- username, and
- password.
-Even when external forms of authentication are being
-used, Moodle still maintains the internal "user" table
-with all the associated information about that user such
-as name, email address and so on.
+Even when external forms of authentication are being used, Moodle still
+maintains the internal "user" table with all the associated information about
+that user such as name, email address and so on.
-The active method is set by the admin on the Configuration page.
+Multiauthentication in Moodle 1.8
+-------------------------------------
+
+The active methods are set by the admin on the Configuration page. Multiple
+authentication plugins can now be used and ordered in a fail-through sequence.
+One plugin can be selected for interactive login as well (which will need to be
+part of the enabled plugin sequence).
email - authentication by email (DEFAULT METHOD)
a new Moodle account is created
-------------------------------------------------------------------------------------
+--------------------------------------------------------------------------------
Authentication API
+------------------
+
+Each authentication plugin is now contained in a subfolder as a class definition
+in the auth.php file. For instance, the LDAP authentication plugin is the class
+called auth_plugin_ldap defined in:
+
+ /auth/ldap/auth.php
+
+To instantiate the class, there is a function in lib/moodlelib called
+get_auth_plugin() that does the work for you:
+
+ $ldapauth = get_auth_plugin('ldap');
+
+If an auth is not specified, get_auth_plugin() will return you the auth plugin
+defined in the $CFG->auth variable.
+
+Auth plugin classes are pretty basic. They contain the same functions that were
+previously in each plugin's lib.php file, but refactored to become class
+methods, and tweaked to reference the plugin's instantiated config to get at the
+settings, rather than the global $CFG variable.
+
+Configuration
+-----------------
+
+All auth plugins must have a config property that contains the name value pairs
+from the config_plugins table. This is populated using the get_config() function
+in the constructor. The settings keys have also had the "auth_" prefix, as well
+as the auth plugin name, trimmed. For instance, what used to be
+
+ echo $CFG->auth_ldapversion;
+
+is now accessed as
+
+ echo $ldapauth->config->version;
+
+Authentication settings have been moved to the config_plugins database table,
+with the plugin field set to "auth/foo" (for instance, "auth/ldap").
+
+Upgrading from Moodle 1.7
+-----------------------------
+
+Moodle will upgrade the old auth settings (in $CFG->auth_foobar where foo is the
+auth plugin and bar is the setting) to the new style in the config_plugin
+database table.
+
+Method Names
+-----------------
+
+When the functions from lib.php were ported to methods in auth.php, the "auth_"
+prefix was dropped. For instance, calls to
+
+ auth_user_login($user, $pass);
+
+now become
+
+ $ldapauth->user_login($user, $pass);
+
+this also avoids having to worry about which auth/lib file to include since
+Moodle takes care of it for you when you create an instance with
+get_auth_plugin().
+
+Code Usage
+-----------------
+
+Code calling auth plugins can use method_exists() to determine plugin
+functionality, much in the same way that function_exists() was used until now.
+In addition, auth plugins provide some methods by default that can be called:
+
+user_login($username, $password)
+ This is the primary method that is used by the authenticate_user_login()
+ function in moodlelib.php. This method should return a boolean indicating
+ whether or not the username and password authenticate successfully.
+
+is_internal()
+ Returns true if this authentication plugin is "internal" (which means that
+ Moodle stores the users' passwords and other details in the local Moodle
+ database).
+
+can_change_password()
+ Returns true if the plugin can change the users' passwords.
+
+change_password_url()
+ Returns the URL for changing the users' passwords, or false if the default
+ URL can be used.
+
+user_update_password($username, $newpassword)
+ Updates the user's password.
-This file describes Moodle interface functions to authentication modules.
+config_form()
+ Displays the configuration form for the auth plugin, for use in the admin
+ pages.
-Most of functions are from ldap-authentication module and are not implemented (yet?)
-on other modules. Please feel free to extend other modules to support same features
-or roll your own module.
+process_config()
+ Saves the auth plugin's configuration to the database.
-Some of new function are still tested and are not documented here yet.
+Other Methods
+------------------
+Most of functions are from ldap-authentication module and are not implemented
+(yet?) on other modules. Please feel free to extend other modules to support
+same features or roll your own module.
+Some of the new functions are still to be tested and are not documented here
+yet.
AUTHENTICATION
-Basic fuctions to authenticate users with external db
+
+Basic fuctions to authenticate users with external db.
Mandatory:
-
- auth_user_login ($username, $password)
-
+
+ auth_plugin_foo()
+
+ Constructor. At the least, it populates config member variable with settings
+ from the Moodle database. It makes sense to put other startup code here.
+
+ user_login($username, $password)
+
Authenticate username, password with userdatabase.
Returns:
and false if they don't
Optional:
-
- auth_get_userinfo($username)
-
+
+ get_userinfo($username)
+
Query other userinformation from database.
Returns:
Userinformation in array ( name => value, ....
or false in case of error
- auth_validate_form(&$form, &$err)
-
+
+ validate_form(&$form, &$err)
+
Validate form data.
Returns:
COURSE CREATING
- auth_iscreator($username)
+ iscreator($username)
should user have rights to create courses
from moodle to external database
- auth_user_exists ($username)
-
+ user_exists ($username)
+
Checks if given username exist on external db
Returns:
true if given usernname exist or false
-
- auth_user_create ($userobject,$plainpass)
-
+
+
+ user_create ($userobject,$plainpass)
+
Creates new user to external db. User should be created
in inactive stage until confirmed by email.
True on success otherwise false
- auth_user_activate ($username)
-
+ user_activate ($username)
+
activate new user after email-address is confirmed
Returns:
True on success otherwise false
- auth_user_disable ($username) {
-
+ user_disable ($username) {
+
deactivate user in external db.
-
+
Returns:
True on success otherwise false
USER INFORMATION AND SYNCRONIZATION
- auth_get_userlist ()
+ get_userlist ()
Get list of usernames in external db.
Returns:
All usernames in array or false on error.
-
- auth_get_users($filter='*')
-
+
+ get_users($filter='*')
+
Get ALL USEROBJECTS FROM EXTERNAL DB.
Returns:
--- /dev/null
+AUTHENTICATION PLUGINS
+----------------------
+Each authentication plugin is now contained in a subfolder as a class definition
+in the auth.php file. For instance, the LDAP authentication plugin is the class
+called auth_plugin_ldap defined in:
+
+ /auth/ldap/auth.php
+
+To instantiate the class, there is a function in lib/moodlelib called
+get_auth_plugin() that does the work for you:
+
+ $ldapauth = get_auth_plugin('ldap');
+
+If an auth is not specified, get_auth_plugin() will return you the auth plugin
+defined in the $CFG->auth variable.
+
+Auth plugin classes are pretty basic. They contain the same functions that were
+previously in each plugin's lib.php file, but refactored to become class
+methods, and tweaked to reference the plugin's instantiated config to get at the
+settings, rather than the global $CFG variable.
+
+Configuration
+-----------------
+
+All auth plugins must have a config property that contains the name value pairs
+from the config_plugins table. This is populated using the get_config() function
+in the constructor. The settings keys have also had the "auth_" prefix, as well
+as the auth plugin name, trimmed. For instance, what used to be
+
+ echo $CFG->auth_ldapversion;
+
+is now accessed as
+
+ echo $ldapauth->config->version;
+
+Authentication settings have been moved to the config_plugins database table,
+with the plugin field set to "auth/foo" (for instance, "auth/ldap").
+
+Method Names
+-----------------
+
+When the functions from lib.php were ported to methods in auth.php, the "auth_"
+prefix was dropped. For instance, calls to
+
+ auth_user_login($user, $pass);
+
+now become
+
+ $ldapauth->user_login($user, $pass);
+
+this also avoids having to worry about which auth/lib file to include since
+Moodle takes care of it for you when you create an instance with
+get_auth_plugin().
+
+Code Use
+-----------------
+
+Code calling auth plugins can use method_exists() to determine plugin
+functionality, much in the same way that function_exists() was used until now.
+In addition, auth plugins provide some methods by default that can be called:
+
+user_login($username, $password)
+ This is the primary method that is used by the authenticate_user_login()
+ function in moodlelib.php. This method should return a boolean indicating
+ whether or not the username and password authenticate successfully.
+
+is_internal()
+ Returns true if this authentication plugin is "internal" (which means that
+ Moodle stores the users' passwords and other details in the local Moodle
+ database).
+
+can_change_password()
+ Returns true if the plugin can change the users' passwords.
+
+change_password_url()
+ Returns the URL for changing the users' passwords, or false if the default
+ URL can be used.
+
+Other Methods
+-----------------
+
+get_userinfo()
+ This method should return an array of fields from the authentication source
+ for the given username.
+
+Upgrading from Moodle 1.7
+-----------------------------
+
+Moodle will upgrade the old auth settings (in $CFG->auth_foobar where foo is the
+auth plugin and bar is the setting) to the new style in the config_plugin
+database table.
+
--- /dev/null
+<?php
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Multiple plugin authentication
+ * Support library
+ *
+ * 2006-08-28 File created, AUTH return values defined.
+ */
+
+/**
+ * Returned when the login was successful.
+ */
+define('AUTH_OK', 0);
+
+/**
+ * Returned when the login was unsuccessful.
+ */
+define('AUTH_FAIL', 1);
+
+/**
+ * Returned when the login was denied (a reason for AUTH_FAIL).
+ */
+define('AUTH_DENIED', 2);
+
+/**
+ * Returned when some error occurred (a reason for AUTH_FAIL).
+ */
+define('AUTH_ERROR', 4);
+
+?>
--- /dev/null
+<?php
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: CAS Authentication
+ *
+ * Authentication using CAS (Central Authentication Server).
+ *
+ * 2006-08-28 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * CAS authentication plugin.
+ */
+class auth_plugin_cas {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_cas() {
+ $this->config = get_config('auth/cas');
+ }
+
+ /**
+ * Authenticates user againt CAS with LDAP.
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+
+ // TODO: find how to get at LDAP funcs
+
+ global $CFG;
+
+ // don't allow blank usernames or passwords
+ if (!$username or !$password) {
+ return false;
+ }
+
+ // CAS specific
+ if ($CFG->auth == "cas" and !empty($this->config->enabled)) {
+ if ($this->config->create_user == '0') {
+ if (record_exists('user', 'username', $username)) {
+ return true;
+ }
+ else {
+ return false;
+ }
+ }
+ else {
+ return true;
+ }
+ }
+
+ $ldap_connection = ldap_connect();
+
+ if ($ldap_connection) {
+ $ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
+
+ // if ldap_user_dn is empty, user does not exist
+ if (!$ldap_user_dn) {
+ ldap_close($ldap_connection);
+ return false;
+ }
+
+ // Try to bind with current username and password
+ $ldap_login = ldap_bind($ldap_connection, $ldap_user_dn, $password);
+ ldap_close($ldap_connection);
+ if ($ldap_login) {
+ if ($this->config->create_user=='0') { //cas specific
+ if (record_exists('user', 'username', $username)) {
+ return true;
+ }else{
+ return false;
+ }
+ }else{
+ return true;
+ }
+ }
+ } else {
+ ldap_close($ldap_connection);
+ error("LDAP part of CAS-module cannot connect to server: $CFG->ldap_host_url");
+ }
+ return false;
+ }
+
+ /**
+ * Authenticates user against CAS from screen login
+ * the user doesn't have a CAS Ticket yet.
+ *
+ * Returns an object user if the username and password work
+ * and nothing if they don't
+ *
+ * @param string $username
+ * @param string $password
+ *
+ */
+ function authenticate_user_login ($username, $password) {
+
+ // TODO: fix SOMEOTHER::
+
+ global $CFG;
+ // FIX ME: $cas_validate is not global
+ $cas_validate = true;
+ phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri);
+ phpCAS::setLang($this->config->language);
+ phpCAS::forceAuthentication();
+ if ($this->config->create_user == '0') {
+ if (record_exists('user', 'username', phpCAS::getUser())) {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login(phpCAS::getUser(), 'cas');
+ }
+ else {
+ // login as guest if CAS but not Moodle and not automatic creation
+ if ($CFG->guestloginbutton) {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login('guest', 'guest');
+ }
+ else {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login(phpCAS::getUser(), 'cas');
+ }
+ }
+ }
+ else {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login(phpCAS::getUser(), 'cas');
+ }
+ return $user;
+ }
+
+ /**
+ * Authenticates user against CAS when first call of Moodle
+ * if already in CAS (cookie with the CAS ticket), don't have to log again (SSO)
+ *
+ * Returns an object user if the username and password work
+ * and nothing if they don't
+ *
+ * @param object $user
+ *
+ */
+ function automatic_authenticate ($user='') {
+
+ // TODO: fix SOMEOTHER::
+
+ global $CFG;
+ // FIX ME: $cas_validate is not global, but it works anyway ;-)
+ if (!$cas_validate) {
+ $cas_validate = true;
+ phpCAS::client($this->config->casversion, $this->config->hostname, (int) $this->config->port, $this->config->baseuri);
+ phpCAS::setLang($this->config->language);
+ $cas_user_exist = phpCAS::checkAuthentication();
+ if (!$cas_user_exist and !$CFG->guestloginbutton) {
+ $cas_user_exist=phpCAS::forceAuthentication();
+ }
+ if ($cas_user_exist) {
+ if ($this->config->create_user == '0') {
+ if (record_exists('user', 'username', phpCAS::getUser())) {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login(phpCAS::getUser(), 'cas');
+ }
+ else {
+ // login as guest if CAS but not Moodle and not automatic creation
+ if ($CFG->guestloginbutton) {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login('guest', 'guest');
+ }
+ else {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login(phpCAS::getUser(), 'cas');
+ }
+ }
+ }
+ else {
+ // TODO::SOMEOTHER::
+ $user = authenticate_user_login(phpCAS::getUser(), 'cas');
+ }
+ return $user;
+ }
+ else {
+ return;
+ }
+ }
+ else {
+ return $user;
+ }
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include 'config.html';
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return $this->config->changepasswordurl;
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset ($config->hostname)) {
+ $config->hostname = '';
+ }
+ if (!isset ($config->port)) {
+ $config->port = '';
+ }
+ if (!isset ($config->casversion)) {
+ $config->casversion = '';
+ }
+ if (!isset ($config->baseuri)) {
+ $config->baseuri = '';
+ }
+ if (!isset ($config->language)) {
+ $config->language = '';
+ }
+ if (!isset ($config->use_cas)) {
+ $config->use_cas = '';
+ }
+ if (!isset ($config->auth_user_create)) {
+ $config->auth_user_create = '';
+ }
+ if (!isset ($config->create_user)) {
+ $config->create_user = '0';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save CAS settings
+ set_config('hostname', $config->hostname, 'auth/cas');
+ set_config('port', $config->port, 'auth/cas');
+ set_config('casversion', $config->casversion, 'auth/cas');
+ set_config('baseuri', $config->baseuri, 'auth/cas');
+ set_config('language', $config->language, 'auth/cas');
+ set_config('use_cas', $config->use_cas, 'auth/cas');
+ set_config('auth_user_create', $config->auth_user_create, 'auth/cas');
+ set_config('create_user', $config->create_user, 'auth/cas');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/cas');
+
+ // save LDAP settings
+ // TODO: Do we want the CAS LDAP settings to be separate from the LDAP settings?
+ $ldapauth = get_auth_plugin('ldap');
+ $ldapauth->process_config($config);
+
+ return true;
+ }
+
+}
+
+?>
*/
-if(!empty($_SERVER['GATEWAY_INTERFACE'])){
+if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
error_log("should not be called from apache!");
exit;
}
require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->dirroot.'/lib/blocklib.php');
require_once($CFG->dirroot.'/mod/resource/lib.php');
-require_once($CFG->dirroot.'/auth/cas/lib.php'); //cas specific
require_once($CFG->dirroot.'/mod/forum/lib.php');
+require_once($CFG->dirroot.'/lib/moodlelib.php');
$CFG->debug=10;
-auth_sync_users(1000, true );
+$casauth = get_auth_plugin('cas');
+$casauth->sync_users(1000, true);
?>
\ No newline at end of file
<?php
- require_once('languages.php');
- // Initialize vars
- if (!isset ($config->cas_hostname)) {
- $config->cas_hostname = "";
+
+ global $CFG;
+ require_once 'languages.php';
+
+ $createoptions[0] = get_string("no");
+ $createoptions[1] = get_string("yes");
+
+ // set to defaults if undefined
+ if (!isset ($config->hostname)) {
+ $config->hostname = '';
}
- if (!isset ($config->cas_port)) {
- $config->cas_port = "";
+ if (!isset ($config->port)) {
+ $config->port = '';
}
- if (!isset ($config->cas_version)) {
- $config->cas_version = "";
+ if (!isset ($config->casversion)) {
+ $config->casversion = '';
}
- if (!isset ($config->cas_baseuri)) {
- $config->cas_baseuri = "";
+ if (!isset ($config->baseuri)) {
+ $config->baseuri = '';
}
- if (!isset ($config->cas_language)) {
- $config->cas_language = "";
+ if (!isset ($config->language)) {
+ $config->language = '';
}
- if (!isset ($config->cas_use_cas)) {
- $config->cas_use_cas = "";
+ if (!isset ($config->use_cas)) {
+ $config->use_cas = '';
}
- if (!isset ($config->cas_create_user)) {
- $config->cas_create_user = "0";
+ if (!isset ($config->auth_user_create)) {
+ $config->auth_user_create = '0';
+ }
+ if (!isset ($config->create_user)) {
+ $config->create_user = '0';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
}
-?>
+?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
<tr>
<td colspan="2">
- <h4><?php print_string("auth_cas_server_settings", "auth") ?> </h4>
+ <h4><?php print_string('auth_cas_server_settings', 'auth') ?> </h4>
</td>
</tr>
+
<tr valign="top" class="required">
- <td align="right">cas_enabled:</td>
+ <td align="right">use_cas:</td>
<td>
- <?php
- unset($options);
- $options[1] = get_string("yes");
+ <?php
- choose_from_menu ($options, "cas_enabled", $config->cas_enabled, get_string("no"),"","");?>
- </td><td>
- <?php print_string("auth_cas_enabled","auth") ?>
+ unset($options);
+ $options[1] = get_string('yes');
+ choose_from_menu ($options, 'use_cas', $config->use_cas, get_string('no'), '', '');
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_enabled', 'auth') ?></td>
</tr>
-<tr valign="top" class="required">
- <td align="right">cas_hostname:</td>
- <td>
- <input name="cas_hostname" type="text" size="30" value="<?php echo $config->cas_hostname?>" />
- <?php if (isset($err["cas_hostname"])) formerr($err["cas_hostname"]); ?>
- </td>
+
+<tr valign="top" class="required">
+ <td align="right">hostname:</td>
<td>
- <?php print_string("auth_cas_hostname","auth") ?>
+ <input name="hostname" type="text" size="30" value="<?php echo $config->hostname ?>" />
+ <?php
+
+ if (isset($err['hostname'])) {
+ formerr($err['hostname']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_hostname', 'auth') ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">cas_baseuri:</td>
+ <td align="right">baseuri:</td>
<td>
- <input name="cas_baseuri" type="text" size="30" value="<?php echo $config->cas_baseuri?>" />
- <?php if (isset($err["cas_baseuri"])) formerr($err["cas_baseuri"]); ?>
+ <input name="baseuri" type="text" size="30" value="<?php echo $config->baseuri ?>" />
+ <?php
+
+ if (isset($err['baseuri'])) {
+ formerr($err['baseuri']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_baseuri', 'auth') ?></td>
+</tr>
+
+<tr valign="top" class="required">
+ <td align="right">port:</td>
<td>
- <?php print_string("auth_cas_baseuri","auth") ?>
+ <input name="port" type="text" size="30" value="<?php echo $config->port ?>" />
+ <?php
+
+ if (isset($err['port'])) {
+ formerr($err['port']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_port', 'auth') ?></td>
</tr>
+
<tr valign="top" class="required">
- <td align="right">cas_port:</td>
+ <td align="right">casversion:</td>
<td>
- <input name="cas_port" type="text" size="30" value="<?php echo $config->cas_port?>" />
- <?php if (isset($err["cas_port"])) formerr($err["cas_port"]); ?>
- </td>
- <td>
- <?php print_string("auth_cas_port","auth") ?>
+ <input name="casversion" type="text" size="30" value="<?php echo $config->casversion ?>" />
+ <?php
+
+ if (isset($err['casversion'])) {
+ formerr($err['casversion']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_version', 'auth') ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">cas_version:</td>
+ <td align="right">language:</td>
<td>
- <input name="cas_version" type="text" size="30" value="<?php echo $config->cas_version?>" />
- <?php if (isset($err["cas_version"])) formerr($err["cas_version"]); ?>
- </td>
- <td>
- <?php print_string("auth_cas_version","auth") ?>
+ <?php
+
+ choose_from_menu($CASLANGUAGES, 'language', $config->language, '');
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_language', 'auth') ?></td>
</tr>
-<tr valign="top" class="required">
- <td align="right">cas_language:</td>
+<tr valign="top">
+ <td align="right">auth_user_create: </td>
<td>
- <?php choose_from_menu ($CASLANGUAGES, "cas_language", $config->cas_language, "");?>
+ <?php
+
+ choose_from_menu($createoptions, 'auth_user_create', $config->auth_user_create, '');
+ if (isset($err['auth_user_create'])) {
+ formerr($err['auth_user_create']);
+ }
+
+ ?>
</td>
<td>
- <?php print_string("auth_cas_language","auth") ?>
+ <?php print_string("auth_user_creation","auth"); ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">cas_create_user:</td>
+ <td align="right">create_user:</td>
<td>
- <?php
- unset($options);
- $options[0] = get_string("no");
- $options[1] = get_string("yes");
-
- choose_from_menu ($options, "cas_create_user", $config->cas_create_user, "");?>
- </td><td>
- <?php print_string("auth_cas_create_user","auth") ?>
+ <?php
+
+ unset($options);
+ $options[0] = get_string('no');
+ $options[1] = get_string('yes');
+ choose_from_menu($options, 'create_user', $config->create_user, '');
+
+ ?>
</td>
+ <td><?php print_string('auth_cas_create_user', 'auth') ?></td>
</tr>
-<?php
- include($CFG->dirroot.'/auth/ldap/config.html');
-?>
+<tr valign="top">
+ <td align="right"> changepasswordurl: </td>
+ <td>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+ ?>
+ </td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
+</tr>
+</table>
+<?php
+
+ $ldapplugin = get_auth_plugin('ldap');
+ $ldapplugin->config_form(get_config('auth/ldap'), $err);
+
+?>
print_string("loginstepsnone");
break;
default:
+ $authplugin = get_auth_plugin($CFG->auth);
echo format_text($CFG->auth_instructions);
- if (!function_exists('auth_user_login')) {
- require_once("../auth/$CFG->auth/lib.php");
- }
- if (!empty($CFG->auth_user_create) and function_exists('auth_user_create') ){
+ if (!empty($authplugin->config->user_create) and method_exists($authplugin, 'user_create')) {
?>
<div align="center">
+++ /dev/null
-<?PHP
-// $Id$
-// author: romuald Lorthioir
-//CHANGELOG:
-//16/03/2005 Use of LDAP Module
-//05.02.2005 Added CAS module
-
-/* README!
-CAS Module
-This Module can be turn ON/OFF on admin screen.
-The /login/index.php module is intercepted and replace with the login.php.
-This Module is using the /auth/cas/index_form.html.
-This module is using the LDAP Module so you need the /auth/ldap directory.
-You can see /auth/ldap/lib.php for the other functions.
-*/
-defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
-
-define('AUTH_LDAP_NAME', 'cas'); // for ldap module
-require_once($CFG->dirroot.'/config.php');
-require_once($CFG->dirroot.'/auth/ldap/lib.php');
-require_once($CFG->dirroot.'/lib/cas/CAS.php');
-$cas_validate=false;
-
-/**
- * replace the ldap auth_user_login function
- * authenticates user againt CAS with ldap
- * Returns true if the username and password work
- * and false if they don't
- *
- * @param string $username
- * @param string $password
- *
-*/
-function cas_ldap_auth_user_login ($username, $password) {
-/// Returns true if the username and password work
-/// and false if they don't
-
- global $CFG;
- if (!$username or !$password) { // Don't allow blank usernames or passwords
- return false;
- }
-
- if ($CFG->auth == "cas" && !empty($CFG->cas_enabled)){ //cas specific
- if ($CFG->cas_create_user=="0"){
- if (record_exists('user', 'username', $username)){
- return true;
- }else{
- return false;
- }
- }else{
- return true;
- }
- }
-
- $ldap_connection = auth_ldap_connect();
-
- if ($ldap_connection) {
- $ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
-
- //if ldap_user_dn is empty, user does not exist
- if(!$ldap_user_dn){
- ldap_close($ldap_connection);
- return false;
- }
-
- // Try to bind with current username and password
- $ldap_login = ldap_bind($ldap_connection, $ldap_user_dn, $password);
- ldap_close($ldap_connection);
- if ($ldap_login) {
- if ($CFG->cas_create_user=="0"){ //cas specific
- if (record_exists('user', 'username', $username)){
- return true;
- }else{
- return false;
- }
- }else{
- return true;
- }
- }
- } else {
- ldap_close($ldap_connection);
- error("LDAP part of CAS-module cannot connect to server: $CFG->ldap_host_url");
- }
- return false;
-}
-
-/**
- * authenticates user against CAS from screen login
- * the user doesn't have a CAS Ticket yet.
- *
- * Returns an object user if the username and password work
- * and nothing if they don't
- *
- * @param string $username
- * @param string $password
- *
-*/
-function cas_authenticate_user_login ($username, $password) {
-
- global $CFG;
- // FIX ME: $cas_validate is not global
- $cas_validate=true;
- phpCAS::client($CFG->cas_version,$CFG->cas_hostname,(int)$CFG->cas_port,$CFG->cas_baseuri);
- phpCAS::setLang($CFG->cas_language);
- phpCAS::forceAuthentication();
- if ($CFG->cas_create_user=="0"){
- if (record_exists('user', 'username', phpCAS::getUser())) {
- $user = authenticate_user_login(phpCAS::getUser(), 'cas');
- }else{
- //login as guest if CAS but not Moodle and not automatic creation
- if ($CFG->guestloginbutton){
- $user = authenticate_user_login('guest', 'guest');
- }else{
- $user = authenticate_user_login(phpCAS::getUser(), 'cas');
- }
- }
- }else{
- $user = authenticate_user_login(phpCAS::getUser(), 'cas');
- }
- return $user;
-}
-
-/**
- * authenticates user against CAS when first call of Moodle
- * if already in CAS (cookie with the CAS ticket), don't have to log again (SSO)
- *
- * Returns an object user if the username and password work
- * and nothing if they don't
- *
- * @param object $user
- *
-*/
-function cas_automatic_authenticate ($user="") {
- global $CFG;
- // FIX ME: $cas_validate is not global, but it works anyway ;-)
- if (!$cas_validate){
- $cas_validate=true;
- phpCAS::client($CFG->cas_version,$CFG->cas_hostname,(int)$CFG->cas_port,$CFG->cas_baseuri);
- phpCAS::setLang($CFG->cas_language);
- $cas_user_exist=phpCAS::checkAuthentication();
- if (!$cas_user_exist && !$CFG->guestloginbutton){
- $cas_user_exist=phpCAS::forceAuthentication();
- }
- if ($cas_user_exist){
- if ($CFG->cas_create_user=="0"){
- if (record_exists('user', 'username', phpCAS::getUser())) {
- $user = authenticate_user_login(phpCAS::getUser(), 'cas');
- }else{
- //login as guest if CAS but not Moodle and not automatic creation
- if ($CFG->guestloginbutton){
- $user = authenticate_user_login('guest', 'guest');
- }else{
- $user = authenticate_user_login(phpCAS::getUser(), 'cas');
- }
- }
- }else{
-
- $user = authenticate_user_login(phpCAS::getUser(), 'cas');
- }
- return $user;
- }else{
- return;
- }
-
- }else{
- return $user;
- }
-}
-
-
-?>
\ No newline at end of file
}
$loginsite = get_string("loginsite");
+ $casauth = get_auth_plugin('cas');
+ $ldapauth = get_auth_plugin('ldap');
$frm = false;
$user = false; /// Can't log in as guest if guest button is disabled
$frm = false;
} else if (!$user) {
- if ($CFG->auth == "cas" && $frm->username != 'guest'){ /// Cas SSO case
- require_once($CFG->dirroot.'/auth/cas/lib.php');
- $user = cas_authenticate_user_login($frm->username, $frm->password);
+ if ($CFG->auth == "cas" && $frm->username != 'guest') { /// Cas SSO case
+ $user = $casauth->authenticate_user_login($frm->username, $frm->password);
}else{
$user = authenticate_user_login($frm->username, $frm->password);
}
$SESSION->justloggedin = true;
// Restore the calendar filters, if saved
- if(intval(get_user_preferences('calendar_persistflt', 0))) {
+ if (intval(get_user_preferences('calendar_persistflt', 0))) {
include_once($CFG->dirroot.'/calendar/lib.php');
calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
}
//Select password change url
- if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
+ $userauth = get_auth_plugin($USER->auth);
+ if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
}
// check whether the user should be changing password
- if (get_user_preferences('auth_forcepasswordchange', false)){
+ if (get_user_preferences('auth_forcepasswordchange', false)) {
if (isset($passwordchangeurl)) {
redirect($passwordchangeurl);
} else {
// check if user password has expired
// Currently supported only for ldap-authentication module
- if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) {
- if (function_exists('auth_password_expire')){
- $days2expire = auth_password_expire($USER->username);
+ if ($ldapauth->config->expiration == 1) {
+ $days2expire = $ldapauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
- }
- }
+ }
}
reset_login_count();
exit;
} else {
- if ($CFG->auth == "cas" ){ /// CAS error login
- require_once($CFG->dirroot.'/auth/cas/lib.php');
+ if ($CFG->auth == "cas" ) { /// CAS error login
$errormsg = get_string("invalidcaslogin");
phpCAS::logout("$CFG->wwwroot/auth/cas/forbidden.php");
}else{
}
}
}
- require_once($CFG->dirroot.'/auth/cas/lib.php');
- $user=cas_automatic_authenticate($user);
+ $user = $casauth->automatic_authenticate($user);
if ($user) {
if (! $user->confirmed ) { // they never confirmed via email
print_header(get_string("mustconfirm"), get_string("mustconfirm") );
$SESSION->justloggedin = true;
// Restore the calendar filters, if saved
- if(intval(get_user_preferences('calendar_persistflt', 0))) {
+ if (intval(get_user_preferences('calendar_persistflt', 0))) {
include_once($CFG->dirroot.'/calendar/lib.php');
calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
}
//Select password change url
- if (is_internal_auth() || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
+ $userauth = get_auth_plugin($USER->auth);
+ if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
}
// check whether the user should be changing password
- if (get_user_preferences('auth_forcepasswordchange', false)){
+ if (get_user_preferences('auth_forcepasswordchange', false)) {
if (isset($passwordchangeurl)) {
redirect($passwordchangeurl);
} else {
// check if user password has expired
// Currently supported only for ldap-authentication module
- if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) {
- if (function_exists('auth_password_expire')){
- $days2expire = auth_password_expire($USER->username);
+ if ($ldapauth->config->expiration == 1) {
+ $days2expire = $ldapauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
- }
- }
+ }
}
reset_login_count();
exit;
} else {
- if(!$CFG->guestloginbutton){
+ if (!$CFG->guestloginbutton) {
$errormsg = get_string("invalidcaslogin");
phpCAS::logout("$CFG->wwwroot/auth/cas/forbidden.php");
}
defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
global $CFG;
- if ($CFG->cas_logout){
+ if ($CFG->cas_logout) {
require_once($CFG->dirroot.'/config.php');
include_once($CFG->dirroot.'/lib/cas/CAS.php');
phpCAS::client($CFG->cas_version,$CFG->cas_hostname,(int)$CFG->cas_port,$CFG->cas_baseuri);
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: External Database Authentication
+ *
+ * Checks against an external database.
+ *
+ * 2006-08-28 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * External database authentication plugin.
+ */
+class auth_plugin_db {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_db() {
+ $this->config = get_config('auth/db');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+
+ global $CFG;
+
+ // This is a hack to workaround what seems to be a bug in ADOdb with accessing
+ // two databases of the same kind ... it seems to get confused when trying to access
+ // the first database again, after having accessed the second.
+ // The following hack will make the database explicit which keeps it happy
+ // This seems to broke postgesql so ..
