search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
calendar/lib: calendar_set_filters() use pre-fetched context and course recs
[moodle-pu.git] / login / index.php
blob77133a4815f5e03d2c2df1f7f74ef4e64d3ed8ec
1 <?php // $Id$
2
3
4 require_once("../config.php");
5
6 // check if major upgrade needed - also present in /index.php
7 if ((int)$CFG->version < 2006101100) { //1.7 or older
8 @require_logout();
9 redirect("$CFG->wwwroot/$CFG->admin/");
10 }
11
12 $loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
13 $testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
14
15 //initialize variables
16 $errormsg = '';
17 $errorcode = 0;
18
19 /// Check for timed out sessions
20 if (!empty($SESSION->has_timed_out)) {
21 $session_has_timed_out = true;
22 $SESSION->has_timed_out = false;
23 } else {
24 $session_has_timed_out = false;
25 }
26
27 /// Check if the guest user exists. If not, create one.
28 if (! record_exists('user', 'username', 'guest')) {
29 if (! $guest = create_guest_record()) {
30 notify('Could not create guest user record !!!');
31 }
32 }
33
34 // setup and verify auth settings
35
36 if (!isset($CFG->registerauth)) {
37 set_config('registerauth', '');
38 }
39
40 if (!isset($CFG->auth_instructions)) {
41 set_config('auth_instructions', '');
42 }
43
44 // auth plugins may override these - SSO anyone?
45 $frm = false;
46 $user = false;
47
48 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
49 foreach($authsequence as $authname) {
50 $authplugin = get_auth_plugin($authname);
51 $authplugin->loginpage_hook();
52 }
53
54 //HTTPS is potentially required in this page
55 httpsrequired();
56
57 /// Define variables used in page
58 if (!$site = get_site()) {
59 error("No site found!");
60 }
61
62 if (empty($CFG->langmenu)) {
63 $langmenu = "";
64 } else {
65 $currlang = current_language();
66 $langs = get_list_of_languages();
67 $langlabel = '<span class="accesshide">'.get_string('language').':</span>';
68 $langmenu = popup_form ("$CFG->httpswwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true, 'self', $langlabel);
69 }
70
71 $loginsite = get_string("loginsite");
72 $navlinks = array(array('name' => $loginsite, 'link' => null, 'type' => 'misc'));
73 $navigation = build_navigation($navlinks);
74
75 if ($user !== false or $frm !== false) {
76 // some auth plugin already supplied these
77
78 } else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
79 /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
80 $frm->username = 'guest';
81 $frm->password = 'guest';
82
83 } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
84 // Handles the case of another Moodle site linking into a page on this site
85 //TODO: move weblink into own auth plugin
86 include($CFG->dirroot.'/login/weblinkauth.php');
87 if (function_exists(weblink_auth)) {
88 $user = weblink_auth($SESSION->wantsurl);
89 }
90 if ($user) {
91 $frm->username = $user->username;
92 } else {
93 $frm = data_submitted();
94 }
95
96 } else {
97 $frm = data_submitted();
98 }
99
100 /// Check if the user has actually submitted login data to us
101
102 if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested
103
104 $errormsg = get_string("cookiesnotenabled");
105 $errorcode = 1;
106
107 } else if ($frm) { // Login WITH cookies
108
109 $frm->username = trim(moodle_strtolower($frm->username));
110
111 if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) {
112 $string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username);
113 if (strcmp($frm->username, $string)) {
114 $errormsg = get_string('username').': '.get_string("alphanumerical");
115 $errorcode = 2;
116
117 $user = null;
118 }
119 }
120
121 if ($user) {
122 //user already supplied by aut plugin prelogin hook
123 } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
124 $user = false; /// Can't log in as guest if guest button is disabled
125 $frm = false;
126 } else {
127 if (empty($errormsg)) {
128 $user = authenticate_user_login($frm->username, $frm->password);
129 }
130 }
131 update_login_count();
132
133 if ($user) {
134
135 // language setup
136 if ($user->username == 'guest') {
137 // no predefined language for guests - use existing session or default site lang
138 unset($user->lang);
139
140 } else if (!empty($user->lang)) {
141 // unset previous session language - use user preference instead
142 unset($SESSION->lang);
143 }
144
145 if (empty($user->confirmed)) { // This account was never confirmed
146 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
147 print_heading(get_string("mustconfirm"));
148 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
149 print_footer();
150 die;
151 }
152
153 /// Let's get them all set up.
154 $USER = $user;
155
156 add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
157
158
159 update_user_login_times();
160 if (empty($CFG->nolastloggedin)) {
161 set_moodle_cookie($USER->username);
162 } else {
163 // do not store last logged in user in cookie
164 // auth plugins can temporarily override this from loginpage_hook()
165 // do not save $CFG->nolastloggedin in database!
166 set_moodle_cookie('nobody');
167 }
168 set_login_session_preferences();
169
170 /// This is what lets the user do anything on the site :-)
171 load_all_capabilities();
172
173 /// Select password change url
174 $userauth = get_auth_plugin($USER->auth);
175
176 /// check whether the user should be changing password
177 if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
178 if ($frm->password == 'changeme') {
179 //force the change
180 set_user_preference('auth_forcepasswordchange', true);
181 }
182 //Select password change url
183 if ($userauth->can_change_password()) {
184 if ($changeurl = $userauth->change_password_url()) {
185 redirect($changeurl);
186 } else {
187 redirect($CFG->httpswwwroot.'/login/change_password.php');
188 }
189 } else {
190 error(get_string('nopasswordchangeforced', 'auth'));
191 }
192 }
193
194
195 /// Prepare redirection
196 if (user_not_fully_set_up($USER)) {
197 $urltogo = $CFG->wwwroot.'/user/edit.php';
198 // We don't delete $SESSION->wantsurl yet, so we get there later
199
200 } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
201 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site
202 unset($SESSION->wantsurl);
203
204 } else {
205 // no wantsurl stored or external - go to homepage
206 $urltogo = $CFG->wwwroot.'/';
207 unset($SESSION->wantsurl);
208 }
209
210 /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
211 if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
212 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
213 $urltogo = $CFG->wwwroot.'/my/';
214 }
215 }
216
217
218 /// check if user password has expired
219 /// Currently supported only for ldap-authentication module
220 if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
221 $days2expire = $userauth->password_expire($USER->username);
222 if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
223 print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
224 notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
225 print_footer();
226 exit;
227 } elseif (intval($days2expire) < 0 ) {
228 print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
229 notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
230 print_footer();
231 exit;
232 }
233 }
234
235 reset_login_count();
236
237 redirect($urltogo);
238
239 exit;
240
241 } else {
242 if (empty($errormsg)) {
243 $errormsg = get_string("invalidlogin");
244 $errorcode = 3;
245 }
246
247 // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
248 if ( !empty($CFG->mnet_dispatcher_mode)
249 && $CFG->mnet_dispatcher_mode === 'strict'
250 && is_enabled_auth('mnet')) {
251 $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
252 }
253 }
254 }
255
256 /// Detect problems with timedout sessions
257 if ($session_has_timed_out and !data_submitted()) {
258 $errormsg = get_string('sessionerroruser', 'error');
259 $errorcode = 4;
260 }
261
262 /// First, let's remember where the user was trying to get to before they got here
263
264 if (empty($SESSION->wantsurl)) {
265 $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
266 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
267 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
268 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
269 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
270 ? $_SERVER["HTTP_REFERER"] : NULL;
271 }
272
273 /// Redirect to alternative login URL if needed
274 if (!empty($CFG->alternateloginurl)) {
275 $loginurl = $CFG->alternateloginurl;
276
277 if (strpos($SESSION->wantsurl, $loginurl) === 0) {
278 //we do not want to return to alternate url
279 $SESSION->wantsurl = NULL;
280 }
281
282 if ($errorcode) {
283 if (strpos($loginurl, '?') === false) {
284 $loginurl .= '?';
285 } else {
286 $loginurl .= '&';
287 }
288 $loginurl .= 'errorcode='.$errorcode;
289 }
290
291 redirect($loginurl);
292 }
293
294
295 /// Generate the login page with forms
296
297 if (get_moodle_cookie() == '') {
298 set_moodle_cookie('nobody'); // To help search for cookies
299 }
300
301 if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184
302 $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
303 $frm->password = "";
304 }
305
306 if (!empty($frm->username)) {
307 $focus = "password";
308 } else {
309 $focus = "username";
310 }
311
312 if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) {
313 $show_instructions = true;
314 } else {
315 $show_instructions = false;
316 }
317
318 print_header("$site->fullname: $loginsite", $site->fullname, $navigation, $focus,
319 '', true, '<div class="langmenu">'.$langmenu.'</div>');
320
321 include("index_form.html");
322
323 print_footer();
324
325
326 ?>
Moodle proposed updates