00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00034 require_once "class.ilObjectGUI.php";
00035
00036 class ilObjAuthSettingsGUI extends ilObjectGUI
00037 {
00042 function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
00043 {
00044 $this->type = "auth";
00045 $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output);
00046
00047 define('LDAP_DEFAULT_PORT',389);
00048 define('RADIUS_DEFAULT_PORT',1812);
00049 }
00050
00056 function viewObject()
00057 {
00058 global $rbacsystem;
00059
00060 if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
00061 {
00062 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00063 }
00064
00065 $this->getTemplateFile("general");
00066
00067 $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=".$this->ref_id."&cmd=gateway");
00068 $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
00069
00070 $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
00071 $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
00072 $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active")."?");
00073 $this->tpl->setVariable("TXT_AUTH_DESC", $this->lng->txt("description"));
00074
00075 $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
00076 $this->tpl->setVariable("TXT_LOCAL_DESC", $this->lng->txt("auth_local_desc"));
00077 $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
00078 $this->tpl->setVariable("TXT_LDAP_DESC", $this->lng->txt("auth_ldap_desc"));
00079 $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
00080 $this->tpl->setVariable("TXT_SHIB_DESC", $this->lng->txt("auth_shib_desc"));
00081
00082 $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
00083 $this->tpl->setVariable("TXT_RADIUS_DESC", $this->lng->txt("auth_radius_desc"));
00084 $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
00085 $this->tpl->setVariable("TXT_SCRIPT_DESC", $this->lng->txt("auth_script_desc"));
00086
00087 $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
00088 $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
00089 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00090 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00091 $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
00092
00093
00094 $checked = "checked=\"checked\"";
00095 $disabled = "disabled=\"disabled\"";
00096 $style_disabled = "_disabled";
00097
00098
00099 $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.gif")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
00100 $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.gif")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
00101
00102 $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
00103 $this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
00104 $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
00105 $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
00106 $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
00107
00108
00109 switch ($this->ilias->getSetting('auth_mode'))
00110 {
00111 case AUTH_LOCAL:
00112 $this->tpl->setVariable("CHK_LOCAL", $checked);
00113
00114
00115
00116
00117
00118
00119
00120
00121 break;
00122
00123 case AUTH_LDAP:
00124 $this->tpl->setVariable("CHK_LDAP", $checked);
00125
00126
00127
00128
00129
00130
00131 break;
00132
00133 case AUTH_SHIBBOLETH:
00134
00135
00136
00137 $this->tpl->setVariable("CHK_SHIB", $checked);
00138
00139
00140
00141
00142 break;
00143
00144 case AUTH_RADIUS:
00145
00146
00147 $this->tpl->setVariable("CHK_RADIUS", $checked);
00148
00149
00150
00151
00152 break;
00153
00154 case AUTH_SCRIPT:
00155
00156
00157 $this->tpl->setVariable("CHK_SCRIPT", $checked);
00158
00159
00160
00161
00162 break;
00163 }
00164
00165
00166
00167 $this->tpl->setVariable("FORMACTION_ROLES", "adm_object.php?ref_id=".$this->ref_id."&cmd=gateway");
00168 $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
00169 $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
00170 $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
