Search moodle.org's
Developer Documentation


  • Bug fixes for general core bugs in 2.8.x ended 9 November 2015 (12 months).
  • Bug fixes for security issues in 2.8.x ended 9 May 2016 (18 months).
  • minimum PHP 5.4.4 (always use latest PHP 5.4.x or 5.5.x on Windows - http://windows.php.net/download/), PHP 7 is NOT supported
  • Differences Between: [Versions 28 and 32] [Versions 28 and 33] [Versions 28 and 34] [Versions 28 and 35] [Versions 28 and 36] [Versions 28 and 37]

       1  <?php
       2  
       3  // Allows the admin to control user logins from remote moodles.
       4  
       5  require_once dirname(dirname(dirname(__FILE__))) . '/config.php';
       6  require_once($CFG->libdir.'/adminlib.php');
       7  include_once($CFG->dirroot.'/mnet/lib.php');
       8  
       9  $sort         = optional_param('sort', 'username', PARAM_ALPHA);
      10  $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
      11  $page         = optional_param('page', 0, PARAM_INT);
      12  $perpage      = optional_param('perpage', 30, PARAM_INT);
      13  $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
      14  
      15  require_login();
      16  
      17  admin_externalpage_setup('ssoaccesscontrol');
      18  
      19  if (!extension_loaded('openssl')) {
      20      print_error('requiresopenssl', 'mnet');
      21  }
      22  
      23  $sitecontext = context_system::instance();
      24  $sesskey = sesskey();
      25  $formerror = array();
      26  
      27  // grab the mnet hosts and remove the localhost
      28  $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
      29  if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
      30      unset($mnethosts[$CFG->mnet_localhost_id]);
      31  }
      32  
      33  
      34  
      35  // process actions
      36  if (!empty($action) and confirm_sesskey()) {
      37  
      38      // boot if insufficient permission
      39      if (!has_capability('moodle/user:delete', $sitecontext)) {
      40          print_error('nomodifyacl','mnet');
      41      }
      42  
      43      // fetch the record in question
      44      $id = required_param('id', PARAM_INT);
      45      if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
      46          print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      47      }
      48  
      49      switch ($action) {
      50  
      51          case "delete":
      52              $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
      53              redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
      54              break;
      55  
      56          case "acl":
      57  
      58              // require the access parameter, and it must be 'allow' or 'deny'
      59              $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
      60              if ($accessctrl != 'allow' and $accessctrl != 'deny') {
      61                  print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      62              }
      63  
      64              if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
      65                  if ($accessctrl == 'allow') {
      66                      redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username,
      67                          'host' => $mnethosts[$idrec->mnet_host_id])));
      68                  } else if ($accessctrl == 'deny') {
      69                      redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username,
      70                          'host' => $mnethosts[$idrec->mnet_host_id])));
      71                  }
      72              }
      73              break;
      74  
      75          default:
      76              print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      77      }
      78  }
      79  
      80  
      81  
      82  // process the form results
      83  if ($form = data_submitted() and confirm_sesskey()) {
      84  
      85      // check permissions and verify form input
      86      if (!has_capability('moodle/user:delete', $sitecontext)) {
      87          print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      88      }
      89      if (empty($form->username)) {
      90          $formerror['username'] = get_string('enterausername','mnet');
      91      }
      92      if (empty($form->mnet_host_id)) {
      93          $formerror['mnet_host_id'] = get_string('selectahost','mnet');
      94      }
      95      if (empty($form->accessctrl)) {
      96          $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
      97      }
      98  
      99      // process if there are no errors
     100      if (count($formerror) == 0) {
     101  
     102          // username can be a comma separated list
     103          $usernames = explode(',', $form->username);
     104  
     105          foreach ($usernames as $username) {
     106              $username = trim(core_text::strtolower($username));
     107              if (!empty($username)) {
     108                  if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
     109                      if ($form->accessctrl == 'allow') {
     110                          redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
     111                      } elseif ($form->accessctrl == 'deny') {
     112                          redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
     113                      }
     114                  }
     115              }
     116          }
     117      }
     118      exit;
     119  }
     120  
     121  echo $OUTPUT->header();
     122  
     123  // Explain
     124  echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
     125  // Are the needed bits enabled?
     126  $warn = '';
     127  if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
     128      $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
     129  }
     130  
     131  if (!is_enabled_auth('mnet')) {
     132      $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
     133  }
     134  
     135  if (!empty($warn)) {
     136      $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
     137      echo $OUTPUT->box($warn);
     138  }
     139  // output the ACL table
     140  $columns = array("username", "mnet_host_id", "access", "delete");
     141  $headings = array();
     142  $string = array('username'     => get_string('username'),
     143                  'mnet_host_id' => get_string('remotehost', 'mnet'),
     144                  'access'       => get_string('accesslevel', 'mnet'),
     145                  'delete'       => get_string('delete'));
     146  foreach ($columns as $column) {
     147      if ($sort != $column) {
     148          $columnicon = "";
     149          $columndir = "ASC";
     150      } else {
     151          $columndir = $dir == "ASC" ? "DESC" : "ASC";
     152          $columnicon = $dir == "ASC" ? "down" : "up";
     153          $columnicon = " <img src=\"" . $OUTPUT->pix_url('t/' . $columnicon) . "\" alt=\"\" />";
     154      }
     155      $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
     156  }
     157  $headings['delete'] = '';
     158  $acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
     159  $aclcount = $DB->count_records('mnet_sso_access_control');
     160  
     161  if (!$acl) {
     162      echo $OUTPUT->heading(get_string('noaclentries','mnet'));
     163      $table = NULL;
     164  } else {
     165      $table = new html_table();
     166      $table->head = $headings;
     167      $table->align = array('left', 'left', 'center');
     168      $table->width = "95%";
     169      foreach ($acl as $aclrecord) {
     170          if ($aclrecord->accessctrl == 'allow') {
     171              $accesscolumn = get_string('allow', 'mnet')
     172                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
     173                  . get_string('deny', 'mnet') . "</a>)";
     174          } else {
     175              $accesscolumn = get_string('deny', 'mnet')
     176                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
     177                  . get_string('allow', 'mnet') . "</a>)";
     178          }
     179          $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
     180                  . get_string('delete') . "</a>";
     181          $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
     182      }
     183  }
     184  
     185  if (!empty($table)) {
     186      echo html_writer::table($table);
     187      echo '<p>&nbsp;</p>';
     188      $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
     189      echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
     190  }
     191  
     192  
     193  
     194  // output the add form
     195  echo $OUTPUT->box_start();
     196  
     197  ?>
     198   <div class="mnetaddtoaclform">
     199    <form id="mnetaddtoacl" method="post">
     200      <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
     201  <?php
     202  
     203  // enter a username
     204  echo get_string('username') . ":\n";
     205  if (!empty($formerror['username'])) {
     206      echo '<span class="error"> * </span>';
     207  }
     208  echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide'));
     209  echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />';
     210  
     211  // choose a remote host
     212  echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n";
     213  if (!empty($formerror['mnet_host_id'])) {
     214      echo '<span class="error"> * </span>';
     215  }
     216  echo html_writer::select($mnethosts, 'mnet_host_id');
     217  
     218  // choose an access level
     219  echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n";
     220  if (!empty($formerror['accessctrl'])) {
     221      echo '<span class="error"> * </span>';
     222  }
     223  $accessmenu['allow'] = get_string('allow', 'mnet');
     224  $accessmenu['deny'] = get_string('deny', 'mnet');
     225  echo html_writer::select($accessmenu, 'accessctrl');
     226  
     227  // submit button
     228  echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
     229  echo "</form></div>\n";
     230  
     231  // print errors
     232  foreach ($formerror as $error) {
     233      echo "<br><span class=\"error\">$error<span>";
     234  }
     235  
     236  echo $OUTPUT->box_end();
     237  echo $OUTPUT->footer();
    

    Search This Site: