/** * Require key login. Function terminates with error if key not found or incorrect. * * @uses NO_MOODLE_COOKIES * @uses PARAM_ALPHANUM * @param string $script unique script identifier * @param int $instance optional instance id * @return int Instance ID */ function require_user_key_login($script, $instance = null) { global $DB; if (!NO_MOODLE_COOKIES) { print_error('sessioncookiesdisable'); } // Extra safety. \core\session\manager::write_close(); $keyvalue = required_param('key', PARAM_ALPHANUM); $key = validate_user_key($keyvalue, $script, $instance); if (!($user = $DB->get_record('user', array('id' => $key->userid)))) { print_error('invaliduserid'); } // Emulate normal session. enrol_check_plugins($user); \core\session\manager::set_user($user); // Note we are not using normal login. if (!defined('USER_KEY_LOGIN')) { define('USER_KEY_LOGIN', true); } // Return instance id - it might be empty. return $key->instance; }
$context = context_system::instance(); $PAGE->set_context($context); // Force https. $PAGE->https_required(); // Check if the user is already logged-in. if (isloggedin() and !isguestuser()) { delete_user_key('tool_mobile', $userid); if ($USER->id == $userid) { redirect($urltogo); } else { throw new moodle_exception('alreadyloggedin', 'error', '', format_string(fullname($USER))); } } tool_mobile\api::check_autologin_prerequisites($userid); // Validate and delete the key. $key = validate_user_key($key, 'tool_mobile', null); delete_user_key('tool_mobile', $userid); // Double check key belong to user. if ($key->userid != $userid) { throw new moodle_exception('invalidkey'); } // Key validated, now require an active user: not guest, not suspended. $user = core_user::get_user($key->userid, '*', MUST_EXIST); core_user::require_active_user($user, true, true); // Do the user log-in. if (!($user = get_complete_user_data('id', $user->id))) { throw new moodle_exception('cannotfinduser', '', '', $user->id); } complete_user_login($user); \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); redirect($urltogo);