00171 $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
00172
00173 include_once("classes/class.ilObjRole.php");
00174 $reg_roles = ilObjRole::_lookupRegisterAllowed();
00175
00176
00177 include_once('classes/class.ilAuthUtils.php');
00178 $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
00179
00180 foreach ($reg_roles as $role)
00181 {
00182 foreach ($active_auth_modes as $auth_name => $auth_key)
00183 {
00184 $this->tpl->setCurrentBlock("auth_mode_selection");
00185
00186 if ($auth_name == 'default')
00187 {
00188 $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
00189 }
00190 else
00191 {
00192 $name = $this->lng->txt('auth_'.$auth_name);
00193 }
00194
00195 $this->tpl->setVariable("AUTH_MODE_NAME", $name);
00196
00197 $this->tpl->setVariable("AUTH_MODE", $auth_name);
00198
00199 if ($role['auth_mode'] == $auth_name)
00200 {
00201 $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
00202 }
00203
00204 $this->tpl->parseCurrentBlock();
00205 }
00206
00207 $this->tpl->setCurrentBlock("roles");
00208 $this->tpl->setVariable("ROLE", $role['title']);
00209 $this->tpl->setVariable("ROLE_ID", $role['id']);
00210 $this->tpl->parseCurrentBlock();
00211 }
00212 }
00213
00219 function getTabs(&$tabs_gui)
00220 {
00221
00222
00223 }
00224
00225 function setAuthModeObject()
00226 {
00227 global $rbacsystem;
00228
00229 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00230 {
00231 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00232 }
00233
00234 if (empty($_POST["auth_mode"]))
00235 {
00236 $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
00237 }
00238
00239 if ($_POST["auth_mode"] == AUTH_DEFAULT)
00240 {
00241 sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
00242 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00243 }
00244
00245 switch ($_POST["auth_mode"])
00246 {
00247 case AUTH_LDAP:
00248 if ($this->object->checkAuthLDAP() !== true)
00249 {
00250 sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
00251 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editLDAP")));
00252 }
00253 break;
00254
00255 case AUTH_SHIB:
00256 if ($this->object->checkAuthSHIB() !== true)
00257 {
00258 sendInfo($this->lng->txt("auth_shib_not_configured"),true);
00259 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editSHIB")));
00260 }
00261 break;
00262
00263 case AUTH_RADIUS:
00264 if ($this->object->checkAuthRADIUS() !== true)
00265 {
00266 sendInfo($this->lng->txt("auth_radius_not_configured"),true);
00267 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editRADIUS")));
00268 }
00269 break;
00270
00271 case AUTH_SCRIPT:
00272 if ($this->object->checkAuthScript() !== true)
00273 {
00274 sendInfo($this->lng->txt("auth_script_not_configured"),true);
00275 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editScript")));
00276 }
00277 break;
00278 }
00279
00280 $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
00281
00282 sendInfo($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
00283 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00284 }
00285
00291 function editLDAPObject()
00292 {
00293 global $rbacsystem;
00294
00295 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00296 {
00297 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00298 }
00299
00300 if ($_SESSION["error_post_vars"])
00301 {
00302 if ($_SESSION["error_post_vars"]["ldap"]["active"] == "1")
00303 {
00304 $this->tpl->setVariable("CHK_LDAP_ACTIVE", "checked=\"checked\"");
00305 }
00306
00307 if ($_SESSION["error_post_vars"]["ldap"]["tls"] == "1")
00308 {
00309 $this->tpl->setVariable("LDAP_TLS_CHK", "checked=\"checked\"");
00310 }
00311
00312 if ($_SESSION["error_post_vars"]["ldap"]["version"] == "3")
00313 {
00314 $this->tpl->setVariable("LDAP_VERSION3_CHK", "checked=\"checked\"");
00315 }
00316 else
00317 {
00318 $this->tpl->setVariable("LDAP_VERSION2_CHK", "checked=\"checked\"");
00319 }
00320
