mirror of
https://github.com/moodle/moodle.git
synced 2025-02-19 07:41:02 +01:00
171 lines
5.1 KiB
PHP
171 lines
5.1 KiB
PHP
<?PHP
|
|
// $Id$
|
|
// author: romuald Lorthioir
|
|
//CHANGELOG:
|
|
//16/03/2005 Use of LDAP Module
|
|
//05.02.2005 Added CAS module
|
|
|
|
/* README!
|
|
CAS Module
|
|
This Module can be turn ON/OFF on admin screen.
|
|
The /login/index.php module is intercepted and replace with the login.php.
|
|
This Module is using the /auth/cas/index_form.html.
|
|
This module is using the LDAP Module so you need the /auth/ldap directory.
|
|
You can see /auth/ldap/lib.php for the other functions.
|
|
*/
|
|
defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
|
|
|
|
define('AUTH_LDAP_NAME', 'cas'); // for ldap module
|
|
require_once($CFG->dirroot.'/config.php');
|
|
require_once($CFG->dirroot.'/auth/ldap/lib.php');
|
|
require_once($CFG->dirroot.'/lib/cas/CAS.php');
|
|
$cas_validate=false;
|
|
|
|
/**
|
|
* replace the ldap auth_user_login function
|
|
* authenticates user againt CAS with ldap
|
|
* Returns true if the username and password work
|
|
* and false if they don't
|
|
*
|
|
* @param string $username
|
|
* @param string $password
|
|
*
|
|
*/
|
|
function cas_ldap_auth_user_login ($username, $password) {
|
|
/// Returns true if the username and password work
|
|
/// and false if they don't
|
|
|
|
global $CFG;
|
|
if (!$username or !$password) { // Don't allow blank usernames or passwords
|
|
return false;
|
|
}
|
|
|
|
if ($CFG->auth == "cas" && !empty($CFG->cas_enabled)){ //cas specific
|
|
if ($CFG->cas_create_user=="0"){
|
|
if (record_exists('user', 'username', $username)){
|
|
return true;
|
|
}else{
|
|
return false;
|
|
}
|
|
}else{
|
|
return true;
|
|
}
|
|
}
|
|
|
|
$ldap_connection = auth_ldap_connect();
|
|
|
|
if ($ldap_connection) {
|
|
$ldap_user_dn = auth_ldap_find_userdn($ldap_connection, $username);
|
|
|
|
//if ldap_user_dn is empty, user does not exist
|
|
if(!$ldap_user_dn){
|
|
ldap_close($ldap_connection);
|
|
return false;
|
|
}
|
|
|
|
// Try to bind with current username and password
|
|
$ldap_login = ldap_bind($ldap_connection, $ldap_user_dn, $password);
|
|
ldap_close($ldap_connection);
|
|
if ($ldap_login) {
|
|
if ($CFG->cas_create_user=="0"){ //cas specific
|
|
if (record_exists('user', 'username', $username)){
|
|
return true;
|
|
}else{
|
|
return false;
|
|
}
|
|
}else{
|
|
return true;
|
|
}
|
|
}
|
|
} else {
|
|
ldap_close($ldap_connection);
|
|
error("LDAP part of CAS-module cannot connect to server: $CFG->ldap_host_url");
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* authenticates user against CAS from screen login
|
|
* the user doesn't have a CAS Ticket yet.
|
|
*
|
|
* Returns an object user if the username and password work
|
|
* and nothing if they don't
|
|
*
|
|
* @param string $username
|
|
* @param string $password
|
|
*
|
|
*/
|
|
function cas_authenticate_user_login ($username, $password) {
|
|
|
|
global $CFG;
|
|
// FIX ME: $cas_validate is not global
|
|
$cas_validate=true;
|
|
phpCAS::client($CFG->cas_version,$CFG->cas_hostname,(int)$CFG->cas_port,$CFG->cas_baseuri);
|
|
phpCAS::setLang($CFG->cas_language);
|
|
phpCAS::forceAuthentication();
|
|
if ($CFG->cas_create_user=="0"){
|
|
if (record_exists('user', 'username', phpCAS::getUser())) {
|
|
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
|
}else{
|
|
//login as guest if CAS but not Moodle and not automatic creation
|
|
if ($CFG->guestloginbutton){
|
|
$user = authenticate_user_login('guest', 'guest');
|
|
}else{
|
|
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
|
}
|
|
}
|
|
}else{
|
|
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
|
}
|
|
return $user;
|
|
}
|
|
|
|
/**
|
|
* authenticates user against CAS when first call of Moodle
|
|
* if already in CAS (cookie with the CAS ticket), don't have to log again (SSO)
|
|
*
|
|
* Returns an object user if the username and password work
|
|
* and nothing if they don't
|
|
*
|
|
* @param object $user
|
|
*
|
|
*/
|
|
function cas_automatic_authenticate ($user="") {
|
|
global $CFG;
|
|
// FIX ME: $cas_validate is not global, but it works anyway ;-)
|
|
if (!$cas_validate){
|
|
$cas_validate=true;
|
|
phpCAS::client($CFG->cas_version,$CFG->cas_hostname,(int)$CFG->cas_port,$CFG->cas_baseuri);
|
|
phpCAS::setLang($CFG->cas_language);
|
|
$cas_user_exist=phpCAS::checkAuthentication();
|
|
if (!$cas_user_exist && !$CFG->guestloginbutton){
|
|
$cas_user_exist=phpCAS::forceAuthentication();
|
|
}
|
|
if ($cas_user_exist){
|
|
if ($CFG->cas_create_user=="0"){
|
|
if (record_exists('user', 'username', phpCAS::getUser())) {
|
|
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
|
}else{
|
|
//login as guest if CAS but not Moodle and not automatic creation
|
|
if ($CFG->guestloginbutton){
|
|
$user = authenticate_user_login('guest', 'guest');
|
|
}else{
|
|
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
|
}
|
|
}
|
|
}else{
|
|
|
|
$user = authenticate_user_login(phpCAS::getUser(), 'cas');
|
|
}
|
|
return $user;
|
|
}else{
|
|
return;
|
|
}
|
|
|
|
}else{
|
|
return $user;
|
|
}
|
|
}
|
|
|
|
|
|
?>
|