function teosso_authenticate_user()
{
global $CFG, $USER, $SESSION;
$pluginconfig = get_config('auth/teosso');
// retrieve the login data from the HTTP Headers
$attributes = auth_plugin_teosso::get_sso_attributes();
// check to see if we got any authentication data
if (empty($attributes)) {
redirect($pluginconfig->signin_url);
}
// get the http headers for error reporting
$headers = apache_request_headers();
$attr_hdrs = array();
foreach ($headers as $key => $value) {
if (preg_match('/^HTTP_/', $key)) {
$attr_hdrs[] = $key . ': ' . $value;
}
}
$headers = implode(' | ', $attr_hdrs);
// FIND THE VALIDIDTY OF THE HTTP HEADER
$attrmap = auth_plugin_teosso::get_attributes();
if (empty($attrmap['idnumber'])) {
// serious misdemeanour
print_error('missingidnumber', 'auth_teosso');
}
if (empty($attributes[$attrmap['idnumber']])) {
#
// not valid session. Ship user off to Federation Manager
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('idnumber_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
} else {
// in theory we only need acct_id at this point - we should retrieve the user record to get the username via idnumber
if (!($user = get_record('user', 'idnumber', $attributes[$attrmap['idnumber']]))) {
// must be a new user
if (!empty($attributes[$attrmap['username']])) {
$attributes['username'] = $attributes[$attrmap['username']];
} else {
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('username_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
}
} else {
// user must use the auth type teosso or authenticate_user_login() will fail
if ($user->auth != 'teosso') {
add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('user_auth_type_error', 'auth_teosso', $headers));
redirect($pluginconfig->signin_error_url);
}
// because we want to retain acct_id as the master ID
// we need to modify idnumber on mdl_user NOW - so it all lines up later
if (isset($attributes[$attrmap['username']]) && $user->username != $attributes[$attrmap['username']]) {
if (!set_field('user', 'username', $attributes[$attrmap['username']], 'id', $user->id)) {
print_error('usernameupdatefailed', 'auth_teosso');
}
$attributes['username'] = $attributes[$attrmap['username']];
} else {
$attributes['username'] = $user->username;
}
}
// Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
// we require the plugin to know that we are now doing a teosso login in hook puser_login
$GLOBALS['teosso_login'] = TRUE;
// make variables accessible to teosso->get_userinfo. Information will be requested from authenticate_user_login -> create_user_record / update_user_record
$GLOBALS['teosso_login_attributes'] = $attributes;
// just passes time as a password. User will never log in directly to moodle with this password anyway or so we hope?
$USER = authenticate_user_login($attributes['username'], time());
$USER->loggedin = true;
$USER->site = $CFG->wwwroot;
update_user_login_times();
if ($pluginconfig->notshowusername) {
// Don't show username on login page
set_moodle_cookie('nobody');
}
set_login_session_preferences();
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
check_enrolment_plugins($USER);
load_all_capabilities();
// just fast copied this from some other module - might not work...
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
} else {
$urltogo = $CFG->wwwroot . '/';
}
unset($SESSION->wantsurl);
redirect($urltogo);
}
}
static function get_sso_attributes()
{
$attribute_list = array('acct_id' => 'idnumber', 'acct_name' => 'username', 'email' => 'email', 'firstn' => 'firstname', 'lastn' => 'lastname');
$attribute_list = array('field_map_username', 'field_map_firstname', 'field_map_lastname', 'field_map_email', 'field_map_idnumber');
// get the config again as this is a static call
$pluginconfig = get_config('auth/teosso');
//retrieve the login data from the HTTP Headers
$headers = apache_request_headers();
foreach ($headers as $header => $value) {
auth_plugin_teosso::err("{$header}: {$value}");
}
$attributes = array();
foreach ($attribute_list as $attribute) {
if (isset($headers[$pluginconfig->{$attribute}])) {
$attributes[$pluginconfig->{$attribute}] = $headers[$pluginconfig->{$attribute}];
}
}
foreach ($attributes as $key => $value) {
auth_plugin_teosso::err("{$key} => {$value}");
}
return $attributes;
}
