MDL-52781 auth_db: deprecate clean_data method.
[moodle.git] / auth / db / auth.php
CommitLineData
b9ddb2d5 1<?php
e7aeaa65
PS
2// This file is part of Moodle - http://moodle.org/
3//
4// Moodle is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// Moodle is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
b9ddb2d5 17/**
b9ddb2d5 18 * Authentication Plugin: External Database Authentication
19 *
20 * Checks against an external database.
21 *
e7aeaa65 22 * @package auth_db
7415aed1
PS
23 * @author Martin Dougiamas
24 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
b9ddb2d5 25 */
26
7415aed1 27defined('MOODLE_INTERNAL') || die();
b9ddb2d5 28
6bc1e5d5 29require_once($CFG->libdir.'/authlib.php');
30
b9ddb2d5 31/**
32 * External database authentication plugin.
33 */
6bc1e5d5 34class auth_plugin_db extends auth_plugin_base {
b9ddb2d5 35
36 /**
37 * Constructor.
38 */
e7aeaa65
PS
39 function __construct() {
40 global $CFG;
41 require_once($CFG->libdir.'/adodb/adodb.inc.php');
42
6bc1e5d5 43 $this->authtype = 'db';
b9ddb2d5 44 $this->config = get_config('auth/db');
8ae42b8d 45 if (empty($this->config->extencoding)) {
46 $this->config->extencoding = 'utf-8';
47 }
b9ddb2d5 48 }
49
50 /**
51 * Returns true if the username and password work and false if they are
52 * wrong or don't exist.
53 *
576c063b 54 * @param string $username The username
55 * @param string $password The password
8ae42b8d 56 * @return bool Authentication success or failure.
b9ddb2d5 57 */
139ebfdb 58 function user_login($username, $password) {
576c063b 59 global $CFG, $DB;
b9ddb2d5 60
b6f28375
CF
61 if ($this->is_configured() === false) {
62 debugging(get_string('auth_notconfigured', 'auth', $this->authtype));
63 return false;
64 }
65
2f1e464a
PS
66 $extusername = core_text::convert($username, 'utf-8', $this->config->extencoding);
67 $extpassword = core_text::convert($password, 'utf-8', $this->config->extencoding);
8ae42b8d 68
7415aed1 69 if ($this->is_internal()) {
e7aeaa65 70 // Lookup username externally, but resolve
b9ddb2d5 71 // password locally -- to support backend that
e7aeaa65 72 // don't track passwords.
ba87b41b
PS
73
74 if (isset($this->config->removeuser) and $this->config->removeuser == AUTH_REMOVEUSER_KEEP) {
75 // No need to connect to external database in this case because users are never removed and we verify password locally.
76 if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype))) {
77 return validate_internal_user_password($user, $password);
78 } else {
79 return false;
80 }
81 }
82
83 $authdb = $this->db_init();
84
e7aeaa65
PS
85 $rs = $authdb->Execute("SELECT *
86 FROM {$this->config->table}
87 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'");
b9ddb2d5 88 if (!$rs) {
03cedd62 89 $authdb->Close();
03ea0b32 90 debugging(get_string('auth_dbcantconnect','auth_db'));
b9ddb2d5 91 return false;
92 }
8ae42b8d 93
7415aed1 94 if (!$rs->EOF) {
03cedd62 95 $rs->Close();
96 $authdb->Close();
e7aeaa65 97 // User exists externally - check username/password internally.
a0a5ca25 98 if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype))) {
b9ddb2d5 99 return validate_internal_user_password($user, $password);
100 }
101 } else {
03cedd62 102 $rs->Close();
103 $authdb->Close();
e7aeaa65 104 // User does not exist externally.
b9ddb2d5 105 return false;
8ae42b8d 106 }
b9ddb2d5 107
8ae42b8d 108 } else {
e7aeaa65 109 // Normal case: use external db for both usernames and passwords.
b9ddb2d5 110
ba87b41b
PS
111 $authdb = $this->db_init();
112
78a71368 113 $rs = $authdb->Execute("SELECT {$this->config->fieldpass}
c7c397ca 114 FROM {$this->config->table}
f97b63bf 115 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'");
b9ddb2d5 116 if (!$rs) {
03cedd62 117 $authdb->Close();
03ea0b32 118 debugging(get_string('auth_dbcantconnect','auth_db'));
b9ddb2d5 119 return false;
120 }
8ae42b8d 121
f97b63bf 122 if ($rs->EOF) {
03cedd62 123 $authdb->Close();
f97b63bf
RM
124 return false;
125 }
126
e3d9fc3f 127 $fields = array_change_key_case($rs->fields, CASE_LOWER);
78a71368 128 $fromdb = $fields[strtolower($this->config->fieldpass)];
f97b63bf
RM
129 $rs->Close();
130 $authdb->Close();
131
132 if ($this->config->passtype === 'plaintext') {
133 return ($fromdb == $extpassword);
134 } else if ($this->config->passtype === 'md5') {
c00cbdc7 135 return (strtolower($fromdb) == md5($extpassword));
f97b63bf 136 } else if ($this->config->passtype === 'sha1') {
c00cbdc7 137 return (strtolower($fromdb) == sha1($extpassword));
f97b63bf
RM
138 } else if ($this->config->passtype === 'saltedcrypt') {
139 require_once($CFG->libdir.'/password_compat/lib/password.php');
140 return password_verify($extpassword, $fromdb);
b9ddb2d5 141 } else {
142 return false;
8ae42b8d 143 }
144
b9ddb2d5 145 }
146 }
147
6cf20915
PS
148 /**
149 * Connect to external database.
