4 require_once("../config.php");
6 // check if major upgrade needed - also present in /index.php
7 if ((int)$CFG->version
< 2006101100) { //1.7 or older
9 redirect("$CFG->wwwroot/$CFG->admin/");
12 $loginguest = optional_param('loginguest', 0, PARAM_BOOL
); // determines whether visitors are logged in as guest automatically
13 $testcookies = optional_param('testcookies', 0, PARAM_BOOL
); // request cookie test
15 //initialize variables
19 /// Check for timed out sessions
20 if (!empty($SESSION->has_timed_out
)) {
21 $session_has_timed_out = true;
22 $SESSION->has_timed_out
= false;
24 $session_has_timed_out = false;
27 /// Check if the guest user exists. If not, create one.
28 if (! record_exists('user', 'username', 'guest', 'mnethostid', $CFG->mnet_localhost_id
)) {
29 if (! $guest = create_guest_record()) {
30 notify('Could not create guest user record !!!');
34 // setup and verify auth settings
36 if (!isset($CFG->registerauth
)) {
37 set_config('registerauth', '');
40 if (!isset($CFG->auth_instructions
)) {
41 set_config('auth_instructions', '');
44 // auth plugins may override these - SSO anyone?
48 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
49 foreach($authsequence as $authname) {
50 $authplugin = get_auth_plugin($authname);
51 $authplugin->loginpage_hook();
54 //HTTPS is potentially required in this page
57 /// Define variables used in page
58 if (!$site = get_site()) {
59 error("No site found!");
62 if (empty($CFG->langmenu
)) {
65 $currlang = current_language();
66 $langs = get_list_of_languages();
67 $langlabel = get_accesshide(get_string('language'));
68 $langmenu = popup_form ("$CFG->httpswwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true, 'self', $langlabel);
71 $loginsite = get_string("loginsite");
72 $navlinks = array(array('name' => $loginsite, 'link' => null, 'type' => 'misc'));
73 $navigation = build_navigation($navlinks);
75 if ($user !== false or $frm !== false) {
76 // some auth plugin already supplied these
78 } else if ((!empty($SESSION->wantsurl
) and strstr($SESSION->wantsurl
,'username=guest')) or $loginguest) {
79 /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
80 $frm->username
= 'guest';
81 $frm->password
= 'guest';
83 } else if (!empty($SESSION->wantsurl
) && file_exists($CFG->dirroot
.'/login/weblinkauth.php')) {
84 // Handles the case of another Moodle site linking into a page on this site
85 //TODO: move weblink into own auth plugin
86 include($CFG->dirroot
.'/login/weblinkauth.php');
87 if (function_exists('weblink_auth')) {
88 $user = weblink_auth($SESSION->wantsurl
);
91 $frm->username
= $user->username
;
93 $frm = data_submitted();
97 $frm = data_submitted();
100 /// Check if the user has actually submitted login data to us
102 if (empty($CFG->usesid
) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested
104 $errormsg = get_string("cookiesnotenabled");
107 } else if ($frm) { // Login WITH cookies
109 $frm->username
= trim(moodle_strtolower($frm->username
));
111 if (is_enabled_auth('none') && empty($CFG->extendedusernamechars
)) {
112 $string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username
);
113 if (strcmp($frm->username
, $string)) {
114 $errormsg = get_string('username').': '.get_string("alphanumerical");
122 //user already supplied by aut plugin prelogin hook
123 } else if (($frm->username
== 'guest') and empty($CFG->guestloginbutton
)) {
124 $user = false; /// Can't log in as guest if guest button is disabled
127 if (empty($errormsg)) {
128 $user = authenticate_user_login($frm->username
, $frm->password
);
132 // Intercept 'restored' users to provide them with info & reset password
133 if (!$user and $frm and is_restored_user($frm->username
)) {
134 print_header("$site->fullname: $loginsite", $site->fullname
, $navigation, '',
135 '', true, '<div class="langmenu">'.$langmenu.'</div>');
136 print_heading(get_string('restoredaccount'));
137 print_simple_box(get_string('restoredaccountinfo'), 'center', '70%');
138 require_once('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846
139 $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username
));
145 update_login_count();
150 if ($user->username
== 'guest') {
151 // no predefined language for guests - use existing session or default site lang
154 } else if (!empty($user->lang
)) {
155 // unset previous session language - use user preference instead
156 unset($SESSION->lang
);
159 if (empty($user->confirmed
)) { // This account was never confirmed
160 print_header(get_string("mustconfirm"), get_string("mustconfirm") );
161 print_heading(get_string("mustconfirm"));
162 print_simple_box(get_string("emailconfirmsent", "", $user->email
), "center");
167 if ($frm->password
== 'changeme') {
169 set_user_preference('auth_forcepasswordchange', true, $user->id
);
172 /// Let's get them all set up.
173 add_to_log(SITEID
, 'user', 'login', "view.php?id=$USER->id&course=".SITEID
,
174 $user->id
, 0, $user->id
);
175 $USER = complete_user_login($user);
177 /// Prepare redirection
178 if (user_not_fully_set_up($USER)) {
179 $urltogo = $CFG->wwwroot
.'/user/edit.php';
180 // We don't delete $SESSION->wantsurl yet, so we get there later
182 } else if (isset($SESSION->wantsurl
) and (strpos($SESSION->wantsurl
, $CFG->wwwroot
) === 0)) {
183 $urltogo = $SESSION->wantsurl
; /// Because it's an address in this site
184 unset($SESSION->wantsurl
);
187 // no wantsurl stored or external - go to homepage
188 $urltogo = $CFG->wwwroot
.'/';
189 unset($SESSION->wantsurl
);
192 /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
193 if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM
)) and !empty($CFG->mymoodleredirect
) and !isguest()) {
194 if ($urltogo == $CFG->wwwroot
or $urltogo == $CFG->wwwroot
.'/' or $urltogo == $CFG->wwwroot
.'/index.php') {
195 $urltogo = $CFG->wwwroot
.'/my/';
200 /// check if user password has expired
201 /// Currently supported only for ldap-authentication module
202 $userauth = get_auth_plugin($USER->auth
);
203 if (!empty($userauth->config
->expiration
) and $userauth->config
->expiration
== 1) {
204 if ($userauth->can_change_password()) {
205 $passwordchangeurl = $userauth->change_password_url();
206 if(!$passwordchangeurl) {
207 $passwordchangeurl = $CFG->httpswwwroot
.'/login/change_password.php';
210 $passwordchangeurl = $CFG->httpswwwroot
.'/login/change_password.php';
212 $days2expire = $userauth->password_expire($USER->username
);
213 if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config
->expiration_warning
)) {
214 print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, '', '', true, "<div class=\"langmenu\">$langmenu</div>");
215 notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
218 } elseif (intval($days2expire) < 0 ) {
219 print_header("$site->fullname: $loginsite", "$site->fullname", $navigation, '', '', true, "<div class=\"langmenu\">$langmenu</div>");
220 notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
233 if (empty($errormsg)) {
234 $errormsg = get_string("invalidlogin");
238 if ( !empty($CFG->mnet_dispatcher_mode
)
239 && $CFG->mnet_dispatcher_mode
=== 'strict'
240 && is_enabled_auth('mnet')
241 && record_exists_sql("SELECT h.id FROM {$CFG->prefix}mnet_host h
242 INNER JOIN {$CFG->prefix}mnet_host2service m ON h.id=m.hostid
243 INNER JOIN {$CFG->prefix}mnet_service s ON s.id=m.serviceid
244 WHERE s.name='sso_sp' AND h.deleted=0 AND m.publish = 1")
245 && record_exists_select('user', "username = '{$frm->username}' AND mnethostid != {$CFG->mnet_localhost_id}")
248 $errormsg .= get_string('loginlinkmnetuser', 'mnet', "mnet_email.php?u=$frm->username");
253 /// Detect problems with timedout sessions
254 if ($session_has_timed_out and !data_submitted()) {
255 $errormsg = get_string('sessionerroruser', 'error');
259 /// First, let's remember where the user was trying to get to before they got here
261 if (empty($SESSION->wantsurl
)) {
262 $SESSION->wantsurl
= (array_key_exists('HTTP_REFERER',$_SERVER) &&
263 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot
&&
264 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot
.'/' &&
265 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot
.'/login/' &&
266 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot
.'/login/index.php')
267 ?
$_SERVER["HTTP_REFERER"] : NULL;
270 /// Redirect to alternative login URL if needed
271 if (!empty($CFG->alternateloginurl
)) {
272 $loginurl = $CFG->alternateloginurl
;
274 if (strpos($SESSION->wantsurl
, $loginurl) === 0) {
275 //we do not want to return to alternate url
276 $SESSION->wantsurl
= NULL;
280 if (strpos($loginurl, '?') === false) {
285 $loginurl .= 'errorcode='.$errorcode;
292 /// Generate the login page with forms
294 if (get_moodle_cookie() == '') {
295 set_moodle_cookie('nobody'); // To help search for cookies
298 if (empty($frm->username
) && $authsequence[0] != 'shibboleth') { // See bug 5184
299 if (!empty($_GET["username"])) {
300 $frm->username
= $_GET["username"];
302 $frm->username
= get_moodle_cookie() === 'nobody' ?
'' : get_moodle_cookie();
308 if (!empty($frm->username
)) {
314 if (!empty($CFG->registerauth
) or is_enabled_auth('none') or !empty($CFG->auth_instructions
)) {
315 $show_instructions = true;
317 $show_instructions = false;
320 print_header("$site->fullname: $loginsite", $site->fullname
, $navigation, $focus,
321 '', true, '<div class="langmenu">'.$langmenu.'</div>');
323 include("index_form.html");