ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
class.ilStartUpGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4require_once 'Services/TermsOfService/classes/class.ilTermsOfServiceHelper.php';
5
16{
19
21 protected $ctrl;
22 protected $lng;
23 protected $logger;
24
28 public function __construct()
29 {
30 global $ilCtrl, $lng;
31
32 $this->ctrl = $ilCtrl;
33 $this->lng = $lng;
34 $this->lng->loadLanguageModule('auth');
35 $this->logger = ilLoggerFactory::getLogger('init');
36
37 $ilCtrl->saveParameter($this, array("rep_ref_id", "lang", "target", "client_id"));
38 }
39
44 public function executeCommand()
45 {
46 $cmd = $this->ctrl->getCmd("processIndexPHP", array('processIndexPHP','showLoginPage'));
47 $next_class = $this->ctrl->getNextClass($this);
48
49 switch ($next_class) {
50 case 'ilLoginPageGUI':
51 break;
52
53 case "ilaccountregistrationgui":
54 require_once("Services/Registration/classes/class.ilAccountRegistrationGUI.php");
55 return $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
56
57 case "ilpasswordassistancegui":
58 require_once("Services/Init/classes/class.ilPasswordAssistanceGUI.php");
59 return $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
60
61 default:
62 return $this->$cmd();
63 }
64 }
65
70 public function getLogger()
71 {
72 return $this->logger;
73 }
74
79 public function jumpToRegistration()
80 {
81 $this->ctrl->setCmdClass("ilaccountregistrationgui");
82 $this->ctrl->setCmd("");
83 $this->executeCommand();
84 }
85
90 public function jumpToPasswordAssistance()
91 {
92 $this->ctrl->setCmdClass("ilpasswordassistancegui");
93 $this->ctrl->setCmd("");
94 $this->executeCommand();
95 }
96
100 protected function showLoginPageOrStartupPage()
101 {
105 $auth_session = $GLOBALS['DIC']['ilAuthSession'];
106
107 $force_login = false;
108 if (
109 !is_array($_REQUEST['cmd']) &&
110 strcmp($_REQUEST['cmd'], 'force_login') === 0
111 ) {
112 $force_login = true;
113 }
114
115 if ($force_login) {
116 $this->logger->debug('Force login');
117 if ($auth_session->isValid()) {
118 $this->logger->debug('Valid session -> logout current user');
120 $auth_session->logout();
121
122 $GLOBALS['ilAppEventHandler']->raise(
123 'Services/Authentication',
124 'afterLogout',
125 array(
126 'username' => $GLOBALS['DIC']->user()->getLogin()
127 )
128 );
129 }
130 $this->logger->debug('Show login page');
131 return $this->showLoginPage();
132 }
133
137 if ($auth_session->isValid()) {
138 $this->logger->debug('Valid session -> redirect to starting page');
139 return ilInitialisation::redirectToStartingPage();
140 }
141 $this->logger->debug('No valid session -> show login');
142 $this->showLoginPage();
143 }
144
145
150 protected function showLoginPage(ilPropertyFormGUI $form = null)
151 {
152 global $tpl, $ilSetting;
153
154 $this->getLogger()->debug('Showing login page');
155
156 // try apache auth
157 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentialsApache.php';
158 $frontend = new ilAuthFrontendCredentialsApache();
159 $frontend->tryAuthenticationOnLoginPage();
160
161 // Instantiate login template
162 self::initStartUpTemplate("tpl.login.html");
163
164 $page_editor_html = $this->getLoginPageEditorHTML();
165 $page_editor_html = $this->showLoginInformation($page_editor_html);
166 $page_editor_html = $this->showLoginForm($page_editor_html, $form);
167 $page_editor_html = $this->showCASLoginForm($page_editor_html);
168 $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
169 $page_editor_html = $this->showSamlLoginForm($page_editor_html);
170 $page_editor_html = $this->showRegistrationLinks($page_editor_html);
171 $page_editor_html = $this->showTermsOfServiceLink($page_editor_html);
172
173 $page_editor_html = $this->purgePlaceholders($page_editor_html);
174
175 // not controlled by login page editor
176 $tpl->setVariable("PAGETITLE", "- " . $this->lng->txt("startpage"));
177 $tpl->setVariable("ILIAS_RELEASE", $ilSetting->get("ilias_version"));
178
179 $this->ctrl->setTargetScript("ilias.php");
180
181 // check expired session and send message
182 if ($GLOBALS['DIC']['ilAuthSession']->isExpired()) {
183 ilUtil::sendFailure($GLOBALS['lng']->txt('auth_err_expired'));
184 }
185
186
187 if (strlen($page_editor_html)) {
188 $tpl->setVariable('LPE', $page_editor_html);
189 }
190
191 $tpl->fillWindowTitle();
192 $tpl->fillCssFiles();
193 $tpl->fillJavaScriptFiles();
194 $tpl->show("DEFAULT", false);
195 }
196
203 protected function showLogin()
204 {
205 global $ilSetting, $ilAuth, $tpl, $ilias, $lng;
206
207 $this->getLogger()->warning('Using deprecated startup method');
208 $this->getLogger()->logStack(ilLogLevel::WARNING);
209
210 $status = $ilAuth->getStatus();
211 if ($status == "" && isset($_GET["auth_stat"])) {
212 $status = $_GET["auth_stat"];
213 }
214
215 if ($ilAuth->getAuth() && !$status) {
216 // deprecated?
217 if ($_GET["rep_ref_id"] != "") {
218 $_GET["ref_id"] = $_GET["rep_ref_id"];
219 }
220 include_once './Services/Init/classes/class.ilInitialisation.php';
221 ilInitialisation::redirectToStartingPage();
222 return;
223 }
224
225 // check for session cookies enabled
226 if (!isset($_COOKIE['iltest'])) {
227 if (empty($_GET['cookies'])) {
228 $additional_params = '';
229 ilUtil::setCookie("iltest", "cookie", false);
230 ilUtil::redirect("login.php?target=" . $_GET["target"] . "&soap_pw=" . $_GET["soap_pw"] .
231 "&ext_uid=" . $_GET["ext_uid"] . "&cookies=nocookies&client_id=" .
232 rawurlencode(CLIENT_ID) . "&lang=" . $lng->getLangKey() . $additional_params);
233 } else {
234 $_COOKIE['iltest'] = "";
235 }
236 } else {
237 unset($_GET['cookies']);
238 }
239
240 if ($ilSetting->get("shib_active") && $ilSetting->get("shib_hos_type")) {
241 require_once "./Services/AuthShibboleth/classes/class.ilShibbolethWAYF.php";
242 // Check if we user selects Home Organization
243 $WAYF = new ShibWAYF();
244 }
245
246 if (isset($WAYF) && $WAYF->is_selection()) {
247 if ($WAYF->is_valid_selection()) {
248 // Set cookie
249 $WAYF->setSAMLCookie();
250
251 // Redirect
252 $WAYF->redirect();
253 }
254 }
255
256 $failure = $success = null;
257
258 // :TODO: handle internally?
259 if (isset($_GET['reg_confirmation_msg']) && strlen(trim($_GET['reg_confirmation_msg']))) {
260 $lng->loadLanguageModule('registration');
261 if ($_GET['reg_confirmation_msg'] == 'reg_account_confirmation_successful') {
262 $success = $lng->txt(trim($_GET['reg_confirmation_msg']));
263 } else {
264 $failure = $lng->txt(trim($_GET['reg_confirmation_msg']));
265 }
266 } elseif (isset($_GET['reached_session_limit']) && $_GET['reached_session_limit']) {
267 $failure = $lng->txt("reached_session_limit");
268 } elseif (isset($_GET['accdel']) && $_GET['accdel']) {
269 $lng->loadLanguageModule('user');
270 $failure = $lng->txt("user_account_deleted_confirmation");
271 }
272
273 if (!empty($status)) {
274 switch ($status) {
275 case AUTH_IDLED:
276 // lang variable err_idled not existing
277 // $tpl->setVariable(TXT_MSG_LOGIN_FAILED, $lng->txt("err_idled"));
278 // fallthrough
279
280 case AUTH_EXPIRED:
281 $failure = $lng->txt("err_session_expired");
282 break;
283
285 $failure = $lng->txt("err_auth_cas_no_ilias_user");
286 break;
287
289 $failure = $lng->txt("err_auth_soap_no_ilias_user");
290 break;
291
293 $failure = $lng->txt("err_auth_ldap_no_ilias_user");
294 break;
295
297 $failure = $lng->txt("err_auth_radius_no_ilias_user");
298 break;
299
301 $failure = $lng->txt("err_auth_mode_inactive");
302 break;
303
305 $failure = $lng->txt("err_auth_apache_failed");
306 break;
307 case AUTH_SAML_FAILED:
308 $lng->loadLanguageModule('auth');
309 $failure = $lng->txt("err_auth_saml_failed");
310 break;
312 $lng->loadLanguageModule('cptch');
314 $ilAuth->logout();
315 session_destroy();
316 $failure = $lng->txt("cptch_wrong_input");
317 break;
318
319 // special cases: extended user validation failed
320 // ilAuth was successful, so we have to logout here
321
324 $ilAuth->logout();
325 session_destroy();
326
327 $failure = sprintf($lng->txt('wrong_ip_detected'), $_SERVER['REMOTE_ADDR']);
328 break;
329
332 $ilAuth->logout();
333 session_destroy();
334
335 $failure = $lng->txt("simultaneous_login_detected");
336 break;
337
340 $username = $ilAuth->getExceededUserName(); // #16327
341 $ilAuth->logout();
342
343 // user could reactivate by code?
