moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added support for usercreation from Moodle to authentication module.

Browse source 
Works currently only with ldap-module (tested with e-directory), but
 other modules could be extended too by
adding following functions:

function auth_user_exists ($username) {
//returns true if given username  already exists on authetication database
}

function auth_user_create ($userobject,$plainpass) {
//create new user to authentication database
//in inactive state (if posible)
//returns true if user is created
}
function auth_user_activate ($username) {
//activate external user  after email-address is confirmed
//returns true if user is activated
}
This commit is contained in:
paca70 2003-02-20 21:39:51 +00:00
parent 47623d4f8f
commit 5f2c35db18
10 changed files with 175 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

21
admin/auth.php
View file

@ -2,7 +2,7 @@
// config.php - allows admin to edit all configuration variables // config.php - allows admin to edit all configuration variables
include("../config.php"); include("../config.php");
require_once("$CFG->dirroot/auth/$CFG->auth/lib.php"); //just to make sure that authentication functions are loaded
require_login(); require_login();
if (!$site = get_site()) { if (!$site = get_site()) {
@ -80,6 +80,9 @@
$guestoptions[0] = get_string("hide"); $guestoptions[0] = get_string("hide");
$guestoptions[1] = get_string("show"); $guestoptions[1] = get_string("show");
$createoptions[0] = get_string("no");
$createoptions[1] = get_string("yes");
$stradministration = get_string("administration"); $stradministration = get_string("administration");
$strauthentication = get_string("authentication"); $strauthentication = get_string("authentication");
$strauthenticationoptions = get_string("authenticationoptions","auth"); $strauthenticationoptions = get_string("authenticationoptions","auth");
@ -134,10 +137,22 @@
echo "</td>"; echo "</td>";
echo "<td>"; echo "<td>";
print_string("showguestlogin","auth"); print_string("showguestlogin","auth");
echo "</td></tr></table>"; echo "</td></tr>";
if (function_exists('auth_user_create')){
echo "<tr valign=\"top\">";
echo "<td align=right nowrap><p>";
print_string("auth_user_create", "auth");
echo ":</p></td>";
echo "<td>";
choose_from_menu($createoptions, "auth_user_create", $config->auth_user_create, "");
echo "</td>";
echo "<td>";
print_string("auth_user_creation","auth");
echo "</td></tr>";
}
echo "<CENTER><P><INPUT TYPE=\"submit\" VALUE=\""; echo "</table><CENTER><P><INPUT TYPE=\"submit\" VALUE=\"";
print_string("savechanges"); print_string("savechanges");
echo "\"></P></CENTER></FORM>"; echo "\"></P></CENTER></FORM>";

2
admin/cron.php
View file

@ -21,7 +21,7 @@
$starttime = microtime(); $starttime = microtime();
require_once("../config.php"); require_once("/usr/local/moodle/config.php");
echo "<PRE>\n"; echo "<PRE>\n";

10
auth/ldap/config.html
View file

@ -82,7 +82,15 @@
</TD> </TD>
</TR> </TR>
<TR VALIGN=TOP BGCOLOR="<?=$THEME->cellheading2 ?>">
<TD ALIGN=RIGHT><P>ldap_create_context:</TD>
<TD>
<INPUT name=ldap_create_context TYPE=text SIZE=30 VALUE="<?=$config->ldap_create_context?>">
<? if (isset($err["ldap_create_context"])) formerr($err["ldap_create_context"]); ?>
</TD><TD>
<? print_string("auth_ldap_create_context","auth") ?>
</TD>
</TR>
<TR> <TR>
<TD ALIGN=RIGHT><P><? print_string("firstname") ?>:</TD> <TD ALIGN=RIGHT><P><? print_string("firstname") ?>:</TD>

123
auth/ldap/lib.php
View file

@ -1,10 +1,11 @@
<?PHP // $Id$ <?PHP // $Id$
//CHANGELOG: //CHANGELOG:
//20.02.2003 Added support for user creation
//12.10.2002 Reformatted source for consistency //12.10.2002 Reformatted source for consistency
//03.10.2002 First version to CVS //03.10.2002 First version to CVS
//29.09.2002 Clean up and splitted code to functions v. 0.02 //29.09.2002 Clean up and splitted code to functions v. 0.02
//29.09.2002 LDAP authentication functions v. 0.01 //29.09.2002 LDAP authentication functions v. 0.01
//Distributed under GPL (c)Petri Asikainen 2002 //Distributed under GPL (c)Petri Asikainen 2002-2003
function auth_user_login ($username, $password) { function auth_user_login ($username, $password) {
@ -48,24 +49,15 @@ function auth_get_userinfo($username){
/// reads userinformation from ldap and return it in array() /// reads userinformation from ldap and return it in array()
global $CFG; global $CFG;
$config = (array)$CFG; $config = (array)$CFGo;
$fields = array("firstname", "lastname", "email", "phone1", "phone2", $moodleattributes = auth_ldap_attributes();
"department", "address", "city", "country", "description",
"idnumber", "lang");
$moodleattributes = array();
foreach ($fields as $field) {
if ($config["auth_user_$field"]) {
$moodleattributes[$field] = $config["auth_user_$field"];
}
}
$ldap_connection=auth_ldap_connect(); $ldap_connection=auth_ldap_connect();
$result = array(); $result = array();
$search_attribs = array(); $search_attribs = array();
foreach ($moodleattributes as $key=>$value) { foreach ($attrmap as $key=>$value) {
array_push($search_attribs, $value); array_push($search_attribs, $value);
} }
@ -79,7 +71,7 @@ function auth_get_userinfo($username){
if ($user_info_result) { if ($user_info_result) {
$user_entry = ldap_get_entries($ldap_connection, $user_info_result); $user_entry = ldap_get_entries($ldap_connection, $user_info_result);
foreach ($moodleattributes as $key=>$value){ foreach ($attrmap as $key=>$value){
if(isset($user_entry[0][$value][0])){ if(isset($user_entry[0][$value][0])){
$result[$key]=$user_entry[0][$value][0]; $result[$key]=$user_entry[0][$value][0];
} }
@ -93,7 +85,7 @@ function auth_get_userinfo($username){
function auth_get_userlist() { function auth_get_userlist($filter="*") {
/// returns all users from ldap servers /// returns all users from ldap servers
global $CFG; global $CFG;
@ -107,18 +99,22 @@ function auth_get_userlist() {
} }
$contexts = explode(";",$CFG->ldap_contexts); $contexts = explode(";",$CFG->ldap_contexts);
if (!empty($CFG->ldap_create_context)){
array_push($contexts, $CFG->ldap_create_context);
}
foreach ($contexts as $context) { foreach ($contexts as $context) {
if ($CFG->ldap_search_sub) { if ($CFG->ldap_search_sub) {
//use ldap_search to find first user from subtree //use ldap_search to find first user from subtree
$ldap_result = ldap_search($ldap_connection, $context, $ldap_result = ldap_search($ldap_connection, $context,
"(".$CFG->ldap_objectclass.")", "(&(".$CFG->ldap_user_attribute."=".$filter.")(".$CFG->ldap_objectclass."))",
array($CFG->ldap_user_attribute)); array($CFG->ldap_user_attribute));
} else { } else {
//search only in this context //search only in this context
$ldap_result = ldap_list($ldap_connection, $context, $ldap_result = ldap_list($ldap_connection, $context,
"(".$CFG->ldap_objectclass.")", "(&(".$CFG->ldap_user_attribute."=".$filter.")(".$CFG->ldap_objectclass."))",
array($CFG->ldap_user_attribute)); array($CFG->ldap_user_attribute));
} }
@ -133,7 +129,77 @@ function auth_get_userlist() {
return $fresult; return $fresult;
} }
function auth_user_exists ($username) {
//returns true if given usernname exist on ldap
$users = auth_get_userlist($username);
return count($users);
}
function auth_user_create ($userobject,$plainpass) {
//create new user to ldap
//use auth_user_exists to prevent dublicate usernames
//return true if user is created, false on error
global $CFG;
$attrmap = auth_ldap_attributes();
$ldapconnect = auth_ldap_connect();
$ldapbind = auth_ldap_bind($ldapconnect);
$newuser = array();
foreach ($attrmap as $key=>$value){
if(isset($userobject->$key) ){
$newuser[$value]=utf8_encode($userobject->$key);
}
}
//Following sets all mandatory and other forced attribute values
//this should be moved to config inteface ASAP
$newuser['objectClass']= array("inetOrgPerson","organizationalPerson","person","top");
$newuser['uniqueId']= $userobject->username;
$newuser['logindisabled']="TRUE";
$newuser['userpassword']=$plainpass;
unset($newuser[country]);
$uadd = ldap_add($ldapconnect, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser);
ldap_close($ldapconnect);
return $uadd;
}
function auth_user_activate ($username) {
//activate new ldap-user after email-address is confirmed
global $CFG;
$ldapconnect = auth_ldap_connect();
$ldapbind = auth_ldap_bind($ldapconnect);
$userdn = auth_ldap_find_userdn($ldapconnect, $username);
$newinfo['loginDisabled']="FALSE";
$result = ldap_modify($ldapconnect, $userdn, $newinfo);
ldap_close($ldapconnect);
return $result;
}
function auth_user_disable ($username) {
//activate new ldap-user after email-address is confirmed
global $CFG;
$ldapconnect = auth_ldap_connect();
$ldapbind = auth_ldap_bind($ldapconnect);
$userdn = auth_ldap_find_userdn($ldapconnect, $username);
$newinfo['loginDisabled']="TRUE";
$result = ldap_modify($ldapconnect, $userdn, $newinfo);
ldap_close($ldapconnect);
return $result;
}
//PRIVATE FUNCTIONS starts
//private functions are named as auth_ldap*
function auth_ldap_connect(){ function auth_ldap_connect(){
/// connects to ldap-server /// connects to ldap-server
@ -192,6 +258,10 @@ function auth_ldap_find_userdn ($ldap_connection, $username){
//get all contexts and look for first matching user //get all contexts and look for first matching user
$ldap_contexts = explode(";",$CFG->ldap_contexts); $ldap_contexts = explode(";",$CFG->ldap_contexts);
if (!empty($CFG->ldap_create_context)){
array_push($ldap_contexts, $CFG->ldap_create_context);
}
foreach ($ldap_contexts as $context) { foreach ($ldap_contexts as $context) {
@ -217,4 +287,21 @@ function auth_ldap_find_userdn ($ldap_connection, $username){
return $ldap_user_dn; return $ldap_user_dn;
} }
function auth_ldap_attributes (){
//returns array containg attribute mappings between Moodle and ldap
global $CFG;
$config = (array)$CFG;
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
"idnumber", "lang");
$moodleattributes = array();
foreach ($fields as $field) {
if ($config["auth_user_$field"]) {
$moodleattributes[$field] = $config["auth_user_$field"];
}
}
return $moodleattributes;
}
?> ?>

4
lang/en/auth.php
View file

@ -23,6 +23,7 @@ $string['auth_imaptitle'] = "Use an IMAP server";
$string['auth_imaptype'] = "The IMAP server type. IMAP servers can have different types of authentication and negotiation."; $string['auth_imaptype'] = "The IMAP server type. IMAP servers can have different types of authentication and negotiation.";
$string['instructions'] = "Instructions"; $string['instructions'] = "Instructions";
$string['auth_ldap_bind_dn'] = "If you want to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'"; $string['auth_ldap_bind_dn'] = "If you want to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'";
$string['auth_ldap_create_context'] = "If you enable user creation with email confirmation, specify context where users are created. This context should be different from other users to prevent security issues. You don't need to add this context to ldap_context-variable, Moodle will search for users from this context automaticly.";
$string['auth_ldap_bind_pw'] = "Password for bind-user."; $string['auth_ldap_bind_pw'] = "Password for bind-user.";
$string['auth_ldap_contexts'] = "List of contexts where users are located. Separate different contexts with ';'. For example: 'ou=users,o=org; ou=others,o=org'"; $string['auth_ldap_contexts'] = "List of contexts where users are located. Separate different contexts with ';'. For example: 'ou=users,o=org; ou=others,o=org'";
$string['auth_ldap_host_url'] = "Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps://ldap.myorg.com/' "; $string['auth_ldap_host_url'] = "Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps://ldap.myorg.com/' ";
@ -47,6 +48,9 @@ $string['auth_pop3host'] = "The POP3 server address. Use the IP number, not DNS
$string['auth_pop3port'] = "Server port (110 is the most common)"; $string['auth_pop3port'] = "Server port (110 is the most common)";
$string['auth_pop3title'] = "Use a POP3 server"; $string['auth_pop3title'] = "Use a POP3 server";
$string['auth_pop3type'] = "Server type. If your server uses certificate security, choose pop3cert."; $string['auth_pop3type'] = "Server type. If your server uses certificate security, choose pop3cert.";
$string['auth_user_create'] = "Enable user creation";
$string['auth_user_creation'] = "New (anonymous) users create user account for her/hiself. Account will be created to selected authentication module and confirmed via email. If you enable this , remember to configure also module specific options for user creation.";
$string['auth_usernameexists'] = "Selected username already exists. Please choose new one.";
$string['authenticationoptions'] = "Authentication options"; $string['authenticationoptions'] = "Authentication options";
$string['authinstructions'] = "Here you can provide instructions for your users, so they know which username and password they should be using. The text you enter here will appear on the login page. If you leave this blank then no instructions will be printed."; $string['authinstructions'] = "Here you can provide instructions for your users, so they know which username and password they should be using. The text you enter here will appear on the login page. If you leave this blank then no instructions will be printed.";
$string['changepassword'] = "Change password URL"; $string['changepassword'] = "Change password URL";

2
lang/fi/moodle.php
View file

@ -53,7 +53,7 @@ $string['chooseuser'] = "Valitse k
$string['city'] = "Kaupunki/Paikkakunta"; $string['city'] = "Kaupunki/Paikkakunta";
$string['closewindow'] = "Sulje tämä ikkuna"; $string['closewindow'] = "Sulje tämä ikkuna";
$string['comparelanguage'] = "Vertaa ja muokkaa käännöstä"; $string['comparelanguage'] = "Vertaa ja muokkaa käännöstä";
$string['complete'] = "Suorita loppuun"; $string['complete'] = "Täysi";
$string['configcountry'] = "Jos asetat maan tässä niin valinnasta tulee oletus kaikille käyttäjille. Pakottaaksesi käyttäjät valitsemaan maansa itse , jätä tämä kohta tyhjäksi."; $string['configcountry'] = "Jos asetat maan tässä niin valinnasta tulee oletus kaikille käyttäjille. Pakottaaksesi käyttäjät valitsemaan maansa itse , jätä tämä kohta tyhjäksi.";
$string['configdebug'] = "Jos valitset virheenkorjaus tilan päälle PHP:n error_reporting arvo nousee ja enemmän virheilmoituksia tulostuu näytölle. Tästä asetuksesta on hyötyä vain Moodlen kehittäjille."; $string['configdebug'] = "Jos valitset virheenkorjaus tilan päälle PHP:n error_reporting arvo nousee ja enemmän virheilmoituksia tulostuu näytölle. Tästä asetuksesta on hyötyä vain Moodlen kehittäjille.";
$string['configerrorlevel'] = "PHP virheilmoitusten määrä. Normal on yleensä hyvä valinta."; $string['configerrorlevel'] = "PHP virheilmoitusten määrä. Normal on yleensä hyvä valinta.";

8
login/confirm.php
View file

@ -1,6 +1,7 @@
<?PHP // $Id$ <?PHP // $Id$
require_once("../config.php"); require_once("../config.php");
require_once("../auth/$CFG->auth/lib.php");
if ( isset($p) and isset($s) ) { # p = user.secret s = user.username if ( isset($p) and isset($s) ) { # p = user.secret s = user.username
@ -25,9 +26,14 @@
if (!set_field("user", "firstaccess", time(), "id", $user->id)) { if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
error("Could not set this user's first access date!"); error("Could not set this user's first access date!");
} }
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_activate') ) {
if (!auth_user_activate($user->username)) {
error("Could not activate this user!");
}
}
// The user has confirmed successfully, let's log them in // The user has confirmed successfully, let's log them in
if (!$USER = get_user_info_from_db("username", $user->username)) { if (!$USER = get_user_info_from_db("username", $user->username)) {
error("Something serious is wrong with the database"); error("Something serious is wrong with the database");
} }

2
login/index.php
View file

@ -99,7 +99,7 @@
$focus = "form.username"; $focus = "form.username";
} }
if ($CFG->auth == "email" or $CFG->auth == "none" or $CFG->auth_instructions) { if ($CFG->auth == "email" or $CFG->auth == "none" or chop($CFG->auth_instructions) <> "" ) {
$show_instructions = true; $show_instructions = true;
} else { } else {
$show_instructions = false; $show_instructions = false;

8
login/index_form.html
View file

@ -93,6 +93,14 @@
echo "<BLOCKQUOTE>"; echo "<BLOCKQUOTE>";
echo format_text($CFG->auth_instructions); echo format_text($CFG->auth_instructions);
echo "</BLOCKQUOTE>"; echo "</BLOCKQUOTE>";
require_once("../auth/$CFG->auth/lib.php");
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_create') ){?>
<FORM NAME="form4" ACTION="signup.php" METHOD=get>
<INPUT type="submit" VALUE="<? print_string("startsignup") ?>">
</FORM>
</CENTER>
<?
}
} }
?> ?>

24
login/signup.php
View file

@ -1,24 +1,36 @@
<?PHP // $Id$ <?PHP // $Id$
require_once("../config.php"); require_once("../config.php");
require_once("../lib/countries.php"); require_once("../lib/countries.php");
require_once("../auth/$CFG->auth/lib.php");
if ($user = data_submitted()) { if ($user = data_submitted()) {
validate_form($user, $err); validate_form($user, $err);
if (count((array)$err) == 0) { if (count((array)$err) == 0) {
$plainpass = $user->password;
$user->password = md5($user->password); $user->password = md5($user->password);
$user->confirmed = 0; $user->confirmed = 0;
$user->lang = current_language(); $user->lang = current_language();
$user->firstaccess = time(); $user->firstaccess = time();
$user->secret = random_string(15); $user->secret = random_string(15);
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_create') ){
if (! auth_user_exists($user->username)) {
if (! auth_user_create($user,$plainpass)) {
error("Could not add user to authentication module!");
}
} else {
error("User already exists on authentication database.");
}
}
if (! ($user->id = insert_record("user", $user)) ) { if (! ($user->id = insert_record("user", $user)) ) {
error("Could not add your record to the database!"); error("Could not add your record to the database!");
} }
if (! send_confirmation_email($user)) { if (! send_confirmation_email($user)) {
error("Tried to send you an email but failed!"); error("Tried to send you an email but failed!");
} }
@ -62,7 +74,7 @@
*****************************************************************************/ *****************************************************************************/
function validate_form($user, &$err) { function validate_form($user, &$err) {
global $CFG;
if (empty($user->username)) if (empty($user->username))
$err->username = get_string("missingusername"); $err->username = get_string("missingusername");
@ -75,6 +87,12 @@ function validate_form($user, &$err) {
$err->username = get_string("alphanumerical"); $err->username = get_string("alphanumerical");
} }
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_exists') ){
if (auth_user_exists($user->username)) {
$err->username = get_string("usernameexists");
}
}
if (empty($user->password)) if (empty($user->password))
$err->password = get_string("missingpassword"); $err->password = get_string("missingpassword");