ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5
Auth Class Reference
+ Inheritance diagram for Auth:
+ Collaboration diagram for Auth:

Public Member Functions

 Auth ($storageDriver, $options='', $loginFunction='', $showLogin=true)
 Constructor. More...
 
applyAuthOptions (&$options)
 Set the Auth options. More...
 
 _loadStorage ()
 Load Storage Driver if not already loaded. More...
 
 assignData ()
 Assign data from login form to internal values. More...
 
 start ()
 Start new auth session. More...
 
 login ()
 Login function. More...
 
 setExpire ($time, $add=false)
 Set the maximum expire time. More...
 
 setIdle ($time, $add=false)
 Set the maximum idle time. More...
 
 setSessionName ($name='session')
 Set name of the session to a customized value. More...
 
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object. More...
 
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login. More...
 
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login. More...
 
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout. More...
 
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session. More...
 
 getAuthData ($name=null)
 Get additional information that is stored in the session. More...
 
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully. More...
 
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks. More...
 
 checkAuth ()
 Checks if there is a session with valid auth information. More...
 
 getAuth ()
 Has the user been authenticated? More...
 
 logout ()
 Logout function. More...
 
 updateIdle ()
 Update the idletime. More...
 
 getUsername ()
 Get the username. More...
 
 getStatus ()
 Get the current status. More...
 
 getPostUsernameField ()
 Gets the post varible used for the username. More...
 
 getPostPasswordField ()
 Gets the post varible used for the username. More...
 
 sessionValidThru ()
 Returns the time up to the session is valid. More...
 
 listUsers ()
 List all users that are currently available in the storage container. More...
 
 addUser ($username, $password, $additional='')
 Add user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system. More...
 
 _loadLogger ()
 Load Log object if not already loaded. More...
 
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source. More...
 
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled? More...
 
- Public Member Functions inherited from ilAuthBase
 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Static Public Member Functions

_factory ($driver, $options='')
 Return a storage driver based on $driver and $options. More...
 
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information. More...
 

Data Fields

 $expire = 0
 
 $expired = false
 
 $idle = 0
 
 $idled = false
 
 $storage = ''
 
 $loginFunction = ''
 
 $showLogin = true
 
 $allowLogin = true
 
 $status = ''
 
 $username = ''
 
 $password = ''
 
 $checkAuthCallback = ''
 
 $loginCallback = ''
 
 $loginFailedCallback = ''
 
 $logoutCallback = ''
 
 $_sessionName = '_authsession'
 
 $version = "@version@"
 
 $advancedsecurity = false
 
 $_postUsername = 'username'
 
 $_postPassword = 'password'
 
 $session
 
 $server
 
 $post
 
 $cookie
 
 $authdata
 
 $authChecks = 0
 
 $logger = null
 
 $enableLogging = false
 
 $regenerateSessionId = false
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
- Protected Attributes inherited from ilAuthBase
 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Definition at line 90 of file Auth.php.

Member Function Documentation

◆ _factory()

& Auth::_factory (   $driver,
  $options = '' 
)
static

Return a storage driver based on $driver and $options.

Parameters
string$driverType of storage class to return
string$optionsOptional parameters for the storage class
Returns
object Object Storage object private

Definition at line 467 of file Auth.php.

References $options.

Referenced by _loadStorage().

468  {
469  $storage_class = 'Auth_Container_' . $driver;
470  include_once 'Auth/Container/' . $driver . '.php';
471  $obj =& new $storage_class($options);
472  return $obj;
473  }
if(!is_array($argv)) $options
+ Here is the caller graph for this function:

◆ _isAdvancedSecurityEnabled()

Auth::_isAdvancedSecurityEnabled (   $feature = null)

Is advanced security enabled?

Pass one of the Advanced Security constants as the first parameter to check if that advanced security check is enabled.

Parameters
integer
Returns
boolean

Definition at line 1337 of file Auth.php.

References $advancedsecurity.

Referenced by checkAuth().

1337  {
1338 
1339  if (is_null($feature)) {
1340 
1341  if ($this->advancedsecurity === true)
1342  return true;
1343 
1344  if ( is_array($this->advancedsecurity)
1345  && in_array(true, $this->advancedsecurity, true))
1346  return true;
1347 
1348  return false;
1349 
1350  } else {
1351 
1352  if (is_array($this->advancedsecurity)) {
1353 
1354  if ( isset($this->advancedsecurity[$feature])
1355  && $this->advancedsecurity[$feature] == true)
1356  return true;
1357 
1358  return false;
1359 
1360  }
1361 
1362  return (bool)$this->advancedsecurity;
1363 
1364  }
1365 
1366  }
$advancedsecurity
Definition: Auth.php:245
+ Here is the caller graph for this function:

◆ _loadLogger()

Auth::_loadLogger ( )

Load Log object if not already loaded.

Suspend logger instantiation to make Auth lighter to use for calls which do not require logging

Returns
bool True if the logger is loaded, false if the logger is already loaded private

Definition at line 1292 of file Auth.php.

