예제 #1
0
 public function __fav_user_login($user)
 {
     global $CFG, $USER;
     // regenerate session id and delete old session,
     // this helps prevent session fixation attacks from the same domain
     session_regenerate_id(true);
     // let enrol plugins deal with new enrolments if necessary
     enrol_check_plugins($user);
     // check enrolments, load caps and setup $USER object
     session_set_user($user);
     // reload preferences from DB
     unset($USER->preference);
     check_user_preferences_loaded($USER);
     // update login times
     update_user_login_times();
     // extra session prefs init
     set_login_session_preferences();
     if (isguestuser()) {
         // no need to continue when user is THE guest
         return $USER;
     }
     return $USER;
 }
예제 #2
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 * - this function does not set any cookies any more!
 *
 * @param stdClass $user
 * @return stdClass A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user)
{
    global $CFG, $USER, $SESSION;
    \core\session\manager::login_user($user);
    // Reload preferences from DB.
    unset($USER->preference);
    check_user_preferences_loaded($USER);
    // Update login times.
    update_user_login_times();
    // Extra session prefs init.
    set_login_session_preferences();
    // Trigger login event.
    $event = \core\event\user_loggedin::create(array('userid' => $USER->id, 'objectid' => $USER->id, 'other' => array('username' => $USER->username)));
    $event->trigger();
    if (isguestuser()) {
        // No need to continue when user is THE guest.
        return $USER;
    }
    if (CLI_SCRIPT) {
        // We can redirect to password change URL only in browser.
        return $USER;
    }
    // Select password change url.
    $userauth = get_auth_plugin($USER->auth);
    // Check whether the user should be changing password.
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                $SESSION->wantsurl = core_login_get_return_url();
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
예제 #3
0
     print_footer();
     die;
 }
 /// Let's get them all set up.
 $USER = $user;
 add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
 update_user_login_times();
 if (empty($CFG->nolastloggedin)) {
     set_moodle_cookie($USER->username);
 } else {
     // do not store last logged in user in cookie
     // auth plugins can temporarily override this from loginpage_hook()
     // do not save $CFG->nolastloggedin in database!
     set_moodle_cookie('nobody');
 }
 set_login_session_preferences();
 /// This is what lets the user do anything on the site :-)
 load_all_capabilities();
 /// Select password change url
 $userauth = get_auth_plugin($USER->auth);
 if ($userauth->can_change_password()) {
     if ($userauth->change_password_url()) {
         $passwordchangeurl = $userauth->change_password_url();
     } else {
         $passwordchangeurl = $CFG->httpswwwroot . '/login/change_password.php';
     }
 } else {
     $passwordchangeurl = '';
 }
 /// check whether the user should be changing password
 if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme') {
예제 #4
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 *
 *
 *
 * @uses $CFG, $USER
 * @param string $user obj
 * @return user|flase A {@link $USER} object or false if error
 */
function complete_user_login($user)
{
    global $CFG, $USER;
    $USER = $user;
    // this is required because we need to access preferences here!
    if (!empty($CFG->regenloginsession)) {
        // please note this setting may break some auth plugins
        session_regenerate_id();
    }
    reload_user_preferences();
    update_user_login_times();
    if (empty($CFG->nolastloggedin)) {
        set_moodle_cookie($USER->username);
    } else {
        // do not store last logged in user in cookie
        // auth plugins can temporarily override this from loginpage_hook()
        // do not save $CFG->nolastloggedin in database!
        set_moodle_cookie('nobody');
    }
    set_login_session_preferences();
    // Call enrolment plugins
    check_enrolment_plugins($user);
    /// This is what lets the user do anything on the site :-)
    load_all_capabilities();
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
예제 #5
0
파일: moodlelib.php 프로젝트: hitphp/moodle
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 *
 * @param object $user
 * @param bool $setcookie
 * @return object A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user, $setcookie = true)
{
    global $CFG, $USER;
    // regenerate session id and delete old session,
    // this helps prevent session fixation attacks from the same domain
    session_regenerate_id(true);
    // check enrolments, load caps and setup $USER object
    session_set_user($user);
    // reload preferences from DB
    unset($user->preference);
    check_user_preferences_loaded($user);
    // update login times
    update_user_login_times();
    // extra session prefs init
    set_login_session_preferences();
    if (isguestuser()) {
        // no need to continue when user is THE guest
        return $USER;
    }
    if ($setcookie) {
        if (empty($CFG->nolastloggedin)) {
            set_moodle_cookie($USER->username);
        } else {
            // do not store last logged in user in cookie
            // auth plugins can temporarily override this from loginpage_hook()
            // do not save $CFG->nolastloggedin in database!
            set_moodle_cookie('');
        }
    }
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
예제 #6
0
파일: moodlelib.php 프로젝트: nmicha/moodle
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 * - this function does not set any cookies any more!
 *
 * @param object $user
 * @return object A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user)
{
    global $CFG, $USER;
    // regenerate session id and delete old session,
    // this helps prevent session fixation attacks from the same domain
    session_regenerate_id(true);
    // let enrol plugins deal with new enrolments if necessary
    enrol_check_plugins($user);
    // check enrolments, load caps and setup $USER object
    session_set_user($user);
    // reload preferences from DB
    unset($USER->preference);
    check_user_preferences_loaded($USER);
    // update login times
    update_user_login_times();
    // extra session prefs init
    set_login_session_preferences();
    if (isguestuser()) {
        // no need to continue when user is THE guest
        return $USER;
    }
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
예제 #7
0
function teosso_authenticate_user()
{
    global $CFG, $USER, $SESSION;
    $pluginconfig = get_config('auth/teosso');
    // retrieve the login data from the HTTP Headers
    $attributes = auth_plugin_teosso::get_sso_attributes();
    // check to see if we got any authentication data
    if (empty($attributes)) {
        redirect($pluginconfig->signin_url);
    }
    // get the http headers for error reporting
    $headers = apache_request_headers();
    $attr_hdrs = array();
    foreach ($headers as $key => $value) {
        if (preg_match('/^HTTP_/', $key)) {
            $attr_hdrs[] = $key . ': ' . $value;
        }
    }
    $headers = implode(' | ', $attr_hdrs);
    // FIND THE VALIDIDTY OF THE HTTP HEADER
    $attrmap = auth_plugin_teosso::get_attributes();
    if (empty($attrmap['idnumber'])) {
        // serious misdemeanour
        print_error('missingidnumber', 'auth_teosso');
    }
    if (empty($attributes[$attrmap['idnumber']])) {
        #
        // not valid session. Ship user off to Federation Manager
        add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('idnumber_error', 'auth_teosso', $headers));
        redirect($pluginconfig->signin_error_url);
    } else {
        // in theory we only need acct_id at this point - we should retrieve the user record to get the username via idnumber
        if (!($user = get_record('user', 'idnumber', $attributes[$attrmap['idnumber']]))) {
            // must be a new user
            if (!empty($attributes[$attrmap['username']])) {
                $attributes['username'] = $attributes[$attrmap['username']];
            } else {
                add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('username_error', 'auth_teosso', $headers));
                redirect($pluginconfig->signin_error_url);
            }
        } else {
            // user must use the auth type teosso or authenticate_user_login() will fail
            if ($user->auth != 'teosso') {
                add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('user_auth_type_error', 'auth_teosso', $headers));
                redirect($pluginconfig->signin_error_url);
            }
            // because we want to retain acct_id as the master ID
            // we need to modify idnumber on mdl_user NOW - so it all lines up later
            if (isset($attributes[$attrmap['username']]) && $user->username != $attributes[$attrmap['username']]) {
                if (!set_field('user', 'username', $attributes[$attrmap['username']], 'id', $user->id)) {
                    print_error('usernameupdatefailed', 'auth_teosso');
                }
                $attributes['username'] = $attributes[$attrmap['username']];
            } else {
                $attributes['username'] = $user->username;
            }
        }
        // Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
        // we require the plugin to know that we are now doing a teosso login in hook puser_login
        $GLOBALS['teosso_login'] = TRUE;
        // make variables accessible to teosso->get_userinfo. Information will be requested from authenticate_user_login -> create_user_record / update_user_record
        $GLOBALS['teosso_login_attributes'] = $attributes;
        // just passes time as a password. User will never log in directly to moodle with this password anyway or so we hope?
        $USER = authenticate_user_login($attributes['username'], time());
        $USER->loggedin = true;
        $USER->site = $CFG->wwwroot;
        update_user_login_times();
        if ($pluginconfig->notshowusername) {
            // Don't show username on login page
            set_moodle_cookie('nobody');
        }
        set_login_session_preferences();
        add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
        check_enrolment_plugins($USER);
        load_all_capabilities();
        // just fast copied this from some other module - might not work...
        if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
            $urltogo = $SESSION->wantsurl;
        } else {
            $urltogo = $CFG->wwwroot . '/';
        }
        unset($SESSION->wantsurl);
        redirect($urltogo);
    }
}
예제 #8
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 *
 * @uses $CFG, $USER
 * @param string $user obj
 * @return object A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user, $setcookie = true)
{
    global $CFG, $USER, $SESSION;
    // check enrolments, load caps and setup $USER object
    session_set_user($user);
    update_user_login_times();
    set_login_session_preferences();
    if ($setcookie) {
        if (empty($CFG->nolastloggedin)) {
            set_moodle_cookie($USER->username);
        } else {
            // do not store last logged in user in cookie
            // auth plugins can temporarily override this from loginpage_hook()
            // do not save $CFG->nolastloggedin in database!
            set_moodle_cookie('nobody');
        }
    }
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
예제 #9
0
파일: lib.php 프로젝트: lucaboesch/moodle
 /**
  * Authenticate user using username+password or token.
  * This function sets up $USER global.
