Permalink
Browse files

mnet: login operations (change pw, forgotpw) now handle multiauth and…

… mnet remote users
  • Loading branch information...
1 parent 56f5274 commit af9c5226c456fd862ccb7844c5307a11a261527b martinlanghoff committed Jan 4, 2007
Showing with 136 additions and 98 deletions.
  1. +21 −18 login/change_password.php
  2. +15 −24 login/confirm.php
  3. +8 −16 login/forgot_password.php
  4. +24 −14 login/index.php
  5. +8 −5 login/index_form.html
  6. +8 −1 login/logout.php
  7. +39 −0 login/mnet_email.php
  8. +9 −17 login/signup.php
  9. +4 −3 login/signup_form.php
View
@@ -14,6 +14,14 @@
error('No such course!');
}
+ if (is_mnet_remote_user($USER)) {
+ $message = get_string('usercannotchangepassword', 'mnet');
+ if ($idprovider = get_record('mnet_host', 'id', $USER->mnethostid)) {
+ $message .= get_string('userchangepasswordlink', 'mnet', $idprovider);
+ }
+ error($message);
+ }
+
// require proper login; guest can not change passwords anymore!
// TODO: add change password capability so that we can prevent participants to change password
if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) {
@@ -46,28 +54,23 @@
$user = get_complete_user_data('username', $data->username);
}
- if (is_internal_auth($user->auth)){
- if (!update_internal_user_password($user, $data->newpassword1)) {
+ // load the appropriate auth plugin
+ $userauth = get_auth_plugin($user->auth);
+ if ($userauth->can_change_password()){
+ if ($userauth->user_update_password($user, $data->newpassword1)) {
+ // hash the $user->password field (without local db update)
+ update_internal_user_password($user, $frm->newpassword1, false);
+ } else {
error('Could not set the new password');
}
} else { // external users
- // the relevant auth libs should be loaded already
- // as part of form validation in function authenticate_user_login()
- // check that we allow changes through moodle
- if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
- if (function_exists('auth_user_update_password')){
- // note that we pass cleartext password
- if (auth_user_update_password($user->username, $data->newpassword1)){
- update_internal_user_password($user, $data->newpassword1, false);
- } else {
- error('Could not set the new password');
- }
- } else {
- error('The authentication module is misconfigured (missing auth_user_update_password)');
- }
- } else {
- error('You cannot change your password this way.');
+ $message = 'You cannot change your password this way.';
+ if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+ $message .= '<br /><br />' . get_string('passwordextlink')
+ . '<br /><br />' . '<a href="' . $userauth->change_password_url() . '">'
+ . $userauth->change_password_url() . '</a>'; error('You cannot change your password this way.');
}
+ error($message);
}
// register success changing password
View
@@ -1,7 +1,6 @@
<?php // $Id$
require_once("../config.php");
- require_once("../auth/$CFG->auth/lib.php");
$data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username
@@ -19,36 +18,30 @@
$username = $s;
}
- $user = get_complete_user_data('username', $username );
+ $authplugin = get_auth_plugin('email');
+ $confirmed = $authplugin->user_confirm($username, $usersecret);
- if (!empty($user)) {
-
- if ($user->confirmed) {
+ if ($confirmed == AUTH_CONFIRM_ALREADY) {
+ $user = get_complete_user_data('username', $username);
print_header(get_string("alreadyconfirmed"), get_string("alreadyconfirmed"), "", "");
echo "<center><h3>".get_string("thanks").", ". fullname($user) . "</h3>\n";
echo "<h4>".get_string("alreadyconfirmed")."</h4>\n";
echo "<h3> -> <a href=\"$CFG->wwwroot/course/\">".get_string("courses")."</a></h3></center>\n";
print_footer();
exit;
- }
-
- if ($user->secret == $usersecret) { // They have provided the secret key to get in
-
- if (!set_field("user", "confirmed", 1, "id", $user->id)) {
- error("Could not confirm this user!");
- }
- if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
- error("Could not set this user's first access date!");
- }
- if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_activate') ) {
- if (!auth_user_activate($user->username)) {
- error("Could not activate this user!");
+ }
+ if ($confirmed == AUTH_CONFIRM_OK) {
