ILIAS  release_5-2 Revision v5.2.25-18-g3f80b828510
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthBase Class Reference

Base class for all PEAR and ILIAS auth classes. More...

+ Collaboration diagram for ilAuthBase:

Public Member Functions

 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Protected Member Functions

 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 

Protected Attributes

 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

Base class for all PEAR and ILIAS auth classes.

Enables logging, observers.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$Id$

Definition at line 33 of file class.ilAuthBase.php.

Member Function Documentation

◆ checkAuthObserver()

ilAuthBase::checkAuthObserver (   $a_username,
  $a_auth 
)
protected

Called after each check auth request.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 264 of file class.ilAuthBase.php.

References getContainer().

265  {
266  return $this->getContainer()->checkAuthObserver($a_username,$a_auth);
267  }
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
+ Here is the call graph for this function:

◆ failedLoginObserver()

ilAuthBase::failedLoginObserver (   $a_username,
  $a_auth 
)
protected

Called after failed login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 226 of file class.ilAuthBase.php.

References $_SERVER, $ilLog, ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), array, getContainer(), and ilLoggerFactory\getLogger().

227  {
228  global $ilLog;
229 
230  ilLoggerFactory::getLogger('auth')->info(
231  ': login failed for user '.$a_username.
232  ', remote:'.$_SERVER['REMOTE_ADDR'].':'.$_SERVER['REMOTE_PORT'].
233  ', server:'.$_SERVER['SERVER_ADDR'].':'.$_SERVER['SERVER_PORT']
234  );
235 
236  if($a_username)
237  {
238  $usr_id = ilObjUser::_lookupId($a_username);
239  if(!in_array($usr_id, array(ANONYMOUS_USER_ID)))
240  {
241  ilObjUser::_incrementLoginAttempts($usr_id);
242  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
243 
244  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
245  $security = ilSecuritySettings::_getInstance();
246  $max_attempts = $security->getLoginMaxAttempts();
247 
248  if((int)$max_attempts && $login_attempts >= $max_attempts)
249  {
250  ilObjUser::_setUserInactive($usr_id);
251  }
252  }
253  }
254 
255  return $this->getContainer()->failedLoginObserver($a_username,$a_auth);
256  }
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4693
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:787
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4681
$ilLog
$ilLog
Definition: inc.setup_header.php:130
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4704
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
+ Here is the call graph for this function:

◆ getContainer()

ilAuthBase::getContainer ( )
final

Get container object.

Returns
object ilAuthContainerBase

Definition at line 74 of file class.ilAuthBase.php.

Referenced by checkAuthObserver(), failedLoginObserver(), loginObserver(), and logoutObserver().

75  {
76  return $this->storage;
77  }
+ Here is the caller graph for this function:

◆ getExceededUserName()

ilAuthBase::getExceededUserName ( )

Definition at line 291 of file class.ilAuthBase.php.

References $exceeded_user_name.

292  {
293  return $this->exceeded_user_name;
294  }

◆ getSubStatus()

ilAuthBase::getSubStatus ( )

Get sub status.

Returns
type

Definition at line 46 of file class.ilAuthBase.php.

References $sub_status.

47  {
48  return $this->sub_status;
49  }

◆ initAuth()

ilAuthBase::initAuth ( )
finalprotected

Init auth object Enable logging, set callbacks...

Returns
void

Definition at line 84 of file class.ilAuthBase.php.

References array, ilLoggerFactory\getLogger(), and ilSessionControl\initSession().

85  {
86  ilSessionControl::initSession();
87 
88  $this->enableLogging = TRUE;
89  //$this->enableLogging = false;
90 
91  if ($this->enableLogging)
92  {
93  ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
94  }
95  $this->setLoginCallback(array($this,'loginObserver'));
96  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
97  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
98  $this->setLogoutCallback(array($this,'logoutObserver'));
99 
100  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
101  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
102 
103  }
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:140
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
+ Here is the call graph for this function:

◆ loginObserver()

ilAuthBase::loginObserver (   $a_username,
  $a_auth 
)
protected

Called after successful login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 111 of file class.ilAuthBase.php.

References $_SERVER, $ilLog, $ilSetting, ilSecuritySettings\_getInstance(), ilObjUser\_loginExists(), ilObjUser\_resetLoginAttempts(), array, AUTH_USER_INACTIVE, AUTH_USER_SIMULTANEOUS_LOGIN, AUTH_USER_TIME_LIMIT_EXCEEDED, AUTH_USER_WRONG_IP, ilAuthFactory\CONTEXT_ECS, getContainer(), ilAuthFactory\getContext(), ilLoggerFactory\getLogger(), ilSessionControl\handleLoginEvent(), ilObjUser\hasActiveSession(), and ilUserProfile\isProfileIncomplete().

112  {
113  global $ilLog, $ilAppEventHandler, $ilSetting;
114 
115  if($this->getContainer()->loginObserver($a_username,$a_auth))
116  {
117  // validate user
118  include_once "Services/User/classes/class.ilObjUser.php";
119  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
120  if($user_id != ANONYMOUS_USER_ID)
121  {
122  $user = new ilObjUser($user_id);
123 
124  // check if profile is complete
125  include_once "Services/User/classes/class.ilUserProfile.php";
126  if(ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS)
127  {
128  $user->setProfileIncomplete(true);
129  $user->update();
130  }
131 
132  // --- extended user validation
133  //
134  // we only have a single status, so abort after each one
135  // order from highest priority to lowest
136 
137  // active?
138  if(!$user->getActive())
139  {
140  $this->status = AUTH_USER_INACTIVE;
141  $a_auth->logout();
142  return;
143  }
144 
145  // time limit
146  if(!$user->checkTimeLimit())
147  {
148  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
149  // #16327
150  $this->exceeded_user_name = $this->getUserName();
151  $a_auth->logout();
152  return;
153  }
154 
155  // check client ip
156  $clientip = $user->getClientIP();
157  if (trim($clientip) != "")
158  {
159  $clientip = preg_replace("/[^0-9.?*,:]+/","",$clientip);
160  $clientip = str_replace(".","\\.",$clientip);
161  $clientip = str_replace(Array("?","*",","), Array("[0-9]","[0-9]*","|"), $clientip);
162  if (!preg_match("/^".$clientip."$/", $_SERVER["REMOTE_ADDR"]))
163  {
164  $this->status = AUTH_USER_WRONG_IP;
165  $a_auth->logout();
166  return;
167  }
168  }
169 
170  // simultaneous login
171  if($ilSetting->get('ps_prevent_simultaneous_logins') &&
172  ilObjUser::hasActiveSession($user_id))
173  {
174  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
175  $a_auth->logout();
176  return;
177  }
178 
179  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
180  ilOnlineTracking::addUser($user_id);
181 
182  include_once 'Modules/Forum/classes/class.ilObjForum.php';
183  ilObjForum::_updateOldAccess($user_id);
184 
185  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
186  $security_settings = ilSecuritySettings::_getInstance();
187 
188  // determine first login of user for setting an indicator
189  // which still is available in PersonalDesktop, Repository, ...
190  // (last login date is set to current date in next step)
191  if($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
192  $user->getLastLogin() == null
193  )
194  {
195  $user->resetLastPasswordChange();
196  }
197 
198  $user->refreshLogin();
199 
200  // reset counter for failed logins
201  ilObjUser::_resetLoginAttempts($user_id);
202  }
203 
204  // --- anonymous/registered user
205  ilLoggerFactory::getLogger('auth')->info(
206  'logged in as '. $a_auth->getUsername() .
207  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
208  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
209  );
210 
211  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
212 
213  $ilAppEventHandler->raise(
214  'Services/Authentication', 'afterLogin',
215  array('username' => $a_auth->getUsername())
216  );
217  }
218  }
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:872
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:46
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:45
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2451
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:47
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4670
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4381
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:111
$ilLog
$ilLog
Definition: inc.setup_header.php:130
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:48
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:164
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:105
+ Here is the call graph for this function:

◆ logoutObserver()

ilAuthBase::logoutObserver (   $a_username,
  $a_auth 
)
protected

Called after logout.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 275 of file class.ilAuthBase.php.

References $ilLog, array, getContainer(), ilLoggerFactory\getLogger(), and ilSessionControl\handleLogoutEvent().

276  {
277  global $ilLog, $ilAppEventHandler;
278 
279  ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
280 
281  ilSessionControl::handleLogoutEvent();
282 
283  $ilAppEventHandler->raise(
284  'Services/Authentication', 'afterLogout',
285  array('username' => $a_auth->getUsername())
286  );
287 
288  return $this->getContainer()->logoutObserver($a_username,$a_auth);
289  }
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
$ilLog
$ilLog
Definition: inc.setup_header.php:130
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:82
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:208
+ Here is the call graph for this function:

◆ setSubStatus()

ilAuthBase::setSubStatus (   $a_sub_status)

Set sub status.

Parameters
type$a_sub_status

Definition at line 55 of file class.ilAuthBase.php.

56  {
57  $this->sub_status = $a_sub_status;
58  }

◆ supportsRedirects()

ilAuthBase::supportsRedirects ( )

Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...

Returns

Definition at line 65 of file class.ilAuthBase.php.

66  {
67  return true;
68  }

Field Documentation

◆ $exceeded_user_name

ilAuthBase::$exceeded_user_name
protected

Definition at line 39 of file class.ilAuthBase.php.

Referenced by getExceededUserName().

◆ $sub_status

ilAuthBase::$sub_status = null
protected

Definition at line 37 of file class.ilAuthBase.php.

Referenced by getSubStatus().

The documentation for this class was generated from the following file: