Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Adds security related settings links for security category to admin tree.
  19   *
  20   * @copyright  1999 Martin Dougiamas  http://dougiamas.com
  21   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   */
  23  
  24  defined('MOODLE_INTERNAL') || die();
  25  
  26  use core_admin\local\settings\filesize;
  27  
  28  if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page
  29  
  30      // "ip blocker" settingpage
  31      $temp = new admin_settingpage('ipblocker', new lang_string('ipblocker', 'admin'));
  32      $temp->add(new admin_setting_configcheckbox('allowbeforeblock', new lang_string('allowbeforeblock', 'admin'), new lang_string('allowbeforeblockdesc', 'admin'), 0));
  33      $temp->add(new admin_setting_configiplist('allowedip', new lang_string('allowediplist', 'admin'),
  34                                                  new lang_string('ipblockersyntax', 'admin'), ''));
  35      $temp->add(new admin_setting_configiplist('blockedip', new lang_string('blockediplist', 'admin'),
  36                                                  new lang_string('ipblockersyntax', 'admin'), ''));
  37      $ADMIN->add('security', $temp);
  38  
  39      // "sitepolicies" settingpage
  40      $temp = new admin_settingpage('sitepolicies', new lang_string('sitepolicies', 'admin'));
  41      $temp->add(new admin_setting_configcheckbox('protectusernames', new lang_string('protectusernames', 'admin'), new lang_string('configprotectusernames', 'admin'), 1));
  42      $temp->add(new admin_setting_configcheckbox('forcelogin', new lang_string('forcelogin', 'admin'), new lang_string('configforcelogin', 'admin'), 0));
  43      $temp->add(new admin_setting_configcheckbox('forceloginforprofiles', new lang_string('forceloginforprofiles', 'admin'), new lang_string('configforceloginforprofiles', 'admin'), 1));
  44      $temp->add(new admin_setting_configcheckbox('forceloginforprofileimage', new lang_string('forceloginforprofileimage', 'admin'), new lang_string('forceloginforprofileimage_help', 'admin'), 0));
  45      $temp->add(new admin_setting_configcheckbox('opentowebcrawlers', new lang_string('opentowebcrawlers', 'admin'), new lang_string('configopentowebcrawlers', 'admin'), 0));
  46      $temp->add(new admin_setting_configselect('allowindexing', new lang_string('allowindexing', 'admin'), new lang_string('allowindexing_desc', 'admin'),
  47          0,
  48          array(0 => new lang_string('allowindexingexceptlogin', 'admin'),
  49                1 => new lang_string('allowindexingeverywhere', 'admin'),
  50                2 => new lang_string('allowindexingnowhere', 'admin'))));
  51      $temp->add(new admin_setting_pickroles('profileroles',
  52          new lang_string('profileroles','admin'),
  53          new lang_string('configprofileroles', 'admin'),
  54          array('student', 'teacher', 'editingteacher')));
  55  
  56      $maxbytes = 0;
  57      if (!empty($CFG->maxbytes)) {
  58          $maxbytes = $CFG->maxbytes;
  59      }
  60      $max_upload_choices = get_max_upload_sizes(0, 0, 0, $maxbytes);
  61      // maxbytes set to 0 will allow the maximum server limit for uploads
  62      $temp->add(new admin_setting_configselect('maxbytes', new lang_string('maxbytes', 'admin'), new lang_string('configmaxbytes', 'admin'), 0, $max_upload_choices));
  63      // 100MB
  64      $defaultuserquota = 100 * filesize::UNIT_MB;
  65      $temp->add(new filesize('userquota', new lang_string('userquota', 'admin'),
  66              new lang_string('userquota_desc', 'admin'), $defaultuserquota));
  67  
  68      $temp->add(new admin_setting_configcheckbox('allowobjectembed', new lang_string('allowobjectembed', 'admin'), new lang_string('configallowobjectembed', 'admin'), 0));
  69      $temp->add(new admin_setting_configcheckbox('enabletrusttext', new lang_string('enabletrusttext', 'admin'), new lang_string('configenabletrusttext', 'admin'), 0));
  70      $temp->add(new admin_setting_configselect('maxeditingtime', new lang_string('maxeditingtime','admin'), new lang_string('configmaxeditingtime','admin'), 1800,
  71                   array(60 => new lang_string('numminutes', '', 1),
  72                         300 => new lang_string('numminutes', '', 5),
  73                         900 => new lang_string('numminutes', '', 15),
  74                         1800 => new lang_string('numminutes', '', 30),
  75                         2700 => new lang_string('numminutes', '', 45),
  76                         3600 => new lang_string('numminutes', '', 60))));
  77  
