/**
* Called when the login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* @param object $form The Pieform form object
* @param array $values The submitted values
* @access private
*/
function login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = trim($values['login_username']);
$password = $values['login_password'];
$authenticated = false;
try {
$authenticated = $USER->login($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// If the user doesn't exist, check for institutions that
// want to create users automatically.
try {
// Reset the LiveUser object, since we are attempting to create a
// new user
$SESSION->destroy_session();
$USER = new LiveUser();
$authinstances = get_records_sql_array("\n SELECT a.id, a.instancename, a.priority, a.authname, a.institution, i.suspended, i.displayname\n FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name\n WHERE a.authname != 'internal'\n ORDER BY a.institution, a.priority, a.instancename", null);
if ($authinstances == false) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
$USER->username = $username;
reset($authinstances);
while ((list(, $authinstance) = each($authinstances)) && false == $authenticated) {
$auth = AuthFactory::create($authinstance->id);
if (!$auth->can_auto_create_users()) {
continue;
}
// catch semi-fatal auth errors, but allow next auth instance to be
// tried
try {
if ($auth->authenticate_user_account($USER, $password)) {
$authenticated = true;
} else {
continue;
}
} catch (AuthInstanceException $e) {
continue;
}
// Check now to see if the institution has its maximum quota of users
require_once 'institution.php';
$institution = new Institution($authinstance->institution);
if ($institution->isFull()) {
$institution->send_admin_institution_is_full_message();
throw new AuthUnknownUserException('Institution has too many users');
}
$USER->authinstance = $authinstance->id;
$userdata = $auth->get_user_info($username);
if (empty($userdata)) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
// Check for a suspended institution
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
}
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = sanitize_firstname($userdata->firstname);
}
if (isset($userdata->lastname)) {
$USER->lastname = sanitize_firstname($userdata->lastname);
}
if (isset($userdata->email)) {
$USER->email = sanitize_email($userdata->email);
} else {
// The user will be asked to populate this when they log in.
$USER->email = null;
}
$profilefields = array();
foreach (array('studentid', 'preferredname') as $pf) {
if (isset($userdata->{$pf})) {
$sanitize = 'sanitize_' . $pf;
if (($USER->{$pf} = $sanitize($userdata->{$pf})) !== '') {
$profilefields[$pf] = $USER->{$pf};
}
}
}
try {
// If this authinstance is a parent auth for some xmlrpc authinstance, pass it along to create_user
// so that this username also gets recorded as the username for sso from the remote sites.
$remoteauth = $auth->is_parent_authority();
create_user($USER, $profilefields, $institution, $remoteauth);
$USER->reanimate($USER->id, $authinstance->id);
} catch (Exception $e) {
db_rollback();
throw $e;
}
}
if (!$authenticated) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// We weren't able to authenticate the user for some reason that
// probably isn't their fault (e.g. ldap extension not available
// when using ldap authentication)
log_info($e->getMessage());
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
}
auth_check_admin_section();
// This is also checked in $USER->login(), but it's good to check it again here in case a buggy auth plugin
// lets a suspended user through somehow.
ensure_user_account_is_active();
// User is allowed to log in
//$USER->login($userdata);
auth_check_required_fields();
}
/**
* Called when the login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* @param object $form The Pieform form object
* @param array $values The submitted values
* @access private
*/
function login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = $values['login_username'];
$password = $values['login_password'];
$authenticated = false;
$oldlastlogin = 0;
try {
$authenticated = $USER->login($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// If the user doesn't exist, check for institutions that
// want to create users automatically.
try {
// Reset the LiveUser object, since we are attempting to create a
// new user
$SESSION->destroy_session();
$USER = new LiveUser();
$authinstances = get_records_sql_array('
SELECT a.id, a.instancename, a.priority, a.authname, a.institution, i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
ORDER BY a.institution, a.priority, a.instancename', null);
if ($authinstances == false) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
$USER->username = $username;
reset($authinstances);
while ((list(, $authinstance) = each($authinstances)) && false == $authenticated) {
$auth = AuthFactory::create($authinstance->id);
if (!$auth->can_auto_create_users()) {
continue;
}
if ($auth->authenticate_user_account($USER, $password)) {
$authenticated = true;
} else {
continue;
}
// Check now to see if the institution has its maximum quota of users
require_once 'institution.php';
$institution = new Institution($authinstance->institution);
if ($institution->isFull()) {
throw new AuthUnknownUserException('Institution has too many users');
}
$USER->authinstance = $authinstance->id;
$userdata = $auth->get_user_info($username);
if (empty($userdata)) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
// Check for a suspended institution
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
}
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = $userdata->firstname;
}
if (isset($userdata->lastname)) {
$USER->lastname = $userdata->lastname;
}
if (isset($userdata->email)) {
$USER->email = $userdata->email;
} else {
// The user will be asked to populate this when they log in.
$USER->email = null;
}
try {
create_user($USER, array(), $institution);
$USER->reanimate($USER->id, $authinstance->id);
} catch (Exception $e) {
db_rollback();
throw $e;
}
}
if (!$authenticated) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// We weren't able to authenticate the user for some reason that
// probably isn't their fault (e.g. ldap extension not available
// when using ldap authentication)
log_info($e->getMessage());
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
}
// Only admins in the admin section!
if (!$USER->get('admin') && (defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
// Check if the user's account has been deleted
if ($USER->deleted) {
$USER->logout();
die_info(get_string('accountdeleted'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
$USER->logout();
die_info(get_string('accountexpired'));
}
// Check if the user's account has become inactive
$inactivetime = get_config('defaultaccountinactiveexpire');
if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) {
$USER->logout();
die_info(get_string('accountinactive'));
}
// Check if the user's account has been suspended
if ($USER->suspendedcusr) {
$suspendedctime = $USER->suspendedctime;
$suspendedreason = $USER->suspendedreason;
$USER->logout();
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// User is allowed to log in
//$USER->login($userdata);
auth_check_password_change();
auth_check_required_fields();
}
/**
* Called when the auth_saml_login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* Copied and modified from core login_submit
*
* @param object $form The Pieform form object
* @param array $values The submitted values
*/
function auth_saml_login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = trim($values['login_username']);
$password = $values['login_password'];
$authenticated = false;
$oldlastlogin = 0;
try {
$authenticated = login_test_all_user_authinstance($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
redirect('/auth/saml/index.php');
}
} catch (AuthUnknownUserException $e) {
$SESSION->add_error_msg(get_string('loginfailed'));
redirect('/auth/saml/index.php');
}
auth_check_admin_section();
// Check if the user's account has been deleted
if ($USER->deleted) {
$USER->logout();
die_info(get_string('accountdeleted'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
$USER->logout();
die_info(get_string('accountexpired'));
}
// Check if the user's account has become inactive
$inactivetime = get_config('defaultaccountinactiveexpire');
if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) {
$USER->logout();
die_info(get_string('accountinactive'));
}
// Check if the user's account has been suspended
if ($USER->suspendedcusr) {
$suspendedctime = strftime(get_string('strftimedaydate'), $USER->suspendedctime);
$suspendedreason = $USER->suspendedreason;
$USER->logout();
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// User is allowed to log in
auth_check_required_fields();
// all happy - carry on now
redirect('/auth/saml/index.php');
}
/**
* Called when the login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* @param object $form The Pieform form object
* @param array $values The submitted values
* @access private
*/
function login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = $values['login_username'];
$password = $values['login_password'];
$authenticated = false;
$oldlastlogin = 0;
try {
$authenticated = $USER->login($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// If the user doesn't exist, check for institutions that
// want to create users automatically.
try {
// Reset the LiveUser object, since we are attempting to create a
// new user
$SESSION->destroy_session();
$USER = new LiveUser();
$authinstances = get_records_sql_array('
SELECT a.id, a.instancename, a.priority, a.authname, a.institution, i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
ORDER BY a.institution, a.priority, a.instancename', null);
if ($authinstances == false) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
$USER->username = $username;
reset($authinstances);
while ((list(, $authinstance) = each($authinstances)) && false == $authenticated) {
$auth = AuthFactory::create($authinstance->id);
if (!$auth->can_auto_create_users()) {
continue;
}
// catch semi-fatal auth errors, but allow next auth instance to be
// tried
try {
if ($auth->authenticate_user_account($USER, $password)) {
$authenticated = true;
} else {
continue;
}
} catch (AuthInstanceException $e) {
continue;
}
// Check now to see if the institution has its maximum quota of users
require_once 'institution.php';
$institution = new Institution($authinstance->institution);
if ($institution->isFull()) {
throw new AuthUnknownUserException('Institution has too many users');
}
$USER->authinstance = $authinstance->id;
$userdata = $auth->get_user_info($username);
if (empty($userdata)) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
// Check for a suspended institution
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
}
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = $userdata->firstname;
}
if (isset($userdata->lastname)) {
$USER->lastname = $userdata->lastname;
}
if (isset($userdata->email)) {
$USER->email = $userdata->email;
} else {
// The user will be asked to populate this when they log in.
$USER->email = null;
}
try {
// If this authinstance is a parent auth for some xmlrpc authinstance, pass it along to create_user
// so that this username also gets recorded as the username for sso from the remote sites.
$remoteauth = count_records('auth_instance_config', 'field', 'parent', 'value', $authinstance->id) ? $authinstance : null;
create_user($USER, array(), $institution, $remoteauth);
$USER->reanimate($USER->id, $authinstance->id);
} catch (Exception $e) {
db_rollback();
throw $e;
}
}
if (!$authenticated) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// We weren't able to authenticate the user for some reason that
// probably isn't their fault (e.g. ldap extension not available
// when using ldap authentication)
log_info($e->getMessage());
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
}
// Only admins in the admin section!
if (!$USER->get('admin') && (defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
// Check if the user's account has been deleted
if ($USER->deleted) {
$USER->logout();
die_info(get_string('accountdeleted'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
$USER->logout();
die_info(get_string('accountexpired'));
}
// Check if the user's account has become inactive
$inactivetime = get_config('defaultaccountinactiveexpire');
if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) {
$USER->logout();
die_info(get_string('accountinactive'));
}
// Check if the user's account has been suspended
if ($USER->suspendedcusr) {
$suspendedctime = strftime(get_string('strftimedaydate'), $USER->suspendedctime);
$suspendedreason = $USER->suspendedreason;
$USER->logout();
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// User is allowed to log in
//$USER->login($userdata);
auth_check_required_fields();
if (get_config('httpswwwroot') && !defined('JSON')) {
// If we are using HTTPS for logins we need to go back to
// non-HTTPS URLs. Otherwise, Javascript (and possibly CSS)
// breaks. Don't use get_full_script_path(), as it doesn't
// work if someone sets httpswwwroot to something like
// 'https://x.y.z.w:443/...' (unlikely, but
// possible). get_full_script_path() doesn't gives us the
// ':443' part and things break horribly.
$parts = parse_url(get_config('httpswwwroot'));
$httpsrequest = rtrim($parts['path'], '/');
redirect(hsc(substr(get_script_path(), strlen($httpsrequest))));
}
}
