ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilCASAuth.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
24
25include_once("Auth/Auth.php");
26
37class ilCASAuth extends Auth
38{
43 function ilCASAuth($a_params)
44 {
45 if ($a_params["sessionName"] != "")
46 {
47 parent::Auth("", array("sessionName" => $a_params["sessionName"]));
48 }
49 else
50 {
51 parent::Auth("");
52 }
53
54 include_once("./Services/CAS/lib/CAS.php");
55 $this->server_version = CAS_VERSION_2_0;
56 $this->server_hostname = $a_params["server_hostname"];
57 $this->server_port = (int) $a_params["server_port"];
58 $this->server_uri = $a_params["server_uri"];
59
60 //phpCAS::setDebug();
61//echo "-".$_GET['ticket']."-"; exit;
62 phpCAS::client($this->server_version, $this->server_hostname,
63 $this->server_port, (string) $this->server_uri);
64 }
65
72 function checkCASAuth()
73 {
74 global $PHPCAS_CLIENT;
75
76 return $PHPCAS_CLIENT->isAuthenticated();
77 }
78
79 function forceCASAuth()
80 {
82 }
83
84 function getCASUser()
85 {
86 return phpCAS::getUser();
87 }
88
94/*
95 function getAuth()
96 {
97 $session = &$this->_importGlobalVariable('session');
98 if (!empty($session) &&
99 (isset($session[$this->_sessionName]['registered']) &&
100 $session[$this->_sessionName]['registered'] === true))
101 {
102 return true;
103 } else {
104 return false;
105 }
106 }
107*/
108
117/*
118 function setIdle($time, $add = false)
119 {
120 $add ? $this->idle += $time : $this->idle = $time;
121 }
122*/
123
132/*
133 function setExpire($time, $add = false)
134 {
135 $add ? $this->expire += $time : $this->expire = $time;
136 }
137*/
138
145/*
146 function checkAuth()
147 {
148 $session = &$this->_importGlobalVariable('session');
149
150 if (isset($session[$this->_sessionName])) {
151 // Check if authentication session is expired
152 if ($this->expire > 0 &&
153 isset($session[$this->_sessionName]['timestamp']) &&
154 ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
155
156 $this->logout();
157 $this->expired = true;
158 $this->status = AUTH_EXPIRED;
159
160 return false;
161 }
162
163 // Check if maximum idle time is reached
164 if ($this->idle > 0 &&
165 isset($session[$this->_sessionName]['idle']) &&
166 ($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
167
168 $this->logout();
169 $this->idled = true;
170 $this->status = AUTH_IDLED;
171
172 return false;
173 }
174
175 if (isset($session[$this->_sessionName]['registered']) &&
176 isset($session[$this->_sessionName]['username']) &&
177 $session[$this->_sessionName]['registered'] == true &&
178 $session[$this->_sessionName]['username'] != '') {
179
180 Auth::updateIdle();
181
182 return true;
183 }
184 }
185
186 return false;
187 }
188*/
189
196/*
197 function start()
198 {
199 @session_start();
200
201 if (!$this->checkAuth()) {
202 $this->login();
203 }
204 }
205*/
206
213 function login()
214 {
215 global $ilias, $rbacadmin, $ilSetting;
216
217 if (phpCAS::getUser() != "")
218 {
220
221 // Authorize this user
222 include_once('./Services/User/classes/class.ilObjUser.php');
224
225 if ($local_user != "")
226 {
227 $this->setAuth($local_user);
228 }
229 else
230 {
231 if (!$ilSetting->get("cas_create_users"))
232 {
233 $this->status = AUTH_CAS_NO_ILIAS_USER;
234 $this->logout();
235 return;
236 }
237
238 $userObj = new ilObjUser();
239
241
242 $newUser["firstname"] = $local_user;
243 $newUser["lastname"] = "";
244
245 $newUser["login"] = $local_user;
246
247 // set "plain md5" password (= no valid password)
248 $newUser["passwd"] = "";
249 $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
250
251 //$newUser["gender"] = "m";
252 $newUser["auth_mode"] = "cas";
253 $newUser["ext_account"] = $username;
254 $newUser["profile_incomplete"] = 1;
255
256 // system data
257 $userObj->assignData($newUser);
258 $userObj->setTitle($userObj->getFullname());
259 $userObj->setDescription($userObj->getEmail());
260
261 // set user language to system language
262 $userObj->setLanguage($ilSetting->get("language"));
263
264 // Time limit
265 $userObj->setTimeLimitOwner(7);
266 $userObj->setTimeLimitUnlimited(1);
267 $userObj->setTimeLimitFrom(time());
268 $userObj->setTimeLimitUntil(time());
269
270 // Create user in DB
271 $userObj->setOwner(0);
272 $userObj->create();
273 $userObj->setActive(1);
274
275 $userObj->updateOwner();
276
277 //insert user data in table user_data
278 $userObj->saveAsNew();
279
280 // setup user preferences
281 $userObj->writePrefs();
282
283 // to do: test this
284 $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
285
286 unset($userObj);
287
288 $this->setAuth($local_user);
289
290 }
291 }
292 else
293 {
294 // This should never occur unless CAS is not configured properly
295 $this->status = AUTH_WRONG_LOGIN;
296 }
297 }
298
307/*
308 function setAuth($username)
309 {
310 $session = &Auth::_importGlobalVariable('session');
311
312 if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
313 session_register($this->_sessionName);
314 }
315
316 if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
317 $session[$this->_sessionName] = array();
318 }
319
320 if(!isset($session[$this->_sessionName]['data'])){
321 $session[$this->_sessionName]['data'] = array();
322 }
323 $session[$this->_sessionName]['registered'] = true;
324 $session[$this->_sessionName]['username'] = $username;
325 $session[$this->_sessionName]['timestamp'] = time();
326 $session[$this->_sessionName]['idle'] = time();
327 }
328*/
329
341 function logout()
342 {
343 parent::logout();
344 //PHPCAS::logout(); // CAS logout should be provided separately
345 // maybe on ILISA login screen
346 }
347
354/*
355 function getUsername()
356 {
357 $session = &$this->_importGlobalVariable('session');
358 if (!isset($session[$this->_sessionName]['username'])) {
359 return '';
360 }
361 return $session[$this->_sessionName]['username'];
362 }
363*/
364
371/*
372 function getStatus()
373 {
374
375 return $status;
376 }
377*/
378
386/*
387 function &_importGlobalVariable($variable)
388 {
389 $var = null;
390
391 switch (strtolower($variable)) {
392
393 case 'server' :
394 if (isset($_SERVER)) {
395 $var = &$_SERVER;
396 } else {
397 $var = &$GLOBALS['HTTP_SERVER_VARS'];
398 }
399 break;
400
401 case 'session' :
402 if (isset($_SESSION)) {
403 $var = &$_SESSION;
404 } else {
405 $var = &$GLOBALS['HTTP_SESSION_VARS'];
406 }
407 break;
408
409 case 'post' :
410 if (isset($_POST)) {
411 $var = &$_POST;
412 } else {
413 $var = &$GLOBALS['HTTP_POST_VARS'];
414 }
415 break;
416
417 case 'cookie' :
418 if (isset($_COOKIE)) {
419 $var = &$_COOKIE;
420 } else {
421 $var = &$GLOBALS['HTTP_COOKIE_VARS'];
422 }
423 break;
424
425 case 'get' :
426 if (isset($_GET)) {
427 $var = &$_GET;
428 } else {
429 $var = &$GLOBALS['HTTP_GET_VARS'];
430 }
431 break;
432
433 default:
434 break;
435
436 }
437
438 return $var;
439 }
440*/
441} // END class.ilCASAuth
442?>
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
$username
Definition: Auth.php:175
const AUTH_CAS_NO_ILIAS_USER
const IL_PASSWD_CRYPTED
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Class CASAuth.
ilCASAuth($a_params)
Constructor @access public.
checkCASAuth()
check cas autehntication
logout()
Register variable in a session telling that the user has logged in successfully.
login()
Checks if the current user is authenticated yet @access public.
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176
forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:961
getUser()
This method returns the CAS user's login name.
Definition: CAS.php:1075
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
const CAS_VERSION_2_0
Definition: CAS.php:81
global $ilSetting
Definition: privfeed.php:40