ILIAS  Release_4_4_x_branch Revision 61816
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
17 require_once "./Services/Object/classes/class.ilObjectGUI.php";
18 
19 class ilObjAuthSettingsGUI extends ilObjectGUI
20 {
25  function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
26  {
27  $this->type = "auth";
28  $this->ilObjectGUI($a_data, $a_id, $a_call_by_reference, $a_prepare_output);
29 
30  $this->lng->loadLanguageModule('registration');
31 
32  define('LDAP_DEFAULT_PORT',389);
33  define('RADIUS_DEFAULT_PORT',1812);
34 
35  }
36 
37 
38 
39  function viewObject()
40  {
41  return $this->authSettingsObject();
42  }
43 
44 
50  function authSettingsObject()
51  {
52  global $rbacsystem, $ilSetting;
53 
54  if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
55  {
56  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
57  }
58 
59  $this->tabs_gui->setTabActive('authentication_settings');
60  $this->setSubTabs('authSettings');
61  $this->tabs_gui->setSubTabActive("auth_settings");
62 
63  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_general.html",
64  "Services/Authentication");
65 
66  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
67  $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
68 
69  $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
70  $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
71  $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
72  $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
73 
74  $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
75  $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
76  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
77 
78  $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
79 
80  $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
81  $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
82 
83  $this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
84 
85  $auth_cnt = ilObjUser::_getNumberOfUsersPerAuthMode();
86  $auth_modes = ilAuthUtils::_getAllAuthModes();
87 
88  foreach($auth_modes as $mode => $mode_name)
89  {
90 //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
91  if ($ilSetting->get('auth_mode') == $mode)
92  {
93  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
94  ((int) $auth_cnt[$mode_name] + $auth_cnt["default"])." (".$this->lng->txt("auth_per_default").
95  ": ".$auth_cnt["default"].")");
96  }
97  else
98  {
99  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
100  (int) $auth_cnt[$mode_name]);
101  }
102  }
103 
104  $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
105  $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
106  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
107  $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
108 
109  // local vars
110  $checked = "checked=\"checked\"";
111  $disabled = "disabled=\"disabled\"";
112  $style_disabled = "_disabled";
113 
114  // icon handlers
115  $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.png")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
116  $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.png")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
117 
118  $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
119 
120  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
121  $this->tpl->setVariable('AUTH_LDAP_ACTIVE',count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
122  #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
123  $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
124  $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
125  $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
126  $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
127  $this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
128 
129  // alter style and disable buttons depending on current selection
130  switch ($this->ilias->getSetting('auth_mode'))
131  {
132  case AUTH_LOCAL: // default
133  $this->tpl->setVariable("CHK_LOCAL", $checked);
134  break;
135 
136  case AUTH_LDAP: // LDAP
137  $this->tpl->setVariable("CHK_LDAP", $checked);
138  break;
139 
140  case AUTH_SHIBBOLETH: // SHIB
141  $this->tpl->setVariable("CHK_SHIB", $checked);
142  break;
143 
144  case AUTH_RADIUS: // RADIUS
145  $this->tpl->setVariable("CHK_RADIUS", $checked);
146  break;
147 
148  case AUTH_CAS: // CAS
149  $this->tpl->setVariable("CHK_CAS", $checked);
150  break;
151 
152  case AUTH_SCRIPT: // script
153  $this->tpl->setVariable("CHK_SCRIPT", $checked);
154  break;
155 
156  case AUTH_APACHE: // apache
157  $this->tpl->setVariable("CHK_APACHE", $checked);
158  break;
159  }
160 
161  // auth mode determinitation
162  if($this->initAuthModeDetermination())
163  {
164  $this->tpl->setVariable('TABLE_AUTH_DETERMINATION',$this->form->getHTML());
