00001 <?php
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00036 require_once "class.ilObjectGUI.php";
00037
00038 class ilObjAuthSettingsGUI extends ilObjectGUI
00039 {
00044 function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
00045 {
00046 $this->type = "auth";
00047 $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output);
00048
00049 define('LDAP_DEFAULT_PORT',389);
00050 define('RADIUS_DEFAULT_PORT',1812);
00051 }
00052
00058 function viewObject()
00059 {
00060 global $rbacsystem;
00061
00062 if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
00063 {
00064 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00065 }
00066
00067 $this->__initSubTabs("view");
00068
00069 $this->getTemplateFile("general");
00070
00071 $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
00072 $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
00073
00074 $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
00075 $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
00076 $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active")."?");
00077 $this->tpl->setVariable("TXT_AUTH_DESC", $this->lng->txt("description"));
00078
00079 $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
00080 $this->tpl->setVariable("TXT_LOCAL_DESC", $this->lng->txt("auth_local_desc"));
00081 $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
00082 $this->tpl->setVariable("TXT_LDAP_DESC", $this->lng->txt("auth_ldap_desc"));
00083 $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
00084 $this->tpl->setVariable("TXT_SHIB_DESC", $this->lng->txt("auth_shib_desc"));
00085
00086 $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
00087 $this->tpl->setVariable("TXT_RADIUS_DESC", $this->lng->txt("auth_radius_desc"));
00088 $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
00089 $this->tpl->setVariable("TXT_SCRIPT_DESC", $this->lng->txt("auth_script_desc"));
00090
00091 $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
00092 $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
00093 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00094 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00095 $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
00096
00097
00098 $checked = "checked=\"checked\"";
00099 $disabled = "disabled=\"disabled\"";
00100 $style_disabled = "_disabled";
00101
00102
00103 $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.gif")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
00104 $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.gif")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
00105
00106 $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
00107 $this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
00108 $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
00109 $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
00110 $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
00111
00112
00113 switch ($this->ilias->getSetting('auth_mode'))
00114 {
00115 case AUTH_LOCAL:
00116 $this->tpl->setVariable("CHK_LOCAL", $checked);
00117
00118
00119
00120
00121
00122
00123
00124
00125 break;
00126
00127 case AUTH_LDAP:
00128 $this->tpl->setVariable("CHK_LDAP", $checked);
00129
00130
00131
00132
00133
00134
00135 break;
00136
00137 case AUTH_SHIBBOLETH:
00138
00139
00140
00141 $this->tpl->setVariable("CHK_SHIB", $checked);
00142
00143
00144
00145
00146 break;
00147
00148 case AUTH_RADIUS:
00149
00150
00151 $this->tpl->setVariable("CHK_RADIUS", $checked);
00152
00153
00154
00155
00156 break;
00157
00158 case AUTH_SCRIPT:
00159
00160
00161 $this->tpl->setVariable("CHK_SCRIPT", $checked);
00162
00163
00164
00165
00166 break;
00167 }
00168
00169
00170
00171 $this->tpl->setVariable("FORMACTION_ROLES",
00172 $this->ctrl->getFormAction($this));
00173 $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
00174 $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
00175 $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
00176 $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
00177
00178 include_once("classes/class.ilObjRole.php");
00179 $reg_roles = ilObjRole::_lookupRegisterAllowed();
00180
00181
00182 include_once('classes/class.ilAuthUtils.php');
00183 $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
00184
00185 foreach ($reg_roles as $role)
00186 {
00187 foreach ($active_auth_modes as $auth_name => $auth_key)
00188 {
00189 $this->tpl->setCurrentBlock("auth_mode_selection");
00190
00191 if ($auth_name == 'default')
00192 {
00193 $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
00194 }
00195 else
00196 {
00197 $name = $this->lng->txt('auth_'.$auth_name);
00198 }
00199
00200 $this->tpl->setVariable("AUTH_MODE_NAME", $name);
00201
00202 $this->tpl->setVariable("AUTH_MODE", $auth_name);
00203
00204 if ($role['auth_mode'] == $auth_name)
00205 {
00206 $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
00207 }
00208
00209 $this->tpl->parseCurrentBlock();
00210 }
00211
00212 $this->tpl->setCurrentBlock("roles");
00213 $this->tpl->setVariable("ROLE", $role['title']);
00214 $this->tpl->setVariable("ROLE_ID", $role['id']);
00215 $this->tpl->parseCurrentBlock();
00216 }
00217 }
00218
00219 function cancelObject()
00220 {
00221 sendInfo($this->lng->txt("msg_cancel"),true);
00222 $this->ctrl->redirect($this, "view");
00223 }
00224
00225 function getAdminTabs(&$tabs_gui)
00226 {
00227 $this->getTabs($tabs_gui);
00228 }
00229
00235 function getTabs(&$tabs_gui)
00236 {
00237 global $rbacsystem;
00238
00239 $this->ctrl->setParameter($this,"ref_id",$this->object->getRefId());
00240
00241 if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
00242 {
00243 $tabs_gui->addTarget("settings",
00244 $this->ctrl->getLinkTarget($this, "view"), array("view","editRADIUS","editLDAP","editSHIB",""), "", "");
00245 }
00246
00247 if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
00248 {
00249 $tabs_gui->addTarget("perm_settings",
00250 $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"), array("perm","info","owner"), 'ilpermissiongui');
00251 }
00252 }
00253
00254 function setAuthModeObject()
00255 {
00256 global $rbacsystem;
00257
00258 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00259 {
00260 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00261 }
00262
00263 if (empty($_POST["auth_mode"]))
00264 {
00265 $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
00266 }
00267
00268 if ($_POST["auth_mode"] == AUTH_DEFAULT)
00269 {
00270 sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
00271 $this->ctrl->redirect($this,'view');
00272 }
00273
00274 switch ($_POST["auth_mode"])
00275 {
00276 case AUTH_LDAP:
00277 if ($this->object->checkAuthLDAP() !== true)
00278 {
00279 sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
00280 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editLDAP")));
00281 }
00282 break;
00283
00284 case AUTH_SHIB:
00285 if ($this->object->checkAuthSHIB() !== true)
00286 {
00287 sendInfo($this->lng->txt("auth_shib_not_configured"),true);
00288 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editSHIB")));
00289 }
00290 break;
00291
00292 case AUTH_RADIUS:
00293 if ($this->object->checkAuthRADIUS() !== true)
00294 {
00295 sendInfo($this->lng->txt("auth_radius_not_configured"),true);
00296 $this->ctrl->redirect($this,'editRADIUS');
00297 }
00298 break;
00299
00300 case AUTH_SCRIPT:
00301 if ($this->object->checkAuthScript() !== true)
00302 {
00303 sendInfo($this->lng->txt("auth_script_not_configured"),true);
