From: paca70 Date: Thu, 20 Feb 2003 21:39:51 +0000 (+0000) Subject: Added support for usercreation from Moodle to authentication module. X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=5f2c35db1868c7656845c4b6dffc1ab3bfec8e1c;p=moodle.git Added support for usercreation from Moodle to authentication module. Works currently only with ldap-module (tested with e-directory), but other modules could be extended too by adding following functions: function auth_user_exists ($username) { //returns true if given username already exists on authetication database } function auth_user_create ($userobject,$plainpass) { //create new user to authentication database //in inactive state (if posible) //returns true if user is created } function auth_user_activate ($username) { //activate external user after email-address is confirmed //returns true if user is activated } --- diff --git a/admin/auth.php b/admin/auth.php index a62466993d..8f605d2b3a 100644 --- a/admin/auth.php +++ b/admin/auth.php @@ -2,7 +2,7 @@ // config.php - allows admin to edit all configuration variables include("../config.php"); - + require_once("$CFG->dirroot/auth/$CFG->auth/lib.php"); //just to make sure that authentication functions are loaded require_login(); if (!$site = get_site()) { @@ -80,6 +80,9 @@ $guestoptions[0] = get_string("hide"); $guestoptions[1] = get_string("show"); + $createoptions[0] = get_string("no"); + $createoptions[1] = get_string("yes"); + $stradministration = get_string("administration"); $strauthentication = get_string("authentication"); $strauthenticationoptions = get_string("authenticationoptions","auth"); @@ -134,10 +137,22 @@ echo ""; echo ""; print_string("showguestlogin","auth"); - echo ""; - + echo ""; + + if (function_exists('auth_user_create')){ + echo ""; + echo "

"; + print_string("auth_user_create", "auth"); + echo ":

"; + echo ""; + choose_from_menu($createoptions, "auth_user_create", $config->auth_user_create, ""); + echo ""; + echo ""; + print_string("auth_user_creation","auth"); + echo ""; + } - echo "

"; diff --git a/admin/cron.php b/admin/cron.php index 042de251bd..3057ac09de 100644 --- a/admin/cron.php +++ b/admin/cron.php @@ -21,7 +21,7 @@ $starttime = microtime(); - require_once("../config.php"); + require_once("/usr/local/moodle/config.php"); echo "
\n";
 
diff --git a/auth/ldap/config.html b/auth/ldap/config.html
index 65eb78f78b..22faf427df 100644
--- a/auth/ldap/config.html
+++ b/auth/ldap/config.html
@@ -82,7 +82,15 @@
     
 
 
-
+
+	
ldap_create_context:
+	
+    
+    
+    
+    
+    
+
 
 
 	
:
diff --git a/auth/ldap/lib.php b/auth/ldap/lib.php
index 04015eda69..8f42a5919e 100644
--- a/auth/ldap/lib.php
+++ b/auth/ldap/lib.php
@@ -1,10 +1,11 @@
 $value) {
+    foreach ($attrmap as $key=>$value) {
         array_push($search_attribs, $value);
     }
 
@@ -79,7 +71,7 @@ function auth_get_userinfo($username){
 
     if ($user_info_result) {
         $user_entry = ldap_get_entries($ldap_connection, $user_info_result);
-        foreach ($moodleattributes as $key=>$value){
+        foreach ($attrmap as $key=>$value){
             if(isset($user_entry[0][$value][0])){
                 $result[$key]=$user_entry[0][$value][0];
             }
@@ -93,7 +85,7 @@ function auth_get_userinfo($username){
 
 
 
-function auth_get_userlist() {
+function auth_get_userlist($filter="*") {
 /// returns all users from ldap servers
     global $CFG;
 
@@ -107,18 +99,22 @@ function auth_get_userlist() {
     }
 
     $contexts = explode(";",$CFG->ldap_contexts);
+  
+    if (!empty($CFG->ldap_create_context)){
+	  array_push($contexts, $CFG->ldap_create_context);
+    }
 
     foreach ($contexts as $context) {
 
         if ($CFG->ldap_search_sub) {
             //use ldap_search to find first user from subtree
             $ldap_result = ldap_search($ldap_connection, $context, 
-                                       "(".$CFG->ldap_objectclass.")", 
+                                       "(&(".$CFG->ldap_user_attribute."=".$filter.")(".$CFG->ldap_objectclass."))", 
                                        array($CFG->ldap_user_attribute));
         } else {
             //search only in this context
             $ldap_result = ldap_list($ldap_connection, $context, 
-                                     "(".$CFG->ldap_objectclass.")", 
+                                     "(&(".$CFG->ldap_user_attribute."=".$filter.")(".$CFG->ldap_objectclass."))",
                                      array($CFG->ldap_user_attribute));
         }
 
@@ -133,7 +129,77 @@ function auth_get_userlist() {
     return $fresult;
 }
 
+function auth_user_exists ($username) {
+//returns true if given usernname exist on ldap
+   $users = auth_get_userlist($username);
+   return count($users); 
+}
 
