Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]

   1  <?php
   2  
   3      // Designed to be redirected from moodle/login/index.php
   4  
   5      require('../../config.php');
   6  
   7      $context = context_system::instance();
   8      $PAGE->set_url('/auth/shibboleth/index.php');
   9      $PAGE->set_context($context);
  10  
  11      // Support for WAYFless URLs.
  12      $target = optional_param('target', '', PARAM_LOCALURL);
  13      if (!empty($target) && empty($SESSION->wantsurl)) {
  14          $SESSION->wantsurl = $target;
  15      }
  16  
  17      if (isloggedin() && !isguestuser()) {      // Nothing to do
  18          if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
  19              $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
  20              unset($SESSION->wantsurl);
  21  
  22          } else {
  23              $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
  24              unset($SESSION->wantsurl);         /// Just in case
  25          }
  26  
  27          redirect($urltogo);
  28  
  29      }
  30  
  31      $pluginconfig   = get_config('auth_shibboleth');
  32      $shibbolethauth = get_auth_plugin('shibboleth');
  33  
  34      // Check whether Shibboleth is configured properly
  35      $readmeurl = (new moodle_url('/auth/shibboleth/README.txt'))->out();
  36      if (empty($pluginconfig->user_attribute)) {
  37          throw new \moodle_exception('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
  38       }
  39  
  40  /// If we can find the Shibboleth attribute, save it in session and return to main login page
  41      if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
  42          $frm = new stdClass();
  43          $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
  44          // The password is never actually used, but needs to be passed to the functions 'user_login' and
  45          // 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
  46          // used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
  47          // returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
  48          // rather than setting the password to a hard-coded value, we will generate one each time, in case there are
  49          // changes to the Shibboleth plugin and it is actually used.
  50          $frm->password = generate_password(8);
  51  
  52      /// Check if the user has actually submitted login data to us
  53          $reason = null;
  54  
  55          if ($shibbolethauth->user_login($frm->username, $frm->password)
  56                  && $user = authenticate_user_login($frm->username, $frm->password, false, $reason, false)) {
  57              complete_user_login($user);
  58  
  59              if (user_not_fully_set_up($USER, true)) {
  60                  $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
  61                  // We don't delete $SESSION->wantsurl yet, so we get there later
  62  
  63              } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
  64                  $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
  65                  unset($SESSION->wantsurl);
  66  
  67              } else {
  68                  $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
  69                  unset($SESSION->wantsurl);         /// Just in case
  70              }
  71  
  72              /// Go to my-moodle page instead of homepage if defaulthomepage enabled
  73          if (!has_capability('moodle/site:config',
  74                  context_system::instance()) and !empty($CFG->defaulthomepage) and !isguestuser()) {
  75              if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
  76                  if ($CFG->defaulthomepage == HOMEPAGE_MY && !empty($CFG->enabledashboard)) {
  77                      $urltogo = $CFG->wwwroot.'/my/';
  78                  } else if ($CFG->defaulthomepage == HOMEPAGE_MYCOURSES) {
  79                      $urltogo = $CFG->wwwroot.'/my/courses.php';
  80                  }
  81              }
  82          }
  83  
  84              redirect($urltogo);
  85  
  86              exit;
  87          }
  88  
  89          else {
  90              // The Shibboleth user couldn't be mapped to a valid Moodle user
  91              throw new \moodle_exception('shib_invalid_account_error', 'auth_shibboleth');
  92          }
  93      }
  94  
  95      // If we can find any (user independent) Shibboleth attributes but no user
  96      // attributes we probably didn't receive any user attributes
  97      elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
  98          throw new \moodle_exception('shib_no_attributes_error', 'auth_shibboleth' , '',
  99              '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.
 100              $pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
 101      } else {
 102          throw new \moodle_exception('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
 103      }