← Back to branch summary

~ubuntu-branches/ubuntu/natty/moodle/natty

« back to all changes in this revision

Viewing changes to auth/shibboleth/logout.php

  • Committer: Bazaar Package Importer
  • Author(s): Tomasz Muras
  • Date: 2010-10-30 12:19:28 UTC
  • mfrom: (1.1.12 upstream) (3.1.10 squeeze)
  • Revision ID: james.westby@ubuntu.com-20101030121928-qzobi6mctpnk4dif
Tags: 1.9.9.dfsg2-2
http://bugs.debian.org/596820
http://bugs.debian.org/601384
* Added Romanian translation
* Updated Japanese translation (closes: #596820)
* Backporting security fixes from Moodle 1.9.10 (closes: #601384)
   - Updated embedded CAS to 1.1.3
   - Added patch for MDL-24523:
     clean_text() not filtering text in markdown format
   - Added patch for MDL-24810 and upgraded customized HTML Purifier to 4.2.0 
   - Added patch for MDL-24258:
     students can delete their forum posts later than $CFG->maxeditingtime 
     under certain conditions
   - Added patch for MDL-23377:
     Can't delete quiz attempts in course without enrolled students

Show diffs side-by-side

added added

removed removed

Lines of Context:
auth/shibboleth/logout.php
1
 
<?php // $Id: logout.php,v 1.1.2.1 2008/12/04 16:27:00 exe-cutor Exp $
 
1
<?php // $Id: logout.php,v 1.1.2.4 2009/11/19 10:14:38 skodak Exp $
2
2
 
3
3
// Implements logout for Shibboleth authenticated users according to:
4
4
// - https://spaces.internet2.edu/display/SHIB2/NativeSPLogoutInitiator
9
9
require_once($CFG->dirroot."/auth/shibboleth/auth.php");
10
10
 
11
11
 
 
12
// Find out whether host supports https
 
13
$protocol = 'http://';
 
14
if ( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on'){
 
15
        $protocol = 'https://';
 
16
 
17
 
12
18
// Front channel logout
13
19
if (
14
 
                isset($_GET['return']) 
15
 
                && isset($_GET['action'])
16
 
                && $_GET['action'] == 'logout'
 
20
        isset($_GET['return']) 
 
21
        && isset($_GET['action'])
 
22
        && $_GET['action'] == 'logout'
17
23
   ){
18
 
        
19
 
        // Logout out user from application
20
 
        // E.g. destroy application session/cookie etc
21
 
        require_logout();
22
 
        
23
 
        // Finally, send user to the return URL
24
 
        redirect($_GET['return']);
 
24
    
 
25
    // Logout out user from application
 
26
    // E.g. destroy application session/cookie etc
 
27
    require_logout();
 
28
    
 
29
    // Finally, send user to the return URL
 
30
    redirect($_GET['return']);
25
31
}
26
32
 
27
33
// Back channel logout
28
34
elseif (!empty($HTTP_RAW_POST_DATA)) {
29
 
        
30
 
        // Requires PHP 5
31
 
        
32
 
        // Set SOAP header
33
 
        $server = new SoapServer('https://'.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl');
34
 
        $server->addFunction("LogoutNotification");
35
 
        $server->handle();
 
35
    
 
36
    // Requires PHP 5
 
37
    
 
38
    
 
39
    // Set SOAP header
 
40
    $server = new SoapServer($protocol.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'].'/LogoutNotification.wsdl');
 
41
    
 
42
    
 
43
    $server->addFunction("LogoutNotification");
 
44
    $server->handle();
36
45
37
46
 
38
47
// Return WSDL
39
48
else {
40
 
        
41
 
        header('Content-Type: text/xml');
42
 
        
43
 
        echo <<<WSDL
 
49
    
 
50
    header('Content-Type: text/xml');
 
51
    
 
52
    echo <<<WSDL
44
53
<?xml version ="1.0" encoding ="UTF-8" ?>
45
54
<definitions name="LogoutNotification"
46
55
  targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
61
70
- https://spaces.internet2.edu/display/SHIB2/NativeSPNotify
62
71
-->
63
72
 
64
 
        <types>
65
 
           <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
66
 
                   xmlns="http://www.w3.org/2000/10/XMLSchema"
67
 
                   xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
68
 
                        
69
 
                        <simpleType name="string">
70
 
                                <restriction base="string">
71
 
                                        <minLength value="1"/>
72
 
                                </restriction>
73
 
                        </simpleType>
74
 
                        
75
 
                        <element name="OK" type="notify:OKType"/>
76
 
                        <complexType name="OKType">
77
 
                                <sequence/>
78
 
                        </complexType>
79
 
                        
80
 
                </schema>
81
 
        </types>
82
 
        
83
 
        <message name="getLogoutNotificationRequest">
84
 
                <part name="SessionID" type="notify:string" />
85
 
        </message>
86
 
        
87
 
        <message name="getLogoutNotificationResponse" >
88
 
                <part name="OK"/>
89
 
        </message>
90
 
        
91
 
        <portType name="LogoutNotificationPortType">
92
 
                <operation name="LogoutNotification">
93
 
                        <input message="getLogoutNotificationRequest"/>
94
 
                        <output message="getLogoutNotificationResponse"/>
95
 
                </operation>
96
 
        </portType>
97
 
        
98
 
        <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
99
 
                <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
100
 
                <operation name="LogoutNotification">
101
 
                        <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
102
 
                </operation>
103
 
        </binding>
104
 
        
105
 
        <service name="LogoutNotificationService">
106
 
                  <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
107
 
                        <soap:address location="https://{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"/>
108
 
                  </port>
109
 
        </service>
 
73
    <types>
 
74
       <schema targetNamespace="urn:mace:shibboleth:2.0:sp:notify"
 
75
           xmlns="http://www.w3.org/2000/10/XMLSchema"
 
76
           xmlns:notify="urn:mace:shibboleth:2.0:sp:notify">
 
77
            
 
78
            <simpleType name="string">
 
79
                <restriction base="string">
 
80
                    <minLength value="1"/>
 
81
                </restriction>
 
82
            </simpleType>
 
83
            
 
84
            <element name="OK" type="notify:OKType"/>
 
85
            <complexType name="OKType">
 
86
                <sequence/>
 
87
            </complexType>
 
88
            
 
89
        </schema>
 
90
    </types>
 
91
    
 
92
    <message name="getLogoutNotificationRequest">
 
93
        <part name="SessionID" type="notify:string" />
 
94
    </message>
 
95
    
 
96
    <message name="getLogoutNotificationResponse" >
 
97
        <part name="OK"/>
 
98
    </message>
 
99
    
 
100
    <portType name="LogoutNotificationPortType">
 
101
        <operation name="LogoutNotification">
 
102
            <input message="getLogoutNotificationRequest"/>
 
103
            <output message="getLogoutNotificationResponse"/>
 
104
        </operation>
 
105
    </portType>
 
106
    
 
107
    <binding name="LogoutNotificationBinding" type="notify:LogoutNotificationPortType">
 
108
        <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
 
109
        <operation name="LogoutNotification">
 
110
            <soap:operation soapAction="urn:xmethods-logout-notification#LogoutNotification"/>
 
111
        </operation>
 
112
    </binding>
 
113
    
 
114
    <service name="LogoutNotificationService">
 
115
          <port name="LogoutNotificationPort" binding="notify:LogoutNotificationBinding">
 
116
            <soap:address location="{$protocol}{$_SERVER['HTTP_HOST']}{$_SERVER['PHP_SELF']}"/>
 
117
          </port>
 
118
    </service>
110
119
</definitions>
111
120
WSDL;
112
 
        exit;
 
121
    exit;
113
122
 
114
123
}
115
124
 
116
125
/******************************************************************************/
117
126
 
118
127
function LogoutNotification($SessionID){
119
 
        
120
 
        global $CFG, $SESSION;
121
 
        
122
 
        // Delete session of user using $SessionID
123
 
        if(empty($CFG->dbsessions)) {
124
 
                
125
 
                // File session
126
 
                $dir = $CFG->dataroot .'/sessions';
127
 
                if (is_dir($dir)) {
128
 
                        if ($dh = opendir($dir)) {
129
 
                                while (($file = readdir($dh)) !== false) {
130
 
                                        //echo $dir.'/'.$file."\n";exit;
131
 
                                        if (is_file($dir.'/'.$file)){
132
 
                                                $session_key = ereg_replace('sess_', '', $file);
133
 
                                                
134
 
                                                $data = file($dir.'/'.$file);
135
 
                                           if (isset($data[0])){
136
 
                                                        $user_session = unserializesession($data[0]);
137
 
                                                        
138
 
                                                        if (isset($user_session['SESSION']) && isset($user_session['SESSION']->shibboleth_session_id)){
139
 
                                                                //echo '2. Shibboleth Session (from filesystem session) of '.$user_session['USER']->username.':' .$user_session['SESSION']->shibboleth_session_id."\n";
140
 
                                                                // If there is a match, delete file
141
 
                                                                if ($user_session['SESSION']->shibboleth_session_id == $SessionID){
142
 
                                                                        // Delete this file
143
 
                                                                        if (!unlink($dir.'/'.$file)){
144
 
                                                                                return new SoapFault('LogoutError', 'Could not delete Moodle session file.');
145
 
                                                                        }
146
 
                                                                }
147
 
                                                        }
148
 
                                                        //print_r($user_session);
149
 
                                                }
150
 
                                                
151
 
                                                //echo "Moodle session: $session_key \n";
152
 
                                                //echo "filename: $file \n";
153
 
                                        }
154
 
                                }
155
 
                                closedir($dh);
156
 
                        }
157
 
                }
158
 
        } else {
159
 
                // DB Session
160
 
                if (!empty($CFG->sessiontimeout)) {
161
 
                        $ADODB_SESS_LIFE   = $CFG->sessiontimeout;
162
 
                }
163
 
                
164
 
                        if ($user_session_data = get_records_sql('SELECT sesskey, sessdata FROM '. $CFG->prefix .'sessions2 WHERE expiry > NOW()')) {
165
 
                        foreach ($user_session_data as $session_data) {
166
 
                                
167
 
                                //print_r($session_data);
168
 
                                $user_session = adodb_unserialize( urldecode($session_data->sessdata) );
169
 
                                
170
 
                                if (isset($user_session['SESSION']) && isset($user_session['SESSION']->shibboleth_session_id)){
171
 
                                        //echo '3. Shibboleth Session (from ADODB session) of '.$user_session['USER']->username.':' .$user_session['SESSION']->shibboleth_session_id."\n";
172
 
                                        
173
 
                                        // If there is a match, delete file
174
 
                                        if ($user_session['SESSION']->shibboleth_session_id == $SessionID){
175
 
                                                // Delete this session entry
176
 
                                                if (ADODB_Session::destroy($session_data->sesskey) !== true){
177
 
                                                        return new SoapFault('LogoutError', 'Could not delete Moodle session entry in database.');
178
 
                                                }
179
 
                                        }
180
 
                                }
181
 
                                
182
 
                                //print_r($user_session);
183
 
                        }
184
 
                }
185
 
        }
186
 
        
187
 
        // If now SoapFault was thrown the function will return OK as the SP assumes
188
 
        
 
128
    
 
129
    global $CFG, $SESSION;
 
130
    
 
131
    // Delete session of user using $SessionID
 
132
    if(empty($CFG->dbsessions)) {
 
133
        
 
134
        // File session
 
135
        $dir = $CFG->dataroot .'/sessions';
 
136
        if (is_dir($dir)) {
 
137
            if ($dh = opendir($dir)) {
 
138
                // Read all session files
 
139
                while (($file = readdir($dh)) !== false) {
 
140
                    // Check if it is a file
 
141
                    if (is_file($dir.'/'.$file)){
 
142
                        $session_key = ereg_replace('sess_', '', $file);
 
143
                        
 
144
                        // Read session file data
 
145
                        $data = file($dir.'/'.$file);
 
146
                        if (isset($data[0])){
 
147
                            $user_session = unserializesession($data[0]);
 
148
                            
 
149
                            // Check if we have found session that shall be deleted 
 
150
                            if (isset($user_session['SESSION']) && isset($user_session['SESSION']->shibboleth_session_id)){
 
151
                                
 
152
                                // If there is a match, delete file
 
153
                                if ($user_session['SESSION']->shibboleth_session_id == $SessionID){
 
154
                                    // Delete session file
 
155
                                    if (!unlink($dir.'/'.$file)){
 
156
                                        return new SoapFault('LogoutError', 'Could not delete Moodle session file.');
 
157
                                    }
 
158
                                }
 
159
                            }
 
160
                        }
 
161
                    }
 
162
                }
 
163
                closedir($dh);
 
164
            }
 
165
        }
 
166
    } else {
 
167
        // DB Session
 
168
        if (!empty($CFG->sessiontimeout)) {
 
169
            $ADODB_SESS_LIFE   = $CFG->sessiontimeout;
 
170
        }
 
171
        
 
172
            if ($user_session_data = get_records_sql('SELECT sesskey, sessdata FROM '. $CFG->prefix .'sessions2 WHERE expiry > NOW()')) {
 
173
            foreach ($user_session_data as $session_data) {
 
174
                
 
175
                // Get user session
 
176
                $user_session = adodb_unserialize( urldecode($session_data->sessdata) );
 
177
                
 
178
                if (isset($user_session['SESSION']) && isset($user_session['SESSION']->shibboleth_session_id)){
 
179
                    
 
180
                    // If there is a match, delete file
 
181
                    if ($user_session['SESSION']->shibboleth_session_id == $SessionID){
 
182
                        // Delete this session entry
 
183
                        if (ADODB_Session::destroy($session_data->sesskey) !== true){
 
184
                            return new SoapFault('LogoutError', 'Could not delete Moodle session entry in database.');
 
185
                        }
 
186
                    }
 
187
                }
 
188
            }
 
189
        }
 
190
    }
 
191
    
 
192
    // If now SoapFault was thrown the function will return OK as the SP assumes
 
193
    
189
194
}
190
195
 
191
196
/*****************************************************************************/
192
197
 
193
198
// Same function as in adodb, but cannot be used for file session for some reason...
194
199
function unserializesession( $serialized_string ){
195
 
        $variables = array( );
196
 
        $a = preg_split( "/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE );
197
 
        for( $i = 0; $i < count( $a ); $i = $i+2 ) {
198
 
                        $variables[$a[$i]] = unserialize( $a[$i+1] );
199
 
        }
200
 
        return( $variables );
 
200
    $variables = array( );
 
201
    $a = preg_split( "/(\w+)\|/", $serialized_string, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE );
 
202
    for( $i = 0; $i < count( $a ); $i = $i+2 ) {
 
203
            $variables[$a[$i]] = unserialize( $a[$i+1] );
 
204
    }
 
205
    return( $variables );
201
206
}
202
207
 
203
 
 
204
208
?>