+function auth_user_create ($userobject,$plainpass) {
+//create new user to ldap
+//use auth_user_exists to prevent dublicate usernames
+//return true if user is created, false on error
+	global $CFG;
+    $attrmap = auth_ldap_attributes();
+    $ldapconnect = auth_ldap_connect();
+    $ldapbind = auth_ldap_bind($ldapconnect);
+    
+    $newuser = array();
+     
+    foreach ($attrmap as $key=>$value){
+            if(isset($userobject->$key) ){
+                $newuser[$value]=utf8_encode($userobject->$key);
+            }
+    }
+    
+    //Following sets all mandatory and other forced attribute values
+    //this should be moved to config inteface ASAP
+    $newuser['objectClass']= array("inetOrgPerson","organizationalPerson","person","top");
+    $newuser['uniqueId']= $userobject->username;
+    $newuser['logindisabled']="TRUE";
+    $newuser['userpassword']=$plainpass;
+    unset($newuser[country]);
+        
+    $uadd = ldap_add($ldapconnect, $CFG->ldap_user_attribute."=$userobject->username,".$CFG->ldap_create_context, $newuser);
+
+    ldap_close($ldapconnect);
+    return $uadd;
+    
+}
+
+function auth_user_activate ($username) {
+//activate new ldap-user after email-address is confirmed
+	global $CFG;
+
+    $ldapconnect = auth_ldap_connect();
+    $ldapbind = auth_ldap_bind($ldapconnect);
+
+    $userdn = auth_ldap_find_userdn($ldapconnect, $username);
+    
+    $newinfo['loginDisabled']="FALSE";
+
+    $result = ldap_modify($ldapconnect, $userdn, $newinfo);
+    ldap_close($ldapconnect);
+    return $result;
+}
+
+function auth_user_disable ($username) {
+//activate new ldap-user after email-address is confirmed
+	global $CFG;
+
+    $ldapconnect = auth_ldap_connect();
+    $ldapbind = auth_ldap_bind($ldapconnect);
+
+    $userdn = auth_ldap_find_userdn($ldapconnect, $username);
+    $newinfo['loginDisabled']="TRUE";
+
+    $result = ldap_modify($ldapconnect, $userdn, $newinfo);
+    ldap_close($ldapconnect);
+    return $result;
+}
+
+//PRIVATE FUNCTIONS starts
+//private functions are named as auth_ldap*
 
 function auth_ldap_connect(){
 /// connects to ldap-server
@@ -192,6 +258,10 @@ function auth_ldap_find_userdn ($ldap_connection, $username){
 
     //get all contexts and look for first matching user
     $ldap_contexts = explode(";",$CFG->ldap_contexts);
+    
+    if (!empty($CFG->ldap_create_context)){
+	  array_push($ldap_contexts, $CFG->ldap_create_context);
+    }
   
     foreach ($ldap_contexts as $context) {
 
@@ -217,4 +287,21 @@ function auth_ldap_find_userdn ($ldap_connection, $username){
     return $ldap_user_dn;
 }
 
+function auth_ldap_attributes (){
+//returns array containg attribute mappings between Moodle and ldap
+	global $CFG;
+
+    $config = (array)$CFG;
+    $fields = array("firstname", "lastname", "email", "phone1", "phone2", 
+                    "department", "address", "city", "country", "description", 
+                    "idnumber", "lang");
+
+    $moodleattributes = array();
+    foreach ($fields as $field) {
+        if ($config["auth_user_$field"]) {
+            $moodleattributes[$field] = $config["auth_user_$field"];
+        }
+    }
+	return $moodleattributes;
+}
 ?>
diff --git a/lang/en/auth.php b/lang/en/auth.php
index 804379631a..1e8c107141 100644
--- a/lang/en/auth.php
+++ b/lang/en/auth.php
@@ -23,6 +23,7 @@ $string['auth_imaptitle'] = "Use an IMAP server";
 $string['auth_imaptype'] = "The IMAP server type.  IMAP servers can have different types of authentication and negotiation.";
 $string['instructions'] = "Instructions";
 $string['auth_ldap_bind_dn'] = "If you want to use bind-user to search users, specify it here. Someting like 'cn=ldapuser,ou=public,o=org'";
+$string['auth_ldap_create_context'] = "If you enable user creation with email confirmation, specify context where users are created. This context should be different from other users to prevent security issues. You don't need to add this context to ldap_context-variable, Moodle will search for users from this context automaticly.";
 $string['auth_ldap_bind_pw'] = "Password for bind-user.";
 $string['auth_ldap_contexts'] = "List of contexts where users are located. Separate different contexts with ';'. For example: 'ou=users,o=org; ou=others,o=org'";
 $string['auth_ldap_host_url'] = "Specify LDAP host in URL-form like 'ldap://ldap.myorg.com/' or 'ldaps://ldap.myorg.com/' ";
@@ -47,6 +48,9 @@ $string['auth_pop3host'] = "The POP3 server address. Use the IP number, not DNS
 $string['auth_pop3port'] = "Server port (110 is the most common)";
 $string['auth_pop3title'] = "Use a POP3 server";
 $string['auth_pop3type'] = "Server type. If your server uses certificate security, choose pop3cert.";
+$string['auth_user_create'] = "Enable user creation";
+$string['auth_user_creation'] = "New (anonymous) users create user account for her/hiself. Account will be created to selected authentication module  and  confirmed via email. If you enable this , remember to configure also module specific options for user creation.";
+$string['auth_usernameexists'] = "Selected username already exists. Please choose new one.";
 $string['authenticationoptions'] = "Authentication options";
 $string['authinstructions'] = "Here you can provide instructions for your users, so they know which username and password they should be using.  The text you enter here will appear on the login page.  If you leave this blank then no instructions will be printed.";
 $string['changepassword'] = "Change password URL";
diff --git a/lang/fi/moodle.php b/lang/fi/moodle.php
index faec39c6b3..5dd834377e 100644
--- a/lang/fi/moodle.php
+++ b/lang/fi/moodle.php
@@ -53,7 +53,7 @@ $string['chooseuser'] = "Valitse k
 $string['city'] = "Kaupunki/Paikkakunta";
 $string['closewindow'] = "Sulje tämä ikkuna";
 $string['comparelanguage'] = "Vertaa ja muokkaa käännöstä";
-$string['complete'] = "Suorita loppuun";
+$string['complete'] = "Täysi";
 $string['configcountry'] = "Jos asetat maan tässä niin valinnasta tulee oletus kaikille käyttäjille. Pakottaaksesi käyttäjät valitsemaan maansa itse , jätä tämä kohta tyhjäksi.";
 $string['configdebug'] = "Jos valitset virheenkorjaus tilan päälle PHP:n error_reporting arvo nousee ja enemmän virheilmoituksia tulostuu näytölle. Tästä asetuksesta on hyötyä vain  Moodlen kehittäjille.";
 $string['configerrorlevel'] = "PHP virheilmoitusten määrä. Normal on yleensä hyvä valinta.";
diff --git a/login/confirm.php b/login/confirm.php
index 73799e077f..62f377c1ad 100644
--- a/login/confirm.php
+++ b/login/confirm.php
@@ -1,6 +1,7 @@
 auth/lib.php");
 
     if ( isset($p) and isset($s) ) {     #  p = user.secret   s = user.username
 
@@ -25,9 +26,14 @@
                 if (!set_field("user", "firstaccess", time(), "id", $user->id)) {
                     error("Could not set this user's first access date!");
                 }
+                if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_activate') ) {
+				    if (!auth_user_activate($user->username)) {
+					  error("Could not activate this user!");
+					}
+                }
 
                 // The user has confirmed successfully, let's log them in
-
+                
                 if (!$USER = get_user_info_from_db("username", $user->username)) {
                     error("Something serious is wrong with the database");
                 }
diff --git a/login/index.php b/login/index.php
index 4ca7a37825..3fd4e2d5e7 100644
--- a/login/index.php
+++ b/login/index.php
@@ -99,7 +99,7 @@
         $focus = "form.username";
     }
 
-    if ($CFG->auth == "email" or $CFG->auth == "none" or $CFG->auth_instructions) {
+    if ($CFG->auth == "email" or $CFG->auth == "none" or chop($CFG->auth_instructions) <> "" ) {
         $show_instructions = true;
     } else {
         $show_instructions = false;
diff --git a/login/index_form.html b/login/index_form.html
index 511e32d19c..1b1a746392 100644
--- a/login/index_form.html
+++ b/login/index_form.html
@@ -93,6 +93,14 @@
                  echo "
";
                  echo format_text($CFG->auth_instructions);
                  echo "
";
+                 require_once("../auth/$CFG->auth/lib.php");
+                 if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_create') ){?>
+				    

+                    ">
+                    

+
+ diff --git a/login/signup.php b/login/signup.php index 2f9b12419c..f5f9b3285f 100644 --- a/login/signup.php +++ b/login/signup.php @@ -1,24 +1,36 @@ auth/lib.php"); if ($user = data_submitted()) { validate_form($user, $err); if (count((array)$err) == 0) { - + $plainpass = $user->password; $user->password = md5($user->password); $user->confirmed = 0; $user->lang = current_language(); $user->firstaccess = time(); $user->secret = random_string(15); + if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_create') ){ + if (! auth_user_exists($user->username)) { + if (! auth_user_create($user,$plainpass)) { + error("Could not add user to authentication module!"); + } + } else { + error("User already exists on authentication database."); + } + } if (! ($user->id = insert_record("user", $user)) ) { error("Could not add your record to the database!"); } + + if (! send_confirmation_email($user)) { error("Tried to send you an email but failed!"); } @@ -62,7 +74,7 @@ *****************************************************************************/ function validate_form($user, &$err) { - + global $CFG; if (empty($user->username)) $err->username = get_string("missingusername"); @@ -75,6 +87,12 @@ function validate_form($user, &$err) { $err->username = get_string("alphanumerical"); } + if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_exists') ){ + if (auth_user_exists($user->username)) { + $err->username = get_string("usernameexists"); + } + } + if (empty($user->password)) $err->password = get_string("missingpassword");