login/index.php

   1 <?php // $Id$
   2
   3
   4     require_once("../config.php");
   5
   6     // check if major upgrade needed - also present in /index.php
   7     if ((int)$CFG->version < 2006101100) { //1.7 or older
   8         @require_logout();
   9         redirect("$CFG->wwwroot/$CFG->admin/");
  10     }
  11
  12     $loginguest  = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
  13     $testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
  14
  15     //initialize variables
  16     $errormsg = '';
  17     $errorcode = 0;
  18
  19 /// Check for timed out sessions
  20     if (!empty($SESSION->has_timed_out)) {
  21         $session_has_timed_out = true;
  22         $SESSION->has_timed_out = false;
  23     } else {
  24         $session_has_timed_out = false;
  25     }
  26
  27 /// Check if the guest user exists.  If not, create one.
  28     if (! record_exists('user', 'username', 'guest')) {
  29         if (! $guest = create_guest_record()) {
  30             notify('Could not create guest user record !!!');
  31         }
  32     }
  33
  34 // setup and verify auth settings
  35
  36 if (!isset($CFG->registerauth)) {
  37     set_config('registerauth', '');
  38 }
  39
  40 if (!isset($CFG->auth_instructions)) {
  41     set_config('auth_instructions', '');
  42 }
  43
  44 // auth plugins may override these - SSO anyone?
  45 $frm  = false;
  46 $user = false;
  47
  48 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
  49 foreach($authsequence as $authname) {
  50     $authplugin = get_auth_plugin($authname);
  51     $authplugin->loginpage_hook();
  52 }
  53
  54 //HTTPS is potentially required in this page
  55 httpsrequired();
  56
  57 /// Define variables used in page
  58     if (!$site = get_site()) {
  59         error("No site found!");
  60     }
  61
  62     if (empty($CFG->langmenu)) {
  63         $langmenu = "";
  64     } else {
  65         $currlang = current_language();
  66         $langs    = get_list_of_languages();
  67         $langlabel = '<span class="accesshide">'.get_string('language').':</span>';
  68         $langmenu = popup_form ("$CFG->httpswwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true, 'self', $langlabel);
  69     }
  70
  71     $loginsite = get_string("loginsite");
  72
  73     if ($user !== false or $frm !== false) {
  74         // some auth plugin already supplied these
  75
  76     } else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
  77         /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
  78         $frm->username = 'guest';
  79         $frm->password = 'guest';
  80
  81     } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
  82         // Handles the case of another Moodle site linking into a page on this site
  83         //TODO: move weblink into own auth plugin
  84         include($CFG->dirroot.'/login/weblinkauth.php');
  85         if (function_exists(weblink_auth)) {
  86             $user = weblink_auth($SESSION->wantsurl);
  87         }
  88         if ($user) {
  89             $frm->username = $user->username;
  90         } else {
  91             $frm = data_submitted();
  92         }
  93
  94     } else {
  95         $frm = data_submitted();
  96     }
  97
  98 /// Check if the user has actually submitted login data to us
  99
 100     if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) {    // Login without cookie when test requested
 101
 102         $errormsg = get_string("cookiesnotenabled");
 103         $errorcode = 1;
 104
 105     } else if ($frm) {                             // Login WITH cookies
 106
 107         $frm->username = trim(moodle_strtolower($frm->username));
 108
 109         if (is_enabled_auth('none') && empty($CFG->extendedusernamechars)) {
 110             $string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username);
 111             if (strcmp($frm->username, $string)) {
 112                 $errormsg = get_string('username').': '.get_string("alphanumerical");
 113                 $errorcode = 2;
 114
 115                 $user = null;
 116             }
 117         }
 118
 119         if ($user) {
 120             //user already supplied by aut plugin prelogin hook
 121         } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
 122             $user = false;    /// Can't log in as guest if guest button is disabled
 123             $frm = false;
 124         } else {
 125             if (empty($errormsg)) {
 126                 $user = authenticate_user_login($frm->username, $frm->password);
 127             }
 128         }
 129         update_login_count();
 130
 131         if ($user) {
 132
 133             // language setup
 134             if ($user->username == 'guest') {
 135                 // no predefined language for guests - use existing session or default site lang
 136                 unset($user->lang);
 137
 138             } else if (!empty($user->lang)) {
 139                 // unset previous session language - use user preference instead
 140                 unset($SESSION->lang);
 141             }
 142
 143             if (empty($user->confirmed)) {       // This account was never confirmed
 144                 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
 145                 print_heading(get_string("mustconfirm"));
 146                 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
 147                 print_footer();
 148                 die;
 149             }
 150
 151         /// Let's get them all set up.
 152             $USER = $user;
 153
 154             add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
 155
 156
 157             update_user_login_times();
 158             if (empty($CFG->nolastloggedin)) {
 159                 set_moodle_cookie($USER->username);
 160             } else {
 161                 // do not store last logged in user in cookie
 162                 // auth plugins can temporarily override this from loginpage_hook()
 163                 // do not save $CFG->nolastloggedin in database!
 164                 set_moodle_cookie('nobody');
 165             }
 166             set_login_session_preferences();
 167
 168         /// This is what lets the user do anything on the site :-)
 169             load_all_capabilities();
 170
 171         /// Select password change url
 172             $userauth = get_auth_plugin($USER->auth);
 173
 174         /// check whether the user should be changing password
 175             if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
 176                 //Select password change url
 177                 if ($userauth->can_change_password()) {
 178                     if ($changeurl = $userauth->change_password_url()) {
 179                         redirect($changeurl);
 180                     } else {
 181                         redirect($CFG->httpswwwroot.'/login/change_password.php');
 182                     }
 183                 } else {
 184                     error(get_string('nopasswordchangeforced', 'auth'));
 185                 }
 186             }
 187
 188
 189         /// Prepare redirection
 190             if (user_not_fully_set_up($USER)) {
 191                 $urltogo = $CFG->wwwroot.'/user/edit.php';
 192                 // We don't delete $SESSION->wantsurl yet, so we get there later
 193
 194             } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
 195                 $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
 196                 unset($SESSION->wantsurl);
 197
 198             } else {
 199                 // no wantsurl stored or external - go to homepage
 200                 $urltogo = $CFG->wwwroot.'/';
 201                 unset($SESSION->wantsurl);
 202             }
 203
 204         /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
 205             if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
 206                 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
 207                     $urltogo = $CFG->wwwroot.'/my/';
 208                 }
 209             }
 210
 211
 212         /// check if user password has expired
 213         /// Currently supported only for ldap-authentication module
 214             if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
 215                     $days2expire = $userauth->password_expire($USER->username);
 216                         if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
 217                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
 218                         notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
 219                         print_footer();
 220                         exit;
 221                     } elseif (intval($days2expire) < 0 ) {
 222                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>");
 223                         notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
 224                         print_footer();
 225                         exit;
 226                     }
 227             }
 228
 229             reset_login_count();
 230
 231             redirect($urltogo);
 232
 233             exit;
 234
 235         } else {
 236             if (empty($errormsg)) {
 237                 $errormsg = get_string("invalidlogin");
 238                 $errorcode = 3;
 239             }
 240
 241             // TODO: if the user failed to authenticate, check if the username corresponds to a remote mnet user
 242             if ( !empty($CFG->mnet_dispatcher_mode)
 243                  && $CFG->mnet_dispatcher_mode === 'strict'
 244                  && is_enabled_auth('mnet')) {
 245                 $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
 246             }
 247         }
 248     }
 249
 250 /// Detect problems with timedout sessions
 251     if ($session_has_timed_out and !data_submitted()) {
 252         $errormsg = get_string('sessionerroruser', 'error');
 253         $errorcode = 4;
 254     }
 255
 256 /// First, let's remember where the user was trying to get to before they got here
 257
 258     if (empty($SESSION->wantsurl)) {
 259         $SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
 260                               $_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
 261                               $_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
 262                               $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
 263                               $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
 264             ? $_SERVER["HTTP_REFERER"] : NULL;
 265     }
 266
 267 /// Redirect to alternative login URL if needed
 268     if (!empty($CFG->alternateloginurl)) {
 269         $loginurl = $CFG->alternateloginurl;
 270
 271         if (strpos($SESSION->wantsurl, $loginurl) === 0) {
 272             //we do not want to return to alternate url
 273             $SESSION->wantsurl = NULL;
 274         }
 275
 276         if ($errorcode) {
 277             if (strpos($loginurl, '?') === false) {
 278                 $loginurl .= '?';
 279             } else {
 280                 $loginurl .= '&';
 281             }
 282             $loginurl .= 'errorcode='.$errorcode;
 283         }
 284
 285         redirect($loginurl);
 286     }
 287
 288
 289 /// Generate the login page with forms
 290
 291     if (get_moodle_cookie() == '') {
 292         set_moodle_cookie('nobody');   // To help search for cookies
 293     }
 294
 295     if (empty($frm->username) && $authsequence[0] != 'shibboleth') {  // See bug 5184
 296         $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
 297         $frm->password = "";
 298     }
 299
 300     if (!empty($frm->username)) {
 301         $focus = "password";
 302     } else {
 303         $focus = "username";
 304     }
 305
 306     if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) {
 307         $show_instructions = true;
 308     } else {
 309         $show_instructions = false;
 310     }
 311
 312     print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus,
 313                  '', true, '<div class="langmenu">'.$langmenu.'</div>');
 314
 315     include("index_form.html");
 316
 317     print_footer();
 318
 319
 320 ?>