chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Should fix bug when redirecting the api_not_allowed() form to the wanted URL see #4405

Browse Source
skala
Julio Montoya 13 years ago
parent 4162a06863
commit 93c814871a
2 changed files with 154 additions and 145 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 37
      main/inc/lib/main_api.lib.php
  2. 28
      main/inc/local.inc.php

37
main/inc/lib/main_api.lib.php
Unescape View File

@ -2688,32 +2688,35 @@ function api_not_found($print_headers = false) {
* @version dokeos 1.8, August 2006 * @version dokeos 1.8, August 2006
*/ */
function api_not_allowed($print_headers = false, $message = null) { function api_not_allowed($print_headers = false, $message = null) {
$home_url = api_get_path(WEB_PATH); $home_url = api_get_path(WEB_PATH);
$user = api_get_user_id(); //0 if not defined $user_id = api_get_user_id(); //0 if not defined
$course = api_get_course_id(); $course = api_get_course_id();
global $this_section; global $this_section;
if (CustomPages::enabled() && !isset($_SESSION['_user']['user_id'])) {
if (!isset($user_id)) {
//Why the CustomPages::enabled() need to be to set the request_uri
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
}
if (CustomPages::enabled() && !isset($user_id)) {
CustomPages::display(CustomPages::INDEX_UNLOGGED); CustomPages::display(CustomPages::INDEX_UNLOGGED);
} }
/* Default behaviour
if (CustomPages::enabled() && !isset($_SESSION['_user']['user_id'])) {
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
CustomPages::display(CustomPages::INDEX_UNLOGGED);
}*/
$origin = isset($_GET['origin']) ? $_GET['origin'] : ''; $origin = isset($_GET['origin']) ? $_GET['origin'] : '';
if ($origin == 'learnpath') { $msg = null;
$htmlHeadXtra[]= '<style type="text/css" media="screen, projection">
/*<![CDATA[*/
@import "'.api_get_path(WEB_CODE_PATH).'css/'.api_get_setting('stylesheets').'/default.css";
/*]]>*/
</style>';
}
if (isset($message)) { if (isset($message)) {
$msg = Display::div($message, array('align'=>'center')); $msg = $message;
} else { } else {
$msg = Display::return_message(get_lang('NotAllowedClickBack'), 'error', false); $msg = Display::return_message(get_lang('NotAllowedClickBack'), 'error', false);
} }
$msg = Display::div($msg, array('align'=>'center')); $msg = Display::div($msg, array('align'=>'center'));
$show_headers = 0; $show_headers = 0;
@ -2723,7 +2726,8 @@ function api_not_allowed($print_headers = false, $message = null) {
$tpl = new Template(null, $show_headers, $show_headers); $tpl = new Template(null, $show_headers, $show_headers);
$tpl->assign('content', $msg); $tpl->assign('content', $msg);
if (($user!=0 && !api_is_anonymous()) && (!isset($course) || $course == -1) && empty($_GET['cidReq'])) {
if (($user_id!=0 && !api_is_anonymous()) && (!isset($course) || $course == -1) && empty($_GET['cidReq'])) {
// if the access is not authorized and there is some login information // if the access is not authorized and there is some login information
// but the cidReq is not found, assume we are missing course data and send the user // but the cidReq is not found, assume we are missing course data and send the user
// to the user_portal // to the user_portal
@ -2733,12 +2737,13 @@ function api_not_allowed($print_headers = false, $message = null) {
if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE)) { if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE)) {
//only display form and return to the previous URL if there was a course ID included //only display form and return to the previous URL if there was a course ID included
if ($user!=0 && !api_is_anonymous()) { if ($user_id!=0 && !api_is_anonymous()) {
//if there is a user ID, then the user is not allowed but the session is still there. Say so and exit //if there is a user ID, then the user is not allowed but the session is still there. Say so and exit
$tpl->assign('content', $msg); $tpl->assign('content', $msg);
$tpl->display_one_col_template(); $tpl->display_one_col_template();
exit; exit;
} }
// If the user has no user ID, then his session has expired // If the user has no user ID, then his session has expired
$form = new FormValidator('formLogin', 'post', api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']), null, array('class'=>'form-stacked')); $form = new FormValidator('formLogin', 'post', api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']), null, array('class'=>'form-stacked'));
@ -2760,11 +2765,11 @@ function api_not_allowed($print_headers = false, $message = null) {
exit; exit;
} }
if ($user!=0 && !api_is_anonymous()) { if ($user_id !=0 && !api_is_anonymous()) {
$tpl->display_one_col_template(); $tpl->display_one_col_template();
exit; exit;
} }
$msg = null;
// Check if the cookies are enabled. If are enabled and if no course ID was included in the requested URL, then the user has either lost his session or is anonymous, so redirect to homepage // Check if the cookies are enabled. If are enabled and if no course ID was included in the requested URL, then the user has either lost his session or is anonymous, so redirect to homepage
if( !isset($_COOKIE["TestCookie"]) && empty($_COOKIE["TestCookie"]) ) { if( !isset($_COOKIE["TestCookie"]) && empty($_COOKIE["TestCookie"]) ) {
$msg = Display::return_message(get_lang('NoCookies').'<br /><br /><a href="'.$home_url.'">'.get_lang('BackTo').' '.get_lang('CampusHomepage').'</a><br />', 'error', false); $msg = Display::return_message(get_lang('NoCookies').'<br /><br /><a href="'.$home_url.'">'.get_lang('BackTo').' '.get_lang('CampusHomepage').'</a><br />', 'error', false);

28
main/inc/local.inc.php
Unescape View File

@ -177,9 +177,7 @@ $gidReset = isset($gidReset) ? $gidReset : '';
// parameters passed via POST // parameters passed via POST
$login = isset($_POST["login"]) ? $_POST["login"] : ''; $login = isset($_POST["login"]) ? $_POST["login"] : '';
/* /* MAIN CODE */
MAIN CODE
*/
if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) { if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
// uid is in session => login already done, continue with this value // uid is in session => login already done, continue with this value
@ -296,7 +294,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
$update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type'); $update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type');
$update_type= $update_type['update_type']; $update_type= $update_type['update_type'];
if (!empty($extAuthSource[$update_type]['updateUser']) && file_exists($extAuthSource[$update_type]['updateUser'])) { if (!empty($extAuthSource[$update_type]['updateUser']) && file_exists($extAuthSource[$update_type]['updateUser'])) {
include_once($extAuthSource[$update_type]['updateUser']); include_once $extAuthSource[$update_type]['updateUser'];
} }
// Check if the account is active (not locked) // Check if the account is active (not locked)
if ($uData['active']=='1') { if ($uData['active']=='1') {
@ -372,6 +370,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
} }
} }
} else { } else {
//error_log('Loggedin');
ConditionalLogin::check_conditions($uData); ConditionalLogin::check_conditions($uData);
$_user['user_id'] = $uData['user_id']; $_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status']; $_user['status'] = $uData['status'];
@ -567,12 +566,12 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
} }
} }
} elseif (KeyAuth::is_enabled()) { } elseif (KeyAuth::is_enabled()) {
$success = KeyAuth::instance()->login(); $success = KeyAuth::instance()->login();
if($success) if($success)
{ {
$use_anonymous = false; $use_anonymous = false;
}
} }
}
// else {} => continue as anonymous user // else {} => continue as anonymous user
$uidReset = true; $uidReset = true;
@ -663,14 +662,14 @@ if (isset($uidReset) && $uidReset) { // session data refresh requested
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse); Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
// If request_uri is setted we have to go further to have course permissions // If request_uri is setted we have to go further to have course permissions
if (empty($_SESSION['request_uri']) || !isset($_SESSION['request_uri'])) { /*if (empty($_SESSION['request_uri']) || !isset($_SESSION['request_uri'])) {
if (isset($_SESSION['noredirection'])) { if (isset($_SESSION['noredirection'])) {
//If we just want to reset info without redirecting user //If we just want to reset info without redirecting user
unset($_SESSION['noredirection']); unset($_SESSION['noredirection']);
} else { } else {
LoginRedirection::redirect(); LoginRedirection::redirect();
} }
} }*/
} else { } else {
header('location:'.api_get_path(WEB_PATH)); header('location:'.api_get_path(WEB_PATH));
//exit("WARNING UNDEFINED UID !! "); //exit("WARNING UNDEFINED UID !! ");
@ -732,7 +731,8 @@ if (isset($cidReset) && $cidReset) {
$_course['activate_legal'] = $course_data['activate_legal']; $_course['activate_legal'] = $course_data['activate_legal'];
$_course['show_score'] = $course_data['show_score']; //used in the work tool $_course['show_score'] = $course_data['show_score']; //used in the work tool
Session::write('_cid',$_cid); //error_log('Course set: '.$_cid);
Session::write('_cid', $_cid);
Session::write('_course',$_course); Session::write('_course',$_course);
//@TODO real_cid should be cid, for working with numeric course id //@TODO real_cid should be cid, for working with numeric course id
@ -1141,6 +1141,9 @@ if (isset($_cid)) {
Database::query($sql); Database::query($sql);
} }
Redirect::session_request_uri();
/*
$no_redirection = isset($no_redirection) ? $no_redirection : false; $no_redirection = isset($no_redirection) ? $no_redirection : false;
if (!$no_redirection && (isset($_SESSION['request_uri']) && !empty($_SESSION['request_uri']))){ if (!$no_redirection && (isset($_SESSION['request_uri']) && !empty($_SESSION['request_uri']))){
$req= $_SESSION['request_uri']; $req= $_SESSION['request_uri'];
@ -1148,3 +1151,4 @@ if (!$no_redirection && (isset($_SESSION['request_uri']) && !empty($_SESSION['re
header('Location: '.$req); header('Location: '.$req);
exit; exit;
} }
*/
Write Preview
Loading…
Cancel
Save