344 if ($ilSetting->get('user_reactivate_code')) {
345 return $this->showCodeForm($username);
346 }
347
348 session_destroy();
349
350 $failure = $lng->txt("time_limit_reached");
351 break;
352
355 $ilAuth->logout();
356 session_destroy();
357
358 $failure = $lng->txt("err_inactive");
359 break;
360
361 // special cases end
362
363
364 case AUTH_WRONG_LOGIN:
365 default:
366 $add = "";
367 $auth_error = $ilias->getAuthError();
368 if (is_object($auth_error)) {
369 $add = "<br>" . $auth_error->getMessage();
370 }
371 $failure = $lng->txt("err_wrong_login") . $add;
372 break;
373 }
374 }
375
376 if (isset($_GET['cu']) && $_GET['cu']) {
377 $lng->loadLanguageModule("auth");
378 $success = $lng->txt("auth_account_code_used");
379 }
380
381
382 // --- render
383
384 // Instantiate login template
385 self::initStartUpTemplate("tpl.login.html");
386
387 // we need the template for this
388 if ($failure) {
390 } elseif ($success) {
392 }
393
394 // Draw single page editor elements
395 $page_editor_html = $this->getLoginPageEditorHTML();
396 $page_editor_html = $this->showLoginInformation($page_editor_html);
397 $page_editor_html = $this->showLoginForm($page_editor_html);
398 $page_editor_html = $this->showCASLoginForm($page_editor_html);
399 $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
400 $page_editor_html = $this->showSamlLoginForm($page_editor_html);
401 $page_editor_html = $this->showRegistrationLinks($page_editor_html);
402 $page_editor_html = $this->showTermsOfServiceLink($page_editor_html);
403 $page_editor_html = $this->purgePlaceholders($page_editor_html);
404
405 // not controlled by login page editor
406 $tpl->setVariable("PAGETITLE", "- " . $lng->txt("startpage"));
407 $tpl->setVariable("ILIAS_RELEASE", $ilSetting->get("ilias_version"));
408
409 $this->ctrl->setTargetScript("ilias.php");
410 $tpl->setVariable("PHP_SELF", $_SERVER['PHP_SELF']);
411
412 // browser does not accept cookies
413 if (isset($_GET['cookies']) && $_GET['cookies'] == 'nocookies') {
414 ilUtil::sendFailure($lng->txt("err_no_cookies"));
415 }
416
417 if (strlen($page_editor_html)) {
418 $tpl->setVariable('LPE', $page_editor_html);
419 }
420
421 $tpl->fillWindowTitle();
422 $tpl->fillCssFiles();
423 $tpl->fillJavaScriptFiles();
424
425 $tpl->show("DEFAULT", false);
426 }
427
428 protected function showCodeForm($a_username = null, $a_form = null)
429 {
430 global $tpl, $lng;
431
432 self::initStartUpTemplate("tpl.login_reactivate_code.html");
433
434 ilUtil::sendFailure($lng->txt("time_limit_reached"));
435
436 if (!$a_form) {
437 $a_form = $this->initCodeForm($a_username);
438 }
439
440 $tpl->setVariable("FORM", $a_form->getHTML());
441 $tpl->show("DEFAULT", false);
442 }
443
444 protected function initCodeForm($a_username)
445 {
446 global $lng, $ilCtrl;
447
448 $lng->loadLanguageModule("auth");
449
450 include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
451
452 $form = new ilPropertyFormGUI();
453 $form->setFormAction($ilCtrl->getFormAction($this, 'showcodeform'));
454 $form->setTitle($lng->txt('auth_account_code_title'));
455
456 $count = new ilTextInputGUI($lng->txt('auth_account_code'), 'code');
457 $count->setRequired(true);
458 $count->setInfo($lng->txt('auth_account_code_info'));
459 $form->addItem($count);
460
461 // #11658
462 $uname = new ilHiddenInputGUI("uname");
463 $uname->setValue($a_username);
464 $form->addItem($uname);
465
466 $form->addCommandButton('processCode', $lng->txt('send'));
467
468 return $form;
469 }
470
478 protected function processCode()
479 {
480 global $lng, $ilAuth, $ilCtrl;
481
482 $uname = $_POST["uname"];
483
484 $form = $this->initCodeForm($uname);
485 if ($uname && $form->checkInput()) {
486 $code = $form->getInput("code");
487
488 include_once "Services/User/classes/class.ilAccountCode.php";
491
492 if (!$user_id = ilObjUser::_lookupId($uname)) {
493 $this->showLogin();
494 return false;
495 }
496
497 $invalid_code = false;
498 $user = new ilObjUser($user_id);
499
500 if ($valid_until === "0") {
501 $user->setTimeLimitUnlimited(true);
502 } else {
503 if (is_numeric($valid_until)) {
504 $valid_until = strtotime("+" . $valid_until . "days");
505 } else {
506 $valid_until = explode("-", $valid_until);
507 $valid_until = mktime(
508 23,
509 59,
510 59,
511 $valid_until[1],
512 $valid_until[2],
513 $valid_until[0]
514 );
515 if ($valid_until < time()) {
516 $invalid_code = true;
517 }
518 }
519
520 if (!$invalid_code) {
521 $user->setTimeLimitUnlimited(false);
522 $user->setTimeLimitUntil($valid_until);
523 }
524 }
525
526 if (!$invalid_code) {
527 $user->setActive(true);
528
530
531 // apply registration code role assignments
533
534 // apply registration code time limits
536
537 $user->update();
538
539 $ilCtrl->setParameter($this, "cu", 1);
540 $GLOBALS['DIC']->language()->loadLanguageModule('auth');
541 ilUtil::sendSuccess($GLOBALS['DIC']->language()->txt('auth_activation_code_success'), true);
542 $ilCtrl->redirect($this, "showLoginPage");
543 }
544 }
545
546 $lng->loadLanguageModule("user");
547 $field = $form->getItemByPostVar("code");
548 $field->setAlert($lng->txt("user_account_code_not_valid"));
549 }
550
551 $form->setValuesByPost();
552 $this->showCodeForm($uname, $form);
553 }
554
555
560 protected function initStandardLoginForm()
561 {
562 include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
563 $form = new ilPropertyFormGUI();
564 $form->setFormAction($this->ctrl->getFormAction($this, ''));
565 $form->setName("formlogin");
566 $form->setShowTopButtons(false);
567 $form->setTitle($this->lng->txt("login_to_ilias"));
568
569 include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
571
572 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
573 $visible_auth_methods = array();
574 $radg = new ilRadioGroupInputGUI($this->lng->txt("auth_selection"), "auth_mode");
575 foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
576 if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
577 continue;
578 }
579
580 $op1 = new ilRadioOption($option['txt'], $key);
581 $radg->addOption($op1);
582 if (isset($option['checked'])) {
583 $radg->setValue($key);
584 }
585 $visible_auth_methods[] = $op1;
586 }
587
588 if (count($visible_auth_methods) == 1) {
589 $first_auth_method = current($visible_auth_methods);
590 $hidden_auth_method = new ilHiddenInputGUI("auth_mode");
591 $hidden_auth_method->setValue($first_auth_method->getValue());
592 $form->addItem($hidden_auth_method);
593 } else {
594 $form->addItem($radg);
595 }
596 }
597
598 $ti = new ilTextInputGUI($this->lng->txt("username"), "username");
599 $ti->setSize(20);
600 $ti->setRequired(true);
601 $form->addItem($ti);
602
603 $pi = new ilPasswordInputGUI($this->lng->txt("password"), "password");
604 $pi->setUseStripSlashes(false);
605 $pi->setRetype(false);
606 $pi->setSkipSyntaxCheck(true);
607 $pi->setSize(20);
608 $pi->setDisableHtmlAutoComplete(false);
609 $pi->setRequired(true);
610 $form->addItem($pi);
611
612 require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
613 if (ilCaptchaUtil::isActiveForLogin()) {
614 require_once 'Services/Captcha/classes/class.ilCaptchaInputGUI.php';
615 $captcha = new ilCaptchaInputGUI($this->lng->txt('captcha_code'), 'captcha_code');
616 $captcha->setRequired(true);
617 $form->addItem($captcha);
618 }
619
620 $form->addCommandButton("doStandardAuthentication", $this->lng->txt("log_in"));
621
622 return $form;
623 }
624
628 protected function doShibbolethAuthentication()
629 {
630 $this->getLogger()->debug('Trying shibboleth authentication');
631
632 include_once './Services/AuthShibboleth/classes/class.ilAuthFrontendCredentialsShibboleth.php';
633 $credentials = new ilAuthFrontendCredentialsShibboleth();
634 $credentials->initFromRequest();
635
636 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
637 $provider_factory = new ilAuthProviderFactory();
638 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_SHIBBOLETH);
639
640 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
641 $status = ilAuthStatus::getInstance();
642
643 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
644 $frontend_factory = new ilAuthFrontendFactory();
645 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
646 $frontend = $frontend_factory->getFrontend(
647 $GLOBALS['DIC']['ilAuthSession'],
648 $status,
649 $credentials,
650 array($provider)
651 );
652
653 $frontend->authenticate();
654
655 switch ($status->getStatus()) {
657 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
658 include_once './Services/Init/classes/class.ilInitialisation.php';
659 ilInitialisation::redirectToStartingPage();
660 return;
661
663 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
664
666 ilUtil::sendFailure($status->getTranslatedReason(), true);
667 $GLOBALS['ilCtrl']->redirect($this, 'showLoginPage');
668 return false;
669 }
670
671 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
672 $this->showLoginPage();
673 return false;
674 }
675
679 protected function doCasAuthentication()
680 {
681 global $DIC;
682
683 $this->getLogger()->debug('Trying cas authentication');
684
685 include_once './Services/CAS/classes/class.ilAuthFrontendCredentialsCAS.php';
686 $credentials = new ilAuthFrontendCredentialsCAS();
687
688 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
689 $provider_factory = new ilAuthProviderFactory();
690 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_CAS);
691
692 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
693 $status = ilAuthStatus::getInstance();
694
695 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
696 $frontend_factory = new ilAuthFrontendFactory();
697 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
698 $frontend = $frontend_factory->getFrontend(
699 $GLOBALS['DIC']['ilAuthSession'],
700 $status,
701 $credentials,
702 array($provider)
703 );
704
705 $frontend->authenticate();
706 switch ($status->getStatus()) {
708 $this->getLogger()->debug('Authentication successful.');
709 ilInitialisation::redirectToStartingPage();
710 break;
711
713 default:
714 ilUtil::sendFailure($DIC->language()->txt($status->getReason()));
715 $this->showLoginPage();
716 return false;
717 }
718 }
719
723 protected function doLTIAuthentication()
724 {
725 $this->getLogger()->debug('Trying lti authentication');
726
727 $credentials = new ilAuthFrontendCredentialsLTI();
728 $credentials->initFromRequest();
729
730 $provider_factory = new ilAuthProviderFactory();
731 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_LTI_PROVIDER);
732
733 $status = ilAuthStatus::getInstance();
734
735 $frontend_factory = new ilAuthFrontendFactory();
736 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
737 $frontend = $frontend_factory->getFrontend(
738 $GLOBALS['DIC']['ilAuthSession'],
739 $status,
740 $credentials,
741 array($provider)
742 );
743
744 $frontend->authenticate();
745
746 switch ($status->getStatus()) {
748 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
749 ilInitialisation::redirectToStartingPage();
750 return;
751
753 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
754
756 ilUtil::sendFailure($GLOBALS['lng']->txt($status->getReason()), true);
757 $GLOBALS['ilCtrl']->redirect($this, 'showLoginPage');
758 return false;
759 }
760
761 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
