mirror of
https://github.com/moodle/moodle.git
synced 2025-01-18 22:08:20 +01:00
Auth: Bugfix: MDL-8131
This commit is contained in:
donal72
parent
f9dff2433f
commit
b7b50143f3
@ -41,8 +41,10 @@ class auth_plugin_cas {
|
||||
* @returns bool Authentication success or failure.
|
||||
*/
|
||||
function user_login ($username, $password) {
|
||||
|
||||
// TODO: find how to get at LDAP funcs
|
||||
if (! function_exists('ldap_connect')) {
|
||||
print_error('auth_casnotinstalled','mnet');
|
||||
return false;
|
||||
}
|
||||
|
||||
global $CFG;
|
||||
|
||||
@ -82,7 +84,7 @@ class auth_plugin_cas {
|
||||
ldap_close($ldap_connection);
|
||||
if ($ldap_login) {
|
||||
if ($this->config->create_user=='0') { //cas specific
|
||||
if (record_exists('user', 'username', $username)) {
|
||||
if (record_exists('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
@ -120,7 +122,7 @@ class auth_plugin_cas {
|
||||
phpCAS::setLang($this->config->language);
|
||||
phpCAS::forceAuthentication();
|
||||
if ($this->config->create_user == '0') {
|
||||
if (record_exists('user', 'username', phpCAS::getUser())) {
|
||||
if (record_exists('user', 'username', phpCAS::getUser(), 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
// TODO::SOMEOTHER::
|
||||
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
||||
}
|
||||
@ -169,7 +171,7 @@ class auth_plugin_cas {
|
||||
}
|
||||
if ($cas_user_exist) {
|
||||
if ($this->config->create_user == '0') {
|
||||
if (record_exists('user', 'username', phpCAS::getUser())) {
|
||||
if (record_exists('user', 'username', phpCAS::getUser(), 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
// TODO::SOMEOTHER::
|
||||
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
||||
}
|
||||
|
||||
@ -78,7 +78,7 @@ class auth_plugin_db {
|
||||
if ( $rs->RecordCount() ) {
|
||||
// user exists exterally
|
||||
// check username/password internally
|
||||
if ($user = get_record('user', 'username', $username)) {
|
||||
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
return validate_internal_user_password($user, $password);
|
||||
}
|
||||
} else {
|
||||
@ -156,8 +156,9 @@ class auth_plugin_db {
|
||||
|
||||
function user_update_password($username, $newpassword) {
|
||||
|
||||
global $CFG;
|
||||
if ($this->config->passtype === 'internal') {
|
||||
return set_field('user', 'password', md5($newpassword), 'username', $username);
|
||||
return set_field('user', 'password', md5($newpassword), 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
|
||||
} else {
|
||||
// we should have never been called!
|
||||
return false;
|
||||
@ -214,7 +215,7 @@ class auth_plugin_db {
|
||||
foreach ($remove_users as $user) {
|
||||
//following is copy pasted from admin/user.php
|
||||
//maybe this should moved to function in lib/datalib.php
|
||||
unset($updateuser);
|
||||
$updateuser = new stdClass();
|
||||
$updateuser->id = $user->id;
|
||||
$updateuser->deleted = "1";
|
||||
$updateuser->timemodified = time();
|
||||
@ -301,17 +302,18 @@ class auth_plugin_db {
|
||||
$user = $this->get_userinfo_asobj($user);
|
||||
|
||||
// prep a few params
|
||||
$user->username = $username;
|
||||
$user->modified = time();
|
||||
$user->confirmed = 1;
|
||||
$user->auth = 'db';
|
||||
$user->username = $username;
|
||||
$user->modified = time();
|
||||
$user->confirmed = 1;
|
||||
$user->auth = 'db';
|
||||
$user->mnethostid = $CFG->mnet_localhost_id;
|
||||
|
||||
// insert it
|
||||
$old_debug=$CFG->debug;
|
||||
$CFG->debug=10;
|
||||
|
||||
// maybe the user has been deleted before
|
||||
if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1)) {
|
||||
if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1, 'mnethostid', $user->mnethostid)) {
|
||||
$user->id = $old_user->id;
|
||||
set_field('user', 'deleted', 0, 'username', $user->username);
|
||||
echo "Revived user $user->username id $user->id\n";
|
||||
@ -414,6 +416,7 @@ class auth_plugin_db {
|
||||
* values removed from DB won't be removed from moodle.
