From a238e822a2c2665755175092356c38d6579b9c66 Mon Sep 17 00:00:00 2001
From: martinlanghoff <martinlanghoff>
Date: Wed, 14 Nov 2007 22:03:46 +0000
Subject: [PATCH] login/index, moodlelib: move session setup logic to
 complete_user_login()

Move most of the user session setup logic from login/index.php to
complete_user_login().
---
 lib/moodlelib.php | 55 +++++++++++++++++++++++++++++++++++++++++++++++
 login/index.php   | 46 ++++++---------------------------------
 2 files changed, 62 insertions(+), 39 deletions(-)

diff --git a/lib/moodlelib.php b/lib/moodlelib.php
index abde06a6c1..a218bac7d5 100644
--- a/lib/moodlelib.php
+++ b/lib/moodlelib.php
@@ -2921,6 +2921,10 @@ function guest_user() {
  *
  * Uses auth_ functions from the currently active auth module
  *
+ * After authenticate_user_login() returns success, you will need to
+ * log that the user has logged in, and call complete_user_login() to set
+ * the session up.
+ *
  * @uses $CFG
  * @param string $username  User's username (with system magic quotes)
  * @param string $password  User's password (with system magic quotes)
@@ -3005,6 +3009,57 @@ function authenticate_user_login($username, $password) {
     return false;
 }
 
+/**
+ * Call to complete the user login process after authenticate_user_login()
+ * has succeeded. It will setup the $USER variable and other required bits
+ * and pieces.
+ * 
+ * NOTE:
+ * - It will NOT log anything -- up to the caller to decide what to log.
+ *
+ *
+ *
+ * @uses $CFG, $USER
+ * @param string $user obj
+ * @return user|flase A {@link $USER} object or false if error
+ */
+function complete_user_login($user) {
+    global $CFG, $USER;
+    
+    $USER = $user; // should not be needed, but cover for legacy code
+
+    update_user_login_times();
+    if (empty($CFG->nolastloggedin)) {
+        set_moodle_cookie($USER->username);
+    } else {
+        // do not store last logged in user in cookie
+        // auth plugins can temporarily override this from loginpage_hook()
+        // do not save $CFG->nolastloggedin in database!
+        set_moodle_cookie('nobody');
+    }
+    set_login_session_preferences();
+
+    /// This is what lets the user do anything on the site :-)
+    load_all_capabilities();
+
+    /// Select password change url
+    $userauth = get_auth_plugin($USER->auth);
+
+    /// check whether the user should be changing password
+    if (get_user_preferences('auth_forcepasswordchange', false)){
+        if ($userauth->can_change_password()) {
+            if ($changeurl = $userauth->change_password_url()) {
+                redirect($changeurl);
+            } else {
+                redirect($CFG->httpswwwroot.'/login/change_password.php');
+            }
+        } else {
+            error(get_string('nopasswordchangeforced', 'auth'));
+        }
+    }
+    return $USER;
+}
+
 /**
  * Compare password against hash stored in internal user table.
  * If necessary it also updates the stored hash to new format.
diff --git a/login/index.php b/login/index.php
index af0d68b585..82b125e840 100644
--- a/login/index.php
+++ b/login/index.php
@@ -150,47 +150,15 @@ httpsrequired();
                 die;
             }
 
-        /// Let's get them all set up.
-            $USER = $user;
-
-            add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
-
-
-            update_user_login_times();
-            if (empty($CFG->nolastloggedin)) {
-                set_moodle_cookie($USER->username);
-            } else {
-                // do not store last logged in user in cookie
-                // auth plugins can temporarily override this from loginpage_hook()
-                // do not save $CFG->nolastloggedin in database!
-                set_moodle_cookie('nobody');
-            }
-            set_login_session_preferences();
-
-        /// This is what lets the user do anything on the site :-)
-            load_all_capabilities();
-
-        /// Select password change url
-            $userauth = get_auth_plugin($USER->auth);
-
-        /// check whether the user should be changing password
-            if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
-                if ($frm->password == 'changeme') {
-                    //force the change
-                    set_user_preference('auth_forcepasswordchange', true);
-                }
-                //Select password change url
-                if ($userauth->can_change_password()) {
-                    if ($changeurl = $userauth->change_password_url()) {
-                        redirect($changeurl);
-                    } else {
-                        redirect($CFG->httpswwwroot.'/login/change_password.php');
-                    }
-                } else {
-                    error(get_string('nopasswordchangeforced', 'auth'));
-                }
+            if ($frm->password == 'changeme') {
+                //force the change
+                set_user_preference('auth_forcepasswordchange', true, $user->id);
             }
 
+        /// Let's get them all set up.
+            add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
+                       $user->id, 0, $user->id);
+            $USER = complete_user_login($user);
 
         /// Prepare redirection
             if (user_not_fully_set_up($USER)) {
-- 
2.39.5