From 542797b4e8d159fe480d3e9924b805080e6fc69d Mon Sep 17 00:00:00 2001 From: skodak Date: Fri, 2 Jan 2009 14:53:02 +0000 Subject: [PATCH] MDL-17767 loginas internals refactoring - code moved to sessionlib.php --- course/enrol.php | 2 +- course/loginas.php | 2 +- lib/datalib.php | 4 ++-- lib/moodlelib.php | 6 +++--- lib/sessionlib.php | 30 +++++++++++++++++++++++++--- lib/setup.php | 2 +- lib/simpletest/testcompletionlib.php | 4 ++-- lib/weblib.php | 4 ++-- login/change_password.php | 2 +- user/view.php | 6 +++--- 10 files changed, 43 insertions(+), 19 deletions(-) diff --git a/course/enrol.php b/course/enrol.php index 9f645fe551..7c4651b376 100644 --- a/course/enrol.php +++ b/course/enrol.php @@ -28,7 +28,7 @@ } /// do not use when in course login as - if (!empty($USER->realuser) and $USER->loginascontext->contextlevel == CONTEXT_COURSE) { + if (is_loggedinas() and $USER->loginascontext->contextlevel == CONTEXT_COURSE) { print_error('loginasnoenrol', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid); } diff --git a/course/loginas.php b/course/loginas.php index 3487c7e1ab..30e2a9a655 100644 --- a/course/loginas.php +++ b/course/loginas.php @@ -7,7 +7,7 @@ /// Reset user back to their real self if needed $return = optional_param('return', 0, PARAM_BOOL); // return to the page we came from - if (!empty($USER->realuser)) { + if (is_loggedinas()) { if (!confirm_sesskey()) { print_error('confirmsesskeybad'); } diff --git a/lib/datalib.php b/lib/datalib.php index f5d60abce2..8b6af272bc 100644 --- a/lib/datalib.php +++ b/lib/datalib.php @@ -1897,7 +1897,7 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user if ($user) { $userid = $user; } else { - if (!empty($USER->realuser)) { // Don't log + if (is_loggedinas()) { // Don't log return; } $userid = empty($USER->id) ? '0' : $USER->id; @@ -1972,7 +1972,7 @@ function add_to_log($courseid, $module, $action, $url='', $info='', $cm=0, $user function user_accesstime_log($courseid=0) { global $USER, $CFG, $DB; - if (!isloggedin() or !empty($USER->realuser)) { + if (!isloggedin() or is_loggedinas()) { // no access tracking return; } diff --git a/lib/moodlelib.php b/lib/moodlelib.php index f8dea4c536..8c2f2ec528 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -1920,7 +1920,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu } /// loginas as redirection if needed - if ($COURSE->id != SITEID and !empty($USER->realuser)) { + if ($COURSE->id != SITEID and is_loggedinas()) { if ($USER->loginascontext->contextlevel == CONTEXT_COURSE) { if ($USER->loginascontext->instanceid != $COURSE->id) { print_error('loginasonecourse', '', $CFG->wwwroot.'/course/view.php?id='.$USER->loginascontext->instanceid); @@ -1929,7 +1929,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu } /// check whether the user should be changing password (but only if it is REALLY them) - if (get_user_preferences('auth_forcepasswordchange') && empty($USER->realuser)) { + if (get_user_preferences('auth_forcepasswordchange') && !is_loggedinas()) { $userauth = get_auth_plugin($USER->auth); if ($userauth->can_change_password()) { $SESSION->wantsurl = $FULLME; @@ -2107,7 +2107,7 @@ function require_login($courseorid=0, $autologinguest=true, $cm=null, $setwantsu /// For non-guests, check if they have course view access } else if (has_capability('moodle/course:view', $COURSE->context)) { - if (!empty($USER->realuser)) { // Make sure the REAL person can also access this course + if (is_loggedinas()) { // Make sure the REAL person can also access this course if (!has_capability('moodle/course:view', $COURSE->context, $USER->realuser)) { print_header_simple(); notice(get_string('studentnotallowed', '', fullname($USER, true)), $CFG->wwwroot .'