Tag Archive for sign-on

Moodle Single Sign-on Mod

As I modify Moodle to provide environment variable single-sign on for the third time, I thought I would actually document my work this time. Make these modifications at your own risk — they work for one Moodle 1.6/Win2k3/PHP5/mySQL5 environment but may not work for yours.

File login/index.php, lines 78 onward: fool Moodle into thinking that the user has submitted login form data. Substitue the DAF user environment variable for the login.

if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
/// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
$frm->username = 'guest';
$frm->password = 'guest';
} else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
// Handles the case of another Moodle site linking into a page on this site
include($CFG->dirroot.'/login/weblinkauth.php');
if (function_exists(weblink_auth)) {
$user = weblink_auth($SESSION->wantsurl);
}
if ($user) {
$frm->username = $user->username;
} else {
$frm = data_submitted($loginurl);
}
} else {
// patch for UHS active directory (kassissieh)
$lowername = strtolower($_SERVER[HTTP_DAFLOGIN]);
$lastpart = stristr($lowername, '\\');
if (!$lastpart) {$lastpart = strtolower($_SERVER[HTTP_DAFLOGIN]);}
$frm->username = $lastpart;
//$frm = data_submitted($loginurl);
}

/// Check if the user has actually submitted login data to us

//if (empty($CFG->usesid) and $testcookies and (get_moodle_cookie() == '')) { // Login without cookie when test requested

// $errormsg = get_string("cookiesnotenabled");

//} else if ($frm) { // Login WITH cookies

if ($frm) { // Login WITH cookies

File auth/none/lib.php: Return a true authentication result no matter what.

//if ($user = get_record('user', 'username', $username)) {
// return validate_internal_user_password($user, $password);
//}

return true;
//}

user/edit.php, line 357 (just before “include edit.html”): pre-fill some user information from Active Directory entry (so we may lock those fields)

// (get user information from active directory - kassissieh)
echo "";
print_simple_box(('Welcome, new user!
Please review your user profile then select Update Profile (below).'), "center", "50%");

// pre-fill user information
$user->email = $user->username;
if (!strpos($user->email, '@')) {$user->email .= '@sfuhs.org';}
$query = " SELECT
EA7RECORDS.FIRSTNAME, EA7RECORDS.NICKNAME, EA7RECORDS.LASTNAME
FROM
EA7RECORDS,
ADDRESSLINKS,
PHONELINKS,
ADDRESSLINKPHONES,
EA7ADDRESSOPTIONS
WHERE
NUM LIKE '" . $user->email . "' AND
ADDRESSLINKPHONES.PHONESID=PHONELINKS.PHONESID AND
PHONELINKS.ADDRESSLINKSID=ADDRESSLINKS.ADDRESSLINKSID AND
ADDRESSLINKS.PARENTRECORDID=EA7RECORDS.EA7RECORDSID AND
EA7ADDRESSOPTIONS.ADDRESSLINKSID=ADDRESSLINKS.ADDRESSLINKSID AND
EA7ADDRESSOPTIONS.PRIMARYADDRESS='-1'";

mssql_connect ( "sqlsrv", $dbuser, $dbpass );
$result = mssql_query ( $query );
$row=mssql_fetch_array($result);
if ($row['NICKNAME']) {$row['FIRSTNAME']=$row['NICKNAME'];}
mssql_close();
if ($row['FIRSTNAME']) {$user->firstname = $row['FIRSTNAME'];}
if ($row['LASTNAME']) {$user->lastname = $row['LASTNAME'];}

// end kassissieh mod

user/edit.html: Replace input fields for firstname, lastname, email, and change password with hidden data fields. This is because we don’t want AD users to change their basic user information.

For example, replace


<input type="text" name="firstname" size="30" alt="<?php print_string("firstname") ?>" maxlength="100" value="<?php p($user->firstname) ?>" />

with

<?php p($user->firstname) ?><input type="hidden" name="email" value="<?php p($user->firstname) ?>" />