Auth: Replace hardcoded strings: MDL-8069
[moodle.git] / auth / cas / login.php
1 <?php
2 // $Id$
3 // author: romualdLorthioir $
4 //CHANGELOG:
5 //05.03.2005 replace /login/index.php
6 defined('MOODLE_INTERNAL') or die('Direct access to this script is forbidden.');
8     //Define variables used in page
9     if (!$site = get_site()) {
10         print_error('nosite', '', '', NULL, true);
11     }
13     if (empty($CFG->langmenu)) {
14         $langmenu = "";
15     } else {
16         $currlang = current_language();
17         $langs    = get_list_of_languages();
18         if (empty($CFG->loginhttps)) {
19             $wwwroot = $CFG->wwwroot;
20         } else {
21             $wwwroot = str_replace('http:','https:',$CFG->wwwroot);
22         }
23         $langmenu = popup_form ("$wwwroot/login/index.php?lang=", $langs, "chooselang", $currlang, "", "", "", true);
24     }
26     $loginsite = get_string("loginsite");
27     $casauth = get_auth_plugin('cas');
28     $ldapauth = get_auth_plugin('ldap');
31     $frm = false;
32     $user = false;
33     if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
34         /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
35         $frm->username = 'guest';
36         $frm->password = 'guest';
37     } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
38         // Handles the case of another Moodle site linking into a page on this site
39         include($CFG->dirroot.'/login/weblinkauth.php');
40         if (function_exists(weblink_auth)) {
41             $user = weblink_auth($SESSION->wantsurl);
42         }
43         if ($user) {
44             $frm->username = $user->username;
45         } else {
46             $frm = data_submitted();
47         }
48     } else {
49         $frm = data_submitted();
50     }
52     if ($frm and (get_moodle_cookie() == '')) {    // Login without cookie
54         $errormsg = get_string("cookiesnotenabled");
56     } else if ($frm) {                             // Login WITH cookies
58         $frm->username = trim(moodle_strtolower($frm->username));
60         if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
61             $user = false;    /// Can't log in as guest if guest button is disabled
62             $frm = false;
63         } else if (!$user) {
64             if ($CFG->auth == "cas" && $frm->username != 'guest') { /// Cas SSO case
65                $user = $casauth->authenticate_user_login($frm->username, $frm->password);
66             }else{
67                $user = authenticate_user_login($frm->username, $frm->password);
68             }
69         }
70         update_login_count();
72         if ($user) {
73             if (! $user->confirmed ) {       // they never confirmed via email 
74                 print_header(get_string("mustconfirm"), get_string("mustconfirm") ); 
75                 print_heading(get_string("mustconfirm"));
76                 print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
77                 print_footer();
78                 die;
79             }
81             $USER = $user;
82             if (!empty($USER->description)) {
83                 $USER->description = true;   // No need to cart all of it around
84             }
85             $USER->loggedin = true;
86             $USER->site     = $CFG->wwwroot; // for added security, store the site in the session
87             sesskey();                       // for added security, used to check script parameters
89             if ($USER->username == "guest") {
90                 $USER->lang       = $CFG->lang;               // Guest language always same as site
91                 $USER->firstname  = get_string("guestuser");  // Name always in current language
92                 $USER->lastname   = " ";
93             }
94     
95             if (!update_user_login_times()) {
96                 error("Wierd error: could not update login records");
97             }
99             set_moodle_cookie($USER->username);
101             unset($SESSION->lang);
102             $SESSION->justloggedin = true;
104             // Restore the calendar filters, if saved
105             if (intval(get_user_preferences('calendar_persistflt', 0))) {
106                 include_once($CFG->dirroot.'/calendar/lib.php');
107                 calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
108             }
110             //Select password change url
111             $userauth = get_auth_plugin($USER->auth);
112             if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
113                 $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
114             } 
116             // check whether the user should be changing password
117             if (get_user_preferences('auth_forcepasswordchange', false)) {
118                 if (isset($passwordchangeurl)) {
119                     redirect($passwordchangeurl);
120                 } else {
121                     print_error('auth_cas_broken_password','auth');
122                 }
123             }
125             
126             add_to_log(SITEID, "user", "login", "view.php?id=$user->id&course=".SITEID, $user->id, 0, $user->id);
128             if (user_not_fully_set_up($USER)) {
129                 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
130                 // We don't delete $SESSION->wantsurl yet, so we get there later
132             } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
133                 $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
134                 unset($SESSION->wantsurl);
136             } else {
137                 $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
138                 unset($SESSION->wantsurl);         /// Just in case
139             }
141             // check if user password has expired
142             // Currently supported only for ldap-authentication module
143             if ($ldapauth->config->expiration == 1) {
144                     $days2expire = $ldapauth->password_expire($USER->username);
145                     if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
146                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>"); 
147                         notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); 
148                         print_footer();
149                         exit;
150                     } elseif (intval($days2expire) < 0 ) {
151                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>"); 
152                         notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
153                         print_footer();
154                         exit;
155                     }
156             }
158             reset_login_count();
160             load_all_capabilities();     /// This is what lets the user do anything on the site  :-)
162             redirect($urltogo);
164             exit;
165     
166         } else {
167           if ($CFG->auth == "cas" ) { /// CAS error login
168             $errormsg = get_string("invalidcaslogin");
169             phpCAS::logout("$CFG->wwwroot/auth/cas/forbidden.php");
170           }else{
171             $errormsg = get_string("invalidlogin");
172           }
173         }
174     }
175     $user = $casauth->automatic_authenticate($user);
176     if ($user) {
177         if (! $user->confirmed ) {       // they never confirmed via email 
178             print_header(get_string("mustconfirm"), get_string("mustconfirm") ); 
179             print_heading(get_string("mustconfirm"));
180             print_simple_box(get_string("emailconfirmsent", "", $user->email), "center");
181             print_footer();
182             die;
183         }
185         $USER = $user;
186         if (!empty($USER->description)) {
187             $USER->description = true;   // No need to cart all of it around
188         }
189         $USER->loggedin = true;
190         $USER->site     = $CFG->wwwroot; // for added security, store the site in the session
191         sesskey();                       // for added security, used to check script parameters
193         if ($USER->username == "guest") {
194             $USER->lang       = $CFG->lang;               // Guest language always same as site
195             $USER->firstname  = get_string("guestuser");  // Name always in current language
196             $USER->lastname   = " ";
197         }
199         if (!update_user_login_times()) {
200             error("Wierd error: could not update login records");
201         }
203         set_moodle_cookie($USER->username);
205         unset($SESSION->lang);
206         $SESSION->justloggedin = true;
208         // Restore the calendar filters, if saved
209         if (intval(get_user_preferences('calendar_persistflt', 0))) {
210             include_once($CFG->dirroot.'/calendar/lib.php');
211             calendar_set_filters_status(get_user_preferences('calendar_savedflt', 0xff));
212         }
214         //Select password change url
215         $userauth = get_auth_plugin($USER->auth);
216         if (method_exists($userauth, 'can_change_password') and $userauth->can_change_password()) {
217             $passwordchangeurl=$CFG->wwwroot.'/login/change_password.php';
218         }
220         // check whether the user should be changing password
221         if (get_user_preferences('auth_forcepasswordchange', false)) {
222             if (isset($passwordchangeurl)) {
223                 redirect($passwordchangeurl);
224             } else {
225                 print_error('auth_cas_broken_password','auth');
226             }
227         }
229         
230         add_to_log(SITEID, "user", "login", "view.php?id=$user->id&course=".SITEID, $user->id, 0, $user->id);
232         if (user_not_fully_set_up($USER)) {
233             $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
234             // We don't delete $SESSION->wantsurl yet, so we get there later
236         } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
237             $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
238             unset($SESSION->wantsurl);
240         } else {
241             $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
242             unset($SESSION->wantsurl);         /// Just in case
243         }
245         // check if user password has expired
246         // Currently supported only for ldap-authentication module
247         if ($ldapauth->config->expiration == 1) {
248                 $days2expire = $ldapauth->password_expire($USER->username);
249                 if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
250                     print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>"); 
251                     notice_yesno(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo); 
252                     print_footer();
253                     exit;
254                 } elseif (intval($days2expire) < 0 ) {
255                     print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>"); 
256                     notice_yesno(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
257                     print_footer();
258                     exit;
259                 }
260         }
262         reset_login_count();
264         load_all_capabilities();     /// This is what lets the user do anything on the site  :-)
266         redirect($urltogo);
268         exit;
269     } else {
270        if (!$CFG->guestloginbutton) {
271            $errormsg = get_string("invalidcaslogin");
272            phpCAS::logout("$CFG->wwwroot/auth/cas/forbidden.php");
273        }
274     }
276     if (empty($errormsg)) {
277         $errormsg = "";
278     }
280     if (empty($SESSION->wantsurl)) {
281         $SESSION->wantsurl = array_key_exists('HTTP_REFERER',$_SERVER) ? $_SERVER["HTTP_REFERER"] : $CFG->wwwroot.'/'; 
282     }
284     if (get_moodle_cookie() == '') {   
285         set_moodle_cookie('nobody');   // To help search for cookies
286     }
287     
288     if (empty($frm->username)) {
289         $frm->username = get_moodle_cookie() === 'nobody' ? '' : get_moodle_cookie();
290         $frm->password = "";
291     }
292     
293     if (!empty($frm->username)) {
294         $focus = "login.password";
295     } else {
296         $focus = "login.username";
297     }
299     if ($CFG->auth == "email" or $CFG->auth == "none" or chop($CFG->auth_instructions) <> "" ) {
300         $show_instructions = true;
301     } else {
302         $show_instructions = false;
303     }
304     
305     print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div align=\"right\">$langmenu</div>"); 
306     include($CFG->dirroot.'/auth/cas/index_form.html');
307     print_footer();
309     exit;
311     // No footer on this page
313 ?>