165  }
166 
167  // roles table
168  $this->tpl->setVariable("FORMACTION_ROLES",
169  $this->ctrl->getFormAction($this));
170  $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
171  $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
172  $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
173  $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
174 
175  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
176  $reg_roles = ilObjRole::_lookupRegisterAllowed();
177 
178  // auth mode selection
179  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
180  $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
181 
182  foreach ($reg_roles as $role)
183  {
184  foreach ($active_auth_modes as $auth_name => $auth_key)
185  {
186  // do not list auth modes with external login screen
187  // even not default, because it can easily be set to
188  // a non-working auth mode
189  if ($auth_name == "default" || $auth_name == "cas"
190  || $auth_name == "shibboleth" || $auth_name == 'ldap'
191  || $auth_name == 'apache' || $auth_name == "ecs"
192  || $auth_name == "openid")
193  {
194  continue;
195  }
196 
197  $this->tpl->setCurrentBlock("auth_mode_selection");
198 
199  if ($auth_name == 'default')
200  {
201  $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
202  }
203  else
204  {
205  $name = $this->lng->txt('auth_'.$auth_name);
206  }
207 
208  $this->tpl->setVariable("AUTH_MODE_NAME", $name);
209 
210  $this->tpl->setVariable("AUTH_MODE", $auth_name);
211 
212  if ($role['auth_mode'] == $auth_name)
213  {
214  $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
215  }
216 
217  $this->tpl->parseCurrentBlock();
218  } // END auth_mode selection
219 
220  $this->tpl->setCurrentBlock("roles");
221  $this->tpl->setVariable("ROLE", $role['title']);
222  $this->tpl->setVariable("ROLE_ID", $role['id']);
223  $this->tpl->parseCurrentBlock();
224  }
225  }
226 
227 
234  public function loginInfoObject()
235  {
236  global $rbacsystem, $lng,$ilSetting;
237 
238  if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId()))
239  {
240  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
241  }
242 
243  $this->tabs_gui->setTabActive("authentication_settings");
244  $this->setSubTabs("authSettings");
245  $this->tabs_gui->setSubTabActive("auth_login_editor");
246 
247  $lng->loadLanguageModule("meta");
248 
249  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_login_messages.html",
250  "Services/Authentication");
251  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
252  $this->tpl->setVariable("TXT_HEADLINE", $this->lng->txt("login_information"));
253  $this->tpl->setVariable("TXT_DESCRIPTION", $this->lng->txt("login_information_desc"));
254  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
255  $this->initLoginForm();
256  $this->tpl->setVariable('LOGIN_INFO',$this->form->getHTML());
257  }
258 
259 
260  function cancelObject()
261  {
262  $this->ctrl->redirect($this, "authSettings");
263  }
264 
265  function setAuthModeObject()
266  {
267  global $rbacsystem,$ilSetting;
268 
269  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
270  {
271  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
272  }
273 
274  if (empty($_POST["auth_mode"]))
275  {
276  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
277  }
278 
279  if ($_POST["auth_mode"] == AUTH_DEFAULT)
280  {
281  ilUtil::sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
282  $this->ctrl->redirect($this,'authSettings');
283  }
284 
285  switch ($_POST["auth_mode"])
286  {
287  case AUTH_LDAP:
288 
289  /*
290  if ($this->object->checkAuthLDAP() !== true)
291  {
292  ilUtil::sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
293  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editLDAP", "", false, false)));
294  }
295  */
296  break;
297 
298  case AUTH_SHIB:
299  if ($this->object->checkAuthSHIB() !== true)
300  {
301  ilUtil::sendFailure($this->lng->txt("auth_shib_not_configured"),true);
302  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editSHIB", "", false, false)));
303  }
304  break;
305 
306  case AUTH_RADIUS:
307  if ($this->object->checkAuthRADIUS() !== true)
308  {
309  ilUtil::sendFailure($this->lng->txt("auth_radius_not_configured"),true);
310  $this->ctrl->redirect($this,'editRADIUS');
311  }
312  break;
313 
314  case AUTH_SCRIPT:
315  if ($this->object->checkAuthScript() !== true)
316  {
317  ilUtil::sendFailure($this->lng->txt("auth_script_not_configured"),true);
318  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editScript", "", false, false)));
319  }
320  break;
321  }
322 
323  $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
324 
325  ilUtil::sendSuccess($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
