static utility functions used to manage authentication modes More...
Public Member Functions | |
| _initAuth () | |
| initialises $ilAuth | |
| _getAuthModeOfUser ($a_username, $a_password, $a_db_handler= '') | |
| _getAuthMode ($a_auth_mode, $a_db_handler= '') | |
| _getAuthModeName ($a_auth_key) | |
| _getActiveAuthModes () | |
| _getAllAuthModes () | |
| _generateLogin ($a_login) | |
| generate free login by starting with a default string and adding postfix numbers | |
Static Public Member Functions | |
| static | _hasMultipleAuthenticationMethods () |
| static | _getMultipleAuthModeOptions ($lng) |
| static | _isExternalAccountEnabled () |
| Check if an external account name is required. | |
| static | _allowPasswordModificationByAuthMode ($a_auth_mode) |
| Allow password modification. | |
| static | _needsExternalAccountByAuthMode ($a_auth_mode) |
| Check if chosen auth mode needs an external account entry. | |
Detailed Description
static utility functions used to manage authentication modes
- Version:
- Id:
- class.ilAuthUtils.php 17335 2008-09-04 10:08:43Z smeyer
Definition at line 58 of file class.ilAuthUtils.php.
Member Function Documentation
| static ilAuthUtils::_allowPasswordModificationByAuthMode | ( | $ | a_auth_mode | ) | [static] |
Allow password modification.
public
- Parameters:
-
int auth_mode
Definition at line 576 of file class.ilAuthUtils.php.
Referenced by ilObjUserGUI::editObject(), ilObjUserGUI::saveObject(), and ilObjUserGUI::updateObject().
{
switch($a_auth_mode)
{
case AUTH_LDAP:
case AUTH_RADIUS:
return false;
default:
return true;
}
}
Here is the caller graph for this function:
| ilAuthUtils::_generateLogin | ( | $ | a_login | ) |
generate free login by starting with a default string and adding postfix numbers
Definition at line 450 of file class.ilAuthUtils.php.
Referenced by ilRadiusAttributeToUser::create(), ilSOAPAuth::login(), ilCASAuth::login(), and ilLDAPAttributeToUser::usersToXML().
{
global $ilDB;
// Check if username already exists
$found = false;
$postfix = 0;
$c_login = $a_login;
while(!$found)
{
$r = $ilDB->query("SELECT login FROM usr_data WHERE login = ".
$ilDB->quote($c_login));
if ($r->numRows() > 0)
{
$postfix++;
$c_login = $a_login.$postfix;
}
else
{
$found = true;
}
}
return $c_login;
}
Here is the caller graph for this function:
| ilAuthUtils::_getActiveAuthModes | ( | ) |
Definition at line 414 of file class.ilAuthUtils.php.
References $ilias, $ilSetting, and ilLDAPServer::_getActiveServerList().
Referenced by ilObjAuthSettingsGUI::authSettingsObject(), ilObjUserGUI::createObject(), ilObjUserGUI::editObject(), and ilSoapAdministration::getNIC().
{
global $ilias,$ilSetting;
$modes = array(
'default' => $ilSetting->get("auth_mode"),
'local' => AUTH_LOCAL
);
include_once('Services/LDAP/classes/class.ilLDAPServer.php');
if(count(ilLDAPServer::_getActiveServerList()))
{
$modes['ldap'] = AUTH_LDAP;
}
if ($ilSetting->get("radius_active")) $modes['radius'] = AUTH_RADIUS;
if ($ilSetting->get("shib_active")) $modes['shibboleth'] = AUTH_SHIBBOLETH;
if ($ilSetting->get("script_active")) $modes['script'] = AUTH_SCRIPT;
if ($ilSetting->get("cas_active")) $modes['cas'] = AUTH_CAS;
if ($ilSetting->get("soap_auth_active")) $modes['soap'] = AUTH_SOAP;
return $modes;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAuthUtils::_getAllAuthModes | ( | ) |
Definition at line 435 of file class.ilAuthUtils.php.
References _getAuthModeName().
