Exemplo n.º 1
0
 public function __fav_user_login($user)
 {
     global $CFG, $USER;
     // regenerate session id and delete old session,
     // this helps prevent session fixation attacks from the same domain
     session_regenerate_id(true);
     // let enrol plugins deal with new enrolments if necessary
     enrol_check_plugins($user);
     // check enrolments, load caps and setup $USER object
     session_set_user($user);
     // reload preferences from DB
     unset($USER->preference);
     check_user_preferences_loaded($USER);
     // update login times
     update_user_login_times();
     // extra session prefs init
     set_login_session_preferences();
     if (isguestuser()) {
         // no need to continue when user is THE guest
         return $USER;
     }
     return $USER;
 }
Exemplo n.º 2
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 * - this function does not set any cookies any more!
 *
 * @param stdClass $user
 * @return stdClass A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user)
{
    global $CFG, $USER, $SESSION;
    \core\session\manager::login_user($user);
    // Reload preferences from DB.
    unset($USER->preference);
    check_user_preferences_loaded($USER);
    // Update login times.
    update_user_login_times();
    // Extra session prefs init.
    set_login_session_preferences();
    // Trigger login event.
    $event = \core\event\user_loggedin::create(array('userid' => $USER->id, 'objectid' => $USER->id, 'other' => array('username' => $USER->username)));
    $event->trigger();
    if (isguestuser()) {
        // No need to continue when user is THE guest.
        return $USER;
    }
    if (CLI_SCRIPT) {
        // We can redirect to password change URL only in browser.
        return $USER;
    }
    // Select password change url.
    $userauth = get_auth_plugin($USER->auth);
    // Check whether the user should be changing password.
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                $SESSION->wantsurl = core_login_get_return_url();
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
Exemplo n.º 3
0
         // unset previous session language - use user preference instead
         unset($SESSION->lang);
     }
 }
 if (empty($user->confirmed)) {
     // This account was never confirmed
     print_header(get_string("mustconfirm"), get_string("mustconfirm"));
     print_heading(get_string("mustconfirm"));
     print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
     print_footer();
     die;
 }
 /// Let's get them all set up.
 $USER = $user;
 add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
 update_user_login_times();
 if (empty($CFG->nolastloggedin)) {
     set_moodle_cookie($USER->username);
 } else {
     // do not store last logged in user in cookie
     // auth plugins can temporarily override this from loginpage_hook()
     // do not save $CFG->nolastloggedin in database!
     set_moodle_cookie('nobody');
 }
 set_login_session_preferences();
 /// This is what lets the user do anything on the site :-)
 load_all_capabilities();
 /// Select password change url
 $userauth = get_auth_plugin($USER->auth);
 if ($userauth->can_change_password()) {
     if ($userauth->change_password_url()) {
Exemplo n.º 4
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 *
 *
 *
 * @uses $CFG, $USER
 * @param string $user obj
 * @return user|flase A {@link $USER} object or false if error
 */
function complete_user_login($user)
{
    global $CFG, $USER;
    $USER = $user;
    // this is required because we need to access preferences here!
    if (!empty($CFG->regenloginsession)) {
        // please note this setting may break some auth plugins
        session_regenerate_id();
    }
    reload_user_preferences();
    update_user_login_times();
    if (empty($CFG->nolastloggedin)) {
        set_moodle_cookie($USER->username);
    } else {
        // do not store last logged in user in cookie
        // auth plugins can temporarily override this from loginpage_hook()
        // do not save $CFG->nolastloggedin in database!
        set_moodle_cookie('nobody');
    }
    set_login_session_preferences();
    // Call enrolment plugins
    check_enrolment_plugins($user);
    /// This is what lets the user do anything on the site :-)
    load_all_capabilities();
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
Exemplo n.º 5
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 *
 * @param object $user
 * @param bool $setcookie
 * @return object A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user, $setcookie = true)
{
    global $CFG, $USER;
    // regenerate session id and delete old session,
    // this helps prevent session fixation attacks from the same domain
    session_regenerate_id(true);
    // check enrolments, load caps and setup $USER object
    session_set_user($user);
    // reload preferences from DB
    unset($user->preference);
    check_user_preferences_loaded($user);
    // update login times
    update_user_login_times();
    // extra session prefs init
    set_login_session_preferences();
    if (isguestuser()) {
        // no need to continue when user is THE guest
        return $USER;
    }
    if ($setcookie) {
        if (empty($CFG->nolastloggedin)) {
            set_moodle_cookie($USER->username);
        } else {
            // do not store last logged in user in cookie
            // auth plugins can temporarily override this from loginpage_hook()
            // do not save $CFG->nolastloggedin in database!
            set_moodle_cookie('');
        }
    }
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
Exemplo n.º 6
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 * - this function does not set any cookies any more!
 *
 * @param object $user
 * @return object A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user)
{
    global $CFG, $USER;
    // regenerate session id and delete old session,
    // this helps prevent session fixation attacks from the same domain
    session_regenerate_id(true);
    // let enrol plugins deal with new enrolments if necessary
    enrol_check_plugins($user);
    // check enrolments, load caps and setup $USER object
    session_set_user($user);
    // reload preferences from DB
    unset($USER->preference);
    check_user_preferences_loaded($USER);
    // update login times
    update_user_login_times();
    // extra session prefs init
    set_login_session_preferences();
    if (isguestuser()) {
        // no need to continue when user is THE guest
        return $USER;
    }
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}
Exemplo n.º 7
0
function teosso_authenticate_user()
{
    global $CFG, $USER, $SESSION;
    $pluginconfig = get_config('auth/teosso');
    // retrieve the login data from the HTTP Headers
    $attributes = auth_plugin_teosso::get_sso_attributes();
    // check to see if we got any authentication data
    if (empty($attributes)) {
        redirect($pluginconfig->signin_url);
    }
    // get the http headers for error reporting
    $headers = apache_request_headers();
    $attr_hdrs = array();
    foreach ($headers as $key => $value) {
        if (preg_match('/^HTTP_/', $key)) {
            $attr_hdrs[] = $key . ': ' . $value;
        }
    }
    $headers = implode(' | ', $attr_hdrs);
    // FIND THE VALIDIDTY OF THE HTTP HEADER
    $attrmap = auth_plugin_teosso::get_attributes();
    if (empty($attrmap['idnumber'])) {
        // serious misdemeanour
        print_error('missingidnumber', 'auth_teosso');
    }
    if (empty($attributes[$attrmap['idnumber']])) {
        #
        // not valid session. Ship user off to Federation Manager
        add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('idnumber_error', 'auth_teosso', $headers));
        redirect($pluginconfig->signin_error_url);
    } else {
        // in theory we only need acct_id at this point - we should retrieve the user record to get the username via idnumber
        if (!($user = get_record('user', 'idnumber', $attributes[$attrmap['idnumber']]))) {
            // must be a new user
            if (!empty($attributes[$attrmap['username']])) {
                $attributes['username'] = $attributes[$attrmap['username']];
            } else {
                add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('username_error', 'auth_teosso', $headers));
                redirect($pluginconfig->signin_error_url);
            }
        } else {
            // user must use the auth type teosso or authenticate_user_login() will fail
            if ($user->auth != 'teosso') {
                add_to_log(0, 'login', 'error', '/auth/teosso/index.php', get_string('user_auth_type_error', 'auth_teosso', $headers));
                redirect($pluginconfig->signin_error_url);
            }
            // because we want to retain acct_id as the master ID
            // we need to modify idnumber on mdl_user NOW - so it all lines up later
            if (isset($attributes[$attrmap['username']]) && $user->username != $attributes[$attrmap['username']]) {
                if (!set_field('user', 'username', $attributes[$attrmap['username']], 'id', $user->id)) {
                    print_error('usernameupdatefailed', 'auth_teosso');
                }
                $attributes['username'] = $attributes[$attrmap['username']];
            } else {
                $attributes['username'] = $user->username;
            }
        }
        // Valid session. Register or update user in Moodle, log him on, and redirect to Moodle front
        // we require the plugin to know that we are now doing a teosso login in hook puser_login
        $GLOBALS['teosso_login'] = TRUE;
        // make variables accessible to teosso->get_userinfo. Information will be requested from authenticate_user_login -> create_user_record / update_user_record
        $GLOBALS['teosso_login_attributes'] = $attributes;
        // just passes time as a password. User will never log in directly to moodle with this password anyway or so we hope?
        $USER = authenticate_user_login($attributes['username'], time());
        $USER->loggedin = true;
        $USER->site = $CFG->wwwroot;
        update_user_login_times();
        if ($pluginconfig->notshowusername) {
            // Don't show username on login page
            set_moodle_cookie('nobody');
        }
        set_login_session_preferences();
        add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $USER->id, 0, $USER->id);
        check_enrolment_plugins($USER);
        load_all_capabilities();
        // just fast copied this from some other module - might not work...
        if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
            $urltogo = $SESSION->wantsurl;
        } else {
            $urltogo = $CFG->wwwroot . '/';
        }
        unset($SESSION->wantsurl);
        redirect($urltogo);
    }
}
Exemplo n.º 8
0
/**
 * Call to complete the user login process after authenticate_user_login()
 * has succeeded. It will setup the $USER variable and other required bits
 * and pieces.
 *
 * NOTE:
 * - It will NOT log anything -- up to the caller to decide what to log.
 *
 * @uses $CFG, $USER
 * @param string $user obj
 * @return object A {@link $USER} object - BC only, do not use
 */
function complete_user_login($user, $setcookie = true)
{
    global $CFG, $USER, $SESSION;
    // check enrolments, load caps and setup $USER object
    session_set_user($user);
    update_user_login_times();
    set_login_session_preferences();
    if ($setcookie) {
        if (empty($CFG->nolastloggedin)) {
            set_moodle_cookie($USER->username);
        } else {
            // do not store last logged in user in cookie
            // auth plugins can temporarily override this from loginpage_hook()
            // do not save $CFG->nolastloggedin in database!
            set_moodle_cookie('nobody');
        }
    }
    /// Select password change url
    $userauth = get_auth_plugin($USER->auth);
    /// check whether the user should be changing password
    if (get_user_preferences('auth_forcepasswordchange', false)) {
        if ($userauth->can_change_password()) {
            if ($changeurl = $userauth->change_password_url()) {
                redirect($changeurl);
            } else {
                redirect($CFG->httpswwwroot . '/login/change_password.php');
            }
        } else {
            print_error('nopasswordchangeforced', 'auth');
        }
    }
    return $USER;
}