00304 ilUtil::redirect($this->getReturnLocation("view",$this->ctrl->getLinkTarget($this,"editScript")));
00305 }
00306 break;
00307 }
00308
00309 $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
00310
00311 sendInfo($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
00312 $this->ctrl->redirect($this,'view');
00313 }
00314
00320 function editLDAPObject()
00321 {
00322 global $rbacsystem;
00323
00324 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00325 {
00326 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00327 }
00328
00329 $this->__initSubTabs("editLDAP");
00330
00331 if ($_SESSION["error_post_vars"])
00332 {
00333 if ($_SESSION["error_post_vars"]["ldap"]["active"] == "1")
00334 {
00335 $this->tpl->setVariable("CHK_LDAP_ACTIVE", "checked=\"checked\"");
00336 }
00337
00338 if ($_SESSION["error_post_vars"]["ldap"]["tls"] == "1")
00339 {
00340 $this->tpl->setVariable("LDAP_TLS_CHK", "checked=\"checked\"");
00341 }
00342
00343 if ($_SESSION["error_post_vars"]["ldap"]["version"] == "3")
00344 {
00345 $this->tpl->setVariable("LDAP_VERSION3_CHK", "checked=\"checked\"");
00346 }
00347 else
00348 {
00349 $this->tpl->setVariable("LDAP_VERSION2_CHK", "checked=\"checked\"");
00350 }
00351
00352 $this->tpl->setVariable("LDAP_SERVER", $_SESSION["error_post_vars"]["ldap"]["server"]);
00353 $this->tpl->setVariable("LDAP_BASEDN", $_SESSION["error_post_vars"]["ldap"]["basedn"]);
00354 $this->tpl->setVariable("LDAP_SEARCH_BASE", $_SESSION["error_post_vars"]["ldap"]["search_base"]);
00355 $this->tpl->setVariable("LDAP_PORT", $_SESSION["error_post_vars"]["ldap"]["port"]);
00356 $this->tpl->setVariable("LDAP_LOGIN_KEY", $_SESSION["error_post_vars"]["ldap"]["login_key"]);
00357 $this->tpl->setVariable("LDAP_OBJECTCLASS", $_SESSION["error_post_vars"]["ldap"]["objectclass"]);
00358 }
00359 else
00360 {
00361
00362 $settings = $this->ilias->getAllSettings();
00363
00364 if ($settings["ldap_active"] == "1")
00365 {
00366 $this->tpl->setVariable("CHK_LDAP_ACTIVE", "checked=\"checked\"");
00367 }
00368
00369 if ($settings["ldap_tls"] == "1")
00370 {
00371 $this->tpl->setVariable("LDAP_TLS_CHK", "checked=\"checked\"");
00372 }
00373
00374 $this->tpl->setVariable("LDAP_SERVER", $settings["ldap_server"]);
00375 $this->tpl->setVariable("LDAP_BASEDN", $settings["ldap_basedn"]);
00376 $this->tpl->setVariable("LDAP_SEARCH_BASE", $settings["ldap_search_base"]);
00377
00378 if (empty($settings["ldap_port"]))
00379 {
00380 $this->tpl->setVariable("LDAP_PORT", LDAP_DEFAULT_PORT);
00381 }
00382 else
00383 {
00384 $this->tpl->setVariable("LDAP_PORT", $settings["ldap_port"]);
00385 }
00386
00387 if (empty($settings["ldap_login_key"]))
00388 {
00389 $this->tpl->setVariable("LDAP_LOGIN_KEY", "uid");
00390 }
00391 else
00392 {
00393 $this->tpl->setVariable("LDAP_LOGIN_KEY", $settings["ldap_login_key"]);
00394 }
00395
00396 if (empty($settings["ldap_objectclass"]))
00397 {
00398 $this->tpl->setVariable("LDAP_OBJECTCLASS", "posixAccount");
00399 }
00400 else
00401 {
00402 $this->tpl->setVariable("LDAP_OBJECTCLASS", $settings["ldap_objectclass"]);
00403 }
00404
00405 if (empty($settings["ldap_version"]) or $settings["ldap_version"] == "2")
00406 {
00407 $this->tpl->setVariable("LDAP_VERSION2_CHK", "checked=\"checked\"");
00408 }
00409 else
00410 {
00411 $this->tpl->setVariable("LDAP_VERSION3_CHK", "checked=\"checked\"");
00412 }
00413 }
00414
00415 $this->getTemplateFile("ldap");
00416
00417 $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
00418 $this->tpl->setVariable("COLSPAN", 3);
00419 $this->tpl->setVariable("TXT_LDAP_TITLE", $this->lng->txt("ldap_configure"));
00420 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00421 $this->tpl->setVariable("TXT_LDAP_ACTIVE", $this->lng->txt("auth_ldap_enable"));
