Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.

Differences Between: [Versions 310 and 403] [Versions 311 and 403] [Versions 39 and 403] [Versions 400 and 403]

   1  <?php
   2  
   3      require_once("../../config.php");
   4      require_once($CFG->dirroot."/auth/shibboleth/auth.php");
   5  
   6      $idp = optional_param('idp', null, PARAM_RAW);
   7  
   8      // Check for timed out sessions.
   9      if (!empty($SESSION->has_timed_out)) {
  10          $session_has_timed_out = true;
  11          $SESSION->has_timed_out = false;
  12      } else {
  13          $session_has_timed_out = false;
  14      }
  15  
  16      // Define variables used in page.
  17      $isvalid = true;
  18      $site = get_site();
  19  
  20      $loginsite = get_string("loginsite");
  21  
  22      $loginurl = (!empty($CFG->alternateloginurl)) ? $CFG->alternateloginurl : '';
  23  
  24      $config = get_config('auth_shibboleth');
  25      if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($config->auth_instructions)) {
  26          $showinstructions = true;
  27      } else {
  28          $showinstructions = false;
  29      }
  30  
  31      $idplist = get_idp_list($config->organization_selection);
  32      if (isset($idp)) {
  33          if (isset($idplist[$idp])) {
  34              set_saml_cookie($idp);
  35  
  36              $targeturl = new moodle_url('/auth/shibboleth/index.php');
  37              $idpinfo = $idplist[$idp];
  38  
  39              // Redirect to SessionInitiator with entityID as argument.
  40              if (isset($idpinfo[1]) && !empty($idpinfo[1])) {
  41                  $sso = $idpinfo[1];
  42              } else {
  43                  $sso = '/Shibboleth.sso';
  44              }
  45              // For Shibboleth 1.x Service Providers.
  46              header('Location: ' . $sso . '?providerId=' . urlencode($idp) . '&target=' . urlencode($targeturl->out()));
  47  
  48          } else {
  49              $isvalid = false;
  50          }
  51      }
  52  
  53      $loginsite = get_string("loginsite");
  54  
  55      $PAGE->set_url('/auth/shibboleth/login.php');
  56      $PAGE->set_context(context_system::instance());
  57      $PAGE->navbar->add($loginsite);
  58      $PAGE->set_title($loginsite);
  59      $PAGE->set_heading($site->fullname);
  60      $PAGE->set_pagelayout('login');
  61  
  62      echo $OUTPUT->header();
  63  
  64      if (isloggedin() and !isguestuser()) {
  65          // Prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed.
  66          echo $OUTPUT->box_start();
  67          $params = array('sesskey' => sesskey(), 'loginpage' => 1);
  68          $logout = new single_button(new moodle_url('/login/logout.php', $params), get_string('logout'), 'post');
  69          $continue = new single_button(new moodle_url('/'), get_string('cancel'), 'get');
  70          echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
  71          echo $OUTPUT->box_end();
  72      } else {
  73          // Print login page.
  74          $selectedidp = '-';
  75          if (isset($_COOKIE['_saml_idp'])) {
  76              $idpcookie = generate_cookie_array($_COOKIE['_saml_idp']);
  77              do {
  78                  $selectedidp = array_pop($idpcookie);
  79              } while (!isset($idplist[$selectedidp]) && count($idpcookie) > 0);
  80          }
  81  
  82          $idps = [];
  83          foreach ($idplist as $value => $data) {
  84              $name = reset($data);
  85              $selected = $value === $selectedidp;
  86              $idps[] = (object)[
  87                  'name' => $name,
  88                  'value' => $value,
  89                  'selected' => $selected
  90              ];
  91          }
  92  
  93          // Whether the user can sign up.
  94          $cansignup = !empty($CFG->registerauth);
  95          // Default instructions.
  96          $instructions = format_text($config->auth_instructions);
  97          if (is_enabled_auth('none')) {
  98              $instructions = get_string('loginstepsnone');
  99          } else if ($cansignup) {
 100              if ($CFG->registerauth === 'email' && empty($instructions)) {
 101                  $instructions = get_string('loginsteps');
 102              }
 103          }
 104  
 105          // Build the template context data.
 106          $templatedata = (object)[
 107              'adminemail' => get_admin()->email,
 108              'cansignup' => $cansignup,
 109              'guestlogin' => $CFG->guestloginbutton,
 110              'guestloginurl' => new moodle_url('/login/index.php'),
 111              'idps' => $idps,
 112              'instructions' => $instructions,
 113              'loginname' => $config->login_name ?? null,
 114              'logintoken' => \core\session\manager::get_login_token(),
 115              'loginurl' => new moodle_url('/auth/shibboleth/login.php'),
 116              'showinstructions' => $showinstructions,
 117              'signupurl' => new moodle_url('/login/signup.php'),
 118              'isvalid' => $isvalid
 119          ];
 120  
 121          // Render the login form.
 122          echo $OUTPUT->render_from_template('auth_shibboleth/login_form', $templatedata);
 123      }
 124  
 125      echo $OUTPUT->footer();