ILIAS  release_8 Revision v8.19
All Data Structures Namespaces Files Functions Variables Modules Pages
class.ilStartUpGUI.php
Go to the documentation of this file.
1 <?php
2 
19 use Psr\Http\Message\ServerRequestInterface;
20 use ILIAS\UICore\PageContentProvider;
21 use ILIAS\Refinery\Factory as RefineryFactory;
22 use ILIAS\HTTP\Services as HTTPServices;
23 
32 class ilStartUpGUI implements ilCtrlBaseClassInterface, ilCtrlSecurityInterface
33 {
34  protected const ACCOUNT_MIGRATION_MIGRATE = 1;
35  protected const ACCOUNT_MIGRATION_NEW = 2;
36 
37  protected ilCtrlInterface $ctrl;
38  protected ilLanguage $lng;
39  protected ilLogger $logger;
40  protected ilGlobalTemplateInterface $mainTemplate;
41  protected ilObjUser $user;
42  protected ilTermsOfServiceDocumentEvaluation $termsOfServiceEvaluation;
43  protected ServerRequestInterface $httpRequest;
44  protected \ILIAS\DI\Container $dic;
45  protected ilAuthSession $authSession;
46  protected ilAppEventHandler $eventHandler;
47  protected ilSetting $setting;
48  protected ilAccessHandler $access;
49 
50  protected RefineryFactory $refinery;
51  protected HTTPServices $http;
52  protected ilHelpGUI $help;
53 
57  public function __construct(
58  ilObjUser $user = null,
59  ilTermsOfServiceDocumentEvaluation $termsOfServiceEvaluation = null,
60  ilGlobalTemplateInterface $mainTemplate = null,
61  ServerRequestInterface $httpRequest = null
62  ) {
63  global $DIC;
64 
65  $this->dic = $DIC;
66 
67  if ($user === null) {
68  $user = $DIC->user();
69  }
70  $this->user = $user;
71 
72  if ($termsOfServiceEvaluation === null) {
73  $termsOfServiceEvaluation = $DIC['tos.document.evaluator'];
74  }
75  $this->termsOfServiceEvaluation = $termsOfServiceEvaluation;
76 
77  if ($mainTemplate === null) {
78  $mainTemplate = $DIC->ui()->mainTemplate();
79  }
80  $this->mainTemplate = $mainTemplate;
81 
82  if ($httpRequest === null) {
83  $httpRequest = $DIC->http()->request();
84  }
85  $this->httpRequest = $httpRequest;
86 
87  $this->ctrl = $DIC->ctrl();
88  $this->lng = $DIC->language();
89  $this->lng->loadLanguageModule('auth');
90  $this->logger = ilLoggerFactory::getLogger('init');
91  $this->authSession = $DIC['ilAuthSession'];
92  $this->eventHandler = $DIC->event();
93  $this->setting = $DIC->settings();
94  $this->access = $DIC->access();
95  $this->help = $DIC->help();
96 
97  $this->http = $DIC->http();
98  $this->refinery = $DIC->refinery();
99 
100  $this->ctrl->saveParameter($this, array("rep_ref_id", "lang", "target", "client_id"));
101  $this->user->setLanguage($this->lng->getLangKey());
102  $this->help->setScreenIdComponent('init');
103  }
104 
105  protected function initTargetFromQuery(): string
106  {
107  if ($this->http->wrapper()->query()->has('target')) {
108  return $this->http->wrapper()->query()->retrieve(
109  'target',
110  $this->refinery->kindlyTo()->string()
111  );
112  }
113  return '';
114  }
115 
119  public function getUnsafeGetCommands(): array
120  {
121  return [
122  'doLogout'
123  ];
124  }
125 
129  public function getSafePostCommands(): array
130  {
131  return [
132  'doStandardAuthentication',
133  ];
134  }
135 
141  public function executeCommand()
142  {
143  $cmd = $this->ctrl->getCmd("processIndexPHP");
144  $next_class = $this->ctrl->getNextClass($this);
145  switch ($next_class) {
146  case 'ilLoginPageGUI':
147  break;
148 
149  case "ilaccountregistrationgui":
150  require_once("Services/Registration/classes/class.ilAccountRegistrationGUI.php");
151  return $this->ctrl->forwardCommand(new ilAccountRegistrationGUI());
152 
153  case "ilpasswordassistancegui":
154  require_once("Services/Init/classes/class.ilPasswordAssistanceGUI.php");
155  return $this->ctrl->forwardCommand(new ilPasswordAssistanceGUI());
156 
157  case strtolower(ilAccessibilityControlConceptGUI::class):
158  return $this->ctrl->forwardCommand(new ilAccessibilityControlConceptGUI());
159 
160  default:
161  if (method_exists($this, $cmd)) {
162  $this->$cmd();
163  return null;
164  }
165  }
166 
167  // because this class now implements ilCtrlSecurityInterface,
168  // it may occur that commands are null, therefore I added
169  // this as a fallback method.
170  $this->showLoginPageOrStartupPage();
171  return null;
172  }
173 
177  public function getLogger(): ilLogger
178  {
179  return $this->logger;
180  }
181 
186  public function jumpToRegistration(): void
187  {
188  $this->ctrl->setCmdClass("ilaccountregistrationgui");
189  $this->ctrl->setCmd("");
190  $this->executeCommand();
191  }
192 
197  public function jumpToPasswordAssistance(): void
198  {
199  $this->ctrl->setCmdClass("ilpasswordassistancegui");
200  $this->ctrl->setCmd("");
201  $this->executeCommand();
202  }
203 
207  protected function showLoginPageOrStartupPage(): void
208  {
212  $auth_session = $this->authSession;
213  $ilAppEventHandler = $this->eventHandler;
214 
215  $force_login = false;
216  if (isset($_REQUEST['cmd']) &&
217  !is_array($_REQUEST['cmd']) &&
218  strcmp($_REQUEST['cmd'], 'force_login') === 0
219  ) {
220  $force_login = true;
221  }
222 
223  if ($force_login) {
224  $this->logger->debug('Force login');
225  if ($auth_session->isValid()) {
226  $messages = $this->retrieveMessagesFromSession();
227  $this->logger->debug('Valid session -> logout current user');
228  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
229  $auth_session->logout();
230 
231  $ilAppEventHandler->raise(
232  'Services/Authentication',
233  'afterLogout',
234  array(
235  'username' => $this->user->getLogin()
236  )
237  );
238  }
239  $this->logger->debug('Show login page');
240  if (isset($messages) && count($messages) > 0) {
241  foreach ($messages as $type => $content) {
242  $this->mainTemplate->setOnScreenMessage($type, $content);
243  }
244  }
245  $this->showLoginPage();
246  return;
247  }
248 
249  if ($auth_session->isValid()) {
250  $this->logger->debug('Valid session -> redirect to starting page');
251  ilInitialisation::redirectToStartingPage();
252  return;
253  }
254  $this->logger->debug('No valid session -> show login');
255  $this->showLoginPage();
256  }
257 
263  protected function showLoginPage(ilPropertyFormGUI $form = null): void
264  {
265  global $tpl;
266 
267  $this->help->setSubScreenId('login');
268 
269  $this->getLogger()->debug('Showing login page');
270 
271  $extUid = $this->http->wrapper()->query()->retrieve(
272  'ext_uid',
273  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
274  );
275  $soapPw = $this->http->wrapper()->query()->retrieve(
276  'soap_pw',
277  $this->refinery->byTrying([$this->refinery->kindlyTo()->string(), $this->refinery->always('')])
278  );
279  $credentials = new ilAuthFrontendCredentialsSoap(
280  $GLOBALS['DIC']->http()->request(),
281  $this->ctrl,
282  $this->setting
283  );
284  $credentials->setUsername($extUid);
285  $credentials->setPassword($soapPw);
286  $credentials->tryAuthenticationOnLoginPage();
287 
288  $frontend = new ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
289  $frontend->tryAuthenticationOnLoginPage();
290 
291  $tpl = self::initStartUpTemplate("tpl.login.html");
292  $this->mainTemplate->addCss(ilObjStyleSheet::getContentStylePath(0));
293  $this->mainTemplate->addCss(ilObjStyleSheet::getSyntaxStylePath());
294 
295  $page_editor_html = $this->getLoginPageEditorHTML();
296  $page_editor_html = $this->showOpenIdConnectLoginForm($page_editor_html);
297  $page_editor_html = $this->showLoginInformation($page_editor_html, $tpl);
298  $page_editor_html = $this->showLoginForm($page_editor_html, $form);
299  $page_editor_html = $this->showCASLoginForm($page_editor_html);
300  $page_editor_html = $this->showShibbolethLoginForm($page_editor_html);
301  $page_editor_html = $this->showSamlLoginForm($page_editor_html);
302  $page_editor_html = $this->showRegistrationLinks($page_editor_html);
303  $page_editor_html = $this->showTermsOfServiceLink($page_editor_html);
304  $page_editor_html = $this->purgePlaceholders($page_editor_html);
305 
306  // check expired session and send message
307  if ($this->authSession->isExpired() || $this->http->wrapper()->query()->has('session_expired')) {
308  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('auth_err_expired'));
309  } elseif ($this->http->wrapper()->query()->has('reg_confirmation_msg')) {
310  $this->lng->loadLanguageModule('registration');
311  $message_key = $this->http->wrapper()->query()->retrieve(
312  'reg_confirmation_msg',
313  $this->refinery->kindlyTo()->string()
314  );
315  $message_type = "reg_account_confirmation_successful" === $message_key ?
316  ilGlobalTemplateInterface::MESSAGE_TYPE_SUCCESS : ilGlobalTemplateInterface::MESSAGE_TYPE_FAILURE;
317  $this->mainTemplate->setOnScreenMessage(
318  $message_type,
319  $this->lng->txt($message_key)
320  );
321  }
322  if ($page_editor_html !== '') {
323  $tpl->setVariable('LPE', $page_editor_html);
324  }
325  $tosWithdrawalGui = new ilTermsOfServiceWithdrawalGUIHelper($this->user);
326  $tosWithdrawalGui->setWithdrawalInfoForLoginScreen($this->httpRequest);
327  self::printToGlobalTemplate($tpl);
328  }
329 
333  public static function printToGlobalTemplate($tpl): void
334  {
335  global $DIC;
336  $gtpl = $DIC['tpl'];
337  $gtpl->setContent($tpl->get());
338  $gtpl->printToStdout("DEFAULT", false, true);
339  }
340 
341  protected function retrieveMessagesFromSession(): array
342  {
343  $messages = [];
344  if (ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_FAILURE)) {
345  $messages[ilGlobalTemplate::MESSAGE_TYPE_FAILURE] = ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_FAILURE);
346  }
347  if (ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_SUCCESS)) {
348  $messages[ilGlobalTemplate::MESSAGE_TYPE_SUCCESS] = ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_SUCCESS);
349  }
350  if (ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_INFO)) {
351  $messages[ilGlobalTemplate::MESSAGE_TYPE_INFO] = ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_INFO);
352  }
353  if (ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_QUESTION)) {
354  $messages[ilGlobalTemplate::MESSAGE_TYPE_QUESTION] = ilSession::get(ilGlobalTemplate::MESSAGE_TYPE_QUESTION);
355  }
356  return $messages;
357  }
358 
359  protected function showCodeForm($a_username = null, $a_form = null): void
360  {
361  $this->help->setSubScreenId('code_input');
362 
363  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt("time_limit_reached"));
364 
365  $tpl = self::initStartUpTemplate("tpl.login_reactivate_code.html");
366  $tpl->setVariable("FORM", ($a_form ?? $this->initCodeForm($a_username))->getHTML());
367 
368  self::printToGlobalTemplate($tpl);
369  }
370 
371  protected function initCodeForm(string $a_username): ilPropertyFormGUI
372  {
373  $this->lng->loadLanguageModule("auth");
374  $form = new ilPropertyFormGUI();
375  $form->setFormAction($this->ctrl->getFormAction($this, 'showcodeform'));
376  $form->setTitle($this->lng->txt('auth_account_code_title'));
377 
378  $count = new ilTextInputGUI($this->lng->txt('auth_account_code'), 'code');
379  $count->setRequired(true);
380  $count->setInfo($this->lng->txt('auth_account_code_info'));
381  $form->addItem($count);
382 
383  // #11658
384  $uname = new ilHiddenInputGUI("uname");
385  $uname->setValue($a_username);
386  $form->addItem($uname);
387  $form->addCommandButton('processCode', $this->lng->txt('send'));
388  return $form;
389  }
390 
394  protected function processCode(): ?bool
395  {
396  $uname = $_POST["uname"];
397  $form = $this->initCodeForm($uname);
398  if ($uname && $form->checkInput()) {
399  $code = $form->getInput("code");
400  if (ilAccountCode::isUnusedCode($code)) {
401  $valid_until = ilAccountCode::getCodeValidUntil($code);
402  if (!$user_id = ilObjUser::_lookupId($uname)) {
403  $this->showLoginPage();
404  return false;
405  }
406  $invalid_code = false;
407  $user = new ilObjUser($user_id);
408 
409  if ($valid_until === "0") {
410  $user->setTimeLimitUnlimited(true);
411  } else {
412  if (is_numeric($valid_until)) {
413  $valid_until = strtotime("+" . $valid_until . "days");
414  } else {
415  $valid_until = explode("-", $valid_until);
416  $valid_until = mktime(
417  23,
418  59,
419  59,
420  $valid_until[1],
421  $valid_until[2],
422  $valid_until[0]
423  );
424  if ($valid_until < time()) {
425  $invalid_code = true;
426  }
427  }
428 
429  if (!$invalid_code) {
430  $user->setTimeLimitUnlimited(false);
431  $user->setTimeLimitUntil($valid_until);
432  }
433  }
434 
435  if (!$invalid_code) {
436  $user->setActive(true);
437  ilAccountCode::useCode($code);
438  // apply registration code role assignments
439  ilAccountCode::applyRoleAssignments($user, $code);
440  // apply registration code tie limits
441  ilAccountCode::applyAccessLimits($user, $code);
442 
443  $user->update();
444 
445  $this->ctrl->setParameter($this, "cu", 1);
446  $this->lng->loadLanguageModule('auth');
447  $this->mainTemplate->setOnScreenMessage('success', $GLOBALS['DIC']->language()->txt('auth_activation_code_success'), true);
448  $this->ctrl->redirect($this, "showLoginPage");
449  }
450  }
451 
452  $this->lng->loadLanguageModule("user");
453  $field = $form->getItemByPostVar("code");
454  $field->setAlert($this->lng->txt("user_account_code_not_valid"));
455  }
456 
457  $form->setValuesByPost();
458  $this->showCodeForm($uname, $form);
459  return null;
460  }
461 
466  protected function initStandardLoginForm(): ilPropertyFormGUI
467  {
468  include_once 'Services/Form/classes/class.ilPropertyFormGUI.php';
469  $form = new ilPropertyFormGUI();
470  $form->setFormAction($this->ctrl->getFormAction($this, 'doStandardAuthentication'));
471  $form->setName("formlogin");
472  $form->setShowTopButtons(false);
473  $form->setTitle($this->lng->txt("login_to_ilias"));
474 
475  include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
476  $det = ilAuthModeDetermination::_getInstance();
477  if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
478  $visible_auth_methods = array();
479  $radg = new ilRadioGroupInputGUI($this->lng->txt("auth_selection"), "auth_mode");
480  foreach (ilAuthUtils::_getMultipleAuthModeOptions($this->lng) as $key => $option) {
481  if (isset($option['hide_in_ui']) && $option['hide_in_ui']) {
482  continue;
483  }
484 
485  $op1 = new ilRadioOption($option['txt'], $key);
486  $radg->addOption($op1);
487  if (isset($option['checked'])) {
488  $radg->setValue($key);
489  }
490  $visible_auth_methods[] = $op1;
491  }
492 
493  if (count($visible_auth_methods) === 1) {
494  $first_auth_method = current($visible_auth_methods);
495  $hidden_auth_method = new ilHiddenInputGUI("auth_mode");
496  $hidden_auth_method->setValue($first_auth_method->getValue());
497  $form->addItem($hidden_auth_method);
498  } else {
499  $form->addItem($radg);
500  }
501  }
502 
503  $ti = new ilTextInputGUI($this->lng->txt("username"), "username");
504  $ti->setSize(20);
505  $ti->setRequired(true);
506  $form->addItem($ti);
507 
508  $pi = new ilPasswordInputGUI($this->lng->txt("password"), "password");
509  $pi->setUseStripSlashes(false);
510  $pi->setRetype(false);
511  $pi->setSkipSyntaxCheck(true);
512  $pi->setSize(20);
513  $pi->setDisableHtmlAutoComplete(false);
514  $pi->setRequired(true);
515  $form->addItem($pi);
516 
517  $form->addCommandButton("doStandardAuthentication", $this->lng->txt("log_in"));
518 
519  return $form;
520  }
521 
525  protected function doShibbolethAuthentication(): void
526  {
527  $this->getLogger()->debug('Trying shibboleth authentication');
528 
529  $credentials = new ilAuthFrontendCredentialsShibboleth();
530  $credentials->initFromRequest();
531 
532  $provider_factory = new ilAuthProviderFactory();
533  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_SHIBBOLETH);
534 
535  $status = ilAuthStatus::getInstance();
536 
537  $frontend_factory = new ilAuthFrontendFactory();
538  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
539  $frontend = $frontend_factory->getFrontend(
540  $this->authSession,
541  $status,
542  $credentials,
543  array($provider)
544  );
545 
546  $frontend->authenticate();
547 
548  switch ($status->getStatus()) {
549  case ilAuthStatus::STATUS_AUTHENTICATED:
550  $this->logger->debug('Authentication successful; Redirecting to starting page.');
551  ilInitialisation::redirectToStartingPage();
552  return;
553 
554  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
555  $this->ctrl->redirect($this, 'showAccountMigration');
556  return;
557 
558  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
559  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
560  $this->ctrl->redirect($this, 'showLoginPage');
561  return;
562  }
563  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
564  $this->showLoginPage();
565  }
566 
567  protected function doCasAuthentication(): void
568  {
569  $this->getLogger()->debug('Trying cas authentication');
570  $credentials = new ilAuthFrontendCredentialsCAS();
571 
572  $provider_factory = new ilAuthProviderFactory();
573  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_CAS);
574 
575  $status = ilAuthStatus::getInstance();
576 
577  $frontend_factory = new ilAuthFrontendFactory();
578  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
579  $frontend = $frontend_factory->getFrontend(
580  $this->authSession,
581  $status,
582  $credentials,
583  array($provider)
584  );
585 
586  $frontend->authenticate();
587  switch ($status->getStatus()) {
588  case ilAuthStatus::STATUS_AUTHENTICATED:
589  $this->getLogger()->debug('Authentication successful.');
590  ilInitialisation::redirectToStartingPage();
591  break;
592 
593  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
594  default:
595  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()));
596  $this->showLoginPage();
597  }
598  }
599 
603  protected function doLTIAuthentication(): void
604  {
605  $this->getLogger()->debug('Trying lti authentication');
606 
607  $credentials = new ilAuthFrontendCredentialsLTI();
608  $credentials->initFromRequest();
609 
610  $provider_factory = new ilAuthProviderFactory();
611  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_PROVIDER_LTI);
612 
613  $status = ilAuthStatus::getInstance();
614 
615  $frontend_factory = new ilAuthFrontendFactory();
616  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
617  $frontend = $frontend_factory->getFrontend(
618  $this->authSession,
619  $status,
620  $credentials,
621  array($provider)
622  );
623 
624  $frontend->authenticate();
625 
626  switch ($status->getStatus()) {
627  case ilAuthStatus::STATUS_AUTHENTICATED:
628  ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
629  ilInitialisation::redirectToStartingPage();
630  return;
631 
632  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
633  $this->ctrl->redirect($this, 'showAccountMigration');
634  return;
635 
636  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
637  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt($status->getReason()), true);
638  $this->ctrl->redirect($this, 'showLoginPage');
639  return;
640  }
641 
642  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
643  $this->showLoginPage();
644  }
645 
649  protected function doApacheAuthentication(): void
650  {
651  $this->getLogger()->debug('Trying apache authentication');
652 
653  $credentials = new \ilAuthFrontendCredentialsApache($this->httpRequest, $this->ctrl);
654  $credentials->initFromRequest();
655 
656  $provider_factory = new \ilAuthProviderFactory();
657  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_APACHE);
658 
659  $status = \ilAuthStatus::getInstance();
660 
661  $frontend_factory = new \ilAuthFrontendFactory();
662  $frontend_factory->setContext(\ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
663  $frontend = $frontend_factory->getFrontend(
664  $this->authSession,
665  $status,
666  $credentials,
667  array($provider)
668  );
669 
670  $frontend->authenticate();
671 
672  switch ($status->getStatus()) {
673  case \ilAuthStatus::STATUS_AUTHENTICATED:
674  if ($credentials->hasValidTargetUrl()) {
675  $this->logger->debug(sprintf(
676  'Authentication successful. Redirecting to starting page: %s',
677  $credentials->getTargetUrl()
678  ));
679  $this->ctrl->redirectToURL($credentials->getTargetUrl());
680  } else {
681  $this->logger->debug(
682  'Authentication successful, but no valid target URL given. Redirecting to default starting page.'
683  );
684  \ilInitialisation::redirectToStartingPage();
685  }
686  break;
687 
688  case \ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
689  $this->ctrl->redirect($this, 'showAccountMigration');
690  break;
691 
692  case \ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
693  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
694  $this->ctrl->redirectToURL(\ilUtil::appendUrlParameterString(
695  $this->ctrl->getLinkTarget($this, 'showLoginPage', '', false, false),
696  'passed_sso=1'
697  ));
698  break;
699  }
700 
701  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
702  $this->showLoginPage();
703  }
704 
708  protected function doStandardAuthentication(): void
709  {
710  $form = $this->initStandardLoginForm();
711  if ($form->checkInput()) {
712  $this->getLogger()->debug('Trying to authenticate user.');
713 
714  $auth_callback = function () use ($form) {
715  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendCredentials.php';
716  $credentials = new ilAuthFrontendCredentials();
717  $credentials->setUsername($form->getInput('username'));
718  $credentials->setPassword($form->getInput('password'));
719 
720  // set chosen auth mode
721  include_once './Services/Authentication/classes/class.ilAuthModeDetermination.php';
722  $det = ilAuthModeDetermination::_getInstance();
723  if (ilAuthUtils::_hasMultipleAuthenticationMethods() and $det->isManualSelection()) {
724  $credentials->setAuthMode($form->getInput('auth_mode'));
725  }
726 
727  include_once './Services/Authentication/classes/Provider/class.ilAuthProviderFactory.php';
728  $provider_factory = new ilAuthProviderFactory();
729  $providers = $provider_factory->getProviders($credentials);
730 
731  include_once './Services/Authentication/classes/class.ilAuthStatus.php';
732  $status = ilAuthStatus::getInstance();
733 
734  include_once './Services/Authentication/classes/Frontend/class.ilAuthFrontendFactory.php';
735  $frontend_factory = new ilAuthFrontendFactory();
736  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
737  $frontend = $frontend_factory->getFrontend(
738  $this->authSession,
739  $status,
740  $credentials,
741  $providers
742  );
743 
744  $frontend->authenticate();
745 
746  return $status;
747  };
748 
749  if (null !== ($auth_duration = $this->setting->get("auth_duration"))) {
750  $duration = $this->http->durations()->callbackDuration((int) $auth_duration);
751  $status = $duration->stretch($auth_callback);
752  } else {
753  $status = $auth_callback();
754  }
755 
756  switch ($status->getStatus()) {
757  case ilAuthStatus::STATUS_AUTHENTICATED:
758  ilLoggerFactory::getLogger('auth')->debug('Authentication successful; Redirecting to starting page.');
759  ilInitialisation::redirectToStartingPage();
760  return;
761 
762  case ilAuthStatus::STATUS_CODE_ACTIVATION_REQUIRED:
763  $uname = ilObjUser::_lookupLogin($status->getAuthenticatedUserId());
764  $this->showLoginPage($this->initCodeForm($uname));
765  return;
766 
767  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
768  $this->ctrl->redirect($this, 'showAccountMigration');
769  // no break
770  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
771  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason());
772  $this->showLoginPage($form);
773  return;
774  }
775  }
776  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
777  $this->showLoginPage($form);
778  }
779 
783  protected function showLoginForm(string $page_editor_html, ilPropertyFormGUI $form = null): string
784  {
785  global $tpl;
786 
787  // @todo move this to auth utils.
788  // login via ILIAS (this also includes ldap)
789  // If local authentication is enabled for shibboleth users, we
790  // display the login form for ILIAS here.
791  if (($this->setting->get("auth_mode") != ilAuthUtils::AUTH_SHIBBOLETH ||
792  $this->setting->get("shib_auth_allow_local")) &&
793  $this->setting->get("auth_mode") != ilAuthUtils::AUTH_CAS) {
794  if (!$form instanceof ilPropertyFormGUI) {
795  $form = $this->initStandardLoginForm();
796  }
797 
798  return $this->substituteLoginPageElements(
799  $tpl,
800  $page_editor_html,
801  $form->getHTML(),
802  '[list-login-form]',
803  'LOGIN_FORM'
804  );
805  }
806  return $page_editor_html;
807  }
808 
812  protected function showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl): string
813  {
814  if (strlen($page_editor_html)) {
815  // page editor active return
816  return $page_editor_html;
817  }
818 
819  $loginSettings = new ilSetting("login_settings");
820  $information = $loginSettings->get("login_message_" . $this->lng->getLangKey());
821 
822  if (strlen(trim($information))) {
823  $tpl->setVariable("TXT_LOGIN_INFORMATION", $information);
824  }
825  return $page_editor_html;
826  }
827 
831  protected function showCASLoginForm(string $page_editor_html): string
832  {
833  // cas login link
834  if ($this->setting->get("cas_active")) {
835  $tpl = new ilTemplate('tpl.login_form_cas.html', true, true, 'Services/Init');
836  $tpl->setVariable("TXT_CAS_LOGIN", $this->lng->txt("login_to_ilias_via_cas"));
837  $tpl->setVariable("TXT_CAS_LOGIN_BUTTON", ilUtil::getImagePath("cas_login_button.png"));
838  $tpl->setVariable("TXT_CAS_LOGIN_INSTRUCTIONS", $this->setting->get("cas_login_instructions"));
839  $this->ctrl->setParameter($this, "forceCASLogin", "1");
840  $tpl->setVariable("TARGET_CAS_LOGIN", $this->ctrl->getLinkTarget($this, "doCasAuthentication"));
841  $this->ctrl->setParameter($this, "forceCASLogin", "");
842 
843  return $this->substituteLoginPageElements(
844  $GLOBALS['tpl'],
845  $page_editor_html,
846  $tpl->get(),
847  '[list-cas-login-form]',
848  'CAS_LOGIN_FORM'
849  );
850  }
851  return $page_editor_html;
852  }
853 
857  protected function showShibbolethLoginForm(string $page_editor_html): string
858  {
859  $target = $this->initTargetFromQuery();
860 
861  // shibboleth login link
862  if ($this->setting->get("shib_active")) {
863  $tpl = new ilTemplate('tpl.login_form_shibboleth.html', true, true, 'Services/Init');
864 
865  $tpl->setVariable(
866  'SHIB_FORMACTION',
867  './shib_login.php'
868  ); // Bugfix http://ilias.de/mantis/view.php?id=10662 {$tpl->setVariable('SHIB_FORMACTION', $this->ctrl->getFormAction($this));}
869  $federation_name = $this->setting->get("shib_federation_name");
870  $admin_mail = ' <a href="mailto:' . $this->setting->get("admin_email") . '">ILIAS ' . $this->lng->txt(
871  "administrator"
872  ) . '</a>.';
873  if ($this->setting->get("shib_hos_type") == 'external_wayf') {
874  $tpl->setCurrentBlock("shibboleth_login");
875  $tpl->setVariable("TXT_SHIB_LOGIN", $this->lng->txt("login_to_ilias_via_shibboleth"));
876  $tpl->setVariable("IL_TARGET", $target);
877  $tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $this->setting->get("shib_federation_name"));
878  $tpl->setVariable("TXT_SHIB_LOGIN_BUTTON", $this->setting->get("shib_login_button"));
879  $tpl->setVariable(
880  "TXT_SHIB_LOGIN_INSTRUCTIONS",
881  sprintf(
882  $this->lng->txt("shib_general_login_instructions"),
883  $federation_name,
884  $admin_mail
885  )
886  );
887  $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $this->setting->get("shib_login_instructions"));
888  $tpl->parseCurrentBlock();
889  } elseif ($this->setting->get("shib_hos_type") == 'embedded_wayf') {
890  $tpl->setCurrentBlock("shibboleth_custom_login");
891  $customInstructions = stripslashes($this->setting->get("shib_login_instructions"));
892  $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $customInstructions);
893  $tpl->parseCurrentBlock();
894  } else {
895  $tpl->setCurrentBlock("shibboleth_wayf_login");
896  $tpl->setVariable("TXT_SHIB_LOGIN", $this->lng->txt("login_to_ilias_via_shibboleth"));
897  $tpl->setVariable("TXT_SHIB_FEDERATION_NAME", $this->setting->get("shib_federation_name"));
898  $tpl->setVariable(
899  "TXT_SELECT_HOME_ORGANIZATION",
900  sprintf(
901  $this->lng->txt("shib_select_home_organization"),
902  $this->setting->get("shib_federation_name")
903  )
904  );
905  $tpl->setVariable("TXT_CONTINUE", $this->lng->txt("btn_next"));
906  $tpl->setVariable("TXT_SHIB_HOME_ORGANIZATION", $this->lng->txt("shib_home_organization"));
907  $tpl->setVariable(
908  "TXT_SHIB_LOGIN_INSTRUCTIONS",
909  sprintf(
910  $this->lng->txt("shib_general_wayf_login_instructions"),
911  $admin_mail
912  )
913  );
914  $tpl->setVariable("TXT_SHIB_CUSTOM_LOGIN_INSTRUCTIONS", $this->setting->get("shib_login_instructions"));
915 
916  $ilShibbolethWAYF = new ilShibbolethWAYF();
917 
918  $tpl->setVariable("TXT_SHIB_INVALID_SELECTION", $ilShibbolethWAYF->showNotice());
919  $tpl->setVariable("SHIB_IDP_LIST", $ilShibbolethWAYF->generateSelection());
920  $tpl->setVariable("ILW_TARGET", $target);
921  $tpl->parseCurrentBlock();
922  }
923 
924  return $this->substituteLoginPageElements(
925  $GLOBALS['tpl'],
926  $page_editor_html,
927  $tpl->get(),
928  '[list-shibboleth-login-form]',
929  'SHIB_LOGIN_FORM'
930  );
931  }
932 
933  return $page_editor_html;
934  }
935 
945  protected function substituteLoginPageElements(
946  $tpl,
947  string $page_editor_html,
948  string $element_html,
949  string $placeholder,
950  string $fallback_tplvar
951  ): string {
952  if (!strlen($page_editor_html)) {
953  $tpl->setVariable($fallback_tplvar, $element_html);
954  return $page_editor_html;
955  }
956  // Try to replace placeholders
957  if (!stristr($page_editor_html, $placeholder)) {
958  $tpl->setVariable($fallback_tplvar, $element_html);
959  return $page_editor_html;
960  }
961  return str_replace($placeholder, $element_html, $page_editor_html);
962  }
963 
968  protected function getLoginPageEditorHTML(): string
969  {
970  include_once './Services/Authentication/classes/class.ilAuthLoginPageEditorSettings.php';
971  $lpe = ilAuthLoginPageEditorSettings::getInstance();
972  $active_lang = $lpe->getIliasEditorLanguage($this->lng->getLangKey());
973 
974  if (!$active_lang) {
975  return '';
976  }
977 
978  // if page does not exist, return nothing
979  include_once './Services/COPage/classes/class.ilPageUtil.php';
980  if (!ilPageUtil::_existsAndNotEmpty('auth', ilLanguage::lookupId($active_lang))) {
981  return '';
982  }
983 
984  // get page object
985  $page_gui = new ilLoginPageGUI(ilLanguage::lookupId($active_lang));
986 
987  include_once("./Services/Style/Content/classes/class.ilObjStyleSheet.php");
988  $page_gui->setStyleId(0);
989 
990  $page_gui->setPresentationTitle("");
991  $page_gui->setTemplateOutput(false);
992  $page_gui->setHeader("");
993  $ret = $page_gui->showPage();
994 
995  return $ret;
996  }
997 
1001  protected function showRegistrationLinks(string $page_editor_html): string
1002  {
1003  global $tpl, $ilIliasIniFile;
1004 
1005  $rtpl = new ilTemplate('tpl.login_registration_links.html', true, true, 'Services/Init');
1006 
1007  // allow new registrations?
1008  include_once 'Services/Registration/classes/class.ilRegistrationSettings.php';
1009  if (ilRegistrationSettings::_lookupRegistrationType() != ilRegistrationSettings::IL_REG_DISABLED) {
1010  $rtpl->setCurrentBlock("new_registration");
1011  $rtpl->setVariable("REGISTER", $this->lng->txt("registration"));
1012  $rtpl->setVariable(
1013  "CMD_REGISTER",
1014  $this->ctrl->getLinkTargetByClass("ilaccountregistrationgui", "")
1015  );
1016  $rtpl->parseCurrentBlock();
1017  }
1018  // allow password assistance? Surpress option if Authmode is not local database
1019  if ($this->setting->get("password_assistance")) {
1020  $rtpl->setCurrentBlock("password_assistance");
1021  $rtpl->setVariable("FORGOT_PASSWORD", $this->lng->txt("forgot_password"));
1022  $rtpl->setVariable("FORGOT_USERNAME", $this->lng->txt("forgot_username"));
1023  $rtpl->setVariable(
1024  "CMD_FORGOT_PASSWORD",
1025  $this->ctrl->getLinkTargetByClass("ilpasswordassistancegui", "")
1026  );
1027  $rtpl->setVariable(
1028  "CMD_FORGOT_USERNAME",
1029  $this->ctrl->getLinkTargetByClass("ilpasswordassistancegui", "showUsernameAssistanceForm")
1030  );
1031  $rtpl->setVariable("LANG_ID", $this->lng->getLangKey());
1032  $rtpl->parseCurrentBlock();
1033  }
1034 
1035  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1036  $this->access->checkAccessOfUser(ANONYMOUS_USER_ID, "read", "", ROOT_FOLDER_ID)) {
1037  $rtpl->setCurrentBlock("homelink");
1038  $rtpl->setVariable(
1039  "CLIENT_ID",
1040  "?client_id=" . CLIENT_ID . "&lang=" . $this->lng->getLangKey()
1041  );
1042  $rtpl->setVariable("TXT_HOME", $this->lng->txt("home"));
1043  $rtpl->parseCurrentBlock();
1044  }
1045 
1046  return $this->substituteLoginPageElements(
1047  $tpl,
1048  $page_editor_html,
1049  $rtpl->get(),
1050  '[list-registration-link]',
1051  'REG_PWD_CLIENT_LINKS'
1052  );
1053  }
1054 
1058  protected function showTermsOfServiceLink(string $page_editor_html): string
1059  {
1060  global $tpl;
1061 
1062  if (!$this->user->getId()) {
1063  $this->user->setId(ANONYMOUS_USER_ID);
1064  }
1065 
1066  $helper = new ilTermsOfServiceHelper();
1067  if ($helper->isGloballyEnabled() && $this->termsOfServiceEvaluation->hasDocument()) {
1068  $utpl = new ilTemplate('tpl.login_terms_of_service_link.html', true, true, 'Services/Init');
1069  $utpl->setVariable('TXT_TERMS_OF_SERVICE', $this->lng->txt('usr_agreement'));
1070  $utpl->setVariable('LINK_TERMS_OF_SERVICE', $this->ctrl->getLinkTarget($this, 'showTermsOfService'));
1071 
1072  return $this->substituteLoginPageElements(
1073  $tpl,
1074  $page_editor_html,
1075  $utpl->get(),
1076  '[list-user-agreement]',
1077  'USER_AGREEMENT'
1078  );
1079  }
1080 
1081  return $this->substituteLoginPageElements(
1082  $GLOBALS['tpl'],
1083  $page_editor_html,
1084  '',
1085  '[list-user-agreement]',
1086  'USER_AGREEMENT'
1087  );
1088  }
1089 
1093  protected function purgePlaceholders(string $page_editor_html): string
1094  {
1095  return str_replace(
1096  array(
1097  '[list-registration-link]',
1098  '[list-user-agreement]',
1099  '[list-login-form]',
1100  '[list-cas-login-form]',
1101  '[list-saml-login]',
1102  '[list-shibboleth-login-form]',
1103  '[list-openid-connect-login]'
1104  ),
1105  array('', '', '', '', '', '', ''),
1106  $page_editor_html
1107  );
1108  }
1109 
1113  public function showAccountMigration(string $message = ''): void
1114  {
1115  $this->help->setSubScreenId('account_migration');
1116 
1117  $tpl = self::initStartUpTemplate('tpl.login_account_migration.html');
1118 
1119  $form = new ilPropertyFormGUI();
1120  $form->setFormAction($this->ctrl->getFormAction($this, 'migrateAccount'));
1121 
1122  $form->setTitle($this->lng->txt('auth_account_migration'));
1123  $form->addCommandButton('migrateAccount', $this->lng->txt('save'));
1124  $form->addCommandButton('showLogin', $this->lng->txt('cancel'));
1125 
1126  $rad = new ilRadioGroupInputGUI($this->lng->txt('auth_account_migration_name'), 'account_migration');
1127  $rad->setValue(1);
1128 
1129  $keep = new ilRadioOption(
1130  $this->lng->txt('auth_account_migration_keep'),
1131  static::ACCOUNT_MIGRATION_MIGRATE,
1132  $this->lng->txt('auth_info_migrate')
1133  );
1134  $user = new ilTextInputGUI($this->lng->txt('login'), 'mig_username');
1135  $user->setRequired(true);
1136  $user->setValue(
1137  ilLegacyFormElementsUtil::prepareFormOutput(
1138  (string) ($this->httpRequest->getParsedBody()['mig_username'] ?? '')
1139  )
1140  );
1141  $user->setSize(32);
1142  $user->setMaxLength(128);
1143  $keep->addSubItem($user);
1144 
1145  $pass = new ilPasswordInputGUI($this->lng->txt('password'), 'mig_password');
1146  $pass->setRetype(false);
1147  $pass->setRequired(true);
1148  $pass->setValue(
1149  ilLegacyFormElementsUtil::prepareFormOutput(
1150  (string) ($this->httpRequest->getParsedBody()['mig_password'] ?? '')
1151  )
1152  );
1153  $pass->setSize(12);
1154  $pass->setMaxLength(128);
1155  $keep->addSubItem($pass);
1156  $rad->addOption($keep);
1157 
1158  $new = new ilRadioOption(
1159  $this->lng->txt('auth_account_migration_new'),
1160  static::ACCOUNT_MIGRATION_NEW,
1161  $this->lng->txt('auth_info_add')
1162  );
1163  $rad->addOption($new);
1164 
1165  $form->addItem($rad);
1166 
1167  $tpl->setVariable('MIG_FORM', $form->getHTML());
1168 
1169  if (strlen($message)) {
1170  $this->mainTemplate->setOnScreenMessage('failure', $message);
1171  }
1172 
1173  self::printToGlobalTemplate($tpl);
1174  }
1175 
1176  protected function migrateAccount(): void
1177  {
1178  if (!isset($this->httpRequest->getParsedBody()['account_migration'])) {
1179  $this->showAccountMigration(
1180  $this->lng->txt('select_one')
1181  );
1182  return;
1183  }
1184 
1185  if (
1186  ((int) $this->httpRequest->getParsedBody()['account_migration'] === self::ACCOUNT_MIGRATION_MIGRATE) &&
1187  (
1188  !isset($this->httpRequest->getParsedBody()['mig_username']) ||
1189  !is_string($this->httpRequest->getParsedBody()['mig_username']) ||
1190  0 === strlen($this->httpRequest->getParsedBody()['mig_username']) ||
1191  !isset($this->httpRequest->getParsedBody()['mig_password']) ||
1192  !is_string($this->httpRequest->getParsedBody()['mig_password'])
1193  )
1194  ) {
1195  $this->showAccountMigration(
1196  $this->lng->txt('err_wrong_login')
1197  );
1198  return;
1199  }
1200 
1201  if ((int) $this->httpRequest->getParsedBody()['account_migration'] == self::ACCOUNT_MIGRATION_MIGRATE) {
1202  $this->doMigration();
1203  return;
1204  } elseif ((int) $this->httpRequest->getParsedBody()['account_migration'] == static::ACCOUNT_MIGRATION_NEW) {
1205  $this->doMigrationNewAccount();
1206  return;
1207  }
1208  return;
1209  }
1210 
1211  protected function doMigrationNewAccount(): bool
1212  {
1213  $credentials = new ilAuthFrontendCredentials();
1214  $credentials->setUsername(ilSession::get(ilAuthFrontend::MIG_EXTERNAL_ACCOUNT));
1215 
1216  $provider_factory = new ilAuthProviderFactory();
1217  $provider = $provider_factory->getProviderByAuthMode(
1218  $credentials,
1219  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1220  );
1221 
1222  $this->logger->debug('Using provider: ' . get_class($provider) . ' for further processing.');
1223 
1224  $status = ilAuthStatus::getInstance();
1225 
1226  $frontend_factory = new ilAuthFrontendFactory();
1227  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1228  $frontend = $frontend_factory->getFrontend(
1229  $GLOBALS['DIC']['ilAuthSession'],
1230  $status,
1231  $credentials,
1232  [$provider]
1233  );
1234 
1235  if ($frontend->migrateAccountNew()) {
1236  ilInitialisation::redirectToStartingPage();
1237  }
1238 
1239  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
1240  $this->ctrl->redirect($this, 'showAccountMigration');
1241 
1242  return true;
1243  }
1244 
1245  protected function doMigration(): bool
1246  {
1247  $username = '';
1248  if ($this->http->wrapper()->post()->has('mig_username')) {
1249  $username = $this->http->wrapper()->post()->retrieve(
1250  'mig_username',
1251  $this->refinery->kindlyTo()->string()
1252  );
1253  }
1254  $password = '';
1255  if ($this->http->wrapper()->post()->has('mig_password')) {
1256  $password = $this->http->wrapper()->post()->retrieve(
1257  'mig_password',
1258  $this->refinery->kindlyTo()->string()
1259  );
1260  }
1261 
1262  $this->logger->debug('Starting account migration for user: ' . ilSession::get('mig_ext_account'));
1263 
1264  $credentials = new ilAuthFrontendCredentials();
1265  $credentials->setUsername($username);
1266  $credentials->setPassword($password);
1267 
1268  $provider_factory = new ilAuthProviderFactory();
1269  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_LOCAL);
1270 
1271  $status = ilAuthStatus::getInstance();
1272 
1273  $frontend_factory = new ilAuthFrontendFactory();
1274  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1275  $frontend = $frontend_factory->getFrontend(
1276  $this->authSession,
1277  $status,
1278  $credentials,
1279  array($provider)
1280  );
1281 
1282  $frontend->authenticate();
1283 
1284  switch ($status->getStatus()) {
1285  case ilAuthStatus::STATUS_AUTHENTICATED:
1286  $this->getLogger()->debug('Account migration: authentication successful for ' . $username);
1287 
1288  $provider = $provider_factory->getProviderByAuthMode(
1289  $credentials,
1290  ilSession::get(ilAuthFrontend::MIG_TRIGGER_AUTHMODE)
1291  );
1292  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
1293  $frontend = $frontend_factory->getFrontend(
1294  $GLOBALS['DIC']['ilAuthSession'],
1295  $status,
1296  $credentials,
1297  [$provider]
1298  );
1299  if (
1300  $frontend->migrateAccount($GLOBALS['DIC']['ilAuthSession'])
1301  ) {
1302  ilInitialisation::redirectToStartingPage();
1303  } else {
1304  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'), true);
1305  $this->ctrl->redirect($this, 'showAccountMigration');
1306  }
1307  break;
1308 
1309  default:
1310  $this->getLogger()->info('Account migration failed for user ' . $username);
1311  $this->showAccountMigration($GLOBALS['lng']->txt('err_wrong_login'));
1312  return false;
1313  }
1314  }
1315 
1319  protected function showLogout(): void
1320  {
1321  global $DIC;
1322 
1323  $ilIliasIniFile = $DIC['ilIliasIniFile'];
1324 
1325  $this->help->setSubScreenId('logout');
1326 
1327  $tpl = self::initStartUpTemplate("tpl.logout.html");
1328  $client_id = '';
1329  if ($this->http->wrapper()->query()->has('client_id')) {
1330  $client_id = $this->http->wrapper()->query()->retrieve(
1331  'client_id',
1332  $this->refinery->kindlyTo()->string()
1333  );
1334  }
1335  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1336  $tpl->setCurrentBlock("homelink");
1337  $tpl->setVariable("CLIENT_ID", "?client_id=" . $client_id . "&lang=" . $this->lng->getLangKey());
1338  $tpl->setVariable("TXT_HOME", $this->lng->txt("home"));
1339  $tpl->parseCurrentBlock();
1340  }
1341 
1342  $tosWithdrawalGui = new ilTermsOfServiceWithdrawalGUIHelper($this->user);
1343 
1344  $tpl->setVariable("TXT_PAGEHEADLINE", $this->lng->txt("logout"));
1345  $tpl->setVariable(
1346  "TXT_LOGOUT_TEXT",
1347  $this->lng->txt("logout_text") . $tosWithdrawalGui->getWithdrawalTextForLogoutScreen($this->httpRequest)
1348  );
1349  $tpl->setVariable("TXT_LOGIN", $this->lng->txt("login_to_ilias"));
1350  $tpl->setVariable(
1351  "CLIENT_ID",
1352  "?client_id=" . $client_id . "&cmd=force_login&lang=" . $this->lng->getLangKey()
1353  );
1354 
1355  self::printToGlobalTemplate($tpl);
1356  }
1357 
1361  public function doLogout(): void
1362  {
1363  global $DIC;
1364 
1365  $ilIliasIniFile = $DIC['ilIliasIniFile'];
1366 
1367  $this->eventHandler->raise(
1368  'Services/Authentication',
1369  'beforeLogout',
1370  [
1371  'user_id' => $this->user->getId()
1372  ]
1373  );
1374 
1375  $user_language = $this->user->getLanguage();
1376 
1377  $tosWithdrawalGui = new ilTermsOfServiceWithdrawalGUIHelper($this->user);
1378  $tosWithdrawalGui->handleWithdrawalLogoutRequest($this->httpRequest, $this);
1379 
1380  $had_external_authentication = ilSession::get('used_external_auth');
1381 
1382  ilSession::setClosingContext(ilSession::SESSION_CLOSE_USER);
1383  $this->authSession->logout();
1384  $this->eventHandler->raise(
1385  'Services/Authentication',
1386  'afterLogout',
1387  array(
1388  'username' => $this->user->getLogin()
1389  )
1390  );
1391  if ((int) $this->user->getAuthMode(true) == ilAuthUtils::AUTH_SAML && $had_external_authentication) {
1392  $this->logger->info('Redirecting user to SAML logout script');
1393  $this->ctrl->redirectToURL('saml.php?action=logout&logout_url=' . urlencode(ILIAS_HTTP_PATH . '/login.php'));
1394  }
1395 
1396  // reset cookie
1397  ilUtil::setCookie("ilClientId", "");
1398 
1399  // redirect and show logout information
1400  $this->ctrl->setParameter($this, 'client_id', CLIENT_ID);
1401  $this->ctrl->setParameter($this, 'lang', $user_language);
1402  $this->ctrl->redirect($this, 'showLogout');
1403  }
1404 
1409  public function showNoCookiesScreen(): void
1410  {
1411  global $tpl;
1412 
1413  $str = "<p style=\"margin:15px;\">
1414  You need to enable Session Cookies in your Browser to use ILIAS.
1415  <br/>
1416  <br/><b>Firefox</b>
1417  <br/>Tools -> Options -> Privacy -> Cookies
1418  <br/>Enable 'Allow sites to set cookies' and activate option 'Keep
1419  <br/>cookies' auf 'until I close Firefox'
1420  <br/>
1421  <br/><b>Mozilla/Netscape</b>
1422  <br/>Edit -> Preferences -> Privacy&Security -> Cookies
1423  <br/>Go to 'Cookie Lifetime Policy' and check option 'Accept for current
1424  <br/>session only'.
1425  <br/>
1426  <br/><b>Internet Explorer</b>
1427  <br/>Tools -> Internet Options -> Privacy -> Advanced
1428  <br/>- Check 'Override automatic cookie handling'
1429  <br/>- Check 'Always allow session cookies'
1430  </p>";
1431  $tpl->setVariable("CONTENT", $str);
1432  $tpl->printToStdout();
1433  }
1434 
1438  protected function getAcceptance(): void
1439  {
1440  $this->showTermsOfService();
1441  }
1442 
1443  protected function confirmAcceptance(): void
1444  {
1445  $this->showTermsOfService(true);
1446  }
1447 
1448  protected function confirmWithdrawal(): void
1449  {
1450  if (!$this->user->getId()) {
1451  $this->user->setId(ANONYMOUS_USER_ID);
1452  }
1453  $back_to_login = false;
1454  if ($this->user->getPref('consent_withdrawal_requested') != 1) {
1455  $back_to_login = true;
1456  }
1457  $tpl = self::initStartUpTemplate('tpl.view_terms_of_service.html', $back_to_login, !$back_to_login);
1458 
1459  $helper = new ilTermsOfServiceHelper();
1460  $handleDocument = $helper->isGloballyEnabled() && $this->termsOfServiceEvaluation->hasDocument();
1461  if ($handleDocument) {
1462  $document = $this->termsOfServiceEvaluation->document();
1463  if ('confirmWithdrawal' === $this->ctrl->getCmd()) {
1464  if (isset($this->httpRequest->getParsedBody()['status']) && 'withdrawn' === $this->httpRequest->getParsedBody()['status']) {
1465  $helper->deleteAcceptanceHistoryByUser($this->user->getId());
1466  $this->ctrl->redirectToUrl(self::logoutUrl());
1467  }
1468  }
1469 
1470  $tpl->setVariable('FORM_ACTION', $this->ctrl->getFormAction($this, $this->ctrl->getCmd()));
1471  $tpl->setVariable('ACCEPT_CHECKBOX', ilLegacyFormElementsUtil::formCheckbox(0, 'status', 'accepted'));
1472  $tpl->setVariable('ACCEPT_TERMS_OF_SERVICE', $this->lng->txt('accept_usr_agreement'));
1473  $tpl->setVariable('TXT_SUBMIT', $this->lng->txt('submit'));
1474 
1475  $tpl->setPermanentLink('usr', null, 'agreement');
1476  $tpl->setVariable('TERMS_OF_SERVICE_CONTENT', $document->content());
1477  } else {
1478  $tpl->setVariable(
1479  'TERMS_OF_SERVICE_CONTENT',
1480  sprintf(
1481  $this->lng->txt('no_agreement_description'),
1482  'mailto:' . ilLegacyFormElementsUtil::prepareFormOutput(
1483  ilSystemSupportContacts::getMailsToAddress()
1484  )
1485  )
1486  );
1487  }
1488 
1489  self::printToGlobalTemplate($tpl);
1490  }
1491 
1499  protected function showTermsOfService(bool $accepted = false): void
1500  {
1501  $this->help->setSubScreenId('terms_of_service');
1502 
1503  $back_to_login = ('getAcceptance' !== $this->ctrl->getCmd());
1504  $target = $this->initTargetFromQuery();
1505 
1506  if (!$this->user->getId()) {
1507  $this->user->setId(ANONYMOUS_USER_ID);
1508  }
1509 
1510  $tpl = self::initStartUpTemplate('tpl.view_terms_of_service.html', $back_to_login, !$back_to_login);
1511 
1512  $is_read_only_view = true;
1513 
1514  $helper = new ilTermsOfServiceHelper();
1515  $handleDocument = $helper->isGloballyEnabled() && $this->termsOfServiceEvaluation->hasDocument();
1516  if ($handleDocument) {
1517  $document = $this->termsOfServiceEvaluation->document();
1518  if (
1519  'confirmAcceptance' === $this->ctrl->getCmd() ||
1520  'getAcceptance' === $this->ctrl->getCmd()
1521  ) {
1522  if ($accepted) {
1523  $helper->trackAcceptance($this->user, $document);
1524 
1525  if (ilSession::get('orig_request_target')) {
1526  $target = ilSession::get('orig_request_target');
1527  ilSession::set('orig_request_target', '');
1528  $this->ctrl->redirectToURL($target);
1529  } else {
1530  $this->ctrl->redirectToURL('index.php?target=' . $target . '&client_id=' . CLIENT_ID);
1531  }
1532  }
1533 
1534  $this->mainTemplate->setTitle($this->lng->txt('accept_usr_agreement'));
1535  $this->mainTemplate->setOnScreenMessage('info', $this->lng->txt('accept_usr_agreement_intro'));
1536  $is_read_only_view = false;
1537 
1538  $tpl->setVariable('FORM_ACTION', $this->ctrl->getFormAction($this, $this->ctrl->getCmd()));
1539  $tpl->setVariable('ACCEPT_TERMS_OF_SERVICE', $this->lng->txt('accept_usr_agreement'));
1540  $tpl->setVariable('TXT_ACCEPT', $this->lng->txt('accept_usr_agreement_btn'));
1541  $tpl->setVariable('DENY_TERMS_OF_SERVICE', $this->lng->txt('deny_usr_agreement'));
1542  $tpl->setVariable(
1543  'DENIAL_BUTTON',
1544  $this->dic->ui()->renderer()->render(
1545  $this->dic->ui()->factory()->button()->standard(
1546  $this->dic->language()->txt('deny_usr_agreement_btn'),
1547  self::logoutUrl(['withdraw_consent' => ''])
1548  )
1549  )
1550  );
1551  }
1552 
1553  $tpl->setPermanentLink('usr', 0, 'agreement');
1554  $tpl->setVariable('TERMS_OF_SERVICE_CONTENT', $document->content());
1555  } else {
1556  $tpl->setVariable(
1557  'TERMS_OF_SERVICE_CONTENT',
1558  sprintf(
1559  $this->lng->txt('no_agreement_description'),
1560  'mailto:' . ilLegacyFormElementsUtil::prepareFormOutput(
1561  ilSystemSupportContacts::getMailsToAddress()
1562  )
1563  )
1564  );
1565  }
1566 
1567  if ($is_read_only_view) {
1568  if ($this->user->isAnonymous()) {
1569  $this->lng->loadLanguageModule('tos');
1570  $this->mainTemplate->setTitle($this->lng->txt('tos_accept_usr_agreement_anonymous'));
1571  $this->mainTemplate->setOnScreenMessage('info', $this->lng->txt('tos_accept_usr_agreement_anonymous_intro'));
1572  } else {
1573  $this->mainTemplate->setTitle($this->lng->txt('usr_agreement'));
1574  $this->mainTemplate->setOnScreenMessage('info', $this->lng->txt('usr_agreement_footer_intro'));
1575  }
1576  }
1577 
1578  self::printToGlobalTemplate($tpl);
1579  }
1580 
1584  protected function processIndexPHP(): void
1585  {
1586  global $ilIliasIniFile, $ilAuth, $ilSetting;
1587 
1588  // In case of an valid session, redirect to starting page
1589  if ($this->authSession->isValid()) {
1590  if (!$this->user->isAnonymous() || ilPublicSectionSettings::getInstance()->isEnabledForDomain(
1591  $this->httpRequest->getServerParams()['SERVER_NAME']
1592  )) {
1593  ilInitialisation::redirectToStartingPage();
1594  return;
1595  }
1596  }
1597 
1598  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME'])) {
1599  ilInitialisation::goToPublicSection();
1600  }
1601 
1602  // otherwise show login page
1603  $this->showLoginPage();
1604  }
1605 
1610  public static function _checkGoto($a_target)
1611  {
1612  global $DIC;
1613  global $objDefinition, $ilUser;
1614  $component_factory = $DIC["component.factory"];
1615 
1616  $access = $DIC->access();
1617 
1618  foreach ($component_factory->getActivePluginsInSlot("uihk") as $ui_plugin) {
1619  $gui_class = $ui_plugin->getUIClassInstance();
1620  $resp = $gui_class->checkGotoHook($a_target);
1621  if ($resp["target"] !== false) {
1622  $a_target = $resp["target"];
1623  break;
1624  }
1625  }
1626 
1627  if ($a_target == "") {
1628  return false;
1629  }
1630 
1631  $t_arr = explode("_", $a_target);
1632  $type = $t_arr[0];
1633 
1634  if ($type == "git") {
1635  $type = "glo";
1636  }
1637 
1638  if ($type == "pg" | $type == "st") {
1639  $type = "lm";
1640  }
1641 
1642  $class = $objDefinition->getClassName($type);
1643  if ($class == "") {
1644  return false;
1645  }
1646 
1647  $location = $objDefinition->getLocation($type);
1648  $full_class = "ilObj" . $class . "Access";
1649  include_once($location . "/class." . $full_class . ".php");
1650 
1651  $ret = call_user_func(array($full_class, "_checkGoto"), $a_target);
1652 
1653  // if no access and repository object => check for parent course/group
1654  if (!$ret &&
1655  !stristr($a_target, "_wsp") &&
1656  $ilUser->getId() != ANONYMOUS_USER_ID && // #10637
1657  !$objDefinition->isAdministrationObject($type) &&
1658  $objDefinition->isRBACObject($type) &&
1659  $t_arr[1]) {
1660  global $tree, $rbacsystem, $ilAccess;
1661 
1662  // original type "pg" => pg_<page_id>[_<ref_id>]
1663  $ref_id = 0;
1664  if ($t_arr[0] == "pg") {
1665  if (isset($t_arr[2])) {
1666  $ref_id = (int) $t_arr[2];
1667  } else {
1668  $lm_id = ilLMObject::_lookupContObjID($t_arr[1]);
1669  $ref_ids = ilObject::_getAllReferences($lm_id);
1670  if ($ref_ids) {
1671  $ref_id = array_shift($ref_ids);
1672  }
1673  }
1674  } else {
1675  $ref_id = (int) $t_arr[1];
1676  }
1677 
1678  if ($ref_id < 1) {
1679  return false;
1680  }
1681 
1682  include_once "Services/Membership/classes/class.ilParticipants.php";
1683  $block_obj = array();
1684 
1685  // walk path to find parent container
1686  $path = $tree->getPathId($ref_id);
1687  array_pop($path);
1688  foreach ($path as $path_ref_id) {
1689  $redirect_infopage = false;
1690  $add_member_role = false;
1691 
1692  $ptype = ilObject::_lookupType($path_ref_id, true);
1693  $pobj_id = ilObject::_lookupObjId($path_ref_id);
1694 
1695  // core checks: timings/object-specific
1696  if (
1697  !$access->doActivationCheck('read', '', $path_ref_id, $ilUser->getId(), $pobj_id, $ptype) ||
1698  !$access->doStatusCheck('read', '', $path_ref_id, $ilUser->getId(), $pobj_id, $ptype)
1699  ) {
1700  // object in path is inaccessible - aborting
1701  return false;
1702  } elseif ($ptype == "crs") {
1703  // check if already participant
1704  $participants = ilCourseParticipant::_getInstanceByObjId($pobj_id, $ilUser->getId());
1705  if (!$participants->isAssigned()) {
1706  // subscription currently possible?
1707  include_once "Modules/Course/classes/class.ilObjCourse.php";
1708  if (ilObjCourse::_isActivated($pobj_id) &&
1709  ilObjCourse::_registrationEnabled($pobj_id)) {
1710  $block_obj[] = $path_ref_id;
1711  $add_member_role = true;
1712  } else {
1713  $redirect_infopage = true;
1714  }
1715  }
1716  } elseif ($ptype == "grp") {
1717  // check if already participant
1718  include_once "Modules/Group/classes/class.ilGroupParticipants.php";
1719  if (!ilGroupParticipants::_isParticipant($path_ref_id, $ilUser->getId())) {
1720  // subscription currently possible?
1721  include_once "Modules/Group/classes/class.ilObjGroup.php";
1722  $group_obj = new ilObjGroup($path_ref_id);
1723  if ($group_obj->isRegistrationEnabled()) {
1724  $block_obj[] = $path_ref_id;
1725  $add_member_role = true;
1726  } else {
1727  $redirect_infopage = true;
1728  }
1729  }
1730  }
1731 
1732  // add members roles for all "blocking" objects
1733  if ($add_member_role) {
1734  // cannot join? goto will never work, so redirect to current object
1735  $rbacsystem->resetPACache($ilUser->getId(), $path_ref_id);
1736  if (!$rbacsystem->checkAccess("join", $path_ref_id)) {
1737  $redirect_infopage = true;
1738  } else {
1739  $rbacsystem->addTemporaryRole(
1740  $ilUser->getId(),
1741  ilParticipants::getDefaultMemberRole($path_ref_id)
1742  );
1743  }
1744  }
1745 
1746  // redirect to infopage of 1st blocking object in path
1747  if ($redirect_infopage) {
1748  if ($rbacsystem->checkAccess("visible", $path_ref_id)) {
1749  ilUtil::redirect("ilias.php?baseClass=ilRepositoryGUI" .
1750  "&ref_id=" . $path_ref_id . "&cmd=infoScreen");
1751  } else {
1752  return false;
1753  }
1754  }
1755  }
1756 
1757  // check if access will be possible with all (possible) member roles added
1758  $rbacsystem->resetPACache($ilUser->getId(), $ref_id);
1759  if ($rbacsystem->checkAccess("read", $ref_id) && sizeof($block_obj)) { // #12128
1760  // this won't work with lm-pages (see above)
1761  // include_once "Services/Link/classes/class.ilLink.php";
1762  // $_SESSION["pending_goto"] = ilLink::_getStaticLink($ref_id, $type);
1763 
1764  // keep original target
1765  $_SESSION["pending_goto"] = "goto.php?target=" . $a_target;
1766 
1767  // redirect to 1st non-member object in path
1768  ilUtil::redirect("ilias.php?baseClass=ilRepositoryGUI" .
1769  "&ref_id=" . array_shift($block_obj));
1770  }
1771  }
1772 
1773  return $ret;
1774  }
1775 
1776  public function confirmRegistration(): void
1777  {
1778  $this->lng->loadLanguageModule('registration');
1779 
1780  ilUtil::setCookie('iltest', 'cookie', false);
1781  $regitration_hash = '';
1782  if ($this->http->wrapper()->query()->has('rh')) {
1783  $regitration_hash = $this->http->wrapper()->query()->retrieve(
1784  'rh',
1785  $this->refinery->kindlyTo()->string()
1786  );
1787  }
1788  if (!strlen($regitration_hash) || !strlen(trim($regitration_hash))) {
1789  $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_FAILURE, $this->lng->txt('reg_confirmation_hash_not_passed'), true);
1790  $this->ctrl->redirectToURL(sprintf(
1791  './login.php?cmd=force_login&lang=%s',
1792  $this->lng->getLangKey()
1793  ));
1794  }
1795 
1796  try {
1797  $oRegSettings = new ilRegistrationSettings();
1798 
1799  $usr_id = ilObjUser::_verifyRegistrationHash(trim($regitration_hash));
1801  $user = ilObjectFactory::getInstanceByObjId($usr_id);
1802  $user->setActive(true);
1803  $password = '';
1804  if ($oRegSettings->passwordGenerationEnabled()) {
1805  $passwords = ilSecuritySettingsChecker::generatePasswords(1);
1806  $password = $passwords[0];
1807  $user->setPasswd($password, ilObjUser::PASSWD_PLAIN);
1808  $user->setLastPasswordChangeTS(time());
1809  }
1810  $user->update();
1811 
1812  $target = $user->getPref('reg_target');
1813  if (strlen($target) > 0) {
1814  // Used for ilAccountMail in ilAccountRegistrationMail, which relies on this super global ...
1815  // @todo: fixme
1816  $_GET['target'] = $target;
1817  }
1818 
1819  $accountMail = new ilAccountRegistrationMail(
1820  $oRegSettings,
1821  $this->lng,
1822  ilLoggerFactory::getLogger('user')
1823  );
1824  $accountMail->withEmailConfirmationRegistrationMode()->send($user, $password);
1825 
1826  $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_SUCCESS, $this->lng->txt('reg_account_confirmation_successful'), true);
1827  $this->ctrl->redirectToURL(sprintf(
1828  './login.php?cmd=force_login&lang=%s',
1829  $user->getLanguage()
1830  ));
1831  } catch (ilRegConfirmationLinkExpiredException $exception) {
1832  $soap_client = new ilSoapClient();
1833  $soap_client->setResponseTimeout(1);
1834  $soap_client->enableWSDL(true);
1835  $soap_client->init();
1836 
1837  $this->logger->info('Triggered soap call (background process) for deletion of inactive user objects with expired confirmation hash values (dual opt in) ...');
1838 
1839  $soap_client->call(
1840  'deleteExpiredDualOptInUserObjects',
1841  [
1842  $_COOKIE[session_name()] . '::' . CLIENT_ID,
1843  $exception->getCode() // user id
1844  ]
1845  );
1846 
1847  $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_FAILURE, $this->lng->txt($exception->getMessage()), true);
1848  $this->ctrl->redirectToURL(sprintf(
1849  './login.php?cmd=force_login&lang=%s',
1850  $this->lng->getLangKey()
1851  ));
1852  } catch (ilRegistrationHashNotFoundException $exception) {
1853  $this->mainTemplate->setOnScreenMessage(ilGlobalTemplate::MESSAGE_TYPE_FAILURE, $this->lng->txt($exception->getMessage()), true);
1854  $this->ctrl->redirectToURL(sprintf(
1855  './login.php?cmd=force_login&lang=%s',
1856  $this->lng->getLangKey()
1857  ));
1858  }
1859  }
1860 
1867  public static function initStartUpTemplate($a_tmpl, bool $a_show_back = false, bool $a_show_logout = false): ilGlobalTemplateInterface
1868  {
1876  global $lng, $ilAccess, $ilSetting;
1877  $tpl = new ilGlobalTemplate("tpl.main.html", true, true);
1878 
1879  $tpl->addBlockfile('CONTENT', 'content', 'tpl.startup_screen.html', 'Services/Init');
1880 
1881  $view_title = $lng->txt('login_to_ilias');
1882  if ($a_show_back) {
1883  // #13400
1884  $param = 'client_id=' . CLIENT_ID . '&lang=' . $lng->getLangKey();
1885 
1886  $tpl->setCurrentBlock('link_item_bl');
1887  $tpl->setVariable('LINK_TXT', $view_title);
1888  $tpl->setVariable('LINK_URL', 'login.php?cmd=force_login&' . $param);
1889  $tpl->parseCurrentBlock();
1890 
1891  include_once './Services/Init/classes/class.ilPublicSectionSettings.php';
1892  if (ilPublicSectionSettings::getInstance()->isEnabledForDomain($_SERVER['SERVER_NAME']) &&
1893  $ilAccess->checkAccessOfUser(ANONYMOUS_USER_ID, 'read', '', ROOT_FOLDER_ID)) {
1894  $tpl->setVariable('LINK_URL', 'index.php?' . $param);
1895  $tpl->setVariable('LINK_TXT', $lng->txt('home'));
1896  $tpl->parseCurrentBlock();
1897  }
1898  } elseif ($a_show_logout) {
1899  $view_title = $lng->txt('logout');
1900  $tpl->setCurrentBlock('link_item_bl');
1901  $tpl->setVariable('LINK_TXT', $view_title);
1902  $tpl->setVariable('LINK_URL', self::logoutUrl());
1903  $tpl->parseCurrentBlock();
1904  }
1905 
1906  if (is_array($a_tmpl)) {
1907  $template_file = $a_tmpl[0];
1908  $template_dir = $a_tmpl[1];
1909  } else {
1910  $template_file = $a_tmpl;
1911  $template_dir = 'Services/Init';
1912  }
1913 
1914  $tpl->addBlockFile('STARTUP_CONTENT', 'startup_content', $template_file, $template_dir);
1915 
1916  PageContentProvider::setViewTitle($view_title);
1917  $short_title = $ilSetting->get('short_inst_name');
1918  if (trim($short_title) === "") {
1919  $short_title = 'ILIAS';
1920  }
1921  PageContentProvider::setShortTitle($short_title);
1922 
1923  $header_title = ilObjSystemFolder::_getHeaderTitle();
1924  PageContentProvider::setTitle($header_title);
1925 
1926  return $tpl;
1927  }
1928 
1929  protected function showSamlLoginForm(string $page_editor_html): string
1930  {
1931  require_once 'Services/Saml/classes/class.ilSamlIdp.php';
1932  require_once 'Services/Saml/classes/class.ilSamlSettings.php';
1933 
1934  if (count(ilSamlIdp::getActiveIdpList()) > 0 && ilSamlSettings::getInstance()->isDisplayedOnLoginPage()) {
1935  $tpl = new ilTemplate('tpl.login_form_saml.html', true, true, 'Services/Saml');
1936 
1937  $return = '';
1938  $target = $this->initTargetFromQuery();
1939  if (strlen($target)) {
1940  $return = '?returnTo=' . urlencode(ilUtil::stripSlashes($target));
1941  }
1942 
1943  $tpl->setVariable('SAML_SCRIPT_URL', './saml.php' . $return);
1944  $tpl->setVariable('TXT_LOGIN', $this->lng->txt('saml_log_in'));
1945  $tpl->setVariable('LOGIN_TO_ILIAS_VIA_SAML', $this->lng->txt('login_to_ilias_via_saml'));
1946  $tpl->setVariable('TXT_SAML_LOGIN_TXT', $this->lng->txt('saml_login_form_txt'));
1947  $tpl->setVariable('TXT_SAML_LOGIN_INFO_TXT', $this->lng->txt('saml_login_form_info_txt'));
1948 
1949  return $this->substituteLoginPageElements(
1950  $GLOBALS['tpl'],
1951  $page_editor_html,
1952  $tpl->get(),
1953  '[list-saml-login]',
1954  'SAML_LOGIN_FORM'
1955  );
1956  }
1957 
1958  return $page_editor_html;
1959  }
1960 
1961  protected function showOpenIdConnectLoginForm(string $page_editor_html): string
1962  {
1963  $oidc_settings = ilOpenIdConnectSettings::getInstance();
1964  if ($oidc_settings->getActive()) {
1965  $tpl = new ilTemplate('tpl.login_element.html', true, true, 'Services/OpenIdConnect');
1966 
1967  $this->lng->loadLanguageModule('auth');
1968  $tpl->setVariable('TXT_OIDCONNECT_HEADER', $this->lng->txt('auth_oidc_login_element_info'));
1969 
1970  $target = $this->initTargetFromQuery();
1971  $target_str = empty($target) ? '' : ('?target=' . $target);
1972  switch ($oidc_settings->getLoginElementType()) {
1973  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_TXT:
1974  $tpl->setVariable('SCRIPT_OIDCONNECT_T', ILIAS_HTTP_PATH . '/openidconnect.php' . $target_str);
1975  $tpl->setVariable('TXT_OIDC', $oidc_settings->getLoginElemenText());
1976  break;
1977 
1978  case ilOpenIdConnectSettings::LOGIN_ELEMENT_TYPE_IMG:
1979  $tpl->setVariable('SCRIPT_OIDCONNECT_I', ILIAS_HTTP_PATH . '/openidconnect.php' . $target_str);
1980  $tpl->setVariable('IMG_SOURCE', $oidc_settings->getImageFilePath());
1981  break;
1982  }
1983 
1984  return $this->substituteLoginPageElements(
1985  $GLOBALS['tpl'],
1986  $page_editor_html,
1987  $tpl->get(),
1988  '[list-openid-connect-login]',
1989  'OPEN_ID_CONNECT_LOGIN_FORM'
1990  );
1991  }
1992 
1993  return $page_editor_html;
1994  }
1995 
1999  protected function doOpenIdConnectAuthentication(): void
2000  {
2001  $this->getLogger()->debug('Trying openid connect authentication');
2002 
2003  $credentials = new ilAuthFrontendCredentialsOpenIdConnect();
2004  $credentials->initFromRequest();
2005 
2006  $provider_factory = new ilAuthProviderFactory();
2007  $provider = $provider_factory->getProviderByAuthMode($credentials, ilAuthUtils::AUTH_OPENID_CONNECT);
2008 
2009  $status = ilAuthStatus::getInstance();
2010 
2011  $frontend_factory = new ilAuthFrontendFactory();
2012  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
2013  $frontend = $frontend_factory->getFrontend(
2014  $this->authSession,
2015  $status,
2016  $credentials,
2017  array($provider)
2018  );
2019 
2020  $frontend->authenticate();
2021 
2022  switch ($status->getStatus()) {
2023  case ilAuthStatus::STATUS_AUTHENTICATED:
2024  $this->logger->debug('Authentication successful; Redirecting to starting page.');
2025  if ($credentials->getRedirectionTarget()) {
2026  ilInitialisation::redirectToStartingPage($credentials->getRedirectionTarget());
2027  } else {
2028  ilInitialisation::redirectToStartingPage();
2029  }
2030  return;
2031 
2032  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
2033  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
2034  $this->ctrl->redirect($this, 'showLoginPage');
2035  return;
2036  }
2037  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
2038  $this->showLoginPage();
2039  }
2040 
2041  protected function doSamlAuthentication(): void
2042  {
2043  $this->getLogger()->debug('Trying saml authentication');
2044  $request = $this->httpRequest;
2045  $params = $request->getQueryParams();
2046 
2047  $factory = new ilSamlAuthFactory();
2048  $auth = $factory->auth();
2049 
2050  if (isset($params['action']) && $params['action'] === 'logout') {
2051  $logout_url = $params['logout_url'] ?? '';
2052  $this->logger->info(sprintf('Requested SAML logout: %s', $logout_url));
2053  $auth->logout($logout_url);
2054  }
2055 
2056  if (isset($params['target']) && !isset($params['returnTo'])) {
2057  $params['returnTo'] = $params['target'];
2058  }
2059  if (isset($params['returnTo'])) {
2060  $auth->storeParam('target', $params['returnTo']);
2061  }
2062 
2063  $this->logger->debug('Started SAML authentication request');
2064  if (!$auth->isAuthenticated()) {
2065  ilLoggerFactory::getLogger('auth')->debug('User is not authenticated, yet');
2066  if (!isset($request->getQueryParams()['idpentityid'], $request->getQueryParams()['saml_idp_id'])) {
2067  $activeIdps = ilSamlIdp::getActiveIdpList();
2068  if (1 === count($activeIdps)) {
2069  $idp = current($activeIdps);
2070 
2071  ilLoggerFactory::getLogger('auth')->debug(sprintf(
2072  'Found exactly one active IDP with id %s: %s',
2073  $idp->getIdpId(),
2074  $idp->getEntityId()
2075  ));
2076 
2077  $this->ctrl->setParameter($this, 'idpentityid', $idp->getEntityId());
2078  $this->ctrl->setParameter($this, 'saml_idp_id', $idp->getIdpId());
2079  $this->ctrl->setTargetScript('saml.php');
2080  $this->ctrl->redirect($this, 'doSamlAuthentication');
2081  } elseif ($activeIdps === []) {
2082  $this->logger->debug('Did not find any active IDP, skipp authentication process');
2083  $this->ctrl->redirect($this, 'showLoginPage');
2084  } else {
2085  $this->logger->debug('Found multiple active IPDs, presenting IDP selection...');
2086  $this->showSamlIdpSelection($auth, $activeIdps);
2087  return;
2088  }
2089  }
2090 
2091  $auth->storeParam('idpId', (int) $request->getQueryParams()['saml_idp_id']);
2092  $this->logger->debug(sprintf(
2093  'Stored relevant IDP id in session: %s',
2094  (string) $auth->getParam('idpId')
2095  ));
2096  }
2097 
2098  // re-init
2099  $auth = $factory->auth();
2100 
2101  $this->logger->debug('Checking SAML authentication status...');
2102  $auth->protectResource();
2103  $this->logger->debug(
2104  'SAML authentication successful, continuing with ILIAS internal authentication process...'
2105  );
2106 
2107  $idpId = (int) $auth->getParam('idpId');
2108 
2109  $this->logger->debug(sprintf(
2110  'Internal SAML IDP id fetched from session: %s',
2111  (string) $idpId
2112  ));
2113 
2114  if ($idpId < 1) {
2115  $this->logger->debug(
2116  'No valid internal IDP id found (most probably due to IDP initiated SSO), trying fallback determination...'
2117  );
2118  $authData = $auth->getAuthDataArray();
2119  if (isset($authData['saml:sp:IdP'])) {
2120  $idpId = ilSamlIdp::geIdpIdByEntityId($authData['saml:sp:IdP']);
2121  $this->logger->debug(sprintf(
2122  'Searching active ILIAS IDP by entity id "%s" results in: %s',
2123  $authData['saml:sp:IdP'],
2124  (string) $idpId
2125  ));
2126  } else {
2127  $this->logger->debug(
2128  'Could not execute fallback determination, no IDP entity ID found SAML authentication session data'
2129  );
2130  }
2131  }
2132 
2133  $target = $auth->popParam('target');
2134 
2135  $this->logger->debug(sprintf(
2136  'Retrieved "target" parameter: %s',
2137  print_r($target, true)
2138  ));
2139 
2140  $credentials = new ilAuthFrontendCredentialsSaml($auth, $request);
2141  $credentials->initFromRequest();
2142 
2143  $provider_factory = new ilAuthProviderFactory();
2144  $provider = $provider_factory->getProviderByAuthMode($credentials, ilUtil::stripSlashes(
2145  ilAuthUtils::AUTH_SAML . '_' . $idpId
2146  ));
2147 
2148  if ($target) {
2149  $credentials->setReturnTo($target);
2150  }
2151 
2152  $status = ilAuthStatus::getInstance();
2153 
2154  $frontend_factory = new ilAuthFrontendFactory();
2155  $frontend_factory->setContext(ilAuthFrontendFactory::CONTEXT_STANDARD_FORM);
2156  $frontend = $frontend_factory->getFrontend(
2157  $this->authSession,
2158  $status,
2159  $credentials,
2160  [$provider]
2161  );
2162 
2163  $frontend->authenticate();
2164 
2165  switch ($status->getStatus()) {
2166  case ilAuthStatus::STATUS_AUTHENTICATED:
2167  $this->logger->debug('Authentication successful; Redirecting to starting page.');
2168  ilInitialisation::redirectToStartingPage($target ?? '');
2169  return;
2170 
2171  case ilAuthStatus::STATUS_ACCOUNT_MIGRATION_REQUIRED:
2172  $this->ctrl->redirect($this, 'showAccountMigration');
2173  return;
2174 
2175  case ilAuthStatus::STATUS_AUTHENTICATION_FAILED:
2176  $this->mainTemplate->setOnScreenMessage('failure', $status->getTranslatedReason(), true);
2177  $this->ctrl->redirect($this, 'showLoginPage');
2178  return;
2179  }
2180 
2181  $this->mainTemplate->setOnScreenMessage('failure', $this->lng->txt('err_wrong_login'));
2182  $this->showLoginPage();
2183  }
2184 
2189  protected function showSamlIdpSelection(ilSamlAuth $auth, array $idps): void
2190  {
2191  global $DIC;
2192 
2193  $this->help->setSubScreenId('saml_idp_selection');
2194 
2195  self::initStartUpTemplate(array('tpl.saml_idp_selection.html', 'Services/Saml'));
2196 
2197  $factory = $DIC->ui()->factory();
2198  $renderer = $DIC->ui()->renderer();
2199  $DIC->ctrl()->setTargetScript('saml.php');
2200  $items = [];
2201  $table = new ilSamlIdpSelectionTableGUI($this, 'doSamlAuthentication');
2202  foreach ($idps as $idp) {
2203  $DIC->ctrl()->setParameter($this, 'saml_idp_id', $idp->getIdpId());
2204  $DIC->ctrl()->setParameter($this, 'idpentityid', urlencode($idp->getEntityId()));
2205 
2206  $items[] = [
2207  'idp_link' => $renderer->render(
2208  $factory->link()->standard(
2209  $idp->getEntityId(),
2210  $this->ctrl->getLinkTarget($this, 'doSamlAuthentication')
2211  )
2212  )
2213  ];
2214  }
2215 
2216  $table->setData($items);
2217  $this->mainTemplate->setVariable('CONTENT', $table->getHtml());
2218  $this->mainTemplate->printToStdout('DEFAULT', false);
2219  }
2220 
2226  public static function logoutUrl(array $parameters = []): string
2227  {
2228  global $DIC;
2229 
2230  $defaults = ['lang' => $DIC->user()->getCurrentLanguage()];
2231  $parameters = '&' . http_build_query(array_merge($defaults, $parameters));
2232 
2233  $DIC->ctrl()->setTargetScript('logout.php');
2234  $url = $DIC->ctrl()->getLinkTargetByClass([self::class], 'doLogout') . $parameters;
2235  $DIC->ctrl()->setTargetScript('ilias.php');
2236 
2237  return $url;
2238  }
2239 }
ilStartUpGUI\showLogout
showLogout()
Show logout screen.
Definition: class.ilStartUpGUI.php:1319
ilAuthUtils\AUTH_OPENID_CONNECT
const AUTH_OPENID_CONNECT
Definition: class.ilAuthUtils.php:45
ilStartUpGUI\_checkGoto
static _checkGoto($a_target)
Return type depends on _checkGoto calls.
Definition: class.ilStartUpGUI.php:1610
ilSession\get
static get(string $a_var)
Definition: class.ilSession.php:459
ilObjUser\setTimeLimitUnlimited
setTimeLimitUnlimited(bool $a_unlimited)
Definition: class.ilObjUser.php:1757
ilRadioOption
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilRadioOption.php:26
$ilIliasIniFile
$ilIliasIniFile
Definition: imgupload.php:32
ilAppEventHandler
Global event handler.
Definition: class.ilAppEventHandler.php:51
ilGroupParticipants\_isParticipant
static _isParticipant(int $a_ref_id, int $a_usr_id)
Static function to check if a user is a participant of the container object.
Definition: class.ilGroupParticipants.php:120
ilStartUpGUI\ACCOUNT_MIGRATION_MIGRATE
const ACCOUNT_MIGRATION_MIGRATE
Definition: class.ilStartUpGUI.php:34
ilAccessibilityControlConceptGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAccessibilityControlConceptGUI.php:23
ilLoginPageGUI
Login page GUI class.
Definition: class.ilLoginPageGUI.php:30
ilUtil\appendUrlParameterString
static appendUrlParameterString(string $a_url, string $a_par, bool $xml_style=false)
Definition: class.ilUtil.php:385
ilStartUpGUI\$termsOfServiceEvaluation
ilTermsOfServiceDocumentEvaluation $termsOfServiceEvaluation
Definition: class.ilStartUpGUI.php:42
ilStartUpGUI\showLoginInformation
showLoginInformation(string $page_editor_html, ilGlobalTemplateInterface $tpl)
Show login information.
Definition: class.ilStartUpGUI.php:812
ilAccountCode\useCode
static useCode(string $code)
Definition: class.ilAccountCode.php:208
ilAccountCode\applyRoleAssignments
static applyRoleAssignments(ilObjUser $user, string $code)
Definition: class.ilAccountCode.php:226
ilStartUpGUI\showCodeForm
showCodeForm($a_username=null, $a_form=null)
Definition: class.ilStartUpGUI.php:359
ilStartUpGUI\getLoginPageEditorHTML
getLoginPageEditorHTML()
Get HTML of ILIAS login page editor.
Definition: class.ilStartUpGUI.php:968
ANONYMOUS_USER_ID
const ANONYMOUS_USER_ID
Definition: constants.php:27
ilLoggerFactory\getLogger
static getLogger(string $a_component_id)
Get component logger.
Definition: class.ilLoggerFactory.php:89
ilStartUpGUI\doLTIAuthentication
doLTIAuthentication()
Handle lti requests.
Definition: class.ilStartUpGUI.php:603
ilAccountCode\getCodeValidUntil
static getCodeValidUntil(string $code)
Definition: class.ilAccountCode.php:213
ilStartUpGUI\__construct
__construct(ilObjUser $user=null, ilTermsOfServiceDocumentEvaluation $termsOfServiceEvaluation=null, ilGlobalTemplateInterface $mainTemplate=null, ServerRequestInterface $httpRequest=null)
ilStartUpGUI constructor.
Definition: class.ilStartUpGUI.php:57
ilAuthUtils\_hasMultipleAuthenticationMethods
static _hasMultipleAuthenticationMethods()
Definition: class.ilAuthUtils.php:394
ilObjUser\_verifyRegistrationHash
static _verifyRegistrationHash(string $a_hash)
Verifies a registration hash.
Definition: class.ilObjUser.php:3726
ilGlobalTemplate
special template class to simplify handling of ITX/PEAR
Definition: class.ilGlobalTemplate.php:15
$type
$type
Definition: proxy_ylocal.php:10
ilAccountRegistrationGUI
Class ilAccountRegistrationGUI.
Definition: class.ilAccountRegistrationGUI.php:26
ROOT_FOLDER_ID
const ROOT_FOLDER_ID
Definition: constants.php:32
$location
$location
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: buildRTE.php:22
ilStartUpGUI\$mainTemplate
ilGlobalTemplateInterface $mainTemplate
Definition: class.ilStartUpGUI.php:40
$params
if(! $DIC->user() ->getId()||!ilLTIConsumerAccess::hasCustomProviderCreationAccess()) $params
Definition: ltiregstart.php:33
ilRegConfirmationLinkExpiredException
Class for user related exception handling in ILIAS.
Definition: class.ilRegConfirmationLinkExpiredException.php:25
ilObjCourse\_isActivated
static _isActivated(int $a_obj_id)
Is activated.
Definition: class.ilObjCourse.php:560
ilAuthStatus\STATUS_AUTHENTICATION_FAILED
const STATUS_AUTHENTICATION_FAILED
Definition: class.ilAuthStatus.php:35
ilUtil\stripSlashes
static stripSlashes(string $a_str, bool $a_strip_html=true, string $a_allow="")
Definition: class.ilUtil.php:401
ilCourseParticipant\_getInstanceByObjId
static _getInstanceByObjId(int $a_obj_id, int $a_usr_id)
Definition: class.ilCourseParticipant.php:40
ilObject\_getAllReferences
static _getAllReferences(int $id)
get all reference ids for object ID
Definition: class.ilObject.php:816
ilUtil\getImagePath
static getImagePath(string $img, string $module_path="", string $mode="output", bool $offline=false)
get image path (for images located in a template directory)
Definition: class.ilUtil.php:67
ilHelpGUI
Help GUI class.
Definition: class.ilHelpGUI.php:27
ilAuthFrontendFactory
Factory for auth frontend classes.
Definition: class.ilAuthFrontendFactory.php:27
ilObjUser\PASSWD_PLAIN
const PASSWD_PLAIN
Definition: class.ilObjUser.php:29
ilAccountCode\isUnusedCode
static isUnusedCode(string $code)
Definition: class.ilAccountCode.php:203
ilObjUser\_lookupId
static _lookupId($a_user_str)
Definition: class.ilObjUser.php:674
ilInitialisation\goToPublicSection
static goToPublicSection()
go to public section
Definition: class.ilInitialisation.php:989
ilGlobalTemplateInterface\setVariable
setVariable(string $variable, $value='')
Sets the given variable to the given value.
ilStartUpGUI\processIndexPHP
processIndexPHP()
process index.php
Definition: class.ilStartUpGUI.php:1584
ilStartUpGUI\getAcceptance
getAcceptance()
Get terms of service.
Definition: class.ilStartUpGUI.php:1438
ilTermsOfServiceDocumentEvaluation
Interface ilTermsOfServiceDocumentEvaluation.
Definition: interface.ilTermsOfServiceDocumentEvaluation.php:25
ilLegacyFormElementsUtil\prepareFormOutput
static prepareFormOutput($a_str, bool $a_strip=false)
Definition: class.ilLegacyFormElementsUtil.php:38
ilParticipants\getDefaultMemberRole
static getDefaultMemberRole(int $a_ref_id)
Definition: class.ilParticipants.php:477
ilObjUser\setTimeLimitUntil
setTimeLimitUntil(?int $a_until)
Definition: class.ilObjUser.php:1747
ilStartUpGUI\executeCommand
executeCommand()
execute command
Definition: class.ilStartUpGUI.php:141
ilStartUpGUI\showTermsOfService
showTermsOfService(bool $accepted=false)
Show terms of service.
Definition: class.ilStartUpGUI.php:1499
ilStartUpGUI\printToGlobalTemplate
static printToGlobalTemplate($tpl)
Definition: class.ilStartUpGUI.php:333
ilStartUpGUI\doShibbolethAuthentication
doShibbolethAuthentication()
Trying shibboleth authentication.
Definition: class.ilStartUpGUI.php:525
ilStartUpGUI\purgePlaceholders
purgePlaceholders(string $page_editor_html)
Purge page editor html from unused placeholders.
Definition: class.ilStartUpGUI.php:1093
ilAuthFrontendCredentialsOpenIdConnect
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendCredentialsOpenIdConnect.php:24
$path
$path
Definition: ltiservices.php:32
ilStartUpGUI\$http
HTTPServices $http
Definition: class.ilStartUpGUI.php:51
ilObjUser\setPasswd
setPasswd(string $a_str, string $a_type=ilObjUser::PASSWD_PLAIN)
Definition: class.ilObjUser.php:1231
ilAuthFrontendCredentialsLTI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilAuthFrontendCredentialsLTI.php:27
ilStartUpGUI\getLogger
getLogger()
Get logger.
Definition: class.ilStartUpGUI.php:177
Services
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
ilObject\_lookupObjId
static _lookupObjId(int $ref_id)
Definition: class.ilObject.php:930
ilStartUpGUI\initStandardLoginForm
initStandardLoginForm()
Initialize the standard.
Definition: class.ilStartUpGUI.php:466
ilCtrlBaseClassInterface
Interface ilCtrlBaseClassInterface describes ilCtrl base classes.
Definition: interface.ilCtrlBaseClassInterface.php:23
$DIC
global $DIC
Definition: feed.php:28
$auth
$auth
Definition: metadata.php:76
$provider
$provider
Definition: ltitoken.php:83
ilStartUpGUI\showLoginPage
showLoginPage(ilPropertyFormGUI $form=null)
Definition: class.ilStartUpGUI.php:263
ilAuthFrontendCredentialsSaml
Class ilAuthFrontendCredentialsSaml.
Definition: class.ilAuthFrontendCredentialsSaml.php:27
ilHiddenInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilHiddenInputGUI.php:26
ilObjUser\setActive
setActive(bool $a_active, int $a_owner=0)
set user active state and updates system fields appropriately
Definition: class.ilObjUser.php:1654
ilStartUpGUI\showOpenIdConnectLoginForm
showOpenIdConnectLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1961
$messages
$messages
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: xapiexit.php:22
ilStartUpGUI\showShibbolethLoginForm
showShibbolethLoginForm(string $page_editor_html)
Show shibboleth login form.
Definition: class.ilStartUpGUI.php:857
ilPageUtil\_existsAndNotEmpty
static _existsAndNotEmpty(string $a_parent_type, int $a_id, string $a_lang="-")
checks whether page exists and is not empty (may return true on some empty pages) ...
Definition: class.ilPageUtil.php:31
$ref_id
$ref_id
Definition: ltiauth.php:67
ILIAS\FileDelivery\http
static http()
Fetches the global http state from ILIAS.
Definition: HttpServiceAware.php:54
ilRadioGroupInputGUI
This class represents a property in a property form.
Definition: class.ilRadioGroupInputGUI.php:26
ilSystemSupportContacts\getMailsToAddress
static getMailsToAddress()
Get mailto: emails.
Definition: class.ilSystemSupportContacts.php:69
ilStartUpGUI\showAccountMigration
showAccountMigration(string $message='')
Show account migration screen.
Definition: class.ilStartUpGUI.php:1113
ilAccountRegistrationMail
Class ilAccountRegistrationMail.
Definition: class.ilAccountRegistrationMail.php:25
ilStartUpGUI\$access
ilAccessHandler $access
Definition: class.ilStartUpGUI.php:48
ilStartUpGUI\logoutUrl
static logoutUrl(array $parameters=[])
Return the logout URL with a valid CSRF token.
Definition: class.ilStartUpGUI.php:2226
$_GET
$_GET['client_id']
Definition: saml1-acs.php:21
ilStartUpGUI\doApacheAuthentication
doApacheAuthentication()
Try apache auth.
Definition: class.ilStartUpGUI.php:649
ilUtil\setCookie
static setCookie(string $a_cookie_name, string $a_cookie_value='', bool $a_also_set_super_global=true, bool $a_set_cookie_invalid=false)
Definition: class.ilUtil.php:1285
ilSession\SESSION_CLOSE_USER
const SESSION_CLOSE_USER
Definition: class.ilSession.php:51
$_SERVER
$_SERVER['HTTP_HOST']
Definition: raiseError.php:10
ilObjUser\getPref
getPref(string $a_keyword)
Definition: class.ilObjUser.php:1027
ilRadioOption\setValue
setValue(string $a_value)
Definition: class.ilRadioOption.php:64
$param
$param
Definition: xapitoken.php:46
CLIENT_ID
const CLIENT_ID
Definition: constants.php:41
ilShibbolethWAYF
Class ShibbolethWAYF.
Definition: class.ilShibbolethWAYF.php:31
$GLOBALS
if(!defined('PATH_SEPARATOR')) $GLOBALS['_PEAR_default_error_mode']
Definition: PEAR.php:64
ILIAS\LTI\ToolProvider\$key
string $key
Consumer key/client ID value.
Definition: System.php:193
ilSamlAuth
Interface ilSamlAuth.
Definition: interface.ilSamlAuth.php:25
ilPasswordInputGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilPasswordInputGUI.php:26
ilLanguage\lookupId
static lookupId(string $a_lang_key)
Lookup obj_id of language.
Definition: class.ilLanguage.php:340
ilSamlIdpSelectionTableGUI
Class ilSamlIdpSelectionTableGUI.
Definition: class.ilSamlIdpSelectionTableGUI.php:25
ilStartUpGUI\$dic
ILIAS DI Container $dic
Definition: class.ilStartUpGUI.php:44
ilPasswordInputGUI\setUseStripSlashes
setUseStripSlashes(bool $a_stat)
En/disable use of stripslashes.
Definition: class.ilPasswordInputGUI.php:158
ilStartUpGUI\doStandardAuthentication
doStandardAuthentication()
Check form input; authenticate user.
Definition: class.ilStartUpGUI.php:708
ilObjStyleSheet\getContentStylePath
static getContentStylePath(int $a_style_id, bool $add_random=true, bool $add_token=true)
get content style path static (to avoid full reading)
Definition: class.ilObjStyleSheet.php:1548
ilPasswordAssistanceGUI
This file is part of ILIAS, a powerful learning management system published by ILIAS open source e-Le...
Definition: class.ilPasswordAssistanceGUI.php:29
ilLegacyFormElementsUtil\formCheckbox
static formCheckbox(bool $checked, string $varname, string $value, bool $disabled=false)
Definition: class.ilLegacyFormElementsUtil.php:261
ilStartUpGUI\substituteLoginPageElements
substituteLoginPageElements( $tpl, string $page_editor_html, string $element_html, string $placeholder, string $fallback_tplvar)
Substitute login page elements.
Definition: class.ilStartUpGUI.php:945
ilUtil\redirect
static redirect(string $a_script)
Definition: class.ilUtil.php:948
ilStartUpGUI\initCodeForm
initCodeForm(string $a_username)
Definition: class.ilStartUpGUI.php:371
ilSecuritySettingsChecker\generatePasswords
static generatePasswords(int $a_number)
Generate a number of passwords.
Definition: class.ilSecuritySettingsChecker.php:243
ilObjUser\setLastPasswordChangeTS
setLastPasswordChangeTS(int $a_last_password_change_ts)
Definition: class.ilObjUser.php:1490
ilStartUpGUI\showNoCookiesScreen
showNoCookiesScreen()
show help screen, if cookies are disabled to do: link to online help here
Definition: class.ilStartUpGUI.php:1409
ilTermsOfServiceHelper
Class ilTermsOfServiceHelper.
Definition: class.ilTermsOfServiceHelper.php:25
ilObjectFactory\getInstanceByObjId
static getInstanceByObjId(?int $obj_id, bool $stop_on_error=true)
get an instance of an Ilias object by object id
Definition: class.ilObjectFactory.php:84
ilRegistrationSettings
Class ilObjAuthSettingsGUI.
Definition: class.ilRegistrationSettings.php:26
ilObjCourse\_registrationEnabled
static _registrationEnabled(int $a_obj_id)
Registration enabled? Method is in Access class, since it is needed by Access/ListGUI.
Definition: class.ilObjCourse.php:568
ilAuthStatus\STATUS_CODE_ACTIVATION_REQUIRED
const STATUS_CODE_ACTIVATION_REQUIRED
Definition: class.ilAuthStatus.php:37
ilStartUpGUI\$ctrl
ilCtrlInterface $ctrl
Definition: class.ilStartUpGUI.php:37
ilAccountCode\applyAccessLimits
static applyAccessLimits(ilObjUser $user, string $code)
Definition: class.ilAccountCode.php:259
ilRBACAccessHandler\doActivationCheck
doActivationCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
check for activation and centralized offline status.
ilStartUpGUI\showRegistrationLinks
showRegistrationLinks(string $page_editor_html)
Show registration, password forgotten, client slection links.
Definition: class.ilStartUpGUI.php:1001
ilStartUpGUI\$authSession
ilAuthSession $authSession
Definition: class.ilStartUpGUI.php:45
ilInitialisation\redirectToStartingPage
static redirectToStartingPage(string $target='')
Definition: class.ilInitialisation.php:1935
ilAuthStatus\getInstance
static getInstance()
Get status instance.
Definition: class.ilAuthStatus.php:58
$ilSetting
global $ilSetting
Definition: privfeed.php:17
ilSession\setClosingContext
static setClosingContext(int $a_context)
set closing context (for statistics)
Definition: class.ilSession.php:487
ilStartUpGUI\$eventHandler
ilAppEventHandler $eventHandler
Definition: class.ilStartUpGUI.php:46
ilStartUpGUI\showSamlIdpSelection
showSamlIdpSelection(ilSamlAuth $auth, array $idps)
Definition: class.ilStartUpGUI.php:2189
$ilUser
$ilUser
Definition: imgupload.php:34
ilLMObject\_lookupContObjID
static _lookupContObjID(int $a_id)
get learning module id for lm object
Definition: class.ilLMObject.php:690
ilStartUpGUI\showTermsOfServiceLink
showTermsOfServiceLink(string $page_editor_html)
Show terms of service link.
Definition: class.ilStartUpGUI.php:1058
ilSamlIdp\geIdpIdByEntityId
static geIdpIdByEntityId(string $entityId)
Definition: class.ilSamlIdp.php:200
ilStartUpGUI\$refinery
RefineryFactory $refinery
Definition: class.ilStartUpGUI.php:50
ilAuthUtils\_getMultipleAuthModeOptions
static _getMultipleAuthModeOptions(ilLanguage $lng)
Definition: class.ilAuthUtils.php:426
ilSamlAuthFactory
Class ilSamlAuthFactory.
Definition: class.ilSamlAuthFactory.php:26
ilObjGroup
Class ilObjGroup.
Definition: class.ilObjGroup.php:31
$client_id
$client_id
Definition: ltiauth.php:68
$message
$message
Definition: xapiexit.php:32
$url
$url
Definition: proxy_ylocal.php:28
ilAuthLoginPageEditorSettings\getInstance
static getInstance()
Get singelton instance.
Definition: class.ilAuthLoginPageEditorSettings.php:54
ilRegistrationHashNotFoundException
Class for user related exception handling in ILIAS.
Definition: class.ilRegistrationHashNotFoundException.php:26
ilStartUpGUI\$httpRequest
ServerRequestInterface $httpRequest
Definition: class.ilStartUpGUI.php:43
$_COOKIE
$_COOKIE[session_name()]
Definition: xapitoken.php:54
$tpl
if($DIC->http() ->request() ->getMethod()=="GET" &&isset($DIC->http() ->request() ->getQueryParams()['tex'])) $tpl
Definition: latex.php:41
ilSamlIdp\getActiveIdpList
static getActiveIdpList()
Definition: class.ilSamlIdp.php:214
ilObject\_lookupType
static _lookupType(int $id, bool $reference=false)
Definition: class.ilObject.php:1091
ilStartUpGUI\showLoginForm
showLoginForm(string $page_editor_html, ilPropertyFormGUI $form=null)
Show login form.
Definition: class.ilStartUpGUI.php:783
ilStartUpGUI\doOpenIdConnectAuthentication
doOpenIdConnectAuthentication()
do open id connect authentication
Definition: class.ilStartUpGUI.php:1999
ilCtrlSecurityInterface
Interface ilCtrlSecurityInterface provides ilCtrl security information.
Definition: interface.ilCtrlSecurityInterface.php:15
ilAuthStatus\STATUS_ACCOUNT_MIGRATION_REQUIRED
const STATUS_ACCOUNT_MIGRATION_REQUIRED
Definition: class.ilAuthStatus.php:36
ilSession\set
static set(string $a_var, $a_val)
Set a value.
Definition: class.ilSession.php:451
ilStartUpGUI\doLogout
doLogout()
show logout screen
Definition: class.ilStartUpGUI.php:1361
$factory
$factory
Definition: metadata.php:75
ilStartUpGUI\jumpToPasswordAssistance
jumpToPasswordAssistance()
jump to password assistance
Definition: class.ilStartUpGUI.php:197
ilStartUpGUI\jumpToRegistration
jumpToRegistration()
jump to registration gui
Definition: class.ilStartUpGUI.php:186
ilAuthFrontendCredentialsCAS
Auth frontend credentials for CAS auth.
Definition: class.ilAuthFrontendCredentialsCAS.php:23
ilStartUpGUI\showSamlLoginForm
showSamlLoginForm(string $page_editor_html)
Definition: class.ilStartUpGUI.php:1929
ilRBACAccessHandler\doStatusCheck
doStatusCheck(string $a_permission, string $a_cmd, int $a_ref_id, int $a_user_id, int $a_obj_id, string $a_type)
object type specific check
ilStartUpGUI\showCASLoginForm
showCASLoginForm(string $page_editor_html)
Show cas login.
Definition: class.ilStartUpGUI.php:831
ilObjUser\_lookupLogin
static _lookupLogin(int $a_user_id)
Definition: class.ilObjUser.php:660