/**
* Validates the user account and enrolment (ensures there is an avatar linked to a VLE account, and that the VLE account is enrolled in the current course).
* Attempts auto-registration/enrolment if that is allowed and required, and logs-in the user.
* Server access level is checked if it is specified in the request parameters.
* If the request indicates that it relates to an object, then the validation fails.
* Note: if you only require to ensure that an avatar is registered, then use {@link validate_avatar()}.
* @param bool $require If true, the script will be terminated with an error message if validation fails
* @param bool $suppress_autoreg If true, auto-registration will be completely suppressed for this function call
* @param bool $suppress_autoenrol If true, auto-enrolment will be completely suppressed for this function call
* @return bool Returns true if validation and/or autoregistration were successful. Returns false on failure (unless $require was true).
* @see SloodleSession::validate_avatar()
*/
function validate_user($require = true, $suppress_autoreg = false, $suppress_autoenrol = false)
{
// Is it an object request?
if ($this->request->is_object_request()) {
if ($require) {
$this->response->quick_output(-301, 'USER_AUTH', 'Cannot validate object as user.', false);
exit;
}
return false;
}
// Was a server access level specified in the request?
$sal = $this->request->get_server_access_level(false);
if ($sal != null) {
// Check what level was specified
$sal = (int) $sal;
$allowed = false;
$reason = 'Unknown.';
switch ($sal) {
case SLOODLE_SERVER_ACCESS_LEVEL_PUBLIC:
// Always allowed
$allowed = true;
break;
case SLOODLE_SERVER_ACCESS_LEVEL_COURSE:
// Is a course already loaded?
if (!$this->course->is_loaded()) {
$reason = 'No course loaded.';
break;
}
// Was a user account already fully loaded?
if ($this->user->is_avatar_linked()) {
// Is the user enrolled on the current course?
if ($this->user->is_enrolled($this->course->get_course_id())) {
$allowed = true;
} else {
$reason = 'User not enrolled in course.';
}
} else {
$reason = 'User not registered on site.';
}
break;
case SLOODLE_SERVER_ACCESS_LEVEL_SITE:
// Was a user account already fully loaded?
if ($this->user->is_avatar_linked()) {
$allowed = true;
} else {
$reason = 'User not registered on site.';
}
break;
case SLOODLE_SERVER_ACCESS_LEVEL_STAFF:
// Is a course already loaded?
if (!$this->course->is_loaded()) {
$reason = 'No course loaded.';
break;
}
// Was a user account already fully loaded?
if ($this->user->is_avatar_linked()) {
// Is the user staff on the current course?
if ($this->user->is_staff($this->course->get_course_id())) {
$allowed = true;
} else {
$reason = 'User not staff in course.';
}
} else {
$reason = 'User not registered on site.';
}
break;
default:
// Unknown access level
$reason = 'Access level not recognised';
break;
}
// Was the user blocked by access level?
if (!$allowed) {
if ($require) {
$this->response->quick_output(-331, 'USER_AUTH', $reason, false);
exit;
}
return false;
}
}
// REGISTRATION //
// Make sure a the course is loaded
if (!$this->course->is_loaded()) {
if ($require) {
$this->response->quick_output(-511, 'COURSE', 'Cannot validate user - no course data loaded.', false);
exit;
}
return false;
}
// Is the user already loaded?
if (!$this->user->is_avatar_linked()) {
// If an avatar is loaded, but the user isn't, then we probably have a deleted Moodle user
if ($this->user->is_avatar_loaded() == true && $this->user->is_user_loaded() == false) {
$this->response->quick_output(-301, 'USER_AUTH', 'Avatar linked to deleted user account', false);
exit;
}
// Make sure avatar details were provided
$uuid = $this->request->get_avatar_uuid(false);
$avname = $this->request->get_avatar_name(false);
// Is validation required?
if ($require) {
// Check the UUID
if (empty($uuid)) {
$this->response->quick_output(-311, 'USER_AUTH', 'User UUID required', false);
exit;
}
// Check the name
if (empty($avname)) {
$this->response->quick_output(-311, 'USER_AUTH', 'Avatar name required', false);
exit;
}
} else {
if (empty($uuid) || empty($avname)) {
// If there was a problem, just stop
return false;
}
}
// Ensure autoreg is not suppressed, and that it is permitted on that course and on the site
if ($suppress_autoreg == true || $this->course->check_autoreg() == false) {
if ($require) {
$this->response->quick_output(-321, 'USER_AUTH', 'User not registered, and auto-registration of users was not permitted', false);
exit;
}
return false;
}
// It is important that we also check auto-enrolment here.
// If that is not enabled, but the call here requires it, then there is no point registering the user.
if ($suppress_autoenrol == true || $this->course->check_autoenrol() == false) {
if ($require) {
$this->response->quick_output(-421, 'USER_ENROL', 'User not enrolled, and auto-enrolment of users was not permitted', false);
exit;
}
return false;
}
// Is there an avatar loaded?
if (!$this->user->is_avatar_loaded()) {
// Add the avatar details, linked to imaginary user 0
if (!$this->user->add_linked_avatar(0, $uuid, $avname)) {
if ($require) {
$this->response->quick_output(-322, 'USER_AUTH', 'Failed to add new avatar', false);
exit;
}
return false;
}
}
// If we reached here then we definitely have an avatar
// Create a matching Moodle user
$password = $this->user->autoregister_avatar_user();
if ($password === FALSE) {
if ($require) {
$this->response->quick_output(-322, 'USER_AUTH', 'Failed to register new user account', false);
exit;
}
return false;
}
// Add a side effect code to our response data
$this->response->add_side_effect(322);
// The user needs to be notified of their new username/password
if (isset($_SERVER['HTTP_X_SECONDLIFE_OBJECT_KEY'])) {
sloodle_login_notification($_SERVER['HTTP_X_SECONDLIFE_OBJECT_KEY'], $uuid, $this->user->get_username(), $password);
}
}
// ENROLMENT //
// Is the user already enrolled on the course?
if (!$this->user->is_enrolled($this->course->get_course_id())) {
// Ensure auto-enrolment is not suppressed, and that it is permitted on that course and on the site
if ($suppress_autoenrol == true || $this->course->check_autoenrol() == false) {
if ($require) {
$this->response->quick_output(-421, 'USER_ENROL', 'Auto-enrolment of users was not permitted', false);
exit;
}
return false;
}
// Attempt to enrol the user
if (!$this->user->enrol()) {
if ($require) {
$this->response->quick_output(-422, 'USER_ENROL', 'Auto-enrolment failed', false);
exit;
}
return false;
}
// Add a side effect code to our response data
$this->response->add_side_effect(422);
}
// Make sure the user is logged-in
return $this->user->login();
}