/**
* Define the form.
*/
public function definition()
{
global $CFG, $COURSE, $USER;
$mform = $this->_form;
$editoroptions = null;
$filemanageroptions = null;
$usernotfullysetup = user_not_fully_set_up($USER);
if (!is_array($this->_customdata)) {
throw new coding_exception('invalid custom data for user_edit_form');
}
$editoroptions = $this->_customdata['editoroptions'];
$filemanageroptions = $this->_customdata['filemanageroptions'];
$user = $this->_customdata['user'];
$userid = $user->id;
if (empty($user->country)) {
// We must unset the value here so $CFG->country can be used as default one.
unset($user->country);
}
// Accessibility: "Required" is bad legend text.
$strgeneral = get_string('general');
$strrequired = get_string('required');
// Add some extra hidden fields.
$mform->addElement('hidden', 'id');
$mform->setType('id', PARAM_INT);
$mform->addElement('hidden', 'course', $COURSE->id);
$mform->setType('course', PARAM_INT);
// Print the required moodle fields first.
$mform->addElement('header', 'moodle', $strgeneral);
// Shared fields.
useredit_shared_definition($mform, $editoroptions, $filemanageroptions, $user);
// Extra settigs.
if (!empty($CFG->disableuserimages) || $usernotfullysetup) {
$mform->removeElement('deletepicture');
$mform->removeElement('imagefile');
$mform->removeElement('imagealt');
}
// If the user isn't fully set up, let them know that they will be able to change
// their profile picture once their profile is complete.
if ($usernotfullysetup) {
$userpicturewarning = $mform->createElement('warning', 'userpicturewarning', 'notifymessage', get_string('newpictureusernotsetup'));
$enabledusernamefields = useredit_get_enabled_name_fields();
if ($mform->elementExists('moodle_additional_names')) {
$mform->insertElementBefore($userpicturewarning, 'moodle_additional_names');
} else {
if ($mform->elementExists('moodle_interests')) {
$mform->insertElementBefore($userpicturewarning, 'moodle_interests');
} else {
$mform->insertElementBefore($userpicturewarning, 'moodle_optional');
}
}
// This is expected to exist when the form is submitted.
$imagefile = $mform->createElement('hidden', 'imagefile');
$mform->insertElementBefore($imagefile, 'userpicturewarning');
}
// Next the customisable profile fields.
profile_definition($mform, $userid);
$this->add_action_buttons(false, get_string('updatemyprofile'));
$this->set_data($user);
}
/**
* Renders the popup.
*
* @param renderer_base $renderer
* @return string The HTML
*/
function message_popup_render_navbar_output(\renderer_base $renderer)
{
global $USER, $DB, $CFG;
// Early bail out conditions.
if (!isloggedin() || isguestuser() || user_not_fully_set_up($USER) || get_user_preferences('auth_forcepasswordchange')) {
return '';
}
$output = '';
// Add the messages popover.
if (!empty($CFG->messaging)) {
$context = ['userid' => $USER->id, 'urls' => ['preferences' => (new moodle_url('/message/edit.php', ['id' => $USER->id]))->out()]];
$output .= $renderer->render_from_template('message_popup/message_popover', $context);
}
// Add the notifications popover.
$processor = $DB->get_record('message_processors', array('name' => 'popup'));
if ($processor && $processor->enabled) {
$context = ['userid' => $USER->id, 'urls' => ['preferences' => (new moodle_url('/message/notificationpreferences.php', ['userid' => $USER->id]))->out()]];
$output .= $renderer->render_from_template('message_popup/notification_popover', $context);
}
return $output;
}
开发者ID:dg711,项目名称:moodle,代码行数:27,代码来源:lib.php
示例5: user_authenticated_hook
//.........这里部分代码省略.........
// Added to fix navigation
$navlinks = array(array('name' => 'test', 'link' => null, 'type' => 'misc'));
$navigation = build_navigation($navlinks);
update_login_count();
if ($user) {
// language setup
if ($user->username == 'guest') {
// no predefined language for guests - use existing session or default site lang
unset($user->lang);
} else {
if (!empty($user->lang)) {
// unset previous session language - use user preference instead
unset($SESSION->lang);
}
}
if (empty($user->confirmed)) {
// This account was never confirmed
print_header(get_string("mustconfirm"), get_string("mustconfirm"));
print_heading(get_string("mustconfirm"));
print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
print_footer();
die;
}
// TODO : Fix this bug frm isn't on this page here
if (isset($frm)) {
// if isset placed here for now
if ($frm->password == 'changeme') {
//force the change
set_user_preference('auth_forcepasswordchange', true, $user->id);
}
}
// end of if issuet
/// Let's get them all set up.
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $user->id, 0, $user->id);
$USER = complete_user_login($user);
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
/// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// no wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!has_capability('moodle/site:config', get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot . '/' or $urltogo == $CFG->wwwroot . '/index.php') {
$urltogo = $CFG->wwwroot . '/my/';
}
}
/// check if user password has expired
/// Currently supported only for ldap-authentication module
$userauth = get_auth_plugin($USER->auth);
if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
if ($userauth->can_change_password()) {
$passwordchangeurl = $userauth->change_password_url();
} else {
$passwordchangeurl = $CFG->httpswwwroot . '/login/change_password.php';
}
$days2expire = $userauth->password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
print_header("{$site->fullname}: {$loginsite}", "{$site->fullname}", $navigation, '', '', true, "<div class=\"langmenu\">{$langmenu}</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0) {
print_header("{$site->fullname}: {$loginsite}", "{$site->fullname}", $navigation, '', '', true, "<div class=\"langmenu\">{$langmenu}</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
}
}
reset_login_count();
// END of the regular Moodle Login Procedures
// Process the SAML Request and redirect to the Service
// it is asking for.
// This function should never return unless there's an error.
if (!gsaml_send_auth_response($SESSION->samlrequestdata)) {
// SAML code failed turn debugging on
error(get_string('samlcodefailed', 'auth_gsaml'));
}
} else {
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
$errorcode = 3;
}
// TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
if (!empty($CFG->mnet_dispatcher_mode) && $CFG->mnet_dispatcher_mode === 'strict' && is_enabled_auth('mnet')) {
$errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u={$frm->username}");
}
}
}
// else if NO SAML request is made we don't do anything but log in normally
}
/// If we can find the Shibboleth attribute, save it in session and return to main login page
if (!empty($_SERVER[$pluginconfig->user_attribute])) {
// Shibboleth auto-login
$frm = new stdClass();
$frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
// The password is never actually used, but needs to be passed to the functions 'user_login' and
// 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
// used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
// returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
// rather than setting the password to a hard-coded value, we will generate one each time, in case there are
// changes to the Shibboleth plugin and it is actually used.
$frm->password = generate_password(8);
/// Check if the user has actually submitted login data to us
if ($shibbolethauth->user_login($frm->username, $frm->password) && ($user = authenticate_user_login($frm->username, $frm->password))) {
complete_user_login($user);
if (user_not_fully_set_up($USER, true)) {
$urltogo = $CFG->wwwroot . '/user/edit.php?id=' . $USER->id . '&course=' . SITEID;
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
/// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
$urltogo = $CFG->wwwroot . '/';
/// Go to the standard home page
unset($SESSION->wantsurl);
/// Just in case
}
}
/// Go to my-moodle page instead of homepage if defaulthomepage enabled
/**
* Open user account using SREG & AX data if available
* If no matching user found and create flag is true, creates new user account
*
* @access private
* @param object &$resp An OpenID consumer response object
* @param boolean $create_flag - set if account creation permitted, default: true
* @uses $CFG
* @uses $USER
* @uses $openid_tmp_login
* @return object The new user
*/
function _open_account(&$resp, $create_flag = true)
{
global $CFG, $USER, $openid_tmp_login;
$url = $resp->identity_url;
$password = hash_internal_user_password('openid');
$server = $resp->endpoint->server_url;
$user = openid_resp_to_user($resp);
if ($user == false) {
// multiple matches to users! Don't know which user to pick.
print_error('auth_openid_multiple_matches', 'auth_openid');
return false;
// won't get here.
}
if (isset($user->id)) {
$openid_tmp_login = true;
$openid_action = 'change';
if ($user->auth == 'openid') {
if (empty($this->config->auth_openid_allow_muliple)) {
print_error('auth_openid_no_multiple', 'auth_openid');
return false;
}
$openid_action = 'append';
} else {
if (empty($this->config->auth_openid_confirm_switch)) {
openid_if_unique_change_account($user, $url);
return $USER;
}
}
$USER = clone $user;
// To clone or not to clone
//$mode = optional_param('openid_mode', null);
//error_log("auth/openid/auth.php::_open_account() setting openid_mode={$mode} (openid_process_url={$openid_process_url})");
redirect("{$CFG->wwwroot}/auth/openid/actions.php?openid_tmp_login=1&openid_action={$openid_action}&openid_url={$url}");
// Try to get it not to make second request to be accepted, double confirm - TBD: openid_mode=???
}
if (!$create_flag) {
// Error: This site is configured to disallow new users via OpenID
print_error('auth_openid_require_account', 'auth_openid');
return false;
// won't get here.
}
$usertmp = create_user_record($user->username, $password, 'openid');
$user->id = $usertmp->id;
openid_append_url($user, $url);
if (!isset($user->city) || $user->city == '') {
//use "*" as the default city name
$user->city = '*';
}
if (empty($user->country) && !empty($CFG->country)) {
//use the configured default country code
$user->country = $CFG->country;
}
if (empty($user->country)) {
//out of other options, to try to copy the admin's country
if ($admin = get_admin()) {
$user->country = $admin->country;
}
}
update_record('user', $user);
$user = get_complete_user_data('id', $user->id);
events_trigger('user_created', $user);
// BJB120125 - moved from below redirect for alfresco, etc...
if (function_exists('on_openid_create_account')) {
on_openid_create_account($resp, $user);
}
// Redirect the user to their profile page if not set up properly
if (!empty($user) && user_not_fully_set_up($user)) {
$USER = clone $user;
$urltogo = $CFG->wwwroot . '/user/edit.php';
redirect($urltogo);
}
if (openid_server_requires_confirm($server, $this->config)) {
$secret = random_string(15);
set_field('user', 'secret', $secret, 'id', $user->id);
$user->secret = $secret;
set_field('user', 'confirmed', 0, 'id', $user->id);
$user->confirmed = 0;
openid_send_confirmation_email($user);
}
return $user;
}
/**
* Find the session set by ntlmsso_magic(), validate it and
* call authenticate_user_login() to authenticate the user through
* the auth machinery.
*
* It is complemented by a similar check in user_login().
*
* If it succeeds, it never returns.
*
*/
function ntlmsso_finish()
{
global $CFG, $USER, $SESSION;
$key = sesskey();
$cf = get_cache_flags($this->pluginconfig . '/ntlmsess');
if (!isset($cf[$key]) || $cf[$key] === '') {
return false;
}
$username = $cf[$key];
// Here we want to trigger the whole authentication machinery
// to make sure no step is bypassed...
$user = authenticate_user_login($username, $key);
if ($user) {
complete_user_login($user);
// Cleanup the key to prevent reuse...
// and to allow re-logins with normal credentials
unset_cache_flag($this->pluginconfig . '/ntlmsess', $key);
// Redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// No wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
// We do not want to redirect if we are in a PHPUnit test.
if (!PHPUNIT_TEST) {
redirect($urltogo);
}
}
// Should never reach here.
return false;
}
/** Determine where a user should be redirected after they have been logged in.
* @return string url the user should be redirected to.
*/
function core_login_get_return_url()
{
global $CFG, $SESSION, $USER;
// Prepare redirection.
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later.
} else {
if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0 or strpos($SESSION->wantsurl, str_replace('http://', 'https://', $CFG->wwwroot)) === 0)) {
$urltogo = $SESSION->wantsurl;
// Because it's an address in this site.
unset($SESSION->wantsurl);
} else {
// No wantsurl stored or external - go to homepage.
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
// If the url to go to is the same as the site page, check for default homepage.
if ($urltogo == $CFG->wwwroot . '/') {
$homepage = get_home_page();
// Go to my-moodle page instead of site homepage if defaulthomepage set to homepage_my.
if ($homepage == HOMEPAGE_MY && !is_siteadmin() && !isguestuser()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot . '/' or $urltogo == $CFG->wwwroot . '/index.php') {
$urltogo = $CFG->wwwroot . '/my/';
}
}
}
return $urltogo;
}
function loginpage_hook()
{
global $CFG, $SESSION, $DB, $USER;
require_once $CFG->dirroot . '/auth/vatsim/config.php';
// initiate the SSO class with consumer details and encryption details
$SSO = new SSO($sso['base'], $sso['key'], $sso['secret'], $sso['method'], $sso['cert']);
// return variable is needed later in this script
$sso_return = $sso['return'];
// remove other config variables
unset($sso);
// if VATSIM has redirected the member back
if (isset($_GET['oauth_verifier']) && !isset($_GET['oauth_cancel'])) {
// check to make sure there is a saved token for this user
if (isset($_SESSION[SSO_SESSION]) && isset($_SESSION[SSO_SESSION]['key']) && isset($_SESSION[SSO_SESSION]['secret'])) {
if (@$_GET['oauth_token'] != $_SESSION[SSO_SESSION]['key']) {
throw new moodle_exception("An error occurred with the login process - please try again", 'auth_vatsim');
}
if (@(!isset($_GET['oauth_verifier']))) {
throw new moodle_exception("An error occurred with the login process", 'auth_vatsim');
}
// obtain the details of this user from VATSIM
$vatsimUser = $SSO->checkLogin($_SESSION[SSO_SESSION]['key'], $_SESSION[SSO_SESSION]['secret'], @$_GET['oauth_verifier']);
if ($vatsimUser) {
// One-time use of tokens, token no longer valid
unset($_SESSION[SSO_SESSION]);
$vatsim = $vatsimUser->user;
//print_r($user->user);
$username = $vatsim->id;
// plugin only designed where email address is returned, if no email specified,
if (@empty($vatsim->email)) {
throw new moodle_exception('noemail', "auth_vatsim");
}
$useremail = $vatsim->email;
// find the user in the current database, by CID, not email
$user = $DB->get_record('user', array('username' => $username, 'deleted' => 0, 'mnethostid' => $CFG->mnet_localhost_id));
// create the user if it doesn't exist
if (empty($user)) {
// deny login if setting "Prevent account creation when authenticating" is on
if ($CFG->authpreventaccountcreation) {
throw new moodle_exception("noaccountyet", "auth_vatsim");
}
//retrieve more information from the provider
$newuser = new stdClass();
$newuser->email = $useremail;
$newuser->firstname = $vatsim->name_first;
$newuser->lastname = $vatsim->name_last;
$newuser->country = $vatsim->country->code;
create_user_record($username, '', 'vatsim');
} else {
$username = $user->username;
}
add_to_log(SITEID, 'auth_vatsim', '', '', $username . '/' . $useremail);
$user = authenticate_user_login($username, null);
if ($user) {
//prefill more user information if new user
if (!empty($newuser)) {
$newuser->id = $user->id;
$DB->update_record('user', $newuser);
$user = (object) array_merge((array) $user, (array) $newuser);
}
complete_user_login($user);
// Redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// No wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
redirect($urltogo);
}
} else {
// OAuth or cURL errors have occurred
//$error = $SSO->error();
throw new moodle_exception("An error occurred with the login process", 'auth_vatsim');
}
}
// the user cancelled their login and were sent back
} else {
if (isset($_GET['oauth_cancel'])) {
throw new moodle_exception("You cancelled your login", 'auth_vatsim');
}
}
// create a request token for this login. Provides return URL and suspended/inactive settings
$token = $SSO->requestToken($sso_return, false, false);
if ($token) {
// store the token information in the session so that we can retrieve it when the user returns
$_SESSION[SSO_SESSION] = array('key' => (string) $token->token->oauth_token, 'secret' => (string) $token->token->oauth_token_secret);
// redirect the member to VATSIM
$SSO->sendToVatsim();
} else {
throw new moodle_exception("An error occurred with the login process", 'auth_vatsim');
}
//.........这里部分代码省略.........
/**
* Find the session set by ntlmsso_magic(), validate it and
* call authenticate_user_login() to authenticate the user through
* the auth machinery.
*
* It is complemented by a similar check in user_login().
*
* If it succeeds, it never returns.
*
*/
function ntlmsso_finish()
{
global $CFG, $USER, $SESSION;
$key = sesskey();
$cf = get_cache_flags('auth/ldap/ntlmsess');
if (!isset($cf[$key]) || $cf[$key] === '') {
return false;
}
$username = $cf[$key];
// Here we want to trigger the whole authentication machinery
// to make sure no step is bypassed...
$user = authenticate_user_login($username, $key);
if ($user) {
add_to_log(SITEID, 'user', 'login', "view.php?id={$USER->id}&course=" . SITEID, $user->id, 0, $user->id);
$USER = complete_user_login($user);
// Cleanup the key to prevent reuse...
// and to allow re-logins with normal credentials
unset_cache_flag('auth/ldap/ntlmsess', $key);
/// Redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot . '/user/edit.php';
// We don't delete $SESSION->wantsurl yet, so we get there later
} else {
if (isset($SESSION->wantsurl) and strpos($SESSION->wantsurl, $CFG->wwwroot) === 0) {
$urltogo = $SESSION->wantsurl;
/// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// no wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot . '/';
unset($SESSION->wantsurl);
}
}
redirect($urltogo);
}
// Should never reach here.
return false;
}
/**
* Determines whether a user is fully set up, using cached results where possible.
*
* @since 3.2.0
* @param \stdClass $user the user record.
* @return bool true if the user is fully set up, false otherwise.
*/
protected function is_user_setup($user)
{
if (!isset($this->userssetupcache[$user->id])) {
$this->userssetupcache[$user->id] = !user_not_fully_set_up($user);
}
return $this->userssetupcache[$user->id];
}
请发表评论