool_content .= "<div class='form-wrapper'>
<form class='form-horizontal' role='form' action='$_SERVER[SCRIPT_NAME]$params' method='post' onsubmit='return validateNodePickerForm();'>
<fieldset>";
formGroup('givenname_form', $langName,
"<input class='form-control' id='givenname_form' type='text' name='givenname_form'" .
getValue('givenname_form', $pn) . " placeholder='$langName'>");
formGroup('surname_form', $langSurname,
"<input class='form-control' id='surname_form' type='text' name='surname_form'" .
getValue('surname_form', $ps) . " placeholder='$langSurname'>");
formGroup('uname_form', $langUsername,
"<input class='form-control' id='Username' type='text' name='uname_form'" .
getValue('uname_form', $pu) . " autocomplete='off' placeholder='$langUsername'>");
$active_auth_methods = get_auth_active_methods();
$eclass_method_unique = count($active_auth_methods) == 1 && $active_auth_methods[0] == 1;
$verified_mail_data = array(0 => $m['pending'], 1 => $m['yes'], 2 => $m['no']);
$nodePickerParams = array(
'params' => 'name="department"',
'defaults' => $depid,
'tree' => null,
'where' => "AND node.allow_user = true",
'multiple' => false);
if (isDepartmentAdmin()) {
$nodePickerParams['allowables'] = $user->getDepartmentIds($uid);
}
list($tree_js, $tree_html) = $tree->buildNodePicker($nodePickerParams);
$head_content .= $tree_js;
function hybridauth_login() {
//this is needed so as to include the HybridAuth error codes
global $language, $language_codes, $siteName, $Institution, $InstitutionUrl;
if (isset($language)) {
// include_messages
include "lang/$language/common.inc.php";
$extra_messages = "config/{$language_codes[$language]}.inc.php";
if (file_exists($extra_messages)) {
include $extra_messages;
} else {
$extra_messages = false;
}
include "lang/$language/messages.inc.php";
if ($extra_messages) {
include $extra_messages;
}
}
// end HybridAuth messages inclusion
global $warning;
// include HubridAuth libraries
require_once 'modules/auth/methods/hybridauth/config.php';
require_once 'modules/auth/methods/hybridauth/Hybrid/Auth.php';
$config = get_hybridauth_config();
// check for errors and whatnot
$warning = '';
if (isset($_GET['error'])) {
Session::Messages(q(trim(strip_tags($_GET['error']))));
}
// if user select a provider to login with
// then inlcude hybridauth config and main class
// then try to authenticate te current user
// finally redirect him to his profile page
if (isset($_GET['provider'])) {
try {
// create an instance for Hybridauth with the configuration file path as parameter
$hybridauth = new Hybrid_Auth($config);
// set selected provider name
$provider = @trim(strip_tags($_GET["provider"]));
// try to authenticate the selected $provider
$adapter = $hybridauth->authenticate( $provider );
// grab the user profile
$user_data = $adapter->getUserProfile();
//user profile debug print
//echo $user_data->displayName;
//echo $user_data->email;
//echo $user_data->photoURL;
//echo $user_data->identifier;
} catch (Exception $e) {
// In case we have errors 6 or 7, then we have to use Hybrid_Provider_Adapter::logout() to
// let hybridauth forget all about the user so we can try to authenticate again.
// Display the recived error,
// to know more please refer to Exceptions handling section on the userguide
switch($e->getCode()) {
case 0: Session::Messages($GLOBALS['langProviderError1']); break;
case 1: Session::Messages($GLOBALS['langProviderError2']); break;
case 2: Session::Messages($GLOBALS['langProviderError3']); break;
case 3: Session::Messages($GLOBALS['langProviderError4']); break;
case 4: Session::Messages($GLOBALS['langProviderError5']); break;
case 5: Session::Messages($GLOBALS['langProviderError6']); break;
case 6: Session::Messages($GLOBALS['langProviderError7']); $adapter->logout(); break;
case 7: Session::Messages($GLOBALS['langProviderError8']); $adapter->logout(); break;
}
// debug messages for hybridauth errors
//$warning .= "<br /><br /><b>Original error message:</b> " . $e->getMessage();
//$warning .= "<hr /><pre>Trace:<br />" . $e->getTraceAsString() . "</pre>";
return false;
}
} //endif( isset( $_GET["provider"] ) && $_GET["provider"] )
// *****************************
// from here on runs an alternative version of proccess_login() where
// instead of a password, the provider user id is used and matched against
// the corresponding field in the db table.
global $surname, $givenname, $email, $status, $is_admin, $language,
$langInvalidId, $langAccountInactive1, $langAccountInactive2,
$langNoCookies, $langEnterPlatform, $urlServer, $langHere,
$auth_ids, $inactive_uid, $langTooManyFails;
$pass = $user_data->identifier; //password = provider user id
$auth = get_auth_active_methods();
//$is_eclass_unique = is_eclass_unique();
unset($_SESSION['uid']);
$auth_allow = 0;
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
AND COUNT > " . intval(get_config('login_fail_threshold')) . "
AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$auth_allow = 8;
} else {
$auth_id = array_search(strtolower($provider), $auth_ids);
$myrow = Database::get()->querySingle("SELECT user.id, surname,
givenname, password, username, status, email, lang,
verified_mail, uid
FROM user, user_ext_uid
WHERE user.id = user_ext_uid.user_id AND
user_ext_uid.auth_id = ?d AND
user_ext_uid.uid = ?s",
$auth_id, $user_data->identifier);
$exists = 0;
if (!isset($_COOKIE) or count($_COOKIE) == 0) {
// Disallow login when cookies are disabled
$auth_allow = 5;
} elseif ($myrow) {
$exists = 1;
if (!empty($auth)) {
if (in_array($myrow->password, $auth_ids)) {
// alternate methods login
//$auth_allow = alt_login($myrow, $provider, $pass); //this should NOT be called during HybridAuth!
} else {
// eclass login
$auth_allow = login($myrow, $provider, $pass, $provider);
}
} else {
$tool_content .= "<br>$langInvalidAuth<br>";
}
}
if (!$exists and !$auth_allow) {
// Since HybridAuth was used and there is not user id matched in the db, send the user to the registration form.
header('Location: ' . $urlServer . 'modules/auth/registration.php?provider=' . $provider);
// from this point and on, the code does not need to run since the user is redirected to the registration page
$auth_allow = 4;
}
}
if (!isset($_SESSION['uid'])) {
switch ($auth_allow) {
case 1:
session_regenerate_id();
break;
case 2:
$warning .= "<p class='alert alert-warning'>$langInvalidId</p>";
break;
case 3:
$warning .= "<p class='alert alert-warning'>$langAccountInactive1 " .
"<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" .
token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></p>";
break;
case 4:
$warning .= "<p class='alert alert-warning'>$langInvalidId</p>";
increaseLoginFailure();
break;
case 5:
$warning .= "<p class='alert alert-warning'>$langNoCookies</p>";
break;
case 6:
$warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></p>";
break;
case 7:
$warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></p>";
break;
case 8:
$warning .= "<p class='alert alert-danger''>$langTooManyFails</p>";
break;
}
} else {
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) "
. "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')");
if (get_config('email_verification_required') and
get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
$next = "modules/auth/mail_verify_change.php";
} elseif (isset($_POST['next'])) {
$next = $_POST['next'];
} else {
$next = '';
}
resetLoginFailure();
redirect_to_home_page($next);
}
}
