/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object (with system magic quotes) * @param boolean $notify print notice with link and terminate */ function user_signup($user, $notify = true) { global $CFG; require_once $CFG->dirroot . '/user/profile/lib.php'; $user->password = hash_internal_user_password($user->password); if (!($user->id = insert_record('user', $user))) { print_error('auth_emailnoinsert', 'auth'); } /// Save any custom profile field information profile_save_data($user); $user = get_record('user', 'id', $user->id); events_trigger('user_created', $user); if (!send_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth'); } if ($notify) { global $CFG; $emailconfirm = get_string('emailconfirm'); $navlinks = array(); $navlinks[] = array('name' => $emailconfirm, 'link' => null, 'type' => 'misc'); $navigation = build_navigation($navlinks); print_header($emailconfirm, $emailconfirm, $navigation); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object * @param boolean $notify print notice with link and terminate */ function user_signup($user, $notify = true) { global $CFG, $DB; require_once $CFG->dirroot . '/user/profile/lib.php'; $user->password = hash_internal_user_password($user->password); $user->id = $DB->insert_record('user', $user); /// Save any custom profile field information profile_save_data($user); $user = $DB->get_record('user', array('id' => $user->id)); events_trigger('user_created', $user); if (!send_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth_email'); } if ($notify) { global $CFG, $PAGE, $OUTPUT; $emailconfirm = get_string('emailconfirm'); $PAGE->navbar->add($emailconfirm); $PAGE->set_title($emailconfirm); $PAGE->set_heading($PAGE->course->fullname); echo $OUTPUT->header(); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * Test user_update_user. */ public function test_user_update_user() { global $DB; $this->resetAfterTest(); // Create user and modify user profile. $user = $this->getDataGenerator()->create_user(); $user->firstname = 'Test'; $user->password = '******'; // Update user and capture event. $sink = $this->redirectEvents(); user_update_user($user); $events = $sink->get_events(); $sink->close(); $event = array_pop($events); // Test updated value. $dbuser = $DB->get_record('user', array('id' => $user->id)); $this->assertSame($user->firstname, $dbuser->firstname); $this->assertNotSame('M00dLe@T', $dbuser->password); // Test event. $this->assertInstanceOf('\\core\\event\\user_updated', $event); $this->assertSame($user->id, $event->objectid); $this->assertSame('user_updated', $event->get_legacy_eventname()); $this->assertEventLegacyData($dbuser, $event); $this->assertEquals(context_user::instance($user->id), $event->get_context()); $expectedlogdata = array(SITEID, 'user', 'update', 'view.php?id=' . $user->id, ''); $this->assertEventLegacyLogData($expectedlogdata, $event); // Update user with no password update. $password = $user->password = hash_internal_user_password('M00dLe@T'); user_update_user($user, false); $dbuser = $DB->get_record('user', array('id' => $user->id)); $this->assertSame($password, $dbuser->password); }
/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object * @param boolean $notify print notice with link and terminate */ public function user_signup($user, $notify = true) { global $CFG, $DB; require_once $CFG->dirroot . '/user/profile/lib.php'; require_once $CFG->dirroot . '/user/lib.php'; $plainpassword = $user->password; $user->password = hash_internal_user_password($user->password); if (empty($user->calendartype)) { $user->calendartype = $CFG->calendartype; } $user->id = user_create_user($user, false, false); user_add_password_history($user->id, $plainpassword); // Save any custom profile field information. profile_save_data($user); // Trigger event. \core\event\user_created::create_from_userid($user->id)->trigger(); if (!send_confirmation_email($user)) { print_error('auth_emailnoemail, auth_email'); } if ($notify) { global $CFG, $PAGE, $OUTPUT; $emailconfirm = get_string('emailconfirm'); $PAGE->navbar->add($emailconfirm); $PAGE->set_title($emailconfirm); $PAGE->set_heading($PAGE->course->fullname); echo $OUTPUT->header(); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * Update a user with a user object (will compare against the ID) * @param object $user - the user to update */ function user_update_user($user) { global $DB; /// set the timecreate field to the current time if (!is_object($user)) { $user = (object) $user; } /// hash the password $user->password = hash_internal_user_password($user->password); $user->timemodified = time(); $DB->update_record('user', $user); }
/** * Returns success or failure * * @return bool success or failure */ public static function process_magento_request($order_number, $customer, $moodle_courses) { global $USER, $DB; if (get_config('magentoconnector', 'magentoconnectorenabled') == 0) { return false; } $params = self::validate_parameters(self::process_magento_request_parameters(), array('order_number' => $order_number, 'customer' => $customer, 'moodle_courses' => $moodle_courses)); $context = context_user::instance($USER->id); self::validate_context($context); if (!($user = $DB->get_record('user', array('email' => $customer['email'])))) { $user = new stdClass(); $user->firstname = $customer['firstname']; $user->lastname = $customer['lastname']; $user->email = $customer['email']; $user->city = $customer['city']; $user->country = $customer['country']; $user->confirmed = 1; $user->policyagreed = 1; $user->mnethostid = 1; $user->username = local_magentoconnector_generate_username($customer['firstname'], $customer['lastname']); $user->timecreated = time(); $password = generate_password(); $user->password = hash_internal_user_password($password); $userid = $DB->insert_record('user', $user); } else { $userid = $user->id; } $roleid = $DB->get_field('role', 'id', array('shortname' => LOCAL_MAGENTOCONNECTOR_STUDENT_SHORTNAME)); $enrol = enrol_get_plugin('magento'); foreach ($moodle_courses as $moodle_course) { if ($course = $DB->get_record('course', array('idnumber' => $moodle_course['course_id']))) { $enrolinstance = $DB->get_record('enrol', array('courseid' => $course->id, 'enrol' => 'magento'), '*', MUST_EXIST); $enrol->enrol_user($enrolinstance, $userid, $roleid); $record = new stdClass(); $record->userid = $userid; $record->ordernum = $order_number; $record->courseid = $course->id; $record->timestamp = time(); $DB->insert_record('local_magentoconnector_trans', $record); } else { // no such course ... ? } } if (isset($password)) { $enrolinstance->newusername = $user->username; $enrolinstance->newaccountpassword = $password; } $customer = $DB->get_record('user', array('id' => $userid)); $enrol->email_welcome_message($enrolinstance, $customer); return true; }
function xmldb_local_lae_install() { global $CFG, $DB; $dbman = $DB->get_manager(); // Migrate the old config setting, if present. if (!empty($CFG->forum_anonymous)) { set_config('forum_enableanonymousposts', $CFG->forum_anonymous); set_config('forum_anonymous', null); } // Extend forum tables. $table = new xmldb_table('forum'); $field = new xmldb_field('anonymous'); $field->set_attributes(XMLDB_TYPE_INTEGER, '2', XMLDB_UNSIGNED, XMLDB_NOTNULL, null, '0', 'completionposts'); if (!$dbman->field_exists($table, $field)) { $dbman->add_field($table, $field); } $table = new xmldb_table('forum_posts'); $field = new xmldb_field('hiddenuserid'); $field->set_attributes(XMLDB_TYPE_INTEGER, '10', XMLDB_UNSIGNED, null, null, null, null, 'mailnow'); if (!$dbman->field_exists($table, $field)) { $dbman->add_field($table, $field); } // Add anonymous user. if (empty($CFG->anonymous_userid)) { $anon_user = new stdClass(); $anon_user->username = '******'; // The password needs strings. $anon_user->password = hash_internal_user_password(str_shuffle($anon_user->username) . (string) mt_rand()); $anon_user->auth = 'nologin'; $anon_user->firstname = get_string('auser_firstname', 'local_lae'); $anon_user->lastname = get_string('auser_lastname', 'local_lae'); $anon_user->mnethostid = $CFG->mnet_localhost_id; $anon_user->email = get_string('auser_email', 'local_lae'); if ($result = $DB->insert_record('user', $anon_user)) { set_config('anonymous_userid', $result); context_user::instance($result); } else { print_error("Failed to create anonymous user"); return false; } } // Update course table to support display defaults $table = new xmldb_table('course'); $field = new xmldb_field('filedisplaydefault', XMLDB_TYPE_INTEGER, '2', null, null, null, null, null); if (!$dbman->field_exists($table, $field)) { $dbman->add_field($table, $field); } return true; }
/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object (with system magic quotes) * @param boolean $notify print notice with link and terminate */ function user_signup($user, $notify = true) { $user->password = hash_internal_user_password($user->password); if (!($user->id = insert_record('user', $user))) { print_error('auth_emailnoinsert', 'auth'); } if (!send_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth'); } if ($notify) { global $CFG; $emailconfirm = get_string('emailconfirm'); print_header($emailconfirm, $emailconfirm, $emailconfirm); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * @param int $oldversion the version we are upgrading from * @return bool result */ function xmldb_auth_manual_upgrade($oldversion) { global $CFG, $DB, $OUTPUT; if ($oldversion < 2011022700) { // force creation of missing passwords $createpassword = hash_internal_user_password(''); $rs = $DB->get_recordset('user', array('password' => $createpassword, 'auth' => 'manual')); foreach ($rs as $user) { if (validate_email($user->email)) { $DB->set_field('user', 'password', 'to be created', array('id' => $user->id)); unset_user_preference('auth_forcepasswordchange', $user); set_user_preference('create_password', 1, $user); } } $rs->close(); upgrade_plugin_savepoint(true, 2011022700, 'auth', 'manual'); } return true; }
/** * Sign up a new user ready for confirmation. * Password is passed in plaintext. * * @param object $user new user object (with system magic quotes) * @param boolean $notify print notice with link and terminate */ function user_signup($user, $notify = true) { global $CFG; require_once $CFG->dirroot . '/user/profile/lib.php'; $user->password = hash_internal_user_password($user->password); if (!($user->id = insert_record('user', $user))) { print_error('auth_emailnoinsert', 'auth'); } /// Save any custom profile field information profile_save_data($user); //Added by JAM: 12.02.2010 - Call the set user time-zone for WS, cannot set time-zone until, user is created setWSUserDefaultTimeZone($user->username, $user); $user = get_record('user', 'id', $user->id); events_trigger('user_created', $user); //Added by JAM: 01.06.2011 - this is where the user id exists if (!addQSUser($user)) { admin_signuperror_email($user); // Added: JAM - 01.06.2011 //error('An error has occured, please try again shortly.'); } if (!send_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth'); } if ($notify) { global $CFG; $emailconfirm = get_string('emailconfirm'); $navlinks = array(); $navlinks[] = array('name' => $emailconfirm, 'link' => null, 'type' => 'misc'); $navigation = build_navigation($navlinks); print_header($emailconfirm, $emailconfirm, $navigation); // Added by SMS: 7/28/2011 $data = new object(); $data->useremail = $user->email; $supportuser = generate_email_supportuser(); $data->adminemail = $supportuser->email; // Edited by SMS: 7/28/2011 // notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php"); notice(get_string('emailconfirmsent', '', $data), "{$CFG->wwwroot}/index.php"); } else { return true; } }
function application_user_signup($user) { // Derived from email->user_signup global $CFG, $PAGE, $OUTPUT; $user->password = hash_internal_user_password($user->password); if (empty($user->calendartype)) { $user->calendartype = $CFG->calendartype; } $user->id = user_create_user($user, false, false); // Save any custom profile field information profile_save_data($user); // Save contact information write_contact_details($user->id, $user); // Trigger event \core\event\user_created::create_from_userid($user->id)->trigger(); if (!send_application_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth_email'); } $PAGE->set_title($CFG->pageheading . ': ' . get_string('emailconfirm')); echo $OUTPUT->header(); notice(get_string('emailconfirmsent', '', $user->email), $CFG->wwwroot . '/local/obu_application/login.php'); }
function user_signup($user, $notify = true) { global $CFG, $DB; require_once $CFG->dirroot . '/user/profile/lib.php'; $password_clear = $user->password; $user->password = hash_internal_user_password($user->password); if (!($user->id = $DB->insert_record('user', $user))) { print_error('auth_emailnoinsert', 'auth'); } /// Save any custom profile field information profile_save_data($user); $conditions = array('id' => $user->id); $user = $DB->get_record('user', $conditions); /* Create user in Joomla */ $userinfo['username'] = $user->username; $userinfo['password'] = $password_clear; $userinfo['password2'] = $password_clear; $userinfo['name'] = $user->firstname . " " . $user->lastname; $userinfo['firstname'] = $user->firstname; $userinfo['lastname'] = $user->lastname; $userinfo['email'] = $user->email; $userinfo['block'] = 1; \core\event\user_created::create_from_userid($user->id)->trigger(); if (!send_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth'); } if ($notify) { $emailconfirm = get_string('emailconfirm'); $PAGE->set_url('/auth/joomdle/auth.php'); $PAGE->navbar->add($emailconfirm); $PAGE->set_title($emailconfirm); $PAGE->set_heading($emailconfirm); echo $OUTPUT->header(); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
function user_signup($user, $notify = true) { global $CFG, $DB; require_once $CFG->dirroot . '/user/profile/lib.php'; $password_clear = $user->password; $user->password = hash_internal_user_password($user->password); if (!($user->id = $DB->insert_record('user', $user))) { print_error('auth_emailnoinsert', 'auth'); } /// Save any custom profile field information profile_save_data($user); $conditions = array('id' => $user->id); $user = $DB->get_record('user', $conditions); /* Create user in Joomla */ $userinfo['username'] = $user->username; $userinfo['password'] = $password_clear; $userinfo['password2'] = $password_clear; $userinfo['name'] = $user->firstname . " " . $user->lastname; $userinfo['email'] = $user->email; $userinfo['block'] = 1; $this->call_method("createUser", $userinfo); events_trigger('user_created', $user); if (!send_confirmation_email($user)) { print_error('auth_emailnoemail', 'auth'); } if ($notify) { global $CFG; $emailconfirm = get_string('emailconfirm'); $navlinks = array(); $navlinks[] = array('name' => $emailconfirm, 'link' => null, 'type' => 'misc'); $navigation = build_navigation($navlinks); print_header($emailconfirm, $emailconfirm, $navigation); notice(get_string('emailconfirmsent', '', $user->email), "{$CFG->wwwroot}/index.php"); } else { return true; } }
/** * Test function hash_internal_user_password(). */ public function test_hash_internal_user_password() { $passwords = array('pw', 'abc123', 'C0mP1eX_&}<?@*&%` |\\"', 'ĩńťėŕňăţĩōŋāĹ'); // Check that some passwords that we convert to hashes can // be validated. foreach ($passwords as $password) { $hash = hash_internal_user_password($password); $fasthash = hash_internal_user_password($password, true); $user = new stdClass(); $user->auth = 'manual'; $user->password = $hash; $this->assertTrue(validate_internal_user_password($user, $password)); // They should not be in md5 format. $this->assertFalse(password_is_legacy_hash($hash)); // Check that cost factor in hash is correctly set. $this->assertRegExp('/\\$10\\$/', $hash); $this->assertRegExp('/\\$04\\$/', $fasthash); } }
/** * Create a test user * @param array|stdClass $record * @param array $options * @return stdClass user record */ public function create_user($record = null, array $options = null) { global $DB, $CFG; $this->usercounter++; $i = $this->usercounter; $record = (array) $record; if (!isset($record['auth'])) { $record['auth'] = 'manual'; } if (!isset($record['firstname']) and !isset($record['lastname'])) { $country = rand(0, 5); $firstname = rand(0, 4); $lastname = rand(0, 4); $female = rand(0, 1); $record['firstname'] = $this->firstnames[$country * 10 + $firstname + $female * 5]; $record['lastname'] = $this->lastnames[$country * 10 + $lastname + $female * 5]; } else { if (!isset($record['firstname'])) { $record['firstname'] = 'Firstname' . $i; } else { if (!isset($record['lastname'])) { $record['lastname'] = 'Lastname' . $i; } } } if (!isset($record['idnumber'])) { $record['idnumber'] = ''; } if (!isset($record['mnethostid'])) { $record['mnethostid'] = $CFG->mnet_localhost_id; } if (!isset($record['username'])) { $record['username'] = '******' . $i; $j = 2; while ($DB->record_exists('user', array('username' => $record['username'], 'mnethostid' => $record['mnethostid']))) { $record['username'] = '******' . $i . '_' . $j; $j++; } } if (!isset($record['password'])) { $record['password'] = '******'; } if (!isset($record['email'])) { $record['email'] = $record['username'] . '@example.com'; } if (!isset($record['confirmed'])) { $record['confirmed'] = 1; } if (!isset($record['lang'])) { $record['lang'] = 'en'; } if (!isset($record['maildisplay'])) { $record['maildisplay'] = 1; } if (!isset($record['deleted'])) { $record['deleted'] = 0; } $record['timecreated'] = time(); $record['timemodified'] = $record['timecreated']; $record['lastip'] = '0.0.0.0'; $record['password'] = hash_internal_user_password($record['password']); if ($record['deleted']) { $delname = $record['email'] . '.' . time(); while ($DB->record_exists('user', array('username' => $delname))) { $delname++; } $record['idnumber'] = ''; $record['email'] = md5($record['username']); $record['username'] = $delname; $record['picture'] = 0; } $userid = $DB->insert_record('user', $record); if (!$record['deleted']) { context_user::instance($userid); } return $DB->get_record('user', array('id' => $userid), '*', MUST_EXIST); }
$usernew->timemodified = time(); $createpassword = false; if ($usernew->id == -1) { unset($usernew->id); $createpassword = !empty($usernew->createpassword); unset($usernew->createpassword); $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, null, 'user', 'profile', null); $usernew->mnethostid = $CFG->mnet_localhost_id; // Always local user. $usernew->confirmed = 1; $usernew->timecreated = time(); if ($authplugin->is_internal()) { if ($createpassword or empty($usernew->newpassword)) { $usernew->password = ''; } else { $usernew->password = hash_internal_user_password($usernew->newpassword); } } else { $usernew->password = AUTH_PASSWORD_NOT_CACHED; } $usernew->id = user_create_user($usernew, false, false); if (!$authplugin->is_internal() and $authplugin->can_change_password() and !empty($usernew->newpassword)) { if (!$authplugin->user_update_password($usernew, $usernew->newpassword)) { // Do not stop here, we need to finish user creation. debugging(get_string('cannotupdatepasswordonextauth', '', '', $usernew->auth), DEBUG_NONE); } } $usercreated = true; } else { $usernew = file_postupdate_standard_editor($usernew, 'description', $editoroptions, $usercontext, 'user', 'profile', 0); // Pass a true old $user here.
/** * Update password hash in user object (if necessary). * * The password is updated if: * 1. The password has changed (the hash of $user->password is different * to the hash of $password). * 2. The existing hash is using an out-of-date algorithm (or the legacy * md5 algorithm). * * Updating the password will modify the $user object and the database * record to use the current hashing algorithm. * It will remove Web Services user tokens too. * * @param stdClass $user User object (password property may be updated). * @param string $password Plain text password. * @param bool $fasthash If true, use a low cost factor when generating the hash * This is much faster to generate but makes the hash * less secure. It is used when lots of hashes need to * be generated quickly. * @return bool Always returns true. */ function update_internal_user_password($user, $password, $fasthash = false) { global $CFG, $DB; // Figure out what the hashed password should be. if (!isset($user->auth)) { debugging('User record in update_internal_user_password() must include field auth', DEBUG_DEVELOPER); $user->auth = $DB->get_field('user', 'auth', array('id' => $user->id)); } $authplugin = get_auth_plugin($user->auth); if ($authplugin->prevent_local_passwords()) { $hashedpassword = AUTH_PASSWORD_NOT_CACHED; } else { $hashedpassword = hash_internal_user_password($password, $fasthash); } $algorithmchanged = false; if ($hashedpassword === AUTH_PASSWORD_NOT_CACHED) { // Password is not cached, update it if not set to AUTH_PASSWORD_NOT_CACHED. $passwordchanged = $user->password !== $hashedpassword; } else { if (isset($user->password)) { // If verification fails then it means the password has changed. $passwordchanged = !password_verify($password, $user->password); $algorithmchanged = password_needs_rehash($user->password, PASSWORD_DEFAULT); } else { // While creating new user, password in unset in $user object, to avoid // saving it with user_create() $passwordchanged = true; } } if ($passwordchanged || $algorithmchanged) { $DB->set_field('user', 'password', $hashedpassword, array('id' => $user->id)); $user->password = $hashedpassword; // Trigger event. $user = $DB->get_record('user', array('id' => $user->id)); \core\event\user_password_updated::create_from_user($user)->trigger(); // Remove WS user tokens. if (!empty($CFG->passwordchangetokendeletion)) { require_once $CFG->dirroot . '/webservice/lib.php'; webservice::delete_user_ws_tokens($user->id); } } return true; }
while (!feof($fp)) { $errors = ''; $user = new object(); // by default, use the local mnet id (this may be changed in the file) $user->mnethostid = $CFG->mnet_localhost_id; $line = explode($csv_delimiter, fgets($fp, LINE_MAX_SIZE)); ++$linenum; // add fields to user object foreach ($line as $key => $value) { if ($value !== '') { $key = $headers[$key]; //decode encoded commas $value = str_replace($csv_encode, $csv_delimiter, trim($value)); // special fields: password and username if ($key == 'password' && !empty($value)) { $user->{$key} = hash_internal_user_password($value); } else { if ($key == 'username') { $value = $textlib->strtolower(addslashes($value)); if (empty($CFG->extendedusernamechars)) { $value = eregi_replace('[^(-\\.[:alnum:])]', '', $value); } @$newusernames[$value]++; $user->{$key} = $value; } else { $user->{$key} = addslashes($value); } } } } // add default values for remaining fields
/** * Update pssword hash in user object. * * @param object user * @param string plain text password * @param bool store changes also in db, default true * @return true if hash changed */ function update_internal_user_password(&$user, $password) { global $CFG; $authplugin = get_auth_plugin($user->auth); if ($authplugin->prevent_local_passwords()) { $hashedpassword = '******'; } else { $hashedpassword = hash_internal_user_password($password); } return set_field('user', 'password', $hashedpassword, 'id', $user->id); }
/** * Sets specified user's password and send the new password to the user via email. * * @global object * @global object * @param user $user A {@link $USER} object * @return boolean|string Returns "true" if mail was sent OK and "false" if there was an error */ function setnew_password_and_mail($user) { global $CFG, $DB; $site = get_site(); $supportuser = generate_email_supportuser(); $newpassword = generate_password(); $DB->set_field('user', 'password', hash_internal_user_password($newpassword), array('id' => $user->id)); $a = new stdClass(); $a->firstname = fullname($user, true); $a->sitename = format_string($site->fullname); $a->username = $user->username; $a->newpassword = $newpassword; $a->link = $CFG->wwwroot . '/login/'; $a->signoff = generate_email_signoff(); $message = get_string('newusernewpasswordtext', '', $a); $subject = format_string($site->fullname) . ': ' . get_string('newusernewpasswordsubj'); //directly email rather than using the messaging system to ensure its not routed to a popup or jabber return email_to_user($user, $supportuser, $subject, $message); }
/** * Sets specified user's password and send the new password to the user via email. * * @param stdClass $user A {@link $USER} object * @param bool $fasthash If true, use a low cost factor when generating the hash for speed. * @return bool|string Returns "true" if mail was sent OK and "false" if there was an error */ function setnew_password_and_mail($user, $fasthash = false) { global $CFG, $DB; // We try to send the mail in language the user understands, // unfortunately the filter_string() does not support alternative langs yet // so multilang will not work properly for site->fullname. $lang = empty($user->lang) ? $CFG->lang : $user->lang; $site = get_site(); $supportuser = core_user::get_support_user(); $newpassword = generate_password(); $hashedpassword = hash_internal_user_password($newpassword, $fasthash); $DB->set_field('user', 'password', $hashedpassword, array('id' => $user->id)); $user->password = $hashedpassword; // Trigger event. $event = \core\event\user_updated::create(array('objectid' => $user->id, 'context' => context_user::instance($user->id))); $event->add_record_snapshot('user', $user); $event->trigger(); $a = new stdClass(); $a->firstname = fullname($user, true); $a->sitename = format_string($site->fullname); $a->username = $user->username; $a->newpassword = $newpassword; $a->link = $CFG->wwwroot . '/login/'; $a->signoff = generate_email_signoff(); $message = (string) new lang_string('newusernewpasswordtext', '', $a, $lang); $subject = format_string($site->fullname) . ': ' . (string) new lang_string('newusernewpasswordsubj', '', $a, $lang); // Directly email rather than using the messaging system to ensure its not routed to a popup or jabber. return email_to_user($user, $supportuser, $subject, $message); }
/** * Main post-install tasks to be executed after the BD schema is available * * This function is automatically executed after Moodle core DB has been * created at initial install. It's in charge of perform the initial tasks * not covered by the {@link install.xml} file, like create initial users, * roles, templates, moving stuff from other plugins... * * Note that the function is only invoked once, at install time, so if new tasks * are needed in the future, they will need to be added both here (for new sites) * and in the corresponding {@link upgrade.php} file (for existing sites). * * All plugins within Moodle (modules, blocks, reports...) support the existence of * their own install.php file, using the "Frankenstyle" component name as * defined at {@link http://docs.moodle.org/dev/Frankenstyle}, for example: * - {@link xmldb_page_install()}. (modules don't require the plugintype ("mod_") to be used. * - {@link xmldb_enrol_meta_install()}. * - {@link xmldb_workshopform_accumulative_install()}. * - .... * * Finally, note that it's also supported to have one uninstall.php file that is * executed also once, each time one plugin is uninstalled (before the DB schema is * deleted). Those uninstall files will contain one function, using the "Frankenstyle" * naming conventions, like {@link xmldb_enrol_meta_uninstall()} or {@link xmldb_workshop_uninstall()}. */ function xmldb_main_install() { global $CFG, $DB, $SITE, $OUTPUT; // Make sure system context exists $syscontext = context_system::instance(0, MUST_EXIST, false); if ($syscontext->id != SYSCONTEXTID) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Unexpected new system context id!'); } // Create site course if ($DB->record_exists('course', array())) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Can not create frontpage course, courses already exist.'); } $newsite = new stdClass(); $newsite->fullname = ''; $newsite->shortname = ''; $newsite->summary = NULL; $newsite->newsitems = 3; $newsite->numsections = 1; $newsite->category = 0; $newsite->format = 'site'; // Only for this course $newsite->timecreated = time(); $newsite->timemodified = $newsite->timecreated; if (defined('SITEID')) { $newsite->id = SITEID; $DB->import_record('course', $newsite); $DB->get_manager()->reset_sequence('course'); } else { $newsite->id = $DB->insert_record('course', $newsite); define('SITEID', $newsite->id); } // set the field 'numsections'. We can not use format_site::update_format_options() because // the file is not loaded $DB->insert_record('course_format_options', array('courseid' => SITEID, 'format' => 'site', 'sectionid' => 0, 'name' => 'numsections', 'value' => $newsite->numsections)); $SITE = get_site(); if ($newsite->id != $SITE->id) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Unexpected new site course id!'); } // Make sure site course context exists context_course::instance($SITE->id); // Update the global frontpage cache $SITE = $DB->get_record('course', array('id' => $newsite->id), '*', MUST_EXIST); // Create default course category if ($DB->record_exists('course_categories', array())) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Can not create default course category, categories already exist.'); } $cat = new stdClass(); $cat->name = get_string('miscellaneous'); $cat->depth = 1; $cat->sortorder = MAX_COURSES_IN_CATEGORY; $cat->timemodified = time(); $catid = $DB->insert_record('course_categories', $cat); $DB->set_field('course_categories', 'path', '/' . $catid, array('id' => $catid)); // Make sure category context exists context_coursecat::instance($catid); $defaults = array('rolesactive' => '0', 'auth' => 'email', 'auth_pop3mailbox' => 'INBOX', 'enrol_plugins_enabled' => 'manual,guest,self,cohort', 'theme' => theme_config::DEFAULT_THEME, 'filter_multilang_converted' => 1, 'siteidentifier' => random_string(32) . get_host_from_url($CFG->wwwroot), 'backup_version' => 2008111700, 'backup_release' => '2.0 dev', 'mnet_dispatcher_mode' => 'off', 'sessiontimeout' => 7200, 'stringfilters' => '', 'filterall' => 0, 'texteditors' => 'atto,tinymce,textarea', 'upgrade_minmaxgradestepignored' => 1, 'upgrade_extracreditweightsstepignored' => 1, 'upgrade_calculatedgradeitemsignored' => 1); foreach ($defaults as $key => $value) { set_config($key, $value); } // Bootstrap mnet $mnethost = new stdClass(); $mnethost->wwwroot = $CFG->wwwroot; $mnethost->name = ''; $mnethost->name = ''; $mnethost->public_key = ''; if (empty($_SERVER['SERVER_ADDR'])) { // SERVER_ADDR is only returned by Apache-like webservers preg_match("@^(?:http[s]?://)?([A-Z0-9\\-\\.]+).