ILIAS  eassessment Revision 61809
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilObjAuthSettingsGUI.php
Go to the documentation of this file.
1 <?php
2 /* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3 
17 require_once "./classes/class.ilObjectGUI.php";
18 
20 {
25  function ilObjAuthSettingsGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output = true)
26  {
27  $this->type = "auth";
28  $this->ilObjectGUI($a_data,$a_id,$a_call_by_reference,$a_prepare_output);
29 
30  $this->lng->loadLanguageModule('registration');
31 
32  define('LDAP_DEFAULT_PORT',389);
33  define('RADIUS_DEFAULT_PORT',1812);
34  }
35 
36  function viewObject()
37  {
38  // load ilRegistrationSettingsGUI
39 
40  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
41 
42  // Enable tabs
43  $this->tabs_gui->setTabActive('registration_settings');
44 
45  $registration_gui =& new ilRegistrationSettingsGUI();
46  $this->ctrl->setCmdClass('ilregistrationsettingsgui');
47  $this->ctrl->forwardCommand($registration_gui);
48  }
49 
50 
56  function authSettingsObject()
57  {
58  global $rbacsystem, $ilSetting;
59 
60  if (!$rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
61  {
62  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
63  }
64 
65  $this->tabs_gui->setTabActive('authentication_settings');
66  $this->setSubTabs('authSettings');
67  $this->tabs_gui->setSubTabActive("auth_settings");
68 
69  $this->getTemplateFile("general");
70 
71  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
72  $this->tpl->setVariable("TXT_AUTH_TITLE", $this->lng->txt("auth_select"));
73 
74  $this->tpl->setVariable("TXT_AUTH_MODE", $this->lng->txt("auth_mode"));
75  $this->tpl->setVariable("TXT_AUTH_DEFAULT", $this->lng->txt("default"));
76  $this->tpl->setVariable("TXT_AUTH_ACTIVE", $this->lng->txt("active"));
77  $this->tpl->setVariable("TXT_AUTH_NUM_USERS", $this->lng->txt("num_users"));
78 
79  $this->tpl->setVariable("TXT_LOCAL", $this->lng->txt("auth_local"));
80  $this->tpl->setVariable("TXT_LDAP", $this->lng->txt("auth_ldap"));
81  $this->tpl->setVariable("TXT_SHIB", $this->lng->txt("auth_shib"));
82 
83  $this->tpl->setVariable("TXT_CAS", $this->lng->txt("auth_cas"));
84 
85  $this->tpl->setVariable("TXT_RADIUS", $this->lng->txt("auth_radius"));
86  $this->tpl->setVariable("TXT_SCRIPT", $this->lng->txt("auth_script"));
87 
88  $this->tpl->setVariable("TXT_APACHE", $this->lng->txt("auth_apache"));
89 
91  $auth_modes = ilAuthUtils::_getAllAuthModes();
92 
93  foreach($auth_modes as $mode => $mode_name)
94  {
95 //echo "-".$ilSetting->get('auth_mode')."-".$mode."-";
96  if ($ilSetting->get('auth_mode') == $mode)
97  {
98  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
99  ((int) $auth_cnt[$mode_name] + $auth_cnt["default"])." (".$this->lng->txt("auth_per_default").
100  ": ".$auth_cnt["default"].")");
101  }
102  else
103  {
104  $this->tpl->setVariable("NUM_".strtoupper($mode_name),
105  (int) $auth_cnt[$mode_name]);
106  }
107  }
108 
109  $this->tpl->setVariable("TXT_CONFIGURE", $this->lng->txt("auth_configure"));
110  $this->tpl->setVariable("TXT_AUTH_REMARK", $this->lng->txt("auth_remark_non_local_auth"));
111  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
112  $this->tpl->setVariable("CMD_SUBMIT", "setAuthMode");
113 
114  // local vars
115  $checked = "checked=\"checked\"";
116  $disabled = "disabled=\"disabled\"";
117  $style_disabled = "_disabled";
118 
119  // icon handlers
120  $icon_ok = "<img src=\"".ilUtil::getImagePath("icon_ok.gif")."\" alt=\"".$this->lng->txt("enabled")."\" title=\"".$this->lng->txt("enabled")."\" border=\"0\" vspace=\"0\"/>";
121  $icon_not_ok = "<img src=\"".ilUtil::getImagePath("icon_not_ok.gif")."\" alt=\"".$this->lng->txt("disabled")."\" title=\"".$this->lng->txt("disabled")."\" border=\"0\" vspace=\"0\"/>";
122 
123  $this->tpl->setVariable("AUTH_LOCAL_ACTIVE", $icon_ok);
124 
125  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
126  $this->tpl->setVariable('AUTH_LDAP_ACTIVE',count(ilLDAPServer::_getActiveServerList()) ? $icon_ok : $icon_not_ok);
127  #$this->tpl->setVariable("AUTH_LDAP_ACTIVE", $this->ilias->getSetting('ldap_active') ? $icon_ok : $icon_not_ok);
128  $this->tpl->setVariable("AUTH_RADIUS_ACTIVE", $this->ilias->getSetting('radius_active') ? $icon_ok : $icon_not_ok);
129  $this->tpl->setVariable("AUTH_SHIB_ACTIVE", $this->ilias->getSetting('shib_active') ? $icon_ok : $icon_not_ok);
130  $this->tpl->setVariable("AUTH_SCRIPT_ACTIVE", $this->ilias->getSetting('script_active') ? $icon_ok : $icon_not_ok);
131  $this->tpl->setVariable("AUTH_CAS_ACTIVE", $this->ilias->getSetting('cas_active') ? $icon_ok : $icon_not_ok);
132  $this->tpl->setVariable("AUTH_APACHE_ACTIVE", $this->ilias->getSetting('apache_active') ? $icon_ok : $icon_not_ok);
133 
134  // alter style and disable buttons depending on current selection
135  switch ($this->ilias->getSetting('auth_mode'))
136  {
137  case AUTH_LOCAL: // default
138  $this->tpl->setVariable("CHK_LOCAL", $checked);
139  break;
140 
141  case AUTH_LDAP: // LDAP
142  $this->tpl->setVariable("CHK_LDAP", $checked);
143  break;
144 
145  case AUTH_SHIBBOLETH: // SHIB
146  $this->tpl->setVariable("CHK_SHIB", $checked);
147  break;
148 
149  case AUTH_RADIUS: // RADIUS
150  $this->tpl->setVariable("CHK_RADIUS", $checked);
151  break;
152 
153  case AUTH_CAS: // CAS
154  $this->tpl->setVariable("CHK_CAS", $checked);
155  break;
156 
157  case AUTH_SCRIPT: // script
158  $this->tpl->setVariable("CHK_SCRIPT", $checked);
159  break;
160 
161  case AUTH_APACHE: // apache
162  $this->tpl->setVariable("CHK_APACHE", $checked);
163  break;
164  }
165 
166  // auth mode determinitation
167  if($this->initAuthModeDetermination())
168  {
169  $this->tpl->setVariable('TABLE_AUTH_DETERMINATION',$this->form->getHTML());
170  }
171 
172  // roles table
173  $this->tpl->setVariable("FORMACTION_ROLES",
174  $this->ctrl->getFormAction($this));
