1<?php
2
3    // Designed to be redirected from moodle/login/index.php
4
5    require('../../config.php');
6
7    $context = context_system::instance();
8    $PAGE->set_url('/auth/shibboleth/index.php');
9    $PAGE->set_context($context);
10
11    // Support for WAYFless URLs.
12    $target = optional_param('target', '', PARAM_LOCALURL);
13    if (!empty($target) && empty($SESSION->wantsurl)) {
14        $SESSION->wantsurl = $target;
15    }
16
17    if (isloggedin() && !isguestuser()) {      // Nothing to do
18        if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
19            $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
20            unset($SESSION->wantsurl);
21
22        } else {
23            $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
24            unset($SESSION->wantsurl);         /// Just in case
25        }
26
27        redirect($urltogo);
28
29    }
30
31    $pluginconfig   = get_config('auth_shibboleth');
32    $shibbolethauth = get_auth_plugin('shibboleth');
33
34    // Check whether Shibboleth is configured properly
35    $readmeurl = (new moodle_url('/auth/shibboleth/README.txt'))->out();
36    if (empty($pluginconfig->user_attribute)) {
37        print_error('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
38     }
39
40/// If we can find the Shibboleth attribute, save it in session and return to main login page
41    if (!empty($_SERVER[$pluginconfig->user_attribute])) {    // Shibboleth auto-login
42        $frm = new stdClass();
43        $frm->username = strtolower($_SERVER[$pluginconfig->user_attribute]);
44        // The password is never actually used, but needs to be passed to the functions 'user_login' and
45        // 'authenticate_user_login'. Shibboleth returns true for the function 'prevent_local_password', which is
46        // used when setting the password in 'update_internal_user_password'. When 'prevent_local_password'
47        // returns true, the password is set to 'not cached' (AUTH_PASSWORD_NOT_CACHED) in the Moodle DB. However,
48        // rather than setting the password to a hard-coded value, we will generate one each time, in case there are
49        // changes to the Shibboleth plugin and it is actually used.
50        $frm->password = generate_password(8);
51
52    /// Check if the user has actually submitted login data to us
53        $reason = null;
54
55        if ($shibbolethauth->user_login($frm->username, $frm->password)
56                && $user = authenticate_user_login($frm->username, $frm->password, false, $reason, false)) {
57            complete_user_login($user);
58
59            if (user_not_fully_set_up($USER, true)) {
60                $urltogo = $CFG->wwwroot.'/user/edit.php?id='.$USER->id.'&amp;course='.SITEID;
61                // We don't delete $SESSION->wantsurl yet, so we get there later
62
63            } else if (isset($SESSION->wantsurl) and (strpos($SESSION->wantsurl, $CFG->wwwroot) === 0)) {
64                $urltogo = $SESSION->wantsurl;    /// Because it's an address in this site
65                unset($SESSION->wantsurl);
66
67            } else {
68                $urltogo = $CFG->wwwroot.'/';      /// Go to the standard home page
69                unset($SESSION->wantsurl);         /// Just in case
70            }
71
72            /// Go to my-moodle page instead of homepage if defaulthomepage enabled
73            if (!has_capability('moodle/site:config',context_system::instance()) and !empty($CFG->defaulthomepage) && $CFG->defaulthomepage == HOMEPAGE_MY and !isguestuser()) {
74                if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
75                    $urltogo = $CFG->wwwroot.'/my/';
76                }
77            }
78
79            redirect($urltogo);
80
81            exit;
82        }
83
84        else {
85            // The Shibboleth user couldn't be mapped to a valid Moodle user
86            print_error('shib_invalid_account_error', 'auth_shibboleth');
87        }
88    }
89
90    // If we can find any (user independent) Shibboleth attributes but no user
91    // attributes we probably didn't receive any user attributes
92    elseif (!empty($_SERVER['HTTP_SHIB_APPLICATION_ID']) || !empty($_SERVER['Shib-Application-ID'])) {
93        print_error('shib_no_attributes_error', 'auth_shibboleth' , '', '\''.$pluginconfig->user_attribute.'\', \''.$pluginconfig->field_map_firstname.'\', \''.$pluginconfig->field_map_lastname.'\' and \''.$pluginconfig->field_map_email.'\'');
94    } else {
95        print_error('shib_not_set_up_error', 'auth_shibboleth', '', $readmeurl);
96    }
97
98
99