moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 08:56:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

login MDL-19800 Upgrade deprecated calls and added set_url calls

Browse source
This commit is contained in:
samhemelryk 2009-09-29 03:55:09 +00:00
parent eb5334ff48
commit 8570cff01f
7 changed files with 592 additions and 497 deletions
Download patch file Download diff file Expand all files Collapse all files

225
login/change_password.php
View file

@ -1,116 +1,145 @@
<?PHP // $Id$ <?php
require_once('../config.php'); // This file is part of Moodle - http://moodle.org/
require_once('change_password_form.php'); //
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
$id = optional_param('id', SITEID, PARAM_INT); // current course /**
* This file is part of the login section Moodle
*
* @copyright 1999 Martin Dougiamas http://dougiamas.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package login
*/
$strparticipants = get_string('participants'); require_once('../config.php');
require_once('change_password_form.php');
//HTTPS is potentially required in this page $id = optional_param('id', SITEID, PARAM_INT); // current course
httpsrequired();
$systemcontext = get_context_instance(CONTEXT_SYSTEM); $url = new moodle_url($CFG->wwwroot.'/login/change_password.php');
if ($id !== SITEID) {
$url->param('id', $id);
}
$PAGE->set_url($url);
if (!$course = $DB->get_record('course', array('id'=>$id))) { $strparticipants = get_string('participants');
print_error('invalidcourseid');
//HTTPS is potentially required in this page
httpsrequired();
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
if (!$course = $DB->get_record('course', array('id'=>$id))) {
print_error('invalidcourseid');
}
// require proper login; guest user can not change password
if (empty($USER->id) or isguestuser()) {
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
}
redirect(get_login_url());
}
// do not require change own password cap if change forced
if (!get_user_preferences('auth_forcepasswordchange', false)) {
require_login();
require_capability('moodle/user:changeownpassword', $systemcontext);
}
// do not allow "Logged in as" users to change any passwords
if (session_is_loggedinas()) {
print_error('cannotcallscript');
}
if (is_mnet_remote_user($USER)) {
$message = get_string('usercannotchangepassword', 'mnet');
if ($idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
$message .= get_string('userchangepasswordlink', 'mnet', $idprovider);
}
print_error('userchangepasswordlink', 'mnet', '', $message);
}
// load the appropriate auth plugin
$userauth = get_auth_plugin($USER->auth);
if (!$userauth->can_change_password()) {
print_error('nopasswordchange', 'auth');
}
if ($changeurl = $userauth->change_password_url()) {
// this internal scrip not used
redirect($changeurl);
}
$mform = new login_change_password_form();
$mform->set_data(array('id'=>$course->id));
$navlinks = array();
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
if ($mform->is_cancelled()) {
redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&amp;course='.$course->id);
} else if ($data = $mform->get_data()) {
if (!$userauth->user_update_password($USER, $data->newpassword1)) {
print_error('errorpasswordupdate', 'auth');
} }
// require proper login; guest user can not change password // register success changing password
if (empty($USER->id) or isguestuser()) { unset_user_preference('auth_forcepasswordchange', $USER->id);
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php';
}
redirect(get_login_url());
}
// do not require change own password cap if change forced $strpasswordchanged = get_string('passwordchanged');
if (!get_user_preferences('auth_forcepasswordchange', false)) {
require_login();
require_capability('moodle/user:changeownpassword', $systemcontext);
}
// do not allow "Logged in as" users to change any passwords add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&amp;course=$course->id", "$USER->id");
if (session_is_loggedinas()) {
print_error('cannotcallscript');
}
if (is_mnet_remote_user($USER)) {
$message = get_string('usercannotchangepassword', 'mnet');
if ($idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) {
$message .= get_string('userchangepasswordlink', 'mnet', $idprovider);
}
print_error('userchangepasswordlink', 'mnet', '', $message);
}
// load the appropriate auth plugin
$userauth = get_auth_plugin($USER->auth);
if (!$userauth->can_change_password()) {
print_error('nopasswordchange', 'auth');
}
if ($changeurl = $userauth->change_password_url()) {
// this internal scrip not used
redirect($changeurl);
}
$mform = new login_change_password_form();
$mform->set_data(array('id'=>$course->id));
$navlinks = array();
$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc');
if ($mform->is_cancelled()) {
redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&amp;course='.$course->id);
} else if ($data = $mform->get_data()) {
if (!$userauth->user_update_password($USER, $data->newpassword1)) {
print_error('errorpasswordupdate', 'auth');
}
// register success changing password
unset_user_preference('auth_forcepasswordchange', $USER->id);
$strpasswordchanged = get_string('passwordchanged');
add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&amp;course=$course->id", "$USER->id");
$fullname = fullname($USER, true);
$PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));
$PAGE->navbar->add($strpasswordchanged);
$PAGE->set_title($strpasswordchanged);
$PAGE->set_heading($strpasswordchanged);
echo $OUTPUT->header();
if (empty($SESSION->wantsurl) or $SESSION->wantsurl == $CFG->httpswwwroot.'/login/change_password.php') {
$returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id";
} else {
$returnto = $SESSION->wantsurl;
}
notice($strpasswordchanged, $returnto);
echo $OUTPUT->footer();
exit;
}
$strchangepassword = get_string('changepassword');
$fullname = fullname($USER, true); $fullname = fullname($USER, true);
$PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id))); $PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));
$PAGE->navbar->add($strchangepassword); $PAGE->navbar->add($strpasswordchanged);
$PAGE->set_title($strchangepassword); $PAGE->set_title($strpasswordchanged);
$PAGE->set_heading($strchangepassword); $PAGE->set_heading($strpasswordchanged);
echo $OUTPUT->header(); echo $OUTPUT->header();
if (get_user_preferences('auth_forcepasswordchange')) { if (empty($SESSION->wantsurl) or $SESSION->wantsurl == $CFG->httpswwwroot.'/login/change_password.php') {
echo $OUTPUT->notification(get_string('forcepasswordchangenotice')); $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&amp;course=$id";
} else {
$returnto = $SESSION->wantsurl;
} }
$mform->display();
echo $OUTPUT->footer();
?> notice($strpasswordchanged, $returnto);
echo $OUTPUT->footer();
exit;
}
$strchangepassword = get_string('changepassword');
$fullname = fullname($USER, true);
$PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id)));
$PAGE->navbar->add($strchangepassword);
$PAGE->set_title($strchangepassword);
$PAGE->set_heading($strchangepassword);
echo $OUTPUT->header();
if (get_user_preferences('auth_forcepasswordchange')) {
echo $OUTPUT->notification(get_string('forcepasswordchangenotice'));
}
$mform->display();
echo $OUTPUT->footer();
?>

138
login/confirm.php
View file

@ -1,80 +1,82 @@
<?php // $Id$ <?php
require_once("../config.php"); require_once("../config.php");
$data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username $data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username
$p = optional_param('p', '', PARAM_ALPHANUM); // Old parameter: secret $p = optional_param('p', '', PARAM_ALPHANUM); // Old parameter: secret
$s = optional_param('s', '', PARAM_CLEAN); // Old parameter: username $s = optional_param('s', '', PARAM_CLEAN); // Old parameter: username
if (empty($CFG->registerauth)) { $PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/confirm.php'));
print_error('cannotusepage2');
}
$authplugin = get_auth_plugin($CFG->registerauth);
if (!$authplugin->can_confirm()) { if (empty($CFG->registerauth)) {
print_error('cannotusepage2'); print_error('cannotusepage2');
} }
$authplugin = get_auth_plugin($CFG->registerauth);
if (!empty($data) || (!empty($p) && !empty($s))) { if (!$authplugin->can_confirm()) {
print_error('cannotusepage2');
}
if (!empty($data)) { if (!empty($data) || (!empty($p) && !empty($s))) {
$dataelements = explode('/',$data);
$usersecret = $dataelements[0];
$username = $dataelements[1];
} else {
$usersecret = $p;
$username = $s;
}
$confirmed = $authplugin->user_confirm($username, $usersecret); if (!empty($data)) {
$dataelements = explode('/',$data);
if ($confirmed == AUTH_CONFIRM_ALREADY) { $usersecret = $dataelements[0];
$user = get_complete_user_data('username', $username); $username = $dataelements[1];
$PAGE->set_title(get_string("alreadyconfirmed"));
$PAGE->set_heading(get_string("alreadyconfirmed"));
echo $OUTPUT->header();
echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter');
echo "<h3>".get_string("thanks").", ". fullname($user) . "</h3>\n";
echo "<p>".get_string("alreadyconfirmed")."</p>\n";
echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses')));
echo $OUTPUT->box_end();
echo $OUTPUT->footer();
exit;
} else if ($confirmed == AUTH_CONFIRM_OK) {
// The user has confirmed successfully, let's log them in
if (!$user = get_complete_user_data('username', $username)) {
print_error('cannotfinduser', '', '', $username);
}
complete_user_login($user);
if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going
$goto = $SESSION->wantsurl;
unset($SESSION->wantsurl);
redirect($goto);
}
$PAGE->set_title(get_string("confirmed"));
$PAGE->set_heading(get_string("confirmed"));
echo $OUTPUT->header();
echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter');
echo "<h3>".get_string("thanks").", ". fullname($USER) . "</h3>\n";
echo "<p>".get_string("confirmed")."</p>\n";
echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses')));
echo $OUTPUT->box_end();
echo $OUTPUT->footer();
exit;
} else {
print_error('invalidconfirmdata');
}
} else { } else {
print_error("errorwhenconfirming"); $usersecret = $p;
$username = $s;
} }
redirect("$CFG->wwwroot/"); $confirmed = $authplugin->user_confirm($username, $usersecret);
?> if ($confirmed == AUTH_CONFIRM_ALREADY) {
$user = get_complete_user_data('username', $username);
$PAGE->set_title(get_string("alreadyconfirmed"));
$PAGE->set_heading(get_string("alreadyconfirmed"));
echo $OUTPUT->header();
echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter');
echo "<h3>".get_string("thanks").", ". fullname($user) . "</h3>\n";
echo "<p>".get_string("alreadyconfirmed")."</p>\n";
echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses')));
echo $OUTPUT->box_end();
echo $OUTPUT->footer();
exit;
} else if ($confirmed == AUTH_CONFIRM_OK) {
// The user has confirmed successfully, let's log them in
if (!$user = get_complete_user_data('username', $username)) {
print_error('cannotfinduser', '', '', $username);
}
complete_user_login($user);
if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going
$goto = $SESSION->wantsurl;
unset($SESSION->wantsurl);
redirect($goto);
}
$PAGE->set_title(get_string("confirmed"));
$PAGE->set_heading(get_string("confirmed"));
echo $OUTPUT->header();
echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter');
echo "<h3>".get_string("thanks").", ". fullname($USER) . "</h3>\n";
echo "<p>".get_string("confirmed")."</p>\n";
echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses')));
echo $OUTPUT->box_end();
echo $OUTPUT->footer();
exit;
} else {
print_error('invalidconfirmdata');
}
} else {
print_error("errorwhenconfirming");
}
redirect("$CFG->wwwroot/");
?>

3
login/forgot_password.php
View file

@ -1,5 +1,5 @@
<?php <?php
// $Id$
// forgot password routine. // forgot password routine.
// find the user and call the appropriate routine for their authentication // find the user and call the appropriate routine for their authentication
// type. // type.
@ -18,6 +18,7 @@ $systemcontext = get_context_instance(CONTEXT_SYSTEM);
$strforgotten = get_string('passwordforgotten'); $strforgotten = get_string('passwordforgotten');
$strlogin = get_string('login'); $strlogin = get_string('login');
$PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/forgot_password.php'));
$PAGE->navbar->add($strlogin, get_login_url()); $PAGE->navbar->add($strlogin, get_login_url());
$PAGE->navbar->add($strforgotten); $PAGE->navbar->add($strforgotten);

493
login/index.php
View file

@ -1,300 +1,319 @@
<?php // $Id$ <?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
require_once("../config.php"); /**
* This file is part of the login section Moodle
*
* @copyright 1999 Martin Dougiamas http://dougiamas.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package login
*/
redirect_if_major_upgrade_required(); require_once("../config.php");
$loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically redirect_if_major_upgrade_required();
$testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
$context = get_context_instance(CONTEXT_SYSTEM); $loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
$PAGE->set_course($SITE); $testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
$context = get_context_instance(CONTEXT_SYSTEM);
$PAGE->set_course($SITE);
/// Initialize variables /// Initialize variables
$errormsg = ''; $errormsg = '';
$errorcode = 0; $errorcode = 0;
/// Check for timed out sessions /// Check for timed out sessions
if (!empty($SESSION->has_timed_out)) { if (!empty($SESSION->has_timed_out)) {
$session_has_timed_out = true; $session_has_timed_out = true;
unset($SESSION->has_timed_out); unset($SESSION->has_timed_out);
} else { } else {
$session_has_timed_out = false; $session_has_timed_out = false;
} }
/// auth plugins may override these - SSO anyone? /// auth plugins may override these - SSO anyone?
$frm = false; $frm = false;
$user = false; $user = false;
$authsequence = get_enabled_auth_plugins(true); // auths, in sequence $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
foreach($authsequence as $authname) { foreach($authsequence as $authname) {
$authplugin = get_auth_plugin($authname); $authplugin = get_auth_plugin($authname);
$authplugin->loginpage_hook(); $authplugin->loginpage_hook();
} }
//HTTPS is potentially required in this page //HTTPS is potentially required in this page
httpsrequired(); httpsrequired();
$PAGE->set_url("$CFG->httpswwwroot/login/index.php"); $PAGE->set_url("$CFG->httpswwwroot/login/index.php");
/// Define variables used in page /// Define variables used in page
if (!$site = get_site()) { if (!$site = get_site()) {
print_error('siteisnotdefined', 'debug'); print_error('siteisnotdefined', 'debug');
}
if (empty($CFG->langmenu)) {
$langmenu = "";
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$select = html_select::make_popup_form("$CFG->httpswwwroot/login/index.php", 'lang', $langs, 'chooselang', $currlang);
$select->nothinglabel = false;
$select->set_label(get_accesshide(get_string('language')));
$langmenu = $OUTPUT->select($select);
}
$loginsite = get_string("loginsite");
$PAGE->navbar->add($loginsite);
if ($user !== false or $frm !== false) {
// some auth plugin already supplied these
} else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
/// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
$frm->username = 'guest';
$frm->password = 'guest';
} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
// Handles the case of another Moodle site linking into a page on this site
//TODO: move weblink into own auth plugin
include($CFG->dirroot.'/login/weblinkauth.php');
if (function_exists('weblink_auth')) {
$user = weblink_auth($SESSION->wantsurl);
} }
if ($user) {
if (empty($CFG->langmenu)) { $frm->username = $user->username;
$langmenu = "";
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$select = html_select::make_popup_form("$CFG->httpswwwroot/login/index.php", 'lang', $langs, 'chooselang', $currlang);
$select->nothinglabel = false;
$select->set_label(get_accesshide(get_string('language')));
$langmenu = $OUTPUT->select($select);
}
$loginsite = get_string("loginsite");
$PAGE->navbar->add($loginsite);
if ($user !== false or $frm !== false) {
// some auth plugin already supplied these
} else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
/// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
$frm->username = 'guest';
$frm->password = 'guest';
} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
// Handles the case of another Moodle site linking into a page on this site
//TODO: move weblink into own auth plugin
include($CFG->dirroot.'/login/weblinkauth.php');
if (function_exists('weblink_auth')) {
$user = weblink_auth($SESSION->wantsurl);
}
if ($user) {
$frm->username = $user->username;
} else {
$frm = data_submitted();
}
} else { } else {
$frm = data_submitted(); $frm = data_submitted();
} }
} else {
$frm = data_submitted();
}
/// Check if the user has actually submitted login data to us /// Check if the user has actually submitted login data to us
if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested
$errormsg = get_string("cookiesnotenabled"); $errormsg = get_string("cookiesnotenabled");
$errorcode = 1; $errorcode = 1;
} else if ($frm) { // Login WITH cookies } else if ($frm) { // Login WITH cookies
$frm->username = trim(moodle_strtolower($frm->username)); $frm->username = trim(moodle_strtolower($frm->username));
if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) { if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) {
$string = preg_replace("~[^(-\.[:alnum:])]~i", "", $frm->username); $string = preg_replace("~[^(-\.[:alnum:])]~i", "", $frm->username);
if (strcmp($frm->username, $string)) { if (strcmp($frm->username, $string)) {
$errormsg = get_string('username').': '.get_string("alphanumerical"); $errormsg = get_string('username').': '.get_string("alphanumerical");
$errorcode = 2; $errorcode = 2;
$user = null; $user = null;
} }
}
if ($user) {
//user already supplied by aut plugin prelogin hook
} else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
$user = false; /// Can't log in as guest if guest button is disabled
$frm = false;
} else {
if (empty($errormsg)) {
$user = authenticate_user_login($frm->username, $frm->password);
}
}
update_login_count();
if ($user) {
// language setup
if ($user->username == 'guest') {
// no predefined language for guests - use existing session or default site lang
unset($user->lang);
} else if (!empty($user->lang)) {
// unset previous session language - use user preference instead
unset($SESSION->lang);
} }
if ($user) { if (empty($user->confirmed)) { // This account was never confirmed
//user already supplied by aut plugin prelogin hook $PAGE->set_title(get_string("mustconfirm"));
} else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) { $PAGE->set_heading(get_string("mustconfirm"));
$user = false; /// Can't log in as guest if guest button is disabled echo $OUTPUT->header();
$frm = false; echo $OUTPUT->heading(get_string("mustconfirm"));
echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter");
echo $OUTPUT->footer();
die;
}
if ($frm->password == 'changeme') {
//force the change
set_user_preference('auth_forcepasswordchange', true, $user->id);
}
/// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot.'/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
unset($SESSION->wantsurl);
} else { } else {
if (empty($errormsg)) { // no wantsurl stored or external - go to homepage
$user = authenticate_user_login($frm->username, $frm->password); $urltogo = $CFG->wwwroot.'/';
unset($SESSION->wantsurl);
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!has_capability('moodle/site:config', $context) and !empty($CFG->mymoodleredirect) and !has_capability('moodle/legacy:guest',$context, 0, false)) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
$urltogo = $CFG->wwwroot.'/my/';
} }
} }
update_login_count();
if ($user) {
// language setup
if ($user->username == 'guest') {
// no predefined language for guests - use existing session or default site lang
unset($user->lang);
} else if (!empty($user->lang)) {
// unset previous session language - use user preference instead
unset($SESSION->lang);
}
if (empty($user->confirmed)) { // This account was never confirmed
$PAGE->set_title(get_string("mustconfirm"));
$PAGE->set_heading(get_string("mustconfirm"));
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string("mustconfirm"));
echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter");
echo $OUTPUT->footer();
die;
}
if ($frm->password == 'changeme') {
//force the change
set_user_preference('auth_forcepasswordchange', true, $user->id);
}
/// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot.'/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// no wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot.'/';
unset($SESSION->wantsurl);
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!has_capability('moodle/site:config', $context) and !empty($CFG->mymoodleredirect) and !isguest()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
$urltogo = $CFG->wwwroot.'/my/';
}
}
/// check if user password has expired /// check if user password has expired
/// Currently supported only for ldap-authentication module /// Currently supported only for ldap-authentication module
$userauth = get_auth_plugin($USER->auth); $userauth = get_auth_plugin($USER->auth);
if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) { if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
if ($userauth->can_change_password()) { if ($userauth->can_change_password()) {
$passwordchangeurl = $userauth->change_password_url(); $passwordchangeurl = $userauth->change_password_url();
if(!$passwordchangeurl) { if(!$passwordchangeurl) {
$passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
}
} else {
$passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
} }
$days2expire = $userauth->password_expire($USER->username); } else {
$PAGE->set_title("$site->fullname: $loginsite"); $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
$PAGE->set_heading("$site->fullname");
$PAGE->set_headingmenu("<div class=\"langmenu\">$langmenu</div>");
if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
exit;
} elseif (intval($days2expire) < 0 ) {
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
exit;
}
} }
$days2expire = $userauth->password_expire($USER->username);
reset_login_count(); $PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading("$site->fullname");
redirect($urltogo); $PAGE->set_headingmenu("<div class=\"langmenu\">$langmenu</div>");
if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
exit; echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
} else { echo $OUTPUT->footer();
if (empty($errormsg)) { exit;
$errormsg = get_string("invalidlogin"); } elseif (intval($days2expire) < 0 ) {
$errorcode = 3; echo $OUTPUT->header();
} echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
// TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user exit;
if ( !empty($CFG->mnet_dispatcher_mode)
&& $CFG->mnet_dispatcher_mode === 'strict'
&& is_enabled_auth('mnet')) {
$errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
} }
} }
reset_login_count();
redirect($urltogo);
exit;
} else {
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}
// TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
if ( !empty($CFG->mnet_dispatcher_mode)
&& $CFG->mnet_dispatcher_mode === 'strict'
&& is_enabled_auth('mnet')) {
$errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
}
} }
}
/// Detect problems with timedout sessions /// Detect problems with timedout sessions
if ($session_has_timed_out and !data_submitted()) { if ($session_has_timed_out and !data_submitted()) {
$errormsg = get_string('sessionerroruser', 'error'); $errormsg = get_string('sessionerroruser', 'error');
$errorcode = 4; $errorcode = 4;
} }
/// First, let's remember where the user was trying to get to before they got here /// First, let's remember where the user was trying to get to before they got here
if (empty($SESSION->wantsurl)) { if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) && $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot && $_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' && $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' && $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php') $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
? $_SERVER["HTTP_REFERER"] : NULL; ? $_SERVER["HTTP_REFERER"] : NULL;
} }
/// Redirect to alternative login URL if needed /// Redirect to alternative login URL if needed
if (!empty($CFG->alternateloginurl)) { if (!empty($CFG->alternateloginurl)) {
$loginurl = $CFG->alternateloginurl; $loginurl = $CFG->alternateloginurl;
if (strpos($SESSION->wantsurl, $loginurl) === 0) { if (strpos($SESSION->wantsurl, $loginurl) === 0) {
//we do not want to return to alternate url //we do not want to return to alternate url
$SESSION->wantsurl = NULL; $SESSION->wantsurl = NULL;
}
if ($errorcode) {
if (strpos($loginurl, '?') === false) {
$loginurl .= '?';
} else {
$loginurl .= '&';
}
$loginurl .= 'errorcode='.$errorcode;
}
redirect($loginurl);
} }
if ($errorcode) {
if (strpos($loginurl, '?') === false) {
$loginurl .= '?';
} else {
$loginurl .= '&';
}
$loginurl .= 'errorcode='.$errorcode;
}
redirect($loginurl);
}
/// Generate the login page with forms /// Generate the login page with forms
if (get_moodle_cookie() == '') { if (get_moodle_cookie() == '') {
set_moodle_cookie('nobody'); // To help search for cookies set_moodle_cookie('nobody'); // To help search for cookies
} }
if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184 if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184
if (!empty($_GET["username"])) { if (!empty($_GET["username"])) {
$frm->username = $_GET["username"]; $frm->username = $_GET["username"];
} else {
$frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
}
$frm->password = "";
}
if (!empty($frm->username)) {
$focus = "password";
} else { } else {
$focus = "username"; $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
} }
if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) { $frm->password = "";
$show_instructions = true; }
} else {
$show_instructions = false;
}
$PAGE->set_title("$site->fullname: $loginsite"); if (!empty($frm->username)) {
$PAGE->set_heading("$site->fullname"); $focus = "password";
$PAGE->set_headingmenu("<div class=\"langmenu\">$langmenu</div>"); } else {
$PAGE->set_focuscontrol($focus); $focus = "username";
}
echo $OUTPUT->header(); if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) {
include("index_form.html"); $show_instructions = true;
echo $OUTPUT->footer(); } else {
$show_instructions = false;
}
$PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading("$site->fullname");
$PAGE->set_headingmenu("<div class=\"langmenu\">$langmenu</div>");
$PAGE->set_focuscontrol($focus);
?> echo $OUTPUT->header();
include("index_form.html");
echo $OUTPUT->footer();

75
login/logout.php
View file

@ -1,35 +1,58 @@
<?php // $Id$ <?php
// Logs the user out and sends them to the home page
require_once("../config.php"); // This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
// can be overriden by auth plugins /**
$redirect = $CFG->wwwroot.'/'; * Logs the user out and sends them to the home page
*
* @copyright 1999 Martin Dougiamas http://dougiamas.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package login
*/
$sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning require_once("../config.php");
if (!isloggedin()) { // can be overriden by auth plugins
// no confirmation, user has already logged out $redirect = $CFG->wwwroot.'/';
require_logout();
redirect($redirect);
} else if (!confirm_sesskey($sesskey)) { $sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning
$PAGE->set_title($SITE->fullname);
$PAGE->set_heading($SITE->fullname);
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('logoutconfirm'), 'logout.php', $CFG->wwwroot.'/');
echo $OUTPUT->footer();
die;
}
$authsequence = get_enabled_auth_plugins(); // auths, in sequence
foreach($authsequence as $authname) {
$authplugin = get_auth_plugin($authname);
$authplugin->logoutpage_hook();
}
if (!isloggedin()) {
// no confirmation, user has already logged out
require_logout(); require_logout();
redirect($redirect); redirect($redirect);
?> } else if (!confirm_sesskey($sesskey)) {
$url = new moodle_url($CFG->wwwroot.'/login/logout.php');
if ($sesskey !== '__notpresent__') $url->param('sesskey', $sesskey);
$PAGE->set_url($url);
$PAGE->set_title($SITE->fullname);
$PAGE->set_heading($SITE->fullname);
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('logoutconfirm'), 'logout.php', $CFG->wwwroot.'/');
echo $OUTPUT->footer();
die;
}
$authsequence = get_enabled_auth_plugins(); // auths, in sequence
foreach($authsequence as $authname) {
$authplugin = get_auth_plugin($authname);
$authplugin->logoutpage_hook();
}
require_logout();
redirect($redirect);

6
login/mnet_email.php
View file

@ -11,6 +11,8 @@ if (isloggedin() and !isguestuser()) {
redirect( $CFG->wwwroot.'/', get_string('loginalready'), 5); redirect( $CFG->wwwroot.'/', get_string('loginalready'), 5);
} }
$PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/mnet_email.php', array('u'=>$username)));
$PAGE->navbar->add('MNET ID Provider'); $PAGE->navbar->add('MNET ID Provider');
$PAGE->set_title('MNET ID Provider'); $PAGE->set_title('MNET ID Provider');
$PAGE->set_heading('MNET ID Provider'); $PAGE->set_heading('MNET ID Provider');
@ -39,6 +41,4 @@ echo $OUTPUT->box_start('generalbox boxaligncenter boxwidthnormal');
<?php <?php
echo $OUTPUT->box_end(); echo $OUTPUT->box_end();
echo $OUTPUT->footer(); echo $OUTPUT->footer();
?>

149
login/signup.php
View file

@ -1,71 +1,92 @@
<?php // $Id$ <?php
require_once('../config.php'); // This file is part of Moodle - http://moodle.org/
//
/** // Moodle is free software: you can redistribute it and/or modify
* Returns whether or not the captcha element is enabled, and the admin settings fulfil its requirements. // it under the terms of the GNU General Public License as published by
* @return bool // the Free Software Foundation, either version 3 of the License, or
*/ // (at your option) any later version.
function signup_captcha_enabled() { //
global $CFG; // Moodle is distributed in the hope that it will be useful,
return !empty($CFG->recaptchapublickey) && !empty($CFG->recaptchaprivatekey) && get_config('auth/email', 'recaptcha'); // but WITHOUT ANY WARRANTY; without even the implied warranty of
} // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
require_once('signup_form.php'); //
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
if (empty($CFG->registerauth)) { /**
print_error("Sorry, you may not use this page."); * This file is part of the login section Moodle
} *
$authplugin = get_auth_plugin($CFG->registerauth); * @copyright 1999 Martin Dougiamas http://dougiamas.com
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
* @package login
*/
if (!$authplugin->can_signup()) { require_once('../config.php');
print_error("Sorry, you may not use this page.");
}
//HTTPS is potentially required in this page /**
httpsrequired(); * Returns whether or not the captcha element is enabled, and the admin settings fulfil its requirements.
* @return bool
*/
function signup_captcha_enabled() {
global $CFG;
return !empty($CFG->recaptchapublickey) && !empty($CFG->recaptchaprivatekey) && get_config('auth/email', 'recaptcha');
}
$mform_signup = new login_signup_form(); require_once('signup_form.php');
if ($mform_signup->is_cancelled()) {
redirect(get_login_url());
} else if ($user = $mform_signup->get_data()) {
$user->confirmed = 0;
$user->lang = current_language();
$user->firstaccess = time();
$user->mnethostid = $CFG->mnet_localhost_id;
$user->secret = random_string(15);
$user->auth = $CFG->registerauth;
$authplugin->user_signup($user, true); // prints notice and link to login/index.php
exit; //never reached
}
$newaccount = get_string('newaccount');
$login = get_string('login');
if (empty($CFG->langmenu)) {
$langmenu = '';
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$select = html_select::make_popup_form("$CFG->wwwroot/login/signup.php", 'lang', $langs, 'chooselang', $currlang);
$select->nothinglabel = false;
$langmenu = $OUTPUT->select($select);
}
$PAGE->navbar->add($login);
$PAGE->navbar->add($newaccount);
$PAGE->set_title($newaccount);
$PAGE->set_heading($newaccount);
$PAGE->set_focuscontrol($mform_signup->focus());
$PAGE->set_headingmenu("<div class=\"langmenu\">$langmenu</div>");
echo $OUTPUT->header();
$mform_signup->display();
echo $OUTPUT->footer();
?> if (empty($CFG->registerauth)) {
print_error("Sorry, you may not use this page.");
}
$authplugin = get_auth_plugin($CFG->registerauth);
if (!$authplugin->can_signup()) {
print_error("Sorry, you may not use this page.");
}
//HTTPS is potentially required in this page
httpsrequired();
$mform_signup = new login_signup_form();
if ($mform_signup->is_cancelled()) {
redirect(get_login_url());
} else if ($user = $mform_signup->get_data()) {
$user->confirmed = 0;
$user->lang = current_language();
$user->firstaccess = time();
$user->mnethostid = $CFG->mnet_localhost_id;
$user->secret = random_string(15);
$user->auth = $CFG->registerauth;
$authplugin->user_signup($user, true); // prints notice and link to login/index.php
exit; //never reached
}
$newaccount = get_string('newaccount');
$login = get_string('login');
if (empty($CFG->langmenu)) {
$langmenu = '';
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$select = html_select::make_popup_form("$CFG->wwwroot/login/signup.php", 'lang', $langs, 'chooselang', $currlang);
$select->nothinglabel = false;
$langmenu = $OUTPUT->select($select);
}
$PAGE->navbar->add($login);
$PAGE->navbar->add($newaccount);
$PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/signup.php'));
$PAGE->set_title($newaccount);
$PAGE->set_heading($newaccount);
$PAGE->set_focuscontrol($mform_signup->focus());
$PAGE->set_headingmenu("<div class=\"langmenu\">$langmenu</div>");
echo $OUTPUT->header();
$mform_signup->display();
echo $OUTPUT->footer();