/'); diff --git a/lib/sessionlib.php b/lib/sessionlib.php index 4ab41c82ff..6bb5176239 100644 --- a/lib/sessionlib.php +++ b/lib/sessionlib.php @@ -1,5 +1,9 @@ realuser); +} + +/** + * Login as another user - no security checks here. + * @param int $userid + * @param object $context + * @return void + */ function session_loginas($userid, $context) { global $USER, $SESSION; - if (!empty($USER->realuser)) { + if (is_loggedinas()) { return; } @@ -280,10 +300,14 @@ function session_loginas($userid, $context) { } } +/** + * Terminate login-as session + * @return void + */ function session_unloginas() { global $USER, $SESSION; - if (empty($USER->realuser)) { + if (!is_loggedinas()) { return; } diff --git a/lib/setup.php b/lib/setup.php index db3ca6dd5a..026aa8ebe0 100644 --- a/lib/setup.php +++ b/lib/setup.php @@ -504,7 +504,7 @@ global $HTTPSPAGEREQUIRED; $apachelog_name = clean_filename($USER->firstname . " " . $USER->lastname); } - if (isset($USER->realuser)) { + if (is_loggedinas()) { if ($realuser = $DB->get_record('user', array('id'=>$USER->realuser))) { $apachelog_username = clean_filename($realuser->username." as ".$apachelog_username); $apachelog_name = clean_filename($realuser->firstname." ".$realuser->lastname ." as ".$apachelog_name); diff --git a/lib/simpletest/testcompletionlib.php b/lib/simpletest/testcompletionlib.php index d3e64e4606..2bd52894fc 100644 --- a/lib/simpletest/testcompletionlib.php +++ b/lib/simpletest/testcompletionlib.php @@ -94,7 +94,7 @@ class completionlib_test extends MoodleUnitTestCase { global $DB,$CFG,$SESSION,$USER; $this->realdb=$DB; $this->realcfg=$CFG; - $this->realuser=$USER; + $this->prevuser=$USER; $DB=new mock_database(); $CFG=clone($this->realcfg); $CFG->prefix='test_'; @@ -108,7 +108,7 @@ class completionlib_test extends MoodleUnitTestCase { $DB=$this->realdb; $CFG=$this->realcfg; $SESSION=$this->realsession; - $USER=$this->realuser; + $USER=$this->prevuser; } function test_is_enabled() { diff --git a/lib/weblib.php b/lib/weblib.php index aefb110be1..7d71fb11aa 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -3497,7 +3497,7 @@ function user_login_string($course=NULL, $user=NULL) { $course = $SITE; } - if (!empty($user->realuser)) { + if (is_loggedinas()) { if ($realuser = $DB->get_record('user', array('id'=>$user->realuser))) { $fullname = fullname($realuser, true); $realuserinfo = " [frametarget @@ -4755,7 +4755,7 @@ has_capability('moodle/course:viewhiddenuserfields', $context)) { if (has_capability('moodle/role:assign', $context) and get_user_roles($context, $user->id, false)) { // I can unassing and user has some role $output .= ''. $string->unenrol .'
'; } - if ($USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $context) && + if ($USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $context) && ! has_capability('moodle/site:doanything', $context, $user->id, false)) { $output .= ''. $string->loginas .'
'; } diff --git a/login/change_password.php b/login/change_password.php index 9bfc3c968a..26c4440423 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -30,7 +30,7 @@ } // do not allow "Logged in as" users to change any passwords - if (!empty($USER->realuser)) { + if (is_loggedinas()) { print_error('cannotcallscript'); } diff --git a/user/view.php b/user/view.php index 1809e60ff4..f367acddd3 100644 --- a/user/view.php +++ b/user/view.php @@ -411,7 +411,7 @@ if ($passwordchangeurl) { $params = array('id'=>$course->id); - if (!empty($USER->realuser)) { + if (is_loggedinas()) { $passwordchangeurl = ''; // do not use actual change password url - might contain sensitive data } else { $parts = explode('?', $passwordchangeurl); @@ -429,7 +429,7 @@ foreach($params as $key=>$value) { echo ''; } - if (!empty($USER->realuser)) { + if (is_loggedinas()) { // changing of password when "Logged in as" is not allowed echo ""; } else { @@ -471,7 +471,7 @@ } } - if (!$user->deleted and $USER->id != $user->id && empty($USER->realuser) && has_capability('moodle/user:loginas', $coursecontext) && + if (!$user->deleted and $USER->id != $user->id && !is_loggedinas() && has_capability('moodle/user:loginas', $coursecontext) && ! has_capability('moodle/site:doanything', $coursecontext, $user->id, false)) { echo '
'; echo '
'; -- 2.39.5