chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Coding convention and replace some api_get_course_id() with api_get_course_int_id()

Browse Source
1.9.x
Hubert Borderiou 12 years ago
parent edb349cae5
commit adbd1a60b5
5 changed files with 105 additions and 126 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 116
      index.php
  2. 11
      main/auth/cas/logincas.php
  3. 5
      main/auth/gotocourse.php
  4. 94
      main/inc/lib/main_api.lib.php
  5. 5
      main/inc/local.inc.php

116
index.php
Unescape View File

@ -25,21 +25,21 @@ $this_section = SECTION_CAMPUS;
$header_title = null;
if (!api_is_anonymous()) {
$header_title = " ";
$header_title = " ";
}
$htmlHeadXtra[] = api_get_jquery_libraries_js(array('bxslider'));
$htmlHeadXtra[] ='
<script type="text/javascript">
$(document).ready(function(){
$("#slider").bxSlider({
infiniteLoop : true,
auto : true,
pager : true,
autoHover : true,
pause : 10000
});
});
$(document).ready(function(){
$("#slider").bxSlider({
infiniteLoop : true,
auto : true,
pager : true,
autoHover : true,
pause : 10000
});
});
</script>';
//set cookie for check if client browser are cookies enabled
@ -51,7 +51,7 @@ $controller = new IndexManager($header_title);
$loginFailed = isset($_GET['loginFailed']) ? true : isset($loginFailed);
if (!empty($_GET['logout'])) {
$controller->logout();
$controller->logout();
}
/* Table definitions */
@ -70,16 +70,16 @@ $_setting['display_courses_to_anonymous_users'] = 'true';
* @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it.
*/
if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
$i = api_get_anonymous_id();
event_system(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'].(empty($_POST['login'])?'':'/'.$_POST['login']),null,$i);
echo 'Attempted breakin - sysadmins notified.';
session_destroy();
die();
$i = api_get_anonymous_id();
event_system(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'].(empty($_POST['login'])?'':'/'.$_POST['login']),null,$i);
echo 'Attempted breakin - sysadmins notified.';
session_destroy();
die();
}
// Delete session neccesary for legal terms
if (api_get_setting('allow_terms_conditions') == 'true') {
unset($_SESSION['term_and_condition']);
unset($_SESSION['term_and_condition']);
}
//If we are not logged in and customapages activated
if (!api_get_user_id() && CustomPages::enabled()) {
@ -98,38 +98,39 @@ if (!api_get_user_id() && CustomPages::enabled()) {
*/
if (!empty($_POST['submitAuth'])) {
// The user has been already authenticated, we are now to find the last login of the user.
if (isset ($_user['user_id'])) {
$track_login_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN);
$sql_last_login = "SELECT UNIX_TIMESTAMP(login_date)
// The user has been already authenticated, we are now to find the last login of the user.
if (isset ($_user['user_id'])) {
$track_login_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN);
$sql_last_login = "SELECT UNIX_TIMESTAMP(login_date)
FROM $track_login_table
WHERE login_user_id = '".$_user['user_id']."'
ORDER BY login_date DESC LIMIT 1";
$result_last_login = Database::query($sql_last_login);
if (!$result_last_login) {
if (Database::num_rows($result_last_login) > 0) {
$user_last_login_datetime = Database::fetch_array($result_last_login);
$user_last_login_datetime = $user_last_login_datetime[0];
Session::write('user_last_login_datetime',$user_last_login_datetime);
}
}
Database::free_result($result_last_login);
//event_login();
if (api_is_platform_admin()) {
// decode all open event informations and fill the track_c_* tables
include api_get_path(LIBRARY_PATH).'stats.lib.inc.php';
decodeOpenInfos();
}
}
// End login -- if ($_POST['submitAuth'])
} else {
// Only if login form was not sent because if the form is sent the user was already on the page.
event_open();
$result_last_login = Database::query($sql_last_login);
if (!$result_last_login) {
if (Database::num_rows($result_last_login) > 0) {
$user_last_login_datetime = Database::fetch_array($result_last_login);
$user_last_login_datetime = $user_last_login_datetime[0];
Session::write('user_last_login_datetime',$user_last_login_datetime);
}
}
Database::free_result($result_last_login);
//event_login();
if (api_is_platform_admin()) {
// decode all open event informations and fill the track_c_* tables
include api_get_path(LIBRARY_PATH).'stats.lib.inc.php';
decodeOpenInfos();
}
}
// End login -- if ($_POST['submitAuth'])
}
else {
// Only if login form was not sent because if the form is sent the user was already on the page.
event_open();
}
if (api_get_setting('display_categories_on_homepage') == 'true') {
$controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
$controller->tpl->assign('course_category_block', $controller->return_courses_in_categories());
}
// Facebook connexion, if activated
@ -141,14 +142,15 @@ $controller->set_login_form();
//@todo move this inside the IndexManager
if (!api_is_anonymous()) {
$controller->tpl->assign('profile_block', $controller->return_profile_block());
$controller->tpl->assign('profile_block', $controller->return_profile_block());
$controller->tpl->assign('user_image_block', $controller->return_user_image_block());
if (api_is_platform_admin()) {
$controller->tpl->assign('course_block', $controller->return_course_block());
} else {
$controller->tpl->assign('teacher_block', $controller->return_teacher_link());
}
if (api_is_platform_admin()) {
$controller->tpl->assign('course_block', $controller->return_course_block());
}
else {
$controller->tpl->assign('teacher_block', $controller->return_teacher_link());
}
}
$hot_courses = null;
@ -163,18 +165,18 @@ if (!isset($_REQUEST['include'])) {
$announcements_block = $controller->return_announcements();
}
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('announcements_block', $announcements_block);
$controller->tpl->assign('home_page_block', $controller->return_home_page());
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('announcements_block', $announcements_block);
$controller->tpl->assign('home_page_block', $controller->return_home_page());
$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
$controller->tpl->assign('notice_block', $controller->return_notice());
$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
$controller->tpl->assign('help_block', $controller->return_help());
$controller->tpl->assign('notice_block', $controller->return_notice());
$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
$controller->tpl->assign('help_block', $controller->return_help());
if (api_is_platform_admin() || api_is_drh()) {
$controller->tpl->assign('skills_block', $controller->return_skills_links());
$controller->tpl->assign('skills_block', $controller->return_skills_links());
}
// direct login to course

