ILIAS  Release_4_0_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Static Public Member Functions | Data Fields
Auth Class Reference
+ Inheritance diagram for Auth:
+ Collaboration diagram for Auth:

Public Member Functions

 Auth ($storageDriver, $options= '', $loginFunction= '', $showLogin=true)
 Constructor.
applyAuthOptions (&$options)
 Set the Auth options.
 _loadStorage ()
 Load Storage Driver if not already loaded.
 assignData ()
 Assign data from login form to internal values.
 start ()
 Start new auth session.
 login ()
 Login function.
 setExpire ($time, $add=false)
 Set the maximum expire time.
 setIdle ($time, $add=false)
 Set the maximum idle time.
 setSessionName ($name= 'session')
 Set name of the session to a customized value.
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary?
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary?
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object.
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login.
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login.
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout.
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session.
 getAuthData ($name=null)
 Get additional information that is stored in the session.
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully.
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks.
 checkAuth ()
 Checks if there is a session with valid auth information.
 getAuth ()
 Has the user been authenticated?
 logout ()
 Logout function.
 updateIdle ()
 Update the idletime.
 getUsername ()
 Get the username.
 getStatus ()
 Get the current status.
 getPostUsernameField ()
 Gets the post varible used for the username.
 getPostPasswordField ()
 Gets the post varible used for the username.
 sessionValidThru ()
 Returns the time up to the session is valid.
 listUsers ()
 List all users that are currently available in the storage container.
 addUser ($username, $password, $additional= '')
 Add user to the storage container.
 removeUser ($username)
 Remove user from the storage container.
 changePassword ($username, $password)
 Change password for user in the storage container.
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system.
 _loadLogger ()
 Load Log object if not already loaded.
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source.
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled?
- Public Member Functions inherited from ilAuthBase
 supportRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
 getContainer ()
 Get container object.

Static Public Member Functions

_factory ($driver, $options= '')
 Return a storage driver based on $driver and $options.
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information.

Data Fields

 $expire = 0
 $expired = false
 $idle = 0
 $idled = false
 $storage = ''
 $loginFunction = ''
 $showLogin = true
 $allowLogin = true
 $status = ''
 $username = ''
 $password = ''
 $checkAuthCallback = ''
 $loginCallback = ''
 $loginFailedCallback = ''
 $logoutCallback = ''
 $_sessionName = '_authsession'
 $version = "@version@"
 $advancedsecurity = false
 $_postUsername = 'username'
 $_postPassword = 'password'
 $session
 $server
 $post
 $cookie
 $authdata
 $authChecks = 0
 $logger = null
 $enableLogging = false
 $regenerateSessionId = false

Additional Inherited Members

- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks...
 loginObserver ($a_username, $a_auth)
 Called after successful login.
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login.
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request.
 logoutObserver ($a_username, $a_auth)
 Called after logout.
- Protected Attributes inherited from ilAuthBase
 $sub_status = null

Detailed Description

Definition at line 90 of file Auth.php.

Member Function Documentation

& Auth::_factory (   $driver,
  $options = '' 
)
static

Return a storage driver based on $driver and $options.

Parameters
string$driverType of storage class to return
string$optionsOptional parameters for the storage class
Returns
object Object Storage object private

Definition at line 467 of file Auth.php.

Referenced by _loadStorage().

{
$storage_class = 'Auth_Container_' . $driver;
include_once 'Auth/Container/' . $driver . '.php';
$obj =& new $storage_class($options);
return $obj;
}

+ Here is the caller graph for this function:

Auth::_isAdvancedSecurityEnabled (   $feature = null)

Is advanced security enabled?

Pass one of the Advanced Security constants as the first parameter to check if that advanced security check is enabled.

Parameters
integer
Returns
boolean

Definition at line 1333 of file Auth.php.

References $advancedsecurity.

Referenced by checkAuth().

