WebSVN – Moodle – Diff – /login/index.php

 <?php
-// Este archivo es parte de Moodle - http://moodle.org/
+// This file is part of Moodle - http://moodle.org/
 //
-// Moodle es software libre: puedes redistribuirlo y/o modificarlo
+// Moodle is free software: you can redistribute it and/or modify
-// bajo los términos de la Licencia Pública General GNU publicada por
+// it under the terms of the GNU General Public License as published by
-// la Free Software Foundation, ya sea la versión 3 de la Licencia, o
+// the Free Software Foundation, either version 3 of the License, or
-// (a tu elección) cualquier versión posterior.
+// (at your option) any later version.
 //
-// Moodle se distribuye con la esperanza de que sea útil,
+// Moodle is distributed in the hope that it will be useful,
-// pero SIN NINGUNA GARANTÍA; sin siquiera la garantía implícita de
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// COMERCIABILIDAD o IDONEIDAD PARA UN PROPÓSITO PARTICULAR. Ver la
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// Licencia Pública General GNU para más detalles.
+// GNU General Public License for more details.
 //
-// Deberías haber recibido una copia de la Licencia Pública General GNU
+// You should have received a copy of the GNU General Public License
-// junto con Moodle. Si no, ve <http://www.gnu.org/licenses/>.
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
-/**
- * Página principal de inicio de sesión de Moodle.
- * Este archivo maneja todo el proceso de autenticación de usuarios,
- * incluyendo la validación de credenciales, manejo de sesiones,
+/**
- * redirecciones y mensajes de error.
+ * Main login page.
+ *
  * @package    core
  * @subpackage auth
  * @copyright  1999 onwards Martin Dougiamas  http://dougiamas.com
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  */
-// Incluir archivos de configuración y librerías necesarias
-require('../config.php');
 require_once('lib.php');
-// Verificar si se requiere una actualización mayor del sistema
-// Si es así, redirigir al usuario a la página de actualización
-redirect_if_major_upgrade_required();
-// ============================================================================
+require('../config.php');
-// PARÁMETROS DE LA PÁGINA DE INICIO DE SESIÓN
+require_once('lib.php');
-// ============================================================================
+redirect_if_major_upgrade_required();
-// Parámetros opcionales que controlan el comportamiento del inicio de sesión
+$testsession = optional_param('testsession', 0, PARAM_INT); // test session works properly
-$testsession = optional_param('testsession', 0, PARAM_INT);     // Verifica el funcionamiento correcto de la sesión
+$anchor      = optional_param('anchor', '', PARAM_RAW);     // Used to restore hash anchor to wantsurl.
-$anchor = optional_param('anchor', '', PARAM_RAW);              // Mantiene la posición del ancla en la URL de destino
+$loginredirect = optional_param('loginredirect', 1, PARAM_BOOL);   // Used to bypass alternateloginurl.
+$resendconfirmemail = optional_param('resendconfirmemail', false, PARAM_BOOL);
 $loginredirect = optional_param('loginredirect', 1, PARAM_BOOL); // Controla la redirección a URL de login alternativo
-$resendconfirmemail = optional_param('resendconfirmemail', false, PARAM_BOOL); // Permite reenviar email de confirmación
+// It might be safe to do this for non-Behat sites, or there might
 // be a security risk. For now we only allow it on Behat sites.
-// Verificación especial para sitios Behat (entorno de pruebas)
+// If you wants to do the analysis, you may be able to remove the
-// Esto podría ser seguro para sitios no-Behat, pero por ahora solo lo permitimos en sitios Behat
+// if (BEHAT_SITE_RUNNING).
 if (defined('BEHAT_SITE_RUNNING') && BEHAT_SITE_RUNNING) {
-    $wantsurl = optional_param('wantsurl', '', PARAM_LOCALURL);   // Sobrescribe $SESSION->wantsurl si se proporciona
-    if ($wantsurl !== '') {
+    $wantsurl    = optional_param('wantsurl', '', PARAM_LOCALURL);   // Overrides $SESSION->wantsurl if given.
