Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]

   1  <?php
   2  
   3  // Allows the admin to control user logins from remote moodles.
   4  
   5  require_once(__DIR__ . '/../../config.php');
   6  require_once($CFG->libdir.'/adminlib.php');
   7  include_once($CFG->dirroot.'/mnet/lib.php');
   8  
   9  $sort         = optional_param('sort', 'username', PARAM_ALPHAEXT);
  10  $dir          = optional_param('dir', 'ASC', PARAM_ALPHA);
  11  $page         = optional_param('page', 0, PARAM_INT);
  12  $perpage      = optional_param('perpage', 30, PARAM_INT);
  13  $action       = trim(strtolower(optional_param('action', '', PARAM_ALPHA)));
  14  
  15  admin_externalpage_setup('ssoaccesscontrol');
  16  
  17  if (!extension_loaded('openssl')) {
  18      throw new \moodle_exception('requiresopenssl', 'mnet');
  19  }
  20  
  21  $sitecontext = context_system::instance();
  22  $sesskey = sesskey();
  23  $formerror = array();
  24  
  25  // grab the mnet hosts and remove the localhost
  26  $mnethosts = $DB->get_records_menu('mnet_host', array(), 'name', 'id, name');
  27  if (array_key_exists($CFG->mnet_localhost_id, $mnethosts)) {
  28      unset($mnethosts[$CFG->mnet_localhost_id]);
  29  }
  30  
  31  
  32  
  33  // process actions
  34  if (!empty($action) and confirm_sesskey()) {
  35  
  36      // boot if insufficient permission
  37      if (!has_capability('moodle/user:delete', $sitecontext)) {
  38          throw new \moodle_exception('nomodifyacl', 'mnet');
  39      }
  40  
  41      // fetch the record in question
  42      $id = required_param('id', PARAM_INT);
  43      if (!$idrec = $DB->get_record('mnet_sso_access_control', array('id'=>$id))) {
  44          throw new \moodle_exception('recordnoexists', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  45      }
  46  
  47      switch ($action) {
  48  
  49          case "delete":
  50              $DB->delete_records('mnet_sso_access_control', array('id'=>$id));
  51              redirect('access_control.php', get_string('deleteuserrecord', 'mnet', array('user'=>$idrec->username, 'host'=>$mnethosts[$idrec->mnet_host_id])));
  52              break;
  53  
  54          case "acl":
  55  
  56              // require the access parameter, and it must be 'allow' or 'deny'
  57              $accessctrl = trim(strtolower(required_param('accessctrl', PARAM_ALPHA)));
  58              if ($accessctrl != 'allow' and $accessctrl != 'deny') {
  59                  throw new \moodle_exception('invalidaccessparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  60              }
  61  
  62              if (mnet_update_sso_access_control($idrec->username, $idrec->mnet_host_id, $accessctrl)) {
  63                  if ($accessctrl == 'allow') {
  64                      redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user' => $idrec->username,
  65                          'host' => $mnethosts[$idrec->mnet_host_id])));
  66                  } else if ($accessctrl == 'deny') {
  67                      redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user' => $idrec->username,
  68                          'host' => $mnethosts[$idrec->mnet_host_id])));
  69                  }
  70              }
  71              break;
  72  
  73          default:
  74              throw new \moodle_exception('invalidactionparam', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  75      }
  76  }
  77  
  78  
  79  
  80  // process the form results
  81  if ($form = data_submitted() and confirm_sesskey()) {
  82  
  83      // check permissions and verify form input
  84      if (!has_capability('moodle/user:delete', $sitecontext)) {
  85          throw new \moodle_exception('nomodifyacl', 'mnet', "$CFG->wwwroot/$CFG->admin/mnet/access_control.php");
  86      }
  87      if (empty($form->username)) {
  88          $formerror['username'] = get_string('enterausername','mnet');
  89      }
  90      if (empty($form->mnet_host_id)) {
  91          $formerror['mnet_host_id'] = get_string('selectahost','mnet');
  92      }
  93      if (empty($form->accessctrl)) {
  94          $formerror['accessctrl'] = get_string('selectaccesslevel','mnet'); ;
  95      }
  96  
  97      // process if there are no errors
  98      if (count($formerror) == 0) {
  99  
 100          // username can be a comma separated list
 101          $usernames = explode(',', $form->username);
 102  
 103          foreach ($usernames as $username) {
 104              $username = trim(core_text::strtolower($username));
 105              if (!empty($username)) {
 106                  if (mnet_update_sso_access_control($username, $form->mnet_host_id, $form->accessctrl)) {
 107                      if ($form->accessctrl == 'allow') {
 108                          redirect('access_control.php', get_string('ssl_acl_allow','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
 109                      } elseif ($form->accessctrl == 'deny') {
 110                          redirect('access_control.php', get_string('ssl_acl_deny','mnet', array('user'=>$username, 'host'=>$mnethosts[$form->mnet_host_id])));
 111                      }
 112                  }
 113              }
 114          }
 115      }
 116      exit;
 117  }
 118  
 119  echo $OUTPUT->header();
 120  
 121  // Explain
 122  echo $OUTPUT->box(get_string('ssoacldescr','mnet'));
 123  // Are the needed bits enabled?
 124  $warn = '';
 125  if (empty($CFG->mnet_dispatcher_mode) || $CFG->mnet_dispatcher_mode !== 'strict') {
 126      $warn = '<p>' . get_string('mnetdisabled','mnet') .'</p>';
 127  }
 128  
 129  if (!is_enabled_auth('mnet')) {
 130      $warn .= '<p>' .  get_string('authmnetdisabled','mnet').'</p>';
 131  }
 132  
 133  if (!empty($warn)) {
 134      $warn = '<p>' .  get_string('ssoaclneeds','mnet').'</p>' . $warn;
 135      echo $OUTPUT->box($warn);
 136  }
 137  // output the ACL table
 138  $columns = array("username", "mnet_host_id", "access", "delete");
 139  $headings = array();
 140  $string = array('username'     => get_string('username'),
 141                  'mnet_host_id' => get_string('remotehost', 'mnet'),
 142                  'access'       => get_string('accesslevel', 'mnet'),
 143                  'delete'       => get_string('delete'));
 144  foreach ($columns as $column) {
 145      if ($sort != $column) {
 146          $columnicon = "";
 147          $columndir = "ASC";
 148      } else {
 149          $columndir = $dir == "ASC" ? "DESC" : "ASC";
 150          $columnicon = $dir == "ASC" ? "down" : "up";
 151          $columnicon = " " . $OUTPUT->pix_icon('t/' . $columnicon, get_string('sort'));
 152      }
 153      $headings[$column] = "<a href=\"?sort=$column&amp;dir=$columndir&amp;\">".$string[$column]."</a>$columnicon";
 154  }
 155  $headings['delete'] = '';
 156  
 157  $sortorder = get_safe_orderby([
 158      'username' => 'username',
 159      'mnet_host_id' => 'mnet_host_id',
 160      'access' => 'accessctrl',
 161      'default' => 'username',
 162  ], $sort, $dir, false);
 163  
 164  $acl = $DB->get_records('mnet_sso_access_control', null, $sortorder);
 165  $aclcount = $DB->count_records('mnet_sso_access_control');
 166  
 167  if (!$acl) {
 168      echo $OUTPUT->heading(get_string('noaclentries','mnet'));
 169      $table = NULL;
 170  } else {
 171      $table = new html_table();
 172      $table->head = $headings;
 173      $table->align = array('left', 'left', 'center');
 174      $table->width = "95%";
 175      foreach ($acl as $aclrecord) {
 176          if ($aclrecord->accessctrl == 'allow') {
 177              $accesscolumn = get_string('allow', 'mnet')
 178                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=deny&amp;sesskey=".sesskey()."\">"
 179                  . get_string('deny', 'mnet') . "</a>)";
 180          } else {
 181              $accesscolumn = get_string('deny', 'mnet')
 182                  . " (<a href=\"?id={$aclrecord->id}&amp;action=acl&amp;accessctrl=allow&amp;sesskey=".sesskey()."\">"
 183                  . get_string('allow', 'mnet') . "</a>)";
 184          }
 185          $deletecolumn = "<a href=\"?id={$aclrecord->id}&amp;action=delete&amp;sesskey=".sesskey()."\">"
 186                  . get_string('delete') . "</a>";
 187          $table->data[] = array (s($aclrecord->username), $aclrecord->mnet_host_id, $accesscolumn, $deletecolumn);
 188      }
 189  }
 190  
 191  if (!empty($table)) {
 192      echo html_writer::table($table);
 193      echo '<p>&nbsp;</p>';
 194      $baseurl = new moodle_url('/admin/mnet/access_control.php', array('sort' => $sort, 'dir' => $dir, 'perpage' => $perpage));
 195      echo $OUTPUT->paging_bar($aclcount, $page, $perpage, $baseurl);
 196  }
 197  
 198  
 199  
 200  // output the add form
 201  echo $OUTPUT->box_start();
 202  
 203  ?>
 204   <div class="mnetaddtoaclform">
 205    <form id="mnetaddtoacl" method="post">
 206      <input type="hidden" name="sesskey" value="<?php echo $sesskey; ?>" />
 207  <?php
 208  
 209  // enter a username
 210  echo get_string('username') . ":\n";
 211  if (!empty($formerror['username'])) {
 212      echo '<span class="error"> * </span>';
 213  }
 214  echo html_writer::label(get_string('username'), 'menuusername', false, array('class' => 'accesshide'));
 215  echo '<input id="menuusername" type="text" name="username" size="20" maxlength="100" />';
 216  
 217  // choose a remote host
 218  echo " " . html_writer::label(get_string('remotehost', 'mnet'), 'menumnet_host_id') . ":\n";
 219  if (!empty($formerror['mnet_host_id'])) {
 220      echo '<span class="error"> * </span>';
 221  }
 222  echo html_writer::select($mnethosts, 'mnet_host_id');
 223  
 224  // choose an access level
 225  echo " " . html_writer::label(get_string('accesslevel', 'mnet'), 'menuaccessctrl') . ":\n";
 226  if (!empty($formerror['accessctrl'])) {
 227      echo '<span class="error"> * </span>';
 228  }
 229  $accessmenu['allow'] = get_string('allow', 'mnet');
 230  $accessmenu['deny'] = get_string('deny', 'mnet');
 231  echo html_writer::select($accessmenu, 'accessctrl');
 232  
 233  // submit button
 234  echo '<input type="submit" value="' . get_string('addtoacl', 'mnet') . '" />';
 235  echo "</form></div>\n";
 236  
 237  // print errors
 238  foreach ($formerror as $error) {
 239      echo "<br><span class=\"error\">$error<span>";
 240  }
 241  
 242  echo $OUTPUT->box_end();
 243  echo $OUTPUT->footer();