Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403] [Versions 401 and 403]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Auto-login end-point, a user can be fully authenticated in the site providing a valid key. 19 * 20 * @package tool_mobile 21 * @copyright 2016 Juan Leyva 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 require_once(__DIR__ . '/../../../config.php'); 26 27 $userid = required_param('userid', PARAM_INT); // The user id the key belongs to (for double-checking). 28 $key = required_param('key', PARAM_ALPHANUMEXT); // The key generated by the tool_mobile_external::get_autologin_key() external function. 29 $urltogo = optional_param('urltogo', $CFG->wwwroot, PARAM_LOCALURL); // URL to redirect. 30 $urltogo = $urltogo ?: $CFG->wwwroot; 31 32 $context = context_system::instance(); 33 $PAGE->set_context($context); 34 35 // Check if the user is already logged-in. 36 if (isloggedin() and !isguestuser()) { 37 delete_user_key('tool_mobile', $userid); 38 if ($USER->id == $userid) { 39 redirect($urltogo); 40 } else { 41 throw new moodle_exception('alreadyloggedin', 'error', '', format_string(fullname($USER))); 42 } 43 } 44 45 tool_mobile\api::check_autologin_prerequisites($userid); 46 47 // Validate and delete the key. 48 $key = validate_user_key($key, 'tool_mobile', null); 49 delete_user_key('tool_mobile', $userid); 50 51 // Double check key belong to user. 52 if ($key->userid != $userid) { 53 throw new moodle_exception('invalidkey'); 54 } 55 56 // Key validated, now require an active user: not guest, not suspended. 57 $user = core_user::get_user($key->userid, '*', MUST_EXIST); 58 core_user::require_active_user($user, true, true); 59 60 // Do the user log-in. 61 if (!$user = get_complete_user_data('id', $user->id)) { 62 throw new moodle_exception('cannotfinduser', '', '', $user->id); 63 } 64 65 complete_user_login($user); 66 \core\session\manager::apply_concurrent_login_limit($user->id, session_id()); 67 68 redirect($urltogo);
title
Description
Body
title
Description
Body
title
Description
Body
title
Body