References AUTH_LOG_DEBUG, and Log\singleton().

Referenced by attachLogObserver(), and log().

1293  {
1294  if(is_null($this->logger)) {
1295  if (!class_exists('Log')) {
1296  include_once 'Log.php';
1297  }
1298  $this->logger =& Log::singleton('null',
1299  null,
1300  'auth['.getmypid().']',
1301  array(),
1302  AUTH_LOG_DEBUG);
1303  return(true);
1304  }
1305  return(false);
1306  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
& singleton($handler, $name='', $ident='', $conf=array(), $level=PEAR_LOG_DEBUG)
Attempts to return a reference to a concrete Log instance of type $handler, only creating a new insta...
Definition: Log.php:213
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _loadStorage()

Auth::_loadStorage ( )

Load Storage Driver if not already loaded.

Suspend storage instantiation to make Auth lighter to use for calls which do not require login

Returns
bool True if the conainer is loaded, false if the container is already loaded private

Definition at line 443 of file Auth.php.

References _factory(), AUTH_LOG_DEBUG, and log().

Referenced by addUser(), changePassword(), listUsers(), ilAuthWeb\login(), Auth_HTTP\login(), login(), and removeUser().

444  {
445  if(!is_object($this->storage)) {
446  $this->storage =& $this->_factory($this->storage_driver,
447  $this->storage_options);
448  $this->storage->_auth_obj =& $this;
449  $this->log('Loaded storage container ('.$this->storage_driver.')', AUTH_LOG_DEBUG);
450  return(true);
451  }
452  return(false);
453  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
& _factory($driver, $options='')
Return a storage driver based on $driver and $options.
Definition: Auth.php:467
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ addUser()

Auth::addUser (   $username,
  $password,
  $additional = '' 
)

Add user to the storage container.

public

Parameters
stringUsername
stringPassword
mixedAdditional parameters
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1215 of file Auth.php.

References $additional, _loadStorage(), AUTH_LOG_DEBUG, and log().

1216  {
1217  $this->log('Auth::addUser() called.', AUTH_LOG_DEBUG);
1218  $this->_loadStorage();
1219  return $this->storage->addUser($username, $password, $additional);
1220  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
$password
Definition: Auth.php:182
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
$additional
Definition: goto.php:89
$username
Definition: Auth.php:175
+ Here is the call graph for this function:

◆ applyAuthOptions()

& Auth::applyAuthOptions ( $options)

Set the Auth options.

Some options which are Auth specific will be applied the rest will be left for usage by the container

Parameters
arrayAn array of Auth options
Returns
array The options which were not applied private

Definition at line 396 of file Auth.php.

References $options.

Referenced by Auth().

397  {
398  if(is_array($options)){
399  if (!empty($options['sessionName'])) {
400  $this->_sessionName = $options['sessionName'];
401  unset($options['sessionName']);
402  }
403  if (isset($options['allowLogin'])) {
404  $this->allowLogin = $options['allowLogin'];
405  unset($options['allowLogin']);
406  }
407  if (!empty($options['postUsername'])) {
408  $this->_postUsername = $options['postUsername'];
409  unset($options['postUsername']);
410  }
411  if (!empty($options['postPassword'])) {
412  $this->_postPassword = $options['postPassword'];
413  unset($options['postPassword']);
414  }
415  if (isset($options['advancedsecurity'])) {
416  $this->advancedsecurity = $options['advancedsecurity'];
417  unset($options['advancedsecurity']);
418  }
419  if (isset($options['enableLogging'])) {
420  $this->enableLogging = $options['enableLogging'];
421  unset($options['enableLogging']);
422  }
423  if (isset($options['regenerateSessionId']) && is_bool($options['regenerateSessionId'])) {
424  $this->regenerateSessionId = $options['regenerateSessionId'];
425  }
426  }
427  return($options);
428  }
if(!is_array($argv)) $options
+ Here is the caller graph for this function:

◆ assignData()

Auth::assignData ( )

Assign data from login form to internal values.

This function takes the values for username and password from $HTTP_POST_VARS/$_POST and assigns them to internal variables. If you wish to use another source apart from $HTTP_POST_VARS/$_POST, you have to derive this function.

$HTTP_POST_VARS, $_POST

See also
Auth
Returns
void private

Definition at line 491 of file Auth.php.

References $_postPassword, $_postUsername, AUTH_LOG_DEBUG, and log().

Referenced by start().

492  {
493  $this->log('Auth::assignData() called.', AUTH_LOG_DEBUG);
494 
495  if ( isset($this->post[$this->_postUsername])
496  && $this->post[$this->_postUsername] != '') {
497  $this->username = (get_magic_quotes_gpc() == 1
498  ? stripslashes($this->post[$this->_postUsername])
499  : $this->post[$this->_postUsername]);
500  }
501  if ( isset($this->post[$this->_postPassword])
502  && $this->post[$this->_postPassword] != '') {
503  $this->password = (get_magic_quotes_gpc() == 1
504  ? stripslashes($this->post[$this->_postPassword])
505  : $this->post[$this->_postPassword] );
506  }
507  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ attachLogObserver()

Auth::attachLogObserver ( $observer)

Attach an Observer to the Auth Log Source.

Parameters
objectLog_Observer A Log Observer instance
Returns
boolean

Definition at line 1317 of file Auth.php.

References _loadLogger().

1317  {
1318 
1319  $this->_loadLogger();
1320 
1321  return $this->logger->attach($observer);
1322 
1323  }
_loadLogger()
Load Log object if not already loaded.
Definition: Auth.php:1292
+ Here is the call graph for this function:

◆ Auth()

Auth::Auth (   $storageDriver,
  $options = '',
  $loginFunction = '',
  $showLogin = true 
)

Constructor.

Set up the storage driver.

Parameters
stringType of the storage driver
mixedAdditional options for the storage driver (example: if you are using DB as the storage driver, you have to pass the dsn string here)
stringName of the function that creates the login form
booleanShould the login form be displayed if neccessary?
Returns
void

Definition at line 335 of file Auth.php.

References $_COOKIE, $_POST, $_SERVER, $_SESSION, $_sessionName, $loginFunction, $options, $showLogin, applyAuthOptions(), and PEAR\throwError().

Referenced by Auth_HTTP\Auth_HTTP(), and staticCheckAuth().

336  {
337  $this->applyAuthOptions($options);
338 
339  // Start the session suppress error if already started
340  if(!session_id()){
341  @session_start();
342  if(!session_id()) {
343  // Throw error
344  include_once 'PEAR.php';
345  PEAR::throwError('Session could not be started by Auth, '
346  .'possibly headers are already sent, try putting '
347  .'ob_start in the beginning of your script');
348  }
349  }
350 
351  // Make Sure Auth session variable is there
352  if(!isset($_SESSION[$this->_sessionName])) {
353  $_SESSION[$this->_sessionName] = array();
354  }
355 
356  // Assign Some globals to internal references, this will replace _importGlobalVariable
357  $this->session =& $_SESSION[$this->_sessionName];
358  $this->server =& $_SERVER;
359  $this->post =& $_POST;
360  $this->cookie =& $_COOKIE;
361 
362  if ($loginFunction != '' && is_callable($loginFunction)) {
363  $this->loginFunction = $loginFunction;
364  }
365 
366  if (is_bool($showLogin)) {
367  $this->showLogin = $showLogin;
368  }
369 
370  if (is_object($storageDriver)) {
371  $this->storage =& $storageDriver;
372  // Pass a reference to auth to the container, ugly but works
373  // this is used by the DB container to use method setAuthData not staticaly.
374  $this->storage->_auth_obj =& $this;
375  } else {
376  // $this->storage = $this->_factory($storageDriver, $options);
377  //
378  $this->storage_driver = $storageDriver;
379  $this->storage_options =& $options;
380  }
381  }
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
$_POST['username']
Definition: cron.php:12
$_SESSION["AccountId"]
$_COOKIE["ilClientId"]
Definition: cron.php:11
& applyAuthOptions(&$options)
Set the Auth options.
Definition: Auth.php:396
$showLogin
Definition: Auth.php:153
& throwError($message=null, $code=null, $userinfo=null)
Simpler form of raiseError with fewer options.
Definition: PEAR.php:591
if(!is_array($argv)) $options
$loginFunction
Definition: Auth.php:145
$_sessionName
Definition: Auth.php:221
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ changePassword()

Auth::changePassword (   $username,
  $password 
)

Change password for user in the storage container.

public

Parameters
stringUsername
stringThe new password
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1252 of file Auth.php.

References _loadStorage(), AUTH_LOG_DEBUG, and log().

1253  {
1254  $this->log('Auth::changePassword() called', AUTH_LOG_DEBUG);
1255  $this->_loadStorage();
1256  return $this->storage->changePassword($username, $password);
1257  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
$password
Definition: Auth.php:182
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
$username
Definition: Auth.php:175
+ Here is the call graph for this function:

◆ checkAuth()

Auth::checkAuth ( )

Checks if there is a session with valid auth information.

public

Returns
boolean Whether or not the user is authenticated.

Definition at line 899 of file Auth.php.

References _isAdvancedSecurityEnabled(), AUTH_ADV_CHALLENGE, AUTH_ADV_IPCHECK, AUTH_ADV_USERAGENT, AUTH_CALLBACK_ABORT, AUTH_EXPIRED, AUTH_IDLED, AUTH_LOG_DEBUG, AUTH_LOG_INFO, AUTH_SECURITY_BREACH, log(), login(), logout(), ilUtil\setCookie(), and updateIdle().

Referenced by getAuth(), and start().

900  {
901  $this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG);
902  $this->authChecks++;
903  if (isset($this->session)) {
904  // Check if authentication session is expired
905  if ( $this->expire > 0
906  && isset($this->session['timestamp'])
907  && ($this->session['timestamp'] + $this->expire) < time()) {
908  $this->log('Session Expired', AUTH_LOG_INFO);
909  $this->expired = true;
910  $this->status = AUTH_EXPIRED;
911  $this->logout();
912  return false;
913  }
914 
915  // Check if maximum idle time is reached
916  if ( $this->idle > 0
917  && isset($this->session['idle'])
918  && ($this->session['idle'] + $this->idle) < time()) {
919  $this->log('Session Idle Time Reached', AUTH_LOG_INFO);
920  $this->idled = true;
921  $this->status = AUTH_IDLED;
922  $this->logout();
923  return false;
924  }
925 
926  if ( isset($this->session['registered'])
927  && isset($this->session['username'])
928  && $this->session['registered'] == true
929  && $this->session['username'] != '') {
931 
932  if ($this->_isAdvancedSecurityEnabled()) {
933  $this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG);
934 
935  // Only Generate the challenge once
936  if ( $this->authChecks == 1
938  $this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG);
939  $this->session['challengecookieold'] = $this->session['challengecookie'];
940  $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
941  //setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
942  require_once 'Services/Utilities/classes/class.ilUtil.php';
943  ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
944  }
945 
946  // Check for ip change
948  && isset($this->server['REMOTE_ADDR'])
949  && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
950  $this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO);
951  // Check if the IP of the user has changed, if so we
952  // assume a man in the middle attack and log him out
953  $this->expired = true;
954  $this->status = AUTH_SECURITY_BREACH;
955  $this->logout();
956  return false;
957  }
958 
959  // Check for ip change (if connected via proxy)
961  && isset($this->server['HTTP_X_FORWARDED_FOR'])
962  && $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
963  $this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO);
964  // Check if the IP of the user connecting via proxy has
965  // changed, if so we assume a man in the middle attack
966  // and log him out.
967  $this->expired = true;
968  $this->status = AUTH_SECURITY_BREACH;
969  $this->logout();
970  return false;
971  }
972 
973  // Check for useragent change
975  && isset($this->server['HTTP_USER_AGENT'])
976  && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
977  $this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO);
978  // Check if the User-Agent of the user has changed, if
979  // so we assume a man in the middle attack and log him out
980  $this->expired = true;
981  $this->status = AUTH_SECURITY_BREACH;
982  $this->logout();
983  return false;
984  }
985 
986  // Check challenge cookie here, if challengecookieold is not set
987  // this is the first time and check is skipped
988  // TODO when user open two pages similtaneuly (open in new window,open
989  // in tab) auth breach is caused find out a way around that if possible
991  && isset($this->session['challengecookieold'])
992  && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
993  $this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO);
994  $this->expired = true;
995  $this->status = AUTH_SECURITY_BREACH;
996  $this->logout();
997  $this->login();
998  return false;
999  }
1000  }
1001 
1002  if (is_callable($this->checkAuthCallback)) {
1003  $this->log('Calling checkAuthCallback ('.$this->checkAuthCallback.').', AUTH_LOG_DEBUG);
1004  $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
1005  if ($checkCallback == false) {
1006  $this->log('checkAuthCallback failed.', AUTH_LOG_INFO);
1007  $this->expired = true;
1008  $this->status = AUTH_CALLBACK_ABORT;
1009  $this->logout();
1010  return false;
1011  }
1012  }
1013 
1014  $this->log('Session OK.', AUTH_LOG_INFO);
1015  return true;
1016  }
1017  } else {
1018  $this->log('Unable to locate session storage.', AUTH_LOG_DEBUG);
1019  return false;
1020  }
1021  $this->log('No login session.', AUTH_LOG_DEBUG);
1022  return false;
1023  }
updateIdle()
Update the idletime.
Definition: Auth.php:1101
const AUTH_LOG_INFO
Auth Log level - INFO.
Definition: Auth.php:55
const AUTH_CALLBACK_ABORT
Returned if checkAuthCallback says session should not continue.
Definition: Auth.php:50
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
const AUTH_SECURITY_BREACH
Returned if new Advanced security system detects a breach.
Definition: Auth.php:46
const AUTH_ADV_IPCHECK
Auth Advanced Security - IP Checks.
Definition: Auth.php:64
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
login()
Login function.
Definition: Auth.php:543
logout()
Logout function.
Definition: Auth.php:1077
const AUTH_IDLED
Returned if session exceeds idle time.
Definition: Auth.php:30
const AUTH_ADV_USERAGENT
Auth Advanced Security - User Agent Checks.
Definition: Auth.php:68
const AUTH_EXPIRED
Returned if session has expired.
Definition: Auth.php:34
_isAdvancedSecurityEnabled($feature=null)
Is advanced security enabled?
Definition: Auth.php:1337
const AUTH_ADV_CHALLENGE
Auth Advanced Security - Challenge Response.
Definition: Auth.php:72
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuth()

Auth::getAuth ( )

Has the user been authenticated?

Is there a valid login session. Previously this was different from checkAuth() but now it is just an alias.

public

Returns
bool True if the user is logged in, otherwise false.

Definition at line 1058 of file Auth.php.

References AUTH_LOG_DEBUG, checkAuth(), and log().

Referenced by Auth_HTTP\authenticationInfo(), and Auth_HTTP\login().

1059  {
1060  $this->log('Auth::getAuth() called.', AUTH_LOG_DEBUG);
1061  return $this->checkAuth();
1062  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
checkAuth()
Checks if there is a session with valid auth information.
Definition: Auth.php:899
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthData()

Auth::getAuthData (   $name = null)

Get additional information that is stored in the session.

If no value for the first parameter is passed, the method will return all data that is currently stored.

Parameters
stringName of the data field
Returns
mixed Value of the data field. public

Definition at line 798 of file Auth.php.

Referenced by Auth_HTTP\authenticationInfo(), and Auth_HTTP\login().

799  {
800  if (!isset($this->session['data'])) {
801  return null;
802  }
803  if(!isset($name)) {
804  return $this->session['data'];
805  }
806  if (isset($name) && isset($this->session['data'][$name])) {
807  return $this->session['data'][$name];
808  }
809  return null;
810  }
+ Here is the caller graph for this function:

◆ getPostPasswordField()

Auth::getPostPasswordField ( )

Gets the post varible used for the username.

Returns
string public

Definition at line 1160 of file Auth.php.

1161  {
1162  return($this->_postPassword);
1163  }

◆ getPostUsernameField()

Auth::getPostUsernameField ( )

Gets the post varible used for the username.

Returns
string public

Definition at line 1146 of file Auth.php.

1147  {
1148  return($this->_postUsername);
1149  }

◆ getStatus()

Auth::getStatus ( )

Get the current status.

Returns
string public

Definition at line 1132 of file Auth.php.

References $status.

1133  {
1134  return $this->status;
1135  }
$status
Definition: Auth.php:168

◆ getUsername()

Auth::getUsername ( )

Get the username.

Returns
string public

Definition at line 1115 of file Auth.php.

1116  {
1117  if (isset($this->session['username'])) {
1118  return($this->session['username']);
1119  }
1120  return('');
1121  }

◆ listUsers()

Auth::listUsers ( )

List all users that are currently available in the storage container.

public

Returns
array

Definition at line 1195 of file Auth.php.

References _loadStorage(), AUTH_LOG_DEBUG, and log().

1196  {
1197  $this->log('Auth::listUsers() called.', AUTH_LOG_DEBUG);
1198  $this->_loadStorage();
1199  return $this->storage->listUsers();
1200  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
+ Here is the call graph for this function:

◆ log()

Auth::log (   $message,
  $level = AUTH_LOG_DEBUG 
)

Log a message from the Auth system.

public

Parameters
stringThe message to log
stringThe log level to log the message under. See the Log documentation for more info.
Returns
boolean

Definition at line 1270 of file Auth.php.

References _loadLogger().

Referenced by _loadStorage(), addUser(), assignData(), changePassword(), checkAuth(), getAuth(), listUsers(), ilAuthWeb\login(), login(), logout(), removeUser(), setAuth(), and start().

1271  {
1272  if (!$this->enableLogging) return false;
1273 
1274  $this->_loadLogger();
1275 
1276  $this->logger->log('AUTH: '.$message, $level);
1277  }
_loadLogger()
Load Log object if not already loaded.
Definition: Auth.php:1292
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ login()

Auth::login ( )

Login function.

Returns
void private

Definition at line 543 of file Auth.php.

References _loadStorage(), AUTH_LOG_DEBUG, AUTH_LOG_INFO, AUTH_WRONG_LOGIN, log(), Auth_Frontend_Html\render(), and setAuth().

Referenced by checkAuth(), and start().

544  {
545  $this->log('Auth::login() called.', AUTH_LOG_DEBUG);
546 
547  $login_ok = false;
548  $this->_loadStorage();
549 
550  // Check if using challenge response
551  (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
552  ? $usingChap = true
553  : $usingChap = false;
554 
555 
556  // When the user has already entered a username, we have to validate it.
557  if (!empty($this->username)) {
558  if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
559  $this->session['challengekey'] = md5($this->username.$this->password);
560  $login_ok = true;
561  $this->log('Successful login.', AUTH_LOG_INFO);
562  }
563  }
564 
565  if (!empty($this->username) && $login_ok) {
566  $this->setAuth($this->username);
567  if (is_callable($this->loginCallback)) {
568  $this->log('Calling loginCallback ('.$this->loginCallback.').', AUTH_LOG_DEBUG);
569  call_user_func_array($this->loginCallback, array($this->username, &$this));
570  }
571  }
572 
573  // If the login failed or the user entered no username,
574  // output the login screen again.
575  if (!empty($this->username) && !$login_ok) {
576  $this->log('Incorrect login.', AUTH_LOG_INFO);
577  $this->status = AUTH_WRONG_LOGIN;
578  if (is_callable($this->loginFailedCallback)) {
579  $this->log('Calling loginFailedCallback ('.$this->loginFailedCallback.').', AUTH_LOG_DEBUG);
580  call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
581  }
582  }
583 
584  if ((empty($this->username) || !$login_ok) && $this->showLogin) {
585  $this->log('Rendering Login Form.', AUTH_LOG_INFO);
586  if (is_callable($this->loginFunction)) {
587  $this->log('Calling loginFunction ('.$this->loginFunction.').', AUTH_LOG_DEBUG);
588  call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
589  } else {
590  // BC fix Auth used to use drawLogin for this
591  // call is sub classes implement this
592  if (is_callable(array($this, 'drawLogin'))) {
593  $this->log('Calling Auth::drawLogin()', AUTH_LOG_DEBUG);
594  return $this->drawLogin($this->username, $this);
595  }
596 
597  $this->log('Using default Auth_Frontend_Html', AUTH_LOG_DEBUG);
598 
599  // New Login form
600  include_once 'Auth/Frontend/Html.php';
601  return Auth_Frontend_Html::render($this, $this->username);
602  }
603  } else {
604  return;
605  }
606  }
const AUTH_LOG_INFO
Auth Log level - INFO.
Definition: Auth.php:55
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
render(&$caller, $username='')
Displays the login form.
Definition: Html.php:50
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ logout()

Auth::logout ( )

Logout function.

This function clears any auth tokens in the currently active session and executes the logout callback function, if any

public

Returns
void

Definition at line 1077 of file Auth.php.

References AUTH_LOG_DEBUG, and log().

Referenced by checkAuth(), ilSessionControl\checkCurrentSessionIsAllowed(), Auth_Anonymous\forceLogin(), and ilAuthInactive\start().

1078  {
1079  $this->log('Auth::logout() called.', AUTH_LOG_DEBUG);
1080 
1081  if (is_callable($this->logoutCallback) && isset($this->session['username'])) {
1082  $this->log('Calling logoutCallback ('.$this->logoutCallback.').', AUTH_LOG_DEBUG);
1083  call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
1084  }
1085 
1086  $this->username = '';
1087  $this->password = '';
1088 
1089  $this->session = null;
1090  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeUser()

Auth::removeUser (   $username)

Remove user from the storage container.

public

Parameters
stringUsername
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1233 of file Auth.php.

References _loadStorage(), AUTH_LOG_DEBUG, and log().

1234  {
1235  $this->log('Auth::removeUser() called.', AUTH_LOG_DEBUG);
1236  $this->_loadStorage();
1237  return $this->storage->removeUser($username);
1238  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
$username
Definition: Auth.php:175
+ Here is the call graph for this function:

◆ sessionValidThru()

Auth::sessionValidThru ( )

Returns the time up to the session is valid.

public

Returns
integer

Definition at line 1174 of file Auth.php.

1175  {
1176  if (!isset($this->session['idle'])) {
1177  return 0;
1178  }
1179  if ($this->idle == 0) {
1180  return 0;
1181  }
1182  return ($this->session['idle'] + $this->idle);
1183  }

◆ setAdvancedSecurity()

Auth::setAdvancedSecurity (   $flag = true)

Enables advanced security checks.

Currently only ip change and useragent change are detected

Todo:
Add challenge cookies - Create a cookie which changes every time and contains some challenge key which the server can verify with a session var cookie might need to be crypted (user pass)
Parameters
boolEnable or disable
Returns
void public

Definition at line 885 of file Auth.php.

886  {
887  $this->advancedsecurity = $flag;
888  }

◆ setAllowLogin()

Auth::setAllowLogin (   $allowLogin = true)

Should the login form be displayed if neccessary?

Parameters
boolshow login form or not
Returns
void public

Definition at line 691 of file Auth.php.

References $allowLogin.

692  {
693  $this->allowLogin = $allowLogin;
694  }
$allowLogin
Definition: Auth.php:161

◆ setAuth()

Auth::setAuth (   $username)

Register variable in a session telling that the user has logged in successfully.

Parameters
stringUsername
Returns
void public

Definition at line 823 of file Auth.php.

References $username, AUTH_LOG_DEBUG, log(), and ilUtil\setCookie().

Referenced by Auth_Anonymous\login(), ilCASAuth\login(), Auth_HTTP\login(), and login().

824  {
825  $this->log('Auth::setAuth() called.', AUTH_LOG_DEBUG);
826 
827  // #10729 - Regenerate session id here only if generating at login only
828  // Don't do it if we are regenerating on every request so we don't
829  // regenerate it twice in one request.
830  if (!$this->regenerateSessionId) {
831  // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
832  session_regenerate_id(true);
833  }
834 
835  if (!isset($this->session) || !is_array($this->session)) {
836  $this->session = array();
837  }
838 
839  if (!isset($this->session['data'])) {
840  $this->session['data'] = array();
841  }
842 
843  $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
844  ? $this->server['REMOTE_ADDR']
845  : '';
846  $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
847  ? $this->server['HTTP_USER_AGENT']
848  : '';
849  $this->session['sessionforwardedfor'] = isset($this->server['HTTP_X_FORWARDED_FOR'])
850  ? $this->server['HTTP_X_FORWARDED_FOR']
851  : '';
852 
853  // This should be set by the container to something more safe
854  // Like md5(passwd.microtime)
855  if(empty($this->session['challengekey'])) {
856  $this->session['challengekey'] = md5($username.microtime());
857  }
858 
859  $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
860  //setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
861  require_once 'Services/Utilities/classes/class.ilUtil.php';
862  ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
863 
864  $this->session['registered'] = true;
865  $this->session['username'] = $username;
866  $this->session['timestamp'] = time();
867  $this->session['idle'] = time();
868  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
$username
Definition: Auth.php:175
+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAuthData()

Auth::setAuthData (   $name,
  $value,
  $overwrite = true 
)

Register additional information that is to be stored in the session.

