From 999b54af84d58ae343b0d079efbc10461dd2f47d Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Wed, 18 Aug 2010 11:49:22 +0000 Subject: [PATCH] MDL-23833 rewritten guest autologin - not using redirect any more + migration to CFG->siteguest instead of username + removing guest login button when user is already guest --- lib/moodlelib.php | 70 +++++++++++++++++++++++-------------------- login/index.php | 6 ---- login/index_form.html | 2 +- 3 files changed, 39 insertions(+), 39 deletions(-) diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 40ab8290166..30f599731d2 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -2134,20 +2134,15 @@ function dayofweek($day, $month, $year) { /** * Returns full login url. * - * @global object - * @param bool $loginguest add login guest param, return false * @return string login url */ -function get_login_url($loginguest=false) { +function get_login_url() { global $CFG; - if (empty($CFG->loginhttps) or $loginguest) { //do not require https for guest logins - $loginguest = $loginguest ? '?loginguest=true' : ''; - $url = "$CFG->wwwroot/login/index.php$loginguest"; + $url = "$CFG->wwwroot/login/index.php"; - } else { - $wwwroot = str_replace('http:','https:', $CFG->wwwroot); - $url = "$wwwroot/login/index.php"; + if (!empty($CFG->loginhttps)) { + $url = str_replace('http:', 'https:', $url); } return $url; @@ -2212,29 +2207,32 @@ function require_login($courseorid = NULL, $autologinguest = true, $cm = NULL, $ // If the user is not even logged in yet then make sure they are if (!isloggedin()) { - //NOTE: $USER->site check was obsoleted by session test cookie, - // $USER->confirmed test is in login/index.php - if ($preventredirect) { - throw new require_login_exception('You are not logged in'); - } - - if ($setwantsurltome) { - $SESSION->wantsurl = $FULLME; - } - if (!empty($_SERVER['HTTP_REFERER'])) { - $SESSION->fromurl = $_SERVER['HTTP_REFERER']; - } if ($autologinguest and !empty($CFG->guestloginbutton) and !empty($CFG->autologinguests)) { - if ($course->id == SITEID) { - $loginguest = true; - } else { - $loginguest = false; - } + if (!$guest = get_complete_user_data('id', $CFG->siteguest)) { + // misconfigured site guest, just redirect to login page + redirect(get_login_url()); + exit; // never reached + } + $lang = isset($SESSION->lang) ? $SESSION->lang : $CFG->lang; + complete_user_login($guest, false); + $SESSION->lang = $lang; } else { - $loginguest = false; + //NOTE: $USER->site check was obsoleted by session test cookie, + // $USER->confirmed test is in login/index.php + if ($preventredirect) { + throw new require_login_exception('You are not logged in'); + } + + if ($setwantsurltome) { + // TODO: switch to PAGE->url + $SESSION->wantsurl = $FULLME; + } + if (!empty($_SERVER['HTTP_REFERER'])) { + $SESSION->fromurl = $_SERVER['HTTP_REFERER']; + } + redirect(get_login_url()); + exit; // never reached } - redirect(get_login_url($loginguest)); - exit; // never reached } // loginas as redirection if needed @@ -2745,7 +2743,10 @@ function update_user_login_times() { * @return bool */ function user_not_fully_set_up($user) { - return ($user->username != 'guest' and (empty($user->firstname) or empty($user->lastname) or empty($user->email) or over_bounce_threshold($user))); + if (isguestuser($user)) { + return false; + } + return (empty($user->firstname) or empty($user->lastname) or empty($user->email) or over_bounce_threshold($user)); } /** @@ -3512,7 +3513,7 @@ function delete_user($user) { function guest_user() { global $CFG, $DB; - if ($newuser = $DB->get_record('user', array('username'=>'guest', 'mnethostid'=>$CFG->mnet_localhost_id))) { + if ($newuser = $DB->get_record('user', array('id'=>$CFG->siteguest))) { $newuser->confirmed = 1; $newuser->lang = $CFG->lang; $newuser->lastip = getremoteaddr(); @@ -3658,6 +3659,11 @@ function complete_user_login($user, $setcookie=true) { update_user_login_times(); set_login_session_preferences(); + if (isguestuser()) { + // no need to continue when user is THE guest + return $USER; + } + if ($setcookie) { if (empty($CFG->nolastloggedin)) { set_moodle_cookie($USER->username); @@ -3855,7 +3861,7 @@ function get_complete_user_data($field, $value, $mnethostid=null) { if (!empty($user->description)) { $user->description = true; // No need to cart all of it around } - if ($user->username == 'guest') { + if (isguestuser($user)) { $user->lang = $CFG->lang; // Guest language always same as site $user->firstname = get_string('guestuser'); // Name always in current language $user->lastname = ' '; diff --git a/login/index.php b/login/index.php index 4e3b131b3ef..a9c0784179c 100644 --- a/login/index.php +++ b/login/index.php @@ -28,7 +28,6 @@ require('../config.php'); redirect_if_major_upgrade_required(); -$loginguest = optional_param('loginguest', 0, PARAM_BOOL); // determines whether visitors are logged in as guest automatically $testcookies = optional_param('testcookies', 0, PARAM_BOOL); // request cookie test //HTTPS is potentially required in this page @@ -71,11 +70,6 @@ $PAGE->navbar->add($loginsite); if ($user !== false or $frm !== false or $errormsg !== '') { // some auth plugin already supplied full user, fake form data or prevented user login with error message -} else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) { - /// Log in as guest automatically (idea from Zbigniew Fiedorowicz) - $frm->username = 'guest'; - $frm->password = 'guest'; - } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) { // Handles the case of another Moodle site linking into a page on this site //TODO: move weblink into own auth plugin diff --git a/login/index_form.html b/login/index_form.html index a6b0050d4ad..2e351598c00 100644 --- a/login/index_form.html +++ b/login/index_form.html @@ -50,7 +50,7 @@ if ($show_instructions) { -guestloginbutton) { ?> +guestloginbutton and !isguestuser()) { ?>
-- 2.43.0