mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-03-10 02:40:10 +01:00
Code Issues Projects Releases Wiki Activity
46,584 Commits 36 Branches 523 Tags
Commit Graph

121 Commits

Author SHA1 Message Date
Inaki
40293947bb auth/cas: MDL-25062 CAS authentication plugin does not validate the CAS server certificate 
If we enable the server validation but don't specify a certificate file path
flag the error and don't let the user save the settings.
 2010-11-18 00:57:06 +00:00
Inaki
387d1dc0d5 auth/cas: MDL-25062 CAS authentication plugin does not validate the CAS server certificate 
The CAS protocol security model requires that you verify the cas server
certificate before you trust the answer (valid authentication and username
etc.).

Credit goes to Joachim Fritschi for reporting it and providing a patch.
 2010-11-18 00:12:23 +00:00
Inaki
e494a7615e auth/cas MDL-24789 phpCAS single sign-on module client needs updating due to security issues 
Upgraded phpCAS to 1.1.3 (latest stable version), which fixes them.
 2010-10-21 08:22:21 +00:00
Inaki
b44ff4e45b MDL-23864 auth/cas Coding error: Undefined index REQUEST_URI in auth/cas/CAS/CAS.php 
Patch our local copy (and record the change) while upstream fixes it (see
https://issues.jasig.org/browse/PHPCAS-81 )
 2010-09-03 16:54:03 +00:00
Petr Skoda
99f9f85f00 MDL-23489 auth plugins can specify own edit profile url - patch submitted by Jay Knight + tweaking change password url to use new moodle_url at the same time, it is backwards compatible, custom plugins may still use string url for now 2010-08-18 22:07:00 +00:00
Petr Skoda
28bd3d9ad3 MDL-23824 CLI script improvements - just define('CLI_SCRIPT', true) before require config.php; all incorrect uses of cli and web scripts are detected; refactored cron script - now in two separate sctipts; fix cli inline docs and help - we have to sudo to apache account; standardised cli script locations in auth plugins 2010-08-17 12:33:30 +00:00
Inaki
6328442a73 auth/cas MDL-23645 CAS single sign-on module needs updating due to security issues 
Upgraded phpCAS to 1.1.2 and fixed https://issues.jasig.org/browse/PHPCAS-73 ,
as reported by Fred Woolard in MDL-23126 (the fix will be in upstream in the
next release)

Credit goes to Johan Reinalda.
 2010-08-06 21:22:54 +00:00
Inaki
1298e78b24 auth/cas MDL-23371 Still some bits missing from setting name convertion. 2010-07-26 15:24:50 +00:00
Inaki
840fcf0c30 auth/cas MDL-23371 Add missing detection of PHP LDAP module like we do in auth/ldap 2010-07-25 22:55:45 +00:00
Inaki
fcf46da1c5 auth/ldap cas/ldap MDL-23371 auth/ldap and auth/cas refactor 
They now share most of the code again, this time via subclassing, and they
share some code with enrol/ldap. They have also gained some features and a few
fixes.
 2010-07-25 22:36:15 +00:00
Petr Skoda
df997f841f MDL-21782 reworked enrolment framework, the core infrastructure is in place, the basic plugins are all implemented; see the tracker issue for list of unfinished bits, expect more changes and improvements during the next week 
AMOS START
    MOV [sendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage,enrol_self]
    MOV [configsendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage_desc,enrol_self]
    MOV [enrolstartdate,core],[enrolstartdate,enrol_self]
    MOV [enrolenddate,core],[enrolenddate,enrol_self]
    CPY [welcometocourse,core],[welcometocourse,enrol_self]
    CPY [welcometocoursetext,core],[welcometocoursetext,enrol_self]
    MOV [notenrollable,core],[notenrollable,core_enrol]
    MOV [enrolenddaterror,core],[enrolenddaterror,enrol_self]
    MOV [enrolmentkeyhint,core],[passwordinvalidhint,enrol_self]
    MOV [coursemanager,core_admin],[coursecontact,core_admin]
    MOV [configcoursemanager,core_admin],[coursecontact_desc,core_admin]
    MOV [enrolledincourserole,core],[enrolledincourserole,enrol_manual]
    MOV [enrolme,core],[enrolme,core_enrol]
    MOV [unenrol,core],[unenrol,core_enrol]
    MOV [unenrolme,core],[unenrolme,core_enrol]
    MOV [enrolmentnew,core],[enrolmentnew,core_enrol]
    MOV [enrolmentnewuser,core],[enrolmentnewuser,core_enrol]
    MOV [enrolments,core],[enrolments,core_enrol]
    MOV [enrolperiod,core],[enrolperiod,core_enrol]
    MOV [unenrolroleusers,core],[unenrolroleusers,core_enrol]
AMOS END
 2010-06-21 15:30:49 +00:00
Petr Skoda
6b8ad965dc MDL-16919 we have to really use the username cleaning only when manually adding new accounts, any sync with external system needs the exact match without any cleaning! 2010-06-06 14:06:30 +00:00
Petr Skoda
9b56a34f7d MDL-16089 some resource lib and lang pack cleanup 
AMOS START
 MOV [displayauto,mod_resource],[resourcedisplayauto,core]
 MOV [displaydownload,mod_resource],[resourcedisplaydownload,core]
 MOV [displayembed,mod_resource],[resourcedisplayembed,core]
 MOV [displayframe,mod_resource],[resourcedisplayframe,core]
 MOV [displaynew,mod_resource],[resourcedisplaynew,core]
 MOV [displayopen,mod_resource],[resourcedisplayopen,core]
 MOV [displaypopup,mod_resource],[resourcedisplaypopup,core]

AMOS END
 2010-05-22 13:54:41 +00:00
Inaki
389d6f72b8 auth cas: MDL-20029 upgrade phpCAS version to the latest available version 
Also make sure phpCAS doesn't try to start a new PHP session. We have already
started our own and want to keep it :). In addition to it, it emitted a PHP
notice that could block the authentication process under certain
configurations.

And pretty much the same with the wantsurl and loginguest checks.
 2010-04-18 12:08:43 +00:00
Petr Skoda
370f10b7eb MDL-22061 converting auths to pluginname and deprecating old method for getting auth names 
AMOS START
 MOV [auth_castitle,auth_cas],[pluginname,auth_cas]
 MOV [auth_dbtitle,auth_db],[pluginname,auth_db]
 MOV [auth_emailtitle,auth_email],[pluginname,auth_email]
 MOV [auth_fctitle,auth_fc],[pluginname,auth_fc]
 MOV [auth_imaptitle,auth_imap],[pluginname,auth_imap]
 MOV [auth_ldaptitle,auth_ldap],[pluginname,auth_ldap]
 MOV [auth_manualtitle,auth_manul],[pluginname,auth_manul]
 MOV [auth_mnettitle,auth_mnet],[pluginname,auth_mnet]
 MOV [auth_nntptitle,auth_nntp],[pluginname,auth_nntp]
 MOV [auth_nologintitle,auth_nologin],[pluginname,auth_nologin]
 MOV [auth_nonetitle,auth_none],[pluginname,auth_none]
 MOV [auth_pamtitle,auth_pam],[pluginname,auth_pam]
 MOV [auth_pop3title,auth_pop3],[pluginname,auth_pop3]
 MOV [auth_radiustitle,auth_radius],[pluginname,auth_radius]
 MOV [auth_shibbolethtitle,auth_shibboleth],[pluginname,auth_shibboleth]
 MOV [auth_webservicetitle,auth_webservice],[pluginname,auth_webservice]
AMOS END
 2010-04-11 21:31:36 +00:00
Petr Skoda
2c10db3b3c MDL-22060 fixed $a in string to match new rules 
AMOS START
 REM fixed $a[] in [auth_dbdeleteuser, auth_db]
 REM fixed $a[] in [auth_dbinsertuser, auth_db]
 REM fixed $a[] in [auth_dbreviveduser, auth_db]
 REM fixed $a[] in [auth_dbsuspenduser, auth_db]
 REM fixed $a[] in [auth_dbupdatinguser, auth_db]
AMOS END
 2010-04-11 16:55:17 +00:00
Inaki
b8fc9582e6 auth cas/db/ldap: MDL-18689 Fix typos in auth/{cas,db,ldap}/auth.php 
Forward-ported from MOODLE_18_STABLE
 2010-04-10 15:26:39 +00:00
David Mudrak
30c8dd34f7 MDL-15252 Re-committing all English strings exported from AMOS 
From now on, all English strings use the new syntax. They are not
eval()'ed any more and the only valid placeholders are {$a} and
{$a->foobar}. No extra quotes escaping, dollar sign escaping and putting
double percent signs.

The modified files were exported from AMOS database repository in the
new syntax and were re-ordered by stringid. Standard GNU/GPL and PHPdoc
blocks are added. Where there was no copyright note so far, I added the
default one with Martin Dougiamas as the copyright holder.

Live long and prosper.
 2010-04-10 14:01:45 +00:00
Petr Skoda
3a915b0667 MDL-21693 Dropping _utf8 suffix from language codes and folder names; enabling new string managers - please note the transition is not yet fully complete because we need to wait for git to recognize the renames in cvs 2010-04-10 07:24:56 +00:00
Petr Skoda
4f0c2d0009 MDL-21655 big scary enrolment and roles improvements - see tacker for list of changes, includes other minor fixes too 2010-03-31 07:41:31 +00:00
David Mudrak
b13af519fc MDL-21694 Moving auth plugins lang files into plugin scope 2010-03-29 15:27:24 +00:00
Petr Skoda
8b49988e30 MDL-21802 backporting patch for vulnerability in CAS client library 2010-03-24 08:12:30 +00:00
Inaki
75a7a7e415 auth ldap/cas config: MDL-21343 LDAP / CAS settings broken due to wrong superflous value 2010-01-21 19:21:23 +00:00
Petr Skoda
d776d59ee2 MDL-21235 fixed select method name 2010-01-16 18:29:51 +00:00
Petr Skoda
4b9210f31b MDL-21235 more conversion to new select 2010-01-16 18:25:51 +00:00
Inaki
95cb3955a6 authentication plugins: MDL-21343 Add missing $OUTPUT global variables used in plugins' configuration pages 2010-01-14 18:54:12 +00:00
Rossiani Wijaya
07ed083e4e MDL-16919 - Allow username to contain alphanumeric lowercase characters, underscore (_), hyphen (-), period (.) or at symbol (@) 2010-01-13 06:23:54 +00:00
Petr Skoda
4454447d56 MDL-20700 whitespace terror returns 2009-12-16 22:14:17 +00:00
Petr Skoda
bdebf74c76 MDL-20948 proper removal of cached pasword hashes just in case upgrading from <1.9.7 2009-11-24 14:31:34 +00:00
Petr Skoda
9d0de271a5 MDL-20948 proper removal of cached pasword hashes just in case upgrading from <1.9.7 2009-11-24 14:26:22 +00:00
Petr Skoda
edb5da8331 MDL-20934 'not cached' flag used in all auth plugins that do not need the password 2009-11-23 21:50:40 +00:00
Petr Skoda
d5a8d9aa71 MDL-20625 new delegated transaction support in DML 2009-11-07 08:52:56 +00:00
Petr Skoda
5117d59899 MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup 2009-11-01 11:55:14 +00:00
samhemelryk
cfc5b79b86 auth MDL-19788 Upgraded print_header and build_navigation calls to use PAGE and OUTPUT equivilants 2009-09-03 05:40:41 +00:00
skodak
ebdd9fed4b MDL-20169 fixed coding style, parameter type required 2009-08-27 08:49:54 +00:00
nicolasconnault
7f383c5676 MDL-19788 Upgraded calls to link_to_popup_window() 2009-08-20 13:14:05 +00:00
nicolasconnault
db636fd5cd MDL-19788 Upgraded calls to helpbutton, print_simple_box* and notify 2009-08-18 04:28:58 +00:00
nicolasconnault
977e5edbd9 MDL-19788 Upgraded calls to choose_from_menu 2009-08-17 15:15:42 +00:00
nicolasconnault
119550a5b2 MDL-19788 Converted all print_footer() calls 2009-08-06 14:23:04 +00:00
iarenaza
afacbf004a CAS authentication: MDL-19671 phpCAS::getUser can return a mixed-case username, so lower-case it for comparison. 
Merged from MOODLE_18_STABLE
 2009-06-30 23:33:11 +00:00
jerome
2b06294b9a authentication MDL-19182 split auth.php lang file into multiple files separate for each plugin 2009-06-11 03:34:46 +00:00
skodak
3db835d1ae MDL-18744 cas fix, credit goes to Thibault Le Meur 2009-05-08 07:54:24 +00:00
tjhunt
93d4a373f9 blocklib: MDL-19010 always include blocklib in setup.php, stip includes elsewhere 2009-05-06 09:13:16 +00:00
stronk7
2a88f626f7 MDL-18577 drop enums support - step2: enums out from editor, dbmanager and all upgrade scripts. 2009-05-01 01:19:16 +00:00
mudrd8mz
081a9b0dad MDL-18644 Bugs found by syntax checker, merged from MOODLE_19_STABLE 2009-03-23 09:53:02 +00:00
iarenaza
eee34307b9 Cache LDAP connections: MDL-18130 Properly handle open LDAP connections. 
Both CAS and LDAP auth plugins open new connections to the LDAP server
to get the user account details. While this is the desired behaviour
for regular logins (we probably don't have an already open connection
to the LDAP server), this is a ressource hog when we are doing user
synchronization, as the closed connections remain in the TCP_WAIT
state for a while before the server can reuse them. If we are syncing
a lot of users, we can make the server run out of available TCP
ressources.

So we cache the connection the first time we establish it and return
the same connection handle everytime, unless we've closed all the
'open' connections, or the auth object is destroyed.

In addition to that, there were a few missing calls to ldap_close().
 2009-02-15 15:03:33 +00:00
moodler
49f5ec4cfd auth/cas MDL-17121 Upgraded to latest version which is LGPL 2008-11-07 02:01:10 +00:00
iarenaza
5261baf11e MDL-16061 Revert incorrect fix for "Remove 'username' from the $moodleattributes array" 
Merged from MOODLE_18_STABLE.

The fix is wrong, as it breaks auth_db_sync_users.php and
auth_ldap_sync_users.php at least. No new users are added to Moodle, as the
username is missing from the new user info record.

The fix needs to go into update_user_record() in lib/moodlelib.php to make it
skip the 'username' key, as we really need get_userinfo() to return the
username as part of the user info array.
 2008-08-25 22:44:45 +00:00
iarenaza
19ac43c7a6 MDL-16061 Remove 'username' from the $moodleattributes array. 
It doesn't make sense at all (username is not part of the externally mapped
fields) and produces a notice that breaks HTTP headers with debugging enabled.
 2008-08-15 11:22:57 +00:00
Francois Marier
6800d78e06 Drift between CVS and git 
- large deletions
- lucene updates
- error() => print_error()
- NO_MOODLE_COOKIES define
- various other things
 2008-06-25 17:31:23 +00:00