+ // Activate new user if necessary
+ $authplugin = get_auth_plugin($CFG->auth);
+ if (isset($CFG->auth_user_create) and $CFG->auth_user_create == 1 and method_exists($authplugin, 'user_activate') ) {
+ if (!$authplugin->user_activate($username)) {
+ error('Could not activate this user!');
}
}
// The user has confirmed successfully, let's log them in
-
- if (!$USER = get_complete_user_data('username', $user->username)) {
+
+ if (!$USER = get_complete_user_data('username', $username)) {
error("Something serious is wrong with the database");
}
@@ -59,17 +52,15 @@
unset($SESSION->wantsurl);
redirect("$goto");
}
-
+
print_header(get_string("confirmed"), get_string("confirmed"), "", "");
echo "<center><h3>".get_string("thanks").", ". fullname($USER) . "</h3>\n";
echo "<h4>".get_string("confirmed")."</h4>\n";
echo "<h3> -> <a href=\"$CFG->wwwroot/course/\">".get_string("courses")."</a></h3></center>\n";
print_footer();
exit;
-
- } else {
+ } else {
error("Invalid confirmation data");
- }
}
} else {
error(get_string("errorwhenconfirming"));
View
@@ -46,15 +46,9 @@
redirect($CFG->wwwroot.'/index.php', $strloginalready, 5);
}
-// changepassword link replaced by individual auth setting
+// instantiate default auth
$auth = $CFG->auth; // the 'default' authentication method
-if (!empty($CFG->changepassword)) {
- if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
- set_config('auth_'.$auth.'_changepasswordurl', $CFG->changepassword);
- }
- set_config('changepassword', '');
-}
-
+$defaultauth = get_auth_plugin($auth);
$mform = new login_forgot_password_form();
@@ -114,8 +108,8 @@
$errors[] = $strconfirmednot;
} else {
// what to do depends on the authentication method
- $authmethod = $user->auth;
- if (is_internal_auth($authmethod) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
+ $userauth = get_auth_plugin($user->auth);
+ if ($userauth->is_internal() or $userauth->can_change_password()) {
// handle internal authentication
// set 'secret' string
@@ -137,14 +131,13 @@
// if help text defined then we are going to display another page
$strextmessage = '';
$continue = false;
- if (!empty($CFG->{'auth_'.$authmethod.'_changepasswordhelp'})) {
- $strextmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
+ if (!empty($userauth->config->changepasswordhelp)) {
+ $txt->extmessage = $userauth->config->changepasswordhelp .'<br /><br />';
}
// if url defined then add that to the message (with a standard message)
- if (!empty($CFG->{'auth_'.$authmethod.'_changepasswordurl'})) {
+ if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
$strextmessage .= $strpasswordextlink . '<br /><br />';
- $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
- $strextmessage .= "<a href=\"$link\">$link</a>";
+ $txt->extmessage .= '<a href="' . $userauth->change_password_url() . '">' . $userauth->change_password_url() . '</a>';
}
// if nothing to display, just do message that we can't help
if (empty($strextmessage)) {
@@ -281,4 +274,3 @@
print_footer();
?>
-
View
@@ -1,5 +1,6 @@
<?php // $Id$
+
require_once("../config.php");
$loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
@@ -39,7 +40,15 @@
/// Load alternative login screens if necessary
- if ($CFG->auth == 'cas' && !empty($CFG->cas_enabled)) {
+
+// check if auth config broken (old config --> multi config)
+if (empty($CFG->auth_plugins_enabled) and ! empty($CFG->auth)) {
+ set_config('auth_plugins_enabled', $CFG->auth);
+}
+$authsequence = explode(',', $CFG->auth_plugins_enabled); // auths, in sequence
+
+// Load alternative login screens if necessary
+if ($authsequence[0] == 'cas' and !empty($CFG->cas_enabled)) {
require($CFG->dirroot.'/auth/cas/login.php');
}
@@ -141,17 +150,15 @@
update_user_login_times();
set_moodle_cookie($USER->username);
set_login_session_preferences();
-
-
+
//Select password change url
- if (is_internal_auth($USER->auth) || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
+ $userauth = get_auth_plugin($USER->auth);
+ if ($userauth->can_change_password()) {
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
- } elseif($CFG->changepassword) {
- $passwordchangeurl=$CFG->changepassword;
} else {
- $passwordchangeurl = '';
+ $passwordchangeurl = $userauth->change_password_url();
}
-
+
// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
if ($passwordchangeurl != '') {
@@ -189,9 +196,8 @@
// check if user password has expired
// Currently supported only for ldap-authentication module
- if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) {
- if (function_exists('auth_password_expire')){
- $days2expire = auth_password_expire($USER->username);
+ if (method_exists($userauth, 'password_expire') and !empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
+ $days2expire = $userauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
@@ -203,7 +209,6 @@
print_footer();
exit;
}
- }
}
reset_login_count();
@@ -218,6 +223,11 @@
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
}
+
+ // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
+ if ($users = get_records('user', 'username', $frm->username)) {
+ $errormsg .= "<br>If you are a Moodle Network remote user and can <a href=\"mnet_email.php?u=$frm->username\">confirm your email address here</a>, you can be redirected to your login page.<br>";
+ }
}
}
@@ -250,7 +260,7 @@
set_moodle_cookie('nobody'); // To help search for cookies
}
- if (empty($frm->username) && $CFG->auth != 'shibboleth') { // See bug 5184
+if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184
$frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
$frm->password = "";
}
@@ -264,7 +274,7 @@
if (isset($CFG->auth_instructions)) {
$CFG->auth_instructions = trim($CFG->auth_instructions);
}
- if ($CFG->auth == "email" or $CFG->auth == "none" or !empty($CFG->auth_instructions)) {
+if ($authsequence[0] == "email" or $authsequence[0] == "none" or !empty($CFG->auth_instructions)) {
$show_instructions = true;
} else {
$show_instructions = false;
View
@@ -82,7 +82,7 @@
<?php if ($show_instructions) { ?>
<td width="50%" valign="top" class="content right">
-<?php switch ($CFG->auth) {
+<?php switch ($authsequence[0]) {
case "email":
print_string("loginsteps", "", "signup.php");
?>
@@ -92,15 +92,18 @@
</form>
</div>
<?php break;
+
case "none":
print_string("loginstepsnone");
break;
+
default:
echo format_text($CFG->auth_instructions);
- if (!function_exists('auth_user_login')) {
- require_once("../auth/$CFG->auth/lib.php");
- }
- if (!empty($CFG->auth_user_create) and function_exists('auth_user_create') ){
+ // TODO: if !function_exists(auth_user_login) then require_once /auth/$CFG->auth/lib.php
+ // ..which implies that auth_user_login might have been floating
+ // about in global namespace. grr
+ $authplugin = get_auth_plugin($CFG->auth);
+ if (!empty($CFG->auth_user_create) and method_exists($authplugin, 'user_create') ){
?>
<div align="center">
<form action="signup.php" method="get" id="signup">
View
@@ -3,8 +3,15 @@
require_once("../config.php");
+ if ($USER->mnethostid != $CFG->mnet_localhost_id) {
+ $host = get_record('mnet_host', 'id', $USER->mnethostid);
+ $wwwroot = $host->wwwroot;
+ } else {
+ $wwwroot = $CFG->wwwroot;
+ }
+
require_logout();
- redirect("$CFG->wwwroot/");
+ redirect("$wwwroot/");
?>
View
@@ -0,0 +1,39 @@
+<?php
+
+require_once dirname(dirname(__FILE__)) . '/config.php';
+httpsrequired();
+
+$username = required_param('u', PARAM_ALPHANUM);
+$sesskey = sesskey();
+
+// if you are logged in then you shouldn't be here
+if (isloggedin() and !isguest()) {
+ redirect( $CFG->wwwroot.'/', get_string('loginalready'), 5);
+}
+
+print_header('MNET ID Provider', 'MNET ID Provider', 'MNET ID Provider', 'form.email' );
+
+if ($form = data_submitted() and confirm_sesskey()) {
+ if ($user = get_record('user', 'username', $username, 'email', $form->email)) {
+ if (!empty($user->mnethostid) and $host = get_record('mnet_host', 'id', $user->mnethostid)) {
+ notice("You should be able to login at your <a href=\"{$host->wwwroot}/login/\">{$host->name}</a> provider.");
+ }
+ }
+}
+
+echo '<p>&nbsp;</p>';
+print_simple_box_start('center','50%','','20');
+
+?>
+ <form method="post">
+ <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>">
+ <?php echo get_string('email') ?>:
+ <input type="text" name="email" size="" maxlength="100">
+ <input type="submit" value="Find Login">
+ </form>
+<?php
+
+print_simple_box_end();
+print_footer();
+
+?>
Oops, something went wrong.

0 comments on commit af9c522

Please sign in to comment.