ILIAS  release_5-0 Revision 5.0.0-1144-gc4397b1f870
class.ilAuthBase.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
33abstract class ilAuthBase
34{
35 // Used for SOAP Auth
36 // TODO: Find another solution
37 protected $sub_status = null;
38
39 protected $exceeded_user_name;
40
41
46 public function getSubStatus()
47 {
48 return $this->sub_status;
49 }
50
55 public function setSubStatus($a_sub_status)
56 {
57 $this->sub_status = $a_sub_status;
58 }
59
65 public function supportsRedirects()
66 {
67 return true;
68 }
69
74 public final function getContainer()
75 {
76 return $this->storage;
77 }
78
84 protected final function initAuth()
85 {
86 ilSessionControl::initSession();
87
88 $this->enableLogging = false;
89 //$this->enableLogging = false;
90
91 if ($this->enableLogging)
92 {
93 $GLOBALS['ilLog']->write(__METHOD__.': Init callbacks');
94 }
95 $this->setLoginCallback(array($this,'loginObserver'));
96 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97 $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98 $this->setLogoutCallback(array($this,'logoutObserver'));
99
100 include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101 $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102
103 }
104
111 protected function loginObserver($a_username,$a_auth)
112 {
113 global $ilLog, $ilAppEventHandler, $ilSetting;
114
115 if($this->getContainer()->loginObserver($a_username,$a_auth))
116 {
117 // validate user
118 include_once "Services/User/classes/class.ilObjUser.php";
119 $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120 if($user_id != ANONYMOUS_USER_ID)
121 {
122 $user = new ilObjUser($user_id);
123
124 // check if profile is complete
125 include_once "Services/User/classes/class.ilUserProfile.php";
126 if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
127 {
128 $user->setProfileIncomplete(true);
129 $user->update();
130 }
131
132 // --- extended user validation
133 //
134 // we only have a single status, so abort after each one
135 // order from highest priority to lowest
136
137 // active?
138 if(!$user->getActive())
139 {
140 $this->status = AUTH_USER_INACTIVE;
141 $a_auth->logout();
142 return;
143 }
144
145 // time limit
146 if(!$user->checkTimeLimit())
147 {
148 $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
149 // #16327
150 $this->exceeded_user_name = $this->getUserName();
151 $a_auth->logout();
152 return;
153 }
154
155 // check client ip
156 $clientip = $user->getClientIP();
157 if (trim($clientip) != "")
158 {
159 $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
160 $clientip = str_replace(".","\\.",$clientip);
161 $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
162 if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
163 {
164 $this->status = AUTH_USER_WRONG_IP;
165 $a_auth->logout();
166 return;
167 }
168 }
169
170 // simultaneous login
171 if($ilSetting->get('ps_prevent_simultaneous_logins') &&
172 ilObjUser::hasActiveSession($user_id))
173 {
174 $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
175 $a_auth->logout();
176 return;
177 }
178
179 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
180 ilOnlineTracking::addUser($user_id);
181
182 include_once 'Modules/Forum/classes/class.ilObjForum.php';
183 ilObjForum::_updateOldAccess($user_id);
184
185 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
186 $security_settings = ilSecuritySettings::_getInstance();
187
188 // determine first login of user for setting an indicator
189 // which still is available in PersonalDesktop, Repository, ...
190 // (last login date is set to current date in next step)
191 if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
192 $user->getLastLogin() == null
193 )
194 {
195 $user->resetLastPasswordChange();
196 }
197
198 $user->refreshLogin();
199
200 // reset counter for failed logins
201 ilObjUser::_resetLoginAttempts($user_id);
202 }
203
204 // --- anonymous/registered user
205
206 $ilLog->write(
207 __METHOD__ . ': logged in as ' . $a_auth->getUsername() .
208 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
209 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
210 );
211
212 ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
213
214 $ilAppEventHandler->raise(
215 'Services/Authentication', 'afterLogin',
216 array('username' => $a_auth->getUsername())
217 );
218 }
219 }
220
227 protected function failedLoginObserver($a_username, $a_auth)
228 {
229 global $ilLog;
230
231 $ilLog->write(__METHOD__.': login failed for user '.$a_username.
232 ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
233 ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
234 );
235
236 if($a_username)
237 {
238 $usr_id = ilObjUser::_lookupId($a_username);
239 if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
240 {
241 ilObjUser::_incrementLoginAttempts($usr_id);
242 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
243
244 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245 $security = ilSecuritySettings::_getInstance();
246 $max_attempts = $security->getLoginMaxAttempts();
247
248 if((int)$max_attempts && $login_attempts >= $max_attempts)
249 {
250 ilObjUser::_setUserInactive($usr_id);
251 }
252 }
253 }
254
255 return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
256 }
257
264 protected function checkAuthObserver($a_username,$a_auth)
265 {
266 #$GLOBALS['ilLog']->write(__METHOD__.': Check auth observer called');
267 return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
268 }
269
276 protected function logoutObserver($a_username,$a_auth)
277 {
278 global $ilLog, $ilAppEventHandler;
279
280 $ilLog->write(__METHOD__.': Logout observer called');
281
282 ilSessionControl::handleLogoutEvent();
283
284 $ilAppEventHandler->raise(
285 'Services/Authentication', 'afterLogout',
286 array('username' => $a_auth->getUsername())
287 );
288
289 return $this->getContainer()->logoutObserver($a_username,$a_auth);
290 }
291
292 public function getExceededUserName()
293 {
294 return $this->exceeded_user_name;
295 }
296}
297?>
AUTH_LOG_DEBUG
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:48
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:47
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:46
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:45
ilAuthBase
@classDescription Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:34
ilAuthBase\initAuth
initAuth()
Init auth object Enable logging, set callbacks...
Definition: class.ilAuthBase.php:84
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
ilAuthBase\setSubStatus
setSubStatus($a_sub_status)
Set sub status.
Definition: class.ilAuthBase.php:55
ilAuthBase\failedLoginObserver
failedLoginObserver($a_username, $a_auth)
Called after failed login.
Definition: class.ilAuthBase.php:227
ilAuthBase\getSubStatus
getSubStatus()
Get sub status.
Definition: class.ilAuthBase.php:46
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:111
ilAuthBase\supportsRedirects
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ....
Definition: class.ilAuthBase.php:65
ilAuthBase\logoutObserver
logoutObserver($a_username, $a_auth)
Called after logout.
Definition: class.ilAuthBase.php:276
ilAuthBase\checkAuthObserver
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
Definition: class.ilAuthBase.php:264
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4727
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4750
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2540
ilObjUser\_lookupId
static _lookupId($a_user_str)
lookup id by login
Definition: class.ilObjUser.php:824
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4761
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4738
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4458
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:208
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:140
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:854
$GLOBALS
$GLOBALS['ct_recipient']
Definition: example_form.ajax.php:4
$ilLog
$ilLog
Definition: inc.setup_header.php:132
$ilSetting
global $ilSetting
Definition: privfeed.php:40