moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-17754 next round of session related refactoring

Browse source
This commit is contained in:
skodak 2009-01-02 20:32:05 +00:00
parent 6c928b4cfe
commit b7b64ff2e0
13 changed files with 105 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/generator.php
View file

@ -1141,7 +1141,7 @@ class generator_cli extends generator {
echo "Invalid username or password!{$this->eolchar}"; echo "Invalid username or password!{$this->eolchar}";
die(); die();
} }
$USER = complete_user_login($user); complete_user_login($user);
$systemcontext = get_context_instance(CONTEXT_SYSTEM); $systemcontext = get_context_instance(CONTEXT_SYSTEM);
if (!has_capability('moodle/site:doanything', $systemcontext)) { if (!has_capability('moodle/site:doanything', $systemcontext)) {
echo "You do not have administration privileges on this Moodle site. " echo "You do not have administration privileges on this Moodle site. "

2
auth/ldap/auth.php
View file

@ -1835,7 +1835,7 @@ class auth_plugin_ldap extends auth_plugin_base {
if ($user) { if ($user) {
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id); $user->id, 0, $user->id);
$USER = complete_user_login($user); complete_user_login($user);
// Cleanup the key to prevent reuse... // Cleanup the key to prevent reuse...
// and to allow re-logins with normal credentials // and to allow re-logins with normal credentials

2
course/enrol.php
View file

@ -28,7 +28,7 @@
} }
/// do not use when in course login as /// do not use when in course login as
if (is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) { if (session_is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
print_error('loginasnoenrol', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid); print_error('loginasnoenrol', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
} }

2
course/loginas.php
View file

@ -7,7 +7,7 @@
/// Reset user back to their real self if needed /// Reset user back to their real self if needed
$return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from $return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from
if (is_loggedinas()) { if (session_is_loggedinas()) {
if (!confirm_sesskey()) { if (!confirm_sesskey()) {
print_error('confirmsesskeybad'); print_error('confirmsesskeybad');
} }

6
lib/accesslib.php
View file

@ -1769,10 +1769,16 @@ function load_temp_role($context, $roleid, $accessdata) {
/** /**
* Check all the login enrolment information for the given user object * Check all the login enrolment information for the given user object
* by querying the enrolment plugins * by querying the enrolment plugins
* @return void
*/ */
function check_enrolment_plugins(&$user) { function check_enrolment_plugins(&$user) {
global $CFG; global $CFG;
if (empty($user->id) or isguestuser($user)) {
// shortcut - there is no enrolment work for guests and not-logged-in users
return;
}
static $inprogress; // To prevent this function being called more than once in an invocation static $inprogress; // To prevent this function being called more than once in an invocation
if (!empty($inprogress[$user->id])) { if (!empty($inprogress[$user->id])) {

4
lib/datalib.php
View file

@ -1897,7 +1897,7 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user
if ($user) { if ($user) {
$userid = $user; $userid = $user;
} else { } else {
if (is_loggedinas()) { // Don't log if (session_is_loggedinas()) { // Don't log
return; return;
} }
$userid = empty($USER->id) ? '0' : $USER->id; $userid = empty($USER->id) ? '0' : $USER->id;
@ -1972,7 +1972,7 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user
function user_accesstime_log($courseid=0) { function user_accesstime_log($courseid=0) {
global $USER, $CFG, $DB; global $USER, $CFG, $DB;
if (!isloggedin() or is_loggedinas()) { if (!isloggedin() or session_is_loggedinas()) {
// no access tracking // no access tracking
return; return;
} }

24
lib/moodlelib.php
View file

@ -1920,7 +1920,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
} }
/// loginas as redirection if needed /// loginas as redirection if needed
if ($COURSE->id != SITEID and is_loggedinas()) { if ($COURSE->id != SITEID and session_is_loggedinas()) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) { if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $COURSE->id) { if ($USER->loginascontext->instanceid != $COURSE->id) {
print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid); print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
@ -1929,7 +1929,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
} }
/// check whether the user should be changing password (but only if it is REALLY them) /// check whether the user should be changing password (but only if it is REALLY them)
if (get_user_preferences('auth_forcepasswordchange') && !is_loggedinas()) { if (get_user_preferences('auth_forcepasswordchange') && !session_is_loggedinas()) {
$userauth = get_auth_plugin($USER->auth); $userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) { if ($userauth->can_change_password()) {
$SESSION->wantsurl = $FULLME; $SESSION->wantsurl = $FULLME;
@ -2107,8 +2107,8 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
/// For non-guests, check if they have course view access /// For non-guests, check if they have course view access
} else if (has_capability('moodle/course:view', $COURSE->context)) { } else if (has_capability('moodle/course:view', $COURSE->context)) {
if (is_loggedinas()) { // Make sure the REAL person can also access this course if (session_is_loggedinas()) { // Make sure the REAL person can also access this course
$realuser = get_real_user(); $realuser = session_get_realuser();
if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) { if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) {
print_header_simple(); print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/'); notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
@ -2154,7 +2154,7 @@ function require_logout() {
} }
} }
get_session()->terminate(); session_get_instance()->terminate();
} }
/** /**
@ -3143,17 +3143,15 @@ function authenticate_user_login($username, $password) {
* NOTE: * NOTE:
* - It will NOT log anything -- up to the caller to decide what to log. * - It will NOT log anything -- up to the caller to decide what to log.
* *
*
*
* @uses $CFG, $USER * @uses $CFG, $USER
* @param string $user obj * @param string $user obj
* @return user|flase A {@link $USER} object or false if error * @return object A {@link $USER} object - BC only, do not use
*/ */
function complete_user_login($user) { function complete_user_login($user) {
global $CFG, $USER, $SESSION; global $CFG, $USER, $SESSION;
$USER = $user; // this is required because we need to access preferences here! // check enrolments, load caps and setup $USER object
check_user_preferences_loaded(); session_set_user($user);
update_user_login_times(); update_user_login_times();
if (empty($CFG->nolastloggedin)) { if (empty($CFG->nolastloggedin)) {
@ -3166,12 +3164,6 @@ function complete_user_login($user) {
} }
set_login_session_preferences(); set_login_session_preferences();
// Call enrolment plugins
check_enrolment_plugins($user);
/// This is what lets the user do anything on the site :-)
load_all_capabilities();
/// Select password change url /// Select password change url
$userauth = get_auth_plugin($USER->auth); $userauth = get_auth_plugin($USER->auth);

