Search moodle.org's
Developer Documentation

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.
  • Differences Between: [Versions 310 and 34] [Versions 310 and 35] [Versions 34 and 310] [Versions 35 and 310]

       1  <?php
       2  
       3  // Allows the admin to control user logins from remote moodles.
       4  
       5  require_once(__DIR__ . '/../../config.php');
       6  require_once($CFG->libdir.'/adminlib.php');
       7  include_once($CFG->dirroot.'/mnet/lib.php');
       8  
       9  $sort         = optional_param('sort', 'username', PARAM_ALPHA);
      10  $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
      11  $page         = optional_param('page', 0, PARAM_INT);
      12  $perpage      = optional_param('perpage', 30, PARAM_INT);
      13  $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
      14  
      15  admin_externalpage_setup('ssoaccesscontrol');
      16  
      17  if (!extension_loaded('openssl')) {
      18      print_error('requiresopenssl', 'mnet');
      19  }
      20  
      21  $sitecontext = context_system::instance();
      22  $sesskey = sesskey();
      23  $formerror = array();
      24  
      25  // grab the mnet hosts and remove the localhost
      26  $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
      27  if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
      28      unset($mnethosts[$CFG->mnet_localhost_id]);
      29  }
      30  
      31  
      32  
      33  // process actions
      34  if (!empty($action) and confirm_sesskey()) {
      35  
      36      // boot if insufficient permission
      37      if (!has_capability('moodle/user:delete', $sitecontext)) {
      38          print_error('nomodifyacl','mnet');
      39      }
      40  
      41      // fetch the record in question
      42      $id = required_param('id', PARAM_INT);
      43      if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
      44          print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      45      }
      46  
      47      switch ($action) {
      48  
      49          case "delete":
      50              $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
      51              redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
      52              break;
      53  
      54          case "acl":
      55  
      56              // require the access parameter, and it must be 'allow' or 'deny'
      57              $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
      58              if ($accessctrl != 'allow' and $accessctrl != 'deny') {
      59                  print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      60              }
      61  
      62              if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
      63                  if ($accessctrl == 'allow') {
      64                      redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username,
      65                          'host' => $mnethosts[$idrec->mnet_host_id])));
      66                  } else if ($accessctrl == 'deny') {
      67                      redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username,
      68                          'host' => $mnethosts[$idrec->mnet_host_id])));
      69                  }
      70              }
      71              break;
      72  
      73          default:
      74              print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      75      }
      76  }
      77  
      78  
      79  
      80  // process the form results
      81  if ($form = data_submitted() and confirm_sesskey()) {
      82  
      83      // check permissions and verify form input
      84      if (!has_capability('moodle/user:delete', $sitecontext)) {
      85          print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
      86      }
      87      if (empty($form->username)) {
      88          $formerror['username'] = get_string('enterausername','mnet');
      89      }
      90      if (empty($form->mnet_host_id)) {
      91          $formerror['mnet_host_id'] = get_string('selectahost','mnet');
      92      }
      93      if (empty($form->accessctrl)) {
      94          $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
      95      }
      96  
      97      // process if there are no errors
      98      if (count($formerror) == 0) {
      99  
     100          // username can be a comma separated list
     101          $usernames = explode(',', $form->username);
     102  
     103          foreach ($usernames as $username) {
     104              $username = trim(core_text::strtolower($username));
     105              if (!empty($username)) {
     106                  if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
     107                      if ($form->accessctrl == 'allow') {
     108                          redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
     109                      } elseif ($form->accessctrl == 'deny') {
     110                          redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
     111                      }
     112                  }
     113              }
     114          }
     115      }
     116      exit;
     117  }
     118  
     119  echo $OUTPUT->header();
     120  
     121  // Explain
     122  echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
     123  // Are the needed bits enabled?
     124  $warn = '';
     125  if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
     126      $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
     127  }
     128  
     129  if (!is_enabled_auth('mnet')) {
     130      $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
     131  }
     132  
     133  if (!empty($warn)) {
     134      $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
     135      echo $OUTPUT->box($warn);
     136  }
     137  // output the ACL table
     138  $columns = array("username", "mnet_host_id", "access", "delete");
     139  $headings = array();
     140  $string = array('username'     => get_string('username'),
     141                  'mnet_host_id' => get_string('remotehost', 'mnet'),
     142                  'access'       => get_string('accesslevel', 'mnet'),
     143                  'delete'       => get_string('delete'));
     144  foreach ($columns as $column) {
     145      if ($sort != $column) {
     146          $columnicon = "";
     147          $columndir = "ASC";
     148      } else {
     149          $columndir = $dir == "ASC" ? "DESC" : "ASC";
     150          $columnicon = $dir == "ASC" ? "down" : "up";
     151          $columnicon = " " . $OUTPUT->pix_icon('t/' . $columnicon, get_string('sort'));
     152      }
     153      $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
     154  }
     155  $headings['delete'] = '';
     156  $acl = $DB->get_records('mnet_sso_access_control', null, "$sort $dir", '*'); //, $page * $perpage, $perpage);
     157  $aclcount = $DB->count_records('mnet_sso_access_control');
     158  
     159  if (!$acl) {
     160      echo $OUTPUT->heading(get_string('noaclentries','mnet'));
     161      $table = NULL;
     162  } else {
     163      $table = new html_table();
     164      $table->head = $headings;
     165      $table->align = array('left', 'left', 'center');
     166      $table->width = "95%";
     167      foreach ($acl as $aclrecord) {
     168          if ($aclrecord->accessctrl == 'allow') {
     169              $accesscolumn = get_string('allow', 'mnet')
     170                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
     171                  . get_string('deny', 'mnet') . "</a>)";
     172          } else {
     173              $accesscolumn = get_string('deny', 'mnet')
     174                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
     175                  . get_string('allow', 'mnet') . "</a>)";
     176          }
     177          $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
     178                  . get_string('delete') . "</a>";
     179          $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
     180      }
     181  }
     182  
     183  if (!empty($table)) {
     184      echo html_writer::table($table);
     185      echo '<p>&nbsp;</p>';
     186      $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
     187      echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
     188  }
     189  
     190  
     191  
     192  // output the add form
     193  echo $OUTPUT->box_start();
     194  
     195  ?>
     196   <div class="mnetaddtoaclform">
     197    <form id="mnetaddtoacl" method="post">
     198      <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
     199  <?php
     200  
     201  // enter a username
     202  echo get_string('username') . ":\n";
     203  if (!empty($formerror['username'])) {
     204      echo '<span class="error"> * </span>';
     205  }
     206  echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide'));
     207  echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />';
     208  
     209  // choose a remote host
     210  echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n";
     211  if (!empty($formerror['mnet_host_id'])) {
     212      echo '<span class="error"> * </span>';
     213  }
     214  echo html_writer::select($mnethosts, 'mnet_host_id');
     215  
     216  // choose an access level
     217  echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n";
     218  if (!empty($formerror['accessctrl'])) {
     219      echo '<span class="error"> * </span>';
     220  }
     221  $accessmenu['allow'] = get_string('allow', 'mnet');
     222  $accessmenu['deny'] = get_string('deny', 'mnet');
     223  echo html_writer::select($accessmenu, 'accessctrl');
     224  
     225  // submit button
     226  echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
     227  echo "</form></div>\n";
     228  
     229  // print errors
     230  foreach ($formerror as $error) {
     231      echo "<br><span class=\"error\">$error<span>";
     232  }
     233  
     234  echo $OUTPUT->box_end();
     235  echo $OUTPUT->footer();