|
||||
*/
|
||||
function db_update_user_record($username, $updatekeys=false) {
|
||||
global $CFG;
|
||||
|
||||
$pcfg = get_config('auth/db');
|
||||
|
||||
@ -421,12 +424,15 @@ class auth_plugin_db {
|
||||
$username = trim(moodle_strtolower($username));
|
||||
|
||||
// get the current user record
|
||||
$user = get_record('user', 'username', $username);
|
||||
$user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
|
||||
if (empty($user)) { // trouble
|
||||
error_log("Cannot update non-existent user: $username");
|
||||
die;
|
||||
}
|
||||
|
||||
// Ensure userid is not overwritten
|
||||
$userid = $user->id;
|
||||
|
||||
// TODO: this had a function_exists() - now we have a $this
|
||||
if ($newinfo = $this->get_userinfo($username)) {
|
||||
$newinfo = truncate_userinfo($newinfo);
|
||||
@ -445,12 +451,12 @@ class auth_plugin_db {
|
||||
}
|
||||
if (!empty($this->config->{'field_updatelocal_' . $key})) {
|
||||
if ($user->{$key} != $value) { // only update if it's changed
|
||||
set_field('user', $key, $value, 'username', $username);
|
||||
set_field('user', $key, $value, 'id', $userid);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return get_record_select("user", "username = '$username' AND deleted <> '1'");
|
||||
return get_record_select("user", "id = '$userid' AND deleted <> '1'");
|
||||
}
|
||||
|
||||
// A chance to validate form data, and last chance to
|
||||
|
||||
@ -51,7 +51,8 @@ class auth_plugin_email {
|
||||
* @returns bool Authentication success or failure.
|
||||
*/
|
||||
function user_login ($username, $password) {
|
||||
if ($user = get_record('user', 'username', $username)) {
|
||||
global $CFG;
|
||||
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
return validate_internal_user_password($user, $password);
|
||||
}
|
||||
return false;
|
||||
|
||||
@ -42,7 +42,8 @@ class auth_plugin_imap {
|
||||
*/
|
||||
function user_login ($username, $password) {
|
||||
if (! function_exists('imap_open')) {
|
||||
error("Cannot use IMAP authentication. The PHP IMAP module is not installed.");
|
||||
print_error('auth_imapnotinstalled','mnet');
|
||||
return false;
|
||||
}
|
||||
|
||||
global $CFG;
|
||||
|
||||
@ -46,6 +46,10 @@ class auth_plugin_ldap {
|
||||
* @returns bool Authentication success or failure.
|
||||
*/
|
||||
function user_login($username, $password) {
|
||||
if (! function_exists('ldap_bind')) {
|
||||
print_error('auth_ldapnotinstalled','mnet');
|
||||
return false;
|
||||
}
|
||||
|
||||
global $CFG;
|
||||
|
||||
@ -329,6 +333,8 @@ class auth_plugin_ldap {
|
||||
$user->guid=bin2hex($user->guid);
|
||||
//add authentication source stamp
|
||||
$user->auth = AUTH_LDAP_NAME;
|
||||
//add MNET host id
|
||||
$user->mnethostid = $CFG->mnet_localhost_id;
|
||||
$fresult[$user->username]=$user;
|
||||
|
||||
}
|
||||
@ -517,7 +523,7 @@ class auth_plugin_ldap {
|
||||
foreach ($remove_users as $user) {
|
||||
//following is copy pasted from admin/user.php
|
||||
//maybe this should moved to function in lib/datalib.php
|
||||
unset($updateuser);
|
||||
$updateuser = new stdClass();
|
||||
$updateuser->id = $user->id;
|
||||
$updateuser->deleted = '1';
|
||||
//$updateuser->username = "$user->username".time(); // Remember it just in case
|
||||
@ -617,7 +623,7 @@ class auth_plugin_ldap {
|
||||
if (!empty($add_users)) {
|
||||
print "User entries to add: ". count($add_users). "\n";
|
||||
|
||||
if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
|
||||
if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
|
||||
$creatorrole = array_shift($roles); // We can only use one, let's use the first one
|
||||
}
|
||||
|
||||
@ -627,18 +633,19 @@ class auth_plugin_ldap {
|
||||
//print $user->username . "\n";
|
||||
|
||||
// prep a few params
|
||||
$user->modified = time();
|
||||
$user->confirmed = 1;
|
||||
$user->auth = AUTH_LDAP_NAME;
|
||||
$user->modified = time();
|
||||
$user->confirmed = 1;
|
||||
$user->auth = AUTH_LDAP_NAME;
|
||||
$user->mnethostid = $CFG->mnet_localhost_id;
|
||||
|
||||
// insert it
|
||||
$old_debug=$CFG->debug;
|
||||
$CFG->debug=10;
|
||||
|
||||
// maybe the user has been deleted before
|
||||
if ($old_user = get_record('user', 'idnumber', $user->idnumber, 'deleted', 1)) {
|
||||
if ($old_user = get_record('user', 'idnumber', $user->idnumber, 'deleted', 1, 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
$user->id = $old_user->id;
|
||||
set_field('user', 'deleted', 0, 'idnumber', $user->idnumber);
|
||||
set_field('user', 'deleted', 0, 'id', $user->id);
|
||||
echo "Revived user $user->username with idnumber $user->idnumber id $user->id\n";
|
||||
}
|
||||
elseif ($id = insert_record('user',$user)) { // it is truly a new user
|
||||
@ -687,12 +694,15 @@ class auth_plugin_ldap {
|
||||
$username = trim(moodle_strtolower($username));
|
||||
|
||||
// get the current user record
|
||||
$user = get_record('user', 'username', $username);
|
||||
$user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
|
||||
if (empty($user)) { // trouble
|
||||
error_log("Cannot update non-existent user: $username");
|
||||
die;
|
||||
}
|
||||
|
||||
// Protect the userid from being overwritten
|
||||
$userid = $user->id;
|
||||
|
||||
if (function_exists('auth_get_userinfo')) {
|
||||
if ($newinfo = auth_get_userinfo($username)) {
|
||||
$newinfo = truncate_userinfo($newinfo);
|
||||
@ -702,23 +712,21 @@ class auth_plugin_ldap {
|
||||
}
|
||||
|
||||
foreach ($updatekeys as $key) {
|
||||
unset($value);
|
||||
if (isset($newinfo[$key])) {
|
||||
$value = $newinfo[$key];
|
||||
$value = addslashes(stripslashes($value)); // Just in case
|
||||
$value = addslashes(stripslashes($newinfo[$key]));
|
||||
}
|
||||
else {
|
||||
$value = '';
|
||||
}
|
||||
if (!empty($this->config->{'field_updatelocal_' . $key})) {
|
||||
if ($user->{$key} != $value) { // only update if it's changed
|
||||
set_field('user', $key, $value, 'username', $username);
|
||||
set_field('user', $key, $value, 'id', $userid);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return get_record_select("user", "username = '$username' AND deleted <> '1'");
|
||||
return get_record_select("user", "id = '$userid' AND deleted <> '1'");
|
||||
}
|
||||
|
||||
function ldap_bulk_insert($users) {
|
||||
@ -952,13 +960,12 @@ class auth_plugin_ldap {
|
||||
* called when the user password is updated.
|
||||
* changes userpassword in external db
|
||||
*
|
||||
* @param mixed $username Username
|
||||
* @param mixed $newpassword Plaintext password
|
||||
* @param mixed $oldpassword Plaintext old password to bind ldap with
|
||||
* @param object $user User table object
|
||||
* @param mixed $newpassword Plaintext password
|
||||
* @param mixed $oldpassword Plaintext old password to bind ldap with
|
||||
* @return boolean result
|
||||
*
|
||||
*/
|
||||
// function user_update_password($username, $newpassword) {
|
||||
function user_update_password($user, $newpassword) {
|
||||
/// called when the user password is updated -- it assumes it is called by an admin
|
||||
/// or that you've otherwise checked the user's credentials
|
||||
|
||||
@ -43,14 +43,11 @@ class auth_plugin_manual
|
||||
* @returns bool Authentication success or failure.
|
||||
*/
|
||||
function user_login ($username, $password) {
|
||||
if ($user = get_record('user', 'username', $username)) {
|
||||
if (validate_internal_user_password($user, $password)) {
|
||||
return true;
|
||||
// return AUTH_OK;
|
||||
}
|
||||
global $CFG;
|
||||
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
return validate_internal_user_password($user, $password);
|
||||
}
|
||||
return false;
|
||||
// return AUTH_FAIL;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -26,7 +26,7 @@ $localuser = $mnetauth->confirm_mnet_session($token, $remotewwwroot);
|
||||
|
||||
// log in
|
||||
$CFG->auth = 'mnet';
|
||||
$USER = get_complete_user_data('id', $localuser->id);
|
||||
$USER = get_complete_user_data('id', $localuser->id, $localuser->mnethostid);
|
||||
load_all_capabilities();
|
||||
|
||||
// redirect
|
||||
|
||||
@ -44,10 +44,11 @@ class auth_plugin_none {
|
||||
* @returns bool Authentication success or failure.
|
||||
*/
|
||||
function user_login ($username, $password) {
|
||||
if ($user = get_record('user', 'username', $username)) {
|
||||
global $CFG;
|
||||
if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
|
||||
return validate_internal_user_password($user, $password);
|
||||
}
|
||||
return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -2686,7 +2686,7 @@ function update_internal_user_password(&$user, $password, $storeindb=true) {
|
||||
$hashedpassword = hash_internal_user_password($password);
|
||||
}
|
||||
|
||||
return set_field('user', 'password', $hashedpassword, 'username', $user->username);
|
||||
return set_field('user', 'password', $hashedpassword, 'id', $user->id);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -2700,7 +2700,7 @@ function update_internal_user_password(&$user, $password, $storeindb=true) {
|
||||
* @param string $value The value to match for $field.
|
||||
* @return user A {@link $USER} object.
|
||||
*/
|
||||
function get_complete_user_data($field, $value) {
|
||||
function get_complete_user_data($field, $value, $mnethostid=null) {
|
||||
|
||||
global $CFG;
|
||||
|
||||
@ -2708,9 +2708,23 @@ function get_complete_user_data($field, $value) {
|
||||
return false;
|
||||
}
|
||||
|
||||
/// Build the WHERE clause for an SQL query
|
||||
|
||||
$constraints = $field .' = \''. $value .'\' AND deleted <> \'1\'';
|
||||
|
||||
if (null === $mnethostid) {
|
||||
$constraints .= ' AND auth != \'mnet\'';
|
||||
} elseif (is_numeric($mnethostid)) {
|
||||
$constraints .= ' AND mnethostid = \''.$mnethostid.'\'';
|
||||
} else {
|
||||
error_log('Call to get_complete_user_data for $field='.$field.', $value = '.$value.', with invalid $mnethostid: '. $mnethostid);
|
||||
print_error('invalidhostlogin','mnet', $CFG->wwwroot.'/login/index.php');
|
||||
exit;
|
||||
}
|
||||
|
||||
/// Get all the basic user data
|
||||
|
||||
if (! $user = get_record_select('user', $field .' = \''. $value .'\' AND deleted <> \'1\'')) {
|
||||
if (! $user = get_record_select('user', $constraints)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
@ -137,7 +137,10 @@ class mnet_xmlrpc_client {
|
||||
// Executing any system method is permitted.
|
||||
|
||||
} else {
|
||||
|
||||
$id_list = $mnet_peer->id;
|
||||
if (!empty($CFG->mnet_all_hosts_id)) {
|
||||
$id_list .= ', '.$CFG->mnet_all_hosts_id;
|
||||
}
|
||||
// Find methods that we subscribe to on this host
|
||||
$sql = "
|
||||
SELECT
|
||||
@ -150,12 +153,12 @@ class mnet_xmlrpc_client {
|
||||
r.xmlrpc_path = '{$this->method}' AND
|
||||
s2r.rpcid = r.id AND
|
||||
s2r.serviceid = h2s.serviceid AND
|
||||
h2s.subscribe = '1'";
|
||||
h2s.subscribe = '1' AND
|
||||
h2s.hostid in ({$id_list})";
|
||||
|
||||
$permission = get_record_sql($sql);
|
||||
if ($permission == false) {
|
||||
// TODO: Handle attempt to call not-permitted method
|
||||
echo '<pre>'.$sql.'</pre>';
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user