moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-04 08:26:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-17754 next round of session related refactoring

Browse source
This commit is contained in:
skodak 2009-01-02 20:32:05 +00:00
parent 6c928b4cfe
commit b7b64ff2e0
13 changed files with 105 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/generator.php
View file

@ -1141,7 +1141,7 @@ class generator_cli extends generator {
echo "Invalid username or password!{$this->eolchar}";
die();
}
$USER = complete_user_login($user);
complete_user_login($user);
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
if (!has_capability('moodle/site:doanything', $systemcontext)) {
echo "You do not have administration privileges on this Moodle site. "

2
auth/ldap/auth.php
View file

@ -1835,7 +1835,7 @@ class auth_plugin_ldap extends auth_plugin_base {
if ($user) {
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
$USER = complete_user_login($user);
complete_user_login($user);
// Cleanup the key to prevent reuse...
// and to allow re-logins with normal credentials

2
course/enrol.php
View file

@ -28,7 +28,7 @@
}
/// do not use when in course login as
if (is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if (session_is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
print_error('loginasnoenrol', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
}

2
course/loginas.php
View file

@ -7,7 +7,7 @@
/// Reset user back to their real self if needed
$return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from
if (is_loggedinas()) {
if (session_is_loggedinas()) {
if (!confirm_sesskey()) {
print_error('confirmsesskeybad');
}

6
lib/accesslib.php
View file

@ -1769,10 +1769,16 @@ function load_temp_role($context, $roleid, $accessdata) {
/**
* Check all the login enrolment information for the given user object
* by querying the enrolment plugins
* @return void
*/
function check_enrolment_plugins(&$user) {
global $CFG;
if (empty($user->id) or isguestuser($user)) {
// shortcut - there is no enrolment work for guests and not-logged-in users
return;
}
static $inprogress; // To prevent this function being called more than once in an invocation
if (!empty($inprogress[$user->id])) {

4
lib/datalib.php
View file

@ -1897,7 +1897,7 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user
if ($user) {
$userid = $user;
} else {
if (is_loggedinas()) { // Don't log
if (session_is_loggedinas()) { // Don't log
return;
}
$userid = empty($USER->id) ? '0' : $USER->id;
@ -1972,7 +1972,7 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user
function user_accesstime_log($courseid=0) {
global $USER, $CFG, $DB;
if (!isloggedin() or is_loggedinas()) {
if (!isloggedin() or session_is_loggedinas()) {
// no access tracking
return;
}

24
lib/moodlelib.php
View file

@ -1920,7 +1920,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
}
/// loginas as redirection if needed
if ($COURSE->id != SITEID and is_loggedinas()) {
if ($COURSE->id != SITEID and session_is_loggedinas()) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $COURSE->id) {
print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
@ -1929,7 +1929,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
}
/// check whether the user should be changing password (but only if it is REALLY them)
if (get_user_preferences('auth_forcepasswordchange') && !is_loggedinas()) {
if (get_user_preferences('auth_forcepasswordchange') && !session_is_loggedinas()) {
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
$SESSION->wantsurl = $FULLME;
@ -2107,8 +2107,8 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu
/// For non-guests, check if they have course view access
} else if (has_capability('moodle/course:view', $COURSE->context)) {
if (is_loggedinas()) { // Make sure the REAL person can also access this course
$realuser = get_real_user();
if (session_is_loggedinas()) { // Make sure the REAL person can also access this course
$realuser = session_get_realuser();
if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) {
print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
@ -2154,7 +2154,7 @@ function require_logout() {
}
}
get_session()->terminate();
session_get_instance()->terminate();
}
/**
@ -3143,17 +3143,15 @@ function authenticate_user_login($username, $password) {
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
*
*
* @uses $CFG, $USER
* @param string $user obj
* @return user|flase A {@link $USER} object or false if error
* @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user) {
global $CFG, $USER, $SESSION;
$USER = $user; // this is required because we need to access preferences here!
check_user_preferences_loaded();
// check enrolments, load caps and setup $USER object
session_set_user($user);
update_user_login_times();
if (empty($CFG->nolastloggedin)) {
@ -3166,12 +3164,6 @@ function complete_user_login($user) {
}
set_login_session_preferences();
// Call enrolment plugins
check_enrolment_plugins($user);
/// This is what lets the user do anything on the site :-)
load_all_capabilities();
/// Select password change url
$userauth = get_auth_plugin($USER->auth);

93
lib/sessionlib.php
View file

@ -4,7 +4,7 @@
* Factory method returning moodle_session object.
* @return moodle_session
*/
function get_session() {
function session_get_instance() {
static $session = null;
if (is_null($session)) {
@ -18,7 +18,7 @@ function get_session() {
* Class handling all session and cookies related stuff.
*/
class moodle_session {
function __construct() {
public function __construct() {
global $CFG;
$this->prepare_cookies();
$this->init_session_storage();
@ -44,12 +44,55 @@ class moodle_session {
}
}
if (!isset($_SESSION['USER']->id)) {
$_SESSION['USER']->id = 0; // to enable proper function of $CFG->notloggedinroleid hack
if (isset($CFG->mnet_localhost_id)) {
$_SESSION['USER']->mnethostid = $CFG->mnet_localhost_id;
$this->check_user_initialised();
}
/**
* Initialise $USER object, handles google access.
*
* @return void
*/
protected function check_user_initialised() {
if (isset($_SESSION['USER']->id)) {
// already set up $USER
return;
}
$user = null;
if (!empty($CFG->opentogoogle) and !NO_MOODLE_COOKIES) {
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
// allow web spiders in as guest users
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
$user = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
$user = guest_user();
}
}
if (!$user and !empty($_SERVER['HTTP_REFERER'])) {
// automaticaly log in users coming from search engine results
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
$user = guest_user();
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
$user = guest_user();
}
}
}
if (!$user) {
$user = new object();
$user->id = 0; // to enable proper function of $CFG->notloggedinroleid hack
if (isset($CFG->mnet_localhost_id)) {
$user->mnethostid = $CFG->mnet_localhost_id;
}
}
session_set_user($user);
}
/**
@ -83,7 +126,7 @@ class moodle_session {
/**
* Prepare cookies and varions system settings
*/
private function prepare_cookies() {
protected function prepare_cookies() {
global $CFG, $nomoodlecookie;
if (!defined('NO_MOODLE_COOKIES')) {
@ -121,6 +164,7 @@ class moodle_session {
unset(${'MoodleSession'.$CFG->sessioncookie});
unset($_GET['MoodleSession'.$CFG->sessioncookie]);
unset($_POST['MoodleSession'.$CFG->sessioncookie]);
unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
}
//compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with NO_MOODLE_COOKIES in cron.php now
if (!empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]) && $_COOKIE['MoodleSession'.$CFG->sessioncookie] == "deleted") {
@ -131,7 +175,7 @@ class moodle_session {
/**
* Inits session storage.
*/
private function init_session_storage() {
protected function init_session_storage() {
global $CFG;
/// Set up session handling
@ -253,11 +297,24 @@ function get_moodle_cookie() {
}
}
/**
* Setup $USER object - called during login, loginas, etc.
* Preloads capabilities and checks enrolment plugins
*
* @param object $user full user record object
* @return void
*/
function session_set_user($user) {
$_SESSION['USER'] = $user;
check_enrolment_plugins($_SESSION['USER']);
load_all_capabilities();
}
/**
* Is current $USER logged-in-as somebody else?
* @return bool
*/
function is_loggedinas() {
function session_is_loggedinas() {
return !empty($_SESSION['USER']->realuser);
}
@ -265,8 +322,8 @@ function is_loggedinas() {
* Returns the $USER object ignoring current login-as session
* @return object user object
*/
function get_real_user() {
if (is_loggedinas()) {
function session_get_realuser() {
if (session_is_loggedinas()) {
return $_SESSION['REALUSER'];
} else {
return $_SESSION['USER'];
@ -280,7 +337,7 @@ function get_real_user() {
* @return void
*/
function session_loginas($userid, $context) {
if (is_loggedinas()) {
if (session_is_loggedinas()) {
return;
}
@ -290,12 +347,10 @@ function session_loginas($userid, $context) {
/// Create the new $USER object with all details and reload needed capabilitites
$_SESSION['REALUSER'] = $_SESSION['USER'];
$_SESSION['USER'] = get_complete_user_data('id', $userid);
$_SESSION['USER']->realuser = $_SESSION['REALUSER']->id;
$_SESSION['USER']->loginascontext = $context;
check_enrolment_plugins($_SESSION['USER']);
load_all_capabilities();
$user = get_complete_user_data('id', $userid);
$user->realuser = $_SESSION['REALUSER']->id;
$user->loginascontext = $context;
session_set_user($user);
}
/**
@ -303,7 +358,7 @@ function session_loginas($userid, $context) {
* @return void
*/
function session_unloginas() {
if (!is_loggedinas()) {
if (!session_is_loggedinas()) {
return;
}

34
lib/setup.php
View file

@ -387,7 +387,7 @@ global $HTTPSPAGEREQUIRED;
}
/// start session and prepare global $SESSION, $USER
get_session();
session_get_instance();
$SESSION = &$_SESSION['SESSION'];
$USER = &$_SESSION['USER'];
@ -450,34 +450,6 @@ global $HTTPSPAGEREQUIRED;
// set default locale and themes - might be changed again later from require_login()
course_setup();
if (!empty($CFG->opentogoogle)) {
if (!NO_MOODLE_COOKIES and empty($USER->id)) { // Ignore anyone logged in, or scripts without cookies
if (!empty($_SERVER['HTTP_USER_AGENT'])) {
if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
$USER = guest_user();
}
}
if (empty($USER) && !empty($_SERVER['HTTP_REFERER'])) {
if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
$USER = guest_user();
} else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
$USER = guest_user();
}
}
if (!empty($USER->id)) {
load_all_capabilities();
}
}
}
if ($CFG->theme == 'standard' or $CFG->theme == 'standardwhite') { // Temporary measure to help with XHTML validation
if (isset($_SERVER['HTTP_USER_AGENT']) and empty($USER->id)) { // Allow W3CValidator in as user called w3cvalidator (or guest)
if ((strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) or
@ -504,8 +476,8 @@ global $HTTPSPAGEREQUIRED;
$apachelog_name = clean_filename($USER->firstname . " " .
$USER->lastname);
}
if (is_loggedinas()) {
$realuser = get_real_user();
if (session_is_loggedinas()) {
$realuser = session_get_realuser();
$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
$apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
$apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);

6
lib/weblib.php
View file

@ -3497,8 +3497,8 @@ function user_login_string($course=NULL, $user=NULL) {
$course = $SITE;
}
if (is_loggedinas()) {
$realuser = get_real_user();
if (session_is_loggedinas()) {
$realuser = session_get_realuser();
$fullname = fullname($realuser, true);
$realuserinfo = " [<a $CFG->frametarget
href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&amp;return=1&amp;sesskey=".sesskey()."\">$fullname</a>] ";
@ -4754,7 +4754,7 @@ has_capability('moodle/course:viewhiddenuserfields', $context)) {
if (has_capability('moodle/role:assign', $context) and get_user_roles($context, $user->id, false)) { // I can unassing and user has some role
$output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&amp;user='. $user->id .'">'. $string->unenrol .'</a><br />';
}
if ($USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $context) &&
if ($USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $context) &&
! has_capability('moodle/site:doanything', $context, $user->id, false)) {
$output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&amp;user='. $user->id .'&amp;sesskey='. sesskey() .'">'. $string->loginas .'</a><br />';
}

2
login/change_password.php
View file

@ -30,7 +30,7 @@
}
// do not allow "Logged in as" users to change any passwords
if (is_loggedinas()) {
if (session_is_loggedinas()) {
print_error('cannotcallscript');
}

2
login/index.php
View file

@ -158,7 +158,7 @@ httpsrequired();
/// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
$USER = complete_user_login($user);
complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {

6
user/view.php
View file

@ -411,7 +411,7 @@
if ($passwordchangeurl) {
$params = array('id'=>$course->id);
if (is_loggedinas()) {
if (session_is_loggedinas()) {
$passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data
} else {
$parts = explode('?', $passwordchangeurl);
@ -429,7 +429,7 @@
foreach($params as $key=>$value) {
echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />';
}
if (is_loggedinas()) {
if (session_is_loggedinas()) {
// changing of password when "Logged in as" is not allowed
echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
} else {
@ -471,7 +471,7 @@
}
}
if (!$user->deleted and $USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
if (!$user->deleted and $USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
echo '<div>';