150 *
151 * @return ADOConnection
b6f28375 152 * @throws moodle_exception
6cf20915 153 */
139ebfdb 154 function db_init() {
b6f28375
CF
155 if ($this->is_configured() === false) {
156 throw new moodle_exception('auth_dbcantconnect', 'auth_db');
157 }
158
e7aeaa65 159 // Connect to the external database (forcing new connection).
ab6e0848 160 $authdb = ADONewConnection($this->config->type);
8ae42b8d 161 if (!empty($this->config->debugauthdb)) {
162 $authdb->debug = true;
e7aeaa65 163 ob_start(); //Start output buffer to allow later use of the page headers.
8ae42b8d 164 }
165 $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true);
b9ddb2d5 166 $authdb->SetFetchMode(ADODB_FETCH_ASSOC);
8ae42b8d 167 if (!empty($this->config->setupsql)) {
168 $authdb->Execute($this->config->setupsql);
169 }
b9ddb2d5 170
139ebfdb 171 return $authdb;
172 }
7415aed1 173
139ebfdb 174 /**
e7aeaa65 175 * Returns user attribute mappings between moodle and ldap.
139ebfdb 176 *
177 * @return array
178 */
179 function db_attributes() {
139ebfdb 180 $moodleattributes = array();
4ad0d0f2
VD
181 // If we have custom fields then merge them with user fields.
182 $customfields = $this->get_custom_user_profile_fields();
183 if (!empty($customfields) && !empty($this->userfields)) {
184 $userfields = array_merge($this->userfields, $customfields);
185 } else {
186 $userfields = $this->userfields;
187 }
188
189 foreach ($userfields as $field) {
139ebfdb 190 if (!empty($this->config->{"field_map_$field"})) {
191 $moodleattributes[$field] = $this->config->{"field_map_$field"};
0f02788f 192 }
193 }
5261baf1 194 $moodleattributes['username'] = $this->config->fielduser;
139ebfdb 195 return $moodleattributes;
196 }
197
198 /**
199 * Reads any other information for a user from external database,
e7aeaa65 200 * then returns it in an array.
139ebfdb 201 *
be544ec3 202 * @param string $username
e7aeaa65 203 * @return array
139ebfdb 204 */
205 function get_userinfo($username) {
139ebfdb 206 global $CFG;
207
2f1e464a 208 $extusername = core_text::convert($username, 'utf-8', $this->config->extencoding);
139ebfdb 209
210 $authdb = $this->db_init();
211
e7aeaa65 212 // Array to map local fieldnames we want, to external fieldnames.
139ebfdb 213 $selectfields = $this->db_attributes();
214
0f02788f 215 $result = array();
e7aeaa65 216 // If at least one field is mapped from external db, get that mapped data.
0f02788f 217 if ($selectfields) {
e7aeaa65 218 $select = array();
0f02788f 219 foreach ($selectfields as $localname=>$externalname) {
78a71368 220 $select[] = "$externalname";
0f02788f 221 }
e7aeaa65
PS
222 $select = implode(', ', $select);
223 $sql = "SELECT $select
224 FROM {$this->config->table}
225 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'";
78a71368 226
0f02788f 227 if ($rs = $authdb->Execute($sql)) {
e7aeaa65 228 if (!$rs->EOF) {
78a71368
JO
229 $fields = $rs->FetchRow();
230 // Convert the associative array to an array of its values so we don't have to worry about the case of its keys.
231 $fields = array_values($fields);
232 foreach (array_keys($selectfields) as $index => $localname) {
233 $value = $fields[$index];
234 $result[$localname] = core_text::convert($value, $this->config->extencoding, 'utf-8');
0f02788f 235 }
236 }
245ac557 237 $rs->Close();
b9ddb2d5 238 }
239 }
240 $authdb->Close();
b9ddb2d5 241 return $result;
242 }
243
fb5c7739 244 /**
e7aeaa65 245 * Change a user's password.
fb5c7739 246 *
e7aeaa65 247 * @param stdClass $user User table object
ae040d4b 248 * @param string $newpassword Plaintext password
e7aeaa65 249 * @return bool True on success
fb5c7739 250 */
da249a30 251 function user_update_password($user, $newpassword) {
5c28e3a8
PS
252 global $DB;
253
7415aed1 254 if ($this->is_internal()) {
5c28e3a8 255 $puser = $DB->get_record('user', array('id'=>$user->id), '*', MUST_EXIST);
ec2d8ceb
SC
256 // This will also update the stored hash to the latest algorithm
257 // if the existing hash is using an out-of-date algorithm (or the
258 // legacy md5 algorithm).
