Skip to content

Commit

Permalink
mnet: login operations (change pw, forgotpw) now handle multiauth and…
Browse files Browse the repository at this point in the history 
… mnet remote users
  • Loading branch information
martinlanghoff committed Jan 4, 2007
1 parent 56f5274 commit af9c522
Show file tree
Hide file tree
Showing 9 changed files with 136 additions and 98 deletions.
39 changes: 21 additions & 18 deletions login/change_password.php
View file
Expand Up @@ -14,6 +14,14 @@
error('No such course!');
}

if (is_mnet_remote_user($USER)) {
$message = get_string('usercannotchangepassword', 'mnet');
if ($idprovider = get_record('mnet_host', 'id', $USER->mnethostid)) {
$message .= get_string('userchangepasswordlink', 'mnet', $idprovider);
}
error($message);
}

// require proper login; guest can not change passwords anymore!
// TODO: add change password capability so that we can prevent participants to change password
if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) {
Expand Down Expand Up @@ -46,28 +54,23 @@
$user = get_complete_user_data('username', $data->username);
}

if (is_internal_auth($user->auth)){
if (!update_internal_user_password($user, $data->newpassword1)) {
// load the appropriate auth plugin
$userauth = get_auth_plugin($user->auth);
if ($userauth->can_change_password()){
if ($userauth->user_update_password($user, $data->newpassword1)) {
// hash the $user->password field (without local db update)
update_internal_user_password($user, $frm->newpassword1, false);
} else {
error('Could not set the new password');
}
} else { // external users
// the relevant auth libs should be loaded already
// as part of form validation in function authenticate_user_login()
// check that we allow changes through moodle
if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) {
if (function_exists('auth_user_update_password')){
// note that we pass cleartext password
if (auth_user_update_password($user->username, $data->newpassword1)){
update_internal_user_password($user, $data->newpassword1, false);
} else {
error('Could not set the new password');
}
} else {
error('The authentication module is misconfigured (missing auth_user_update_password)');
}
} else {
error('You cannot change your password this way.');
$message = 'You cannot change your password this way.';
if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
$message .= '<br /><br />' . get_string('passwordextlink')
. '<br /><br />' . '<a href="' . $userauth->change_password_url() . '">'
. $userauth->change_password_url() . '</a>'; error('You cannot change your password this way.');
}
error($message);
}

// register success changing password
Expand Down
39 changes: 15 additions & 24 deletions login/confirm.php
View file
@@ -1,7 +1,6 @@
<?php // $Id$

require_once("../config.php");
require_once("../auth/$CFG->auth/lib.php");

$data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username

Expand All @@ -19,36 +18,30 @@
$username = $s;
}

$user = get_complete_user_data('username', $username );
$authplugin = get_auth_plugin('email');
$confirmed = $authplugin->user_confirm($username, $usersecret);

if (!empty($user)) {

if ($user->confirmed) {
if ($confirmed == AUTH_CONFIRM_ALREADY) {
$user = get_complete_user_data('username', $username);
print_header(get_string("alreadyconfirmed"), get_string("alreadyconfirmed"), "", "");
echo "<center><h3>".get_string("thanks").", ". fullname($user) . "</h3>\n";
echo "<h4>".get_string("alreadyconfirmed")."</h4>\n";
echo "<h3> -> <a href=\"$CFG->wwwroot/course/\">".get_string("courses")."</a></h3></center>\n";
print_footer();
exit;
}

if ($user->secret == $usersecret) { // They have provided the secret key to get in

if (!set_field("user", "confirmed", 1, "id", $user->id)) {
error("Could not confirm this user!");
}
if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
error("Could not set this user's first access date!");
}
if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_activate') ) {
if (!auth_user_activate($user->username)) {
error("Could not activate this user!");
}
if ($confirmed == AUTH_CONFIRM_OK) {
// Activate new user if necessary
$authplugin = get_auth_plugin($CFG->auth);
if (isset($CFG->auth_user_create) and $CFG->auth_user_create == 1 and method_exists($authplugin, 'user_activate') ) {
if (!$authplugin->user_activate($username)) {
error('Could not activate this user!');
}
}

// The user has confirmed successfully, let's log them in
if (!$USER = get_complete_user_data('username', $user->username)) {

if (!$USER = get_complete_user_data('username', $username)) {
error("Something serious is wrong with the database");
}

