3 // This file is part of Moodle - http://moodle.org/
5 // Moodle is free software: you can redistribute it and/or modify
6 // it under the terms of the GNU General Public License as published by
7 // the Free Software Foundation, either version 3 of the License, or
8 // (at your option) any later version.
10 // Moodle is distributed in the hope that it will be useful,
11 // but WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 // GNU General Public License for more details.
15 // You should have received a copy of the GNU General Public License
16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
23 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com
24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
27 require('../config.php');
29 redirect_if_major_upgrade_required();
31 $testsession = optional_param('testsession', 0, PARAM_INT
); // test session works properly
32 $cancel = optional_param('cancel', 0, PARAM_BOOL
); // redirect to frontpage, needed for loginhttps
35 redirect(new moodle_url('/'));
38 //HTTPS is required in this page when $CFG->loginhttps enabled
39 $PAGE->https_required();
41 $context = get_context_instance(CONTEXT_SYSTEM
);
42 $PAGE->set_url("$CFG->httpswwwroot/login/index.php");
43 $PAGE->set_context($context);
44 $PAGE->set_pagelayout('login');
46 /// Initialize variables
50 // login page requested session test
52 if ($testsession == $USER->id
) {
53 if (isset($SESSION->wantsurl
)) {
54 $urltogo = $SESSION->wantsurl
;
56 $urltogo = $CFG->wwwroot
.'/';
58 unset($SESSION->wantsurl
);
61 // TODO: try to find out what is the exact reason why sessions do not work
62 $errormsg = get_string("cookiesnotenabled");
67 /// Check for timed out sessions
68 if (!empty($SESSION->has_timed_out
)) {
69 $session_has_timed_out = true;
70 unset($SESSION->has_timed_out
);
72 $session_has_timed_out = false;
75 /// auth plugins may override these - SSO anyone?
79 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence
80 foreach($authsequence as $authname) {
81 $authplugin = get_auth_plugin($authname);
82 $authplugin->loginpage_hook();
86 /// Define variables used in page
89 $loginsite = get_string("loginsite");
90 $PAGE->navbar
->add($loginsite);
92 if ($user !== false or $frm !== false or $errormsg !== '') {
93 // some auth plugin already supplied full user, fake form data or prevented user login with error message
95 } else if (!empty($SESSION->wantsurl
) && file_exists($CFG->dirroot
.'/login/weblinkauth.php')) {
96 // Handles the case of another Moodle site linking into a page on this site
97 //TODO: move weblink into own auth plugin
98 include($CFG->dirroot
.'/login/weblinkauth.php');
99 if (function_exists('weblink_auth')) {
100 $user = weblink_auth($SESSION->wantsurl
);
103 $frm->username
= $user->username
;
105 $frm = data_submitted();
109 $frm = data_submitted();
112 /// Check if the user has actually submitted login data to us
114 if ($frm and isset($frm->username
)) { // Login WITH cookies
116 $frm->username
= trim(textlib
::strtolower($frm->username
));
118 if (is_enabled_auth('none') ) {
119 if ($frm->username
!== clean_param($frm->username
, PARAM_USERNAME
)) {
120 $errormsg = get_string('username').': '.get_string("invalidusername");
127 //user already supplied by aut plugin prelogin hook
128 } else if (($frm->username
== 'guest') and empty($CFG->guestloginbutton
)) {
129 $user = false; /// Can't log in as guest if guest button is disabled
132 if (empty($errormsg)) {
133 $user = authenticate_user_login($frm->username
, $frm->password
);
137 // Intercept 'restored' users to provide them with info & reset password
138 if (!$user and $frm and is_restored_user($frm->username
)) {
139 $PAGE->set_title(get_string('restoredaccount'));
140 $PAGE->set_heading($site->fullname
);
141 echo $OUTPUT->header();
142 echo $OUTPUT->heading(get_string('restoredaccount'));
143 echo $OUTPUT->box(get_string('restoredaccountinfo'), 'generalbox boxaligncenter');
144 require_once('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846
145 $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username
));
147 echo $OUTPUT->footer();
151 update_login_count();
156 if (isguestuser($user)) {
157 // no predefined language for guests - use existing session or default site lang
160 } else if (!empty($user->lang
)) {
161 // unset previous session language - use user preference instead
162 unset($SESSION->lang
);
165 if (empty($user->confirmed
)) { // This account was never confirmed
166 $PAGE->set_title(get_string("mustconfirm"));
167 $PAGE->set_heading($site->fullname
);
168 echo $OUTPUT->header();
169 echo $OUTPUT->heading(get_string("mustconfirm"));
170 echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email
), "generalbox boxaligncenter");
171 echo $OUTPUT->footer();
175 /// Let's get them all set up.
176 add_to_log(SITEID
, 'user', 'login', "view.php?id=$USER->id&course=".SITEID
,
177 $user->id
, 0, $user->id
);
178 complete_user_login($user);
180 // sets the username cookie
181 if (!empty($CFG->nolastloggedin
)) {
182 // do not store last logged in user in cookie
183 // auth plugins can temporarily override this from loginpage_hook()
184 // do not save $CFG->nolastloggedin in database!
186 } else if (empty($CFG->rememberusername
) or ($CFG->rememberusername
== 2 and empty($frm->rememberusername
))) {
187 // no permanent cookies, delete old one if exists
188 set_moodle_cookie('');
191 set_moodle_cookie($USER->username
);
194 /// Prepare redirection
195 if (user_not_fully_set_up($USER)) {
196 $urltogo = $CFG->wwwroot
.'/user/edit.php';
197 // We don't delete $SESSION->wantsurl yet, so we get there later
199 } else if (isset($SESSION->wantsurl
) and (strpos($SESSION->wantsurl
, $CFG->wwwroot
) === 0 or strpos($SESSION->wantsurl
, str_replace('http://', 'https://', $CFG->wwwroot
)) === 0)) {
200 $urltogo = $SESSION->wantsurl
; /// Because it's an address in this site
201 unset($SESSION->wantsurl
);
204 // no wantsurl stored or external - go to homepage
205 $urltogo = $CFG->wwwroot
.'/';
206 unset($SESSION->wantsurl
);
208 $home_page = get_home_page();
209 // Go to my-moodle page instead of site homepage if defaulthomepage set to homepage_my
210 if ($home_page == HOMEPAGE_MY
&& !is_siteadmin() && !isguestuser()) {
211 if ($urltogo == $CFG->wwwroot
or $urltogo == $CFG->wwwroot
.'/' or $urltogo == $CFG->wwwroot
.'/index.php') {
212 $urltogo = $CFG->wwwroot
.'/my/';
217 /// check if user password has expired
218 /// Currently supported only for ldap-authentication module
219 $userauth = get_auth_plugin($USER->auth
);
220 if (!empty($userauth->config
->expiration
) and $userauth->config
->expiration
== 1) {
221 if ($userauth->can_change_password()) {
222 $passwordchangeurl = $userauth->change_password_url();
223 if (!$passwordchangeurl) {
224 $passwordchangeurl = $CFG->httpswwwroot
.'/login/change_password.php';
227 $passwordchangeurl = $CFG->httpswwwroot
.'/login/change_password.php';
229 $days2expire = $userauth->password_expire($USER->username
);
230 $PAGE->set_title("$site->fullname: $loginsite");
231 $PAGE->set_heading("$site->fullname");
232 if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config
->expiration_warning
)) {
233 echo $OUTPUT->header();
234 echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
235 echo $OUTPUT->footer();
237 } elseif (intval($days2expire) < 0 ) {
238 echo $OUTPUT->header();
239 echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
240 echo $OUTPUT->footer();
247 // test the session actually works by redirecting to self
248 $SESSION->wantsurl
= $urltogo;
249 redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id
)));
252 if (empty($errormsg)) {
253 $errormsg = get_string("invalidlogin");
259 /// Detect problems with timedout sessions
260 if ($session_has_timed_out and !data_submitted()) {
261 $errormsg = get_string('sessionerroruser', 'error');
265 /// First, let's remember where the user was trying to get to before they got here
267 if (empty($SESSION->wantsurl
)) {
268 $SESSION->wantsurl
= (array_key_exists('HTTP_REFERER',$_SERVER) &&
269 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot
&&
270 $_SERVER["HTTP_REFERER"] != $CFG->wwwroot
.'/' &&
271 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot
.'/login/' &&
272 $_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot
.'/login/index.php')
273 ?
$_SERVER["HTTP_REFERER"] : NULL;
276 /// Redirect to alternative login URL if needed
277 if (!empty($CFG->alternateloginurl
)) {
278 $loginurl = $CFG->alternateloginurl
;
280 if (strpos($SESSION->wantsurl
, $loginurl) === 0) {
281 //we do not want to return to alternate url
282 $SESSION->wantsurl
= NULL;
286 if (strpos($loginurl, '?') === false) {
291 $loginurl .= 'errorcode='.$errorcode;
297 // make sure we really are on the https page when https login required
298 $PAGE->verify_https_required();
300 /// Generate the login page with forms
302 if (!isset($frm) or !is_object($frm)) {
303 $frm = new stdClass();
306 if (empty($frm->username
) && $authsequence[0] != 'shibboleth') { // See bug 5184
307 if (!empty($_GET["username"])) {
308 $frm->username
= clean_param($_GET["username"], PARAM_RAW
); // we do not want data from _POST here
310 $frm->username
= get_moodle_cookie();
316 if (!empty($frm->username
)) {
322 if (!empty($CFG->registerauth
) or is_enabled_auth('none') or !empty($CFG->auth_instructions
)) {
323 $show_instructions = true;
325 $show_instructions = false;
328 $potentialidps = array();
329 foreach($authsequence as $authname) {
330 $authplugin = get_auth_plugin($authname);
331 $potentialidps = array_merge($potentialidps, $authplugin->loginpage_idp_list($SESSION->wantsurl
));
334 $PAGE->set_title("$site->fullname: $loginsite");
335 $PAGE->set_heading("$site->fullname");
337 echo $OUTPUT->header();
339 if (isloggedin() and !isguestuser()) {
340 // prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed
341 echo $OUTPUT->box_start();
342 $logout = new single_button(new moodle_url($CFG->httpswwwroot
.'/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post');
343 $continue = new single_button(new moodle_url($CFG->httpswwwroot
.'/login/index.php', array('cancel'=>1)), get_string('cancel'), 'get');
344 echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
345 echo $OUTPUT->box_end();
347 include("index_form.html");
348 if (!empty($CFG->loginpageautofocus
)) {
349 //focus username or password
350 $PAGE->requires
->js_init_call('M.util.focus_login_form', null, true);
354 echo $OUTPUT->footer();