Per-auth-backend field locks support. Merged from MOODLE_15_STABLE
authormartinlanghoff <martinlanghoff>
Thu, 2 Jun 2005 05:39:41 +0000 (05:39 +0000)
committermartinlanghoff <martinlanghoff>
Thu, 2 Jun 2005 05:39:41 +0000 (05:39 +0000)
 * Extended set_config()
 * Implemented get_config() which takes over $CFG loading in setup.php
 * admin/auth.php has special handling if post vars starting in pluginconfig_
 * admin/auth.php print_auth_lock_options() prints a form fragment -- being called from most plugins now
 *  user/edit.php follows the new convention when locking down fields, both javascript UI and on POST.
 * admin/auth: More solid checking for auth GET/POST var.
 * admin/auth: print_auth_lock_options() now handles user field mapping options for LDAP and similar modules
 * admin/auth: user mapping options have moved to config_plugins table
 * auth/ldap module has migrated to using new field mapping vars -- simplified config.html a lot
 * auth settings migration to config_plugins

21 files changed:
admin/auth.php
auth/db/config.html
auth/db/lib.php
auth/email/config.html
auth/fc/config.html
auth/imap/config.html
auth/ldap/config.html
auth/ldap/lib.php
auth/manual/config.html
auth/nntp/config.html
auth/none/config.html
auth/pam/config.html
auth/pop3/config.html
auth/shibboleth/config.html
auth/shibboleth/lib.php
lang/en/auth.php
lib/db/mysql.php
lib/db/postgres7.php
lib/moodlelib.php
lib/setup.php
user/edit.php

index a11e2b7..04196eb 100644 (file)
         $config = (array)$config;
         validate_form($config, $err);
 
+        // extract and sanitize the auth key explicitly
+        $modules = get_list_of_plugins("auth");
+        if (in_array($config['auth'], $modules)) {
+            $auth = $config['auth'];            
+        } else {
+            notify("Error defining the authentication method");
+        }
+
         if (count($err) == 0) {
             print_header();
             foreach ($config as $name => $value) {
-                if (! set_config($name, $value)) {
-                    notify("Problem saving config $name as $value");
+                if (preg_match('/^pluginconfig_(.+?)$/', $name, $matches)) {
+                    $plugin = "auth/$auth";
+                    $name   = $matches[1];
+                    if (! set_config($name, $value, $plugin)) {                        
+                        notify("Problem saving config $name as $value for plugin $plugin");
+                    }
+                } else { // normal handling for 
+                    if (! set_config($name, $value)) {
+                        notify("Problem saving config $name as $value");
+                    }
                 }
             }
             redirect("auth.php?sesskey=$USER->sesskey", get_string("changessaved"), 1);
@@ -51,7 +67,7 @@
         $options[$module] = get_string("auth_$module"."title", "auth");
     }
     asort($options);
-    if (isset($_GET['auth'])) {
+    if (isset($_GET['auth']) && in_array($_GET['auth'], $modules)) {
         $auth = $_GET['auth'];
     } else {
         $auth = $config->auth;
     }
     $user_fields = array("firstname", "lastname", "email", "phone1", "phone2", "department", "address", "city", "country", "description", "idnumber", "lang");
 
-    foreach ($user_fields as $user_field) {
-        $user_field = "auth_user_$user_field";
-        if (! isset($config->$user_field)) {
-            $config->$user_field = "";
-        }
-    }
-
     if (empty($focus)) {
         $focus = "";
     }
@@ -198,5 +207,87 @@ function validate_form(&$form, &$err) {
     return;
 }
 
+//
+// Good enough for most auth plugins
+// but some may want a custom one if they are offering
+// other options
+// Note: pluginconfig_ fields have special handling. 
+function print_auth_lock_options ($auth, $user_fields, $helptext, $retrieveopts, $updateopts) {
+
+    echo '<tr><td colspan="3">';
+    if ($retrieveopts) {
+        print_heading(get_string('auth_data_mapping', 'auth'));
+    } else {
+        print_heading(get_string('auth_fieldlocks', 'auth'));
+    }
+    echo '<td/></tr>';
+
+    $lockoptions = array ('unlocked'        => get_string('unlocked', 'auth'),
+                          'unlockedifempty' => get_string('unlockedifempty', 'auth'),
+                          'locked'          => get_string('locked', 'auth'));
+    $updatelocaloptions = array('oncreate'  => get_string('update_oncreate', 'auth'),
+                                'onlogin'   => get_string('update_onlogin', 'auth'));
+    $updateextoptions = array('0'  => get_string('update_never', 'auth'),
+                              '1'   => get_string('update_onupdate', 'auth'));
+    
+    $pluginconfig = get_config("auth/$auth");
+    
+    // helptext is on a field with rowspan
+    if (empty($helptext)) {
+                $helptext = '&nbsp;';
+    }
+
+    foreach ($user_fields as $field) {
+
+        // Define some vars we'll work with
+        optional_variable($pluginconfig->{"field_map_$field"}, '');
+        optional_variable($pluginconfig->{"field_updatelocal_$field"}, '');
+        optional_variable($pluginconfig->{"field_updateremote_$field"}, '');
+        optional_variable($pluginconfig->{"field_lock_$field"}, '');
+
+        // define the fieldname we display to the  user
+        $fieldname = $field;
+        if ($fieldname === 'lang') {
+            $fieldname = get_string('language');
+        } elseif (preg_match('/^(.+?)(\d+)$/', $fieldname, $matches)) {
+            $fieldname =  get_string($matches[1]) . ' ' . $matches[2];
+        } else {
+            $fieldname = get_string($fieldname);
+        }
+
+        echo '<tr valign="top"><td align="right">';
+        echo $fieldname;
+        echo '</td><td>';
+
+        if ($retrieveopts) {
+            $varname = 'field_map_' . $field;
+
+            echo "<input name=\"pluginconfig_{$varname}\" type=\"text\" size=\"30\" value=\"{$pluginconfig->$varname}\">";
+            echo '<div align="right">';
+            echo  get_string('auth_updatelocal', 'auth') . '&nbsp;&nbsp;';
+            choose_from_menu($updatelocaloptions, "pluginconfig_field_updatelocal_{$field}", $pluginconfig->{"field_updatelocal_$field"}, "");
+            echo '<br />';
+            if ($updateopts) {
+                echo  get_string('auth_updateremote', 'auth') . '&nbsp;&nbsp;';
+                 '&nbsp;&nbsp;';
+                choose_from_menu($updateextoptions, "pluginconfig_field_updateremote_{$field}", $pluginconfig->{"field_updateremote_$field"}, "");
+                echo '<br />';
+
+
+            }
+            echo  get_string('auth_fieldlock', 'auth') . '&nbsp;&nbsp;';
+            choose_from_menu($lockoptions, "pluginconfig_field_lock_{$field}", $pluginconfig->{"field_lock_$field"}, "");
+            echo '</div>';
+        } else {
+            choose_from_menu($lockoptions, "pluginconfig_field_lock_{$field}", $pluginconfig->{"field_lock_$field"}, "");
+        }
+        echo '</td>';
+        if (!empty($helptext)) {
+            echo '<td rowspan="' . count($user_fields) . '">' . $helptext . '</td>';
+            $helptext = '';
+        }
+        echo '</tr>';
+    }
+}
 
 ?>
index 888fd74..0b960d2 100644 (file)
     </td>
 </tr>
 
-
-<tr>
-    <td align="right"><?php  print_string("firstname") ?>:</td>
-    <td>
-    <input name="auth_user_firstname" type="text" size="30" value="<?php echo $config->auth_user_firstname?>" />
-    </td>
-    <td rowspan="12" valign="middle">
-    <?php  print_string("auth_dbextrafields","auth") ?>
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("lastname") ?>:</td>
-    <td>
-    <input name="auth_user_lastname" type="text" size="30" value="<?php echo $config->auth_user_lastname?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("email") ?>:</td>
-    <td>
-    <input name="auth_user_email" type="text" size="30" value="<?php echo $config->auth_user_email?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("phone") ?> 1:</td>
-    <td>
-    <input name="auth_user_phone1" type="text" size="30" value="<?php echo $config->auth_user_phone1?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("phone") ?> 2:</td>
-    <td>
-    <input name="auth_user_phone2" type="text" size="30" value="<?php echo $config->auth_user_phone2?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("department") ?>:</td>
-    <td>
-    <input name="auth_user_department" type="text" size="30" value="<?php echo $config->auth_user_department?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("address") ?>:</td>
-    <td>
-    <input name="auth_user_address" type="text" size="30" value="<?php echo $config->auth_user_address?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("city") ?>:</td>
-    <td>
-    <input name="auth_user_city" type="text" size="30" value="<?php echo $config->auth_user_city?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("country") ?>:</td>
-    <td>
-    <input name="auth_user_country" type="text" size="30" value="<?php echo $config->auth_user_country?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("description") ?>:</td>
-    <td>
-    <input name="auth_user_description" type="text" size="30" value="<?php echo $config->auth_user_description?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("idnumber") ?>:</td>
-    <td>
-    <input name="auth_user_idnumber" type="text" size="30" value="<?php echo $config->auth_user_idnumber?>" />
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("language") ?>:</td>
-    <td>
-    <input name="auth_user_lang" type="text" size="30" value="<?php echo $config->auth_user_lang?>" />
-    </td>
-</tr>
-
+<?php print_auth_lock_options($auth, $user_fields, get_string("auth_dbextrafields","auth"), true, false);  ?>
 
 <tr valign="top">
     <td align="right"><?php  print_string("instructions", "auth") ?>:</td>
index b085d5c..73afd05 100644 (file)
@@ -58,6 +58,9 @@ function auth_get_userinfo($username){
 
     $config = (array) $CFG;
 
+    $pcfg = get_config('auth/db');
+    $pcfg = (array) $pcfg;
+
     ADOLoadCode($CFG->auth_dbtype);          
     $authdb = &ADONewConnection();         
     $authdb->PConnect($CFG->auth_dbhost,$CFG->auth_dbuser,$CFG->auth_dbpass,$CFG->auth_dbname); 
@@ -69,8 +72,8 @@ function auth_get_userinfo($username){
     $result = array();
 
     foreach ($fields as $field) {
-        if ($config["auth_user_$field"]) {
-            if ($rs = $authdb->Execute("SELECT ".$config["auth_user_$field"]." FROM $CFG->auth_dbtable
+        if ($pcfg["field_map_$field"]) {
+            if ($rs = $authdb->Execute("SELECT ".$pcfg["field_map_$field"]." FROM $CFG->auth_dbtable
                                         WHERE $CFG->auth_dbfielduser = '$username'")) {
                 if ( $rs->RecordCount() == 1 ) {
                     $result["$field"] = $rs->fields[0];
index 660e38b..f686f3a 100644 (file)
@@ -1,2 +1,4 @@
 <!-- No config needed -->
 <div align="center"><?php print_string('none'); ?></div>
+
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
index 90e7e9f..11682c9 100644 (file)
 
 </tr>
 
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
index 5766b13..40619cb 100644 (file)
@@ -57,3 +57,4 @@
     <?php  helpbutton("text", get_string("helptext")) ?>
     </td>
 </tr>
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
index e063234..7ac8494 100644 (file)
@@ -1,4 +1,4 @@
-<?PHP
+<?php
     // Initialize vars
     optional_variable($config->ldap_host_url,             "");
     optional_variable($config->ldap_contexts,             "");
     optional_variable($config->ldap_graceattr,         "");
     optional_variable($config->auth_user_create,         "");
     optional_variable($config->auth_user_create,         "");
-    optional_variable($config->auth_ldap_forcepasswordchange,         "");
+    optional_variable($config->auth_ldap_forcechangepassword,         "");
     
