ILIAS  release_7 Revision v7.30-3-g800a261c036
class.ilStartUpGUI.php
Go to the documentation of this file.
1<?php
2/* Copyright (c) 1998-2009 ILIAS open source, Extended GPL, see docs/LICENSE */
3
4use Psr\Http\Message\ServerRequestInterface;
6
17{
20
22 protected $ctrl;
23 protected $lng;
24
28 protected $logger;
29
31 protected $mainTemplate;
32
34 protected $user;
35
38
40 protected $httpRequest;
41
43 protected $dic;
44
48 private $help;
49
57 public function __construct(
58 \ilObjUser $user = null,
61 ServerRequestInterface $httpRequest = null
62 ) {
63 global $DIC;
64
65 $this->dic = $DIC;
66
67 if ($user === null) {
68 $user = $DIC->user();
69 }
70 $this->user = $user;
71
72 if ($termsOfServiceEvaluation === null) {
73 $termsOfServiceEvaluation = $DIC['tos.document.evaluator'];
74 }
75 $this->termsOfServiceEvaluation = $termsOfServiceEvaluation;
76
77 if ($mainTemplate === null) {
78 $mainTemplate = $DIC->ui()->mainTemplate();
79 }
80 $this->mainTemplate = $mainTemplate;
81
82 if ($httpRequest === null) {
83 $httpRequest = $DIC->http()->request();
84 }
85 $this->httpRequest = $httpRequest;
86 $this->help = $DIC->help();
87
88 $this->ctrl = $DIC->ctrl();
89 $this->lng = $DIC->language();
90 $this->lng->loadLanguageModule('auth');
91 $this->logger = ilLoggerFactory::getLogger('init');
92
93 $this->ctrl->saveParameter($this, array("rep_ref_id", "lang", "target", "client_id"));
94
95 $this->user->setLanguage($this->lng->getLangKey());
96 $this->help->setScreenIdComponent('init');
97 }
98
103 public function executeCommand()
104 {
105 $cmd = $this->ctrl->getCmd("processIndexPHP", array('processIndexPHP','showLoginPage'));
106 $next_class = $this->ctrl->getNextClass($this);
107
108 switch ($next_class) {
109 case 'ilLoginPageGUI':
110 break;
111
112 case "ilaccountregistrationgui":
113 require_once("Services/Registration/classes/class.ilAccountRegistrationGUI.php");
114 return $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
115
116 case "ilpasswordassistancegui":
117 require_once("Services/Init/classes/class.ilPasswordAssistanceGUI.php");
118 return $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
119
120 default:
121 if (method_exists($this, $cmd)) {
122 return $this->$cmd();
123 }
124 }
125 }
126
131 public function getLogger()
132 {
133 return $this->logger;
134 }
135
140 public function jumpToRegistration()
141 {
142 $this->ctrl->setCmdClass("ilaccountregistrationgui");
143 $this->ctrl->setCmd("");
144 $this->executeCommand();
145 }
146
151 public function jumpToPasswordAssistance()
152 {
153 $this->ctrl->setCmdClass("ilpasswordassistancegui");
154 $this->ctrl->setCmd("");
155 $this->executeCommand();
156 }
157
161 protected function showLoginPageOrStartupPage()
162 {
163
167 $auth_session = $GLOBALS['DIC']['ilAuthSession'];
168 $ilAppEventHandler = $GLOBALS['DIC']['ilAppEventHandler'];
169
170 $force_login = false;
171 if (
172 !is_array($_REQUEST['cmd']) &&
173 strcmp($_REQUEST['cmd'], 'force_login') === 0
174 ) {
175 $force_login = true;
176 }
177
178 if ($force_login) {
179 $this->logger->debug('Force login');
180 if ($auth_session->isValid()) {
182 $this->logger->debug('Valid session -> logout current user');
184 $auth_session->logout();
185
186 $ilAppEventHandler->raise(
187 'Services/Authentication',
188 'afterLogout',
189 array(
190 'username' => $this->user->getLogin()
191 )
192 );
193 }
194 $this->logger->debug('Show login page');
195
196 if (isset($messages) && count($messages) > 0) {
197 foreach ($messages as $type => $content) {
198 $this->mainTemplate->setOnScreenMessage($type, $content);
199 }
200 }
201 return $this->showLoginPage();
202 }
203
207 if ($auth_session->isValid()) {
208 $this->logger->debug('Valid session -> redirect to starting page');
209 return ilInitialisation::redirectToStartingPage();
210 }
211 $this->logger->debug('No valid session -> show login');
212 $this->showLoginPage();
213 }
214
215
221 protected function showLoginPage(ilPropertyFormGUI $form = null)
222 {
223 global $tpl, $ilSetting;
224
225 $this->help->setSubScreenId('login');
226
227 $this->getLogger()->debug('Showing login page');
228
229 $extUid = '';
230 $soapPw = '';
231 if (isset($this->httpRequest->getQueryParams()['ext_uid'])) {
232 $extUid = $this->httpRequest->getQueryParams()['ext_uid'];
233 }
234 if (isset($this->httpRequest->getQueryParams()['soap_pw'])) {
235 $soapPw = $this->httpRequest->getQueryParams()['soap_pw'];
236 }
237
238 require_once 'Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentialsSoap.php';
239 $credentials = new ilAuthFrontendCredentialsSoap($GLOBALS['DIC']->http()->request(), $this->ctrl, $ilSetting);
240 $credentials->setUsername(ilUtil::stripSlashes($extUid));
241 $credentials->setPassword(ilUtil::stripSlashes($soapPw));
242 $credentials->tryAuthenticationOnLoginPage();
243
244 // try apache auth
245 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentialsApache.php';
246 $frontend = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
247 $frontend->tryAuthenticationOnLoginPage();
248
249 // Instantiate login template
250 $tpl = self::initStartUpTemplate("tpl.login.html");
251
252 $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
253 $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
254
255 $page_editor_html = $this->getLoginPageEditorHTML();
256 $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
257 $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
258 $page_editor_html = $this->showLoginForm($page_editor_html, $form);
259 $page_editor_html = $this->showCASLoginForm($page_editor_html);
260 $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
261 $page_editor_html = $this->showSamlLoginForm($page_editor_html);
262 $page_editor_html = $this->showRegistrationLinks($page_editor_html);
263 $page_editor_html = $this->showTermsOfServiceLink($page_editor_html);
264
265 $page_editor_html = $this->purgePlaceholders($page_editor_html);
266
267 // check expired session and send message
268 if ($GLOBALS['DIC']['ilAuthSession']->isExpired() || $this->httpRequest->getQueryParams()['session_expired'] ?? false) {
269 ilUtil::sendFailure($GLOBALS['lng']->txt('auth_err_expired'));
270 }
271
272 if (strlen($page_editor_html)) {
273 $tpl->setVariable('LPE', $page_editor_html);
274 }
275
276 $tosWithdrawalGui = new ilTermsOfServiceWithdrawalGUIHelper($this->user);
277 $tosWithdrawalGui->setWithdrawalInfoForLoginScreen($this->httpRequest);
278
280 }
281
282
283 public static function printToGlobalTemplate($tpl)
284 {
285 global $DIC;
286 $gtpl = $DIC['tpl'];
287 $gtpl->setContent($tpl->get());
288 $gtpl->printToStdout("DEFAULT", false, true);
289 }
290
291 protected function retrieveMessagesFromSession() : array
292 {
293 $messages = [];
296 }
299 }
302 }
305 }
306 return $messages;
307 }
308
309 protected function showCodeForm($a_username = null, $a_form = null)
310 {
311 global $tpl, $lng;
312
313 $this->help->setSubScreenId('code_input');
314
315 self::initStartUpTemplate("tpl.login_reactivate_code.html");
316
317 ilUtil::sendFailure($lng->txt("time_limit_reached"));
318
319 if (!$a_form) {
320 $a_form = $this->initCodeForm($a_username);
321 }
322
323 $tpl->setVariable("FORM", $a_form->getHTML());
324 $tpl->printToStdout("DEFAULT", false);
325 }
326
327 protected function initCodeForm($a_username)
328 {
329 global $lng, $ilCtrl;
330
331 $lng->loadLanguageModule("auth");
332
333 include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
334
335 $form = new ilPropertyFormGUI();
336 $form->setFormAction($ilCtrl->getFormAction($this, 'showcodeform'));
337 $form->setTitle($lng->txt('auth_account_code_title'));
338
339 $count = new ilTextInputGUI($lng->txt('auth_account_code'), 'code');
340 $count->setRequired(true);
341 $count->setInfo($lng->txt('auth_account_code_info'));
342 $form->addItem($count);
343
344 // #11658
345 $uname = new ilHiddenInputGUI("uname");
346 $uname->setValue($a_username);
347 $form->addItem($uname);
348
349 $form->addCommandButton('processCode', $lng->txt('send'));
350
351 return $form;
352 }
353
361 protected function processCode()
362 {
363 global $lng, $ilAuth, $ilCtrl;
364
365 $uname = $_POST["uname"];
366
367 $form = $this->initCodeForm($uname);
368 if ($uname && $form->checkInput()) {
369 $code = $form->getInput("code");
370
371 include_once "Services/User/classes/class.ilAccountCode.php";
372 if (ilAccountCode::isUnusedCode($code)) {
373 $valid_until = ilAccountCode::getCodeValidUntil($code);
374
375 if (!$user_id = ilObjUser::_lookupId($uname)) {
376 $this->showLoginPage();
377 return false;
378 }
379
380 $invalid_code = false;
381 $user = new ilObjUser($user_id);
382
383 if ($valid_until === "0") {
384 $user->setTimeLimitUnlimited(true);
385 } else {
386 if (is_numeric($valid_until)) {
387 $valid_until = strtotime("+" . $valid_until . "days");
388 } else {
389 $valid_until = explode("-", $valid_until);
390 $valid_until = mktime(
391 23,
392 59,
393 59,
394 $valid_until[1],
395 $valid_until[2],
396 $valid_until[0]
397 );
398 if ($valid_until < time()) {
399 $invalid_code = true;
400 }
401 }
402
403 if (!$invalid_code) {
404 $user->setTimeLimitUnlimited(false);
405 $user->setTimeLimitUntil($valid_until);
406 }
407 }
408
409 if (!$invalid_code) {
410 $user->setActive(true);
411
413
414 // apply registration code role assignments
416
417 // apply registration code time limits
419
420 $user->update();
421
422 $ilCtrl->setParameter($this, "cu", 1);
423 $GLOBALS['DIC']->language()->loadLanguageModule('auth');
424 ilUtil::sendSuccess($GLOBALS['DIC']->language()->txt('auth_activation_code_success'), true);
425 $ilCtrl->redirect($this, "showLoginPage");
426 }
427 }
428
429 $lng->loadLanguageModule("user");
430 $field = $form->getItemByPostVar("code");
431 $field->setAlert($lng->txt("user_account_code_not_valid"));
432 }
433
434 $form->setValuesByPost();
435 $this->showCodeForm($uname, $form);
436 }
437
438
443 protected function initStandardLoginForm()
444 {
445 include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
446 $form = new ilPropertyFormGUI();
447 $form->setFormAction($this->ctrl->getFormAction($this, ''));
448 $form->setName("formlogin");
449 $form->setShowTopButtons(false);
450 $form->setTitle($this->lng->txt("login_to_ilias"));
451
452 include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
454
455 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
456 $visible_auth_methods = array();
457 $radg = new ilRadioGroupInputGUI($this->lng->txt("auth_selection"), "auth_mode");
458 foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
459 if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
460 continue;
461 }
462
463 $op1 = new ilRadioOption($option['txt'], $key);
464 $radg->addOption($op1);
465 if (isset($option['checked'])) {
466 $radg->setValue($key);
467 }
468 $visible_auth_methods[] = $op1;
469 }
470
471 if (count($visible_auth_methods) == 1) {
472 $first_auth_method = current($visible_auth_methods);
473 $hidden_auth_method = new ilHiddenInputGUI("auth_mode");
474 $hidden_auth_method->setValue($first_auth_method->getValue());
475 $form->addItem($hidden_auth_method);
476 } else {
477 $form->addItem($radg);
478 }
479 }
480
481 $ti = new ilTextInputGUI($this->lng->txt("username"), "username");
482 $ti->setSize(20);
483 $ti->setRequired(true);
484 $form->addItem($ti);
485
486 $pi = new ilPasswordInputGUI($this->lng->txt("password"), "password");
487 $pi->setUseStripSlashes(false);
488 $pi->setRetype(false);
489 $pi->setSkipSyntaxCheck(true);
490 $pi->setSize(20);
491 $pi->setDisableHtmlAutoComplete(false);
492 $pi->setRequired(true);
493 $form->addItem($pi);
494
495 require_once 'Services/Captcha/classes/class.ilCaptchaUtil.php';
496 if (ilCaptchaUtil::isActiveForLogin()) {
497 require_once 'Services/Captcha/classes/class.ilCaptchaInputGUI.php';
498 $captcha = new ilCaptchaInputGUI($this->lng->txt('captcha_code'), 'captcha_code');
499 $captcha->setRequired(true);
500 $form->addItem($captcha);
501 }
502
503 $form->addCommandButton("doStandardAuthentication", $this->lng->txt("log_in"));
504
505 return $form;
506 }
507
511 protected function doShibbolethAuthentication()
512 {
513 $this->getLogger()->debug('Trying shibboleth authentication');
514
515 include_once './Services/AuthShibboleth/classes/class.ilAuthFrontendCredentialsShibboleth.php';
516 $credentials = new ilAuthFrontendCredentialsShibboleth();
517 $credentials->initFromRequest();
518
519 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
520 $provider_factory = new ilAuthProviderFactory();
521 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_SHIBBOLETH);
522
523 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
524 $status = ilAuthStatus::getInstance();
525
526 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
527 $frontend_factory = new ilAuthFrontendFactory();
528 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
529 $frontend = $frontend_factory->getFrontend(
530 $GLOBALS['DIC']['ilAuthSession'],
531 $status,
532 $credentials,
533 array($provider)
534 );
535
536 $frontend->authenticate();
537
538 switch ($status->getStatus()) {
540 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
541 include_once './Services/Init/classes/class.ilInitialisation.php';
542 ilInitialisation::redirectToStartingPage();
543 return;
544
546 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
547
549 ilUtil::sendFailure($status->getTranslatedReason(), true);
550 $GLOBALS['ilCtrl']->redirect($this, 'showLoginPage');
551 return false;
552 }
553
554 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
555 $this->showLoginPage();
556 return false;
557 }
558
562 protected function doCasAuthentication()
563 {
564 global $DIC;
565
566 $this->getLogger()->debug('Trying cas authentication');
567
568 include_once './Services/CAS/classes/class.ilAuthFrontendCredentialsCAS.php';
569 $credentials = new ilAuthFrontendCredentialsCAS();
570
571 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
572 $provider_factory = new ilAuthProviderFactory();
573 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_CAS);
574
575 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
576 $status = ilAuthStatus::getInstance();
577
578 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
579 $frontend_factory = new ilAuthFrontendFactory();
580 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
581 $frontend = $frontend_factory->getFrontend(
582 $GLOBALS['DIC']['ilAuthSession'],
583 $status,
584 $credentials,
585 array($provider)
586 );
587
588 $frontend->authenticate();
589 switch ($status->getStatus()) {
591 $this->getLogger()->debug('Authentication successful.');
592 ilInitialisation::redirectToStartingPage();
593 break;
594
596 default:
597 ilUtil::sendFailure($DIC->language()->txt($status->getReason()));
598 $this->showLoginPage();
599 return false;
600 }
601 }
602
606 protected function doLTIAuthentication()
607 {
608 $this->getLogger()->debug('Trying lti authentication');
609
610 $credentials = new ilAuthFrontendCredentialsLTI();
611 $credentials->initFromRequest();
612
613 $provider_factory = new ilAuthProviderFactory();
614 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_PROVIDER_LTI);
615
616 $status = ilAuthStatus::getInstance();
617
618 $frontend_factory = new ilAuthFrontendFactory();
619 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
620 $frontend = $frontend_factory->getFrontend(
621 $GLOBALS['DIC']['ilAuthSession'],
622 $status,
623 $credentials,
624 array($provider)
625 );
626
627 $frontend->authenticate();
628
629 switch ($status->getStatus()) {
631 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
632 ilInitialisation::redirectToStartingPage();
633 return;
634
636 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
637
639 ilUtil::sendFailure($GLOBALS['lng']->txt($status->getReason()), true);
640 $GLOBALS['ilCtrl']->redirect($this, 'showLoginPage');
641 return false;
642 }
643
644 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
645 $this->showLoginPage();
646 return false;
647 }
648
649
653 protected function doApacheAuthentication()
654 {
655 $this->getLogger()->debug('Trying apache authentication');
656
657 $credentials = new \ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
658 $credentials->initFromRequest();
659
660 $provider_factory = new \ilAuthProviderFactory();
661 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_APACHE);
662
663 $status = \ilAuthStatus::getInstance();
664
665 $frontend_factory = new \ilAuthFrontendFactory();
666 $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
667 $frontend = $frontend_factory->getFrontend(
668 $GLOBALS['DIC']['ilAuthSession'],
669 $status,
670 $credentials,
671 array($provider)
672 );
673
674 $frontend->authenticate();
675
676 switch ($status->getStatus()) {
677 case \ilAuthStatus::STATUS_AUTHENTICATED:
678 if ($credentials->hasValidTargetUrl()) {
679 \ilLoggerFactory::getLogger('auth')->debug(sprintf(
680 'Authentication successful. Redirecting to starting page: %s',
681 $credentials->getTargetUrl()
682 ));
683 $this->ctrl->redirectToURL($credentials->getTargetUrl());
684 } else {
685 \ilLoggerFactory::getLogger('auth')->debug(
686 'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
687 );
688 \ilInitialisation::redirectToStartingPage();
689 }
690 break;
691
692 case \ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
693 $this->ctrl->redirect($this, 'showAccountMigration');
694 break;
695
696 case \ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
697 \ilUtil::sendFailure($status->getTranslatedReason(), true);
698 $this->ctrl->redirectToURL(\ilUtil::appendUrlParameterString(
699 $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
700 'passed_sso=1'
701 ));
702 break;
703 }
704
705 \ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
706 $this->showLoginPage();
707 return false;
708 }
709
713 protected function doStandardAuthentication()
714 {
715 $form = $this->initStandardLoginForm();
716 if ($form->checkInput()) {
717 $this->getLogger()->debug('Trying to authenticate user.');
718
719 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
720 $credentials = new ilAuthFrontendCredentials();
721 $credentials->setUsername($form->getInput('username'));
722 $credentials->setPassword($form->getInput('password'));
723 $credentials->setCaptchaCode($form->getInput('captcha_code'));
724
725 // set chosen auth mode
726 include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
728 if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
729 $credentials->setAuthMode($form->getInput('auth_mode'));
730 }
731
732 include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
733 $provider_factory = new ilAuthProviderFactory();
734 $providers = $provider_factory->getProviders($credentials);
735
736 include_once './Services/Authentication/classes/class.ilAuthStatus.php';
737 $status = ilAuthStatus::getInstance();
738
739 include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
740 $frontend_factory = new ilAuthFrontendFactory();
741 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
742 $frontend = $frontend_factory->getFrontend(
743 $GLOBALS['DIC']['ilAuthSession'],
744 $status,
745 $credentials,
746 $providers
747 );
748
749 $frontend->authenticate();
750
751 switch ($status->getStatus()) {
753 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
754 include_once './Services/Init/classes/class.ilInitialisation.php';
755 ilInitialisation::redirectToStartingPage();
756 return;
757
759 $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
760 return $this->showLoginPage($this->initCodeForm($uname));
761
763 return $GLOBALS['ilCtrl']->redirect($this, 'showAccountMigration');
764
766 ilUtil::sendFailure($status->getTranslatedReason());
767 return $this->showLoginPage($form);
768 }
769 }
770 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
771 $this->showLoginPage($form);
772 return false;
773 }
774
775
776
777
778
784 protected function showLoginForm($page_editor_html, ilPropertyFormGUI $form = null)
785 {
786 global $ilSetting,$lng,$tpl;
787
788 // @todo move this to auth utils.
789 // login via ILIAS (this also includes radius and ldap)
790 // If local authentication is enabled for shibboleth users, we
791 // display the login form for ILIAS here.
792 if (($ilSetting->get("auth_mode") != AUTH_SHIBBOLETH ||
793 $ilSetting->get("shib_auth_allow_local")) &&
794 $ilSetting->get("auth_mode") != AUTH_CAS) {
795 if (!$form instanceof ilPropertyFormGUI) {
796 $form = $this->initStandardLoginForm();
797 }
798
799 return $this->substituteLoginPageElements(
800 $tpl,
801 $page_editor_html,
802 $form->getHTML(),
803 '[list-login-form]',
804 'LOGIN_FORM'
805 );
806 }
807 return $page_editor_html;
808 }
809
815 protected function showLoginInformation($page_editor_html, $tpl)
816 {
817 global $lng;
818
819 if (strlen($page_editor_html)) {
820 // page editor active return
821 return $page_editor_html;
822 }
823
824 $loginSettings = new ilSetting("login_settings");
825 $information = $loginSettings->get("login_message_" . $lng->getLangKey());
826
827 if (strlen(trim($information))) {
828 $tpl->setVariable("TXT_LOGIN_INFORMATION", $information);
829 }
830 return $page_editor_html;
831 }
832
839 protected function showCASLoginForm($page_editor_html)
840 {
841 global $ilSetting, $lng;
842
843
844 // cas login link
845 if ($ilSetting->get("cas_active")) {
846 $tpl = new ilTemplate('tpl.login_form_cas.html', true, true, 'Services/Init');
847 $tpl->setVariable("TXT_CAS_LOGIN", $lng->txt("login_to_ilias_via_cas"));
848 $tpl->setVariable("TXT_CAS_LOGIN_BUTTON", ilUtil::getImagePath("cas_login_button.png"));
849 $tpl->setVariable("TXT_CAS_LOGIN_INSTRUCTIONS", $ilSetting->get("cas_login_instructions"));
850 $this->ctrl->setParameter($this, "forceCASLogin", "1");
851 $tpl->setVariable("TARGET_CAS_LOGIN", $this->ctrl->getLinkTarget($this, "doCasAuthentication"));
852 $this->ctrl->setParameter($this, "forceCASLogin", "");
853
854 return $this->substituteLoginPageElements(
855 $GLOBALS['tpl'],
856 $page_editor_html,
857 $tpl->get(),
858 '[list-cas-login-form]',
859 'CAS_LOGIN_FORM'
860 );
861 }
862 return $page_editor_html;
863 }
864
870 protected function showShibbolethLoginForm($page_editor_html)
871 {
872 global $ilSetting, $lng;
873
874 // Refactoring with ilFormPropertyGUI
875 // [...]
876
877 // shibboleth login link
878 if ($ilSetting->get("shib_active")) {
879 $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'Services/Init');
880
881 $tpl->setVariable('SHIB_FORMACTION', './shib_login.php'); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
882 $federation_name = $ilSetting->get("shib_federation_name");
883 $admin_mail = ' <a href="mailto:' . $ilSetting->get("admin_email") . '">ILIAS ' . $lng->txt(
884 "administrator"
885 ) . '</a>.';
886 if ($ilSetting->get("shib_hos_type") == 'external_wayf') {
887 $tpl->setCurrentBlock("shibboleth_login");
888 $tpl->setVariable("TXT_SHIB_LOGIN", $lng->txt("login_to_ilias_via_shibboleth"));
889 $tpl->setVariable("IL_TARGET", $_GET["target"]);
890 $tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $ilSetting->get("shib_federation_name"));
891 $tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $ilSetting->get("shib_login_button"));
892 $tpl->setVariable(
893 "TXT_SHIB_LOGIN_INSTRUCTIONS",
894 sprintf(
895 $lng->txt("shib_general_login_instructions"),
896 $federation_name,
897 $admin_mail
898 )
899 );
900 $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $ilSetting->get("shib_login_instructions"));
901 $tpl->parseCurrentBlock();
902 } elseif ($ilSetting->get("shib_hos_type") == 'embedded_wayf') {
903 $tpl->setCurrentBlock("shibboleth_custom_login");
904 $customInstructions = stripslashes($ilSetting->get("shib_login_instructions"));
905 $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $customInstructions);
906 $tpl->parseCurrentBlock();
907 } else {
908 $tpl->setCurrentBlock("shibboleth_wayf_login");
909 $tpl->setVariable("TXT_SHIB_LOGIN", $lng->txt("login_to_ilias_via_shibboleth"));
910 $tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $ilSetting->get("shib_federation_name"));
911 $tpl->setVariable("TXT_SELECT_HOME_ORGANIZATION", sprintf($lng->txt("shib_select_home_organization"), $ilSetting->get("shib_federation_name")));
912 $tpl->setVariable("TXT_CONTINUE", $lng->txt("btn_next"));
913 $tpl->setVariable("TXT_SHIB_HOME_ORGANIZATION", $lng->txt("shib_home_organization"));
914 $tpl->setVariable(
915 "TXT_SHIB_LOGIN_INSTRUCTIONS",
916 sprintf(
917 $lng->txt("shib_general_wayf_login_instructions"),
918 $admin_mail
919 )
920 );
921 $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $ilSetting->get("shib_login_instructions"));
922
923 require_once "./Services/AuthShibboleth/classes/class.ilShibbolethWAYF.php";
924 $WAYF = new ShibWAYF();
925
926 $tpl->setVariable("TXT_SHIB_INVALID_SELECTION", $WAYF->showNotice());
927 $tpl->setVariable("SHIB_IDP_LIST", $WAYF->generateSelection());
928 $tpl->setVariable("ILW_TARGET", $_GET["target"]);
929 $tpl->parseCurrentBlock();
930 }
931
932 return $this->substituteLoginPageElements($GLOBALS['tpl'], $page_editor_html, $tpl->get(), '[list-shibboleth-login-form]', 'SHIB_LOGIN_FORM');
933 }
934
935 return $page_editor_html;
936 }
937
938
948 protected function substituteLoginPageElements($tpl, $page_editor_html, $element_html, $placeholder, $fallback_tplvar)
949 {
950 if (!strlen($page_editor_html)) {
951 $tpl->setVariable($fallback_tplvar, $element_html);
952 return $page_editor_html;
953 }
954 // Try to replace placeholders
955 if (!stristr($page_editor_html, $placeholder)) {
956 $tpl->setVariable($fallback_tplvar, $element_html);
957 return $page_editor_html;
958 }
959 return str_replace($placeholder, $element_html, $page_editor_html);
960 }
961
966 protected function getLoginPageEditorHTML()
967 {
968 global $lng, $tpl;
969
970 include_once './Services/Authentication/classes/class.ilAuthLoginPageEditorSettings.php';
972 $active_lang = $lpe->getIliasEditorLanguage($lng->getLangKey());
973
974 if (!$active_lang) {
975 return '';
976 }
977
978 // if page does not exist, return nothing
979 include_once './Services/COPage/classes/class.ilPageUtil.php';
980 if (!ilPageUtil::_existsAndNotEmpty('auth', ilLanguage::lookupId($active_lang))) {
981 return '';
982 }
983
984 // get page object
985 $page_gui = new ilLoginPageGUI(ilLanguage::lookupId($active_lang));
986
987 include_once("./Services/Style/Content/classes/class.ilObjStyleSheet.php");
988 $page_gui->setStyleId(0, 'auth');
989
990 $page_gui->setPresentationTitle("");
991 $page_gui->setTemplateOutput(false);
992 $page_gui->setHeader("");
993 $ret = $page_gui->showPage();
994
995 return $ret;
996 }
997
1006 protected function showRegistrationLinks($page_editor_html)
1007 {
1008 global $lng, $ilSetting, $ilIliasIniFile, $ilAccess;
1009
1010 $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'Services/Init');
1011
1012 // allow new registrations?
1013 include_once 'Services/Registration/classes/class.ilRegistrationSettings.php';
1015 $rtpl->setCurrentBlock("new_registration");
1016 $rtpl->setVariable("REGISTER", $lng->txt("registration"));
1017 $rtpl->setVariable(
1018 "CMD_REGISTER",
1019 $this->ctrl->getLinkTargetByClass("ilaccountregistrationgui", "")
1020 );
1021 $rtpl->parseCurrentBlock();
1022 }
1023 // allow password assistance? Surpress option if Authmode is not local database
1024 if ($ilSetting->get("password_assistance")) {
1025 $rtpl->setCurrentBlock("password_assistance");
1026 $rtpl->setVariable("FORGOT_PASSWORD", $lng->txt("forgot_password"));
1027 $rtpl->setVariable("FORGOT_USERNAME", $lng->txt("forgot_username"));
1028 $rtpl->setVariable(
1029 "CMD_FORGOT_PASSWORD",
1030 $this->ctrl->getLinkTargetByClass("ilpasswordassistancegui", "")
1031 );
1032 $rtpl->setVariable(
1033 "CMD_FORGOT_USERNAME",
1034 $this->ctrl->getLinkTargetByClass("ilpasswordassistancegui", "showUsernameAssistanceForm")
1035 );
1036 $rtpl->setVariable("LANG_ID", $lng->getLangKey());
1037 $rtpl->parseCurrentBlock();
1038 }
1039
1040 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1041 $ilAccess->checkAccessOfUser(ANONYMOUS_USER_ID, "read", "", ROOT_FOLDER_ID)) {
1042 $rtpl->setCurrentBlock("homelink");
1043 $rtpl->setVariable("CLIENT_ID", "?client_id=" . CLIENT_ID . "&lang=" . $lng->getLangKey());
1044 $rtpl->setVariable("TXT_HOME", $lng->txt("home"));
1045 $rtpl->parseCurrentBlock();
1046 }
1047
1048 return $this->substituteLoginPageElements(
1049 $GLOBALS['tpl'],
1050 $page_editor_html,
1051 $rtpl->get(),
1052 '[list-registration-link]',
1053 'REG_PWD_CLIENT_LINKS'
1054 );
1055 }
1056
1062 protected function showTermsOfServiceLink(string $page_editor_html) : string
1063 {
1064 if (!$this->user->getId()) {
1065 $this->user->setId(ANONYMOUS_USER_ID);
1066 }
1067
1068 $helper = new ilTermsOfServiceHelper();
1069 if ($helper->isGloballyEnabled() && $this->termsOfServiceEvaluation->hasDocument()) {
1070 $utpl = new ilTemplate('tpl.login_terms_of_service_link.html', true, true, 'Services/Init');
1071 $utpl->setVariable('TXT_TERMS_OF_SERVICE', $this->lng->txt('usr_agreement'));
1072 $utpl->setVariable('LINK_TERMS_OF_SERVICE', $this->ctrl->getLinkTarget($this, 'showTermsOfService'));
1073
1074 return $this->substituteLoginPageElements(
1075 $GLOBALS['tpl'],
1076 $page_editor_html,
1077 $utpl->get(),
1078 '[list-user-agreement]',
1079 'USER_AGREEMENT'
1080 );
1081 }
1082
1083 return $this->substituteLoginPageElements(
1084 $GLOBALS['tpl'],
1085 $page_editor_html,
1086 '',
1087 '[list-user-agreement]',
1088 'USER_AGREEMENT'
1089 );
1090 }
1091
1097 protected function purgePlaceholders($page_editor_html)
1098 {
1099 return str_replace(
1100 array(
1101 '[list-language-selection] ',
1102 '[list-registration-link]',
1103 '[list-user-agreement]',
1104 '[list-login-form]',
1105 '[list-cas-login-form]',
1106 '[list-saml-login]',
1107 '[list-shibboleth-login-form]'
1108 ),
1109 array('','','','','','',''),
1110 $page_editor_html
1111 );
1112 }
1113
1118 public function showAccountMigration(string $message = '') : void
1119 {
1120 $this->help->setSubScreenId('account_migration');
1121
1122 $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1123
1124 $form = new ilPropertyFormGUI();
1125 $form->setFormAction($this->ctrl->getFormAction($this, 'migrateAccount'));
1126
1127 $form->setTitle($this->lng->txt('auth_account_migration'));
1128 $form->addCommandButton('migrateAccount', $this->lng->txt('save'));
1129 $form->addCommandButton('showLogin', $this->lng->txt('cancel'));
1130
1131 $rad = new ilRadioGroupInputGUI($this->lng->txt('auth_account_migration_name'), 'account_migration');
1132 $rad->setValue(1);
1133
1134 $keep = new ilRadioOption(
1135 $this->lng->txt('auth_account_migration_keep'),
1136 static::ACCOUNT_MIGRATION_MIGRATE,
1137 $this->lng->txt('auth_info_migrate')
1138 );
1139 $user = new ilTextInputGUI($this->lng->txt('login'), 'mig_username');
1140 $user->setRequired(true);
1142 (string) ($this->httpRequest->getParsedBody()['mig_username'] ?? '')
1143 ));
1144 $user->setSize(32);
1145 $user->setMaxLength(128);
1146 $keep->addSubItem($user);
1147
1148 $pass = new ilPasswordInputGUI($this->lng->txt('password'), 'mig_password');
1149 $pass->setRetype(false);
1150 $pass->setRequired(true);
1152 (string) ($this->httpRequest->getParsedBody()['mig_password'] ?? '')
1153 ));
1154 $pass->setSize(12);
1155 $pass->setMaxLength(128);
1156 $keep->addSubItem($pass);
1157 $rad->addOption($keep);
1158
1159 $new = new ilRadioOption(
1160 $this->lng->txt('auth_account_migration_new'),
1161 static::ACCOUNT_MIGRATION_NEW,
1162 $this->lng->txt('auth_info_add')
1163 );
1164 $rad->addOption($new);
1165
1166 $form->addItem($rad);
1167
1168 $tpl->setVariable('MIG_FORM', $form->getHTML());
1169
1170 if (strlen($message)) {
1172 }
1173
1175 }
1176
1181 protected function migrateAccount() : bool
1182 {
1183 if (!isset($this->httpRequest->getParsedBody()['account_migration'])) {
1184 $this->showAccountMigration(
1185 $this->lng->txt('select_one')
1186 );
1187 return false;
1188 }
1189
1190 if (
1191 ((int) $this->httpRequest->getParsedBody()['account_migration'] === self::ACCOUNT_MIGRATION_MIGRATE) &&
1192 (
1193 !isset($this->httpRequest->getParsedBody()['mig_username']) ||
1194 !is_string($this->httpRequest->getParsedBody()['mig_username']) ||
1195 0 === strlen($this->httpRequest->getParsedBody()['mig_username']) ||
1196 !isset($this->httpRequest->getParsedBody()['mig_password']) ||
1197 !is_string($this->httpRequest->getParsedBody()['mig_password'])
1198 )
1199 ) {
1200 $this->showAccountMigration(
1201 $this->lng->txt('err_wrong_login')
1202 );
1203 return false;
1204 }
1205
1206 if ((int) $this->httpRequest->getParsedBody()['account_migration'] == self::ACCOUNT_MIGRATION_MIGRATE) {
1207 return $this->doMigration();
1208 } elseif ((int) $this->httpRequest->getParsedBody()['account_migration'] == static::ACCOUNT_MIGRATION_NEW) {
1209 return $this->doMigrationNewAccount();
1210 }
1211 }
1212
1216 protected function doMigrationNewAccount() : bool
1217 {
1218 $credentials = new ilAuthFrontendCredentials();
1219 $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1220
1221 $provider_factory = new ilAuthProviderFactory();
1222 $provider = $provider_factory->getProviderByAuthMode($credentials, ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE));
1223
1224 $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1225
1226 $status = ilAuthStatus::getInstance();
1227
1228 $frontend_factory = new ilAuthFrontendFactory();
1229 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1230 $frontend = $frontend_factory->getFrontend(
1231 $GLOBALS['DIC']['ilAuthSession'],
1232 $status,
1233 $credentials,
1234 [$provider]
1235 );
1236
1237 if ($frontend->migrateAccountNew()) {
1238 ilInitialisation::redirectToStartingPage();
1239 }
1240
1241 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
1242 $this->ctrl->redirect($this, 'showAccountMigration');
1243
1244 return true;
1245 }
1246
1250 protected function doMigration() : bool
1251 {
1252 $this->logger->debug('Starting account migration for user: ' . (string) ilSession::get('mig_ext_account'));
1253
1254 $credentials = new ilAuthFrontendCredentials();
1255 $credentials->setUsername((string) $_POST['mig_username']);
1256 $credentials->setPassword((string) $_POST['mig_password']);
1257
1258 $provider_factory = new ilAuthProviderFactory();
1259 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_LOCAL);
1260
1261 $status = ilAuthStatus::getInstance();
1262
1263 $frontend_factory = new ilAuthFrontendFactory();
1264 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1265 $frontend = $frontend_factory->getFrontend(
1266 $GLOBALS['DIC']['ilAuthSession'],
1267 $status,
1268 $credentials,
1269 array($provider)
1270 );
1271
1272 $frontend->authenticate();
1273
1274 switch ($status->getStatus()) {
1276 $this->getLogger()->debug('Account migration: authentication successful for ' . (string) $_POST['mig_username']);
1277
1278 $provider = $provider_factory->getProviderByAuthMode(
1279 $credentials,
1281 );
1282 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1283 $frontend = $frontend_factory->getFrontend(
1284 $GLOBALS['DIC']['ilAuthSession'],
1285 $status,
1286 $credentials,
1287 [$provider]
1288 );
1289 if (
1290 $frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])
1291 ) {
1292 ilInitialisation::redirectToStartingPage();
1293 } else {
1294 ilUtil::sendFailure($this->lng->txt('err_wrong_login'), true);
1295 $this->ctrl->redirect($this, 'showAccountMigration');
1296 }
1297 break;
1298
1299 default:
1300 $this->getLogger()->info('Account migration failed for user ' . (string) $_POST['mig_username']);
1301 $this->showAccountMigration($GLOBALS['lng']->txt('err_wrong_login'));
1302 return false;
1303 }
1304 }
1305
1309 protected function showLogout()
1310 {
1311 global $DIC;
1312
1313 $lng = $DIC->language();
1314 $ilIliasIniFile = $DIC['ilIliasIniFile'];
1315
1316 $this->help->setSubScreenId('logout');
1317
1318 $tpl = self::initStartUpTemplate("tpl.logout.html");
1319
1320 $client_id = $_GET['client_id'];
1321
1322 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1323 $tpl->setCurrentBlock("homelink");
1324 $tpl->setVariable("CLIENT_ID", "?client_id=" . $client_id . "&lang=" . $lng->getLangKey());
1325 $tpl->setVariable("TXT_HOME", $lng->txt("home"));
1326 $tpl->parseCurrentBlock();
1327 }
1328
1329 $tosWithdrawalGui = new ilTermsOfServiceWithdrawalGUIHelper($this->user);
1330
1331 $tpl->setVariable("TXT_PAGEHEADLINE", $lng->txt("logout"));
1332 $tpl->setVariable(
1333 "TXT_LOGOUT_TEXT",
1334 $lng->txt("logout_text") . $tosWithdrawalGui->getWithdrawalTextForLogoutScreen($this->httpRequest)
1335 );
1336 $tpl->setVariable("TXT_LOGIN", $lng->txt("login_to_ilias"));
1337 $tpl->setVariable("CLIENT_ID", "?client_id=" . $client_id . "&cmd=force_login&lang=" . $lng->getLangKey());
1338
1340 }
1341
1342
1343
1347 public function doLogout()
1348 {
1349 global $DIC;
1350
1351 $ilSetting = $DIC->settings();
1352 $user = $DIC->user();
1353 $lng = $DIC->language();
1354 $ilIliasIniFile = $DIC['ilIliasIniFile'];
1355 $ilAppEventHandler = $DIC['ilAppEventHandler'];
1356
1357 $ilAppEventHandler->raise(
1358 'Services/Authentication',
1359 'beforeLogout',
1360 [
1361 'user_id' => $this->user->getId()
1362 ]
1363 );
1364
1365 $user_language = $user->getLanguage();
1366
1367 $tosWithdrawalGui = new ilTermsOfServiceWithdrawalGUIHelper($user);
1368 $tosWithdrawalGui->handleWithdrawalLogoutRequest($this->httpRequest, $this);
1369
1370 $had_external_authentication = ilSession::get('used_external_auth');
1371
1373 $GLOBALS['DIC']['ilAuthSession']->logout();
1374
1375 $GLOBALS['ilAppEventHandler']->raise(
1376 'Services/Authentication',
1377 'afterLogout',
1378 array(
1379 'username' => $this->user->getLogin()
1380 )
1381 );
1382
1383 if ((int) $this->user->getAuthMode(true) == AUTH_SAML && $had_external_authentication) {
1384 $this->logger->info('Redirecting user to SAML logout script');
1385 $this->ctrl->redirectToURL('saml.php?action=logout&logout_url=' . urlencode(ILIAS_HTTP_PATH . '/login.php'));
1386 }
1387
1388 // reset cookie
1389 ilUtil::setCookie("ilClientId", "");
1390
1391 // redirect and show logout information
1392 $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1393 $this->ctrl->setParameter($this, 'lang', $user_language);
1394 $this->ctrl->redirect($this, 'showLogout');
1395 }
1396
1402 public function showNoCookiesScreen()
1403 {
1404 global $tpl;
1405
1406 $str = "<p style=\"margin:15px;\">
1407 You need to enable Session Cookies in your Browser to use ILIAS.
1408 <br/>
1409 <br/><b>Firefox</b>
1410 <br/>Tools -> Options -> Privacy -> Cookies
1411 <br/>Enable 'Allow sites to set cookies' and activate option 'Keep
1412 <br/>cookies' auf 'until I close Firefox'
1413 <br/>
1414 <br/><b>Mozilla/Netscape</b>
1415 <br/>Edit -> Preferences -> Privacy&Security -> Cookies
1416 <br/>Go to 'Cookie Lifetime Policy' and check option 'Accept for current
1417 <br/>session only'.
1418 <br/>
1419 <br/><b>Internet Explorer</b>
1420 <br/>Tools -> Internet Options -> Privacy -> Advanced
1421 <br/>- Check 'Override automatic cookie handling'
1422 <br/>- Check 'Always allow session cookies'
1423 </p>";
1424 $tpl->setVariable("CONTENT", $str);
1425 $tpl->printToStdout();
1426 }
1427
1431 protected function getAcceptance() : void
1432 {
1433 $this->showTermsOfService();
1434 }
1435
1436 protected function confirmAcceptance() : void
1437 {
1438 $this->showTermsOfService(true);
1439 }
1440
1441 protected function confirmWithdrawal() : void
1442 {
1443 if (!$this->user->getId()) {
1444 $this->user->setId(ANONYMOUS_USER_ID);
1445 }
1446 $back_to_login = false;
1447 if ($this->user->getPref('consent_withdrawal_requested') != 1) {
1448 $back_to_login = true;
1449 }
1450 $tpl = self::initStartUpTemplate('tpl.view_terms_of_service.html', $back_to_login, !$back_to_login);
1451
1452 $helper = new ilTermsOfServiceHelper();
1453 $handleDocument = $helper->isGloballyEnabled() && $this->termsOfServiceEvaluation->hasDocument();
1454 if ($handleDocument) {
1455 $document = $this->termsOfServiceEvaluation->document();
1456 if ('confirmWithdrawal' === $this->ctrl->getCmd()) {
1457 if (isset($this->httpRequest->getParsedBody()['status']) && 'withdrawn' === $this->httpRequest->getParsedBody()['status']) {
1458 $helper->deleteAcceptanceHistoryByUser((int) $this->user->getId());
1459 $this->ctrl->redirectToUrl('logout.php');
1460 }
1461 }
1462
1463 $tpl->setVariable('FORM_ACTION', $this->ctrl->getFormAction($this, $this->ctrl->getCmd()));
1464 $tpl->setVariable('ACCEPT_CHECKBOX', ilUtil::formCheckbox(0, 'status', 'accepted'));
1465 $tpl->setVariable('ACCEPT_TERMS_OF_SERVICE', $this->lng->txt('accept_usr_agreement'));
1466 $tpl->setVariable('TXT_SUBMIT', $this->lng->txt('submit'));
1467
1468 $tpl->setPermanentLink('usr', null, 'agreement');
1469 $tpl->setVariable('TERMS_OF_SERVICE_CONTENT', $document->content());
1470 } else {
1471 $tpl->setVariable(
1472 'TERMS_OF_SERVICE_CONTENT',
1473 sprintf(
1474 $this->lng->txt('no_agreement_description'),
1476 )
1477 );
1478 }
1479
1481 }
1482
1490 protected function showTermsOfService(bool $accepted = false) : void
1491 {
1492 $this->help->setSubScreenId('terms_of_service');
1493
1494 $back_to_login = ('getAcceptance' != $this->ctrl->getCmd());
1495
1496 if (!$this->user->getId()) {
1497 $this->user->setId(ANONYMOUS_USER_ID);
1498 }
1499
1500 $tpl = self::initStartUpTemplate('tpl.view_terms_of_service.html', $back_to_login, !$back_to_login);
1501
1502 $this->mainTemplate->setTitle($this->lng->txt('accept_usr_agreement'));
1503 $this->mainTemplate->setOnScreenMessage('info', $this->lng->txt('accept_usr_agreement_intro'));
1504
1505 $helper = new ilTermsOfServiceHelper();
1506 $handleDocument = $helper->isGloballyEnabled() && $this->termsOfServiceEvaluation->hasDocument();
1507 if ($handleDocument) {
1508 $document = $this->termsOfServiceEvaluation->document();
1509 if (
1510 'confirmAcceptance' === $this->ctrl->getCmd() ||
1511 'getAcceptance' === $this->ctrl->getCmd()
1512 ) {
1513 if ($accepted) {
1514 $helper->trackAcceptance($this->user, $document);
1515
1516 if (ilSession::get('orig_request_target')) {
1517 $target = ilSession::get('orig_request_target');
1518 ilSession::set('orig_request_target', '');
1519 ilUtil::redirect($target);
1520 } else {
1521 ilUtil::redirect('index.php?target=' . $_GET['target'] . '&client_id=' . CLIENT_ID);
1522 }
1523 }
1524
1525 $tpl->setVariable('FORM_ACTION', $this->ctrl->getFormAction($this, $this->ctrl->getCmd()));
1526 $tpl->setVariable('ACCEPT_TERMS_OF_SERVICE', $this->lng->txt('accept_usr_agreement'));
1527 $tpl->setVariable('TXT_ACCEPT', $this->lng->txt('accept_usr_agreement_btn'));
1528 $tpl->setVariable('DENY_TERMS_OF_SERVICE', $this->lng->txt('deny_usr_agreement'));
1529 $tpl->setVariable(
1530 'DENIAL_BUTTON',
1531 $this->dic->ui()->renderer()->render(
1532 $this->dic->ui()->factory()->button()->standard(
1533 $this->dic->language()->txt('deny_usr_agreement_btn'),
1534 'logout.php?withdraw_consent'
1535 )
1536 )
1537 );
1538 }
1539
1540 $tpl->setPermanentLink('usr', null, 'agreement');
1541 $tpl->setVariable('TERMS_OF_SERVICE_CONTENT', $document->content());
1542 } else {
1543 $tpl->setVariable(
1544 'TERMS_OF_SERVICE_CONTENT',
1545 sprintf(
1546 $this->lng->txt('no_agreement_description'),
1548 )
1549 );
1550 }
1551
1553 }
1554
1558 protected function processIndexPHP()
1559 {
1560 global $ilIliasIniFile, $ilAuth, $ilSetting;
1561
1562 // In case of an valid session, redirect to starting page
1563 if ($GLOBALS['DIC']['ilAuthSession']->isValid()) {
1564 if (!$this->user->isAnonymous() || ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1565 $this->httpRequest->getServerParams()['SERVER_NAME']
1566 )) {
1567 ilInitialisation::redirectToStartingPage();
1568 return;
1569 }
1570 }
1571
1572 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1574 }
1575
1576 // otherwise show login page
1577 return $this->showLoginPage();
1578 }
1579
1580
1581 public static function _checkGoto($a_target)
1582 {
1583 global $DIC;
1584 global $objDefinition, $ilPluginAdmin, $ilUser;
1585
1586 $access = $DIC->access();
1587
1588
1589 if (is_object($ilPluginAdmin)) {
1590 // get user interface plugins
1591 $pl_names = $ilPluginAdmin->getActivePluginsForSlot(IL_COMP_SERVICE, "UIComponent", "uihk");
1592
1593 // search
1594 foreach ($pl_names as $pl) {
1595 $ui_plugin = ilPluginAdmin::getPluginObject(IL_COMP_SERVICE, "UIComponent", "uihk", $pl);
1596 $gui_class = $ui_plugin->getUIClassInstance();
1597 $resp = $gui_class->checkGotoHook($a_target);
1598 if ($resp["target"] !== false) {
1599 $a_target = $resp["target"];
1600 break;
1601 }
1602 }
1603 }
1604
1605 if ($a_target == "") {
1606 return false;
1607 }
1608
1609 $t_arr = explode("_", $a_target);
1610 $type = $t_arr[0];
1611
1612 if ($type == "git") {
1613 $type = "glo";
1614 }
1615
1616 if ($type == "pg" | $type == "st") {
1617 $type = "lm";
1618 }
1619
1620 $class = $objDefinition->getClassName($type);
1621 if ($class == "") {
1622 return false;
1623 }
1624
1625 $location = $objDefinition->getLocation($type);
1626 $full_class = "ilObj" . $class . "Access";
1627 include_once($location . "/class." . $full_class . ".php");
1628
1629 $ret = call_user_func(array($full_class, "_checkGoto"), $a_target);
1630
1631 // if no access and repository object => check for parent course/group
1632 if (!$ret &&
1633 !stristr($a_target, "_wsp") &&
1634 $ilUser->getId() != ANONYMOUS_USER_ID && // #10637
1635 !$objDefinition->isAdministrationObject($type) &&
1636 $objDefinition->isRBACObject($type) &&
1637 $t_arr[1]) {
1638 global $tree, $rbacsystem, $ilAccess;
1639
1640 // original type "pg" => pg_<page_id>[_<ref_id>]
1641 if ($t_arr[0] == "pg") {
1642 if (isset($t_arr[2])) {
1643 $ref_id = $t_arr[2];
1644 } else {
1645 $lm_id = ilLMObject::_lookupContObjID($t_arr[1]);
1646 $ref_id = ilObject::_getAllReferences($lm_id);
1647 if ($ref_id) {
1648 $ref_id = array_shift($ref_id);
1649 }
1650 }
1651 } else {
1652 $ref_id = $t_arr[1];
1653 }
1654
1655 include_once "Services/Membership/classes/class.ilParticipants.php";
1656 $block_obj = array();
1657
1658 // walk path to find parent container
1659 $path = $tree->getPathId($ref_id);
1660 array_pop($path);
1661 foreach ($path as $path_ref_id) {
1662 $redirect_infopage = false;
1663 $add_member_role = false;
1664
1665 $ptype = ilObject::_lookupType($path_ref_id, true);
1666 $pobj_id = ilObject::_lookupObjId($path_ref_id);
1667
1668 // core checks: timings/object-specific
1669 if (
1670 !$access->doActivationCheck('read', '', $path_ref_id, $ilUser->getId(), $pobj_id, $ptype) ||
1671 !$access->doStatusCheck('read', '', $path_ref_id, $ilUser->getId(), $pobj_id, $ptype)
1672 ) {
1673 // object in path is inaccessible - aborting
1674 return false;
1675 } elseif ($ptype == "crs") {
1676 // check if already participant
1677 include_once "Modules/Course/classes/class.ilCourseParticipant.php";
1678 $participants = new ilCourseParticipant($pobj_id, $ilUser->getId());
1679 if (!$participants->isAssigned()) {
1680 // subscription currently possible?
1681 include_once "Modules/Course/classes/class.ilObjCourse.php";
1682 if (ilObjCourse::_isActivated($pobj_id) &&
1684 $block_obj[] = $path_ref_id;
1685 $add_member_role = true;
1686 } else {
1687 $redirect_infopage = true;
1688 }
1689 }
1690 } elseif ($ptype == "grp") {
1691 // check if already participant
1692 include_once "Modules/Group/classes/class.ilGroupParticipants.php";
1693 if (!ilGroupParticipants::_isParticipant($path_ref_id, $ilUser->getId())) {
1694 // subscription currently possible?
1695 include_once "Modules/Group/classes/class.ilObjGroup.php";
1696 $group_obj = new ilObjGroup($path_ref_id);
1697 if ($group_obj->isRegistrationEnabled()) {
1698 $block_obj[] = $path_ref_id;
1699 $add_member_role = true;
1700 } else {
1701 $redirect_infopage = true;
1702 }
1703 }
1704 }
1705
1706 // add members roles for all "blocking" objects
1707 if ($add_member_role) {
1708 // cannot join? goto will never work, so redirect to current object
1709 $rbacsystem->resetPACache($ilUser->getId(), $path_ref_id);
1710 if (!$rbacsystem->checkAccess("join", $path_ref_id)) {
1711 $redirect_infopage = true;
1712 } else {
1713 $rbacsystem->addTemporaryRole(
1714 $ilUser->getId(),
1716 );
1717 }
1718 }
1719
1720 // redirect to infopage of 1st blocking object in path
1721 if ($redirect_infopage) {
1722 if ($rbacsystem->checkAccess("visible", $path_ref_id)) {
1723 ilUtil::redirect("ilias.php?baseClass=ilRepositoryGUI" .
1724 "&ref_id=" . $path_ref_id . "&cmd=infoScreen");
1725 } else {
1726 return false;
1727 }
1728 }
1729 }
1730
1731
1732 // check if access will be possible with all (possible) member roles added
1733 $rbacsystem->resetPACache($ilUser->getId(), $ref_id);
1734 if ($rbacsystem->checkAccess("read", $ref_id) && sizeof($block_obj)) { // #12128
1735 // this won't work with lm-pages (see above)
1736 // include_once "Services/Link/classes/class.ilLink.php";
1737 // $_SESSION["pending_goto"] = ilLink::_getStaticLink($ref_id, $type);
1738
1739 // keep original target
1740 $_SESSION["pending_goto"] = "goto.php?target=" . $a_target;
1741
1742 // redirect to 1st non-member object in path
1743 ilUtil::redirect("ilias.php?baseClass=ilRepositoryGUI" .
1744 "&ref_id=" . array_shift($block_obj));
1745 }
1746 }
1747
1748 return $ret;
1749 }
1750
1751 public function confirmRegistration()
1752 {
1753 ilUtil::setCookie('iltest', 'cookie', false);
1754
1755 $this->lng->loadLanguageModule('registration');
1756
1757 if (!isset($_GET['rh']) || !strlen(trim($_GET['rh']))) {
1758 $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_FAILURE, $this->lng->txt('reg_confirmation_hash_not_passed'), true);
1759 $this->ctrl->redirectToURL(sprintf(
1760 './login.php?cmd=force_login&lang=%s',
1761 $this->lng->getLangKey()
1762 ));
1763 }
1764
1765 try {
1766 $oRegSettings = new ilRegistrationSettings();
1767
1768 $usr_id = ilObjUser::_verifyRegistrationHash(trim($_GET['rh']));
1771 $user->setActive(true);
1772 $password = '';
1773 if ($oRegSettings->passwordGenerationEnabled()) {
1774 $passwords = ilUtil::generatePasswords(1);
1775 $password = $passwords[0];
1776 $user->setPasswd($password, IL_PASSWD_PLAIN);
1777 $user->setLastPasswordChangeTS(time());
1778 }
1779 $user->update();
1780
1781 $target = $user->getPref('reg_target');
1782 if (strlen($target) > 0) {
1783 // Used for ilAccountMail in ilAccountRegistrationMail, which relies on this super global ...
1784 $_GET['target'] = $target;
1785 }
1786
1787 $accountMail = new ilAccountRegistrationMail(
1788 $oRegSettings,
1789 $this->lng,
1791 );
1792 $accountMail->withEmailConfirmationRegistrationMode()->send($user, $password);
1793
1794 $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_SUCCESS, $this->lng->txt('reg_account_confirmation_successful'), true);
1795 $this->ctrl->redirectToURL(sprintf(
1796 './login.php?cmd=force_login&lang=%s',
1797 $user->getLanguage()
1798 ));
1799 } catch (ilRegConfirmationLinkExpiredException $exception) {
1800 $soap_client = new ilSoapClient();
1801 $soap_client->setResponseTimeout(1);
1802 $soap_client->enableWSDL(true);
1803 $soap_client->init();
1804
1805 $this->logger->info('Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...');
1806
1807 $soap_client->call(
1808 'deleteExpiredDualOptInUserObjects',
1809 [
1810 $_COOKIE[session_name()] . '::' . CLIENT_ID,
1811 $exception->getCode() // user id
1812 ]
1813 );
1814
1815 $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_FAILURE, $this->lng->txt($exception->getMessage()), true);
1816 $this->ctrl->redirectToURL(sprintf(
1817 './login.php?cmd=force_login&lang=%s',
1818 $this->lng->getLangKey()
1819 ));
1820 } catch (ilRegistrationHashNotFoundException $exception) {
1821 $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_FAILURE, $this->lng->txt($exception->getMessage()), true);
1822 $this->ctrl->redirectToURL(sprintf(
1823 './login.php?cmd=force_login&lang=%s',
1824 $this->lng->getLangKey()
1825 ));
1826 }
1827 }
1828
1835 public static function initStartUpTemplate($a_tmpl, $a_show_back = false, $a_show_logout = false)
1836 {
1844 global $lng, $ilAccess, $ilSetting;
1845 $tpl = new ilGlobalTemplate("tpl.main.html", true, true);
1846
1847 $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'Services/Init');
1848
1849 $view_title = $lng->txt('login_to_ilias');
1850 if ($a_show_back) {
1851 // #13400
1852 $param = 'client_id=' . CLIENT_ID . '&lang=' . $lng->getLangKey();
1853
1854 $tpl->setCurrentBlock('link_item_bl');
1855 $tpl->setVariable('LINK_TXT', $view_title);
1856 $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1857 $tpl->parseCurrentBlock();
1858
1859 include_once './Services/Init/classes/class.ilPublicSectionSettings.php';
1860 if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1861 $ilAccess->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1862 $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1863 $tpl->setVariable('LINK_TXT', $lng->txt('home'));
1864 $tpl->parseCurrentBlock();
1865 }
1866 } elseif ($a_show_logout) {
1867 $view_title = $lng->txt('logout');
1868 $tpl->setCurrentBlock('link_item_bl');
1869 $tpl->setVariable('LINK_TXT', $view_title);
1870 $tpl->setVariable('LINK_URL', ILIAS_HTTP_PATH . '/logout.php');
1871 $tpl->parseCurrentBlock();
1872 }
1873
1874 if (is_array($a_tmpl)) {
1875 $template_file = $a_tmpl[0];
1876 $template_dir = $a_tmpl[1];
1877 } else {
1878 $template_file = $a_tmpl;
1879 $template_dir = 'Services/Init';
1880 }
1881
1882 $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1883
1884 PageContentProvider::setViewTitle($view_title);
1885 $short_title = $ilSetting->get('short_inst_name');
1886 if (trim($short_title) === "") {
1887 $short_title = 'ILIAS';
1888 }
1889 PageContentProvider::setShortTitle($short_title);
1890
1891 $header_title = (string) ilObjSystemFolder::_getHeaderTitle();
1892 PageContentProvider::setTitle($header_title);
1893
1894 return $tpl;
1895 }
1896
1901 protected function showSamlLoginForm($page_editor_html)
1902 {
1903 require_once 'Services/Saml/classes/class.ilSamlIdp.php';
1904 require_once 'Services/Saml/classes/class.ilSamlSettings.php';
1905
1906 if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1907 $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'Services/Saml');
1908
1909 $return = '';
1910 if (isset($_GET['target'])) {
1911 $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($_GET['target']));
1912 }
1913
1914 $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1915 $tpl->setVariable('TXT_LOGIN', $GLOBALS['DIC']->language()->txt('saml_log_in'));
1916 $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $GLOBALS['DIC']->language()->txt('login_to_ilias_via_saml'));
1917 $tpl->setVariable('TXT_SAML_LOGIN_TXT', $GLOBALS['DIC']->language()->txt('saml_login_form_txt'));
1918 $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $GLOBALS['DIC']->language()->txt('saml_login_form_info_txt'));
1919
1920 return $this->substituteLoginPageElements(
1921 $GLOBALS['tpl'],
1922 $page_editor_html,
1923 $tpl->get(),
1924 '[list-saml-login]',
1925 'SAML_LOGIN_FORM'
1926 );
1927 }
1928
1929 return $page_editor_html;
1930 }
1931
1936 protected function showOpenIdConnectLoginForm($page_editor_html)
1937 {
1938 global $DIC;
1939
1940 $lang = $DIC->language();
1941
1942 $oidc_settings = ilOpenIdConnectSettings::getInstance();
1943 if ($oidc_settings->getActive()) {
1944 $tpl = new ilTemplate('tpl.login_element.html', true, true, 'Services/OpenIdConnect');
1945
1946 $lang->loadLanguageModule('auth');
1947 $tpl->setVariable('TXT_OIDCONNECT_HEADER', $lang->txt('auth_oidc_login_element_info'));
1948
1949 $target = empty($_GET['target']) ? '' : ('?target=' . (string) $_GET['target']);
1950 switch ($oidc_settings->getLoginElementType()) {
1952
1953
1954 $tpl->setVariable('SCRIPT_OIDCONNECT_T', ILIAS_HTTP_PATH . '/openidconnect.php' . $target);
1955 $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1956 break;
1957
1959 $tpl->setVariable('SCRIPT_OIDCONNECT_I', ILIAS_HTTP_PATH . '/openidconnect.php' . $target);
1960 $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1961 break;
1962 }
1963
1964 return $this->substituteLoginPageElements(
1965 $GLOBALS['tpl'],
1966 $page_editor_html,
1967 $tpl->get(),
1968 '[list-openid-connect-login]',
1969 'OPEN_ID_CONNECT_LOGIN_FORM'
1970 );
1971 }
1972
1973 return $page_editor_html;
1974 }
1975
1980 {
1981 global $DIC;
1982
1983 $this->getLogger()->debug('Trying openid connect authentication');
1984
1985 $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
1986 $credentials->initFromRequest();
1987
1988 $provider_factory = new ilAuthProviderFactory();
1989 $provider = $provider_factory->getProviderByAuthMode($credentials, AUTH_OPENID_CONNECT);
1990
1991 $status = ilAuthStatus::getInstance();
1992
1993 $frontend_factory = new ilAuthFrontendFactory();
1994 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1995 $frontend = $frontend_factory->getFrontend(
1996 $GLOBALS['DIC']['ilAuthSession'],
1997 $status,
1998 $credentials,
1999 array($provider)
2000 );
2001
2002 $frontend->authenticate();
2003
2004 switch ($status->getStatus()) {
2006 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
2007 include_once './Services/Init/classes/class.ilInitialisation.php';
2008 ilInitialisation::redirectToStartingPage();
2009 return;
2010
2012 ilUtil::sendFailure($status->getTranslatedReason(), true);
2013 $GLOBALS['ilCtrl']->redirect($this, 'showLoginPage');
2014 return false;
2015 }
2016
2017 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
2018 $this->showLoginPage();
2019 return false;
2020 }
2021
2022
2026 protected function doSamlAuthentication()
2027 {
2028 global $DIC;
2029
2030 $this->getLogger()->debug('Trying saml authentication');
2031
2032 $request = $DIC->http()->request();
2033 $params = $request->getQueryParams();
2034
2036 $auth = $factory->auth();
2037
2038 if (isset($params['action']) && $params['action'] == 'logout') {
2039 $logout_url = isset($params['logout_url']) ? $params['logout_url'] : '';
2040 ilLoggerFactory::getLogger('auth')->info(sprintf('Requested SAML logout: %s', $logout_url));
2041 $auth->logout($logout_url);
2042 }
2043
2044 if (isset($params['target']) && !isset($params['returnTo'])) {
2045 $params['returnTo'] = $params['target'];
2046 }
2047 if (isset($params['returnTo'])) {
2048 $auth->storeParam('target', $params['returnTo']);
2049 }
2050
2051 ilLoggerFactory::getLogger('auth')->debug('Started SAML authentication request');
2052
2053 if (!$auth->isAuthenticated()) {
2054 ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
2055 if (!isset($_GET['idpentityid']) || !isset($_GET['saml_idp_id'])) {
2056 $activeIdps = ilSamlIdp::getActiveIdpList();
2057 if (1 == count($activeIdps)) {
2058 $idp = current($activeIdps);
2059 $_GET['idpentityid'] = $idp->getEntityId();
2060 $_GET['saml_idp_id'] = $idp->getIdpId();
2061
2062 ilLoggerFactory::getLogger('auth')->debug(sprintf(
2063 'Found exactly one active IDP with id %s: %s',
2064 $idp->getIdpId(),
2065 $idp->getEntityId()
2066 ));
2067 } elseif (0 == count($activeIdps)) {
2068 ilLoggerFactory::getLogger('auth')->debug('Did not find any active IDP, skipp authentication process');
2069 $GLOBALS['DIC']->ctrl()->redirect($this, 'showLoginPage');
2070 } else {
2071 ilLoggerFactory::getLogger('auth')->debug('Found multiple active IPDs, presenting IDP selection...');
2072 $this->showSamlIdpSelection($auth, $activeIdps);
2073 return;
2074 }
2075 }
2076
2077 $auth->storeParam('idpId', (int) $_GET['saml_idp_id']);
2078 ilLoggerFactory::getLogger('auth')->debug(sprintf(
2079 'Stored relevant IDP id in session: %s',
2080 (string) $auth->getParam('idpId')
2081 ));
2082 }
2083
2084 // re-init
2085 $auth = $factory->auth();
2086
2087 ilLoggerFactory::getLogger('auth')->debug('Checking SAML authentication status...');
2088
2089 $auth->protectResource();
2090
2091 ilLoggerFactory::getLogger('auth')->debug(
2092 'SAML authentication successful, continuing with ILIAS internal authentication process...'
2093 );
2094
2095 $idpId = (int) $auth->getParam('idpId');
2096
2097 ilLoggerFactory::getLogger('auth')->debug(sprintf(
2098 'Internal SAML IDP id fetched from session: %s',
2099 (string) $idpId
2100 ));
2101
2102 if ($idpId < 1) {
2103 ilLoggerFactory::getLogger('auth')->debug(
2104 'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
2105 );
2106 $authData = $auth->getAuthDataArray();
2107 if (isset($authData['saml:sp:IdP'])) {
2108 $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
2109 ilLoggerFactory::getLogger('auth')->debug(sprintf(
2110 'Searching active ILIAS IDP by entity id "%s" results in: %s',
2111 $authData['saml:sp:IdP'],
2112 (string) $idpId
2113 ));
2114 } else {
2115 ilLoggerFactory::getLogger('auth')->debug(
2116 'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
2117 );
2118 }
2119 }
2120 $_GET['target'] = $auth->popParam('target');
2121
2122 $_POST['auth_mode'] = AUTH_SAML . '_' . $idpId;
2123
2124 $this->logger->debug(sprintf(
2125 'Retrieved "target" parameter: %s',
2126 print_r($_GET['target'], true)
2127 ));
2128
2129 $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
2130 $credentials->initFromRequest();
2131
2132 $provider_factory = new ilAuthProviderFactory();
2133 $provider = $provider_factory->getProviderByAuthMode($credentials, ilUtil::stripSlashes($_POST['auth_mode']));
2134
2135 $status = ilAuthStatus::getInstance();
2136
2137 $frontend_factory = new ilAuthFrontendFactory();
2138 $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
2139 $frontend = $frontend_factory->getFrontend(
2140 $GLOBALS['DIC']['ilAuthSession'],
2141 $status,
2142 $credentials,
2143 array($provider)
2144 );
2145
2146 $frontend->authenticate();
2147
2148 switch ($status->getStatus()) {
2150 ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
2151 return ilInitialisation::redirectToStartingPage();
2152
2154 return $GLOBALS['DIC']->ctrl()->redirect($this, 'showAccountMigration');
2155
2157 ilUtil::sendFailure($status->getTranslatedReason(), true);
2158 $GLOBALS['DIC']->ctrl()->redirect($this, 'showLoginPage');
2159 return false;
2160 }
2161
2162 ilUtil::sendFailure($this->lng->txt('err_wrong_login'));
2163 $this->showLoginPage();
2164
2165 return false;
2166 }
2167
2172 protected function showSamlIdpSelection(\ilSamlAuth $auth, array $idps)
2173 {
2174 global $DIC;
2175
2176 $this->help->setSubScreenId('saml_idp_selection');
2177
2178 self::initStartUpTemplate(array('tpl.saml_idp_selection.html', 'Services/Saml'));
2179
2180 $factory = $DIC->ui()->factory();
2181 $renderer = $DIC->ui()->renderer();
2182
2183 $DIC->ctrl()->setTargetScript('saml.php');
2184
2185 $items = [];
2186
2187 $table = new ilSamlIdpSelectionTableGUI($this, 'doSamlAuthentication');
2188
2189 foreach ($idps as $idp) {
2190 $DIC->ctrl()->setParameter($this, 'saml_idp_id', $idp->getIdpId());
2191 $DIC->ctrl()->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
2192
2193 $items[] = [
2194 'idp_link' => $renderer->render($factory->link()->standard($idp->getEntityId(), $DIC->ctrl()->getLinkTarget($this, 'doSamlAuthentication')))
2195 ];
2196 }
2197
2198 $table->setData($items);
2199 $this->mainTemplate->setVariable('CONTENT', $table->getHtml());
2200
2201 $this->mainTemplate->printToStdout('DEFAULT', false);
2202 }
2203}
user()
Definition: user.php:4
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
$location
Definition: buildRTE.php:44
$_GET["client_id"]
$_POST["username"]
$_SESSION["AccountId"]
An exception for terminatinating execution or to throw for unit testing.
Class ilPageContentProvider.
Class ShibbolethWAYF.
const AUTH_SHIBBOLETH
const AUTH_APACHE
const AUTH_OPENID_CONNECT
const AUTH_SAML
const AUTH_LOCAL
const AUTH_CAS
const AUTH_PROVIDER_LTI
const IL_COMP_SERVICE
const IL_PASSWD_PLAIN
static isUnusedCode($code)
static getCodeValidUntil($code)
static applyRoleAssignments(ilObjUser $user, $code)
static applyAccessLimits(ilObjUser $user, $code)
static useCode($code)
Class ilAccountRegistrationGUI.
Class ilAccountRegistrationMail.
Auth frontend credentials for CAS auth.
Auth credentials for lti oauth based authentication.
Class ilAuthFrontendCredentialsSaml.
Factory for auth frontend classes.
const STATUS_CODE_ACTIVATION_REQUIRED
static getInstance()
Get status instance.
const STATUS_AUTHENTICATION_FAILED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
static _getMultipleAuthModeOptions($lng)
static _hasMultipleAuthenticationMethods()
This class represents a captcha input in a property form.
special template class to simplify handling of ITX/PEAR
static _isParticipant($a_ref_id, $a_usr_id)
Static function to check if a user is a participant of the container object.
This class represents a hidden form property in a property form.
static goToPublicSection()
go to public section
static _lookupContObjID($a_id)
get learning module / digibook id for lm object
static lookupId($a_lang_key)
Lookup obj_id of language @global ilDB $ilDB.
static getLogger($a_component_id)
Get component logger.
Login page GUI class.
static _registrationEnabled($a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
static _isActivated($a_obj_id)
Is activated.
Class ilObjGroup.
static getSyntaxStylePath()
get syntax style path
static getContentStylePath($a_style_id, $add_random=true, $add_token=true)
get content style path
static _verifyRegistrationHash($a_hash)
Verifies a registration hash.
static _lookupLogin($a_user_id)
lookup login
static _lookupId($a_user_str)
Lookup id by login.
static getInstanceByObjId($a_obj_id, $stop_on_error=true)
get an instance of an Ilias object by object id
static _lookupObjId($a_id)
static _getAllReferences($a_id)
get all reference ids of object
static _lookupType($a_id, $a_reference=false)
lookup object type
static getInstance()
Get singleton instance.
static _existsAndNotEmpty($a_parent_type, $a_id, $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages)
static getDefaultMemberRole($a_ref_id)
Password assistance facility for users who have forgotten their password or for users for whom no pas...
This class represents a password property in a property form.
static getPluginObject($a_ctype, $a_cname, $a_slot_id, $a_pname)
Get Plugin Object.
This class represents a property form user interface.
This class represents a property in a property form.
This class represents an option in a radio group.
Class for user related exception handling in ILIAS.
Class for user related exception handling in ILIAS.
Class ilObjAuthSettingsGUI.
Class ilSamlAuthFactory.
Class ilSamlIdpSelectionTableGUI.
static getActiveIdpList()
static geIdpIdByEntityId($entityId)
const SESSION_CLOSE_USER
static set($a_var, $a_val)
Set a value.
static setClosingContext($a_context)
set closing context (for statistics)
static get($a_var)
Get a value.
ILIAS Setting Class.
StartUp GUI class.
processIndexPHP()
process index.php
showLoginInformation($page_editor_html, $tpl)
Show login information.
showShibbolethLoginForm($page_editor_html)
Show shibboleth login form.
showLoginPage(ilPropertyFormGUI $form=null)
showCASLoginForm($page_editor_html)
Show cas login @global ilSetting $ilSetting.
showAccountMigration(string $message='')
Show account migration screen.
static _checkGoto($a_target)
doStandardAuthentication()
Check form input; authenticate user.
getAcceptance()
Get terms of service.
doApacheAuthentication()
Try apache auth.
showCodeForm($a_username=null, $a_form=null)
doOpenIdConnectAuthentication()
do open id connect authentication
__construct(\ilObjUser $user=null, \ilTermsOfServiceDocumentEvaluation $termsOfServiceEvaluation=null, \ilGlobalTemplate $mainTemplate=null, ServerRequestInterface $httpRequest=null)
ilStartUpGUI constructor.
const ACCOUNT_MIGRATION_MIGRATE
purgePlaceholders($page_editor_html)
Purge page editor html from unused placeholders.
initStandardLoginForm()
Initialize the standard.
doShibbolethAuthentication()
Trying shibboleth authentication.
getLogger()
Get logger.
migrateAccount()
Migrate Account.
static printToGlobalTemplate($tpl)
substituteLoginPageElements($tpl, $page_editor_html, $element_html, $placeholder, $fallback_tplvar)
Substitute login page elements.
jumpToPasswordAssistance()
jump to password assistance
showLogout()
Show logout screen.
showTermsOfService(bool $accepted=false)
Show terms of service.
showSamlIdpSelection(\ilSamlAuth $auth, array $idps)
doLTIAuthentication()
Handle lti requests.
jumpToRegistration()
jump to registration gui
showLoginForm($page_editor_html, ilPropertyFormGUI $form=null)
Show login form @global ilSetting $ilSetting.
executeCommand()
execute command
getLoginPageEditorHTML()
Get HTML of ILIAS login page editor.
initCodeForm($a_username)
doLogout()
show logout screen
doCasAuthentication()
Try CAS auth.
showNoCookiesScreen()
show help screen, if cookies are disabled
showOpenIdConnectLoginForm($page_editor_html)
showRegistrationLinks($page_editor_html)
Show registration, password forgotten, client slection links @global ilLanguage $lng @global ilSettin...
showTermsOfServiceLink(string $page_editor_html)
Show terms of service link.
showSamlLoginForm($page_editor_html)
static getMailsToAddress()
Get mailto: emails.
special template class to simplify handling of ITX/PEAR
Class ilTermsOfServiceHelper.
This class represents a text property in a property form.
static appendUrlParameterString($a_url, $a_par, $xml_style=false)
append URL parameter string ("par1=value1&par2=value2...") to given URL string
static formCheckbox($checked, $varname, $value, $disabled=false)
??? @access public
static setCookie($a_cookie_name, $a_cookie_value='', $a_also_set_super_global=true, $a_set_cookie_invalid=false)
static redirect($a_script)
static sendFailure($a_info="", $a_keep=false)
Send Failure Message to Screen.
static generatePasswords($a_number)
Generate a number of passwords.
static stripSlashes($a_str, $a_strip_html=true, $a_allow="")
strip slashes if magic qoutes is enabled
static getImagePath($img, $module_path="", $mode="output", $offline=false)
get image path (for images located in a template directory)
static prepareFormOutput($a_str, $a_strip=false)
prepares string output for html forms @access public
const CLIENT_ID
Definition: constants.php:39
const ANONYMOUS_USER_ID
Definition: constants.php:25
const ROOT_FOLDER_ID
Definition: constants.php:30
$password
Definition: cron.php:14
global $DIC
Definition: goto.php:24
help()
Definition: help.php:2
$ilIliasIniFile
Definition: imgupload.php:16
$ilUser
Definition: imgupload.php:18
Interface ilSamlAuth.
Interface ilTermsOfServiceDocumentEvaluation.
language()
Definition: language.php:2
if($DIC->http() ->request() ->getMethod()=="GET" &&isset($DIC->http() ->request() ->getQueryParams()['tex'])) $tpl
Definition: latex.php:41
$factory
Definition: metadata.php:58
$auth
Definition: metadata.php:59
static http()
Fetches the global http state from ILIAS.
$ret
Definition: parser.php:6
global $ilSetting
Definition: privfeed.php:17
$type
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
$client_id
Definition: webdav.php:17
$messages
Definition: xapiexit.php:5
$lang
Definition: xapiexit.php:8
$message
Definition: xapiexit.php:14
$_COOKIE[session_name()]
Definition: xapitoken.php:37
$param
Definition: xapitoken.php:29