Check for USER->email in require_login. With external authentication

schemes it's possible that the email field could be empty, so this
will force users to update it (and the rest of their profile) any
time they log into a course.

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index 9bf5337a2e8e68891a83c8682285d2add3326514..495fda5c39375fe888c2deca37406b270b220151 100644 (file)
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -1005,6 +1005,13 @@ function require_login($courseid=0) {
             if (!isset($USER->realuser)) {  // Don't update if this isn't a realuser
                 update_user_in_db();
             }
+            if (!$USER->email) {            // User logged in, but has not set up profile!
+                                            // This can occur with external authentication
+                $USER->email = "spam";      // To prevent auth loops
+                save_session("USER");
+                redirect("$CFG->wwwroot/user/edit.php?id=$USER->id&course=$courseid");
+                die;
+            }
             return;   // user is a member of this course.
         }
         if (! $course = get_record("course", "id", $courseid)) {