/auth/shibboleth/index.php

https://github.com/jarednipper/HSU-common-code · PHP · 97 lines · 58 code · 27 blank · 12 comment · 20 complexity · 0f8beed2a1342ad516a60a7c1fbc3a30 MD5 · raw file 

    

  1. <?php // $Id: index.php,v 1.15.2.5 2009/10/09 11:07:22 exe-cutor Exp $
    2. 

  2.       // Designed to be redirected from moodle/login/index.php
    3. 

  3. 

  4.     require('../../config.php');
    5. 

  5. 

  6.     if (isloggedin() && $USER->username != 'guest') {      // Nothing to do
    7. 

  7.         if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
    8. 

  8.             $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
    9. 

  9.             unset($SESSION->wantsurl);
    10. 

  10. 

  11.         } else {
    12. 

  12.             $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
    13. 

  13.             unset($SESSION->wantsurl);         /// Just in case
    14. 

  14.         }
    15. 

  15. 

  16.         redirect($urltogo);
    17. 

  17.         
    18. 

  18.     }
    19. 

  19. 

  20.     $pluginconfig   = get_config('auth/shibboleth');
    21. 

  21.     $shibbolethauth = get_auth_plugin('shibboleth');
    22. 

  22.     
    23. 

  23.     // Check whether Shibboleth is configured properly
    24. 

  24.     if (empty($pluginconfig->user_attribute)) {
    25. 

  25.         print_error('shib_not_set_up_error', 'auth');
    26. 

  26.      }
    27. 

  27. 

  28. /// If we can find the Shibboleth attribute, save it in session and return to main login page
    29. 

  29.     if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
    30. 

  30.         $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
    31. 

  31.         $frm->password = substr(base64_encode($_SERVER[$pluginconfig->user_attribute]),0,8);
    32. 

  32.         // The random password consists of the first 8 letters of the base 64 encoded user ID
    33. 

  33.         // This password is never used unless the user account is converted to manual
    34. 

  34. 

  35.     /// Check if the user has actually submitted login data to us
    36. 

  36. 

  37.         if ($shibbolethauth->user_login($frm->username, $frm->password)) {
    38. 

  38.             
    39. 

  39.             $USER = authenticate_user_login($frm->username, $frm->password);
    40. 

  40.             
    41. 

  41.             $USER->loggedin = true;
    42. 

  42.             $USER->site     = $CFG->wwwroot; // for added security, store the site in the 
    43. 

  43.             
    44. 

  44.             update_user_login_times();
    45. 

  45.             
    46. 

  46.             // Don't show username on login page
    47. 

  47.             set_moodle_cookie('nobody');
    48. 

  48. 

  49.             set_login_session_preferences();
    50. 

  50.             
    51. 

  51.             unset($SESSION->lang);
    52. 

  52.             $SESSION->justloggedin = true;
    53. 

  53.             
    54. 

  54.             add_to_log(SITEID, 'user', 'login', "view.php?id=$USER->id&course=".SITEID, $USER->id, 0, $USER->id);
    55. 

  55.             
    56. 

  56.             if (user_not_fully_set_up($USER)) {
    57. 

  57.                 $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
    58. 

  58.                 // We don't delete $SESSION->wantsurl yet, so we get there later
    59. 

  59. 

  60.             } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
    61. 

  61.                 $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
    62. 

  62.                 unset($SESSION->wantsurl);
    63. 

  63. 

  64.             } else {
    65. 

  65.                 $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
    66. 

  66.                 unset($SESSION->wantsurl);         /// Just in case
    67. 

  67.             }
    68. 

  68. 

  69.             /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
    70. 

  70.             if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
    71. 

  71.                 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
    72. 

  72.                     $urltogo = $CFG->wwwroot.'/my/';
    73. 

  73.                 }
    74. 

  74.             }
    75. 

  75. 

  76.             check_enrolment_plugins($USER);
    77. 

  77.             load_all_capabilities();     /// This is what lets the user do anything on the site  :-)
    78. 

  78. 

  79.             redirect($urltogo);
    80. 

  80.             
    81. 

  81.             exit;
    82. 

  82.         } 
    83. 

  83.         
    84. 

  84.         else {
    85. 

  85.             // For some weird reason the Shibboleth user couldn't be authenticated
    86. 

  86.         }
    87. 

  87.     }
    88. 

  88. 

  89.     // If we can find any (user independent) Shibboleth attributes but no user
    90. 

  90.     // attributes we probably didn't receive any user attributes
    91. 

  91.     elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
    92. 

  92.         print_error('shib_no_attributes_error', 'auth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
    93. 

  93.     } else {
    94. 

  94.         print_error('shib_not_set_up_error', 'auth');
    95. 

  95.     }
    96. 

  96. 

  97. ?>
    98.