-        $SESSION->wantsurl = (new moodle_url($wantsurl))->out(false);
+    if ($wantsurl !== '') {
         $SESSION->wantsurl = (new moodle_url($wantsurl))->out(false);
+    }
+}
-// Configuración del contexto y la página
-$context = context_system::instance();
-$PAGE->set_url("$CFG->wwwroot/login/index.php");
-$PAGE->set_context($context);
-$PAGE->set_pagelayout('login');
+$context = context_system::instance();
+$PAGE->set_url("$CFG->wwwroot/login/index.php");
-// ============================================================================
-// CONFIGURACIÓN INICIAL Y VARIABLES
-// ============================================================================
+$PAGE->set_context($context);
-// Inicialización de variables para el manejo de mensajes y errores
-$errormsg = '';    // Almacena mensajes de error para mostrar al usuario
+$PAGE->set_pagelayout('login');
-$infomsg = '';     // Almacena mensajes informativos para mostrar al usuario
+$PAGE->set_cacheable(false);
 $errorcode = 0;    // Código numérico que identifica el tipo de error
-// ============================================================================
+/// Initialize variables
-// VERIFICACIÓN DE SESIÓN
+$errormsg = '';
-// ============================================================================
+$infomsg = '';
+$errorcode = 0;
 // Prueba de funcionamiento de la sesión
-if ($testsession) {
+// login page requested session test
-    if ($testsession == $USER->id) {
+if ($testsession) {
-        // Si la sesión es válida, redirigir a la URL deseada
+    if ($testsession == $USER->id) {
         if (isset($SESSION->wantsurl)) {
             $urltogo = $SESSION->wantsurl;
         } else {
-            $urltogo = $CFG->wwwroot . '/';
+            $urltogo = $CFG->wwwroot.'/';
+        }
-        unset($SESSION->wantsurl);
-        redirect($urltogo);
+        unset($SESSION->wantsurl);
-    } else {
-        // Si la sesión no es válida, mostrar error de cookies
-        $errormsg = get_string("cookiesnotenabled");
-        $errorcode = 1;
+        redirect($urltogo);
     } else {
         // TODO: try to find out what is the exact reason why sessions do not work
         $errormsg = get_string("cookiesnotenabled");
-// ============================================================================
+        $errorcode = 1;
 // MANEJO DE SESIONES EXPIRADAS
-// ============================================================================
+}
 // Verificar si la sesión actual ha expirado
-if (!empty($SESSION->has_timed_out)) {
-    $session_has_timed_out = true;
+/// Check for timed out sessions
-    unset($SESSION->has_timed_out);
+if (!empty($SESSION->has_timed_out)) {
-} else {
+    $session_has_timed_out = true;
-    $session_has_timed_out = false;
+    unset($SESSION->has_timed_out);
 } else {
     $session_has_timed_out = false;
-// Inicialización de variables para el formulario y usuario
-$frm = false;
-$user = false;
+}
 // Obtener la secuencia de plugins de autenticación habilitados
-$authsequence = get_enabled_auth_plugins();
+$frm  = false;
+$user = false;
-foreach ($authsequence as $authname) {
+$authsequence = get_enabled_auth_plugins(); // Auths, in sequence.
-    $authplugin = get_auth_plugin($authname);
+foreach($authsequence as $authname) {
-    // El hook loginpage_hook() del plugin de autenticación puede establecer $frm y/o $user
+    $authplugin = get_auth_plugin($authname);
-    $authplugin->loginpage_hook();
-}
-// ============================================================================
-// CONFIGURACIÓN DEL SITIO Y NAVEGACIÓN
-// ============================================================================
+    // The auth plugin's loginpage_hook() can eventually set $frm and/or $user.
+    $authplugin->loginpage_hook();
-// Obtener información del sitio
+}
-$site = get_site();
+/// Define variables used in page
-// Ignorar páginas activas en la navegación/configuración
+$site = get_site();
 $PAGE->navbar->ignore_active();
-$loginsite = get_string("loginsite");
+// Ignore any active pages in the navigation/settings.
-$PAGE->navbar->add($loginsite);
+// We do this because there won't be an active page there, and by ignoring the active pages the
 // navigation and settings won't be initialised unless something else needs them.
-// ============================================================================
+$PAGE->navbar->ignore_active();
-// PROCESO DE AUTENTICACIÓN
+$loginsite = get_string("loginsite");
-// ============================================================================
+$PAGE->navbar->add($loginsite);
+if ($user !== false or $frm !== false or $errormsg !== '') {
-// Verificar si algún plugin de autenticación ya proporcionó el usuario completo
+    // some auth plugin already supplied full user, fake form data or prevented user login with error message
 if ($user !== false or $frm !== false or $errormsg !== '') {
-    // El plugin de autenticación ya proporcionó el usuario completo, datos del formulario falso
+} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
-    // o impidió el inicio de sesión con mensaje de error
+    // Handles the case of another Moodle site linking into a page on this site
+    //TODO: move weblink into own auth plugin
+    include($CFG->dirroot.'/login/weblinkauth.php');
-} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot . '/login/weblinkauth.php')) {
+    if (function_exists('weblink_auth')) {
-    // Maneja el caso de otro sitio Moodle vinculando a una página en este sitio
+        $user = weblink_auth($SESSION->wantsurl);
     include($CFG->dirroot . '/login/weblinkauth.php');
-    if (function_exists('weblink_auth')) {
+    if ($user) {
-        $user = weblink_auth($SESSION->wantsurl);
+        $frm->username = $user->username;
-    }
-    if ($user) {
-        $frm->username = $user->username;
+    } else {
-    } else {
+        $frm = data_submitted();
-        $frm = data_submitted();
     }
-} else {
-    $frm = data_submitted();
+} else {
-}
+    $frm = data_submitted();
 // Restaurar el #anchor a la wantsurl original
-if ($anchor && isset($SESSION->wantsurl) && strpos($SESSION->wantsurl, '#') === false) {
-    $wantsurl = new moodle_url($SESSION->wantsurl);
+// Restore the #anchor to the original wantsurl. Note that this
-    $wantsurl->set_anchor(substr($anchor, 1));
+// will only work for internal auth plugins, SSO plugins such as
-    $SESSION->wantsurl = $wantsurl->out();
+// SAML / CAS / OIDC will have to handle this correctly directly.
 if ($anchor && isset($SESSION->wantsurl) && strpos($SESSION->wantsurl, '#') === false) {
-// ============================================================================
+    $wantsurl = new moodle_url($SESSION->wantsurl);
-// VERIFICACIÓN DE CREDENCIALES
+    $wantsurl->set_anchor(substr($anchor, 1));
-// ============================================================================
+    $SESSION->wantsurl = $wantsurl->out();
+}
 // Verificar si el usuario ha enviado datos de inicio de sesión
-if ($frm and isset($frm->username)) {
+/// Check if the user has actually submitted login data to us
     // Normalizar el nombre de usuario
-    $frm->username = trim(core_text::strtolower($frm->username));
 if ($frm and isset($frm->username)) {                             // Login WITH cookies
     // Verificar la autenticación 'none' si está habilitada
-    if (is_enabled_auth('none')) {
+    $frm->username = trim(core_text::strtolower($frm->username));
         if ($frm->username !== core_user::clean_field($frm->username, 'username')) {
-            $errormsg = get_string('username') . ': ' . get_string("invalidusername");
+    if (is_enabled_auth('none') ) {
-            $errorcode = 2;
-            $user = null;
-        }
-    }
+        if ($frm->username !== core_user::clean_field($frm->username, 'username')) {
-    // Verificar si el usuario es invitado
+            $errormsg = get_string('username').': '.get_string("invalidusername");
-    if ($user) {
+            $errorcode = 2;
-        // El plugin de autenticación ya proporcionó el usuario
+            $user = null;
     } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
         $user = false;    // No se puede iniciar sesión como invitado si el botón de invitado está deshabilitado
         $frm = false;
-    } else {
+    if ($user) {
-        if (empty($errormsg)) {
+        // The auth plugin has already provided the user via the loginpage_hook() called above.
