ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthBase.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
33abstract class ilAuthBase
34{
35 // Used for SOAP Auth
36 // TODO: Find another solution
37 protected $sub_status = null;
38
39 protected $exceeded_user_name;
40
41
46 public function getSubStatus()
47 {
48 return $this->sub_status;
49 }
50
55 public function setSubStatus($a_sub_status)
56 {
57 $this->sub_status = $a_sub_status;
58 }
59
65 public function supportsRedirects()
66 {
67 return true;
68 }
69
74 public final function getContainer()
75 {
76 return $this->storage;
77 }
78
84 protected final function initAuth()
85 {
86 ilSessionControl::initSession();
87
88 $this->enableLogging = false;
89 //$this->enableLogging = false;
90
91 if ($this->enableLogging)
92 {
93 ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
94 }
95 $this->setLoginCallback(array($this,'loginObserver'));
96 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97 $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98 $this->setLogoutCallback(array($this,'logoutObserver'));
99
100 include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101 $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102
103 }
104
111 protected function loginObserver($a_username,$a_auth)
112 {
113 global $ilLog, $ilAppEventHandler, $ilSetting;
114
115 if($this->getContainer()->loginObserver($a_username,$a_auth))
116 {
117 // validate user
118 include_once "Services/User/classes/class.ilObjUser.php";
119 $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120 if($user_id != ANONYMOUS_USER_ID)
121 {
122 $user = new ilObjUser($user_id);
123
124 // check if profile is complete
125 include_once "Services/User/classes/class.ilUserProfile.php";
126 if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
127 {
128 $user->setProfileIncomplete(true);
129 $user->update();
130 }
131
132 // --- extended user validation
133 //
134 // we only have a single status, so abort after each one
135 // order from highest priority to lowest
136
137 if(!$this->checkExceededLoginAttempts($user))
138 {
139 $this->status = AUTH_USER_INACTIVE_LOGIN_ATTEMPTS;
140 $a_auth->logout();
141 return;
142 }
143
144 // active?
145 if(!$user->getActive())
146 {
147 $this->status = AUTH_USER_INACTIVE;
148 $a_auth->logout();
149 return;
150 }
151
152 // time limit
153 if(!$user->checkTimeLimit())
154 {
155 $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
156 // #16327
157 $this->exceeded_user_name = $this->getUserName();
158 $a_auth->logout();
159 return;
160 }
161
162 // check client ip
163 $clientip = $user->getClientIP();
164 if (trim($clientip) != "")
165 {
166 $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
167 $clientip = str_replace(".","\\.",$clientip);
168 $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
169 if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
170 {
171 $this->status = AUTH_USER_WRONG_IP;
172 $a_auth->logout();
173 return;
174 }
175 }
176
177 // simultaneous login
178 if($ilSetting->get('ps_prevent_simultaneous_logins') &&
179 ilObjUser::hasActiveSession($user_id))
180 {
181 $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
182 $a_auth->logout();
183 return;
184 }
185
186 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
187 ilOnlineTracking::addUser($user_id);
188
189 include_once 'Modules/Forum/classes/class.ilObjForum.php';
190 ilObjForum::_updateOldAccess($user_id);
191
192 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
193 $security_settings = ilSecuritySettings::_getInstance();
194
195 // determine first login of user for setting an indicator
196 // which still is available in PersonalDesktop, Repository, ...
197 // (last login date is set to current date in next step)
198 if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
199 $user->getLastLogin() == null
200 )
201 {
202 $user->resetLastPasswordChange();
203 }
204
205 $user->refreshLogin();
206
207 // reset counter for failed logins
208 ilObjUser::_resetLoginAttempts($user_id);
209 }
210
211 // --- anonymous/registered user
212 ilLoggerFactory::getLogger('auth')->info(
213 'logged in as '. $a_auth->getUsername() .
214 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
215 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
216 );
217
218 ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
219
220 $ilAppEventHandler->raise(
221 'Services/Authentication', 'afterLogin',
222 array('username' => $a_auth->getUsername())
223 );
224 }
225 }
226
231 protected function checkExceededLoginAttempts(\ilObjUser $user)
232 {
233 if(in_array($user->getId(), array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
234 {
235 return true;
236 }
237
238 $isInactive = !$user->getActive();
239 if(!$isInactive)
240 {
241 return true;
242 }
243
244 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245 $security = ilSecuritySettings::_getInstance();
246 $maxLoginAttempts = $security->getLoginMaxAttempts();
247
248 if(!(int)$maxLoginAttempts)
249 {
250 return true;
251 }
252
253 $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
254
255 return $numLoginAttempts < $maxLoginAttempts;
256 }
257
264 protected function failedLoginObserver($a_username, $a_auth)
265 {
266 global $ilLog;
267
268 ilLoggerFactory::getLogger('auth')->info(
269 ': login failed for user '.$a_username.
270 ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
271 ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
272 );
273
274 if($a_username)
275 {
276 $usr_id = ilObjUser::_lookupId($a_username);
277 if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
278 {
279 ilObjUser::_incrementLoginAttempts($usr_id);
280 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
281
282 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
283 $security = ilSecuritySettings::_getInstance();
284 $max_attempts = $security->getLoginMaxAttempts();
285
286 if((int)$max_attempts && $login_attempts >= $max_attempts)
287 {
288 ilObjUser::_setUserInactive($usr_id);
289 }
290 }
291 }
292
293 return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
294 }
295
302 protected function checkAuthObserver($a_username,$a_auth)
303 {
304 return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
305 }
306
313 protected function logoutObserver($a_username,$a_auth)
314 {
315 global $ilLog, $ilAppEventHandler;
316
317 ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
318
319 ilSessionControl::handleLogoutEvent();
320
321 $ilAppEventHandler->raise(
322 'Services/Authentication', 'afterLogout',
323 array('username' => $a_auth->getUsername())
324 );
325
326 return $this->getContainer()->logoutObserver($a_username,$a_auth);
327 }
328
329 public function getExceededUserName()
330 {
331 return $this->exceeded_user_name;
332 }
333}
334?>
AUTH_LOG_DEBUG
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:48
AUTH_USER_INACTIVE_LOGIN_ATTEMPTS
const AUTH_USER_INACTIVE_LOGIN_ATTEMPTS
Definition: class.ilAuthUtils.php:50
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:47
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:46
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:45
ilAuthBase
@classDescription Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:34
ilAuthBase\initAuth
initAuth()
Init auth object Enable logging, set callbacks...
Definition: class.ilAuthBase.php:84
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
ilAuthBase\checkExceededLoginAttempts
checkExceededLoginAttempts(\ilObjUser $user)
Definition: class.ilAuthBase.php:231
ilAuthBase\setSubStatus
setSubStatus($a_sub_status)
Set sub status.
Definition: class.ilAuthBase.php:55
ilAuthBase\failedLoginObserver
failedLoginObserver($a_username, $a_auth)
Called after failed login.
Definition: class.ilAuthBase.php:264
ilAuthBase\getSubStatus
getSubStatus()
Get sub status.
Definition: class.ilAuthBase.php:46
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:111
ilAuthBase\supportsRedirects
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ....
Definition: class.ilAuthBase.php:65
ilAuthBase\logoutObserver
logoutObserver($a_username, $a_auth)
Called after logout.
Definition: class.ilAuthBase.php:313
ilAuthBase\checkAuthObserver
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
Definition: class.ilAuthBase.php:302
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4753
ilObjUser\getActive
getActive()
get user active state @access public
Definition: class.ilObjUser.php:2195
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4776
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2539
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:824
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4787
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4764
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4458
ilObject\getId
getId()
get object id @access public
Definition: class.ilObject.php:297
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:208
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:140
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:871
$ilLog
$ilLog
Definition: inc.setup_header.php:136
$ilSetting
global $ilSetting
Definition: privfeed.php:40
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54