Accessing Moodle Username

Accessing Moodle Username

Marc Bibaud發表於
Number of replies: 3

Given that I currently only have 'Moodle Administrator' access to my schools system, is there a way I can pass the 'current username' to an external php script.

I've tested on my own local system and from within Moodle, I can refer to $USER->username  Is there a way that that can be securely passed to a call of an external script?

If the above is not possible, please could someone advise how one might deal with the following requirement (such that I can ask the 'Site FTP Administrator' to do it on our behalf:

I need to sign on to an external system using the Moodle logon in place of their own as they are satisfied that Moodle has authenticated the user.  I can call my script: http://........php?username=nnnnnn where 'nnnnn' is the Moodle username but at the moment I'm not even sure how to do that and additionally this would be very insecure as it could just be pasted into any browser.  I fgured that if instead of reading a query string, my script read a session variable (of the username) only available to an authenticated Moodle user then it would be reasonably secure.

 Any pointers in the right direction very much appreciated.

Thanks

AM

評比平均分數: -
In reply to Marc Bibaud

Re: Accessing Moodle Username

Martin Dougiamas發表於
Core developers的相片 Documentation writers的相片 Moodle HQ的相片 Particularly helpful Moodlers的相片 Plugin developers的相片 Testers的相片
Since you don't have access to the files, I would look into using a Resource.

Add the resource somewhere (course or home page) and look in the advanced settings at the parameters you can pass to the external URL.

http://docs.moodle.org/en/File_or_website_link#Parameters

See the bottom of that section for some security suggestions.
評比平均分數: -
In reply to Marc Bibaud

Re: Accessing Moodle Username

Hubert Chathi發表於
Here are a few possibilities:
  • If your script is on the same domain as the Moodle site, it can read Moodle's session cookie, and then access the session data.
  • You could make your external PHP script use Moodle Networks (but it may be more effort than it's worth)
  • You could do something similar to the way Moodle Networks does single sign-on: when a user wants to access the external script, have Moodle create a token (a random number) and store it in the database, and then call your external script using http://....php?token=[random number]. Your script will then need to ask Moodle who the user is corresponding to that token (or if your script can access the database directly, it can do that as well)
  • Make Moodle into an OpenID identity provider, and make your external PHP use OpenID for authentication.
The first option is probably the easiest, if it is possible. Otherwise, the third option is probably the next easiest, but still a bit of work. The second and fourth options are probably the most work.
評比平均分數: -
In reply to Hubert Chathi

Re: Accessing Moodle Username

Dallas Ray Smetter發表於
Hubert,

I would like to try your first suggestion...

How would I do it?

"read Moodle's session cookie, and then access the session data."
評比平均分數: -