moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed bug 2012

Browse source 
Started work with bug 2007
Bug 1969 is partacaly fixed. ldap-module supports now password expiration.
Some work with bugs 761 and 1730

Changes in login/index.php
Reordered some code to make variables reusable in multiple places.
Added redirection in case of expired password
This commit is contained in:
paca70 2004-09-28 12:39:20 +00:00
parent 86fd04ff4c
commit 089b19f631
4 changed files with 161 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

7
auth/ldap/config.html
View file

@ -241,7 +241,6 @@ if (!function_exists('ldap_connect')){ // Is php4-ldap really there?
<tr>
<td colspan="2">
<h4><?php print_string("auth_ldap_passwdexpire_settings", "auth") ?> </h4>
<p> NOTE! This just configuration interface for expiration, code does not support expiration yet.!</p>
</td>
</tr>
@ -249,9 +248,9 @@ if (!function_exists('ldap_connect')){ // Is php4-ldap really there?
<td align="right"><P>ldap_expiration:</td>
<td>
<?php
$expiration['internal'] = "No";
$expiration['ldap'] = "LDAP";
choose_from_menu($expiration, "ldap_expriration", $config->ldap_expiration, "");
$expiration['0'] = "No";
$expiration['1'] = "LDAP";
choose_from_menu($expiration, "ldap_expiration", $config->ldap_expiration, "");
if (isset($err["ldap_expiration"])) formerr($err["ldap_expiration"]);
?>
</td>

112
auth/ldap/lib.php
View file

@ -257,6 +257,40 @@ function auth_get_users($filter='*') {
return $fresult;
}
function auth_password_expire($username) {
// returns number of days to password expiration
// 0 if passowrd does not expire
// or negative value if password is already expired
global $CFG ;
$result = false;
$ldapconnection = auth_ldap_connect();
$user_dn = auth_ldap_find_userdn($ldapconnection, $username);
$search_attribs = array($CFG->ldap_expireattr);
$sr = ldap_read($ldapconnection, $user_dn, 'objectclass=*', $search_attribs);
if ($sr) {
$info=ldap_get_entries($ldapconnection, $sr);
if ( empty($info[0][strtolower($CFG->ldap_expireattr)][0])) {
//error_log("ldap: no expiration value".$info[0][$CFG->ldap_expireattr]);
// no expiration attribute, password does not expire
$result = 0;
} else {
$now = time();
$expiretime = auth_ldap_expirationtime2unix($info[0][strtolower($CFG->ldap_expireattr)][0]);
if ($expiretime > $now) {
$result = ceil(($expiretime - $now) / DAYSECS);
} else {
$result = floor(($expiretime - $now) / DAYSECS);
}
}
} else {
error_log("ldap: auth_password_expire did't find expiration time!.");
}
//error_log("ldap: auth_password_expire user $user_dn expires in $result days!");
return $result;
}
function auth_sync_users ($unsafe_optimizations = false, $bulk_insert_records = 1) {
//Syncronizes userdb with ldap
//This will add, rename
@ -545,7 +579,7 @@ function auth_ldap_init () {
global $CFG;
$default['ldap_objectclass'] = array(
'edir' => 'inetOrgPerson',
'edir' => 'User',
'posix' => 'posixAccount',
'samba' => 'sambaSamAccount',
'ad' => 'user',
@ -559,12 +593,28 @@ function auth_ldap_init () {
'default' => 'cn'
);
$default['ldap_memberattribute'] = array(
'edir' => 'groupMembership',
'edir' => 'member',
'posix' => 'member',
'samba' => 'member',
'ad' => 'member', //is this right?
'default' => 'member'
);
$default['ldap_memberattribute_isdn'] = array(
'edir' => '1',
'posix' => '0',
'samba' => '0', //is this right?
'ad' => '0', //is this right?
'default' => '0'
);
$default['ldap_expireattr'] = array (
'edir' => 'passwordExpirationTime',
'posix' => 'shadowExpire',
'samba' => '', //No support yet
'ad' => '', //No support yet
'default' => ''
);
foreach ($default as $key => $value) {
//set defaults if overriding fields not set
@ -572,7 +622,7 @@ function auth_ldap_init () {
if (!empty($CFG->ldap_user_type) && !empty($default[$key][$CFG->ldap_user_type])) {
$CFG->{$key} = $default[$key][$CFG->ldap_user_type];
}else {
//use defaut value if user_type not set
//use default value if user_type not set
if(!empty($default[$key]['default'])){
$CFG->$key = $default[$key]['default'];
}else {
@ -589,29 +639,63 @@ function auth_ldap_init () {
//all chages go in $CFG , no need to return value
}
function auth_ldap_expirationtime2unix ($time) {
// takes expriration timestamp readed from ldap
// returns it as unix seconds
// depends on $CFG->usertype variable
global $CFG;
$result = false;
switch ($CFG->ldap_user_type) {
case 'edir':
$yr=substr($time,0,4);
$mo=substr($time,4,2);
$dt=substr($time,6,2);
$hr=substr($time,8,2);
$min=substr($time,10,2);
$sec=substr($time,12,2);
$result = mktime($hr,$min,$sec,$mo,dt,$yr);
break;
case 'posix':
$result = $time * DAYSECS ; //The shadowExpire contains the number of DAYS between 01/01/1970 and the actual expiration date
break;
default:
error('CFG->ldap_user_type not defined or function auth_ldap_expirationtime2unix does not support selected type!');
}
return $result;
}
function auth_ldap_isgroupmember ($username='', $groupdns='') {
// Takes username and groupdn(s) , separated by ;
// Returns true if user is member of any given groups
global $CFG, $USER;
global $CFG ;
$result = false;
$ldapconnection = auth_ldap_connect();
if (empty($username) OR empty($groupdns)) {
return false;
return $result;
}
if ($CFG->ldap_memberattribute_isdn) {
$username=auth_ldap_find_userdn($ldapconnection, $username);
}
$groups = explode(";",$groupdns);
//build filter
$filter = "(& ($CFG->ldap_user_attribute=$username)(|";
foreach ($groups as $group){
$filter .= "($CFG->ldap_memberattribute=$group)";
}
$filter .= "))";
//search
$result = auth_ldap_get_userlist($filter);
$search = @ldap_read($ldapconnection, $group, '('.$CFG->ldap_memberattribute.'='.$username.')', array($CFG->ldap_memberattribute));
if ($search) {$info = ldap_get_entries($ldapconnection, $search);
return count($result);
if ($info['count'] > 0 ) {
// user is member of group
$result = true;
break;
}
}
}
return $result;
}
function auth_ldap_connect(){

2
lang/en/auth.php
View file

@ -77,6 +77,8 @@ $string['auth_nonedescription'] = 'Users can sign in and create valid accounts i
$string['auth_nonetitle'] = 'No authentication';
$string['auth_pamdescription'] = 'This method uses PAM to access the native usernames on this server. You have to install <a href=\"http://www.math.ohio-state.edu/~ccunning/pam_auth/\" target=\"_blank\">PHP4 PAM Authentication</a> in order to use this module.';
$string['auth_pamtitle'] = 'PAM (Pluggable Authentication Modules)';
$string['auth_passwordwillexpire'] = 'Your password will expire in $a days. Do you want change your password now?';
$string['auth_passwordisexpired'] = 'Your password is expired. Do you want change your password now?';
$string['auth_pop3description'] = 'This method uses a POP3 server to check whether a given username and password is valid.';
$string['auth_pop3host'] = 'The POP3 server address. Use the IP number, not DNS name.';
$string['auth_pop3mailbox'] = 'Name of the mailbox to attempt a connection with. (usually INBOX)';

83
login/index.php
View file

@ -21,6 +21,27 @@
}
}
//Define variables used in page
if (!$site = get_site()) {
error("No site found!");
}
if (empty($CFG->langmenu)) {
$langmenu = "";
} else {
$currlang = current_language();
$langs = get_list_of_languages();
if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
} else {
$wwwroot = str_replace('http','https',$CFG->wwwroot);
}
$langmenu = popup_form ("$wwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
}
$loginsite = get_string("loginsite");
$frm = false;
if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,"username=guest")) or $loginguest) {
/// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
@ -69,13 +90,19 @@
unset($SESSION->lang);
$SESSION->justloggedin = true;
//Select password change url
if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
} elseif($CFG->changepassword) {
$passwordchangeurl=$CFG->changepassword;
}
// check whether the user should be changing password
reload_user_preferences();
if ($USER->preference['auth_forcepasswordchange']){
if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
redirect("$CFG->wwwroot/login/change_password.php");
} elseif($CFG->changepassword) {
redirect($CFG->changepassword);
if (isset($passwordchangeurl)) {
redirect($passwordchangeurl);
} else {
error("You cannot proceed without changing your password.
However there is no available page for changing it.
@ -83,16 +110,39 @@
}
}
if (user_not_fully_set_up($USER)) {
redirect("$CFG->wwwroot/user/edit.php?id=$USER->id&amp;course=".SITEID);
$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
} else if (strpos($wantsurl, $CFG->wwwroot) === 0) { /// Matches site address
redirect($wantsurl);
$urltogo = $wantsurl;
} else {
redirect("$CFG->wwwroot/"); /// Go to the standard home page
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
}
// check if user password has expired
// Currently supported only for ldap-authentication module
if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) {
if (function_exists('auth_password_expire')){
$days2expire = auth_password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0 ) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
}
}
}
redirect($urltogo);
reset_login_count();
die;
@ -128,25 +178,6 @@
$show_instructions = false;
}
if (!$site = get_site()) {
error("No site found!");
}
if (empty($CFG->langmenu)) {
$langmenu = "";
} else {
$currlang = current_language();
$langs = get_list_of_languages();
if (empty($CFG->loginhttps)) {
$wwwroot = $CFG->wwwroot;
} else {
$wwwroot = str_replace('http','https',$CFG->wwwroot);
}
$langmenu = popup_form ("$wwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
}
$loginsite = get_string("loginsite");
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
include("index_form.html");
print_footer();