/**
 * Returns the definition of the login form, for display on the transient login page.
 *
 * @return array   The login form definition array.
 * @access private
 */
function auth_get_login_form()
{
    $elements = auth_get_login_form_elements();
    $elements['login']['elements']['login_submitted'] = array('type' => 'hidden', 'value' => 1);
    // Change login redirection for clean urls
    $url = get_relative_script_path();
    $getstart = strrpos($url, '?');
    if ($getstart !== false) {
        $getpart = substr($url, $getstart + 1);
        $url = substr($url, 0, $getstart);
    }
    if (!file_exists(get_config('docroot') . $url)) {
        // clean url, treat get string differently
        $get = array();
        if (isset($getpart)) {
            $getarr = explode('&', $getpart);
            if ($getarr) {
                foreach ($getarr as $data) {
                    $arr = explode('=', $data);
                    $get[$arr[0]] = isset($arr[1]) ? $arr[1] : null;
                }
            }
        }
    } else {
        $get = $_GET;
    }
    // The login page is completely transient, and it is smart because it
    // remembers the GET and POST data sent to it and resends that on
    // afterwards.
    $action = '';
    if ($get) {
        if (isset($get['logout'])) {
            // You can log the user out on any particular page by appending
            // ?logout to the URL. In this case, we don't want the "action"
            // of the url to include that, or be blank, else the next time
            // the user logs in they will be logged out again.
            $action = hsc(substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?')));
        } else {
            $action .= '?';
            foreach ($get as $key => $value) {
                if ($key != 'login') {
                    $action .= hsc($key) . '=' . hsc($value) . '&';
                }
            }
            $action = substr($action, 0, -1);
        }
    }
    if ($_POST) {
        foreach ($_POST as $key => $value) {
            if (!isset($elements[$key]) && !isset($elements['login']['elements'][$key])) {
                $elements[$key] = array('type' => 'hidden', 'value' => $value);
            }
        }
    }
    $form = array('name' => 'login', 'renderer' => 'div', 'method' => 'post', 'action' => $action, 'plugintype' => 'auth', 'pluginname' => 'internal', 'elements' => $elements, 'dieaftersubmit' => false, 'iscancellable' => false);
    return $form;
}
Example #2
0
        $CFG->wwwroot .= '/';
    }
}
// If we have cleanurl subdomains turned on, we need to set cookiedomain
// to ensure cookies are given back to us in all subdomains
if (isset($CFG->cleanurls) && isset($CFG->cleanurlusersubdomains) && !isset($CFG->cookiedomain)) {
    $url = parse_url(get_config('wwwroot'));
    $CFG->cookiedomain = '.' . $url['host'];
}
// If we're forcing an ssl proxy, make sure the wwwroot is correct
if ($CFG->sslproxy == true && parse_url($CFG->wwwroot, PHP_URL_SCHEME) !== 'https') {
    throw new ConfigSanityException(get_string('wwwrootnothttps', 'error', get_config('wwwroot')));
}
// Make sure that we are using ssl if wwwroot expects us to do so
if ($CFG->sslproxy === false && isset($_SERVER['REMOTE_ADDR']) && (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') && parse_url($CFG->wwwroot, PHP_URL_SCHEME) === 'https') {
    redirect(get_relative_script_path());
}
if (!isset($CFG->noreplyaddress) && isset($CFG->wwwroot)) {
    $noreplyaddress = 'noreply@' . parse_url($CFG->wwwroot, PHP_URL_HOST);
    try {
        set_config('noreplyaddress', $noreplyaddress);
    } catch (Exception $e) {
        // Do nothing again, same reason as above
        $CFG->noreplyaddress = $noreplyaddress;
    }
}
if (!get_config('theme')) {
    // if it's not set, we're probably not installed,
    // so set it in $CFG directly rather than the db which doesn't yet exist
    $CFG->theme = 'raw';
}
Example #3
0
    /**
     * Load all of the Javascript needed to retrieve Personas from
     * the browser.
     */
    public static function login_form_js()
    {
        global $HEADDATA, $SESSION;
        $HEADDATA[] = '<script src="https://login.persona.org/include.js" type="application/javascript"></script>';
        $wwwroot = get_config('wwwroot');
        $returnurl = hsc(get_relative_script_path());
        // We can't use $USER->get('sesskey') because there is no $USER object yet.
        $sesskey = get_random_key();
        $SESSION->set('browseridsesskey', $sesskey);
        return <<<EOF
<form id="browserid-form" action="{$wwwroot}auth/browserid/login.php" method="post">
<input id="browserid-assertion" type="hidden" name="assertion" value="">
<input id="browserid-returnurl" type="hidden" name="returnurl" value="{$returnurl}">
<input id="browserid-sesskey" type="hidden" name="sesskey" value="{$sesskey}">
<input style="display: none" type="submit">
</form>

<script type="application/javascript">
function browserid_login() {
    navigator.id.get(function(assertion) {
        if (assertion) {
            document.getElementById('browserid-assertion').setAttribute('value', assertion);
            document.getElementById('browserid-form').submit();
        }
   });
}
</script>
EOF;
    }
/**
 * Generates the login form for the sideblock
 *
 * {@internal{Not sure why this form definition doesn't use 
 * auth_get_login_form, but keep that in mind when making changes.}}
 */
function auth_generate_login_form()
{
    if (!get_config('installed')) {
        return;
    }
    $action = '';
    if (get_config('httpswwwroot')) {
        $action = rtrim(get_config('httpswwwroot'), '/') . strip_querystring(get_relative_script_path());
    }
    require_once 'pieforms/pieform.php';
    if (count_records('institution', 'registerallowed', 1, 'suspended', 0)) {
        $registerlink = '<a href="' . get_config('wwwroot') . 'register.php" tabindex="2">' . get_string('register') . '</a><br>';
    } else {
        $registerlink = '';
    }
    $loginform = get_login_form_js(pieform(array('name' => 'login', 'renderer' => 'div', 'submit' => false, 'action' => $action, 'plugintype' => 'auth', 'pluginname' => 'internal', 'autofocus' => false, 'elements' => array('login_username' => array('type' => 'text', 'title' => get_string('username') . ':', 'description' => get_string('usernamedescription'), 'defaultvalue' => isset($_POST['login_username']) ? $_POST['login_username'] : '', 'rules' => array('required' => true)), 'login_password' => array('type' => 'password', 'title' => get_string('password') . ':', 'description' => get_string('passworddescription'), 'defaultvalue' => '', 'rules' => array('required' => true)), 'submit' => array('type' => 'submit', 'value' => get_string('login')), 'register' => array('value' => '<div id="login-helplinks">' . $registerlink . '<a href="' . get_config('wwwroot') . 'forgotpass.php" tabindex="2">' . get_string('lostusernamepassword') . '</a></div>')))));
    return $loginform;
}