auth/shibboleth/index.php

   1 <?php
   2
   3     // Designed to be redirected from moodle/login/index.php
   4
   5     require('../../config.php');
   6
   7     $context = context_system::instance();
   8     $PAGE->set_url('/auth/shibboleth/index.php');
   9     $PAGE->set_context($context);
  10
  11     // Support for WAYFless URLs.
  12     $target = optional_param('target', '', PARAM_LOCALURL);
  13     if (!empty($target) && empty($SESSION->wantsurl)) {
  14         $SESSION->wantsurl = $target;
  15     }
  16
  17     if (isloggedin() && !isguestuser()) {      // Nothing to do
  18         if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
  19             $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
  20             unset($SESSION->wantsurl);
  21
  22         } else {
  23             $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
  24             unset($SESSION->wantsurl);         /// Just in case
  25         }
  26
  27         redirect($urltogo);
  28
  29     }
  30
  31     $pluginconfig   = get_config('auth_shibboleth');
  32     $shibbolethauth = get_auth_plugin('shibboleth');
  33
  34     // Check whether Shibboleth is configured properly
  35     if (empty($pluginconfig->user_attribute)) {
  36         print_error('shib_not_set_up_error', 'auth_shibboleth');
  37      }
  38
  39 /// If we can find the Shibboleth attribute, save it in session and return to main login page
  40     if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
  41         $frm = new stdClass();
  42         $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
  43         // The password is never actually used, but needs to be passed to the functions 'user_login' and
  44         // 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
  45         // used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
  46         // returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
  47         // rather than setting the password to a hard-coded value, we will generate one each time, in case there are
  48         // changes to the Shibboleth plugin and it is actually used.
  49         $frm->password = generate_password(8);
  50
  51     /// Check if the user has actually submitted login data to us
  52
  53         if ($shibbolethauth->user_login($frm->username, $frm->password)
  54                 && $user = authenticate_user_login($frm->username, $frm->password)) {
  55             complete_user_login($user);
  56
  57             if (user_not_fully_set_up($USER, true)) {
  58                 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
  59                 // We don't delete $SESSION->wantsurl yet, so we get there later
  60
  61             } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
  62                 $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
  63                 unset($SESSION->wantsurl);
  64
  65             } else {
  66                 $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
  67                 unset($SESSION->wantsurl);         /// Just in case
  68             }
  69
  70             /// Go to my-moodle page instead of homepage if defaulthomepage enabled
  71             if (!has_capability('moodle/site:config',context_system::instance()) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {
  72                 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
  73                     $urltogo = $CFG->wwwroot.'/my/';
  74                 }
  75             }
  76
  77             redirect($urltogo);
  78
  79             exit;
  80         }
  81
  82         else {
  83             // The Shibboleth user couldn't be mapped to a valid Moodle user
  84             print_error('shib_invalid_account_error', 'auth_shibboleth');
  85         }
  86     }
  87
  88     // If we can find any (user independent) Shibboleth attributes but no user
  89     // attributes we probably didn't receive any user attributes
  90     elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
  91         print_error('shib_no_attributes_error', 'auth_shibboleth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
  92     } else {
  93         print_error('shib_not_set_up_error', 'auth_shibboleth');
  94     }
  95
  96