| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 3 // This file is part of Moodle - http://moodle.org/ 4 // 5 // Moodle is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // Moodle is distributed in the hope that it will be useful, 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU General Public License for more details. 14 // 15 // You should have received a copy of the GNU General Public License 16 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 17 18 /** 19 * Main login page. 20 * 21 * @package core 22 * @subpackage auth 23 * @copyright 1999 onwards Martin Dougiamas http://dougiamas.com 24 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 25 */ 26 27 require('../config.php'); 28 require_once ('lib.php'); 29 30 // Try to prevent searching for sites that allow sign-up. 31 if (!isset($CFG->additionalhtmlhead)) { 32 $CFG->additionalhtmlhead = ''; 33 } 34 $CFG->additionalhtmlhead .= '<meta name="robots" content="noindex" />'; 35 36 redirect_if_major_upgrade_required(); 37 38 $testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly 39 $cancel = optional_param('cancel', 0, PARAM_BOOL); // redirect to frontpage, needed for loginhttps 40 $anchor = optional_param('anchor', '', PARAM_RAW); // Used to restore hash anchor to wantsurl. 41 42 if ($cancel) { 43 redirect(new moodle_url('/')); 44 } 45 46 //HTTPS is required in this page when $CFG->loginhttps enabled 47 $PAGE->https_required(); 48 49 $context = context_system::instance(); 50 $PAGE->set_url("$CFG->httpswwwroot/login/index.php"); 51 $PAGE->set_context($context); 52 $PAGE->set_pagelayout('login'); 53 54 /// Initialize variables 55 $errormsg = ''; 56 $errorcode = 0; 57 58 // login page requested session test 59 if ($testsession) { 60 if ($testsession == $USER->id) { 61 if (isset($SESSION->wantsurl)) { 62 $urltogo = $SESSION->wantsurl; 63 } else { 64 $urltogo = $CFG->wwwroot.'/'; 65 } 66 unset($SESSION->wantsurl); 67 redirect($urltogo); 68 } else { 69 // TODO: try to find out what is the exact reason why sessions do not work 70 $errormsg = get_string("cookiesnotenabled"); 71 $errorcode = 1; 72 } 73 } 74 75 /// Check for timed out sessions 76 if (!empty($SESSION->has_timed_out)) { 77 $session_has_timed_out = true; 78 unset($SESSION->has_timed_out); 79 } else { 80 $session_has_timed_out = false; 81 } 82 83 /// auth plugins may override these - SSO anyone? 84 $frm = false; 85 $user = false; 86 87 $authsequence = get_enabled_auth_plugins(true); // auths, in sequence 88 foreach($authsequence as $authname) { 89 $authplugin = get_auth_plugin($authname); 90 $authplugin->loginpage_hook(); 91 } 92 93 94 /// Define variables used in page 95 $site = get_site(); 96 97 // Ignore any active pages in the navigation/settings. 98 // We do this because there won't be an active page there, and by ignoring the active pages the 99 // navigation and settings won't be initialised unless something else needs them. 100 $PAGE->navbar->ignore_active(); 101 $loginsite = get_string("loginsite"); 102 $PAGE->navbar->add($loginsite); 103 104 if ($user !== false or $frm !== false or $errormsg !== '') { 105 // some auth plugin already supplied full user, fake form data or prevented user login with error message 106 107 } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) { 108 // Handles the case of another Moodle site linking into a page on this site 109 //TODO: move weblink into own auth plugin 110 include($CFG->dirroot.'/login/weblinkauth.php'); 111 if (function_exists('weblink_auth')) { 112 $user = weblink_auth($SESSION->wantsurl); 113 } 114 if ($user) { 115 $frm->username = $user->username; 116 } else { 117 $frm = data_submitted(); 118 } 119 120 } else { 121 $frm = data_submitted(); 122 } 123 124 // Restore the #anchor to the original wantsurl. Note that this 125 // will only work for internal auth plugins, SSO plugins such as 126 // SAML / CAS / OIDC will have to handle this correctly directly. 127 if ($anchor && isset($SESSION->wantsurl) && strpos($SESSION->wantsurl, '#') === false) { 128 $wantsurl = new moodle_url($SESSION->wantsurl); 129 $wantsurl->set_anchor(substr($anchor, 1)); 130 $SESSION->wantsurl = $wantsurl->out(); 131 } 132 133 /// Check if the user has actually submitted login data to us 134 135 if ($frm and isset($frm->username)) { // Login WITH cookies 136 137 $frm->username = trim(core_text::strtolower($frm->username)); 138 139 if (is_enabled_auth('none') ) { 140 if ($frm->username !== core_user::clean_field($frm->username, 'username')) { 141 $errormsg = get_string('username').': '.get_string("invalidusername"); 142 $errorcode = 2; 143 $user = null; 144 } 145 } 146 147 if ($user) { 148 //user already supplied by aut plugin prelogin hook 149 } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) { 150 $user = false; /// Can't log in as guest if guest button is disabled 151 $frm = false; 152 } else { 153 if (empty($errormsg)) { 154 $user = authenticate_user_login($frm->username, $frm->password, false, $errorcode); 155 } 156 } 157 158 // Intercept 'restored' users to provide them with info & reset password 159 if (!$user and $frm and is_restored_user($frm->username)) { 160 $PAGE->set_title(get_string('restoredaccount')); 161 $PAGE->set_heading($site->fullname); 162 echo $OUTPUT->header(); 163 echo $OUTPUT->heading(get_string('restoredaccount')); 164 echo $OUTPUT->box(get_string('restoredaccountinfo'), 'generalbox boxaligncenter'); 165 require_once ('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846 166 $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username)); 167 $form->display(); 168 echo $OUTPUT->footer(); 169 die; 170 } 171 172 if ($user) { 173 174 // language setup 175 if (isguestuser($user)) { 176 // no predefined language for guests - use existing session or default site lang 177 unset($user->lang); 178 179 } else if (!empty($user->lang)) { 180 // unset previous session language - use user preference instead 181 unset($SESSION->lang); 182 } 183 184 if (empty($user->confirmed)) { // This account was never confirmed 185 $PAGE->set_title(get_string("mustconfirm")); 186 $PAGE->set_heading($site->fullname); 187 echo $OUTPUT->header(); 188 echo $OUTPUT->heading(get_string("mustconfirm")); 189 echo $OUTPUT->box(get_string("emailconfirmsent", "", $user->email), "generalbox boxaligncenter"); 190 echo $OUTPUT->footer(); 191 die; 192 } 193 194 /// Let's get them all set up. 195 complete_user_login($user); 196 197 \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); 198 199 // sets the username cookie 200 if (!empty($CFG->nolastloggedin)) { 201 // do not store last logged in user in cookie 202 // auth plugins can temporarily override this from loginpage_hook() 203 // do not save $CFG->nolastloggedin in database! 204 205 } else if (empty($CFG->rememberusername) or ($CFG->rememberusername == 2 and empty($frm->rememberusername))) { 206 // no permanent cookies, delete old one if exists 207 set_moodle_cookie(''); 208 209 } else { 210 set_moodle_cookie($USER->username); 211 } 212 213 $urltogo = core_login_get_return_url(); 214 215 /// check if user password has expired 216 /// Currently supported only for ldap-authentication module 217 $userauth = get_auth_plugin($USER->auth); 218 if (!isguestuser() and !empty($userauth->config->expiration) and $userauth->config->expiration == 1) { 219 if ($userauth->can_change_password()) { 220 $passwordchangeurl = $userauth->change_password_url(); 221 if (!$passwordchangeurl) { 222 $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; 223 } 224 } else { 225 $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php'; 226 } 227 $days2expire = $userauth->password_expire($USER->username); 228 $PAGE->set_title("$site->fullname: $loginsite"); 229 $PAGE->set_heading("$site->fullname"); 230 if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) { 231 echo $OUTPUT->header(); 232 echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); 233 echo $OUTPUT->footer(); 234 exit; 235 } elseif (intval($days2expire) < 0 ) { 236 echo $OUTPUT->header(); 237 echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo); 238 echo $OUTPUT->footer(); 239 exit; 240 } 241 } 242 243 // Discard any errors before the last redirect. 244 unset($SESSION->loginerrormsg); 245 246 // test the session actually works by redirecting to self 247 $SESSION->wantsurl = $urltogo; 248 redirect(new moodle_url(get_login_url(), array('testsession'=>$USER->id))); 249 250 } else { 251 if (empty($errormsg)) { 252 if ($errorcode == AUTH_LOGIN_UNAUTHORISED) { 253 $errormsg = get_string("unauthorisedlogin", "", $frm->username); 254 } else { 255 $errormsg = get_string("invalidlogin"); 256 $errorcode = 3; 257 } 258 } 259 } 260 } 261 262 /// Detect problems with timedout sessions 263 if ($session_has_timed_out and !data_submitted()) { 264 $errormsg = get_string('sessionerroruser', 'error'); 265 $errorcode = 4; 266 } 267 268 /// First, let's remember where the user was trying to get to before they got here 269 270 if (empty($SESSION->wantsurl)) { 271 $SESSION->wantsurl = null; 272 $referer = get_local_referer(false); 273 if ($referer && 274 $referer != $CFG->wwwroot && 275 $referer != $CFG->wwwroot . '/' && 276 $referer != $CFG->httpswwwroot . '/login/' && 277 strpos($referer, $CFG->httpswwwroot . '/login/?') !== 0 && 278 strpos($referer, $CFG->httpswwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=. 279 $SESSION->wantsurl = $referer; 280 } 281 } 282 283 /// Redirect to alternative login URL if needed 284 if (!empty($CFG->alternateloginurl)) { 285 $loginurl = $CFG->alternateloginurl; 286 287 if (strpos($SESSION->wantsurl, $loginurl) === 0) { 288 //we do not want to return to alternate url 289 $SESSION->wantsurl = NULL; 290 } 291 292 if ($errorcode) { 293 if (strpos($loginurl, '?') === false) { 294 $loginurl .= '?'; 295 } else { 296 $loginurl .= '&'; 297 } 298 $loginurl .= 'errorcode='.$errorcode; 299 } 300 301 redirect($loginurl); 302 } 303 304 // make sure we really are on the https page when https login required 305 $PAGE->verify_https_required(); 306 307 /// Generate the login page with forms 308 309 if (!isset($frm) or !is_object($frm)) { 310 $frm = new stdClass(); 311 } 312 313 if (empty($frm->username) && $authsequence[0] != 'shibboleth') { // See bug 5184 314 if (!empty($_GET["username"])) { 315 // we do not want data from _POST here 316 $frm->username = clean_param($_GET["username"], PARAM_RAW); // we do not want data from _POST here 317 } else { 318 $frm->username = get_moodle_cookie(); 319 } 320 321 $frm->password = ""; 322 } 323 324 if (!empty($frm->username)) { 325 $focus = "password"; 326 } else { 327 $focus = "username"; 328 } 329 330 if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($CFG->auth_instructions)) { 331 $show_instructions = true; 332 } else { 333 $show_instructions = false; 334 } 335 336 $potentialidps = array(); 337 foreach($authsequence as $authname) { 338 $authplugin = get_auth_plugin($authname); 339 $potentialidps = array_merge($potentialidps, $authplugin->loginpage_idp_list($SESSION->wantsurl)); 340 } 341 342 if (!empty($SESSION->loginerrormsg)) { 343 // We had some errors before redirect, show them now. 344 $errormsg = $SESSION->loginerrormsg; 345 unset($SESSION->loginerrormsg); 346 347 } else if ($testsession) { 348 // No need to redirect here. 349 unset($SESSION->loginerrormsg); 350 351 } else if ($errormsg or !empty($frm->password)) { 352 // We must redirect after every password submission. 353 if ($errormsg) { 354 $SESSION->loginerrormsg = $errormsg; 355 } 356 redirect(new moodle_url($CFG->httpswwwroot . '/login/index.php')); 357 } 358 359 $PAGE->set_title("$site->fullname: $loginsite"); 360 $PAGE->set_heading("$site->fullname"); 361 362 echo $OUTPUT->header(); 363 364 if (isloggedin() and !isguestuser()) { 365 // prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed 366 echo $OUTPUT->box_start(); 367 $logout = new single_button(new moodle_url($CFG->httpswwwroot.'/login/logout.php', array('sesskey'=>sesskey(),'loginpage'=>1)), get_string('logout'), 'post'); 368 $continue = new single_button(new moodle_url($CFG->httpswwwroot.'/login/index.php', array('cancel'=>1)), get_string('cancel'), 'get'); 369 echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue); 370 echo $OUTPUT->box_end(); 371 } else { 372 include ("index_form.html"); 373 if ($errormsg) { 374 $PAGE->requires->js_init_call('M.util.focus_login_error', null, true); 375 } else if (!empty($CFG->loginpageautofocus)) { 376 //focus username or password 377 $PAGE->requires->js_init_call('M.util.focus_login_form', null, true); 378 } 379 } 380 381 echo $OUTPUT->footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Aug 11 10:00:09 2016 | Cross-referenced by PHPXref 0.7.1 |