auth_plugin_db Class Reference

External database authentication plugin. More...

Inheritance diagram for auth_plugin_db:

Public Member Functions
	__construct ()
	Constructor.
	can_be_manually_set ()
	Returns whether or not this authentication plugin can be manually set for users, for example, when bulk uploading users.
	can_change_password ()
	Returns true if this authentication plugin can change the user's password.
	can_confirm ()
	Returns true if plugin allows confirming of new users.
	can_edit_profile ()
	Returns true if this authentication plugin can edit the users' profile.
	can_reset_password ()
	Returns true if plugin allows resetting of internal password.
	can_signup ()
	Returns true if plugin allows resetting of internal password.
	change_password_url ()
	Returns the URL for changing the user's pw, or empty if the default can be used.
	clean_data ($user)
	Clean the user data that comes from an external database.
	config_form ($config, $err, $user_fields)
	Prints a form for configuring this authentication plugin.
	db_attributes ()
	Returns user attribute mappings between moodle and the external database.
	db_init ()
	Connect to external database.
	edit_profile_url ()
	Returns the URL for editing the users' profile, or empty if the default URL can be used.
	ext_addslashes ($text)
	Add slashes, we can not use placeholders or system functions.
	find_cli_user ()
	Identify a Moodle account on the CLI.
	get_custom_user_profile_fields ()
	Return custom user profile fields.
	get_description ()
	Get the auth description (from core or own auth lang files)
	get_extrauserinfo ()
	Returns extra user information.
	get_password_change_info (stdClass $user)
	Returns information on how the specified user can change their password.
	get_title ()
	Return the properly translated human-friendly title of this auth plugin.
	get_userinfo ($username)
	Reads any other information for a user from external database, then returns it in an array.
	get_userinfo_asobj ($username)
	Reads user information from DB and return it in an object.
	get_userlist ()
	ignore_timeout_hook ($user, $sid, $timecreated, $timemodified)
	Hook called before timing out of database session.
	is_captcha_enabled ()
	Returns whether or not the captcha element is enabled.
	is_configured ()
	Returns false if this plugin is enabled but not configured.
	is_internal ()
	Returns true if this authentication plugin is "internal".
	is_synchronised_with_external ()
	Indicates if moodle should automatically update internal user records with data from external sources using the information from auth_plugin_base\get_userinfo().
object	loginpage_hook ()
	Hook for overriding behaviour of login page.
	loginpage_idp_list ($wantsurl)
	Returns a list of potential IdPs that this authentication plugin supports.
object	logoutpage_hook ()
	Hook for overriding behaviour of logout page.
	password_expire ($username)
	return number of days to user password expires
	postlogout_hook ($user)
	Post logout hook.
	pre_loginpage_hook ()
	Hook for overriding behaviour before going to the login page.
	pre_user_login_hook (&$user)
	Pre user_login hook.
object	prelogout_hook ()
	Pre logout hook.
	prevent_local_passwords ()
	Indicates if password hashes should be stored in local moodle database.
	process_config ($config)
	Processes and stores configuration data for this authentication plugin.
	set_extrauserinfo (array $values)
	Set extra user information.
	signup_form ()
	Return a form to capture user details for account creation.
	sync_roles ($user)
	Sync roles for this user - usually creator.
	sync_users (progress_trace $trace, $do_updates=false)
	Synchronizes user from external db to moodle user table.
	test_settings ()
	Test if settings are ok, print info to output.
	user_authenticated_hook (&$user, $username, $password)
	Post authentication hook.
	user_confirm ($username, $confirmsecret)
	Confirm the new user as registered.
	user_delete ($olduser)
	User delete requested - internal user record is mared as deleted already, username not present anymore.
	user_exists ($username)
	Checks if user exists in external db.
	user_login ($username, $password)
	Returns true if the username and password work and false if they are wrong or don't exist.
	user_signup ($user, $notify=true)
	Sign up a new user ready for confirmation.
	user_update ($olduser, $newuser)
	Called when the user record is updated.
	user_update_password ($user, $newpassword)
	Change a user's password.
	validate_form ($form, &$err)
	A chance to validate form data, and last chance to do stuff before it is inserted in config_plugin.

