}else{
// If they don't exist and they have a defined username, and $CFG->enrol_createnewusers == true, we create them.
- $person->lang = $CFG->lang;
+ $person->lang = 'manual'; //TODO: this needs more work due tu multiauth changes
$person->auth = $CFG->auth;
$person->confirmed = 1;
$person->timemodified = time();
$string['pluginnotenabled'] = 'Authentication plugin \'$a\' is not enabled.';
$string['pluginnotinstalled'] = 'Authentication plugin \'$a\' is not installed.';
+// syncronization
+$string['auth_sync_script'] ='Cron synchronization script';
+$string['auth_dbinsertuser'] ='Inserted user $a[0] id $a[1]';
+$string['auth_dbinsertusererror'] = 'Error inserting user $a';
+$string['auth_dbdeleteuser'] ='Deleted user $a[0] id $a[1]';
+$string['auth_dbdeleteusererror'] = 'Error deleting user $a';
+$string['auth_dbreviveduser'] ='Revived user $a[0] id $a[1]';
+$string['auth_dbrevivedusererror'] = 'Error reviving user $a';
+$string['auth_dbsuspenduser'] ='Suspended user $a[0] id $a[1]';
+$string['auth_dbsuspendusererror'] = 'Error suspending user $a';
+$string['auth_dbupdatinguser'] ='Updating user $a[0] id $a[1]';
+$string['auth_remove_user_key'] ='Removed ext user';
+$string['auth_remove_user'] ='Specify what to do with internal user account during mass synchronization when user was removed from external source. Only suspended users are automatically revived if they reappear in ext source.';
+$string['auth_remove_keep'] ='Keep internal';
+$string['auth_remove_suspend'] ='Suspend internal';
+$string['auth_remove_delete'] ='Full delete internal';
+
+// nologin plugin
+$string['auth_nologindescription'] = 'Auxiliary plugin that prevents user to login into system and also discards any mail send to user. Can be used to <em>suspend</em> user accounts.';
+$string['auth_nologintitle'] = 'No login';
+
// CAS plugin
$string['auth_cas_logincas'] = 'Secure connection access';
$string['auth_cas_invalidcaslogin'] = 'Sorry, your login has failed - you could not be authorised';
$string['auth_cas_server_settings'] = 'CAS server configuration';
-$string['auth_castitle'] = 'Use a CAS server (SSO)';
+$string['auth_castitle'] = 'CAS server (SSO)';
$string['auth_cas_hostname'] = 'Hostname of the CAS server <br />eg: host.domain.fr';
$string['auth_cas_baseuri'] = 'URI of the server (nothing if no baseUri)<br />For example, if the CAS server responds to host.domaine.fr/CAS/ then<br />cas_baseuri = CAS/';
$string['auth_cas_port'] = 'Port of the CAS server';
$string['auth_cas_use_cas'] ='Use CAS';
$string['auth_cas_broken_password'] ='You cannot proceed without changing your password, however there is no available page for changing it. Please contact your Moodle Administrator.';
-
$string['auth_cas_hostname_key'] ='Hostname';
$string['auth_cas_changepasswordurl'] ='Password-change URL';
$string['auth_cas_create_user_key'] ='Create user';
$string['auth_cas_port_key'] ='Port';
$string['auth_cas_baseuri_key'] ='Base URI';
-
-
$string['auth_changepasswordurl'] = 'Change password URL';
$string['auth_changepasswordurl_expl'] = 'Specify the url to send users who have lost their $a password. Set <strong>Use standard Change Password page</strong> to <strong>No</strong>.';
$string['auth_changepasswordhelp'] = 'Change password help';
$string['auth_dbuser'] = 'Username with read access to the database';
$string['auth_dbcantconnect'] ='Could not connect to the specified authentication database...';
$string['auth_dbuserstoadd'] = 'User entries to add: $a';
-$string['auth_dbrevive'] = 'Revived user $a[0] id $a[1]';
-$string['auth_dbinsertuser'] ='inserted user $a[0] id $a[1]';
-$string['auth_dbinsertusererror'] = 'error inserting user $a';
-$string['auth_dbdeleteuser'] ='deleted user $a[0] id $a[1]';
-$string['auth_dbdeleteusererror'] = 'error deleting user $a';
$string['auth_dbuserstoremove'] = 'User entries to remove: $a';
$string['auth_dbusernotexist'] = 'Cannot update non-existent user: $a';
$string['auth_dbhost_key'] = 'Host';
$string['auth_fcfppport'] = 'Server port (3333 is the most common)';
$string['auth_fchost'] = 'The FirstClass server address. Use the IP number or DNS name.';
$string['auth_fcpasswd'] = 'Password for the account above.';
-$string['auth_fctitle'] = 'Use a FirstClass server';
+$string['auth_fctitle'] = 'FirstClass server';
$string['auth_fcuserid'] = 'Userid for FirstClass account with privilege \'Subadministrator\' set.';
$string['auth_fchost_key'] = 'Host:';
$string['auth_fcfppport_key'] = 'Port';
$string['auth_imapdescription'] = 'This method uses an IMAP server to check whether a given username and password is valid.';
$string['auth_imaphost'] = 'The IMAP server address. Use the IP number, not DNS name.';
$string['auth_imapport'] = 'IMAP server port number. Usually this is 143 or 993.';
-$string['auth_imaptitle'] = 'Use an IMAP server';
+$string['auth_imaptitle'] = 'IMAP server';
$string['auth_imaptype'] = 'The IMAP server type. IMAP servers can have different types of authentication and negotiation.';
$string['auth_imaptype_key'] = 'Type';
$string['auth_imaphost_key'] = 'Host';
$string['auth_ldap_graceattr_desc'] = 'Optional: Overrides gracelogin attribute';
$string['auth_ldap_gracelogins_desc'] = 'Enable LDAP gracelogin support. After password has expired user can login until gracelogin count is 0. Enabling this setting displays grace login message if password is exprired.';
$string['auth_ldap_host_url'] = 'Specify LDAP host in URL-form like \'ldap://ldap.myorg.com/\' or \'ldaps://ldap.myorg.com/\' Separate multipleservers with \';\' to get failover support.';
+$string['auth_ldap_ldap_encoding'] = 'Specify encoding used by LDAP server. Most probably utf-8, MS AD v2 uses default platform encoding such as cp1252, cp1250, etc.';
$string['auth_ldap_login_settings'] = 'Login settings';
$string['auth_ldap_memberattribute'] = 'Optional: Overrides user member attribute, when users belongs to a group. Usually \'member\'';
$string['auth_ldap_objectclass'] = 'Optional: Overrides objectClass used to name/search users on ldap_user_type. Usually you dont need to chage this.';
wanted fields in Moodle. For following logins only the username and
password are checked.';
+$string['auth_ldap_ldap_encoding_key'] = 'LDAP encoding';
$string['auth_ldap_host_url_key'] = 'Host URL';
$string['auth_ldap_version_key'] = 'Version';
$string['auth_ldap_preventpassindb_key'] = 'Hide passwords';
$string['auth_ldap_noextension'] = 'Warning: The PHP LDAP module does not seem to be present. Please ensure it is installed and enabled.';
$string['auth_ldapextrafields'] = 'These fields are optional. You can choose to pre-fill some Moodle user fields with information from the <b>LDAP fields</b> that you specify here. <p>If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.</p><p>In either case, the user will be able to edit all of these fields after they log in.</p>';
-$string['auth_ldaptitle'] = 'Use an LDAP server';
+$string['auth_ldaptitle'] = 'LDAP server';
$string['auth_ldapnotinstalled'] = 'Cannot use LDAP authentication. The PHP LDAP module is not installed.';
// Manual plugin
$string['auth_manualdescription'] = 'This method removes any way for users to create their own accounts. All accounts must be manually created by the admin user.';
-$string['auth_manualtitle'] = 'Manual accounts only';
+$string['auth_manualtitle'] = 'Manual accounts';
// MNET plugin
$string['auth_mnettitle'] = 'Moodle Network authentication';
$string['auth_nntpdescription'] = 'This method uses an NNTP server to check whether a given username and password is valid.';
$string['auth_nntphost'] = 'The NNTP server address. Use the IP number, not DNS name.';
$string['auth_nntpport'] = 'Server port (119 is the most common)';
-$string['auth_nntptitle'] = 'Use an NNTP server';
+$string['auth_nntptitle'] = 'NNTP server';
$string['auth_nntpnotinstalled'] = 'Cannot use NNTP authentication. The PHP IMAP module is not installed.';
$string['auth_nntpchangepasswordurl_key'] = 'Password-change URL';
$string['auth_nntpport_key'] = 'Port';
$string['auth_pop3host'] = 'The POP3 server address. Use the IP number, not DNS name.';
$string['auth_pop3mailbox'] = 'Name of the mailbox to attempt a connection with. (usually INBOX)';
$string['auth_pop3port'] = 'Server port (110 is the most common, 995 is common for SSL)';
-$string['auth_pop3title'] = 'Use a POP3 server';
+$string['auth_pop3title'] = 'POP3 server';
$string['auth_pop3type'] = 'Server type. If your server uses certificate security, choose pop3cert.';
$string['auth_pop3notinstalled'] = 'Cannot use POP3 authentication. The PHP IMAP module is not installed.';
$string['auth_pop3changepasswordurl_key'] = 'Password-change URL';
$string['auth_pop3host_key'] = 'Host';
// RADIUS plugin
-$string['auth_radiustitle'] = 'Use a RADIUS server';
+$string['auth_radiustitle'] = 'RADIUS server';
$string['auth_radiusdescription'] = 'This method uses a <a href=\"http://en.wikipedia.org/wiki/RADIUS\" target=\"_blank\">RADIUS</a> server to check whether a given username and password is valid.';
$string['auth_radiushost'] = 'Address of the RADIUS server';
$string['auth_radiusnasport'] = 'Port to use to connect';
$string['plaintext'] = 'Plain text';
$string['selfregistration'] = 'Self registration';
$string['selfregistration_help'] = 'Choose which auth plugin will handle user self-registration.';
-$string['sha1'] = 'SHA1 hash';
+$string['sha1'] = 'SHA-1 hash';
$string['showguestlogin'] = 'You can hide or show the guest login button on the login page.';
$string['stdchangepassword'] = 'Use standard Change Password Page';
$string['stdchangepassword_expl'] = 'If the external authentication system allows password changes through Moodle, switch this to Yes. This setting overrides \'Change Password URL\'.';
if (strpos($k, 'auth_') !== 0) {
continue;
}
+ if ($k == 'auth_instructions') {
+ continue; //keep as global auth option
+ }
$authsetting = substr($k, 5);
foreach ($authplugins as $auth) {
if (strpos($authsetting, $auth) !== 0) {
* global setting in {@link $CFG}.
* @return boolean Whether the plugin is available.
*/
-function exists_auth_plugin($auth='') {
+function exists_auth_plugin($auth) {
global $CFG;
- // use the global default if not specified
- if ($auth == '') {
- $auth = $CFG->auth;
- }
if (file_exists("{$CFG->dirroot}/auth/$auth/auth.php")) {
return is_readable("{$CFG->dirroot}/auth/$auth/auth.php");
}
* @param string $auth Authentication plugin.
* @return boolean Whether the plugin is enabled.
*/
-function is_enabled_auth($auth='') {
+function is_enabled_auth($auth) {
global $CFG;
- // use the global default if not specified
- if ($auth == '') {
- $auth = $CFG->auth;
+ if (empty($auth)) {
+ return false;
+ } else if ($auth == 'manual') {
+ return true;
}
- return in_array($auth, explode(',', $CFG->auth_plugins_enabled));
+
+ return in_array($auth, explode(',', $CFG->auth));
}
/**
function get_auth_plugin($auth = '') {
global $CFG;
- // use the global default if not specified
- if ($auth == '') {
- $auth = $CFG->auth;
+ // use the manual if not specified
+ if (empty($auth)) {
+ $auth = 'manual';
}
-
- // TODO: plugin enabled?
// check the plugin exists first
if (! exists_auth_plugin($auth)) {
* @return bool
* @todo Outline auth types and provide code example
*/
-function is_internal_auth($auth='') {
+function is_internal_auth($auth) {
$authplugin = get_auth_plugin($auth); // throws error if bad $auth
return $authplugin->is_internal();
}
if ($newinfo = $authplugin->get_userinfo($username)) {
$newinfo = truncate_userinfo($newinfo);
foreach ($newinfo as $key => $value){
- $newuser->$key = addslashes(stripslashes($value)); // Just in case
+ $newuser->$key = addslashes($value);
}
}
}
}
}
- $newuser->auth = (empty($auth)) ? $CFG->auth : $auth;
+ $newuser->auth = (empty($auth)) ? 'manual' : $auth;
$newuser->username = $username;
- update_internal_user_password($newuser, $password, false);
// fix for MDL-8480
// user CFG lang for user if $newuser->lang is empty
$newuser->mnethostid = $CFG->mnet_localhost_id;
if (insert_record('user', $newuser)) {
- $user = get_complete_user_data('username', $newuser->username);
- if($CFG->{'auth_'.$newuser->auth.'_forcechangepassword'}){
- set_user_preference('auth_forcepasswordchange', 1, $user->id);
- }
- return $user;
+ $user = get_complete_user_data('username', $newuser->username);
+ if($CFG->{'auth_'.$newuser->auth.'_forcechangepassword'}){
+ set_user_preference('auth_forcepasswordchange', 1, $user->id);
+ }
+ update_internal_user_password($user, $password);
+ return $user;
}
return false;
}
global $CFG;
- // default to manual if global auth is undefined or broken
- if (empty($CFG->auth_plugins_enabled)) {
- $CFG->auth_plugins_enabled = empty($CFG->auth) ? 'manual' : $CFG->auth;
- }
- // if blank, set default auth to first enabled auth plugin
if (empty($CFG->auth)) {
- $auths = explode(',', $CFG->auth_plugins_enabled);
- $CFG->auth = $auths[0];
- }
-
- // if user not found, use site auth
- if (!$user = get_complete_user_data('username', $username)) {
- $user = new object();
- $user->id = 0; // Not a user
- $auth = $CFG->auth_plugins_enabled;
+ $authsenabled = array('manual');
+ } else {
+ $authsenabled = explode(',', 'manual,'.$CFG->auth);
}
- // Sort out the authentication method we are using.
- if (empty($user->auth)) { // For some reason it isn't set yet
- $primadmin = get_admin();
- if (!empty($user->id) && (($user->id==$primadmin->id) || isguest($user->id))) {
- $auth = 'manual'; // always assume these guys are internal
+ if ($user = get_complete_user_data('username', $username)) {
+ $auth = empty($user->auth) ? 'manual' : $user->auth; // use manual if auth not set
+ if ($auth=='nologin' or !is_enabled_auth($auth)) {
+ add_to_log(0, 'login', 'error', 'index.php', $username);
+ error_log('[client '.$_SERVER['REMOTE_ADDR']."] $CFG->wwwroot Disabled Login: $username ".$_SERVER['HTTP_USER_AGENT']);
+ return false;
}
- else {
- $auth = $CFG->auth_plugins_enabled; // default to site method
+ if (!empty($user->deleted)) {
+ add_to_log(0, 'login', 'error', 'index.php', $username);
+ error_log('[client '.$_SERVER['REMOTE_ADDR']."] $CFG->wwwroot Deleted Login: $username ".$_SERVER['HTTP_USER_AGENT']);
+ return false;
}
+ $auths = array($auth);
+
} else {
- $auth = $user->auth;
+ $auths = $authsenabled;
+ $user = new object();
+ $user->id = 0; // User does not exist
}
- // walk each authentication plugin, in order
- $auths = explode(',', $auth);
foreach ($auths as $auth) {
$authplugin = get_auth_plugin($auth);
- // on auth fail, log and fall through to the next plugin
+ // on auth fail fall through to the next plugin
if (!$authplugin->user_login($username, $password)) {
- add_to_log(0, 'login', 'error', 'index.php', $username);
- error_log("[client {$_SERVER['REMOTE_ADDR']}] $CFG->wwwroot Auth=$auth Failed Login: $username {$_SERVER['HTTP_USER_AGENT']}");
continue;
}
if ($user->id) { // User already exists in database
if (empty($user->auth)) { // For some reason auth isn't set yet
set_field('user', 'auth', $auth, 'username', $username);
+ $user->auth = $auth;
}
- update_internal_user_password($user, $password);
+
+ update_internal_user_password($user, $password); // just in case salt or encoding were changed (magic quotes too one day)
+
if (!$authplugin->is_internal()) { // update user record from external DB
$user = update_user_record($username, get_auth_plugin($user->auth));
}
} else {
+ // if user not found, create him
$user = create_user_record($username, $password, $auth);
}
// fix for MDL-6928
* @param bool store changes also in db, default true
* @return true if hash changed
*/
-function update_internal_user_password(&$user, $password, $storeindb=true) {
+function update_internal_user_password(&$user, $password) {
global $CFG;
$authplugin = get_auth_plugin($user->auth);
- if (!empty($authplugin->config->preventpassindb) /*|| $storeindb === false */) {
+ if (!empty($authplugin->config->preventpassindb)) {
$hashedpassword = 'not cached';
} else {
$hashedpassword = hash_internal_user_password($password);
return false;
}
+ // skip mail to suspended users
+ if ($user->auth=='nologin') {
+ return true;
+ }
+
if (!empty($user->emailstop)) {
return 'emailstop';
}
projects / moodle.git / commitdiff