-            // Intentar autenticar al usuario
+    } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
-            $logintoken = isset($frm->logintoken) ? $frm->logintoken : '';
+        $user = false;    /// Can't log in as guest if guest button is disabled
-            $loginrecaptcha = login_captcha_enabled() ? $frm->{'g-recaptcha-response'} ?? '' : false;
+        $frm = false;
-            $user = authenticate_user_login($frm->username, $frm->password, false, $errorcode, $logintoken, $loginrecaptcha);
+    } else {
-        }
-    }
-    // ============================================================================
-    // MANEJO DE USUARIOS RESTAURADOS
+        if (empty($errormsg)) {
+            $logintoken = isset($frm->logintoken) ? $frm->logintoken : '';
-    // ============================================================================
+            $loginrecaptcha = login_captcha_enabled() ? $frm->{'g-recaptcha-response'} ?? '' : false;
             $user = authenticate_user_login($frm->username, $frm->password, false, $errorcode, $logintoken, $loginrecaptcha);
-    // Procesar usuarios que han sido restaurados desde una copia de seguridad
+        }
     if (!$user and $frm and is_restored_user($frm->username)) {
-        $PAGE->set_title(get_string('restoredaccount'));
+    // Intercept 'restored' users to provide them with info & reset password
-        $PAGE->set_heading($site->fullname);
+    if (!$user and $frm and is_restored_user($frm->username)) {
-        echo $OUTPUT->header();
+        $PAGE->set_title(get_string('restoredaccount'));
-        echo $OUTPUT->heading(get_string('restoredaccount'));
+        $PAGE->set_heading($site->fullname);
-        echo $OUTPUT->box(get_string('restoredaccountinfo'), 'generalbox boxaligncenter');
-        require_once('restored_password_form.php');
+        echo $OUTPUT->header();
-        $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username));
+        echo $OUTPUT->heading(get_string('restoredaccount'));
-        $form->display();
+        echo $OUTPUT->box(get_string('restoredaccountinfo'), 'generalbox boxaligncenter');
-        echo $OUTPUT->footer();
+        require_once('restored_password_form.php'); // Use our "supplanter" login_forgot_password_form. MDL-20846
-        die;
+        $form = new login_forgot_password_form('forgot_password.php', array('username' => $frm->username));
         $form->display();
                 } else {
                     echo $OUTPUT->notification(get_string('emailconfirmsentsuccess'), \core\output\notification::NOTIFY_SUCCESS);
+                }
+            }
             echo $OUTPUT->box(get_string("emailconfirmsent", "", s($user->email)), "generalbox boxaligncenter");
-            $resendconfirmurl = new moodle_url(
+            $resendconfirmurl = new moodle_url('/login/index.php',
-                '/login/index.php',
+                [
                     'username' => $frm->username,
                     'password' => $frm->password,
                     'resendconfirmemail' => true,
                     'logintoken' => \core\session\manager::get_login_token()
             echo $OUTPUT->single_button($resendconfirmurl, get_string('emailconfirmationresend'));
             echo $OUTPUT->footer();
             die;
+        }
-        // ============================================================================
-        // COMPLETAR INICIO DE SESIÓN
-        // ============================================================================
-        // Completar el proceso de inicio de sesión
+    /// Let's get them all set up.
-        complete_user_login($user);
         complete_user_login($user);
-        // Aplicar límite de inicio de sesión concurrente
         \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
+        // sets the username cookie
+        if (!empty($CFG->nolastloggedin)) {
+            // do not store last logged in user in cookie
-        // Configurar cookie de nombre de usuario
+            // auth plugins can temporarily override this from loginpage_hook()
-        if (!empty($CFG->nolastloggedin)) {
+            // do not save $CFG->nolastloggedin in database!
             // No almacenar último usuario conectado en cookie
+        } else if (empty($CFG->rememberusername)) {
-        } else if (empty($CFG->rememberusername)) {
+            // no permanent cookies, delete old one if exists
-            // Sin cookies permanentes, eliminar la anterior si existe
+            set_moodle_cookie('');
             set_moodle_cookie('');
-        } else {
-            set_moodle_cookie($USER->username);
+        } else {
-        }
+            set_moodle_cookie($USER->username);
-        // Obtener URL de redirección
-        $urltogo = core_login_get_return_url();
+        }
         // ============================================================================
-        // VERIFICACIÓN DE CONTRASEÑAS EXPIRADAS
+        $urltogo = core_login_get_return_url();
         // ============================================================================
     /// check if user password has expired
-        // Verificar si la contraseña del usuario ha expirado (solo para autenticación LDAP)
+    /// Currently supported only for ldap-authentication module
         $userauth = get_auth_plugin($USER->auth);
         if (!isguestuser() and !empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
             $externalchangepassword = false;
             if ($userauth->can_change_password()) {
                 $passwordchangeurl = $userauth->change_password_url();
                 if (!$passwordchangeurl) {
-                    $passwordchangeurl = $CFG->wwwroot . '/login/change_password.php';
+                    $passwordchangeurl = $CFG->wwwroot.'/login/change_password.php';
                 } else {
                     $externalchangepassword = true;
+                }
             } else {
-                $passwordchangeurl = $CFG->wwwroot . '/login/change_password.php';
+                $passwordchangeurl = $CFG->wwwroot.'/login/change_password.php';
+            }
             $days2expire = $userauth->password_expire($USER->username);
             $PAGE->set_title($loginsite);
             $PAGE->set_heading("$site->fullname");
             if (intval($days2expire) > 0 && intval($days2expire) < intval($userauth->config->expiration_warning)) {
                 echo $OUTPUT->header();
                 echo $OUTPUT->confirm(get_string('auth_passwordwillexpire', 'auth', $days2expire), $passwordchangeurl, $urltogo);
+                echo $OUTPUT->footer();
-                echo $OUTPUT->footer();
+                exit;
-                exit;
+            } elseif (intval($days2expire) < 0 ) {
+                if ($externalchangepassword) {
-            } elseif (intval($days2expire) < 0) {
+                    // We end the session if the change password form is external. This prevents access to the site
-                if ($externalchangepassword) {
+                    // until the password is correctly changed.
-                    // Cerrar sesión si el formulario de cambio de contraseña es externo
+                    require_logout();
-                    require_logout();
+                } else {
-                } else {
+                    // If we use the standard change password form, this user preference will be reset when the password
-                    // Forzar cambio de contraseña si se usa el formulario estándar
+                    // is changed. Until then it will prevent access to the site.
                     set_user_preference('auth_forcepasswordchange', 1, $USER);
+                }
                 echo $OUTPUT->header();
                 echo $OUTPUT->confirm(get_string('auth_passwordisexpired', 'auth'), $passwordchangeurl, $urltogo);
                 echo $OUTPUT->footer();
                 exit;
             }
+        }
-        // Limpiar mensajes de error antes de la última redirección
+        // Discard any errors before the last redirect.
         unset($SESSION->loginerrormsg);
+        unset($SESSION->logininfomsg);
         unset($SESSION->logininfomsg);
-        // Descartar loginredirect si estamos redirigiendo
+        // Discard loginredirect if we are redirecting away.
         unset($SESSION->loginredirect);
-        // Probar que la sesión funciona redirigiendo a sí mismo
+        // test the session actually works by redirecting to self
         $SESSION->wantsurl = $urltogo;
+            }
+        }
+    }
+}
-// ============================================================================
-// DETECCIÓN DE PROBLEMAS CON SESIONES
-// ============================================================================
-// Detectar problemas con sesiones con tiempo de espera agotado
+/// Detect problems with timedout sessions
 if ($session_has_timed_out and !data_submitted()) {
     $errormsg = get_string('sessionerroruser', 'error');
     $errorcode = 4;
-}
-// ============================================================================
+}
-// MANEJO DE URL DE DESTINO
 // ============================================================================
 /// First, let's remember where the user was trying to get to before they got here
 // Recordar dónde estaba intentando llegar el usuario antes de llegar aquí
-if (empty($SESSION->wantsurl)) {
-    $SESSION->wantsurl = null;
+if (empty($SESSION->wantsurl)) {
-    $referer = get_local_referer(false);
+    $SESSION->wantsurl = null;
-    if (
+    $referer = get_local_referer(false);
-        $referer &&
+    if ($referer &&
-        $referer != $CFG->wwwroot &&
+            $referer != $CFG->wwwroot &&
-        $referer != $CFG->wwwroot . '/' &&
+            $referer != $CFG->wwwroot . '/' &&
-        $referer != $CFG->wwwroot . '/login/' &&
-        strpos($referer, $CFG->wwwroot . '/login/?') !== 0 &&
+            $referer != $CFG->wwwroot . '/login/' &&
-        strpos($referer, $CFG->wwwroot . '/login/index.php') !== 0
+            strpos($referer, $CFG->wwwroot . '/login/?') !== 0 &&
-    ) {
+            strpos($referer, $CFG->wwwroot . '/login/index.php') !== 0) { // There might be some extra params such as ?lang=.
         $SESSION->wantsurl = $referer;
+    }
+}
-// Verificar si loginredirect está establecido en la SESSION
+// Check if loginredirect is set in the SESSION.
-if ($errorcode && isset($SESSION->loginredirect)) {
-    $loginredirect = $SESSION->loginredirect;
-}
-$SESSION->loginredirect = $loginredirect;
+if ($errorcode && isset($SESSION->loginredirect)) {
-// ============================================================================
+    $loginredirect = $SESSION->loginredirect;
 // REDIRECCIÓN A URL DE INICIO DE SESIÓN ALTERNATIVA
+$SESSION->loginredirect = $loginredirect;
 // ============================================================================
 /// Redirect to alternative login URL if needed
-// Redirigir a URL de inicio de sesión alternativa si es necesario
+if (!empty($CFG->alternateloginurl) && $loginredirect) {
-if (!empty($CFG->alternateloginurl) && $loginredirect) {
+    $loginurl = new moodle_url($CFG->alternateloginurl);
     $loginurl = new moodle_url($CFG->alternateloginurl);
     $loginurlstr = $loginurl->out(false);
     if ($SESSION->wantsurl != '' && strpos($SESSION->wantsurl, $loginurlstr) === 0) {
-        // No queremos volver a la URL alternativa
+        // We do not want to return to alternate url.
         $SESSION->wantsurl = null;
+    }
-    // Si hay código de error, agregarlo a la URL
-    if ($errorcode) {
-        $loginurl->param('errorcode', $errorcode);
     // If error code then add that to url.
     if ($errorcode) {
-    redirect($loginurl->out(false));
+        $loginurl->param('errorcode', $errorcode);
-}
+    }
 // ============================================================================
+    redirect($loginurl->out(false));
-// GENERACIÓN DE LA PÁGINA DE INICIO DE SESIÓN
+}
 // ============================================================================
 /// Generate the login page with forms
 // Inicializar el objeto del formulario si no existe
+if (!isset($frm) or !is_object($frm)) {
-if (!isset($frm) or !is_object($frm)) {
+    $frm = new stdClass();
     $frm = new stdClass();
-}
+if (empty($frm->username) && $authsequence[0] != 'shibboleth') {  // See bug 5184
-// Configurar valores predeterminados del formulario
+    if (!empty($_GET["username"])) {
-if (empty($frm->username) && $authsequence[0] != 'shibboleth') {
+        // we do not want data from _POST here
-    if (!empty($_GET["username"])) {
+        $frm->username = clean_param($_GET["username"], PARAM_RAW); // we do not want data from _POST here
-        $frm->username = clean_param($_GET["username"], PARAM_RAW);
+    } else {
+        $frm->username = get_moodle_cookie();
     } else {
-        $frm->username = get_moodle_cookie();
+    $frm->password = "";
+}
-    $frm->password = "";
+if (!empty($SESSION->loginerrormsg) || !empty($SESSION->logininfomsg)) {
+    // We had some messages before redirect, show them now.
     $errormsg = $SESSION->loginerrormsg ?? '';
     $infomsg = $SESSION->logininfomsg ?? '';
-// Manejar mensajes de error e información
+    unset($SESSION->loginerrormsg);
+    unset($SESSION->logininfomsg);
-if (!empty($SESSION->loginerrormsg) || !empty($SESSION->logininfomsg)) {
+} else if ($testsession) {
-    $errormsg = $SESSION->loginerrormsg ?? '';
+    // No need to redirect here.
+    unset($SESSION->loginerrormsg);
-    $infomsg = $SESSION->logininfomsg ?? '';
+    unset($SESSION->logininfomsg);
     unset($SESSION->loginerrormsg);
-    unset($SESSION->logininfomsg);
-} else if ($testsession) {
-    unset($SESSION->loginerrormsg);
-    unset($SESSION->logininfomsg);
-} else if ($errormsg or !empty($frm->password)) {
-    if ($errormsg) {
+} else if ($errormsg or !empty($frm->password)) {
-        $SESSION->loginerrormsg = $errormsg;
+    // We must redirect after every password submission.
-    }
-    $loginurl = new moodle_url('/login/index.php');
+    if ($errormsg) {
-    $loginurl->param('loginredirect', $SESSION->loginredirect);
-    redirect($loginurl->out(false));
+        $SESSION->loginerrormsg = $errormsg;
-}
+    }
-// ============================================================================
+    // Add redirect param to url.
-// RENDERIZADO DE LA PÁGINA
+    $loginurl = new moodle_url('/login/index.php');
-// ============================================================================
+    $loginurl->param('loginredirect', $SESSION->loginredirect);
-// Configurar título y encabezado de la página
+    redirect($loginurl->out(false));
-$PAGE->set_title($loginsite);
 $PAGE->set_heading("$site->fullname");
-// Mostrar el encabezado de la página
+$PAGE->set_title($loginsite);
-echo $OUTPUT->header();
+$PAGE->set_heading("$site->fullname");
-// Verificar el estado de la sesión del usuario
-if (isloggedin() and !isguestuser()) {
+echo $OUTPUT->header();

Proyectos de Subversion Moodle

(root)/login/index.php – Rev 1391 → 1441