From 7c50f715239ebb6fadaaf04b6c4261d8409bd3d4 Mon Sep 17 00:00:00 2001 From: Yannick Warnier Date: Fri, 22 Oct 2010 20:08:17 -0500 Subject: [PATCH] Minor - following new spacing code conventions --- main/inc/local.inc.php | 1672 ++++++++++++++++++++-------------------- 1 file changed, 836 insertions(+), 836 deletions(-) diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 08dfa643d9..bdfb981d6d 100755 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -44,13 +44,13 @@ The course id is stored in $_cid session variable. * * USER VARIABLES * - * string $_user ['firstName' ] - * string $_user ['lastName' ] - * string $_user ['mail' ] - * string $_user ['lastLogin' ] - * string $_user ['official_code'] - * string $_user ['picture_uri' ] - * string $_user['user_id'] + * string $_user ['firstName' ] + * string $_user ['lastName' ] + * string $_user ['mail' ] + * string $_user ['lastLogin' ] + * string $_user ['official_code'] + * string $_user ['picture_uri' ] + * string $_user['user_id'] * * boolean $is_platformAdmin * boolean $is_allowedCreateCourse @@ -61,7 +61,7 @@ The course id is stored in $_cid session variable. * * int $_course['id' ] - auto-assigned integer * string $_course['name' ] - the title of the course - * string $_course['official_code'] - the visual / fake / official code + * string $_course['official_code'] - the visual / fake / official code * string $_course['sysCode' ] * string $_course['path' ] * string $_course['dbName' ] @@ -89,8 +89,8 @@ The course id is stored in $_cid session variable. * their scripts rather than use these variables, as they are, inside the core * of their scripts. It will make code maintenance much easier. * - * Many if the functions you need you can already find in the - * main_api.lib.php + * Many if the functions you need you can already find in the + * main_api.lib.php * * We encourage you to use functions to access these global "kernel" variables. * You can add them to e.g. the main API library. @@ -121,19 +121,19 @@ The course id is stored in $_cid session variable. * * 7. The script initializes the user status and permission for the group level. * - * @package chamilo.include + * @package chamilo.include */ /* - INIT SECTION - variables should be initialised here + INIT SECTION + variables should be initialised here */ require_once (api_get_path(LIBRARY_PATH).'course.lib.php'); // verified if exists the username and password in session current if (isset($_SESSION['info_current_user'][1]) && isset($_SESSION['info_current_user'][2])) { - require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php'); - require_once (api_get_path(LIBRARY_PATH).'legal.lib.php'); + require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php'); + require_once (api_get_path(LIBRARY_PATH).'legal.lib.php'); } // parameters passed via GET $logout = isset($_GET["logout"]) ? $_GET["logout"] : ''; @@ -164,531 +164,531 @@ $login = isset($_POST["login"]) ? $_POST["login"] : ''; //$cidReq -- passed from course folder index.php /* - MAIN CODE + MAIN CODE */ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) { // uid is in session => login already done, continue with this value $_user['user_id'] = $_SESSION['_user']['user_id']; } else { - if (isset($_user['user_id'])) { - unset($_user['user_id']); - } - - //$_SESSION['info_current_user'][1] is user name - //$_SESSION['info_current_user'][2] is current password encrypted - //$_SESSION['update_term_and_condition'][1] is current user id, of user in session - if (api_get_setting('allow_terms_conditions')=='true') { - if (isset($_POST['login']) && isset($_POST['password']) && isset($_SESSION['update_term_and_condition'][1])) { - - $user_id=$_SESSION['update_term_and_condition'][1]; // user id - // update the terms & conditions - - //verify type of terms and conditions - $info_legal = explode(':',$_POST['legal_info']); - $legal_type=LegalManager::get_type_of_terms_and_conditions($info_legal[0],$info_legal[1]); - - //is necessary verify check - if ($legal_type==1) { - if ((isset($_POST['legal_accept']) && $_POST['legal_accept']=='1')) { - $legal_option=true; - } else { - $legal_option=false; - - } - } - //no is check option - if ($legal_type==0) { - $legal_option=true; - } - - if (isset($_POST['legal_accept_type']) && $legal_option===true) { - $cond_array = explode(':',$_POST['legal_accept_type']); - if (!empty($cond_array[0]) && !empty($cond_array[1])){ - $time = time(); - $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; - UserManager::update_extra_field_value($user_id,'legal_accept',$condition_to_save); - - } - } - } - } - - if ((isset($_POST['login']) && isset($_POST['password']))) { - // $login && $password are given to log in - $login = $_POST['login']; - $password = $_POST['password']; - - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date - FROM $user_table - WHERE username = '".trim(addslashes($login))."'"; - $result = Database::query($sql); - - if (Database::num_rows($result) > 0) { - $uData = Database::fetch_array($result); - - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - //the authentification of this user is managed by Chamilo itself - $password = trim(stripslashes($password)); - // determine if the password needs to be encrypted before checking - // $userPasswordCrypted is set in an external configuration file - - /*if ($userPasswordCrypted) { - $password = md5($password); - } */ - if (api_get_setting('allow_terms_conditions')=='true') { - if (isset($_POST['password']) && isset($_SESSION['info_current_user'][2]) && $_POST['password']==$_SESSION['info_current_user'][2]) { - $password=$_POST['password']; - } else { - $password = api_get_encrypted_password($password); - } - } else { - $password = api_get_encrypted_password($password); - } - if (api_get_setting('allow_terms_conditions')=='true') { - if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { - $temp_user_id = $uData['user_id']; - $term_and_condition_status=api_check_term_condition($temp_user_id);//false or true - if ($term_and_condition_status===false) { - $_SESSION['update_term_and_condition']=array(true,$temp_user_id); - $_SESSION['info_current_user']=array(true,$login,$password); - header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php'); - exit; - } else { - unset($_SESSION['update_term_and_condition']); - unset($_SESSION['info_current_user']); - } - - } - } - - // Check the user's password - if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { - // Check if the account is active (not locked) - if ($uData['active']=='1') { - // Check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { - global $_configuration; - - if ($_configuration['multiple_access_urls']) { - $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); - - //Check if user is an admin - $sql = "SELECT user_id FROM $admin_table - WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; - $result = Database::query($sql); - - $my_user_is_admin = false; - if (Database::num_rows($result) > 0) { - $my_user_is_admin = true; - } - - // This user is subscribed in these sites => $my_url_list - $my_url_list = api_get_access_url_from_user($uData['user_id']); - - //Check the access_url configuration setting if the user is registered in the access_url_rel_user table - //Getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - - if ($my_user_is_admin === false) { - - if (is_array($my_url_list) && count($my_url_list)>0 ){ - // the user have the permissions to enter at this site - if (in_array($current_access_url_id, $my_url_list)) { - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { //Only admins of the "main" (first) Chamilo portal can login wherever they want - //var_dump($current_access_url_id, $my_url_list); exit; - if (in_array(1, $my_url_list)) { //Check if this admin have the access_url_id = 1 which means the principal - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { - //This means a secondary admin wants to login so we check as he's a normal user - if (in_array($current_access_url_id, $my_url_list)) { - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } - } - } else { - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); - exit; - } - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - // login failed: username or password incorrect - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); - exit; - } - - if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { - //first login for a not self registred - //e.g. registered by a teacher - //do nothing (code may be added later) - } - } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login'])) { - /* - * Process external authentication - * on the basis of the given login name - */ - $loginFailed = true; // Default initialisation. It could - // change after the external authentication - $key = $uData['auth_source']; //'ldap','shibboleth'... - /* >>>>>>>> External authentication modules <<<<<<<<< */ - // see configuration.php to define these - include_once($extAuthSource[$key]['login']); - /* >>>>>>>> External authentication modules <<<<<<<<< */ - } else { // no standard Chamilo login - try external authentification - //huh... nothing to do... we shouldn't get here - error_log('Chamilo Authentication file '. $extAuthSource[$uData['auth_source']]['login']. ' could not be found - this might prevent your system from doing the corresponding authentication process',0); - } - if (!empty($_SESSION['request_uri'])) { - $req = $_SESSION['request_uri']; - unset($_SESSION['request_uri']); - header('location: '.$req); - } else { - if (isset($param)) { - header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param); - } else { - // here is the main redirect of a *normal* login page in Chamilo - header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login')); - } - } - } else { - // login failed, Database::num_rows($result) <= 0 - $loginFailed = true; // Default initialisation. It could - // change after the external authentication - - /* - * In this section: - * there is no entry for the $login user in the Chamilo - * database. This also means there is no auth_source for the user. - * We let all external procedures attempt to add him/her - * to the system. - * - * Process external login on the basis - * of the authentication source list - * provided by the configuration settings. - * If the login succeeds, for going further, - * Chamilo needs the $_user['user_id'] variable to be - * set and registered in the session. It's the - * responsability of the external login script - * to provide this $_user['user_id']. - */ - - if (isset($extAuthSource) && is_array($extAuthSource)) { - foreach($extAuthSource as $thisAuthSource) { - if (!empty($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) { - include_once($thisAuthSource['newUser']); - } else { - error_log('Chamilo Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); - } - } - } //end if is_array($extAuthSource) - } //end else login failed - } elseif (api_get_setting('sso_authentication')==='true' && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))) { - /** - * TODO: - * - Implement user interface for api_get_setting('sso_authentication') - * } elseif (api_get_setting('sso_authentication')=='true') { - * - Work on a better validation for webservices paths. Current is very poor and exit - */ - $master = array( - 'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', - 'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', - 'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', - 'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', - ); - $referer = $master['protocol'] . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; - if (isset($_SESSION['_user']['user_id'])) { - if ($logout) { - // Library needed by index.php - include_once api_get_path(LIBRARY_PATH) . 'online.inc.php'; - include_once (api_get_path(LIBRARY_PATH).'course.lib.php'); - // Prevent index.php to redirect - global $logout_no_redirect; - $logout_no_redirect = TRUE; - // Make custom redirect after logout - online_logout(); - header('Location: '. $master['protocol'] . $master['domain'] . $master['deauth_uri']); - exit; - } - } elseif(!$logout) { - $master_url = $master['domain'] . $master['auth_uri']; - // Handle cookie comming from Master Server - if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { - // Target to redirect after success SSO - $target = api_get_path(WEB_PATH); - // Redirect to master server - header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); - exit; - } elseif (isset($_GET['sso_cookie'])) { - if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { - $sso = unserialize(base64_decode($_GET['sso_cookie'])); - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date - FROM $user_table - WHERE username = '".trim(addslashes($sso['username']))."'"; - $result = Database::query($sql); - - if (Database::num_rows($result) > 0) { - $uData = Database::fetch_array($result); - //Check the user's password - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - // Make sure password is encrypted with md5 - if (!$userPasswordCrypted) { - $uData['password'] = md5($uData['password']); - } - //the authentification of this user is managed by Chamilo itself// check the user's password - // password hash comes into a sha1 - if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { - //Check if the account is active (not locked) - if ($uData['active']=='1') { - // check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { - global $_configuration; - //If Multiple URL is enabled - if ($_configuration['multiple_access_urls']) { - $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); - //Check if user is an admin - $sql = "SELECT user_id FROM $admin_table - WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; - $result = Database::query($sql); - $my_user_is_admin = false; - if (Database::num_rows($result) > 0) { - $my_user_is_admin = true; - } - - //Check the access_url configuration setting if the user is registered in the access_url_rel_user table - //Getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - - // my user is subscribed in these sites => $my_url_list - $my_url_list = api_get_access_url_from_user($uData['user_id']); - - if ($my_user_is_admin === false) { - if (is_array($my_url_list) && count($my_url_list)>0 ) { - if (in_array($current_access_url_id, $my_url_list)) { - // the user has permission to enter at this site - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - - // Redirect to homepage - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; - header('Location: '. $sso_target); - } else { - // user does not have permission for this site - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - // there is no URL in the multiple urls list for this user - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { //Only admins of the "main" (first) Chamilo portal can login wherever they want - if (in_array(1, $my_url_list)) { //Check if this admin have the access_url_id = 1 which means the principal portal - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { - //This means a secondary admin wants to login so we check as a normal user - if (in_array($current_access_url_id, $my_url_list)) { - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } - } - } else { - //Single URL access (Only 1 portal) - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - // Redirect to homepage - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; - header('Location: '. $sso_target); - } - } else { - // user account expired - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); - exit; - } - } else { - //User not active - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //SHA1 of password is wrong - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //Auth_source is wrong - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //No user by that login - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //Request comes from unknown source - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } - }//end logout - } elseif (api_get_setting('openid_authentication')=='true') { - if (!empty($_POST['openid_url'])) { - include('main/auth/openid/login.php'); - openid_begin(trim($_POST['openid_url']),api_get_path(WEB_PATH).'index.php'); - //this last function should trigger a redirect, so we can die here safely - die('Openid login redirection should be in progress'); - } elseif (!empty($_GET['openid_identity'])) { - //it's usual for PHP to replace '.' (dot) by '_' (underscore) in URL parameters - include('main/auth/openid/login.php'); - $res = openid_complete($_GET); - if ($res['status'] == 'success') { - $id1 = Database::escape_string($res['openid.identity']); - //have another id with or without the final '/' - $id2 = (substr($id1,-1,1)=='/'?substr($id1,0,-1):$id1.'/'); - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date - FROM $user_table - WHERE openid = '$id1' - OR openid = '$id2' "; - $result = Database::query($sql); - if ($result !== false) { - if (Database::num_rows($result)>0) { - //$row = Database::fetch_array($res); - $uData = Database::fetch_array($result); - - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - //the authentification of this user is managed by Chamilo itself - - // check if the account is active (not locked) - if ($uData['active']=='1') { - // check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: index.php?loginFailed=1&error=account_expired'); - exit; - } - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: index.php?loginFailed=1&error=account_inactive'); - exit; - } - if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { - //first login for a not self registred - //e.g. registered by a teacher - //do nothing (code may be added later) - } - } - } else { - //Redirect to the subscription form - header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php?username='.$res['openid.sreg.nickname'].'&email='.$res['openid.sreg.email'].'&openid='.$res['openid.identity'].'&openid_msg=idnotfound'); - //$loginFailed = true; - } - } else { - $loginFailed = true; - } - } else { - $loginFailed = true; - } - } - } - - // else {} => continue as anonymous user - $uidReset = true; - - // $cidReset = true; - // $gidReset = true; + if (isset($_user['user_id'])) { + unset($_user['user_id']); + } + + //$_SESSION['info_current_user'][1] is user name + //$_SESSION['info_current_user'][2] is current password encrypted + //$_SESSION['update_term_and_condition'][1] is current user id, of user in session + if (api_get_setting('allow_terms_conditions')=='true') { + if (isset($_POST['login']) && isset($_POST['password']) && isset($_SESSION['update_term_and_condition'][1])) { + + $user_id=$_SESSION['update_term_and_condition'][1]; // user id + // update the terms & conditions + + //verify type of terms and conditions + $info_legal = explode(':',$_POST['legal_info']); + $legal_type=LegalManager::get_type_of_terms_and_conditions($info_legal[0],$info_legal[1]); + + //is necessary verify check + if ($legal_type==1) { + if ((isset($_POST['legal_accept']) && $_POST['legal_accept']=='1')) { + $legal_option=true; + } else { + $legal_option=false; + + } + } + //no is check option + if ($legal_type==0) { + $legal_option=true; + } + + if (isset($_POST['legal_accept_type']) && $legal_option===true) { + $cond_array = explode(':',$_POST['legal_accept_type']); + if (!empty($cond_array[0]) && !empty($cond_array[1])){ + $time = time(); + $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; + UserManager::update_extra_field_value($user_id,'legal_accept',$condition_to_save); + + } + } + } + } + + if ((isset($_POST['login']) && isset($_POST['password']))) { + // $login && $password are given to log in + $login = $_POST['login']; + $password = $_POST['password']; + + //lookup the user in the main database + $user_table = Database::get_main_table(TABLE_MAIN_USER); + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + FROM $user_table + WHERE username = '".trim(addslashes($login))."'"; + $result = Database::query($sql); + + if (Database::num_rows($result) > 0) { + $uData = Database::fetch_array($result); + + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + //the authentification of this user is managed by Chamilo itself + $password = trim(stripslashes($password)); + // determine if the password needs to be encrypted before checking + // $userPasswordCrypted is set in an external configuration file + + /*if ($userPasswordCrypted) { + $password = md5($password); + } */ + if (api_get_setting('allow_terms_conditions')=='true') { + if (isset($_POST['password']) && isset($_SESSION['info_current_user'][2]) && $_POST['password']==$_SESSION['info_current_user'][2]) { + $password=$_POST['password']; + } else { + $password = api_get_encrypted_password($password); + } + } else { + $password = api_get_encrypted_password($password); + } + if (api_get_setting('allow_terms_conditions')=='true') { + if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { + $temp_user_id = $uData['user_id']; + $term_and_condition_status=api_check_term_condition($temp_user_id);//false or true + if ($term_and_condition_status===false) { + $_SESSION['update_term_and_condition']=array(true,$temp_user_id); + $_SESSION['info_current_user']=array(true,$login,$password); + header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php'); + exit; + } else { + unset($_SESSION['update_term_and_condition']); + unset($_SESSION['info_current_user']); + } + + } + } + + // Check the user's password + if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { + // Check if the account is active (not locked) + if ($uData['active']=='1') { + // Check if the expiration date has not been reached + if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + global $_configuration; + + if ($_configuration['multiple_access_urls']) { + $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); + + //Check if user is an admin + $sql = "SELECT user_id FROM $admin_table + WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; + $result = Database::query($sql); + + $my_user_is_admin = false; + if (Database::num_rows($result) > 0) { + $my_user_is_admin = true; + } + + // This user is subscribed in these sites => $my_url_list + $my_url_list = api_get_access_url_from_user($uData['user_id']); + + //Check the access_url configuration setting if the user is registered in the access_url_rel_user table + //Getting the current access_url_id of the platform + $current_access_url_id = api_get_current_access_url_id(); + + if ($my_user_is_admin === false) { + + if (is_array($my_url_list) && count($my_url_list)>0 ){ + // the user have the permissions to enter at this site + if (in_array($current_access_url_id, $my_url_list)) { + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { //Only admins of the "main" (first) Chamilo portal can login wherever they want + //var_dump($current_access_url_id, $my_url_list); exit; + if (in_array(1, $my_url_list)) { //Check if this admin have the access_url_id = 1 which means the principal + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + //This means a secondary admin wants to login so we check as he's a normal user + if (in_array($current_access_url_id, $my_url_list)) { + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } + } + } else { + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); + exit; + } + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + // login failed: username or password incorrect + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); + exit; + } + + if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { + //first login for a not self registred + //e.g. registered by a teacher + //do nothing (code may be added later) + } + } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login'])) { + /* + * Process external authentication + * on the basis of the given login name + */ + $loginFailed = true; // Default initialisation. It could + // change after the external authentication + $key = $uData['auth_source']; //'ldap','shibboleth'... + /* >>>>>>>> External authentication modules <<<<<<<<< */ + // see configuration.php to define these + include_once($extAuthSource[$key]['login']); + /* >>>>>>>> External authentication modules <<<<<<<<< */ + } else { // no standard Chamilo login - try external authentification + //huh... nothing to do... we shouldn't get here + error_log('Chamilo Authentication file '. $extAuthSource[$uData['auth_source']]['login']. ' could not be found - this might prevent your system from doing the corresponding authentication process',0); + } + if (!empty($_SESSION['request_uri'])) { + $req = $_SESSION['request_uri']; + unset($_SESSION['request_uri']); + header('location: '.$req); + } else { + if (isset($param)) { + header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param); + } else { + // here is the main redirect of a *normal* login page in Chamilo + header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login')); + } + } + } else { + // login failed, Database::num_rows($result) <= 0 + $loginFailed = true; // Default initialisation. It could + // change after the external authentication + + /* + * In this section: + * there is no entry for the $login user in the Chamilo + * database. This also means there is no auth_source for the user. + * We let all external procedures attempt to add him/her + * to the system. + * + * Process external login on the basis + * of the authentication source list + * provided by the configuration settings. + * If the login succeeds, for going further, + * Chamilo needs the $_user['user_id'] variable to be + * set and registered in the session. It's the + * responsability of the external login script + * to provide this $_user['user_id']. + */ + + if (isset($extAuthSource) && is_array($extAuthSource)) { + foreach($extAuthSource as $thisAuthSource) { + if (!empty($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) { + include_once($thisAuthSource['newUser']); + } else { + error_log('Chamilo Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); + } + } + } //end if is_array($extAuthSource) + } //end else login failed + } elseif (api_get_setting('sso_authentication')==='true' && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))) { + /** + * TODO: + * - Implement user interface for api_get_setting('sso_authentication') + * } elseif (api_get_setting('sso_authentication')=='true') { + * - Work on a better validation for webservices paths. Current is very poor and exit + */ + $master = array( + 'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', + 'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', + 'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', + 'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', + ); + $referer = $master['protocol'] . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; + if (isset($_SESSION['_user']['user_id'])) { + if ($logout) { + // Library needed by index.php + include_once api_get_path(LIBRARY_PATH) . 'online.inc.php'; + include_once (api_get_path(LIBRARY_PATH).'course.lib.php'); + // Prevent index.php to redirect + global $logout_no_redirect; + $logout_no_redirect = TRUE; + // Make custom redirect after logout + online_logout(); + header('Location: '. $master['protocol'] . $master['domain'] . $master['deauth_uri']); + exit; + } + } elseif(!$logout) { + $master_url = $master['domain'] . $master['auth_uri']; + // Handle cookie comming from Master Server + if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { + // Target to redirect after success SSO + $target = api_get_path(WEB_PATH); + // Redirect to master server + header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); + exit; + } elseif (isset($_GET['sso_cookie'])) { + if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { + $sso = unserialize(base64_decode($_GET['sso_cookie'])); + //lookup the user in the main database + $user_table = Database::get_main_table(TABLE_MAIN_USER); + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + FROM $user_table + WHERE username = '".trim(addslashes($sso['username']))."'"; + $result = Database::query($sql); + + if (Database::num_rows($result) > 0) { + $uData = Database::fetch_array($result); + //Check the user's password + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + // Make sure password is encrypted with md5 + if (!$userPasswordCrypted) { + $uData['password'] = md5($uData['password']); + } + //the authentification of this user is managed by Chamilo itself// check the user's password + // password hash comes into a sha1 + if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { + //Check if the account is active (not locked) + if ($uData['active']=='1') { + // check if the expiration date has not been reached + if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + global $_configuration; + //If Multiple URL is enabled + if ($_configuration['multiple_access_urls']) { + $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); + //Check if user is an admin + $sql = "SELECT user_id FROM $admin_table + WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; + $result = Database::query($sql); + $my_user_is_admin = false; + if (Database::num_rows($result) > 0) { + $my_user_is_admin = true; + } + + //Check the access_url configuration setting if the user is registered in the access_url_rel_user table + //Getting the current access_url_id of the platform + $current_access_url_id = api_get_current_access_url_id(); + + // my user is subscribed in these sites => $my_url_list + $my_url_list = api_get_access_url_from_user($uData['user_id']); + + if ($my_user_is_admin === false) { + if (is_array($my_url_list) && count($my_url_list)>0 ) { + if (in_array($current_access_url_id, $my_url_list)) { + // the user has permission to enter at this site + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + + // Redirect to homepage + $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; + header('Location: '. $sso_target); + } else { + // user does not have permission for this site + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + // there is no URL in the multiple urls list for this user + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { //Only admins of the "main" (first) Chamilo portal can login wherever they want + if (in_array(1, $my_url_list)) { //Check if this admin have the access_url_id = 1 which means the principal portal + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + //This means a secondary admin wants to login so we check as a normal user + if (in_array($current_access_url_id, $my_url_list)) { + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } + } + } else { + //Single URL access (Only 1 portal) + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + // Redirect to homepage + $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; + header('Location: '. $sso_target); + } + } else { + // user account expired + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); + exit; + } + } else { + //User not active + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //SHA1 of password is wrong + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //Auth_source is wrong + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //No user by that login + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //Request comes from unknown source + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } + }//end logout + } elseif (api_get_setting('openid_authentication')=='true') { + if (!empty($_POST['openid_url'])) { + include('main/auth/openid/login.php'); + openid_begin(trim($_POST['openid_url']),api_get_path(WEB_PATH).'index.php'); + //this last function should trigger a redirect, so we can die here safely + die('Openid login redirection should be in progress'); + } elseif (!empty($_GET['openid_identity'])) { + //it's usual for PHP to replace '.' (dot) by '_' (underscore) in URL parameters + include('main/auth/openid/login.php'); + $res = openid_complete($_GET); + if ($res['status'] == 'success') { + $id1 = Database::escape_string($res['openid.identity']); + //have another id with or without the final '/' + $id2 = (substr($id1,-1,1)=='/'?substr($id1,0,-1):$id1.'/'); + //lookup the user in the main database + $user_table = Database::get_main_table(TABLE_MAIN_USER); + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + FROM $user_table + WHERE openid = '$id1' + OR openid = '$id2' "; + $result = Database::query($sql); + if ($result !== false) { + if (Database::num_rows($result)>0) { + //$row = Database::fetch_array($res); + $uData = Database::fetch_array($result); + + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + //the authentification of this user is managed by Chamilo itself + + // check if the account is active (not locked) + if ($uData['active']=='1') { + // check if the expiration date has not been reached + if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: index.php?loginFailed=1&error=account_expired'); + exit; + } + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: index.php?loginFailed=1&error=account_inactive'); + exit; + } + if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { + //first login for a not self registred + //e.g. registered by a teacher + //do nothing (code may be added later) + } + } + } else { + //Redirect to the subscription form + header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php?username='.$res['openid.sreg.nickname'].'&email='.$res['openid.sreg.email'].'&openid='.$res['openid.identity'].'&openid_msg=idnotfound'); + //$loginFailed = true; + } + } else { + $loginFailed = true; + } + } else { + $loginFailed = true; + } + } + } + + // else {} => continue as anonymous user + $uidReset = true; + + // $cidReset = true; + // $gidReset = true; } // end else //Now check for anonymous user mode if ($use_anonymous) { - //if anonymous mode is set, then try to set the current user as anonymous - //if he doesn't have a login yet - api_set_anonymous(); + //if anonymous mode is set, then try to set the current user as anonymous + //if he doesn't have a login yet + api_set_anonymous(); } else { - //if anonymous mode is not set, then check if this user is anonymous. If it - //is, clean it from being anonymous (make him a nobody :-)) - api_clear_anonymous(); + //if anonymous mode is not set, then check if this user is anonymous. If it + //is, clean it from being anonymous (make him a nobody :-)) + api_clear_anonymous(); } // if there is a cDir parameter in the URL (coming from courses/.htaccess redirection) if (!empty($cDir)) { - require_once api_get_path(LIBRARY_PATH).'course.lib.php'; + require_once api_get_path(LIBRARY_PATH).'course.lib.php'; $c = CourseManager::get_course_id_from_path($cDir); if ($c) { $cidReq = $c; } } @@ -709,7 +709,7 @@ if ($gidReq && $gidReq != $gid) { /* USER INIT */ -if (isset($uidReset) && $uidReset) { // session data refresh requested +if (isset($uidReset) && $uidReset) { // session data refresh requested $is_platformAdmin = false; $is_allowedCreateCourse = false; if (isset($_user['user_id']) && $_user['user_id']) // a uid is given (log in succeeded) @@ -736,28 +736,28 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested $result = Database::query($sql); if (Database::num_rows($result) > 0) { - // Extracting the user data + // Extracting the user data $uData = Database::fetch_array($result); - $_user ['firstName'] = $uData ['firstname' ]; - $_user ['lastName' ] = $uData ['lastname' ]; - $_user ['mail' ] = $uData ['email' ]; - $_user ['lastLogin'] = $uData ['login_date']; - $_user ['official_code'] = $uData ['official_code']; - $_user ['picture_uri'] = $uData ['picture_uri']; - $_user ['user_id'] = $uData ['user_id']; - $_user ['language'] = $uData ['language']; - $_user ['auth_source'] = $uData ['auth_source']; - $_user ['theme'] = $uData ['theme']; - $_user ['status'] = $uData ['status']; + $_user ['firstName'] = $uData ['firstname' ]; + $_user ['lastName' ] = $uData ['lastname' ]; + $_user ['mail' ] = $uData ['email' ]; + $_user ['lastLogin'] = $uData ['login_date']; + $_user ['official_code'] = $uData ['official_code']; + $_user ['picture_uri'] = $uData ['picture_uri']; + $_user ['user_id'] = $uData ['user_id']; + $_user ['language'] = $uData ['language']; + $_user ['auth_source'] = $uData ['auth_source']; + $_user ['theme'] = $uData ['theme']; + $_user ['status'] = $uData ['status']; $is_platformAdmin = (bool) (! is_null( $uData['is_admin'])); $is_allowedCreateCourse = (bool) (($uData ['status'] == 1) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == 4)); api_session_register('_user'); } else { - header('location:'.api_get_path(WEB_PATH)); + header('location:'.api_get_path(WEB_PATH)); //exit("WARNING UNDEFINED UID !! "); } } else { // no uid => logout or Anonymous @@ -765,8 +765,8 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested api_session_unregister('_uid'); } - api_session_register('is_platformAdmin'); - api_session_register('is_allowedCreateCourse'); + api_session_register('is_platformAdmin'); + api_session_register('is_allowedCreateCourse'); } else { // continue with the previous values $_user = $_SESSION['_user']; $is_platformAdmin = $_SESSION['is_platformAdmin']; @@ -778,8 +778,8 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested if (isset($cidReset) && $cidReset) { // course session data refresh requested or empty data if ($cidReq) { - $course_table = Database::get_main_table(TABLE_MAIN_COURSE); - $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); + $course_table = Database::get_main_table(TABLE_MAIN_COURSE); + $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); $sql = "SELECT course.*, course_category.code faCode, course_category.name faName FROM $course_table LEFT JOIN $course_cat_table @@ -790,27 +790,27 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or if (Database::num_rows($result)>0) { $cData = Database::fetch_array($result); //@TODO real_cid should be cid, for working with numeric course id - $_real_cid = $cData['id']; - - $_cid = $cData['code']; - $_course = array(); - $_course['real_id'] = $cData['id']; - $_course['id'] = $cData['code']; //auto-assigned integer - $_course['name'] = $cData['title']; - $_course['official_code'] = $cData['visual_code']; // use in echo - $_course['sysCode'] = $cData['code']; // use as key in db - $_course['path'] = $cData['directory']; // use as key in path - $_course['dbName'] = $cData['db_name']; // use as key in db list - $_course['dbNameGlu'] = $_configuration['table_prefix'] . $cData['db_name'] . $_configuration['db_glue']; // use in all queries - $_course['titular'] = $cData['tutor_name']; - $_course['language'] = $cData['course_language']; - $_course['extLink']['url' ] = $cData['department_url']; - $_course['extLink']['name'] = $cData['department_name']; - $_course['categoryCode'] = $cData['faCode']; - $_course['categoryName'] = $cData['faName']; - $_course['visibility'] = $cData['visibility']; - $_course['subscribe_allowed'] = $cData['subscribe']; - $_course['unubscribe_allowed'] = $cData['unsubscribe']; + $_real_cid = $cData['id']; + + $_cid = $cData['code']; + $_course = array(); + $_course['real_id'] = $cData['id']; + $_course['id'] = $cData['code']; //auto-assigned integer + $_course['name'] = $cData['title']; + $_course['official_code'] = $cData['visual_code']; // use in echo + $_course['sysCode'] = $cData['code']; // use as key in db + $_course['path'] = $cData['directory']; // use as key in path + $_course['dbName'] = $cData['db_name']; // use as key in db list + $_course['dbNameGlu'] = $_configuration['table_prefix'] . $cData['db_name'] . $_configuration['db_glue']; // use in all queries + $_course['titular'] = $cData['tutor_name']; + $_course['language'] = $cData['course_language']; + $_course['extLink']['url' ] = $cData['department_url']; + $_course['extLink']['name'] = $cData['department_name']; + $_course['categoryCode'] = $cData['faCode']; + $_course['categoryName'] = $cData['faName']; + $_course['visibility'] = $cData['visibility']; + $_course['subscribe_allowed'] = $cData['subscribe']; + $_course['unubscribe_allowed'] = $cData['unsubscribe']; api_session_register('_cid'); api_session_register('_course'); @@ -818,33 +818,33 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or api_session_register('_real_cid'); // if a session id has been given in url, we store the session - if (api_get_setting('use_session_mode')=='true') { - // Database Table Definitions - $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); - $tbl_user = Database::get_main_table(TABLE_MAIN_USER); - $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); - $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); - - if (!empty($_GET['id_session'])) { - $_SESSION['id_session'] = intval($_GET['id_session']); - $sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.intval($_SESSION['id_session']) . '"'; - $rs = Database::query($sql); - list($_SESSION['session_name']) = Database::fetch_array($rs); - } else { - api_session_unregister('session_name'); - api_session_unregister('id_session'); - } - } - - if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as'])) { - //We add a new record in the course tracking table - $course_tracking_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); - $time = api_get_datetime(); - $sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter, session_id)" . - "VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1', '".api_get_session_id()."')"; + if (api_get_setting('use_session_mode')=='true') { + // Database Table Definitions + $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); + $tbl_user = Database::get_main_table(TABLE_MAIN_USER); + $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); + $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); + + if (!empty($_GET['id_session'])) { + $_SESSION['id_session'] = intval($_GET['id_session']); + $sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.intval($_SESSION['id_session']) . '"'; + $rs = Database::query($sql); + list($_SESSION['session_name']) = Database::fetch_array($rs); + } else { + api_session_unregister('session_name'); + api_session_unregister('id_session'); + } + } + + if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as'])) { + //We add a new record in the course tracking table + $course_tracking_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); + $time = api_get_datetime(); + $sql="INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter, session_id)" . + "VALUES('".$_course['sysCode']."', '".$_user['user_id']."', '$time', '$time', '1', '".api_get_session_id()."')"; //error_log($sql); - Database::query($sql); - } + Database::query($sql); + } } else { //exit("WARNING UNDEFINED CID !! "); header('location:'.api_get_path(WEB_PATH)); @@ -861,208 +861,208 @@ if (isset($cidReset) && $cidReset) { // course session data refresh requested or } } } else { // continue with the previous values - if (empty($_SESSION['_course']) OR empty($_SESSION['_cid'])) { //no previous values... - $_cid = -1; //set default values that will be caracteristic of being unset - $_course = -1; - } else { - $_cid = $_SESSION['_cid' ]; - $_course = $_SESSION['_course']; - - // these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid. - // Moreover, if we want to track a course with another session it can be usefull - if (!empty($_GET['id_session'])) { - $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); - $_SESSION['id_session'] = intval($_GET['id_session']); - $sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.intval($_SESSION['id_session']). '"'; - $rs = Database::query($sql); - list($_SESSION['session_name']) = Database::fetch_array($rs); - } - - if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as'])) { - - $course_tracking_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); - if (isset($_configuration['session_lifetime'])) { - $session_lifetime = $_configuration['session_lifetime']; - } else { - $session_lifetime = 3600; - } - - $course_code=$_course['sysCode']; - $time = api_get_datetime(); - - //We select the last record for the current course in the course tracking table - // But only if the login date is < thant now + max_life_time + if (empty($_SESSION['_course']) OR empty($_SESSION['_cid'])) { //no previous values... + $_cid = -1; //set default values that will be caracteristic of being unset + $_course = -1; + } else { + $_cid = $_SESSION['_cid' ]; + $_course = $_SESSION['_course']; + + // these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid. + // Moreover, if we want to track a course with another session it can be usefull + if (!empty($_GET['id_session'])) { + $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); + $_SESSION['id_session'] = intval($_GET['id_session']); + $sql = 'SELECT name FROM '.$tbl_session . ' WHERE id="'.intval($_SESSION['id_session']). '"'; + $rs = Database::query($sql); + list($_SESSION['session_name']) = Database::fetch_array($rs); + } + + if ($_configuration['tracking_enabled'] && !isset($_SESSION['login_as'])) { + + $course_tracking_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); + if (isset($_configuration['session_lifetime'])) { + $session_lifetime = $_configuration['session_lifetime']; + } else { + $session_lifetime = 3600; + } + + $course_code=$_course['sysCode']; + $time = api_get_datetime(); + + //We select the last record for the current course in the course tracking table + // But only if the login date is < thant now + max_life_time - $sql="SELECT course_access_id FROM $course_tracking_table - WHERE user_id=".intval($_user ['user_id'])." - AND course_code='$course_code' AND session_id = ".api_get_session_id()." - AND login_course_date > now() - INTERVAL $session_lifetime SECOND - ORDER BY login_course_date DESC LIMIT 0,1"; - $result=Database::query($sql); + $sql="SELECT course_access_id FROM $course_tracking_table + WHERE user_id=".intval($_user ['user_id'])." + AND course_code='$course_code' AND session_id = ".api_get_session_id()." + AND login_course_date > now() - INTERVAL $session_lifetime SECOND + ORDER BY login_course_date DESC LIMIT 0,1"; + $result=Database::query($sql); //error_log($sql); - if (Database::num_rows($result)>0) { + if (Database::num_rows($result)>0) { - $i_course_access_id = Database::result($result,0,0); - //We update the course tracking table - $sql="UPDATE $course_tracking_table SET logout_course_date = '$time', counter = counter+1 ". - "WHERE course_access_id=".intval($i_course_access_id)." AND session_id = ".api_get_session_id(); + $i_course_access_id = Database::result($result,0,0); + //We update the course tracking table + $sql="UPDATE $course_tracking_table SET logout_course_date = '$time', counter = counter+1 ". + "WHERE course_access_id=".intval($i_course_access_id)." AND session_id = ".api_get_session_id(); //error_log($sql); - Database::query($sql); - } else { - $sql="INSERT INTO $course_tracking_table (course_code, user_id, login_course_date, logout_course_date, counter, session_id)" . - "VALUES('".$course_code."', '".$_user['user_id']."', '$time', '$time', '1','".api_get_session_id()."')"; + Database::query($sql); + } else { + $sql="INSERT INTO $course_tracking_table (course_code, user_id, login_course_date, logout_course_date, counter, session_id)" . + "VALUES('".$course_code."', '".$_user['user_id']."', '$time', '$time', '1','".api_get_session_id()."')"; //error_log($sql); - Database::query($sql); - } - } - } + Database::query($sql); + } + } + } } /* COURSE / USER REL. INIT */ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // session data refresh requested if (isset($_user['user_id']) && $_user['user_id'] && isset($_cid) && $_cid) { // have keys to search data - if (api_get_setting('use_session_mode') != 'true') { + if (api_get_setting('use_session_mode') != 'true') { - $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); - $sql = "SELECT * FROM $course_user_table - WHERE user_id = '".$_user['user_id']."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." - AND course_code = '$cidReq'"; + $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); + $sql = "SELECT * FROM $course_user_table + WHERE user_id = '".$_user['user_id']."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." + AND course_code = '$cidReq'"; - $result = Database::query($sql); + $result = Database::query($sql); - if (Database::num_rows($result) > 0) { // this user have a recorded state for this course - $cuData = Database::fetch_array($result); + if (Database::num_rows($result) > 0) { // this user have a recorded state for this course + $cuData = Database::fetch_array($result); - $is_courseMember = true; - $is_courseTutor = (bool) ($cuData['tutor_id' ] == 1 ); - $is_courseAdmin = (bool) ($cuData['status'] == 1 ); + $is_courseMember = true; + $is_courseTutor = (bool) ($cuData['tutor_id' ] == 1 ); + $is_courseAdmin = (bool) ($cuData['status'] == 1 ); - api_session_register('_courseUser'); - } else { // this user has no status related to this course - $is_courseMember = false; - $is_courseAdmin = false; - $is_courseTutor = false; - } + api_session_register('_courseUser'); + } else { // this user has no status related to this course + $is_courseMember = false; + $is_courseAdmin = false; + $is_courseTutor = false; + } - $is_courseAdmin = (bool) ($is_courseAdmin || $is_platformAdmin); + $is_courseAdmin = (bool) ($is_courseAdmin || $is_platformAdmin); - } else { + } else { - $tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER); + $tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER); - $sql = "SELECT * FROM ".$tbl_course_user." + $sql = "SELECT * FROM ".$tbl_course_user." WHERE user_id = '".$_user['user_id']."' AND relation_type<>".COURSE_RELATION_TYPE_RRHH." AND course_code = '$cidReq'"; - $result = Database::query($sql); - - if (Database::num_rows($result) > 0) { // this user have a recorded state for this course - $cuData = Database::fetch_array($result); - - $_courseUser['role'] = $cuData['role' ]; - $is_courseMember = true; - $is_courseTutor = (bool) ($cuData['tutor_id' ] == 1 ); - $is_courseAdmin = (bool) ($cuData['status'] == 1 ); - - api_session_register('_courseUser'); - } - if (!isset($is_courseAdmin)) { // this user has no status related to this course - // is it the session coach or the session admin ? - - $tbl_session = Database :: get_main_table(TABLE_MAIN_SESSION); - $tbl_session_course = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE); - $tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER); - - - $sql = " SELECT session.id_coach, session_admin_id FROM $tbl_session session,$tbl_session_course_user session_rcru - WHERE session_rcru.id_session = session.id AND session_rcru.course_code = '$_cid' AND session_rcru.id_user='{$_user['user_id']}' AND session_rcru.status = 2"; - - /*$sql = "SELECT session.id_coach, session_admin_id - FROM ".$tbl_session." as session - INNER JOIN ".$tbl_session_course_user." - ON session_rel_course.id_session = session.id - AND session_rel_course.course_code='$_cid'"; - */ - - $result = Database::query($sql); - $row = Database::store_result($result); - - if ($row[0]['id_coach']==$_user['user_id']) { - $_courseUser['role'] = 'Professor'; - $is_courseMember = true; - $is_courseTutor = true; - $is_courseCoach = true; - $is_sessionAdmin = false; - - if (api_get_setting('extend_rights_for_coach')=='true') { - $is_courseAdmin = true; - } else { - $is_courseAdmin = false; - } - - api_session_register('_courseUser'); - } elseif ($row[0]['session_admin_id']==$_user['user_id']) { - $_courseUser['role'] = 'Professor'; - $is_courseMember = false; - $is_courseTutor = false; - $is_courseAdmin = false; - $is_courseCoach = false; - $is_sessionAdmin = true; - } else { - // Check if the current user is the course coach - $sql = "SELECT 1 - FROM ".$tbl_session_course_user." - WHERE course_code='$_cid' - AND id_user = '".$_user['user_id']."' - AND id_session = '".api_get_session_id()."' - AND status = 2"; - - $result = Database::query($sql); - if ($row = Database::fetch_array($result)) { - $_courseUser['role'] = 'Professor'; - $is_courseMember = true; - $is_courseTutor = true; - $is_courseCoach = true; - $is_sessionAdmin = false; - - if (api_get_setting('extend_rights_for_coach')=='true') { - $is_courseAdmin = true; - } else { - $is_courseAdmin = false; - } - api_session_register('_courseUser'); - } else { - if (api_get_session_id() != 0) { - // Check if the user is a student is this session - $sql = "SELECT * FROM ".$tbl_session_course_user." - WHERE id_user = '".$_user['user_id']."' - AND id_session = '".api_get_session_id()."' - AND course_code = '$cidReq' AND status NOT IN(2)"; - $result = Database::query($sql); - if (Database::num_rows($result) > 0) { // this user have a recorded state for this course - while($row = Database::fetch_array($result)){ - $is_courseMember = true; - $is_courseTutor = false; - $is_courseAdmin = false; - $is_sessionAdmin = false; - api_session_register('_courseUser'); - } - } - } else { - //unregister user - $is_courseMember = false; - $is_courseTutor = false; - $is_courseAdmin = false; - $is_sessionAdmin = false; - api_session_unregister('_courseUser'); - //$_course['visibility'] = 0; this depends the - } - - } - } - } - } + $result = Database::query($sql); + + if (Database::num_rows($result) > 0) { // this user have a recorded state for this course + $cuData = Database::fetch_array($result); + + $_courseUser['role'] = $cuData['role' ]; + $is_courseMember = true; + $is_courseTutor = (bool) ($cuData['tutor_id' ] == 1 ); + $is_courseAdmin = (bool) ($cuData['status'] == 1 ); + + api_session_register('_courseUser'); + } + if (!isset($is_courseAdmin)) { // this user has no status related to this course + // is it the session coach or the session admin ? + + $tbl_session = Database :: get_main_table(TABLE_MAIN_SESSION); + $tbl_session_course = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE); + $tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER); + + + $sql = " SELECT session.id_coach, session_admin_id FROM $tbl_session session,$tbl_session_course_user session_rcru + WHERE session_rcru.id_session = session.id AND session_rcru.course_code = '$_cid' AND session_rcru.id_user='{$_user['user_id']}' AND session_rcru.status = 2"; + + /*$sql = "SELECT session.id_coach, session_admin_id + FROM ".$tbl_session." as session + INNER JOIN ".$tbl_session_course_user." + ON session_rel_course.id_session = session.id + AND session_rel_course.course_code='$_cid'"; + */ + + $result = Database::query($sql); + $row = Database::store_result($result); + + if ($row[0]['id_coach']==$_user['user_id']) { + $_courseUser['role'] = 'Professor'; + $is_courseMember = true; + $is_courseTutor = true; + $is_courseCoach = true; + $is_sessionAdmin = false; + + if (api_get_setting('extend_rights_for_coach')=='true') { + $is_courseAdmin = true; + } else { + $is_courseAdmin = false; + } + + api_session_register('_courseUser'); + } elseif ($row[0]['session_admin_id']==$_user['user_id']) { + $_courseUser['role'] = 'Professor'; + $is_courseMember = false; + $is_courseTutor = false; + $is_courseAdmin = false; + $is_courseCoach = false; + $is_sessionAdmin = true; + } else { + // Check if the current user is the course coach + $sql = "SELECT 1 + FROM ".$tbl_session_course_user." + WHERE course_code='$_cid' + AND id_user = '".$_user['user_id']."' + AND id_session = '".api_get_session_id()."' + AND status = 2"; + + $result = Database::query($sql); + if ($row = Database::fetch_array($result)) { + $_courseUser['role'] = 'Professor'; + $is_courseMember = true; + $is_courseTutor = true; + $is_courseCoach = true; + $is_sessionAdmin = false; + + if (api_get_setting('extend_rights_for_coach')=='true') { + $is_courseAdmin = true; + } else { + $is_courseAdmin = false; + } + api_session_register('_courseUser'); + } else { + if (api_get_session_id() != 0) { + // Check if the user is a student is this session + $sql = "SELECT * FROM ".$tbl_session_course_user." + WHERE id_user = '".$_user['user_id']."' + AND id_session = '".api_get_session_id()."' + AND course_code = '$cidReq' AND status NOT IN(2)"; + $result = Database::query($sql); + if (Database::num_rows($result) > 0) { // this user have a recorded state for this course + while($row = Database::fetch_array($result)){ + $is_courseMember = true; + $is_courseTutor = false; + $is_courseAdmin = false; + $is_sessionAdmin = false; + api_session_register('_courseUser'); + } + } + } else { + //unregister user + $is_courseMember = false; + $is_courseTutor = false; + $is_courseAdmin = false; + $is_sessionAdmin = false; + api_session_unregister('_courseUser'); + //$_course['visibility'] = 0; this depends the + } + + } + } + } + } } else { // keys missing => not anymore in the course - user relation // course $is_courseMember = false; @@ -1073,59 +1073,59 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses api_session_unregister('_courseUser'); } - //DEPRECATED + //DEPRECATED //$is_courseAllowed=($_cid && ($_course['visibility'] || $is_courseMember || $is_platformAdmin))?true:false; - //NEW - if (isset($_course)) { - if ($_course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD) - $is_allowed_in_course = true; - elseif ($_course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM && isset($_user['user_id']) && !api_is_anonymous($_user['user_id'])) - $is_allowed_in_course = true; - elseif ($_course['visibility'] == COURSE_VISIBILITY_REGISTERED && ($is_platformAdmin || $is_courseMember)) - $is_allowed_in_course = true; - elseif ($_course['visibility'] == COURSE_VISIBILITY_CLOSED && ($is_platformAdmin || $is_courseAdmin)) - $is_allowed_in_course = true; - else $is_allowed_in_course = false; - } - - // requires testing!!! - - // check the session visibility - if (!empty($is_allowed_in_course)) { - $my_session_id = api_get_session_id(); - //if I'm in a session - //var_dump($is_platformAdmin, $is_courseTutor,api_is_coach()); - if ($my_session_id!=0) - if (!$is_platformAdmin) { - // admin and session coach are *not* affected to the invisible session mode - // the coach is not affected because he can log in some days after the end date of a session - $session_visibility = api_get_session_visibility($my_session_id); - if ($session_visibility==SESSION_INVISIBLE) - $is_allowed_in_course =false; - } - - } + //NEW + if (isset($_course)) { + if ($_course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD) + $is_allowed_in_course = true; + elseif ($_course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM && isset($_user['user_id']) && !api_is_anonymous($_user['user_id'])) + $is_allowed_in_course = true; + elseif ($_course['visibility'] == COURSE_VISIBILITY_REGISTERED && ($is_platformAdmin || $is_courseMember)) + $is_allowed_in_course = true; + elseif ($_course['visibility'] == COURSE_VISIBILITY_CLOSED && ($is_platformAdmin || $is_courseAdmin)) + $is_allowed_in_course = true; + else $is_allowed_in_course = false; + } + + // requires testing!!! + + // check the session visibility + if (!empty($is_allowed_in_course)) { + $my_session_id = api_get_session_id(); + //if I'm in a session + //var_dump($is_platformAdmin, $is_courseTutor,api_is_coach()); + if ($my_session_id!=0) + if (!$is_platformAdmin) { + // admin and session coach are *not* affected to the invisible session mode + // the coach is not affected because he can log in some days after the end date of a session + $session_visibility = api_get_session_visibility($my_session_id); + if ($session_visibility==SESSION_INVISIBLE) + $is_allowed_in_course =false; + } + + } // save the states - api_session_register('is_courseMember'); - api_session_register('is_courseAdmin'); - //api_session_register('is_courseAllowed'); //deprecated old permission var - api_session_register('is_courseTutor'); - api_session_register('is_allowed_in_course'); //new permission var - api_session_register('is_courseCoach'); - api_session_register('is_sessionAdmin'); + api_session_register('is_courseMember'); + api_session_register('is_courseAdmin'); + //api_session_register('is_courseAllowed'); //deprecated old permission var + api_session_register('is_courseTutor'); + api_session_register('is_allowed_in_course'); //new permission var + api_session_register('is_courseCoach'); + api_session_register('is_sessionAdmin'); } else { // continue with the previous values - if (isset($_SESSION ['_courseUser'])) { - $_courseUser = $_SESSION ['_courseUser']; - } + if (isset($_SESSION ['_courseUser'])) { + $_courseUser = $_SESSION ['_courseUser']; + } $is_courseMember = $_SESSION ['is_courseMember' ]; $is_courseAdmin = $_SESSION ['is_courseAdmin' ]; //$is_courseAllowed = $_SESSION ['is_courseAllowed']; //deprecated - $is_allowed_in_course = $_SESSION ['is_allowed_in_course']; + $is_allowed_in_course = $_SESSION ['is_allowed_in_course']; $is_courseTutor = $_SESSION ['is_courseTutor' ]; $is_courseCoach = $_SESSION ['is_courseCoach' ]; } @@ -1134,7 +1134,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { // ses if ((isset($gidReset) && $gidReset) || (isset($cidReset) && $cidReset)) { // session data refresh requested if ($gidReq && $_cid ) { // have keys to search data - $group_table = Database::get_course_table(TABLE_GROUP); + $group_table = Database::get_course_table(TABLE_GROUP); $sql = "SELECT * FROM $group_table WHERE id = '$gidReq'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { // This group has recorded status related to this course @@ -1150,38 +1150,38 @@ if ((isset($gidReset) && $gidReset) || (isset($cidReset) && $cidReset)) { // ses } elseif (isset($_SESSION['_gid'])) { // continue with the previous values $_gid = $_SESSION ['_gid' ]; } else { //if no previous value, assign caracteristic undefined value - $_gid = -1; + $_gid = -1; } //set variable according to student_view_enabled choices if (api_get_setting('student_view_enabled') == "true") { - if (isset($_GET['isStudentView'])) { - if ($_GET['isStudentView'] == 'true') { - if (isset($_SESSION['studentview'])) { - if (!empty($_SESSION['studentview'])) { - // switching to studentview - $_SESSION['studentview'] = 'studentview'; + if (isset($_GET['isStudentView'])) { + if ($_GET['isStudentView'] == 'true') { + if (isset($_SESSION['studentview'])) { + if (!empty($_SESSION['studentview'])) { + // switching to studentview + $_SESSION['studentview'] = 'studentview'; } - } - } elseif ($_GET['isStudentView'] == 'false') { - if (isset($_SESSION['studentview'])) { - if (!empty($_SESSION['studentview'])) { - // switching to teacherview - $_SESSION['studentview'] = 'teacherview'; + } + } elseif ($_GET['isStudentView'] == 'false') { + if (isset($_SESSION['studentview'])) { + if (!empty($_SESSION['studentview'])) { + // switching to teacherview + $_SESSION['studentview'] = 'teacherview'; } - } - } - } elseif (!empty($_SESSION['studentview'])) { - //all is fine, no change to that, obviously - } elseif (empty($_SESSION['studentview'])) { - // We are in teacherview here - $_SESSION['studentview'] = 'teacherview'; - } + } + } + } elseif (!empty($_SESSION['studentview'])) { + //all is fine, no change to that, obviously + } elseif (empty($_SESSION['studentview'])) { + // We are in teacherview here + $_SESSION['studentview'] = 'teacherview'; + } } if (isset($_cid)) { - $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); + $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $time = api_get_datetime(); - $sql="UPDATE $tbl_course SET last_visit= '$time' WHERE code='$_cid'"; - Database::query($sql); + $sql="UPDATE $tbl_course SET last_visit= '$time' WHERE code='$_cid'"; + Database::query($sql); }