search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixes bug MDL-8234, "New groups code & AS keyword"
[moodle-pu.git] / auth / cas / login.php
blobc0940bf59d5014fc8803d38bdc6ed80f8b4e12ed
1 <?php
2 // $Id$
3 // author: romualdLorthioir $
4 //CHANGELOG:
5 //05.03.2005 replace /login/index.php
6 defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
7
8 //Define variables used in page
9 if (!$site = get_site()) {
10 print_error('nosite', '', '', NULL, true);
11 }
12
13 if (empty($CFG->langmenu)) {
14 $langmenu = "";
15 } else {
16 $currlang = current_language();
17 $langs = get_list_of_languages();
18 if (empty($CFG->loginhttps)) {
19 $wwwroot = $CFG->wwwroot;
20 } else {
21 $wwwroot = str_replace('http:','https:',$CFG->wwwroot);
22 }
23 $langmenu = popup_form ("$wwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
24 }
25
26 $loginsite = get_string("loginsite");
27 $casauth = get_auth_plugin('cas');
28 $ldapauth = get_auth_plugin('ldap');
29
30
31 $frm = false;
32 $user = false;
33 if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
34 /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
35 $frm->username = 'guest';
36 $frm->password = 'guest';
37 } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
38 // Handles the case of another Moodle site linking into a page on this site
39 include($CFG->dirroot.'/login/weblinkauth.php');
40 if (function_exists(weblink_auth)) {
41 $user = weblink_auth($SESSION->wantsurl);
42 }
43 if ($user) {
44 $frm->username = $user->username;
45 } else {
46 $frm = data_submitted();
47 }
48 } else {
49 $frm = data_submitted();
50 }
51
52 if ($frm and (get_moodle_cookie() == '')) { // Login without cookie
53
54 $errormsg = get_string("cookiesnotenabled");
55
56 } else if ($frm) { // Login WITH cookies
57
58 $frm->username = trim(moodle_strtolower($frm->username));
59
60 if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
61 $user = false; /// Can't log in as guest if guest button is disabled
62 $frm = false;
63 } else if (!$user) {
64 if ($CFG->auth == "cas" && $frm->username != 'guest') { /// Cas SSO case
65 $user = $casauth->authenticate_user_login($frm->username, $frm->password);
66 }else{
67 $user = authenticate_user_login($frm->username, $frm->password);
68 }
69 }
70 update_login_count();
71
72 if ($user) {
73 if (! $user->confirmed ) { // they never confirmed via email
74 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
75 print_heading(get_string("mustconfirm"));
76 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
77 print_footer();
78 die;
79 }
80
81 $USER = $user;
82 if (!empty($USER->description)) {
83 $USER->description = true; // No need to cart all of it around
84 }
85 $USER->loggedin = true;
86 $USER->site = $CFG->wwwroot; // for added security, store the site in the session
87 sesskey(); // for added security, used to check script parameters
88
89 if ($USER->username == "guest") {
90 $USER->lang = $CFG->lang; // Guest language always same as site
91 $USER->firstname = get_string("guestuser"); // Name always in current language
92 $USER->lastname = " ";
93 }
94
95 if (!update_user_login_times()) {
96 error("Wierd error: could not update login records");
97 }
98
99 set_moodle_cookie($USER->username);
100
101 unset($SESSION->lang);
102 $SESSION->justloggedin = true;
103
104 // Restore the calendar filters, if saved
105 if (intval(get_user_preferences('calendar_persistflt', 0))) {
106 include_once($CFG->dirroot.'/calendar/lib.php');
107 calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
108 }
109
110 //Select password change url
111 $userauth = get_auth_plugin($USER->auth);
112 if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
113 $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
114 }
115
116 // check whether the user should be changing password
117 if (get_user_preferences('auth_forcepasswordchange', false)) {
118 if (isset($passwordchangeurl)) {
119 redirect($passwordchangeurl);
120 } else {
121 print_error('auth_cas_broken_password','auth');
122 }
123 }
124
125
126 add_to_log(SITEID, "user", "login", "view.php?id=$user->id&course=".SITEID, $user->id, 0, $user->id);
127
128 if (user_not_fully_set_up($USER)) {
129 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
130 // We don't delete $SESSION->wantsurl yet, so we get there later
131
132 } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
133 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
134 unset($SESSION->wantsurl);
135
136 } else {
137 $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
138 unset($SESSION->wantsurl); /// Just in case
139 }
140
141 // check if user password has expired
142 // Currently supported only for ldap-authentication module
143 if ($ldapauth->config->expiration == 1) {
144 $days2expire = $ldapauth->password_expire($USER->username);
145 if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
146 print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
147 notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
148 print_footer();
149 exit;
150 } elseif (intval($days2expire) < 0 ) {
151 print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
152 notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
153 print_footer();
154 exit;
155 }
156 }
157
158 reset_login_count();
159
160 load_all_capabilities(); /// This is what lets the user do anything on the site :-)
161
162 redirect($urltogo);
163
164 exit;
165
166 } else {
167 if ($CFG->auth == "cas" ) { /// CAS error login
168 $errormsg = get_string("invalidcaslogin");
169 phpCAS::logout("$CFG->wwwroot/auth/cas/forbidden.php");
170 }else{
171 $errormsg = get_string("invalidlogin");
172 }
173 }
174 }
175 $user = $casauth->automatic_authenticate($user);
176 if ($user) {
177 if (! $user->confirmed ) { // they never confirmed via email
178 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
179 print_heading(get_string("mustconfirm"));
180 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
181 print_footer();
182 die;
183 }
184
185 $USER = $user;
186 if (!empty($USER->description)) {
187 $USER->description = true; // No need to cart all of it around
188 }
189 $USER->loggedin = true;
190 $USER->site = $CFG->wwwroot; // for added security, store the site in the session
191 sesskey(); // for added security, used to check script parameters
192
193 if ($USER->username == "guest") {
194 $USER->lang = $CFG->lang; // Guest language always same as site
195 $USER->firstname = get_string("guestuser"); // Name always in current language
196 $USER->lastname = " ";
197 }
198
199 if (!update_user_login_times()) {
200 error("Wierd error: could not update login records");
201 }
202
203 set_moodle_cookie($USER->username);
204
205 unset($SESSION->lang);
206 $SESSION->justloggedin = true;
207
208 // Restore the calendar filters, if saved
209 if (intval(get_user_preferences('calendar_persistflt', 0))) {
210 include_once($CFG->dirroot.'/calendar/lib.php');
211 calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
212 }
213
214 //Select password change url
215 $userauth = get_auth_plugin($USER->auth);
216 if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
217 $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
218 }
219
220 // check whether the user should be changing password
221 if (get_user_preferences('auth_forcepasswordchange', false)) {
222 if (isset($passwordchangeurl)) {
223 redirect($passwordchangeurl);
224 } else {
225 print_error('auth_cas_broken_password','auth');
226 }
227 }
228
229
230 add_to_log(SITEID, "user", "login", "view.php?id=$user->id&course=".SITEID, $user->id, 0, $user->id);
231
232 if (user_not_fully_set_up($USER)) {
233 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
234 // We don't delete $SESSION->wantsurl yet, so we get there later
235
236 } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
237 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
238 unset($SESSION->wantsurl);
239
240 } else {
241 $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
242 unset($SESSION->wantsurl); /// Just in case
243 }
244
245 // check if user password has expired
246 // Currently supported only for ldap-authentication module
247 if ($ldapauth->config->expiration == 1) {
248 $days2expire = $ldapauth->password_expire($USER->username);
249 if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
250 print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
251 notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
252 print_footer();
253 exit;
254 } elseif (intval($days2expire) < 0 ) {
255 print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
256 notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
257 print_footer();
258 exit;
259 }
260 }
261
262 reset_login_count();
263
264 load_all_capabilities(); /// This is what lets the user do anything on the site :-)
265
266 redirect($urltogo);
267
268 exit;
269 } else {
270 if (!$CFG->guestloginbutton) {
271 $errormsg = get_string("invalidcaslogin");
272 phpCAS::logout("$CFG->wwwroot/auth/cas/forbidden.php");
273 }
274 }
275
276 if (empty($errormsg)) {
277 $errormsg = "";
278 }
279
280 if (empty($SESSION->wantsurl)) {
281 $SESSION->wantsurl = array_key_exists('HTTP_REFERER',$_SERVER) ? $_SERVER["HTTP_REFERER"] : $CFG->wwwroot.'/';
282 }
283
284 if (get_moodle_cookie() == '') {
285 set_moodle_cookie('nobody'); // To help search for cookies
286 }
287
288 if (empty($frm->username)) {
289 $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
290 $frm->password = "";
291 }
292
293 if (!empty($frm->username)) {
294 $focus = "login.password";
295 } else {
296 $focus = "login.username";
297 }
298
299 if ($CFG->auth == "email" or $CFG->auth == "none" or chop($CFG->auth_instructions) <> "" ) {
300 $show_instructions = true;
301 } else {
302 $show_instructions = false;
303 }
304
305 print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
306 include($CFG->dirroot.'/auth/cas/index_form.html');
307 print_footer();
308
309 exit;
310
311 // No footer on this page
312
313 ?>
Moodle proposed updates