<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Agree. That should work nicely. Also it solves another issue: What
to do with that code if I merge in the code that Len did to be able
to set authentication during setup and in the management page.<br>
<br>
<div class="moz-cite-prefix">Op 24-11-2015 om 12:29 schreef Ron
Mitchell:<br>
</div>
<blockquote cite="mid:004501d126ab$54636c00$fd2a4400$@co.uk"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi all<o:p></o:p></p>
<p class="MsoNormal">I was made aware of a slight issue with the
Moodle authentication recently and have investigated further
and confirmed that in certain scenarios there is an issue but
I think an easy enough fix…<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">In auth_config.php we have some uncommented
and commented code specific to moodle authentication. First we
have an uncommented/active section of code where it checks if
the authentication method set is Moodle and if so then checks
if the logged in username is guest and if it is displays a you
don't have permissions message to prevent guest users from
authoring with xerte. We've had this for a long time and it
mostly works ok but if the moodle allows guest login to
courses that contain links to public xerte LO's this code also
prevents access to those LO's not just to the workspace. If
someone visits the public links without first logging in to
Moodle as guest then it works fine. I think this has been the
case for quite a while now but isn't often picked up as an
issue because it's only an issue in this specific scenario. I
also think it only became an issue when the authentication
code was moved in a much earlier version.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I've tested the following but wanted to
check your thoughts before making the changes and committing….<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">1. Move the uncommented //restrict moodle
guest access code and the commented //restrict moodle access
via custom moodle profile field named xot code to a new file
names moodle_restrictions.php<o:p></o:p></p>
<p class="MsoNormal">2. add a require to that file around line
46 of index.php just under login_processing2();<o:p></o:p></p>
<p class="MsoNormal">3. Update moodle_integration_readme.txt
accordingly<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">This change means that the code still works
and prevents access to the authoring workspace but doesn't
prevent access to public LO's even if logged in to moodle as
guest.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ok for me to make and commit these changes?
<o:p></o:p></p>
<p class="MsoNormal">Or is there a different/better way to
achieve this?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ron<o:p></o:p></p>
</div>
<pre>
This message and any attachment are intended solely for the addressee
and may contain confidential information. If you have received this
message in error, please send it back to me, and immediately delete it.
Please do not use, copy or disclose the information contained in this
message or in any attachment. Any views or opinions expressed by the
author of this email do not necessarily reflect the views of the
University of Nottingham.
This message has been checked for viruses but the contents of an
attachment may still contain software viruses which could damage your
computer system, you are advised to perform your own checks. Email
communications with the University of Nottingham may be monitored as
permitted by UK legislation.
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Xerte-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Xerte-dev@lists.nottingham.ac.uk">Xerte-dev@lists.nottingham.ac.uk</a>
<a class="moz-txt-link-freetext" href="http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev">http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
--
Tom Reijnders
TOR Informatica
Chopinlaan 27
5242HM Rosmalen
Tel: 073 5226191
Fax: 073 5226196
</pre>
</body>
</html>