Parameters
stringName of the data field
mixedValue of the data field
booleanShould existing data be overwritten? (default is true)
Returns
void public

Definition at line 777 of file Auth.php.

Referenced by Auth_Container_DBLite\fetchData(), and Auth_HTTP\login().

778  {
779  if (!empty($this->session['data'][$name]) && $overwrite == false) {
780  return;
781  }
782  $this->session['data'][$name] = $value;
783  }
+ Here is the caller graph for this function:

◆ setCheckAuthCallback()

Auth::setCheckAuthCallback (   $checkAuthCallback)

Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void public
Since
Method available since Release 1.4.3

Definition at line 708 of file Auth.php.

References $checkAuthCallback.

709  {
710  $this->checkAuthCallback = $checkAuthCallback;
711  }
$checkAuthCallback
Definition: Auth.php:190

◆ setExpire()

Auth::setExpire (   $time,
  $add = false 
)

Set the maximum expire time.

Parameters
integertime in seconds
booladd time to current expire time or not
Returns
void public

Definition at line 619 of file Auth.php.

620  {
621  $add ? $this->expire += $time : $this->expire = $time;
622  }

◆ setFailedLoginCallback()

Auth::setFailedLoginCallback (   $loginFailedCallback)

Register a callback function to be called on failed user login.

The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void public

Definition at line 741 of file Auth.php.

References $loginFailedCallback.

742  {
743  $this->loginFailedCallback = $loginFailedCallback;
744  }
$loginFailedCallback
Definition: Auth.php:206

◆ setIdle()

Auth::setIdle (   $time,
  $add = false 
)

Set the maximum idle time.

Parameters
integertime in seconds
booladd time to current maximum idle time or not
Returns
void public

Definition at line 635 of file Auth.php.

636  {
637  $add ? $this->idle += $time : $this->idle = $time;
638  }

◆ setLoginCallback()

Auth::setLoginCallback (   $loginCallback)

Register a callback function to be called on user login.

The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void
See also
setLogoutCallback() User interface

Definition at line 725 of file Auth.php.

References $loginCallback.

726  {
727  $this->loginCallback = $loginCallback;
728  }
$loginCallback
Definition: Auth.php:198

◆ setLogoutCallback()

Auth::setLogoutCallback (   $logoutCallback)

Register a callback function to be called on user logout.

The function will receive three parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void
See also
setLoginCallback() User interface

Definition at line 758 of file Auth.php.

References $logoutCallback.

759  {
760  $this->logoutCallback = $logoutCallback;
761  }
$logoutCallback
Definition: Auth.php:214

◆ setSessionName()

Auth::setSessionName (   $name = 'session')

Set name of the session to a customized value.

If you are using multiple instances of PEAR::Auth on the same domain, you can change the name of session per application via this function. This will chnage the name of the session variable auth uses to store it's data in the session

Parameters
stringNew name for the session
Returns
void public

Definition at line 656 of file Auth.php.

References $_SESSION, and $_sessionName.

Referenced by ilAuthOpenId\__construct(), ilAuthCAS\__construct(), ilAuthSOAP\__construct(), ShibAuth\__construct(), ilAuthWeb\__construct(), ilAuthCron\__construct(), ilAuthECS\__construct(), ilAuthApache\__construct(), and ilAuthHTTP\__construct().

657  {
658  $this->_sessionName = '_auth_'.$name;
659  // Make Sure Auth session variable is there
660  if(!isset($_SESSION[$this->_sessionName])) {
661  $_SESSION[$this->_sessionName] = array();
662  }
663  $this->session =& $_SESSION[$this->_sessionName];
664  }
$_SESSION["AccountId"]
$_sessionName
Definition: Auth.php:221
+ Here is the caller graph for this function:

◆ setShowLogin()

Auth::setShowLogin (   $showLogin = true)

Should the login form be displayed if neccessary?

Parameters
boolshow login form or not
Returns
void public

Definition at line 676 of file Auth.php.

References $showLogin.

677  {
678  $this->showLogin = $showLogin;
679  }
$showLogin
Definition: Auth.php:153

◆ start()

Auth::start ( )

Start new auth session.

Returns
void public

Definition at line 518 of file Auth.php.

References assignData(), AUTH_LOG_DEBUG, checkAuth(), log(), and login().