{
if (is_null($feature)) {
if ($this->advancedsecurity === true)
return true;
if ( is_array($this->advancedsecurity)
&& in_array(true, $this->advancedsecurity, true))
return true;
return false;
} else {
if (is_array($this->advancedsecurity)) {
if ( isset($this->advancedsecurity[$feature])
&& $this->advancedsecurity[$feature] == true)
return true;
return false;
}
return (bool)$this->advancedsecurity;
}
}

+ Here is the caller graph for this function:

Auth::_loadLogger ( )

Load Log object if not already loaded.

Suspend logger instantiation to make Auth lighter to use for calls which do not require logging

Returns
bool True if the logger is loaded, false if the logger is already loaded private

Definition at line 1288 of file Auth.php.

References AUTH_LOG_DEBUG, and Log\singleton().

Referenced by attachLogObserver(), and log().

{
if(is_null($this->logger)) {
if (!class_exists('Log')) {
include_once 'Log.php';
}
$this->logger =& Log::singleton('null',
null,
'auth['.getmypid().']',
array(),
AUTH_LOG_DEBUG);
return(true);
}
return(false);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::_loadStorage ( )

Load Storage Driver if not already loaded.

Suspend storage instantiation to make Auth lighter to use for calls which do not require login

Returns
bool True if the conainer is loaded, false if the container is already loaded private

Definition at line 443 of file Auth.php.

References _factory(), AUTH_LOG_DEBUG, and log().

Referenced by addUser(), changePassword(), listUsers(), Auth_HTTP\login(), login(), and removeUser().

{
if(!is_object($this->storage)) {
$this->storage =& $this->_factory($this->storage_driver,
$this->storage_options);
$this->storage->_auth_obj =& $this;
$this->log('Loaded storage container ('.$this->storage_driver.')', AUTH_LOG_DEBUG);
return(true);
}
return(false);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::addUser (   $username,
  $password,
  $additional = '' 
)

Add user to the storage container.

public

Parameters
stringUsername
stringPassword
mixedAdditional parameters
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1211 of file Auth.php.

References $password, $username, _loadStorage(), AUTH_LOG_DEBUG, and log().

{
$this->log('Auth::addUser() called.', AUTH_LOG_DEBUG);
$this->_loadStorage();
return $this->storage->addUser($username, $password, $additional);
}

+ Here is the call graph for this function:

& Auth::applyAuthOptions ( $options)

Set the Auth options.

Some options which are Auth specific will be applied the rest will be left for usage by the container

Parameters
arrayAn array of Auth options
Returns
array The options which were not applied private

Definition at line 396 of file Auth.php.

Referenced by Auth().

{
if(is_array($options)){
if (!empty($options['sessionName'])) {
$this->_sessionName = $options['sessionName'];
unset($options['sessionName']);
}
if (isset($options['allowLogin'])) {
$this->allowLogin = $options['allowLogin'];
unset($options['allowLogin']);
}
if (!empty($options['postUsername'])) {
$this->_postUsername = $options['postUsername'];
unset($options['postUsername']);
}
if (!empty($options['postPassword'])) {
$this->_postPassword = $options['postPassword'];
unset($options['postPassword']);
}
if (isset($options['advancedsecurity'])) {
$this->advancedsecurity = $options['advancedsecurity'];
unset($options['advancedsecurity']);
}
if (isset($options['enableLogging'])) {
$this->enableLogging = $options['enableLogging'];
unset($options['enableLogging']);
}
if (isset($options['regenerateSessionId']) && is_bool($options['regenerateSessionId'])) {
$this->regenerateSessionId = $options['regenerateSessionId'];
}
}
return($options);
}

+ Here is the caller graph for this function:

Auth::assignData ( )

Assign data from login form to internal values.

This function takes the values for username and password from $HTTP_POST_VARS/$_POST and assigns them to internal variables. If you wish to use another source apart from $HTTP_POST_VARS/$_POST, you have to derive this function.

$HTTP_POST_VARS, $_POST

See Also
Auth
Returns
void private

Reimplemented in Auth_HTTP.

Definition at line 491 of file Auth.php.

References $_postPassword, $_postUsername, AUTH_LOG_DEBUG, and log().

