See Release Notes
Long Term Support Release
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401] [Versions 401 and 402] [Versions 401 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Adds security related settings links for security category to admin tree. 19 * 20 * @copyright 1999 Martin Dougiamas http://dougiamas.com 21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 22 */ 23 24 defined('MOODLE_INTERNAL') || die(); 25 26 use core_admin\local\settings\filesize; 27 28 if ($hassiteconfig) { // speedup for non-admins, add all caps used on this page 29 30 // "ip blocker" settingpage 31 $temp = new admin_settingpage('ipblocker', new lang_string('ipblocker', 'admin')); 32 $temp->add(new admin_setting_configcheckbox('allowbeforeblock', new lang_string('allowbeforeblock', 'admin'), new lang_string('allowbeforeblockdesc', 'admin'), 0)); 33 $temp->add(new admin_setting_configiplist('allowedip', new lang_string('allowediplist', 'admin'), 34 new lang_string('ipblockersyntax', 'admin'), '')); 35 $temp->add(new admin_setting_configiplist('blockedip', new lang_string('blockediplist', 'admin'), 36 new lang_string('ipblockersyntax', 'admin'), '')); 37 $ADMIN->add('security', $temp); 38 39 // "sitepolicies" settingpage 40 $temp = new admin_settingpage('sitepolicies', new lang_string('sitepolicies', 'admin')); 41 $temp->add(new admin_setting_configcheckbox('protectusernames', new lang_string('protectusernames', 'admin'), new lang_string('configprotectusernames', 'admin'), 1)); 42 $temp->add(new admin_setting_configcheckbox('forcelogin', new lang_string('forcelogin', 'admin'), new lang_string('configforcelogin', 'admin'), 0)); 43 $temp->add(new admin_setting_configcheckbox('forceloginforprofiles', new lang_string('forceloginforprofiles', 'admin'), new lang_string('configforceloginforprofiles', 'admin'), 1)); 44 $temp->add(new admin_setting_configcheckbox('forceloginforprofileimage', new lang_string('forceloginforprofileimage', 'admin'), new lang_string('forceloginforprofileimage_help', 'admin'), 0)); 45 $temp->add(new admin_setting_configcheckbox('opentowebcrawlers', new lang_string('opentowebcrawlers', 'admin'), new lang_string('configopentowebcrawlers', 'admin'), 0)); 46 $temp->add(new admin_setting_configselect('allowindexing', new lang_string('allowindexing', 'admin'), new lang_string('allowindexing_desc', 'admin'), 47 0, 48 array(0 => new lang_string('allowindexingexceptlogin', 'admin'), 49 1 => new lang_string('allowindexingeverywhere', 'admin'), 50 2 => new lang_string('allowindexingnowhere', 'admin')))); 51 $temp->add(new admin_setting_pickroles('profileroles', 52 new lang_string('profileroles','admin'), 53 new lang_string('configprofileroles', 'admin'), 54 array('student', 'teacher', 'editingteacher'))); 55 56 $maxbytes = 0; 57 if (!empty($CFG->maxbytes)) { 58 $maxbytes = $CFG->maxbytes; 59 } 60 $max_upload_choices = get_max_upload_sizes(0, 0, 0, $maxbytes); 61 // maxbytes set to 0 will allow the maximum server limit for uploads 62 $temp->add(new admin_setting_configselect('maxbytes', new lang_string('maxbytes', 'admin'), new lang_string('configmaxbytes', 'admin'), 0, $max_upload_choices)); 63 // 100MB 64 $defaultuserquota = 100 * filesize::UNIT_MB; 65 $temp->add(new filesize('userquota', new lang_string('userquota', 'admin'), 66 new lang_string('userquota_desc', 'admin'), $defaultuserquota)); 67 68 $temp->add(new admin_setting_configcheckbox('allowobjectembed', new lang_string('allowobjectembed', 'admin'), new lang_string('configallowobjectembed', 'admin'), 0)); 69 $temp->add(new admin_setting_configcheckbox('enabletrusttext', new lang_string('enabletrusttext', 'admin'), new