### Eclipse Workspace Patch 1.0
#P moodle18
Index: login/logout.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/logout.php,v
retrieving revision 1.18.2.2
diff -u -r1.18.2.2 logout.php
--- login/logout.php	2 Mar 2007 16:54:39 -0000	1.18.2.2
+++ login/logout.php	20 Mar 2007 20:58:28 -0000
@@ -3,11 +3,13 @@
 
     require_once("../config.php");
 
-    if (!empty($USER->mnethostid) and $USER->mnethostid != $CFG->mnet_localhost_id) {
-        $host = get_record('mnet_host', 'id', $USER->mnethostid);
-        $wwwroot = $host->wwwroot;
-    } else {
-        $wwwroot = $CFG->wwwroot;
+    // can be overriden by auth plugins
+    $redirect = $CFG->wwwroot.'/';
+
+    $authsequence = explode(',', $CFG->auth); // auths, in sequence
+    foreach($authsequence as $authname) {
+        $authplugin = get_auth_plugin($authname);
+        $authplugin->prelogin_hook();
     }
 
     $sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning
@@ -21,6 +23,6 @@
 
     require_logout();
 
-    redirect("$wwwroot/");
+    redirect($redirect);
 
 ?>
Index: login/signup.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/signup.php,v
retrieving revision 1.52.2.2
diff -u -r1.52.2.2 signup.php
--- login/signup.php	27 Feb 2007 10:25:56 -0000	1.52.2.2
+++ login/signup.php	20 Mar 2007 20:58:28 -0000
@@ -8,7 +8,7 @@
     }
     $authplugin = get_auth_plugin($CFG->registerauth);
 
-    if (!method_exists($authplugin, 'user_signup')) {
+    if (!$authplugin->can_signup()) {
         error("Sorry, you may not use this page.");
     }
 
@@ -28,7 +28,7 @@
         $user->secret      = random_string(15);
         $user->auth        = $CFG->registerauth;
 
-        $authplugin->user_signup($user, $notify=true); // prints notice and link to login/index.php
+        $authplugin->user_signup($user, true); // prints notice and link to login/index.php
         exit; //never reached
     }
 
Index: login/signup_form.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/signup_form.php,v
retrieving revision 1.23.2.2
diff -u -r1.23.2.2 signup_form.php
--- login/signup_form.php	27 Feb 2007 10:25:56 -0000	1.23.2.2
+++ login/signup_form.php	20 Mar 2007 20:58:28 -0000
@@ -76,10 +76,11 @@
 				}
 			}
 		}
-		if (method_exists($authplugin, 'user_exists')){
-			if ($authplugin->user_exists($user->username)) {
-				$errors['username'] = get_string('usernameexists');
-			}
+
+        //check if user exists in external db
+        //TODO: maybe we should check all enabled plugins instead
+		if ($authplugin->user_exists($user->username)) {
+			$errors['username'] = get_string('usernameexists');
 		}
 
 
Index: login/index.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/index.php,v
retrieving revision 1.109.2.5
diff -u -r1.109.2.5 index.php
--- login/index.php	6 Mar 2007 23:53:19 -0000	1.109.2.5
+++ login/index.php	20 Mar 2007 20:58:28 -0000
@@ -23,9 +23,6 @@
         $session_has_timed_out = false;
     }
 
-    //HTTPS is potentially required in this page
-    httpsrequired();
-
 /// Check if the guest user exists.  If not, create one.
     if (! record_exists('user', 'username', 'guest')) {
         $guest->auth        = 'manual'; 
@@ -49,11 +46,6 @@
 
 $authsequence = explode(',', $CFG->auth); // auths, in sequence
 
-// Load alternative login screens if necessary
-if ($authsequence[0] == 'cas' and !empty($CFG->cas_enabled)) {
-        require($CFG->dirroot.'/auth/cas/login.php');
-    }
-
 if (!isset($CFG->registerauth)) {
     set_config('registerauth', '');
 }
@@ -62,17 +54,19 @@
     set_config('auth_instructions', '');
 }
 
-//  See http://moodle.org/mod/forum/discuss.php?d=39918#187611
-//    if ($CFG->auth == 'shibboleth') {
-//        if (!empty($SESSION->shibboleth_checked) ) {  // Just come from there
-//            unset($SESSION->shibboleth_checked);
-//        } else if (empty($_POST)) {                   // No incoming data, so redirect
-//            redirect($CFG->wwwroot.'/auth/shibboleth/index.php');
-//        }
-//    }
-    
 
-    
+// auth plugins can override these - SSO anyone?
+$frm  = false;
+$user = false;
+
+foreach($authsequence as $authname) {
+    $authplugin = get_auth_plugin($authname);
+    $authplugin->prelogin_hook();
+}
+
+//HTTPS is potentially required in this page
+httpsrequired();
+
 /// Define variables used in page
     if (!$site = get_site()) {
         error("No site found!");
@@ -91,16 +85,18 @@
 
     $loginurl = (!empty($CFG->alternateloginurl)) ? $CFG->alternateloginurl : '';
 
-    $frm = false;
-    $user = false;
 
+    if ($user !== false or $frm !== false) {
+        // some auth plugin alredy supplied these
 
-    if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
+    } else if ((!empty($SESSION->wantsurl) and strstr($SESSION->wantsurl,'username=guest')) or $loginguest) {
         /// Log in as guest automatically (idea from Zbigniew Fiedorowicz)
         $frm->username = 'guest';
         $frm->password = 'guest';
+
     } else if (!empty($SESSION->wantsurl) && file_exists($CFG->dirroot.'/login/weblinkauth.php')) {
         // Handles the case of another Moodle site linking into a page on this site
+        //TODO: move weblink into own auth plugin
         include($CFG->dirroot.'/login/weblinkauth.php');
         if (function_exists(weblink_auth)) {
             $user = weblink_auth($SESSION->wantsurl);
@@ -110,6 +106,7 @@
         } else {
             $frm = data_submitted($loginurl);
         }
+
     } else {
         $frm = data_submitted($loginurl);
     }
@@ -120,7 +117,7 @@
 
         $errormsg = get_string("cookiesnotenabled");
 
-    } else  if ($frm) {                             // Login WITH cookies
+    } else if ($frm) {                             // Login WITH cookies
 
         $frm->username = trim(moodle_strtolower($frm->username));
 
