/**
* adds a user profile fields category and registers it for access control
*
*/
function xmldb_block_user_mnet_hosts_install()
{
global $DB, $CFG;
// if typical user field category does exist, make some for us
if (!isset($CFG->accesscategory)) {
$accesscategory = new stdClass();
$accesscategory->name = get_string('accesscategory', 'block_user_mnet_hosts');
$accesscategory->sortorder = 1;
$id = $DB->insert_record('user_info_category', $accesscategory);
set_config('accesscategory', $id);
}
$thishostlabel = user_mnet_hosts_make_accesskey($CFG->wwwroot, false);
$thishostfield = user_mnet_hosts_make_accesskey($CFG->wwwroot, true);
if (!$DB->get_record('user_info_field', array('shortname' => $thishostfield))) {
$newfield = new stdClass();
$newfield->shortname = $thishostfield;
$newfield->name = get_string('fieldname', 'block_user_mnet_hosts') . ' ' . $thishostlabel;
$newfield->datatype = 'checkbox';
$newfield->locked = 1;
$newfield->visible = 0;
$newfield->categoryid = $CFG->accesscategory;
$DB->insert_record('user_info_field', $newfield);
}
return true;
}
/**
* set or unset an access to some peer
* @param int $userid
* @param bool $access true or false
* @param string $wwwroot optional host root to give acces to. the access filed name is computed from the wwwroot url
*/
function user_mnet_hosts_set_access($userid, $access, $wwwroot = null)
{
global $CFG, $DB;
if (!$wwwroot) {
$wwwroot = $CFG->wwwroot;
}
$accesskey = user_mnet_hosts_make_accesskey($wwwroot, true);
if (!($field = $DB->get_record('user_info_field', array('shortname' => $accesskey)))) {
// Try to setup install if results not having done before.
if ($wwwroot == $CFG->wwwroot) {
require_once $CFG->dirroot . '/blocks/user_mnet_hosts/db/install.php';
xmldb_block_user_mnet_hosts_install();
mtrace("Second chance {$accesskey} ");
$field = $DB->get_record('user_info_field', array('shortname' => $accesskey));
} else {
return false;
}
}
if ($data = $DB->get_record('user_info_data', array('userid' => $userid, 'fieldid' => $field->id))) {
$data->data = $access;
$DB->update_record('user_info_data', $data);
} else {
$data = new StdClass();
$data->userid = $userid;
$data->fieldid = $field->id;
$data->data = $access;
$DB->insert_record('user_info_data', $data);
}
}
function get_content()
{
global $THEME, $CFG, $USER, $PAGE, $OUTPUT, $DB, $SESSION, $COURSE;
if (empty($CFG->block_u_m_h_displaylimit)) {
set_config('block_u_m_h_displaylimit', 40);
}
$PAGE->requires->js('/blocks/user_mnet_hosts/js/jump.js');
// Only for logged in users!
if (!isloggedin() || isguestuser()) {
return false;
}
// Impeach local administrator to roam elsewhere.
if ($USER->username == 'admin' && $USER->auth == 'manual' && empty($CFG->user_mnet_hosts_admin_override)) {
$this->content = new StdClass();
$this->content->footer = $OUTPUT->notification(get_string('errorlocaladminconstrainted', 'block_user_mnet_hosts'));
return $this->content;
}
if (!is_enabled_auth('multimnet') && !is_enabled_auth('mnet')) {
// No need to query anything remote related.
$this->content = new StdClass();
$this->content->footer = $OUTPUT->notification(get_string('errormnetauthdisabled', 'block_user_mnet_hosts'));
return $this->content;
}
$systemcontext = context_system::instance();
// Check for outgoing roaming permission first.
if (!has_capability('moodle/site:mnetlogintoremote', $systemcontext, NULL, false)) {
if (has_capability('moodle/site:config', $systemcontext)) {
$this->content = new StdClass();
$this->content->footer = get_string('errornocapacitytologremote', 'block_user_mnet_hosts');
}
return '';
}
if ($this->content !== NULL) {
return $this->content;
}
$hosts = user_mnet_hosts_get_hosts();
$mnet_accesses = user_mnet_hosts_get_access_fields();
$this->content = new StdClass();
$this->content->items = array();
$this->content->icons = array();
$this->content->footer = '';
if ($hosts) {
$maxhosts = count($hosts);
$i = 0;
$j = 0;
foreach ($hosts as $host) {
$i++;
if ($maxhosts > $CFG->block_u_m_h_displaylimit) {
$SESSION->umhfilter = optional_param('umhfilter', @$SESSION->umhfilter, PARAM_TEXT);
if (!empty($SESSION->umhfilter)) {
if (!preg_match('/' . preg_quote($SESSION->umhfilter) . '/', $host->name)) {
continue;
}
}
}
// i all hosts / j visible only
$j++;
if ($maxhosts > $CFG->block_u_m_h_displaylimit && $j >= $CFG->block_u_m_h_displaylimit) {
if ($i < $maxhosts) {
$this->content->icons[] = '';
$this->content->items[] = get_string('usefiltertoreduce', 'block_user_mnet_hosts');
}
break;
}
// Implement user access filtering.
$hostaccesskey = strtolower(user_mnet_hosts_make_accesskey($host->wwwroot, false));
if ($host->application == 'moodle' || empty($CFG->block_u_m_h_maharapassthru)) {
if (empty($mnet_accesses[$hostaccesskey]) && !has_capability('block/user_mnet_hosts:accessall', context_system::instance())) {
continue;
}
}
$icon = '<img src="' . $OUTPUT->pix_url('/i/' . $host->application . '_host') . '" class="icon" alt="' . get_string('server', 'block_mnet_hosts') . '" />';
$this->content->icons[] = $icon;
$cleanname = preg_replace('/^https?:\\/\\//', '', $host->name);
$cleanname = str_replace('.', '', $cleanname);
$target = '';
if (@$CFG->user_mnet_hosts_new_window) {
$target = " target=\"{$cleanname}\" ";
$target = " target=\"_blank\" ";
}
if ($host->id == $USER->mnethostid) {
$this->content->items[] = "<a title=\"" . s($host->name) . "\" href=\"{$host->wwwroot}\" {$target} >" . s($host->name) . "</a>";
} else {
if (is_enabled_auth('multimnet')) {
$this->content->items[] = "<a title=\"" . s($host->name) . "\" href=\"javascript:multijump('{$CFG->wwwroot}','{$host->id}')\">" . s($host->name) . "</a>";
} else {
$this->content->items[] = "<a title=\"" . s($host->name) . "\" href=\"javascript:standardjump('{$CFG->wwwroot}','{$host->id}')\">" . s($host->name) . "</a>";
}
}
}
} else {
$this->content->footer = $OUTPUT->notification(get_string('nohostsforyou', 'block_user_mnet_hosts'));
}
if (count($hosts) > $CFG->block_u_m_h_displaylimit) {
$footer = '<form name="umhfilterform" action="#">';
$footer .= '<input type="hidden" name="id" value="' . $COURSE->id . '" />';
$footer .= '<input class="form-minify" type="text" name="umhfilter" value="' . @$SESSION->umhfilter . '" />';
$footer .= '<input class="form-minify" type="submit" name="go" value="' . get_string('filter', 'block_user_mnet_hosts') . '" />';
$footer .= '</form>';
$this->content->footer = $footer;
}
return $this->content;
}
/**
* Syncronizes user from external LDAP server to moodle user table
*
* Sync is now using username attribute.
*
* Syncing users removes or suspends users that dont exists anymore in external LDAP.
* Creates new users and updates coursecreator status of users.
*
* @param bool $do_updates will do pull in data updates from LDAP if relevant
*/
function local_ent_installer_sync_users($ldapauth, $options)
{
global $CFG, $DB, $MATCH_STATUS;
mtrace('');
$enable = get_config('local_ent_installer', 'sync_enable');
if (!$enable) {
mtrace(get_string('syncdisabled', 'local_ent_installer'));
return;
}
$USERFIELDS = local_ent_installer_load_user_fields();
$lastrun = get_config('local_ent_installer', 'last_sync_date');
mtrace(get_string('lastrun', 'local_ent_installer', userdate($lastrun)));
mtrace(get_string('connectingldap', 'auth_ldap'));
if (isset($CFG->auth_ldap_sync_user_type)) {
$ldapauth->config->user_type = $CFG->auth_ldap_sync_user_type;
}
if (isset($CFG->auth_ldap_sync_search_contexts)) {
$ldapauth->config->contexts = $CFG->auth_ldap_sync_search_contexts;
}
$ldapconnection = $ldapauth->ldap_connect();
$dbman = $DB->get_manager();
list($usec, $sec) = explode(' ', microtime());
$starttick = (double) $sec + (double) $usec;
// Define table user to be created.
$table = new xmldb_table('tmp_extuser');
$table->add_field('id', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, XMLDB_SEQUENCE, null);
$table->add_field('username', XMLDB_TYPE_CHAR, '100', null, XMLDB_NOTNULL, null, null);
$table->add_field('mnethostid', XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
$table->add_field('usertype', XMLDB_TYPE_CHAR, '16', null, null, null, null);
$table->add_field('lastmodified', XMLDB_TYPE_INTEGER, '11', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, null);
$table->add_key('primary', XMLDB_KEY_PRIMARY, array('id'));
$table->add_index('userprofile', XMLDB_INDEX_UNIQUE, array('mnethostid', 'username', 'usertype'));
mtrace(get_string('creatingtemptable', 'auth_ldap', 'tmp_extuser'));
if ($dbman->table_exists($table)) {
$dbman->drop_table($table);
}
$dbman->create_temp_table($table);
//
// get user's list from ldap to sql in a scalable fashion from different user profiles
// defined as LDAP filters
//
// prepare some data we'll need
$filters = array();
$institutionid = get_config('local_ent_installer', 'institution_id');
// Students.
if (empty($options['role']) || preg_match('/eleve/', $options['role'])) {
$filterdef = new StdClass();
$filterdef->institution = '(ENTPersonEtablissements=' . $institutionid . ')';
$filterdef->usertype = '(ENTPersonProfils=Eleves)';
$filterdef->userfield = 'eleve';
$filters[] = $filterdef;
}
// Teaching staff.
if (empty($options['role']) || preg_match('/enseignant/', $options['role'])) {
$filterdef = new StdClass();
$filterdef->institution = '(ENTPersonEtablissements=' . $institutionid . ')';
$filterdef->usertype = '(|(ENTPersonProfils=Professeurs)(ENTPersonProfils=Documentalistes)(ENTPersonProfils=ProfesseursVacataires)(ENTPersonProfils=Inspecteur))';
$filterdef->userfield = 'enseignant';
$filters[] = $filterdef;
}
// Non teaching staff.
if (empty($options['role']) || preg_match('/administration/', $options['role'])) {
$filterdef = new StdClass();
$filterdef->institution = '(ENTPersonEtablissements=' . $institutionid . ')';
$filterdef->usertype = '(|(ENTPersonProfils=Administrateurs)(ENTPersonProfils=Direction)(ENTPersonProfils=PersonnelAdministratif)(ENTPersonProfils=PersonnelNonEnseignant)' . '(ENTPersonProfils=AdministrateurITOP)(ENTPersonProfils=PersonnelVieScolaire)(ENTPersonProfils=ATOS)(ENTPersonProfils=PersonnelRectorat)(ENTPersonProfils=MissionTice)' . '(ENTPersonProfils=TuteurEntreprise)(ENTPersonProfils=CollectivitesLocales)(ENTPersonProfils=AccompagnementEducatif)(ENTPersonProfils=CPE)(ENTPersonProfils=Invite)' . '(ENTPersonProfils=AdminProjet))';
$filterdef->userfield = 'administration';
$filters[] = $filterdef;
}
$contexts = explode(';', $ldapauth->config->contexts);
if (!empty($ldapauth->config->create_context)) {
array_push($contexts, $ldapauth->config->create_context);
}
$ldap_pagedresults = ldap_paged_results_supported($ldapauth->config->ldap_version);
$ldap_cookie = '';
foreach ($filters as $filterdef) {
$filter = '(&(' . $ldapauth->config->user_attribute . '=*)' . $filterdef->usertype . $filterdef->institution . ')';
foreach ($contexts as $context) {
$context = trim($context);
if (empty($context)) {
continue;
}
do {
if ($ldap_pagedresults) {
ldap_control_paged_result($ldapconnection, $ldapauth->config->pagesize, true, $ldap_cookie);
}
if ($ldapauth->config->search_sub) {
// Use ldap_search to find first user from subtree.
mtrace("ldapsearch {$context}, {$filter} for " . $ldapauth->config->user_attribute);
$ldap_result = ldap_search($ldapconnection, $context, $filter, array($ldapauth->config->user_attribute, 'whenChanged'));
} else {
// Search only in this context.
mtrace("ldaplist {$context}, {$filter} for " . $ldapauth->config->user_attribute);
$ldap_result = ldap_list($ldapconnection, $context, $filter, array($ldapauth->config->user_attribute, 'whenChanged'));
}
if (!$ldap_result) {
continue;
}
if ($ldap_pagedresults) {
ldap_control_paged_result_response($ldapconnection, $ldap_result, $ldap_cookie);
}
if ($entry = @ldap_first_entry($ldapconnection, $ldap_result)) {
do {
$value = ldap_get_values_len($ldapconnection, $entry, $ldapauth->config->user_attribute);
$value = core_text::convert($value[0], $ldapauth->config->ldapencoding, 'utf-8');
$modify = ldap_get_values_len($ldapconnection, $entry, 'whenChanged');
// $modify = strtotime($modify[0]); // OpenLDAP version
if (preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $modify[0], $matches)) {
$year = $matches[1];
$month = $matches[2];
$day = $matches[3];
$hour = $matches[4];
$min = $matches[5];
$sec = $matches[6];
$modify = mktime($hour, $min, $sec, $month, $day, $year);
} else {
$modify = time();
}
local_ent_installer_ldap_bulk_insert($value, $filterdef->userfield, $modify);
} while ($entry = ldap_next_entry($ldapconnection, $entry));
}
unset($ldap_result);
// Free mem.
} while ($ldap_pagedresults && !empty($ldap_cookie));
}
}
/*
* If LDAP paged results were used, the current connection must be completely
* closed and a new one created, to work without paged results from here on.
*/
if ($ldap_pagedresults) {
$ldapauth->ldap_close(true);
$ldapconnection = $ldapauth->ldap_connect();
}
/*
* preserve our user database
* if the temp table is empty, it probably means that something went wrong, exit
* so as to avoid mass deletion of users; which is hard to undo
*/
$count = $DB->count_records_sql('SELECT COUNT(username) AS count, 1 FROM {tmp_extuser}');
if ($count < 1) {
mtrace(get_string('didntgetusersfromldap', 'auth_ldap'));
$dbman->drop_table($table);
$ldapauth->ldap_close(true);
return false;
} else {
mtrace(get_string('gotcountrecordsfromldap', 'auth_ldap', $count));
}
/********************** User removal. *****************************/
/*
* Find users in DB that aren't in ldap -- to be removed!
* this is still not as scalable (but how often do we mass delete?)
*/
if ($ldapauth->config->removeuser != AUTH_REMOVEUSER_KEEP) {
$sql = '
SELECT
u.*
FROM
{user} u
LEFT JOIN
{tmp_extuser} e
ON
(u.username = e.username AND u.mnethostid = e.mnethostid)
WHERE
u.auth = ? AND
u.deleted = 0 AND
e.username IS NULL
';
$real_user_auth = get_config('local_ent_installer', 'real_used_auth');
$remove_users = $DB->get_records_sql($sql, array($real_user_auth));
if (!empty($remove_users)) {
mtrace(get_string('userentriestoremove', 'auth_ldap', count($remove_users)));
foreach ($remove_users as $user) {
if ($ldapauth->config->removeuser == AUTH_REMOVEUSER_FULLDELETE) {
if (empty($options['simulate'])) {
if (empty($options['fulldelete'])) {
// Make a light delete of users, but keeping data for revival.
$user->deleted = 1;
try {
$DB->update_record('user', $user);
// Subscription does not work if it contains a user marked as deleted
$DB->delete_records('cohort_members', array('userid' => $user->id));
mtrace(get_string('auth_dbdeleteuser', 'auth_db', array('name' => $user->username, 'id' => $user->id)));
} catch (Exception $e) {
mtrace(get_string('auth_dbdeleteusererror', 'auth_db', $user->username));
}
} else {
// Make a complete delete of users, enrols, grades and data
if (delete_user($user)) {
echo "\t";
mtrace(get_string('auth_dbdeleteuser', 'auth_db', array('name' => $user->username, 'id' => $user->id)));
} else {
echo "\t";
mtrace(get_string('auth_dbdeleteusererror', 'auth_db', $user->username));
}
}
} else {
mtrace(get_string('simulateuserdelete', 'ent_installer', $user->username));
}
} elseif ($ldapauth->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
if (empty($options['simulate'])) {
$updateuser = new stdClass();
$updateuser->id = $user->id;
$updateuser->auth = 'nologin';
$DB->update_record('user', $updateuser);
echo "\t";
mtrace(get_string('auth_dbsuspenduser', 'auth_db', array('name' => $user->username, 'id' => $user->id)));
$euser = $DB->get_record('user', array('id' => $user->id));
//events_trigger('user_updated', $euser); => deprecated !
$event = core\event\user_updated::create_from_userid($euser->id);
$event->trigger();
} else {
mtrace(get_string('simulateusersuspend', 'ent_installer', $user->username));
}
}
}
} else {
mtrace(get_string('nouserentriestoremove', 'auth_ldap'));
}
unset($remove_users);
// free mem!
} else {
mtrace("AUTH_REMOVEUSER_KEEP is on or ldapauth config removeuser is off");
}
/********************* Revive suspended users. *********************************/
if (!empty($ldapauth->config->removeuser) && $ldapauth->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
$sql = "\n SELECT\n u.id, u.username\n FROM\n {user} u\n JOIN\n {tmp_extuser} e\n ON\n (u.username = e.username AND u.mnethostid = e.mnethostid)\n WHERE\n u.auth = 'nologin' AND u.deleted = 0\n ";
$revive_users = $DB->get_records_sql($sql);
if (!empty($revive_users)) {
mtrace(get_string('userentriestorevive', 'auth_ldap', count($revive_users)));
foreach ($revive_users as $user) {
$updateuser = new stdClass();
$updateuser->id = $user->id;
$updateuser->auth = $ldapauth->authtype;
$DB->update_record('user', $updateuser);
echo "\t";
mtrace(get_string('auth_dbreviveduser', 'auth_db', array('name' => $user->username, 'id' => $user->id)));
$euser = $DB->get_record('user', array('id' => $user->id));
//events_trigger('user_updated', $euser); => deprecated !
$event = core\event\user_updated::create_from_userid($euser->id);
$event->trigger();
}
} else {
mtrace(get_string('nouserentriestorevive', 'auth_ldap'));
}
unset($revive_users);
}
/****************************** User Updates - time-consuming (optional). ***************************/
// This might be an OBSOLETE code, regarding the updat ecapability of the create process.
if (!empty($options['doupdates'])) {
// Narrow down what fields we need to update.
$all_keys = array_keys(get_object_vars($ldapauth->config));
$updatekeys = array();
foreach ($all_keys as $key) {
if (preg_match('/^field_updatelocal_(.+)$/', $key, $match)) {
/*
* If we have a field to update it from
* and it must be updated 'onlogin' we
* update it on cron
*/
if (!empty($ldapauth->config->{'field_map_' . $match[1]}) && $ldapauth->config->{$match[0]} === 'onlogin') {
// The actual key name.
array_push($updatekeys, $match[1]);
}
}
}
unset($all_keys);
unset($key);
} else {
mtrace(get_string('noupdatestobedone', 'auth_ldap'));
}
if (@$options['doupdates'] and !empty($updatekeys)) {
// Run updates only if relevant.
$users = $DB->get_records_sql('SELECT u.username, u.id
FROM {user} u
WHERE u.deleted = 0 AND u.auth = ? AND u.mnethostid = ?', array($ldapauth->authtype, $CFG->mnet_localhost_id));
if (!empty($users)) {
mtrace(get_string('userentriestoupdate', 'auth_ldap', count($users)));
$sitecontext = context_system::instance();
if (!empty($ldapauth->config->creators) and !empty($ldapauth->config->memberattribute) && ($roles = get_archetype_roles('coursecreator'))) {
// We can only use one, let's use the first one.
$creatorrole = array_shift($roles);
} else {
$creatorrole = false;
}
$transaction = $DB->start_delegated_transaction();
$xcount = 0;
$maxxcount = 100;
foreach ($users as $user) {
echo "\t";
$tracestr = get_string('auth_dbupdatinguser', 'auth_db', array('name' => $user->username, 'id' => $user->id));
if (!$ldapauth->update_user_record($user->username, $updatekeys)) {
$tracestr .= ' - ' . get_string('skipped');
}
mtrace($tracestr);
$xcount++;
// Update course creators if needed.
if ($creatorrole !== false) {
if ($ldapauth->iscreator($user->username)) {
role_assign($creatorrole->id, $user->id, $sitecontext->id, $ldapauth->roleauth);
} else {
role_unassign($creatorrole->id, $user->id, $sitecontext->id, $ldapauth->roleauth);
}
}
}
$transaction->allow_commit();
unset($users);
// free mem
}
} else {
// End do updates.
mtrace(get_string('noupdatestobedone', 'auth_ldap'));
}
/***************************** User Additions or full profile update. **********************************/
/*
* Find users missing in DB that are in LDAP or users that have been modified since last run
* and gives me a nifty object I don't want.
* note: we do not care about deleted accounts anymore, this feature was replaced by suspending to nologin auth plugin
*/
if (empty($options['force'])) {
$sql = 'SELECT e.id, e.username, e.usertype
FROM {tmp_extuser} e
LEFT JOIN {user} u ON (e.username = u.username AND e.mnethostid = u.mnethostid)
WHERE u.id IS NULL OR (
e.lastmodified > ? ) ORDER BY e.username';
$params = array($lastrun);
} else {
$sql = 'SELECT e.id, e.username, e.usertype
FROM {tmp_extuser} e ORDER BY e.username';
$params = array();
}
$add_users = $DB->get_records_sql($sql, $params);
if (!empty($add_users)) {
mtrace(get_string('userentriestoadd', 'auth_ldap', count($add_users)));
$sitecontext = context_system::instance();
if (!empty($ldapauth->config->creators) && !empty($ldapauth->config->memberattribute) && ($roles = get_archetype_roles('coursecreator'))) {
// We can only use one, let's use the first one.
$creatorrole = array_shift($roles);
} else {
$creatorrole = false;
}
$inserterrorcount = 0;
$updateerrorcount = 0;
$insertcount = 0;
$updatecount = 0;
// Before processing each user we check that every common hosts access keys fields are correctly set up
if (file_exists($CFG->dirroot . '/blocks/user_mnet_hosts/locallib.php')) {
require_once $CFG->dirroot . '/blocks/user_mnet_hosts/locallib.php';
$like = $DB->sql_like('wwwroot', ':wwwroot', false, false);
$mainhosts = explode(',', @$CFG->mainhostprefix);
if (!empty($mainhosts)) {
foreach ($mainhosts as $hostwww) {
// Check if common hosts exist
if ($commonroots = $DB->get_records_select('mnet_host', " {$like} AND deleted <> 1 ", array('wwwroot' => $hostwww . '%'))) {
foreach ($commonroots as $root) {
// Check if current common host access key field exists, if not create one
$expectedname = user_mnet_hosts_make_accesskey($root->wwwroot, true);
$accessmainhost = $DB->get_records('user_info_field', array('shortname' => $expectedname), '', 'id');
if (!$accessmainhost) {
mtrace("Common host access key '{$expectedname}' not found");
if (!isset($CFG->accesscategory)) {
$accesscategory = new stdClass();
$accesscategory->name = get_string('accesscategory', 'block_user_mnet_hosts');
$accesscategory->sortorder = 1;
$id = $DB->insert_record('user_info_category', $accesscategory);
set_config('accesscategory', $id);
}
$hostkey = user_mnet_hosts_make_accesskey($root->wwwroot, false);
$newfield = new stdClass();
$newfield->shortname = $expectedname;
$newfield->name = get_string('fieldname', 'block_user_mnet_hosts') . ' ' . $hostkey;
$newfield->datatype = 'checkbox';
$newfield->locked = 1;
$newfield->categoryid = $CFG->accesscategory;
if ($DB->insert_record('user_info_field', $newfield)) {
mtrace("Common host access key created : {$expectedname}");
} else {
mtrace("Common host access key creation error : {$expectedname}");
}
}
}
}
}
}
}
// Before processing each user we check that custom field to store ENT profil & guid are correctly set up
$infoscateg = $DB->get_records('user_info_category', array('name' => 'Informations académiques'), '', 'id');
if (!empty($infoscateg)) {
$infoscateg = array_values($infoscateg);
$idinfocateg = $infoscateg[0]->id;
$profilent = $DB->get_records('user_info_field', array('shortname' => 'profilent'), '', 'id');
if (empty($profilent)) {
$maxsortorder = $DB->get_records_sql('SELECT MAX(sortorder) AS maxsortorder FROM {user_info_field} WHERE categoryid = ?', array($idinfocateg));
$maxsortorder = array_values($maxsortorder);
$sortordertoinsert = $maxsortorder[0]->maxsortorder + 1;
$user_info_field = new stdClass();
$user_info_field->shortname = 'profilent';
$user_info_field->name = 'Profil ENT';
$user_info_field->datatype = 'text';
$user_info_field->description = '<p>Les profils ENT sont utilisés pour traitements spécifiques post-synchronisation et proviennent du champ ENTPersonProfils du SDET<br></p>';
$user_info_field->descriptionformat = 1;
$user_info_field->categoryid = $idinfocateg;
$user_info_field->sortorder = $sortordertoinsert;
$user_info_field->required = 0;
$user_info_field->locked = 1;
$user_info_field->visible = 0;
$user_info_field->forceunique = 0;
$user_info_field->signup = 0;
$user_info_field->defaultdata = '';
$user_info_field->defaultdataformat = 0;
$user_info_field->param1 = '30';
$user_info_field->param2 = '2048';
$user_info_field->param3 = '0';
$user_info_field->param4 = '';
$user_info_field->param5 = '';
$fieldid = $DB->insert_record('user_info_field', $user_info_field);
mtrace("user_info_field : 'profilent' inserted !");
if ($USERFIELDS['profilent'] == 0 && $fieldid != 0) {
$USERFIELDS['profilent'] = $fieldid;
} else {
mtrace("user_info_field : cannot get id for 'profilent' !");
}
}
$guident = $DB->get_records('user_info_field', array('shortname' => 'guident'), '', 'id');
if (empty($guident)) {
$maxsortorder = $DB->get_records_sql('SELECT MAX(sortorder) AS maxsortorder FROM {user_info_field} WHERE categoryid = ?', array($idinfocateg));
$maxsortorder = array_values($maxsortorder);
$sortordertoinsert = $maxsortorder[0]->maxsortorder + 1;
$user_info_field = new stdClass();
$user_info_field->shortname = 'guident';
$user_info_field->name = 'Guid ENT';
$user_info_field->datatype = 'text';
$user_info_field->description = '<p><p>Le GUID ENT est utilisé pour la synchronisation des comptes et provient du champ AD objectGuid<br></p></p>';
$user_info_field->descriptionformat = 1;
$user_info_field->categoryid = $idinfocateg;
$user_info_field->sortorder = $sortordertoinsert;
$user_info_field->required = 0;
$user_info_field->locked = 1;
$user_info_field->visible = 0;
$user_info_field->forceunique = 0;
$user_info_field->signup = 0;
$user_info_field->defaultdata = '';
$user_info_field->defaultdataformat = 0;
$user_info_field->param1 = '36';
$user_info_field->param2 = '2048';
$user_info_field->param3 = '0';
$user_info_field->param4 = '';
$user_info_field->param5 = '';
$fieldid = $DB->insert_record('user_info_field', $user_info_field);
mtrace("user_info_field : 'guident' inserted !");
if ($USERFIELDS['guident'] == 0 && $fieldid != 0) {
$USERFIELDS['guident'] = $fieldid;
} else {
mtrace("user_info_field : cannot get id for 'guident' !");
}
}
} else {
mtrace("user_info_category : 'Informations académiques' missing !");
}
// We scan new proposed users from LDAP.
foreach ($add_users as $user) {
// Save usertype.
$usertype = $user->usertype;
$user = local_ent_installer_get_userinfo_asobj($ldapauth, $user->username, $options);
// Restore usertype in user.
$user->usertype = $usertype;
// Post filter of idnumber
list($foosdetprefix, $user->idnumber) = explode('$', $user->idnumber);
if (empty($user->firstname)) {
mtrace('ERROR : Missing firstname in incoming record ' . $user->username);
$updateerrorcount++;
continue;
}
if (empty($user->lastname)) {
mtrace('ERROR : Missing lastname in incoming record ' . $user->username);
$updateerrorcount++;
continue;
}
if (empty($user->email)) {
$user->email = local_ent_installer_generate_email($user);
}
// Prep a few params.
$user->modified = time();
$user->confirmed = 1;
$user->deleted = 0;
$user->suspended = 0;
// Authentication is the ldap plugin or a real auth plugin defined in setup.
$realauth = get_config('local_ent_installer', 'real_used_auth');
$user->auth = empty($realauth) ? $ldapauth->authtype : $realauth;
$user->mnethostid = $CFG->mnet_localhost_id;
$user->country = $CFG->country;
/*
* Get_userinfo_asobj() might have replaced $user->username with the value.
* from the LDAP server (which can be mixed-case). Make sure it's lowercase
*/
$user->username = trim(core_text::strtolower($user->username));
if (empty($user->lang)) {
$user->lang = $CFG->lang;
}
/*
* Process additional info for student :
* extra information fields transport and regime.
*/
if ($user->usertype == 'eleve') {
// Transport.
$user->profile_field_transport = 'Y' == @$user->ENTEleveTransport ? '1' : 0;
// Regime.
$user->profile_field_regime = @$user->ENTEleveRegime;
// Cohort (must have).
$user->profile_field_cohort = $user->ENTEleveClasses;
}
// Profil ENT
$user->profile_field_profil = $user->ENTPersonProfils;
// Guid ENT
$user->profile_field_guid = $user->objectGUID;
$personfunction = @$user->ENTPersonFonctions;
unset($user->ENTPersonFonctions);
// Get the last term of personfunction and set it as department.
if (!empty($personfunction)) {
preg_match('/\\$([^\\$]+)$/', $personfunction, $matches);
$user->department = $matches[1];
}
if (empty($options['simulate'])) {
// Creation/full update sequence.
$a = clone $user;
$a->function = $personfunction;
/*
* Special case : si there a matching policy possible for previous accounts NOT being
* created by this system ?
*/
try {
$oldrec = local_ent_installer_guess_old_record($user, $status);
} catch (Exception $e) {
mtrace('ERROR : Fail to bind user ' . $user->username);
if ($options['verbose']) {
trace_debug($e);
}
$inserterrorcount++;
continue;
}
if ($oldrec) {
$a->status = $MATCH_STATUS[$status];
$id = $user->id = $oldrec->id;
try {
$DB->update_record('user', $user);
mtrace(get_string('dbupdateuser', 'local_ent_installer', $a));
$updatecount++;
} catch (Exception $e) {
mtrace('ERROR : Fail to update user ' . $user->username);
if ($options['verbose']) {
trace_debug($e);
}
$updateerrorcount++;
continue;
}
} else {
try {
$id = $DB->insert_record('user', $user);
mtrace(get_string('dbinsertuser', 'local_ent_installer', $a));
$insertcount++;
} catch (Exception $e) {
mtrace('ERROR : Fail to insert user ' . $user->username);
if ($options['verbose']) {
trace_debug($e);
}
$inserterrorcount++;
continue;
}
}
} else {
$a = clone $user;
$a->function = $personfunction;
if (!($oldrec = local_ent_installer_guess_old_record($user, $status))) {
mtrace(get_string('dbinsertusersimul', 'local_ent_installer', $a));
} else {
$a->status = $MATCH_STATUS[$status];
mtrace(get_string('dbupdateusersimul', 'local_ent_installer', $a));
}
}
if (empty($options['simulate'])) {
$euser = $DB->get_record('user', array('id' => $id));
//events_trigger('user_created', $euser); => deprecated !
$event = core\event\user_created::create_from_userid($euser->id);
$event->trigger();
if (!empty($ldapauth->config->forcechangepassword)) {
set_user_preference('auth_forcepasswordchange', 1, $id);
}
// Cohort information / create/update cohorts.
if ($user->usertype == 'eleve') {
// Adds user to cohort and create cohort if missing.
$cohortshort = local_ent_installer_check_cohort($id, $user->profile_field_cohort);
local_ent_installer_update_info_data($id, $USERFIELDS['transport'], $user->profile_field_transport);
local_ent_installer_update_info_data($id, $USERFIELDS['regime'], $user->profile_field_regime);
local_ent_installer_update_info_data($id, $USERFIELDS['cohort'], $cohortshort);
if (isset($user->ENTEleveGroupes) && count($user->ENTEleveGroupes) > 0) {
foreach ($user->ENTEleveGroupes as $group) {
$cohortshort = local_ent_installer_check_cohort($id, $group, false, $options['verbose']);
}
}
}
// Create profil cohort to allow enrollment by profil
$cohortshort = local_ent_installer_check_cohort($id, $user->profile_field_profil, false, $options['verbose']);
if ($user->profile_field_profil == 'Administrateurs') {
if (isset($id)) {
$managerrole = $DB->get_record('role', array('shortname' => 'manager'));
role_assign($managerrole->id, $id, 1);
// 1=system context
} else {
mtrace('WARNING : Cannot assign role manager to ' . $user->username);
}
}
local_ent_installer_update_info_data($id, $USERFIELDS['profilent'], $user->profile_field_profil);
local_ent_installer_update_info_data($id, $USERFIELDS['guident'], $user->profile_field_guid);
// Add course creators if needed.
if ($creatorrole !== false and $ldapauth->iscreator($user->username)) {
role_assign($creatorrole->id, $id, $sitecontext->id, $ldapauth->roleauth);
}
// Process user_fields setup.
if (preg_match('#\\$CTR\\$#', $personfunction)) {
// Special case.
local_ent_installer_update_info_data($id, $USERFIELDS['cdt'], 1);
} else {
// Other user types.
local_ent_installer_update_info_data($id, $USERFIELDS[$user->usertype], 1);
}
if (file_exists($CFG->dirroot . '/blocks/user_mnet_hosts/locallib.php')) {
// user_mnet_hosts local library has already been included upstream of this script
// All users have access marked on self.
user_mnet_hosts_set_access($id, true);
// Setting default access field policy for powered users.
if ($user->usertype == 'enseignant' || $user->usertype == 'administration') {
$like = $DB->sql_like('wwwroot', ':wwwroot', false, false);
$mainhosts = explode(',', @$CFG->mainhostprefix);
$given = false;
if (!empty($mainhosts)) {
foreach ($mainhosts as $hostwww) {
if ($commonroots = $DB->get_records_select('mnet_host', " {$like} AND deleted <> 1 ", array('wwwroot' => $hostwww . '%'))) {
foreach ($commonroots as $root) {
$given = true;
user_mnet_hosts_set_access($id, true, $root->wwwroot);
}
}
}
}
if (!$given) {
mtrace('Giving teacher access : no common host found ');
}
}
}
// Add a workplace to teachers.
if ($user->usertype == 'enseignant') {
if (get_config('local_ent_installer', 'build_teacher_category')) {
if (isset($options['unassignteachercategoryrole'])) {
local_ent_installer_make_teacher_category($euser, $options['unassignteachercategoryrole']);
} else {
local_ent_installer_make_teacher_category($euser);
}
}
}
// Identify librarians and give library enabled role at system level.
if (preg_match('#\\$DOC\\$#', $personfunction)) {
if ($role = $DB->get_record('role', array('shortname' => 'librarian'))) {
$systemcontext = context_system::instance();
role_assign($role->id, $id, $systemcontext->id);
}
}
}
}
unset($add_users);
// free mem
} else {
mtrace(get_string('nouserstobeadded', 'auth_ldap'));
}
$ldapauth->ldap_close();
list($usec, $sec) = explode(' ', microtime());
$stoptick = (double) $sec + (double) $usec;
$deltatime = $stoptick - $starttick;
mtrace('Execution time : ' . $deltatime);
$benchrec = new StdClass();
$benchrec->timestart = floor($starttick);
$benchrec->timerun = ceil($deltatime);
$benchrec->added = 0 + @$insertcount;
$benchrec->updated = 0 + @$updatecount;
$benchrec->updateerrors = 0 + @$inserterrorcount;
$benchrec->inserterrors = 0 + @$updateerrorcount;
$DB->insert_record('local_ent_installer', $benchrec);
// Mark last time the user sync was run.
set_config('last_sync_date', time(), 'local_ent_installer');
try {
$dbman->drop_table($table);
} catch (Exception $e) {
}
return true;
}
$knownhosts = $DB->get_records('mnet_host', array('deleted' => '0'), '', 'id,wwwroot');
// Then we get all accessfields.
$accessfields = $DB->get_records_select('user_info_field', " shortname LIKE 'access%' ", array());
// We create local variables to monitor the actions.
$created = 0;
$ignored = 0;
$failed = 0;
// Now we need to oppose our hosts to our fields.
foreach ($knownhosts as $host) {
if ($host->wwwroot == '' || $host->wwwroot == $CFG->wwwroot) {
$ignored++;
continue;
}
$expectedname = user_mnet_hosts_make_accesskey($host->wwwroot, true);
// need cleaning name from hyphens
$hostkey = user_mnet_hosts_make_accesskey($host->wwwroot, false);
$results = false;
if ($accessfields) {
foreach ($accessfields as $field) {
//If we have a match, we do have the field, we can skip the host
if ($field->shortname == $expectedname) {
$results = true;
$ignored++;
break;
}
}
}
if (!$results) {
$newfield = new stdClass();
$newfield->shortname = $expectedname;
$newfield->name = get_string('fieldname', 'block_user_mnet_hosts') . ' ' . $hostkey;
/**
* Gets the access state for a user in a specified host knwon by wwwroot
* @param object $user
* @param string $wwwroot
*/
function user_mnet_host_read_access($user, $wwwroot)
{
global $OUTPUT, $DB;
if (empty($wwwroot)) {
if (debugging()) {
echo $OUTPUT->notification('Read access : empty host');
}
return;
}
if (empty($user)) {
if (debugging()) {
echo $OUTPUT->notification('Read access : empty user');
}
return;
}
// Power users always have all accesses open.
$context = context_system::instance();
if (has_capability('block/user_mnet_hosts:accessall', $context, $user->id)) {
return true;
}
$hostfieldname = user_mnet_hosts_make_accesskey($wwwroot, true);
if ($userfield = $DB->get_record('user_info_field', array('shortname' => $hostfieldname))) {
if ($accessrec = $DB->get_record('user_info_data', array('fieldid' => $userfield->id, 'userid' => $user->id))) {
return $accessrec->data;
}
}
return false;
}