123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295 |
- <?php
- use ChamiloSession as Session;
- class ssoDrupal
- {
- public $protocol;
- public $domain;
- public $auth_uri;
- public $deauth_uri;
- public $referer;
-
- public function __construct()
- {
- $this->protocol = api_get_setting('sso_authentication_protocol');
-
-
- $domains = preg_split('/,/', api_get_setting('sso_authentication_domain'));
- $this->domain = trim($domains[0]);
- $this->auth_uri = api_get_setting('sso_authentication_auth_uri');
- $this->deauth_uri = api_get_setting('sso_authentication_unauth_uri');
-
- $this->referer = $this->protocol.$_SERVER['HTTP_HOST'].substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], 'sso'));
- $this->deauth_url = $this->protocol.$this->domain.$this->deauth_uri;
- $this->master_url = $this->protocol.$this->domain.$this->auth_uri;
- $this->referrer_uri = base64_encode($_SERVER['REQUEST_URI']);
- $this->target = api_get_path(WEB_PATH);
- }
-
- public function logout()
- {
-
-
-
- if (empty($_GET['no_redirect'])) {
- header('Location: '.$this->deauth_url.'&stop=1');
- } else {
- header('Location: '.$this->protocol.$this->domain);
- }
- exit;
- }
-
- public function ask_master()
- {
-
- $_SESSION['sso_challenge'] = api_generate_password(48);
-
- $params = '';
- if (empty($_GET['no_redirect'])) {
- $params = 'sso_referer='.urlencode($this->referer).
- '&sso_target='.urlencode($this->target).
- '&sso_challenge='.urlencode($_SESSION['sso_challenge']).
- '&sso_ruri='.urlencode($this->referrer_uri);
- if (strpos($this->master_url, "?") === false) {
- $params = "?{$params}";
- } else {
- $params = "&{$params}";
- }
- }
- header('Location: '.$this->master_url.$params);
- exit;
- }
-
- public function check_user()
- {
- global $_user;
- $loginFailed = false;
-
- $sso = $this->decode_cookie($_GET['sso_cookie']);
-
-
- $sso_challenge = '';
- if (isset($_SESSION['sso_challenge'])) {
- $sso_challenge = $_SESSION['sso_challenge'];
- unset($_SESSION['sso_challenge']);
- }
-
- $user_table = Database::get_main_table(TABLE_MAIN_USER);
- $sql = "SELECT id, username, password, auth_source, active, expiration_date, status
- FROM $user_table
- WHERE username = '".trim(Database::escape_string($sso['username']))."'";
- $result = Database::query($sql);
- if (Database::num_rows($result) > 0) {
- $uData = Database::fetch_array($result);
-
- if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
- if ($sso['secret'] === sha1($uData['username'].$sso_challenge.api_get_security_key())
- && ($sso['username'] == $uData['username'])) {
-
- if ($uData['active'] == '1') {
-
- if (empty($uData['expiration_date']) OR $uData['expiration_date'] > date('Y-m-d H:i:s') OR $uData['expiration_date'] == '0000-00-00 00:00:00') {
-
- if (api_get_multiple_access_url()) {
-
-
- $current_access_url_id = api_get_current_access_url_id();
-
-
- $my_url_list = api_get_access_url_from_user($uData['id']);
- } else {
- $current_access_url_id = 1;
- $my_url_list = array(1);
- }
- $my_user_is_admin = UserManager::is_admin($uData['id']);
- if ($my_user_is_admin === false) {
- if (is_array($my_url_list) && count($my_url_list) > 0) {
- if (in_array($current_access_url_id, $my_url_list)) {
-
- $_user['user_id'] = $uData['id'];
- $_user = api_get_user_info($_user['user_id']);
- $_user['uidReset'] = true;
- Session::write('_user', $_user);
- Event::event_login($_user['user_id']);
-
- $sso_target = '';
- if (!empty($sso['ruri'])) {
-
-
-
-
- $sso_target = api_get_path(WEB_PATH).base64_decode($sso['ruri']);
- } else {
- $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH).'index.php';
- }
- header('Location: '.$sso_target);
- exit;
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
- exit;
- }
- } else {
-
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
- exit;
- }
- } else {
-
-
- if (in_array(1, $my_url_list)) {
-
-
- $_user['user_id'] = $uData['id'];
- $_user = api_get_user_info($_user['user_id']);
- $is_platformAdmin = $uData['status'] == COURSEMANAGER;
- Session::write('is_platformAdmin', $is_platformAdmin);
- Session::write('_user', $_user);
- Event::event_login($_user['user_id']);
- } else {
-
-
- if (in_array($current_access_url_id, $my_url_list)) {
- $_user['user_id'] = $uData['user_id'];
- $_user = api_get_user_info($_user['user_id']);
- Session::write('_user', $_user);
- Event::event_login($_user['user_id']);
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
- exit;
- }
- }
- }
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired');
- exit;
- }
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive');
- exit;
- }
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password');
- exit;
- }
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_authentication_source');
- exit;
- }
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found');
- exit;
- }
- return $loginFailed;
- }
-
- private function decode_cookie($cookie)
- {
- return unserialize(base64_decode($cookie));
- }
-
- public function generateProfileEditingURL($userId = 0, $asAdmin = false)
- {
- $userId = intval($userId);
- if (empty($userId)) {
- $userId = api_get_user_id();
- }
- $userExtraFieldValue = new ExtraFieldValue('user');
- $drupalUserIdData = $userExtraFieldValue->get_values_by_handler_and_field_variable(
- $userId,
- 'drupal_user_id'
- );
-
-
- if ($asAdmin && api_is_platform_admin(true)) {
- return api_get_path(WEB_CODE_PATH)."admin/user_edit.php?user_id=$userId";
- }
-
-
- if ($drupalUserIdData === false) {
- return api_get_path(WEB_CODE_PATH).'auth/profile.php';
- }
-
- $drupalUserId = $drupalUserIdData['value'];
- $url = "{$this->protocol}{$this->domain}/user/{$drupalUserId}/edit";
- return $url;
- }
- }
|