Moodle 4.2 XRef and Diffs

Search moodle.org's
Developer Documentation
Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
Moodle 4.2 Database Schema (by Marcus Green)
Differences Between: [Versions 310 and 402] [Versions 311 and 402] [Versions 39 and 402] [Versions 400 and 402]
   1  <?php
   2  
   3      // Designed to be redirected from moodle/login/index.php
   4  
   5      require('../../config.php');
   6  
   7      $context = context_system::instance();
   8      $PAGE->set_url('/auth/shibboleth/index.php');
   9      $PAGE->set_context($context);
  10  
  11      // Support for WAYFless URLs.
  12      $target = optional_param('target', '', PARAM_LOCALURL);
  13      if (!empty($target) && empty($SESSION->wantsurl)) {
  14          $SESSION->wantsurl = $target;
  15      }
  16  
  17      if (isloggedin() && !isguestuser()) {      // Nothing to do
  18          if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
  19              $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
  20              unset($SESSION->wantsurl);
  21  
  22          } else {
  23              $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
  24              unset($SESSION->wantsurl);         /// Just in case
  25          }
  26  
  27          redirect($urltogo);
  28  
  29      }
  30  
  31      $pluginconfig   = get_config('auth_shibboleth');
  32      $shibbolethauth = get_auth_plugin('shibboleth');
  33  
  34      // Check whether Shibboleth is configured properly
  35      $readmeurl = (new moodle_url('/auth/shibboleth/README.txt'))->out();
  36      if (empty($pluginconfig->user_attribute)) {
  37          throw new \moodle_exception('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
  38       }
  39  
  40  /// If we can find the Shibboleth attribute, save it in session and return to main login page
  41      if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
  42          $frm = new stdClass();
  43          $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
  44          // The password is never actually used, but needs to be passed to the functions 'user_login' and
  45          // 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
  46          // used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
  47          // returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
  48          // rather than setting the password to a hard-coded value, we will generate one each time, in case there are
  49          // changes to the Shibboleth plugin and it is actually used.
  50          $frm->password = generate_password(8);
  51  
  52      /// Check if the user has actually submitted login data to us
  53          $reason = null;
  54  
  55          if ($shibbolethauth->user_login($frm->username, $frm->password)
  56                  && $user = authenticate_user_login($frm->username, $frm->password, false, $reason, false)) {
  57              complete_user_login($user);
  58  
  59              if (user_not_fully_set_up($USER, true)) {
  60                  $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
  61                  // We don't delete $SESSION->wantsurl yet, so we get there later
  62  
  63              } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
  64                  $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
  65                  unset($SESSION->wantsurl);
  66  
  67              } else {
  68                  $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
  69                  unset($SESSION->wantsurl);         /// Just in case
  70              }
  71  
  72              /// Go to my-moodle page instead of homepage if defaulthomepage enabled
  73          if (!has_capability('moodle/site:config',
  74                  context_system::instance()) and !empty($CFG->defaulthomepage) and !isguestuser()) {
  75              if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
  76                  if ($CFG->defaulthomepage == HOMEPAGE_MY && !empty($CFG->enabledashboard)) {
  77                      $urltogo = $CFG->wwwroot.'/my/';
  78                  } else if ($CFG->defaulthomepage == HOMEPAGE_MYCOURSES) {
  79                      $urltogo = $CFG->wwwroot.'/my/courses.php';
  80                  }
  81              }
  82          }
  83  
  84              redirect($urltogo);
  85  
  86              exit;
  87          }
  88  
  89          else {
  90              // The Shibboleth user couldn't be mapped to a valid Moodle user
  91              throw new \moodle_exception('shib_invalid_account_error', 'auth_shibboleth');
  92          }
  93      }
  94  
  95      // If we can find any (user independent) Shibboleth attributes but no user
  96      // attributes we probably didn't receive any user attributes
  97      elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
  98          throw new \moodle_exception('shib_no_attributes_error', 'auth_shibboleth' , '',
  99              '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.
 100              $pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
 101      } else {
 102          throw new \moodle_exception('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
 103      }