forked from moodle/moodle
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.php
106 lines (76 loc) · 4.29 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<?php
// Designed to be redirected from moodle/login/index.php
require('../../config.php');
$PAGE->set_url('/auth/shibboleth/index.php');
// Support for WAYFless URLs.
$target = optional_param('target', '', PARAM_LOCALURL);
if (!empty($target)) {
$SESSION->wantsurl = $target;
}
if (isloggedin() && !isguestuser()) { // Nothing to do
if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
unset($SESSION->wantsurl); /// Just in case
}
redirect($urltogo);
}
$pluginconfig = get_config('auth/shibboleth');
$shibbolethauth = get_auth_plugin('shibboleth');
// Check whether Shibboleth is configured properly
if (empty($pluginconfig->user_attribute)) {
print_error('shib_not_set_up_error', 'auth_shibboleth');
}
/// If we can find the Shibboleth attribute, save it in session and return to main login page
if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login
$frm = new stdClass();
$frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
$frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);
// The random password consists of the first 8 letters of the base 64 encoded user ID
// This password is never used unless the user account is converted to manual
/// Check if the user has actually submitted login data to us
if ($shibbolethauth->user_login($frm->username, $frm->password)
&& $user = authenticate_user_login($frm->username, $frm->password)) {
enrol_check_plugins($user);
session_set_user($user);
$USER->loggedin = true;
$USER->site = $CFG->wwwroot; // for added security, store the site in the
update_user_login_times();
// Don't show previous shibboleth username on login page
set_login_session_preferences();
unset($SESSION->lang);
$SESSION->justloggedin = true;
add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
if (user_not_fully_set_up($USER)) {
$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;
// We don't delete $SESSION->wantsurl yet, so we get there later
} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
unset($SESSION->wantsurl);
} else {
$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
unset($SESSION->wantsurl); /// Just in case
}
/// Go to my-moodle page instead of homepage if defaulthomepage enabled
if (!has_capability('moodle/site:config',context_system::instance()) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {
if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
$urltogo = $CFG->wwwroot.'/my/';
}
}
redirect($urltogo);
exit;
}
else {
// The Shibboleth user couldn't be mapped to a valid Moodle user
print_error('shib_invalid_account_error', 'auth_shibboleth');
}
}
// If we can find any (user independent) Shibboleth attributes but no user
// attributes we probably didn't receive any user attributes
elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
print_error('shib_no_attributes_error', 'auth_shibboleth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
} else {
print_error('shib_not_set_up_error', 'auth_shibboleth');
}