From 490bfb634d9ac972c4de1e85bcd152d92a900f04 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Tue, 20 Sep 2011 20:53:35 +0200 Subject: [PATCH 01/26] Permalink correction --- main/inc/local.inc.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index ad463a0580..fe672a16fe 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -1099,8 +1099,9 @@ if (isset($_cid)) { $sql="UPDATE $tbl_course SET last_visit= '$time' WHERE code='$_cid'"; Database::query($sql); } -if (!empty($_SESSION['request_uri'])){ +if (isset($_SESSION['request_uri']) && !empty($_SESSION['request_uri'])){ $req= $_SESSION['request_uri']; unset($_SESSION['request_uri']); header('Location: '.$req); + exit; } From 594d410207aae5936892ff564236fce0f17ef6ac Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 28 Sep 2011 10:53:59 +0200 Subject: [PATCH 02/26] cusompages and firs login small modifications --- custompages/first_login.php | 3 +++ custompages/index-logged.php | 2 +- custompages/index-unlogged.php | 2 +- custompages/style-ie6.css | 1 + custompages/style.css | 1 + main/inc/lib/loginredirection.lib.php | 3 ++- main/lang/english/trad4all.inc.php | 4 +++- main/lang/french/trad4all.inc.php | 4 +++- 8 files changed, 15 insertions(+), 5 deletions(-) diff --git a/custompages/first_login.php b/custompages/first_login.php index 4a671073d9..c9fac4562e 100644 --- a/custompages/first_login.php +++ b/custompages/first_login.php @@ -67,7 +67,10 @@ if ($_GET['invalid'] == 2) { +

+
+
'.$error_message.'
'; }?> diff --git a/custompages/index-logged.php b/custompages/index-logged.php index 6c76ed80ad..3f3a39f971 100644 --- a/custompages/index-logged.php +++ b/custompages/index-logged.php @@ -1,5 +1,5 @@
- +

diff --git a/custompages/style-ie6.css b/custompages/style-ie6.css index 98c34b7b1c..ed93d6ccec 100644 --- a/custompages/style-ie6.css +++ b/custompages/style-ie6.css @@ -6,6 +6,7 @@ html, body { body { font-family: "Arial Black",sans-serif; font-size: 10pt; + color: #1F3660; width: 100%; text-align: center; /* diff --git a/custompages/style.css b/custompages/style.css index 37ab87151c..eb32456c4d 100644 --- a/custompages/style.css +++ b/custompages/style.css @@ -8,6 +8,7 @@ body { font-size: 10pt; width: 100%; text-align: center; + color: #1F3660; /*background-image: url(images/page-background.png); background-repeat: no-repeat; background-size: 100%; diff --git a/main/inc/lib/loginredirection.lib.php b/main/inc/lib/loginredirection.lib.php index e1821cc36c..919efae272 100644 --- a/main/inc/lib/loginredirection.lib.php +++ b/main/inc/lib/loginredirection.lib.php @@ -11,7 +11,7 @@ Class LoginRedirection { global $param; $param = isset($param) ? $param : ''; $redirect_url = ''; - +/* //If session request url is setted, we go there if (!empty($_SESSION['request_uri'])) { $req = $_SESSION['request_uri']; @@ -19,6 +19,7 @@ Class LoginRedirection { header('location: '.$req); exit(); } + */ if ( api_is_student() && !api_get_setting('student_page_after_login') == '' ){ $redirect_url = html_entity_decode(api_get_setting('student_page_after_login')); diff --git a/main/lang/english/trad4all.inc.php b/main/lang/english/trad4all.inc.php index 9e71c6c9af..dc1baa9c50 100644 --- a/main/lang/english/trad4all.inc.php +++ b/main/lang/english/trad4all.inc.php @@ -1109,4 +1109,6 @@ $SelectFilter = "Select filter"; $ThereIsNoClassScheduledTodayTryPickingAnotherDay = "There is no class scheduled today, try picking another day or add your attendance entry yourself using the action icons."; $AddToCalendar = "Add to calendar"; $RandomPick = "Random pick"; -?> \ No newline at end of file +$FirstLogin = "First login"; +$FirstLoginChangePassword = "This is your first login. Please change your password"; +?> diff --git a/main/lang/french/trad4all.inc.php b/main/lang/french/trad4all.inc.php index 7b47c7c3ac..87fa7f591b 100644 --- a/main/lang/french/trad4all.inc.php +++ b/main/lang/french/trad4all.inc.php @@ -1107,4 +1107,6 @@ $SelectFilter = "Sélectionner le filtre"; $ThereIsNoClassScheduledTodayTryPickingAnotherDay = "Aucune classe n'a été programmée aujourd'hui. Choisissez un autre you ou ajoutez votre classe vous-même en utilisant les icônes d'action."; $AddToCalendar = "Ajouter au calendrier"; $RandomPick = "Sélection aléatoire"; -?> \ No newline at end of file +$FirstLogin = "Première connexion"; +$FirstLoginChangePassword = "C'est votre première connexion, veuillez changer votre mot de passe"; +?> From 9a911908721682c3aa2519023447e2023cb09674 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 28 Sep 2011 11:34:12 +0200 Subject: [PATCH 03/26] Seriousgame mode : adaptaion for chamilo 1882 and documentation of what is it in the code --- main/newscorm/learnpathList.class.php | 2 +- main/newscorm/lp_list.php | 44 +++++++++++++++------------ 2 files changed, 25 insertions(+), 21 deletions(-) diff --git a/main/newscorm/learnpathList.class.php b/main/newscorm/learnpathList.class.php index 923b570057..68823dc6e3 100644 --- a/main/newscorm/learnpathList.class.php +++ b/main/newscorm/learnpathList.class.php @@ -114,7 +114,7 @@ class learnpathList { 'lp_visibility' => $vis, 'lp_published' => $pub, 'lp_prevent_reinit' => $row['prevent_reinit'], - 'seriousgame_mode' => $row['seriousgame_mode'], + 'seriousgame_mode' => $row['seriousgame_mode'], 'lp_scorm_debug' => $row['debug'], 'lp_display_order' => $row['display_order'], 'lp_preview_image' => stripslashes($row['preview_image']), diff --git a/main/newscorm/lp_list.php b/main/newscorm/lp_list.php index c20b1fea63..a630655ab8 100644 --- a/main/newscorm/lp_list.php +++ b/main/newscorm/lp_list.php @@ -350,30 +350,34 @@ if (is_array($flat_list)) { $dsp_publish = Display::return_icon('lp_publish_na.png', get_lang('_no_publish'),'','22'); } - /* MULTIPLE ATTEMPTS OR SERIOUS GAME MODE */ + /* MULTIPLE ATTEMPTS OR SERIOUS GAME MODE + SERIOUSGAME MODE is a special mode where : + * If a user exits the learning path before finishing it, he comes back where he left next time he tries + * When lp status is completed, user can still modify the attempt (adds/time change score, and browse it) + * It is thus a mix betwenn multiple attempt and mono attempt + */ if ($current_session == $details['lp_session']) { - if ($details['seriousgame_mode'] == 1 && $details['lp_prevent_reinit'] == 1) { //seriousgame mode | next = single - dir('serious'); - Display::return_icon('reload_na.png', get_lang('AllowMultipleAttempts'),'','22').''; - 'Prevent reinit' . - ' '; - } - if ($details['seriousgame_mode'] == 0 && $details['lp_prevent_reinit'] == 1) { //single mode | next = multiple - $dsp_reinit = '' . - 'Allow reinit' . - ' '; - } - if ($details['seriousgame_mode'] == 0 && $details['lp_prevent_reinit'] == 0) { //multiple mode | next = seriousgame - $dsp_reinit = '' . - 'Serious game mode' . - ' '; - ' '; - } + if ($details['seriousgame_mode'] == 1 && $details['lp_prevent_reinit'] == 1) { //seriousgame mode | next = single + $dsp_reinit = '' . + 'Prevent reinit' . + ' '; + } + if ($details['seriousgame_mode'] == 0 && $details['lp_prevent_reinit'] == 1) { //single mode | next = multiple + $dsp_reinit = '' . + 'Allow reinit' . + ' '; + } + if ($details['seriousgame_mode'] == 0 && $details['lp_prevent_reinit'] == 0) { //multiple mode | next = seriousgame + $dsp_reinit = '' . + 'Serious game mode' . + ' '; + } } else { - $dsp_reinit = Display::return_icon('reload_na.png', get_lang('AllowMultipleAttempts'),'','22'); + $dsp_reinit .= ''; } + /* FUll screen VIEW */ if ($current_session == $details['lp_session']) { @@ -513,4 +517,4 @@ if (is_array($flat_list)) { echo ""; echo "

"; /* FOOTER */ -Display::display_footer(); \ No newline at end of file +Display::display_footer(); From 213d1576e4695c1a1250514741e822be5476edfe Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 28 Sep 2011 13:25:03 +0200 Subject: [PATCH 04/26] external_loginfo : use separate functions file --- .../auth/external_logininfo/functions.inc.php | 143 ++++++++++++++++++ main/auth/external_logininfo/newUser.php | 130 ++-------------- main/auth/external_logininfo/updateUser.php | 99 +----------- 3 files changed, 153 insertions(+), 219 deletions(-) create mode 100644 main/auth/external_logininfo/functions.inc.php diff --git a/main/auth/external_logininfo/functions.inc.php b/main/auth/external_logininfo/functions.inc.php new file mode 100644 index 0000000000..24630565c5 --- /dev/null +++ b/main/auth/external_logininfo/functions.inc.php @@ -0,0 +1,143 @@ + $user_info['firstname'], + 'lastname' => $user_info['lastname'], + 'status' => $status, + 'admin' => $admin, + 'email' => $user_info['email'], + 'login' => $user_info['username'], + 'language' => $language, + 'password' => DEFAULT_PASSWORD, + 'courses' => $user_info['courses'], + 'profile_link' => $user_info['profile_link'], + 'worldwide_bu' => $user_info['worlwide_bu'], + 'manager' => $user_info['manager'], + 'extra' => array( + 'position_title' => $user_info['position_title'], + 'country' => $user_info['country'], + 'job_family' => $user_info['job_family'], + 'country_bu' => $user_info['country_bu'], + 'worldwide_bu' => $user_info['worldwide_bu'], + 'profile_link' => $user_info['profile_link'], + 'can_send_message' => $can_send_message, + 'update_type' => 'external_logininfo') + ); + + return $u; //Please return false if user does not exist + //return false; +} + +/** + * Return an array with all user info + * @param associative array with at least thes fields setted : + firstname, lastname, status, email, login, password + * @return mixed new user id - if the new user creation succeeds, false otherwise + **/ +function external_add_user($u){ + //Setting default + if (! isset($u['official_code']) ) + $u['official_code'] = ''; + if (! isset($u['language']) ) + $u['language'] = ''; + if (! isset($u['phone']) ) + $u['phone'] = ''; + if (! isset($u['picture_uri']) ) + $u['picture_uri'] = ''; + if (! isset($u['auth_source']) ) + $u['auth_source'] = PLATFORM_AUTH_SOURCE; + if (! isset($u['expiration_date']) ) + $u['expiration_date'] = '0000-00-00 00:00:00'; + if (! isset($u['active']) ) + $u['active'] = 1; + if (! isset($u['hr_dept_id']) ) + $u['hr_dept_id'] = 0; //id of responsible HR + if (! isset($u['extra']) ) + $u['extra'] = null; + if (! isset($u['encrypt_method']) ) + $u['encrypt_method'] = ''; + + $chamilo_uid = UserManager::create_user($u['firstname'], $u['lastname'],$u['status'], $u['email'], $u['login'], $u['password'], $u['official_code'], $u['language'], $u['phone'],$u['picture_uri'], $u['auth_source'], $u['expiration_date'], $u['active'], $u['hr_dept_id'], $u['extra'], $u['encrypt_method']); + return $chamilo_uid; +} +/** + * update user info in database + **/ +function external_update_user($u){ + $updated = UserManager::update_user($u['user_id'], $u['firstname'], $u['lastname'], $u['login'], null, $u['auth_source'], $u['email'], $u['status'], $u['official_code'], $u['phone'], $u['picture_uri'], $u['expiration_date'], $u['active'], $u['creator_id'], $u['hr_dept_id'], $u['extra'], $u['language'],''); + if(!empty($user['courses'])){ + $autoSubscribe = explode('|', $u['courses']); + foreach ($autoSubscribe as $code) { + if (CourseManager::course_exists($code)) { + CourseManager::subscribe_user($_user['user_id'], $code); + } + } + } + // Is User Admin ? + if ($user['admin']){ + $is_platformAdmin = true; + Database::query("INSERT INTO admin values ('$chamilo_uid')"); + } + +} + +?> diff --git a/main/auth/external_logininfo/newUser.php b/main/auth/external_logininfo/newUser.php index 5e60750e07..f3f1a7c949 100644 --- a/main/auth/external_logininfo/newUser.php +++ b/main/auth/external_logininfo/newUser.php @@ -5,134 +5,22 @@ To use it please add this line to main/inc/conf/configuration.php : $extAuthSource["external_logininfo"]["newUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_logininfo/newUser.php"; - You also have to implements the external_get_user_info function in this file. + You also have to implements the external_get_user_info function in functions.inc.php */ - require_once(api_get_path(LIBRARY_PATH).'usermanager.lib.php'); - require_once(api_get_path(LIBRARY_PATH).'course.lib.php'); - define('USERINFO_TABLE', 'userinfo'); - define('DEFAULT_PASSWORD', 'boumbalah'); - -//TODO : Please implements this function for this module to work. -/** - * Gets user info from external source - * @param string login - * @param string password - * @return user array with at least the following fields: - * firstname - * lastname - * status - * email - * login - * password - * or false if no data - **/ -function external_get_user_info($login, $password){ - //Those are the mandatory fields for user creation. - //See external_add_user function for all the fields you can have. - if ($password != DEFAULT_PASSWORD) { - return false; - } - $table = USERINFO_TABLE; - $sql = "SELECT * from $table where username='".Database::escape_string($login)."'"; - $result = Database::query($sql); - - if (Database::num_rows($result) == 0 ) { //false password - return false; - } - $user_info = Database::fetch_assoc($result); - // User status - $admin = false; - switch($user_info['status']){ - case 'admin': - $status = COURSEMANAGER; - $admin = true; - break; - case 'teacher': - $status = COURSEMANAGER; - break; - case 'user': - $status = STUDENT; - break; - default: - $status = STUDENT; - } - // Language - switch($user_info['language']){ - case 'FR' : - $language = 'french'; - break; - case 'EN' : - $language = 'english'; - break; - default : - $language = 'english'; - break; - } - - $u = array( - 'firstname' => $user_info['firstname'], - 'lastname' => $user_info['lastname'], - 'status' => $status, - 'admin' => $admin, - 'email' => $user_info['email'], - 'login' => $user_info['username'], - 'language' => $language, - 'password' => DEFAULT_PASSWORD, - 'courses' => $user_info['courses'], - 'profile_link' => $user_info['profile_link'], - 'worldwide_bu' => $user_info['worlwide_bu'], - 'manager' => $user_info['manager'], - 'country_bu' => $user_info['country_bu'], - 'extra' => array( - 'position_title' => $user_info['position_title'], - 'country' => $user_info['country'], - 'job_family' => $user_info['job_family'], - 'update_type' => 'external_logininfo') - ); - - return $u; //Please return false if user does not exist - //return false; -} - -/** - * Return an array with all user info - * @param associative array with at least thes fields setted : - firstname, lastname, status, email, login, password - * @return mixed new user id - if the new user creation succeeds, false otherwise - **/ -function external_add_user($u){ - //Setting default - if (! isset($u['official_code']) ) - $u['official_code'] = ''; - if (! isset($u['language']) ) - $u['language'] = ''; - if (! isset($u['phone']) ) - $u['phone'] = ''; - if (! isset($u['picture_uri']) ) - $u['picture_uri'] = ''; - if (! isset($u['auth_source']) ) - $u['auth_source'] = PLATFORM_AUTH_SOURCE; - if (! isset($u['expiration_date']) ) - $u['expiration_date'] = '0000-00-00 00:00:00'; - if (! isset($u['active']) ) - $u['active'] = 1; - if (! isset($u['hr_dept_id']) ) - $u['hr_dept_id'] = 0; //id of responsible HR - if (! isset($u['extra']) ) - $u['extra'] = null; - if (! isset($u['encrypt_method']) ) - $u['encrypt_method'] = ''; - - $chamilo_uid = UserManager::create_user($u['firstname'], $u['lastname'],$u['status'], $u['email'], $u['login'], $u['password'], $u['official_code'], $u['language'], $u['phone'],$u['picture_uri'], $u['auth_source'], $u['expiration_date'], $u['active'], $u['hr_dept_id'], $u['extra'], $u['encrypt_method']); - return $chamilo_uid; -} +require_once(api_get_path(LIBRARY_PATH).'usermanager.lib.php'); +require_once(api_get_path(LIBRARY_PATH).'course.lib.php'); +require_once(dirname(__FILE__).'/functions.inc.php'); //MAIN CODE //$login and $password variables are setted in main/inc/local.inc.php -$user = external_get_user_info($login, $password); +if ($password != DEFAULT_PASSWORD) { + $user = false; +} else { + $user = external_get_user_info($login, $password); +} if ($user !== false && ($chamilo_uid = external_add_user($user)) !== false) { //log in the user diff --git a/main/auth/external_logininfo/updateUser.php b/main/auth/external_logininfo/updateUser.php index f4b3ca244f..bfafe5d2b3 100644 --- a/main/auth/external_logininfo/updateUser.php +++ b/main/auth/external_logininfo/updateUser.php @@ -4,105 +4,8 @@ This script must not exit. */ require_once(api_get_path(LIBRARY_PATH).'usermanager.lib.php'); require_once(api_get_path(LIBRARY_PATH).'course.lib.php'); -define('USERINFO_TABLE', 'userinfo'); -//TODO : Please implements this function for this module to work. -/** - * Gets user info from external source - * @param string login - * @param string password - * @return user array with at least the following fields: - * firstname - * lastname - * status - * email - * login - * password - * or false if no data - **/ -function external_get_user_info($login, $password){ - //Those are the mandatory fields for user creation. - //See external_add_user function for all the fields you can have. - $table = USERINFO_TABLE; - $sql = "SELECT * from $table where username='".Database::escape_string($login)."'"; - $result = Database::query($sql); +require_once(dirname(__FILE__).'/functions.inc.php'); - if (Database::num_rows($result) == 0 ) { //false password - return false; - } - $user_info = Database::fetch_assoc($result); - // User status - $admin = false; - switch($user_info['status']){ - case 'admin': - $status = COURSEMANAGER; - $admin = true; - break; - case 'teacher': - $status = COURSEMANAGER; - break; - case 'user': - $status = STUDENT; - break; - default: - $status = STUDENT; - } - // Language - switch($user_info['language']){ - case 'FR' : - $language = 'french'; - break; - case 'EN' : - $language = 'english'; - break; - default : - $language = 'english'; - break; - } - - $u = array( - 'firstname' => $user_info['firstname'], - 'lastname' => $user_info['lastname'], - 'status' => $status, - 'admin' => $admin, - 'email' => $user_info['email'], - 'login' => $user_info['username'], - 'language' => $language, - 'password' => DEFAULT_PASSWORD, - 'courses' => $user_info['courses'], - 'profile_link' => $user_info['profile_link'], - 'worldwide_bu' => $user_info['worlwide_bu'], - 'manager' => $user_info['manager'], - 'country_bu' => $user_info['country_bu'], - 'extra' => array( - 'position_title' => $user_info['position_title'], - 'country' => $user_info['country'], - 'job_family' => $user_info['job_family'], - 'update_type' => 'external_logininfo') - ); - - return $u; //Please return false if user does not exist -} - -/** - * update user info in database - **/ -function external_update_user($u){ - $updated = UserManager::update_user($u['user_id'], $u['firstname'], $u['lastname'], $u['login'], null, $u['auth_source'], $u['email'], $u['status'], $u['official_code'], $u['phone'], $u['picture_uri'], $u['expiration_date'], $u['active'], $u['creator_id'], $u['hr_dept_id'], $u['extra'], $u['language'],''); - if(!empty($user['courses'])){ - $autoSubscribe = explode('|', $u['courses']); - foreach ($autoSubscribe as $code) { - if (CourseManager::course_exists($code)) { - CourseManager::subscribe_user($_user['user_id'], $code); - } - } - } - // Is User Admin ? - if ($user['admin']){ - $is_platformAdmin = true; - Database::query("INSERT INTO admin values ('$chamilo_uid')"); - } - -} //MAIN CODE //$uData variable is set in local.inc.php From ef4fbd56ab7cf56393af3d4b130da915fc255005 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 28 Sep 2011 16:29:40 +0200 Subject: [PATCH 05/26] 6521 : generic lost_password custompage --- custompages/index-unlogged.php | 19 ++++--- custompages/lostpassword.php | 12 +++- main/auth/lostPassword.php | 95 +++++++++++++++++--------------- main/inc/lib/custompages.lib.php | 2 +- main/inc/lib/login.lib.php | 71 +++++++++++++----------- 5 files changed, 113 insertions(+), 86 deletions(-) diff --git a/custompages/index-unlogged.php b/custompages/index-unlogged.php index 5906466f23..371ea315f6 100644 --- a/custompages/index-unlogged.php +++ b/custompages/index-unlogged.php @@ -52,20 +52,22 @@ if (isset($_GET['loginFailed'])){
- +
- '.cblue_get_lang('your_password_has_been_reset').'
'; - }?> +
+ +
'.$error_message.'
'; }?> - +

@@ -77,11 +79,12 @@ if (isset($_GET['loginFailed'])){
diff --git a/custompages/lostpassword.php b/custompages/lostpassword.php index 09b37a930f..be759e1706 100644 --- a/custompages/lostpassword.php +++ b/custompages/lostpassword.php @@ -32,10 +32,16 @@ require_once('language.php'); -'.cblue_get_lang('lang_enter_email_and_well_send_you_password').''; ?> +
+ +
-
    '.$form_error.'
'; +
    '.$content['error'].'
'; }?>
diff --git a/main/auth/lostPassword.php b/main/auth/lostPassword.php index 50e341ff52..c386bea3b2 100644 --- a/main/auth/lostPassword.php +++ b/main/auth/lostPassword.php @@ -15,7 +15,7 @@ * @package chamilo.auth */ // name of the language file that needs to be included -$language_file = 'registration'; +$language_file = array('registration', 'index'); require_once '../inc/global.inc.php'; require_once api_get_path(LIBRARY_PATH).'login.lib.php'; @@ -26,50 +26,59 @@ require_once api_get_path(LIBRARY_PATH).'custompages.lib.php'; // Custom pages // Had to move the form handling in here, because otherwise there would already be some display output. if (api_get_setting('use_custom_pages') == 'true') { - if (isset ($_POST['user']) && isset ($_POST['email'])) { - $user = $_POST['user']; - $email = $_POST['email']; - $condition = ''; - if (!empty($email)) { - $condition = " AND LOWER(email) = '".Database::escape_string($email)."' "; - } - - $tbl_user = Database :: get_main_table(TABLE_MAIN_USER); - $query = " SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, - username AS loginName, password, email, status AS status, - official_code, phone, picture_uri, creator_id - FROM ".$tbl_user." - WHERE ( username = '".Database::escape_string($user)."' $condition ) "; - - $result = Database::query($query); - $num_rows = Database::num_rows($result); - - if ($result && $num_rows > 0) { - if ($num_rows > 1) { - $by_username = false; // more than one user - while ($data = Database::fetch_array($result)) { - $user[] = $data; - } - } else { - $by_username = true; // single user (valid user + email) - $user = Database::fetch_array($result); - } - if ($userPasswordCrypted != 'none') { - Login::handle_encrypted_password($user, $by_username); - } else { - Login::send_password_to_user($user, $by_username); - } - } else { - Display::display_error_message(get_lang('NoUserAccountWithThisEmailAddress')); - } - $msg = Login::reset_password($_GET["reset"], $_GET["id"], true); - CustomPages::displayPage('lostpassword-feedback'); - } - else { - CustomPages::displayPage('lostpassword'); - } + //Reset Password when user goes to the link + if($_GET['reset'] && $_GET['id']){ + $mesg = Login::reset_password($_GET["reset"], $_GET["id"], true); + CustomPages::displayPage('index-unlogged', array('info' => $mesg)); + } + + //Check email/username and do the right thing + if (isset ($_POST['user']) && isset ($_POST['email'])) { + $user = $_POST['user']; + $email = $_POST['email']; + + $condition = ''; + if (!empty($email)) { + $condition = " AND LOWER(email) = '".Database::escape_string($email)."' "; + } + + $tbl_user = Database :: get_main_table(TABLE_MAIN_USER); + $query = " SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, + username AS loginName, password, email, status AS status, + official_code, phone, picture_uri, creator_id + FROM ".$tbl_user." + WHERE ( username = '".Database::escape_string($user)."' $condition ) "; + + $result = Database::query($query); + $num_rows = Database::num_rows($result); + + if ($result && $num_rows > 0) { + if ($num_rows > 1) { + $by_username = false; // more than one user + while ($data = Database::fetch_array($result)) { + $user[] = $data; + } + } else { + $by_username = true; // single user (valid user + email) + $user = Database::fetch_array($result); + } + if ($userPasswordCrypted != 'none') { + //Send email with secret link to user + Login::handle_encrypted_password($user, $by_username); + } else { + Login::send_password_to_user($user, $by_username); + } + } else { + CustomPages::displayPage('lostpassword',array('error' => get_lang('NoUserAccountWithThisEmailAddress'))); + } + } + else { + CustomPages::displayPage('lostpassword'); + } + CustomPages::displayPage('index-unlogged', array('info' => get_lang('YourPasswordHasBeenEmailed'))); } + $tool_name = get_lang('LostPassword'); Display :: display_header($tool_name); diff --git a/main/inc/lib/custompages.lib.php b/main/inc/lib/custompages.lib.php index 57425934cd..d1498402fd 100644 --- a/main/inc/lib/custompages.lib.php +++ b/main/inc/lib/custompages.lib.php @@ -7,7 +7,7 @@ require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php'; class CustomPages { - public static function displayPage($page_name) { + public static function displayPage($page_name, $content=array()) { $pages_dir = api_get_path(SYS_PATH).'custompages/'; $file_name = $pages_dir.$page_name.'.php'; if (file_exists($file_name)) { diff --git a/main/inc/lib/login.lib.php b/main/inc/lib/login.lib.php index 7a313efba6..10ff7c8f4a 100644 --- a/main/inc/lib/login.lib.php +++ b/main/inc/lib/login.lib.php @@ -104,7 +104,10 @@ class Login $email_admin = api_get_setting('emailAdministrator'); if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) { - Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed')); + if (api_get_setting('use_custom_pages') == 'true') + return get_lang('your_password_has_been_reset'); + else + Display::display_confirmation_message(get_lang('your_password_has_been_reset')); } else { $message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".

"; } @@ -118,35 +121,41 @@ class Login * * @author Olivier Cauberghe , Ghent University */ - public static function handle_encrypted_password($user, $by_username = false) { - global $_configuration; - $email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT - - if ($by_username) { // Show only for lost password - $user_account_list = self::get_user_account_list($user, true, $by_username); // BODY - $email_to = $user['email']; - } else { - $user_account_list = self::get_user_account_list($user, true); // BODY - $email_to = $user[0]['email']; - } - - $secret_word = self::get_secret_word($email_to); - $email_body = get_lang('DearUser')." :\n".get_lang('password_request')."\n"; - $email_body .= $user_account_list."\n-----------------------------------------------\n\n"; - $email_body .= get_lang('PasswordEncryptedForSecurity'); - //$email_body .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin'); - $email_body .= "\n\n".get_lang('Formula').",\n".api_get_setting('administratorName')." ".api_get_setting('administratorSurname')."\n".get_lang('PlataformAdmin')." - ".api_get_setting('siteName'); - - $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); - $email_admin = api_get_setting('emailAdministrator'); - - if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) { - Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed')); - } else { - $message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".

"; - Display::display_error_message($message, false); - } - } + public static function handle_encrypted_password($user, $by_username = false) { + global $_configuration; + $email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT + + if ($by_username) { // Show only for lost password + $user_account_list = self::get_user_account_list($user, true, $by_username); // BODY + $email_to = $user['email']; + } else { + $user_account_list = self::get_user_account_list($user, true); // BODY + $email_to = $user[0]['email']; + } + + $secret_word = self::get_secret_word($email_to); + $email_body = get_lang('DearUser')." :\n".get_lang('password_request')."\n"; + $email_body .= $user_account_list."\n-----------------------------------------------\n\n"; + $email_body .= get_lang('PasswordEncryptedForSecurity'); + //$email_body .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin'); + $email_body .= "\n\n".get_lang('Formula').",\n".api_get_setting('administratorName')." ".api_get_setting('administratorSurname')."\n".get_lang('PlataformAdmin')." - ".api_get_setting('siteName'); + + $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); + $email_admin = api_get_setting('emailAdministrator'); + + if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) { + if (api_get_setting('use_custom_pages') == 'true') + return get_lang('YourPasswordHasBeenEmailed'); + else + Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed')); + } else { + $message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(api_get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".

"; + if (api_get_setting('use_custom_pages') == 'true') + return $message; + else + Display::display_error_message($message, false); + } + } /** * Gets the secret word @@ -185,4 +194,4 @@ class Login return get_lang('NotAllowed'); } } -} \ No newline at end of file +} From 8aef17aa8d064f37df94e8eae20d8ff03ac4769c Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Thu, 29 Sep 2011 12:21:04 +0200 Subject: [PATCH 06/26] local.inc.php : adds a $_SESSION['_user]['uidReset'] boolean var that makes next page view reseeting user session content. This is usefull for external script that logs user in --- main/inc/local.inc.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index fe672a16fe..ae9e98ce79 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -182,6 +182,11 @@ $login = isset($_POST["login"]) ? $_POST["login"] : ''; if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) { // uid is in session => login already done, continue with this value $_user['user_id'] = $_SESSION['_user']['user_id']; + //Check if we have to reset user data + //This param can be used to reload user data if user has been logged by external script + if (isset($_SESSION['_user']['uidReset']) && $_SESSION['_user']['uidReset']){ + $uidReset=true; + } } else { if (isset($_user['user_id'])) { unset($_user['user_id']); @@ -608,6 +613,7 @@ if ($gidReq && $gidReq != $gid) { /* USER INIT */ if (isset($uidReset) && $uidReset) { // session data refresh requested + unset($_SESSION['_user']['uidReset']); $is_platformAdmin = false; $is_allowedCreateCourse = false; if (isset($_user['user_id']) && $_user['user_id']) // a uid is given (log in succeeded) From 2841a9b085db3c6bfc250dcd428bbe6b8fb201a5 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Mon, 3 Oct 2011 14:07:19 +0200 Subject: [PATCH 07/26] Custompages : generic registration pages ans css ameliorations --- custompages/registration-feedback.php | 34 ++- custompages/registration.php | 41 ++-- custompages/style-ie6.css | 141 ++++++++---- custompages/style.css | 102 +++++++-- main/auth/inscription.php | 307 +++++++++++--------------- 5 files changed, 348 insertions(+), 277 deletions(-) diff --git a/custompages/registration-feedback.php b/custompages/registration-feedback.php index 839505ef4f..c3388f5859 100644 --- a/custompages/registration-feedback.php +++ b/custompages/registration-feedback.php @@ -1,3 +1,31 @@ - + + Registration + + + + + + + + +
+ +
+
+ +
+ +
+ +
+ + diff --git a/custompages/registration.php b/custompages/registration.php index dbbc4157ee..7e3247c6a2 100644 --- a/custompages/registration.php +++ b/custompages/registration.php @@ -1,7 +1,20 @@ removeElement('extra_mail_notify_invitation'); +$content['form']->removeElement('extra_mail_notify_message'); +$content['form']->removeElement('extra_mail_notify_group_message'); +$content['form']->removeElement('official_code'); +$content['form']->removeElement('phone'); +$content['form']->removeElement('submit'); +$content['form']->removeElement('status'); +$content['form']->removeElement('status'); + ?> @@ -27,26 +40,10 @@ require_once('language.php');
    '.$form_error.'
'; }?> - -
- -
- -
-

- -
- -
- - - -
-
-
+ display(); + ?> +
'); // Button upload document $form->addElement('style_submit_button', 'submitDocument', get_lang('SendDocument'), 'class="upload"'); -$form->add_real_progress_bar('DocumentUpload', 'user_upload'); +$form->add_real_progress_bar('DocumentUpload', 'file'); $defaults = array('index_document' => 'checked="checked"'); @@ -300,4 +300,4 @@ $headers = array(get_lang('Send') , get_lang('Send').' ('.get_lang('Simple').')' echo Display::tabs($headers, array($multiple_form, $simple_form ),'tabs'); // Footer -Display::display_footer(); \ No newline at end of file +Display::display_footer(); From 205946b2ab7324703afb2491cdec6b009de41556 Mon Sep 17 00:00:00 2001 From: Arnaud Ligot Date: Tue, 25 Oct 2011 16:44:14 +0200 Subject: [PATCH 10/26] documentAPI + gestion leaderboard in storage API --- main/document/remote.php | 101 ++++++++++++++++++++++++++++++++ main/newscorm/js/documentapi.js | 28 +++++++++ main/newscorm/js/storageapi.js | 63 +++++++++++++++++++- main/newscorm/lp_controller.php | 7 --- main/newscorm/lp_view.php | 14 +++++ main/newscorm/storageapi.php | 78 +++++++++++++++++++++++- 6 files changed, 279 insertions(+), 12 deletions(-) create mode 100644 main/document/remote.php create mode 100644 main/newscorm/js/documentapi.js diff --git a/main/document/remote.php b/main/document/remote.php new file mode 100644 index 0000000000..98aed730d8 --- /dev/null +++ b/main/document/remote.php @@ -0,0 +1,101 @@ + +// Based on work done for old videoconference application + +// params: +// action=list cidReq=course_Code cwd=folder result: json output + +// I have about 30 minutes to write this peace of code so if somebody has more time, feel free to rewrite it... + + + +/* See license terms in /license.txt */ + +/* FIX for IE cache when using https */ +session_cache_limiter("none"); + +/*==== DEBUG ====*/ +$debug=0; + + +if ($debug>0) +{ + // dump the request + $v = array_keys(get_defined_vars()); + error_log(var_export($v, true),3, '/tmp/log'); + + foreach (array_keys(get_defined_vars()) as $k) { + if ($k == 'GLOBALS') + continue; + error_log($k, 3, '/tmp/log'); + error_log(var_export($$k, true), 3, '/tmp/log'); + } + +} + +/*==== INCLUDE ====*/ +require_once '../inc/global.inc.php'; +api_block_anonymous_users(); +require_once (api_get_path(LIBRARY_PATH)."course.lib.php"); +require_once (api_get_path(LIBRARY_PATH)."document.lib.php"); +require_once ("../newscorm/learnpath.class.php"); + +/*==== Variables initialisation ====*/ +$action = $_REQUEST["action"]; //safe as only used in if()'s +$seek = array('/','%2F','..'); +$destroy = array('','',''); +$cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]); +$cidReq = Security::remove_XSS($cidReq); + +$user_id = api_get_user_id(); +$coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document'; +$_course = CourseManager::get_course_information($cidReq); +if ($_course == null) die ("problem when fetching course information"); + +// stupid variable initialisation for old version of DocumentManager functions. +$_course['path'] = $_course['directory']; +$_course['dbName'] = $_course['db_name']; + +$is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER); + +if ($debug>0) error_log($coursePath, 0); + +// FIXME: check security around $_REQUEST["cwd"] +$cwd = $_REQUEST["cwd"]; + + +// treat /.. +$nParent = 0; // the number of /.. into the url +while (substr($cwd, -3, 3) == "/..") +{ + // go to parent directory + $cwd= substr($cwd, 0, -3); + if (strlen($cwd) == 0) $cwd="/"; + $nParent++; +} +for (;$nParent >0; $nParent--){ + $cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd); +} + +if (strlen($cwd) == 0) $cwd="/"; + +if (Security::check_abs_path($cwd,api_get_path(SYS_PATH))) + die(); + + +if ($action == "list") +{ + /*==== List files ====*/ + if ($debug>0) error_log("sending file list",0); + + // get files list + $files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false); + + // adding download link to files + foreach($files as $k=>$f) + if ($f['filetype'] == 'file') + $files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']); + print json_encode($files); + exit; +} +?> diff --git a/main/newscorm/js/documentapi.js b/main/newscorm/js/documentapi.js new file mode 100644 index 0000000000..ef1a553b61 --- /dev/null +++ b/main/newscorm/js/documentapi.js @@ -0,0 +1,28 @@ +// JS interface enabling scrom content to use main/document/remote.php easily +// CBlue SPRL, Arnaud Ligot + + +lms_documents_list = function(path) { + var result; + $.ajax({ + async: false, + type: "POST", + datatype: "json", + url: "../document/remote.php", + data: { + action: "list", + cwd: path, + cidReq: chamilo_courseCode, + }, + success: function(data) { + result = eval("("+data+")"); + } + }); + return result; +} + +// Accessor object +function DOCUMENTAPIobject() { + this.list = lms_documents_list; +} +var DOCUMENTAPI = new DOCUMENTAPIobject(); diff --git a/main/newscorm/js/storageapi.js b/main/newscorm/js/storageapi.js index dad0b1db7c..50802d515e 100644 --- a/main/newscorm/js/storageapi.js +++ b/main/newscorm/js/storageapi.js @@ -48,6 +48,51 @@ lms_storage_getValue_user = function(sv_key, sv_user) { return result; } +lms_storage_getPosition_user = function(sv_key, sv_user, sv_asc) { + var result; + $.ajax({ + async: false, + type: "POST", + url: "storageapi.php", + data: { + action: "getposition", + svkey: sv_key, + svuser: sv_user, + svcourse: sv_course, + svsco: sv_sco, + svasc: sv_asc + }, + success: function(data) { + result = data; + } + }); + return result; +} + +lms_storage_getLeaders_user = function(sv_key, sv_user, sv_asc, sv_length) { + var result; + $.ajax({ + async: false, + type: "POST", + url: "storageapi.php", + data: { + action: "getleaders", + svkey: sv_key, + svuser: sv_user, + svcourse: sv_course, + svsco: sv_sco, + svasc: sv_asc, + svlength: sv_length + }, + success: function(data) { + result = eval("("+data+")"); + } + }); + return result; +} + + + lms_storage_getAll_user = function(sv_user) { var result; $.ajax({ @@ -61,7 +106,7 @@ lms_storage_getAll_user = function(sv_user) { svsco: sv_sco }, success: function(data) { - result = eval(data); + result = eval("("+data+")"); } }); return result; @@ -162,7 +207,7 @@ lms_storage_stack_getAll_user = function(sv_key, sv_user) { svsco: sv_sco }, success: function(data) { - result = eval(data); + result = eval("("+data+")"); } }); return result; @@ -178,7 +223,7 @@ lms_storage_getAllUsers = function() { action: "usersgetall" }, success: function(data) { - result = eval(data); + result = eval("("+data+")"); } }); return result; @@ -192,6 +237,14 @@ lms_storage_getValue = function(sv_key) { return lms_storage_getValue_user(sv_key, sv_user); } +lms_storage_getPosition = function(sv_key, sv_asc) { + return lms_storage_getPosition_user(sv_key, sv_user, sv_asc); +} + +lms_storage_getLeaders = function(sv_key, sv_asc, sv_length) { + return lms_storage_getLeaders_user(sv_key, sv_user, sv_asc, sv_length); +} + lms_storage_getAll = function() { return lms_storage_getAll_user(sv_user); } @@ -226,6 +279,10 @@ function STORAGEAPIobject() { this.getValue_user = lms_storage_getValue_user; this.getAll = lms_storage_getAll; this.getAll_user = lms_storage_getAll_user; + this.getPosition_user = lms_storage_getPosition_user; + this.getPosition = lms_storage_getPosition; + this.getLeaders_user = lms_storage_getLeaders_user; + this.getLeaders = lms_storage_getLeaders; this.stack_push = lms_storage_stack_push; this.stack_push_user = lms_storage_stack_push_user; this.stack_pop = lms_storage_stack_pop; diff --git a/main/newscorm/lp_controller.php b/main/newscorm/lp_controller.php index 987e6a4196..75eaa88bfb 100644 --- a/main/newscorm/lp_controller.php +++ b/main/newscorm/lp_controller.php @@ -54,13 +54,6 @@ $(window).load(function () { }); '; -// Storage API -$htmlHeadXtra[] = ''; -$htmlHeadXtra[] = ''; // Flag to allow for anonymous user - needs to be set before global.inc.php. $use_anonymous = true; diff --git a/main/newscorm/lp_view.php b/main/newscorm/lp_view.php index e092736cbe..54a9fa5735 100644 --- a/main/newscorm/lp_view.php +++ b/main/newscorm/lp_view.php @@ -120,6 +120,20 @@ if (isset($exerciseResult) || isset($_SESSION['exerciseResult'])) { unset($_SESSION['objExercise']); unset($_SESSION['questionList']); +///// additional APIs +$htmlHeadXtra[] = ''; +// Document API +$htmlHeadXtra[] = ''; +// Storage API +$htmlHeadXtra[] = ''; // FIXME fetch sco and userid from a more reliable source directly in sotrageapi.js +$htmlHeadXtra[] = ''; + /** * Get a link to the corresponding document. */ diff --git a/main/newscorm/storageapi.php b/main/newscorm/storageapi.php index 17f59e2c56..b0a81239cf 100644 --- a/main/newscorm/storageapi.php +++ b/main/newscorm/storageapi.php @@ -5,6 +5,14 @@ require_once('../inc/global.inc.php'); +// variable cleaning... +foreach (Array("svkey", "svvalue") as $key) + //FIXME use chamilo api + $_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]); + +foreach (Array("svuser", "svcourse", "svsco", "svlength", "svasc") as $key) + $_REQUEST[$key] = intval($_REQUEST[$key]); + switch ($_REQUEST['action']) { case "get": print storage_get($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']); @@ -36,10 +44,19 @@ switch ($_REQUEST['action']) { } break; case "stackgetall": - print storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']); + if (storage_can_set($_REQUEST['svuser'])) + print storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']); + break; + case "getposition": + print storage_get_position($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc']); + break; + case "getleaders": + print storage_get_leaders($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc'], $_REQUEST['svlength']); break; case "usersgetall": - print storage_get_all_users(); +// security issue + print "NOT allowed, security issue, see sources"; +// print storage_get_all_users(); break; default: // Do nothing @@ -75,6 +92,63 @@ function storage_get($sv_user, $sv_course, $sv_sco, $sv_key) { return null; } } + +function storage_get_leaders($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length) { + + // get leaders + $sql_leaders = "select u.user_id, firstname, lastname, email, username, sv_value as value + from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." sv, + ".Database::get_main_table(TABLE_MAIN_USER)." u + where u.user_id=sv.user_id + and sco_id = '$sv_sco' + and course_id = '$sv_course' + and sv_key = '$sv_key' + order by sv_value ".($sv_asc ? "ASC": "DESC")." limit $sv_length"; +// $sql_data = "select sv.user_id as user_id, sv_key as variable, sv_value as value +// from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." sv +// where sv.user_id in (select u2.user_id from ($sql_leaders) u2) +// and sco_id = '$sv_sco' +// and course_id = '$sv_course'"; +// $resData = Database::query($sql_data); +// $data = Array(); +// while($row = Database::fetch_assoc($resData)) +// $data[] = $row; // fetching all data +// + $resLeaders = Database::query($sql_leaders); + $result = array(); + while ($row = Database::fetch_assoc($resLeaders)) { + $row["values"] = array(); +// foreach($data as $dataRow) { +// if ($dataRow["user_id"] = $row["user_id"]) +// $row["values"][$dataRow["variable"]] = $dataRow["value"]; +// } + $result[] = $row; + } + return json_encode($result); +} + +function storage_get_position($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length) { + $sql = "select count(list.user_id) as position + from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." search, + ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." list + where search.user_id= '$sv_user' + and search.sco_id = '$sv_sco' + and search.course_id = '$sv_course' + and search.sv_key = '$sv_key' + and list.sv_value ".($sv_asc ? "<=": ">=")." search.sv_value + and list.sco_id = search.sco_id + and list.course_id = search.course_id + and list.sv_key = search.sv_key + order by list.sv_value" ; + $res = Database::query($sql); + if (mysql_num_rows($res) > 0) { + $row = Database::fetch_assoc($res); + return $row['position']; + } + else { + return null; + } +} function storage_set($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value) { $sv_value = mysql_real_escape_string($sv_value); From 73877072bf1daf8e3bfe3949b7e10b1ee2d120df Mon Sep 17 00:00:00 2001 From: JChanim Date: Tue, 25 Oct 2011 23:00:43 +0200 Subject: [PATCH 11/26] download url return content-type incompatible with flash --- main/document/remote.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main/document/remote.php b/main/document/remote.php index 98aed730d8..f9d5e9a086 100644 --- a/main/document/remote.php +++ b/main/document/remote.php @@ -94,7 +94,8 @@ if ($action == "list") // adding download link to files foreach($files as $k=>$f) if ($f['filetype'] == 'file') - $files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']); +// $files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']); + $files[$k]['download'] = api_get_path(WEB_COURSE_PATH).$cidReq."/document".$f['path']; print json_encode($files); exit; } From 294afa11469e91838ab4090a6687f3212338082a Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 26 Oct 2011 17:16:33 +0200 Subject: [PATCH 12/26] externalogin_info : small corrections --- .../auth/external_logininfo/functions.inc.php | 6 +++--- main/auth/external_logininfo/newUser.php | 3 +++ main/auth/external_logininfo/updateUser.php | 20 ++++++++++++++----- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/main/auth/external_logininfo/functions.inc.php b/main/auth/external_logininfo/functions.inc.php index 24630565c5..83becea408 100644 --- a/main/auth/external_logininfo/functions.inc.php +++ b/main/auth/external_logininfo/functions.inc.php @@ -65,7 +65,7 @@ function external_get_user_info($login, $password){ 'status' => $status, 'admin' => $admin, 'email' => $user_info['email'], - 'login' => $user_info['username'], + 'username' => $user_info['username'], 'language' => $language, 'password' => DEFAULT_PASSWORD, 'courses' => $user_info['courses'], @@ -116,14 +116,14 @@ function external_add_user($u){ if (! isset($u['encrypt_method']) ) $u['encrypt_method'] = ''; - $chamilo_uid = UserManager::create_user($u['firstname'], $u['lastname'],$u['status'], $u['email'], $u['login'], $u['password'], $u['official_code'], $u['language'], $u['phone'],$u['picture_uri'], $u['auth_source'], $u['expiration_date'], $u['active'], $u['hr_dept_id'], $u['extra'], $u['encrypt_method']); + $chamilo_uid = UserManager::create_user($u['firstname'], $u['lastname'],$u['status'], $u['email'], $u['username'], $u['password'], $u['official_code'], $u['language'], $u['phone'],$u['picture_uri'], $u['auth_source'], $u['expiration_date'], $u['active'], $u['hr_dept_id'], $u['extra'], $u['encrypt_method']); return $chamilo_uid; } /** * update user info in database **/ function external_update_user($u){ - $updated = UserManager::update_user($u['user_id'], $u['firstname'], $u['lastname'], $u['login'], null, $u['auth_source'], $u['email'], $u['status'], $u['official_code'], $u['phone'], $u['picture_uri'], $u['expiration_date'], $u['active'], $u['creator_id'], $u['hr_dept_id'], $u['extra'], $u['language'],''); + $updated = UserManager::update_user($u['user_id'], $u['firstname'], $u['lastname'], $u['username'], null, $u['auth_source'], $u['email'], $u['status'], $u['official_code'], $u['phone'], $u['picture_uri'], $u['expiration_date'], $u['active'], $u['creator_id'], $u['hr_dept_id'], $u['extra'], $u['language'],''); if(!empty($user['courses'])){ $autoSubscribe = explode('|', $u['courses']); foreach ($autoSubscribe as $code) { diff --git a/main/auth/external_logininfo/newUser.php b/main/auth/external_logininfo/newUser.php index f3f1a7c949..83ae93db04 100644 --- a/main/auth/external_logininfo/newUser.php +++ b/main/auth/external_logininfo/newUser.php @@ -26,7 +26,10 @@ if ($user !== false && ($chamilo_uid = external_add_user($user)) !== false) { //log in the user $loginFailed = false; $_user['user_id'] = $chamilo_uid; + $_user['uidReset'] = true; api_session_register('_user'); + $uidReset=true; + //Autosubscribe to courses if(!empty($user['courses'])){ $autoSubscribe = explode('|', $user['courses']); diff --git a/main/auth/external_logininfo/updateUser.php b/main/auth/external_logininfo/updateUser.php index bfafe5d2b3..bafa6cd4b5 100644 --- a/main/auth/external_logininfo/updateUser.php +++ b/main/auth/external_logininfo/updateUser.php @@ -16,15 +16,25 @@ $user['lastname'] = $new_user['lastname']; $user['status'] = $new_user['status']; $user['admin'] = $new_user['admin']; $user['email'] = $new_user['email']; -$user['username'] = $new_user['login']; +$user['username'] = $new_user['username']; $user['profile_link'] = $new_user['profile_link']; $user['worldwide_bu'] = $new_user['worldwide_bu']; $user['manager'] = $new_user['manager']; $user['country_bu'] = $new_user['country_bu']; $user['extra'] = $new_user['extra']; -if ($new_user !== false) { - $new_user['user_id'] = $uData['user_id']; - external_update_user($new_user); -} +if ($new_user !== false) { //User can login + external_update_user($user); + $loginFailed = false; + $_user['user_id'] = $user['user_id']; + $_user['uidReset'] = true; + $uidReset=true; + api_session_register('_user'); +} else { //User cannot login + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); + exit; +} + ?> From e56e3ceee2cc23830b9f457346a46840f83e8196 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Thu, 17 Nov 2011 10:56:10 +0100 Subject: [PATCH 13/26] css modification : make menu-wrapper wider to avoid siplay bug in IE7 --- main/css/base_chamilo.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/css/base_chamilo.css b/main/css/base_chamilo.css index 2e2da308f5..ef7d20afda 100644 --- a/main/css/base_chamilo.css +++ b/main/css/base_chamilo.css @@ -577,7 +577,7 @@ input.link_alike:hover { ============================================================================== */ #menu-wrapper { - width:200px; + width:230px; float: right; } From 0b59d7e3fb2085739bc9229da5b5bdef7f17a668 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Thu, 17 Nov 2011 10:59:00 +0100 Subject: [PATCH 14/26] 6947: fix redirection problem when updating profile --- main/auth/profile.php | 10 +++++----- main/inc/local.inc.php | 10 +++++++--- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/main/auth/profile.php b/main/auth/profile.php index 3e4389c7e1..bc1d12c6e2 100644 --- a/main/auth/profile.php +++ b/main/auth/profile.php @@ -285,7 +285,7 @@ if (is_profile_editable() && api_get_setting('profile', 'password') == 'true') { // user must enter identical password twice so we can prevent some user errors $form->addRule(array('password1', 'password2'), get_lang('PassTwo'), 'compare'); if (CHECK_PASS_EASY_TO_FIND) { - $form->addRule('password1', get_lang('PassTooEasy').': '.api_generate_password(), 'callback', 'api_check_password'); + $form->addRule('password1', get_lang('CurrentPasswordEmptyOrIncorrect'), 'callback', 'api_check_password'); } } @@ -734,10 +734,10 @@ if ($form->validate()) { } // re-init the system to take new settings into account - $uidReset = true; - include api_get_path(INCLUDE_PATH).'local.inc.php'; + $_SESSION['_user']['uidReset'] = true; + $_SESSION['noredirection'] = true; $_SESSION['profile_update'] = 'success'; - header("Location: ".api_get_self()."?{$_SERVER['QUERY_STRING']}".($filtered_extension && strpos($_SERVER['QUERY_STRING'], '&fe=1') === false ? '&fe=1' : '')); + header("Location: ".api_get_self()."?{$_SERVER['QUERY_STRING']}".($filtered_extension && strpos($_SERVER['QUERY_STRING'], '&fe=1') === false ? '&fe=1' : '')); exit; } @@ -858,4 +858,4 @@ if (api_get_setting('allow_social_tool') == 'true') { echo '
'; $form->display(); } -Display :: display_footer(); \ No newline at end of file +Display :: display_footer(); diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index ae9e98ce79..b191c97680 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -659,10 +659,14 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested api_session_register('is_platformAdmin'); api_session_register('is_allowedCreateCourse'); - // If request_uri is settd we have to go further to have course permissions + // If request_uri is setted we have to go further to have course permissions if (empty($_SESSION['request_uri']) || !isset($_SESSION['request_uri'])) { - require_once api_get_path(LIBRARY_PATH).'loginredirection.lib.php'; - LoginRedirection::redirect(); + if( $_SESSION['noredirection'] ) {//If we just want to rest information without redirecting user + unset($_SESSION['noredirection']); + } else { + require_once api_get_path(LIBRARY_PATH).'loginredirection.lib.php'; + LoginRedirection::redirect(); + } } } else { From c8f50ead465b121ff268f38735c83ae8b6cf9221 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Tue, 13 Dec 2011 14:07:35 +0100 Subject: [PATCH 15/26] Save the progresse and last updated item eachtime we call save_item web service --- main/newscorm/lp_ajax_save_item.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/main/newscorm/lp_ajax_save_item.php b/main/newscorm/lp_ajax_save_item.php index 7485f744e2..599c253ec9 100644 --- a/main/newscorm/lp_ajax_save_item.php +++ b/main/newscorm/lp_ajax_save_item.php @@ -199,6 +199,8 @@ function save_item($lp_id, $user_id, $view_id, $item_id, $score = -1, $max = -1, if ($mylp->get_type() == 2) { $return .= "update_stats();"; } + //To be sure progress is updated + $mylp->save_last(); return $return; //return $objResponse; } From 76695e992e5fa641f80e12fc16ba13357998f77e Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 14 Dec 2011 11:38:40 +0100 Subject: [PATCH 16/26] Renames external_logininfo to external_login --- .../auth/{external_logininfo => external_login}/functions.inc.php | 0 main/auth/{external_logininfo => external_login}/newUser.php | 0 main/auth/{external_logininfo => external_login}/updateUser.php | 0 3 files changed, 0 insertions(+), 0 deletions(-) rename main/auth/{external_logininfo => external_login}/functions.inc.php (100%) rename main/auth/{external_logininfo => external_login}/newUser.php (100%) rename main/auth/{external_logininfo => external_login}/updateUser.php (100%) diff --git a/main/auth/external_logininfo/functions.inc.php b/main/auth/external_login/functions.inc.php similarity index 100% rename from main/auth/external_logininfo/functions.inc.php rename to main/auth/external_login/functions.inc.php diff --git a/main/auth/external_logininfo/newUser.php b/main/auth/external_login/newUser.php similarity index 100% rename from main/auth/external_logininfo/newUser.php rename to main/auth/external_login/newUser.php diff --git a/main/auth/external_logininfo/updateUser.php b/main/auth/external_login/updateUser.php similarity index 100% rename from main/auth/external_logininfo/updateUser.php rename to main/auth/external_login/updateUser.php From 085e9c6414663bdbf7c5f960f3087543921c33e3 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Thu, 15 Dec 2011 17:40:57 +0100 Subject: [PATCH 17/26] EXTLDAP module : new LDAP implementaion with possibility of update at each login --- index.php | 1 - main/auth/external_login/functions.inc.php | 51 +++++-- main/auth/external_login/ldap.conf.php | 96 ++++++++++++ main/auth/external_login/ldap.inc.php | 165 +++++++++++++++++++++ main/auth/external_login/login.ldap.php | 65 ++++++++ main/auth/external_login/newUser.ldap.php | 66 +++++++++ 6 files changed, 433 insertions(+), 11 deletions(-) create mode 100644 main/auth/external_login/ldap.conf.php create mode 100644 main/auth/external_login/ldap.inc.php create mode 100644 main/auth/external_login/login.ldap.php create mode 100644 main/auth/external_login/newUser.ldap.php diff --git a/index.php b/index.php index 5aa62408a4..53054de528 100644 --- a/index.php +++ b/index.php @@ -23,7 +23,6 @@ $cidReset = true; /** @todo Make all the library files consistent, use filename.lib.php and not filename.lib.inc.php. */ require_once 'main/inc/global.inc.php'; - require_once api_get_path(LIBRARY_PATH).'course.lib.php'; require_once api_get_path(LIBRARY_PATH).'events.lib.inc.php'; require_once api_get_path(LIBRARY_PATH).'system_announcements.lib.php'; diff --git a/main/auth/external_login/functions.inc.php b/main/auth/external_login/functions.inc.php index 83becea408..2b7ec51dee 100644 --- a/main/auth/external_login/functions.inc.php +++ b/main/auth/external_login/functions.inc.php @@ -1,6 +1,8 @@ **/ -function external_update_user($u){ +function external_update_user($new_user){ + $old_user = UserManager::get_user_info_by_id($new_user['user_id']); + $u = array_merge($old_user, $new_user); $updated = UserManager::update_user($u['user_id'], $u['firstname'], $u['lastname'], $u['username'], null, $u['auth_source'], $u['email'], $u['status'], $u['official_code'], $u['phone'], $u['picture_uri'], $u['expiration_date'], $u['active'], $u['creator_id'], $u['hr_dept_id'], $u['extra'], $u['language'],''); - if(!empty($user['courses'])){ + if(isset($u['courses']) && !empty($u['courses'])){ $autoSubscribe = explode('|', $u['courses']); foreach ($autoSubscribe as $code) { if (CourseManager::course_exists($code)) { - CourseManager::subscribe_user($_user['user_id'], $code); + CourseManager::subscribe_user($u['user_id'], $code); } } } // Is User Admin ? - if ($user['admin']){ - $is_platformAdmin = true; - Database::query("INSERT INTO admin values ('$chamilo_uid')"); - } + //TODO decomments and check that user_is is not already in admin table + /* + if (isset($u['admin']) && $u['admin']){ + + $table = Database::get_main_table(TABLE_MAIN_ADMIN); + $res = Database::query("SELECT * from $table WHERE user_id = ".$u['user_id']); + }*/ } diff --git a/main/auth/external_login/ldap.conf.php b/main/auth/external_login/ldap.conf.php new file mode 100644 index 0000000000..bc343677ad --- /dev/null +++ b/main/auth/external_login/ldap.conf.php @@ -0,0 +1,96 @@ + 'dc=cblue,dc=be', + //admin distinguished name + 'admin_dn' => 'cn=admin,dc=cblue,dc=be', + //admin password + 'admin_password' => 'Im2ocEGish', + //ldap host + 'host' => '192.168.61.1', + //'port' => , default on 389 + //protocl version (2 or 3) + 'protocol_version' => 3, + //String used to search the user in ldap. %username will ber replaced by the username. + //See extldap_get_user_search_string() function below + 'user_search' => 'uid=%username%', + //encoding used in ldap (most common are UTF-8 and ISO-8859-1 + 'encoding' => 'UTF-8', + //Set to true if user info have to be update at each login + 'update_userinfo' => true +); + +/** + * return the string used to search a user in ldap + * + * @param string username + * @return string the serach string + * @author ndiechburg + **/ +function extldap_get_user_search_string($username) +{ + global $extldap_config; + return str_replace('%username%',$username,$extldap_config['user_search']); +} + +/** + * Correspondance array between chamilo user info and ldap user info + * This array is of this form : + * ' => + * + * If is "func", then the value of will be the return value of the function + * extldap_get_($ldap_array) + * In this cas you will have to declare the extldap_get_ function + * + * If is a string beginning with "!", then the value will be this string without "!" + * + * If is any other string then the value of will be + * $ldap_array[][0] + * + * If is an array then its value will be an array of values with the same rules as above + * + **/ +$extldap_user_correspondance = array( + 'firstname' => 'cn', + 'lastname' => 'sn', + 'status' => 'func', + 'admin' => 'func', + 'email' => 'mail', + 'auth_source' => '!extldap', + //'username' => , + 'language' => '!english', + 'password' => '!PLACEHOLDER', + 'extra' => array( + 'phone' => 'phone') + ); +/** + * Please declare here all the function you use in extldap_user_correspondance + * All these functions must have an $ldap_user parameter. This parameter is the + * array returned by the ldap for the user + **/ +/** + * example function for email + **/ +/* +function extldap_get_email($ldap_user){ + return $ldap_user['cn'].$ldap['sn'].'@gmail.com'; +} + */ +function extldap_get_status($ldap_user){ + return STUDENT; +} +function extldap_get_admin($ldap_user){ + return false; +} + +?> diff --git a/main/auth/external_login/ldap.inc.php b/main/auth/external_login/ldap.inc.php new file mode 100644 index 0000000000..eba2d8f695 --- /dev/null +++ b/main/auth/external_login/ldap.inc.php @@ -0,0 +1,165 @@ + + **/ +function extldap_purify_string($string) +{ + global $extldap_config; + if(isset($extldap_config['encoding'])) { + return trim(api_to_system_encoding($string, $extldap_config['encoding'])); + } + else { + return trim($string); + } +} + +/** + * Establishes a connection to the LDAP server and sets the protocol version + * + * @return resource ldap link identifier or false + * @author ndiechburg + **/ +function extldap_connect() +{ + global $extldap_config; + + //Trying to connect + if (isset($extldap_config['port'])) { + $ds = ldap_connect($extldap_config['host'],$extldap_config['port']); + } else { + $ds = ldap_connect($extldap_config['host']); + } + if (!$ds) { + $port = isset($extldap_config['port']) ? $ldap_config['port'] : 389; + error_log('EXTLDAP ERROR : cannot connect to '.$extldap_config['host'].':'. $port); + return false; + } + + //Setting protocol version + if (isset($extldap_config['protocol_version'])) { + if ( ! ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $extldap_config['protocol_version'])) { + ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2); + } + } + return $ds; +} + +/** + * Authenticate user on external ldap server and return user ldap entry if that succeeds + * + * @return mixed false if user cannot authenticate on ldap, user ldap entry if tha succeeds + * @author ndiechburg + **/ +function extldap_authenticate($username, $password) +{ + global $extldap_config; + + if (empty($username) or empty($password)){ + return false; + } + + $ds = extldap_connect(); + if (!$ds) { + return false; + } + + //Connection as admin to search dn of user + $ldapbind = @ldap_bind($ds, $extldap_config['admin_dn'], $extldap_config['admin_password']); + if ($ldapbind === false){ + error_log('EXTLDAP ERROR : cannot connect with admin login/password'); + return false; + } + $user_search = extldap_get_user_search_string($username); + //Search distinguish name of user + $sr = ldap_search($ds, $extldap_config['base_dn'], $user_search); + if ( !$sr ){ + error_log('EXTLDAP ERROR : ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) failed"); + return false; + } + $entries_count = ldap_count_entries($ds,$sr); + + if ($entries_count > 1) { + error_log('EXTLDAP ERROR : more than one entry for that user ( ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) )"); + return false; + } + if ($entries_count < 1) { + error_log('EXTLDAP ERROR : No entry for that user ( ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) )"); + return false; + } + $users = ldap_get_entries($ds,$sr); + $user = $users[0]; + + //now we try to autenthicate the user in the ldap + $ubind = @ldap_bind($ds, $user['dn'], $password); + if($ubind !== false){ + return $user; + } + else { + error_log('EXTLDAP : Wrong password for '.$user['dn']); + } +} + +/** + * Return an array with userinfo compatible with chamilo using $extldap_user_correspondance + * configuration array declared in ldap.conf.php file + * + * @param array ldap user + * @param array correspondance array (if not set use extldap_user_correspondance declared + * in ldap.conf.php + * @return array userinfo array + * @author ndiechburg + **/ +function extldap_get_chamilo_user($ldap_user, $cor = null) +{ + global $extldap_user_correspondance; + if ( is_null($cor) ) { + $cor = $extldap_user_correspondance; + } + + $chamilo_user =array(); + foreach ($cor as $chamilo_field => $ldap_field) { + if (is_array($ldap_field)){ + $chamilo_user[$chamilo_field] = extldap_get_chamilo_user($ldap_user, $ldap_field); + continue; + } + + switch ($ldap_field) { + case 'func': + $func = "extldap_get_$chamilo_field"; + if (function_exists($func)) { + $chamilo_user[$chamilo_field] = extldap_purify_string($func($ldap_user)); + } else { + error_log("EXTLDAP WARNING : You forgot to declare $func"); + } + break; + default: + //if string begins with "!", then this is a constant + if($ldap_field[0] === '!' ){ + $chamilo_user[$chamilo_field] = trim($ldap_field, "!\t\n\r\0"); + break; + } + if ( isset($ldap_user[$ldap_field][0]) ) { + $chamilo_user[$chamilo_field] = extldap_purify_string($ldap_user[$ldap_field][0]); + } else { + error_log('EXTLDAP WARNING : '.$ldap_field. '[0] field is not set in ldap array'); + + } + break; + } + } + return $chamilo_user; +} +?> diff --git a/main/auth/external_login/login.ldap.php b/main/auth/external_login/login.ldap.php new file mode 100644 index 0000000000..7674bb6a5b --- /dev/null +++ b/main/auth/external_login/login.ldap.php @@ -0,0 +1,65 @@ + diff --git a/main/auth/external_login/newUser.ldap.php b/main/auth/external_login/newUser.ldap.php new file mode 100644 index 0000000000..16ad4337b2 --- /dev/null +++ b/main/auth/external_login/newUser.ldap.php @@ -0,0 +1,66 @@ + From 7e908181e8e874bfb84b5d5916d2416fb5d7da73 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 21 Dec 2011 11:19:38 +0100 Subject: [PATCH 18/26] Avoids login redirection when in anonymous mode --- main/inc/local.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index b191c97680..1dc7c11e20 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -616,7 +616,7 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested unset($_SESSION['_user']['uidReset']); $is_platformAdmin = false; $is_allowedCreateCourse = false; - if (isset($_user['user_id']) && $_user['user_id']) // a uid is given (log in succeeded) + if (isset($_user['user_id']) && $_user['user_id'] && $_user['user_id'] != 2) // a uid is given (log in succeeded) { $user_table = Database::get_main_table(TABLE_MAIN_USER); $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); From fd22453e9617a585c36b33f8f89310da6f97b24d Mon Sep 17 00:00:00 2001 From: Arnaud Ligot Date: Wed, 21 Dec 2011 11:24:56 +0100 Subject: [PATCH 19/26] adding cli.php administration script enabling remote action from support team on customer server --- main/admin/cli.php | 65 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 main/admin/cli.php diff --git a/main/admin/cli.php b/main/admin/cli.php new file mode 100644 index 0000000000..f12a54182e --- /dev/null +++ b/main/admin/cli.php @@ -0,0 +1,65 @@ + 'index.php', 'name' => get_lang('PlatformAdmin')); + +// including the header file (which includes the banner itself) +Display :: display_header($tool_name); + + + +switch ($_GET["cmd"]) { + case "clear_stapi": + echo "Are you sure you are willing to erease all storage api data (no backup)? Yes"; + break; + case "clear_stapi_confirm": + Database::query("delete from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)); + Database::query("delete from ".Database::get_main_table(TABLE_MAIN_STORED_STACK)); + echo "Done"; + break; + default: + echo "UNKNOWN COMMAND"; + break; +} + +/* +============================================================================== + FOOTER +============================================================================== +*/ +Display :: display_footer(); +?> From c0b9cfbfed92fd4589a75c1dca2b91365f233415 Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 21 Dec 2011 13:48:31 +0100 Subject: [PATCH 20/26] External login : better comments in configuration.php file --- main/install/configuration.dist.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php index 7aad927f2f..3420ad3221 100644 --- a/main/install/configuration.dist.php +++ b/main/install/configuration.dist.php @@ -106,10 +106,15 @@ $phpMyAdminPath = ''; // $extAuthSource["ldap"]["login"] = $_configuration['root_sys'].$_configuration['code_append']."auth/ldap/login.php"; // $extAuthSource["ldap"]["newUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/ldap/newUser.php"; // -// To fetch external login information, uncomment thoss 2 lines and modify files auth/external_logininfo/newUser.php and auth/external_logininfo/updateUser.php files -// $extAuthSource["external_logininfo"]["newUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_logininfo/newUser.php"; -// $extAuthSource["external_logininfo"]["updateUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_logininfo/updateUser.php"; - +// To fetch external login information, uncomment those 2 lines and modify files auth/external_login/newUser.php and auth/external_login/updateUser.php files +// $extAuthSource["external_login"]["newUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_login/newUser.php"; +// $extAuthSource["external_login"]["updateUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_login/updateUser.php"; +// +//NEW LDAP IMPLEMENTATION BASED ON external_logininfo +// Please edit main/auth/external_login/ldap.conf.php +//$extAuthSource["extldap"]["login"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_login/login.ldap.php"; +//$extAuthSource["extldap"]["newUser"] = $_configuration['root_sys'].$_configuration['code_append']."auth/external_ldap/newUser.ldap.php"; +// //============================================================================ // Misc. settings //============================================================================ From 2f6d64efbed32d5d9c87e594f4aac6dc5083cfcd Mon Sep 17 00:00:00 2001 From: Noel Dieschburg Date: Wed, 21 Dec 2011 14:19:27 +0100 Subject: [PATCH 21/26] do not print headers in api_block_anonymous() id custom_pages are activated --- main/inc/lib/main_api.lib.php | 2 ++ main/inc/local.inc.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index 098e6657f6..295e4c036d 100644 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -732,7 +732,9 @@ function api_protect_admin_script($allow_sessions_admins = false) { function api_block_anonymous_users() { global $_user; if (!(isset($_user['user_id']) && $_user['user_id']) || api_is_anonymous($_user['user_id'], true)) { + if (api_get_setting('use_custom_pages') != 'true' ){ require_once api_get_path(INCLUDE_PATH).'header.inc.php'; + } api_not_allowed(); return false; } diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 1dc7c11e20..c464b13ae6 100644 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -616,7 +616,7 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested unset($_SESSION['_user']['uidReset']); $is_platformAdmin = false; $is_allowedCreateCourse = false; - if (isset($_user['user_id']) && $_user['user_id'] && $_user['user_id'] != 2) // a uid is given (log in succeeded) + if (isset($_user['user_id']) && $_user['user_id'] && ! api_is_anonymous()) // a uid is given (log in succeeded) { $user_table = Database::get_main_table(TABLE_MAIN_USER); $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); From c06025f95f4aab2369e0f723d00715dc8c7ce99b Mon Sep 17 00:00:00 2001 From: Arnaud Ligot Date: Wed, 21 Dec 2011 14:44:45 +0100 Subject: [PATCH 22/26] adding AD specific features + filter + multiple server support --- main/auth/external_login/ldap.conf.php | 34 ++++++++++++++++++------ main/auth/external_login/ldap.inc.php | 36 +++++++++++++++++++------- 2 files changed, 52 insertions(+), 18 deletions(-) diff --git a/main/auth/external_login/ldap.conf.php b/main/auth/external_login/ldap.conf.php index bc343677ad..2246bf2469 100644 --- a/main/auth/external_login/ldap.conf.php +++ b/main/auth/external_login/ldap.conf.php @@ -11,19 +11,24 @@ require_once(dirname(__FILE__).'/ldap.inc.php'); **/ $extldap_config = array( //base dommain string - 'base_dn' => 'dc=cblue,dc=be', + 'base_dn' => 'DC=cblue,DC=be', //admin distinguished name - 'admin_dn' => 'cn=admin,dc=cblue,dc=be', + 'admin_dn' => 'CN=admin,dc=cblue,dc=be', //admin password - 'admin_password' => 'Im2ocEGish', + 'admin_password' => 'pass', //ldap host - 'host' => '192.168.61.1', + 'host' => array('10.1.2.3', '10.1.2.4', '10.1.2.5'), + // filter +// 'filter' => '', // no () arround the string //'port' => , default on 389 //protocl version (2 or 3) 'protocol_version' => 3, + // set this to 0 to connect to AD server + 'referrals' => 0, //String used to search the user in ldap. %username will ber replaced by the username. //See extldap_get_user_search_string() function below - 'user_search' => 'uid=%username%', +// 'user_search' => 'sAMAccountName=%username%', // no () arround the string + 'user_search' => 'uid=%username%', // no () arround the string //encoding used in ldap (most common are UTF-8 and ISO-8859-1 'encoding' => 'UTF-8', //Set to true if user info have to be update at each login @@ -40,7 +45,16 @@ $extldap_config = array( function extldap_get_user_search_string($username) { global $extldap_config; - return str_replace('%username%',$username,$extldap_config['user_search']); + + // init + $filter = '('.$extldap_config['user_search'].')'; + // replacing %username% by the actual username + $filter = str_replace('%username%',$username,$filter); + // append a global filter if needed + if (isset($extldap_config['filter']) && $extldap_config['filter'] != "") + $filter = '(&'.$filter.'('.$extldap_config['filter'].'))'; + + return $filter; } /** @@ -61,7 +75,7 @@ function extldap_get_user_search_string($username) * **/ $extldap_user_correspondance = array( - 'firstname' => 'cn', + 'firstname' => 'givenName', 'lastname' => 'sn', 'status' => 'func', 'admin' => 'func', @@ -71,7 +85,11 @@ $extldap_user_correspondance = array( 'language' => '!english', 'password' => '!PLACEHOLDER', 'extra' => array( - 'phone' => 'phone') + 'title' => 'title', + 'globalid' => 'employeeID', + 'department' => 'department', + 'country' => 'co', + 'bu' => 'Company') ); /** * Please declare here all the function you use in extldap_user_correspondance diff --git a/main/auth/external_login/ldap.inc.php b/main/auth/external_login/ldap.inc.php index eba2d8f695..f14726433e 100644 --- a/main/auth/external_login/ldap.inc.php +++ b/main/auth/external_login/ldap.inc.php @@ -36,24 +36,40 @@ function extldap_connect() { global $extldap_config; - //Trying to connect - if (isset($extldap_config['port'])) { - $ds = ldap_connect($extldap_config['host'],$extldap_config['port']); - } else { - $ds = ldap_connect($extldap_config['host']); + if (!is_array($extldap_config['host'])) + $extldap_config['host'] = array($extldap_config['host']); + + foreach($extldap_config['host'] as $host) { + //Trying to connect + if (isset($extldap_config['port'])) { + $ds = ldap_connect($host,$extldap_config['port']); + } else { + $ds = ldap_connect($host); + } + if (!$ds) { + $port = isset($extldap_config['port']) ? $ldap_config['port'] : 389; + error_log('EXTLDAP ERROR : cannot connect to '.$extldap_config['host'].':'. $port); + } else + break; } - if (!$ds) { - $port = isset($extldap_config['port']) ? $ldap_config['port'] : 389; - error_log('EXTLDAP ERROR : cannot connect to '.$extldap_config['host'].':'. $port); + if (!$ds) { + error_log('EXTLDAP ERROR : no valid server found'); return false; } - //Setting protocol version if (isset($extldap_config['protocol_version'])) { if ( ! ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, $extldap_config['protocol_version'])) { ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 2); } } + + //Setting protocol version + if (isset($extldap_config['referrals'])) { + if ( ! ldap_set_option($ds, LDAP_OPT_REFERRALS, $extldap_config['referrals'])) { + ldap_set_option($ds, LDAP_OPT_REFERRALS, $extldap_config['referrals']); + } + } + return $ds; } @@ -86,7 +102,7 @@ function extldap_authenticate($username, $password) //Search distinguish name of user $sr = ldap_search($ds, $extldap_config['base_dn'], $user_search); if ( !$sr ){ - error_log('EXTLDAP ERROR : ldap_search(ds, '.$extldap_config['base_dn'].", $user_search) failed"); + error_log('EXTLDAP ERROR : ldap_search('.$ds.', '.$extldap_config['base_dn'].", $user_search) failed"); return false; } $entries_count = ldap_count_entries($ds,$sr); From da97d054ca42efffc0cff5ffa54535c527c5d80b Mon Sep 17 00:00:00 2001 From: Arnaud Ligot Date: Wed, 21 Dec 2011 15:07:28 +0100 Subject: [PATCH 23/26] adding generic reports template --- main/reports/templates/generic.reports.php | 62 ++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 main/reports/templates/generic.reports.php diff --git a/main/reports/templates/generic.reports.php b/main/reports/templates/generic.reports.php new file mode 100644 index 0000000000..e37acdd708 --- /dev/null +++ b/main/reports/templates/generic.reports.php @@ -0,0 +1,62 @@ + 'SGCIB', + 'getSQL' => 'reports_template_SGCIB_getSQL', + 'wizard' => +' + + This report does not need any particular settings
+ + +'); + +function reports_template_SGCIB_getSQL() { + // settings + + + // Nom, prenom + $query = 'select u.lastname as "Last name", u.firstname as "First name" '; + $query .= 'from '.Database::get_main_table(TABLE_MAIN_USER).' u '; + $query .= ' where u.user_id in ('.reports_getVisibilitySQL().') '; + $query .= ' order by u.user_id '; + $queries[0] = $query; + + + + // Custom Field + foreach (array(10 => "description") as $k => $v) { + $query = 'select ufv.field_value as "'.$v.'" '; + $query .= 'from '.Database::get_main_table(TABLE_MAIN_USER).' u '; + $query .= 'left outer join '.Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES).' ufv '; + $query .= ' on ufv.user_id = u.user_id and ufv.field_id = '.$k; + $query .= ' where u.user_id in ('.reports_getVisibilitySQL().') '; + $query .= ' order by u.user_id '; + $queries[] = $query; + } + + // Stored Value + $sv = array(); + foreach ($sv as $k => $v) { + $query = 'select sec_to_time(sv.sv_value) as "'.$v.'" '; + $query .= 'from '.Database::get_main_table(TABLE_MAIN_USER).' u '; + $query .= ' left outer join '.Database::get_main_database().'.stored_values sv '; + $query .= 'on sv.user_id = u.user_id and sv_key = "'.$k.'" '; + $query .= ' where u.user_id in ('.reports_getVisibilitySQL().') '; + $query .= ' order by u.user_id '; + $queries[] = $query; + } + + // premiere connexion + $query = 'select min(tel.login_date) as "First connection", max(tel.logout_date) as "Latest connection" '; + $query .= 'from '.Database::get_main_table(TABLE_MAIN_USER).' u '; + $query .= 'left outer join '.Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN).' tel '; + $query .= ' on tel.login_user_id = u.user_id '; + $query .= ' where u.user_id in ('.reports_getVisibilitySQL().') '; + $query .= ' group by u.user_id '; + $query .= ' order by u.user_id '; + $queries[] = $query; + + return $queries; +} + From 25dfc0168f20cdade12ab610d967c5e692f1cf7e Mon Sep 17 00:00:00 2001 From: Arnaud Ligot Date: Wed, 21 Dec 2011 16:20:15 +0100 Subject: [PATCH 24/26] indicator.gif not loaded properly on non root installed platform or on http platform --- main/admin/languages.php | 4 ++-- main/course_home/activity.php | 4 ++-- main/course_home/vertical_activity.php | 4 ++-- .../editor/plugins/glossary/fck_glossary_automatic.js | 6 +++--- .../editor/plugins/glossary/fck_glossary_manual.js | 6 +++--- main/inc/lib/javascript/glossary.js | 4 ++-- main/newscorm/scorm_api.php | 8 ++++---- 7 files changed, 18 insertions(+), 18 deletions(-) mode change 100755 => 100644 main/inc/lib/javascript/glossary.js diff --git a/main/admin/languages.php b/main/admin/languages.php index c6f19c1349..b86023a97c 100644 --- a/main/admin/languages.php +++ b/main/admin/languages.php @@ -80,7 +80,7 @@ $htmlHeadXtra[] ='