| [ Index ] |
PHP Cross Reference of moodle-2.8 |
[Summary view] [Print] [Text view]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * Main login page. 20 * 21 * @package core 22 * @subpackage auth 23 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com 24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 25 */ 26 27 require('../config.php'); 28 require_once ('lib.php'); 29 30 // Try to prevent searching for sites that allow sign-up. 31 if (!isset($CFG->additionalhtmlhead)) { 32 $CFG->additionalhtmlhead = ''; 33 } 34 $CFG->additionalhtmlhead .= '<meta name="robots" content="noindex" />'; 35 36 redirect_if_major_upgrade_required(); 37 38 $testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly 39 $cancel = optional_param('cancel', 0, PARAM_BOOL); // redirect to frontpage, needed for loginhttps 40 41 if ($cancel) { 42 redirect(new moodle_url('/')); 43 } 44 45 //HTTPS is required in this page when $CFG->loginhttps enabled 46 $PAGE->https_required(); 47 48 $context = context_system::instance(); 49 $PAGE->set_url("$CFG->httpswwwroot/login/index.php"); 50 $PAGE->set_context($context); 51 $PAGE->set_pagelayout('login'); 52 53 /// Initialize variables 54 $errormsg = ''; 55 $errorcode = 0; 56 57 // login page requested session test 58 if ($testsession) { 59 if ($testsession == $USER->id) { 60 if (isset($SESSION->wantsurl)) { 61 $urltogo = $SESSION->wantsurl; 62 } else { 63 $urltogo = $CFG->wwwroot.'/'; 64 } 65 unset($SESSION->wantsurl); 66 redirect($urltogo); 67 } else { 68 // TODO: try to find out what is the exact reason why sessions do not work 69 $errormsg = get_string("cookiesnotenabled"); 70 $errorcode = 1; 71 } 72 } 73 74 /// Check for timed out sessions 75 if (!empty($SESSION->has_timed_out)) { 76 $session_has_timed_out = true; 77 unset($SESSION->has_timed_out); 78 } else { 79 $session_has_timed_out = false; 80 } 81 82 /// auth plugins may override these - SSO anyone? 83 $frm = false; 84 $user = false; 85 86 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence 87 foreach($authsequence as $authname) { 88 $authplugin = get_auth_plugin($authname); 89 $authplugin->loginpage_hook(); 90 } 91 92 93 /// Define variables used in page 94 $site = get_site(); 95 96 $loginsite = get_string("loginsite"); 97 $PAGE->navbar->add($loginsite); 98 99 if ($user !== false or $frm !== false or $errormsg !== '') { 100 // some auth plugin already supplied full user, fake form data or prevented user login with error message 101 102 } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) { 103 // Handles the case of another Moodle site linking into a page on this site 104 //TODO: move weblink into own auth plugin 105 include($CFG->dirroot.'/login/weblinkauth.php'); 106 if (function_exists('weblink_auth')) { 107 $user = weblink_auth($SESSION->wantsurl); 108 } 109 if ($user) { 110 $frm->username = $user->username; 111 } else { 112 $frm = data_submitted(); 113 } 114 115 } else { 116 $frm = data_submitted(); 117 } 118 119 /// Check if the user has actually submitted login data to us 120 121 if ($frm and isset($frm->username)) { // Login WITH cookies 122 123 $frm->username = trim(core_text::strtolower($frm->username)); 124 125 if (is_enabled_auth('none') ) { 126 if ($frm->username !== clean_param($frm->username, PARAM_USERNAME)) { 127 $errormsg = get_string('username').': '.get_string("invalidusername"); 128 $errorcode = 2; 129 $user = null; 130 } 131 } 132 133 if ($user) { 134 //user already supplied by aut plugin prelogin hook 135 } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) { 136 $user = false; /// Can't log in as guest if guest button is disabled 137 $frm = false; 138 } else { 139 if (empty($errormsg)) { 140 $user = authenticate_user_login($frm->username, $frm->password, false, $errorcode); 141 } 142 } 143 144 // Intercept 'restored' users to provide them with info & reset password 145 if (!$user and $frm and is_restored_user($frm->username)) { 146 $PAGE->set_title(get_string('restoredaccount')); 147 $PAGE->set_heading($site->fullname); 148 echo $OUTPUT->header(); 149 echo $OUTPUT->heading(get_string('restoredaccount')); 150 echo $OUTPUT->box(get_string('restoredaccountinfo'), 'generalbox boxaligncenter'); 151 require_once ('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846 152 $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username)); 153 $form->display(); 154 echo $OUTPUT->footer(); 155 die; 156 } 157 158 if ($user) { 159 160 // language setup 161 if (isguestuser($user)) { 162 // no predefined language for guests - use existing session or default site lang 163 unset($user->lang); 164 165 } else if (!empty($user->lang)) { 166 // unset previous session language - use user preference instead 167 unset($SESSION->lang); 168 } 169 170 if (empty($user->confirmed)) { // This account was never confirmed 171 $PAGE->set_title(get_string("mustconfirm")); 172 $PAGE->set_heading($site->fullname); 173 echo $OUTPUT->header(); 174 echo $OUTPUT->heading(get_string("mustconfirm")); 175 echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter"); 176 echo $OUTPUT->footer(); 177 die; 178 } 179 180 /// Let's get them all set up. 181 complete_user_login($user); 182 183 // sets the username cookie 184 if (!empty($CFG->nolastloggedin)) { 185 // do not store last logged in user in cookie 186 // auth plugins can temporarily override this from loginpage_hook() 187 // do not save $CFG->nolastloggedin in database! 188 189 } else if (empty($CFG->rememberusername) or ($CFG->rememberusername == 2 and empty($frm->rememberusername))) { 190 // no permanent cookies, delete old one if exists 191 set_moodle_cookie(''); 192 193 } else { 194 set_moodle_cookie($USER->username); 195 } 196 197 $urltogo = core_login_get_return_url(); 198 199 /// check if user password has expired 200 /// Currently supported only for ldap-authentication module 201 $userauth = get_auth_plugin($USER->auth); 202 if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) { 203 if ($userauth->can_change_password()) { 204 $passwordchangeurl = $userauth->change_password_url(); 205 if (!$passwordchangeurl) { 206 $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; 207 } 208 } else { 209 $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; 210 } 211 $days2expire = $userauth->password_expire($USER->username); 212 $PAGE->set_title("$site->fullname: $loginsite"); 213 $PAGE->set_heading("$site->fullname"); 214 if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) { 215 echo $OUTPUT->header(); 216 echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); 217 echo $OUTPUT->footer(); 218 exit; 219 } elseif (intval($days2expire) < 0 ) { 220 echo $OUTPUT->header(); 221 echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo); 222 echo $OUTPUT->footer(); 223 exit; 224 } 225 } 226 227 // Discard any errors before the last redirect. 228 unset($SESSION->loginerrormsg); 229 230 // test the session actually works by redirecting to self 231 $SESSION->wantsurl = $urltogo; 232 redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id))); 233 234 } else { 235 if (empty($errormsg)) { 236 if ($errorcode == AUTH_LOGIN_UNAUTHORISED) { 237 $errormsg = get_string("unauthorisedlogin", "", $frm->username); 238 } else { 239 $errormsg = get_string("invalidlogin"); 240 $errorcode = 3; 241 } 242 } 243 } 244 } 245 246 /// Detect problems with timedout sessions 247 if ($session_has_timed_out and !data_submitted()) { 248 $errormsg = get_string('sessionerroruser', 'error'); 249 $errorcode = 4; 250 } 251 252 /// First, let's remember where the user was trying to get to before they got here 253 254 if (empty($SESSION->wantsurl)) { 255 $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) && 256 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot && 257 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' && 258 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' && 259 strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/?') !== 0 && 260 strpos($_SERVER["HTTP_REFERER"], $CFG->httpswwwroot.'/login/index.php') !== 0) // There might be some extra params such as ?lang=. 261 ? $_SERVER["HTTP_REFERER"] : NULL; 262 } 263 264 /// Redirect to alternative login URL if needed 265 if (!empty($CFG->alternateloginurl)) { 266 $loginurl = $CFG->alternateloginurl; 267 268 if (strpos($SESSION->wantsurl, $loginurl) === 0) { 269 //we do not want to return to alternate url 270 $SESSION->wantsurl = NULL; 271 } 272 273 if ($errorcode) { 274 if (strpos($loginurl, '?') === false) { 275 $loginurl .= '?'; 276 } else { 277 $loginurl .= '&'; 278 } 279 $loginurl .= 'errorcode='.$errorcode; 280 } 281 282 redirect($loginurl); 283 } 284 285 // make sure we really are on the https page when https login required 286 $PAGE->verify_https_required(); 287 288 /// Generate the login page with forms 289 290 if (!isset($frm) or !is_object($frm)) { 291 $frm = new stdClass(); 292 } 293 294 if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184 295 if (!empty($_GET["username"])) { 296 $frm->username = clean_param($_GET["username"], PARAM_RAW); // we do not want data from _POST here 297 } else { 298 $frm->username = get_moodle_cookie(); 299 } 300 301 $frm->password = ""; 302 } 303 304 if (!empty($frm->username)) { 305 $focus = "password"; 306 } else { 307 $focus = "username"; 308 } 309 310 if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) { 311 $show_instructions = true; 312 } else { 313 $show_instructions = false; 314 } 315 316 $potentialidps = array(); 317 foreach($authsequence as $authname) { 318 $authplugin = get_auth_plugin($authname); 319 $potentialidps = array_merge($potentialidps, $authplugin->loginpage_idp_list($SESSION->wantsurl)); 320 } 321 322 if (!empty($SESSION->loginerrormsg)) { 323 // We had some errors before redirect, show them now. 324 $errormsg = $SESSION->loginerrormsg; 325 unset($SESSION->loginerrormsg); 326 327 } else if ($testsession) { 328 // No need to redirect here. 329 unset($SESSION->loginerrormsg); 330 331 } else if ($errormsg or !empty($frm->password)) { 332 // We must redirect after every password submission. 333 if ($errormsg) { 334 $SESSION->loginerrormsg = $errormsg; 335 } 336 redirect(new moodle_url('/login/index.php')); 337 } 338 339 $PAGE->set_title("$site->fullname: $loginsite"); 340 $PAGE->set_heading("$site->fullname"); 341 342 echo $OUTPUT->header(); 343 344 if (isloggedin() and !isguestuser()) { 345 // prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed 346 echo $OUTPUT->box_start(); 347 $logout = new single_button(new moodle_url($CFG->httpswwwroot.'/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post'); 348 $continue = new single_button(new moodle_url($CFG->httpswwwroot.'/login/index.php', array('cancel'=>1)), get_string('cancel'), 'get'); 349 echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue); 350 echo $OUTPUT->box_end(); 351 } else { 352 include ("index_form.html"); 353 if ($errormsg) { 354 $PAGE->requires->js_init_call('M.util.focus_login_error', null, true); 355 } else if (!empty($CFG->loginpageautofocus)) { 356 //focus username or password 357 $PAGE->requires->js_init_call('M.util.focus_login_form', null, true); 358 } 359 } 360 361 echo $OUTPUT->footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Nov 28 20:29:05 2014 | Cross-referenced by PHPXref 0.7.1 |