11
main/auth/cas/logincas.php
Unescape View File

@ -21,10 +21,10 @@ global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri;
/*
If we are not logged and in our browser enter an URL with a name of a course
e.g. http://www.chamilo.fr/chamilo/courses/COURSTESTOSETE/?id_session=0
we go to page api_not_allowed :
> Vous n'etes pas autorise e acceder e cette page.
> Soit votre connexion a expire, soit vous essayez d'acceder e une page pour laquelle vous ne disposez pas des permissions suffisantes.
> Veuillez vous identifier e nouveau depuis la page d'accueil
We go to page api_not_allowed :
> You are not allowed to see this page.
> Sorry, you are not allowed to access this page, or maybe your connection has expired.
> Please click your browser's \"Back\" button or follow the link below to return to the previous page
If we click on the link to go to homepage, some datas are entered in $_SESSION and if we enter our CAS loggin, we go to api_not_allowad_page again
and again
As a result, if we are not logged on, we have to destroy the session variables, before calling CAS page
@ -45,7 +45,6 @@ if (cas_configured()) {
}
phpCAS::forceAuthentication();
header('Location: '.api_get_path(WEB_PATH).api_get_setting('page_after_login'));
}
else {
} else {
header('Location: '.api_get_path(WEB_PATH));
}

5
main/auth/gotocourse.php
Unescape View File

@ -1,7 +1,7 @@
<?php
/* For licensing terms, see /license.txt */
/*
/**
* Author : hubert.borderiou@grenet.fr
* Allow the user to login to a course after reaching a course URL like
* http://chamilo.chamilo.org/courses/MYCOURSE/?id_session=0
@ -48,8 +48,7 @@ if (isset($_GET['firstpage'])) {
$tpl->assign('content', '<h4>'.get_lang('LoginToGoToThisCourse').'</h4>'.$msg);
$tpl->display_one_col_template();
}
else {
} else {
api_delete_firstpage_parameter();
Header('Location: '.api_get_path(WEB_PATH).'index.php');
}

