From a8502848fa2ac506e5bf98bb02a7a2a440b91f39 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Tue, 25 May 2010 12:20:30 +0200 Subject: [PATCH] Cosmetic changes, D***** replaced to Chamilo --- main/inc/local.inc.php | 664 ++++++++++++++++++++--------------------- 1 file changed, 329 insertions(+), 335 deletions(-) diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 351c765415..5dfa1de17e 100755 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -174,79 +174,79 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) { if (isset($_user['user_id'])) { unset($_user['user_id']); } - -//$_SESSION['info_current_user'][1] is user name -//$_SESSION['info_current_user'][2] is current password encrypted -//$_SESSION['update_term_and_condition'][1] is current user id, of user in session -if (api_get_setting('allow_terms_conditions')=='true') { - if (isset($_POST['login']) && isset($_POST['password']) && isset($_SESSION['update_term_and_condition'][1])) { - - $user_id=$_SESSION['update_term_and_condition'][1]; // user id - // update the terms & conditions - - //verify type of terms and conditions - $info_legal = explode(':',$_POST['legal_info']); - $legal_type=LegalManager::get_type_of_terms_and_conditions($info_legal[0],$info_legal[1]); - - //is necessary verify check - if ($legal_type==1) { - if ((isset($_POST['legal_accept']) && $_POST['legal_accept']=='1')) { + + //$_SESSION['info_current_user'][1] is user name + //$_SESSION['info_current_user'][2] is current password encrypted + //$_SESSION['update_term_and_condition'][1] is current user id, of user in session + if (api_get_setting('allow_terms_conditions')=='true') { + if (isset($_POST['login']) && isset($_POST['password']) && isset($_SESSION['update_term_and_condition'][1])) { + + $user_id=$_SESSION['update_term_and_condition'][1]; // user id + // update the terms & conditions + + //verify type of terms and conditions + $info_legal = explode(':',$_POST['legal_info']); + $legal_type=LegalManager::get_type_of_terms_and_conditions($info_legal[0],$info_legal[1]); + + //is necessary verify check + if ($legal_type==1) { + if ((isset($_POST['legal_accept']) && $_POST['legal_accept']=='1')) { + $legal_option=true; + } else { + $legal_option=false; + + } + } + //no is check option + if ($legal_type==0) { $legal_option=true; - } else { - $legal_option=false; - } - } - //no is check option - if ($legal_type==0) { - $legal_option=true; - } - - if (isset($_POST['legal_accept_type']) && $legal_option===true) { - $cond_array = explode(':',$_POST['legal_accept_type']); - if (!empty($cond_array[0]) && !empty($cond_array[1])){ - $time = time(); - $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; - UserManager::update_extra_field_value($user_id,'legal_accept',$condition_to_save); - + + if (isset($_POST['legal_accept_type']) && $legal_option===true) { + $cond_array = explode(':',$_POST['legal_accept_type']); + if (!empty($cond_array[0]) && !empty($cond_array[1])){ + $time = time(); + $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; + UserManager::update_extra_field_value($user_id,'legal_accept',$condition_to_save); + + } } } } -} - - if ((isset($_POST['login']) && isset($_POST['password']))) { - // $login && $password are given to log in + + if ((isset($_POST['login']) && isset($_POST['password']))) { + // $login && $password are given to log in $login = $_POST['login']; $password = $_POST['password']; - - //lookup the user in the main database + + //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date - FROM $user_table - WHERE username = '".trim(addslashes($login))."'"; - $result = Database::query($sql); - - if (Database::num_rows($result) > 0) { - $uData = Database::fetch_array($result); - - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - //the authentification of this user is managed by Chamilo itself - $password = trim(stripslashes($password)); - // determine if the password needs to be encrypted before checking - // $userPasswordCrypted is set in an external configuration file - - /*if ($userPasswordCrypted) { - $password = md5($password); - } */ - if (api_get_setting('allow_terms_conditions')=='true') { + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + FROM $user_table + WHERE username = '".trim(addslashes($login))."'"; + $result = Database::query($sql); + + if (Database::num_rows($result) > 0) { + $uData = Database::fetch_array($result); + + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + //the authentification of this user is managed by Chamilo itself + $password = trim(stripslashes($password)); + // determine if the password needs to be encrypted before checking + // $userPasswordCrypted is set in an external configuration file + + /*if ($userPasswordCrypted) { + $password = md5($password); + } */ + if (api_get_setting('allow_terms_conditions')=='true') { if (isset($_POST['password']) && isset($_SESSION['info_current_user'][2]) && $_POST['password']==$_SESSION['info_current_user'][2]) { $password=$_POST['password']; } else { $password = api_get_encrypted_password($password); } - } else { - $password = api_get_encrypted_password($password); - } + } else { + $password = api_get_encrypted_password($password); + } if (api_get_setting('allow_terms_conditions')=='true') { if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { $temp_user_id = $uData['user_id']; @@ -260,22 +260,22 @@ if (api_get_setting('allow_terms_conditions')=='true') { unset($_SESSION['update_term_and_condition']); unset($_SESSION['info_current_user']); } - + } } - - // Check the user's password - if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { - // Check if the account is active (not locked) - if ($uData['active']=='1') { - // Check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { - global $_configuration; - - if ($_configuration['multiple_access_urls'] == true) { + + // Check the user's password + if ($password == $uData['password'] AND (trim($login) == $uData['username'])) { + // Check if the