00321 $this->tpl->setVariable("LDAP_SERVER", $_SESSION["error_post_vars"]["ldap"]["server"]);
00322 $this->tpl->setVariable("LDAP_BASEDN", $_SESSION["error_post_vars"]["ldap"]["basedn"]);
00323 $this->tpl->setVariable("LDAP_SEARCH_BASE", $_SESSION["error_post_vars"]["ldap"]["search_base"]);
00324 $this->tpl->setVariable("LDAP_PORT", $_SESSION["error_post_vars"]["ldap"]["port"]);
00325 $this->tpl->setVariable("LDAP_LOGIN_KEY", $_SESSION["error_post_vars"]["ldap"]["login_key"]);
00326 $this->tpl->setVariable("LDAP_OBJECTCLASS", $_SESSION["error_post_vars"]["ldap"]["objectclass"]);
00327 }
00328 else
00329 {
00330
00331 $settings = $this->ilias->getAllSettings();
00332
00333 if ($settings["ldap_active"] == "1")
00334 {
00335 $this->tpl->setVariable("CHK_LDAP_ACTIVE", "checked=\"checked\"");
00336 }
00337
00338 if ($settings["ldap_tls"] == "1")
00339 {
00340 $this->tpl->setVariable("LDAP_TLS_CHK", "checked=\"checked\"");
00341 }
00342
00343 $this->tpl->setVariable("LDAP_SERVER", $settings["ldap_server"]);
00344 $this->tpl->setVariable("LDAP_BASEDN", $settings["ldap_basedn"]);
00345 $this->tpl->setVariable("LDAP_SEARCH_BASE", $settings["ldap_search_base"]);
00346
00347 if (empty($settings["ldap_port"]))
00348 {
00349 $this->tpl->setVariable("LDAP_PORT", LDAP_DEFAULT_PORT);
00350 }
00351 else
00352 {
00353 $this->tpl->setVariable("LDAP_PORT", $settings["ldap_port"]);
00354 }
00355
00356 if (empty($settings["ldap_login_key"]))
00357 {
00358 $this->tpl->setVariable("LDAP_LOGIN_KEY", "uid");
00359 }
00360 else
00361 {
00362 $this->tpl->setVariable("LDAP_LOGIN_KEY", $settings["ldap_login_key"]);
00363 }
00364
00365 if (empty($settings["ldap_objectclass"]))
00366 {
00367 $this->tpl->setVariable("LDAP_OBJECTCLASS", "posixAccount");
00368 }
00369 else
00370 {
00371 $this->tpl->setVariable("LDAP_OBJECTCLASS", $settings["ldap_objectclass"]);
00372 }
00373
00374 if (empty($settings["ldap_version"]) or $settings["ldap_version"] == "2")
00375 {
00376 $this->tpl->setVariable("LDAP_VERSION2_CHK", "checked=\"checked\"");
00377 }
00378 else
00379 {
00380 $this->tpl->setVariable("LDAP_VERSION3_CHK", "checked=\"checked\"");
00381 }
00382 }
00383
00384 $this->getTemplateFile("ldap");
00385
00386 $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=".$this->ref_id."&cmd=gateway");
00387 $this->tpl->setVariable("COLSPAN", 3);
00388 $this->tpl->setVariable("TXT_LDAP_TITLE", $this->lng->txt("ldap_configure"));
00389 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00390 $this->tpl->setVariable("TXT_LDAP_ACTIVE", $this->lng->txt("auth_ldap_enable"));
00391 $this->tpl->setVariable("TXT_LDAP_TLS", $this->lng->txt("ldap_tls"));
00392 $this->tpl->setVariable("TXT_LDAP_SERVER", $this->lng->txt("ldap_server"));
00393 $this->tpl->setVariable("TXT_LDAP_BASEDN", $this->lng->txt("ldap_basedn"));
00394 $this->tpl->setVariable("TXT_LDAP_SEARCH_BASE", $this->lng->txt("ldap_search_base"));
00395 $this->tpl->setVariable("TXT_LDAP_PORT", $this->lng->txt("ldap_port"));
00396 $this->tpl->setVariable("TXT_LDAP_TLS", $this->lng->txt("ldap_tls"));
00397
00398 $this->tpl->setVariable("TXT_LDAP_VERSION", $this->lng->txt("ldap_version"));
00399 $this->tpl->setVariable("TXT_LDAP_VERSION2", $this->lng->txt("ldap_v2"));
00400 $this->tpl->setVariable("TXT_LDAP_VERSION3", $this->lng->txt("ldap_v3"));
00401
00402 $this->tpl->setVariable("TXT_LDAP_LOGIN_KEY", $this->lng->txt("ldap_login_key"));
00403 $this->tpl->setVariable("TXT_LDAP_OBJECTCLASS", $this->lng->txt("ldap_objectclass"));
00404
00405 $this->tpl->setVariable("TXT_LDAP_PASSWD", $this->lng->txt("ldap_passwd"));
00406
00407 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00408 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00409 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00410 $this->tpl->setVariable("CMD_SUBMIT", "saveLDAP");
00411 }
00412
00413
00419 function saveLDAPObject()
00420 {
00421 global $ilUser;
00422
00423
00424 if (!$_POST["ldap"]["server"] or !$_POST["ldap"]["basedn"] or !$_POST["ldap"]["port"] or !$_POST["ldap"]["login_key"] or !$_POST["ldap"]["objectclass"])
00425 {
00426 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00427 }
00428
00429
00430 if (!$_POST["ldap"]["passwd"])
00431 {
00432 $this->ilias->raiseError($this->lng->txt("err_enter_current_passwd"),$this->ilias->error_obj->MESSAGE);
00433 }
00434
00435
00436 if ((preg_match("/^[0-9]{0,5}$/",$_POST["ldap"]["port"])) == false)
00437 {
00438 $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
00439 }
00440
00441
00442 if ($_POST["ldap"]["tls"] != "1")
00443 {
00444 $_POST["ldap"]["tls"] = "0";
00445 }
00446
00447
00448
00449
00450 $ldap_host = $_POST["ldap"]["server"];
00451 $ldap_port = $_POST["ldap"]["port"];
00452 $ldap_pass = $_POST["ldap"]["passwd"];
00453
00454 $ldap_userattr = $_POST["ldap"]["login_key"];
00455 $ldap_useroc = $_POST["ldap"]["objectclass"];
00456
00457 $ldap_dn = $ldap_userattr."=".$this->ilias->account->getLogin().",";
00458
00459
00460 if ($_POST["ldap"]["search_base"])
00461 {
00462 $ldap_searchbase .= $_POST["ldap"]["search_base"].",";
00463 }
00464
00465 $ldap_searchbase .= $_POST["ldap"]["basedn"];
00466
00467 $ldap_dn .= $ldap_searchbase;
00468
00469
00470 $ldap_conn = ldap_connect($ldap_host,$ldap_port);
00471
00472 @ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $_POST["ldap"]["version"]);
00473
00474
00475 if (($ldap_bind = ldap_bind($ldap_conn)) == false)
00476 {
00477 $this->ilias->raiseError($this->lng->txt("err_ldap_connect_failed"),$this->ilias->error_obj->MESSAGE);
00478 }
00479
00480
00481 $filter = sprintf('(&(objectClass=%s)(%s=%s))', $ldap_useroc, $ldap_userattr, $ilUser->getLogin());
00482
00483
00484 $func_params = array($ldap_conn, $ldap_searchbase, $filter, array($ldap_userattr));
00485
00486
00487 if (($result_id = @call_user_func_array('ldap_search', $func_params)) == false)
00488 {
00489 $this->ilias->raiseError($this->lng->txt("err_ldap_search_failed"),$this->ilias->error_obj->MESSAGE);
00490 }
00491
00492 if (ldap_count_entries($ldap_conn, $result_id) != 1)
00493 {
00494 $this->ilias->raiseError($this->lng->txt("err_ldap_user_not_found"),$this->ilias->error_obj->MESSAGE);
00495 }
00496
00497
00498 $entry_id = ldap_first_entry($ldap_conn, $result_id);
00499 $user_dn = ldap_get_dn($ldap_conn, $entry_id);
00500
00501 ldap_free_result($result_id);
00502
00503
00504 if (@ldap_bind($ldap_conn, $user_dn, $ldap_pass) == false)
00505 {
00506 $this->ilias->raiseError($this->lng->txt("err_ldap_auth_failed"),$this->ilias->error_obj->MESSAGE);
00507 }
00508
00509
00510 @ldap_unbind($ldap_conn);
00511
00512
00513 $this->ilias->setSetting("ldap_tls", $_POST["ldap"]["tls"]);
00514 $this->ilias->setSetting("ldap_server", $_POST["ldap"]["server"]);
00515 $this->ilias->setSetting("ldap_basedn", $_POST["ldap"]["basedn"]);
00516 $this->ilias->setSetting("ldap_search_base", $_POST["ldap"]["search_base"]);
00517 $this->ilias->setSetting("ldap_port", $_POST["ldap"]["port"]);
00518 $this->ilias->setSetting("ldap_version", $_POST["ldap"]["version"]);
00519 $this->ilias->setSetting("ldap_login_key", $_POST["ldap"]["login_key"]);
00520 $this->ilias->setSetting("ldap_objectclass", $_POST["ldap"]["objectclass"]);
00521 $this->ilias->setSetting("ldap_active", $_POST["ldap"]["active"]);
00522
00523 sendInfo($this->lng->txt("auth_ldap_settings_saved"),true);
00524 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00525 }
00526
00532 function editSHIBObject()
00533 {
00534 global $rbacsystem, $rbacreview;
00535
00536 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00537 {
00538 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00539 }
00540
00541
00542 $settings = $this->ilias->getAllSettings();
00543
00544
00545 $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
00546 $selectElement = '<select name="shib[user_default_role]">';
00547
00548 if (!$settings["shib_user_default_role"])
00549 {
00550 $settings["shib_user_default_role"] = 4;
00551 }
00552
00553 foreach ($role_list as $role){
00554 $selectElement .= '<option value="'.$role['obj_id'].'"';
00555 if ($settings["shib_user_default_role"] == $role['obj_id'])
00556 $selectElement .= 'selected="selected"';
00557
00558 $selectElement .= '>'.$role['title'].'</option>';
00559 }
00560 $selectElement .= '</select>';
00561
00562
00563
00564 $shib_settings = array(
00565 'shib_login',
00566 'shib_title',
00567 'shib_firstname',
00568 'shib_lastname',
00569 'shib_email',
00570 'shib_gender',
00571 'shib_institution',
00572 'shib_department',
00573 'shib_zipcode',
00574 'shib_city',
00575 'shib_country',
00576 'shib_street',
00577 'shib_phone_office',
00578 'shib_phone_home',
00579 'shib_phone_mobile',
00580 'shib_language'
00581 );
00582
00583 $this->getTemplateFile("shib");
00584
00585 foreach ($shib_settings as $setting)
00586 {
00587 $field = ereg_replace('shib_','',$setting);
00588 $this->tpl->setVariable(strtoupper($setting), $settings[$setting]);
00589 $this->tpl->setVariable('SHIB_UPDATE_'.strtoupper($field), $settings["shib_update_".$field]);
00590
00591 if ($settings["shib_update_".$field])
00592 $this->tpl->setVariable('CHK_SHIB_UPDATE_'.strtoupper($field), 'checked="checked"');
00593 }
00594 if ($settings["shib_active"])
00595 {
00596 $this->tpl->setVariable("CHK_SHIB_ACTIVE", 'checked="checked"');
00597 }
00598
00599 $this->tpl->setVariable("SHIB_USER_DEFAULT_ROLE", $selectElement);
00600 $this->tpl->setVariable("SHIB_LOGIN_BUTTON", $settings["shib_login_button"]);
00601 $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", $settings["shib_login_instructions"]);
00602 $this->tpl->setVariable("SHIB_DATA_CONV", $settings["shib_data_conv"]);
00603
00604 $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=".$this->ref_id."&cmd=gateway");
00605 $this->tpl->setVariable("COLSPAN", 3);
00606 $this->tpl->setVariable("TXT_SHIB_INSTRUCTIONS", $this->lng->txt("shib_instructions"));
00607 $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("shib"));
00608 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00609 $this->tpl->setVariable("TXT_SHIB_UPDATE", $this->lng->txt("shib_update"));
00610 $this->tpl->setVariable("TXT_SHIB_ACTIVE", $this->lng->txt("shib_active"));
00611 $this->tpl->setVariable("TXT_SHIB_USER_DEFAULT_ROLE", $this->lng->txt("shib_user_default_role"));
00612 $this->tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->lng->txt("shib_login_button"));
00613 $this->tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $this->lng->txt("shib_login_instructions"));
00614 $this->tpl->setVariable("TXT_SHIB_DATA_CONV", $this->lng->txt("shib_data_conv"));
00615 foreach ($shib_settings as $setting)
00616 {
00617 $this->tpl->setVariable("TXT_".strtoupper($setting), $this->lng->txt($setting));
00618 }
00619
00620 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00621 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00622 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00623 $this->tpl->setVariable("CMD_SUBMIT", "saveSHIB");
00624
00625
00626 if (!$settings["shib_login_instructions"] || $settings["shib_login_instructions"] == '')
00627 {
00628 $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", "Login for Shibboleth users");
00629 }
00630
00631 if (!$settings["shib_login_button"] || $settings["shib_login_button"] == '')
00632 {
00633 $this->tpl->setVariable("SHIB_LOGIN_BUTTON", "images/shib_login_button.gif");
00634 }
00635 }
00636
00642 function saveSHIBObject()
00643 {
00644 global $ilUser;
00645
00646
00647 if (
00648 !$_POST["shib"]["login"]
00649 or !$_POST["shib"]["firstname"]
00650 or !$_POST["shib"]["lastname"]
00651 or !$_POST["shib"]["email"]
00652 or !$_POST["shib"]["user_default_role"]
00653 )
00654 {
00655 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00656 }
00657
00658
00659 if (
00660 $_POST["shib"]["data_conv"]
00661 and $_POST["shib"]["data_conv"] != ''
