/**
* init auth mode determinitation form
*
* @access protected
*/
protected function initAuthModeDetermination()
{
if (is_object($this->form)) {
return true;
}
// Are there any authentication methods that support automatic determination ?
include_once 'Services/Authentication/classes/class.ilAuthModeDetermination.php';
$det = ilAuthModeDetermination::_getInstance();
if ($det->getCountActiveAuthModes() <= 1) {
return false;
}
include_once './Services/Form/classes/class.ilPropertyFormGUI.php';
$this->form = new ilPropertyFormGUI();
$this->form->setFormAction($this->ctrl->getFormAction($this));
$this->form->setTableWidth('100%');
$this->form->setTitle($this->lng->txt('auth_auth_settings'));
$this->form->addCommandButton('updateAuthModeDetermination', $this->lng->txt('save'));
require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
$cap = new ilCheckboxInputGUI($this->lng->txt('adm_captcha_anonymous_short'), 'activate_captcha_anonym');
$cap->setInfo($this->lng->txt('adm_captcha_anonymous_auth'));
$cap->setValue(1);
if (!ilCaptchaUtil::checkFreetype()) {
$cap->setAlert(ilCaptchaUtil::getPreconditionsMessage());
}
$cap->setChecked(ilCaptchaUtil::isActiveForLogin());
$this->form->addItem($cap);
$header = new ilFormSectionHeaderGUI();
$header->setTitle($this->lng->txt('auth_auth_mode_determination'));
$this->form->addItem($header);
$kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'), 'kind');
$kind->setInfo($this->lng->txt('auth_mode_determination_info'));
$kind->setValue($det->getKind());
$kind->setRequired(true);
$option_user = new ilRadioOption($this->lng->txt('auth_by_user'), 0);
$kind->addOption($option_user);
$option_determination = new ilRadioOption($this->lng->txt('auth_automatic'), 1);
include_once 'Services/Authentication/classes/class.ilAuthUtils.php';
$auth_sequenced = $det->getAuthModeSequence();
$counter = 1;
foreach ($auth_sequenced as $auth_mode) {
switch ($auth_mode) {
case AUTH_LDAP:
$text = $this->lng->txt('auth_ldap');
break;
case AUTH_RADIUS:
$text = $this->lng->txt('auth_radius');
break;
case AUTH_LOCAL:
$text = $this->lng->txt('auth_local');
break;
case AUTH_SOAP:
$text = $this->lng->txt('auth_soap');
break;
case AUTH_APACHE:
$text = $this->lng->txt('auth_apache');
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
default:
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
$option = $pl->getMultipleAuthModeOptions($auth_mode);
$text = $option[$auth_mode]['txt'];
}
break;
// end-patch auth_plugin
}
$pos = new ilTextInputGUI($text, 'position[' . $auth_mode . ']');
$pos->setValue($counter++);
$pos->setSize(1);
$pos->setMaxLength(1);
$option_determination->addSubItem($pos);
}
$kind->addOption($option_determination);
$this->form->addItem($kind);
return true;
}
public static function _getMultipleAuthModeOptions($lng)
{
global $ilSetting;
// in the moment only ldap is activated as additional authentication method
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
// LDAP
if ($ldap_id = ilLDAPServer::_getFirstActiveServer()) {
$ldap_server = new ilLDAPServer($ldap_id);
$options[AUTH_LDAP]['txt'] = $ldap_server->getName();
}
include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
$rad_settings = ilRadiusSettings::_getInstance();
if ($rad_settings->isActive()) {
$options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
}
if ($ilSetting->get('apache_active')) {
global $lng;
$apache_settings = new ilSetting('apache_auth');
$options[AUTH_APACHE]['txt'] = $apache_settings->get('name', $lng->txt('apache_auth'));
$options[AUTH_APACHE]['hide_in_ui'] = true;
}
if ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_LDAP) {
$default = AUTH_LDAP;
} elseif ($ilSetting->get('auth_mode', AUTH_LOCAL) == AUTH_RADIUS) {
$default = AUTH_RADIUS;
} else {
$default = AUTH_LOCAL;
}
$default = $ilSetting->get('default_auth_mode', $default);
$default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
// begin-patch auth_plugin
$pls = ilAuthUtils::getAuthPlugins();
foreach ($pls as $pl) {
$auths = $pl->getAuthIds();
foreach ($auths as $auth_id) {
$pl_auth_option = $pl->getMultipleAuthModeOptions($auth_id);
if ($pl_auth_option) {
$options = $options + $pl_auth_option;
}
}
}
// end-patch auth_plugins
$options[$default]['checked'] = true;
return $options ? $options : array();
}
/**
* Read settings
*
* @access private
* @param
*
*/
private function read()
{
global $ilSetting;
$this->kind = $this->settings->get('kind', self::TYPE_MANUAL);
include_once 'Services/LDAP/classes/class.ilLDAPServer.php';
$ldap_active = ilLDAPServer::_getFirstActiveServer();
include_once 'Services/Radius/classes/class.ilRadiusSettings.php';
$rad_settings = ilRadiusSettings::_getInstance();
$rad_active = $rad_settings->isActive();
$soap_active = $ilSetting->get('soap_auth_active', false);
// apache settings
$apache_settings = new ilSetting('apache_auth');
$apache_active = $apache_settings->get('apache_enable_auth');
// Check if active
for ($i = 0; $i < 5; $i++) {
if ($auth_mode = $this->settings->get((string) $i, 0)) {
switch ($auth_mode) {
case AUTH_LOCAL:
$this->position[] = $auth_mode;
break;
case AUTH_LDAP:
if ($ldap_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_RADIUS:
if ($rad_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_SOAP:
if ($soap_active) {
$this->position[] = $auth_mode;
}
break;
case AUTH_APACHE:
if ($apache_active) {
$this->position[] = $auth_mode;
}
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
default:
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
if ($pl->isAuthActive($auth_mode)) {
$this->position[] = $auth_mode;
}
}
break;
// end-patch auth_plugin
}
}
}
// Append missing active auth modes
if (!in_array(AUTH_LOCAL, $this->position)) {
$this->position[] = AUTH_LOCAL;
}
if ($ldap_active) {
if (!in_array(AUTH_LDAP, $this->position)) {
$this->position[] = AUTH_LDAP;
}
}
if ($rad_active) {
if (!in_array(AUTH_RADIUS, $this->position)) {
$this->position[] = AUTH_RADIUS;
}
}
if ($soap_active) {
if (!in_array(AUTH_SOAP, $this->position)) {
$this->position[] = AUTH_SOAP;
}
}
if ($apache_active) {
if (!in_array(AUTH_APACHE, $this->position)) {
$this->position[] = AUTH_APACHE;
}
}
// begin-patch auth_plugin
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
foreach ($pl->getAuthIds() as $auth_id) {
if ($pl->isAuthActive($auth_id)) {
if (!in_array($auth_id, $this->position)) {
$this->position[] = $auth_id;
}
}
}
}
// end-patch auth_plugin
}
public function fetchData($user, $pass)
{
foreach (ilAuthModeDetermination::_getInstance()->getAuthModeSequence() as $auth_mode) {
if ($_REQUEST['force_mode_apache']) {
$this->log('Container Apache: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/AuthApache/classes/class.ilAuthContainerApache.php';
$this->current_container = new ilAuthContainerApache();
$auth = new ilAuthApache($this->current_container);
} else {
switch ($auth_mode) {
case AUTH_LDAP:
$this->log('Container LDAP: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/LDAP/classes/class.ilAuthContainerLDAP.php';
$this->current_container = new ilAuthContainerLDAP();
break;
case AUTH_LOCAL:
$this->log('Container MDB2: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/Database/classes/class.ilAuthContainerMDB2.php';
$this->current_container = new ilAuthContainerMDB2();
break;
case AUTH_SOAP:
$this->log('Container SOAP: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/SOAPAuth/classes/class.ilAuthContainerSOAP.php';
$this->current_container = new ilAuthContainerSOAP();
break;
case AUTH_RADIUS:
$this->log('Container Radius: Trying new container', AUTH_LOG_DEBUG);
include_once './Services/Radius/classes/class.ilAuthContainerRadius.php';
$this->current_container = new ilAuthContainerRadius();
break;
// begin-patch auth_plugin
// begin-patch auth_plugin
default:
$this->log('Container Plugin: Trying new container', AUTH_LOG_DEBUG);
foreach (ilAuthUtils::getAuthPlugins() as $pl) {
$container = $pl->getContainer($auth_mode);
if ($container instanceof Auth_Container) {
$this->current_container = $container;
break;
}
}
break;
// end-patch auth_plugin
}
}
$this->current_container->_auth_obj = $this->_auth_obj;
$result = $this->current_container->fetchData($user, $pass);
if (PEAR::isError($result)) {
$this->log('Container ' . $key . ': ' . $result->getMessage(), AUTH_LOG_ERR);
// Do not return here, otherwise wrong configured auth modes might block ilias database authentication
} elseif ($result == true) {
$this->log('Container ' . $key . ': Authentication successful.', AUTH_LOG_DEBUG);
return true;
} else {
$this->log('Container ' . $key . ': Authentication failed.', AUTH_LOG_DEBUG);
}
}
return false;
}