account is active (not locked) + if ($uData['active']=='1') { + // Check if the expiration date has not been reached + if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + global $_configuration; + + if ($_configuration['multiple_access_urls'] == true) { $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); - //Check if user is an admin + //Check if user is an admin $sql = "SELECT user_id FROM $admin_table WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; $result = Database::query($sql); @@ -316,265 +316,260 @@ if (api_get_setting('allow_terms_conditions')=='true') { api_session_register('_user'); event_login(); } - } else { - $_user['user_id'] = $uData['user_id']; + } else { + $_user['user_id'] = $uData['user_id']; api_session_register('_user'); event_login(); - } - } else { + } + } else { $loginFailed = true; api_session_unregister('_uid'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); exit; - } - } else { + } + } else { $loginFailed = true; api_session_unregister('_uid'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); exit; - } - } else { - // login failed: username or password incorrect - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); - exit; - } - - if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { - //first login for a not self registred - //e.g. registered by a teacher - //do nothing (code may be added later) - } - } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login'])) { - /* - * Process external authentication - * on the basis of the given login name - */ - $loginFailed = true; // Default initialisation. It could - // change after the external authentication - $key = $uData['auth_source']; //'ldap','shibboleth'... - /* >>>>>>>> External authentication modules <<<<<<<<< */ + } + } else { + // login failed: username or password incorrect + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); + exit; + } + + if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { + //first login for a not self registred + //e.g. registered by a teacher + //do nothing (code may be added later) + } + } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login'])) { + /* + * Process external authentication + * on the basis of the given login name + */ + $loginFailed = true; // Default initialisation. It could + // change after the external authentication + $key = $uData['auth_source']; //'ldap','shibboleth'... + /* >>>>>>>> External authentication modules <<<<<<<<< */ // see configuration.php to define these - include_once($extAuthSource[$key]['login']); - /* >>>>>>>> External authentication modules <<<<<<<<< */ - } else // no standard Chamilo login - try external authentification - { - //huh... nothing to do... we shouldn't get here - error_log('Chamilo Authentication file '. $extAuthSource[$uData['auth_source']]['login']. ' could not be found - this might prevent your system from doing the corresponding authentication process',0); - } - - if (!empty($_SESSION['request_uri'])) { - $req = $_SESSION['request_uri']; - unset($_SESSION['request_uri']); - header('location: '.$req); - } else { - if (isset($param)) { - header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param); - } else { - // here is the main redirect of a *normal* login page in Dokeos - header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login')); - } - } - } else { - // login failed, Database::num_rows($result) <= 0 - $loginFailed = true; // Default initialisation. It could - // change after the external authentication - - /* - * In this section: - * there is no entry for the $login user in the Dokeos - * database. This also means there is no auth_source for the user. - * We let all external procedures attempt to add him/her - * to the system. - * - * Process external login on the basis - * of the authentication source list - * provided by the configuration settings. - * If the login succeeds, for going further, - * Dokeos needs the $_user['user_id'] variable to be - * set and registered in the session. It's the - * responsability of the external login script - * to provide this $_user['user_id']. - */ - - if (isset($extAuthSource) && is_array($extAuthSource)) { - foreach($extAuthSource as $thisAuthSource) { - if (!empty($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) { - include_once($thisAuthSource['newUser']); - } else { - error_log('Dokeos Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); - } - } - } //end if is_array($extAuthSource) - - } //end else login failed - } elseif(api_get_setting('sso_authentication')==='true' && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))) { - /** - * TODO: - * - Implement user interface for api_get_setting('sso_authentication') - * } elseif (api_get_setting('sso_authentication')=='true') { - * - Work on a better validation for webservices paths. Current is very poor and exit - * - $master variable should be recovered from chamilo settings. - */ - $master = array( - 'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', - 'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', - 'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', - 'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', - ); - $referer = $master['protocol'] . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; - if (isset($_SESSION['_user']['user_id'])) { - if ($logout) { - // Library needed by index.php - include_once api_get_path(LIBRARY_PATH) . 'online.inc.php'; - include_once (api_get_path(LIBRARY_PATH).'course.lib.php'); - // Prevent index.php to redirect - global $logout_no_redirect; - $logout_no_redirect = TRUE; - // Make custom redirect after logout - online_logout(); - header('Location: '. $master['protocol'] . $master['domain'] . $master['deauth_uri']); - exit; - } - } elseif(!