175  $this->tpl->setVariable("TXT_AUTH_ROLES", $this->lng->txt("auth_active_roles"));
176  $this->tpl->setVariable("TXT_ROLE", $this->lng->txt("obj_role"));
177  $this->tpl->setVariable("TXT_ROLE_AUTH_MODE", $this->lng->txt("auth_role_auth_mode"));
178  $this->tpl->setVariable("CMD_SUBMIT_ROLES", "updateAuthRoles");
179 
180  include_once("./Services/AccessControl/classes/class.ilObjRole.php");
181  $reg_roles = ilObjRole::_lookupRegisterAllowed();
182 
183  // auth mode selection
184  include_once('./Services/Authentication/classes/class.ilAuthUtils.php');
185  $active_auth_modes = ilAuthUtils::_getActiveAuthModes();
186 
187  foreach ($reg_roles as $role)
188  {
189  foreach ($active_auth_modes as $auth_name => $auth_key)
190  {
191  // do not list auth modes with external login screen
192  // even not default, because it can easily be set to
193  // a non-working auth mode
194  if ($auth_name == "default" || $auth_name == "cas"
195  || $auth_name == "shibboleth" || $auth_name == 'ldap' || $auth_name == 'apache')
196  {
197  continue;
198  }
199 
200  $this->tpl->setCurrentBlock("auth_mode_selection");
201 
202  if ($auth_name == 'default')
203  {
204  $name = $this->lng->txt('auth_'.$auth_name)." (".$this->lng->txt('auth_'.ilAuthUtils::_getAuthModeName($auth_key)).")";
205  }
206  else
207  {
208  $name = $this->lng->txt('auth_'.$auth_name);
209  }
210 
211  $this->tpl->setVariable("AUTH_MODE_NAME", $name);
212 
213  $this->tpl->setVariable("AUTH_MODE", $auth_name);
214 
215  if ($role['auth_mode'] == $auth_name)
216  {
217  $this->tpl->setVariable("SELECTED_AUTH_MODE", "selected=\"selected\"");
218  }
219 
220  $this->tpl->parseCurrentBlock();
221  } // END auth_mode selection
222 
223  $this->tpl->setCurrentBlock("roles");
224  $this->tpl->setVariable("ROLE", $role['title']);
225  $this->tpl->setVariable("ROLE_ID", $role['id']);
226  $this->tpl->parseCurrentBlock();
227  }
228  }
229 
237  public function saveLoginInfoObject()
238  {
239  global $rbacsystem, $lng,$ilSetting;
240 
241  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
242  {
243  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
244  }
245 
246  $this->initLoginForm();
247  if ($this->form->checkInput())
248  {
249  if (is_array($_POST))
250  {
251  $this->loginSettings = new ilSetting("login_settings");
252 
253  foreach ($_POST as $key => $val)
254  {
255  if (substr($key, 0, 14) == "login_message_")
256  {
257  $this->loginSettings->set($key, $val);
258  }
259  }
260  }
261 
262  if($_POST['default_auth_mode'])
263  {
264  $ilSetting->set('default_auth_mode',(int) $_POST['default_auth_mode']);
265  }
266 
267  ilUtil::sendSuccess($this->lng->txt("login_information_settings_saved"));
268  }
269 
270  $this->loginInfoObject();
271  }
272 
279  public function loginInfoObject()
280  {
281  global $rbacsystem, $lng,$ilSetting;
282 
283  if (!$rbacsystem->checkAccess("visible,read", $this->object->getRefId()))
284  {
285  $this->ilias->raiseError($this->lng->txt("permission_denied"), $this->ilias->error_obj->MESSAGE);
286  }
287 
288  $this->tabs_gui->setTabActive("authentication_settings");
289  $this->setSubTabs("authSettings");
290  $this->tabs_gui->setSubTabActive("login_information");
291 
292  $lng->loadLanguageModule("meta");
293 
294  $this->tpl->addBlockFile("ADM_CONTENT", "adm_content", "tpl.auth_login_messages.html");
295  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
296  $this->tpl->setVariable("TXT_HEADLINE", $this->lng->txt("login_information"));
297  $this->tpl->setVariable("TXT_DESCRIPTION", $this->lng->txt("login_information_desc"));
298  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
299  $this->initLoginForm();
300  $this->tpl->setVariable('LOGIN_INFO',$this->form->getHTML());
301  }
302 
306  function initLoginForm()
307  {
308  global $rbacsystem, $lng,$ilSetting;
309 
310  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
311  $this->form = new ilPropertyFormGUI();
312  $this->form->setFormAction($this->ctrl->getFormAction($this,'saveLoginInfo'));
313  $this->form->setTableWidth('80%');
314  $this->form->setTitle($this->lng->txt('login_information'));
315  #$form->setInfo($this->lng->txt('login_information_desc'));
316 
317  $this->form->addCommandButton('saveLoginInfo',$this->lng->txt('save'));
318  $this->form->addCommandButton('cancel',$this->lng->txt('cancel'));
319 
320  include_once('Services/LDAP/classes/class.ilLDAPServer.php');
321  include_once('Services/Radius/classes/class.ilRadiusSettings.php');
322  $rad_settings = ilRadiusSettings::_getInstance();
323  if($ldap_id = ilLDAPServer::_getFirstActiveServer() or $rad_settings->isActive())
324  {
325  $select = new ilSelectInputGUI($this->lng->txt('default_auth_mode'),'default_auth_mode');
326  $select->setValue($ilSetting->get('default_auth_mode',AUTH_LOCAL));
327  $select->setInfo($this->lng->txt('default_auth_mode_info'));
328  $options[AUTH_LOCAL] = $this->lng->txt('auth_local');
329  if($ldap_id)
330  {
331  $options[AUTH_LDAP] = $this->lng->txt('auth_ldap');
332  }
333  if($rad_settings->isActive())
334  {
335  $options [AUTH_RADIUS] = $this->lng->txt('auth_radius');
336  }
337  $select->setOptions($options);
338  $this->form->addItem($select);
339  }
340 
341  if (!is_object($this->loginSettings))
342  {
343  $this->loginSettings = new ilSetting("login_settings");
344  }
345 
346  $login_settings = $this->loginSettings->getAll();
347  $languages = $lng->getInstalledLanguages();
348  $def_language = $lng->getDefaultLanguage();
349 
350  foreach ($this->setDefLangFirst($def_language, $languages) as $lang_key)
351  {
352  $add = "";
353  if ($lang_key == $def_language)
354  {
355  $add = " (".$lng->txt("default").")";
356  }
357 
358  $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_".$lang_key).$add,
359  'login_message_'.$lang_key);
360  $textarea->setRows(10);
361  $textarea->setValue($login_settings["login_message_".$lang_key]);
362  $textarea->setUseRte(true);
363  $textarea->setRteTagSet("extended");
364  $this->form->addItem($textarea);
365 
366  unset($login_settings["login_message_".$lang_key]);
367  }
368 
369  foreach ($login_settings as $key => $message)
370  {
371  $lang_key = substr($key, strrpos($key, "_") + 1, strlen($key) - strrpos($key, "_"));
372 
373  $textarea = new ilTextAreaInputGUI($lng->txt("meta_l_".$lang_key).$add,
374  'login_message_'.$lang_key);
375  $textarea->setRows(10);
376  $textarea->setValue($message);
377  $textarea->setUseRte(true);
378 
379  if(!in_array($lang_key,$languages))
380  {
381  $textarea->setAlert($lng->txt("not_installed"));
382  }
383  $this->form->addItem($textarea);
384  }
385  }
386 
398  public function setDefLangFirst($a_def_language, $a_languages)
399  {
400  if (is_array($a_languages) && $a_def_language != "")
401  {
402  $languages = array();
403  $languages[] = $a_def_language;
404 
405  foreach ($a_languages as $val)
406  {
407  if (!in_array($val, $languages))
408  {
409  $languages[] = $val;
410  }
411  }
412 
413  return $languages;
414  }
415  else
416  {
417  return array();
418  }
419  }
420 
421  function cancelObject()
422  {
423  $this->ctrl->redirect($this, "authSettings");
424  }
425 
426  function setAuthModeObject()
427  {
428  global $rbacsystem,$ilSetting;
429 
430  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
431  {
432  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
433  }
434 
435  if (empty($_POST["auth_mode"]))
436  {
437  $this->ilias->raiseError($this->lng->txt("auth_err_no_mode_selected"),$this->ilias->error_obj->MESSAGE);
438  }
439 
440  if ($_POST["auth_mode"] == AUTH_DEFAULT)
441  {
442  ilUtil::sendInfo($this->lng->txt("auth_mode").": ".$this->getAuthModeTitle()." ".$this->lng->txt("auth_mode_not_changed"),true);
443  $this->ctrl->redirect($this,'authSettings');
444  }
445 
446  switch ($_POST["auth_mode"])
447  {
448  case AUTH_LDAP:
449 
450  /*
451  if ($this->object->checkAuthLDAP() !== true)
452  {
453  ilUtil::sendInfo($this->lng->txt("auth_ldap_not_configured"),true);
454  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editLDAP", "", false, false)));
455  }
456  */
457  break;
458 
459  case AUTH_SHIB:
460  if ($this->object->checkAuthSHIB() !== true)
461  {
462  ilUtil::sendFailure($this->lng->txt("auth_shib_not_configured"),true);
463  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editSHIB", "", false, false)));
464  }
465  break;
466 
467  case AUTH_RADIUS:
468  if ($this->object->checkAuthRADIUS() !== true)
469  {
470  ilUtil::sendFailure($this->lng->txt("auth_radius_not_configured"),true);
471  $this->ctrl->redirect($this,'editRADIUS');
472  }
473  break;
474 
475  case AUTH_SCRIPT:
476  if ($this->object->checkAuthScript() !== true)
477  {
478  ilUtil::sendFailure($this->lng->txt("auth_script_not_configured"),true);
479  ilUtil::redirect($this->getReturnLocation("authSettings",$this->ctrl->getLinkTarget($this,"editScript", "", false, false)));
480  }
481  break;
482  }
483 
484  $this->ilias->setSetting("auth_mode",$_POST["auth_mode"]);
485 
486  ilUtil::sendSuccess($this->lng->txt("auth_default_mode_changed_to")." ".$this->getAuthModeTitle(),true);
487  $this->ctrl->redirect($this,'authSettings');
488  }
489 
490 
491 
492 
493 
499  function editCASObject()
500  {
501  global $rbacsystem, $rbacreview, $ilSetting;
502 
503  if (!$rbacsystem->checkAccess("read",$this->object->getRefId()))
504  {
505  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
506  }
507 
508  $this->tabs_gui->setTabActive('auth_cas');
509 
510  // get template
511  $this->getTemplateFile("cas");
512 
513  // get all settings
514  $settings = $ilSetting->getAll();
515 
516  // get values in error case
517  if ($_SESSION["error_post_vars"])
518  {
519  if ($_SESSION["error_post_vars"]["cas"]["active"] == "1")
520  {
521  $this->tpl->setVariable("CHK_CAS_ACTIVE", "checked=\"checked\"");
522  }
523  if ($_SESSION["error_post_vars"]["cas"]["create_users"] == "1")
524  {
525  $this->tpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
526  }
527  if ($_SESSION["error_post_vars"]["cas"]["allow_local"] == "1")
528  {
529  $this->tpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
530  }
531 
532  $this->tpl->setVariable("CAS_SERVER", $_SESSION["error_post_vars"]["cas"]["server"]);
533  $this->tpl->setVariable("CAS_PORT", $_SESSION["error_post_vars"]["cas"]["port"]);
534  $this->tpl->setVariable("CAS_URI", $_SESSION["error_post_vars"]["cas"]["uri"]);
535  $this->tpl->setVariable("CAS_LOGIN_INSTRUCTIONS", $_SESSION["error_post_vars"]["cas"]["login_instructions"]);
536  $current_default_role = $_SESSION["error_post_vars"]["cas"]["user_default_role"];
537  }
538  else
539  {
540  if ($settings["cas_active"] == "1")
541  {
542  $this->tpl->setVariable("CHK_CAS_ACTIVE", "checked=\"checked\"");
543  }
544  if ($settings["cas_create_users"] == "1")
545  {
546  $this->tpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
547  }
548  if ($settings["cas_allow_local"] == "1")
549  {
550  $this->tpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
551  }
552 
553  $this->tpl->setVariable("CAS_SERVER", $settings["cas_server"]);
554  $this->tpl->setVariable("CAS_PORT", $settings["cas_port"]);
555  $this->tpl->setVariable("CAS_URI", $settings["cas_uri"]);
556  $this->tpl->setVariable("CAS_LOGIN_INSTRUCTIONS", $settings["cas_login_instructions"]);
557  $current_default_role = $settings["cas_user_default_role"];
558  }
559 
560  // compose role list
561  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
562  if (!$current_default_role)
563  {
564  $current_default_role = 4;
565  }
566  $roles = array();
567  foreach ($role_list as $role)
568  {
569  $roles[$role['obj_id']] = $role['title'];
570  }
571  $selectElement = ilUtil::formSelect($current_default_role,
572  "cas[user_default_role]", $roles, false, true);
573 
574  $this->tpl->setVariable("CAS_USER_DEFAULT_ROLE", $selectElement);
575  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
576  $this->tpl->setVariable("COLSPAN", 3);
577  $this->tpl->setVariable("TXT_CAS_TITLE", $this->lng->txt("auth_cas_auth"));
578  $this->tpl->setVariable("TXT_CAS_DESC", $this->lng->txt("auth_cas_auth_desc"));
579  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
580  $this->tpl->setVariable("TXT_CAS_ACTIVE", $this->lng->txt("active"));
581  $this->tpl->setVariable("TXT_CAS_SERVER", $this->lng->txt("server"));
582  $this->tpl->setVariable("TXT_CAS_SERVER_DESC", $this->lng->txt("auth_cas_server_desc"));
583  $this->tpl->setVariable("TXT_CAS_PORT", $this->lng->txt("port"));
584  $this->tpl->setVariable("TXT_CAS_PORT_DESC", $this->lng->txt("auth_cas_port_desc"));
585  $this->tpl->setVariable("TXT_CAS_URI", $this->lng->txt("uri"));
586  $this->tpl->setVariable("TXT_CAS_URI_DESC", $this->lng->txt("auth_cas_uri_desc"));
587  $this->tpl->setVariable("TXT_CAS_LOGIN_INSTRUCTIONS", $this->lng->txt("auth_login_instructions"));
588  $this->tpl->setVariable("TXT_CREATE_USERS", $this->lng->txt("auth_create_users"));
589  $this->tpl->setVariable("TXT_CREATE_USERS_DESC", $this->lng->txt("auth_cas_create_users_desc"));
590  $this->tpl->setVariable("TXT_CAS_USER_DEFAULT_ROLE", $this->lng->txt("auth_user_default_role"));
591  $this->tpl->setVariable("TXT_CAS_USER_DEFAULT_ROLE_DESC",
592  $this->lng->txt("auth_cas_user_default_role_desc"));
593  $this->tpl->setVariable("TXT_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
594  $this->tpl->setVariable("TXT_ALLOW_LOCAL_DESC", $this->lng->txt("auth_cas_allow_local_desc"));
595  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
596  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
597  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
598  $this->tpl->setVariable("CMD_SUBMIT", "saveCAS");
599  }
600 
606  function saveCASObject()
607  {
608  global $ilUser, $ilSetting, $rbacsystem;
609 
610  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
611  {
612  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
613  }
614 
615  // validate required data
616  if (!$_POST["cas"]["server"] or !$_POST["cas"]["port"])
617  {
618  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
619  }
620 
621  // validate port
622  if ((preg_match("/^[0-9]{0,5}$/",$_POST["cas"]["port"])) == false)
623  {
624  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
625  }
626 
627  $ilSetting->set("cas_server", $_POST["cas"]["server"]);
628  $ilSetting->set("cas_port", $_POST["cas"]["port"]);
629  $ilSetting->set("cas_uri", $_POST["cas"]["uri"]);
630  $ilSetting->set("cas_login_instructions", $_POST["cas"]["login_instructions"]);
631  $ilSetting->set("cas_active", $_POST["cas"]["active"]);
632  $ilSetting->set("cas_create_users", $_POST["cas"]["create_users"]);
633  $ilSetting->set("cas_allow_local", $_POST["cas"]["allow_local"]);
634  $ilSetting->set("cas_active", $_POST["cas"]["active"]);
635  $ilSetting->set("cas_user_default_role", $_POST["cas"]["user_default_role"]);
636  ilUtil::sendSuccess($this->lng->txt("auth_cas_settings_saved"),true);
637 
638  $this->ctrl->redirect($this,'editCAS');
639  }
640 
646  function editSOAPObject()
647  {
648  global $rbacsystem, $rbacreview, $ilSetting, $ilCtrl, $lng;
649 
650  if (!$rbacsystem->checkAccess("read",$this->object->getRefId()))
651  {
652  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
653  }
654 
655  $this->tabs_gui->setTabActive('auth_soap');
656 
657  // get template
658  $stpl = new ilTemplate("tpl.auth_soap.html", true, true, "");
659 
660  //$this->getTemplateFile("soap");
661 
662  // get all settings
663  $settings = $ilSetting->getAll();
664 
665  // get values in error case
666  if ($_SESSION["error_post_vars"])
667  {
668  if ($_SESSION["error_post_vars"]["soap"]["active"] == "1")
669  {
670  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
671  }
672  if ($_SESSION["error_post_vars"]["soap"]["use_https"] == "1")
673  {
674  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
675  }
676  if ($_SESSION["error_post_vars"]["soap"]["create_users"] == "1")
677  {
678  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
679  }
680  if ($_SESSION["error_post_vars"]["soap"]["allow_local"] == "1")
681  {
682  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
683  }
684  if ($_SESSION["error_post_vars"]["soap"]["account_mail"] == "1")
685  {
686  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
687  }
688  if ($_SESSION["error_post_vars"]["soap"]["use_dotnet"] == "1")
689  {
690  $stpl->setVariable("CHK_USEDOTNET", "checked=\"checked\"");
691  }
692 
693  $stpl->setVariable("SOAP_SERVER", $_SESSION["error_post_vars"]["soap"]["server"]);
694  $stpl->setVariable("SOAP_PORT", $_SESSION["error_post_vars"]["soap"]["port"]);
695  $stpl->setVariable("SOAP_URI", $_SESSION["error_post_vars"]["soap"]["uri"]);
696  $stpl->setVariable("SOAP_NAMESPACE", $_SESSION["error_post_vars"]["soap"]["namespace"]);
697  $current_default_role = $_SESSION["error_post_vars"]["soap"]["user_default_role"];
698  }
699  else
700  {
701  if ($settings["soap_auth_active"] == "1")
702  {
703  $stpl->setVariable("CHK_SOAP_ACTIVE", "checked=\"checked\"");
704  }
705  if ($settings["soap_auth_use_https"] == "1")
706  {
707  $stpl->setVariable("CHK_USE_HTTPS", "checked=\"checked\"");
708  }
709  if ($settings["soap_auth_create_users"] == "1")
710  {
711  $stpl->setVariable("CHK_CREATE_USERS", "checked=\"checked\"");
712  }
713  if ($settings["soap_auth_allow_local"] == "1")
714  {
715  $stpl->setVariable("CHK_ALLOW_LOCAL", "checked=\"checked\"");
716  }
717  if ($settings["soap_auth_account_mail"] == "1")
718  {
719  $stpl->setVariable("CHK_ACCOUNT_MAIL", "checked=\"checked\"");
720  }
721  if ($settings["soap_auth_use_dotnet"] == "1")
722  {
723  $stpl->setVariable("CHK_USE_DOTNET", "checked=\"checked\"");
724  }
725 
726  $stpl->setVariable("SOAP_SERVER", $settings["soap_auth_server"]);
727  $stpl->setVariable("SOAP_PORT", $settings["soap_auth_port"]);
728  $stpl->setVariable("SOAP_URI", $settings["soap_auth_uri"]);
729  $stpl->setVariable("SOAP_NAMESPACE", $settings["soap_auth_namespace"]);
730  $current_default_role = $settings["soap_auth_user_default_role"];
731  }
732 
733  // compose role list
734  $role_list = $rbacreview->getRolesByFilter(2,$this->object->getId());
735  if (!$current_default_role)
736  {
737  $current_default_role = 4;
738  }
739  $roles = array();
740  foreach ($role_list as $role)
741  {
742  $roles[$role['obj_id']] = $role['title'];
743  }
744  $selectElement = ilUtil::formSelect($current_default_role,
745  "soap[user_default_role]", $roles, false, true);
746 
747  $stpl->setVariable("SOAP_USER_DEFAULT_ROLE", $selectElement);
748  $stpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
749  $stpl->setVariable("COLSPAN", 3);
750  $stpl->setVariable("TXT_SOAP_TITLE", $this->lng->txt("auth_soap_auth"));
751  $stpl->setVariable("TXT_SOAP_DESC", $this->lng->txt("auth_soap_auth_desc"));
752  $stpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
753  $stpl->setVariable("TXT_SOAP_ACTIVE", $this->lng->txt("active"));
754  $stpl->setVariable("TXT_SOAP_SERVER", $this->lng->txt("server"));
755  $stpl->setVariable("TXT_SOAP_SERVER_DESC", $this->lng->txt("auth_soap_server_desc"));
756  $stpl->setVariable("TXT_SOAP_PORT", $this->lng->txt("port"));
757  $stpl->setVariable("TXT_SOAP_PORT_DESC", $this->lng->txt("auth_soap_port_desc"));
758  $stpl->setVariable("TXT_SOAP_URI", $this->lng->txt("uri"));
759  $stpl->setVariable("TXT_SOAP_URI_DESC", $this->lng->txt("auth_soap_uri_desc"));
760  $stpl->setVariable("TXT_SOAP_NAMESPACE", $this->lng->txt("auth_soap_namespace"));
761  $stpl->setVariable("TXT_SOAP_NAMESPACE_DESC", $this->lng->txt("auth_soap_namespace_desc"));
762  $stpl->setVariable("TXT_USE_DOTNET", $this->lng->txt("auth_soap_use_dotnet"));
763  $stpl->setVariable("TXT_USE_HTTPS", $this->lng->txt("auth_soap_use_https"));
764  $stpl->setVariable("TXT_CREATE_USERS", $this->lng->txt("auth_create_users"));
765  $stpl->setVariable("TXT_CREATE_USERS_DESC", $this->lng->txt("auth_soap_create_users_desc"));
766  $stpl->setVariable("TXT_ACCOUNT_MAIL", $this->lng->txt("user_send_new_account_mail"));
767  $stpl->setVariable("TXT_ACCOUNT_MAIL_DESC", $this->lng->txt("auth_new_account_mail_desc"));
768  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE", $this->lng->txt("auth_user_default_role"));
769  $stpl->setVariable("TXT_SOAP_USER_DEFAULT_ROLE_DESC",
770  $this->lng->txt("auth_soap_user_default_role_desc"));
771  $stpl->setVariable("TXT_ALLOW_LOCAL", $this->lng->txt("auth_allow_local"));
772  $stpl->setVariable("TXT_ALLOW_LOCAL_DESC", $this->lng->txt("auth_soap_allow_local_desc"));
773  $stpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
774  $stpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
775  $stpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
776  $stpl->setVariable("CMD_SUBMIT", "saveSOAP");
777 
778  // test form
779  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
780  $form = new ilPropertyFormGUI();
781  $form->setFormAction($ilCtrl->getFormAction($this));
782  $form->setTitle("Test Request");
783  $text_prop = new ilTextInputGUI("ext_uid", "ext_uid");
784  $form->addItem($text_prop);
785  $text_prop2 = new ilTextInputGUI("soap_pw", "soap_pw");
786  $form->addItem($text_prop2);
787  $cb = new ilCheckboxInputGUI("new_user", "new_user");
788  $form->addItem($cb);
789 
790  $form->addCommandButton("testSoapAuthConnection",
791  "Send");
792 
793  if ($ilCtrl->getCmd() == "testSoapAuthConnection")
794  {
795  include_once("./Services/SOAPAuth/classes/class.ilSOAPAuth.php");
796  $ret = "<br />".ilSOAPAuth::testConnection(
797  ilUtil::stripSlashes($_POST["ext_uid"]),
798  ilUtil::stripSlashes($_POST["soap_pw"]),
799  (boolean) $_POST["new_user"]
800  );
801  }
802 
803  $stpl->setVariable("TEST_FORM", $form->getHtml().$ret);
804  $this->tpl->setContent($stpl->get());
805  }
806 
808  {
809  $this->editSOAPObject();
810  }
811 
817  function saveSOAPObject()
818  {
819  global $ilUser, $ilSetting, $rbacsystem;
820 
821  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
822  {
823  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
824  }
825 
826  // validate required data
827  if (!$_POST["soap"]["server"])
828  {
829  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
830  }
831 
832  // validate port
833  if ($_POST["soap"]["server"] != "" && (preg_match("/^[0-9]{0,5}$/",$_POST["soap"]["port"])) == false)
834  {
835  $this->ilias->raiseError($this->lng->txt("err_invalid_port"),$this->ilias->error_obj->MESSAGE);
836  }
837 
838  $ilSetting->set("soap_auth_server", $_POST["soap"]["server"]);
839  $ilSetting->set("soap_auth_port", $_POST["soap"]["port"]);
840  $ilSetting->set("soap_auth_active", $_POST["soap"]["active"]);
841  $ilSetting->set("soap_auth_uri", $_POST["soap"]["uri"]);
842  $ilSetting->set("soap_auth_namespace", $_POST["soap"]["namespace"]);
843  $ilSetting->set("soap_auth_create_users", $_POST["soap"]["create_users"]);
844  $ilSetting->set("soap_auth_allow_local", $_POST["soap"]["allow_local"]);
845  $ilSetting->set("soap_auth_account_mail", $_POST["soap"]["account_mail"]);
846  $ilSetting->set("soap_auth_use_https", $_POST["soap"]["use_https"]);
847  $ilSetting->set("soap_auth_use_dotnet", $_POST["soap"]["use_dotnet"]);
848  $ilSetting->set("soap_auth_user_default_role", $_POST["soap"]["user_default_role"]);
849  ilUtil::sendSuccess($this->lng->txt("auth_soap_settings_saved"),true);
850 
851  $this->ctrl->redirect($this,'editSOAP');
852  }
853 
859  function editScriptObject()
860  {
861  global $rbacsystem;
862 
863  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
864  {
865  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
866  }
867 
868  if ($_SESSION["error_post_vars"])
869  {
870  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $_SESSION["error_post_vars"]["auth_script"]["name"]);
871  }
872  else
873  {
874  // set already saved data
875  $settings = $this->ilias->getAllSettings();
876 
877  $this->tpl->setVariable("AUTH_SCRIPT_NAME", $settings["auth_script_name"]);
878  }
879 
880  $this->tabs_gui->setTabActive('auth_script');
881 
882  $this->getTemplateFile("script");
883 
884  $this->tpl->setVariable("FORMACTION", $this->ctrl->getFormAction($this));
885  $this->tpl->setVariable("COLSPAN", 3);
886  $this->tpl->setVariable("TXT_AUTH_SCRIPT_TITLE", $this->lng->txt("auth_script_configure"));
887  $this->tpl->setVariable("TXT_OPTIONS", $this->lng->txt("options"));
888  $this->tpl->setVariable("TXT_AUTH_SCRIPT_NAME", $this->lng->txt("auth_script_name"));
889 
890  $this->tpl->setVariable("TXT_REQUIRED_FLD", $this->lng->txt("required_field"));
891  $this->tpl->setVariable("TXT_CANCEL", $this->lng->txt("cancel"));
892  $this->tpl->setVariable("TXT_SUBMIT", $this->lng->txt("save"));
893  $this->tpl->setVariable("CMD_SUBMIT", "saveScript");
894  }
895 
901  function saveScriptObject()
902  {
903  // validate required data
904  if (!$_POST["auth_script"]["name"])
905  {
906  $this->ilias->raiseError($this->lng->txt("fill_out_all_required_fields"),$this->ilias->error_obj->MESSAGE);
907  }
908 
909  // validate script url
910  /*
911  if (( TODO ,$_POST["ldap"]["server"])) == false)
912  {
913  $this->ilias->raiseError($this->lng->txt("err_invalid_server"),$this->ilias->error_obj->MESSAGE);
914  }*/
915 
916  // TODO: check connection to server
917 
918  // all ok. save settings and activate auth by external script
919  $this->ilias->setSetting("auth_script_name", $_POST["auth_script"]["name"]);
920  $this->ilias->setSetting("auth_mode", AUTH_SCRIPT);
921 
922  ilUtil::sendSuccess($this->lng->txt("auth_mode_changed_to")." ".$this->getAuthModeTitle(),true);
923  $this->ctrl->redirect($this,'editScript');
924  }
925 
926 
933  function getAuthModeTitle()
934  {
935  switch ($this->ilias->getSetting("auth_mode"))
936  {
937  case AUTH_LOCAL:
938  return $this->lng->txt("auth_local");
939  break;
940 
941  case AUTH_LDAP:
942  return $this->lng->txt("auth_ldap");
943  break;
944 
945  case AUTH_SHIBBOLETH:
946  return $this->lng->txt("auth_shib");
947  break;
948 
949  case AUTH_RADIUS:
950  return $this->lng->txt("auth_radius");
951  break;
952 
953  case AUTH_SCRIPT:
954  return $this->lng->txt("auth_script");
955  break;
956 
957  case AUTH_APACHE:
958  return $this->lng->txt("auth_apache");
959  break;
960 
961  default:
962  return $this->lng->txt("unknown");
963  break;
964  }
965  }
966 
968  {
969  global $rbacsystem;
970 
971  if (!$rbacsystem->checkAccess("write",$this->object->getRefId()))
972  {
973  $this->ilias->raiseError($this->lng->txt("permission_denied"),$this->ilias->error_obj->MESSAGE);
974  }
975 
976  include_once('./Services/AccessControl/classes/class.ilObjRole.php');
978 
979  ilUtil::sendSuccess($this->lng->txt("auth_mode_roles_changed"),true);
980  $this->ctrl->redirect($this,'authSettings');
981  }
982 
988  protected function initAuthModeDetermination()
989  {
990  if(is_object($this->form))
991  {
992  return true;
993  }
994  // Are there any authentication methods that support automatic determination ?
995 
996  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
998  if($det->getCountActiveAuthModes() <= 1)
999  {
1000  return false;
1001  }
1002 
1003  include_once('./Services/Form/classes/class.ilPropertyFormGUI.php');
1004  $this->form = new ilPropertyFormGUI();
1005  $this->form->setFormAction($this->ctrl->getFormAction($this));
1006  $this->form->setTableWidth('100%');
1007  $this->form->setTitle($this->lng->txt('auth_auth_mode_determination'));
1008  $this->form->addCommandButton('updateAuthModeDetermination',$this->lng->txt('save'));
1009  $this->form->addCommandButton('authSettings',$this->lng->txt('cancel'));
1010 
1011  $kind = new ilRadioGroupInputGUI($this->lng->txt('auth_kind_determination'),'kind');
1012  $kind->setInfo($this->lng->txt('auth_mode_determination_info'));
1013  $kind->setValue($det->getKind());
1014  $kind->setRequired(true);
1015 
1016  $option_user = new ilRadioOption($this->lng->txt('auth_by_user'),0);
1017  $kind->addOption($option_user);
1018 
1019  $option_determination = new ilRadioOption($this->lng->txt('auth_automatic'),1);
1020 
1021  include_once('Services/Authentication/classes/class.ilAuthUtils.php');
1022 
1023  $auth_sequenced = $det->getAuthModeSequence();
1024  $counter = 1;
1025  foreach($auth_sequenced as $auth_mode)
1026  {
1027  switch($auth_mode)
1028  {
1029  case AUTH_LDAP:
1030  $text = $this->lng->txt('auth_ldap');
1031  break;
1032  case AUTH_RADIUS:
1033  $text = $this->lng->txt('auth_radius');
1034  break;
1035  case AUTH_LOCAL:
1036  $text = $this->lng->txt('auth_local');
1037  break;
1038  case AUTH_SOAP:
1039  $text = $this->lng->txt('auth_soap');
1040  break;
1041  case AUTH_APACHE:
1042  $text = $this->lng->txt('auth_apache');
1043  break;
1044  }
1045 
1046 
1047  $pos = new ilTextInputGUI($text,'position['.$auth_mode.']');
1048  $pos->setValue($counter++);
1049  $pos->setSize(1);
1050  $pos->setMaxLength(1);
1051  $option_determination->addSubItem($pos);
1052  }
1053  $kind->addOption($option_determination);
1054  $this->form->addItem($kind);
1055  return true;
1056  }
1057 
1065  {
1066  include_once('Services/Authentication/classes/class.ilAuthModeDetermination.php');
1068 
1069  $det->setKind((int) $_POST['kind']);
1070 
1071  $pos = $_POST['position'] ? $_POST['position'] : array();
1072  asort($pos,SORT_NUMERIC);
1073 
1074  $counter = 0;
1075  foreach($pos as $auth_mode => $dummy)
1076  {
1077  $position[$counter++] = $auth_mode;
1078  }
1079  $det->setAuthModeSequence($position ? $position : array());
1080  $det->save();
1081 
1082  ilUtil::sendSuccess($this->lng->txt('settings_saved'));
1083  $this->authSettingsObject();
1084  }
1085 
1086 
1087  function &executeCommand()
1088  {
1089  global $ilAccess,$ilErr;
1090 
1091  $next_class = $this->ctrl->getNextClass($this);
1092  $cmd = $this->ctrl->getCmd();
1093  $this->prepareOutput();
1094 
1095 
1096  if(!$ilAccess->checkAccess('read','',$this->object->getRefId()))
1097  {
1098  $ilErr->raiseError($this->lng->txt('msg_no_perm_read'),$ilErr->WARNING);
1099  }
1100 
1101  switch($next_class)
1102  {
1103  case 'ilregistrationsettingsgui':
1104 
1105  include_once './Services/Registration/classes/class.ilRegistrationSettingsGUI.php';
1106 
1107  // Enable tabs
1108  $this->tabs_gui->setTabActive('registration_settings');
1109  $registration_gui =& new ilRegistrationSettingsGUI();
1110  $this->ctrl->forwardCommand($registration_gui);
1111  break;
1112 
1113  case 'ilpermissiongui':
1114 
1115  // Enable tabs
1116  $this->tabs_gui->setTabActive('perm_settings');
1117 
1118  include_once("Services/AccessControl/classes/class.ilPermissionGUI.php");
1119  $perm_gui =& new ilPermissionGUI($this);
1120  $ret =& $this->ctrl->forwardCommand($perm_gui);
1121  break;
1122 
1123  case 'illdapsettingsgui':
1124 
1125  // Enable Tabs
1126  $this->tabs_gui->setTabActive('auth_ldap');
1127 
1128  include_once './Services/LDAP/classes/class.ilLDAPSettingsGUI.php';
1129  $ldap_settings_gui = new ilLDAPSettingsGUI($this->object->getRefId());
1130  $this->ctrl->forwardCommand($ldap_settings_gui);
1131  break;
1132 
1133  case 'ilauthshibbolethsettingsgui':
1134 
1135  $this->tabs_gui->setTabActive('auth_shib');
1136  include_once('./Services/AuthShibboleth/classes/class.ilAuthShibbolethSettingsGUI.php');
1137  $shib_settings_gui = new ilAuthShibbolethSettingsGUI($this->object->getRefId());
1138  $this->ctrl->forwardCommand($shib_settings_gui);
1139  break;
1140 
1141  case 'ilradiussettingsgui':
1142 
1143  $this->tabs_gui->setTabActive('auth_radius');
1144  include_once './Services/Radius/classes/class.ilRadiusSettingsGUI.php';
1145  $radius_settings_gui = new ilRadiusSettingsGUI($this->object->getRefId());
1146  $this->ctrl->forwardCommand($radius_settings_gui);
1147  break;
1148 
1149  case 'ilopenidsettingsgui':
1150 
1151  $this->tabs_gui->setTabActive('auth_openid');
1152 
1153  include_once './Services/OpenId/classes/class.ilOpenIdSettingsGUI.php';
1154  $os = new ilOpenIdSettingsGUI($this->object->getRefId());
1155  $this->ctrl->forwardCommand($os);
1156  break;
1157 
1158  default:
1159  if(!$cmd)
1160  {
1161  $cmd = "authSettings";
1162  }
1163  $cmd .= "Object";
1164  $this->$cmd();
1165 
1166  break;
1167  }
1168  return true;
1169  }
1170 
1171  function getAdminTabs(&$tabs_gui)
1172  {
1173  $this->getTabs($tabs_gui);
1174  }
1175 
1181  function getTabs(&$tabs_gui)
1182  {
1183  global $rbacsystem;
1184 
1185  $this->ctrl->setParameter($this,"ref_id",$this->object->getRefId());
1186 
1187  if ($rbacsystem->checkAccess("visible,read",$this->object->getRefId()))
1188  {
1189 
1190  $tabs_gui->addTarget('registration_settings',
1191  $this->ctrl->getLinkTargetByClass('ilregistrationsettingsgui','view'));
1192 
1193  $tabs_gui->addTarget("authentication_settings", $this->ctrl->getLinkTarget($this, "authSettings"),
1194  "", "", "");
1195 
1196  $tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTargetByClass('illdapsettingsgui','serverList'),
1197  "", "", "");
1198 
1199 
1200  #$tabs_gui->addTarget("auth_ldap", $this->ctrl->getLinkTarget($this, "editLDAP"),
1201  # "", "", "");
1202 
1203  $tabs_gui->addTarget('auth_shib',$this->ctrl->getLinkTargetByClass('ilauthshibbolethsettingsgui','settings'));
1204 
1205  $tabs_gui->addTarget("auth_cas", $this->ctrl->getLinkTarget($this, "editCAS"),
1206  "", "", "");
1207 
1208  $tabs_gui->addTarget("auth_radius", $this->ctrl->getLinkTargetByClass('ilradiussettingsgui', "settings"),
1209  "", "", "");
1210 
1211  $tabs_gui->addTarget("auth_soap", $this->ctrl->getLinkTarget($this, "editSOAP"),
1212  "", "", "");
1213 
1214  $tabs_gui->addTarget(
1215  'auth_openid',
1216  $this->ctrl->getLinkTargetByClass('ilopenidsettingsgui','settings'),
1217  '',
1218  '',
1219  ''
1220  );
1221 
1222  $tabs_gui->addTarget("apache_auth_settings", $this->ctrl->getLinkTarget($this,'apacheAuthSettings'),
1223  "", "", "");
1224  }
1225 
1226  if ($rbacsystem->checkAccess('edit_permission',$this->object->getRefId()))
1227  {
1228  $tabs_gui->addTarget("perm_settings",
1229  $this->ctrl->getLinkTargetByClass(array(get_class($this),'ilpermissiongui'), "perm"),
1230  array("perm","info","owner"), 'ilpermissiongui');
1231  }
1232  }
1233 
1237  function setSubTabs($a_tab)
1238  {
1239  global $rbacsystem,$ilUser,$ilAccess;
1240 
1241  switch ($a_tab)
1242  {
1243  case 'authSettings':
1244  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
1245  {
1246  $this->tabs_gui->addSubTabTarget("auth_settings",
1247  $this->ctrl->getLinkTarget($this,'authSettings'),
1248  "");
1249  }
1250 
1251  if($ilAccess->checkAccess('write','',$this->object->getRefId()))
1252  {
1253  $this->tabs_gui->addSubTabTarget("login_information",
1254  $this->ctrl->getLinkTarget($this,'loginInfo'),
1255  "");
1256  }
1257  break;
1258  }
1259  }
1260 
1261 
1262  public function apacheAuthSettingsObject($form = false)
1263  {
1264  global $ilDB, $tpl;
1265 
1266  $this->tabs_gui->setTabActive("apache_auth_settings");
1267  //$this->setSubTabs("authSettings");
1268  //$this->tabs_gui->setSubTabActive("apache_auth_settings");
1269  if (!$form)
1270  {
1271  $form = $this->getApacheAuthSettingsForm();
1272 
1273  $settings = new ilSetting('apache_auth');
1274  $settingsMap = $settings->getAll();
1275 
1276  $path = ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt';
1277  if (file_exists($path) && is_readable($path)) {
1278  $settingsMap['apache_auth_domains'] = file_get_contents($path);
1279  }
1280 
1281  $form->setValuesByArray($settingsMap);
1282  }
1283  $tpl->setVariable('ADM_CONTENT', $form->getHtml());
1284  }
1285 
1286  public function saveApacheSettingsObject()
1287  {
1288  global $ilCtrl;
1289  $form = $this->getApacheAuthSettingsForm();
1290  $form->setValuesByPost();
1291  /*$items = $form->getItems();
1292  foreach($items as $item)
1293  $item->validate();*/
1294  if ($form->checkInput())
1295  {
1296  $settings = new ilSetting('apache_auth');
1297  $fields = array
1298  (
1299  'apache_auth_indicator_name', 'apache_auth_indicator_value',
1300  'apache_enable_auth', 'apache_enable_local', 'apache_local_autocreate',
1301  'apache_enable_ldap', 'apache_auth_username_config_type',
1302  'apache_auth_username_direct_mapping_fieldname',
1303  'apache_default_role', 'apache_auth_target_override_login_page',
1304  'apache_auth_enable_override_login_page',
1305  'apache_auth_authenticate_on_login_page'
1306 // 'apache_auth_username_by_function_functionname',
1307  );
1308 
1309  foreach($fields as $field)
1310  $settings->set($field, $form->getInput($field));
1311 
1312  if ($form->getInput('apache_enable_auth'))
1313  $this->ilias->setSetting('apache_active', true);
1314  else {
1315  $this->ilias->setSetting('apache_active', false);
1316  global $ilSetting;
1317  if ($ilSetting->get("auth_mode") == AUTH_APACHE) {
1318  $ilSetting->set("auth_mode", AUTH_LOCAL);
1319  }
1320  }
1321 
1322  $allowedDomains = $this->validateApacheAuthAllowedDomains($form->getInput('apache_auth_domains'));
1323  file_put_contents(ILIAS_DATA_DIR . '/' . CLIENT_ID . '/apache_auth_allowed_domains.txt', $allowedDomains);
1324 
1325  ilUtil::sendSuccess($this->lng->txt('apache_settings_changed_success'), true);
1326  $this->ctrl->redirect($this, 'apacheAuthSettings');
1327  }
1328  else
1329  {
1330  $this->apacheAuthSettingsObject($form);
1331  }
1332  }
1333 
1334  public function getApacheAuthSettingsForm()
1335  {
1336  include_once("./Services/Form/classes/class.ilPropertyFormGUI.php");
1337 
1338  $form = new ilPropertyFormGUI();
1339  $form->setFormAction($this->ctrl->getFormAction($this));
1340  $form->setTitle($this->lng->txt('apache_settings'));
1341 
1342  $chb_enabled = new ilCheckboxInputGUI($this->lng->txt('apache_enable_auth'), 'apache_enable_auth');
1343  $form->addItem($chb_enabled);
1344 
1345  $chb_local_create_account = new ilCheckboxInputGUI($this->lng->txt('apache_autocreate'), 'apache_local_autocreate');
1346  $chb_enabled->addSubitem($chb_local_create_account);
1347 
1348  global $rbacreview;
1349  $roles = $rbacreview->getGlobalRolesArray();
1350  $select = new ilSelectInputGUI($this->lng->txt('apache_default_role'), 'apache_default_role');
1351  $roleOptions = array();
1352  foreach($roles as $role) {
1353  $roleOptions[$role['obj_id']] = ilObject::_lookupTitle($role['obj_id']);
1354  }
1355  $select->setOptions($roleOptions);
1356  $select->setValue(4);
1357 
1358  $chb_local_create_account->addSubitem($select);
1359 
1360  $chb_local = new ilCheckboxInputGUI($this->lng->txt('apache_enable_local'), 'apache_enable_local');
1361  $form->addItem($chb_local);
1362 /*
1363  $chb_ldap = new ilCheckboxInputGUI($this->lng->txt('apache_enable_ldap'), 'apache_enable_ldap');
1364  $chb_ldap->setInfo($this->lng->txt('apache_ldap_hint_ldap_must_be_configured'));
1365  $form->addItem($chb_ldap);
1366 */
1367  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_name'), 'apache_auth_indicator_name');
1368  $txt->setRequired(true);
1369  $form->addItem($txt);
1370 
1371  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_indicator_value'), 'apache_auth_indicator_value');
1372  $txt->setRequired(true);
1373  $form->addItem($txt);
1374 
1375 
1376  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_enable_override_login'), 'apache_auth_enable_override_login_page');
1377  $form->addItem($chb);
1378 
1379  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_target_override_login'), 'apache_auth_target_override_login_page');
1380  $txt->setRequired(true);
1381  $chb->addSubItem($txt);
1382 
1383  $chb = new ilCheckboxInputGUI($this->lng->txt('apache_auth_authenticate_on_login_page'), 'apache_auth_authenticate_on_login_page');
1384  $form->addItem($chb);
1385 
1386  $sec = new ilFormSectionHeaderGUI();
1387  $sec->setTitle($this->lng->txt('apache_auth_username_config'));
1388  $form->addItem($sec);
1389 
1390  $rag = new ilRadioGroupInputGUI($this->lng->txt('apache_auth_username_config_type'), 'apache_auth_username_config_type');
1391  $form->addItem($rag);
1392 
1393  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_direct_mapping'), 1);
1394  $rag->addOption($rao);
1395 
1396  $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_direct_mapping_fieldname'), 'apache_auth_username_direct_mapping_fieldname');
1397  //$txt->setRequired(true);
1398  $rao->addSubItem($txt);
1399 
1400  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_extended_mapping'), 2);
1401  $rao->setDisabled(true);
1402  $rag->addOption($rao);
1403 
1404  $rao = new ilRadioOption($this->lng->txt('apache_auth_username_by_function'), 3);
1405  $rag->addOption($rao);
1406 
1407 /* $txt = new ilTextInputGUI($this->lng->txt('apache_auth_username_by_function_functionname'), 'apache_auth_username_by_function_functionname');
1408  $rao->addSubItem($txt);*/
1409 
1410  $sec = new ilFormSectionHeaderGUI();
1411  $sec->setTitle($this->lng->txt('apache_auth_security'));
1412  $form->addItem($sec);
1413 
1414  $txt = new ilTextAreaInputGUI($this->lng->txt('apache_auth_domains'), 'apache_auth_domains');
1415  $txt->setInfo($this->lng->txt('apache_auth_domains_description'));
1416 
1417  $form->addItem($txt);
1418 
1419  $form->addCommandButton('saveApacheSettings',$this->lng->txt('save'));
1420  $form->addCommandButton('cancel',$this->lng->txt('cancel'));
1421 
1422  return $form;
1423  }
1424 
1425  private function validateApacheAuthAllowedDomains($text) {
1426  return join("\n", preg_split("/[\r\n]+/", $text));
1427  }
1428 
1429 } // END class.ilObjAuthSettingsGUI
1430 ?>