chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add symfony2 security encoders see #7646

Browse Source 
- Add bcrypt enconder.
- Add password-compat if bcrypt is used in php < 5.5.
- New db fields: user.salt, user.username_canonical.
- Remove use of api_get_encrypted_password().
- During installation the UserManager::create_user() is now used.
- Add Repository and Manager classes for the user entity.
- Remove function encryptPass in cm_webservice.php
- Fix registration.soap.php
1.10.x
Julio Montoya 10 years ago
parent c59bbbc53f
commit dd9478824e
19 changed files with 777 additions and 512 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/admin/user_list.php
  2. 276
      main/auth/profile.php
  3. 23
      main/cron/import_csv.php
  4. 43
      main/cron/user_import/resend_email_with_new_password.php
  5. 7
      main/inc/global.inc.php
  6. 25
      main/inc/lib/api.lib.php
  7. 15
      main/inc/lib/conditional_login.class.php
  8. 16
      main/inc/lib/login.lib.php
  9. 222
      main/inc/lib/usermanager.lib.php
  10. 25
      main/inc/local.inc.php
  11. 1
      main/install/data.sql
  12. 75
      main/install/install.lib.php
  13. 5
      main/webservices/cm_webservice.php
  14. 501
      main/webservices/registration.soap.php
  15. 8
      src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150511133949.php
  16. 15
      src/Chamilo/UserBundle/Entity/Manager/UserManager.php
  17. 12
      src/Chamilo/UserBundle/Entity/Repository/UserRepository.php
  18. 9
      src/Chamilo/UserBundle/Entity/User.php
  19. 7
      tests/main/inc/lib/main_api.lib.test.php

4
main/admin/user_list.php
Unescape View File

@ -393,8 +393,8 @@ function get_number_of_users() {
function get_user_data($from, $number_of_items, $column, $direction) {
$sql = prepare_user_sql_query(false);
/* @todo will not work because now we use the salt field
$checkPassStrength = isset($_GET['check_easy_passwords']) && $_GET['check_easy_passwords'] == 1 ? true : false;
if ($checkPassStrength) {
$easyPasswordList = api_get_easy_password_list();
$easyPasswordList = array_map('api_get_encrypted_password', $easyPasswordList);
@ -402,7 +402,7 @@ function get_user_data($from, $number_of_items, $column, $direction) {
$easyPassword = implode("' OR password LIKE '", $easyPasswordList);
$sql .= "AND password LIKE '$easyPassword' ";
}
}*/
if (!in_array($direction, array('ASC','DESC'))) {
$direction = 'ASC';