$logout) { - $master_url = $master['domain'] . $master['auth_uri']; - // Handle cookie comming from Master Server - if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { - // Target to redirect after success SSO - $target = api_get_path(WEB_PATH); - // Redirect to master server - header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); - exit; - } elseif (isset($_GET['sso_cookie'])) { - if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { - $sso = unserialize(base64_decode($_GET['sso_cookie'])); - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date - FROM $user_table - WHERE username = '".trim(addslashes($sso['username']))."'"; - - $result = Database::query($sql); - - if (Database::num_rows($result) > 0) { - $uData = Database::fetch_array($result); - //Check the user's password - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - // Make sure password is encrypted with md5 - if (!$userPasswordCrypted) { - $uData['password'] = md5($uData['password']); - } - //the authentification of this user is managed by Dokeos itself// check the user's password - // password hash comes into a sha1 - if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { - //Check if the account is active (not locked) - if ($uData['active']=='1') { - // check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { - global $_configuration; - if ($_configuration['multiple_access_urls'] == true) { - $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); - //Check if user is an admin - $sql = "SELECT user_id FROM $admin_table - WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; - $result = Database::query($sql); - $my_user_is_admin = false; - if (Database::num_rows($result) > 0) { - $my_user_is_admin = true; - } - if ($my_user_is_admin === false) { - //check the access_url configuration setting if the user is registered in the access_url_rel_user table - //getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - // my user is subscribed in these sites => $my_url_list - $my_url_list = api_get_access_url_from_user($uData['user_id']); - - if (is_array($my_url_list) && count($my_url_list)>0 ) { - if (in_array($current_access_url_id, $my_url_list)) { - // the user has permission to enter at this site - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); + include_once($extAuthSource[$key]['login']); + /* >>>>>>>> External authentication modules <<<<<<<<< */ + } else { // no standard Chamilo login - try external authentification + //huh... nothing to do... we shouldn't get here + error_log('Chamilo Authentication file '. $extAuthSource[$uData['auth_source']]['login']. ' could not be found - this might prevent your system from doing the corresponding authentication process',0); + } + if (!empty($_SESSION['request_uri'])) { + $req = $_SESSION['request_uri']; + unset($_SESSION['request_uri']); + header('location: '.$req); + } else { + if (isset($param)) { + header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login').$param); + } else { + // here is the main redirect of a *normal* login page in Chamilo + header('location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login')); + } + } + } else { + // login failed, Database::num_rows($result) <= 0 + $loginFailed = true; // Default initialisation. It could + // change after the external authentication + + /* + * In this section: + * there is no entry for the $login user in the Chamilo + * database. This also means there is no auth_source for the user. + * We let all external procedures attempt to add him/her + * to the system. + * + * Process external login on the basis + * of the authentication source list + * provided by the configuration settings. + * If the login succeeds, for going further, + * Chamilo needs the $_user['user_id'] variable to be + * set and registered in the session. It's the + * responsability of the external login script + * to provide this $_user['user_id']. + */ + + if (isset($extAuthSource) && is_array($extAuthSource)) { + foreach($extAuthSource as $thisAuthSource) { + if (!empty($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) { + include_once($thisAuthSource['newUser']); + } else { + error_log('Chamilo Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); + } + } + } //end if is_array($extAuthSource) + } //end else login failed + } elseif (api_get_setting('sso_authentication')==='true' && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))) { + /** + * TODO: + * - Implement user interface for api_get_setting('sso_authentication') + * } elseif (api_get_setting('sso_authentication')=='true') { + * - Work on a better validation for webservices paths. Current is very poor and exit + * - $master variable should be recovered from chamilo settings. + */ + $master = array( + 'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', + 'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', + 'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', + 'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', + ); + $referer = $master['protocol'] . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; + if (isset($_SESSION['_user']['user_id'])) { + if ($logout) { + // Library needed by index.php + include_once api_get_path(LIBRARY_PATH) . 'online.inc.php'; + include_once (api_get_path(LIBRARY_PATH).'course.lib.php'); + // Prevent index.php to redirect + global $logout_no_redirect; + $logout_no_redirect = TRUE; + // Make custom redirect after logout + online_logout(); + header('Location: '. $master['protocol'] . $master['domain'] . $master['deauth_uri']); + exit; + } + } elseif(!$logout) { + $master_url = $master['domain'] . $master['auth_uri']; + // Handle cookie comming from Master Server + if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { + // Target to redirect after success SSO + $target = api_get_path(WEB_PATH); + // Redirect to master server + header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); + exit; + } elseif (isset($_GET['sso_cookie'])) { + if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { + $sso = unserialize(base64_decode($_GET['sso_cookie'])); + //lookup the user in the main database + $user_table = Database::get_main_table(TABLE_MAIN_USER); + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + FROM $user_table + WHERE username = '".trim(addslashes($sso['username']))."'"; + $result = Database::query($sql); - // Redirect to homepage - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; - header('Location: '. $sso_target); - } else { - // user does not have permission for this site - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - // there is no URL in the multiple urls list for this user - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - //User is an admin, he can login wherever he wants - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - - } - } else { - //single URL access - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - // Redirect to homepage - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; - header('Location: '. $sso_target); - } - } else { - // user account expired - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); - exit; - } - } else { - //user not active - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //sha1 of password is wrong - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //auth_source is wrong - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //no user by that login - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } else { - //request comes from unknown source - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); - exit; - } - } - } - } elseif (api_get_setting('openid_authentication')=='true') { + if (Database::num_rows($result) > 0) { + $uData = Database::fetch_array($result); + //Check the user's password + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + // Make sure password is encrypted with md5 + if (!$userPasswordCrypted) { + $uData['password'] = md5($uData['password']); + } + //the authentification of this user is managed by Chamilo itself// check the user's password + // password hash comes into a sha1 + if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { + //Check if the account is active (not locked) + if ($uData['active']=='1') { + // check if the expiration date has not been reached + if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + global $_configuration; + if ($_configuration['multiple_access_urls'] == true) { + $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); + //Check if user is an admin + $sql = "SELECT user_id FROM $admin_table + WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; + $result = Database::query($sql); + $my_user_is_admin = false; + if (Database::num_rows($result) > 0) { + $my_user_is_admin = true; + } + if ($my_user_is_admin === false) { + //check the access_url configuration setting if the user is registered in the access_url_rel_user table + //getting the current access_url_id of the platform + $current_access_url_id = api_get_current_access_url_id(); + // my user is subscribed in these sites => $my_url_list + $my_url_list = api_get_access_url_from_user($uData['user_id']); + + if (is_array($my_url_list) && count($my_url_list)>0 ) { + if (in_array($current_access_url_id, $my_url_list)) { + // the user has permission to enter at this site + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + + // Redirect to homepage + $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; + header('Location: '. $sso_target); + } else { + // user does not have permission for this site + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + // there is no URL in the multiple urls list for this user + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + //User is an admin, he can login wherever he wants + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } + } else { + //Single URL access + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + // Redirect to homepage + $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; + header('Location: '. $sso_target); + } + } else { + // user account expired + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); + exit; + } + } else { + //user not active + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //sha1 of password is wrong + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //auth_source is wrong + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //no user by that login + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } else { + //request comes from unknown source + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + exit; + } + } + }//end logout + } elseif (api_get_setting('openid_authentication')=='true') { if (!empty($_POST['openid_url'])) { include('main/auth/openid/login.php'); openid_begin(trim($_POST['openid_url']),api_get_path(WEB_PATH).'index.php'); @@ -599,10 +594,10 @@ if (api_get_setting('allow_terms_conditions')=='true') { if (Database::num_rows($result)>0) { //$row = Database::fetch_array($res); $uData = Database::fetch_array($result); - + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - //the authentification of this user is managed by Dokeos itself - + //the authentification of this user is managed by Chamilo itself + // check if the account is active (not locked) if ($uData['active']=='1') { // check if the expiration date has not been reached @@ -637,17 +632,17 @@ if (api_get_setting('allow_terms_conditions')=='true') { $loginFailed = true; } } else { - $loginFailed = true; - } - } - } - - // else {} => continue as anonymous user - $uidReset = true; - -// $cidReset = true; -// $gidReset = true; -} + $loginFailed = true; + } + } + } + + // else {} => continue as anonymous user + $uidReset = true; + + // $cidReset = true; + // $gidReset = true; +} // end else //Now check for anonymous user mode if (isset($use_anonymous) && $use_anonymous == true) { @@ -683,8 +678,7 @@ if ($gidReq && $gidReq != $gid) { /* USER INIT */ -if (isset($uidReset) && $uidReset) // session data refresh requested -{ +if (isset($uidReset) && $uidReset) { // session data refresh requested $is_platformAdmin = false; $is_allowedCreateCourse = false; if (isset($_user['user_id']) && $_user['user_id']) // a uid is given (log in succeeded)