[moodle.git] / auth / db / auth.php

<?php

/**
 * @author Martin Dougiamas
 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
 * @package moodle multiauth
 *
 * Authentication Plugin: External Database Authentication
 *
 * Checks against an external database.
 *
 * 2006-08-28  File created.
 */

// This page cannot be called directly
if (!isset($CFG)) exit;

/**
 * External database authentication plugin.
 */
class auth_plugin_db {

    /**
     * The configuration details for the plugin.
     */
    var $config;

    /**
     * Constructor.
     */
    function auth_plugin_db() {
        $this->config = get_config('auth/db');
    }

    /**
     * Returns true if the username and password work and false if they are
     * wrong or don't exist.
     *
     * @param string $username The username
     * @param string $password The password
     * @returns bool Authentication success or failure.
     */
    function user_login ($username, $password) {

        global $CFG;

        // Connect to the external database (forcing new connection)
        $authdb = &ADONewConnection($this->config->type); 
        $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true); 
        $authdb->SetFetchMode(ADODB_FETCH_ASSOC);

        if ($this->config->passtype === 'internal') { 
            // lookup username externally, but resolve
            // password locally -- to support backend that
            // don't track passwords
            $rs = $authdb->Execute("SELECT * FROM {$this->config->table} 
                                     WHERE {$this->config->fielduser} = '$username' ");
            $authdb->Close();

            if (!$rs) {
                print_error('auth_dbcantconnect','auth');
                return false;
            }
        
            if ( $rs->RecordCount() ) {
                // user exists exterally
                // check username/password internally
                if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
                    return validate_internal_user_password($user, $password);
                }
            } else {
                // user does not exist externally
                return false;
            }  

        } else { 
            // normal case: use external db for passwords

            if ($this->config->passtype === 'md5') {   // Re-format password accordingly
                $password = md5($password);
            }

            $rs = $authdb->Execute("SELECT * FROM {$this->config->table} 
                                WHERE {$this->config->fielduser} = '$username' 
                                  AND {$this->config->fieldpass} = '$password' ");
            $authdb->Close();
            
            if (!$rs) {
                print_error('auth_dbcantconnect','auth');
                return false;
            }
        
            if ( $rs->RecordCount() ) {
                return true;
            } else {
                return false;
            }        
            
        }
    }


    /**
     * Reads any other information for a user from external database,
     * then returns it in an array
     */
    function get_userinfo($username) {

        global $CFG;

        // Connect to the external database (forcing new connection)
        $authdb = &ADONewConnection($this->config->type);
        $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true); 
        $authdb->SetFetchMode(ADODB_FETCH_ASSOC);

        $fields = array("firstname", "lastname", "email", "phone1", "phone2", 
                        "department", "address", "city", "country", "description", 
                        "idnumber", "lang");


        //Array to map local fieldnames we want, to external fieldnames
        $selectfields = array();
        foreach ($fields as $field) {
            if (!empty($this->config->{'field_map_' . $field})) {
                $selectfields[$field] = $this->config->{'field_map_' . $field};
            }
        }
        $result = array();
        //If at least one field is mapped from external db, get that mapped data:
        if ($selectfields) {
            $select = '';
            foreach ($selectfields as $localname=>$externalname) {
                $select .= ", $externalname AS $localname";
            }
            $select = 'SELECT ' . substr($select,1);
            $sql = $select .
                " FROM {$this->config->table}" .
                " WHERE {$this->config->fielduser} = '$username'";
            if ($rs = $authdb->Execute($sql)) {
                if ( $rs->RecordCount() == 1 ) {
                    $fields_obj = rs_fetch_record($rs);
                    foreach ($selectfields as $localname=>$externalname) {
                        if (empty($CFG->unicodedb)) {
                            $fields_obj->{$localname} = utf8_decode($fields_obj->{$localname});
                         }
                        $result[$localname] = addslashes(stripslashes($fields_obj->{$localname}));
                     }
                 }
                 rs_close($rs);
            }
        }
        $authdb->Close();

        return $result;
    }


    /**
     * Change a user's password
     *
     * @param  object  $user         The user to update
     * @param  string  $newpassword  The new password
     * @return bool                  True on success
     */
    function user_update_password($user, $newpassword) {

        global $CFG;
        if ($this->config->passtype === 'internal') {
            return set_field('user', 'password', md5($newpassword), 'id', $user->id, 'mnethostid', $CFG->mnet_localhost_id);
        } else {
            // we should have never been called!
            return false;
        }
    }

    /**
     * syncronizes user fron external db to moodle user table
     *
     * Sync shouid be done by using idnumber attribute, not username.
     * You need to pass firstsync parameter to function to fill in
     * idnumbers if they dont exists in moodle user table.
     * 
     * Syncing users removes (disables) users that dont exists anymore in external db.
     * Creates new users and updates coursecreator status of users. 
     * 
     * @param bool $do_updates  Optional: set to true to force an update of existing accounts
     *
     * This implementation is simpler but less scalable than the one found in the LDAP module.
     *
     */
    function sync_users ($do_updates=0) {
        
        global $CFG;
        $pcfg = get_config('auth/db');

        ///
        /// list external users
        ///
        $userlist = $this->get_userlist();
        $quoteduserlist = implode("', '", $userlist);
        $quoteduserlist = "'$quoteduserlist'";

        ///
        /// delete obsolete internal users
        ///
           
        // find obsolete users
        if (count($userlist)) {
            $sql = 'SELECT u.id, u.username 
                    FROM ' . $CFG->prefix .'user u 
                    WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username NOT IN (' . $quoteduserlist . ')';
        } else {
            $sql = 'SELECT u.id, u.username 
                    FROM ' . $CFG->prefix .'user u 
                    WHERE u.auth=\'db\' AND u.deleted=\'0\' ';
        }
        $remove_users = get_records_sql($sql); 

        if (!empty($remove_users)) {
            print_string('auth_dbuserstoremove','auth', count($remove_users));
            echo "\n";

            begin_sql();
            foreach ($remove_users as $user) {
                //following is copy pasted from admin/user.php
                //maybe this should moved to function in lib/datalib.php
                $updateuser = new stdClass();
                $updateuser->id = $user->id;
                $updateuser->deleted = "1";
                $updateuser->timemodified = time();
                if (update_record("user", $updateuser)) {
                    // unenrol_student($user->id);  // From all courses
                    // remove_teacher($user->id);   // From all courses
                    // remove_admin($user->id);
                    delete_records('role_assignments', 'userid', $user->id); // unassign all roles
                    notify(get_string("deletedactivity", "", fullname($user, true)) );
                } else {
                    notify(get_string("deletednot", "", fullname($user, true)));
                }
                //copy pasted part ends
            }     
            commit_sql();
        } 
        unset($remove_users); // free mem!   

        if (!count($userlist)) {
            // exit right here
            // nothing else to do
            return true;
        }

        ///
        /// update existing accounts
        ///
        if ($do_updates) {
            // narrow down what fields we need to update
            $all_keys = array_keys(get_object_vars($this->config));
            $updatekeys = array();
            foreach ($all_keys as $key) {
                if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
                    if ($this->config->{$key} === 'onlogin') {
                        array_push($updatekeys, $match[1]); // the actual key name
                    }
                }
            }
            // print_r($all_keys); print_r($updatekeys);
            unset($all_keys); unset($key);

            // only go ahead if we actually
            // have fields to update locally
            if (!empty($updatekeys)) {
                $sql = 'SELECT u.id, u.username 
                        FROM ' . $CFG->prefix .'user u 
                        WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username IN (' . $quoteduserlist . ')';
                $update_users = get_records_sql($sql);
            
                foreach ($update_users as $user) {
                    $this->db_update_user_record($user->username, $updatekeys);
                }
                unset($update_users); // free memory
            }
        }


        ///
        /// create missing accounts
        ///
        // NOTE: this is very memory intensive
        // and generally inefficient
        $sql = 'SELECT u.id, u.username 
                FROM ' . $CFG->prefix .'user u 
                WHERE u.auth=\'db\' AND u.deleted=\'0\'';

        $users = get_records_sql($sql);
        
        // simplify down to usernames
        $usernames = array();
        foreach ($users as $user) {
            array_push($usernames, $user->username);
        }
        unset($users);

        $add_users = array_diff($userlist, $usernames);
        unset($usernames);

        if (!empty($add_users)) {
            print_string('auth_dbuserstoadd','auth',count($add_users));
            echo "\n";
            begin_sql();
            foreach($add_users as $user) {
                $username = $user;
                $user = $this->get_userinfo_asobj($user);
                
                // prep a few params
                $user->username   = $username;
                $user->modified   = time();
                $user->confirmed  = 1;
                $user->auth       = 'db';
                $user->mnethostid = $CFG->mnet_localhost_id;
                
                // insert it
                $old_debug=$CFG->debug; 
                $CFG->debug=10;
                
                // maybe the user has been deleted before
                if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1, 'mnethostid', $user->mnethostid)) {
                    $user->id = $old_user->id;
                    set_field('user', 'deleted', 0, 'username', $user->username);
                    print_string('auth_dbrevive','auth',array($user->username, $user->id));
                    echo "\n";
                } elseif ($id=insert_record ('user',$user)) { // it is truly a new user
                    print_string('auth_dbinsertuser','auth',array($user->username, $id));
                    echo "\n";
                    $user->id = $id;
                    // if relevant, tag for password generation
                    if ($this->config->passtype === 'internal') {
                        set_user_preference('auth_forcepasswordchange', 1, $id);
                        set_user_preference('create_password',          1, $id);
                    }
                } else {
                    print_string('auth_dbinsertusererror', 'auth', $user->username);
                    echo "\n";
                }
                $CFG->debug=$old_debug;                        
            }
            commit_sql();
            unset($add_users); // free mem
        }
        return true;
    }

    function user_exists ($username) {

        // Connect to the external database (forcing new connection)
        $authdb = &ADONewConnection($this->config->type);
        $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true); 
        $authdb->SetFetchMode(ADODB_FETCH_ASSOC);

        $rs = $authdb->Execute("SELECT * FROM {$this->config->table} 
                                     WHERE {$this->config->fielduser} = '$username' ");
        $authdb->Close();

        if (!$rs) {
            print_error('auth_dbcantconnect','auth');
            return false;
        }
        
        if ( $rs->RecordCount() ) {
            // user exists exterally
            // check username/password internally
            // ?? there is no $password variable, so why??
            /*if ($user = get_record('user', 'username', $username)) {
                return ($user->password == md5($password));
            }*/
            return $rs->RecordCount();
        } else {
            // user does not exist externally
            return false;
        }  
    }


    function get_userlist() {

        // Connect to the external database (forcing new connection)
        $authdb = &ADONewConnection($this->config->type);
        $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true); 
        $authdb->SetFetchMode(ADODB_FETCH_ASSOC);

        // fetch userlist
        $rs = $authdb->Execute("SELECT {$this->config->fielduser} AS username
                                FROM   {$this->config->table} ");
        $authdb->Close();

        if (!$rs) {
            print_error('auth_dbcantconnect','auth');
            return false;
        }
        
        if ( $rs->RecordCount() ) {
            $userlist = array();
            while ($rec = rs_fetch_next_record($rs)) {
                array_push($userlist, $rec->username);
            }
            return $userlist;
        } else {
            return array();
        }        
    }

    /**
     * reads userinformation from DB and return it in an object
     *
     * @param string $username username
     * @return array
     */
    function get_userinfo_asobj($username) {
        $user_array = truncate_userinfo($this->get_userinfo($username));
        $user = new object;
        foreach($user_array as $key=>$value) {
            $user->{$key} = $value;
        }
        return $user;
    }

    /*
     * will update a local user record from an external source. 
     * is a lighter version of the one in moodlelib -- won't do 
     * expensive ops such as enrolment
     *
     * If you don't pass $updatekeys, there is a performance hit and 
     * values removed from DB won't be removed from moodle.
     */
     function db_update_user_record($username, $updatekeys=false) {
        global $CFG;

        $pcfg = get_config('auth/db');

        //just in case check text case
        $username = trim(moodle_strtolower($username));
        
        // get the current user record
        $user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
        if (empty($user)) { // trouble
            error_log("Cannot update non-existent user: $username");
            print_error('auth_dbusernotexist','auth',$username);
            die;
        }

        // Ensure userid is not overwritten
        $userid = $user->id;

        // TODO: this had a function_exists() - now we have a $this 
        if ($newinfo = $this->get_userinfo($username)) {
            $newinfo = truncate_userinfo($newinfo);
            
            if (empty($updatekeys)) { // all keys? this does not support removing values
                $updatekeys = array_keys($newinfo);
            }
            
            foreach ($updatekeys as $key) {
                unset($value);
                if (isset($newinfo[$key])) {
                    $value = $newinfo[$key];
                    $value = addslashes(stripslashes($value)); // Just in case
                } else {
                    $value = '';
                }
                if (!empty($this->config->{'field_updatelocal_' . $key})) { 
                        if ($user->{$key} != $value) { // only update if it's changed
                            set_field('user', $key, $value, 'id', $userid);
                        }
                }
            }
        }
        return get_record_select("user", "id = '$userid' AND deleted <> '1'");
    }

    // A chance to validate form data, and last chance to 
    // do stuff before it is inserted in config_plugin
    function validate_form(&$form, &$err) {
        if ($form->passtype === 'internal') {
            $this->config->changepasswordurl = '';
            set_config('changepasswordurl', '', 'auth/db');
        }
        return true;
    }

    /**
     * Returns true if this authentication plugin is 'internal'.
     *
     * @returns bool
     */
    function is_internal() {
        return false;
    }

    /**
     * Returns true if this authentication plugin can change the user's
     * password.
     *
     * @returns bool
     */
    function can_change_password() {
        return ($this->config->passtype === 'internal');
    }

    /**
     * Returns the URL for changing the user's pw, or false if the default can
     * be used.
     *
     * @returns bool
     */
    function change_password_url() {
        return $this->config->changepasswordurl;
    }

    /**
     * Prints a form for configuring this authentication plugin.
     *
     * This function is called from admin/auth.php, and outputs a full page with
     * a form for configuring this plugin.
     *
     * @param array $page An object containing all the data for this page.
     */
    function config_form($config, $err) {
        include "config.html";
    }

    /**
     * Processes and stores configuration data for this authentication plugin.
     */
    function process_config($config) {
        // set to defaults if undefined
        if (!isset($config->host)) {
            $config->host = "localhost";
        }
        if (!isset($config->type)) {
            $config->type = "mysql";
        }
        if (!isset($config->name)) {
            $config->name = "";
        }
        if (!isset($config->user)) {
            $config->user = "";
        }
        if (!isset($config->pass)) {
            $config->pass = "";
        }
        if (!isset($config->table)) {
            $config->table = "";
        }
        if (!isset($config->fielduser)) {
            $config->fielduser = "";
        }
        if (!isset($config->fieldpass)) {
            $config->fieldpass = "";
        }
        if (!isset($config->passtype)) {
            $config->passtype = "plaintext";
        }
        if (!isset($config->changepasswordurl)) {
            $config->changepasswordurl = '';
        }

        // save settings
        set_config('host',      $config->host,      'auth/db');
        set_config('type',      $config->type,      'auth/db');
        set_config('name',      $config->name,      'auth/db');
        set_config('user',      $config->user,      'auth/db');
        set_config('pass',      $config->pass,      'auth/db');
        set_config('table',     $config->table,     'auth/db');
        set_config('fielduser', $config->fielduser, 'auth/db');
        set_config('fieldpass', $config->fieldpass, 'auth/db');
        set_config('passtype',  $config->passtype,  'auth/db');
        set_config('changepasswordurl', $config->changepasswordurl, 'auth/db');
        
        return true;
    }

}

?>
Commit	Line	Data
b9ddb2d5	1	<?php
	2
	3	/**
	4	* @author Martin Dougiamas
	5	* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
	6	* @package moodle multiauth
	7	*
	8	* Authentication Plugin: External Database Authentication
	9	*
	10	* Checks against an external database.
	11	*
	12	* 2006-08-28 File created.
	13	*/
	14
	15	// This page cannot be called directly
	16	if (!isset($CFG)) exit;
	17
	18	/**
	19	* External database authentication plugin.
	20	*/
	21	class auth_plugin_db {
	22
	23	/**
	24	* The configuration details for the plugin.
	25	*/
	26	var $config;
	27
	28	/**
	29	* Constructor.
	30	*/
	31	function auth_plugin_db() {
	32	$this->config = get_config('auth/db');
	33	}
	34
	35	/**
	36	* Returns true if the username and password work and false if they are
	37	* wrong or don't exist.
	38	*
	39	* @param string $username The username
	40	* @param string $password The password
	41	* @returns bool Authentication success or failure.
	42	*/
	43	function user_login ($username, $password) {
	44
	45	global $CFG;
	46
93901eb4	47	// Connect to the external database (forcing new connection)
b9ddb2d5	48	$authdb = &ADONewConnection($this->config->type);
93901eb4	49	$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
b9ddb2d5	50	$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
	51
	52	if ($this->config->passtype === 'internal') {
	53	// lookup username externally, but resolve
	54	// password locally -- to support backend that
	55	// don't track passwords
	56	$rs = $authdb->Execute("SELECT * FROM {$this->config->table}
	57	WHERE {$this->config->fielduser} = '$username' ");
	58	$authdb->Close();
	59
	60	if (!$rs) {
a9ad3633	61	print_error('auth_dbcantconnect','auth');
b9ddb2d5	62	return false;
	63	}
	64
	65	if ( $rs->RecordCount() ) {
	66	// user exists exterally
	67	// check username/password internally
b7b50143	68	if ($user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id)) {
b9ddb2d5	69	return validate_internal_user_password($user, $password);
	70	}
	71	} else {
	72	// user does not exist externally
	73	return false;
	74	}
	75
	76	} else {
	77	// normal case: use external db for passwords
	78
	79	if ($this->config->passtype === 'md5') { // Re-format password accordingly
	80	$password = md5($password);
	81	}
	82
	83	$rs = $authdb->Execute("SELECT * FROM {$this->config->table}
	84	WHERE {$this->config->fielduser} = '$username'
	85	AND {$this->config->fieldpass} = '$password' ");
	86	$authdb->Close();
	87
b9ddb2d5	88	if (!$rs) {
a9ad3633	89	print_error('auth_dbcantconnect','auth');
b9ddb2d5	90	return false;
	91	}
	92
	93	if ( $rs->RecordCount() ) {
	94	return true;
	95	} else {
	96	return false;
	97	}
	98
	99	}
	100	}
	101
	102
	103	/**
	104	* Reads any other information for a user from external database,
	105	* then returns it in an array
	106	*/
	107	function get_userinfo($username) {
	108
	109	global $CFG;
	110
93901eb4	111	// Connect to the external database (forcing new connection)
	112	$authdb = &ADONewConnection($this->config->type);
	113	$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
b9ddb2d5	114	$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
	115
	116	$fields = array("firstname", "lastname", "email", "phone1", "phone2",
	117	"department", "address", "city", "country", "description",
	118	"idnumber", "lang");
	119
b9ddb2d5	120
0f02788f	121	//Array to map local fieldnames we want, to external fieldnames
0f02788f	122	$selectfields = array();
b9ddb2d5	123	foreach ($fields as $field) {
0f02788f	124	if (!empty($this->config->{'field_map_' . $field})) {
	125	$selectfields[$field] = $this->config->{'field_map_' . $field};
	126	}
	127	}
	128	$result = array();
	129	//If at least one field is mapped from external db, get that mapped data:
	130	if ($selectfields) {
	131	$select = '';
	132	foreach ($selectfields as $localname=>$externalname) {
	133	$select .= ", $externalname AS $localname";
	134	}
	135	$select = 'SELECT ' . substr($select,1);
	136	$sql = $select .
	137	" FROM {$this->config->table}" .
	138	" WHERE {$this->config->fielduser} = '$username'";
	139	if ($rs = $authdb->Execute($sql)) {
	140	if ( $rs->RecordCount() == 1 ) {
931b5085	141	$fields_obj = rs_fetch_record($rs);
0f02788f	142	foreach ($selectfields as $localname=>$externalname) {
0f02788f	143	if (empty($CFG->unicodedb)) {
931b5085	144	$fields_obj->{$localname} = utf8_decode($fields_obj->{$localname});
0f02788f	145	}
931b5085	146	$result[$localname] = addslashes(stripslashes($fields_obj->{$localname}));
