ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilAuthBase.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2001 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
33 abstract class ilAuthBase
34 {
35  // Used for SOAP Auth
36  // TODO: Find another solution
37  protected $sub_status = null;
38 
39  protected $exceeded_user_name;
40 
41 
46  public function getSubStatus()
47  {
48  return $this->sub_status;
49  }
50 
55  public function setSubStatus($a_sub_status)
56  {
57  $this->sub_status = $a_sub_status;
58  }
59 
65  public function supportsRedirects()
66  {
67  return true;
68  }
69 
74  final public function getContainer()
75  {
76  return $this->storage;
77  }
78 
84  final protected function initAuth()
85  {
86  ilSessionControl::initSession();
87 
88  $this->enableLogging = true;
89  //$this->enableLogging = false;
90 
91  if ($this->enableLogging) {
92  ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
93  }
94  $this->setLoginCallback(array($this,'loginObserver'));
95  $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
96  $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
97  $this->setLogoutCallback(array($this,'logoutObserver'));
98 
99  include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
100  $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
101  }
102 
109  protected function loginObserver($a_username, $a_auth)
110  {
111  global $ilLog, $ilAppEventHandler, $ilSetting;
112 
113  if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
114  // validate user
115  include_once "Services/User/classes/class.ilObjUser.php";
116  $user_id = ilObjUser::_loginExists($a_auth->getUsername());
117  if ($user_id != ANONYMOUS_USER_ID) {
118  $user = new ilObjUser($user_id);
119 
120  // check if profile is complete
121  include_once "Services/User/classes/class.ilUserProfile.php";
122  if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
123  $user->setProfileIncomplete(true);
124  $user->update();
125  }
126 
127  // --- extended user validation
128  //
129  // we only have a single status, so abort after each one
130  // order from highest priority to lowest
131 
132  // active?
133  if (!$user->getActive()) {
134  $this->status = AUTH_USER_INACTIVE;
135  $a_auth->logout();
136  return;
137  }
138 
139  // time limit
140  if (!$user->checkTimeLimit()) {
141  $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
142  // #16327
143  $this->exceeded_user_name = $this->getUserName();
144  $a_auth->logout();
145  return;
146  }
147 
148  // check client ip
149  $clientip = $user->getClientIP();
150  if (trim($clientip) != "") {
151  $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
152  $clientip = str_replace(".", "\\.", $clientip);
153  $clientip = str_replace(array("?","*",","), array("[0-9]","[0-9]*","|"), $clientip);
154  if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
155  $this->status = AUTH_USER_WRONG_IP;
156  $a_auth->logout();
157  return;
158  }
159  }
160 
161  // simultaneous login
162  if ($ilSetting->get('ps_prevent_simultaneous_logins') &&
163  ilObjUser::hasActiveSession($user_id)) {
164  $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
165  $a_auth->logout();
166  return;
167  }
168 
169  include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
170  ilOnlineTracking::addUser($user_id);
171 
172  include_once 'Modules/Forum/classes/class.ilObjForum.php';
173  ilObjForum::_updateOldAccess($user_id);
174 
175  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
176  $security_settings = ilSecuritySettings::_getInstance();
177 
178  // determine first login of user for setting an indicator
179  // which still is available in PersonalDesktop, Repository, ...
180  // (last login date is set to current date in next step)
181  if ($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
182  $user->getLastLogin() == null
183  ) {
184  $user->resetLastPasswordChange();
185  }
186 
187  $user->refreshLogin();
188 
189  // reset counter for failed logins
190  ilObjUser::_resetLoginAttempts($user_id);
191  }
192 
193  // --- anonymous/registered user
194  ilLoggerFactory::getLogger('auth')->info(
195  'logged in as ' . $a_auth->getUsername() .
196  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
197  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
198  );
199 
200  ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
201 
202  $ilAppEventHandler->raise(
203  'Services/Authentication',
204  'afterLogin',
205  array('username' => $a_auth->getUsername())
206  );
207  }
208  }
209 
216  protected function failedLoginObserver($a_username, $a_auth)
217  {
218  global $ilLog;
219 
220  ilLoggerFactory::getLogger('auth')->info(
221  ': login failed for user ' . $a_username .
222  ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
223  ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
224  );
225 
226  if ($a_username) {
227  $usr_id = ilObjUser::_lookupId($a_username);
228  if (!in_array($usr_id, array(ANONYMOUS_USER_ID))) {
229  ilObjUser::_incrementLoginAttempts($usr_id);
230  $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
231 
232  require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
233  $security = ilSecuritySettings::_getInstance();
234  $max_attempts = $security->getLoginMaxAttempts();
235 
236  if ((int) $max_attempts && $login_attempts >= $max_attempts) {
237  ilObjUser::_setUserInactive($usr_id);
238  }
239  }
240  }
241 
242  return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
243  }
244 
251  protected function checkAuthObserver($a_username, $a_auth)
252  {
253  return $this->getContainer()->checkAuthObserver($a_username, $a_auth);
254  }
255 
262  protected function logoutObserver($a_username, $a_auth)
263  {
264  global $ilLog, $ilAppEventHandler;
265 
266  ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
267 
268  ilSessionControl::handleLogoutEvent();
269 
270  $ilAppEventHandler->raise(
271  'Services/Authentication',
272  'afterLogout',
273  array('username' => $a_auth->getUsername())
274  );
275 
276  return $this->getContainer()->logoutObserver($a_username, $a_auth);
277  }
278 
279  public function getExceededUserName()
280  {
281  return $this->exceeded_user_name;
282  }
283 }
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:826
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:49
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:48
ilAuthBase\failedLoginObserver
failedLoginObserver($a_username, $a_auth)
Called after failed login.
Definition: class.ilAuthBase.php:216
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2461
ilAuthBase\initAuth
initAuth()
Init auth object Enable logging, set callbacks...
Definition: class.ilAuthBase.php:84
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4640
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:784
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:50
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4614
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4628
ilAuthBase\getSubStatus
getSubStatus()
Get sub status.
Definition: class.ilAuthBase.php:46
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4334
ilAuthBase\logoutObserver
logoutObserver($a_username, $a_auth)
Called after logout.
Definition: class.ilAuthBase.php:262
ilAuthBase
Base class for all PEAR and ILIAS auth classes.
Definition: class.ilAuthBase.php:33
ilAuthBase\checkAuthObserver
checkAuthObserver($a_username, $a_auth)
Called after each check auth request.
Definition: class.ilAuthBase.php:251
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:109
ilAuthBase\setSubStatus
setSubStatus($a_sub_status)
Set sub status.
Definition: class.ilAuthBase.php:55
ilObjForum\_updateOldAccess
static _updateOldAccess($a_usr_id)
Definition: class.ilObjForum.php:379
$ilLog
$ilLog
Definition: inc.setup_header.php:129
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:51
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:138
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4654
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilAuthBase\supportsRedirects
supportsRedirects()
Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...
Definition: class.ilAuthBase.php:65
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:79
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:203
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:160
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:104