mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 04:52:36 +02:00
Code Issues Projects Releases Wiki Activity

MDL-8590 auth cleanup - part 1

Browse Source
This commit is contained in:
skodak 2007-02-20 17:03:36 +00:00
parent 37b9e8bccc
commit 139ebfdb3b
44 changed files with 1465 additions and 1339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
auth/README
View File

@ -1,9 +1,9 @@
This directory contains authentication modules.
Each of these modules describes a different way to
check that a user has provided a correct
Each of these modules describes a different way to
check that a user has provided a correct
- username, and
- username, and
- password.
Even when external forms of authentication are being used, Moodle still
@ -22,18 +22,18 @@ part of the enabled plugin sequence).
email - authentication by email (DEFAULT METHOD)
- user fills out form with email address
- email sent to user with link
- email sent to user with link
- user clicks on link in email to confirm
- user account is created
- user can log in
none - no authentication at all .. very insecure!!
- user logs in using ANY username and password
- if the username doesn't already exist then
a new account is created
- when user tries to access a course they
- when user tries to access a course they
are forced to set up their account details
manual - internal authentication only
@ -81,7 +81,7 @@ nntp - Uses an external NNTP server
db - Uses an external database to check username/password
- user logs in using username and password
- these are checked against an external database
- if correct, user is logged in
@ -203,14 +203,14 @@ AUTHENTICATION
Basic fuctions to authenticate users with external db.
Mandatory:
Mandatory:
auth_plugin_foo()
Constructor. At the least, it populates config member variable with settings
from the Moodle database. It makes sense to put other startup code here.
user_login($username, $password)
user_login($username, $password)
Authenticate username, password with userdatabase.
@ -225,7 +225,7 @@ Optional:
Query other userinformation from database.
Returns:
Userinformation in array ( name => value, ....
Userinformation in array ( name => value, ....
or false in case of error
@ -251,9 +251,9 @@ USER CREATION
Functions that enable usercreation, activation and deactivation
from moodle to external database
user_exists ($username)
user_exists ($username)
Checks if given username exist on external db
@ -261,7 +261,7 @@ from moodle to external database
true if given usernname exist or false
user_create ($userobject,$plainpass)
user_create ($userobject,$plainpass)
Creates new user to external db. User should be created
in inactive stage until confirmed by email.
@ -270,7 +270,7 @@ from moodle to external database
True on success otherwise false
user_activate ($username)
user_activate ($username)
activate new user after email-address is confirmed
@ -297,11 +297,3 @@ USER INFORMATION AND SYNCRONIZATION
All usernames in array or false on error.
get_users($filter='*')
Get ALL USEROBJECTS FROM EXTERNAL DB.
Returns:
Array of all users as objects from external db

9
auth/README2
View File

@ -11,9 +11,6 @@ get_auth_plugin() that does the work for you:
$ldapauth = get_auth_plugin('ldap');
If an auth is not specified, get_auth_plugin() will return you the auth plugin
defined in the $CFG->auth variable.
Auth plugin classes are pretty basic. They contain the same functions that were
previously in each plugin's lib.php file, but refactored to become class
methods, and tweaked to reference the plugin's instantiated config to get at the
@ -63,6 +60,7 @@ user_login($username, $password)
This is the primary method that is used by the authenticate_user_login()
function in moodlelib.php. This method should return a boolean indicating
whether or not the username and password authenticate successfully.
Both parameter must have magic quotes applied.
is_internal()
Returns true if this authentication plugin is "internal" (which means that
@ -79,9 +77,10 @@ change_password_url()
Other Methods
-----------------
get_userinfo()
get_userinfo($username)
This method should return an array of fields from the authentication source
for the given username.
for the given username. Username parameter must have magic quotes applied.
The returned array does not have magic quotes applied.
Upgrading from Moodle 1.7
-----------------------------

2
auth/cas/README-CAS
View File

@ -2,6 +2,6 @@ CAS-module README
Please read comments from lib.php for auth/cas module
The auth/cas module is using part of the /auth/ldap module. The /auth/ldap directory should exist.
The auth/cas use the PHPCAS project from http://esup-phpcas.sourceforge.net
The auth/cas use the PHPCAS project from http://esup-phpcas.sourceforge.net

23
auth/cas/auth.php
View File

@ -11,8 +11,9 @@
* 2006-08-28 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* CAS authentication plugin.
@ -38,21 +39,21 @@ class auth_plugin_cas {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
if (! function_exists('ldap_connect')) {
print_error('auth_casnotinstalled','mnet');
return false;
}
global $CFG;
// don't allow blank usernames or passwords
if (!$username or !$password) {
return false;
}
// CAS specific
if ($CFG->auth == "cas" and !empty($this->config->enabled)) {
if ($this->config->create_user == '0') {
@ -72,7 +73,7 @@ class auth_plugin_cas {
if ($ldap_connection) {
$ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
// if ldap_user_dn is empty, user does not exist
if (!$ldap_user_dn) {
ldap_close($ldap_connection);
@ -205,7 +206,7 @@ class auth_plugin_cas {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -215,7 +216,7 @@ class auth_plugin_cas {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
@ -229,7 +230,7 @@ class auth_plugin_cas {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include 'config.html';
}
@ -237,7 +238,7 @@ class auth_plugin_cas {
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return $this->config->changepasswordurl;
@ -288,7 +289,7 @@ class auth_plugin_cas {
set_config('changepasswordurl', $config->changepasswordurl, 'auth/cas');
// save LDAP settings
// TODO: Do we want the CAS LDAP settings to be separate from the LDAP settings?
// TODO: settings must be separated now that we have multiauth!
$ldapauth = get_auth_plugin('ldap');
$ldapauth->process_config($config);

27
auth/cas/auth_ldap_sync_users.php
View File

@ -2,31 +2,33 @@
/** auth_ldap_sync_users.php
* Modified for cas Module
*
* This script is meant to be called from a cronjob to sync moodle with the LDAP
* This script is meant to be called from a cronjob to sync moodle with the LDAP
* backend in those setups where the LDAP backend acts as 'master'.
*
*
* Recommended cron entry:
* # 5 minutes past 4am
* 5 4 * * * /usr/bin/php -c /etc/php4/cli/php.ini /var/www/moodle/auth/ldap/auth_ldap_sync_users.php
*
* Notes:
*
* Notes:
* - If you have a large number of users, you may want to raise the memory limits
* by passing -d momory_limit=256M
* - For debugging & better logging, you are encouraged to use in the command line:
* -d log_errors=1 -d error_reporting=E_ALL -d display_errors=0 -d html_errors=0
*
*
* Performance notes:
* We have optimized it as best as we could for Postgres and mySQL, with 27K students
* we have seen this take 10 minutes.
*
* we have seen this take 10 minutes.
*
*/
if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
error_log("should not be called from apache!");
if (isset($_SERVER['REMOTE_ADDR'])) {
error_log("should not be called from web server!");
exit;
}
$nomoodlecookie = true; // cookie not needed
require_once(dirname(dirname(dirname(__FILE__))).'/config.php'); // global moodle config file.
require_once($CFG->dirroot.'/course/lib.php');
@ -34,7 +36,12 @@ require_once($CFG->dirroot.'/lib/blocklib.php');
require_once($CFG->dirroot.'/mod/resource/lib.php');
require_once($CFG->dirroot.'/mod/forum/lib.php');
require_once($CFG->dirroot.'/lib/moodlelib.php');
$CFG->debug=10;
if (!is_enabled_auth('cas')) {
echo "Plugin not enabled!";
die;
}
$casauth = get_auth_plugin('cas');
$casauth->sync_users(1000, true);

16
auth/cas/config.html
View File

@ -52,7 +52,7 @@
unset($options);
$options[1] = get_string('yes');
choose_from_menu ($options, 'use_cas', $config->use_cas, get_string('no'), '', '');
?>
</td>
<td><?php print_string('auth_cas_enabled', 'auth') ?></td>
@ -63,11 +63,11 @@
<td>
<input name="hostname" type="text" size="30" value="<?php echo $config->hostname ?>" />
<?php
if (isset($err['hostname'])) {
formerr($err['hostname']);
}
}
?>
</td>
<td><?php print_string('auth_cas_hostname', 'auth') ?></td>
@ -78,11 +78,11 @@
<td>
<input name="baseuri" type="text" size="30" value="<?php echo $config->baseuri ?>" />
<?php
if (isset($err['baseuri'])) {
formerr($err['baseuri']);
}
?>
</td>
<td><?php print_string('auth_cas_baseuri', 'auth') ?></td>
@ -93,11 +93,11 @@
<td>
<input name="port" type="text" size="30" value="<?php echo $config->port ?>" />
<?php
if (isset($err['port'])) {
formerr($err['port']);
}
?>
</td>
<td><?php print_string('auth_cas_port', 'auth') ?></td>

4
auth/cas/index_form.html
View File

@ -12,7 +12,7 @@
<tr>
<td width="50%" align="center" valign="top" class="generalbox">
<p><?php print_string("loginusing") ?>:<br />
(<?php print_string("cookiesenabled");?>)
(<?php print_string("cookiesenabled");?>)
<?php helpbutton("cookies", get_string("cookiesenabled"))?><br /><?php formerr($errormsg) ?>
</p>
<form action="index.php" method="post" id="login">
@ -41,7 +41,7 @@
$changebuttonname = get_string("senddetails");
?>
<hr width="80%" />
<p><?php print_string("forgotten") ?></p>
<p><?php print_string("forgotten") ?></p>
<form action="<?php p($changepassword) ?>" method="get" id="changepassword">
<input type="submit" value="<?php p($changebuttonname) ?>" />
</form>

42
auth/cas/login.php
View File

@ -70,8 +70,8 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
update_login_count();
if ($user) {
if (! $user->confirmed ) { // they never confirmed via email
print_header(get_string("mustconfirm"), get_string("mustconfirm") );
if (! $user->confirmed ) { // they never confirmed via email
print_header(get_string("mustconfirm"), get_string("mustconfirm") );
print_heading(get_string("mustconfirm"));
print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
print_footer();
@ -91,7 +91,7 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
$USER->firstname = get_string("guestuser"); // Name always in current language
$USER->lastname = " ";
}
if (!update_user_login_times()) {
error("Wierd error: could not update login records");
}
@ -111,7 +111,7 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
$userauth = get_auth_plugin($USER->auth);
if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
}
}
// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false)) {
@ -122,7 +122,7 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
}
}
add_to_log(SITEID, "user", "login", "view.php?id=$user->id&course=".SITEID, $user->id, 0, $user->id);
if (user_not_fully_set_up($USER)) {
@ -143,12 +143,12 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
if ($ldapauth->config->expiration == 1) {
$days2expire = $ldapauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0 ) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
@ -162,7 +162,7 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
redirect($urltogo);
exit;
} else {
if ($CFG->auth == "cas" ) { /// CAS error login
$errormsg = get_string("invalidcaslogin");
@ -174,8 +174,8 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
}
$user = $casauth->automatic_authenticate($user);
if ($user) {
if (! $user->confirmed ) { // they never confirmed via email
print_header(get_string("mustconfirm"), get_string("mustconfirm") );
if (! $user->confirmed ) { // they never confirmed via email
print_header(get_string("mustconfirm"), get_string("mustconfirm") );
print_heading(get_string("mustconfirm"));
print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
print_footer();
@ -226,7 +226,7 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
}
}
add_to_log(SITEID, "user", "login", "view.php?id=$user->id&course=".SITEID, $user->id, 0, $user->id);
if (user_not_fully_set_up($USER)) {
@ -247,12 +247,12 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
if ($ldapauth->config->expiration == 1) {
$days2expire = $ldapauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0 ) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
@ -278,18 +278,18 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
}
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = array_key_exists('HTTP_REFERER',$_SERVER) ? $_SERVER["HTTP_REFERER"] : $CFG->wwwroot.'/';
$SESSION->wantsurl = array_key_exists('HTTP_REFERER',$_SERVER) ? $_SERVER["HTTP_REFERER"] : $CFG->wwwroot.'/';
}
if (get_moodle_cookie() == '') {
if (get_moodle_cookie() == '') {
set_moodle_cookie('nobody'); // To help search for cookies
}
if (empty($frm->username)) {
$frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
$frm->password = "";
}
if (!empty($frm->username)) {
$focus = "login.password";
} else {
@ -301,8 +301,8 @@ defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
} else {
$show_instructions = false;
}
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
include($CFG->dirroot.'/auth/cas/index_form.html');
print_footer();

302
auth/db/auth.php
View File

@ -45,7 +45,7 @@ class auth_plugin_db {
*
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
function user_login($username, $password) {
global $CFG;
@ -53,17 +53,7 @@ class auth_plugin_db {
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
$extpassword = $textlib->convert(stripslashes($password), 'utf-8', $this->config->extencoding);
// Connect to the external database (forcing new connection)
$authdb = &ADONewConnection($this->config->type);
if (!empty($this->config->debugauthdb)) {
$authdb->debug = true;
ob_start();//start output buffer to allow later use of the page headers
}
$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
if (!empty($this->config->setupsql)) {
$authdb->Execute($this->config->setupsql);
}
$authdb = $this->db_init();
if ($this->config->passtype === 'internal') {
// lookup username externally, but resolve
@ -108,7 +98,7 @@ class auth_plugin_db {
return false;
}
if ( $rs->RecordCount() ) {
if ($rs->RecordCount()) {
return true;
} else {
return false;
@ -117,20 +107,7 @@ class auth_plugin_db {
}
}
/**
* Reads any other information for a user from external database,
* then returns it in an array
*
* @param string $username (with system magic quotes)
*/
function get_userinfo($username) {
global $CFG;
$textlib = textlib_get_instance();
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
function db_init() {
// Connect to the external database (forcing new connection)
$authdb = &ADONewConnection($this->config->type);
if (!empty($this->config->debugauthdb)) {
@ -143,18 +120,47 @@ class auth_plugin_db {
$authdb->Execute($this->config->setupsql);
}
return $authdb;
}
/**
* retuns user attribute mappings between moodle and ldap
*
* @return array
*/
function db_attributes() {
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
"idnumber", "lang");
//Array to map local fieldnames we want, to external fieldnames
$selectfields = array();
"idnumber", "lang" );
$moodleattributes = array();
foreach ($fields as $field) {
if (!empty($this->config->{'field_map_' . $field})) {
$selectfields[$field] = $this->config->{'field_map_' . $field};
if (!empty($this->config->{"field_map_$field"})) {
$moodleattributes[$field] = $this->config->{"field_map_$field"};
}
}
$moodleattributes['username'] = $this->config->fielduser;
return $moodleattributes;
}
/**
* Reads any other information for a user from external database,
* then returns it in an array
*
* @param string $username (with system magic quotes)
*
* @return array without magic quotes
*/
function get_userinfo($username) {
global $CFG;
$textlib = textlib_get_instance();
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
$authdb = $this->db_init();
//Array to map local fieldnames we want, to external fieldnames
$selectfields = $this->db_attributes();
$result = array();
//If at least one field is mapped from external db, get that mapped data:
if ($selectfields) {
@ -193,7 +199,7 @@ class auth_plugin_db {
global $CFG;
if ($this->config->passtype === 'internal') {
update_internal_user_password($user, $newpassword, true);
update_internal_user_password($user, $newpassword);
} else {
// we should have never been called!
return false;
@ -215,60 +221,68 @@ class auth_plugin_db {
* This implementation is simpler but less scalable than the one found in the LDAP module.
*
*/
function sync_users ($do_updates=false) {
function sync_users($do_updates=false) {
global $CFG;
$pcfg = get_config('auth/db');
///
/// list external users
///
/// list external users
$userlist = $this->get_userlist();
$quoteduserlist = implode("', '", addslashes_recursive($userlist));
$quoteduserlist = "'$quoteduserlist'";
///
/// delete obsolete internal users
///
/// delete obsolete internal users
if (!empty($this->config->removeuser)) {
// find obsolete users
if (count($userlist)) {
$sql = 'SELECT u.id, u.username
FROM ' . $CFG->prefix .'user u
WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username NOT IN (' . $quoteduserlist . ')';
} else {
$sql = 'SELECT u.id, u.username
FROM ' . $CFG->prefix .'user u
WHERE u.auth=\'db\' AND u.deleted=\'0\' ';
}
$remove_users = get_records_sql($sql);
if (!empty($remove_users)) {
print_string('auth_dbuserstoremove','auth', count($remove_users));
echo "\n";
begin_sql();
foreach ($remove_users as $user) {
//following is copy pasted from admin/user.php
//maybe this should moved to function in lib/datalib.php
$updateuser = new object();
$updateuser->id = $user->id;
$updateuser->deleted = 1;
$updateuser->timemodified = time();
if (update_record('user', $updateuser)) {
echo "\t";
print_string('auth_dbdeleteuser', 'auth', array($user->username, $user->id));
echo "\n";
} else {
echo "\t";
print_string('auth_dbdeleteusererror', 'auth', $user->username);
echo "\n";
}
//copy pasted part ends
// find obsolete users
if (count($userlist)) {
$sql = "SELECT u.id, u.username, u.email
FROM {$CFG->prefix}user u
WHERE u.auth='db' AND u.deleted=0 AND u.username NOT IN ($quoteduserlist)";
} else {
$sql = "SELECT u.id, u.username, u.email
FROM {$CFG->prefix}user u
WHERE u.auth='db' AND u.deleted=0";
}
commit_sql();
$remove_users = get_records_sql($sql);
if (!empty($remove_users)) {
print_string('auth_dbuserstoremove','auth', count($remove_users)); echo "\n";
begin_sql();
foreach ($remove_users as $user) {
if ($this->config->removeuser == 2) {
//following is copy pasted from admin/user.php
//maybe this should moved to function in lib/datalib.php
$updateuser = new object();
$updateuser->id = $user->id;
$updateuser->deleted = 1;
$updateuser->username = addslashes("$user->email.".time()); // Remember it just in case
$updateuser->email = ''; // Clear this field to free it up
$updateuser->idnumber = ''; // Clear this field to free it up
$updateuser->timemodified = time();
if (update_record('user', $updateuser)) {
delete_records('role_assignments', 'userid', $user->id); // unassign all roles
//copy pasted part ends
echo "\t"; print_string('auth_dbdeleteuser', 'auth', array($user->username, $user->id)); echo "\n";
} else {
echo "\t"; print_string('auth_dbdeleteusererror', 'auth', $user->username); echo "\n";
}
} else if ($this->config->removeuser == 1) {
$updateuser = new object();
$updateuser->id = $user->id;
$updateuser->auth = 'nologin';
if (update_record('user', $updateuser)) {
echo "\t"; print_string('auth_dbsuspenduser', 'auth', array($user->username, $user->id)); echo "\n";
} else {
echo "\t"; print_string('auth_dbsuspendusererror', 'auth', $user->username); echo "\n";
}
}
}
commit_sql();
}
unset($remove_users); // free mem!
}
unset($remove_users); // free mem!
if (!count($userlist)) {
// exit right here
@ -300,9 +314,14 @@ class auth_plugin_db {
FROM ' . $CFG->prefix .'user u
WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username IN (' . $quoteduserlist . ')';
if ($update_users = get_records_sql($sql)) {
print "User entries to update: ". count($update_users). "\n";
foreach ($update_users as $user) {
$this->db_update_user_record(addslashes($user->username), $updatekeys);
echo "\t"; print_string('auth_dbupdatinguser', 'auth', array($user->username, $user->id));
if (!$this->update_user_record(addslashes($user->username), $updatekeys)) {
echo " - ".get_string('skipped');
}
echo "\n";
}
unset($update_users); // free memory
}
@ -332,8 +351,7 @@ class auth_plugin_db {
unset($usernames);
if (!empty($add_users)) {
print_string('auth_dbuserstoadd','auth',count($add_users));
echo "\n";
print_string('auth_dbuserstoadd','auth',count($add_users)); echo "\n";
begin_sql();
foreach($add_users as $user) {
$username = $user;
@ -354,23 +372,16 @@ class auth_plugin_db {
if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1, 'mnethostid', $user->mnethostid)) {
$user->id = $old_user->id;
set_field('user', 'deleted', 0, 'username', $user->username);
echo "\t";
print_string('auth_dbrevive','auth',array(stripslashes($user->username), $user->id));
echo "\n";
echo "\t"; print_string('auth_dbreviveuser', 'auth', array(stripslashes($user->username), $user->id)); echo "\n";
} elseif ($id = insert_record ('user',$user)) { // it is truly a new user
echo "\t";
print_string('auth_dbinsertuser','auth',array(stripslashes($user->username), $id));
echo "\n";
$user->id = $id;
echo "\t"; print_string('auth_dbinsertuser','auth',array(stripslashes($user->username), $id)); echo "\n";
// if relevant, tag for password generation
if ($this->config->passtype === 'internal') {
set_user_preference('auth_forcepasswordchange', 1, $id);
set_user_preference('create_password', 1, $id);
}
} else {
echo "\t";
print_string('auth_dbinsertusererror', 'auth', $user->username);
echo "\n";
echo "\t"; print_string('auth_dbinsertusererror', 'auth', $user->username); echo "\n";
}
}
commit_sql();
@ -379,22 +390,12 @@ class auth_plugin_db {
return true;
}
function user_exists ($username) {
function user_exists($username) {
$textlib = textlib_get_instance();
$extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
// Connect to the external database (forcing new connection)
$authdb = &ADONewConnection($this->config->type);
if (!empty($this->config->debugauthdb)) {
$authdb->debug = true;
ob_start();//start output buffer to allow later use of the page headers
}
$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
if (!empty($this->config->setupsql)) {
$authdb->Execute($this->config->setupsql);
}
$authdb = $this->db_init();
$rs = $authdb->Execute("SELECT * FROM {$this->config->table}
WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ");
@ -417,17 +418,7 @@ class auth_plugin_db {
function get_userlist() {
// Connect to the external database (forcing new connection)
$authdb = &ADONewConnection($this->config->type);
if (!empty($this->config->debugauthdb)) {
$authdb->debug = true;
ob_start();//start output buffer to allow later use of the page headers
}
$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
if (!empty($this->config->setupsql)) {
$authdb->Execute($this->config->setupsql);
}
$authdb = $this->db_init();
// fetch userlist
$rs = $authdb->Execute("SELECT {$this->config->fielduser} AS username
@ -475,11 +466,9 @@ class auth_plugin_db {
*
* @param string $username username (with system magic quotes)
*/
function db_update_user_record($username, $updatekeys=false) {
function update_user_record($username, $updatekeys=false) {
global $CFG;
$pcfg = get_config('auth/db');
//just in case check text case
$username = trim(moodle_strtolower($username));
@ -494,7 +483,6 @@ class auth_plugin_db {
// Ensure userid is not overwritten
$userid = $user->id;
// TODO: this had a function_exists() - now we have a $this
if ($newinfo = $this->get_userinfo($username)) {
$newinfo = truncate_userinfo($newinfo);
@ -510,13 +498,69 @@ class auth_plugin_db {
}
if (!empty($this->config->{'field_updatelocal_' . $key})) {
if ($user->{$key} != $value) { // only update if it's changed
set_field('user', $key, addslashes($value), 'id', $userid);
}
if ($user->{$key} != $value) { // only update if it's changed
set_field('user', $key, addslashes($value), 'id', $userid);
}
}
}
}
return get_record_select("user", "id = '$userid' AND deleted <> '1'");
return get_record_select('user', "id = $userid AND deleted = 0");
}
/**
* Called when the user record is updated.
* Modifies user in external database. It takes olduser (before changes) and newuser (after changes)
* conpares information saved modified information to external db.
*
* @param mixed $olduser Userobject before modifications (without system magic quotes)
* @param mixed $newuser Userobject new modified userobject (without system magic quotes)
* @return boolean result
*
*/
function user_update($olduser, $newuser) {
if (isset($olduser->username) and isset($newuser->username) and $olduser->username != $newuser->username) {
error_log("ERROR:User renaming not allowed in ext db");
return false;
}
if (isset($olduser->auth) and $olduser->auth != 'db') {
return true; // just change auth and skip update
}
$curruser = $this->get_userinfo($olduser->username);
if (empty($curruser)) {
error_log("ERROR:User $olduser->username found in ext db");
return false;
}
$textlib = textlib_get_instance();
$extusername = $textlib->convert($olduser->username, 'utf-8', $this->config->extencoding);
$authdb = $this->db_init();
$update = array();
foreach($curruser as $key=>$value) {
if ($key == 'username') {
continue; // skip this
}
if (empty($this->config->{"field_updateremote_$key"})) {
continue; // remote update not requested
}
if (!isset($newuser->$key)) {
continue;
}
$nuvalue = stripslashes($newuser->$key);
if ($nuvalue != $value) {
$update[] = $this->config->{"field_map_$key"}."='".$this->ext_addslashes($textlib->convert($nuvalue, 'utf-8', $this->config->extencoding))."'";
}
}
if (!empty($update)) {
$authdb->Execute("UPDATE {$this->config->table}
SET ".implode(',', $update)."
WHERE {$this->config->fielduser}='".$this->ext_addslashes($extusername)."'");
}
$authdb->Close();
return true;
}
/**
@ -534,7 +578,7 @@ class auth_plugin_db {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -544,7 +588,7 @@ class auth_plugin_db {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return ($this->config->passtype === 'internal');
@ -554,7 +598,7 @@ class auth_plugin_db {
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return $this->config->changepasswordurl;
@ -568,7 +612,7 @@ class auth_plugin_db {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include 'config.html';
}
@ -616,6 +660,9 @@ class auth_plugin_db {
if (!isset($config->debugauthdb)) {
$config->debugauthdb = 0;
}
if (!isset($config->removeuser)) {
$config->removeuser = 0;
}
if (!isset($config->changepasswordurl)) {
$config->changepasswordurl = '';
}
@ -633,8 +680,9 @@ class auth_plugin_db {
set_config('fieldpass', $config->fieldpass, 'auth/db');
set_config('passtype', $config->passtype, 'auth/db');
set_config('extencoding', trim($config->extencoding), 'auth/db');
set_config('setupsql', trim($config->setupsql), 'auth/db');
set_config('setupsql', trim($config->setupsql),'auth/db');
set_config('debugauthdb', $config->debugauthdb, 'auth/db');
set_config('removeuser', $config->removeuser, 'auth/db');
set_config('changepasswordurl', trim($config->changepasswordurl), 'auth/db');
return true;

