[moodle.git] / auth / shibboleth / index.php

<?php

    // Designed to be redirected from moodle/login/index.php

    require('../../config.php');

    $context = context_system::instance();
    $PAGE->set_url('/auth/shibboleth/index.php');
    $PAGE->set_context($context);

    // Support for WAYFless URLs.
    $target = optional_param('target', '', PARAM_LOCALURL);
    if (!empty($target) && empty($SESSION->wantsurl)) {
        $SESSION->wantsurl = $target;
    }

    if (isloggedin() && !isguestuser()) {      // Nothing to do
        if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
            $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
            unset($SESSION->wantsurl);

        } else {
            $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
            unset($SESSION->wantsurl);         /// Just in case
        }

        redirect($urltogo);

    }

    $pluginconfig   = get_config('auth/shibboleth');
    $shibbolethauth = get_auth_plugin('shibboleth');

    // Check whether Shibboleth is configured properly
    if (empty($pluginconfig->user_attribute)) {
        print_error('shib_not_set_up_error', 'auth_shibboleth');
     }

/// If we can find the Shibboleth attribute, save it in session and return to main login page
    if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
        $frm = new stdClass();
        $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
        // The password is never actually used, but needs to be passed to the functions 'user_login' and
        // 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
        // used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
        // returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
        // rather than setting the password to a hard-coded value, we will generate one each time, in case there are
        // changes to the Shibboleth plugin and it is actually used.
        $frm->password = generate_password(8);

    /// Check if the user has actually submitted login data to us

        if ($shibbolethauth->user_login($frm->username, $frm->password)
                && $user = authenticate_user_login($frm->username, $frm->password)) {
            complete_user_login($user);

            if (user_not_fully_set_up($USER, true)) {
                $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
                // We don't delete $SESSION->wantsurl yet, so we get there later

            } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
                $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
                unset($SESSION->wantsurl);

            } else {
                $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
                unset($SESSION->wantsurl);         /// Just in case
            }

            /// Go to my-moodle page instead of homepage if defaulthomepage enabled
            if (!has_capability('moodle/site:config',context_system::instance()) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {
                if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
                    $urltogo = $CFG->wwwroot.'/my/';
                }
            }

            redirect($urltogo);

            exit;
        }

        else {
            // The Shibboleth user couldn't be mapped to a valid Moodle user
            print_error('shib_invalid_account_error', 'auth_shibboleth');
        }
    }

    // If we can find any (user independent) Shibboleth attributes but no user
    // attributes we probably didn't receive any user attributes
    elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
        print_error('shib_no_attributes_error', 'auth_shibboleth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
    } else {
        print_error('shib_not_set_up_error', 'auth_shibboleth');
    }
Commit	Line	Data
79151615	1	<?php
	2
	3	// Designed to be redirected from moodle/login/index.php
565809c6	4
565809c6	5	require('../../config.php');
565809c6	6
5f1b2e88	7	$context = context_system::instance();
a6855934	8	$PAGE->set_url('/auth/shibboleth/index.php');
5f1b2e88	9	$PAGE->set_context($context);
79151615	10
39323c75	11	// Support for WAYFless URLs.
ab0ccc67	12	$target = optional_param('target', '', PARAM_LOCALURL);
f09afcdd	13	if (!empty($target) && empty($SESSION->wantsurl)) {
ab0ccc67 CF	14	$SESSION->wantsurl = $target;
ab0ccc67 CF	15	}
39323c75	16
629e12fd	17	if (isloggedin() && !isguestuser()) { // Nothing to do
b9ddb2d5	18	if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
a70d959a	19	$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
a70d959a	20	unset($SESSION->wantsurl);
565809c6	21
a70d959a	22	} else {
	23	$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
	24	unset($SESSION->wantsurl); /// Just in case
	25	}
139ebfdb	26
a70d959a	27	redirect($urltogo);
5117d598	28
a70d959a	29	}
14dfa059	30
c75a9a5c	31	$pluginconfig = get_config('auth/shibboleth');
3ea28768	32	$shibbolethauth = get_auth_plugin('shibboleth');
5117d598	33
1b5ad83d	34	// Check whether Shibboleth is configured properly
b9ddb2d5	35	if (empty($pluginconfig->user_attribute)) {
54d6517d	36	print_error('shib_not_set_up_error', 'auth_shibboleth');
49465c35	37	}
565809c6	38
bab8ceb1	39	/// If we can find the Shibboleth attribute, save it in session and return to main login page
b9ddb2d5	40	if (!empty($_SERVER[$pluginconfig->user_attribute])) { // Shibboleth auto-login
7dfe4b92	41	$frm = new stdClass();
f309632a	42	$frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
91ad3ef1 MN	43	// The password is never actually used, but needs to be passed to the functions 'user_login' and
	44	// 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
	45	// used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
	46	// returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
	47	// rather than setting the password to a hard-coded value, we will generate one each time, in case there are
	48	// changes to the Shibboleth plugin and it is actually used.
	49	$frm->password = generate_password(8);
565809c6	50
565809c6	51	/// Check if the user has actually submitted login data to us
139ebfdb	52
af402e56 MA	53	if ($shibbolethauth->user_login($frm->username, $frm->password)
af402e56 MA	54	&& $user = authenticate_user_login($frm->username, $frm->password)) {
5991cabf	55	complete_user_login($user);
5117d598	56
8df850ad	57	if (user_not_fully_set_up($USER, true)) {
565809c6	58	$urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&course='.SITEID;
	59	// We don't delete $SESSION->wantsurl yet, so we get there later
	60
	61	} else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
	62	$urltogo = $SESSION->wantsurl; /// Because it's an address in this site
	63	unset($SESSION->wantsurl);
	64
	65	} else {
	66	$urltogo = $CFG->wwwroot.'/'; /// Go to the standard home page
	67	unset($SESSION->wantsurl); /// Just in case
	68	}
139ebfdb	69
ba2789c1	70	/// Go to my-moodle page instead of homepage if defaulthomepage enabled
bf0f06b1	71	if (!has_capability('moodle/site:config',context_system::instance()) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {
574551d9	72	if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
	73	$urltogo = $CFG->wwwroot.'/my/';
	74	}
	75	}
139ebfdb	76
565809c6	77	redirect($urltogo);
5117d598	78
3ea28768	79	exit;
5117d598 PS	80	}
5117d598 PS	81
3ea28768	82	else {
af402e56 MA	83	// The Shibboleth user couldn't be mapped to a valid Moodle user
af402e56 MA	84	print_error('shib_invalid_account_error', 'auth_shibboleth');
565809c6	85	}
a70d959a	86	}
139ebfdb	87
139ebfdb	88	// If we can find any (user independent) Shibboleth attributes but no user
49465c35	89	// attributes we probably didn't receive any user attributes
2f5237ed	90	elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) \|\| !empty($_SERVER['Shib-Application-ID'])) {
54d6517d	91	print_error('shib_no_attributes_error', 'auth_shibboleth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
a70d959a	92	} else {
54d6517d	93	print_error('shib_not_set_up_error', 'auth_shibboleth');
565809c6	94	}
565809c6	95
5117d598	96