00662 and !is_readable($_POST["shib"]["data_conv"]) )
00663 {
00664 $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"),$this->ilias->error_obj->MESSAGE);
00665 }
00666
00667
00668 $shib_settings = array(
00669 'shib_login',
00670 'shib_title',
00671 'shib_firstname',
00672 'shib_lastname',
00673 'shib_email',
00674 'shib_gender',
00675 'shib_institution',
00676 'shib_department',
00677 'shib_zipcode',
00678 'shib_city',
00679 'shib_country',
00680 'shib_street',
00681 'shib_phone_office',
00682 'shib_phone_home',
00683 'shib_phone_mobile',
00684 'shib_language'
00685 );
00686
00687 foreach ($shib_settings as $setting)
00688 {
00689 $field = ereg_replace('shib_','',$setting);
00690 if ($_POST["shib"]["update_".$field] != "1")
00691 $_POST["shib"]["update_".$field] = "0";
00692 $this->ilias->setSetting($setting, $_POST["shib"][$field]);
00693 $this->ilias->setSetting("shib_update_".$field, $_POST["shib"]["update_".$field]);
00694 }
00695
00696 if ($_POST["shib"]["active"] != "1")
00697 {
00698 $this->ilias->setSetting("shib_active", "0");
00699 }
00700 else
00701 {
00702 $this->ilias->setSetting("shib_active", "1");
00703 }
00704
00705 $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
00706 $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
00707 $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
00708 $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
00709
00710 sendInfo($this->lng->txt("shib_settings_saved"),true);
00711 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00712 }
00713
00719 function editScriptObject()
00720 {
00721 global $rbacsystem;
00722
00723 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00724 {
00725 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00726 }
00727
00728 if ($_SESSION["error_post_vars"])
00729 {
00730 $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
00731 }
00732 else
00733 {
00734
00735 $settings = $this->ilias->getAllSettings();
00736
00737 $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
00738 }
00739
00740 $this->getTemplateFile("script");
00741
00742 $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=".$this->ref_id."&cmd=gateway");
00743 $this->tpl->setVariable("COLSPAN", 3);
00744 $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
00745 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00746 $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
00747
00748 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00749 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00750 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00751 $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
00752 }
00753
00759 function saveScriptObject()
00760 {
00761
00762 if (!$_POST["auth_script"]["name"])
00763 {
00764 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00765 }
00766
00767
00768
00769
00770
00771
00772
00773
00774
00775
00776
00777 $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
00778 $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
00779
00780 sendInfo($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
00781 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00782 }
00783
00789 function editRADIUSObject()
00790 {
00791 global $rbacsystem, $rbacreview;
00792
00793 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00794 {
00795 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00796 }
00797
00798 if ($_SESSION["error_post_vars"])
00799 {
00800 if ($_SESSION["error_post_vars"]["radius"]["active"] == "1")
00801 {
00802 $this->tpl->setVariable("CHK_RADIUS_ACTIVE", "checked=\"checked\"");
00803 }
00804
00805 $this->tpl->setVariable("RADIUS_SERVER", $_SESSION["error_post_vars"]["radius"]["server"]);
00806 $this->tpl->setVariable("RADIUS_SHARED_SECRET", $_SESSION["error_post_vars"]["radius"]["shared_secret"]);
00807 }
00808 else
00809 {
00810
00811 $settings = $this->ilias->getAllSettings();
00812
00813 if ($settings["radius_active"] == "1")
00814 {
00815 $this->tpl->setVariable("CHK_RADIUS_ACTIVE", "checked=\"checked\"");
00816 }
00817
00818 include_once('classes/class.ilRADIUSAuthentication.php');
00819 $servers =ilRADIUSAuthentication::_getServers();
00820
00821 $this->tpl->setVariable("RADIUS_SERVER", implode(",",$servers));
00822 $this->tpl->setVariable("RADIUS_SHARED_SECRET", $settings["radius_shared_secret"]);
00823
00824 if (empty($settings["radius_port"]))
00825 {
00826 $this->tpl->setVariable("RADIUS_PORT", RADIUS_DEFAULT_PORT);
00827 }
00828 else
00829 {
00830 $this->tpl->setVariable("RADIUS_PORT", $settings["radius_port"]);
00831 }
00832 }
00833
00834 $this->getTemplateFile("radius");
00835
00836 $this->tpl->setVariable("FORMACTION", "adm_object.php?ref_id=".$this->ref_id."&cmd=gateway");
00837 $this->tpl->setVariable("COLSPAN", 2);
00838 $this->tpl->setVariable("TXT_RADIUS_TITLE", $this->lng->txt("auth_radius_configure"));
00839 $this->tpl->setVariable("TXT_RADIUS_ACTIVE", $this->lng->txt("auth_radius_enable"));
00840 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00841 $this->tpl->setVariable("TXT_RADIUS_SERVER", $this->lng->txt("auth_radius_server"));
00842 $this->tpl->setVariable("TXT_RADIUS_SHARED_SECRET", $this->lng->txt("auth_radius_shared_secret"));
00843 $this->tpl->setVariable("TXT_RADIUS_PORT", $this->lng->txt("auth_radius_port"));
00844
00845 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00846 $this->tpl->setVariable("TXT_RADIUS_SERVER_DESC", $this->lng->txt("auth_radius_server_desc"));
00847 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00848 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00849 $this->tpl->setVariable("CMD_SUBMIT", "saveRADIUS");
00850 }
00851
00857 function saveRADIUSObject()
00858 {
00859 global $ilUser;
00860
00861
00862 if (!$_POST["radius"]["server"] or !$_POST["radius"]["shared_secret"] or !$_POST["radius"]["port"])
00863 {
00864 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00865 }
00866
00867
00868 if ((preg_match("/^[0-9]{0,5}$/",$_POST["radius"]["port"])) == false)
00869 {
00870 $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
00871 }
00872
00873 include_once('classes/class.ilRADIUSAuthentication.php');
00874 if (!ilRADIUSAuthentication::_validateServers($_POST["radius"]["server"]))
00875 {
00876 $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
00877 }
00878
00879
00880 ilRADIUSAuthentication::_saveServers($_POST["radius"]["server"]);
00881 $this->ilias->setSetting("radius_shared_secret", $_POST["radius"]["shared_secret"]);
00882 $this->ilias->setSetting("radius_port", $_POST["radius"]["port"]);
00883 $this->ilias->setSetting("radius_active", $_POST["radius"]["active"]);
00884
00885 sendInfo($this->lng->txt("auth_radius_settings_saved"),true);
00886 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00887 }
00888
00895 function getAuthModeTitle()
00896 {
00897 switch ($this->ilias->getSetting("auth_mode"))
00898 {
00899 case AUTH_LOCAL:
00900 return $this->lng->txt("auth_local");
00901 break;
00902
00903 case AUTH_LDAP:
00904 return $this->lng->txt("auth_ldap");
00905 break;
00906
00907 case AUTH_SHIBBOLETH:
00908 return $this->lng->txt("auth_shib");
00909 break;
00910
00911 case AUTH_RADIUS:
00912 return $this->lng->txt("auth_radius");
00913 break;
00914
00915 case AUTH_SCRIPT:
00916 return $this->lng->txt("auth_script");
00917 break;
00918
00919 default:
00920 return $this->lng->txt("unknown");
00921 break;
00922 }
00923 }
00924
00925 function updateAuthRolesObject()
00926 {
00927 global $rbacsystem;
00928
00929 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00930 {
00931 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00932 }
00933
00934 include_once('classes/class.ilObjRole.php');
00935 ilObjRole::_updateAuthMode($_POST['Fobject']);
00936
00937 sendInfo($this->lng->txt("auth_mode_roles_changed"),true);
00938 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"")));
00939 }
00940 }
00941 ?>