276
main/auth/profile.php
Unescape View File

@ -10,6 +10,9 @@
* @package chamilo.auth
*/
use Chamilo\UserBundle\Entity\User;
use ChamiloSession as Session;
$cidReset = true;
require_once '../inc/global.inc.php';
@ -19,7 +22,7 @@ if (api_get_setting('allow_social_tool') == 'true') {
$this_section = SECTION_MYPROFILE;
}
$htmlHeadXtra[] = api_get_password_checker_js('#username', '#password1');
//$htmlHeadXtra[] = api_get_password_checker_js('#username', '#password1');
$_SESSION['this_section'] = $this_section;
@ -185,9 +188,6 @@ if (is_profile_editable() && api_get_setting('openid_authentication') == 'true')
$form->freeze('openid');
}
$form->applyFilter('openid', 'trim');
//if (api_get_setting('registration', 'openid') == 'true') {
// $form->addRule('openid', get_lang('ThisFieldIsRequired'), 'required');
//}
}
// PHONE
@ -319,15 +319,6 @@ if (is_platform_authentication() &&
}
}
// EXTRA FIELDS
//$extra_data = UserManager::get_extra_user_data(api_get_user_id(), true);
/*$return_params = UserManager::set_extra_fields_in_form(
$form,
$extra_data,
false,
api_get_user_id()
);*/
$extraField = new ExtraField('user');
$return = $extraField->addElements($form, api_get_user_id());
@ -415,22 +406,6 @@ function upload_user_production($user_id)
return false; // this should be returned if anything went wrong with the upload
}
/**
* Check current user's current password
* @param char password
* @return bool true o false
* @uses Gets user ID from global variable
*/
function check_user_password($password) {
$user_id = api_get_user_id();
if ($user_id != strval(intval($user_id)) || empty($password)) { return false; }
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$password = api_get_encrypted_password($password);
$password = Database::escape_string($password);
$sql_password = "SELECT * FROM $table_user WHERE user_id='".$user_id."' AND password='".$password."'";
$result = Database::query($sql_password);
return Database::num_rows($result) != 0;
}
/**
* Check current user's current password
* @param char email
@ -450,55 +425,44 @@ function check_user_email($email) {
return Database::num_rows($result) != 0;
}
/* MAIN CODE */
$filtered_extension = false;
$update_success = false;
$upload_picture_success = false;
$upload_production_success = false;
$msg_fail_changue_email = false;
$msg_is_not_password = false;
if (is_platform_authentication()) {
if (!empty($_SESSION['change_email'])) {
$msg_fail_changue_email= ($_SESSION['change_email'] == 'success');
unset($_SESSION['change_email']);
} elseif (!empty($_SESSION['is_not_password'])) {
$msg_is_not_password = ($_SESSION['is_not_password'] == 'success');
unset($_SESSION['is_not_password']);
} elseif (!empty($_SESSION['profile_update'])) {
$update_success = ($_SESSION['profile_update'] == 'success');
unset($_SESSION['profile_update']);
} elseif (!empty($_SESSION['image_uploaded'])) {
$upload_picture_success = ($_SESSION['image_uploaded'] == 'success');
unset($_SESSION['image_uploaded']);
} elseif (!empty($_SESSION['production_uploaded'])) {
$upload_production_success = ($_SESSION['production_uploaded'] == 'success');
unset($_SESSION['production_uploaded']);
}
}
if ($form->validate()) {
$wrong_current_password = false;
$user_data = $form->getSubmitValues(1);
$user = Usermanager::getRepository()->find(api_get_user_id());
// set password if a new one was provided
if (!empty($user_data['password0'])) {
if (check_user_password($user_data['password0'])) {
if (!empty($user_data['password1'])) {
$password = $user_data['password1'];
}
$validPassword = false;
$passwordWasChecked = false;
if ($user &&
!empty($user_data['password0']) &&
!empty($user_data['password1'])
) {
$passwordWasChecked = true;
$validPassword = UserManager::isPasswordValid(
$user_data['password0'],
$user
);
if ($validPassword) {
$password = $user_data['password1'];
} else {
$wrong_current_password = true;
$_SESSION['is_not_password'] = 'success';
Display::addFlash(
Display:: return_message(
get_lang('CurrentPasswordEmptyOrIncorrect'),
'warning',
false
)
);
}
}
if (empty($user_data['password0']) && !empty($user_data['password1'])) {
$wrong_current_password = true;
$_SESSION['is_not_password'] = 'success';
}
$allow_users_to_change_email_with_no_password = true;
if (is_platform_authentication() && api_get_setting('allow_users_to_change_email_with_no_password') == 'false') {
if (is_platform_authentication() &&
api_get_setting('allow_users_to_change_email_with_no_password') == 'false'
) {
$allow_users_to_change_email_with_no_password = false;
}
@ -507,16 +471,23 @@ if ($form->validate()) {
if ($allow_users_to_change_email_with_no_password) {
if (!check_user_email($user_data['email'])) {
$changeemail = $user_data['email'];
//$_SESSION['change_email'] = 'success';
}
} else {
//Normal behaviour
if (!check_user_email($user_data['email']) && !empty($user_data['password0']) && !$wrong_current_password) {
// Normal behaviour
if (!check_user_email($user_data['email']) && $validPassword) {
$changeemail = $user_data['email'];
}
if (!check_user_email($user_data['email']) && empty($user_data['password0'])){
$_SESSION['change_email'] = 'success';
if (!check_user_email($user_data['email']) &&
empty($user_data['password0'])
){
Display::addFlash(
Display:: return_message(
get_lang('ToChangeYourEmailMustTypeYourPassword'),
'error',
false
)
);
}
}
}
@ -531,7 +502,14 @@ if ($form->validate()) {
if ($new_picture) {
$user_data['picture_uri'] = $new_picture;
$_SESSION['image_uploaded'] = 'success';
Display::addFlash(
Display:: return_message(
get_lang('PictureUploaded'),
'normal',
false
)
);
}
} elseif (!empty($user_data['remove_picture'])) {
// remove existing picture if asked
@ -553,7 +531,9 @@ if ($form->validate()) {
);
}
$form->removeElement('productions_list');
$file_deleted = true;
Display::addFlash(
Display:: return_message(get_lang('FileDeleted'), 'normal', false)
);
}
// upload production if a new one is provided
@ -564,13 +544,26 @@ if ($form->validate()) {
// upload_user_production() returned false, but it's true in most cases
$filtered_extension = true;
} else {
$_SESSION['production_uploaded'] = 'success';
Display::addFlash(
Display:: return_message(
get_lang('ProductionUploaded'),
'normal',
false
)
);
}
}
// remove values that shouldn't go in the database
unset($user_data['password0'],$user_data['password1'], $user_data['password2'], $user_data['MAX_FILE_SIZE'],
$user_data['remove_picture'], $user_data['apply_change'], $user_data['email'] );
unset(
$user_data['password0'],
$user_data['password1'],
$user_data['password2'],
$user_data['MAX_FILE_SIZE'],
$user_data['remove_picture'],
$user_data['apply_change'],
$user_data['email']
);
// Following RFC2396 (http://www.faqs.org/rfcs/rfc2396.html), a URI uses ':' as a reserved character
// we can thus ensure the URL doesn't contain any scheme name by searching for ':' in the string
@ -592,7 +585,7 @@ if ($form->validate()) {
//Adding missing variables
$available_values_to_modify = array();
foreach($profile_list as $key => $status) {
foreach ($profile_list as $key => $status) {
if ($status == 'true') {
switch($key) {
case 'login':
@ -626,9 +619,6 @@ if ($form->validate()) {
if (substr($key, 0, 6) == 'extra_') { //an extra field
continue;
} elseif (strpos($key, 'remove_extra_') !== false) {
/*$extra_value = Security::filter_filename(urldecode(key($value)));
// To remove from user_field_value and folder
UserManager::update_extra_field_value($user_id, substr($key,13), $extra_value);*/
} else {
if (in_array($key, $available_values_to_modify)) {
$sql .= " $key = '".Database::escape_string($value)."',";
@ -636,17 +626,19 @@ if ($form->validate()) {
}
}
//change email
$changePassword = false;
// Change email
if ($allow_users_to_change_email_with_no_password) {
if (isset($changeemail) && in_array('email', $available_values_to_modify)) {
$sql .= " email = '".Database::escape_string($changeemail)."',";
$sql .= " email = '".Database::escape_string($changeemail)."' ";
}
if (isset($password) && in_array('password', $available_values_to_modify)) {
$password = api_get_encrypted_password($password);
$sql .= " password = '".Database::escape_string($password)."'";
$changePassword = true;
/*$password = api_get_encrypted_password($password);
$sql .= " password = '".Database::escape_string($password)."'";*/
} else {
// remove trailing , from the query we have so far
$sql = rtrim($sql, ',');
//$sql = rtrim($sql, ',');
}
} else {
if (isset($changeemail) && !isset($password) && in_array('email', $available_values_to_modify)) {
@ -654,66 +646,55 @@ if ($form->validate()) {
} else {
if (isset($password) && in_array('password', $available_values_to_modify)) {
if (isset($changeemail) && in_array('email', $available_values_to_modify)) {
$sql .= " email = '".Database::escape_string($changeemail)."',";
$sql .= " email = '".Database::escape_string($changeemail)."' ";
}
$password = api_get_encrypted_password($password);
$sql .= " password = '".Database::escape_string($password)."'";
$changePassword = true;
/*$password = api_get_encrypted_password($password);
$sql .= " password = '".Database::escape_string($password)."'";*/
} else {
// remove trailing , from the query we have so far
$sql = rtrim($sql, ',');
//$sql = rtrim($sql, ',');
}
}
}
if (api_get_setting('profile', 'officialcode') == 'true' && isset($user_data['official_code'])) {
$sql = rtrim($sql, ',');
if ($changePassword && !empty($password)) {
UserManager::updatePassword(api_get_user_id(), $password);
}
if (api_get_setting('profile', 'officialcode') == 'true' &&
isset($user_data['official_code'])
) {
$sql .= ", official_code = '".Database::escape_string($user_data['official_code'])."'";
}
$sql .= " WHERE user_id = '".api_get_user_id()."'";
Database::query($sql);
$extraField = new ExtraFieldValue('user');
$extraField->saveFieldValues($user_data);
// User tag process
//1. Deleting all user tags
//$list_extra_field_type_tag = UserManager::get_all_extra_field_by_type(UserManager::USER_FIELD_TYPE_TAG);
/*if (is_array($list_extra_field_type_tag) && count($list_extra_field_type_tag)>0) {
foreach ($list_extra_field_type_tag as $id) {
UserManager::delete_user_tags(api_get_user_id(), $id);
if ($passwordWasChecked == false) {
Display::addFlash(
Display:: return_message(get_lang('ProfileReg'), 'normal', false)
);
} else {
if ($validPassword) {
Display::addFlash(
Display:: return_message(get_lang('ProfileReg'), 'normal', false)
);
}
}
//2. Update the extra fields and user tags if available
if (is_array($extras) && count($extras)> 0) {
foreach ($extras as $key => $value) {
//3. Tags are process in the UserManager::update_extra_field_value by the UserManager::process_tags function
// For array $value -> if exists key 'tmp_name' then must not be empty
// This avoid delete from user field value table when doesn't upload a file
if (is_array($value)) {
if (array_key_exists('tmp_name', $value) && empty($value['tmp_name'])) {
//Nothing to do
} else {
if (array_key_exists('tmp_name', $value)) {
$value['tmp_name'] = Security::filter_filename($value['tmp_name']);
}
if (array_key_exists('name', $value)) {
$value['name'] = Security::filter_filename($value['name']);
}
UserManager::update_extra_field_value($user_id, $key, $value);
}
} else {
UserManager::update_extra_field_value($user_id, $key, $value);
}
}
}*/
$extraField = new ExtraFieldValue('user');
$extraField->saveFieldValues($user_data);
$userInfo = api_get_user_info();
Session::write('_user', $userInfo);
// re-init the system to take new settings into account
$_SESSION['_user']['uidReset'] = true;
$_SESSION['noredirection'] = true;
$_SESSION['profile_update'] = 'success';
$url = api_get_self()."?{$_SERVER['QUERY_STRING']}".($filtered_extension && strpos($_SERVER['QUERY_STRING'], '&fe=1') === false ? '&fe=1' : '');
//$_SESSION['_user']['uidReset'] = true;
//$_SESSION['noredirection'] = true;
$url = api_get_self();
header("Location: ".$url);
exit;
}
@ -725,48 +706,29 @@ if (api_get_setting('allow_social_tool') != 'true') {
if (api_get_setting('extended_profile') == 'true') {
$actions .= '<div class="actions">';
if (api_get_setting('allow_social_tool') == 'true' && api_get_setting('allow_message_tool') == 'true') {
$actions .= '<a href="'.api_get_path(WEB_PATH).'main/social/profile.php">'.Display::return_icon('shared_profile.png', get_lang('ViewSharedProfile')).'</a>';
if (api_get_setting('allow_social_tool') == 'true' &&
api_get_setting('allow_message_tool') == 'true'
) {
$actions .= '<a href="'.api_get_path(WEB_PATH).'main/social/profile.php">'.
Display::return_icon('shared_profile.png', get_lang('ViewSharedProfile')).'</a>';
}
if (api_get_setting('allow_message_tool') == 'true') {
$actions .= '<a href="'.api_get_path(WEB_PATH).'main/messages/inbox.php">'.Display::return_icon('inbox.png', get_lang('Messages')).'</a>';
$actions .= '<a href="'.api_get_path(WEB_PATH).'main/messages/inbox.php">'.
Display::return_icon('inbox.png', get_lang('Messages')).'</a>';
}
$show = isset($_GET['show']) ? '&amp;show='.Security::remove_XSS($_GET['show']) : '';
if (isset($_GET['type']) && $_GET['type'] == 'extended') {
$actions .= '<a href="profile.php?type=reduced'.$show.'">'.Display::return_icon('edit.png', get_lang('EditNormalProfile'),'',16).'</a>';
$actions .= '<a href="profile.php?type=reduced'.$show.'">'.
Display::return_icon('edit.png', get_lang('EditNormalProfile'),'',16).'</a>';
} else {
$actions .= '<a href="profile.php?type=extended'.$show.'">'.Display::return_icon('edit.png', get_lang('EditExtendProfile'),'',16).'</a>';
$actions .= '<a href="profile.php?type=extended'.$show.'">'.
Display::return_icon('edit.png', get_lang('EditExtendProfile'),'',16).'</a>';
}
$actions .= '</div>';
}
}
if (!empty($file_deleted)) {
Display::addFlash(Display :: return_message(get_lang('FileDeleted'), 'normal', false));
} elseif (!empty($update_success)) {
$message = get_lang('ProfileReg');
if ($upload_picture_success) {
$message .= '<br /> '.get_lang('PictureUploaded');
}
if ($upload_production_success) {
$message.='<br />'.get_lang('ProductionUploaded');
}
Display::addFlash(Display :: return_message($message, 'normal', false));
}
if (!empty($msg_fail_changue_email)){
$errormail=get_lang('ToChangeYourEmailMustTypeYourPassword');
Display::addFlash(Display :: return_message($errormail, 'error', false));
}
if (!empty($msg_is_not_password)){
$warning_msg = get_lang('CurrentPasswordEmptyOrIncorrect');
Display::addFlash(Display :: return_message($warning_msg, 'warning', false));
}
$show_delete_account_button = api_get_setting('platform_unsubscribe_allowed') == 'true' ? true : false;
$tpl = new Template(get_lang('ModifyProfile'));

23
main/cron/import_csv.php
Unescape View File

@ -463,14 +463,18 @@ class ImportCsv
{
$data = Import::csvToArray($file);
$userRepository = UserManager::getRepository();
/*
* Another users import.
Unique identifier: official code and username . ok
Password should never get updated. ok
If an update should need to occur (because it changed in the .csv), we’ll want that logged. We will handle this manually in that case.
If an update should need to occur (because it changed in the .csv),
we’ll want that logged. We will handle this manually in that case.
All other fields should be updateable, though passwords should of course not get updated. ok
If a user gets deleted (not there anymore),
He should be set inactive one year after the current date. So I presume you’ll just update the expiration date. We want to grant access to courses up to a year after deletion.
He should be set inactive one year after the current date.
So I presume you’ll just update the expiration date. We want to grant access to courses up to a year after deletion.
*/
if (!empty($data)) {
@ -526,7 +530,6 @@ class ImportCsv
$this->logger->addError("Students - User NOT created: ".$row['username']." ".$row['firstname']." ".$row['lastname']);
}
} else {
if (empty($userInfo)) {
$this->logger->addError("Students - Can't update user :".$row['username']);
continue;
@ -557,19 +560,27 @@ class ImportCsv
}
// 2. Condition
if (!in_array($userInfo['email'], $avoidUsersWithEmail) && !in_array($row['email'], $avoidUsersWithEmail)) {
if (!in_array($userInfo['email'], $avoidUsersWithEmail) &&
!in_array($row['email'], $avoidUsersWithEmail)
) {
$email = $userInfo['email'];
}
// 3. Condition
if (in_array($userInfo['email'], $avoidUsersWithEmail) && !in_array($row['email'], $avoidUsersWithEmail)) {
if (in_array($userInfo['email'], $avoidUsersWithEmail) &&
!in_array($row['email'], $avoidUsersWithEmail)
) {
$email = $row['email'];
}
// Blocking password update
$avoidUsersWithPassword = $this->conditions['importStudents']['update']['avoid']['password'];
if ($userInfo['password'] != api_get_encrypted_password($row['password']) && in_array($row['password'], $avoidUsersWithPassword)) {
$user = $userRepository->find($userInfo['user_id']);
if ($userInfo['password'] != UserManager::encryptPassword($row['password'], $user) &&
in_array($row['password'], $avoidUsersWithPassword)
) {
$this->logger->addInfo("Students - User password is not updated: ".$row['username']." because the avoid conditions (password).");
$password = null;
$resetPassword = 0; // disallow password change

43
main/cron/user_import/resend_email_with_new_password.php
Unescape View File

@ -22,12 +22,16 @@ die();
$list = file('input.txt');
require_once '../../inc/global.inc.php';
$users = Database::get_main_table(TABLE_MAIN_USER);
$userManager = UserManager::getManager();
$repository = UserManager::getRepository();
/**
* E-mails list loop
*/
foreach ($list as $mail) {
$mail = trim($mail);
$sql = "SELECT user_id, official_code, firstname, lastname, email, username, language FROM $users WHERE email = '$mail'\n";
$sql = "SELECT user_id, official_code, firstname, lastname, email, username, language
FROM $users WHERE email = '$mail'\n";
$res = Database::query($sql);
if ($res === false) {
echo 'Error in database with email ' . $mail . "\n";
@ -37,25 +41,48 @@ foreach ($list as $mail) {
} else {
$row = Database::fetch_assoc($res);
$pass = api_substr($row['username'], 0, 4) . rand(0, 9) . rand(0, 9);
$crypass = api_get_encrypted_password($password);
$sqlu = "UPDATE $users SET password='$crypass' WHERE user_id = " . $row['user_id'];
$resu = Database::query($sqlu);
if ($resu === false) {
if ($user) {
/** @var User $user */
$user = $repository->find($row['user_id']);
$user->setPlainPassword($pass);
$userManager->updateUser($user, true);
} else {
echo "[Error] Error updating password. Skipping $mail\n";
continue;
}
$user = array('FirstName' => $row['firstname'], 'LastName' => $row['lastname'], 'UserName' => $row['username'], 'Password' => $pass, 'Email' => $mail);
$user = array(
'FirstName' => $row['firstname'],
'LastName' => $row['lastname'],
'UserName' => $row['username'],
'Password' => $pass,
'Email' => $mail,
);
$l = api_get_interface_language();
if (!empty($row['language'])) {
$l = $row['language'];
}
//This comes from main/admin/user_import.php::save_data() slightly modified
$recipient_name = api_get_person_name($user['FirstName'], $user['LastName'], null, PERSON_NAME_EMAIL_ADDRESS);
$recipient_name = api_get_person_name(
$user['FirstName'],
$user['LastName'],
null,
PERSON_NAME_EMAIL_ADDRESS
);
$emailsubject = '[' . api_get_setting('siteName') . '] ' . get_lang('YourReg', null, $l) . ' ' . api_get_setting('siteName');
$emailbody = get_lang('Dear', null, $l) . ' ' . api_get_person_name($user['FirstName'], $user['LastName']) . ",\n\n" . get_lang('YouAreReg', null, $l) . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings', null, $l) . "\n\n" . get_lang('Username', null, $l) . " : " . $user['UserName'] . "\n" . get_lang('Pass', null, $l) . " : " . $user['Password'] . "\n\n" . get_lang('Address', null, $l) . " " . api_get_setting('siteName') . " " . get_lang('Is', null, $l) . " : " . api_get_path(WEB_PATH) . " \n\n" . get_lang('Problem', null, $l) . "\n\n" . get_lang('Formula', null, $l) . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager', null, $l) . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email', null, $l) . " : " . api_get_setting('emailAdministrator') . "";
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
@api_mail_html($recipient_name, $user['Email'], $emailsubject, $emailbody, $sender_name, $email_admin);
@api_mail_html(
$recipient_name,
$user['Email'],
$emailsubject,
$emailbody,
$sender_name,
$email_admin
);
echo "[OK] Sent to $mail with new password $pass (encrypted:$crypass)... w/ subject: $emailsubject\n";
}
}

7
main/inc/global.inc.php
Unescape View File

@ -58,8 +58,13 @@ if (!isset($GLOBALS['_configuration'])) {
// Include the main Chamilo platform library file.
require_once $includePath.'/lib/api.lib.php';
$passwordEncryption = api_get_configuration_value('password_encryption');
//Check the PHP version
if ($passwordEncryption == 'bcrypt') {
require_once __DIR__.'/../../vendor/ircmaxell/password-compat/lib/password.php';
}
// Check the PHP version
api_check_php_version($includePath.'/');
// Specification for usernames:

25
main/inc/lib/api.lib.php
Unescape View File

@ -1468,8 +1468,9 @@ function _api_format_user($user, $add_password = false)
*/
function api_get_user_info($user_id = '', $checkIfUserOnline = false, $showPassword = false, $loadExtraData = false) {
if ($user_id == '') {
if (isset($GLOBALS['_user'])) {
return _api_format_user($GLOBALS['_user']);
$userFromSession = Session::read('_user');
if (isset($userFromSession)) {
return _api_format_user($userFromSession);
}
// @todo trigger an exception here
return false;
@ -5777,25 +5778,6 @@ function api_is_in_group($group_id = null, $course_code = null) {
return false;
}
/**
* This function gets the hash in md5 or sha1 (it depends in the platform config) of a given password
* @param string password
* @return string password with the applied hash
*/
function api_get_encrypted_password($password, $salt = '') {
global $_configuration;
$password_encryption = isset($_configuration['password_encryption']) ? $_configuration['password_encryption'] : 'sha1';
switch ($password_encryption) {
case 'sha1':
return empty($salt) ? sha1($password) : sha1($password.$salt);
case 'none':
return $password;
case 'md5':
default:
return empty($salt) ? md5($password) : md5($password.$salt);
}
}
/**
* Checks whether a secret key is valid
@ -6966,7 +6948,6 @@ function api_get_js_simple($file) {
function api_set_settings_and_plugins() {
global $_configuration;
//error_log('Loading settings from DB');
$_setting = array();
$_plugins = array();

15
main/inc/lib/conditional_login.class.php
Unescape View File

@ -1,25 +1,27 @@
<?php
/* For licensing terms, see /license.txt */
/*
/**
* Conditional login
* Used to implement the loading of custom pages
* 2011, Noel Dieschburg <noel@cblue.be>
*/
class ConditionalLogin
{
class ConditionalLogin {
/**
* Check conditions based in the $login_conditions see conditional_login.php file
* @param type $user
*/
public static function check_conditions($user) {
public static function check_conditions($user)
{
if (file_exists(api_get_path(SYS_PATH).'main/auth/conditional_login/conditional_login.php')) {
include_once api_get_path(SYS_PATH).'main/auth/conditional_login/conditional_login.php';
if (isset($login_conditions)) {
foreach ($login_conditions as $condition) {
//If condition fails we redirect to the URL defined by the condition
if (isset($condition['conditional_function']) && $condition['conditional_function']($user) == false) {
$_SESSION['conditional_login']['uid'] = $user['user_id'];
$_SESSION['conditional_login']['uid'] = $user['user_id'];
$_SESSION['conditional_login']['can_login'] = false;
header("Location:". $condition['url']);
exit();
@ -29,7 +31,8 @@ class ConditionalLogin {
}
}
public static function login() {
public static function login()
{
$_SESSION['conditional_login']['can_login'] = true;
LoginRedirection::redirect();
}

16
main/inc/lib/login.lib.php
Unescape View File

@ -178,7 +178,15 @@ class Login
{
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$id = intval($id);
$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM " . $tbl_user . " WHERE user_id=$id";
$sql = "SELECT
user_id AS uid,
lastname AS lastName,
firstname AS firstName,
username AS loginName,
password,
email
FROM " . $tbl_user . "
WHERE user_id = $id";
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
@ -191,9 +199,9 @@ class Login
if (self::get_secret_word($user['email']) == $secret) {
// OK, secret word is good. Now change password and mail it.
$user['password'] = api_generate_password();
$crypted = api_get_encrypted_password($user['password']);
$sql = "UPDATE " . $tbl_user . " SET password='$crypted' WHERE user_id = $id";
Database::query($sql);
UserManager::updatePassword($id, $user['password']);
return self::send_password_to_user($user, $by_username);
} else {
return get_lang('NotAllowed');

222
main/inc/lib/usermanager.lib.php
Unescape View File

@ -3,6 +3,10 @@
use Chamilo\CoreBundle\Entity\ExtraField as EntityExtraField;
use Chamilo\UserBundle\Entity\User;
use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
use Symfony\Component\Security\Core\Encoder\EncoderFactory;
use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
/**
*
@ -32,6 +36,8 @@ class UserManager
const USER_FIELD_TYPE_FILE = 13;
const USER_FIELD_TYPE_MOBILE_PHONE_NUMBER = 14;
private static $encryptionMethod;
/**
* The default constructor only instanciates an empty user object
* @assert () === null
@ -41,6 +47,149 @@ class UserManager
}
/**
* Repository is use to query the DB, selects, etc
* @return Chamilo\UserBundle\Entity\Repository\UserRepository
*/
public static function getRepository()
{
return Database::getManager()->getRepository('ChamiloUserBundle:User');
}
/**
* Create/update/delete methods are available in the UserManager
* (based in the Sonata\UserBundle\Entity\UserManager)
*
* @return Chamilo\UserBundle\Entity\Manager\UserManager
*/
public static function getManager()
{
$encoderFactory = self::getEncoderFactory();
$userManager = new Chamilo\UserBundle\Entity\Manager\UserManager(
$encoderFactory,
new \FOS\UserBundle\Util\Canonicalizer(),
new \FOS\UserBundle\Util\Canonicalizer(),
Database::getManager(),
'Chamilo\\UserBundle\\Entity\\User'
);
return $userManager;
}
/**
* @param string $encryptionMethod
*/
public static function setPasswordEncryption($encryptionMethod)
{
self::$encryptionMethod = $encryptionMethod;
}
/**
* @return bool|mixed
*/
public static function getPasswordEncryption()
{
$encryptionMethod = self::$encryptionMethod;
if (empty($encryptionMethod)) {
$encryptionMethod = api_get_configuration_value('password_encryption');
}
return $encryptionMethod;
}
/**
* @return EncoderFactory
*/
private static function getEncoderFactory()
{
$encryption = self::getPasswordEncryption();
switch ($encryption) {
case 'none':
$defaultEncoder = new PlaintextPasswordEncoder();
break;
case 'sha1':
case 'md5':
$defaultEncoder = new MessageDigestPasswordEncoder($encryption, false, 1);
break;
case 'bcrypt':
$defaultEncoder = new BCryptPasswordEncoder(4);
}
$encoders = array(
'Chamilo\\UserBundle\\Entity\\User' => $defaultEncoder
);
$encoderFactory = new EncoderFactory($encoders);
return $encoderFactory;
}
/**
* @param User $user
*
* @return \Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface
*/
private static function getEncoder(User $user)
{
$encoderFactory = self::getEncoderFactory();
return $encoderFactory->getEncoder($user);
}
/**
* Validates the password
* @param string $password
* @param User $user
*
* @return bool
*/
public static function isPasswordValid($password, User $user)
{
$encoder = self::getEncoder($user);
$validPassword = $encoder->isPasswordValid(
$user->getPassword(),
$password,
$user->getSalt()
);
return $validPassword;
}
/**
* @param string $raw
* @param User $user
*
* @return bool
*/
public static function encryptPassword($raw, User $user)
{
$encoder = self::getEncoder($user);
$encodedPassword = $encoder->encodePassword(
$raw,
$user->getSalt()
);
return $encodedPassword;
}
/**
* @param int $userId
* @param string $password
*
*/
public static function updatePassword($userId, $password)
{
$repository = self::getRepository();
/** @var User $user */
$user = $repository->find($userId);
$userManager = self::getManager();
$user->setPlainPassword($password);
$userManager->updateUser($user, true);
}
/**
* Creates a new user for the platform
* @author Hugues Peeters <peeters@ipm.ucl.ac.be>,
@ -152,20 +301,6 @@ class UserManager
return api_set_failure('login-pass already taken');
}
if (empty($encrypt_method)) {
$password = api_get_encrypted_password($password);
} else {
if ($_configuration['password_encryption'] === $encrypt_method) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
return api_set_failure('encrypt_method invalid');
} else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
return api_set_failure('encrypt_method invalid');
}
} else {
return api_set_failure('encrypt_method invalid');
}
}
$currentDate = api_get_utc_datetime();
$now = new DateTime($currentDate);
@ -173,8 +308,8 @@ class UserManager
// Default expiration date
// if there is a default duration of a valid account then
// we have to change the expiration_date accordingly
$expirationDate = new DateTime($currentDate);
if (api_get_setting('account_valid_duration') != '') {
$expirationDate = new DateTime($currentDate);
$days = intval(api_get_setting('account_valid_duration'));
$expirationDate->modify('+'.$days.' day');
}
@ -183,12 +318,16 @@ class UserManager
$expirationDate = new \DateTime($expirationDate);
}
$user = new User();
$user->setLastname($lastName)
$userManager = self::getManager();
/** @var User $user */
$user = $userManager->createUser();
$user
->setLastname($lastName)
->setFirstname($firstName)
->setUsername($loginName)
->setStatus($status)
->setPassword($password)
->setPlainPassword($password)
->setEmail($email)
->setOfficialCode($official_code)
->setPictureUri($picture_uri)
@ -197,13 +336,14 @@ class UserManager
->setPhone($phone)
->setLanguage($language)
->setRegistrationDate($now)
->setExpirationDate($expirationDate)
->setHrDeptId($hr_dept_id)
->setActive($active);
$manager = Database::getManager();
$manager->persist($user);
$manager->flush();
if (!empty($expirationDate)) {
$user->setExpirationDate($expirationDate);
}
$userManager->updateUser($user, true);
$userId = $user->getId();
if (!empty($userId)) {
@ -648,7 +788,9 @@ class UserManager
global $_configuration;
$original_password = $password;
if (empty($user_id)) { return false; }
if (empty($user_id)) {
return false;
}
$user_info = api_get_user_info($user_id, false, true);
if ($reset_password == 0) {
@ -665,25 +807,29 @@ class UserManager
$auth_source = $auth_source;
}
if ($user_id != strval(intval($user_id)))
if ($user_id != strval(intval($user_id))) {
return false;
if ($user_id === false)
}
if ($user_id === false) {
return false;
}
//Checking the user language
$languages = api_get_languages();
if (!in_array($language, $languages['folder'])) {
$language = api_get_setting('platformLanguage');
}
$change_active = 0;
if ($user_info['active'] != $active) {
$change_active = 1;
}
$em = Database::getManager();
/** @var Chamilo\UserBundle\Entity\User $user */
$userManager = self::getManager();
$user = $em->getRepository('ChamiloUserBundle:User')->find($user_id);
/** @var Chamilo\UserBundle\Entity\User $user */
$user = self::getRepository()->find($user_id);
if (empty($user)) {
return false;
@ -693,6 +839,7 @@ class UserManager
$expiration_date = api_get_utc_datetime($expiration_date);
$expiration_date = new \DateTime($expiration_date);
}
$user
->setLastname($lastname)
->setFirstname($firstname)
@ -710,25 +857,10 @@ class UserManager
;
if (!is_null($password)) {
if ($encrypt_method == '') {
$password = api_get_encrypted_password($password);
} else {
if ($_configuration['password_encryption'] === $encrypt_method) {
if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) {
return api_set_failure('encrypt_method invalid');
} else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) {
return api_set_failure('encrypt_method invalid');
}
} else {
return api_set_failure('encrypt_method invalid');
}
}
//$sql .= " password='".Database::escape_string($password)."',";
$user->setPassword($password);
$user->setPlainPassword($password);
}
$em->persist($user);
$em->flush();
$userManager->updateUser($user, true);
if ($change_active == 1) {
if ($active == 1) {

25
main/inc/local.inc.php
Unescape View File

@ -242,7 +242,10 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
$password = $_POST['password'];
}
//Lookup the user in the main database
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
// Lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status
FROM $user_table
@ -255,9 +258,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result, 'ASSOC');
if ($allowCaptcha) {
// Checking captcha
if (isset($_POST['captcha'])) {
// Check captcha
@ -309,12 +310,20 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE ||
$uData['auth_source'] == CAS_AUTH_SOURCE
) {
//The authentification of this user is managed by Chamilo itself
$password = api_get_encrypted_password(trim(stripslashes($password)));
$user = $userManager->findUserByUsername($login);
$validPassword = UserManager::isPasswordValid($password, $user);
// The authentication of this user is managed by Chamilo itself
//$password = api_get_encrypted_password(trim(stripslashes($password)));
// Check the user's password
if (($password == $uData['password'] || $cas_login) && (trim($login) == $uData['username'])) {
$update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type');
if (($validPassword || $cas_login) &&
(trim($login) == $uData['username'])
) {
$update_type = UserManager::get_extra_user_data_by_field(
$uData['user_id'],
'update_type'
);
$update_type = $update_type['update_type'];
if (!empty($extAuthSource[$update_type]['updateUser'])
@ -354,7 +363,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
ConditionalLogin::check_conditions($uData);
$_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status'];
$_user['status'] = $uData['status'];
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
$logging_in = true;

1
main/install/data.sql
Unescape View File

@ -1659,5 +1659,6 @@ VALUES
('allow_tutors_to_assign_students_to_session','true','Yes'),
('allow_tutors_to_assign_students_to_session','false','No');
UPDATE user SET username_canonical = username;
UPDATE settings_current SET selected_value = '1.10.0.39' WHERE variable = 'chamilo_database_version';

75
main/install/install.lib.php
Unescape View File

@ -1566,6 +1566,9 @@ function display_configuration_settings_form(
<?php } else { ?>
<td>
<div class="control-group">
<label class="radio inline">
<input type="radio" name="encryptPassForm" value="bcrypt" id="encryptPass1" <?php echo ($encryptPassForm == 'bcrypt') ? 'checked="checked" ': ''; ?>/><?php echo 'bcrypt'; ?>
</label>
<label class="radio inline">
<input type="radio" name="encryptPassForm" value="sha1" id="encryptPass1" <?php echo ($encryptPassForm == 'sha1') ? 'checked="checked" ': ''; ?>/><?php echo 'sha1'; ?>
</label>
@ -1997,30 +2000,62 @@ function finishInstallation(
$result->execute();
$result->closeCursor();
// Create users
switch ($encryptPassForm) {
case 'md5' :
$passToStore = md5($passForm);
break;
case 'sha1' :
$passToStore = sha1($passForm);
break;
case 'none' :
default:
$passToStore = $passForm;
break;
}
UserManager::setPasswordEncryption($encryptPassForm);
// Insert admin and Anonymous users.
UserManager::create_user(
$adminFirstName,
$adminLastName,
1,
$emailForm,
$loginForm,
$passForm,
'ADMIN', //$official_code = '',
$languageForm,
$adminPhoneForm,
'', //$picture_uri = '',
PLATFORM_AUTH_SOURCE,
'',//$expirationDate,
1,
0,
null,
'',
false, //$send_mail = false,
true //$isAdmin = false
);
$sql = "INSERT INTO user (user_id, lastname, firstname, username, password, auth_source, email, status, official_code, phone, creator_id, registration_date, expiration_date,active,openid,language) VALUES
(1, '$adminLastName','$adminFirstName','$loginForm','$passToStore','".PLATFORM_AUTH_SOURCE."','$emailForm',1,'ADMIN','$adminPhoneForm',1,NOW(),NULL,'1',NULL,'$languageForm'),
(2, 'Anonymous', 'Joe', '', '', 'platform', 'anonymous@localhost', 6, 'anonymous', NULL, 1, NOW(), NULL, 1,NULL,'$languageForm')";
Database::query($sql);
UserManager::create_user(
'Joe',
'Anonymous',
6,
'anonymous@localhost',
'anon',
'anon',
'anonymous', //$official_code = '',
$languageForm,
'',
'', //$picture_uri = '',
PLATFORM_AUTH_SOURCE,
'',
1,
0,
null,
'',
false, //$send_mail = false,
false //$isAdmin = false
);
/*
// Insert admin and Anonymous users.
$uniqueAdmin = sha1(uniqid(null, true));
$uniqueAnon = sha1(uniqid(null, true));
$sql = "INSERT INTO user (user_id, lastname, firstname, username, username_canonical, salt, password, auth_source, email, status, official_code, phone, creator_id, registration_date, expiration_date,active,openid,language) VALUES
(1, '$adminLastName','$adminFirstName','$loginForm','$loginForm', '$uniqueAdmin', '$encryptPassword','".PLATFORM_AUTH_SOURCE."','$emailForm',1,'ADMIN','$adminPhoneForm',1,NOW(),NULL,'1',NULL,'$languageForm'),
(2, 'Anonymous', 'Joe', 'anon', 'anon', '$uniqueAnon', '', 'platform', 'anonymous@localhost', 6, 'anonymous', NULL, 1, NOW(), NULL, 1,NULL,'$languageForm')";
//Database::query($sql);*/
// Insert user as admin
$sql = "INSERT INTO admin VALUES(1, 1)";
Database::query($sql);
//$sql = "INSERT INTO admin VALUES(1, 1)";
//Database::query($sql);
// Set default language
$sql = "UPDATE language SET available=1 WHERE dokeos_folder = '$languageForm'";

