*
* Uses auth_ functions from the currently active auth module
*
+ * After authenticate_user_login() returns success, you will need to
+ * log that the user has logged in, and call complete_user_login() to set
+ * the session up.
+ *
* @uses $CFG
* @param string $username User's username (with system magic quotes)
* @param string $password User's password (with system magic quotes)
return false;
}
+/**
+ * Call to complete the user login process after authenticate_user_login()
+ * has succeeded. It will setup the $USER variable and other required bits
+ * and pieces.
+ *
+ * NOTE:
+ * - It will NOT log anything -- up to the caller to decide what to log.
+ *
+ *
+ *
+ * @uses $CFG, $USER
+ * @param string $user obj
+ * @return user|flase A {@link $USER} object or false if error
+ */
+function complete_user_login($user) {
+ global $CFG, $USER;
+
+ $USER = $user; // should not be needed, but cover for legacy code
+
+ update_user_login_times();
+ if (empty($CFG->nolastloggedin)) {
+ set_moodle_cookie($USER->username);
+ } else {
+ // do not store last logged in user in cookie
+ // auth plugins can temporarily override this from loginpage_hook()
+ // do not save $CFG->nolastloggedin in database!
+ set_moodle_cookie('nobody');
+ }
+ set_login_session_preferences();
+
+ /// This is what lets the user do anything on the site :-)
+ load_all_capabilities();
+
+ /// Select password change url
+ $userauth = get_auth_plugin($USER->auth);
+
+ /// check whether the user should be changing password
+ if (get_user_preferences('auth_forcepasswordchange', false)){
+ if ($userauth->can_change_password()) {
+ if ($changeurl = $userauth->change_password_url()) {
+ redirect($changeurl);
+ } else {
+ redirect($CFG->httpswwwroot.'/login/change_password.php');
+ }
+ } else {
+ error(get_string('nopasswordchangeforced', 'auth'));
+ }
+ }
+ return $USER;
+}
+
/**
* Compare password against hash stored in internal user table.
* If necessary it also updates the stored hash to new format.
die;
}
- /// Let's get them all set up.
- $USER = $user;
-
- add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
-
-
- update_user_login_times();
- if (empty($CFG->nolastloggedin)) {
- set_moodle_cookie($USER->username);
- } else {
- // do not store last logged in user in cookie
- // auth plugins can temporarily override this from loginpage_hook()
- // do not save $CFG->nolastloggedin in database!
- set_moodle_cookie('nobody');
- }
- set_login_session_preferences();
-
- /// This is what lets the user do anything on the site :-)
- load_all_capabilities();
-
- /// Select password change url
- $userauth = get_auth_plugin($USER->auth);
-
- /// check whether the user should be changing password
- if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
- if ($frm->password == 'changeme') {
- //force the change
- set_user_preference('auth_forcepasswordchange', true);
- }
- //Select password change url
- if ($userauth->can_change_password()) {
- if ($changeurl = $userauth->change_password_url()) {
- redirect($changeurl);
- } else {
- redirect($CFG->httpswwwroot.'/login/change_password.php');
- }
- } else {
- error(get_string('nopasswordchangeforced', 'auth'));
- }
+ if ($frm->password == 'changeme') {
+ //force the change
+ set_user_preference('auth_forcepasswordchange', true, $user->id);
}
+ /// Let's get them all set up.
+ add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
+ $user->id, 0, $user->id);
+ $USER = complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
projects / moodle.git / commitdiff