11
auth/db/auth_db_sync_users.php
View File

@ -2,8 +2,8 @@
/** auth_db_sync_users.php
*
* This script is meant to be called from a system cronjob to
* sync moodle user accounts with external database
* when using internal passwords (== passwords not defined in external database).
* sync moodle user accounts with external database.
* It is required when using internal passwords (== passwords not defined in external database).
*
* Recommended cron entry:
* # 5 minutes past 4am
@ -32,10 +32,15 @@ $nomoodlecookie = true; // cookie not needed
require_once(dirname(dirname(dirname(__FILE__))).'/config.php'); // global moodle config file.
require_once($CFG->libdir.'/blocklib.php');
require_once($CFG->libdir.'/moodlelib.php');
require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->dirroot.'/mod/resource/lib.php');
require_once($CFG->dirroot.'/mod/forum/lib.php');
if (!is_enabled_auth('db')) {
echo "Plugin not enabled!";
die;
}
$dbauth = get_auth_plugin('db');
$dbauth->sync_users(true);

71
auth/db/config.html
View File

@ -2,34 +2,34 @@
// set to defaults if undefined
if (!isset($config->host)) {
$config->host = "localhost";
$config->host = 'localhost';
}
if (!isset($config->type)) {
$config->type = "mysql";
$config->type = 'mysql';
}
if (!isset($config->sybasequoting)) {
$config->sybasequoting = 0;
}
if (!isset($config->name)) {
$config->name = "";
$config->name = '';
}
if (!isset($config->user)) {
$config->user = "";
$config->user = '';
}
if (!isset($config->pass)) {
$config->pass = "";
$config->pass = '';
}
if (!isset($config->table)) {
$config->table = "";
$config->table = '';
}
if (!isset($config->fielduser)) {
$config->fielduser = "";
$config->fielduser = '';
}
if (!isset($config->fieldpass)) {
$config->fieldpass = "";
$config->fieldpass = '';
}
if (!isset($config->passtype)) {
$config->passtype = "plaintext";
$config->passtype = 'plaintext';
}
if (!isset($config->changepasswordurl)) {
$config->changepasswordurl = '';
@ -43,8 +43,11 @@
if (!isset($config->setupsql)) {
$config->setupsql = '';
}
if (!isset($config->removeuser)) {
$config->removeuser = 0;
}
$pluginconfig = get_config('auth/db');
$yesno = array( get_string('no'), get_string('yes') );
?>
<table cellspacing="0" cellpadding="5" border="0" align="center">
@ -76,19 +79,14 @@
</td>
<td>
<?php print_string("auth_dbtype","auth") ?>
<?php print_string("auth_dbtype","auth") ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="sybasequoting"><?php print_string("auth_dbsybasequoting", "auth") ?></label></td>
<td align="right"><label for="menusybasequoting"><?php print_string("auth_dbsybasequoting", "auth") ?></label></td>
<td>
<select id="sybasequoting" name="sybasequoting">
<option value="0" <?php echo ($config->sybasequoting ? '' : 'selected="yes"') ?> >
<?php print_string('no') ?></option>
<option value="1" <?php echo ($config->sybasequoting ? 'selected="yes"' : '') ?> >
<?php print_string('yes') ?></option>
</select>
<?php choose_from_menu($yesno, 'sybasequoting', $config->sybasequoting, ''); ?>
</td>
<td><?php print_string("auth_dbsybasequotinghelp", "auth") ?></td>
</tr>
@ -189,7 +187,7 @@
<td align="right"><label for="menupasstype"><?php print_string("auth_dbpasstype_key", "auth") ?></label></td>
<td>
<?php
$passtype = array();
$passtype["plaintext"] = get_string("plaintext", "auth");
$passtype["md5"] = get_string("md5", "auth");
$passtype["sha1"] = get_string("sha1", "auth");
@ -225,14 +223,9 @@
</tr>
<tr valign="top">
<td align="right"><label for="debugauthdb"><?php print_string("auth_dbdebugauthdb", "auth") ?></label></td>
<td align="right"><label for="menudebugauthdb"><?php print_string("auth_dbdebugauthdb", "auth") ?></label></td>
<td>
<select id="debugauthdb" name="debugauthdb">
<option value="0" <?php echo ($config->debugauthdb ? '' : 'selected="yes"') ?> >
<?php print_string('no') ?></option>
<option value="1" <?php echo ($config->debugauthdb ? 'selected="yes"' : '') ?> >
<?php print_string('yes') ?></option>
</select>
<?php choose_from_menu($yesno, 'debugauthdb', $config->debugauthdb, ''); ?>
</td>
<td><?php print_string("auth_dbdebugauthdbhelp", "auth") ?></td>
</tr>
@ -251,10 +244,32 @@
</td>
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_sync_script', 'auth') ?> </h4>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuremoveuser"><?php print_string('auth_remove_user_key','auth') ?></label></td>
<td>
<?php
$deleteopt = array();
$deleteopt['0'] = get_string('auth_remove_keep','auth');
$deleteopt['1'] = get_string('auth_remove_suspend','auth');
$deleteopt['2'] = get_string('auth_remove_delete','auth');
choose_from_menu($deleteopt, 'removeuser', $config->removeuser, '');
?>
</td>
<td>
<?php print_string('auth_remove_user','auth') ?>
</td>
</tr>
<?php
global $user_fields;
print_auth_lock_options('db', $user_fields, get_string('auth_dbextrafields', 'auth'), true, false);
print_auth_lock_options('db', $user_fields, get_string('auth_dbextrafields', 'auth'), true, true);
?>
</table>

25
auth/email/auth.php
View File

@ -12,8 +12,9 @@
* 2006-08-28 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* Error codes for user confirm
@ -48,7 +49,7 @@ class auth_plugin_email {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
global $CFG;
@ -89,7 +90,7 @@ class auth_plugin_email {
$emailconfirm = get_string('emailconfirm');
print_header($emailconfirm, $emailconfirm, $emailconfirm);
notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php");
}
}
}
/*
@ -117,32 +118,32 @@ class auth_plugin_email {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return true;
}
/**
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return true;
}
/**
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -151,7 +152,7 @@ class auth_plugin_email {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}
@ -161,7 +162,7 @@ class auth_plugin_email {
function process_config($config) {
return true;
}
}
?>

3
auth/email/config.html
View File

@ -2,9 +2,8 @@
<div align="center"><?php print_string('none'); ?></div>
<table cellspacing="0" cellpadding="5" border="0" align="center">
<?php
<?php
global $user_fields;
print_auth_lock_options('email', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

8
auth/fc/Readme.txt
View File

@ -1,7 +1,7 @@
Moodle - FirstClass authentication module
-----------------------------------------
This module uses the FirstClass Flexible Provisining Protocol (FPP) to communicate between the FirstClass server
and the Moodle host.
and the Moodle host.
Installation
------------
@ -9,7 +9,7 @@ Installation
1. Enable FPP on the FirstClass server
FPP is not doumented in the FirstClass documentation and is not enable by default.
To enable the protocol you need to edit the file \FCPO\Server\Netinfo. Open the file and insert the
following lines.
following lines.
// TCP port for Flexible Provisioning Protocol (FPP).
TCPFPPPORT = 3333
@ -23,7 +23,7 @@ Default account name is "fcMoodle".
3. Check that the FPP protocoll is working by running a Telnet session. If everyting is working you
should get a "+0" answer from the server.
should get a "+0" answer from the server.
> telnet yourhost.domain.com 3333
+0
@ -47,7 +47,7 @@ Get user some_user_id 1201
4. On the Moodle host go to the directory where you have installed Moodle.
Open the folder "auth", where all other authentication modules are installed,
and create a new directory with the name "fc".
and create a new directory with the name "fc".
Copy the files "config.html", "fcFPP.php" and "lib.php" to the "auth" directory.

41
auth/fc/auth.php
View File

@ -11,10 +11,11 @@
* 2006-08-28 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
require_once 'fcFPP.php';
require_once 'fcFPP.php';
/**
* FirstClass authentication plugin.
@ -39,7 +40,7 @@ class auth_plugin_fc {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
global $CFG;
@ -57,7 +58,7 @@ class auth_plugin_fc {
}
}
$fpp->close();
return $retval;
}
@ -82,13 +83,13 @@ class auth_plugin_fc {
country -
lang -
timezone 8030 (Not used yet. Need to figure out how FC codes timezones)
description Get data from users resume. Pictures will be removed.
*/
$userinfo = array();
$fpp = new fcFPP($this->config->host, $this->config->port);
if ($fpp->open()) {
if ($fpp->login($this->config->userid, $this->config->passwd)) {
@ -101,7 +102,7 @@ class auth_plugin_fc {
}
}
$fpp->close();
foreach($userinfo as $key => $value) {
if (!$value) {
unset($userinfo[$key]);
@ -110,23 +111,23 @@ class auth_plugin_fc {
return $userinfo;
}
/**
* Get users group membership from the FirstClass server user and check if
* user is member of one of the groups of creators.
*/
function iscreator($username = 0) {
global $USER;
if (! $this->config->creators) {
return false;
}
if (! $username) {
$username = $USER->username;
}
$fcgroups = array();
$fpp = new fcFPP($this->config->host, $this->config->port);
if ($fpp->open()) {
if ($fpp->login($this->config->userid, $this->config->passwd)) {
@ -134,24 +135,24 @@ class auth_plugin_fc {
}
}
$fpp->close();
if ((! $fcgroups)) {
return false;
}
$creators = explode(";", $this->config->creators);
foreach($creators as $creator) {
If (in_array($creator, $fcgroups)) return true;
}
return false;
}
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -161,7 +162,7 @@ class auth_plugin_fc {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
@ -175,7 +176,7 @@ class auth_plugin_fc {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

7
auth/fc/config.html
View File

@ -15,10 +15,10 @@
}
if (!isset($config->creators)) {
$config->creators = "";
}
}
if (!isset($config->changepasswordurl)) {
$config->changepasswordurl = '';
}
}
if (!isset($config->changepasswordurl)) {
$config->changepasswordurl = '';
}
@ -95,9 +95,8 @@
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
<?php
<?php
global $user_fields;
print_auth_lock_options('fc', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

