search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
MDL-11515:
[moodle-linuxchix.git] / auth / db / auth.php
blobe8b2e50c361cf1ec74f3cf54d9411de69b52612c
1 <?php
2
3 /**
4 * @author Martin Dougiamas
5 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
6 * @package moodle multiauth
7 *
8 * Authentication Plugin: External Database Authentication
9 *
10 * Checks against an external database.
11 *
12 * 2006-08-28 File created.
13 */
14
15 if (!defined('MOODLE_INTERNAL')) {
16 die('Direct access to this script is forbidden.'); /// It must be included from a Moodle page
17 }
18
19 require_once($CFG->libdir.'/authlib.php');
20
21 /**
22 * External database authentication plugin.
23 */
24 class auth_plugin_db extends auth_plugin_base {
25
26 /**
27 * Constructor.
28 */
29 function auth_plugin_db() {
30 $this->authtype = 'db';
31 $this->config = get_config('auth/db');
32 if (empty($this->config->extencoding)) {
33 $this->config->extencoding = 'utf-8';
34 }
35 }
36
37 /**
38 * Returns true if the username and password work and false if they are
39 * wrong or don't exist.
40 *
41 * @param string $username The username (with system magic quotes)
42 * @param string $password The password (with system magic quotes)
43 *
44 * @return bool Authentication success or failure.
45 */
46 function user_login($username, $password) {
47
48 global $CFG;
49
50 $textlib = textlib_get_instance();
51 $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
52 $extpassword = $textlib->convert(stripslashes($password), 'utf-8', $this->config->extencoding);
53
54 $authdb = $this->db_init();
55
56 if ($this->config->passtype === 'internal') {
57 // lookup username externally, but resolve
58 // password locally -- to support backend that
59 // don't track passwords
60 $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
61 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ");
62 $authdb->Close();
63
64 if (!$rs) {
65 print_error('auth_dbcantconnect','auth');
66 return false;
67 }
68
69 if ( $rs->RecordCount() ) {
70 // user exists exterally
71 // check username/password internally
72 if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
73 return validate_internal_user_password($user, $password);
74 }
75 } else {
76 // user does not exist externally
77 return false;
78 }
79
80 } else {
81 // normal case: use external db for passwords
82
83 if ($this->config->passtype === 'md5') { // Re-format password accordingly
84 $extpassword = md5($extpassword);
85 } else if ($this->config->passtype === 'sha1') {
86 $extpassword = sha1($extpassword);
87 }
88
89 $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
90 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'
91 AND {$this->config->fieldpass} = '".$this->ext_addslashes($extpassword)."' ");
92 $authdb->Close();
93
94 if (!$rs) {
95 print_error('auth_dbcantconnect','auth');
96 return false;
97 }
98
99 if ($rs->RecordCount()) {
100 return true;
101 } else {
102 return false;
103 }
104
105 }
106 }
107
108 function db_init() {
109 // Connect to the external database (forcing new connection)
110 $authdb = &ADONewConnection($this->config->type);
111 if (!empty($this->config->debugauthdb)) {
112 $authdb->debug = true;
113 ob_start();//start output buffer to allow later use of the page headers
114 }
115 $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
116 $authdb->SetFetchMode(ADODB_FETCH_ASSOC);
117 if (!empty($this->config->setupsql)) {
118 $authdb->Execute($this->config->setupsql);
119 }
120
121 return $authdb;
122 }
123 /**
124 * retuns user attribute mappings between moodle and ldap
125 *
126 * @return array
127 */
128 function db_attributes() {
129 $fields = array("firstname", "lastname", "email", "phone1", "phone2",
130 "department", "address", "city", "country", "description",
131 "idnumber", "lang" );
132 $moodleattributes = array();
133 foreach ($fields as $field) {
134 if (!empty($this->config->{"field_map_$field"})) {
135 $moodleattributes[$field] = $this->config->{"field_map_$field"};
136 }
137 }
138 $moodleattributes['username'] = $this->config->fielduser;
139 return $moodleattributes;
140 }
141
142 /**
143 * Reads any other information for a user from external database,
144 * then returns it in an array
145 *
146 * @param string $username (with system magic quotes)
147 *
148 * @return array without magic quotes
149 */
150 function get_userinfo($username) {
151
152 global $CFG;
153
154 $textlib = textlib_get_instance();
155 $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
156
157 $authdb = $this->db_init();
158
159 //Array to map local fieldnames we want, to external fieldnames
160 $selectfields = $this->db_attributes();
161
162 $result = array();
163 //If at least one field is mapped from external db, get that mapped data:
164 if ($selectfields) {
165 $select = '';
166 foreach ($selectfields as $localname=>$externalname) {
167 $select .= ", $externalname AS $localname";
168 }
169 $select = 'SELECT ' . substr($select,1);
170 $sql = $select .
171 " FROM {$this->config->table}" .
172 " WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'";
173 if ($rs = $authdb->Execute($sql)) {
174 if ( $rs->RecordCount() == 1 ) {
175 $fields_obj = rs_fetch_record($rs);
176 foreach ($selectfields as $localname=>$externalname) {
177 $result[$localname] = $textlib->convert($fields_obj->{$localname}, $this->config->extencoding, 'utf-8');
178 }
179 }
180 rs_close($rs);
181 }
182 }
183 $authdb->Close();
184 return $result;
185
186 }
187
188
189 /**
190 * Change a user's password
191 *
192 * @param object $user User table object (with system magic quotes)
193 * @param string $newpassword Plaintext password (with system magic quotes)
194 *
195 * @return bool True on success
196 */
197 function user_update_password($user, $newpassword) {
198
199 global $CFG;
200 if ($this->config->passtype === 'internal') {
201 return update_internal_user_password($user, $newpassword);
202 } else {
203 // we should have never been called!
204 return false;
205 }
206 }
207
208 /**
209 * syncronizes user fron external db to moodle user table
210 *
211 * Sync shouid be done by using idnumber attribute, not username.
212 * You need to pass firstsync parameter to function to fill in
213 * idnumbers if they dont exists in moodle user table.
214 *
215 * Syncing users removes (disables) users that dont exists anymore in external db.
216 * Creates new users and updates coursecreator status of users.
217 *
218 * @param bool $do_updates Optional: set to true to force an update of existing accounts
219 *
220 * This implementation is simpler but less scalable than the one found in the LDAP module.
221 *
222 */
223 function sync_users($do_updates=false) {
224
225 global $CFG;
226 $pcfg = get_config('auth/db');
227
228 /// list external users
229 $userlist = $this->get_userlist();
230 $quoteduserlist = implode("', '", addslashes_recursive($userlist));
231 $quoteduserlist = "'$quoteduserlist'";
232
233 /// delete obsolete internal users
234 if (!empty($this->config->removeuser)) {
235
236 // find obsolete users
237 if (count($userlist)) {
238 $sql = "SELECT u.id, u.username, u.email
239 FROM {$CFG->prefix}user u
240 WHERE u.auth='db' AND u.deleted=0 AND u.username NOT IN ($quoteduserlist)";
241 } else {
242 $sql = "SELECT u.id, u.username, u.email
243 FROM {$CFG->prefix}user u
244 WHERE u.auth='db' AND u.deleted=0";
245 }
246 $remove_users = get_records_sql($sql);
247
248 if (!empty($remove_users)) {
249 print_string('auth_dbuserstoremove','auth', count($remove_users)); echo "\n";
250
251 foreach ($remove_users as $user) {
252 if ($this->config->removeuser == 2) {
253 if (delete_user($user)) {
254 echo "\t"; print_string('auth_dbdeleteuser', 'auth', array($user->username, $user->id)); echo "\n";
255 } else {
256 echo "\t"; print_string('auth_dbdeleteusererror', 'auth', $user->username); echo "\n";
257 }
258 } else if ($this->config->removeuser == 1) {
259 $updateuser = new object();
260 $updateuser->id = $user->id;
261 $updateuser->auth = 'nologin';
262 if (update_record('user', $updateuser)) {
263 echo "\t"; print_string('auth_dbsuspenduser', 'auth', array($user->username, $user->id)); echo "\n";
264 } else {
265 echo "\t"; print_string('auth_dbsuspendusererror', 'auth', $user->username); echo "\n";
266 }
267 }
268 }
269 }
270 unset($remove_users); // free mem!
271 }
272
273 if (!count($userlist)) {
274 // exit right here
275 // nothing else to do
276 return true;
277 }
278
279 ///
280 /// update existing accounts
281 ///
282 if ($do_updates) {
283 // narrow down what fields we need to update
284 $all_keys = array_keys(get_object_vars($this->config));
285 $updatekeys = array();
286 foreach ($all_keys as $key) {
287 if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
288 if ($this->config->{$key} === 'onlogin') {
289 array_push($updatekeys, $match[1]); // the actual key name
290 }
291 }
292 }
293 // print_r($all_keys); print_r($updatekeys);
294 unset($all_keys); unset($key);
295
296 // only go ahead if we actually
297 // have fields to update locally
298 if (!empty($updatekeys)) {
299 $sql = 'SELECT u.id, u.username
300 FROM ' . $CFG->prefix .'user u
301 WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username IN (' . $quoteduserlist . ')';
302 if ($update_users = get_records_sql($sql)) {
303 print "User entries to update: ". count($update_users). "\n";
304
305 foreach ($update_users as $user) {
306 echo "\t"; print_string('auth_dbupdatinguser', 'auth', array($user->username, $user->id));
307 if (!$this->update_user_record(addslashes($user->username), $updatekeys)) {
308 echo " - ".get_string('skipped');
309 }
310 echo "\n";
311 }
312 unset($update_users); // free memory
313 }
314 }
315 }
316
317
318 ///
319 /// create missing accounts
320 ///
321 // NOTE: this is very memory intensive
322 // and generally inefficient
323 $sql = 'SELECT u.id, u.username
324 FROM ' . $CFG->prefix .'user u
325 WHERE u.auth=\'db\' AND u.deleted=\'0\'';
326
327 $users = get_records_sql($sql);
328
329 // simplify down to usernames
330 $usernames = array();
331 foreach ($users as $user) {
332 array_push($usernames, $user->username);
333 }
334 unset($users);
335
336 $add_users = array_diff($userlist, $usernames);
337 unset($usernames);
338
339 if (!empty($add_users)) {
340 print_string('auth_dbuserstoadd','auth',count($add_users)); echo "\n";
341 begin_sql();
342 foreach($add_users as $user) {
343 $username = $user;
344 $user = $this->get_userinfo_asobj($user);
345
346 // prep a few params
347 $user->username = $username;
348 $user->modified = time();
349 $user->confirmed = 1;
350 $user->auth = 'db';
351 $user->mnethostid = $CFG->mnet_localhost_id;
352 if (empty($user->lang)) {
353 $user->lang = $CFG->lang;
354 }
355
356 $user = addslashes_object($user);
357 // maybe the user has been deleted before
358 if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1, 'mnethostid', $user->mnethostid)) {
359 $user->id = $old_user->id;
360 set_field('user', 'deleted', 0, 'username', $user->username);
361 echo "\t"; print_string('auth_dbreviveuser', 'auth', array(stripslashes($user->username), $user->id)); echo "\n";
362 } elseif ($id = insert_record ('user',$user)) { // it is truly a new user
363 echo "\t"; print_string('auth_dbinsertuser','auth',array(stripslashes($user->username), $id)); echo "\n";
364 // if relevant, tag for password generation
365 if ($this->config->passtype === 'internal') {
366 set_user_preference('auth_forcepasswordchange', 1, $id);
367 set_user_preference('create_password', 1, $id);
368 }
369 } else {
370 echo "\t"; print_string('auth_dbinsertusererror', 'auth', $user->username); echo "\n";
371 }
372 }
373 commit_sql();
374 unset($add_users); // free mem
375 }
376 return true;
377 }
378
379 function user_exists($username) {
380
381 /// Init result value
382 $result = false;
383
384 $textlib = textlib_get_instance();
385 $extusername = $textlib->convert(stripslashes($username), 'utf-8', $this->config->extencoding);
386
387 $authdb = $this->db_init();
388
389 $rs = $authdb->Execute("SELECT * FROM {$this->config->table}
390 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ");
391
392 if (!$rs) {
393 print_error('auth_dbcantconnect','auth');
394 } else if ( $rs->RecordCount() ) {
395 // user exists exterally
396 $result = $rs->RecordCount();
397 }
398
399 $authdb->Close();
400 return $result;
401 }
402
403
404 function get_userlist() {
405
406 /// Init result value
407 $result = array();
408
409 $authdb = $this->db_init();
410
411 // fetch userlist
412 $rs = $authdb->Execute("SELECT {$this->config->fielduser} AS username
413 FROM {$this->config->table} ");
414
415 if (!$rs) {
416 print_error('auth_dbcantconnect','auth');
417 } else if ( $rs->RecordCount() ) {
418 while ($rec = rs_fetch_next_record($rs)) {
419 array_push($result, $rec->username);
420 }
421 }
422
423 $authdb->Close();
424 return $result;
425 }
426
427 /**
428 * reads userinformation from DB and return it in an object
429 *
430 * @param string $username username (with system magic quotes)
431 * @return array
432 */
433 function get_userinfo_asobj($username) {
434 $user_array = truncate_userinfo($this->get_userinfo($username));
435 $user = new object();
436 foreach($user_array as $key=>$value) {
437 $user->{$key} = $value;
438 }
439 return $user;
440 }
441
442 /**
443 * will update a local user record from an external source.
444 * is a lighter version of the one in moodlelib -- won't do
445 * expensive ops such as enrolment
446 *
447 * If you don't pass $updatekeys, there is a performance hit and
448 * values removed from DB won't be removed from moodle.
449 *
450 * @param string $username username (with system magic quotes)
451 */
452 function update_user_record($username, $updatekeys=false) {
453 global $CFG;
454
455 //just in case check text case
456 $username = trim(moodle_strtolower($username));
457
458 // get the current user record
459 $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
460 if (empty($user)) { // trouble
461 error_log("Cannot update non-existent user: $username");
462 print_error('auth_dbusernotexist','auth',$username);
463 die;
464 }
465
466 // Ensure userid is not overwritten
467 $userid = $user->id;
468
469 if ($newinfo = $this->get_userinfo($username)) {
470 $newinfo = truncate_userinfo($newinfo);
471
472 if (empty($updatekeys)) { // all keys? this does not support removing values
473 $updatekeys = array_keys($newinfo);
474 }
475
476 foreach ($updatekeys as $key) {
477 if (isset($newinfo[$key])) {
478 $value = $newinfo[$key];
479 } else {
480 $value = '';
481 }
482
483 if (!empty($this->config->{'field_updatelocal_' . $key})) {
484 if ($user->{$key} != $value) { // only update if it's changed
485 set_field('user', $key, addslashes($value), 'id', $userid);
486 }
487 }
488 }
489 }
490 return get_record_select('user', "id = $userid AND deleted = 0");
491 }
492
493 /**
494 * Called when the user record is updated.
495 * Modifies user in external database. It takes olduser (before changes) and newuser (after changes)
496 * conpares information saved modified information to external db.
497 *
498 * @param mixed $olduser Userobject before modifications (without system magic quotes)
499 * @param mixed $newuser Userobject new modified userobject (without system magic quotes)
500 * @return boolean result
501 *
502 */
503 function user_update($olduser, $newuser) {
504 if (isset($olduser->username) and isset($newuser->username) and $olduser->username != $newuser->username) {
505 error_log("ERROR:User renaming not allowed in ext db");
506 return false;
507 }
508
509 if (isset($olduser->auth) and $olduser->auth != 'db') {
510 return true; // just change auth and skip update
511 }
512
513 $curruser = $this->get_userinfo($olduser->username);
514 if (empty($curruser)) {
515 error_log("ERROR:User $olduser->username found in ext db");
516 return false;
517 }
518
519 $textlib = textlib_get_instance();
520 $extusername = $textlib->convert($olduser->username, 'utf-8', $this->config->extencoding);
521
522 $authdb = $this->db_init();
523
524 $update = array();
525 foreach($curruser as $key=>$value) {
526 if ($key == 'username') {
527 continue; // skip this
528 }
529 if (empty($this->config->{"field_updateremote_$key"})) {
530 continue; // remote update not requested
531 }
532 if (!isset($newuser->$key)) {
533 continue;
534 }
535 $nuvalue = stripslashes($newuser->$key);
536 if ($nuvalue != $value) {
537 $update[] = $this->config->{"field_map_$key"}."='".$this->ext_addslashes($textlib->convert($nuvalue, 'utf-8', $this->config->extencoding))."'";
538 }
539 }
540 if (!empty($update)) {
541 $authdb->Execute("UPDATE {$this->config->table}
542 SET ".implode(',', $update)."
543 WHERE {$this->config->fielduser}='".$this->ext_addslashes($extusername)."'");
544 }
545 $authdb->Close();
546 return true;
547 }
548
549 /**
550 * A chance to validate form data, and last chance to
551 * do stuff before it is inserted in config_plugin
552 */
553 function validate_form(&$form, &$err) {
554 if ($form->passtype === 'internal') {
555 $this->config->changepasswordurl = '';
556 set_config('changepasswordurl', '', 'auth/db');
557 }
558 }
559
560 /**
561 * Returns true if this authentication plugin is 'internal'.
562 *
563 * @return bool
564 */
565 function is_internal() {
566 return ($this->config->passtype == 'internal');
567 }
568
569 /**
570 * Returns true if this authentication plugin can change the user's
571 * password.
572 *
573 * @return bool
574 */
575 function can_change_password() {
576 return ($this->config->passtype == 'internal' or !empty($this->config->changepasswordurl));
577 }
578
579 /**
580 * Returns the URL for changing the user's pw, or empty if the default can
581 * be used.
582 *
583 * @return string
584 */
585 function change_password_url() {
586 if ($this->config->passtype == 'internal') {
587 // standard form
588 return '';
589 } else {
590 // use custom url
591 return $this->config->changepasswordurl;
592 }
593 }
594
595 /**
596 * Returns true if plugin allows resetting of internal password.
597 *
598 * @return bool
599 */
600 function can_reset_password() {
601 return ($this->config->passtype == 'internal');
602 }
603
604 /**
605 * Prints a form for configuring this authentication plugin.
606 *
607 * This function is called from admin/auth.php, and outputs a full page with
608 * a form for configuring this plugin.
609 *
610 * @param array $page An object containing all the data for this page.
611 */
612 function config_form($config, $err, $user_fields) {
613 include 'config.html';
614 }
615
616 /**
617 * Processes and stores configuration data for this authentication plugin.
618 */
619 function process_config($config) {
620 // set to defaults if undefined
621 if (!isset($config->host)) {
622 $config->host = 'localhost';
623 }
624 if (!isset($config->type)) {
625 $config->type = 'mysql';
626 }
627 if (!isset($config->sybasequoting)) {
628 $config->sybasequoting = 0;
629 }
630 if (!isset($config->name)) {
631 $config->name = '';
632 }
633 if (!isset($config->user)) {
634 $config->user = '';
635 }
636 if (!isset($config->pass)) {
637 $config->pass = '';
638 }
639 if (!isset($config->table)) {
640 $config->table = '';
641 }
642 if (!isset($config->fielduser)) {
643 $config->fielduser = '';
644 }
645 if (!isset($config->fieldpass)) {
646 $config->fieldpass = '';
647 }
648 if (!isset($config->passtype)) {
649 $config->passtype = 'plaintext';
650 }
651 if (!isset($config->extencoding)) {
652 $config->extencoding = 'utf-8';
653 }
654 if (!isset($config->setupsql)) {
655 $config->setupsql = '';
656 }
657 if (!isset($config->debugauthdb)) {
658 $config->debugauthdb = 0;
659 }
660 if (!isset($config->removeuser)) {
661 $config->removeuser = 0;
662 }
663 if (!isset($config->changepasswordurl)) {
664 $config->changepasswordurl = '';
665 }
666
667 $config = stripslashes_recursive($config);
668 // save settings
669 set_config('host', $config->host, 'auth/db');
670 set_config('type', $config->type, 'auth/db');
671 set_config('sybasequoting', $config->sybasequoting, 'auth/db');
672 set_config('name', $config->name, 'auth/db');
673 set_config('user', $config->user, 'auth/db');
674 set_config('pass', $config->pass, 'auth/db');
675 set_config('table', $config->table, 'auth/db');
676 set_config('fielduser', $config->fielduser, 'auth/db');
677 set_config('fieldpass', $config->fieldpass, 'auth/db');
678 set_config('passtype', $config->passtype, 'auth/db');
679 set_config('extencoding', trim($config->extencoding), 'auth/db');
680 set_config('setupsql', trim($config->setupsql),'auth/db');
681 set_config('debugauthdb', $config->debugauthdb, 'auth/db');
682 set_config('removeuser', $config->removeuser, 'auth/db');
683 set_config('changepasswordurl', trim($config->changepasswordurl), 'auth/db');
684
685 return true;
686 }
687
688 function ext_addslashes($text) {
689 // using custom made function for now
690 if (empty($this->config->sybasequoting)) {
691 $text = str_replace('\\', '\\\\', $text);
692 $text = str_replace(array('\'', '"', "\0"), array('\\\'', '\\"', '\\0'), $text);
693 } else {
694 $text = str_replace("'", "''", $text);
695 }
696 return $text;
697 }
698 }
699
700 ?>
Moodle Repo, with LinuxChix modifications