chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

More fixes in the terms and condition page see #4851

Browse Source
skala
Julio Montoya 14 years ago
parent 8609d06019
commit 9cf3677546
5 changed files with 205 additions and 234 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      index.php
  2. 21
      main/admin/configure_inscription.php
  3. 346
      main/auth/inscription.php
  4. 16
      main/inc/lib/main_api.lib.php
  5. 53
      main/inc/local.inc.php

3
index.php
Unescape View File

@ -77,8 +77,7 @@ if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
// Delete session neccesary for legal terms
if (api_get_setting('allow_terms_conditions') == 'true') {
unset($_SESSION['update_term_and_condition']);
unset($_SESSION['info_current_user']);
unset($_SESSION['term_and_condition']);
}
//If we are not logged in and customapages activated
if (!api_get_user_id() && CustomPages::enabled()) {

21
main/admin/configure_inscription.php
Unescape View File

@ -72,11 +72,11 @@ if ($_configuration['multiple_access_urls']) {
if ($access_url_id != -1) {
$url_info = api_get_access_url($access_url_id);
$url = api_remove_trailing_slash(preg_replace('/https?:\/\//i', '', $url_info['url']));
$clean_url = replace_dangerous_char($url);
$clean_url = str_replace('/', '-', $clean_url);
$clean_url .= '/';
$homep = api_get_path(SYS_PATH).'home/'; //homep for Home Path
$homep_new = api_get_path(SYS_PATH).'home/'.$clean_url; //homep for Home Path added the url
@ -124,7 +124,7 @@ if (!empty($action)) {
$home_top = trim(stripslashes($_POST['register_top']));
}
// Write
if (file_exists($homep.$topf.'_'.$lang.$ext)) {
if (is_writable($homep.$topf.'_'.$lang.$ext)) {
$fp = fopen($homep.$topf.'_'.$lang.$ext, 'w');
@ -184,7 +184,7 @@ if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
$form = new FormValidator('registration');
if (get_setting('allow_terms_conditions') == 'true') {
$display_all_form = !isset($_SESSION['update_term_and_condition'][1]);
$display_all_form = !isset($_SESSION['update_term_and_condition']['user_id']);
} else {
$display_all_form = true;
}
@ -300,16 +300,17 @@ if (get_setting('allow_terms_conditions') == 'true') {
// Version and language //password
$form->addElement('hidden', 'legal_accept_type', $term_preview['version'].':'.$term_preview['language_id']);
$form->addElement('hidden', 'legal_info', $term_preview['legal_id'].':'.$term_preview['language_id']);
if (isset($_SESSION['info_current_user'][1]) && isset($_SESSION['info_current_user'][2])) {
$form->addElement('hidden', 'login', $_SESSION['info_current_user'][1]);
$form->addElement('hidden', 'password', $_SESSION['info_current_user'][2]);
}
/*if (isset($_SESSION['term_and_condition']['user_id']) && isset($_SESSION['term_and_condition']['password'])) {
$form->addElement('hidden', 'login', $_SESSION['term_and_condition']['user_id']);
$form->addElement('hidden', 'password', $_SESSION['term_and_condition']['password']);
}*/
if ($term_preview['type'] == 1) {
$form->addElement('checkbox', 'legal_accept', null, get_lang('IHaveReadAndAgree').'&nbsp;<a href="inscription.php?legal" target="_blank">'.get_lang('TermsAndConditions').'</a>');
$form->addRule('extra_legal_accept', get_lang('ThisFieldIsRequired'), 'required');
} else {
if (!empty($term_preview['content'])) {
$preview = LegalManager::show_last_condition($term_preview);
$preview = LegalManager::show_last_condition($term_preview);
$form->addElement('label', get_lang('TermsAndConditions'), $preview);
}
}
@ -385,7 +386,7 @@ switch ($action){
//Form of language
api_display_language_form();
echo '&nbsp;&nbsp;<a href="'.api_get_self().'?action=edit_top">'.Display::display_icon('edit.gif', get_lang('Edit')).'</a> <a href="'.api_get_self().'?action=edit_top">'.get_lang('EditNotice').'</a>';
$open = '';
if (file_exists($homep.$topf.'_'.$lang.$ext)) {
$open = @(string)file_get_contents($homep.$topf.'_'.$lang.$ext);

