1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
|
<?php // $Id: index.php,v 1.88.2.6 2006/10/08 19:03:52 skodak Exp $
require_once("../config.php");
$loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically
$testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test
//initialize variables
$errormsg = '';
/// Check for timed out sessions
if (!empty($SESSION->has_timed_out)) {
$session_has_timed_out = true;
$SESSION->has_timed_out = false;
} else {
$session_has_timed_out = false;
}
//HTTPS is potentially required in this page
httpsrequired();
/// Check if the guest user exists. If not, create one.
if (! record_exists("user", "username", "guest")) {
$guest->auth = "manual";
$guest->username = "guest";
$guest->password = hash_internal_user_password("guest");
$guest->firstname = addslashes(get_string("guestuser"));
$guest->lastname = " ";
$guest->email = "root@localhost";
$guest->description = addslashes(get_string("guestuserinfo"));
$guest->confirmed = 1;
$guest->lang = $CFG->lang;
$guest->timemodified= time();
if (! $guest->id = insert_record("user", $guest)) {
notify("Could not create guest user record !!!");
}
}
/// Load alternative login screens if necessary
if ($CFG->auth == 'cas' && !empty($CFG->cas_enabled)) {
require($CFG->dirroot.'/auth/cas/login.php');
}
// See http://moodle.org/mod/forum/discuss.php?d=39918#187611
// if ($CFG->auth == 'shibboleth') {
// if (!empty($SESSION->shibboleth_checked) ) { // Just come from there
// unset($SESSION->shibboleth_checked);
// } else if (empty($_POST)) { // No incoming data, so redirect
// redirect($CFG->wwwroot.'/auth/shibboleth/index.php');
// }
// }
/// Define variables used in page
if (!$site = get_site()) {
error("No site found!");
}
if (empty($CFG->langmenu)) {
$langmenu = "";
} else {
$currlang = current_language();
$langs = get_list_of_languages();
$langmenu = popup_form ("$CFG->httpswwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
}
$loginsite = get_string("loginsite");
$loginurl = (!empty($CFG->alternateloginurl)) ? $CFG->alternateloginurl : '';
$frm = false;
$user = false;
if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
/// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
$frm->username = 'guest';
$frm->password = 'guest';
} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
// Handles the case of another Moodle site linking into a page on this site
include($CFG->dirroot.'/login/weblinkauth.php');
if (function_exists(weblink_auth)) {
$user = weblink_auth($SESSION->wantsurl);
}
if ($user) {
$frm->username = $user->username;
} else {
$frm = data_submitted($loginurl);
}
} else {
$frm = data_submitted($loginurl);
}
/// Check if the user has actually submitted login data to us
if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested
$errormsg = get_string("cookiesnotenabled");
} else if ($frm) { // Login WITH cookies
$frm->username = trim(moodle_strtolower($frm->username));
if ($CFG->auth == 'none' && empty($CFG->extendedusernamechars)) {
$string = eregi_replace("[^(-\.[:alnum:])]", "", $frm->username);
if (strcmp($frm->username, $string)) {
$errormsg = get_string('username').': '.get_string("alphanumerical");
$user = null;
}
}
if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
$user = false; /// Can't log in as guest if guest button is disabled
$frm = false;
} else if (!$user) {
if (empty($errormsg)) {
$user = authenticate_user_login($frm->username, $frm->password);
}
}
update_login_count();
if ($user) {
if (empty($user->confirmed)) { // This account was never confirmed
print_header(get_string("mustconfirm"), get_string("mustconfirm") );
print_heading(get_string("mustconfirm"));
print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
print_footer();
die;
}
// Let's get them all set up.
$USER = $user;
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
update_user_login_times();
set_moodle_cookie($USER->username);
set_login_session_preferences();
//Select password change url
if (is_internal_auth($USER->auth) || $CFG->{'auth_'.$USER->auth.'_stdchangepassword'}){
$passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
} elseif($CFG->changepassword) {
$passwordchangeurl=$CFG->changepassword;
} else {
$passwordchangeurl = '';
}
// check whether the user should be changing password
if (get_user_preferences('auth_forcepasswordchange', false) || $frm->password == 'changeme'){
if ($passwordchangeurl != '') {
redirect($passwordchangeurl);
} else {
error("You cannot proceed without changing your password.
However there is no available page for changing it.
Please contact your Moodle Administrator.");
}
}
/// Prepare redirection
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;
// We don't delete $SESSION->wantsurl yet, so we get there later
} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
// no wantsurl stored or external - go to homepage
$urltogo = $CFG->wwwroot.'/';
unset($SESSION->wantsurl);
}
/// Go to my-moodle page instead of homepage if mymoodleredirect enabled
if (!isadmin() and !empty($CFG->mymoodleredirect) and !isguest()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
$urltogo = $CFG->wwwroot.'/my/';
}
}
// check if user password has expired
// Currently supported only for ldap-authentication module
if (isset($CFG->ldap_expiration) && $CFG->ldap_expiration == 1 ) {
if (function_exists('auth_password_expire')){
$days2expire = auth_password_expire($USER->username);
if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
print_footer();
exit;
} elseif (intval($days2expire) < 0 ) {
print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>");
notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
print_footer();
exit;
}
}
}
reset_login_count();
redirect($urltogo);
exit;
} else {
if (empty($errormsg)) {
$errormsg = get_string("invalidlogin");
}
}
}
/// We need to show a login form
/// First, let's remember where the user was trying to get to before they got here
if (empty($SESSION->wantsurl)) {
$SESSION->wantsurl = (array_key_exists('HTTP_REFERER',$_SERVER) &&
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot &&
$_SERVER["HTTP_REFERER"] != $CFG->wwwroot.'/' &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/' &&
$_SERVER["HTTP_REFERER"] != $CFG->httpswwwroot.'/login/index.php')
? $_SERVER["HTTP_REFERER"] : NULL;
}
if (!empty($loginurl)) { // We don't want the standard forms, go elsewhere
redirect($loginurl);
}
/// Generate the login page with forms
if ($session_has_timed_out) {
$errormsg = get_string('sessionerroruser', 'error');
}
if (get_moodle_cookie() == '') {
set_moodle_cookie('nobody'); // To help search for cookies
}
if (empty($frm->username) && $CFG->auth != 'shibboleth') { // See bug 5184
$frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
$frm->password = "";
}
if (!empty($frm->username)) {
$focus = "login.password";
} else {
$focus = "login.username";
}
if (isset($CFG->auth_instructions)) {
$CFG->auth_instructions = trim($CFG->auth_instructions);
}
if ($CFG->auth == "email" or $CFG->auth == "none" or !empty($CFG->auth_instructions)) {
$show_instructions = true;
} else {
$show_instructions = false;
}
print_header("$site->fullname: $loginsite", $site->fullname, $loginsite, $focus,
'', true, '<div class="langmenu" align="right">'.$langmenu.'</div>');
include("index_form.html");
print_footer();
?>
|
