API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 26th, 2016
64
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.75 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. // This file is part of Moodle - http://moodle.org/
  4. //
  5. // Moodle is free software: you can redistribute it and/or modify
  6. // it under the terms of the GNU General Public License as published by
  7. // the Free Software Foundation, either version 3 of the License, or
  8. // (at your option) any later version.
  9. //
  10. // Moodle is distributed in the hope that it will be useful,
  11. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. // GNU General Public License for more details.
  14. //
  15. // You should have received a copy of the GNU General Public License
  16. // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
  17.  
  18. /**
  19. * Main login page.
  20. *
  21. * @package core
  22. * @subpackage auth
  23. * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
  24. * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  25. */
  26.  
  27. require('../config.php');
  28. require_once('lib.php');
  29.  
  30. // Try to prevent searching for sites that allow sign-up.
  31. if (!isset($CFG->additionalhtmlhead)) {
  32. $CFG->additionalhtmlhead = '';
  33. }
  34. $CFG->additionalhtmlhead .= '<meta name="robots" content="noindex" />';
  35.  
  36. redirect_if_major_upgrade_required();
  37.  
  38. $testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly
  39. $cancel = optional_param('cancel', 0, PARAM_BOOL); // redirect to frontpage, needed for loginhttps
  40.  
  41. if ($cancel) {
  42. redirect(new moodle_url('/'));
  43. }
  44.  
  45. //HTTPS is required in this page when $CFG->loginhttps enabled
  46. $PAGE->https_required();
  47.  
  48. $context = context_system::instance();
  49. $PAGE->set_url("$CFG->httpswwwroot/login/index.php");
  50. $PAGE->set_context($context);
  51. $PAGE->set_pagelayout('login');
  52.  
  53. /// Initialize variables
  54. $errormsg = '';
  55. $errorcode = 0;
  56.  
  57. // login page requested session test
  58. if ($testsession) {
  59. if ($testsession == $USER->id) {
  60. if (isset($SESSION->wantsurl)) {
  61. $urltogo = $SESSION->wantsurl;
  62. } else {
  63. $urltogo = $CFG->wwwroot.'/';
  64. }
  65. unset($SESSION->wantsurl);
  66. redirect($urltogo);
  67. } else {
  68. // TODO: try to find out what is the exact reason why sessions do not work
  69. $errormsg = get_string("cookiesnotenabled");
  70. $errorcode = 1;
  71. }
  72. }
  73.  
  74. /// Check for timed out sessions
  75. if (!empty($SESSION->has_timed_out)) {
  76. $session_has_timed_out = true;
  77. unset($SESSION->has_timed_out);
  78. } else {
  79. $session_has_timed_out = false;
  80. }
  81.  
  82. /// auth plugins may override these - SSO anyone?
  83. $frm = false;
  84. $user = false;
  85.  
  86. $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
  87. foreach($authsequence as $authname) {
  88. $authplugin = get_auth_plugin($authname);
  89. $authplugin->loginpage_hook();
  90. }
  91.  
  92.  
  93. /// Define variables used in page
  94. $site = get_site();
  95.  
  96. $loginsite = get_string("loginsite");
  97. $PAGE->navbar->add($loginsite);
  98.  
  99. if ($user !== false or $frm !== false or $errormsg !== '') {
  100. // some auth plugin already supplied full user, fake form data or prevented user login with error message
  101.  
  102. } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
  103. // Handles the case of another Moodle site linking into a page on this site
  104. //TODO: move weblink into own auth plugin
  105. include($CFG->dirroot.'/login/weblinkauth.php');
  106. if (function_exists('weblink_auth')) {
  107. $user = weblink_auth($SESSION->wantsurl);
  108. }
  109. if ($user) {
  110. $frm->username = $user->username;
  111. } else {
  112. $frm = data_submitted();
  113. }
  114.  
  115. } else {
  116. $frm = data_submitted();
  117. }
  118.  
  119. /// Check if the user has actually submitted login data to us
  120.  
  121. if ($frm and isset($frm->username)) { // Login WITH cookies
  122.  
  123. $frm->username = trim(core_text::strtolower($frm->username));
  124.  
  125. if (is_enabled_auth('none') ) {
  126. if ($frm->username !== clean_param($frm->username, PARAM_USERNAME)) {
  127. $errormsg = get_string('username').': '.get_string("invalidusername");
  128. $errorcode = 2;
  129. $user = null;
  130. }
  131. }
  132.  
  133. if ($user) {
  134. //user already supplied by aut plugin prelogin hook
  135. } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
  136. $user = false; /// Can't log in as guest if guest button is disabled
  137. $frm = false;
  138. } else {
  139. if (empty($errormsg)) {
  140. $user = authenticate_user_login($frm->username, $frm->password);
  141. }
  142. }
  143.  
  144. // Intercept 'restored' users to provide them with info & reset password
  145. if (!$user and $frm and is_restored_user($frm->username)) {
  146. $PAGE->set_title(get_string('restoredaccount'));
  147. $PAGE->set_heading($site->fullname);
  148. echo $OUTPUT->header();
  149. echo $OUTPUT->heading(get_string('restoredaccount'));
  150. echo $OUTPUT->box(get_string('restoredaccountinfo'), 'generalbox boxaligncenter');
  151. require_once('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846
  152. $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username));
  153. $form->display();
  154. echo $OUTPUT->footer();
  155. die;
  156. }
  157.  
  158. if ($user) {
  159.  
  160. // language setup
  161. if (isguestuser($user)) {
  162. // no predefined language for guests - use existing session or default site lang
  163. unset($user->lang);
  164.  
  165. } else if (!empty($user->lang)) {
  166. // unset previous session language - use user preference instead
  167. unset($SESSION->lang);
  168. }
  169.  
  170. if (empty($user->confirmed)) { // This account was never confirmed
  171. $PAGE->set_title(get_string("mustconfirm"));
  172. $PAGE->set_heading($site->fullname);
  173. echo $OUTPUT->header();
  174. echo $OUTPUT->heading(get_string("mustconfirm"));
  175. echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter");
  176. echo $OUTPUT->footer();
  177. die;
  178. }
  179.  
  180. /// Let's get them all set up.
  181. complete_user_login($user);
  182.  
  183. // sets the username cookie
  184. if (!empty($CFG->nolastloggedin)) {
  185. // do not store last logged in user in cookie
  186. // auth plugins can temporarily override this from loginpage_hook()
  187. // do not save $CFG->nolastloggedin in database!
  188.  
  189. } else if (empty($CFG->rememberusername) or ($CFG->rememberusername == 2 and empty($frm->rememberusername))) {
  190. // no permanent cookies, delete old one if exists
  191. set_moodle_cookie('');
  192.  
  193. } else {
  194. set_moodle_cookie($USER->username);
  195. }
  196.  
  197. $urltogo = core_login_get_return_url();
  198.  
  199. /// check if user password has expired
  200. /// Currently supported only for ldap-authentication module
  201. $userauth = get_auth_plugin($USER->auth);
  202. if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
  203. if ($userauth->can_change_password()) {
  204. $passwordchangeurl = $userauth->change_password_url();
  205. if (!$passwordchangeurl) {
  206. $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
  207. }
  208. } else {
  209. $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
  210. }
  211. $days2expire = $userauth->password_expire($USER->username);
  212. $PAGE->set_title("$site->fullname: $loginsite");
  213. $PAGE->set_heading("$site->fullname");
  214. if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
  215. echo $OUTPUT->header();
  216. echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
  217. echo $OUTPUT->footer();
  218. exit;
  219. } elseif (intval($days2expire) < 0 ) {
  220. echo $OUTPUT->header();
  221. echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
  222. echo $OUTPUT->footer();
  223. exit;
  224. }
  225. }
  226.  
  227. // Discard any errors before the last redirect.
  228. unset($SESSION->loginerrormsg);
  229.  
  230. // test the session actually works by redirecting to self
  231. $SESSION->wantsurl = $urltogo;
  232. redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id)));
  233.  
  234. } else {
  235. if (empty($errormsg)) {
  236. $errormsg = get_string("invalidlogin");
  237. $errorcode = 3;
  238. }
  239. }
  240. }
  241.  
  242. /// Detect problems with timedout sessions
  243. if ($session_has_timed_out and !data_submitted()) {
  244. $errormsg = get_string('sessionerroruser', 'error');
  245. $errorcode = 4;
  246. }
  247.  
  248. /// First, let's remember where the user was trying to get to before they got here
  249.  
  250. if (empty($SESSION->wantsurl)) {
  251. $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
  252. $_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
  253. $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
  254. $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
  255. strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/?') !== 0 &&
  256. strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0 &&
  257. clean_param($_SERVER['HTTP_REFERER'], PARAM_LOCALURL) != '')
  258. // There might be some extra params such as ?lang=.
  259. ? $_SERVER["HTTP_REFERER"] : NULL;
  260. }
  261.  
  262. /// Redirect to alternative login URL if needed
  263. if (!empty($CFG->alternateloginurl)) {
  264. $loginurl = $CFG->alternateloginurl;
  265.  
  266. if (strpos($SESSION->wantsurl, $loginurl) === 0) {
  267. //we do not want to return to alternate url
  268. $SESSION->wantsurl = NULL;
  269. }
  270.  
  271. if ($errorcode) {
  272. if (strpos($loginurl, '?') === false) {
  273. $loginurl .= '?';
  274. } else {
  275. $loginurl .= '&';
  276. }
  277. $loginurl .= 'errorcode='.$errorcode;
  278. }
  279.  
  280. redirect($loginurl);
  281. }
  282.  
  283. // make sure we really are on the https page when https login required
  284. $PAGE->verify_https_required();
  285.  
  286. /// Generate the login page with forms
  287.  
  288. if (!isset($frm) or !is_object($frm)) {
  289. $frm = new stdClass();
  290. }
  291.  
  292. if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184
  293. if (!empty($_GET["username"])) {
  294. $frm->username = clean_param($_GET["username"], PARAM_RAW); // we do not want data from _POST here
  295. } else {
  296. $frm->username = get_moodle_cookie();
  297. }
  298.  
  299. $frm->password = "";
  300. }
  301.  
  302. if (!empty($frm->username)) {
  303. $focus = "password";
  304. } else {
  305. $focus = "username";
  306. }
  307.  
  308. if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) {
  309. $show_instructions = true;
  310. } else {
  311. $show_instructions = false;
  312. }
  313.  
  314. $potentialidps = array();
  315. foreach($authsequence as $authname) {
  316. $authplugin = get_auth_plugin($authname);
  317. $potentialidps = array_merge($potentialidps, $authplugin->loginpage_idp_list($SESSION->wantsurl));
  318. }
  319.  
  320. if (!empty($SESSION->loginerrormsg)) {
  321. // We had some errors before redirect, show them now.
  322. $errormsg = $SESSION->loginerrormsg;
  323. unset($SESSION->loginerrormsg);
  324.  
  325. } else if ($testsession) {
  326. // No need to redirect here.
  327. unset($SESSION->loginerrormsg);
  328.  
  329. } else if ($errormsg or !empty($frm->password)) {
  330. // We must redirect after every password submission.
  331. if ($errormsg) {
  332. $SESSION->loginerrormsg = $errormsg;
  333. }
  334. redirect(new moodle_url('/login/index.php'));
  335. }
  336.  
  337. $PAGE->set_title("$site->fullname: $loginsite");
  338. $PAGE->set_heading("$site->fullname");
  339.  
  340. echo $OUTPUT->header();
  341.  
  342. if (isloggedin() and !isguestuser()) {
  343. // prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed
  344. echo $OUTPUT->box_start();
  345. $logout = new single_button(new moodle_url($CFG->httpswwwroot.'/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post');
  346. $continue = new single_button(new moodle_url($CFG->httpswwwroot.'/login/index.php', array('cancel'=>1)), get_string('cancel'), 'get');
  347. echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
  348. echo $OUTPUT->box_end();
  349. } else {
  350. include("index_form.html");
  351. if ($errormsg) {
  352. $PAGE->requires->js_init_call('M.util.focus_login_error', null, true);
  353. } else if (!empty($CFG->loginpageautofocus)) {
  354. //focus username or password
  355. $PAGE->requires->js_init_call('M.util.focus_login_form', null, true);
  356. }
  357. }
  358.  
  359. echo $OUTPUT->footer();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!