Referenced by start().

{
$this->log('Auth::assignData() called.', AUTH_LOG_DEBUG);
if ( isset($this->post[$this->_postUsername])
&& $this->post[$this->_postUsername] != '') {
$this->username = (get_magic_quotes_gpc() == 1
? stripslashes($this->post[$this->_postUsername])
: $this->post[$this->_postUsername]);
}
if ( isset($this->post[$this->_postPassword])
&& $this->post[$this->_postPassword] != '') {
$this->password = (get_magic_quotes_gpc() == 1
? stripslashes($this->post[$this->_postPassword])
: $this->post[$this->_postPassword] );
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::attachLogObserver ( $observer)

Attach an Observer to the Auth Log Source.

Parameters
objectLog_Observer A Log Observer instance
Returns
boolean

Definition at line 1313 of file Auth.php.

References _loadLogger().

{
$this->_loadLogger();
return $this->logger->attach($observer);
}

+ Here is the call graph for this function:

Auth::Auth (   $storageDriver,
  $options = '',
  $loginFunction = '',
  $showLogin = true 
)

Constructor.

Set up the storage driver.

Parameters
stringType of the storage driver
mixedAdditional options for the storage driver (example: if you are using DB as the storage driver, you have to pass the dsn string here)
stringName of the function that creates the login form
booleanShould the login form be displayed if neccessary?
Returns
void

Definition at line 335 of file Auth.php.

References $_COOKIE, $_POST, $_SESSION, $_sessionName, $loginFunction, $showLogin, applyAuthOptions(), and PEAR\throwError().

Referenced by Auth_Anonymous\Auth_Anonymous(), Auth_HTTP\Auth_HTTP(), ilCASAuth\ilCASAuth(), ShibAuth\ShibAuth(), and staticCheckAuth().

{
$this->applyAuthOptions($options);
// Start the session suppress error if already started
if(!session_id()){
@session_start();
if(!session_id()) {
// Throw error
include_once 'PEAR.php';
PEAR::throwError('Session could not be started by Auth, '
.'possibly headers are already sent, try putting '
.'ob_start in the beginning of your script');
}
}
// Make Sure Auth session variable is there
if(!isset($_SESSION[$this->_sessionName])) {
$_SESSION[$this->_sessionName] = array();
}
// Assign Some globals to internal references, this will replace _importGlobalVariable
$this->session =& $_SESSION[$this->_sessionName];
$this->server =& $_SERVER;
$this->post =& $_POST;
$this->cookie =& $_COOKIE;
if ($loginFunction != '' && is_callable($loginFunction)) {
$this->loginFunction = $loginFunction;
}
if (is_bool($showLogin)) {
$this->showLogin = $showLogin;
}
if (is_object($storageDriver)) {
$this->storage =& $storageDriver;
// Pass a reference to auth to the container, ugly but works
// this is used by the DB container to use method setAuthData not staticaly.
$this->storage->_auth_obj =& $this;
} else {
// $this->storage = $this->_factory($storageDriver, $options);
//
$this->storage_driver = $storageDriver;
$this->storage_options =& $options;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::changePassword (   $username,
  $password 
)

Change password for user in the storage container.

public

Parameters
stringUsername
stringThe new password
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1248 of file Auth.php.

References $password, $username, _loadStorage(), AUTH_LOG_DEBUG, and log().

{
$this->log('Auth::changePassword() called', AUTH_LOG_DEBUG);
$this->_loadStorage();
return $this->storage->changePassword($username, $password);
}

+ Here is the call graph for this function:

Auth::checkAuth ( )

Checks if there is a session with valid auth information.

public

Returns
boolean Whether or not the user is authenticated.

Definition at line 897 of file Auth.php.

References _isAdvancedSecurityEnabled(), AUTH_ADV_CHALLENGE, AUTH_ADV_IPCHECK, AUTH_ADV_USERAGENT, AUTH_CALLBACK_ABORT, AUTH_EXPIRED, AUTH_IDLED, AUTH_LOG_DEBUG, AUTH_LOG_INFO, AUTH_SECURITY_BREACH, log(), login(), logout(), and updateIdle().

Referenced by getAuth(), and start().

{
$this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG);
$this->authChecks++;
if (isset($this->session)) {
// Check if authentication session is expired
if ( $this->expire > 0
&& isset($this->session['timestamp'])
&& ($this->session['timestamp'] + $this->expire) < time()) {
$this->log('Session Expired', AUTH_LOG_INFO);
$this->expired = true;
$this->status = AUTH_EXPIRED;
$this->logout();
return false;
}
// Check if maximum idle time is reached
if ( $this->idle > 0
&& isset($this->session['idle'])
&& ($this->session['idle'] + $this->idle) < time()) {
$this->log('Session Idle Time Reached', AUTH_LOG_INFO);
$this->idled = true;
$this->status = AUTH_IDLED;
$this->logout();
return false;
}
if ( isset($this->session['registered'])
&& isset($this->session['username'])
&& $this->session['registered'] == true
&& $this->session['username'] != '') {
Auth::updateIdle();
if ($this->_isAdvancedSecurityEnabled()) {
$this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG);
// Only Generate the challenge once
if ( $this->authChecks == 1
&& $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) {
$this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG);
$this->session['challengecookieold'] = $this->session['challengecookie'];
$this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
}
// Check for ip change
if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
&& isset($this->server['REMOTE_ADDR'])
&& $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
$this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO);
// Check if the IP of the user has changed, if so we
// assume a man in the middle attack and log him out
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
return false;
}
// Check for ip change (if connected via proxy)
if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
&& isset($this->server['HTTP_X_FORWARDED_FOR'])
&& $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
$this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO);
// Check if the IP of the user connecting via proxy has
// changed, if so we assume a man in the middle attack
// and log him out.
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
return false;
}
// Check for useragent change
if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT)
&& isset($this->server['HTTP_USER_AGENT'])
&& $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
$this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO);
// Check if the User-Agent of the user has changed, if
// so we assume a man in the middle attack and log him out
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
return false;
}
// Check challenge cookie here, if challengecookieold is not set
// this is the first time and check is skipped
// TODO when user open two pages similtaneuly (open in new window,open
// in tab) auth breach is caused find out a way around that if possible
if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)
&& isset($this->session['challengecookieold'])
&& $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
$this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO);
$this->expired = true;
$this->status = AUTH_SECURITY_BREACH;
$this->logout();
$this->login();
return false;
}
}
if (is_callable($this->checkAuthCallback)) {
$this->log('Calling checkAuthCallback ('.$this->checkAuthCallback.').', AUTH_LOG_DEBUG);
$checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
if ($checkCallback == false) {
$this->log('checkAuthCallback failed.', AUTH_LOG_INFO);
$this->expired = true;
$this->status = AUTH_CALLBACK_ABORT;
$this->logout();
return false;
}
}
$this->log('Session OK.', AUTH_LOG_INFO);
return true;
}
} else {
$this->log('Unable to locate session storage.', AUTH_LOG_DEBUG);
return false;
}
$this->log('No login session.', AUTH_LOG_DEBUG);
return false;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::getAuth ( )

Has the user been authenticated?

Is there a valid login session. Previously this was different from checkAuth() but now it is just an alias.

public

Returns
bool True if the user is logged in, otherwise false.

Definition at line 1054 of file Auth.php.

References AUTH_LOG_DEBUG, checkAuth(), and log().

Referenced by Auth_HTTP\authenticationInfo(), and Auth_HTTP\login().

{
$this->log('Auth::getAuth() called.', AUTH_LOG_DEBUG);
return $this->checkAuth();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::getAuthData (   $name = null)

Get additional information that is stored in the session.

If no value for the first parameter is passed, the method will return all data that is currently stored.

Parameters
stringName of the data field
Returns
mixed Value of the data field. public

Definition at line 798 of file Auth.php.

References $name.

Referenced by Auth_HTTP\authenticationInfo(), and Auth_HTTP\login().

