Rev 4614 | Rev 5001 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 23 | reyssat | 1 | !if $auth_password=*wims_site_manager |
| 2 | !if $wims_ismanager<2 |
||
| 3 | auth_password= |
||
| 4 | !else |
||
| 5 | !goto auth_ok |
||
| 6 | !endif |
||
| 7 | !endif |
||
| 8 | |||
| 4360 | guerimand | 9 | !if $save_logincgu!=$empty |
| 10 | !if $agreecgu=yes |
||
| 11 | !read adm/class/userdef wimshome/log/classes,$class,$user |
||
| 12 | !setdef !set user_agreecgu=yes in $userdef/$save_logincgu |
||
| 13 | !endif |
||
| 14 | !reset $save_logincgu |
||
| 15 | !endif |
||
| 16 | |||
| 23 | reyssat | 17 | !read adm/class/authchars |
| 18 | auth_user=!word 1 of $auth_user |
||
| 19 | auth_password=!word 1 of $auth_password |
||
| 633 | bpr | 20 | |
| 21 | # new variables to keep original data (used only in ldap authentication) |
||
| 22 | auth_user_connection=$auth_user |
||
| 23 | auth_password_connection=$auth_password |
||
| 24 | |||
| 4993 | bpr | 25 | ##### EXTERNAL connection - part 1 ##### |
| 633 | bpr | 26 | |
| 4993 | bpr | 27 | !if $auth_user notsametext supervisor and $auth_method isitemof $authentification_method |
| 633 | bpr | 28 | authdef=wimshome/log/classes/$sclass/.def |
| 29 | |||
| 30 | # don't use auth_user and auth_password, some characters are unvailable |
||
| 4993 | bpr | 31 | # parameters are empty for auth-cas |
| 633 | bpr | 32 | !readproc adm/class/auth-$auth_method $auth_user_connection,$auth_password_connection |
| 33 | |||
| 4993 | bpr | 34 | auth_user_orig=$auth_user |
| 35 | |||
| 4614 | bpr | 36 | # if ldap connection is OK, replace auth_user by $ldap_login (ie auth_test) |
| 4993 | bpr | 37 | !! !if ERROR notwordof $auth_test |
| 38 | !! !if $auth_test!=$empty |
||
| 39 | !! auth_test=OK |
||
| 40 | !! !endif |
||
| 41 | !! !endif |
||
| 633 | bpr | 42 | !endif |
| 4993 | bpr | 43 | ##### end of EXTERNAL connection - part 1 ##### |
| 633 | bpr | 44 | # now we can run the script |
| 4993 | bpr | 45 | ## for the moment, only for cas. TO FIX |
| 46 | !if $auth_method iswordof cas and $auth_user!=supervisor |
||
| 47 | auth_user=!lookup $auth_user in wimshome/log/classes/$sclass/.userlist_external |
||
| 48 | !endif |
||
| 23 | reyssat | 49 | auth_user=!translate internal . to @ in $auth_user |
| 50 | auth_user=!text select $char_login in $auth_user |
||
| 51 | auth_password=!text select $char_passwd in $auth_password |
||
| 52 | now=$wims_now |
||
| 53 | logfile=wimshome/log/classes/$class/.log.auth |
||
| 54 | logfiles=wimshome/log/classes/$class/.log |
||
| 55 | logline=$now $auth_user $$passwd $httpd_REMOTE_ADDR |
||
| 56 | |||
| 57 | !read adm/class/userdef classes,$class,$auth_user |
||
| 58 | |||
| 59 | pass=!defof user_password in $userdef |
||
| 4993 | bpr | 60 | # sclass=!defof class_superclass in wimshome/log/classes/$class/.def |
| 23 | reyssat | 61 | !if $sclass!=$empty and $sclass!=$class |
| 62 | upartic=!defof user_participate in $userdef |
||
| 63 | usuperv=!defof user_supervise in $userdef |
||
| 64 | pclass=!defof class_parent in wimshome/log/classes/$class/.def |
||
| 65 | !if / isin $pclass and ../$pclass/ isin ../$class |
||
| 66 | ss=!defof class_ocourses in wimshome/log/classes/$pclass/.def |
||
| 67 | !if $ss!=$empty |
||
| 68 | ss=!makelist $wims_superclass/xx for xx in $ss |
||
| 69 | upartic=!append item $ss to $upartic |
||
| 70 | !endif |
||
| 71 | !endif |
||
| 72 | coursecheck=!defof user_class in wimshome/log/classes/$class/.users/$auth_user |
||
| 73 | !if $coursecheck!=$empty |
||
| 74 | upartic=!append item $class to $upartic |
||
| 75 | !endif |
||
| 76 | !if $auth_user=supervisor and $wims_user=supervisor |
||
| 77 | ctype=!defof class_typename in wimshome/log/classes/$class/.def |
||
| 78 | prog=!defof sharing_exam in wimshome/log/classes/$class/neighbors |
||
| 79 | !if $ctype iswordof course icourse and $prog=$wims_class |
||
| 80 | pass=$current_pass |
||
| 81 | !endif |
||
| 82 | !endif |
||
| 83 | !if $class notitemof $upartic and $auth_user!=supervisor and $wims_user!=$supervisor |
||
| 84 | pass= |
||
| 85 | !endif |
||
| 86 | # These lines should be opened later to close this possibility. |
||
| 87 | # !if $auth_user=supervisor and $wims_user=$empty |
||
| 88 | # pass= |
||
| 89 | # !endif |
||
| 90 | !endif |
||
| 91 | |||
| 4993 | bpr | 92 | ##### final test of external connection ##### |
| 93 | # finaly, we must check if user is allowed in class |
||
| 633 | bpr | 94 | |
| 23 | reyssat | 95 | exist_check=!defof user_exists in $userdef |
| 4993 | bpr | 96 | !if OK iswordof $auth_test and $auth_method isitemof $authentification_method |
| 97 | !if $exist_check issametext yes |
||
| 98 | !goto auth_ok |
||
| 99 | !else |
||
| 100 | !setdef user_auth=$auth_user_orig in wimshome/$wims_sesdir/var.stat |
||
| 101 | !endif |
||
| 23 | reyssat | 102 | !endif |
| 4993 | bpr | 103 | ##### end of final test of external connection ##### |
| 23 | reyssat | 104 | |
| 105 | pass=!passcrypt $pass |
||
| 106 | !if $pass=$empty |
||
| 107 | passwd=???? |
||
| 108 | !appendfile $logfile $logline |
||
| 3494 | bpr | 109 | auth_user=$auth_user_orig |
| 23 | reyssat | 110 | error=bad_password |
| 111 | !exit |
||
| 112 | !endif |
||
| 113 | |||
| 114 | !if $wims_superclass!=$empty and $wims_user!=supervisor and $auth_user!=$wims_user |
||
| 115 | supervisable=!defof user_supervisable in wimshome/log/classes/$wims_superclass/.users/$wims_user |
||
| 116 | !if $supervisable!=yes |
||
| 117 | current_pass= |
||
| 118 | !endif |
||
| 119 | !endif |
||
| 120 | |||
| 121 | cps=!passcrypt $current_pass |
||
| 122 | !if ($auth_user!=$empty and $class $auth_user isitemof $wims_otherclass) or \ |
||
| 123 | ($current_pass!=$empty and $cps iswordof $pass) or \ |
||
| 124 | ($auth_user=$wims_user and $class isitemof $wims_participate) or \ |
||
| 125 | ($auth_user=supervisor and $wims_user=supervisor and \ |
||
| 126 | (../$wims_class/ isin ../$class/ or $sclass=$wims_class)) or \ |
||
| 127 | ($auth_user=supervisor and $class isitemof $wims_supervise) |
||
| 128 | !goto auth_ok |
||
| 129 | !endif |
||
| 130 | |||
| 131 | !if $auth_password=$empty |
||
| 132 | !exit |
||
| 133 | !endif |
||
| 134 | |||
| 135 | !read adm/class/authdelay |
||
| 136 | !if $auth_password notwordof $pass |
||
| 137 | passwd=?????? |
||
| 138 | !appendfile $logfile $logline |
||
| 3494 | bpr | 139 | auth_user=$auth_user_orig |
| 23 | reyssat | 140 | error=bad_password |
| 141 | !exit |
||
| 142 | !endif |
||
| 143 | |||
| 144 | :auth_ok |
||
| 145 | !if $auth_user=supervisor and $wims_user!=$empty and $wims_user!=supervisor and \ |
||
| 146 | $class notitemof $wims_supervise |
||
| 147 | userdef_save=$userdef |
||
| 148 | !read adm/class/userdef classes,$wims_class,$wims_user |
||
| 149 | !exchange userdef_save,userdef |
||
| 150 | spv=!defof user_supervisable in $userdef_save |
||
| 151 | !if $spv=yes |
||
| 152 | wims_supervise=!append item $class to $wims_supervise |
||
| 153 | !setdef !set user_supervise=$wims_supervise in $userdef_save |
||
| 154 | !endif |
||
| 155 | !endif |
||
| 156 | n=!positionof word $auth_password in $pass |
||
| 157 | n=!item 1 of $n |
||
| 158 | !if $n!=$empty |
||
| 159 | passwd=OK$n $ |
||
| 160 | !else |
||
| 161 | passwd=$wims_class |
||
| 162 | !endif |
||
| 163 | # one-time password |
||
| 164 | !if $n!=$empty and $n>1 |
||
| 165 | pass=!replace word $auth_password by $ in $pass |
||
| 166 | pass=!singlespace $pass |
||
| 167 | pass=!trim $pass |
||
| 168 | !setdef !set user_password=$pass in $userdef |
||
| 169 | !endif |
||
| 170 | |||
| 171 | !defread $userdef |
||
| 172 | ctype=!defof class_type in wimshome/log/classes/$class/.def |
||
| 173 | !if $ctype=4 and $auth_user!=supervisor and $user_supervisable!=yes\ |
||
| 174 | and (/ notin $wims_class or ../$wims_superclass/ notin ../$wims_class/) |
||
| 175 | utest=!itemcnt $user_participate |
||
| 176 | !if $utest=1 and / isin $user_participate |
||
| 177 | class=!item 1 of $user_participate |
||
| 178 | !defread wimshome/log/classes/$class/.def |
||
| 179 | !endif |
||
| 180 | !endif |
||
| 181 | clang=!defof class_lang in wimshome/log/classes/$class/.def |
||
| 182 | |||
| 4360 | guerimand | 183 | |
| 184 | |||
| 23 | reyssat | 185 | !if $auth_user=supervisor |
| 186 | sech=!defof class_secure in wimshome/log/classes/$class/.def |
||
| 187 | sech=!trim $sech |
||
| 188 | !if $sech=$empty |
||
| 189 | t=0 |
||
| 190 | !else |
||
| 191 | t=!checkhost $sech |
||
| 192 | !if $t<1 |
||
| 193 | t=-1 |
||
| 194 | !endif |
||
| 195 | !endif |
||
| 196 | sup_secure=$t |
||
| 197 | !else |
||
| 198 | !read adm/class/raftest |
||
| 199 | !if $raftest>$lastallow |
||
| 200 | error=recent_rafale |
||
| 201 | !exit |
||
| 202 | !endif |
||
| 203 | sup_secure=-1 |
||
| 4424 | bpr | 204 | !if $user_agreecgu notwordof yes external |
| 4360 | guerimand | 205 | error=no_cgu |
| 206 | !exit |
||
| 207 | !endif |
||
| 23 | reyssat | 208 | !endif |
| 209 | |||
| 210 | !read adm/class/authprep $class,$auth_user |
||
| 211 | |||
| 212 | !if $logfile!=$empty |
||
| 213 | !if $auth_user=supervisor |
||
| 214 | !appendfile $logfiles $now $httpd_REMOTE_ADDR supervisor login |
||
| 215 | !else |
||
| 216 | !appendfile $logfile $logline |
||
| 217 | !endif |
||
| 218 | !endif |
||
| 219 | |||
| 220 | !if $class_lock=7 and $auth_user!=supervisor |
||
| 221 | !usererror class_closed |
||
| 222 | !exit |
||
| 223 | !endif |
||
| 224 | |||
| 225 | !if $class_lock iswordof 2 4 6 |
||
| 226 | !set wims_protocol=https |
||
| 227 | !endif |
||
| 228 | !if $wims_user=$empty and $changesession!=no |
||
| 229 | !writefile wimshome/$wims_sesdir/var.class.prep $classdef |
||
| 230 | random=!randint 10^5,10^9 |
||
| 231 | !restart session=new.$random&lang=$clang&old_session=$wims_session&module=home |
||
| 232 | !else |
||
| 233 | !setdef $classdef in wimshome/$wims_sesdir/var.stat |
||
| 234 | !sh cd $wims_home\ |
||
| 235 | rm -Rf $(wims_sesdir)_*\ |
||
| 236 | mkdir -p log/classes/$class/score $wims_sesdir/getfile\ |
||
| 237 | rm -f $wims_sesdir/exam*\ |
||
| 238 | rm -f $wims_sesdir/getfile/oefimages\ |
||
| 239 | ln -s $wims_home/log/classes/$class/src/images $wims_sesdir/getfile/oefimages |
||
| 240 | !restart lang=$clang&module=home |
||
| 241 | !endif |
||
| 242 |