Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 401 and 402] [Versions 401 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Auto-login end-point, a user can be fully authenticated in the site providing a valid key.
  19   *
  20   * @package    tool_mobile
  21   * @copyright  2016 Juan Leyva
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  require_once(__DIR__ . '/../../../config.php');
  26  require_once($CFG->libdir . '/externallib.php');
  27  
  28  $userid = required_param('userid', PARAM_INT);  // The user id the key belongs to (for double-checking).
  29  $key = required_param('key', PARAM_ALPHANUMEXT);    // The key generated by the tool_mobile_external::get_autologin_key() external function.
  30  $urltogo = optional_param('urltogo', $CFG->wwwroot, PARAM_LOCALURL);    // URL to redirect.
  31  $urltogo = $urltogo ?: $CFG->wwwroot;
  32  
  33  $context = context_system::instance();
  34  $PAGE->set_context($context);
  35  
  36  // Check if the user is already logged-in.
  37  if (isloggedin() and !isguestuser()) {
  38      delete_user_key('tool_mobile', $userid);
  39      if ($USER->id == $userid) {
  40          redirect($urltogo);
  41      } else {
  42          throw new moodle_exception('alreadyloggedin', 'error', '', format_string(fullname($USER)));
  43      }
  44  }
  45  
  46  tool_mobile\api::check_autologin_prerequisites($userid);
  47  
  48  // Validate and delete the key.
  49  $key = validate_user_key($key, 'tool_mobile', null);
  50  delete_user_key('tool_mobile', $userid);
  51  
  52  // Double check key belong to user.
  53  if ($key->userid != $userid) {
  54      throw new moodle_exception('invalidkey');
  55  }
  56  
  57  // Key validated, now require an active user: not guest, not suspended.
  58  $user = core_user::get_user($key->userid, '*', MUST_EXIST);
  59  core_user::require_active_user($user, true, true);
  60  
  61  // Do the user log-in.
  62  if (!$user = get_complete_user_data('id', $user->id)) {
  63      throw new moodle_exception('cannotfinduser', '', '', $user->id);
  64  }
  65  
  66  complete_user_login($user);
  67  \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
  68  
  69  redirect($urltogo);