Static Public Member Functions
static	find_cli_admin_user ()
	Find an OS level admin Moodle user account.
static	get_enabled_auth_plugin_classes ()
	Returns the enabled auth plugins.
static	get_identity_providers ($authsequence)
	Return the list of enabled identity providers.
static	login_cli_admin_user ()
	Find and login as an OS level admin Moodle user account.
static	prepare_identity_providers_for_output ($identityproviders, renderer_base $output)
	Prepare a list of identity providers for output.

Public Attributes
string	$authtype
	Authentication plugin type - the same as db field.
object	$config
	The configuration details for the plugin.
array	$userfields = core_user::AUTHSYNCFIELDS

Protected Member Functions
	update_user_record ($username, $updatekeys=false, $triggerevent=false, $suspenduser=false)
	Update a local user record from an external source.

Protected Attributes
string	$errorlogtag = ''
	The tag we want to prepend to any error log messages.
array	$extrauserinfo = []
	Stores extra information available to the logged in event.

Detailed Description

External database authentication plugin.

Member Function Documentation

can_be_manually_set()

auth_plugin_base::can_be_manually_set ( )

inherited

Returns whether or not this authentication plugin can be manually set for users, for example, when bulk uploading users.

This should be overriden by authentication plugins where setting the authentication method manually is allowed.

Return values

bool

Since

Moodle 2.6

Reimplemented in auth_oauth2\auth, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, auth_plugin_nologin, and auth_plugin_none.

can_change_password()

auth_plugin_db::can_change_password

(

)

Returns true if this authentication plugin can change the user's password.

Return values

bool

Reimplemented from auth_plugin_base.

can_confirm()

auth_plugin_base::can_confirm ( )

inherited

Returns true if plugin allows confirming of new users.

Return values

bool

Reimplemented in auth_plugin_email, and auth_plugin_ldap.

can_edit_profile()

auth_plugin_base::can_edit_profile ( )

inherited

Returns true if this authentication plugin can edit the users' profile.

Return values

bool

can_reset_password()

auth_plugin_db::can_reset_password

(

)

Returns true if plugin allows resetting of internal password.

Return values

bool

Reimplemented from auth_plugin_base.

can_signup()

auth_plugin_base::can_signup ( )

inherited

Returns true if plugin allows resetting of internal password.

Return values

bool

Reimplemented in auth_plugin_email, and auth_plugin_ldap.

change_password_url()

auth_plugin_db::change_password_url

(

)

Returns the URL for changing the user's pw, or empty if the default can be used.

Return values

moodle_url

Reimplemented from auth_plugin_base.

clean_data()

auth_plugin_db::clean_data

(

$user

)

Clean the user data that comes from an external database.

Deprecated

since 3.1, please use core_user\clean_data() instead.

Parameters

array

$user

the user data to be validated against properties definition.

Return values

stdClass\$user

the cleaned user data.

config_form()

auth_plugin_base::config_form ( $config, $err, $user_fields )

inherited

Prints a form for configuring this authentication plugin.

This function is called from admin/auth.php, and outputs a full page with a form for configuring this plugin.

Parameters

object	$config
object	$err
array	$user_fields

Deprecated

since Moodle 3.3

db_attributes()

auth_plugin_db::db_attributes

(

)

Returns user attribute mappings between moodle and the external database.

Return values

array

db_init()

auth_plugin_db::db_init

(

)

Connect to external database.

Return values

ADOConnection

Exceptions

moodle_exception

edit_profile_url()

auth_plugin_base::edit_profile_url ( )

inherited

Returns the URL for editing the users' profile, or empty if the default URL can be used.

This method is used if can_edit_profile() returns true. This method is called only when user is logged in, it may use global $USER.

Return values

?moodle_url

url of the profile page or null if standard used

ext_addslashes()

auth_plugin_db::ext_addslashes

(

$text

)

Add slashes, we can not use placeholders or system functions.

Parameters

string

$text

Return values

string

find_cli_admin_user()

static auth_plugin_base::find_cli_admin_user ( )

staticinherited

Find an OS level admin Moodle user account.

Used when running CLI scripts. Only accounts which are site admin will be accepted.

Return values

null|stdClass

Admin user record if found

find_cli_user()

auth_plugin_base::find_cli_user ( )

inherited

Identify a Moodle account on the CLI.

For example a plugin might use posix_geteuid and posix_getpwuid to find the username of the OS level user and then match that against Moodle user accounts.

Return values

null|stdClass

User user record if found

get_custom_user_profile_fields()

auth_plugin_base::get_custom_user_profile_fields ( )

inherited

Return custom user profile fields.

Return values

array

list of custom fields.

get_description()

auth_plugin_base::get_description ( )

inherited

Get the auth description (from core or own auth lang files)

Return values

string

The description

get_enabled_auth_plugin_classes()

static auth_plugin_base::get_enabled_auth_plugin_classes ( )

staticinherited

Returns the enabled auth plugins.

Return values

array

of plugin classes

get_extrauserinfo()

auth_plugin_base::get_extrauserinfo ( )

inherited

Returns extra user information.

Return values

array

An array of keys and values

get_identity_providers()

static auth_plugin_base::get_identity_providers ( $authsequence )

staticinherited

Return the list of enabled identity providers.

Each identity provider data contains the keys url, name and iconurl (or icon). See the documentation of auth_plugin_base::loginpage_idp_list() for detailed description of the returned structure.

Parameters

array

$authsequence

site's auth sequence (list of auth plugins ordered)

Return values

array

List of arrays describing the identity providers

get_password_change_info()

auth_plugin_base::get_password_change_info ( stdClass $user )

inherited

Returns information on how the specified user can change their password.

Parameters

stdClass

$user

A user object

Return values

string[]

An array of strings with keys subject and message

Reimplemented in auth_oauth2\auth, and auth_plugin_nologin.

get_title()

auth_plugin_base::get_title ( )

inherited

Return the properly translated human-friendly title of this auth plugin.

Todo

Document this function

get_userinfo()

auth_plugin_db::get_userinfo

(

$username

)

Reads any other information for a user from external database, then returns it in an array.

Parameters

string

$username

Return values

array

Reimplemented from auth_plugin_base.

get_userinfo_asobj()

auth_plugin_db::get_userinfo_asobj

(

$username

)

Reads user information from DB and return it in an object.

Parameters

string

$username

username

Return values

stdClass

ignore_timeout_hook()

auth_plugin_base::ignore_timeout_hook ( $user, $sid, $timecreated, $timemodified )

inherited

Hook called before timing out of database session.

This is useful for SSO and MNET.

Parameters

object	$user
string	$sid	session id
int	$timecreated	start of session
int	$timemodified	user last seen

Return values

bool	true means do not timeout session yet

is_captcha_enabled()

auth_plugin_base::is_captcha_enabled ( )

inherited

Returns whether or not the captcha element is enabled.

@abstract Implement in child classes

Return values

bool

Reimplemented in auth_plugin_email.

is_configured()

auth_plugin_db::is_configured

(

)

Returns false if this plugin is enabled but not configured.

Return values

bool

Reimplemented from auth_plugin_base.

is_internal()

auth_plugin_db::is_internal

(

)

Returns true if this authentication plugin is "internal".

Internal plugins use password hashes from Moodle user table for authentication.

Return values

bool

Reimplemented from auth_plugin_base.

is_synchronised_with_external()

auth_plugin_db::is_synchronised_with_external

(

)

Indicates if moodle should automatically update internal user records with data from external sources using the information from auth_plugin_base\get_userinfo().

Return values

bool	true means automatically copy data from ext to user table

Reimplemented from auth_plugin_base.

login_cli_admin_user()

static auth_plugin_base::login_cli_admin_user ( )

staticinherited

Find and login as an OS level admin Moodle user account.

Used for running CLI scripts which must be admin accounts.

loginpage_hook()

object auth_plugin_base::loginpage_hook ( )

inherited

Hook for overriding behaviour of login page.

This method is called from login/index.php page for all enabled auth plugins.

@global object

Reimplemented in auth_plugin_cas, auth_plugin_ldap, and auth_plugin_shibboleth.

loginpage_idp_list()

auth_plugin_base::loginpage_idp_list ( $wantsurl )

inherited

Returns a list of potential IdPs that this authentication plugin supports.

This is used to provide links on the login page and the login block.

The parameter $wantsurl is typically used by the plugin to implement a return-url feature.

The returned value is expected to be a list of associative arrays with string keys:

• url => (moodle_url|string) URL of the page to send the user to for authentication
• name => (string) Human readable name of the IdP
• iconurl => (moodle_url|string) URL of the icon representing the IdP (since Moodle 3.3)

For legacy reasons, pre-3.3 plugins can provide the icon via the key:

• icon => (pix_icon) Icon representing the IdP

Parameters

string

$wantsurl

The relative url fragment the user wants to get to.

Return values

array

List of associative arrays with keys url, name, iconurl|icon

Reimplemented in auth_oauth2\auth, auth_plugin_cas, auth_plugin_mnet, and auth_plugin_shibboleth.

logoutpage_hook()

object auth_plugin_base::logoutpage_hook ( )

inherited

Hook for overriding behaviour of logout page.

This method is called from login/logout.php page for all enabled auth plugins.

@global string

Reimplemented in auth_plugin_cas, auth_plugin_mnet, and auth_plugin_shibboleth.

password_expire()

auth_plugin_base::password_expire ( $username )

inherited

return number of days to user password expires

If userpassword does not expire it should return 0. If password is already expired it should return negative value.

Parameters

mixed

$username

username (with system magic quotes)

Return values

integer

Reimplemented in auth_plugin_ldap, and auth_plugin_manual.

postlogout_hook()

auth_plugin_base::postlogout_hook ( $user )

inherited

Post logout hook.

This method is used after moodle logout by auth classes to execute server logout.

Parameters

stdClass

$user

clone of USER object before the user session was terminated

Reimplemented in auth_plugin_cas.

pre_loginpage_hook()

auth_plugin_base::pre_loginpage_hook ( )

inherited

Hook for overriding behaviour before going to the login page.

This method is called from require_login from potentially any page for all enabled auth plugins and gives each plugin a chance to redirect directly to an external login page, or to instantly login a user where possible.

If an auth plugin implements this hook, it must not rely on ONLY this hook in order to work, as there are many ways a user can browse directly to the standard login page. As a general rule in this case you should also implement the loginpage_hook as well.

pre_user_login_hook()

auth_plugin_base::pre_user_login_hook ( & $user )

inherited

Pre user_login hook.

This method is called from authenticate_user_login() right after the user object is generated. This gives the auth plugins an option to make adjustments before the verification process starts.

Parameters

object

$user

user object, later used for $USER

prelogout_hook()

object auth_plugin_base::prelogout_hook ( )

inherited

Pre logout hook.

This method is called from require_logout() for all enabled auth plugins,

Reimplemented in auth_plugin_mnet.

prepare_identity_providers_for_output()

static auth_plugin_base::prepare_identity_providers_for_output ( $identityproviders, renderer_base $output )

staticinherited

Prepare a list of identity providers for output.

Parameters

array	$identityproviders	as returned by self::get_identity_providers()
renderer_base	$output

Return values

array

the identity providers ready for output

prevent_local_passwords()

auth_plugin_db::prevent_local_passwords

(

)

Indicates if password hashes should be stored in local moodle database.

Return values

bool	true means md5 password hash stored in user table, false means flag 'not_cached' stored there instead

Reimplemented from auth_plugin_base.

process_config()

auth_plugin_base::process_config ( $config )

inherited

Processes and stores configuration data for this authentication plugin.

Parameters

object

object with submitted configuration settings (without system magic quotes)

Deprecated

since Moodle 3.3

set_extrauserinfo()

auth_plugin_base::set_extrauserinfo ( array $values )

inherited

Set extra user information.

Parameters

array

$values

Any Key value pair.

Return values

void

signup_form()

auth_plugin_base::signup_form ( )

inherited

Return a form to capture user details for account creation.

This is used in /login/signup.php.

Return values

moodleform

A form which edits a record from the user table.

sync_roles()

auth_plugin_base::sync_roles ( $user )

inherited

Sync roles for this user - usually creator.

