From faebaf0f4050a78642ad4e77d781d0db1a1ee931 Mon Sep 17 00:00:00 2001 From: martin Date: Thu, 26 Sep 2002 07:03:22 +0000 Subject: [PATCH] First implementation of new authentication system, which can now use pluggable modules in the 'auth' directory. Everything is done through authentication_user_login in lib/moodlelib.php As well as the old default "email" confirmation, I added a new type of confirmation "none", which basically does no confirmation at all. --- admin/config.html | 16 +++++++++++ auth/README | 35 ++++++++++++++++++++++++ auth/email/lib.php | 19 +++++++++++++ auth/none/lib.php | 17 ++++++++++++ error/index.php | 2 +- lang/en/moodle.php | 3 ++- lib/defaults.php | 1 + lib/moodlelib.php | 56 ++++++++++++++++++++++++++++++--------- login/change_password.php | 2 +- login/index.php | 2 +- user/edit.php | 39 ++++++++++++++++++--------- 11 files changed, 164 insertions(+), 28 deletions(-) create mode 100644 auth/README create mode 100644 auth/email/lib.php create mode 100644 auth/none/lib.php diff --git a/admin/config.html b/admin/config.html index fbeb4a4686..9c49e22c7c 100644 --- a/admin/config.html +++ b/admin/config.html @@ -1,6 +1,22 @@
+ + + + +

auth:

 + auth, "", "", ""); + formerr($err["auth"]); + unset($options); + ?> + + +

lang:

 diff --git a/auth/README b/auth/README new file mode 100644 index 0000000000..a103a55f14 --- /dev/null +++ b/auth/README @@ -0,0 +1,35 @@ +This directory contains authentication modules. + +Each of these modules describes a different way to +check that a user has provided a correct + + - username, and + - password. + +Even when external forms of authentication are being +used, Moodle still maintains the internal "user" table +with all the associated information about that user such +as name, email address and so on. + +The active method is set by the admin on the Configuration page. + + +email - authentication by email (DEFAULT METHOD) + + - user fills out form with email address + - email sent to user with link + - user clicks on link in email to confirm + - user account is created + - user can log in + + +none - no authentication at all .. very insecure!! + + - user logs in using ANY username and password + - if the username doesn't already exist then + a new account is created + - when user tries to access a course they + are forced to set up their account details + + +ldap - Uses an external LDAP server diff --git a/auth/email/lib.php b/auth/email/lib.php new file mode 100644 index 0000000000..f301f0e1ed --- /dev/null +++ b/auth/email/lib.php @@ -0,0 +1,19 @@ +password == md5($password)); +} + + + +?> diff --git a/auth/none/lib.php b/auth/none/lib.php new file mode 100644 index 0000000000..70b84f28ea --- /dev/null +++ b/auth/none/lib.php @@ -0,0 +1,17 @@ +password == md5($password)); +} + + + +?> diff --git a/error/index.php b/error/index.php index a0717d4c47..3b946d2752 100644 --- a/error/index.php +++ b/error/index.php @@ -17,7 +17,7 @@ print_header("$site->fullname:Error", "$site->fullname: Error 404", "", "form.text"); - print_simple_box("An unusual error occurred (tried to reach a page that doesn't exist).

$REQUEST_URI", "center", "", "$THEME->cellheading"); + print_simple_box("An unusual error occurred (tried to reach a page that doesn't exist).

$REDIRECT_URL", "center", "", "$THEME->cellheading"); ?> diff --git a/lang/en/moodle.php b/lang/en/moodle.php index dfafa8468b..816dc36191 100644 --- a/lang/en/moodle.php +++ b/lang/en/moodle.php @@ -45,7 +45,7 @@ $string['choosetheme'] = "Choose theme"; $string['chooseuser'] = "Choose a user"; $string['city'] = "City/town"; $string['comparelanguage'] = "Compare and edit current language"; -$string['configvariables'] = "Configure variables"; +$string['configauth'] = "Choose the authentication module you want to use. The default is 'email' and has the best security. The method 'none' has no checking whatsoever - be careful using it unless you really know what you are doing."; $string['configgdversion'] = "Indicate the version of GD that is installed. The version shown by default is the one that has been auto-detected. Don't change this unless you really know what you're doing."; $string['configerrorlevel'] = "Choose the amount of PHP warnings that you want to be displayed. Normal is usually the best choice."; $string['configintro'] = "On this page you can specify a number of configuration variables that help make Moodle work properly on your server. Don't worry too much about it - the defaults will usually work fine and you can always come back to this page later and change these settings."; @@ -57,6 +57,7 @@ $string['configproxyhost'] = "If this server needs to use a proxy compute $string['configslasharguments'] = "Files (images, uploads etc) are provided via a script using 'slash arguments' (the second option here). This method allows files to be more easily cached in web browsers, proxy servers etc. Unfortunately, some PHP servers don't allow this method, so if you have trouble viewing uploaded files or images (eg user pictures), set this variable to the first option"; $string['configsmtphosts'] = "Give the full name of one or more local SMTP servers that Moodle should use to send mail (eg 'mail.a.com' or 'mail.a.com;mail.b.com'). If you leave it blank, Moodle will use the PHP default method of sending mail."; $string['configunzip'] = "Indicate the location of your unzip program (Unix only). This is needed to unpack zip archives on the server."; +$string['configvariables'] = "Configure variables"; $string['configzip'] = "Indicate the location of your zip program (Unix only). This is needed to create zip archives on the server."; $string['confirmed'] = "Your registration has been confirmed"; $string['courseupdates'] = "Course updates"; diff --git a/lib/defaults.php b/lib/defaults.php index 7c0f3ba7bb..f107ae1ec2 100644 --- a/lib/defaults.php +++ b/lib/defaults.php @@ -7,6 +7,7 @@ "theme" => "standard", "lang" => "en", "locale" => "en", + "auth" => "email", "smtphosts" => "", "gdversion" => 1, "longtimenosee" => 100, diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 495fda5c39..ca5373e819 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -968,8 +968,7 @@ function update_user_in_db() { return false; $timenow = time(); - if ($db->Execute("UPDATE LOW_PRIORITY user SET lastIP='$REMOTE_ADDR', lastaccess='$timenow' - WHERE id = '$USER->id' ")) { + if ($db->Execute("UPDATE user SET lastIP='$REMOTE_ADDR', lastaccess='$timenow' WHERE id = '$USER->id' ")) { return true; } else { return false; @@ -1007,8 +1006,6 @@ function require_login($courseid=0) { } if (!$USER->email) { // User logged in, but has not set up profile! // This can occur with external authentication - $USER->email = "spam"; // To prevent auth loops - save_session("USER"); redirect("$CFG->wwwroot/user/edit.php?id=$USER->id&course=$courseid"); die; } @@ -1204,19 +1201,54 @@ function save_session($VAR) { } -function verify_login($username, $password) { +function create_user_record($username, $password) { +// Creates a bare-bones user record + global $REMOTE_ADDR; - $user = get_user_info_from_db("username", $username); + $newuser->username = $username; + $newuser->password = md5($password); + $newuser->confirmed = 1; + $newuser->lastIP = $REMOTE_ADDR; + $newuser->timemodified = time(); - if (! $user) { - return false; - } else if ( $user->password == md5($password) and ! $user->deleted ) { - return $user; - } else { - return false; + if (insert_record("user", $newuser)) { + return get_user_info_from_db("username", $username); + } + return false; +} + +function authenticate_user_login($username, $password) { +// Given a username and password, this function looks them +// up using the currently selected authentication mechanism, +// and if the authentication is successful, it returns a +// valid $user object from the 'user' table. +// +// Uses auth_ functions from the currently active auth module + + global $CFG; + + if (!isset($CFG->auth)) { + $CFG->auth = "email"; // Default authentication module } + + require("$CFG->dirroot/auth/$CFG->auth/lib.php"); + + if (auth_user_login($username, $password)) { // Successful authentication + + if ($user = get_user_info_from_db("username", $username)) { + if (md5($password) <> $user->password) { + set_field("user", "password", md5($password), "username", $username); + } + return $user; + + } else { + return create_user_record($username, $password); + } + } + return false; } + function get_site () { // Returns $course object of the top-level site. if ( $course = get_record("course", "category", 0)) { diff --git a/login/change_password.php b/login/change_password.php index 7f36266e6f..95703f716d 100644 --- a/login/change_password.php +++ b/login/change_password.php @@ -76,7 +76,7 @@ function validate_form($frm, &$err) { else if (empty($frm->password)) $err->password = get_string("missingpassword"); - else if (!verify_login($frm->username, $frm->password)) + else if (!authenticate_user_login($frm->username, $frm->password)) $err->password = get_string("wrongpassword"); if (empty($frm->newpassword1)) diff --git a/login/index.php b/login/index.php index 348882116a..2a4438b8d4 100644 --- a/login/index.php +++ b/login/index.php @@ -22,7 +22,7 @@ if (match_referer() && isset($HTTP_POST_VARS)) { // form submitted $frm = (object)$HTTP_POST_VARS; - $user = verify_login($frm->username, $frm->password); + $user = authenticate_user_login($frm->username, $frm->password); update_login_count(); diff --git a/user/edit.php b/user/edit.php index eb1527f3f9..02d981d54b 100644 --- a/user/edit.php +++ b/user/edit.php @@ -15,7 +15,17 @@ error("Course ID was incorrect"); } - require_login($course->id); + if ($user->confirmed and !$user->email) { + // Special case which can only occur when a new account + // has just been created by EXTERNAL authentication + // This is the only page in Moodle that has the exception + // so that users can set up their accounts + $newaccount = true; + + } else { + $newaccount = false; + require_login($course->id); + } if ($USER->id <> $user->id and !isadmin()) { error("You can only edit your own information"); @@ -148,28 +158,33 @@ /// Otherwise fill and print the form. - $editmyprofile = get_string("editmyprofile"); - $participants = get_string("participants"); + $streditmyprofile = get_string("editmyprofile"); + $strparticipants = get_string("participants"); + $strnewuser = get_string("newuser"); - if ($user->firstname and $user->lastname) { - $userfullname = "$user->firstname $user->lastname"; + if (($user->firstname and $user->lastname) or $newaccount) { + if ($newaccount) { + $userfullname = $strnewuser; + } else { + $userfullname = "$user->firstname $user->lastname"; + } if ($course->category) { - print_header("$course->fullname: $editmyprofile", "$course->fullname: $editmyprofile", + print_header("$course->fullname: $streditmyprofile", "$course->fullname: $streditmyprofile", "wwwroot/course/view.php?id=$course->id\">$course->shortname - -> id\">$participants + -> id\">$strparticipants -> id&course=$course->id\">$userfullname - -> $editmyprofile", ""); + -> $streditmyprofile", ""); } else { - print_header("$course->fullname: $editmyprofile", "$course->fullname", + print_header("$course->fullname: $streditmyprofile", "$course->fullname", "id&course=$course->id\">$userfullname - -> $editmyprofile", ""); + -> $streditmyprofile", ""); } } else { - $userfullname = get_string("newuser"); + $userfullname = $strnewuser; $straddnewuser = get_string("addnewuser"); $stradministration = get_string("administration"); - print_header("$course->fullname: $editmyprofile", "$course->fullname", + print_header("$course->fullname: $streditmyprofile", "$course->fullname", "wwwroot/admin\">$stradministration -> $straddnewuser", ""); } -- 2.39.5