Commit | Line | Data |
---|---|---|
b9ddb2d5 | 1 | <?php |
e7aeaa65 PS |
2 | // This file is part of Moodle - http://moodle.org/ |
3 | // | |
4 | // Moodle is free software: you can redistribute it and/or modify | |
5 | // it under the terms of the GNU General Public License as published by | |
6 | // the Free Software Foundation, either version 3 of the License, or | |
7 | // (at your option) any later version. | |
8 | // | |
9 | // Moodle is distributed in the hope that it will be useful, | |
10 | // but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | // GNU General Public License for more details. | |
13 | // | |
14 | // You should have received a copy of the GNU General Public License | |
15 | // along with Moodle. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
b9ddb2d5 | 17 | /** |
b9ddb2d5 | 18 | * Authentication Plugin: External Database Authentication |
19 | * | |
20 | * Checks against an external database. | |
21 | * | |
e7aeaa65 | 22 | * @package auth_db |
7415aed1 PS |
23 | * @author Martin Dougiamas |
24 | * @license http://www.gnu.org/copyleft/gpl.html GNU Public License | |
b9ddb2d5 | 25 | */ |
26 | ||
7415aed1 | 27 | defined('MOODLE_INTERNAL') || die(); |
b9ddb2d5 | 28 | |
6bc1e5d5 | 29 | require_once($CFG->libdir.'/authlib.php'); |
30 | ||
b9ddb2d5 | 31 | /** |
32 | * External database authentication plugin. | |
33 | */ | |
6bc1e5d5 | 34 | class auth_plugin_db extends auth_plugin_base { |
b9ddb2d5 | 35 | |
36 | /** | |
37 | * Constructor. | |
38 | */ | |
e7aeaa65 PS |
39 | function __construct() { |
40 | global $CFG; | |
41 | require_once($CFG->libdir.'/adodb/adodb.inc.php'); | |
42 | ||
6bc1e5d5 | 43 | $this->authtype = 'db'; |
b9ddb2d5 | 44 | $this->config = get_config('auth/db'); |
8ae42b8d | 45 | if (empty($this->config->extencoding)) { |
46 | $this->config->extencoding = 'utf-8'; | |
47 | } | |
b9ddb2d5 | 48 | } |
49 | ||
50 | /** | |
51 | * Returns true if the username and password work and false if they are | |
52 | * wrong or don't exist. | |
53 | * | |
576c063b | 54 | * @param string $username The username |
55 | * @param string $password The password | |
8ae42b8d | 56 | * @return bool Authentication success or failure. |
b9ddb2d5 | 57 | */ |
139ebfdb | 58 | function user_login($username, $password) { |
576c063b | 59 | global $CFG, $DB; |
b9ddb2d5 | 60 | |
b6f28375 CF |
61 | if ($this->is_configured() === false) { |
62 | debugging(get_string('auth_notconfigured', 'auth', $this->authtype)); | |
63 | return false; | |
64 | } | |
65 | ||
2f1e464a PS |
66 | $extusername = core_text::convert($username, 'utf-8', $this->config->extencoding); |
67 | $extpassword = core_text::convert($password, 'utf-8', $this->config->extencoding); | |
8ae42b8d | 68 | |
7415aed1 | 69 | if ($this->is_internal()) { |
e7aeaa65 | 70 | // Lookup username externally, but resolve |
b9ddb2d5 | 71 | // password locally -- to support backend that |
e7aeaa65 | 72 | // don't track passwords. |
ba87b41b PS |
73 | |
74 | if (isset($this->config->removeuser) and $this->config->removeuser == AUTH_REMOVEUSER_KEEP) { | |
75 | // No need to connect to external database in this case because users are never removed and we verify password locally. | |
76 | if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype))) { | |
77 | return validate_internal_user_password($user, $password); | |
78 | } else { | |
79 | return false; | |
80 | } | |
81 | } | |
82 | ||
83 | $authdb = $this->db_init(); | |
84 | ||
e7aeaa65 PS |
85 | $rs = $authdb->Execute("SELECT * |
86 | FROM {$this->config->table} | |
87 | WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'"); | |
b9ddb2d5 | 88 | if (!$rs) { |
03cedd62 | 89 | $authdb->Close(); |
03ea0b32 | 90 | debugging(get_string('auth_dbcantconnect','auth_db')); |
b9ddb2d5 | 91 | return false; |
92 | } | |
8ae42b8d | 93 | |
7415aed1 | 94 | if (!$rs->EOF) { |
03cedd62 | 95 | $rs->Close(); |
96 | $authdb->Close(); | |
e7aeaa65 | 97 | // User exists externally - check username/password internally. |
a0a5ca25 | 98 | if ($user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype))) { |
b9ddb2d5 | 99 | return validate_internal_user_password($user, $password); |
100 | } | |
101 | } else { | |
03cedd62 | 102 | $rs->Close(); |
103 | $authdb->Close(); | |
e7aeaa65 | 104 | // User does not exist externally. |
b9ddb2d5 | 105 | return false; |
8ae42b8d | 106 | } |
b9ddb2d5 | 107 | |
8ae42b8d | 108 | } else { |
e7aeaa65 | 109 | // Normal case: use external db for both usernames and passwords. |
b9ddb2d5 | 110 | |
ba87b41b PS |
111 | $authdb = $this->db_init(); |
112 | ||
78a71368 | 113 | $rs = $authdb->Execute("SELECT {$this->config->fieldpass} |
c7c397ca | 114 | FROM {$this->config->table} |
f97b63bf | 115 | WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'"); |
b9ddb2d5 | 116 | if (!$rs) { |
03cedd62 | 117 | $authdb->Close(); |
