00001 <?php 00002 /* 00003 +-----------------------------------------------------------------------------+ 00004 | ILIAS open source | 00005 +-----------------------------------------------------------------------------+ 00006 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne | 00007 | | 00008 | This program is free software; you can redistribute it and/or | 00009 | modify it under the terms of the GNU General Public License | 00010 | as published by the Free Software Foundation; either version 2 | 00011 | of the License, or (at your option) any later version. | 00012 | | 00013 | This program is distributed in the hope that it will be useful, | 00014 | but WITHOUT ANY WARRANTY; without even the implied warranty of | 00015 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 00016 | GNU General Public License for more details. | 00017 | | 00018 | You should have received a copy of the GNU General Public License | 00019 | along with this program; if not, write to the Free Software | 00020 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 00021 +-----------------------------------------------------------------------------+ 00022 */ 00023 00024 00025 include_once("Auth.php"); 00026 00037 class ilCASAuth extends Auth 00038 { 00043 function ilCASAuth($a_params) 00044 { 00045 parent::Auth(""); 00046 00047 include_once("./Services/CAS/phpcas/source/CAS/CAS.php"); 00048 $this->server_version = CAS_VERSION_2_0; 00049 $this->server_hostname = $a_params["server_hostname"]; 00050 $this->server_port = (int) $a_params["server_port"]; 00051 $this->server_uri = $a_params["server_uri"]; 00052 00053 phpCAS::setDebug(); 00054 phpCAS::client($this->server_version, $this->server_hostname, 00055 $this->server_port, $this->server_uri); 00056 } 00057 00064 function checkCASAuth() 00065 { 00066 global $PHPCAS_CLIENT; 00067 00068 return $PHPCAS_CLIENT->isAuthenticated(); 00069 } 00070 00071 function forceCASAuth() 00072 { 00073 phpCAS::forceAuthentication(); 00074 } 00075 00076 function getCASUser() 00077 { 00078 return phpCAS::getUser(); 00079 } 00080 00086 /* 00087 function getAuth() 00088 { 00089 $session = &$this->_importGlobalVariable('session'); 00090 if (!empty($session) && 00091 (isset($session[$this->_sessionName]['registered']) && 00092 $session[$this->_sessionName]['registered'] === true)) 00093 { 00094 return true; 00095 } else { 00096 return false; 00097 } 00098 } 00099 */ 00100 00109 /* 00110 function setIdle($time, $add = false) 00111 { 00112 $add ? $this->idle += $time : $this->idle = $time; 00113 } 00114 */ 00115 00124 /* 00125 function setExpire($time, $add = false) 00126 { 00127 $add ? $this->expire += $time : $this->expire = $time; 00128 } 00129 */ 00130 00137 /* 00138 function checkAuth() 00139 { 00140 $session = &$this->_importGlobalVariable('session'); 00141 00142 if (isset($session[$this->_sessionName])) { 00143 // Check if authentication session is expired 00144 if ($this->expire > 0 && 00145 isset($session[$this->_sessionName]['timestamp']) && 00146 ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) { 00147 00148 $this->logout(); 00149 $this->expired = true; 00150 $this->status = AUTH_EXPIRED; 00151 00152 return false; 00153 } 00154 00155 // Check if maximum idle time is reached 00156 if ($this->idle > 0 && 00157 isset($session[$this->_sessionName]['idle']) && 00158 ($session[$this->_sessionName]['idle'] + $this->idle) < time()) { 00159 00160 $this->logout(); 00161 $this->idled = true; 00162 $this->status = AUTH_IDLED; 00163 00164 return false; 00165 } 00166 00167 if (isset($session[$this->_sessionName]['registered']) && 00168 isset($session[$this->_sessionName]['username']) && 00169 $session[$this->_sessionName]['registered'] == true && 00170 $session[$this->_sessionName]['username'] != '') { 00171 00172 Auth::updateIdle(); 00173 00174 return true; 00175 } 00176 } 00177 00178 return false; 00179 } 00180 */ 00181 00188 /* 00189 function start() 00190 { 00191 @session_start(); 00192 00193 if (!$this->checkAuth()) { 00194 $this->login(); 00195 } 00196 } 00197 */ 00198 00205 function login() 00206 { 00207 global $ilias, $rbacadmin, $ilSetting; 00208 00209 if (phpCAS::getUser() != "") 00210 { 00211 $username = phpCAS::getUser(); 00212 00213 // Authorize this user 00214 include_once("classes/class.ilObjUser.php"); 00215 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username); 00216 00217 if ($local_user != "") 00218 { 00219 $this->setAuth($local_user); 00220 } 00221 else 00222 { 00223 if (!