4include_once
'./Services/Authentication/classes/class.ilAuthBase.php';
30define(
'AUTH_IDLED', -1);
34define(
'AUTH_EXPIRED', -2);
38define(
'AUTH_WRONG_LOGIN', -3);
42define(
'AUTH_METHOD_NOT_SUPPORTED', -4);
46define(
'AUTH_SECURITY_BREACH', -5);
50define(
'AUTH_CALLBACK_ABORT', -6);
55define(
'AUTH_LOG_INFO', 6);
59define(
'AUTH_LOG_DEBUG', 7);
64define(
'AUTH_ADV_IPCHECK', 1);
68define(
'AUTH_ADV_USERAGENT', 2);
72define(
'AUTH_ADV_CHALLENGE', 3);
344 include_once
'PEAR.php';
346 .
'possibly headers are already sent, try putting '
347 .
'ob_start in the beginning of your script');
352 if(!isset(
$_SESSION[$this->_sessionName])) {
370 if (is_object($storageDriver)) {
371 $this->storage =& $storageDriver;
374 $this->storage->_auth_obj =& $this;
378 $this->storage_driver = $storageDriver;
399 if (!empty(
$options[
'sessionName'])) {
400 $this->_sessionName =
$options[
'sessionName'];
403 if (isset(
$options[
'allowLogin'])) {
404 $this->allowLogin =
$options[
'allowLogin'];
407 if (!empty(
$options[
'postUsername'])) {
408 $this->_postUsername =
$options[
'postUsername'];
411 if (!empty(
$options[
'postPassword'])) {
412 $this->_postPassword =
$options[
'postPassword'];
415 if (isset(
$options[
'advancedsecurity'])) {
416 $this->advancedsecurity =
$options[
'advancedsecurity'];
417 unset(
$options[
'advancedsecurity']);
419 if (isset(
$options[
'enableLogging'])) {
420 $this->enableLogging =
$options[
'enableLogging'];
423 if (isset(
$options[
'regenerateSessionId']) && is_bool(
$options[
'regenerateSessionId'])) {
424 $this->regenerateSessionId =
$options[
'regenerateSessionId'];
445 if(!is_object($this->storage)) {
446 $this->storage =& $this->
_factory($this->storage_driver,
447 $this->storage_options);
448 $this->storage->_auth_obj =& $this;
449 $this->
log(
'Loaded storage container ('.$this->storage_driver.
')',
AUTH_LOG_DEBUG);
469 $storage_class =
'Auth_Container_' . $driver;
470 include_once
'Auth/Container/' . $driver .
'.php';
471 $obj =&
new $storage_class(
$options);
495 if ( isset($this->post[$this->_postUsername])
496 && $this->post[$this->_postUsername] !=
'') {
497 $this->username = (get_magic_quotes_gpc() == 1
498 ? stripslashes($this->post[$this->_postUsername])
501 if ( isset($this->post[$this->_postPassword])
503 $this->password = (get_magic_quotes_gpc() == 1
504 ? stripslashes($this->post[$this->_postPassword])
524 if ($this->regenerateSessionId) {
525 session_regenerate_id(
true);
529 if (!$this->
checkAuth() && $this->allowLogin) {
551 (isset($this->post[
'authsecret']) && $this->post[
'authsecret'] == 1)
553 : $usingChap =
false;
557 if (!empty($this->username)) {
558 if (
true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
559 $this->session[
'challengekey'] = md5($this->username.$this->password);
565 if (!empty($this->username) && $login_ok) {
566 $this->
setAuth($this->username);
567 if (is_callable($this->loginCallback)) {
569 call_user_func_array($this->loginCallback, array($this->username, &$this));
575 if (!empty($this->username) && !$login_ok) {
578 if (is_callable($this->loginFailedCallback)) {
579 $this->
log(
'Calling loginFailedCallback ('.$this->loginFailedCallback.
').',
AUTH_LOG_DEBUG);
580 call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
584 if ((empty($this->username) || !$login_ok) && $this->showLogin) {
586 if (is_callable($this->loginFunction)) {
588 call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
592 if (is_callable(array($this,
'drawLogin'))) {
594 return $this->drawLogin($this->username, $this);
600 include_once
'Auth/Frontend/Html.php';
621 $add ? $this->expire += $time : $this->expire = $time;
637 $add ? $this->idle += $time : $this->idle = $time;
658 $this->_sessionName =
'_auth_'.$name;
660 if(!isset(
$_SESSION[$this->_sessionName])) {
779 if (!empty($this->session[
'data'][$name]) && $overwrite ==
false) {
782 $this->session[
'data'][$name] = $value;
800 if (!isset($this->session[
'data'])) {
804 return $this->session[
'data'];
806 if (isset($name) && isset($this->session[
'data'][$name])) {
807 return $this->session[
'data'][$name];
830 if (!$this->regenerateSessionId) {
832 session_regenerate_id(
true);
835 if (!isset($this->session) || !is_array($this->session)) {
836 $this->session = array();
839 if (!isset($this->session[
'data'])) {
840 $this->session[
'data'] = array();
843 $this->session[
'sessionip'] = isset($this->server[
'REMOTE_ADDR'])
844 ? $this->server[
'REMOTE_ADDR']
846 $this->session[
'sessionuseragent'] = isset($this->server[
'HTTP_USER_AGENT'])
847 ? $this->server[
'HTTP_USER_AGENT']
849 $this->session[
'sessionforwardedfor'] = isset($this->server[
'HTTP_X_FORWARDED_FOR'])
850 ? $this->server[
'HTTP_X_FORWARDED_FOR']
855 if(empty($this->session[
'challengekey'])) {
856 $this->session[
'challengekey'] = md5(
$username.microtime());
859 $this->session[
'challengecookie'] = md5($this->session[
'challengekey'].microtime());
861 require_once
'Services/Utilities/classes/class.ilUtil.php';
864 $this->session[
'registered'] =
true;
866 $this->session[
'timestamp'] = time();
867 $this->session[
'idle'] = time();
887 $this->advancedsecurity = $flag;
903 if (isset($this->session)) {
905 if ( $this->expire > 0
906 && isset($this->session[
'timestamp'])
907 && ($this->session[
'timestamp'] + $this->expire) < time()) {
909 $this->expired =
true;
917 && isset($this->session[
'idle'])
918 && ($this->session[
'idle'] + $this->idle) < time()) {
926 if ( isset($this->session[
'registered'])
927 && isset($this->session[
'username'])
928 && $this->session[
'registered'] ==
true
929 && $this->session[
'username'] !=
'') {
936 if ( $this->authChecks == 1
939 $this->session[
'challengecookieold'] = $this->session[
'challengecookie'];
940 $this->session[
'challengecookie'] = md5($this->session[
'challengekey'].microtime());
942 require_once
'Services/Utilities/classes/class.ilUtil.php';
948 && isset($this->server[
'REMOTE_ADDR'])
949 && $this->session[
'sessionip'] != $this->server[
'REMOTE_ADDR']) {
953 $this->expired =
true;
961 && isset($this->server[
'HTTP_X_FORWARDED_FOR'])
962 && $this->session[
'sessionforwardedfor'] != $this->server[
'HTTP_X_FORWARDED_FOR']) {
963 $this->
log(
'Security Breach. Forwarded For IP Address changed.',
AUTH_LOG_INFO);
967 $this->expired =
true;
975 && isset($this->server[
'HTTP_USER_AGENT'])
976 && $this->session[
'sessionuseragent'] != $this->server[
'HTTP_USER_AGENT']) {
980 $this->expired =
true;
991 && isset($this->session[
'challengecookieold'])
992 && $this->session[
'challengecookieold'] != $this->cookie[
'authchallenge']) {
994 $this->expired =
true;
1002 if (is_callable($this->checkAuthCallback)) {
1003 $this->
log(
'Calling checkAuthCallback ('.$this->checkAuthCallback.
').',
AUTH_LOG_DEBUG);
1004 $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
1005 if ($checkCallback ==
false) {
1007 $this->expired =
true;
1039 if(!isset($staticAuth)) {
1042 $staticAuth->log(
'Auth::staticCheckAuth() called',
AUTH_LOG_DEBUG);
1043 return $staticAuth->checkAuth();
1081 if (is_callable($this->logoutCallback) && isset($this->session[
'username'])) {
1082 $this->
log(
'Calling logoutCallback ('.$this->logoutCallback.
').',
AUTH_LOG_DEBUG);
1083 call_user_func_array($this->logoutCallback, array($this->session[
'username'], &$this));
1086 $this->username =
'';
1087 $this->password =
'';
1089 $this->session =
null;
1103 $this->session[
'idle'] = time();
1117 if (isset($this->session[
'username'])) {
1118 return($this->session[
'username']);
1148 return($this->_postUsername);
1162 return($this->_postPassword);
1176 if (!isset($this->session[
'idle'])) {
1179 if ($this->idle == 0) {
1182 return ($this->session[
'idle'] + $this->idle);
1199 return $this->storage->listUsers();
1237 return $this->storage->removeUser(
$username);
1272 if (!$this->enableLogging)
return false;
1276 $this->logger->log(
'AUTH: '.$message, $level);
1294 if(is_null($this->logger)) {
1295 if (!class_exists(
'Log')) {
1296 include_once
'Log.php';
1300 'auth['.getmypid().
']',
1321 return $this->logger->attach($observer);
1339 if (is_null($feature)) {
1341 if ($this->advancedsecurity ===
true)
1344 if ( is_array($this->advancedsecurity)
1345 && in_array(
true, $this->advancedsecurity,
true))
1352 if (is_array($this->advancedsecurity)) {
1354 if ( isset($this->advancedsecurity[$feature])
1355 && $this->advancedsecurity[$feature] ==
true)
const AUTH_LOG_INFO
Auth Log level - INFO.
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
const AUTH_ADV_USERAGENT
Auth Advanced Security - User Agent Checks.
const AUTH_ADV_IPCHECK
Auth Advanced Security - IP Checks.
const AUTH_SECURITY_BREACH
Returned if new Advanced security system detects a breach.
const AUTH_EXPIRED
Returned if session has expired.
const AUTH_ADV_CHALLENGE
Auth Advanced Security - Challenge Response.
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
const AUTH_CALLBACK_ABORT
Returned if checkAuthCallback says session should not continue.
const AUTH_IDLED
Returned if session exceeds idle time.
render(&$caller, $username='')
Displays the login form.
setShowLogin($showLogin=true)
Should the login form be displayed if neccessary?
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
& applyAuthOptions(&$options)
Set the Auth options.
checkAuth()
Checks if there is a session with valid auth information.
getAuthData($name=null)
Get additional information that is stored in the session.
setAllowLogin($allowLogin=true)
Should the login form be displayed if neccessary?
removeUser($username)
Remove user from the storage container.
_loadLogger()
Load Log object if not already loaded.
staticCheckAuth($options=null)
Statically checks if there is a session with valid auth information.
& _factory($driver, $options='')
Return a storage driver based on $driver and $options.
setExpire($time, $add=false)
Set the maximum expire time.
changePassword($username, $password)
Change password for user in the storage container.
updateIdle()
Update the idletime.
addUser($username, $password, $additional='')
Add user to the storage container.
setLogoutCallback($logoutCallback)
Register a callback function to be called on user logout.
start()
Start new auth session.
Auth($storageDriver, $options='', $loginFunction='', $showLogin=true)
Constructor.
setLoginCallback($loginCallback)
Register a callback function to be called on user login.
_loadStorage()
Load Storage Driver if not already loaded.
listUsers()
List all users that are currently available in the storage container.
setIdle($time, $add=false)
Set the maximum idle time.
sessionValidThru()
Returns the time up to the session is valid.
assignData()
Assign data from login form to internal values.
getUsername()
Get the username.
getStatus()
Get the current status.
setFailedLoginCallback($loginFailedCallback)
Register a callback function to be called on failed user login.
setSessionName($name='session')
Set name of the session to a customized value.
getPostPasswordField()
Gets the post varible used for the username.
getPostUsernameField()
Gets the post varible used for the username.
setCheckAuthCallback($checkAuthCallback)
Register a callback function to be called whenever the validity of the login is checked The function ...
getAuth()
Has the user been authenticated?
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
setAdvancedSecurity($flag=true)
Enables advanced security checks.
attachLogObserver(&$observer)
Attach an Observer to the Auth Log Source.
_isAdvancedSecurityEnabled($feature=null)
Is advanced security enabled?
setAuthData($name, $value, $overwrite=true)
Register additional information that is to be stored in the session.
& singleton($handler, $name='', $ident='', $conf=array(), $level=PEAR_LOG_DEBUG)
Attempts to return a reference to a concrete Log instance of type $handler, only creating a new insta...
& throwError($message=null, $code=null, $userinfo=null)
Simpler form of raiseError with fewer options.
@classDescription Base class for all PEAR and ILIAS auth classes.
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
if(!is_array($argv)) $options
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']