search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-15683, get query string instead of calling me().
[moodle-linuxchix.git] / login / index.php
blobc7c5187ee9a32f63c1294f0d624bf422412d912d
1 <?php // $Id$
2
3
4 require_once("../config.php");
5
6 // check if major upgrade needed - also present in /index.php
7 if ((int)$CFG->version < 2006101100) { //1.7 or older
8 @require_logout();
9 redirect("$CFG->wwwroot/$CFG->admin/");
10 }
11
12 $loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
13 $testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
14
15 //initialize variables
16 $errormsg = '';
17 $errorcode = 0;
18
19 /// Check for timed out sessions
20 if (!empty($SESSION->has_timed_out)) {
21 $session_has_timed_out = true;
22 $SESSION->has_timed_out = false;
23 } else {
24 $session_has_timed_out = false;
25 }
26
27 /// Check if the guest user exists. If not, create one.
28 if (! record_exists('user', 'username', 'guest', 'mnethostid', $CFG->mnet_localhost_id)) {
29 if (! $guest = create_guest_record()) {
30 notify('Could not create guest user record !!!');
31 }
32 }
33
34 // setup and verify auth settings
35
36 if (!isset($CFG->registerauth)) {
37 set_config('registerauth', '');
38 }
39
40 if (!isset($CFG->auth_instructions)) {
41 set_config('auth_instructions', '');
42 }
43
44 // auth plugins may override these - SSO anyone?
45 $frm = false;
46 $user = false;
47
48 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
49 foreach($authsequence as $authname) {
50 $authplugin = get_auth_plugin($authname);
51 $authplugin->loginpage_hook();
52 }
53
54 //HTTPS is potentially required in this page
55 httpsrequired();
56
57 /// Define variables used in page
58 if (!$site = get_site()) {
59 error("No site found!");
60 }
61
62 if (empty($CFG->langmenu)) {
63 $langmenu = "";
64 } else {
65 $currlang = current_language();
66 $langs = get_list_of_languages();
67 $langlabel = get_accesshide(get_string('language'));
68 $langmenu = popup_form ("$CFG->httpswwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true, 'self', $langlabel);
69 }
70
71 $loginsite = get_string("loginsite");
72 $navlinks = array(array('name' => $loginsite, 'link' => null, 'type' => 'misc'));
73 $navigation = build_navigation($navlinks);
74
75 if ($user !== false or $frm !== false) {
76 // some auth plugin already supplied these
77
78 } else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
79 /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
80 $frm->username = 'guest';
81 $frm->password = 'guest';
82
83 } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
84 // Handles the case of another Moodle site linking into a page on this site
85 //TODO: move weblink into own auth plugin
86 include($CFG->dirroot.'/login/weblinkauth.php');
87 if (function_exists(weblink_auth)) {
88 $user = weblink_auth($SESSION->wantsurl);
89 }
90 if ($user) {
91 $frm->username = $user->username;
92 } else {
93 $frm = data_submitted();
94 }
95
96 } else {
97 $frm = data_submitted();
98 }
99
100 /// Check if the user has actually submitted login data to us
101
102 if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested
103
104 $errormsg = get_string("cookiesnotenabled");
105 $errorcode = 1;
106
107 } else if ($frm) { // Login WITH cookies
108
109 $frm->username = trim(moodle_strtolower($frm->username));
110
111 if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) {
112 $string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username);
113 if (strcmp($frm->username, $string)) {
114 $errormsg = get_string('username').': '.get_string("alphanumerical");
115 $errorcode = 2;
116
117 $user = null;
118 }
119 }
120
121 if ($user) {
122 //user already supplied by aut plugin prelogin hook
123 } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
124 $user = false; /// Can't log in as guest if guest button is disabled
125 $frm = false;
126 } else {
127 if (empty($errormsg)) {
128 $user = authenticate_user_login($frm->username, $frm->password);
129 }
130 }
131 update_login_count();
132
133 if ($user) {
134
135 // language setup
136 if ($user->username == 'guest') {
137 // no predefined language for guests - use existing session or default site lang
138 unset($user->lang);
139
140 } else if (!empty($user->lang)) {
141 // unset previous session language - use user preference instead
142 unset($SESSION->lang);
143 }
144
145 if (empty($user->confirmed)) { // This account was never confirmed
146 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
147 print_heading(get_string("mustconfirm"));
148 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
149 print_footer();
150 die;
151 }
152
153 if ($frm->password == 'changeme') {
154 //force the change
155 set_user_preference('auth_forcepasswordchange', true, $user->id);
156 }
157
158 /// Let's get them all set up.