03ea0b32 | 118 | debugging(get_string('auth_dbcantconnect','auth_db')); |
b9ddb2d5 | 119 | return false; |
120 | } | |
8ae42b8d | 121 | |
f97b63bf | 122 | if ($rs->EOF) { |
03cedd62 | 123 | $authdb->Close(); |
f97b63bf RM |
124 | return false; |
125 | } | |
126 | ||
e3d9fc3f | 127 | $fields = array_change_key_case($rs->fields, CASE_LOWER); |
78a71368 | 128 | $fromdb = $fields[strtolower($this->config->fieldpass)]; |
f97b63bf RM |
129 | $rs->Close(); |
130 | $authdb->Close(); | |
131 | ||
132 | if ($this->config->passtype === 'plaintext') { | |
133 | return ($fromdb == $extpassword); | |
134 | } else if ($this->config->passtype === 'md5') { | |
c00cbdc7 | 135 | return (strtolower($fromdb) == md5($extpassword)); |
f97b63bf | 136 | } else if ($this->config->passtype === 'sha1') { |
c00cbdc7 | 137 | return (strtolower($fromdb) == sha1($extpassword)); |
f97b63bf RM |
138 | } else if ($this->config->passtype === 'saltedcrypt') { |
139 | require_once($CFG->libdir.'/password_compat/lib/password.php'); | |
140 | return password_verify($extpassword, $fromdb); | |
b9ddb2d5 | 141 | } else { |
142 | return false; | |
8ae42b8d | 143 | } |
144 | ||
b9ddb2d5 | 145 | } |
146 | } | |
147 | ||
6cf20915 PS |
148 | /** |
149 | * Connect to external database. | |
150 | * | |
151 | * @return ADOConnection | |
b6f28375 | 152 | * @throws moodle_exception |
6cf20915 | 153 | */ |
139ebfdb | 154 | function db_init() { |
b6f28375 CF |
155 | if ($this->is_configured() === false) { |
156 | throw new moodle_exception('auth_dbcantconnect', 'auth_db'); | |
157 | } | |
158 | ||
e7aeaa65 | 159 | // Connect to the external database (forcing new connection). |
ab6e0848 | 160 | $authdb = ADONewConnection($this->config->type); |
8ae42b8d | 161 | if (!empty($this->config->debugauthdb)) { |
162 | $authdb->debug = true; | |
e7aeaa65 | 163 | ob_start(); //Start output buffer to allow later use of the page headers. |
8ae42b8d | 164 | } |
165 | $authdb->Connect($this->config->host, $this->config->user, $this->config->pass, $this->config->name, true); | |
b9ddb2d5 | 166 | $authdb->SetFetchMode(ADODB_FETCH_ASSOC); |
8ae42b8d | 167 | if (!empty($this->config->setupsql)) { |
168 | $authdb->Execute($this->config->setupsql); | |
169 | } | |
b9ddb2d5 | 170 | |
139ebfdb | 171 | return $authdb; |
172 | } | |
7415aed1 | 173 | |
139ebfdb | 174 | /** |
e7aeaa65 | 175 | * Returns user attribute mappings between moodle and ldap. |
139ebfdb | 176 | * |
177 | * @return array | |
178 | */ | |
179 | function db_attributes() { | |
139ebfdb | 180 | $moodleattributes = array(); |
4ad0d0f2 VD |
181 | // If we have custom fields then merge them with user fields. |
182 | $customfields = $this->get_custom_user_profile_fields(); | |
183 | if (!empty($customfields) && !empty($this->userfields)) { | |
184 | $userfields = array_merge($this->userfields, $customfields); | |
185 | } else { | |
186 | $userfields = $this->userfields; | |
187 | } | |
188 | ||
189 | foreach ($userfields as $field) { | |
139ebfdb | 190 | if (!empty($this->config->{"field_map_$field"})) { |
191 | $moodleattributes[$field] = $this->config->{"field_map_$field"}; | |
0f02788f | 192 | } |
193 | } | |
5261baf1 | 194 | $moodleattributes['username'] = $this->config->fielduser; |
139ebfdb | 195 | return $moodleattributes; |
196 | } | |
197 | ||
198 | /** | |
199 | * Reads any other information for a user from external database, | |
e7aeaa65 | 200 | * then returns it in an array. |
139ebfdb | 201 | * |
be544ec3 | 202 | * @param string $username |
e7aeaa65 | 203 | * @return array |
139ebfdb | 204 | */ |
205 | function get_userinfo($username) { | |
139ebfdb | 206 | global $CFG; |
207 | ||
2f1e464a | 208 | $extusername = core_text::convert($username, 'utf-8', $this->config->extencoding); |
139ebfdb | 209 | |
210 | $authdb = $this->db_init(); | |
211 | ||
e7aeaa65 | 212 | // Array to map local fieldnames we want, to external fieldnames. |
139ebfdb | 213 | $selectfields = $this->db_attributes(); |
214 | ||
0f02788f | 215 | $result = array(); |
e7aeaa65 | 216 | // If at least one field is mapped from external db, get that mapped data. |
0f02788f | 217 | if ($selectfields) { |
e7aeaa65 | 218 | $select = array(); |
0f02788f | 219 | foreach ($selectfields as $localname=>$externalname) { |
78a71368 | 220 | $select[] = "$externalname"; |
0f02788f | 221 | } |
e7aeaa65 PS |
222 | $select = implode(', ', $select); |
223 | $sql = "SELECT $select | |
224 | FROM {$this->config->table} | |
225 | WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."'"; | |
78a71368 | 226 | |
0f02788f | 227 | if ($rs = $authdb->Execute($sql)) { |
e7aeaa65 | 228 | if (!$rs->EOF) { |
78a71368 JO |
229 | $fields = $rs->FetchRow(); |
230 | // Convert the associative array to an array of its values so we don't have to worry about the case of its keys. | |
231 | $fields = array_values($fields); | |
232 | foreach (array_keys($selectfields) as $index => $localname) { | |
233 | $value = $fields[$index]; | |
234 | $result[$localname] = core_text::convert($value, $this->config->extencoding, 'utf-8'); | |
0f02788f | 235 | } |
236 | } | |
245ac557 | 237 | $rs->Close(); |
b9ddb2d5 | 238 | } |
239 | } | |
240 | $authdb->Close(); | |
b9ddb2d5 | 241 | return $result; |
242 | } | |
243 | ||
fb5c7739 | 244 | /** |
e7aeaa65 | 245 | * Change a user's password. |
fb5c7739 | 246 | * |
e7aeaa65 | 247 | * @param stdClass $user User table object |
ae040d4b | 248 | * @param string $newpassword Plaintext password |
e7aeaa65 | 249 | * @return bool True on success |
fb5c7739 | 250 | */ |
da249a30 | 251 | function user_update_password($user, $newpassword) { |
5c28e3a8 PS |
252 | global $DB; |
253 | ||
7415aed1 | 254 | if ($this->is_internal()) { |
5c28e3a8 | 255 | $puser = $DB->get_record('user', array('id'=>$user->id), '*', MUST_EXIST); |
ec2d8ceb SC |
256 | // This will also update the stored hash to the latest algorithm |
257 | // if the existing hash is using an out-of-date algorithm (or the | |
258 | // legacy md5 algorithm). | |
5c28e3a8 PS |
259 | if (update_internal_user_password($puser, $newpassword)) { |
260 | $user->password = $puser->password; | |
261 | return true; | |
262 | } else { | |
263 | return false; | |
264 | } | |
b9ddb2d5 | 265 | } else { |
e7aeaa65 | 266 | // We should have never been called! |
b9ddb2d5 | 267 | return false; |
268 | } | |
269 | } | |
270 | ||
271 | /** | |
e7aeaa65 | 272 | * Synchronizes user from external db to moodle user table. |
b9ddb2d5 | 273 | * |
ab6e0848 | 274 | * Sync should be done by using idnumber attribute, not username. |
b9ddb2d5 | 275 | * You need to pass firstsync parameter to function to fill in |
ab6e0848 | 276 | * idnumbers if they don't exists in moodle user table. |
8ae42b8d | 277 | * |
ab6e0848 | 278 | * Syncing users removes (disables) users that don't exists anymore in external db. |
8ae42b8d | 279 | * Creates new users and updates coursecreator status of users. |
280 | * | |
b9ddb2d5 | 281 | * This implementation is simpler but less scalable than the one found in the LDAP module. |
282 | * | |
e7aeaa65 | 283 | * @param progress_trace $trace |
7415aed1 | 284 | * @param bool $do_updates Optional: set to true to force an update of existing accounts |
ab6e0848 | 285 | * @return int 0 means success, 1 means failure |
b9ddb2d5 | 286 | */ |
e7aeaa65 | 287 | function sync_users(progress_trace $trace, $do_updates=false) { |
70ca450a | 288 | global $CFG, $DB; |
b9ddb2d5 | 289 | |
e0e6d931 MN |
290 | require_once($CFG->dirroot . '/user/lib.php'); |
291 | ||
e7aeaa65 | 292 | // List external users. |
b9ddb2d5 | 293 | $userlist = $this->get_userlist(); |
b9ddb2d5 | 294 | |
e7aeaa65 | 295 | // Delete obsolete internal users. |
139ebfdb | 296 | if (!empty($this->config->removeuser)) { |
b9ddb2d5 | 297 | |
28fd4d6c PS |
298 | $suspendselect = ""; |
299 | if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) { | |
300 | $suspendselect = "AND u.suspended = 0"; | |
301 | } | |
302 | ||
e7aeaa65 | 303 | // Find obsolete users. |
139ebfdb | 304 | if (count($userlist)) { |
20d8d5c7 EL |
305 | list($notin_sql, $params) = $DB->get_in_or_equal($userlist, SQL_PARAMS_NAMED, 'u', false); |
306 | $params['authtype'] = $this->authtype; | |
f91f3f63 | 307 | $sql = "SELECT u.* |
bc31625a | 308 | FROM {user} u |
28fd4d6c | 309 | WHERE u.auth=:authtype AND u.deleted=0 AND u.mnethostid=:mnethostid $suspendselect AND u.username $notin_sql"; |
139ebfdb | 310 | } else { |
f91f3f63 | 311 | $sql = "SELECT u.* |
bc31625a | 312 | FROM {user} u |
28fd4d6c | 313 | WHERE u.auth=:authtype AND u.deleted=0 AND u.mnethostid=:mnethostid $suspendselect"; |
bc31625a | 314 | $params = array(); |
20d8d5c7 | 315 | $params['authtype'] = $this->authtype; |
139ebfdb | 316 | } |
28fd4d6c | 317 | $params['mnethostid'] = $CFG->mnet_localhost_id; |
bc31625a | 318 | $remove_users = $DB->get_records_sql($sql, $params); |
139ebfdb | 319 | |
320 | if (!empty($remove_users)) { | |
e7aeaa65 | 321 | $trace->output(get_string('auth_dbuserstoremove','auth_db', count($remove_users))); |
139ebfdb | 322 | |
139ebfdb | 323 | foreach ($remove_users as $user) { |
6f87ef52 | 324 | if ($this->config->removeuser == AUTH_REMOVEUSER_FULLDELETE) { |
ab6e0848 | 325 | delete_user($user); |
e7aeaa65 | 326 | $trace->output(get_string('auth_dbdeleteuser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)), 1); |
6f87ef52 | 327 | } else if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) { |
1dffbae2 | 328 | $updateuser = new stdClass(); |
139ebfdb | 329 | $updateuser->id = $user->id; |
28fd4d6c | 330 | $updateuser->suspended = 1; |
bb78e249 | 331 | user_update_user($updateuser, false); |
e7aeaa65 | 332 | $trace->output(get_string('auth_dbsuspenduser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)), 1); |
