ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions | Protected Attributes
ilAuthBase Class Reference

@classDescription Base class for all PEAR and ILIAS auth classes. More...

+ Collaboration diagram for ilAuthBase:

Public Member Functions

 getSubStatus ()
 Get sub status. More...
 
 setSubStatus ($a_sub_status)
 Set sub status. More...
 
 supportsRedirects ()
 Returns true, if the current auth mode allows redirects to e.g the login screen, public section ... More...
 
 getContainer ()
 Get container object. More...
 
 getExceededUserName ()
 

Protected Member Functions

 initAuth ()
 Init auth object Enable logging, set callbacks... More...
 
 loginObserver ($a_username, $a_auth)
 Called after successful login. More...
 
 failedLoginObserver ($a_username, $a_auth)
 Called after failed login. More...
 
 checkAuthObserver ($a_username, $a_auth)
 Called after each check auth request. More...
 
 logoutObserver ($a_username, $a_auth)
 Called after logout. More...
 

Protected Attributes

 $sub_status = null
 
 $exceeded_user_name
 

Detailed Description

@classDescription Base class for all PEAR and ILIAS auth classes.

Enables logging, observers.

Author
Stefan Meyer smeye.nosp@m.r.il.nosp@m.ias@g.nosp@m.mx.d.nosp@m.e
Version
$Id$

Definition at line 33 of file class.ilAuthBase.php.

Member Function Documentation

◆ checkAuthObserver()

ilAuthBase::checkAuthObserver (   $a_username,
  $a_auth 
)
protected

Called after each check auth request.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 257 of file class.ilAuthBase.php.

258 {
259 return $this->getContainer()->checkAuthObserver($a_username, $a_auth);
260 }
ilAuthBase\getContainer
getContainer()
Get container object.
Definition: class.ilAuthBase.php:74

References getContainer().

+ Here is the call graph for this function:

◆ failedLoginObserver()

ilAuthBase::failedLoginObserver (   $a_username,
  $a_auth 
)
protected

Called after failed login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 220 of file class.ilAuthBase.php.

221 {
222 global $DIC;
223
224 $ilLog = $DIC['ilLog'];
225
226 ilLoggerFactory::getLogger('auth')->info(
227 ': login failed for user ' . $a_username .
228 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
229 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
230 );
231
232 if ($a_username) {
233 $usr_id = ilObjUser::_lookupId($a_username);
234 if (!in_array($usr_id, array(ANONYMOUS_USER_ID))) {
235 ilObjUser::_incrementLoginAttempts($usr_id);
236 $login_attempts = ilObjUser::_getLoginAttempts($usr_id);
237
238 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
239 $security = ilSecuritySettings::_getInstance();
240 $max_attempts = $security->getLoginMaxAttempts();
241
242 if ((int) $max_attempts && $login_attempts >= $max_attempts) {
243 ilObjUser::_setUserInactive($usr_id);
244 }
245 }
246 }
247
248 return $this->getContainer()->failedLoginObserver($a_username, $a_auth);
249 }
ilLoggerFactory\getLogger
static getLogger($a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:74
ilObjUser\_incrementLoginAttempts
static _incrementLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4902
ilObjUser\_lookupId
static _lookupId($a_user_str)
Lookup id by login.
Definition: class.ilObjUser.php:827
ilObjUser\_setUserInactive
static _setUserInactive($a_usr_id)
Definition: class.ilObjUser.php:4918
ilObjUser\_getLoginAttempts
static _getLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4888
ilSecuritySettings\_getInstance
static _getInstance()
Get instance of ilSecuritySettings.
Definition: class.ilSecuritySettings.php:107
$ilLog
$ilLog
Definition: inc.setup_header.php:123
$DIC
global $DIC
Definition: saml.php:7
$_SERVER
if((!isset($_SERVER['DOCUMENT_ROOT'])) OR(empty($_SERVER['DOCUMENT_ROOT']))) $_SERVER['DOCUMENT_ROOT']
Definition: tcpdf_autoconfig.php:54

References $_SERVER, $DIC, $ilLog, ilSecuritySettings\_getInstance(), ilObjUser\_getLoginAttempts(), ilObjUser\_incrementLoginAttempts(), ilObjUser\_lookupId(), ilObjUser\_setUserInactive(), getContainer(), and ilLoggerFactory\getLogger().

+ Here is the call graph for this function:

◆ getContainer()

ilAuthBase::getContainer ( )
final

Get container object.

Returns
object ilAuthContainerBase

Definition at line 74 of file class.ilAuthBase.php.

75 {
76 return $this->storage;
77 }

Referenced by checkAuthObserver(), failedLoginObserver(), loginObserver(), and logoutObserver().

+ Here is the caller graph for this function:

◆ getExceededUserName()

ilAuthBase::getExceededUserName ( )

Definition at line 288 of file class.ilAuthBase.php.

289 {
290 return $this->exceeded_user_name;
291 }

References $exceeded_user_name.

◆ getSubStatus()

ilAuthBase::getSubStatus ( )

Get sub status.

Returns
type

Definition at line 46 of file class.ilAuthBase.php.

47 {
48 return $this->sub_status;
49 }

References $sub_status.

◆ initAuth()

ilAuthBase::initAuth ( )
finalprotected

Init auth object Enable logging, set callbacks...

Returns
void

Definition at line 84 of file class.ilAuthBase.php.

85 {
86 ilSessionControl::initSession();
87
88 $this->enableLogging = true;
89 //$this->enableLogging = false;
90
91 if ($this->enableLogging) {
92 ilLoggerFactory::getLogger('auth')->debug('Init callbacks');
93 }
94 $this->setLoginCallback(array($this,'loginObserver'));
95 $this->setFailedLoginCallback(array($this,'failedLoginObserver'));
96 $this->setCheckAuthCallback(array($this,'checkAuthObserver'));
97 $this->setLogoutCallback(array($this,'logoutObserver'));
98
99 include_once('Services/Authentication/classes/class.ilAuthLogObserver.php');
100 $this->attachLogObserver(new ilAuthLogObserver(AUTH_LOG_DEBUG));
101 }
ilSessionControl\initSession
static initSession()
mark session with type regarding to the context.
Definition: class.ilSessionControl.php:144

References ilLoggerFactory\getLogger(), and ilSessionControl\initSession().

+ Here is the call graph for this function:

◆ loginObserver()

ilAuthBase::loginObserver (   $a_username,
  $a_auth 
)
protected

Called after successful login.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 109 of file class.ilAuthBase.php.

110 {
111 global $DIC;
112
113 $ilLog = $DIC['ilLog'];
114 $ilAppEventHandler = $DIC['ilAppEventHandler'];
115 $ilSetting = $DIC['ilSetting'];
116
117 if ($this->getContainer()->loginObserver($a_username, $a_auth)) {
118 // validate user
119 include_once "Services/User/classes/class.ilObjUser.php";
120 $user_id = ilObjUser::_loginExists($a_auth->getUsername());
121 if ($user_id != ANONYMOUS_USER_ID) {
122 $user = new ilObjUser($user_id);
123
124 // check if profile is complete
125 include_once "Services/User/classes/class.ilUserProfile.php";
126 if (ilUserProfile::isProfileIncomplete($user) and ilAuthFactory::getContext() != ilAuthFactory::CONTEXT_ECS) {
127 $user->setProfileIncomplete(true);
128 $user->update();
129 }
130
131 // --- extended user validation
132 //
133 // we only have a single status, so abort after each one
134 // order from highest priority to lowest
135
136 // active?
137 if (!$user->getActive()) {
138 $this->status = AUTH_USER_INACTIVE;
139 $a_auth->logout();
140 return;
141 }
142
143 // time limit
144 if (!$user->checkTimeLimit()) {
145 $this->status = AUTH_USER_TIME_LIMIT_EXCEEDED;
146 // #16327
147 $this->exceeded_user_name = $this->getUserName();
148 $a_auth->logout();
149 return;
150 }
151
152 // check client ip
153 $clientip = $user->getClientIP();
154 if (trim($clientip) != "") {
155 $clientip = preg_replace("/[^0-9.?*,:]+/", "", $clientip);
156 $clientip = str_replace(".", "\\.", $clientip);
157 $clientip = str_replace(array("?","*",","), array("[0-9]","[0-9]*","|"), $clientip);
158 if (!preg_match("/^" . $clientip . "$/", $_SERVER["REMOTE_ADDR"])) {
159 $this->status = AUTH_USER_WRONG_IP;
160 $a_auth->logout();
161 return;
162 }
163 }
164
165 // simultaneous login
166 if ($ilSetting->get('ps_prevent_simultaneous_logins') &&
167 ilObjUser::hasActiveSession($user_id)) {
168 $this->status = AUTH_USER_SIMULTANEOUS_LOGIN;
169 $a_auth->logout();
170 return;
171 }
172
173 include_once 'Services/Tracking/classes/class.ilOnlineTracking.php';
174 ilOnlineTracking::addUser($user_id);
175
176 include_once 'Modules/Forum/classes/class.ilObjForum.php';
177 ilObjForum::_updateOldAccess($user_id);
178
179 require_once 'Services/PrivacySecurity/classes/class.ilSecuritySettings.php';
180 $security_settings = ilSecuritySettings::_getInstance();
181
182 // determine first login of user for setting an indicator
183 // which still is available in PersonalDesktop, Repository, ...
184 // (last login date is set to current date in next step)
185 if ($security_settings->isPasswordChangeOnFirstLoginEnabled() &&
186 $user->getLastLogin() == null
187 ) {
188 $user->resetLastPasswordChange();
189 }
190
191 $user->refreshLogin();
192
193 // reset counter for failed logins
194 ilObjUser::_resetLoginAttempts($user_id);
195 }
196
197 // --- anonymous/registered user
198 ilLoggerFactory::getLogger('auth')->info(
199 'logged in as ' . $a_auth->getUsername() .
200 ', remote:' . $_SERVER['REMOTE_ADDR'] . ':' . $_SERVER['REMOTE_PORT'] .
201 ', server:' . $_SERVER['SERVER_ADDR'] . ':' . $_SERVER['SERVER_PORT']
202 );
203
204 ilSessionControl::handleLoginEvent($a_auth->getUsername(), $a_auth);
205
206 $ilAppEventHandler->raise(
207 'Services/Authentication',
208 'afterLogin',
209 array('username' => $a_auth->getUsername())
210 );
211 }
212 }
AUTH_USER_SIMULTANEOUS_LOGIN
const AUTH_USER_SIMULTANEOUS_LOGIN
Definition: class.ilAuthUtils.php:53
AUTH_USER_TIME_LIMIT_EXCEEDED
const AUTH_USER_TIME_LIMIT_EXCEEDED
Definition: class.ilAuthUtils.php:52
AUTH_USER_INACTIVE
const AUTH_USER_INACTIVE
Definition: class.ilAuthUtils.php:51
AUTH_USER_WRONG_IP
const AUTH_USER_WRONG_IP
Definition: class.ilAuthUtils.php:50
ilAuthBase\loginObserver
loginObserver($a_username, $a_auth)
Called after successful login.
Definition: class.ilAuthBase.php:109
ilObjForum\_updateOldAccess
static _updateOldAccess($a_usr_id)
Definition: class.ilObjForum.php:375
ilObjUser\_resetLoginAttempts
static _resetLoginAttempts($a_usr_id)
Definition: class.ilObjUser.php:4872
ilObjUser\_loginExists
static _loginExists($a_login, $a_user_id=0)
check if a login name already exists You may exclude a user from the check by giving his user id as 2...
Definition: class.ilObjUser.php:4573
ilObjUser\hasActiveSession
static hasActiveSession($a_user_id, $a_session_id)
Check for simultaneous login.
Definition: class.ilObjUser.php:2598
ilSessionControl\handleLoginEvent
static handleLoginEvent($a_login, ilAuthSession $auth_session)
when current session is allowed to be created it marks it with type regarding to the sessions user co...
Definition: class.ilSessionControl.php:168
ilUserProfile\isProfileIncomplete
static isProfileIncomplete($a_user, $a_include_udf=true, $a_personal_data_only=true)
Check if all required personal data fields are set.
Definition: class.ilUserProfile.php:839
$user
$user
Definition: migrateto20.php:57
$ilSetting
global $ilSetting
Definition: privfeed.php:17

References $_SERVER, $DIC, $ilLog, $ilSetting, $user, ilSecuritySettings\_getInstance(), ilObjUser\_loginExists(), ilObjUser\_resetLoginAttempts(), ilObjForum\_updateOldAccess(), AUTH_USER_INACTIVE, AUTH_USER_SIMULTANEOUS_LOGIN, AUTH_USER_TIME_LIMIT_EXCEEDED, AUTH_USER_WRONG_IP, ilAuthFactory\CONTEXT_ECS, getContainer(), ilAuthFactory\getContext(), ilLoggerFactory\getLogger(), ilSessionControl\handleLoginEvent(), ilObjUser\hasActiveSession(), ilUserProfile\isProfileIncomplete(), and loginObserver().

Referenced by loginObserver().

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ logoutObserver()

ilAuthBase::logoutObserver (   $a_username,
  $a_auth 
)
protected

Called after logout.

Returns
Parameters
array$a_username
object$a_auth

Definition at line 268 of file class.ilAuthBase.php.

269 {
270 global $DIC;
271
272 $ilLog = $DIC['ilLog'];
273 $ilAppEventHandler = $DIC['ilAppEventHandler'];
274
275 ilLoggerFactory::getLogger('auth')->info('Logout observer called for ' . $a_username);
276
277 ilSessionControl::handleLogoutEvent();
278
279 $ilAppEventHandler->raise(
280 'Services/Authentication',
281 'afterLogout',
282 array('username' => $a_auth->getUsername())
283 );
284
285 return $this->getContainer()->logoutObserver($a_username, $a_auth);
286 }
ilSessionControl\handleLogoutEvent
static handleLogoutEvent()
reset sessions type to unknown
Definition: class.ilSessionControl.php:213

References $DIC, $ilLog, getContainer(), ilLoggerFactory\getLogger(), and ilSessionControl\handleLogoutEvent().

+ Here is the call graph for this function:

◆ setSubStatus()

ilAuthBase::setSubStatus (   $a_sub_status)

Set sub status.

Parameters
type$a_sub_status

Definition at line 55 of file class.ilAuthBase.php.

56 {
57 $this->sub_status = $a_sub_status;
58 }

◆ supportsRedirects()

ilAuthBase::supportsRedirects ( )

Returns true, if the current auth mode allows redirects to e.g the login screen, public section ...

Returns

Definition at line 65 of file class.ilAuthBase.php.

66 {
67 return true;
68 }

Field Documentation

◆ $exceeded_user_name

ilAuthBase::$exceeded_user_name
protected

Definition at line 39 of file class.ilAuthBase.php.

Referenced by getExceededUserName().

◆ $sub_status

ilAuthBase::$sub_status = null
protected

Definition at line 37 of file class.ilAuthBase.php.

Referenced by getSubStatus().

The documentation for this class was generated from the following file: