Skip to content

Commit

Permalink
Added support for usercreation from Moodle to authentication module.
Browse files Browse the repository at this point in the history 
Works currently only with ldap-module (tested with e-directory), but
 other modules could be extended too by
adding following functions:

function auth_user_exists ($username) {
//returns true if given username  already exists on authetication database
}

function auth_user_create ($userobject,$plainpass) {
//create new user to authentication database
//in inactive state (if posible)
//returns true if user is created
}
function auth_user_activate ($username) {
//activate external user  after email-address is confirmed
//returns true if user is activated
}
  • Loading branch information
paca70 committed Feb 20, 2003
1 parent 47623d4 commit 5f2c35d
Show file tree
Hide file tree
Showing 10 changed files with 176 additions and 30 deletions.
23 changes: 19 additions & 4 deletions admin/auth.php
View file
Expand Up @@ -2,7 +2,7 @@
// config.php - allows admin to edit all configuration variables

include("../config.php");

require_once("$CFG->dirroot/auth/$CFG->auth/lib.php"); //just to make sure that authentication functions are loaded
require_login();

if (!$site = get_site()) {
Expand Down Expand Up @@ -80,6 +80,9 @@
$guestoptions[0] = get_string("hide");
$guestoptions[1] = get_string("show");

$createoptions[0] = get_string("no");
$createoptions[1] = get_string("yes");

$stradministration = get_string("administration");
$strauthentication = get_string("authentication");
$strauthenticationoptions = get_string("authenticationoptions","auth");
Expand Down Expand Up @@ -134,10 +137,22 @@
echo "</td>";
echo "<td>";
print_string("showguestlogin","auth");
echo "</td></tr></table>";

echo "</td></tr>";

if (function_exists('auth_user_create')){
echo "<tr valign=\"top\">";
echo "<td align=right nowrap><p>";
print_string("auth_user_create", "auth");
echo ":</p></td>";
echo "<td>";
choose_from_menu($createoptions, "auth_user_create", $config->auth_user_create, "");
echo "</td>";
echo "<td>";
print_string("auth_user_creation","auth");
echo "</td></tr>";
}

echo "<CENTER><P><INPUT TYPE=\"submit\" VALUE=\"";
echo "</table><CENTER><P><INPUT TYPE=\"submit\" VALUE=\"";
print_string("savechanges");
echo "\"></P></CENTER></FORM>";

Expand Down
2 changes: 1 addition & 1 deletion admin/cron.php
View file
Expand Up @@ -21,7 +21,7 @@ function microtime_diff($a, $b) {

$starttime = microtime();

require_once("../config.php");
require_once("/usr/local/moodle/config.php");

echo "<PRE>\n";

Expand Down
10 changes: 9 additions & 1 deletion auth/ldap/config.html
View file
Expand Up @@ -82,7 +82,15 @@
</TD>
</TR>


<TR VALIGN=TOP BGCOLOR="<?=$THEME->cellheading2 ?>">
<TD ALIGN=RIGHT><P>ldap_create_context:</TD>
<TD>
<INPUT name=ldap_create_context TYPE=text SIZE=30 VALUE="<?=$config->ldap_create_context?>">
<? if (isset($err["ldap_create_context"])) formerr($err["ldap_create_context"]); ?>
</TD><TD>
<? print_string("auth_ldap_create_context","auth") ?>
</TD>
</TR>

<TR>
<TD ALIGN=RIGHT><P><? print_string("firstname") ?>:</TD>
Expand Down
123 changes: 105 additions & 18 deletions auth/ldap/lib.php
View file
@@ -1,10 +1,11 @@
<?PHP // $Id$
//CHANGELOG:
//20.02.2003 Added support for user creation
//12.10.2002 Reformatted source for consistency
//03.10.2002 First version to CVS
//29.09.2002 Clean up and splitted code to functions v. 0.02
//29.09.2002 LDAP authentication functions v. 0.01
//Distributed under GPL (c)Petri Asikainen 2002
//Distributed under GPL (c)Petri Asikainen 2002-2003


function auth_user_login ($username, $password) {
Expand Down Expand Up @@ -48,24 +49,15 @@ function auth_get_userinfo($username){
/// reads userinformation from ldap and return it in array()
global $CFG;

$config = (array)$CFG;
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
"idnumber", "lang");

$moodleattributes = array();
foreach ($fields as $field) {
if ($config["auth_user_$field"]) {
$moodleattributes[$field] = $config["auth_user_$field"];
}
}

$config = (array)$CFGo;
$moodleattributes = auth_ldap_attributes();

$ldap_connection=auth_ldap_connect();

$result = array();
$search_attribs = array();

foreach ($moodleattributes as $key=>$value) {
foreach ($attrmap as $key=>$value) {
array_push($search_attribs, $value);
}

Expand All @@ -79,7 +71,7 @@ function auth_get_userinfo($username){

if ($user_info_result) {
$user_entry = ldap_get_entries($ldap_connection, $user_info_result);
foreach ($moodleattributes as $key=>$value){
foreach ($attrmap as $key=>$value){
if(isset($user_entry[0][$value][0])){
$result[$key]=$user_entry[0][$value][0];
}
Expand All @@ -93,7 +85,7 @@ function auth_get_userinfo($username){



function auth_get_userlist() {
function auth_get_userlist($filter="*") {
/// returns all users from ldap servers
global $CFG;

Expand All @@ -107,18 +99,22 @@ function auth_get_userlist() {
}

$contexts = explode(";",$CFG->ldap_contexts);

if (!empty($CFG->ldap_create_context)){
array_push($contexts, $CFG->ldap_create_context);
}

foreach ($contexts as $context) {

if ($CFG->ldap_search_sub) {
//use ldap_search to find first user from subtree
$ldap_result = ldap_search($ldap_connection, $context,
"(".$CFG->ldap_objectclass.")",
"(&(".$CFG->ldap_user_attribute."=".$filter.")(".$CFG->ldap_objectclass."))",
array($CFG->ldap_user_attribute));
} else {
//search only in this context
$ldap_result = ldap_list($ldap_connection, $context,
"(".$CFG->ldap_objectclass.")",
"(&(".$CFG->ldap_user_attribute."=".$filter.")(".$CFG->ldap_objectclass."))",
array($CFG->ldap_user_attribute));
}

Expand All @@ -133,7 +129,77 @@ function auth_get_userlist() {
return $fresult;
}

function auth_user_exists ($username) {
//returns true if given usernname exist on ldap
$users = auth_get_userlist($username);
return count($users);
}

function auth_user_create ($userobject,$plainpass) {
//create new user to ldap
//use auth_user_exists to prevent dublicate usernames
//return true if user is created, false on error
global $CFG;
$attrmap = auth_ldap_attributes();
$ldapconnect = auth_ldap_connect();
$ldapbind = auth_ldap_bind($ldapconnect);

$newuser = array();

foreach ($attrmap as $key=>$value){
if(isset($userobject->$key) ){
$newuser[$value]=utf8_encode($userobject->$key);
}
}

//Following sets all mandatory and other forced attribute values
//this should be moved to config inteface ASAP
$newuser['objectClass']= array("inetOrgPerson","organizationalPerson","person","top");
$newuser['uniqueId']= $userobject->username;
$newuser['logindisabled']="TRUE";
$newuser['userpassword']=$plainpass;
unset($newuser[country]);

$uadd = ldap_add($ldapconnect, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser);

ldap_close($ldapconnect);
return $uadd;

}

function auth_user_activate ($username) {
//activate new ldap-user after email-address is confirmed
global $CFG;

$ldapconnect = auth_ldap_connect();
$ldapbind = auth_ldap_bind($ldapconnect);

$userdn = auth_ldap_find_userdn($ldapconnect, $username);

$newinfo['loginDisabled']="FALSE";

$result = ldap_modify($ldapconnect, $userdn, $newinfo);
ldap_close($ldapconnect);
return $result;
}

function auth_user_disable ($username) {
//activate new ldap-user after email-address is confirmed
global $CFG;

$ldapconnect = auth_ldap_connect();
$ldapbind = auth_ldap_bind($ldapconnect);

$userdn = auth_ldap_find_userdn($ldapconnect, $username);
$newinfo['loginDisabled']="TRUE";

$result = ldap_modify($ldapconnect, $userdn, $newinfo);
ldap_close($ldapconnect);
return $result;
}

//PRIVATE FUNCTIONS starts
//private functions are named as auth_ldap*

function auth_ldap_connect(){
/// connects to ldap-server
Expand Down Expand Up @@ -192,6 +258,10 @@ function auth_ldap_find_userdn ($ldap_connection, $username){

//get all contexts and look for first matching user
$ldap_contexts = explode(";",$CFG->ldap_contexts);

if (!empty($CFG->ldap_create_context)){
array_push($ldap_contexts, $CFG->ldap_create_context);
}

foreach ($ldap_contexts as $context) {

Expand All @@ -217,4 +287,21 @@ function auth_ldap_find_userdn ($ldap_connection, $username){
return $ldap_user_dn;
}

function auth_ldap_attributes (){
//returns array containg attribute mappings between Moodle and ldap
global $CFG;

$config = (array)$CFG;
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
"idnumber", "lang");

$moodleattributes = array();
foreach ($fields as $field) {
if ($config["auth_user_$field"]) {
$moodleattributes[$field] = $config["auth_user_$field"];
}
}
return $moodleattributes;
}
?>
4 changes: 4 additions & 0 deletions lang/en/auth.php
View file
Expand Up @@ -23,6 +23,7 @@
$string['auth_imaptype'] = "The IMAP server type. IMAP servers can have different types of authentication and negotiation.";
$string['instructions'] = "Instructions";
$string['auth_ldap_bind_dn'] = "If you want to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'";
$string['auth_ldap_create_context'] = "If you enable user creation with email confirmation, specify context where users are created. This context should be different from other users to prevent security issues. You don't need to add this context to ldap_context-variable, Moodle will search for users from this context automaticly.";
$string['auth_ldap_bind_pw'] = "Password for bind-user.";
$string['auth_ldap_contexts'] = "List of contexts where users are located. Separate different contexts with ';'. For example: 'ou=users,o=org; ou=others,o=org'";
$string['auth_ldap_host_url'] = "Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps://ldap.myorg.com/' ";
Expand All @@ -47,6 +48,9 @@
$string['auth_pop3port'] = "Server port (110 is the most common)";
$string['auth_pop3title'] = "Use a POP3 server";
$string['auth_pop3type'] = "Server type. If your server uses certificate security, choose pop3cert.";
$string['auth_user_create'] = "Enable user creation";
$string['auth_user_creation'] = "New (anonymous) users create user account for her/hiself. Account will be created to selected authentication module and confirmed via email. If you enable this , remember to configure also module specific options for user creation.";
$string['auth_usernameexists'] = "Selected username already exists. Please choose new one.";
$string['authenticationoptions'] = "Authentication options";
$string['authinstructions'] = "Here you can provide instructions for your users, so they know which username and password they should be using. The text you enter here will appear on the login page. If you leave this blank then no instructions will be printed.";
$string['changepassword'] = "Change password URL";
Expand Down
2 changes: 1 addition & 1 deletion lang/fi/moodle.php
View file
Expand Up @@ -53,7 +53,7 @@
$string['city'] = "Kaupunki/Paikkakunta";
$string['closewindow'] = "Sulje tämä ikkuna";
$string['comparelanguage'] = "Vertaa ja muokkaa käännöstä";
$string['complete'] = "Suorita loppuun";
$string['complete'] = "Täysi";
$string['configcountry'] = "Jos asetat maan tässä niin valinnasta tulee oletus kaikille käyttäjille. Pakottaaksesi käyttäjät valitsemaan maansa itse , jätä tämä kohta tyhjäksi.";
$string['configdebug'] = "Jos valitset virheenkorjaus tilan päälle PHP:n error_reporting arvo nousee ja enemmän virheilmoituksia tulostuu näytölle. Tästä asetuksesta on hyötyä vain Moodlen kehittäjille.";
$string['configerrorlevel'] = "PHP virheilmoitusten määrä. Normal on yleensä hyvä valinta.";
Expand Down
8 changes: 7 additions & 1 deletion login/confirm.php
View file
@@ -1,6 +1,7 @@
<?PHP // $Id$

require_once("../config.php");
require_once("../auth/$CFG->auth/lib.php");

if ( isset($p) and isset($s) ) { # p = user.secret s = user.username

Expand All @@ -25,9 +26,14 @@
if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
error("Could not set this user's first access date!");
}
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_activate') ) {
if (!auth_user_activate($user->username)) {
error("Could not activate this user!");
}
}

// The user has confirmed successfully, let's log them in

if (!$USER = get_user_info_from_db("username", $user->username)) {
error("Something serious is wrong with the database");
}
Expand Down
2 changes: 1 addition & 1 deletion login/index.php
View file
Expand Up @@ -99,7 +99,7 @@
$focus = "form.username";
}

if ($CFG->auth == "email" or $CFG->auth == "none" or $CFG->auth_instructions) {
if ($CFG->auth == "email" or $CFG->auth == "none" or chop($CFG->auth_instructions) <> "" ) {
$show_instructions = true;
} else {
$show_instructions = false;
Expand Down
8 changes: 8 additions & 0 deletions login/index_form.html
View file
Expand Up @@ -93,6 +93,14 @@
echo "<BLOCKQUOTE>";
echo format_text($CFG->auth_instructions);
echo "</BLOCKQUOTE>";
require_once("../auth/$CFG->auth/lib.php");
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_create') ){?>
<FORM NAME="form4" ACTION="signup.php" METHOD=get>
<INPUT type="submit" VALUE="<? print_string("startsignup") ?>">
</FORM>
</CENTER>
<?
}
}
?>

Expand Down

0 comments on commit 5f2c35d

Please sign in to comment.