auth/shibboleth/login.php

   1 <?php
   2
   3     require_once("../../config.php");
   4     require_once($CFG->dirroot."/auth/shibboleth/auth.php");
   5
   6     $idp = optional_param('idp', null, PARAM_RAW);
   7
   8     // Check for timed out sessions.
   9     if (!empty($SESSION->has_timed_out)) {
  10         $session_has_timed_out = true;
  11         $SESSION->has_timed_out = false;
  12     } else {
  13         $session_has_timed_out = false;
  14     }
  15
  16     // Define variables used in page.
  17     $isvalid = true;
  18     $site = get_site();
  19
  20     $loginsite = get_string("loginsite");
  21
  22     $loginurl = (!empty($CFG->alternateloginurl)) ? $CFG->alternateloginurl : '';
  23
  24     $config = get_config('auth_shibboleth');
  25     if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($config->auth_instructions)) {
  26         $showinstructions = true;
  27     } else {
  28         $showinstructions = false;
  29     }
  30
  31     $idplist = get_idp_list($config->organization_selection);
  32     if (isset($idp)) {
  33         if (isset($idplist[$idp])) {
  34             set_saml_cookie($idp);
  35
  36             $targeturl = new moodle_url('/auth/shibboleth/index.php');
  37             $idpinfo = $idplist[$idp];
  38
  39             // Redirect to SessionInitiator with entityID as argument.
  40             if (isset($idpinfo[1]) && !empty($idpinfo[1])) {
  41                 $sso = $idpinfo[1];
  42             } else {
  43                 $sso = '/Shibboleth.sso';
  44             }
  45             // For Shibboleth 1.x Service Providers.
  46             header('Location: ' . $sso . '?providerId=' . urlencode($idp) . '&target=' . urlencode($targeturl->out()));
  47
  48         } else {
  49             $isvalid = false;
  50         }
  51     }
  52
  53     $loginsite = get_string("loginsite");
  54
  55     $PAGE->set_url('/auth/shibboleth/login.php');
  56     $PAGE->set_context(context_system::instance());
  57     $PAGE->navbar->add($loginsite);
  58     $PAGE->set_title("$site->fullname: $loginsite");
  59     $PAGE->set_heading($site->fullname);
  60     $PAGE->set_pagelayout('login');
  61
  62     echo $OUTPUT->header();
  63
  64     if (isloggedin() and !isguestuser()) {
  65         // Prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed.
  66         echo $OUTPUT->box_start();
  67         $params = array('sesskey' => sesskey(), 'loginpage' => 1);
  68         $logout = new single_button(new moodle_url('/login/logout.php', $params), get_string('logout'), 'post');
  69         $continue = new single_button(new moodle_url('/'), get_string('cancel'), 'get');
  70         echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
  71         echo $OUTPUT->box_end();
  72     } else {
  73         // Print login page.
  74         $selectedidp = '-';
  75         if (isset($_COOKIE['_saml_idp'])) {
  76             $idpcookie = generate_cookie_array($_COOKIE['_saml_idp']);
  77             do {
  78                 $selectedidp = array_pop($idpcookie);
  79             } while (!isset($idplist[$selectedidp]) && count($idpcookie) > 0);
  80         }
  81
  82         $idps = [];
  83         foreach ($idplist as $value => $data) {
  84             $name = reset($data);
  85             $selected = $value === $selectedidp;
  86             $idps[] = (object)[
  87                 'name' => $name,
  88                 'value' => $value,
  89                 'selected' => $selected
  90             ];
  91         }
  92
  93         // Whether the user can sign up.
  94         $cansignup = !empty($CFG->registerauth);
  95         // Default instructions.
  96         $instructions = format_text($config->auth_instructions);
  97         if (is_enabled_auth('none')) {
  98             $instructions = get_string('loginstepsnone');
  99         } else if ($cansignup) {
 100             if ($CFG->registerauth === 'email' && empty($instructions)) {
 101                 $instructions = get_string('loginsteps');
 102             }
 103         }
 104
 105         // Build the template context data.
 106         $templatedata = (object)[
 107             'adminemail' => get_admin()->email,
 108             'cansignup' => $cansignup,
 109             'guestlogin' => $CFG->guestloginbutton,
 110             'guestloginurl' => new moodle_url('/login/index.php'),
 111             'idps' => $idps,
 112             'instructions' => $instructions,
 113             'loginname' => $config->login_name ?? null,
 114             'logintoken' => \core\session\manager::get_login_token(),
 115             'loginurl' => new moodle_url('/auth/shibboleth/login.php'),
 116             'showinstructions' => $showinstructions,
 117             'signupurl' => new moodle_url('/login/signup.php'),
 118             'isvalid' => $isvalid
 119         ];
 120
 121         // Render the login form.
 122         echo $OUTPUT->render_from_template('auth_shibboleth/login_form', $templatedata);
 123     }
 124
 125     echo $OUTPUT->footer();