-    optional_variable($config->auth_user_firstname_updatelocal,     "1");
-    optional_variable($config->auth_user_firstname_editlock,        "1");  
-    optional_variable($config->auth_user_firstname_updateremote,    "");                    
-    optional_variable($config->auth_user_lastname_updatelocal,         "1");
-    optional_variable($config->auth_user_lastname_editlock,         "1");  
-    optional_variable($config->auth_user_lastname_updateremote,     "");  
-    optional_variable($config->auth_user_email_updatelocal,         "1");
-    optional_variable($config->auth_user_email_editlock,             "1");  
-    optional_variable($config->auth_user_email_updateremote,         ""); 
-    optional_variable($config->auth_user_phone1_updatelocal,         "");
-    optional_variable($config->auth_user_phone1_editlock,             "");  
-    optional_variable($config->auth_user_phone1_updateremote,         ""); 
-    optional_variable($config->auth_user_phone2_updatelocal,         "");
-    optional_variable($config->auth_user_phone2_editlock,             "");  
-    optional_variable($config->auth_user_phone2_updateremote,         ""); 
-    optional_variable($config->auth_user_department_updatelocal,     "");
-    optional_variable($config->auth_user_department_editlock,         "");  
-    optional_variable($config->auth_user_department_updateremote,  ""); 
-    optional_variable($config->auth_user_address_updatelocal,         "");
-    optional_variable($config->auth_user_address_editlock,             "");  
-    optional_variable($config->auth_user_address_updateremote,         ""); 
-    optional_variable($config->auth_user_city_updatelocal,             "");
-    optional_variable($config->auth_user_city_editlock,             "");  
-    optional_variable($config->auth_user_city_updateremote,         ""); 
-    optional_variable($config->auth_user_country_updatelocal,         "");
-    optional_variable($config->auth_user_country_editlock,             "");  
-    optional_variable($config->auth_user_country_updateremote,         ""); 
-    optional_variable($config->auth_user_description_updatelocal,     "");
-    optional_variable($config->auth_user_description_editlock,         "");  
-    optional_variable($config->auth_user_description_updateremote, ""); 
-    optional_variable($config->auth_user_lang_updatelocal,             "");
-    optional_variable($config->auth_user_lang_editlock,             "");  
-    optional_variable($config->auth_user_lang_updateremote,         ""); 
-    optional_variable($config->auth_user_idnumber_updatelocal,         "");
-    optional_variable($config->auth_user_idnumber_editlock,         "");  
-    optional_variable($config->auth_user_idnumber_updateremote,     ""); 
-
     optional_variable($config->auth_ldap_stdchangepassword,        false); 
     
 if (!function_exists('ldap_connect')){ // Is php4-ldap really there?
@@ -368,382 +331,17 @@ if (!function_exists('ldap_connect')){ // Is php4-ldap really there?
     </td>
 </tr>
 
+<?php 
 
-<tr>
-   <td colspan="2">
-        <h4><?php print_string("auth_data_mapping", "auth") ?> </h4>
-   </td>
-</tr>
-
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("firstname") ?>:</td>
-    <td>
-    <input name="auth_user_firstname" type="text" size="30" value="<?php echo $config->auth_user_firstname?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_firstname_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_firstname_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_firstname_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_firstname_editlock">
-        <option value="0" <?php echo ($config->auth_user_firstname_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_firstname_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_firstname_updateremote">
-        <option value="0" <?php echo ($config->auth_user_firstname_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_firstname_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-    <td rowspan=12 valign="top">
-    <?php  print_string("auth_ldapextrafields","auth") ?>
-    <?php  print_string("auth_updatelocal_expl","auth") ?>
-    <?php  print_string("auth_editlock_expl","auth") ?>
-    <?php  print_string("auth_updateremote_expl","auth") ?>
-    <hr>
-    <?php  print_string("auth_updateremote_ldap","auth") ?>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("lastname") ?>:</td>
-    <td>
-    <input name="auth_user_lastname" type="text" size="30" value="<?php echo $config->auth_user_lastname?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_lastname_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_lastname_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lastname_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock","auth") ?>
-    <select name="auth_user_lastname_editlock">
-        <option value="0" <?php echo ($config->auth_user_lastname_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lastname_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_lastname_updateremote">
-        <option value="0" <?php echo ($config->auth_user_lastname_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lastname_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("email") ?>:</td>
-    <td>
-    <input name="auth_user_email" type="text" size="30" value="<?php echo $config->auth_user_email?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_email_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_email_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_email_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_email_editlock">
-        <option value="0" <?php echo ($config->auth_user_email_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_email_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_email_updateremote">
-        <option value="0" <?php echo ($config->auth_user_email_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_email_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("phone") ?> 1:</td>
-    <td>
-    <input name="auth_user_phone1" type="text" size="30" value="<?php echo $config->auth_user_phone1?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_phone1_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_phone1_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone1_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_phone1_editlock">
-        <option value="0" <?php echo ($config->auth_user_phone1_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone1_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_phone1_updateremote">
-        <option value="0" <?php echo ($config->auth_user_phone1_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone1_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("phone") ?> 2:</td>
-    <td>
-    <input name="auth_user_phone2" type="text" size="30" value="<?php echo $config->auth_user_phone2?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_phone2_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_phone2_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone2_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_phone2_editlock">
-        <option value="0" <?php echo ($config->auth_user_phone2_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone2_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_phone2_updateremote">
-        <option value="0" <?php echo ($config->auth_user_phone2_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone2_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("department") ?>:</td>
-    <td>
-    <input name="auth_user_department" type="text" size="30" value="<?php echo $config->auth_user_department?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_department_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_department_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_department_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_department_editlock">
-        <option value="0" <?php echo ($config->auth_user_department_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_department_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_department_updateremote">
-        <option value="0" <?php echo ($config->auth_user_department_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_department_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("address") ?>:</td>
-    <td>
-    <input name="auth_user_address" type="text" size="30" value="<?php echo $config->auth_user_address?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_address_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_address_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_address_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_address_editlock">
-        <option value="0" <?php echo ($config->auth_user_address_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_address_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_address_updateremote">
-        <option value="0" <?php echo ($config->auth_user_address_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_address_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("city") ?>:</td>
-    <td>
-    <input name="auth_user_city" type="text" size="30" value="<?php echo $config->auth_user_city?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_city_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_city_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_city_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_city_editlock">
-        <option value="0" <?php echo ($config->auth_user_city_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_city_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_city_updateremote">
-        <option value="0" <?php echo ($config->auth_user_city_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_city_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("country") ?>:</td>
-    <td>
-    <input name="auth_user_country" type="text" size="30" value="<?php echo $config->auth_user_country?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_country_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_country_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_country_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_country_editlock">
-        <option value="0" <?php echo ($config->auth_user_country_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_country_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_country_updateremote">
-        <option value="0" <?php echo ($config->auth_user_country_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_country_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("description") ?>:</td>
-    <td>
-    <input name="auth_user_description" type="text" size="30" value="<?php echo $config->auth_user_description?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_description_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_description_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_description_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_description_editlock">
-        <option value="0" <?php echo ($config->auth_user_description_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_description_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_description_updateremote">
-        <option value="0" <?php echo ($config->auth_user_description_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_description_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("idnumber") ?>:</td>
-    <td>
-    <input name="auth_user_idnumber" type="text" size="30" value="<?php echo $config->auth_user_idnumber?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_idnumber_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_idnumber_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_idnumber_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_idnumber_editlock">
-        <option value="0" <?php echo ($config->auth_user_idnumber_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_idnumber_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_idnumber_updateremote">
-        <option value="0" <?php echo ($config->auth_user_idnumber_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_idnumber_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
-
-<tr valign="top" class="required">
-    <td align="right"><?php  print_string("language") ?>:</td>
-    <td>
-    <input name="auth_user_lang" type="text" size="30" value="<?php echo $config->auth_user_lang?>">
-    <div align="right">
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_lang_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_lang_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lang_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_lang_editlock">
-        <option value="0" <?php echo ($config->auth_user_lang_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lang_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    <?php  print_string("auth_updateremote", "auth") ?>
-    <select name="auth_user_lang_updateremote">
-        <option value="0" <?php echo ($config->auth_user_lang_updateremote ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lang_updateremote ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </div>
-    </td>
-</tr>
+$help  = get_string("auth_ldapextrafields","auth");
+$help .= get_string("auth_updatelocal_expl","auth");
+$help .= get_string("auth_fieldlock_expl","auth");
+$help .= get_string("auth_updateremote_expl","auth");
+$help .= '<hr />';
+$help .= get_string("auth_updateremote_ldap","auth");
 
+print_auth_lock_options($auth, $user_fields, $help, true, true); 
+?>
 
 <tr valign="top" class="required">
     <td align="right"><?php  print_string("instructions", "auth") ?>:</td>
@@ -751,6 +349,7 @@ if (!function_exists('ldap_connect')){ // Is php4-ldap really there?
     <textarea name="auth_instructions" cols="30" rows="10" wrap="virtual"><?php  p($config->auth_instructions) ?></textarea> 
     </td>
     <td>
+
     <?php  print_string("authinstructions","auth") ?>
     <?php  helpbutton("text", get_string("helptext")) ?>
     </td>
index 73847c6..f6333e1 100644 (file)
@@ -372,6 +372,7 @@ function auth_sync_users ($bulk_insert_records = 1000, $do_updates=1) {
 
 
     global $CFG ;
+    $pcfg = get_config('auth/ldap');
 
     // configure a temp table 
     print "Configuring temp table\n";    
@@ -503,11 +504,11 @@ function auth_sync_users ($bulk_insert_records = 1000, $do_updates=1) {
     ////
     if ($do_updates) {
         // narrow down what fields we need to update
-        $all_keys = array_keys(get_object_vars($CFG));
+        $all_keys = array_keys(get_object_vars($pcfg));
         $updatekeys = array();
         foreach ($all_keys as $key) {
-            if (preg_match('/^auth_user_(.+)_updatelocal$/',$key, $match)) {
-                if ($CFG->{$match[0]}) { // if it has a true value
+            if (preg_match('/^field_updatelocal_(.+)$/',$key, $match)) {
+                if ($pcfg->{$match[0]}) { // if it has a true value
                     array_push($updatekeys, $match[1]); // the actual key name
                 }
             }
@@ -637,6 +638,8 @@ function auth_ldap_update_user_record($username, $updatekeys=false) {
 
     global $CFG;
 
+    $pcfg = get_config('auth/ldap');
+
     //just in case check text case
     $username = trim(moodle_strtolower($username));
     
@@ -663,8 +666,7 @@ function auth_ldap_update_user_record($username, $updatekeys=false) {
                 } else {
                     $value = '';
                 }
-                if(isset($CFG->{'auth_user_' . $key. '_updatelocal'}) 
-                   &&    $CFG->{'auth_user_' . $key. '_updatelocal'}){
+                if (!empty($pcfg->{'field_updatelocal_' . $key})) { 
                        if ($user->{$key} != $value) { // only update if it's changed
                            set_field('user', $key, $value, 'username', $username);
                        }
@@ -782,6 +784,8 @@ function auth_iscreator($username=0) {
 function auth_user_update($olduser, $newuser) {
 
     global $USER , $CFG;
+
+    $pcfg = get_config('auth/ldap');
     
     $ldapconnection = auth_ldap_connect();
     
@@ -810,7 +814,7 @@ function auth_user_update($olduser, $newuser) {
         //error_log(var_export($user_entry) . 'fpp' );
         
         foreach ($attrmap as $key=>$ldapkeys){
-            if (isset($CFG->{'auth_user_'. $key.'_updateremote'}) && $CFG->{'auth_user_'. $key.'_updateremote'}){
+            if (!empty($pcfg->{'field_updateremote_'. $key})) {
 
                 // for ldap values that could be in more than one 
                 // ldap key, we will do our best to match 
@@ -1355,10 +1359,12 @@ function auth_ldap_attributes (){
                     "department", "address", "city", "country", "description", 
                     "idnumber", "lang" );
 
+    $pcfg = get_config('auth/ldap');
+
     $moodleattributes = array();
     foreach ($fields as $field) {
-        if (!empty($config["auth_user_$field"])) {
-            $moodleattributes[$field] = $config["auth_user_$field"];
+        if (!empty($pcfg->{"field_map_$field"})) {
+            $moodleattributes[$field] = $pcfg->{"field_map_$field"};
             if (preg_match('/,/',$moodleattributes[$field])) {
                 $moodleattributes[$field] = explode(',', $moodleattributes[$field]); // split ?
             }
index 111a249..7288eb4 100644 (file)
@@ -8,4 +8,4 @@
     <?php  helpbutton("text", get_string("helptext")) ?>
     </td>
 </tr>
-
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
index 8fcf207..f8216d0 100644 (file)
@@ -40,3 +40,4 @@
     <?php  helpbutton("text", get_string("helptext")) ?>
     </td>
 </tr>
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
index 660e38b..e3056db 100644 (file)
@@ -1,2 +1,3 @@
 <!-- No config needed -->
 <div align="center"><?php print_string('none'); ?></div>
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
index ea85dec..fa9c94a 100644 (file)
@@ -6,4 +6,5 @@
     <?php  print_string("authinstructions","auth") ?>
     <?php  helpbutton("text", get_string("helptext")) ?>
   </td>
-</tr>
\ No newline at end of file
+</tr>
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
index 6eb3896..d35962c 100644 (file)
@@ -71,3 +71,5 @@
     <?php  helpbutton("text", get_string("helptext")) ?>
     </td>
 </tr>
+
+<?php print_auth_lock_options($auth, $user_fields, get_string('auth_fieldlocks_help', 'auth'), false, false); ?>
\ No newline at end of file
index 0b79f8b..2805086 100755 (executable)
@@ -4,100 +4,10 @@ if (!isset($config->auth_instructions) or empty($config->shib_user_attribute)) {
     $config->auth_instructions = get_string('auth_shib_instructions', 'auth', $CFG->wwwroot.'/auth/shibboleth/shib-protected.php');
 }
 
-if (!isset($config->auth_user_firstname_updatelocal)) {
-    $config->auth_user_firstname_updatelocal = 1;
-}
-
-if (!isset($config->auth_shib_only)) {
-    $config->auth_shib_only = 0;
-}
-
-if (!isset($config->auth_user_firstname_updatelocal)) {
-    $config->auth_user_firstname_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_firstname_editlock)) {
-    $config->auth_user_firstname_editlock = 0;
-}
-
-if (!isset($config->auth_user_lastname_updatelocal)) {
-    $config->auth_user_lastname_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_lastname_editlock)) {
-    $config->auth_user_lastname_editlock = 0;
-}
-
-if (!isset($config->auth_user_email_updatelocal)) {
-    $config->auth_user_email_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_email_editlock)) {
-    $config->auth_user_email_editlock = 0;
-}
-
-if (!isset($config->auth_user_phone1_updatelocal)) {
-    $config->auth_user_phone1_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_phone1_editlock)) {
-    $config->auth_user_phone1_editlock = 0;
-}
-
-if (!isset($config->auth_user_department_updatelocal)) {
-    $config->auth_user_department_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_department_editlock)) {
-    $config->auth_user_department_editlock = 0;
-}
-
-if (!isset($config->auth_user_address_updatelocal)) {
-    $config->auth_user_address_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_address_editlock)) {
-    $config->auth_user_address_editlock = 0;
-}
-
-if (!isset($config->auth_user_city_updatelocal)) {
-    $config->auth_user_city_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_city_editlock)) {
-    $config->auth_user_city_editlock = 0;
-}
-
-if (!isset($config->auth_user_country_updatelocal)) {
-    $config->auth_user_country_updatelocal = 1;
-}
-if (!isset($config->auth_user_country_editlock)) {
-    $config->auth_user_country_editlock = 0;
-}
-
-if (!isset($config->auth_user_description_updatelocal)) {
-    $config->auth_user_description_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_description_editlock)) {
-    $config->auth_user_description_editlock = 0;
-}
-
-if (!isset($config->auth_user_idnumber_updatelocal)) {
-    $config->auth_user_idnumber_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_idnumber_editlock)) {
-    $config->auth_user_idnumber_editlock = 0;
-}
-
-if (!isset($config->auth_user_lang_updatelocal)) {
-    $config->auth_user_lang_updatelocal = 1;
-}
-
-if (!isset($config->auth_user_lang_editlock)) {
-    $config->auth_user_lang_editlock = 0;
-}
+optional_variable($config->auth_shib_only,      0);
+optional_variable($config->shib_user_attribute, '');
+optional_variable($config->shib_logout_url,     '');
+optional_variable($config->shib_convert_data,   0);
 
 ?>
 <tr>
@@ -139,255 +49,7 @@ if (!isset($config->auth_user_lang_editlock)) {
     </td>
 </tr>
 
-<tr valign="top" class="required">
-    <td align="right" valign="top"><?php  print_string("firstname") ?>:</td>
-    <td>
-    <input name="auth_shib_user_firstname" type="text" size="30" value="<?php echo $config->auth_shib_user_firstname?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_firstname_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_firstname_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_firstname_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select>
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_firstname_editlock">
-        <option value="0" <?php echo ($config->auth_user_firstname_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_firstname_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-<tr valign="top" class="required">
-    <td align="right" valign="top"><?php  print_string("lastname") ?>:</td>
-    <td>
-    <input name="auth_shib_user_lastname" type="text" size="30" value="<?php echo $config->auth_shib_user_lastname?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_lastname_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_lastname_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lastname_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock","auth") ?>
-    <select name="auth_user_lastname_editlock">
-        <option value="0" <?php echo ($config->auth_user_lastname_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lastname_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>    
-    </td>
-</tr>
-<tr valign="top" class="required">
-    <td align="right" valign="top"><?php  print_string("email") ?>:</td>
-    <td>
-    <input name="auth_shib_user_email" type="text" size="30" value="<?php echo $config->auth_shib_user_email?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_email_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_email_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_email_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_email_editlock">
-        <option value="0" <?php echo ($config->auth_user_email_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_email_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>        
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("phone") ?> 1:</td>
-    <td>
-    <input name="auth_shib_user_phone1" type="text" size="30" value="<?php echo $config->auth_shib_user_phone1?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_phone1_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_phone1_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone1_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_phone1_editlock">
-        <option value="0" <?php echo ($config->auth_user_phone1_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_phone1_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>        
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("department") ?>:</td>
-    <td>
-    <input name="auth_shib_user_department" type="text" size="30" value="<?php echo $config->auth_shib_user_department?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_department_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_department_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_department_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_department_editlock">
-        <option value="0" <?php echo ($config->auth_user_department_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_department_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("address") ?>:</td>
-    <td>
-    <input name="auth_shib_user_address" type="text" size="30" value="<?php echo $config->auth_shib_user_address?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_address_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_address_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_address_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_address_editlock">
-        <option value="0" <?php echo ($config->auth_user_address_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_address_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-<tr valign="top">
-    <td align="right"><?php  print_string("city") ?>:</td>
-    <td>
-    <input name="auth_shib_user_city" type="text" size="30" value="<?php echo $config->auth_shib_user_city?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_city_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_city_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_city_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_city_editlock">
-        <option value="0" <?php echo ($config->auth_user_city_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_city_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("country") ?>:</td>
-    <td>
-    <input name="auth_shib_user_country" type="text" size="30" value="<?php echo $config->auth_shib_user_country?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_country_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_country_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_country_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_country_editlock">
-        <option value="0" <?php echo ($config->auth_user_country_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_country_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("description") ?>:</td>
-    <td>
-    <input name="auth_shib_user_description" type="text" size="30" value="<?php echo $config->auth_shib_user_description?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_description_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_description_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_description_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_description_editlock">
-        <option value="0" <?php echo ($config->auth_user_description_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_description_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("idnumber") ?>:</td>
-    <td>
-    <input name="auth_shib_user_idnumber" type="text" size="30" value="<?php echo $config->auth_shib_user_idnumber?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_idnumber_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_idnumber_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_idnumber_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_idnumber_editlock">
-        <option value="0" <?php echo ($config->auth_user_idnumber_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_idnumber_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
-
-<tr valign="top">
-    <td align="right"><?php  print_string("language") ?>:</td>
-    <td>
-    <input name="auth_shib_user_lang" type="text" size="30" value="<?php echo $config->auth_shib_user_lang?>">
-    </td>
-    <td>
-    <?php  print_string("auth_updatelocal", "auth") ?>
-    <select name="auth_user_lang_updatelocal">
-        <option value="0" <?php echo ($config->auth_user_lang_updatelocal ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lang_updatelocal ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select> 
-    <?php  print_string("auth_editlock", "auth") ?>
-    <select name="auth_user_lang_editlock">
-        <option value="0" <?php echo ($config->auth_user_lang_editlock ? '' : 'selected="yes"') ?> >
-            <?php  print_string("no")  ?></option>
-        <option value="1" <?php echo ($config->auth_user_lang_editlock ? 'selected="yes"' : '') ?> >
-            <?php  print_string("yes") ?></option>
-    </select><br>
-    </td>
-</tr>
+<?php print_auth_lock_options($auth, $user_fields, '<!-- empty help -->', true, false);  ?>
 
 <tr valign="top">
     <td align="right"><?php  print_string("instructions", "auth") ?>:</td>
index 7de729e..d9a2fee 100755 (executable)
@@ -65,14 +65,17 @@ function auth_shib_attributes (){
        global $CFG;
 
     $config = (array)$CFG;
+    $pcfg   = get_config('auth/shibboleth');
+    $pcfg   = (array) $pcfg;
+
     $fields = array("firstname", "lastname", "email", "phone1", "phone2", 
                     "department", "address", "city", "country", "description", 
                     "idnumber", "lang", "guid");
 
     $moodleattributes = array();
     foreach ($fields as $field) {
-        if ($config["auth_shib_user_$field"]) {
-            $moodleattributes[$field] = $config["auth_shib_user_$field"];
+        if ($pcfg["auth_shib_user_$field"]) {
+            $moodleattributes[$field] = $pcfg["auth_shib_user_$field"];
         }
     }
     $moodleattributes['username']=$config["shib_user_attribute"];
index 79014f8..9f04dd7 100644 (file)
@@ -31,8 +31,8 @@ $string['auth_dbtable'] = 'Name of the table in the database';
 $string['auth_dbtitle'] = 'Use an external database';
 $string['auth_dbtype'] = 'The database type (See the <a href=\"../lib/adodb/readme.htm#drivers\">ADOdb documentation</a> for details)';
 $string['auth_dbuser'] = 'Username with read access to the database';
-$string['auth_editlock'] = 'Lock value';
-$string['auth_editlock_expl'] = '<p><b>Lock value:</b> If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system. </p>';
+$string['auth_fieldlock'] = 'Lock value';
+$string['auth_fieldlock_expl'] = '<p><b>Lock value:</b> If enabled, will prevent Moodle users and admins from editing the field directly. Use this option if you are maintaining this data in the external auth system. </p>';
 $string['auth_emaildescription'] = 'Email confirmation is the default authentication method.  When the user signs up, choosing their own new username and password, a confirmation email is sent to the user\'s email address.  This email contains a secure link to a page where the user can confirm their account. Future logins just check the username and password against the stored values in the Moodle database.';
 $string['auth_emailtitle'] = 'Email-based authentication';
 $string['auth_fccreators'] = 'List of groups whose members are allowed to create new courses. Separate multiple groups with \';\'. Names must be spelled exactly as on FirstClass server. System is case-sensitive.';
@@ -113,10 +113,10 @@ $string['auth_shib_convert_data'] = 'Data modification API';
 $string['auth_shib_convert_data_description'] = 'You can use this API to further modify the data provided by Shibboleth. Read the <a href=\"../auth/shibboleth/README.txt\" target=\"_blank\">README</a> for further instructions.';
 $string['auth_shib_instructions_help'] = 'Here you should provide custom instructions for your users to explain Shibboleth.  It will be shown on the login page in the instructions section.  It should include a link to a Shibboleth-protected resource that redirects users to \"<b>$a</b>\" so that Shibboleth users can login in Moodle.  If you leave it blank, then standard instructions will be used (not Shibboleth-specific)';
 $string['auth_shib_convert_data_warning'] = 'The file does not exist or is not readable by the webserver process!';
-$string['auth_updatelocal'] = 'Update local data';
-$string['auth_updatelocal_expl'] = '<p><b>Update local data:</b> If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.</p>';
-$string['auth_updateremote'] = 'Update external data';
-$string['auth_updateremote_expl'] = '<p><b>Update external data:</b> If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits.</p>';
+$string['auth_updatelocal'] = 'Update local';
+$string['auth_updatelocal_expl'] = '<p><b>Update local:</b> If enabled, the field will be updated (from external auth) every time the user logs in or there is a user synchronization. Fields set to update locally should be locked.</p>';
+$string['auth_updateremote'] = 'Update external';
+$string['auth_updateremote_expl'] = '<p><b>Update external:</b> If enabled, the external auth will be updated when the user record is updated. Fields should be unlocked to allow edits.</p>';
 $string['auth_updateremote_ldap'] = '<p><b>Note:</b> Updating external LDAP data requires that you set binddn and bindpw to a bind-user with editing privileges to all the user records. It currently does not preserve multi-valued attributes, and will remove extra values on update. </p>';
 $string['auth_user_create'] = 'Enable user creation';
 $string['auth_user_creation'] = 'New (anonymous) users can create user accounts on the external authentication source and confirmed via email. If you enable this , remember to also configure module-specific options for user creation.';
@@ -137,5 +137,12 @@ $string['showguestlogin'] = 'You can hide or show the guest login button on the
 $string['stdchangepassword'] = 'Use standard Change Password Page';
 $string['stdchangepassword_expl'] = 'If the external authentication system allows password changes through Moodle, switch this to Yes. This setting overrides \'Change Password URL\'.';
 $string['stdchangepassword_explldap'] = 'NOTE: It is recommended that you use LDAP over an SSL encrypted tunnel (ldaps://) if the LDAP server is remote.';
+$string['update_oncreate'] = 'On creation';
+$string['update_onlogin']  = 'On every login';
+$string['update_onupdate']  = 'On update';
+$string['update_never']    = 'Never';
+$string['unlocked'] = 'Unlocked';
+$string['unlockedifempty'] = 'Unlocked if empty';
+$string['locked'] = 'Locked';
 
 ?>
index 68d4cda..783909a 100644 (file)
@@ -1385,6 +1385,52 @@ function main_upgrade($oldversion=0) {
                                   COMMENT='Moodle modules and plugins configuration variables';");
     }
 
+    if ($oldversion < 2005060200) {  // migrate some config items to config_plugins table
+
+        // NOTE: this block is in both postgres AND mysql upgrade
+        // files. If you edit either, update the otherone. 
+        $user_fields = array("firstname", "lastname", "email", 
+                             "phone1", "phone2", "department", 
+                             "address", "city", "country", 
+                             "description", "idnumber", "lang");
+        if (!empty($CFG->auth)) { // if we have no auth, just pass
+            foreach ($user_fields as $field) {
+                $suffixes = array('', '_editlock', '_updateremote', '_updatelocal');
+                foreach ($suffixes as $suffix) {
+                    $key = 'auth_user_' . $field . $suffix;
+                    if (isset($CFG->$key)) {
+                        
+                        // translate keys & values
+                        // to the new convention
+                        // this should support upgrading 
+                        // even 1.5dev installs
+                        $newkey = $key;
+                        $newval = $CFG->$key;
+                        if ($suffix === '') {
+                            $newkey = 'field_map_' . $field;
+                        } elseif ($suffix === '_editlock') {
+                            $newkey = 'field_lock_' . $field;
+                            $newval = ($newval==1) ? 'locked' : 'unlocked'; // translate 0/1 to locked/unlocked
+                        } elseif ($suffix === '_updateremote') {
+                            $newkey = 'field_updateremote_' . $field;                            
+                        } elseif ($suffix === '_updatelocal') {
+                            $newkey = 'field_updatelocal_' . $field;
+                            $newval = ($newval==1) ? 'onlogin' : 'oncreate'; // translate 0/1 to locked/unlocked
+                        }
+
+                        if (!(set_config($newkey, $newval, 'auth/'.$CFG->auth)
+                            && delete_records('config', 'name', $key))) {
+                            notify("Error updating Auth configuration $key to {$CFG->auth} $newkey .");
+                            $result = false;
+                        }
+                    } // end if isset key
+                } // end foreach suffix
+            } // end foreach field
+        }
+    }
+    
+
+
     return $result;
 }
 
index b8b8a10..8c9b4ae 100644 (file)
@@ -1105,6 +1105,50 @@ function main_upgrade($oldversion=0) {
 
     }
 
+    if ($oldversion < 2005060200) {  // migrate some config items to config_plugins table
+
+        // NOTE: this block is in both postgres AND mysql upgrade
+        // files. If you edit either, update the otherone. 
+        $user_fields = array("firstname", "lastname", "email", 
+                             "phone1", "phone2", "department", 
+                             "address", "city", "country", 
+                             "description", "idnumber", "lang");
+        if (!empty($CFG->auth)) { // if we have no auth, just pass
+            foreach ($user_fields as $field) {
+                $suffixes = array('', '_editlock', '_updateremote', '_updatelocal');
+                foreach ($suffixes as $suffix) {
+                    $key = 'auth_user_' . $field . $suffix;
+                    if (isset($CFG->$key)) {
+                        
+                        // translate keys & values
+                        // to the new convention
+                        // this should support upgrading 
+                        // even 1.5dev installs
+                        $newkey = $key;
+                        $newval = $CFG->$key;
+                        if ($suffix === '') {
+                            $newkey = 'field_map_' . $field;
+                        } elseif ($suffix === '_editlock') {
+                            $newkey = 'field_lock_' . $field;
+                            $newval = ($newval==1) ? 'locked' : 'unlocked'; // translate 0/1 to locked/unlocked
+                        } elseif ($suffix === '_updateremote') {
+                            $newkey = 'field_updateremote_' . $field;                            
+                        } elseif ($suffix === '_updatelocal') {
+                            $newkey = 'field_updatelocal_' . $field;
+                            $newval = ($newval==1) ? 'onlogin' : 'oncreate'; // translate 0/1 to locked/unlocked
+                        }
+
+                        if (!(set_config($newkey, $newval, 'auth/'.$CFG->auth)
+                            && delete_records('config', 'name', $key))) {
+                            notify("Error updating Auth configuration $key to {$CFG->auth} $newkey .");
+                            $result = false;
+                        }
+                    } // end if isset key
+                } // end foreach suffix
+            } // end foreach field
+        }
+    }
+
     return $result;
 }
 
index 53fbd97..4720211 100644 (file)
@@ -387,29 +387,108 @@ function optional_variable(&$var, $default=0) {
  *
  * Set a key/value pair in both this session's {@link $CFG} global variable
  * and in the 'config' database table for future sessions.
+ * 
+ * Can also be used to update keys for plugin-scoped configs in config_plugin table. 
+ * In that case it doesn't affect $CFG. 
  *
  * @param string $name the key to set
  * @param string $value the value to set
+ * @param string $plugin (optional) the plugin scope
  * @uses $CFG
  * @return bool
  */
-function set_config($name, $value) {
+function set_config($name, $value, $plugin=NULL) {
 /// No need for get_config because they are usually always available in $CFG
 
     global $CFG;
 
+    if (empty($plugin)) {
+        $CFG->$name = $value;  // So it's defined for this invocation at least
+        
+        if (get_field('config', 'name', 'name', $name)) {
+            return set_field('config', 'value', $value, 'name', $name);
+        } else {
+            $config->name = $name;
+            $config->value = $value;
+            return insert_record('config', $config);
+        }
+    } else { // plugin scope
+        if ($id = get_field('config_plugins', 'id', 'name', $name, 'plugin', $plugin)) {
+            return set_field('config_plugins', 'value', $value, 'id', $id);
+        } else {
+            $config->plugin = $plugin;
+            $config->name   = $name;
+            $config->value  = $value;
+            return insert_record('config_plugins', $config);
+        }
+    }
+}
+
+/**
+ * Get configuration values from the global config table 
+ * or the config_plugins table.
+ *
+ * If called with no parameters it will do the right thing
+ * generating $CFG safely from the database without overwriting
+ * existing values.  
+ *
+ * @param string $plugin 
+ * @param string $name 
+ * @uses $CFG
+ * @return hash-like object or single value
+ *
+ */
+function get_config($plugin=NULL, $name=NULL) {
 
-    $CFG->$name = $value;  // So it's defined for this invocation at least
+    global $CFG;
 
-    if (get_field('config', 'name', 'name', $name)) {
-        return set_field('config', 'value', $value, 'name', $name);
+    if (!empty($name)) { // the user is asking for a specific value
+        if (!empty($plugin)) {
+            return get_record('config_plugins', 'plugin' , $plugin, 'name', $name);
+        } else {
+            return get_record('config', 'name', $name);
+        }
+    }
+
+    // the user is after a recordset
+    if (!empty($plugin)) {
+        if ($configs=get_records('config_plugins', 'plugin', $plugin, '', 'name,value')) {
+            $configs = (array)$configs;
+            $localcfg = array();
+            foreach ($configs as $config) {
+                $localcfg[$config->name] = $config->value;
+            }
+            return (object)$localcfg;
+        } else {
+            return false;
+        }
     } else {
-        $config->name = $name;
-        $config->value = $value;
-        return insert_record('config', $config);
+        // this was originally in setup.php
+        if ($configs = get_records('config')) {
+            $localcfg = (array)$CFG;
+            foreach ($configs as $config) {
+                if (!isset($localcfg[$config->name])) {
+                    $localcfg[$config->name] = $config->value;
+                } else {
+                    if ($localcfg[$config->name] != $config->value ) { 
+                        // complain if the DB has a different
+                        // value than config.php does
+                        error_log("\$CFG->{$config->name} in config.php ({$localcfg[$config->name]}) overrides database setting ({$config->value})");
+                    }
+                }
+            }
+            
+            $localcfg = (object)$localcfg;
+            return $localcfg;
+        } else {
+            // preserve $CFG if DB returns nothing or error
+            return $CFG;
+        }
+        
     }
 }
 
+
 /**
  * Refresh current $USER session global variable with all their current preferences.
  * @uses $USER
index af22b77..a00571e 100644 (file)
@@ -147,21 +147,7 @@ global $THEME;
 
 
 /// Load up any configuration from the config table
-
-    if ($configs = get_records('config')) {
-        $CFG = (array)$CFG;
-        foreach ($configs as $config) {
-            if (!isset($CFG[$config->name])) {
-                $CFG[$config->name] = $config->value;
-            } else {
-                error_log("\$CFG->$config->name in config.php overrides database setting");
-            }
-        }
-
-        $CFG = (object)$CFG;
-        unset($configs);
-        unset($config);
-    }
+    $CFG = get_config();
 
 /// Turn on SQL logging if required
     if (!empty($CFG->logsql)) {
index 1d6f72c..a00c31d 100644 (file)
         // override locked values
         if (!isadmin()) {      
             $fields = get_user_fieldnames();
+            $authconfig = get_config( 'auth/' . $user->auth );
             foreach ($fields as $field) {
-                $configvariable = 'auth_user_'.$field.'_editlock';
-                if (!empty($CFG->$configvariable)) {
-                    if (isset($usernew->$field) && $user->$field !== $usernew->$field) {
-                        $usernew->$field = $user->$field;                    
+                $configvariable = 'field_lock_' . $field;  
+                if ( $authconfig->{$configvariable} === 'locked'
+                     || ($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
+                    if (!empty( $user->$field)) {
+                        $usernew->$field = $user->$field;
                     }
                 }
             }
         echo '<script type="text/javascript">'."\n";
         echo '<!--'."\n";
 
-        foreach ($fields as $field) {
-            $configvariable = 'auth_user_'.$field.'_editlock';
-            if (!empty($CFG->$configvariable)) {
+        $authconfig = get_config( 'auth/' . $user->auth );
+        foreach ($fields as $field) {            
+            $configvariable = 'field_lock_' . $field;
+            if ( $authconfig->{$configvariable} === 'locked'
+                 || ($authconfig->{$configvariable} === 'unlockedifempty' && !empty($user->$field)) ) {
                 echo "eval('document.form.$field.disabled=true');\n";
             }
         }