*@i", $CFG->wwwroot, $matches); $my_hostname = $matches[1]; $my_ip = gethostbyname($my_hostname); // Returns unmodified hostname on failure. DOH! if ($my_ip == $my_hostname) { $mnethost->ip_address = 'UNKNOWN'; } else { $mnethost->ip_address = $my_ip; } } else { $mnethost->ip_address = $_SERVER['SERVER_ADDR']; } $mnetid = $DB->insert_record('mnet_host', $mnethost); set_config('mnet_localhost_id', $mnetid); // Initial insert of mnet applications info $mnet_app = new stdClass(); $mnet_app->name = 'moodle'; $mnet_app->display_name = 'Moodle'; $mnet_app->xmlrpc_server_url = '/mnet/xmlrpc/server.php'; $mnet_app->sso_land_url = '/auth/mnet/land.php'; $mnet_app->sso_jump_url = '/auth/mnet/jump.php'; $moodleapplicationid = $DB->insert_record('mnet_application', $mnet_app); $mnet_app = new stdClass(); $mnet_app->name = 'mahara'; $mnet_app->display_name = 'Mahara'; $mnet_app->xmlrpc_server_url = '/api/xmlrpc/server.php'; $mnet_app->sso_land_url = '/auth/xmlrpc/land.php'; $mnet_app->sso_jump_url = '/auth/xmlrpc/jump.php'; $DB->insert_record('mnet_application', $mnet_app); // Set up the probably-to-be-removed-soon 'All hosts' record $mnetallhosts = new stdClass(); $mnetallhosts->wwwroot = ''; $mnetallhosts->ip_address = ''; $mnetallhosts->public_key = ''; $mnetallhosts->public_key_expires = 0; $mnetallhosts->last_connect_time = 0; $mnetallhosts->last_log_id = 0; $mnetallhosts->deleted = 0; $mnetallhosts->name = 'All Hosts'; $mnetallhosts->applicationid = $moodleapplicationid; $mnetallhosts->id = $DB->insert_record('mnet_host', $mnetallhosts, true); set_config('mnet_all_hosts_id', $mnetallhosts->id); // Create guest record - do not assign any role, guest user gets the default guest role automatically on the fly if ($DB->record_exists('user', array())) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Can not create default users, users already exist.'); } $guest = new stdClass(); $guest->auth = 'manual'; $guest->username = '******'; $guest->password = hash_internal_user_password('guest'); $guest->firstname = get_string('guestuser'); $guest->lastname = ' '; $guest->email = 'root@localhost'; $guest->description = get_string('guestuserinfo'); $guest->mnethostid = $CFG->mnet_localhost_id; $guest->confirmed = 1; $guest->lang = $CFG->lang; $guest->timemodified = time(); $guest->id = $DB->insert_record('user', $guest); if ($guest->id != 1) { echo $OUTPUT->notification('Unexpected id generated for the Guest account. Your database configuration or clustering setup may not be fully supported', 'notifyproblem'); } // Store guest id set_config('siteguest', $guest->id); // Make sure user context exists context_user::instance($guest->id); // Now create admin user $admin = new stdClass(); $admin->auth = 'manual'; $admin->firstname = get_string('admin'); $admin->lastname = get_string('user'); $admin->username = '******'; $admin->password = '******'; $admin->email = ''; $admin->confirmed = 1; $admin->mnethostid = $CFG->mnet_localhost_id; $admin->lang = $CFG->lang; $admin->maildisplay = 1; $admin->timemodified = time(); $admin->lastip = CLI_SCRIPT ? '0.0.0.0' : getremoteaddr(); // installation hijacking prevention $admin->id = $DB->insert_record('user', $admin); if ($admin->id != 2) { echo $OUTPUT->notification('Unexpected id generated for the Admin account. Your database configuration or clustering setup may not be fully supported', 'notifyproblem'); } if ($admin->id != $guest->id + 1) { echo $OUTPUT->notification('Nonconsecutive id generated for the Admin account. Your database configuration or clustering setup may not be fully supported.', 'notifyproblem'); } // Store list of admins set_config('siteadmins', $admin->id); // Make sure user context exists context_user::instance($admin->id); // Install the roles system. $managerrole = create_role('', 'manager', '', 'manager'); $coursecreatorrole = create_role('', 'coursecreator', '', 'coursecreator'); $editteacherrole = create_role('', 'editingteacher', '', 'editingteacher'); $noneditteacherrole = create_role('', 'teacher', '', 'teacher'); $studentrole = create_role('', 'student', '', 'student'); $guestrole = create_role('', 'guest', '', 'guest'); $userrole = create_role('', 'user', '', 'user'); $frontpagerole = create_role('', 'frontpage', '', 'frontpage'); // Now is the correct moment to install capabilities - after creation of legacy roles, but before assigning of roles update_capabilities('moodle'); // Default allow role matrices. foreach ($DB->get_records('role') as $role) { foreach (array('assign', 'override', 'switch') as $type) { $function = 'allow_' . $type; $allows = get_default_role_archetype_allows($type, $role->archetype); foreach ($allows as $allowid) { $function($role->id, $allowid); } } } // Set up the context levels where you can assign each role. set_role_contextlevels($managerrole, get_default_contextlevels('manager')); set_role_contextlevels($coursecreatorrole, get_default_contextlevels('coursecreator')); set_role_contextlevels($editteacherrole, get_default_contextlevels('editingteacher')); set_role_contextlevels($noneditteacherrole, get_default_contextlevels('teacher')); set_role_contextlevels($studentrole, get_default_contextlevels('student')); set_role_contextlevels($guestrole, get_default_contextlevels('guest')); set_role_contextlevels($userrole, get_default_contextlevels('user')); // Init theme and JS revisions set_config('themerev', time()); set_config('jsrev', time()); // No admin setting for this any more, GD is now required, remove in Moodle 2.6. set_config('gdversion', 2); // Install licenses require_once $CFG->libdir . '/licenselib.php'; license_manager::install_licenses(); // Init profile pages defaults if ($DB->record_exists('my_pages', array())) { throw new moodle_exception('generalexceptionmessage', 'error', '', 'Can not create default profile pages, records already exist.'); } $mypage = new stdClass(); $mypage->userid = NULL; $mypage->name = '__default'; $mypage->private = 0; $mypage->sortorder = 0; $DB->insert_record('my_pages', $mypage); $mypage->private = 1; $DB->insert_record('my_pages', $mypage); // Set a sensible default sort order for the most-used question types. set_config('multichoice_sortorder', 1, 'question'); set_config('truefalse_sortorder', 2, 'question'); set_config('match_sortorder', 3, 'question'); set_config('shortanswer_sortorder', 4, 'question'); set_config('numerical_sortorder', 5, 'question'); set_config('essay_sortorder', 6, 'question'); }
/** * Install Moodle DB, * config.php must exist, there must not be any tables in db yet. * * @param array $options adminpass is mandatory * @param bool $interactive * @return void */ function install_cli_database(array $options, $interactive) { global $CFG, $DB; require_once $CFG->libdir . '/environmentlib.php'; require_once $CFG->libdir . '/upgradelib.php'; // show as much debug as possible @error_reporting(E_ALL | E_STRICT); @ini_set('display_errors', '1'); $CFG->debug = E_ALL | E_STRICT; $CFG->debugdisplay = true; $CFG->version = ''; $CFG->release = ''; $CFG->branch = ''; $version = null; $release = null; $branch = null; // read $version and $release require $CFG->dirroot . '/version.php'; if ($DB->get_tables()) { cli_error(get_string('clitablesexist', 'install')); } if (empty($options['adminpass'])) { cli_error('Missing required admin password'); } // test environment first list($envstatus, $environment_results) = check_moodle_environment(normalize_version($release), ENV_SELECT_RELEASE); if (!$envstatus) { $errors = environment_get_errors($environment_results); cli_heading(get_string('environment', 'admin')); foreach ($errors as $error) { list($info, $report) = $error; echo "!! {$info} !!\n{$report}\n\n"; } exit(1); } if (!$DB->setup_is_unicodedb()) { if (!$DB->change_db_encoding()) { // If could not convert successfully, throw error, and prevent installation cli_error(get_string('unicoderequired', 'admin')); } } if ($interactive) { cli_separator(); cli_heading(get_string('databasesetup')); } // install core install_core($version, true); set_config('release', $release); set_config('branch', $branch); if (PHPUNIT_TEST) { // mark as test database as soon as possible set_config('phpunittest', 'na'); } // install all plugins types, local, etc. upgrade_noncore(true); // set up admin user password $DB->set_field('user', 'password', hash_internal_user_password($options['adminpass']), array('username' => 'admin')); // rename admin username if needed if (isset($options['adminuser']) and $options['adminuser'] !== 'admin' and $options['adminuser'] !== 'guest') { $DB->set_field('user', 'username', $options['adminuser'], array('username' => 'admin')); } // indicate that this site is fully configured set_config('rolesactive', 1); upgrade_finished(); // log in as admin - we need do anything when applying defaults $admins = get_admins(); $admin = reset($admins); session_set_user($admin); // apply all default settings, do it twice to fill all defaults - some settings depend on other setting admin_apply_default_settings(NULL, true); admin_apply_default_settings(NULL, true); set_config('registerauth', ''); // set the site name if (isset($options['shortname']) and $options['shortname'] !== '') { $DB->set_field('course', 'shortname', $options['shortname'], array('format' => 'site')); } if (isset($options['fullname']) and $options['fullname'] !== '') { $DB->set_field('course', 'fullname', $options['fullname'], array('format' => 'site')); } }
// start table while ($line = $cir->next()) { $upt->flush(); $linenum++; $upt->track('line', $linenum); $user = new object(); // by default, use the local mnet id (this may be changed in the file) $user->mnethostid = $CFG->mnet_localhost_id; // add fields to user object foreach ($line as $key => $value) { if ($value !== '') { $key = $columns[$key]; // password is special field if ($key == 'password') { if ($value !== '') { $user->password = hash_internal_user_password($value); if (!empty($CFG->passwordpolicy) and !check_password_policy($value, $errmsg)) { $forcechangepassword++; } } } else { $user->{$key} = $value; if (in_array($key, $upt->columns)) { $upt->track($key, $value); } } } } // get username, first/last name now - we need them in templates!! if ($optype == UU_UPDATE) { // when updating only username is required
/** * Sets specified user's password and send the new password to the user via email. * * @global object * @global object * @param user $user A {@link $USER} object * @return boolean|string Returns "true" if mail was sent OK and "false" if there was an error */ function setnew_password_and_mail($user) { global $CFG, $DB; // we try to send the mail in language the user understands, // unfortunately the filter_string() does not support alternative langs yet // so multilang will not work properly for site->fullname $lang = empty($user->lang) ? $CFG->lang : $user->lang; $site = get_site(); $supportuser = generate_email_supportuser(); $newpassword = generate_password(); $DB->set_field('user', 'password', hash_internal_user_password($newpassword), array('id' => $user->id)); $a = new stdClass(); $a->firstname = fullname($user, true); $a->sitename = format_string($site->fullname); $a->username = $user->username; $a->newpassword = $newpassword; $a->link = $CFG->wwwroot . '/login/'; $a->signoff = generate_email_signoff(); $message = (string) new lang_string('newusernewpasswordtext', '', $a, $lang); $subject = format_string($site->fullname) . ': ' . (string) new lang_string('newusernewpasswordsubj', '', $a, $lang); //directly email rather than using the messaging system to ensure its not routed to a popup or jabber return email_to_user($user, $supportuser, $subject, $message); }
