login/index.php

   1 <?php // $Id$
   2
   3
   4     require_once("../config.php");
   5
   6     // check if major upgrade needed - also present in /index.php
   7     if ((int)$CFG->version < 2006101100) { //1.7 or older
   8         @require_logout();
   9         redirect("$CFG->wwwroot/$CFG->admin/");
  10     }
  11
  12     $loginguest  = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
  13     $testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
  14
  15     //initialize variables
  16     $errormsg = '';
  17     $errorcode = 0;
  18
  19 /// Check for timed out sessions
  20     if (!empty($SESSION->has_timed_out)) {
  21         $session_has_timed_out = true;
  22         $SESSION->has_timed_out = false;
  23     } else {
  24         $session_has_timed_out = false;
  25     }
  26
  27 /// Check if the guest user exists.  If not, create one.
  28     if (! record_exists('user', 'username', 'guest')) {
  29         if (! $guest = create_guest_record()) {
  30             notify('Could not create guest user record !!!');
  31         }
  32     }
  33
  34 // setup and verify auth settings
  35
  36 if (!isset($CFG->registerauth)) {
  37     set_config('registerauth', '');
  38 }
  39
  40 if (!isset($CFG->auth_instructions)) {
  41     set_config('auth_instructions', '');
  42 }
  43
  44 // auth plugins may override these - SSO anyone?
  45 $frm  = false;
  46 $user = false;
  47
  48 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
  49 foreach($authsequence as $authname) {
  50     $authplugin = get_auth_plugin($authname);
  51     $authplugin->loginpage_hook();
  52 }
  53
  54 //HTTPS is potentially required in this page
  55 httpsrequired();
  56
  57 /// Define variables used in page
  58     if (!$site = get_site()) {
  59         error("No site found!");
  60     }
  61
  62     if (empty($CFG->langmenu)) {
  63         $langmenu = "";
  64     } else {
  65         $currlang = current_language();
  66         $langs    = get_list_of_languages();
  67         $langlabel = '<span class="accesshide">'.get_string('language').':</span>';
  68         $langmenu = popup_form ("$CFG->httpswwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true, 'self', $langlabel);
  69     }
  70
  71     $loginsite = get_string("loginsite");
  72
  73     if ($user !== false or $frm !== false) {
  74         // some auth plugin already supplied these
  75
  76     } else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
  77         /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
  78         $frm->username = 'guest';
  79         $frm->password = 'guest';
  80
  81     } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
  82         // Handles the case of another Moodle site linking into a page on this site
  83         //TODO: move weblink into own auth plugin
  84         include($CFG->dirroot.'/login/weblinkauth.php');
  85         if (function_exists(weblink_auth)) {
  86             $user = weblink_auth($SESSION->wantsurl);
  87         }
  88         if ($user) {
  89             $frm->username = $user->username;
  90         } else {
  91             $frm = data_submitted();
  92         }
  93
  94     } else {
  95         $frm = data_submitted();
  96     }
  97
  98 /// Check if the user has actually submitted login data to us
  99
 100     if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) {    // Login without cookie when test requested
 101
 102         $errormsg = get_string("cookiesnotenabled");
 103         $errorcode = 1;
 104
 105     } else if ($frm) {                             // Login WITH cookies
 106
 107         $frm->username = trim(moodle_strtolower($frm->username));
 108
 109         if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) {
 110             $string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username);
 111             if (strcmp($frm->username, $string)) {
 112                 $errormsg = get_string('username').': '.get_string("alphanumerical");
 113                 $errorcode = 2;
 114
 115                 $user = null;
 116             }
 117         }
 118
 119         if ($user) {
 120             //user already supplied by aut plugin prelogin hook
 121         } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
 122             $user = false;    /// Can't log in as guest if guest button is disabled
 123             $frm = false;
 124         } else {
 125             if (empty($errormsg)) {
 126                 $user = authenticate_user_login($frm->username, $frm->password);
 127             }
 128         }
 129         update_login_count();
 130
 131         if ($user) {
 132
 133             // language setup
 134             if ($user->username == 'guest') {
 135                 // no predefined language for guests - use existing session or default site lang
 136                 unset($user->lang);
 137
 138             } else if (!empty($user->lang)) {
 139                 // unset previous session language - use user preference instead
 140                 unset($SESSION->lang);
 141             }
 142
 143             if (empty($user->confirmed)) {       // This account was never confirmed
 144                 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
 145                 print_heading(get_string("mustconfirm"));
 146                 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
 147                 print_footer();
 148                 die;
 149             }
 150
 151             // Let's get them all set up.
 152             $USER = $user;
 153
 154             add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
 155
 156
 157             update_user_login_times();
 158             if (empty($CFG->nolastloggedin)) {
 159                 set_moodle_cookie($USER->username);
 160             } else {
 161                 // do not store last logged in user in cookie
 162                 // auth plugins can temporarily override this from loginpage_hook()
 163                 // do not save $CFG->nolastloggedin in database!
 164                 set_moodle_cookie('nobody');
 165             }
 166             set_login_session_preferences();
 167
 168             /// This is what lets the user do anything on the site :-)
 169             load_all_capabilities();
 170             $userauth = get_auth_plugin($USER->auth);
 171
 172             // check whether the user should be changing password
 173             if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
 174                 //Select password change url
 175                 if ($userauth->can_change_password()) {
 176                     if ($changeurl = $userauth->change_password_url()) {
 177                         redirect($changeurl);
 178                     } else {
 179                         redirect($CFG->httpswwwroot.'/login/change_password.php');
 180                     }
 181                 } else {
 182                     error(get_string('nopasswordchangeforced', 'auth'));
 183                 }
 184             }
 185
 186
 187           /// Prepare redirection
 188             if (user_not_fully_set_up($USER)) {
 189                 $urltogo = $CFG->wwwroot.'/user/edit.php';
 190                 // We don't delete $SESSION->wantsurl yet, so we get there later
 191
 192             } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
 193                 $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
 194                 unset($SESSION->wantsurl);
 195
 196             } else {
 197                 // no wantsurl stored or external - go to homepage
 198                 $urltogo = $CFG->wwwroot.'/';
 199                 unset($SESSION->wantsurl);
 200             }
 201
 202           /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
 203             if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
 204                 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
 205                     $urltogo = $CFG->wwwroot.'/my/';
 206                 }
 207             }
 208
 209
 210             // check if user password has expired
 211             // Currently supported only for ldap-authentication module
 212             if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
 213                     $days2expire = $userauth->password_expire($USER->username);
 214                         if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
 215                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
 216                         notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
 217                         print_footer();
 218                         exit;
 219                     } elseif (intval($days2expire) < 0 ) {
 220                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
 221                         notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
 222                         print_footer();
 223                         exit;
 224                     }
 225             }
 226
 227             reset_login_count();
 228
 229             redirect($urltogo);
 230
 231             exit;
 232
 233         } else {
 234             if (empty($errormsg)) {
 235                 $errormsg = get_string("invalidlogin");
 236                 $errorcode = 3;
 237             }
 238
 239             // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
 240             if ( !empty($CFG->mnet_dispatcher_mode)
 241                  && $CFG->mnet_dispatcher_mode === 'strict'
 242                  && is_enabled_auth('mnet')) {
 243                 $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
 244             }
 245         }
 246     }
 247
 248 /// Detect problems with timedout sessions
 249     if ($session_has_timed_out and !data_submitted()) {
 250         $errormsg = get_string('sessionerroruser', 'error');
 251         $errorcode = 4;
 252     }
 253
 254 /// First, let's remember where the user was trying to get to before they got here
 255
 256     if (empty($SESSION->wantsurl)) {
 257         $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
 258                               $_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
 259                               $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
 260                               $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
 261                               $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
 262             ? $_SERVER["HTTP_REFERER"] : NULL;
 263     }
 264
 265 /// Redirect to alternative login URL if needed
 266     if (!empty($CFG->alternateloginurl)) {
 267         $loginurl = $CFG->alternateloginurl;
 268
 269         if (strpos($SESSION->wantsurl, $loginurl) === 0) {
 270             //we do not want to return to alternate url
 271             $SESSION->wantsurl = NULL;
 272         }
 273
 274         if ($errorcode) {
 275             if (strpos($loginurl, '?') === false) {
 276                 $loginurl .= '?';
 277             } else {
 278                 $loginurl .= '&';
 279             }
 280             $loginurl .= 'errorcode='.$errorcode;
 281         }
 282
 283         redirect($loginurl);
 284     }
 285
 286
 287 /// Generate the login page with forms
 288
 289     if (get_moodle_cookie() == '') {
 290         set_moodle_cookie('nobody');   // To help search for cookies
 291     }
 292
 293     if (empty($frm->username) && $authsequence[0] != 'shibboleth') {  // See bug 5184
 294         $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
 295         $frm->password = "";
 296     }
 297
 298     if (!empty($frm->username)) {
 299         $focus = "password";
 300     } else {
 301         $focus = "username";
 302     }
 303
 304     if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) {
 305         $show_instructions = true;
 306     } else {
 307         $show_instructions = false;
 308     }
 309
 310     print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus,
 311                  '', true, '<div class="langmenu">'.$langmenu.'</div>');
 312
 313     include("index_form.html");
 314
 315     print_footer();
 316
 317
 318 ?>