function logoutpage_hook()
{
if (isset($this->config->dosinglelogout) && $this->config->dosinglelogout) {
set_moodle_cookie('nobody');
require_logout();
redirect($GLOBALS['CFG']->wwwroot . '/auth/saml/index.php?logout=1');
}
}
} else {
if (!empty($CFG->mymoodleredirect)) {
// Redirect logged-in users to My Moodle overview if required
if (isloggedin() && $USER->username != 'guest') {
redirect($CFG->wwwroot . '/my/index.php');
}
}
}
} else {
// if upgrading from 1.6 or below
if (isadmin() && moodle_needs_upgrading()) {
redirect($CFG->wwwroot . '/' . $CFG->admin . '/index.php');
}
}
if (get_moodle_cookie() == '') {
set_moodle_cookie('nobody');
// To help search for cookies on login page
}
if (!empty($USER->id)) {
add_to_log(SITEID, 'course', 'view', 'view.php?id=' . SITEID, SITEID);
}
if (empty($CFG->langmenu)) {
$langmenu = '';
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$langlabel = get_accesshide(get_string('language'));
$langmenu = popup_form($CFG->wwwroot . '/index.php?lang=', $langs, 'chooselang', $currlang, '', '', '', true, 'self', $langlabel);
}
$PAGE = page_create_object(PAGE_COURSE_VIEW, SITEID);
$pageblocks = blocks_setup($PAGE);
die;
}
/// Let's get them all set up.
complete_user_login($user);
\core\session\manager::apply_concurrent_login_limit($user->id, session_id());
// sets the username cookie
if (!empty($CFG->nolastloggedin)) {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
} else {
if (empty($CFG->rememberusername) or $CFG->rememberusername == 2 and empty($frm->rememberusername)) {
// no permanent cookies, delete old one if exists
set_moodle_cookie('');
} else {
set_moodle_cookie($USER->username);
}
}
$urltogo = core_login_get_return_url();
/// check if user password has expired
/// Currently supported only for ldap-authentication module
$userauth = get_auth_plugin($USER->auth);
if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
if ($userauth->can_change_password()) {
$passwordchangeurl = $userauth->change_password_url();
if (!$passwordchangeurl) {
$passwordchangeurl = $CFG->httpswwwroot . '/login/change_password.php';
}
} else {
$passwordchangeurl = $CFG->httpswwwroot . '/login/change_password.php';
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
*
*
* @uses $CFG, $USER
* @param string $user obj
* @return user|flase A {@link $USER} object or false if error
*/
function complete_user_login($user)
{
global $CFG, $USER;
$USER = $user;
// this is required because we need to access preferences here!
if (!empty($CFG->regenloginsession)) {
// please note this setting may break some auth plugins
session_regenerate_id();
}
reload_user_preferences();
update_user_login_times();
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('nobody');
}
set_login_session_preferences();
// Call enrolment plugins
check_enrolment_plugins($user);
/// This is what lets the user do anything on the site :-)
load_all_capabilities();
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
* @param object $user
* @param bool $setcookie
* @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user, $setcookie = true)
{
global $CFG, $USER;
// regenerate session id and delete old session,
// this helps prevent session fixation attacks from the same domain
session_regenerate_id(true);
// check enrolments, load caps and setup $USER object
session_set_user($user);
// reload preferences from DB
unset($user->preference);
check_user_preferences_loaded($user);
// update login times
update_user_login_times();
// extra session prefs init
set_login_session_preferences();
if (isguestuser()) {
// no need to continue when user is THE guest
return $USER;
}
if ($setcookie) {
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('');
}
}
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
echo $OUTPUT->header();
echo $OUTPUT->heading(get_string('mustconfirm'));
echo $OUTPUT->box(get_string('emailconfirmsent', '', $user->email), 'generalbox boxaligncenter');
echo $OUTPUT->footer();
die;
}
// Let's get them all set up.
