function validation($data, $files)
{
global $USER;
$errors = parent::validation($data, $files);
update_login_count();
// ignore submitted username
if (!($user = authenticate_user_login($USER->username, $data['password']))) {
$errors['password'] = get_string('invalidlogin');
return $errors;
}
reset_login_count();
if ($data['newpassword1'] != $data['newpassword2']) {
$errors['newpassword1'] = get_string('passwordsdiffer');
$errors['newpassword2'] = get_string('passwordsdiffer');
return $errors;
}
if ($data['password'] == $data['newpassword1']) {
$errors['newpassword1'] = get_string('mustchangepassword');
$errors['newpassword2'] = get_string('mustchangepassword');
return $errors;
}
$errmsg = '';
//prevents eclipse warnings
if (!check_password_policy($data['newpassword1'], $errmsg)) {
$errors['newpassword1'] = $errmsg;
$errors['newpassword2'] = $errmsg;
return $errors;
}
return $errors;
}
function validation($data)
{
global $USER;
$errors = array();
update_login_count();
// ignore submitted username
if (!($user = authenticate_user_login($USER->username, $data['password']))) {
$errors['password'] = get_string('invalidlogin');
return $errors;
}
reset_login_count();
if ($data['newpassword1'] != $data['newpassword2']) {
$errors['newpassword1'] = get_string('passwordsdiffer');
$errors['newpassword2'] = get_string('passwordsdiffer');
return $errors;
}
if ($data['password'] == $data['newpassword1']) {
$errors['newpassword1'] = get_string('mustchangepassword');
$errors['newpassword2'] = get_string('mustchangepassword');
return $errors;
}
return true;
}
function validation($data, $files)
{
global $USER;
$errors = parent::validation($data, $files);
update_login_count();
// ignore submitted username
if (!($user = authenticate_user_login($USER->username, $data['password']))) {
$errors['password'] = get_string('invalidlogin');
return $errors;
}
reset_login_count();
if ($data['newpassword1'] != $data['newpassword2']) {
$errors['newpassword1'] = get_string('passwordsdiffer');
$errors['newpassword2'] = get_string('passwordsdiffer');
return $errors;
}
if ($data['password'] == $data['newpassword1']) {
$errors['newpassword1'] = get_string('mustchangepassword');
$errors['newpassword2'] = get_string('mustchangepassword');
return $errors;
}
$errmsg = '';
//prevents eclipse warnings
if (!check_password_policy($data['newpassword1'], $errmsg)) {
$errors['newpassword1'] = $errmsg;
$errors['newpassword2'] = $errmsg;
return $errors;
}
// Added by SMS 8/7/2011: To make sure the password does not include special
// characters that may result in issues when synching the password with vms
if (!isValidPassword($data['newpassword1'])) {
$errors['newpassword1'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
$errors['newpassword2'] .= 'Your password cannot contain the following characters: " / \\ [ ] : ; | = , + * ? < > @ & !';
}
return $errors;
}
$days2expire = $userauth->password_expire($USER->username);
$PAGE->set_title("{$site->fullname}: {$loginsite}");
$PAGE->set_heading("{$site->fullname}");
if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
exit;
} elseif (intval($days2expire) < 0) {
echo $OUTPUT->header();
echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
echo $OUTPUT->footer();
exit;
}
}
reset_login_count();
// test the session actually works by redirecting to self
$SESSION->wantsurl = $urltogo;
redirect(new moodle_url(get_login_url(), array('testsession' => $USER->id)));
} else {
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}
}
}
/// Detect problems with timedout sessions
if ($session_has_timed_out and !data_submitted()) {
$errormsg = get_string('sessionerroruser', 'error');
$errorcode = 4;
}
/**
* Post authentication hook.
* This method is called from authenticate_user_login() for all enabled auth plugins.
*
* @param object $user user object, later used for $USER
* @param string $username (with system magic quotes)
* @param string $password plain text password (with system magic quotes)
*/
function user_authenticated_hook(&$user, $username, $password)
{
global $SESSION;
global $CFG;
global $DB;
$record = $DB->get_record('block_gdata_gapps', array('userid' => $user->id));
if (empty($record) || !empty($record->remove)) {
return true;
}
// Shouldn't need due to Gmail using OAuth
//
// TODO: IMPORTANT user_auth hook gets called for all plugins so
// setting user to gsaml auth may override all moodle user auth plugins.
