From af9c5226c456fd862ccb7844c5307a11a261527b Mon Sep 17 00:00:00 2001 From: martinlanghoff Date: Thu, 4 Jan 2007 03:03:57 +0000 Subject: [PATCH] mnet: login operations (change pw, forgotpw) now handle multiauth and mnet remote users --- login/change_password.php | 39 +++++++++++++++++++++------------------ login/confirm.php | 39 +++++++++++++++------------------------ login/forgot_password.php | 24 ++++++++---------------- login/index.php | 38 ++++++++++++++++++++++++-------------- login/index_form.html | 13 ++++++++----- login/logout.php | 9 ++++++++- login/mnet_email.php | 39 +++++++++++++++++++++++++++++++++++++++ login/signup.php | 26 +++++++++----------------- login/signup_form.php | 7 ++++--- 9 files changed, 136 insertions(+), 98 deletions(-) create mode 100644 login/mnet_email.php diff --git a/login/change_password.php b/login/change_password.php index 6094e1b4ed..00b6e8f69e 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -14,6 +14,14 @@ error('No such course!'); } + if (is_mnet_remote_user($USER)) { + $message = get_string('usercannotchangepassword', 'mnet'); + if ($idprovider = get_record('mnet_host', 'id', $USER->mnethostid)) { + $message .= get_string('userchangepasswordlink', 'mnet', $idprovider); + } + error($message); + } + // require proper login; guest can not change passwords anymore! // TODO: add change password capability so that we can prevent participants to change password if (empty($USER->id) or $USER->username=='guest' or has_capability('moodle/legacy:guest', $sitecontext, $USER->id, false)) { @@ -46,28 +54,23 @@ $user = get_complete_user_data('username', $data->username); } - if (is_internal_auth($user->auth)){ - if (!update_internal_user_password($user, $data->newpassword1)) { + // load the appropriate auth plugin + $userauth = get_auth_plugin($user->auth); + if ($userauth->can_change_password()){ + if ($userauth->user_update_password($user, $data->newpassword1)) { + // hash the $user->password field (without local db update) + update_internal_user_password($user, $frm->newpassword1, false); + } else { error('Could not set the new password'); } } else { // external users - // the relevant auth libs should be loaded already - // as part of form validation in function authenticate_user_login() - // check that we allow changes through moodle - if (!empty($CFG->{'auth_'. $user->auth.'_stdchangepassword'})) { - if (function_exists('auth_user_update_password')){ - // note that we pass cleartext password - if (auth_user_update_password($user->username, $data->newpassword1)){ - update_internal_user_password($user, $data->newpassword1, false); - } else { - error('Could not set the new password'); - } - } else { - error('The authentication module is misconfigured (missing auth_user_update_password)'); - } - } else { - error('You cannot change your password this way.'); + $message = 'You cannot change your password this way.'; + if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { + $message .= '

' . get_string('passwordextlink') + . '

' . '' + . $userauth->change_password_url() . ''; error('You cannot change your password this way.'); } + error($message); } // register success changing password diff --git a/login/confirm.php b/login/confirm.php index 233b7dfddc..51c4b6f3d7 100644 --- a/login/confirm.php +++ b/login/confirm.php @@ -1,7 +1,6 @@ auth/lib.php"); $data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username @@ -19,36 +18,30 @@ $username = $s; } - $user = get_complete_user_data('username', $username ); + $authplugin = get_auth_plugin('email'); + $confirmed = $authplugin->user_confirm($username, $usersecret); - if (!empty($user)) { - - if ($user->confirmed) { + if ($confirmed == AUTH_CONFIRM_ALREADY) { + $user = get_complete_user_data('username', $username); print_header(get_string("alreadyconfirmed"), get_string("alreadyconfirmed"), "", ""); echo "

".get_string("thanks").", ". fullname($user) . "

\n"; echo "

".get_string("alreadyconfirmed")."

\n"; echo "

-> wwwroot/course/\">".get_string("courses")."

\n"; print_footer(); exit; - } - - if ($user->secret == $usersecret) { // They have provided the secret key to get in - - if (!set_field("user", "confirmed", 1, "id", $user->id)) { - error("Could not confirm this user!"); - } - if (!set_field("user", "firstaccess", time(), "id", $user->id)) { - error("Could not set this user's first access date!"); - } - if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_activate') ) { - if (!auth_user_activate($user->username)) { - error("Could not activate this user!"); + } + if ($confirmed == AUTH_CONFIRM_OK) { + // Activate new user if necessary + $authplugin = get_auth_plugin($CFG->auth); + if (isset($CFG->auth_user_create) and $CFG->auth_user_create == 1 and method_exists($authplugin, 'user_activate') ) { + if (!$authplugin->user_activate($username)) { + error('Could not activate this user!'); } } // The user has confirmed successfully, let's log them in - - if (!$USER = get_complete_user_data('username', $user->username)) { + + if (!$USER = get_complete_user_data('username', $username)) { error("Something serious is wrong with the database"); } @@ -59,17 +52,15 @@ unset($SESSION->wantsurl); redirect("$goto"); } - + print_header(get_string("confirmed"), get_string("confirmed"), "", ""); echo "

".get_string("thanks").", ". fullname($USER) . "

\n"; echo "

".get_string("confirmed")."

\n"; echo "

-> wwwroot/course/\">".get_string("courses")."

\n"; print_footer(); exit; - - } else { + } else { error("Invalid confirmation data"); - } } } else { error(get_string("errorwhenconfirming")); diff --git a/login/forgot_password.php b/login/forgot_password.php index c441910538..aacf5db714 100644 --- a/login/forgot_password.php +++ b/login/forgot_password.php @@ -46,15 +46,9 @@ if (isloggedin() && !isguest()) { redirect($CFG->wwwroot.'/index.php', $strloginalready, 5); } -// changepassword link replaced by individual auth setting +// instantiate default auth $auth = $CFG->auth; // the 'default' authentication method -if (!empty($CFG->changepassword)) { - if (empty($CFG->{'auth_'.$auth.'_changepasswordurl'})) { - set_config('auth_'.$auth.'_changepasswordurl', $CFG->changepassword); - } - set_config('changepassword', ''); -} - +$defaultauth = get_auth_plugin($auth); $mform = new login_forgot_password_form(); @@ -114,8 +108,8 @@ if ($action == 'find' and $param = $mform->data_submitted()) { $errors[] = $strconfirmednot; } else { // what to do depends on the authentication method - $authmethod = $user->auth; - if (is_internal_auth($authmethod) or !empty($CFG->{'auth_'.$authmethod.'_stdchangepassword'})) { + $userauth = get_auth_plugin($user->auth); + if ($userauth->is_internal() or $userauth->can_change_password()) { // handle internal authentication // set 'secret' string @@ -137,14 +131,13 @@ if ($action == 'find' and $param = $mform->data_submitted()) { // if help text defined then we are going to display another page $strextmessage = ''; $continue = false; - if (!empty($CFG->{'auth_'.$authmethod.'_changepasswordhelp'})) { - $strextmessage = $CFG->{'auth_'.$authmethod.'_changepasswordhelp'}.'

'; + if (!empty($userauth->config->changepasswordhelp)) { + $txt->extmessage = $userauth->config->changepasswordhelp .'

'; } // if url defined then add that to the message (with a standard message) - if (!empty($CFG->{'auth_'.$authmethod.'_changepasswordurl'})) { + if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) { $strextmessage .= $strpasswordextlink . '

'; - $link = $CFG->{'auth_'.$authmethod.'_changepasswordurl'}; - $strextmessage .= "$link"; + $txt->extmessage .= '' . $userauth->change_password_url() . ''; } // if nothing to display, just do message that we can't help if (empty($strextmessage)) { @@ -281,4 +274,3 @@ $mform->display(); print_footer(); ?> - diff --git a/login/index.php b/login/index.php index d4cd256401..35041250f1 100644 --- a/login/index.php +++ b/login/index.php @@ -1,5 +1,6 @@ auth == 'cas' && !empty($CFG->cas_enabled)) { + +// check if auth config broken (old config --> multi config) +if (empty($CFG->auth_plugins_enabled) and ! empty($CFG->auth)) { + set_config('auth_plugins_enabled', $CFG->auth); +} +$authsequence = explode(',', $CFG->auth_plugins_enabled); // auths, in sequence + +// Load alternative login screens if necessary +if ($authsequence[0] == 'cas' and !empty($CFG->cas_enabled)) { require($CFG->dirroot.'/auth/cas/login.php'); } @@ -141,17 +150,15 @@ update_user_login_times(); set_moodle_cookie($USER->username); set_login_session_preferences(); - - + //Select password change url - if (is_internal_auth($USER->auth) || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){ + $userauth = get_auth_plugin($USER->auth); + if ($userauth->can_change_password()) { $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php'; - } elseif($CFG->changepassword) { - $passwordchangeurl=$CFG->changepassword; } else { - $passwordchangeurl = ''; + $passwordchangeurl = $userauth->change_password_url(); } - + // check whether the user should be changing password if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){ if ($passwordchangeurl != '') { @@ -189,9 +196,8 @@ // check if user password has expired // Currently supported only for ldap-authentication module - if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) { - if (function_exists('auth_password_expire')){ - $days2expire = auth_password_expire($USER->username); + if (method_exists($userauth, 'password_expire') and !empty($userauth->config->expiration) and $userauth->config->expiration == 1) { + $days2expire = $userauth->password_expire($USER->username); if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) { print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "
$langmenu
"); notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); @@ -203,7 +209,6 @@ print_footer(); exit; } - } } reset_login_count(); @@ -218,6 +223,11 @@ if (empty($errormsg)) { $errormsg = get_string("invalidlogin"); } + + // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user + if ($users = get_records('user', 'username', $frm->username)) { + $errormsg .= "
If you are a Moodle Network remote user and can username\">confirm your email address here, you can be redirected to your login page.
"; + } } } @@ -250,7 +260,7 @@ set_moodle_cookie('nobody'); // To help search for cookies } - if (empty($frm->username) && $CFG->auth != 'shibboleth') { // See bug 5184 +if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184 $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie(); $frm->password = ""; } @@ -264,7 +274,7 @@ if (isset($CFG->auth_instructions)) { $CFG->auth_instructions = trim($CFG->auth_instructions); } - if ($CFG->auth == "email" or $CFG->auth == "none" or !empty($CFG->auth_instructions)) { +if ($authsequence[0] == "email" or $authsequence[0] == "none" or !empty($CFG->auth_instructions)) { $show_instructions = true; } else { $show_instructions = false; diff --git a/login/index_form.html b/login/index_form.html index e7fefb0b72..971d063452 100644 --- a/login/index_form.html +++ b/login/index_form.html @@ -82,7 +82,7 @@ -auth) { + @@ -92,15 +92,18 @@ auth_instructions); - if (!function_exists('auth_user_login')) { - require_once("../auth/$CFG->auth/lib.php"); - } - if (!empty($CFG->auth_user_create) and function_exists('auth_user_create') ){ + // TODO: if !function_exists(auth_user_login) then require_once /auth/$CFG->auth/lib.php + // ..which implies that auth_user_login might have been floating + // about in global namespace. grr + $authplugin = get_auth_plugin($CFG->auth); + if (!empty($CFG->auth_user_create) and method_exists($authplugin, 'user_create') ){ ?>
diff --git a/login/logout.php b/login/logout.php index df49f2a328..c74cfefddd 100644 --- a/login/logout.php +++ b/login/logout.php @@ -3,8 +3,15 @@ require_once("../config.php"); + if ($USER->mnethostid != $CFG->mnet_localhost_id) { + $host = get_record('mnet_host', 'id', $USER->mnethostid); + $wwwroot = $host->wwwroot; + } else { + $wwwroot = $CFG->wwwroot; + } + require_logout(); - redirect("$CFG->wwwroot/"); + redirect("$wwwroot/"); ?> diff --git a/login/mnet_email.php b/login/mnet_email.php new file mode 100644 index 0000000000..d08a13b710 --- /dev/null +++ b/login/mnet_email.php @@ -0,0 +1,39 @@ +wwwroot.'/', get_string('loginalready'), 5); +} + +print_header('MNET ID Provider', 'MNET ID Provider', 'MNET ID Provider', 'form.email' ); + +if ($form = data_submitted() and confirm_sesskey()) { + if ($user = get_record('user', 'username', $username, 'email', $form->email)) { + if (!empty($user->mnethostid) and $host = get_record('mnet_host', 'id', $user->mnethostid)) { + notice("You should be able to login at your wwwroot}/login/\">{$host->name} provider."); + } + } +} + +echo '

 

'; +print_simple_box_start('center','50%','','20'); + +?> + + + : + + +
+ diff --git a/login/signup.php b/login/signup.php index a11a68d110..20fc6077fb 100644 --- a/login/signup.php +++ b/login/signup.php @@ -1,13 +1,14 @@ auth/lib.php"); require_once('signup_form.php'); //HTTPS is potentially required in this page httpsrequired(); - if ($CFG->auth != 'email' and (empty($CFG->auth_user_create) or !(function_exists('auth_user_create'))) ) { + $authplugin = get_auth_plugin($CFG->auth); + + if ($CFG->auth != 'email' and (empty($CFG->auth_user_create) or !(method_exists($authplugin, 'user_create'))) ) { error("Sorry, you may not use this page."); } @@ -22,12 +23,13 @@ $user->confirmed = 0; $user->lang = current_language(); $user->firstaccess = time(); + $user->mnethostid = $CFG->mnet_localhost_id; $user->secret = random_string(15); $user->auth = $CFG->auth; - if (!empty($CFG->auth_user_create) and function_exists('auth_user_create') ){ - if (! auth_user_exists($user->username)) { - if (! auth_user_create($user, $plainpass)) { + if (!empty($CFG->auth_user_create) and method_exists($authplugin, 'user_create') ){ + if (! $authplugin->user_exists($user->username)) { + if (! $authplugin->user_create($user, $plainpass)) { error("Could not add user to authentication module!"); } } else { @@ -35,21 +37,11 @@ } } - if (! ($user->id = insert_record('user', $user))) { - error("Could not add your record to the database!"); - } - - if (! send_confirmation_email($user)) { - error("Tried to send you an email but failed!"); - } - - $emailconfirm = get_string("emailconfirm"); - print_header($emailconfirm, $emailconfirm, $emailconfirm); - notice(get_string("emailconfirmsent", "", $user->email), "$CFG->wwwroot/index.php"); + $authplugin = get_auth_plugin($CFG->auth); + $signedup = $authplugin->user_signup($user, $notify=true); exit; } - $newaccount = get_string('newaccount'); $login = get_string('login'); diff --git a/login/signup_form.php b/login/signup_form.php index 40c0cd82c6..b2d361d446 100644 --- a/login/signup_form.php +++ b/login/signup_form.php @@ -64,8 +64,9 @@ class login_signup_form_1 extends moodleform { global $CFG; $errors = array(); + $authplugin = get_auth_plugin($CFG->auth); - if (record_exists('user', 'username', $data['username'])){ + if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id))){ $errors['username'] = get_string('usernameexists'); } else { if (empty($CFG->extendedusernamechars)) { @@ -75,8 +76,8 @@ class login_signup_form_1 extends moodleform { } } } - if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and function_exists('auth_user_exists') ){ - if (auth_user_exists($data['username'])) { + if (isset($CFG->auth_user_create) and $CFG->auth_user_create==1 and method_exists($authplugin, 'user_exists')){ + if ($authplugin->user_exists($user->username)) { $errors['username'] = get_string('usernameexists'); } } -- 2.39.5