ILIAS  Release_4_2_x_branch Revision 61807
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
17 require_once "./classes/class.ilObjectGUI.php";
18 
19 class ilObjAuthSettingsGUI extends ilObjectGUI
20 {
25  function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
26  {
27  $this->type = "auth";
28  $this->ilObjectGUI($a_data, $a_id, $a_call_by_reference, $a_prepare_output);
29 
30  $this->lng->loadLanguageModule('registration');
31 
32  define('LDAP_DEFAULT_PORT',389);
33  define('RADIUS_DEFAULT_PORT',1812);
34 
35  }
36 
37 
38 
39  function viewObject()
40  {
41  // load ilRegistrationSettingsGUI
42 
43  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
44 
45  // Enable tabs
46  $this->tabs_gui->setTabActive('registration_settings');
47 
48  $registration_gui =& new ilRegistrationSettingsGUI();
49  $this->ctrl->setCmdClass('ilregistrationsettingsgui');
50  $this->ctrl->forwardCommand($registration_gui);
51  }
52 
53 
59  function authSettingsObject()
60  {
61  global $rbacsystem, $ilSetting;
62 
63  if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
64  {
65  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
66  }
67 
68  $this->tabs_gui->setTabActive('authentication_settings');
69  $this->setSubTabs('authSettings');
70  $this->tabs_gui->setSubTabActive("auth_settings");
71 
72  $this->getTemplateFile("general");
73 
74  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
75  $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
76 
77  $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
78  $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
79  $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
80  $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
81 
82  $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
83  $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
84  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
85 
86  $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
87 
88  $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
89  $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
90 
91  $this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
92 
93  $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
94  $auth_modes = ilAuthUtils::_getAllAuthModes();
95 
96  foreach($auth_modes as $mode => $mode_name)
97  {
98 //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
99  if ($ilSetting->get('auth_mode') == $mode)
100  {
101  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
102  ((int) $auth_cnt[$mode_name] + $auth_cnt["default"])." (".$this->lng->txt("auth_per_default").
103  ": ".$auth_cnt["default"].")");
104  }
105  else
106  {
107  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
108  (int) $auth_cnt[$mode_name]);
109  }
110  }
111 
112  $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
113  $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
114  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
115  $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
116 
117  // local vars
118  $checked = "checked=\"checked\"";
119  $disabled = "disabled=\"disabled\"";
120  $style_disabled = "_disabled";
121 
122  // icon handlers
123  $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.gif")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
124  $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.gif")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
125 
126  $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
127 
128  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
129  $this->tpl->setVariable('AUTH_LDAP_ACTIVE',count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
130  #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
131  $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
132  $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
133  $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
134  $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
135  $this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
136 
137  // alter style and disable buttons depending on current selection
138  switch ($this->ilias->getSetting('auth_mode'))
139  {
140  case AUTH_LOCAL: // default
141  $this->tpl->setVariable("CHK_LOCAL", $checked);
142  break;
143 
144  case AUTH_LDAP: // LDAP
145  $this->tpl->setVariable("CHK_LDAP", $checked);
146  break;
147 
148  case AUTH_SHIBBOLETH: // SHIB
149  $this->tpl->setVariable("CHK_SHIB", $checked);
150  break;
151 
152  case AUTH_RADIUS: // RADIUS
153  $this->tpl->setVariable("CHK_RADIUS", $checked);
154  break;
155 
156  case AUTH_CAS: // CAS
157  $this->tpl->setVariable("CHK_CAS", $checked);
158  break;
159 
160  case AUTH_SCRIPT: // script
161  $this->tpl->setVariable("CHK_SCRIPT", $checked);
162  break;
163 
164  case AUTH_APACHE: // apache
165  $this->tpl->setVariable("CHK_APACHE", $checked);
166  break;
167  }
168 
169  // auth mode determinitation
170  if($this->initAuthModeDetermination())
171  {
172  $this->tpl->setVariable('TABLE_AUTH_DETERMINATION',$this->form->getHTML());
173  }
174 
175  // roles table
176  $this->tpl->setVariable("FORMACTION_ROLES",
177  $this->ctrl->getFormAction($this));
178  $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
179  $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
180  $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
181  $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
182 
183  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
184  $reg_roles = ilObjRole::_lookupRegisterAllowed();
185 
186  // auth mode selection
187  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
188  $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
189 
190  foreach ($reg_roles as $role)
191  {
192  foreach ($active_auth_modes as $auth_name => $auth_key)
193  {
194  // do not list auth modes with external login screen
195  // even not default, because it can easily be set to
196  // a non-working auth mode
197  if ($auth_name == "default" || $auth_name == "cas"
198  || $auth_name == "shibboleth" || $auth_name == 'ldap' || $auth_name == 'apache')
199  {
200  continue;
201  }
202 
203  $this->tpl->setCurrentBlock("auth_mode_selection");
204 
205  if ($auth_name == 'default')
206  {
207  $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
208  }
209  else
210  {
211  $name = $this->lng->txt('auth_'.$auth_name);
212  }
213 
214  $this->tpl->setVariable("AUTH_MODE_NAME", $name);
215 
216  $this->tpl->setVariable("AUTH_MODE", $auth_name);
217 
218  if ($role['auth_mode'] == $auth_name)
219  {
220  $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
221  }
222 
223  $this->tpl->parseCurrentBlock();
224  } // END auth_mode selection
225 
226  $this->tpl->setCurrentBlock("roles");
227  $this->tpl->setVariable("ROLE", $role['title']);
228  $this->tpl->setVariable("ROLE_ID", $role['id']);
229  $this->tpl->parseCurrentBlock();
230  }
231  }
232 
233 
240  public function loginInfoObject()
241  {
242  global $rbacsystem, $lng,$ilSetting;
243 
244  if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId()))
245  {
246  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
247  }
248 
249  $this->tabs_gui->setTabActive("authentication_settings");
250  $this->setSubTabs("authSettings");
251  $this->tabs_gui->setSubTabActive("auth_login_editor");
252 
253  $lng->loadLanguageModule("meta");
254 
255  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_login_messages.html");
256  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
257  $this->tpl->setVariable("TXT_HEADLINE", $this->lng->txt("login_information"));
258  $this->tpl->setVariable("TXT_DESCRIPTION", $this->lng->txt("login_information_desc"));
259  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
260  $this->initLoginForm();
261  $this->tpl->setVariable('LOGIN_INFO',$this->form->getHTML());
262  }
263 
264 
265  function cancelObject()
266  {
267  $this->ctrl->redirect($this, "authSettings");
268  }
269 
270  function setAuthModeObject()
271  {
272  global $rbacsystem,$ilSetting;
273 
274  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
275  {
276  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
277  }
278 
279  if (empty($_POST["auth_mode"]))
280  {
281  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
282  }
283 
284  if ($_POST["auth_mode"] == AUTH_DEFAULT)
285  {
286  ilUtil::sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
287  $this->ctrl->redirect($this,'authSettings');
288  }
289 
290  switch ($_POST["auth_mode"])
291  {
292  case AUTH_LDAP:
293 
294  /*
295  if ($this->object->checkAuthLDAP() !== true)
296  {
297  ilUtil::sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
298  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editLDAP", "", false, false)));
299  }
300  */
301  break;
302 
303  case AUTH_SHIB:
304  if ($this->object->checkAuthSHIB() !== true)
305  {
306  ilUtil::sendFailure($this->lng->txt("auth_shib_not_configured"),true);
307  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editSHIB", "", false, false)));
308  }
309  break;
310 
311  case AUTH_RADIUS:
312  if ($this->object->checkAuthRADIUS() !== true)
313  {
314  ilUtil::sendFailure($this->lng->txt("auth_radius_not_configured"),true);
315  $this->ctrl->redirect($this,'editRADIUS');
316  }
317  break;
318 
319  case AUTH_SCRIPT:
320  if ($this->object->checkAuthScript() !== true)
321  {
322  ilUtil::sendFailure($this->lng->txt("auth_script_not_configured"),true);
323  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editScript", "", false, false)));
324  }
325  break;
326  }
327 
328  $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
329 
330  ilUtil::sendSuccess($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
331  $this->ctrl->redirect($this,'authSettings');
332  }
333 
334 
340  function editSOAPObject()
341  {
342  global $rbacsystem, $rbacreview, $ilSetting, $ilCtrl, $lng;
343 
344  if (!$rbacsystem->checkAccess("read",$this->object->getRefId()))
345  {
346  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
347  }
348 
349  $this->tabs_gui->setTabActive('auth_soap');
350 
351  // get template
352  $stpl = new ilTemplate("tpl.auth_soap.html", true, true, "");
353 
354  //$this->getTemplateFile("soap");
355 
356  // get all settings
357  $settings = $ilSetting->getAll();
358 
359  // get values in error case
360  if ($_SESSION["error_post_vars"])
361  {
362  if ($_SESSION["error_post_vars"]["soap"]["active"] == "1")
363  {
364  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
365  }
366  if ($_SESSION["error_post_vars"]["soap"]["use_https"] == "1")
367  {
368  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
369  }
370  if ($_SESSION["error_post_vars"]["soap"]["create_users"] == "1")
371  {
372  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
373  }
374  if ($_SESSION["error_post_vars"]["soap"]["allow_local"] == "1")
375  {
376  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
377  }
378  if ($_SESSION["error_post_vars"]["soap"]["account_mail"] == "1")
379  {
380  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
381  }
382  if ($_SESSION["error_post_vars"]["soap"]["use_dotnet"] == "1")
383  {
384  $stpl->setVariable("CHK_USEDOTNET", "checked=\"checked\"");
385  }
386 
387  $stpl->setVariable("SOAP_SERVER", $_SESSION["error_post_vars"]["soap"]["server"]);
388  $stpl->setVariable("SOAP_PORT", $_SESSION["error_post_vars"]["soap"]["port"]);
389  $stpl->setVariable("SOAP_URI", $_SESSION["error_post_vars"]["soap"]["uri"]);
390  $stpl->setVariable("SOAP_NAMESPACE", $_SESSION["error_post_vars"]["soap"]["namespace"]);
391  $current_default_role = $_SESSION["error_post_vars"]["soap"]["user_default_role"];
392  }
393  else
394  {
395  if ($settings["soap_auth_active"] == "1")
396  {
397  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
398  }
399  if ($settings["soap_auth_use_https"] == "1")
400  {
401  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
402  }
403  if ($settings["soap_auth_create_users"] == "1")
404  {
405  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
406  }
407  if ($settings["soap_auth_allow_local"] == "1")
408  {
409  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
410  }
411  if ($settings["soap_auth_account_mail"] == "1")
412  {
413  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
414  }
415  if ($settings["soap_auth_use_dotnet"] == "1")
416  {
417  $stpl->setVariable("CHK_USE_DOTNET", "checked=\"checked\"");
418  }
419 
420  $stpl->setVariable("SOAP_SERVER", $settings["soap_auth_server"]);
421  $stpl->setVariable("SOAP_PORT", $settings["soap_auth_port"]);
422  $stpl->setVariable("SOAP_URI", $settings["soap_auth_uri"]);
423  $stpl->setVariable("SOAP_NAMESPACE", $settings["soap_auth_namespace"]);
424  $current_default_role = $settings["soap_auth_user_default_role"];
425  }
426 
427  // compose role list
428  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
429  if (!$current_default_role)
430  {
431  $current_default_role = 4;
432  }
433  $roles = array();
434  foreach ($role_list as $role)
435  {
436  $roles[$role['obj_id']] = $role['title'];
437  }
438  $selectElement = ilUtil::formSelect($current_default_role,
439  "soap[user_default_role]", $roles, false, true);
440 
441  $stpl->setVariable("SOAP_USER_DEFAULT_ROLE", $selectElement);
442  $stpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
443  $stpl->setVariable("COLSPAN", 3);
444  $stpl->setVariable("TXT_SOAP_TITLE", $this->lng->txt("auth_soap_auth"));
445  $stpl->setVariable("TXT_SOAP_DESC", $this->lng->txt("auth_soap_auth_desc"));
446  $stpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
447  $stpl->setVariable("TXT_SOAP_ACTIVE", $this->lng->txt("active"));
448  $stpl->setVariable("TXT_SOAP_SERVER", $this->lng->txt("server"));
449  $stpl->setVariable("TXT_SOAP_SERVER_DESC", $this->lng->txt("auth_soap_server_desc"));
450  $stpl->setVariable("TXT_SOAP_PORT", $this->lng->txt("port"));
451  $stpl->setVariable("TXT_SOAP_PORT_DESC", $this->lng->txt("auth_soap_port_desc"));
452  $stpl->setVariable("TXT_SOAP_URI", $this->lng->txt("uri"));
453  $stpl->setVariable("TXT_SOAP_URI_DESC", $this->lng->txt("auth_soap_uri_desc"));
454  $stpl->setVariable("TXT_SOAP_NAMESPACE", $this->lng->txt("auth_soap_namespace"));
455  $stpl->setVariable("TXT_SOAP_NAMESPACE_DESC", $this->lng->txt("auth_soap_namespace_desc"));
456  $stpl->setVariable("TXT_USE_DOTNET", $this->lng->txt("auth_soap_use_dotnet"));
457  $stpl->setVariable("TXT_USE_HTTPS", $this->lng->txt("auth_soap_use_https"));
458  $stpl->setVariable("TXT_CREATE_USERS", $this->lng->txt("auth_create_users"));
459  $stpl->setVariable("TXT_CREATE_USERS_DESC", $this->lng->txt("auth_soap_create_users_desc"));
460  $stpl->setVariable("TXT_ACCOUNT_MAIL", $this->lng->txt("user_send_new_account_mail"));
461  $stpl->setVariable("TXT_ACCOUNT_MAIL_DESC", $this->lng->txt("auth_new_account_mail_desc"));
462  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE", $this->lng->txt("auth_user_default_role"));
463  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE_DESC",
464  $this->lng->txt("auth_soap_user_default_role_desc"));
465  $stpl->setVariable("TXT_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
466  $stpl->setVariable("TXT_ALLOW_LOCAL_DESC", $this->lng->txt("auth_soap_allow_local_desc"));
467  $stpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
468  $stpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
469  $stpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
470  $stpl->setVariable("CMD_SUBMIT", "saveSOAP");
471 
472  // test form
473  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
474  $form = new ilPropertyFormGUI();
475  $form->setFormAction($ilCtrl->getFormAction($this));
476  $form->setTitle("Test Request");
477  $text_prop = new ilTextInputGUI("ext_uid", "ext_uid");
478  $form->addItem($text_prop);
479  $text_prop2 = new ilTextInputGUI("soap_pw", "soap_pw");
480  $form->addItem($text_prop2);
481  $cb = new ilCheckboxInputGUI("new_user", "new_user");
482  $form->addItem($cb);
483 
484  $form->addCommandButton("testSoapAuthConnection",
485  "Send");
486 
487  if ($ilCtrl->getCmd() == "testSoapAuthConnection")
488  {
489  include_once("./Services/SOAPAuth/classes/class.ilSOAPAuth.php");
490  $ret = "<br />".ilSOAPAuth::testConnection(
491  ilUtil::stripSlashes($_POST["ext_uid"]),
492  ilUtil::stripSlashes($_POST["soap_pw"]),
493  (boolean) $_POST["new_user"]
494  );
495  }
496 
497  $stpl->setVariable("TEST_FORM", $form->getHtml().$ret);
498  $this->tpl->setContent($stpl->get());
499  }
500 
501  function testSoapAuthConnectionObject()
502  {
503  $this->editSOAPObject();
504  }
505 
511  function saveSOAPObject()
512  {
513  global $ilUser, $ilSetting, $rbacsystem;
514 
515  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
516  {
517  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
518  }
519 
520  // validate required data
521  if (!$_POST["soap"]["server"])
522  {
523  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
524  }
525 
526  // validate port
527  if ($_POST["soap"]["server"] != "" && (preg_match("/^[0-9]{0,5}$/",$_POST["soap"]["port"])) == false)
528  {
529  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
530  }
531 
532  $ilSetting->set("soap_auth_server", $_POST["soap"]["server"]);
533  $ilSetting->set("soap_auth_port", $_POST["soap"]["port"]);
534  $ilSetting->set("soap_auth_active", $_POST["soap"]["active"]);
535  $ilSetting->set("soap_auth_uri", $_POST["soap"]["uri"]);
536  $ilSetting->set("soap_auth_namespace", $_POST["soap"]["namespace"]);
537  $ilSetting->set("soap_auth_create_users", $_POST["soap"]["create_users"]);
538  $ilSetting->set("soap_auth_allow_local", $_POST["soap"]["allow_local"]);
539  $ilSetting->set("soap_auth_account_mail", $_POST["soap"]["account_mail"]);
540  $ilSetting->set("soap_auth_use_https", $_POST["soap"]["use_https"]);
541  $ilSetting->set("soap_auth_use_dotnet", $_POST["soap"]["use_dotnet"]);
542  $ilSetting->set("soap_auth_user_default_role", $_POST["soap"]["user_default_role"]);
543  ilUtil::sendSuccess($this->lng->txt("auth_soap_settings_saved"),true);
544 
545  $this->ctrl->redirect($this,'editSOAP');
546  }
547 
553  function editScriptObject()
554  {
555  global $rbacsystem;
556 
557  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
558  {
559  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
560  }
561 
562  if ($_SESSION["error_post_vars"])
563  {
564  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
565  }
566  else
567  {
568  // set already saved data
569  $settings = $this->ilias->getAllSettings();
570 
571  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
572  }
573 
574  $this->tabs_gui->setTabActive('auth_script');
575 
576  $this->getTemplateFile("script");
577 
578  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
579  $this->tpl->setVariable("COLSPAN", 3);
580  $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
581  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
582  $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
583 
584  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
585  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
586  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
587  $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
588  }
589 
595  function saveScriptObject()
596  {
597  // validate required data
598  if (!$_POST["auth_script"]["name"])
599  {
600  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
601  }
602 
603  // validate script url
604  /*
605  if (( TODO ,$_POST["ldap"]["server"])) == false)
606  {
607  $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
608  }*/
609 
610  // TODO: check connection to server
611 
612  // all ok. save settings and activate auth by external script
613  $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
614  $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
615 
616  ilUtil::sendSuccess($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
617  $this->ctrl->redirect($this,'editScript');
618  }
619 
620 
627  function getAuthModeTitle()
628  {
629  switch ($this->ilias->getSetting("auth_mode"))
630  {
631  case AUTH_LOCAL:
632  return $this->lng->txt("auth_local");
633  break;
634 
635  case AUTH_LDAP:
636  return $this->lng->txt("auth_ldap");
637  break;
638 
639  case AUTH_SHIBBOLETH:
640  return $this->lng->txt("auth_shib");
641  break;
642 
643  case AUTH_RADIUS:
644  return $this->lng->txt("auth_radius");
645  break;
646 
647  case AUTH_SCRIPT:
648  return $this->lng->txt("auth_script");
649  break;
650 
651  case AUTH_APACHE:
652  return $this->lng->txt("auth_apache");
653  break;
654 
655  default:
656  return $this->lng->txt("unknown");
657  break;
658  }
659  }
660 
661  function updateAuthRolesObject()
662  {
663  global $rbacsystem;
664 
665  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
666  {
667  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
668  }
669 
670  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
671  ilObjRole::_updateAuthMode($_POST['Fobject']);
672 
673  ilUtil::sendSuccess($this->lng->txt("auth_mode_roles_changed"),true);
674  $this->ctrl->redirect($this,'authSettings');
675  }
676 
682  protected function initAuthModeDetermination()
683  {
684  if(is_object($this->form))
685  {
686  return true;
687  }
688  // Are there any authentication methods that support automatic determination ?
689 
690  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
691  $det = ilAuthModeDetermination::_getInstance();
692  if($det->getCountActiveAuthModes() <= 1)
693  {
694  return false;
695  }
696 
697  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
698  $this->form = new ilPropertyFormGUI();
699  $this->form->setFormAction($this->ctrl->getFormAction($this));
700  $this->form->setTableWidth('100%');
701  $this->form->setTitle($this->lng->txt('auth_auth_mode_determination'));
702  $this->form->addCommandButton('updateAuthModeDetermination',$this->lng->txt('save'));
703  $this->form->addCommandButton('authSettings',$this->lng->txt('cancel'));
704 
705  $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'),'kind');
706  $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
707  $kind->setValue($det->getKind());
708  $kind->setRequired(true);
709 
710  $option_user = new ilRadioOption($this->lng->txt('auth_by_user'),0);
711  $kind->addOption($option_user);
712 
713  $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'),1);
714 
715  include_once('Services/Authentication/classes/class.ilAuthUtils.php');
716 
717  $auth_sequenced = $det->getAuthModeSequence();
718  $counter = 1;
719  foreach($auth_sequenced as $auth_mode)
720  {
721  switch($auth_mode)
722  {
723  case AUTH_LDAP:
724  $text = $this->lng->txt('auth_ldap');
725  break;
726  case AUTH_RADIUS:
727  $text = $this->lng->txt('auth_radius');
728  break;
729  case AUTH_LOCAL:
730  $text = $this->lng->txt('auth_local');
731  break;
732  case AUTH_SOAP:
733  $text = $this->lng->txt('auth_soap');
734  break;
735  case AUTH_APACHE:
736  $text = $this->lng->txt('auth_apache');
737  break;
738  }
739 
740 
741  $pos = new ilTextInputGUI($text,'position['.$auth_mode.']');
742  $pos->setValue($counter++);
743  $pos->setSize(1);
744  $pos->setMaxLength(1);
745  $option_determination->addSubItem($pos);
746  }
747  $kind->addOption($option_determination);
748  $this->form->addItem($kind);
749  return true;
750  }
751 
758  public function updateAuthModeDeterminationObject()
759  {
760  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
761  $det = ilAuthModeDetermination::_getInstance();
762 
763  $det->setKind((int) $_POST['kind']);
764 
765  $pos = $_POST['position'] ? $_POST['position'] : array();
766  asort($pos,SORT_NUMERIC);
767 
768  $counter = 0;
769  foreach($pos as $auth_mode => $dummy)
770  {
771  $position[$counter++] = $auth_mode;
772  }
773  $det->setAuthModeSequence($position ? $position : array());
774  $det->save();
775 
776  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
777  $this->authSettingsObject();
778  }
779 
786  public function executeCommand()
787  {
788  global $ilAccess,$ilErr;
789 
790  $next_class = $this->ctrl->getNextClass($this);
791  $cmd = $this->ctrl->getCmd();
792  $this->prepareOutput();
793 
794 
795  if(!$ilAccess->checkAccess('read','',$this->object->getRefId()))
796  {
797  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
798  }
799 
800  switch($next_class)
801  {
802  case 'ilregistrationsettingsgui':
803 
804  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
805 
806  // Enable tabs
807  $this->tabs_gui->setTabActive('registration_settings');
808  $registration_gui =& new ilRegistrationSettingsGUI();
809  $this->ctrl->forwardCommand($registration_gui);
810  break;
811 
812  case 'ilpermissiongui':
813 
814  // Enable tabs
815  $this->tabs_gui->setTabActive('perm_settings');
816 
817  include_once("Services/AccessControl/classes/class.ilPermissionGUI.php");
818  $perm_gui =& new ilPermissionGUI($this);
819  $ret =& $this->ctrl->forwardCommand($perm_gui);
820  break;
821 
822  case 'illdapsettingsgui':
823 
824  // Enable Tabs
825  $this->tabs_gui->setTabActive('auth_ldap');
826 
827  include_once './Services/LDAP/classes/class.ilLDAPSettingsGUI.php';
828  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
829  $this->ctrl->forwardCommand($ldap_settings_gui);
830  break;
831 
832  case 'ilauthshibbolethsettingsgui':
833 
834  $this->tabs_gui->setTabActive('auth_shib');
835  include_once('./Services/AuthShibboleth/classes/class.ilAuthShibbolethSettingsGUI.php');
836  $shib_settings_gui = new ilAuthShibbolethSettingsGUI($this->object->getRefId());
837  $this->ctrl->forwardCommand($shib_settings_gui);
838  break;
839 
840  case 'ilcassettingsgui':
841 
842  $this->tabs_gui->setTabActive('auth_cas');
843  include_once './Services/CAS/classes/class.ilCASSettingsGUI.php';
844  $cas_settings = new ilCASSettingsGUI($this->object->getRefId());
845  $this->ctrl->forwardCommand($cas_settings);
846  break;
847 
848  case 'ilradiussettingsgui':
849 
850  $this->tabs_gui->setTabActive('auth_radius');
851  include_once './Services/Radius/classes/class.ilRadiusSettingsGUI.php';
852  $radius_settings_gui = new ilRadiusSettingsGUI($this->object->getRefId());
853  $this->ctrl->forwardCommand($radius_settings_gui);
854  break;
855 
856  case 'ilopenidsettingsgui':
857 
858  $this->tabs_gui->setTabActive('auth_openid');
859 
860  include_once './Services/OpenId/classes/class.ilOpenIdSettingsGUI.php';
861  $os = new ilOpenIdSettingsGUI($this->object->getRefId());
862  $this->ctrl->forwardCommand($os);
863  break;
864 
865  case 'ilauthloginpageeditorgui':
866 
867  $this->setSubTabs("authSettings");
868  $this->tabs_gui->setTabActive('authentication_settings');
869  $this->tabs_gui->setSubTabActive("auth_login_editor");
870 
871  include_once './Services/Authentication/classes/class.ilAuthLoginPageEditorGUI.php';
872  $lpe = new ilAuthLoginPageEditorGUI($this->object->getRefId());
873  $this->ctrl->forwardCommand($lpe);
874  break;
875 
876  default:
877  if(!$cmd)
878  {
879  $cmd = "authSettings";
880  }
881  $cmd .= "Object";
882  $this->$cmd();
883 
884  break;
885  }
886  return true;
887  }
888 
889  function getAdminTabs(&$tabs_gui)
