* Contact address: GUnet Asynchronous eLearning Group, * Network Operations Center, University of Athens, * Panepistimiopolis Ilissia, 15784, Athens, Greece * e-mail: info@openeclass.org * ======================================================================== */ include '../../include/baseTheme.php'; include 'auth.inc.php'; $user_registration = get_config('user_registration'); $eclass_prof_reg = get_config('eclass_prof_reg'); $alt_auth_prof_reg = get_config('alt_auth_prof_reg'); $eclass_stud_reg = get_config('eclass_stud_reg'); // student registration via eclass $alt_auth_stud_reg = get_config('alt_auth_stud_reg'); //user registration via alternative auth methods $pageName = $langNewUser; $auth = get_auth_active_methods(); if ($user_registration) { // student registration if ($eclass_stud_reg != FALSE or $alt_auth_stud_reg != FALSE) { $tool_content .= "<table class='table table-striped table-bordered table-hover'>"; $tool_content .= "<tr><th width='160'>{$langOfStudent}</th></tr>"; if ($eclass_stud_reg == 2) { // allow student registration via eclass $tool_content .= "<tr><td><a href='newuser.php'>{$langUserAccountInfo2}</a></td></tr>"; } elseif ($eclass_stud_reg == 1) { // allow student registration via request $tool_content .= "<tr><td><a href='formuser.php'>{$langUserAccountInfo1}</a></td></tr>"; } if (count($auth) > 1 and $alt_auth_stud_reg != FALSE) { // allow user registration via alt auth methods if ($alt_auth_stud_reg == 2) {
function process_login() { global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails; if (isset($_POST['uname'])) { $posted_uname = canonicalize_whitespace($_POST['uname']); } else { $posted_uname = ''; } $pass = isset($_POST['pass']) ? $_POST['pass'] : ''; $auth = get_auth_active_methods(); $is_eclass_unique = is_eclass_unique(); if (isset($_POST['submit'])) { unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $sqlLogin = "******"; if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname); //print_r($result); // cas might have alternative authentication defined $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($pass === '') { // Disallow login with empty password $auth_allow = 4; } else { if ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login $auth_allow = alt_login($myrow, $posted_uname, $pass); } else { // eclass login $auth_allow = login($myrow, $posted_uname, $pass); } } else { $tool_content .= "<br>{$langInvalidAuth}<br>"; } } } if (!$exists and !$auth_allow) { Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass)); $auth_allow = 4; } } if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: $warning .= ""; session_regenerate_id(); break; case 2: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; break; case 3: $warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>"; break; case 4: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; increaseLoginFailure(); break; case 5: $warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>"; break; case 6: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>"; break; case 7: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>"; break; case 8: $warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>"; break; default: break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = "modules/auth/mail_verify_change.php"; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } } // end of user authentication }
$newpass = '******'; } else { $newpass = $auth_ids[$auth]; } $tool_content .= "</div>"; Database::get()->query("UPDATE user SET password = ?s WHERE id = ?s", $newpass, $u); $info->password = $newpass; } // change user authentication method if (isset($_GET['edit']) and $_GET['edit'] = 'auth') { $navigation[] = array('url' => "$_SERVER[SCRIPT_NAME]?u=$u", 'name' => $langEditUser); $pageName = "$langEditAuth ". q($info->username); $current_auth = 1; $auth_names[1] = get_auth_info(1); foreach (get_auth_active_methods() as $auth) { if($auth < 8) { $auth_names[$auth] = get_auth_info($auth); if ($info->password == $auth_ids[$auth]) { $current_auth = $auth; } } } $tool_content .= "<div class='form-wrapper'> <form class='form-horizontal' role='form' method='post' action='$_SERVER[SCRIPT_NAME]'> <fieldset> <div class='form-group'> <label class='col-sm-2 control-label'>$langEditAuthMethod:</label> <div class='col-sm-10'>" . selection($auth_names, 'auth', intval($current_auth), "class='form-control'") . "</div> </div> <div class='col-sm-offset-2 col-sm-10'>
