moodle/auth/shibboleth/index.php

<?php

    // Designed to be redirected from moodle/login/index.php

    require('../../config.php');

    $PAGE->set_url('/auth/shibboleth/index.php');

    if (isloggedin() && !isguestuser()) {      // Nothing to do
        if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
            $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
            unset($SESSION->wantsurl);

        } else {
            $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
            unset($SESSION->wantsurl);         /// Just in case
        }

        redirect($urltogo);

    }

    $pluginconfig   = get_config('auth/shibboleth');
    $shibbolethauth = get_auth_plugin('shibboleth');

    // Check whether Shibboleth is configured properly
    if (empty($pluginconfig->user_attribute)) {
        print_error('shib_not_set_up_error', 'auth');
     }

/// If we can find the Shibboleth attribute, save it in session and return to main login page
    if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
        $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
        $frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);
        // The random password consists of the first 8 letters of the base 64 encoded user ID
        // This password is never used unless the user account is converted to manual

    /// Check if the user has actually submitted login data to us

        if ($shibbolethauth->user_login($frm->username, $frm->password)) {

            $USER = authenticate_user_login($frm->username, $frm->password);

            $USER->loggedin = true;
            $USER->site     = $CFG->wwwroot; // for added security, store the site in the

            update_user_login_times();

            // Don't show previous shibboleth username on login page

            set_login_session_preferences();

            unset($SESSION->lang);
            $SESSION->justloggedin = true;

            add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);

            if (user_not_fully_set_up($USER)) {
                $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
                // We don't delete $SESSION->wantsurl yet, so we get there later

            } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
                $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
                unset($SESSION->wantsurl);

            } else {
                $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
                unset($SESSION->wantsurl);         /// Just in case
            }

            /// Go to my-moodle page instead of homepage if defaulthomepage enabled
            if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {
                if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
                    $urltogo = $CFG->wwwroot.'/my/';
                }
            }

            enrol_check_plugins($USER);
            load_all_capabilities();     /// This is what lets the user do anything on the site  :-)

            redirect($urltogo);

            exit;
        }

        else {
            // For some weird reason the Shibboleth user couldn't be authenticated
        }
    }

    // If we can find any (user independent) Shibboleth attributes but no user
    // attributes we probably didn't receive any user attributes
    elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
        print_error('shib_no_attributes_error', 'auth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
    } else {
        print_error('shib_not_set_up_error', 'auth');
    }
auth MDL-19788 Added PAGE->set_url calls and removed $Id tags 2009-10-15 02:34:31 +00:00			`<?php`

			`// Designed to be redirected from moodle/login/index.php`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00
			`require('../../config.php');`

MDL-21233 moodle_url improvemewnts, code simplification, more diagnostics; fixed several regressions 2010-01-16 15:39:56 +00:00			`$PAGE->set_url('/auth/shibboleth/index.php');`
auth MDL-19788 Added PAGE->set_url calls and removed $Id tags 2009-10-15 02:34:31 +00:00
MDL-23927 do not use = 'guest' because we have CFG->siteguest AND it matches any other username with accents and different case in MySQL 2010-08-25 08:43:42 +00:00			`if (isloggedin() && !isguestuser()) { // Nothing to do`
multiauth: migrated all files to the new OO API, written new API documentation Author: Martin Langhoff <martin@catalyst.net.nz> 2007-01-04 04:52:42 +00:00			`if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {`
this file now does the authentication and doesnt use Shibboleth lazy sessions anymore for various reasons, including security 2006-02-16 08:59:59 +00:00			`$urltogo = $SESSION->wantsurl; /// Because it's an address in this site`
			`unset($SESSION->wantsurl);`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00
this file now does the authentication and doesnt use Shibboleth lazy sessions anymore for various reasons, including security 2006-02-16 08:59:59 +00:00			`} else {`
			`$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page`
			`unset($SESSION->wantsurl); /// Just in case`
			`}`
MDL-8590 auth cleanup - part 1 2007-02-20 17:03:36 +00:00
this file now does the authentication and doesnt use Shibboleth lazy sessions anymore for various reasons, including security 2006-02-16 08:59:59 +00:00			`redirect($urltogo);`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
this file now does the authentication and doesnt use Shibboleth lazy sessions anymore for various reasons, including security 2006-02-16 08:59:59 +00:00			`}`
merged whitespace fix from MOODLE_16_STABLE 2006-06-02 16:42:40 +00:00
Merging fixes from MOODLE_15 2005-06-13 07:54:44 +00:00			`$pluginconfig = get_config('auth/shibboleth');`
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`$shibbolethauth = get_auth_plugin('shibboleth');`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
- Added support for Shibboleth data conversion API - Shib auth now checks for the four essential variables 2005-05-13 15:10:40 +00:00			`// Check whether Shibboleth is configured properly`
multiauth: migrated all files to the new OO API, written new API documentation Author: Martin Langhoff <martin@catalyst.net.nz> 2007-01-04 04:52:42 +00:00			`if (empty($pluginconfig->user_attribute)) {`
"MDL-14460, fix all the other get_context_instance, merged from MOODLE_19_STABLE" 2008-05-02 04:37:02 +00:00			`print_error('shib_not_set_up_error', 'auth');`
* empty log message * 2005-10-31 15:51:17 +00:00			`}`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00
Extended and corrected the error messages 2005-05-06 06:35:24 +00:00			`/// If we can find the Shibboleth attribute, save it in session and return to main login page`
multiauth: migrated all files to the new OO API, written new API documentation Author: Martin Langhoff <martin@catalyst.net.nz> 2007-01-04 04:52:42 +00:00			`if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login`
Merged changes from stable version 2007-07-11 08:04:12 +00:00			`$frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);`
multiauth: migrated all files to the new OO API, written new API documentation Author: Martin Langhoff <martin@catalyst.net.nz> 2007-01-04 04:52:42 +00:00			`$frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00			`// The random password consists of the first 8 letters of the base 64 encoded user ID`
MDL-8590 auth cleanup - part 1 2007-02-20 17:03:36 +00:00			`// This password is never used unless the user account is converted to manual`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00
			`/// Check if the user has actually submitted login data to us`
MDL-8590 auth cleanup - part 1 2007-02-20 17:03:36 +00:00
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`if ($shibbolethauth->user_login($frm->username, $frm->password)) {`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`$USER = authenticate_user_login($frm->username, $frm->password);`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`$USER->loggedin = true;`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00			`$USER->site = $CFG->wwwroot; // for added security, store the site in the`

Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00			`update_user_login_times();`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
MDL-10137 rewritten cookie test on login page, username cookie is not required any more - hopefully this will be more reliable test 2010-10-10 17:30:28 +00:00			`// Don't show previous shibboleth username on login page`
MDL-9742 - changed tabs to spaces in a few places where there are one or two 2007-05-08 15:07:25 +00:00
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00			`set_login_session_preferences();`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`unset($SESSION->lang);`
			`$SESSION->justloggedin = true;`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00			`if (user_not_fully_set_up($USER)) {`
			`$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;`
			`// We don't delete $SESSION->wantsurl yet, so we get there later`

			`} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {`
			`$urltogo = $SESSION->wantsurl; /// Because it's an address in this site`
			`unset($SESSION->wantsurl);`

			`} else {`
			`$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page`
			`unset($SESSION->wantsurl); /// Just in case`
			`}`
MDL-8590 auth cleanup - part 1 2007-02-20 17:03:36 +00:00
navigation MDL-22425 Fixed courses not being shown to logged in users and removed all traces of mymoodleredirect settings 2010-05-14 06:41:44 +00:00			`/// Go to my-moodle page instead of homepage if defaulthomepage enabled`
			`if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {`
Merged user capabilities fix for 1.7 2006-11-13 11:54:07 +00:00			`if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {`
			`$urltogo = $CFG->wwwroot.'/my/';`
			`}`
			`}`
MDL-8590 auth cleanup - part 1 2007-02-20 17:03:36 +00:00
MDL-21782 reworked enrolment framework, the core infrastructure is in place, the basic plugins are all implemented; see the tracker issue for list of unfinished bits, expect more changes and improvements during the next week AMOS START MOV [sendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage,enrol_self] MOV [configsendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage_desc,enrol_self] MOV [enrolstartdate,core],[enrolstartdate,enrol_self] MOV [enrolenddate,core],[enrolenddate,enrol_self] CPY [welcometocourse,core],[welcometocourse,enrol_self] CPY [welcometocoursetext,core],[welcometocoursetext,enrol_self] MOV [notenrollable,core],[notenrollable,core_enrol] MOV [enrolenddaterror,core],[enrolenddaterror,enrol_self] MOV [enrolmentkeyhint,core],[passwordinvalidhint,enrol_self] MOV [coursemanager,core_admin],[coursecontact,core_admin] MOV [configcoursemanager,core_admin],[coursecontact_desc,core_admin] MOV [enrolledincourserole,core],[enrolledincourserole,enrol_manual] MOV [enrolme,core],[enrolme,core_enrol] MOV [unenrol,core],[unenrol,core_enrol] MOV [unenrolme,core],[unenrolme,core_enrol] MOV [enrolmentnew,core],[enrolmentnew,core_enrol] MOV [enrolmentnewuser,core],[enrolmentnewuser,core_enrol] MOV [enrolments,core],[enrolments,core_enrol] MOV [enrolperiod,core],[enrolperiod,core_enrol] MOV [unenrolroleusers,core],[unenrolroleusers,core_enrol] AMOS END 2010-06-21 15:30:49 +00:00			`enrol_check_plugins($USER);`
Merged user capabilities fix for 1.7 2006-11-13 11:54:07 +00:00			`load_all_capabilities(); /// This is what lets the user do anything on the site :-)`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00
			`redirect($urltogo);`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`exit;`
MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00			`}`

Merging authentication changes back to head 2007-03-09 13:20:55 +00:00			`else {`
			`// For some weird reason the Shibboleth user couldn't be authenticated`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00			`}`
this file now does the authentication and doesnt use Shibboleth lazy sessions anymore for various reasons, including security 2006-02-16 08:59:59 +00:00			`}`
MDL-8590 auth cleanup - part 1 2007-02-20 17:03:36 +00:00
			`// If we can find any (user independent) Shibboleth attributes but no user`
* empty log message * 2005-10-31 15:51:17 +00:00			`// attributes we probably didn't receive any user attributes`
Merged various fixes from 19 stable 2008-12-08 10:49:44 +00:00			`elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) \|\| !empty($_SERVER['Shib-Application-ID'])) {`
"MDL-14460, fix all the other get_context_instance, merged from MOODLE_19_STABLE" 2008-05-02 04:37:02 +00:00			`print_error('shib_no_attributes_error', 'auth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');`
this file now does the authentication and doesnt use Shibboleth lazy sessions anymore for various reasons, including security 2006-02-16 08:59:59 +00:00			`} else {`
"MDL-14460, fix all the other get_context_instance, merged from MOODLE_19_STABLE" 2008-05-02 04:37:02 +00:00			`print_error('shib_not_set_up_error', 'auth');`
Moved login.php to index.php in shibboleth 2005-04-17 13:06:25 +00:00			`}`

MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00