Search moodle.org's
Developer Documentation
Developer Documentation
- Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
- Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
- PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.
/admin/mnet/ -> access_control.php (source)
Differences Between: [Versions 310 and 400] [Versions 311 and 400] [Versions 39 and 400] [Versions 400 and 401] [Versions 400 and 402] [Versions 400 and 403]
1 <?php 2 3 // Allows the admin to control user logins from remote moodles. 4 5 require_once(__DIR__ . '/../../config.php'); 6 require_once($CFG->libdir.'/adminlib.php'); 7 include_once($CFG->dirroot.'/mnet/lib.php'); 8 9 $sort = optional_param('sort', 'username', PARAM_ALPHAEXT); 10 $dir = optional_param('dir', 'ASC', PARAM_ALPHA); 11 $page = optional_param('page', 0, PARAM_INT); 12 $perpage = optional_param('perpage', 30, PARAM_INT); 13 $action = trim(strtolower(optional_param('action', '', PARAM_ALPHA))); 14 15 admin_externalpage_setup('ssoaccesscontrol'); 16 17 if (!extension_loaded('openssl')) { 18 print_error('requiresopenssl', 'mnet'); 19 } 20 21 $sitecontext = context_system::instance(); 22 $sesskey = sesskey(); 23 $formerror = array(); 24 25 // grab the mnet hosts and remove the localhost 26 $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name'); 27 if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) { 28 unset($mnethosts[$CFG->mnet_localhost_id]); 29 } 30 31 32 33 // process actions 34 if (!empty($action) and confirm_sesskey()) { 35 36 // boot if insufficient permission 37 if (!has_capability('moodle/user:delete', $sitecontext)) { 38 print_error('nomodifyacl','mnet'); 39 } 40 41 // fetch the record in question 42 $id = required_param('id', PARAM_INT); 43 if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) { 44 print_error('recordnoexists','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 45 } 46 47 switch ($action) { 48 49 case "delete": 50 $DB->delete_records('mnet_sso_access_control', array('id'=>$id)); 51 redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id]))); 52 break; 53 54 case "acl": 55 56 // require the access parameter, and it must be 'allow' or 'deny' 57 $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA))); 58 if ($accessctrl != 'allow' and $accessctrl != 'deny') { 59 print_error('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 60 } 61 62 if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) { 63 if ($accessctrl == 'allow') { 64 redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username, 65 'host' => $mnethosts[$idrec->mnet_host_id]))); 66 } else if ($accessctrl == 'deny') { 67 redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username, 68 'host' => $mnethosts[$idrec->mnet_host_id]))); 69 } 70 } 71 break; 72 73 default: 74 print_error('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 75 } 76 } 77 78 79 80 // process the form results 81 if ($form = data_submitted() and confirm_sesskey()) { 82 83 // check permissions and verify form input 84 if (!has_capability('moodle/user:delete', $sitecontext)) { 85 print_error('nomodifyacl','mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php"); 86 } 87 if (empty($form->username)) { 88 $formerror['username'] = get_string('enterausername','mnet'); 89 } 90 if (empty($form->mnet_host_id)) { 91 $formerror['mnet_host_id'] = get_string('selectahost','mnet'); 92 } 93 if (empty($form->accessctrl)) { 94 $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ; 95 } 96 97 // process if there are no errors 98 if (count($formerror) == 0) { 99 100 // username can be a comma separated list 101 $usernames = explode(',', $form->username); 102 103 foreach ($usernames as $username) { 104 $username = trim(core_text::strtolower($username)); 105 if (!empty($username)) { 106 if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) { 107 if ($form->accessctrl == 'allow') { 108 redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id]))); 109 } elseif ($form->accessctrl == 'deny') { 110 redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id]))); 111 } 112 } 113 } 114 } 115 } 116 exit; 117 } 118 119 echo $OUTPUT->header(); 120 echo $OUTPUT->render(mnet_get_deprecation_notice()); 121 122 // Explain 123 echo $OUTPUT->box(get_string('ssoacldescr','mnet')); 124 // Are the needed bits enabled? 125 $warn = ''; 126 if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') { 127 $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>'; 128 } 129 130 if (!is_enabled_auth('mnet')) { 131 $warn .= '<p>' . get_string('authmnetdisabled','mnet').'</p>'; 132 } 133 134 if (!empty($warn)) { 135 $warn = '<p>' . get_string('ssoaclneeds','mnet').'</p>' . $warn; 136 echo $OUTPUT->box($warn); 137 } 138 // output the ACL table 139 $columns = array("username", "mnet_host_id", "access", "delete"); 140 $headings = array(); 141 $string = array('username' => get_string('username'), 142 'mnet_host_id' => get_string('remotehost', 'mnet'), 143 'access' => get_string('accesslevel', 'mnet'), 144 'delete' => get_string('delete')); 145 foreach ($columns as $column) { 146 if ($sort != $column) { 147 $columnicon = ""; 148 $columndir = "ASC"; 149 } else { 150 $columndir = $dir == "ASC" ? "DESC" : "ASC"; 151 $columnicon = $dir == "ASC" ? "down" : "up"; 152 $columnicon = " " . $OUTPUT->pix_icon('t/' . $columnicon, get_string('sort')); 153 } 154 $headings[$column] = "<a href=\"?sort=$column&dir=$columndir&\">".$string[$column]."</a>$columnicon"; 155 } 156 $headings['delete'] = ''; 157 158 $sortorder = get_safe_orderby([ 159 'username' => 'username', 160 'mnet_host_id' => 'mnet_host_id', 161 'access' => 'accessctrl', 162 'default' => 'username', 163 ], $sort, $dir, false); 164 165 $acl = $DB->get_records('mnet_sso_access_control', null, $sortorder); 166 $aclcount = $DB->count_records('mnet_sso_access_control'); 167 168 if (!$acl) { 169 echo $OUTPUT->heading(get_string('noaclentries','mnet')); 170 $table = NULL; 171 } else { 172 $table = new html_table(); 173 $table->head = $headings; 174 $table->align = array('left', 'left', 'center'); 175 $table->width = "95%"; 176 foreach ($acl as $aclrecord) { 177 if ($aclrecord->accessctrl == 'allow') { 178 $accesscolumn = get_string('allow', 'mnet') 179 . " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=deny&sesskey=".sesskey()."\">" 180 . get_string('deny', 'mnet') . "</a>)"; 181 } else { 182 $accesscolumn = get_string('deny', 'mnet') 183 . " (<a href=\"?id={$aclrecord->id}&action=acl&accessctrl=allow&sesskey=".sesskey()."\">" 184 . get_string('allow', 'mnet') . "</a>)"; 185 } 186 $deletecolumn = "<a href=\"?id={$aclrecord->id}&action=delete&sesskey=".sesskey()."\">" 187 . get_string('delete') . "</a>"; 188 $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn); 189 } 190 } 191 192 if (!empty($table)) { 193 echo html_writer::table($table); 194 echo '<p> </p>'; 195 $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage)); 196 echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl); 197 } 198 199 200 201 // output the add form 202 echo $OUTPUT->box_start(); 203 204 ?> 205 <div class="mnetaddtoaclform"> 206 <form id="mnetaddtoacl" method="post"> 207 <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" /> 208 <?php 209 210 // enter a username 211 echo get_string('username') . ":\n"; 212 if (!empty($formerror['username'])) { 213 echo '<span class="error"> * </span>'; 214 } 215 echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide')); 216 echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />'; 217 218 // choose a remote host 219 echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n"; 220 if (!empty($formerror['mnet_host_id'])) { 221 echo '<span class="error"> * </span>'; 222 } 223 echo html_writer::select($mnethosts, 'mnet_host_id'); 224 225 // choose an access level 226 echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n"; 227 if (!empty($formerror['accessctrl'])) { 228 echo '<span class="error"> * </span>'; 229 } 230 $accessmenu['allow'] = get_string('allow', 'mnet'); 231 $accessmenu['deny'] = get_string('deny', 'mnet'); 232 echo html_writer::select($accessmenu, 'accessctrl'); 233 234 // submit button 235 echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />'; 236 echo "</form></div>\n"; 237 238 // print errors 239 foreach ($formerror as $error) { 240 echo "<br><span class=\"error\">$error<span>"; 241 } 242 243 echo $OUTPUT->box_end(); 244 echo $OUTPUT->footer();
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
