} } } } else { // handle reloads on auth_process.php after authentication check // also handles requests with empty $auth // without this, a form with just username/password is displayed if (!$auth) { redirect_to_home_page('modules/admin/auth.php'); } $pageName = get_auth_info($auth); // get authentication settings if ($auth != 6) { $auth_data = get_auth_settings($auth); } // display form $tool_content .= "<div class='form-wrapper'> <form class='form-horizontal' name='authmenu' method='post' action='$_SERVER[SCRIPT_NAME]'> <fieldset> <input type='hidden' name='auth' value='" . intval($auth) . "'>"; if (!empty($_SESSION['cas_warn']) && $_SESSION['cas_do']) { $auth = 7; $tool_content .= "<div class='alert alert-warning'>$langCASnochange</div>"; } switch ($auth) { case 1: $tool_content .= eclass_auth_form($auth_data['auth_title'], $auth_data['auth_instructions']); break; case 2: require_once 'modules/auth/methods/pop3form.php';
if ($auth != 7 and $auth != 6 and ($uname === '' or $passwd === '')) { $tool_content .= "<div class='alert alert-danger'>{$ldapempty} {$errormessage}</div>"; draw($tool_content, 0); exit; } else { // try to authenticate user $auth_method_settings = get_auth_settings($auth); if ($auth == 6) { redirect_to_home_page('secure/index_reg.php' . ($prof ? '?p=1' : '')); } $is_valid = auth_user_login($auth, $uname, $passwd, $auth_method_settings); } if ($auth == 7) { if (phpCAS::checkAuthentication()) { $uname = phpCAS::getUser(); $cas = get_auth_settings($auth); // store CAS released attributes in $GLOBALS['auth_user_info'] get_cas_attrs(phpCAS::getAttributes(), $cas); if (!empty($uname)) { $is_valid = true; } } } } if ($is_valid) { // connection successful $_SESSION['was_validated'] = array('auth' => $auth, 'uname' => $uname, 'uname_exists' => user_exists($uname)); if (isset($GLOBALS['auth_user_info'])) { $_SESSION['was_validated']['auth_user_info'] = $GLOBALS['auth_user_info']; } } else {
} foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } // include HubridAuth libraries require_once 'modules/auth/methods/hybridauth/config.php'; require_once 'modules/auth/methods/hybridauth/Hybrid/Auth.php'; $config = get_hybridauth_config(); $hybridauth = new Hybrid_Auth( $config ); $hybridauth->logoutAllProviders(); session_destroy(); $uid = 0; if (defined('CAS')) { $cas = get_auth_settings(7); if (isset($cas['cas_ssout']) and intval($cas['cas_ssout']) === 1) { phpCAS::client(SAML_VERSION_1_1, $cas['cas_host'], intval($cas['cas_port']), $cas['cas_context'], FALSE); phpCAS::logoutWithRedirectService($urlServer); } } } // if the user logged in include the correct language files // in case he has a different language set in his/her profile if (isset($language)) { // include_messages include "lang/$language/common.inc.php"; $extra_messages = "config/{$language_codes[$language]}.inc.php"; if (file_exists($extra_messages)) { include $extra_messages;
function alt_login($user_info_object, $uname, $pass) { global $warning, $auth_ids; $auth = array_search($user_info_object->password, $auth_ids); $auth_method_settings = get_auth_settings($auth); $auth_allow = 1; // a CAS user might enter a username/password in the form, instead of doing CAS login // check auth according to the defined alternative authentication method of CAS if ($auth == 7) { $cas = explode('|', $auth_method_settings['auth_settings']); $cas_altauth = intval(str_replace('cas_altauth=', '', $cas[7])); // check if alt auth is valid and active if ($cas_altauth > 0 && check_auth_active($cas_altauth)) { $auth = $cas_altauth; // fetch settings of alt auth $auth_method_settings = get_auth_settings($auth); } else { return 7; // Redirect to CAS login } } if ($auth == 6) { return 6; // Redirect to Shibboleth login } if ($user_info_object->password == $auth_method_settings['auth_name'] || !empty($cas_altauth)) { $is_valid = auth_user_login($auth, $uname, $pass, $auth_method_settings); if ($is_valid) { $is_active = check_activity($user_info_object->id); // check for admin privileges $admin_rights = get_admin_rights($user_info_object->id); if ($admin_rights == ADMIN_USER) { $is_active = 1; // admin user is always active $_SESSION['is_admin'] = 1; } elseif ($admin_rights == POWER_USER) { $_SESSION['is_power_user'] = 1; } elseif ($admin_rights == USERMANAGE_USER) { $_SESSION['is_usermanage_user'] = 1; } elseif ($admin_rights == DEPARTMENTMANAGE_USER) { $_SESSION['is_departmentmanage_user'] = 1; } if (!empty($is_active)) { $auth_allow = 1; } else { $auth_allow = 3; $user = $user_info_object->id; } } else { $auth_allow = 2; // log invalid logins Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $uname, 'pass' => $pass)); } if ($auth_allow == 1) { $_SESSION['uid'] = $user_info_object->id; $_SESSION['uname'] = $user_info_object->username; // if ldap entries have changed update database if (!empty($auth_user_info['firstname']) and !empty($auth_user_info['lastname']) and ($user_info_object->givenname != $auth_user_info['firstname'] or $user_info_object->surname != $auth_user_info['lastname'])) { Database::get()->query("UPDATE user SET givenname = '" . $auth_user_info['firstname'] . "',\n surname = '" . $auth_user_info['lastname'] . "'\n WHERE id = " . $user_info_object->id . ""); $_SESSION['surname'] = $auth_user_info['firstname']; $_SESSION['givenname'] = $auth_user_info['lastname']; } else { $_SESSION['surname'] = $user_info_object->surname; $_SESSION['givenname'] = $user_info_object->givenname; } $_SESSION['status'] = $user_info_object->status; $_SESSION['email'] = $user_info_object->email; $GLOBALS['language'] = $_SESSION['langswitch'] = $user_info_object->lang; } } else { $warning .= "<br>{$langInvalidAuth}<br>"; } return $auth_allow; }