break;
// Append an OpenID url to an account
// Append an OpenID url to an account
case 'append':
if ($mode != null) {
// We need to print a confirmation message before proceeding
$resp = $authplugin->process_response($_GET, true);
if ($resp !== false) {
$url = $resp->identity_url;
$file = 'confirm_append.html';
}
} elseif ($confirm) {
if (!confirm_sesskey()) {
error('Bad Session Key');
} else {
openid_append_url($USER, $url);
}
} elseif ($cancel) {
error(get_string('action_cancelled', 'auth_openid'));
} elseif ($url != null) {
if (openid_already_exists($url)) {
error(get_string('auth_openid_url_exists', 'auth_openid', $url));
} else {
$params['openid_action'] = 'append';
$authplugin->do_request(false, $CFG->wwwroot . '/auth/openid/actions.php', $params);
}
}
break;
// Delete OpenIDs from an account
// Delete OpenIDs from an account
case 'delete':
/**
* Changes a non-OpenID user's account to OpenID
*
* @param object $user
* @param string $openid_url
* @uses $CFG
* @uses $USER
* @return boolean
*/
function openid_change_user_account(&$user, $openid_url, $logout = false)
{
global $CFG, $USER;
// We don't want to allow admin or guest users to be changed
if (isguestuser($user) || is_siteadmin($user->id)) {
logout_tmpuser_error(get_string('auth_openid_cannot_change_user', 'auth_openid'), $logout);
}
$config = get_config('auth/openid');
$allow_change = $config->auth_openid_allow_account_change == 'true';
$user = get_complete_user_data('id', $user->id);
if (empty($user)) {
logout_tmpuser_error(get_string('auth_openid_not_logged_in', 'auth_openid'), $logout);
return false;
}
if (!$allow_change) {
logout_tmpuser_error(get_string('auth_openid_cannot_change_accounts', 'auth_openid'), $logout);
return false;
}
if (openid_already_exists($openid_url)) {
logout_tmpuser_error(get_string('auth_openid_url_exists', 'auth_openid', $openid_url), $logout);
return false;
}
if ($user->auth != 'openid') {
$user->auth = 'openid';
// avoid nasty bug from apostrophy in user's first/last/user-name fields
$user->firstname = addslashes(stripslashes($user->firstname));
$user->lastname = addslashes(stripslashes($user->lastname));
$user->username = addslashes(stripslashes($user->username));
if (update_record('user', $user) !== false) {
openid_append_url($user, $openid_url);
$USER = get_complete_user_data('id', $user->id);
if ($config->auth_openid_email_on_change == 'true') {
// send user email with OpenID URL
$adminuser = get_admin();
$strdata = new stdClass();
$strdata->user_name = fullname($USER);
$strdata->moodle_site = $CFG->wwwroot;
$strdata->openid_url = $openid_url;
$strdata->admin_name = fullname($adminuser);
$message = get_string('openid_email_text', 'auth_openid', $strdata);
$messagehtml = text_to_html($message, false, false);
email_to_user($USER, $adminuser, get_string('openid_email_subject', 'auth_openid'), $message, $messagehtml);
}
return true;
}
}
return false;
}
/**
* Create a new account using simple registration data if available
*
* @access private
* @param object &$resp An OpenID consumer response object
* @return object The new user
*/
function _create_account(&$resp)
{
global $CFG, $USER;
$url = $resp->identity_url;
$password = hash_internal_user_password('openid');
$server = $resp->endpoint->server_url;
$sreg_resp = Auth_OpenID_SRegResponse::fromSuccessResponse($resp);
$sreg = $sreg_resp->contents();
// We'll attempt to use the user's nickname to set their username
if (isset($sreg['nickname']) && !empty($sreg['nickname']) && !record_exists('users', 'username', $sreg['nickname'])) {
$username = $sreg['nickname'];
} else {
$username = openid_normalize_url_as_username($url);
}
create_user_record($username, $password, 'openid');
$user = get_complete_user_data('username', $username);
openid_append_url($user, $url);
// SREG fullname
if (isset($sreg['fullname']) && !empty($sreg['fullname'])) {
$name = openid_parse_full_name($sreg['fullname']);
$user->firstname = $name['first'];
$user->lastname = $name['last'];
}
// SREG email
if (isset($sreg['email']) && !empty($sreg['email']) && !record_exists('user', 'email', $sreg['email'])) {
$user->email = $sreg['email'];
}
// SREG country
if (isset($sreg['country']) && !empty($sreg['country'])) {
$country = $sreg['country'];
$country_code = strtoupper($country);
$countries = get_list_of_countries();
if (strlen($country) != 2 || !isset($countries[$country_code])) {
$countries_keys = array_keys($countries);
$countries_vals = array_values($countries);
$country_code = array_search($country, $countries_vals);
if ($country_code > 0) {
$country_code = $countries_keys[$country_code];
} else {
$country_code = '';
}
}
if (!empty($country_code)) {
$user->country = $country_code;
}
}
/* We're currently not attempting to get language and timezone values
// SREG language
if (isset($sreg['language']) && !empty($sreg['language'])) {
}
// SREG timezone
if (isset($sreg['timezone']) && !empty($sreg['timezone'])) {
}
*/
if (function_exists('on_openid_create_account')) {
on_openid_create_account($resp, $user);
}
update_record('user', $user);
$user = get_complete_user_data('id', $user->id);
// Redirect the user to their profile page if not set up properly
if (!empty($user) && user_not_fully_set_up($user)) {
$USER = clone $user;
$urltogo = $CFG->wwwroot . '/user/edit.php';
redirect($urltogo);
}
return $user;
}
/**
* Open user account using SREG & AX data if available
* If no matching user found and create flag is true, creates new user account
*
* @access private
* @param object &$resp An OpenID consumer response object
* @param boolean $create_flag - set if account creation permitted, default: true
* @uses $CFG
* @uses $USER
* @uses $openid_tmp_login
* @return object The new user
*/
function _open_account(&$resp, $create_flag = true)
{
global $CFG, $USER, $openid_tmp_login;
$url = $resp->identity_url;
$password = hash_internal_user_password('openid');
$server = $resp->endpoint->server_url;
$user = openid_resp_to_user($resp);
if ($user == false) {
// multiple matches to users! Don't know which user to pick.
print_error('auth_openid_multiple_matches', 'auth_openid');
return false;
// won't get here.
}
if (isset($user->id)) {
$openid_tmp_login = true;
$openid_action = 'change';
if ($user->auth == 'openid') {
if (empty($this->config->auth_openid_allow_muliple)) {
print_error('auth_openid_no_multiple', 'auth_openid');
return false;
}
$openid_action = 'append';
} else {
if (empty($this->config->auth_openid_confirm_switch)) {
openid_if_unique_change_account($user, $url);
return $USER;
}
}
$USER = clone $user;
// To clone or not to clone
//$mode = optional_param('openid_mode', null);
//error_log("auth/openid/auth.php::_open_account() setting openid_mode={$mode} (openid_process_url={$openid_process_url})");
redirect("{$CFG->wwwroot}/auth/openid/actions.php?openid_tmp_login=1&openid_action={$openid_action}&openid_url={$url}");
// Try to get it not to make second request to be accepted, double confirm - TBD: openid_mode=???
}
if (!$create_flag) {
// Error: This site is configured to disallow new users via OpenID
print_error('auth_openid_require_account', 'auth_openid');
return false;
// won't get here.
}
$usertmp = create_user_record($user->username, $password, 'openid');
$user->id = $usertmp->id;
openid_append_url($user, $url);
if (!isset($user->city) || $user->city == '') {
//use "*" as the default city name
$user->city = '*';
}
if (empty($user->country) && !empty($CFG->country)) {
//use the configured default country code
$user->country = $CFG->country;
}
if (empty($user->country)) {
//out of other options, to try to copy the admin's country
if ($admin = get_admin()) {
$user->country = $admin->country;
}
}
update_record('user', $user);
$user = get_complete_user_data('id', $user->id);
events_trigger('user_created', $user);
// BJB120125 - moved from below redirect for alfresco, etc...
if (function_exists('on_openid_create_account')) {
on_openid_create_account($resp, $user);
}
// Redirect the user to their profile page if not set up properly
if (!empty($user) && user_not_fully_set_up($user)) {
$USER = clone $user;
$urltogo = $CFG->wwwroot . '/user/edit.php';
redirect($urltogo);
}
if (openid_server_requires_confirm($server, $this->config)) {
$secret = random_string(15);
set_field('user', 'secret', $secret, 'id', $user->id);
$user->secret = $secret;
set_field('user', 'confirmed', 0, 'id', $user->id);
$user->confirmed = 0;
openid_send_confirmation_email($user);
}
return $user;
}
/**
* Changes a non-OpenID user's account to OpenID
*
* @param object $user
* @param string $openid_url
* @return boolean
*/
function openid_change_user_account(&$user, $openid_url)
{
// We don't want to allow admin or guest users to be changed
if ($user->username == 'admin' || $user->username == 'guest') {
error('Cannot change that user!');
}
$config = get_config('auth/openid');
$allow_change = $config->auth_openid_allow_account_change == 'true';
$user = get_complete_user_data('id', $user->id);
if (empty($user)) {
error('Not logged in');
return false;
}
if (!$allow_change) {
error('Cannot change accounts');
return false;
}
if (openid_already_exists($openid_url)) {
error(get_string('auth_openid_url_exists', 'auth_openid', $openid_url));
return false;
}
if ($user->auth != 'openid') {
$user->auth = 'openid';
if (update_record('user', $user) !== false) {
openid_append_url($user, $openid_url);
return true;
}
}
return false;
}
