chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40372 Commits
17 Branches
107 Tags
957 MiB
 
 
 
 
 
 
Tag: Branch: Tree: d05e2344ef
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd05e2344ef'
${ noResults }
chamilo-lms/main/auth/external_login/login.ws.php

115 lines
3.6 KiB
Raw Blame History

<?php
/* For licensing terms, see /license.txt */
use ChamiloSession as Session;
// External login module : WS (for Web Services)
/**
*
* This file is included in main/inc/local.inc.php at user login if the user
* have 'ws' in his auth_source field instead of 'platform'.
*/
// Configure the web service URL here. e.g. http://174.1.1.19:8020/login.asmx?WSDL
$wsUrl = '';
// include common authentication functions
require_once __DIR__.'/functions.inc.php';
// call the login checker (defined below)
$isValid = loginWSAuthenticate($login, $password, $wsUrl);
// if the authentication was successful, proceed
if ($isValid === 1) {
//error_log('WS authentication worked');
$chamiloUser = api_get_user_info_from_username($login);
$loginFailed = false;
$_user['user_id'] = $chamiloUser['user_id'];
$_user['status'] = (isset($chamiloUser['status']) ? $chamiloUser['status'] : 5);
$_user['uidReset'] = true;
Session::write('_user', $_user);
$uidReset = true;
$logging_in = true;
Event::event_login($_user['user_id']);
} else {
//error_log('WS authentication error - user not approved by external WS');
$loginFailed = true;
$uidReset = false;
if (isset($_user) && isset($_user['user_id'])) {
unset($_user['user_id']);
}
}
/**
* Checks whether a user has the right to enter on the platform or not
* @param string The username, as provided in form
* @param string The cleartext password, as provided in form
* @param string The WS URL, as provided at the beginning of this script
*/
function loginWSAuthenticate($username, $password, $wsUrl)
{
// check params
if (empty($username) || empty($password) || empty($wsUrl)) {
return false;
}
// Create new SOAP client instance
$client = new SoapClient($wsUrl);
if (!$client) {
return false;
}
// Include phpseclib methods, because of a bug with AES/CFB in mcrypt
include_once api_get_path(LIBRARY_PATH).'phpseclib/Crypt/AES.php';
// Define all elements necessary to the encryption
$key = '-+*%$({[]})$%*+-';
// Complete password con PKCS7-specific padding
$blockSize = 16;
$padding = $blockSize - (strlen($password) % $blockSize);
$password .= str_repeat(chr($padding), $padding);
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(128);
$cipher->setKey($key);
$cipher->setIV($key);
$cipheredPass = $cipher->encrypt($password);
// Mcrypt call left for documentation purposes - broken, see https://bugs.php.net/bug.php?id=51146
//$cipheredPass = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $password, MCRYPT_MODE_CFB, $key);
// Following lines present for debug purposes only
/*
$arr = preg_split('//', $cipheredPass, -1, PREG_SPLIT_NO_EMPTY);
foreach ($arr as $char) {
error_log(ord($char));
}
*/
// Change to base64 to avoid communication alteration
$passCrypted = base64_encode($cipheredPass);
// The call to the webservice will change depending on your definition
try {
$response = $client->validateUser(
array(
'user' => $username,
'pass' => $passCrypted,
'system' => 'chamilo',
)
);
} catch (SoapFault $fault) {
error_log('Caught something');
if ($fault->faultstring != 'Could not connect to host') {
error_log('Not a connection problem');
throw $fault;
} else {
error_log('Could not connect to WS host');
}
return 0;
}
return $response->validateUserResult;
}