skala
Laurent Opprecht 13 years ago
commit 2868595d5f
  1. 1
      .hgignore
  2. 1
      custompages/first_login.php
  3. 9
      index.php
  4. 2
      main/announcements/announcements.php
  5. 2
      main/auth/external_login/login.ldap.php
  6. 2
      main/auth/external_login/newUser.ldap.php
  7. 2
      main/auth/external_login/newUser.php
  8. 4
      main/auth/external_login/updateUser.php
  9. 20
      main/auth/inscription.php
  10. 8
      main/auth/key/key_auth.class.php
  11. 2
      main/auth/ldap/authldap.php
  12. 2
      main/auth/ldap/login.php
  13. 13
      main/auth/lostPassword.php
  14. 26
      main/auth/shibboleth/lib/shibboleth_session.class.php
  15. 24
      main/auth/sso/sso.class.php
  16. 6
      main/calendar/agenda.php
  17. 4
      main/course_home/course_home.php
  18. 2
      main/dropbox/dropbox_init.inc.php
  19. 10
      main/exercice/admin.php
  20. 2
      main/exercice/answer_admin.inc.php
  21. 10
      main/exercice/exercice.php
  22. 2
      main/exercice/exercise_admin.php
  23. 4
      main/exercice/exercise_result.php
  24. 4
      main/exercice/exercise_show.php
  25. 14
      main/exercice/exercise_submit.php
  26. 12
      main/exercice/exercise_submit_modal.php
  27. 2
      main/exercice/hotspot_admin.inc.php
  28. 2
      main/exercice/overview.php
  29. 6
      main/exercice/question_pool.php
  30. 4
      main/exercice/upload_exercise.php
  31. 4
      main/forum/forumfunction.inc.php
  32. 2
      main/forum/forumsearch.php
  33. 2
      main/forum/newthread.php
  34. 2
      main/forum/viewforum.php
  35. 4
      main/inc/email_editor.php
  36. 2
      main/inc/global.inc.php
  37. 9
      main/inc/lib/autoload.class.php
  38. 14
      main/inc/lib/chamilo.class.php
  39. 189
      main/inc/lib/chamilo_session.class.php
  40. 2
      main/inc/lib/conditional_login.class.php
  41. 5
      main/inc/lib/conditionallogin.lib.php
  42. 164
      main/inc/lib/current_course.class.php
  43. 187
      main/inc/lib/current_user.class.php
  44. 82
      main/inc/lib/custom_pages.class.php
  45. 37
      main/inc/lib/custompages.lib.php
  46. 905
      main/inc/lib/login.lib.php
  47. 5
      main/inc/lib/login_redirection.class.php
  48. 7
      main/inc/lib/loginredirection.lib.php
  49. 198
      main/inc/lib/main_api.lib.php
  50. 2
      main/inc/lib/online.inc.php
  51. 9
      main/inc/lib/redirect.class.php
  52. 128
      main/inc/lib/session.class.php
  53. 2
      main/inc/lib/session_handler.class.php
  54. 2
      main/inc/lib/system/io/file_reader.class.php
  55. 9
      main/inc/lib/system/text/encoding_converter.class.php
  56. 2
      main/inc/lib/userportal.lib.php
  57. 99
      main/inc/local.inc.php
  58. 2
      main/install/index.php
  59. 14
      main/newscorm/learnpath_functions.inc.php
  60. 8
      main/newscorm/lp_controller.php
  61. 2
      main/newscorm/lp_view.php
  62. 8
      main/newscorm/resourcelinker.inc.php
  63. 2
      main/newscorm/resourcelinker.php
  64. 2
      main/reservation/m_item.php
  65. 4
      main/resourcelinker/resourcelinker.inc.php
  66. 2
      main/resourcelinker/resourcelinker.php
  67. 2
      main/session/index.php
  68. 26
      tests/main/inc/lib/main_api.lib.test.php
  69. 18
      tests/main/inc/lib/session_handler.class.test.php
  70. 6
      tests/test_manager.inc.php
  71. 2
      user_portal.php

@ -113,6 +113,7 @@ searchdb/*
!searchdb/index.html
main/inc/cache/*
test_laurent.php
syntax: regexp
^main/upload/users$

@ -1,7 +1,6 @@
<?php
require_once('language.php');
require_once(dirname(__FILE__).'/../main/inc/global.inc.php');
//require_once (api_get_path(LIBRARY_PATH).'conditionallogin.lib.php'); moved to autologin
require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
if (! isset($_SESSION['conditional_login']['uid']))

@ -79,16 +79,15 @@ if (api_get_setting('allow_terms_conditions') == 'true') {
unset($_SESSION['info_current_user']);
}
//If we are not logged in and customapages activated
if (!api_get_user_id() && api_get_setting('use_custom_pages') == 'true' )
if (!api_get_user_id() && CustomPages::enabled())
{
require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';
if(Request::get('loggedout'))
{
CustomPages::displayPage('loggedout');
CustomPages::display(CustomPages::LOGGED_OUT);
}
else
{
CustomPages::displayPage('index-unlogged');
CustomPages::display(CustomPages::INDEX_UNLOGGED);
}
}
@ -112,7 +111,7 @@ if (!empty($_POST['submitAuth'])) {
if (Database::num_rows($result_last_login) > 0) {
$user_last_login_datetime = Database::fetch_array($result_last_login);
$user_last_login_datetime = $user_last_login_datetime[0];
api_session_register('user_last_login_datetime');
Session::write('user_last_login_datetime',$user_last_login_datetime);
}
}
Database::free_result($result_last_login);

@ -141,7 +141,7 @@ if(!empty($_GET['toolgroup'])){
} else {
$toolgroup = 0;
}
api_session_register("toolgroup");
Session::write("toolgroup", $toolgroup);
}
/* Sessions */

@ -53,7 +53,7 @@ if ($ldap_user !== false) {
$loginFailed = false;
$_user['user_id'] = $chamilo_user['user_id'];
$_user['uidReset'] = true;
api_session_register('_user');
Session::write('_user',$_user);
$uidReset=true;
event_login();

@ -48,7 +48,7 @@ if ($ldap_user !== false) {
$loginFailed = false;
$_user['user_id'] = $chamilo_uid;
$_user['uidReset'] = true;
api_session_register('_user');
Session::write('_user',$_user);
$uidReset=true;
// Is user admin?
if ($chamilo_user['admin']=== true){

@ -27,7 +27,7 @@ if ($user !== false && ($chamilo_uid = external_add_user($user)) !== false) {
$loginFailed = false;
$_user['user_id'] = $chamilo_uid;
$_user['uidReset'] = true;
api_session_register('_user');
Session::write('_user',$_user);
$uidReset=true;
//Autosubscribe to courses

@ -29,10 +29,10 @@ if ($new_user !== false) { //User can login
$_user['user_id'] = $user['user_id'];
$_user['uidReset'] = true;
$uidReset=true;
api_session_register('_user');
Session::write('_user',$_user);
} else { //User cannot login
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect');
exit;
}

@ -14,7 +14,7 @@ require_once '../inc/global.inc.php';
require_once api_get_path(CONFIGURATION_PATH).'profile.conf.php';
require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
require_once api_get_path(LIBRARY_PATH).'legal.lib.php';
require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';
//require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';moved to autoload
if (!empty($_SESSION['user_language_choice'])) {
$user_selected_language = $_SESSION['user_language_choice'];
@ -277,7 +277,7 @@ if (is_array($extra_data)) {
$form->setDefaults($defaults);
if (api_get_setting('use_custom_pages') != 'true') {
if (!CustomPages::enabled()) {
// Load terms & conditions from the current lang
if (api_get_setting('allow_terms_conditions') == 'true') {
$get = array_keys($_GET);
@ -526,7 +526,7 @@ if ($form->validate()) {
// 3. exit the page
unset($user_id);
if (api_get_setting('use_custom_pages') != 'true') {
if (!CustomPages::enabled()) {
Display :: display_footer();
}
exit;
@ -541,15 +541,15 @@ if ($form->validate()) {
$_user['language'] = $values['language'];
$_user['user_id'] = $user_id;
$is_allowedCreateCourse = $values['status'] == 1;
api_session_register('_user');
api_session_register('is_allowedCreateCourse');
Session::write('_user',$_user);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
//stats
event_login();
// last user login date is now
$user_last_login_datetime = 0; // used as a unix timestamp it will correspond to : 1 1 1970
api_session_register('user_last_login_datetime');
Session::write('user_last_login_datetime',$user_last_login_datetime);
/*
EMAIL NOTIFICATION
@ -608,14 +608,14 @@ if ($form->validate()) {
// ?uidReset=true&uidReq=$_user['user_id']
$display_text .= '<form action="'. $action_url. '" method="post">'. "\n". '<button type="submit" class="next" name="next" value="'. get_lang('Next',null,$_user['language']). '" validationmsg=" '. get_lang('Next',null,$_user['language']). ' ">'. $button_text. '</button>'. "\n". '</form><br />'. "\n";
if (api_get_setting('use_custom_pages') == 'true') {
CustomPages::displayPage('registration-feedback', array('info' => $display_text));
if (CustomPages::enabled()) {
CustomPages::display(CustomPages::REGISTRATION_FEEDBACK, array('info' => $display_text));
}
echo $display_text;
} else {
// Custom pages
if (api_get_setting('use_custom_pages') == 'true') {
CustomPages::displayPage('registration', array('form' => $form));
if (CustomPages::enabled()) {
CustomPages::display(CustomPages::REGISTRATION, array('form' => $form));
} else {
$form->display();
}

@ -179,14 +179,14 @@ class KeyAuth
/**
* ! important this is to ensure we don't grant access for other parts
*/
api_session_destroy();
Session::destroy();
global $_user, $_uid;
$_uid = $this->get_user_id();
$_user = UserManager::get_user_info_by_id($_uid);
api_session_register('_user');
api_session_register('_uid');
Session::write('_user',$_user);
Session::write('_uid',$_uid);
/**
* We don't allow redirection since access is granted only for this call
@ -194,7 +194,7 @@ class KeyAuth
global $no_redirection, $noredirection;
$no_redirection = true;
$noredirection = true;
api_session_register('noredirection');
Session::write('noredirection',$noredirection);
return true;
}

@ -219,7 +219,7 @@ function ldap_put_user_info_locally($login, $info_array) {
$loginFailed = false;
$uidReset = true;
$_user['user_id'] = $uData['user_id'];
api_session_register('_uid');
Session::write('_uid', $_uid);
}
/*

@ -29,7 +29,7 @@ if ($loginLdapSucces)
$loginFailed = false;
$uidReset = true;
$_user['user_id'] = $uData['user_id'];
api_session_register('_uid');
Session::write('_uid',$_uid);
// Jand: copied from event_login in events.lib.php to enable login statistics:
event_login();
}

@ -23,19 +23,18 @@ $language_file = array('registration', 'index');
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'login.lib.php';
require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';
//require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';moved to autoload
// Custom pages
// Had to move the form handling in here, because otherwise there would
// already be some display output.
global $_configuration;
if (api_get_setting('use_custom_pages') == 'true') {
if (CustomPages::enabled()) {
//Reset Password when user goes to the link
if ($_GET['reset'] && $_GET['id']){
$mesg = Login::reset_password($_GET["reset"], $_GET["id"], true);
CustomPages::displayPage('index-unlogged', array('info' => $mesg));
CustomPages::display(CustomPages::INDEX_UNLOGGED, array('info' => $mesg));
}
//Check email/username and do the right thing
@ -75,12 +74,12 @@ if (api_get_setting('use_custom_pages') == 'true') {
Login::send_password_to_user($user, $by_username);
}
} else {
CustomPages::displayPage('lostpassword',array('error' => get_lang('NoUserAccountWithThisEmailAddress')));
CustomPages::display(CustomPages::LOST_PASSWORD, array('error' => get_lang('NoUserAccountWithThisEmailAddress')));
}
} else {
CustomPages::displayPage('lostpassword');
CustomPages::display(CustomPages::LOGGED_OUT);
}
CustomPages::displayPage('index-unlogged', array('info' => get_lang('YourPasswordHasBeenEmailed')));
CustomPages::display(CustomPages::INDEX_UNLOGGED, array('info' => get_lang('YourPasswordHasBeenEmailed')));
}
$tool_name = get_lang('LostPassword');

@ -16,8 +16,7 @@ class ShibbolethSession
public static function instance()
{
static $result = false;
if (empty($result))
{
if (empty($result)) {
$result = new self();
}
return $result;
@ -36,7 +35,7 @@ class ShibbolethSession
function logout()
{
$_SESSION['_user'] = array();
$logout_no_redirect = true;
online_logout();
}
@ -55,26 +54,25 @@ class ShibbolethSession
global $_uid, $is_allowedCreateCourse, $is_platformAdmin, $_real_cid, $_courseUser, $is_courseAdmin;
global $is_courseMember, $is_courseTutor, $is_courseCoach, $is_allowed_in_course, $is_sessionAdmin, $_gid;
$_uid = $uid;
//is_allowedCreateCourse
$user = User::store()->get_by_user_id($uid);
if (empty($user))
{
if (empty($user)) {
return;
}
$this->logout();
api_session_start();
api_session_register('_uid');
Chamilo::session()->start();
Session::write('_uid', $_uid);
global $_user;
$_user = (array)$user;
$_user = (array) $user;
$_SESSION['_user'] = $_user;
$_SESSION['_user']['user_id'] = $_uid;
$_SESSION['noredirection'] = true;
//must be called before 'init_local.inc.php'
event_login();
@ -87,7 +85,7 @@ class ShibbolethSession
$mainDbName = Database :: get_main_database();
$includePath = api_get_path(INCLUDE_PATH);
$no_redirection = true;
require("$includePath/local.inc.php");

@ -116,7 +116,7 @@ class sso {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['user_id'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
// Redirect to homepage
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php';
@ -125,7 +125,7 @@ class sso {
} else {
// user does not have permission for this site
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
@ -133,7 +133,7 @@ class sso {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
@ -144,18 +144,18 @@ class sso {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['user_id'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
@ -164,7 +164,7 @@ class sso {
} else {
//Single URL access (Only 1 portal)
$_user['user_id'] = $uData['user_id'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
// Redirect to homepage
/* Login was successfull, stay on Chamilo
@ -179,35 +179,35 @@ class sso {
} else {
// user account expired
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_not_found');
exit;
}

@ -86,14 +86,14 @@ if (!empty($_GET['user']) or !empty($_GET['group'])) {
$_SESSION['group']=(int)$_GET['group'];
}
if ((!empty($_GET['user']) and $_GET['user']=="none") or (!empty($_GET['group']) and $_GET['group']=="none")) {
api_session_unregister("user");
api_session_unregister("group");
Session::erase("user");
Session::erase("group");
}
if (!$is_courseAdmin){
if (!empty($_GET['toolgroup'])){
//$_SESSION['toolgroup']=$_GET['toolgroup'];
$toolgroup=Security::remove_XSS($_GET['toolgroup']);
api_session_register('toolgroup');
Session::write('toolgroup',$toolgroup);
}
}
//It comes from the group tools. If it's define it overwrites $_SESSION['group']

@ -155,7 +155,7 @@ $course_code = $return_result['code'];
$_course['name'] = $course_title;
$_course['official_code'] = $course_code;
api_session_unregister('toolgroup');
Session::erase('toolgroup');
$is_speacialcourse = CourseManager::is_special_course($course_code);
@ -178,7 +178,7 @@ if (!$is_allowed_in_course) {
if (!isset($coursesAlreadyVisited[$_cid])) {
event_access_course();
$coursesAlreadyVisited[$_cid] = 1;
api_session_register('coursesAlreadyVisited');
Session::write('coursesAlreadyVisited', $coursesAlreadyVisited);
}
/*Auto lunch code */

@ -198,7 +198,7 @@ function confirmation (name)
}
</script>";
api_session_register('javascript');
Session::write('javascript',$javascript);
$htmlHeadXtra[] = '<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="pragma" content="no-cache">

@ -179,7 +179,7 @@ if (!is_object($objExercise)) {
$objExercise->read($exerciseId);
}
// saves the object into the session
api_session_register('objExercise');
Session::write('objExercise',$objExercise);
}
// doesn't select the exercise ID if we come from the question pool
@ -203,7 +203,7 @@ if ($editQuestion || $newQuestion || $modifyQuestion || $modifyAnswers) {
api_not_allowed();
}
// saves the object into the session
api_session_register('objQuestion');
Session::write('objQuestion',$objQuestion);
}
}
@ -520,7 +520,7 @@ if (!$newQuestion && !$modifyQuestion && !$editQuestion && !isset($_GET['hotspot
require 'question_list_admin.inc.php';
}
api_session_register('objExercise');
api_session_register('objQuestion');
api_session_register('objAnswer');
Session::write('objExercise', $objExercise);
Session::write('objQuestion', $objQuestion);
Session::write('objAnswer', $objAnswer);
Display::display_footer();

@ -595,7 +595,7 @@ if($modifyAnswers)
$objAnswer=new Answer($questionId);
api_session_register('objAnswer');
Session::write('objAnswer', $objAnswer);
if($answerType == UNIQUE_ANSWER || $answerType == MULTIPLE_ANSWER)
{

@ -72,19 +72,19 @@ $exercicePath = $exercicePath . "exercice.php";
// Clear the exercise session
if (isset ($_SESSION['objExercise'])) {
api_session_unregister('objExercise');
Session::erase('objExercise');
}
if (isset ($_SESSION['objQuestion'])) {
api_session_unregister('objQuestion');
Session::erase('objQuestion');
}
if (isset ($_SESSION['objAnswer'])) {
api_session_unregister('objAnswer');
Session::erase('objAnswer');
}
if (isset ($_SESSION['questionList'])) {
api_session_unregister('questionList');
Session::erase('questionList');
}
if (isset ($_SESSION['exerciseResult'])) {
api_session_unregister('exerciseResult');
Session::erase('exerciseResult');
}
//General POST/GET/SESSION/COOKIES parameters recovery

@ -166,7 +166,7 @@ if ($form->validate()) {
$message = 'ExerciseAdded';
}
$exercise_id = $objExercise->id;
api_session_unregister('objExercise');
Session::erase('objExercise');
header('Location:admin.php?message='.$message.'&exerciseId='.$exercise_id);
exit;
} else {

@ -248,6 +248,6 @@ if (!api_is_allowed_to_edit(null,true)) {
$objExercise->send_notification($arrques, $arrans, $origin);
}
if (api_is_allowed_to_session_edit()) {
api_session_unregister('objExercise');
api_session_unregister('exe_id');
Session::erase('objExercise');
Session::erase('exe_id');
}

@ -667,8 +667,8 @@ if (!$is_allowedToEdit) {
}
//destroying the session
api_session_unregister('questionList');
Session::erase('questionList');
unset ($questionList);
api_session_unregister('exerciseResult');
Session::erase('exerciseResult');
unset ($exerciseResult);

@ -97,7 +97,7 @@ $exercice_attemp_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_
/* Teacher takes an exam and want to see a preview, we delete the objExercise from the session in order to get the latest changes in the exercise */
if (api_is_allowed_to_edit(null,true) && $_GET['preview'] == 1 ) {
api_session_unregister('objExercise');
Session::erase('objExercise');
}
// 1. Loading the $objExercise variable
@ -115,7 +115,7 @@ if (!isset($_SESSION['objExercise']) || $_SESSION['objExercise']->id != $_REQUES
$error = get_lang('ExerciseNotFound');
} else {
// Saves the object into the session
api_session_register('objExercise');
Session::write('objExercise',$objExercise);
if ($debug) {error_log('1.1. $_SESSION[objExercise] was unset - set now - end'); };
}
}
@ -356,7 +356,7 @@ if (!isset($_SESSION['questionList'])) {
if ($objExercise->isRandom() && !empty($exercise_stat_info['data_tracking'])) {
$questionList = explode(',', $exercise_stat_info['data_tracking']);
}
api_session_register('questionList');
Session::write('questionList',$questionList);
if ($debug > 0) { error_log('$_SESSION[questionList] was set'); }
} else {
if (isset($objExercise) && isset($_SESSION['objExercise'])) {
@ -367,7 +367,7 @@ if (!isset($_SESSION['questionList'])) {
if ($debug) error_log('8. Question list loaded '.print_r($questionList, 1));
$quizStartTime = time();
api_session_register('quizStartTime');
Session::write('quizStartTime',$quizStartTime);
//Real question count
$question_count = 0;
@ -432,9 +432,9 @@ if ($formSent && isset($_POST)) {
// the script "exercise_result.php" will take the variable $exerciseResult from the session
api_session_register('exerciseResult');
api_session_register('remind_list');
api_session_register('exerciseResultCoordinates');
Session::write('exerciseResult',$exerciseResult);
Session::write('remind_list',$remind_list);
Session::write('exerciseResultCoordinates',$exerciseResultCoordinates);
// if all questions on one page OR if it is the last question (only for an exercise with one question per page)

@ -49,9 +49,9 @@ $nbrQuestions = intval($_GET['nbrQuestions']);
//clean extra session variables
api_session_unregister('objExerciseExtra'.$exerciseId);
api_session_unregister('exerciseResultExtra'.$exerciseId);
api_session_unregister('questionListExtra'.$exerciseId);
Session::erase('objExerciseExtra'.$exerciseId);
Session::erase('exerciseResultExtra'.$exerciseId);
Session::erase('questionListExtra'.$exerciseId);
//round-up the coordinates
$coords = explode('/',$_GET['hotspot']);
@ -143,8 +143,8 @@ if(is_array($choice)) {
// the script "exercise_result.php" will take the variable $exerciseResult from the session
api_session_register('exerciseResult');
api_session_register('exerciseResultCoordinates');
Session::write('exerciseResult',$exerciseResult);
Session::write('exerciseResultCoordinates',$exerciseResultCoordinates);
/*
// if it is the last question (only for a sequential exercise)
@ -563,7 +563,7 @@ if ($links!='') {
$_SESSION['hotspot_delineation_result'][$exerciseId][$questionid] = array($message, $exerciseResult[$questionid]);
//reseting the exerciseResult variable
api_session_register('exerciseResult');
Session::write('exerciseResult',$exerciseResult);
//save this variables just in case the exercise loads an LP with other exercise
$_SESSION['objExerciseExtra'.$exerciseId] = $_SESSION['objExercise'];

@ -295,7 +295,7 @@ if ($modifyAnswers) {
// construction of the Answer object
$objAnswer=new Answer($objQuestion -> id);
api_session_register('objAnswer');
Session::write('objAnswer',$objAnswer);
if($debug>0){echo str_repeat('&nbsp;',2).'$answerType is HOT_SPOT'."<br />\n";}
if ($answerType == HOT_SPOT_DELINEATION) {

@ -17,7 +17,7 @@ $current_course_tool = TOOL_QUIZ;
// Clear the exercise session just in case
if (isset ($_SESSION['objExercise'])) {
api_session_unregister('objExercise');
Session::erase('objExercise');
}
$this_section = SECTION_COURSES;

@ -112,7 +112,7 @@ if ($is_allowedToEdit) {
$objExercise = new Exercise();
$objExercise->read($fromExercise);
}
api_session_register('objExercise');
Session::write('objExercise',$objExercise);
}
$displayMessage = get_lang('ItemAdded');
// header("Location: admin.php?".api_get_cidreq()."&exerciseId=$fromExercise");
@ -145,7 +145,7 @@ if ($is_allowedToEdit) {
}
// adds the question ID represented by $recup into the list of questions for the current exercise
$objExercise->addToList($recup);
api_session_register('objExercise');
Session::write('objExercise',$objExercise);
// header("Location: admin.php?".api_get_cidreq()."&exerciseId=$fromExercise");
// exit();
@ -207,7 +207,7 @@ if ($is_allowedToEdit) {
}
}
}
api_session_register('objExercise');
Session::write('objExercise',$objExercise);
// header("Location: admin.php?".api_get_cidreq()."&exerciseId=$fromExercise");
// exit();
}

@ -278,8 +278,8 @@ function lp_upload_quiz_action_handling() {
error_log('New LP - Course has changed, discard lp object', 0);
}
$oLP = null;
api_session_unregister('oLP');
api_session_unregister('lpobject');
Session::erase('oLP');
Session::erase('lpobject');
} else {
$_SESSION['oLP'] = $oLP;
$lp_found = true;

@ -3860,7 +3860,7 @@ function set_notification($content,$id, $add_only = false) {
if ($total <= 0) {
$sql = "INSERT INTO $table_notification (c_id, $database_field, user_id) VALUES (".$course_id.", '".Database::escape_string($id)."','".Database::escape_string($_user['user_id'])."')";
$result = Database::query($sql);
api_session_unregister('forum_notification');
Session::erase('forum_notification');
get_notifications_of_user(0, true);
return get_lang('YouWillBeNotifiedOfNewPosts');
} else {
@ -3868,7 +3868,7 @@ function set_notification($content,$id, $add_only = false) {
$sql = "DELETE FROM $table_notification
WHERE c_id = $course_id AND $database_field = '".Database::escape_string($id)."' AND user_id = '".Database::escape_string($_user['user_id'])."'";
$result = Database::query($sql);
api_session_unregister('forum_notification');
Session::erase('forum_notification');
get_notifications_of_user(0, true);
return get_lang('YouWillNoLongerBeNotifiedOfNewPosts');
}

@ -61,7 +61,7 @@ if (!empty($gradebook) && $gradebook == 'view') {
if (!empty ($_GET['gidReq'])) {
$toolgroup = Database::escape_string($_GET['gidReq']);
api_session_register('toolgroup');
Session::write('toolgroup',$toolgroup);
}
if ($origin == 'group') {

@ -86,7 +86,7 @@ if (!empty($gradebook) && $gradebook == 'view') {
if (!empty($_GET['gidReq'])) {
$toolgroup = intval($_GET['gidReq']);
api_session_register('toolgroup');
Session::write('toolgroup',$toolgroup);
}
/* Is the user allowed here? */

@ -109,7 +109,7 @@ if (!empty($gradebook) && $gradebook == 'view') {
if (!empty($_GET['gidReq'])) {
$toolgroup = Database::escape_string($_GET['gidReq']);
api_session_register('toolgroup');
Session::write('toolgroup',$toolgroup);
}
if ($origin == 'group') {

@ -22,7 +22,7 @@ if (empty($_user['user_id'])) {
if (empty($_SESSION['origin_url'])) {
$origin_url = $_SERVER['HTTP_REFERER'];
api_session_register('origin_url');
Session::write('origin_url',$origin_url);
}
/* Process the form and redirect to origin */
@ -39,7 +39,7 @@ if (!empty($_POST['submit_email']) && !empty($_POST['email_title']) && !empty($_
api_mail('',$email_administrator,$title,$text,get_lang('Anonymous'));
}
$orig = $_SESSION['origin_url'];
api_session_unregister('origin_url');
Session::erase('origin_url');
header('location:'.$orig);
}

@ -209,7 +209,7 @@ if (api_is_utf8($charset)) {
}
// Start session after the internationalization library has been initialized.
api_session_start($already_installed);
Chamilo::session()->start($already_installed);
// Remove quotes added by PHP - get_magic_quotes_gpc() is deprecated in PHP 5 see #2970

@ -97,6 +97,7 @@ class Autoload
$result['Category'] = '/main/gradebook/lib/be/category.class.php';
$result['Certificate'] = '/main/inc/lib/certificate.lib.php';
$result['Chamilo'] = '/main/inc/lib/chamilo.class.php';
$result['ChamiloSession'] = '/main/inc/lib/chamilo_session.class.php';
$result['Chat'] = '/main/inc/lib/chat.lib.php';
$result['ClassManager'] = '/main/inc/lib/classmanager.lib.php';
$result['ClosureCompiler'] = '/main/inc/lib/closure_compiler.class.php';
@ -119,7 +120,9 @@ class Autoload
$result['CourseSession'] = '/main/coursecopy/classes/CourseSession.class.php';
$result['CsvReader'] = '/main/inc/lib/system/io/csv_reader.class.php';
$result['CsvWriter'] = '/main/inc/lib/system/io/csv_writer.class.php';
$result['CustomPages'] = '/main/inc/lib/custompages.lib.php';
$result['CurrentCourse'] = '/main/inc/lib/current_course.class.php';
$result['CurrentUser'] = '/main/inc/lib/current_user.class.php';
$result['CustomPages'] = '/main/inc/lib/custom_pages.class.php';
$result['DashboardManager'] = '/main/inc/lib/dashboard.lib.php';
$result['DataForm'] = '/main/gradebook/lib/fe/dataform.class.php';
$result['Debug'] = '/main/inc/lib/debug.lib.php';
@ -314,6 +317,8 @@ class Autoload
$result['ScoreDisplayForm'] = '/main/gradebook/lib/fe/scoredisplayform.class.php';
$result['ScormDocument'] = '/main/coursecopy/classes/ScormDocument.class.php';
$result['Security'] = '/main/inc/lib/security.lib.php';
$result['Session'] = '/main/inc/lib/session.class.php';
$result['SessionHandler'] = '/main/inc/lib/session_handler.class.php';
$result['SessionManager'] = '/main/inc/lib/sessionmanager.lib.php';
$result['Shibboleth'] = '/main/auth/shibboleth/app/shibboleth.class.php';
$result['ShibbolethConfig'] = '/main/auth/shibboleth/lib/shibboleth_config.class.php';
@ -446,7 +451,6 @@ class Autoload
$result['scormOrganization'] = '/main/newscorm/scormOrganization.class.php';
$result['scormResource'] = '/main/newscorm/scormResource.class.php';
$result['search_processor'] = '/main/inc/lib/search/tool_processors/search_processor.class.php';
$result['session_handler'] = '/main/inc/lib/session_handler.class.php';
$result['sso'] = '/main/auth/sso/sso.class.php';
$result['survey_manager'] = '/main/survey/survey.lib.php';
$result['survey_question'] = '/main/survey/survey.lib.php';
@ -460,7 +464,6 @@ class Autoload
$result['xhtdoc'] = '/main/inc/lib/xht.lib.php';
$result['xmddoc'] = '/main/inc/lib/xmd.lib.php';
return $result;
}

@ -3,9 +3,8 @@
/**
* Description of chamilo
*
* @copyright (c) 2012 University of Geneva
* @license GNU General Public License - http://www.gnu.org/copyleft/gpl.html
* @author Laurent Opprecht <laurent@opprecht.info>
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
class Chamilo
{
@ -25,6 +24,15 @@ class Chamilo
{
return api_get_setting('server_type') == 'production';
}
/**
*
* @return ChamiloSession
*/
static function session()
{
return ChamiloSession::instance();
}
/**
* Returns a full url from local/absolute path and parameters.

@ -0,0 +1,189 @@
<?php
/**
* Chamilo session.
*
* Usage:
*
* Chamilo::session()->
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
class ChamiloSession extends Session
{
const NAME = 'ch_sid';
/**
*
* @return ChamiloSession
*/
static function instance()
{
static $result = null;
if (empty($result)) {
$result = new ChamiloSession();
}
return $result;
}
static function session_lifetime()
{
global $_configuration;
return $_configuration['session_lifetime'];
}
static function session_stored_in_db()
{
return self::read('session_stored_in_db', false);
}
/**
* Starts the Chamilo session.
*
* The default lifetime for session is set here. It is not possible to have it
* as a database setting as it is used before the database connection has been made.
* It is taken from the configuration file, and if it doesn't exist there, it is set
* to 360000 seconds
*
* @author Olivier Brouckaert
* @param string variable - the variable name to save into the session
*/
static function start($already_installed = true)
{
global $_configuration;
/* Causes too many problems and is not configurable dynamically.
if ($already_installed) {
$session_lifetime = 360000;
if (isset($_configuration['session_lifetime'])) {
$session_lifetime = $_configuration['session_lifetime'];
}
//session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
}
*/
if (self::session_stored_in_db() && function_exists('session_set_save_handler')) {
$handler = new SessionHandler();
@session_set_save_handler(array(& $handler, 'open'), array(& $handler, 'close'), array(& $handler, 'read'), array(& $handler, 'write'), array(& $handler, 'destroy'), array(& $handler, 'garbage'));
}
/*
* Prevent Session fixation bug fixes
* See http://support.chamilo.org/issues/3600
* http://php.net/manual/en/session.configuration.php
* @todo use session_set_cookie_params with some custom admin parameters
*/
//session.cookie_lifetime
//the session ID is only accepted from a cookie
ini_set('session.use_only_cookies', 1);
//HTTPS only if possible
//ini_set('session.cookie_secure', 1);
//session ID in the cookie is only readable by the server
ini_set('session.cookie_httponly', 1);
//Use entropy file
//session.entropy_file
//ini_set('session.entropy_length', 128);
//Do not include the identifier in the URL, and not to read the URL for identifiers.
ini_set('session.use_trans_sid', 0);
session_name(self::NAME);
session_start();
$session = self::instance();
if ($already_installed) {
if (!isset($session['checkChamiloURL'])) {
$session['checkChamiloURL'] = api_get_path(WEB_PATH);
} else if ($session['checkChamiloURL'] != api_get_path(WEB_PATH)) {
Session::clear();
}
}
if (!$session->has('starttime') || $session->is_valid()) {
$session->write('starttime', time());
}
}
/**
* Session start time: that is the last time the user accesseed the application.
*
* @return int timestamp
*/
function start_time()
{
return self::read('starttime');
}
/**
* Session end time: when the session expires.
*
* @return int timestamp
*/
function end_time()
{
$start_time = $this->start_time();
$lifetime = self::session_lifetime();
return $start_time + $lifetime;
}
/**
* Returns true if the session is stalled. I.e. if session end time is
* greater than now. Returns false otherwise.
*
* @return bool
*/
function is_stalled()
{
return $this->end_time() >= time();
}
/**
* Returns true if the session is valid - if it is not stalled - false otherwise.
* @return bool
*/
public function is_valid()
{
return !$this->is_stalled();
}
/**
* The current (logged in) user.
*
* @return CurrentUser
*/
public function user()
{
static $result = null;
if (empty($result)) {
$result = CurrentUser::instance();
}
return $result;
}
public function course()
{
static $result = null;
if (empty($result)) {
$result = CurrentCourse::instance();
}
return $result;
}
/**
* The current group for the current (logged in) user.
*
* @return int
*/
public function group_id()
{
return Session::read('_gid');
}
}

@ -22,9 +22,7 @@ class ConditionalLogin {
}
public static function login() {
//require_once api_get_path(LIBRARY_PATH).'loginredirection.lib.php'; moved to autologin
$_SESSION['conditional_login']['can_login'] = true;
LoginRedirection::redirect();
exit();
}
}

@ -1,5 +0,0 @@
<?php
/**
* Added to autologin
* moved to conditional_login.class.php
*/

@ -0,0 +1,164 @@
<?php
/**
* Wrapper for the current course. Provide access to its data.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
class CurrentCourse
{
/**
*
* @return CurrentCourse
*/
public static function instance()
{
static $result = null;
if (empty($result)) {
$result = new self();
}
return $result;
}
protected function __construct()
{
;
}
public function is_empty()
{
$id = $this->real_id();
return empty($id);
}
public function data()
{
global $_course;
if ($_course == '-1') {
$_course = array();
}
return $_course;
}
public function real_id()
{
return (int)$this->get('real_id');
}
public function code()
{
return $this->get('code');
}
public function name()
{
return $this->get('name');
}
public function title()
{
return $this->get('title');
}
public function official_code()
{
return $this->get('official_code');
}
public function sys_code()
{
return $this->get('sysCode');
}
public function path()
{
return $this->get('path');
}
/**
* not needed in Chamilo 1.9
*
* @return type
*/
public function db_name()
{
return $this->get('dbName');
}
public function db_name_glu()
{
return $this->get('dbNameGlu');
}
public function titular()
{
return $this->get('titular');
}
public function language()
{
return $this->get('language');
}
public function category_code()
{
return $this->get('categoryCode');
}
public function category_ame()
{
return $this->get('category_name');
}
public function visibility()
{
return $this->get('visibility');
}
public function subscribe_allowed()
{
return $this->get('subscribe_allowed');
}
public function unubscribe_allowed()
{
return $this->get('unubscribe_allowed');
}
public function activate_legal()
{
return $this->get('activate_legal');
}
public function show_score()
{
return $this->get('show_score');
}
public function extrnal_link()
{
return $this->get('extLink');
}
/**
* Returns the current user (logged in user) relationship with the course.
* I.e his role
*
* @return array
*/
public function user()
{
$result = Session::read('_courseUser');
$result = $result ? $result : array();
return $result;
}
public function get($name, $default = false)
{
$data = $this->data();
return isset($data[$name]) ? $data[$name] : $default;
}
}

@ -0,0 +1,187 @@
<?php
/**
* Wrapper for the current user - i.e. the logged in user. Provide access
* to the current user's data.
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
class CurrentUser
{
/**
*
* @return CurrentUser
*/
public static function instance()
{
static $result = null;
if (empty($result)) {
$result = new self();
}
return $result;
}
protected function __construct()
{
;
}
public function data()
{
global $_user;
return $_user;
//return Session::read('_user');
}
public function is_anonymous()
{
return api_is_anonymous();
}
public function first_name()
{
return $this->get('firstName');
}
public function last_name()
{
return $this->get('lastName');
}
public function mail()
{
return $this->get('mail');
}
public function last_login()
{
return $this->get('lastLogin');
}
public function official_code()
{
return $this->get('official_code');
}
public function picture_uri()
{
return $this->get('picture_uri');
}
public function user_id()
{
return (int)$this->get('user_id');
}
public function language()
{
return $this->get('language');
}
public function auth_source()
{
return $this->get('auth_source');
}
public function theme()
{
return $this->get('theme');
}
/**
* Returns true if user is a platform administrator, false otherwise.
*
* @return boolean
* @see UserManager::is_admin(user_id) for user-id specific function.
*/
public function is_platform_admin()
{
return (bool) Session::read('is_platformAdmin');
if ($_SESSION['is_platformAdmin']) {
return true;
}
global $_user;
return $allow_sessions_admins && $_user['status'] == SESSIONADMIN;
}
/**
* Returns true if user is a session administrator, false otherwise.
*
* @return boolean
*/
public function is_session_admin($allow_sessions_admins = false)
{
global $_user;
return (bool) $_user['status'] == SESSIONADMIN;
}
/**
* Returns true if the current user is allowed to create courses, false otherwise.
*
* @return boolean
* false otherwise.
*/
public function is_allowed_to_create_course()
{
return (bool) Session::read('is_allowedCreateCourse', false);
}
/**
* Returns true if the current user is a course administrator for the current course, false otherwise.
*
* @return boolean
*/
public function is_course_admin()
{
return (bool) Session::read('is_courseAdmin', false);
}
/**
* Returns true if the current user is a course member of the current course, false otherwise.
*
* @return bool
*/
public function is_course_member()
{
return (bool) Session::read('is_courseMember', false);
}
/**
* Returns true if the current user is allowed in the current course, false otherwise.
*
* @return bool
*/
public function is_allowed_in_course()
{
return (bool) Session::read('is_allowed_in_course', false);
}
/**
* Returns true if the current user is a course coach for the current course, false otherwise.
*
* @return bool
*/
public function is_course_coach()
{
return (bool) Session::read('is_courseCoach', false);
}
/**
* Returns true if the current user is a course tutor for the current course, false otherwise.
*
* @return bool
*/
public function is_course_tutor()
{
return (bool) Session::read('is_courseTutor', false);
}
public function get($name, $default = false)
{
$data = $this->data();
return isset($data[$name]) ? $data[$name] : $default;
}
}

@ -0,0 +1,82 @@
<?php
/**
* Used to implement the loading of custom pages
*
* @license see /license.txt
* @author 2011, Jean-Karim Bockstael <jeankarim@cblue.be>
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
class CustomPages
{
const INDEX_LOGGED = 'index-logged';
const INDEX_UNLOGGED = 'index-unlogged';
const LOGGED_OUT = 'loggedout';
const REGISTRATION_FEEDBACK = 'registration-feedback';
const REGISTRATION = 'registration';
const LOST_PASSWORD = 'lostpassword';
/**
* Returns true if custom pages are enabled. False otherwise.
* @return bool
*/
public static function enabled()
{
return api_get_setting('use_custom_pages') == 'true';
}
/**
* Returns the path to a custom page.
*
* @param string $name
* @return string
*/
public static function path($name = '')
{
return api_get_path(SYS_PATH) . 'custompages/' . $name;
}
/**
* If enabled display a custom page and exist. Otherwise log error and returns.
*
* @param string $page_name
* @param array $content used to path data to the custom page
*/
public static function display($page_name, $content = array())
{
if (!self::enabled()) {
return false;
}
$file = self::path($page_name . '.php');
if (file_exists($file)) {
include($file);
exit;
} else {
error_log('CustomPages::displayPage : could not read file ' . $file_name);
}
}
/**
* Does not look like this function is being used is being used
*
* @param type $url_id
* @return string
*/
public static function getURLImages($url_id = null)
{
if (is_null($url_id)) {
$url = 'http://' . $_SERVER['HTTP_HOST'] . '/';
$url_id = UrlManager::get_url_id($url);
}
$url_images_dir = api_get_path(SYS_PATH) . 'custompages/url-images/';
$images = array();
for ($img_id = 1; $img_id <= 3; $img_id++) {
if (file_exists($url_images_dir . $url_id . '_url_image_' . $img_id . '.png')) {
$images[] = api_get_path(WEB_PATH) . 'custompages/url-images/' . $url_id . '_url_image_' . $img_id . '.png';
}
}
return $images;
}
}

@ -1,37 +0,0 @@
<?php
// Custom Pages lib
// Used to implement the loading of custom pages
// 2011, Jean-Karim Bockstael <jeankarim@cblue.be>
require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php';
class CustomPages {
public static function displayPage($page_name, $content=array()) {
$pages_dir = api_get_path(SYS_PATH).'custompages/';
$file_name = $pages_dir.$page_name.'.php';
if (file_exists($file_name)) {
include($file_name);
exit;
}
else {
error_log('CustomPages::displayPage : could not read file '.$file_name);
}
}
public static function getURLImages($url_id = null) {
if (is_null($url_id)) {
$url = 'http://'.$_SERVER['HTTP_HOST'].'/';
$url_id = UrlManager::get_url_id($url);
}
$url_images_dir = api_get_path(SYS_PATH).'custompages/url-images/';
$images = array();
for ($img_id = 1; $img_id <= 3; $img_id++) {
if (file_exists($url_images_dir.$url_id.'_url_image_'.$img_id.'.png')) {
$images[] = api_get_path(WEB_PATH).'custompages/url-images/'.$url_id.'_url_image_'.$img_id.'.png';
}
}
return $images;
}
}
?>

@ -1,126 +1,132 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Code library for login process
*
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
* @author Julio Montoya <gugli100@gmail.com>
* @package chamilo.login
*/
* Code library for login process
*
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
* @author Julio Montoya <gugli100@gmail.com>
* @package chamilo.login
*/
/**
* Class
* @package chamilo.login
*/
class Login
class Login
{
/**
* Get user account list
*
* @param unknown_type $user
* @param boolean $reset
* @param boolean $by_username
* @return unknown
*/
public static function get_user_account_list($user, $reset = false, $by_username = false) {
global $_configuration;
/**
* Get user account list
*
* @param unknown_type $user
* @param boolean $reset
* @param boolean $by_username
* @return unknown
*/
public static function get_user_account_list($user, $reset = false, $by_username = false)
{
global $_configuration;
//$portal_url = $_configuration['root_web'];
$portal_url = api_get_path(WEB_PATH);
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ) {
$url = api_get_access_url($access_url_id);
$portal_url = $url['url'];
}
}
if ($reset) {
if ($by_username) {
$secret_word = self::get_secret_word($user['email']);
if ($reset) {
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$user['uid'];
} else {
$reset_link = get_lang('Pass')." : $user[password]";
}
$user_account_list = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
if ($user_account_list) {
$user_account_list = "\n-----------------------------------------------\n" . $user_account_list;
}
} else {
foreach ($user as $this_user) {
$secret_word = self::get_secret_word($this_user['email']);
if ($reset) {
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$this_user['uid'];
} else {
$reset_link = get_lang('Pass')." : $this_user[password]";
}
$user_account_list[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$this_user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
}
if ($user_account_list) {
$user_account_list = implode("\n-----------------------------------------------\n", $user_account_list);
}
}
} else {
if (!$by_username) {
$user = $user[0];
}
$reset_link = get_lang('Pass')." : $user[password]";
$user_account_list = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';
}
return $user_account_list;
}
/**
* This function sends the actual password to the user
*
* @param unknown_type $user
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function send_password_to_user($user, $by_username = false) {
global $_configuration;
$email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password
$user_account_list = self::get_user_account_list($user, false, $by_username); // BODY
$email_to = $user['email'];
} else {
$user_account_list = self::get_user_account_list($user); // BODY
$email_to = $user[0]['email'];
}
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ) {
$url = api_get_access_url($access_url_id);
$portal_url = $url['url'];
}
}
$email_body = get_lang('YourAccountParam')." ".$portal_url."\n\n$user_account_list";
// SEND MESSAGE
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
return get_lang('your_password_has_been_reset');
} else {
return get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
}
}
/**
* Handle encrypted password, send an email to a user with his password
*
* @param int user id
* @param bool $by_username
*
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function handle_encrypted_password($user, $by_username = false) {
$portal_url = api_get_path(WEB_PATH);
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$url = api_get_access_url($access_url_id);
$portal_url = $url['url'];
}
}
if ($reset) {
if ($by_username) {
$secret_word = self::get_secret_word($user['email']);
if ($reset) {
$reset_link = $portal_url . "main/auth/lostPassword.php?reset=" . $secret_word . "&id=" . $user['uid'];
} else {
$reset_link = get_lang('Pass') . " : $user[password]";
}
$user_account_list = get_lang('YourRegistrationData') . " : \n" . get_lang('UserName') . ' : ' . $user['loginName'] . "\n" . get_lang('ResetLink') . ' : ' . $reset_link . '';
if ($user_account_list) {
$user_account_list = "\n-----------------------------------------------\n" . $user_account_list;
}
} else {
foreach ($user as $this_user) {
$secret_word = self::get_secret_word($this_user['email']);
if ($reset) {
$reset_link = $portal_url . "main/auth/lostPassword.php?reset=" . $secret_word . "&id=" . $this_user['uid'];
} else {
$reset_link = get_lang('Pass') . " : $this_user[password]";
}
$user_account_list[] = get_lang('YourRegistrationData') . " : \n" . get_lang('UserName') . ' : ' . $this_user['loginName'] . "\n" . get_lang('ResetLink') . ' : ' . $reset_link . '';
}
if ($user_account_list) {
$user_account_list = implode("\n-----------------------------------------------\n", $user_account_list);
}
}
} else {
if (!$by_username) {
$user = $user[0];
}
$reset_link = get_lang('Pass') . " : $user[password]";
$user_account_list = get_lang('YourRegistrationData') . " : \n" . get_lang('UserName') . ' : ' . $user['loginName'] . "\n" . $reset_link . '';
}
return $user_account_list;
}
/**
* This function sends the actual password to the user
*
* @param unknown_type $user
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function send_password_to_user($user, $by_username = false)
{
global $_configuration;
$email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
$email_subject = "[" . api_get_setting('siteName') . "] " . get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password
$user_account_list = self::get_user_account_list($user, false, $by_username); // BODY
$email_to = $user['email'];
} else {
$user_account_list = self::get_user_account_list($user); // BODY
$email_to = $user[0]['email'];
}
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$url = api_get_access_url($access_url_id);
$portal_url = $url['url'];
}
}
$email_body = get_lang('YourAccountParam') . " " . $portal_url . "\n\n$user_account_list";
// SEND MESSAGE
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
return get_lang('your_password_has_been_reset');
} else {
return get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')) . ".</p>";
}
}
/**
* Handle encrypted password, send an email to a user with his password
*
* @param int user id
* @param bool $by_username
*
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function handle_encrypted_password($user, $by_username = false)
{
global $_configuration;
$email_subject = "[" . api_get_setting('siteName') . "] " . get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password
$user_account_list = self::get_user_account_list($user, true, $by_username); // BODY
@ -131,67 +137,648 @@ class Login
}
$secret_word = self::get_secret_word($email_to);
$email_body = get_lang('DearUser')." :\n".get_lang('password_request')."\n";
$email_body .= $user_account_list."\n-----------------------------------------------\n\n";
$email_body = get_lang('DearUser') . " :\n" . get_lang('password_request') . "\n";
$email_body .= $user_account_list . "\n-----------------------------------------------\n\n";
$email_body .= get_lang('PasswordEncryptedForSecurity');
$email_body .= "\n\n".get_lang('Formula').",\n".api_get_setting('administratorName')." ".api_get_setting('administratorSurname')."\n".get_lang('PlataformAdmin')." - ".api_get_setting('siteName');
$email_body .= "\n\n" . get_lang('Formula') . ",\n" . api_get_setting('administratorName') . " " . api_get_setting('administratorSurname') . "\n" . get_lang('PlataformAdmin') . " - " . api_get_setting('siteName');
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
if (api_get_setting('use_custom_pages') == 'true') {
if (CustomPages::enabled()) {
return get_lang('YourPasswordHasBeenEmailed');
} else {
Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
}
} else {
$message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
if (api_get_setting('use_custom_pages') == 'true') {
$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')) . ".</p>";
if (CustomPages::enabled()) {
return $message;
} else {
Display::display_error_message($message, false);
}
}
}
/**
* Gets the secret word
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function get_secret_word($add) {
global $_configuration;
return $secret_word = md5($_configuration['security_key'].$add);
}
/**
* Resets a password
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function reset_password($secret, $id, $by_username = false) {
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$id = intval($id);
$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM ".$tbl_user." WHERE user_id=$id";
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
if ($result && $num_rows > 0) {
$user = Database::fetch_array($result);
} else {
return get_lang('CouldNotResetPassword');
}
if (self::get_secret_word($user['email']) == $secret) { // OK, secret word is good. Now change password and mail it.
$user['password'] = api_generate_password();
$crypted = $user['password'];
$crypted = api_get_encrypted_password($crypted);
$sql = "UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id = $id";
$result = Database::query($sql);
return self::send_password_to_user($user, $by_username);
} else {
return get_lang('NotAllowed');
}
}
/**
* Gets the secret word
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function get_secret_word($add)
{
global $_configuration;
return $secret_word = md5($_configuration['security_key'] . $add);
}
/**
* Resets a password
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
public static function reset_password($secret, $id, $by_username = false)
{
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$id = intval($id);
$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM " . $tbl_user . " WHERE user_id=$id";
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
if ($result && $num_rows > 0) {
$user = Database::fetch_array($result);
} else {
return get_lang('CouldNotResetPassword');
}
if (self::get_secret_word($user['email']) == $secret) { // OK, secret word is good. Now change password and mail it.
$user['password'] = api_generate_password();
$crypted = $user['password'];
$crypted = api_get_encrypted_password($crypted);
$sql = "UPDATE " . $tbl_user . " SET password='$crypted' WHERE user_id = $id";
$result = Database::query($sql);
return self::send_password_to_user($user, $by_username);
} else {
return get_lang('NotAllowed');
}
}
/**
*
* @global bool $is_platformAdmin
* @global bool $is_allowedCreateCourse
* @global object $_user
*/
public static function init_user($user_id, $reset)
{
global $is_platformAdmin;
global $is_allowedCreateCourse;
global $_user;
if (isset($reset) && $reset) { // session data refresh requested
unset($_SESSION['_user']['uidReset']);
$is_platformAdmin = false;
$is_allowedCreateCourse = false;
$_user['user_id'] = $user_id;
if (isset($_user['user_id']) && $_user['user_id'] && !api_is_anonymous()) {
// a uid is given (log in succeeded)
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
$track_e_login = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN);
$sql = "SELECT user.*, a.user_id is_admin, UNIX_TIMESTAMP(login.login_date) login_date
FROM $user_table
LEFT JOIN $admin_table a
ON user.user_id = a.user_id
LEFT JOIN $track_e_login login
ON user.user_id = login.login_user_id
WHERE user.user_id = '" . $_user['user_id'] . "'
ORDER BY login.login_date DESC LIMIT 1";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
// Extracting the user data
$uData = Database::fetch_array($result);
$_user['firstName'] = $uData['firstname'];
$_user['lastName'] = $uData['lastname'];
$_user['mail'] = $uData['email'];
$_user['lastLogin'] = $uData['login_date'];
$_user['official_code'] = $uData['official_code'];
$_user['picture_uri'] = $uData['picture_uri'];
$_user['user_id'] = $uData['user_id'];
$_user['language'] = $uData['language'];
$_user['auth_source'] = $uData['auth_source'];
$_user['theme'] = $uData['theme'];
$_user['status'] = $uData['status'];
$is_platformAdmin = (bool) (!is_null($uData['is_admin']));
$is_allowedCreateCourse = (bool) (($uData ['status'] == 1) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == 4));
ConditionalLogin::check_conditions($uData);
Session::write('_user',$_user);
UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true');
Session::write('is_platformAdmin',$is_platformAdmin);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
// If request_uri is setted we have to go further to have course permissions
if (empty($_SESSION['request_uri']) || !isset($_SESSION['request_uri'])) {
if (isset($_SESSION['noredirection'])) {
//If we just want to reset info without redirecting user
unset($_SESSION['noredirection']);
} else {
LoginRedirection::redirect();
}
}
} else {
header('location:' . api_get_path(WEB_PATH));
//exit("WARNING UNDEFINED UID !! ");
}
} else { // no uid => logout or Anonymous
Session::erase('_user');
Session::erase('_uid');
}
Session::write('is_platformAdmin',$is_platformAdmin);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
} else { // continue with the previous values
$_user = $_SESSION['_user'];
$is_platformAdmin = $_SESSION['is_platformAdmin'];
$is_allowedCreateCourse = $_SESSION['is_allowedCreateCourse'];
}
}
/**
*
* @global bool $is_platformAdmin
* @global bool $is_allowedCreateCourse
* @global object $_user
* @global int $_cid
* @global array $_course
* @global type $_real_cid
* @global type $_courseUser
* @global type $is_courseAdmin
* @global type $is_courseTutor
* @global type $is_courseCoach
* @global type $is_courseMember
* @global type $is_sessionAdmin
* @global type $is_allowed_in_course
*
* @param type $course_id
* @param type $reset
*/
static function init_course($course_id, $reset)
{
global $is_platformAdmin;
global $is_allowedCreateCourse;
global $_user;
global $_cid;
global $_course;
global $_real_cid;
global $_courseUser;
global $is_courseAdmin; //course teacher
global $is_courseTutor; //course teacher - some rights
global $is_courseCoach; //course coach
global $is_courseMember; //course student
global $is_sessionAdmin;
global $is_allowed_in_course;
if (isset($reset) && $reset) {
// Course session data refresh requested or empty data
if ($course_id) {
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY);
$sql = "SELECT course.*, course_category.code faCode, course_category.name faName
FROM $course_table
LEFT JOIN $course_cat_table
ON course.category_code = course_category.code
WHERE course.code = '$course_id'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$course_data = Database::fetch_array($result);
//@TODO real_cid should be cid, for working with numeric course id
$_real_cid = $course_data['id'];
$_cid = $course_data['code'];
$_course = array();
$_course['real_id'] = $course_data['id'];
$_course['id'] = $course_data['code']; //auto-assigned integer
$_course['code'] = $course_data['code'];
$_course['name'] = $course_data['title'];
$_course['title'] = $course_data['title'];
$_course['official_code'] = $course_data['visual_code']; // use in echo
$_course['sysCode'] = $course_data['code']; // use as key in db
$_course['path'] = $course_data['directory']; // use as key in path
$_course['dbName'] = $course_data['db_name']; // use as key in db list
$_course['db_name'] = $course_data['db_name']; // not needed in Chamilo 1.9
$_course['dbNameGlu'] = $_configuration['table_prefix'] . $course_data['db_name'] . $_configuration['db_glue']; // use in all queries //not needed in Chamilo 1.9
$_course['titular'] = $course_data['tutor_name']; // this should be deprecated and use the table course_rel_user
$_course['language'] = $course_data['course_language'];
$_course['extLink']['url'] = $course_data['department_url'];
$_course['extLink']['name'] = $course_data['department_name'];
$_course['categoryCode'] = $course_data['faCode'];
$_course['categoryName'] = $course_data['faName'];
$_course['visibility'] = $course_data['visibility'];
$_course['subscribe_allowed'] = $course_data['subscribe'];
$_course['unubscribe_allowed'] = $course_data['unsubscribe'];
$_course['activate_legal'] = $course_data['activate_legal'];
$_course['show_score'] = $course_data['show_score']; //used in the work tool
Session::write('_cid',$_cid);
Session::write('_course',$_course);
//@TODO real_cid should be cid, for working with numeric course id
Session::write('_real_cid',$_real_cid);
// if a session id has been given in url, we store the session
if (api_get_setting('use_session_mode') == 'true') {
// Database Table Definitions
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
if (!empty($_GET['id_session'])) {
$_SESSION['id_session'] = intval($_GET['id_session']);
$sql = 'SELECT name FROM ' . $tbl_session . ' WHERE id="' . intval($_SESSION['id_session']) . '"';
$rs = Database::query($sql);
list($_SESSION['session_name']) = Database::fetch_array($rs);
} else {
Session::erase('session_name');
Session::erase('id_session');
}
}
if (!isset($_SESSION['login_as'])) {
//Course login
if (isset($_user['user_id'])) {
event_course_login($_course['sysCode'], $_user['user_id'], api_get_session_id());
}
}
} else {
//exit("WARNING UNDEFINED CID !! ");
header('location:' . api_get_path(WEB_PATH));
}
} else {
Session::erase('_cid');
Session::erase('_real_cid');
Session::erase('_course');
if (!empty($_SESSION)) {
foreach ($_SESSION as $key => $session_item) {
if (strpos($key, 'lp_autolunch_') === false) {
continue;
} else {
if (isset($_SESSION[$key])) {
Session::erase($key);
}
}
}
}
//Deleting session info
if (api_get_session_id()) {
Session::erase('id_session');
Session::erase('session_name');
}
}
} else {
// Continue with the previous values
if (empty($_SESSION['_course']) OR empty($_SESSION['_cid'])) { //no previous values...
$_cid = -1; //set default values that will be caracteristic of being unset
$_course = -1;
} else {
$_cid = $_SESSION['_cid'];
$_course = $_SESSION['_course'];
// these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid.
// Moreover, if we want to track a course with another session it can be usefull
if (!empty($_GET['id_session'])) {
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$sql = 'SELECT name FROM ' . $tbl_session . ' WHERE id="' . intval($_SESSION['id_session']) . '"';
$rs = Database::query($sql);
list($_SESSION['session_name']) = Database::fetch_array($rs);
$_SESSION['id_session'] = intval($_GET['id_session']);
}
if (!isset($_SESSION['login_as'])) {
$save_course_access = true;
//The value $_dont_save_user_course_access should be added before the call of global.inc.php see the main/inc/chat.ajax.php file
//Disables the updates in the TRACK_E_COURSE_ACCESS table
if (isset($_dont_save_user_course_access) && $_dont_save_user_course_access == true) {
$save_course_access = false;
}
if ($save_course_access) {
$course_tracking_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
/*
* When $_configuration['session_lifetime'] is too big 100 hours (in order to let users take exercises with no problems)
* the function Tracking::get_time_spent_on_the_course() returns big values (200h) due the condition:
* login_course_date > now() - INTERVAL $session_lifetime SECOND
*
*/
/*
if (isset($_configuration['session_lifetime'])) {
$session_lifetime = $_configuration['session_lifetime'];
} else {
$session_lifetime = 3600; // 1 hour
} */
$session_lifetime = 3600; // 1 hour
$course_code = $_course['sysCode'];
$time = api_get_datetime();
if (isset($_user['user_id']) && !empty($_user['user_id'])) {
//We select the last record for the current course in the course tracking table
//But only if the login date is < than now + max_life_time
$sql = "SELECT course_access_id FROM $course_tracking_table
WHERE user_id = " . intval($_user ['user_id']) . " AND
course_code = '$course_code' AND
session_id = " . api_get_session_id() . " AND
login_course_date > now() - INTERVAL $session_lifetime SECOND
ORDER BY login_course_date DESC LIMIT 0,1";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$i_course_access_id = Database::result($result, 0, 0);
//We update the course tracking table
$sql = "UPDATE $course_tracking_table SET logout_course_date = '$time', counter = counter+1
WHERE course_access_id = " . intval($i_course_access_id) . " AND session_id = " . api_get_session_id();
//error_log($sql);
Database::query($sql);
} else {
$sql = "INSERT INTO $course_tracking_table (course_code, user_id, login_course_date, logout_course_date, counter, session_id)" .
"VALUES('" . $course_code . "', '" . $_user['user_id'] . "', '$time', '$time', '1','" . api_get_session_id() . "')";
//error_log($sql);
Database::query($sql);
}
}
}
}
}
}
/* COURSE / USER REL. INIT */
$session_id = api_get_session_id();
$user_id = isset($_user['user_id']) ? $_user['user_id'] : null;
//Course permissions
$is_courseAdmin = false; //course teacher
$is_courseTutor = false; //course teacher - some rights
$is_courseMember = false; //course student
//Course - User permissions
$is_sessionAdmin = false;
if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
if (isset($user_id) && $user_id && isset($_cid) && $_cid) {
//Check if user is subscribed in a course
$course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT * FROM $course_user_table
WHERE user_id = '" . $user_id . "' AND relation_type <> " . COURSE_RELATION_TYPE_RRHH . "
AND course_code = '$cidReq'";
$result = Database::query($sql);
$cuData = null;
if (Database::num_rows($result) > 0) { // this user have a recorded state for this course
$cuData = Database::fetch_array($result, 'ASSOC');
$is_courseAdmin = (bool) ($cuData['status'] == 1 );
$is_courseTutor = (bool) ($cuData['tutor_id'] == 1 );
$is_courseMember = true;
//Checking if the user filled the course legal agreement
if ($_course['activate_legal'] == 1 && !api_is_platform_admin()) {
$user_is_subscribed = CourseManager::is_user_accepted_legal($user_id, $_course['id'], $session_id);
if (!$user_is_subscribed) {
$url = api_get_path(WEB_CODE_PATH) . 'course_info/legal.php?course_code=' . $_course['code'] . '&session_id=' . $session_id;
header('Location: ' . $url);
exit;
}
}
$_courseUser['role'] = $cuData['role'];
Session::write('_courseUser',$_courseUser);
}
//We are in a session course? Check session permissions
if (!empty($session_id)) {
//I'm not the teacher of the course
if ($is_courseAdmin == false) {
// this user has no status related to this course
// The user is subscribed in a session? The user is a Session coach a Session admin ?
$tbl_session = Database :: get_main_table(TABLE_MAIN_SESSION);
$tbl_session_course = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
//Session coach, session admin, course coach admin
$sql = "SELECT session.id_coach, session_admin_id, session_rcru.id_user
FROM $tbl_session session, $tbl_session_course_user session_rcru
WHERE session_rcru.id_session = session.id AND
session_rcru.course_code = '$_cid' AND
session_rcru.id_user = '$user_id' AND
session_rcru.id_session = $session_id AND
session_rcru.status = 2";
$result = Database::query($sql);
$row = Database::store_result($result);
//I'm a session admin?
if (isset($row) && isset($row[0]) && $row[0]['session_admin_id'] == $user_id) {
$_courseUser['role'] = 'Professor';
$is_courseMember = false;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_courseCoach = false;
$is_sessionAdmin = true;
} else {
//Im a coach or a student?
$sql = "SELECT id_user, status FROM " . $tbl_session_course_user . "
WHERE course_code = '$_cid' AND
id_user = '" . $user_id . "' AND
id_session = '" . $session_id . "'
LIMIT 1";
$result = Database::query($sql);
if (Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$session_course_status = $row['status'];
switch ($session_course_status) {
case '2': // coach - teacher
$_courseUser['role'] = 'Professor';
$is_courseMember = true;
$is_courseTutor = true;
$is_courseCoach = true;
$is_sessionAdmin = false;
if (api_get_setting('extend_rights_for_coach') == 'true') {
$is_courseAdmin = true;
} else {
$is_courseAdmin = false;
}
Session::write('_courseUser',$_courseUser);
break;
case '0': //student
$is_courseMember = true;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
Session::write('_courseUser',$_courseUser);
break;
default:
//unregister user
$is_courseMember = false;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
Session::erase('_courseUser');
break;
}
} else {
//unregister user
$is_courseMember = false;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
Session::erase('_courseUser');
}
}
}
//If I'm the admin platform i'm a teacher of the course
if ($is_platformAdmin) {
$is_courseAdmin = true;
}
}
} else { // keys missing => not anymore in the course - user relation
// course
$is_courseMember = false;
$is_courseAdmin = false;
$is_courseTutor = false;
$is_courseCoach = false;
$is_sessionAdmin = false;
Session::erase('_courseUser');
}
//Checking the course access
$is_allowed_in_course = false;
if (isset($_course)) {
switch ($_course['visibility']) {
case COURSE_VISIBILITY_OPEN_WORLD: //3
$is_allowed_in_course = true;
break;
case COURSE_VISIBILITY_OPEN_PLATFORM : //2
if (isset($user_id) && !api_is_anonymous($user_id)) {
$is_allowed_in_course = true;
}
break;
case COURSE_VISIBILITY_REGISTERED: //1
if ($is_platformAdmin || $is_courseMember) {
$is_allowed_in_course = true;
}
break;
case COURSE_VISIBILITY_CLOSED: //0
if ($is_platformAdmin || $is_courseAdmin) {
$is_allowed_in_course = true;
}
break;
}
}
// check the session visibility
if ($is_allowed_in_course == true) {
//if I'm in a session
if ($session_id != 0) {
if (!$is_platformAdmin) {
// admin and session coach are *not* affected to the invisible session mode
// the coach is not affected because he can log in some days after the end date of a session
$session_visibility = api_get_session_visibility($session_id);
switch ($session_visibility) {
case SESSION_INVISIBLE:
$is_allowed_in_course = false;
break;
}
//checking date
}
}
}
// save the states
Session::write('is_courseAdmin',$is_courseAdmin);
Session::write('is_courseMember',$is_courseMember);
Session::write('is_courseTutor',$is_courseTutor);
Session::write('is_courseCoach',$is_courseCoach);
Session::write('is_allowed_in_course',$is_allowed_in_course);
Session::write('is_sessionAdmin',$is_sessionAdmin);
} else { // continue with the previous values
if (isset($_SESSION ['_courseUser'])) {
$_courseUser = $_SESSION ['_courseUser'];
}
$is_courseAdmin = $_SESSION ['is_courseAdmin'];
$is_courseTutor = $_SESSION ['is_courseTutor'];
$is_courseCoach = $_SESSION ['is_courseCoach'];
$is_courseMember = $_SESSION ['is_courseMember'];
$is_allowed_in_course = $_SESSION ['is_allowed_in_course'];
}
}
/**
*
* @global int $_cid
* @global array $_course
* @global int $_gid
*
* @param int $group_id
* @param bool $reset
*/
static function init_group($group_id, $reset)
{
global $_cid;
global $_course;
global $_gid;
if ($reset) { // session data refresh requested
if ($group_id && $_cid && !empty($_course['real_id'])) { // have keys to search data
$group_table = Database::get_course_table(TABLE_GROUP);
$sql = "SELECT * FROM $group_table WHERE c_id = " . $_course['real_id'] . " AND id = '$group_id'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) { // This group has recorded status related to this course
$gpData = Database::fetch_array($result);
$_gid = $gpData ['id'];
Session::write('_gid',$_gid);
} else {
Session::erase('_gid');
}
} elseif (isset($_SESSION['_gid']) or isset($_gid)) { // Keys missing => not anymore in the group - course relation
Session::erase('_gid');
}
} elseif (isset($_SESSION['_gid'])) { // continue with the previous values
$_gid = $_SESSION ['_gid'];
} else { //if no previous value, assign caracteristic undefined value
$_gid = -1;
}
//set variable according to student_view_enabled choices
if (api_get_setting('student_view_enabled') == "true") {
if (isset($_GET['isStudentView'])) {
if ($_GET['isStudentView'] == 'true') {
if (isset($_SESSION['studentview'])) {
if (!empty($_SESSION['studentview'])) {
// switching to studentview
$_SESSION['studentview'] = 'studentview';
}
}
} elseif ($_GET['isStudentView'] == 'false') {
if (isset($_SESSION['studentview'])) {
if (!empty($_SESSION['studentview'])) {
// switching to teacherview
$_SESSION['studentview'] = 'teacherview';
}
}
}
} elseif (!empty($_SESSION['studentview'])) {
//all is fine, no change to that, obviously
} elseif (empty($_SESSION['studentview'])) {
// We are in teacherview here
$_SESSION['studentview'] = 'teacherview';
}
}
}
}

@ -52,9 +52,8 @@ Class LoginRedirection {
}
// Custom pages
if (api_get_setting('use_custom_pages') == 'true') {
require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';
CustomPages::displayPage('index-logged');
if (CustomPages::enabled()) {
CustomPages::display(CustomPages::INDEX_LOGGED);
}
header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param);
exit();

@ -1,7 +0,0 @@
<?php
/**
* Added to autologin
* @see login_redirection.class.php
*
*/

@ -1312,6 +1312,10 @@ function api_get_course_info_by_id($id = null) {
/* SESSION MANAGEMENT */
/*
* DEPRECATED: @see Session
*/
/**
* Starts the Chamilo session.
*
@ -1323,73 +1327,73 @@ function api_get_course_info_by_id($id = null) {
* @author Olivier Brouckaert
* @param string variable - the variable name to save into the session
*/
function api_session_start($already_installed = true) {
global $_configuration;
/* Causes too many problems and is not configurable dynamically.
if ($already_installed) {
$session_lifetime = 360000;
if (isset($_configuration['session_lifetime'])) {
$session_lifetime = $_configuration['session_lifetime'];
}
//session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
}
*/
if (!isset($_configuration['session_stored_in_db'])) {
$_configuration['session_stored_in_db'] = false;
}
if ($_configuration['session_stored_in_db'] && function_exists('session_set_save_handler')) {
require_once api_get_path(LIBRARY_PATH).'session_handler.class.php';
$session_handler = new session_handler();
@session_set_save_handler(array(& $session_handler, 'open'), array(& $session_handler, 'close'), array(& $session_handler, 'read'), array(& $session_handler, 'write'), array(& $session_handler, 'destroy'), array(& $session_handler, 'garbage'));
}
/*
* Prevent Session fixation bug fixes
* See http://support.chamilo.org/issues/3600
* http://php.net/manual/en/session.configuration.php
* @todo use session_set_cookie_params with some custom admin parameters
*/
//session.cookie_lifetime
//the session ID is only accepted from a cookie
ini_set('session.use_only_cookies', 1);
//HTTPS only if possible
//ini_set('session.cookie_secure', 1);
//session ID in the cookie is only readable by the server
ini_set('session.cookie_httponly', 1);
//Use entropy file
//session.entropy_file
//ini_set('session.entropy_length', 128);
//Do not include the identifier in the URL, and not to read the URL for identifiers.
ini_set('session.use_trans_sid', 0);
session_name('ch_sid');
session_start();
if (!isset($_SESSION['starttime'])) {
$_SESSION['starttime'] = time();
}
if ($already_installed) {
if (empty($_SESSION['checkDokeosURL'])) {
$_SESSION['checkDokeosURL'] = api_get_path(WEB_PATH);
//$_SESSION['session_expiry'] = time() + $session_lifetime; // It is useless at the moment.
} elseif ($_SESSION['checkDokeosURL'] != api_get_path(WEB_PATH)) {
api_session_clear();
//$_SESSION['session_expiry'] = time() + $session_lifetime;
}
}
if ( isset($_SESSION['starttime']) && $_SESSION['starttime'] < time() - $_configuration['session_lifetime'] ) {
$_SESSION['starttime'] = time();
}
}
//function api_session_start($already_installed = true) {
// global $_configuration;
//
// /* Causes too many problems and is not configurable dynamically.
// if ($already_installed) {
// $session_lifetime = 360000;
// if (isset($_configuration['session_lifetime'])) {
// $session_lifetime = $_configuration['session_lifetime'];
// }
// //session_set_cookie_params($session_lifetime,api_get_path(REL_PATH));
// }
// */
//
// if (!isset($_configuration['session_stored_in_db'])) {
// $_configuration['session_stored_in_db'] = false;
// }
// if ($_configuration['session_stored_in_db'] && function_exists('session_set_save_handler')) {
// require_once api_get_path(LIBRARY_PATH).'session_handler.class.php';
// $session_handler = new session_handler();
// @session_set_save_handler(array(& $session_handler, 'open'), array(& $session_handler, 'close'), array(& $session_handler, 'read'), array(& $session_handler, 'write'), array(& $session_handler, 'destroy'), array(& $session_handler, 'garbage'));
// }
//
// /*
// * Prevent Session fixation bug fixes
// * See http://support.chamilo.org/issues/3600
// * http://php.net/manual/en/session.configuration.php
// * @todo use session_set_cookie_params with some custom admin parameters
// */
//
// //session.cookie_lifetime
//
// //the session ID is only accepted from a cookie
// ini_set('session.use_only_cookies', 1);
//
// //HTTPS only if possible
// //ini_set('session.cookie_secure', 1);
//
// //session ID in the cookie is only readable by the server
// ini_set('session.cookie_httponly', 1);
//
// //Use entropy file
// //session.entropy_file
// //ini_set('session.entropy_length', 128);
//
// //Do not include the identifier in the URL, and not to read the URL for identifiers.
// ini_set('session.use_trans_sid', 0);
//
// session_name('ch_sid');
// session_start();
//
// if (!isset($_SESSION['starttime'])) {
// $_SESSION['starttime'] = time();
// }
//
// if ($already_installed) {
// if (empty($_SESSION['checkDokeosURL'])) {
// $_SESSION['checkDokeosURL'] = api_get_path(WEB_PATH);
// //$_SESSION['session_expiry'] = time() + $session_lifetime; // It is useless at the moment.
// } elseif ($_SESSION['checkDokeosURL'] != api_get_path(WEB_PATH)) {
// Session::clear();
// //$_SESSION['session_expiry'] = time() + $session_lifetime;
// }
// }
// if ( isset($_SESSION['starttime']) && $_SESSION['starttime'] < time() - $_configuration['session_lifetime'] ) {
// $_SESSION['starttime'] = time();
// }
//}
/**
* Saves a variable into the session
@ -1399,10 +1403,10 @@ function api_session_start($already_installed = true) {
* @author Olivier Brouckaert
* @param string variable - the variable name to save into the session
*/
function api_session_register($variable) {
global $$variable;
$_SESSION[$variable] = $$variable;
}
//function api_session_register($variable) {
// global $$variable;
// $_SESSION[$variable] = $$variable;
//}
/**
* Removes a variable from the session.
@ -1410,37 +1414,37 @@ function api_session_register($variable) {
* @author Olivier Brouckaert
* @param string variable - the variable name to remove from the session
*/
function api_session_unregister($variable) {
$variable = strval($variable);
if (isset($GLOBALS[$variable])) {
unset ($GLOBALS[$variable]);
}
if (isset($_SESSION[$variable])) {
unset($_SESSION[$variable]);
}
}
//function api_session_unregister($variable) {
// $variable = strval($variable);
// if (isset($GLOBALS[$variable])) {
// unset ($GLOBALS[$variable]);
// }
// if (isset($_SESSION[$variable])) {
// unset($_SESSION[$variable]);
// }
//}
/**
* Clears the session
*
* @author Olivier Brouckaert
*/
function api_session_clear() {
session_regenerate_id();
session_unset();
$_SESSION = array();
}
//function api_session_clear() {
// session_regenerate_id();
// session_unset();
// $_SESSION = array();
//}
/**
* Destroys the session
*
* @author Olivier Brouckaert
*/
function api_session_destroy() {
session_unset();
$_SESSION = array();
session_destroy();
}
//function api_session_destroy() {
// session_unset();
// $_SESSION = array();
// session_destroy();
//}
/* STRING MANAGEMENT */
@ -1560,7 +1564,7 @@ function api_clear_anonymous($db_check = false) {
global $_user;
if (api_is_anonymous($_user['user_id'], $db_check)) {
unset($_user['user_id']);
api_session_unregister('_uid');
Session::erase('_uid');
return true;
}
return false;
@ -1632,10 +1636,10 @@ function api_set_anonymous() {
if ($user_id == 0) {
return false;
}
api_session_unregister('_user');
Session::erase('_user');
$_user['user_id'] = $user_id;
$_user['is_anonymous'] = true;
api_session_register('_user');
Session::write('_user',$_user);
$GLOBALS['_user'] = $_user;
return true;
}
@ -2636,11 +2640,9 @@ function api_not_allowed($print_headers = false, $message = null) {
$course = api_get_course_id();
global $this_section;
if (api_get_setting('use_custom_pages') == 'true' && !isset($_SESSION['_user']['user_id'])) {
if (CustomPages::enabled() && !isset($_SESSION['_user']['user_id'])) {
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
require_once api_get_path(LIBRARY_PATH).'custompages.lib.php';
CustomPages::displayPage('index-unlogged');
exit;
CustomPages::display(CustomPages::INDEX_UNLOGGED);
}
$origin = isset($_GET['origin']) ? $_GET['origin'] : '';
@ -4527,7 +4529,7 @@ function api_is_course_visible_for_user($userid = null, $cid = null) {
$is_courseAdmin = false;
$is_courseCoach = true;
$is_sessionAdmin = false;
api_session_register('_courseUser');
Session::write('_courseUser',$_courseUser);
}
elseif ($row[0]['session_admin_id'] == $userid) {
$_courseUser['role'] = 'Professor';

@ -95,7 +95,7 @@ function online_logout() {
}
require_once api_get_path(SYS_PATH) . 'main/chat/chat_functions.lib.php';
exit_of_chat($uid);
api_session_destroy();
Session::destroy();
global $logout_no_redirect;
if (!$logout_no_redirect) {
header("Location: index.php$query_string");

@ -42,8 +42,17 @@ class Redirect
// {
// return;
// }
$no_redirection = isset($_SESSION['noredirection']) ? $_SESSION['noredirection'] : false;
if($no_redirection){
unset($_SESSION['noredirection']);
return;
}
$url = isset($_SESSION['request_uri']) ? $_SESSION['request_uri'] : '';
unset($_SESSION['request_uri']);
if ($url)
{
self::navigate($url);

@ -0,0 +1,128 @@
<?php
/**
* Session Management
*
* @see ChamiloSession
*
* @license see /license.txt
* @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
*/
class Session implements ArrayAccess
{
static function read($variable, $default = null)
{
return isset($_SESSION[$variable]) ? $_SESSION[$variable] : $default;
}
static function write($variable, $value)
{
$_SESSION[$variable] = $value;
}
static function erase($variable)
{
$variable = (string) $variable;
if (isset($GLOBALS[$variable])) {
unset($GLOBALS[$variable]);
}
if (isset($_SESSION[$variable])) {
unset($_SESSION[$variable]);
}
}
/**
* Returns true if session has variable set up, false otherwise.
*
* @param string $variable
*/
static function has($variable)
{
return isset($_SESSION[$variable]);
}
static function clear()
{
session_regenerate_id();
session_unset();
$_SESSION = array();
}
static function destroy()
{
session_unset();
$_SESSION = array();
session_destroy();
}
/*
* ArrayAccess
*/
public function offsetExists($offset)
{
return isset($_SESSION[$offset]);
}
/**
* It it exists returns the value stored at the specified offset.
* If offset does not exists returns null. Do not trigger a warning.
*
* @param string $offset
* @return any
*/
public function offsetGet($offset)
{
return self::read($offset);
}
public function offsetSet($offset, $value)
{
self::write($offset, $value);
}
public function offsetUnset($offset)
{
unset($_SESSION[$offset]);
}
/**
* Magical methods
*
*/
public function __unset($name)
{
unset($_SESSION[$name]);
}
public function __isset($name)
{
return self::has($name);
}
/**
* It it exists returns the value stored at the specified offset.
* If offset does not exists returns null. Do not trigger a warning.
*
* @param string $name
* @return any
*
*/
function __get($name)
{
return self::read($name);
}
/**
*
* @param string $name
* @param any $value
*/
function __set($name, $value)
{
self::write($name, $value);
}
}

@ -8,7 +8,7 @@
/**
* @package chamilo.library
*/
class session_handler {
class SessionHandler {
// TODO: Hm, these variables are public.
public $connection;

@ -123,7 +123,7 @@ class FileReader implements Iterator
}
protected function convert($text)
{
{
return $this->converter->convert($text);
}

@ -30,7 +30,7 @@ class EncodingConverter extends Converter
if (strtolower($from_encoding) == strtolower($to_encoding)) {
return Converter::identity();
} else {
new self($from_encoding, $to_encoding);
return new self($from_encoding, $to_encoding);
}
}
@ -60,7 +60,12 @@ class EncodingConverter extends Converter
if ($from == $to) {
return $string;
}
api_convert_encoding($string, $to, $from);
return api_convert_encoding($string, $to, $from);
}
function reset()
{
;
}
}

@ -157,7 +157,7 @@ class IndexManager {
}
}
exit_of_chat($uid);
api_session_destroy();
Session::destroy();
$query_string = $query_string ? "$query_string&loggedout=true" : '?loggedout=true';
header("Location: index.php$query_string");
exit();

@ -144,8 +144,8 @@ if (isset($_SESSION['conditional_login']['uid']) && $_SESSION['conditional_login
$_user['user_id'] = $_SESSION['conditional_login']['uid'];
$_user['status'] = $uData['status'];
api_session_register('_user');
api_session_unregister('conditional_login');
Session::write('_user',$_user);
Session::erase('conditional_login');
$uidReset=true;
event_login();
}
@ -332,17 +332,17 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
$_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
@ -352,18 +352,18 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
ConditionalLogin::check_conditions($uData);
$_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
} else {
//This means a secondary admin wants to login so we check as he's a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
@ -374,25 +374,25 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
$_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
}
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
// login failed: username or password incorrect
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect');
exit;
}
@ -494,7 +494,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
error_log('Check the sso_referer URL in your script');
//Request comes from unknown source
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=unrecognize_sso_origin');
exit;
}
@ -536,17 +536,17 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
$_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status'];
api_session_register('_user');
Session::write('_user',$_user);
event_login();
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
$loginFailed = true;
api_session_unregister('_uid');
Session::erase('_uid');
header('Location: index.php?loginFailed=1&error=account_inactive');
exit;
}
@ -659,10 +659,10 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested
$is_allowedCreateCourse = (bool) (($uData ['status'] == 1) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == 4));
ConditionalLogin::check_conditions($uData);
api_session_register('_user');
Session::write('_user',$_user);
UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true');
api_session_register('is_platformAdmin');
api_session_register('is_allowedCreateCourse');
Session::write('is_platformAdmin',$is_platformAdmin);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
// If request_uri is setted we have to go further to have course permissions
if (empty($_SESSION['request_uri']) || !isset($_SESSION['request_uri'])) {
@ -670,7 +670,6 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested
//If we just want to reset info without redirecting user
unset($_SESSION['noredirection']);
} else {
//require_once api_get_path(LIBRARY_PATH).'loginredirection.lib.php'; moved to autologin
LoginRedirection::redirect();
}
}
@ -679,12 +678,12 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested
//exit("WARNING UNDEFINED UID !! ");
}
} else { // no uid => logout or Anonymous
api_session_unregister('_user');
api_session_unregister('_uid');
Session::erase('_user');
Session::erase('_uid');
}
api_session_register('is_platformAdmin');
api_session_register('is_allowedCreateCourse');
Session::write('is_platformAdmin',$is_platformAdmin);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
} else { // continue with the previous values
$_user = $_SESSION['_user'];
$is_platformAdmin = $_SESSION['is_platformAdmin'];
@ -735,11 +734,11 @@ if (isset($cidReset) && $cidReset) {
$_course['activate_legal'] = $course_data['activate_legal'];
$_course['show_score'] = $course_data['show_score']; //used in the work tool
api_session_register('_cid');
api_session_register('_course');
Session::write('_cid',$_cid);
Session::write('_course',$_course);
//@TODO real_cid should be cid, for working with numeric course id
api_session_register('_real_cid');
Session::write('_real_cid',$_real_cid);
// if a session id has been given in url, we store the session
if (api_get_setting('use_session_mode') == 'true') {
@ -754,8 +753,8 @@ if (isset($cidReset) && $cidReset) {
$rs = Database::query($sql);
list($_SESSION['session_name']) = Database::fetch_array($rs);
} else {
api_session_unregister('session_name');
api_session_unregister('id_session');
Session::erase('session_name');
Session::erase('id_session');
}
}
@ -770,9 +769,9 @@ if (isset($cidReset) && $cidReset) {
header('location:'.api_get_path(WEB_PATH));
}
} else {
api_session_unregister('_cid');
api_session_unregister('_real_cid');
api_session_unregister('_course');
Session::erase('_cid');
Session::erase('_real_cid');
Session::erase('_course');
if (!empty($_SESSION)) {
foreach($_SESSION as $key=>$session_item) {
@ -780,15 +779,15 @@ if (isset($cidReset) && $cidReset) {
continue;
} else {
if(isset($_SESSION[$key])) {
api_session_unregister($key);
Session::erase($key);
}
}
}
}
//Deleting session info
if (api_get_session_id()) {
api_session_unregister('id_session');
api_session_unregister('session_name');
Session::erase('id_session');
Session::erase('session_name');
}
}
} else {
@ -912,7 +911,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
}
}
$_courseUser['role'] = $cuData['role'];
api_session_register('_courseUser');
Session::write('_courseUser',$_courseUser);
}
//We are in a session course? Check session permissions
@ -974,14 +973,14 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
} else {
$is_courseAdmin = false;
}
api_session_register('_courseUser');
Session::write('_courseUser',$_courseUser);
break;
case '0': //student
$is_courseMember = true;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
api_session_register('_courseUser');
Session::write('_courseUser',$_courseUser);
break;
default:
//unregister user
@ -989,7 +988,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
api_session_unregister('_courseUser');
Session::erase('_courseUser');
break;
}
} else {
@ -998,7 +997,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
api_session_unregister('_courseUser');
Session::erase('_courseUser');
}
}
}
@ -1015,7 +1014,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
$is_courseTutor = false;
$is_courseCoach = false;
$is_sessionAdmin = false;
api_session_unregister('_courseUser');
Session::erase('_courseUser');
}
//Checking the course access
@ -1065,13 +1064,13 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) {
}
// save the states
api_session_register('is_courseAdmin');
api_session_register('is_courseMember');
api_session_register('is_courseTutor');
api_session_register('is_courseCoach');
api_session_register('is_allowed_in_course');
Session::write('is_courseAdmin',$is_courseAdmin);
Session::write('is_courseMember',$is_courseMember);
Session::write('is_courseTutor',$is_courseTutor);
Session::write('is_courseCoach',$is_courseCoach);
Session::write('is_allowed_in_course',$is_allowed_in_course);
api_session_register('is_sessionAdmin');
Session::write('is_sessionAdmin',$is_sessionAdmin);
} else { // continue with the previous values
if (isset($_SESSION ['_courseUser'])) {
@ -1095,12 +1094,12 @@ if ((isset($gidReset) && $gidReset) || (isset($cidReset) && $cidReset)) { // ses
if (Database::num_rows($result) > 0) { // This group has recorded status related to this course
$gpData = Database::fetch_array($result);
$_gid = $gpData ['id'];
api_session_register('_gid');
Session::write('_gid',$_gid);
} else {
api_session_unregister('_gid');
Session::erase('_gid');
}
} elseif (isset($_SESSION['_gid']) or isset($_gid)) { // Keys missing => not anymore in the group - course relation
api_session_unregister('_gid');
Session::erase('_gid');
}
} elseif (isset($_SESSION['_gid'])) { // continue with the previous values
$_gid = $_SESSION ['_gid'];

@ -63,7 +63,7 @@ $_setting = array(
if (!empty($_POST['language_list'])) {
$search = array('../', '\\0');
$install_language = str_replace($search, '', urldecode($_POST['language_list']));
api_session_register('install_language');
Session::write('install_language',$install_language);
} elseif (isset($_SESSION['install_language']) && $_SESSION['install_language']) {
$install_language = $_SESSION['install_language'];
} else {

@ -1156,19 +1156,19 @@ function export_exercise($item_id) {
/* Clears the exercise session */
if (isset ($_SESSION['objExercise'])) {
api_session_unregister('objExercise');
Session::erase('objExercise');
}
if (isset ($_SESSION['objQuestion'])) {
api_session_unregister('objQuestion');
Session::erase('objQuestion');
}
if (isset ($_SESSION['objAnswer'])) {
api_session_unregister('objAnswer');
Session::erase('objAnswer');
}
if (isset ($_SESSION['questionList'])) {
api_session_unregister('questionList');
Session::erase('questionList');
}
if (isset ($_SESSION['exerciseResult'])) {
api_session_unregister('exerciseResult');
Session::erase('exerciseResult');
}
// If the object is not in the session:
@ -1183,7 +1183,7 @@ function export_exercise($item_id) {
}
// Saves the object into the session.
api_session_register('objExercise');
Session::write('objExercise',$objExercise);
}
$exerciseTitle = $objExercise->selectTitle();
@ -1197,7 +1197,7 @@ function export_exercise($item_id) {
$questionList = $randomQuestions ? $objExercise->selectRandomList() : $objExercise->selectQuestionList();
// Saves the question list into the session.
api_session_register('questionList');
Session::write('questionList',$questionList);
}
$nbrQuestions = sizeof($questionList);

@ -105,7 +105,7 @@ $myrefresh_id = 0;
if (!empty($_SESSION['refresh']) && $_SESSION['refresh'] == 1) {
// Check if we should do a refresh of the oLP object (for example after editing the LP).
// If refresh is set, we regenerate the oLP object from the database (kind of flush).
api_session_unregister('refresh');
Session::erase('refresh');
$myrefresh = 1;
if ($debug > 0) error_log('New LP - Refresh asked', 0);
}
@ -127,8 +127,8 @@ if (isset($_SESSION['lpobject'])) {
if ($debug > 0) error_log('New LP - Course has changed, discard lp object', 0);
if ($myrefresh == 1) { $myrefresh_id = $oLP->get_id(); }
$oLP = null;
api_session_unregister('oLP');
api_session_unregister('lpobject');
Session::erase('oLP');
Session::erase('lpobject');
} else {
$_SESSION['oLP'] = $oLP;
$lp_found = true;
@ -527,7 +527,7 @@ switch ($action) {
// Remove lp from homepage if it is there.
//$_SESSION['oLP']->toggle_visibility((int)$_GET['lp_id'],'i');
$_SESSION['oLP']->delete(null,(int)$_GET['lp_id'],'remove');
api_session_unregister('oLP');
Session::erase('oLP');
require 'lp_list.php';
}
break;

@ -97,7 +97,7 @@ $_SESSION['lp_mode'] = $_SESSION['oLP']->mode;
// Reinit exercises variables to avoid spacename clashes (see exercise tool)
if (isset($exerciseResult) || isset($_SESSION['exerciseResult'])) {
api_session_unregister($exerciseResult);
Session::erase($exerciseResult);
}
unset($_SESSION['objExercise']);
unset($_SESSION['questionList']);

@ -34,8 +34,8 @@ require_once '../exercice/hotpotatoes.lib.php';
function unset_session_resources() {
$_SESSION['addedresource'] = '';
$_SESSION['addedresourceid'] = '';
api_session_unregister(addedresource);
api_session_unregister(addedresourceid);
Session::erase(addedresource);
Session::erase(addedresourceid);
}
/**
@ -1701,8 +1701,8 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
$link .= $main_course_path.'document'.$docurl.'?'.api_get_cidreq();
$openmethod = 2;
$officedoc = false;
api_session_register('openmethod');
api_session_register('officedoc');
Session::write('openmethod',$openmethod);
Session::write('officedoc',$officedoc);
break;
case 'assignments':
$link .= $main_dir_path.'work/work.php?origin='.$origin;

@ -382,7 +382,7 @@ if ($_GET['source_id']) {
break;
case '5': // coming from learning path
$from_learnpath = 'yes';
api_session_register('from_learnpath');
Session::write('from_learnpath',$from_learnpath);
break;
case '6': // coming from forum: reply
$url = "../phpbb/reply.php?topic=$topic&forum=$forum&parentid=$parentid";

@ -290,7 +290,7 @@ switch ($_GET['action']) {
echo $msg;
$_s_item['id'] = $_GET['item_id'];
$_s_item['name'] = $item['name'];
api_session_register('_s_item');
Session::write('_s_item',$_s_item);
//api_session_register('s_item_name');
//echo "<a href=\"m_item.php?action=add_classgroup\">".get_lang('MAddClassgroup')."</a>";
$table = new SortableTable('itemrights', array ('Rsys', 'get_num_itemrights'), array ('Rsys', 'get_table_itemrights'), 1);

@ -29,8 +29,8 @@ include(api_get_path(SYS_CODE_PATH).'exercice/hotpotatoes.lib.php');
function unset_session_resources() {
$_SESSION['addedresource']='';
$_SESSION['addedresourceid']='';
api_session_unregister('addedresource');
api_session_unregister('addedresourceid');
Session::erase('addedresource');
Session::erase('addedresourceid');
}
/**

@ -320,7 +320,7 @@ if ($_GET["source_id"])
break;
case "5" : // coming from learning path
$from_learnpath = 'yes';
api_session_register('from_learnpath');
Session::write('from_learnpath',$from_learnpath);
break;
case "6" : // coming from forum: reply
$url = "../phpbb/reply.php?topic=$topic&forum=$forum&parentid=$parentid";

@ -33,7 +33,7 @@ $_SESSION['id_session'] = $session_id;
// Clear the exercise session just in case
if (isset ($_SESSION['objExercise'])) {
api_session_unregister('objExercise');
Session::erase('objExercise');
}
$session_info = SessionManager::fetch($session_id);

@ -139,24 +139,24 @@ class TestMainApi extends UnitTestCase {
function testApiSessionStart(){
if (!headers_sent()) {
$res = api_session_start($already_sintalled=true);
$res = Chamilo::session()->start($already_sintalled=true);
}
$this->assertTrue(is_null($res));
}
function testApiSessionRegister(){
$$variable[session_register]=false;
global $$variable;
if (!headers_sent()) {
$res=api_session_register($$variable);
}
$this->assertTrue(is_null($res));
$this->assertTrue(is_null($variable[session_register]));
}
// function testApiSessionRegister(){
// $$variable[session_register]=false;
// global $$variable;
// if (!headers_sent()) {
// $res=Session::register($$variable, $$variable);
// }
// $this->assertTrue(is_null($res));
// $this->assertTrue(is_null($variable[session_register]));
// }
function testApiSessionUnregister() {
$variable=strval($variable);
$res=api_session_unregister($variable);
$res=Session::erase($variable);
$this->assertTrue(is_null($res));
$this->assertTrue(is_null($_SESSION[$variable]=null));
}
@ -164,7 +164,7 @@ class TestMainApi extends UnitTestCase {
function testApiSessionClear() {
$variable = 'test';
if (!headers_sent()) {
$res=api_session_clear($variable);
$res=Session::clear($variable);
}
$this->assertTrue(is_null($res));
//var_dump($res);
@ -172,7 +172,7 @@ class TestMainApi extends UnitTestCase {
function testApiSessionDestroy(){
if (!headers_sent()) {
$res=api_session_destroy();
$res=Session::destroy();
}
$this->assertTrue(is_null($res));
//var_dump($res);

@ -13,14 +13,14 @@ class TestSessionHandler extends UnitTestCase {
$this->UnitTestCase('Session handler library - main/inc/lib/session_handler.class.test.php');
}
function testClose() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$res=$instancia->close();
$this->assertTrue(is_bool($res));
//var_dump($res);
}
function testdestroy() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$sess_id='';
$res=$instancia->destroy($sess_id);
$this->assertTrue(is_bool($res));
@ -28,7 +28,7 @@ class TestSessionHandler extends UnitTestCase {
}
function testgarbage() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$lifetime='';
$res=$instancia->garbage($lifetime);
$this->assertTrue(is_bool($res));
@ -36,7 +36,7 @@ class TestSessionHandler extends UnitTestCase {
}
function testopen() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$path='';
$name='';
$res=$instancia->open($path,$name);
@ -45,7 +45,7 @@ class TestSessionHandler extends UnitTestCase {
}
function testread() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$sess_id='';
$res=$instancia->read($sess_id);
$this->assertTrue(is_string($res));
@ -64,14 +64,14 @@ class TestSessionHandler extends UnitTestCase {
*/
function testsqlClose() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$res=$instancia->sqlClose();
$this->assertTrue(is_bool($res));
//var_dump($res);
}
function testsqlConnect() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$res=$instancia->sqlConnect();
$this->assertTrue(is_bool($res));
//var_dump($res);
@ -84,7 +84,7 @@ class TestSessionHandler extends UnitTestCase {
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query = 'select user_id from '.$tbl_user;
$instancia = new session_handler();
$instancia = new SessionHandler();
$instancia->connection_handler = mysql_connect($_configuration['db_host'],
$_configuration['db_user'],
$_configuration['db_password']);
@ -96,7 +96,7 @@ class TestSessionHandler extends UnitTestCase {
}
function testwrite() {
$instancia = new session_handler();
$instancia = new SessionHandler();
$sess_id='';
$sess_value='';
$res=$instancia->write($sess_id,$sess_value);

@ -168,8 +168,8 @@ function create_test_course($course_code = 'TESTCOURSE') {
$_course['subscribe_allowed'] = $cData['subscribe' ];
$_course['unubscribe_allowed'] = $cData['unsubscribe' ];
api_session_register('_cid');
api_session_register('_course');
Session::write('_cid',$_cid);
Session::write('_course',$_course);
}
/* Load the session */
@ -206,7 +206,7 @@ function delete_test_course($course_code = 'TESTCOURSE') {
// Check api session destroy
if (!headers_sent() && session_id() != "") {
$res=api_session_destroy();
$res=Session::destroy();
}
}
}

@ -186,4 +186,4 @@ $controller->tpl->assign('classes_block', $controller->return_classes_block(
$controller->tpl->display_two_col_template();
// Deleting the session_id.
api_session_unregister('session_id');
Session::erase('session_id');
Loading…
Cancel
Save