Parameters

$user

object user object (without system magic quotes)

Reimplemented in auth_plugin_ldap.

sync_users()

auth_plugin_db::sync_users	(	progress_trace	$trace,
			$do_updates = false )

Synchronizes user from external db to moodle user table.

Sync should be done by using idnumber attribute, not username. You need to pass firstsync parameter to function to fill in idnumbers if they don't exists in moodle user table.

Syncing users removes (disables) users that don't exists anymore in external db. Creates new users and updates coursecreator status of users.

This implementation is simpler but less scalable than the one found in the LDAP module.

Parameters

progress_trace	$trace
bool	$do_updates	Optional: set to true to force an update of existing accounts

Return values

int	0 means success, 1 means failure

update_user_record()

auth_plugin_base::update_user_record ( $username, $updatekeys = false, $triggerevent = false, $suspenduser = false )

protectedinherited

Update a local user record from an external source.

This is a lighter version of the one in moodlelib – won't do expensive ops such as enrolment.

Parameters

string	$username	username
array	$updatekeys	fields to update, false updates all fields.
bool	$triggerevent	set false if user_updated event should not be triggered. This will not affect user_password_updated event triggering.
bool	$suspenduser	Should the user be suspended?

Return values

stdClass|bool

updated user record or false if there is no new info to update.

user_authenticated_hook()

auth_plugin_base::user_authenticated_hook ( & $user, $username, $password )

inherited

Post authentication hook.

This method is called from authenticate_user_login() for all enabled auth plugins.

Parameters

object	$user	user object, later used for $USER
string	$username	(with system magic quotes)
string	$password	plain text password (with system magic quotes)

user_confirm()

auth_plugin_base::user_confirm ( $username, $confirmsecret )

inherited

Confirm the new user as registered.

Parameters

string	$username
string	$confirmsecret

Reimplemented in auth_oauth2\auth, auth_plugin_email, auth_plugin_ldap, auth_plugin_manual, and auth_plugin_webservice.

user_delete()

auth_plugin_base::user_delete ( $olduser )

inherited

User delete requested - internal user record is mared as deleted already, username not present anymore.

Do any action in external database.

Parameters

object

$user

Userobject before delete (without system magic quotes)

Return values

void

user_exists()

auth_plugin_db::user_exists

(

$username

)

Checks if user exists in external db.

Parameters

string

$username

(with system magic quotes)

Return values

bool

Reimplemented from auth_plugin_base.

user_login()

auth_plugin_db::user_login	(		$username,
			$password )

Returns true if the username and password work and false if they are wrong or don't exist.

Parameters

string	$username	The username
string	$password	The password

Return values

bool	Authentication success or failure.

Reimplemented from auth_plugin_base.

user_signup()

auth_plugin_base::user_signup ( $user, $notify = true )

inherited

Sign up a new user ready for confirmation.

Password is passed in plaintext.

Parameters

object	$user	new user object
boolean	$notify	print notice with link and terminate

Reimplemented in auth_plugin_email, and auth_plugin_ldap.

user_update()

auth_plugin_db::user_update	(		$olduser,
			$newuser )

Called when the user record is updated.

Modifies user in external database. It takes olduser (before changes) and newuser (after changes) compares information saved modified information to external db.

Parameters

stdClass	$olduser	Userobject before modifications
stdClass	$newuser	Userobject new modified userobject

Return values

boolean

result

Reimplemented from auth_plugin_base.

user_update_password()

auth_plugin_db::user_update_password	(		$user,
			$newpassword )

Change a user's password.

Parameters

stdClass	$user	User table object
string	$newpassword	Plaintext password

Return values

bool	True on success

Reimplemented from auth_plugin_base.

validate_form()

auth_plugin_base::validate_form ( $form, & $err )

inherited

A chance to validate form data, and last chance to do stuff before it is inserted in config_plugin.

Parameters

	object	object with submitted configuration settings (without system magic quotes)
array	$err	array of error messages

Deprecated

since Moodle 3.3

---

The documentation for this class was generated from the following file:

• auth/db/auth.php