Issue:
[moodle-pu.git] / auth / shibboleth / index.php
blob347e6a822cac8b0c12bd211a43b57d72505e5334
1 <?php // $Id$
2 // Designed to be redirected from moodle/login/index.php
4 require('../../config.php');
6 if (isloggedin() && $USER->username != 'guest') { // Nothing to do
7 if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
8 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
9 unset($SESSION->wantsurl);
11 } else {
12 $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
13 unset($SESSION->wantsurl); /// Just in case
16 redirect($urltogo);
19 $pluginconfig = get_config('auth/shibboleth');
20 $shibbolethauth = get_auth_plugin('shibboleth');
22 // Check whether Shibboleth is configured properly
23 if (empty($pluginconfig->user_attribute)) {
24 error(get_string( 'shib_not_set_up_error', 'auth'));
27 /// If we can find the Shibboleth attribute, save it in session and return to main login page
28 if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login
29 $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
30 $frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);
31 // The random password consists of the first 8 letters of the base 64 encoded user ID
32 // This password is never used unless the user account is converted to manual
34 /// Check if the user has actually submitted login data to us
36 if ($shibbolethauth->user_login($frm->username, $frm->password)) {
38 $USER = authenticate_user_login($frm->username, $frm->password);
40 $USER->loggedin = true;
41 $USER->site = $CFG->wwwroot; // for added security, store the site in the
43 update_user_login_times();
45 // Don't show username on login page
46 set_moodle_cookie('nobody');
48 set_login_session_preferences();
50 unset($SESSION->lang);
51 $SESSION->justloggedin = true;
53 add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
55 if (user_not_fully_set_up($USER)) {
56 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
57 // We don't delete $SESSION->wantsurl yet, so we get there later
59 } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
60 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
61 unset($SESSION->wantsurl);
63 } else {
64 $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
65 unset($SESSION->wantsurl); /// Just in case
68 /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
69 if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM, SITEID)) and !empty($CFG->mymoodleredirect) and !isguest()) {
70 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
71 $urltogo = $CFG->wwwroot.'/my/';
75 load_all_capabilities(); /// This is what lets the user do anything on the site :-)
77 redirect($urltogo);
79 exit;
82 else {
83 // For some weird reason the Shibboleth user couldn't be authenticated
87 // If we can find any (user independent) Shibboleth attributes but no user
88 // attributes we probably didn't receive any user attributes
89 elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID'])) {
90 error(get_string( 'shib_no_attributes_error', 'auth' , '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\''));
91 } else {
92 error(get_string( 'shib_not_set_up_error', 'auth'));