+
+ $prefix = $CFG->prefix.''; // Remember it. The '' is to prevent PHP5 reference.. see bug 3223
+
+ if ($CFG->dbtype != 'postgres7') {
+ $CFG->prefix = $CFG->dbname.$CFG->prefix;
+ }
+
+ // Connect to the external database
+ $authdb = &ADONewConnection($this->config->type);
+ $authdb->PConnect($this->config->host, $this->config->user, $this->config->pass, $this->config->name);
+ $authdb->SetFetchMode(ADODB_FETCH_ASSOC);
+
+ if ($this->config->passtype === 'internal') {
+ // lookup username externally, but resolve
+ // password locally -- to support backend that
+ // don't track passwords
+ $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
+ WHERE {$this->config->fielduser} = '$username' ");
+ $authdb->Close();
+
+ if (!$rs) {
+ notify("Could not connect to the specified authentication database...");
+
+ return false;
+ }
+
+ if ( $rs->RecordCount() ) {
+ // user exists exterally
+ // check username/password internally
+ if ($user = get_record('user', 'username', $username)) {
+ return validate_internal_user_password($user, $password);
+ }
+ } else {
+ // user does not exist externally
+ return false;
+ }
+
+ } else {
+ // normal case: use external db for passwords
+
+ if ($this->config->passtype === 'md5') { // Re-format password accordingly
+ $password = md5($password);
+ }
+
+ $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
+ WHERE {$this->config->fielduser} = '$username'
+ AND {$this->config->fieldpass} = '$password' ");
+ $authdb->Close();
+
+ $CFG->prefix = $prefix;
+
+ if (!$rs) {
+ notify("Could not connect to the specified authentication database...");
+ return false;
+ }
+
+ if ( $rs->RecordCount() ) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+ }
+
+
+ /**
+ * Reads any other information for a user from external database,
+ * then returns it in an array
+ */
+ function get_userinfo($username) {
+
+ global $CFG;
+
+ ADOLoadCode($this->config->type);
+ $authdb = &ADONewConnection();
+ $authdb->PConnect($this->config->host, $this->config->user, $this->config->pass, $this->config->name);
+ $authdb->SetFetchMode(ADODB_FETCH_ASSOC);
+
+ $fields = array("firstname", "lastname", "email", "phone1", "phone2",
+ "department", "address", "city", "country", "description",
+ "idnumber", "lang");
+
+ $result = array();
+
+ foreach ($fields as $field) {
+ if ($this->config->{'field_map_' . $field}) {
+ if ($rs = $authdb->Execute("SELECT " . $this->config->{'field_map_' . $field} . " FROM {$this->config->table}
+ WHERE {$this->config->fielduser} = '$username'")) {
+ if ( $rs->RecordCount() == 1 ) {
+ if (!empty($CFG->unicodedb)) {
+ $result["$field"] = addslashes(stripslashes($rs->fields[0]));
+ } else {
+ $result["$field"] = addslashes(stripslashes(utf8_decode($rs->fields[0])));
+ }
+ }
+ }
+ }
+ }
+ $authdb->Close();
+
+ return $result;
+ }
+
+
+ function user_update_password($username, $newpassword) {
+
+ if ($this->config->passtype === 'internal') {
+ return set_field('user', 'password', md5($newpassword), 'username', $username);
+ } else {
+ // we should have never been called!
+ return false;
+ }
+ }
+
+ /**
+ * syncronizes user fron external db to moodle user table
+ *
+ * Sync shouid be done by using idnumber attribute, not username.
+ * You need to pass firstsync parameter to function to fill in
+ * idnumbers if they dont exists in moodle user table.
+ *
+ * Syncing users removes (disables) users that dont exists anymore in external db.
+ * Creates new users and updates coursecreator status of users.
+ *
+ * @param bool $do_updates Optional: set to true to force an update of existing accounts
+ *
+ * This implementation is simpler but less scalable than the one found in the LDAP module.
+ *
+ */
+ function sync_users ($do_updates=0) {
+
+ global $CFG;
+ $pcfg = get_config('auth/db');
+
+ ///
+ /// list external users
+ ///
+ $userlist = $this->get_userlist();
+ $quoteduserlist = implode("', '", $userlist);
+ $quoteduserlist = "'$quoteduserlist'";
+
+ ///
+ /// delete obsolete internal users
+ ///
+
+ // find obsolete users
+ if (count($userlist)) {
+ $sql = 'SELECT u.id, u.username
+ FROM ' . $CFG->prefix .'user u
+ WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username NOT IN (' . $quoteduserlist . ')';
+ } else {
+ $sql = 'SELECT u.id, u.username
+ FROM ' . $CFG->prefix .'user u
+ WHERE u.auth=\'db\' AND u.deleted=\'0\' ';
+ }
+ $remove_users = get_records_sql($sql);
+
+ if (!empty($remove_users)) {
+ print "User entries to remove: ". count($remove_users) . "\n";
+
+ begin_sql();
+ foreach ($remove_users as $user) {
+ //following is copy pasted from admin/user.php
+ //maybe this should moved to function in lib/datalib.php
+ unset($updateuser);
+ $updateuser->id = $user->id;
+ $updateuser->deleted = "1";
+ $updateuser->timemodified = time();
+ if (update_record("user", $updateuser)) {
+ // unenrol_student($user->id); // From all courses
+ // remove_teacher($user->id); // From all courses
+ // remove_admin($user->id);
+ delete_records('role_assignments', 'userid', $user->id); // unassign all roles
+ notify(get_string("deletedactivity", "", fullname($user, true)) );
+ } else {
+ notify(get_string("deletednot", "", fullname($user, true)));
+ }
+ //copy pasted part ends
+ }
+ commit_sql();
+ }
+ unset($remove_users); // free mem!
+
+ if (!count($userlist)) {
+ // exit right here
+ // nothing else to do
+ return true;
+ }
+
+ ///
+ /// update existing accounts
+ ///
+ if ($do_updates) {
+ // narrow down what fields we need to update
+ $all_keys = array_keys(get_object_vars($this->config));
+ $updatekeys = array();
+ foreach ($all_keys as $key) {
+ if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
+ if ($this->config->{$key} === 'onlogin') {
+ array_push($updatekeys, $match[1]); // the actual key name
+ }
+ }
+ }
+ // print_r($all_keys); print_r($updatekeys);
+ unset($all_keys); unset($key);
+
+ // only go ahead if we actually
+ // have fields to update locally
+ if (!empty($updatekeys)) {
+ $sql = 'SELECT u.id, u.username
+ FROM ' . $CFG->prefix .'user u
+ WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username IN (' . $quoteduserlist . ')';
+ $update_users = get_records_sql($sql);
+
+ foreach ($update_users as $user) {
+ $this->db_update_user_record($user->username, $updatekeys);
+ }
+ unset($update_users); // free memory
+ }
+ }
+
+
+ ///
+ /// create missing accounts
+ ///
+ // NOTE: this is very memory intensive
+ // and generally inefficient
+ $sql = 'SELECT u.id, u.username
+ FROM ' . $CFG->prefix .'user u
+ WHERE u.auth=\'db\' AND u.deleted=\'0\'';
+
+ $users = get_records_sql($sql);
+
+ // simplify down to usernames
+ $usernames = array();
+ foreach ($users as $user) {
+ array_push($usernames, $user->username);
+ }
+ unset($users);
+
+ $add_users = array_diff($userlist, $usernames);
+ unset($usernames);
+
+ if (!empty($add_users)) {
+ print "User entries to add: ". count($add_users). "\n";
+ begin_sql();
+ foreach($add_users as $user) {
+ $username = $user;
+ $user = $this->get_userinfo_asobj($user);
+
+ // prep a few params
+ $user->username = $username;
+ $user->modified = time();
+ $user->confirmed = 1;
+ $user->auth = 'db';
+
+ // insert it
+ $old_debug=$CFG->debug;
+ $CFG->debug=10;
+
+ // maybe the user has been deleted before
+ if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1)) {
+ $user->id = $old_user->id;
+ set_field('user', 'deleted', 0, 'username', $user->username);
+ echo "Revived user $user->username id $user->id\n";
+ } elseif ($id=insert_record ('user',$user)) { // it is truly a new user
+ echo "inserted user $user->username id $id\n";
+ $user->id = $id;
+ // if relevant, tag for password generation
+ if ($this->config->passtype === 'internal') {
+ set_user_preference('auth_forcepasswordchange', 1, $id);
+ set_user_preference('create_password', 1, $id);
+ }
+ } else {
+ echo "error inserting user $user->username \n";
+ }
+ $CFG->debug=$old_debug;
+ }
+ commit_sql();
+ unset($add_users); // free mem
+ }
+ return true;
+ }
+
+ function user_exists ($username) {
+ $authdb = &ADONewConnection($this->config->type);
+ $authdb->PConnect($this->config->host, $this->config->user, $this->config->pass, $this->config->name);
+ $authdb->SetFetchMode(ADODB_FETCH_ASSOC);
+
+ $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
+ WHERE {$this->config->fielduser} = '$username' ");
+ $authdb->Close();
+
+ if (!$rs) {
+ notify("Could not connect to the specified authentication database...");
+ return false;
+ }
+
+ if ( $rs->RecordCount() ) {
+ // user exists exterally
+ // check username/password internally
+ // ?? there is no $password variable, so why??
+ /*if ($user = get_record('user', 'username', $username)) {
+ return ($user->password == md5($password));
+ }*/
+ return $rs->RecordCount();
+ } else {
+ // user does not exist externally
+ return false;
+ }
+ }
+
+
+ function get_userlist() {
+ // Connect to the external database
+ $authdb = &ADONewConnection($this->config->type);
+ $authdb->PConnect($this->config->host,$this->config->user,$this->config->pass,$this->config->name);
+ $authdb->SetFetchMode(ADODB_FETCH_ASSOC);
+
+ // fetch userlist
+ $rs = $authdb->Execute("SELECT {$this->config->fielduser} AS username
+ FROM {$this->config->table} ");
+ $authdb->Close();
+
+ if (!$rs) {
+ notify("Could not connect to the specified authentication database...");
+ return false;
+ }
+
+ if ( $rs->RecordCount() ) {
+ $userlist = array();
+ while ($rec = $rs->FetchRow()) {
+ array_push($userlist, $rec['username']);
+ }
+ return $userlist;
+ } else {
+ return array();
+ }
+ }
+
+ /**
+ * reads userinformation from DB and return it in an object
+ *
+ * @param string $username username
+ * @return array
+ */
+ function get_userinfo_asobj($username) {
+ $user_array = truncate_userinfo($this->get_userinfo($username));
+ $user = new object;
+ foreach($user_array as $key=>$value) {
+ $user->{$key} = $value;
+ }
+ return $user;
+ }
+
+ /*
+ * will update a local user record from an external source.
+ * is a lighter version of the one in moodlelib -- won't do
+ * expensive ops such as enrolment
+ *
+ * If you don't pass $updatekeys, there is a performance hit and
+ * values removed from DB won't be removed from moodle.
+ */
+ function db_update_user_record($username, $updatekeys=false) {
+
+ $pcfg = get_config('auth/db');
+
+ //just in case check text case
+ $username = trim(moodle_strtolower($username));
+
+ // get the current user record
+ $user = get_record('user', 'username', $username);
+ if (empty($user)) { // trouble
+ error_log("Cannot update non-existent user: $username");
+ die;
+ }
+
+ // TODO: this had a function_exists() - now we have a $this
+ if ($newinfo = $this->get_userinfo($username)) {
+ $newinfo = truncate_userinfo($newinfo);
+
+ if (empty($updatekeys)) { // all keys? this does not support removing values
+ $updatekeys = array_keys($newinfo);
+ }
+
+ foreach ($updatekeys as $key) {
+ unset($value);
+ if (isset($newinfo[$key])) {
+ $value = $newinfo[$key];
+ $value = addslashes(stripslashes($value)); // Just in case
+ } else {
+ $value = '';
+ }
+ if (!empty($this->config->{'field_updatelocal_' . $key})) {
+ if ($user->{$key} != $value) { // only update if it's changed
+ set_field('user', $key, $value, 'username', $username);
+ }
+ }
+ }
+ }
+ return get_record_select("user", "username = '$username' AND deleted <> '1'");
+ }
+
+ // A chance to validate form data, and last chance to
+ // do stuff before it is inserted in config_plugin
+ function validate_form(&$form, &$err) {
+ if ($form['passtype'] === 'internal') {
+ $this->config->changepasswordurl = '';
+ set_config('changepasswordurl', '', 'auth/db');
+ }
+ return true;
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return ($this->config->passtype === 'internal');
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return $this->config->changepasswordurl;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset($config->host)) {
+ $config->host = "localhost";
+ }
+ if (!isset($config->type)) {
+ $config->type = "mysql";
+ }
+ if (!isset($config->name)) {
+ $config->name = "";
+ }
+ if (!isset($config->user)) {
+ $config->user = "";
+ }
+ if (!isset($config->pass)) {
+ $config->pass = "";
+ }
+ if (!isset($config->table)) {
+ $config->table = "";
+ }
+ if (!isset($config->fielduser)) {
+ $config->fielduser = "";
+ }
+ if (!isset($config->fieldpass)) {
+ $config->fieldpass = "";
+ }
+ if (!isset($config->passtype)) {
+ $config->passtype = "plaintext";
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('host', $config->host, 'auth/db');
+ set_config('type', $config->type, 'auth/db');
+ set_config('name', $config->name, 'auth/db');
+ set_config('user', $config->user, 'auth/db');
+ set_config('pass', $config->pass, 'auth/db');
+ set_config('table', $config->table, 'auth/db');
+ set_config('fielduser', $config->fielduser, 'auth/db');
+ set_config('fieldpass', $config->fieldpass, 'auth/db');
+ set_config('passtype', $config->passtype, 'auth/db');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/db');
+
+ return true;
+ }
+
+}
+
+?>
*/
-if(!empty($_SERVER['GATEWAY_INTERFACE'])){
+if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
error_log("should not be called from apache!");
exit;
}
require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->dirroot.'/lib/blocklib.php');
require_once($CFG->dirroot.'/mod/resource/lib.php');
-require_once($CFG->dirroot.'/auth/db/lib.php');
+require_once($CFG->dirroot.'/lib/moodlelib.php');
require_once($CFG->dirroot.'/mod/forum/lib.php');
$CFG->debug=10;
-auth_sync_users(true );
+$dbauth = get_auth_plugin('db');
+$dbauth->sync_users(true);
?>
\ No newline at end of file
<?php
- if (!isset($config->auth_dbhost)) {
- $config->auth_dbhost = "localhost";
+
+ // set to defaults if undefined
+ if (!isset($config->host)) {
+ $config->host = "localhost";
+ }
+ if (!isset($config->type)) {
+ $config->type = "mysql";
}
- if (!isset($config->auth_dbtype)) {
- $config->auth_dbtype = "mysql";
+ if (!isset($config->name)) {
+ $config->name = "";
}
- if (!isset($config->auth_dbname)) {
- $config->auth_dbname = "";
+ if (!isset($config->user)) {
+ $config->user = "";
}
- if (!isset($config->auth_dbuser)) {
- $config->auth_dbuser = "";
+ if (!isset($config->pass)) {
+ $config->pass = "";
}
- if (!isset($config->auth_dbpass)) {
- $config->auth_dbpass = "";
+ if (!isset($config->table)) {
+ $config->table = "";
}
- if (!isset($config->auth_dbtable)) {
- $config->auth_dbtable = "";
+ if (!isset($config->fielduser)) {
+ $config->fielduser = "";
}
- if (!isset($config->auth_dbfielduser)) {
- $config->auth_dbfielduser = "";
+ if (!isset($config->fieldpass)) {
+ $config->fieldpass = "";
}
- if (!isset($config->auth_dbfieldpass)) {
- $config->auth_dbfieldpass = "";
+ if (!isset($config->passtype)) {
+ $config->passtype = "plaintext";
}
- if (!isset($config->auth_dbpasstype)) {
- $config->auth_dbpasstype = "plaintext";
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
}
$pluginconfig = get_config('auth/db');
+
?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
<tr valign="top" class="required">
- <td align="right">auth_dbhost:</td>
+ <td align="right"> host: </td>
<td>
- <input name="auth_dbhost" type="text" size="30" value="<?php echo $config->auth_dbhost?>" />
- <?php if (isset($err["auth_dbhost"])) formerr($err["auth_dbhost"]); ?>
- </td>
- <td>
- <?php print_string("auth_dbhost","auth") ?>
+ <input name="host" type="text" size="30" value="<?php echo $config->host?>" />
+ <?php
+
+ if (isset($err["host"])) {
+ formerr($err["host"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_dbhost", "auth") ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbtype:</td>
+ <td align="right"> type: </td>
<td>
<?php $dbtypes = array("access","ado_access", "ado", "ado_mssql", "borland_ibase", "csv", "db2", "fbsql", "firebird", "ibase", "informix72", "informix", "mssql", "mssql_n", "mysql", "mysqlt", "oci805", "oci8", "oci8po", "odbc", "odbc_mssql", "odbc_oracle", "oracle", "postgres64", "postgres7", "postgres", "proxy", "sqlanywhere", "sybase", "vfp");
foreach ($dbtypes as $dbtype) {
$dboptions[$dbtype] = $dbtype;
}
- choose_from_menu($dboptions, "auth_dbtype", $config->auth_dbtype, "");
+ choose_from_menu($dboptions, "type", $config->type, "");
?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbname:</td>
+ <td align="right"> name: </td>
<td>
- <input name="auth_dbname" type="text" size="30" value="<?php echo $config->auth_dbname?>" />
- <?php if (isset($err["auth_dbname"]))formerr($err["auth_dbname"]); ?>
- </td>
- <td>
- <?php print_string("auth_dbname","auth") ?>
+ <input name="name" type="text" size="30" value="<?php echo $config->name?>" />
+ <?php
+
+ if (isset($err["name"])) {
+ formerr($err["name"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_dbname", "auth") ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbuser:</td>
- <td>
- <input name="auth_dbuser" type="text" size="30" value="<?php echo $config->auth_dbuser?>" />
- <?php if (isset($err["auth_dbuser"])) formerr($err["auth_dbuser"]); ?>
- </td>
+ <td align="right"> user: </td>
<td>
- <?php print_string("auth_dbuser","auth") ?>
+ <input name="user" type="text" size="30" value="<?php echo $config->user?>" />
+ <?php
+
+ if (isset($err["user"])) {
+ formerr($err["user"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_dbuser", "auth") ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbpass:</td>
+ <td align="right"> pass: </td>
<td>
- <input name="auth_dbpass" type="text" size="30" value="<?php echo $config->auth_dbpass?>" />
- <?php if (isset($err["auth_dbpass"])) formerr($err["auth_dbpass"]); ?>
+ <input name="pass" type="text" size="30" value="<?php echo $config->pass?>" />
+ <?php
+
+ if (isset($err["pass"])) {
+ formerr($err["pass"]);
+ }
+
+ ?>
</td>
<td>
- <?php print_string("auth_dbpass","auth") ?>
+ <?php print_string("auth_dbpass", "auth") ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbtable:</td>
- <td>
- <input name="auth_dbtable" type="text" size="30" value="<?php echo $config->auth_dbtable?>" />
- <?php if (isset($err["auth_dbtable"])) formerr($err["auth_dbtable"]); ?>
- </td>
+ <td align="right"> table: </td>
<td>
- <?php print_string("auth_dbtable","auth") ?>
+ <input name="table" type="text" size="30" value="<?php echo $config->table?>" />
+ <?php
+
+ if (isset($err["table"])) {
+ formerr($err["table"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_dbtable", "auth") ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbfielduser:</td>
- <td>
- <input name="auth_dbfielduser" type="text" size="30" value="<?php echo $config->auth_dbfielduser?>" />
- <?php if (isset($err["auth_dbfielduser"])) formerr($err["auth_dbfielduser"]); ?>
- </td>
+ <td align="right"> fielduser: </td>
<td>
- <?php print_string("auth_dbfielduser","auth") ?>
+ <input name="fielduser" type="text" size="30" value="<?php echo $config->fielduser?>" />
+ <?php
+
+ if (isset($err["fielduser"])) {
+ formerr($err["fielduser"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_dbfielduser", "auth") ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbfieldpass:</td>
+ <td align="right"> fieldpass: </td>
<td>
- <input name="auth_dbfieldpass" type="text" size="30" value="<?php echo $config->auth_dbfieldpass?>" />
- <?php if (isset($err["auth_dbfieldpass"])) formerr($err["auth_dbfieldpass"]); ?>
- </td>
- <td>
- <?php print_string("auth_dbfieldpass","auth") ?>
+ <input name="fieldpass" type="text" size="30" value="<?php echo $config->fieldpass?>" />
+ <?php
+
+ if (isset($err["fieldpass"])) {
+ formerr($err["fieldpass"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_dbfieldpass", "auth") ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_dbpasstype:</td>
- <td>
- <?php
- $passtype["plaintext"] = get_string("plaintext", "auth");
- $passtype["md5"] = get_string("md5", "auth");
- $passtype["internal"] = get_string("internal", "auth");
-
- choose_from_menu($passtype, "auth_dbpasstype", $config->auth_dbpasstype, "");
- ?>
-
- </td>
+ <td align="right"> passtype: </td>
<td>
- <?php print_string("auth_dbpasstype","auth") ?>
+ <?php
+
+ $passtype["plaintext"] = get_string("plaintext", "auth");
+ $passtype["md5"] = get_string("md5", "auth");
+ $passtype["internal"] = get_string("internal", "auth");
+ choose_from_menu($passtype, "passtype", $config->passtype, "");
+
+ ?>
</td>
+ <td><?php print_string("auth_dbpasstype", "auth") ?></td>
</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string("auth_dbextrafields","auth"), true, false); ?>
-
<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
+ <td align="right"> changepasswordurl: </td>
<td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
+<?php
+
+global $user_fields;
+print_auth_lock_options('db', $user_fields, get_string('auth_dbextrafields', 'auth'), true, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // Authentication by looking up an external database table
-
-
-function auth_user_login ($username, $password) {
-// Returns true if the username and password work
-// and false if they are wrong or don't exist.
-
- global $CFG;
-
- // This is a hack to workaround what seems to be a bug in ADOdb with accessing
- // two databases of the same kind ... it seems to get confused when trying to access
- // the first database again, after having accessed the second.
- // The following hack will make the database explicit which keeps it happy
- // This seems to broke postgesql so ..
-
- $prefix = $CFG->prefix.''; // Remember it. The '' is to prevent PHP5 reference.. see bug 3223
-
- if ($CFG->dbtype != 'postgres7') {
- $CFG->prefix = $CFG->dbname.$CFG->prefix;
- }
-
- // Connect to the external database
- $authdb = &ADONewConnection($CFG->auth_dbtype);
- $authdb->PConnect($CFG->auth_dbhost,$CFG->auth_dbuser,$CFG->auth_dbpass,$CFG->auth_dbname);
- $authdb->SetFetchMode(ADODB_FETCH_ASSOC); ///Set Assoc mode always after DB connection
-
- if ($CFG->auth_dbpasstype === 'internal') {
- // lookup username externally, but resolve
- // password locally -- to support backend that
- // don't track passwords
- $rs = $authdb->Execute("SELECT * FROM $CFG->auth_dbtable
- WHERE $CFG->auth_dbfielduser = '$username' ");
- $authdb->Close();
-
- if (!$rs) {
- notify("Could not connect to the specified authentication database...");
-
- return false;
- }
-
- if ( $rs->RecordCount() ) {
- // user exists exterally
- // check username/password internally
- if ($user = get_record('user', 'username', $username)) {
- return validate_internal_user_password($user, $password);
- }
- } else {
- // user does not exist externally
- return false;
- }
-
- } else {
- // normal case: use external db for passwords
-
- if ($CFG->auth_dbpasstype === 'md5') { // Re-format password accordingly
- $password = md5($password);
- }
-
- $rs = $authdb->Execute("SELECT * FROM $CFG->auth_dbtable
- WHERE $CFG->auth_dbfielduser = '$username'
- AND $CFG->auth_dbfieldpass = '$password' ");
- $authdb->Close();
-
- $CFG->prefix = $prefix;
-
- if (!$rs) {
- notify("Could not connect to the specified authentication database...");
- return false;
- }
-
- if ( $rs->RecordCount() ) {
- return true;
- } else {
- return false;
- }
-
- }
-}
-
-
-function auth_get_userinfo($username){
-// Reads any other information for a user from external database,
-// then returns it in an array
-
- global $CFG;
-
- $config = (array) $CFG;
-
- $pcfg = get_config('auth/db');
- $pcfg = (array) $pcfg;
-
- ADOLoadCode($CFG->auth_dbtype);
- $authdb = &ADONewConnection();
- $authdb->PConnect($CFG->auth_dbhost,$CFG->auth_dbuser,$CFG->auth_dbpass,$CFG->auth_dbname);
- $authdb->SetFetchMode(ADODB_FETCH_ASSOC); ///Set Assoc mode always after DB connection
-
- $fields = array("firstname", "lastname", "email", "phone1", "phone2",
- "department", "address", "city", "country", "description",
- "idnumber", "lang");
-
- $result = array();
-
- foreach ($fields as $field) {
- if ($pcfg["field_map_$field"]) {
- if ($rs = $authdb->Execute("SELECT ".$pcfg["field_map_$field"]." FROM $CFG->auth_dbtable
- WHERE $CFG->auth_dbfielduser = '$username'")) {
- if ( $rs->RecordCount() == 1 ) {
- // TODO: fix encoding conversion
- $result["$field"] = addslashes(stripslashes($rs->fields[0]));
- }
- }
- }
- }
-
- return $result;
-}
-
-
-function auth_user_update_password($username, $newpassword) {
- global $CFG;
- if ($CFG->auth_dbpasstype === 'internal') {
- return set_field('user', 'password', md5($newpassword), 'username', $username);
- } else {
- // we should have never been called!
- return false;
- }
-}
-
-/**
- * syncronizes user fron external db to moodle user table
- *
- * Sync shouid be done by using idnumber attribute, not username.
- * You need to pass firstsync parameter to function to fill in
- * idnumbers if they dont exists in moodle user table.
- *
- * Syncing users removes (disables) users that dont exists anymore in external db.
- * Creates new users and updates coursecreator status of users.
- *
- * @param bool $do_updates Optional: set to true to force an update of existing accounts
- *
- * This implementation is simpler but less scalable than the one found in the LDAP module.
- *
- */
-function auth_sync_users ($do_updates=0) {
-
- global $CFG;
- $pcfg = get_config('auth/db');
-
- ///
- /// list external users
- ///
- $userlist = auth_get_userlist();
- $quoteduserlist = implode("', '", $userlist);
- $quoteduserlist = "'$quoteduserlist'";
-
- ///
- /// delete obsolete internal users
- ///
-
- // find obsolete users
- if (count($userlist)) {
- $sql = 'SELECT u.id, u.username
- FROM ' . $CFG->prefix .'user u
- WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username NOT IN (' . $quoteduserlist . ')';
- } else {
- $sql = 'SELECT u.id, u.username
- FROM ' . $CFG->prefix .'user u
- WHERE u.auth=\'db\' AND u.deleted=\'0\' ';
- }
- $remove_users = get_records_sql($sql);
-
- if (!empty($remove_users)){
- print "User entries to remove: ". count($remove_users) . "\n";
-
- begin_sql();
- foreach ($remove_users as $user) {
- //following is copy pasted from admin/user.php
- //maybe this should moved to function in lib/datalib.php
- unset($updateuser);
- $updateuser->id = $user->id;
- $updateuser->deleted = "1";
- $updateuser->timemodified = time();
- if (update_record("user", $updateuser)) {
- // unenrol_student($user->id); // From all courses
- // remove_teacher($user->id); // From all courses
- // remove_admin($user->id);
- delete_records('role_assignments', 'userid', $user->id); // unassign all roles
- notify(get_string("deletedactivity", "", fullname($user, true)) );
- } else {
- notify(get_string("deletednot", "", fullname($user, true)));
- }
- //copy pasted part ends
- }
- commit_sql();
- }
- unset($remove_users); // free mem!
-
- if (!count($userlist)) {
- // exit right here
- // nothing else to do
- return true;
- }
-
- ///
- /// update existing accounts
- ///
- if ($do_updates) {
- // narrow down what fields we need to update
- $all_keys = array_keys(get_object_vars($pcfg));
- $updatekeys = array();
- foreach ($all_keys as $key) {
- if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
- if ($pcfg->{$key} === 'onlogin') {
- array_push($updatekeys, $match[1]); // the actual key name
- }
- }
- }
- // print_r($all_keys); print_r($updatekeys);
- unset($all_keys); unset($key);
-
- // only go ahead if we actually
- // have fields to update locally
- if (!empty($updatekeys)) {
- $sql = 'SELECT u.id, u.username
- FROM ' . $CFG->prefix .'user u
- WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username IN (' . $quoteduserlist . ')';
- $update_users = get_records_sql($sql);
-
- foreach ($update_users as $user) {
- auth_db_update_user_record($user->username, $updatekeys);
- }
- unset($update_users); // free memory
- }
- }
-
-
- ///
- /// create missing accounts
- ///
- // NOTE: this is very memory intensive
- // and generally inefficient
- $sql = 'SELECT u.id, u.username
- FROM ' . $CFG->prefix .'user u
- WHERE u.auth=\'db\' AND u.deleted=\'0\'';
-
- $users = get_records_sql($sql);
-
- // simplify down to usernames
- $usernames = array();
- foreach ($users as $user) {
- array_push($usernames, $user->username);
- }
- unset($users);
-
- $add_users = array_diff($userlist, $usernames);
- unset($usernames);
-
- if(!empty($add_users)){
- print "User entries to add: ". count($add_users). "\n";
- begin_sql();
- foreach($add_users as $user){
- $username = $user;
- $user = auth_get_userinfo_asobj($user);
-
- // prep a few params
- $user->username = $username;
- $user->modified = time();
- $user->confirmed = 1;
- $user->auth = 'db';
-
- // insert it
- $old_debug=$CFG->debug;
- $CFG->debug=10;
-
- // maybe the user has been deleted before
- if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1)) {
- $user->id = $old_user->id;
- set_field('user', 'deleted', 0, 'username', $user->username);
- echo "Revived user $user->username id $user->id\n";
- } elseif ($id=insert_record ('user',$user)) { // it is truly a new user
- echo "inserted user $user->username id $id\n";
- $user->id = $id;
- // if relevant, tag for password generation
- if ($CFG->auth_dbpasstype === 'internal') {
- set_user_preference('auth_forcepasswordchange', 1, $id);
- set_user_preference('create_password', 1, $id);
- }
- } else {
- echo "error inserting user $user->username \n";
- }
- $CFG->debug=$old_debug;
- }
- commit_sql();
- unset($add_users); // free mem
- }
- return true;
-}
-
-function auth_user_exists ($username) {
- global $CFG;
- $authdb = &ADONewConnection($CFG->auth_dbtype);
- $authdb->PConnect($CFG->auth_dbhost,$CFG->auth_dbuser,$CFG->auth_dbpass,$CFG->auth_dbname);
- $authdb->SetFetchMode(ADODB_FETCH_ASSOC); ///Set Assoc mode always after DB connection
-
- $rs = $authdb->Execute("SELECT * FROM $CFG->auth_dbtable
- WHERE $CFG->auth_dbfielduser = '$username' ");
- $authdb->Close();
-
- if (!$rs) {
- notify("Could not connect to the specified authentication database...");
- return false;
- }
-
- if ( $rs->RecordCount() ) {
- // user exists exterally
- // check username/password internally
- // ?? there is no $password variable, so why??
- /*if ($user = get_record('user', 'username', $username)) {
- return ($user->password == md5($password));
- }*/
- return $rs->RecordCount();
- } else {
- // user does not exist externally
- return false;
- }
-}
-
-
-function auth_get_userlist() {
-
- global $CFG;
-
- // Connect to the external database
- $authdb = &ADONewConnection($CFG->auth_dbtype);
- $authdb->PConnect($CFG->auth_dbhost,$CFG->auth_dbuser,$CFG->auth_dbpass,$CFG->auth_dbname);
- $authdb->SetFetchMode(ADODB_FETCH_ASSOC); ///Set Assoc mode always after DB connection
-
- // fetch userlist
- $rs = $authdb->Execute("SELECT $CFG->auth_dbfielduser AS username
- FROM $CFG->auth_dbtable ");
- $authdb->Close();
-
- if (!$rs) {
- notify("Could not connect to the specified authentication database...");
- return false;
- }
-
- if ( $rs->RecordCount() ) {
- $userlist = array();
- while ($rec = $rs->FetchRow()) {
- array_push($userlist, $rec['username']);
- }
- return $userlist;
- } else {
- return array();
- }
-}
-
-/**
- * reads userinformation from DB and return it in an object
- *
- * @param string $username username
- * @return array
- */
-function auth_get_userinfo_asobj($username){
- $user_array = truncate_userinfo(auth_get_userinfo($username));
- $user = new object;
- foreach($user_array as $key=>$value){
- $user->{$key} = $value;
- }
- return $user;
-}
-
-function auth_db_update_user_record($username, $updatekeys=false) {
-/// will update a local user record from an external source.
-/// is a lighter version of the one in moodlelib -- won't do
-/// expensive ops such as enrolment
-///
-/// If you don't pass $updatekeys, there is a performance hit and
-/// values removed from DB won't be removed from moodle.