326  $this->ctrl->redirect($this,'authSettings');
327  }
328 
334  function editSOAPObject()
335  {
336  global $rbacsystem, $rbacreview, $ilSetting, $ilCtrl, $lng;
337 
338  if (!$rbacsystem->checkAccess("read",$this->object->getRefId()))
339  {
340  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
341  }
342 
343  $this->tabs_gui->setTabActive('auth_soap');
344 
345  //set Template
346  $this->tpl->addBlockFile('ADM_CONTENT','adm_content','tpl.auth_soap.html','Services/Authentication');
347 
348  // compose role list
349  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
350  $roles = array();
351 
352  foreach ($role_list as $role)
353  {
354  $roles[$role['obj_id']] = $role['title'];
355  }
356 
357  //set property form gui
358  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
359 
360  $soap_config = new ilPropertyFormGUI();
361  $soap_config->setTitle($this->lng->txt("auth_soap_auth"));
362  $soap_config->setDescription($this->lng->txt("auth_soap_auth_desc"));
363  $soap_config->setFormAction($this->ctrl->getFormAction($this, "editSOAP"));
364  $soap_config->addCommandButton("saveSOAP", $this->lng->txt("save"));
365  $soap_config->addCommandButton("editSOAP", $this->lng->txt("cancel"));
366 
367  //set activ
368  $active = new ilCheckboxInputGUI();
369  $active->setTitle($this->lng->txt("active"));
370  $active->setPostVar("soap[active]");
371 
372  //set server
373  $server = new ilTextInputGUI();
374  $server->setTitle($this->lng->txt("server"));
375  $server->setInfo($this->lng->txt("auth_soap_server_desc"));
376  $server->setPostVar("soap[server]");
377  $server->setSize(50);
378  $server->setMaxLength(256);
379  $server->setRequired(true);
380 
381  //set port
382  $port = new ilTextInputGUI();
383  $port->setTitle($this->lng->txt("port"));
384  $port->setInfo($this->lng->txt("auth_soap_port_desc"));
385  $port->setPostVar("soap[port]");
386  $port->setSize(7);
387  $port->setMaxLength(5);
388 
389  //set https
390  $https = new ilCheckboxInputGUI();
391  $https->setTitle($this->lng->txt("auth_soap_use_https"));
392  $https->setPostVar("soap[use_https]");
393 
394  //set uri
395  $uri = new ilTextInputGUI();
396  $uri->setTitle($this->lng->txt("uri"));
397  $uri->setInfo($this->lng->txt("auth_soap_uri_desc"));
398  $uri->setPostVar("soap[uri]");
399  $uri->setSize(50);
400  $uri->setMaxLength(256);
401 
402  //set namespace
403  $namespace = new ilTextInputGUI();
404  $namespace->setTitle($this->lng->txt("auth_soap_namespace"));
405  $namespace->setInfo($this->lng->txt("auth_soap_namespace_desc"));
406  $namespace->setPostVar("soap[namespace]");
407  $namespace->setSize(50);
408  $namespace->setMaxLength(256);
409 
410  //set dotnet
411  $dotnet = new ilCheckboxInputGUI();
412  $dotnet->setTitle($this->lng->txt("auth_soap_use_dotnet"));
413  $dotnet->setPostVar("soap[use_dotnet]");
414 
415  //set create users
416  $createuser = new ilCheckboxInputGUI();
417  $createuser->setTitle($this->lng->txt("auth_create_users"));
418  $createuser->setInfo($this->lng->txt("auth_soap_create_users_desc"));
419  $createuser->setPostVar("soap[create_users]");
420 
421  //set account mail
422  $sendmail = new ilCheckboxInputGUI();
423  $sendmail->setTitle($this->lng->txt("user_send_new_account_mail"));
424  $sendmail->setInfo($this->lng->txt("auth_new_account_mail_desc"));
425  $sendmail->setPostVar("soap[account_mail]");
426 
427  //set user default role
428  $defaultrole = new ilSelectInputGUI();
429  $defaultrole->setTitle($this->lng->txt("auth_user_default_role"));
430  $defaultrole->setInfo($this->lng->txt("auth_soap_user_default_role_desc"));
431  $defaultrole->setPostVar("soap[user_default_role]");
432  $defaultrole->setOptions($roles);
433 
434  //set allow local authentication
435  $allowlocal = new ilCheckboxInputGUI();
436  $allowlocal->setTitle($this->lng->txt("auth_allow_local"));
437  $allowlocal->setInfo($this->lng->txt("auth_soap_allow_local_desc"));
438  $allowlocal->setPostVar("soap[allow_local]");
439 
440  // get all settings
441  $settings = $ilSetting->getAll();
442 
443  // get values in error case
444  if ($_SESSION["error_post_vars"])
445  {
446  $active ->setChecked($_SESSION["error_post_vars"]["soap"]["active"]);
447  $server ->setValue($_SESSION["error_post_vars"]["soap"]["server"]);
448  $port ->setValue($_SESSION["error_post_vars"]["soap"]["port"]);
449  $https ->setChecked($_SESSION["error_post_vars"]["soap"]["use_https"]);
450  $uri ->setValue($_SESSION["error_post_vars"]["soap"]["uri"]);
451  $namespace ->setValue($_SESSION["error_post_vars"]["soap"]["namespace"]);
452  $dotnet ->setChecked($_SESSION["error_post_vars"]["soap"]["use_dotnet"]);
453  $createuser ->setChecked($_SESSION["error_post_vars"]["soap"]["create_users"]);
454  $allowlocal ->setChecked($_SESSION["error_post_vars"]["soap"]["allow_local"]);
455  $defaultrole->setValue($_SESSION["error_post_vars"]["soap"]["user_default_role"]);
456  $sendmail ->setChecked($_SESSION["error_post_vars"]["soap"]["account_mail"]);
457  }
458  else
459  {
460  $active ->setChecked($settings["soap_auth_active"]);
461  $server ->setValue($settings["soap_auth_server"]);
462  $port ->setValue($settings["soap_auth_port"]);
463  $https ->setChecked($settings["soap_auth_use_https"]);
464  $uri ->setValue($settings["soap_auth_uri"]);
465  $namespace ->setValue($settings["soap_auth_namespace"]);
466  $dotnet ->setChecked($settings["soap_auth_use_dotnet"]);
467  $createuser ->setChecked($settings["soap_auth_create_users"]);
468  $allowlocal ->setChecked($settings["soap_auth_allow_local"]);
469  $defaultrole->setValue($settings["soap_auth_user_default_role"]);
470  $sendmail ->setChecked($settings["soap_auth_account_mail"]);
471  }
472 
473  if (!$defaultrole->getValue())
474  {
475  $defaultrole->setValue(4);
476  }
477 
478  //add Items to property gui
479  $soap_config->addItem($active);
480  $soap_config->addItem($server);
481  $soap_config->addItem($port);
482  $soap_config->addItem($https);
483  $soap_config->addItem($uri);
484  $soap_config->addItem($namespace);
485  $soap_config->addItem($dotnet);
486  $soap_config->addItem($createuser);
487  $soap_config->addItem($sendmail);
488  $soap_config->addItem($defaultrole);
489  $soap_config->addItem($allowlocal);
490 
491  $this->tpl->setVariable("CONFIG_FORM", $soap_config->getHTML());
492 
493  // test form
494  $form = new ilPropertyFormGUI();
495  $form->setFormAction($ilCtrl->getFormAction($this));
496  $form->setTitle("Test Request");
497  $text_prop = new ilTextInputGUI("ext_uid", "ext_uid");
498  $form->addItem($text_prop);
499  $text_prop2 = new ilTextInputGUI("soap_pw", "soap_pw");
500  $form->addItem($text_prop2);
501  $cb = new ilCheckboxInputGUI("new_user", "new_user");
502  $form->addItem($cb);
503 
504  $form->addCommandButton("testSoapAuthConnection",
505  "Send");
506 
507  if ($ilCtrl->getCmd() == "testSoapAuthConnection")
508  {
509  include_once("./Services/SOAPAuth/classes/class.ilSOAPAuth.php");
510  $ret = "<br />".ilSOAPAuth::testConnection(
511  ilUtil::stripSlashes($_POST["ext_uid"]),
512  ilUtil::stripSlashes($_POST["soap_pw"]),
513  (boolean) $_POST["new_user"]
514  );
515  }
516  $this->tpl->setVariable("TEST_FORM", $form->getHTML().$ret);
517  }
518 
519  function testSoapAuthConnectionObject()
520  {
521  $this->editSOAPObject();
522  }
523 
529  function saveSOAPObject()
530  {
531  global $ilUser, $ilSetting, $rbacsystem;
532 
533  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
534  {
535  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
536  }
537 
538  // validate required data
539  if (!$_POST["soap"]["server"])
540  {
541  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
542  }
543 
544  // validate port
545  if ($_POST["soap"]["server"] != "" && (preg_match("/^[0-9]{0,5}$/",$_POST["soap"]["port"])) == false)
546  {
547  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
548  }
549 
550  $ilSetting->set("soap_auth_server", $_POST["soap"]["server"]);
551  $ilSetting->set("soap_auth_port", $_POST["soap"]["port"]);
552  $ilSetting->set("soap_auth_active", $_POST["soap"]["active"]);
553  $ilSetting->set("soap_auth_uri", $_POST["soap"]["uri"]);
554  $ilSetting->set("soap_auth_namespace", $_POST["soap"]["namespace"]);
555  $ilSetting->set("soap_auth_create_users", $_POST["soap"]["create_users"]);
556  $ilSetting->set("soap_auth_allow_local", $_POST["soap"]["allow_local"]);
557  $ilSetting->set("soap_auth_account_mail", $_POST["soap"]["account_mail"]);
558  $ilSetting->set("soap_auth_use_https", $_POST["soap"]["use_https"]);
559  $ilSetting->set("soap_auth_use_dotnet", $_POST["soap"]["use_dotnet"]);
560  $ilSetting->set("soap_auth_user_default_role", $_POST["soap"]["user_default_role"]);
561  ilUtil::sendSuccess($this->lng->txt("auth_soap_settings_saved"),true);
562 
563  $this->ctrl->redirect($this,'editSOAP');
564  }
565 
571  function editScriptObject()
572  {
573  global $rbacsystem;
574 
575  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
576  {
577  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
578  }
579 
580  if ($_SESSION["error_post_vars"])
581  {
582  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
583  }
584  else
585  {
586  // set already saved data
587  $settings = $this->ilias->getAllSettings();
588 
589  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
590  }
591 
592  $this->tabs_gui->setTabActive('auth_script');
593 
594  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_script.html",
595  "Services/Authentication");