  78      $temp->add(new admin_setting_configcheckbox('extendedusernamechars', new lang_string('extendedusernamechars', 'admin'), new lang_string('configextendedusernamechars', 'admin'), 0));
  79  
  80      $temp->add(new admin_setting_configcheckbox('extendedusernamechars', new lang_string('extendedusernamechars', 'admin'), new lang_string('configextendedusernamechars', 'admin'), 0));
  81      $temp->add(new admin_setting_configcheckbox('keeptagnamecase', new lang_string('keeptagnamecase','admin'),new lang_string('configkeeptagnamecase', 'admin'),'1'));
  82  
  83      $temp->add(new admin_setting_configcheckbox('profilesforenrolledusersonly', new lang_string('profilesforenrolledusersonly','admin'),new lang_string('configprofilesforenrolledusersonly', 'admin'),'1'));
  84  
  85      $temp->add(new admin_setting_configcheckbox('cronclionly', new lang_string('cronclionly', 'admin'), new lang_string
  86              ('configcronclionly', 'admin'), 1));
  87      $temp->add(new admin_setting_configpasswordunmask('cronremotepassword', new lang_string('cronremotepassword', 'admin'), new lang_string('configcronremotepassword', 'admin'), ''));
  88      $temp->add(new admin_setting_configcheckbox('tool_task/enablerunnow', new lang_string('enablerunnow', 'tool_task'),
  89              new lang_string('enablerunnow_desc', 'tool_task'), 1));
  90  
  91      $options = array(0=>get_string('no'), 3=>3, 5=>5, 7=>7, 10=>10, 20=>20, 30=>30, 50=>50, 100=>100);
  92      $temp->add(new admin_setting_configselect('lockoutthreshold', new lang_string('lockoutthreshold', 'admin'), new lang_string('lockoutthreshold_desc', 'admin'), 0, $options));
  93      $temp->add(new admin_setting_configduration('lockoutwindow', new lang_string('lockoutwindow', 'admin'), new lang_string('lockoutwindow_desc', 'admin'), 60*30));
  94      $temp->add(new admin_setting_configduration('lockoutduration', new lang_string('lockoutduration', 'admin'), new lang_string('lockoutduration_desc', 'admin'), 60*30));
  95  
  96      $temp->add(new admin_setting_configcheckbox('passwordpolicy', new lang_string('passwordpolicy', 'admin'), new lang_string('configpasswordpolicy', 'admin'), 1));
  97      $temp->add(new admin_setting_configtext('minpasswordlength', new lang_string('minpasswordlength', 'admin'), new lang_string('configminpasswordlength', 'admin'), 8, PARAM_INT));
  98      $temp->add(new admin_setting_configtext('minpassworddigits', new lang_string('minpassworddigits', 'admin'), new lang_string('configminpassworddigits', 'admin'), 1, PARAM_INT));
  99      $temp->add(new admin_setting_configtext('minpasswordlower', new lang_string('minpasswordlower', 'admin'), new lang_string('configminpasswordlower', 'admin'), 1, PARAM_INT));
 100      $temp->add(new admin_setting_configtext('minpasswordupper', new lang_string('minpasswordupper', 'admin'), new lang_string('configminpasswordupper', 'admin'), 1, PARAM_INT));
 101      $temp->add(new admin_setting_configtext('minpasswordnonalphanum', new lang_string('minpasswordnonalphanum', 'admin'), new lang_string('configminpasswordnonalphanum', 'admin'), 1, PARAM_INT));
 102      $temp->add(new admin_setting_configtext('maxconsecutiveidentchars', new lang_string('maxconsecutiveidentchars', 'admin'), new lang_string('configmaxconsecutiveidentchars', 'admin'), 0, PARAM_INT));
 103      $temp->add(new admin_setting_configcheckbox('passwordpolicycheckonlogin',
 104          new lang_string('passwordpolicycheckonlogin', 'admin'),
 105          new lang_string('configpasswordpolicycheckonlogin', 'admin'), 0));
 106  
 107      $temp->add(new admin_setting_configtext('passwordreuselimit',
 108          new lang_string('passwordreuselimit', 'admin'),
 109          new lang_string('passwordreuselimit_desc', 'admin'), 0, PARAM_INT));
 110  
 111      $pwresetoptions = array(
 112          300 => new lang_string('numminutes', '', 5),
 113          900 => new lang_string('numminutes', '', 15),
 114          1800 => new lang_string('numminutes', '', 30),
 115          2700 => new lang_string('numminutes', '', 45),
 116          3600 => new lang_string('numminutes', '', 60),
 117          7200 => new lang_string('numminutes', '', 120),
 118          14400 => new lang_string('numminutes', '', 240)
 119      );
 120      $adminsetting = new admin_setting_configselect(
 121              'pwresettime',
 122              new lang_string('passwordresettime','admin'),
 123              new lang_string('configpasswordresettime','admin'),
 124              1800,
 125              $pwresetoptions);
 126      $temp->add($adminsetting);
 127      $temp->add(new admin_setting_configcheckbox('passwordchangelogout',
 128          new lang_string('passwordchangelogout', 'admin'),
 129          new lang_string('passwordchangelogout_desc', 'admin'), 0));
 130  
 131      $temp->add(new admin_setting_configcheckbox('passwordchangetokendeletion',
 132          new lang_string('passwordchangetokendeletion', 'admin'),
 133          new lang_string('passwordchangetokendeletion_desc', 'admin'), 0));
 134  
 135      $temp->add(new admin_setting_configduration('tokenduration',
 136          new lang_string('tokenduration', 'admin'),
 137          new lang_string('tokenduration_desc', 'admin'), 12 * WEEKSECS, WEEKSECS));
 138  
 139      $temp->add(new admin_setting_configcheckbox('groupenrolmentkeypolicy', new lang_string('groupenrolmentkeypolicy', 'admin'), new lang_string('groupenrolmentkeypolicy_desc', 'admin'), 1));
 140      $temp->add(new admin_setting_configcheckbox('disableuserimages', new lang_string('disableuserimages', 'admin'), new lang_string('configdisableuserimages', 'admin'), 0));
 141      $temp->add(new admin_setting_configcheckbox('emailchangeconfirmation', new lang_string('emailchangeconfirmation', 'admin'), new lang_string('configemailchangeconfirmation', 'admin'), 1));
 142      $temp->add(new admin_setting_configselect('rememberusername', new lang_string('rememberusername','admin'), new lang_string('rememberusername_desc','admin'), 2, array(1=>new lang_string('yes'), 0=>new lang_string('no'), 2=>new lang_string('optional'))));
 143      $temp->add(new admin_setting_configcheckbox('strictformsrequired', new lang_string('strictformsrequired', 'admin'), new lang_string('configstrictformsrequired', 'admin'), 0));
 144      $ADMIN->add('security', $temp);
 145  
 146  
 147  
 148  
 149      // "httpsecurity" settingpage
 150      $temp = new admin_settingpage('httpsecurity', new lang_string('httpsecurity', 'admin'));
 151  
 152      $temp->add(new admin_setting_configcheckbox('cookiesecure', new lang_string('cookiesecure', 'admin'), new lang_string('configcookiesecure', 'admin'), 1));
 153      $temp->add(new admin_setting_configcheckbox('cookiehttponly', new lang_string('cookiehttponly', 'admin'), new lang_string('configcookiehttponly', 'admin'), 0));
 154      $temp->add(new admin_setting_configcheckbox('allowframembedding', new lang_string('allowframembedding', 'admin'), new lang_string('allowframembedding_help', 'admin'), 0));
 155  
 156      // Settings elements used by the \core\files\curl_security_helper class.
 157      $temp->add(new admin_setting_configmixedhostiplist('curlsecurityblockedhosts',
 158                 new lang_string('curlsecurityblockedhosts', 'admin'),
 159                 new lang_string('curlsecurityblockedhostssyntax', 'admin'), ""));
 160      $temp->add(new admin_setting_configportlist('curlsecurityallowedport',
 161                 new lang_string('curlsecurityallowedport', 'admin'),
 162                 new lang_string('curlsecurityallowedportsyntax', 'admin'), ""));
 163  
 164      // HTTP Header referrer policy settings.
 165      $referreroptions = [
 166          'default' => get_string('referrernone', 'admin'),
 167          'no-referrer' => 'no-referrer',
 168          'no-referrer-when-downgrade' => 'no-referrer-when-downgrade',
 169          'origin' => 'origin',
 170          'origin-when-cross-origin' => 'origin-when-cross-origin',
 171          'same-origin' => 'same-origin',
 172          'strict-origin' => 'strict-origin',
 173          'strict-origin-when-cross-origin' => 'strict-origin-when-cross-origin',
 174          'unsafe-url' => 'unsafe-url',
 175      ];
 176      $temp->add(new admin_setting_configselect('referrerpolicy',
 177              new lang_string('referrerpolicy', 'admin'),
 178              new lang_string('referrerpolicydesc', 'admin'), 'default', $referreroptions));
 179  
 180      $ADMIN->add('security', $temp);
 181  
 182      // "notifications" settingpage
 183      $temp = new admin_settingpage('notifications', new lang_string('notifications', 'admin'));
 184      $temp->add(new admin_setting_configcheckbox('displayloginfailures', new lang_string('displayloginfailures', 'admin'),
 185              new lang_string('configdisplayloginfailures', 'admin'), 0));
 186      $temp->add(new admin_setting_users_with_capability('notifyloginfailures', new lang_string('notifyloginfailures', 'admin'), new lang_string('confignotifyloginfailures', 'admin'), array(), 'moodle/site:config'));
 187      $options = array();
 188      for ($i = 1; $i <= 100; $i++) {
 189          $options[$i] = $i;
 190      }
 191      $temp->add(new admin_setting_configselect('notifyloginthreshold', new lang_string('notifyloginthreshold', 'admin'), new lang_string('confignotifyloginthreshold', 'admin'), '10', $options));
 192      $ADMIN->add('security', $temp);
 193  } // end of speedup