{
if (!isset($this->session['data'])) {
return null;
}
if(!isset($name)) {
return $this->session['data'];
}
if (isset($name) && isset($this->session['data'][$name])) {
return $this->session['data'][$name];
}
return null;
}

+ Here is the caller graph for this function:

Auth::getPostPasswordField ( )

Gets the post varible used for the username.

Returns
string public

Definition at line 1156 of file Auth.php.

{
return($this->_postPassword);
}
Auth::getPostUsernameField ( )

Gets the post varible used for the username.

Returns
string public

Definition at line 1142 of file Auth.php.

{
return($this->_postUsername);
}
Auth::getStatus ( )

Get the current status.

Returns
string public

Reimplemented in ilAuthInactive.

Definition at line 1128 of file Auth.php.

References $status.

{
return $this->status;
}
Auth::getUsername ( )

Get the username.

Returns
string public

Definition at line 1111 of file Auth.php.

{
if (isset($this->session['username'])) {
return($this->session['username']);
}
return('');
}
Auth::listUsers ( )

List all users that are currently available in the storage container.

public

Returns
array

Definition at line 1191 of file Auth.php.

References _loadStorage(), AUTH_LOG_DEBUG, and log().

{
$this->log('Auth::listUsers() called.', AUTH_LOG_DEBUG);
$this->_loadStorage();
return $this->storage->listUsers();
}

+ Here is the call graph for this function:

Auth::log (   $message,
  $level = AUTH_LOG_DEBUG 
)

Log a message from the Auth system.

public

Parameters
stringThe message to log
stringThe log level to log the message under. See the Log documentation for more info.
Returns
boolean

Definition at line 1266 of file Auth.php.

References _loadLogger().

Referenced by _loadStorage(), addUser(), assignData(), changePassword(), checkAuth(), getAuth(), listUsers(), login(), logout(), removeUser(), setAuth(), and start().

{
if (!$this->enableLogging) return false;
$this->_loadLogger();
$this->logger->log('AUTH: '.$message, $level);
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::login ( )

Login function.

Returns
void private

Reimplemented in Auth_HTTP, ilCASAuth, ShibAuth, and Auth_Anonymous.

Definition at line 543 of file Auth.php.

References _loadStorage(), AUTH_LOG_DEBUG, AUTH_LOG_INFO, AUTH_WRONG_LOGIN, log(), Auth_Frontend_Html\render(), and setAuth().

Referenced by checkAuth(), and start().

{
$this->log('Auth::login() called.', AUTH_LOG_DEBUG);
$login_ok = false;
$this->_loadStorage();
// Check if using challenge response
(isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
? $usingChap = true
: $usingChap = false;
// When the user has already entered a username, we have to validate it.
if (!empty($this->username)) {
if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
$this->session['challengekey'] = md5($this->username.$this->password);
$login_ok = true;
$this->log('Successful login.', AUTH_LOG_INFO);
}
}
if (!empty($this->username) && $login_ok) {
$this->setAuth($this->username);
if (is_callable($this->loginCallback)) {
$this->log('Calling loginCallback ('.$this->loginCallback.').', AUTH_LOG_DEBUG);
call_user_func_array($this->loginCallback, array($this->username, &$this));
}
}
// If the login failed or the user entered no username,
// output the login screen again.
if (!empty($this->username) && !$login_ok) {
$this->log('Incorrect login.', AUTH_LOG_INFO);
$this->status = AUTH_WRONG_LOGIN;
if (is_callable($this->loginFailedCallback)) {
$this->log('Calling loginFailedCallback ('.$this->loginFailedCallback.').', AUTH_LOG_DEBUG);
call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
}
}
if ((empty($this->username) || !$login_ok) && $this->showLogin) {
$this->log('Rendering Login Form.', AUTH_LOG_INFO);
if (is_callable($this->loginFunction)) {
$this->log('Calling loginFunction ('.$this->loginFunction.').', AUTH_LOG_DEBUG);
call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
} else {
// BC fix Auth used to use drawLogin for this
// call is sub classes implement this
if (is_callable(array($this, 'drawLogin'))) {
$this->log('Calling Auth::drawLogin()', AUTH_LOG_DEBUG);
return $this->drawLogin($this->username, $this);
}
$this->log('Using default Auth_Frontend_Html', AUTH_LOG_DEBUG);
// New Login form
include_once 'Auth/Frontend/Html.php';
return Auth_Frontend_Html::render($this, $this->username);
}
} else {
return;
}
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::logout ( )

Logout function.

This function clears any auth tokens in the currently active session and executes the logout callback function, if any

public

Returns
void

Reimplemented in ShibAuth, and ilCASAuth.

Definition at line 1073 of file Auth.php.

References AUTH_LOG_DEBUG, and log().

Referenced by checkAuth(), Auth_Anonymous\forceLogin(), and ilAuthInactive\start().

{
$this->log('Auth::logout() called.', AUTH_LOG_DEBUG);
if (is_callable($this->logoutCallback) && isset($this->session['username'])) {
$this->log('Calling logoutCallback ('.$this->logoutCallback.').', AUTH_LOG_DEBUG);
call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
}
$this->username = '';
$this->password = '';
$this->session = null;
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::removeUser (   $username)

Remove user from the storage container.

public

Parameters
stringUsername
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1229 of file Auth.php.

References $username, _loadStorage(), AUTH_LOG_DEBUG, and log().

{
$this->log('Auth::removeUser() called.', AUTH_LOG_DEBUG);
$this->_loadStorage();
return $this->storage->removeUser($username);
}

+ Here is the call graph for this function:

Auth::sessionValidThru ( )

Returns the time up to the session is valid.

public

Returns
integer

Definition at line 1170 of file Auth.php.

{
if (!isset($this->session['idle'])) {
return 0;
}
if ($this->idle == 0) {
return 0;
}
return ($this->session['idle'] + $this->idle);
}
Auth::setAdvancedSecurity (   $flag = true)

Enables advanced security checks.

Currently only ip change and useragent change are detected

Todo:
Add challenge cookies - Create a cookie which changes every time and contains some challenge key which the server can verify with a session var cookie might need to be crypted (user pass)
Parameters
boolEnable or disable
Returns
void public

Definition at line 883 of file Auth.php.

{
$this->advancedsecurity = $flag;
}
Auth::setAllowLogin (   $allowLogin = true)

Should the login form be displayed if neccessary?

Parameters
boolshow login form or not
Returns
void public

Definition at line 691 of file Auth.php.

References $allowLogin.

{
$this->allowLogin = $allowLogin;
}
Auth::setAuth (   $username)

Register variable in a session telling that the user has logged in successfully.

Parameters
stringUsername
Returns
void public

Definition at line 823 of file Auth.php.

References $username, AUTH_LOG_DEBUG, and log().

Referenced by Auth_Anonymous\login(), ShibAuth\login(), ilCASAuth\login(), Auth_HTTP\login(), and login().

{
$this->log('Auth::setAuth() called.', AUTH_LOG_DEBUG);
// #10729 - Regenerate session id here only if generating at login only
// Don't do it if we are regenerating on every request so we don't
// regenerate it twice in one request.
if (!$this->regenerateSessionId) {
// #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
session_regenerate_id(true);
}
if (!isset($this->session) || !is_array($this->session)) {
$this->session = array();
}
if (!isset($this->session['data'])) {
$this->session['data'] = array();
}
$this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
? $this->server['REMOTE_ADDR']
: '';
$this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
? $this->server['HTTP_USER_AGENT']
: '';
$this->session['sessionforwardedfor'] = isset($this->server['HTTP_X_FORWARDED_FOR'])
? $this->server['HTTP_X_FORWARDED_FOR']
: '';
// This should be set by the container to something more safe
// Like md5(passwd.microtime)
if(empty($this->session['challengekey'])) {
$this->session['challengekey'] = md5($username.microtime());
}
$this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
$this->session['registered'] = true;
$this->session['username'] = $username;
$this->session['timestamp'] = time();
$this->session['idle'] = time();
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

Auth::setAuthData (   $name,
  $value,
  $overwrite = true 
)

Register additional information that is to be stored in the session.

Parameters
stringName of the data field
mixedValue of the data field
booleanShould existing data be overwritten? (default is true)
Returns
void public

Definition at line 777 of file Auth.php.

References $name.

Referenced by Auth_Container_DBLite\fetchData(), and Auth_HTTP\login().

{
if (!empty($this->session['data'][$name]) && $overwrite == false) {
return;
}
$this->session['data'][$name] = $value;
}

+ Here is the caller graph for this function:

Auth::setCheckAuthCallback (   $checkAuthCallback)

Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void public
Since
Method available since Release 1.4.3

Definition at line 708 of file Auth.php.

References $checkAuthCallback.

{
$this->checkAuthCallback = $checkAuthCallback;
}
Auth::setExpire (   $time,
  $add = false 
)

Set the maximum expire time.

Parameters
integertime in seconds
booladd time to current expire time or not
Returns
void public

Reimplemented in ShibAuth.

Definition at line 619 of file Auth.php.

{
$add ? $this->expire += $time : $this->expire = $time;
}
Auth::setFailedLoginCallback (   $loginFailedCallback)

Register a callback function to be called on failed user login.

The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void public

Definition at line 741 of file Auth.php.

References $loginFailedCallback.

{
$this->loginFailedCallback = $loginFailedCallback;
}
Auth::setIdle (   $time,
  $add = false 
)

Set the maximum idle time.

Parameters
integertime in seconds
booladd time to current maximum idle time or not
Returns
void public

Reimplemented in ShibAuth.

Definition at line 635 of file Auth.php.

{
$add ? $this->idle += $time : $this->idle = $time;
}
Auth::setLoginCallback (   $loginCallback)

Register a callback function to be called on user login.

The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void
See Also
setLogoutCallback() User interface

Definition at line 725 of file Auth.php.

References $loginCallback.

{
$this->loginCallback = $loginCallback;
}
Auth::setLogoutCallback (   $logoutCallback)

Register a callback function to be called on user logout.

The function will receive three parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void
See Also
setLoginCallback() User interface

Definition at line 758 of file Auth.php.

References $logoutCallback.

{
$this->logoutCallback = $logoutCallback;
}
Auth::setSessionName (   $name = 'session')

Set name of the session to a customized value.

If you are using multiple instances of PEAR::Auth on the same domain, you can change the name of session per application via this function. This will chnage the name of the session variable auth uses to store it's data in the session

Parameters
stringNew name for the session
Returns
void public

Definition at line 656 of file Auth.php.

References $_SESSION, and $_sessionName.

Referenced by ilAuthCAS\__construct(), ilAuthSOAP\__construct(), ilAuthWeb\__construct(), ilAuthHTTP\__construct(), ilAuthECS\__construct(), ilAuthCron\__construct(), and ShibAuth\ShibAuth().

{
$this->_sessionName = '_auth_'.$name;
// Make Sure Auth session variable is there
if(!isset($_SESSION[$this->_sessionName])) {
$_SESSION[$this->_sessionName] = array();
}
$this->session =& $_SESSION[$this->_sessionName];
}

+ Here is the caller graph for this function:

Auth::setShowLogin (   $showLogin = true)

Should the login form be displayed if neccessary?

Parameters
boolshow login form or not
Returns
void public

Definition at line 676 of file Auth.php.

References $showLogin.

{
$this->showLogin = $showLogin;
}
Auth::start ( )

Start new auth session.

Returns
void public

Reimplemented in ilAuthInactive.

Definition at line 518 of file Auth.php.

References assignData(), AUTH_LOG_DEBUG, checkAuth(), log(), and login().

{
$this->log('Auth::start() called.', AUTH_LOG_DEBUG);
// #10729 - Regenerate session id here if we are generating it on every
// page load.
if ($this->regenerateSessionId) {
session_regenerate_id(true);
}
$this->assignData();
if (!$this->checkAuth() && $this->allowLogin) {
$this->login();
}
}

+ Here is the call graph for this function:

Auth::staticCheckAuth (   $options = null)
static

Statically checks if there is a session with valid auth information.

public

See Also
checkAuth
Returns
boolean Whether or not the user is authenticated.

Definition at line 1032 of file Auth.php.

References Auth(), and AUTH_LOG_DEBUG.

{
static $staticAuth;
if(!isset($staticAuth)) {
$staticAuth = new Auth('null', $options);
}
$staticAuth->log('Auth::staticCheckAuth() called', AUTH_LOG_DEBUG);
return $staticAuth->checkAuth();
}

+ Here is the call graph for this function:

Auth::updateIdle ( )

Update the idletime.

private

Returns
void

Definition at line 1097 of file Auth.php.

Referenced by checkAuth().

{
$this->session['idle'] = time();
}

+ Here is the caller graph for this function:

Field Documentation

Auth::$_postPassword = 'password'

Definition at line 259 of file Auth.php.

Referenced by assignData().

Auth::$_postUsername = 'username'

Definition at line 252 of file Auth.php.

Referenced by assignData().

Auth::$_sessionName = '_authsession'

Definition at line 221 of file Auth.php.

Referenced by Auth(), Auth_HTTP\login(), and setSessionName().

Auth::$advancedsecurity = false

Definition at line 245 of file Auth.php.

Referenced by _isAdvancedSecurityEnabled().

Auth::$allowLogin = true

Definition at line 161 of file Auth.php.

Referenced by setAllowLogin().

Auth::$authChecks = 0

Definition at line 295 of file Auth.php.

Auth::$authdata

Definition at line 289 of file Auth.php.

Auth::$checkAuthCallback = ''

Definition at line 190 of file Auth.php.

Referenced by setCheckAuthCallback().

Auth::$cookie

Definition at line 283 of file Auth.php.

Auth::$enableLogging = false

Definition at line 309 of file Auth.php.

Auth::$expire = 0

Definition at line 102 of file Auth.php.

Auth::$expired = false

Definition at line 110 of file Auth.php.

Auth::$idle = 0

Definition at line 122 of file Auth.php.

Auth::$idled = false

Definition at line 130 of file Auth.php.

Auth::$logger = null

Definition at line 302 of file Auth.php.

Auth::$loginCallback = ''

Definition at line 198 of file Auth.php.

Referenced by setLoginCallback().

Auth::$loginFailedCallback = ''

Definition at line 206 of file Auth.php.

Referenced by setFailedLoginCallback().

Auth::$loginFunction = ''

Definition at line 145 of file Auth.php.

Referenced by Auth(), and Auth_Anonymous\Auth_Anonymous().

Auth::$logoutCallback = ''

Definition at line 214 of file Auth.php.

Referenced by setLogoutCallback().

Auth::$password = ''

Definition at line 182 of file Auth.php.

Referenced by addUser(), Auth_HTTP\assignData(), and changePassword().

Auth::$post

Definition at line 277 of file Auth.php.

Auth::$regenerateSessionId = false

Definition at line 316 of file Auth.php.

Auth::$server

Definition at line 271 of file Auth.php.

Auth::$session

Definition at line 265 of file Auth.php.

Auth::$showLogin = true

Definition at line 153 of file Auth.php.

Referenced by Auth(), Auth_Anonymous\Auth_Anonymous(), and setShowLogin().

Auth::$status = ''

Definition at line 168 of file Auth.php.

Referenced by getStatus().

Auth::$storage = ''

Definition at line 138 of file Auth.php.

Referenced by Auth_HTTP\login().

Auth::$username = ''

Definition at line 175 of file Auth.php.

Referenced by addUser(), Auth_HTTP\assignData(), changePassword(), ilCASAuth\login(), removeUser(), and setAuth().

Auth::$version = "@version@"

Definition at line 228 of file Auth.php.

The documentation for this class was generated from the following file: