ILIAS  Release_3_10_x_branch Revision 61812
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthUtils.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 // define auth modes
25 define ("AUTH_LOCAL",1);
26 define ("AUTH_LDAP",2);
27 define ("AUTH_RADIUS",3);
28 define ("AUTH_SCRIPT",4);
29 define ("AUTH_SHIBBOLETH",5);
30 define ("AUTH_CAS",6);
31 define ("AUTH_SOAP",7);
32 // BEGIN WebDAV: Add support for HTTP authentication
33 define ("AUTH_HTTP",8);
34 // END WebDAV: Add support for HTTP authentication
35 define ("AUTH_ECS",9);
36 
37 
38 define ("AUTH_INACTIVE",18);
39 
40 define('AUTH_MULTIPLE',20);
41 
42 define('AUTH_SOAP_NO_ILIAS_USER', -100);
43 define('AUTH_LDAP_NO_ILIAS_USER',-200);
44 define('AUTH_RADIUS_NO_ILIAS_USER',-300);
45 
46 define('AUTH_MODE_INACTIVE',-1000);
47 
48 
49 // an external user cannot be found in ilias, but his email address
50 // matches one or more ILIAS users
51 define('AUTH_SOAP_NO_ILIAS_USER_BUT_EMAIL', -101);
52 define('AUTH_CAS_NO_ILIAS_USER', -90);
53 
63 {
64 
68  function _initAuth()
69  {
70  global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
71 //var_dump($_SESSION);
72  $ilBench->start('Auth','initAuth');
73 
74  // check whether settings object is available
75  if (!is_object($ilSetting))
76  {
77  die ("Fatal Error: ilAuthUtils::_initAuth called without ilSetting.");
78  }
79 
80  // check whether database object is available
81  if (!is_object($ilDB))
82  {
83  die ("Fatal Error: ilAuthUtils::_initAuth called without ilDB.");
84  }
85 
86  // check whether client ini file object is available
87  if (!is_object($ilClientIniFile))
88  {
89  die ("Fatal Error: ilAuthUtils::_initAuth called without ilClientIniFile.");
90  }
91 
92  // get default auth mode
93  //$default_auth_mode = $this->getSetting("auth_mode");
94  define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
95 
96  // set local auth mode (1) in case database wasn't updated
97  /*if ($default_auth_mode === false)
98  {
99  $default_auth_mode = AUTH_LOCAL;
100  }*/
101 //var_dump($_SESSION);
102  // determine authentication method if no session is found and username & password is posted
103  // does this if statement make any sense? we enter this block nearly everytime.
104  if (empty($_SESSION) ||
105  (!isset($_SESSION['_authsession']['registered']) ||
106  $_SESSION['_authsession']['registered'] !== true))
107  {
108  // no sesssion found
109  if ($_POST['username'] != '' and $_POST['password'] != '' or isset($_GET['ecs_hash']))
110  {
111  $user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
112 
113  if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
114  {
115  $user_auth_mode = AUTH_LOCAL;
116  }
117  if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
118  {
119  $user_auth_mode = AUTH_LOCAL;
120  }
121  if ($user_auth_mode == AUTH_SHIBBOLETH && $ilSetting->get("shib_auth_allow_local"))
122  {
123  $user_auth_mode = AUTH_LOCAL;
124  }
125  }
126  }
127 
128  // to do: other solution?
129  if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
130  {
131  $user_auth_mode = AUTH_LOCAL;
132  }
133 
134  // BEGIN WebDAV: Share session between browser and WebDAV client.
135  // The realm is needed to support a common session between Auth_HTTP and Auth.
136  // It also helps us to distinguish between parallel sessions run on different clients.
137  // Common session only works if we use a common session name starting with "_authhttp".
138  // We must use the "_authttp" prefix, because it is hardcoded in the session name of
139  // class Auth_HTTP.
140  // Whenever we use Auth_HTTP, we need to explicitly switch off "sessionSharing", because
141  // it interfers with the session mechanism of the other Auth modules. If we would
142  // keep this switched on, then users could steal each others session, which would cause
143  // a major security breach.