complete_user_login($user);
// Set the username cookie
if (empty($CFG->nolastloggedin)) {
// Store last logged in user in cookie
if (empty($CFG->rememberusername) or $CFG->rememberusername == 2 and empty($frm->rememberusername)) {
// No permanent cookies, delete old one if exists
set_moodle_cookie('');
} else {
set_moodle_cookie($USER->email);
}
}
$urltogo = get_return_url();
// Discard any errors before the last redirect.
unset($SESSION->loginerrormsg);
// test the session actually works by redirecting to self
$SESSION->wantsurl = $urltogo;
redirect(new moodle_url('/local/obu_application/login.php', array('testsession' => $USER->id)));
} else {
if (empty($errormsg)) {
if ($errorcode == AUTH_LOGIN_UNAUTHORISED) {
$errormsg = get_string('unauthorisedlogin', '', $frm->username);
} else {
$errormsg = get_string('invalidlogin');
$errorcode = 3;
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Created by IntelliJ IDEA.
* User: tdjones
* Date: 12-01-24
* Time: 1:07 PM
* To change this template use File | Settings | File Templates.
*/
header('Cache-Control: no-cache, no-store, must-revalidate');
// HTTP 1.1.
header('Pragma: no-cache');
// HTTP 1.0.
header('Expires: 0');
// Proxies.
define("MOODLE_INTERNAL", true);
require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/config.php';
$courseid = required_param("cid", PARAM_INT);
if (!isloggedin() || !empty($SESSION->has_timed_out)) {
if (!empty($SESSION->has_timed_out)) {
unset($SESSION->has_timed_out);
}
$USER = $guest = get_complete_user_data('username', 'guest');
complete_user_login($guest);
set_moodle_cookie($guest->username);
}
redirect(new moodle_url($CFG->httpswwwroot . '/course/view.php', array('id' => $courseid)));
function teosso_authenticate_user()
{
global $CFG, $USER, $SESSION;
$pluginconfig = get_config('auth/teosso');
// retrieve the login data from the HTTP Headers
$attributes = auth_plugin_teosso::get_sso_attributes();
// check to see if we got any authentication data
if (empty($attributes)) {
redirect($pluginconfig->signin_url);
}
// get the http headers for error reporting
$headers = apache_request_headers();
$attr_hdrs = array();
foreach ($headers as $key => $value) {
if (preg_match('/^HTTP_/', $key)) {
$attr_hdrs[] = $key . ': ' . $value;
}
}
$headers = implode(' | ', $attr_hdrs);
// FIND THE VALIDIDTY OF THE HTTP HEADER
$attrmap = auth_plugin_teosso::get_attributes();
if (empty($attrmap['idnumber'])) {
// serious misdemeanour
print_error('missingidnumber', 'auth_teosso');
}
if (empty($attributes[$attrmap['idnumber']])) {
#
// not valid session. Ship user off to Federation Manager
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('idnumber_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
} else {
// in theory we only need acct_id at this point - we should retrieve the user record to get the username via idnumber
if (!($user = get_record('user', 'idnumber', $attributes[$attrmap['idnumber']]))) {
// must be a new user
if (!empty($attributes[$attrmap['username']])) {
$attributes['username'] = $attributes[$attrmap['username']];
} else {
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('username_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
}
} else {
// user must use the auth type teosso or authenticate_user_login() will fail
if ($user->auth != 'teosso') {
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('user_auth_type_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
}
// because we want to retain acct_id as the master ID
// we need to modify idnumber on mdl_user NOW - so it all lines up later
if (isset($attributes[$attrmap['username']]) && $user->username != $attributes[$attrmap['username']]) {
if (!set_field('user', 'username', $attributes[$attrmap['username']], 'id', $user->id)) {
print_error('usernameupdatefailed', 'auth_teosso');
}
$attributes['username'] = $attributes[$attrmap['username']];
} else {
$attributes['username'] = $user->username;
}
}
// Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
// we require the plugin to know that we are now doing a teosso login in hook puser_login
$GLOBALS['teosso_login'] = TRUE;
// make variables accessible to teosso->get_userinfo. Information will be requested from authenticate_user_login -> create_user_record / update_user_record
$GLOBALS['teosso_login_attributes'] = $attributes;
// just passes time as a password. User will never log in directly to moodle with this password anyway or so we hope?
$USER = authenticate_user_login($attributes['username'], time());
$USER->loggedin = true;
$USER->site = $CFG->wwwroot;
update_user_login_times();
if ($pluginconfig->notshowusername) {
// Don't show username on login page
set_moodle_cookie('nobody');
}
set_login_session_preferences();
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
check_enrolment_plugins($USER);
load_all_capabilities();
// just fast copied this from some other module - might not work...
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
} else {
$urltogo = $CFG->wwwroot . '/';
}
unset($SESSION->wantsurl);
redirect($urltogo);
}
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
* @uses $CFG, $USER
* @param string $user obj
* @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user, $setcookie = true)
{
global $CFG, $USER, $SESSION;
// check enrolments, load caps and setup $USER object
session_set_user($user);
update_user_login_times();
set_login_session_preferences();
if ($setcookie) {
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('nobody');
}
}
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
function logoutpage_hook()
{
global $SESSION, $CFG;
$logout_url = $CFG->wwwroot . '/auth/onelogin_saml/index.php?logout=1';
if (!isset($SESSION->isSAMLSessionControlled)) {
$logout_url .= '&normal';
}
require_logout();
set_moodle_cookie('nobody');
redirect($logout_url);
}
function logoutpage_hook()
{
global $SESSION;
set_moodle_cookie('nobody');
require_logout();
if (isset($this->config->logoffurl)) {
if (ob_get_level() !== 0) {
ob_end_clean();
}
// in case we are inside a buffer
// 301: move permanently
// 302: found
// 303: see other
// 307: temporary redirect
header("Location: " . $this->config->logoffurl, true, 301);
exit;
// flush header
}
}
/// If we can find the Shibboleth attribute, save it in session and return to main login page
if (!empty($_SERVER[$pluginconfig->user_attribute])) {
// Shibboleth auto-login
$frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
$frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]), 0, 8);
// The random password consists of the first 8 letters of the base 64 encoded user ID
// This password is never used unless the user account is converted to manual
/// Check if the user has actually submitted login data to us
if ($shibbolethauth->user_login($frm->username, $frm->password)) {
$USER = authenticate_user_login($frm->username, $frm->password);
$USER->loggedin = true;
$USER->site = $CFG->wwwroot;
// for added security, store the site in the
update_user_login_times();
// Don't show previous shibboleth username on login page
set_moodle_cookie('');
set_login_session_preferences();
unset($SESSION->lang);
$SESSION->justloggedin = true;
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php?id=' . $USER->id . '&course=' . SITEID;
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
/// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
$urltogo = $CFG->wwwroot . '/';
/// Go to the standard home page
function enter($userid,$password){
global $CFG,$USER;
$authsequence = get_enabled_auth_plugins(true);
foreach($authsequence as $authname){
$authplugin = get_auth_plugin($authname);
$authplugin->loginpage_hook();
}
$frm=new stdClass();
$frm->username = $userid;
$frm->password = $password;
$user = authenticate_user_login($frm->username,$frm->password);
if ($user){
complete_user_login($user);
set_moodle_cookie('');
}
return $user;
}
function logoutpage_hook()
{
global $SESSION;
unset($SESSION->isSAMLSessionControlled);
//if($this->config->dologout) {
set_moodle_cookie('nobody');
require_logout();
redirect($GLOBALS['CFG']->wwwroot . '/auth/onelogin_saml/index.php?logout=1');
//}
}
function logoutpage_hook()
{
global $CFG, $USER;
auth_plugin_teosso::err('in logoutpage_hook');
if ($USER->auth == 'teosso' && $this->config->dologout) {
set_moodle_cookie('nobody');
require_logout();
redirect($this->config->signout_url);
}
}
function logoutpage_hook()
{
global $SESSION;
set_moodle_cookie('nobody');
require_logout();
if (isset($this->config->logoffurl)) {
// 301: move permanently
// 302: found
// 303: see other
// 307: temporary redirect
header("Location: " . $this->config->logoffurl, true, 301);
// redirect($this->config->logoffurl);
}
}