00422 $this->tpl->setVariable("TXT_LDAP_TLS", $this->lng->txt("ldap_tls"));
00423 $this->tpl->setVariable("TXT_LDAP_SERVER", $this->lng->txt("ldap_server"));
00424 $this->tpl->setVariable("TXT_LDAP_BASEDN", $this->lng->txt("ldap_basedn"));
00425 $this->tpl->setVariable("TXT_LDAP_SEARCH_BASE", $this->lng->txt("ldap_search_base"));
00426 $this->tpl->setVariable("TXT_LDAP_PORT", $this->lng->txt("ldap_port"));
00427 $this->tpl->setVariable("TXT_LDAP_TLS", $this->lng->txt("ldap_tls"));
00428
00429 $this->tpl->setVariable("TXT_LDAP_VERSION", $this->lng->txt("ldap_version"));
00430 $this->tpl->setVariable("TXT_LDAP_VERSION2", $this->lng->txt("ldap_v2"));
00431 $this->tpl->setVariable("TXT_LDAP_VERSION3", $this->lng->txt("ldap_v3"));
00432
00433 $this->tpl->setVariable("TXT_LDAP_LOGIN_KEY", $this->lng->txt("ldap_login_key"));
00434 $this->tpl->setVariable("TXT_LDAP_OBJECTCLASS", $this->lng->txt("ldap_objectclass"));
00435
00436 $this->tpl->setVariable("TXT_LDAP_PASSWD", $this->lng->txt("ldap_passwd"));
00437
00438 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00439 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00440 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00441 $this->tpl->setVariable("CMD_SUBMIT", "saveLDAP");
00442 }
00443
00444
00450 function saveLDAPObject()
00451 {
00452 global $ilUser;
00453
00454
00455 if (!$_POST["ldap"]["server"] or !$_POST["ldap"]["basedn"] or !$_POST["ldap"]["port"] or !$_POST["ldap"]["login_key"] or !$_POST["ldap"]["objectclass"])
00456 {
00457 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00458 }
00459
00460
00461 if (!$_POST["ldap"]["passwd"])
00462 {
00463 $this->ilias->raiseError($this->lng->txt("err_enter_current_passwd"),$this->ilias->error_obj->MESSAGE);
00464 }
00465
00466
00467 if ((preg_match("/^[0-9]{0,5}$/",$_POST["ldap"]["port"])) == false)
00468 {
00469 $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
00470 }
00471
00472
00473 if ($_POST["ldap"]["tls"] != "1")
00474 {
00475 $_POST["ldap"]["tls"] = "0";
00476 }
00477
00478
00479
00480
00481 $ldap_host = $_POST["ldap"]["server"];
00482 $ldap_port = $_POST["ldap"]["port"];
00483 $ldap_pass = $_POST["ldap"]["passwd"];
00484
00485 $ldap_userattr = $_POST["ldap"]["login_key"];
00486 $ldap_useroc = $_POST["ldap"]["objectclass"];
00487
00488 $ldap_dn = $ldap_userattr."=".$this->ilias->account->getLogin().",";
00489
00490
00491 if ($_POST["ldap"]["search_base"])
00492 {
00493 $ldap_searchbase .= $_POST["ldap"]["search_base"].",";
00494 }
00495
00496 $ldap_searchbase .= $_POST["ldap"]["basedn"];
00497
00498 $ldap_dn .= $ldap_searchbase;
00499
00500
00501 $ldap_conn = ldap_connect($ldap_host,$ldap_port);
00502
00503 @ldap_set_option($ldap_conn, LDAP_OPT_PROTOCOL_VERSION, $_POST["ldap"]["version"]);
00504
00505
00506 if (($ldap_bind = ldap_bind($ldap_conn)) == false)
00507 {
00508 $this->ilias->raiseError($this->lng->txt("err_ldap_connect_failed"),$this->ilias->error_obj->MESSAGE);
00509 }
00510
00511
00512 $filter = sprintf('(&(objectClass=%s)(%s=%s))', $ldap_useroc, $ldap_userattr, $ilUser->getLogin());
00513
00514
00515 $func_params = array($ldap_conn, $ldap_searchbase, $filter, array($ldap_userattr));
00516
00517
00518 if (($result_id = @call_user_func_array('ldap_search', $func_params)) == false)
00519 {
00520 $this->ilias->raiseError($this->lng->txt("err_ldap_search_failed"),$this->ilias->error_obj->MESSAGE);
00521 }
00522
00523 if (ldap_count_entries($ldap_conn, $result_id) != 1)
00524 {
00525 $this->ilias->raiseError($this->lng->txt("err_ldap_user_not_found"),$this->ilias->error_obj->MESSAGE);
00526 }
00527
00528
00529 $entry_id = ldap_first_entry($ldap_conn, $result_id);
00530 $user_dn = ldap_get_dn($ldap_conn, $entry_id);