94
main/inc/lib/main_api.lib.php
Unescape View File

@ -2406,15 +2406,11 @@ function api_is_course_session_coach($user_id, $course_code, $session_id) {
/**
* Checks whether the current user is a course or session coach
* @param int $session_id optional, session id
* @param string $course_code optional, course code
* @param int $userId The user ID
* @param int - optional, session id
* @param string - optional, course code
* @return boolean True if current user is a course or session coach
*/
function api_is_coach($session_id = 0, $course_code = null, $userId = null) {
if (empty($userId)) {
$userId = api_get_user_id();
}
function api_is_coach($session_id = 0, $course_code = null) {
if (!empty($session_id)) {
$session_id = intval($session_id);
} else {
@ -2438,7 +2434,7 @@ function api_is_coach($session_id = 0, $course_code = null, $userId = null) {
if (!empty($course_code)) {
$sql = "SELECT DISTINCT id, name, date_start, date_end
FROM $session_table INNER JOIN $session_rel_course_rel_user_table session_rc_ru
ON session_rc_ru.id_user = '".$userId."'
ON session_rc_ru.id_user = '".api_get_user_id()."'
WHERE session_rc_ru.course_code = '$course_code' AND
session_rc_ru.status = 2 AND
session_rc_ru.id_session = '$session_id'";
@ -2449,7 +2445,7 @@ function api_is_coach($session_id = 0, $course_code = null, $userId = null) {
if (!empty($session_id)) {
$sql = "SELECT DISTINCT id, name, date_start, date_end
FROM $session_table
WHERE session.id_coach = '".$userId."' AND id = '$session_id'
WHERE session.id_coach = '".api_get_user_id()."' AND id = '$session_id'
ORDER BY date_start, date_end, name";
$result = Database::query($sql);
if (!empty($sessionIsCoach)) {
@ -2463,57 +2459,37 @@ function api_is_coach($session_id = 0, $course_code = null, $userId = null) {
/**
* Checks whether the current user is a session administrator
* @param int $userId The user ID
* @return boolean True if current user is a course administrator
*/
function api_is_session_admin($userId = null) {
if (!empty($userId)) {
$_user = api_get_user_info($userId);
} else {
global $_user;
}
function api_is_session_admin() {
global $_user;
return isset($_user['status']) && $_user['status'] == SESSIONADMIN;
}
/**
* Checks whether the current user is a human resources manager
* @param int $userId The user ID
* @return boolean True if current user is a human resources manager
*/
function api_is_drh($userId = null) {
if (!empty($userId)) {
$_user = api_get_user_info($userId);
} else {
global $_user;
}
function api_is_drh() {
global $_user;
return isset($_user['status']) && $_user['status'] == DRH;
}
/**
* Checks whether the current user is a student
* @param int $userId The user ID
* @return boolean True if current user is a human resources manager
*/
function api_is_student($userId = null) {
if (!empty($userId)) {
$_user = api_get_user_info($userId);
} else {
global $_user;
}
function api_is_student() {
global $_user;
return isset($_user['status']) && $_user['status'] == STUDENT;
}
/**
* Checks whether the current user is a teacher
* @param int $userId The user ID
* @return boolean True if current user is a human resources manager
*/
function api_is_teacher($userId = null) {
if (!empty($userId)) {
$_user = api_get_user_info($userId);
} else {
global $_user;
}
function api_is_teacher() {
global $_user;
return isset($_user['status']) && $_user['status'] == COURSEMANAGER;
}
@ -2953,7 +2929,8 @@ function api_not_found($print_headers = false) {
* @version 1.0, February 2004
* @version dokeos 1.8, August 2006
*/
function api_not_allowed($print_headers = false, $message = null) {
function api_not_allowed($print_headers = false, $message = null)
{
if (api_get_setting('sso_authentication') === 'true') {
global $osso;
if ($osso) {
@ -3004,7 +2981,7 @@ function api_not_allowed($print_headers = false, $message = null) {
exit;
}
if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE)) {
if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE || $this_section == SECTION_PLATFORM_ADMIN)) {
//only display form and return to the previous URL if there was a course ID included
if ($user_id != 0 && !api_is_anonymous()) {
@ -3015,7 +2992,7 @@ function api_not_allowed($print_headers = false, $message = null) {
}
if (!is_null(api_get_course_id())) {
api_set_firstpage_parameter(api_get_course_id());
api_set_firstpage_parameter(api_get_course_int_id());
}
// If the user has no user ID, then his session has expired
@ -3057,12 +3034,11 @@ function api_not_allowed($print_headers = false, $message = null) {
// Check if the cookies are enabled. If are enabled and if no course ID was included in the requested URL, then the user has either lost his session or is anonymous, so redirect to homepage
if( !isset($_COOKIE['TestCookie']) && empty($_COOKIE['TestCookie']) ) {
$msg = Display::return_message(get_lang('NoCookies').'<br /><br /><a href="'.$home_url.'">'.get_lang('BackTo').' '.get_lang('CampusHomepage').'</a><br />', 'error', false);
}
else {
} else {
// The session is over and we were not in a course,
// or we try to get directly to a private course without being logged
if (!is_null(api_get_course_id())) {
api_set_firstpage_parameter(api_get_course_id());
if (!is_null(api_get_course_int_id())) {
api_set_firstpage_parameter(api_get_course_int_id());
$action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
$action = str_replace('&amp;', '&', $action);
$form = new FormValidator('formLogin', 'post', $action, null, array('class'=>'form-stacked'));
@ -3075,7 +3051,7 @@ function api_not_allowed($print_headers = false, $message = null) {
$msg .= '<h4>'.get_lang('LoginToGoToThisCourse').'</h4>';
if (api_is_cas_activated()) {
$msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", array('align'=>'center'));
$msg .= Display::div("<br/><a href='".get_cas_direct_URL(api_get_course_int_id())."'>".getCASLogoHTML()." ".sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution"))."</a><br/><br/>", array('align'=>'center'));
$msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
$msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
$msg .= "<div style='display:none;'>";
@ -3087,8 +3063,7 @@ function api_not_allowed($print_headers = false, $message = null) {
$msg .= "</div>";
}
$msg .= '<hr/><p style="text-align:center"><a href="'.$home_url.'">'.get_lang('ReturnToCourseHomepage').'</a></p>';
}
else {
} else {
// we were not in a course, return to home page
$msg = Display::return_message(get_lang('NotAllowed').'<br/><br/><a href="'.$home_url.'">'.get_lang('ReturnToCourseHomepage').'</a><br />', 'error', false);
}
@ -6909,32 +6884,37 @@ function api_elog($string, $dump = 0)
}
/*
/**
* Set the cookie to go directly to the course code $in_firstpage
* after login
* @param in_firstpage is the course code of the course to go
*/
function api_set_firstpage_parameter($in_firstpage) {
function api_set_firstpage_parameter($in_firstpage)
{
setcookie("GotoCourse", $in_firstpage);
}
/*
/**
* Delete the cookie to go directly to the course code $in_firstpage
* after login
*/
function api_delete_firstpage_parameter() {
function api_delete_firstpage_parameter()
{
setcookie("GotoCourse", "", time() - 3600);
}
/*
* Return true if course_code for direct course access after login is set
/**
* @return true if course_code for direct course access after login is set
*/
function exist_firstpage_parameter() {
function exist_firstpage_parameter()
{
return (isset($_COOKIE['GotoCourse']) && $_COOKIE['GotoCourse'] != "");
}
/*
*
/**
* @return return the course_code of the course where user login
*/
function api_get_firstpage_parameter() {
function api_get_firstpage_parameter()
{
return $_COOKIE['GotoCourse'];
}

5
main/inc/local.inc.php
Unescape View File

@ -1233,15 +1233,14 @@ if (isset($_cid)) {
// direct login to course
if ((isset($cas_login) && $cas_login && exist_firstpage_parameter())
|| ($logging_in && exist_firstpage_parameter())){
|| ($logging_in && exist_firstpage_parameter())) {
$redir_coursecode = api_get_firstpage_parameter();
api_delete_firstpage_parameter(); // delete the cookie
if (CourseManager::course_code_exists($redir_coursecode)) {
$_SESSION['noredirection'] = false;
$_SESSION['request_uri'] = api_get_path(WEB_COURSE_PATH).$redir_coursecode;
}
}
elseif (api_user_is_login() && exist_firstpage_parameter()) {
} elseif (api_user_is_login() && exist_firstpage_parameter()) {
$redir_coursecode = api_get_firstpage_parameter();
api_delete_firstpage_parameter(); // delete the cookie
if (CourseManager::course_code_exists($redir_coursecode)) {

Write Preview
Loading…
Cancel
Save