762 $this->showLoginPage();
763 return false;
764 }
765
766
770 protected function doApacheAuthentication()
771 {
772 $this->getLogger()->debug('Trying apache authentication');
773
774 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentialsApache.php';
775 $credentials = new ilAuthFrontendCredentialsApache();
776 $credentials->initFromRequest();
777
778 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
779 $provider_factory = new ilAuthProviderFactory();
780 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_APACHE);
781
782 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
783 $status = ilAuthStatus::getInstance();
784
785 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
786 $frontend_factory = new ilAuthFrontendFactory();
787 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
788 $frontend = $frontend_factory->getFrontend(
789 $GLOBALS['DIC']['ilAuthSession'],
790 $status,
791 $credentials,
792 array($provider)
793 );
794
795 $frontend->authenticate();
796
797 switch ($status->getStatus()) {
799 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
800 if ($credentials->hasValidTargetUrl()) {
801 ilUtil::redirect($credentials->getTargetUrl());
802 } else {
803 require_once './Services/Init/classes/class.ilInitialisation.php';
804 ilInitialisation::redirectToStartingPage();
805 }
806 return;
807
809 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
810
812 ilUtil::sendFailure($status->getTranslatedReason(), true);
815 $GLOBALS['ilCtrl']->getLinkTarget($this, 'showLoginPage', '', false, false),
816 'passed_sso=1'
817 )
818 );
819 return false;
820 }
821
822 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
823 $this->showLoginPage();
824 return false;
825 }
826
830 protected function doStandardAuthentication()
831 {
832 $form = $this->initStandardLoginForm();
833 if ($form->checkInput()) {
834 $this->getLogger()->debug('Trying to authenticate user.');
835
836 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
837 $credentials = new ilAuthFrontendCredentials();
838 $credentials->setUsername($form->getInput('username'));
839 $credentials->setPassword($form->getInput('password'));
840 $credentials->setCaptchaCode($form->getInput('captcha_code'));
841
842 // set chosen auth mode
843 include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
845 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
846 $credentials->setAuthMode($form->getInput('auth_mode'));
847 }
848
849 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
850 $provider_factory = new ilAuthProviderFactory();
851 $providers = $provider_factory->getProviders($credentials);
852
853 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
854 $status = ilAuthStatus::getInstance();
855
856 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
857 $frontend_factory = new ilAuthFrontendFactory();
858 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
859 $frontend = $frontend_factory->getFrontend(
860 $GLOBALS['DIC']['ilAuthSession'],
861 $status,
862 $credentials,
863 $providers
864 );
865
866 $frontend->authenticate();
867
868 switch ($status->getStatus()) {
870 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
871 include_once './Services/Init/classes/class.ilInitialisation.php';
872 ilInitialisation::redirectToStartingPage();
873 return;
874
876 return $this->showCodeForm(ilObjUser::_lookupLogin($status->getAuthenticatedUserId()));
877
879 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
880
882 ilUtil::sendFailure($status->getTranslatedReason());
883 return $this->showLoginPage($form);
884 }
885 }
886 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
887 $this->showLoginPage($form);
888 return false;
889 }
890
891
892
893
894
900 protected function showLoginForm($page_editor_html, ilPropertyFormGUI $form = null)
901 {
902 global $ilSetting,$lng,$tpl;
903
904 // @todo move this to auth utils.
905 // login via ILIAS (this also includes radius and ldap)
906 // If local authentication is enabled for shibboleth users, we
907 // display the login form for ILIAS here.
908 if (($ilSetting->get("auth_mode") != AUTH_SHIBBOLETH ||
909 $ilSetting->get("shib_auth_allow_local")) &&
910 $ilSetting->get("auth_mode") != AUTH_CAS) {
911 if (!$form instanceof ilPropertyFormGUI) {
912 $form = $this->initStandardLoginForm();
913 }
914
915 return $this->substituteLoginPageElements(
916 $tpl,
917 $page_editor_html,
918 $form->getHTML(),
919 '[list-login-form]',
920 'LOGIN_FORM'
921 );
922 }
923 return $page_editor_html;
924 }
925
931 protected function showLoginInformation($page_editor_html)
932 {
933 global $lng,$tpl;
934
935 if (strlen($page_editor_html)) {
936 // page editor active return
937 return $page_editor_html;
938 }
939
940 $loginSettings = new ilSetting("login_settings");
941 $information = $loginSettings->get("login_message_" . $lng->getLangKey());
942
943 if (strlen(trim($information))) {
944 $tpl->setVariable("TXT_LOGIN_INFORMATION", $information);
945 }
946 return $page_editor_html;
947 }
948
955 protected function showCASLoginForm($page_editor_html)
956 {
957 global $ilSetting, $lng;
958
959
960 // cas login link
961 if ($ilSetting->get("cas_active")) {
962 $tpl = new ilTemplate('tpl.login_form_cas.html', true, true, 'Services/Init');
963 $tpl->setVariable("TXT_CAS_LOGIN", $lng->txt("login_to_ilias_via_cas"));
964 $tpl->setVariable("TXT_CAS_LOGIN_BUTTON", ilUtil::getImagePath("cas_login_button.png"));
965 $tpl->setVariable("TXT_CAS_LOGIN_INSTRUCTIONS", $ilSetting->get("cas_login_instructions"));
966 $this->ctrl->setParameter($this, "forceCASLogin", "1");
967 $tpl->setVariable("TARGET_CAS_LOGIN", $this->ctrl->getLinkTarget($this, "doCasAuthentication"));
968 $this->ctrl->setParameter($this, "forceCASLogin", "");
969
970 return $this->substituteLoginPageElements(
971 $GLOBALS['tpl'],
972 $page_editor_html,
973 $tpl->get(),
974 '[list-cas-login-form]',
975 'CAS_LOGIN_FORM'
976 );
977 }
978 return $page_editor_html;
979 }
980
986 protected function showShibbolethLoginForm($page_editor_html)
987 {
988 global $ilSetting, $lng;
989
990 // Refactoring with ilFormPropertyGUI
991 // [...]
992
993 // shibboleth login link
994 if ($ilSetting->get("shib_active")) {
995 $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'Services/Init');
996
997 $tpl->setVariable('SHIB_FORMACTION', './shib_login.php'); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
998
999 if ($ilSetting->get("shib_hos_type") == 'external_wayf') {
1000 $tpl->setCurrentBlock("shibboleth_login");
1001 $tpl->setVariable("TXT_SHIB_LOGIN", $lng->txt("login_to_ilias_via_shibboleth"));
1002 $tpl->setVariable("IL_TARGET", $_GET["target"]);
1003 $tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $ilSetting->get("shib_federation_name"));
1004 $tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $ilSetting->get("shib_login_button"));
1005 $tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", sprintf($lng->txt("shib_general_login_instructions"), $ilSetting->get("shib_federation_name")) . ' <a href="mailto:' . $ilSetting->get("admin_email") . '">ILIAS ' . $lng->txt("administrator") . '</a>.');
1006 $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $ilSetting->get("shib_login_instructions"));
1007 $tpl->parseCurrentBlock();
1008 } elseif ($ilSetting->get("shib_hos_type") == 'embedded_wayf') {
1009 $tpl->setCurrentBlock("shibboleth_custom_login");
1010 $customInstructions = stripslashes($ilSetting->get("shib_login_instructions"));
1011 $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $customInstructions);
1012 $tpl->parseCurrentBlock();
1013 } else {
1014 $tpl->setCurrentBlock("shibboleth_wayf_login");
1015 $tpl->setVariable("TXT_SHIB_LOGIN", $lng->txt("login_to_ilias_via_shibboleth"));
1016 $tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $ilSetting->get("shib_federation_name"));
1017 $tpl->setVariable("TXT_SELECT_HOME_ORGANIZATION", sprintf($lng->txt("shib_select_home_organization"), $ilSetting->get("shib_federation_name")));
1018 $tpl->setVariable("TXT_CONTINUE", $lng->txt("btn_next"));
1019 $tpl->setVariable("TXT_SHIB_HOME_ORGANIZATION", $lng->txt("shib_home_organization"));
1020 $tpl->setVariable("TXT_SHIB_LOGIN_INSTRUCTIONS", $lng->txt("shib_general_wayf_login_instructions") . ' <a href="mailto:' . $ilSetting->get("admin_email") . '">ILIAS ' . $lng->txt("administrator") . '</a>.');
1021 $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $ilSetting->get("shib_login_instructions"));
1022
1023 require_once "./Services/AuthShibboleth/classes/class.ilShibbolethWAYF.php";
1024 $WAYF = new ShibWAYF();
1025
1026 $tpl->setVariable("TXT_SHIB_INVALID_SELECTION", $WAYF->showNotice());
1027 $tpl->setVariable("SHIB_IDP_LIST", $WAYF->generateSelection());
1028 $tpl->setVariable("ILW_TARGET", $_GET["target"]);
1029 $tpl->parseCurrentBlock();
1030 }
1031
1032 return $this->substituteLoginPageElements($GLOBALS['tpl'], $page_editor_html, $tpl->get(), '[list-shibboleth-login-form]', 'SHIB_LOGIN_FORM');
1033 }
1034
1035 return $page_editor_html;
1036 }
1037
1038
1048 protected function substituteLoginPageElements($tpl, $page_editor_html, $element_html, $placeholder, $fallback_tplvar)
1049 {
1050 if (!strlen($page_editor_html)) {
1051 $tpl->setVariable($fallback_tplvar, $element_html);
1052 return $page_editor_html;
1053 }
1054 // Try to replace placeholders
1055 if (!stristr($page_editor_html, $placeholder)) {
1056 $tpl->setVariable($fallback_tplvar, $element_html);
1057 return $page_editor_html;
1058 }
1059 return str_replace($placeholder, $element_html, $page_editor_html);
1060 }
1061
1066 protected function getLoginPageEditorHTML()
1067 {
1068 global $lng, $tpl;
1069
1070 include_once './Services/Authentication/classes/class.ilAuthLoginPageEditorSettings.php';
1072 $active_lang = $lpe->getIliasEditorLanguage($lng->getLangKey());
1073
1074 if (!$active_lang) {
1075 return '';
1076 }
1077
1078 // if page does not exist, return nothing
1079 include_once './Services/COPage/classes/class.ilPageUtil.php';
1080 if (!ilPageUtil::_existsAndNotEmpty('auth', ilLanguage::lookupId($active_lang))) {
1081 return '';
1082 }
1083
1084 include_once './Services/Authentication/classes/class.ilLoginPage.php';
1085 include_once './Services/Authentication/classes/class.ilLoginPageGUI.php';
1086
1087 include_once("./Services/Style/Content/classes/class.ilObjStyleSheet.php");
1088 $tpl->setVariable("LOCATION_CONTENT_STYLESHEET", ilObjStyleSheet::getContentStylePath(0));
1089 $tpl->setCurrentBlock("SyntaxStyle");
1090 $tpl->setVariable("LOCATION_SYNTAX_STYLESHEET", ilObjStyleSheet::getSyntaxStylePath());
1091 $tpl->parseCurrentBlock();
1092
1093 // get page object
1094 $page_gui = new ilLoginPageGUI(ilLanguage::lookupId($active_lang));
1095
1096 include_once("./Services/Style/Content/classes/class.ilObjStyleSheet.php");
1097 $page_gui->setStyleId(0, 'auth');
1098
1099 $page_gui->setPresentationTitle("");
1100 $page_gui->setTemplateOutput(false);
1101 $page_gui->setHeader("");
1102 $ret = $page_gui->showPage();
1103
1104 return $ret;
1105 }
1106
1115 protected function showRegistrationLinks($page_editor_html)
1116 {
1117 global $lng, $ilSetting, $ilIliasIniFile, $ilAccess;
1118
1119 $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'Services/Init');
1120
1121 // allow new registrations?
1122 include_once 'Services/Registration/classes/class.ilRegistrationSettings.php';
1124 $rtpl->setCurrentBlock("new_registration");
1125 $rtpl->setVariable("REGISTER", $lng->txt("registration"));
1126 $rtpl->setVariable(
1127 "CMD_REGISTER",
1128 $this->ctrl->getLinkTargetByClass("ilaccountregistrationgui", "")
1129 );
1130 $rtpl->parseCurrentBlock();
1131 }
1132 // allow password assistance? Surpress option if Authmode is not local database
1133 if ($ilSetting->get("password_assistance")) {
1134 $rtpl->setCurrentBlock("password_assistance");
1135 $rtpl->setVariable("FORGOT_PASSWORD", $lng->txt("forgot_password"));
1136 $rtpl->setVariable("FORGOT_USERNAME", $lng->txt("forgot_username"));
1137 $rtpl->setVariable(
1138 "CMD_FORGOT_PASSWORD",
1139 $this->ctrl->getLinkTargetByClass("ilpasswordassistancegui", "")
1140 );
1141 $rtpl->setVariable(
1142 "CMD_FORGOT_USERNAME",
1143 $this->ctrl->getLinkTargetByClass("ilpasswordassistancegui", "showUsernameAssistanceForm")
1144 );
1145 $rtpl->setVariable("LANG_ID", $lng->getLangKey());
1146 $rtpl->parseCurrentBlock();
1147 }
1148
1149 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1150 $ilAccess->checkAccessOfUser(ANONYMOUS_USER_ID, "read", "", ROOT_FOLDER_ID)) {
1151 $rtpl->setCurrentBlock("homelink");
1152 $rtpl->setVariable("CLIENT_ID", "?client_id=" . $_COOKIE["ilClientId"] . "&lang=" . $lng->getLangKey());
1153 $rtpl->setVariable("TXT_HOME", $lng->txt("home"));
1154 $rtpl->parseCurrentBlock();
1155 }
1156
1157 if ($ilIliasIniFile->readVariable("clients", "list")) {
1158 $rtpl->setCurrentBlock("client_list");
1159 $rtpl->setVariable("TXT_CLIENT_LIST", $lng->txt("to_client_list"));
1160 $rtpl->setVariable("CMD_CLIENT_LIST", $this->ctrl->getLinkTarget($this, "showClientList"));
1161 $rtpl->parseCurrentBlock();
1162 }
1163
1164 return $this->substituteLoginPageElements(
1165 $GLOBALS['tpl'],
1166 $page_editor_html,
1167 $rtpl->get(),
1168 '[list-registration-link]',
1169 'REG_PWD_CLIENT_LINKS'
1170 );
1171 }
1172
1178 protected function showTermsOfServiceLink($page_editor_html)
1179 {
1183 global $lng;
1184
1185
1186 require_once 'Services/TermsOfService/classes/class.ilTermsOfServiceSignableDocumentFactory.php';
1188 if (ilTermsOfServiceHelper::isEnabled() && $document->exists()) {
1189 $utpl = new ilTemplate('tpl.login_terms_of_service_link.html', true, true, 'Services/Init');
1190 $utpl->setVariable('TXT_TERMS_OF_SERVICE', $lng->txt('usr_agreement'));
1191 $utpl->setVariable('LINK_TERMS_OF_SERVICE', $this->ctrl->getLinkTarget($this, 'showTermsOfService'));
1192
1193 return $this->substituteLoginPageElements(
1194 $GLOBALS['tpl'],
1195 $page_editor_html,
1196 $utpl->get(),
1197 '[list-user-agreement]',
1198 'USER_AGREEMENT'
1199 );
1200 }
1201
1202 return $this->substituteLoginPageElements(
1203 $GLOBALS['tpl'],
1204 $page_editor_html,
1205 '',
1206 '[list-user-agreement]',
1207 'USER_AGREEMENT'
1208 );
1209 }
1210
1216 protected function purgePlaceholders($page_editor_html)
1217 {
1218 return str_replace(
1219 array(
1220 '[list-language-selection] ',
1221 '[list-registration-link]',
1222 '[list-user-agreement]',
1223 '[list-login-form]',
1224 '[list-cas-login-form]',
1225 '[list-shibboleth-login-form]'
1226 ),
1227 array('','','','','','',''),
1228 $page_editor_html
1229 );
1230 }
1231
1236 public function showAccountMigration($a_message = '')
1237 {
1242 global $tpl, $lng;
1243
1244 $lng->loadLanguageModule('auth');
1245 self::initStartUpTemplate('tpl.login_account_migration.html');
1246
1247 include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
1248 $form = new ilPropertyFormGUI();
1249 $form->setFormAction($this->ctrl->getFormAction($this, 'migrateAccount'));
1250
1251 $form->setTitle($lng->txt('auth_account_migration'));
1252 $form->addCommandButton('migrateAccount', $lng->txt('save'));
1253 $form->addCommandButton('showLogin', $lng->txt('cancel'));
1254
1255 $rad = new ilRadioGroupInputGUI($lng->txt('auth_account_migration_name'), 'account_migration');
1256 $rad->setValue(1);
1257
1258 $keep = new ilRadioOption(
1259 $lng->txt('auth_account_migration_keep'),
1260 static::ACCOUNT_MIGRATION_MIGRATE,
1261 $lng->txt('auth_info_migrate')
1262 );
1263 $user = new ilTextInputGUI($lng->txt('login'), 'mig_username');
1264 $user->setRequired(true);
1265 $user->setValue(ilUtil::prepareFormOutput($_POST['mig_username']));
1266 $user->setSize(32);
1267 $user->setMaxLength(128);
1268 $keep->addSubItem($user);
1269
1270 $pass = new ilPasswordInputGUI($lng->txt('password'), 'mig_password');
1271 $pass->setRetype(false);
1272 $pass->setRequired(true);
1273 $pass->setValue(ilUtil::prepareFormOutput($_POST['mig_password']));
1274 $pass->setSize(12);
1275 $pass->setMaxLength(128);
1276 $keep->addSubItem($pass);
1277 $rad->addOption($keep);
1278
1279 $new = new ilRadioOption(
1280 $lng->txt('auth_account_migration_new'),
1281 static::ACCOUNT_MIGRATION_NEW,
1282 $lng->txt('auth_info_add')
1283 );
1284 $rad->addOption($new);
1285
1286 $form->addItem($rad);
1287
1288 $tpl->setVariable('MIG_FORM', $form->getHTML());
1289
1290 if (strlen($a_message)) {
1291 ilUtil::sendFailure($a_message);
1292 }
1293
1294 $tpl->show('DEFAULT');
1295 }
1296
1301 protected function migrateAccount()
1302 {
1303 if (!isset($_POST['account_migration'])) {
1304 $this->showAccountMigration(
1305 $GLOBALS['DIC']->language()->txt('err_choose_migration_type')
1306 );
1307 return false;
1308 }
1309
1310 if (
1311 ($_POST['account_migration'] == self::ACCOUNT_MIGRATION_MIGRATE) &&
1312 (!strlen($_POST['mig_username']) || !strlen($_POST['mig_password']))
1313 ) {
1314 $this->showAccountMigration(
1315 $GLOBALS['DIC']->language()->txt('err_wrong_login')
1316 );
1317 return false;
1318 }
1319
1320 if ((int) $_POST['account_migration'] == self::ACCOUNT_MIGRATION_MIGRATE) {
1321 return $this->doMigration();
1322 }
1323 if ((int) $_POST['account_migration'] == static::ACCOUNT_MIGRATION_NEW) {
1324 return $this->doMigrationNewAccount();
1325 }
1326 }
1327
1331 protected function doMigrationNewAccount()
1332 {
1333 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontend.php';
1334
1335 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
1336 $credentials = new ilAuthFrontendCredentials();
1337 $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1338
1339 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
1340 $provider_factory = new ilAuthProviderFactory();
1341 $provider = $provider_factory->getProviderByAuthMode($credentials, ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE));
1342
1343 $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1344
1345 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
1346 $status = ilAuthStatus::getInstance();
1347
1348 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
1349 $frontend_factory = new ilAuthFrontendFactory();
1350 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1351 $frontend = $frontend_factory->getFrontend(
1352 $GLOBALS['DIC']['ilAuthSession'],
1353 $status,
1354 $credentials,
1355 array($provider)
1356 );
1357
1358 if ($frontend->migrateAccountNew()) {
1359 include_once './Services/Init/classes/class.ilInitialisation.php';
1360 ilInitialisation::redirectToStartingPage();
1361 }
1362
1363 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
1364 $this->ctrl->redirect($this, 'showAccountMigration');
1365 }
1366
1367
1368
1369
1373 protected function doMigration()
1374 {
1375 include_once './Services/Authentication/classes/class.ilAuthFactory.php';
1376
1377 $this->logger->debug('Starting account migration for user: ' . (string) ilSession::get('mig_ext_account'));
1378
1379 // try database authentication
1380 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
1381 $credentials = new ilAuthFrontendCredentials();
1382 $credentials->setUsername((string) $_POST['mig_username']);
1383 $credentials->setPassword((string) $_POST['mig_password']);
1384
1385 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
1386 $provider_factory = new ilAuthProviderFactory();
1387 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_LOCAL);
1388
1389 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
1390 $status = ilAuthStatus::getInstance();
1391
1392 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
1393 $frontend_factory = new ilAuthFrontendFactory();
1394 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1395 $frontend = $frontend_factory->getFrontend(
1396 $GLOBALS['DIC']['ilAuthSession'],
1397 $status,
1398 $credentials,
1399 array($provider)
1400 );
1401
1402 $frontend->authenticate();
1403
1404 switch ($status->getStatus()) {
1406 $this->getLogger()->debug('Account migration: authentication successful for ' . (string) $_POST['mig_username']);
1407
1408 $provider = $provider_factory->getProviderByAuthMode(
1409 $credentials,
1411 );
1412 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1413 $frontend = $frontend_factory->getFrontend(
1414 $GLOBALS['DIC']['ilAuthSession'],
1415 $status,
1416 $credentials,
1417 array($provider)
1418 );
1419 if (
1420 $frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])
1421 ) {
1422 include_once './Services/Init/classes/class.ilInitialisation.php';
1423 ilInitialisation::redirectToStartingPage();
1424 } else {
1425 ilUtil::sendFailure($this->lng->txt('err_wrong_login'), true);
1426 $this->ctrl->redirect($this, 'showAccountMigration');
1427 }
1428 break;
1429
1430 default:
1431 $this->getLogger()->info('Account migration failed for user ' . (string) $_POST['mig_username']);
1432 $this->showAccountMigration($GLOBALS['lng']->txt('err_wrong_login'));
1433 return false;
1434 }
1435 }
1436
1437
1438
1442 public function showLogout()
1443 {
1445
1447 $GLOBALS['DIC']['ilAuthSession']->logout();
1448
1449 $GLOBALS['ilAppEventHandler']->raise(
1450 'Services/Authentication',
1451 'afterLogout',
1452 array(
1453 'username' => $GLOBALS['DIC']->user()->getLogin()
1454 )
1455 );
1456
1457 // reset cookie
1458 $client_id = $_COOKIE["ilClientId"];
1459 ilUtil::setCookie("ilClientId", "");
1460
1461 if ((int) $GLOBALS['DIC']->user()->getAuthMode(true) == AUTH_SAML && ilSession::get('used_external_auth')) {
1462 ilUtil::redirect('saml.php?action=logout&logout_url=' . urlencode(ILIAS_HTTP_PATH . '/login.php'));
1463 }
1464
1465 //instantiate logout template
1466 self::initStartUpTemplate("tpl.logout.html");
1467
1468 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1469 $tpl->setCurrentBlock("homelink");
1470 $tpl->setVariable("CLIENT_ID", "?client_id=" . $client_id . "&lang=" . $lng->getLangKey());
1471 $tpl->setVariable("TXT_HOME", $lng->txt("home"));
1472 $tpl->parseCurrentBlock();
1473 }
1474
1475 if ($ilIliasIniFile->readVariable("clients", "list")) {
1476 $tpl->setCurrentBlock("client_list");
1477 $tpl->setVariable("TXT_CLIENT_LIST", $lng->txt("to_client_list"));
1478 $this->ctrl->setParameter($this, "client_id", $client_id);
1479 $tpl->setVariable(
1480 "CMD_CLIENT_LIST",
1481 $this->ctrl->getLinkTarget($this, "showClientList")
1482 );
1483 $tpl->parseCurrentBlock();
1484 $this->ctrl->setParameter($this, "client_id", "");
1485 }
1486
1487 $tpl->setVariable("TXT_PAGEHEADLINE", $lng->txt("logout"));
1488 $tpl->setVariable("TXT_LOGOUT_TEXT", $lng->txt("logout_text"));
1489 $tpl->setVariable("TXT_LOGIN", $lng->txt("login_to_ilias"));
1490 $tpl->setVariable("CLIENT_ID", "?client_id=" . $client_id . "&lang=" . $lng->getLangKey());
1491
1492 $tpl->show();
1493 }
1494
1500 {
1501 global $ilAuth, $tpl, $lng;
1502
1503 $valid = $ilAuth->getValidationData();
1504
1505 self::initStartUpTemplate("tpl.user_mapping_selection.html");
1506 $email_user = ilObjUser::_getLocalAccountsForEmail($valid["email"]);
1507
1508
1509 if ($ilAuth->getSubStatus() == AUTH_WRONG_LOGIN) {
1510 ilUtil::sendFailure($lng->txt("err_wrong_login"));
1511 }
1512
1513 include_once('./Services/User/classes/class.ilObjUser.php');
1514 if (count($email_user) == 1) {
1515 //$user = new ilObjUser(key($email_user));
1516 $tpl->setCurrentBlock("one_user");
1517 $tpl->setVariable("TXT_USERNAME", $lng->txt("username"));
1518 $tpl->setVariable("VAL_USERNAME", current($email_user));
1519 $tpl->setVariable("USER_ID", key($email_user));
1520 $tpl->parseCurrentBlock();
1521 } else {
1522 foreach ($email_user as $key => $login) {
1523 $tpl->setCurrentBlock("user");
1524 $tpl->setVariable("USR_ID", $key);
1525 $tpl->setVariable("VAL_USER", $login);
1526 $tpl->parseCurrentBlock();
1527 }
1528 $tpl->setCurrentBlock("multpiple_user");
1529 $tpl->parseCurrentBlock();
1530 }
1531
1532 $tpl->setCurrentBlock("content");
1533 $this->ctrl->setParameter($this, "ext_uid", urlencode($_GET["ext_uid"]));
1534 $this->ctrl->setParameter($this, "soap_pw", urlencode($_GET["soap_pw"]));
1535 $this->ctrl->setParameter($this, "auth_stat", $_GET["auth_stat"]);
1536 $tpl->setVariable(
1537 "FORMACTION",
1538 $this->ctrl->getFormAction($this)
1539 );
1540 $tpl->setVariable("TXT_ILIAS_LOGIN", $lng->txt("login_to_ilias"));
1541 if (count($email_user) == 1) {
1542 $tpl->setVariable("TXT_EXPLANATION", $lng->txt("ums_explanation"));
1543 $tpl->setVariable("TXT_EXPLANATION_2", $lng->txt("ums_explanation_2"));
1544 } else {
1545 $tpl->setVariable("TXT_EXPLANATION", $lng->txt("ums_explanation_3"));
1546 $tpl->setVariable("TXT_EXPLANATION_2", $lng->txt("ums_explanation_4"));
1547 }
1548 $tpl->setVariable("TXT_CREATE_USER", $lng->txt("ums_create_new_account"));
1549 $tpl->setVariable("TXT_PASSWORD", $lng->txt("password"));
1550 $tpl->setVariable("PASSWORD", ilUtil::prepareFormOutput($_POST["password"]));
1551 $tpl->setVariable("TXT_SUBMIT", $lng->txt("login"));
1552
1553 $tpl->show();
1554 }
1555
1559 public function showClientList()
1560 {
1561 global $tpl, $ilIliasIniFile, $lng;
1562
1563 if (!$ilIliasIniFile->readVariable("clients", "list")) {
1564 $this->processIndexPHP();
1565 return;
1566 }
1567
1568 // fix #21612
1569 // $tpl = new ilTemplate("tpl.main.html", true, true);
1570 $tpl->setAddFooter(false); // no client yet
1571
1572 $tpl->setVariable("PAGETITLE", $lng->txt("clientlist_clientlist"));
1573 $tpl->setVariable("LOCATION_STYLESHEET", ilUtil::getStyleSheetLocation());
1574
1575 // load client list template
1576 self::initStartUpTemplate("tpl.client_list.html");
1577
1578 // load template for table
1579 $tpl->addBlockfile("CLIENT_LIST", "client_list", "tpl.table.html");
1580
1581 // load template for table content data
1582 $tpl->addBlockfile("TBL_CONTENT", "tbl_content", "tpl.obj_tbl_rows.html");
1583
1584 // load table content data
1585 require_once("setup/classes/class.ilClientList.php");
1586 require_once("setup/classes/class.ilClient.php");
1587 require_once("setup/classes/class.ilDBConnections.php");
1588 require_once("./Services/Table/classes/class.ilTableGUI.php");
1589 $this->db_connections = new ilDBConnections();
1590 $clientlist = new ilClientList($this->db_connections);
1591 $list = $clientlist->getClients();
1592
1593 if (count($list) == 0) {
1594 header("Location: ./setup/setup.php");
1595 exit();
1596 }
1597
1598 $hasPublicSection = false;
1599 foreach ($list as $key => $client) {
1600 $client->setDSN();
1601 if ($client->checkDatabaseExists(true)) {
1602 $client->connect();
1603 if ($client->ini->readVariable("client", "access") and $client->getSetting("setup_ok")) {
1604 $this->ctrl->setParameter($this, "client_id", $key);
1605 $tmp = array();
1606 $tmp[] = $client->getName();
1607 $tmp[] = "<a href=\"" . "login.php?cmd=force_login&client_id=" . urlencode($key) . "\">" . $lng->txt("clientlist_login_page") . "</a>";
1608
1609 if ($client->getSetting('pub_section')) {
1610 $hasPublicSection = true;
1611 $tmp[] = "<a href=\"" . "ilias.php?baseClass=ilRepositoryGUI&client_id=" . urlencode($key) . "\">" . $lng->txt("clientlist_start_page") . "</a>";
1612 } else {
1613 $tmp[] = '';
1614 }
1615
1616 $data[] = $tmp;
1617 }
1618 }
1619 }
1620
1621 // create table
1622 $tbl = new ilTableGUI();
1623
1624 // title & header columns
1625 if ($hasPublicSection) {
1626 $tbl->setTitle($lng->txt("clientlist_available_clients"));
1627 $tbl->setHeaderNames(array($lng->txt("clientlist_installation_name"), $lng->txt("clientlist_login"), $lng->txt("clientlist_public_access")));
1628 $tbl->setHeaderVars(array("name","index","login"));
1629 $tbl->setColumnWidth(array("50%","25%","25%"));
1630 } else {
1631 $tbl->setTitle($lng->txt("clientlist_available_clients"));
1632 $tbl->setHeaderNames(array($lng->txt("clientlist_installation_name"), $lng->txt("clientlist_login"), ''));
1633 $tbl->setHeaderVars(array("name","login",''));
1634 $tbl->setColumnWidth(array("70%","25%",'1px'));
1635 }
1636
1637 // control
1638 $tbl->setOrderColumn($_GET["sort_by"], "name");
1639 $tbl->setOrderDirection($_GET["sort_order"]);
1640 $tbl->setLimit($_GET["limit"]);
1641 $tbl->setOffset($_GET["offset"]);
1642
1643 // content
1644 $tbl->setData($data);
1645
1646 $tbl->disable("icon");
1647 $tbl->disable("numinfo");
1648 $tbl->disable("sort");
1649 $tbl->disable("footer");
1650
1651 // render table
1652 $tbl->render();
1653 $tpl->show("DEFAULT", true, true);
1654 }
1655
1661 public function showNoCookiesScreen()
1662 {
1663 global $tpl;
1664
1665 $str = "<p style=\"margin:15px;\">
1666 You need to enable Session Cookies in your Browser to use ILIAS.
1667 <br/>
1668 <br/><b>Firefox</b>
1669 <br/>Tools -> Options -> Privacy -> Cookies
1670 <br/>Enable 'Allow sites to set cookies' and activate option 'Keep
1671 <br/>cookies' auf 'until I close Firefox'
1672 <br/>
1673 <br/><b>Mozilla/Netscape</b>
1674 <br/>Edit -> Preferences -> Privacy&Security -> Cookies
1675 <br/>Go to 'Cookie Lifetime Policy' and check option 'Accept for current
1676 <br/>session only'.
1677 <br/>
1678 <br/><b>Internet Explorer</b>
1679 <br/>Tools -> Internet Options -> Privacy -> Advanced
1680 <br/>- Check 'Override automatic cookie handling'
1681 <br/>- Check 'Always allow session cookies'
1682 </p>";
1683 $tpl->setVariable("CONTENT", $str);
1684 $tpl->show();
1685 }
1686
1690 protected function getAcceptance()
1691 {
1692 $this->showTermsOfService();
1693 }
1694
1698 protected function showTermsOfService()
1699 {
1706 global $lng, $tpl, $ilUser, $ilSetting;
1707
1708 $back_to_login = ('getAcceptance' != $this->ctrl->getCmd());
1709
1710 self::initStartUpTemplate('tpl.view_terms_of_service.html', $back_to_login, !$back_to_login);
1711 $tpl->setVariable('TXT_PAGEHEADLINE', $lng->txt('usr_agreement'));
1712
1713 require_once 'Services/TermsOfService/classes/class.ilTermsOfServiceSignableDocumentFactory.php';
1715 if ($document->exists()) {
1716 if ('getAcceptance' == $this->ctrl->getCmd()) {
1717 if (isset($_POST['status']) && 'accepted' == $_POST['status']) {
1718 require_once 'Services/TermsOfService/classes/class.ilTermsOfServiceHelper.php';
1720
1721 if (ilSession::get('orig_request_target')) {
1722 $target = ilSession::get('orig_request_target');
1723 ilSession::set('orig_request_target', '');
1725 } else {
1726 ilUtil::redirect('index.php?target=' . $_GET['target'] . '&client_id=' . CLIENT_ID);
1727 }
1728 }
1729
1730 $tpl->setVariable('FORM_ACTION', $this->ctrl->getFormAction($this, $this->ctrl->getCmd()));
1731 $tpl->setVariable('ACCEPT_CHECKBOX', ilUtil::formCheckbox(0, 'status', 'accepted'));
1732 $tpl->setVariable('ACCEPT_TERMS_OF_SERVICE', $lng->txt('accept_usr_agreement'));
1733 $tpl->setVariable('TXT_SUBMIT', $lng->txt('submit'));
1734 }
1735
1736 $tpl->setPermanentLink('usr', null, 'agreement');
1737 $tpl->setVariable('TERMS_OF_SERVICE_CONTENT', $document->getContent());
1738 } else {
1739 include_once("./Modules/SystemFolder/classes/class.ilSystemSupportContacts.php");
1740 $tpl->setVariable('TERMS_OF_SERVICE_CONTENT', sprintf($lng->txt('no_agreement_description'), 'mailto:' . ilUtil::prepareFormOutput(ilSystemSupportContacts::getMailToAddress())));
1741 }
1742
1743 $tpl->show();
1744 }
1745
1749 protected function processIndexPHP()
1750 {
1751 global $ilIliasIniFile, $ilAuth, $ilSetting;
1752
1753 // In case of an valid session, redirect to starting page
1754 if ($GLOBALS['DIC']['ilAuthSession']->isValid()) {
1755 include_once './Services/Init/classes/class.ilInitialisation.php';
1756 ilInitialisation::redirectToStartingPage();
1757 return;
1758 }
1759
1760 // no valid session => show client list, if no client info is given
1761 if (
1762 !isset($_GET["client_id"]) &&
1763 ($_GET["cmd"] == "") &&
1764 $ilIliasIniFile->readVariable("clients", "list")) {
1765 return $this->showClientList();
1766 }
1767
1768 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1770 }
1771
1772 // otherwise show login page
1773 return $this->showLoginPage();
1774 }
1775
1776
1777 public static function _checkGoto($a_target)
1778 {
1779 global $objDefinition, $ilPluginAdmin, $ilUser;
1780
1781 if (is_object($ilPluginAdmin)) {
1782 // get user interface plugins
1783 $pl_names = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, "UIComponent", "uihk");
1784
1785 // search
1786 foreach ($pl_names as $pl) {
1787 $ui_plugin = ilPluginAdmin::getPluginObject(IL_COMP_SERVICE, "UIComponent", "uihk", $pl);
1788 $gui_class = $ui_plugin->getUIClassInstance();
1789 $resp = $gui_class->checkGotoHook($a_target);
1790 if ($resp["target"] !== false) {
1791 $a_target = $resp["target"];
1792 break;
1793 }
1794 }
1795 }
1796
1797 if ($a_target == "") {
1798 return false;
1799 }
1800
1801 $t_arr = explode("_", $a_target);
1802 $type = $t_arr[0];
1803
1804 if ($type == "git") {
1805 $type = "glo";
1806 }
1807
1808 if ($type == "pg" | $type == "st") {
1809 $type = "lm";
1810 }
1811
1812 $class = $objDefinition->getClassName($type);
1813 if ($class == "") {
1814 return false;
1815 }
1816
1817 $location = $objDefinition->getLocation($type);
1818 $full_class = "ilObj" . $class . "Access";
1819 include_once($location . "/class." . $full_class . ".php");
1820
1821 $ret = call_user_func(array($full_class, "_checkGoto"), $a_target);
1822
1823 // if no access and repository object => check for parent course/group
1824 if (!$ret &&
1825 !stristr($a_target, "_wsp") &&
1826 $ilUser->getId() != ANONYMOUS_USER_ID && // #10637
1827 !$objDefinition->isAdministrationObject($type) &&
1828 $objDefinition->isRBACObject($type) &&
1829 $t_arr[1]) {
1830 global $tree, $rbacsystem, $ilAccess;
1831
1832 // original type "pg" => pg_<page_id>[_<ref_id>]
1833 if ($t_arr[0] == "pg") {
1834 if (isset($t_arr[2])) {
1835 $ref_id = $t_arr[2];
1836 } else {
1837 $lm_id = ilLMObject::_lookupContObjID($t_arr[1]);
1838 $ref_id = ilObject::_getAllReferences($lm_id);
1839 if ($ref_id) {
1840 $ref_id = array_shift($ref_id);
1841 }
1842 }
1843 } else {
1844 $ref_id = $t_arr[1];
1845 }
1846
1847 include_once "Services/Membership/classes/class.ilParticipants.php";
1848 $block_obj = array();
1849
1850 // walk path to find parent container
1851 $path = $tree->getPathId($ref_id);
1852 array_pop($path);
1853 foreach ($path as $path_ref_id) {
1854 $redirect_infopage = false;
1855 $add_member_role = false;
1856
1857 $ptype = ilObject::_lookupType($path_ref_id, true);
1858 $pobj_id = ilObject::_lookupObjId($path_ref_id);
1859
1860 // core checks: timings/object-specific
1861 if (!$ilAccess->doActivationCheck("read", "", $path_ref_id, $ilUser->getId(), $pobj_id, $ptype) ||
1862 !$ilAccess->doStatusCheck("read", "", $path_ref_id, $ilUser->getId(), $pobj_id, $ptype)) {
1863 // object in path is inaccessible - aborting
1864 return false;
1865 } elseif ($ptype == "crs") {
1866 // check if already participant
1867 include_once "Modules/Course/classes/class.ilCourseParticipant.php";
1868 $participants = new ilCourseParticipant($pobj_id, $ilUser->getId());
1869 if (!$participants->isAssigned()) {
1870 // subscription currently possible?
1871 include_once "Modules/Course/classes/class.ilObjCourse.php";
1872 if (ilObjCourse::_isActivated($pobj_id) &&
1874 $block_obj[] = $path_ref_id;
1875 $add_member_role = true;
1876 } else {
1877 $redirect_infopage = true;
1878 }
1879 }
1880 } elseif ($ptype == "grp") {
1881 // check if already participant
1882 include_once "Modules/Group/classes/class.ilGroupParticipants.php";
1883 if (!ilGroupParticipants::_isParticipant($path_ref_id, $ilUser->getId())) {
1884 // subscription currently possible?
1885 include_once "Modules/Group/classes/class.ilObjGroup.php";
1886 $group_obj = new ilObjGroup($path_ref_id);
1887 if ($group_obj->isRegistrationEnabled()) {
1888 $block_obj[] = $path_ref_id;
1889 $add_member_role = true;
1890 } else {
1891 $redirect_infopage = true;
1892 }
1893 }
1894 }
1895
1896 // add members roles for all "blocking" objects
1897 if ($add_member_role) {
1898 // cannot join? goto will never work, so redirect to current object
1899 $rbacsystem->resetPACache($ilUser->getId(), $path_ref_id);
1900 if (!$rbacsystem->checkAccess("join", $path_ref_id)) {
1901 $redirect_infopage = true;
1902 } else {
1903 $rbacsystem->addTemporaryRole(
1904 $ilUser->getId(),
1906 );
1907 }
1908 }
1909
1910 // redirect to infopage of 1st blocking object in path
1911 if ($redirect_infopage) {
1912 if ($rbacsystem->checkAccess("visible", $path_ref_id)) {
1913 ilUtil::redirect("ilias.php?baseClass=ilRepositoryGUI" .
1914 "&ref_id=" . $path_ref_id . "&cmd=infoScreen");
1915 } else {
1916 return false;
1917 }
1918 }
1919 }
1920
1921 // check if access will be possible with all (possible) member roles added
1922 $rbacsystem->resetPACache($ilUser->getId(), $ref_id);
1923 if ($rbacsystem->checkAccess("read", $ref_id) && sizeof($block_obj)) { // #12128
1924 // this won't work with lm-pages (see above)
1925 // include_once "Services/Link/classes/class.ilLink.php";
1926 // $_SESSION["pending_goto"] = ilLink::_getStaticLink($ref_id, $type);
1927
1928 // keep original target
1929 $_SESSION["pending_goto"] = "goto.php?target=" . $a_target;
1930
1931 // redirect to 1st non-member object in path
1932 ilUtil::redirect("ilias.php?baseClass=ilRepositoryGUI" .
1933 "&ref_id=" . array_shift($block_obj));
1934 }
1935 }
1936
1937 return $ret;
1938 }
1939
1940 public function confirmRegistration()
1941 {
1942 ilUtil::setCookie('iltest', 'cookie', false);
1943
1944 if (!isset($_GET['rh']) || !strlen(trim($_GET['rh']))) {
1945 $this->ctrl->redirectToURL('./login.php?cmd=force_login&reg_confirmation_msg=reg_confirmation_hash_not_passed');
1946 }
1947
1948 try {
1949 $oRegSettings = new ilRegistrationSettings();
1950
1951 $usr_id = ilObjUser::_verifyRegistrationHash(trim($_GET['rh']));
1953 $user = ilObjectFactory::getInstanceByObjId($usr_id);
1954 $user->setActive(true);
1955 $password = '';
1956 if ($oRegSettings->passwordGenerationEnabled()) {
1957 $passwords = ilUtil::generatePasswords(1);
1958 $password = $passwords[0];
1959 $user->setPasswd($password, IL_PASSWD_PLAIN);
1960 $user->setLastPasswordChangeTS(time());
1961 }
1962 $user->update();
1963
1964 $target = $user->getPref('reg_target');
1965 if (strlen($target) > 0) {
1966 // Used for ilAccountMail in ilAccountRegistrationMail, which relies on this super global ...
1967 $_GET['target'] = $target;
1968 }
1969
1970 $accountMail = new ilAccountRegistrationMail(
1971 $oRegSettings,
1972 $this->lng,
1974 );
1975 $accountMail->withEmailConfirmationRegistrationMode()->send($user, $password);
1976
1977 $this->ctrl->redirectToURL(sprintf(
1978 './login.php?cmd=force_login&reg_confirmation_msg=reg_account_confirmation_successful&lang=%s',
1979 $user->getLanguage()
1980 ));
1981 } catch (ilRegConfirmationLinkExpiredException $exception) {
1982 $soap_client = new ilSoapClient();
1983 $soap_client->setResponseTimeout(1);
1984 $soap_client->enableWSDL(true);
1985 $soap_client->init();
1986
1987 $this->logger->info('Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...');
1988
1989 $soap_client->call(
1990 'deleteExpiredDualOptInUserObjects',
1991 [
1992 $_COOKIE['PHPSESSID'] . '::' . $_COOKIE['ilClientId'],
1993 $exception->getCode() // user id
1994 ]
1995 );
1996
1997 $this->ctrl->redirectToURL(sprintf(
1998 './login.php?cmd=force_login&reg_confirmation_msg=%s',
1999 $exception->getMessage()
2000 ));
2001 } catch (ilRegistrationHashNotFoundException $exception) {
2002 $this->ctrl->redirectToURL(sprintf(
2003 './login.php?cmd=force_login&reg_confirmation_msg=%s',
2004 $exception->getMessage()
2005 ));
2006 }
2007 }
2008
2015 public static function initStartUpTemplate($a_tmpl, $a_show_back = false, $a_show_logout = false)
2016 {
2024 global $tpl, $lng, $ilCtrl, $ilSetting, $ilAccess;
2025
2026 // #13574 - basic.js is included with ilTemplate, so jQuery is needed, too
2027 include_once("./Services/jQuery/classes/class.iljQueryUtil.php");
2029
2030 // framework is needed for language selection
2031 include_once("./Services/UICore/classes/class.ilUIFramework.php");
2033
2034 $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'Services/Init');
2035 $tpl->setVariable('HEADER_ICON', ilUtil::getImagePath('HeaderIcon.svg'));
2036 $tpl->setVariable("HEADER_ICON_RESPONSIVE", ilUtil::getImagePath("HeaderIconResponsive.svg"));
2037
2038 if ($a_show_back) {
2039 // #13400
2040 $param = 'client_id=' . $_COOKIE['ilClientId'] . '&lang=' . $lng->getLangKey();
2041
2042 $tpl->setCurrentBlock('link_item_bl');
2043 $tpl->setVariable('LINK_TXT', $lng->txt('login_to_ilias'));
2044 $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
2045 $tpl->parseCurrentBlock();
2046
2047 include_once './Services/Init/classes/class.ilPublicSectionSettings.php';
2048 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
2049 $ilAccess->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
2050 $tpl->setVariable('LINK_URL', 'index.php?' . $param);
2051 $tpl->setVariable('LINK_TXT', $lng->txt('home'));
2052 $tpl->parseCurrentBlock();
2053 }
2054 } elseif ($a_show_logout) {
2055 $tpl->setCurrentBlock('link_item_bl');
2056 $tpl->setVariable('LINK_TXT', $lng->txt('logout'));
2057 $tpl->setVariable('LINK_URL', ILIAS_HTTP_PATH . '/logout.php');
2058 $tpl->parseCurrentBlock();
2059 }
2060
2061 if (is_array($a_tmpl)) {
2062 $template_file = $a_tmpl[0];
2063 $template_dir = $a_tmpl[1];
2064 } else {
2065 $template_file = $a_tmpl;
2066 $template_dir = 'Services/Init';
2067 }
2068
2069 //Header Title
2070 include_once("./Modules/SystemFolder/classes/class.ilObjSystemFolder.php");
2071 $header_top_title = ilObjSystemFolder::_getHeaderTitle();
2072 if (trim($header_top_title) != "" && $tpl->blockExists("header_top_title")) {
2073 $tpl->setCurrentBlock("header_top_title");
2074 $tpl->setVariable("TXT_HEADER_TITLE", $header_top_title);
2075 $tpl->parseCurrentBlock();
2076 }
2077
2078 // language selection
2079 $selection = self::getLanguageSelection();
2080 if ($selection) {
2081 $tpl->setCurrentBlock("lang_select");
2082 $tpl->setVariable("TXT_LANGSELECT", $lng->txt("language"));
2083 $tpl->setVariable("LANG_SELECT", $selection);
2084 $tpl->parseCurrentBlock();
2085 }
2086
2087 $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
2088 }
2089
2094 protected static function getLanguageSelection()
2095 {
2096 include_once("./Services/MainMenu/classes/class.ilMainMenuGUI.php");
2098 }
2099
2104 protected function showSamlLoginForm($page_editor_html)
2105 {
2106 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
2107 require_once 'Services/Saml/classes/class.ilSamlSettings.php';
2108
2109 if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
2110 $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'Services/Saml');
2111
2112 $return = '';
2113 if (isset($_GET['target'])) {
2114 $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($_GET['target']));
2115 }
2116
2117 $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
2118 $tpl->setVariable('TXT_LOGIN', $GLOBALS['DIC']->language()->txt('saml_log_in'));
2119 $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $GLOBALS['DIC']->language()->txt('login_to_ilias_via_saml'));
2120 $tpl->setVariable('TXT_SAML_LOGIN_TXT', $GLOBALS['DIC']->language()->txt('saml_login_form_txt'));
2121 $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $GLOBALS['DIC']->language()->txt('saml_login_form_info_txt'));
2122
2123 return $this->substituteLoginPageElements(
2124 $GLOBALS['tpl'],
2125 $page_editor_html,
2126 $tpl->get(),
2127 '[list-saml-login-form]',
2128 'SAML_LOGIN_FORM'
2129 );
2130 }
2131
2132 return $page_editor_html;
2133 }
2134
2138 protected function doSamlAuthentication()
2139 {
2140 global $DIC;
2141
2142 $this->getLogger()->debug('Trying saml authentication');
2143
2144 $request = $DIC->http()->request();
2145 $params = $request->getQueryParams();
2146
2147 require_once 'Services/Saml/classes/class.ilSamlAuthFactory.php';
2149 $auth = $factory->auth();
2150
2151 if (isset($params['action']) && $params['action'] == 'logout') {
2152 $auth->logout(isset($params['logout_url']) ? $params['logout_url'] : '');
2153 }
2154
2155 if (isset($params['target']) && !isset($params['returnTo'])) {
2156 $params['returnTo'] = $params['target'];
2157 }
2158 if (isset($params['returnTo'])) {
2159 $auth->storeParam('target', $params['returnTo']);
2160 }
2161
2162 if (!$auth->isAuthenticated()) {
2163 if (!isset($_GET['idpentityid']) || !isset($_GET['saml_idp_id'])) {
2164 $activeIdps = ilSamlIdp::getActiveIdpList();
2165 if (1 == count($activeIdps)) {
2166 $idp = current($activeIdps);
2167 $_GET['idpentityid'] = $idp->getEntityId();
2168 $_GET['saml_idp_id'] = $idp->getIdpId();
2169 } elseif (0 == count($activeIdps)) {
2170 $GLOBALS['DIC']->ctrl()->redirect($this, 'showLoginPage');
2171 } else {
2172 $this->showSamlIdpSelection($auth, $activeIdps);
2173 return;
2174 }
2175 }
2176 $auth->storeParam('idpId', (int) $_GET['saml_idp_id']);
2177 }
2178
2179 // re-init
2180 $auth = $factory->auth();
2181 $auth->protectResource();
2182
2183 $_GET['target'] = $auth->popParam('target');
2184
2185 $_POST['auth_mode'] = AUTH_SAML . '_' . ((int) $auth->getParam('idpId'));
2186
2187 require_once 'Services/Saml/classes/class.ilAuthFrontendCredentialsSaml.php';
2188 $credentials = new ilAuthFrontendCredentialsSaml($auth);
2189 $credentials->initFromRequest();
2190
2191 require_once 'Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
2192 $provider_factory = new ilAuthProviderFactory();
2193 $provider = $provider_factory->getProviderByAuthMode($credentials, ilUtil::stripSlashes($_POST['auth_mode']));
2194
2195 require_once 'Services/Authentication/classes/class.ilAuthStatus.php';
2196 $status = ilAuthStatus::getInstance();
2197
2198 require_once 'Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
2199 $frontend_factory = new ilAuthFrontendFactory();
2200 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
2201 $frontend = $frontend_factory->getFrontend(
2202 $GLOBALS['DIC']['ilAuthSession'],
2203 $status,
2204 $credentials,
2205 array($provider)
2206 );
2207
2208 $frontend->authenticate();
2209
2210 switch ($status->getStatus()) {
2212 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
2213 require_once 'Services/Init/classes/class.ilInitialisation.php';
2214 return ilInitialisation::redirectToStartingPage();
2215
2217 return $GLOBALS['DIC']->ctrl()->redirect($this, 'showAccountMigration');
2218
2220 ilUtil::sendFailure($status->getTranslatedReason(), true);
2221 $GLOBALS['DIC']->ctrl()->redirect($this, 'showLoginPage');
2222 return false;
2223 }
2224
2225 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
2226 $this->showLoginPage();
2227
2228 return false;
2229 }
2230
2235 protected function showSamlIdpSelection(\ilSamlAuth $auth, array $idps)
2236 {
2237 global $DIC;
2238
2239 self::initStartUpTemplate(array('tpl.saml_idp_selection.html', 'Services/Saml'));
2240
2241 $mainTpl = $DIC->ui()->mainTemplate();
2242 $factory = $DIC->ui()->factory();
2243 $renderer = $DIC->ui()->renderer();
2244
2245 $DIC->ctrl()->setTargetScript('saml.php');
2246
2247 $items = [];
2248
2249 require_once 'Services/Saml/classes/class.ilSamlIdpSelectionTableGUI.php';
2250 $table = new ilSamlIdpSelectionTableGUI($this, 'doSamlAuthentication');
2251
2252 foreach ($idps as $idp) {
2253 $DIC->ctrl()->setParameter($this, 'saml_idp_id', $idp->getIdpId());
2254 $DIC->ctrl()->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
2255
2256 $items[] = [
2257 'idp_link' => $renderer->render($factory->link()->standard($idp->getEntityId(), $DIC->ctrl()->getLinkTarget($this, 'doSamlAuthentication')))
2258 ];
2259 }
2260
2261 $table->setData($items);
2262 $mainTpl->setVariable('CONTENT', $table->getHtml());
2263
2264 $mainTpl->fillWindowTitle();
2265 $mainTpl->fillCssFiles();
2266 $mainTpl->fillJavaScriptFiles();
2267 $mainTpl->show('DEFAULT', false);
2268 }
2269}
sprintf('%.4f', $callTime)
user()
Definition: user.php:4
$tpl
Definition: ilias.php:10
$factory
Definition: metadata.php:47
$auth
Definition: metadata.php:48
$_COOKIE['client_id']
Definition: server.php:9
$success
Definition: Utf8Test.php:86
$failure
$location
Definition: buildRTE.php:44
$client
Definition: resume.php:9
$_GET["client_id"]
$_POST["username"]
$_SESSION["AccountId"]
An exception for terminatinating execution or to throw for unit testing.
Class ShibbolethWAYF.
const AUTH_SHIBBOLETH
const AUTH_APACHE
const AUTH_SOAP_NO_ILIAS_USER
const AUTH_APACHE_FAILED
const AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_CAPTCHA_INVALID
const AUTH_SAML
const AUTH_LOCAL
const AUTH_CAS_NO_ILIAS_USER
const AUTH_RADIUS_NO_ILIAS_USER
const AUTH_CAS
const AUTH_SAML_FAILED
const AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_LDAP_NO_ILIAS_USER
const AUTH_USER_INACTIVE
const AUTH_USER_WRONG_IP
const AUTH_MODE_INACTIVE
const IL_COMP_SERVICE
const IL_PASSWD_PLAIN
static isUnusedCode($code)
static getCodeValidUntil($code)
static applyRoleAssignments(ilObjUser $user, $code)
static applyAccessLimits(ilObjUser $user, $code)
static useCode($code)
Class ilAccountRegistrationGUI.
Class ilAccountRegistrationMail.
Auth frontend credentials for CAS auth.
Auth credentials for lti oauth based authentication.
Class ilAuthFrontendCredentialsSaml.
Factory for auth frontend classes.
const STATUS_CODE_ACTIVATION_REQUIRED
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
static _getMultipleAuthModeOptions($lng)
static _hasMultipleAuthenticationMethods()
This class represents a captcha input in a property form.
client management
Administrates DB connections in setup.
static _isParticipant($a_ref_id, $a_usr_id)
Static function to check if a user is a participant of the container object.
This class represents a hidden form property in a property form.
static goToPublicSection()
go to public section
static _lookupContObjID($a_id)
get learning module / digibook id for lm object
static lookupId($a_lang_key)
Lookup obj_id of language @global ilDB $ilDB.
static getLogger($a_component_id)
Get component logger.
Login page GUI class.
static getLanguageSelection($a_in_topbar=false)
static _registrationEnabled($a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
static _isActivated($a_obj_id)
Is activated.
Class ilObjGroup.
static getSyntaxStylePath()
get syntax style path
static getContentStylePath($a_style_id, $add_random=true)
get content style path
static _verifyRegistrationHash($a_hash)
Verifies a registration hash.
static _lookupLogin($a_user_id)
lookup login
static _lookupId($a_user_str)
Lookup id by login.
static _getLocalAccountsForEmail($a_email)
check whether external account and authentication method matches with a user
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static _lookupObjId($a_id)
static _getAllReferences($a_id)
get all reference ids of object
static _lookupType($a_id, $a_reference=false)
lookup object type
static _existsAndNotEmpty($a_parent_type, $a_id, $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages)
static getDefaultMemberRole($a_ref_id)
Password assistance facility for users who have forgotten their password or for users for whom no pas...
This class represents a password property in a property form.
static getPluginObject($a_ctype, $a_cname, $a_slot_id, $a_pname)
Get Plugin Object.
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
Class for user related exception handling in ILIAS.
Class for user related exception handling in ILIAS.
Class ilObjAuthSettingsGUI.
Class ilSamlAuthFactory.
Class ilSamlIdpSelectionTableGUI.
static getActiveIdpList()
const SESSION_CLOSE_USER
const SESSION_CLOSE_CAPTCHA
static set($a_var, $a_val)
Set a value.
const SESSION_CLOSE_IP
static setClosingContext($a_context)
set closing context (for statistics)
const SESSION_CLOSE_TIME
const SESSION_CLOSE_SIMUL
static get($a_var)
Get a value.
const SESSION_CLOSE_INACTIVE
ILIAS Setting Class.
StartUp GUI class.
processIndexPHP()
process index.php
showShibbolethLoginForm($page_editor_html)
Show shibboleth login form.
showLoginPage(ilPropertyFormGUI $form=null)
showCASLoginForm($page_editor_html)
Show cas login @global ilSetting $ilSetting.
static _checkGoto($a_target)
showLogin()
Show login.
doStandardAuthentication()
Check form input; authenticate user.
getAcceptance()
Get terms of service.
doApacheAuthentication()
Try apache auth.
showCodeForm($a_username=null, $a_form=null)
doMigration()
Do migration of existing ILIAS database user account.
const ACCOUNT_MIGRATION_MIGRATE
purgePlaceholders($page_editor_html)
Purge page editor html from unused placeholders.
initStandardLoginForm()
Initialize the standard.
doShibbolethAuthentication()
Trying shibboleth authentication.
getLogger()
Get logger.
migrateAccount()
Migrate Account.
substituteLoginPageElements($tpl, $page_editor_html, $element_html, $placeholder, $fallback_tplvar)
Substitute login page elements.
showClientList()
show client list
static getLanguageSelection()
language selection list
jumpToPasswordAssistance()
jump to password assistance
showLogout()
show logout screen
showSamlIdpSelection(\ilSamlAuth $auth, array $idps)
doLTIAuthentication()
Handle lti requests.
jumpToRegistration()
jump to registration gui
showLoginForm($page_editor_html, ilPropertyFormGUI $form=null)
Show login form @global ilSetting $ilSetting.
executeCommand()
execute command
getLoginPageEditorHTML()
Get HTML of ILIAS login page editor.
initCodeForm($a_username)
showLoginInformation($page_editor_html)
Show login information.
__construct()
constructor
showUserMappingSelection()
Show user selection screen, if external account could not be mapped to an ILIAS account,...
doCasAuthentication()
Try CAS auth.
showNoCookiesScreen()
show help screen, if cookies are disabled
showRegistrationLinks($page_editor_html)
Show registration, password forgotten, client slection links @global ilLanguage $lng @global ilSettin...
doMigrationNewAccount()
Create new account for migration.
showSamlLoginForm($page_editor_html)
static getMailToAddress()
Get mailto: email.
Class ilTableGUI.
special template class to simplify handling of ITX/PEAR
static trackAcceptance(ilObjUser $user, ilTermsOfServiceSignableDocument $document)
This class represents a text property in a property form.
static init($a_tpl=null)
Init.
static appendUrlParameterString($a_url, $a_par, $xml_style=false)
append URL parameter string ("par1=value1&par2=value2...") to given URL string
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
static sendSuccess($a_info="", $a_keep=false)
Send Success Message to Screen.
static getStyleSheetLocation($mode="output", $a_css_name="", $a_css_location="")
get full style sheet file name (path inclusive) of current user
static redirect($a_script)
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static generatePasswords($a_number)
Generate a number of passwords.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static prepareFormOutput($a_str, $a_strip=false)
prepares string output for html forms @access public
static initjQuery($a_tpl=null)
inits and adds the jQuery JS-File to the global or a passed template
$key
Definition: croninfo.php:18
$valid
$tbl
Definition: example_048.php:81
$code
Definition: example_050.php:99
$GLOBALS['loaded']
Global hash that tracks already loaded includes.
global $ilCtrl
Definition: ilias.php:18
$client_id
Interface ilSamlAuth.
$ret
Definition: parser.php:6
global $ilSetting
Definition: privfeed.php:17
$type
$idp
Definition: prp.php:13
$password
Definition: pwgen.php:17
if(empty($password)) $table
Definition: pwgen.php:24
if(isset($_POST['submit'])) $form
if(isset($_REQUEST['delete'])) $list
Definition: registry.php:41
global $DIC
Definition: saml.php:7
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
$ilIliasIniFile
$ilUser
Definition: imgupload.php:18
$params
Definition: disable.php:11