ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilAuthBase.php
Go to the documentation of this file.
1<?php
2/*
3 +-----------------------------------------------------------------------------+
4 | ILIAS open source |
5 +-----------------------------------------------------------------------------+
6 | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7 | |
8 | This program is free software; you can redistribute it and/or |
9 | modify it under the terms of the GNU General Public License |
10 | as published by the Free Software Foundation; either version 2 |
11 | of the License, or (at your option) any later version. |
12 | |
13 | This program is distributed in the hope that it will be useful, |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16 | GNU General Public License for more details. |
17 | |
18 | You should have received a copy of the GNU General Public License |
19 | along with this program; if not, write to the Free Software |
20 | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21 +-----------------------------------------------------------------------------+
22*/
23
33abstract class ilAuthBase
34{
35 // Used for SOAP Auth
36 // TODO: Find another solution
37 protected $sub_status = null;
38
39 protected $exceeded_user_name;
40
41
46 public function getSubStatus()
47 {
48 return $this->sub_status;
49 }
50
55 public function setSubStatus($a_sub_status)
56 {
57 $this->sub_status = $a_sub_status;
58 }
59
65 public function supportsRedirects()
66 {
67 return true;
68 }
69
74 final public function getContainer()
75 {
76 return $this->storage;
77 }
78
84 final protected function initAuth()
85 {
86 ilSessionControl::initSession();
87
88 $this->enableLogging = true;
89 //$this->enableLogging = false;
90
91 if ($this->enableLogging) {
92 ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
93 }
94 $this->setLoginCallback(array($this,'loginObserver'));
95 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
96 $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
97 $this->setLogoutCallback(array($this,'logoutObserver'));
98
99 include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
100 $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
101 }
102
109 protected function loginObserver($a_username, $a_auth)
110 {
111 global $ilLog, $ilAppEventHandler, $ilSetting;
112
113 if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
114 // validate user
115 include_once "Services/User/classes/class.ilObjUser.php";
116 $user_id = ilObjUser::_loginExists($a_auth->getUsername());
117 if ($user_id != ANONYMOUS_USER_ID) {
118 $user = new ilObjUser($user_id);
119
120 // check if profile is complete
121 include_once "Services/User/classes/class.ilUserProfile.php";
122 if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
123 $user->setProfileIncomplete(true);
124 $user->update();
125 }
126
127 // --- extended user validation
128 //
129 // we only have a single status, so abort after each one
130 // order from highest priority to lowest
131
132 // active?
133 if (!$user->getActive()) {
134 $this->status = AUTH_USER_INACTIVE;
135 $a_auth->logout();
136 return;
137 }
138
139 // time limit
140 if (!$user->checkTimeLimit()) {
141 $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
142 // #16327
143 $this->exceeded_user_name = $this->getUserName();
144 $a_auth->logout();
145 return;
146 }
147
148 // check client ip
149 $clientip = $user->getClientIP();
150 if (trim($clientip) != "") {
151 $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
152 $clientip = str_replace(".", "\\.", $clientip);
153 $clientip = str_replace(array("?","*",","), array("[0-9]","[0-9]*","|"), $clientip);
154 if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
155 $this->status = AUTH_USER_WRONG_IP;
156 $a_auth->logout();
157 return;
158 }
159 }
160
161 // simultaneous login
162 if ($ilSetting->get('ps_prevent_simultaneous_logins') &&
163 ilObjUser::hasActiveSession($user_id)) {
164 $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
165 $a_auth->logout();
166 return;
167 }
168
169 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
170 ilOnlineTracking::addUser($user_id);
171
172 include_once 'Modules/Forum/classes/class.ilObjForum.php';
173 ilObjForum::_updateOldAccess($user_id);
174
175 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
176 $security_settings = ilSecuritySettings::_getInstance();
177
178 // determine first login of user for setting an indicator
179 // which still is available in PersonalDesktop, Repository, ...
180 // (last login date is set to current date in next step)
181 if ($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
182 $user->getLastLogin() == null
183 ) {
184 $user->resetLastPasswordChange();
185 }
186
187 $user->refreshLogin();
188
189 // reset counter for failed logins
190 ilObjUser::_resetLoginAttempts($user_id);
191 }
192
193 // --- anonymous/registered user
194 ilLoggerFactory::getLogger('auth')->info(
195 'logged in as ' . $a_auth->getUsername() .
196 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
197 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
198 );
199
200 ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
201
202 $ilAppEventHandler->raise(
203 'Services/Authentication',
204 'afterLogin',
205 array('username' => $a_auth->getUsername())
206 );
207 }
208 }
209
216 protected function failedLoginObserver($a_username, $a_auth)
217 {
218 global $ilLog;
219
220 ilLoggerFactory::getLogger('auth')->info(
221 ': login failed for user ' . $a_username .
222 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
223 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
224 );
225
226 if ($a_username) {
227 $usr_id = ilObjUser::_lookupId($a_username);
228 if (!in_array($usr_id, array(ANONYMOUS_USER_ID))) {
229 ilObjUser::_incrementLoginAttempts($usr_id);
230 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
231
232 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
233 $security = ilSecuritySettings::_getInstance();
234 $max_attempts = $security->getLoginMaxAttempts();
235
236 if ((int) $max_attempts && $login_attempts >= $max_attempts) {
237 ilObjUser::_setUserInactive($usr_id);
238 }
239 }
240 }
241
242 return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
243 }
244
251 protected function checkAuthObserver($a_username, $a_auth)
252 {
253 return $this->getContainer()->checkAuthObserver($a_username, $a_auth);
254 }
255
262 protected function logoutObserver($a_username, $a_auth)
263 {
264 global $ilLog, $ilAppEventHandler;
265
266 ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
267
268 ilSessionControl::handleLogoutEvent();
269
270 $ilAppEventHandler->raise(
271 'Services/Authentication',
272 'afterLogout',
273 array('username' => $a_auth->getUsername())
274 );
275
276 return $this->getContainer()->logoutObserver($a_username, $a_auth);
277 }
278
279 public function getExceededUserName()
280 {
281 return $this->exceeded_user_name;
282 }
283}
php
An exception for terminatinating execution or to throw for unit testing.
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:51
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:50
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:49
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:48
ilAuthBase
@classDescription Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:34
ilAuthBase\initAuth
initAuth()
Init auth object Enable logging, set callbacks...
Definition: class.ilAuthBase.php:84
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
ilAuthBase\setSubStatus
setSubStatus($a_sub_status)
Set sub status.
Definition: class.ilAuthBase.php:55
ilAuthBase\failedLoginObserver
failedLoginObserver($a_username, $a_auth)
Called after failed login.
Definition: class.ilAuthBase.php:216
ilAuthBase\getSubStatus
getSubStatus()
Get sub status.
Definition: class.ilAuthBase.php:46
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:109
ilAuthBase\supportsRedirects
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ....
Definition: class.ilAuthBase.php:65
ilAuthBase\logoutObserver
logoutObserver($a_username, $a_auth)
Called after logout.
Definition: class.ilAuthBase.php:262
ilAuthBase\checkAuthObserver
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
Definition: class.ilAuthBase.php:251
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilObjForum\_updateOldAccess
static _updateOldAccess($a_usr_id)
Definition: class.ilObjForum.php:379
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4614
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4640
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4654
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4628
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4334
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2461
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:104
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:203
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:138
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:160
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:826
$ilLog
$ilLog
Definition: inc.setup_header.php:129
$ilSetting
global $ilSetting
Definition: privfeed.php:17
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54