139ebfdb | 333 | } |
b9ddb2d5 | 334 | } |
8ae42b8d | 335 | } |
e7aeaa65 | 336 | unset($remove_users); |
8ae42b8d | 337 | } |
b9ddb2d5 | 338 | |
339 | if (!count($userlist)) { | |
e7aeaa65 PS |
340 | // Exit right here, nothing else to do. |
341 | $trace->finished(); | |
ab6e0848 | 342 | return 0; |
b9ddb2d5 | 343 | } |
344 | ||
e7aeaa65 | 345 | // Update existing accounts. |
b9ddb2d5 | 346 | if ($do_updates) { |
e7aeaa65 | 347 | // Narrow down what fields we need to update. |
b9ddb2d5 | 348 | $all_keys = array_keys(get_object_vars($this->config)); |
349 | $updatekeys = array(); | |
350 | foreach ($all_keys as $key) { | |
351 | if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) { | |
352 | if ($this->config->{$key} === 'onlogin') { | |
e7aeaa65 | 353 | array_push($updatekeys, $match[1]); // The actual key name. |
b9ddb2d5 | 354 | } |
355 | } | |
356 | } | |
b9ddb2d5 | 357 | unset($all_keys); unset($key); |
358 | ||
e7aeaa65 | 359 | // Only go ahead if we actually have fields to update locally. |
b9ddb2d5 | 360 | if (!empty($updatekeys)) { |
20d8d5c7 | 361 | list($in_sql, $params) = $DB->get_in_or_equal($userlist, SQL_PARAMS_NAMED, 'u', true); |
bc31625a PS |
362 | $params['authtype'] = $this->authtype; |
363 | $sql = "SELECT u.id, u.username | |
364 | FROM {user} u | |
365 | WHERE u.auth=:authtype AND u.deleted=0 AND u.username {$in_sql}"; | |
366 | if ($update_users = $DB->get_records_sql($sql, $params)) { | |
e7aeaa65 | 367 | $trace->output("User entries to update: ".count($update_users)); |
8ae42b8d | 368 | |
369 | foreach ($update_users as $user) { | |
ab6e0848 | 370 | if ($this->update_user_record($user->username, $updatekeys)) { |
e7aeaa65 | 371 | $trace->output(get_string('auth_dbupdatinguser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id)), 1); |
ab6e0848 | 372 | } else { |
e7aeaa65 | 373 | $trace->output(get_string('auth_dbupdatinguser', 'auth_db', array('name'=>$user->username, 'id'=>$user->id))." - ".get_string('skipped'), 1); |
139ebfdb | 374 | } |
8ae42b8d | 375 | } |
e7aeaa65 | 376 | unset($update_users); |
b9ddb2d5 | 377 | } |
b9ddb2d5 | 378 | } |
379 | } | |
380 | ||
381 | ||
e7aeaa65 PS |
382 | // Create missing accounts. |
383 | // NOTE: this is very memory intensive and generally inefficient. | |
28fd4d6c PS |
384 | $suspendselect = ""; |
385 | if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) { | |
386 | $suspendselect = "AND u.suspended = 0"; | |
387 | } | |
388 | $sql = "SELECT u.id, u.username | |
389 | FROM {user} u | |
390 | WHERE u.auth=:authtype AND u.deleted='0' AND mnethostid=:mnethostid $suspendselect"; | |
b9ddb2d5 | 391 | |
28fd4d6c | 392 | $users = $DB->get_records_sql($sql, array('authtype'=>$this->authtype, 'mnethostid'=>$CFG->mnet_localhost_id)); |
8ae42b8d | 393 | |
e7aeaa65 | 394 | // Simplify down to usernames. |
b9ddb2d5 | 395 | $usernames = array(); |
2b214bc1 | 396 | if (!empty($users)) { |
397 | foreach ($users as $user) { | |
398 | array_push($usernames, $user->username); | |
399 | } | |
400 | unset($users); | |
b9ddb2d5 | 401 | } |
b9ddb2d5 | 402 | |
403 | $add_users = array_diff($userlist, $usernames); | |
404 | unset($usernames); | |
405 | ||
406 | if (!empty($add_users)) { | |
e7aeaa65 | 407 | $trace->output(get_string('auth_dbuserstoadd','auth_db',count($add_users))); |
bee02209 | 408 | // Do not use transactions around this foreach, we want to skip problematic users, not revert everything. |
b9ddb2d5 | 409 | foreach($add_users as $user) { |
410 | $username = $user; | |
28fd4d6c | 411 | if ($this->config->removeuser == AUTH_REMOVEUSER_SUSPEND) { |
e0e6d931 MN |
412 | if ($olduser = $DB->get_record('user', array('username' => $username, 'deleted' => 0, 'suspended' => 1, |
413 | 'mnethostid' => $CFG->mnet_localhost_id, 'auth' => $this->authtype))) { | |
414 | $updateuser = new stdClass(); | |
415 | $updateuser->id = $olduser->id; | |
416 | $updateuser->suspended = 0; | |
417 | user_update_user($updateuser); | |
418 | $trace->output(get_string('auth_dbreviveduser', 'auth_db', array('name' => $username, | |
419 | 'id' => $olduser->id)), 1); | |
28fd4d6c PS |
420 | continue; |
421 | } | |
422 | } | |
f0364be6 PS |
423 | |
424 | // Do not try to undelete users here, instead select suspending if you ever expect users will reappear. | |
8ae42b8d | 425 | |
e7aeaa65 | 426 | // Prep a few params. |
f0364be6 | 427 | $user = $this->get_userinfo_asobj($user); |
b7b50143 | 428 | $user->username = $username; |
b7b50143 | 429 | $user->confirmed = 1; |
5211c7ec | 430 | $user->auth = $this->authtype; |
b7b50143 | 431 | $user->mnethostid = $CFG->mnet_localhost_id; |
8ae42b8d | 432 | if (empty($user->lang)) { |
433 | $user->lang = $CFG->lang; | |
434 | } | |
