Beispiel #1
0
     break;
     // Append an OpenID url to an account
 // Append an OpenID url to an account
 case 'append':
     if ($mode != null) {
         // We need to print a confirmation message before proceeding
         $resp = $authplugin->process_response($_GET, true);
         if ($resp !== false) {
             $url = $resp->identity_url;
             $file = 'confirm_append.html';
         }
     } elseif ($confirm) {
         if (!confirm_sesskey()) {
             error('Bad Session Key');
         } else {
             openid_append_url($USER, $url);
         }
     } elseif ($cancel) {
         error(get_string('action_cancelled', 'auth_openid'));
     } elseif ($url != null) {
         if (openid_already_exists($url)) {
             error(get_string('auth_openid_url_exists', 'auth_openid', $url));
         } else {
             $params['openid_action'] = 'append';
             $authplugin->do_request(false, $CFG->wwwroot . '/auth/openid/actions.php', $params);
         }
     }
     break;
     // Delete OpenIDs from an account
 // Delete OpenIDs from an account
 case 'delete':
Beispiel #2
0
/**
 * Changes a non-OpenID user's account to OpenID
 *
 * @param object $user
 * @param string $openid_url
 * @uses $CFG
 * @uses $USER
 * @return boolean
 */
function openid_change_user_account(&$user, $openid_url, $logout = false)
{
    global $CFG, $USER;
    // We don't want to allow admin or guest users to be changed
    if (isguestuser($user) || is_siteadmin($user->id)) {
        logout_tmpuser_error(get_string('auth_openid_cannot_change_user', 'auth_openid'), $logout);
    }
    $config = get_config('auth/openid');
    $allow_change = $config->auth_openid_allow_account_change == 'true';
    $user = get_complete_user_data('id', $user->id);
    if (empty($user)) {
        logout_tmpuser_error(get_string('auth_openid_not_logged_in', 'auth_openid'), $logout);
        return false;
    }
    if (!$allow_change) {
        logout_tmpuser_error(get_string('auth_openid_cannot_change_accounts', 'auth_openid'), $logout);
        return false;
    }
    if (openid_already_exists($openid_url)) {
        logout_tmpuser_error(get_string('auth_openid_url_exists', 'auth_openid', $openid_url), $logout);
        return false;
    }
    if ($user->auth != 'openid') {
        $user->auth = 'openid';
        // avoid nasty bug from apostrophy in user's first/last/user-name fields
        $user->firstname = addslashes(stripslashes($user->firstname));
        $user->lastname = addslashes(stripslashes($user->lastname));
        $user->username = addslashes(stripslashes($user->username));
        if (update_record('user', $user) !== false) {
            openid_append_url($user, $openid_url);
            $USER = get_complete_user_data('id', $user->id);
            if ($config->auth_openid_email_on_change == 'true') {
                // send user email with OpenID URL
                $adminuser = get_admin();
                $strdata = new stdClass();
                $strdata->user_name = fullname($USER);
                $strdata->moodle_site = $CFG->wwwroot;
                $strdata->openid_url = $openid_url;
                $strdata->admin_name = fullname($adminuser);
                $message = get_string('openid_email_text', 'auth_openid', $strdata);
                $messagehtml = text_to_html($message, false, false);
                email_to_user($USER, $adminuser, get_string('openid_email_subject', 'auth_openid'), $message, $messagehtml);
            }
            return true;
        }
    }
    return false;
}
Beispiel #3
0
 /**
  * Create a new account using simple registration data if available
  *
  * @access private
  * @param object &$resp An OpenID consumer response object
  * @return object The new user
  */
 function _create_account(&$resp)
 {
     global $CFG, $USER;
     $url = $resp->identity_url;
     $password = hash_internal_user_password('openid');
     $server = $resp->endpoint->server_url;
     $sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp);
     $sreg = $sreg_resp->contents();
     // We'll attempt to use the user's nickname to set their username
     if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !record_exists('users', 'username', $sreg['nickname'])) {
         $username = $sreg['nickname'];
     } else {
         $username = openid_normalize_url_as_username($url);
     }
     create_user_record($username, $password, 'openid');
     $user = get_complete_user_data('username', $username);
     openid_append_url($user, $url);
     // SREG fullname
     if (isset($sreg['fullname']) && !empty($sreg['fullname'])) {
         $name = openid_parse_full_name($sreg['fullname']);
         $user->firstname = $name['first'];
         $user->lastname = $name['last'];
     }
     // SREG email
     if (isset($sreg['email']) && !empty($sreg['email']) && !record_exists('user', 'email', $sreg['email'])) {
         $user->email = $sreg['email'];
     }
     // SREG country
     if (isset($sreg['country']) && !empty($sreg['country'])) {
         $country = $sreg['country'];
         $country_code = strtoupper($country);
         $countries = get_list_of_countries();
         if (strlen($country) != 2 || !isset($countries[$country_code])) {
             $countries_keys = array_keys($countries);
             $countries_vals = array_values($countries);
             $country_code = array_search($country, $countries_vals);
             if ($country_code > 0) {
                 $country_code = $countries_keys[$country_code];
             } else {
                 $country_code = '';
             }
         }
         if (!empty($country_code)) {
             $user->country = $country_code;
         }
     }
     /* We're currently not attempting to get language and timezone values
        // SREG language
        if (isset($sreg['language']) && !empty($sreg['language'])) {
        }
        
        // SREG timezone
        if (isset($sreg['timezone']) && !empty($sreg['timezone'])) {
        }
        */
     if (function_exists('on_openid_create_account')) {
         on_openid_create_account($resp, $user);
     }
     update_record('user', $user);
     $user = get_complete_user_data('id', $user->id);
     // Redirect the user to their profile page if not set up properly
     if (!empty($user) && user_not_fully_set_up($user)) {
         $USER = clone $user;
         $urltogo = $CFG->wwwroot . '/user/edit.php';
         redirect($urltogo);
     }
     return $user;
 }
Beispiel #4
0
 /**
  * Open user account using SREG & AX data if available
  * If no matching user found and create flag is true, creates new user account
  *
  * @access private
  * @param object &$resp An OpenID consumer response object
  * @param boolean $create_flag - set if account creation permitted, default: true
  * @uses $CFG
  * @uses $USER
  * @uses $openid_tmp_login
  * @return object The new user
  */
 function _open_account(&$resp, $create_flag = true)
 {
     global $CFG, $USER, $openid_tmp_login;
     $url = $resp->identity_url;
     $password = hash_internal_user_password('openid');
     $server = $resp->endpoint->server_url;
     $user = openid_resp_to_user($resp);
     if ($user == false) {
         // multiple matches to users! Don't know which user to pick.
         print_error('auth_openid_multiple_matches', 'auth_openid');
         return false;
         // won't get here.
     }
     if (isset($user->id)) {
         $openid_tmp_login = true;
         $openid_action = 'change';
         if ($user->auth == 'openid') {
             if (empty($this->config->auth_openid_allow_muliple)) {
                 print_error('auth_openid_no_multiple', 'auth_openid');
                 return false;
             }
             $openid_action = 'append';
         } else {
             if (empty($this->config->auth_openid_confirm_switch)) {
                 openid_if_unique_change_account($user, $url);
                 return $USER;
             }
         }
         $USER = clone $user;
         // To clone or not to clone
         //$mode = optional_param('openid_mode', null);
         //error_log("auth/openid/auth.php::_open_account() setting openid_mode={$mode} (openid_process_url={$openid_process_url})");
         redirect("{$CFG->wwwroot}/auth/openid/actions.php?openid_tmp_login=1&openid_action={$openid_action}&openid_url={$url}");
         // Try to get it not to make second request to be accepted, double confirm - TBD: openid_mode=???
     }
     if (!$create_flag) {
         // Error: This site is configured to disallow new users via OpenID
         print_error('auth_openid_require_account', 'auth_openid');
         return false;
         // won't get here.
     }
     $usertmp = create_user_record($user->username, $password, 'openid');
     $user->id = $usertmp->id;
     openid_append_url($user, $url);
     if (!isset($user->city) || $user->city == '') {
         //use "*" as the default city name
         $user->city = '*';
     }
     if (empty($user->country) && !empty($CFG->country)) {
         //use the configured default country code
         $user->country = $CFG->country;
     }
     if (empty($user->country)) {
         //out of other options, to try to copy the admin's country
         if ($admin = get_admin()) {
             $user->country = $admin->country;
         }
     }
     update_record('user', $user);
     $user = get_complete_user_data('id', $user->id);
     events_trigger('user_created', $user);
     // BJB120125 - moved from below redirect for alfresco, etc...
     if (function_exists('on_openid_create_account')) {
         on_openid_create_account($resp, $user);
     }
     // Redirect the user to their profile page if not set up properly
     if (!empty($user) && user_not_fully_set_up($user)) {
         $USER = clone $user;
         $urltogo = $CFG->wwwroot . '/user/edit.php';
         redirect($urltogo);
     }
     if (openid_server_requires_confirm($server, $this->config)) {
         $secret = random_string(15);
         set_field('user', 'secret', $secret, 'id', $user->id);
         $user->secret = $secret;
         set_field('user', 'confirmed', 0, 'id', $user->id);
         $user->confirmed = 0;
         openid_send_confirmation_email($user);
     }
     return $user;
 }
Beispiel #5
0
/**
 * Changes a non-OpenID user's account to OpenID
 *
 * @param object $user
 * @param string $openid_url
 * @return boolean
 */
function openid_change_user_account(&$user, $openid_url)
{
    // We don't want to allow admin or guest users to be changed
    if ($user->username == 'admin' || $user->username == 'guest') {
        error('Cannot change that user!');
    }
    $config = get_config('auth/openid');
    $allow_change = $config->auth_openid_allow_account_change == 'true';
    $user = get_complete_user_data('id', $user->id);
    if (empty($user)) {
        error('Not logged in');
        return false;
    }
    if (!$allow_change) {
        error('Cannot change accounts');
        return false;
    }
    if (openid_already_exists($openid_url)) {
        error(get_string('auth_openid_url_exists', 'auth_openid', $openid_url));
        return false;
    }
    if ($user->auth != 'openid') {
        $user->auth = 'openid';
        if (update_record('user', $user) !== false) {
            openid_append_url($user, $openid_url);
            return true;
        }
    }
    return false;
}