/** * Initialize a new user description object */ protected function inituser() { global $CFG, $DB, $USER; $data = array('idnumber' => '__fcH__TESTID001__', 'username' => '__fcH__testuser1__', 'firstname' => 'Test', 'lastname' => 'User1', 'email' => '*****@*****.**', 'country' => 'us'); $newuser = new user($data); $newuser->save(); $this->tuserid = $newuser->id; $usernew = new stdClass(); $usernew->username = '******'; $usernew->idnumber = '__fcH__testuser__'; $usernew->firstname = 'Test'; $usernew->lastname = 'User'; $usernew->email = '*****@*****.**'; $usernew->confirmed = 1; $usernew->auth = 'manual'; $usernew->mnethostid = $CFG->mnet_localhost_id; $usernew->confirmed = 1; $usernew->timecreated = time(); $usernew->password = hash_internal_user_password('testpassword'); $this->mdluserid = $DB->insert_record('user', $usernew); // Setup the global user to be this new test user we have created. $USER = $DB->get_record('user', array('id' => $this->mdluserid)); $USER->access = get_user_accessdata($USER->id); }
/** * Test function update_internal_user_password(). */ public function test_update_internal_user_password() { global $DB; $this->resetAfterTest(); $passwords = array('password', '1234', 'changeme', '****'); foreach ($passwords as $password) { $user = $this->getDataGenerator()->create_user(array('auth' => 'manual')); update_internal_user_password($user, $password); // The user object should have been updated. $this->assertTrue(validate_internal_user_password($user, $password)); // The database field for the user should also have been updated to the // same value. $this->assertSame($user->password, $DB->get_field('user', 'password', array('id' => $user->id))); } $user = $this->getDataGenerator()->create_user(array('auth' => 'manual')); // Manually set the user's password to the md5 of the string 'password'. $DB->set_field('user', 'password', '5f4dcc3b5aa765d61d8327deb882cf99', array('id' => $user->id)); // Update the password. update_internal_user_password($user, 'password'); if (password_compat_not_supported()) { // If bcrypt not properly supported the password should remain as an md5 hash. $expected_hash = hash_internal_user_password('password', true); $this->assertSame($user->password, $expected_hash); $this->assertTrue(password_is_legacy_hash($user->password)); } else { // Otherwise password should have been updated to a bcrypt hash. $this->assertFalse(password_is_legacy_hash($user->password)); } }
/** * Creates an User with given information. Required fields are: * -username * -idnumber * -firstname * -lastname * -email * * And there's some interesting fields: * -password * -auth * -confirmed * -timezone * -country * -emailstop * -theme * -lang * -mailformat * * @param assoc array or object $user * * @return string or thrown exceptions */ function create_user($user) { global $CFG, $DB; /// WS: convert user array into an user object if (is_array($user)) { $user = (object) $user; } /// check auth fields if (!isset($user->auth)) { $user->auth = 'manual'; } else { /// check that the auth value exists $authplugin = get_directory_list($CFG->dirroot . "/auth", '', false, true, false); if (array_search($user->auth, $authplugin) === false) { throw new moodle_exception('authnotexisting'); } } $required = array('username', 'firstname', 'lastname', 'email', 'password'); foreach ($required as $req) { if (!isset($user->{$req})) { throw new moodle_exception('missingrequiredfield'); } } $password = hash_internal_user_password($user->password); $record = create_user_record($user->username, $password, $user->auth); if ($record) { $user->id = $record->id; if ($DB->update_record('user', $user)) { return $record->id; } else { //we could not update properly the newly created user, we need to delete it $DB->delete_record('user', array('id' => $record->id)); throw new moodle_exception('usernotcreated'); } } throw new moodle_exception('usernotcreated'); }
$upt->track('password', get_string('missingfield', 'error', 'password'), 'error'); $upt->track('status', $strusernotaddederror, 'error'); $userserrors++; continue; } } else { $errmsg = null; $weak = !check_password_policy($user->password, $errmsg); if ($resetpasswords == UU_PWRESET_ALL or $resetpasswords == UU_PWRESET_WEAK and $weak) { if ($weak) { $weakpasswords++; $upt->track('password', $strinvalidpasswordpolicy, 'warning'); } $forcechangepassword = true; } $user->password = hash_internal_user_password($user->password); } } else { $user->password = '******'; $upt->track('password', '-', 'normal', false); } // create user - insert_record ignores any extra properties $user->id = $DB->insert_record('user', $user); $upt->track('username', html_writer::link(new moodle_url('/user/profile.php', array('id' => $user->id)), s($user->username)), 'normal', false); // save custom profile fields data profile_save_data($user); if ($forcechangepassword) { set_user_preference('auth_forcepasswordchange', 1, $user); } if ($user->password === 'to be generated') { set_user_preference('create_password', 1, $user);
/** * Sets specified user's password and send the new password to the user via email. * * @uses $CFG * @param user $user A {@link $USER} object * @return boolean|string Returns "true" if mail was sent OK, "emailstop" if email * was blocked by user and "false" if there was another sort of error. */ function setnew_password_and_mail($user) { global $CFG; $site = get_site(); $supportuser = generate_email_supportuser(); $newpassword = generate_password(); if (!set_field('user', 'password', hash_internal_user_password($newpassword), 'id', $user->id)) { trigger_error('Could not set user password!'); return false; } $a = new object(); $a->firstname = fullname($user, true); $a->sitename = format_string($site->fullname); $a->username = $user->username; $a->newpassword = $newpassword; $a->link = $CFG->wwwroot . '/login/'; $a->signoff = generate_email_signoff(); $message = get_string('newusernewpasswordtext', '', $a); $subject = format_string($site->fullname) . ': ' . get_string('newusernewpasswordsubj'); return email_to_user($user, $supportuser, $subject, $message); }