Moodle 4.1 XRef and Diffs

Search moodle.org's
Developer Documentation
See Release Notes
Long Term Support Release
Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
Moodle 4.1 Database Schema (by Marcus Green)
Differences Between: [Versions 401 and 402] [Versions 401 and 403]
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Return token
  19   * @package    moodlecore
  20   * @copyright  2011 Dongsheng Cai <dongsheng@moodle.com>
  21   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   */
  23  
  24  define('AJAX_SCRIPT', true);
  25  define('REQUIRE_CORRECT_ACCESS', true);
  26  define('NO_MOODLE_COOKIES', true);
  27  
  28  require_once(__DIR__ . '/../config.php');
  29  require_once($CFG->libdir . '/externallib.php');
  30  
  31  // Allow CORS requests.
  32  header('Access-Control-Allow-Origin: *');
  33  
  34  if (!$CFG->enablewebservices) {
  35      throw new moodle_exception('enablewsdescription', 'webservice');
  36  }
  37  
  38  // This script is used by the mobile app to check that the site is available and web services
  39  // are allowed. In this mode, no further action is needed.
  40  if (optional_param('appsitecheck', 0, PARAM_INT)) {
  41      echo json_encode((object)['appsitecheck' => 'ok']);
  42      exit;
  43  }
  44  
  45  $username = required_param('username', PARAM_USERNAME);
  46  $password = required_param('password', PARAM_RAW);
  47  $serviceshortname  = required_param('service',  PARAM_ALPHANUMEXT);
  48  
  49  echo $OUTPUT->header();
  50  
  51  $username = trim(core_text::strtolower($username));
  52  if (is_restored_user($username)) {
  53      throw new moodle_exception('restoredaccountresetpassword', 'webservice');
  54  }
  55  
  56  $systemcontext = context_system::instance();
  57  
  58  $reason = null;
  59  $user = authenticate_user_login($username, $password, false, $reason, false);
  60  if (!empty($user)) {
  61  
  62      // Cannot authenticate unless maintenance access is granted.
  63      $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', $systemcontext, $user);
  64      if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
  65          throw new moodle_exception('sitemaintenance', 'admin');
  66      }
  67  
  68      if (isguestuser($user)) {
  69          throw new moodle_exception('noguest');
  70      }
  71      if (empty($user->confirmed)) {
  72          throw new moodle_exception('usernotconfirmed', 'moodle', '', $user->username);
  73      }
  74      // check credential expiry
  75      $userauth = get_auth_plugin($user->auth);
  76      if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
  77          $days2expire = $userauth->password_expire($user->username);
  78          if (intval($days2expire) < 0 ) {
  79              throw new moodle_exception('passwordisexpired', 'webservice');
  80          }
  81      }
  82  
  83      // let enrol plugins deal with new enrolments if necessary
  84      enrol_check_plugins($user);
  85  
  86      // setup user session to check capability
  87      \core\session\manager::set_user($user);
  88  
  89      //check if the service exists and is enabled
  90      $service = $DB->get_record('external_services', array('shortname' => $serviceshortname, 'enabled' => 1));
  91      if (empty($service)) {
  92          // will throw exception if no token found
  93          throw new moodle_exception('servicenotavailable', 'webservice');
  94      }
  95  
  96      // Get an existing token or create a new one.
  97      $token = external_generate_token_for_current_user($service);
  98      $privatetoken = $token->privatetoken;
  99      external_log_token_request($token);
 100  
 101      $siteadmin = has_capability('moodle/site:config', $systemcontext, $USER->id);
 102  
 103      $usertoken = new stdClass;
 104      $usertoken->token = $token->token;
 105      // Private token, only transmitted to https sites and non-admin users.
 106      if (is_https() and !$siteadmin) {
 107          $usertoken->privatetoken = $privatetoken;
 108      } else {
 109          $usertoken->privatetoken = null;
 110      }
 111      echo json_encode($usertoken);
 112  } else {
 113      throw new moodle_exception('invalidlogin');
 114  }