5c28e3a8
PS
259 if (update_internal_user_password($puser, $newpassword)) {
260 $user->password = $puser->password;
261 return true;
262 } else {
263 return false;
264 }
b9ddb2d5 265 } else {
e7aeaa65 266 // We should have never been called!
b9ddb2d5 267 return false;
268 }
269 }
270
271 /**
e7aeaa65 272 * Synchronizes user from external db to moodle user table.
b9ddb2d5 273 *
ab6e0848 274 * Sync should be done by using idnumber attribute, not username.
b9ddb2d5 275 * You need to pass firstsync parameter to function to fill in
ab6e0848 276 * idnumbers if they don't exists in moodle user table.
8ae42b8d 277 *
ab6e0848 278 * Syncing users removes (disables) users that don't exists anymore in external db.
8ae42b8d 279 * Creates new users and updates coursecreator status of users.
280 *
b9ddb2d5 281 * This implementation is simpler but less scalable than the one found in the LDAP module.
282 *
e7aeaa65 283 * @param progress_trace $trace
7415aed1 284 * @param bool $do_updates Optional: set to true to force an update of existing accounts
ab6e0848 285 * @return int 0 means success, 1 means failure
b9ddb2d5 286 */
e7aeaa65 287 function sync_users(progress_trace $trace, $do_updates=false) {
70ca450a 288 global $CFG, $DB;
b9ddb2d5 289
e0e6d931
MN
290 require_once($CFG->dirroot . '/user/lib.php');
291
e7aeaa65 292 // List external users.
b9ddb2d5 293 $userlist = $this->get_userlist();
b9ddb2d5 294
e7aeaa65 295 // Delete obsolete internal users.
139ebfdb 296 if (!empty($this->config->removeuser)) {
b9ddb2d5 297
28fd4d6c
PS
298 $suspendselect = "";
299 if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
300 $suspendselect = "AND u.suspended = 0";
301 }
302
e7aeaa65 303 // Find obsolete users.
139ebfdb 304 if (count($userlist)) {
20d8d5c7
EL
305 list($notin_sql, $params) = $DB->get_in_or_equal($userlist, SQL_PARAMS_NAMED, 'u', false);
306 $params['authtype'] = $this->authtype;
f91f3f63 307 $sql = "SELECT u.*
bc31625a 308 FROM {user} u
28fd4d6c 309 WHERE u.auth=:authtype AND u.deleted=0 AND u.mnethostid=:mnethostid $suspendselect AND u.username $notin_sql";
139ebfdb 310 } else {
f91f3f63 311 $sql = "SELECT u.*
bc31625a 312 FROM {user} u
28fd4d6c 313 WHERE u.auth=:authtype AND u.deleted=0 AND u.mnethostid=:mnethostid $suspendselect";
bc31625a 314 $params = array();
20d8d5c7 315 $params['authtype'] = $this->authtype;
139ebfdb 316 }
28fd4d6c 317 $params['mnethostid'] = $CFG->mnet_localhost_id;
bc31625a 318 $remove_users = $DB->get_records_sql($sql, $params);
139ebfdb 319
320 if (!empty($remove_users)) {
e7aeaa65 321 $trace->output(get_string('auth_dbuserstoremove','auth_db', count($remove_users)));
139ebfdb 322
139ebfdb 323 foreach ($remove_users as $user) {
6f87ef52 324 if ($this->config->removeuser == AUTH_REMOVEUSER_FULLDELETE) {
ab6e0848 325 delete_user($user);
e7aeaa65 326 $trace->output(get_string('auth_dbdeleteuser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)), 1);
6f87ef52 327 } else if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
1dffbae2 328 $updateuser = new stdClass();
139ebfdb 329 $updateuser->id = $user->id;
28fd4d6c 330 $updateuser->suspended = 1;
bb78e249 331 user_update_user($updateuser, false);
e7aeaa65 332 $trace->output(get_string('auth_dbsuspenduser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)), 1);
139ebfdb 333 }
b9ddb2d5 334 }
8ae42b8d 335 }
e7aeaa65 336 unset($remove_users);
8ae42b8d 337 }
b9ddb2d5 338
339 if (!count($userlist)) {
e7aeaa65
PS
340 // Exit right here, nothing else to do.
341 $trace->finished();
ab6e0848 342 return 0;
b9ddb2d5 343 }
344
e7aeaa65 345 // Update existing accounts.
b9ddb2d5 346 if ($do_updates) {
e7aeaa65 347 // Narrow down what fields we need to update.
b9ddb2d5 348 $all_keys = array_keys(get_object_vars($this->config));
349 $updatekeys = array();
350 foreach ($all_keys as $key) {
351 if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
352 if ($this->config->{$key} === 'onlogin') {
e7aeaa65 353 array_push($updatekeys, $match[1]); // The actual key name.
b9ddb2d5 354 }
355 }
356 }
b9ddb2d5 357 unset($all_keys); unset($key);
358
e7aeaa65 359 // Only go ahead if we actually have fields to update locally.
b9ddb2d5 360 if (!empty($updatekeys)) {
20d8d5c7 361 list($in_sql, $params) = $DB->get_in_or_equal($userlist, SQL_PARAMS_NAMED, 'u', true);
bc31625a
PS
362 $params['authtype'] = $this->authtype;
363 $sql = "SELECT u.id, u.username
364 FROM {user} u
365 WHERE u.auth=:authtype AND u.deleted=0 AND u.username {$in_sql}";
366 if ($update_users = $DB->get_records_sql($sql, $params)) {
e7aeaa65 367 $trace->output("User entries to update: ".count($update_users));
8ae42b8d 368
369 foreach ($update_users as $user) {
ab6e0848 370 if ($this->update_user_record($user->username, $updatekeys)) {
e7aeaa65 371 $trace->output(get_string('auth_dbupdatinguser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)), 1);
ab6e0848 372 } else {
e7aeaa65 373 $trace->output(get_string('auth_dbupdatinguser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id))." - ".get_string('skipped'), 1);
139ebfdb 374 }
8ae42b8d 375 }
e7aeaa65 376 unset($update_users);
b9ddb2d5 377 }
b9ddb2d5 378 }
379 }
380
381
e7aeaa65
PS
382 // Create missing accounts.
383 // NOTE: this is very memory intensive and generally inefficient.
28fd4d6c
PS
384 $suspendselect = "";
385 if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
386 $suspendselect = "AND u.suspended = 0";
387 }
388 $sql = "SELECT u.id, u.username
389 FROM {user} u
390 WHERE u.auth=:authtype AND u.deleted='0' AND mnethostid=:mnethostid $suspendselect";
b9ddb2d5 391
28fd4d6c 392 $users = $DB->get_records_sql($sql, array('authtype'=>$this->authtype, 'mnethostid'=>$CFG->mnet_localhost_id));
8ae42b8d 393
e7aeaa65 394 // Simplify down to usernames.
b9ddb2d5 395 $usernames = array();
2b214bc1 396 if (!empty($users)) {
397 foreach ($users as $user) {
398 array_push($usernames, $user->username);
399 }
400 unset($users);
b9ddb2d5 401 }
b9ddb2d5 402
403 $add_users = array_diff($userlist, $usernames);
404 unset($usernames);
405
406 if (!empty($add_users)) {
e7aeaa65 407 $trace->output(get_string('auth_dbuserstoadd','auth_db',count($add_users)));
bee02209 408 // Do not use transactions around this foreach, we want to skip problematic users, not revert everything.
b9ddb2d5 409 foreach($add_users as $user) {
410 $username = $user;
28fd4d6c 411 if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) {
e0e6d931
MN
412 if ($olduser = $DB->get_record('user', array('username' => $username, 'deleted' => 0, 'suspended' => 1,
413 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) {
414 $updateuser = new stdClass();
415 $updateuser->id = $olduser->id;
416 $updateuser->suspended = 0;
417 user_update_user($updateuser);
418 $trace->output(get_string('auth_dbreviveduser', 'auth_db', array('name' => $username,
419 'id' => $olduser->id)), 1);
28fd4d6c
PS
420 continue;
421 }
422 }
f0364be6
PS
423
424 // Do not try to undelete users here, instead select suspending if you ever expect users will reappear.
8ae42b8d 425
e7aeaa65 426 // Prep a few params.
f0364be6 427 $user = $this->get_userinfo_asobj($user);
b7b50143 428 $user->username = $username;
b7b50143 429 $user->confirmed = 1;
5211c7ec 430 $user->auth = $this->authtype;
b7b50143 431 $user->mnethostid = $CFG->mnet_localhost_id;
8ae42b8d 432 if (empty($user->lang)) {
433 $user->lang = $CFG->lang;
434 }
bee02209 435 if ($collision = $DB->get_record_select('user', "username = :username AND mnethostid = :mnethostid AND auth <> :auth", array('username'=>$user->username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype), 'id,username,auth')) {
e7aeaa65 436 $trace->output(get_string('auth_dbinsertuserduplicate', 'auth_db', array('username'=>$user->username, 'auth'=>$collision->auth)), 1);
bee02209
PS
437 continue;
438 }
f0364be6 439 try {
e0e6d931 440 $id = user_create_user($user, false); // It is truly a new user.
e7aeaa65 441 $trace->output(get_string('auth_dbinsertuser', 'auth_db', array('name'=>$user->username, 'id'=>$id)), 1);
f0364be6 442 } catch (moodle_exception $e) {
e7aeaa65 443 $trace->output(get_string('auth_dbinsertusererror', 'auth_db', $user->username), 1);
bee02209 444 continue;
b9ddb2d5 445 }
e7aeaa65 446 // If relevant, tag for password generation.
f0364be6
PS
447 if ($this->is_internal()) {
448 set_user_preference('auth_forcepasswordchange', 1, $id);
449 set_user_preference('create_password', 1, $id);
450 }
bee02209
PS
451 // Make sure user context is present.
452 context_user::instance($id);
b9ddb2d5 453 }
e7aeaa65 454 unset($add_users);
b9ddb2d5 455 }
e7aeaa65 456 $trace->finished();
ab6e0848 457 return 0;
b9ddb2d5 458 }
459
139ebfdb 460 function user_exists($username) {
93901eb4 461
e7aeaa65 462 // Init result value.
a7e32367 463 $result = false;
464
2f1e464a 465 $extusername = core_text::convert($username, 'utf-8', $this->config->extencoding);
8ae42b8d 466
139ebfdb 467 $authdb = $this->db_init();
b9ddb2d5 468
e7aeaa65
PS
469 $rs = $authdb->Execute("SELECT *
470 FROM {$this->config->table}
471 WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' ");
b9ddb2d5 472
473 if (!$rs) {
2b06294b 474 print_error('auth_dbcantconnect','auth_db');
7415aed1 475 } else if (!$rs->EOF) {
e7aeaa65 476 // User exists externally.
03cedd62 477 $result = true;
8ae42b8d 478 }
a7e32367 479
480 $authdb->Close();
481 return $result;
b9ddb2d5 482 }
483
484
485 function get_userlist() {
93901eb4 486
e7aeaa65 487 // Init result value.
a7e32367 488 $result = array();
489
139ebfdb 490 $authdb = $this->db_init();
b9ddb2d5 491
e7aeaa65 492 // Fetch userlist.
78a71368 493 $rs = $authdb->Execute("SELECT {$this->config->fielduser}
e7aeaa65 494 FROM {$this->config->table} ");
b9ddb2d5 495
496 if (!$rs) {
2b06294b 497 print_error('auth_dbcantconnect','auth_db');
7415aed1 498 } else if (!$rs->EOF) {
245ac557 499 while ($rec = $rs->FetchRow()) {
78a71368
JO
500 $rec = array_change_key_case((array)$rec, CASE_LOWER);
501 array_push($result, $rec[strtolower($this->config->fielduser)]);
b9ddb2d5 502 }
8ae42b8d 503 }
a7e32367 504
505 $authdb->Close();
506 return $result;
b9ddb2d5 507 }
508
509 /**
e7aeaa65 510 * Reads user information from DB and return it in an object.
b9ddb2d5 511 *
e7aeaa65 512 * @param string $username username
b9ddb2d5 513 * @return array
514 */
515 function get_userinfo_asobj($username) {
516 $user_array = truncate_userinfo($this->get_userinfo($username));
1dffbae2 517 $user = new stdClass();
b9ddb2d5 518 foreach($user_array as $key=>$value) {
519 $user->{$key} = $value;
520 }
521 return $user;
522 }
523
8ae42b8d 524 /**
525 * will update a local user record from an external source.
526 * is a lighter version of the one in moodlelib -- won't do
e7aeaa65 527 * expensive ops such as enrolment.
b9ddb2d5 528 *
8ae42b8d 529 * If you don't pass $updatekeys, there is a performance hit and
b9ddb2d5 530 * values removed from DB won't be removed from moodle.
8ae42b8d 531 *
185721a4 532 * @param string $username username
ab6e0848
PS
533 * @param bool $updatekeys
534 * @return stdClass
b9ddb2d5 535 */
139ebfdb 536 function update_user_record($username, $updatekeys=false) {
185721a4 537 global $CFG, $DB;
b9ddb2d5 538
b9ddb2d5 539 //just in case check text case
2f1e464a 540 $username = trim(core_text::strtolower($username));
8ae42b8d 541
b9ddb2d5 542 // get the current user record
185721a4 543 $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id));
b9ddb2d5 544 if (empty($user)) { // trouble
545 error_log("Cannot update non-existent user: $username");
2b06294b 546 print_error('auth_dbusernotexist','auth_db',$username);
b9ddb2d5 547 die;
548 }
549
e7aeaa65 550 // Ensure userid is not overwritten.
b7b50143 551 $userid = $user->id;
e0e6d931 552 $needsupdate = false;
b7b50143 553
e0e6d931
MN
554 $updateuser = new stdClass();
555 $updateuser->id = $userid;
b9ddb2d5 556 if ($newinfo = $this->get_userinfo($username)) {
557 $newinfo = truncate_userinfo($newinfo);
8ae42b8d 558
e7aeaa65 559 if (empty($updatekeys)) { // All keys? This does not support removing values.
b9ddb2d5 560 $updatekeys = array_keys($newinfo);
561 }
8ae42b8d 562
b9ddb2d5 563 foreach ($updatekeys as $key) {
b9ddb2d5 564 if (isset($newinfo[$key])) {
565 $value = $newinfo[$key];
b9ddb2d5 566 } else {
567 $value = '';
568 }
8ae42b8d 569
570 if (!empty($this->config->{'field_updatelocal_' . $key})) {
e7aeaa65 571 if (isset($user->{$key}) and $user->{$key} != $value) { // Only update if it's changed.
e0e6d931
MN
572 $needsupdate = true;
573 $updateuser->$key = $value;
139ebfdb 574 }
b9ddb2d5 575 }
576 }
577 }
e0e6d931
MN
578 if ($needsupdate) {
579 require_once($CFG->dirroot . '/user/lib.php');
580 user_update_user($updateuser);
a4d25731 581 }
185721a4 582 return $DB->get_record('user', array('id'=>$userid, 'deleted'=>0));
139ebfdb 583 }
584
585 /**
586 * Called when the user record is updated.
587 * Modifies user in external database. It takes olduser (before changes) and newuser (after changes)
ab6e0848 588 * compares information saved modified information to external db.
139ebfdb 589 *
e7aeaa65
PS
590 * @param stdClass $olduser Userobject before modifications
591 * @param stdClass $newuser Userobject new modified userobject
139ebfdb 592 * @return boolean result
593 *
594 */
595 function user_update($olduser, $newuser) {
596 if (isset($olduser->username) and isset($newuser->username) and $olduser->username != $newuser->username) {
597 error_log("ERROR:User renaming not allowed in ext db");
598 return false;
599 }
600
5211c7ec 601 if (isset($olduser->auth) and $olduser->auth != $this->authtype) {
e7aeaa65 602 return true; // Just change auth and skip update.
139ebfdb 603 }
604
605 $curruser = $this->get_userinfo($olduser->username);
606 if (empty($curruser)) {
607 error_log("ERROR:User $olduser->username found in ext db");
608 return false;
609 }
610
2f1e464a 611 $extusername = core_text::convert($olduser->username, 'utf-8', $this->config->extencoding);
139ebfdb 612
613 $authdb = $this->db_init();
614
615 $update = array();
616 foreach($curruser as $key=>$value) {
617 if ($key == 'username') {
e7aeaa65 618 continue; // Skip this.
139ebfdb 619 }
620 if (empty($this->config->{"field_updateremote_$key"})) {
e7aeaa65 621 continue; // Remote update not requested.
139ebfdb 622 }
623 if (!isset($newuser->$key)) {
624 continue;
625 }
70ca450a 626 $nuvalue = $newuser->$key;
a6fe447a
ZD
627 // Support for textarea fields.
628 if (isset($nuvalue['text'])) {
629 $nuvalue = $nuvalue['text'];
630 }
139ebfdb 631 if ($nuvalue != $value) {
2f1e464a 632 $update[] = $this->config->{"field_map_$key"}."='".$this->ext_addslashes(core_text::convert($nuvalue, 'utf-8', $this->config->extencoding))."'";
139ebfdb 633 }
634 }
635 if (!empty($update)) {
636 $authdb->Execute("UPDATE {$this->config->table}
7415aed1
PS
637 SET ".implode(',', $update)."
638 WHERE {$this->config->fielduser}='".$this->ext_addslashes($extusername)."'");
139ebfdb 639 }
640 $authdb->Close();
641 return true;
b9ddb2d5 642 }
643
8ae42b8d 644 /**
645 * A chance to validate form data, and last chance to
646 * do stuff before it is inserted in config_plugin
ab6e0848 647 *
e7aeaa65
PS
648 * @param stfdClass $form
649 * @param array $err errors
ab6e0848 650 * @return void
8ae42b8d 651 */
ab6e0848 652 function validate_form($form, &$err) {
150b5fb0 653 if ($form->passtype === 'internal') {
b9ddb2d5 654 $this->config->changepasswordurl = '';
655 set_config('changepasswordurl', '', 'auth/db');
656 }
b9ddb2d5 657 }
658
edb5da83 659 function prevent_local_passwords() {
7415aed1 660 return !$this->is_internal();
edb5da83
PS
661 }
662
b9ddb2d5 663 /**
7415aed1
PS
664 * Returns true if this authentication plugin is "internal".
665 *
666 * Internal plugins use password hashes from Moodle user table for authentication.
b9ddb2d5 667 *
139ebfdb 668 * @return bool
b9ddb2d5 669 */
670 function is_internal() {
e79781f7
PS
671 if (!isset($this->config->passtype)) {
672 return true;
673 }
7415aed1
PS
674 return ($this->config->passtype === 'internal');
675 }
676
b6f28375
CF
677 /**
678 * Returns false if this plugin is enabled but not configured.
679 *
680 * @return bool
681 */
682 public function is_configured() {
683 if (!empty($this->config->type)) {
684 return true;
685 }
686 return false;
687 }
688
7415aed1
PS
689 /**
690 * Indicates if moodle should automatically update internal user
691 * records with data from external sources using the information
692 * from auth_plugin_base::get_userinfo().
693 *
694 * @return bool true means automatically copy data from ext to user table
695 */
696 function is_synchronised_with_external() {
697 return true;
b9ddb2d5 698 }
699
700 /**
701 * Returns true if this authentication plugin can change the user's
702 * password.
703 *
139ebfdb 704 * @return bool
b9ddb2d5 705 */
706 function can_change_password() {
7415aed1 707 return ($this->is_internal() or !empty($this->config->changepasswordurl));
b9ddb2d5 708 }
709
710 /**
430759a5 711 * Returns the URL for changing the user's pw, or empty if the default can
b9ddb2d5 712 * be used.
713 *
99f9f85f 714 * @return moodle_url
b9ddb2d5 715 */
716 function change_password_url() {
963cdce4 717 if ($this->is_internal() || empty($this->config->changepasswordurl)) {
e7aeaa65 718 // Standard form.
99f9f85f 719 return null;
430759a5 720 } else {
e7aeaa65 721 // Use admin defined custom url.
99f9f85f 722 return new moodle_url($this->config->changepasswordurl);
430759a5 723 }
b9ddb2d5 724 }
725
ab6ff8a4 726 /**
727 * Returns true if plugin allows resetting of internal password.
728 *
729 * @return bool
730 */
731 function can_reset_password() {
7415aed1 732 return $this->is_internal();
ab6ff8a4 733 }
734
b9ddb2d5 735 /**
736 * Prints a form for configuring this authentication plugin.
737 *
738 * This function is called from admin/auth.php, and outputs a full page with
739 * a form for configuring this plugin.
740 *
ab6e0848
PS
741 * @param stdClass $config
742 * @param array $err errors
743 * @param array $user_fields
744 * @return void
b9ddb2d5 745 */
139ebfdb 746 function config_form($config, $err, $user_fields) {
8ae42b8d 747 include 'config.html';
b9ddb2d5 748 }
749
750 /**
751 * Processes and stores configuration data for this authentication plugin.
e7aeaa65 752 *
ab6e0848
PS
753 * @param srdClass $config
754 * @return bool always true or exception
b9ddb2d5 755 */
756 function process_config($config) {
757 // set to defaults if undefined
758 if (!isset($config->host)) {
8ae42b8d 759 $config->host = 'localhost';
b9ddb2d5 760 }
761 if (!isset($config->type)) {
8ae42b8d 762 $config->type = 'mysql';
763 }
764 if (!isset($config->sybasequoting)) {
765 $config->sybasequoting = 0;
b9ddb2d5 766 }
767 if (!isset($config->name)) {
8ae42b8d 768 $config->name = '';
b9ddb2d5 769 }
770 if (!isset($config->user)) {
8ae42b8d 771 $config->user = '';
b9ddb2d5 772 }
773 if (!isset($config->pass)) {
8ae42b8d 774 $config->pass = '';
b9ddb2d5 775 }
776 if (!isset($config->table)) {
8ae42b8d 777 $config->table = '';
b9ddb2d5 778 }
779 if (!isset($config->fielduser)) {
8ae42b8d 780 $config->fielduser = '';
b9ddb2d5 781 }
782 if (!isset($config->fieldpass)) {
8ae42b8d 783 $config->fieldpass = '';
b9ddb2d5 784 }
785 if (!isset($config->passtype)) {
8ae42b8d 786 $config->passtype = 'plaintext';
787 }
788 if (!isset($config->extencoding)) {
789 $config->extencoding = 'utf-8';
790 }
791 if (!isset($config->setupsql)) {
792 $config->setupsql = '';
793 }
794 if (!isset($config->debugauthdb)) {
795 $config->debugauthdb = 0;
b9ddb2d5 796 }
139ebfdb 797 if (!isset($config->removeuser)) {
6f87ef52 798 $config->removeuser = AUTH_REMOVEUSER_KEEP;
139ebfdb 799 }
b9ddb2d5 800 if (!isset($config->changepasswordurl)) {
801 $config->changepasswordurl = '';
802 }
803
e7aeaa65 804 // Save settings.
8ae42b8d 805 set_config('host', $config->host, 'auth/db');
806 set_config('type', $config->type, 'auth/db');
807 set_config('sybasequoting', $config->sybasequoting, 'auth/db');
808 set_config('name', $config->name, 'auth/db');
809 set_config('user', $config->user, 'auth/db');
810 set_config('pass', $config->pass, 'auth/db');
811 set_config('table', $config->table, 'auth/db');
812 set_config('fielduser', $config->fielduser, 'auth/db');
813 set_config('fieldpass', $config->fieldpass, 'auth/db');
814 set_config('passtype', $config->passtype, 'auth/db');
815 set_config('extencoding', trim($config->extencoding), 'auth/db');
139ebfdb 816 set_config('setupsql', trim($config->setupsql),'auth/db');
8ae42b8d 817 set_config('debugauthdb', $config->debugauthdb, 'auth/db');
139ebfdb 818 set_config('removeuser', $config->removeuser, 'auth/db');
8ae42b8d 819 set_config('changepasswordurl', trim($config->changepasswordurl), 'auth/db');
820
b9ddb2d5 821 return true;
822 }
823
e7aeaa65
PS
824 /**
825 * Add slashes, we can not use placeholders or system functions.
826 *
827 * @param string $text
828 * @return string
829 */
8ae42b8d 830 function ext_addslashes($text) {
8ae42b8d 831 if (empty($this->config->sybasequoting)) {
832 $text = str_replace('\\', '\\\\', $text);
833 $text = str_replace(array('\'', '"', "\0"), array('\\\'', '\\"', '\\0'), $text);
834 } else {
835 $text = str_replace("'", "''", $text);
836 }
837 return $text;
838 }
6cf20915
PS
839
840 /**
841 * Test if settings are ok, print info to output.
842 * @private
843 */
844 public function test_settings() {
845 global $CFG, $OUTPUT;
846
847 // NOTE: this is not localised intentionally, admins are supposed to understand English at least a bit...
848
849 raise_memory_limit(MEMORY_HUGE);
850
851 if (empty($this->config->table)) {
852 echo $OUTPUT->notification('External table not specified.', 'notifyproblem');
853 return;
854 }
855
856 if (empty($this->config->fielduser)) {
857 echo $OUTPUT->notification('External user field not specified.', 'notifyproblem');
858 return;
859 }
860
861 $olddebug = $CFG->debug;
862 $olddisplay = ini_get('display_errors');
863 ini_set('display_errors', '1');
864 $CFG->debug = DEBUG_DEVELOPER;
865 $olddebugauthdb = $this->config->debugauthdb;
866 $this->config->debugauthdb = 1;
867 error_reporting($CFG->debug);
868
869 $adodb = $this->db_init();
870
871 if (!$adodb or !$adodb->IsConnected()) {
872 $this->config->debugauthdb = $olddebugauthdb;
873 $CFG->debug = $olddebug;
874 ini_set('display_errors', $olddisplay);
875 error_reporting($CFG->debug);
876 ob_end_flush();
877
878 echo $OUTPUT->notification('Cannot connect the database.', 'notifyproblem');
879 return;
880 }
881
882 $rs = $adodb->Execute("SELECT *
883 FROM {$this->config->table}
884 WHERE {$this->config->fielduser} <> 'random_unlikely_username'"); // Any unlikely name is ok here.
885
886 if (!$rs) {
887 echo $OUTPUT->notification('Can not read external table.', 'notifyproblem');
888
889 } else if ($rs->EOF) {
890 echo $OUTPUT->notification('External table is empty.', 'notifyproblem');
891 $rs->close();
892
893 } else {
894 $fields_obj = $rs->FetchObj();
895 $columns = array_keys((array)$fields_obj);
896
897 echo $OUTPUT->notification('External table contains following columns:<br />'.implode(', ', $columns), 'notifysuccess');
898 $rs->close();
899 }
900
901 $adodb->Close();
902
903 $this->config->debugauthdb = $olddebugauthdb;
904 $CFG->debug = $olddebug;
905 ini_set('display_errors', $olddisplay);
906 error_reporting($CFG->debug);
907 ob_end_flush();
908 }
ce597604
SL
909
910 /**
911 * Clean the user data that comes from an external database.
5e60be8a 912 * @deprecated since 3.1, please use core_user::clean_data() instead.
ce597604
SL
913 * @param array $user the user data to be validated against properties definition.
914 * @return stdClass $user the cleaned user data.
915 */
916 public function clean_data($user) {
5e60be8a
SL
917 debugging('The method clean_data() has been deprecated, please use core_user::clean_data() instead.',
918 DEBUG_DEVELOPER);
919 return core_user::clean_data($user);
ce597604 920 }
b9ddb2d5 921}
922
5117d598 923