00001 <?php 00002 /* 00003 +-----------------------------------------------------------------------------+ 00004 | ILIAS open source | 00005 +-----------------------------------------------------------------------------+ 00006 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne | 00007 | | 00008 | This program is free software; you can redistribute it and/or | 00009 | modify it under the terms of the GNU General Public License | 00010 | as published by the Free Software Foundation; either version 2 | 00011 | of the License, or (at your option) any later version. | 00012 | | 00013 | This program is distributed in the hope that it will be useful, | 00014 | but WITHOUT ANY WARRANTY; without even the implied warranty of | 00015 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 00016 | GNU General Public License for more details. | 00017 | | 00018 | You should have received a copy of the GNU General Public License | 00019 | along with this program; if not, write to the Free Software | 00020 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | 00021 +-----------------------------------------------------------------------------+ 00022 */ 00023 00024 00025 include_once("Auth/Auth.php"); 00026 00037 class ilCASAuth extends Auth 00038 { 00043 function ilCASAuth($a_params) 00044 { 00045 parent::Auth(""); 00046 00047 include_once("./Services/CAS/phpcas/source/CAS/CAS.php"); 00048 $this->server_version = CAS_VERSION_2_0; 00049 $this->server_hostname = $a_params["server_hostname"]; 00050 $this->server_port = (int) $a_params["server_port"]; 00051 $this->server_uri = $a_params["server_uri"]; 00052 00053 phpCAS::setDebug(); 00054 //echo "-".$_GET['ticket']."-"; exit; 00055 phpCAS::client($this->server_version, $this->server_hostname, 00056 $this->server_port, $this->server_uri); 00057 } 00058 00065 function checkCASAuth() 00066 { 00067 global $PHPCAS_CLIENT; 00068 00069 return $PHPCAS_CLIENT->isAuthenticated(); 00070 } 00071 00072 function forceCASAuth() 00073 { 00074 phpCAS::forceAuthentication(); 00075 } 00076 00077 function getCASUser() 00078 { 00079 return phpCAS::getUser(); 00080 } 00081 00087 /* 00088 function getAuth() 00089 { 00090 $session = &$this->_importGlobalVariable('session'); 00091 if (!empty($session) && 00092 (isset($session[$this->_sessionName]['registered']) && 00093 $session[$this->_sessionName]['registered'] === true)) 00094 { 00095 return true; 00096 } else { 00097 return false; 00098 } 00099 } 00100 */ 00101 00110 /* 00111 function setIdle($time, $add = false) 00112 { 00113 $add ? $this->idle += $time : $this->idle = $time; 00114 } 00115 */ 00116 00125 /* 00126 function setExpire($time, $add = false) 00127 { 00128 $add ? $this->expire += $time : $this->expire = $time; 00129 } 00130 */ 00131 00138 /* 00139 function checkAuth() 00140 { 00141 $session = &$this->_importGlobalVariable('session'); 00142 00143 if (isset($session[$this->_sessionName])) { 00144 // Check if authentication session is expired 00145 if ($this->expire > 0 && 00146 isset($session[$this->_sessionName]['timestamp']) && 00147 ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) { 00148 00149 $this->logout(); 00150 $this->expired = true; 00151 $this->status = AUTH_EXPIRED; 00152 00153 return false; 00154 } 00155 00156 // Check if maximum idle time is reached 00157 if ($this->idle > 0 && 00158 isset($session[$this->_sessionName]['idle']) && 00159 ($session[$this->_sessionName]['idle'] + $this->idle) < time()) { 00160 00161 $this->logout(); 00162 $this->idled = true; 00163 $this->status = AUTH_IDLED; 00164 00165 return false; 00166 } 00167 00168 if (isset($session[$this->_sessionName]['registered']) && 00169 isset($session[$this->_sessionName]['username']) && 00170 $session[$this->_sessionName]['registered'] == true && 00171 $session[$this->_sessionName]['username'] != '') { 00172 00173 Auth::updateIdle(); 00174 00175 return true; 00176 } 00177 } 00178 00179 return false; 00180 } 00181 */ 00182 00189 /* 00190 function start() 00191 { 00192 @session_start(); 00193 00194 if (!$this->checkAuth()) { 00195 $this->login(); 00196 } 00197 } 00198 */ 00199 00206 function login() 00207 { 00208 global $ilias, $rbacadmin, $ilSetting; 00209 00210 if (phpCAS::getUser() != "") 00211 { 00212 $username = phpCAS::getUser(); 00213 00214 // Authorize this user 00215 include_once('./Services/User/classes/class.ilObjUser.php'); 00216 $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username); 00217 00218 if ($local_user != "") 00219 { 00220 $this->setAuth($local_user); 00221 } 00222 else 00223 { 00224 if (!$ilSetting->get("cas_create_users")) 00225 { 00226 $this->status = AUTH_CAS_NO_ILIAS_USER; 00227 $this->logout(); 00228 return; 00229 } 00230 00231 $userObj = new ilObjUser(); 00232 00233 $local_user = ilAuthUtils::_generateLogin($username); 00234 00235 $newUser["firstname"] = $local_user; 00236 $newUser["lastname"] = ""; 00237 00238 $newUser["login"] = $local_user; 00239 00240 // set "plain md5" password (= no valid password) 00241 $newUser["passwd"] = ""; 00242 $newUser["passwd_type"] = IL_PASSWD_MD5; 00243 00244 //$newUser["gender"] = "m"; 00245 $newUser["auth_mode"] = "cas"; 00246 $newUser["ext_account"] = $username; 00247 $newUser["profile_incomplete"] = 1; 00248 00249 // system data 00250 $userObj->assignData($newUser); 00251 $userObj->setTitle($userObj->getFullname()); 00252 $userObj->setDescription($userObj->getEmail()); 00253 00254 // set user language to system language 00255 $userObj->setLanguage($ilSetting->get("language")); 00256 00257 // Time limit 00258 $userObj->setTimeLimitOwner(7); 00259 $userObj->setTimeLimitUnlimited(1); 00260 $userObj->setTimeLimitFrom(time()); 00261 $userObj->setTimeLimitUntil(time()); 00262 00263 // Create user in DB 00264 $userObj->setOwner(6); 00265 $userObj->create(); 00266 $userObj->setActive(1, 6); 00267 00268 $userObj->updateOwner(); 00269 00270 //insert user data in table user_data 00271 $userObj->saveAsNew(); 00272 00273 // setup user preferences 00274 $userObj->writePrefs(); 00275 00276 // to do: test this 00277 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true); 00278 00279 unset($userObj); 00280 00281 $this->setAuth($local_user); 00282 00283 } 00284 } 00285 else 00286 { 00287 // This should never occur unless CAS is not configured properly 00288 $this->status = AUTH_WRONG_LOGIN; 00289 } 00290 } 00291 00300 /* 00301 function setAuth($username) 00302 { 00303 $session = &Auth::_importGlobalVariable('session'); 00304 00305 if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) { 00306 session_register($this->_sessionName); 00307 } 00308 00309 if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) { 00310 $session[$this->_sessionName] = array(); 00311 } 00312 00313 if(!isset($session[$this->_sessionName]['data'])){ 00314 $session[$this->_sessionName]['data'] = array(); 00315 } 00316 $session[$this->_sessionName]['registered'] = true; 00317 $session[$this->_sessionName]['username'] = $username; 00318 $session[$this->_sessionName]['timestamp'] = time(); 00319 $session[$this->_sessionName]['idle'] = time(); 00320 } 00321 */ 00322 00334 function logout() 00335 { 00336 parent::logout(); 00337 //PHPCAS::logout(); // CAS logout should be provided separately 00338 // maybe on ILISA login screen 00339 } 00340 00347 /* 00348 function getUsername() 00349 { 00350 $session = &$this->_importGlobalVariable('session'); 00351 if (!isset($session[$this->_sessionName]['username'])) { 00352 return ''; 00353 } 00354 return $session[$this->_sessionName]['username']; 00355 } 00356 */ 00357 00364 /* 00365 function getStatus() 00366 { 00367 00368 return $status; 00369 } 00370 */ 00371 00379 /* 00380 function &_importGlobalVariable($variable) 00381 { 00382 $var = null; 00383 00384 switch (strtolower($variable)) { 00385 00386 case 'server' : 00387 if (isset($_SERVER)) { 00388 $var = &$_SERVER; 00389 } else { 00390 $var = &$GLOBALS['HTTP_SERVER_VARS']; 00391 } 00392 break; 00393 00394 case 'session' : 00395 if (isset($_SESSION)) { 00396 $var = &$_SESSION; 00397 } else { 00398 $var = &$GLOBALS['HTTP_SESSION_VARS']; 00399 } 00400 break; 00401 00402 case 'post' : 00403 if (isset($_POST)) { 00404 $var = &$_POST; 00405 } else { 00406 $var = &$GLOBALS['HTTP_POST_VARS']; 00407 } 00408 break; 00409 00410 case 'cookie' : 00411 if (isset($_COOKIE)) { 00412 $var = &$_COOKIE; 00413 } else { 00414 $var = &$GLOBALS['HTTP_COOKIE_VARS']; 00415 } 00416 break; 00417 00418 case 'get' : 00419 if (isset($_GET)) { 00420 $var = &$_GET; 00421 } else { 00422 $var = &$GLOBALS['HTTP_GET_VARS']; 00423 } 00424 break; 00425 00426 default: 00427 break; 00428 00429 } 00430 00431 return $var; 00432 } 00433 */ 00434 } // END class.ilCASAuth 00435 ?>
1.7.1