I would like to make it possible to redirect users from a site to my Moodle installation, providing two encrypted parameters in the url. Based on these parameter, Moodle should authenticate the users and grant or refuse access.

Is anyone familiar with this, and can anyone point me in the right direction?

Should I build a new plug-in, modify index.php ? Both ?

Basically the php code to process the GET-parameters is ready, but I don't know how and where to insert it in the Moodle code.

Cheers for helping, much appreciated

Paul

• authentication
• plugins
• moodle
• tweak

This is a problem solved many times before. The best option for doing it securely is to use one of the existing auth plugins. If the sites are on the same server or you are happy to allow direct database access so that Moodle can read the password hashes from your other site's DB, then you can use db auth, which is simplest. Otherwise, you'll need some sort of cookie based one. I've used CAS authentication before, but shibboleth is also an option. This may seem like overkill, but really, it isn't. Just having auth tokens in the url leaves you open to brute force password-guessing attacks, so the challenge-response mechanism that these plugins provide is very important.