Differences Between: [Versions 310 and 400] [Versions 311 and 400] [Versions 39 and 400] [Versions 400 and 401] [Versions 400 and 402] [Versions 400 and 403]
1 <?php 2 3 // Designed to be redirected from moodle/login/index.php 4 5 require('../../config.php'); 6 7 $context = context_system::instance(); 8 $PAGE->set_url('/auth/shibboleth/index.php'); 9 $PAGE->set_context($context); 10 11 // Support for WAYFless URLs. 12 $target = optional_param('target', '', PARAM_LOCALURL); 13 if (!empty($target) && empty($SESSION->wantsurl)) { 14 $SESSION->wantsurl = $target; 15 } 16 17 if (isloggedin() && !isguestuser()) { // Nothing to do 18 if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) { 19 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site 20 unset($SESSION->wantsurl); 21 22 } else { 23 $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page 24 unset($SESSION->wantsurl); /// Just in case 25 } 26 27 redirect($urltogo); 28 29 } 30 31 $pluginconfig = get_config('auth_shibboleth'); 32 $shibbolethauth = get_auth_plugin('shibboleth'); 33 34 // Check whether Shibboleth is configured properly 35 $readmeurl = (new moodle_url('/auth/shibboleth/README.txt'))->out(); 36 if (empty($pluginconfig->user_attribute)) { 37 print_error('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl); 38 } 39 40 /// If we can find the Shibboleth attribute, save it in session and return to main login page 41 if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login 42 $frm = new stdClass(); 43 $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]); 44 // The password is never actually used, but needs to be passed to the functions 'user_login' and 45 // 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is 46 // used when setting the password in 'update_internal_user_password'. When 'prevent_local_password' 47 // returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However, 48 // rather than setting the password to a hard-coded value, we will generate one each time, in case there are 49 // changes to the Shibboleth plugin and it is actually used. 50 $frm->password = generate_password(8); 51 52 /// Check if the user has actually submitted login data to us 53 $reason = null; 54 55 if ($shibbolethauth->user_login($frm->username, $frm->password) 56 && $user = authenticate_user_login($frm->username, $frm->password, false, $reason, false)) { 57 complete_user_login($user); 58 59 if (user_not_fully_set_up($USER, true)) { 60 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID; 61 // We don't delete $SESSION->wantsurl yet, so we get there later 62 63 } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) { 64 $urltogo = $SESSION->wantsurl; /// Because it's an address in this site 65 unset($SESSION->wantsurl); 66 67 } else { 68 $urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page 69 unset($SESSION->wantsurl); /// Just in case 70 } 71 72 /// Go to my-moodle page instead of homepage if defaulthomepage enabled 73 if (!has_capability('moodle/site:config', 74 context_system::instance()) and !empty($CFG->defaulthomepage) and !isguestuser()) { 75 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') { 76 if ($CFG->defaulthomepage == HOMEPAGE_MY && !empty($CFG->enabledashboard)) { 77 $urltogo = $CFG->wwwroot.'/my/'; 78 } else if ($CFG->defaulthomepage == HOMEPAGE_MYCOURSES) { 79 $urltogo = $CFG->wwwroot.'/my/courses.php'; 80 } 81 } 82 } 83 84 redirect($urltogo); 85 86 exit; 87 } 88 89 else { 90 // The Shibboleth user couldn't be mapped to a valid Moodle user 91 print_error('shib_invalid_account_error', 'auth_shibboleth'); 92 } 93 } 94 95 // If we can find any (user independent) Shibboleth attributes but no user 96 // attributes we probably didn't receive any user attributes 97 elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) { 98 print_error('shib_no_attributes_error', 'auth_shibboleth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\''); 99 } else { 100 print_error('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl); 101 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body