public function test_apply_concurrent_login_limit() { global $DB; $this->resetAfterTest(); $user1 = $this->getDataGenerator()->create_user(); $user2 = $this->getDataGenerator()->create_user(); $guest = guest_user(); $record = new \stdClass(); $record->state = 0; $record->sessdata = null; $record->userid = $user1->id; $record->timemodified = time(); $record->firstip = $record->lastip = '10.0.0.1'; $record->sid = md5('hokus1'); $record->timecreated = 20; $DB->insert_record('sessions', $record); $record->sid = md5('hokus2'); $record->timecreated = 10; $DB->insert_record('sessions', $record); $record->sid = md5('hokus3'); $record->timecreated = 30; $DB->insert_record('sessions', $record); $record->userid = $user2->id; $record->sid = md5('pokus1'); $record->timecreated = 20; $DB->insert_record('sessions', $record); $record->sid = md5('pokus2'); $record->timecreated = 10; $DB->insert_record('sessions', $record); $record->sid = md5('pokus3'); $record->timecreated = 30; $DB->insert_record('sessions', $record); $record->timecreated = 10; $record->userid = $guest->id; $record->sid = md5('g1'); $DB->insert_record('sessions', $record); $record->sid = md5('g2'); $DB->insert_record('sessions', $record); $record->sid = md5('g3'); $DB->insert_record('sessions', $record); $record->userid = 0; $record->sid = md5('nl1'); $DB->insert_record('sessions', $record); $record->sid = md5('nl2'); $DB->insert_record('sessions', $record); $record->sid = md5('nl3'); $DB->insert_record('sessions', $record); set_config('limitconcurrentlogins', 0); $this->assertCount(12, $DB->get_records('sessions')); \core\session\manager::apply_concurrent_login_limit($user1->id); \core\session\manager::apply_concurrent_login_limit($user2->id); \core\session\manager::apply_concurrent_login_limit($guest->id); \core\session\manager::apply_concurrent_login_limit(0); $this->assertCount(12, $DB->get_records('sessions')); set_config('limitconcurrentlogins', -1); \core\session\manager::apply_concurrent_login_limit($user1->id); \core\session\manager::apply_concurrent_login_limit($user2->id); \core\session\manager::apply_concurrent_login_limit($guest->id); \core\session\manager::apply_concurrent_login_limit(0); $this->assertCount(12, $DB->get_records('sessions')); set_config('limitconcurrentlogins', 2); \core\session\manager::apply_concurrent_login_limit($user1->id); $this->assertCount(11, $DB->get_records('sessions')); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 20))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 30))); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 10))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10))); set_config('limitconcurrentlogins', 2); \core\session\manager::apply_concurrent_login_limit($user2->id, md5('pokus2')); $this->assertCount(10, $DB->get_records('sessions')); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10))); \core\session\manager::apply_concurrent_login_limit($guest->id); \core\session\manager::apply_concurrent_login_limit(0); $this->assertCount(10, $DB->get_records('sessions')); set_config('limitconcurrentlogins', 1); \core\session\manager::apply_concurrent_login_limit($user1->id, md5('grrr')); $this->assertCount(9, $DB->get_records('sessions')); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 20))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 30))); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 10))); \core\session\manager::apply_concurrent_login_limit($user1->id); $this->assertCount(9, $DB->get_records('sessions')); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 20))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 30))); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user1->id, 'timecreated' => 10))); \core\session\manager::apply_concurrent_login_limit($user2->id, md5('pokus2')); $this->assertCount(8, $DB->get_records('sessions')); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20))); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10))); \core\session\manager::apply_concurrent_login_limit($user2->id); $this->assertCount(8, $DB->get_records('sessions')); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 20))); $this->assertFalse($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 30))); $this->assertTrue($DB->record_exists('sessions', array('userid' => $user2->id, 'timecreated' => 10))); \core\session\manager::apply_concurrent_login_limit($guest->id); \core\session\manager::apply_concurrent_login_limit(0); $this->assertCount(8, $DB->get_records('sessions')); }
unset($SESSION->lang); } } if (empty($user->confirmed)) { // This account was never confirmed $PAGE->set_title(get_string("mustconfirm")); $PAGE->set_heading($site->fullname); echo $OUTPUT->header(); echo $OUTPUT->heading(get_string("mustconfirm")); echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter"); echo $OUTPUT->footer(); die; } /// Let's get them all set up. complete_user_login($user); \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); // sets the username cookie if (!empty($CFG->nolastloggedin)) { // do not store last logged in user in cookie // auth plugins can temporarily override this from loginpage_hook() // do not save $CFG->nolastloggedin in database! } else { if (empty($CFG->rememberusername) or $CFG->rememberusername == 2 and empty($frm->rememberusername)) { // no permanent cookies, delete old one if exists set_moodle_cookie(''); } else { set_moodle_cookie($USER->username); } } $urltogo = core_login_get_return_url(); /// check if user password has expired
/** * This function processes a user's submitted token to validate the request to set a new password. * If the user's token is validated, they are prompted to set a new password. * @param string $token the one-use identifier which should verify the password reset request as being valid. * @return void */ function core_login_process_password_set($token) { global $DB, $CFG, $OUTPUT, $PAGE, $SESSION; require_once $CFG->dirroot . '/user/lib.php'; $pwresettime = isset($CFG->pwresettime) ? $CFG->pwresettime : 1800; $sql = "SELECT u.*, upr.token, upr.timerequested, upr.id as tokenid\n FROM {user} u\n JOIN {user_password_resets} upr ON upr.userid = u.id\n WHERE upr.token = ?"; $user = $DB->get_record_sql($sql, array($token)); $forgotpasswordurl = "{$CFG->httpswwwroot}/login/forgot_password.php"; if (empty($user) or $user->timerequested < time() - $pwresettime - DAYSECS) { // There is no valid reset request record - not even a recently expired one. // (suspicious) // Direct the user to the forgot password page to request a password reset. echo $OUTPUT->header(); notice(get_string('noresetrecord'), $forgotpasswordurl); die; // Never reached. } if ($user->timerequested < time() - $pwresettime) { // There is a reset record, but it's expired. // Direct the user to the forgot password page to request a password reset. $pwresetmins = floor($pwresettime / MINSECS); echo $OUTPUT->header(); notice(get_string('resetrecordexpired', '', $pwresetmins), $forgotpasswordurl); die; // Never reached. } if ($user->auth === 'nologin' or !is_enabled_auth($user->auth)) { // Bad luck - user is not able to login, do not let them set password. echo $OUTPUT->header(); print_error('forgotteninvalidurl'); die; // Never reached. } // Check this isn't guest user. if (isguestuser($user)) { print_error('cannotresetguestpwd'); } // Token is correct, and unexpired. $mform = new login_set_password_form(null, $user, 'post', '', 'autocomplete="yes"'); $data = $mform->get_data(); if (empty($data)) { // User hasn't submitted form, they got here directly from email link. // Next, display the form. $setdata = new stdClass(); $setdata->username = $user->username; $setdata->username2 = $user->username; $setdata->token = $user->token; $mform->set_data($setdata); $PAGE->verify_https_required(); echo $OUTPUT->header(); echo $OUTPUT->box(get_string('setpasswordinstructions'), 'generalbox boxwidthnormal boxaligncenter'); $mform->display(); echo $OUTPUT->footer(); return; } else { // User has submitted form. // Delete this token so it can't be used again. $DB->delete_records('user_password_resets', array('id' => $user->tokenid)); $userauth = get_auth_plugin($user->auth); if (!$userauth->user_update_password($user, $data->password)) { print_error('errorpasswordupdate', 'auth'); } user_add_password_history($user->id, $data->password); if (!empty($CFG->passwordchangelogout)) { \core\session\manager::kill_user_sessions($user->id, session_id()); } // Reset login lockout (if present) before a new password is set. login_unlock_account($user); // Clear any requirement to change passwords. unset_user_preference('auth_forcepasswordchange', $user); unset_user_preference('create_password', $user); if (!empty($user->lang)) { // Unset previous session language - use user preference instead. unset($SESSION->lang); } complete_user_login($user); // Triggers the login event. \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); $urltogo = core_login_get_return_url(); unset($SESSION->wantsurl); redirect($urltogo, get_string('passwordset'), 1); } }