0f02788f	147	}
0f02788f	148	}
931b5085	149	rs_close($rs);
b9ddb2d5	150	}
	151	}
	152	$authdb->Close();
	153
	154	return $result;
	155	}
	156
	157
fb5c7739	158	/**
	159	* Change a user's password
	160	*
	161	* @param object $user The user to update
	162	* @param string $newpassword The new password
	163	* @return bool True on success
	164	*/
da249a30	165	function user_update_password($user, $newpassword) {
b9ddb2d5	166
b7b50143	167	global $CFG;
b9ddb2d5	168	if ($this->config->passtype === 'internal') {
da249a30	169	return set_field('user', 'password', md5($newpassword), 'id', $user->id, 'mnethostid', $CFG->mnet_localhost_id);
b9ddb2d5	170	} else {
	171	// we should have never been called!
	172	return false;
	173	}
	174	}
	175
	176	/**
	177	* syncronizes user fron external db to moodle user table
	178	*
	179	* Sync shouid be done by using idnumber attribute, not username.
	180	* You need to pass firstsync parameter to function to fill in
	181	* idnumbers if they dont exists in moodle user table.
	182	*
	183	* Syncing users removes (disables) users that dont exists anymore in external db.
	184	* Creates new users and updates coursecreator status of users.
	185	*
	186	* @param bool $do_updates Optional: set to true to force an update of existing accounts
	187	*
	188	* This implementation is simpler but less scalable than the one found in the LDAP module.
	189	*
	190	*/
	191	function sync_users ($do_updates=0) {
	192
	193	global $CFG;
	194	$pcfg = get_config('auth/db');
	195
	196	///
	197	/// list external users
	198	///
	199	$userlist = $this->get_userlist();
	200	$quoteduserlist = implode("', '", $userlist);
	201	$quoteduserlist = "'$quoteduserlist'";
	202
	203	///
	204	/// delete obsolete internal users
	205	///
	206
	207	// find obsolete users
	208	if (count($userlist)) {
	209	$sql = 'SELECT u.id, u.username
	210	FROM ' . $CFG->prefix .'user u
	211	WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username NOT IN (' . $quoteduserlist . ')';
	212	} else {
	213	$sql = 'SELECT u.id, u.username
	214	FROM ' . $CFG->prefix .'user u
	215	WHERE u.auth=\'db\' AND u.deleted=\'0\' ';
	216	}
	217	$remove_users = get_records_sql($sql);
	218
	219	if (!empty($remove_users)) {
a9ad3633	220	print_string('auth_dbuserstoremove','auth', count($remove_users));
a9ad3633	221	echo "\n";
b9ddb2d5	222
	223	begin_sql();
	224	foreach ($remove_users as $user) {
	225	//following is copy pasted from admin/user.php
	226	//maybe this should moved to function in lib/datalib.php
b7b50143	227	$updateuser = new stdClass();
b9ddb2d5	228	$updateuser->id = $user->id;
	229	$updateuser->deleted = "1";
	230	$updateuser->timemodified = time();
	231	if (update_record("user", $updateuser)) {
	232	// unenrol_student($user->id); // From all courses
	233	// remove_teacher($user->id); // From all courses
	234	// remove_admin($user->id);
	235	delete_records('role_assignments', 'userid', $user->id); // unassign all roles
	236	notify(get_string("deletedactivity", "", fullname($user, true)) );
	237	} else {
	238	notify(get_string("deletednot", "", fullname($user, true)));
	239	}
	240	//copy pasted part ends
	241	}
	242	commit_sql();
	243	}
	244	unset($remove_users); // free mem!
	245
	246	if (!count($userlist)) {
	247	// exit right here
	248	// nothing else to do
	249	return true;
	250	}
	251
	252	///
	253	/// update existing accounts
	254	///
	255	if ($do_updates) {
	256	// narrow down what fields we need to update
	257	$all_keys = array_keys(get_object_vars($this->config));
	258	$updatekeys = array();
	259	foreach ($all_keys as $key) {
	260	if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
	261	if ($this->config->{$key} === 'onlogin') {
	262	array_push($updatekeys, $match[1]); // the actual key name
	263	}
	264	}
	265	}
	266	// print_r($all_keys); print_r($updatekeys);
	267	unset($all_keys); unset($key);
	268
	269	// only go ahead if we actually
	270	// have fields to update locally
	271	if (!empty($updatekeys)) {
	272	$sql = 'SELECT u.id, u.username
	273	FROM ' . $CFG->prefix .'user u
	274	WHERE u.auth=\'db\' AND u.deleted=\'0\' AND u.username IN (' . $quoteduserlist . ')';
	275	$update_users = get_records_sql($sql);
	276
	277	foreach ($update_users as $user) {
	278	$this->db_update_user_record($user->username, $updatekeys);
	279	}
	280	unset($update_users); // free memory
	281	}
	282	}
	283
	284
	285	///
	286	/// create missing accounts
	287	///
	288	// NOTE: this is very memory intensive
	289	// and generally inefficient
	290	$sql = 'SELECT u.id, u.username
	291	FROM ' . $CFG->prefix .'user u
292	WHERE u.auth=\'db\' AND u.deleted=\'0\'';
293
294	$users = get_records_sql($sql);
295
296	// simplify down to usernames
297	$usernames = array();
298	foreach ($users as $user) {
299	array_push($usernames, $user->username);
300	}
301	unset($users);
302
303	$add_users = array_diff($userlist, $usernames);
304	unset($usernames);
305
306	if (!empty($add_users)) {
a9ad3633	307	print_string('auth_dbuserstoadd','auth',count($add_users));
a9ad3633	308	echo "\n";
b9ddb2d5	309	begin_sql();
	310	foreach($add_users as $user) {
	311	$username = $user;
	312	$user = $this->get_userinfo_asobj($user);
	313
	314	// prep a few params
b7b50143	315	$user->username = $username;
	316	$user->modified = time();
	317	$user->confirmed = 1;
	318	$user->auth = 'db';
	319	$user->mnethostid = $CFG->mnet_localhost_id;
b9ddb2d5	320
	321	// insert it
	322	$old_debug=$CFG->debug;
	323	$CFG->debug=10;
	324
	325	// maybe the user has been deleted before
b7b50143	326	if ($old_user = get_record('user', 'username', $user->username, 'deleted', 1, 'mnethostid', $user->mnethostid)) {
b9ddb2d5	327	$user->id = $old_user->id;
b9ddb2d5	328	set_field('user', 'deleted', 0, 'username', $user->username);
a9ad3633	329	print_string('auth_dbrevive','auth',array($user->username, $user->id));
a9ad3633	330	echo "\n";
b9ddb2d5	331	} elseif ($id=insert_record ('user',$user)) { // it is truly a new user
a9ad3633	332	print_string('auth_dbinsertuser','auth',array($user->username, $id));
a9ad3633	333	echo "\n";
b9ddb2d5	334	$user->id = $id;
	335	// if relevant, tag for password generation
	336	if ($this->config->passtype === 'internal') {
	337	set_user_preference('auth_forcepasswordchange', 1, $id);
	338	set_user_preference('create_password', 1, $id);
	339	}
	340	} else {
a9ad3633	341	print_string('auth_dbinsertusererror', 'auth', $user->username);
a9ad3633	342	echo "\n";
b9ddb2d5	343	}
	344	$CFG->debug=$old_debug;
	345	}
	346	commit_sql();
	347	unset($add_users); // free mem
	348	}
	349	return true;
	350	}
	351
	352	function user_exists ($username) {
93901eb4	353
	354	// Connect to the external database (forcing new connection)
	355	$authdb = &ADONewConnection($this->config->type);
	356	$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
b9ddb2d5	357	$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
	358
	359	$rs = $authdb->Execute("SELECT * FROM {$this->config->table}
	360	WHERE {$this->config->fielduser} = '$username' ");
	361	$authdb->Close();
	362
	363	if (!$rs) {
a9ad3633	364	print_error('auth_dbcantconnect','auth');
b9ddb2d5	365	return false;
	366	}
	367
	368	if ( $rs->RecordCount() ) {
	369	// user exists exterally
	370	// check username/password internally
	371	// ?? there is no $password variable, so why??
	372	/*if ($user = get_record('user', 'username', $username)) {
	373	return ($user->password == md5($password));
	374	}*/
	375	return $rs->RecordCount();
	376	} else {
	377	// user does not exist externally
	378	return false;
	379	}
	380	}
	381
	382
	383	function get_userlist() {
93901eb4	384
	385	// Connect to the external database (forcing new connection)
	386	$authdb = &ADONewConnection($this->config->type);
	387	$authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
b9ddb2d5	388	$authdb->SetFetchMode(ADODB_FETCH_ASSOC);
	389
	390	// fetch userlist
	391	$rs = $authdb->Execute("SELECT {$this->config->fielduser} AS username
	392	FROM {$this->config->table} ");
	393	$authdb->Close();
	394
	395	if (!$rs) {
a9ad3633	396	print_error('auth_dbcantconnect','auth');
b9ddb2d5	397	return false;
	398	}
	399
	400	if ( $rs->RecordCount() ) {
	401	$userlist = array();
c024b94b	402	while ($rec = rs_fetch_next_record($rs)) {
c024b94b	403	array_push($userlist, $rec->username);
b9ddb2d5	404	}
	405	return $userlist;
	406	} else {
	407	return array();
	408	}
	409	}
	410
	411	/**
	412	* reads userinformation from DB and return it in an object
	413	*
	414	* @param string $username username
	415	* @return array
	416	*/
	417	function get_userinfo_asobj($username) {
	418	$user_array = truncate_userinfo($this->get_userinfo($username));
	419	$user = new object;
	420	foreach($user_array as $key=>$value) {
	421	$user->{$key} = $value;
	422	}
	423	return $user;
	424	}
	425
	426	/*
	427	* will update a local user record from an external source.
	428	* is a lighter version of the one in moodlelib -- won't do
	429	* expensive ops such as enrolment
	430	*
	431	* If you don't pass $updatekeys, there is a performance hit and
	432	* values removed from DB won't be removed from moodle.
	433	*/
	434	function db_update_user_record($username, $updatekeys=false) {
b7b50143	435	global $CFG;
b9ddb2d5	436
	437	$pcfg = get_config('auth/db');
	438
	439	//just in case check text case
	440	$username = trim(moodle_strtolower($username));
	441
	442	// get the current user record
b7b50143	443	$user = get_record('user', 'username', $username, 'mnethostid', $CFG->mnet_localhost_id);
b9ddb2d5	444	if (empty($user)) { // trouble
b9ddb2d5	445	error_log("Cannot update non-existent user: $username");
a9ad3633	446	print_error('auth_dbusernotexist','auth',$username);
b9ddb2d5	447	die;
	448	}
	449
b7b50143	450	// Ensure userid is not overwritten
	451	$userid = $user->id;
	452
b9ddb2d5	453	// TODO: this had a function_exists() - now we have a $this
	454	if ($newinfo = $this->get_userinfo($username)) {
	455	$newinfo = truncate_userinfo($newinfo);
	456
	457	if (empty($updatekeys)) { // all keys? this does not support removing values
	458	$updatekeys = array_keys($newinfo);
	459	}
	460
	461	foreach ($updatekeys as $key) {
	462	unset($value);
	463	if (isset($newinfo[$key])) {
	464	$value = $newinfo[$key];
	465	$value = addslashes(stripslashes($value)); // Just in case
	466	} else {
	467	$value = '';
	468	}
	469	if (!empty($this->config->{'field_updatelocal_' . $key})) {
	470	if ($user->{$key} != $value) { // only update if it's changed
b7b50143	471	set_field('user', $key, $value, 'id', $userid);
b9ddb2d5	472	}
	473	}
	474	}
	475	}
b7b50143	476	return get_record_select("user", "id = '$userid' AND deleted <> '1'");
b9ddb2d5	477	}
	478
	479	// A chance to validate form data, and last chance to
	480	// do stuff before it is inserted in config_plugin
	481	function validate_form(&$form, &$err) {
150b5fb0	482	if ($form->passtype === 'internal') {
b9ddb2d5	483	$this->config->changepasswordurl = '';
	484	set_config('changepasswordurl', '', 'auth/db');
	485	}
	486	return true;
	487	}
	488
	489	/**
	490	* Returns true if this authentication plugin is 'internal'.
	491	*
	492	* @returns bool
	493	*/
	494	function is_internal() {
	495	return false;
	496	}
	497
	498	/**
	499	* Returns true if this authentication plugin can change the user's
	500	* password.
	501	*
	502	* @returns bool
	503	*/
	504	function can_change_password() {
	505	return ($this->config->passtype === 'internal');
	506	}
	507
	508	/**
	509	* Returns the URL for changing the user's pw, or false if the default can
	510	* be used.
	511	*
	512	* @returns bool
	513	*/
	514	function change_password_url() {
	515	return $this->config->changepasswordurl;
	516	}
	517
	518	/**
	519	* Prints a form for configuring this authentication plugin.
	520	*
	521	* This function is called from admin/auth.php, and outputs a full page with
	522	* a form for configuring this plugin.
	523	*
	524	* @param array $page An object containing all the data for this page.
	525	*/
	526	function config_form($config, $err) {
	527	include "config.html";
	528	}
	529
	530	/**
	531	* Processes and stores configuration data for this authentication plugin.
	532	*/
	533	function process_config($config) {
	534	// set to defaults if undefined
	535	if (!isset($config->host)) {
	536	$config->host = "localhost";
	537	}
	538	if (!isset($config->type)) {
	539	$config->type = "mysql";
	540	}
	541	if (!isset($config->name)) {
	542	$config->name = "";
	543	}
	544	if (!isset($config->user)) {
	545	$config->user = "";
	546	}
547	if (!isset($config->pass)) {
548	$config->pass = "";
549	}
550	if (!isset($config->table)) {
551	$config->table = "";
552	}
553	if (!isset($config->fielduser)) {
554	$config->fielduser = "";
555	}
556	if (!isset($config->fieldpass)) {
557	$config->fieldpass = "";
558	}
559	if (!isset($config->passtype)) {
560	$config->passtype = "plaintext";
561	}
562	if (!isset($config->changepasswordurl)) {
563	$config->changepasswordurl = '';
564	}
565
566	// save settings
567	set_config('host', $config->host, 'auth/db');
568	set_config('type', $config->type, 'auth/db');
569	set_config('name', $config->name, 'auth/db');
570	set_config('user', $config->user, 'auth/db');
571	set_config('pass', $config->pass, 'auth/db');
572	set_config('table', $config->table, 'auth/db');
573	set_config('fielduser', $config->fielduser, 'auth/db');
574	set_config('fieldpass', $config->fieldpass, 'auth/db');
575	set_config('passtype', $config->passtype, 'auth/db');
576	set_config('changepasswordurl', $config->changepasswordurl, 'auth/db');
577
578	return true;
579	}
580
581	}
582
583	?>