chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ask for login after direct link to a course - ref #6768

Browse Source
1.9.x
Hubert Borderiou 12 years ago
parent c49d736077
commit 301fb962da
9 changed files with 280 additions and 101 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 44
      index.php
  2. 19
      main/auth/cas/authcas.php
  3. 11
      main/auth/cas/logincas.php
  4. 55
      main/auth/gotocourse.php
  5. 4
      main/course_home/course_home.php
  6. 3
      main/inc/lib/display.lib.php
  7. 102
      main/inc/lib/main_api.lib.php
  8. 20
      main/inc/local.inc.php
  9. 7
      main/template/default/layout/menu.tpl

44
index.php
Unescape View File

@ -5,11 +5,12 @@
* @package chamilo.main
*/
use \ChamiloSession as Session;
define('CHAMILO_HOMEPAGE', true);
$language_file = array('courses', 'index', 'userInfo');
$language_file = array('courses', 'index');
/* Flag forcing the 'current course' reset, as we're not inside a course anymore. */
// Maybe we should change this into an api function? an example: CourseManager::unset();
@ -66,9 +67,7 @@ $_setting['display_courses_to_anonymous_users'] = 'true';
/**
* Registers in the track_e_default table (view in important activities in admin
* interface) a possible attempted break in, sending auth data through get.
* @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled.
* The real use of this code block should be seriously considered as well.
* This form should just use a security token and get done with it.
* @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it.
*/
if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
$i = api_get_anonymous_id();
@ -138,20 +137,7 @@ if (api_is_facebook_auth_activated() && !api_get_user_id()) {
facebook_connect();
}
// before login plugin conditions
$showLoginForm = true;
if (api_is_anonymous()) {
if (!isset($_SESSION['before_login_accepted'])) {
if (in_array('before_login', $controller->tpl->plugin->get_installed_plugins())) {
$languageToActivate = api_get_plugin_setting('before_login', 'language');
if (api_get_interface_language() == $languageToActivate) {
$showLoginForm = false;
}
}
}
}
$controller->set_login_form($showLoginForm);
$controller->set_login_form();
//@todo move this inside the IndexManager
if (!api_is_anonymous()) {
@ -177,14 +163,12 @@ if (!isset($_REQUEST['include'])) {
$announcements_block = $controller->return_announcements();
}
global $_configuration;
//hiding global announcements when user not connected
if (empty($_configuration['hide_global_announcements_when_not_connected']) || !empty($_user['user_id'])) {
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('announcements_block', $announcements_block);
}
$controller->tpl->assign('home_page_block', $controller->return_home_page());
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
$controller->tpl->assign('notice_block', $controller->return_notice());
$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
$controller->tpl->assign('help_block', $controller->return_help());
@ -193,6 +177,16 @@ if (api_is_platform_admin() || api_is_drh()) {
$controller->tpl->assign('skills_block', $controller->return_skills_links());
}
// direct login to course
if (isset($_GET['firstpage'])) {
api_set_firstpage_parameter($_GET['firstpage']);
// if we are already logged, go directly to course
if (api_user_is_login()) {
echo "<script type='text/javascript'>self.location.href='index.php?firstpage=".$_GET['firstpage']."'</script>";
}
}
else {
api_delete_firstpage_parameter();
}
$controller->tpl->display_two_col_template();
#api_block_anonymous_users
#isset ($_user['user_id'])

19
main/auth/cas/authcas.php
Unescape View File

@ -169,4 +169,23 @@ function cas_logout()
phpCAS::logoutWithRedirectService(api_get_path(WEB_PATH));
}
/*
* Return the direct URL to a course code with CAS login
*/
function get_cas_direct_URL($in_course_code) {
return api_get_path(WEB_PATH).'main/auth/cas/logincas.php?firstpage='.$in_course_code;
}
function getCASLogoHTML() {
$out_res = "";
if (api_get_setting("casLogoURL") != "") {
$out_res = "<img src='".api_get_setting("casLogoURL")."' alt='CAS Logo' />";
}
return $out_res;
}
?>