144  // Note: The realm and sessionName used here, must be the same as in
145  // class ilBaseAuthentication. Otherwise, Soap clients won't be able to log
146  // in to ILIAS.
147  $realm = CLIENT_ID;
148  //$this->writelog('ilias.php realm='.$realm);
149  // END WebDAV: Share session between browser and WebDAV client.
150 
151 //var_dump($_SESSION);
152 //echo "1-".$ilSetting->get("soap_auth_active")."-";
153  // if soap authentication activated and soap credentials given
154  if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
155  && !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
156  {
157  include_once("Services/SOAPAuth/classes/class.ilSOAPAuth.php");
158 
159  if (!is_object($GLOBALS['ilSOAPAuth']))
160  {
161  $auth_params = array(
162  "server_hostname" => $ilSetting->get("soap_auth_server"),
163  "server_port" => $ilSetting->get("soap_auth_port"),
164  "server_uri" => $ilSetting->get("soap_auth_uri"),
165  "https" => $ilSetting->get("soap_auth_use_https"),
166  "namespace" => $ilSetting->get("soap_auth_namespace"),
167  // BEGIN WebDAV: Share session between browser and WebDAV client.
168  'sessionName' => "_authhttp".md5($realm),
169  // END WebDAV: Share session between browser and WebDAV client.
170  "use_dotnet" => $ilSetting->get("soap_auth_use_dotnet")
171  );
172  // this starts already the session, AccountId is '' _authsession is null
173  // (assuming that ilSOAPAuth constructor calls Auth constructor
174  $ilSOAPAuth = new ilSOAPAuth($auth_params);
175  $GLOBALS['ilSOAPAuth'] =& $ilSOAPAuth;
176  }
177  else
178  {
179  $ilSOAPAuth =& $GLOBALS['ilSOAPAuth'];
180  }
181 
182  define ("AUTH_CURRENT", AUTH_SOAP);
183  }
184  // if Shibboleth is active and the user is authenticated
185  // we set auth_mode to Shibboleth
186  else if ( $ilSetting->get("shib_active")
187  && $_SERVER[$ilSetting->get("shib_login")])
188  {
189  define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
190  }
191  // check CAS authentication
192  else if ($ilSetting->get("cas_active") && $_POST['username'] == '')
193  {
194  include_once("Services/CAS/classes/class.ilCASAuth.php");
195 
196  if (!is_object($GLOBALS['ilCASAuth']))
197  {
198  $auth_params = array(
199  "server_version" => CAS_VERSION_2_0,
200  "server_hostname" => $ilSetting->get("cas_server"),
201  "server_port" => $ilSetting->get("cas_port"),
202  "server_uri" => $ilSetting->get("cas_uri"),
203  // BEGIN PATCH WebDAV: Share session between browser and WebDAV client.
204  'sessionName' => "_authhttp".md5($realm)
205  // END PATCH WebDAV: Share session between browser and WebDAV client.
206  );
207 //echo "II";
208 //var_dump($_SESSION);
209  $ilCASAuth = new ilCASAuth($auth_params);
210 //var_dump($_SESSION);
211  $GLOBALS['ilCASAuth'] =& $ilCASAuth;
212  }
213  else
214  {
215  $ilCASAuth =& $GLOBALS['ilCASAuth'];
216  }
217 
218  if ($_GET["forceCASLogin"] == "1")
219  {
220  $ilCASAuth->forceCASAuth();
221  }
222 
223  if ($ilCASAuth->checkCASAuth())
224  {
225  define ("AUTH_CURRENT", AUTH_CAS);
226  }
227  else
228  {
229  define ("AUTH_CURRENT", $user_auth_mode);
230  //session_unset();
231  }
232  }
233  else
234  {
235  define ("AUTH_CURRENT", $user_auth_mode);
236  }
237 //var_dump($_SESSION);
238 
239  // Determine the authentication method to use
240  if (WebDAV_Authentication == 'HTTP') {
241  // Since WebDAV clients create the login form by
242  // themselves, we can not provide buttons on the form for
243  // choosing an authentication method.
