moodle/auth/ldap/ntlmsso_attempt.php

<?php

require(__DIR__.'/../../config.php');

//HTTPS is required in this page when $CFG->loginhttps enabled
$PAGE->https_required();

$PAGE->set_url('/auth/ldap/ntlmsso_attempt.php');
$PAGE->set_context(context_system::instance());

// Define variables used in page
$site = get_site();

$authsequence = get_enabled_auth_plugins(true); // auths, in sequence
if (!in_array('ldap', $authsequence, true)) {
    print_error('ldap_isdisabled', 'auth');
}

$authplugin = get_auth_plugin('ldap');
if (empty($authplugin->config->ntlmsso_enabled)) {
    print_error('ntlmsso_isdisabled', 'auth_ldap');
}

$sesskey = sesskey();

// Display the page header. This makes redirect respect the timeout we specify
// here (and not add 3 more secs) which in turn prevents a bug in both IE 6.x
// and FF 3.x (Windows version at least) where javascript timers fire up even
// when we've already left the page that set the timer.
$loginsite = get_string("loginsite");
$PAGE->navbar->add($loginsite);
$PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading($site->fullname);
echo $OUTPUT->header();

// $PAGE->https_required() up above takes care of what $CFG->httpswwwroot should be.
$msg = '<p>'.get_string('ntlmsso_attempting', 'auth_ldap').'</p>'
    . '<img width="1", height="1" '
    . ' src="' . $CFG->httpswwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='
    . $sesskey . '" />';
redirect($CFG->httpswwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3);
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00			`<?php`

MDL-35628 performance: Remove dirname() where possible. dirname() is a slow function compared with __DIR__ and using '/../'. Moodle has a large number of legacy files that are included each time a page loads and is not able to use an autoloader as it is functional code. This allows those required includes to perform as best as possible in this situation. 2016-02-26 17:47:58 +11:00			`require(__DIR__.'/../../config.php');`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00
MDL-16723 automatic redirects to https when loginhttps enabled - this solves accidental usage of http version + it also solves recent navigation regressions + fixed regression from PAGE conversions + deprecated old httpsrequired() and $HTTPSPAGEREQUIRED 2010-10-10 15:04:19 +00:00			`//HTTPS is required in this page when $CFG->loginhttps enabled`
			`$PAGE->https_required();`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00
MDL-21233 moodle_url improvemewnts, code simplification, more diagnostics; fixed several regressions 2010-01-16 15:39:56 +00:00			`$PAGE->set_url('/auth/ldap/ntlmsso_attempt.php');`
MDL-34471 libraries: Replace all uses of get_context_instance() with respective context_XXXX::instance() method 2012-08-02 11:20:48 +08:00			`$PAGE->set_context(context_system::instance());`
auth MDL-19788 Added PAGE->set_url calls and removed $Id tags 2009-10-15 02:34:31 +00:00
auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor They now share most of the code again, this time via subclassing, and they share some code with enrol/ldap. They have also gained some features and a few fixes. 2010-07-25 22:36:15 +00:00			`// Define variables used in page`
MDL-20697 removing duplicate error string, fixing get_site() which is now using exceptions 2009-11-01 09:10:09 +00:00			`$site = get_site();`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00
			`$authsequence = get_enabled_auth_plugins(true); // auths, in sequence`
auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor They now share most of the code again, this time via subclassing, and they share some code with enrol/ldap. They have also gained some features and a few fixes. 2010-07-25 22:36:15 +00:00			`if (!in_array('ldap', $authsequence, true)) {`
			`print_error('ldap_isdisabled', 'auth');`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00			`}`

			`$authplugin = get_auth_plugin('ldap');`
			`if (empty($authplugin->config->ntlmsso_enabled)) {`
auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor They now share most of the code again, this time via subclassing, and they share some code with enrol/ldap. They have also gained some features and a few fixes. 2010-07-25 22:36:15 +00:00			`print_error('ntlmsso_isdisabled', 'auth_ldap');`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00			`}`

			`$sesskey = sesskey();`

NTLM SSO: MDL-14584 Fix for several outstanding NTLM SSO issues. These include: MDL-14078: redirect() doubles the specified timeout when we haven't printed the page header and uses javascript to execute the redirect. This is interacting badly with some versions of IE and FF (at least 3.0.x Windows version) that fireup javascript timers even if we already left the page where we set those up. Just print the page header (we are printing other content anyway) to make redirect respect our timeouts. MDL-14071: All the relevant details are in the description of the bug :) MDL-14297: This is probably the same as MDL-14078 2009-02-14 16:21:14 +00:00			`// Display the page header. This makes redirect respect the timeout we specify`
			`// here (and not add 3 more secs) which in turn prevents a bug in both IE 6.x`
			`// and FF 3.x (Windows version at least) where javascript timers fire up even`
			`// when we've already left the page that set the timer.`
			`$loginsite = get_string("loginsite");`
auth MDL-19788 Upgraded print_header and build_navigation calls to use PAGE and OUTPUT equivilants 2009-09-03 05:40:41 +00:00			`$PAGE->navbar->add($loginsite);`
			`$PAGE->set_title("$site->fullname: $loginsite");`
			`$PAGE->set_heading($site->fullname);`
			`echo $OUTPUT->header();`
NTLM SSO: MDL-14584 Fix for several outstanding NTLM SSO issues. These include: MDL-14078: redirect() doubles the specified timeout when we haven't printed the page header and uses javascript to execute the redirect. This is interacting badly with some versions of IE and FF (at least 3.0.x Windows version) that fireup javascript timers even if we already left the page where we set those up. Just print the page header (we are printing other content anyway) to make redirect respect our timeouts. MDL-14071: All the relevant details are in the description of the bug :) MDL-14297: This is probably the same as MDL-14078 2009-02-14 16:21:14 +00:00
MDL-23254 Authentication : used httpswwwroot as root url during authentication procedure where $PAGE->https_required() is specified. 2012-06-28 15:32:33 +08:00			`// $PAGE->https_required() up above takes care of what $CFG->httpswwwroot should be.`
auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor They now share most of the code again, this time via subclassing, and they share some code with enrol/ldap. They have also gained some features and a few fixes. 2010-07-25 22:36:15 +00:00			`$msg = '<p>'.get_string('ntlmsso_attempting', 'auth_ldap').'</p>'`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00			`. '<img width="1", height="1" '`
MDL-23254 Authentication : used httpswwwroot as root url during authentication procedure where $PAGE->https_required() is specified. 2012-06-28 15:32:33 +08:00			`. ' src="' . $CFG->httpswwwroot . '/auth/ldap/ntlmsso_magic.php?sesskey='`
MDL-9399 auth/ldap: Add NTLM SSO pages These pages control the process of attempting an NTLM SSO login safely. This is very draft and needs real-world testing and polish. And string localisation too ;-) * If NTLM SSO is enabled, and the user's IP addr is in the right subnet, the loginpage_hook() of auth/ldap redirects to ntlmsso_attempt.php * ntlmsso_attempt.php will display a "redirect" msg with an img tag pointing to ntlmsso_magic.php, a 3s wait, and a redirect to ntlmsso_finish.php * ntlmsso_magic.php should be configured to have "Integrated Windows Authentication". If it does, it will serve a spacer gif and call ntlmsso_magic() * ntlmsso_finish.php calls ntlmsso_finish() to complete the SSO and handles failures. 2007-11-14 22:08:38 +00:00			`. $sesskey . '" />';`
MDL-23254 Authentication : used httpswwwroot as root url during authentication procedure where $PAGE->https_required() is specified. 2012-06-28 15:32:33 +08:00			`redirect($CFG->httpswwwroot . '/auth/ldap/ntlmsso_finish.php', $msg, 3);`