diff --git a/auth/cas/auth.php b/auth/cas/auth.php index cc716cd6bb5..b3a48d657e9 100644 --- a/auth/cas/auth.php +++ b/auth/cas/auth.php @@ -41,8 +41,10 @@ class auth_plugin_cas { * @returns bool Authentication success or failure. */ function user_login ($username, $password) { - - // TODO: find how to get at LDAP funcs + if (! function_exists('ldap_connect')) { + print_error('auth_casnotinstalled','mnet'); + return false; + } global $CFG; @@ -82,7 +84,7 @@ class auth_plugin_cas { ldap_close($ldap_connection); if ($ldap_login) { if ($this->config->create_user=='0') { //cas specific - if (record_exists('user', 'username', $username)) { + if (record_exists('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { return true; }else{ return false; @@ -120,7 +122,7 @@ class auth_plugin_cas { phpCAS::setLang($this->config->language); phpCAS::forceAuthentication(); if ($this->config->create_user == '0') { - if (record_exists('user', 'username', phpCAS::getUser())) { + if (record_exists('user', 'username', phpCAS::getUser(), 'mnethostid', $CFG->mnet_localhost_id)) { // TODO::SOMEOTHER:: $user = authenticate_user_login(phpCAS::getUser(), 'cas'); } @@ -169,7 +171,7 @@ class auth_plugin_cas { } if ($cas_user_exist) { if ($this->config->create_user == '0') { - if (record_exists('user', 'username', phpCAS::getUser())) { + if (record_exists('user', 'username', phpCAS::getUser(), 'mnethostid', $CFG->mnet_localhost_id)) { // TODO::SOMEOTHER:: $user = authenticate_user_login(phpCAS::getUser(), 'cas'); } diff --git a/auth/db/auth.php b/auth/db/auth.php index f1f126e8ec1..893f11ee3d5 100644 --- a/auth/db/auth.php +++ b/auth/db/auth.php @@ -78,7 +78,7 @@ class auth_plugin_db { if ( $rs->RecordCount() ) { // user exists exterally // check username/password internally - if ($user = get_record('user', 'username', $username)) { + if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { return validate_internal_user_password($user, $password); } } else { @@ -156,8 +156,9 @@ class auth_plugin_db { function user_update_password($username, $newpassword) { + global $CFG; if ($this->config->passtype === 'internal') { - return set_field('user', 'password', md5($newpassword), 'username', $username); + return set_field('user', 'password', md5($newpassword), 'username', $username, 'mnethostid', $CFG->mnet_localhost_id); } else { // we should have never been called! return false; @@ -214,7 +215,7 @@ class auth_plugin_db { foreach ($remove_users as $user) { //following is copy pasted from admin/user.php //maybe this should moved to function in lib/datalib.php - unset($updateuser); + $updateuser = new stdClass(); $updateuser->id = $user->id; $updateuser->deleted = "1"; $updateuser->timemodified = time(); @@ -301,17 +302,18 @@ class auth_plugin_db { $user = $this->get_userinfo_asobj($user); // prep a few params - $user->username = $username; - $user->modified = time(); - $user->confirmed = 1; - $user->auth = 'db'; + $user->username = $username; + $user->modified = time(); + $user->confirmed = 1; + $user->auth = 'db'; + $user->mnethostid = $CFG->mnet_localhost_id; // insert it $old_debug=$CFG->debug; $CFG->debug=10; // maybe the user has been deleted before - if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1)) { + if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1, 'mnethostid', $user->mnethostid)) { $user->id = $old_user->id; set_field('user', 'deleted', 0, 'username', $user->username); echo "Revived user $user->username id $user->id\n"; @@ -414,6 +416,7 @@ class auth_plugin_db { * values removed from DB won't be removed from moodle. */ function db_update_user_record($username, $updatekeys=false) { + global $CFG; $pcfg = get_config('auth/db'); @@ -421,12 +424,15 @@ class auth_plugin_db { $username = trim(moodle_strtolower($username)); // get the current user record - $user = get_record('user', 'username', $username); + $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id); if (empty($user)) { // trouble error_log("Cannot update non-existent user: $username"); die; } + // Ensure userid is not overwritten + $userid = $user->id; + // TODO: this had a function_exists() - now we have a $this if ($newinfo = $this->get_userinfo($username)) { $newinfo = truncate_userinfo($newinfo); @@ -445,12 +451,12 @@ class auth_plugin_db { } if (!empty($this->config->{'field_updatelocal_' . $key})) { if ($user->{$key} != $value) { // only update if it's changed - set_field('user', $key, $value, 'username', $username); + set_field('user', $key, $value, 'id', $userid); } } } } - return get_record_select("user", "username = '$username' AND deleted <> '1'"); + return get_record_select("user", "id = '$userid' AND deleted <> '1'"); } // A chance to validate form data, and last chance to diff --git a/auth/email/auth.php b/auth/email/auth.php index cec823d6ebc..690b166356f 100644 --- a/auth/email/auth.php +++ b/auth/email/auth.php @@ -51,7 +51,8 @@ class auth_plugin_email { * @returns bool Authentication success or failure. */ function user_login ($username, $password) { - if ($user = get_record('user', 'username', $username)) { + global $CFG; + if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { return validate_internal_user_password($user, $password); } return false; diff --git a/auth/imap/auth.php b/auth/imap/auth.php index ad8e581ba7b..0e91e8249a8 100644 --- a/auth/imap/auth.php +++ b/auth/imap/auth.php @@ -42,7 +42,8 @@ class auth_plugin_imap { */ function user_login ($username, $password) { if (! function_exists('imap_open')) { - error("Cannot use IMAP authentication. The PHP IMAP module is not installed."); + print_error('auth_imapnotinstalled','mnet'); + return false; } global $CFG; diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index 465143fb8e4..9187e7a8b51 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -46,6 +46,10 @@ class auth_plugin_ldap { * @returns bool Authentication success or failure. */ function user_login($username, $password) { + if (! function_exists('ldap_bind')) { + print_error('auth_ldapnotinstalled','mnet'); + return false; + } global $CFG; @@ -329,6 +333,8 @@ class auth_plugin_ldap { $user->guid=bin2hex($user->guid); //add authentication source stamp $user->auth = AUTH_LDAP_NAME; + //add MNET host id + $user->mnethostid = $CFG->mnet_localhost_id; $fresult[$user->username]=$user; } @@ -517,7 +523,7 @@ class auth_plugin_ldap { foreach ($remove_users as $user) { //following is copy pasted from admin/user.php //maybe this should moved to function in lib/datalib.php - unset($updateuser); + $updateuser = new stdClass(); $updateuser->id = $user->id; $updateuser->deleted = '1'; //$updateuser->username = "$user->username".time(); // Remember it just in case @@ -617,7 +623,7 @@ class auth_plugin_ldap { if (!empty($add_users)) { print "User entries to add: ". count($add_users). "\n"; - if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { + if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) { $creatorrole = array_shift($roles); // We can only use one, let's use the first one } @@ -627,18 +633,19 @@ class auth_plugin_ldap { //print $user->username . "\n"; // prep a few params - $user->modified = time(); - $user->confirmed = 1; - $user->auth = AUTH_LDAP_NAME; + $user->modified = time(); + $user->confirmed = 1; + $user->auth = AUTH_LDAP_NAME; + $user->mnethostid = $CFG->mnet_localhost_id; // insert it $old_debug=$CFG->debug; $CFG->debug=10; // maybe the user has been deleted before - if ($old_user = get_record('user', 'idnumber', $user->idnumber, 'deleted', 1)) { + if ($old_user = get_record('user', 'idnumber', $user->idnumber, 'deleted', 1, 'mnethostid', $CFG->mnet_localhost_id)) { $user->id = $old_user->id; - set_field('user', 'deleted', 0, 'idnumber', $user->idnumber); + set_field('user', 'deleted', 0, 'id', $user->id); echo "Revived user $user->username with idnumber $user->idnumber id $user->id\n"; } elseif ($id = insert_record('user',$user)) { // it is truly a new user @@ -687,12 +694,15 @@ class auth_plugin_ldap { $username = trim(moodle_strtolower($username)); // get the current user record - $user = get_record('user', 'username', $username); + $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id); if (empty($user)) { // trouble error_log("Cannot update non-existent user: $username"); die; } + // Protect the userid from being overwritten + $userid = $user->id; + if (function_exists('auth_get_userinfo')) { if ($newinfo = auth_get_userinfo($username)) { $newinfo = truncate_userinfo($newinfo); @@ -702,23 +712,21 @@ class auth_plugin_ldap { } foreach ($updatekeys as $key) { - unset($value); if (isset($newinfo[$key])) { - $value = $newinfo[$key]; - $value = addslashes(stripslashes($value)); // Just in case + $value = addslashes(stripslashes($newinfo[$key])); } else { $value = ''; } if (!empty($this->config->{'field_updatelocal_' . $key})) { if ($user->{$key} != $value) { // only update if it's changed - set_field('user', $key, $value, 'username', $username); + set_field('user', $key, $value, 'id', $userid); } } } } } - return get_record_select("user", "username = '$username' AND deleted <> '1'"); + return get_record_select("user", "id = '$userid' AND deleted <> '1'"); } function ldap_bulk_insert($users) { @@ -952,13 +960,12 @@ class auth_plugin_ldap { * called when the user password is updated. * changes userpassword in external db * - * @param mixed $username Username - * @param mixed $newpassword Plaintext password - * @param mixed $oldpassword Plaintext old password to bind ldap with + * @param object $user User table object + * @param mixed $newpassword Plaintext password + * @param mixed $oldpassword Plaintext old password to bind ldap with * @return boolean result * */ - // function user_update_password($username, $newpassword) { function user_update_password($user, $newpassword) { /// called when the user password is updated -- it assumes it is called by an admin /// or that you've otherwise checked the user's credentials diff --git a/auth/manual/auth.php b/auth/manual/auth.php index e6311c7a12b..38f3275830f 100644 --- a/auth/manual/auth.php +++ b/auth/manual/auth.php @@ -43,14 +43,11 @@ class auth_plugin_manual * @returns bool Authentication success or failure. */ function user_login ($username, $password) { - if ($user = get_record('user', 'username', $username)) { - if (validate_internal_user_password($user, $password)) { - return true; - // return AUTH_OK; - } + global $CFG; + if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { + return validate_internal_user_password($user, $password); } return false; - // return AUTH_FAIL; } /* diff --git a/auth/mnet/land.php b/auth/mnet/land.php index 51106c89011..5350f56c824 100644 --- a/auth/mnet/land.php +++ b/auth/mnet/land.php @@ -26,7 +26,7 @@ $localuser = $mnetauth->confirm_mnet_session($token, $remotewwwroot); // log in $CFG->auth = 'mnet'; -$USER = get_complete_user_data('id', $localuser->id); +$USER = get_complete_user_data('id', $localuser->id, $localuser->mnethostid); load_all_capabilities(); // redirect diff --git a/auth/none/auth.php b/auth/none/auth.php index 520c8328149..3fcd2d62c2d 100644 --- a/auth/none/auth.php +++ b/auth/none/auth.php @@ -44,10 +44,11 @@ class auth_plugin_none { * @returns bool Authentication success or failure. */ function user_login ($username, $password) { - if ($user = get_record('user', 'username', $username)) { + global $CFG; + if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) { return validate_internal_user_password($user, $password); } - return true; + return false; } /* diff --git a/lib/moodlelib.php b/lib/moodlelib.php index aaa02b6373d..12f29021255 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -2686,7 +2686,7 @@ function update_internal_user_password(&$user, $password, $storeindb=true) { $hashedpassword = hash_internal_user_password($password); } - return set_field('user', 'password', $hashedpassword, 'username', $user->username); + return set_field('user', 'password', $hashedpassword, 'id', $user->id); } /** @@ -2700,7 +2700,7 @@ function update_internal_user_password(&$user, $password, $storeindb=true) { * @param string $value The value to match for $field. * @return user A {@link $USER} object. */ -function get_complete_user_data($field, $value) { +function get_complete_user_data($field, $value, $mnethostid=null) { global $CFG; @@ -2708,9 +2708,23 @@ function get_complete_user_data($field, $value) { return false; } +/// Build the WHERE clause for an SQL query + + $constraints = $field .' = \''. $value .'\' AND deleted <> \'1\''; + + if (null === $mnethostid) { + $constraints .= ' AND auth != \'mnet\''; + } elseif (is_numeric($mnethostid)) { + $constraints .= ' AND mnethostid = \''.$mnethostid.'\''; + } else { + error_log('Call to get_complete_user_data for $field='.$field.', $value = '.$value.', with invalid $mnethostid: '. $mnethostid); + print_error('invalidhostlogin','mnet', $CFG->wwwroot.'/login/index.php'); + exit; + } + /// Get all the basic user data - if (! $user = get_record_select('user', $field .' = \''. $value .'\' AND deleted <> \'1\'')) { + if (! $user = get_record_select('user', $constraints)) { return false; } diff --git a/mnet/xmlrpc/client.php b/mnet/xmlrpc/client.php index 85079177c89..663a7d3e6f8 100644 --- a/mnet/xmlrpc/client.php +++ b/mnet/xmlrpc/client.php @@ -137,7 +137,10 @@ class mnet_xmlrpc_client { // Executing any system method is permitted. } else { - + $id_list = $mnet_peer->id; + if (!empty($CFG->mnet_all_hosts_id)) { + $id_list .= ', '.$CFG->mnet_all_hosts_id; + } // Find methods that we subscribe to on this host $sql = " SELECT @@ -150,12 +153,12 @@ class mnet_xmlrpc_client { r.xmlrpc_path = '{$this->method}' AND s2r.rpcid = r.id AND s2r.serviceid = h2s.serviceid AND - h2s.subscribe = '1'"; + h2s.subscribe = '1' AND + h2s.hostid in ({$id_list})"; $permission = get_record_sql($sql); if ($permission == false) { // TODO: Handle attempt to call not-permitted method - echo '
'.$sql.'
'; return false; }