Referenced by ilObjAuthSettingsGUI::authSettingsObject().
{
return array(
AUTH_LOCAL => ilAuthUtils::_getAuthModeName(AUTH_LOCAL),
AUTH_LDAP => ilAuthUtils::_getAuthModeName(AUTH_LDAP),
AUTH_SHIBBOLETH => ilAuthUtils::_getAuthModeName(AUTH_SHIBBOLETH),
AUTH_CAS => ilAuthUtils::_getAuthModeName(AUTH_CAS),
AUTH_SOAP => ilAuthUtils::_getAuthModeName(AUTH_SOAP),
AUTH_RADIUS => ilAuthUtils::_getAuthModeName(AUTH_RADIUS));
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAuthUtils::_getAuthMode | ( | $ | a_auth_mode, | |
| $ | a_db_handler = '' | |||
| ) |
Definition at line 322 of file class.ilAuthUtils.php.
Referenced by ilSoapUserAdministration::__validateUserData(), _getAuthModeOfUser(), ilObjUserGUI::editObject(), ilObjUser::getAuthMode(), ilObjUserGUI::saveObject(), and ilObjUserGUI::updateObject().
{
global $ilDB;
$db =& $ilDB;
if ($a_db_handler != '')
{
$db =& $a_db_handler;
}
switch ($a_auth_mode)
{
case "local":
return AUTH_LOCAL;
break;
case "ldap":
return AUTH_LDAP;
break;
case "radius":
return AUTH_RADIUS;
break;
case "script":
return AUTH_SCRIPT;
break;
case "shibboleth":
return AUTH_SHIBBOLETH;
break;
case "cas":
return AUTH_CAS;
break;
case "soap":
return AUTH_SOAP;
break;
default:
$q = "SELECT value FROM settings WHERE ".
"keyword='auth_mode'";
$r = $db->query($q);
$row = $r->fetchRow();
return $row[0];
break;
}
}
Here is the caller graph for this function:
| ilAuthUtils::_getAuthModeName | ( | $ | a_auth_key | ) |
Definition at line 374 of file class.ilAuthUtils.php.
References $ilias.
Referenced by ilObjUser::_checkExternalAuthAccount(), _getAllAuthModes(), ilObjUser::_getExternalAccountsByAuthMode(), ilObjAuthSettingsGUI::authSettingsObject(), ilObjUserGUI::createObject(), ilObjUserGUI::editObject(), ilSoapAdministration::getNIC(), ilUserImportParser::importEndTag(), and ilUserImportParser::verifyEndTag().
{
global $ilias;
switch ($a_auth_key)
{
case AUTH_LOCAL:
return "local";
break;
case AUTH_LDAP:
return "ldap";
break;
case AUTH_RADIUS:
return "radius";
break;
case AUTH_CAS:
return "cas";
break;
case AUTH_SCRIPT:
return "script";
break;
case AUTH_SHIBBOLETH:
return "shibboleth";
break;
case AUTH_SOAP:
return "soap";
break;
default:
return "default";
break;
}
}
Here is the caller graph for this function:
| ilAuthUtils::_getAuthModeOfUser | ( | $ | a_username, | |
| $ | a_password, | |||
| $ | a_db_handler = '' | |||
| ) |
Definition at line 281 of file class.ilAuthUtils.php.
References _getAuthMode(), and ilAuthModeDetermination::_getInstance().
Referenced by _initAuth().
{
global $ilDB;
if(isset($_POST['auth_mode']))
{
return (int) $_POST['auth_mode'];
}
include_once('./Services/Authentication/classes/class.ilAuthModeDetermination.php');
$det = ilAuthModeDetermination::_getInstance();
if(!$det->isManualSelection())
{
return AUTH_MULTIPLE;
}
$db =& $ilDB;
if ($a_db_handler != '')
{
$db =& $a_db_handler;
}
// Is it really necessary to check the auth mode with password ?
// Changed: smeyer
$q = "SELECT auth_mode FROM usr_data WHERE ".
"login = ".$ilDB->quote($a_username);
//"passwd = ".$ilDB->quote(md5($a_password))."";
$r = $db->query($q);
$row = $r->fetchRow(DB_FETCHMODE_OBJECT);
//echo "+".$row->auth_mode."+";
$auth_mode = self::_getAuthMode($row->auth_mode,$db);
return in_array($auth_mode,self::_getActiveAuthModes()) ? $auth_mode : AUTH_INACTIVE;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| static ilAuthUtils::_getMultipleAuthModeOptions | ( | $ | lng | ) | [static] |
Definition at line 489 of file class.ilAuthUtils.php.
References $_REQUEST, $ilSetting, $lng, ilLDAPServer::_getFirstActiveServer(), and ilRadiusSettings::_getInstance().
Referenced by ilStartUpGUI::showLogin().
{
global $ilSetting;
// in the moment only ldap is activated as additional authentication method
include_once('Services/LDAP/classes/class.ilLDAPServer.php');
$options[AUTH_LOCAL]['txt'] = $lng->txt('authenticate_ilias');
// LDAP
if($ldap_id = ilLDAPServer::_getFirstActiveServer())
{
$ldap_server = new ilLDAPServer($ldap_id);
$options[AUTH_LDAP]['txt'] = $ldap_server->getName();
}
include_once('Services/Radius/classes/class.ilRadiusSettings.php');
$rad_settings = ilRadiusSettings::_getInstance();
if($rad_settings->isActive())
{
$options[AUTH_RADIUS]['txt'] = $rad_settings->getName();
}
if($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_LDAP)
{
$default = AUTH_LDAP;
}
elseif($ilSetting->get('auth_mode',AUTH_LOCAL) == AUTH_RADIUS)
{
$default = AUTH_RADIUS;
}
else
{
$default = AUTH_LOCAL;
}
$default = $ilSetting->get('default_auth_mode',$default);
$default = (int) $_REQUEST['auth_mode'] ? (int) $_REQUEST['auth_mode'] : $default;
$options[$default]['checked'] = true;
return $options ? $options : array();
}
Here is the call graph for this function:
Here is the caller graph for this function:
| static ilAuthUtils::_hasMultipleAuthenticationMethods | ( | ) | [static] |
Definition at line 476 of file class.ilAuthUtils.php.
References ilLDAPServer::_getActiveServerList(), and ilRadiusSettings::_getInstance().
Referenced by ilStartUpGUI::showLogin().
{
include_once('Services/Radius/classes/class.ilRadiusSettings.php');
$rad_settings = ilRadiusSettings::_getInstance();
if($rad_settings->isActive())
{
return true;
}
include_once('Services/LDAP/classes/class.ilLDAPServer.php');
return count(ilLDAPServer::_getActiveServerList()) ? true : false;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| ilAuthUtils::_initAuth | ( | ) |
initialises $ilAuth
Definition at line 64 of file class.ilAuthUtils.php.
References $_GET, $_SESSION, $GLOBALS, $ilAuth, $ilBench, $ilSetting, and _getAuthModeOfUser().
Referenced by ilInitialisation::goToPublicSection(), and ilInitialisation::initILIAS().
{
global $ilAuth, $ilSetting, $ilDB, $ilClientIniFile,$ilBench;
//var_dump($_SESSION);
$ilBench->start('Auth','initAuth');
// check whether settings object is available
if (!is_object($ilSetting))
{
die ("Fatal Error: ilAuthUtils::_initAuth called without ilSetting.");
}
// check whether database object is available
if (!is_object($ilDB))
{
die ("Fatal Error: ilAuthUtils::_initAuth called without ilDB.");
}
// check whether client ini file object is available
if (!is_object($ilClientIniFile))
{
die ("Fatal Error: ilAuthUtils::_initAuth called without ilClientIniFile.");
}
// get default auth mode
//$default_auth_mode = $this->getSetting("auth_mode");
define ("AUTH_DEFAULT", $ilSetting->get("auth_mode") ? $ilSetting->get("auth_mode") : AUTH_LOCAL);
// set local auth mode (1) in case database wasn't updated
/*if ($default_auth_mode === false)
{
$default_auth_mode = AUTH_LOCAL;
}*/
//var_dump($_SESSION);
// determine authentication method if no session is found and username & password is posted
// does this if statement make any sense? we enter this block nearly everytime.
if (empty($_SESSION) ||
(!isset($_SESSION['_authsession']['registered']) ||
$_SESSION['_authsession']['registered'] !== true))
{
// no sesssion found
if ($_POST['username'] != '' and $_POST['password'] != '')
{
$user_auth_mode = ilAuthUtils::_getAuthModeOfUser($_POST['username'], $_POST['password'], $ilDB);
if ($user_auth_mode == AUTH_CAS && $ilSetting->get("cas_allow_local"))
{
$user_auth_mode = AUTH_LOCAL;
}
if ($user_auth_mode == AUTH_SOAP && $ilSetting->get("soap_auth_allow_local"))
{
$user_auth_mode = AUTH_LOCAL;
}
}
}
// to do: other solution?
if (!$ilSetting->get("soap_auth_active") && $user_auth_mode == AUTH_SOAP)
{
$user_auth_mode = AUTH_LOCAL;
}
//var_dump($_SESSION);
//echo "1-".$ilSetting->get("soap_auth_active")."-";
// if soap authentication activated and soap credentials given
if (($ilSetting->get("soap_auth_active") && !empty($_GET["ext_uid"])
&& !empty($_GET["soap_pw"])) || $user_auth_mode == AUTH_SOAP)
{
include_once("Services/SOAPAuth/classes/class.ilSOAPAuth.php");
if (!is_object($GLOBALS['ilSOAPAuth']))
{
$auth_params = array(
"server_hostname" => $ilSetting->get("soap_auth_server"),
"server_port" => $ilSetting->get("soap_auth_port"),
"server_uri" => $ilSetting->get("soap_auth_uri"),
"https" => $ilSetting->get("soap_auth_use_https"),
"namespace" => $ilSetting->get("soap_auth_namespace"),
"use_dotnet" => $ilSetting->get("soap_auth_use_dotnet")
);
// this starts already the session, AccountId is '' _authsession is null
// (assuming that ilSOAPAuth constructor calls Auth constructor
$ilSOAPAuth = new ilSOAPAuth($auth_params);
$GLOBALS['ilSOAPAuth'] =& $ilSOAPAuth;
}
else
{
$ilSOAPAuth =& $GLOBALS['ilSOAPAuth'];
}
define ("AUTH_CURRENT", AUTH_SOAP);
}
// if Shibboleth is active and the user is authenticated
// we set auth_mode to Shibboleth
else if ( $ilSetting->get("shib_active")
&& $_SERVER[$ilSetting->get("shib_login")])
{
define ("AUTH_CURRENT", AUTH_SHIBBOLETH);
}
// check CAS authentication
else if ($ilSetting->get("cas_active") && $_POST['username'] == '')
{
include_once("Services/CAS/classes/class.ilCASAuth.php");
if (!is_object($GLOBALS['ilCASAuth']))
{
$auth_params = array(
"server_version" => CAS_VERSION_2_0,
"server_hostname" => $ilSetting->get("cas_server"),
"server_port" => $ilSetting->get("cas_port"),
"server_uri" => $ilSetting->get("cas_uri"));
//echo "II";
//var_dump($_SESSION);
$ilCASAuth = new ilCASAuth($auth_params);
//var_dump($_SESSION);
$GLOBALS['ilCASAuth'] =& $ilCASAuth;
}
else
{
$ilCASAuth =& $GLOBALS['ilCASAuth'];
}
if ($_GET["forceCASLogin"] == "1")
{
$ilCASAuth->forceCASAuth();
}
if ($ilCASAuth->checkCASAuth())
{
define ("AUTH_CURRENT", AUTH_CAS);
}
else
{
define ("AUTH_CURRENT", $user_auth_mode);
//session_unset();
}
}
else
{
define ("AUTH_CURRENT", $user_auth_mode);
}
//var_dump($_SESSION);
switch (AUTH_CURRENT)
{
case AUTH_LOCAL:
include_once('./Services/Authentication/classes/class.ilAuthDB.php');
$ilAuth = new ilAuthDB();
break;
case AUTH_LDAP:
$ilBench->start('Auth','Auth_LDAP');
include_once 'Services/LDAP/classes/class.ilAuthLDAP.php';
$ilAuth = new ilAuthLDAP();
$ilBench->stop('Auth','Auth_LDAP');
/*
$settings = $ilSetting->getAll();
// build option string for PEAR::Auth
$auth_params = array(
'host' => $settings["ldap_server"],
'port' => $settings["ldap_port"],
'basedn' => $settings["ldap_basedn"],
'userdn' => $settings["ldap_search_base"],
'useroc' => $settings["ldap_objectclass"],
'userattr' => $settings["ldap_login_key"]
);
$ilAuth = new Auth("LDAP", $auth_params,"",false);
*/
break;
case AUTH_RADIUS:
include_once('Services/Radius/classes/class.ilAuthRadius.php');
$ilAuth = new ilAuthRadius();
break;
case AUTH_SHIBBOLETH:
// build option string for SHIB::Auth
$auth_params = array();
$ilAuth = new ShibAuth($auth_params,true);
break;
case AUTH_CAS:
$ilAuth =& $ilCASAuth;
$ilAuth->forceCASAuth();
break;
case AUTH_SOAP:
$ilAuth =& $ilSOAPAuth;
break;
case AUTH_MULTIPLE:
include_once('./Services/Authentication/classes/class.ilAuthMultiple.php');
$ilAuth = new ilAuthMultiple();
break;
case AUTH_INACTIVE:
include_once('./Services/Authentication/classes/class.ilAuthInactive.php');
$ilAuth = new ilAuthInactive(AUTH_MODE_INACTIVE);
break;
default:
include_once('./Services/Authentication/classes/class.ilAuthDB.php');
$ilAuth = new ilAuthDB();
break;
}
$ilAuth->setIdle($ilClientIniFile->readVariable("session","expire"), false);
$ilAuth->setExpire(0);
ini_set("session.cookie_lifetime", "0");
//echo "-".get_class($ilAuth)."-";
$GLOBALS['ilAuth'] =& $ilAuth;
$ilBench->stop('Auth','initAuth');
}
Here is the call graph for this function:
Here is the caller graph for this function:
| static ilAuthUtils::_isExternalAccountEnabled | ( | ) | [static] |
Check if an external account name is required.
That's the case if Radius,LDAP, CAS or SOAP is active
public
- Parameters:
-
Definition at line 540 of file class.ilAuthUtils.php.
References $ilSetting, and ilLDAPServer::_getActiveServerList().
Referenced by ilObjUserGUI::createObject(), ilObjUserGUI::editObject(), and ilObjUserGUI::saveObject().
{
global $ilSetting;
if($ilSetting->get("cas_active"))
{
return true;
}
if($ilSetting->get("soap_auth_active"))
{
return true;
}
if($ilSetting->get("shib_active"))
{
return true;
}
if($ilSetting->get('radius_active'))
{
return true;
}
include_once('Services/LDAP/classes/class.ilLDAPServer.php');
if(count(ilLDAPServer::_getActiveServerList()))
{
return true;
}
return false;
}
Here is the call graph for this function:
Here is the caller graph for this function:
| static ilAuthUtils::_needsExternalAccountByAuthMode | ( | $ | a_auth_mode | ) | [static] |
Check if chosen auth mode needs an external account entry.
public
- Parameters:
-
int auth_mode
Definition at line 596 of file class.ilAuthUtils.php.
Referenced by ilSoapUserAdministration::__validateUserData(), ilObjUserGUI::saveObject(), and ilObjUserGUI::updateObject().
{
switch($a_auth_mode)
{
case AUTH_LOCAL:
return false;
default:
return true;
}
}
Here is the caller graph for this function:
The documentation for this class was generated from the following file:
- Services/Authentication/classes/class.ilAuthUtils.php