346
main/auth/inscription.php
Unescape View File

@ -9,6 +9,7 @@
use \ChamiloSession as Session;
$language_file = array('registration', 'admin');
if (!empty($_POST['language'])) { //quick hack to adapt the registration form result to the selected registration language
$_GET['language'] = $_POST['language'];
}
@ -23,15 +24,16 @@ if (!empty($_SESSION['user_language_choice'])) {
} else {
$user_selected_language = get_setting('platformLanguage');
}
$form = new FormValidator('registration');
if (api_get_setting('allow_terms_conditions') == 'true') {
$display_all_form = !isset($_SESSION['update_term_and_condition'][1]);
$user_already_registered_show_terms = isset($_SESSION['term_and_condition']['user_id']);
} else {
$display_all_form = true;
$user_already_registered_show_terms = false;
}
if ($display_all_form) {
if ($user_already_registered_show_terms == false) {
if (api_is_western_name_order()) {
// FIRST NAME and LAST NAME
$form->addElement('text', 'firstname', get_lang('FirstName'), array('size' => 40));
@ -87,6 +89,7 @@ if ($display_all_form) {
$form->addRule('pass1', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('pass2', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule(array('pass1', 'pass2'), get_lang('PassTwo'), 'compare');
if (CHECK_PASS_EASY_TO_FIND)
$form->addRule('password1', get_lang('PassTooEasy').': '.api_generate_password(), 'callback', 'api_check_password');
@ -202,11 +205,11 @@ if (!CustomPages::enabled()) {
$tool_name = get_lang('Registration', null, (!empty($_POST['language'])?$_POST['language']:$_user['language']));
if (api_get_setting('allow_terms_conditions') == 'true') {
if (api_get_setting('allow_terms_conditions') == 'true' && $user_already_registered_show_terms) {
$tool_name = get_lang('TermsAndConditions');
}
Display :: display_header($tool_name);
Display :: display_header($tool_name);
echo Display::page_header($tool_name);
$home = api_get_path(SYS_PATH).'home/';
@ -268,11 +271,7 @@ if (api_get_setting('allow_terms_conditions') == 'true') {
// Version and language
$form->addElement('hidden', 'legal_accept_type', $term_preview['version'].':'.$term_preview['language_id']);
$form->addElement('hidden', 'legal_info', $term_preview['legal_id'].':'.$term_preview['language_id']);
// Password
if (isset($_SESSION['info_current_user'][1]) && isset($_SESSION['info_current_user'][2])) {
$form->addElement('hidden', 'login', $_SESSION['info_current_user'][1]);
$form->addElement('hidden', 'password', $_SESSION['info_current_user'][2]);
}
if ($term_preview['type'] == 1) {
$form->addElement('checkbox', 'legal_accept', null, get_lang('IHaveReadAndAgree').'&nbsp;<a href="inscription.php?legal" target="_blank">'.get_lang('TermsAndConditions').'</a>');
$form->addRule('legal_accept', get_lang('ThisFieldIsRequired'), 'required');
@ -287,11 +286,7 @@ if (api_get_setting('allow_terms_conditions') == 'true') {
$form->addElement('button', 'submit', get_lang('RegisterUser'));
if ($form->validate()) {
/*
STORE THE NEW USER DATA INSIDE THE MAIN DATABASE
*/
$values = $form->exportValues();
$values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH); //make *sure* the login isn't too long
if (api_get_setting('allow_registration_as_teacher') == 'false') {
@ -306,196 +301,179 @@ if ($form->validate()) {
$values['username'] = $values['email'];
}
// creating a new user
$user_id = UserManager::create_user($values['firstname'], $values['lastname'], $values['status'], $values['email'], $values['username'], $values['pass1'], $values['official_code'], $values['language'], $values['phone'], $picture_uri, PLATFORM_AUTH_SOURCE, null, 1, 0, null, null, true);
// Terms & Conditions
if (api_get_setting('allow_terms_conditions') == 'true') {
// update the terms & conditions
if (isset($values['legal_accept_type'])) {
$cond_array = explode(':', $values['legal_accept_type']);
if (!empty($cond_array[0]) && !empty($cond_array[1])) {
$time = time();
$condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time;
UserManager::update_extra_field_value($user_id, 'legal_accept', $condition_to_save);
if ($user_already_registered_show_terms && api_get_setting('allow_terms_conditions') == 'true') {
$user_id = $_SESSION['term_and_condition']['user_id'];
$is_admin = UserManager::is_admin($user_id);
Session::write('is_platformAdmin', $is_admin);
} else {
// Creates a new user
$user_id = UserManager::create_user($values['firstname'], $values['lastname'], $values['status'], $values['email'], $values['username'], $values['pass1'], $values['official_code'], $values['language'], $values['phone'], $picture_uri, PLATFORM_AUTH_SOURCE, null, 1, 0, null, null, true);
// Register extra fields
$extras = array();
foreach ($values as $key => $value) {
if (substr($key, 0, 6) == 'extra_') { //an extra field
$extras[substr($key,6)] = $value;
}
}
}
// Register extra fields
$extras = array();
