-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathfallback.php
146 lines (124 loc) · 4.66 KB
/
fallback.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<?php
/**
* OpenID login fallback
*
* This file allows OpenID users to log in even if their provider is offline for
* some reason. It sends an email with a one-time link to the email address
* associated with the requested OpenID url.
*
* @author Brent Boghosian <[email protected]>
* @copyright Copyright (c) 2011 Remote-Learner
* @author Stuart Metcalfe <[email protected]>
* @copyright Copyright (c) 2007 Canonical
* @license http://www.gnu.org/copyleft/gpl.html GNU Public License
* @package openid
**/
require_once(dirname(__FILE__) ."/../../config.php");
require_once $CFG->dirroot.'/auth/openid/lib.php';
global $DB, $OUTPUT, $PAGE;
// We don't want to allow use of this script if OpenID auth isn't enabled
if (!is_enabled_auth('openid') && !is_enabled_auth('openid_sso')) {
print_error('auth_openid_not_enabled', 'auth_openid');
}
$action = optional_param('openid_action', '', PARAM_CLEAN);
$url = optional_param('openid_url', null, PARAM_RAW);
$data = optional_param('data', '', PARAM_CLEAN); // Formatted as: secret/username
$p = optional_param('p', '', PARAM_RAW); // Old parameter: secret
$s = optional_param('s', '', PARAM_CLEAN); // Old parameter: username
// First, we set the action if we're handling a submitted data string
if (!empty($data) || (!empty($p) && !empty($s))) {
$action = 'handle_data';
}
switch ($action) {
// Check the supplied data and log the user in if it matches their secret and
// they have previously been confirmed.
case 'handle_data':
if (!empty($data)) {
$dataelements = explode('|',$data);
$usersecret = $dataelements[0];
$username = $dataelements[1];
} else {
$usersecret = $p;
$username = $s;
}
$user = get_complete_user_data('username', $username);
if (!$user || !$user->confirmed) {
print_error('user_not_found', 'auth_openid');
}
elseif ($user->secret == $usersecret) { // Check for valid secret
// Delete secret from database
$secret = random_string(15);
$DB->set_field('user', 'secret', '', array('id' => $user->id));
$USER = get_complete_user_data('username', $username);
redirect($CFG->wwwroot.'/user/view.php');
}
else {
print_error('fail_match_secret', 'auth_openid');
}
break;
// If the user's account is confirmed, set the secret to a random value and send
// an email to the user - unless it's already set (in which case, send a
// duplicate message)
case 'send_message':
if (!confirm_sesskey()) {
print_error('auth_openid_bad_session_key', 'auth_openid');
}
if (!empty($url)) {
$userid = openid_urls_table(OPENID_URLS_GET, $url, 'userid');
$user = get_complete_user_data('id', $userid);
if (!$user || !$user->confirmed) {
print_error('user_not_found', 'auth_openid');
}
else {
// Create a secret in the database
if (empty($user->secret)) {
$secret = random_string(15);
$DB->set_field('user', 'secret', $secret, array('id' => $user->id));
$user->secret = $secret;
}
openid_send_fallback_email($user, $url);
$redirmsg = get_string('fallback_message_sent', 'auth_openid');
break;
}
}
// Any other case, just display the fallback form
default:
$file = 'fallback_form.html';
}
// If a file has been specified, display it with the site header/footer.
if (isset($file)) {
// Define variables used in page
if (!$site = get_site()) {
print_error('auth_openid_no_site', 'auth_openid');
}
$loginsite = get_string("loginsite");
/**
* pre-MOODLE 2.0
$navlinks = array(array('name' => $loginsite, 'link' => null, 'type' => 'misc'));
$navigation = build_navigation($navlinks);
print_header("$site->fullname: $loginsite", $site->fullname, $navigation,
$focus, '', true, '<div class="langmenu">'.$langmenu.'</div>');
* end pre-MOODLE 2.0
**/
$context = context_system::instance();
$PAGE->set_context($context);
$PAGE->set_url('/auth/openid/fallback.php',
array('openid_action' => $action,
'openid_url' => $url
// TBD: data, s, p ???
));
$PAGE->set_title("$site->fullname: $loginsite");
$PAGE->set_heading("$site->fullname: $loginsite"); // TBD
echo $OUTPUT->header();
echo $OUTPUT->lang_menu();
echo '<hr/>';
include $file;
echo $OUTPUT->footer();
}
// Otherwise redirect to the home page
else {
if (!isset($redirmsg)) {
$redirmsg = '';
}
redirect($CFG->wwwroot, $redirmsg);
}