00531
00532 ldap_free_result($result_id);
00533
00534
00535 if (@ldap_bind($ldap_conn, $user_dn, $ldap_pass) == false)
00536 {
00537 $this->ilias->raiseError($this->lng->txt("err_ldap_auth_failed"),$this->ilias->error_obj->MESSAGE);
00538 }
00539
00540
00541 @ldap_unbind($ldap_conn);
00542
00543
00544 $this->ilias->setSetting("ldap_tls", $_POST["ldap"]["tls"]);
00545 $this->ilias->setSetting("ldap_server", $_POST["ldap"]["server"]);
00546 $this->ilias->setSetting("ldap_basedn", $_POST["ldap"]["basedn"]);
00547 $this->ilias->setSetting("ldap_search_base", $_POST["ldap"]["search_base"]);
00548 $this->ilias->setSetting("ldap_port", $_POST["ldap"]["port"]);
00549 $this->ilias->setSetting("ldap_version", $_POST["ldap"]["version"]);
00550 $this->ilias->setSetting("ldap_login_key", $_POST["ldap"]["login_key"]);
00551 $this->ilias->setSetting("ldap_objectclass", $_POST["ldap"]["objectclass"]);
00552 $this->ilias->setSetting("ldap_active", $_POST["ldap"]["active"]);
00553
00554 sendInfo($this->lng->txt("auth_ldap_settings_saved"),true);
00555 $this->ctrl->redirect($this,'editLDAP');;
00556 }
00557
00563 function editSHIBObject()
00564 {
00565 global $rbacsystem, $rbacreview;
00566
00567 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00568 {
00569 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00570 }
00571
00572 $this->__initSubTabs("editSHIB");
00573
00574
00575 $settings = $this->ilias->getAllSettings();
00576
00577
00578 $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
00579 $selectElement = '<select name="shib[user_default_role]">';
00580
00581 if (!$settings["shib_user_default_role"])
00582 {
00583 $settings["shib_user_default_role"] = 4;
00584 }
00585
00586 foreach ($role_list as $role){
00587 $selectElement .= '<option value="'.$role['obj_id'].'"';
00588 if ($settings["shib_user_default_role"] == $role['obj_id'])
00589 $selectElement .= 'selected="selected"';
00590
00591 $selectElement .= '>'.$role['title'].'</option>';
00592 }
00593 $selectElement .= '</select>';
00594
00595
00596
00597 $shib_settings = array(
00598 'shib_login',
00599 'shib_title',
00600 'shib_firstname',
00601 'shib_lastname',
00602 'shib_email',
00603 'shib_gender',
00604 'shib_institution',
00605 'shib_department',
00606 'shib_zipcode',
00607 'shib_city',
00608 'shib_country',
00609 'shib_street',
00610 'shib_phone_office',
00611 'shib_phone_home',
00612 'shib_phone_mobile',
00613 'shib_language'
00614 );
00615
00616 $this->getTemplateFile("shib");
00617
00618 foreach ($shib_settings as $setting)
00619 {
00620 $field = ereg_replace('shib_','',$setting);
00621 $this->tpl->setVariable(strtoupper($setting), $settings[$setting]);
00622 $this->tpl->setVariable('SHIB_UPDATE_'.strtoupper($field), $settings["shib_update_".$field]);
00623
00624 if ($settings["shib_update_".$field])
00625 $this->tpl->setVariable('CHK_SHIB_UPDATE_'.strtoupper($field), 'checked="checked"');
00626 }
00627 if ($settings["shib_active"])
00628 {
00629 $this->tpl->setVariable("CHK_SHIB_ACTIVE", 'checked="checked"');
00630 }
00631
00632 $this->tpl->setVariable("SHIB_USER_DEFAULT_ROLE", $selectElement);
00633 $this->tpl->setVariable("SHIB_LOGIN_BUTTON", $settings["shib_login_button"]);
00634 $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", $settings["shib_login_instructions"]);
00635 $this->tpl->setVariable("SHIB_DATA_CONV", $settings["shib_data_conv"]);
00636
00637 $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
00638 $this->tpl->setVariable("COLSPAN", 3);
00639 $this->tpl->setVariable("TXT_SHIB_INSTRUCTIONS", $this->lng->txt("shib_instructions"));
00640 $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("shib"));
00641 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00642 $this->tpl->setVariable("TXT_SHIB_UPDATE", $this->lng->txt("shib_update"));
00643 $this->tpl->setVariable("TXT_SHIB_ACTIVE", $this->lng->txt("shib_active"));
00644 $this->tpl->setVariable("TXT_SHIB_USER_DEFAULT_ROLE", $this->lng->txt("shib_user_default_role"));
00645 $this->tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->lng->txt("shib_login_button"));
00646 $this->tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $this->lng->txt("shib_login_instructions"));
00647 $this->tpl->setVariable("TXT_SHIB_DATA_CONV", $this->lng->txt("shib_data_conv"));
00648 foreach ($shib_settings as $setting)
00649 {
00650 $this->tpl->setVariable("TXT_".strtoupper($setting), $this->lng->txt($setting));
00651 }
00652
00653 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00654 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00655 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00656 $this->tpl->setVariable("CMD_SUBMIT", "saveSHIB");
00657
00658
00659 if (!$settings["shib_login_instructions"] || $settings["shib_login_instructions"] == '')
00660 {
00661 $this->tpl->setVariable("SHIB_LOGIN_INSTRUCTIONS", "Login for Shibboleth users");
00662 }
00663
00664 if (!$settings["shib_login_button"] || $settings["shib_login_button"] == '')
00665 {
00666 $this->tpl->setVariable("SHIB_LOGIN_BUTTON", "images/shib_login_button.gif");
00667 }
00668 }
00669
00675 function saveSHIBObject()
00676 {
00677 global $ilUser;
00678
00679
00680 if (
00681 !$_POST["shib"]["login"]
00682 or !$_POST["shib"]["firstname"]
00683 or !$_POST["shib"]["lastname"]
00684 or !$_POST["shib"]["email"]
00685 or !$_POST["shib"]["user_default_role"]
00686 )
00687 {
00688 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00689 }
00690
00691
00692 if (
00693 $_POST["shib"]["data_conv"]
00694 and $_POST["shib"]["data_conv"] != ''
00695 and !is_readable($_POST["shib"]["data_conv"]) )
00696 {
00697 $this->ilias->raiseError($this->lng->txt("shib_data_conv_warning"),$this->ilias->error_obj->MESSAGE);
00698 }
00699
00700
00701 $shib_settings = array(
00702 'shib_login',
00703 'shib_title',
00704 'shib_firstname',
00705 'shib_lastname',
00706 'shib_email',
00707 'shib_gender',
00708 'shib_institution',
00709 'shib_department',
00710 'shib_zipcode',
00711 'shib_city',
00712 'shib_country',
00713 'shib_street',
00714 'shib_phone_office',
00715 'shib_phone_home',
00716 'shib_phone_mobile',
00717 'shib_language'
00718 );
00719
00720 foreach ($shib_settings as $setting)
00721 {
00722 $field = ereg_replace('shib_','',$setting);
00723 if ($_POST["shib"]["update_".$field] != "1")
00724 $_POST["shib"]["update_".$field] = "0";
00725 $this->ilias->setSetting($setting, $_POST["shib"][$field]);
00726 $this->ilias->setSetting("shib_update_".$field, $_POST["shib"]["update_".$field]);
00727 }
00728
00729 if ($_POST["shib"]["active"] != "1")
00730 {
00731 $this->ilias->setSetting("shib_active", "0");
00732 }
00733 else
00734 {
00735 $this->ilias->setSetting("shib_active", "1");
00736 }
00737
00738 $this->ilias->setSetting("shib_user_default_role", $_POST["shib"]["user_default_role"]);
00739 $this->ilias->setSetting("shib_login_instructions", $_POST["shib"]["login_instructions"]);
00740 $this->ilias->setSetting("shib_login_button", $_POST["shib"]["login_button"]);
00741 $this->ilias->setSetting("shib_data_conv", $_POST["shib"]["data_conv"]);
00742
00743 sendInfo($this->lng->txt("shib_settings_saved"),true);
00744
00745 $this->ctrl->redirect($this,'editSHIB');
00746 }
00747
00753 function editScriptObject()
00754 {
00755 global $rbacsystem;
00756
00757 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00758 {
00759 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00760 }
00761
00762 if ($_SESSION["error_post_vars"])
00763 {
