/** * Returns the definition of the login form, for display on the transient login page. * * @return array The login form definition array. * @access private */ function auth_get_login_form() { $elements = auth_get_login_form_elements(); $elements['login']['elements']['login_submitted'] = array('type' => 'hidden', 'value' => 1); // Change login redirection for clean urls $url = get_relative_script_path(); $getstart = strrpos($url, '?'); if ($getstart !== false) { $getpart = substr($url, $getstart + 1); $url = substr($url, 0, $getstart); } if (!file_exists(get_config('docroot') . $url)) { // clean url, treat get string differently $get = array(); if (isset($getpart)) { $getarr = explode('&', $getpart); if ($getarr) { foreach ($getarr as $data) { $arr = explode('=', $data); $get[$arr[0]] = isset($arr[1]) ? $arr[1] : null; } } } } else { $get = $_GET; } // The login page is completely transient, and it is smart because it // remembers the GET and POST data sent to it and resends that on // afterwards. $action = ''; if ($get) { if (isset($get['logout'])) { // You can log the user out on any particular page by appending // ?logout to the URL. In this case, we don't want the "action" // of the url to include that, or be blank, else the next time // the user logs in they will be logged out again. $action = hsc(substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], '?'))); } else { $action .= '?'; foreach ($get as $key => $value) { if ($key != 'login') { $action .= hsc($key) . '=' . hsc($value) . '&'; } } $action = substr($action, 0, -1); } } if ($_POST) { foreach ($_POST as $key => $value) { if (!isset($elements[$key]) && !isset($elements['login']['elements'][$key])) { $elements[$key] = array('type' => 'hidden', 'value' => $value); } } } $form = array('name' => 'login', 'renderer' => 'div', 'method' => 'post', 'action' => $action, 'plugintype' => 'auth', 'pluginname' => 'internal', 'elements' => $elements, 'dieaftersubmit' => false, 'iscancellable' => false); return $form; }
$CFG->wwwroot .= '/'; } } // If we have cleanurl subdomains turned on, we need to set cookiedomain // to ensure cookies are given back to us in all subdomains if (isset($CFG->cleanurls) && isset($CFG->cleanurlusersubdomains) && !isset($CFG->cookiedomain)) { $url = parse_url(get_config('wwwroot')); $CFG->cookiedomain = '.' . $url['host']; } // If we're forcing an ssl proxy, make sure the wwwroot is correct if ($CFG->sslproxy == true && parse_url($CFG->wwwroot, PHP_URL_SCHEME) !== 'https') { throw new ConfigSanityException(get_string('wwwrootnothttps', 'error', get_config('wwwroot'))); } // Make sure that we are using ssl if wwwroot expects us to do so if ($CFG->sslproxy === false && isset($_SERVER['REMOTE_ADDR']) && (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') && parse_url($CFG->wwwroot, PHP_URL_SCHEME) === 'https') { redirect(get_relative_script_path()); } if (!isset($CFG->noreplyaddress) && isset($CFG->wwwroot)) { $noreplyaddress = 'noreply@' . parse_url($CFG->wwwroot, PHP_URL_HOST); try { set_config('noreplyaddress', $noreplyaddress); } catch (Exception $e) { // Do nothing again, same reason as above $CFG->noreplyaddress = $noreplyaddress; } } if (!get_config('theme')) { // if it's not set, we're probably not installed, // so set it in $CFG directly rather than the db which doesn't yet exist $CFG->theme = 'raw'; }
/** * Load all of the Javascript needed to retrieve Personas from * the browser. */ public static function login_form_js() { global $HEADDATA, $SESSION; $HEADDATA[] = '<script src="https://login.persona.org/include.js" type="application/javascript"></script>'; $wwwroot = get_config('wwwroot'); $returnurl = hsc(get_relative_script_path()); // We can't use $USER->get('sesskey') because there is no $USER object yet. $sesskey = get_random_key(); $SESSION->set('browseridsesskey', $sesskey); return <<<EOF <form id="browserid-form" action="{$wwwroot}auth/browserid/login.php" method="post"> <input id="browserid-assertion" type="hidden" name="assertion" value=""> <input id="browserid-returnurl" type="hidden" name="returnurl" value="{$returnurl}"> <input id="browserid-sesskey" type="hidden" name="sesskey" value="{$sesskey}"> <input style="display: none" type="submit"> </form> <script type="application/javascript"> function browserid_login() { navigator.id.get(function(assertion) { if (assertion) { document.getElementById('browserid-assertion').setAttribute('value', assertion); document.getElementById('browserid-form').submit(); } }); } </script> EOF; }
/** * Generates the login form for the sideblock * * {@internal{Not sure why this form definition doesn't use * auth_get_login_form, but keep that in mind when making changes.}} */ function auth_generate_login_form() { if (!get_config('installed')) { return; } $action = ''; if (get_config('httpswwwroot')) { $action = rtrim(get_config('httpswwwroot'), '/') . strip_querystring(get_relative_script_path()); } require_once 'pieforms/pieform.php'; if (count_records('institution', 'registerallowed', 1, 'suspended', 0)) { $registerlink = '<a href="' . get_config('wwwroot') . 'register.php" tabindex="2">' . get_string('register') . '</a><br>'; } else { $registerlink = ''; } $loginform = get_login_form_js(pieform(array('name' => 'login', 'renderer' => 'div', 'submit' => false, 'action' => $action, 'plugintype' => 'auth', 'pluginname' => 'internal', 'autofocus' => false, 'elements' => array('login_username' => array('type' => 'text', 'title' => get_string('username') . ':', 'description' => get_string('usernamedescription'), 'defaultvalue' => isset($_POST['login_username']) ? $_POST['login_username'] : '', 'rules' => array('required' => true)), 'login_password' => array('type' => 'password', 'title' => get_string('password') . ':', 'description' => get_string('passworddescription'), 'defaultvalue' => '', 'rules' => array('required' => true)), 'submit' => array('type' => 'submit', 'value' => get_string('login')), 'register' => array('value' => '<div id="login-helplinks">' . $registerlink . '<a href="' . get_config('wwwroot') . 'forgotpass.php" tabindex="2">' . get_string('lostusernamepassword') . '</a></div>'))))); return $loginform; }