foreach ($values as $key => $value) {
if (substr($key, 0, 6) == 'extra_') { //an extra field
$extras[substr($key,6)] = $value;
//update the extra fields
$count_extra_field = count($extras);
if ($count_extra_field > 0) {
foreach ($extras as $key => $value) {
UserManager::update_extra_field_value($user_id, $key, $value);
}
}
}
//update the extra fields
$count_extra_field = count($extras);
if ($count_extra_field > 0) {
foreach ($extras as $key => $value) {
$myres = UserManager::update_extra_field_value($user_id, $key, $value);
}
}
if ($user_id) {
// storing the extended profile
$store_extended = false;
$sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET ";
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'mycomptetences') == 'true') {
$sql_set[] = "competences = '".Database::escape_string($values['competences'])."'";
$store_extended = true;
}
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'mydiplomas') == 'true') {
$sql_set[] = "diplomas = '".Database::escape_string($values['diplomas'])."'";
$store_extended = true;
}
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'myteach') == 'true') {
$sql_set[] = "teach = '".Database::escape_string($values['teach'])."'";
$store_extended = true;
}
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'mypersonalopenarea') == 'true') {
$sql_set[] = "openarea = '".Database::escape_string($values['openarea'])."'";
$store_extended = true;
}
if ($store_extended) {
$sql .= implode(',', $sql_set);
$sql .= " WHERE user_id = '".Database::escape_string($user_id)."'";
Database::query($sql);
}
if ($user_id) {
// storing the extended profile
$store_extended = false;
$sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET ";
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'mycomptetences') == 'true') {
$sql_set[] = "competences = '".Database::escape_string($values['competences'])."'";
$store_extended = true;
}
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'mydiplomas') == 'true') {
$sql_set[] = "diplomas = '".Database::escape_string($values['diplomas'])."'";
$store_extended = true;
}
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'myteach') == 'true') {
$sql_set[] = "teach = '".Database::escape_string($values['teach'])."'";
$store_extended = true;
}
if (api_get_setting('extended_profile') == 'true' && api_get_setting('extendedprofile_registration', 'mypersonalopenarea') == 'true') {
$sql_set[] = "openarea = '".Database::escape_string($values['openarea'])."'";
$store_extended = true;
}
if ($store_extended) {
$sql .= implode(',', $sql_set);
$sql .= " WHERE user_id = '".Database::escape_string($user_id)."'";
Database::query($sql);
}
// if there is a default duration of a valid account then we have to change the expiration_date accordingly
if (api_get_setting('account_valid_duration') != '') {
$sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET expiration_date='registration_date+1' WHERE user_id='".$user_id."'";
Database::query($sql);
}
// if there is a default duration of a valid account then we have to change the expiration_date accordingly
if (api_get_setting('account_valid_duration') != '') {
$sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)." SET expiration_date='registration_date+1' WHERE user_id='".$user_id."'";
Database::query($sql);
}
// if the account has to be approved then we set the account to inactive, sent a mail to the platform admin and exit the page.
if (api_get_setting('allow_registration') == 'approval') {
$TABLE_USER = Database::get_main_table(TABLE_MAIN_USER);
// 1. set account inactive
$sql = "UPDATE ".$TABLE_USER." SET active='0' WHERE user_id='".$user_id."'";
Database::query($sql);
// if the account has to be approved then we set the account to inactive, sent a mail to the platform admin and exit the page.
if (api_get_setting('allow_registration') == 'approval') {
$TABLE_USER = Database::get_main_table(TABLE_MAIN_USER);
// 1. set account inactive
$sql = "UPDATE ".$TABLE_USER." SET active='0' WHERE user_id='".$user_id."'";
Database::query($sql);
$table_main_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql_get_id_admin = "SELECT admin.user_id FROM ".$tbl_url_rel_user." as url, ".$table_main_admin." as admin WHERE access_url_id='".$access_url_id."' AND admin.user_id=url.user_id";
} else {
$sql_get_id_admin = "SELECT * FROM ".$table_main_admin;
}
$result = Database::query($sql_get_id_admin);
while ($row = Database::fetch_array($result)) {
$sql_admin_list = "SELECT * FROM ".$TABLE_USER." WHERE user_id='".$row['user_id']."'";
$result_list = Database::query($sql_admin_list);
$admin_list = Database::fetch_array($result_list);
$emailto = $admin_list['email'];
// 2. send mail to the platform admin
$emailsubject = get_lang('ApprovalForNewAccount',null,$values['language']).': '.$values['username'];
$emailbody = get_lang('ApprovalForNewAccount',null,$values['language'])."\n";
