From 99827958a7311b5c27328177e70dc30dc7aa5404 Mon Sep 17 00:00:00 2001 From: Hubert Borderiou Date: Wed, 28 Mar 2012 09:56:59 +0200 Subject: [PATCH] CAS authentification with minimum change. --- main/auth/cas/authcas.php | 56 ++++++++++++++++++++++------------- main/auth/cas/cas_var.inc.php | 11 +++---- main/auth/cas/logincas.php | 1 - main/inc/lib/main_api.lib.php | 2 ++ main/inc/local.inc.php | 2 +- 5 files changed, 44 insertions(+), 28 deletions(-) diff --git a/main/auth/cas/authcas.php b/main/auth/cas/authcas.php index d8b8fec339..19b34852b4 100644 --- a/main/auth/cas/authcas.php +++ b/main/auth/cas/authcas.php @@ -62,27 +62,41 @@ function cas_is_authenticated() default: $status=5; // Student }*/ - //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap - if (! $logout){ - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ". - "FROM $user_table ". - "WHERE username = '$login' "; - - $result = api_sql_query($sql,__FILE__,__LINE__); - if(mysql_num_rows($result) == 0) { - require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php'); - $rnumber=rand(0,256000); - UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE); - } - else { - $user = mysql_fetch_assoc($result); - $user_id = intval($user['user_id']); - //echo "deb : $status"; - UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ; - - } - } + if (!$logout){ + // get user info from username + $tab_user_info = UserManager::get_user_info($login); + // user found in the chamilo database + if (is_array($tab_user_info)) { + // if option is on we can update user automatically from ldap server + return $login; + } + // user not found + else { + // if option is on we can add user automatically from ldap server + return false; + } + } +// //If the user is in the dokeos database and we are ,not in a logout request, we upgrade his infomration by ldap +// if (! $logout){ +// $user_table = Database::get_main_table(TABLE_MAIN_USER); +// $sql = "SELECT user_id, username, password, auth_source, active, expiration_date ". +// "FROM $user_table ". +// "WHERE username = '$login' "; +// +// $result = api_sql_query($sql,__FILE__,__LINE__); +// if(mysql_num_rows($result) == 0) { +// require_once(api_get_path(SYS_PATH).'main/inc/lib/usermanager.lib.php'); +// $rnumber=rand(0,256000); +// UserManager::create_user($firstName, $lastName, $status, $email, $login, md5('casplaceholder'.$rnumber), $official_code='',$language='',$phone='',$picture_uri='',$auth_source = PLATFORM_AUTH_SOURCE); +// } +// else { +// $user = mysql_fetch_assoc($result); +// $user_id = intval($user['user_id']); +// //echo "deb : $status"; +// UserManager::update_user ($user_id, $firstname, $lastname, $login, null, null, $email, $status, '', '', '', '', 1, null, 0, null,'') ; +// +// } +// } return($login); } else diff --git a/main/auth/cas/cas_var.inc.php b/main/auth/cas/cas_var.inc.php index d87bb62268..58388eb9e7 100644 --- a/main/auth/cas/cas_var.inc.php +++ b/main/auth/cas/cas_var.inc.php @@ -3,18 +3,19 @@ * In the future, these will be in the database */ require_once('lib/CAS.php'); -define("CAS_VERSION_2_0",'2.0'); -define("SAML_VERSION_1_1", 'S1'); global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; $cas_auth_server = api_get_setting('cas_server'); $cas_auth_uri = api_get_setting('cas_server_uri'); $cas_auth_port = intval(api_get_setting('cas_port')); +switch (api_get_setting('cas_protocol')) { + case 'CAS1': $cas_auth_ver = CAS_VERSION_1_0; break; + case 'CAS2': $cas_auth_ver = CAS_VERSION_2_0; break; + case 'SAML': $cas_auth_ver = SAML_VERSION_1_1; break; + default : $cas_auth_ver = CAS_VERSION_2_0; break; +} $cas_auth_uri = api_get_setting('cas_server_uri'); if ( ! is_string($cas_auth_uri)) $cas_auth_uri = ''; - -$cas_auth_ver = '2.0'; -//$cas_auth_ver = SAML_VERSION_1_1; ?> diff --git a/main/auth/cas/logincas.php b/main/auth/cas/logincas.php index 118abdba20..24672bf0e0 100644 --- a/main/auth/cas/logincas.php +++ b/main/auth/cas/logincas.php @@ -21,5 +21,4 @@ if (!is_object($PHPCAS_CLIENT) ) { phpCAS::setNoCasServerValidation(); } phpCAS::forceAuthentication(); -//echo 'ici'; header('Location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login')); diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index 4ae440c36f..45a04ce8e4 100644 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -118,6 +118,8 @@ define('SECTION_GLOBAL', 'global'); // CONSTANT name for local authentication source define('PLATFORM_AUTH_SOURCE', 'platform'); +define('CAS_AUTH_SOURCE', 'cas'); +define('LDAP_AUTH_SOURCE', 'extldap'); // CONSTANT defining the default HotPotatoes files directory define('DIR_HOTPOTATOES','/HotPotatoes_files'); diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 641dba71a9..1b8a089385 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -258,7 +258,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) { if (Database::num_rows($result) > 0) { $uData = Database::fetch_array($result); - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE || $uData['auth_source'] == CAS_AUTH_SOURCE) { //the authentification of this user is managed by Chamilo itself $password = trim(stripslashes($password));