@@ -132,10 +129,12 @@
             }
         }
 
-        if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
+        if ($user) {
+            //user already supplied by aut plugin prelogin hook
+        } else if (($frm->username == 'guest') and empty($CFG->guestloginbutton)) {
             $user = false;    /// Can't log in as guest if guest button is disabled
             $frm = false;
-        } else if (!$user) {
+        } else {
             if (empty($errormsg)) {
                 $user = authenticate_user_login($frm->username, $frm->password);
             }
@@ -178,7 +177,7 @@
             //Select password change url
             $userauth = get_auth_plugin($USER->auth);
             if ($userauth->can_change_password()) {
-                if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+                if ($userauth->change_password_url()) {
                     $passwordchangeurl = $userauth->change_password_url();
                 } else {
                     $passwordchangeurl = $CFG->httpswwwroot.'/login/change_password.php';
@@ -213,7 +212,7 @@
             }
 
           /// Go to my-moodle page instead of homepage if mymoodleredirect enabled
-            if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM, SITEID)) and !empty($CFG->mymoodleredirect) and !isguest()) {
+            if (!has_capability('moodle/site:config',get_context_instance(CONTEXT_SYSTEM)) and !empty($CFG->mymoodleredirect) and !isguest()) {
                 if ($urltogo == $CFG->wwwroot or $urltogo == $CFG->wwwroot.'/' or $urltogo == $CFG->wwwroot.'/index.php') {
                     $urltogo = $CFG->wwwroot.'/my/';
                 }
@@ -222,7 +221,7 @@
 
             // check if user password has expired
             // Currently supported only for ldap-authentication module
-            if (method_exists($userauth, 'password_expire') and !empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
+            if (!empty($userauth->config->expiration) and $userauth->config->expiration == 1) {
                     $days2expire = $userauth->password_expire($USER->username);
                     if (intval($days2expire) > 0 && intval($days2expire) < intval($CFG->{$USER->auth.'_expiration_warning'})) {
                         print_header("$site->fullname: $loginsite", "$site->fullname", $loginsite, $focus, "", true, "<div class=\"langmenu\">$langmenu</div>"); 
Index: login/change_password.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/change_password.php,v
retrieving revision 1.54.2.3
diff -u -r1.54.2.3 change_password.php
--- login/change_password.php	6 Mar 2007 10:48:12 -0000	1.54.2.3
+++ login/change_password.php	20 Mar 2007 20:58:26 -0000
@@ -43,7 +43,7 @@
         error(get_string('nopasswordchange', 'auth'));
     }
 
-    if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+    if ($userauth->change_password_url()) {
         // this internal scrip not used
         redirect($userauth->change_password_url());
     }
Index: login/confirm.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/confirm.php,v
retrieving revision 1.24.2.2
diff -u -r1.24.2.2 confirm.php
--- login/confirm.php	27 Feb 2007 10:25:56 -0000	1.24.2.2
+++ login/confirm.php	20 Mar 2007 20:58:26 -0000
@@ -12,7 +12,7 @@
     }
     $authplugin = get_auth_plugin($CFG->registerauth);
 
-    if (!method_exists($authplugin, 'user_confirm')) {
+    if ($authplugin->can_confirm()) {
         error("Sorry, you may not use this page.");
     }
 
@@ -42,10 +42,8 @@
 
         } else if ($confirmed == AUTH_CONFIRM_OK) {
             // Activate new user if necessary
-            if (method_exists($authplugin, 'user_activate')) {
-                if (!$authplugin->user_activate($username)) {
-                    error('Could not activate this user!');
-                }
+            if (!$authplugin->user_activate($username)) {
+                error('Could not activate this user!');
             }
 
             // The user has confirmed successfully, let's log them in
Index: login/forgot_password.php
===================================================================
RCS file: /cvsroot/moodle/moodle/login/forgot_password.php,v
retrieving revision 1.38.2.3
diff -u -r1.38.2.3 forgot_password.php
--- login/forgot_password.php	22 Feb 2007 22:25:20 -0000	1.38.2.3
+++ login/forgot_password.php	20 Mar 2007 20:58:26 -0000
@@ -98,7 +98,7 @@
 
         $userauth = get_auth_plugin($user->auth);
 
-        if (method_exists($userauth, 'can_reset_password') and $userauth->can_reset_password()) {
+        if ($userauth->can_reset_password()) {
             // reset internal password and notify user
 
             // set 'secret' string
Index: login/index_form.html
===================================================================
RCS file: /cvsroot/moodle/moodle/login/index_form.html,v
retrieving revision 1.48.2.1
diff -u -r1.48.2.1 index_form.html
--- login/index_form.html	20 Feb 2007 17:28:45 -0000	1.48.2.1
+++ login/index_form.html	20 Mar 2007 20:58:28 -0000
@@ -90,16 +90,13 @@
                    </form>
                  </div>
 <?php     } else if (!empty($CFG->registerauth)) {
-              echo format_text($CFG->auth_instructions);
-              $authplugin = get_auth_plugin($CFG->registerauth);
-              if (method_exists($authplugin, 'user_create')) { ?>
-                <div class="signupform">
-                  <form action="signup.php" method="get" id="signup">
-                  <div><input type="submit" value="<?php print_string("startsignup") ?>" /></div>
-                  </form>
-                </div>
-<?php         }
-          } else {
+              echo format_text($CFG->auth_instructions); ?>
+              <div class="signupform">
+                <form action="signup.php" method="get" id="signup">
+                <div><input type="submit" value="<?php print_string("startsignup") ?>" /></div>
+                </form>
+              </div>
+<?php     } else {
               echo format_text($CFG->auth_instructions);
           } ?>
       </div>
Index: auth/ldap/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/ldap/auth.php,v
retrieving revision 1.6.2.3
diff -u -r1.6.2.3 auth.php
--- auth/ldap/auth.php	21 Feb 2007 21:45:14 -0000	1.6.2.3
+++ auth/ldap/auth.php	20 Mar 2007 20:58:05 -0000
@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * LDAP authentication plugin.
  */
-class auth_plugin_ldap {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_ldap extends auth_plugin_base {
 
     /**
      * Constructor with initialisation.
      */
     function auth_plugin_ldap() {
+        $this->authtype = 'ldap';
         $this->config = get_config('auth/ldap');
         if (empty($this->config->ldapencoding)) {
             $this->config->ldapencoding = 'utf-8';
@@ -274,7 +272,7 @@
      * If userpassword does not expire it should return 0. If password is already expired
      * it should return negative value.
      *
-     * @param mixed $username username
+     * @param mixed $username username (with system magic quotes)
      * @return integer
      */
     function password_expire($username) {
@@ -584,7 +582,7 @@
                         if ($this->iscreator($user->username)) {
                             role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, 'ldap');
                         } else {
-                            role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
+                            role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id, 'ldap');
                         }
                     }
 
@@ -783,26 +781,18 @@
     /**
      * Returns true if user should be coursecreator.
      *
-     * @param mixed $username    username (with system magic quotes)
+     * @param mixed $username    username (without system magic quotes)
      * @return boolean result
      */
-    function iscreator($username = false) {
-        global $USER;
-
+    function iscreator($username) {
         if (empty($this->config->creators) or empty($this->config->memberattribute)) {
-            return false;
-        }
-
-        if ($username === false) {
-            $username = $USER->username;
-        } else {
-            $username = stripslashes($username);
+            return null;
         }
 
         $textlib = textlib_get_instance();
         $extusername = $textlib->convert($username, 'utf-8', $this->config->ldapencoding);
 
-        return $this->ldap_isgroupmember($extusername, $this->config->creators);
+        return (boolean)$this->ldap_isgroupmember($extusername, $this->config->creators);
     }
 
     /**
@@ -1513,6 +1503,30 @@
     }
 
     /**
+     * Sync roles for this user
+     *
+     * @param $user object user object (without system magic quotes)
+     */
+    function sync_roles($user) {
+        $iscreator = $this->iscreator($user->username);
+        if ($iscreator === null) {
+            return; //nothing to sync - creators not configured
+        }
+
+        if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
+            $creatorrole = array_shift($roles);      // We can only use one, let's use the first one
+            $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+
+            if ($iscreator) { // Following calls will not create duplicates
+                role_assign($creatorrole->id, $user->id, 0, $systemcontext->id, 0, 0, 0, 'ldap');
+            } else {
+                //unassign only if previously assigned by this plugin!
+                role_unassign($creatorrole->id, $user->id, 0, $systemcontext->id, 'ldap');
+            }
+        }
+    }
+
+    /**
      * Prints a form for configuring this authentication plugin.
      *
      * This function is called from admin/auth.php, and outputs a full page with
Index: auth/imap/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/imap/auth.php,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 auth.php
--- auth/imap/auth.php	21 Feb 2007 21:45:14 -0000	1.2.2.2
+++ auth/imap/auth.php	20 Mar 2007 20:58:01 -0000
@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * IMAP authentication plugin.
  */
-class auth_plugin_imap {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_imap extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_imap() {
+        $this->authtype = 'imap';
         $this->config = get_config('auth/imap');
     }
 
Index: auth/email/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/email/auth.php,v
retrieving revision 1.5.2.4
diff -u -r1.5.2.4 auth.php
--- auth/email/auth.php	27 Feb 2007 10:25:56 -0000	1.5.2.4
+++ auth/email/auth.php	20 Mar 2007 20:57:59 -0000
@@ -16,21 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
 
 /**
  * Email authentication plugin.
  */
-class auth_plugin_email {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_email extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_email() {
+        $this->authtype = 'email';
         $this->config = get_config('auth/email');
     }
 
@@ -65,6 +62,10 @@
         return update_internal_user_password($user, $newpassword);
     }
 
+    function can_signup() {
+        return true;
+    }
+
     /**
      * Sign up a new user ready for confirmation.
      * Password is passed in plaintext.
@@ -72,7 +73,7 @@
      * @param object $user new user object (with system magic quotes)
      * @param boolean $notify print notice with link and terminate
      */
-    function user_signup($user, $notify = true) {
+    function user_signup($user, $notify=true) {
         $user->password = hash_internal_user_password($user->password);
 
         if (! ($user->id = insert_record('user', $user)) ) {
@@ -93,6 +94,15 @@
     }
 
     /**
+     * Returns true if plugin allows confirming of new users.
+     *
+     * @return bool
+     */
+    function can_confirm() {
+        return true;
+    }
+
+    /**
      * Confirm the new user as registered.
      *
      * @param string $username (with system magic quotes)
Index: auth/authlib.php
===================================================================
RCS file: auth/authlib.php
diff -N auth/authlib.php
--- auth/authlib.php	4 Jan 2007 04:52:43 -0000	1.1
+++ /dev/null	1 Jan 1970 00:00:00 -0000
@@ -1,33 +0,0 @@
-<?php
-/**
- * @author Martin Dougiamas
- * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
- * @package moodle multiauth
- *
- * Multiple plugin authentication
- * Support library
- *
- * 2006-08-28  File created, AUTH return values defined.
- */
-
-/**
- * Returned when the login was successful.
- */
-define('AUTH_OK',     0);
-
-/**
- * Returned when the login was unsuccessful.
- */
-define('AUTH_FAIL',   1);
-
-/**
- * Returned when the login was denied (a reason for AUTH_FAIL).
- */
-define('AUTH_DENIED', 2);
-
-/**
- * Returned when some error occurred (a reason for AUTH_FAIL).
- */
-define('AUTH_ERROR',  4);
-
-?>
Index: lib/moodlelib.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/moodlelib.php,v
retrieving revision 1.837.2.31
diff -u -r1.837.2.31 moodlelib.php
--- lib/moodlelib.php	20 Mar 2007 08:07:00 -0000	1.837.2.31
+++ lib/moodlelib.php	20 Mar 2007 20:58:19 -0000
@@ -261,14 +261,6 @@
 define ('BLOG_SITE_LEVEL', 4);
 define ('BLOG_GLOBAL_LEVEL', 5);
 
-/**
- * Authentication - error codes for user confirm
- */
-define('AUTH_CONFIRM_FAIL', 0);
-define('AUTH_CONFIRM_OK', 1);
-define('AUTH_CONFIRM_ALREADY', 2);
-define('AUTH_CONFIRM_ERROR', 3);
-
 
 
 /// PARAMETER HANDLING ////////////////////////////////////////////////////
@@ -1673,7 +1665,7 @@
     if (get_user_preferences('auth_forcepasswordchange') && empty($USER->realuser)) {
         if ($userauth->can_change_password()) {
             $SESSION->wantsurl = $FULLME;
-            if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+            if ($userauth->change_password_url()) {
                 //use plugin custom url
                 redirect($userauth->change_password_url());
             } else {
@@ -2440,12 +2432,10 @@
 
     $authplugin = get_auth_plugin($auth);
 
-    if (method_exists($authplugin, 'get_userinfo')) {
-        if ($newinfo = $authplugin->get_userinfo($username)) {
-            $newinfo = truncate_userinfo($newinfo);
-            foreach ($newinfo as $key => $value){
-                $newuser->$key = addslashes($value);
-            }
+    if ($newinfo = $authplugin->get_userinfo($username)) {
+        $newinfo = truncate_userinfo($newinfo);
+        foreach ($newinfo as $key => $value){
+            $newuser->$key = addslashes($value);
         }
     }
 
@@ -2489,24 +2479,23 @@
  * @return user A {@link $USER} object
  */
 function update_user_record($username, $authplugin) {
-    if (method_exists($authplugin, 'get_userinfo')) {
-        $username = trim(moodle_strtolower($username)); /// just in case check text case
+    $username = trim(moodle_strtolower($username)); /// just in case check text case
 
-        $oldinfo = get_record('user', 'username', $username, '','','','', 'username, auth');
-        $userauth = get_auth_plugin($oldinfo->auth);
+    $oldinfo = get_record('user', 'username', $username, '','','','', 'username, auth');
+    $userauth = get_auth_plugin($oldinfo->auth);
 
-        if ($newinfo = $authplugin->get_userinfo($username)) {
-            $newinfo = truncate_userinfo($newinfo);
-            foreach ($newinfo as $key => $value){
-                $confkey = 'field_updatelocal_' . $key;
-                if (!empty($userauth->config->$confkey) and $userauth->config->$confkey === 'onlogin') {
-                    $value = addslashes(stripslashes($value));   // Just in case
-                    set_field('user', $key, $value, 'username', $username)
-                        or error_log("Error updating $key for $username");
-                }
+    if ($newinfo = $userauth->get_userinfo($username)) {
+        $newinfo = truncate_userinfo($newinfo);
+        foreach ($newinfo as $key => $value){
+            $confkey = 'field_updatelocal_' . $key;
+            if (!empty($userauth->config->$confkey) and $userauth->config->$confkey === 'onlogin') {
+                $value = addslashes(stripslashes($value));   // Just in case
+                set_field('user', $key, $value, 'username', $username)
+                    or error_log("Error updating $key for $username");
             }
         }
     }
+
     return get_complete_user_data('username', $username);
 }
 
@@ -2627,29 +2616,10 @@
             // if user not found, create him
             $user = create_user_record($username, $password, $auth);
         }
-        // fix for MDL-6928
-        if (method_exists($authplugin, 'iscreator')) {
-            $sitecontext = get_context_instance(CONTEXT_SYSTEM);
-            if ($creatorroles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
-                $creatorrole = array_shift($creatorroles); // We can only use one, let's use the first one
-                // Check if the user is a creator
-                if ($authplugin->iscreator($username)) { // Following calls will not create duplicates
-                    role_assign($creatorrole->id, $user->id, 0, $sitecontext->id, 0, 0, 0, $auth);
-                } else {
-                    role_unassign($creatorrole->id, $user->id, 0, $sitecontext->id);
-                }
-            }
-        }
 
-    /// Log in to a second system if necessary
-        if (!empty($CFG->sso)) {
-            include_once($CFG->dirroot .'/sso/'. $CFG->sso .'/lib.php');
-            if (function_exists('sso_user_login')) {
-                if (!sso_user_login($username, $password)) {   // Perform the signon process
-                    notify('Second sign-on failed');
-                }
-            }
-        }
+        $authplugin->sync_roles($user);
+
+        $authplugin->user_authenticated_hook($user, $username, $password);
 
         return $user;
 
@@ -3586,7 +3556,7 @@
     $data->admin = fullname($from).' ('. $from->email .')';
 
      $userauth = get_auth_plugin($user->auth);
-    if ($userauth->can_change_password() and method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+    if ($userauth->can_change_password() and $userauth->change_password_url()) {
         // we have some external url for password cahnging
         $data->link .= $userauth->change_password_url();
 
Index: lib/accesslib.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/accesslib.php,v
retrieving revision 1.221.2.25
diff -u -r1.221.2.25 accesslib.php
--- lib/accesslib.php	20 Mar 2007 07:38:18 -0000	1.221.2.25
+++ lib/accesslib.php	20 Mar 2007 20:58:12 -0000
@@ -2194,9 +2194,10 @@
  * @param $userid
  * @param $groupid
  * @param $contextid
+ * @param $enrol unassign only if enrolment type matches, NULL means anything
  * @return boolean - success or failure
  */
-function role_unassign($roleid=0, $userid=0, $groupid=0, $contextid=0) {
+function role_unassign($roleid=0, $userid=0, $groupid=0, $contextid=0, $enrol=NULL) {
 
     global $USER, $CFG;
 
@@ -2209,6 +2210,9 @@
             $select[] = $arg.' = '.$$arg;
         }
     }
+    if (!empty($enrol)) {
+        $select[] = "enrol='$enrol'";
+    }
 
     if ($select) {
         if ($ras = get_records_select('role_assignments', implode(' AND ', $select))) {
Index: auth/shibboleth/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/shibboleth/auth.php,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 auth.php
--- auth/shibboleth/auth.php	9 Mar 2007 12:34:03 -0000	1.1.2.3
+++ auth/shibboleth/auth.php	20 Mar 2007 20:58:07 -0000
@@ -24,20 +24,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * Shibboleth authentication plugin.
  */
-class auth_plugin_shibboleth {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_shibboleth extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_shibboleth() {
+        $this->authtype = 'shibboleth';
         $this->config = get_config('auth/shibboleth');
     }
 
