| 1 |
efrain |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
require_once("../../config.php");
|
|
|
4 |
require_once($CFG->dirroot."/auth/shibboleth/auth.php");
|
|
|
5 |
|
|
|
6 |
$idp = optional_param('idp', null, PARAM_RAW);
|
|
|
7 |
|
|
|
8 |
// Check for timed out sessions.
|
|
|
9 |
if (!empty($SESSION->has_timed_out)) {
|
|
|
10 |
$session_has_timed_out = true;
|
|
|
11 |
$SESSION->has_timed_out = false;
|
|
|
12 |
} else {
|
|
|
13 |
$session_has_timed_out = false;
|
|
|
14 |
}
|
|
|
15 |
|
|
|
16 |
// Define variables used in page.
|
|
|
17 |
$isvalid = true;
|
|
|
18 |
$site = get_site();
|
|
|
19 |
|
|
|
20 |
$loginsite = get_string("loginsite");
|
|
|
21 |
|
|
|
22 |
$loginurl = (!empty($CFG->alternateloginurl)) ? $CFG->alternateloginurl : '';
|
|
|
23 |
|
|
|
24 |
$config = get_config('auth_shibboleth');
|
|
|
25 |
if (!empty($CFG->registerauth) or is_enabled_auth('none') or !empty($config->auth_instructions)) {
|
|
|
26 |
$showinstructions = true;
|
|
|
27 |
} else {
|
|
|
28 |
$showinstructions = false;
|
|
|
29 |
}
|
|
|
30 |
|
|
|
31 |
$idplist = get_idp_list($config->organization_selection);
|
|
|
32 |
if (isset($idp)) {
|
|
|
33 |
if (isset($idplist[$idp])) {
|
|
|
34 |
set_saml_cookie($idp);
|
|
|
35 |
|
|
|
36 |
$targeturl = new moodle_url('/auth/shibboleth/index.php');
|
|
|
37 |
$idpinfo = $idplist[$idp];
|
|
|
38 |
|
|
|
39 |
// Redirect to SessionInitiator with entityID as argument.
|
|
|
40 |
if (isset($idpinfo[1]) && !empty($idpinfo[1])) {
|
|
|
41 |
$sso = $idpinfo[1];
|
|
|
42 |
} else {
|
|
|
43 |
$sso = '/Shibboleth.sso';
|
|
|
44 |
}
|
|
|
45 |
// For Shibboleth 1.x Service Providers.
|
|
|
46 |
header('Location: ' . $sso . '?providerId=' . urlencode($idp) . '&target=' . urlencode($targeturl->out()));
|
|
|
47 |
|
|
|
48 |
} else {
|
|
|
49 |
$isvalid = false;
|
|
|
50 |
}
|
|
|
51 |
}
|
|
|
52 |
|
|
|
53 |
$loginsite = get_string("loginsite");
|
|
|
54 |
|
|
|
55 |
$PAGE->set_url('/auth/shibboleth/login.php');
|
|
|
56 |
$PAGE->set_context(context_system::instance());
|
|
|
57 |
$PAGE->navbar->add($loginsite);
|
|
|
58 |
$PAGE->set_title($loginsite);
|
|
|
59 |
$PAGE->set_heading($site->fullname);
|
|
|
60 |
$PAGE->set_pagelayout('login');
|
|
|
61 |
|
|
|
62 |
echo $OUTPUT->header();
|
|
|
63 |
|
|
|
64 |
if (isloggedin() and !isguestuser()) {
|
|
|
65 |
// Prevent logging when already logged in, we do not want them to relogin by accident because sesskey would be changed.
|
|
|
66 |
echo $OUTPUT->box_start();
|
|
|
67 |
$params = array('sesskey' => sesskey(), 'loginpage' => 1);
|
|
|
68 |
$logout = new single_button(new moodle_url('/login/logout.php', $params), get_string('logout'), 'post');
|
|
|
69 |
$continue = new single_button(new moodle_url('/'), get_string('cancel'), 'get');
|
|
|
70 |
echo $OUTPUT->confirm(get_string('alreadyloggedin', 'error', fullname($USER)), $logout, $continue);
|
|
|
71 |
echo $OUTPUT->box_end();
|
|
|
72 |
} else {
|
|
|
73 |
// Print login page.
|
|
|
74 |
$selectedidp = '-';
|
|
|
75 |
if (isset($_COOKIE['_saml_idp'])) {
|
|
|
76 |
$idpcookie = generate_cookie_array($_COOKIE['_saml_idp']);
|
|
|
77 |
do {
|
|
|
78 |
$selectedidp = array_pop($idpcookie);
|
|
|
79 |
} while (!isset($idplist[$selectedidp]) && count($idpcookie) > 0);
|
|
|
80 |
}
|
|
|
81 |
|
|
|
82 |
$idps = [];
|
|
|
83 |
foreach ($idplist as $value => $data) {
|
|
|
84 |
$name = reset($data);
|
|
|
85 |
$selected = $value === $selectedidp;
|
|
|
86 |
$idps[] = (object)[
|
|
|
87 |
'name' => $name,
|
|
|
88 |
'value' => $value,
|
|
|
89 |
'selected' => $selected
|
|
|
90 |
];
|
|
|
91 |
}
|
|
|
92 |
|
|
|
93 |
// Whether the user can sign up.
|
|
|
94 |
$cansignup = !empty($CFG->registerauth);
|
|
|
95 |
// Default instructions.
|
|
|
96 |
$instructions = format_text($config->auth_instructions);
|
|
|
97 |
if (is_enabled_auth('none')) {
|
|
|
98 |
$instructions = get_string('loginstepsnone');
|
|
|
99 |
} else if ($cansignup) {
|
|
|
100 |
if ($CFG->registerauth === 'email' && empty($instructions)) {
|
|
|
101 |
$instructions = get_string('loginsteps');
|
|
|
102 |
}
|
|
|
103 |
}
|
|
|
104 |
|
|
|
105 |
// Build the template context data.
|
|
|
106 |
$templatedata = (object)[
|
|
|
107 |
'adminemail' => get_admin()->email,
|
|
|
108 |
'cansignup' => $cansignup,
|
|
|
109 |
'guestlogin' => $CFG->guestloginbutton,
|
|
|
110 |
'guestloginurl' => new moodle_url('/login/index.php'),
|
|
|
111 |
'idps' => $idps,
|
|
|
112 |
'instructions' => $instructions,
|
|
|
113 |
'loginname' => $config->login_name ?? null,
|
|
|
114 |
'logintoken' => \core\session\manager::get_login_token(),
|
|
|
115 |
'loginurl' => new moodle_url('/auth/shibboleth/login.php'),
|
|
|
116 |
'showinstructions' => $showinstructions,
|
|
|
117 |
'signupurl' => new moodle_url('/login/signup.php'),
|
|
|
118 |
'isvalid' => $isvalid
|
|
|
119 |
];
|
|
|
120 |
|
|
|
121 |
// Render the login form.
|
|
|
122 |
echo $OUTPUT->render_from_template('auth_shibboleth/login_form', $templatedata);
|
|
|
123 |
}
|
|
|
124 |
|
|
|
125 |
echo $OUTPUT->footer();
|