11
main/auth/cas/logincas.php
Unescape View File

@ -22,9 +22,9 @@ global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
If we are not logged and in our browser enter an URL with a name of a course
e.g. http://www.chamilo.fr/chamilo/courses/COURSTESTOSETE/?id_session=0
we go to page api_not_allowed :
> Vous n'êtes pas autorisé à accéder à cette page.
> Soit votre connexion a expiré, soit vous essayez d'accéder à une page pour laquelle vous ne disposez pas des permissions suffisantes.
> Veuillez vous identifier à nouveau depuis la page d'accueil
> Vous n'etes pas autorise e acceder e cette page.
> Soit votre connexion a expire, soit vous essayez d'acceder e une page pour laquelle vous ne disposez pas des permissions suffisantes.
> Veuillez vous identifier e nouveau depuis la page d'accueil
If we click on the link to go to homepage, some datas are entered in $_SESSION and if we enter our CAS loggin, we go to api_not_allowad_page again
and again
As a result, if we are not logged on, we have to destroy the session variables, before calling CAS page
@ -34,6 +34,11 @@ if (api_is_anonymous()) {
}
if (cas_configured()) {
$firstpage = "";
if (isset($_GET['firstpage'])) {
$firstpage = $_GET['firstpage'];
setcookie("GotoCourse", $firstpage);
}
if (!is_object($PHPCAS_CLIENT) ) {
phpCAS::client($cas_auth_ver,$cas_auth_server,$cas_auth_port,$cas_auth_uri);
phpCAS::setNoCasServerValidation();

55
main/auth/gotocourse.php
Unescape View File

@ -0,0 +1,55 @@
<?php
/* For licensing terms, see /license.txt */
/*
* Author : hubert.borderiou@grenet.fr
* Allow the user to login to a course after reaching a course URL like
* http://chamilo.chamilo.org/courses/MYCOURSE/?id_session=0
* See https://support.chamilo.org/issues/6768
*/
require('../inc/global.inc.php');
require_once(api_get_path(SYS_PATH).'main/auth/cas/authcas.php');
if (isset($_GET['firstpage'])) {
$firstpage = $_GET['firstpage'];
// if course is public, go to course without auth
$tab_course_info = api_get_course_info($firstpage);
api_set_firstpage_parameter($firstpage);
$tpl = new Template(null, 1, 1);
$action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
$action = str_replace('&amp;', '&', $action);
$form = new FormValidator('formLogin', 'post', $action, null, array('class'=>'form-stacked'));
$form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'span3 autocapitalize_off')); //new
$form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'span3')); //new
$form->addElement('style_submit_button', 'submitAuth', get_lang('LoginEnter'), array('class' => 'btn span3'));
// see same text in main_api.lib.php function api_not_allowed
if (api_is_cas_activated()) {
$msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", array('align'=>'center'));
$msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
$msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
$msg .= "<div style='display:none;'>";
}
$msg .= '<div class="well_login">';
$msg .= $form->return_form();
$msg .='</div>';
if (api_is_cas_activated()) {
$msg .= "</div>";
}
$msg .= '<hr/><p style="text-align:center"><a href="'.api_get_path(WEB_PATH).'">'.get_lang('ReturnToCourseHomepage').'</a></p>';
$tpl->assign('content', '<h4>'.get_lang('LoginToGoToThisCourse').'</h4>'.$msg);
$tpl->display_one_col_template();
}
else {
api_delete_firstpage_parameter();
Header('Location: '.api_get_path(WEB_PATH).'index.php');
}

4
main/course_home/course_home.php
Unescape View File

@ -261,5 +261,9 @@ $content = '<div id="course_tools">'.$content.'</div>';
$tpl = new Template(null);
$tpl->assign('message', $show_message);
$tpl->assign('content', $content);
// direct login to course
$tpl->assign('course_code', $course_code);
$tpl->display_one_col_template();
Session::erase('_gid');

3
main/inc/lib/display.lib.php
Unescape View File

@ -49,6 +49,9 @@ class Display {
if (!empty($page_header)) {
self::$global_template->assign('header', $page_header);
}
self::$global_template->assign('course_code', api_get_course_id());
echo self::$global_template->show_header_template();
}

102
main/inc/lib/main_api.lib.php
Unescape View File

@ -2955,11 +2955,10 @@ function api_not_allowed($print_headers = false, $message = null) {
$origin = isset($_GET['origin']) ? $_GET['origin'] : '';
$msg = null;
if (isset($message)) {
$msg = $message;
} else {
$msg = Display::return_message(get_lang('NotAllowedClickBack'), 'error', false);
$msg = Display::return_message(get_lang('NotAllowedClickBack').'<br/><br/><a href="'.$home_url.'">'.get_lang('ReturnToCourseHomepage').'</a>', 'error', false);
}
$msg = Display::div($msg, array('align'=>'center'));
@ -2981,7 +2980,7 @@ function api_not_allowed($print_headers = false, $message = null) {
exit;
}
if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE || $this_section == SECTION_PLATFORM_ADMIN)) {
if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE)) {
//only display form and return to the previous URL if there was a course ID included
if ($user_id != 0 && !api_is_anonymous()) {
@ -2991,24 +2990,35 @@ function api_not_allowed($print_headers = false, $message = null) {
exit;
}
if (!is_null(api_get_course_id())) {
api_set_firstpage_parameter(api_get_course_id());
}
// If the user has no user ID, then his session has expired
$action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
$action = str_replace('&amp;', '&', $action);
$form = new FormValidator('formLogin', 'post', $action, null, array('class'=>'form-stacked'));
//$form->addElement('text', 'login', get_lang('UserName'), array('size' => 17)); //old
$form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'span3 autocapitalize_off')); //new
//$form->addElement('password', 'password', get_lang('Password'), array('size' => 17)); //old
$form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'span3')); //new
$form->addElement('style_submit_button', 'submitAuth', get_lang('LoginEnter'), array('class' => 'btn span3'));
$content = Display::return_message(get_lang('NotAllowed').'<br />'.get_lang('PleaseLoginAgainFromFormBelow').'<br />', 'error', false);
// see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (above)
$content = Display::return_message(get_lang('NotAllowed'), 'error', false);
$content .= '<h4>'.get_lang('LoginToGoToThisCourse').'</h4>';
if (api_is_cas_activated()) {
$content .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$content .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", array('align'=>'center'));
$content .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
$content .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
$content .= "<div style='display:none;'>";
}
$content .= '<div class="well_login">';
$content .= $form->return_form();
$content .='</div>';
if (api_is_cas_activated()) {
$content .= "</div>";
}
$content .= '<hr/><p style="text-align:center"><a href="'.$home_url.'">'.get_lang('ReturnToCourseHomepage').'</a></p>';
$tpl->assign('content', $content);
$tpl->display_one_col_template();
@ -3023,12 +3033,43 @@ function api_not_allowed($print_headers = false, $message = null) {
// Check if the cookies are enabled. If are enabled and if no course ID was included in the requested URL, then the user has either lost his session or is anonymous, so redirect to homepage
if( !isset($_COOKIE['TestCookie']) && empty($_COOKIE['TestCookie']) ) {
$msg = Display::return_message(get_lang('NoCookies').'<br /><br /><a href="'.$home_url.'">'.get_lang('BackTo').' '.get_lang('CampusHomepage').'</a><br />', 'error', false);
} elseif ($message == null){
$msg = Display::return_message(get_lang('NotAllowed').'<br /><br /><a href="'.$home_url.'">'.get_lang('PleaseLoginAgainFromHomepage').'</a><br />', 'error', false);
} else {
$msg = Display::return_message($message.'&nbsp;<a href="'.$home_url.'">'.get_lang('PleaseLoginAgainFromHomepage').'</a><br />', 'error', false);
}
$msg = Display::div($msg, array('align'=>'center'));
else {
// The session is over and we were not in a course,
// or we try to get directly to a private course without being logged
if (!is_null(api_get_course_id())) {
api_set_firstpage_parameter(api_get_course_id());
$action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
$action = str_replace('&amp;', '&', $action);
$form = new FormValidator('formLogin', 'post', $action, null, array('class'=>'form-stacked'));
$form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'span3 autocapitalize_off')); //new
$form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'span3')); //new
$form->addElement('style_submit_button', 'submitAuth', get_lang('LoginEnter'), array('class' => 'btn span3'));
// see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (bellow)
$msg = Display::return_message(get_lang('NotAllowed'), 'error', false);
$msg .= '<h4>'.get_lang('LoginToGoToThisCourse').'</h4>';
if (api_is_cas_activated()) {
$msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", array('align'=>'center'));
$msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
$msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
$msg .= "<div style='display:none;'>";
}
$msg .= '<div class="well_login">';
$msg .= $form->return_form();
$msg .='</div>';
if (api_is_cas_activated()) {
$msg .= "</div>";
}
$msg .= '<hr/><p style="text-align:center"><a href="'.$home_url.'">'.get_lang('ReturnToCourseHomepage').'</a></p>';
}
else {
// we were not in a course, return to home page
$msg = Display::return_message(get_lang('NotAllowed').'<br/><br/><a href="'.$home_url.'">'.get_lang('ReturnToCourseHomepage').'</a><br />', 'error', false);
}
}
// $msg = Display::div($msg, array('align'=>'center'));
$tpl->assign('content', $msg);
$tpl->display_one_col_template();
exit;
@ -6842,3 +6883,34 @@ function api_elog($string, $dump = 0)
{
return api_error_log($string, $dump);
}
/*
* Set the cookie to go directly to the course code $in_firstpage
* after login
*/
function api_set_firstpage_parameter($in_firstpage) {
setcookie("GotoCourse", $in_firstpage);
}
/*
* Delete the cookie to go directly to the course code $in_firstpage
* after login
*/
function api_delete_firstpage_parameter() {
setcookie("GotoCourse", "", time() - 3600);
}
/*
* Return true if course_code for direct course access after login is set
*/
function exist_firstpage_parameter() {
return (isset($_COOKIE['GotoCourse']) && $_COOKIE['GotoCourse'] != "");
}
/*
*
*/
function api_get_firstpage_parameter() {
return $_COOKIE['GotoCourse'];
}

