public function __fav_user_login($user)
{
global $CFG, $USER;
// regenerate session id and delete old session,
// this helps prevent session fixation attacks from the same domain
session_regenerate_id(true);
// let enrol plugins deal with new enrolments if necessary
enrol_check_plugins($user);
// check enrolments, load caps and setup $USER object
session_set_user($user);
// reload preferences from DB
unset($USER->preference);
check_user_preferences_loaded($USER);
// update login times
update_user_login_times();
// extra session prefs init
set_login_session_preferences();
if (isguestuser()) {
// no need to continue when user is THE guest
return $USER;
}
return $USER;
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
* - this function does not set any cookies any more!
*
* @param stdClass $user
* @return stdClass A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user)
{
global $CFG, $USER, $SESSION;
\core\session\manager::login_user($user);
// Reload preferences from DB.
unset($USER->preference);
check_user_preferences_loaded($USER);
// Update login times.
update_user_login_times();
// Extra session prefs init.
set_login_session_preferences();
// Trigger login event.
$event = \core\event\user_loggedin::create(array('userid' => $USER->id, 'objectid' => $USER->id, 'other' => array('username' => $USER->username)));
$event->trigger();
if (isguestuser()) {
// No need to continue when user is THE guest.
return $USER;
}
if (CLI_SCRIPT) {
// We can redirect to password change URL only in browser.
return $USER;
}
// Select password change url.
$userauth = get_auth_plugin($USER->auth);
// Check whether the user should be changing password.
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
$SESSION->wantsurl = core_login_get_return_url();
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
// unset previous session language - use user preference instead
unset($SESSION->lang);
}
}
if (empty($user->confirmed)) {
// This account was never confirmed
print_header(get_string("mustconfirm"), get_string("mustconfirm"));
print_heading(get_string("mustconfirm"));
print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
print_footer();
die;
}
/// Let's get them all set up.
$USER = $user;
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
update_user_login_times();
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('nobody');
}
set_login_session_preferences();
/// This is what lets the user do anything on the site :-)
load_all_capabilities();
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
if ($userauth->can_change_password()) {
if ($userauth->change_password_url()) {
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
*
*
* @uses $CFG, $USER
* @param string $user obj
* @return user|flase A {@link $USER} object or false if error
*/
function complete_user_login($user)
{
global $CFG, $USER;
$USER = $user;
// this is required because we need to access preferences here!
if (!empty($CFG->regenloginsession)) {
// please note this setting may break some auth plugins
session_regenerate_id();
}
reload_user_preferences();
update_user_login_times();
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('nobody');
}
set_login_session_preferences();
// Call enrolment plugins
check_enrolment_plugins($user);
/// This is what lets the user do anything on the site :-)
load_all_capabilities();
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
* @param object $user
* @param bool $setcookie
* @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user, $setcookie = true)
{
global $CFG, $USER;
// regenerate session id and delete old session,
// this helps prevent session fixation attacks from the same domain
session_regenerate_id(true);
// check enrolments, load caps and setup $USER object
session_set_user($user);
// reload preferences from DB
unset($user->preference);
check_user_preferences_loaded($user);
// update login times
update_user_login_times();
// extra session prefs init
set_login_session_preferences();
if (isguestuser()) {
// no need to continue when user is THE guest
return $USER;
}
if ($setcookie) {
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('');
}
}
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
* - this function does not set any cookies any more!
*
* @param object $user
* @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user)
{
global $CFG, $USER;
// regenerate session id and delete old session,
// this helps prevent session fixation attacks from the same domain
session_regenerate_id(true);
// let enrol plugins deal with new enrolments if necessary
enrol_check_plugins($user);
// check enrolments, load caps and setup $USER object
session_set_user($user);
// reload preferences from DB
unset($USER->preference);
check_user_preferences_loaded($USER);
// update login times
update_user_login_times();
// extra session prefs init
set_login_session_preferences();
if (isguestuser()) {
// no need to continue when user is THE guest
return $USER;
}
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
function teosso_authenticate_user()
{
global $CFG, $USER, $SESSION;
$pluginconfig = get_config('auth/teosso');
// retrieve the login data from the HTTP Headers
$attributes = auth_plugin_teosso::get_sso_attributes();
// check to see if we got any authentication data
if (empty($attributes)) {
redirect($pluginconfig->signin_url);
}
// get the http headers for error reporting
$headers = apache_request_headers();
$attr_hdrs = array();
foreach ($headers as $key => $value) {
if (preg_match('/^HTTP_/', $key)) {
$attr_hdrs[] = $key . ': ' . $value;
}
}
$headers = implode(' | ', $attr_hdrs);
// FIND THE VALIDIDTY OF THE HTTP HEADER
$attrmap = auth_plugin_teosso::get_attributes();
if (empty($attrmap['idnumber'])) {
// serious misdemeanour
print_error('missingidnumber', 'auth_teosso');
}
if (empty($attributes[$attrmap['idnumber']])) {
#
// not valid session. Ship user off to Federation Manager
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('idnumber_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
} else {
// in theory we only need acct_id at this point - we should retrieve the user record to get the username via idnumber
if (!($user = get_record('user', 'idnumber', $attributes[$attrmap['idnumber']]))) {
// must be a new user
if (!empty($attributes[$attrmap['username']])) {
$attributes['username'] = $attributes[$attrmap['username']];
} else {
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('username_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
}
} else {
// user must use the auth type teosso or authenticate_user_login() will fail
if ($user->auth != 'teosso') {
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('user_auth_type_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
}
// because we want to retain acct_id as the master ID
// we need to modify idnumber on mdl_user NOW - so it all lines up later
if (isset($attributes[$attrmap['username']]) && $user->username != $attributes[$attrmap['username']]) {
if (!set_field('user', 'username', $attributes[$attrmap['username']], 'id', $user->id)) {
print_error('usernameupdatefailed', 'auth_teosso');
}
$attributes['username'] = $attributes[$attrmap['username']];
} else {
$attributes['username'] = $user->username;
}
}
// Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
// we require the plugin to know that we are now doing a teosso login in hook puser_login
$GLOBALS['teosso_login'] = TRUE;
// make variables accessible to teosso->get_userinfo. Information will be requested from authenticate_user_login -> create_user_record / update_user_record
$GLOBALS['teosso_login_attributes'] = $attributes;
// just passes time as a password. User will never log in directly to moodle with this password anyway or so we hope?
$USER = authenticate_user_login($attributes['username'], time());
$USER->loggedin = true;
$USER->site = $CFG->wwwroot;
update_user_login_times();
if ($pluginconfig->notshowusername) {
// Don't show username on login page
set_moodle_cookie('nobody');
}
set_login_session_preferences();
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
check_enrolment_plugins($USER);
load_all_capabilities();
// just fast copied this from some other module - might not work...
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
} else {
$urltogo = $CFG->wwwroot . '/';
}
unset($SESSION->wantsurl);
redirect($urltogo);
}
}
/**
* Call to complete the user login process after authenticate_user_login()
* has succeeded. It will setup the $USER variable and other required bits
* and pieces.
*
* NOTE:
* - It will NOT log anything -- up to the caller to decide what to log.
*
* @uses $CFG, $USER
* @param string $user obj
* @return object A {@link $USER} object - BC only, do not use
*/
function complete_user_login($user, $setcookie = true)
{
global $CFG, $USER, $SESSION;
// check enrolments, load caps and setup $USER object
session_set_user($user);
update_user_login_times();
set_login_session_preferences();
if ($setcookie) {
if (empty($CFG->nolastloggedin)) {
set_moodle_cookie($USER->username);
} else {
// do not store last logged in user in cookie
// auth plugins can temporarily override this from loginpage_hook()
// do not save $CFG->nolastloggedin in database!
set_moodle_cookie('nobody');
}
}
/// Select password change url
$userauth = get_auth_plugin($USER->auth);
/// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
if ($userauth->can_change_password()) {
if ($changeurl = $userauth->change_password_url()) {
redirect($changeurl);
} else {
redirect($CFG->httpswwwroot . '/login/change_password.php');
}
} else {
print_error('nopasswordchangeforced', 'auth');
}
}
return $USER;
}