Session::Messages(($q? $langActSuccess: $langDeactSuccess) . get_auth_info($auth), 'alert-success'); } redirect_to_home_page('modules/admin/auth.php'); } elseif (isset($_GET['p'])) {// modify primary authentication method if ($_GET['p'] == 1) { Database::get()->query("UPDATE auth SET auth_default = 1 WHERE auth_default <> 0"); Database::get()->query("UPDATE auth SET auth_default = 2 WHERE auth_id = ?d", $auth); Session::Messages($langPrimaryAuthTypeChanged, 'alert-success'); } else { Database::get()->query("UPDATE auth SET auth_default = 1 WHERE auth_id = ?d", $auth); Session::Messages($langSecondaryAuthTypeChanged, 'alert-success'); } redirect_to_home_page('modules/admin/auth.php'); } } else { $auth_active_ids = get_auth_active_methods(); $tool_content .= "<div class='alert alert-info'><label>$langMethods</label><ul>"; foreach ($auth_ids as $auth_id => $auth_name) { $auth_count = count_auth_users($auth_id); $auth_active = in_array($auth_id, $auth_active_ids); if ($auth_count > 0 or $auth_active) { $auth_search_link = ($auth_count == 0)? '0': "<a href='listusers.php?fname=&lname=&am=&user_type=0&auth_type=$auth_id&reg_flag=1&user_registered_at=&verified_mail=3&email=&uname=&department=0'>$auth_count</a>"; if ($auth_id != 1 and $auth_count > 0) { $auth_change_link = " - <a href='auth_change.php?auth=$auth_id'>$langAuthChangeUser</a>"; } else { $auth_change_link = ''; } if (!$auth_active) { $auth_warn = "<br><span class='label label-warning'>$langAuthWarnInactive</span>"; } else {
} $tool_content .= "<div class='form-wrapper'> <form class='form-horizontal' role='form' action='$_SERVER[SCRIPT_NAME]$params' method='post' onsubmit='return validateNodePickerForm();'> <fieldset>"; formGroup('givenname_form', $langName, "<input class='form-control' id='givenname_form' type='text' name='givenname_form'" . getValue('givenname_form', $pn) . " placeholder='$langName'>"); formGroup('surname_form', $langSurname, "<input class='form-control' id='surname_form' type='text' name='surname_form'" . getValue('surname_form', $ps) . " placeholder='$langSurname'>"); formGroup('uname_form', $langUsername, "<input class='form-control' id='Username' type='text' name='uname_form'" . getValue('uname_form', $pu) . " autocomplete='off' placeholder='$langUsername'>"); $active_auth_methods = get_auth_active_methods(); $eclass_method_unique = count($active_auth_methods) == 1 && $active_auth_methods[0] == 1; $verified_mail_data = array(0 => $m['pending'], 1 => $m['yes'], 2 => $m['no']); $nodePickerParams = array( 'params' => 'name="department"', 'defaults' => $depid, 'tree' => null, 'where' => "AND node.allow_user = true", 'multiple' => false); if (isDepartmentAdmin()) { $nodePickerParams['allowables'] = $user->getDepartmentIds($uid); } list($tree_js, $tree_html) = $tree->buildNodePicker($nodePickerParams); $head_content .= $tree_js;
function hybridauth_login() { //this is needed so as to include the HybridAuth error codes global $language, $language_codes, $siteName, $Institution, $InstitutionUrl; if (isset($language)) { // include_messages include "lang/$language/common.inc.php"; $extra_messages = "config/{$language_codes[$language]}.inc.php"; if (file_exists($extra_messages)) { include $extra_messages; } else { $extra_messages = false; } include "lang/$language/messages.inc.php"; if ($extra_messages) { include $extra_messages; } } // end HybridAuth messages inclusion global $warning; // include HubridAuth libraries require_once 'modules/auth/methods/hybridauth/config.php'; require_once 'modules/auth/methods/hybridauth/Hybrid/Auth.php'; $config = get_hybridauth_config(); // check for errors and whatnot $warning = ''; if (isset($_GET['error'])) { Session::Messages(q(trim(strip_tags($_GET['error'])))); } // if user select a provider to login with // then inlcude hybridauth config and main class // then try to authenticate te current user // finally redirect him to his profile page if (isset($_GET['provider'])) { try { // create an instance for Hybridauth with the configuration file path as parameter $hybridauth = new Hybrid_Auth($config); // set selected provider name $provider = @trim(strip_tags($_GET["provider"])); // try to authenticate the selected $provider $adapter = $hybridauth->authenticate( $provider ); // grab the user profile $user_data = $adapter->getUserProfile(); //user profile debug print //echo $user_data->displayName; //echo $user_data->email; //echo $user_data->photoURL; //echo $user_data->identifier; } catch (Exception $e) { // In case we have errors 6 or 7, then we have to use Hybrid_Provider_Adapter::logout() to // let hybridauth forget all about the user so we can try to authenticate again. // Display the recived error, // to know more please refer to Exceptions handling section on the userguide switch($e->getCode()) { case 0: Session::Messages($GLOBALS['langProviderError1']); break; case 1: Session::Messages($GLOBALS['langProviderError2']); break; case 2: Session::Messages($GLOBALS['langProviderError3']); break; case 3: Session::Messages($GLOBALS['langProviderError4']); break; case 4: Session::Messages($GLOBALS['langProviderError5']); break; case 5: Session::Messages($GLOBALS['langProviderError6']); break; case 6: Session::Messages($GLOBALS['langProviderError7']); $adapter->logout(); break; case 7: Session::Messages($GLOBALS['langProviderError8']); $adapter->logout(); break; } // debug messages for hybridauth errors //$warning .= "<br /><br /><b>Original error message:</b> " . $e->getMessage(); //$warning .= "<hr /><pre>Trace:<br />" . $e->getTraceAsString() . "</pre>"; return false; } } //endif( isset( $_GET["provider"] ) && $_GET["provider"] ) // ***************************** // from here on runs an alternative version of proccess_login() where // instead of a password, the provider user id is used and matched against // the corresponding field in the db table. global $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails; $pass = $user_data->identifier; //password = provider user id $auth = get_auth_active_methods(); //$is_eclass_unique = is_eclass_unique(); unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND COUNT > " . intval(get_config('login_fail_threshold')) . " AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $auth_id = array_search(strtolower($provider), $auth_ids); $myrow = Database::get()->querySingle("SELECT user.id, surname, givenname, password, username, status, email, lang, verified_mail, uid FROM user, user_ext_uid WHERE user.id = user_ext_uid.user_id AND user_ext_uid.auth_id = ?d AND user_ext_uid.uid = ?s", $auth_id, $user_data->identifier); $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login //$auth_allow = alt_login($myrow, $provider, $pass); //this should NOT be called during HybridAuth! } else { // eclass login $auth_allow = login($myrow, $provider, $pass, $provider); } } else { $tool_content .= "<br>$langInvalidAuth<br>"; } } if (!$exists and !$auth_allow) { // Since HybridAuth was used and there is not user id matched in the db, send the user to the registration form. header('Location: ' . $urlServer . 'modules/auth/registration.php?provider=' . $provider); // from this point and on, the code does not need to run since the user is redirected to the registration page $auth_allow = 4; } } if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: session_regenerate_id(); break; case 2: $warning .= "<p class='alert alert-warning'>$langInvalidId</p>"; break; case 3: $warning .= "<p class='alert alert-warning'>$langAccountInactive1 " . "<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" . token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></p>"; break; case 4: $warning .= "<p class='alert alert-warning'>$langInvalidId</p>"; increaseLoginFailure(); break; case 5: $warning .= "<p class='alert alert-warning'>$langNoCookies</p>"; break; case 6: $warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></p>"; break; case 7: $warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></p>"; break; case 8: $warning .= "<p class='alert alert-danger''>$langTooManyFails</p>"; break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = "modules/auth/mail_verify_change.php"; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } }