ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
class.ilCASAuth.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
25 include_once("Auth/Auth.php");
26 
37 class ilCASAuth extends Auth
38 {
43  function ilCASAuth($a_params)
44  {
45  if ($a_params["sessionName"] != "")
46  {
47  parent::Auth("", array("sessionName" => $a_params["sessionName"]));
48  }
49  else
50  {
51  parent::Auth("");
52  }
53 
54  include_once("./Services/CAS/lib/CAS.php");
55  $this->server_version = CAS_VERSION_2_0;
56  $this->server_hostname = $a_params["server_hostname"];
57  $this->server_port = (int) $a_params["server_port"];
58  $this->server_uri = $a_params["server_uri"];
59 
60  //phpCAS::setDebug();
61 //echo "-".$_GET['ticket']."-"; exit;
62  phpCAS::client($this->server_version, $this->server_hostname,
63  $this->server_port, (string) $this->server_uri);
64  }
65 
72  function checkCASAuth()
73  {
74  global $PHPCAS_CLIENT;
75 
76  return $PHPCAS_CLIENT->isAuthenticated();
77  }
78 
79  function forceCASAuth()
80  {
81  phpCAS::forceAuthentication();
82  }
83 
84  function getCASUser()
85  {
86  return phpCAS::getUser();
87  }
88 
94 /*
95  function getAuth()
96  {
97  $session = &$this->_importGlobalVariable('session');
98  if (!empty($session) &&
99  (isset($session[$this->_sessionName]['registered']) &&
100  $session[$this->_sessionName]['registered'] === true))
101  {
102  return true;
103  } else {
104  return false;
105  }
106  }
107 */
108 
117 /*
118  function setIdle($time, $add = false)
119  {
120  $add ? $this->idle += $time : $this->idle = $time;
121  }
122 */
123 
132 /*
133  function setExpire($time, $add = false)
134  {
135  $add ? $this->expire += $time : $this->expire = $time;
136  }
137 */
138 
145 /*
146  function checkAuth()
147  {
148  $session = &$this->_importGlobalVariable('session');
149 
150  if (isset($session[$this->_sessionName])) {
151  // Check if authentication session is expired
152  if ($this->expire > 0 &&
153  isset($session[$this->_sessionName]['timestamp']) &&
154  ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
155 
156  $this->logout();
157  $this->expired = true;
158  $this->status = AUTH_EXPIRED;
159 
160  return false;
161  }
162 
163  // Check if maximum idle time is reached
164  if ($this->idle > 0 &&
165  isset($session[$this->_sessionName]['idle']) &&
166  ($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
167 
168  $this->logout();
169  $this->idled = true;
170  $this->status = AUTH_IDLED;
171 
172  return false;
173  }
174 
175  if (isset($session[$this->_sessionName]['registered']) &&
176  isset($session[$this->_sessionName]['username']) &&
177  $session[$this->_sessionName]['registered'] == true &&
178  $session[$this->_sessionName]['username'] != '') {
179 
180  Auth::updateIdle();
181 
182  return true;
183  }
184  }
185 
186  return false;
187  }
188 */
189 
196 /*
197  function start()
198  {
199  @session_start();
200 
201  if (!$this->checkAuth()) {
202  $this->login();
203  }
204  }
205 */
206 
213  function login()
214  {
215  global $ilias, $rbacadmin, $ilSetting;
216 
217  if (phpCAS::getUser() != "")
218  {
219  $username = phpCAS::getUser();
220 
221  // Authorize this user
222  include_once('./Services/User/classes/class.ilObjUser.php');
223  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
224 
225  if ($local_user != "")
226  {
227  $this->setAuth($local_user);
228  }
229  else
230  {
231  if (!$ilSetting->get("cas_create_users"))
232  {
233  $this->status = AUTH_CAS_NO_ILIAS_USER;
234  $this->logout();
235  return;
236  }
237 
238  $userObj = new ilObjUser();
239 
240  $local_user = ilAuthUtils::_generateLogin($username);
241 
242  $newUser["firstname"] = $local_user;
243  $newUser["lastname"] = "";
244 
245  $newUser["login"] = $local_user;
246 
247  // set "plain md5" password (= no valid password)
248  $newUser["passwd"] = "";
249  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
250 
251  //$newUser["gender"] = "m";
252  $newUser["auth_mode"] = "cas";
253  $newUser["ext_account"] = $username;
254  $newUser["profile_incomplete"] = 1;
255 
256  // system data
257  $userObj->assignData($newUser);
258  $userObj->setTitle($userObj->getFullname());
259  $userObj->setDescription($userObj->getEmail());
260 
261  // set user language to system language
262  $userObj->setLanguage($ilSetting->get("language"));
263 
264  // Time limit
265  $userObj->setTimeLimitOwner(7);
266  $userObj->setTimeLimitUnlimited(1);
267  $userObj->setTimeLimitFrom(time());
268  $userObj->setTimeLimitUntil(time());
269 
270  // Create user in DB
271  $userObj->setOwner(0);
272  $userObj->create();
273  $userObj->setActive(1);
274 
275  $userObj->updateOwner();
276 
277  //insert user data in table user_data
278  $userObj->saveAsNew();
279 
280  // setup user preferences
281  $userObj->writePrefs();
282 
283  // to do: test this
284  $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(),true);
285 
286  unset($userObj);
287 
288  $this->setAuth($local_user);
289 
290  }
291  }
292  else
293  {
294  // This should never occur unless CAS is not configured properly
295  $this->status = AUTH_WRONG_LOGIN;
296  }
297  }
298 
307 /*
308  function setAuth($username)
309  {
310  $session = &Auth::_importGlobalVariable('session');
311 
312  if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
313  session_register($this->_sessionName);
314  }
315 
316  if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
317  $session[$this->_sessionName] = array();
318  }
319 
320  if(!isset($session[$this->_sessionName]['data'])){
321  $session[$this->_sessionName]['data'] = array();
322  }
323  $session[$this->_sessionName]['registered'] = true;
324  $session[$this->_sessionName]['username'] = $username;
325  $session[$this->_sessionName]['timestamp'] = time();
326  $session[$this->_sessionName]['idle'] = time();
327  }
328 */
329 
341  function logout()
342  {
343  parent::logout();
344  //PHPCAS::logout(); // CAS logout should be provided separately
345  // maybe on ILISA login screen
346  }
347 
354 /*
355  function getUsername()
356  {
357  $session = &$this->_importGlobalVariable('session');
358  if (!isset($session[$this->_sessionName]['username'])) {
359  return '';
360  }
361  return $session[$this->_sessionName]['username'];
362  }
363 */
364 
371 /*
372  function getStatus()
373  {
374 
375  return $status;
376  }
377 */
378 
386 /*
387  function &_importGlobalVariable($variable)
388  {
389  $var = null;
390 
391  switch (strtolower($variable)) {
392 
393  case 'server' :
394  if (isset($_SERVER)) {
395  $var = &$_SERVER;
396  } else {
397  $var = &$GLOBALS['HTTP_SERVER_VARS'];
398  }
399  break;
400 
401  case 'session' :
402  if (isset($_SESSION)) {
403  $var = &$_SESSION;
404  } else {
405  $var = &$GLOBALS['HTTP_SESSION_VARS'];
406  }
407  break;
408 
409  case 'post' :
410  if (isset($_POST)) {
411  $var = &$_POST;
412  } else {
413  $var = &$GLOBALS['HTTP_POST_VARS'];
414  }
415  break;
416 
417  case 'cookie' :
418  if (isset($_COOKIE)) {
419  $var = &$_COOKIE;
420  } else {
421  $var = &$GLOBALS['HTTP_COOKIE_VARS'];
422  }
423  break;
424 
425  case 'get' :
426  if (isset($_GET)) {
427  $var = &$_GET;
428  } else {
429  $var = &$GLOBALS['HTTP_GET_VARS'];
430  }
431  break;
432 
433  default:
434  break;
435 
436  }
437 
438  return $var;
439  }
440 */
441 } // END class.ilCASAuth
442 ?>
ilCASAuth\logout
logout()
Register variable in a session telling that the user has logged in successfully.
Definition: class.ilCASAuth.php:341
phpCAS\client
client($server_version, $server_hostname, $server_port, $server_uri, $start_session=true)
phpCAS client initializer.
Definition: CAS.php:366
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilCASAuth
Class CASAuth.
Definition: class.ilCASAuth.php:37
$PHPCAS_CLIENT
$PHPCAS_CLIENT
This global variable is used by the interface class phpCAS.
Definition: CAS.php:176
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:42
ilCASAuth\ilCASAuth
ilCASAuth($a_params)
Constructor public.
Definition: class.ilCASAuth.php:43
phpCAS\forceAuthentication
forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:961
ilAuthUtils\_generateLogin
_generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:567
phpCAS\getUser
getUser()
This method returns the CAS user&#39;s login name.
Definition: CAS.php:1075
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:81
$ilSetting
global $ilSetting
Definition: privfeed.php:40
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3766
Auth\setAuth
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
ilCASAuth\checkCASAuth
checkCASAuth()
check cas autehntication
Definition: class.ilCASAuth.php:72
ilCASAuth\login
login()
Checks if the current user is authenticated yet public.
Definition: class.ilCASAuth.php:213
Auth\$username
$username
Definition: Auth.php:175