00764 $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
00765 }
00766 else
00767 {
00768
00769 $settings = $this->ilias->getAllSettings();
00770
00771 $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
00772 }
00773
00774 $this->getTemplateFile("script");
00775
00776 $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
00777 $this->tpl->setVariable("COLSPAN", 3);
00778 $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
00779 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00780 $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
00781
00782 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00783 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00784 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00785 $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
00786 }
00787
00793 function saveScriptObject()
00794 {
00795
00796 if (!$_POST["auth_script"]["name"])
00797 {
00798 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00799 }
00800
00801
00802
00803
00804
00805
00806
00807
00808
00809
00810
00811 $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
00812 $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
00813
00814 sendInfo($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
00815 $this->ctrl->redirect($this,'editScript');
00816 }
00817
00823 function editRADIUSObject()
00824 {
00825 global $rbacsystem, $rbacreview;
00826
00827 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00828 {
00829 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00830 }
00831
00832 $this->__initSubTabs("editRADIUS");
00833
00834 if ($_SESSION["error_post_vars"])
00835 {
00836 if ($_SESSION["error_post_vars"]["radius"]["active"] == "1")
00837 {
00838 $this->tpl->setVariable("CHK_RADIUS_ACTIVE", "checked=\"checked\"");
00839 }
00840
00841 $this->tpl->setVariable("RADIUS_SERVER", $_SESSION["error_post_vars"]["radius"]["server"]);
00842 $this->tpl->setVariable("RADIUS_SHARED_SECRET", $_SESSION["error_post_vars"]["radius"]["shared_secret"]);
00843 }
00844 else
00845 {
00846
00847 $settings = $this->ilias->getAllSettings();
00848
00849 if ($settings["radius_active"] == "1")
00850 {
00851 $this->tpl->setVariable("CHK_RADIUS_ACTIVE", "checked=\"checked\"");
00852 }
00853
00854 include_once('classes/class.ilRADIUSAuthentication.php');
00855 $servers =ilRADIUSAuthentication::_getServers();
00856
00857 $this->tpl->setVariable("RADIUS_SERVER", implode(",",$servers));
00858 $this->tpl->setVariable("RADIUS_SHARED_SECRET", $settings["radius_shared_secret"]);
00859
00860 if (empty($settings["radius_port"]))
00861 {
00862 $this->tpl->setVariable("RADIUS_PORT", RADIUS_DEFAULT_PORT);
00863 }
00864 else
00865 {
00866 $this->tpl->setVariable("RADIUS_PORT", $settings["radius_port"]);
00867 }
00868 }
00869
00870 $this->getTemplateFile("radius");
00871
00872 $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
00873 $this->tpl->setVariable("COLSPAN", 2);
00874 $this->tpl->setVariable("TXT_RADIUS_TITLE", $this->lng->txt("auth_radius_configure"));
00875 $this->tpl->setVariable("TXT_RADIUS_ACTIVE", $this->lng->txt("auth_radius_enable"));
00876 $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
00877 $this->tpl->setVariable("TXT_RADIUS_SERVER", $this->lng->txt("auth_radius_server"));
00878 $this->tpl->setVariable("TXT_RADIUS_SHARED_SECRET", $this->lng->txt("auth_radius_shared_secret"));
00879 $this->tpl->setVariable("TXT_RADIUS_PORT", $this->lng->txt("auth_radius_port"));
00880
00881 $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
00882 $this->tpl->setVariable("TXT_RADIUS_SERVER_DESC", $this->lng->txt("auth_radius_server_desc"));
00883 $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
00884 $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
