Hello all, this is my first time posting here- and well as you guessed... I'm looking for a little help/direction.
Problem:
Trying to bypass a old defunct LMS by using moodle. In order to do this I'm using a scorm 1.2 package to pull a student id and course id out of the old one. This little sco package in turn constructs a url and replaces the first page of the fake course with a link to it. This shoots them right through no problem.
now comes the tricky part. via a $_GET["id"]; I'm assigning my new found id to the username. As the user has already signed into the first account I do not need them to sign into moodle with another password. I plan to set a default value for that in the back end tables, and simply have it the same every time. Also if a user is new, I'll need to create a account for them on the fly.
So...
I am looking for a little direction on how to approach this. I know this place is littered with excellent code, but I just don't know enough about how, to find what I'm looking for.
Is this a Authentication plug in that I'm writing? I've tried getting some reference materials for this but packt keeps pushing the publish date out for that new book they have.
I already have been poking at the Development:Authentication_plug ins section...
if anyone out there can help I would be very appreciative!
Thanks in advance.
oh... I do program php, just don't know enough about moodle.
Yes, you would probably be writing an authentication plugin. For something similar to what you want to do, you can look at auth/mnet/land.php.
Basically, when you do a single sign-on using Moodle Networks, you will be taken to a URL of the form [site]/auth/mnet/land.php?token=[token]&idp=[idp]&wantsurl=[url], where [token] is a unique token generated by the identity provider ([idp]), and [url] is the url to send the user to after they have been authenticated. land.php (or, rather, the confirm_mnet_session method in the mnet authentication plugin) will then take the token, do a remote-procedure-call to the identity provider to get the user's information, and then either get the Moodle user, or create a new Moodle user if a user doesn't exist.
Basically, when you do a single sign-on using Moodle Networks, you will be taken to a URL of the form [site]/auth/mnet/land.php?token=[token]&idp=[idp]&wantsurl=[url], where [token] is a unique token generated by the identity provider ([idp]), and [url] is the url to send the user to after they have been authenticated. land.php (or, rather, the confirm_mnet_session method in the mnet authentication plugin) will then take the token, do a remote-procedure-call to the identity provider to get the user's information, and then either get the Moodle user, or create a new Moodle user if a user doesn't exist.
Hubert,
Thx, for the reply any direction on a how to guide of sorts for developing a authentication plugin?
Thx, for the reply any direction on a how to guide of sorts for developing a authentication plugin?
Actually,
a client of mine also need to functionality.
May be we can combine forces?
Write me a message on my mail or Moodle account.
Ries
a client of mine also need to functionality.
May be we can combine forces?
Write me a message on my mail or Moodle account.
Ries
Ries,
I'm all about the open source... I've posted the code I have so far, let me know what you think.
I'm all about the open source... I've posted the code I have so far, let me know what you think.
First : I think I am looking for one-time hash based login setup rather then this.
Second: You do handle some of your own mysql connection work, what if the end user uses Oracle or MySQL?? Then this will not work, right??
Third: Your SQL construction looks very dangerous to me. Now I know that Moodle does some magik quoting, still I would like to see some quoting done before you put a GET/POST variable like that to a query.
Forth: How is this used?
Ries
I don't have any information on how to develop an authentication plugin, other than looking at lib/authlib.php, and the other authentication plugins. Perhaps someone else can point you to a resource.
Well yes, I was looking at http://phpdocs.moodle.org/19/moodle/_lib---authlib.php.html, but I need more variables for example- if no user exist in the tables, where is the function to create one?
As Hubert mentioned the best way to learn is to look at the other authentication plug-ins in particular manual as it is the most basic.
Here are some resources that may help:
http://docs.moodle.org/en/Authentication_API
http://docs.moodle.org/en/Development:Authentication_plugins
Regards,
Here are some resources that may help:
http://docs.moodle.org/en/Authentication_API
http://docs.moodle.org/en/Development:Authentication_plugins
Regards,
I got it working
1) I made a cookie based login, to keep a user logged in using a cookie.
2) Using a URL that contains a special hash.
One thing I was looking at is that the auth system is never called anymore once a user is logged in. Is this correct?
I need to be called because the cookie needs to get updated to keep the cookie valid. Any idead without hacking into the core?
Ries
1) I made a cookie based login, to keep a user logged in using a cookie.
2) Using a URL that contains a special hash.
One thing I was looking at is that the auth system is never called anymore once a user is logged in. Is this correct?
I need to be called because the cookie needs to get updated to keep the cookie valid. Any idead without hacking into the core?
Ries
Ries,
for the oracle, you would need to pad out the connection function to accommodate both, as for the magic quotes, we have those turned off at the moment.
something like this...
if($CFG->dbtype==='mysql')
The page I am writing is intended to serve as more of a processing page, if the user id is in the DB... log them in, if not create new account then login. The user will never actually see the URL or variables being passed, hence no cookie... in addition I can't create a cookie because the session which starts all of this is part of another system.
no doubt cookies are far more secure...
you could write something into the /lib/datalib.php to refresh your cookie on user interactions.
could you post the code so I can take a look?
Thx,
Jason
for the oracle, you would need to pad out the connection function to accommodate both, as for the magic quotes, we have those turned off at the moment.
something like this...
if($CFG->dbtype==='mysql')
The page I am writing is intended to serve as more of a processing page, if the user id is in the DB... log them in, if not create new account then login. The user will never actually see the URL or variables being passed, hence no cookie... in addition I can't create a cookie because the session which starts all of this is part of another system.
no doubt cookies are far more secure...
you could write something into the /lib/datalib.php to refresh your cookie on user interactions.
could you post the code so I can take a look?
Thx,
Jason
Jason,
I am not using User_Login_Pass.php I created a auth module for this so I can use all the regular functions.
The dis-advantage is that Moodle doesn't call the authentication module for, for example the homepage. Hence your suggestion to hook into /lib/datalib.php I think. However I did it like this for now so I won't create a other patch for Moodle, since I am trying very hard to keep my moodle installation without hacks.
However, as soon as module calls require_login, then authentication get's called and I am beable to log a user in. This would cover most of my cases.
To keep a user logged in I am setting up a cookie based authentication.
Here is my current code It's not yet in production and my client needs to take a look at it still.
Let me know what you think of it please...
Ries
I am not using User_Login_Pass.php I created a auth module for this so I can use all the regular functions.
The dis-advantage is that Moodle doesn't call the authentication module for, for example the homepage. Hence your suggestion to hook into /lib/datalib.php I think. However I did it like this for now so I won't create a other patch for Moodle, since I am trying very hard to keep my moodle installation without hacks.
However, as soon as module calls require_login, then authentication get's called and I am beable to log a user in. This would cover most of my cases.
To keep a user logged in I am setting up a cookie based authentication.
Here is my current code It's not yet in production and my client needs to take a look at it still.
Let me know what you think of it please...
Ries
Jason,
in the mean time I made some additional changes, but the version I send you did work fine. I just had some corner cases with by cookie based login auth plugin.
Did it work for you?
Ries
in the mean time I made some additional changes, but the version I send you did work fine. I just had some corner cases with by cookie based login auth plugin.
Did it work for you?
Ries