3 // Allows the admin to control user logins from remote moodles.
5 require_once dirname(dirname(dirname(__FILE__
))) . '/config.php';
6 require_once($CFG->libdir
.'/adminlib.php');
7 include_once($CFG->dirroot
.'/mnet/lib.php');
9 $sort = optional_param('sort', 'username', PARAM_ALPHA
);
10 $dir = optional_param('dir', 'ASC', PARAM_ALPHA
);
11 $page = optional_param('page', 0, PARAM_INT
);
12 $perpage = optional_param('perpage', 30, PARAM_INT
);
13 $action = trim(strtolower(optional_param('action', '', PARAM_ALPHA
)));
17 admin_externalpage_setup('ssoaccesscontrol');
19 admin_externalpage_print_header();
21 if (!extension_loaded('openssl')) {
22 print_error('requiresopenssl', 'mnet', '', NULL, true);
25 $sitecontext = get_context_instance(CONTEXT_SYSTEM
);
29 // grab the mnet hosts and remove the localhost
30 $mnethosts = get_records_menu('mnet_host', '', '', 'name', 'id, name');
31 if (array_key_exists($CFG->mnet_localhost_id
, $mnethosts)) {
32 unset($mnethosts[$CFG->mnet_localhost_id
]);
38 if (!empty($action) and confirm_sesskey()) {
40 // boot if insufficient permission
41 if (!has_capability('moodle/user:delete', $sitecontext)) {
42 error(get_string('nomodifyacl','mnet'));
45 // fetch the record in question
46 $id = required_param('id', PARAM_INT
);
47 if (!$idrec = get_record('mnet_sso_access_control', 'id', $id)) {
48 error(get_string('recordnoexists','mnet'), '/admin/mnet/access_control.php');
54 delete_records('mnet_sso_access_control', 'id', $id);
55 redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array($idrec->username
, $mnethosts[$idrec->mnet_host_id
])));
60 // require the access parameter, and it must be 'allow' or 'deny'
61 $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA
)));
62 if ($accessctrl != 'allow' and $accessctrl != 'deny') {
63 error(get_string('invalidaccessparam', 'mnet') , '/admin/mnet/access_control.php');
66 if (mnet_update_sso_access_control($idrec->username
, $idrec->mnet_host_id
, $accessctrl)) {
67 if ($accessctrl == 'allow') {
68 redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($idrec->username
, $mnethosts[$idrec->mnet_host_id
])));
69 } elseif ($accessctrl == 'deny') {
70 redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($idrec->username
, $mnethosts[$idrec->mnet_host_id
])));
76 print_error('invalidactionparam', 'mnet', '/admin/mnet/access_control.php');
82 // process the form results
83 if ($form = data_submitted() and confirm_sesskey()) {
85 // check permissions and verify form input
86 if (!has_capability('moodle/user:delete', $sitecontext)) {
87 error(get_string('nomodifyacl','mnet'), '/admin/mnet/access_control.php');
89 if (empty($form->username
)) {
90 $formerror['username'] = get_string('enterausername','mnet');
92 if (empty($form->mnet_host_id
)) {
93 $formerror['mnet_host_id'] = get_string('selectahost','mnet');
95 if (empty($form->accessctrl
)) {
96 $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
99 // process if there are no errors
100 if (count($formerror) == 0) {
102 // username can be a comma separated list
103 $usernames = explode(',', $form->username
);
105 foreach ($usernames as $username) {
106 $username = trim(moodle_strtolower($username));
107 if (!empty($username)) {
108 if (mnet_update_sso_access_control($username, $form->mnet_host_id
, $form->accessctrl
)) {
109 if ($form->accessctrl
== 'allow') {
110 redirect('access_control.php', get_string('ssl_acl_allow','mnet', array($username, $mnethosts[$form->mnet_host_id
])));
111 } elseif ($form->accessctrl
== 'deny') {
112 redirect('access_control.php', get_string('ssl_acl_deny','mnet', array($username, $mnethosts[$form->mnet_host_id
])));
122 print_box(get_string('ssoacldescr','mnet'));
123 // Are the needed bits enabled?
125 if (empty($CFG->mnet_dispatcher_mode
) ||
$CFG->mnet_dispatcher_mode
!== 'strict') {
126 $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
129 if (!is_enabled_auth('mnet')) {
130 $warn .= '<p>' . get_string('authmnetdisabled','mnet').'</p>';
133 if (get_config('auth/mnet', 'auto_add_remote_users') != true) {
134 $warn .= '<p>' . get_string('authmnetautoadddisabled','mnet').'</p>';
137 $warn = '<p>' . get_string('ssoaclneeds','mnet').'</p>' . $warn;
140 // output the ACL table
141 $columns = array("username", "mnet_host_id", "access", "delete");
143 $string = array('username' => get_string('username'),
144 'mnet_host_id' => get_string('remotehost', 'mnet'),
145 'access' => get_string('accesslevel', 'mnet'),
146 'delete' => get_string('delete'));
147 foreach ($columns as $column) {
148 if ($sort != $column) {
152 $columndir = $dir == "ASC" ?
"DESC" : "ASC";
153 $columnicon = $dir == "ASC" ?
"down" : "up";
154 $columnicon = " <img src=\"$CFG->pixpath/t/$columnicon.gif\" alt=\"\" />";
156 $headings[$column] = "<a href=\"?sort=$column&dir=$columndir&\">".$string[$column]."</a>$columnicon";
158 $headings['delete'] = '';
159 $acl = get_records('mnet_sso_access_control', '', '', "$sort $dir", '*'); //, $page * $perpage, $perpage);
160 $aclcount = count_records('mnet_sso_access_control');
163 print_heading(get_string('noaclentries','mnet'));
166 $table->head
= $headings;
167 $table->align
= array('left', 'left', 'center');
168 $table->width
= "95%";
169 foreach ($acl as $aclrecord) {
170 if ($aclrecord->accessctrl
== 'allow') {
171 $accesscolumn = get_string('allow', 'mnet')
172 . " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=deny&sesskey={$USER->sesskey}\">"
173 . get_string('deny', 'mnet') . "</a>)";
175 $accesscolumn = get_string('deny', 'mnet')
176 . " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=allow&sesskey={$USER->sesskey}\">"
177 . get_string('allow', 'mnet') . "</a>)";
179 $deletecolumn = "<a href=\"?id={$aclrecord->id}&action=delete&sesskey={$USER->sesskey}\">"
180 . get_string('delete') . "</a>";
181 $table->data
[] = array ($aclrecord->username
, $aclrecord->mnet_host_id
, $accesscolumn, $deletecolumn);
185 if (!empty($table)) {
187 echo '<p> </p>';
188 print_paging_bar($aclcount, $page, $perpage, "?sort=$sort&dir=$dir&perpage=$perpage&");
193 // output the add form
194 print_simple_box_start('center','90%','','20');
197 <div
class="mnetaddtoaclform">
198 <form id
="mnetaddtoacl" method
="post">
199 <input type
="hidden" name
="sesskey" value
="<?php echo $sesskey; ?>" />
203 echo get_string('username') . ":\n";
204 if (!empty($formerror['username'])) {
205 echo '<span class="error"> * </span>';
207 echo '<input type="text" name="username" size="20" maxlength="100" />';
209 // choose a remote host
210 echo " " . get_string('remotehost', 'mnet') . ":\n";
211 if (!empty($formerror['mnet_host_id'])) {
212 echo '<span class="error"> * </span>';
214 choose_from_menu($mnethosts, 'mnet_host_id');
216 // choose an access level
217 echo " " . get_string('accesslevel', 'mnet') . ":\n";
218 if (!empty($formerror['accessctrl'])) {
219 echo '<span class="error"> * </span>';
221 $accessmenu['allow'] = get_string('allow', 'mnet');
222 $accessmenu['deny'] = get_string('deny', 'mnet');
223 choose_from_menu($accessmenu, 'accessctrl');
226 echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
227 echo "</form></div>\n";
230 foreach ($formerror as $error) {
231 echo "<br><span class=\"error\">$error<span>";
234 print_simple_box_end();
235 admin_externalpage_print_footer();