@@ -148,6 +146,22 @@
         return false;
     }
 
+    function prelogin_hook() {
+        global $SESSION, $CFG;
+
+        //TODO: fix the code
+        return;
+
+    //  See http://moodle.org/mod/forum/discuss.php?d=39918#187611
+    //    if ($CFG->auth == 'shibboleth') {
+    //        if (!empty($SESSION->shibboleth_checked) ) {  // Just come from there
+    //            unset($SESSION->shibboleth_checked);
+    //        } else if (empty($_POST)) {                   // No incoming data, so redirect
+    //            redirect($CFG->wwwroot.'/auth/shibboleth/index.php');
+    //        }
+    //    }
+    }
+
     /**
      * Prints a form for configuring this authentication plugin.
      *
Index: blocks/login/block_login.php
===================================================================
RCS file: /cvsroot/moodle/moodle/blocks/login/block_login.php,v
retrieving revision 1.19.2.2
diff -u -r1.19.2.2 block_login.php
--- blocks/login/block_login.php	11 Mar 2007 19:59:13 -0000	1.19.2.2
+++ blocks/login/block_login.php	20 Mar 2007 20:58:07 -0000
@@ -29,7 +29,7 @@
         
         if (!empty($CFG->registerauth)) {
             $authplugin = get_auth_plugin($CFG->registerauth);
-            if (method_exists($authplugin, 'user_signup')) {
+            if ($authplugin->can_signup()) {
                 $signup = $wwwroot . '/login/signup.php';
             }
         }
Index: user/view.php
===================================================================
RCS file: /cvsroot/moodle/moodle/user/view.php,v
retrieving revision 1.143.2.6
diff -u -r1.143.2.6 view.php
--- user/view.php	19 Mar 2007 18:52:48 -0000	1.143.2.6
+++ user/view.php	20 Mar 2007 20:58:28 -0000
@@ -352,7 +352,7 @@
 
     $passwordchangeurl = false;
     if ($userauth->can_change_password()) {
-        if (method_exists($userauth, 'change_password_url') and $userauth->change_password_url()) {
+        if ($userauth->change_password_url()) {
             $passwordchangeurl = $userauth->change_password_url();
         } else {
             if (empty($CFG->loginhttps)) {
Index: user/edit.php
===================================================================
RCS file: /cvsroot/moodle/moodle/user/edit.php,v
retrieving revision 1.152.2.4
diff -u -r1.152.2.4 edit.php
--- user/edit.php	14 Mar 2007 23:35:08 -0000	1.152.2.4
+++ user/edit.php	20 Mar 2007 20:58:28 -0000
@@ -70,20 +70,18 @@
 
         $usernew->timemodified = time();
 
-        if (update_record('user', $usernew)) {
-            if (method_exists($authplugin, 'user_update')){
-                // pass a true $userold here
-                if (! $authplugin->user_update($user, $userform->get_data(false))) {
-                    // auth update failed, rollback for moodle
-                    update_record('user', addslashes_object($user));
-                    error('Failed to update user data on external auth: '.$usernew->auth.
-                            '. See the server logs for more details.');
-                }
-            };
-        } else {
+        if (!update_record('user', $usernew)) {
             error('Error updating user record');
         }
 
+        // pass a true $userold here
+        if (! $authplugin->user_update($user, $userform->get_data(false))) {
+            // auth update failed, rollback for moodle
+            update_record('user', addslashes_object($user));
+            error('Failed to update user data on external auth: '.$usernew->auth.
+                    '. See the server logs for more details.');
+        }
+
         //update preferences
         useredit_update_user_preference($usernew);
 
Index: user/editadvanced.php
===================================================================
RCS file: /cvsroot/moodle/moodle/user/editadvanced.php,v
retrieving revision 1.8.2.3
diff -u -r1.8.2.3 editadvanced.php
--- user/editadvanced.php	14 Mar 2007 23:35:10 -0000	1.8.2.3
+++ user/editadvanced.php	20 Mar 2007 20:58:28 -0000
@@ -83,26 +83,20 @@
             if (!update_record('user', $usernew)) {
                 error('Error updating user record');
             }
-            if (method_exists($authplugin, 'user_update')){
-                // pass a true $userold here
-                if (! $authplugin->user_update($user, $userform->get_data(false))) {
-                    // auth update failed, rollback for moodle
-                    update_record('user', addslashes_object($user));
-                    error('Failed to update user data on external auth: '.$usernew->auth.
-                            '. See the server logs for more details.');
-                }
-            };
+            // pass a true $userold here
+            if (! $authplugin->user_update($user, $userform->get_data(false))) {
+                // auth update failed, rollback for moodle
+                update_record('user', addslashes_object($user));
+                error('Failed to update user data on external auth: '.$usernew->auth.
+                        '. See the server logs for more details.');
+            }
 
             //set new password if specified
             if (!empty($usernew->newpassword)) {
                 if ($authplugin->can_change_password()) {
-                    if (method_exists($authplugin, 'user_update_password')){
-                        if (!$authplugin->user_update_password($usernew, $usernew->newpassword)){
-                            error('Failed to update password on external auth: ' . $usernew->auth .
-                                    '. See the server logs for more details.');
-                        }
-                    } else {
-                        error('Your external authentication module is misconfigued!');
+                    if (!$authplugin->user_update_password($usernew, $usernew->newpassword)){
+                        error('Failed to update password on external auth: ' . $usernew->auth .
+                                '. See the server logs for more details.');
                     }
                 }
             }
Index: admin/auth_config.php
===================================================================
RCS file: /cvsroot/moodle/moodle/admin/auth_config.php,v
retrieving revision 1.6.2.1
diff -u -r1.6.2.1 auth_config.php
--- admin/auth_config.php	20 Feb 2007 17:13:36 -0000	1.6.2.1
+++ admin/auth_config.php	20 Mar 2007 20:57:58 -0000
@@ -19,9 +19,7 @@
         error(get_string('confirmsesskeybad', 'error'));
     }
 
-    if (method_exists($authplugin, 'validate_form')) {
-        $authplugin->validate_form($frm, $err);
-    }
+    $authplugin->validate_form($frm, $err);
 
     if (count($err) == 0) {
 
Index: admin/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/admin/auth.php,v
retrieving revision 1.53.2.5
diff -u -r1.53.2.5 auth.php
--- admin/auth.php	23 Feb 2007 00:35:20 -0000	1.53.2.5
+++ admin/auth.php	20 Mar 2007 20:57:58 -0000
@@ -147,7 +147,7 @@
 foreach ($authsenabled as $auth) {
     $authplugin = get_auth_plugin($auth);
     $displayauths[$auth] = get_string("auth_{$auth}title", 'auth');
-    if (method_exists($authplugin, 'user_signup')) {
+    if ($authplugin->can_signup()) {
         $registrationauths[$auth] = get_string("auth_{$auth}title", 'auth');
     }
 }
@@ -158,7 +158,7 @@
     }
     $authplugin = get_auth_plugin($auth);
     $displayauths[$auth] = get_string("auth_{$auth}title", 'auth');
-    if (method_exists($authplugin, 'user_signup')) {
+    if ($authplugin->can_signup()) {
         $registrationauths[$auth] = get_string("auth_{$auth}title", 'auth');
     }
 }
Index: auth/fc/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/fc/auth.php,v
retrieving revision 1.1.2.1
diff -u -r1.1.2.1 auth.php
--- auth/fc/auth.php	20 Feb 2007 17:06:48 -0000	1.1.2.1
+++ auth/fc/auth.php	20 Mar 2007 20:58:01 -0000
@@ -15,22 +15,20 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 require_once 'fcFPP.php';
 
 /**
  * FirstClass authentication plugin.
  */
-class auth_plugin_fc {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_fc extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_fc() {
+        $this->authtype = 'fc';
         $this->config = get_config('auth/fc');
     }
 
@@ -116,14 +114,9 @@
      * Get users group membership from the FirstClass server user and check if
      * user is member of one of the groups of creators.
      */
-    function iscreator($username = 0) {
-        global $USER;
-
+    function iscreator($username) {
         if (! $this->config->creators) {
-            return false;
-        }
-        if (! $username) {
-            $username = $USER->username;
+            return null;
         }
 
         $fcgroups = array();
@@ -143,7 +136,9 @@
         $creators = explode(";", $this->config->creators);
 
         foreach($creators as $creator) {
-            If (in_array($creator, $fcgroups)) return true;
+            if (in_array($creator, $fcgroups)) {
+                return true;
+            }
         }
 
         return false;
@@ -169,6 +164,30 @@
     }
 
     /**
+     * Sync roles for this user
+     *
+     * @param $user object user object (without system magic quotes)
+     */
+    function sync_roles($user) {
+        $iscreator = $this->iscreator($user->username);
+        if ($iscreator === null) {
+            return; //nothing to sync - creators not configured
+        }
+
+        if ($roles = get_roles_with_capability('moodle/legacy:coursecreator', CAP_ALLOW)) {
+            $creatorrole = array_shift($roles);      // We can only use one, let's use the first one
+            $systemcontext = get_context_instance(CONTEXT_SYSTEM);
+
+            if ($iscreator) { // Following calls will not create duplicates
+                role_assign($creatorrole->id, $user->id, 0, $systemcontext->id, 0, 0, 0, 'fc');
+            } else {
+                //unassign only if previously assigned by this plugin!
+                role_unassign($creatorrole->id, $user->id, 0, $systemcontext->id, 'fc');
+            }
+        }
+    }
+
+    /**
      * Prints a form for configuring this authentication plugin.
      *
      * This function is called from admin/auth.php, and outputs a full page with
Index: auth/db/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/db/auth.php,v
retrieving revision 1.11.2.4
diff -u -r1.11.2.4 auth.php
--- auth/db/auth.php	22 Feb 2007 22:25:19 -0000	1.11.2.4
+++ auth/db/auth.php	20 Mar 2007 20:57:59 -0000
@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * External database authentication plugin.
  */
-class auth_plugin_db {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_db extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_db() {
+        $this->authtype = 'db';
         $this->config = get_config('auth/db');
         if (empty($this->config->extencoding)) {
             $this->config->extencoding = 'utf-8';
@@ -572,7 +570,6 @@
             $this->config->changepasswordurl = '';
             set_config('changepasswordurl', '', 'auth/db');
         }
-        return true;
     }
 
     /**
Index: auth/mnet/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/mnet/auth.php,v
retrieving revision 1.14.2.3
diff -u -r1.14.2.3 auth.php
--- auth/mnet/auth.php	28 Feb 2007 05:36:30 -0000	1.14.2.3
+++ auth/mnet/auth.php	20 Mar 2007 20:58:05 -0000
@@ -16,21 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * Moodle Network authentication plugin.
  */
-class auth_plugin_mnet
-{
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_mnet extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_mnet() {
+        $this->authtype = 'mnet';
         $this->config = get_config('auth/mnet');
     }
 
@@ -1336,6 +1333,16 @@
         }
         return $accessctrl == 'allow';
     }
+
+    function prelogout_hook() {
+        global $USER, $CFG, $redirect;
+
+        if (!empty($USER->mnethostid) and $USER->mnethostid != $CFG->mnet_localhost_id) {
+            $host = get_record('mnet_host', 'id', $USER->mnethostid);
+            $redirect = $host->wwwroot.'/';
+        }
+    }
+
 }
 
 ?>
Index: auth/radius/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/radius/auth.php,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 auth.php
--- auth/radius/auth.php	21 Feb 2007 21:45:16 -0000	1.2.2.2
+++ auth/radius/auth.php	20 Mar 2007 20:58:07 -0000
@@ -17,20 +17,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * RADIUS authentication plugin.
  */
-class auth_plugin_radius {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_radius extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_radius() {
+        $this->authtype = 'radius';
         $this->config = get_config('auth/radius');
     }
 
Index: auth/nologin/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/nologin/auth.php,v
retrieving revision 1.1.2.3
diff -u -r1.1.2.3 auth.php
--- auth/nologin/auth.php	21 Feb 2007 21:45:15 -0000	1.1.2.3
+++ auth/nologin/auth.php	20 Mar 2007 20:58:07 -0000
@@ -16,16 +16,19 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * Plugin for no authentication.
  */
-class auth_plugin_nologin {
+class auth_plugin_nologin extends auth_plugin_base {
 
 
     /**
      * Constructor.
      */
     function auth_plugin_nologin() {
+        $this->authtype = 'nologin';
     }
 
     /**
Index: auth/manual/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/manual/auth.php,v
retrieving revision 1.4.2.3
diff -u -r1.4.2.3 auth.php
--- auth/manual/auth.php	22 Feb 2007 22:25:20 -0000	1.4.2.3
+++ auth/manual/auth.php	20 Mar 2007 20:58:05 -0000
@@ -15,23 +15,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * Manual authentication plugin.
  */
-class auth_plugin_manual
-{
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
-
-    var $canchangepassword = true;
-    var $isinternal = true;
+class auth_plugin_manual extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_manual() {
+        $this->authtype = 'manual';
         $this->config = get_config('auth/manual');
     }
 
Index: lib/db/postgres7.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/db/postgres7.php,v
retrieving revision 1.232.2.1
diff -u -r1.232.2.1 postgres7.php
--- lib/db/postgres7.php	28 Feb 2007 05:36:21 -0000	1.232.2.1
+++ lib/db/postgres7.php	20 Mar 2007 20:58:26 -0000
@@ -559,14 +559,15 @@
     
     if ($oldversion < 2004082600) {
         //update auth-fields for external users
-        include_once ($CFG->dirroot."/auth/".$CFG->auth."/lib.php");
+        // following code would not work in 1.8
+/*        include_once ($CFG->dirroot."/auth/".$CFG->auth."/lib.php");
         if (function_exists('auth_get_userlist')) {
             $externalusers = auth_get_userlist();
             if (!empty($externalusers)){
                 $externalusers = '\''. implode('\',\'',$externalusers).'\'';
                 execute_sql("UPDATE {$CFG->prefix}user SET auth = '$CFG->auth' WHERE username  IN ($externalusers)");
             }
-        }
+        }*/
     }
         
     if ($oldversion < 2004082900) {  // Make sure guest is "manual" too.
Index: lib/db/mysql.php
===================================================================
RCS file: /cvsroot/moodle/moodle/lib/db/mysql.php,v
retrieving revision 1.251.2.1
diff -u -r1.251.2.1 mysql.php
--- lib/db/mysql.php	28 Feb 2007 05:36:21 -0000	1.251.2.1
+++ lib/db/mysql.php	20 Mar 2007 20:58:23 -0000
@@ -826,14 +826,15 @@
 
     if ($oldversion < 2004082600) {
         //update auth-fields for external users
-        include_once ($CFG->dirroot."/auth/".$CFG->auth."/lib.php");
+        // following code would not work in 1.8
+/*        include_once ($CFG->dirroot."/auth/".$CFG->auth."/lib.php");
         if (function_exists('auth_get_userlist')) {
             $externalusers = auth_get_userlist();
             if (!empty($externalusers)){
                 $externalusers = '\''. implode('\',\'',$externalusers).'\'';
                 execute_sql("UPDATE {$CFG->prefix}user SET auth = '$CFG->auth' WHERE username  IN ($externalusers)");
             }
-        }
+        }*/
     }
 
     if ($oldversion < 2004082900) {  // Make sure guest is "manual" too.
Index: auth/pop3/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/pop3/auth.php,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 auth.php
--- auth/pop3/auth.php	21 Feb 2007 21:45:15 -0000	1.2.2.2
+++ auth/pop3/auth.php	20 Mar 2007 20:58:07 -0000
@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * POP3 authentication plugin.
  */
-class auth_plugin_pop3 {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_pop3 extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_pop3() {
+        $this->authtype = 'pop3';
         $this->config = get_config('auth/pop3');
     }
 
Index: auth/nntp/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/nntp/auth.php,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 auth.php
--- auth/nntp/auth.php	21 Feb 2007 21:45:14 -0000	1.2.2.2
+++ auth/nntp/auth.php	20 Mar 2007 20:58:07 -0000
@@ -16,20 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * NNTP authentication plugin.
  */
-class auth_plugin_nntp {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_nntp extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_nntp() {
+        $this->authtype = 'nntp';
         $this->config = get_config('auth/nntp');
     }
 
Index: auth/none/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/none/auth.php,v
retrieving revision 1.8
diff -u -r1.8 auth.php
--- auth/none/auth.php	20 Mar 2007 07:55:54 -0000	1.8
+++ auth/none/auth.php	20 Mar 2007 20:58:07 -0000
@@ -16,23 +16,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * Plugin for no authentication.
  */
-class auth_plugin_none {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
-
-    var $canchangepassword = true;
-    var $isinternal = true;
+class auth_plugin_none extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_none() {
+        $this->authtype = 'none';
         $this->config = get_config('auth/none');
     }
 
Index: auth/pam/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/pam/auth.php,v
retrieving revision 1.2.2.2
diff -u -r1.2.2.2 auth.php
--- auth/pam/auth.php	21 Feb 2007 21:45:14 -0000	1.2.2.2
+++ auth/pam/auth.php	20 Mar 2007 20:58:07 -0000
@@ -30,15 +30,12 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * PAM authentication plugin.
  */
-class auth_plugin_pam {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_pam extends auth_plugin_base {
 
     /**
      * Store error messages from pam authentication attempts.
@@ -49,6 +46,7 @@
      * Constructor.
      */
     function auth_plugin_pam() {
+        $this->authtype = 'pam';
         $this->config = get_config('auth/pam');
         $this->errormessage = '';
     }
Index: auth/cas/auth.php
===================================================================
RCS file: /cvsroot/moodle/moodle/auth/cas/auth.php,v
retrieving revision 1.3.2.2
diff -u -r1.3.2.2 auth.php
--- auth/cas/auth.php	21 Feb 2007 21:45:15 -0000	1.3.2.2
+++ auth/cas/auth.php	20 Mar 2007 20:57:58 -0000
@@ -15,20 +15,18 @@
     die('Direct access to this script is forbidden.');    ///  It must be included from a Moodle page
 }
 
+require_once($CFG->libdir.'/authlib.php');
+
 /**
  * CAS authentication plugin.
  */
-class auth_plugin_cas {
-
-    /**
-     * The configuration details for the plugin.
-     */
-    var $config;
+class auth_plugin_cas extends auth_plugin_base {
 
     /**
      * Constructor.
      */
     function auth_plugin_cas() {
+        $this->authtype = 'cas';
         $this->config = get_config('auth/cas');
     }
 
@@ -222,6 +220,17 @@
         return !empty($this->config->changepasswordurl);
     }
 
+    function prelogin_hook() {
+        // Load alternative login screens if necessary
+        // TODO: fix the cas login screen
+        return;
+
+        if(!empty($CFG->cas_enabled)) {
+            require($CFG->dirroot.'/auth/cas/login.php');
+        }
+    }
+
+
     /**
      * Prints a form for configuring this authentication plugin.
      *
Index: lib/authlib.php
===================================================================
RCS file: lib/authlib.php
diff -N lib/authlib.php
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ lib/authlib.php	1 Jan 1970 00:00:00 -0000
@@ -0,0 +1,281 @@
+<?php
+/**
+ * @author Martin Dougiamas
+ * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
+ * @package moodle multiauth
+ *
+ * Multiple plugin authentication
+ * Support library
+ *
+ * 2006-08-28  File created, AUTH return values defined.
+ */
+
+/**
+ * Returned when the login was successful.
+ */
+define('AUTH_OK',     0);
+
+/**
+ * Returned when the login was unsuccessful.
+ */
+define('AUTH_FAIL',   1);
+
+/**
+ * Returned when the login was denied (a reason for AUTH_FAIL).
+ */
+define('AUTH_DENIED', 2);
+
+/**
+ * Returned when some error occurred (a reason for AUTH_FAIL).
+ */
+define('AUTH_ERROR',  4);
+
+/**
+ * Authentication - error codes for user confirm
+ */
+define('AUTH_CONFIRM_FAIL', 0);
+define('AUTH_CONFIRM_OK', 1);
+define('AUTH_CONFIRM_ALREADY', 2);
+define('AUTH_CONFIRM_ERROR', 3);
+
+
+
+/**
+ * Abstract authentication plugin.
+ */
+class auth_plugin_base {
+
+    /**
+     * The configuration details for the plugin.
+     */
+    var $config;
+
+    /**
+     * Authentication plugin type - the same as db field.
+     */
+    var $authtype;
+
+    /**
+     * Returns true if the username and password work and false if they are
+     * wrong or don't exist.
+     *
+     * @param string $username The username (with system magic quotes)
+     * @param string $password The password (with system magic quotes)
+     *
+     * @return bool Authentication success or failure.
+     */
+    function user_login($username, $password) {
+        error('Abstract user_login() method must be overriden.');
+    }
+
+    /**
+     * Returns true if this authentication plugin can change the user's
+     * password.
+     *
+     * @return bool
+     */
+    function can_change_password() {
+        //override if needed
+        return false;
+    }
+
+    /**
+     * Returns the URL for changing the user's pw, or empty if the default can
+     * be used.
+     *
+     * @return string
+     */
+    function change_password_url() {
+        //override if needed
+        return '';
+    }
+
+    /**
+     * Returns true if this authentication plugin is 'internal'.
+     *
+     * @return bool
+     */
+    function is_internal() {
+        //override if needed
+        return true;
+    }
+
+    /**
+     * Change a user's password
+     *
+     * @param  object  $user        User table object  (with system magic quotes)
+     * @param  string  $newpassword Plaintext password (with system magic quotes)
+     *
+     * @return bool                  True on success
+     */
+    function user_update_password($user, $newpassword) {
+        //override if needed
+        return true;
+    }
+
+    /**
+     * Called when the user record is updated.
+     * Modifies user in external database. It takes olduser (before changes) and newuser (after changes)
+     * conpares information saved modified information to external db.
+     *
+     * @param mixed $olduser     Userobject before modifications    (without system magic quotes)
+     * @param mixed $newuser     Userobject new modified userobject (without system magic quotes)
+     * @return boolean true if updated or update ignored; false if error
+     *
+     */
+    function user_update($olduser, $newuser) {
+        //override if needed
+        return true;
+    }
+
+    /**
+     * Returns true if plugin allows resetting of internal password.
+     *
+     * @return bool
+     */
+    function can_reset_password() {
+        //override if needed
+        return false;
+    }
+
+    /**
+     * Returns true if plugin allows resetting of internal password.
+     *
+     * @return bool
+     */
+    function can_signup() {
+        //override if needed
+        return false;
+    }
+
+    /**
+     * Sign up a new user ready for confirmation.
+     * Password is passed in plaintext.
+     *
+     * @param object $user new user object (with system magic quotes)
+     * @param boolean $notify print notice with link and terminate
+     */
+    function user_signup($user, $notify=true) {
+        //override when can signup
+        error('user_signup method must be overriden if signup enabled');
+    }
+
+    /**
+     * Returns true if plugin allows confirming of new users.
+     *
+     * @return bool
+     */
+    function can_confirm() {
+        //override if needed
+        return false;
+    }
+
+    /**
+     * Confirm the new user as registered.
+     *
+     * @param string $username (with system magic quotes)
+     * @param string $confirmsecret (with system magic quotes)
+     */
+    function user_confirm($username, $confirmsecret) {
+        //override when can confirm
+        error('user_confirm method must be overriden if confirm enabled');
+    }
+
+    /**
+     * Checks if user exists in external db
+     *
+     * @param string $username (with system magic quotes)
+     */
+    function user_exists() {
+        //override if needed
+        return false;
+    }
+
+    /**
+     * Activates (enables) user in external db so user can login using username/password from external db
+     *
+     * @param mixed $username    username (with system magic quotes)
+     * @return boolen result
+     */
+    function user_activate($username) {
+        //override if needed
+        return true;
+    }
+
+    /**
+     * return number of days to user password expires
+     *
+     * If userpassword does not expire it should return 0. If password is already expired
+     * it should return negative value.
+     *
+     * @param mixed $username username (with system magic quotes)
+     * @return integer
+     */
+    function password_expire($username) {
+        return 0;
+    }
+    /**
+     * Sync roles for this user - usually creator
+     *
+     * @param $user object user object (without system magic quotes)
+     */
+    function sync_roles($user) {
+        //override if needed
+    }
+
+    /**
+     * Read user information from external database and returns it as array().
+     * Function should return all information available. If you are saving
+     * this information to moodle user-table you should honor syncronization flags
+     *
+     * @param string $username username (with system magic quotes)
+     *
+     * @return mixed array with no magic quotes or false on error
+     */
+    function get_userinfo($username) {
+        //override if needed
+        return array();
+    }
+
+    /**
+     * A chance to validate form data, and last chance to
+     * do stuff before it is inserted in config_plugin
+     */
+     function validate_form(&$form, &$err) {
+        //override if needed
+    }
+
+    /**
+     * Prelogin actions.
+     */
+    function prelogin_hook() {
+        //override if needed
+    }
+
+    /**
+     * Post authentication hook.
+     */
+    function user_authenticated_hook($user, $username, $password) {
+    /// TODO: review following code - looks hackish :-( mnet should obsole this, right?
+    /// Log in to a second system if necessary
+        global $CFG;
+
+        if (!empty($CFG->sso)) {
+            include_once($CFG->dirroot .'/sso/'. $CFG->sso .'/lib.php');
+            if (function_exists('sso_user_login')) {
+                if (!sso_user_login($username, $password)) {   // Perform the signon process
+                    notify('Second sign-on failed');
+                }
+            }
+        }
+    }
+
+    /**
+     * Prelogout actions.
+     */
+    function prelogout_hook() {
+        //override if needed
+    }
+}
+
+?>
