First implementation of new authentication system, which can now use

pluggable modules in the 'auth' directory.

Everything is done through authentication_user_login in lib/moodlelib.php

As well as the old default "email" confirmation, I added a new type of
confirmation "none", which basically does no confirmation at all.

admin/config.html

@@ -1,6 +1,22 @@
 <FORM METHOD="post" action="config.php" NAME="form">
 
 <TABLE cellpadding=9 cellspacing=0 >
+<TR VALIGN=TOP>
+	<TD ALIGN=RIGHT><P>auth:</TD>
+	<TD>
+    <? $modules = get_list_of_plugins("auth");
+       foreach ($modules as $module) {
+           $options[$module] = $module;
+       }
+       choose_from_menu ($options, "auth", $config->auth, "", "", "");
+       formerr($err["auth"]);
+       unset($options);
+    ?>
+    </TD>
+    <TD>
+    <? print_string("configauth") ?>
+    </TD>
+</TR>
 <TR VALIGN=TOP>
 	<TD ALIGN=RIGHT><P>lang:</TD>
 	<TD>

auth/README

@@ -0,0 +1,35 @@
+This directory contains authentication modules.
+
+Each of these modules describes a different way to 
+check that a user has provided a correct 
+
+   - username, and 
+   - password.
+
+Even when external forms of authentication are being
+used, Moodle still maintains the internal "user" table 
+with all the associated information about that user such
+as name, email address and so on.
+
+The active method is set by the admin on the Configuration page.
+
+
+email - authentication by email  (DEFAULT METHOD)
+
+    - user fills out form with email address
+    - email sent to user with link 
+    - user clicks on link in email to confirm
+    - user account is created
+    - user can log in
+
+
+none  - no authentication at all .. very insecure!!
+
+    - user logs in using ANY username and password
+    - if the username doesn't already exist then
+      a new account is created
+    - when user tries to access a course they 
+      are forced to set up their account details
+
+
+ldap  - Uses an external LDAP server

auth/email/lib.php

@@ -0,0 +1,19 @@
+<?PHP  // $Id$
+       // Standard authentication function
+
+function auth_user_login ($username, $password) {
+// Returns true if the username and password work
+// and false if they don't
+
+    global $CFG;
+
+    if (! $user = get_user_info_from_db("username", $username)) {
+        return false;
+    }
+
+    return ($user->password == md5($password));
+}
+
+
+
+?>

auth/none/lib.php

@@ -0,0 +1,17 @@
+<?PHP  // $Id$
+       // No authentication at all.  This method approves everything!
+
+function auth_user_login ($username, $password) {
+// Returns true if the username doesn't exist yet
+// Returns true if the username and password work
+
+    if (! $user = get_user_info_from_db("username", $username)) {
+        return true;
+    }
+
+    return ($user->password == md5($password));
+}
+
+
+
+?>

error/index.php

@@ -17,7 +17,7 @@
 
     print_header("$site->fullname:Error", "$site->fullname: Error 404", "", "form.text");
 
-    print_simple_box("An unusual error occurred (tried to reach a page that doesn't exist).<P align=center>$REQUEST_URI", "center", "", "$THEME->cellheading");
+    print_simple_box("An unusual error occurred (tried to reach a page that doesn't exist).<P align=center>$REDIRECT_URL", "center", "", "$THEME->cellheading");
 
 ?>
 

lang/en/moodle.php

@@ -45,7 +45,7 @@
 $string['chooseuser'] = "Choose a user";
 $string['city'] = "City/town";
 $string['comparelanguage'] = "Compare and edit current language";
-$string['configvariables'] = "Configure variables";
+$string['configauth'] = "Choose the authentication module you want to use.  The default is 'email' and has the best security.  The method 'none' has no checking whatsoever - be careful using it unless you really know what you are doing.";
 $string['configgdversion'] = "Indicate the version of GD that is installed.  The version shown by default is the one that has been auto-detected.  Don't change this unless you really know what you're doing.";
 $string['configerrorlevel'] = "Choose the amount of PHP warnings that you want to be displayed.  Normal is usually the best choice.";
 $string['configintro'] = "On this page you can specify a number of configuration variables that help make Moodle work properly on your server.  Don't worry too much about it - the defaults will usually work fine and you can always come back to this page later and change these settings.";
@@ -57,6 +57,7 @@
 $string['configslasharguments'] = "Files (images, uploads etc) are provided via a script using 'slash arguments' (the second option here). This method allows files to be more easily cached in web browsers, proxy servers etc.  Unfortunately, some PHP servers don't allow this method, so if you have trouble viewing uploaded files or images (eg user pictures), set this variable to the first option";
 $string['configsmtphosts'] = "Give the full name of one or more local SMTP servers that Moodle should use to send mail (eg 'mail.a.com' or 'mail.a.com;mail.b.com'). If you leave it blank, Moodle will use the PHP default method of sending mail.";
 $string['configunzip'] = "Indicate the location of your unzip program (Unix only).  This is needed to unpack zip archives on the server.";
+$string['configvariables'] = "Configure variables";
 $string['configzip'] = "Indicate the location of your zip program (Unix only).  This is needed to create zip archives on the server.";
 $string['confirmed'] = "Your registration has been confirmed";
 $string['courseupdates'] = "Course updates";

lib/defaults.php

@@ -7,6 +7,7 @@
        "theme"          => "standard",
        "lang"           => "en",
        "locale"         => "en",
+       "auth"           => "email",
        "smtphosts"      => "",
        "gdversion"      =>  1,
        "longtimenosee"  =>  100,

lib/moodlelib.php

@@ -968,8 +968,7 @@ function update_user_in_db() {
        return false;
 
    $timenow = time();
-   if ($db->Execute("UPDATE LOW_PRIORITY user SET lastIP='$REMOTE_ADDR', lastaccess='$timenow' 
-                                               WHERE id = '$USER->id' ")) {
+   if ($db->Execute("UPDATE user SET lastIP='$REMOTE_ADDR', lastaccess='$timenow' WHERE id = '$USER->id' ")) {
        return true;
    } else {
        return false;
@@ -1007,8 +1006,6 @@ function require_login($courseid=0) {
             }
             if (!$USER->email) {            // User logged in, but has not set up profile!
                                             // This can occur with external authentication
-                $USER->email = "spam";      // To prevent auth loops
-                save_session("USER");
                 redirect("$CFG->wwwroot/user/edit.php?id=$USER->id&course=$courseid");
                 die;
             }
@@ -1204,19 +1201,54 @@ function save_session($VAR) {
 }
 
 
-function verify_login($username, $password) {
+function create_user_record($username, $password) {
+// Creates a bare-bones user record 
+    global $REMOTE_ADDR;
 
-    $user = get_user_info_from_db("username", $username);
+    $newuser->username = $username;
+    $newuser->password = md5($password);
+    $newuser->confirmed = 1;
+    $newuser->lastIP = $REMOTE_ADDR;
+    $newuser->timemodified = time();
 
-    if (! $user) {
-        return false;
-    } else if ( $user->password == md5($password) and ! $user->deleted ) {
-        return $user;
-    } else {
-        return false;
+    if (insert_record("user", $newuser)) {
+        return get_user_info_from_db("username", $username);
+    }
+    return false;
+}
+
+function authenticate_user_login($username, $password) {
+// Given a username and password, this function looks them 
+// up using the currently selected authentication mechanism,
+// and if the authentication is successful, it returns a 
+// valid $user object from the 'user' table.
+//
+// Uses auth_ functions from the currently active auth module
+
+    global $CFG;
+
+    if (!isset($CFG->auth)) {
+        $CFG->auth = "email";    // Default authentication module
     }
+
+    require("$CFG->dirroot/auth/$CFG->auth/lib.php");
+
+    if (auth_user_login($username, $password)) {  // Successful authentication
+
+        if ($user = get_user_info_from_db("username", $username)) {
+            if (md5($password) <> $user->password) {
+                set_field("user", "password", md5($password), "username", $username);
+            }
+            return $user;
+
+        } else {
+            return create_user_record($username, $password);
+        }
+    }
+    return false;
 }
 
+
 function get_site () {
 // Returns $course object of the top-level site.
     if ( $course = get_record("course", "category", 0)) {

login/change_password.php

@@ -76,7 +76,7 @@ function validate_form($frm, &$err) {
     else if (empty($frm->password))
         $err->password = get_string("missingpassword");
 
-    else if (!verify_login($frm->username, $frm->password))
+    else if (!authenticate_user_login($frm->username, $frm->password))
 		$err->password = get_string("wrongpassword");
 
     if (empty($frm->newpassword1))

login/index.php

@@ -22,7 +22,7 @@
     if (match_referer() && isset($HTTP_POST_VARS)) {    // form submitted
 
         $frm = (object)$HTTP_POST_VARS;
-        $user = verify_login($frm->username, $frm->password);
+        $user = authenticate_user_login($frm->username, $frm->password);
 
 	    update_login_count();
 

user/edit.php

@@ -15,7 +15,17 @@
         error("Course ID was incorrect");
     }
 
-	require_login($course->id);
+    if ($user->confirmed and !$user->email) {
+        // Special case which can only occur when a new account 
+        // has just been created by EXTERNAL authentication
+        // This is the only page in Moodle that has the exception
+        // so that users can set up their accounts
+        $newaccount  = true;
+
+    } else {
+        $newaccount  = false;
+	    require_login($course->id);
+    }
 
     if ($USER->id <> $user->id and !isadmin()) {
         error("You can only edit your own information");
@@ -148,28 +158,33 @@
 
 /// Otherwise fill and print the form.
 
-    $editmyprofile = get_string("editmyprofile");
-    $participants = get_string("participants");
+    $streditmyprofile = get_string("editmyprofile");
+    $strparticipants = get_string("participants");
+    $strnewuser = get_string("newuser");
 
-    if ($user->firstname and $user->lastname) {
-        $userfullname = "$user->firstname $user->lastname";
+    if (($user->firstname and $user->lastname) or $newaccount) {
+        if ($newaccount) {
+            $userfullname = $strnewuser;
+        } else {
+            $userfullname = "$user->firstname $user->lastname";
+        }
         if ($course->category) {
-	        print_header("$course->fullname: $editmyprofile", "$course->fullname: $editmyprofile",
+	        print_header("$course->fullname: $streditmyprofile", "$course->fullname: $streditmyprofile",
                         "<A HREF=\"$CFG->wwwroot/course/view.php?id=$course->id\">$course->shortname</A> 
-                        -> <A HREF=\"index.php?id=$course->id\">$participants</A>
+                        -> <A HREF=\"index.php?id=$course->id\">$strparticipants</A>
                         -> <A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
-                        -> $editmyprofile", "");
+                        -> $streditmyprofile", "");
         } else {
-	        print_header("$course->fullname: $editmyprofile", "$course->fullname",
+	        print_header("$course->fullname: $streditmyprofile", "$course->fullname",
                          "<A HREF=\"view.php?id=$user->id&course=$course->id\">$userfullname</A> 
-                          -> $editmyprofile", "");
+                          -> $streditmyprofile", "");
         }
     } else {
-        $userfullname = get_string("newuser");
+        $userfullname = $strnewuser;
         $straddnewuser = get_string("addnewuser");
 
         $stradministration = get_string("administration");
-	    print_header("$course->fullname: $editmyprofile", "$course->fullname",
+	    print_header("$course->fullname: $streditmyprofile", "$course->fullname",
                      "<A HREF=\"$CFG->wwwroot/admin\">$stradministration</A> ->
                       $straddnewuser", "");
     }