bee02209 | 435 | if ($collision = $DB->get_record_select('user', "username = :username AND mnethostid = :mnethostid AND auth <> :auth", array('username'=>$user->username, 'mnethostid'=>$CFG->mnet_localhost_id, 'auth'=>$this->authtype), 'id,username,auth')) { |
e7aeaa65 | 436 | $trace->output(get_string('auth_dbinsertuserduplicate', 'auth_db', array('username'=>$user->username, 'auth'=>$collision->auth)), 1); |
bee02209 PS |
437 | continue; |
438 | } | |
f0364be6 | 439 | try { |
e0e6d931 | 440 | $id = user_create_user($user, false); // It is truly a new user. |
e7aeaa65 | 441 | $trace->output(get_string('auth_dbinsertuser', 'auth_db', array('name'=>$user->username, 'id'=>$id)), 1); |
f0364be6 | 442 | } catch (moodle_exception $e) { |
e7aeaa65 | 443 | $trace->output(get_string('auth_dbinsertusererror', 'auth_db', $user->username), 1); |
bee02209 | 444 | continue; |
b9ddb2d5 | 445 | } |
e7aeaa65 | 446 | // If relevant, tag for password generation. |
f0364be6 PS |
447 | if ($this->is_internal()) { |
448 | set_user_preference('auth_forcepasswordchange', 1, $id); | |
449 | set_user_preference('create_password', 1, $id); | |
450 | } | |
bee02209 PS |
451 | // Make sure user context is present. |
452 | context_user::instance($id); | |
b9ddb2d5 | 453 | } |
e7aeaa65 | 454 | unset($add_users); |
b9ddb2d5 | 455 | } |
e7aeaa65 | 456 | $trace->finished(); |
ab6e0848 | 457 | return 0; |
b9ddb2d5 | 458 | } |
459 | ||
139ebfdb | 460 | function user_exists($username) { |
93901eb4 | 461 | |
e7aeaa65 | 462 | // Init result value. |
a7e32367 | 463 | $result = false; |
464 | ||
2f1e464a | 465 | $extusername = core_text::convert($username, 'utf-8', $this->config->extencoding); |
8ae42b8d | 466 | |
139ebfdb | 467 | $authdb = $this->db_init(); |
b9ddb2d5 | 468 | |
e7aeaa65 PS |
469 | $rs = $authdb->Execute("SELECT * |
470 | FROM {$this->config->table} | |
471 | WHERE {$this->config->fielduser} = '".$this->ext_addslashes($extusername)."' "); | |
b9ddb2d5 | 472 | |
473 | if (!$rs) { | |
2b06294b | 474 | print_error('auth_dbcantconnect','auth_db'); |
7415aed1 | 475 | } else if (!$rs->EOF) { |
e7aeaa65 | 476 | // User exists externally. |
03cedd62 | 477 | $result = true; |
8ae42b8d | 478 | } |
a7e32367 | 479 | |
480 | $authdb->Close(); | |
481 | return $result; | |
b9ddb2d5 | 482 | } |
483 | ||
484 | ||
485 | function get_userlist() { | |
93901eb4 | 486 | |
e7aeaa65 | 487 | // Init result value. |
a7e32367 | 488 | $result = array(); |
489 | ||
139ebfdb | 490 | $authdb = $this->db_init(); |
b9ddb2d5 | 491 | |
e7aeaa65 | 492 | // Fetch userlist. |
78a71368 | 493 | $rs = $authdb->Execute("SELECT {$this->config->fielduser} |
e7aeaa65 | 494 | FROM {$this->config->table} "); |
b9ddb2d5 | 495 | |
496 | if (!$rs) { | |
2b06294b | 497 | print_error('auth_dbcantconnect','auth_db'); |
7415aed1 | 498 | } else if (!$rs->EOF) { |
245ac557 | 499 | while ($rec = $rs->FetchRow()) { |
78a71368 JO |
500 | $rec = array_change_key_case((array)$rec, CASE_LOWER); |
501 | array_push($result, $rec[strtolower($this->config->fielduser)]); | |
b9ddb2d5 | 502 | } |
8ae42b8d | 503 | } |
a7e32367 | 504 | |
505 | $authdb->Close(); | |
506 | return $result; | |
b9ddb2d5 | 507 | } |
508 | ||
509 | /** | |
e7aeaa65 | 510 | * Reads user information from DB and return it in an object. |
b9ddb2d5 | 511 | * |
e7aeaa65 | 512 | * @param string $username username |
b9ddb2d5 | 513 | * @return array |
514 | */ | |
515 | function get_userinfo_asobj($username) { | |
516 | $user_array = truncate_userinfo($this->get_userinfo($username)); | |
1dffbae2 | 517 | $user = new stdClass(); |
b9ddb2d5 | 518 | foreach($user_array as $key=>$value) { |
519 | $user->{$key} = $value; | |
520 | } | |
521 | return $user; | |
522 | } | |
523 | ||
8ae42b8d | 524 | /** |
525 | * will update a local user record from an external source. | |
526 | * is a lighter version of the one in moodlelib -- won't do | |
e7aeaa65 | 527 | * expensive ops such as enrolment. |
b9ddb2d5 | 528 | * |
8ae42b8d | 529 | * If you don't pass $updatekeys, there is a performance hit and |
b9ddb2d5 | 530 | * values removed from DB won't be removed from moodle. |
8ae42b8d | 531 | * |
185721a4 | 532 | * @param string $username username |
ab6e0848 PS |
533 | * @param bool $updatekeys |
534 | * @return stdClass | |
b9ddb2d5 | 535 | */ |
139ebfdb | 536 | function update_user_record($username, $updatekeys=false) { |
185721a4 | 537 | global $CFG, $DB; |
b9ddb2d5 | 538 | |
b9ddb2d5 | 539 | //just in case check text case |
2f1e464a | 540 | $username = trim(core_text::strtolower($username)); |
8ae42b8d | 541 | |
b9ddb2d5 | 542 | // get the current user record |
185721a4 | 543 | $user = $DB->get_record('user', array('username'=>$username, 'mnethostid'=>$CFG->mnet_localhost_id)); |
b9ddb2d5 | 544 | if (empty($user)) { // trouble |
545 | error_log("Cannot update non-existent user: $username"); | |
2b06294b | 546 | print_error('auth_dbusernotexist','auth_db',$username); |
b9ddb2d5 | 547 | die; |
548 | } | |
549 | ||
e7aeaa65 | 550 | // Ensure userid is not overwritten. |
b7b50143 | 551 | $userid = $user->id; |
e0e6d931 | 552 | $needsupdate = false; |
b7b50143 | 553 | |
e0e6d931 MN |
554 | $updateuser = new stdClass(); |
555 | $updateuser->id = $userid; | |
b9ddb2d5 | 556 | if ($newinfo = $this->get_userinfo($username)) { |
557 | $newinfo = truncate_userinfo($newinfo); | |
8ae42b8d | 558 | |
e7aeaa65 | 559 | if (empty($updatekeys)) { // All keys? This does not support removing values. |
b9ddb2d5 | 560 | $updatekeys = array_keys($newinfo); |
561 | } | |
8ae42b8d | 562 | |
b9ddb2d5 | 563 | foreach ($updatekeys as $key) { |
b9ddb2d5 | 564 | if (isset($newinfo[$key])) { |
565 | $value = $newinfo[$key]; | |
b9ddb2d5 | 566 | } else { |
567 | $value = ''; | |
568 | } | |
8ae42b8d | 569 | |
570 | if (!empty($this->config->{'field_updatelocal_' . $key})) { | |
e7aeaa65 | 571 | if (isset($user->{$key}) and $user->{$key} != $value) { // Only update if it's changed. |
e0e6d931 MN |
572 | $needsupdate = true; |
573 | $updateuser->$key = $value; | |
139ebfdb | 574 | } |
b9ddb2d5 | 575 | } |
576 | } | |
577 | } | |
e0e6d931 MN |
578 | if ($needsupdate) { |
579 | require_once($CFG->dirroot . '/user/lib.php'); | |
580 | user_update_user($updateuser); | |
a4d25731 | 581 | } |
185721a4 | 582 | return $DB->get_record('user', array('id'=>$userid, 'deleted'=>0)); |
139ebfdb | 583 | } |
584 | ||
585 | /** | |
586 | * Called when the user record is updated. | |
587 | * Modifies user in external database. It takes olduser (before changes) and newuser (after changes) | |
ab6e0848 | 588 | * compares information saved modified information to external db. |
139ebfdb | 589 | * |
e7aeaa65 PS |
590 | * @param stdClass $olduser Userobject before modifications |
591 | * @param stdClass $newuser Userobject new modified userobject | |
139ebfdb | 592 | * @return boolean result |
593 | * | |
594 | */ | |
595 | function user_update($olduser, $newuser) { | |
596 | if (isset($olduser->username) and isset($newuser->username) and $olduser->username != $newuser->username) { | |
597 | error_log("ERROR:User renaming not allowed in ext db"); | |
598 | return false; | |
599 | } | |
600 | ||
5211c7ec | 601 | if (isset($olduser->auth) and $olduser->auth != $this->authtype) { |
e7aeaa65 | 602 | return true; // Just change auth and skip update. |
139ebfdb | 603 | } |
604 | ||
605 | $curruser = $this->get_userinfo($olduser->username); | |
606 | if (empty($curruser)) { | |
607 | error_log("ERROR:User $olduser->username found in ext db"); | |
608 | return false; | |
609 | } | |
610 | ||
2f1e464a | 611 | $extusername = core_text::convert($olduser->username, 'utf-8', $this->config->extencoding); |
139ebfdb | 612 | |
613 | $authdb = $this->db_init(); | |
614 | ||
615 | $update = array(); | |
616 | foreach($curruser as $key=>$value) { | |
617 | if ($key == 'username') { | |
e7aeaa65 | 618 | continue; // Skip this. |
139ebfdb | 619 | } |
620 | if (empty($this->config->{"field_updateremote_$key"})) { | |
e7aeaa65 | 621 | continue; // Remote update not requested. |
139ebfdb | 622 | } |
623 | if (!isset($newuser->$key)) { | |
624 | continue; | |
625 | } | |
70ca450a | 626 | $nuvalue = $newuser->$key; |
a6fe447a ZD |
627 | // Support for textarea fields. |
628 | if (isset($nuvalue['text'])) { | |
629 | $nuvalue = $nuvalue['text']; | |
630 | } | |
139ebfdb | 631 | if ($nuvalue != $value) { |
2f1e464a | 632 | $update[] = $this->config->{"field_map_$key"}."='".$this->ext_addslashes(core_text::convert($nuvalue, 'utf-8', $this->config->extencoding))."'"; |
139ebfdb | 633 | } |
634 | } | |
635 | if (!empty($update)) { | |
636 | $authdb->Execute("UPDATE {$this->config->table} | |
7415aed1 PS |
637 | SET ".implode(',', $update)." |
638 | WHERE {$this->config->fielduser}='".$this->ext_addslashes($extusername)."'"); | |
139ebfdb | 639 | } |
640 | $authdb->Close(); | |
641 | return true; | |
b9ddb2d5 | 642 | } |
643 | ||
8ae42b8d | 644 | /** |
645 | * A chance to validate form data, and last chance to | |
646 | * do stuff before it is inserted in config_plugin | |
ab6e0848 | 647 | * |
e7aeaa65 PS |
648 | * @param stfdClass $form |
649 | * @param array $err errors | |
ab6e0848 | 650 | * @return void |
8ae42b8d | 651 | */ |
ab6e0848 | 652 | function validate_form($form, &$err) { |
150b5fb0 | 653 | if ($form->passtype === 'internal') { |
b9ddb2d5 | 654 | $this->config->changepasswordurl = ''; |
655 | set_config('changepasswordurl', '', 'auth/db'); | |
656 | } | |
b9ddb2d5 | 657 | } |
658 | ||
edb5da83 | 659 | function prevent_local_passwords() { |
7415aed1 | 660 | return !$this->is_internal(); |
edb5da83 PS |
661 | } |
662 | ||
b9ddb2d5 | 663 | /** |
7415aed1 PS |
664 | * Returns true if this authentication plugin is "internal". |
665 | * | |
666 | * Internal plugins use password hashes from Moodle user table for authentication. | |
