2 // This file is part of Moodle - http://moodle.org/
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
20 * @copyright 2011 Dongsheng Cai <dongsheng@moodle.com>
21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
24 define('AJAX_SCRIPT', true);
25 define('NO_MOODLE_COOKIES', true);
27 require_once(dirname(dirname(__FILE__
)) . '/config.php');
29 $username = required_param('username', PARAM_USERNAME
);
30 $password = required_param('password', PARAM_RAW
);
31 $service = required_param('service', PARAM_ALPHANUMEXT
);
33 echo $OUTPUT->header();
35 if (!$CFG->enablewebservices
) {
36 throw new moodle_exception('enablewsdescription', 'webservice');
38 $username = trim(moodle_strtolower($username));
39 if (is_restored_user($username)) {
40 throw new moodle_exception('restoredaccountresetpassword', 'webservice');
42 $user = authenticate_user_login($username, $password);
44 if (isguestuser($user)) {
45 throw new moodle_exception('noguest');
47 if (empty($user->confirmed
)) {
48 throw new moodle_exception('usernotconfirmed', 'moodle', '', $user->username
);
50 // check credential expiry
51 $userauth = get_auth_plugin($user->auth
);
52 if (!empty($userauth->config
->expiration
) and $userauth->config
->expiration
== 1) {
53 $days2expire = $userauth->password_expire($user->username
);
54 if (intval($days2expire) < 0 ) {
55 throw new moodle_exception('passwordisexpired', 'webservice');
59 // let enrol plugins deal with new enrolments if necessary
60 enrol_check_plugins($user);
62 // setup user session to check capability
63 session_set_user($user);
65 $admintokenssql = "SELECT t.*
66 FROM {external_tokens} t
67 JOIN {external_services} s
68 ON t.externalserviceid = s.id
72 AND (t.validuntil = 0 OR t.validuntil IS NULL OR t.validuntil > ?)
73 AND t.userid != t.creatorid
74 ORDER BY t.timecreated ASC";
75 $tokens = $DB->get_records_sql($admintokenssql, array($service, $user->id
, time()));
76 foreach ($tokens as $key=>$admin_token) {
77 // remove token if its ip not in whitelist
78 if (isset($admin_token->iprestriction
) and !address_in_subnet(getremoteaddr(), $admin_token->iprestriction
)) {
82 // if admin created token then use the most recent created one over user created token
83 if (count($tokens) > 0) {
84 $token = array_pop($tokens);
86 // if no admin created tokens, try to use user created token
87 // NOTE user created token doesn't have valid date and ip limits
88 $usertokensql = "SELECT t.*
89 FROM {external_tokens} t
90 JOIN {external_services} s
91 ON t.externalserviceid = s.id
95 AND t.userid = t.creatorid";
97 $token = $DB->get_record_sql($usertokensql, array($service, $user->id
));
98 // create token if not exists
100 // This is an exception for Moodle Mobiel App
101 // if user doesn't have token, we will create one on the fly
102 // even user doesn't have createtoken permission
103 if ($service == MOODLE_OFFICIAL_MOBILE_SERVICE
) {
104 if (has_capability('moodle/webservice:createmobiletoken', get_system_context())) {
105 // if service doesn't exist, dml will throw exception
106 $service_record = $DB->get_record('external_services', array('shortname'=>$service, 'enabled'=>1), '*', MUST_EXIST
);
107 // create a new token
108 $token = new stdClass
;
109 $token->token
= md5(uniqid(rand(), 1));
110 $token->userid
= $user->id
;
111 $token->tokentype
= EXTERNAL_TOKEN_PERMANENT
;
112 $token->contextid
= get_context_instance(CONTEXT_SYSTEM
)->id
;
113 $token->creatorid
= $user->id
;
114 $token->timecreated
= time();
115 $token->externalserviceid
= $service_record->id
;
116 $tokenid = $DB->insert_record('external_tokens', $token);
117 add_to_log(SITEID
, 'webservice', get_string('createtokenforuserauto', 'webservice'), '' , 'User ID: ' . $user->id
);
118 $token->id
= $tokenid;
120 throw new moodle_exception('cannotcreatemobiletoken', 'webservice');
123 // will throw exception if no token found
124 throw new moodle_exception('invalidtoken', 'webservice');
130 $DB->set_field('external_tokens', 'lastaccess', time(), array('id'=>$token->id
));
132 add_to_log(SITEID
, 'webservice', 'user request webservice token', '' , 'User ID: ' . $user->id
);
134 $usertoken = new stdClass
;
135 $usertoken->token
= $token->token
;
136 echo json_encode($usertoken);
138 throw new moodle_exception('usernamenotfound', 'moodle');