-
- global $CFG;
-
- $pcfg = get_config('auth/db');
-
- //just in case check text case
- $username = trim(moodle_strtolower($username));
-
- // get the current user record
- $user = get_record('user', 'username', $username);
- if (empty($user)) { // trouble
- error_log("Cannot update non-existent user: $username");
- die;
- }
-
- if (function_exists('auth_get_userinfo')) {
- if ($newinfo = auth_get_userinfo($username)) {
- $newinfo = truncate_userinfo($newinfo);
-
- if (empty($updatekeys)) { // all keys? this does not support removing values
- $updatekeys = array_keys($newinfo);
- }
-
- foreach ($updatekeys as $key){
- unset($value);
- if (isset($newinfo[$key])) {
- $value = $newinfo[$key];
- $value = addslashes(stripslashes($value)); // Just in case
- } else {
- $value = '';
- }
- if (!empty($pcfg->{'field_updatelocal_' . $key})) {
- if ($user->{$key} != $value) { // only update if it's changed
- set_field('user', $key, $value, 'username', $username);
- }
- }
- }
- }
- }
- return get_record_select("user", "username = '$username' AND deleted <> '1'");
-}
-
-// A chance to validate form data, and last chance to
-// do stuff before it is inserted in config_plugin
-function auth_validate_form(&$form, &$err) {
-
- // compat until we rework auth a bit
- if ($form['auth_dbpasstype'] === 'internal') {
- $CFG->auth_db_stdchangepassword = true;
- if ($conf = get_record('config', 'name', 'auth_db_stdchangepassword')) {
- $conf->value = 1;
- if (! update_record('config', $conf)) {
- notify("Could not update $name to $value");
- }
- } else {
- $conf = new StdClass;
- $conf->name = 'auth_db_stdchangepassword';
- $conf->value = 1;
- if (! insert_record('config', $conf)) {
- notify("Error: could not add new variable $name !");
- }
- }
- } else {
- $CFG->auth_db_stdchangepassword = false;
- if ($conf = get_record('config', 'name', 'auth_db_stdchangepassword')) {
- $conf->value = 0;
- if (! update_record('config', $conf)) {
- notify("Could not update $name to $value");
- }
- } else {
- $conf = new StdClass;
- $conf->name = 'auth_db_stdchangepassword';
- $conf->value = 0;
- if (! insert_record('config', $conf)) {
- notify("Error: could not add new variable $name !");
- }
- }
- }
- return true;
-}
-
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: Email Authentication
+ *
+ * Standard authentication function.
+ *
+ * 2006-08-28 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * Error codes for user confirm
+ */
+define('AUTH_CONFIRM_FAIL', 0);
+define('AUTH_CONFIRM_OK', 1);
+define('AUTH_CONFIRM_ALREADY', 2);
+define('AUTH_CONFIRM_ERROR', 3);
+// TODO: instead of integers these could be the language keys?
+
+
+/**
+ * Email authentication plugin.
+ */
+class auth_plugin_email {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_email() {
+ $this->config = get_config('auth/email');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ if ($user = get_record('user', 'username', $username)) {
+ return validate_internal_user_password($user, $password);
+ }
+ return false;
+ }
+
+ /*
+ * Updates the user's password.
+ *
+ * called when the user password is updated.
+ *
+ * @param mixed $username Username
+ * @param mixed $newpassword Plaintext password
+ * @return boolean result
+ *
+ */
+ function user_update_password($username, $newpassword) {
+ $user = get_complete_user_data('username', $username);
+ return update_internal_user_password($user, $newpassword);
+ }
+
+ /*
+ * Sign up a new user ready for confirmation.
+ */
+ function user_signup($user, $notify = true) {
+ if (! ($user->id = insert_record('user', $user)) ) {
+ error('Could not add your record to the database!');
+ }
+ if (! send_confirmation_email($user)) {
+ error('Tried to send you an email but failed!');
+ }
+
+ if ($notify) {
+ global $CFG;
+ $emailconfirm = get_string('emailconfirm');
+ print_header($emailconfirm, $emailconfirm, $emailconfirm);
+ notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php");
+ }
+ }
+
+ /*
+ * Confirm the new user as registered.
+ */
+ function user_confirm($username, $confirmsecret) {
+ $user = get_complete_user_data('username', $username);
+
+ if (!empty($user)) {
+ if ($user->confirmed) {
+ return AUTH_CONFIRM_ALREADY;
+ }
+ if ($user->secret == $confirmsecret) { // They have provided the secret key to get in
+ if (!set_field("user", "confirmed", 1, "id", $user->id)) {
+ return AUTH_CONFIRM_FAIL;
+ }
+ if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
+ return AUTH_CONFIRM_FAIL;
+ }
+ return AUTH_CONFIRM_OK;
+ }
+ }
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return true;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return true;
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ return true;
+ }
+
+}
+
+?>
<!-- No config needed -->
<div align="center"><?php print_string('none'); ?></div>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+<?php
+
+global $user_fields;
+print_auth_lock_options('email', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // Standard authentication function
-
-function auth_user_login ($username, $password) {
-// Returns true if the username and password work
-// and false if they don't
-
- global $CFG;
-
- if ($user = get_record('user', 'username', $username)) {
- return validate_internal_user_password($user, $password);
- }
-
- return false;
-}
-
-
-
-?>
--- /dev/null
+<?php
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: FirstClass Authentication
+ *
+ * Authentication using a FirstClass server.
+ *
+ * 2006-08-28 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+require_once 'fcFPP.php';\r
+
+/**
+ * FirstClass authentication plugin.
+ */
+class auth_plugin_fc {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_fc() {
+ $this->config = get_config('auth/fc');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ global $CFG;
+ $retval = false;
+
+ // Don't allow blank usernames or passwords
+ if (!$username or !$password) {
+ return $retval;
+ }
+
+ $fpp = new fcFPP($this->config->host, $this->config->fppport);
+ if ($fpp->open()) {
+ if ($fpp->login($username, $password)) {
+ $retval = true;
+ }
+ }
+ $fpp->close();
+
+ return $retval;
+ }
+
+ /**
+ * Get user information from FirstCLass server and return it in an array.
+ * Localize this routine to fit your needs.
+ */
+ function get_userinfo($username) {
+ /*
+ Moodle FirstCLass fieldID in UserInfo form
+ ------ -----------------------------------
+ firstname 1202
+ lastname 1204
+ email 1252
+ icq -
+ phone1 1206
+ phone2 1207 (Fax)
+ institution -
+ department -
+ address 1205
+ city -
+ country -
+ lang -
+ timezone 8030 (Not used yet. Need to figure out how FC codes timezones)
+
+ description Get data from users resume. Pictures will be removed.
+
+ */
+
+ $userinfo = array();
+
+ $fpp = new fcFPP($this->config->host, $this->config->port);
+ if ($fpp->open()) {
+ if ($fpp->login($this->config->userid, $this->config->passwd)) {
+ $userinfo['firstname'] = $fpp->getUserInfo($username,"1202");
+ $userinfo['lastname'] = $fpp->getUserInfo($username,"1204");
+ $userinfo['email'] = strtok($fpp->getUserInfo($username,"1252"),',');
+ $userinfo['phone1'] = $fpp->getUserInfo($username,"1206");
+ $userinfo['phone2'] = $fpp->getUserInfo($username,"1207");
+ $userinfo['description'] = $fpp->getResume($username);
+ }
+ }
+ $fpp->close();
+
+ foreach($userinfo as $key => $value) {
+ if (!$value) {
+ unset($userinfo[$key]);
+ }
+ }
+
+ return $userinfo;
+ }
+
+ /**
+ * Get users group membership from the FirstClass server user and check if
+ * user is member of one of the groups of creators.
+ */
+ function iscreator($username = 0) {
+ global $USER;
+
+ if (! $this->config->creators) {
+ return false;
+ }
+ if (! $username) {
+ $username = $USER->username;
+ }
+
+ $fcgroups = array();
+
+ $fpp = new fcFPP($this->config->host, $this->config->port);
+ if ($fpp->open()) {
+ if ($fpp->login($this->config->userid, $this->config->passwd)) {
+ $fcgroups = $fpp->getGroups($username);
+ }
+ }
+ $fpp->close();
+
+ if ((! $fcgroups)) {
+ return false;
+ }
+
+ $creators = explode(";", $this->config->creators);
+
+ foreach($creators as $creator) {
+ If (in_array($creator, $fcgroups)) return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset($config->host)) {
+ $config->host = "127.0.0.1";
+ }
+ if (!isset($config->fppport)) {
+ $config->fppport = "3333";
+ }
+ if (!isset($config->userid)) {
+ $config->userid = "fcMoodle";
+ }
+ if (!isset($config->passwd)) {
+ $config->passwd = "";
+ }
+ if (!isset($config->creators)) {
+ $config->creators = "";
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('host', $config->user, 'auth/fc');
+ set_config('fppport', $config->fppport, 'auth/fc');
+ set_config('userid', $config->userid, 'auth/fc');
+ set_config('passwd', $config->passwd, 'auth/fc');
+ set_config('creators', $config->creators, 'auth/fc');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/fc');
+
+ return true;
+ }
+
+}
+
+?>
<?php
- if (!isset($config->auth_fchost)) {
- $config->auth_fchost = "127.0.0.1";
+
+ // set to defaults if undefined
+ if (!isset($config->host)) {
+ $config->host = "127.0.0.1";
+ }
+ if (!isset($config->fppport)) {
+ $config->fppport = "3333";
}
- if (!isset($config->auth_fcfppport)) {
- $config->auth_fcfppport = "3333";
+ if (!isset($config->userid)) {
+ $config->userid = "fcMoodle";
}
- if (!isset($config->auth_fcuserid)) {
- $config->auth_fcuserid = "fcMoodle";
+ if (!isset($config->passwd)) {
+ $config->passwd = "";
}
- if (!isset($config->auth_fcpasswd)) {
- $config->auth_fcpasswd = "";
+ if (!isset($config->creators)) {
+ $config->creators = "";
}
- if (!isset($config->auth_fccreators)) {
- $config->auth_fccreators = "";
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
}
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
<tr valign="top" class="required">
- <td align="right">auth_fchost:</td>
+ <td align="right">host:</td>
<td>
- <input name="auth_fchost" type="text" size="30" value="<?php echo $config->auth_fchost?>" />
- <?php if (isset($err["auth_fchost"])) formerr($err["auth_fchost"]); ?>
+ <input name="host" type="text" size="30" value="<?php echo $config->host?>" />
+ <?php if (isset($err["host"])) formerr($err["host"]); ?>
</td>
<td>
- <?php print_string("auth_fchost","auth") ?>
+ <?php print_string("auth_fchost", "auth") ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_fcfppport:</td>
+ <td align="right">fppport:</td>
<td>
- <input name="auth_fcfppport" type="text" size="30" value="<?php echo $config->auth_fcfppport?>" />
- <?php if (isset($err["auth_fcfppport"])) formerr($err["auth_fchost"]); ?>
+ <input name="fppport" type="text" size="30" value="<?php echo $config->fppport?>" />
+ <?php if (isset($err["fppport"])) formerr($err["host"]); ?>
</td>
<td>
- <?php print_string("auth_fcfppport","auth") ?>
+ <?php print_string("auth_fcfppport", "auth") ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_fcuserid:</td>
+ <td align="right">userid:</td>
<td>
- <input name="auth_fcuserid" type="text" size="30" maxlength="15" value="<?php echo $config->auth_fcuserid?>" />
- <?php if (isset($err["auth_fcuserid"])) formerr($err["auth_fcuserid"]); ?>
+ <input name="userid" type="text" size="30" maxlength="15" value="<?php echo $config->userid?>" />
+ <?php if (isset($err["userid"])) formerr($err["userid"]); ?>
</td>
<td>
- <?php print_string("auth_fcuserid","auth") ?>
+ <?php print_string("auth_fcuserid", "auth") ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_fcpasswd:</td>
+ <td align="right">passwd:</td>
<td>
- <input name="auth_fcpasswd" type="password" size="30" maxlength="12" value="<?php echo $config->auth_fcpasswd?>" />
- <?php if (isset($err["auth_fcpasswd"])) formerr($err["auth_fcpasswd"]); ?>
+ <input name="passwd" type="password" size="30" maxlength="12" value="<?php echo $config->passwd?>" />
+ <?php if (isset($err["passwd"])) formerr($err["passwd"]); ?>
</td>
<td>
- <?php print_string("auth_fcpasswd","auth") ?>
+ <?php print_string("auth_fcpasswd", "auth") ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_fccreators:</td>
+ <td align="right">creators:</td>
<td>
- <input name="auth_fccreators" type="text" size="30" value="<?php echo $config->auth_fccreators?>" />
- <?php if (isset($err["auth_fccreators"])) formerr($err["auth_fccreators"]); ?>
+ <input name="creators" type="text" size="30" value="<?php echo $config->creators?>" />
+ <?php if (isset($err["creators"])) formerr($err["creators"]); ?>
</td>
<td>
- <?php print_string("auth_fccreators","auth") ?>
+ <?php print_string("auth_fccreators", "auth") ?>
</td>
</tr>
-
<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
+ <td align="right"> changepasswordurl: </td>
<td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
+
+<?php
+
+global $user_fields;
+print_auth_lock_options('fc', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
// open a connection to the FirstClass server
function open()
{
- if($this->_debug) echo "Connecting to host ";
+ if ($this->_debug) echo "Connecting to host ";
$host = $this->_hostname;
$port = $this->_port;
- if($this->_debug) echo "[$host:$port]..";
+ if ($this->_debug) echo "[$host:$port]..";
// open the connection to the FirstClass server
$conn = fsockopen($host, $port, $errno, $errstr, 5);
- if(!$conn)
+ if (!$conn)
{
echo "connection failed!".$errno. $errstr;
return false;
}
// We are connected
- if($this->_debug) echo "connected!";
+ if ($this->_debug) echo "connected!";
// Read connection message.
$line = fgets ($conn); //+0
$conn = &$this->_conn;
// close it if it's open
- if($conn)
+ if ($conn)
{
fclose($conn);
function login($userid, $passwd)
{
// we did have a connection right?!
- if($this->_conn)
+ if ($this->_conn)
{
# Send username
fputs($this->_conn,"$userid\r\n");
$line = fgets ($this->_conn); //+0
$line = fgets ($this->_conn); //+0 or message
- if($this->_debug) echo $line;
+ if ($this->_debug) echo $line;
if (preg_match ("/^\+0/", $line)) { //+0, user with subadmin privileges
$this->_user = $userid;
$this->_pwd = $passwd;
return TRUE;
- } elseif (strpos($line, 'You are not allowed')){ // Denied access but a valid user and password
+ } elseif (strpos($line, 'You are not allowed')) { // Denied access but a valid user and password
// "Sorry. You are not allowed to login with the FPP interface"
return TRUE;
} else { //Invalid user or password
}
// Get the list of groups the user is a member of
- function getGroups($userid){
+ function getGroups($userid) {
$groups = array();
// we must be logged in as a user with subadmin privileges
- if($this->_conn AND $this->_user) {
+ if ($this->_conn AND $this->_user) {
# Send BA-command to get groups
fputs($this->_conn,"GET USER '" . $userid . "' 4 -1\r");
$line = "";
list( , , $groups[$n++]) = explode(" ",$line,3);
$line = trim(fgets ($this->_conn));
}
- if($this->_debug) echo "getGroups:" . implode(",",$groups);
+ if ($this->_debug) echo "getGroups:" . implode(",",$groups);
}
return $groups;
// Check if the user is member of any of the groups.
// Return the list of groups the user is member of.
- function isMemberOf($userid, $groups){
+ function isMemberOf($userid, $groups) {
$usergroups = array_map("strtolower",$this->getGroups($userid));
$groups = array_map("strtolower",$groups);
$result = array_intersect($groups,$usergroups);
- if($this->_debug) echo "isMemberOf:" . implode(",",$result);
+ if ($this->_debug) echo "isMemberOf:" . implode(",",$result);
return $result;
}
- function getUserInfo($userid, $field){
+ function getUserInfo($userid, $field) {
$userinfo = "";
- if($this->_conn AND $this->_user) {
+ if ($this->_conn AND $this->_user) {
# Send BA-command to get data
fputs($this->_conn,"GET USER '" . $userid . "' " . $field . "\r");
$line = "";
list( , , $userinfo) = explode(" ",$line,3);
$line = trim(fgets ($this->_conn));
}
- if($this->_debug) echo "getUserInfo:" . $userinfo;
+ if ($this->_debug) echo "getUserInfo:" . $userinfo;
}
return str_replace('\r',' ',trim($userinfo,'"'));
}
- function getResume($userid){
+ function getResume($userid) {
$resume = "";
$pattern = "/\[.+:.+\..+\]/"; // Remove references to pictures in resumes
- if($this->_conn AND $this->_user) {
+ if ($this->_conn AND $this->_user) {
# Send BA-command to get data
fputs($this->_conn,"GET RESUME '" . $userid . "' 6\r");
$line = "";
//print $line;
}
- if($this->_debug) echo "getResume:" . $resume;
+ if ($this->_debug) echo "getResume:" . $resume;
}
return $resume;
+++ /dev/null
-<?php // $Id$
-
-// FirstClass authentication using FirstClass Flexible Provisining Protocol
-
-/* Author: Torsten Anderson, torsten.anderson@skeria.skelleftea.se
-
-CHANGELOG
-
-README
- Module will authenticate user against FirstClass server and check if user belongs to any of
- the defined creator groups.
- User authenticates using their existing FirstClass username and password.
- Where possible userdata is copied from the FirstClass directory to Moodle. You may
- want to modify this.
- Module requires the fcFPP class to do it's jobb.
- */
-
-
-require('fcFPP.php');
-
-
-function auth_user_login ($username, $password) {
-/// Returns true if the username and password work
-/// and false if they don't
-
- global $CFG;
-
- $hostname = $CFG->auth_fchost;
- $port = $CFG->auth_fcfppport;
-
- $retval = FALSE;
-
- if (!$username or !$password) { // Don't allow blank usernames or passwords
- return $retval;
- }
-
-
- $fpp = new fcFPP($hostname,$port);
- if ($fpp->open()) {
- if ($fpp->login($username,$password)){
- $retval = TRUE;
- }
- }
- $fpp->close();
-
- return $retval;
-
-
-}
-
-function auth_get_userinfo($username){
-// Get user information from FirstCLass server and return it in an array.
-// Localize this routine to fit your needs.
-
-/*
-Moodle FirstCLass fieldID in UserInfo form
------- -----------------------------------
-firstname 1202
-lastname 1204
-email 1252
-icq -
-phone1 1206
-phone2 1207 (Fax)
-institution -
-department -
-address 1205
-city -
-country -
-lang -
-timezone 8030 (Not used yet. Need to figure out how FC codes timezones)
-
-description Get data from users resume. Pictures will be removed.
-
-*/
-
- global $CFG;
-
- $hostname = $CFG->auth_fchost;
- $port = $CFG->auth_fcfppport;
- $userid = $CFG->auth_fcuserid;
- $passwd = $CFG->auth_fcpasswd;
-
- $userinfo = array();
-
- $fpp = new fcFPP($hostname,$port);
- if ($fpp->open()) {
- if ($fpp->login($userid,$passwd)){
-
- $userinfo['firstname'] = $fpp->getUserInfo($username,"1202");
- $userinfo['lastname'] = $fpp->getUserInfo($username,"1204");
- $userinfo['email'] = strtok($fpp->getUserInfo($username,"1252"),',');
- $userinfo['phone1'] = $fpp->getUserInfo($username,"1206");
- $userinfo['phone2'] = $fpp->getUserInfo($username,"1207");
- $userinfo['description'] = $fpp->getResume($username);
-
- }
- }
-
- $fpp->close();
-
- foreach($userinfo as $key => $value) {
- if (!$value) {
- unset($userinfo[$key]);
- }
- }
-
- return $userinfo;
-
-}
-
-
-function auth_iscreator($username=0) {
-//Get users group membership from the FirstClass server user and check if
-// user is member of one of the groups of creators.
-
- global $CFG, $USER;
-
- if (! $CFG->auth_fccreators) {
- return false;
- }
-
- if (! $username) {
- $username=$USER->username;
- }
-
- $fcgroups = array();
-
- $hostname = $CFG->auth_fchost;
- $port = $CFG->auth_fcfppport;
- $userid = $CFG->auth_fcuserid;
- $passwd = $CFG->auth_fcpasswd;
-
- $fpp = new fcFPP($hostname,$port);
- if ($fpp->open()) {
- if ($fpp->login($userid,$passwd)){
- $fcgroups = $fpp->getGroups($username);
- }
- }
- $fpp->close();
-
-
- if ((! $fcgroups)) {
- return false;
- }
-
- $creators = explode(";",$CFG->auth_fccreators);
-
- foreach($creators as $creator) {
- If (in_array($creator, $fcgroups)) return true;
- }
-
- return false;
-}
-
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: IMAP Authentication
+ *
+ * Authenticates against an IMAP server.
+ *
+ * 2006-08-31 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * IMAP authentication plugin.
+ */
+class auth_plugin_imap {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_imap() {
+ $this->config = get_config('auth/imap');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ if (! function_exists('imap_open')) {
+ error("Cannot use IMAP authentication. The PHP IMAP module is not installed.");
+ }
+
+ global $CFG;
+ $hosts = split(';', $this->config->host); // Could be multiple hosts
+
+ foreach ($hosts as $host) { // Try each host in turn
+ $host = trim($host);
+
+ switch ($this->config->type) {
+ case 'imapssl':
+ $host = '{'.$host.":{$this->config->port}/imap/ssl}";
+ break;
+
+ case 'imapcert':
+ $host = '{'.$host.":{$this->config->port}/imap/ssl/novalidate-cert}";
+ break;
+
+ case 'imaptls':
+ $host = '{'.$host.":{$this->config->port}/imap/tls}";
+ break;
+
+ default:
+ $host = '{'.$host.":{$this->config->port}/imap}";
+ }
+
+ error_reporting(0);
+ $connection = imap_open($host, $username, $password, OP_HALFOPEN);
+ error_reporting($CFG->debug);
+
+ if ($connection) {
+ imap_close($connection);
+ return true;
+ }
+ }
+
+ return false; // No match
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return $CFG->changepasswordurl; // TODO: will this be global?
+ //return $this->config->changepasswordurl;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset ($config->host)) {
+ $config->host = '127.0.0.1';
+ }
+ if (!isset ($config->type)) {
+ $config->type = 'imap';
+ }
+ if (!isset ($config->port)) {
+ $config->port = '143';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('host', $config->host, 'auth/imap');
+ set_config('type', $config->type, 'auth/imap');
+ set_config('port', $config->port, 'auth/imap');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/imap');
+
+ return true;
+ }
+
+}
+
+?>
<?php
- if (!isset($config->auth_imaphost)) {
- $config->auth_imaphost = "127.0.0.1";
- }
- if (!isset($config->auth_imaptype)) {
- $config->auth_imaptype = "imap";
- }
- if (!isset($config->auth_imapport)) {
- $config->auth_imapport = "143";
- }
+
+// set to defaults if undefined
+if (!isset($config->host)) {
+ $config->host = '127.0.0.1';
+}
+if (!isset($config->type)) {
+ $config->type = 'imap';
+}
+if (!isset($config->port)) {
+ $config->port = '143';
+}
+if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+}
+
?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+
<tr valign="top" class="required">
- <td align="right">auth_imaphost:</td>
+ <td align="right"> host: </td>
<td>
- <input name="auth_imaphost" type="text" size="30" value="<?php echo $config->auth_imaphost?>" />
- <?php if (isset($err["auth_imaphost"])) formerr($err["auth_imaphost"]); ?>
+ <input name="host" type="text" size="30" value="<?php echo $config->host ?>" />
+ <?php
+
+ if (isset($err['host'])) {
+ formerr($err['host']);
+ }
+
+ ?>
</td>
<td>
- <?php print_string("auth_imaphost","auth") ?>
- <?php print_string("auth_multiplehosts","auth") ?>
+ <?php
+
+ print_string('auth_imaphost', 'auth');
+ print_string('auth_multiplehosts', 'auth');
+
+ ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_imaptype:</td>
- <td>
- <?php $imaptypes = array("imap","imapssl", "imapcert", "imaptls");
- foreach($imaptypes as $imaptype) {
- $imapoptions[$imaptype] = $imaptype;
- }
- choose_from_menu($imapoptions, "auth_imaptype", $config->auth_imaptype, "");
- ?>
- </td>
+ <td align="right"> type: </td>
<td>
- <?php print_string("auth_imaptype","auth") ?>
+ <?php
+
+ $imaptypes = array('imap', 'imapssl', 'imapcert', 'imaptls');
+ foreach ($imaptypes as $imaptype) {
+ $imapoptions[$imaptype] = $imaptype;
+ }
+ choose_from_menu($imapoptions, 'type', $config->type, '');
+
+ ?>
</td>
+ <td><?php print_string('auth_imaptype', 'auth') ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_imapport:</td>
+ <td align="right"> port: </td>
<td>
- <input name="auth_imapport" type="text" size="6" value="<?php echo $config->auth_imapport?>" />
- <?php if (isset($err["auth_imapport"])) formerr($err["auth_imapport"]); ?>
- </td>
- <td>
- <?php print_string("auth_imapport","auth") ?>
+ <input name="port" type="text" size="6" value="<?php echo $config->port ?>" />
+ <?php
+
+ if (isset($err['port'])) {
+ formerr($err['port']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_imapport', 'auth') ?></td>
</tr>
<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
+ <td align="right"> changepasswordurl: </td>
<td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
- <td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
+
+<?php
+
+global $user_fields;
+print_auth_lock_options('imap', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // Authentication by looking up an IMAP server
-
-function auth_user_login ($username, $password) {
-// Returns true if the username and password work
-// and false if they are wrong or don't exist.
-
- global $CFG;
-
- $hosts = split(';', $CFG->auth_imaphost); // Could be multiple hosts
-
- foreach ($hosts as $host) { // Try each host in turn
-
- $host = trim($host);
-
- switch ($CFG->auth_imaptype) {
- case "imapssl":
- $host = '{'.$host.":$CFG->auth_imapport/imap/ssl}";
- break;
-
- case "imapcert":
- $host = '{'.$host.":$CFG->auth_imapport/imap/ssl/novalidate-cert}";
- break;
-
- case "imaptls":
- $host = '{'.$host.":$CFG->auth_imapport/imap/notls}";
- break;
-
- default:
- $host = '{'.$host.":$CFG->auth_imapport}";
- }
-
- error_reporting(0);
- $connection = imap_open($host, $username, $password, OP_HALFOPEN);
- error_reporting($CFG->debug);
-
- if ($connection) {
- imap_close($connection);
- return true;
- }
- }
-
- return false; // No match
-}
-
-
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: LDAP Authentication
+ *
+ * Authentication using LDAP (Lightweight Directory Access Protocol).
+ *
+ * 2006-08-28 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+// LDAP functions are reused by other auth libs
+if (!defined('AUTH_LDAP_NAME')) {
+ define('AUTH_LDAP_NAME', 'ldap');
+}
+
+/**
+ * LDAP authentication plugin.
+ */
+class auth_plugin_ldap {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_ldap() {
+ $this->config = get_config('auth/ldap');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login($username, $password) {
+
+ global $CFG;
+
+ if (!$username or !$password) { // Don't allow blank usernames or passwords
+ return false;
+ }
+
+ // CAS-supplied auth tokens override LDAP auth
+ if ($CFG->auth == "cas" and !empty($CFG->cas_enabled)) {
+ return cas_ldap_auth_user_login($username, $password);
+ }
+
+ $ldapconnection = $this->ldap_connect();
+
+ if ($ldapconnection) {
+ $ldap_user_dn = $this->ldap_find_userdn($ldapconnection, $username);
+
+ //if ldap_user_dn is empty, user does not exist
+ if (!$ldap_user_dn) {
+ ldap_close($ldapconnection);
+ return false;
+ }
+
+ // Try to bind with current username and password
+ $ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, stripslashes($password));
+ ldap_close($ldapconnection);
+ if ($ldap_login) {
+ return true;
+ }
+ }
+ else {
+ @ldap_close($ldapconnection);
+ error("LDAP-module cannot connect to server: $this->config->host_url");
+ }
+ return false;
+ }
+
+ /**
+ * reads userinformation from ldap and return it in array()
+ *
+ * Read user information from external database and returns it as array().
+ * Function should return all information available. If you are saving
+ * this information to moodle user-table you should honor syncronization flags
+ *
+ * @param string $username username
+ * @return array
+ */
+ function get_userinfo($username) {
+ global $CFG;
+ $ldapconnection = $this->ldap_connect();
+ $config = (array)$CFG;
+ $attrmap = $this->ldap_attributes();
+
+ $result = array();
+ $search_attribs = array();
+
+ foreach ($attrmap as $key=>$values) {
+ if (!is_array($values)) {
+ $values = array($values);
+ }
+ foreach ($values as $value) {
+ if (!in_array($value, $search_attribs)) {
+ array_push($search_attribs, $value);
+ }
+ }
+ }
+
+ $user_dn = $this->ldap_find_userdn($ldapconnection, $username);
+
+ if (empty($this->config->objectclass)) { // Can't send empty filter
+ $this->config->objectclass="objectClass=*";
+ }
+
+ $user_info_result = ldap_read($ldapconnection, $user_dn, $this->config->objectclass, $search_attribs);
+
+ if ($user_info_result) {
+ $user_entry = $this->ldap_get_entries($ldapconnection, $user_info_result);
+ foreach ($attrmap as $key=>$values) {
+ if (!is_array($values)) {
+ $values = array($values);
+ }
+ $ldapval = NULL;
+ foreach ($values as $value) {
+ if (is_array($user_entry[0][strtolower($value)])) {
+ if (!empty($CFG->unicodedb)) {
+ $newval = addslashes(stripslashes($user_entry[0][strtolower($value)][0]));
+ }
+ else {
+ $newval = addslashes(stripslashes(utf8_decode($user_entry[0][strtolower($value)][0])));
+ }
+ }
+ else {
+ if (!empty($CFG->unicodedb)) {
+ $newval = addslashes(stripslashes($user_entry[0][strtolower($value)]));
+ }
+ else {
+ $newval = addslashes(stripslashes(utf8_decode($user_entry[0][strtolower($value)])));
+ }
+ }
+ if (!empty($newval)) { // favour ldap entries that are set
+ $ldapval = $newval;
+ }
+ }
+ if (!is_null($ldapval)) {
+ $result[$key] = $ldapval;
+ }
+ }
+ }
+
+ @ldap_close($ldapconnection);
+
+ return $result;
+ }
+
+ /**
+ * reads userinformation from ldap and return it in an object
+ *
+ * @param string $username username
+ * @return array
+ */
+ function get_userinfo_asobj($username) {
+ $user_array = truncate_userinfo($this->get_userinfo($username));
+ $user = new object;
+ foreach ($user_array as $key=>$value) {
+ $user->{$key} = $value;
+ }
+ return $user;
+ }
+
+ /**
+ * returns all usernames from external database
+ *
+ * get_userlist returns all usernames from external database
+ *
+ * @return array
+ */
+ function get_userlist() {
+ global $CFG;
+ $this->ldap_init();
+ return $this->ldap_get_userlist("({$this->config->user_attribute}=*)");
+ }
+
+ /**
+ * checks if user exists on external db
+ */
+ function user_exists($username) {
+ global $CFG;
+ $this->ldap_init();
+ //returns true if given usernname exist on ldap
+ $users = $this->ldap_get_userlist("({$this->config->user_attribute}=$username)");
+ return count($users);
+ }
+
+ /**
+ * creates new user on external database
+ *
+ * user_create() creates new user on external database
+ * By using information in userobject
+ * Use user_exists to prevent dublicate usernames
+ *
+ * @param mixed $userobject Moodle userobject
+ * @param mixed $plainpass Plaintext password
+ */
+ function user_create($userobject, $plainpass) {
+ global $CFG;
+ $ldapconnection = $this->ldap_connect();
+ $attrmap = $this->ldap_attributes();
+
+ $newuser = array();
+
+ foreach ($attrmap as $key => $values) {
+ if (!is_array($values)) {
+ $values = array($values);
+ }
+ foreach ($values as $value) {
+ if (!empty($userobject->$key) ) {
+ if (!empty($CFG->unicodedb)) {
+ $newuser[$value] = $userobject->$key;
+ }
+ else {
+ $newuser[$value] = utf8_encode($userobject->$key);
+ }
+ }
+ }
+ }
+
+ //Following sets all mandatory and other forced attribute values
+ //User should be creted as login disabled untill email confirmation is processed
+ //Feel free to add your user type and send patches to paca@sci.fi to add them
+ //Moodle distribution
+
+ switch ($this->config->user_type) {
+ case 'edir':
+ $newuser['objectClass']= array("inetOrgPerson","organizationalPerson","person","top");
+ $newuser['uniqueId']= $userobject->username;
+ $newuser['logindisabled']="TRUE";
+ $newuser['userpassword']=$plainpass;
+ break;
+ default:
+ error('auth: ldap user_create() does not support selected usertype:"'.$this->config->user_type.'" (..yet)');
+ }
+ $uadd = $this->ldap_add($ldapconnection, "{$this->config->user_attribute}={$userobject->username},{$this->config->create_context}", $newuser);
+ ldap_close($ldapconnection);
+ return $uadd;
+
+ }
+
+ /**
+ *
+ * get_users() returns userobjects from external database
+ *
+ * Function returns users from external databe as Moodle userobjects
+ * If filter is not present it should return ALL users in external database
+ *
+ * @param mixed $filter substring of username
+ * @returns array of userobjects
+ */
+ function get_users($filter = '*', $dontlistcreated = false) {
+ global $CFG;
+
+ $ldapconnection = $this->ldap_connect();
+ $fresult = array();
+
+ if ($filter=="*") {
+ $filter = "(&(".$this->config->user_attribute."=*)(".$this->config->objectclass."))";
+ }
+
+ $contexts = explode(";",$this->config->contexts);
+
+ if (!empty($this->config->create_context) and empty($dontlistcreated)) {
+ array_push($contexts, $this->config->create_context);
+ }
+
+ $attrmap = $this->ldap_attributes();
+
+ $search_attribs = array();
+
+ foreach ($attrmap as $key=>$values) {
+ if (!is_array($values)) {
+ $values = array($values);
+ }
+ foreach ($values as $value) {
+ if (!in_array($value, $search_attribs)) {
+ array_push($search_attribs, $value);
+ }
+ }
+ }
+
+
+ foreach ($contexts as $context) {
+
+ $context = trim($context);
+ if (empty($context)) {
+ continue;
+ }
+
+ if ($this->config->search_sub) {
+ //use ldap_search to find first user from subtree
+ $ldap_result = ldap_search($ldapconnection, $context,
+ $filter,
+ $search_attribs);
+ }
+ else {
+ //search only in this context
+ $ldap_result = ldap_list($ldapconnection, $context,
+ $filter,
+ $search_attribs);
+ }
+
+ $users = $this->ldap_get_entries($ldapconnection, $ldap_result);
+
+ //add found users to list
+ foreach ($users as $ldapuser=>$attribs) {
+ $user = new object();
+ foreach ($attrmap as $key=>$value) {
+ if (isset($users[$ldapuser][$value][0])) {
+ $user->$key=$users[$ldapuser][$value][0];
+ }
+ }
+ //quick way to get around binarystrings
+ $user->guid=bin2hex($user->guid);
+ //add authentication source stamp
+ $user->auth = AUTH_LDAP_NAME;
+ $fresult[$user->username]=$user;
+
+ }
+ }
+
+ return $fresult;
+ }
+
+ /**
+ * return number of days to user password expires
+ *
+ * If userpassword does not expire it should return 0. If password is already expired
+ * it should return negative value.
+ *
+ * @param mixed $username username
+ * @return integer
+ */
+ function password_expire($username) {
+ global $CFG ;
+ $result = false;
+
+ $ldapconnection = $this->ldap_connect();
+ $user_dn = $this->ldap_find_userdn($ldapconnection, $username);
+ $search_attribs = array($this->config->expireattr);
+ $sr = ldap_read($ldapconnection, $user_dn, 'objectclass=*', $search_attribs);
+ if ($sr) {
+ $info=$this->ldap_get_entries($ldapconnection, $sr);
+ if ( empty($info[0][strtolower($this->config->expireattr)][0])) {
+ //error_log("ldap: no expiration value".$info[0][$this->config->expireattr]);
+ // no expiration attribute, password does not expire
+ $result = 0;
+ }
+ else {
+ $now = time();
+ $expiretime = $this->ldap_expirationtime2unix($info[0][strtolower($this->config->expireattr)][0]);
+ if ($expiretime > $now) {
+ $result = ceil(($expiretime - $now) / DAYSECS);
+ }
+ else {
+ $result = floor(($expiretime - $now) / DAYSECS);
+ }
+ }
+ }
+ else {
+ error_log("ldap: password_expire did't find expiration time.");
+ }
+
+ //error_log("ldap: password_expire user $user_dn expires in $result days!");
+ return $result;
+ }
+
+ /**
+ * syncronizes user fron external db to moodle user table
+ *
+ * Sync shouid be done by using idnumber attribute, not username.
+ * You need to pass firstsync parameter to function to fill in
+ * idnumbers if they dont exists in moodle user table.
+ *
+ * Syncing users removes (disables) users that dont exists anymore in external db.
+ * Creates new users and updates coursecreator status of users.
+ *
+ * @param mixed $firstsync Optional: set to true to fill idnumber fields if not filled yet
+ */
+ function sync_users ($bulk_insert_records = 1000, $do_updates = 1) {
+ //Syncronizes userdb with ldap
+ //This will add, rename
+ /// OPTIONAL PARAMETERS
+ /// $bulk_insert_records = 1 // will insert $bulkinsert_records per insert statement
+ /// valid only with $unsafe. increase to a couple thousand for
+ /// blinding fast inserts -- but test it: you may hit mysqld's
+ /// max_allowed_packet limit.
+ /// $do_updates = 1 // will do pull in data updates from ldap if relevant
+
+
+ global $CFG ;
+
+ // configure a temp table
+ print "Configuring temp table\n";
+ if (strtolower($CFG->dbtype) === 'mysql') {
+ // help old mysql versions cope with large temp tables
+ execute_sql('SET SQL_BIG_TABLES=1', false);
+ execute_sql('CREATE TEMPORARY TABLE ' . $CFG->prefix .'extuser (idnumber VARCHAR(64), PRIMARY KEY (idnumber)) TYPE=MyISAM',false);
+ }
+ elseif (strtolower($CFG->dbtype) === 'postgres7') {
+ $bulk_insert_records = 1; // no support for multiple sets of values
+ execute_sql('CREATE TEMPORARY TABLE '.$CFG->prefix.'extuser (idnumber VARCHAR(64), PRIMARY KEY (idnumber))',false);
+ }
+
+ print "connecting to ldap\n";
+ $ldapconnection = $this->ldap_connect();
+
+ if (!$ldapconnection) {
+ @ldap_close($ldapconnection);
+ notify("LDAP-module cannot connect to server: $CFG->ldap_host_url");
+ return false;
+ }
+
+ ////
+ //// get user's list from ldap to sql in a scalable fashion
+ ////
+ // prepare some data we'll need
+ if (! empty($this->config->objectclass)) {
+ $this->config->objectclass="objectClass=*";
+ }
+
+ $filter = "(&(".$this->config->user_attribute."=*)(".$this->config->objectclass."))";
+
+ $contexts = explode(";",$this->config->contexts);
+
+ if (!empty($this->config->create_context)) {
+ array_push($contexts, $this->config->create_context);
+ }
+
+ $fresult = array();
+ $count = 0;
+ foreach ($contexts as $context) {
+ $context = trim($context);
+ if (empty($context)) {
+ continue;
+ }
+ begin_sql();
+ if ($this->config->search_sub) {
+ //use ldap_search to find first user from subtree
+ $ldap_result = ldap_search($ldapconnection, $context,
+ $filter,
+ array($this->config->user_attribute));
+ }
+ else {
+ //search only in this context
+ $ldap_result = ldap_list($ldapconnection, $context,
+ $filter,
+ array($this->config->user_attribute));
+ }
+
+ if ($entry = ldap_first_entry($ldapconnection, $ldap_result)) {
+ do {
+ $value = ldap_get_values_len($ldapconnection, $entry,$this->config->user_attribute);
+ $value = $value[0];
+ $count++;
+ array_push($fresult, $value);
+ if (count($fresult) >= $bulk_insert_records) {
+ $this->ldap_bulk_insert($fresult);
+ //print var_dump($fresult);
+ $fresult=array();
+ }
+ }
+ while ($entry = ldap_next_entry($ldapconnection, $entry));
+ }
+
+ // insert any remaining users and release mem
+ if (count($fresult)) {
+ $this->ldap_bulk_insert($fresult);
+ $fresult=array();
+ }
+ commit_sql();
+ }
+ // free mem
+ $ldap_results = 0;
+
+ /// preserve our user database
+ /// if the temp table is empty, it probably means that something went wrong, exit
+ /// so as to avoid mass deletion of users; which is hard to undo
+ $count = get_record_sql('SELECT COUNT(idnumber) AS count, 1 FROM ' . $CFG->prefix .'extuser');
+ $count = $count->{'count'};
+ if ($count < 1) {
+ print "Did not get any users from LDAP -- error? -- exiting\n";
+ exit;
+ }
+
+ ////
+ //// User removal
+ ////
+ // find users in DB that aren't in ldap -- to be removed!
+ // this is still not as scalable
+ $sql = 'SELECT u.id, u.username
+ FROM ' . $CFG->prefix .'user u LEFT JOIN ' . $CFG->prefix .'extuser e
+ ON u.idnumber = e.idnumber
+ WHERE u.auth=\'' . AUTH_LDAP_NAME . '\' AND u.deleted=\'0\' AND e.idnumber IS NULL';
+ //print($sql);
+ $remove_users = get_records_sql($sql);
+
+ if (!empty($remove_users)) {
+ print "User entries to remove: ". count($remove_users) . "\n";
+
+ begin_sql();
+ foreach ($remove_users as $user) {
+ //following is copy pasted from admin/user.php
+ //maybe this should moved to function in lib/datalib.php
+ unset($updateuser);
+ $updateuser->id = $user->id;
+ $updateuser->deleted = '1';
+ //$updateuser->username = "$user->username".time(); // Remember it just in case
+ //$updateuser->email = ''; // Clear this field to free it up
+ $updateuser->timemodified = time();
+ if (update_record("user", $updateuser)) {
+ // unenrol_student($user->id); // From all courses
+ // remove_teacher($user->id); // From all courses
+ // remove_admin($user->id);
+ delete_records('role_assignments', 'userid', $user->id); // unassign all roles
+ notify(get_string('deletedactivity', '', fullname($user, true)) );
+ }
+ else {
+ notify(get_string('deletednot', '', fullname($user, true)));
+ }
+ //copy pasted part ends
+ }
+ commit_sql();
+ }
+ $remove_users = 0; // free mem!
+
+ ////
+ //// User Updates
+ //// (time-consuming, optional)
+ ////
+ if ($do_updates) {
+ // narrow down what fields we need to update
+ $all_keys = array_keys(get_object_vars($this->config));
+ $updatekeys = array();
+ foreach ($all_keys as $key) {
+ if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
+ // if we have a field to update it from
+ // and it must be updated 'onlogin' we
+ // update it on cron
+ if ( !empty($this->config->{'field_map_'.$match[1]})
+ and $this->config->{$match[0]} === 'onlogin') {
+ array_push($updatekeys, $match[1]); // the actual key name
+ }
+ }
+ }
+ // print_r($all_keys); print_r($updatekeys);
+ unset($all_keys); unset($key);
+
+ }
+ if ( $do_updates and !(empty($updatekeys)) ) { // run updates only if relevant
+ $users = get_records_sql('SELECT u.username, u.id FROM ' . $CFG->prefix . 'user u WHERE u.deleted=0 and u.auth=\'' . AUTH_LDAP_NAME . '\'' );
+ if (!empty($users)) {
+ print "User entries to update: ". count($users). "\n";
+ $sitecontext = get_context_instance(CONTEXT_SYSTEM);
+
+ if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
+ $creatorrole = array_shift($creatorroles); // We can only use one, let's use the first one
+
+ begin_sql();
+ $xcount = 0;
+ $maxxcount = 100;
+
+ foreach ($users as $user) {
+ echo "updating user $user->username \n";
+ $this->update_user_record($user->username, $updatekeys);
+
+ // update course creators
+ if (!empty($this->config->creators) and !empty($this->config->memberattribute) ) {
+ if ($this->iscreator($user->username)) { // Following calls will not create duplicates
+ role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'ldap');
+ $xcount++;
+ } else {
+ role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
+ $xcount++;
+ }
+ }
+
+ if ($xcount++ > $maxxcount) {
+ commit_sql();
+ begin_sql();
+ $xcount = 0;
+ }
+ }
+ commit_sql();
+ unset($users); // free mem
+ }
+ }
+ } // end do updates
+
+ ////
+ //// User Additions
+ ////
+ // find users missing in DB that are in LDAP
+ // note that get_records_sql wants at least 2 fields returned,
+ // and gives me a nifty object I don't want.
+ $sql = 'SELECT e.idnumber,1
+ FROM ' . $CFG->prefix .'extuser e LEFT JOIN ' . $CFG->prefix .'user u
+ ON e.idnumber = u.idnumber
+ WHERE u.id IS NULL OR (u.id IS NOT NULL AND u.deleted=1)';
+ $add_users = get_records_sql($sql); // get rid of the fat
+
+ if (!empty($add_users)) {
+ print "User entries to add: ". count($add_users). "\n";
+
+ if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
+ $creatorrole = array_shift($roles); // We can only use one, let's use the first one
+ }
+
+ begin_sql();
+ foreach ($add_users as $user) {
+ $user = $this->get_userinfo_asobj($user->idnumber);
+ //print $user->username . "\n";
+
+ // prep a few params
+ $user->modified = time();
+ $user->confirmed = 1;
+ $user->auth = AUTH_LDAP_NAME;
+
+ // insert it
+ $old_debug=$CFG->debug;
+ $CFG->debug=10;
+
+ // maybe the user has been deleted before
+ if ($old_user = get_record('user', 'idnumber', $user->idnumber, 'deleted', 1)) {
+ $user->id = $old_user->id;
+ set_field('user', 'deleted', 0, 'idnumber', $user->idnumber);
+ echo "Revived user $user->username with idnumber $user->idnumber id $user->id\n";
+ }
+ elseif ($id = insert_record('user',$user)) { // it is truly a new user
+ echo "inserted user $user->username with idnumber $user->idnumber id $id\n";
+ $user->id = $id;
+ }
+ else {
+ echo "error inserting user $user->username with idnumber $user->idnumber \n";
+ }
+ $CFG->debug = $old_debug;
+ $userobj = $this->update_user_record($user->username);
+ if (isset($this->config->forcechangepassword) and $this->config->forcechangepassword) {
+ set_user_preference('auth_forcepasswordchange', 1, $userobj->id);
+ }
+
+ // update course creators
+ if (isset($creatorrole->id) and !empty($this->config->creators) and !empty($this->config->memberattribute)) {
+ if ($this->iscreator($user->username)) {
+ if (user_has_role_assignment($user->id, $creatorrole->id, $sitecontext->id)) {
+ role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
+ } else {
+ role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'ldap');
+ }
+ }
+ }
+ }
+ commit_sql();
+ unset($add_users); // free mem
+ }
+ return true;
+ }
+
+ /**
+ * Update a local user record from an external source.
+ * This is a lighter version of the one in moodlelib -- won't do
+ * expensive ops such as enrolment.
+ *
+ * If you don't pass $updatekeys, there is a performance hit and
+ * values removed from LDAP won't be removed from moodle.
+ */
+ function update_user_record($username, $updatekeys = false) {
+
+ global $CFG;
+
+ //just in case check text case
+ $username = trim(moodle_strtolower($username));
+
+ // get the current user record
+ $user = get_record('user', 'username', $username);
+ if (empty($user)) { // trouble
+ error_log("Cannot update non-existent user: $username");
+ die;
+ }
+
+ if (function_exists('auth_get_userinfo')) {
+ if ($newinfo = auth_get_userinfo($username)) {
+ $newinfo = truncate_userinfo($newinfo);
+
+ if (empty($updatekeys)) { // all keys? this does not support removing values
+ $updatekeys = array_keys($newinfo);
+ }
+
+ foreach ($updatekeys as $key) {
+ unset($value);
+ if (isset($newinfo[$key])) {
+ $value = $newinfo[$key];
+ $value = addslashes(stripslashes($value)); // Just in case
+ }
+ else {
+ $value = '';
+ }
+ if (!empty($this->config->{'field_updatelocal_' . $key})) {
+ if ($user->{$key} != $value) { // only update if it's changed
+ set_field('user', $key, $value, 'username', $username);
+ }
+ }
+ }
+ }
+ }
+ return get_record_select("user", "username = '$username' AND deleted <> '1'");
+ }
+
+ function ldap_bulk_insert($users) {
+ // bulk insert in SQL's temp table
+ // $users is an array of usernames
+ global $CFG;
+
+ // bulk insert -- superfast with $bulk_insert_records
+ $sql = 'INSERT INTO '.$CFG->prefix.'extuser (idnumber) VALUES ';
+ // make those values safe
+ array_map('addslashes', $users);
+ // join and quote the whole lot
+ $sql = $sql . '(\'' . join('\'),(\'', $users) . '\')';
+ print "+ " . count($users) . " users\n";
+ execute_sql($sql, false);
+
+ }
+
+
+ /*
+ * user_activate activates user in external db.
+ *
+ * Activates (enables) user in external db so user can login to external db
+ *
+ * @param mixed $username username
+ * @return boolen result
+ */
+ function user_activate($username) {
+
+ global $CFG;
+
+ $ldapconnection = $this->ldap_connect();
+
+ $userdn = $this->ldap_find_userdn($ldapconnection, $username);
+ switch ($this->config->user_type) {
+ case 'edir':
+ $newinfo['loginDisabled']="FALSE";
+ break;
+ default:
+ error ('auth: ldap user_activate() does not support selected usertype:"'.$this->config->user_type.'" (..yet)');
+ }
+ $result = ldap_modify($ldapconnection, $userdn, $newinfo);
+ ldap_close($ldapconnection);
+ return $result;
+ }
+
+ /*
+ * user_disables disables user in external db.
+ *
+ * Disables user in external db so user can't login to external db
+ *
+ * @param mixed $username username
+ * @return boolean result
+ */
+ function user_disable($username) {
+ global $CFG;
+
+ $ldapconnection = $this->ldap_connect();
+
+ $userdn = $this->ldap_find_userdn($ldapconnection, $username);
+ switch ($this->config->user_type) {
+ case 'edir':
+ $newinfo['loginDisabled']="TRUE";
+ break;
+ default:
+ error ('auth: ldap user_disable() does not support selected usertype (..yet)');
+ }
+ $result = ldap_modify($ldapconnection, $userdn, $newinfo);
+ ldap_close($ldapconnection);
+ return $result;
+ }
+
+ /*
+ * Returns true if user should be coursecreator.
+ *
+ * @param mixed $username username
+ * @return boolean result
+ */
+ function iscreator($username = false) {
+ ///if user is member of creator group return true
+ global $USER, $CFG;
+ $this->ldap_init();
+ if (! $username) {
+ $username = $USER->username;
+ }
+ if ((! $this->config->creators) or (! $this->config->memberattribute)) {
+ return null;
+ }
+ return $this->ldap_isgroupmember($username, $this->config->creators);
+ }
+
+ /*
+ * user_update saves userinformation from moodle to external db
+ *
+ * Called when the user record is updated.
+ * Modifies user in external database. It takes olduser (before changes) and newuser (after changes)
+ * conpares information saved modified information to external db.
+ *
+ * @param mixed $olduser Userobject before modifications
+ * @param mixed $newuser Userobject new modified userobject
+ * @return boolean result
+ *
+ */
+ function user_update($olduser, $newuser) {
+
+ global $USER, $CFG;
+
+ $ldapconnection = $this->ldap_connect();
+
+ $result = array();
+ $search_attribs = array();
+
+ $attrmap = $this->ldap_attributes();
+ foreach ($attrmap as $key => $values) {
+ if (!is_array($values)) {
+ $values = array($values);
+ }
+ foreach ($values as $value) {
+ if (!in_array($value, $search_attribs)) {
+ array_push($search_attribs, $value);
+ }
+ }
+ }
+
+ $user_dn = $this->ldap_find_userdn($ldapconnection, $olduser->username);
+
+ $user_info_result = ldap_read($ldapconnection, $user_dn,
+ $this->config->objectclass, $search_attribs);
+
+ if ($user_info_result) {
+
+ $user_entry = $this->ldap_get_entries($ldapconnection, $user_info_result);
+ if (count($user_entry) > 1) {
+ trigger_error("ldap: Strange! More than one user record found in ldap. Only using the first one.");
+ }
+ $user_entry = $user_entry[0];
+
+ //error_log(var_export($user_entry) . 'fpp' );
+
+ foreach ($attrmap as $key => $ldapkeys) {
+
+ // only process if the moodle field ($key) has changed and we
+ // are set to update LDAP with it
+ if ($olduser->$key !== $newuser->$key and
+ !empty($this->config->{'field_updateremote_'. $key})) {
+
+ // for ldap values that could be in more than one
+ // ldap key, we will do our best to match
+ // where they came from
+ $ambiguous = true;
+ $changed = false;
+ if (!is_array($ldapkeys)) {
+ $ldapkeys = array($ldapkeys);
+ }
+ if (count($ldapkeys) < 2) {
+ $ambiguous = false;
+ }
+
+ foreach ($ldapkeys as $ldapkey) {
+ $ldapkey = strtolower($ldapkey);
+ $ldapvalue = $user_entry[$ldapkey][0];
+ if (!$ambiguous) {
+ // skip update if the values already match
+ if ( !($newuser->$key === $ldapvalue) ) {
+ ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key));
+ }
+ else {
+ error_log("Skip updating field $key for entry $user_dn: it seems to be already same on LDAP.
+ old moodle value: '{$olduser->$key}'
+ new value: '{$newuser->$key}'
+ current value in ldap entry: '{$ldapvalue}'");
+ }
+ }
+ else {
+ // ambiguous
+ // value empty before in Moodle (and LDAP) - use 1st ldap candidate field
+ // no need to guess
+ if (empty($olduser->$key)) { // value empty before - use 1st ldap candidate
+ if (ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key))) {
+ $changed = true;
+ last;
+ }
+ else {
+ error ('Error updating LDAP record. Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+ }
+
+ // we found which ldap key to update!
+ if (!empty($ldapvalue) and $olduser->$key === $ldapvalue ) {
+ // error_log("Matched: ". $olduser->$key . " === " . $ldapvalue);
+ if (ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key))) {
+ $changed = true;
+ last;
+ }
+ else {
+ error ('Error updating LDAP record. Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+ }
+ }
+ }
+
+ if ($ambiguous and !$changed) {
+ error_log("Failed to update LDAP with ambiguous field $key".
+ " old moodle value: '" . $olduser->$key .
+ "' new value '" . $newuser->$key );
+ }
+ }
+ }
+
+
+ }
+ else {
+ error_log("ERROR:No user found in LDAP");
+ @ldap_close($ldapconnection);
+ return false;
+ }
+
+ @ldap_close($ldapconnection);
+
+ return true;
+
+ }
+
+ /*
+ * changes userpassword in external db
+ *
+ * called when the user password is updated.
+ * changes userpassword in external db
+ *
+ * @param mixed $username Username
+ * @param mixed $newpassword Plaintext password
+ * @param mixed $oldpassword Plaintext old password to bind ldap with
+ * @return boolean result
+ *
+ */
+ // function user_update_password($username, $newpassword) {
+ function user_update_password($user, $newpassword) {
+ /// called when the user password is updated -- it assumes it is called by an admin
+ /// or that you've otherwise checked the user's credentials
+ /// IMPORTANT: $newpassword must be cleartext, not crypted/md5'ed
+
+ global $CFG, $USER;
+ $result = false;
+ $username = $user->username;
+
+ $ldapconnection = $this->ldap_connect();
+
+ $user_dn = $this->ldap_find_userdn($ldapconnection, $username);
+
+ if (!$user_dn) {
+ error_log('LDAP Error in user_update_password(). No DN for: ' . $username);
+ return false;
+ }
+
+ switch ($this->config->user_type) {
+ case 'edir':
+ //Change password
+ $result = ldap_modify($ldapconnection, $user_dn, array('userPassword' => $newpassword));
+ if (!$result) {
+ error_log('LDAP Error in user_update_password(). Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+ //Update password expiration time, grace logins count
+ $search_attribs = array($this->config->expireattr, 'passwordExpirationInterval','loginGraceLimit' );
+ $sr = ldap_read($ldapconnection, $user_dn, 'objectclass=*', $search_attribs);
+ if ($sr) {
+ $info=$this->ldap_get_entries($ldapconnection, $sr);
+ $newattrs = array();
+ if (!empty($info[0][$this->config->expireattr][0])) {
+ //Set expiration time only if passwordExpirationInterval is defined
+ if (!empty($info[0]['passwordExpirationInterval'][0])) {
+ $expirationtime = time() + $info[0]['passwordExpirationInterval'][0];
+ $ldapexpirationtime = $this->ldap_unix2expirationtime($expirationtime);
+ $newattrs['passwordExpirationTime'] = $ldapexpirationtime;
+ }
+
+ //set gracelogin count
+ if (!empty($info[0]['loginGraceLimit'][0])) {
+ $newattrs['loginGraceRemaining']= $info[0]['loginGraceLimit'][0];
+ }
+
+ //Store attribute changes to ldap
+ $result = ldap_modify($ldapconnection, $user_dn, $newattrs);
+ if (!$result) {
+ error_log('LDAP Error in user_update_password() when modifying expirationtime and/or gracelogins. Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+ }
+ }
+ else {
+ error_log('LDAP Error in user_update_password() when reading password expiration time. Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+ break;
+
+ default:
+ $usedconnection = &$ldapconnection;
+ // send ldap the password in cleartext, it will md5 it itself
+ $result = ldap_modify($ldapconnection, $user_dn, array('userPassword' => $newpassword));
+ if (!$result) {
+ error_log('LDAP Error in user_update_password(). Error code: '
+ . ldap_errno($ldapconnection) . '; Error string : '
+ . ldap_err2str(ldap_errno($ldapconnection)));
+ }
+
+ }
+
+ @ldap_close($ldapconnection);
+ return $result;
+ }
+
+ //PRIVATE FUNCTIONS starts
+ //private functions are named as ldap_*
+
+ /**
+ * returns predefined usertypes
+ *
+ * @return array of predefined usertypes
+ */
+
+ function ldap_suppported_usertypes() {
+ // returns array of supported usertypes (schemas)
+ // If you like to add our own please name and describe it here
+ // And then add case clauses in relevant places in functions
+ // iauth_ldap_init, auth_user_create, auth_check_expire, auth_check_grace
+ $types['edir']='Novell Edirectory';
+ $types['rfc2307']='posixAccount (rfc2307)';
+ $types['rfc2307bis']='posixAccount (rfc2307bis)';
+ $types['samba']='sambaSamAccount (v.3.0.7)';
+ $types['ad']='MS ActiveDirectory';
+ return $types;
+ }
+
+
+ /**
+ * initializes needed variables for ldap-module
+ *
+ * Uses names defined in ldap_supported_usertypes.
+ * $default is first defined as:
+ * $default['pseudoname'] = array(
+ * 'typename1' => 'value',
+ * 'typename2' => 'value'
+ * ....
+ * );
+ *
+ * @return array of default values
+ */
+ function ldap_getdefaults() {
+ $default['objectclass'] = array(
+ 'edir' => 'User',
+ 'rfc2703' => 'posixAccount',
+ 'rfc2703bis' => 'posixAccount',
+ 'samba' => 'sambaSamAccount',
+ 'ad' => 'user',
+ 'default' => '*'
+ );
+ $default['user_attribute'] = array(
+ 'edir' => 'cn',
+ 'rfc2307' => 'uid',
+ 'rfc2307bis' => 'uid',
+ 'samba' => 'uid',
+ 'ad' => 'cn',
+ 'default' => 'cn'
+ );
+ $default['memberattribute'] = array(
+ 'edir' => 'member',
+ 'rfc2307' => 'member',
+ 'rfc2307bis' => 'member',
+ 'samba' => 'member',
+ 'ad' => 'member',
+ 'default' => 'member'
+ );
+ $default['memberattribute_isdn'] = array(
+ 'edir' => '1',
+ 'rfc2307' => '0',
+ 'rfc2307bis' => '1',
+ 'samba' => '0', //is this right?
+ 'ad' => '1',
+ 'default' => '0'
+ );
+ $default['expireattr'] = array (
+ 'edir' => 'passwordExpirationTime',
+ 'rfc2307' => 'shadowExpire',
+ 'rfc2307bis' => 'shadowExpire',
+ 'samba' => '', //No support yet
+ 'ad' => '', //No support yet
+ 'default' => ''
+ );
+ return $default;
+ }
+
+ /**
+ * return binaryfields of selected usertype
+ *
+ *
+ * @return array
+ */
+ function ldap_getbinaryfields () {
+ global $CFG;
+ $binaryfields = array (
+ 'edir' => array('guid'),
+ 'rfc2703' => array(),
+ 'rfc2703bis' => array(),
+ 'samba' => array(),
+ 'ad' => array(),
+ 'default' => '*'
+ );
+ if (!empty($this->config->user_type)) {
+ return $binaryfields[$this->config->user_type];
+ }
+ else {
+ return $binaryfields['default'];
+ }
+ }
+
+ function ldap_isbinary ($field) {
+ if (!isset($field)) {
+ return null ;
+ }
+ return array_search($field, $this->ldap_getbinaryfields());
+ }
+
+ /**
+ * set $CFG-values for ldap_module
+ *
+ * Get default configuration values with ldap_getdefaults()
+ * and by using this information $CFG-> values are set
+ * If $CFG->value is alredy set current value is honored.
+ *
+ *
+ */
+ function ldap_init () {
+ global $CFG;
+
+ $default = $this->ldap_getdefaults();
+
+ // TODO: do we need set_config calls here?
+
+ foreach ($default as $key => $value) {
+ //set defaults if overriding fields not set
+ if (empty($this->config->{$key})) {
+ if (!empty($this->config->user_type) and !empty($default[$key][$this->config->user_type])) {
+ $this->config->{$key} = $default[$key][$this->config->user_type];
+ }
+ else {
+ //use default value if user_type not set
+ if (!empty($default[$key]['default'])) {
+ $this->config->{$key} = $default[$key]['default'];
+ }
+ else {
+ unset($this->config->{$key});
+ }
+ }
+ }
+ }
+ //hack prefix to objectclass
+ if ('objectClass=' != substr($this->config->objectclass, 0, 12)) {
+ $this->config->objectclass = 'objectClass='.$this->config->objectclass;
+ }
+
+ //all chages go in $CFG , no need to return value
+ }
+
+ /**
+ * take expirationtime and return it as unixseconds
+ *
+ * takes expriration timestamp as readed from ldap
+ * returns it as unix seconds
+ * depends on $config->user_type variable
+ *
+ * @param mixed time Time stamp readed from ldap as it is.
+ * @return timestamp
+ */
+ function ldap_expirationtime2unix ($time) {
+
+ global $CFG;
+ $result = false;
+ switch ($this->config->user_type) {
+ case 'edir':
+ $yr=substr($time,0,4);
+ $mo=substr($time,4,2);
+ $dt=substr($time,6,2);
+ $hr=substr($time,8,2);
+ $min=substr($time,10,2);
+ $sec=substr($time,12,2);
+ $result = mktime($hr,$min,$sec,$mo,$dt,$yr);
+ break;
+ case 'posix':
+ $result = $time * DAYSECS; //The shadowExpire contains the number of DAYS between 01/01/1970 and the actual expiration date
+ break;
+ default:
+ error('config.user_type not defined or function ldap_expirationtime2unix does not support selected type!');
+ }
+ return $result;
+ }
+
+ /**
+ * takes unixtime and return it formated for storing in ldap
+ *
+ * @param integer unix time stamp
+ */
+ function ldap_unix2expirationtime($time) {
+ global $CFG;
+ $result = false;
+ switch ($this->config->user_type) {
+ case 'edir':
+ $result=date('YmdHis', $time).'Z';
+ break;
+ case 'posix':
+ $result = $time ; //Already in correct format
+ break;
+ default:
+ error('config.user_type not defined or function ldap_unixi2expirationtime does not support selected type!');
+ }
+ return $result;
+
+ }
+
+ /*
+ * checks if user belong to specific group(s)
+ *
+ * Returns true if user belongs group in grupdns string.
+ *
+ * @param mixed $username username
+ * @param mixed $groupdns string of group dn separated by ;
+ *
+ */
+ function ldap_isgroupmember($username='', $groupdns='') {
+ // Takes username and groupdn(s) , separated by ;
+ // Returns true if user is member of any given groups
+
+ global $CFG ;
+ $result = false;
+ $ldapconnection = $this->ldap_connect();
+
+ if (empty($username) or empty($groupdns)) {
+ return $result;
+ }
+
+ if ($this->config->memberattribute_isdn) {
+ $username=$this->ldap_find_userdn($ldapconnection, $username);
+ }
+ if (! $username ) {
+ return $result;
+ }
+
+ $groups = explode(";",$groupdns);
+
+ foreach ($groups as $group) {
+ $group = trim($group);
+ if (empty($group)) {
+ continue;
+ }
+ //echo "Checking group $group for member $username\n";
+ $search = @ldap_read($ldapconnection, $group, '('.$this->config->memberattribute.'='.$username.')', array($this->config->memberattribute));
+
+ if (!empty($search) and ldap_count_entries($ldapconnection, $search)) {$info = $this->ldap_get_entries($ldapconnection, $search);
+
+ if (count($info) > 0 ) {
+ // user is member of group
+ $result = true;
+ break;
+ }
+ }
+ }
+
+ return $result;
+
+ }
+
+ /**
+ * connects to ldap server
+ *
+ * Tries connect to specified ldap servers.
+ * Returns connection result or error.
+ *
+ * @return connection result
+ */
+ function ldap_connect($binddn='',$bindpwd='') {
+ /// connects and binds to ldap-server
+ /// Returns connection result
+
+ global $CFG;
+ $this->ldap_init();
+
+ //Select bind password, With empty values use
+ //ldap_bind_* variables or anonymous bind if ldap_bind_* are empty
+ if ($binddn == '' and $bindpwd == '') {
+ if (!empty($this->config->bind_dn)) {
+ $binddn = $this->config->bind_dn;
+ }
+ if (!empty($this->config->bind_pw)) {
+ $bindpwd = $this->config->bind_pw;
+ }
+ }
+
+ $urls = explode(";",$this->config->host_url);
+
+ foreach ($urls as $server) {
+ $server = trim($server);
+ if (empty($server)) {
+ continue;
+ }
+
+ $connresult = ldap_connect($server);
+ //ldap_connect returns ALWAYS true
+
+ if (!empty($this->config->version)) {
+ ldap_set_option($connresult, LDAP_OPT_PROTOCOL_VERSION, $this->config->version);
+ }
+
+ if (!empty($binddn)) {
+ //bind with search-user
+ //$debuginfo .= 'Using bind user'.$binddn.'and password:'.$bindpwd;
+ $bindresult=ldap_bind($connresult, $binddn,$bindpwd);
+ }
+ else {
+ //bind anonymously
+ $bindresult=@ldap_bind($connresult);
+ }
+
+ if (!empty($this->config->opt_deref)) {
+ ldap_set_option($connresult, LDAP_OPT_DEREF, $this->config->opt_deref);
+ }
+
+ if ($bindresult) {
+ return $connresult;
+ }
+
+ $debuginfo .= "<br/>Server: '$server' <br/> Connection: '$connresult'<br/> Bind result: '$bindresult'</br>";
+ }
+
+ //If any of servers are alive we have already returned connection
+ error("LDAP-module cannot connect any LDAP servers : $debuginfo");
+ return false;
+ }
+
+ /**
+ * retuns dn of username
+ *
+ * Search specified contexts for username and return user dn
+ * like: cn=username,ou=suborg,o=org
+ *
+ * @param mixed $ldapconnection $ldapconnection result
+ * @param mixed $username username
+ *
+ */
+
+ function ldap_find_userdn ($ldapconnection, $username) {
+
+ global $CFG;
+
+ //default return value
+ $ldap_user_dn = FALSE;
+
+ //get all contexts and look for first matching user
+ $ldap_contexts = explode(";",$this->config->contexts);
+
+ if (!empty($this->config->create_context)) {
+ array_push($ldap_contexts, $this->config->create_context);
+ }
+
+ foreach ($ldap_contexts as $context) {
+
+ $context = trim($context);
+ if (empty($context)) {
+ continue;
+ }
+
+ if ($this->config->search_sub) {
+ //use ldap_search to find first user from subtree
+ $ldap_result = ldap_search($ldapconnection, $context, "(".$this->config->user_attribute."=".$username.")",array($this->config->user_attribute));
+
+ }
+ else {
+ //search only in this context
+ $ldap_result = ldap_list($ldapconnection, $context, "(".$this->config->user_attribute."=".$username.")",array($this->config->user_attribute));
+ }
+
+ $entry = ldap_first_entry($ldapconnection,$ldap_result);
+
+ if ($entry) {
+ $ldap_user_dn = ldap_get_dn($ldapconnection, $entry);
+ break ;
+ }
+ }
+
+ return $ldap_user_dn;
+ }
+
+ /**
+ * retuns user attribute mappings between moodle and ldap
+ *
+ * @return array
+ */
+
+ function ldap_attributes () {
+ $fields = array("firstname", "lastname", "email", "phone1", "phone2",
+ "department", "address", "city", "country", "description",
+ "idnumber", "lang" );
+ $moodleattributes = array();
+ foreach ($fields as $field) {
+ if (!empty($this->config->{"field_map_$field"})) {
+ $moodleattributes[$field] = $this->config->{"field_map_$field"};
+ if (preg_match('/,/',$moodleattributes[$field])) {
+ $moodleattributes[$field] = explode(',', $moodleattributes[$field]); // split ?
+ }
+ }
+ }
+ $moodleattributes['username'] = $this->config->user_attribute;
+ return $moodleattributes;
+ }
+
+ /**
+ * return all usernames from ldap
+ *
+ * @return array
+ */
+
+ function ldap_get_userlist($filter="*") {
+ /// returns all users from ldap servers
+ global $CFG;
+
+ $fresult = array();
+
+ $ldapconnection = $this->ldap_connect();
+
+ if ($filter=="*") {
+ $filter = "(&(".$this->config->user_attribute."=*)(".$this->config->objectclass."))";
+ }
+
+ $contexts = explode(";",$this->config->contexts);
+
+ if (!empty($this->config->create_context)) {
+ array_push($contexts, $this->config->create_context);
+ }
+
+ foreach ($contexts as $context) {
+
+ $context = trim($context);
+ if (empty($context)) {
+ continue;
+ }
+
+ if ($this->config->search_sub) {
+ //use ldap_search to find first user from subtree
+ $ldap_result = ldap_search($ldapconnection, $context,$filter,array($this->config->user_attribute));
+ }
+ else {
+ //search only in this context
+ $ldap_result = ldap_list($ldapconnection, $context,
+ $filter,
+ array($this->config->user_attribute));
+ }
+
+ $users = $this->ldap_get_entries($ldapconnection, $ldap_result);
+
+ //add found users to list
+ for ($i=0;$i<count($users);$i++) {
+ array_push($fresult, ($users[$i][$this->config->user_attribute][0]) );
+ }
+ }
+
+ return $fresult;
+ }
+
+ /**
+ * return entries from ldap
+ *
+ * Returns values like ldap_get_entries but is
+ * binary compatible and return all attributes as array
+ *
+ * @return array ldap-entries
+ */
+
+ function ldap_get_entries($conn, $searchresult) {
+ //Returns values like ldap_get_entries but is
+ //binary compatible
+ $i=0;
+ $fresult=array();
+ $entry = ldap_first_entry($conn, $searchresult);
+ do {
+ $attributes = @ldap_get_attributes($conn, $entry);
+ for ($j=0; $j<$attributes['count']; $j++) {
+ $values = ldap_get_values_len($conn, $entry,$attributes[$j]);
+ if (is_array($values)) {
+ $fresult[$i][$attributes[$j]] = $values;
+ }
+ else {
+ $fresult[$i][$attributes[$j]] = array($values);
+ }
+ }
+ $i++;
+ }
+ while ($entry = @ldap_next_entry($conn, $entry));
+ //were done
+ return ($fresult);
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return true;
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return $CFG->changepasswordurl; // TODO: will this be global?
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset($config->host_url))
+ { $config->host_url = ''; }
+ if (!isset($config->contexts))
+ { $config->contexts = ''; }
+ if (!isset($config->user_type))
+ { $config->user_type = ''; }
+ if (!isset($config->user_attribute))
+ { $config->user_attribute = ''; }
+ if (!isset($config->search_sub))
+ { $config->search_sub = ''; }
+ if (!isset($config->opt_deref))
+ { $config->opt_deref = ''; }
+ if (!isset($config->preventpassindb))
+ { $config->preventpassindb = 0; }
+ if (!isset($config->bind_dn))
+ {$config->bind_dn = ''; }
+ if (!isset($config->bind_pw))
+ {$config->bind_pw = ''; }
+ if (!isset($config->version))
+ {$config->version = '2'; }
+ if (!isset($config->objectclass))
+ {$config->objectclass = ''; }
+ if (!isset($config->memberattribute))
+ {$config->memberattribute = ''; }
+ if (!isset($config->creators))
+ {$config->creators = ''; }
+ if (!isset($config->create_context))
+ {$config->create_context = ''; }
+ if (!isset($config->expiration))
+ {$config->expiration = ''; }
+ if (!isset($config->expiration_warning))
+ {$config->expiration_warning = '10'; }
+ if (!isset($config->expireattr))
+ {$config->expireattr = ''; }
+ if (!isset($config->gracelogins))
+ {$config->gracelogins = ''; }
+ if (!isset($config->graceattr))
+ {$config->graceattr = ''; }
+ if (!isset($config->auth_user_create))
+ {$config->auth_user_create = ''; }
+ if (!isset($config->forcechangepassword))
+ {$config->forcechangepassword = false; }
+ if (!isset($config->stdchangepassword))
+ {$config->stdchangepassword = false; }
+ if (!isset($config->changepasswordurl))
+ {$config->changepasswordurl = ''; }
+
+ // save settings
+ set_config('host_url', $config->host_url, 'auth/ldap');
+ set_config('contexts', $config->contexts, 'auth/ldap');
+ set_config('user_type', $config->user_type, 'auth/ldap');
+ set_config('user_attribute', $config->user_attribute, 'auth/ldap');
+ set_config('search_sub', $config->search_sub, 'auth/ldap');
+ set_config('opt_deref', $config->opt_deref, 'auth/ldap');
+ set_config('preventpassindb', $config->preventpassindb, 'auth/ldap');
+ set_config('bind_dn', $config->bind_dn, 'auth/ldap');
+ set_config('bind_pw', $config->bind_pw, 'auth/ldap');
+ set_config('version', $config->version, 'auth/ldap');
+ set_config('objectclass', $config->objectclass, 'auth/ldap');
+ set_config('memberattribute', $config->memberattribute, 'auth/ldap');
+ set_config('creators', $config->creators, 'auth/ldap');
+ set_config('create_context', $config->create_context, 'auth/ldap');
+ set_config('expiration', $config->expiration, 'auth/ldap');
+ set_config('expiration_warning', $config->expiration_warning, 'auth/ldap');
+ set_config('expireattr', $config->expireattr, 'auth/ldap');
+ set_config('gracelogins', $config->gracelogins, 'auth/ldap');
+ set_config('graceattr', $config->graceattr, 'auth/ldap');
+ set_config('auth_user_create', $config->auth_user_create, 'auth/ldap');
+ set_config('forcechangepassword', $config->forcechangepassword, 'auth/ldap');
+ set_config('stdchangepassword', $config->stdchangepassword, 'auth/ldap');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/ldap');
+
+ return true;
+ }
+
+}
+
+?>
*/
-if(!empty($_SERVER['GATEWAY_INTERFACE'])){
+if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
error_log("should not be called from apache!");
exit;
}
require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->dirroot.'/lib/blocklib.php');
require_once($CFG->dirroot.'/mod/resource/lib.php');
-require_once($CFG->dirroot.'/auth/ldap/lib.php');
require_once($CFG->dirroot.'/mod/forum/lib.php');
$CFG->debug=10;
-auth_sync_users(1000, true );
-?>
\ No newline at end of file
+require_once($CFG->dirroot.'/lib/moodlelib.php');
+$ldapauth = get_auth_plugin('ldap');
+$ldapauth->sync_users(1000, true);
+
+?>
<?php
- // Initialize vars
- if (!isset($config->ldap_host_url))
- { $config->ldap_host_url = ''; }
- if (!isset($config->ldap_contexts))
- { $config->ldap_contexts = ''; }
- if (!isset($config->ldap_user_type))
- { $config->ldap_user_type = ''; }
- if (!isset($config->ldap_user_attribute))
- { $config->ldap_user_attribute = ''; }
- if (!isset($config->ldap_search_sub))
- { $config->ldap_search_sub = ''; }
- if (!isset($config->ldap_opt_deref))
- { $config->ldap_opt_deref = ''; }
- if (!isset($config->ldap_preventpassindb))
- { $config->ldap_preventpassindb = 0; }
- if (!isset($config->ldap_bind_dn))
- {$config->ldap_bind_dn = ''; }
- if (!isset($config->ldap_bind_pw))
- {$config->ldap_bind_pw = ''; }
- if (!isset($config->ldap_version))
- {$config->ldap_version = '2'; }
- if (!isset($config->ldap_objectclass))
- {$config->ldap_objectclass = ''; }
- if (!isset($config->ldap_memberattribute))
- {$config->ldap_memberattribute = ''; }
- if (!isset($config->ldap_creators))
- {$config->ldap_creators = ''; }
- if (!isset($config->ldap_create_context))
- {$config->ldap_create_context = ''; }
- if (!isset($config->ldap_expiration))
- {$config->ldap_expiration = ''; }
- if (!isset($config->ldap_expiration_warning))
- {$config->ldap_expiration_warning = '10'; }
- if (!isset($config->ldap_expireattr))
- {$config->ldap_expireattr = ''; }
- if (!isset($config->ldap_gracelogins))
- {$config->ldap_gracelogins = ''; }
- if (!isset($config->ldap_graceattr))
- {$config->ldap_graceattr = ''; }
+
+ $createoptions[0] = get_string("no");
+ $createoptions[1] = get_string("yes");
+
+ // set to defaults if undefined
+ if (!isset($config->host_url))
+ { $config->host_url = ''; }
+ if (!isset($config->contexts))
+ { $config->contexts = ''; }
+ if (!isset($config->user_type))
+ { $config->user_type = ''; }
+ if (!isset($config->user_attribute))
+ { $config->user_attribute = ''; }
+ if (!isset($config->search_sub))
+ { $config->search_sub = ''; }
+ if (!isset($config->opt_deref))
+ { $config->opt_deref = ''; }
+ if (!isset($config->preventpassindb))
+ { $config->preventpassindb = 0; }
+ if (!isset($config->bind_dn))
+ {$config->bind_dn = ''; }
+ if (!isset($config->bind_pw))
+ {$config->bind_pw = ''; }
+ if (!isset($config->version))
+ {$config->version = '2'; }
+ if (!isset($config->objectclass))
+ {$config->objectclass = ''; }
+ if (!isset($config->memberattribute))
+ {$config->memberattribute = ''; }
+ if (!isset($config->creators))
+ {$config->creators = ''; }
+ if (!isset($config->create_context))
+ {$config->create_context = ''; }
+ if (!isset($config->expiration))
+ {$config->expiration = ''; }
+ if (!isset($config->expiration_warning))
+ {$config->expiration_warning = '10'; }
+ if (!isset($config->expireattr))
+ {$config->expireattr = ''; }
+ if (!isset($config->gracelogins))
+ {$config->gracelogins = ''; }
+ if (!isset($config->graceattr))
+ {$config->graceattr = ''; }
if (!isset($config->auth_user_create))
{$config->auth_user_create = ''; }
- if (!isset($config->auth_ldap_forcechangepassword))
- {$config->auth_ldap_forcechangepassword = false; }
- if (!isset($config->auth_ldap_stdchangepassword))
- {$config->auth_ldap_stdchangepassword = false; }
+ if (!isset($config->forcechangepassword))
+ {$config->forcechangepassword = false; }
+ if (!isset($config->stdchangepassword))
+ {$config->stdchangepassword = false; }
+ if (!isset($config->changepasswordurl))
+ {$config->changepasswordurl = ''; }
$yesno = array( get_string('no'), get_string('yes') );
-if (!function_exists('ldap_connect')){ // Is php4-ldap really there?
+if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
print '<tr><td><p align="center"><font color="red"><strong>Warning:
The PHP LDAP module does not seem to be present.
Please ensure it is installed and enabled.</strong></font></p></td></tr>';
}
?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+
<tr>
<td colspan="2">
- <h4><?php print_string("auth_ldap_server_settings", "auth") ?> </h4>
+ <h4><?php print_string('auth_ldap_server_settings', 'auth') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_host_url:</td>
+ <td align="right">host_url:</td>
<td>
- <input name="ldap_host_url" type="text" size="30" value="<?php echo $config->ldap_host_url?>" />
- <?php if (isset($err["ldap_host_url"])) formerr($err["ldap_host_url"]); ?>
+ <input name="host_url" type="text" size="30" value="<?php echo $config->host_url?>" />
+ <?php if (isset($err['host_url'])) formerr($err['host_url']); ?>
</td>
<td>
- <?php print_string("auth_ldap_host_url","auth") ?>
+ <?php print_string('auth_ldap_host_url','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_version:</td>
+ <td align="right">version:</td>
<td>
<?php
- $versions[2] = "2";
- $versions[3] = "3";
- choose_from_menu($versions, "ldap_version", $config->ldap_version, "");
- if (isset($err["ldap_version"])) formerr($err["ldap_version"]);
+ $versions[2] = '2';
+ $versions[3] = '3';
+ choose_from_menu($versions, 'version', $config->version, '');
+ if (isset($err['version'])) formerr($err['version']);
?>
</td>
<td>
- <?php print_string("auth_ldap_version","auth") ?>
+ <?php print_string('auth_ldap_version','auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
- <h4><?php print_string("auth_ldap_bind_settings", "auth") ?> </h4>
+ <h4><?php print_string('auth_ldap_bind_settings', 'auth') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_preventpassindb:</td>
+ <td align="right">preventpassindb:</td>
<td>
<?php
$choices = array();
- $choices["0"] = get_string("no");
- $choices["1"] = get_string("yes");
- choose_from_menu ($choices, "ldap_preventpassindb", $config->ldap_preventpassindb, "");
+ $choices['0'] = get_string('no');
+ $choices['1'] = get_string('yes');
+ choose_from_menu ($choices, 'preventpassindb', $config->preventpassindb, '');
?>
</td><td>
- <?php print_string("auth_ldap_preventpassindb","auth") ?>
+ <?php print_string('auth_ldap_preventpassindb','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_bind_dn:</td>
+ <td align="right">bind_dn:</td>
<td>
- <input name="ldap_bind_dn" type="text" size="30" value="<?php echo $config->ldap_bind_dn?>" />
- <?php if (isset($err["ldap_bind_dn"])) formerr($err["ldap_bind_dn"]); ?>
+ <input name="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
+ <?php if (isset($err['bind_dn'])) formerr($err['bind_dn']); ?>
</td><td>
- <?php print_string("auth_ldap_bind_dn","auth") ?>
+ <?php print_string('auth_ldap_bind_dn','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_bind_pw:</td>
+ <td align="right">bind_pw:</td>
<td>
- <input name="ldap_bind_pw" type="password" size="30" value="<?php echo $config->ldap_bind_pw?>" />
- <?php if (isset($err["ldap_bind_pw"])) formerr($err["ldap_bind_pw"]); ?>
+ <input name="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" />
+ <?php if (isset($err['bind_pw'])) formerr($err['bind_pw']); ?>
</td><td>
- <?php print_string("auth_ldap_bind_pw","auth") ?>
+ <?php print_string('auth_ldap_bind_pw','auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
- <h4><?php print_string("auth_ldap_user_settings", "auth") ?> </h4>
+ <h4><?php print_string('auth_ldap_user_settings', 'auth') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_user_type:</td>
+ <td align="right">user_type:</td>
<td>
- <?php choose_from_menu(auth_ldap_suppported_usertypes(), "ldap_user_type", $config->ldap_user_type, ""); ?>
- <?php if (isset($err["ldap_user_type"])) formerr($err["ldap_user_type"]); ?>
+ <?php choose_from_menu($this->ldap_suppported_usertypes(), 'user_type', $config->user_type, ''); ?>
+ <?php if (isset($err['user_type'])) formerr($err['user_type']); ?>
</td>
<td>
- <?php print_string("auth_ldap_user_type","auth") ?>
+ <?php print_string('auth_ldap_user_type', 'auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_contexts:</td>
+ <td align="right">contexts:</td>
<td>
- <input name="ldap_contexts" type="text" size="30" value="<?php echo $config->ldap_contexts?>" />
- <?php if (isset($err["ldap_contexts"])) formerr($err["ldap_contexts"]); ?>
+ <input name="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
+ <?php if (isset($err['contexts'])) formerr($err['contexts']); ?>
</td>
<td>
- <?php print_string("auth_ldap_contexts","auth") ?>
+ <?php print_string('auth_ldap_contexts', 'auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_search_sub:</td>
+ <td align="right">search_sub:</td>
<td>
<?php
$choices = array();
- $choices["0"] = get_string("no");
- $choices["1"] = get_string("yes");
- choose_from_menu ($choices, "ldap_search_sub", $config->ldap_search_sub, "");
+ $choices['0'] = get_string('no');
+ $choices['1'] = get_string('yes');
+ choose_from_menu ($choices, 'search_sub', $config->search_sub, '');
?>
- <?php if (isset($err["ldap_search_sub"])) formerr($err["ldap_search_sub"]); ?>
+ <?php if (isset($err['search_sub'])) formerr($err['search_sub']); ?>
</td>
<td>
- <?php print_string("auth_ldap_search_sub","auth") ?>
+ <?php print_string('auth_ldap_search_sub','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_opt_deref:</td>
+ <td align="right">opt_deref:</td>
<td>
<?php
- $opt_deref[LDAP_DEREF_NEVER] = get_string("no");
- $opt_deref[LDAP_DEREF_ALWAYS] = get_string("yes");
- choose_from_menu($opt_deref, "ldap_opt_deref", $config->ldap_opt_deref, LDAP_DEREF_NEVER);
- if (isset($err["ldap_opt_deref"])) formerr($err["ldap_opt_deref"]);
+ $opt_deref[LDAP_DEREF_NEVER] = get_string('no');
+ $opt_deref[LDAP_DEREF_ALWAYS] = get_string('yes');
+ choose_from_menu($opt_deref, 'opt_deref', $config->opt_deref, LDAP_DEREF_NEVER);
+ if (isset($err['opt_deref'])) formerr($err['opt_deref']);
?>
</td>
<td>
- <?php print_string("auth_ldap_opt_deref","auth") ?>
+ <?php print_string('auth_ldap_opt_deref','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_user_attribute:</td>
+ <td align="right">user_attribute:</td>
<td>
- <input name="ldap_user_attribute" type="text" size="30" value="<?php echo $config->ldap_user_attribute?>" />
- <?php if (isset($err["ldap_user_attribute"])) formerr($err["ldap_user_attribute"]); ?>
+ <input name="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
+ <?php if (isset($err['user_attribute'])) formerr($err['user_attribute']); ?>
</td>
<td>
- <?php print_string("auth_ldap_user_attribute","auth") ?>
+ <?php print_string('auth_ldap_user_attribute','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_memberattribute:</td>
+ <td align="right">memberattribute:</td>
<td>
- <input name="ldap_memberattribute" type="text" size="30" value="<?php echo $config->ldap_memberattribute?>" />
- <?php if (isset($err["ldap_memberattribute"])) formerr($err["ldap_memberattribute"]); ?>
+ <input name="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
+ <?php if (isset($err['memberattribute'])) formerr($err['memberattribute']); ?>
</td><td>
- <?php print_string("auth_ldap_memberattribute","auth") ?>
+ <?php print_string('auth_ldap_memberattribute','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_objectclass:</td>
+ <td align="right">objectclass:</td>
<td>
- <input name="ldap_objectclass" type="text" size="30" value="<?php echo $config->ldap_objectclass?>" />
- <?php if (isset($err["ldap_objectclass"])) formerr($err["ldap_objectclass"]); ?>
+ <input name="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
+ <?php if (isset($err['objectclass'])) formerr($err['objectclass']); ?>
</td>
<td>
- <?php print_string("auth_ldap_objectclass","auth") ?>
+ <?php print_string('auth_ldap_objectclass','auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
- <h4><?php print_string("forcechangepassword", "auth") ?> </h4>
+ <h4><?php print_string('forcechangepassword', 'auth') ?> </h4>
</td>
</tr>
<td align="right" valign="top"><?php print_string('forcechangepassword', 'auth') ?>:</td>
<td>
- <select name="auth_ldap_forcechangepassword">
- <option value="0" <?php echo ($config->auth_ldap_forcechangepassword ? '' : 'selected="yes"') ?> >
- <?php print_string("no") ?></option>
- <option value="1" <?php echo ($config->auth_ldap_forcechangepassword ? 'selected="yes"' : '') ?> >
- <?php print_string("yes") ?></option>
+ <select name="forcechangepassword">
+ <option value="0" <?php echo ($config->forcechangepassword ? '' : 'selected="yes"') ?> >
+ <?php print_string('no') ?></option>
+ <option value="1" <?php echo ($config->forcechangepassword ? 'selected="yes"' : '') ?> >
+ <?php print_string('yes') ?></option>
</select><br />
</td>
<td align="right" valign="top"><?php print_string('stdchangepassword', 'auth') ?>:</td>
<td>
- <select name="auth_ldap_stdchangepassword">
- <option value="0" <?php echo ($config->auth_ldap_stdchangepassword ? '' : 'selected="yes"') ?> >
- <?php print_string("no") ?></option>
- <option value="1" <?php echo ($config->auth_ldap_stdchangepassword ? 'selected="yes"' : '') ?> >
- <?php print_string("yes") ?></option>
+ <select name="stdchangepassword">
+ <option value='0' <?php echo ($config->stdchangepassword ? '' : 'selected="yes"') ?> >
+ <?php print_string('no') ?></option>
+ <option value='1' <?php echo ($config->stdchangepassword ? 'selected="yes"' : '') ?> >
+ <?php print_string('yes') ?></option>
</select><br />
</td>
</td>
</tr>
+<tr valign="top">
+ <td align="right"> changepasswordurl: </td>
+ <td>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
+ </td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
+</tr>
+
<tr>
<td colspan="2">
- <h4><?php print_string("auth_ldap_passwdexpire_settings", "auth") ?> </h4>
+ <h4><?php print_string('auth_ldap_passwdexpire_settings', 'auth') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_expiration:</td>
+ <td align="right">expiration:</td>
<td>
<?php
- $expiration['0'] = "No";
- $expiration['1'] = "LDAP";
- choose_from_menu($expiration, "ldap_expiration", $config->ldap_expiration, "");
- if (isset($err["ldap_expiration"])) formerr($err["ldap_expiration"]);
+ $expiration['0'] = 'no';
+ $expiration['1'] = 'LDAP';
+ choose_from_menu($expiration, 'expiration', $config->expiration, '');
+ if (isset($err['expiration'])) formerr($err['expiration']);
?>
</td>
<td>
- <?php print_string("auth_ldap_expiration_desc","auth") ?>
+ <?php print_string('auth_ldap_expiration_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_expiration_warning:</td>
+ <td align="right">expiration_warning:</td>
<td>
- <input name="ldap_expiration_warning" type="text" size="2" value="<?php echo $config->ldap_expiration_warning?>" />
- <?php if (isset($err["ldap_expiration_warning"])) formerr($err["ldap_expiration_warning"]);
+ <input name="expiration_warning" type="text" size="2" value="<?php echo $config->expiration_warning?>" />
+ <?php if (isset($err['expiration_warning'])) formerr($err['expiration_warning']);
?>
</td>
<td>
- <?php print_string("auth_ldap_expiration_warning_desc","auth") ?>
+ <?php print_string('auth_ldap_expiration_warning_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_exprireattr:</td>
+ <td align="right">exprireattr:</td>
<td>
- <input name="ldap_expireattr" type="text" size="30" value="<?php echo $config->ldap_expireattr?>" />
- <?php if (isset($err["ldap_expireattr"])) formerr($err["ldap_expireattr"]);
+ <input name="expireattr" type="text" size="30" value="<?php echo $config->expireattr?>" />
+ <?php if (isset($err['expireattr'])) formerr($err['expireattr']);
?>
</td>
<td>
- <?php print_string("auth_ldap_expireattr_desc","auth") ?>
+ <?php print_string('auth_ldap_expireattr_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_gracelogins:</td>
+ <td align="right">gracelogins:</td>
<td>
<?php
- $grace['0'] = get_string("no");
- $grace['1'] = get_string("yes");
- choose_from_menu($grace, "ldap_gracelogins", $config->ldap_gracelogins, "");
- if (isset($err["ldap_expiration"])) formerr($err["ldap_expiration"]);
+ $grace['0'] = get_string('no');
+ $grace['1'] = get_string('yes');
+ choose_from_menu($grace, 'gracelogins', $config->gracelogins, '');
+ if (isset($err['expiration'])) formerr($err['expiration']);
?>
</td>
<td>
- <?php print_string("auth_ldap_gracelogins_desc","auth") ?>
+ <?php print_string('auth_ldap_gracelogins_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_graceattr:</td>
+ <td align="right">graceattr:</td>
<td>
- <input name="ldap_graceattr" type="text" size="30" value="<?php echo $config->ldap_graceattr?>" />
- <?php if (isset($err["ldap_graceattr"])) formerr($err["ldap_graceattr"]);
+ <input name="graceattr" type="text" size="30" value="<?php echo $config->graceattr?>" />
+ <?php if (isset($err['graceattr'])) formerr($err['graceattr']);
?>
</td>
<td>
- <?php print_string("auth_ldap_graceattr_desc","auth") ?>
+ <?php print_string('auth_ldap_graceattr_desc','auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
- <h4><?php print_string("auth_user_create", "auth") ?> </h4>
+ <h4><?php print_string('auth_user_create', 'auth') ?> </h4>
</td>
</tr>
+<tr valign="top">
+ <td align="right">auth_user_create: </td>
+ <td>
+ <?php
+
+ choose_from_menu($createoptions, 'auth_user_create', $config->auth_user_create, '');
+ if (isset($err['auth_user_create'])) {
+ formerr($err['auth_user_create']);
+ }
+
+ ?>
+ </td>
+ <td>
+ <?php print_string("auth_user_creation","auth"); ?>
+ </td>
+</tr>
+
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_create_context:</td>
+ <td align="right">create_context:</td>
<td>
- <input name="ldap_create_context" type="text" size="30" value="<?php echo $config->ldap_create_context?>" />
- <?php if (isset($err["ldap_create_context"])) formerr($err["ldap_create_context"]); ?>
+ <input name="create_context" type="text" size="30" value="<?php echo $config->create_context?>" />
+ <?php if (isset($err['create_context'])) formerr($err['create_context']); ?>
</td><td>
- <?php print_string("auth_ldap_create_context","auth") ?>
+ <?php print_string('auth_ldap_create_context','auth') ?>
</td>
</tr>
<tr>
<td colspan="2">
- <h4><?php print_string("coursecreators") ?> </h4>
+ <h4><?php print_string('coursecreators') ?> </h4>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">ldap_creators:</td>
+ <td align="right">creators:</td>
<td>
- <input name="ldap_creators" type="text" size="30" value="<?php echo $config->ldap_creators?>" />
- <?php if (isset($err["ldap_creators"])) formerr($err["ldap_creators"]); ?>
+ <input name="creators" type="text" size="30" value="<?php echo $config->creators?>" />
+ <?php if (isset($err['creators'])) formerr($err['creators']); ?>
</td><td>
- <?php print_string("auth_ldap_creators","auth") ?>
+ <?php print_string('auth_ldap_creators','auth') ?>
</td>
</tr>
<?php
-$help = get_string("auth_ldapextrafields","auth");
-$help .= get_string("auth_updatelocal_expl","auth");
-$help .= get_string("auth_fieldlock_expl","auth");
-$help .= get_string("auth_updateremote_expl","auth");
+$help = get_string('auth_ldapextrafields','auth');
+$help .= get_string('auth_updatelocal_expl','auth');
+$help .= get_string('auth_fieldlock_expl','auth');
+$help .= get_string('auth_updateremote_expl','auth');
$help .= '<hr />';
-$help .= get_string("auth_updateremote_ldap","auth");
+$help .= get_string('auth_updateremote_ldap','auth');
-print_auth_lock_options($auth, $user_fields, $help, true, true);
-?>
-
-<tr valign="top" class="required">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
- <td>
-
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
- </td>
-</tr>
+global $user_fields;
+print_auth_lock_options('ldap', $user_fields, $help, true, true);
+?>
+</table>
+++ /dev/null
-<?PHP
-/**
- *
- * @author Petri Asikainen
- * @version $Id$
- * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
- * @package moodleauth
-
- * LDAPA-authentication functions
- *
- * 30.09.2004 Removed outdated documentation
- * 24.09.2004 Lot of changes:
- * -Added usertype configuration, this removes need for separate obejcclass and attributename configuration
- * Overriding values is still supported
- *
- * 21.09.2004 Added support for multiple ldap-servers.
- * Theres no nedd to use auth_ldap_bind,
- * Anymore auth_ldap_connect does this for you
- * 19.09.2004 Lot of changes are coming from Martin Langhoff
- * Current code is working but can change a lot. Be warned...
- * 15.08.2004 Added support for user syncronization
- * 24.02.2003 Added support for coursecreators
- * 20.02.2003 Added support for user creation
- * 12.10.2002 Reformatted source for consistency
- * 03.10.2002 First version to CVS
- * 29.09.2002 Clean up and splitted code to functions v. 0.02
- * 29.09.2002 LDAP authentication functions v. 0.01
- */
-
-/**
- * authenticates user againt external userdatabase
- *
- * Returns true if the username and password work
- * and false if they don't
- *
- * @param string $username
- * @param string $password
- *
-*/
-
-// LDAP functions are reused by other auth libs
-if (!defined('AUTH_LDAP_NAME')) {
- define('AUTH_LDAP_NAME', 'ldap');
-}
-
-function auth_user_login ($username, $password) {
-
- global $CFG;
-
- if (!$username or !$password) { // Don't allow blank usernames or passwords
- return false;
- }
-
- // CAS-supplied auth tokens override LDAP auth
- if ($CFG->auth == "cas" && !empty($CFG->cas_enabled)) {
- return cas_ldap_auth_user_login($username, $password);
- }
-
- $ldapconnection = auth_ldap_connect();
-
- if ($ldapconnection) {
- $ldap_user_dn = auth_ldap_find_userdn($ldapconnection, $username);
-
- //if ldap_user_dn is empty, user does not exist
- if(!$ldap_user_dn){
- ldap_close($ldapconnection);
- return false;
- }
-
- // Try to bind with current username and password
- $ldap_login = @ldap_bind($ldapconnection, $ldap_user_dn, stripslashes($password));
- ldap_close($ldapconnection);
- if ($ldap_login) {
- return true;
- }
- } else {
- @ldap_close($ldapconnection);
- error("LDAP-module cannot connect to server: $CFG->ldap_host_url");
- }
- return false;
-}
-
-/**
- * reads userinformation from ldap and return it in array()
- *
- * Read user information from external database and returns it as array().
