Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Authentication Plugin: Email Authentication
  19   *
  20   * @author Martin Dougiamas
  21   * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
  22   * @package auth_email
  23   */
  24  
  25  defined('MOODLE_INTERNAL') || die();
  26  
  27  require_once($CFG->libdir.'/authlib.php');
  28  
  29  /**
  30   * Email authentication plugin.
  31   */
  32  class auth_plugin_email extends auth_plugin_base {
  33  
  34      /**
  35       * Constructor.
  36       */
  37      public function __construct() {
  38          $this->authtype = 'email';
  39          $this->config = get_config('auth_email');
  40      }
  41  
  42      /**
  43       * Old syntax of class constructor. Deprecated in PHP7.
  44       *
  45       * @deprecated since Moodle 3.1
  46       */
  47      public function auth_plugin_email() {
  48          debugging('Use of class name as constructor is deprecated', DEBUG_DEVELOPER);
  49          self::__construct();
  50      }
  51  
  52      /**
  53       * Returns true if the username and password work and false if they are
  54       * wrong or don't exist.
  55       *
  56       * @param string $username The username
  57       * @param string $password The password
  58       * @return bool Authentication success or failure.
  59       */
  60      function user_login ($username, $password) {
  61          global $CFG, $DB;
  62          if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id))) {
  63              return validate_internal_user_password($user, $password);
  64          }
  65          return false;
  66      }
  67  
  68      /**
  69       * Updates the user's password.
  70       *
  71       * called when the user password is updated.
  72       *
  73       * @param  object  $user        User table object  (with system magic quotes)
  74       * @param  string  $newpassword Plaintext password (with system magic quotes)
  75       * @return boolean result
  76       *
  77       */
  78      function user_update_password($user, $newpassword) {
  79          $user = get_complete_user_data('id', $user->id);
  80          // This will also update the stored hash to the latest algorithm
  81          // if the existing hash is using an out-of-date algorithm (or the
  82          // legacy md5 algorithm).
  83          return update_internal_user_password($user, $newpassword);
  84      }
  85  
  86      function can_signup() {
  87          return true;
  88      }
  89  
  90      /**
  91       * Sign up a new user ready for confirmation.
  92       * Password is passed in plaintext.
  93       *
  94       * @param object $user new user object
  95       * @param boolean $notify print notice with link and terminate
  96       */
  97      function user_signup($user, $notify=true) {
  98          // Standard signup, without custom confirmatinurl.
  99          return $this->user_signup_with_confirmation($user, $notify);
 100      }
 101  
 102      /**
 103       * Sign up a new user ready for confirmation.
 104       *
 105       * Password is passed in plaintext.
 106       * A custom confirmationurl could be used.
 107       *
 108       * @param object $user new user object
 109       * @param boolean $notify print notice with link and terminate
 110       * @param string $confirmationurl user confirmation URL
 111       * @return boolean true if everything well ok and $notify is set to true
 112       * @throws moodle_exception
 113       * @since Moodle 3.2
 114       */
 115      public function user_signup_with_confirmation($user, $notify=true, $confirmationurl = null) {
 116          global $CFG, $DB, $SESSION;
 117          require_once($CFG->dirroot.'/user/profile/lib.php');
 118          require_once($CFG->dirroot.'/user/lib.php');
 119  
 120          $plainpassword = $user->password;
 121          $user->password = hash_internal_user_password($user->password);
 122          if (empty($user->calendartype)) {
 123              $user->calendartype = $CFG->calendartype;
 124          }
 125  
 126          $user->id = user_create_user($user, false, false);
 127  
 128          user_add_password_history($user->id, $plainpassword);
 129  
 130          // Save any custom profile field information.
 131          profile_save_data($user);
 132  
 133          // Save wantsurl against user's profile, so we can return them there upon confirmation.
 134          if (!empty($SESSION->wantsurl)) {
 135              set_user_preference('auth_email_wantsurl', $SESSION->wantsurl, $user);
 136          }
 137  
 138          // Trigger event.
 139          \core\event\user_created::create_from_userid($user->id)->trigger();
 140  
 141          if (! send_confirmation_email($user, $confirmationurl)) {
 142              throw new \moodle_exception('auth_emailnoemail', 'auth_email');
 143          }
 144  
 145          if ($notify) {
 146              global $CFG, $PAGE, $OUTPUT;
 147              $emailconfirm = get_string('emailconfirm');
 148              $PAGE->navbar->add($emailconfirm);
 149              $PAGE->set_title($emailconfirm);
 150              $PAGE->set_heading($PAGE->course->fullname);
 151              echo $OUTPUT->header();
 152              notice(get_string('emailconfirmsent', '', $user->email), "$CFG->wwwroot/index.php");
 153          } else {
 154              return true;
 155          }
 156      }
 157  
 158      /**
 159       * Returns true if plugin allows confirming of new users.
 160       *
 161       * @return bool
 162       */
 163      function can_confirm() {
 164          return true;
 165      }
 166  
 167      /**
 168       * Confirm the new user as registered.
 169       *
 170       * @param string $username
 171       * @param string $confirmsecret
 172       */
 173      function user_confirm($username, $confirmsecret) {
 174          global $DB, $SESSION;
 175          $user = get_complete_user_data('username', $username);
 176  
 177          if (!empty($user)) {
 178              if ($user->auth != $this->authtype) {
 179                  return AUTH_CONFIRM_ERROR;
 180  
 181              } else if ($user->secret === $confirmsecret && $user->confirmed) {
 182                  return AUTH_CONFIRM_ALREADY;
 183  
 184              } else if ($user->secret === $confirmsecret) {   // They have provided the secret key to get in
 185                  $DB->set_field("user", "confirmed", 1, array("id"=>$user->id));
 186  
 187                  if ($wantsurl = get_user_preferences('auth_email_wantsurl', false, $user)) {
 188                      // Ensure user gets returned to page they were trying to access before signing up.
 189                      $SESSION->wantsurl = $wantsurl;
 190                      unset_user_preference('auth_email_wantsurl', $user);
 191                  }
 192  
 193                  return AUTH_CONFIRM_OK;
 194              }
 195          } else {
 196              return AUTH_CONFIRM_ERROR;
 197          }
 198      }
 199  
 200      function prevent_local_passwords() {
 201          return false;
 202      }
 203  
 204      /**
 205       * Returns true if this authentication plugin is 'internal'.
 206       *
 207       * @return bool
 208       */
 209      function is_internal() {
 210          return true;
 211      }
 212  
 213      /**
 214       * Returns true if this authentication plugin can change the user's
 215       * password.
 216       *
 217       * @return bool
 218       */
 219      function can_change_password() {
 220          return true;
 221      }
 222  
 223      /**
 224       * Returns the URL for changing the user's pw, or empty if the default can
 225       * be used.
 226       *
 227       * @return moodle_url
 228       */
 229      function change_password_url() {
 230          return null; // use default internal method
 231      }
 232  
 233      /**
 234       * Returns true if plugin allows resetting of internal password.
 235       *
 236       * @return bool
 237       */
 238      function can_reset_password() {
 239          return true;
 240      }
 241  
 242      /**
 243       * Returns true if plugin can be manually set.
 244       *
 245       * @return bool
 246       */
 247      function can_be_manually_set() {
 248          return true;
 249      }
 250  
 251      /**
 252       * Returns whether or not the captcha element is enabled.
 253       * @return bool
 254       */
 255      function is_captcha_enabled() {
 256          return get_config("auth_{$this->authtype}", 'recaptcha');
 257      }
 258  
 259  }