519  {
520  $this->log('Auth::start() called.', AUTH_LOG_DEBUG);
521 
522  // #10729 - Regenerate session id here if we are generating it on every
523  // page load.
524  if ($this->regenerateSessionId) {
525  session_regenerate_id(true);
526  }
527 
528  $this->assignData();
529  if (!$this->checkAuth() && $this->allowLogin) {
530  $this->login();
531  }
532  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
login()
Login function.
Definition: Auth.php:543
checkAuth()
Checks if there is a session with valid auth information.
Definition: Auth.php:899
assignData()
Assign data from login form to internal values.
Definition: Auth.php:491
+ Here is the call graph for this function:

◆ staticCheckAuth()

Auth::staticCheckAuth (   $options = null)
static

Statically checks if there is a session with valid auth information.

public

See also
checkAuth
Returns
boolean Whether or not the user is authenticated.

Definition at line 1036 of file Auth.php.

References $options, Auth(), and AUTH_LOG_DEBUG.

1037  {
1038  static $staticAuth;
1039  if(!isset($staticAuth)) {
1040  $staticAuth = new Auth('null', $options);
1041  }
1042  $staticAuth->log('Auth::staticCheckAuth() called', AUTH_LOG_DEBUG);
1043  return $staticAuth->checkAuth();
1044  }
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
Auth($storageDriver, $options='', $loginFunction='', $showLogin=true)
Constructor.
Definition: Auth.php:335
if(!is_array($argv)) $options
+ Here is the call graph for this function:

◆ updateIdle()

Auth::updateIdle ( )

Update the idletime.

private

Returns
void

Definition at line 1101 of file Auth.php.

Referenced by checkAuth().

1102  {
1103  $this->session['idle'] = time();
1104  }
+ Here is the caller graph for this function:

Field Documentation

◆ $_postPassword

Auth::$_postPassword = 'password'

Definition at line 259 of file Auth.php.

Referenced by assignData().

◆ $_postUsername

Auth::$_postUsername = 'username'

Definition at line 252 of file Auth.php.

Referenced by assignData().

◆ $_sessionName

Auth::$_sessionName = '_authsession'

Definition at line 221 of file Auth.php.

Referenced by Auth(), Auth_HTTP\login(), and setSessionName().

◆ $advancedsecurity

Auth::$advancedsecurity = false

Definition at line 245 of file Auth.php.

Referenced by _isAdvancedSecurityEnabled().

◆ $allowLogin

Auth::$allowLogin = true

Definition at line 161 of file Auth.php.

Referenced by setAllowLogin().

◆ $authChecks

Auth::$authChecks = 0

Definition at line 295 of file Auth.php.

◆ $authdata

Auth::$authdata

Definition at line 289 of file Auth.php.

◆ $checkAuthCallback

Auth::$checkAuthCallback = ''

Definition at line 190 of file Auth.php.

Referenced by setCheckAuthCallback().

◆ $cookie

Auth::$cookie

Definition at line 283 of file Auth.php.

◆ $enableLogging

Auth::$enableLogging = false

Definition at line 309 of file Auth.php.

◆ $expire

Auth::$expire = 0

Definition at line 102 of file Auth.php.

◆ $expired

Auth::$expired = false

Definition at line 110 of file Auth.php.

◆ $idle

Auth::$idle = 0

Definition at line 122 of file Auth.php.

◆ $idled

Auth::$idled = false

Definition at line 130 of file Auth.php.

◆ $logger

Auth::$logger = null

Definition at line 302 of file Auth.php.

◆ $loginCallback

Auth::$loginCallback = ''

Definition at line 198 of file Auth.php.

Referenced by setLoginCallback().

◆ $loginFailedCallback

Auth::$loginFailedCallback = ''

Definition at line 206 of file Auth.php.

Referenced by setFailedLoginCallback().

◆ $loginFunction

Auth::$loginFunction = ''

Definition at line 145 of file Auth.php.

Referenced by Auth(), and Auth_Anonymous\Auth_Anonymous().

◆ $logoutCallback

Auth::$logoutCallback = ''

Definition at line 214 of file Auth.php.

Referenced by setLogoutCallback().

◆ $password

Auth::$password = ''

Definition at line 182 of file Auth.php.

Referenced by Auth_HTTP\assignData().

◆ $post

Auth::$post

Definition at line 277 of file Auth.php.

◆ $regenerateSessionId

Auth::$regenerateSessionId = false

Definition at line 316 of file Auth.php.

◆ $server

Auth::$server

Definition at line 271 of file Auth.php.

◆ $session

Auth::$session

Definition at line 265 of file Auth.php.

◆ $showLogin

Auth::$showLogin = true

Definition at line 153 of file Auth.php.

Referenced by Auth(), Auth_Anonymous\Auth_Anonymous(), and setShowLogin().

◆ $status

Auth::$status = ''

Definition at line 168 of file Auth.php.

Referenced by getStatus().

◆ $storage

Auth::$storage = ''

Definition at line 138 of file Auth.php.

Referenced by Auth_HTTP\login().

◆ $username

◆ $version

Auth::$version = "@version@"

Definition at line 228 of file Auth.php.


The documentation for this class was generated from the following file: