ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilCASAuth.php
Go to the documentation of this file.
1 <?php
2 /*
3  +-----------------------------------------------------------------------------+
4  | ILIAS open source |
5  +-----------------------------------------------------------------------------+
6  | Copyright (c) 1998-2006 ILIAS open source, University of Cologne |
7  | |
8  | This program is free software; you can redistribute it and/or |
9  | modify it under the terms of the GNU General Public License |
10  | as published by the Free Software Foundation; either version 2 |
11  | of the License, or (at your option) any later version. |
12  | |
13  | This program is distributed in the hope that it will be useful, |
14  | but WITHOUT ANY WARRANTY; without even the implied warranty of |
15  | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16  | GNU General Public License for more details. |
17  | |
18  | You should have received a copy of the GNU General Public License |
19  | along with this program; if not, write to the Free Software |
20  | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
21  +-----------------------------------------------------------------------------+
22 */
23 
24 
25 include_once("Auth/Auth.php");
26 
37 class ilCASAuth extends Auth
38 {
43  public function __construct($a_params)
44  {
45  if ($a_params["sessionName"] != "") {
46  parent::__construct("", array("sessionName" => $a_params["sessionName"]));
47  } else {
48  parent::__construct("");
49  }
50 
51  include_once("./Services/CAS/lib/CAS.php");
52  $this->server_version = CAS_VERSION_2_0;
53  $this->server_hostname = $a_params["server_hostname"];
54  $this->server_port = (int) $a_params["server_port"];
55  $this->server_uri = $a_params["server_uri"];
56 
57  //phpCAS::setDebug();
58  //echo "-".$_GET['ticket']."-"; exit;
59  phpCAS::client(
60  $this->server_version,
61  $this->server_hostname,
62  $this->server_port,
63  (string) $this->server_uri
64  );
65  }
66 
73  public function checkCASAuth()
74  {
75  global $PHPCAS_CLIENT;
76 
77  return $PHPCAS_CLIENT->isAuthenticated();
78  }
79 
80  public function forceCASAuth()
81  {
82  phpCAS::forceAuthentication();
83  }
84 
85  public function getCASUser()
86  {
87  return phpCAS::getUser();
88  }
89 
95  /*
96  function getAuth()
97  {
98  $session = &$this->_importGlobalVariable('session');
99  if (!empty($session) &&
100  (isset($session[$this->_sessionName]['registered']) &&
101  $session[$this->_sessionName]['registered'] === true))
102  {
103  return true;
104  } else {
105  return false;
106  }
107  }
108  */
109 
118  /*
119  function setIdle($time, $add = false)
120  {
121  $add ? $this->idle += $time : $this->idle = $time;
122  }
123  */
124 
133  /*
134  function setExpire($time, $add = false)
135  {
136  $add ? $this->expire += $time : $this->expire = $time;
137  }
138  */
139 
146  /*
147  function checkAuth()
148  {
149  $session = &$this->_importGlobalVariable('session');
150 
151  if (isset($session[$this->_sessionName])) {
152  // Check if authentication session is expired
153  if ($this->expire > 0 &&
154  isset($session[$this->_sessionName]['timestamp']) &&
155  ($session[$this->_sessionName]['timestamp'] + $this->expire) < time()) {
156 
157  $this->logout();
158  $this->expired = true;
159  $this->status = AUTH_EXPIRED;
160 
161  return false;
162  }
163 
164  // Check if maximum idle time is reached
165  if ($this->idle > 0 &&
166  isset($session[$this->_sessionName]['idle']) &&
167  ($session[$this->_sessionName]['idle'] + $this->idle) < time()) {
168 
169  $this->logout();
170  $this->idled = true;
171  $this->status = AUTH_IDLED;
172 
173  return false;
174  }
175 
176  if (isset($session[$this->_sessionName]['registered']) &&
177  isset($session[$this->_sessionName]['username']) &&
178  $session[$this->_sessionName]['registered'] == true &&
179  $session[$this->_sessionName]['username'] != '') {
180 
181  Auth::updateIdle();
182 
183  return true;
184  }
185  }
186 
187  return false;
188  }
189  */
190 
197  /*
198  function start()
199  {
200  @session_start();
201 
202  if (!$this->checkAuth()) {
203  $this->login();
204  }
205  }
206  */
207 
214  public function login()
215  {
216  global $ilias, $rbacadmin, $ilSetting;
217 
218  if (phpCAS::getUser() != "") {
219  $username = phpCAS::getUser();
220 
221  // Authorize this user
222  include_once('./Services/User/classes/class.ilObjUser.php');
223  $local_user = ilObjUser::_checkExternalAuthAccount("cas", $username);
224 
225  if ($local_user != "") {
226  $this->setAuth($local_user);
227  } else {
228  if (!$ilSetting->get("cas_create_users")) {
229  $this->status = AUTH_CAS_NO_ILIAS_USER;
230  $this->logout();
231  return;
232  }
233 
234  $userObj = new ilObjUser();
235 
236  $local_user = ilAuthUtils::_generateLogin($username);
237 
238  $newUser["firstname"] = $local_user;
239  $newUser["lastname"] = "";
240 
241  $newUser["login"] = $local_user;
242 
243  // set "plain md5" password (= no valid password)
244  $newUser["passwd"] = "";
245  $newUser["passwd_type"] = IL_PASSWD_CRYPTED;
246 
247  //$newUser["gender"] = "m";
248  $newUser["auth_mode"] = "cas";
249  $newUser["ext_account"] = $username;
250  $newUser["profile_incomplete"] = 1;
251 
252  // system data
253  $userObj->assignData($newUser);
254  $userObj->setTitle($userObj->getFullname());
255  $userObj->setDescription($userObj->getEmail());
256 
257  // set user language to system language
258  $userObj->setLanguage($ilSetting->get("language"));
259 
260  // Time limit
261  $userObj->setTimeLimitOwner(7);
262  $userObj->setTimeLimitUnlimited(1);
263  $userObj->setTimeLimitFrom(time());
264  $userObj->setTimeLimitUntil(time());
265 
266  // Create user in DB
267  $userObj->setOwner(0);
268  $userObj->create();
269  $userObj->setActive(1);
270 
271  $userObj->updateOwner();
272 
273  //insert user data in table user_data
274  $userObj->saveAsNew();
275 
276  // setup user preferences
277  $userObj->writePrefs();
278 
279  // to do: test this
280  $rbacadmin->assignUser($ilSetting->get('cas_user_default_role'), $userObj->getId(), true);
281 
282  unset($userObj);
283 
284  $this->setAuth($local_user);
285  }
286  } else {
287  // This should never occur unless CAS is not configured properly
288  $this->status = AUTH_WRONG_LOGIN;
289  }
290  }
291 
300  /*
301  function setAuth($username)
302  {
303  $session = &Auth::_importGlobalVariable('session');
304 
305  if (!isset($session[$this->_sessionName]) && !isset($_SESSION)) {
306  session_register($this->_sessionName);
307  }
308 
309  if (!isset($session[$this->_sessionName]) || !is_array($session[$this->_sessionName])) {
310  $session[$this->_sessionName] = array();
311  }
312 
313  if(!isset($session[$this->_sessionName]['data'])){
314  $session[$this->_sessionName]['data'] = array();
315  }
316  $session[$this->_sessionName]['registered'] = true;
317  $session[$this->_sessionName]['username'] = $username;
318  $session[$this->_sessionName]['timestamp'] = time();
319  $session[$this->_sessionName]['idle'] = time();
320  }
321  */
322 
334  public function logout()
335  {
336  parent::logout();
337  //PHPCAS::logout(); // CAS logout should be provided separately
338  // maybe on ILISA login screen
339  }
340 
347 /*
348  function getUsername()
349  {
350  $session = &$this->_importGlobalVariable('session');
351  if (!isset($session[$this->_sessionName]['username'])) {
352  return '';
353  }
354  return $session[$this->_sessionName]['username'];
355  }
356 */
357 
364 /*
365  function getStatus()
366  {
367 
368  return $status;
369  }
370 */
371 
379 /*
380  function &_importGlobalVariable($variable)
381  {
382  $var = null;
383 
384  switch (strtolower($variable)) {
385 
386  case 'server' :
387  if (isset($_SERVER)) {
388  $var = &$_SERVER;
389  } else {
390  $var = &$GLOBALS['HTTP_SERVER_VARS'];
391  }
392  break;
393 
394  case 'session' :
395  if (isset($_SESSION)) {
396  $var = &$_SESSION;
397  } else {
398  $var = &$GLOBALS['HTTP_SESSION_VARS'];
399  }
400  break;
401 
402  case 'post' :
403  if (isset($_POST)) {
404  $var = &$_POST;
405  } else {
406  $var = &$GLOBALS['HTTP_POST_VARS'];
407  }
408  break;
409 
410  case 'cookie' :
411  if (isset($_COOKIE)) {
412  $var = &$_COOKIE;
413  } else {
414  $var = &$GLOBALS['HTTP_COOKIE_VARS'];
415  }
416  break;
417 
418  case 'get' :
419  if (isset($_GET)) {
420  $var = &$_GET;
421  } else {
422  $var = &$GLOBALS['HTTP_GET_VARS'];
423  }
424  break;
425 
426  default:
427  break;
428 
429  }
430 
431  return $var;
432  }
433 */
434 } // END class.ilCASAuth
ilCASAuth\logout
logout()
Register variable in a session telling that the user has logged in successfully.
Definition: class.ilCASAuth.php:334
phpCAS\forceAuthentication
static forceAuthentication()
This method is called to force authentication if the user was not already authenticated.
Definition: CAS.php:1094
phpCAS\getUser
static getUser()
This method returns the CAS user&#39;s login name.
Definition: CAS.php:1175
ilCASAuth\__construct
__construct($a_params)
Constructor public.
Definition: class.ilCASAuth.php:43
IL_PASSWD_CRYPTED
const IL_PASSWD_CRYPTED
Definition: class.ilObjUser.php:5
ilCASAuth
Class CASAuth.
Definition: class.ilCASAuth.php:37
ilAuthUtils\_generateLogin
static _generateLogin($a_login)
generate free login by starting with a default string and adding postfix numbers
Definition: class.ilAuthUtils.php:415
AUTH_CAS_NO_ILIAS_USER
const AUTH_CAS_NO_ILIAS_USER
Definition: class.ilAuthUtils.php:45
CAS_VERSION_2_0
const CAS_VERSION_2_0
Definition: CAS.php:78
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
ilObjUser\_checkExternalAuthAccount
static _checkExternalAuthAccount($a_auth, $a_account, $tryFallback=true)
check whether external account and authentication method matches with a user
Definition: class.ilObjUser.php:3692
$ilSetting
global $ilSetting
Definition: privfeed.php:17
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
ilCASAuth\checkCASAuth
checkCASAuth()
check cas autehntication
Definition: class.ilCASAuth.php:73
phpCAS\client
static client($server_version, $server_hostname, $server_port, $server_uri, $changeSessionID=true)
phpCAS client initializer.
Definition: CAS.php:338
ilCASAuth\login
login()
Checks if the current user is authenticated yet public.
Definition: class.ilCASAuth.php:214