From 8570cff01f8311ee895c7e8a4273cbd6d63b45d9 Mon Sep 17 00:00:00 2001 From: samhemelryk Date: Tue, 29 Sep 2009 03:55:09 +0000 Subject: [PATCH] login MDL-19800 Upgrade deprecated calls and added set_url calls --- login/change_password.php | 215 +++++++++-------- login/confirm.php | 132 +++++------ login/forgot_password.php | 3 +- login/index.php | 481 ++++++++++++++++++++------------------ login/logout.php | 87 ++++--- login/mnet_email.php | 6 +- login/signup.php | 163 +++++++------ 7 files changed, 591 insertions(+), 496 deletions(-) diff --git a/login/change_password.php b/login/change_password.php index 442f916f56..620253db53 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -1,116 +1,145 @@ -get_record('course', array('id'=>$id))) { - print_error('invalidcourseid'); - } - - // require proper login; guest user can not change password - if (empty($USER->id) or isguestuser()) { - if (empty($SESSION->wantsurl)) { - $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php'; - } - redirect(get_login_url()); +. + +/** + * This file is part of the login section Moodle + * + * @copyright 1999 Martin Dougiamas http://dougiamas.com + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @package login + */ + +require_once('../config.php'); +require_once('change_password_form.php'); + +$id = optional_param('id', SITEID, PARAM_INT); // current course + +$url = new moodle_url($CFG->wwwroot.'/login/change_password.php'); +if ($id !== SITEID) { + $url->param('id', $id); +} +$PAGE->set_url($url); + +$strparticipants = get_string('participants'); + +//HTTPS is potentially required in this page +httpsrequired(); + +$systemcontext = get_context_instance(CONTEXT_SYSTEM); + +if (!$course = $DB->get_record('course', array('id'=>$id))) { + print_error('invalidcourseid'); +} + +// require proper login; guest user can not change password +if (empty($USER->id) or isguestuser()) { + if (empty($SESSION->wantsurl)) { + $SESSION->wantsurl = $CFG->httpswwwroot.'/login/change_password.php'; } - - // do not require change own password cap if change forced - if (!get_user_preferences('auth_forcepasswordchange', false)) { - require_login(); - require_capability('moodle/user:changeownpassword', $systemcontext); + redirect(get_login_url()); +} + +// do not require change own password cap if change forced +if (!get_user_preferences('auth_forcepasswordchange', false)) { + require_login(); + require_capability('moodle/user:changeownpassword', $systemcontext); +} + +// do not allow "Logged in as" users to change any passwords +if (session_is_loggedinas()) { + print_error('cannotcallscript'); +} + +if (is_mnet_remote_user($USER)) { + $message = get_string('usercannotchangepassword', 'mnet'); + if ($idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) { + $message .= get_string('userchangepasswordlink', 'mnet', $idprovider); } + print_error('userchangepasswordlink', 'mnet', '', $message); +} - // do not allow "Logged in as" users to change any passwords - if (session_is_loggedinas()) { - print_error('cannotcallscript'); - } +// load the appropriate auth plugin +$userauth = get_auth_plugin($USER->auth); - if (is_mnet_remote_user($USER)) { - $message = get_string('usercannotchangepassword', 'mnet'); - if ($idprovider = $DB->get_record('mnet_host', array('id'=>$USER->mnethostid))) { - $message .= get_string('userchangepasswordlink', 'mnet', $idprovider); - } - print_error('userchangepasswordlink', 'mnet', '', $message); - } +if (!$userauth->can_change_password()) { + print_error('nopasswordchange', 'auth'); +} - // load the appropriate auth plugin - $userauth = get_auth_plugin($USER->auth); +if ($changeurl = $userauth->change_password_url()) { + // this internal scrip not used + redirect($changeurl); +} - if (!$userauth->can_change_password()) { - print_error('nopasswordchange', 'auth'); - } - - if ($changeurl = $userauth->change_password_url()) { - // this internal scrip not used - redirect($changeurl); - } +$mform = new login_change_password_form(); +$mform->set_data(array('id'=>$course->id)); - $mform = new login_change_password_form(); - $mform->set_data(array('id'=>$course->id)); +$navlinks = array(); +$navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); - $navlinks = array(); - $navlinks[] = array('name' => $strparticipants, 'link' => "$CFG->wwwroot/user/index.php?id=$course->id", 'type' => 'misc'); +if ($mform->is_cancelled()) { + redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&course='.$course->id); +} else if ($data = $mform->get_data()) { - if ($mform->is_cancelled()) { - redirect($CFG->wwwroot.'