#6272 : Corrects a critical chamilo bug in local.inc.php that can lead to an icmplete session if server is loaded.

Uses LoginRedirection library to redirect user at first login
14 years ago · a704bee93f
parent 7549864ae3
commit a704bee93f
4 changed files with 87 additions and 68 deletions
--- a/index.php
+++ b/index.php
@ -125,53 +125,6 @@ else {
    // Only if login form was not sent because if the form is sent the user was already on the page.
    event_open();
 }
-//checks user status and redirect him through custom page if setting is enabled
-
-$user_status = (isset($_SESSION['_user']['user_id'])) ? $_user['status'] : null;
-
-if ( $user_status == STUDENT && !api_get_setting('student_page_after_login') == '' ){
-	$redirect_url = html_entity_decode(api_get_setting('student_page_after_login'));
-	if ($redirect_url[0] == "/") {
-		$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
-	}
-    header('Location: '.$redirect_url);
-      exit();
-}
-if ( $user_status == COURSEMANAGER && !api_get_setting('teacher_page_after_login') == '' ){
-	$redirect_url = html_entity_decode(api_get_setting('teacher_page_after_login'));
-	if ($redirect_url[0] == "/") {
-		$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
-	}
-    header('Location: '.$redirect_url);
-      exit();
-}
-if ( $user_status == DRH && !api_get_setting('DRH_page_after_login') == '' ){
-	$redirect_url = html_entity_decode(api_get_setting('DRH_page_after_login'));
-	if ($redirect_url[0] == "/") {
-		$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
-	}
-    header('Location: '.$redirect_url);
-      exit();
-}
-if ( $user_status == SESSIONADMIN && !api_get_setting('sessionadmin_page_after_login') == '' ){
-	$redirect_url = html_entity_decode(api_get_setting('sessionadmin_page_after_login'));
-	if ($redirect_url[0] == "/") {
-		$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
-	}
-    header('Location: '.$redirect_url);
-      exit();
-}
-
-
-// Custom pages
-if (api_get_setting('use_custom_pages') == 'true') {
-	if (api_get_user_id()) {
-		CustomPages::displayPage('index-logged');
-	}
-	else {
-		CustomPages::displayPage('index-unlogged');
-	}
-}
 // The header.
 /*$header_title = get_lang('Homepage');
 //$sitename = api_get_setting('siteName');
@ -962,4 +915,4 @@ function show_right_block($title, $content, $class = '') {
            $html.= '</div>';        
        $html.= '</div>';   
    return $html;
-}
+}
--- a/main/inc/lib/loginredirection.lib.php
+++ b/main/inc/lib/loginredirection.lib.php
@ -0,0 +1,66 @@
+<?php
+/**
+* When a user login, the function LoginRedirection::redirect is called.
+* When this function is called all user info has already been registered in $_user session variable
+**/
+Class LoginRedirection {
+
+	//checks user status and redirect him through custom page if setting is enabled
+	public function redirect(){
+
+		if ( api_is_student() && !api_get_setting('student_page_after_login') == '' ){
+			$redirect_url = html_entity_decode(api_get_setting('student_page_after_login'));
+			if ($redirect_url[0] == "/") {
+				$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
+			}
+			header('Location: '.$redirect_url);
+			exit();
+		}
+		if ( api_is_teacher() && !api_get_setting('teacher_page_after_login') == '' ){
+			$redirect_url = html_entity_decode(api_get_setting('teacher_page_after_login'));
+			if ($redirect_url[0] == "/") {
+				$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
+			}
+			header('Location: '.$redirect_url);
+			exit();
+		}
+		if ( api_is_drh() && !api_get_setting('DRH_page_after_login') == '' ){
+			$redirect_url = html_entity_decode(api_get_setting('DRH_page_after_login'));
+			if ($redirect_url[0] == "/") {
+				$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
+			}
+			header('Location: '.$redirect_url);
+			exit();
+		}
+		if ( api_is_session_admin() && !api_get_setting('sessionadmin_page_after_login') == '' ){
+			$redirect_url = html_entity_decode(api_get_setting('sessionadmin_page_after_login'));
+			if ($redirect_url[0] == "/") {
+				$redirect_url = substr(api_get_path(WEB_PATH), 0, -1).$redirect_url;
+			}
+			header('Location: '.$redirect_url);
+			exit();
+		}
+
+
+		// Custom pages
+		if (api_get_setting('use_custom_pages') == 'true') {
+			if (api_get_user_id()) {
+				CustomPages::displayPage('index-logged');
+			}
+			else {
+				CustomPages::displayPage('index-unlogged');
+			}
+		}
+		if (!empty($_SESSION['request_uri'])) {
+			$req = $_SESSION['request_uri'];
+			unset($_SESSION['request_uri']);
+			header('location: '.$req);
+			exit();
+		} else {
+			$param = isset($param) ? $param : '';
+			header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param);
+			exit();
+		}
+	}
+}
+?>
--- a/main/inc/lib/main_api.lib.php
+++ b/main/inc/lib/main_api.lib.php
@ -1842,14 +1842,23 @@ function api_is_drh() {
    return $_user['status'] == DRH;
 }

-/*
- * @todo finish this function ...
+/**
+ * Checks whether the current user is a student
+ * @return boolean True if current user is a human resources manager
+ */
 function api_is_student() {
-    if (!api_is_platform_admin() && !api_is_session_admin() && !api_is_coach()) {
-        return true;
-    }
-    return false;
-}*/
+    global $_user;
+    return $_user['status'] == STUDENT;
+		
+}
+/**
+ * Checks whether the current user is a teacher
+ * @return boolean True if current user is a human resources manager
+ */
+function api_is_teacher() {
+    global $_user;
+    return $_user['status'] == COURSEMANAGER;
+}

 /**
 * This function checks whether a session is assigned into a category
@ -5061,4 +5070,4 @@ function api_get_course_url($course_code = null, $session_id = null) {
        return api_get_path(WEB_COURSE_PATH).$course_info['path'].'/'.$session_url;
    }
    return null;
-} 
+} 
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -410,18 +410,6 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
                //huh... nothing to do... we shouldn't get here
                error_log('Chamilo Authentication file '. $extAuthSource[$uData['auth_source']]['login']. ' could not be found - this might prevent your system from doing the corresponding authentication process',0);
            }
-            if (!empty($_SESSION['request_uri'])) {
-                  $req = $_SESSION['request_uri'];
-                  unset($_SESSION['request_uri']);
-                  header('location: '.$req);
-            } else {
-                if (isset($param)) {
-                    header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param);
-                } else {
-                    // here is the main redirect of a *normal* login page in Chamilo
-                    header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login'));
-                }
-            }
        } else {
            // login failed, Database::num_rows($result) <= 0
            $loginFailed = true;  // Default initialisation. It could
@ -656,6 +644,9 @@ if (isset($uidReset) && $uidReset) {    // session data refresh requested

            api_session_register('_user');
            UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true');
+
+						require_once api_get_path(LIBRARY_PATH).'loginredirection.lib.php';
+						LoginRedirection::redirect();
        } else {
            header('location:'.api_get_path(WEB_PATH));
            //exit("WARNING UNDEFINED UID !! ");