MDL-28158 add optional "Remember username" checkbox in login forms

moodle · Jul 10, 2011 · 0342fc3 · 0342fc3
1 parent f6f6138
commit 0342fc3
Show file tree

Hide file tree

Showing 9 changed files with 44 additions and 19 deletions.
diff --git a/admin/index.php b/admin/index.php
@@ -355,7 +355,7 @@
         }
         // login user and let him set password and admin details
         $adminuser->newadminuser = 1;
-        complete_user_login($adminuser, false);
+        complete_user_login($adminuser);
         redirect("$CFG->wwwroot/user/editadvanced.php?id=$adminuser->id"); // Edit thyself
 
     } else {

diff --git a/admin/settings/security.php b/admin/settings/security.php
@@ -71,6 +71,7 @@
     $temp->add(new admin_setting_configcheckbox('groupenrolmentkeypolicy', get_string('groupenrolmentkeypolicy', 'admin'), get_string('groupenrolmentkeypolicy_desc', 'admin'), 1));
     $temp->add(new admin_setting_configcheckbox('disableuserimages', get_string('disableuserimages', 'admin'), get_string('configdisableuserimages', 'admin'), 0));
     $temp->add(new admin_setting_configcheckbox('emailchangeconfirmation', get_string('emailchangeconfirmation', 'admin'), get_string('configemailchangeconfirmation', 'admin'), 1));
+    $temp->add(new admin_setting_configselect('rememberusername', get_string('rememberusername','admin'), get_string('rememberusername_desc','admin'), 2, array(1=>get_string('yes'), 0=>get_string('no'), 2=>get_string('optional'))));
     $ADMIN->add('security', $temp);
 
 

diff --git a/auth/shibboleth/index.php b/auth/shibboleth/index.php
@@ -47,7 +47,6 @@
             update_user_login_times();
 
             // Don't show previous shibboleth username on login page
-            set_moodle_cookie('');
 
             set_login_session_preferences();
 

diff --git a/blocks/login/block_login.php b/blocks/login/block_login.php
@@ -50,6 +50,12 @@ function get_content () {
             $this->content->text .= '<div class="c1 fld password"><label for="login_password">'.get_string('password').'</label>';
             $this->content->text .= '<input type="password" name="password" id="login_password" value="" /></div>';
 
+            if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) {
+                $checked = $username ? 'checked="checked"' : '';
+                $this->content->text .= '<div class="c1 rememberusername"><input type="checkbox" name="rememberusername" id="rememberusername" value="1" '.$checked.'/>';
+                $this->content->text .= ' <label for="rememberusername">'.get_string('rememberusername', 'admin').'</label></div>';
+            }
+
             $this->content->text .= '<div class="c1 btn"><input type="submit" value="'.get_string('login').'" /></div>';
 
             $this->content->text .= "</form>\n";

diff --git a/lang/en/admin.php b/lang/en/admin.php
@@ -875,6 +875,8 @@
 $string['registration'] = 'Registration';
 $string['releasenoteslink'] = 'For information about this version of Moodle, please see the online <a target="_blank" href="{$a}">Release Notes</a>';
 $string['remotelangnotavailable'] = 'Because Moodle can not connect to download.moodle.org, we are unable to do language pack installation automatically. Please download the appropriate zip file(s) from http://download.moodle.org, copy them to your {$a} directory and unzip them manually.';
+$string['rememberusername'] = 'Remember username';
+$string['rememberusername_desc'] = 'Enable if you want to store permanent cookies with usernames during user login. Permanent cookies may be considered a privacy issue if used without consent.';
 $string['renameerrors'] = 'Rename errors';
 $string['requiredentrieschanged'] = '<strong>IMPORTANT - PLEASE READ<br/>(This warning message will only be displayed during this upgrade)</strong><br/>Due to a bug fix, the behaviour of database activities using the \'Required entries\' and \'Required entries before viewing settings\' settings will change. A more detailed explanation of the changes can be read on <a href="http://moodle.org/mod/forum/discuss.php?d=110928" target="_blank">the database module forum</a>. The expected behavior of these settings can also be read on <a href="http://docs.moodle.org/en/Adding/editing_a_database#Required_entries" target="_blank">Moodle Docs</a>.
 <br/><br/>This change affects the following databases in your system: (Please save this list now, and after the upgrade, check that these activities still work the way that the teacher intends.)<br/><strong>{$a->text}</strong><br/>';

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
@@ -2375,7 +2375,7 @@ function require_login($courseorid = NULL, $autologinguest = true, $cm = NULL, $
                 exit; // never reached
             }
             $lang = isset($SESSION->lang) ? $SESSION->lang : $CFG->lang;
-            complete_user_login($guest, false);
+            complete_user_login($guest);
             $USER->autologinguest = true;
             $SESSION->lang = $lang;
         } else {
@@ -3623,12 +3623,12 @@ function authenticate_user_login($username, $password) {
  *
  * NOTE:
  * - It will NOT log anything -- up to the caller to decide what to log.
+ * - this function does not set any cookies any more!
  *
  * @param object $user
- * @param bool $setcookie
  * @return object A {@link $USER} object - BC only, do not use
  */
-function complete_user_login($user, $setcookie=true) {
+function complete_user_login($user) {
     global $CFG, $USER;
 
     // regenerate session id and delete old session,
@@ -3653,17 +3653,6 @@ function complete_user_login($user, $setcookie=true) {
         return $USER;
     }
 
-    if ($setcookie) {
-        if (empty($CFG->nolastloggedin)) {
-            set_moodle_cookie($USER->username);
-        } else {
-            // do not store last logged in user in cookie
-            // auth plugins can temporarily override this from loginpage_hook()
-            // do not save $CFG->nolastloggedin in database!
-            set_moodle_cookie('');
-        }
-    }
-
     /// Select password change url
     $userauth = get_auth_plugin($USER->auth);
 

diff --git a/lib/sessionlib.php b/lib/sessionlib.php
@@ -819,6 +819,11 @@ function set_moodle_cookie($username) {
         return;
     }
 
+    if (empty($CFG->rememberusername)) {
+        // erase current and do not store permanent cookies
+        $username = '';
+    }
+
     if ($username === 'guest') {
         // keep previous cookie in case of guest account login
         return;
@@ -847,6 +852,10 @@ function get_moodle_cookie() {
         return '';
     }
 
+    if (empty($CFG->rememberusername)) {
+        return '';
+    }
+
     $cookiename = 'MOODLEID_'.$CFG->sessioncookie;
 
     if (empty($_COOKIE[$cookiename])) {

diff --git a/login/index.php b/login/index.php
@@ -175,7 +175,21 @@
     /// Let's get them all set up.
         add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
                    $user->id, 0, $user->id);
-        complete_user_login($user, true); // sets the username cookie
+        complete_user_login($user);
+
+        // sets the username cookie
+        if (!empty($CFG->nolastloggedin)) {
+            // do not store last logged in user in cookie
+            // auth plugins can temporarily override this from loginpage_hook()
+            // do not save $CFG->nolastloggedin in database!
+
+        } else if (empty($CFG->rememberusername) or ($CFG->rememberusername == 2 and empty($frm->rememberusername))) {
+            // no permanent cookies, delete old one if exists
+            set_moodle_cookie('');
+
+        } else {
+            set_moodle_cookie($USER->username);
+        }
 
     /// Prepare redirection
         if (user_not_fully_set_up($USER)) {
@@ -289,7 +303,7 @@
     if (!empty($_GET["username"])) {
         $frm->username = $_GET["username"];
     } else {
-        $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
+        $frm->username = get_moodle_cookie();
     }
 
     $frm->password = "";

diff --git a/login/index_form.html b/login/index_form.html
@@ -42,10 +42,15 @@ <h2><?php print_string("returningtosite") ?></h2>
             <div class="form-input">
               <input type="password" name="password" id="password" size="15" value="" />
               <input type="submit" id="loginbtn" value="<?php print_string("login") ?>" />
-              <div class="forgetpass"><a href="forgot_password.php"><?php print_string("forgotten") ?></a></div>
             </div>
             <div class="clearer"><!-- --></div>
+              <?php if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) { ?>
+              <div class="form-label"><input type="checkbox" name="rememberusername" id="rememberusername" value="1" <?php if ($frm->username) {echo 'checked="checked"';} ?> /></div>
+              <div class="form-input"><label for="rememberusername"><?php print_string('rememberusername', 'admin') ?></label></div>
+              <?php } ?>
           </div>
+          <div class="clearer"><!-- --></div>
+          <div class="forgetpass"><a href="forgot_password.php"><?php print_string("forgotten") ?></a></div>
         </form>
       </div>