MDL-17458 refactored guest and admin user creation + refactored roles install + added...

diff --git a/admin/index.php b/admin/index.php
index 1e9c4f25c0c5785ff645191a50a220f42b68944f..6c2203bc9457527b0695cc1a280557500d1edb96 100644 (file)
--- a/admin/index.php
+++ b/admin/index.php
@@ -326,25 +326,56 @@
     require_once("$CFG->dirroot/lib/locallib.php");
     upgrade_local_db();  // Return here afterwards
 
+/// indicate that this site is fully configured except the admin password
+    if (empty($CFG->rolesactive)) {
+        set_config('rolesactive', 1);
+        set_config('adminsetuppending', 1);
+        // we neeed this redirect to setup proper session
+        upgrade_finished("index.php?sessionstarted=1&lang=$CFG->lang");
+    }
+
 /// make sure admin user is created - this is the last step because we need
 /// session to be working properly in order to edit admin account
-    if (empty($CFG->rolesactive)) {
+     if (!empty($CFG->adminsetuppending)) {
         $sessionstarted = optional_param('sessionstarted', 0, PARAM_BOOL);
         if (!$sessionstarted) {
-            // we neeed this redirect to setup proper session
-            upgrade_finished("index.php?sessionstarted=1&lang=$CFG->lang");
+            redirect("index.php?sessionstarted=1&lang=$CFG->lang");
+        } else {
+            $sessionverify = optional_param('sessionverify', 0, PARAM_BOOL);
+            if (!$sessionverify) {
+                $SESSION->sessionverify = 1;
+                redirect("index.php?sessionstarted=1&sessionverify=1&lang=$CFG->lang");
+            } else {
+                if (empty($SESSION->sessionverify)) {
+                    print_error('installsessionerror', 'admin', "index.php?sessionstarted=1&lang=$CFG->lang");
+                }
+                unset($SESSION->sessionverify);
+            }
+        }
+
+        $adminuser = get_complete_user_data('username', 'admin');
+
+        if ($adminuser->password === 'adminsetuppending') {
+            // prevent installation hijacking
+            if ($adminuser->lastip !== getremoteaddr()) {
+                print_error('installhijacked', 'admin');
+            }
+            // login user and let him set password and admin details
+            $adminuser->newadminuser = 1;
+            message_set_default_message_preferences($adminuser);
+            complete_user_login($adminuser, false);
+            redirect("$CFG->wwwroot/user/editadvanced.php?id=$adminuser->id"); // Edit thyself
+
+        } else {
+            unset_config('adminsetuppending');
         }
-        $adminuser = create_admin_user();
-        $adminuser->newadminuser = 1;
-        complete_user_login($adminuser, false);
-        redirect("$CFG->wwwroot/user/editadvanced.php?id=$adminuser->id"); // Edit thyself
 
     } else {
     /// just make sure upgrade logging is properly terminated
         upgrade_finished('upgradesettings.php');
     }
 
-    // Turn xmlstrictheaders back on now.
+// Turn xmlstrictheaders back on now.
     $CFG->xmlstrictheaders = $origxmlstrictheaders;
     unset($origxmlstrictheaders);
 

diff --git a/index.php b/index.php
index dec4d08f776a0442486559dfc23939a8382a8a63..f06d7d9470e7ab64fd1ab608fd1888f0fe923f62 100644 (file)
--- a/index.php
+++ b/index.php
@@ -47,7 +47,7 @@
     define('BLOCK_R_MAX_WIDTH', $rmax);
 
     // check if major upgrade needed - also present in login/index.php
-    if (empty($CFG->version) or (int)$CFG->version < 2009011900) { //1.9 or older
+    if (empty($CFG->version) or (int)$CFG->version < 2009011900 or !empty($CFG->adminsetuppending)) { //1.9 or older
         @require_logout();
         redirect("$CFG->wwwroot/$CFG->admin/");
     }

diff --git a/lang/en_utf8/admin.php b/lang/en_utf8/admin.php
index 8ae5833d2c6e1e398a4085a641f482108d6d5b63..a33f63afdbf1cc7836380f4ed7c1e34e20d47ea2 100644 (file)
--- a/lang/en_utf8/admin.php
+++ b/lang/en_utf8/admin.php
@@ -458,7 +458,9 @@ $string['importtimezonesfailed'] = 'No sources found! (Bad news)';
 $string['includemoduleuserdata'] = 'Include module user data';
 $string['incompatibleblocks'] = 'Incompatible blocks';
 $string['install'] = 'Install selected language pack';
+$string['installhijacked'] = 'Installation must be finished from the origianl IP address, sorry.';
 $string['installedlangs'] = 'Installed language packs';
+$string['installsessionerror'] = 'Can not initialise PHP session, please verify that your browser accepts cookies.';
 $string['intcachemax'] = 'Int. cache max';
 $string['invalidsection'] = 'Invalid section.';
 $string['invaliduserchangeme'] = 'Username \"changeme\" is reserved -- you cannot create an account with it.';

