ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthBase Class Reference

@classDescription Base class for all PEAR and ILIAS auth classes. More...

+ Inheritance diagram for ilAuthBase:
+ Collaboration diagram for ilAuthBase:

Public Member Functions

 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Protected Member Functions

 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 

Protected Attributes

 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

@classDescription Base class for all PEAR and ILIAS auth classes.

Enables logging, observers.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$Id$

Definition at line 33 of file class.ilAuthBase.php.

Member Function Documentation

◆ checkAuthObserver()

ilAuthBase::checkAuthObserver (   $a_username,
  $a_auth 
)
protected

Called after each check auth request.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 264 of file class.ilAuthBase.php.

265 {
266 #$GLOBALS['ilLog']->write(__METHOD__.': Check auth observer called');
267 return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
268 }
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74

References getContainer().

+ Here is the call graph for this function:

◆ failedLoginObserver()

ilAuthBase::failedLoginObserver (   $a_username,
  $a_auth 
)
protected

Called after failed login.

Returns
Parameters
array$a_username
object$a_auth

Reimplemented in ilAuthHTTP.

Definition at line 227 of file class.ilAuthBase.php.

228 {
229 global $ilLog;
230
231 $ilLog->write(__METHOD__.': login failed for user '.$a_username.
232 ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
233 ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
234 );
235
236 if($a_username)
237 {
238 $usr_id = ilObjUser::_lookupId($a_username);
239 if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
240 {
241 ilObjUser::_incrementLoginAttempts($usr_id);
242 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
243
244 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245 $security = ilSecuritySettings::_getInstance();
246 $max_attempts = $security->getLoginMaxAttempts();
247
248 if((int)$max_attempts && $login_attempts >= $max_attempts)
249 {
250 ilObjUser::_setUserInactive($usr_id);
251 }
252 }
253 }
254
255 return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
256 }
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4750
ilObjUser\_lookupId
static _lookupId($a_user_str)
lookup id by login
Definition: class.ilObjUser.php:824
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4761
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4738
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
$ilLog
$ilLog
Definition: inc.setup_header.php:132

References $ilLog, ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), and getContainer().

+ Here is the call graph for this function:

◆ getContainer()

ilAuthBase::getContainer ( )
final

Get container object.

Returns
object ilAuthContainerBase

Definition at line 74 of file class.ilAuthBase.php.

75 {
76 return $this->storage;
77 }

Referenced by checkAuthObserver(), failedLoginObserver(), loginObserver(), and logoutObserver().

+ Here is the caller graph for this function:

◆ getExceededUserName()

ilAuthBase::getExceededUserName ( )

Definition at line 292 of file class.ilAuthBase.php.

293 {
294 return $this->exceeded_user_name;
295 }

References $exceeded_user_name.

◆ getSubStatus()

ilAuthBase::getSubStatus ( )

Get sub status.

Returns
type

Definition at line 46 of file class.ilAuthBase.php.

47 {
48 return $this->sub_status;
49 }

References $sub_status.

◆ initAuth()

ilAuthBase::initAuth ( )
finalprotected

Init auth object Enable logging, set callbacks...

Returns
void

Definition at line 84 of file class.ilAuthBase.php.

85 {
86 ilSessionControl::initSession();
87
88 $this->enableLogging = false;
89 //$this->enableLogging = false;
90
91 if ($this->enableLogging)
92 {
93 $GLOBALS['ilLog']->write(__METHOD__.': Init callbacks');
94 }
95 $this->setLoginCallback(array($this,'loginObserver'));
96 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97 $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98 $this->setLogoutCallback(array($this,'logoutObserver'));
99
100 include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101 $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102
103 }
AUTH_LOG_DEBUG
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:140
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4

References $GLOBALS, AUTH_LOG_DEBUG, and ilSessionControl\initSession().

Referenced by ilAuthApache\__construct(), ilAuthWeb\__construct(), ilAuthOpenId\__construct(), ilAuthCAS\__construct(), ilAuthCron\__construct(), ilAuthHTTP\__construct(), ilAuthCalendarToken\__construct(), ilAuthECS\__construct(), and ilAuthSOAP\__construct().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ loginObserver()

ilAuthBase::loginObserver (   $a_username,
  $a_auth 
)
protected

Called after successful login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 111 of file class.ilAuthBase.php.

112 {
113 global $ilLog, $ilAppEventHandler, $ilSetting;
114
115 if($this->getContainer()->loginObserver($a_username,$a_auth))
116 {
117 // validate user
118 include_once "Services/User/classes/class.ilObjUser.php";
119 $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120 if($user_id != ANONYMOUS_USER_ID)
121 {
122 $user = new ilObjUser($user_id);
123
124 // check if profile is complete
125 include_once "Services/User/classes/class.ilUserProfile.php";
126 if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
127 {
128 $user->setProfileIncomplete(true);
129 $user->update();
130 }
131
132 // --- extended user validation
133 //
134 // we only have a single status, so abort after each one
135 // order from highest priority to lowest
136
137 // active?
138 if(!$user->getActive())
139 {
140 $this->status = AUTH_USER_INACTIVE;
141 $a_auth->logout();
142 return;
143 }
144
145 // time limit
146 if(!$user->checkTimeLimit())
147 {
148 $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
149 // #16327
150 $this->exceeded_user_name = $this->getUserName();
151 $a_auth->logout();
152 return;
153 }
154
155 // check client ip
156 $clientip = $user->getClientIP();
157 if (trim($clientip) != "")
158 {
159 $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
160 $clientip = str_replace(".","\\.",$clientip);
161 $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
162 if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
163 {
164 $this->status = AUTH_USER_WRONG_IP;
165 $a_auth->logout();
166 return;
167 }
168 }
169
170 // simultaneous login
171 if($ilSetting->get('ps_prevent_simultaneous_logins') &&
172 ilObjUser::hasActiveSession($user_id))
173 {
174 $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
175 $a_auth->logout();
176 return;
177 }
178
179 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
180 ilOnlineTracking::addUser($user_id);
181
182 include_once 'Modules/Forum/classes/class.ilObjForum.php';
183 ilObjForum::_updateOldAccess($user_id);
184
185 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
186 $security_settings = ilSecuritySettings::_getInstance();
187
188 // determine first login of user for setting an indicator
189 // which still is available in PersonalDesktop, Repository, ...
190 // (last login date is set to current date in next step)
191 if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
192 $user->getLastLogin() == null
193 )
194 {
195 $user->resetLastPasswordChange();
196 }
197
198 $user->refreshLogin();
199
200 // reset counter for failed logins
201 ilObjUser::_resetLoginAttempts($user_id);
202 }
203
204 // --- anonymous/registered user
205
206 $ilLog->write(
207 __METHOD__ . ': logged in as ' . $a_auth->getUsername() .
208 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
209 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
210 );
211
212 ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
213
214 $ilAppEventHandler->raise(
215 'Services/Authentication', 'afterLogin',
216 array('username' => $a_auth->getUsername())
217 );
218 }
219 }
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:48
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:47
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:46
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:45
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:111
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4727
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2540
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4458
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:854
$ilSetting
global $ilSetting
Definition: privfeed.php:40

References $ilLog, $ilSetting, ilSecuritySettings\_getInstance(), ilObjUser\_loginExists(), ilObjUser\_resetLoginAttempts(), AUTH_USER_INACTIVE, AUTH_USER_SIMULTANEOUS_LOGIN, AUTH_USER_TIME_LIMIT_EXCEEDED, AUTH_USER_WRONG_IP, ilAuthFactory\CONTEXT_ECS, getContainer(), ilAuthFactory\getContext(), ilSessionControl\handleLoginEvent(), ilObjUser\hasActiveSession(), ilUserProfile\isProfileIncomplete(), and loginObserver().

Referenced by loginObserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ logoutObserver()

ilAuthBase::logoutObserver (   $a_username,
  $a_auth 
)
protected

Called after logout.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 276 of file class.ilAuthBase.php.

277 {
278 global $ilLog, $ilAppEventHandler;
279
280 $ilLog->write(__METHOD__.': Logout observer called');
281
282 ilSessionControl::handleLogoutEvent();
283
284 $ilAppEventHandler->raise(
285 'Services/Authentication', 'afterLogout',
286 array('username' => $a_auth->getUsername())
287 );
288
289 return $this->getContainer()->logoutObserver($a_username,$a_auth);
290 }
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:208

References $ilLog, getContainer(), and ilSessionControl\handleLogoutEvent().

+ Here is the call graph for this function:

◆ setSubStatus()

ilAuthBase::setSubStatus (   $a_sub_status)

Set sub status.

Parameters
type$a_sub_status

Definition at line 55 of file class.ilAuthBase.php.

56 {
57 $this->sub_status = $a_sub_status;
58 }

◆ supportsRedirects()

ilAuthBase::supportsRedirects ( )

Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...

Returns

Reimplemented in ilAuthCron, ilAuthApache, ilAuthHTTP, ilAuthWeb, ShibAuth, ilAuthCalendar, ilAuthCalendarToken, ilAuthCAS, ilAuthOpenId, ilAuthECS, and ilAuthSOAP.

Definition at line 65 of file class.ilAuthBase.php.

66 {
67 return true;
68 }

Field Documentation

◆ $exceeded_user_name

ilAuthBase::$exceeded_user_name
protected

Definition at line 39 of file class.ilAuthBase.php.

Referenced by getExceededUserName().

◆ $sub_status

ilAuthBase::$sub_status = null
protected

Definition at line 37 of file class.ilAuthBase.php.

Referenced by getSubStatus().

The documentation for this class was generated from the following file: