function validation($usernew, $files)
 {
     global $CFG, $DB;
     $errors = parent::validation($usernew, $files);
     $usernew = (object) $usernew;
     $user = $DB->get_record('user', array('id' => $usernew->id));
     // validate email
     if (!isset($usernew->email)) {
         // mail not confirmed yet
     } else {
         if (!validate_email($usernew->email)) {
             $errors['email'] = get_string('invalidemail');
         } else {
             if ($usernew->email !== $user->email and $DB->record_exists('user', array('email' => $usernew->email, 'mnethostid' => $CFG->mnet_localhost_id))) {
                 $errors['email'] = get_string('emailexists');
             }
         }
     }
     if (isset($usernew->email) and $usernew->email === $user->email and over_bounce_threshold($user)) {
         $errors['email'] = get_string('toomanybounces');
     }
     if (isset($usernew->email) and !empty($CFG->verifychangedemail) and !isset($errors['email']) and !has_capability('moodle/user:update', get_context_instance(CONTEXT_SYSTEM))) {
         $errorstr = email_is_not_allowed($usernew->email);
         if ($errorstr !== false) {
             $errors['email'] = $errorstr;
         }
     }
     /// Next the customisable profile fields
     $errors += profile_validation($usernew, $files);
     return $errors;
 }
Beispiel #2
0
     $user = get_complete_user_data('idnumber', $idnumber);
 } else {
     // create new user
     //code based on moodlelib.create_user_record($username, $password, 'manual')
     $auth = 'wp2moodle';
     // so they log in - and out - with this plugin
     $authplugin = get_auth_plugin($auth);
     $newuser = new stdClass();
     if ($newinfo = $authplugin->get_userinfo($username)) {
         $newinfo = truncate_user($newinfo);
         foreach ($newinfo as $key => $value) {
             $newuser->{$key} = $value;
         }
     }
     if (!empty($newuser->email)) {
         if (email_is_not_allowed($newuser->email)) {
             unset($newuser->email);
         }
     }
     if (!isset($newuser->city)) {
         $newuser->city = '';
     }
     $newuser->auth = $auth;
     $newuser->policyagreed = 1;
     $newuser->idnumber = $idnumber;
     $newuser->username = $username;
     $newuser->password = md5($hashedpassword);
     // manual auth checks password validity, so we need to set a valid password
     // $DB->set_field('user', 'password',  $hashedpassword, array('id'=>$user->id));
     $newuser->firstname = $firstname;
     $newuser->lastname = $lastname;
Beispiel #3
0
/**
 * Creates a bare-bones user record
 *
 * @uses $CFG
 * @param string $username New user's username to add to record
 * @param string $password New user's password to add to record
 * @param string $auth Form of authentication required
 * @return object A {@link $USER} object
 * @todo Outline auth types and provide code example
 */
function create_user_record($username, $password, $auth = 'manual')
{
    global $CFG;
    //just in case check text case
    $username = trim(moodle_strtolower($username));
    $authplugin = get_auth_plugin($auth);
    if ($newinfo = $authplugin->get_userinfo($username)) {
        $newinfo = truncate_userinfo($newinfo);
        foreach ($newinfo as $key => $value) {
            $newuser->{$key} = addslashes($value);
        }
    }
    if (!empty($newuser->email)) {
        if (email_is_not_allowed($newuser->email)) {
            unset($newuser->email);
        }
    }
    if (!isset($newuser->city)) {
        $newuser->city = '';
    }
    $newuser->auth = $auth;
    $newuser->username = $username;
    // fix for MDL-8480
    // user CFG lang for user if $newuser->lang is empty
    // or $user->lang is not an installed language
    $sitelangs = array_keys(get_list_of_languages());
    if (empty($newuser->lang) || !in_array($newuser->lang, $sitelangs)) {
        $newuser->lang = $CFG->lang;
    }
    $newuser->confirmed = 1;
    $newuser->lastip = getremoteaddr();
    $newuser->timemodified = time();
    $newuser->mnethostid = $CFG->mnet_localhost_id;
    if (insert_record('user', $newuser)) {
        $user = get_complete_user_data('username', $newuser->username);
        if (!empty($CFG->{'auth_' . $newuser->auth . '_forcechangepassword'})) {
            set_user_preference('auth_forcepasswordchange', 1, $user->id);
        }
        update_internal_user_password($user, $password);
        return $user;
    }
    return false;
}
Beispiel #4
0
 /**
  * Create a Moodle user from Azure AD user data.
  *
  * @param array $aaddata Array of Azure AD user data.
  * @return \stdClass An object representing the created Moodle user.
  */
 public function create_user_from_aaddata($aaddata)
 {
     global $CFG;
     require_once $CFG->dirroot . '/user/profile/lib.php';
     require_once $CFG->dirroot . '/user/lib.php';
     $newuser = (object) ['auth' => 'oidc', 'username' => trim(\core_text::strtolower($aaddata['userPrincipalName'])), 'email' => isset($aaddata['mail']) ? $aaddata['mail'] : '', 'firstname' => isset($aaddata['givenName']) ? $aaddata['givenName'] : '', 'lastname' => isset($aaddata['surname']) ? $aaddata['surname'] : '', 'city' => isset($aaddata['city']) ? $aaddata['city'] : '', 'country' => isset($aaddata['country']) ? $aaddata['country'] : '', 'department' => isset($aaddata['department']) ? $aaddata['department'] : '', 'lang' => isset($aaddata['preferredLanguage']) ? substr($aaddata['preferredLanguage'], 0, 2) : 'en', 'confirmed' => 1, 'timecreated' => time(), 'mnethostid' => $CFG->mnet_localhost_id];
     $password = null;
     $newuser->idnumber = $newuser->username;
     if (!empty($newuser->email)) {
         if (email_is_not_allowed($newuser->email)) {
             unset($newuser->email);
         }
     }
     if (empty($newuser->lang) || !get_string_manager()->translation_exists($newuser->lang)) {
         $newuser->lang = $CFG->lang;
     }
     $newuser->timemodified = $newuser->timecreated;
     $newuser->id = user_create_user($newuser, false, false);
     // Save user profile data.
     profile_save_data($newuser);
     $user = get_complete_user_data('id', $newuser->id);
     if (!empty($CFG->{'auth_' . $newuser->auth . '_forcechangepassword'})) {
         set_user_preference('auth_forcepasswordchange', 1, $user);
     }
     // Set the password.
     update_internal_user_password($user, $password);
     // Trigger event.
     \core\event\user_created::create_from_userid($newuser->id)->trigger();
     return $user;
 }
Beispiel #5
0
 /**
  * Authentication hook - is called every time user hit the login page
  * The code is run only if the param code is mentionned.
  */
 public function loginpage_hook()
 {
     global $USER, $SESSION, $CFG, $DB;
     // Check the Google authorization code.
     $authorizationcode = optional_param('code', '', PARAM_TEXT);
     if (!empty($authorizationcode)) {
         $authprovider = required_param('authprovider', PARAM_ALPHANUMEXT);
         require_once $CFG->dirroot . '/auth/googleoauth2/classes/provider/' . $authprovider . '.php';
         $providerclassname = 'provideroauth2' . $authprovider;
         $provider = new $providerclassname();
         // Try to get an access token (using the authorization code grant).
         $token = $provider->getAccessToken('authorization_code', ['code' => $authorizationcode]);
         $accesstoken = $token->accessToken;
         $refreshtoken = $token->refreshToken;
         $tokenexpires = $token->expires;
         // With access token request by curl the email address.
         if (!empty($accesstoken)) {
             try {
                 // We got an access token, let's now get the user's details.
                 $userdetails = $provider->getUserDetails($token);
                 // Use these details to create a new profile.
                 switch ($authprovider) {
                     case 'battlenet':
                         // Battlenet as no email notion.
                         // TODO: need to check the idp table for matching user and request user to add his email.
                         // TODO: It will be similar logic for twitter.
                         $useremail = $userdetails->id . '@fakebattle.net';
                         break;
                     case 'github':
                         $useremails = $provider->getUserEmails($token);
                         // Going to try to find someone with a similar email using googleoauth2 auth.
                         $fallbackuseremail = '';
                         foreach ($useremails as $githubuseremail) {
                             if ($githubuseremail->verified) {
                                 if ($DB->record_exists('user', array('auth' => 'googleoauth2', 'email' => $githubuseremail->email))) {
                                     $useremail = $githubuseremail->email;
                                 }
                                 $fallbackuseremail = $githubuseremail->email;
                             }
                         }
                         // If we didn't find anyone then we take a verified email address.
                         if (empty($useremail)) {
                             $useremail = $fallbackuseremail;
                         }
                         break;
                     case 'vk':
                         // VK doesn't return the email address?
                         if ($userdetails->uid) {
                             $useremail = 'id' . $userdetails->uid . '@vkmessenger.com';
                         }
                         break;
                     default:
                         $useremail = $userdetails->email;
                         break;
                 }
                 $verified = 1;
             } catch (Exception $e) {
                 // Failed to get user details.
                 throw new moodle_exception('faileduserdetails', 'auth_googleoauth2');
             }
             // Throw an error if the email address is not verified.
             if (!$verified) {
                 throw new moodle_exception('emailaddressmustbeverified', 'auth_googleoauth2');
             }
             // Prohibit login if email belongs to the prohibited domain.
             if ($err = email_is_not_allowed($useremail)) {
                 throw new moodle_exception($err, 'auth_googleoauth2');
             }
             // If email not existing in user database then create a new username (userX).
             if (empty($useremail) or $useremail != clean_param($useremail, PARAM_EMAIL)) {
                 throw new moodle_exception('couldnotgetuseremail', 'auth_googleoauth2');
                 // TODO: display a link for people to retry.
             }
             // Get the user.
             // Don't bother with auth = googleoauth2 because authenticate_user_login() will fail it if it's not 'googleoauth2'.
             $user = $DB->get_record('user', array('email' => $useremail, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id));
             // Create the user if it doesn't exist.
             if (empty($user)) {
                 // Deny login if setting "Prevent account creation when authenticating" is on.
                 if ($CFG->authpreventaccountcreation) {
                     throw new moodle_exception("noaccountyet", "auth_googleoauth2");
                 }
                 // Get following incremented username.
                 $googleuserprefix = core_text::strtolower(get_config('auth/googleoauth2', 'googleuserprefix'));
                 $lastusernumber = get_config('auth/googleoauth2', 'lastusernumber');
                 $lastusernumber = empty($lastusernumber) ? 1 : $lastusernumber + 1;
                 // Check the user doesn't exist.
                 $nextuser = $DB->record_exists('user', array('username' => $googleuserprefix . $lastusernumber));
                 while ($nextuser) {
                     $lastusernumber++;
                     $nextuser = $DB->record_exists('user', array('username' => $googleuserprefix . $lastusernumber));
                 }
                 set_config('lastusernumber', $lastusernumber, 'auth/googleoauth2');
                 $username = $googleuserprefix . $lastusernumber;
                 // Retrieve more information from the provider.
                 $newuser = new stdClass();
                 $newuser->email = $useremail;
                 switch ($authprovider) {
                     case 'battlenet':
                         // Battlenet as no firstname/lastname notion.
                         $newuser->firstname = $userdetails->display_name;
                         $newuser->lastname = '[' . $userdetails->clan_tag . ']';
                         break;
                     case 'github':
                     case 'dropbox':
                         // As Github/Dropbox doesn't provide firstname/lastname, we'll split the name at the first whitespace.
                         $githubusername = explode(' ', $userdetails->name, 2);
                         $newuser->firstname = $githubusername[0];
                         $newuser->lastname = $githubusername[1];
                         break;
                     default:
                         $newuser->firstname = $userdetails->firstName;
                         $newuser->lastname = $userdetails->lastName;
                         break;
                 }
                 // Some providers allow empty firstname and lastname.
                 if (empty($newuser->firstname)) {
                     $newuser->firstname = get_string('unknownfirstname', 'auth_googleoauth2');
                 }
                 if (empty($newuser->lastname)) {
                     $newuser->lastname = get_string('unknownlastname', 'auth_googleoauth2');
                 }
                 // Retrieve country and city if the provider failed to give it.
                 if (!isset($newuser->country) or !isset($newuser->city)) {
                     $googleipinfodbkey = get_config('auth/googleoauth2', 'googleipinfodbkey');
                     if (!empty($googleipinfodbkey)) {
                         require_once $CFG->libdir . '/filelib.php';
                         $curl = new curl();
                         $locationdata = $curl->get('http://api.ipinfodb.com/v3/ip-city/?key=' . $googleipinfodbkey . '&ip=' . getremoteaddr() . '&format=json');
                         $locationdata = json_decode($locationdata);
                     }
                     if (!empty($locationdata)) {
                         // TODO: check that countryCode does match the Moodle country code.
                         $newuser->country = isset($newuser->country) ? isset($newuser->country) : $locationdata->countryCode;
                         $newuser->city = isset($newuser->city) ? isset($newuser->city) : $locationdata->cityName;
                     }
                 }
                 create_user_record($username, '', 'googleoauth2');
             } else {
                 $username = $user->username;
             }
             // Authenticate the user.
             // TODO: delete this log later.
             require_once $CFG->dirroot . '/auth/googleoauth2/lib.php';
             $userid = empty($user) ? 'new user' : $user->id;
             oauth_add_to_log(SITEID, 'auth_googleoauth2', '', '', $username . '/' . $useremail . '/' . $userid);
             $user = authenticate_user_login($username, null);
             if ($user) {
                 // Set a cookie to remember what auth provider was selected.
                 setcookie('MOODLEGOOGLEOAUTH2_' . $CFG->sessioncookie, $authprovider, time() + DAYSECS * 60, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
                 // Prefill more user information if new user.
                 if (!empty($newuser)) {
                     $newuser->id = $user->id;
                     $DB->update_record('user', $newuser);
                     $user = (object) array_merge((array) $user, (array) $newuser);
                 }
                 complete_user_login($user);
                 // Let's save/update the access token for this user.
                 $cansaveaccesstoken = get_config('auth/googleoauth2', 'saveaccesstoken');
                 if (!empty($cansaveaccesstoken)) {
                     $existingaccesstoken = $DB->get_record('auth_googleoauth2_user_idps', array('userid' => $user->id, 'provider' => $authprovider));
                     if (empty($existingaccesstoken)) {
                         $accesstokenrow = new stdClass();
                         $accesstokenrow->userid = $user->id;
                         switch ($authprovider) {
                             case 'battlenet':
                                 $accesstokenrow->provideruserid = $userdetails->id;
                                 break;
                             default:
                                 $accesstokenrow->provideruserid = $userdetails->uid;
                                 break;
                         }
                         $accesstokenrow->provider = $authprovider;
                         $accesstokenrow->accesstoken = $accesstoken;
                         $accesstokenrow->refreshtoken = $refreshtoken;
                         $accesstokenrow->expires = $tokenexpires;
                         $DB->insert_record('auth_googleoauth2_user_idps', $accesstokenrow);
                     } else {
                         $existingaccesstoken->accesstoken = $accesstoken;
                         $DB->update_record('auth_googleoauth2_user_idps', $existingaccesstoken);
                     }
                 }
                 // Check if the user picture is the default and retrieve the provider picture.
                 if (empty($user->picture)) {
                     switch ($authprovider) {
                         case 'battlenet':
                             require_once $CFG->libdir . '/filelib.php';
                             require_once $CFG->libdir . '/gdlib.php';
                             $imagefilename = $CFG->tempdir . '/googleoauth2-portrait-' . $user->id;
                             $imagecontents = download_file_content($userdetails->portrait_url);
                             file_put_contents($imagefilename, $imagecontents);
                             if ($newrev = process_new_icon(context_user::instance($user->id), 'user', 'icon', 0, $imagefilename)) {
                                 $DB->set_field('user', 'picture', $newrev, array('id' => $user->id));
                             }
                             unlink($imagefilename);
                             break;
                         default:
                             // TODO retrieve other provider profile pictures.
                             break;
                     }
                 }
                 // Create event for authenticated user.
                 $event = \auth_googleoauth2\event\user_loggedin::create(array('context' => context_system::instance(), 'objectid' => $user->id, 'relateduserid' => $user->id, 'other' => array('accesstoken' => $accesstoken)));
                 $event->trigger();
                 // Redirection.
                 if (user_not_fully_set_up($USER)) {
                     $urltogo = $CFG->wwwroot . '/user/edit.php';
                     // We don't delete $SESSION->wantsurl yet, so we get there later.
                 } else {
                     if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
                         $urltogo = $SESSION->wantsurl;
                         // Because it's an address in this site.
                         unset($SESSION->wantsurl);
                     } else {
                         // No wantsurl stored or external - go to homepage.
                         $urltogo = $CFG->wwwroot . '/';
                         unset($SESSION->wantsurl);
                     }
                 }
                 $loginrecord = array('userid' => $USER->id, 'time' => time(), 'auth' => 'googleoauth2', 'subtype' => $authprovider);
                 $DB->insert_record('auth_googleoauth2_logins', $loginrecord);
                 redirect($urltogo);
             } else {
                 // Authenticate_user_login() failure, probably email registered by another auth plugin.
                 // Do a check to confirm this hypothesis.
                 $userexist = $DB->get_record('user', array('email' => $useremail));
                 if (!empty($userexist) and $userexist->auth != 'googleoauth2') {
                     $a = new stdClass();
                     $a->loginpage = (string) new moodle_url(empty($CFG->alternateloginurl) ? '/login/index.php' : $CFG->alternateloginurl);
                     $a->forgotpass = (string) new moodle_url('/login/forgot_password.php');
                     throw new moodle_exception('couldnotauthenticateuserlogin', 'auth_googleoauth2', '', $a);
                 } else {
                     throw new moodle_exception('couldnotauthenticate', 'auth_googleoauth2');
                 }
             }
         } else {
             throw new moodle_exception('couldnotgetgoogleaccesstoken', 'auth_googleoauth2');
         }
     } else {
         // If you are having issue with the display buttons option, add the button code directly in the theme login page.
         if (get_config('auth/googleoauth2', 'oauth2displaybuttons') and empty($_POST['username']) and empty($_POST['password'])) {
             // Display the button on the login page.
             require_once $CFG->dirroot . '/auth/googleoauth2/lib.php';
             // Insert the html code below the login field.
             // Code/Solution from Elcentra plugin: https://moodle.org/plugins/view/auth_elcentra.
             global $PAGE, $CFG;
             $PAGE->requires->jquery();
             $content = str_replace(array("\n", "\r"), array("\\\n", "\\\r"), auth_googleoauth2_display_buttons(false));
             $PAGE->requires->css('/auth/googleoauth2/style.css');
             $PAGE->requires->js_init_code("buttonsCodeOauth2 = '{$content}';");
             $PAGE->requires->js(new moodle_url($CFG->wwwroot . "/auth/googleoauth2/script.js"));
         }
     }
 }
Beispiel #6
0
/**
 * Creates a bare-bones user record
 *
 * @todo Outline auth types and provide code example
 *
 * @param string $username New user's username to add to record
 * @param string $password New user's password to add to record
 * @param string $auth Form of authentication required
 * @return stdClass A complete user object
 */
function create_user_record($username, $password, $auth = 'manual')
{
    global $CFG, $DB;
    //just in case check text case
    $username = trim(moodle_strtolower($username));
    $authplugin = get_auth_plugin($auth);
    $newuser = new stdClass();
    if ($newinfo = $authplugin->get_userinfo($username)) {
        $newinfo = truncate_userinfo($newinfo);
        foreach ($newinfo as $key => $value) {
            $newuser->{$key} = $value;
        }
    }
    if (!empty($newuser->email)) {
        if (email_is_not_allowed($newuser->email)) {
            unset($newuser->email);
        }
    }
    if (!isset($newuser->city)) {
        $newuser->city = '';
    }
    $newuser->auth = $auth;
    $newuser->username = $username;
    // fix for MDL-8480
    // user CFG lang for user if $newuser->lang is empty
    // or $user->lang is not an installed language
    if (empty($newuser->lang) || !get_string_manager()->translation_exists($newuser->lang)) {
        $newuser->lang = $CFG->lang;
    }
    $newuser->confirmed = 1;
    $newuser->lastip = getremoteaddr();
    $newuser->timemodified = time();
    $newuser->mnethostid = $CFG->mnet_localhost_id;
    $newuser->id = $DB->insert_record('user', $newuser);
    $user = get_complete_user_data('id', $newuser->id);
    if (!empty($CFG->{'auth_' . $newuser->auth . '_forcechangepassword'})) {
        set_user_preference('auth_forcepasswordchange', 1, $user);
    }
    update_internal_user_password($user, $password);
    // fetch full user record for the event, the complete user data contains too much info
    // and we want to be consistent with other places that trigger this event
    events_trigger('user_created', $DB->get_record('user', array('id' => $user->id)));
    return $user;
}
Beispiel #7
0
 /**
  * Create a Moodle user from Azure AD user data.
  *
  * @param array $aaddata Array of Azure AD user data.
  * @return \stdClass An object representing the created Moodle user.
  */
 public function create_user_from_aaddata($aaddata)
 {
     global $CFG;
     require_once $CFG->dirroot . '/user/profile/lib.php';
     require_once $CFG->dirroot . '/user/lib.php';
     $creationallowed = $this->check_usercreationrestriction($aaddata);
     if ($creationallowed !== true) {
         mtrace('Cannot create user because they do not meet the configured user creation restrictions.');
         return false;
     }
     // Locate country code.
     if (isset($aaddata['country'])) {
         $countries = get_string_manager()->get_list_of_countries();
         foreach ($countries as $code => $name) {
             if ($aaddata['country'] == $name) {
                 $aaddata['country'] = $code;
             }
         }
         if (strlen($aaddata['country']) > 2) {
             // Limit string to 2 chars to prevent sql error.
             $aaddata['country'] = substr($aaddata['country'], 0, 2);
         }
     }
     $newuser = (object) ['auth' => 'oidc', 'username' => trim(\core_text::strtolower($aaddata['userPrincipalName'])), 'lang' => 'en', 'confirmed' => 1, 'timecreated' => time(), 'mnethostid' => $CFG->mnet_localhost_id];
     $newuser = static::apply_configured_fieldmap($aaddata, $newuser, 'create');
     $password = null;
     $newuser->idnumber = $newuser->username;
     if (!empty($newuser->email)) {
         if (email_is_not_allowed($newuser->email)) {
             unset($newuser->email);
         }
     }
     if (empty($newuser->lang) || !get_string_manager()->translation_exists($newuser->lang)) {
         $newuser->lang = $CFG->lang;
     }
     $newuser->timemodified = $newuser->timecreated;
     $newuser->id = user_create_user($newuser, false, false);
     // Save user profile data.
     profile_save_data($newuser);
     $user = get_complete_user_data('id', $newuser->id);
     if (!empty($CFG->{'auth_' . $newuser->auth . '_forcechangepassword'})) {
         set_user_preference('auth_forcepasswordchange', 1, $user);
     }
     // Set the password.
     update_internal_user_password($user, $password);
     // Trigger event.
     \core\event\user_created::create_from_userid($newuser->id)->trigger();
     return $user;
 }
 /**
  * Authentication hook - is called every time user hit the login page
  * The code is run only if the param code is mentionned.
  */
 function loginpage_hook()
 {
     global $USER, $SESSION, $CFG, $DB;
     //check the Google authorization code
     $authorizationcode = optional_param('code', '', PARAM_TEXT);
     if (!empty($authorizationcode)) {
         $authprovider = required_param('authprovider', PARAM_ALPHANUMEXT);
         //set the params specific to the authentication provider
         $params = array();
         switch ($authprovider) {
             case 'google':
                 $params['client_id'] = get_config('auth/googleoauth2', 'googleclientid');
                 $params['client_secret'] = get_config('auth/googleoauth2', 'googleclientsecret');
                 $requestaccesstokenurl = 'https://accounts.google.com/o/oauth2/token';
                 $params['grant_type'] = 'authorization_code';
                 $params['redirect_uri'] = $CFG->wwwroot . '/auth/googleoauth2/google_redirect.php';
                 $params['code'] = $authorizationcode;
                 break;
             case 'facebook':
                 $params['client_id'] = get_config('auth/googleoauth2', 'facebookclientid');
                 $params['client_secret'] = get_config('auth/googleoauth2', 'facebookclientsecret');
                 $requestaccesstokenurl = 'https://graph.facebook.com/oauth/access_token';
                 $params['redirect_uri'] = $CFG->wwwroot . '/auth/googleoauth2/facebook_redirect.php';
                 $params['code'] = $authorizationcode;
                 break;
             case 'messenger':
                 $params['client_id'] = get_config('auth/googleoauth2', 'messengerclientid');
                 $params['client_secret'] = get_config('auth/googleoauth2', 'messengerclientsecret');
                 $requestaccesstokenurl = 'https://oauth.live.com/token';
                 $params['redirect_uri'] = $CFG->wwwroot . '/auth/googleoauth2/messenger_redirect.php';
                 $params['code'] = $authorizationcode;
                 $params['grant_type'] = 'authorization_code';
                 break;
             case 'github':
                 $params['client_id'] = get_config('auth/googleoauth2', 'githubclientid');
                 $params['client_secret'] = get_config('auth/googleoauth2', 'githubclientsecret');
                 $requestaccesstokenurl = 'https://github.com/login/oauth/access_token';
                 $params['redirect_uri'] = $CFG->wwwroot . '/auth/googleoauth2/github_redirect.php';
                 $params['code'] = $authorizationcode;
                 break;
             case 'linkedin':
                 $params['grant_type'] = 'authorization_code';
                 $params['code'] = $authorizationcode;
                 $params['redirect_uri'] = $CFG->wwwroot . '/auth/googleoauth2/linkedin_redirect.php';
                 $params['client_id'] = get_config('auth/googleoauth2', 'linkedinclientid');
                 $params['client_secret'] = get_config('auth/googleoauth2', 'linkedinclientsecret');
                 $requestaccesstokenurl = 'https://www.linkedin.com/uas/oauth2/accessToken';
                 break;
             default:
                 throw new moodle_exception('unknown_oauth2_provider');
                 break;
         }
         //request by curl an access token and refresh token
         require_once $CFG->libdir . '/filelib.php';
         if ($authprovider == 'messenger') {
             //Windows Live returns an "Object moved" error with curl->post() encoding
             $curl = new curl();
             $postreturnvalues = $curl->get('https://oauth.live.com/token?client_id=' . urlencode($params['client_id']) . '&redirect_uri=' . urlencode($params['redirect_uri']) . '&client_secret=' . urlencode($params['client_secret']) . '&code=' . urlencode($params['code']) . '&grant_type=authorization_code');
         } else {
             if ($authprovider == 'linkedin') {
                 $curl = new curl();
                 $postreturnvalues = $curl->get($requestaccesstokenurl . '?client_id=' . urlencode($params['client_id']) . '&redirect_uri=' . urlencode($params['redirect_uri']) . '&client_secret=' . urlencode($params['client_secret']) . '&code=' . urlencode($params['code']) . '&grant_type=authorization_code');
             } else {
                 $curl = new curl();
                 $postreturnvalues = $curl->post($requestaccesstokenurl, $params);
             }
         }
         switch ($authprovider) {
             case 'google':
             case 'linkedin':
                 $postreturnvalues = json_decode($postreturnvalues);
                 $accesstoken = $postreturnvalues->access_token;
                 //$refreshtoken = $postreturnvalues->refresh_token;
                 //$expiresin = $postreturnvalues->expires_in;
                 //$tokentype = $postreturnvalues->token_type;
                 break;
             case 'facebook':
             case 'github':
                 parse_str($postreturnvalues, $returnvalues);
                 $accesstoken = $returnvalues['access_token'];
                 break;
             case 'messenger':
                 $accesstoken = json_decode($postreturnvalues)->access_token;
                 break;
             default:
                 break;
         }
         //with access token request by curl the email address
         if (!empty($accesstoken)) {
             //get the username matching the email
             switch ($authprovider) {
                 case 'google':
                     $params = array();
                     $params['access_token'] = $accesstoken;
                     $params['alt'] = 'json';
                     $postreturnvalues = $curl->get('https://www.googleapis.com/userinfo/email', $params);
                     $postreturnvalues = json_decode($postreturnvalues);
                     $useremail = $postreturnvalues->data->email;
                     $verified = $postreturnvalues->data->isVerified;
                     break;
                 case 'facebook':
                     $params = array();
                     $params['access_token'] = $accesstoken;
                     $postreturnvalues = $curl->get('https://graph.facebook.com/me', $params);
                     $facebookuser = json_decode($postreturnvalues);
                     $useremail = $facebookuser->email;
                     $verified = $facebookuser->verified;
                     break;
                 case 'messenger':
                     $params = array();
                     $params['access_token'] = $accesstoken;
                     $postreturnvalues = $curl->get('https://apis.live.net/v5.0/me', $params);
                     $messengeruser = json_decode($postreturnvalues);
                     $useremail = $messengeruser->emails->preferred;
                     $verified = 1;
                     //not super good but there are no way to check it yet:
                     //http://social.msdn.microsoft.com/Forums/en-US/messengerconnect/thread/515d546d-1155-4775-95d8-89dadc5ee929
                     break;
                 case 'github':
                     $params = array();
                     $params['access_token'] = $accesstoken;
                     $postreturnvalues = $curl->get('https://api.github.com/user', $params);
                     $githubuser = json_decode($postreturnvalues);
                     $useremails = json_decode($curl->get('https://api.github.com/user/emails', $params));
                     $useremail = $useremails[0];
                     $verified = 1;
                     // The field will be available in the final version of the API v3.
                     break;
                 case 'linkedin':
                     $params = array();
                     $params['format'] = 'json';
                     $params['oauth2_access_token'] = $accesstoken;
                     $postreturnvalues = $curl->get('https://api.linkedin.com/v1/people/~:(first-name,last-name,email-address,location:(name,country:(code)))', $params);
                     $linkedinuser = json_decode($postreturnvalues);
                     $useremail = $linkedinuser->emailAddress;
                     $verified = 1;
                     break;
                 default:
                     break;
             }
             //throw an error if the email address is not verified
             if (!$verified) {
                 throw new moodle_exception('emailaddressmustbeverified', 'auth_googleoauth2');
             }
             // Prohibit login if email belongs to the prohibited domain
             if ($err = email_is_not_allowed($useremail)) {
                 throw new moodle_exception($err, 'auth_googleoauth2');
             }
             //if email not existing in user database then create a new username (userX).
             if (empty($useremail) or $useremail != clean_param($useremail, PARAM_EMAIL)) {
                 throw new moodle_exception('couldnotgetuseremail');
                 //TODO: display a link for people to retry
             }
             //get the user - don't bother with auth = googleoauth2 because
             //authenticate_user_login() will fail it if it's not 'googleoauth2'
             $user = $DB->get_record('user', array('email' => $useremail, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id));
             //create the user if it doesn't exist
             if (empty($user)) {
                 // deny login if setting "Prevent account creation when authenticating" is on
                 if ($CFG->authpreventaccountcreation) {
                     throw new moodle_exception("noaccountyet", "auth_googleoauth2");
                 }
                 //get following incremented username
                 $lastusernumber = get_config('auth/googleoauth2', 'lastusernumber');
                 $lastusernumber = empty($lastusernumber) ? 1 : $lastusernumber++;
                 //check the user doesn't exist
                 $nextuser = $DB->get_record('user', array('username' => get_config('auth/googleoauth2', 'googleuserprefix') . $lastusernumber));
                 while (!empty($nextuser)) {
                     $lastusernumber = $lastusernumber + 1;
                     $nextuser = $DB->get_record('user', array('username' => get_config('auth/googleoauth2', 'googleuserprefix') . $lastusernumber));
                 }
                 set_config('lastusernumber', $lastusernumber, 'auth/googleoauth2');
                 $username = get_config('auth/googleoauth2', 'googleuserprefix') . $lastusernumber;
                 //retrieve more information from the provider
                 $newuser = new stdClass();
                 $newuser->email = $useremail;
                 switch ($authprovider) {
                     case 'google':
                         $params = array();
                         $params['access_token'] = $accesstoken;
                         $params['alt'] = 'json';
                         $userinfo = $curl->get('https://www.googleapis.com/oauth2/v1/userinfo', $params);
                         $userinfo = json_decode($userinfo);
                         //email, id, name, verified_email, given_name, family_name, link, gender, locale
                         $newuser->auth = 'googleoauth2';
                         if (!empty($userinfo->given_name)) {
                             $newuser->firstname = $userinfo->given_name;
                         }
                         if (!empty($userinfo->family_name)) {
                             $newuser->lastname = $userinfo->family_name;
                         }
                         if (!empty($userinfo->locale)) {
                             //$newuser->lang = $userinfo->locale;
                             //TODO: convert the locale into correct Moodle language code
                         }
                         break;
                     case 'facebook':
                         $newuser->firstname = $facebookuser->first_name;
                         $newuser->lastname = $facebookuser->last_name;
                         break;
                     case 'messenger':
                         $newuser->firstname = $messengeruser->first_name;
                         $newuser->lastname = $messengeruser->last_name;
                         break;
                     case 'github':
                         //As Github doesn't provide firstname/lastname, we'll split the name at the first whitespace.
                         $githubusername = explode(' ', $githubuser->name, 2);
                         $newuser->firstname = $githubusername[0];
                         $newuser->lastname = $githubusername[1];
                         break;
                     case 'linkedin':
                         $newuser->firstname = $linkedinuser->firstName;
                         $newuser->lastname = $linkedinuser->lastName;
                         $newuser->country = $linkedinuser->country->code;
                         $newuser->city = $linkedinuser->name;
                         break;
                     default:
                         break;
                 }
                 //retrieve country and city if the provider failed to give it
                 if (!isset($newuser->country) or !isset($newuser->city)) {
                     $googleipinfodbkey = get_config('auth/googleoauth2', 'googleipinfodbkey');
                     if (!empty($googleipinfodbkey)) {
                         $locationdata = $curl->get('http://api.ipinfodb.com/v3/ip-city/?key=' . $googleipinfodbkey . '&ip=' . getremoteaddr() . '&format=json');
                         $locationdata = json_decode($locationdata);
                     }
                     if (!empty($locationdata)) {
                         //TODO: check that countryCode does match the Moodle country code
                         $newuser->country = isset($newuser->country) ? isset($newuser->country) : $locationdata->countryCode;
                         $newuser->city = isset($newuser->city) ? isset($newuser->city) : $locationdata->cityName;
                     }
                 }
                 create_user_record($username, '', 'googleoauth2');
             } else {
                 $username = $user->username;
             }
             //authenticate the user
             //TODO: delete this log later
             $userid = empty($user) ? 'new user' : $user->id;
             add_to_log(SITEID, 'auth_googleoauth2', '', '', $username . '/' . $useremail . '/' . $userid);
             $user = authenticate_user_login($username, null);
             if ($user) {
                 //set a cookie to remember what auth provider was selected
                 setcookie('MOODLEGOOGLEOAUTH2_' . $CFG->sessioncookie, $authprovider, time() + DAYSECS * 60, $CFG->sessioncookiepath, $CFG->sessioncookiedomain, $CFG->cookiesecure, $CFG->cookiehttponly);
                 //prefill more user information if new user
                 if (!empty($newuser)) {
                     $newuser->id = $user->id;
                     $DB->update_record('user', $newuser);
                     $user = (object) array_merge((array) $user, (array) $newuser);
                 }
                 complete_user_login($user);
                 // Redirection
                 if (user_not_fully_set_up($USER)) {
                     $urltogo = $CFG->wwwroot . '/user/edit.php';
                     // We don't delete $SESSION->wantsurl yet, so we get there later
                 } else {
                     if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
                         $urltogo = $SESSION->wantsurl;
                         // Because it's an address in this site
                         unset($SESSION->wantsurl);
                     } else {
                         // No wantsurl stored or external - go to homepage
                         $urltogo = $CFG->wwwroot . '/';
                         unset($SESSION->wantsurl);
                     }
                 }
                 redirect($urltogo);
             }
         } else {
             throw new moodle_exception('couldnotgetgoogleaccesstoken', 'auth_googleoauth2');
         }
     }
 }
 /**
  * @link http://docs.moodle.org/dev/Authentication_plugins#loginpage_hook.28.29
  *
  * Hook for overriding behaviour of login page.
  * Another auth hook. Process login if $authorizationcode is defined in OAuth url.
  * Makes cURL POST/GET request to social webservice and fill response data to Moodle user.
  * We check access tokens in cookies, if the ones exists - get it from $_COOKIE, if no - setcookie
  *
  * @uses $SESSION, $CFG, $DB core global objects/variables
  * @return void or @moodle_exception if OAuth request returns error or fail
  *
  * @author Igor Sazonov ( @tigusigalpa )
  */
 function loginpage_hook()
 {
     global $SESSION, $CFG, $DB;
     $access_token = false;
     $authorizationcode = optional_param('oauthcode', '', PARAM_TEXT);
     // get authorization code from url
     if (!empty($authorizationcode)) {
         $authprovider = required_param('authprovider', PARAM_TEXT);
         // get authorization provider (webservice name)
         $hack_authprovider = $authprovider == 'yahoo1' || $authprovider == 'yahoo2' ? 'yahoo' : $authprovider;
         $config_field_str = 'auth_lenauth_' . $hack_authprovider . '_social_id_field';
         $this->_field_shortname = $this->_oauth_config->{$config_field_str};
         $this->_field_id = $this->_lenauth_get_fieldid();
         $params = array();
         // params to generate data for token request
         $encode_params = true;
         $code = true;
         $redirect_uri = true;
         $curl_header = false;
         $curl_options = array();
         //if we have access_token in $_COOKIE, so do not need to make request fot the one
         $this->_send_oauth_request = !isset($_COOKIE[$authprovider]['access_token']) ? true : false;
         //if service is not enabled, why should we make request? hack protect. maybe
         $enabled_str = 'auth_lenauth_' . $hack_authprovider . '_enabled';
         if (empty($this->_oauth_config->{$enabled_str})) {
             throw new moodle_exception('Service not enabled in your LenAuth Settings', 'auth_lenauth');
         }
         switch ($authprovider) {
             case 'facebook':
                 /**
                  * @link https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.0#exchangecode
                  */
                 $params['client_id'] = $this->_oauth_config->auth_lenauth_facebook_app_id;
                 $params['client_secret'] = $this->_oauth_config->auth_lenauth_facebook_app_secret;
                 break;
             case 'google':
                 /**
                  * @link https://developers.google.com/accounts/docs/OAuth2Login#exchangecode
                  */
                 $params['client_id'] = $this->_oauth_config->auth_lenauth_google_client_id;
                 $params['client_secret'] = $this->_oauth_config->auth_lenauth_google_client_secret;
                 $params['grant_type'] = $this->_settings[$authprovider]['grant_type'];
                 break;
             case 'yahoo1':
                 if (!isset($_COOKIE[$authprovider]['access_token']) && !isset($_COOKIE[$authprovider]['oauth_verifier'])) {
                     $params = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&'), array('oauth_callback' => $this->_lenauth_redirect_uri($authprovider)));
                     $code = false;
                     $redirect_uri = false;
                     $this->_send_oauth_request = isset($_REQUEST['oauth_token'], $_REQUEST['oauth_verifier']) ? false : true;
                     $oauth_verifier = false;
                     // yahoo =))
                     if (!$this->_send_oauth_request && isset($SESSION->yahoo_expires) && !empty($SESSION->yahoo_expires)) {
                         $access_token = $SESSION->yahoo_access_token = optional_param('oauth_token', '', PARAM_TEXT);
                         setcookie($authprovider . '[access_token]', $access_token, time() + $SESSION->yahoo_expires);
                         $oauth_verifier = $SESSION->yahoo_oauth_verifier = optional_param('oauth_verifier', '', PARAM_TEXT);
                         setcookie($authprovider . '[oauth_verifier]', $oauth_verifier, time() + $SESSION->yahoo_expires);
                     } else {
                     }
                 } else {
                     $this->_send_oauth_request = false;
                 }
                 break;
             case 'yahoo2':
                 $params['grant_type'] = $this->_settings[$authprovider]['grant_type'];
                 $curl_options = array('USERPWD' => $this->_oauth_config->auth_lenauth_yahoo_consumer_key . ':' . $this->_oauth_config->auth_lenauth_yahoo_consumer_secret);
                 break;
             case 'twitter':
                 if (!empty($this->_oauth_config->auth_lenauth_twitter_enabled)) {
                     if (!isset($_COOKIE[$authprovider]['access_token'])) {
                         $params = array_merge($this->_lenauth_twitter_request_array($this->_oauth_config->auth_lenauth_twitter_consumer_secret . '&'), array('oauth_callback' => $this->_lenauth_redirect_uri($authprovider)));
                         $code = false;
                         $redirect_uri = false;
                         $this->_send_oauth_request = isset($_REQUEST['oauth_token'], $_REQUEST['oauth_verifier']) ? false : true;
                         $oauth_verifier = false;
                         if (!$this->_send_oauth_request && isset($_COOKIE[$authprovider]['oauth_token_secret'])) {
                             $access_token = $SESSION->twitter_access_token = optional_param('oauth_token', '', PARAM_TEXT);
                             setcookie($authprovider . '[access_token]', $access_token, time() + $this->_settings[$authprovider]['expire'], '/');
                             $oauth_verifier = $SESSION->twitter_oauth_verifier = optional_param('oauth_verifier', '', PARAM_TEXT);
                             setcookie($authprovider . '[oauth_verifier]', $oauth_verifier, time() + $this->_settings[$authprovider]['expire'], '/');
                         } else {
                             $curl_header = $this->_lenauth_set_twitter_header($params);
                         }
                         //$curl_header = $this->_lenauth_set_twitter_header($params, $access_token/*, $oauth_token_secret = false*/);
                         /*$curl_options = array(
                               'CURLOPT_RETURNTRANSFER' => true,
                               'CURLOPT_FOLLOWLOCATION' => true
                           );
                           if ( !empty( $params['oauth_callback'] ) ) {
                               $curl_options['CURLOPT_POSTFIELDS'] = http_build_query( array() );
                           }*/
                         //TWITTER IS GOOD!!
                         $encode_params = false;
                     } else {
                         $this->_send_oauth_request = false;
                     }
                 }
                 break;
             case 'vk':
                 /**
                  * @link http://vk.com/dev/auth_sites
                  */
                 $params['client_id'] = $this->_oauth_config->auth_lenauth_vk_app_id;
                 $params['client_secret'] = $this->_oauth_config->auth_lenauth_vk_app_secret;
                 break;
             case 'yandex':
                 $params['grant_type'] = $this->_settings[$authprovider]['grant_type'];
                 $params['client_id'] = $this->_oauth_config->auth_lenauth_yandex_app_id;
                 $params['client_secret'] = $this->_oauth_config->auth_lenauth_yandex_app_password;
                 break;
             case 'mailru':
                 $params['client_id'] = $this->_oauth_config->auth_lenauth_mailru_site_id;
                 $params['client_secret'] = $this->_oauth_config->auth_lenauth_mailru_client_secret;
                 $params['grant_type'] = $this->_settings[$authprovider]['grant_type'];
                 break;
                 //odnoklassniki.ru was wrote by school programmers at 1st class and it not used mojority. bye-bye!
                 /*case 'ok':
                   $params['client_id']     = $this->_oauth_config->ok_app_id;
                   $params['client_secret'] = $this->_oauth_config->ok_secret_key;
                   break;*/
             //odnoklassniki.ru was wrote by school programmers at 1st class and it not used mojority. bye-bye!
             /*case 'ok':
               $params['client_id']     = $this->_oauth_config->ok_app_id;
               $params['client_secret'] = $this->_oauth_config->ok_secret_key;
               break;*/
             default:
                 // if authorization provider is wrong
                 throw new moodle_exception('Unknown OAuth Provider', 'auth_lenauth');
         }
         // url for catch token value
         // exception for Yahoo OAuth, because it like..
         if ($code) {
             $params['code'] = $authorizationcode;
         }
         if ($redirect_uri) {
             $params['redirect_uri'] = $this->_lenauth_redirect_uri($authprovider);
         }
         //require cURL from Moodle core
         require_once $CFG->libdir . '/filelib.php';
         // requires library with cURL class
         $curl = new curl();
         //hack for twitter and Yahoo
         if (!empty($curl_options) && is_array($curl_options)) {
             $curl->setopt($curl_options);
         }
         $curl->resetHeader();
         // clean cURL header from garbage
         //Twitter and Yahoo has an own cURL headers, so let them to be!
         if (!$curl_header) {
             $curl->setHeader('Content-Type: application/x-www-form-urlencoded');
         } else {
             $curl->setHeader($curl_header);
         }
         // cURL REQUEST for tokens if we hasnt it in $_COOKIE
         if ($this->_send_oauth_request) {
             if ($this->_curl_type == 'post') {
                 $curl_tokens_values = $curl->post($this->_settings[$authprovider]['request_token_url'], $encode_params ? $this->_generate_query_data($params) : $params);
             } else {
                 $curl_tokens_values = $curl->get($this->_settings[$authprovider]['request_token_url'] . '?' . ($encode_params ? $this->_generate_query_data($params) : $params));
             }
         }
         // check for token response
         if (!empty($curl_tokens_values) || !$this->_send_oauth_request) {
             $token_values = array();
             // parse token values
             switch ($authprovider) {
                 case 'facebook':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) {
                         parse_str($curl_tokens_values, $token_values);
                         $expires = $token_values['expires'];
                         //5183999 = 2 months
                         $access_token = $token_values['access_token'];
                         if (!empty($expires) && !empty($access_token)) {
                             setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/');
                         } else {
                             throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth');
                         }
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'])) {
                             $access_token = $_COOKIE[$authprovider]['access_token'];
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'google':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) {
                         $token_values = json_decode($curl_tokens_values, true);
                         $expires = $token_values['expires_in'];
                         //3600 = 1 hour
                         $access_token = $token_values['access_token'];
                         if (!empty($access_token) && !empty($expires)) {
                             setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/');
                         } else {
                             throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth');
                         }
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'])) {
                             $access_token = $_COOKIE[$authprovider]['access_token'];
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'yahoo1':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['oauth_token_secret'])) {
                         parse_str($curl_tokens_values, $token_values);
                         $expires = $SESSION->yahoo_expires = $token_values['oauth_expires_in'];
                         //3600 = 1 hour
                         $access_token = $SESSION->yahoo_access_token = $token_values['oauth_token'];
                         setcookie($authprovider . '[oauth_token_secret]', $token_values['oauth_token_secret'], time() + $SESSION->yahoo_expires);
                         $xoauth_request_auth_url = $token_values['xoauth_request_auth_url'];
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['oauth_verifier']) || isset($SESSION->yahoo_access_token, $SESSION->yahoo_oauth_verifier)) {
                             $access_token = isset($_COOKIE[$authprovider]['access_token']) ? $_COOKIE[$authprovider]['access_token'] : $SESSION->yahoo_access_token;
                             $oauth_verifier = isset($_COOKIE[$authprovider]['oauth_verifier']) ? $_COOKIE[$authprovider]['oauth_verifier'] : $SESSION->yahoo_oauth_verifier;
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'yahoo2':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) {
                         $token_values = json_decode($curl_tokens_values, true);
                         $expires = $token_values['expires_in'];
                         //3600 = 1 hour
                         $access_token = $token_values['access_token'];
                         $refresh_token = $token_values['refresh_token'];
                         $user_id = $token_values['xoauth_yahoo_guid'];
                         if (!empty($expires) && !empty($access_token)) {
                             setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/');
                             if (!empty($user_id)) {
                                 setcookie($authprovider . '[user_id]', $user_id, time() + $expires, '/');
                             }
                         } else {
                             throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth');
                         }
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['user_id'])) {
                             $access_token = $_COOKIE[$authprovider]['access_token'];
                             $user_id = $_COOKIE[$authprovider]['user_id'];
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'twitter':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['oauth_token_secret'])) {
                         parse_str($curl_tokens_values, $token_values);
                         $access_token = $SESSION->twitter_access_token = $token_values['oauth_token'];
                         setcookie($authprovider . '[oauth_token_secret]', $token_values['oauth_token_secret'], time() + $this->_settings[$authprovider]['expire'], '/');
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['oauth_token_secret']) || isset($SESSION->twitter_access_token, $SESSION->twitter_oauth_verifier)) {
                             $access_token = isset($_COOKIE[$authprovider]['access_token']) ? $_COOKIE[$authprovider]['access_token'] : $SESSION->twitter_access_token;
                             $oauth_verifier = isset($_COOKIE[$authprovider]['oauth_verifier']) ? $_COOKIE[$authprovider]['oauth_verifier'] : $SESSION->twitter_oauth_verifier;
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'vk':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) {
                         $token_values = json_decode($curl_tokens_values, true);
                         if (isset($token_values['error'])) {
                             throw new moodle_exception('Native VK Error ' . $token_values['error'] . (isset($token_values['error_description']) ? ' with description: ' . $token_values['error_description'] : ''), 'auth_lenauth');
                         }
                         $expires = $token_values['expires_in'];
                         //86400 = 24 hours
                         $access_token = $token_values['access_token'];
                         if (!empty($access_token) && !empty($expires)) {
                             setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/');
                         }
                         $user_id = $token_values['user_id'];
                         if (!empty($user_id)) {
                             setcookie($authprovider . '[user_id]', $user_id, time() + $expires, '/');
                         }
                         /**
                          * VK user may do not enter email, soooo =((
                          */
                         $user_email = isset($token_values['email']) ? $token_values['email'] : false;
                         // WOW!!! So early???))) Awesome!
                         if (!empty($user_email)) {
                             setcookie($authprovider . '[user_email]', $user_email, time() + $expires, '/');
                         }
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'], $_COOKIE[$authprovider]['user_id'])) {
                             $access_token = $_COOKIE[$authprovider]['access_token'];
                             $user_id = $_COOKIE[$authprovider]['user_id'];
                             if (isset($_COOKIE[$authprovider]['user_email'])) {
                                 $user_email = $_COOKIE[$authprovider]['user_email'];
                             }
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'yandex':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) {
                         $token_values = json_decode($curl_tokens_values, true);
                         $expires = $token_values['expires_in'];
                         //31536000 = 1 year
                         $access_token = $token_values['access_token'];
                         if (!empty($expires) && !empty($access_token)) {
                             setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/');
                         } else {
                             throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth');
                         }
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'])) {
                             $access_token = $_COOKIE[$authprovider]['access_token'];
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                 case 'mailru':
                     if ($this->_send_oauth_request || !isset($_COOKIE[$authprovider]['access_token'])) {
                         $token_values = json_decode($curl_tokens_values, true);
                         $expires = $token_values['expires_in'];
                         //86400 = 24 hours
                         $access_token = $token_values['access_token'];
                         if (!empty($expires) && !empty($access_token)) {
                             setcookie($authprovider . '[access_token]', $access_token, time() + $expires, '/');
                         } else {
                             //check native errors if exists
                             if (isset($token_values['error'])) {
                                 switch ($token_values['error']) {
                                     case 'invalid_client':
                                         throw new moodle_exception('Mail.RU invalid OAuth settings. Check your Private Key and Secret Key', 'auth_lenauth');
                                     default:
                                         throw new moodle_exception('Mail.RU Unknown Error with code: ' . $token_values['error']);
                                 }
                             }
                             if (empty($expires) || empty($access_token)) {
                                 throw new moodle_exception('Can not get access for "access_token" or/and "expires" params after request', 'auth_lenauth');
                             }
                         }
                     } else {
                         if (isset($_COOKIE[$authprovider]['access_token'])) {
                             $access_token = $_COOKIE[$authprovider]['access_token'];
                         } else {
                             throw new moodle_exception('Someting wrong, maybe expires', 'auth_lenauth');
                         }
                     }
                     break;
                     /*case 'ok':
                       $token_values  = json_decode( $curl_tokens_values, true );
                       $access_token  = $token_values['access_token'];
                       break;*/
                 /*case 'ok':
                   $token_values  = json_decode( $curl_tokens_values, true );
                   $access_token  = $token_values['access_token'];
                   break;*/
                 default:
                     throw new moodle_exception('Unknown OAuth Provider', 'auth_lenauth');
             }
         }
         if (!empty($access_token)) {
             $queryparams = array();
             // array to generate data for final request to get user data
             $request_api_url = $this->_settings[$authprovider]['request_api_url'];
             //some services check accounts for verifier, so we will check it too. No unverified accounts, only verified! only hardCORE!
             $is_verified = true;
             $image_url = '';
             switch ($authprovider) {
                 case 'facebook':
                     $queryparams['access_token'] = $access_token;
                     $curl_response = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams));
                     $curl_final_data = json_decode($curl_response, true);
                     $social_uid = $curl_final_data['id'];
                     $user_email = $curl_final_data['email'];
                     $first_name = $curl_final_data['first_name'];
                     $last_name = $curl_final_data['last_name'];
                     $is_verified = $curl_final_data['verified'];
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url = 'http://graph.facebook.com/' . $social_uid . '/picture';
                     }
                     break;
                     /**
                      * @link https://developers.google.com/accounts/docs/OAuth2Login#obtaininguserprofileinformation
                      */
                 /**
                  * @link https://developers.google.com/accounts/docs/OAuth2Login#obtaininguserprofileinformation
                  */
                 case 'google':
                     $queryparams['access_token'] = $access_token;
                     $queryparams['alt'] = 'json';
                     $curl_response = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams));
                     $curl_final_data = json_decode($curl_response, true);
                     if (isset($curl_final_data['error'])) {
                         if (!empty($curl_final_data['error']['errors']) && is_array($curl_final_data['error']['errors'])) {
                             foreach ($curl_final_data['error']['errors'] as $error) {
                                 throw new moodle_exception('Native Google error. Message: ' . $error['message'], 'auth_lenauth');
                             }
                         } else {
                             throw new moodle_exception('Native Google error', 'auth_lenauth');
                         }
                     }
                     $social_uid = $curl_final_data['id'];
                     $user_email = $curl_final_data['emails'][0]['value'];
                     $first_name = $curl_final_data['name']['givenName'];
                     $last_name = $curl_final_data['name']['familyName'];
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url = isset($curl_final_data['image']['url']) ? $curl_final_data['image']['url'] : '';
                     }
                     break;
                 case 'yahoo1':
                     if (!$oauth_verifier) {
                         header('Location: ' . $xoauth_request_auth_url);
                         // yahoo =))
                         die;
                     }
                     $queryparams1 = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&' . $_COOKIE[$authprovider]['oauth_token_secret']), array('oauth_token' => $access_token, 'oauth_verifier' => $oauth_verifier));
                     $curl_response_pre = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams1));
                     parse_str($curl_response_pre, $values);
                     $queryparams2 = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&' . $values['oauth_token_secret']), array('oauth_token' => $values['oauth_token'], 'oauth_session_handle' => $values['oauth_session_handle']));
                     $yet_another = $curl->post($request_api_url . '?' . $this->_generate_query_data($queryparams2));
                     parse_str($yet_another, $yet_another_values);
                     $params = array('q' => 'SELECT * FROM social.profile where guid="' . $yet_another_values['xoauth_yahoo_guid'] . '"', 'format' => 'json', 'env' => 'http://datatables.org/alltables.env');
                     $auth_array = array_merge($this->_lenauth_yahoo_request_array($this->_oauth_config->auth_lenauth_yahoo_consumer_secret . '&' . $yet_another_values['oauth_token_secret']), array('realm' => 'yahooapis.com', 'oauth_token' => $yet_another_values['oauth_token']));
                     $header = '';
                     foreach ($auth_array as $key => $value) {
                         $header .= ($header === '' ? ' ' : ',') . $this->urlEncodeRfc3986($key) . '="' . $this->urlEncodeRfc3986($value) . '"';
                     }
                     $curl->setHeader(array('Expect:', 'Accept: application/json', 'Authorization: OAuth ' . $header));
                     $curl_response = $curl->post($this->_settings[$authprovider]['yql_url'] . '?' . $this->_generate_query_data($params));
                     $curl_final_data = json_decode($curl_response, true);
                     $social_uid = $curl_final_data['query']['results']['profile']['guid'];
                     $emails = $curl_final_data['query']['results']['profile']['emails'];
                     if (!empty($emails) && is_array($emails)) {
                         foreach ($emails as $email_array) {
                             $user_email = $email_array['handle'];
                             if (isset($email_array['primary'])) {
                                 break;
                             }
                         }
                     }
                     $first_name = $curl_final_data['query']['results']['profile']['givenName'];
                     $last_name = $curl_final_data['query']['results']['profile']['familyName'];
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url = isset($curl_final_data['query']['results']['profile']['image']['imageUrl']) ? $curl_final_data['query']['results']['profile']['image']['imageUrl'] : '';
                     }
                     break;
                 case 'yahoo2':
                     $request_api_url = 'https://social.yahooapis.com/v1/user/' . $user_id . '/profile?format=json';
                     $queryparams['access_token'] = $access_token;
                     $now_header = array('Authorization: Bearer ' . $access_token, 'Accept: application/json', 'Content-Type: application/json');
                     $curl->resetHeader();
                     $curl->setHeader($now_header);
                     $curl_response = $curl->get($request_api_url, $queryparams);
                     $curl->resetHeader();
                     $curl_final_data = json_decode($curl_response, true);
                     $social_uid = $curl_final_data['profile']['guid'];
                     $emails = $curl_final_data['profile']['emails'];
                     if (!empty($emails) && is_array($emails)) {
                         foreach ($emails as $email_array) {
                             $user_email = $email_array['handle'];
                             if (isset($email_array['primary'])) {
                                 break;
                             }
                         }
                     }
                     $first_name = $curl_final_data['profile']['givenName'];
                     $last_name = $curl_final_data['profile']['familyName'];
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url = isset($curl_final_data['profile']['image']['imageUrl']) ? $curl_final_data['profile']['image']['imageUrl'] : '';
                     }
                     break;
                 case 'twitter':
                     if (!$oauth_verifier) {
                         header('Location: ' . $this->_settings[$authprovider]['request_api_url'] . '?' . http_build_query(array('oauth_token' => $access_token)));
                         die;
                     }
                     $queryparams = array_merge($this->_lenauth_twitter_request_array(), array('oauth_verifier' => $oauth_verifier, 'oauth_token' => $access_token, 'oauth_token_secret' => $_COOKIE[$authprovider]['oauth_token_secret']));
                     $curl_header = $this->_lenauth_set_twitter_header($queryparams, $access_token, $_COOKIE[$authprovider]['oauth_token_secret']);
                     $curl->setHeader($curl_header);
                     $curl_final_data_pre = $curl->post($this->_settings[$authprovider]['token_url'], $queryparams);
                     $json_decoded = json_decode($curl_final_data_pre, true);
                     if (isset($json_decoded['error']) && isset($json_decoded['request'])) {
                         throw new moodle_exception('Native Twitter Error: ' . $json_decoded['error'] . '. For request ' . $json_decoded['request'], 'auth_lenauth');
                     }
                     parse_str($curl_final_data_pre, $curl_final_data);
                     $social_uid = $curl_final_data['user_id'];
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url_pre = 'https://twitter.com/' . $curl_final_data['screen_name'] . '/profile_image?size=original';
                         $image_header = get_headers($image_url_pre, 1);
                         $image_url = $image_header['location'];
                     }
                     break;
                 case 'vk':
                     /**
                      * @link http://vk.com/dev/api_requests
                      */
                     $queryparams['access_token'] = $access_token;
                     $queryparams['user_id'] = !empty($user_id) ? $user_id : false;
                     $queryparams['v'] = self::$vk_api_version;
                     $curl_response = $curl->post($request_api_url, $this->_generate_query_data($queryparams));
                     $curl_final_data = json_decode($curl_response, true);
                     //$social_uid                  = ( isset( $user_id ) ) ? $user_id : $curl_final_data['response'][0]['id']; //dont forget about this
                     $social_uid = $queryparams['user_id'];
                     /**
                      * If user_email is empty, its not so scare, because its second login and 
                      */
                     $user_email = isset($user_email) ? $user_email : false;
                     //hack, because VK has bugs sometimes
                     $first_name = $curl_final_data['response'][0]['first_name'];
                     $last_name = $curl_final_data['response'][0]['last_name'];
                     /**
                      * @link http://vk.com/dev/users.get
                      */
                     $fields_array = array('avatar' => 'photo_200');
                     $additional_fields_pre = $curl->get('http://api.vk.com/method/users.get?user_ids=' . $social_uid . '&fields=' . join(',', $fields_array));
                     $additional_fields = json_decode($additional_fields_pre, true);
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url = isset($additional_fields['response'][0][$fields_array['avatar']]) ? $additional_fields['response'][0][$fields_array['avatar']] : '';
                     }
                     break;
                     /**
                      * @link http://api.yandex.ru/oauth/doc/dg/reference/accessing-protected-resource.xml
                      * @link http://api.yandex.ru/login/doc/dg/reference/request.xml
                      */
                 /**
                  * @link http://api.yandex.ru/oauth/doc/dg/reference/accessing-protected-resource.xml
                  * @link http://api.yandex.ru/login/doc/dg/reference/request.xml
                  */
                 case 'yandex':
                     $queryparams['format'] = $this->_settings[$authprovider]['format'];
                     $queryparams['oauth_token'] = $access_token;
                     $curl_response = $curl->get($request_api_url . '?' . $this->_generate_query_data($queryparams));
                     $curl_final_data = json_decode($curl_response, true);
                     $social_uid = $curl_final_data['id'];
                     /**
                      * fix @since 24.12.2014. Thanks for Yandex Tech team guys!!
                      * @link https://tech.yandex.ru/passport/
                      */
                     $user_email = $curl_final_data['default_email'];
                     //was $curl_final_data['emails'][0]; - wrong!
                     $first_name = $curl_final_data['first_name'];
                     $last_name = $curl_final_data['last_name'];
                     $nickname = $curl_final_data['display_name'];
                     //for future
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         /**
                          * @link https://tech.yandex.ru/passport/doc/dg/reference/response-docpage/#norights_5
                          */
                         $yandex_avatar_size = 'islands-200';
                         if (isset($curl_final_data['default_avatar_id'])) {
                             $image_url = 'https://avatars.yandex.net/get-yapic/' . $curl_final_data['default_avatar_id'] . '/' . $yandex_avatar_size;
                         }
                     }
                     break;
                 case 'mailru':
                     $queryparams['app_id'] = $params['client_id'];
                     $secret_key = $params['client_secret'];
                     /**
                      * @link http://api.mail.ru/docs/reference/rest/users-getinfo/
                      */
                     $queryparams['method'] = 'users.getInfo';
                     $queryparams['session_key'] = $access_token;
                     $queryparams['secure'] = 1;
                     /**
                      * Additional security from mail.ru
                      * @link http://api.mail.ru/docs/guides/restapi/#sig
                      */
                     ksort($queryparams);
                     $sig = '';
                     foreach ($queryparams as $k => $v) {
                         $sig .= "{$k}={$v}";
                     }
                     $queryparams['sig'] = md5($sig . $secret_key);
                     $curl_response = $curl->post($request_api_url, $this->_generate_query_data($queryparams));
                     $curl_final_data = json_decode($curl_response, true);
                     $social_uid = $curl_final_data[0]['uid'];
                     $user_email = $curl_final_data[0]['email'];
                     $first_name = $curl_final_data[0]['first_name'];
                     $last_name = $curl_final_data[0]['last_name'];
                     $is_verified = $curl_final_data[0]['is_verified'];
                     $birthday = $curl_final_data[0]['birthday'];
                     //dd.mm.YYYY
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         $image_url = isset($curl_final_data[0]['pic_big']) ? $curl_final_data[0]['pic_big'] : '';
                     }
                     break;
                     /*case 'ok':
                                             $queryparams['access_token'] = $access_token;
                                             $queryparams['method']       = 'users.getCurrentUser';
                                             $queryparams['sig']          = md5( 'application_key=' . $this->_oauth_config->ok_public_key . 'method=' . $queryparams['method'] . md5( $queryparams['access_token'] . $this->_oauth_config->ok_secret_key ) );
                                             $queryparams['application_key'] = $this->_oauth_config->ok_public_key;
                                             $curl_response               = $curl->get( $request_api_url . '?' . $this->_generate_query_data( $queryparams ) );
                                             $curl_final_data             = json_decode( $curl_response, true );
                     
                                             $first_name                  = $curl_final_data['first_name'];
                                             $last_name                   = $curl_final_data['last_name'];
                                             $social_uid                  = $curl_final_data['uid'];
                                             break;*/
                 /*case 'ok':
                                         $queryparams['access_token'] = $access_token;
                                         $queryparams['method']       = 'users.getCurrentUser';
                                         $queryparams['sig']          = md5( 'application_key=' . $this->_oauth_config->ok_public_key . 'method=' . $queryparams['method'] . md5( $queryparams['access_token'] . $this->_oauth_config->ok_secret_key ) );
                                         $queryparams['application_key'] = $this->_oauth_config->ok_public_key;
                                         $curl_response               = $curl->get( $request_api_url . '?' . $this->_generate_query_data( $queryparams ) );
                                         $curl_final_data             = json_decode( $curl_response, true );
                 
                                         $first_name                  = $curl_final_data['first_name'];
                                         $last_name                   = $curl_final_data['last_name'];
                                         $social_uid                  = $curl_final_data['uid'];
                                         break;*/
                 default:
                     throw new moodle_exception('Unknown OAuth Provider', 'auth_lenauth');
             }
             /**
              * Check for email returned by webservice. If exist - check for user with this email in Moodle Database
              */
             if (!empty($curl_final_data)) {
                 if (!empty($social_uid)) {
                     if ($is_verified) {
                         if (!empty($user_email)) {
                             if ($err = email_is_not_allowed($user_email)) {
                                 throw new moodle_exception($err, 'auth_lenauth');
                             }
                             $user_lenauth = $DB->get_record('user', array('email' => $user_email, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id));
                         } else {
                             if (empty($user_lenauth)) {
                                 $user_lenauth = $this->_lenauth_get_userdata_by_social_id($social_uid);
                             }
                             /*if ( empty( $user_lenauth ) ) {
                                   $user_lenauth = $DB->get_record('user', array('username' => $username, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id));
                               }*/
                         }
                     } else {
                         throw new moodle_exception('Your social account is not verified', 'auth_lenauth');
                     }
                 } else {
                     throw new moodle_exception('Empty Social UID', 'auth_lenauth');
                 }
             } else {
                 /**
                  * addon @since 24.12.2014
                  * I forgot about clear $_COOKIE, thanks again for Yandex Tech Team guys!!!
                  */
                 @setcookie($authprovider, null, time() - 3600);
                 throw new moodle_exception('Final request returns nothing', 'auth_lenauth');
             }
             $last_user_number = intval($this->_oauth_config->auth_lenauth_last_user_number);
             $last_user_number = empty($last_user_number) ? 1 : $last_user_number + 1;
             //$username = $this->_oauth_config->auth_lenauth_user_prefix . $last_user_number; //@todo
             /**
              * If user with email from webservice not exists, we will create an account
              */
             if (empty($user_lenauth)) {
                 $username = $this->_oauth_config->auth_lenauth_user_prefix . $last_user_number;
                 //check for username exists in DB
                 $user_lenauth_check = $DB->get_record('user', array('username' => $username));
                 $i_check = 0;
                 while (!empty($user_lenauth_check)) {
                     $user_lenauth_check = $user_lenauth_check + 1;
                     $username = $this->_oauth_config->auth_lenauth_user_prefix . $last_user_number;
                     $user_lenauth_check = $DB->get_record('user', array('username' => $username));
                     $i_check++;
                     if ($i_check > 20) {
                         throw new moodle_exception('Something wrong with usernames of LenAuth users. Limit of 20 queries is out. Check last mdl_user table of Moodle', 'auth_lenauth');
                     }
                 }
                 // create user HERE
                 $user_lenauth = create_user_record($username, '', 'lenauth');
                 /**
                  * User exists...
                  */
             } else {
                 $username = $user_lenauth->username;
             }
             set_config('auth_lenauth_last_user_number', $last_user_number, 'auth/lenauth');
             if (!empty($social_uid)) {
                 $user_social_uid_custom_field = new stdClass();
                 $user_social_uid_custom_field->userid = $user_lenauth->id;
                 $user_social_uid_custom_field->fieldid = $this->_field_id;
                 $user_social_uid_custom_field->data = $social_uid;
                 if (!$DB->record_exists('user_info_data', array('userid' => $user_lenauth->id, 'fieldid' => $this->_field_id))) {
                     $DB->insert_record('user_info_data', $user_social_uid_custom_field);
                 } else {
                     $record = $DB->get_record('user_info_data', array('userid' => $user_lenauth->id, 'fieldid' => $this->_field_id));
                     $user_social_uid_custom_field->id = $record->id;
                     $DB->update_record('user_info_data', $user_social_uid_custom_field);
                 }
             }
             //add_to_log( SITEID, 'auth_lenauth', '', '', $username . '/' . $user_email . '/' . $userid );
             // complete Authenticate user
             authenticate_user_login($username, null);
             // fill $newuser object with response data from webservices
             $newuser = new stdClass();
             if (!empty($user_email)) {
                 $newuser->email = $user_email;
             }
             if (!empty($first_name)) {
                 $newuser->firstname = $first_name;
             }
             if (!empty($last_name)) {
                 $newuser->lastname = $last_name;
             }
             if (!empty($this->_oauth_config->auth_lenauth_default_country)) {
                 $newuser->country = $this->_oauth_config->auth_lenauth_default_country;
             }
             if ($user_lenauth) {
                 // update user record
                 if (!empty($newuser)) {
                     $newuser->id = $user_lenauth->id;
                     /*require_once( $CFG->libdir . '/gdlib.php' );
                     
                                                 $fs = get_file_storage();
                                                 $file_obj = $fs->create_file_from_url( array(
                                                     'contextid' => context_user::instance( $newuser->id, MUST_EXIST )->id,
                                                     'component' => 'user',
                                                     'filearea'  => 'icon',
                                                     'itemid'    => 0,
                                                     'filepath'  => '/',
                                                     'source'    => '',
                                                     'filename'  => 'f' . $newuser->id . '.' . $ext
                                                 ), $image_url );
                                                 //$newuser->picture = $file_obj->get_id();*/
                     $user_lenauth = (object) array_merge((array) $user_lenauth, (array) $newuser);
                     $DB->update_record('user', $user_lenauth);
                     if ($this->_oauth_config->auth_lenauth_retrieve_avatar) {
                         //processing user avatar from social webservice
                         if (!empty($image_url) && intval($user_lenauth->picture) === 0) {
                             $image_header = get_headers($image_url, 1);
                             if (isset($image_header['Content-Type']) && is_string($image_header['Content-Type']) && in_array($image_header['Content-Type'], array_keys(self::$_allowed_icons_types))) {
                                 $mime = $image_header['Content-Type'];
                             } else {
                                 if (isset($image_header['Content-Type'][0]) && is_string($image_header['Content-Type'][0]) && in_array($image_header['Content-Type'][0], array_keys(self::$_allowed_icons_types))) {
                                     $mime = $image_header['Content-Type'][0];
                                 }
                             }
                             $ext = $this->_lenauth_get_image_extension_from_mime($mime);
                             if ($ext) {
                                 //create temp file
                                 $tempfilename = substr(microtime(), 0, 10) . '.tmp';
                                 $templfolder = $CFG->tempdir . '/filestorage';
                                 if (!file_exists($templfolder)) {
                                     mkdir($templfolder, $CFG->directorypermissions);
                                 }
                                 @chmod($templfolder, 0777);
                                 $tempfile = $templfolder . '/' . $tempfilename;
                                 if (copy($image_url, $tempfile)) {
                                     require_once $CFG->libdir . '/gdlib.php';
                                     $usericonid = process_new_icon(context_user::instance($newuser->id, MUST_EXIST), 'user', 'icon', 0, $tempfile);
                                     if ($usericonid) {
                                         $DB->set_field('user', 'picture', $usericonid, array('id' => $newuser->id));
                                     }
                                     unset($tempfile);
                                 }
                                 @chmod($templfolder, $CFG->directorypermissions);
                             }
                         }
                     }
                 }
                 complete_user_login($user_lenauth);
                 // complete user login
                 // Redirection
                 $urltogo = $CFG->wwwroot;
                 if (user_not_fully_set_up($user_lenauth)) {
                     $urltogo = $CFG->wwwroot . '/user/edit.php';
                 } else {
                     if (isset($SESSION->wantsurl) && strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
                         $urltogo = $SESSION->wantsurl;
                         unset($SESSION->wantsurl);
                     } else {
                         unset($SESSION->wantsurl);
                     }
                 }
             }
             redirect($urltogo);
         } else {
             throw new moodle_exception('Could not get access to access token. Check your App Settings', 'auth_lenauth');
         }
     }
 }
 function validation($data, $files)
 {
     global $CFG, $DB;
     $errors = parent::validation($data, $files);
     $authplugin = get_auth_plugin($CFG->registerauth);
     if (empty(trim($data['username']))) {
         $errors['username'] = get_string('missingemail');
     }
     if (!isset($errors['username'])) {
         if ($DB->record_exists('user', array('username' => $data['username'], 'mnethostid' => $CFG->mnet_localhost_id))) {
             $errors['username'] = get_string('usernameexists');
         }
         if ($authplugin->user_exists($data['username'])) {
             $errors['username'] = get_string('usernameexists');
         }
         if (!validate_email($data['username'])) {
             $errors['username'] = get_string('invalidemail');
         } else {
             if ($DB->record_exists('user', array('email' => $data['username']))) {
                 $errors['username'] = get_string('emailexists');
                 //  . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
             }
         }
     }
     if (!isset($errors['username'])) {
         if ($err = email_is_not_allowed($data['username'])) {
             $errors['username'] = $err;
         }
     }
     require_once $CFG->dirroot . '/enrol/token/lib.php';
     $tokenValue = $data['token'];
     $tve = enrol_token_plugin::getTokenValidationErrors($tokenValue);
     if (isset($tve) && $tve !== '') {
         $errors['token'] = $tve;
     }
     return $errors;
 }
Beispiel #11
0
 function validation($data, $files)
 {
     global $CFG;
     $errors = parent::validation($data, $files);
     $authplugin = get_auth_plugin($CFG->registerauth);
     if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) {
         $errors['username'] = get_string('usernameexists');
     } else {
         if (empty($CFG->extendedusernamechars)) {
             $string = eregi_replace("[^(-\\.[:alnum:])]", '', $data['username']);
             if (strcmp($data['username'], $string)) {
                 $errors['username'] = get_string('alphanumerical');
             }
         }
     }
     //check if user exists in external db
     //TODO: maybe we should check all enabled plugins instead
     if ($authplugin->user_exists($data['username'])) {
         $errors['username'] = get_string('usernameexists');
     }
     if (!validate_email($data['email'])) {
         $errors['email'] = get_string('invalidemail');
     } else {
         if (record_exists('user', 'email', $data['email'])) {
             $errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
         }
     }
     if (empty($data['email2'])) {
         $errors['email2'] = get_string('missingemail');
     } else {
         if ($data['email2'] != $data['email']) {
             $errors['email2'] = get_string('invalidemail');
         }
     }
     if (!isset($errors['email'])) {
         if ($err = email_is_not_allowed($data['email'])) {
             $errors['email'] = $err;
         }
     }
     $errmsg = '';
     if (!check_password_policy($data['password'], $errmsg)) {
         $errors['password'] = $errmsg;
     }
     return $errors;
 }
 function validation($data, $files)
 {
     global $CFG;
     $errors = parent::validation($data, $files);
     $authplugin = get_auth_plugin($CFG->registerauth);
     if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) {
         $errors['username'] = get_string('usernameexists');
     } else {
         if (empty($CFG->extendedusernamechars)) {
             $string = eregi_replace("[^(-\\.[:alnum:])]", '', $data['username']);
             if (strcmp($data['username'], $string)) {
                 $errors['username'] = get_string('alphanumerical');
             }
             // Validates the username for Windows requirements - 22.05.2011 - jam
             $oldusername = stripslashes($data['username']);
             if (!isValidUsername($data['username']) || strcmp($data['username'], $oldusername)) {
                 $errors['username'] = '******';
             }
         }
     }
     //check if user exists in external db
     //TODO: maybe we should check all enabled plugins instead
     if ($authplugin->user_exists($data['username'])) {
         $errors['username'] = get_string('usernameexists');
     }
     if (!validate_email($data['email'])) {
         $errors['email'] = get_string('invalidemail');
     } else {
         if (record_exists('user', 'email', $data['email'])) {
             $errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
         }
     }
     if (empty($data['email2'])) {
         $errors['email2'] = get_string('missingemail');
     } else {
         if ($data['email2'] != $data['email']) {
             $errors['email2'] = get_string('invalidemail');
         }
     }
     if (!isset($errors['email'])) {
         if ($err = email_is_not_allowed($data['email'])) {
             $errors['email'] = $err;
         }
     }
     $errmsg = '';
     if (!check_password_policy($data['password'], $errmsg)) {
         $errors['password'] = $errmsg;
     }
     // Added by SMS 8/7/2011: To make sure the password does not include special
     // characters that may result in issues when synching the password with vms // <= 14 char
     if (!isValidPassword($data['password'])) {
         $errors['password'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
         //$errors['password'] .= ' and it must be less than or equal to 10 characters.';
     }
     if (strlen($data['password']) <= 0 || strlen($data['password']) > 10) {
         $errors['password'] .= ' Your password must be less than or equal to 10 characters.';
     }
     if (signup_captcha_enabled()) {
         $recaptcha_element = $this->_form->getElement('recaptcha_element');
         if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
             $challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
             $response_field = $this->_form->_submitValues['recaptcha_response_field'];
             if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
                 $errors['recaptcha'] = $result;
             }
         } else {
             $errors['recaptcha'] = get_string('missingrecaptchachallengefield');
         }
     }
     return $errors;
 }
Beispiel #13
0
/**
 * Validates the standard sign-up data (except recaptcha that is validated by the form element).
 *
 * @param  array $data  the sign-up data
 * @param  array $files files among the data
 * @return array list of errors, being the key the data element name and the value the error itself
 * @since Moodle 3.2
 */
function signup_validate_data($data, $files)
{
    global $CFG, $DB;
    $errors = array();
    $authplugin = get_auth_plugin($CFG->registerauth);
    if ($DB->record_exists('user', array('username' => $data['username'], 'mnethostid' => $CFG->mnet_localhost_id))) {
        $errors['username'] = get_string('usernameexists');
    } else {
        // Check allowed characters.
        if ($data['username'] !== core_text::strtolower($data['username'])) {
            $errors['username'] = get_string('usernamelowercase');
        } else {
            if ($data['username'] !== core_user::clean_field($data['username'], 'username')) {
                $errors['username'] = get_string('invalidusername');
            }
        }
    }
    // Check if user exists in external db.
    // TODO: maybe we should check all enabled plugins instead.
    if ($authplugin->user_exists($data['username'])) {
        $errors['username'] = get_string('usernameexists');
    }
    if (!validate_email($data['email'])) {
        $errors['email'] = get_string('invalidemail');
    } else {
        if ($DB->record_exists('user', array('email' => $data['email']))) {
            $errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
        }
    }
    if (empty($data['email2'])) {
        $errors['email2'] = get_string('missingemail');
    } else {
        if ($data['email2'] != $data['email']) {
            $errors['email2'] = get_string('invalidemail');
        }
    }
    if (!isset($errors['email'])) {
        if ($err = email_is_not_allowed($data['email'])) {
            $errors['email'] = $err;
        }
    }
    $errmsg = '';
    if (!check_password_policy($data['password'], $errmsg)) {
        $errors['password'] = $errmsg;
    }
    // Validate customisable profile fields. (profile_validation expects an object as the parameter with userid set).
    $dataobject = (object) $data;
    $dataobject->id = 0;
    $errors += profile_validation($dataobject, $files);
    return $errors;
}
Beispiel #14
0
 function validation($data, $files)
 {
     global $CFG, $DB;
     $errors = parent::validation($data, $files);
     $authplugin = get_auth_plugin($CFG->registerauth);
     if ($DB->record_exists('user', array('username' => $data['username'], 'mnethostid' => $CFG->mnet_localhost_id))) {
         $errors['username'] = get_string('usernameexists');
     } else {
         //check allowed characters
         if ($data['username'] !== moodle_strtolower($data['username'])) {
             $errors['username'] = get_string('usernamelowercase');
         } else {
             if ($data['username'] !== clean_param($data['username'], PARAM_USERNAME)) {
                 $errors['username'] = get_string('invalidusername');
             }
         }
     }
     //check if user exists in external db
     //TODO: maybe we should check all enabled plugins instead
     if ($authplugin->user_exists($data['username'])) {
         $errors['username'] = get_string('usernameexists');
     }
     if (!validate_email($data['email'])) {
         $errors['email'] = get_string('invalidemail');
     } else {
         if ($DB->record_exists('user', array('email' => $data['email']))) {
             $errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
         }
     }
     if (empty($data['email2'])) {
         $errors['email2'] = get_string('missingemail');
     } else {
         if ($data['email2'] != $data['email']) {
             $errors['email2'] = get_string('invalidemail');
         }
     }
     if (!isset($errors['email'])) {
         if ($err = email_is_not_allowed($data['email'])) {
             $errors['email'] = $err;
         }
     }
     $errmsg = '';
     if (!check_password_policy($data['password'], $errmsg)) {
         $errors['password'] = $errmsg;
     }
     if ($this->signup_captcha_enabled()) {
         $recaptcha_element = $this->_form->getElement('recaptcha_element');
         if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
             $challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
             $response_field = $this->_form->_submitValues['recaptcha_response_field'];
             if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
                 $errors['recaptcha'] = $result;
             }
         } else {
             $errors['recaptcha'] = get_string('missingrecaptchachallengefield');
         }
     }
     return $errors;
 }
Beispiel #15
0
 function validation($data, $files)
 {
     global $CFG;
     $errors = parent::validation($data, $files);
     $authplugin = get_auth_plugin($CFG->registerauth);
     if (record_exists('user', 'username', $data['username'], 'mnethostid', $CFG->mnet_localhost_id)) {
         $errors['username'] = get_string('usernameexists');
     } else {
         if (empty($CFG->extendedusernamechars)) {
             $string = eregi_replace("[^(-\\.[:alnum:])]", '', $data['username']);
             if (strcmp($data['username'], $string)) {
                 $errors['username'] = get_string('alphanumerical');
             }
         }
     }
     //check if user exists in external db
     //TODO: maybe we should check all enabled plugins instead
     if ($authplugin->user_exists($data['username'])) {
         $errors['username'] = get_string('usernameexists');
     }
     if (!validate_email($data['email'])) {
         $errors['email'] = get_string('invalidemail');
     } else {
         if (record_exists('user', 'email', $data['email'])) {
             $errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
         }
     }
     if (empty($data['email2'])) {
         $errors['email2'] = get_string('missingemail');
     } else {
         if ($data['email2'] != $data['email']) {
             $errors['email2'] = get_string('invalidemail');
         }
     }
     if (!isset($errors['email'])) {
         if ($err = email_is_not_allowed($data['email'])) {
             $errors['email'] = $err;
         }
     }
     $errmsg = '';
     if (!check_password_policy($data['password'], $errmsg)) {
         $errors['password'] = $errmsg;
     }
     if (signup_captcha_enabled()) {
         $recaptcha_element = $this->_form->getElement('recaptcha_element');
         if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
             $challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
             $response_field = $this->_form->_submitValues['recaptcha_response_field'];
             if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
                 $errors['recaptcha'] = $result;
             }
         } else {
             $errors['recaptcha'] = get_string('missingrecaptchachallengefield');
         }
     }
     return $errors;
 }
Beispiel #16
0
/**
 * Creates a bare-bones user record
 *
 * @todo Outline auth types and provide code example
 *
 * @param string $username New user's username to add to record
 * @param string $password New user's password to add to record
 * @param string $auth Form of authentication required
 * @return stdClass A complete user object
 */
function create_user_record($username, $password, $auth = 'manual')
{
    global $CFG, $DB;
    require_once $CFG->dirroot . '/user/profile/lib.php';
    require_once $CFG->dirroot . '/user/lib.php';
    // Just in case check text case.
    $username = trim(core_text::strtolower($username));
    $authplugin = get_auth_plugin($auth);
    $customfields = $authplugin->get_custom_user_profile_fields();
    $newuser = new stdClass();
    if ($newinfo = $authplugin->get_userinfo($username)) {
        $newinfo = truncate_userinfo($newinfo);
        foreach ($newinfo as $key => $value) {
            if (in_array($key, $authplugin->userfields) || in_array($key, $customfields)) {
                $newuser->{$key} = $value;
            }
        }
    }
    if (!empty($newuser->email)) {
        if (email_is_not_allowed($newuser->email)) {
            unset($newuser->email);
        }
    }
    if (!isset($newuser->city)) {
        $newuser->city = '';
    }
    $newuser->auth = $auth;
    $newuser->username = $username;
    // Fix for MDL-8480
    // user CFG lang for user if $newuser->lang is empty
    // or $user->lang is not an installed language.
    if (empty($newuser->lang) || !get_string_manager()->translation_exists($newuser->lang)) {
        $newuser->lang = $CFG->lang;
    }
    $newuser->confirmed = 1;
    $newuser->lastip = getremoteaddr();
    $newuser->timecreated = time();
    $newuser->timemodified = $newuser->timecreated;
    $newuser->mnethostid = $CFG->mnet_localhost_id;
    $newuser->id = user_create_user($newuser, false, false);
    // Save user profile data.
    profile_save_data($newuser);
    $user = get_complete_user_data('id', $newuser->id);
    if (!empty($CFG->{'auth_' . $newuser->auth . '_forcechangepassword'})) {
        set_user_preference('auth_forcepasswordchange', 1, $user);
    }
    // Set the password.
    update_internal_user_password($user, $password);
    // Trigger event.
    \core\event\user_created::create_from_userid($newuser->id)->trigger();
    return $user;
}
 function validation($data, $files)
 {
     global $CFG, $DB;
     $errors = parent::validation($data, $files);
     $authplugin = get_auth_plugin($CFG->registerauth);
     if ($DB->record_exists('user', array('username' => $data['username'], 'mnethostid' => $CFG->mnet_localhost_id))) {
         $errors['username'] = get_string('usernameexists');
     } else {
         //check allowed characters
         if ($data['username'] !== core_text::strtolower($data['username'])) {
             $errors['username'] = get_string('usernamelowercase');
         } else {
             if ($data['username'] !== core_user::clean_field($data['username'], 'username')) {
                 $errors['username'] = get_string('invalidusername');
             }
         }
     }
     //check if user exists in external db
     //TODO: maybe we should check all enabled plugins instead
     if ($authplugin->user_exists($data['username'])) {
         $errors['username'] = get_string('usernameexists');
     }
     if (!validate_email($data['email'])) {
         $errors['email'] = get_string('invalidemail');
     } else {
         if ($DB->record_exists('user', array('email' => $data['email']))) {
             $errors['email'] = get_string('emailexists') . ' <a href="forgot_password.php">' . get_string('newpassword') . '?</a>';
         }
     }
     if (empty($data['email2'])) {
         $errors['email2'] = get_string('missingemail');
     } else {
         if ($data['email2'] != $data['email']) {
             $errors['email2'] = get_string('invalidemail');
         }
     }
     if (!isset($errors['email'])) {
         if ($err = email_is_not_allowed($data['email'])) {
             $errors['email'] = $err;
         }
     }
     $errmsg = '';
     if (!check_password_policy($data['password'], $errmsg)) {
         $errors['password'] = $errmsg;
     }
     if ($this->signup_captcha_enabled()) {
         $recaptcha_element = $this->_form->getElement('recaptcha_element');
         if (!empty($this->_form->_submitValues['recaptcha_challenge_field'])) {
             $challenge_field = $this->_form->_submitValues['recaptcha_challenge_field'];
             $response_field = $this->_form->_submitValues['recaptcha_response_field'];
             if (true !== ($result = $recaptcha_element->verify($challenge_field, $response_field))) {
                 $errors['recaptcha'] = $result;
             }
         } else {
             $errors['recaptcha'] = get_string('missingrecaptchachallengefield');
         }
     }
     //check coupon coupon_code
     if (!($coupon = $DB->get_record('block_coupon', array('submission_code' => $data['coup'])))) {
         $errors['coup'] = get_string('error:invalid_coupon_code', 'block_coupon');
     } else {
         if (!is_null($coupon->userid)) {
             $errors['coup'] = get_string('error:coupon_already_used', 'block_coupon');
         }
     }
     // Validate customisable profile fields. (profile_validation expects an object as the parameter with userid set)
     $dataobject = (object) $data;
     $dataobject->id = 0;
     $errors += profile_validation($dataobject, $files);
     return $errors;
 }