From 0342fc36099eaaf5971e601acd343180ada6908d Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Sun, 10 Jul 2011 13:22:55 +0200 Subject: [PATCH] MDL-28158 add optional "Remember username" checkbox in login forms --- admin/index.php | 2 +- admin/settings/security.php | 1 + auth/shibboleth/index.php | 1 - blocks/login/block_login.php | 6 ++++++ lang/en/admin.php | 2 ++ lib/moodlelib.php | 17 +++-------------- lib/sessionlib.php | 9 +++++++++ login/index.php | 18 ++++++++++++++++-- login/index_form.html | 7 ++++++- 9 files changed, 44 insertions(+), 19 deletions(-) diff --git a/admin/index.php b/admin/index.php index 95c7c947533ed..567936b230868 100644 --- a/admin/index.php +++ b/admin/index.php @@ -355,7 +355,7 @@ } // login user and let him set password and admin details $adminuser->newadminuser = 1; - complete_user_login($adminuser, false); + complete_user_login($adminuser); redirect("$CFG->wwwroot/user/editadvanced.php?id=$adminuser->id"); // Edit thyself } else { diff --git a/admin/settings/security.php b/admin/settings/security.php index ca95a478187ae..d5dce171b3e12 100644 --- a/admin/settings/security.php +++ b/admin/settings/security.php @@ -71,6 +71,7 @@ $temp->add(new admin_setting_configcheckbox('groupenrolmentkeypolicy', get_string('groupenrolmentkeypolicy', 'admin'), get_string('groupenrolmentkeypolicy_desc', 'admin'), 1)); $temp->add(new admin_setting_configcheckbox('disableuserimages', get_string('disableuserimages', 'admin'), get_string('configdisableuserimages', 'admin'), 0)); $temp->add(new admin_setting_configcheckbox('emailchangeconfirmation', get_string('emailchangeconfirmation', 'admin'), get_string('configemailchangeconfirmation', 'admin'), 1)); + $temp->add(new admin_setting_configselect('rememberusername', get_string('rememberusername','admin'), get_string('rememberusername_desc','admin'), 2, array(1=>get_string('yes'), 0=>get_string('no'), 2=>get_string('optional')))); $ADMIN->add('security', $temp); diff --git a/auth/shibboleth/index.php b/auth/shibboleth/index.php index 9f1e9f2e86e5d..ea33b6cc8b8e0 100644 --- a/auth/shibboleth/index.php +++ b/auth/shibboleth/index.php @@ -47,7 +47,6 @@ update_user_login_times(); // Don't show previous shibboleth username on login page - set_moodle_cookie(''); set_login_session_preferences(); diff --git a/blocks/login/block_login.php b/blocks/login/block_login.php index 81c6b3df49149..0fc1f94c7edd7 100644 --- a/blocks/login/block_login.php +++ b/blocks/login/block_login.php @@ -50,6 +50,12 @@ function get_content () { $this->content->text .= '
'; $this->content->text .= '
'; + if (isset($CFG->rememberusername) and $CFG->rememberusername == 2) { + $checked = $username ? 'checked="checked"' : ''; + $this->content->text .= '
'; + $this->content->text .= '
'; + } + $this->content->text .= '
'; $this->content->text .= "\n"; diff --git a/lang/en/admin.php b/lang/en/admin.php index e967be0f49620..6df4d46627947 100644 --- a/lang/en/admin.php +++ b/lang/en/admin.php @@ -875,6 +875,8 @@ $string['registration'] = 'Registration'; $string['releasenoteslink'] = 'For information about this version of Moodle, please see the online Release Notes'; $string['remotelangnotavailable'] = 'Because Moodle can not connect to download.moodle.org, we are unable to do language pack installation automatically. Please download the appropriate zip file(s) from http://download.moodle.org, copy them to your {$a} directory and unzip them manually.'; +$string['rememberusername'] = 'Remember username'; +$string['rememberusername_desc'] = 'Enable if you want to store permanent cookies with usernames during user login. Permanent cookies may be considered a privacy issue if used without consent.'; $string['renameerrors'] = 'Rename errors'; $string['requiredentrieschanged'] = 'IMPORTANT - PLEASE READ
(This warning message will only be displayed during this upgrade)
Due to a bug fix, the behaviour of database activities using the \'Required entries\' and \'Required entries before viewing settings\' settings will change. A more detailed explanation of the changes can be read on the database module forum. The expected behavior of these settings can also be read on Moodle Docs.

This change affects the following databases in your system: (Please save this list now, and after the upgrade, check that these activities still work the way that the teacher intends.)
{$a->text}
'; diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 4eca02dc64681..8a8d41e84e2bb 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -2375,7 +2375,7 @@ function require_login($courseorid = NULL, $autologinguest = true, $cm = NULL, $ exit; // never reached } $lang = isset($SESSION->lang) ? $SESSION->lang : $CFG->lang; - complete_user_login($guest, false); + complete_user_login($guest); $USER->autologinguest = true; $SESSION->lang = $lang; } else { @@ -3623,12 +3623,12 @@ function authenticate_user_login($username, $password) { * * NOTE: * - It will NOT log anything -- up to the caller to decide what to log. + * - this function does not set any cookies any more! * * @param object $user - * @param bool $setcookie * @return object A {@link $USER} object - BC only, do not use */ -function complete_user_login($user, $setcookie=true) { +function complete_user_login($user) { global $CFG, $USER; // regenerate session id and delete old session, @@ -3653,17 +3653,6 @@ function complete_user_login($user, $setcookie=true) { return $USER; } - if ($setcookie) { - if (empty($CFG->nolastloggedin)) { - set_moodle_cookie($USER->username); - } else { - // do not store last logged in user in cookie - // auth plugins can temporarily override this from loginpage_hook() - // do not save $CFG->nolastloggedin in database! - set_moodle_cookie(''); - } - } - /// Select password change url $userauth = get_auth_plugin($USER->auth); diff --git a/lib/sessionlib.php b/lib/sessionlib.php index f52808249b773..22b8a438c6084 100644 --- a/lib/sessionlib.php +++ b/lib/sessionlib.php @@ -819,6 +819,11 @@ function set_moodle_cookie($username) { return; } + if (empty($CFG->rememberusername)) { + // erase current and do not store permanent cookies + $username = ''; + } + if ($username === 'guest') { // keep previous cookie in case of guest account login return; @@ -847,6 +852,10 @@ function get_moodle_cookie() { return ''; } + if (empty($CFG->rememberusername)) { + return ''; + } + $cookiename = 'MOODLEID_'.$CFG->sessioncookie; if (empty($_COOKIE[$cookiename])) { diff --git a/login/index.php b/login/index.php index b0791ed5bf1e4..52d86a564ec88 100644 --- a/login/index.php +++ b/login/index.php @@ -175,7 +175,21 @@ /// Let's get them all set up. add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $user->id, 0, $user->id); - complete_user_login($user, true); // sets the username cookie + complete_user_login($user); + + // sets the username cookie + if (!empty($CFG->nolastloggedin)) { + // do not store last logged in user in cookie + // auth plugins can temporarily override this from loginpage_hook() + // do not save $CFG->nolastloggedin in database! + + } else if (empty($CFG->rememberusername) or ($CFG->rememberusername == 2 and empty($frm->rememberusername))) { + // no permanent cookies, delete old one if exists + set_moodle_cookie(''); + + } else { + set_moodle_cookie($USER->username); + } /// Prepare redirection if (user_not_fully_set_up($USER)) { @@ -289,7 +303,7 @@ if (!empty($_GET["username"])) { $frm->username = $_GET["username"]; } else { - $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie(); + $frm->username = get_moodle_cookie(); } $frm->password = ""; diff --git a/login/index_form.html b/login/index_form.html index cd9f8a4bc5dce..cd78a15e10069 100644 --- a/login/index_form.html +++ b/login/index_form.html @@ -42,10 +42,15 @@

" /> -
+ rememberusername) and $CFG->rememberusername == 2) { ?> +
username) {echo 'checked="checked"';} ?> />
+
+ +
+