244  // If the user is already logged in, we continue using
245  // the current authentication method. If the user is
246  // not logged in yet, we use the "multiple authentication"
247  // method using a predefined sequence of authentication methods.
248  $authmode = AUTH_CURRENT ? AUTH_CURRENT : AUTH_MULTIPLE;
249  } else {
250  $authmode = AUTH_CURRENT;
251  }
252  switch ($authmode)
253  {
254  case AUTH_LDAP:
255  if (WebDAV_Authentication == 'HTTP')
256  {
257  // Use HTTP authentication as the frontend for WebDAV clients:
258  require_once("Auth/HTTP.php");
259  $auth_params = array();
260  $auth_params['sessionName'] = "_authhttp".md5($realm);
261  $auth_params['sessionSharing'] = false;
262  require_once 'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
263  require_once 'Services/LDAP/classes/class.ilLDAPServer.php';
265  $authContainer = new ilAuthContainerLDAP($ldap_server, $ldap_server->toPearAuthArray());
266  $authContainer->setObserversEnabled(true);
267  $ilAuth = new Auth_HTTP($authContainer, $auth_params,"",false);
268  $ilAuth->setRealm($realm);
269  }
270  else
271  {
272  // Use a login form as the frontend for web browsers:
273  require_once 'Services/LDAP/classes/class.ilAuthLDAP.php';
274  $auth_params['sessionName'] = "_authhttp".md5($realm);
275  $ilAuth = new ilAuthLDAP($auth_params);
276  }
277  break;
278 
279  case AUTH_RADIUS:
280  if (WebDAV_Authentication == 'HTTP')
281  {
282  // FIXME - WebDAV Authentication with RADIUS is broken!!!
283  // We need to implement a class ilAuthContainerRadius and move
284  // all the code which is currently in ilAuthRadius into this class.
285  //
286  // Use HTTP authentication as the frontend for WebDAV clients:
287  require_once("Auth/HTTP.php");
288  $auth_params = array();
289  $auth_params['sessionName'] = "_authhttp".md5($realm);
290  $auth_params['sessionSharing'] = false;
291  $ilAuth = new Auth_HTTP("RADIUS", $auth_params,"",false);
292  $ilAuth->setRealm($realm);
293  }
294  else
295  {
296  // Use a login form as the frontend for web browsers:
297  $auth_params = array();
298  $auth_params['sessionName'] = "_authhttp".md5($realm);
299  include_once('./Services/Radius/classes/class.ilAuthRadius.php');
300  $ilAuth = new ilAuthRadius($auth_params);
301  }
302  break;
303 
304 
305  case AUTH_SHIBBOLETH:
306  // build option string for SHIB::Auth
307  $auth_params = array();
308  $auth_params['sessionName'] = "_authhttp".md5($realm);
309  $ilAuth = new ShibAuth($auth_params,true);
310  break;
311 
312  case AUTH_CAS:
313  $ilAuth =& $ilCASAuth;
314  $ilAuth->forceCASAuth();
315  break;
316 
317  case AUTH_SOAP:
318  $ilAuth =& $ilSOAPAuth;
319  break;
320 
321  case AUTH_MULTIPLE:
322  if (WebDAV_Authentication == 'HTTP')
323  {
324  // Determine sequence of authentication methods
325  require_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
326  $modeDetermination = ilAuthModeDetermination::_getInstance();
327  $authModeSequence = array_flip($modeDetermination->getAuthModeSequence());
328 
329 
330  // Create the container of each authentication method
331  // FIXME - We only support LDAP and local authentication here!!
332  // We need to support Radius as well!!