Expand All @@ -59,17 +52,15 @@
unset($SESSION->wantsurl);
redirect("$goto");
}

print_header(get_string("confirmed"), get_string("confirmed"), "", "");
echo "<center><h3>".get_string("thanks").", ". fullname($USER) . "</h3>\n";
echo "<h4>".get_string("confirmed")."</h4>\n";
echo "<h3> -> <a href=\"$CFG->wwwroot/course/\">".get_string("courses")."</a></h3></center>\n";
print_footer();
exit;

} else {
} else {
error("Invalid confirmation data");
}
}
} else {
error(get_string("errorwhenconfirming"));
Expand Down
24 changes: 8 additions & 16 deletions login/forgot_password.php
View file
Expand Up @@ -46,15 +46,9 @@
redirect($CFG->wwwroot.'/index.php', $strloginalready, 5);
}

// changepassword link replaced by individual auth setting
// instantiate default auth
$auth = $CFG->auth; // the 'default' authentication method
if (!empty($CFG->changepassword)) {
if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) {
set_config('auth_'.$auth.'_changepasswordurl', $CFG->changepassword);
}
set_config('changepassword', '');
}

$defaultauth = get_auth_plugin($auth);

$mform = new login_forgot_password_form();

Expand Down Expand Up @@ -114,8 +108,8 @@
$errors[] = $strconfirmednot;
} else {
// what to do depends on the authentication method
$authmethod = $user->auth;
if (is_internal_auth($authmethod) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) {
$userauth = get_auth_plugin($user->auth);
if ($userauth->is_internal() or $userauth->can_change_password()) {
// handle internal authentication

// set 'secret' string
Expand All @@ -137,14 +131,13 @@
// if help text defined then we are going to display another page
$strextmessage = '';
$continue = false;
if (!empty($CFG->{'auth_'.$authmethod.'_changepasswordhelp'})) {
$strextmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'<br /><br />';
if (!empty($userauth->config->changepasswordhelp)) {
$txt->extmessage = $userauth->config->changepasswordhelp .'<br /><br />';
}
// if url defined then add that to the message (with a standard message)
if (!empty($CFG->{'auth_'.$authmethod.'_changepasswordurl'})) {
if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
$strextmessage .= $strpasswordextlink . '<br /><br />';
$link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'};
$strextmessage .= "<a href=\"$link\">$link</a>";
$txt->extmessage .= '<a href="' . $userauth->change_password_url() . '">' . $userauth->change_password_url() . '</a>';
}
// if nothing to display, just do message that we can't help
if (empty($strextmessage)) {
Expand Down Expand Up @@ -281,4 +274,3 @@
print_footer();

?>

38 changes: 24 additions & 14 deletions login/index.php
View file
@@ -1,5 +1,6 @@
<?php // $Id$


require_once("../config.php");

$loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
Expand Down Expand Up @@ -39,7 +40,15 @@

/// Load alternative login screens if necessary

if ($CFG->auth == 'cas' && !empty($CFG->cas_enabled)) {

// check if auth config broken (old config --> multi config)
if (empty($CFG->auth_plugins_enabled) and ! empty($CFG->auth)) {
set_config('auth_plugins_enabled', $CFG->auth);
}
$authsequence = explode(',', $CFG->auth_plugins_enabled); // auths, in sequence

// Load alternative login screens if necessary
if ($authsequence[0] == 'cas' and !empty($CFG->cas_enabled)) {
require($CFG->dirroot.'/auth/cas/login.php');
}

Expand Down Expand Up @@ -141,17 +150,15 @@
update_user_login_times();
set_moodle_cookie($USER->username);
set_login_session_preferences();



//Select password change url
if (is_internal_auth($USER->auth) || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
} elseif($CFG->changepassword) {
$passwordchangeurl=$CFG->changepassword;
} else {
$passwordchangeurl = '';
$passwordchangeurl = $userauth->change_password_url();
}

// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
if ($passwordchangeurl != '') {
Expand Down Expand Up @@ -189,9 +196,8 @@

// check if user password has expired
// Currently supported only for ldap-authentication module
if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) {
if (function_exists('auth_password_expire')){
$days2expire = auth_password_expire($USER->username);
if (method_exists($userauth, 'password_expire') and !empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
$days2expire = $userauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
Expand All @@ -203,7 +209,6 @@
print_footer();
exit;
}
}
}

reset_login_count();
Expand All @@ -218,6 +223,11 @@
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
}

// TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
if ($users = get_records('user', 'username', $frm->username)) {
$errormsg .= "<br>If you are a Moodle Network remote user and can <a href=\"mnet_email.php?u=$frm->username\">confirm your email address here</a>, you can be redirected to your login page.<br>";
}
}
}

Expand Down Expand Up @@ -250,7 +260,7 @@
set_moodle_cookie('nobody'); // To help search for cookies
}

if (empty($frm->username) && $CFG->auth != 'shibboleth') { // See bug 5184
if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184
$frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
$frm->password = "";
}
Expand All @@ -264,7 +274,7 @@
if (isset($CFG->auth_instructions)) {
$CFG->auth_instructions = trim($CFG->auth_instructions);
}
if ($CFG->auth == "email" or $CFG->auth == "none" or !empty($CFG->auth_instructions)) {
if ($authsequence[0] == "email" or $authsequence[0] == "none" or !empty($CFG->auth_instructions)) {
$show_instructions = true;
} else {
$show_instructions = false;
Expand Down
13 changes: 8 additions & 5 deletions login/index_form.html
View file
Expand Up @@ -82,7 +82,7 @@

<?php if ($show_instructions) { ?>
<td width="50%" valign="top" class="content right">
<?php switch ($CFG->auth) {
<?php switch ($authsequence[0]) {
case "email":
print_string("loginsteps", "", "signup.php");
?>
Expand All @@ -92,15 +92,18 @@
</form>
</div>
<?php break;

case "none":
print_string("loginstepsnone");
break;

default:
echo format_text($CFG->auth_instructions);
if (!function_exists('auth_user_login')) {
require_once("../auth/$CFG->auth/lib.php");
}
if (!empty($CFG->auth_user_create) and function_exists('auth_user_create') ){
// TODO: if !function_exists(auth_user_login) then require_once /auth/$CFG->auth/lib.php
// ..which implies that auth_user_login might have been floating
// about in global namespace. grr
$authplugin = get_auth_plugin($CFG->auth);
if (!empty($CFG->auth_user_create) and method_exists($authplugin, 'user_create') ){
?>
<div align="center">
<form action="signup.php" method="get" id="signup">
Expand Down
9 changes: 8 additions & 1 deletion login/logout.php
View file
Expand Up @@ -3,8 +3,15 @@

require_once("../config.php");

if ($USER->mnethostid != $CFG->mnet_localhost_id) {
$host = get_record('mnet_host', 'id', $USER->mnethostid);
$wwwroot = $host->wwwroot;
} else {
$wwwroot = $CFG->wwwroot;
}

require_logout();

redirect("$CFG->wwwroot/");
redirect("$wwwroot/");

?>
39 changes: 39 additions & 0 deletions login/mnet_email.php
View file
@@ -0,0 +1,39 @@
<?php

require_once dirname(dirname(__FILE__)) . '/config.php';
httpsrequired();

$username = required_param('u', PARAM_ALPHANUM);
$sesskey = sesskey();

// if you are logged in then you shouldn't be here
if (isloggedin() and !isguest()) {
redirect( $CFG->wwwroot.'/', get_string('loginalready'), 5);
}

print_header('MNET ID Provider', 'MNET ID Provider', 'MNET ID Provider', 'form.email' );

if ($form = data_submitted() and confirm_sesskey()) {
if ($user = get_record('user', 'username', $username, 'email', $form->email)) {
if (!empty($user->mnethostid) and $host = get_record('mnet_host', 'id', $user->mnethostid)) {
notice("You should be able to login at your <a href=\"{$host->wwwroot}/login/\">{$host->name}</a> provider.");
}
}
}

echo '<p>&nbsp;</p>';
print_simple_box_start('center','50%','','20');

?>
<form method="post">
<input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>">
<?php echo get_string('email') ?>:
<input type="text" name="email" size="" maxlength="100">
<input type="submit" value="Find Login">
</form>
<?php

print_simple_box_end();
print_footer();

?>

0 comments on commit af9c522

Please sign in to comment.