chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

existing CAS integration reimplemented - refs BT#16484

Browse Source
pull/3075/head
Sébastien Ducoulombier 6 years ago
parent 97df9824a7
commit 5df5a8f077
10 changed files with 419 additions and 260 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      app/config/auth.conf.dist.php
  2. 199
      main/auth/cas/authcas.php
  3. 66
      main/auth/cas/cas_var.inc.php
  4. 10
      main/auth/cas/logincas.php
  5. 6
      main/auth/cas/logout.php
  6. 97
      main/auth/external_login/ldap.inc.php
  7. 1
      main/auth/gotocourse.php
  8. 8
      main/inc/lib/online.inc.php
  9. 193
      main/inc/lib/usermanager.lib.php
  10. 80
      main/inc/local.inc.php

19
app/config/auth.conf.dist.php
Unescape View File

@ -94,11 +94,13 @@ $extldap_user_correspondance = array(
'language' => '!english',
'password' => '!PLACEHOLDER',
'extra' => array(
'title' => 'title',
'globalid' => 'employeeID',
'department' => 'department',
'country' => 'co',
'bu' => 'Company')
'title' => 'title',
'globalid' => 'employeeID',
'department' => 'department',
'country' => 'co',
'bu' => 'Company',
'casUser' => 'uid',
)
);
/**
@ -113,4 +115,9 @@ $langMainInfoDetail .= '<p>More information on OpenID is available at <a href="h
/**
* CAS
*/
//$cas = ...;
$cas = [
'force_redirect' => false,
// 'verbose' => false,
// 'debug' => '/var/log/cas_debug.log',
'noCasServerValidation' => true, // set to false in production
];

199
main/auth/cas/authcas.php
Unescape View File

@ -6,207 +6,18 @@
*/
require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php';
require_once api_get_path(SYS_PATH).'main/auth/external_login/ldap.inc.php';
require_once api_get_path(SYS_PATH).'main/auth/external_login/functions.inc.php';
/**
* @return true if cas is configured
* @return bool whether cas is configured
*/
function cas_configured()
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
$res = false;
if (!empty($cas_auth_ver) && !empty($cas_auth_server) && !empty($cas_auth_port)) {
$res = true;
}
return $res;
}
/**
* checks if the user already get a session.
*
* @return the user login if the user already has a session ,false otherwise
*/
function cas_is_authenticated()
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
global $PHPCAS_CLIENT;
global $logout;
if (!cas_configured()) {
return;
}
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::setNoCasServerValidation();
}
$auth = phpCAS::checkAuthentication();
if ($auth) {
$login = trim(phpCAS::getUser());
/*
Get user attributes. Here are the attributes for crdp platform
sn => name
ENTPersonMailInterne => mail
ENTPersonAlias => login
ENTPersonProfils => profil
givenName => first name
*/
/*$user=phpCAS::getAttributes();
$firstName = trim($user['givenName']);
$lastName = trim($user['sn']);
$login = trim($user['ENTPersonAlias']);
$profil = trim($user['ENTPersonProfils']);
$email = trim($user['ENTPersonMailInterne']);
$satus=5;
switch ($profil){
case 'admin_etab':
$status=3; //Session admin
break;
case 'admin_sie':
$status=3; //Session admin
break;
case 'National_3':
$status=1; // Teacher
break;
case 'National_1':
$status=5; // Student
break;
default:
$status=5; // Student
}*/
if (!$logout) {
// get user info from username
$tab_user_info = api_get_user_info($login);
// user found in the chamilo database
if (is_array($tab_user_info)) {
// if option is on we update user automatically from ldap server
if (api_get_setting("update_user_info_cas_with_ldap") == "true") {
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldapuser !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['user_id'] = $tab_user_info['user_id'];
$chamilo_user['status'] = $tab_user_info['status'];
UserManager::update_user(
$chamilo_user["user_id"],
$chamilo_user["firstname"],
$chamilo_user["lastname"],
$login,
null,
null,
$chamilo_user["email"],
$chamilo_user["status"],
'',
'',
'',
'',
1,
null,
0,
null,
''
);
}
}
return $login;
} // user not found
else {
// if option is on we can ADD user automatically from ldap server or by modify own profil
$user_added = false;
switch (api_get_setting("cas_add_user_activate")) {
case PLATFORM_AUTH_SOURCE:
// user will have to modify firstname, lastname, email in chamilo profil edit
$userdata = get_lang("EditInProfil");
UserManager::create_user(
$userdata,
$userdata,
'5',
$userdata,
$login,
'casplaceholder',
'',
'',
'',
'',
CAS_AUTH_SOURCE
);
$user_added = $login;
break;
case LDAP_AUTH_SOURCE:
// user info are read from ldap connexion
// get user info from ldap server
// user has already been authenticated by CAS
// If user not found in LDAP, user not created
$ldapuser = extldap_authenticate($login, 'nopass', true);
if ($ldapuser !== false) {
$chamilo_user = extldap_get_chamilo_user($ldapuser);
$chamilo_user['username'] = $login;
$chamilo_user['auth_source'] = CAS_AUTH_SOURCE;
$chamilo_uid = external_add_user($chamilo_user);
$user_added = $login;
}
break;
default:
break;
}
return $user_added;
}
foreach(['cas_server', 'cas_protocol', 'cas_port'] as $v) {
if (is_null(api_get_setting($v))) {
return false;
}
// //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap
// if (! $logout){
// $user_table = Database::get_main_table(TABLE_MAIN_USER);
// $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ".
// "FROM $user_table ".
// "WHERE username = '$login' ";
//
// $result = Database::query($sql,__FILE__,__LINE__);
// if(mysql_num_rows($result) == 0) {
// require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php');
// $rnumber=rand(0,256000);
// UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE);
// }
// else {
// $user = mysql_fetch_assoc($result);
// $user_id = intval($user['user_id']);
// //echo "deb : $status";
// UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ;
//
// }
// }
return $login;
} else {
return false;
}
}
/**
* Logs out the user of the cas
* The user MUST be logged in with cas to use this function.
*
* @param $uinfo array user info (not needed)
* @param $location string redirect url
*
* @see online_logout()
*/
function cas_logout($uinfo = null, $location = null)
{
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
global $PHPCAS_CLIENT;
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::setNoCasServerValidation();
}
if (!isset($location)) {
$location = api_get_path(WEB_PATH);
}
phpCAS::logoutWithRedirectService($location);
return phpCAS::isInitialized();
}
/*

66
main/auth/cas/cas_var.inc.php
Unescape View File

@ -4,29 +4,47 @@
* In the future, these will be in the database
*/
require_once __DIR__.'/../../../vendor/apereo/phpcas/source/CAS.php';
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
$cas_auth_server = api_get_setting('cas_server');
$cas_auth_uri = api_get_setting('cas_server_uri');
$cas_auth_port = intval(api_get_setting('cas_port'));
switch (api_get_setting('cas_protocol')) {
case 'CAS1':
$cas_auth_ver = CAS_VERSION_1_0;
break;
case 'CAS3':
$cas_auth_ver = CAS_VERSION_3_0;
break;
case 'SAML':
$cas_auth_ver = SAML_VERSION_1_1;
break;
case 'CAS2':
default:
$cas_auth_ver = CAS_VERSION_2_0;
}
if (api_is_cas_activated()) {
require_once __DIR__.'/../../../vendor/apereo/phpcas/source/CAS.php';
global $cas;
if (is_array($cas) && array_key_exists('debug', $cas) && !empty($cas['debug'])) {
phpCAS::setDebug($cas['debug']);
}
if (is_array($cas) && array_key_exists('verbose', $cas) && $cas['verbose']) {
phpCAS::setVerbose(true);
}
if (!phpCAS::isInitialized()) {
switch (api_get_setting('cas_protocol')) {
case 'CAS1':
$version = CAS_VERSION_1_0;
break;
case 'CAS3':
$version = CAS_VERSION_3_0;
break;
case 'SAML':
$version = SAML_VERSION_1_1;
break;
case 'CAS2':
default:
$version = CAS_VERSION_2_0;
}
$port = api_get_setting('cas_port');
if (is_null($port)) {
$port = 443;
} else {
$port = intval($port) ?: 443;
}
$uri = api_get_setting('cas_server_uri') ?: '';
$hostname = api_get_setting('cas_server') ?: 'localhost';
phpCAS::client($version, $hostname, $port, $uri);
$cas_auth_uri = api_get_setting('cas_server_uri');
if (!is_string($cas_auth_uri)) {
$cas_auth_uri = '';
if (is_array($cas) && array_key_exists('noCasServerValidation', $cas) && $cas['noCasServerValidation']) {
phpCAS::setNoCasServerValidation();
}
}
}

10
main/auth/cas/logincas.php
Unescape View File

@ -16,7 +16,6 @@ require '../../inc/global.inc.php';
require_once 'authcas.php';
use ChamiloSession as Session;
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
// phpCAS
/*
@ -40,15 +39,6 @@ if (cas_configured()) {
$firstpage = $_GET['firstpage'];
setcookie("GotoCourse", $firstpage);
}
if (!is_object($PHPCAS_CLIENT)) {
phpCAS::client(
$cas_auth_ver,
$cas_auth_server,
$cas_auth_port,
$cas_auth_uri
);
phpCAS::setNoCasServerValidation();
}
phpCAS::forceAuthentication();
header('Location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login'));
} else {

6
main/auth/cas/logout.php
Unescape View File

@ -6,8 +6,4 @@ logoutWithUrl() not used because with CAS v3 you cannot redirect your logout to
because of security reason.
*/
require '../..//inc/global.inc.php';
require_once 'authcas.php';
global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri);
phpCAS::logout();
online_logout($_SESSION['_user']['user_id']);

97
main/auth/external_login/ldap.inc.php
Unescape View File

@ -31,7 +31,7 @@ function extldap_purify_string($string)
/**
* Establishes a connection to the LDAP server and sets the protocol version.
*
* @return bool ldap link identifier or false
* @return resource|bool ldap link identifier or false
*
* @author ndiechburg <noel@cblue.be>
* */
@ -219,6 +219,12 @@ function extldap_get_chamilo_user($ldap_user, $cor = null)
$chamilo_user[$chamilo_field] = trim($ldap_field, "!\t\n\r\0");
break;
}
if (!array_key_exists($ldap_field, $ldap_user)) {
$lowerCaseFieldName = strtolower($ldap_field);
if (array_key_exists($lowerCaseFieldName, $ldap_user)) {
$ldap_field = $lowerCaseFieldName;
}
}
if (isset($ldap_user[$ldap_field][0])) {
$chamilo_user[$chamilo_field] = extldap_purify_string($ldap_user[$ldap_field][0]);
} else {
@ -405,3 +411,92 @@ function extldap_add_user_by_array($data, $update_if_exists = true)
return $user_id;
}
/**
* Get one user's single attribute value.
* User is identified by filter.
* $extldap_config['filter'] is also applied in complement, if defined.
*
* @param $filter string LDAP entry filter, such as '(uid=10000)'
* @param $attribute string name of the LDAP attribute to read the value from
* @return string|bool the single matching user entry's single attribute value or false if not found
* @throws Exception if more than one entries matched or on internal error
*/
function extldap_get_user_attribute_value($filter, $attribute)
{
global $extldap_config;
if (array_key_exists('filter', $extldap_config) && !empty($extldap_config['filter'])) {
$filter = '(&'.$filter.'('.$extldap_config['filter'].'))';
}
$ldap = extldap_connect();
if (false === $ldap) {
throw new Exception(get_lang('LDAPConnectFailed'));
}
if (false === ldap_bind($ldap, $extldap_config['admin_dn'], $extldap_config['admin_password'])) {
throw new Exception(get_lang('LDAPBindFailed'));
}
$searchResult = ldap_search($ldap, $extldap_config['base_dn'], $filter, [ $attribute ]);
if (false === $searchResult) {
throw new Exception(get_lang('LDAPSearchFailed'));
}
switch(ldap_count_entries($ldap, $searchResult)) {
case 0:
return false;
case 1:
$entry = ldap_first_entry($ldap, $searchResult);
if (false === $entry) {
throw new Exception(get_lang('LDAPFirstEntryFailed'));
}
$values = ldap_get_values($ldap, $entry, $attribute);
if (false == $values) {
throw new Exception(get_lang('LDAPGetValuesFailed'));
}
if ($values['count'] == 1) {
return $values[0];
}
throw new Exception(get_lang('MoreThanOneAttributeValueFound'));
default:
throw new Exception(get_lang('MoreThanOneUserMatched'));
}
}
/**
* Get the username from the CAS-supplied user identifier
*
* searches in attribute $extldap_user_correspondance['extra']['cas_user'] or 'uid' by default
* reads value from attribute $extldap_user_correspondance['username'] or 'uid' by default
*
* @param $casUser string code returned from the CAS server to identify the user
* @return string|bool user login name, false if not found
* @throws Exception on error
*/
function extldap_cas_user_login($casUser)
{
global $extldap_user_correspondance;
// which LDAP attribute is the cas user identifier stored in ?
$attributeToFilterOn = 'uid';
if (is_array($extldap_user_correspondance) && array_key_exists('extra', $extldap_user_correspondance)) {
$extra = $extldap_user_correspondance['extra'];
if (is_array($extra) && array_key_exists('cas_user', $extra) && !empty($extra['cas_user'])) {
$attributeToFilterOn = $extra['cas_user'];
}
}
// which LDAP attribute is the username ?
$attributeToRead = 'uid';
if (is_array($extldap_user_correspondance)
&& array_key_exists('username', $extldap_user_correspondance)
&& !empty($extldap_user_correspondance['username'])
) {
$attributeToRead = $extldap_user_correspondance['username'];
}
// return the value
return extldap_get_user_attribute_value("($attributeToFilterOn=$casUser)", $attributeToRead);
}

1
main/auth/gotocourse.php
Unescape View File

@ -53,6 +53,7 @@ if (isset($_GET['firstpage'])) {
$form->addButtonNext(get_lang('LoginEnter'), 'submitAuth');
// see same text in main_api.lib.php function api_not_allowed
if (api_is_cas_activated()) {
require_once api_get_path(SYS_PATH).'main/auth/cas/authcas.php';
$msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", ['align' => 'center']);
$msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));

8
main/inc/lib/online.inc.php
Unescape View File

@ -188,6 +188,14 @@ function online_logout($user_id = null, $logout_redirect = false)
exit;
}
if (api_is_cas_activated())
{
require_once __DIR__.'/../../auth/cas/cas_var.inc.php';
if (phpCas::isInitialized()) {
phpCAS::logout();
}
}
if ($logout_redirect) {
header("Location: $url");
exit;

193
main/inc/lib/usermanager.lib.php
Unescape View File

@ -685,6 +685,197 @@ class UserManager
return $return;
}
/**
* Ensure the CAS-authenticated user exists in the database.
*
* @param $casUser string the CAS user identifier
* @return string|bool the recognised user login name or false if not found
* @throws Exception if more than one user share the same CAS user identifier
*/
public static function casUserLoginName($casUser) {
$loginName = false;
// look inside the casUser extra field
if (UserManager::is_extra_field_available('cas_user')) {
$valueModel = new ExtraFieldValue('user');
$itemList = $valueModel->get_item_id_from_field_variable_and_field_value(
'cas_user',
$casUser,
false,
false,
true
);
if (false !== $itemList) {
// at least one user has $casUser in the 'cas_user' extra field
// we attempt to load each candidate user because there might be deleted ones
// (extra field values of a deleted user might remain)
foreach ($itemList as $item) {
$userId = intval($item['item_id']);
$user = UserManager::getRepository()->find($userId);
if (!is_null($user)) {
if (false === $loginName) {
$loginName = $user->getUsername();
} else {
throw new Exception(get_lang('MoreThanOneUserMatched'));
}
}
}
}
}
if (false === $loginName) {
// no matching 'cas_user' extra field value, or no such extra field
// falling back to the old behaviour: $casUser must be the login name
$userId = UserManager::get_user_id_from_username($casUser);
if (false !== $userId) {
$loginName = $casUser;
}
}
return $loginName;
}
/**
* Checks the availability of extra field 'cas_user'
* and creates it if missing
*
* @throws Exception on failure
*/
public static function ensureCASUserExtraFieldExists()
{
if (!UserManager::is_extra_field_available('cas_user')) {
$extraField = new ExtraField('user');
if (false === $extraField->save(
[
'variable' => 'cas_user',
'field_type' => ExtraField::FIELD_TYPE_TEXT,
'display_text' => get_lang('CAS User Identifier'),
'visible_to_self' => true,
'filter' => true,
]
)) {
throw new Exception(get_lang('FailedToCreateExtraFieldCasUser'));
}
}
}
/**
* Create a CAS-authenticated user from scratch, from its CAS user identifier, with temporary default values.
*
* @param string $casUser the CAS user identifier
* @return string the login name of the new user
* @throws Exception on error
*/
public static function createCASAuthenticatedUserFromScratch($casUser)
{
self::ensureCASUserExtraFieldExists();
$loginName = 'cas_user_'.$casUser;
$defaultValue = get_lang("EditInProfile");
$userId = UserManager::create_user(
$defaultValue,
$defaultValue,
STUDENT,
$defaultValue,
$loginName,
'casplaceholder',
'',
'',
'',
'',
CAS_AUTH_SOURCE,
$expirationDate = null,
$active = 1,
$hr_dept_id = 0,
$extra = [ 'extra_cas_user' => $casUser ]
);
if (false === $userId) {
throw new Exception(get_lang('FailedUserCreation'));
}
return $loginName;
}
/**
* Create a CAS-authenticated user from LDAP, from its CAS user identifier.
*
* @param $casUser
* @return string login name of the new user
* @throws Exception
*/
public static function createCASAuthenticatedUserFromLDAP($casUser)
{
self::ensureCASUserExtraFieldExists();
require_once(__DIR__.'/../../auth/external_login/ldap.inc.php');
$login = extldap_cas_user_login($casUser);
if (false !== $login) {
$ldapUser = extldap_authenticate($login, 'nopass', true);
if (false !== $ldapUser) {
require_once(__DIR__.'/../../auth/external_login/functions.inc.php');
$user = extldap_get_chamilo_user($ldapUser);
$user['username'] = $login;
$user['auth_source'] = CAS_AUTH_SOURCE;
$user['extra'] = [ 'extra_cas_user' => $casUser ];
$uid = external_add_user($user);
if (false !== $uid) {
return $login;
} else {
throw new Exception('Could not create the new user '.$login);
}
} else {
throw new Exception('Could not load the new user from LDAP using its login '.$login);
}
} else {
throw new Exception('Could not find the new user from LDAP using its cas user identifier '.$casUser);
}
}
/**
* updates user record in database from its LDAP record
* copies relevant LDAP attribute values : firstname, lastname and email.
*
* @param $login string the user login name
* @throws Exception when the user login name is not found in the LDAP or in the database
*/
public static function updateUserFromLDAP($login)
{
require_once(__DIR__ . '/../../auth/external_login/ldap.inc.php');
$ldapUser = extldap_authenticate($login, 'nopass', true);
if (false === $ldapUser) {
throw new Exception(get_lang('NoSuchUserInLDAP'));
}
$user = extldap_get_chamilo_user($ldapUser);
$userInfo = api_get_user_info_from_username($login);
if (false === $userInfo) {
throw new Exception(get_lang('NoSuchUserInInternalDatabase'));
}
$userId = UserManager::update_user(
$userInfo['user_id'],
$user["firstname"],
$user["lastname"],
$login,
null,
null,
$user["email"],
$userInfo['status'],
'',
'',
'',
null,
1,
null,
0,
null,
''
);
if (false === $userId) {
throw new Exception(get_lang('CouldNotUpdateUser'));
}
}
/**
* Can user be deleted? This function checks whether there's a course
* in which the given user is the
@ -2760,7 +2951,7 @@ class UserManager
/**
* Get the extra field information for a certain field (the options as well).
*
* @param int $variable The name of the field we want to know everything about
* @param string $variable The name of the field we want to know everything about
*
* @return array Array containing all the information about the extra profile field
* (first level of array contains field details, then 'options' sub-array contains options details,

80
main/inc/local.inc.php
Unescape View File

@ -261,23 +261,65 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
}
// IF cas is activated and user isn't logged in
if (api_get_setting('cas_activate') == 'true') {
$cas_activated = true;
} else {
$cas_activated = false;
}
$casUser = false;
if ('true' === api_get_setting('cas_activate')
&& !isset($_user['user_id'])
&& !isset($_POST['login'])
&& !$logout
) {
// load the CAS system to authenticate the user
require_once api_get_path(SYS_PATH).'main/auth/cas/cas_var.inc.php';
// redirect to CAS server if not authenticated yet and so configured
if (is_array($cas) && array_key_exists('force_redirect', $cas) && $cas['force_redirect']) {
phpCAS::forceAuthentication();
}
// check whether we are authenticated
if (phpCAS::isAuthenticated()) {
// the user was successfully authenticated by the CAS server, read its CAS user identification
$casUser = phpCAS::getUser();
// make sure the user exists in the database
$login = UserManager::casUserLoginName($casUser);
if (false === $login) {
// the CAS-authenticated user does not yet exist in internal database
// see whether we are supposed to create it
switch (api_get_setting("cas_add_user_activate")) {
case PLATFORM_AUTH_SOURCE:
// create the new user from its CAS user identifier
$login = UserManager::createCASAuthenticatedUserFromScratch($casUser);
break;
case LDAP_AUTH_SOURCE:
// find the new user's LDAP record from its CAS user identifier and copy information
$login = UserManager::createCASAuthenticatedUserFromLDAP($casUser);
break;
default:
// no automatic user creation is configured, just complain about it
throw new Exception(get_lang('NoUserMatched'));
}
}
$cas_login = false;
if ($cas_activated && !isset($_user['user_id']) && !isset($_POST['login']) && !$logout) {
require_once api_get_path(SYS_PATH).'main/auth/cas/authcas.php';
$cas_login = cas_is_authenticated();
// $login is set and the user exists in the database
// update the user record from LDAP if so required by settings
if ('true' === api_get_setting("update_user_info_cas_with_ldap")) {
UserManager::updateUserFromLDAP($login);
}
} else {
// not CAS authenticated
}
}
if ((isset($_POST['login']) && isset($_POST['password'])) || ($cas_login)) {
if ((isset($_POST['login']) && isset($_POST['password'])) || ($casUser)) {
// $login && $password are given to log in
if ($cas_login && empty($_POST['login'])) {
$login = $cas_login;
} else {
if (empty($login) || !empty($_POST['login'])) {
$login = $_POST['login'];
$password = $_POST['password'];
}
@ -349,7 +391,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE ||
$uData['auth_source'] == CAS_AUTH_SOURCE
) {
$validPassword = UserManager::isPasswordValid(
$validPassword = isset($password) && UserManager::isPasswordValid(
$uData['password'],
$password,
$uData['salt']
@ -379,7 +421,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
}
// Check the user's password
if (($validPassword || $cas_login || $checkUserFromExternalWebservice) &&
if (($validPassword || $casUser || $checkUserFromExternalWebservice) &&
(trim($login) == $uData['username'])
) {
// Means that the login was loaded in a different page than index.php
@ -442,8 +484,8 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
// https://support.chamilo.org/issues/6124
$location = api_get_path(WEB_PATH)
.'index.php?loginFailed=1&error=access_url_inactive';
if ($cas_login) {
cas_logout(null, $location);
if ($casUser) {
phpCAS::logoutWithRedirectService($location);
Event::courseLogout($logoutInfo);
} else {
header('Location: '.$location);
@ -1258,7 +1300,7 @@ if ((isset($uidReset) && $uidReset) || $cidReset) {
$is_sessionAdmin = true;
} else {
// Am I a session coach for this session?
$sql = "SELECT session.id, session.id_coach
$sql = "SELECT session.id, session.id_coach
FROM $tbl_session session
INNER JOIN $tbl_session_course sc
ON sc.session_id = session.id
@ -1581,7 +1623,7 @@ if (isset($_cid)) {
}
// direct login to course
if ((isset($cas_login) && $cas_login && exist_firstpage_parameter()) ||
if ((isset($casUser) && $casUser && exist_firstpage_parameter()) ||
($logging_in && exist_firstpage_parameter())
) {
$redirectCourseDir = api_get_firstpage_parameter();

Write Preview
Loading…
Cancel
Save