159 add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID,
160 $user->id, 0, $user->id);
161 $USER = complete_user_login($user);
162
163 /// Prepare redirection
164 if (user_not_fully_set_up($USER)) {
165 $urltogo = $CFG->wwwroot.'/user/edit.php';
166 // We don't delete $SESSION->wantsurl yet, so we get there later
167
168 } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
169 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
170 unset($SESSION->wantsurl);
171
172 } else {
173 // no wantsurl stored or external - go to homepage
174 $urltogo = $CFG->wwwroot.'/';
175 unset($SESSION->wantsurl);
176 }
177
178 /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
179 if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
180 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
181 $urltogo = $CFG->wwwroot.'/my/';
182 }
183 }
184
185
186 /// check if user password has expired
187 /// Currently supported only for ldap-authentication module
188 $userauth = get_auth_plugin($USER->auth);
189 if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
190 if ($userauth->can_change_password()) {
191 $passwordchangeurl = $userauth->change_password_url();
192 } else {
193 $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
194 }
195 $days2expire = $userauth->password_expire($USER->username);
196 if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
197 print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, '', '', true, "<div class=\"langmenu\">$langmenu</div>");
198 notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
199 print_footer();
200 exit;
201 } elseif (intval($days2expire) < 0 ) {
202 print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, '', '', true, "<div class=\"langmenu\">$langmenu</div>");
203 notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
204 print_footer();
205 exit;
206 }
207 }
208
209 reset_login_count();
210
211 redirect($urltogo);
212
213 exit;
214
215 } else {
216 if (empty($errormsg)) {
217 $errormsg = get_string("invalidlogin");
218 $errorcode = 3;
219 }
220
221 // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
222 if ( !empty($CFG->mnet_dispatcher_mode)
223 && $CFG->mnet_dispatcher_mode === 'strict'
224 && is_enabled_auth('mnet')) {
225 $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
226 }
227 }
228 }
229
230 /// Detect problems with timedout sessions
231 if ($session_has_timed_out and !data_submitted()) {
232 $errormsg = get_string('sessionerroruser', 'error');
233 $errorcode = 4;
234 }
235
236 /// First, let's remember where the user was trying to get to before they got here
237
238 if (empty($SESSION->wantsurl)) {
239 $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
240 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
241 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
242 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
243 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
244 ? $_SERVER["HTTP_REFERER"] : NULL;
245 }
246
247 /// Redirect to alternative login URL if needed
248 if (!empty($CFG->alternateloginurl)) {
249 $loginurl = $CFG->alternateloginurl;
250
251 if (strpos($SESSION->wantsurl, $loginurl) === 0) {
252 //we do not want to return to alternate url
253 $SESSION->wantsurl = NULL;
254 }
255
256 if ($errorcode) {
257 if (strpos($loginurl, '?') === false) {
258 $loginurl .= '?';
259 } else {
260 $loginurl .= '&';
261 }
262 $loginurl .= 'errorcode='.$errorcode;
263 }
264
265 redirect($loginurl);
266 }
267
268
269 /// Generate the login page with forms
270
271 if (get_moodle_cookie() == '') {
272 set_moodle_cookie('nobody'); // To help search for cookies
273 }
274
275 if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184
276 $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
277 $frm->password = "";
278 }
279
280 if (!empty($frm->username)) {
281 $focus = "password";
282 } else {
283 $focus = "username";
284 }
285
286 if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) {
287 $show_instructions = true;
288 } else {
289 $show_instructions = false;
290 }
291
292 print_header("$site->fullname: $loginsite", $site->fullname, $navigation, $focus,
293 '', true, '<div class="langmenu">'.$langmenu.'</div>');
294
295 include("index_form.html");
296
297 print_footer();
298
299
300 ?>
Moodle Repo, with LinuxChix modifications