public function execute()
{
global $CFG, $DB;
require_once $this->mooshDir . '/includes/passwords.php';
require_once $CFG->libdir . '/authlib.php';
require_once $CFG->libdir . '/moodlelib.php';
$options = $this->expandedOptions;
if ($options['userid']) {
$users = $DB->get_records('user', array('id' => $options['userid']));
} else {
$users = $DB->get_records('user', array('deleted' => 0));
}
foreach ($users as $user) {
if ($user->username == 'guest') {
continue;
}
foreach ($passwords as $password) {
if (validate_internal_user_password($user, $password)) {
echo "User with known (easily crackable) password: "******" / {$password}";
}
echo "\n";
continue 2;
}
}
}
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
* @return bool Authentication success or failure.
*/
public function user_login($username, $password)
{
global $CFG, $DB;
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id))) {
return validate_internal_user_password($user, $password);
}
return false;
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $CFG;
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
return validate_internal_user_password($user, $password);
}
return false;
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
*
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $CFG;
$textlib = textlib_get_instance();
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
$extpassword = $textlib->convert(stripslashes($password), 'utf-8', $this->config->extencoding);
$authdb = $this->db_init();
if ($this->config->passtype === 'internal') {
// lookup username externally, but resolve
// password locally -- to support backend that
// don't track passwords
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "' ");
if (!$rs) {
$authdb->Close();
print_error('auth_dbcantconnect', 'auth');
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
// user exists exterally
// check username/password internally
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
return validate_internal_user_password($user, $password);
}
} else {
$rs->Close();
$authdb->Close();
// user does not exist externally
return false;
}
} else {
// normal case: use external db for passwords
if ($this->config->passtype === 'md5') {
// Re-format password accordingly
$extpassword = md5($extpassword);
} else {
if ($this->config->passtype === 'sha1') {
$extpassword = sha1($extpassword);
}
}
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'\n AND {$this->config->fieldpass} = '" . $this->ext_addslashes($extpassword) . "' ");
if (!$rs) {
$authdb->Close();
print_error('auth_dbcantconnect', 'auth');
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
return true;
} else {
$rs->Close();
$authdb->Close();
return false;
}
}
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
*
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $CFG, $DB;
$extusername = textlib::convert($username, 'utf-8', $this->config->extencoding);
$extpassword = textlib::convert($password, 'utf-8', $this->config->extencoding);
$authdb = $this->db_init();
if ($this->is_internal()) {
// lookup username externally, but resolve
// password locally -- to support backend that
// don't track passwords
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "' ");
if (!$rs) {
$authdb->Close();
debugging(get_string('auth_dbcantconnect', 'auth_db'));
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
// user exists externally
// check username/password internally
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
return validate_internal_user_password($user, $password);
}
} else {
$rs->Close();
$authdb->Close();
// user does not exist externally
return false;
}
} else {
// normal case: use external db for both usernames and passwords
if ($this->config->passtype === 'md5') {
// Re-format password accordingly
$extpassword = md5($extpassword);
} else {
if ($this->config->passtype === 'sha1') {
$extpassword = sha1($extpassword);
}
}
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'\n AND {$this->config->fieldpass} = '" . $this->ext_addslashes($extpassword) . "' ");
if (!$rs) {
$authdb->Close();
debugging(get_string('auth_dbcantconnect', 'auth_db'));
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
return true;
} else {
$rs->Close();
$authdb->Close();
return false;
}
}
}
/**
* Validates that the version 1 update ignores empty values and does not
* blank out fields for users
*/
public function test_version1userupdateignoresemptyvalues()
{
global $CFG, $DB;
set_config('createorupdate', 0, 'dhimport_version1');
// Create, then update a user.
$data = array(array('entity' => 'user', 'action' => 'create', 'username' => 'rlipusername', 'password' => 'Rlippassword!0', 'firstname' => 'rlipfirstname', 'lastname' => 'rliplastname', 'email' => '*****@*****.**', 'city' => 'rlipcity', 'country' => 'CA', 'idnumber' => 'rlipidnumber'), array('entity' => 'user', 'action' => 'update', 'username' => 'rlipusername', 'password' => '', 'firstname' => 'updatedrlipfirstname', 'lastname' => '', 'email' => '', 'city' => '', 'country' => '', 'idnumber' => ''));
$provider = new rlipimport_version1_importprovider_emptyuser($data);
$importplugin = rlip_dataplugin_factory::factory('dhimport_version1', $provider);
$importplugin->run();
// Validation.
$params = array('username' => 'rlipusername', 'mnethostid' => $CFG->mnet_localhost_id, 'firstname' => 'updatedrlipfirstname', 'lastname' => 'rliplastname', 'email' => '*****@*****.**', 'city' => 'rlipcity', 'country' => 'CA', 'idnumber' => 'rlipidnumber');
$this->assert_record_exists('user', $params);
// Validate password.
$userrec = $DB->get_record('user', array('username' => $params['username']));
$this->assertTrue(validate_internal_user_password($userrec, 'Rlippassword!0'));
}
/**
* Tells a login success when the user is logged in correctly and from one of the given IPs.
* Cannot login when username and password are not correct, or from other IPs than those restricted ones.
*
* @param string $username username
* @param string $password password
* @return bool
*/
function user_login($username, $password)
{
global $DB, $CFG;
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id))) {
$valid_ips = explode(',', $this->config->valid_ips);
//check if IP is one of the restricted ones.
$remote_addr = filter_input(INPUT_SERVER, 'REMOTE_ADDR');
if (isset($remote_addr) && in_array($remote_addr, $valid_ips)) {
return validate_internal_user_password($user, $password);
} else {
return false;
}
}
// if no valid username, we do not allow to create a new user using this auth type.
return false;
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist. (Non-mnet accounts only!)
*
* @param string $username The username
* @param string $password The password
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $CFG, $DB, $USER;
if (!($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id)))) {
return false;
}
if (!validate_internal_user_password($user, $password)) {
return false;
}
if ($password === 'changeme') {
// force the change - this is deprecated and it makes sense only for manual auth,
// because most other plugins can not change password easily or
// passwords are always specified by users
set_user_preference('auth_forcepasswordchange', true, $user->id);
}
return true;
}
/**
* Authenticates user against the selected authentication provide (Ad web service)
*
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $DB, $CFG;
$extusername = core_text::convert($username, 'utf-8', $this->config->extencoding);
$extpassword = core_text::convert($password, 'utf-8', $this->config->extencoding);
if (!$username or !$password) {
// Don't allow blank usernames or passwords
return false;
}
//retrieve the user matching username
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
return validate_internal_user_password($user, $password);
} else {
return false;
}
//username must exist and have the right authentication method
if (!empty($user) && $user->auth == 'adwebservice') {
return true;
}
return false;
}
/**
* Validate that users can be updated when max-length field values are supplied
*/
public function testuserupdateissuccessfulwithmaxlengthfields()
{
global $CFG, $DB;
require_once $CFG->dirroot . '/local/elisprogram/lib/data/user.class.php';
$user = new user(array('idnumber' => 'testuseridnumber', 'username' => 'testuserusername', 'firstname' => 'testuserfirstname', 'lastname' => 'testuserlastname', 'email' => '*****@*****.**', 'country' => 'CA'));
$user->save();
$record = new stdClass();
$record->idnumber = 'testuseridnumber';
$record->username = '******';
$record->email = '*****@*****.**';
$record->firstname = str_repeat('a', 100);
$record->lastname = str_repeat('a', 100);
$record->password = '******' . str_repeat('a', 22) . '!0';
$record->mi = str_repeat('a', 100);
$record->email2 = str_repeat('a', 45) . '@' . str_repeat('a', 50) . '.com';
$record->address = str_repeat('a', 70);
// ELIS-6795 -- mdl_user.address is only 70 characters long.
$record->address2 = str_repeat('a', 100);
$record->city = str_repeat('a', 100);
$record->state = str_repeat('a', 100);
$record->postalcode = str_repeat('a', 32);
$record->phone = str_repeat('a', 100);
$record->phone2 = str_repeat('a', 100);
$record->fax = str_repeat('a', 100);
$expectedpassword = $record->password;
$importplugin = rlip_dataplugin_factory::factory('dhimport_version1elis');
$importplugin->fslogger = new silent_fslogger(null);
$importplugin->user_update($record, 'bogus');
$user = $DB->get_record(user::TABLE, array('idnumber' => $record->idnumber));
$this->assertEquals($record->firstname, $user->firstname);
$this->assertEquals($record->lastname, $user->lastname);
$this->assertEquals($record->mi, $user->mi);
$this->assertEquals($record->email2, $user->email2);
$this->assertEquals($record->address, $user->address);
$this->assertEquals($record->address2, $user->address2);
$this->assertEquals($record->city, $user->city);
$this->assertEquals($record->state, $user->state);
$this->assertEquals($record->postalcode, $user->postalcode);
$this->assertEquals($record->phone, $user->phone);
$this->assertEquals($record->phone2, $user->phone2);
$this->assertEquals($record->fax, $user->fax);
// Validate password.
$userrec = $DB->get_record('user', array('username' => $record->username));
$this->assertTrue(validate_internal_user_password($userrec, $expectedpassword));
}
/**
* Validate that mappings are applied during the user update action
*/
public function test_mapping_applied_during_user_update()
{
global $CFG, $DB;
require_once $CFG->dirroot . '/local/eliscore/lib/data/customfield.class.php';
require_once $CFG->dirroot . '/local/elisprogram/lib/data/user.class.php';
$this->init_mapping();
$customfieldid = $this->create_custom_field();
// Clear the cached custom field list.
$usertoclearcustomfieldlist = new user();
$usertoclearcustomfieldlist->reset_custom_field_list();
$user = new user(array('idnumber' => 'testuseridnumber', 'username' => 'testuserusername', 'firstname' => 'testuserfirstname', 'lastname' => 'testuserlastname', 'email' => '*****@*****.**', 'country' => 'CA'));
$user->save();
// Run the user update action.
$record = new stdClass();
$record->customaction = 'update';
$record->customusername = '******';
$record->custompassword = '******';
$record->customidnumber = 'testuseridnumber';
$record->customfirstname = 'updatedtestuserfirstname';
$record->customlastname = 'updatedtestuserlastname';
$record->custommi = 'updatedtestusermi';
$record->customemail = '*****@*****.**';
$record->customemail2 = '*****@*****.**';
$record->customaddress = 'updatedtestuseraddress';
$record->customaddress2 = 'updatedtestuseraddress2';
$record->customcity = 'updatedtestusercity';
$record->customstate = 'updatedtestuserstate';
$record->custompostalcode = 'updatedtestuserpostalcode';
$record->customcountry = 'FR';
$record->customphone = 'updatedtestuserphone';
$record->customphone2 = 'updatedtestuserphone2';
$record->customfax = 'updatedtestuserfax';
$record->custombirthdate = 'Jan/02/2012';
$record->customgender = 'F';
$record->customlanguage = 'fr';
$record->customtransfercredits = '2';
$record->customcomments = 'updatedtestusercomments';
$record->customnotes = 'updatedtestusernotes';
$record->custominactive = '1';
$record->customtestfieldshortname = '1';
$this->run_user_import((array) $record);
// Validation.
$data = array('username' => 'testuserusername', 'idnumber' => 'testuseridnumber', 'firstname' => 'updatedtestuserfirstname', 'lastname' => 'updatedtestuserlastname', 'mi' => 'updatedtestusermi', 'email' => '*****@*****.**', 'email2' => '*****@*****.**', 'address' => 'updatedtestuseraddress', 'address2' => 'updatedtestuseraddress2', 'city' => 'updatedtestusercity', 'state' => 'updatedtestuserstate', 'postalcode' => 'updatedtestuserpostalcode', 'country' => 'FR', 'phone' => 'updatedtestuserphone', 'phone2' => 'updatedtestuserphone2', 'fax' => 'updatedtestuserfax', 'birthdate' => '2012/01/02', 'gender' => 'F', 'language' => 'fr', 'transfercredits' => 2, 'inactive' => 1);
$this->assertTrue($DB->record_exists(user::TABLE, $data));
// Validate password.
$userrec = $DB->get_record('user', array('username' => $data['username']));
$this->assertTrue(validate_internal_user_password($userrec, 'updatedTestpassword!0'));
$record = $DB->get_record(user::TABLE, array('username' => 'testuserusername'));
$this->assertEquals('updatedtestusercomments', $record->comments);
$this->assertEquals('updatedtestusernotes', $record->notes);
$instance = \local_elisprogram\context\user::instance(1);
$this->assertTrue($DB->record_exists(field_data_int::TABLE, array('fieldid' => $customfieldid, 'contextid' => $instance->id, 'data' => 1)));
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
*
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
// therefore leave this code as is
global $CFG;
global $DB;
// TODO: might set user->auth to gsaml here :/
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id))) {
return validate_internal_user_password($user, $password);
}
return false;
}
/**
* Test function update_internal_user_password().
*/
public function test_update_internal_user_password()
{
global $DB;
$this->resetAfterTest();
$passwords = array('password', '1234', 'changeme', '****');
foreach ($passwords as $password) {
$user = $this->getDataGenerator()->create_user(array('auth' => 'manual'));
update_internal_user_password($user, $password);
// The user object should have been updated.
$this->assertTrue(validate_internal_user_password($user, $password));
// The database field for the user should also have been updated to the
// same value.
$this->assertSame($user->password, $DB->get_field('user', 'password', array('id' => $user->id)));
}
$user = $this->getDataGenerator()->create_user(array('auth' => 'manual'));
// Manually set the user's password to the md5 of the string 'password'.
$DB->set_field('user', 'password', '5f4dcc3b5aa765d61d8327deb882cf99', array('id' => $user->id));
$sink = $this->redirectEvents();
// Update the password.
update_internal_user_password($user, 'password');
$events = $sink->get_events();
$sink->close();
$event = array_pop($events);
// Password should have been updated to a bcrypt hash.
$this->assertFalse(password_is_legacy_hash($user->password));
// Verify event information.
$this->assertInstanceOf('\\core\\event\\user_password_updated', $event);
$this->assertSame($user->id, $event->relateduserid);
$this->assertEquals(context_user::instance($user->id), $event->get_context());
$this->assertEventContextNotUsed($event);
// Verify recovery of property 'auth'.
unset($user->auth);
update_internal_user_password($user, 'newpassword');
$this->assertDebuggingCalled('User record in update_internal_user_password() must include field auth', DEBUG_DEVELOPER);
$this->assertEquals('manual', $user->auth);
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $CFG, $DB;
$extusername = core_text::convert($username, 'utf-8', $this->config->extencoding);
$extpassword = core_text::convert($password, 'utf-8', $this->config->extencoding);
if ($this->is_internal()) {
// Lookup username externally, but resolve
// password locally -- to support backend that
// don't track passwords.
if (isset($this->config->removeuser) and $this->config->removeuser == AUTH_REMOVEUSER_KEEP) {
// No need to connect to external database in this case because users are never removed and we verify password locally.
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
return validate_internal_user_password($user, $password);
} else {
return false;
}
}
$authdb = $this->db_init();
$rs = $authdb->Execute("SELECT *\n FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'");
if (!$rs) {
$authdb->Close();
debugging(get_string('auth_dbcantconnect', 'auth_db'));
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
// User exists externally - check username/password internally.
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
return validate_internal_user_password($user, $password);
}
} else {
$rs->Close();
$authdb->Close();
// User does not exist externally.
return false;
}
} else {
// Normal case: use external db for both usernames and passwords.
$authdb = $this->db_init();
if ($this->config->passtype === 'md5') {
// Re-format password accordingly.
$extpassword = md5($extpassword);
} else {
if ($this->config->passtype === 'sha1') {
$extpassword = sha1($extpassword);
}
}
$rs = $authdb->Execute("SELECT *\n FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'\n AND {$this->config->fieldpass} = '" . $this->ext_addslashes($extpassword) . "'");
if (!$rs) {
$authdb->Close();
debugging(get_string('auth_dbcantconnect', 'auth_db'));
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
return true;
} else {
$rs->Close();
$authdb->Close();
return false;
}
}
}
/**
* Validate that when the "create or update" flag is enabled, delete
* actions still work for a course
*/
public function test_version1createorupdatedeletesuser()
{
global $CFG, $DB;
$CFG->siteguest = 0;
// Set up initial conditions.
set_config('createorupdate', 1, 'dhimport_version1');
// Validate that the standard delete action still works first create the user.
$expecteddata = array('username' => 'rlipusername', 'mnethostid' => $CFG->mnet_localhost_id, 'firstname' => 'rlipfirstname', 'lastname' => 'rliplastname', 'email' => '*****@*****.**', 'city' => 'rlipcity', 'country' => 'CA');
$importdata = array('entity' => 'user', 'action' => 'create', 'username' => 'rlipusername', 'password' => 'Rlippassword!1234', 'firstname' => 'rlipfirstname', 'lastname' => 'rliplastname', 'email' => '*****@*****.**', 'city' => 'rlipcity', 'country' => 'CA');
$this->run_core_user_import($importdata);
$this->assert_record_exists('user', $expecteddata);
// Validate password.
$userrec = $DB->get_record('user', array('username' => $importdata['username']));
$this->assertTrue(validate_internal_user_password($userrec, $importdata['password']));
// Then delete the user.
$importdata = array('entity' => 'user', 'action' => 'delete', 'username' => 'rlipusername');
$this->run_core_user_import($importdata);
$all = $DB->get_records('user');
$exists = $DB->record_exists('user', array('username' => 'rlipusername', 'deleted' => 0));
$this->assertEquals($exists, false);
}
/**
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
* @return bool Authentication success or failure.
*/
function user_login($username, $password)
{
global $CFG, $DB;
$extusername = core_text::convert($username, 'utf-8', $this->config->extencoding);
$extpassword = core_text::convert($password, 'utf-8', $this->config->extencoding);
if ($this->is_internal()) {
// Lookup username externally, but resolve
// password locally -- to support backend that
// don't track passwords.
if (isset($this->config->removeuser) and $this->config->removeuser == AUTH_REMOVEUSER_KEEP) {
// No need to connect to external database in this case because users are never removed and we verify password locally.
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
return validate_internal_user_password($user, $password);
} else {
return false;
}
}
$authdb = $this->db_init();
$rs = $authdb->Execute("SELECT *\n FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'");
if (!$rs) {
$authdb->Close();
debugging(get_string('auth_dbcantconnect', 'auth_db'));
return false;
}
if (!$rs->EOF) {
$rs->Close();
$authdb->Close();
// User exists externally - check username/password internally.
if ($user = $DB->get_record('user', array('username' => $username, 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
return validate_internal_user_password($user, $password);
}
} else {
$rs->Close();
$authdb->Close();
// User does not exist externally.
return false;
}
} else {
// Normal case: use external db for both usernames and passwords.
$authdb = $this->db_init();
$rs = $authdb->Execute("SELECT {$this->config->fieldpass} AS userpass\n FROM {$this->config->table}\n WHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'");
if (!$rs) {
$authdb->Close();
debugging(get_string('auth_dbcantconnect', 'auth_db'));
return false;
}
if ($rs->EOF) {
$authdb->Close();
return false;
}
$fields = array_change_key_case($rs->fields, CASE_LOWER);
$fromdb = $fields['userpass'];
// $rs->Close();
//$authdb->Close();
if ($this->config->passtype === 'plaintext') {
return $fromdb == $extpassword;
} else {
if ($this->config->passtype === 'md5') {
return strtolower($fromdb) == md5($extpassword);
} else {
if ($this->config->passtype === 'sha1') {
return strtolower($fromdb) == sha1($extpassword);
} else {
if ($this->config->passtype === 'saltedcrypt') {
require_once $CFG->libdir . '/password_compat/lib/password.php';
return password_verify($extpassword, $fromdb);
} else {
if ($this->config->passtype === 'tlim_alg') {
//$hash =new PasswordHash(8, false);
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}\n\t\t\t\tWHERE {$this->config->fielduser} = '" . $this->ext_addslashes($extusername) . "'");
//$check = $hash->CheckPassword( $extpassword, $rs->fields["password"]);
//return $check;
return sha1('--' . $rs->fields["salt"] . '--' . $extpassword . '--') == $rs->fields["password"];
} else {
return false;
}
}
}
}
}
$rs->Close();
$authdb->Close();
}
}
/**
* Validates that error logging works correctly with the user "create or update" functionality
*/
public function test_version1importloggingsupportsusercreateorupdate()
{
global $CFG, $DB;
set_config('createorupdate', 1, 'dhimport_version1');
// Create mapping records.
$this->create_mapping_record('user', 'username', 'customusername');
$this->create_mapping_record('user', 'password', 'custompassword');
$this->create_mapping_record('user', 'firstname', 'customfirstname');
$this->create_mapping_record('user', 'lastname', 'customlastname');
$this->create_mapping_record('user', 'email', 'customemail');
$this->create_mapping_record('user', 'city', 'customcity');
$this->create_mapping_record('user', 'country', 'customcountry');
$password = '******';
// Create a user so it can be updated.
self::cleanup_log_files();
$data = array('action' => 'create', 'customusername' => 'rlipusername', 'custompassword' => $password, 'customfirstname' => 'rlipfirstname', 'customlastname' => 'rliplastname', 'customemail' => '*****@*****.**', 'customcity' => 'rlipcity', 'customcountry' => 'CA');
$provider = new rlipimport_version1_importprovider_fsloguser($data);
$instance = rlip_dataplugin_factory::factory('dhimport_version1', $provider, null, true);
ob_start();
$instance->run();
ob_end_clean();
$data = array('mnethostid' => $CFG->mnet_localhost_id, 'username' => $data['customusername'], 'firstname' => $data['customfirstname'], 'lastname' => $data['customlastname'], 'email' => $data['customemail'], 'city' => $data['customcity'], 'country' => $data['customcountry']);
$this->assert_record_exists('user', $data);
// Validate password.
$userrec = $DB->get_record('user', array('username' => $data['username']));
$this->assertTrue(validate_internal_user_password($userrec, $password));
// Update validation using create.
$data = array('action' => 'create', 'customusername' => '', 'custompassword' => '', 'customfirstname' => '', 'customlastname' => '', 'customemail' => '', 'customcity' => '', 'customcountry' => '');
$expectederror = "[user.csv line 2] User could not be created. Required fields customusername, custompassword,";
$expectederror .= " customfirstname, customlastname, customemail, customcity, customcountry are unspecified or empty.\n";
$this->assert_data_produces_error($data, $expectederror, 'user');
// Actually update using create.
self::cleanup_log_files();
$data = array('action' => 'create', 'customusername' => 'rlipusername', 'customfirstname' => 'updatedrlipfirstname');
$provider = new rlipimport_version1_importprovider_fsloguser($data);
$instance = rlip_dataplugin_factory::factory('dhimport_version1', $provider, null, true);
ob_start();
$instance->run();
ob_end_clean();
$data = array('username' => 'rlipusername', 'mnethostid' => $CFG->mnet_localhost_id, 'firstname' => 'updatedrlipfirstname', 'lastname' => 'rliplastname', 'email' => '*****@*****.**', 'city' => 'rlipcity', 'country' => 'CA');
$this->assert_record_exists('user', $data);
// Validate password.
$userrec = $DB->get_record('user', array('username' => $data['username']));
$this->assertTrue(validate_internal_user_password($userrec, $password));
}
/**
* Test function update_internal_user_password().
*/
public function test_update_internal_user_password()
{
global $DB;
$this->resetAfterTest();
$passwords = array('password', '1234', 'changeme', '****');
foreach ($passwords as $password) {
$user = $this->getDataGenerator()->create_user(array('auth' => 'manual'));
update_internal_user_password($user, $password);
// The user object should have been updated.
$this->assertTrue(validate_internal_user_password($user, $password));
// The database field for the user should also have been updated to the
// same value.
$this->assertSame($user->password, $DB->get_field('user', 'password', array('id' => $user->id)));
}
$user = $this->getDataGenerator()->create_user(array('auth' => 'manual'));
// Manually set the user's password to the md5 of the string 'password'.
$DB->set_field('user', 'password', '5f4dcc3b5aa765d61d8327deb882cf99', array('id' => $user->id));
// Update the password.
update_internal_user_password($user, 'password');
if (password_compat_not_supported()) {
// If bcrypt not properly supported the password should remain as an md5 hash.
$expected_hash = hash_internal_user_password('password', true);
$this->assertSame($user->password, $expected_hash);
$this->assertTrue(password_is_legacy_hash($user->password));
} else {
// Otherwise password should have been updated to a bcrypt hash.
$this->assertFalse(password_is_legacy_hash($user->password));
}
}
/**
* Validate that the version 1 import plugin correctly uses field mappings
* on user creation
*/
public function test_version1importusesuserfieldmappings()
{
global $CFG, $DB;
$file = get_plugin_directory('dhimport', 'version1') . '/lib.php';
require_once $file;
$CFG->allowuserthemes = true;
// Set up our mapping of standard field names to custom field names.
$mapping = array('action' => 'action1', 'username' => 'username1', 'auth' => 'auth1', 'password' => 'password1', 'firstname' => 'firstname1', 'lastname' => 'lastname1', 'email' => 'email1', 'maildigest' => 'maildigest1', 'autosubscribe' => 'autosubscribe1', 'trackforums' => 'trackforums1', 'city' => 'city1', 'country' => 'country1', 'timezone' => 'timezone1', 'theme' => 'theme1', 'lang' => 'lang1', 'description' => 'description1', 'idnumber' => 'idnumber1', 'institution' => 'institution1', 'department' => 'department1');
// Store the mapping records in the database.
foreach ($mapping as $standardfieldname => $customfieldname) {
$record = new stdClass();
$record->entitytype = 'user';
$record->standardfieldname = $standardfieldname;
$record->customfieldname = $customfieldname;
$DB->insert_record(RLIPIMPORT_VERSION1_MAPPING_TABLE, $record);
}
// Run the import.
$data = array('entity' => 'user', 'action1' => 'create', 'username1' => 'rlipusername', 'auth1' => 'mnet', 'password1' => 'Rlippassword!0', 'firstname1' => 'rlipfirstname', 'lastname1' => 'rliplastname', 'email1' => '*****@*****.**', 'maildigest1' => '2', 'autosubscribe1' => '1', 'trackforums1' => '1', 'city1' => 'rlipcity', 'country1' => 'CA', 'timezone1' => -5.0, 'theme1' => 'standard', 'lang1' => 'en', 'description1' => 'rlipdescription', 'idnumber1' => 'rlipidnumber', 'institution1' => 'rlipinstitution', 'department1' => 'rlipdepartment');
$this->run_core_user_import($data, false);
// Validate user record.
$select = "username = :username AND\n mnethostid = :mnethostid AND\n auth = :auth AND\n firstname = :firstname AND\n lastname = :lastname AND\n email = :email AND\n maildigest = :maildigest AND\n autosubscribe = :autosubscribe AND\n trackforums = :trackforums AND\n city = :city AND\n country = :country AND\n theme = :theme AND\n lang = :lang AND\n {$DB->sql_compare_text('description')} = :description AND\n idnumber = :idnumber AND\n institution = :institution AND\n department = :department";
$params = array('username' => 'rlipusername', 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => 'mnet', 'firstname' => 'rlipfirstname', 'lastname' => 'rliplastname', 'email' => '*****@*****.**', 'maildigest' => 2, 'autosubscribe' => 1, 'trackforums' => 1, 'city' => 'rlipcity', 'country' => 'CA', 'timezone' => -5.0, 'theme' => 'standard', 'lang' => 'en', 'description' => 'rlipdescription', 'idnumber' => 'rlipidnumber', 'institution' => 'rlipinstitution', 'department' => 'rlipdepartment');
$exists = $DB->record_exists_select('user', $select, $params);
$this->assertTrue($exists);
// Validate password.
$userrec = $DB->get_record('user', array('username' => $data['username1']));
$this->assertTrue(validate_internal_user_password($userrec, $data['password1']));
}
