ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Auth.php
Go to the documentation of this file.
1<?php
2/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
3
4include_once './Services/Authentication/classes/class.ilAuthBase.php';
5
30define('AUTH_IDLED', -1);
34define('AUTH_EXPIRED', -2);
38define('AUTH_WRONG_LOGIN', -3);
42define('AUTH_METHOD_NOT_SUPPORTED', -4);
46define('AUTH_SECURITY_BREACH', -5);
50define('AUTH_CALLBACK_ABORT', -6);
51
55define('AUTH_LOG_INFO', 6);
59define('AUTH_LOG_DEBUG', 7);
60
64define('AUTH_ADV_IPCHECK', 1);
68define('AUTH_ADV_USERAGENT', 2);
72define('AUTH_ADV_CHALLENGE', 3);
73
74
90class Auth extends ilAuthBase {
91
92 // {{{ properties
93
102 var $expire = 0;
103
110 var $expired = false;
111
122 var $idle = 0;
123
130 var $idled = false;
131
138 var $storage = '';
139
145 var $loginFunction = '';
146
153 var $showLogin = true;
154
161 var $allowLogin = true;
162
168 var $status = '';
169
175 var $username = '';
176
182 var $password = '';
183
190 var $checkAuthCallback = '';
191
198 var $loginCallback = '';
199
206 var $loginFailedCallback = '';
207
214 var $logoutCallback = '';
215
221 var $_sessionName = '_authsession';
222
228 var $version = "@version@";
229
245 var $advancedsecurity = false;
246
252 var $_postUsername = 'username';
253
259 var $_postPassword = 'password';
260
265 var $session;
266
271 var $server;
272
277 var $post;
278
283 var $cookie;
284
289 var $authdata;
290
295 var $authChecks = 0;
296
302 var $logger = null;
303
309 var $enableLogging = false;
310
316 var $regenerateSessionId = false;
317
318 // }}}
319 // {{{ Auth() [constructor]
320
335 function Auth($storageDriver, $options = '', $loginFunction = '', $showLogin = true)
336 {
337 $this->applyAuthOptions($options);
338
339 // Start the session suppress error if already started
340 if(!session_id()){
341 @session_start();
342 if(!session_id()) {
343 // Throw error
344 include_once 'PEAR.php';
345 PEAR::throwError('Session could not be started by Auth, '
346 .'possibly headers are already sent, try putting '
347 .'ob_start in the beginning of your script');
348 }
349 }
350
351 // Make Sure Auth session variable is there
352 if(!isset($_SESSION[$this->_sessionName])) {
353 $_SESSION[$this->_sessionName] = array();
354 }
355
356 // Assign Some globals to internal references, this will replace _importGlobalVariable
357 $this->session =& $_SESSION[$this->_sessionName];
358 $this->server =& $_SERVER;
359 $this->post =& $_POST;
360 $this->cookie =& $_COOKIE;
361
362 if ($loginFunction != '' && is_callable($loginFunction)) {
363 $this->loginFunction = $loginFunction;
364 }
365
366 if (is_bool($showLogin)) {
367 $this->showLogin = $showLogin;
368 }
369
370 if (is_object($storageDriver)) {
371 $this->storage =& $storageDriver;
372 // Pass a reference to auth to the container, ugly but works
373 // this is used by the DB container to use method setAuthData not staticaly.
374 $this->storage->_auth_obj =& $this;
375 } else {
376 // $this->storage = $this->_factory($storageDriver, $options);
377 //
378 $this->storage_driver = $storageDriver;
379 $this->storage_options =& $options;
380 }
381 }
382
383 // }}}
384 // {{{ applyAuthOptions()
385
396 function &applyAuthOptions(&$options)
397 {
398 if(is_array($options)){
399 if (!empty($options['sessionName'])) {
400 $this->_sessionName = $options['sessionName'];
401 unset($options['sessionName']);
402 }
403 if (isset($options['allowLogin'])) {
404 $this->allowLogin = $options['allowLogin'];
405 unset($options['allowLogin']);
406 }
407 if (!empty($options['postUsername'])) {
408 $this->_postUsername = $options['postUsername'];
409 unset($options['postUsername']);
410 }
411 if (!empty($options['postPassword'])) {
412 $this->_postPassword = $options['postPassword'];
413 unset($options['postPassword']);
414 }
415 if (isset($options['advancedsecurity'])) {
416 $this->advancedsecurity = $options['advancedsecurity'];
417 unset($options['advancedsecurity']);
418 }
419 if (isset($options['enableLogging'])) {
420 $this->enableLogging = $options['enableLogging'];
421 unset($options['enableLogging']);
422 }
423 if (isset($options['regenerateSessionId']) && is_bool($options['regenerateSessionId'])) {
424 $this->regenerateSessionId = $options['regenerateSessionId'];
425 }
426 }
427 return($options);
428 }
429
430 // }}}
431 // {{{ _loadStorage()
432
443 function _loadStorage()
444 {
445 if(!is_object($this->storage)) {
446 $this->storage =& $this->_factory($this->storage_driver,
447 $this->storage_options);
448 $this->storage->_auth_obj =& $this;
449 $this->log('Loaded storage container ('.$this->storage_driver.')', AUTH_LOG_DEBUG);
450 return(true);
451 }
452 return(false);
453 }
454
455 // }}}
456 // {{{ _factory()
457
467 function &_factory($driver, $options = '')
468 {
469 $storage_class = 'Auth_Container_' . $driver;
470 include_once 'Auth/Container/' . $driver . '.php';
471 $obj =& new $storage_class($options);
472 return $obj;
473 }
474
475 // }}}
476 // {{{ assignData()
477
491 function assignData()
492 {
493 $this->log('Auth::assignData() called.', AUTH_LOG_DEBUG);
494
495 if ( isset($this->post[$this->_postUsername])
496 && $this->post[$this->_postUsername] != '') {
497 $this->username = (get_magic_quotes_gpc() == 1
498 ? stripslashes($this->post[$this->_postUsername])
499 : $this->post[$this->_postUsername]);
500 }
501 if ( isset($this->post[$this->_postPassword])
502 && $this->post[$this->_postPassword] != '') {
503 $this->password = (get_magic_quotes_gpc() == 1
504 ? stripslashes($this->post[$this->_postPassword])
505 : $this->post[$this->_postPassword] );
506 }
507 }
508
509 // }}}
510 // {{{ start()
511
518 function start()
519 {
520 $this->log('Auth::start() called.', AUTH_LOG_DEBUG);
521
522 // #10729 - Regenerate session id here if we are generating it on every
523 // page load.
524 if ($this->regenerateSessionId) {
525 session_regenerate_id(true);
526 }
527
528 $this->assignData();
529 if (!$this->checkAuth() && $this->allowLogin) {
530 $this->login();
531 }
532 }
533
534 // }}}
535 // {{{ login()
536
543 function login()
544 {
545 $this->log('Auth::login() called.', AUTH_LOG_DEBUG);
546
547 $login_ok = false;
548 $this->_loadStorage();
549
550 // Check if using challenge response
551 (isset($this->post['authsecret']) && $this->post['authsecret'] == 1)
552 ? $usingChap = true
553 : $usingChap = false;
554
555
556 // When the user has already entered a username, we have to validate it.
557 if (!empty($this->username)) {
558 if (true === $this->storage->fetchData($this->username, $this->password, $usingChap)) {
559 $this->session['challengekey'] = md5($this->username.$this->password);
560 $login_ok = true;
561 $this->log('Successful login.', AUTH_LOG_INFO);
562 }
563 }
564
565 if (!empty($this->username) && $login_ok) {
566 $this->setAuth($this->username);
567 if (is_callable($this->loginCallback)) {
568 $this->log('Calling loginCallback ('.$this->loginCallback.').', AUTH_LOG_DEBUG);
569 call_user_func_array($this->loginCallback, array($this->username, &$this));
570 }
571 }
572
573 // If the login failed or the user entered no username,
574 // output the login screen again.
575 if (!empty($this->username) && !$login_ok) {
576 $this->log('Incorrect login.', AUTH_LOG_INFO);
577 $this->status = AUTH_WRONG_LOGIN;
578 if (is_callable($this->loginFailedCallback)) {
579 $this->log('Calling loginFailedCallback ('.$this->loginFailedCallback.').', AUTH_LOG_DEBUG);
580 call_user_func_array($this->loginFailedCallback, array($this->username, &$this));
581 }
582 }
583
584 if ((empty($this->username) || !$login_ok) && $this->showLogin) {
585 $this->log('Rendering Login Form.', AUTH_LOG_INFO);
586 if (is_callable($this->loginFunction)) {
587 $this->log('Calling loginFunction ('.$this->loginFunction.').', AUTH_LOG_DEBUG);
588 call_user_func_array($this->loginFunction, array($this->username, $this->status, &$this));
589 } else {
590 // BC fix Auth used to use drawLogin for this
591 // call is sub classes implement this
592 if (is_callable(array($this, 'drawLogin'))) {
593 $this->log('Calling Auth::drawLogin()', AUTH_LOG_DEBUG);
594 return $this->drawLogin($this->username, $this);
595 }
596
597 $this->log('Using default Auth_Frontend_Html', AUTH_LOG_DEBUG);
598
599 // New Login form
600 include_once 'Auth/Frontend/Html.php';
601 return Auth_Frontend_Html::render($this, $this->username);
602 }
603 } else {
604 return;
605 }
606 }
607
608 // }}}
609 // {{{ setExpire()
610
619 function setExpire($time, $add = false)
620 {
621 $add ? $this->expire += $time : $this->expire = $time;
622 }
623
624 // }}}
625 // {{{ setIdle()
626
635 function setIdle($time, $add = false)
636 {
637 $add ? $this->idle += $time : $this->idle = $time;
638 }
639
640 // }}}
641 // {{{ setSessionName()
642
656 function setSessionName($name = 'session')
657 {
658 $this->_sessionName = '_auth_'.$name;
659 // Make Sure Auth session variable is there
660 if(!isset($_SESSION[$this->_sessionName])) {
661 $_SESSION[$this->_sessionName] = array();
662 }
663 $this->session =& $_SESSION[$this->_sessionName];
664 }
665
666 // }}}
667 // {{{ setShowLogin()
668
676 function setShowLogin($showLogin = true)
677 {
678 $this->showLogin = $showLogin;
679 }
680
681 // }}}
682 // {{{ setAllowLogin()
683
691 function setAllowLogin($allowLogin = true)
692 {
693 $this->allowLogin = $allowLogin;
694 }
695
696 // }}}
697 // {{{ setCheckAuthCallback()
698
708 function setCheckAuthCallback($checkAuthCallback)
709 {
710 $this->checkAuthCallback = $checkAuthCallback;
711 }
712
713 // }}}
714 // {{{ setLoginCallback()
715
725 function setLoginCallback($loginCallback)
726 {
727 $this->loginCallback = $loginCallback;
728 }
729
730 // }}}
731 // {{{ setFailedLoginCallback()
732
741 function setFailedLoginCallback($loginFailedCallback)
742 {
743 $this->loginFailedCallback = $loginFailedCallback;
744 }
745
746 // }}}
747 // {{{ setLogoutCallback()
748
758 function setLogoutCallback($logoutCallback)
759 {
760 $this->logoutCallback = $logoutCallback;
761 }
762
763 // }}}
764 // {{{ setAuthData()
765
777 function setAuthData($name, $value, $overwrite = true)
778 {
779 if (!empty($this->session['data'][$name]) && $overwrite == false) {
780 return;
781 }
782 $this->session['data'][$name] = $value;
783 }
784
785 // }}}
786 // {{{ getAuthData()
787
798 function getAuthData($name = null)
799 {
800 if (!isset($this->session['data'])) {
801 return null;
802 }
803 if(!isset($name)) {
804 return $this->session['data'];
805 }
806 if (isset($name) && isset($this->session['data'][$name])) {
807 return $this->session['data'][$name];
808 }
809 return null;
810 }
811
812 // }}}
813 // {{{ setAuth()
814
823 function setAuth($username)
824 {
825 $this->log('Auth::setAuth() called.', AUTH_LOG_DEBUG);
826
827 // #10729 - Regenerate session id here only if generating at login only
828 // Don't do it if we are regenerating on every request so we don't
829 // regenerate it twice in one request.
830 if (!$this->regenerateSessionId) {
831 // #2021 - Change the session id to avoid session fixation attacks php 4.3.3 >
832 session_regenerate_id(true);
833 }
834
835 if (!isset($this->session) || !is_array($this->session)) {
836 $this->session = array();
837 }
838
839 if (!isset($this->session['data'])) {
840 $this->session['data'] = array();
841 }
842
843 $this->session['sessionip'] = isset($this->server['REMOTE_ADDR'])
844 ? $this->server['REMOTE_ADDR']
845 : '';
846 $this->session['sessionuseragent'] = isset($this->server['HTTP_USER_AGENT'])
847 ? $this->server['HTTP_USER_AGENT']
848 : '';
849 $this->session['sessionforwardedfor'] = isset($this->server['HTTP_X_FORWARDED_FOR'])
850 ? $this->server['HTTP_X_FORWARDED_FOR']
851 : '';
852
853 // This should be set by the container to something more safe
854 // Like md5(passwd.microtime)
855 if(empty($this->session['challengekey'])) {
856 $this->session['challengekey'] = md5($username.microtime());
857 }
858
859 $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
860 //setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
861 require_once 'Services/Utilities/classes/class.ilUtil.php';
862 ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
863
864 $this->session['registered'] = true;
865 $this->session['username'] = $username;
866 $this->session['timestamp'] = time();
867 $this->session['idle'] = time();
868 }
869
870 // }}}
871 // {{{ setAdvancedSecurity()
872
885 function setAdvancedSecurity($flag=true)
886 {
887 $this->advancedsecurity = $flag;
888 }
889
890 // }}}
891 // {{{ checkAuth()
892
899 function checkAuth()
900 {
901 $this->log('Auth::checkAuth() called.', AUTH_LOG_DEBUG);
902 $this->authChecks++;
903 if (isset($this->session)) {
904 // Check if authentication session is expired
905 if ( $this->expire > 0
906 && isset($this->session['timestamp'])
907 && ($this->session['timestamp'] + $this->expire) < time()) {
908 $this->log('Session Expired', AUTH_LOG_INFO);
909 $this->expired = true;
910 $this->status = AUTH_EXPIRED;
911 $this->logout();
912 return false;
913 }
914
915 // Check if maximum idle time is reached
916 if ( $this->idle > 0
917 && isset($this->session['idle'])
918 && ($this->session['idle'] + $this->idle) < time()) {
919 $this->log('Session Idle Time Reached', AUTH_LOG_INFO);
920 $this->idled = true;
921 $this->status = AUTH_IDLED;
922 $this->logout();
923 return false;
924 }
925
926 if ( isset($this->session['registered'])
927 && isset($this->session['username'])
928 && $this->session['registered'] == true
929 && $this->session['username'] != '') {
930 Auth::updateIdle();
931
932 if ($this->_isAdvancedSecurityEnabled()) {
933 $this->log('Advanced Security Mode Enabled.', AUTH_LOG_DEBUG);
934
935 // Only Generate the challenge once
936 if ( $this->authChecks == 1
937 && $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)) {
938 $this->log('Generating new Challenge Cookie.', AUTH_LOG_DEBUG);
939 $this->session['challengecookieold'] = $this->session['challengecookie'];
940 $this->session['challengecookie'] = md5($this->session['challengekey'].microtime());
941 //setcookie('authchallenge', $this->session['challengecookie'], 0, '/');
942 require_once 'Services/Utilities/classes/class.ilUtil.php';
943 ilUtil::setCookie('authchallenge', $this->session['challengecookie']);
944 }
945
946 // Check for ip change
947 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
948 && isset($this->server['REMOTE_ADDR'])
949 && $this->session['sessionip'] != $this->server['REMOTE_ADDR']) {
950 $this->log('Security Breach. Remote IP Address changed.', AUTH_LOG_INFO);
951 // Check if the IP of the user has changed, if so we
952 // assume a man in the middle attack and log him out
953 $this->expired = true;
954 $this->status = AUTH_SECURITY_BREACH;
955 $this->logout();
956 return false;
957 }
958
959 // Check for ip change (if connected via proxy)
960 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_IPCHECK)
961 && isset($this->server['HTTP_X_FORWARDED_FOR'])
962 && $this->session['sessionforwardedfor'] != $this->server['HTTP_X_FORWARDED_FOR']) {
963 $this->log('Security Breach. Forwarded For IP Address changed.', AUTH_LOG_INFO);
964 // Check if the IP of the user connecting via proxy has
965 // changed, if so we assume a man in the middle attack
966 // and log him out.
967 $this->expired = true;
968 $this->status = AUTH_SECURITY_BREACH;
969 $this->logout();
970 return false;
971 }
972
973 // Check for useragent change
974 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_USERAGENT)
975 && isset($this->server['HTTP_USER_AGENT'])
976 && $this->session['sessionuseragent'] != $this->server['HTTP_USER_AGENT']) {
977 $this->log('Security Breach. User Agent changed.', AUTH_LOG_INFO);
978 // Check if the User-Agent of the user has changed, if
979 // so we assume a man in the middle attack and log him out
980 $this->expired = true;
981 $this->status = AUTH_SECURITY_BREACH;
982 $this->logout();
983 return false;
984 }
985
986 // Check challenge cookie here, if challengecookieold is not set
987 // this is the first time and check is skipped
988 // TODO when user open two pages similtaneuly (open in new window,open
989 // in tab) auth breach is caused find out a way around that if possible
990 if ( $this->_isAdvancedSecurityEnabled(AUTH_ADV_CHALLENGE)
991 && isset($this->session['challengecookieold'])
992 && $this->session['challengecookieold'] != $this->cookie['authchallenge']) {
993 $this->log('Security Breach. Challenge Cookie mismatch.', AUTH_LOG_INFO);
994 $this->expired = true;
995 $this->status = AUTH_SECURITY_BREACH;
996 $this->logout();
997 $this->login();
998 return false;
999 }
1000 }
1001
1002 if (is_callable($this->checkAuthCallback)) {
1003 $this->log('Calling checkAuthCallback ('.$this->checkAuthCallback.').', AUTH_LOG_DEBUG);
1004 $checkCallback = call_user_func_array($this->checkAuthCallback, array($this->username, &$this));
1005 if ($checkCallback == false) {
1006 $this->log('checkAuthCallback failed.', AUTH_LOG_INFO);
1007 $this->expired = true;
1008 $this->status = AUTH_CALLBACK_ABORT;
1009 $this->logout();
1010 return false;
1011 }
1012 }
1013
1014 $this->log('Session OK.', AUTH_LOG_INFO);
1015 return true;
1016 }
1017 } else {
1018 $this->log('Unable to locate session storage.', AUTH_LOG_DEBUG);
1019 return false;
1020 }
1021 $this->log('No login session.', AUTH_LOG_DEBUG);
1022 return false;
1023 }
1024
1025 // }}}
1026 // {{{ staticCheckAuth() [static]
1027
1036 function staticCheckAuth($options = null)
1037 {
1038 static $staticAuth;
1039 if(!isset($staticAuth)) {
1040 $staticAuth = new Auth('null', $options);
1041 }
1042 $staticAuth->log('Auth::staticCheckAuth() called', AUTH_LOG_DEBUG);
1043 return $staticAuth->checkAuth();
1044 }
1045
1046 // }}}
1047 // {{{ getAuth()
1048
1058 function getAuth()
1059 {
1060 $this->log('Auth::getAuth() called.', AUTH_LOG_DEBUG);
1061 return $this->checkAuth();
1062 }
1063
1064 // }}}
1065 // {{{ logout()
1066
1077 function logout()
1078 {
1079 $this->log('Auth::logout() called.', AUTH_LOG_DEBUG);
1080
1081 if (is_callable($this->logoutCallback) && isset($this->session['username'])) {
1082 $this->log('Calling logoutCallback ('.$this->logoutCallback.').', AUTH_LOG_DEBUG);
1083 call_user_func_array($this->logoutCallback, array($this->session['username'], &$this));
1084 }
1085
1086 $this->username = '';
1087 $this->password = '';
1088
1089 $this->session = null;
1090 }
1091
1092 // }}}
1093 // {{{ updateIdle()
1094
1101 function updateIdle()
1102 {
1103 $this->session['idle'] = time();
1104 }
1105
1106 // }}}
1107 // {{{ getUsername()
1108
1115 function getUsername()
1116 {
1117 if (isset($this->session['username'])) {
1118 return($this->session['username']);
1119 }
1120 return('');
1121 }
1122
1123 // }}}
1124 // {{{ getStatus()
1125
1132 function getStatus()
1133 {
1134 return $this->status;
1135 }
1136
1137 // }}}
1138 // {{{ getPostUsernameField()
1139
1146 function getPostUsernameField()
1147 {
1148 return($this->_postUsername);
1149 }
1150
1151 // }}}
1152 // {{{ getPostPasswordField()
1153
1160 function getPostPasswordField()
1161 {
1162 return($this->_postPassword);
1163 }
1164
1165 // }}}
1166 // {{{ sessionValidThru()
1167
1174 function sessionValidThru()
1175 {
1176 if (!isset($this->session['idle'])) {
1177 return 0;
1178 }
1179 if ($this->idle == 0) {
1180 return 0;
1181 }
1182 return ($this->session['idle'] + $this->idle);
1183 }
1184
1185 // }}}
1186 // {{{ listUsers()
1187
1195 function listUsers()
1196 {
1197 $this->log('Auth::listUsers() called.', AUTH_LOG_DEBUG);
1198 $this->_loadStorage();
1199 return $this->storage->listUsers();
1200 }
1201
1202 // }}}
1203 // {{{ addUser()
1204
1215 function addUser($username, $password, $additional = '')
1216 {
1217 $this->log('Auth::addUser() called.', AUTH_LOG_DEBUG);
1218 $this->_loadStorage();
1219 return $this->storage->addUser($username, $password, $additional);
1220 }
1221
1222 // }}}
1223 // {{{ removeUser()
1224
1233 function removeUser($username)
1234 {
1235 $this->log('Auth::removeUser() called.', AUTH_LOG_DEBUG);
1236 $this->_loadStorage();
1237 return $this->storage->removeUser($username);
1238 }
1239
1240 // }}}
1241 // {{{ changePassword()
1242
1252 function changePassword($username, $password)
1253 {
1254 $this->log('Auth::changePassword() called', AUTH_LOG_DEBUG);
1255 $this->_loadStorage();
1256 return $this->storage->changePassword($username, $password);
1257 }
1258
1259 // }}}
1260 // {{{ log()
1261
1270 function log($message, $level = AUTH_LOG_DEBUG)
1271 {
1272 if (!$this->enableLogging) return false;
1273
1274 $this->_loadLogger();
1275
1276 $this->logger->log('AUTH: '.$message, $level);
1277 }
1278
1279 // }}}
1280 // {{{ _loadLogger()
1281
1292 function _loadLogger()
1293 {
1294 if(is_null($this->logger)) {
1295 if (!class_exists('Log')) {
1296 include_once 'Log.php';
1297 }
1298 $this->logger =& Log::singleton('null',
1299 null,
1300 'auth['.getmypid().']',
1301 array(),
1302 AUTH_LOG_DEBUG);
1303 return(true);
1304 }
1305 return(false);
1306 }
1307
1308 // }}}
1309 // {{{ attachLogObserver()
1310
1317 function attachLogObserver(&$observer) {
1318
1319 $this->_loadLogger();
1320
1321 return $this->logger->attach($observer);
1322
1323 }
1324
1325 // }}}
1326 // {{{ _isAdvancedSecurityEnabled()
1327
1337 function _isAdvancedSecurityEnabled($feature = null) {
1338
1339 if (is_null($feature)) {
1340
1341 if ($this->advancedsecurity === true)
1342 return true;
1343
1344 if ( is_array($this->advancedsecurity)
1345 && in_array(true, $this->advancedsecurity, true))
1346 return true;
1347
1348 return false;
1349
1350 } else {
1351
1352 if (is_array($this->advancedsecurity)) {
1353
1354 if ( isset($this->advancedsecurity[$feature])
1355 && $this->advancedsecurity[$feature] == true)
1356 return true;
1357
1358 return false;
1359
1360 }
1361
1362 return (bool)$this->advancedsecurity;
1363
1364 }
1365
1366 }
1367
1368 // }}}
1369
1370}
1371?>
AUTH_LOG_INFO
const AUTH_LOG_INFO
Auth Log level - INFO.
Definition: Auth.php:55
AUTH_LOG_DEBUG
const AUTH_LOG_DEBUG
Auth Log level - DEBUG.
Definition: Auth.php:59
AUTH_ADV_USERAGENT
const AUTH_ADV_USERAGENT
Auth Advanced Security - User Agent Checks.
Definition: Auth.php:68
AUTH_ADV_IPCHECK
const AUTH_ADV_IPCHECK
Auth Advanced Security - IP Checks.
Definition: Auth.php:64
AUTH_SECURITY_BREACH
const AUTH_SECURITY_BREACH
Returned if new Advanced security system detects a breach.
Definition: Auth.php:46
AUTH_EXPIRED
const AUTH_EXPIRED
Returned if session has expired.
Definition: Auth.php:34
AUTH_ADV_CHALLENGE
const AUTH_ADV_CHALLENGE
Auth Advanced Security - Challenge Response.
Definition: Auth.php:72
AUTH_WRONG_LOGIN
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
AUTH_CALLBACK_ABORT
const AUTH_CALLBACK_ABORT
Returned if checkAuthCallback says session should not continue.
Definition: Auth.php:50
AUTH_IDLED
const AUTH_IDLED
Returned if session exceeds idle time.
Definition: Auth.php:30
$_SESSION
$_SESSION["AccountId"]
Definition: cfg.phpunit.template.php:10
Auth_Frontend_Html\render
render(&$caller, $username='')
Displays the login form.
Definition: Html.php:50
Auth\setShowLogin
setShowLogin($showLogin=true)
Should the login form be displayed if neccessary?
Definition: Auth.php:676
Auth\setAuth
setAuth($username)
Register variable in a session telling that the user has logged in successfully.
Definition: Auth.php:823
Auth\applyAuthOptions
& applyAuthOptions(&$options)
Set the Auth options.
Definition: Auth.php:396
Auth\checkAuth
checkAuth()
Checks if there is a session with valid auth information.
Definition: Auth.php:899
Auth\getAuthData
getAuthData($name=null)
Get additional information that is stored in the session.
Definition: Auth.php:798
Auth\$enableLogging
$enableLogging
Definition: Auth.php:309
Auth\setAllowLogin
setAllowLogin($allowLogin=true)
Should the login form be displayed if neccessary?
Definition: Auth.php:691
Auth\removeUser
removeUser($username)
Remove user from the storage container.
Definition: Auth.php:1233
Auth\$logger
$logger
Definition: Auth.php:302
Auth\$loginFunction
$loginFunction
Definition: Auth.php:145
Auth\$authdata
$authdata
Definition: Auth.php:289
Auth\$post
$post
Definition: Auth.php:277
Auth\_loadLogger
_loadLogger()
Load Log object if not already loaded.
Definition: Auth.php:1292
Auth\$idled
$idled
Definition: Auth.php:130
Auth\staticCheckAuth
staticCheckAuth($options=null)
Statically checks if there is a session with valid auth information.
Definition: Auth.php:1036
Auth\$storage
$storage
Definition: Auth.php:138
Auth\_factory
& _factory($driver, $options='')
Return a storage driver based on $driver and $options.
Definition: Auth.php:467
Auth\setExpire
setExpire($time, $add=false)
Set the maximum expire time.
Definition: Auth.php:619
Auth\$loginCallback
$loginCallback
Definition: Auth.php:198
Auth\changePassword
changePassword($username, $password)
Change password for user in the storage container.
Definition: Auth.php:1252
Auth\$allowLogin
$allowLogin
Definition: Auth.php:161
Auth\$server
$server
Definition: Auth.php:271
Auth\updateIdle
updateIdle()
Update the idletime.
Definition: Auth.php:1101
Auth\$checkAuthCallback
$checkAuthCallback
Definition: Auth.php:190
Auth\addUser
addUser($username, $password, $additional='')
Add user to the storage container.
Definition: Auth.php:1215
Auth\$session
$session
Definition: Auth.php:265
Auth\setLogoutCallback
setLogoutCallback($logoutCallback)
Register a callback function to be called on user logout.
Definition: Auth.php:758
Auth\$username
$username
Definition: Auth.php:175
Auth\$authChecks
$authChecks
Definition: Auth.php:295
Auth\login
login()
Login function.
Definition: Auth.php:543
Auth\$_postUsername
$_postUsername
Definition: Auth.php:252
Auth\start
start()
Start new auth session.
Definition: Auth.php:518
Auth\$logoutCallback
$logoutCallback
Definition: Auth.php:214
Auth\Auth
Auth($storageDriver, $options='', $loginFunction='', $showLogin=true)
Constructor.
Definition: Auth.php:335
Auth\$password
$password
Definition: Auth.php:182
Auth\setLoginCallback
setLoginCallback($loginCallback)
Register a callback function to be called on user login.
Definition: Auth.php:725
Auth\_loadStorage
_loadStorage()
Load Storage Driver if not already loaded.
Definition: Auth.php:443
Auth\listUsers
listUsers()
List all users that are currently available in the storage container.
Definition: Auth.php:1195
Auth\setIdle
setIdle($time, $add=false)
Set the maximum idle time.
Definition: Auth.php:635
Auth\sessionValidThru
sessionValidThru()
Returns the time up to the session is valid.
Definition: Auth.php:1174
Auth\$regenerateSessionId
$regenerateSessionId
Definition: Auth.php:316
Auth\assignData
assignData()
Assign data from login form to internal values.
Definition: Auth.php:491
Auth\$advancedsecurity
$advancedsecurity
Definition: Auth.php:245
Auth\getUsername
getUsername()
Get the username.
Definition: Auth.php:1115
Auth\$_postPassword
$_postPassword
Definition: Auth.php:259
Auth\getStatus
getStatus()
Get the current status.
Definition: Auth.php:1132
Auth\$loginFailedCallback
$loginFailedCallback
Definition: Auth.php:206
Auth\$cookie
$cookie
Definition: Auth.php:283
Auth\$expired
$expired
Definition: Auth.php:110
Auth\$version
$version
Definition: Auth.php:228
Auth\setFailedLoginCallback
setFailedLoginCallback($loginFailedCallback)
Register a callback function to be called on failed user login.
Definition: Auth.php:741
Auth\$showLogin
$showLogin
Definition: Auth.php:153
Auth\$idle
$idle
Definition: Auth.php:122
Auth\setSessionName
setSessionName($name='session')
Set name of the session to a customized value.
Definition: Auth.php:656
Auth\getPostPasswordField
getPostPasswordField()
Gets the post varible used for the username.
Definition: Auth.php:1160
Auth\getPostUsernameField
getPostUsernameField()
Gets the post varible used for the username.
Definition: Auth.php:1146
Auth\logout
logout()
Logout function.
Definition: Auth.php:1077
Auth\$expire
$expire
Definition: Auth.php:102
Auth\$_sessionName
$_sessionName
Definition: Auth.php:221
Auth\setCheckAuthCallback
setCheckAuthCallback($checkAuthCallback)
Register a callback function to be called whenever the validity of the login is checked The function ...
Definition: Auth.php:708
Auth\getAuth
getAuth()
Has the user been authenticated?
Definition: Auth.php:1058
Auth\$status
$status
Definition: Auth.php:168
Auth\log
log($message, $level=AUTH_LOG_DEBUG)
Log a message from the Auth system.
Definition: Auth.php:1270
Auth\setAdvancedSecurity
setAdvancedSecurity($flag=true)
Enables advanced security checks.
Definition: Auth.php:885
Auth\attachLogObserver
attachLogObserver(&$observer)
Attach an Observer to the Auth Log Source.
Definition: Auth.php:1317
Auth\_isAdvancedSecurityEnabled
_isAdvancedSecurityEnabled($feature=null)
Is advanced security enabled?
Definition: Auth.php:1337
Auth\setAuthData
setAuthData($name, $value, $overwrite=true)
Register additional information that is to be stored in the session.
Definition: Auth.php:777
Log\singleton
& singleton($handler, $name='', $ident='', $conf=array(), $level=PEAR_LOG_DEBUG)
Attempts to return a reference to a concrete Log instance of type $handler, only creating a new insta...
Definition: Log.php:213
PEAR\throwError
& throwError($message=null, $code=null, $userinfo=null)
Simpler form of raiseError with fewer options.
Definition: PEAR.php:591
ilAuthBase
@classDescription Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:34
ilUtil\setCookie
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:5102
$_POST
$_POST['username']
Definition: cron.php:12
$_COOKIE
$_COOKIE["ilClientId"]
Definition: cron.php:11
$additional
$additional
Definition: goto.php:89
$options
if(!is_array($argv)) $options
Definition: tcpdf_addfont.php:137
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54