lang_string('configenabletrusttext', 'admin'), 0)); 70 $temp->add(new admin_setting_configselect('maxeditingtime', new lang_string('maxeditingtime','admin'), new lang_string('configmaxeditingtime','admin'), 1800, 71 array(60 => new lang_string('numminutes', '', 1), 72 300 => new lang_string('numminutes', '', 5), 73 900 => new lang_string('numminutes', '', 15), 74 1800 => new lang_string('numminutes', '', 30), 75 2700 => new lang_string('numminutes', '', 45), 76 3600 => new lang_string('numminutes', '', 60)))); 77 78 $temp->add(new admin_setting_configcheckbox('extendedusernamechars', new lang_string('extendedusernamechars', 'admin'), new lang_string('configextendedusernamechars', 'admin'), 0)); 79 80 $temp->add(new admin_setting_configcheckbox('extendedusernamechars', new lang_string('extendedusernamechars', 'admin'), new lang_string('configextendedusernamechars', 'admin'), 0)); 81 $temp->add(new admin_setting_configcheckbox('keeptagnamecase', new lang_string('keeptagnamecase','admin'),new lang_string('configkeeptagnamecase', 'admin'),'1')); 82 83 $temp->add(new admin_setting_configcheckbox('profilesforenrolledusersonly', new lang_string('profilesforenrolledusersonly','admin'),new lang_string('configprofilesforenrolledusersonly', 'admin'),'1')); 84 85 $temp->add(new admin_setting_configcheckbox('cronclionly', new lang_string('cronclionly', 'admin'), new lang_string 86 ('configcronclionly', 'admin'), 1)); 87 $temp->add(new admin_setting_configpasswordunmask('cronremotepassword', new lang_string('cronremotepassword', 'admin'), new lang_string('configcronremotepassword', 'admin'), '')); 88 $temp->add(new admin_setting_configcheckbox('tool_task/enablerunnow', new lang_string('enablerunnow', 'tool_task'), 89 new lang_string('enablerunnow_desc', 'tool_task'), 1)); 90 91 $options = array(0=>get_string('no'), 3=>3, 5=>5, 7=>7, 10=>10, 20=>20, 30=>30, 50=>50, 100=>100); 92 $temp->add(new admin_setting_configselect('lockoutthreshold', new lang_string('lockoutthreshold', 'admin'), new lang_string('lockoutthreshold_desc', 'admin'), 0, $options)); 93 $temp->add(new admin_setting_configduration('lockoutwindow', new lang_string('lockoutwindow', 'admin'), new lang_string('lockoutwindow_desc', 'admin'), 60*30)); 94 $temp->add(new admin_setting_configduration('lockoutduration', new lang_string('lockoutduration', 'admin'), new lang_string('lockoutduration_desc', 'admin'), 60*30)); 95 96 $temp->add(new admin_setting_configcheckbox('passwordpolicy', new lang_string('passwordpolicy', 'admin'), new lang_string('configpasswordpolicy', 'admin'), 1)); 97 $temp->add(new admin_setting_configtext('minpasswordlength', new lang_string('minpasswordlength', 'admin'), new lang_string('configminpasswordlength', 'admin'), 8, PARAM_INT)); 98 $temp->add(new admin_setting_configtext('minpassworddigits', new lang_string('minpassworddigits', 'admin'), new lang_string('configminpassworddigits', 'admin'), 1, PARAM_INT)); 99 $temp->add(new admin_setting_configtext('minpasswordlower', new lang_string('minpasswordlower', 'admin'), new lang_string('configminpasswordlower', 'admin'), 1, PARAM_INT)); 100 $temp->add(new admin_setting_configtext('minpasswordupper', new lang_string('minpasswordupper', 'admin'), new lang_string('configminpasswordupper', 'admin'), 1, PARAM_INT)); 101 $temp->add(new admin_setting_configtext('minpasswordnonalphanum', new lang_string('minpasswordnonalphanum', 'admin'), new lang_string('configminpasswordnonalphanum', 'admin'), 1, PARAM_INT)); 102 $temp->add(new admin_setting_configtext('maxconsecutiveidentchars', new lang_string('maxconsecutiveidentchars', 'admin'), new lang_string('configmaxconsecutiveidentchars', 'admin'), 0, PARAM_INT)); 103 $temp->add(new admin_setting_configcheckbox('passwordpolicycheckonlogin', 104 new lang_string('passwordpolicycheckonlogin', 'admin'), 105 new lang_string('configpasswordpolicycheckonlogin', 'admin'), 0)); 106 107 $temp->add(new admin_setting_configtext('passwordreuselimit', 108 new lang_string('passwordreuselimit', 'admin'), 109 new lang_string('passwordreuselimit_desc', 'admin'), 0, PARAM_INT)); 110 111 $pwresetoptions = array( 112 300 => new lang_string('numminutes', '', 5), 113 900 => new lang_string('numminutes', '', 15), 114 1800 => new lang_string('numminutes', '', 30), 115 2700 => new lang_string('numminutes', '', 45), 116 3600 => new lang_string('numminutes', '', 60), 117 7200 => new lang_string('numminutes', '', 120), 118 14400 => new lang_string('numminutes', '', 240) 119 ); 120 $adminsetting = new admin_setting_configselect( 121 'pwresettime', 122 new lang_string('passwordresettime','admin'), 123 new lang_string('configpasswordresettime','admin'), 124 1800, 125 $pwresetoptions); 126 $temp->add($adminsetting); 127 $temp->add(new admin_setting_configcheckbox('passwordchangelogout', 128 new lang_string('passwordchangelogout', 'admin'), 129 new lang_string('passwordchangelogout_desc', 'admin'), 0)); 130 131 $temp->add(new admin_setting_configcheckbox('passwordchangetokendeletion', 132 new lang_string('passwordchangetokendeletion', 'admin'), 133 new lang_string('passwordchangetokendeletion_desc', 'admin'), 0)); 134 135 $temp->add(new admin_setting_configduration('tokenduration', 136 new lang_string('tokenduration', 'admin'), 137 new lang_string('tokenduration_desc', 'admin'), 12 * WEEKSECS, WEEKSECS)); 138 139 $temp->add(new admin_setting_configcheckbox('groupenrolmentkeypolicy', new lang_string('groupenrolmentkeypolicy', 'admin'), new lang_string('groupenrolmentkeypolicy_desc', 'admin'), 1)); 140 $temp->add(new admin_setting_configcheckbox('disableuserimages', new lang_string('disableuserimages', 'admin'), new lang_string('configdisableuserimages', 'admin'), 0)); 141 $temp->add(new admin_setting_configcheckbox('emailchangeconfirmation', new lang_string('emailchangeconfirmation', 'admin'), new lang_string('configemailchangeconfirmation', 'admin'), 1)); 142 $temp->add(new admin_setting_configselect('rememberusername', new lang_string('rememberusername','admin'), new lang_string('rememberusername_desc','admin'), 2, array(1=>new lang_string('yes'), 0=>new lang_string('no'), 2=>new lang_string('optional')))); 143 $temp->add(new admin_setting_configcheckbox('strictformsrequired', new lang_string('strictformsrequired', 'admin'), new lang_string('configstrictformsrequired', 'admin'), 0)); 144 145 $temp->add(new admin_setting_heading('adminpresets', new lang_string('siteadminpresetspluginname', 'core_adminpresets'), '')); 146 $sensiblesettingsdefault = 'recaptchapublickey@@none, recaptchaprivatekey@@none, googlemapkey3@@none, '; 147 $sensiblesettingsdefault .= 'secretphrase@@url, cronremotepassword@@none, smtpuser@@none, '; 148 $sensiblesettingsdefault .= 'smtppass@@none, proxypassword@@none, quizpassword@@quiz, allowedip@@none, blockedip@@none, '; 149 $sensiblesettingsdefault .= 'dbpass@@logstore_database, messageinbound_hostpass@@none, '; 150 $sensiblesettingsdefault .= 'bind_pw@@auth_cas, pass@@auth_db, bind_pw@@auth_ldap, '; 151 $sensiblesettingsdefault .= 'dbpass@@enrol_database, bind_pw@@enrol_ldap, '; 152 $sensiblesettingsdefault .= 'server_password@@search_solr, ssl_keypassword@@search_solr, '; 153 $sensiblesettingsdefault .= 'alternateserver_password@@search_solr, alternatessl_keypassword@@search_solr, '; 154 $sensiblesettingsdefault .= 'test_password@@cachestore_redis, password@@mlbackend_python, '; 155 $sensiblesettingsdefault .= 'badges_badgesalt@@none, calendar_exportsalt@@none'; 156 $temp->add(new admin_setting_configtextarea('adminpresets/sensiblesettings', 157 get_string('sensiblesettings', 'core_adminpresets'), 158 get_string('sensiblesettingstext', 'core_adminpresets'), 159 $sensiblesettingsdefault, PARAM_TEXT)); 160 161 $ADMIN->add('security', $temp); 162 163 // "httpsecurity" settingpage 164 $temp = new admin_settingpage('httpsecurity', new lang_string('httpsecurity', 'admin')); 165 166 $temp->add(new admin_setting_configcheckbox('cookiesecure', new lang_string('cookiesecure', 'admin'), new lang_string('configcookiesecure', 'admin'), 1)); 167 $temp->add(new admin_setting_configcheckbox('cookiehttponly', new lang_string('cookiehttponly', 'admin'), new lang_string('configcookiehttponly', 'admin'), 0)); 168 $temp->add(new admin_setting_configcheckbox('allowframembedding', new lang_string('allowframembedding', 'admin'), new lang_string('allowframembedding_help', 'admin'), 0)); 169 170 // Settings elements used by the \core\files\curl_security_helper class. 171 $blockedhostsdefault = [ 172 '127.0.0.1', 173 '192.168.0.0/16', 174 '10.0.0.0/8', 175 '172.16.0.0/12', 176 '0.0.0.0', 177 'localhost', 178 '169.254.169.254', 179 '0000::1', 180 ]; 181 $allowedportsdefault = ['443', '80']; 182 183 // By default, block various common internal network or cloud provider hosts. 184 $temp->add(new admin_setting_configmixedhostiplist('curlsecurityblockedhosts', 185 new lang_string('curlsecurityblockedhosts', 'admin'), 186 new lang_string('curlsecurityblockedhostssyntax', 'admin'), implode(PHP_EOL, $blockedhostsdefault))); 187 188 // By default, only allow web ports. 189 $temp->add(new admin_setting_configportlist('curlsecurityallowedport', 190 new lang_string('curlsecurityallowedport', 'admin'), 191 new lang_string('curlsecurityallowedportsyntax', 'admin'), implode(PHP_EOL, $allowedportsdefault))); 192 193 // HTTP Header referrer policy settings. 194 $referreroptions = [ 195 'default' => get_string('referrernone', 'admin'), 196 'no-referrer' => 'no-referrer', 197 'no-referrer-when-downgrade' => 'no-referrer-when-downgrade', 198 'origin' => 'origin', 199 'origin-when-cross-origin' => 'origin-when-cross-origin', 200 'same-origin' => 'same-origin', 201 'strict-origin' => 'strict-origin', 202 'strict-origin-when-cross-origin' => 'strict-origin-when-cross-origin', 203 'unsafe-url' => 'unsafe-url', 204 ]; 205 $temp->add(new admin_setting_configselect('referrerpolicy', 206 new lang_string('referrerpolicy', 'admin'), 207 new lang_string('referrerpolicydesc', 'admin'), 'default', $referreroptions)); 208 209 $ADMIN->add('security', $temp); 210 211 // "notifications" settingpage 212 $temp = new admin_settingpage('notifications', new lang_string('notifications', 'admin')); 213 $temp->add(new admin_setting_configcheckbox('displayloginfailures', new lang_string('displayloginfailures', 'admin'), 214 new lang_string('configdisplayloginfailures', 'admin'), 0)); 215 $temp->add(new admin_setting_users_with_capability('notifyloginfailures', new lang_string('notifyloginfailures', 'admin'), new lang_string('confignotifyloginfailures', 'admin'), array(), 'moodle/site:config')); 216 $options = array(); 217 for ($i = 1; $i <= 100; $i++) { 218 $options[$i] = $i; 219 } 220 $temp->add(new admin_setting_configselect('notifyloginthreshold', new lang_string('notifyloginthreshold', 'admin'), new lang_string('confignotifyloginthreshold', 'admin'), '10', $options)); 221 $ADMIN->add('security', $temp); 222 } // end of speedup
title
Description
Body
title
Description
Body
title
Description
Body
title
Body