public function test_apply_concurrent_login_limit()
{
global $DB;
$this->resetAfterTest();
$user1 = $this->getDataGenerator()->create_user();
$user2 = $this->getDataGenerator()->create_user();
$guest = guest_user();
$record = new \stdClass();
$record->state = 0;
$record->sessdata = null;
$record->userid = $user1->id;
$record->timemodified = time();
$record->firstip = $record->lastip = '10.0.0.1';
$record->sid = md5('hokus1');
$record->timecreated = 20;
$DB->insert_record('sessions', $record);
$record->sid = md5('hokus2');
$record->timecreated = 10;
$DB->insert_record('sessions', $record);
$record->sid = md5('hokus3');
$record->timecreated = 30;
$DB->insert_record('sessions', $record);
$record->userid = $user2->id;
$record->sid = md5('pokus1');
$record->timecreated = 20;
$DB->insert_record('sessions', $record);
$record->sid = md5('pokus2');
$record->timecreated = 10;
$DB->insert_record('sessions', $record);
$record->sid = md5('pokus3');
$record->timecreated = 30;
$DB->insert_record('sessions', $record);
$record->timecreated = 10;
$record->userid = $guest->id;
$record->sid = md5('g1');
$DB->insert_record('sessions', $record);
$record->sid = md5('g2');
$DB->insert_record('sessions', $record);
$record->sid = md5('g3');
$DB->insert_record('sessions', $record);
$record->userid = 0;
$record->sid = md5('nl1');
$DB->insert_record('sessions', $record);
$record->sid = md5('nl2');
$DB->insert_record('sessions', $record);
$record->sid = md5('nl3');
$DB->insert_record('sessions', $record);
set_config('limitconcurrentlogins', 0);
$this->assertCount(12, $DB->get_records('sessions'));
\core\session\manager::apply_concurrent_login_limit($user1->id);
\core\session\manager::apply_concurrent_login_limit($user2->id);
\core\session\manager::apply_concurrent_login_limit($guest->id);
\core\session\manager::apply_concurrent_login_limit(0);
$this->assertCount(12, $DB->get_records('sessions'));
set_config('limitconcurrentlogins', -1);
\core\session\manager::apply_concurrent_login_limit($user1->id);
\core\session\manager::apply_concurrent_login_limit($user2->id);
\core\session\manager::apply_concurrent_login_limit($guest->id);
\core\session\manager::apply_concurrent_login_limit(0);
$this->assertCount(12, $DB->get_records('sessions'));
set_config('limitconcurrentlogins', 2);
\core\session\manager::apply_concurrent_login_limit($user1->id);
$this->assertCount(11, $DB->get_records('sessions'));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 20)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 30)));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 10)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10)));
set_config('limitconcurrentlogins', 2);
\core\session\manager::apply_concurrent_login_limit($user2->id, md5('pokus2'));
$this->assertCount(10, $DB->get_records('sessions'));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10)));
\core\session\manager::apply_concurrent_login_limit($guest->id);
\core\session\manager::apply_concurrent_login_limit(0);
$this->assertCount(10, $DB->get_records('sessions'));
set_config('limitconcurrentlogins', 1);
\core\session\manager::apply_concurrent_login_limit($user1->id, md5('grrr'));
$this->assertCount(9, $DB->get_records('sessions'));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 20)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 30)));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 10)));
\core\session\manager::apply_concurrent_login_limit($user1->id);
$this->assertCount(9, $DB->get_records('sessions'));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 20)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 30)));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 10)));
\core\session\manager::apply_concurrent_login_limit($user2->id, md5('pokus2'));
$this->assertCount(8, $DB->get_records('sessions'));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20)));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10)));
\core\session\manager::apply_concurrent_login_limit($user2->id);
$this->assertCount(8, $DB->get_records('sessions'));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20)));
$this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30)));
$this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10)));
\core\session\manager::apply_concurrent_login_limit($guest->id);
\core\session\manager::apply_concurrent_login_limit(0);
$this->assertCount(8, $DB->get_records('sessions'));
}
unset($SESSION->lang);
}
}
if (empty($user->confirmed)) {
// This account was never confirmed
$PAGE->set_title(get_string("mustconfirm"));
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string("mustconfirm"));
echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter");
echo $OUTPUT->footer();
die;
}
/// Let's get them all set up.
complete_user_login($user);
\core\session\manager::apply_concurrent_login_limit($user->id, session_id());
// sets the username cookie
if (!empty($CFG->nolastloggedin)) {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
} else {
if (empty($CFG->rememberusername) or $CFG->rememberusername == 2 and empty($frm->rememberusername)) {
// no permanent cookies, delete old one if exists
set_moodle_cookie('');
} else {
set_moodle_cookie($USER->username);
}
}
$urltogo = core_login_get_return_url();
/// check if user password has expired
/**
* This function processes a user's submitted token to validate the request to set a new password.
* If the user's token is validated, they are prompted to set a new password.
* @param string $token the one-use identifier which should verify the password reset request as being valid.
* @return void
*/
function core_login_process_password_set($token)
{
global $DB, $CFG, $OUTPUT, $PAGE, $SESSION;
require_once $CFG->dirroot . '/user/lib.php';
$pwresettime = isset($CFG->pwresettime) ? $CFG->pwresettime : 1800;
$sql = "SELECT u.*, upr.token, upr.timerequested, upr.id as tokenid\n FROM {user} u\n JOIN {user_password_resets} upr ON upr.userid = u.id\n WHERE upr.token = ?";
$user = $DB->get_record_sql($sql, array($token));
$forgotpasswordurl = "{$CFG->httpswwwroot}/login/forgot_password.php";
if (empty($user) or $user->timerequested < time() - $pwresettime - DAYSECS) {
// There is no valid reset request record - not even a recently expired one.
// (suspicious)
// Direct the user to the forgot password page to request a password reset.
echo $OUTPUT->header();
notice(get_string('noresetrecord'), $forgotpasswordurl);
die;
// Never reached.
}
if ($user->timerequested < time() - $pwresettime) {
// There is a reset record, but it's expired.
// Direct the user to the forgot password page to request a password reset.
$pwresetmins = floor($pwresettime / MINSECS);
echo $OUTPUT->header();
notice(get_string('resetrecordexpired', '', $pwresetmins), $forgotpasswordurl);
die;
// Never reached.
}
if ($user->auth === 'nologin' or !is_enabled_auth($user->auth)) {
// Bad luck - user is not able to login, do not let them set password.
echo $OUTPUT->header();
print_error('forgotteninvalidurl');
die;
// Never reached.
}
// Check this isn't guest user.
if (isguestuser($user)) {
print_error('cannotresetguestpwd');
}
// Token is correct, and unexpired.
$mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"');
$data = $mform->get_data();
if (empty($data)) {
// User hasn't submitted form, they got here directly from email link.
// Next, display the form.
$setdata = new stdClass();
$setdata->username = $user->username;
$setdata->username2 = $user->username;
$setdata->token = $user->token;
$mform->set_data($setdata);
$PAGE->verify_https_required();
echo $OUTPUT->header();
echo $OUTPUT->box(get_string('setpasswordinstructions'), 'generalbox boxwidthnormal boxaligncenter');
$mform->display();
echo $OUTPUT->footer();
return;
} else {
// User has submitted form.
// Delete this token so it can't be used again.
$DB->delete_records('user_password_resets', array('id' => $user->tokenid));
$userauth = get_auth_plugin($user->auth);
if (!$userauth->user_update_password($user, $data->password)) {
print_error('errorpasswordupdate', 'auth');
}
user_add_password_history($user->id, $data->password);
if (!empty($CFG->passwordchangelogout)) {
\core\session\manager::kill_user_sessions($user->id, session_id());
}
// Reset login lockout (if present) before a new password is set.
login_unlock_account($user);
// Clear any requirement to change passwords.
unset_user_preference('auth_forcepasswordchange', $user);
unset_user_preference('create_password', $user);
if (!empty($user->lang)) {
// Unset previous session language - use user preference instead.
unset($SESSION->lang);
}
complete_user_login($user);
// Triggers the login event.
\core\session\manager::apply_concurrent_login_limit($user->id, session_id());
$urltogo = core_login_get_return_url();
unset($SESSION->wantsurl);
redirect($urltogo, get_string('passwordset'), 1);
}
}