b9ddb2d5 | 667 | * |
139ebfdb | 668 | * @return bool |
b9ddb2d5 | 669 | */ |
670 | function is_internal() { | |
e79781f7 PS |
671 | if (!isset($this->config->passtype)) { |
672 | return true; | |
673 | } | |
7415aed1 PS |
674 | return ($this->config->passtype === 'internal'); |
675 | } | |
676 | ||
b6f28375 CF |
677 | /** |
678 | * Returns false if this plugin is enabled but not configured. | |
679 | * | |
680 | * @return bool | |
681 | */ | |
682 | public function is_configured() { | |
683 | if (!empty($this->config->type)) { | |
684 | return true; | |
685 | } | |
686 | return false; | |
687 | } | |
688 | ||
7415aed1 PS |
689 | /** |
690 | * Indicates if moodle should automatically update internal user | |
691 | * records with data from external sources using the information | |
692 | * from auth_plugin_base::get_userinfo(). | |
693 | * | |
694 | * @return bool true means automatically copy data from ext to user table | |
695 | */ | |
696 | function is_synchronised_with_external() { | |
697 | return true; | |
b9ddb2d5 | 698 | } |
699 | ||
700 | /** | |
701 | * Returns true if this authentication plugin can change the user's | |
702 | * password. | |
703 | * | |
139ebfdb | 704 | * @return bool |
b9ddb2d5 | 705 | */ |
706 | function can_change_password() { | |
7415aed1 | 707 | return ($this->is_internal() or !empty($this->config->changepasswordurl)); |
b9ddb2d5 | 708 | } |
709 | ||
710 | /** | |
430759a5 | 711 | * Returns the URL for changing the user's pw, or empty if the default can |
b9ddb2d5 | 712 | * be used. |
713 | * | |
99f9f85f | 714 | * @return moodle_url |
b9ddb2d5 | 715 | */ |
716 | function change_password_url() { | |
963cdce4 | 717 | if ($this->is_internal() || empty($this->config->changepasswordurl)) { |
e7aeaa65 | 718 | // Standard form. |
99f9f85f | 719 | return null; |
430759a5 | 720 | } else { |
e7aeaa65 | 721 | // Use admin defined custom url. |
99f9f85f | 722 | return new moodle_url($this->config->changepasswordurl); |
430759a5 | 723 | } |
b9ddb2d5 | 724 | } |
725 | ||
ab6ff8a4 | 726 | /** |
727 | * Returns true if plugin allows resetting of internal password. | |
728 | * | |
729 | * @return bool | |
730 | */ | |
731 | function can_reset_password() { | |
7415aed1 | 732 | return $this->is_internal(); |
ab6ff8a4 | 733 | } |
734 | ||
b9ddb2d5 | 735 | /** |
736 | * Prints a form for configuring this authentication plugin. | |
737 | * | |
738 | * This function is called from admin/auth.php, and outputs a full page with | |
739 | * a form for configuring this plugin. | |
740 | * | |
ab6e0848 PS |
741 | * @param stdClass $config |
742 | * @param array $err errors | |
743 | * @param array $user_fields | |
744 | * @return void | |
b9ddb2d5 | 745 | */ |
139ebfdb | 746 | function config_form($config, $err, $user_fields) { |
8ae42b8d | 747 | include 'config.html'; |
b9ddb2d5 | 748 | } |
749 | ||
750 | /** | |
751 | * Processes and stores configuration data for this authentication plugin. | |
e7aeaa65 | 752 | * |
ab6e0848 PS |
753 | * @param srdClass $config |
754 | * @return bool always true or exception | |
b9ddb2d5 | 755 | */ |
756 | function process_config($config) { | |
757 | // set to defaults if undefined | |
758 | if (!isset($config->host)) { | |
8ae42b8d | 759 | $config->host = 'localhost'; |
b9ddb2d5 | 760 | } |
761 | if (!isset($config->type)) { | |
8ae42b8d | 762 | $config->type = 'mysql'; |
763 | } | |
764 | if (!isset($config->sybasequoting)) { | |
765 | $config->sybasequoting = 0; | |
b9ddb2d5 | 766 | } |
767 | if (!isset($config->name)) { | |
8ae42b8d | 768 | $config->name = ''; |
b9ddb2d5 | 769 | } |
770 | if (!isset($config->user)) { | |
8ae42b8d | 771 | $config->user = ''; |
b9ddb2d5 | 772 | } |
773 | if (!isset($config->pass)) { | |
8ae42b8d | 774 | $config->pass = ''; |
b9ddb2d5 | 775 | } |
776 | if (!isset($config->table)) { | |
8ae42b8d | 777 | $config->table = ''; |
b9ddb2d5 | 778 | } |
779 | if (!isset($config->fielduser)) { | |
8ae42b8d | 780 | $config->fielduser = ''; |
b9ddb2d5 | 781 | } |
782 | if (!isset($config->fieldpass)) { | |
8ae42b8d | 783 | $config->fieldpass = ''; |
b9ddb2d5 | 784 | } |
785 | if (!isset($config->passtype)) { | |
8ae42b8d | 786 | $config->passtype = 'plaintext'; |
787 | } | |
788 | if (!isset($config->extencoding)) { | |
789 | $config->extencoding = 'utf-8'; | |
790 | } | |
791 | if (!isset($config->setupsql)) { | |
792 | $config->setupsql = ''; | |
793 | } | |
794 | if (!isset($config->debugauthdb)) { | |
795 | $config->debugauthdb = 0; | |
b9ddb2d5 | 796 | } |
139ebfdb | 797 | if (!isset($config->removeuser)) { |
6f87ef52 | 798 | $config->removeuser = AUTH_REMOVEUSER_KEEP; |
139ebfdb | 799 | } |
b9ddb2d5 | 800 | if (!isset($config->changepasswordurl)) { |
801 | $config->changepasswordurl = ''; | |
802 | } | |
803 | ||
e7aeaa65 | 804 | // Save settings. |
8ae42b8d | 805 | set_config('host', $config->host, 'auth/db'); |
806 | set_config('type', $config->type, 'auth/db'); | |
807 | set_config('sybasequoting', $config->sybasequoting, 'auth/db'); | |
808 | set_config('name', $config->name, 'auth/db'); | |
809 | set_config('user', $config->user, 'auth/db'); | |
810 | set_config('pass', $config->pass, 'auth/db'); | |
811 | set_config('table', $config->table, 'auth/db'); | |
812 | set_config('fielduser', $config->fielduser, 'auth/db'); | |
813 | set_config('fieldpass', $config->fieldpass, 'auth/db'); | |
814 | set_config('passtype', $config->passtype, 'auth/db'); | |
815 | set_config('extencoding', trim($config->extencoding), 'auth/db'); | |
139ebfdb | 816 | set_config('setupsql', trim($config->setupsql),'auth/db'); |
8ae42b8d | 817 | set_config('debugauthdb', $config->debugauthdb, 'auth/db'); |
139ebfdb | 818 | set_config('removeuser', $config->removeuser, 'auth/db'); |
8ae42b8d | 819 | set_config('changepasswordurl', trim($config->changepasswordurl), 'auth/db'); |
820 | ||
b9ddb2d5 | 821 | return true; |
822 | } | |
823 | ||
e7aeaa65 PS |
824 | /** |
825 | * Add slashes, we can not use placeholders or system functions. | |
826 | * | |
827 | * @param string $text | |
828 | * @return string | |
829 | */ | |
8ae42b8d | 830 | function ext_addslashes($text) { |
8ae42b8d | 831 | if (empty($this->config->sybasequoting)) { |
832 | $text = str_replace('\\', '\\\\', $text); | |
833 | $text = str_replace(array('\'', '"', "\0"), array('\\\'', '\\"', '\\0'), $text); | |
834 | } else { | |
835 | $text = str_replace("'", "''", $text); | |
836 | } | |
837 | return $text; | |
838 | } | |
6cf20915 PS |
839 | |
840 | /** | |
841 | * Test if settings are ok, print info to output. | |
842 | * @private | |
843 | */ | |
844 | public function test_settings() { | |
845 | global $CFG, $OUTPUT; | |
846 | ||
847 | // NOTE: this is not localised intentionally, admins are supposed to understand English at least a bit... | |
848 | ||
849 | raise_memory_limit(MEMORY_HUGE); | |
850 | ||
851 | if (empty($this->config->table)) { | |
852 | echo $OUTPUT->notification('External table not specified.', 'notifyproblem'); | |
853 | return; | |
854 | } | |
855 | ||
856 | if (empty($this->config->fielduser)) { | |
857 | echo $OUTPUT->notification('External user field not specified.', 'notifyproblem'); | |
858 | return; | |
859 | } | |
860 | ||
861 | $olddebug = $CFG->debug; | |
862 | $olddisplay = ini_get('display_errors'); | |
863 | ini_set('display_errors', '1'); | |
864 | $CFG->debug = DEBUG_DEVELOPER; | |
865 | $olddebugauthdb = $this->config->debugauthdb; | |
866 | $this->config->debugauthdb = 1; | |
867 | error_reporting($CFG->debug); | |
868 | ||
869 | $adodb = $this->db_init(); | |
870 | ||
871 | if (!$adodb or !$adodb->IsConnected()) { | |
872 | $this->config->debugauthdb = $olddebugauthdb; | |
873 | $CFG->debug = $olddebug; | |
874 | ini_set('display_errors', $olddisplay); | |
875 | error_reporting($CFG->debug); | |
876 | ob_end_flush(); | |
877 | ||
878 | echo $OUTPUT->notification('Cannot connect the database.', 'notifyproblem'); | |
879 | return; | |
880 | } | |
881 | ||
882 | $rs = $adodb->Execute("SELECT * | |
883 | FROM {$this->config->table} | |
884 | WHERE {$this->config->fielduser} <> 'random_unlikely_username'"); // Any unlikely name is ok here. | |
885 | ||
886 | if (!$rs) { | |
887 | echo $OUTPUT->notification('Can not read external table.', 'notifyproblem'); | |
888 | ||
889 | } else if ($rs->EOF) { | |
890 | echo $OUTPUT->notification('External table is empty.', 'notifyproblem'); | |
891 | $rs->close(); | |
892 | ||
893 | } else { | |
894 | $fields_obj = $rs->FetchObj(); | |
895 | $columns = array_keys((array)$fields_obj); | |
896 | ||
897 | echo $OUTPUT->notification('External table contains following columns:<br />'.implode(', ', $columns), 'notifysuccess'); | |
898 | $rs->close(); | |
899 | } | |
900 | ||
901 | $adodb->Close(); | |
902 | ||
903 | $this->config->debugauthdb = $olddebugauthdb; | |
904 | $CFG->debug = $olddebug; | |
905 | ini_set('display_errors', $olddisplay); | |
906 | error_reporting($CFG->debug); | |
907 | ob_end_flush(); | |
908 | } | |
ce597604 SL |
909 | |
910 | /** | |
911 | * Clean the user data that comes from an external database. | |
5e60be8a | 912 | * @deprecated since 3.1, please use core_user::clean_data() instead. |
ce597604 SL |
913 | * @param array $user the user data to be validated against properties definition. |
914 | * @return stdClass $user the cleaned user data. | |
915 | */ | |
916 | public function clean_data($user) { | |
5e60be8a SL |
917 | debugging('The method clean_data() has been deprecated, please use core_user::clean_data() instead.', |
918 | DEBUG_DEVELOPER); | |
919 | return core_user::clean_data($user); | |
ce597604 | 920 | } |
b9ddb2d5 | 921 | } |
922 | ||
5117d598 | 923 |