70
auth/fc/fcFPP.php
View File

@ -22,21 +22,21 @@
*/
class fcFPP
{
{
var $_hostname; // hostname of FirstClass server we are connection to
var $_port; // port on which fpp is running
var $_conn = 0; // socket we are connecting on
var $_debug = FALSE; // set to true to see some debug info
// class constructor
function fcFPP($host="localhost", $port="3333")
{
$this->_hostname = $host;
$this->_port = $port;
$this->_user = "";
$this->_pwd = "";
$this->_pwd = "";
}
// open a connection to the FirstClass server
function open()
{
@ -53,10 +53,10 @@ class fcFPP
print_error('auth_fcconnfail','auth', array($errno, $errstr));
return false;
}
// We are connected
if ($this->_debug) echo "connected!";
// Read connection message.
$line = fgets ($conn); //+0
$line = fgets ($conn); //new line
@ -69,7 +69,7 @@ class fcFPP
// close any open connections
function close()
{
{
// get the current connection
$conn = &$this->_conn;
@ -84,8 +84,8 @@ class fcFPP
}
return;
}
// Authenticate to the FirstClass server
function login($userid, $passwd)
{
@ -98,37 +98,37 @@ class fcFPP
$line = fgets ($this->_conn); //new line
$line = fgets ($this->_conn); //+0
$line = fgets ($this->_conn); //new line
# Send password
fputs($this->_conn,"$passwd\r\n");
$line = fgets ($this->_conn); //new line
$line = fgets ($this->_conn); //+0
$line = fgets ($this->_conn); //+0 or message
if ($this->_debug) echo $line;
if (preg_match ("/^\+0/", $line)) { //+0, user with subadmin privileges
$this->_user = $userid;
$this->_pwd = $passwd;
return TRUE;
$this->_pwd = $passwd;
return TRUE;
} elseif (strpos($line, 'You are not allowed')) { // Denied access but a valid user and password
// "Sorry. You are not allowed to login with the FPP interface"
return TRUE;
} else { //Invalid user or password
return FALSE;
}
}
return FALSE;
}
// Get the list of groups the user is a member of
// Get the list of groups the user is a member of
function getGroups($userid) {
$groups = array();
// we must be logged in as a user with subadmin privileges
// we must be logged in as a user with subadmin privileges
if ($this->_conn AND $this->_user) {
# Send BA-command to get groups
fputs($this->_conn,"GET USER '" . $userid . "' 4 -1\r");
@ -143,29 +143,29 @@ class fcFPP
}
if ($this->_debug) echo "getGroups:" . implode(",",$groups);
}
return $groups;
}
// Check if the user is member of any of the groups.
// Return the list of groups the user is member of.
function isMemberOf($userid, $groups) {
$usergroups = array_map("strtolower",$this->getGroups($userid));
$groups = array_map("strtolower",$groups);
$result = array_intersect($groups,$usergroups);
if ($this->_debug) echo "isMemberOf:" . implode(",",$result);
return $result;
}
function getUserInfo($userid, $field) {
$userinfo = "";
if ($this->_conn AND $this->_user) {
# Send BA-command to get data
fputs($this->_conn,"GET USER '" . $userid . "' " . $field . "\r");
@ -180,17 +180,17 @@ class fcFPP
}
if ($this->_debug) echo "getUserInfo:" . $userinfo;
}
return str_replace('\r',' ',trim($userinfo,'"'));
}
function getResume($userid) {
$resume = "";
$pattern = "/\[.+:.+\..+\]/"; // Remove references to pictures in resumes
if ($this->_conn AND $this->_user) {
# Send BA-command to get data
fputs($this->_conn,"GET RESUME '" . $userid . "' 6\r");
@ -203,17 +203,17 @@ class fcFPP
$resume .= preg_replace($pattern,"",str_replace('\r',"\n",trim($line,'6 ')));
$line = trim(fgets ($this->_conn));
//print $line;
}
if ($this->_debug) echo "getResume:" . $resume;
}
return $resume;
}
}
?>

29
auth/imap/auth.php
View File

@ -12,8 +12,9 @@
* 2006-08-31 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* IMAP authentication plugin.
@ -38,14 +39,14 @@ class auth_plugin_imap {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
if (! function_exists('imap_open')) {
print_error('auth_imapnotinstalled','mnet');
return false;
}
global $CFG;
$hosts = split(';', $this->config->host); // Could be multiple hosts
@ -56,22 +57,22 @@ class auth_plugin_imap {
case 'imapssl':
$host = '{'.$host.":{$this->config->port}/imap/ssl}";
break;
case 'imapcert':
$host = '{'.$host.":{$this->config->port}/imap/ssl/novalidate-cert}";
break;
case 'imaptls':
$host = '{'.$host.":{$this->config->port}/imap/tls}";
break;
default:
$host = '{'.$host.":{$this->config->port}/imap}";
}
error_reporting(0);
$connection = imap_open($host, $username, $password, OP_HALFOPEN);
error_reporting($CFG->debug);
error_reporting($CFG->debug);
if ($connection) {
imap_close($connection);
@ -85,7 +86,7 @@ class auth_plugin_imap {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -95,23 +96,23 @@ class auth_plugin_imap {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return $CFG->changepasswordurl; // TODO: will this be global?
//return $this->config->changepasswordurl;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -120,7 +121,7 @@ class auth_plugin_imap {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

3
auth/imap/config.html
View File

@ -85,9 +85,8 @@ if (!isset($config->changepasswordurl)) {
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
<?php
<?php
global $user_fields;
print_auth_lock_options('imap', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

2
auth/ldap/README-LDAP
View File

@ -1,3 +1,3 @@
LDAP-module README
Please read comments from lib.php
Please read comments from lib.php

1228
auth/ldap/auth.php
View File

File diff suppressed because it is too large Load Diff

31
auth/ldap/auth_ldap_sync_users.php
View File

@ -1,40 +1,45 @@
<?php
/** auth_ldap_sync_users.php
*
* This script is meant to be called from a cronjob to sync moodle with the LDAP
*
* This script is meant to be called from a cronjob to sync moodle with the LDAP
* backend in those setups where the LDAP backend acts as 'master'.
*
*
* Recommended cron entry:
* # 5 minutes past 4am
* 5 4 * * * /usr/bin/php -c /etc/php4/cli/php.ini /var/www/moodle/auth/ldap/auth_ldap_sync_users.php
*
* Notes:
*
* Notes:
* - If you have a large number of users, you may want to raise the memory limits
* by passing -d momory_limit=256M
* - For debugging & better logging, you are encouraged to use in the command line:
* -d log_errors=1 -d error_reporting=E_ALL -d display_errors=0 -d html_errors=0
*
*
* Performance notes:
* We have optimized it as best as we could for Postgres and mySQL, with 27K students
* we have seen this take 10 minutes.
*
* we have seen this take 10 minutes.
*
*/
if (!empty($_SERVER['GATEWAY_INTERFACE'])) {
error_log("should not be called from apache!");
if (isset($_SERVER['REMOTE_ADDR'])) {
error_log("should not be called from web server!");
exit;
}
$nomoodlecookie = true; // cookie not needed
require_once(dirname(dirname(dirname(__FILE__))).'/config.php'); // global moodle config file.
require_once($CFG->libdir.'/blocklib.php');
require_once($CFG->dirroot.'/course/lib.php');
require_once($CFG->dirroot.'/lib/blocklib.php');
require_once($CFG->dirroot.'/mod/resource/lib.php');
require_once($CFG->dirroot.'/mod/forum/lib.php');
$CFG->debug=10;
require_once($CFG->dirroot.'/lib/moodlelib.php');
if (!is_enabled_auth('ldap')) {
echo "Plugin not enabled!";
die;
}
$ldapauth = get_auth_plugin('ldap');
$ldapauth->sync_users(1000, true);

288
auth/ldap/config.html
View File

@ -1,62 +1,63 @@
<?php
$createoptions[0] = get_string("no");
$createoptions[1] = get_string("yes");
// set to defaults if undefined
if (!isset($config->host_url))
if (!isset($config->host_url))
{ $config->host_url = ''; }
if (!isset($config->contexts))
if (empty($config->ldapencoding))
{ $config->ldapencoding = 'utf-8'; }
if (!isset($config->contexts))
{ $config->contexts = ''; }
if (!isset($config->user_type))
{ $config->user_type = ''; }
if (!isset($config->user_attribute))
if (!isset($config->user_type))
{ $config->user_type = 'default'; }
if (!isset($config->user_attribute))
{ $config->user_attribute = ''; }
if (!isset($config->search_sub))
if (!isset($config->search_sub))
{ $config->search_sub = ''; }
if (!isset($config->opt_deref))
{ $config->opt_deref = ''; }
if (!isset($config->preventpassindb))
{ $config->preventpassindb = 0; }
if (!isset($config->bind_dn))
if (!isset($config->opt_deref))
{ $config->opt_deref = LDAP_DEREF_NEVER; }
if (!isset($config->preventpassindb))
{ $config->preventpassindb = 0; }
if (!isset($config->bind_dn))
{$config->bind_dn = ''; }
if (!isset($config->bind_pw))
if (!isset($config->bind_pw))
{$config->bind_pw = ''; }
if (!isset($config->version))
if (!isset($config->version))
{$config->version = '2'; }
if (!isset($config->objectclass))
if (!isset($config->objectclass))
{$config->objectclass = ''; }
if (!isset($config->memberattribute))
if (!isset($config->memberattribute))
{$config->memberattribute = ''; }
if (!isset($config->creators))
if (!isset($config->creators))
{$config->creators = ''; }
if (!isset($config->create_context))
if (!isset($config->create_context))
{$config->create_context = ''; }
if (!isset($config->expiration))
if (!isset($config->expiration))
{$config->expiration = ''; }
if (!isset($config->expiration_warning))
if (!isset($config->expiration_warning))
{$config->expiration_warning = '10'; }
if (!isset($config->expireattr))
if (!isset($config->expireattr))
{$config->expireattr = ''; }
if (!isset($config->gracelogins))
if (!isset($config->gracelogins))
{$config->gracelogins = ''; }
if (!isset($config->graceattr))
if (!isset($config->graceattr))
{$config->graceattr = ''; }
if (!isset($config->auth_user_create))
if (!isset($config->auth_user_create))
{$config->auth_user_create = ''; }
if (!isset($config->forcechangepassword))
{$config->forcechangepassword = false; }
if (!isset($config->forcechangepassword))
{$config->forcechangepassword = 0; }
if (!isset($config->stdchangepassword))
{$config->stdchangepassword = false; }
{$config->stdchangepassword = 0; }
if (!isset($config->changepasswordurl))
{$config->changepasswordurl = ''; }
if (!isset($config->removeuser))
{$config->removeuser = 0; }
$yesno = array( get_string('no'), get_string('yes') );
if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
notify(get_string('auth_ldap_noextension','auth'));
}
?>
<table cellspacing="0" cellpadding="5" border="0" align="center">
@ -67,31 +68,47 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_host_url_key','auth') ?>:</td>
<td align="right"><label for="host_url"><?php print_string('auth_ldap_host_url_key','auth') ?></label></td>
<td>
<input name="host_url" type="text" size="30" value="<?php echo $config->host_url?>" />
<input name="host_url" id="host_url" type="text" size="30" value="<?php echo $config->host_url?>" />
<?php if (isset($err['host_url'])) formerr($err['host_url']); ?>
</td>
<td>
<?php print_string('auth_ldap_host_url','auth') ?>
<?php print_string('auth_ldap_host_url','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_version_key','auth') ?>:</td>
<td align="right"><label for="menuversion"><?php print_string('auth_ldap_version_key','auth') ?></label></td>
<td>
<?php
$varsions = array();
$versions[2] = '2';
$versions[3] = '3';
choose_from_menu($versions, 'version', $config->version, '');
if (isset($err['version'])) formerr($err['version']);
if (isset($err['version'])) formerr($err['version']);
?>
</td>
<td>
<?php print_string('auth_ldap_version','auth') ?>
<?php print_string('auth_ldap_version','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><label for="ldapencoding"><?php print_string("auth_ldap_ldap_encoding_key", "auth") ?></label></td>
<td>
<input id="ldapencoding" name="ldapencoding" type="text" value="<?php echo $config->ldapencoding ?>" />
<?php
if (isset($err['ldapencoding'])) {
formerr($err['ldapencoding']);
}
?>
</td>
<td><?php print_string('auth_ldap_ldap_encoding', 'auth') ?></td>
</tr>
<tr>
<td colspan="2">
<h4><?php print_string('auth_ldap_bind_settings', 'auth') ?> </h4>
@ -99,36 +116,31 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_preventpassindb_key','auth') ?>:</td>
<td align="right"><label for="menupreventpassindb"><?php print_string('auth_ldap_preventpassindb_key','auth') ?></label></td>
<td>
<?php
$choices = array();
$choices['0'] = get_string('no');
$choices['1'] = get_string('yes');
choose_from_menu ($choices, 'preventpassindb', $config->preventpassindb, '');
?>
<?php choose_from_menu($yesno, 'preventpassindb', $config->preventpassindb, ''); ?>
</td><td>
<?php print_string('auth_ldap_preventpassindb','auth') ?>
<?php print_string('auth_ldap_preventpassindb','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_bind_dn_key','auth') ?>:</td>
<td align="right"><label for="bind_dn"><?php print_string('auth_ldap_bind_dn_key','auth') ?></label></td>
<td>
<input name="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
<input name="bind_dn" id="bind_dn" type="text" size="30" value="<?php echo $config->bind_dn?>" />
<?php if (isset($err['bind_dn'])) formerr($err['bind_dn']); ?>
</td><td>
<?php print_string('auth_ldap_bind_dn','auth') ?>
<?php print_string('auth_ldap_bind_dn','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_bind_pw_key','auth') ?>:</td>
<td align="right"><label for="bind_pw"><?php print_string('auth_ldap_bind_pw_key','auth') ?></label></td>
<td>
<input name="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" />
<input name="bind_pw" id="bind_pw" type="password" size="30" value="<?php echo $config->bind_pw?>" />
<?php if (isset($err['bind_pw'])) formerr($err['bind_pw']); ?>
</td><td>
<?php print_string('auth_ldap_bind_pw','auth') ?>
<?php print_string('auth_ldap_bind_pw','auth') ?>
</td>
</tr>
@ -139,88 +151,84 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_user_type_key','auth') ?>:</td>
<td align="right"><label for="menuuser_type"><?php print_string('auth_ldap_user_type_key','auth') ?></label></td>
<td>
<?php choose_from_menu($this->ldap_suppported_usertypes(), 'user_type', $config->user_type, ''); ?>
<?php if (isset($err['user_type'])) formerr($err['user_type']); ?>
</td>
<td>
<?php print_string('auth_ldap_user_type', 'auth') ?>
<?php print_string('auth_ldap_user_type', 'auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_contexts_key','auth') ?>:</td>
<td align="right"><label for="contexts"><?php print_string('auth_ldap_contexts_key','auth') ?></label></td>
<td>
<input name="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
<input name="contexts" id="contexts" type="text" size="30" value="<?php echo $config->contexts?>" />
<?php if (isset($err['contexts'])) formerr($err['contexts']); ?>
</td>
<td>
<?php print_string('auth_ldap_contexts', 'auth') ?>
<?php print_string('auth_ldap_contexts', 'auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_search_sub_key','auth') ?>:</td>
<td align="right"><label for="menusearch_sub"><?php print_string('auth_ldap_search_sub_key','auth') ?></label></td>
<td>
<?php
$choices = array();
$choices['0'] = get_string('no');
$choices['1'] = get_string('yes');
choose_from_menu ($choices, 'search_sub', $config->search_sub, '');
?>
<?php if (isset($err['search_sub'])) formerr($err['search_sub']); ?>
<?php choose_from_menu($yesno, 'search_sub', $config->search_sub, ''); ?>
</td>
<td>
<?php print_string('auth_ldap_search_sub','auth') ?>
<?php print_string('auth_ldap_search_sub','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_opt_deref_key','auth') ?>:</td>
<td align="right"><label for="menuopt_deref"><?php print_string('auth_ldap_opt_deref_key','auth') ?></label></td>
<td>
<?php
$opt_deref = array();
$opt_deref[LDAP_DEREF_NEVER] = get_string('no');
$opt_deref[LDAP_DEREF_ALWAYS] = get_string('yes');
choose_from_menu($opt_deref, 'opt_deref', $config->opt_deref, LDAP_DEREF_NEVER);
if (isset($err['opt_deref'])) formerr($err['opt_deref']);
choose_from_menu($opt_deref, 'opt_deref', $config->opt_deref, LDAP_DEREF_NEVER, '');
if (isset($err['opt_deref'])) formerr($err['opt_deref']);
?>
</td>
<td>
<?php print_string('auth_ldap_opt_deref','auth') ?>
<?php print_string('auth_ldap_opt_deref','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_user_attribute_key','auth') ?>:</td>
<td align="right"><label for="user_attribute"><?php print_string('auth_ldap_user_attribute_key','auth') ?></label></td>
<td>
<input name="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
<input name="user_attribute" id="user_attribute" type="text" size="30" value="<?php echo $config->user_attribute?>" />
<?php if (isset($err['user_attribute'])) formerr($err['user_attribute']); ?>
</td>
<td>
<?php print_string('auth_ldap_user_attribute','auth') ?>
<?php print_string('auth_ldap_user_attribute','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_memberattribute_key','auth') ?>:</td>
<td align="right"><label for="memberattribute"><?php print_string('auth_ldap_memberattribute_key','auth') ?></label></td>
<td>
<input name="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
<input name="memberattribute" id="memberattribute" type="text" size="30" value="<?php echo $config->memberattribute?>" />
<?php if (isset($err['memberattribute'])) formerr($err['memberattribute']); ?>
</td><td>
<?php print_string('auth_ldap_memberattribute','auth') ?>
<?php print_string('auth_ldap_memberattribute','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_objectclass_key','auth') ?>:</td>
<td align="right"><label for="objectclass"><?php print_string('auth_ldap_objectclass_key','auth') ?></label></td>
<td>
<input name="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
<input name="objectclass" id="objectclass" type="text" size="30" value="<?php echo $config->objectclass?>" />
<?php if (isset($err['objectclass'])) formerr($err['objectclass']); ?>
</td>
<td>
<?php print_string('auth_ldap_objectclass','auth') ?>
<?php print_string('auth_ldap_objectclass','auth') ?>
</td>
</tr>
@ -231,44 +239,30 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right" valign="top"><?php print_string('forcechangepassword', 'auth') ?>:</td>
<td align="right" valign="top"><label for="menuforcechangepassword"><?php print_string('forcechangepassword', 'auth') ?></label></td>
<td>
<select name="forcechangepassword">
<option value="0" <?php echo ($config->forcechangepassword ? '' : 'selected="yes"') ?> >
<?php print_string('no') ?></option>
<option value="1" <?php echo ($config->forcechangepassword ? 'selected="yes"' : '') ?> >
<?php print_string('yes') ?></option>
</select><br />
<?php choose_from_menu($yesno, 'forcechangepassword', $config->forcechangepassword, ''); ?>
</td>
<td align="left" valign="top">
<p><?php print_string('forcechangepasswordfirst_help', 'auth') ?></p>
<p><?php print_string('forcechangepasswordfirst_help', 'auth') ?></p>
</td>
</tr>
<tr valign="top" class="required">
<td align="right" valign="top"><?php print_string('stdchangepassword', 'auth') ?>:</td>
<td align="right" valign="top"><label for="menustdchangepassword"><?php print_string('stdchangepassword', 'auth') ?></label></td>
<td>
<select name="stdchangepassword">
<option value='0' <?php echo ($config->stdchangepassword ? '' : 'selected="yes"') ?> >
<?php print_string('no') ?></option>
<option value='1' <?php echo ($config->stdchangepassword ? 'selected="yes"' : '') ?> >
<?php print_string('yes') ?></option>
</select><br />
<?php choose_from_menu($yesno, 'stdchangepassword', $config->stdchangepassword, ''); ?>
</td>
<td align="left" valign="top">
<p><?php print_string('stdchangepassword_expl', 'auth') ?></p>
<p><?php print_string('stdchangepassword_explldap', 'auth') ?></p>
<p><?php print_string('stdchangepassword_expl', 'auth') ?></p>
<p><?php print_string('stdchangepassword_explldap', 'auth') ?></p>
</td>
</tr>
<tr valign="top">
<td align="right"><?php print_string('auth_ldap_changepasswordurl_key','auth') ?>: </td>
<td align="right"><label for="changepasswordurl"><?php print_string('auth_ldap_changepasswordurl_key','auth') ?></label></td>
<td>
<input name="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
<input name="changepasswordurl" id="changepasswordurl" type="text" value="<?php echo $config->changepasswordurl ?>" />
<?php
if (isset($err['changepasswordurl'])) {
@ -287,69 +281,65 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_expiration_key','auth') ?>:</td>
<td align="right"><label for="menuexpiration"><?php print_string('auth_ldap_expiration_key','auth') ?></label></td>
<td>
<?php
$expiration = array();
$expiration['0'] = 'no';
$expiration['1'] = 'LDAP';
choose_from_menu($expiration, 'expiration', $config->expiration, '');
if (isset($err['expiration'])) formerr($err['expiration']);
if (isset($err['expiration'])) formerr($err['expiration']);
?>
</td>
<td>
<?php print_string('auth_ldap_expiration_desc','auth') ?>
<?php print_string('auth_ldap_expiration_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_expiration_warning_key','auth') ?>:</td>
<td align="right"><label for="expiration_warning"><?php print_string('auth_ldap_expiration_warning_key','auth') ?></label></td>
<td>
<input name="expiration_warning" type="text" size="2" value="<?php echo $config->expiration_warning?>" />
<?php if (isset($err['expiration_warning'])) formerr($err['expiration_warning']);
<input name="expiration_warning" id="expiration_warning" type="text" size="2" value="<?php echo $config->expiration_warning?>" />
<?php if (isset($err['expiration_warning'])) formerr($err['expiration_warning']);
?>
</td>
<td>
<?php print_string('auth_ldap_expiration_warning_desc','auth') ?>
<?php print_string('auth_ldap_expiration_warning_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_expireattr_key','auth') ?>:</td>
<td align="right"><label for="expireattr"><?php print_string('auth_ldap_expireattr_key','auth') ?></label></td>
<td>
<input name="expireattr" type="text" size="30" value="<?php echo $config->expireattr?>" />
<?php if (isset($err['expireattr'])) formerr($err['expireattr']);
<input name="expireattr" id="expireattr" type="text" size="30" value="<?php echo $config->expireattr?>" />
<?php if (isset($err['expireattr'])) formerr($err['expireattr']);
?>
</td>
<td>
<?php print_string('auth_ldap_expireattr_desc','auth') ?>
<?php print_string('auth_ldap_expireattr_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_gracelogins_key','auth') ?>:</td>
<td align="right"><label for="menugracelogins"><?php print_string('auth_ldap_gracelogins_key','auth') ?></label></td>
<td>
<?php
$grace['0'] = get_string('no');
$grace['1'] = get_string('yes');
choose_from_menu($grace, 'gracelogins', $config->gracelogins, '');
if (isset($err['expiration'])) formerr($err['expiration']);
?>
<?php choose_from_menu($yesno, 'gracelogins', $config->gracelogins, ''); ?>
</td>
<td>
<?php print_string('auth_ldap_gracelogins_desc','auth') ?>
<?php print_string('auth_ldap_gracelogins_desc','auth') ?>
</td>
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_gracelogin_key','auth') ?>:</td>
<td align="right"><label for="graceattr"><?php print_string('auth_ldap_gracelogin_key','auth') ?></label></td>
<td>
<input name="graceattr" type="text" size="30" value="<?php echo $config->graceattr?>" />
<?php if (isset($err['graceattr'])) formerr($err['graceattr']);
<input name="graceattr" id="graceattr" type="text" size="30" value="<?php echo $config->graceattr?>" />
<?php if (isset($err['graceattr'])) formerr($err['graceattr']);
?>
</td>
<td>
<?php print_string('auth_ldap_graceattr_desc','auth') ?>
<?php print_string('auth_ldap_graceattr_desc','auth') ?>
</td>
</tr>
@ -362,16 +352,9 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top">
<td align="right"><?php print_string('auth_ldap_auth_user_create_key','auth') ?>: </td>
<td align="right"><label for="menuauth_user_create"><?php print_string('auth_ldap_auth_user_create_key','auth') ?></label></td>
<td>
<?php
choose_from_menu($createoptions, 'auth_user_create', $config->auth_user_create, '');
if (isset($err['auth_user_create'])) {
formerr($err['auth_user_create']);
}
?>
<?php choose_from_menu($yesno, 'auth_user_create', $config->auth_user_create, ''); ?>
</td>
<td>
<?php print_string("auth_user_creation","auth"); ?>
@ -379,12 +362,12 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_create_context_key','auth') ?>:</td>
<td align="right"><label for="create_context"><?php print_string('auth_ldap_create_context_key','auth') ?></label></td>
<td>
<input name="create_context" type="text" size="30" value="<?php echo $config->create_context?>" />
<input name="create_context" id="create_context" type="text" size="30" value="<?php echo $config->create_context?>" />
<?php if (isset($err['create_context'])) formerr($err['create_context']); ?>
</td><td>
<?php print_string('auth_ldap_create_context','auth') ?>
<?php print_string('auth_ldap_create_context','auth') ?>
</td>
</tr>
@ -396,16 +379,38 @@ if (!function_exists('ldap_connect')) { // Is php4-ldap really there?
</tr>
<tr valign="top" class="required">
<td align="right"><?php print_string('auth_ldap_creators_key','auth') ?>:</td>
<td align="right"><label for="creators"><?php print_string('auth_ldap_creators_key','auth') ?></label></td>
<td>
<input name="creators" type="text" size="30" value="<?php echo $config->creators?>" />
<input name="creators" id="creators" type="text" size="30" value="<?php echo $config->creators?>" />
<?php if (isset($err['creators'])) formerr($err['creators']); ?>
</td><td>
<?php print_string('auth_ldap_creators','auth') ?>
<?php print_string('auth_ldap_creators','auth') ?>
</td>
</tr>
<?php
<tr>
<td colspan="2">
<h4><?php print_string('auth_sync_script', 'auth') ?> </h4>
</td>
</tr>
<tr valign="top">
<td align="right"><label for="menuremoveuser"><?php print_string('auth_remove_user_key','auth') ?></label></td>
<td>
<?php
$deleteopt = array();
$deleteopt['0'] = get_string('auth_remove_keep','auth');
$deleteopt['1'] = get_string('auth_remove_suspend','auth');
$deleteopt['2'] = get_string('auth_remove_delete','auth');
choose_from_menu($deleteopt, 'removeuser', $config->removeuser, '');
?>
</td>
<td>
<?php print_string('auth_remove_user','auth') ?>
</td>
</tr>
<?php
$help = get_string('auth_ldapextrafields','auth');
$help .= get_string('auth_updatelocal_expl','auth');
@ -414,8 +419,7 @@ $help .= get_string('auth_updateremote_expl','auth');
$help .= '<hr />';
$help .= get_string('auth_updateremote_ldap','auth');
global $user_fields;
print_auth_lock_options('ldap', $user_fields, $help, true, true);
print_auth_lock_options('ldap', $user_fields, $help, true, true);
?>

