ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilAuthBase.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 abstract class ilAuthBase
34 {
35  // Used for SOAP Auth
36  // TODO: Find another solution
37  protected $sub_status = null;
38 
40 
41 
46  public function getSubStatus()
47  {
48  return $this->sub_status;
49  }
50 
55  public function setSubStatus($a_sub_status)
56  {
57  $this->sub_status = $a_sub_status;
58  }
59 
65  public function supportsRedirects()
66  {
67  return true;
68  }
69 
74  public final function getContainer()
75  {
76  return $this->storage;
77  }
78 
84  protected final function initAuth()
85  {
87 
88  $this->enableLogging = false;
89  //$this->enableLogging = false;
90 
91  if ($this->enableLogging)
92  {
93  ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
94  }
95  $this->setLoginCallback(array($this,'loginObserver'));
96  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98  $this->setLogoutCallback(array($this,'logoutObserver'));
99 
100  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102 
103  }
104 
111  protected function loginObserver($a_username,$a_auth)
112  {
113  global $ilLog, $ilAppEventHandler, $ilSetting;
114 
115  if($this->getContainer()->loginObserver($a_username,$a_auth))
116  {
117  // validate user
118  include_once "Services/User/classes/class.ilObjUser.php";
119  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120  if($user_id != ANONYMOUS_USER_ID)
121  {
122  $user = new ilObjUser($user_id);
123 
124  // check if profile is complete
125  include_once "Services/User/classes/class.ilUserProfile.php";
127  {
128  $user->setProfileIncomplete(true);
129  $user->update();
130  }
131 
132  // --- extended user validation
133  //
134  // we only have a single status, so abort after each one
135  // order from highest priority to lowest
136 
137  if(!$this->checkExceededLoginAttempts($user))
138  {
139  $this->status = AUTH_USER_INACTIVE_LOGIN_ATTEMPTS;
140  $a_auth->logout();
141  return;
142  }
143 
144  // active?
145  if(!$user->getActive())
146  {
147  $this->status = AUTH_USER_INACTIVE;
148  $a_auth->logout();
149  return;
150  }
151 
152  // time limit
153  if(!$user->checkTimeLimit())
154  {
155  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
156  // #16327
157  $this->exceeded_user_name = $this->getUserName();
158  $a_auth->logout();
159  return;
160  }
161 
162  // check client ip
163  $clientip = $user->getClientIP();
164  if (trim($clientip) != "")
165  {
166  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
167  $clientip = str_replace(".","\\.",$clientip);
168  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
169  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
170  {
171  $this->status = AUTH_USER_WRONG_IP;
172  $a_auth->logout();
173  return;
174  }
175  }
176 
177  // simultaneous login
178  if($ilSetting->get('ps_prevent_simultaneous_logins') &&
179  ilObjUser::hasActiveSession($user_id))
180  {
181  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
182  $a_auth->logout();
183  return;
184  }
185 
186  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
187  ilOnlineTracking::addUser($user_id);
188 
189  include_once 'Modules/Forum/classes/class.ilObjForum.php';
190  ilObjForum::_updateOldAccess($user_id);
191 
192  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
193  $security_settings = ilSecuritySettings::_getInstance();
194 
195  // determine first login of user for setting an indicator
196  // which still is available in PersonalDesktop, Repository, ...
197  // (last login date is set to current date in next step)
198  if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
199  $user->getLastLogin() == null
200  )
201  {
202  $user->resetLastPasswordChange();
203  }
204 
205  $user->refreshLogin();
206 
207  // reset counter for failed logins
209  }
210 
211  // --- anonymous/registered user
212  ilLoggerFactory::getLogger('auth')->info(
213  'logged in as '. $a_auth->getUsername() .
214  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
215  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
216  );
217 
218  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
219 
220  $ilAppEventHandler->raise(
221  'Services/Authentication', 'afterLogin',
222  array('username' => $a_auth->getUsername())
223  );
224  }
225  }
226 
231  protected function checkExceededLoginAttempts(\ilObjUser $user)
232  {
233  if(in_array($user->getId(), array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
234  {
235  return true;
236  }
237 
238  $isInactive = !$user->getActive();
239  if(!$isInactive)
240  {
241  return true;
242  }
243 
244  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245  $security = ilSecuritySettings::_getInstance();
246  $maxLoginAttempts = $security->getLoginMaxAttempts();
247 
248  if(!(int)$maxLoginAttempts)
249  {
250  return true;
251  }
252 
253  $numLoginAttempts = \ilObjUser::_getLoginAttempts($user->getId());
254 
255  return $numLoginAttempts < $maxLoginAttempts;
256  }
257 
264  protected function failedLoginObserver($a_username, $a_auth)
265  {
266  global $ilLog;
267 
268  ilLoggerFactory::getLogger('auth')->info(
269  ': login failed for user '.$a_username.
270  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
271  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
272  );
273 
274  if($a_username)
275  {
276  $usr_id = ilObjUser::_lookupId($a_username);
277  if(!in_array($usr_id, array(ANONYMOUS_USER_ID, SYSTEM_USER_ID)))
278  {
280  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
281 
282  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
283  $security = ilSecuritySettings::_getInstance();
284  $max_attempts = $security->getLoginMaxAttempts();
285 
286  if((int)$max_attempts && $login_attempts >= $max_attempts)
287  {
289  }
290  }
291  }
292 
293  return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
294  }
295 
302  protected function checkAuthObserver($a_username,$a_auth)
303  {
304  return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
305  }
306 
313  protected function logoutObserver($a_username,$a_auth)
314  {
315  global $ilLog, $ilAppEventHandler;
316 
317  ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
318 
320 
321  $ilAppEventHandler->raise(
322  'Services/Authentication', 'afterLogout',
323  array('username' => $a_auth->getUsername())
324  );
325 
326  return $this->getContainer()->logoutObserver($a_username,$a_auth);
327  }
328 
329  public function getExceededUserName()
330  {
332  }
333 }
334 ?>
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
const AUTH_USER_INACTIVE
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
const AUTH_USER_WRONG_IP
getActive()
get user active state public
failedLoginObserver($a_username, $a_auth)
Called after failed login.
initAuth()
Init auth object Enable logging, set callbacks...
static _incrementLoginAttempts($a_usr_id)
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
static _lookupId($a_user_str)
Lookup id by login.
getContainer()
Get container object.
const AUTH_USER_TIME_LIMIT_EXCEEDED
static _resetLoginAttempts($a_usr_id)
static _getLoginAttempts($a_usr_id)
getSubStatus()
Get sub status.
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
logoutObserver($a_username, $a_auth)
Called after logout.
Base class for all PEAR and ILIAS auth classes.
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
getId()
get object id public
static handleLoginEvent($a_login, $a_auth)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
static hasActiveSession($a_user_id)
Check for simultaneous login.
loginObserver($a_username, $a_auth)
Called after successful login.
setSubStatus($a_sub_status)
Set sub status.
const AUTH_USER_SIMULTANEOUS_LOGIN
static initSession()
mark session with type regarding to the context.
static _setUserInactive($a_usr_id)
global $ilSetting
Definition: privfeed.php:40
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
static getLogger($a_component_id)
Get component logger.
const AUTH_USER_INACTIVE_LOGIN_ATTEMPTS
static handleLogoutEvent()
reset sessions type to unknown
static _getInstance()
Get instance of ilSecuritySettings.
checkExceededLoginAttempts(\ilObjUser $user)