Moodle 4.2 XRef and Diffs

Search moodle.org's
Developer Documentation
Bug fixes for general core bugs in 4.2.x will end 22 April 2024 (12 months).
Bug fixes for security issues in 4.2.x will end 7 October 2024 (18 months).
PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.1.x is supported too.
Moodle 4.2 Database Schema (by Marcus Green)
Differences Between: [Versions 310 and 402] [Versions 311 and 402] [Versions 39 and 402] [Versions 400 and 402] [Versions 401 and 402]
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Return token
  19   * @package    moodlecore
  20   * @copyright  2011 Dongsheng Cai <dongsheng@moodle.com>
  21   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  22   */
  23  
  24  define('AJAX_SCRIPT', true);
  25  define('REQUIRE_CORRECT_ACCESS', true);
  26  define('NO_MOODLE_COOKIES', true);
  27  
  28  require_once(__DIR__ . '/../config.php');
  29  
  30  // Allow CORS requests.
  31  header('Access-Control-Allow-Origin: *');
  32  
  33  if (!$CFG->enablewebservices) {
  34      throw new moodle_exception('enablewsdescription', 'webservice');
  35  }
  36  
  37  // This script is used by the mobile app to check that the site is available and web services
  38  // are allowed. In this mode, no further action is needed.
  39  if (optional_param('appsitecheck', 0, PARAM_INT)) {
  40      echo json_encode((object)['appsitecheck' => 'ok']);
  41      exit;
  42  }
  43  
  44  $username = required_param('username', PARAM_USERNAME);
  45  $password = required_param('password', PARAM_RAW);
  46  $serviceshortname  = required_param('service',  PARAM_ALPHANUMEXT);
  47  
  48  echo $OUTPUT->header();
  49  
  50  $username = trim(core_text::strtolower($username));
  51  if (is_restored_user($username)) {
  52      throw new moodle_exception('restoredaccountresetpassword', 'webservice');
  53  }
  54  
  55  $systemcontext = context_system::instance();
  56  
  57  $reason = null;
  58  $user = authenticate_user_login($username, $password, false, $reason, false);
  59  if (!empty($user)) {
  60  
  61      // Cannot authenticate unless maintenance access is granted.
  62      $hasmaintenanceaccess = has_capability('moodle/site:maintenanceaccess', $systemcontext, $user);
  63      if (!empty($CFG->maintenance_enabled) and !$hasmaintenanceaccess) {
  64          throw new moodle_exception('sitemaintenance', 'admin');
  65      }
  66  
  67      if (isguestuser($user)) {
  68          throw new moodle_exception('noguest');
  69      }
  70      if (empty($user->confirmed)) {
  71          throw new moodle_exception('usernotconfirmed', 'moodle', '', $user->username);
  72      }
  73      // check credential expiry
  74      $userauth = get_auth_plugin($user->auth);
  75      if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
  76          $days2expire = $userauth->password_expire($user->username);
  77          if (intval($days2expire) < 0 ) {
  78              throw new moodle_exception('passwordisexpired', 'webservice');
  79          }
  80      }
  81  
  82      // let enrol plugins deal with new enrolments if necessary
  83      enrol_check_plugins($user);
  84  
  85      // setup user session to check capability
  86      \core\session\manager::set_user($user);
  87  
  88      //check if the service exists and is enabled
  89      $service = $DB->get_record('external_services', array('shortname' => $serviceshortname, 'enabled' => 1));
  90      if (empty($service)) {
  91          // will throw exception if no token found
  92          throw new moodle_exception('servicenotavailable', 'webservice');
  93      }
  94  
  95      // Get an existing token or create a new one.
  96      $token = \core_external\util::generate_token_for_current_user($service);
  97      $privatetoken = $token->privatetoken;
  98      \core_external\util::log_token_request($token);
  99  
 100      $siteadmin = has_capability('moodle/site:config', $systemcontext, $USER->id);
 101  
 102      $usertoken = new stdClass;
 103      $usertoken->token = $token->token;
 104      // Private token, only transmitted to https sites and non-admin users.
 105      if (is_https() and !$siteadmin) {
 106          $usertoken->privatetoken = $privatetoken;
 107      } else {
 108          $usertoken->privatetoken = null;
 109      }
 110      echo json_encode($usertoken);
 111  } else {
 112      throw new moodle_exception('invalidlogin');
 113  }