93
lib/sessionlib.php
View file

@ -4,7 +4,7 @@
* Factory method returning moodle_session object. * Factory method returning moodle_session object.
* @return moodle_session * @return moodle_session
*/ */
function get_session() { function session_get_instance() {
static $session = null; static $session = null;
if (is_null($session)) { if (is_null($session)) {
@ -18,7 +18,7 @@ function get_session() {
* Class handling all session and cookies related stuff. * Class handling all session and cookies related stuff.
*/ */
class moodle_session { class moodle_session {
function __construct() { public function __construct() {
global $CFG; global $CFG;
$this->prepare_cookies(); $this->prepare_cookies();
$this->init_session_storage(); $this->init_session_storage();
@ -44,12 +44,55 @@ class moodle_session {
} }
} }
if (!isset($_SESSION['USER']->id)) { $this->check_user_initialised();
$_SESSION['USER']->id = 0; // to enable proper function of $CFG->notloggedinroleid hack }
if (isset($CFG->mnet_localhost_id)) {
$_SESSION['USER']->mnethostid = $CFG->mnet_localhost_id; /**
* Initialise $USER object, handles google access.
*
* @return void
*/
protected function check_user_initialised() {
if (isset($_SESSION['USER']->id)) {
// already set up $USER
return;
}
$user = null;
if (!empty($CFG->opentogoogle) and !NO_MOODLE_COOKIES) {
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
// allow web spiders in as guest users
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
$user = guest_user();
}
}
if (!$user and !empty($_SERVER['HTTP_REFERER'])) {
// automaticaly log in users coming from search engine results
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
$user = guest_user();
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
$user = guest_user();
}
} }
} }
if (!$user) {
$user = new object();
$user->id = 0; // to enable proper function of $CFG->notloggedinroleid hack
if (isset($CFG->mnet_localhost_id)) {
$user->mnethostid = $CFG->mnet_localhost_id;
}
}
session_set_user($user);
} }
/** /**
@ -83,7 +126,7 @@ class moodle_session {
/** /**
* Prepare cookies and varions system settings * Prepare cookies and varions system settings
*/ */
private function prepare_cookies() { protected function prepare_cookies() {
global $CFG, $nomoodlecookie; global $CFG, $nomoodlecookie;
if (!defined('NO_MOODLE_COOKIES')) { if (!defined('NO_MOODLE_COOKIES')) {
@ -121,6 +164,7 @@ class moodle_session {
unset(${'MoodleSession'.$CFG->sessioncookie}); unset(${'MoodleSession'.$CFG->sessioncookie});
unset($_GET['MoodleSession'.$CFG->sessioncookie]); unset($_GET['MoodleSession'.$CFG->sessioncookie]);
unset($_POST['MoodleSession'.$CFG->sessioncookie]); unset($_POST['MoodleSession'.$CFG->sessioncookie]);
unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
} }
//compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with NO_MOODLE_COOKIES in cron.php now //compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with NO_MOODLE_COOKIES in cron.php now
if (!empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]) && $_COOKIE['MoodleSession'.$CFG->sessioncookie] == "deleted") { if (!empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]) && $_COOKIE['MoodleSession'.$CFG->sessioncookie] == "deleted") {
@ -131,7 +175,7 @@ class moodle_session {
/** /**
* Inits session storage. * Inits session storage.
*/ */
private function init_session_storage() { protected function init_session_storage() {
global $CFG; global $CFG;
/// Set up session handling /// Set up session handling
@ -253,11 +297,24 @@ function get_moodle_cookie() {
} }
} }
/**
* Setup $USER object - called during login, loginas, etc.
* Preloads capabilities and checks enrolment plugins
*
* @param object $user full user record object
* @return void
*/
function session_set_user($user) {
$_SESSION['USER'] = $user;
check_enrolment_plugins($_SESSION['USER']);
load_all_capabilities();
}
/** /**
* Is current $USER logged-in-as somebody else? * Is current $USER logged-in-as somebody else?
* @return bool * @return bool
*/ */
function is_loggedinas() { function session_is_loggedinas() {
return !empty($_SESSION['USER']->realuser); return !empty($_SESSION['USER']->realuser);
} }
@ -265,8 +322,8 @@ function is_loggedinas() {
* Returns the $USER object ignoring current login-as session * Returns the $USER object ignoring current login-as session
* @return object user object * @return object user object
*/ */
function get_real_user() { function session_get_realuser() {
if (is_loggedinas()) { if (session_is_loggedinas()) {
return $_SESSION['REALUSER']; return $_SESSION['REALUSER'];
} else { } else {
return $_SESSION['USER']; return $_SESSION['USER'];
@ -280,7 +337,7 @@ function get_real_user() {
* @return void * @return void
*/ */
function session_loginas($userid, $context) { function session_loginas($userid, $context) {
if (is_loggedinas()) { if (session_is_loggedinas()) {
return; return;
} }
@ -290,12 +347,10 @@ function session_loginas($userid, $context) {
/// Create the new $USER object with all details and reload needed capabilitites /// Create the new $USER object with all details and reload needed capabilitites
$_SESSION['REALUSER'] = $_SESSION['USER']; $_SESSION['REALUSER'] = $_SESSION['USER'];
$_SESSION['USER'] = get_complete_user_data('id', $userid); $user = get_complete_user_data('id', $userid);
$_SESSION['USER']->realuser = $_SESSION['REALUSER']->id; $user->realuser = $_SESSION['REALUSER']->id;
$_SESSION['USER']->loginascontext = $context; $user->loginascontext = $context;
session_set_user($user);
check_enrolment_plugins($_SESSION['USER']);
load_all_capabilities();
} }
/** /**
@ -303,7 +358,7 @@ function session_loginas($userid, $context) {
* @return void * @return void
*/ */
function session_unloginas() { function session_unloginas() {
if (!is_loggedinas()) { if (!session_is_loggedinas()) {
return; return;
} }

34
lib/setup.php
View file

@ -387,7 +387,7 @@ global $HTTPSPAGEREQUIRED;
} }
/// start session and prepare global $SESSION, $USER /// start session and prepare global $SESSION, $USER
get_session(); session_get_instance();
$SESSION = &$_SESSION['SESSION']; $SESSION = &$_SESSION['SESSION'];
$USER = &$_SESSION['USER']; $USER = &$_SESSION['USER'];
@ -450,34 +450,6 @@ global $HTTPSPAGEREQUIRED;
// set default locale and themes - might be changed again later from require_login() // set default locale and themes - might be changed again later from require_login()
course_setup(); course_setup();
if (!empty($CFG->opentogoogle)) {
if (!NO_MOODLE_COOKIES and empty($USER->id)) { // Ignore anyone logged in, or scripts without cookies
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
$USER = guest_user();
}
}
if (empty($USER) && !empty($_SERVER['HTTP_REFERER'])) {
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
$USER = guest_user();
}
}
if (!empty($USER->id)) {
load_all_capabilities();
}
}
}
if ($CFG->theme == 'standard' or $CFG->theme == 'standardwhite') { // Temporary measure to help with XHTML validation if ($CFG->theme == 'standard' or $CFG->theme == 'standardwhite') { // Temporary measure to help with XHTML validation
if (isset($_SERVER['HTTP_USER_AGENT']) and empty($USER->id)) { // Allow W3CValidator in as user called w3cvalidator (or guest) if (isset($_SERVER['HTTP_USER_AGENT']) and empty($USER->id)) { // Allow W3CValidator in as user called w3cvalidator (or guest)
if ((strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) or if ((strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) or
@ -504,8 +476,8 @@ global $HTTPSPAGEREQUIRED;
$apachelog_name = clean_filename($USER->firstname . " " . $apachelog_name = clean_filename($USER->firstname . " " .
$USER->lastname); $USER->lastname);
} }
if (is_loggedinas()) { if (session_is_loggedinas()) {
$realuser = get_real_user(); $realuser = session_get_realuser();
$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username); $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
$apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name); $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
$apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid); $apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);

6
lib/weblib.php
View file

@ -3497,8 +3497,8 @@ function user_login_string($course=NULL, $user=NULL) {
$course = $SITE; $course = $SITE;
} }
if (is_loggedinas()) { if (session_is_loggedinas()) {
$realuser = get_real_user(); $realuser = session_get_realuser();
$fullname = fullname($realuser, true); $fullname = fullname($realuser, true);
$realuserinfo = " [<a $CFG->frametarget $realuserinfo = " [<a $CFG->frametarget
href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&amp;return=1&amp;sesskey=".sesskey()."\">$fullname</a>] "; href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&amp;return=1&amp;sesskey=".sesskey()."\">$fullname</a>] ";
@ -4754,7 +4754,7 @@ has_capability('moodle/course:viewhiddenuserfields', $context)) {
if (has_capability('moodle/role:assign', $context) and get_user_roles($context, $user->id, false)) { // I can unassing and user has some role if (has_capability('moodle/role:assign', $context) and get_user_roles($context, $user->id, false)) { // I can unassing and user has some role
$output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&amp;user='. $user->id .'">'. $string->unenrol .'</a><br />'; $output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&amp;user='. $user->id .'">'. $string->unenrol .'</a><br />';
} }
if ($USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $context) && if ($USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $context) &&
! has_capability('moodle/site:doanything', $context, $user->id, false)) { ! has_capability('moodle/site:doanything', $context, $user->id, false)) {
$output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&amp;user='. $user->id .'&amp;sesskey='. sesskey() .'">'. $string->loginas .'</a><br />'; $output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&amp;user='. $user->id .'&amp;sesskey='. sesskey() .'">'. $string->loginas .'</a><br />';
} }

2
login/change_password.php
View file

@ -30,7 +30,7 @@
} }
// do not allow "Logged in as" users to change any passwords // do not allow "Logged in as" users to change any passwords
if (is_loggedinas()) { if (session_is_loggedinas()) {
print_error('cannotcallscript'); print_error('cannotcallscript');
} }

2
login/index.php
View file

@ -158,7 +158,7 @@ httpsrequired();
/// Let's get them all set up. /// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id); $user->id, 0, $user->id);
$USER = complete_user_login($user); complete_user_login($user);
/// Prepare redirection /// Prepare redirection
if (user_not_fully_set_up($USER)) { if (user_not_fully_set_up($USER)) {

6
user/view.php
View file

@ -411,7 +411,7 @@
if ($passwordchangeurl) { if ($passwordchangeurl) {
$params = array('id'=>$course->id); $params = array('id'=>$course->id);
if (is_loggedinas()) { if (session_is_loggedinas()) {
$passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data $passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data
} else { } else {
$parts = explode('?', $passwordchangeurl); $parts = explode('?', $passwordchangeurl);
@ -429,7 +429,7 @@
foreach($params as $key=>$value) { foreach($params as $key=>$value) {
echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />'; echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />';
} }
if (is_loggedinas()) { if (session_is_loggedinas()) {
// changing of password when "Logged in as" is not allowed // changing of password when "Logged in as" is not allowed
echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />"; echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
} else { } else {
@ -471,7 +471,7 @@
} }
} }
if (!$user->deleted and $USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) && if (!$user->deleted and $USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) { ! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">'; echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
echo '<div>'; echo '<div>';