ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthBase.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 abstract class ilAuthBase
34 {
35  // Used for SOAP Auth
36  // TODO: Find another solution
37  protected $sub_status = null;
38 
39  protected $exceeded_user_name;
40 
46  public function supportsRedirects()
47  {
48  return true;
49  }
50 
55  public final function getContainer()
56  {
57  return $this->storage;
58  }
59 
65  protected final function initAuth()
66  {
67  ilSessionControl::initSession();
68 
69  $this->enableLogging = false;
70  //$this->enableLogging = false;
71 
72  if ($this->enableLogging)
73  {
74  $GLOBALS['ilLog']->write(__METHOD__.': Init callbacks');
75  }
76  $this->setLoginCallback(array($this,'loginObserver'));
77  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
78  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
79  $this->setLogoutCallback(array($this,'logoutObserver'));
80 
81  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
82  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
83 
84  }
85 
92  protected function loginObserver($a_username,$a_auth)
93  {
94  global $ilLog, $ilAppEventHandler, $ilSetting;
95 
96  if($this->getContainer()->loginObserver($a_username,$a_auth))
97  {
98  // validate user
99  include_once "Services/User/classes/class.ilObjUser.php";
100  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
101  if($user_id != ANONYMOUS_USER_ID)
102  {
103  $user = new ilObjUser($user_id);
104 
105  // check if profile is complete
106  include_once "Services/User/classes/class.ilUserProfile.php";
107  if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
108  {
109  $user->setProfileIncomplete(true);
110  $user->update();
111  }
112 
113  // --- extended user validation
114  //
115  // we only have a single status, so abort after each one
116  // order from highest priority to lowest
117 
118  // active?
119  if(!$user->getActive())
120  {
121  $this->status = AUTH_USER_INACTIVE;
122  $a_auth->logout();
123  return;
124  }
125 
126  // time limit
127  if(!$user->checkTimeLimit())
128  {
129  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
130  // #16327
131  $this->exceeded_user_name = $this->getUserName();
132  $a_auth->logout();
133  return;
134  }
135 
136  // check client ip
137  $clientip = $user->getClientIP();
138  if (trim($clientip) != "")
139  {
140  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
141  $clientip = str_replace(".","\\.",$clientip);
142  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
143  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
144  {
145  $this->status = AUTH_USER_WRONG_IP;
146  $a_auth->logout();
147  return;
148  }
149  }
150 
151  // simultaneous login
152  if($ilSetting->get('ps_prevent_simultaneous_logins') &&
153  ilObjUser::hasActiveSession($user_id))
154  {
155  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
156  $a_auth->logout();
157  return;
158  }
159 
160  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
161  ilOnlineTracking::addUser($user_id);
162 
163  include_once 'Modules/Forum/classes/class.ilObjForum.php';
164  ilObjForum::_updateOldAccess($user_id);
165 
166  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
167  $security_settings = ilSecuritySettings::_getInstance();
168 
169  // determine first login of user for setting an indicator
170  // which still is available in PersonalDesktop, Repository, ...
171  // (last login date is set to current date in next step)
172  if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
173  $user->getLastLogin() == null
174  )
175  {
176  $user->resetLastPasswordChange();
177  }
178 
179  $user->refreshLogin();
180 
181  // reset counter for failed logins
182  ilObjUser::_resetLoginAttempts($user_id);
183  }
184 
185  // --- anonymous/registered user
186 
187  $ilLog->write(
188  __METHOD__ . ': logged in as ' . $a_auth->getUsername() .
189  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
190  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
191  );
192 
193  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
194 
195  $ilAppEventHandler->raise(
196  'Services/Authentication', 'afterLogin',
197  array('username' => $a_auth->getUsername())
198  );
199  }
200  }
201 
208  protected function failedLoginObserver($a_username, $a_auth)
209  {
210  global $ilLog;
211 
212  $ilLog->write(__METHOD__.': login failed for user '.$a_username.
213  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
214  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
215  );
216 
217  if($a_username)
218  {
219  $usr_id = ilObjUser::_lookupId($a_username);
220  if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
221  {
222  ilObjUser::_incrementLoginAttempts($usr_id);
223  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
224 
225  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
226  $security = ilSecuritySettings::_getInstance();
227  $max_attempts = $security->getLoginMaxAttempts();
228 
229  if((int)$max_attempts && $login_attempts >= $max_attempts)
230  {
231  ilObjUser::_setUserInactive($usr_id);
232  }
233  }
234  }
235 
236  return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
237  }
238 
245  protected function checkAuthObserver($a_username,$a_auth)
246  {
247  #$GLOBALS['ilLog']->write(__METHOD__.': Check auth observer called');
248  return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
249  }
250 
257  protected function logoutObserver($a_username,$a_auth)
258  {
259  global $ilLog;
260 
261  $ilLog->write(__METHOD__.': Logout observer called');
262 
263  ilSessionControl::handleLogoutEvent();
264 
265  return $this->getContainer()->logoutObserver($a_username,$a_auth);
266  }
267 
268  public function getExceededUserName()
269  {
270  return $this->exceeded_user_name;
271  }
272 }
273 ?>