This is based on patch by Jonathan Harker.

MDL-16723 automatic redirects to https when loginhttps enabled - this solves accidental usage of http version + it also solves recent navigation regressions + fixed regression from PAGE conversions + deprecated old httpsrequired() and $HTTPSPAGEREQUIRED

MDL-23489 auth plugins can specify own edit profile url - patch submitted by Jay Knight + tweaking change password url to use new moodle_url at the same time, it is backwards compatible, custom plugins may still use string url for now

We need to specify a valid user id in the call to role_assign(). And we only
have to make the call if the user has been added successfully, not
otherwise.

Also make sure we lowercase the memberuser and group distinguished names
before comparing them. Depending on the LDAP server we can get mixed case
values for the DNs, and the user may have specified the creators group/ou
name in a different case.

By the way, this has been broken for ages (since the auth cleanup in 1.8, in
2007!). It's a bit strange nobody noticed before :-O

Credit goes to Joe Chryst.

They now share most of the code again, this time via subclassing, and they
share some code with enrol/ldap. They have also gained some features and a few
fixes.

As authentication and enrolment plugins now have a version number, the LDAP
version number setting was "shadowed" by the plugin version number. So we
rename the LDAP setting name to ldap_version, et voila!

MDL-21782 reworked enrolment framework, the core infrastructure is in place, the basic plugins are all implemented; see the tracker issue for list of unfinished bits, expect more changes and improvements during the next week

AMOS START
    MOV [sendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage,enrol_self]
    MOV [configsendcoursewelcomemessage,core_admin],[sendcoursewelcomemessage_desc,enrol_self]
    MOV [enrolstartdate,core],[enrolstartdate,enrol_self]
    MOV [enrolenddate,core],[enrolenddate,enrol_self]
    CPY [welcometocourse,core],[welcometocourse,enrol_self]
    CPY [welcometocoursetext,core],[welcometocoursetext,enrol_self]
    MOV [notenrollable,core],[notenrollable,core_enrol]
    MOV [enrolenddaterror,core],[enrolenddaterror,enrol_self]
    MOV [enrolmentkeyhint,core],[passwordinvalidhint,enrol_self]
    MOV [coursemanager,core_admin],[coursecontact,core_admin]
    MOV [configcoursemanager,core_admin],[coursecontact_desc,core_admin]
    MOV [enrolledincourserole,core],[enrolledincourserole,enrol_manual]
    MOV [enrolme,core],[enrolme,core_enrol]
    MOV [unenrol,core],[unenrol,core_enrol]
    MOV [unenrolme,core],[unenrolme,core_enrol]
    MOV [enrolmentnew,core],[enrolmentnew,core_enrol]
    MOV [enrolmentnewuser,core],[enrolmentnewuser,core_enrol]
    MOV [enrolments,core],[enrolments,core_enrol]
    MOV [enrolperiod,core],[enrolperiod,core_enrol]
    MOV [unenrolroleusers,core],[unenrolroleusers,core_enrol]
AMOS END

MDL-16919 we have to really use the username cleaning only when manually adding new accounts, any sync with external system needs the exact match without any cleaning!

AMOS START
 REM fixed $a[] in [auth_dbdeleteuser, auth_db]
 REM fixed $a[] in [auth_dbinsertuser, auth_db]
 REM fixed $a[] in [auth_dbreviveduser, auth_db]
 REM fixed $a[] in [auth_dbsuspenduser, auth_db]
 REM fixed $a[] in [auth_dbupdatinguser, auth_db]
AMOS END

Forward-ported from MOODLE_18_STABLE

MDL-21655 big scary enrolment and roles improvements - see tacker for list of changes, includes other minor fixes too

authentication plugins: MDL-21343 Add missing $OUTPUT global variables used in plugins' configuration pages

MDL-16919 - Allow username to contain alphanumeric lowercase characters, underscore (_), hyphen (-), period (.) or at symbol (@)

MDL-20700 coding style cleanup - cvs keywords removed, closign php tag removed, trailing whitespace cleanup

Merged from MOODLE_19_STABLE

Both CAS and LDAP auth plugins open new connections to the LDAP server
to get the user account details. While this is the desired behaviour
for regular logins (we probably don't have an already open connection
to the LDAP server), this is a ressource hog when we are doing user
synchronization, as the closed connections remain in the TCP_WAIT
state for a while before the server can reuse them. If we are syncing
a lot of users, we can make the server run out of available TCP
ressources.

So we cache the connection the first time we establish it and return
the same connection handle everytime, unless we've closed all the
'open' connections, or the auth object is destroyed.

In addition to that, there were a few missing calls to ldap_close().

Provides an option, configurable by admin, to make the ntlm test happen
only if MSIE is not used. This speeds things up for IE.

These include:

MDL-14078: redirect() doubles the specified timeout when we haven't printed
           the page header and uses javascript to execute the redirect. This
           is interacting badly with some versions of IE and FF (at least
           3.0.x Windows version) that fireup javascript timers even if
           we already left the page where we set those up. Just print
           the page header (we are printing other content anyway) to
           make redirect respect our timeouts.

MDL-14071: All the relevant details are in the description of the bug :)

MDL-14297: This is probably the same as MDL-14078

Merged from MOODLE_18_STABLE

If we are using auth_ldap_sync_users.php to synchronize our users, and we
have a database which is case-sensitive when doing comparisons (Postgres and
Oracle at least), and any of our users has the vale of the username attribute
in mixed-case (like 'John Smith'), we get duplicated users.

This is because we don't make sure the username attribute value is 'lowercased'
after we retrive it from the LDAP server and before we insert it into the
database.

Merged from MOODLE_18_STABLE.

The fix is wrong, as it breaks auth_db_sync_users.php and
auth_ldap_sync_users.php at least. No new users are added to Moodle, as the
username is missing from the new user info record.

The fix needs to go into update_user_record() in lib/moodlelib.php to make it
skip the 'username' key, as we really need get_userinfo() to return the
username as part of the user info array.

The Right Way(tm) to write a LDAP filter is enclosing it in parentheses (see
RFC 4515/2254).

It doesn't make sense at all (username is not part of the externally mapped
fields) and produces a notice that breaks HTTP headers with debugging enabled.

http://moodle.org/mod/forum/discuss.php?d=102933 ; merged from HEAD

- large deletions
- lucene updates
- error() => print_error()
- NO_MOODLE_COOKIES define
- various other things