MDL-16640 do not show login form to users that are already logged in,…

… this may solve some sesskey problems caused by re-logging
moodle · Oct 10, 2010 · e81fb5e · e81fb5e
1 parent 12488e6
commit e81fb5e
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 4 deletions.
diff --git a/lang/en/error.php b/lang/en/error.php
@@ -508,5 +508,6 @@
 $string['wwwrootmismatch'] = 'Incorrect access detected, this server may be accessed only through "{$a}" address, sorry.<br />Please notify server administrator.';
 $string['wwwrootslash'] = 'Detected incorrect $CFG->wwwroot in config.php, it must not contain trailing slash.<br />Please notify server administrator.';
 $string['xmldberror'] = 'XMLDB error!';
+$string['alreadyloggedin'] = 'You are already logged in as {$a}, you need to log out before logging is as different user.';
 $string['youcannotdeletecategory'] = 'You cannot delete category \'{$a}\' because you can neither delete the contents, nor move them elsewhere.';
 $string['younotteacher'] = 'You are not a teacher!';
diff --git a/login/index.php b/login/index.php
@@ -307,5 +307,16 @@
 $PAGE->set_heading("$site->fullname");
 
 echo $OUTPUT->header();
-include("index_form.html");
+
+if (isloggedin() and !isguestuser()) {
+    // prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed
+    echo $OUTPUT->box_start();
+    $logout = new single_button(new moodle_url('/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post');
+    $continue = new single_button(new moodle_url('/', array()), get_string('cancel'), 'get');
+    echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
+    echo $OUTPUT->box_end();
+} else {
+    include("index_form.html");
+}
+
 echo $OUTPUT->footer();
diff --git a/login/logout.php b/login/logout.php
@@ -29,10 +29,15 @@
 $PAGE->set_url('/login/logout.php');
 $PAGE->set_context(get_context_instance(CONTEXT_SYSTEM));
 
-// can be overridden by auth plugins
-$redirect = $CFG->wwwroot.'/';
-
 $sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning
+$login   = optional_param('loginpage', 0, PARAM_BOOL);
+
+// can be overridden by auth plugins
+if ($login) {
+    $redirect = get_login_url();
+} else {
+    $redirect = $CFG->wwwroot.'/';
+}
 
 if (!isloggedin()) {
     // no confirmation, user has already logged out