00885 $this->tpl->setVariable("CMD_SUBMIT", "saveRADIUS");
00886 }
00887
00893 function saveRADIUSObject()
00894 {
00895 global $ilUser;
00896
00897
00898 if (!$_POST["radius"]["server"] or !$_POST["radius"]["shared_secret"] or !$_POST["radius"]["port"])
00899 {
00900 $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
00901 }
00902
00903
00904 if ((preg_match("/^[0-9]{0,5}$/",$_POST["radius"]["port"])) == false)
00905 {
00906 $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
00907 }
00908
00909 include_once('classes/class.ilRADIUSAuthentication.php');
00910 if (!ilRADIUSAuthentication::_validateServers($_POST["radius"]["server"]))
00911 {
00912 $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
00913 }
00914
00915
00916 ilRADIUSAuthentication::_saveServers($_POST["radius"]["server"]);
00917 $this->ilias->setSetting("radius_shared_secret", $_POST["radius"]["shared_secret"]);
00918 $this->ilias->setSetting("radius_port", $_POST["radius"]["port"]);
00919 $this->ilias->setSetting("radius_active", $_POST["radius"]["active"]);
00920
00921 sendInfo($this->lng->txt("auth_radius_settings_saved"),true);
00922 $this->ctrl->redirect($this,'editRADIUS');
00923 }
00924
00931 function getAuthModeTitle()
00932 {
00933 switch ($this->ilias->getSetting("auth_mode"))
00934 {
00935 case AUTH_LOCAL:
00936 return $this->lng->txt("auth_local");
00937 break;
00938
00939 case AUTH_LDAP:
00940 return $this->lng->txt("auth_ldap");
00941 break;
00942
00943 case AUTH_SHIBBOLETH:
00944 return $this->lng->txt("auth_shib");
00945 break;
00946
00947 case AUTH_RADIUS:
00948 return $this->lng->txt("auth_radius");
00949 break;
00950
00951 case AUTH_SCRIPT:
00952 return $this->lng->txt("auth_script");
00953 break;
00954
00955 default:
00956 return $this->lng->txt("unknown");
00957 break;
00958 }
00959 }
00960
00961 function updateAuthRolesObject()
00962 {
00963 global $rbacsystem;
00964
00965 if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
00966 {
00967 $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
00968 }
00969
00970 include_once('classes/class.ilObjRole.php');
00971 ilObjRole::_updateAuthMode($_POST['Fobject']);
00972
00973 sendInfo($this->lng->txt("auth_mode_roles_changed"),true);
00974 $this->ctrl->redirect($this,'view');
00975 }
00976
00977 function &executeCommand()
00978 {
00979 $next_class = $this->ctrl->getNextClass($this);
00980 $cmd = $this->ctrl->getCmd();
00981 $this->prepareOutput();
00982
00983 switch($next_class)
00984 {
00985 case 'ilpermissiongui':
00986 include_once("./classes/class.ilPermissionGUI.php");
00987 $perm_gui =& new ilPermissionGUI($this);
00988 $ret =& $this->ctrl->forwardCommand($perm_gui);
00989 break;
00990
00991 default:
00992 if(!$cmd)
00993 {
00994 $cmd = "view";
00995 }
00996 $cmd .= "Object";
00997 $this->$cmd();
00998
00999 break;
01000 }
01001 return true;
01002 }
01003
01004
01005 function __initSubTabs($a_cmd)
01006 {
01007 $shib = ($a_cmd == 'editSHIB') ? true : false;
01008 $ldap = ($a_cmd == 'editLDAP') ? true : false;
01009 $radius = ($a_cmd == 'editRADIUS') ? true : false;
01010 $overview = ($a_cmd == 'view' or $a_cmd == '') ? true : false;
01011
01012 include_once('classes/class.ilTabsGUI.php');
01013
01014 $this->tabs_gui->addSubTabTarget("overview", $this->ctrl->getLinkTarget($this, "view"),
01015 "", "", "", $overview);
01016 $this->tabs_gui->addSubTabTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
01017 "", "", "", $ldap);
01018 $this->tabs_gui->addSubTabTarget("auth_shib", $this->ctrl->getLinkTarget($this, "editSHIB"),
01019 "", "", "", $shib);
01020 $this->tabs_gui->addSubTabTarget("auth_radius", $this->ctrl->getLinkTarget($this, "editRADIUS"),
01021 "", "", "", $radius);
01022 }
01023 }
01024 ?>
