Base class for all PEAR and ILIAS auth classes. More...

Collaboration diagram for ilAuthBase:

Public Member Functions
	getSubStatus ()
	Get sub status. More...

	setSubStatus ($a_sub_status)
	Set sub status. More...

	supportsRedirects ()
	Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...

	getContainer ()
	Get container object. More...

	getExceededUserName ()

Protected Member Functions
	initAuth ()
	Init auth object Enable logging, set callbacks... More...

	loginObserver ($a_username, $a_auth)
	Called after successful login. More...

	failedLoginObserver ($a_username, $a_auth)
	Called after failed login. More...

	checkAuthObserver ($a_username, $a_auth)
	Called after each check auth request. More...

	logoutObserver ($a_username, $a_auth)
	Called after logout. More...

Protected Attributes
	$sub_status = null

	$exceeded_user_name

Detailed Description

Base class for all PEAR and ILIAS auth classes.

Enables logging, observers.

Author: Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e

Version: $Id$

Definition at line 33 of file class.ilAuthBase.php.

Member Function Documentation

◆ checkAuthObserver()

ilAuthBase::checkAuthObserver	(	$a_username,
		$a_auth
	)

protected

Called after each check auth request.

Returns

Parameters

array	$a_username
object	$a_auth

Definition at line 251 of file class.ilAuthBase.php.

References getContainer().

     {
         return $this->getContainer()->checkAuthObserver($a_username, $a_auth);
     }

Here is the call graph for this function:

◆ failedLoginObserver()

ilAuthBase::failedLoginObserver	(	$a_username,
		$a_auth
	)

protected

Called after failed login.

Returns

Parameters

array	$a_username
object	$a_auth

Definition at line 216 of file class.ilAuthBase.php.

References $_SERVER, $ilLog, ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), array, getContainer(), and ilLoggerFactory\getLogger().

     {
         global $ilLog;
 
         ilLoggerFactory::getLogger('auth')->info(
             ': login failed for user ' . $a_username .
             ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
             ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
         );
         
         if ($a_username) {
             $usr_id = ilObjUser::_lookupId($a_username);
             if (!in_array($usr_id, array(ANONYMOUS_USER_ID))) {
                 ilObjUser::_incrementLoginAttempts($usr_id);
                 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
                 
                 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
                 $security = ilSecuritySettings::_getInstance();
                 $max_attempts = $security->getLoginMaxAttempts();
                 
                 if ((int) $max_attempts && $login_attempts >= $max_attempts) {
                     ilObjUser::_setUserInactive($usr_id);
                 }
             }
         }
 
         return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
     }

Here is the call graph for this function:

◆ getContainer()

ilAuthBase::getContainer ( )

final

Get container object.

Returns: object ilAuthContainerBase

Definition at line 74 of file class.ilAuthBase.php.

Referenced by checkAuthObserver(), failedLoginObserver(), loginObserver(), and logoutObserver().

     {
         return $this->storage;
     }

Here is the caller graph for this function:

◆ getExceededUserName()

ilAuthBase::getExceededUserName ( )

Definition at line 279 of file class.ilAuthBase.php.

References $exceeded_user_name.

     {
         return $this->exceeded_user_name;
     }

◆ getSubStatus()

ilAuthBase::getSubStatus ( )

Get sub status.

Returns: type

Definition at line 46 of file class.ilAuthBase.php.

References $sub_status.

     {
         return $this->sub_status;
     }

◆ initAuth()

ilAuthBase::initAuth ( )

finalprotected

Init auth object Enable logging, set callbacks...

Returns: void

Definition at line 84 of file class.ilAuthBase.php.

References array, ilLoggerFactory\getLogger(), and ilSessionControl\initSession().

     {
         ilSessionControl::initSession();
 
         $this->enableLogging = true;
         //$this->enableLogging = false;
 
         if ($this->enableLogging) {
             ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
         }
         $this->setLoginCallback(array($this,'loginObserver'));
         $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
         $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
         $this->setLogoutCallback(array($this,'logoutObserver'));
         
         include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
         $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
     }

Here is the call graph for this function:

◆ loginObserver()

ilAuthBase::loginObserver	(	$a_username,
		$a_auth
	)

protected

Called after successful login.

Returns

Parameters

array	$a_username
object	$a_auth

Definition at line 109 of file class.ilAuthBase.php.

References $_SERVER, $ilLog, $ilSetting, ilSecuritySettings\_getInstance(), ilObjUser\_loginExists(), ilObjUser\_resetLoginAttempts(), ilObjForum\_updateOldAccess(), array, AUTH_USER_INACTIVE, AUTH_USER_SIMULTANEOUS_LOGIN, AUTH_USER_TIME_LIMIT_EXCEEDED, AUTH_USER_WRONG_IP, ilAuthFactory\CONTEXT_ECS, getContainer(), ilAuthFactory\getContext(), ilLoggerFactory\getLogger(), ilSessionControl\handleLoginEvent(), ilObjUser\hasActiveSession(), and ilUserProfile\isProfileIncomplete().

     {
         global $ilLog, $ilAppEventHandler, $ilSetting;
         
         if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
             // validate user
             include_once "Services/User/classes/class.ilObjUser.php";
             $user_id = ilObjUser::_loginExists($a_auth->getUsername());
             if ($user_id != ANONYMOUS_USER_ID) {
                 $user = new ilObjUser($user_id);
                     
                 // check if profile is complete
                 include_once "Services/User/classes/class.ilUserProfile.php";
                 if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
                     $user->setProfileIncomplete(true);
                     $user->update();
                 }
 
                 // --- extended user validation
                 //
                 // we only have a single status, so abort after each one
                 // order from highest priority to lowest
                 
                 // active?
                 if (!$user->getActive()) {
                     $this->status = AUTH_USER_INACTIVE;
                     $a_auth->logout();
                     return;
                 }
                 
                 // time limit
                 if (!$user->checkTimeLimit()) {
                     $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
                     // #16327
                     $this->exceeded_user_name = $this->getUserName();
                     $a_auth->logout();
                     return;
                 }
                 
                 // check client ip
                 $clientip = $user->getClientIP();
                 if (trim($clientip) != "") {
                     $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
                     $clientip = str_replace(".", "\\.", $clientip);
                     $clientip = str_replace(array("?","*",","), array("[0-9]","[0-9]*","|"), $clientip);
                     if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
                         $this->status = AUTH_USER_WRONG_IP;
                         $a_auth->logout();
                         return;
                     }
                 }
                 
                 // simultaneous login
                 if ($ilSetting->get('ps_prevent_simultaneous_logins') &&
                     ilObjUser::hasActiveSession($user_id)) {
                     $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
                     $a_auth->logout();
                     return;
                 }
 
                 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
                 ilOnlineTracking::addUser($user_id);
 
                 include_once 'Modules/Forum/classes/class.ilObjForum.php';
                 ilObjForum::_updateOldAccess($user_id);
 
                 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
                 $security_settings = ilSecuritySettings::_getInstance();
 
                 // determine first login of user for setting an indicator
                 // which still is available in PersonalDesktop, Repository, ...
                 // (last login date is set to current date in next step)
                 if ($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
                     $user->getLastLogin() == null
                 ) {
                     $user->resetLastPasswordChange();
                 }
 
                 $user->refreshLogin();
             
                 // reset counter for failed logins
                 ilObjUser::_resetLoginAttempts($user_id);
             }
 
             // --- anonymous/registered user
             ilLoggerFactory::getLogger('auth')->info(
                 'logged in as ' . $a_auth->getUsername() .
                 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
                 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
             );
 
             ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
 
             $ilAppEventHandler->raise(
                 'Services/Authentication',
                 'afterLogin',
                 array('username' => $a_auth->getUsername())
             );
         }
     }

Here is the call graph for this function:

◆ logoutObserver()

ilAuthBase::logoutObserver	(	$a_username,
		$a_auth
	)

protected

Called after logout.

Returns

Parameters

array	$a_username
object	$a_auth

Definition at line 262 of file class.ilAuthBase.php.

References $ilLog, array, getContainer(), ilLoggerFactory\getLogger(), and ilSessionControl\handleLogoutEvent().

     {
         global $ilLog, $ilAppEventHandler;
         
         ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
 
         ilSessionControl::handleLogoutEvent();
 
         $ilAppEventHandler->raise(
             'Services/Authentication',
             'afterLogout',
             array('username' => $a_auth->getUsername())
         );
                 
         return $this->getContainer()->logoutObserver($a_username, $a_auth);
     }

Here is the call graph for this function:

◆ setSubStatus()

ilAuthBase::setSubStatus ( $a_sub_status )

Set sub status.

Parameters

type $a_sub_status

Definition at line 55 of file class.ilAuthBase.php.

     {
         $this->sub_status = $a_sub_status;
     }

◆ supportsRedirects()

ilAuthBase::supportsRedirects ( )

Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...

Returns

Definition at line 65 of file class.ilAuthBase.php.

     {
         return true;
     }

Field Documentation

◆ $exceeded_user_name

ilAuthBase::$exceeded_user_name

protected

Definition at line 39 of file class.ilAuthBase.php.

Referenced by getExceededUserName().

◆ $sub_status

ilAuthBase::$sub_status = null

protected

Definition at line 37 of file class.ilAuthBase.php.

Referenced by getSubStatus().

The documentation for this class was generated from the following file:

Services/Authentication/classes/class.ilAuthBase.php

Public Member Functions

Protected Member Functions

Protected Attributes

Detailed Description

Member Function Documentation

◆ checkAuthObserver()

◆ failedLoginObserver()

◆ getContainer()

◆ getExceededUserName()

◆ getSubStatus()

◆ initAuth()

◆ loginObserver()

◆ logoutObserver()

◆ setSubStatus()

◆ supportsRedirects()

Field Documentation

◆ $exceeded_user_name

◆ $sub_status