596 
597  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
598  $this->tpl->setVariable("COLSPAN", 3);
599  $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
600  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
601  $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
602 
603  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
604  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
605  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
606  $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
607  }
608 
614  function saveScriptObject()
615  {
616  // validate required data
617  if (!$_POST["auth_script"]["name"])
618  {
619  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
620  }
621 
622  // validate script url
623  /*
624  if (( TODO ,$_POST["ldap"]["server"])) == false)
625  {
626  $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
627  }*/
628 
629  // TODO: check connection to server
630 
631  // all ok. save settings and activate auth by external script
632  $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
633  $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
634 
635  ilUtil::sendSuccess($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
636  $this->ctrl->redirect($this,'editScript');
637  }
638 
639 
646  function getAuthModeTitle()
647  {
648  switch ($this->ilias->getSetting("auth_mode"))
649  {
650  case AUTH_LOCAL:
651  return $this->lng->txt("auth_local");
652  break;
653 
654  case AUTH_LDAP:
655  return $this->lng->txt("auth_ldap");
656  break;
657 
658  case AUTH_SHIBBOLETH:
659  return $this->lng->txt("auth_shib");
660  break;
661 
662  case AUTH_RADIUS:
663  return $this->lng->txt("auth_radius");
664  break;
665 
666  case AUTH_SCRIPT:
667  return $this->lng->txt("auth_script");
668  break;
669 
670  case AUTH_APACHE:
671  return $this->lng->txt("auth_apache");
672  break;
673 
674  default:
675  return $this->lng->txt("unknown");
676  break;
677  }
678  }
679 
680  function updateAuthRolesObject()
681  {
682  global $rbacsystem;
683 
684  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
685  {
686  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
687  }
688 
689  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
690  ilObjRole::_updateAuthMode($_POST['Fobject']);
691 
692  ilUtil::sendSuccess($this->lng->txt("auth_mode_roles_changed"),true);
693  $this->ctrl->redirect($this,'authSettings');
694  }
695 
701  protected function initAuthModeDetermination()
702  {
703  if(is_object($this->form))
704  {
705  return true;
706  }
707  // Are there any authentication methods that support automatic determination ?
708 
709  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
710  $det = ilAuthModeDetermination::_getInstance();
711  if($det->getCountActiveAuthModes() <= 1)
712  {
713  return false;
714  }
715 
716  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
717  $this->form = new ilPropertyFormGUI();
718  $this->form->setFormAction($this->ctrl->getFormAction($this));
719  $this->form->setTableWidth('100%');
720  $this->form->setTitle($this->lng->txt('auth_auth_settings'));
721  $this->form->addCommandButton('updateAuthModeDetermination',$this->lng->txt('save'));
722 
723  require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
724  $cap = new ilCheckboxInputGUI($this->lng->txt('adm_captcha_anonymous_short'), 'activate_captcha_anonym');
725  $cap->setInfo($this->lng->txt('adm_captcha_anonymous_auth'));
726  $cap->setValue(1);
727  if(!ilCaptchaUtil::checkFreetype())
728  {
729  $cap->setAlert(ilCaptchaUtil::getPreconditionsMessage());
730  }
731  $cap->setChecked(ilCaptchaUtil::isActiveForLogin());
732  $this->form->addItem($cap);
733 
734  $header = new ilFormSectionHeaderGUI();
735  $header->setTitle($this->lng->txt('auth_auth_mode_determination'));
736  $this->form->addItem($header);
737 
738  $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'),'kind');
739  $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
740  $kind->setValue($det->getKind());
741  $kind->setRequired(true);
742 
743  $option_user = new ilRadioOption($this->lng->txt('auth_by_user'),0);
744  $kind->addOption($option_user);
745 
746  $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'),1);
747 
748  include_once('Services/Authentication/classes/class.ilAuthUtils.php');
749 
750  $auth_sequenced = $det->getAuthModeSequence();
751  $counter = 1;
752  foreach($auth_sequenced as $auth_mode)
753  {
754  switch($auth_mode)
755  {
756  case AUTH_LDAP:
757  $text = $this->lng->txt('auth_ldap');
758  break;
759  case AUTH_RADIUS:
760  $text = $this->lng->txt('auth_radius');
761  break;
762  case AUTH_LOCAL:
763  $text = $this->lng->txt('auth_local');
764  break;
765  case AUTH_SOAP:
766  $text = $this->lng->txt('auth_soap');
767  break;
768  case AUTH_APACHE:
769  $text = $this->lng->txt('auth_apache');
770  break;
771  // begin-patch auth_plugin
772  default:
773  foreach(ilAuthUtils::getAuthPlugins() as $pl)
774  {
775  $option = $pl->getMultipleAuthModeOptions($auth_mode);
776  $text = $option[$auth_mode]['txt'];
777  }
778  break;
779  // end-patch auth_plugin
780  }
781 
782 
783  $pos = new ilTextInputGUI($text,'position['.$auth_mode.']');
784  $pos->setValue($counter++);
785  $pos->setSize(1);
786  $pos->setMaxLength(1);
787  $option_determination->addSubItem($pos);
788  }
789  $kind->addOption($option_determination);
790  $this->form->addItem($kind);
791  return true;
792  }
793 
800  public function updateAuthModeDeterminationObject()
801  {
802  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
803  $det = ilAuthModeDetermination::_getInstance();
804 
805  $det->setKind((int) $_POST['kind']);
806 
807  $pos = $_POST['position'] ? $_POST['position'] : array();
808  asort($pos,SORT_NUMERIC);
809 
810  $counter = 0;
811  foreach($pos as $auth_mode => $dummy)
812  {
813  $position[$counter++] = $auth_mode;
814  }
815  $det->setAuthModeSequence($position ? $position : array());
816  $det->save();
817 
818  require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
819  ilCaptchaUtil::setActiveForLogin((bool)$_POST['activate_captcha_anonym']);
820 
821  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
822  $this->authSettingsObject();
823  }
824 
831  public function executeCommand()
832  {
833  global $ilAccess,$ilErr;
834 
835  $next_class = $this->ctrl->getNextClass($this);
836  $cmd = $this->ctrl->getCmd();
837  $this->prepareOutput();
838 
839 
840  if(!$ilAccess->checkAccess('read','',$this->object->getRefId()))
841  {
842  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
843  }
844 
845  switch($next_class)
846  {
847  case 'ilregistrationsettingsgui':
848 
849  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
850 
851  // Enable tabs
852  $this->tabs_gui->setTabActive('registration_settings');
853  $registration_gui =& new ilRegistrationSettingsGUI();
854  $this->ctrl->forwardCommand($registration_gui);
855  break;
856 
857  case 'ilpermissiongui':
858 
859  // Enable tabs
860  $this->tabs_gui->setTabActive('perm_settings');
861 
862  include_once("Services/AccessControl/classes/class.ilPermissionGUI.php");
863  $perm_gui =& new ilPermissionGUI($this);
864  $ret =& $this->ctrl->forwardCommand($perm_gui);
865  break;
866 
867  case 'illdapsettingsgui':
868 
869  // Enable Tabs
870  $this->tabs_gui->setTabActive('auth_ldap');
871 
872  include_once './Services/LDAP/classes/class.ilLDAPSettingsGUI.php';
873  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
874  $this->ctrl->forwardCommand($ldap_settings_gui);
875  break;
876 
877  case 'ilauthshibbolethsettingsgui':
878 
879  $this->tabs_gui->setTabActive('auth_shib');
880  include_once('./Services/AuthShibboleth/classes/class.ilAuthShibbolethSettingsGUI.php');
881  $shib_settings_gui = new ilAuthShibbolethSettingsGUI($this->object->getRefId());
882  $this->ctrl->forwardCommand($shib_settings_gui);
883  break;
884 
885  case 'ilcassettingsgui':
886 
887  $this->tabs_gui->setTabActive('auth_cas');
888  include_once './Services/CAS/classes/class.ilCASSettingsGUI.php';
889  $cas_settings = new ilCASSettingsGUI($this->object->getRefId());
890  $this->ctrl->forwardCommand($cas_settings);
891  break;
892 
893  case 'ilradiussettingsgui':
894 
895  $this->tabs_gui->setTabActive('auth_radius');
896  include_once './Services/Radius/classes/class.ilRadiusSettingsGUI.php';
897  $radius_settings_gui = new ilRadiusSettingsGUI($this->object->getRefId());
898  $this->ctrl->forwardCommand($radius_settings_gui);
899  break;
900 
901  case 'ilopenidsettingsgui':
902 
903  $this->tabs_gui->setTabActive('auth_openid');
904 
905  include_once './Services/OpenId/classes/class.ilOpenIdSettingsGUI.php';
906  $os = new ilOpenIdSettingsGUI($this->object->getRefId());
907  $this->ctrl->forwardCommand($os);
908  break;
909 
910  case 'ilauthloginpageeditorgui':
911 
912  $this->setSubTabs("authSettings");
913  $this->tabs_gui->setTabActive('authentication_settings');
914  $this->tabs_gui->setSubTabActive("auth_login_editor");
915 
916  include_once './Services/Authentication/classes/class.ilAuthLoginPageEditorGUI.php';
917  $lpe = new ilAuthLoginPageEditorGUI($this->object->getRefId());
918  $this->ctrl->forwardCommand($lpe);
919  break;
920 
921  default:
922  if(!$cmd)
923  {
924  $cmd = "authSettings";
925  }
926  $cmd .= "Object";
927  $this->$cmd();
928 
929  break;
930  }
931  return true;
932  }
933 
934  function getAdminTabs(&$tabs_gui)
935  {
936  $this->getTabs($tabs_gui);
937  }
938 
944  function getTabs(&$tabs_gui)
945  {
946  global $rbacsystem;
947 
948  $this->ctrl->setParameter($this,"ref_id",$this->object->getRefId());
949 
950  if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
951  {
952  $tabs_gui->addTarget("authentication_settings", $this->ctrl->getLinkTarget($this, "authSettings"),
953  "", "", "");
954 
955  $tabs_gui->addTarget('registration_settings',
956  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui','view'));
957 
958  $tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTargetByClass('illdapsettingsgui','serverList'),
959  "", "", "");
960 
961 
962  #$tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
963  # "", "", "");
964 
965  $tabs_gui->addTarget('auth_shib',$this->ctrl->getLinkTargetByClass('ilauthshibbolethsettingsgui','settings'));
966 
967  $tabs_gui->addTarget(
968  'auth_cas',
969  $this->ctrl->getLinkTargetByClass('ilcassettingsgui','settings')
970  );
971 
972  $tabs_gui->addTarget("auth_radius", $this->ctrl->getLinkTargetByClass('ilradiussettingsgui', "settings"),
973  "", "", "");
974 
975  $tabs_gui->addTarget("auth_soap", $this->ctrl->getLinkTarget($this, "editSOAP"),
976  "", "", "");
977 
978  $tabs_gui->addTarget(
979  'auth_openid',
980  $this->ctrl->getLinkTargetByClass('ilopenidsettingsgui','settings'),
981  '',
982  '',
983  ''
984  );
985 
986  $tabs_gui->addTarget("apache_auth_settings", $this->ctrl->getLinkTarget($this,'apacheAuthSettings'),
987  "", "", "");
988  }
989 
990  if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
991  {
992  $tabs_gui->addTarget("perm_settings",
993  $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"),
994  array("perm","info","owner"), 'ilpermissiongui');
995  }
996  }
997 
1001  function setSubTabs($a_tab)
1002  {
1003  global $rbacsystem,$ilUser,$ilAccess;
1004 
1005  $GLOBALS['lng']->loadLanguageModule('auth');
1006 
1007  switch ($a_tab)
1008  {
1009  case 'authSettings':
1010  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
1011  {
1012  $this->tabs_gui->addSubTabTarget("auth_settings",
1013  $this->ctrl->getLinkTarget($this,'authSettings'),
1014  "");
1015  }
1016  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
1017  {
1018  $this->tabs_gui->addSubTabTarget(
1019  'auth_login_editor',
1020  $this->ctrl->getLinkTargetByClass('ilauthloginpageeditorgui',''),
1021  ''
1022  );
1023  }
1024  break;
1025  }
1026  }
1027 
1028 
1029  public function apacheAuthSettingsObject($form = false)
1030  {
1031  global $ilDB, $tpl;
1032 
1033  $this->tabs_gui->setTabActive("apache_auth_settings");
1034  //$this->setSubTabs("authSettings");
1035  //$this->tabs_gui->setSubTabActive("apache_auth_settings");
1036  if (!$form)
1037  {
1038  $form = $this->getApacheAuthSettingsForm();
1039 
1040  $settings = new ilSetting('apache_auth');
1041  $settingsMap = $settings->getAll();
1042 
1043  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
1044  if (file_exists($path) && is_readable($path)) {
1045  $settingsMap['apache_auth_domains'] = file_get_contents($path);
1046  }
1047 
1048  $form->setValuesByArray($settingsMap);
1049  }
1050  $tpl->setVariable('ADM_CONTENT', $form->getHtml());
1051  }
1052 
1053  public function saveApacheSettingsObject()
1054  {
1055  global $ilCtrl;
1056  $form = $this->getApacheAuthSettingsForm();
1057  $form->setValuesByPost();
1058  /*$items = $form->getItems();
1059  foreach($items as $item)
1060  $item->validate();*/
1061  if ($form->checkInput())
1062  {
1063  $settings = new ilSetting('apache_auth');
1064  $fields = array
1065  (
1066  'apache_auth_indicator_name', 'apache_auth_indicator_value',
1067  'apache_enable_auth', 'apache_enable_local', 'apache_local_autocreate',
1068  'apache_enable_ldap', 'apache_auth_username_config_type',
1069  'apache_auth_username_direct_mapping_fieldname',
1070  'apache_default_role', 'apache_auth_target_override_login_page',
1071  'apache_auth_enable_override_login_page',
1072  'apache_auth_authenticate_on_login_page'
1073 // 'apache_auth_username_by_function_functionname',
1074  );
1075 
1076  foreach($fields as $field)
1077  $settings->set($field, $form->getInput($field));
1078 
1079  if ($form->getInput('apache_enable_auth'))
1080  $this->ilias->setSetting('apache_active', true);
1081  else {
1082  $this->ilias->setSetting('apache_active', false);
1083  global $ilSetting;
1084  if ($ilSetting->get("auth_mode") == AUTH_APACHE) {
1085  $ilSetting->set("auth_mode", AUTH_LOCAL);
1086  }
1087  }
1088 
1089  $allowedDomains = $this->validateApacheAuthAllowedDomains($form->getInput('apache_auth_domains'));
1090  file_put_contents(ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt', $allowedDomains);
1091 
1092  ilUtil::sendSuccess($this->lng->txt('apache_settings_changed_success'), true);
1093  $this->ctrl->redirect($this, 'apacheAuthSettings');
1094  }
1095  else
1096  {
1097  $this->apacheAuthSettingsObject($form);
1098  }
1099  }
1100 
1101  public function getApacheAuthSettingsForm()
1102  {
1103  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1104 
1105  $form = new ilPropertyFormGUI();
1106  $form->setFormAction($this->ctrl->getFormAction($this));
1107  $form->setTitle($this->lng->txt('apache_settings'));
1108 
1109  $chb_enabled = new ilCheckboxInputGUI($this->lng->txt('apache_enable_auth'), 'apache_enable_auth');
1110  $form->addItem($chb_enabled);
1111 
1112  $chb_local_create_account = new ilCheckboxInputGUI($this->lng->txt('apache_autocreate'), 'apache_local_autocreate');
1113  $chb_enabled->addSubitem($chb_local_create_account);
1114 
1115  global $rbacreview;
1116  $roles = $rbacreview->getGlobalRolesArray();
1117  $select = new ilSelectInputGUI($this->lng->txt('apache_default_role'), 'apache_default_role');
1118  $roleOptions = array();
1119  foreach($roles as $role) {
1120  $roleOptions[$role['obj_id']] = ilObject::_lookupTitle($role['obj_id']);
1121  }
1122  $select->setOptions($roleOptions);
1123  $select->setValue(4);
1124 
1125  $chb_local_create_account->addSubitem($select);
1126 
1127  $chb_local = new ilCheckboxInputGUI($this->lng->txt('apache_enable_local'), 'apache_enable_local');
1128  $form->addItem($chb_local);
1129 
1130  $chb_ldap = new ilCheckboxInputGUI($this->lng->txt('apache_enable_ldap'), 'apache_enable_ldap');
1131  $chb_ldap->setInfo($this->lng->txt('apache_ldap_hint_ldap_must_be_configured'));
1132  $form->addItem($chb_ldap);
1133 
1134  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_name'), 'apache_auth_indicator_name');
1135  $txt->setRequired(true);
1136  $form->addItem($txt);
1137 
1138  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_value'), 'apache_auth_indicator_value');
1139  $txt->setRequired(true);
1140  $form->addItem($txt);
1141 
1142 
1143  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_enable_override_login'), 'apache_auth_enable_override_login_page');
1144  $form->addItem($chb);
1145 
1146  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_target_override_login'), 'apache_auth_target_override_login_page');
1147  $txt->setRequired(true);
1148  $chb->addSubItem($txt);
1149 
1150  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_authenticate_on_login_page'), 'apache_auth_authenticate_on_login_page');
1151  $form->addItem($chb);
1152 
1153  $sec = new ilFormSectionHeaderGUI();
1154  $sec->setTitle($this->lng->txt('apache_auth_username_config'));
1155  $form->addItem($sec);
1156 
1157  $rag = new ilRadioGroupInputGUI($this->lng->txt('apache_auth_username_config_type'), 'apache_auth_username_config_type');
1158  $form->addItem($rag);
1159 
1160  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_direct_mapping'), 1);
1161  $rag->addOption($rao);
1162 
1163  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_direct_mapping_fieldname'), 'apache_auth_username_direct_mapping_fieldname');
1164  //$txt->setRequired(true);
1165  $rao->addSubItem($txt);
1166 
1167  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_extended_mapping'), 2);
1168  $rao->setDisabled(true);
1169  $rag->addOption($rao);
1170 
1171  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_by_function'), 3);
1172  $rag->addOption($rao);
1173 
1174 /* $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_by_function_functionname'), 'apache_auth_username_by_function_functionname');
1175  $rao->addSubItem($txt);*/
1176 
1177  $sec = new ilFormSectionHeaderGUI();
1178  $sec->setTitle($this->lng->txt('apache_auth_security'));
1179  $form->addItem($sec);
1180 
1181  $txt = new ilTextAreaInputGUI($this->lng->txt('apache_auth_domains'), 'apache_auth_domains');
1182  $txt->setInfo($this->lng->txt('apache_auth_domains_description'));
1183 
1184  $form->addItem($txt);
1185 
1186  $form->addCommandButton('saveApacheSettings',$this->lng->txt('save'));
1187  $form->addCommandButton('cancel',$this->lng->txt('cancel'));
1188 
1189  return $form;
1190  }
1191 
1192  private function validateApacheAuthAllowedDomains($text) {
1193  return join("\n", preg_split("/[\r\n]+/", $text));
1194  }
1195 
1200  public function addToExternalSettingsForm($a_form_id)
1201  {
1202  switch($a_form_id)
1203  {
1204  case ilAdministrationSettingsFormHandler::FORM_ACCESSIBILITY:
1205  require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
1206  $fields = array(
1207  'adm_captcha_anonymous_short' => array(ilCaptchaUtil::isActiveForLogin(), ilAdministrationSettingsFormHandler::VALUE_BOOL),
1208  );
1209 
1210  return array('authentication_settings' => array('authSettings', $fields));
1211  }
1212  }
1213 } // END class.ilObjAuthSettingsGUI
1214 ?>