- * Function should return all information available. If you are saving
- * this information to moodle user-table you should honor syncronization flags
- *
- * @param string $username username
- * @return array
- */
-function auth_get_userinfo($username){
- global $CFG;
- $ldapconnection=auth_ldap_connect();
- $config = (array)$CFG;
- $attrmap = auth_ldap_attributes();
-
- $result = array();
- $search_attribs = array();
-
- foreach ($attrmap as $key=>$values) {
- if (!is_array($values)) {
- $values = array($values);
- }
- foreach ($values as $value) {
- if (!in_array($value, $search_attribs)) {
- array_push($search_attribs, $value);
- }
- }
- }
-
- $user_dn = auth_ldap_find_userdn($ldapconnection, $username);
-
- if (empty($CFG->ldap_objectclass)) { // Can't send empty filter
- $CFG->ldap_objectclass="objectClass=*";
- }
-
- $user_info_result = ldap_read($ldapconnection,$user_dn,$CFG->ldap_objectclass, $search_attribs);
-
- if ($user_info_result) {
- $user_entry = ldap_get_entries($ldapconnection, $user_info_result);
- foreach ($attrmap as $key=>$values){
- if (!is_array($values)) {
- $values = array($values);
- }
- $ldapval = NULL;
- foreach ($values as $value) {
- if(is_array($user_entry[0][strtolower($value)])) {
- // TODO: fix encoding conversion
- $newval = addslashes(stripslashes($user_entry[0][strtolower($value)][0]));
- }
- else {
- // TODO: fix encoding conversion
- $newval = addslashes(stripslashes($user_entry[0][strtolower($value)]));
- }
- if (!empty($newval)) { // favour ldap entries that are set
- $ldapval = $newval;
- }
- }
- if (!is_null($ldapval)) {
- $result[$key] = $ldapval;
- }
- }
- }
-
- @ldap_close($ldapconnection);
-
- return $result;
-}
-
-/**
- * reads userinformation from ldap and return it in an object
- *
- * @param string $username username
- * @return array
- */
-function auth_get_userinfo_asobj($username){
- $user_array = truncate_userinfo(auth_get_userinfo($username));
- $user = new object;
- foreach($user_array as $key=>$value){
- $user->{$key} = $value;
- }
- return $user;
-}
-
-/**
- * returns all usernames from external database
- *
- * auth_get_userlist returns all usernames from external database
- *
- * @return array
- */
-function auth_get_userlist () {
- global $CFG;
- auth_ldap_init();
- return auth_ldap_get_userlist("($CFG->ldap_user_attribute=*)");
-}
-/**
- * checks if user exists on external db
- */
-function auth_user_exists ($username) {
- global $CFG;
- auth_ldap_init();
- //returns true if given usernname exist on ldap
- $users = auth_ldap_get_userlist("($CFG->ldap_user_attribute=$username)");
- return count($users);
-}
-
-/**
- * creates new user on external database
- *
- * auth_user_create() creates new user on external database
- * By using information in userobject
- * Use auth_user_exists to prevent dublicate usernames
- *
- * @param mixed $userobject Moodle userobject
- * @param mixed $plainpass Plaintext password
- */
-function auth_user_create ($userobject,$plainpass) {
- global $CFG;
- $ldapconnection = auth_ldap_connect();
- $attrmap = auth_ldap_attributes();
-
- $newuser = array();
-
- foreach ($attrmap as $key=>$values){
- if (!is_array($values)) {
- $values = array($values);
- }
- foreach ($values as $value) {
- if(!empty($userobject->$key) ){
- $newuser[$value]= $userobject->$key;
- }
- }
- }
-
- //Following sets all mandatory and other forced attribute values
- //User should be creted as login disabled untill email confirmation is processed
- //Feel free to add your user type and send patches to paca@sci.fi to add them
- //Moodle distribution
-
- switch ($CFG->ldap_user_type) {
- case 'edir':
- $newuser['objectClass']= array("inetOrgPerson","organizationalPerson","person","top");
- $newuser['uniqueId']= $userobject->username;
- $newuser['logindisabled']="TRUE";
- $newuser['userpassword']=$plainpass;
- break;
- default:
- error('auth: ldap auth_user_create() does not support selected usertype:"'.$CFG->ldap_user_type.'" (..yet)');
- }
- $uadd = ldap_add($ldapconnection, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser);
-
- ldap_close($ldapconnection);
- return $uadd;
-
-}
-
-/*/
- *
- * auth_get_users() returns userobjects from external database
- *
- * Function returns users from external databe as Moodle userobjects
- * If filter is not present it should return ALL users in external database
- *
- * @param mixed $filter substring of username
- * @returns array of userobjects
- */
-function auth_get_users($filter='*', $dontlistcreated=false) {
- global $CFG;
-
- $ldapconnection = auth_ldap_connect();
- $fresult = array();
-
- if ($filter=="*") {
- $filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
- }
-
- $contexts = explode(";",$CFG->ldap_contexts);
-
- if (!empty($CFG->ldap_create_context) and empty($dontlistcreated)){
- array_push($contexts, $CFG->ldap_create_context);
- }
-
- $attrmap = auth_ldap_attributes();
-
- $search_attribs = array();
-
- foreach ($attrmap as $key=>$values) {
- if (!is_array($values)) {
- $values = array($values);
- }
- foreach ($values as $value) {
- if (!in_array($value, $search_attribs)) {
- array_push($search_attribs, $value);
- }
- }
- }
-
-
- foreach ($contexts as $context) {
-
- $context = trim($context);
- if (empty($context)) {
- continue;
- }
-
- if ($CFG->ldap_search_sub) {
- //use ldap_search to find first user from subtree
- $ldap_result = ldap_search($ldapconnection, $context,
- $filter,
- $search_attribs);
- } else {
- //search only in this context
- $ldap_result = ldap_list($ldapconnection, $context,
- $filter,
- $search_attribs);
- }
-
- $users = auth_ldap_get_entries($ldapconnection, $ldap_result);
-
- //add found users to list
- foreach ($users as $ldapuser=>$attribs) {
- $user = new object();
- foreach ($attrmap as $key=>$value){
- if(isset($users[$ldapuser][$value][0])){
- $user->$key=$users[$ldapuser][$value][0];
- }
- }
- //quick way to get around binarystrings
- $user->guid=bin2hex($user->guid);
- //add authentication source stamp
- $user->auth = AUTH_LDAP_NAME;
- $fresult[$user->username]=$user;
-
- }
- }
-
- return $fresult;
-}
-
-/**
- * return number of days to user password expires
- *
- * If userpassword does not expire it should return 0. If password is already expired
- * it should return negative value.
- *
- * @param mixed $username username
- * @return integer
- */
-function auth_password_expire($username) {
- global $CFG ;
- $result = false;
-
- $ldapconnection = auth_ldap_connect();
- $user_dn = auth_ldap_find_userdn($ldapconnection, $username);
- $search_attribs = array($CFG->ldap_expireattr);
- $sr = ldap_read($ldapconnection, $user_dn, 'objectclass=*', $search_attribs);
- if ($sr) {
- $info=auth_ldap_get_entries($ldapconnection, $sr);
- if ( empty($info[0][strtolower($CFG->ldap_expireattr)][0])) {
- //error_log("ldap: no expiration value".$info[0][$CFG->ldap_expireattr]);
- // no expiration attribute, password does not expire
- $result = 0;
- } else {
- $now = time();
- $expiretime = auth_ldap_expirationtime2unix($info[0][strtolower($CFG->ldap_expireattr)][0]);
- if ($expiretime > $now) {
- $result = ceil(($expiretime - $now) / DAYSECS);
- } else {
- $result = floor(($expiretime - $now) / DAYSECS);
- }
- }
- } else {
- error_log("ldap: auth_password_expire did't find expiration time!.");
- }
-
- //error_log("ldap: auth_password_expire user $user_dn expires in $result days!");
- return $result;
-}
-
-/**
- * syncronizes user fron external db to moodle user table
- *
- * Sync shouid be done by using idnumber attribute, not username.
- * You need to pass firstsync parameter to function to fill in
- * idnumbers if they dont exists in moodle user table.
- *
- * Syncing users removes (disables) users that dont exists anymore in external db.
- * Creates new users and updates coursecreator status of users.
- *
- * @param mixed $firstsync Optional: set to true to fill idnumber fields if not filled yet
- */
-function auth_sync_users ($bulk_insert_records = 1000, $do_updates=1) {
-//Syncronizes userdb with ldap
-//This will add, rename
-/// OPTIONAL PARAMETERS
-/// $bulk_insert_records = 1 // will insert $bulkinsert_records per insert statement
-/// valid only with $unsafe. increase to a couple thousand for
-/// blinding fast inserts -- but test it: you may hit mysqld's
-/// max_allowed_packet limit.
-/// $do_updates = 1 // will do pull in data updates from ldap if relevant
-
-
- global $CFG ;
- $pcfg = get_config('auth/ldap');
-
- // configure a temp table
- print "Configuring temp table\n";
- if(strtolower($CFG->dbtype) === 'mysql'){
- // help old mysql versions cope with large temp tables
- execute_sql('SET SQL_BIG_TABLES=1', false);
- execute_sql('CREATE TEMPORARY TABLE ' . $CFG->prefix .'extuser (idnumber VARCHAR(64), PRIMARY KEY (idnumber)) TYPE=MyISAM',false);
- } elseif (strtolower($CFG->dbtype) === 'postgres7'){
- $bulk_insert_records = 1; // no support for multiple sets of values
- execute_sql('CREATE TEMPORARY TABLE '.$CFG->prefix.'extuser (idnumber VARCHAR(64), PRIMARY KEY (idnumber))',false);
- }
-
-
- print "connecting to ldap\n";
- $ldapconnection = auth_ldap_connect();
- if (!$ldapconnection) {
- @ldap_close($ldapconnection);
- notify("LDAP-module cannot connect to server: $CFG->ldap_host_url");
- return false;
- }
-
- ////
- //// get user's list from ldap to sql in a scalable fashion
- ////
- // prepare some data we'll need
- if (! empty($CFG->ldap_objectclass)) {
- $CFG->ldap_objectclass="objectClass=*";
- }
-
- $filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
-
- $contexts = explode(";",$CFG->ldap_contexts);
-
- if (!empty($CFG->ldap_create_context)){
- array_push($contexts, $CFG->ldap_create_context);
- }
-
- $fresult = array();
- $count = 0;
- foreach ($contexts as $context) {
- $context = trim($context);
- if (empty($context)) {
- continue;
- }
- begin_sql();
- if ($CFG->ldap_search_sub) {
- //use ldap_search to find first user from subtree
- $ldap_result = ldap_search($ldapconnection, $context,
- $filter,
- array($CFG->ldap_user_attribute));
- } else {
- //search only in this context
- $ldap_result = ldap_list($ldapconnection, $context,
- $filter,
- array($CFG->ldap_user_attribute));
- }
-
- if ($entry = ldap_first_entry($ldapconnection, $ldap_result)) {
- do {
- $value = ldap_get_values_len($ldapconnection, $entry,$CFG->ldap_user_attribute);
- $value = $value[0];
- $count++;
- array_push($fresult, $value);
- if(count($fresult) >= $bulk_insert_records){
- auth_ldap_bulk_insert($fresult);
- //print var_dump($fresult);
- $fresult=array();
- }
- }
- while ($entry = ldap_next_entry($ldapconnection, $entry));
- }
-
- // insert any remaining users and release mem
- if(count($fresult)){
- auth_ldap_bulk_insert($fresult);
- $fresult=array();
- }
- commit_sql();
- }
- // free mem
- $ldap_results = 0;
-
- /// preserve our user database
- /// if the temp table is empty, it probably means that something went wrong, exit
- /// so as to avoid mass deletion of users; which is hard to undo
- $count = get_record_sql('SELECT COUNT(idnumber) AS count, 1 FROM ' . $CFG->prefix .'extuser');
- $count = $count->{'count'};
- if($count < 1){
- print "Did not get any users from LDAP -- error? -- exiting\n";
- exit;
- }
-
- ////
- //// User removal
- ////
- // find users in DB that aren't in ldap -- to be removed!
- // this is still not as scalable
- $sql = 'SELECT u.id, u.username
- FROM ' . $CFG->prefix .'user u LEFT JOIN ' . $CFG->prefix .'extuser e
- ON u.idnumber = e.idnumber
- WHERE u.auth=\'' . AUTH_LDAP_NAME . '\' AND u.deleted=\'0\' AND e.idnumber IS NULL';
- //print($sql);
- $remove_users = get_records_sql($sql);
-
- if (!empty($remove_users)){
- print "User entries to remove: ". count($remove_users) . "\n";
-
- begin_sql();
- foreach ($remove_users as $user) {
- //following is copy pasted from admin/user.php
- //maybe this should moved to function in lib/datalib.php
- unset($updateuser);
- $updateuser->id = $user->id;
- $updateuser->deleted = "1";
- //$updateuser->username = "$user->username".time(); // Remember it just in case
- //$updateuser->email = ""; // Clear this field to free it up
- $updateuser->timemodified = time();
- if (update_record("user", $updateuser)) {
- // unenrol_student($user->id); // From all courses
- // remove_teacher($user->id); // From all courses
- // remove_admin($user->id);
- delete_records('role_assignments', 'userid', $user->id); // unassign all roles
- notify(get_string("deletedactivity", "", fullname($user, true)) );
- } else {
- notify(get_string("deletednot", "", fullname($user, true)));
- }
- //copy pasted part ends
- }
- commit_sql();
- }
- $remove_users = 0; // free mem!
-
- ////
- //// User Updates
- //// (time-consuming, optional)
- ////
- if ($do_updates) {
- // narrow down what fields we need to update
- $all_keys = array_keys(get_object_vars($pcfg));
- $updatekeys = array();
- foreach ($all_keys as $key) {
- if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
- // if we have a field to update it from
- // and it must be updated 'onlogin' we
- // update it on cron
- if ( !empty($pcfg->{'field_map_'.$match[1]})
- && $pcfg->{$match[0]} === 'onlogin') {
- array_push($updatekeys, $match[1]); // the actual key name
- }
- }
- }
- // print_r($all_keys); print_r($updatekeys);
- unset($all_keys); unset($key);
-
- }
- if ( $do_updates && !(empty($updatekeys)) ) { // run updates only if relevant
- $users = get_records_sql('SELECT u.username, u.id FROM ' . $CFG->prefix . 'user u WHERE u.deleted=0 and u.auth=\'' . AUTH_LDAP_NAME . '\'' );
- if (!empty($users)) {
- print "User entries to update: ". count($users). "\n";
-
- $sitecontext = get_context_instance(CONTEXT_SYSTEM);
-
- if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
-
- $creatorrole = array_shift($creatorroles); // We can only use one, let's use the first one
-
- begin_sql();
- $xcount=0; $maxxcount=100;
- foreach ($users as $user) {
- echo "updating user $user->username \n";
- auth_ldap_update_user_record($user->username, $updatekeys);
-
- // update course creators
- if (!empty($CFG->ldap_creators) && !empty($CFG->ldap_memberattribute) ) {
- if (auth_iscreator($user->username)) { // Following calls will not create duplicates
- role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'ldap');
- $xcount++;
- } else {
- role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
- $xcount++;
- }
- }
-
- if ($xcount++ > $maxxcount) {
- commit_sql();
- begin_sql();
- $xcount=0;
- }
- }
- commit_sql();
- unset($users); // free mem
- }
- }
- } // end do updates
-
- ////
- //// User Additions
- ////
- // find users missing in DB that are in LDAP
- // note that get_records_sql wants at least 2 fields returned,
- // and gives me a nifty object I don't want.
- $sql = 'SELECT e.idnumber,1
- FROM ' . $CFG->prefix .'extuser e LEFT JOIN ' . $CFG->prefix .'user u
- ON e.idnumber = u.idnumber
- WHERE u.id IS NULL OR (u.id IS NOT NULL AND u.deleted=1)';
- $add_users = get_records_sql($sql); // get rid of the fat
-
- if(!empty($add_users)){
- print "User entries to add: ". count($add_users). "\n";
-
- if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
- $creatorrole = array_shift($roles); // We can only use one, let's use the first one
- }
-
- begin_sql();
- foreach($add_users as $user){
- $user = auth_get_userinfo_asobj($user->idnumber);
- //print $user->username . "\n";
-
- // prep a few params
- $user->modified = time();
- $user->confirmed = 1;
- $user->auth = AUTH_LDAP_NAME;
-
- // insert it
- $old_debug=$CFG->debug;
- $CFG->debug=10;
-
- // maybe the user has been deleted before
- if ($old_user = get_record('user', 'idnumber', $user->idnumber, 'deleted', 1)) {
- $user->id = $old_user->id;
- set_field('user', 'deleted', 0, 'idnumber', $user->idnumber);
- echo "Revived user $user->username with idnumber $user->idnumber id $user->id\n";
- } elseif ($id=insert_record ('user',$user)) { // it is truly a new user
- echo "inserted user $user->username with idnumber $user->idnumber id $id\n";
- $user->id = $id;
- } else {
- echo "error inserting user $user->username with idnumber $user->idnumber \n";
- }
- $CFG->debug=$old_debug;
- $userobj = auth_ldap_update_user_record($user->username);
- if(isset($CFG->{'auth_ldap_forcechangepassword'}) && $CFG->{'auth_ldap_forcechangepassword'}){
- set_user_preference('auth_forcepasswordchange', 1, $userobj->id);
- }
-
- if (isset($creatorrole->id) && !empty($CFG->ldap_creators) && !empty($CFG->ldap_memberattribute) ) {
- if (auth_iscreator($user->username)) {
- if (user_has_role_assignment($user->id, $creatorrole->id, $sitecontext->id)) {
- role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
- } else {
- role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'ldap');
- }
- }
- }
- }
- commit_sql();
- unset($add_users); // free mem
- }
- return true;
-}
-
-function auth_ldap_update_user_record($username, $updatekeys=false) {
-/// will update a local user record from an external source.
-/// is a lighter version of the one in moodlelib -- won't do
-/// expensive ops such as enrolment
-///
-/// If you don't pass $updatekeys, there is a performance hit and
-/// values removed from LDAP won't be removed from moodle.
-
- global $CFG;
-
- $pcfg = get_config('auth/ldap');
-
- //just in case check text case
- $username = trim(moodle_strtolower($username));
-
- // get the current user record
- $user = get_record('user', 'username', $username);
- if (empty($user)) { // trouble
- error_log("Cannot update non-existent user: $username");
- die;
- }
-
- if (function_exists('auth_get_userinfo')) {
- if ($newinfo = auth_get_userinfo($username)) {
- $newinfo = truncate_userinfo($newinfo);
-
- if (empty($updatekeys)) { // all keys? this does not support removing values
- $updatekeys = array_keys($newinfo);
- }
-
- foreach ($updatekeys as $key){
- unset($value);
- if (isset($newinfo[$key])) {
- $value = $newinfo[$key];
- $value = addslashes(stripslashes($value)); // Just in case
- } else {
- $value = '';
- }
- if (!empty($pcfg->{'field_updatelocal_' . $key})) {
- if ($user->{$key} != $value) { // only update if it's changed
- set_field('user', $key, $value, 'username', $username);
- }
- }
- }
- }
- }
- return get_record_select("user", "username = '$username' AND deleted <> '1'");
-}
-
-function auth_ldap_bulk_insert($users){
-// bulk insert in SQL's temp table
-// $users is an array of usernames
- global $CFG;
-
- // bulk insert -- superfast with $bulk_insert_records
- $sql = 'INSERT INTO '.$CFG->prefix.'extuser (idnumber) VALUES ';
- // make those values safe
- $users = array_map('addslashes', $users);
- // join and quote the whole lot
- $sql = $sql . '(\'' . join('\'),(\'', $users) . '\')';
- print "+ " . count($users) . " users\n";
- execute_sql($sql, false);
-
-}
-
-
-/*
- * auth_user_activate activates user in external db.
- *
- * Activates (enables) user in external db so user can login to external db
- *
- * @param mixed $username username
- * @return boolen result
- */
-function auth_user_activate ($username) {
-
- global $CFG;
-
- $ldapconnection = auth_ldap_connect();
-
- $userdn = auth_ldap_find_userdn($ldapconnection, $username);
- switch ($CFG->ldap_user_type) {
- case 'edir':
- $newinfo['loginDisabled']="FALSE";
- break;
- default:
- error ('auth: ldap auth_user_activate() does not support selected usertype:"'.$CFG->ldap_user_type.'" (..yet)');
- }
- $result = ldap_modify($ldapconnection, $userdn, $newinfo);
- ldap_close($ldapconnection);
- return $result;
-}
-
-/*
- * auth_user_disables disables user in external db.
- *
- * Disables user in external db so user can't login to external db
- *
- * @param mixed $username username
- * @return boolean result
- */
-function auth_user_disable ($username) {
- global $CFG;
-
- $ldapconnection = auth_ldap_connect();
-
- $userdn = auth_ldap_find_userdn($ldapconnection, $username);
- switch ($CFG->ldap_user_type) {
- case 'edir':
- $newinfo['loginDisabled']="TRUE";
- break;
- default:
- error ('auth: ldap auth_user_disable() does not support selected usertype (..yet)');
- }
- $result = ldap_modify($ldapconnection, $userdn, $newinfo);
- ldap_close($ldapconnection);
- return $result;
-}
-
-/*
- * auth_iscreator returns true if user should be coursecreator
- *
- * auth_iscreator returns true if user should be coursecreator
- *
- * @param mixed $username username
- * @return boolean result
- */
-function auth_iscreator($username=0) {
-///if user is member of creator group return true
- global $USER , $CFG;
- auth_ldap_init();
-
- if (! $username) {
- $username=$USER->username;
- }
-
- if ((! $CFG->ldap_creators) OR (! $CFG->ldap_memberattribute)) {
- return null;
- }
-
- return auth_ldap_isgroupmember($username, $CFG->ldap_creators);
-
-}
-
-/*
- * auth_user_update saves userinformation from moodle to external db
- *
- * Called when the user record is updated.
- * Modifies user in external database. It takes olduser (before changes) and newuser (after changes)
- * conpares information saved modified information to external db.
- *
- * @param mixed $olduser Userobject before modifications
- * @param mixed $newuser Userobject new modified userobject
- * @return boolean result
- *
- */
-function auth_user_update($olduser, $newuser) {
-
- global $USER , $CFG;
-
- $pcfg = get_config('auth/ldap');
-
- $ldapconnection = auth_ldap_connect();
-
- $result = array();
- $search_attribs = array();
-
- $attrmap = auth_ldap_attributes();
- foreach ($attrmap as $key=>$values) {
- if (!is_array($values)) {
- $values = array($values);
- }
- foreach ($values as $value) {
- if (!in_array($value, $search_attribs)) {
- array_push($search_attribs, $value);
- }
- }
- }
-
- $user_dn = auth_ldap_find_userdn($ldapconnection, $olduser->username);
-
- $user_info_result = ldap_read($ldapconnection,$user_dn,$CFG->ldap_objectclass, $search_attribs);
-
- if ($user_info_result){
-
- $user_entry = auth_ldap_get_entries($ldapconnection, $user_info_result);
- if (count($user_entry) > 1) {
- trigger_error("ldap: Strange! More than one user record found in ldap. Only using the first one.");
- }
- $user_entry = $user_entry[0];
-
- //error_log(var_export($user_entry) . 'fpp' );
-
- foreach ($attrmap as $key=>$ldapkeys){
-
- // only process if the moodle field ($key) has changed and we
- // are set to update LDAP with it
- if ($olduser->$key !== $newuser->$key &&
- !empty($pcfg->{'field_updateremote_'. $key})) {
-
- // for ldap values that could be in more than one
- // ldap key, we will do our best to match
- // where they came from
- $ambiguous = true;
- $changed = false;
- if (!is_array($ldapkeys)) {
- $ldapkeys = array($ldapkeys);
- }
- if (count($ldapkeys) < 2) {
- $ambiguous = false;
- }
-
- foreach ($ldapkeys as $ldapkey) {
- $ldapkey = strtolower($ldapkey);
- $ldapvalue = $user_entry[$ldapkey][0];
- if (!$ambiguous) {
- // skip update if the values already match
- if( !($newuser->$key === $ldapvalue) ){
- ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key));
- } else {
- error_log("Skip updating field $key for entry $user_dn: it seems to be already same on LDAP. " .
- " old moodle value: '" . $olduser->$key .
- "' new value '" . $newuser->$key .
- "' current value in ldap entry " . $ldapvalue);
- }
- } else { // ambiguous
- // value empty before in Moodle (and LDAP) - use 1st ldap candidate field
- // no need to guess
- if (empty($olduser->$key)) { // value empty before - use 1st ldap candidate
- if(ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key))){
- $changed=true;
- last;
- } else {
- error ('Error updating LDAP record. Error code: '
- . ldap_errno($ldapconnection) . '; Error string : '
- . ldap_err2str(ldap_errno($ldapconnection)));
- }
- }
-
- // we found which ldap key to update!
- if ( !empty($ldapvalue) && $olduser->$key === $ldapvalue ) {
- // error_log("Matched: ". $olduser->$key . " === " . $ldapvalue);
- if(ldap_modify($ldapconnection, $user_dn, array($ldapkey => $newuser->$key))){
- $changed=true;
- last;
- } else {
- error ('Error updating LDAP record. Error code: '
- . ldap_errno($ldapconnection) . '; Error string : '
- . ldap_err2str(ldap_errno($ldapconnection)));
- }
- }
- }
- }
-
- if ($ambiguous AND !$changed) {
- error_log("Failed to update LDAP with ambiguous field $key".
- " old moodle value: '" . $olduser->$key .
- "' new value '" . $newuser->$key );
- }
- }
- }
-
-
- } else {
- error_log("ERROR:No user found in LDAP");
- @ldap_close($ldapconnection);
- return false;
- }
-
- @ldap_close($ldapconnection);
-
- return true;
-
-}
-
-/*
- * changes userpassword in external db
- *
- * called when the user password is updated.
- * changes userpassword in external db
- *
- * @param mixed $username Username
- * @param mixed $newpassword Plaintext password
- * @param mixed $oldpassword Plaintext old password to bind ldap with
- * @return boolean result
- *
- */
-function auth_user_update_password($username, $newpassword) {
-/// called when the user password is updated -- it assumes it is called by an admin
-/// or that you've otherwise checked the user's credentials
-/// IMPORTANT: $newpassword must be cleartext, not crypted/md5'ed
-
- global $CFG, $USER;
- $result = false;
-
- $ldapconnection = auth_ldap_connect();
-
- $user_dn = auth_ldap_find_userdn($ldapconnection, $username);
-
- if(!$user_dn){
- error_log('LDAP Error in auth_user_update_password(). No DN for: ' . $username);
- return false;
- }
-
- switch ($CFG->ldap_user_type) {
- case 'edir':
- //Change password
- $result = ldap_modify($ldapconnection, $user_dn, array('userPassword' => $newpassword));
- if(!$result){
- error_log('LDAP Error in auth_user_update_password(). Error code: '
- . ldap_errno($ldapconnection) . '; Error string : '
- . ldap_err2str(ldap_errno($ldapconnection)));
- }
- //Update password expiration time, grace logins count
- $search_attribs = array($CFG->ldap_expireattr, 'passwordExpirationInterval','loginGraceLimit' );
- $sr = ldap_read($ldapconnection, $user_dn, 'objectclass=*', $search_attribs);
- if ($sr) {
- $info=auth_ldap_get_entries($ldapconnection, $sr);
- $newattrs = array();
- if (!empty($info[0][$CFG->ldap_expireattr][0])) {
- //Set expiration time only if passwordExpirationInterval is defined
- if (!empty($info[0]['passwordExpirationInterval'][0])) {
- $expirationtime = time() + $info[0]['passwordExpirationInterval'][0];
- $ldapexpirationtime = auth_ldap_unix2expirationtime($expirationtime);
- $newattrs['passwordExpirationTime'] = $ldapexpirationtime;
- }
-
- //set gracelogin count
- if (!empty($info[0]['loginGraceLimit'][0])) {
- $newattrs['loginGraceRemaining']= $info[0]['loginGraceLimit'][0];
- }
-
- //Store attribute changes to ldap
- $result = ldap_modify($ldapconnection, $user_dn, $newattrs);
- if(!$result){
- error_log('LDAP Error in auth_user_update_password() when modifying expirationtime and/or gracelogins. Error code: '
- . ldap_errno($ldapconnection) . '; Error string : '
- . ldap_err2str(ldap_errno($ldapconnection)));
- }
- }
- } else {
- error_log('LDAP Error in auth_user_update_password() when reading password expiration time. Error code: '
- . ldap_errno($ldapconnection) . '; Error string : '
- . ldap_err2str(ldap_errno($ldapconnection)));
- }
- break;
- default:
- $usedconnection = &$ldapconnection;
- // send ldap the password in cleartext, it will md5 it itself
- $result = ldap_modify($ldapconnection, $user_dn, array('userPassword' => $newpassword));
- if(!$result){
- error_log('LDAP Error in auth_user_update_password(). Error code: '
- . ldap_errno($ldapconnection) . '; Error string : '
- . ldap_err2str(ldap_errno($ldapconnection)));
- }
-
- }
-
-
- @ldap_close($ldapconnection);
-
- return $result;
-}
-
-//PRIVATE FUNCTIONS starts
-//private functions are named as auth_ldap*
-
-/**
- * returns predefined usertypes
- *
- * @return array of predefined usertypes
- */
-
-function auth_ldap_suppported_usertypes (){
-// returns array of supported usertypes (schemas)
-// If you like to add our own please name and describe it here
-// And then add case clauses in relevant places in functions
-// iauth_ldap_init, auth_user_create, auth_check_expire, auth_check_grace
- $types['edir']='Novell Edirectory';
- $types['rfc2307']='posixAccount (rfc2307)';
- $types['rfc2307bis']='posixAccount (rfc2307bis)';
- $types['samba']='sambaSamAccount (v.3.0.7)';
- $types['ad']='MS ActiveDirectory';
- return $types;
-}
-
-
-/**
- * initializes needed variables for ldap-module
- *
- * Uses names defined in auth_ldap_supported_usertypes.
- * $default is first defined as:
- * $default['pseudoname'] = array(
- * 'typename1' => 'value',
- * 'typename2' => 'value'
- * ....
- * );
- *
- * @return array of default values
- */
-
-function auth_ldap_getdefaults(){
- $default['ldap_objectclass'] = array(
- 'edir' => 'User',
- 'rfc2703' => 'posixAccount',
- 'rfc2703bis' => 'posixAccount',
- 'samba' => 'sambaSamAccount',
- 'ad' => 'user',
- 'default' => '*'
- );
- $default['ldap_user_attribute'] = array(
- 'edir' => 'cn',
- 'rfc2307' => 'uid',
- 'rfc2307bis' => 'uid',
- 'samba' => 'uid',
- 'ad' => 'cn',
- 'default' => 'cn'
- );
- $default['ldap_memberattribute'] = array(
- 'edir' => 'member',
- 'rfc2307' => 'member',
- 'rfc2307bis' => 'member',
- 'samba' => 'member',
- 'ad' => 'member',
- 'default' => 'member'
- );
- $default['ldap_memberattribute_isdn'] = array(
- 'edir' => '1',
- 'rfc2307' => '0',
- 'rfc2307bis' => '1',
- 'samba' => '0', //is this right?
- 'ad' => '1',
- 'default' => '0'
- );
- $default['ldap_expireattr'] = array (
- 'edir' => 'passwordExpirationTime',
- 'rfc2307' => 'shadowExpire',
- 'rfc2307bis' => 'shadowExpire',
- 'samba' => '', //No support yet
- 'ad' => '', //No support yet
- 'default' => ''
- );
- return $default;
-}
-
-/**
- * return binaryfields of selected usertype
- *
- *
- * @return array
- */
-
-function auth_ldap_getbinaryfields () {
- global $CFG;
- $binaryfields = array (
- 'edir' => array('guid'),
- 'rfc2703' => array(),
- 'rfc2703bis' => array(),
- 'samba' => array(),
- 'ad' => array(),
- 'default' => '*'
- );
- if (!empty($CFG->ldap_user_type)) {
- return $binaryfields[$CFG->ldap_user_type];
- } else {
- return $binaryfields['default'];
- }
- }
-
-function auth_ldap_isbinary ($field) {
- if (!isset($field)) {
- return null ;
- }
- return array_search($field, auth_ldap_getbinaryfields());
-}
-
-/**
- * set $CFG-values for ldap_module
- *
- * Get default configuration values with auth_ldap_getdefaults()
- * and by using this information $CFG-> values are set
- * If $CFG->value is alredy set current value is honored.
- *
- *
- */
-function auth_ldap_init () {
- global $CFG;
-
- $default = auth_ldap_getdefaults();
-
- foreach ($default as $key => $value) {
- //set defaults if overriding fields not set
- if(empty($CFG->{$key})) {
- if (!empty($CFG->ldap_user_type) && !empty($default[$key][$CFG->ldap_user_type])) {
- $CFG->{$key} = $default[$key][$CFG->ldap_user_type];
- }else {
- //use default value if user_type not set
- if(!empty($default[$key]['default'])){
- $CFG->$key = $default[$key]['default'];
- }else {
- unset($CFG->$key);
- }
- }
- }
- }
- //hack prefix to objectclass
- if ('objectClass=' != substr($CFG->ldap_objectclass, 0, 12)) {
- $CFG->ldap_objectclass = 'objectClass='.$CFG->ldap_objectclass;
- }
-
- //all chages go in $CFG , no need to return value
-}
-
-/**
- * take expirationtime and return it as unixseconds
- *
- * takes expriration timestamp as readed from ldap
- * returns it as unix seconds
- * depends on $CFG->usertype variable
- *
- * @param mixed time Time stamp readed from ldap as it is.
- * @return timestamp
- */
-
-function auth_ldap_expirationtime2unix ($time) {
-
- global $CFG;
- $result = false;
- switch ($CFG->ldap_user_type) {
- case 'edir':
- $yr=substr($time,0,4);
- $mo=substr($time,4,2);
- $dt=substr($time,6,2);
- $hr=substr($time,8,2);
- $min=substr($time,10,2);
- $sec=substr($time,12,2);
- $result = mktime($hr,$min,$sec,$mo,$dt,$yr);
- break;
- case 'posix':
- $result = $time * DAYSECS ; //The shadowExpire contains the number of DAYS between 01/01/1970 and the actual expiration date
- break;
- default:
- error('CFG->ldap_user_type not defined or function auth_ldap_expirationtime2unix does not support selected type!');
-}
- return $result;
-}
-
-/**
- * takes unixtime and return it formated for storing in ldap
- *
- * @param integer unix time stamp
- */
-function auth_ldap_unix2expirationtime ($time) {
- global $CFG;
- $result = false;
- switch ($CFG->ldap_user_type) {
- case 'edir':
- $result=date('YmdHis', $time).'Z';
- break;
- case 'posix':
- $result = $time ; //Already in correct format
- break;
- default:
- error('CFG->ldap_user_type not defined or function auth_ldap_unixi2expirationtime does not support selected type!');
- }
- return $result;
-
-}
-
-/*
- * checks if user belong to specific group(s)
- *
- * Returns true if user belongs group in grupdns string.
- *
- * @param mixed $username username
- * @param mixed $groupdns string of group dn separated by ;
- *
- */
-function auth_ldap_isgroupmember ($username='', $groupdns='') {
-// Takes username and groupdn(s) , separated by ;
-// Returns true if user is member of any given groups
-
- global $CFG ;
- $result = false;
- $ldapconnection = auth_ldap_connect();
-
- if (empty($username) OR empty($groupdns)) {
- return $result;
- }
-
- if ($CFG->ldap_memberattribute_isdn) {
- $username=auth_ldap_find_userdn($ldapconnection, $username);
- }
- if (! $username ) {
- return $result;
- }
-
- $groups = explode(";",$groupdns);
-
- foreach ($groups as $group){
- $group = trim($group);
- if (empty($group)) {
- continue;
- }
- //echo "Checking group $group for member $username\n";
- $search = @ldap_read($ldapconnection, $group, '('.$CFG->ldap_memberattribute.'='.$username.')', array($CFG->ldap_memberattribute));
-
- if (!empty($search) AND ldap_count_entries($ldapconnection, $search)) {$info = auth_ldap_get_entries($ldapconnection, $search);
-
- if (count($info) > 0 ) {
- // user is member of group
- $result = true;
- break;
- }
- }
-}
-
- return $result;
-
-}
-
-/**
- * connects to ldap server
- *
- * Tries connect to specified ldap servers.
- * Returns connection result or error.
- *
- * @return connection result
- */
-function auth_ldap_connect($binddn='',$bindpwd=''){
-/// connects and binds to ldap-server
-/// Returns connection result
-
- global $CFG;
- auth_ldap_init();
-
- //Select bind password, With empty values use
- //ldap_bind_* variables or anonymous bind if ldap_bind_* are empty
- if ($binddn == '' AND $bindpwd == '') {
- if (!empty($CFG->ldap_bind_dn)){
- $binddn = $CFG->ldap_bind_dn;
- }
- if (!empty($CFG->ldap_bind_pw)){
- $bindpwd = $CFG->ldap_bind_pw;
- }
- }
-
- $urls = explode(";",$CFG->ldap_host_url);
-
- foreach ($urls as $server){
- $server = trim($server);
- if (empty($server)) {
- continue;
- }
-
- $connresult = ldap_connect($server);
- //ldap_connect returns ALWAYS true
-
- if (!empty($CFG->ldap_version)) {
- ldap_set_option($connresult, LDAP_OPT_PROTOCOL_VERSION, $CFG->ldap_version);
- }
-
- if (!empty($binddn)){
- //bind with search-user
- //$debuginfo .= 'Using bind user'.$binddn.'and password:'.$bindpwd;
- $bindresult=ldap_bind($connresult, $binddn,$bindpwd);
- } else {
- //bind anonymously
- $bindresult=@ldap_bind($connresult);
- }
-
- if (!empty($CFG->ldap_opt_deref)) {
- ldap_set_option($connresult, LDAP_OPT_DEREF, $CFG->ldap_opt_deref);
- }
-
- if ($bindresult) {
- return $connresult;
- }
-
- $debuginfo .= "<br/>Server: '$server' <br/> Connection: '$connresult'<br/> Bind result: '$bindresult'</br>";
- }
-
- //If any of servers are alive we have already returned connection
- error("LDAP-module cannot connect any LDAP servers : $debuginfo");
- return false;
-}
-
-/**
- * retuns dn of username
- *
- * Search specified contexts for username and return user dn
- * like: cn=username,ou=suborg,o=org
- *
- * @param mixed $ldapconnection $ldapconnection result
- * @param mixed $username username
- *
- */
-
-function auth_ldap_find_userdn ($ldapconnection, $username){
-
- global $CFG;
-
- //default return value
- $ldap_user_dn = FALSE;
-
- //get all contexts and look for first matching user
- $ldap_contexts = explode(";",$CFG->ldap_contexts);
-
- if (!empty($CFG->ldap_create_context)){
- array_push($ldap_contexts, $CFG->ldap_create_context);
- }
-
- foreach ($ldap_contexts as $context) {
-
- $context = trim($context);
- if (empty($context)) {
- continue;
- }
-
- if ($CFG->ldap_search_sub){
- //use ldap_search to find first user from subtree
- $ldap_result = ldap_search($ldapconnection, $context, "(".$CFG->ldap_user_attribute."=".$username.")",array($CFG->ldap_user_attribute));
-
- } else {
- //search only in this context
- $ldap_result = ldap_list($ldapconnection, $context, "(".$CFG->ldap_user_attribute."=".$username.")",array($CFG->ldap_user_attribute));
- }
-
- $entry = ldap_first_entry($ldapconnection,$ldap_result);
-
- if ($entry){
- $ldap_user_dn = ldap_get_dn($ldapconnection, $entry);
- break ;
- }
- }
-
- return $ldap_user_dn;
-}
-
-/**
- * retuns user attribute mappings between moodle and ldap
- *
- * @return array
- */
-
-function auth_ldap_attributes (){
-
- global $CFG;
-
- $config = (array)$CFG;
- $fields = array("firstname", "lastname", "email", "phone1", "phone2",
- "department", "address", "city", "country", "description",
- "idnumber", "lang" );
-
- $pcfg = get_config('auth/ldap');
-
- $moodleattributes = array();
- foreach ($fields as $field) {
- if (!empty($pcfg->{"field_map_$field"})) {
- $moodleattributes[$field] = $pcfg->{"field_map_$field"};
- if (preg_match('/,/',$moodleattributes[$field])) {
- $moodleattributes[$field] = explode(',', $moodleattributes[$field]); // split ?
- }
- }
- }
- $moodleattributes['username']=$config["ldap_user_attribute"];
- return $moodleattributes;
-}
-
-/**
- * return all usernames from ldap
- *
- * @return array
- */
-
-function auth_ldap_get_userlist($filter="*") {
-/// returns all users from ldap servers
- global $CFG;
-
- $fresult = array();
-
- $ldapconnection = auth_ldap_connect();
-
- if ($filter=="*") {
- $filter = "(&(".$CFG->ldap_user_attribute."=*)(".$CFG->ldap_objectclass."))";
- }
-
- $contexts = explode(";",$CFG->ldap_contexts);
-
- if (!empty($CFG->ldap_create_context)){
- array_push($contexts, $CFG->ldap_create_context);
- }
-
- foreach ($contexts as $context) {
-
- $context = trim($context);
- if (empty($context)) {
- continue;
- }
-
- if ($CFG->ldap_search_sub) {
- //use ldap_search to find first user from subtree
- $ldap_result = ldap_search($ldapconnection, $context,$filter,array($CFG->ldap_user_attribute));
- } else {
- //search only in this context
- $ldap_result = ldap_list($ldapconnection, $context,
- $filter,
- array($CFG->ldap_user_attribute));
- }
-
- $users = auth_ldap_get_entries($ldapconnection, $ldap_result);
-
- //add found users to list
- for ($i=0;$i<count($users);$i++) {
- array_push($fresult, ($users[$i][$CFG->ldap_user_attribute][0]) );
- }
- }
-
- return $fresult;
-}
-
-/**
- * return entries from ldap
- *
- * Returns values like ldap_get_entries but is
- * binary compatible and return all attributes as array
- *
- * @return array ldap-entries
- */
-
-function auth_ldap_get_entries($conn, $searchresult){
-//Returns values like ldap_get_entries but is
-//binary compatible
- $i=0;
- $fresult=array();
- $entry = ldap_first_entry($conn, $searchresult);
- do {
- $attributes = @ldap_get_attributes($conn, $entry);
- for($j=0; $j<$attributes['count']; $j++) {
- $values = ldap_get_values_len($conn, $entry,$attributes[$j]);
- if (is_array($values)) {
- $fresult[$i][$attributes[$j]] = $values;
- } else {
- $fresult[$i][$attributes[$j]] = array($values);
- }
- }
- $i++;
- }
- while ($entry = @ldap_next_entry($conn, $entry));
- //were done
- return ($fresult);
-}
-
-
-
-
-?>
--- /dev/null
+<?php
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: Manual Authentication
+ *
+ * Just does a simple check against the moodle database.
+ *
+ * 2006-08-28 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * Manual authentication plugin.
+ */
+class auth_plugin_manual
+{
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ var $canchangepassword = true;
+ var $isinternal = true;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_manual() {
+ $this->config = get_config('auth/manual');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ if ($user = get_record('user', 'username', $username)) {
+ if (validate_internal_user_password($user, $password)) {
+ return true;
+ // return AUTH_OK;
+ }
+ }
+ return false;
+ // return AUTH_FAIL;
+ }
+
+ /*
+ * Updates the user's password.
+ *
+ * called when the user password is updated.
+ *
+ * @param mixed $username Username
+ * @param mixed $newpassword Plaintext password
+ * @return boolean result
+ *
+ */
+ function user_update_password($username, $newpassword) {
+ $user = get_complete_user_data('username', $username);
+ return update_internal_user_password($user, $newpassword);
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return true;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return true;
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ return true;
+ }
+
+}
+
+?>
-<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
- <td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
- </td>
-</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
+<!-- No config needed -->
+<div align="center"><?php print_string('none'); ?></div>
+
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+<?php
+
+global $user_fields;
+print_auth_lock_options('manual', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // manual method - Just does a simple check against the database
-
-function auth_user_login ($username, $password) {
-// Returns false if the username doesn't exist yet
-// Returns true if the username and password work
-
- if ($user = get_record('user', 'username', $username)) {
- return validate_internal_user_password($user, $password);
- }
-
- return false;
-}
-
-
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: NNTP Authentication
+ *
+ * Authenticates against an NNTP server.
+ *
+ * 2006-08-31 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * NNTP authentication plugin.
+ */
+class auth_plugin_nntp {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_nntp() {
+ $this->config = get_config('auth/nntp');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ if (! function_exists('imap_open')) {
+ error("Cannot use NNTP authentication. The PHP IMAP module is not installed.");
+ }
+
+ global $CFG;
+
+ // try each multiple host
+ $hosts = split(';', $this->config->host);
+ foreach ($hosts as $host) {
+ $host = '{' . trim($host) . ':' . $this->config->port . '/nntp}';
+
+ error_reporting(0);
+ $connection = imap_open($host, $username, $password, OP_HALFOPEN);
+ error_reporting($CFG->debug);
+
+ if ($connection) {
+ imap_close($connection);
+ return true;
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset ($config->host)) {
+ $config->host = '127.0.0.1';
+ }
+ if (!isset ($config->port)) {
+ $config->port = '119';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('host', $config->host, 'auth/nntp');
+ set_config('port', $config->port, 'auth/nntp');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/nntp');
+
+ return true;
+ }
+
+}
+
+?>
<?php
- if (!isset($config->auth_nntphost)) {
- $config->auth_nntphost = "127.0.0.1";
- }
- if (!isset($config->auth_nntpport)) {
- $config->auth_nntpport = "119";
- }
+
+// set to defaults if undefined
+if (!isset($config->host)) {
+ $config->host = "127.0.0.1";
+}
+if (!isset($config->port)) {
+ $config->port = "119";
+}
+if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+}
+
?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
<tr valign="top" class="required">
- <td align="right">auth_nntphost:</td>
+ <td align="right"> host: </td>
<td>
- <input name="auth_nntphost" type="text" size="30" value="<?php echo $config->auth_nntphost?>" />
- <?php if (isset($err["auth_nntphost"])) formerr($err["auth_nntphost"]); ?>
+ <input name="host" type="text" size="30" value="<?php echo $config->host ?>" />
+ <?php
+
+ if (isset($err["host"])) {
+ formerr($err["host"]);
+ }
+
+ ?>
</td>
<td>
- <?php print_string("auth_nntphost","auth") ?>
- <?php print_string("auth_multiplehosts","auth") ?>
+ <?php
+
+ print_string("auth_nntphost", "auth");
+ print_string("auth_multiplehosts", "auth");
+
+ ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_nntpport:</td>
- <td>
- <input name="auth_nntpport" type="text" size="6" value="<?php echo $config->auth_nntpport?>" />
- <?php if (isset($err["auth_nntpport"])) formerr($err["auth_nntpport"]); ?>
- </td>
+ <td align="right"> port: </td>
<td>
- <?php print_string("auth_nntpport","auth") ?>
+ <input name="port" type="text" size="6" value="<?php echo $config->port ?>" />
+ <?php
+
+ if (isset($err["port"])) {
+ formerr($err["port"]);
+ }
+
+ ?>
</td>
+ <td><?php print_string("auth_nntpport", "auth") ?></td>
</tr>
<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
+ <td align="right"> changepasswordurl: </td>
<td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
+
+<?php
+
+global $user_fields;
+print_auth_lock_options('nntp', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // Authentication by looking up an NNTP server
-
-
-function auth_user_login ($username, $password) {
-// Returns true if the username and password work
-// and false if they are wrong or don't exist.
-
- global $CFG;
-
- $hosts = split(';', $CFG->auth_nntphost); // Could be multiple hosts
-
- foreach ($hosts as $host) { // Try each host in turn
- $host = '{'.trim($host).":$CFG->auth_nntpport/nntp}";
-
- error_reporting(0);
- $connection = imap_open($host, $username, $password, OP_HALFOPEN);
- error_reporting($CFG->debug);
-
- if ($connection) {
- imap_close($connection);
- return true;
- }
- }
-
- return false; // No match
-}
-
-
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: No Authentication
+ *
+ * No authentication at all. This method approves everything!
+ *
+ * 2006-08-31 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * Plugin for no authentication.
+ */
+class auth_plugin_none {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ var $canchangepassword = true;
+ var $isinternal = true;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_none() {
+ $this->config = get_config('auth/none');
+ }
+
+ /**
+ * Returns true if the username and password work or don't exist and false
+ * if the user exists and the password is wrong.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ if ($user = get_record('user', 'username', $username)) {
+ return validate_internal_user_password($user, $password);
+ }
+ return true;
+ }
+
+ /*
+ * Updates the user's password.
+ *
+ * called when the user password is updated.
+ *
+ * @param mixed $username Username
+ * @param mixed $newpassword Plaintext password
+ * @return boolean result
+ *
+ */
+ function user_update_password($username, $newpassword) {
+ $user = get_complete_user_data('username', $username);
+ return update_internal_user_password($user, $newpassword);
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return true;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return true;
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ return true;
+ }
+
+}
+
+?>
<!-- No config needed -->
<div align="center"><?php print_string('none'); ?></div>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
+
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+<?php
+
+global $user_fields;
+print_auth_lock_options('none', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // No authentication at all. This method approves everything!
-
-function auth_user_login ($username, $password) {
-// Returns true if the username doesn't exist yet
-// Returns true if the username and password work
-
- if ($user = get_record('user', 'username', $username)) {
- return validate_internal_user_password($user, $password);
- }
-
- return true;
-}
-
-
-
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: PAM Authentication
+ *
+ * PAM (Pluggable Authentication Modules) for Moodle
+ *
+ * Description:
+ * Authentication by using the PHP4 PAM module:
+ * http://www.math.ohio-state.edu/~ccunning/pam_auth/
+ *
+ * Version 0.3 2006/09/07 by Jonathan Harker (plugin class)
+ * Version 0.2: 2004/09/01 by Martin V�geli (stable version)
+ * Version 0.1: 2004/08/30 by Martin V�geli (first draft)
+ *
+ * Contact: martinvoegeli@gmx.ch
+ * Website 1: http://elearning.zhwin.ch/
+ * Website 2: http://birdy1976.com/
+ *
+ * License: GPL License v2
+ *
+ * 2006-08-31 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * PAM authentication plugin.
+ */
+class auth_plugin_pam {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Store error messages from pam authentication attempts.
+ */
+ var $lasterror;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_pam() {
+ $this->config = get_config('auth/pam');
+ $this->errormessage = '';
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ // variable to store possible errors during authentication
+ $errormessage = str_repeat(' ', 2048);
+
+ // just for testing and debugging
+ // error_reporting(E_ALL);
+ if (pam_auth($username, $password, &$errormessage)) {
+ return true;
+ }
+ else {
+ $this->lasterror = $errormessage;
+ return false;
+ }
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ return true;
+ }
+
+}
+
+?>
-<tr valign="top">
- <td align="right"><p><?php print_string("instructions", "auth") ?>:</p></td>
- <td><textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
- <td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
- </td>
-</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
+<!-- No config needed -->
+<div align="center"><?php print_string('none'); ?></div>
+
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+<?php
+
+global $user_fields;
+print_auth_lock_options('pam', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?PHP // $Id$
- //
- // PAM (Pluggable Authentication Modules) for Moodle
- //
- // Description:
- // Authentication by using the PHP4 PAM module:
- // http://www.math.ohio-state.edu/~ccunning/pam_auth/
- //
- // Version 0.2: 2004/09/01 by Martin Vögeli (stable version)
- // Version 0.1: 2004/08/30 by Martin Vögeli (first draft)
- //
- // Contact: martinvoegeli@gmx.ch
- // Website 1: http://elearning.zhwin.ch/
- // Website 2: http://birdy1976.com/
- //
- // License: GPL License v2
- // // // // // // // // // // // // // // // // // // //
-
-function auth_user_login ($username, $password) {
- global $CFG;
- // returns true if the username and password work
- // and false if they are wrong or don't exist
- // variable to store possible errors during authentication
- $strErrorPAM = " ";
- // the maximal length of returned messages is 512
- // let's double the number to give it enough space ;)
- // (the errror variable is passed by reference)
- for ($i = 1; $i <= 1024; $i++) {
- $strErrorPAM += "{$strErrorPAM} ";
- }
- // just for testing and debugging
- // error_reporting(E_ALL);
- // finally the actual authentication part...
- if (pam_auth($username, $password, &$strErrorPAM)) {
- // authentication success
- return true;
- } else {
- // authentication failure
- return false;
- }
-}
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: POP3 Authentication
+ *
+ * Authenticates against a POP3 server.
+ *
+ * 2006-08-31 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * POP3 authentication plugin.
+ */
+class auth_plugin_pop3 {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_pop3() {
+ $this->config = get_config('auth/pop3');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login($username, $password) {
+ if (! function_exists('imap_open')) {
+ error("Cannot use POP3 authentication. The PHP IMAP module is not installed.");
+ }
+
+ global $CFG;
+ $hosts = split(';', $this->config->host); // Could be multiple hosts
+ foreach ($hosts as $host) { // Try each host in turn
+ $host = trim($host);
+
+ // remove any trailing slash
+ if (substr($host, -1) == '/') {
+ $host = substr($host, 0, strlen($host) - 1);
+ }
+
+ switch ($this->config->type) {
+ case 'pop3':
+ $host = '{'.$host.":{$this->config->port}/pop3}{$this->config->mailbox}";
+ break;
+
+ case 'pop3notls':
+ $host = '{'.$host.":{$this->config->port}/pop3/notls}{$this->config->mailbox}";
+ break;
+
+ case 'pop3cert':
+ $host = '{'.$host.":{$this->config->port}/pop3/ssl/novalidate-cert}{$this->config->mailbox}";
+ break;
+ }
+
+ error_reporting(0);
+ $connection = imap_open($host, $username, $password);
+ error_reporting($CFG->debug);
+
+ if ($connection) {
+ imap_close($connection);
+ return true;
+ }
+ }
+ return false; // No matches found
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Returns the URL for changing the user's pw, or false if the default can
+ * be used.
+ *
+ * @returns bool
+ */
+ function change_password_url() {
+ return $CFG->changepasswordurl; // TODO: will this be global?
+ //return $this->config->changepasswordurl;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset ($config->host)) {
+ $config->host = '127.0.0.1';
+ }
+ if (!isset ($config->type)) {
+ $config->type = 'pop3notls';
+ }
+ if (!isset ($config->port)) {
+ $config->port = '143';
+ }
+ if (!isset ($config->mailbox)) {
+ $config->mailbox = 'INBOX';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('host', $config->host, 'auth/pop3');
+ set_config('type', $config->type, 'auth/pop3');
+ set_config('port', $config->port, 'auth/pop3');
+ set_config('mailbox', $config->mailbox, 'auth/pop3');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/pop3');
+
+ return true;
+ }
+
+}
+
+?>
-<?php // $Id$
- if (!isset($config->auth_pop3host)) {
- $config->auth_pop3host = "127.0.0.1";
- }
- if (!isset($config->auth_pop3type)) {
- $config->auth_pop3type = "pop3notls";
- }
- if (!isset($config->auth_pop3port)) {
- $config->auth_pop3port = "110";
- }
- if (!isset($config->auth_pop3mailbox)) {
- $config->auth_pop3mailbox = "INBOX";
- }
+<?php
+
+// set to defaults if undefined
+if (!isset($config->host)) {
+ $config->host = '127.0.0.1';
+}
+if (!isset($config->type)) {
+ $config->type = 'pop3notls';
+}
+if (!isset($config->port)) {
+ $config->port = '110';
+}
+if (!isset($config->mailbox)) {
+ $config->mailbox = 'INBOX';
+}
+if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+}
+
?>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+
<tr valign="top" class="required">
- <td align="right">auth_pop3host:</td>
+ <td align="right"> host: </td>
<td>
- <input name="auth_pop3host" type="text" size="30" value="<?php echo $config->auth_pop3host?>" />
- <?php if (isset($err["auth_pop3host"])) formerr($err["auth_pop3host"]); ?>
+ <input name="host" type="text" size="30" value="<?php echo $config->host ?>" />
+ <?php
+
+ if (isset($err['host'])) {
+ formerr($err['host']);
+ }
+
+ ?>
</td>
<td>
- <?php print_string("auth_pop3host","auth") ?>
- <?php print_string("auth_multiplehosts","auth") ?>
+ <?php
+
+ print_string('auth_pop3host', 'auth');
+ print_string('auth_multiplehosts', 'auth');
+
+ ?>
</td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_pop3type:</td>
+ <td align="right"> type: </td>
<td>
- <?php $pop3types = array("pop3","pop3cert", "pop3notls");
- foreach($pop3types as $pop3type) {
- $pop3options[$pop3type] = $pop3type;
- }
- choose_from_menu($pop3options, "auth_pop3type", $config->auth_pop3type, "");
- ?>
- </td>
-<td>
- <?php print_string("auth_pop3type","auth") ?>
+ <?php
+
+ $pop3types = array('pop3', 'pop3cert', 'pop3notls');
+ foreach ($pop3types as $pop3type) {
+ $pop3options[$pop3type] = $pop3type;
+ }
+ choose_from_menu($pop3options, 'type', $config->type, '');
+
+ ?>
</td>
+ <td><?php print_string('auth_pop3type', 'auth') ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_pop3port:</td>
- <td>
- <input name="auth_pop3port" type="text" size="6" value="<?php echo $config->auth_pop3port?>" />
- <?php if (isset($err["auth_pop3port"])) formerr($err["auth_pop3port"]); ?>
- </td>
+ <td align="right"> port: </td>
<td>
- <?php print_string("auth_pop3port","auth") ?>
+ <input name="port" type="text" size="6" value="<?php echo $config->port ?>" />
+ <?php
+
+ if (isset($err['port'])) {
+ formerr($err['port']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_pop3port', 'auth') ?></td>
</tr>
<tr valign="top" class="required">
- <td align="right">auth_pop3mailbox:</td>
+ <td align="right"> mailbox: </td>
<td>
- <input name="auth_pop3mailbox" type="text" size="6" value="<?php echo $config->auth_pop3mailbox?>" />
- <?php if (isset($err["auth_pop3mailbox"])) formerr($err["auth_pop3mailbox"]); ?>
- </td>
- <td>
- <?php print_string("auth_pop3mailbox","auth") ?>
+ <input name="mailbox" type="text" size="6" value="<?php echo $config->mailbox ?>" />
+ <?php
+
+ if (isset($err['mailbox'])) {
+ formerr($err['mailbox']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_pop3mailbox', 'auth') ?></td>
</tr>
<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
- </td>
+ <td align="right"> changepasswordurl: </td>
<td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
-<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
+<?php
+
+global $user_fields;
+print_auth_lock_options('pop3', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
+
+?>
+</table>
+++ /dev/null
-<?php // $Id$
- // Authentication by looking up a POP3 server
-
-function auth_user_login ($username, $password) {
-// Returns true if the username and password work
-// and false if they are wrong or don't exist.
-
- global $CFG;
-
- $hosts = split(';', $CFG->auth_pop3host); // Could be multiple hosts
-
- foreach ($hosts as $host) { // Try each host in turn
-
- $host = trim($host);
-
- // remove any trailing slash
- if (substr($host, -1) == '/') {
- $host = substr($host, 0, strlen($host) - 1);
- }
-
- switch ($CFG->auth_pop3type) {
- case "pop3":
- $host = '{'.$host.":$CFG->auth_pop3port/pop3}$CFG->auth_pop3mailbox";
- break;
- case "pop3notls":
- $host = '{'.$host.":$CFG->auth_pop3port/pop3/notls}$CFG->auth_pop3mailbox";
- break;
- case "pop3cert":
- $host = '{'.$host.":$CFG->auth_pop3port/pop3/ssl/novalidate-cert}$CFG->auth_pop3mailbox";
- break;
- }
-
- error_reporting(0);
- $connection = imap_open($host, $username, $password);
- error_reporting($CFG->debug);
-
- if ($connection) {
- imap_close($connection);
- return true;
- }
- }
-
- return false; // No matches found
-}
-
-
-?>
--- /dev/null
+<?php
+
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: RADIUS Authentication
+ *
+ * Authenticates against a RADIUS server.
+ * Contributed by Clive Gould <clive@ce.bromley.ac.uk>
+ *
+ * 2006-08-31 File created.
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * RADIUS authentication plugin.
+ */
+class auth_plugin_radius {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_radius() {
+ $this->config = get_config('auth/radius');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login ($username, $password) {
+ require_once 'Auth/RADIUS.php';
+
+ // Added by Clive on 7th May for test purposes
+ // printf("Username: $username <br>");
+ // printf("Password: $password <br>");
+ // printf("host: $this->config->host <br>");
+ // printf("nasport: $this->config->nasport <br>");
+ // printf("secret: $this->config->secret <br>");
+
+ $rauth = new Auth_RADIUS_PAP($username, $password);
+ $rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
+
+ if (!$rauth->start()) {
+ printf("Radius start: %s<br>\n", $rauth->getError());
+ exit;
+ }
+
+ $result = $rauth->send();
+ if (PEAR::isError($result)) {
+ printf("Radius send failed: %s<br>\n", $result->getMessage());
+ exit;
+ } else if ($result === true) {
+ // printf("Radius Auth succeeded<br>\n");
+ return true;
+ } else {
+ // printf("Radius Auth rejected<br>\n");
+ return false;
+ }
+
+ // get attributes, even if auth failed
+ if (!$rauth->getAttributes()) {
+ printf("Radius getAttributes: %s<br>\n", $rauth->getError());
+ } else {
+ $rauth->dumpAttributes();
+ }
+
+ $rauth->close();
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset ($config->host)) {
+ $config->host = '127.0.0.1';
+ }
+ if (!isset ($config->nasport)) {
+ $config->nasport = '1812';
+ }
+ if (!isset ($config->secret)) {
+ $config->secret = '';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('host', $config->host, 'auth/radius');
+ set_config('nasport', $config->nasport, 'auth/radius');
+ set_config('secret', $config->secret, 'auth/radius');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/radius');
+
+ return true;
+ }
+
+}
+
+?>
-<?PHP // $Id: config.html
+<?php
-if ((!include_once('Auth/RADIUS.php')) or (!class_exists(Auth_RADIUS_PAP))) { // Is Auth/RADIUS really there?
+// TODO: this generates broken file errors, needs safer test -JH
+
+// Is Auth/RADIUS really there?
+if ((!include_once('Auth/RADIUS.php')) or (!class_exists(Auth_RADIUS_PAP))) {
print '<p align="center"><font color="red"><strong>Warning: The Auth_RADIUS module does not seem to be present. Please ensure it is installed and enabled.</strong></font></p>';
}
- if (!isset($config->auth_radiushost)) {
- $config->auth_radiushost = "127.0.0.1";
- }
- if (!isset($config->auth_radiusnasport)) {
- $config->auth_radiusport = "0";
- }
- if (!isset($config->auth_radiussecret)) {
- $config->auth_radiussecret = "";
- }
+
+// set to defaults if undefined
+if (!isset($config->host)) {
+ $config->host = '127.0.0.1';
+}
+if (!isset($config->nasport)) {
+ $config->nasport = '1812';
+}
+if (!isset($config->secret)) {
+ $config->secret = '';
+}
+if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+}
+
?>
-<tr valign="top" >
- <td align="right"><P>auth_radiushost:</td>
- <td>
- <input name="auth_radiushost" type="text" size="30" value="<?php echo $config->auth_radiushost?>">
- <?php if (isset($err["auth_radiushost"]))
- formerr($err["auth_radiushost"]); ?>
- </td>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+
+<tr valign="top">
+ <td align="right"> host: </td>
<td>
- <?php print_string("auth_radiushost","auth") ?>
- </td>
-</TR>
-
-<TR valign="top" >
- <td align="right"><P>auth_radiusnasport:</td>
- <td>
- <input name="auth_radiusport" type="text" size="6" value="<?php echo $config->auth_radiusport ?>">
- <?php if (isset($err["auth_radiusnasport"])) formerr($err["auth_radiusnasport"]); ?>
- </td>
+ <input name="host" type="text" size="30" value="<?php echo $config->host ?>">
+ <?php
+
+ if (isset($err['host'])) {
+ formerr($err['host']);
+ }
+
+ ?>
+ </td>
+ <td><?php print_string('auth_radiushost', 'auth') ?></td>
+</tr>
+
+<tr valign="top">
+ <td align="right"> nasport: </td>
<td>
- <?php print_string("auth_radiusnasport","auth") ?>
+ <input name="nasport" type="text" size="6" value="<?php echo $config->nasport ?>">
+ <?php
+
+ if (isset($err['nasport'])) {
+ formerr($err['nasport']);
+ }
+
+ ?>
</td>
-</TR>
+ <td><?php print_string('auth_radiusnasport', 'auth') ?></td>
+</tr>
-<TR valign="top" >
- <td align="right"><P>auth_radiussecret:</td>
- <td>
- <input name="auth_radiussecret" type="text" size="6" value="<?php echo $config->auth_radiussecret ?>">
- <?php if (isset($err["auth_radiussecret"])) formerr($err["auth_radiussecret"]); ?> </td>
+<tr valign="top" >
+ <td align="right"> secret: </td>
<td>
- <?php print_string("auth_radiussecret","auth") ?>
- </td>
-</TR>
-
-<TR valign="top">
- <td align="right"><P><?php print_string("instructions", "auth")
-?>:</td>
- <td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php
-p($config->auth_instructions) ?></textarea>
+ <input name="secret" type="text" size="6" value="<?php echo $config->secret ?>">
+ <?php
+
+ if (isset($err['secret'])) {
+ formerr($err['secret']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('auth_radiussecret', 'auth') ?></td>
+</tr>
+
+<tr valign="top">
+ <td align="right"> changepasswordurl: </td>
<td>
- <?php print_string("authinstructions","auth") ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
-</TR>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
+</tr>
+</table>
+++ /dev/null
-<?PHP // $Id$
- // Authentication by looking up a RADIUS server
- // Contributed by Clive Gould <clive@ce.bromley.ac.uk>
-
-function auth_user_login ($username, $password) {
- // Returns true if the username and password work
- // and false if they are wrong or don't exist.
-
- require_once 'Auth/RADIUS.php';
-
- global $CFG;
-
- // Added by Clive on 7th May for test purposes
- // printf("Username: $username <br>");
- // printf("Password: $password <br>");
- // printf("auth_radiushost: $CFG->auth_radiushost <br>");
- // printf("auth_radiusnasport: $CFG->auth_radiusnasport <br>");
- // printf("auth_radiussecret: $CFG->auth_radiussecret <br>");
-
- $rauth = new Auth_RADIUS_PAP($username, $password);
- $rauth->addServer($CFG->auth_radiushost, $CFG->auth_radiusnasport, $CFG->auth_radiussecret);
-
- if (!$rauth->start()) {
- printf("Radius start: %s<br>\n", $rauth->getError());
- exit;
- }
-
- $result = $rauth->send();
- if (PEAR::isError($result)) {
- printf("Radius send failed: %s<br>\n", $result->getMessage());
- exit;
- } else if ($result === true) {
- // printf("Radius Auth succeeded<br>\n");
- return true;
- } else {
- // printf("Radius Auth rejected<br>\n");
- return false;
- }
-
- // get attributes, even if auth failed
- if (!$rauth->getAttributes()) {
- printf("Radius getAttributes: %s<br>\n", $rauth->getError());
- } else {
- $rauth->dumpAttributes();
- }
-
- $rauth->close();
-}
-?>
-
If you want to use this hook you have to be a skilled PHP programmer. It is
strongly recommended that you take a look at the file
-moodle/auth/shibboleth/lib.php, especially the function 'auth_get_userinfo'
+moodle/auth/shibboleth/auth.php, especially the function 'get_userinfo'
where this file is included.
The context of the file is the same as within this login function. So you
can directly edit the object $result.
--- /dev/null
+<?php
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Authentication Plugin: Shibboleth Authentication
+ *
+ * Authentication using Shibboleth.
+ *
+ * 10.2004 SHIBBOLETH Authentication functions v.0.1
+ * 05.2005 Various extensions and fixes by Lukas Haemmerle
+ * 10.2005 Added better error messags
+ * 05.2006 Added better handling of mutli-valued attributes
+ * Distributed under GPL (c)Markus Hagman 2004-2006
+ *
+ * 2006-08-28 File created, code imported from lib.php
+ * 2006-10-27 Upstream 1.7 changes merged in, added above credits from lib.php :-)
+ */
+
+// This page cannot be called directly
+if (!isset($CFG)) exit;
+
+/**
+ * Shibboleth authentication plugin.
+ */
+class auth_plugin_shibboleth {
+
+ /**
+ * The configuration details for the plugin.
+ */
+ var $config;
+
+ /**
+ * Constructor.
+ */
+ function auth_plugin_shibboleth() {
+ $this->config = get_config('auth/shibboleth');
+ }
+
+ /**
+ * Returns true if the username and password work and false if they are
+ * wrong or don't exist.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ * @returns bool Authentication success or failure.
+ */
+ function user_login($username, $password) {
+ // If we are in the shibboleth directory then we trust the server var
+ if (!empty($_SERVER[$config->user_attribute])) {
+ return ($_SERVER[$config->user_attribute] == $username);
+ } else {
+ // If we are not, the user has used the manual login and the login name is
+ // unknown, so we return false.
+ return false;
+ }
+ }
+
+ function get_userinfo($username) {
+ // reads user information from shibboleth attributes and return it in array()
+ global $CFG;
+
+ // Check whether we have got all the essential attributes
+ if (
+ empty($_SERVER[$config->user_attribute])
+ || empty($_SERVER[$config->field_map_firstname])
+ || empty($_SERVER[$config->field_map_lastname])
+ || empty($_SERVER[$config->field_map_email])
+ ) {
+ error(get_string( 'shib_not_all_attributes_error', 'auth' , "'".$config->user_attribute."' ('".$_SERVER[$config->user_attribute]."'), '".$config->field_map_firstname."' ('".$_SERVER[$config->field_map_firstname]."'), '".$config->field_map_lastname."' ('".$_SERVER[$config->field_map_lastname]."') and '".$config->field_map_email."' ('".$_SERVER[$config->field_map_email]."')"));
+ }
+
+ $attrmap = $this->get_attributes();
+
+ $result = array();
+ $search_attribs = array();
+
+ foreach ($attrmap as $key=>$value) {
+ if (!empty($CFG->unicodedb)) {
+ $result[$key] = $this->get_first_string($_SERVER[$value]);
+ } else {
+ $result[$key] = $this->get_first_string(utf8_decode($_SERVER[$value]));
+ }
+ }
+
+ // Provide an API to modify the information to fit the Moodle internal
+ // data representation
+ if (
+ $config->convert_data
+ && $config->convert_data != ''
+ && is_readable($config->convert_data)
+ ) {
+
+ // Include a custom file outside the Moodle dir to
+ // modify the variable $moodleattributes
+ include($config->convert_data);
+ }
+
+ return $result;
+ }
+
+ /*
+ * Returns array containg attribute mappings between Moodle and Shibboleth.
+ */
+ function get_attributes() {
+ $configarray = (array) $this->config;
+
+ $fields = array("firstname", "lastname", "email", "phone1", "phone2",
+ "department", "address", "city", "country", "description",
+ "idnumber", "lang", "guid");
+
+ $moodleattributes = array();
+ foreach ($fields as $field) {
+ if ($configarray["field_map_$field"]) {
+ $moodleattributes[$field] = $configarray["field_map_$field"];
+ }
+ }
+ $moodleattributes['username'] = $configarray["user_attribute"];
+
+ return $moodleattributes;
+ }
+
+ /**
+ * Returns true if this authentication plugin is 'internal'.
+ *
+ * @returns bool
+ */
+ function is_internal() {
+ return false;
+ }
+
+ /**
+ * Returns true if this authentication plugin can change the user's
+ * password.
+ *
+ * @returns bool
+ */
+ function can_change_password() {
+ return false;
+ }
+
+ /**
+ * Prints a form for configuring this authentication plugin.
+ *
+ * This function is called from admin/auth.php, and outputs a full page with
+ * a form for configuring this plugin.
+ *
+ * @param array $page An object containing all the data for this page.
+ */
+ function config_form($config, $err) {
+ include "config.html";
+ }
+
+ /**
+ * Processes and stores configuration data for this authentication plugin.
+ */
+ function process_config($config) {
+ // set to defaults if undefined
+ if (!isset($config->auth_instructions) or empty($config->user_attribute)) {
+ $config->auth_instructions = get_string('shibboleth_instructions', 'auth', $CFG->wwwroot.'/auth/shibboleth/index.php');
+ }
+ if (!isset ($config->user_attribute)) {
+ $config->user_attribute = '';
+ }
+ if (!isset ($config->convert_data)) {
+ $config->convert_data = '';
+ }
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
+ }
+
+ // save settings
+ set_config('user_attribute', $config->user_attribute, 'auth/shibboleth');
+ set_config('convert_data', $config->convert_data, 'auth/shibboleth');
+ set_config('auth_instructions', $config->auth_instructions, 'auth/shibboleth');
+ set_config('changepasswordurl', $config->changepasswordurl, 'auth/shibboleth');
+
+ return true;
+ }
+
+ /**
+ * Cleans and returns first of potential many values (multi-valued attributes)
+ */
+ function get_first_string($string) {
+ $list = split( ';', $string);
+ $clean_string = rtrim($list[0]);
+
+ return $clean_string;
+ }
+}
+
+?>
<?php
- // Set default values
- $pluginconfig = get_config('auth/shibboleth');
- if (!isset($config->auth_instructions) or empty($pluginconfig->shib_user_attribute)) {
+ global $CFG;
+
+ // Set to defaults if undefined
+ if (!isset($config->auth_instructions) or empty($config->user_attribute)) {
$config->auth_instructions = get_string('auth_shib_instructions', 'auth', $CFG->wwwroot.'/auth/shibboleth/index.php');
}
-
- if (!isset ($pluginconfig->user_attribute)) {
- $pluginconfig->user_attribute = '';
+ if (!isset ($config->user_attribute)) {
+ $config->user_attribute = '';
+ }
+ if (!isset ($config->convert_data)) {
+ $config->convert_data = '';
}
- if (!isset ($pluginconfig->convert_data)) {
- $pluginconfig->convert_data = '';
+ if (!isset($config->changepasswordurl)) {
+ $config->changepasswordurl = '';
}
+
?>
-<tr>
- <td colspan="3" align="left">
- <p>
- <?php print_string("auth_shib_username_description", "auth") ?>
- </p>
- </td>
-</tr>
+<table cellspacing="0" cellpadding="5" border="0" align="center">
+
<tr valign="top" class="required">
- <td align="right"><?php print_string("username") ?>:</td>
+ <td align="right"><?php print_string("username") ?>:</td>
<td>
- <input name="pluginconfig_shib_user_attribute" type="text" size="30" value="<?php echo $pluginconfig->shib_user_attribute ?>">
- </td>
- <td></td>
+ <input name="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute ?>">
</td>
+ <td><?php print_string("auth_shib_username_description", "auth") ?></td>
</tr>
-<?php print_auth_lock_options($auth, $user_fields, '<!-- empty help -->', true, false); ?>
-
<tr valign="top">
- <td align="right"><?php print_string("instructions", "auth") ?>:</td>
+ <td align="right"><?php print_string("instructions", "auth") ?>:</td>
<td>
- <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
+ <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
</td>
<td>
- <?php print_string("auth_shib_instructions_help","auth", htmlspecialchars($CFG->wwwroot.'/auth/shibboleth/index.php')) ?>
- <?php helpbutton("text", get_string("helptext")) ?>
+ <?php
+
+ print_string("auth_shib_instructions_help", "auth", htmlspecialchars($CFG->wwwroot.'/auth/shibboleth/index.php'));
+ helpbutton("text", get_string("helptext"));
+
+ ?>
</td>
</tr>
+
<tr valign="top">
- <td align="right"><?php print_string("auth_shib_convert_data", "auth") ?>:</td>
+ <td align="right"><?php print_string("auth_shib_convert_data", "auth") ?>:</td>
<td>
- <input name="pluginconfig_convert_data" type="text" size="30" value="<?php echo $pluginconfig->convert_data?>">
- <?php
- if ($pluginconfig->convert_data && $pluginconfig->convert_data != '' && !is_readable($pluginconfig->convert_data)){
+ <input name="convert_data" type="text" size="30" value="<?php echo $config->convert_data?>">
+ <?php
+
+ if ($config->convert_data and $config->convert_data != '' and !is_readable($config->convert_data)) {
echo '<br><font color="red">';
print_string("auth_shib_convert_data_warning", "auth");
echo '</font>';
- }
- ?>
+ }
+
+ ?>
</td>
- <td><?php print_string("auth_shib_convert_data_description", "auth") ?></td>
+ <td><?php print_string("auth_shib_convert_data_description", "auth") ?></td>
+</tr>
+
+<tr valign="top">
+ <td align="right"> changepasswordurl: </td>
+ <td>
+ <input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
+ <?php
+
+ if (isset($err['changepasswordurl'])) {
+ formerr($err['changepasswordurl']);
+ }
+
+ ?>
</td>
+ <td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
+
+<?php
+
+global $user_fields;
+print_auth_lock_options('shibboleth', $user_fields, '<!-- empty help -->', true, false);
+
+?>
+</table>
require('lib.php');
if (isloggedin() && $USER->username != 'guest') { // Nothing to do
- if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)){
+ if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
unset($SESSION->wantsurl);
$pluginconfig = get_config('auth/shibboleth');
// Check whether Shibboleth is configured properly
- if (empty($pluginconfig->shib_user_attribute)) {
+ if (empty($pluginconfig->user_attribute)) {
error(get_string( 'shib_not_set_up_error', 'auth'));
}
/// If we can find the Shibboleth attribute, save it in session and return to main login page
- if (!empty($_SERVER[$pluginconfig->shib_user_attribute])) { // Shibboleth auto-login
- $frm->username = $_SERVER[$pluginconfig->shib_user_attribute];
- $frm->password = substr(base64_encode($_SERVER[$pluginconfig->shib_user_attribute]),0,8);
+ if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login
+ $frm->username = $_SERVER[$pluginconfig->user_attribute];
+ $frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);
// The random password consists of the first 8 letters of the base 64 encoded user ID
// This password is never used unless the user account is converted to manual
// If we can find any (user independent) Shibboleth attributes but no user
// attributes we probably didn't receive any user attributes
- elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID'])){
- error(get_string( 'shib_no_attributes_error', 'auth' , '\''.$pluginconfig->shib_user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\''));
+ elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID'])) {
+ error(get_string( 'shib_no_attributes_error', 'auth' , '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\''));
} else {
error(get_string( 'shib_not_set_up_error', 'auth'));
}
+++ /dev/null
-<?PHP // $Id$
-//CHANGELOG:
-//10.2004 SHIBBOLETH Authentication functions v.0.1
-//05.2005 Various extensions and fixes by Lukas Haemmerle
-//10.2005 Added better error messags
-//05.2006 Added better handling of mutli-valued attributes
-//
-//Distributed under GPL (c)Markus Hagman 2004-2006
-
-function auth_user_login($username, $password) {
- global $CFG;
-
- $pluginconfig = get_config('auth/shibboleth');
-
- // If we are in the shibboleth directory then we trust the server var
- if (!empty($_SERVER[$pluginconfig->shib_user_attribute])) {
- return ($_SERVER[$pluginconfig->shib_user_attribute] == $username);
- } else {
- // If we are not, the user has used the manual login and the login name is
- // unknown, so we return false.
- return false;
- }
-}
-
-function auth_get_userinfo($username) {
-// reads user information from shibboleth attributes and return it in array()
- global $CFG;
-
- $pluginconfig = get_config('auth/shibboleth');
-
- // Check whether we have got all the essential attributes
- if (
- empty($_SERVER[$pluginconfig->shib_user_attribute])
- || empty($_SERVER[$pluginconfig->field_map_firstname])
- || empty($_SERVER[$pluginconfig->field_map_lastname])
- || empty($_SERVER[$pluginconfig->field_map_email])
- ) {
- error(get_string( 'shib_not_all_attributes_error', 'auth' , "'".$pluginconfig->shib_user_attribute."' ('".$_SERVER[$pluginconfig->shib_user_attribute]."'), '".$pluginconfig->field_map_firstname."' ('".$_SERVER[$pluginconfig->field_map_firstname]."'), '".$pluginconfig->field_map_lastname."' ('".$_SERVER[$pluginconfig->field_map_lastname]."') and '".$pluginconfig->field_map_email."' ('".$_SERVER[$pluginconfig->field_map_email]."')"));
- }
-
- $attrmap = auth_shib_attributes();
-
- $result = array();
- $search_attribs = array();
-
- foreach ($attrmap as $key=>$value) {
- $result[$key]= get_first_string($_SERVER[$value]);
- }
-
- // Provide an API to modify the information to fit the Moodle internal
- // data representation
- if (
- $pluginconfig->convert_data
- && $pluginconfig->convert_data != ''
- && is_readable($pluginconfig->convert_data)
- ){
-
- // Include a custom file outside the Moodle dir to
- // modify the variable $moodleattributes
- include($pluginconfig->convert_data);
- }
-
- return $result;
-}
-
-function auth_shib_attributes(){
-//returns array containg attribute mappings between Moodle and shibboleth
- global $CFG;
-
- $pluginconfig = get_config('auth/shibboleth');
- $pluginconfig = (array) $pluginconfig;
-
- $fields = array("firstname", "lastname", "email", "phone1", "phone2",
- "department", "address", "city", "country", "description",
- "idnumber", "lang", "guid");
-
- $moodleattributes = array();
- foreach ($fields as $field) {
- if ($pluginconfig["field_map_$field"]) {
- $moodleattributes[$field] = $pluginconfig["field_map_$field"];
- }
- }
- $moodleattributes['username']=$pluginconfig["shib_user_attribute"];
-
- return $moodleattributes;
-}
-
-function get_first_string($string){
-// Cleans and returns first of potential many values (multi-valued attributes)
-
- $list = split( ';', $string);
- $clean_string = rtrim($list[0]);
-
- return $clean_string;
-
-}
-?>
-<?PHP // $Id$
- // auth.php - created with Moodle 1.7 beta + (2006101003)
+<?php // $Id$
+ // auth.php - created with Moodle 1.5 UNSTABLE DEVELOPMENT (2005010100)
$string['alternatelogin'] = 'If you enter a URL here, it will be used as the login page for this site. The page should contain a form which has the action property set to <strong>\'$a\'</strong> and return fields <strong>username</strong> and <strong>password</strong>.<br />Be careful not to enter an incorrect URL as you may lock yourself out of this site.<br />Leave this setting blank to use the default login page.';
$string['alternateloginurl'] = 'Alternate Login URL';
-$string['auth_cas_baseuri'] = 'URI of the server (nothing if no baseUri)<br />For example, if the CAS server responds to host.domaine.fr/CAS/ then<br />cas_baseuri = CAS/';
-$string['auth_cas_create_user'] = 'Turn this on if you want to insert CAS-authenticated users in Moodle database. If not then only users who already exist in the Moodle database can log in.';
-$string['auth_cas_enabled'] = 'Turn this on if you want to use CAS authentication.';
-$string['auth_cas_hostname'] = 'Hostname of the CAS server <br />eg: host.domain.fr';
-$string['auth_cas_invalidcaslogin'] = 'Sorry, your login has failed - you could not be authorised';
-$string['auth_cas_language'] = 'Selected language';
+
+// CAS plugin
$string['auth_cas_logincas'] = 'Secure connection access';
-$string['auth_cas_port'] = 'Port of the CAS server';
+$string['auth_cas_invalidcaslogin'] = 'Sorry, your login has failed - you could not be authorised';
$string['auth_cas_server_settings'] = 'CAS server configuration';
-$string['auth_cas_text'] = 'Secure connection';
+$string['auth_castitle'] = 'Use a CAS server (SSO)';
+$string['auth_cas_hostname'] = 'Hostname of the CAS server <br />eg: host.domain.fr';
+$string['auth_cas_baseuri'] = 'URI of the server (nothing if no baseUri)<br />For example, if the CAS server responds to host.domaine.fr/CAS/ then<br />cas_baseuri = CAS/';
+$string['auth_cas_port'] = 'Port of the CAS server';
$string['auth_cas_version'] = 'Version of CAS';
+$string['auth_cas_language'] = 'Selected language';
$string['auth_casdescription'] = 'This method uses a CAS server (Central Authentication Service) to authenticate users in a Single Sign On environment (SSO). You can also use a simple LDAP authentication. If the given username and password are valid according to CAS, Moodle creates a new user entry in its database, taking user attributes from LDAP if required. On following logins only the username and password are checked.';
-$string['auth_castitle'] = 'Use a CAS server (SSO)';
-$string['auth_changepasswordhelp'] = 'Change password help';
-$string['auth_changepasswordhelp_expl'] = 'Display lost password help to users who have lost their $a password. This will be displayed either as well as or instead of the <strong>Change Password URL</strong> or Internal Moodle password change.';
+$string['auth_cas_enabled'] = 'Turn this on if you want to use CAS authentication.';
+$string['auth_cas_text'] = 'Secure connection';
+$string['auth_cas_create_user'] = 'Turn this on if you want to insert CAS-authenticated users in Moodle database. If not then only users who already exist in the Moodle database can log in.';
+
$string['auth_changepasswordurl'] = 'Change password URL';
$string['auth_changepasswordurl_expl'] = 'Specify the url to send users who have lost their $a password. Set <strong>Use standard Change Password page</strong> to <strong>No</strong>.';
+$string['auth_changepasswordhelp'] = 'Change password help';
+$string['auth_changepasswordhelp_expl'] = 'Display lost password help to users who have lost their $a password. This will be displayed either as well as or instead of the <strong>Change Password URL</strong> or Internal Moodle password change.';
$string['auth_common_settings'] = 'Common settings';
$string['auth_data_mapping'] = 'Data mapping';
+
+// Database plugin
$string['auth_dbdescription'] = 'This method uses an external database table to check whether a given username and password is valid. If the account is a new one, then information from other fields may also be copied across into Moodle.';
$string['auth_dbextrafields'] = 'These fields are optional. You can choose to pre-fill some Moodle user fields with information from the <b>external database fields</b> that you specify here. <p>If you leave these blank, then defaults will be used.</p><p>In either case, the user will be able to edit all of these fields after they log in.</p>';
$string['auth_dbfieldpass'] = 'Name of the field containing passwords';
$string['auth_dbtitle'] = 'Use an external database';
$string['auth_dbtype'] = 'The database type (See the <a href=\"../lib/adodb/readme.htm#drivers\">ADOdb documentation</a> for details)';
$string['auth_dbuser'] = 'Username with read access to the database';
+
+// Email plugin
$string['auth_emaildescription'] = 'Email confirmation is the default authentication method. When the user signs up, choosing their own new username and password, a confirmation email is sent to the user\'s email address. This email contains a secure link to a page where the user can confirm their account. Future logins just check the username and password against the stored values in the Moodle database.';
-$string['auth_emailtitle'] = 'Email-based authentication';
+$string['auth_emailtitle'] = 'Email-based self-registration';
+
+// FirstClass plugin
$string['auth_fccreators'] = 'List of groups whose members are allowed to create new courses. Separate multiple groups with \';\'. Names must be spelled exactly as on FirstClass server. System is case-sensitive.';
$string['auth_fcdescription'] = 'This method uses a FisrtClass server to check whether a given username and password is valid.';
$string['auth_fcfppport'] = 'Server port (3333 is the most common)';
$string['auth_fcpasswd'] = 'Password for the account above.';
$string['auth_fctitle'] = 'Use a FirstClass server';
$string['auth_fcuserid'] = 'Userid for FirstClass account with privilege \'Subadministrator\' set.';
+
+// Fieldlocks
$string['auth_fieldlock'] = 'Lock value';
$string['auth_fieldlock_expl'] = '<p><b>Lock value:</b> If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system. </p>';
$string['auth_fieldlocks'] = 'Lock user fields';
$string['auth_imapport'] = 'IMAP server port number. Usually this is 143 or 993.';
$string['auth_imaptitle'] = 'Use an IMAP server';
$string['auth_imaptype'] = 'The IMAP server type. IMAP servers can have different types of authentication and negotiation.';
+
+// LDAP plugin
$string['auth_ldap_bind_dn'] = 'If you want to use bind-user to search users, specify it here. Something like \'cn=ldapuser,ou=public,o=org\'';
$string['auth_ldap_bind_pw'] = 'Password for bind-user.';
$string['auth_ldap_bind_settings'] = 'Bind settings';
$string['auth_ldap_contexts'] = 'List of contexts where users are located. Separate different contexts with \';\'. For example: \'ou=users,o=org; ou=others,o=org\'';
-$string['auth_ldap_create_context'] = 'If you enable user creation with email confirmation, specify the context where users are created. This context should be different from other users to prevent security issues. You don\'t need to add this context to ldap_context-variable, Moodle will search for users from this context automatically.<br /><b>Note!</b> You have to modify function auth_user_create() in file auth/ldap/lib.php to make user creation work';
+$string['auth_ldap_create_context'] = 'If you enable user creation with email confirmation, specify the context where users are created. This context should be different from other users to prevent security issues. You don\'t need to add this context to ldap_context-variable, Moodle will search for users from this context automatically.<br /><b>Note!</b> You have to modify the method user_create() in file auth/ldap/auth.php to make user creation work';
$string['auth_ldap_creators'] = 'List of groups whose members are allowed to create new courses. Separate multiple groups with \';\'. Usually something like \'cn=teachers,ou=staff,o=myorg\'';
$string['auth_ldap_expiration_desc'] = 'Select No to disable expired password checking or LDAP to read passwordexpiration time directly from LDAP';
$string['auth_ldap_expiration_warning_desc'] = 'Number of days before password expiration warning is issued.';
password are checked.';
$string['auth_ldapextrafields'] = 'These fields are optional. You can choose to pre-fill some Moodle user fields with information from the <b>LDAP fields</b> that you specify here. <p>If you leave these fields blank, then nothing will be transferred from LDAP and Moodle defaults will be used instead.</p><p>In either case, the user will be able to edit all of these fields after they log in.</p>';
$string['auth_ldaptitle'] = 'Use an LDAP server';
+
+// Manual plugin
$string['auth_manualdescription'] = 'This method removes any way for users to create their own accounts. All accounts must be manually created by the admin user.';
$string['auth_manualtitle'] = 'Manual accounts only';
+
+// MNET plugin
+$string['auth_mnettitle'] = 'Moodle Network authentication';
+$string['auth_mnetdescription'] = 'Users are authenticated according to the web of trust defined in your Moodle Network settings.';
+$string['auth_mnet_rpc_negotiation_timeout'] = 'The timeout in seconds for authentication over the XMLRPC transport.';
+$string['auth_mnet_auto_add_remote_users'] = 'When set to Yes, a local user record is auto-created when a remote user logs in for the first time.';
+
$string['auth_multiplehosts'] = 'Multiple hosts OR addresses can be specified (eg host1.com;host2.com;host3.com) or (eg xxx.xxx.xxx.xxx;xxx.xxx.xxx.xxx)';
+
+// NNTP plugin
$string['auth_nntpdescription'] = 'This method uses an NNTP server to check whether a given username and password is valid.';
$string['auth_nntphost'] = 'The NNTP server address. Use the IP number, not DNS name.';
$string['auth_nntpport'] = 'Server port (119 is the most common)';
$string['auth_nntptitle'] = 'Use an NNTP server';
+
+// None plugin
$string['auth_nonedescription'] = 'Users can sign in and create valid accounts immediately, with no authentication against an external server and no confirmation via email. Be careful using this option - think of the security and administration problems this could cause.';
$string['auth_nonetitle'] = 'No authentication';
+
+// PAM plugin
$string['auth_pamdescription'] = 'This method uses PAM to access the native usernames on this server. You have to install <a href=\"http://www.math.ohio-state.edu/~ccunning/pam_auth/\" target=\"_blank\">PHP4 PAM Authentication</a> in order to use this module.';
$string['auth_pamtitle'] = 'PAM (Pluggable Authentication Modules)';
+
$string['auth_passwordisexpired'] = 'Your password is expired. Do you want change your password now?';
$string['auth_passwordwillexpire'] = 'Your password will expire in $a days. Do you want change your password now?';
+
+// POP3 plugin
$string['auth_pop3description'] = 'This method uses a POP3 server to check whether a given username and password is valid.';
$string['auth_pop3host'] = 'The POP3 server address. Use the IP number, not DNS name.';
$string['auth_pop3mailbox'] = 'Name of the mailbox to attempt a connection with. (usually INBOX)';
$string['auth_pop3port'] = 'Server port (110 is the most common, 995 is common for SSL)';
$string['auth_pop3title'] = 'Use a POP3 server';
$string['auth_pop3type'] = 'Server type. If your server uses certificate security, choose pop3cert.';
+
+// RADIUS plugin
+$string['auth_radiustitle'] = 'Use a RADIUS server';
$string['auth_radiusdescription'] = 'This method uses a <a href=\"http://en.wikipedia.org/wiki/RADIUS\" target=\"_blank\">RADIUS</a> server to check whether a given username and password is valid.';
$string['auth_radiushost'] = 'Address of the RADIUS server';
$string['auth_radiusnasport'] = 'Port to use to connect';
$string['auth_radiussecret'] = 'Shared secret';
-$string['auth_radiustitle'] = 'Use a RADIUS server';
-$string['auth_shib_convert_data'] = 'Data modification API';
-$string['auth_shib_convert_data_description'] = 'You can use this API to further modify the data provided by Shibboleth. Read the <a href=\"../auth/shibboleth/README.txt\" target=\"_blank\">README</a> for further instructions.';
-$string['auth_shib_convert_data_warning'] = 'The file does not exist or is not readable by the webserver process!';
-$string['auth_shib_instructions'] = 'Use the <a href=\"$a\">Shibboleth login</a> to get access via Shibboleth, if your institution supports it.<br />Otherwise, use the normal login form shown here.';
-$string['auth_shib_instructions_help'] = 'Here you should provide custom instructions for your users to explain Shibboleth. It will be shown on the login page in the instructions section. The instructions must include a link to \"<b>$a</b>\" that users click when they want to log in.';
+
+// Shibboleth plugin
+$string['auth_shibbolethdescription'] = 'Using this method users are created and authenticated using <a href=\"http://shibboleth.internet2.edu/\" target=\"_blank\">Shibboleth</a>.<br>Be sure to read the <a href=\"../auth/shibboleth/README.txt\" target=\"_blank\">README</a> for Shibboleth on how to set up your Moodle with Shibboleth';
+$string['auth_shibbolethtitle'] = 'Shibboleth';
+$string['auth_shibboleth_login'] = 'Shibboleth Login';
+$string['auth_shibboleth_manual_login'] = 'Manual Login';
$string['auth_shib_only'] = 'Shibboleth only';
$string['auth_shib_only_description'] = 'Check this option if a Shibboleth authentication shall be enforced';
$string['auth_shib_username_description'] = 'Name of the webserver Shibboleth environment variable that shall be used as Moodle username';
-$string['auth_shibboleth_login'] = 'Shibboleth Login';
-$string['auth_shibboleth_manual_login'] = 'Manual Login';
-$string['auth_shibbolethdescription'] = 'Using this method users are created and authenticated using <a href=\"http://shibboleth.internet2.edu/\" target=\"_blank\">Shibboleth</a>.<br>Be sure to read the <a href=\"../auth/shibboleth/README.txt\" target=\"_blank\">README</a> for Shibboleth on how to set up your Moodle with Shibboleth';
-$string['auth_shibbolethtitle'] = 'Shibboleth';
+$string['auth_shib_instructions'] = 'Use the <a href=\"$a\">Shibboleth login</a> to get access via Shibboleth, if your institution supports it.<br />Otherwise, use the normal login form shown here.';
+$string['auth_shib_convert_data'] = 'Data modification API';
+$string['auth_shib_convert_data_description'] = 'You can use this API to further modify the data provided by Shibboleth. Read the <a href=\"../auth/shibboleth/README.txt\" target=\"_blank\">README</a> for further instructions.';
+$string['auth_shib_instructions_help'] = 'Here you should provide custom instructions for your users to explain Shibboleth. It will be shown on the login page in the instructions section. The instructions must include a link to \"<b>$a</b>\" that users click when they want to log in.';
+$string['auth_shib_convert_data_warning'] = 'The file does not exist or is not readable by the webserver process!';
+
+$string['shib_not_set_up_error'] = 'Shibboleth authentication doesn\'t seem to be set up correctly because no Shibboleth environment variables are present for this page. Please consult the <a href=\"README.txt\">README</a> for further instructions on how to set up Shibboleth authentication or contact the webmaster of this Moodle installation.';
+$string['shib_no_attributes_error'] = 'You seem to be Shibboleth authenticated but Moodle didn\'t receive any user attributes. Please check that your Identity Provider releases the necessary attributes ($a) to the Service Provider Moodle is running on or inform the webmaster of this server.';
+$string['shib_not_all_attributes_error'] = 'Moodle needs certain Shibboleth attributes which are not present in your case. The attributes are: $a<br />Please contact the webmaster of this server or your Identity Provider.';
+
$string['auth_updatelocal'] = 'Update local';
$string['auth_updatelocal_expl'] = '<p><b>Update local:</b> If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.</p>';
$string['auth_updateremote'] = 'Update external';
$string['changepasswordhelp'] = 'Here you can specify a location at which your users can recover or change their username/password if they\'ve forgotten it. This will be provided to users as a button on the login page and their user page. if you leave this blank the button will not be printed.';
$string['chooseauthmethod'] = 'Choose an authentication method';
$string['createpasswordifneeded'] = 'Create password if needed';
+$string['infilefield'] = 'Field required in file';
$string['forcechangepassword'] = 'Force change password';
$string['forcechangepassword_help'] = 'Force users to change password on their next login to Moodle.';
$string['forcechangepasswordfirst_help'] = 'Force users to change password on their first login to Moodle.';
$string['guestloginbutton'] = 'Guest login button';
-$string['infilefield'] = 'Field required in file';
$string['instructions'] = 'Instructions';
$string['internal'] = 'Internal';
-$string['locked'] = 'Locked';
$string['md5'] = 'MD5 encryption';
$string['passwordhandling'] = 'Password field handling';
$string['plaintext'] = 'Plain text';
-$string['shib_no_attributes_error'] = 'You seem to be Shibboleth authenticated but Moodle didn\'t receive any user attributes. Please check that your Identity Provider releases the necessary attributes ($a) to the Service Provider Moodle is running on or inform the webmaster of this server.';
-$string['shib_not_all_attributes_error'] = 'Moodle needs certain Shibboleth attributes which are not present in your case. The attributes are: $a<br />Please contact the webmaster of this server or your Identity Provider.';
-$string['shib_not_set_up_error'] = 'Shibboleth authentication doesn\'t seem to be set up correctly because no Shibboleth environment variables are present for this page. Please consult the <a href=\"README.txt\">README</a> for further instructions on how to set up Shibboleth authentication or contact the webmaster of this Moodle installation.';
+$string['selfregistration'] = 'Self registration';
+$string['selfregistration_help'] = 'Choose which auth plugin will handle user self-registration.';
$string['showguestlogin'] = 'You can hide or show the guest login button on the login page.';
$string['stdchangepassword'] = 'Use standard Change Password Page';
$string['stdchangepassword_expl'] = 'If the external authentication system allows password changes through Moodle, switch this to Yes. This setting overrides \'Change Password URL\'.';
$string['stdchangepassword_explldap'] = 'NOTE: It is recommended that you use LDAP over an SSL encrypted tunnel (ldaps://) if the LDAP server is remote.';
+$string['update_oncreate'] = 'On creation';
+$string['update_onlogin'] = 'On every login';
+$string['update_onupdate'] = 'On update';
+$string['update_never'] = 'Never';
$string['unlocked'] = 'Unlocked';
$string['unlockedifempty'] = 'Unlocked if empty';
-$string['update_never'] = 'Never';
-$string['update_oncreate'] = 'On creation';
-$string['update_onlogin'] = 'On every login';
-$string['update_onupdate'] = 'On update';
+$string['locked'] = 'Locked';
?>
projects / moodle.git / commitdiff