Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
  • Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Web service auth plugin, reserves username, prevents normal login.
  19   * TODO: add IP restrictions and some other features - MDL-17135
  20   *
  21   * @package    auth_webservice
  22   * @copyright  2008 Petr Skoda (http://skodak.org)
  23   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  24   */
  25  
  26  defined('MOODLE_INTERNAL') || die();
  27  
  28  require_once($CFG->libdir.'/authlib.php');
  29  
  30  /**
  31   * Web service auth plugin.
  32   */
  33  class auth_plugin_webservice extends auth_plugin_base {
  34  
  35      /**
  36       * Constructor.
  37       */
  38      public function __construct() {
  39          $this->authtype = 'webservice';
  40          $this->config = get_config('auth_webservice');
  41      }
  42  
  43      /**
  44       * Old syntax of class constructor. Deprecated in PHP7.
  45       *
  46       * @deprecated since Moodle 3.1
  47       */
  48      public function auth_plugin_webservice() {
  49          debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);
  50          self::__construct();
  51      }
  52  
  53      /**
  54       * Returns true if the username and password work and false if they are
  55       * wrong or don't exist.
  56       *
  57       * @param string $username The username (with system magic quotes)
  58       * @param string $password The password (with system magic quotes)
  59       *
  60       * @return bool Authentication success or failure.
  61       */
  62      function user_login($username, $password) {
  63          // normla logins not allowed!
  64          return false;
  65      }
  66  
  67      /**
  68       * Custom auth hook for web services.
  69       * @param string $username
  70       * @param string $password
  71       * @return bool success
  72       */
  73      function user_login_webservice($username, $password) {
  74          global $CFG, $DB;
  75          // special web service login
  76          if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
  77              return validate_internal_user_password($user, $password);
  78          }
  79          return false;
  80      }
  81  
  82      /**
  83       * Updates the user's password.
  84       *
  85       * called when the user password is updated.
  86       *
  87       * @param  object  $user        User table object  (with system magic quotes)
  88       * @param  string  $newpassword Plaintext password (with system magic quotes)
  89       * @return boolean result
  90       *
  91       */
  92      function user_update_password($user, $newpassword) {
  93          $user = get_complete_user_data('id', $user->id);
  94          // This will also update the stored hash to the latest algorithm
  95          // if the existing hash is using an out-of-date algorithm (or the
  96          // legacy md5 algorithm).
  97          return update_internal_user_password($user, $newpassword);
  98      }
  99  
 100      /**
 101       * Returns true if this authentication plugin is 'internal'.
 102       *
 103       * Webserice auth doesn't use password fields, it uses only tokens.
 104       *
 105       * @return bool
 106       */
 107      function is_internal() {
 108          return false;
 109      }
 110  
 111      /**
 112       * Returns true if this authentication plugin can change the user's
 113       * password.
 114       *
 115       * @return bool
 116       */
 117      function can_change_password() {
 118          return false;
 119      }
 120  
 121      /**
 122       * Returns the URL for changing the user's pw, or empty if the default can
 123       * be used.
 124       *
 125       * @return moodle_url
 126       */
 127      function change_password_url() {
 128          return null;
 129      }
 130  
 131      /**
 132       * Returns true if plugin allows resetting of internal password.
 133       *
 134       * @return bool
 135       */
 136      function can_reset_password() {
 137          return false;
 138      }
 139  
 140     /**
 141       * Confirm the new user as registered. This should normally not be used,
 142       * but it may be necessary if the user auth_method is changed to manual
 143       * before the user is confirmed.
 144       */
 145      function user_confirm($username, $confirmsecret = null) {
 146          return AUTH_CONFIRM_ERROR;
 147      }
 148  
 149  }