ILIAS  release_4-3 Revision
 All Data Structures Namespaces Files Functions Variables Groups Pages
class.ilAuthBase.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 abstract class ilAuthBase
34 {
35  // Used for SOAP Auth
36  // TODO: Find another solution
37  protected $sub_status = null;
38 
44  public function supportsRedirects()
45  {
46  return true;
47  }
48 
53  public final function getContainer()
54  {
55  return $this->storage;
56  }
57 
63  protected final function initAuth()
64  {
65  ilSessionControl::initSession();
66 
67  //$this->enableLogging = true;
68  $this->enableLogging = false;
69 
70  if ($this->enableLogging)
71  {
72  $GLOBALS['ilLog']->write(__METHOD__.': Init callbacks');
73  }
74  $this->setLoginCallback(array($this,'loginObserver'));
75  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
76  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
77  $this->setLogoutCallback(array($this,'logoutObserver'));
78 
79  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
80  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
81 
82  }
83 
90  protected function loginObserver($a_username,$a_auth)
91  {
92  global $ilLog, $ilAppEventHandler, $ilSetting;
93 
94  if($this->getContainer()->loginObserver($a_username,$a_auth))
95  {
96  // validate user
97  include_once "Services/User/classes/class.ilObjUser.php";
98  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
99  if($user_id != ANONYMOUS_USER_ID)
100  {
101  $user = new ilObjUser($user_id);
102 
103  // check if profile is complete
104  include_once "Services/User/classes/class.ilUserProfile.php";
105  if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
106  {
107  $user->setProfileIncomplete(true);
108  $user->update();
109  }
110 
111 
112  // --- extended user validation
113  //
114  // we only have a single status, so abort after each one
115  // order from highest priority to lowest
116 
117  // active?
118  if(!$user->getActive())
119  {
120  $this->status = AUTH_USER_INACTIVE;
121  $a_auth->logout();
122  return;
123  }
124 
125  // time limit
126  if(!$user->checkTimeLimit())
127  {
128  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
129  $a_auth->logout();
130  return;
131  }
132 
133  // check client ip
134  $clientip = $user->getClientIP();
135  if (trim($clientip) != "")
136  {
137  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
138  $clientip = str_replace(".","\\.",$clientip);
139  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
140  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
141  {
142  $this->status = AUTH_USER_WRONG_IP;
143  $a_auth->logout();
144  return;
145  }
146  }
147 
148  // simultaneous login
149  if($ilSetting->get('ps_prevent_simultaneous_logins') &&
150  ilObjUser::hasActiveSession($user_id))
151  {
152  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
153  $a_auth->logout();
154  return;
155  }
156 
157  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
158  ilOnlineTracking::addUser($user_id);
159 
160  include_once 'Modules/Forum/classes/class.ilObjForum.php';
161  ilObjForum::_updateOldAccess($user_id);
162 
163  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
164  $security_settings = ilSecuritySettings::_getInstance();
165 
166  // determine first login of user for setting an indicator
167  // which still is available in PersonalDesktop, Repository, ...
168  // (last login date is set to current date in next step)
169  if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
170  $user->getLastLogin() == null
171  )
172  {
173  $user->resetLastPasswordChange();
174  }
175 
176  $user->refreshLogin();
177 
178  // differentiate account security mode
179  if($security_settings->getAccountSecurityMode() ==
180  ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED
181  )
182  {
183  // reset counter for failed logins
184  ilObjUser::_resetLoginAttempts($user_id);
185  }
186  }
187 
188  // --- anonymous/registered user
189 
190  $ilLog->write(
191  __METHOD__ . ': logged in as ' . $a_auth->getUsername() .
192  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
193  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
194  );
195 
196  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
197 
198  $ilAppEventHandler->raise(
199  'Services/Authentication', 'afterLogin',
200  array('username' => $a_auth->getUsername())
201  );
202  }
203  }
204 
211  protected function failedLoginObserver($a_username, $a_auth)
212  {
213  global $ilLog;
214 
215  $ilLog->write(__METHOD__.': login failed for user '.$a_username.
216  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
217  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
218  );
219 
220  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
221  $security = ilSecuritySettings::_getInstance();
222  if($a_username &&
223  $security->getAccountSecurityMode() == ilSecuritySettings::ACCOUNT_SECURITY_MODE_CUSTOMIZED
224  )
225  {
226  $usr_id = ilObjUser::_lookupId($a_username);
227  if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
228  {
229  ilObjUser::_incrementLoginAttempts($usr_id);
230 
231  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
232  $max_attempts = $security->getLoginMaxAttempts();
233  if((int)$max_attempts && $login_attempts >= $max_attempts)
234  {
235  ilObjUser::_setUserInactive($usr_id);
236  }
237  }
238  }
239 
240  return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
241  }
242 
249  protected function checkAuthObserver($a_username,$a_auth)
250  {
251  #$GLOBALS['ilLog']->write(__METHOD__.': Check auth observer called');
252  return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
253  }
254 
261  protected function logoutObserver($a_username,$a_auth)
262  {
263  global $ilLog;
264 
265  $ilLog->write(__METHOD__.': Logout observer called');
266 
267  ilSessionControl::handleLogoutEvent();
268 
269  return $this->getContainer()->logoutObserver($a_username,$a_auth);
270  }
271 
272 }
273 ?>