20
main/inc/local.inc.php
Unescape View File

@ -1230,4 +1230,24 @@ if (isset($_cid)) {
Database::query($sql);
}
// direct login to course
if ((isset($cas_login) && $cas_login && exist_firstpage_parameter())
|| ($logging_in && exist_firstpage_parameter())){
$redir_coursecode = api_get_firstpage_parameter();
api_delete_firstpage_parameter(); // delete the cookie
if (CourseManager::course_code_exists($redir_coursecode)) {
$_SESSION['noredirection'] = false;
$_SESSION['request_uri'] = api_get_path(WEB_COURSE_PATH).$redir_coursecode;
}
}
elseif (api_user_is_login() && exist_firstpage_parameter()) {
$redir_coursecode = api_get_firstpage_parameter();
api_delete_firstpage_parameter(); // delete the cookie
if (CourseManager::course_code_exists($redir_coursecode)) {
$_SESSION['noredirection'] = false;
$_SESSION['request_uri'] = api_get_path(WEB_COURSE_PATH).$redir_coursecode;
}
}
Redirect::session_request_uri($logging_in, $user_id);

7
main/template/default/layout/menu.tpl
Unescape View File

@ -42,6 +42,13 @@
</a>
</li>
</ul>
{% else %}
{# direct login to course - no visible if logged and on the index page #}
{% if course_code != "" %}
<ul class="nav pull-right">
<li class="dropdown" style="color:white;"><a href='{{ _p.web }}/main/auth/gotocourse.php?firstpage={{ course_code }}'>{{ "LoginEnter"|get_lang }}</a></li>
</ul>
{% endif %}
{% endif %}
</div>
</div>

Write Preview
Loading…
Cancel
Save