ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilAuthBase.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 abstract class ilAuthBase
34 {
35  // Used for SOAP Auth
36  // TODO: Find another solution
37  protected $sub_status = null;
38 
39  protected $exceeded_user_name;
40 
41 
46  public function getSubStatus()
47  {
48  return $this->sub_status;
49  }
50 
55  public function setSubStatus($a_sub_status)
56  {
57  $this->sub_status = $a_sub_status;
58  }
59 
65  public function supportsRedirects()
66  {
67  return true;
68  }
69 
74  public final function getContainer()
75  {
76  return $this->storage;
77  }
78 
84  protected final function initAuth()
85  {
86  ilSessionControl::initSession();
87 
88  $this->enableLogging = false;
89  //$this->enableLogging = false;
90 
91  if ($this->enableLogging)
92  {
93  $GLOBALS['ilLog']->write(__METHOD__.': Init callbacks');
94  }
95  $this->setLoginCallback(array($this,'loginObserver'));
96  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98  $this->setLogoutCallback(array($this,'logoutObserver'));
99 
100  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102 
103  }
104 
111  protected function loginObserver($a_username,$a_auth)
112  {
113  global $ilLog, $ilAppEventHandler, $ilSetting;
114 
115  if($this->getContainer()->loginObserver($a_username,$a_auth))
116  {
117  // validate user
118  include_once "Services/User/classes/class.ilObjUser.php";
119  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120  if($user_id != ANONYMOUS_USER_ID)
121  {
122  $user = new ilObjUser($user_id);
123 
124  // check if profile is complete
125  include_once "Services/User/classes/class.ilUserProfile.php";
126  if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
127  {
128  $user->setProfileIncomplete(true);
129  $user->update();
130  }
131 
132  // --- extended user validation
133  //
134  // we only have a single status, so abort after each one
135  // order from highest priority to lowest
136 
137  // active?
138  if(!$user->getActive())
139  {
140  $this->status = AUTH_USER_INACTIVE;
141  $a_auth->logout();
142  return;
143  }
144 
145  // time limit
146  if(!$user->checkTimeLimit())
147  {
148  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
149  // #16327
150  $this->exceeded_user_name = $this->getUserName();
151  $a_auth->logout();
152  return;
153  }
154 
155  // check client ip
156  $clientip = $user->getClientIP();
157  if (trim($clientip) != "")
158  {
159  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
160  $clientip = str_replace(".","\\.",$clientip);
161  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
162  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
163  {
164  $this->status = AUTH_USER_WRONG_IP;
165  $a_auth->logout();
166  return;
167  }
168  }
169 
170  // simultaneous login
171  if($ilSetting->get('ps_prevent_simultaneous_logins') &&
172  ilObjUser::hasActiveSession($user_id))
173  {
174  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
175  $a_auth->logout();
176  return;
177  }
178 
179  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
180  ilOnlineTracking::addUser($user_id);
181 
182  include_once 'Modules/Forum/classes/class.ilObjForum.php';
183  ilObjForum::_updateOldAccess($user_id);
184 
185  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
186  $security_settings = ilSecuritySettings::_getInstance();
187 
188  // determine first login of user for setting an indicator
189  // which still is available in PersonalDesktop, Repository, ...
190  // (last login date is set to current date in next step)
191  if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
192  $user->getLastLogin() == null
193  )
194  {
195  $user->resetLastPasswordChange();
196  }
197 
198  $user->refreshLogin();
199 
200  // reset counter for failed logins
201  ilObjUser::_resetLoginAttempts($user_id);
202  }
203 
204  // --- anonymous/registered user
205 
206  $ilLog->write(
207  __METHOD__ . ': logged in as ' . $a_auth->getUsername() .
208  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
209  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
210  );
211 
212  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
213 
214  $ilAppEventHandler->raise(
215  'Services/Authentication', 'afterLogin',
216  array('username' => $a_auth->getUsername())
217  );
218  }
219  }
220 
227  protected function failedLoginObserver($a_username, $a_auth)
228  {
229  global $ilLog;
230 
231  $ilLog->write(__METHOD__.': login failed for user '.$a_username.
232  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
233  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
234  );
235 
236  if($a_username)
237  {
238  $usr_id = ilObjUser::_lookupId($a_username);
239  if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
240  {
241  ilObjUser::_incrementLoginAttempts($usr_id);
242  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
243 
244  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245  $security = ilSecuritySettings::_getInstance();
246  $max_attempts = $security->getLoginMaxAttempts();
247 
248  if((int)$max_attempts && $login_attempts >= $max_attempts)
249  {
250  ilObjUser::_setUserInactive($usr_id);
251  }
252  }
253  }
254 
255  return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
256  }
257 
264  protected function checkAuthObserver($a_username,$a_auth)
265  {
266  #$GLOBALS['ilLog']->write(__METHOD__.': Check auth observer called');
267  return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
268  }
269 
276  protected function logoutObserver($a_username,$a_auth)
277  {
278  global $ilLog, $ilAppEventHandler;
279 
280  $ilLog->write(__METHOD__.': Logout observer called');
281 
282  ilSessionControl::handleLogoutEvent();
283 
284  $ilAppEventHandler->raise(
285  'Services/Authentication', 'afterLogout',
286  array('username' => $a_auth->getUsername())
287  );
288 
289  return $this->getContainer()->logoutObserver($a_username,$a_auth);
290  }
291 
292  public function getExceededUserName()
293  {
294  return $this->exceeded_user_name;
295  }
296 }
297 ?>
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:854
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:46
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:45
ilAuthBase\failedLoginObserver
failedLoginObserver($a_username, $a_auth)
Called after failed login.
Definition: class.ilAuthBase.php:227
ilAuthBase\initAuth
initAuth()
Init auth object Enable logging, set callbacks...
Definition: class.ilAuthBase.php:84
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4750
AUTH_LOG_DEBUG
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
ilObjUser\_lookupId
static _lookupId($a_user_str)
lookup id by login
Definition: class.ilObjUser.php:824
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:47
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4727
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4738
ilAuthBase\getSubStatus
getSubStatus()
Get sub status.
Definition: class.ilAuthBase.php:46
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4458
ilAuthBase\logoutObserver
logoutObserver($a_username, $a_auth)
Called after logout.
Definition: class.ilAuthBase.php:276
ilAuthBase
Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:33
ilAuthBase\checkAuthObserver
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
Definition: class.ilAuthBase.php:264
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2540
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:111
ilAuthBase\setSubStatus
setSubStatus($a_sub_status)
Set sub status.
Definition: class.ilAuthBase.php:55
$ilLog
$ilLog
Definition: inc.setup_header.php:132
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:48
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:140
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4761
$ilSetting
global $ilSetting
Definition: privfeed.php:40
ilAuthBase\supportsRedirects
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
Definition: class.ilAuthBase.php:65
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:208
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105