  * It is safe to use has_capability() after this.
  * This method also verifies user is allowed to use this
  * server.
  */
 protected function authenticate_user()
 {
     global $CFG, $DB;
     if (!NO_MOODLE_COOKIES) {
         throw new coding_exception('Cookies must be disabled in WS servers!');
     }
     $loginfaileddefaultparams = array('context' => context_system::instance(), 'other' => array('method' => $this->authmethod, 'reason' => null));
     if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
         //we check that authentication plugin is enabled
         //it is only required by simple authentication
         if (!is_enabled_auth('webservice')) {
             throw new webservice_access_exception('The web service authentication plugin is disabled.');
         }
         if (!($auth = get_auth_plugin('webservice'))) {
             throw new webservice_access_exception('The web service authentication plugin is missing.');
         }
         $this->restricted_context = context_system::instance();
         if (!$this->username) {
             throw new moodle_exception('missingusername', 'webservice');
         }
         if (!$this->password) {
             throw new moodle_exception('missingpassword', 'webservice');
         }
         if (!$auth->user_login_webservice($this->username, $this->password)) {
             // Log failed login attempts.
             $params = $loginfaileddefaultparams;
             $params['other']['reason'] = 'password';
             $params['other']['username'] = $this->username;
             $event = \core\event\webservice_login_failed::create($params);
             $event->set_legacy_logdata(array(SITEID, 'webservice', get_string('simpleauthlog', 'webservice'), '', get_string('failedtolog', 'webservice') . ": " . $this->username . "/" . $this->password . " - " . getremoteaddr(), 0));
             $event->trigger();
             throw new moodle_exception('wrongusernamepassword', 'webservice');
         }
         $user = $DB->get_record('user', array('username' => $this->username, 'mnethostid' => $CFG->mnet_localhost_id), '*', MUST_EXIST);
     } else {
         if ($this->authmethod == WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN) {
             $user = $this->authenticate_by_token(EXTERNAL_TOKEN_PERMANENT);
         } else {
             $user = $this->authenticate_by_token(EXTERNAL_TOKEN_EMBEDDED);
         }
     }
     // Cannot authenticate unless maintenance access is granted.
     $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', context_system::instance(), $user);
     if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
         throw new moodle_exception('sitemaintenance', 'admin');
     }
     //only confirmed user should be able to call web service
     if (!empty($user->deleted)) {
         $params = $loginfaileddefaultparams;
         $params['other']['reason'] = 'user_deleted';
         $params['other']['username'] = $user->username;
         $event = \core\event\webservice_login_failed::create($params);
         $event->set_legacy_logdata(array(SITEID, '', '', '', get_string('wsaccessuserdeleted', 'webservice', $user->username) . " - " . getremoteaddr(), 0, $user->id));
         $event->trigger();
         throw new webservice_access_exception('Refused web service access for deleted username: '******'other']['reason'] = 'user_unconfirmed';
         $params['other']['username'] = $user->username;
         $event = \core\event\webservice_login_failed::create($params);
         $event->set_legacy_logdata(array(SITEID, '', '', '', get_string('wsaccessuserunconfirmed', 'webservice', $user->username) . " - " . getremoteaddr(), 0, $user->id));
         $event->trigger();
         throw new moodle_exception('wsaccessuserunconfirmed', 'webservice', '', $user->username);
     }
     //check the user is suspended
     if (!empty($user->suspended)) {
         $params = $loginfaileddefaultparams;
         $params['other']['reason'] = 'user_unconfirmed';
         $params['other']['username'] = $user->username;
         $event = \core\event\webservice_login_failed::create($params);
         $event->set_legacy_logdata(array(SITEID, '', '', '', get_string('wsaccessusersuspended', 'webservice', $user->username) . " - " . getremoteaddr(), 0, $user->id));
         $event->trigger();
         throw new webservice_access_exception('Refused web service access for suspended username: '******'other']['reason'] = 'password_expired';
             $params['other']['username'] = $user->username;
             $event = \core\event\webservice_login_failed::create($params);
             $event->set_legacy_logdata(array(SITEID, '', '', '', get_string('wsaccessuserexpired', 'webservice', $user->username) . " - " . getremoteaddr(), 0, $user->id));
             $event->trigger();
             throw new webservice_access_exception('Refused web service access for password expired username: '******'nologin') {
         $params = $loginfaileddefaultparams;
         $params['other']['reason'] = 'login';
         $params['other']['username'] = $user->username;
         $event = \core\event\webservice_login_failed::create($params);
         $event->set_legacy_logdata(array(SITEID, '', '', '', get_string('wsaccessusernologin', 'webservice', $user->username) . " - " . getremoteaddr(), 0, $user->id));
         $event->trigger();
         throw new webservice_access_exception('Refused web service access for nologin authentication username: '******'You are not allowed to use the {$a} protocol (missing capability: webservice/' . $this->wsname . ':use)');
     }
     external_api::set_context_restriction($this->restricted_context);
 }