34
auth/manual/auth.php
View File

@ -11,8 +11,9 @@
* 2006-08-28 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* Manual authentication plugin.
@ -38,9 +39,10 @@ class auth_plugin_manual
* Returns true if the username and password work and false if they are
* wrong or don't exist.
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @param string $username The username (with system magic quotes)
* @param string $password The password (with system magic quotes)
*
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
global $CFG;
@ -55,8 +57,8 @@ class auth_plugin_manual
*
* called when the user password is updated.
*
* @param object $user User
* @param string $newpassword Plaintext password
* @param object $user User table object (with system magic quotes)
* @param string $newpassword Plaintext password (with system magic quotes)
* @return boolean result
*
*/
@ -68,32 +70,32 @@ class auth_plugin_manual
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return true;
}
/**
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return true;
}
/**
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -102,8 +104,8 @@ class auth_plugin_manual
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
include "config.html";
function config_form($config, $err, $user_fields) {
include 'config.html';
}
/**
@ -112,7 +114,7 @@ class auth_plugin_manual
function process_config($config) {
return true;
}
}
?>

3
auth/manual/config.html
View File

@ -2,9 +2,8 @@
<div align="center"><?php print_string('none'); ?></div>
<table cellspacing="0" cellpadding="5" border="0" align="center">
<?php
<?php
global $user_fields;
print_auth_lock_options('manual', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

77
auth/mnet/auth.php
View File

@ -12,9 +12,8 @@
* 2006-11-01 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) {
exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
@ -44,8 +43,8 @@ class auth_plugin_mnet
$sso_idp = array();
$sso_idp['name'] = 'sso_idp'; // Name & Description go in lang file
$sso_idp['apiversion'] = 1;
$sso_idp['methods'] = array('user_authorise','keepalive_server', 'kill_children',
'refresh_log', 'fetch_user_image', 'fetch_theme_info',
$sso_idp['methods'] = array('user_authorise','keepalive_server', 'kill_children',
'refresh_log', 'fetch_user_image', 'fetch_theme_info',
'update_enrolments');
$sso_sp = array();
@ -63,7 +62,7 @@ class auth_plugin_mnet
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login($username, $password) {
return false; // error("Remote MNET users cannot login locally.");
@ -136,7 +135,7 @@ class auth_plugin_mnet
h.wwwroot,
h.id as hostid,
count(c.id) as count
FROM
FROM
{$CFG->prefix}mnet_enrol_course c,
{$CFG->prefix}mnet_enrol_assignments a,
{$CFG->prefix}mnet_host h
@ -198,9 +197,9 @@ class auth_plugin_mnet
$mnet_peer->set_id($mnethostid);
// set up the session
$mnet_session = get_record('mnet_session',
'userid', $USER->id,
'mnethostid', $mnethostid,
$mnet_session = get_record('mnet_session',
'userid', $USER->id,
'mnethostid', $mnethostid,
'useragent', sha1($_SERVER['HTTP_USER_AGENT']));
if ($mnet_session == false) {
$mnet_session = new object();
@ -241,7 +240,7 @@ class auth_plugin_mnet
*
* @param string $token The random session token.
* @param string $remotewwwroot The ID provider wwwroot.
* @returns array The local user record.
* @return array The local user record.
*/
function confirm_mnet_session($token, $remotewwwroot) {
global $CFG, $MNET, $SESSION;
@ -359,8 +358,8 @@ class auth_plugin_mnet
$count = clean_param($rhost['count'], PARAM_INT);
$url_is_local = stristr($url , $CFG->wwwroot);
if (!empty($name) && !empty($count) && empty($url_is_local)) {
$localuser->mnet_foreign_host_array[] = array('name' => $name,
'url' => $url,
$localuser->mnet_foreign_host_array[] = array('name' => $name,
'url' => $url,
'count' => $count);
}
}
@ -379,9 +378,9 @@ class auth_plugin_mnet
}
// set up the session
$mnet_session = get_record('mnet_session',
'userid', $localuser->id,
'mnethostid', $remotepeer->id,
$mnet_session = get_record('mnet_session',
'userid', $localuser->id,
'mnethostid', $remotepeer->id,
'useragent', sha1($_SERVER['HTTP_USER_AGENT']));
if ($mnet_session == false) {
$mnet_session = new object();
@ -404,7 +403,7 @@ class auth_plugin_mnet
if (!$firsttime) {
// repeat customer! let the IDP know about enrolments
// we have for this user.
// we have for this user.
// set up the RPC request
$mnetrequest = new mnet_xmlrpc_client();
$mnetrequest->set_method('auth/mnet/auth.php/update_enrolments');
@ -412,13 +411,13 @@ class auth_plugin_mnet
// pass username and an assoc array of "my courses"
// with info so that the IDP can maintain mnet_enrol_assignments
$mnetrequest->add_param($remoteuser->username);
$fields = 'id, category, sortorder, fullname, shortname, idnumber, summary,
$fields = 'id, category, sortorder, fullname, shortname, idnumber, summary,
startdate, cost, currency, defaultrole, visible';
$courses = get_my_courses($localuser->id, 'visible DESC,sortorder ASC', $fields);
if (is_array($courses) && !empty($courses)) {
// Second request to do the JOINs that we'd have done
// inside get_my_courses() if we had been allowed
$sql = "SELECT c.id,
$sql = "SELECT c.id,
cc.name AS cat_name, cc.description AS cat_description,
r.shortname as defaultrolename
FROM {$CFG->prefix}course c
@ -453,7 +452,7 @@ class auth_plugin_mnet
} else {
// if the array is empty, send it anyway
// we may be clearing out stale entries
$courses = array();
$courses = array();
}
$mnetrequest->add_param($courses);
@ -475,7 +474,7 @@ class auth_plugin_mnet
*
* @param string $username The username
* @param string $courses Assoc array of courses following the structure of mnet_enrol_course
* @returns bool
* @return bool
*/
function update_enrolments($username, $courses) {
global $MNET_REMOTE_CLIENT, $CFG;
@ -485,15 +484,15 @@ class auth_plugin_mnet
}
// make sure it is a user we have an in active session
// with that host...
$userid = get_field('mnet_session', 'userid',
'username', addslashes($username),
$userid = get_field('mnet_session', 'userid',
'username', addslashes($username),
'mnethostid', (int)$MNET_REMOTE_CLIENT->id);
if (!$userid) {
return false;
}
if (empty($courses)) { // no courses? clear out quickly
delete_records('mnet_enrol_assignments',
delete_records('mnet_enrol_assignments',
'hostid', (int)$MNET_REMOTE_CLIENT->id,
'userid', $userid);
return true;
@ -563,7 +562,7 @@ class auth_plugin_mnet
if ($saveflag) {
update_record('mnet_enrol_course', $currentcourse);
}
if (isset($currentcourse->assignmentid) && is_numeric($currentcourse->assignmentid)) {
$userisregd = true;
}
@ -597,7 +596,7 @@ class auth_plugin_mnet
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -607,7 +606,7 @@ class auth_plugin_mnet
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
@ -617,7 +616,7 @@ class auth_plugin_mnet
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return false;
@ -631,7 +630,7 @@ class auth_plugin_mnet
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
global $CFG;
$query = "
@ -687,7 +686,7 @@ class auth_plugin_mnet
$id_providers[]= array('id' => $hostservice->id, 'name' => $hostservice->hostname, 'wwwroot' => $hostservice->wwwroot);
}
}
include "config.html";
}
@ -763,13 +762,13 @@ class auth_plugin_mnet
} elseif ($mnet_request->response['code'] > 0) {
debugging($mnet_request->response['message']);
}
if (!isset($mnet_request->response['last log id'])) {
debugging("Server side error has occured on host $mnethostid\nNo log ID was received.");
continue;
}
} else {
debugging("Server side error has occured on host $mnethostid: " .
debugging("Server side error has occured on host $mnethostid: " .
join("\n", $mnet_request->error));
break;
}
@ -1043,9 +1042,9 @@ class auth_plugin_mnet
$mnetsessions = get_records_sql($sql);
$ignore = delete_records('mnet_session',
'username', $username,
'useragent', $useragent,
$ignore = delete_records('mnet_session',
'username', $username,
'useragent', $useragent,
'mnethostid', $USER->mnethostid);
if (false != $mnetsessions) {
@ -1060,7 +1059,7 @@ class auth_plugin_mnet
$mnet_request->add_param($useragent);
if ($mnet_request->send($mnet_peer) === false) {
debugging(join("\n", $mnet_request->error));
return false;
return false;
}
}
@ -1121,13 +1120,13 @@ class auth_plugin_mnet
$mnet_request->add_param($username);
$mnet_request->add_param($useragent);
if ($mnet_request->send($mnet_peer) === false) {
debugging("Server side error has occured on host $mnethostid: " .
debugging("Server side error has occured on host $mnethostid: " .
join("\n", $mnet_request->error));
}
}
$ignore = delete_records('mnet_session',
'useragent', $useragent,
$ignore = delete_records('mnet_session',
'useragent', $useragent,
'userid', $userid);
if (isset($MNET_REMOTE_CLIENT) && isset($MNET_REMOTE_CLIENT->id)) {

5
auth/mnet/config.html
View File

@ -65,7 +65,7 @@ foreach($id_providers as $host):
<td align="right"><?php echo $host['name']; ?>: </td>
<td colspan="2"><?php echo $host['wwwroot']; ?> </td>
</tr>
<?php
<?php
endforeach;
?>
<tr valign="top" class="required">
@ -78,10 +78,9 @@ foreach($service_providers as $host):
<td align="right"><?php echo $host['name']; ?>: </td>
<td colspan="2"><?php echo $host['wwwroot']; ?> </td>
</tr>
<?php
<?php
endforeach;
// global $user_fields;
// print_auth_lock_options('mnet', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

6
auth/mnet/jump.php
View File

@ -14,10 +14,14 @@
require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
if (!is_enabled_auth('mnet')) {
error('mnet is disabled');
}
// grab the GET params - wantsurl could be anything - take it
// with PARAM_RAW
$hostid = required_param('hostid', PARAM_INT);
$wantsurl = optional_param('wantsurl', '/', PARAM_RAW);
$wantsurl = optional_param('wantsurl', '/', PARAM_RAW);
// start the mnet session and redirect browser to remote URL
$mnetauth = get_auth_plugin('mnet');

4
auth/mnet/land.php
View File

@ -19,6 +19,9 @@ if (!$site = get_site()) {
print_error('mnet_session_prohibited', 'mnet', '', '');
}
if (!is_enabled_auth('mnet')) {
error('mnet is disabled');
}
// grab the GET params
$token = required_param('token', PARAM_BASE64);
$remotewwwroot = required_param('idp', PARAM_URL);
@ -29,7 +32,6 @@ $mnetauth = get_auth_plugin('mnet');
$localuser = $mnetauth->confirm_mnet_session($token, $remotewwwroot);
// log in
$CFG->auth = 'mnet';
$USER = get_complete_user_data('id', $localuser->id, $localuser->mnethostid);
load_all_capabilities();

21
auth/nntp/auth.php
View File

@ -12,8 +12,9 @@
* 2006-08-31 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* NNTP authentication plugin.
@ -38,16 +39,16 @@ class auth_plugin_nntp {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
if (! function_exists('imap_open')) {
print_error('auth_nntpnotinstalled','auth');
exit;
}
global $CFG;
// try each multiple host
$hosts = split(';', $this->config->host);
foreach ($hosts as $host) {
@ -55,7 +56,7 @@ class auth_plugin_nntp {
error_reporting(0);
$connection = imap_open($host, $username, $password, OP_HALFOPEN);
error_reporting($CFG->debug);
error_reporting($CFG->debug);
if ($connection) {
imap_close($connection);
@ -68,7 +69,7 @@ class auth_plugin_nntp {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -78,12 +79,12 @@ class auth_plugin_nntp {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -92,7 +93,7 @@ class auth_plugin_nntp {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

11
auth/nntp/config.html
View File

@ -19,16 +19,16 @@ if (!isset($config->changepasswordurl)) {
<td>
<input name="host" type="text" size="30" value="<?php echo $config->host ?>" />
<?php
if (isset($err["host"])) {
formerr($err["host"]);
}
?>
</td>
<td>
<?php
print_string("auth_nntphost", "auth");
print_string("auth_multiplehosts", "auth");
@ -45,7 +45,7 @@ if (!isset($config->changepasswordurl)) {
if (isset($err["port"])) {
formerr($err["port"]);
}
?>
</td>
<td><?php print_string("auth_nntpport", "auth") ?></td>
@ -66,9 +66,8 @@ if (!isset($config->changepasswordurl)) {
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
<?php
<?php
global $user_fields;
print_auth_lock_options('nntp', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

96
auth/nologin/auth.php Normal file
View File

@ -0,0 +1,96 @@
<?php
/**
* @author Martin Dougiamas
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package moodle multiauth
*
* Authentication Plugin: No Authentication
*
* No authentication at all. This method approves everything!
*
* 2007-02-18 File created.
*/
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* Plugin for no authentication.
*/
class auth_plugin_nologin {
/**
* Constructor.
*/
function auth_plugin_nologin() {
}
/**
* Do not allow any login
*
*/
function user_login ($username, $password) {
return false;
}
/**
* No password updates.
*/
function user_update_password($user, $newpassword) {
return false;
}
/**
* Returns true if this authentication plugin is 'internal'.
*
* @return bool
*/
function is_internal() {
//we do not know if it was internal or external originally
return false;
}
/**
* Returns true if this authentication plugin can change the user's
* password.
*
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @return bool
*/
function change_password_url() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
* This function is called from admin/auth.php, and outputs a full page with
* a form for configuring this plugin.
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err, $user_fields) {
}
/**
* Processes and stores configuration data for this authentication plugin.
*/
function process_config($config) {
return true;
}
}
?>

19
auth/none/auth.php
View File

@ -12,8 +12,9 @@
* 2006-08-31 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* Plugin for no authentication.
@ -41,7 +42,7 @@ class auth_plugin_none {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
global $CFG;
@ -69,7 +70,7 @@ class auth_plugin_none {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return true;
@ -79,22 +80,22 @@ class auth_plugin_none {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return true;
}
/**
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -103,7 +104,7 @@ class auth_plugin_none {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

3
auth/none/config.html
View File

@ -2,9 +2,8 @@
<div align="center"><?php print_string('none'); ?></div>
<table cellspacing="0" cellpadding="5" border="0" align="center">
<?php
<?php
global $user_fields;
print_auth_lock_options('none', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

29
auth/pam/auth.php
View File

@ -7,16 +7,16 @@
*
* Authentication Plugin: PAM Authentication
*
* PAM (Pluggable Authentication Modules) for Moodle
*
* PAM (Pluggable Authentication Modules) for Moodle
*
* Description:
* Authentication by using the PHP4 PAM module:
* http://www.math.ohio-state.edu/~ccunning/pam_auth/
*
*
* Version 0.3 2006/09/07 by Jonathan Harker (plugin class)
* Version 0.2: 2004/09/01 by Martin V<EFBFBD>geli (stable version)
* Version 0.1: 2004/08/30 by Martin V<EFBFBD>geli (first draft)
*
*
* Contact: martinvoegeli@gmx.ch
* Website 1: http://elearning.zhwin.ch/
* Website 2: http://birdy1976.com/
@ -26,8 +26,9 @@
* 2006-08-31 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* PAM authentication plugin.
@ -38,7 +39,7 @@ class auth_plugin_pam {
* The configuration details for the plugin.
*/
var $config;
/**
* Store error messages from pam authentication attempts.
*/
@ -58,12 +59,12 @@ class auth_plugin_pam {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
// variable to store possible errors during authentication
$errormessage = str_repeat(' ', 2048);
// just for testing and debugging
// error_reporting(E_ALL);
@ -75,13 +76,13 @@ class auth_plugin_pam {
else {
$this->lasterror = $errormessage;
return false;
}
}
}
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -91,12 +92,12 @@ class auth_plugin_pam {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -105,7 +106,7 @@ class auth_plugin_pam {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

3
auth/pam/config.html
View File

@ -2,9 +2,8 @@
<div align="center"><?php print_string('none'); ?></div>
<table cellspacing="0" cellpadding="5" border="0" align="center">
<?php
<?php
global $user_fields;
print_auth_lock_options('pam', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

29
auth/pop3/auth.php
View File

@ -12,8 +12,9 @@
* 2006-08-31 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* POP3 authentication plugin.
@ -38,14 +39,14 @@ class auth_plugin_pop3 {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login($username, $password) {
if (! function_exists('imap_open')) {
print_error('auth_pop3notinstalled','auth');
exit;
}
global $CFG;
$hosts = split(';', $this->config->host); // Could be multiple hosts
foreach ($hosts as $host) { // Try each host in turn
@ -72,8 +73,8 @@ class auth_plugin_pop3 {
error_reporting(0);
$connection = imap_open($host, $username, $password);
error_reporting($CFG->debug);
error_reporting($CFG->debug);
if ($connection) {
imap_close($connection);
return true;
@ -85,7 +86,7 @@ class auth_plugin_pop3 {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -95,23 +96,23 @@ class auth_plugin_pop3 {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Returns the URL for changing the user's pw, or false if the default can
* be used.
*
* @returns bool
* @return bool
*/
function change_password_url() {
return $CFG->changepasswordurl; // TODO: will this be global?
//return $this->config->changepasswordurl;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -120,7 +121,7 @@ class auth_plugin_pop3 {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}
@ -146,8 +147,8 @@ class auth_plugin_pop3 {
}
// save settings
set_config('host', $config->host, 'auth/pop3');
set_config('type', $config->type, 'auth/pop3');
set_config('host', $config->host, 'auth/pop3');
set_config('type', $config->type, 'auth/pop3');
set_config('port', $config->port, 'auth/pop3');
set_config('mailbox', $config->mailbox, 'auth/pop3');
set_config('changepasswordurl', $config->changepasswordurl, 'auth/pop3');

7
auth/pop3/config.html
View File

@ -34,10 +34,10 @@ if (!isset($config->changepasswordurl)) {
</td>
<td>
<?php
print_string('auth_pop3host', 'auth');
print_string('auth_multiplehosts', 'auth');
?>
</td>
</tr>
@ -103,9 +103,8 @@ if (!isset($config->changepasswordurl)) {
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
<?php
<?php
global $user_fields;
print_auth_lock_options('pop3', $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false);
?>

27
auth/radius/auth.php
View File

@ -13,8 +13,9 @@
* 2006-08-31 File created.
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* RADIUS authentication plugin.
@ -39,26 +40,26 @@ class auth_plugin_radius {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login ($username, $password) {
require_once 'Auth/RADIUS.php';
// Added by Clive on 7th May for test purposes
// printf("Username: $username <br/>");
// printf("Password: $password <br/>");
// printf("host: $this->config->host <br/>");
// printf("nasport: $this->config->nasport <br/>");
// printf("secret: $this->config->secret <br/>");
$rauth = new Auth_RADIUS_PAP($username, $password);
$rauth->addServer($this->config->host, $this->config->nasport, $this->config->secret);
if (!$rauth->start()) {
printf("Radius start: %s<br/>\n", $rauth->getError());
exit;
}
$result = $rauth->send();
if (PEAR::isError($result)) {
printf("Radius send failed: %s<br/>\n", $result->getMessage());
@ -70,21 +71,21 @@ class auth_plugin_radius {
// printf("Radius Auth rejected<br/>\n");
return false;
}
// get attributes, even if auth failed
if (!$rauth->getAttributes()) {
printf("Radius getAttributes: %s<br/>\n", $rauth->getError());
} else {
$rauth->dumpAttributes();
}
$rauth->close();
}
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -94,12 +95,12 @@ class auth_plugin_radius {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -108,7 +109,7 @@ class auth_plugin_radius {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

8
auth/radius/config.html
View File

@ -5,7 +5,7 @@
// Is Auth/RADIUS really there?
if ((!include_once('Auth/RADIUS.php')) or (!class_exists(Auth_RADIUS_PAP))) {
print '<p align="center"><font color="red"><strong>Warning: The Auth_RADIUS module does not seem to be present. Please ensure it is installed and enabled.</strong></font></p>';
}
}
// set to defaults if undefined
if (!isset($config->host)) {
@ -44,11 +44,11 @@ if (!isset($config->changepasswordurl)) {
<td>
<input name="nasport" type="text" size="6" value="<?php echo $config->nasport ?>" />
<?php
if (isset($err['nasport'])) {
formerr($err['nasport']);
}
?>
</td>
<td><?php print_string('auth_radiusnasport', 'auth') ?></td>
@ -59,7 +59,7 @@ if (!isset($config->changepasswordurl)) {
<td>
<input name="secret" type="text" size="6" value="<?php echo $config->secret ?>" />
<?php
if (isset($err['secret'])) {
formerr($err['secret']);
}

88
auth/shibboleth/README.txt
View File

@ -2,7 +2,7 @@ Shibboleth Authentication for Moodle
-------------------------------------------------------------------------------
Requirements:
- Shibboleth target 1.1 or later. See documentation for your Shibboleth
- Shibboleth target 1.1 or later. See documentation for your Shibboleth
federation on how to set up Shibboleth.
Changes:
@ -20,7 +20,7 @@ Changes:
Moodle Configuration with Dual login
-------------------------------------------------------------------------------
1. Protect the directory moodle/auth/shibboleth/ with Shibboleth.
The page index.php in that directory actually logs in a Shibboleth user.
The page index.php in that directory actually logs in a Shibboleth user.
For Apache you have to define a rule like the following in the Apache config:
--
@ -31,25 +31,25 @@ Moodle Configuration with Dual login
</Location>
--
To restrict access to Moodle, replace the access rule 'require valid-user'
To restrict access to Moodle, replace the access rule 'require valid-user'
with something that fits your needs, e.g. 'require affiliation student'.
For IIS you have protect the auth/shibboleth directory directly in the
For IIS you have protect the auth/shibboleth directory directly in the
RequestMap of the Shibboleth configuration file (shibboleth.xml). See
https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/xmlaccesscontrol?topic=XMLAccessControl
2. As Moodle admin, go to the 'Administrations >> Users >> Authentication
2. As Moodle admin, go to the 'Administrations >> Users >> Authentication
Options' and select the 'Shibboleth' authentication method from the pop-up.
3. Fill in the fields of the form. The fields 'Username', 'First name',
'Surname', etc should contain the name of the environment variables of the
Shibboleth attributes that you want to map onto the corresponding Moodle
variable (e.g. 'HTTP_SHIB_PERSON_SURNAME' for the person's last name, refer
3. Fill in the fields of the form. The fields 'Username', 'First name',
'Surname', etc should contain the name of the environment variables of the
Shibboleth attributes that you want to map onto the corresponding Moodle
variable (e.g. 'HTTP_SHIB_PERSON_SURNAME' for the person's last name, refer
the Shibboleth documentation or the documentation of your Shibboleth
federation for information on which attributes are available).
Especially the 'Username' field is of great importance because
Especially the 'Username' field is of great importance because
this attribute is used for the Moodle authentication of Shibboleth users.
#############################################################################
Shibboleth Attributes needed by Moodle:
For Moodle to work properly Shibboleth should at least provide the attributes
@ -60,10 +60,10 @@ Moodle Configuration with Dual login
lengths for each field in the user profile.
#############################################################################
4. The large text field 'Instructions' must contain a link to the
moodle/auth/shibboleth/index.php file which is protected by
Shibboleth (see step 1) and causes the Shibboleth login procedure to start.
You could also use HTML code in that field, e.g. to create your own
4. The large text field 'Instructions' must contain a link to the
moodle/auth/shibboleth/index.php file which is protected by
Shibboleth (see step 1) and causes the Shibboleth login procedure to start.
You could also use HTML code in that field, e.g. to create your own
Shibboleth login button.
5. Save the changes for the Shibboleth authentication method.
@ -73,44 +73,44 @@ Moodle Configuration with Shibboleth only login
If you want Shibboleth as your only authentication method, configure Moodle as
described in the dual login section above and do the following steps:
4.a On the Moodle Shibboleth settings page, set the 'Alternate Login URL' to
4.a On the Moodle Shibboleth settings page, set the 'Alternate Login URL' to
the URL of the file 'moodle/auth/shibboleth/index.php'
This will enforce Shibboleth login.
How the Shibboleth authentication works
--------------------------------------------------------------------------------
To get Shibboleth authenticated in Moodle a user basically must access the
Shibboleth-protected page /auth/shibboleth/index.php. If Shibboleth is the only
authentication method (see 4.a), this happens automatically when a user wants to
login in Moodle. Otherwise, the user has to click on the link on the login page
To get Shibboleth authenticated in Moodle a user basically must access the
Shibboleth-protected page /auth/shibboleth/index.php. If Shibboleth is the only
authentication method (see 4.a), this happens automatically when a user wants to
login in Moodle. Otherwise, the user has to click on the link on the login page
you provided in step 4.
Moodle basically checks whether the Shibboleth attribute that you mapped
as the username is present. This attribute should only be present if a user is
as the username is present. This attribute should only be present if a user is
Shibboleth authenticated.
If the user's Moodle account has not existed yet, it gets automatically created.
To prevent that every Shibboleth user can access your Moodle site you have to
adapt the 'require valid-user' line in your webserver's config (see step 1) to
adapt the 'require valid-user' line in your webserver's config (see step 1) to
allow only specific users. If you defined some authorization rules in step 1,
these are checked by Shibboleth itself. Only users who met these rules
these are checked by Shibboleth itself. Only users who met these rules
actually can access /auth/shibboleth/index.php and get logged in.
You can use Shibboleth AND another authentication method (it was tested with
manual login). So, if there are a few users that don't have a Shibboleth
login, you could create manual accounts for them and they could use the manual
login. For other authentication methods you first have to configure them and
then set Shibboleth as your authentication method. Users can log in only via one
You can use Shibboleth AND another authentication method (it was tested with
manual login). So, if there are a few users that don't have a Shibboleth
login, you could create manual accounts for them and they could use the manual
login. For other authentication methods you first have to configure them and
then set Shibboleth as your authentication method. Users can log in only via one
authentication method unless they have two accounts in Moodle.
Shibboleth dual login with custom login page
--------------------------------------------------------------------------------
Of course you can create a dual login page that better fits your needs. For this
to work, you have to set up the two authentication methods (e.g. 'Manual' and
'Shibboleth') and specify an alternate login link to your own dual login page.
Of course you can create a dual login page that better fits your needs. For this
to work, you have to set up the two authentication methods (e.g. 'Manual' and
'Shibboleth') and specify an alternate login link to your own dual login page.
On that page you basically need a link to the Shibboleth-protected page
('/auth/shibboleth/index.php') for the Shibboleth login and a
('/auth/shibboleth/index.php') for the Shibboleth login and a
form that sends 'username' and 'password' to moodle/login/index.php.
Consult the Moodle documentation for further instructions and requirements.
@ -119,21 +119,21 @@ How to customize the way the Shibboleth user data is used in Moodle
Among the Shibboleth settings in Moodle there is a field that should contain a
path to a php file that can be used as data manipulation hook.
You can use this if you want to further process the way your Shibboleth
attributes are used in Moodle.
attributes are used in Moodle.
Example 1: Your Shibboleth federation uses an attribute that specifies the
Example 1: Your Shibboleth federation uses an attribute that specifies the
user's preferred language, but the content of this attribute is not
compatible with the Moodle data representation, e.g. the Shibboleth
attribute contains 'German' but Moodle needs a two letter value like
attribute contains 'German' but Moodle needs a two letter value like
'de'.
Example 2: The country, city and street are provided in one Shibboleth attribute
and you want these values to be used in the Moodle user profile. So
You have to parse the corresponding attribute to fill the user fields.
If you want to use this hook you have to be a skilled PHP programmer. It is
strongly recommended that you take a look at the file
moodle/auth/shibboleth/auth.php, especially the function 'get_userinfo'
where this file is included.
If you want to use this hook you have to be a skilled PHP programmer. It is
strongly recommended that you take a look at the file
moodle/auth/shibboleth/auth.php, especially the function 'get_userinfo'
where this file is included.
The context of the file is the same as within this login function. So you
can directly edit the object $result.
@ -146,16 +146,16 @@ Example file:
if ($_SERVER[$pluginconfig->field_map_address] != '')
{
// $address contains something like 'SWITCH$Limmatquai 138$CH-8021 Zurich'
// We want to split this up to get:
// We want to split this up to get:
// institution, street, zipcode, city and country
$address = $_SERVER[$pluginconfig->field_map_address];
list($institution, $street, $zip_city) = split('\$', $address);
ereg(' (.+)',$zip_city, $regs);
$city = $regs[1];
ereg('(.+)-',$zip_city, $regs);
$country = $regs[1];
$result["address"] = $street;
$result["city"] = $city;
$result["country"] = $country;
@ -165,5 +165,5 @@ Example file:
--
--------------------------------------------------------------------------------
In case of problems and questions with Shibboleth authentication, contact
In case of problems and questions with Shibboleth authentication, contact
Lukas Haemmerle <haemmerle@switch.ch> or Markus Hagman <hagman@hytti.uku.fi>

29
auth/shibboleth/auth.php
View File

@ -18,8 +18,9 @@
* 2006-10-27 Upstream 1.7 changes merged in, added above credits from lib.php :-)
*/
// This page cannot be called directly
if (!isset($CFG)) exit;
if (!defined('MOODLE_INTERNAL')) {
die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
}
/**
* Shibboleth authentication plugin.
@ -44,7 +45,7 @@ class auth_plugin_shibboleth {
*
* @param string $username The username
* @param string $password The password
* @returns bool Authentication success or failure.
* @return bool Authentication success or failure.
*/
function user_login($username, $password) {
// If we are in the shibboleth directory then we trust the server var
@ -75,7 +76,7 @@ class auth_plugin_shibboleth {
$result = array();
$search_attribs = array();
foreach ($attrmap as $key=>$value) {
if (!empty($CFG->unicodedb)) {
$result[$key] = $this->get_first_string($_SERVER[$value]);
@ -86,17 +87,17 @@ class auth_plugin_shibboleth {
// Provide an API to modify the information to fit the Moodle internal
// data representation
if (
$config->convert_data
if (
$config->convert_data
&& $config->convert_data != ''
&& is_readable($config->convert_data)
) {
// Include a custom file outside the Moodle dir to
// modify the variable $moodleattributes
include($config->convert_data);
}
return $result;
}
@ -106,8 +107,8 @@ class auth_plugin_shibboleth {
function get_attributes() {
$configarray = (array) $this->config;
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
$fields = array("firstname", "lastname", "email", "phone1", "phone2",
"department", "address", "city", "country", "description",
"idnumber", "lang", "guid");
$moodleattributes = array();
@ -124,7 +125,7 @@ class auth_plugin_shibboleth {
/**
* Returns true if this authentication plugin is 'internal'.
*
* @returns bool
* @return bool
*/
function is_internal() {
return false;
@ -134,12 +135,12 @@ class auth_plugin_shibboleth {
* Returns true if this authentication plugin can change the user's
* password.
*
* @returns bool
* @return bool
*/
function can_change_password() {
return false;
}
/**
* Prints a form for configuring this authentication plugin.
*
@ -148,7 +149,7 @@ class auth_plugin_shibboleth {
*
* @param array $page An object containing all the data for this page.
*/
function config_form($config, $err) {
function config_form($config, $err, $user_fields) {
include "config.html";
}

9
auth/shibboleth/config.html
View File

@ -30,7 +30,7 @@
<tr valign="top">
<td align="right"><?php print_string("instructions", "auth") ?>:</td>
<td>
<textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
<textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php p($config->auth_instructions) ?></textarea>
</td>
<td>
<?php
@ -45,8 +45,8 @@
<tr valign="top">
<td align="right"><?php print_string("auth_shib_convert_data", "auth") ?>:</td>
<td>
<input name="convert_data" type="text" size="30" value="<?php echo $config->convert_data?>">
<?php
<input name="convert_data" type="text" size="30" value="<?php echo $config->convert_data?>">
<?php
if ($config->convert_data and $config->convert_data != '' and !is_readable($config->convert_data)) {
echo '<br/><font color="red">';
@ -74,9 +74,8 @@
<td><?php print_string('changepasswordhelp', 'auth') ?></td>
</tr>
<?php
<?php
global $user_fields;
print_auth_lock_options('shibboleth', $user_fields, '<!-- empty help -->', true, false);
?>

16
auth/shibboleth/index.php
View File

@ -13,7 +13,7 @@
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
unset($SESSION->wantsurl); /// Just in case
}
redirect($urltogo);
}
@ -29,10 +29,10 @@
$frm->username = $_SERVER[$pluginconfig->user_attribute];
$frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);
// The random password consists of the first 8 letters of the base 64 encoded user ID
// This password is never used unless the user account is converted to manual
// This password is never used unless the user account is converted to manual
/// Check if the user has actually submitted login data to us
if ($user = authenticate_user_login($frm->username, $frm->password)) {
// Let's get them all set up.
@ -43,7 +43,7 @@
update_user_login_times();
set_moodle_cookie($USER->username);
set_login_session_preferences();
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
// We don't delete $SESSION->wantsurl yet, so we get there later
@ -56,21 +56,21 @@
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
unset($SESSION->wantsurl); /// Just in case
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM, SITEID)) and !empty($CFG->mymoodleredirect) and !isguest()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
$urltogo = $CFG->wwwroot.'/my/';
}
}
load_all_capabilities(); /// This is what lets the user do anything on the site :-)
redirect($urltogo);
}
}
// If we can find any (user independent) Shibboleth attributes but no user
// If we can find any (user independent) Shibboleth attributes but no user
// attributes we probably didn't receive any user attributes
elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID'])) {
error(get_string( 'shib_no_attributes_error', 'auth' , '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\''));