333  require_once 'Auth/Container/Multiple.php';
334  $multiple_params = array();
335 
336  if (array_key_exists(AUTH_LDAP, $authModeSequence))
337  {
338  require_once 'Services/LDAP/classes/class.ilAuthContainerLDAP.php';
339  require_once 'Services/LDAP/classes/class.ilLDAPServer.php';
340  $container_params = array();
342  $authContainer = new ilAuthContainerLDAP($ldap_server, $ldap_server->toPearAuthArray());
343  $authContainer->setObserversEnabled(true);
344  $multiple_params[$authModeSequence[AUTH_LDAP]] = array(
345  'type' => 'LDAP',
346  'container' => $authContainer,
347  'options' => $container_params
348  );
349  }
350 
351  if (array_key_exists(AUTH_LOCAL, $authModeSequence))
352  {
353  require_once 'class.ilAuthContainerMDB2.php';
354  $container_params = array();
355  $container_params['dsn'] = IL_DSN;
356  $container_params['table'] = $ilClientIniFile->readVariable("auth", "table");
357  $container_params['usernamecol'] = $ilClientIniFile->readVariable("auth", "usercol");
358  $container_params['passwordcol'] = $ilClientIniFile->readVariable("auth", "passcol");
359  $authContainer = new ilAuthContainerMDB2($container_params);
360  $authContainer->setObserversEnabled(true);
361  $multiple_params[$authModeSequence[AUTH_LOCAL]] = array(
362  'type' => 'MDB2',
363  'container' => $authContainer,
364  'options' => $container_params
365  );
366  }
367 
368  $multipleContainer = new Auth_Container_Multiple($multiple_params);
369 
370  // Use HTTP authentication as the frontend:
371  require_once("Auth/HTTP.php");
372  $auth_params = array();
373  $auth_params['sessionName'] = "_authhttp".md5($realm);
374  $auth_params['sessionSharing'] = false;
375  $ilAuth = new Auth_HTTP($multipleContainer, $auth_params,"",false);
376  $ilAuth->setRealm($realm);
377 
378  // This foreach loop is a very dirty trick to work around
379  // the container factory in Auth_Container_Multiple.
380  foreach ($multiple_params as $key => $options)
381  {
382  $multipleContainer->containers[$key] = $options['container'];
383  $options['container']->_auth_obj = $ilAuth;
384  $options['container']->setObserversEnabled(true);
385  }
386  }
387  else
388  {
389  require_once('./Services/Authentication/classes/class.ilAuthMultiple.php');
390  $ilAuth = new ilAuthMultiple();
391  }
392  break;
393  case AUTH_ECS:
394  $auth_params = array();
395  $auth_params['sessionName'] = "_authhttp".md5($realm);
396  require_once('./Services/WebServices/ECS/classes/class.ilAuthECS.php');
397  $ilAuth = new ilAuthECS($auth_params,$_GET['ecs_hash']);
398  break;
399 
400  case AUTH_INACTIVE:
401  require_once('./Services/Authentication/classes/class.ilAuthInactive.php');
402  $ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
403  break;
404 
405  case AUTH_LOCAL:
406  default:
407  // build option string for PEAR::Auth
408  $auth_params = array();
409  $auth_params['dsn'] = IL_DSN;
410  $auth_params['table'] = $ilClientIniFile->readVariable("auth", "table");
411  $auth_params['usernamecol'] = $ilClientIniFile->readVariable("auth", "usercol");
412  $auth_params['passwordcol'] = $ilClientIniFile->readVariable("auth", "passcol");
413  $auth_params['sessionName'] = "_authhttp".md5($realm);
414 
415  // We use MySQL as storage container
416  // this starts already the session, AccountId is '' _authsession is null
417  //
418  if (WebDAV_Authentication == 'HTTP')
419  {
420  // Use HTTP authentication as the frontend for WebDAV clients:
421  require_once("Auth/HTTP.php");
422  require_once 'class.ilAuthContainerMDB2.php';
423  $auth_params['sessionSharing'] = false;
424  $authContainer = new ilAuthContainerMDB2($auth_params);
425  $authContainer->setObserversEnabled(true);
426  $ilAuth = new Auth_HTTP($authContainer, $auth_params,"",false);
427  $ilAuth->setRealm($realm);
428  }
429  else
430  {
431  // Use a login form as the frontend for web browsers:
432  require_once 'class.ilAuthContainerMDB2.php';
433  $authContainer = new ilAuthContainerMDB2($auth_params);
434  $authContainer->setObserversEnabled(true);
435  $ilAuth = new Auth($authContainer, $auth_params,"",false);
436  }
437  break;
438 
439  }
440 
441  // Due to a bug in Pear Auth_HTTP, we can't use idle time
442  // with WebDAV clients. If we used it, users could never log
443  // back into ILIAS once their session idled out. :(
444  if (WebDAV_Authentication != 'HTTP') {
445  $ilAuth->setIdle($ilClientIniFile->readVariable("session","expire"), false);
446  }
447  $ilAuth->setExpire(0);
448 
449  // In developer mode, enable logging on the Pear Auth object
450  if (DEVMODE == 1)
451  {
452  global $ilLog;
453  if(method_exists($ilAuth,'attachLogObserver'))
454  {
455  if(@include_once('Log.php'))
456  {
457  if(@include_once('Log/observer.php'))
458  {
459  include_once('Services/LDAP/classes/class.ilAuthLDAPLogObserver.php');
460  $ilAuth->attachLogObserver(new ilAuthLDAPLogObserver(AUTH_LOG_DEBUG));
461  $ilAuth->enableLogging = true;
462  }
463  }
464  }
465  }
466 
467  ini_set("session.cookie_lifetime", "0");
468 //echo "-".get_class($ilAuth)."-";
469  $GLOBALS['ilAuth'] =& $ilAuth;
470 
471  $ilBench->stop('Auth','initAuth');
472  }
473 
474  function _getAuthModeOfUser($a_username,$a_password,$a_db_handler = '')
475  {
476  global $ilDB;
477 
478  if(isset($_GET['ecs_hash']))
479  {
480  return AUTH_ECS;
481  }
482  if(isset($_POST['auth_mode']))
483  {
484  return (int) $_POST['auth_mode'];
485  }
486 
487  include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
489 
490  if(!$det->isManualSelection())
491  {
492  return AUTH_MULTIPLE;
493  }
494 
495 
496  $db =& $ilDB;
497 
498  if ($a_db_handler != '')
499  {
500  $db =& $a_db_handler;
501  }
502 
503  // Is it really necessary to check the auth mode with password ?
504  // Changed: smeyer
505  $q = "SELECT auth_mode FROM usr_data WHERE ".
506  "login = ".$ilDB->quote($a_username);
507  //"passwd = ".$ilDB->quote(md5($a_password))."";
508 
509 
510  $r = $db->query($q);
511  $row = $r->fetchRow(DB_FETCHMODE_OBJECT);
512 //echo "+".$row->auth_mode."+";
513 
514  $auth_mode = self::_getAuthMode($row->auth_mode,$db);
515 
516  return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
517  }
518 
519  function _getAuthMode($a_auth_mode,$a_db_handler = '')
520  {
521  global $ilDB;
522 
523  $db =& $ilDB;
524 
525  if ($a_db_handler != '')
526  {
527  $db =& $a_db_handler;
528  }
529 
530  switch ($a_auth_mode)
531  {
532  case "local":
533  return AUTH_LOCAL;
534  break;
535 
536  case "ldap":
537  return AUTH_LDAP;
538  break;
539 
540  case "radius":
541  return AUTH_RADIUS;
542  break;
543 
544  case "script":
545  return AUTH_SCRIPT;
546  break;
547 
548  case "shibboleth":
549  return AUTH_SHIBBOLETH;
550  break;
551 
552  case "cas":
553  return AUTH_CAS;
554  break;
555 
556  case "soap":
557  return AUTH_SOAP;
558  break;
559 
560  case 'ecs':
561  return AUTH_ECS;
562 
563 
564  default:
565  $q = "SELECT value FROM settings WHERE ".
566  "keyword='auth_mode'";
567  $r = $db->query($q);
568  $row = $r->fetchRow();
569  return $row[0];
570  break;
571  }
572  }
573 
574  function _getAuthModeName($a_auth_key)
575  {
576  global $ilias;
577 
578  switch ($a_auth_key)
579  {
580  case AUTH_LOCAL:
581  return "local";
582  break;
583 
584  case AUTH_LDAP:
585  return "ldap";
586  break;
587 
588  case AUTH_RADIUS:
589  return "radius";
590  break;
591 
592  case AUTH_CAS:
593  return "cas";
594  break;
595 
596  case AUTH_SCRIPT:
597  return "script";
598  break;
599 
600  case AUTH_SHIBBOLETH:
601  return "shibboleth";
602  break;
603 
604  case AUTH_SOAP:
605  return "soap";
606  break;
607 
608  case AUTH_ECS:
609  return 'ecs';
610 
611  default:
612  return "default";
613  break;
614  }
615  }
616 
618  {
619  global $ilias,$ilSetting;
620 
621  $modes = array(
622  'default' => $ilSetting->get("auth_mode"),
623  'local' => AUTH_LOCAL
624  );
625  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
627  {
628  $modes['ldap'] = AUTH_LDAP;
629  }
630  if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
631  if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
632  if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
633  if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
634  if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
635 
636  include_once('./Services/WebServices/ECS/classes/class.ilECSSettings.php');
637 
638  if(ilECSSettings::_getInstance()->isEnabled())
639  {
640  $modes['ecs'] = AUTH_ECS;
641  }
642  return $modes;
643  }
644 
645  function _getAllAuthModes()
646  {
647  return array(
655  }
656 
661  function _generateLogin($a_login)
662  {
663  global $ilDB;
664 
665  // Check if username already exists
666  $found = false;
667  $postfix = 0;
668  $c_login = $a_login;
669  while(!$found)
670  {
671  $r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
672  $ilDB->quote($c_login));
673  if ($r->numRows() > 0)
674  {
675  $postfix++;
676  $c_login = $a_login.$postfix;
677  }
678  else
679  {
680  $found = true;
681  }
682  }
683 
684  return $c_login;
685  }
686 
687  public static function _hasMultipleAuthenticationMethods()
688  {
689  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
690 
691  $rad_settings = ilRadiusSettings::_getInstance();
692  if($rad_settings->isActive())
693  {
694  return true;
695  }
696  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
697  return count(ilLDAPServer::_getActiveServerList()) ? true : false;
698  }
699 
700  public static function _getMultipleAuthModeOptions($lng)
701  {
702  global $ilSetting;
703 
704  // in the moment only ldap is activated as additional authentication method
705  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
706 
707  $options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
708 
709  // LDAP
710  if($ldap_id = ilLDAPServer::_getFirstActiveServer())
711  {
712  $ldap_server = new ilLDAPServer($ldap_id);
713  $options[AUTH_LDAP]['txt'] = $ldap_server->getName();
714  }
715  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
716  $rad_settings = ilRadiusSettings::_getInstance();
717  if($rad_settings->isActive())
718  {
719  $options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
720  }
721 
722  if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
723  {
724  $default = AUTH_LDAP;
725  }
726  elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
727  {
728  $default = AUTH_RADIUS;
729  }
730  else
731  {
732  $default = AUTH_LOCAL;
733  }
734 
735  $default = $ilSetting->get('default_auth_mode',$default);
736  $default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
737 
738  $options[$default]['checked'] = true;
739  return $options ? $options : array();
740  }
741 
751  public static function _isExternalAccountEnabled()
752  {
753  global $ilSetting;
754 
755  if($ilSetting->get("cas_active"))
756  {
757  return true;
758  }
759  if($ilSetting->get("soap_auth_active"))
760  {
761  return true;
762  }
763  if($ilSetting->get("shib_active"))
764  {
765  return true;
766  }
767  if($ilSetting->get('radius_active'))
768  {
769  return true;
770  }
771  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
773  {
774  return true;
775  }
776  return false;
777  }
778 
787  public static function _allowPasswordModificationByAuthMode($a_auth_mode)
788  {
789  switch($a_auth_mode)
790  {
791  case AUTH_LDAP:
792  case AUTH_RADIUS:
793  case AUTH_ECS:
794  return false;
795  default:
796  return true;
797  }
798  }
799 
808  public static function _needsExternalAccountByAuthMode($a_auth_mode)
809  {
810  switch($a_auth_mode)
811  {
812  case AUTH_LOCAL:
813  return false;
814  default:
815  return true;
816  }
817  }
818 }
819 ?>