ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Public Member Functions | Static Public Member Functions | Data Fields
Auth Class Reference
+ Inheritance diagram for Auth:
+ Collaboration diagram for Auth:

Public Member Functions

 Auth ($storageDriver, $options='', $loginFunction='', $showLogin=true)
 Constructor. More...
 
applyAuthOptions (&$options)
 Set the Auth options. More...
 
 _loadStorage ()
 Load Storage Driver if not already loaded. More...
 
 assignData ()
 Assign data from login form to internal values. More...
 
 start ()
 Start new auth session. More...
 
 login ()
 Login function. More...
 
 setExpire ($time, $add=false)
 Set the maximum expire time. More...
 
 setIdle ($time, $add=false)
 Set the maximum idle time. More...
 
 setSessionName ($name='session')
 Set name of the session to a customized value. More...
 
 setShowLogin ($showLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setAllowLogin ($allowLogin=true)
 Should the login form be displayed if neccessary? More...
 
 setCheckAuthCallback ($checkAuthCallback)
 Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object. More...
 
 setLoginCallback ($loginCallback)
 Register a callback function to be called on user login. More...
 
 setFailedLoginCallback ($loginFailedCallback)
 Register a callback function to be called on failed user login. More...
 
 setLogoutCallback ($logoutCallback)
 Register a callback function to be called on user logout. More...
 
 setAuthData ($name, $value, $overwrite=true)
 Register additional information that is to be stored in the session. More...
 
 getAuthData ($name=null)
 Get additional information that is stored in the session. More...
 
 setAuth ($username)
 Register variable in a session telling that the user has logged in successfully. More...
 
 setAdvancedSecurity ($flag=true)
 Enables advanced security checks. More...
 
 checkAuth ()
 Checks if there is a session with valid auth information. More...
 
 getAuth ()
 Has the user been authenticated? More...
 
 logout ()
 Logout function. More...
 
 updateIdle ()
 Update the idletime. More...
 
 getUsername ()
 Get the username. More...
 
 getStatus ()
 Get the current status. More...
 
 getPostUsernameField ()
 Gets the post varible used for the username. More...
 
 getPostPasswordField ()
 Gets the post varible used for the username. More...
 
 sessionValidThru ()
 Returns the time up to the session is valid. More...
 
 listUsers ()
 List all users that are currently available in the storage container. More...
 
 addUser ($username, $password, $additional='')
 Add user to the storage container. More...
 
 removeUser ($username)
 Remove user from the storage container. More...
 
 changePassword ($username, $password)
 Change password for user in the storage container. More...
 
 log ($message, $level=AUTH_LOG_DEBUG)
 Log a message from the Auth system. More...
 
 _loadLogger ()
 Load Log object if not already loaded. More...
 
 attachLogObserver (&$observer)
 Attach an Observer to the Auth Log Source. More...
 
 _isAdvancedSecurityEnabled ($feature=null)
 Is advanced security enabled? More...
 
- Public Member Functions inherited from ilAuthBase
 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Static Public Member Functions

_factory ($driver, $options='')
 Return a storage driver based on $driver and $options. More...
 
 staticCheckAuth ($options=null)
 Statically checks if there is a session with valid auth information. More...
 

Data Fields

 $expire = 0
 
 $expired = false
 
 $idle = 0
 
 $idled = false
 
 $storage = ''
 
 $loginFunction = ''
 
 $showLogin = true
 
 $allowLogin = true
 
 $status = ''
 
 $username = ''
 
 $password = ''
 
 $checkAuthCallback = ''
 
 $loginCallback = ''
 
 $loginFailedCallback = ''
 
 $logoutCallback = ''
 
 $_sessionName = '_authsession'
 
 $version = "@version@"
 
 $advancedsecurity = false
 
 $_postUsername = 'username'
 
 $_postPassword = 'password'
 
 $session
 
 $server
 
 $post
 
 $cookie
 
 $authdata
 
 $authChecks = 0
 
 $logger = null
 
 $enableLogging = false
 
 $regenerateSessionId = false
 

Additional Inherited Members

- Protected Member Functions inherited from ilAuthBase
 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 checkExceededLoginAttempts (\ilObjUser $user)
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 
- Protected Attributes inherited from ilAuthBase
 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Definition at line 90 of file Auth.php.

Member Function Documentation

◆ _factory()

& Auth::_factory (   $driver,
  $options = '' 
)
static

Return a storage driver based on $driver and $options.

Parameters
string$driverType of storage class to return
string$optionsOptional parameters for the storage class
Returns
object Object Storage object @access private

Definition at line 467 of file Auth.php.

468 {
469 $storage_class = 'Auth_Container_' . $driver;
470 include_once 'Auth/Container/' . $driver . '.php';
471 $obj =& new $storage_class($options);
472 return $obj;
473 }
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137

References $options.

Referenced by _loadStorage().

+ Here is the caller graph for this function:

◆ _isAdvancedSecurityEnabled()

Auth::_isAdvancedSecurityEnabled (   $feature = null)

Is advanced security enabled?

Pass one of the Advanced Security constants as the first parameter to check if that advanced security check is enabled.

Parameters
integer
Returns
boolean

Definition at line 1337 of file Auth.php.

1337 {
1338
1339 if (is_null($feature)) {
1340
1341 if ($this->advancedsecurity === true)
1342 return true;
1343
1344 if ( is_array($this->advancedsecurity)
1345 && in_array(true, $this->advancedsecurity, true))
1346 return true;
1347
1348 return false;
1349
1350 } else {
1351
1352 if (is_array($this->advancedsecurity)) {
1353
1354 if ( isset($this->advancedsecurity[$feature])
1355 && $this->advancedsecurity[$feature] == true)
1356 return true;
1357
1358 return false;
1359
1360 }
1361
1362 return (bool)$this->advancedsecurity;
1363
1364 }
1365
1366 }
Auth\$advancedsecurity
$advancedsecurity
Definition: Auth.php:245

References $advancedsecurity.

Referenced by checkAuth().

+ Here is the caller graph for this function:

◆ _loadLogger()

Auth::_loadLogger ( )

Load Log object if not already loaded.

Suspend logger instantiation to make Auth lighter to use for calls which do not require logging

Returns
bool True if the logger is loaded, false if the logger is already loaded @access private

Definition at line 1292 of file Auth.php.

1293 {
1294 if(is_null($this->logger)) {
1295 if (!class_exists('Log')) {
1296 include_once 'Log.php';
1297 }
1298 $this->logger =& Log::singleton('null',
1299 null,
1300 'auth['.getmypid().']',
1301 array(),
1302 AUTH_LOG_DEBUG);
1303 return(true);
1304 }
1305 return(false);
1306 }
AUTH_LOG_DEBUG
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
Log\singleton
& singleton($handler, $name='', $ident='', $conf=array(), $level=PEAR_LOG_DEBUG)
Attempts to return a reference to a concrete Log instance of type $handler, only creating a new insta...
Definition: Log.php:213

References AUTH_LOG_DEBUG, and Log\singleton().

Referenced by attachLogObserver(), and log().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ _loadStorage()

Auth::_loadStorage ( )

Load Storage Driver if not already loaded.

Suspend storage instantiation to make Auth lighter to use for calls which do not require login

Returns
bool True if the conainer is loaded, false if the container is already loaded @access private

Definition at line 443 of file Auth.php.

444 {
445 if(!is_object($this->storage)) {
446 $this->storage =& $this->_factory($this->storage_driver,
447 $this->storage_options);
448 $this->storage->_auth_obj =& $this;
449 $this->log('Loaded storage container ('.$this->storage_driver.')', AUTH_LOG_DEBUG);
450 return(true);
451 }
452 return(false);
453 }
Auth\_factory
& _factory($driver, $options='')
Return a storage driver based on $driver and $options.
Definition: Auth.php:467
Auth\log
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270

References _factory(), AUTH_LOG_DEBUG, and log().

Referenced by addUser(), changePassword(), listUsers(), ilAuthWeb\login(), login(), Auth_HTTP\login(), and removeUser().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ addUser()

Auth::addUser (   $username,
  $password,
  $additional = '' 
)

Add user to the storage container.

@access public

Parameters
stringUsername
stringPassword
mixedAdditional parameters
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1215 of file Auth.php.

1216 {
1217 $this->log('Auth::addUser() called.', AUTH_LOG_DEBUG);
1218 $this->_loadStorage();
1219 return $this->storage->addUser($username, $password, $additional);
1220 }
Auth\$username
$username
Definition: Auth.php:175
Auth\$password
$password
Definition: Auth.php:182
Auth\_loadStorage
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
$additional
$additional
Definition: goto.php:89

References $additional, $password, $username, _loadStorage(), AUTH_LOG_DEBUG, and log().

+ Here is the call graph for this function:

◆ applyAuthOptions()

& Auth::applyAuthOptions ( $options)

Set the Auth options.

Some options which are Auth specific will be applied the rest will be left for usage by the container

Parameters
arrayAn array of Auth options
Returns
array The options which were not applied @access private

Definition at line 396 of file Auth.php.

397 {
398 if(is_array($options)){
399 if (!empty($options['sessionName'])) {
400 $this->_sessionName = $options['sessionName'];
401 unset($options['sessionName']);
402 }
403 if (isset($options['allowLogin'])) {
404 $this->allowLogin = $options['allowLogin'];
405 unset($options['allowLogin']);
406 }
407 if (!empty($options['postUsername'])) {
408 $this->_postUsername = $options['postUsername'];
409 unset($options['postUsername']);
410 }
411 if (!empty($options['postPassword'])) {
412 $this->_postPassword = $options['postPassword'];
413 unset($options['postPassword']);
414 }
415 if (isset($options['advancedsecurity'])) {
416 $this->advancedsecurity = $options['advancedsecurity'];
417 unset($options['advancedsecurity']);
418 }
419 if (isset($options['enableLogging'])) {
420 $this->enableLogging = $options['enableLogging'];
421 unset($options['enableLogging']);
422 }
423 if (isset($options['regenerateSessionId']) && is_bool($options['regenerateSessionId'])) {
424 $this->regenerateSessionId = $options['regenerateSessionId'];
425 }
426 }
427 return($options);
428 }

References $options.

Referenced by Auth().

+ Here is the caller graph for this function:

◆ assignData()

Auth::assignData ( )

Assign data from login form to internal values.

This function takes the values for username and password from $HTTP_POST_VARS/$_POST and assigns them to internal variables. If you wish to use another source apart from $HTTP_POST_VARS/$_POST, you have to derive this function.

@global $HTTP_POST_VARS, $_POST

See also
Auth
Returns
void @access private

Reimplemented in ilAuthHTTP, and Auth_HTTP.

Definition at line 491 of file Auth.php.

492 {
493 $this->log('Auth::assignData() called.', AUTH_LOG_DEBUG);
494
495 if ( isset($this->post[$this->_postUsername])
496 && $this->post[$this->_postUsername] != '') {
497 $this->username = (get_magic_quotes_gpc() == 1
498 ? stripslashes($this->post[$this->_postUsername])
499 : $this->post[$this->_postUsername]);
500 }
501 if ( isset($this->post[$this->_postPassword])
502 && $this->post[$this->_postPassword] != '') {
503 $this->password = (get_magic_quotes_gpc() == 1
504 ? stripslashes($this->post[$this->_postPassword])
505 : $this->post[$this->_postPassword] );
506 }
507 }

References $_postPassword, $_postUsername, AUTH_LOG_DEBUG, and log().

Referenced by start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ attachLogObserver()

Auth::attachLogObserver ( $observer)

Attach an Observer to the Auth Log Source.

Parameters
objectLog_Observer A Log Observer instance
Returns
boolean

Definition at line 1317 of file Auth.php.

1317 {
1318
1319 $this->_loadLogger();
1320
1321 return $this->logger->attach($observer);
1322
1323 }
Auth\_loadLogger
_loadLogger()
Load Log object if not already loaded.
Definition: Auth.php:1292

References _loadLogger().

+ Here is the call graph for this function:

◆ Auth()

Auth::Auth (   $storageDriver,
  $options = '',
  $loginFunction = '',
  $showLogin = true 
)

Constructor.

Set up the storage driver.

Parameters
stringType of the storage driver
mixedAdditional options for the storage driver (example: if you are using DB as the storage driver, you have to pass the dsn string here)
stringName of the function that creates the login form
booleanShould the login form be displayed if neccessary?
Returns
void

Definition at line 335 of file Auth.php.

336 {
337 $this->applyAuthOptions($options);
338
339 // Start the session suppress error if already started
340 if(!session_id()){
341 @session_start();
342 if(!session_id()) {
343 // Throw error
344 include_once 'PEAR.php';
345 PEAR::throwError('Session could not be started by Auth, '
346 .'possibly headers are already sent, try putting '
347 .'ob_start in the beginning of your script');
348 }
349 }
350
351 // Make Sure Auth session variable is there
352 if(!isset($_SESSION[$this->_sessionName])) {
353 $_SESSION[$this->_sessionName] = array();
354 }
355
356 // Assign Some globals to internal references, this will replace _importGlobalVariable
357 $this->session =& $_SESSION[$this->_sessionName];
358 $this->server =& $_SERVER;
359 $this->post =& $_POST;
360 $this->cookie =& $_COOKIE;
361
362 if ($loginFunction != '' && is_callable($loginFunction)) {
363 $this->loginFunction = $loginFunction;
364 }
365
366 if (is_bool($showLogin)) {
367 $this->showLogin = $showLogin;
368 }
369
370 if (is_object($storageDriver)) {
371 $this->storage =& $storageDriver;
372 // Pass a reference to auth to the container, ugly but works
373 // this is used by the DB container to use method setAuthData not staticaly.
374 $this->storage->_auth_obj =& $this;
375 } else {
376 // $this->storage = $this->_factory($storageDriver, $options);
377 //
378 $this->storage_driver = $storageDriver;
379 $this->storage_options =& $options;
380 }
381 }
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
Auth\applyAuthOptions
& applyAuthOptions(&$options)
Set the Auth options.
Definition: Auth.php:396
Auth\$loginFunction
$loginFunction
Definition: Auth.php:145
Auth\$showLogin
$showLogin
Definition: Auth.php:153
Auth\$_sessionName
$_sessionName
Definition: Auth.php:221
PEAR\throwError
& throwError($message=null, $code=null, $userinfo=null)
Simpler form of raiseError with fewer options.
Definition: PEAR.php:591
$_POST
$_POST['username']
Definition: cron.php:12
$_COOKIE
$_COOKIE["ilClientId"]
Definition: cron.php:11
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

References $_COOKIE, $_POST, $_SERVER, $_SESSION, $_sessionName, $loginFunction, $options, $showLogin, applyAuthOptions(), and PEAR\throwError().

Referenced by Auth_HTTP\Auth_HTTP(), and staticCheckAuth().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ changePassword()

Auth::changePassword (   $username,
  $password 
)

Change password for user in the storage container.

@access public

Parameters
stringUsername
stringThe new password
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1252 of file Auth.php.

1253 {
1254 $this->log('Auth::changePassword() called', AUTH_LOG_DEBUG);
1255 $this->_loadStorage();
1256 return $this->storage->changePassword($username, $password);
1257 }

References $password, $username, _loadStorage(), AUTH_LOG_DEBUG, and log().

+ Here is the call graph for this function:

◆ checkAuth()

Auth::checkAuth ( )

Checks if there is a session with valid auth information.

@access public

Returns
boolean Whether or not the user is authenticated.

Definition at line 899 of file Auth.php.

900 {
901 $this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG);
902 $this->authChecks++;
903 if (isset($this->session)) {
904 // Check if authentication session is expired
905 if ( $this->expire > 0
906 && isset($this->session['timestamp'])
907 && ($this->session['timestamp'] + $this->expire) < time()) {
908 $this->log('Session Expired', AUTH_LOG_INFO);
909 $this->expired = true;
910 $this->status = AUTH_EXPIRED;
911 $this->logout();
912 return false;
913 }
914
915 // Check if maximum idle time is reached
916 if ( $this->idle > 0
917 && isset($this->session['idle'])
918 && ($this->session['idle'] + $this->idle) < time()) {
919 $this->log('Session Idle Time Reached', AUTH_LOG_INFO);
920 $this->idled = true;
921 $this->status = AUTH_IDLED;
922 $this->logout();
923 return false;
924 }
925
926 if ( isset($this->session['registered'])
927 && isset($this->session['username'])
928 && $this->session['registered'] == true
929 && $this->session['username'] != '') {
930 Auth::updateIdle();
931
932 if ($this->_isAdvancedSecurityEnabled()) {
933 $this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG);
934
935 // Only Generate the challenge once
936 if ( $this->authChecks == 1
937 && $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) {
938 $this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG);
939 $this->session['challengecookieold'] = $this->session['challengecookie'];
940 $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
941 //setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
942 require_once 'Services/Utilities/classes/class.ilUtil.php';
943 ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
944 }
945
946 // Check for ip change
947 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
948 && isset($this->server['REMOTE_ADDR'])
949 && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
950 $this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO);
951 // Check if the IP of the user has changed, if so we
952 // assume a man in the middle attack and log him out
953 $this->expired = true;
954 $this->status = AUTH_SECURITY_BREACH;
955 $this->logout();
956 return false;
957 }
958
959 // Check for ip change (if connected via proxy)
960 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
961 && isset($this->server['HTTP_X_FORWARDED_FOR'])
962 && $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
963 $this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO);
964 // Check if the IP of the user connecting via proxy has
965 // changed, if so we assume a man in the middle attack
966 // and log him out.
967 $this->expired = true;
968 $this->status = AUTH_SECURITY_BREACH;
969 $this->logout();
970 return false;
971 }
972
973 // Check for useragent change
974 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT)
975 && isset($this->server['HTTP_USER_AGENT'])
976 && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
977 $this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO);
978 // Check if the User-Agent of the user has changed, if
979 // so we assume a man in the middle attack and log him out
980 $this->expired = true;
981 $this->status = AUTH_SECURITY_BREACH;
982 $this->logout();
983 return false;
984 }
985
986 // Check challenge cookie here, if challengecookieold is not set
987 // this is the first time and check is skipped
988 // TODO when user open two pages similtaneuly (open in new window,open
989 // in tab) auth breach is caused find out a way around that if possible
990 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)
991 && isset($this->session['challengecookieold'])
992 && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
993 $this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO);
994 $this->expired = true;
995 $this->status = AUTH_SECURITY_BREACH;
996 $this->logout();
997 $this->login();
998 return false;
999 }
1000 }
1001
1002 if (is_callable($this->checkAuthCallback)) {
1003 $this->log('Calling checkAuthCallback ('.$this->checkAuthCallback.').', AUTH_LOG_DEBUG);
1004 $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
1005 if ($checkCallback == false) {
1006 $this->log('checkAuthCallback failed.', AUTH_LOG_INFO);
1007 $this->expired = true;
1008 $this->status = AUTH_CALLBACK_ABORT;
1009 $this->logout();
1010 return false;
1011 }
1012 }
1013
1014 $this->log('Session OK.', AUTH_LOG_INFO);
1015 return true;
1016 }
1017 } else {
1018 $this->log('Unable to locate session storage.', AUTH_LOG_DEBUG);
1019 return false;
1020 }
1021 $this->log('No login session.', AUTH_LOG_DEBUG);
1022 return false;
1023 }
AUTH_LOG_INFO
const AUTH_LOG_INFO
Auth Log level - INFO.
Definition: Auth.php:55
AUTH_ADV_USERAGENT
const AUTH_ADV_USERAGENT
Auth Advanced Security - User Agent Checks.
Definition: Auth.php:68
AUTH_ADV_IPCHECK
const AUTH_ADV_IPCHECK
Auth Advanced Security - IP Checks.
Definition: Auth.php:64
AUTH_SECURITY_BREACH
const AUTH_SECURITY_BREACH
Returned if new Advanced security system detects a breach.
Definition: Auth.php:46
AUTH_EXPIRED
const AUTH_EXPIRED
Returned if session has expired.
Definition: Auth.php:34
AUTH_ADV_CHALLENGE
const AUTH_ADV_CHALLENGE
Auth Advanced Security - Challenge Response.
Definition: Auth.php:72
AUTH_CALLBACK_ABORT
const AUTH_CALLBACK_ABORT
Returned if checkAuthCallback says session should not continue.
Definition: Auth.php:50
AUTH_IDLED
const AUTH_IDLED
Returned if session exceeds idle time.
Definition: Auth.php:30
Auth\updateIdle
updateIdle()
Update the idletime.
Definition: Auth.php:1101
Auth\login
login()
Login function.
Definition: Auth.php:543
Auth\logout
logout()
Logout function.
Definition: Auth.php:1077
Auth\_isAdvancedSecurityEnabled
_isAdvancedSecurityEnabled($feature=null)
Is advanced security enabled?
Definition: Auth.php:1337
ilUtil\setCookie
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:5102

References _isAdvancedSecurityEnabled(), AUTH_ADV_CHALLENGE, AUTH_ADV_IPCHECK, AUTH_ADV_USERAGENT, AUTH_CALLBACK_ABORT, AUTH_EXPIRED, AUTH_IDLED, AUTH_LOG_DEBUG, AUTH_LOG_INFO, AUTH_SECURITY_BREACH, log(), login(), logout(), ilUtil\setCookie(), and updateIdle().

Referenced by getAuth(), and start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuth()

Auth::getAuth ( )

Has the user been authenticated?

Is there a valid login session. Previously this was different from checkAuth() but now it is just an alias.

@access public

Returns
bool True if the user is logged in, otherwise false.

Definition at line 1058 of file Auth.php.

1059 {
1060 $this->log('Auth::getAuth() called.', AUTH_LOG_DEBUG);
1061 return $this->checkAuth();
1062 }
Auth\checkAuth
checkAuth()
Checks if there is a session with valid auth information.
Definition: Auth.php:899

References AUTH_LOG_DEBUG, checkAuth(), and log().

Referenced by Auth_HTTP\authenticationInfo(), and Auth_HTTP\login().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ getAuthData()

Auth::getAuthData (   $name = null)

Get additional information that is stored in the session.

If no value for the first parameter is passed, the method will return all data that is currently stored.

Parameters
stringName of the data field
Returns
mixed Value of the data field. @access public

Definition at line 798 of file Auth.php.

799 {
800 if (!isset($this->session['data'])) {
801 return null;
802 }
803 if(!isset($name)) {
804 return $this->session['data'];
805 }
806 if (isset($name) && isset($this->session['data'][$name])) {
807 return $this->session['data'][$name];
808 }
809 return null;
810 }

Referenced by Auth_HTTP\authenticationInfo(), and Auth_HTTP\login().

+ Here is the caller graph for this function:

◆ getPostPasswordField()

Auth::getPostPasswordField ( )

Gets the post varible used for the username.

Returns
string @access public

Definition at line 1160 of file Auth.php.

1161 {
1162 return($this->_postPassword);
1163 }

◆ getPostUsernameField()

Auth::getPostUsernameField ( )

Gets the post varible used for the username.

Returns
string @access public

Definition at line 1146 of file Auth.php.

1147 {
1148 return($this->_postUsername);
1149 }

◆ getStatus()

Auth::getStatus ( )

Get the current status.

Returns
string @access public

Reimplemented in ilAuthInactive.

Definition at line 1132 of file Auth.php.

1133 {
1134 return $this->status;
1135 }
Auth\$status
$status
Definition: Auth.php:168

References $status.

◆ getUsername()

Auth::getUsername ( )

Get the username.

Returns
string @access public

Definition at line 1115 of file Auth.php.

1116 {
1117 if (isset($this->session['username'])) {
1118 return($this->session['username']);
1119 }
1120 return('');
1121 }

◆ listUsers()

Auth::listUsers ( )

List all users that are currently available in the storage container.

@access public

Returns
array

Definition at line 1195 of file Auth.php.

1196 {
1197 $this->log('Auth::listUsers() called.', AUTH_LOG_DEBUG);
1198 $this->_loadStorage();
1199 return $this->storage->listUsers();
1200 }

References _loadStorage(), AUTH_LOG_DEBUG, and log().

+ Here is the call graph for this function:

◆ log()

Auth::log (   $message,
  $level = AUTH_LOG_DEBUG 
)

Log a message from the Auth system.

@access public

Parameters
stringThe message to log
stringThe log level to log the message under. See the Log documentation for more info.
Returns
boolean

Definition at line 1270 of file Auth.php.

1271 {
1272 if (!$this->enableLogging) return false;
1273
1274 $this->_loadLogger();
1275
1276 $this->logger->log('AUTH: '.$message, $level);
1277 }

References _loadLogger().

Referenced by _loadStorage(), addUser(), assignData(), changePassword(), checkAuth(), getAuth(), listUsers(), ilAuthWeb\login(), login(), logout(), removeUser(), setAuth(), and start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ login()

Auth::login ( )

Login function.

Returns
void @access private

Reimplemented in ilAuthApache, ilAuthWeb, ShibAuth, ilCASAuth, Auth_Anonymous, and Auth_HTTP.

Definition at line 543 of file Auth.php.

544 {
545 $this->log('Auth::login() called.', AUTH_LOG_DEBUG);
546
547 $login_ok = false;
548 $this->_loadStorage();
549
550 // Check if using challenge response
551 (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
552 ? $usingChap = true
553 : $usingChap = false;
554
555
556 // When the user has already entered a username, we have to validate it.
557 if (!empty($this->username)) {
558 if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
559 $this->session['challengekey'] = md5($this->username.$this->password);
560 $login_ok = true;
561 $this->log('Successful login.', AUTH_LOG_INFO);
562 }
563 }
564
565 if (!empty($this->username) && $login_ok) {
566 $this->setAuth($this->username);
567 if (is_callable($this->loginCallback)) {
568 $this->log('Calling loginCallback ('.$this->loginCallback.').', AUTH_LOG_DEBUG);
569 call_user_func_array($this->loginCallback, array($this->username, &$this));
570 }
571 }
572
573 // If the login failed or the user entered no username,
574 // output the login screen again.
575 if (!empty($this->username) && !$login_ok) {
576 $this->log('Incorrect login.', AUTH_LOG_INFO);
577 $this->status = AUTH_WRONG_LOGIN;
578 if (is_callable($this->loginFailedCallback)) {
579 $this->log('Calling loginFailedCallback ('.$this->loginFailedCallback.').', AUTH_LOG_DEBUG);
580 call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
581 }
582 }
583
584 if ((empty($this->username) || !$login_ok) && $this->showLogin) {
585 $this->log('Rendering Login Form.', AUTH_LOG_INFO);
586 if (is_callable($this->loginFunction)) {
587 $this->log('Calling loginFunction ('.$this->loginFunction.').', AUTH_LOG_DEBUG);
588 call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
589 } else {
590 // BC fix Auth used to use drawLogin for this
591 // call is sub classes implement this
592 if (is_callable(array($this, 'drawLogin'))) {
593 $this->log('Calling Auth::drawLogin()', AUTH_LOG_DEBUG);
594 return $this->drawLogin($this->username, $this);
595 }
596
597 $this->log('Using default Auth_Frontend_Html', AUTH_LOG_DEBUG);
598
599 // New Login form
600 include_once 'Auth/Frontend/Html.php';
601 return Auth_Frontend_Html::render($this, $this->username);
602 }
603 } else {
604 return;
605 }
606 }
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
Auth_Frontend_Html\render
render(&$caller, $username='')
Displays the login form.
Definition: Html.php:50
Auth\setAuth
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823

References _loadStorage(), AUTH_LOG_DEBUG, AUTH_LOG_INFO, AUTH_WRONG_LOGIN, log(), Auth_Frontend_Html\render(), and setAuth().

Referenced by checkAuth(), and start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ logout()

Auth::logout ( )

Logout function.

This function clears any auth tokens in the currently active session and executes the logout callback function, if any

@access public

Returns
void

Reimplemented in ShibAuth, and ilCASAuth.

Definition at line 1077 of file Auth.php.

1078 {
1079 $this->log('Auth::logout() called.', AUTH_LOG_DEBUG);
1080
1081 if (is_callable($this->logoutCallback) && isset($this->session['username'])) {
1082 $this->log('Calling logoutCallback ('.$this->logoutCallback.').', AUTH_LOG_DEBUG);
1083 call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
1084 }
1085
1086 $this->username = '';
1087 $this->password = '';
1088
1089 $this->session = null;
1090 }

References AUTH_LOG_DEBUG, and log().

Referenced by checkAuth(), ilSessionControl\checkCurrentSessionIsAllowed(), Auth_Anonymous\forceLogin(), and ilAuthInactive\start().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ removeUser()

Auth::removeUser (   $username)

Remove user from the storage container.

@access public

Parameters
stringUsername
Returns
mixed True on success, PEAR error object on error and AUTH_METHOD_NOT_SUPPORTED otherwise.

Definition at line 1233 of file Auth.php.

1234 {
1235 $this->log('Auth::removeUser() called.', AUTH_LOG_DEBUG);
1236 $this->_loadStorage();
1237 return $this->storage->removeUser($username);
1238 }

References $username, _loadStorage(), AUTH_LOG_DEBUG, and log().

+ Here is the call graph for this function:

◆ sessionValidThru()

Auth::sessionValidThru ( )

Returns the time up to the session is valid.

@access public

Returns
integer

Definition at line 1174 of file Auth.php.

1175 {
1176 if (!isset($this->session['idle'])) {
1177 return 0;
1178 }
1179 if ($this->idle == 0) {
1180 return 0;
1181 }
1182 return ($this->session['idle'] + $this->idle);
1183 }

◆ setAdvancedSecurity()

Auth::setAdvancedSecurity (   $flag = true)

Enables advanced security checks.

Currently only ip change and useragent change are detected

Todo:
Add challenge cookies - Create a cookie which changes every time and contains some challenge key which the server can verify with a session var cookie might need to be crypted (user pass)
Parameters
boolEnable or disable
Returns
void @access public

Definition at line 885 of file Auth.php.

886 {
887 $this->advancedsecurity = $flag;
888 }

◆ setAllowLogin()

Auth::setAllowLogin (   $allowLogin = true)

Should the login form be displayed if neccessary?

Parameters
boolshow login form or not
Returns
void @access public

Definition at line 691 of file Auth.php.

692 {
693 $this->allowLogin = $allowLogin;
694 }
Auth\$allowLogin
$allowLogin
Definition: Auth.php:161

References $allowLogin.

◆ setAuth()

Auth::setAuth (   $username)

Register variable in a session telling that the user has logged in successfully.

Parameters
stringUsername
Returns
void @access public

Definition at line 823 of file Auth.php.

824 {
825 $this->log('Auth::setAuth() called.', AUTH_LOG_DEBUG);
826
827 // #10729 - Regenerate session id here only if generating at login only
828 // Don't do it if we are regenerating on every request so we don't
829 // regenerate it twice in one request.
830 if (!$this->regenerateSessionId) {
831 // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
832 session_regenerate_id(true);
833 }
834
835 if (!isset($this->session) || !is_array($this->session)) {
836 $this->session = array();
837 }
838
839 if (!isset($this->session['data'])) {
840 $this->session['data'] = array();
841 }
842
843 $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
844 ? $this->server['REMOTE_ADDR']
845 : '';
846 $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
847 ? $this->server['HTTP_USER_AGENT']
848 : '';
849 $this->session['sessionforwardedfor'] = isset($this->server['HTTP_X_FORWARDED_FOR'])
850 ? $this->server['HTTP_X_FORWARDED_FOR']
851 : '';
852
853 // This should be set by the container to something more safe
854 // Like md5(passwd.microtime)
855 if(empty($this->session['challengekey'])) {
856 $this->session['challengekey'] = md5($username.microtime());
857 }
858
859 $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
860 //setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
861 require_once 'Services/Utilities/classes/class.ilUtil.php';
862 ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
863
864 $this->session['registered'] = true;
865 $this->session['username'] = $username;
866 $this->session['timestamp'] = time();
867 $this->session['idle'] = time();
868 }

References $username, AUTH_LOG_DEBUG, log(), and ilUtil\setCookie().

Referenced by ilCASAuth\login(), login(), Auth_Anonymous\login(), and Auth_HTTP\login().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ setAuthData()

Auth::setAuthData (   $name,
  $value,
  $overwrite = true 
)

Register additional information that is to be stored in the session.

Parameters
stringName of the data field
mixedValue of the data field
booleanShould existing data be overwritten? (default is true)
Returns
void @access public

Definition at line 777 of file Auth.php.

778 {
779 if (!empty($this->session['data'][$name]) && $overwrite == false) {
780 return;
781 }
782 $this->session['data'][$name] = $value;
783 }

Referenced by Auth_Container_DBLite\fetchData(), and Auth_HTTP\login().

+ Here is the caller graph for this function:

◆ setCheckAuthCallback()

Auth::setCheckAuthCallback (   $checkAuthCallback)

Register a callback function to be called whenever the validity of the login is checked The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void @access public
Since
Method available since Release 1.4.3

Definition at line 708 of file Auth.php.

709 {
710 $this->checkAuthCallback = $checkAuthCallback;
711 }
Auth\$checkAuthCallback
$checkAuthCallback
Definition: Auth.php:190

References $checkAuthCallback.

◆ setExpire()

Auth::setExpire (   $time,
  $add = false 
)

Set the maximum expire time.

Parameters
integertime in seconds
booladd time to current expire time or not
Returns
void @access public

Definition at line 619 of file Auth.php.

620 {
621 $add ? $this->expire += $time : $this->expire = $time;
622 }

◆ setFailedLoginCallback()

Auth::setFailedLoginCallback (   $loginFailedCallback)

Register a callback function to be called on failed user login.

The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void @access public

Definition at line 741 of file Auth.php.

742 {
743 $this->loginFailedCallback = $loginFailedCallback;
744 }
Auth\$loginFailedCallback
$loginFailedCallback
Definition: Auth.php:206

References $loginFailedCallback.

◆ setIdle()

Auth::setIdle (   $time,
  $add = false 
)

Set the maximum idle time.

Parameters
integertime in seconds
booladd time to current maximum idle time or not
Returns
void @access public

Definition at line 635 of file Auth.php.

636 {
637 $add ? $this->idle += $time : $this->idle = $time;
638 }

◆ setLoginCallback()

Auth::setLoginCallback (   $loginCallback)

Register a callback function to be called on user login.

The function will receive two parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void
See also
setLogoutCallback() @access User interface

Definition at line 725 of file Auth.php.

726 {
727 $this->loginCallback = $loginCallback;
728 }
Auth\$loginCallback
$loginCallback
Definition: Auth.php:198

References $loginCallback.

◆ setLogoutCallback()

Auth::setLogoutCallback (   $logoutCallback)

Register a callback function to be called on user logout.

The function will receive three parameters, the username and a reference to the auth object.

Parameters
stringcallback function name
Returns
void
See also
setLoginCallback() @access User interface

Definition at line 758 of file Auth.php.

759 {
760 $this->logoutCallback = $logoutCallback;
761 }
Auth\$logoutCallback
$logoutCallback
Definition: Auth.php:214

References $logoutCallback.

◆ setSessionName()

Auth::setSessionName (   $name = 'session')

Set name of the session to a customized value.

If you are using multiple instances of PEAR::Auth on the same domain, you can change the name of session per application via this function. This will chnage the name of the session variable auth uses to store it's data in the session

Parameters
stringNew name for the session
Returns
void @access public

Definition at line 656 of file Auth.php.

657 {
658 $this->_sessionName = '_auth_'.$name;
659 // Make Sure Auth session variable is there
660 if(!isset($_SESSION[$this->_sessionName])) {
661 $_SESSION[$this->_sessionName] = array();
662 }
663 $this->session =& $_SESSION[$this->_sessionName];
664 }

References $_SESSION, and $_sessionName.

Referenced by ilAuthApache\__construct(), ilAuthWeb\__construct(), ilAuthOpenId\__construct(), ilAuthCAS\__construct(), ShibAuth\__construct(), ilAuthCron\__construct(), ilAuthHTTP\__construct(), ilAuthECS\__construct(), and ilAuthSOAP\__construct().

+ Here is the caller graph for this function:

◆ setShowLogin()

Auth::setShowLogin (   $showLogin = true)

Should the login form be displayed if neccessary?

Parameters
boolshow login form or not
Returns
void @access public

Definition at line 676 of file Auth.php.

677 {
678 $this->showLogin = $showLogin;
679 }

References $showLogin.

◆ start()

Auth::start ( )

Start new auth session.

Returns
void @access public

Reimplemented in ilAuthInactive.

Definition at line 518 of file Auth.php.

519 {
520 $this->log('Auth::start() called.', AUTH_LOG_DEBUG);
521
522 // #10729 - Regenerate session id here if we are generating it on every
523 // page load.
524 if ($this->regenerateSessionId) {
525 session_regenerate_id(true);
526 }
527
528 $this->assignData();
529 if (!$this->checkAuth() && $this->allowLogin) {
530 $this->login();
531 }
532 }
Auth\assignData
assignData()
Assign data from login form to internal values.
Definition: Auth.php:491

References assignData(), AUTH_LOG_DEBUG, checkAuth(), log(), and login().

+ Here is the call graph for this function:

◆ staticCheckAuth()

Auth::staticCheckAuth (   $options = null)
static

Statically checks if there is a session with valid auth information.

@access public

See also
checkAuth
Returns
boolean Whether or not the user is authenticated.

Definition at line 1036 of file Auth.php.

1037 {
1038 static $staticAuth;
1039 if(!isset($staticAuth)) {
1040 $staticAuth = new Auth('null', $options);
1041 }
1042 $staticAuth->log('Auth::staticCheckAuth() called', AUTH_LOG_DEBUG);
1043 return $staticAuth->checkAuth();
1044 }
Auth\Auth
Auth($storageDriver, $options='', $loginFunction='', $showLogin=true)
Constructor.
Definition: Auth.php:335

References $options, Auth(), and AUTH_LOG_DEBUG.

+ Here is the call graph for this function:

◆ updateIdle()

Auth::updateIdle ( )

Update the idletime.

@access private

Returns
void

Definition at line 1101 of file Auth.php.

1102 {
1103 $this->session['idle'] = time();
1104 }

Referenced by checkAuth().

+ Here is the caller graph for this function:

Field Documentation

◆ $_postPassword

Auth::$_postPassword = 'password'

Definition at line 259 of file Auth.php.

Referenced by assignData().

◆ $_postUsername

Auth::$_postUsername = 'username'

Definition at line 252 of file Auth.php.

Referenced by assignData().

◆ $_sessionName

Auth::$_sessionName = '_authsession'

Definition at line 221 of file Auth.php.

Referenced by Auth(), Auth_HTTP\login(), and setSessionName().

◆ $advancedsecurity

Auth::$advancedsecurity = false

Definition at line 245 of file Auth.php.

Referenced by _isAdvancedSecurityEnabled().

◆ $allowLogin

Auth::$allowLogin = true

Definition at line 161 of file Auth.php.

Referenced by setAllowLogin().

◆ $authChecks

Auth::$authChecks = 0

Definition at line 295 of file Auth.php.

◆ $authdata

Auth::$authdata

Definition at line 289 of file Auth.php.

◆ $checkAuthCallback

Auth::$checkAuthCallback = ''

Definition at line 190 of file Auth.php.

Referenced by setCheckAuthCallback().

◆ $cookie

Auth::$cookie

Definition at line 283 of file Auth.php.

◆ $enableLogging

Auth::$enableLogging = false

Definition at line 309 of file Auth.php.

◆ $expire

Auth::$expire = 0

Definition at line 102 of file Auth.php.

◆ $expired

Auth::$expired = false

Definition at line 110 of file Auth.php.

◆ $idle

Auth::$idle = 0

Definition at line 122 of file Auth.php.

◆ $idled

Auth::$idled = false

Definition at line 130 of file Auth.php.

◆ $logger

Auth::$logger = null

Definition at line 302 of file Auth.php.

◆ $loginCallback

Auth::$loginCallback = ''

Definition at line 198 of file Auth.php.

Referenced by setLoginCallback().

◆ $loginFailedCallback

Auth::$loginFailedCallback = ''

Definition at line 206 of file Auth.php.

Referenced by setFailedLoginCallback().

◆ $loginFunction

Auth::$loginFunction = ''

Definition at line 145 of file Auth.php.

Referenced by Auth(), and Auth_Anonymous\Auth_Anonymous().

◆ $logoutCallback

Auth::$logoutCallback = ''

Definition at line 214 of file Auth.php.

Referenced by setLogoutCallback().

◆ $password

Auth::$password = ''

Definition at line 182 of file Auth.php.

Referenced by addUser(), Auth_HTTP\assignData(), and changePassword().

◆ $post

Auth::$post

Definition at line 277 of file Auth.php.

◆ $regenerateSessionId

Auth::$regenerateSessionId = false

Definition at line 316 of file Auth.php.

◆ $server

Auth::$server

Definition at line 271 of file Auth.php.

◆ $session

Auth::$session

Definition at line 265 of file Auth.php.

◆ $showLogin

Auth::$showLogin = true

Definition at line 153 of file Auth.php.

Referenced by Auth(), Auth_Anonymous\Auth_Anonymous(), and setShowLogin().

◆ $status

Auth::$status = ''

Definition at line 168 of file Auth.php.

Referenced by getStatus().

◆ $storage

Auth::$storage = ''

Definition at line 138 of file Auth.php.

Referenced by Auth_HTTP\login().

◆ $username

Auth::$username = ''

Definition at line 175 of file Auth.php.

Referenced by addUser(), Auth_HTTP\assignData(), ilAuthOpenId\callProvider(), changePassword(), ilCASAuth\login(), ilAuthOpenId\parseUsername(), removeUser(), setAuth(), and ShibAuth\setAuth().

◆ $version

Auth::$version = "@version@"

Definition at line 228 of file Auth.php.

The documentation for this class was generated from the following file: