echo "Invalid username or password!{$this->eolchar}";
die();
}
- $USER = complete_user_login($user);
+ complete_user_login($user);
$systemcontext = get_context_instance(CONTEXT_SYSTEM);
if (!has_capability('moodle/site:doanything', $systemcontext)) {
echo "You do not have administration privileges on this Moodle site. "
if ($user) {
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
- $USER = complete_user_login($user);
+ complete_user_login($user);
// Cleanup the key to prevent reuse...
// and to allow re-logins with normal credentials
}
/// do not use when in course login as
- if (is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
+ if (session_is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) {
print_error('loginasnoenrol', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
}
/// Reset user back to their real self if needed
$return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from
- if (is_loggedinas()) {
+ if (session_is_loggedinas()) {
if (!confirm_sesskey()) {
print_error('confirmsesskeybad');
}
/**
* Check all the login enrolment information for the given user object
* by querying the enrolment plugins
+ * @return void
*/
function check_enrolment_plugins(&$user) {
global $CFG;
+ if (empty($user->id) or isguestuser($user)) {
+ // shortcut - there is no enrolment work for guests and not-logged-in users
+ return;
+ }
+
static $inprogress; // To prevent this function being called more than once in an invocation
if (!empty($inprogress[$user->id])) {
if ($user) {
$userid = $user;
} else {
- if (is_loggedinas()) { // Don't log
+ if (session_is_loggedinas()) { // Don't log
return;
}
$userid = empty($USER->id) ? '0' : $USER->id;
function user_accesstime_log($courseid=0) {
global $USER, $CFG, $DB;
- if (!isloggedin() or is_loggedinas()) {
+ if (!isloggedin() or session_is_loggedinas()) {
// no access tracking
return;
}
}
/// loginas as redirection if needed
- if ($COURSE->id != SITEID and is_loggedinas()) {
+ if ($COURSE->id != SITEID and session_is_loggedinas()) {
if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) {
if ($USER->loginascontext->instanceid != $COURSE->id) {
print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid);
}
/// check whether the user should be changing password (but only if it is REALLY them)
- if (get_user_preferences('auth_forcepasswordchange') && !is_loggedinas()) {
+ if (get_user_preferences('auth_forcepasswordchange') && !session_is_loggedinas()) {
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
$SESSION->wantsurl = $FULLME;
/// For non-guests, check if they have course view access
} else if (has_capability('moodle/course:view', $COURSE->context)) {
- if (is_loggedinas()) { // Make sure the REAL person can also access this course
- $realuser = get_real_user();
+ if (session_is_loggedinas()) { // Make sure the REAL person can also access this course
+ $realuser = session_get_realuser();
if (!has_capability('moodle/course:view', $COURSE->context, $realuser->id)) {
print_header_simple();
notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/');
}
}
- get_session()->terminate();
+ session_get_instance()->terminate();
}
/**
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
- *
- *
* @uses $CFG, $USER
* @param string $user obj
- * @return user|flase A {@link $USER} object or false if error
+ * @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user) {
global $CFG, $USER, $SESSION;
- $USER = $user; // this is required because we need to access preferences here!
- check_user_preferences_loaded();
+ // check enrolments, load caps and setup $USER object
+ session_set_user($user);
update_user_login_times();
if (empty($CFG->nolastloggedin)) {
}
set_login_session_preferences();
- // Call enrolment plugins
- check_enrolment_plugins($user);
-
- /// This is what lets the user do anything on the site :-)
- load_all_capabilities();
-
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
* Factory method returning moodle_session object.
* @return moodle_session
*/
-function get_session() {
+function session_get_instance() {
static $session = null;
if (is_null($session)) {
* Class handling all session and cookies related stuff.
*/
class moodle_session {
- function __construct() {
+ public function __construct() {
global $CFG;
$this->prepare_cookies();
$this->init_session_storage();
}
}
- if (!isset($_SESSION['USER']->id)) {
- $_SESSION['USER']->id = 0; // to enable proper function of $CFG->notloggedinroleid hack
+ $this->check_user_initialised();
+ }
+
+ /**
+ * Initialise $USER object, handles google access.
+ *
+ * @return void
+ */
+ protected function check_user_initialised() {
+ if (isset($_SESSION['USER']->id)) {
+ // already set up $USER
+ return;
+ }
+
+ $user = null;
+
+ if (!empty($CFG->opentogoogle) and !NO_MOODLE_COOKIES) {
+ if (!empty($_SERVER['HTTP_USER_AGENT'])) {
+ // allow web spiders in as guest users
+ if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
+ $user = guest_user();
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
+ $user = guest_user();
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
+ $user = guest_user();
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
+ $user = guest_user();
+ } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
+ $user = guest_user();
+ }
+ }
+ if (!$user and !empty($_SERVER['HTTP_REFERER'])) {
+ // automaticaly log in users coming from search engine results
+ if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
+ $user = guest_user();
+ } else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
+ $user = guest_user();
+ }
+ }
+ }
+
+ if (!$user) {
+ $user = new object();
+ $user->id = 0; // to enable proper function of $CFG->notloggedinroleid hack
if (isset($CFG->mnet_localhost_id)) {
- $_SESSION['USER']->mnethostid = $CFG->mnet_localhost_id;
+ $user->mnethostid = $CFG->mnet_localhost_id;
}
}
+ session_set_user($user);
}
/**
/**
* Prepare cookies and varions system settings
*/
- private function prepare_cookies() {
+ protected function prepare_cookies() {
global $CFG, $nomoodlecookie;
if (!defined('NO_MOODLE_COOKIES')) {
unset(${'MoodleSession'.$CFG->sessioncookie});
unset($_GET['MoodleSession'.$CFG->sessioncookie]);
unset($_POST['MoodleSession'.$CFG->sessioncookie]);
+ unset($_REQUEST['MoodleSession'.$CFG->sessioncookie]);
}
//compatibility hack for Moodle Cron, cookies not deleted, but set to "deleted" - should not be needed with NO_MOODLE_COOKIES in cron.php now
if (!empty($_COOKIE['MoodleSession'.$CFG->sessioncookie]) && $_COOKIE['MoodleSession'.$CFG->sessioncookie] == "deleted") {
/**
* Inits session storage.
*/
- private function init_session_storage() {
+ protected function init_session_storage() {
global $CFG;
/// Set up session handling
}
}
+/**
+ * Setup $USER object - called during login, loginas, etc.
+ * Preloads capabilities and checks enrolment plugins
+ *
+ * @param object $user full user record object
+ * @return void
+ */
+function session_set_user($user) {
+ $_SESSION['USER'] = $user;
+ check_enrolment_plugins($_SESSION['USER']);
+ load_all_capabilities();
+}
+
/**
* Is current $USER logged-in-as somebody else?
* @return bool
*/
-function is_loggedinas() {
+function session_is_loggedinas() {
return !empty($_SESSION['USER']->realuser);
}
* Returns the $USER object ignoring current login-as session
* @return object user object
*/
-function get_real_user() {
- if (is_loggedinas()) {
+function session_get_realuser() {
+ if (session_is_loggedinas()) {
return $_SESSION['REALUSER'];
} else {
return $_SESSION['USER'];
* @return void
*/
function session_loginas($userid, $context) {
- if (is_loggedinas()) {
+ if (session_is_loggedinas()) {
return;
}
/// Create the new $USER object with all details and reload needed capabilitites
$_SESSION['REALUSER'] = $_SESSION['USER'];
- $_SESSION['USER'] = get_complete_user_data('id', $userid);
- $_SESSION['USER']->realuser = $_SESSION['REALUSER']->id;
- $_SESSION['USER']->loginascontext = $context;
-
- check_enrolment_plugins($_SESSION['USER']);
- load_all_capabilities();
+ $user = get_complete_user_data('id', $userid);
+ $user->realuser = $_SESSION['REALUSER']->id;
+ $user->loginascontext = $context;
+ session_set_user($user);
}
/**
* @return void
*/
function session_unloginas() {
- if (!is_loggedinas()) {
+ if (!session_is_loggedinas()) {
return;
}
}
/// start session and prepare global $SESSION, $USER
- get_session();
+ session_get_instance();
$SESSION = &$_SESSION['SESSION'];
$USER = &$_SESSION['USER'];
// set default locale and themes - might be changed again later from require_login()
course_setup();
- if (!empty($CFG->opentogoogle)) {
- if (!NO_MOODLE_COOKIES and empty($USER->id)) { // Ignore anyone logged in, or scripts without cookies
- if (!empty($_SERVER['HTTP_USER_AGENT'])) {
- if (strpos($_SERVER['HTTP_USER_AGENT'], 'Googlebot') !== false ) {
- $USER = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'google.com') !== false ) { // Google
- $USER = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'Yahoo! Slurp') !== false ) { // Yahoo
- $USER = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], '[ZSEBOT]') !== false ) { // Zoomspider
- $USER = guest_user();
- } else if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSNBOT') !== false ) { // MSN Search
- $USER = guest_user();
- }
- }
- if (empty($USER) && !empty($_SERVER['HTTP_REFERER'])) {
- if (strpos($_SERVER['HTTP_REFERER'], 'google') !== false ) {
- $USER = guest_user();
- } else if (strpos($_SERVER['HTTP_REFERER'], 'altavista') !== false ) {
- $USER = guest_user();
- }
- }
- if (!empty($USER->id)) {
- load_all_capabilities();
- }
- }
- }
-
if ($CFG->theme == 'standard' or $CFG->theme == 'standardwhite') { // Temporary measure to help with XHTML validation
if (isset($_SERVER['HTTP_USER_AGENT']) and empty($USER->id)) { // Allow W3CValidator in as user called w3cvalidator (or guest)
if ((strpos($_SERVER['HTTP_USER_AGENT'], 'W3C_Validator') !== false) or
$apachelog_name = clean_filename($USER->firstname . " " .
$USER->lastname);
}
- if (is_loggedinas()) {
- $realuser = get_real_user();
+ if (session_is_loggedinas()) {
+ $realuser = session_get_realuser();
$apachelog_username = clean_filename($realuser->username." as ".$apachelog_username);
$apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name);
$apachelog_userid = clean_filename($realuser->id." as ".$apachelog_userid);
$course = $SITE;
}
- if (is_loggedinas()) {
- $realuser = get_real_user();
+ if (session_is_loggedinas()) {
+ $realuser = session_get_realuser();
$fullname = fullname($realuser, true);
$realuserinfo = " [<a $CFG->frametarget
href=\"$CFG->wwwroot/course/loginas.php?id=$course->id&return=1&sesskey=".sesskey()."\">$fullname</a>] ";
if (has_capability('moodle/role:assign', $context) and get_user_roles($context, $user->id, false)) { // I can unassing and user has some role
$output .= '<a href="'. $CFG->wwwroot .'/course/unenrol.php?id='. $course->id .'&user='. $user->id .'">'. $string->unenrol .'</a><br />';
}
- if ($USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $context) &&
+ if ($USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $context) &&
! has_capability('moodle/site:doanything', $context, $user->id, false)) {
$output .= '<a href="'. $CFG->wwwroot .'/course/loginas.php?id='. $course->id .'&user='. $user->id .'&sesskey='. sesskey() .'">'. $string->loginas .'</a><br />';
}
}
// do not allow "Logged in as" users to change any passwords
- if (is_loggedinas()) {
+ if (session_is_loggedinas()) {
print_error('cannotcallscript');
}
/// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
$user->id, 0, $user->id);
- $USER = complete_user_login($user);
+ complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
if ($passwordchangeurl) {
$params = array('id'=>$course->id);
- if (is_loggedinas()) {
+ if (session_is_loggedinas()) {
$passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data
} else {
$parts = explode('?', $passwordchangeurl);
foreach($params as $key=>$value) {
echo '<input type="hidden" name="'.$key.'" value="'.s($value).'" />';
}
- if (is_loggedinas()) {
+ if (session_is_loggedinas()) {
// changing of password when "Logged in as" is not allowed
echo "<input type=\"submit\" value=\"".get_string("changepassword")."\" disabled=\"disabled\" />";
} else {
}
}
- if (!$user->deleted and $USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
+ if (!$user->deleted and $USER->id != $user->id && !session_is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) &&
! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) {
echo '<form action="'.$CFG->wwwroot.'/course/loginas.php" method="get">';
echo '<div>';
projects / moodle.git / commitdiff