Skip to content
Permalink
Browse files
Logout: split in separate file. Regenerate session id on login / logout
--HG--
branch : 3.12
  • Loading branch information
adia committed Oct 22, 2021
1 parent 55b7f3f commit 21105c73a6b7b4fa0ba0c2cba9e1738a7d9c5d2d
Showing with 91 additions and 47 deletions.
  1. +1 −1 include/baseTheme.php
  2. +1 −0 include/main_lib.php
  3. +12 −35 index.php
  4. +1 −1 main/toolbox.php
  5. +1 −1 main/unreguser.php
  6. +66 −0 modules/auth/logout.php
  7. +9 −9 modules/auth/transition/auth_transition.php
@@ -262,7 +262,7 @@ function get_theme_class($class) {
$t->set_var('LANG_STATS', q($GLOBALS['langMyStats']));
$t->set_var('STATS_LINK', $urlAppend . 'modules/usage/?t=u');
$t->set_var('LANG_LOGOUT', q($langLogout));
$t->set_var('LOGOUT_LINK', $urlAppend . 'index.php?logout=yes');
$t->set_var('LOGOUT_LINK', $urlAppend . 'modules/auth/logout.php');
$t->set_var('MY_COURSES', q($GLOBALS['langMyCoursesSide']));
$t->set_var('MY_MESSAGES', q($GLOBALS['langNewMyMessagesSide']));
$t->set_var('LANG_ANNOUNCEMENTS', q($GLOBALS['langMyAnnouncements']));
@@ -4079,6 +4079,7 @@ function warnCourseInvalidDepartment($prompt=false) {
* 'am' - Student id number
*/
function login_hook($options) {
session_regenerate_id();
if (!isset($options['am'])) {
$options['am'] = '';
}
@@ -70,52 +70,29 @@
$uid = 0;
}

if (isset($_GET['logout']) and $uid) {
$cas = ($session->getLoginMethod() == 'cas')? get_auth_settings(7): false;
Database::get()->query("INSERT INTO loginout (loginout.id_user,
loginout.ip, loginout.when, loginout.action)
VALUES (?d, ?s, " .DBHelper::timeAfter() . ", 'LOGOUT')", $uid, Log::get_client_ip());
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}

// include HybridAuth libraries
require_once 'modules/auth/methods/hybridauth/config.php';

$config = get_hybridauth_config();
$hybridauth = new Hybridauth\Hybridauth( $config );

session_destroy();
$uid = 0;
if ($cas and isset($cas['cas_ssout']) and intval($cas['cas_ssout']) === 1) {
phpCAS::client(SAML_VERSION_1_1, $cas['cas_host'], intval($cas['cas_port']), $cas['cas_context'], FALSE);
phpCAS::logoutWithRedirectService($urlServer);
}
}

// if we try to login... then authenticate user.
$warning = '';

if(isset($_SESSION['hybridauth_callback'])) {
switch($_SESSION['hybridauth_callback']) {
case 'login':
$_GET['provider'] = $_SESSION['hybridauth_provider'] ?? '';
break;
case 'profile':
$provider = $_SESSION['hybridauth_provider'] ?? '';
header('Location: /main/profile/profile.php?action=connect&provider='.$provider.'&'.$_SERVER['QUERY_STRING']);
exit;
switch($_SESSION['hybridauth_callback']) {
case 'login':
$_GET['provider'] = $_SESSION['hybridauth_provider'] ?? '';
break;
case 'profile':
$provider = $_SESSION['hybridauth_provider'] ?? '';
header('Location: /main/profile/profile.php?action=connect&provider='.$provider.'&'.$_SERVER['QUERY_STRING']);
exit;
case 'auth_test':
$provider = $_SESSION['hybridauth_provider'] ?? '';
header('Location: /modules/admin/auth_test.php?auth='.$provider.'&'.$_SERVER['QUERY_STRING']);
$provider = $_SESSION['hybridauth_provider'] ?? '';
header('Location: /modules/admin/auth_test.php?auth='.$provider.'&'.$_SERVER['QUERY_STRING']);
exit;
}
}

if (isset($_SESSION['shib_uname'])) {
// authenticate via shibboleth
shib_cas_login('shibboleth');
} elseif (isset($_SESSION['cas_uname']) && !isset($_GET['logout'])) {
} elseif (isset($_SESSION['cas_uname'])) {
// authenticate via cas
shib_cas_login('cas');
} elseif (isset($_GET['provider'])) {
@@ -144,7 +121,7 @@
}

// check if we are guest user
if (!$upgrade_begin and $uid and !isset($_GET['logout'])) {
if (!$upgrade_begin and $uid) {
if (check_guest()) {
// if the user is a guest send him straight to the corresponding lesson
$guest = Database::get()->querySingle("SELECT code FROM course_user, course
@@ -115,7 +115,7 @@
$t->set_var('langSelectFromMenu', js_escape($langSelectFromMenu));
if ($uid) {
$t->set_var('loginLogout', q($_SESSION['givenname'] . ' ' . $_SESSION['surname']) .
" &nbsp; <a href='$urlAppend?logout=true'>$langLogout</a>");
" &nbsp; <a href='{$urlAppend}modules/auth/logout.php'>$langLogout</a>");
$t->set_block('main', 'loginModalsBlock', 'delete');
} else {
$t->set_var('loginModal', 'loginModal');
@@ -94,7 +94,7 @@

$tool_content .= action_bar(array(
array('title' => $langLogout,
'url' => "../index.php?logout=yes",
'url' => $urlAppend . 'modules/auth/logout.php',
'icon' => 'fa-sign-out',
'level' => 'primary-label')));
$tool_content .= "<div class='alert alert-success'>$langDelSuccess</br>$langThanks</div>";
@@ -0,0 +1,66 @@
<?php

/* ========================================================================
* Open eClass 3.12
* E-learning and Course Management System
* ========================================================================
* Copyright 2003-2021 Greek Universities Network - GUnet
* A full copyright notice can be read in "/info/copyright.txt".
* For a full list of contributors, see "credits.txt".
*
* Open eClass is an open platform distributed in the hope that it will
* be useful (without any warranty), under the terms of the GNU (General
* Public License) as published by the Free Software Foundation.
* The full license can be read in "/info/license/license_gpl.txt".
*
* Contact address: GUnet Asynchronous eLearning Group,
* Network Operations Center, University of Athens,
* Panepistimiopolis Ilissia, 15784, Athens, Greece
* e-mail: info@openeclass.org
* ======================================================================== */

/*
* @file logout.php
*
* @abstract Redirect users to this file to log them out
*
*/

require_once '../../include/baseTheme.php';
require_once 'modules/auth/auth.inc.php';
require_once 'modules/auth/methods/hybridauth/config.php';

if ($uid) {
$login_method = $session->getLoginMethod();
Database::get()->query("INSERT INTO loginout (loginout.id_user,
loginout.ip, loginout.when, loginout.action)
VALUES (?d, ?s, " . DBHelper::timeAfter() . ", 'LOGOUT')", $uid, Log::get_client_ip());

$config = get_hybridauth_config();
$hybridauth = new Hybridauth\Hybridauth($config);
foreach ($hybridauth->getConnectedAdapters() as $adapter) {
$adapter->disconnect();
}

foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}

if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000,
$params['path'], $params['domain'],
$params['secure'], $params['httponly']
);
}

session_destroy();

$cas = ($login_method == 'cas')? get_auth_settings(7): false;
if ($cas and isset($cas['cas_ssout']) and intval($cas['cas_ssout']) === 1) {
phpCAS::client(SAML_VERSION_1_1, $cas['cas_host'], intval($cas['cas_port']), $cas['cas_context'], FALSE);
phpCAS::logoutWithRedirectService($urlServer);
}
}

redirect_to_home_page();
@@ -7,8 +7,8 @@
*/

// ------------ feel free to change it ----------
define ('INTRO_SSO_MESSAGE', 'Η διαδικασία μετάβασης των λογαριασμών των χρηστών έχει ξεκινήσει!
Κάντε κλικ στο `Μετάβαση`. Θα μεταφερθείτε στην κεντρική σελίδα Πιστοποίησης Λογαριασμού
define ('INTRO_SSO_MESSAGE', 'Η διαδικασία μετάβασης των λογαριασμών των χρηστών έχει ξεκινήσει!
Κάντε κλικ στο `Μετάβαση`. Θα μεταφερθείτε στην κεντρική σελίδα Πιστοποίησης Λογαριασμού
όπου θα δώσετε τα στοιχεία σας έτσι ώστε ο λογαριασμός σας στην πλατφόρμα να ενημερωθεί.');
// ----------------------------------------------
$require_login = true;
@@ -18,25 +18,25 @@
$pageName = "Μετάβαση";

if (!get_config('sso_transition')) {
redirect("{$urlServer}index.php?logout=yes");
redirect("{$urlAppend}modules/auth/logout.php");
}

$_SESSION['SSO_USER_TRANSITION'] = true;

$tool_content .= action_bar(array(
array('title' => $langBack,
'url' => "{$urlAppend}index.php?logout=yes",
'url' => "{$urlAppend}modules/auth/logout.php",
'icon' => 'fa-reply',
'level' => 'primary-label')
),false);

$auth_transition = new Transition($uid);
if ($auth_transition->get_sso_exception_status() == SSO_TRANSITION_EXCEPTION_BLOCKED) {
$tool_content .= "<div class='alert alert-danger'>Η πρόσβαση στην πλατφόρμα έχει αποκλειστεί.
$tool_content .= "<div class='alert alert-danger'>Η πρόσβαση στην πλατφόρμα έχει αποκλειστεί.
Μπορείτε να επικοινωνήσετε με τους διαχειριστές της πλατφόρμας στο <strong>" . get_config('email_helpdesk') . "</strong>.</div>";
} else if ($auth_transition->get_sso_exception_status() == SSO_TRANSITION_EXCEPTION_PENDING) { // sso exception pending
$tool_content .= "<div class='alert alert-warning'>Έχετε ήδη υποβάλλει αίτημα εξαίρεσης το οποίο ακόμα δεν έχει διεκπεραιωθεί.
Η πρόσβαση στην πλατφόρμα προσωρινά δεν είναι δυνατή.
$tool_content .= "<div class='alert alert-warning'>Έχετε ήδη υποβάλλει αίτημα εξαίρεσης το οποίο ακόμα δεν έχει διεκπεραιωθεί.
Η πρόσβαση στην πλατφόρμα προσωρινά δεν είναι δυνατή.
Μπορείτε να επικοινωνήσετε με τους διαχειριστές της πλατφόρμας στο <strong>" . get_config('email_helpdesk') . "</strong>.</div>";
} else if (isset($_GET['exception'])) {
$auth_transition->add_sso_exception($_POST['comments']);
@@ -80,7 +80,7 @@ function display_sso_exception_form($uid) {
<div class='col-sm-10'>
<input class='form-control' type='text' name='$langName' value='" . q($firstname) . "' disabled />
</div>
</div>
</div>
<div class='form-group'>
<label for='$langComments' class='col-sm-2 control-label'>$langComments:</label>
<div class='col-sm-10'>
@@ -104,4 +104,4 @@ function display_sso_exception_form($uid) {
</fieldset>
</form>
</div>";
}
}

0 comments on commit 21105c7

Please sign in to comment.