Search This Blog

Wednesday, April 25, 2012

Adding custom message for users with "nologin" status

I have to share this because it's an awesome addition to the Moodle system. In my particular case, I want to suspend a particular user from entering the site, and also give them a specific reason why.


  1. Go to their profile, as admin, and set their authentication as "No Login." Make sure this option is also enabled in the admin panel -> plugins ->authentication.
  2. Now we need to modify some code. Thanks to the patch from " tiagojn", it's easy to create specific messages on the login panel. 
  3. Create a new file inside root/auth/nologin  called "config.html" This allows us to create some form elements on the settings panel of "nologin" from the admin -> plugins -> authentication section.
  4. Here is the code for config.html:
<?php
    // set to defaults if undefined
    if (!isset($config->enable_specific_message)) {
        $config->enable_specific_message = false;
    }

    if( !isset($config->specific_message_text)){
        $config->specific_message_text = get_string('invalidlogin');
    }
?>

<table cellspacing="0" cellpadding="5" border="0">
<tr>
    <td align="right">
        <label for=checkbox_enable_specific_message"><?php print_string('auth_nologin_specificmessage_select_key', 'auth_nologin'); ?></label>
    </td>
    <td><?php
        global $OUTPUT;
        echo html_writer::checkbox('enable_specific_message', 1, $config->enable_specific_message,'',array(id => checkbox_enable_specific_message));
        ?></td>
    <td><?php print_string('auth_nologin_specificmessage_description', 'auth_nologin'); ?></td>
</tr>
<tr>
    <td align="right">
        <label for="specific_message_text"><?php print_string('auth_nologin_specificmessage_text_key', 'auth_nologin'); ?></label>
    </td>
    <td>
        <input id="specific_message_text" name="specific_message_text" type="text" size="100" value="<?php echo $config->specific_message_text; ?>" />
    </td>
    <td><?php print_string('auth_nologin_specificmessage_text_description', 'auth_nologin'); ?></td>
</tr>
</table>
  1. Next we are going to modify an existing file called "auth.php"  - should be in the same folder that you are currently in.
  2. We are going to add two functions to this class. So right before the ending bracket, place this code:
 /**
     * Prints a form for configuring this authentication plugin.
     *
     * This function is called from admin/auth.php, and outputs a full page with
     * a form for configuring this plugin.
     */
    function config_form($config, $err, $user_fields) 
    {
        include "config.html";
    }

    /**
     * Processes and stores configuration data for this authentication plugin.
     */
    function process_config($config) {
        // set to defaults if undefined
        if (!isset($config->enable_specific_message)) 
        {
            $config->enable_specific_message = false;
        }
        if (!isset($config->specific_message_text)) 
        {
            $config->specific_message_text = get_string('invalidlogin');
        }

        // save settings
        set_config('enable_specific_message',   $config->enable_specific_message,   'auth/nologin');
        set_config('specific_message_text',     $config->specific_message_text,     'auth/nologin');

        return true;
    }

  1. Next we go inside the lang folder -> en -> and we'll open up "auth_nologin.php" to modify it. 
  2. We are going to add the following strings to the file:
$string['auth_nologin_specificmessage_select_key'] = 'Enable specific "invalid login" message';
$string['auth_nologin_specificmessage_description'] = 'Presents a specific message to users marked as "nologin" when they try to authenticate. <strong>Security Warning: The message is displayed even if the password is wrong, allowing attackers to find out existing usernames.</strong>';
$string['auth_nologin_specificmessage_text_key'] = 'Message to be presented';
$string['auth_nologin_specificmessage_text_description'] = 'Only considered when the above option is selected.';

  1. There is only one file left to modify. Go to root/login/index.php
  2. Around line 239, you should see the beginning of an "if" statment:  if (empty($errormsg)) {
  3. We are going to replace all content between the brackets of the "if" statement like this:
if (empty($errormsg)) 
{
            // check if user is set as 'nologin' and if a specific message is desired
            $user_auth = $DB->get_field('user', 'auth', array('username' => $frm->username), IGNORE_MISSING);
            $nologin_cfgs = get_config('auth/nologin');

            if (!empty($user_auth) && $user_auth == 'nologin' && !empty($nologin_cfgs->enable_specific_message)) {
                $errormsg = $nologin_cfgs->specific_message_text;
            } else {
                $errormsg = get_string("invalidlogin");
            }
            $errorcode = 3;
 }

Now all your specific messages will show up on the login panel! There is one warning to this patch though:
Security Warning: The message is displayed even if the password is wrong, allowing attackers to find out existing usernames.

No comments:

Post a Comment