890  {
891  $this->getTabs($tabs_gui);
892  }
893 
899  function getTabs(&$tabs_gui)
900  {
901  global $rbacsystem;
902 
903  $this->ctrl->setParameter($this,"ref_id",$this->object->getRefId());
904 
905  if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
906  {
907 
908  $tabs_gui->addTarget('registration_settings',
909  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui','view'));
910 
911  $tabs_gui->addTarget("authentication_settings", $this->ctrl->getLinkTarget($this, "authSettings"),
912  "", "", "");
913 
914  $tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTargetByClass('illdapsettingsgui','serverList'),
915  "", "", "");
916 
917 
918  #$tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
919  # "", "", "");
920 
921  $tabs_gui->addTarget('auth_shib',$this->ctrl->getLinkTargetByClass('ilauthshibbolethsettingsgui','settings'));
922 
923  $tabs_gui->addTarget(
924  'auth_cas',
925  $this->ctrl->getLinkTargetByClass('ilcassettingsgui','settings')
926  );
927 
928  $tabs_gui->addTarget("auth_radius", $this->ctrl->getLinkTargetByClass('ilradiussettingsgui', "settings"),
929  "", "", "");
930 
931  $tabs_gui->addTarget("auth_soap", $this->ctrl->getLinkTarget($this, "editSOAP"),
932  "", "", "");
933 
934  $tabs_gui->addTarget(
935  'auth_openid',
936  $this->ctrl->getLinkTargetByClass('ilopenidsettingsgui','settings'),
937  '',
938  '',
939  ''
940  );
941 
942  $tabs_gui->addTarget("apache_auth_settings", $this->ctrl->getLinkTarget($this,'apacheAuthSettings'),
943  "", "", "");
944  }
945 
946  if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
947  {
948  $tabs_gui->addTarget("perm_settings",
949  $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"),
950  array("perm","info","owner"), 'ilpermissiongui');
951  }
952  }
953 
957  function setSubTabs($a_tab)
958  {
959  global $rbacsystem,$ilUser,$ilAccess;
960 
961  $GLOBALS['lng']->loadLanguageModule('auth');
962 
963  switch ($a_tab)
964  {
965  case 'authSettings':
966  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
967  {
968  $this->tabs_gui->addSubTabTarget("auth_settings",
969  $this->ctrl->getLinkTarget($this,'authSettings'),
970  "");
971  }
972  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
973  {
974  $this->tabs_gui->addSubTabTarget(
975  'auth_login_editor',
976  $this->ctrl->getLinkTargetByClass('ilauthloginpageeditorgui',''),
977  ''
978  );
979  }
980  break;
981  }
982  }
983 
984 
985  public function apacheAuthSettingsObject($form = false)
986  {
987  global $ilDB, $tpl;
988 
989  $this->tabs_gui->setTabActive("apache_auth_settings");
990  //$this->setSubTabs("authSettings");
991  //$this->tabs_gui->setSubTabActive("apache_auth_settings");
992  if (!$form)
993  {
994  $form = $this->getApacheAuthSettingsForm();
995 
996  $settings = new ilSetting('apache_auth');
997  $settingsMap = $settings->getAll();
998 
999  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
1000  if (file_exists($path) && is_readable($path)) {
1001  $settingsMap['apache_auth_domains'] = file_get_contents($path);
1002  }
1003 
1004  $form->setValuesByArray($settingsMap);
1005  }
1006  $tpl->setVariable('ADM_CONTENT', $form->getHtml());
1007  }
1008 
1009  public function saveApacheSettingsObject()
1010  {
1011  global $ilCtrl;
1012  $form = $this->getApacheAuthSettingsForm();
1013  $form->setValuesByPost();
1014  /*$items = $form->getItems();
1015  foreach($items as $item)
1016  $item->validate();*/
1017  if ($form->checkInput())
1018  {
1019  $settings = new ilSetting('apache_auth');
1020  $fields = array
1021  (
1022  'apache_auth_indicator_name', 'apache_auth_indicator_value',
1023  'apache_enable_auth', 'apache_enable_local', 'apache_local_autocreate',
1024  'apache_enable_ldap', 'apache_auth_username_config_type',
1025  'apache_auth_username_direct_mapping_fieldname',
1026  'apache_default_role', 'apache_auth_target_override_login_page',
1027  'apache_auth_enable_override_login_page',
1028  'apache_auth_authenticate_on_login_page'
1029 // 'apache_auth_username_by_function_functionname',
1030  );
1031 
1032  foreach($fields as $field)
1033  $settings->set($field, $form->getInput($field));
1034 
1035  if ($form->getInput('apache_enable_auth'))
1036  $this->ilias->setSetting('apache_active', true);
1037  else {
1038  $this->ilias->setSetting('apache_active', false);
1039  global $ilSetting;
1040  if ($ilSetting->get("auth_mode") == AUTH_APACHE) {
1041  $ilSetting->set("auth_mode", AUTH_LOCAL);
1042  }
1043  }
1044 
1045  $allowedDomains = $this->validateApacheAuthAllowedDomains($form->getInput('apache_auth_domains'));
1046  file_put_contents(ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt', $allowedDomains);
1047 
1048  ilUtil::sendSuccess($this->lng->txt('apache_settings_changed_success'), true);
1049  $this->ctrl->redirect($this, 'apacheAuthSettings');
1050  }
1051  else
1052  {
1053  $this->apacheAuthSettingsObject($form);
1054  }
1055  }
1056 
1057  public function getApacheAuthSettingsForm()
1058  {
1059  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1060 
1061  $form = new ilPropertyFormGUI();
1062  $form->setFormAction($this->ctrl->getFormAction($this));
1063  $form->setTitle($this->lng->txt('apache_settings'));
1064 
1065  $chb_enabled = new ilCheckboxInputGUI($this->lng->txt('apache_enable_auth'), 'apache_enable_auth');
1066  $form->addItem($chb_enabled);
1067 
1068  $chb_local_create_account = new ilCheckboxInputGUI($this->lng->txt('apache_autocreate'), 'apache_local_autocreate');
1069  $chb_enabled->addSubitem($chb_local_create_account);
1070 
1071  global $rbacreview;
1072  $roles = $rbacreview->getGlobalRolesArray();
1073  $select = new ilSelectInputGUI($this->lng->txt('apache_default_role'), 'apache_default_role');
1074  $roleOptions = array();
1075  foreach($roles as $role) {
1076  $roleOptions[$role['obj_id']] = ilObject::_lookupTitle($role['obj_id']);
1077  }
1078  $select->setOptions($roleOptions);
1079  $select->setValue(4);
1080 
1081  $chb_local_create_account->addSubitem($select);
1082 
1083  $chb_local = new ilCheckboxInputGUI($this->lng->txt('apache_enable_local'), 'apache_enable_local');
1084  $form->addItem($chb_local);
1085 /*
1086  $chb_ldap = new ilCheckboxInputGUI($this->lng->txt('apache_enable_ldap'), 'apache_enable_ldap');
1087  $chb_ldap->setInfo($this->lng->txt('apache_ldap_hint_ldap_must_be_configured'));
1088  $form->addItem($chb_ldap);
1089 */
1090  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_name'), 'apache_auth_indicator_name');
1091  $txt->setRequired(true);
1092  $form->addItem($txt);
1093 
1094  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_value'), 'apache_auth_indicator_value');
1095  $txt->setRequired(true);
1096  $form->addItem($txt);
1097 
1098 
1099  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_enable_override_login'), 'apache_auth_enable_override_login_page');
1100  $form->addItem($chb);
1101 
1102  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_target_override_login'), 'apache_auth_target_override_login_page');
1103  $txt->setRequired(true);
1104  $chb->addSubItem($txt);
1105 
1106  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_authenticate_on_login_page'), 'apache_auth_authenticate_on_login_page');
1107  $form->addItem($chb);
1108 
1109  $sec = new ilFormSectionHeaderGUI();
1110  $sec->setTitle($this->lng->txt('apache_auth_username_config'));
1111  $form->addItem($sec);
1112 
1113  $rag = new ilRadioGroupInputGUI($this->lng->txt('apache_auth_username_config_type'), 'apache_auth_username_config_type');
1114  $form->addItem($rag);
1115 
1116  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_direct_mapping'), 1);
1117  $rag->addOption($rao);
1118 
1119  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_direct_mapping_fieldname'), 'apache_auth_username_direct_mapping_fieldname');
1120  //$txt->setRequired(true);
1121  $rao->addSubItem($txt);
1122 
1123  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_extended_mapping'), 2);
1124  $rao->setDisabled(true);
1125  $rag->addOption($rao);
1126 
1127  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_by_function'), 3);
1128  $rag->addOption($rao);
1129 
1130 /* $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_by_function_functionname'), 'apache_auth_username_by_function_functionname');
1131  $rao->addSubItem($txt);*/
1132 
1133  $sec = new ilFormSectionHeaderGUI();
1134  $sec->setTitle($this->lng->txt('apache_auth_security'));
1135  $form->addItem($sec);
1136 
1137  $txt = new ilTextAreaInputGUI($this->lng->txt('apache_auth_domains'), 'apache_auth_domains');
1138  $txt->setInfo($this->lng->txt('apache_auth_domains_description'));
1139 
1140  $form->addItem($txt);
1141 
1142  $form->addCommandButton('saveApacheSettings',$this->lng->txt('save'));
1143  $form->addCommandButton('cancel',$this->lng->txt('cancel'));
1144 
1145  return $form;
1146  }
1147 
1148  private function validateApacheAuthAllowedDomains($text) {
1149  return join("\n", preg_split("/[\r\n]+/", $text));
1150  }
1151 
1152 } // END class.ilObjAuthSettingsGUI
1153 ?>