// auth_gsaml still needs to run the update password code somehow.
// if there was another way to test for it.... as compare if password is diff
// and then set the google user to the new password. :/
// Verify that user has a google account. If not create one for them.
if (!file_exists($CFG->dirroot . '/blocks/gdata/gapps.php')) {
debugging('gdata block is not installed');
} else {
require_once $CFG->dirroot . '/blocks/gdata/gapps.php';
try {
$g = new blocks_gdata_gapps();
try {
$g_user = $g->gapps_get_user($username);
if (empty($g_user)) {
/*
* MOODLE must enforce the above minium 6 char passwords!
* http://www.google.com/support/a/bin/answer.py?answer=33386
*/
// Create Moodle User in the Gsync system
$g->moodle_create_user($user);
// Create google user
$m_user = $g->moodle_get_user($user->id);
$g->create_user($m_user);
}
} catch (blocks_gdata_exception $e) {
// TODO: catch and inform of this common error
//if (stripos($e->getMessage(),'Error 1100: UserDeletedRecently') ) {
// notice('Error 1100: UserDeletedRecently.<br/> Google does not allow a user to be created after deletion until at least 5 days have passed.');
//}
if (method_exists($e, 'getErrors')) {
$errors = $e->getErrors();
foreach ($errors as $errorcode => $error) {
debugging("Error({$errorcode}): {$error}", DEBUG_NORMAL, true);
}
} else {
debugging($e, DEBUG_DEVELOPER);
}
}
} catch (blocks_gdata_exception $e) {
//'Authentication with Google Apps failed. Please check your credentials. ->getMessage() ?
// if Authentication with Google Apps failed. Please check your credentials.
// print $e->getMessage();
// TODO: catch and inform of this Error
debugging($e, DEBUG_DEVELOPER);
}
}
// We are Succesfully logged in and we have a SAML Request
// So we want to process the rest of the log in and redirect
// to the Service that the SAML Request is asking for.
//
// All this code essentialy makes up for the fact that
// we have to exit the login page prematurely.
if (isset($SESSION->samlrequest)) {
$SESSION->samlrequest = false;
if (!($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id)))) {
// User could not be logged in
error(get_string('errusernotloggedin', 'auth_gsaml'));
}
if (!validate_internal_user_password($user, $password)) {
// Password not valid
error(get_string('pwdnotvalid', 'auth_gsaml'));
}
// Added to fix navigation
$navlinks = array(array('name' => 'test', 'link' => null, 'type' => 'misc'));
$navigation = build_navigation($navlinks);
update_login_count();
if ($user) {
// language setup
if ($user->username == 'guest') {
// no predefined language for guests - use existing session or default site lang
unset($user->lang);
} else {
if (!empty($user->lang)) {
// unset previous session language - use user preference instead
unset($SESSION->lang);
}
}
if (empty($user->confirmed)) {
// This account was never confirmed
print_header(get_string("mustconfirm"), get_string("mustconfirm"));
print_heading(get_string("mustconfirm"));
print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
print_footer();
die;
}
// TODO : Fix this bug frm isn't on this page here
if (isset($frm)) {
// if isset placed here for now
if ($frm->password == 'changeme') {
//force the change
set_user_preference('auth_forcepasswordchange', true, $user->id);
}
}
// end of if issuet
/// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $user->id, 0, $user->id);
$USER = complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
/// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// no wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot . '/' or $urltogo == $CFG->wwwroot . '/index.php') {
$urltogo = $CFG->wwwroot . '/my/';
}
}
/// check if user password has expired
/// Currently supported only for ldap-authentication module
$userauth = get_auth_plugin($USER->auth);
if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
if ($userauth->can_change_password()) {
$passwordchangeurl = $userauth->change_password_url();
} else {
$passwordchangeurl = $CFG->httpswwwroot . '/login/change_password.php';
}
$days2expire = $userauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
print_header("{$site->fullname}: {$loginsite}", "{$site->fullname}", $navigation, '', '', true, "<div class=\"langmenu\">{$langmenu}</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0) {
print_header("{$site->fullname}: {$loginsite}", "{$site->fullname}", $navigation, '', '', true, "<div class=\"langmenu\">{$langmenu}</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
}
}
reset_login_count();
// END of the regular Moodle Login Procedures
// Process the SAML Request and redirect to the Service
// it is asking for.
// This function should never return unless there's an error.
if (!gsaml_send_auth_response($SESSION->samlrequestdata)) {
// SAML code failed turn debugging on
error(get_string('samlcodefailed', 'auth_gsaml'));
}
} else {
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}
// TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
if (!empty($CFG->mnet_dispatcher_mode) && $CFG->mnet_dispatcher_mode === 'strict' && is_enabled_auth('mnet')) {
$errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u={$frm->username}");
}
}
}
// else if NO SAML request is made we don't do anything but log in normally
}
/**
* @author John T. Macklin (viperf117a@yahoo.com)
* @version $Id: lib_ldapsso.php,v 1.0 2009/11/11 19:23:07 viperf117a Exp $
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package moodleauth - Custom LDAP URL SSO PHP Functions
*/
function confirm_user($user)
{
// Complete the login process
global $CFG, $SESSION;
if ($user) {
// language setup
update_login_count();
if ($user->username == 'guest') {
// no predefined language for guests - use existing session or default site lang
unset($user->lang);
} else {
if (!empty($user->lang)) {
// unset previous session language - use user preference instead
unset($SESSION->lang);
}
}
if (empty($user->confirmed)) {
// This account was never confirmed
$CFG->registerauth = 'ldapsso';
// User ldapsso to verify registration
$user->secret = md5(rand(1, 9876543));
// Set secret for confirmation
send_confirmation_email($user);
// Genetrate Confirmation Email!
print_heading(get_string("mustconfirm"));
print_box_start('generalbox centerpara boxwidthnormal boxaligncenter');
echo "<h2>" . get_string('confirmednot') . "</h2>\n";
echo "<p>" . get_string('auth_ldap_sso_confirmednot', 'auth_ldapsso') . "</p>\n";
print_single_button("{$CFG->wwwroot}/login/", null, get_string('continue'));
print_box_end();
print_footer();
exit;
}
$USER = complete_user_login($user);
/// Let's set them up.
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $user->id, 0, $user->id);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
/// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// no wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot . '/' or $urltogo == $CFG->wwwroot . '/index.php') {
$urltogo = $CFG->wwwroot . '/my/';
}
}
/// check if user password has expired
/// Currently supported only for ldap-authentication module
$userauth = get_auth_plugin($USER->auth);
if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
if ($userauth->can_change_password()) {
$passwordchangeurl = $userauth->change_password_url();
} else {
$passwordchangeurl = $CFG->httpswwwroot . '/login/change_password.php';
}
$days2expire = $userauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
print_header("{$site->fullname}: {$loginsite}", "{$site->fullname}", $navigation, '', '', true, "<div class=\"langmenu\">{$langmenu}</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0) {
print_header("{$site->fullname}: {$loginsite}", "{$site->fullname}", $navigation, '', '', true, "<div class=\"langmenu\">{$langmenu}</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
}
}
// Do necessary user updates for 'onlogin' Data Mappings
// narrow down what fields we need to update
$all_keys = array_keys(get_object_vars($userauth->config));
$updatekeys = array();
// $updatekeys = array('firstname','lastname','idnumber','city','country','description');
foreach ($all_keys as $key) {
if (preg_match('/^field_updatelocal_(.+)$/', $key, $match)) {
// if we have a field to update and it is set as 'onlogin'
if (!empty($userauth->config->{'field_map_' . $match[1]}) and $userauth->config->{$match[0]} === 'onlogin') {
array_push($updatekeys, $match[1]);
// the actual key name
}
}
}
// print_r($all_keys); print_r($updatekeys);
unset($all_keys);
unset($key);
if (!empty($updatekeys)) {
$userauth->update_user_record(addslashes($user->username), $updatekeys);
}
reset_login_count();
// Return to original debugging level
$CFG->debug = $origdebug;
error_reporting($CFG->debug);
redirect($urltogo, 'Redirecting login request!', 0);
}
}