self::$user['organization'])); } return self::$organization; } public static function load() { if (self::isLoggedIn()) return true; Session::load(); if (empty($_SERVER['persistent-id'])) { if (Session::getUid() === false) return false; // Try user from local DB self::$user = Database::queryFirst('SELECT userid, shibid, login, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); return self::$user !== false; } // Try bwIDM etc. self::$isShib = true; if (!isset($_SERVER['sn'])) $_SERVER['sn'] = ''; if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = ''; if (!isset($_SERVER['mail'])) $_SERVER['mail'] = ''; $shibId = md5($_SERVER['persistent-id']); self::$user = array( 'userid' => 0, 'shibid' => $shibId, 'login' => NULL, 'firstname' => $_SERVER['givenName'], 'lastname' => $_SERVER['sn'], 'email' => $_SERVER['mail'], ); // Figure out whether the user should be considered a tutor if (isset($_SERVER['affiliation']) && preg_match('/(^|;)employee@/', $_SERVER['affiliation'])) self::$user['role'] = 'tutor'; elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false) self::$user['role'] = 'tutor'; // Try to figure out organization if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) self::$user['organization'] = $out[1]; // Get matching db entry if any $user = Database::queryFirst('SELECT userid, login, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId)); if ($user === false) { // No match in database, user is not signed up return true; } // Already signed up, see if we can fetch missing fields from DB self::$user['login'] = $user['login']; self::$isInDb = true; foreach (array('firstname', 'lastname', 'email') as $key) { if (empty(self::$user[$key])) self::$user[$key] = $user[$key]; } return true; } public static function deploy($anonymous) { if (empty(self::$user['shibid'])) Util::traceError('NO SHIBID'); if ($anonymous) { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " . " VALUES (:shibid, :shibid, :org, '', '', '')", array( 'shibid' => self::$user['shibid'], 'org' => self::getOrganizationId() )); } else { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email)", array( 'shibid' => self::$user['shibid'], 'firstname' => self::$user['firstname'], 'lastname' => self::$user['lastname'], 'email' => self::$user['email'], 'org' => self::getOrganizationId() )); } } public static function login($user, $pass) { $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); if ($ret === false) return false; if (!Crypto::verify($pass, $ret['passwd'])) return false; Session::create(); Session::setUid($ret['userid']); Session::set('token', md5(rand() . time() . mt_rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'] . microtime(true))); Session::save(); return true; } public static function logout() { Session::delete(); Header('Location: ?do=Main&fromlogout'); exit(0); } }