1 | <?php |
||
2 | /* For licensing terms, see /license.txt */ |
||
3 | |||
4 | use ChamiloSession as Session; |
||
5 | |||
6 | // External login module : WS (for Web Services) |
||
7 | /** |
||
8 | * This file is included in main/inc/local.inc.php at user login if the user |
||
9 | * have 'ws' in his auth_source field instead of 'platform'. |
||
10 | */ |
||
11 | |||
12 | // Configure the web service URL here. e.g. http://174.1.1.19:8020/login.asmx?WSDL |
||
13 | $wsUrl = ''; |
||
14 | |||
15 | // include common authentication functions |
||
16 | require_once __DIR__.'/functions.inc.php'; |
||
17 | // call the login checker (defined below) |
||
18 | $isValid = loginWSAuthenticate($login, $password, $wsUrl); |
||
19 | |||
20 | // if the authentication was successful, proceed |
||
21 | if ($isValid === 1) { |
||
22 | //error_log('WS authentication worked'); |
||
23 | $chamiloUser = api_get_user_info_from_username($login); |
||
24 | $loginFailed = false; |
||
25 | $_user['user_id'] = $chamiloUser['user_id']; |
||
26 | $_user['status'] = (isset($chamiloUser['status']) ? $chamiloUser['status'] : 5); |
||
27 | $_user['uidReset'] = true; |
||
28 | Session::write('_user', $_user); |
||
29 | $uidReset = true; |
||
30 | $logging_in = true; |
||
31 | Event::eventLogin($_user['user_id']); |
||
32 | } else { |
||
33 | //error_log('WS authentication error - user not approved by external WS'); |
||
34 | $loginFailed = true; |
||
35 | $uidReset = false; |
||
36 | if (isset($_user) && isset($_user['user_id'])) { |
||
37 | unset($_user['user_id']); |
||
38 | } |
||
39 | } |
||
40 | |||
41 | /** |
||
42 | * Checks whether a user has the right to enter on the platform or not. |
||
43 | * |
||
44 | * @param string The username, as provided in form |
||
45 | * @param string The cleartext password, as provided in form |
||
46 | * @param string The WS URL, as provided at the beginning of this script |
||
47 | */ |
||
48 | function loginWSAuthenticate($username, $password, $wsUrl) |
||
49 | { |
||
50 | // check params |
||
51 | if (empty($username) || empty($password) || empty($wsUrl)) { |
||
52 | return false; |
||
53 | } |
||
54 | // Create new SOAP client instance |
||
55 | $client = new SoapClient($wsUrl); |
||
56 | if (!$client) { |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
57 | return false; |
||
58 | } |
||
59 | // Include phpseclib methods, because of a bug with AES/CFB in mcrypt |
||
60 | include_once api_get_path(LIBRARY_PATH).'phpseclib/Crypt/AES.php'; |
||
61 | // Define all elements necessary to the encryption |
||
62 | $key = '-+*%$({[]})$%*+-'; |
||
63 | // Complete password con PKCS7-specific padding |
||
64 | $blockSize = 16; |
||
65 | $padding = $blockSize - (strlen($password) % $blockSize); |
||
66 | $password .= str_repeat(chr($padding), $padding); |
||
67 | $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB); |
||
0 ignored issues
–
show
|
|||
68 | $cipher->setKeyLength(128); |
||
69 | $cipher->setKey($key); |
||
70 | $cipher->setIV($key); |
||
71 | |||
72 | $cipheredPass = $cipher->encrypt($password); |
||
73 | // Mcrypt call left for documentation purposes - broken, see https://bugs.php.net/bug.php?id=51146 |
||
74 | //$cipheredPass = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $password, MCRYPT_MODE_CFB, $key); |
||
75 | |||
76 | // Following lines present for debug purposes only |
||
77 | /* |
||
78 | $arr = preg_split('//', $cipheredPass, -1, PREG_SPLIT_NO_EMPTY); |
||
79 | foreach ($arr as $char) { |
||
80 | error_log(ord($char)); |
||
81 | } |
||
82 | */ |
||
83 | // Change to base64 to avoid communication alteration |
||
84 | $passCrypted = base64_encode($cipheredPass); |
||
85 | // The call to the webservice will change depending on your definition |
||
86 | try { |
||
87 | $response = $client->validateUser( |
||
88 | [ |
||
89 | 'user' => $username, |
||
90 | 'pass' => $passCrypted, |
||
91 | 'system' => 'chamilo', |
||
92 | ] |
||
93 | ); |
||
94 | } catch (SoapFault $fault) { |
||
95 | error_log('Caught something'); |
||
96 | if ($fault->faultstring != 'Could not connect to host') { |
||
97 | error_log('Not a connection problem'); |
||
98 | throw $fault; |
||
99 | } else { |
||
100 | error_log('Could not connect to WS host'); |
||
101 | } |
||
102 | |||
103 | return 0; |
||
104 | } |
||
105 | |||
106 | return $response->validateUserResult; |
||
107 | } |
||
108 |