$ilSetting->get("cas_create_users")) 00224 { 00225 $this->status = AUTH_CAS_NO_ILIAS_USER; 00226 $this->logout(); 00227 return; 00228 } 00229 00230 $userObj = new ilObjUser(); 00231 00232 $local_user = ilAuthUtils::_generateLogin($username); 00233 00234 $newUser["firstname"] = $local_user; 00235 $newUser["lastname"] = ""; 00236 00237 $newUser["login"] = $local_user; 00238 00239 // set "plain md5" password (= no valid password) 00240 $newUser["passwd"] = ""; 00241 $newUser["passwd_type"] = IL_PASSWD_MD5; 00242 00243 //$newUser["gender"] = "m"; 00244 $newUser["auth_mode"] = "cas"; 00245 $newUser["ext_account"] = $username; 00246 $newUser["profile_incomplete"] = 1; 00247 00248 // system data 00249 $userObj->assignData($newUser); 00250 $userObj->setTitle($userObj->getFullname()); 00251 $userObj->setDescription($userObj->getEmail()); 00252 00253 // set user language to system language 00254 $userObj->setLanguage($ilSetting->get("language")); 00255 00256 // Time limit 00257 $userObj->setTimeLimitOwner(7); 00258 $userObj->setTimeLimitUnlimited(1); 00259 $userObj->setTimeLimitFrom(time()); 00260 $userObj->setTimeLimitUntil(time()); 00261 00262 // Create user in DB 00263 $userObj->setOwner(6); 00264 $userObj->create(); 00265 $userObj->setActive(1, 6); 00266 00267 $userObj->updateOwner(); 00268 00269 //insert user data in table user_data 00270 $userObj->saveAsNew(); 00271 00272 // setup user preferences 00273 $userObj->writePrefs(); 00274 00275 // to do: test this 00276 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true); 00277 00278 unset($userObj); 00279 00280 $this->setAuth($local_user); 00281 00282 } 00283 } 00284 else 00285 { 00286 // This should never occur unless CAS is not configured properly 00287 $this->status = AUTH_WRONG_LOGIN; 00288 } 00289 } 00290 00299 /* 00300 function setAuth($username) 00301 { 00302 $session = &Auth::_importGlobalVariable('session'); 00303 00304 if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) { 00305 session_register($this->_sessionName); 00306 } 00307 00308 if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) { 00309 $session[$this->_sessionName] = array(); 00310 } 00311 00312 if(!isset($session[$this->_sessionName]['data'])){ 00313 $session[$this->_sessionName]['data'] = array(); 00314 } 00315 $session[$this->_sessionName]['registered'] = true; 00316 $session[$this->_sessionName]['username'] = $username; 00317 $session[$this->_sessionName]['timestamp'] = time(); 00318 $session[$this->_sessionName]['idle'] = time(); 00319 } 00320 */ 00321 00333 function logout() 00334 { 00335 parent::logout(); 00336 //PHPCAS::logout(); // CAS logout should be provided separately 00337 // maybe on ILISA login screen 00338 } 00339 00346 /* 00347 function getUsername() 00348 { 00349 $session = &$this->_importGlobalVariable('session'); 00350 if (!isset($session[$this->_sessionName]['username'])) { 00351 return ''; 00352 } 00353 return $session[$this->_sessionName]['username']; 00354 } 00355 */ 00356 00363 /* 00364 function getStatus() 00365 { 00366 00367 return $status; 00368 } 00369 */ 00370 00378 /* 00379 function &_importGlobalVariable($variable) 00380 { 00381 $var = null; 00382 00383 switch (strtolower($variable)) { 00384 00385 case 'server' : 00386 if (isset($_SERVER)) { 00387 $var = &$_SERVER; 00388 } else { 00389 $var = &$GLOBALS['HTTP_SERVER_VARS']; 00390 } 00391 break; 00392 00393 case 'session' : 00394 if (isset($_SESSION)) { 00395 $var = &$_SESSION; 00396 } else { 00397 $var = &$GLOBALS['HTTP_SESSION_VARS']; 00398 } 00399 break; 00400 00401 case 'post' : 00402 if (isset($_POST)) { 00403 $var = &$_POST; 00404 } else { 00405 $var = &$GLOBALS['HTTP_POST_VARS']; 00406 } 00407 break; 00408 00409 case 'cookie' : 00410 if (isset($_COOKIE)) { 00411 $var = &$_COOKIE; 00412 } else { 00413 $var = &$GLOBALS['HTTP_COOKIE_VARS']; 00414 } 00415 break; 00416 00417 case 'get' : 00418 if (isset($_GET)) { 00419 $var = &$_GET; 00420 } else { 00421 $var = &$GLOBALS['HTTP_GET_VARS']; 00422 } 00423 break; 00424 00425 default: 00426 break; 00427 00428 } 00429 00430 return $var; 00431 } 00432 */ 00433 } // END class.ilCASAuth 00434 ?>