$emailbody .= get_lang('UserName',null,$values['language']).': '.$values['username']."\n";
if (api_is_western_name_order()) {
$emailbody .= get_lang('FirstName',null,$values['language']).': '.$values['firstname']."\n";
$emailbody .= get_lang('LastName',null,$values['language']).': '.$values['lastname']."\n";
$table_main_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql_get_id_admin = "SELECT admin.user_id FROM ".$tbl_url_rel_user." as url, ".$table_main_admin." as admin WHERE access_url_id='".$access_url_id."' AND admin.user_id=url.user_id";
} else {
$emailbody .= get_lang('LastName',null,$values['language']).': '.$values['lastname']."\n";
$emailbody .= get_lang('FirstName',null,$values['language']).': '.$values['firstname']."\n";
$sql_get_id_admin = "SELECT * FROM ".$table_main_admin;
}
$result = Database::query($sql_get_id_admin);
while ($row = Database::fetch_array($result)) {
$sql_admin_list = "SELECT * FROM ".$TABLE_USER." WHERE user_id='".$row['user_id']."'";
$result_list = Database::query($sql_admin_list);
$admin_list = Database::fetch_array($result_list);
$emailto = $admin_list['email'];
// 2. send mail to the platform admin
$emailsubject = get_lang('ApprovalForNewAccount',null,$values['language']).': '.$values['username'];
$emailbody = get_lang('ApprovalForNewAccount',null,$values['language'])."\n";
$emailbody .= get_lang('UserName',null,$values['language']).': '.$values['username']."\n";
if (api_is_western_name_order()) {
$emailbody .= get_lang('FirstName',null,$values['language']).': '.$values['firstname']."\n";
$emailbody .= get_lang('LastName',null,$values['language']).': '.$values['lastname']."\n";
} else {
$emailbody .= get_lang('LastName',null,$values['language']).': '.$values['lastname']."\n";
$emailbody .= get_lang('FirstName',null,$values['language']).': '.$values['firstname']."\n";
}
$emailbody .= get_lang('Email',null,$values['language']).': '.$values['email']."\n";
$emailbody .= get_lang('Status',null,$values['language']).': '.$values['status']."\n\n";
$emailbody .= get_lang('ManageUser',null,$values['language']).': '.api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id;
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
@api_mail('', $emailto, $emailsubject, $emailbody, $sender_name, $email_admin);
}
$emailbody .= get_lang('Email',null,$values['language']).': '.$values['email']."\n";
$emailbody .= get_lang('Status',null,$values['language']).': '.$values['status']."\n\n";
$emailbody .= get_lang('ManageUser',null,$values['language']).': '.api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id;
// 3. exit the page
unset($user_id);
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
@api_mail('', $emailto, $emailsubject, $emailbody, $sender_name, $email_admin);
if (!CustomPages::enabled()) {
Display :: display_footer();
}
exit;
}
// 3. exit the page
unset($user_id);
}
}
if (!CustomPages::enabled()) {
Display :: display_footer();
// Terms & Conditions
if (api_get_setting('allow_terms_conditions') == 'true') {
// update the terms & conditions
if (isset($values['legal_accept_type'])) {
$cond_array = explode(':', $values['legal_accept_type']);
if (!empty($cond_array[0]) && !empty($cond_array[1])) {
$time = time();
$condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time;
UserManager::update_extra_field_value($user_id, 'legal_accept', $condition_to_save);
}
exit;
}
$values = api_get_user_info($user_id);
}
/* SESSION REGISTERING */
$_user['firstName'] = stripslashes($values['firstname']);
$_user['lastName'] = stripslashes($values['lastname']);
$_user['mail'] = $values['email'];
$_user['language'] = $values['language'];
$_user['user_id'] = $user_id;
$is_allowedCreateCourse = $values['status'] == 1;
Session::write('_user',$_user);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse);
//stats
event_login();
// last user login date is now
$user_last_login_datetime = 0; // used as a unix timestamp it will correspond to : 1 1 1970
Session::write('user_last_login_datetime',$user_last_login_datetime);
/* EMAIL NOTIFICATION */
//already added in UserManager::add_user();
/*
if (strpos($values['email'], '@') !== false) {
// Let us predefine some variables. Be sure to change the from address!
$recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
$email = $values['email'];
$emailfromaddr = api_get_setting('emailAdministrator');
$emailfromname = api_get_setting('siteName');
$emailsubject = '['.api_get_setting('siteName').'] '.get_lang('YourReg',null,$_user['language']).' '.api_get_setting('siteName');
// The body can be as long as you wish, and any combination of text and variables
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ){
$url = api_get_access_url($access_url_id);
$portal_url = $url['url'];
}
}
/* SESSION REGISTERING */
$_user['firstName'] = stripslashes($values['firstname']);
$_user['lastName'] = stripslashes($values['lastname']);
$_user['mail'] = $values['email'];
$_user['language'] = $values['language'];
$_user['user_id'] = $user_id;
$is_allowedCreateCourse = $values['status'] == 1;
$emailbody = get_lang('Dear',null,$_user['language']).' '.stripslashes(Security::remove_XSS($recipient_name)).",\n\n".get_lang('YouAreReg',null,$_user['language']).' '.api_get_setting('siteName').' '.get_lang('WithTheFollowingSettings',null,$_user['language'])."\n\n".get_lang('Username',null,$_user['language']).' : '.$values['username']."\n".get_lang('Pass',null,$_user['language']).' : '.stripslashes($values['pass1'])."\n\n".get_lang('Address',null,$_user['language']).' '.api_get_setting('siteName').' '.get_lang('Is',null,$_user['language']).' : '.$portal_url."\n\n".get_lang('Problem',null,$_user['language'])."\n\n".get_lang('Formula',null,$_user['language']).",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".get_lang('Manager',null,$_user['language']).' '.api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".get_lang('Email',null,$_user['language']).' : '.api_get_setting('emailAdministrator');
Session::write('_user', $_user);
Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
// Here we are forming one large header line
// Every header must be followed by a \n except the last
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
@api_mail($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin);
}*/
}
$recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
$display_text = '<p>'.get_lang('Dear',null,$_user['language']).' '.stripslashes(Security::remove_XSS($recipient_name)).',<br /><br />'.get_lang('PersonalSettings',null,$_user['language']).".</p>\n";
//stats
event_login();
if (!empty ($values['email'])) {
$display_text.= '<p>'.get_lang('MailHasBeenSent',null,$_user['language']).'.</p>';
}
$button_text = '';
if ($is_allowedCreateCourse) {
$display_text .= '<p>'. get_lang('NowGoCreateYourCourse',null,$_user['language']). ".</p>\n";
$action_url = '../create_course/add_course.php';
$button_text = api_get_setting('course_validation') == 'true'
? get_lang('CreateCourseRequest', null, $_user['language'])
: get_lang('CourseCreate', null, $_user['language']);
} else {
if (api_get_setting('allow_students_to_browse_courses') == 'true')
$action_url = 'courses.php?action=subscribe';
else
$action_url = api_get_path(WEB_PATH).'user_portal.php';
$display_text.='<p>'. get_lang('NowGoChooseYourCourses',null,$_user['language']). ".</p>\n";
// last user login date is now
$user_last_login_datetime = 0; // used as a unix timestamp it will correspond to : 1 1 1970
Session::write('user_last_login_datetime', $user_last_login_datetime);
$recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
$display_text = '<p>'.get_lang('Dear',null, $_user['language']).' '.stripslashes(Security::remove_XSS($recipient_name)).',<br /><br />'.get_lang('PersonalSettings',null,$_user['language']).".</p>\n";
if (api_get_setting('allow_terms_conditions') == 'true' && $user_already_registered_show_terms) {
$button_text = get_lang('Next',null,$_user['language']);
}
// ?uidReset=true&uidReq=$_user['user_id']
$action_url = api_get_path(WEB_PATH).'user_portal.php';
$display_text .= '<form action="'. $action_url. '" method="post">'. "\n". '<button type="submit" class="next" name="next" value="'. get_lang('Next',null,$_user['language']). '" validationmsg=" '. get_lang('Next',null,$_user['language']). ' ">'. $button_text. '</button>'. "\n". '</form><br />'. "\n";
} else {
if (!empty ($values['email'])) {
$display_text.= '<p>'.get_lang('MailHasBeenSent',null,$_user['language']).'.</p>';
}
$button_text = '';
if ($is_allowedCreateCourse) {
$display_text .= '<p>'. get_lang('NowGoCreateYourCourse',null,$_user['language']). ".</p>";
$action_url = '../create_course/add_course.php';
$button_text = api_get_setting('course_validation') == 'true'
? get_lang('CreateCourseRequest', null, $_user['language'])
: get_lang('CourseCreate', null, $_user['language']);
} else {
if (api_get_setting('allow_students_to_browse_courses') == 'true')
$action_url = 'courses.php?action=subscribe';
else
$action_url = api_get_path(WEB_PATH).'user_portal.php';
$display_text.='<p>'. get_lang('NowGoChooseYourCourses',null,$_user['language']). ".</p>";
$button_text = get_lang('Next',null,$_user['language']);
}
}
$display_text .= '<form action="'. $action_url. '" method="post">
<button type="submit" class="next" name="next" value="'. get_lang('Next', null, $_user['language']). '" validationmsg=" '. get_lang('Next',null,$_user['language']). ' ">'. $button_text. '</button>'. "\n". '</form><br />'. "\n";
if (CustomPages::enabled()) {
CustomPages::display(CustomPages::REGISTRATION_FEEDBACK, array('info' => $display_text));
}
@ -508,4 +486,4 @@ if ($form->validate()) {
$form->display();
}
}
Display :: display_footer();
Display :: display_footer();

16
main/inc/lib/main_api.lib.php
Unescape View File

@ -2698,7 +2698,7 @@ function api_not_allowed($print_headers = false, $message = null) {
//Why the CustomPages::enabled() need to be to set the request_uri
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
}
if (CustomPages::enabled() && !isset($user_id)) {
CustomPages::display(CustomPages::INDEX_UNLOGGED);
}
@ -5122,19 +5122,21 @@ function api_get_tools_lists($my_tool = null) {
*/
function api_check_term_condition($user_id) {
if (api_get_setting('allow_terms_conditions') == 'true') {
require_once api_get_path(LIBRARY_PATH).'legal.lib.php';
$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
//check if exists terms and conditions
if (LegalManager::count() == 0) {
return true;
}
// Check the last user version_id passed
$sqlv = "SELECT field_value FROM $t_ufv ufv inner join $t_uf uf on ufv.field_id= uf.id
WHERE field_variable = 'legal_accept' AND user_id = ".intval($user_id);
$resv = Database::query($sqlv);
if (Database::num_rows($resv) > 0) {
$rowv = Database::fetch_row($resv);
$sql = "SELECT field_value FROM $t_ufv ufv inner join $t_uf uf on ufv.field_id= uf.id
WHERE field_value <> '' AND field_variable = 'legal_accept' AND user_id = ".intval($user_id);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
$rowv = Database::fetch_row($res);
$rowv = $rowv[0];
$user_conditions = explode(':', $rowv);
$version = $user_conditions[0];

53
main/inc/local.inc.php
Unescape View File

@ -132,11 +132,6 @@
//require_once api_get_path(LIBRARY_PATH).'conditionallogin.lib.php'; moved to autologin
// verified if exists the username and password in session current
//moved to autologin
//if (isset($_SESSION['info_current_user'][1]) && isset($_SESSION['info_current_user'][2])) {
// require_once api_get_path(LIBRARY_PATH).'legal.lib.php';
//}
use \ChamiloSession as Session;
//Conditional login
@ -192,20 +187,19 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
unset($_user['user_id']);
}
//$_SESSION['info_current_user'][1] is user name
//$_SESSION['info_current_user'][2] is current password encrypted
//$_SESSION['update_term_and_condition'][1] is current user id, of user in session
if (api_get_setting('allow_terms_conditions')=='true') {
if (isset($_POST['login']) && isset($_POST['password']) && isset($_SESSION['update_term_and_condition'][1])) {
$user_id = $_SESSION['update_term_and_condition'][1]; // user id
if (isset($_POST['login']) && isset($_POST['password']) && isset($_SESSION['term_and_condition']['user_id'])) {
$user_id = $_SESSION['term_and_condition']['user_id']; // user id
// update the terms & conditions
$legal_type = null;
//verify type of terms and conditions
$info_legal = explode(':',$_POST['legal_info']);
$legal_type = LegalManager::get_type_of_terms_and_conditions($info_legal[0],$info_legal[1]);
if (isset($_POST['legal_info'])) {
$info_legal = explode(':', $_POST['legal_info']);
$legal_type = LegalManager::get_type_of_terms_and_conditions($info_legal[0], $info_legal[1]);
}
//is necessary verify check
if ($legal_type==1) {
if ($legal_type == 1) {
if ((isset($_POST['legal_accept']) && $_POST['legal_accept']=='1')) {
$legal_option=true;
} else {
@ -213,8 +207,9 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
}
}
//no is check option
if ($legal_type==0) {
if ($legal_type == 0) {
$legal_option=true;
}
@ -242,6 +237,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
$cas_login = cas_is_authenticated();
}
if ( ( isset($_POST['login']) AND isset($_POST['password']) ) OR ($cas_login) ) {
// $login && $password are given to log in
if ( $cas_login && empty($_POST['login']) ) {
$login = $cas_login;
@ -261,29 +257,24 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE || $uData['auth_source'] == CAS_AUTH_SOURCE) {
//the authentification of this user is managed by Chamilo itself
$password = trim(stripslashes($password));
$password = api_get_encrypted_password(trim(stripslashes($password)));
if (api_get_setting('allow_terms_conditions')=='true') {
if (isset($_POST['password']) && isset($_SESSION['info_current_user'][2]) && $_POST['password']==$_SESSION['info_current_user'][2]) {
$password=$_POST['password'];
} else {
$password = api_get_encrypted_password($password);
}
} else {
$password = api_get_encrypted_password($password);
}
if (api_get_setting('allow_terms_conditions')=='true') {
if ($password == $uData['password'] AND (trim($login) == $uData['username']) OR $cas_login ) {
$temp_user_id = $uData['user_id'];
$term_and_condition_status=api_check_term_condition($temp_user_id);//false or true
if ($term_and_condition_status===false) {
$_SESSION['update_term_and_condition']=array(true,$temp_user_id);
$_SESSION['info_current_user']=array(true,$login,$password);
$term_and_condition_status = api_check_term_condition($temp_user_id);//false or true
if ($term_and_condition_status === false) {
$_SESSION['term_and_condition'] = array('user_id' => $temp_user_id,
'login' => $login,
'password' => $password,
'update_term_status' => true,
);
header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php');
exit;
} else {
unset($_SESSION['update_term_and_condition']);
unset($_SESSION['info_current_user']);
unset($_SESSION['term_and_condition']);
}
}
}

Write Preview
Loading…
Cancel
Save