diff --git a/lib/accesslib.php b/lib/accesslib.php
index 11fb043adf05e649b09be7cca9dbfcd8eefdbc7c..f0b765ae8427f21385e2ee2afe7554d367754fd2 100755 (executable)
--- a/lib/accesslib.php
+++ b/lib/accesslib.php
@@ -1823,71 +1823,6 @@ function check_enrolment_plugins(&$user) {
     unset($inprogress[$user->id]);  // Unset the flag
 }
 
-/**
- * Installs the roles system.
- * This function runs on a fresh install only now
- */
-function moodle_install_roles() {
-    global $DB;
-/// Create a system wide context for assignemnt.
-    $systemcontext = $context = get_context_instance(CONTEXT_SYSTEM);
-
-/// Create default/legacy roles and capabilities.
-/// (1 legacy capability per legacy role at system level).
-
-    $adminrole          = create_role(get_string('administrator'), 'admin',
-                                      get_string('administratordescription'), 'moodle/legacy:admin');
-    $coursecreatorrole  = create_role(get_string('coursecreators'), 'coursecreator',
-                                      get_string('coursecreatorsdescription'), 'moodle/legacy:coursecreator');
-    $editteacherrole    = create_role(get_string('defaultcourseteacher'), 'editingteacher',
-                                      get_string('defaultcourseteacherdescription'), 'moodle/legacy:editingteacher');
-    $noneditteacherrole = create_role(get_string('noneditingteacher'), 'teacher',
-                                      get_string('noneditingteacherdescription'), 'moodle/legacy:teacher');
-    $studentrole        = create_role(get_string('defaultcoursestudent'), 'student',
-                                      get_string('defaultcoursestudentdescription'), 'moodle/legacy:student');
-    $guestrole          = create_role(get_string('guest'), 'guest',
-                                      get_string('guestdescription'), 'moodle/legacy:guest');
-    $userrole           = create_role(get_string('authenticateduser'), 'user',
-                                      get_string('authenticateduserdescription'), 'moodle/legacy:user');
-
-/// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles
-    $systemcontext = get_context_instance(CONTEXT_SYSTEM);
-    if (!assign_capability('moodle/site:doanything', CAP_ALLOW, $adminrole, $systemcontext->id)) {
-        print_error('cannotassignanthing');
-    }
-    update_capabilities('moodle');
-
-/// Upgrade guest (only 1 entry).
-    if ($guestuser = $DB->get_record('user', array('username'=>'guest'))) {
-        role_assign($guestrole, $guestuser->id, 0, $systemcontext->id);
-    }
-
-/// Insert the correct records for legacy roles
-    allow_assign($coursecreatorrole, $noneditteacherrole);
-    allow_assign($coursecreatorrole, $editteacherrole);
-    allow_assign($coursecreatorrole, $studentrole);
-    allow_assign($coursecreatorrole, $guestrole);
-
-    allow_assign($editteacherrole, $noneditteacherrole);
-    allow_assign($editteacherrole, $studentrole);
-    allow_assign($editteacherrole, $guestrole);
-
-/// Set up default allow override matrix
-    //See MDL-15841   TODO FOR MOODLE 2.0  XXX
-    //allow_override($editteacherrole, $noneditteacherrole);
-    //allow_override($editteacherrole, $studentrole);
-    //allow_override($editteacherrole, $guestrole);
-
-/// Set up the context levels where you can assign each role.
-    set_role_contextlevels($adminrole, get_default_contextlevels('admin'));
-    set_role_contextlevels($coursecreatorrole, get_default_contextlevels('coursecreator'));
-    set_role_contextlevels($editteacherrole, get_default_contextlevels('editingteacher'));
-    set_role_contextlevels($noneditteacherrole, get_default_contextlevels('teacher'));
-    set_role_contextlevels($studentrole, get_default_contextlevels('student'));
-    set_role_contextlevels($guestrole, get_default_contextlevels('guest'));
-    set_role_contextlevels($userrole, get_default_contextlevels('user'));
-}
-
 /**
  * Returns array of all legacy roles.
  */

diff --git a/lib/adminlib.php b/lib/adminlib.php
index 7705a2dd86783ff66a49357be6dcf2706c93843f..43f8d42c540601dbea98b25acd686cabe2aa18ee 100644 (file)
--- a/lib/adminlib.php
+++ b/lib/adminlib.php
@@ -230,56 +230,6 @@ function set_cron_lock($name, $until, $ignorecurrent=false) {
     return true;
 }
 
-function create_admin_user($user_input=NULL) {
-    global $CFG, $DB;
-
-    $user = new object();
-    $user->auth         = 'manual';
-    $user->firstname    = get_string('admin');
-    $user->lastname     = get_string('user');
-    $user->username     = 'admin';
-    $user->password     = hash_internal_user_password('admin');
-    $user->email        = 'root@localhost';
-    $user->confirmed    = 1;
-    $user->mnethostid   = $CFG->mnet_localhost_id;
-    $user->lang         = $CFG->lang;
-    $user->maildisplay  = 1;
-    $user->timemodified = time();
-
-    if ($user_input) { // do we want to override any defaults?
-        foreach ($user_input as $key=>$value) {
-            $user->$key = $value;
-        }
-    }
-    $user->id = $DB->insert_record('user', $user);
-
-    if (!$user = $DB->get_record('user', array('id'=>$user->id))) {   // Double check.
-        print_error('invaliduserid');
-    }
-
-    // Assign the default admin roles to the new user.
-    if (!$adminroles = get_roles_with_capability('moodle/legacy:admin', CAP_ALLOW)) {
-        print_error('noadminrole', 'message');
-    }
-
-    $systemcontext = get_context_instance(CONTEXT_SYSTEM);
-    foreach ($adminroles as $adminrole) {
-        role_assign($adminrole->id, $user->id, 0, $systemcontext->id);
-    }
-
-    //set default message preferences
-    if (!message_set_default_message_preferences($user)){
-        print_error('cannotsavemessageprefs', 'message');
-    }
-
-    $user = get_complete_user_data('username', 'admin');
-
-    // indicate that this site is fully configured
-    set_config('rolesactive', 1);
-
-    return $user;
-}
-
 /**
  * Test if and critical warnings are present
  * @return bool

diff --git a/lib/db/install.php b/lib/db/install.php
index 270d37c2759c27a90bd9fd855665b3678bdbc73f..81f4ca4b248842fd0dfe68ff56f1e7c6efacb3ee 100644 (file)
--- a/lib/db/install.php
+++ b/lib/db/install.php
@@ -105,6 +105,7 @@ function xmldb_main_install() {
     $mnet_app->sso_jump_url      = '/auth/xmlrpc/jump.php';
     $DB->insert_record('mnet_application', $mnet_app);
 
+
 /// insert log entries - replaces statements section in install.xml
     update_log_display_entry('user', 'view', 'user', 'CONCAT(firstname,\' \',lastname)');
     update_log_display_entry('course', 'user report', 'user', 'CONCAT(firstname,\' \',lastname)');
@@ -127,9 +128,85 @@ function xmldb_main_install() {
 
 
 /// Create guest record
-    create_guest_record();
+    $guest = new object();
+    $guest->auth        = 'manual';
+    $guest->username    = 'guest';
+    $guest->password    = hash_internal_user_password('guest');
+    $guest->firstname   = get_string('guestuser');
+    $guest->lastname    = ' ';
+    $guest->email       = 'root@localhost';
+    $guest->description = get_string('guestuserinfo');
+    $guest->mnethostid  = $CFG->mnet_localhost_id;
+    $guest->confirmed   = 1;
+    $guest->lang        = $CFG->lang;
+    $guest->timemodified= time();
+    $guest->id = $DB->insert_record('user', $guest);
+
+
+/// Now create admin user
+    $admin = new object();
+    $admin->auth         = 'manual';
+    $admin->firstname    = get_string('admin');
+    $admin->lastname     = get_string('user');
+    $admin->username     = 'admin';
+    $admin->password     = 'adminsetuppending';
+    $admin->email        = 'root@localhost';
+    $admin->confirmed    = 1;
+    $admin->mnethostid   = $CFG->mnet_localhost_id;
+    $admin->lang         = $CFG->lang;
+    $admin->maildisplay  = 1;
+    $admin->timemodified = time();
+    $admin->lastip       = getremoteaddr(); // installation hijacking prevention
+    $admin->id = $DB->insert_record('user', $admin);
+
 
 /// Install the roles system.
-    moodle_install_roles();
+    $adminrole          = create_role(get_string('administrator'), 'admin',
+                                      get_string('administratordescription'), 'moodle/legacy:admin');
+    $coursecreatorrole  = create_role(get_string('coursecreators'), 'coursecreator',
+                                      get_string('coursecreatorsdescription'), 'moodle/legacy:coursecreator');
+    $editteacherrole    = create_role(get_string('defaultcourseteacher'), 'editingteacher',
+                                      get_string('defaultcourseteacherdescription'), 'moodle/legacy:editingteacher');
+    $noneditteacherrole = create_role(get_string('noneditingteacher'), 'teacher',
+                                      get_string('noneditingteacherdescription'), 'moodle/legacy:teacher');
+    $studentrole        = create_role(get_string('defaultcoursestudent'), 'student',
+                                      get_string('defaultcoursestudentdescription'), 'moodle/legacy:student');
+    $guestrole          = create_role(get_string('guest'), 'guest',
+                                      get_string('guestdescription'), 'moodle/legacy:guest');
+    $userrole           = create_role(get_string('authenticateduser'), 'user',
+                                      get_string('authenticateduserdescription'), 'moodle/legacy:user');
+
+    /// Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles
+    assign_capability('moodle/site:doanything', CAP_ALLOW, $adminrole, $syscontext->id);
+    update_capabilities('moodle');
+
+    /// assign default roles
+    role_assign($guestrole, $guest->id, 0, $syscontext->id);
+    role_assign($adminrole, $admin->id, 0, $syscontext->id);
+
+    /// Insert the correct records for legacy roles
+    allow_assign($coursecreatorrole, $noneditteacherrole);
+    allow_assign($coursecreatorrole, $editteacherrole);
+    allow_assign($coursecreatorrole, $studentrole);
+    allow_assign($coursecreatorrole, $guestrole);
+
+    allow_assign($editteacherrole, $noneditteacherrole);
+    allow_assign($editteacherrole, $studentrole);
+    allow_assign($editteacherrole, $guestrole);
+
+    /// Set up default allow override matrix
+    //See MDL-15841   TODO FOR MOODLE 2.0  XXX
+    //allow_override($editteacherrole, $noneditteacherrole);
+    //allow_override($editteacherrole, $studentrole);
+    //allow_override($editteacherrole, $guestrole);
+
+    /// Set up the context levels where you can assign each role.
+    set_role_contextlevels($adminrole,          get_default_contextlevels('admin'));
+    set_role_contextlevels($coursecreatorrole,  get_default_contextlevels('coursecreator'));
+    set_role_contextlevels($editteacherrole,    get_default_contextlevels('editingteacher'));
+    set_role_contextlevels($noneditteacherrole, get_default_contextlevels('teacher'));
+    set_role_contextlevels($studentrole,        get_default_contextlevels('student'));
+    set_role_contextlevels($guestrole,          get_default_contextlevels('guest'));
+    set_role_contextlevels($userrole,           get_default_contextlevels('user'));
 
 }
\ No newline at end of file

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index c8928a26a21a8fac3795fdd12402afbfada853aa..2bff0679eb082f5dddd1f1396e16b17b978aa2da 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -2813,33 +2813,6 @@ function get_user_fieldnames() {
     return $fieldarray;
 }
 
-/**
- * Creates the default "guest" user. Used both from
- * admin/index.php and login/index.php
- * @return mixed user object created or boolean false if the creation has failed
- */
-function create_guest_record() {
-    global $CFG, $DB;
-
-    $guest = new object();
-    $guest->auth        = 'manual';
-    $guest->username    = 'guest';
-    $guest->password    = hash_internal_user_password('guest');
-    $guest->firstname   = get_string('guestuser');
-    $guest->lastname    = ' ';
-    $guest->email       = 'root@localhost';
-    $guest->description = get_string('guestuserinfo');
-    $guest->mnethostid  = $CFG->mnet_localhost_id;
-    $guest->confirmed   = 1;
-    $guest->lang        = $CFG->lang;
-    $guest->timemodified= time();
-
-    $id = $DB->insert_record('user', $guest);
-    $guest = $DB->get_record('user', array('id'=>$id));
-
-    return $guest;
-}
-
 /**
  * Creates a bare-bones user record
  *