ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthBase Class Reference

Base class for all PEAR and ILIAS auth classes. More...

+ Inheritance diagram for ilAuthBase:
+ Collaboration diagram for ilAuthBase:

Public Member Functions

 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
 getContainer ()
 Get container object.

Protected Member Functions

 initAuth ()
 Init auth object Enable logging, set callbacks...
 loginObserver ($a_username, $a_auth)
 Called after successful login.
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login.
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request.
 logoutObserver ($a_username, $a_auth)
 Called after logout.

Protected Attributes

 $sub_status = null

Detailed Description

Base class for all PEAR and ILIAS auth classes.

Enables logging, observers.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$Id$

Definition at line 33 of file class.ilAuthBase.php.

Member Function Documentation

ilAuthBase::checkAuthObserver (   $a_username,
  $a_auth 
)
protected

Called after each check auth request.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 249 of file class.ilAuthBase.php.

References getContainer().

{
#$GLOBALS['ilLog']->write(__METHOD__.': Check auth observer called');
return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
}

+ Here is the call graph for this function:

ilAuthBase::failedLoginObserver (   $a_username,
  $a_auth 
)
protected

Called after failed login.

Returns
Parameters
array$a_username
object$a_auth

Reimplemented in ilAuthHTTP.

Definition at line 211 of file class.ilAuthBase.php.

References $ilLog, $usr_id, ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), ilSecuritySettings\ACCOUNT_SECURITY_MODE_CUSTOMIZED, and getContainer().

{
global $ilLog;
$ilLog->write(__METHOD__.': login failed for user '.$a_username.
', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
);
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security = ilSecuritySettings::_getInstance();
if($a_username &&
$security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED
)
{
$usr_id = ilObjUser::_lookupId($a_username);
if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
{
ilObjUser::_incrementLoginAttempts($usr_id);
$login_attempts = ilObjUser::_getLoginAttempts($usr_id);
$max_attempts = $security->getLoginMaxAttempts();
if((int)$max_attempts && $login_attempts >= $max_attempts)
{
ilObjUser::_setUserInactive($usr_id);
}
}
}
return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
}

+ Here is the call graph for this function:

ilAuthBase::getContainer ( )
final

Get container object.

Returns
object ilAuthContainerBase

Definition at line 53 of file class.ilAuthBase.php.

Referenced by checkAuthObserver(), failedLoginObserver(), loginObserver(), and logoutObserver().

{
return $this->storage;
}

+ Here is the caller graph for this function:

ilAuthBase::initAuth ( )
finalprotected

Init auth object Enable logging, set callbacks...

Returns
void

Definition at line 63 of file class.ilAuthBase.php.

References $GLOBALS, AUTH_LOG_DEBUG, and ilSessionControl\initSession().

Referenced by ilAuthOpenId\__construct(), ilAuthCAS\__construct(), ilAuthSOAP\__construct(), ilAuthWeb\__construct(), ilAuthHTTP\__construct(), ilAuthCalendarToken\__construct(), ilAuthCron\__construct(), ilAuthApache\__construct(), and ilAuthECS\__construct().

{
ilSessionControl::initSession();
//$this->enableLogging = true;
$this->enableLogging = false;
if ($this->enableLogging)
{
$GLOBALS['ilLog']->write(__METHOD__.': Init callbacks');
}
$this->setLoginCallback(array($this,'loginObserver'));
$this->setFailedLoginCallback(array($this,'failedLoginObserver'));
$this->setCheckAuthCallback(array($this,'checkAuthObserver'));
$this->setLogoutCallback(array($this,'logoutObserver'));
include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
$this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
}

+ Here is the call graph for this function:

+ Here is the caller graph for this function:

ilAuthBase::loginObserver (   $a_username,
  $a_auth 
)
protected

Called after successful login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 90 of file class.ilAuthBase.php.

References $ilLog, $ilSetting, ilSecuritySettings\_getInstance(), ilObjUser\_loginExists(), ilObjUser\_resetLoginAttempts(), ilSecuritySettings\ACCOUNT_SECURITY_MODE_CUSTOMIZED, AUTH_USER_INACTIVE, AUTH_USER_SIMULTANEOUS_LOGIN, AUTH_USER_TIME_LIMIT_EXCEEDED, AUTH_USER_WRONG_IP, ilAuthFactory\CONTEXT_ECS, getContainer(), ilAuthFactory\getContext(), ilSessionControl\handleLoginEvent(), ilObjUser\hasActiveSession(), and ilUserProfile\isProfileIncomplete().

{
global $ilLog, $ilAppEventHandler, $ilSetting;
if($this->getContainer()->loginObserver($a_username,$a_auth))
{
// validate user
include_once "Services/User/classes/class.ilObjUser.php";
$user_id = ilObjUser::_loginExists($a_auth->getUsername());
if($user_id != ANONYMOUS_USER_ID)
{
$user = new ilObjUser($user_id);
// check if profile is complete
include_once "Services/User/classes/class.ilUserProfile.php";
if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
{
$user->setProfileIncomplete(true);
$user->update();
}
// --- extended user validation
//
// we only have a single status, so abort after each one
// order from highest priority to lowest
// active?
if(!$user->getActive())
{
$this->status = AUTH_USER_INACTIVE;
$a_auth->logout();
return;
}
// time limit
if(!$user->checkTimeLimit())
{
$this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
$a_auth->logout();
return;
}
// check client ip
$clientip = $user->getClientIP();
if (trim($clientip) != "")
{
$clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
$clientip = str_replace(".","\\.",$clientip);
$clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
{
$this->status = AUTH_USER_WRONG_IP;
$a_auth->logout();
return;
}
}
// simultaneous login
if($ilSetting->get('ps_prevent_simultaneous_logins') &&
ilObjUser::hasActiveSession($user_id))
{
$this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
$a_auth->logout();
return;
}
include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
ilOnlineTracking::addUser($user_id);
include_once 'Modules/Forum/classes/class.ilObjForum.php';
ilObjForum::_updateOldAccess($user_id);
require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
$security_settings = ilSecuritySettings::_getInstance();
// determine first login of user for setting an indicator
// which still is available in PersonalDesktop, Repository, ...
// (last login date is set to current date in next step)
if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
$user->getLastLogin() == null
)
{
$user->resetLastPasswordChange();
}
$user->refreshLogin();
// differentiate account security mode
if($security_settings->getAccountSecurityMode() ==
ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED
)
{
// reset counter for failed logins
ilObjUser::_resetLoginAttempts($user_id);
}
}
// --- anonymous/registered user
$ilLog->write(
__METHOD__ . ': logged in as ' . $a_auth->getUsername() .
', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
);
ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
$ilAppEventHandler->raise(
'Services/Authentication', 'afterLogin',
array('username' => $a_auth->getUsername())
);
}
}

+ Here is the call graph for this function:

ilAuthBase::logoutObserver (   $a_username,
  $a_auth 
)
protected

Called after logout.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 261 of file class.ilAuthBase.php.

References $ilLog, getContainer(), and ilSessionControl\handleLogoutEvent().

{
global $ilLog;
$ilLog->write(__METHOD__.': Logout observer called');
ilSessionControl::handleLogoutEvent();
return $this->getContainer()->logoutObserver($a_username,$a_auth);
}

+ Here is the call graph for this function:

ilAuthBase::supportsRedirects ( )

Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...

Returns

Reimplemented in ShibAuth, ilAuthSOAP, ilAuthOpenId, ilAuthCron, ilAuthApache, ilAuthHTTP, ilAuthCalendar, ilAuthCalendarToken, ilAuthECS, ilAuthWeb, and ilAuthCAS.

Definition at line 44 of file class.ilAuthBase.php.

{
return true;
}

Field Documentation

ilAuthBase::$sub_status = null
protected

Definition at line 37 of file class.ilAuthBase.php.

The documentation for this class was generated from the following file: