|
|
|
|
@ -52,7 +52,11 @@ class sso { |
|
|
|
|
* Sends the user to the master URL for a check of active connection |
|
|
|
|
*/ |
|
|
|
|
public function ask_master() { |
|
|
|
|
$params = 'sso_referer='.urlencode($this->referer).'&sso_target='.urlencode($this->target); |
|
|
|
|
$tempKey = api_generate_password(32); |
|
|
|
|
$params = 'sso_referer='.urlencode($this->referer). |
|
|
|
|
'&sso_target='.urlencode($this->target). |
|
|
|
|
'&sso_challenge='.$tempKey; |
|
|
|
|
Session::write('tempkey',$tempKey); |
|
|
|
|
if (strpos($this->master_url, "?") === false) { |
|
|
|
|
$params = "?$params"; |
|
|
|
|
} else { |
|
|
|
|
@ -86,8 +90,7 @@ class sso { |
|
|
|
|
$uData = Database::fetch_array($result); |
|
|
|
|
//Check the user's password |
|
|
|
|
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { |
|
|
|
|
|
|
|
|
|
//the authentification of this user is managed by Chamilo itself |
|
|
|
|
//This user's authentification is managed by Chamilo itself |
|
|
|
|
// check the user's password |
|
|
|
|
// password hash comes already parsed in sha1, md5 or none |
|
|
|
|
|
|
|
|
|
@ -97,10 +100,23 @@ class sso { |
|
|
|
|
error_log($sso['username']); |
|
|
|
|
error_log($uData['username']); |
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
if ($sso['secret'] === sha1($uData['password']) |
|
|
|
|
&& ($sso['username'] == $uData['username'])) { |
|
|
|
|
error_log('user n password are ok'); |
|
|
|
|
global $_configuration; |
|
|
|
|
// Two possible authentication methods here: legacy using password |
|
|
|
|
// and new using a temporary, session-fixed, tempkey |
|
|
|
|
if ( |
|
|
|
|
($sso['username'] == $uData['username'] |
|
|
|
|
&& $sso['secret'] === sha1( |
|
|
|
|
$uData['username']. |
|
|
|
|
Session::read('tempkey'). |
|
|
|
|
$_configuration['security_key'] |
|
|
|
|
) |
|
|
|
|
) |
|
|
|
|
or ( |
|
|
|
|
($sso['secret'] === sha1($uData['password'])) |
|
|
|
|
&& ($sso['username'] == $uData['username']) |
|
|
|
|
) |
|
|
|
|
) { |
|
|
|
|
//error_log('user n password are ok'); |
|
|
|
|
//Check if the account is active (not locked) |
|
|
|
|
if ($uData['active']=='1') { |
|
|
|
|
// check if the expiration date has not been reached |
|
|
|
|
@ -151,8 +167,8 @@ class sso { |
|
|
|
|
} else { |
|
|
|
|
//Only admins of the "main" (first) Chamilo |
|
|
|
|
// portal can login wherever they want |
|
|
|
|
if (in_array(1, $my_url_list)) { |
|
|
|
|
//Check if this admin is admin on the |
|
|
|
|
if (in_array(1, $my_url_list)) { |
|
|
|
|
//Check if this admin is admin on the |
|
|
|
|
// principal portal |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
|
@ -161,7 +177,7 @@ class sso { |
|
|
|
|
Session::write('_user', $_user); |
|
|
|
|
event_login(); |
|
|
|
|
} else { |
|
|
|
|
//Secondary URL admin wants to login |
|
|
|
|
//Secondary URL admin wants to login |
|
|
|
|
// so we check as a normal user |
|
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
|
Yannick Warnier
11 years ago