/user/view.php?id='.$USER->id.'&course='.$course->id); - } else if ($data = $mform->get_data()) { - - if (!$userauth->user_update_password($USER, $data->newpassword1)) { - print_error('errorpasswordupdate', 'auth'); - } + if (!$userauth->user_update_password($USER, $data->newpassword1)) { + print_error('errorpasswordupdate', 'auth'); + } - // register success changing password - unset_user_preference('auth_forcepasswordchange', $USER->id); + // register success changing password + unset_user_preference('auth_forcepasswordchange', $USER->id); - $strpasswordchanged = get_string('passwordchanged'); + $strpasswordchanged = get_string('passwordchanged'); - add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&course=$course->id", "$USER->id"); + add_to_log($course->id, 'user', 'change password', "view.php?id=$USER->id&course=$course->id", "$USER->id"); - $fullname = fullname($USER, true); + $fullname = fullname($USER, true); - $PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id))); - $PAGE->navbar->add($strpasswordchanged); - $PAGE->set_title($strpasswordchanged); - $PAGE->set_heading($strpasswordchanged); - echo $OUTPUT->header(); + $PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id))); + $PAGE->navbar->add($strpasswordchanged); + $PAGE->set_title($strpasswordchanged); + $PAGE->set_heading($strpasswordchanged); + echo $OUTPUT->header(); - if (empty($SESSION->wantsurl) or $SESSION->wantsurl == $CFG->httpswwwroot.'/login/change_password.php') { - $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id"; - } else { - $returnto = $SESSION->wantsurl; - } + if (empty($SESSION->wantsurl) or $SESSION->wantsurl == $CFG->httpswwwroot.'/login/change_password.php') { + $returnto = "$CFG->wwwroot/user/view.php?id=$USER->id&course=$id"; + } else { + $returnto = $SESSION->wantsurl; + } - notice($strpasswordchanged, $returnto); + notice($strpasswordchanged, $returnto); - echo $OUTPUT->footer(); - exit; - } + echo $OUTPUT->footer(); + exit; +} - $strchangepassword = get_string('changepassword'); +$strchangepassword = get_string('changepassword'); - $fullname = fullname($USER, true); +$fullname = fullname($USER, true); - $PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id))); - $PAGE->navbar->add($strchangepassword); - $PAGE->set_title($strchangepassword); - $PAGE->set_heading($strchangepassword); - echo $OUTPUT->header(); +$PAGE->navbar->add($fullname, new moodle_url($CFG->wwwroot.'/user/view.php', array('id'=>$USER->id, 'course'=>$course->id))); +$PAGE->navbar->add($strchangepassword); +$PAGE->set_title($strchangepassword); +$PAGE->set_heading($strchangepassword); +echo $OUTPUT->header(); - if (get_user_preferences('auth_forcepasswordchange')) { - echo $OUTPUT->notification(get_string('forcepasswordchangenotice')); - } - $mform->display(); - echo $OUTPUT->footer(); +if (get_user_preferences('auth_forcepasswordchange')) { + echo $OUTPUT->notification(get_string('forcepasswordchangenotice')); +} +$mform->display(); +echo $OUTPUT->footer(); -?> +?> \ No newline at end of file diff --git a/login/confirm.php b/login/confirm.php index 775ace2db8..add9a7742c 100644 --- a/login/confirm.php +++ b/login/confirm.php @@ -1,80 +1,82 @@ -registerauth)) { - print_error('cannotusepage2'); - } - $authplugin = get_auth_plugin($CFG->registerauth); +$PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/confirm.php')); + +if (empty($CFG->registerauth)) { + print_error('cannotusepage2'); +} +$authplugin = get_auth_plugin($CFG->registerauth); + +if (!$authplugin->can_confirm()) { + print_error('cannotusepage2'); +} - if (!$authplugin->can_confirm()) { - print_error('cannotusepage2'); +if (!empty($data) || (!empty($p) && !empty($s))) { + + if (!empty($data)) { + $dataelements = explode('/',$data); + $usersecret = $dataelements[0]; + $username = $dataelements[1]; + } else { + $usersecret = $p; + $username = $s; } - if (!empty($data) || (!empty($p) && !empty($s))) { + $confirmed = $authplugin->user_confirm($username, $usersecret); - if (!empty($data)) { - $dataelements = explode('/',$data); - $usersecret = $dataelements[0]; - $username = $dataelements[1]; - } else { - $usersecret = $p; - $username = $s; + if ($confirmed == AUTH_CONFIRM_ALREADY) { + $user = get_complete_user_data('username', $username); + $PAGE->set_title(get_string("alreadyconfirmed")); + $PAGE->set_heading(get_string("alreadyconfirmed")); + echo $OUTPUT->header(); + echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter'); + echo "

".get_string("thanks").", ". fullname($user) . "

\n"; + echo "

".get_string("alreadyconfirmed")."

\n"; + echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses'))); + echo $OUTPUT->box_end(); + echo $OUTPUT->footer(); + exit; + + } else if ($confirmed == AUTH_CONFIRM_OK) { + + // The user has confirmed successfully, let's log them in + + if (!$user = get_complete_user_data('username', $username)) { + print_error('cannotfinduser', '', '', $username); } - $confirmed = $authplugin->user_confirm($username, $usersecret); - - if ($confirmed == AUTH_CONFIRM_ALREADY) { - $user = get_complete_user_data('username', $username); - $PAGE->set_title(get_string("alreadyconfirmed")); - $PAGE->set_heading(get_string("alreadyconfirmed")); - echo $OUTPUT->header(); - echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter'); - echo "

".get_string("thanks").", ". fullname($user) . "

\n"; - echo "

".get_string("alreadyconfirmed")."

\n"; - echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses'))); - echo $OUTPUT->box_end(); - echo $OUTPUT->footer(); - exit; - - } else if ($confirmed == AUTH_CONFIRM_OK) { - - // The user has confirmed successfully, let's log them in - - if (!$user = get_complete_user_data('username', $username)) { - print_error('cannotfinduser', '', '', $username); - } - - complete_user_login($user); - - if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going - $goto = $SESSION->wantsurl; - unset($SESSION->wantsurl); - redirect($goto); - } - - $PAGE->set_title(get_string("confirmed")); - $PAGE->set_heading(get_string("confirmed")); - echo $OUTPUT->header(); - echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter'); - echo "

".get_string("thanks").", ". fullname($USER) . "

\n"; - echo "

".get_string("confirmed")."

\n"; - echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses'))); - echo $OUTPUT->box_end(); - echo $OUTPUT->footer(); - exit; - } else { - print_error('invalidconfirmdata'); + complete_user_login($user); + + if ( ! empty($SESSION->wantsurl) ) { // Send them where they were going + $goto = $SESSION->wantsurl; + unset($SESSION->wantsurl); + redirect($goto); } + + $PAGE->set_title(get_string("confirmed")); + $PAGE->set_heading(get_string("confirmed")); + echo $OUTPUT->header(); + echo $OUTPUT->box_start('generalbox centerpara boxwidthnormal boxaligncenter'); + echo "

".get_string("thanks").", ". fullname($USER) . "

\n"; + echo "

".get_string("confirmed")."

\n"; + echo $OUTPUT->button(html_form::make_button("$CFG->wwwroot/course/", null, get_string('courses'))); + echo $OUTPUT->box_end(); + echo $OUTPUT->footer(); + exit; } else { - print_error("errorwhenconfirming"); + print_error('invalidconfirmdata'); } +} else { + print_error("errorwhenconfirming"); +} - redirect("$CFG->wwwroot/"); +redirect("$CFG->wwwroot/"); -?> +?> \ No newline at end of file diff --git a/login/forgot_password.php b/login/forgot_password.php index ab35085bf1..d5dd839ee5 100644 --- a/login/forgot_password.php +++ b/login/forgot_password.php @@ -1,5 +1,5 @@ set_url(new moodle_url($CFG->wwwroot.'/login/forgot_password.php')); $PAGE->navbar->add($strlogin, get_login_url()); $PAGE->navbar->add($strforgotten); diff --git a/login/index.php b/login/index.php index e7c23739be..a8c19e43b8 100644 --- a/login/index.php +++ b/login/index.php @@ -1,300 +1,319 @@ -set_course($SITE); +. + +/** + * This file is part of the login section Moodle + * + * @copyright 1999 Martin Dougiamas http://dougiamas.com + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @package login + */ + +require_once("../config.php"); + +redirect_if_major_upgrade_required(); + +$loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically +$testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test + +$context = get_context_instance(CONTEXT_SYSTEM); +$PAGE->set_course($SITE); /// Initialize variables - $errormsg = ''; - $errorcode = 0; +$errormsg = ''; +$errorcode = 0; /// Check for timed out sessions - if (!empty($SESSION->has_timed_out)) { - $session_has_timed_out = true; - unset($SESSION->has_timed_out); - } else { - $session_has_timed_out = false; - } +if (!empty($SESSION->has_timed_out)) { + $session_has_timed_out = true; + unset($SESSION->has_timed_out); +} else { + $session_has_timed_out = false; +} /// auth plugins may override these - SSO anyone? - $frm = false; - $user = false; +$frm = false; +$user = false; - $authsequence = get_enabled_auth_plugins(true); // auths, in sequence - foreach($authsequence as $authname) { - $authplugin = get_auth_plugin($authname); - $authplugin->loginpage_hook(); - } +$authsequence = get_enabled_auth_plugins(true); // auths, in sequence +foreach($authsequence as $authname) { + $authplugin = get_auth_plugin($authname); + $authplugin->loginpage_hook(); +} //HTTPS is potentially required in this page - httpsrequired(); +httpsrequired(); - $PAGE->set_url("$CFG->httpswwwroot/login/index.php"); +$PAGE->set_url("$CFG->httpswwwroot/login/index.php"); /// Define variables used in page - if (!$site = get_site()) { - print_error('siteisnotdefined', 'debug'); +if (!$site = get_site()) { + print_error('siteisnotdefined', 'debug'); +} + +if (empty($CFG->langmenu)) { + $langmenu = ""; +} else { + $currlang = current_language(); + $langs = get_list_of_languages(); + $select = html_select::make_popup_form("$CFG->httpswwwroot/login/index.php", 'lang', $langs, 'chooselang', $currlang); + $select->nothinglabel = false; + $select->set_label(get_accesshide(get_string('language'))); + $langmenu = $OUTPUT->select($select); +} + +$loginsite = get_string("loginsite"); +$PAGE->navbar->add($loginsite); + +if ($user !== false or $frm !== false) { + // some auth plugin already supplied these + +} else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) { + /// Log in as guest automatically (idea from Zbigniew Fiedorowicz) + $frm->username = 'guest'; + $frm->password = 'guest'; + +} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) { + // Handles the case of another Moodle site linking into a page on this site + //TODO: move weblink into own auth plugin + include($CFG->dirroot.'/login/weblinkauth.php'); + if (function_exists('weblink_auth')) { + $user = weblink_auth($SESSION->wantsurl); } - - if (empty($CFG->langmenu)) { - $langmenu = ""; - } else { - $currlang = current_language(); - $langs = get_list_of_languages(); - $select = html_select::make_popup_form("$CFG->httpswwwroot/login/index.php", 'lang', $langs, 'chooselang', $currlang); - $select->nothinglabel = false; - $select->set_label(get_accesshide(get_string('language'))); - $langmenu = $OUTPUT->select($select); - } - - $loginsite = get_string("loginsite"); - $PAGE->navbar->add($loginsite); - - if ($user !== false or $frm !== false) { - // some auth plugin already supplied these - - } else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) { - /// Log in as guest automatically (idea from Zbigniew Fiedorowicz) - $frm->username = 'guest'; - $frm->password = 'guest'; - - } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) { - // Handles the case of another Moodle site linking into a page on this site - //TODO: move weblink into own auth plugin - include($CFG->dirroot.'/login/weblinkauth.php'); - if (function_exists('weblink_auth')) { - $user = weblink_auth($SESSION->wantsurl); - } - if ($user) { - $frm->username = $user->username; - } else { - $frm = data_submitted(); - } - + if ($user) { + $frm->username = $user->username; } else { $frm = data_submitted(); } +} else { + $frm = data_submitted(); +} + /// Check if the user has actually submitted login data to us - if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested +if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested - $errormsg = get_string("cookiesnotenabled"); - $errorcode = 1; + $errormsg = get_string("cookiesnotenabled"); + $errorcode = 1; - } else if ($frm) { // Login WITH cookies +} else if ($frm) { // Login WITH cookies - $frm->username = trim(moodle_strtolower($frm->username)); + $frm->username = trim(moodle_strtolower($frm->username)); - if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) { - $string = preg_replace("~[^(-\.[:alnum:])]~i", "", $frm->username); - if (strcmp($frm->username, $string)) { - $errormsg = get_string('username').': '.get_string("alphanumerical"); - $errorcode = 2; + if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) { + $string = preg_replace("~[^(-\.[:alnum:])]~i", "", $frm->username); + if (strcmp($frm->username, $string)) { + $errormsg = get_string('username').': '.get_string("alphanumerical"); + $errorcode = 2; - $user = null; - } + $user = null; } + } - if ($user) { - //user already supplied by aut plugin prelogin hook - } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) { - $user = false; /// Can't log in as guest if guest button is disabled - $frm = false; - } else { - if (empty($errormsg)) { - $user = authenticate_user_login($frm->username, $frm->password); - } + if ($user) { + //user already supplied by aut plugin prelogin hook + } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) { + $user = false; /// Can't log in as guest if guest button is disabled + $frm = false; + } else { + if (empty($errormsg)) { + $user = authenticate_user_login($frm->username, $frm->password); } - update_login_count(); + } + update_login_count(); - if ($user) { + if ($user) { - // language setup - if ($user->username == 'guest') { - // no predefined language for guests - use existing session or default site lang - unset($user->lang); + // language setup + if ($user->username == 'guest') { + // no predefined language for guests - use existing session or default site lang + unset($user->lang); - } else if (!empty($user->lang)) { - // unset previous session language - use user preference instead - unset($SESSION->lang); - } + } else if (!empty($user->lang)) { + // unset previous session language - use user preference instead + unset($SESSION->lang); + } - if (empty($user->confirmed)) { // This account was never confirmed - $PAGE->set_title(get_string("mustconfirm")); - $PAGE->set_heading(get_string("mustconfirm")); - echo $OUTPUT->header(); - echo $OUTPUT->heading(get_string("mustconfirm")); - echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter"); - echo $OUTPUT->footer(); - die; - } + if (empty($user->confirmed)) { // This account was never confirmed + $PAGE->set_title(get_string("mustconfirm")); + $PAGE->set_heading(get_string("mustconfirm")); + echo $OUTPUT->header(); + echo $OUTPUT->heading(get_string("mustconfirm")); + echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter"); + echo $OUTPUT->footer(); + die; + } - if ($frm->password == 'changeme') { - //force the change - set_user_preference('auth_forcepasswordchange', true, $user->id); - } + if ($frm->password == 'changeme') { + //force the change + set_user_preference('auth_forcepasswordchange', true, $user->id); + } - /// Let's get them all set up. - add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, - $user->id, 0, $user->id); - complete_user_login($user); + /// Let's get them all set up. + add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, + $user->id, 0, $user->id); + complete_user_login($user); - /// Prepare redirection - if (user_not_fully_set_up($USER)) { - $urltogo = $CFG->wwwroot.'/user/edit.php'; - // We don't delete $SESSION->wantsurl yet, so we get there later + /// Prepare redirection + if (user_not_fully_set_up($USER)) { + $urltogo = $CFG->wwwroot.'/user/edit.php'; + // We don't delete $SESSION->wantsurl yet, so we get there later - } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) { - $urltogo = $SESSION->wantsurl; /// Because it's an address in this site - unset($SESSION->wantsurl); + } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) { + $urltogo = $SESSION->wantsurl; /// Because it's an address in this site + unset($SESSION->wantsurl); - } else { - // no wantsurl stored or external - go to homepage - $urltogo = $CFG->wwwroot.'/'; - unset($SESSION->wantsurl); - } + } else { + // no wantsurl stored or external - go to homepage + $urltogo = $CFG->wwwroot.'/'; + unset($SESSION->wantsurl); + } - /// Go to my-moodle page instead of homepage if mymoodleredirect enabled - if (!has_capability('moodle/site:config', $context) and !empty($CFG->mymoodleredirect) and !isguest()) { - if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') { - $urltogo = $CFG->wwwroot.'/my/'; - } + /// Go to my-moodle page instead of homepage if mymoodleredirect enabled + if (!has_capability('moodle/site:config', $context) and !empty($CFG->mymoodleredirect) and !has_capability('moodle/legacy:guest',$context, 0, false)) { + if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') { + $urltogo = $CFG->wwwroot.'/my/'; } + } - /// check if user password has expired - /// Currently supported only for ldap-authentication module - $userauth = get_auth_plugin($USER->auth); - if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) { - if ($userauth->can_change_password()) { - $passwordchangeurl = $userauth->change_password_url(); - if(!$passwordchangeurl) { - $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; - } - } else { + /// check if user password has expired + /// Currently supported only for ldap-authentication module + $userauth = get_auth_plugin($USER->auth); + if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) { + if ($userauth->can_change_password()) { + $passwordchangeurl = $userauth->change_password_url(); + if(!$passwordchangeurl) { $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; } - $days2expire = $userauth->password_expire($USER->username); - $PAGE->set_title("$site->fullname: $loginsite"); - $PAGE->set_heading("$site->fullname"); - $PAGE->set_headingmenu("
$langmenu
"); - if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) { - echo $OUTPUT->header(); - echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); - echo $OUTPUT->footer(); - exit; - } elseif (intval($days2expire) < 0 ) { - echo $OUTPUT->header(); - echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo); - echo $OUTPUT->footer(); - exit; - } + } else { + $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; + } + $days2expire = $userauth->password_expire($USER->username); + $PAGE->set_title("$site->fullname: $loginsite"); + $PAGE->set_heading("$site->fullname"); + $PAGE->set_headingmenu("
$langmenu
"); + if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) { + echo $OUTPUT->header(); + echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); + echo $OUTPUT->footer(); + exit; + } elseif (intval($days2expire) < 0 ) { + echo $OUTPUT->header(); + echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo); + echo $OUTPUT->footer(); + exit; } + } - reset_login_count(); + reset_login_count(); - redirect($urltogo); + redirect($urltogo); - exit; + exit; - } else { - if (empty($errormsg)) { - $errormsg = get_string("invalidlogin"); - $errorcode = 3; - } + } else { + if (empty($errormsg)) { + $errormsg = get_string("invalidlogin"); + $errorcode = 3; + } - // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user - if ( !empty($CFG->mnet_dispatcher_mode) - && $CFG->mnet_dispatcher_mode === 'strict' - && is_enabled_auth('mnet')) { - $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username"); - } + // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user + if ( !empty($CFG->mnet_dispatcher_mode) + && $CFG->mnet_dispatcher_mode === 'strict' + && is_enabled_auth('mnet')) { + $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username"); } } +} /// Detect problems with timedout sessions - if ($session_has_timed_out and !data_submitted()) { - $errormsg = get_string('sessionerroruser', 'error'); - $errorcode = 4; - } +if ($session_has_timed_out and !data_submitted()) { + $errormsg = get_string('sessionerroruser', 'error'); + $errorcode = 4; +} /// First, let's remember where the user was trying to get to before they got here - if (empty($SESSION->wantsurl)) { - $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) && - $_SERVER["HTTP_REFERER"] != $CFG->wwwroot && - $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' && - $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' && - $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php') - ? $_SERVER["HTTP_REFERER"] : NULL; - } +if (empty($SESSION->wantsurl)) { + $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) && + $_SERVER["HTTP_REFERER"] != $CFG->wwwroot && + $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' && + $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' && + $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php') + ? $_SERVER["HTTP_REFERER"] : NULL; +} /// Redirect to alternative login URL if needed - if (!empty($CFG->alternateloginurl)) { - $loginurl = $CFG->alternateloginurl; +if (!empty($CFG->alternateloginurl)) { + $loginurl = $CFG->alternateloginurl; - if (strpos($SESSION->wantsurl, $loginurl) === 0) { - //we do not want to return to alternate url - $SESSION->wantsurl = NULL; - } - - if ($errorcode) { - if (strpos($loginurl, '?') === false) { - $loginurl .= '?'; - } else { - $loginurl .= '&'; - } - $loginurl .= 'errorcode='.$errorcode; - } - - redirect($loginurl); - } - - -/// Generate the login page with forms - - if (get_moodle_cookie() == '') { - set_moodle_cookie('nobody'); // To help search for cookies + if (strpos($SESSION->wantsurl, $loginurl) === 0) { + //we do not want to return to alternate url + $SESSION->wantsurl = NULL; } - if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184 - if (!empty($_GET["username"])) { - $frm->username = $_GET["username"]; + if ($errorcode) { + if (strpos($loginurl, '?') === false) { + $loginurl .= '?'; } else { - $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie(); + $loginurl .= '&'; } - - $frm->password = ""; + $loginurl .= 'errorcode='.$errorcode; } - if (!empty($frm->username)) { - $focus = "password"; - } else { - $focus = "username"; - } + redirect($loginurl); +} - if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) { - $show_instructions = true; - } else { - $show_instructions = false; - } - $PAGE->set_title("$site->fullname: $loginsite"); - $PAGE->set_heading("$site->fullname"); - $PAGE->set_headingmenu("
$langmenu
"); - $PAGE->set_focuscontrol($focus); +/// Generate the login page with forms - echo $OUTPUT->header(); - include("index_form.html"); - echo $OUTPUT->footer(); +if (get_moodle_cookie() == '') { + set_moodle_cookie('nobody'); // To help search for cookies +} +if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184 + if (!empty($_GET["username"])) { + $frm->username = $_GET["username"]; + } else { + $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie(); + } -?> + $frm->password = ""; +} + +if (!empty($frm->username)) { + $focus = "password"; +} else { + $focus = "username"; +} + +if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) { + $show_instructions = true; +} else { + $show_instructions = false; +} + +$PAGE->set_title("$site->fullname: $loginsite"); +$PAGE->set_heading("$site->fullname"); +$PAGE->set_headingmenu("
$langmenu
"); +$PAGE->set_focuscontrol($focus); + +echo $OUTPUT->header(); +include("index_form.html"); +echo $OUTPUT->footer(); \ No newline at end of file diff --git a/login/logout.php b/login/logout.php index d28511b629..2eaadca363 100644 --- a/login/logout.php +++ b/login/logout.php @@ -1,35 +1,58 @@ -wwwroot.'/'; - - $sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning - - if (!isloggedin()) { - // no confirmation, user has already logged out - require_logout(); - redirect($redirect); - - } else if (!confirm_sesskey($sesskey)) { - $PAGE->set_title($SITE->fullname); - $PAGE->set_heading($SITE->fullname); - echo $OUTPUT->header(); - echo $OUTPUT->confirm(get_string('logoutconfirm'), 'logout.php', $CFG->wwwroot.'/'); - echo $OUTPUT->footer(); - die; - } - - $authsequence = get_enabled_auth_plugins(); // auths, in sequence - foreach($authsequence as $authname) { - $authplugin = get_auth_plugin($authname); - $authplugin->logoutpage_hook(); - } - +. + +/** + * Logs the user out and sends them to the home page + * + * @copyright 1999 Martin Dougiamas http://dougiamas.com + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @package login + */ + +require_once("../config.php"); + +// can be overriden by auth plugins +$redirect = $CFG->wwwroot.'/'; + +$sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning + +if (!isloggedin()) { + // no confirmation, user has already logged out require_logout(); - redirect($redirect); -?> +} else if (!confirm_sesskey($sesskey)) { + $url = new moodle_url($CFG->wwwroot.'/login/logout.php'); + if ($sesskey !== '__notpresent__') $url->param('sesskey', $sesskey); + $PAGE->set_url($url); + $PAGE->set_title($SITE->fullname); + $PAGE->set_heading($SITE->fullname); + echo $OUTPUT->header(); + echo $OUTPUT->confirm(get_string('logoutconfirm'), 'logout.php', $CFG->wwwroot.'/'); + echo $OUTPUT->footer(); + die; +} + +$authsequence = get_enabled_auth_plugins(); // auths, in sequence +foreach($authsequence as $authname) { + $authplugin = get_auth_plugin($authname); + $authplugin->logoutpage_hook(); +} + +require_logout(); + +redirect($redirect); \ No newline at end of file diff --git a/login/mnet_email.php b/login/mnet_email.php index e556c7ac95..780b97cf84 100644 --- a/login/mnet_email.php +++ b/login/mnet_email.php @@ -11,6 +11,8 @@ if (isloggedin() and !isguestuser()) { redirect( $CFG->wwwroot.'/', get_string('loginalready'), 5); } +$PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/mnet_email.php', array('u'=>$username))); + $PAGE->navbar->add('MNET ID Provider'); $PAGE->set_title('MNET ID Provider'); $PAGE->set_heading('MNET ID Provider'); @@ -39,6 +41,4 @@ echo $OUTPUT->box_start('generalbox boxaligncenter boxwidthnormal'); box_end(); -echo $OUTPUT->footer(); - -?> +echo $OUTPUT->footer(); \ No newline at end of file diff --git a/login/signup.php b/login/signup.php index 2c366291e6..6266c0f647 100644 --- a/login/signup.php +++ b/login/signup.php @@ -1,71 +1,92 @@ -recaptchapublickey) && !empty($CFG->recaptchaprivatekey) && get_config('auth/email', 'recaptcha'); - } - - require_once('signup_form.php'); - - - if (empty($CFG->registerauth)) { - print_error("Sorry, you may not use this page."); - } - $authplugin = get_auth_plugin($CFG->registerauth); - - if (!$authplugin->can_signup()) { - print_error("Sorry, you may not use this page."); - } - - //HTTPS is potentially required in this page - httpsrequired(); - - $mform_signup = new login_signup_form(); - - if ($mform_signup->is_cancelled()) { - redirect(get_login_url()); - - } else if ($user = $mform_signup->get_data()) { - $user->confirmed = 0; - $user->lang = current_language(); - $user->firstaccess = time(); - $user->mnethostid = $CFG->mnet_localhost_id; - $user->secret = random_string(15); - $user->auth = $CFG->registerauth; - - $authplugin->user_signup($user, true); // prints notice and link to login/index.php - exit; //never reached - } - - $newaccount = get_string('newaccount'); - $login = get_string('login'); - - if (empty($CFG->langmenu)) { - $langmenu = ''; - } else { - $currlang = current_language(); - $langs = get_list_of_languages(); - $select = html_select::make_popup_form("$CFG->wwwroot/login/signup.php", 'lang', $langs, 'chooselang', $currlang); - $select->nothinglabel = false; - $langmenu = $OUTPUT->select($select); - } - - $PAGE->navbar->add($login); - $PAGE->navbar->add($newaccount); - $PAGE->set_title($newaccount); - $PAGE->set_heading($newaccount); - $PAGE->set_focuscontrol($mform_signup->focus()); - $PAGE->set_headingmenu("
$langmenu
"); - - echo $OUTPUT->header(); - $mform_signup->display(); - echo $OUTPUT->footer(); - - -?> +. + +/** + * This file is part of the login section Moodle + * + * @copyright 1999 Martin Dougiamas http://dougiamas.com + * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later + * @package login + */ + +require_once('../config.php'); + +/** + * Returns whether or not the captcha element is enabled, and the admin settings fulfil its requirements. + * @return bool + */ +function signup_captcha_enabled() { + global $CFG; + return !empty($CFG->recaptchapublickey) && !empty($CFG->recaptchaprivatekey) && get_config('auth/email', 'recaptcha'); +} + +require_once('signup_form.php'); + + +if (empty($CFG->registerauth)) { + print_error("Sorry, you may not use this page."); +} +$authplugin = get_auth_plugin($CFG->registerauth); + +if (!$authplugin->can_signup()) { + print_error("Sorry, you may not use this page."); +} + +//HTTPS is potentially required in this page +httpsrequired(); + +$mform_signup = new login_signup_form(); + +if ($mform_signup->is_cancelled()) { + redirect(get_login_url()); + +} else if ($user = $mform_signup->get_data()) { + $user->confirmed = 0; + $user->lang = current_language(); + $user->firstaccess = time(); + $user->mnethostid = $CFG->mnet_localhost_id; + $user->secret = random_string(15); + $user->auth = $CFG->registerauth; + + $authplugin->user_signup($user, true); // prints notice and link to login/index.php + exit; //never reached +} + +$newaccount = get_string('newaccount'); +$login = get_string('login'); + +if (empty($CFG->langmenu)) { + $langmenu = ''; +} else { + $currlang = current_language(); + $langs = get_list_of_languages(); + $select = html_select::make_popup_form("$CFG->wwwroot/login/signup.php", 'lang', $langs, 'chooselang', $currlang); + $select->nothinglabel = false; + $langmenu = $OUTPUT->select($select); +} + +$PAGE->navbar->add($login); +$PAGE->navbar->add($newaccount); +$PAGE->set_url(new moodle_url($CFG->wwwroot.'/login/signup.php')); +$PAGE->set_title($newaccount); +$PAGE->set_heading($newaccount); +$PAGE->set_focuscontrol($mform_signup->focus()); +$PAGE->set_headingmenu("
$langmenu
"); + +echo $OUTPUT->header(); +$mform_signup->display(); +echo $OUTPUT->footer(); \ No newline at end of file -- 2.39.5