5
main/webservices/cm_webservice.php
Unescape View File

@ -171,12 +171,13 @@ class WSCM {
/**
* Return the encrypted pass
* @deprecated
* @param <String> $pass
* @return <String> $pass encrypted
*/
public function encryptPass($pass){
/*public function encryptPass($pass){
return api_get_encrypted_password($pass);
}
}*/
/**
* Gets the real user id based on the user id field name and value. Note that if the user id field name is "chamilo_user_id", it will use the user id

501
main/webservices/registration.soap.php
Unescape View File

@ -2,6 +2,7 @@
/* For licensing terms, see /license.txt */
use Chamilo\CoreBundle\Entity\ExtraField as EntityExtraField;
use Chamilo\UserBundle\Entity\User;
/**
* @package chamilo.webservices
@ -216,20 +217,20 @@ $server->register('WSCreateUsers', // method name
// Define the method WSCreateUsers
function WSCreateUsers($params) {
global $_user, $_configuration;
global $_user;
if (!WSHelperVerifyKey($params)) {
return return_error(WS_ERROR_SECRET_KEY);
}
// database table definition
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$users_params = $params['users'];
$results = array();
$orig_user_id_value = array();
foreach($users_params as $user_param) {
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
foreach ($users_params as $user_param) {
$firstName = $user_param['firstname'];
$lastName = $user_param['lastname'];
@ -242,7 +243,7 @@ function WSCreateUsers($params) {
$phone = '';
$picture_uri = '';
$auth_source = PLATFORM_AUTH_SOURCE;
$expiration_date = '0000-00-00 00:00:00';
$expiration_date = '';
$active = 1;
$hr_dept_id = 0;
$extra = null;
@ -266,35 +267,33 @@ function WSCreateUsers($params) {
$original_user_id_name
);
if ($user_id > 0) {
// Check if user is not active.
$sql = "SELECT user_id FROM $table_user
WHERE user_id ='".$user_id."' AND active= '0'";
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
$count_user_id = Database::num_rows($resu);
if ($count_user_id > 0) {
$sql = "UPDATE $table_user SET
lastname='".Database::escape_string($lastName)."',
firstname='".Database::escape_string($firstName)."',
username='".Database::escape_string($loginName)."',";
/** @var User $user */
$user = $userRepository->find($user_id);
if ($user && $user->isActive() == false) {
if (!is_null($password)) {
$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',";
$user->setPlainPassword($password);
}
if (!is_null($auth_source)) {
$sql .= " auth_source='".Database::escape_string($auth_source)."',";
$user->setAuthSource($auth_source);
}
$sql .= "
email='".Database::escape_string($email)."',
status='".Database::escape_string($status)."',
official_code='".Database::escape_string($official_code)."',
phone='".Database::escape_string($phone)."',
expiration_date='".Database::escape_string($expiration_date)."',
active='1',
hr_dept_id=".intval($hr_dept_id);
$sql .= " WHERE user_id='".$r_check_user[0]."'";
Database::query($sql);
$results[] = $r_check_user[0];
if (!empty($user_param['expiration_date'])) {
$expiration_date = new DateTime($user_param['expiration_date']);
}
$user->setLastname($lastName)
->setFirstname($firstName)
->setUsername($loginName)
->setEmail($email)
->setStatus($status)
->setOfficialCode($official_code)
->setPhone($phone)
->setExpirationDate($expiration_date)
->setHrDeptId($hr_dept_id)
->setActive(true);
$userManager->updateUser($user, true);
$results[] = $user_id;
continue;
//return $r_check_user[0];
} else {
@ -324,49 +323,45 @@ function WSCreateUsers($params) {
}
}
$password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
$sql = "INSERT INTO $table_user SET
lastname = '".Database::escape_string(trim($lastName))."',
firstname = '".Database::escape_string(trim($firstName))."',
username = '".Database::escape_string(trim($loginName))."',
status = '".Database::escape_string($status)."',
password = '".Database::escape_string($password)."',
email = '".Database::escape_string($email)."',
official_code = '".Database::escape_string($official_code)."',
picture_uri = '".Database::escape_string($picture_uri)."',
creator_id = '".Database::escape_string($creator_id)."',
auth_source = '".Database::escape_string($auth_source)."',
phone = '".Database::escape_string($phone)."',
language = '".Database::escape_string($language)."',
registration_date = now(),
expiration_date = '".Database::escape_string($expiration_date)."',
hr_dept_id = '".Database::escape_string($hr_dept_id)."',
active = '".Database::escape_string($active)."'";
$result = Database::query($sql);
if ($result) {
//echo "id returned";
$return = Database::insert_id();
$userId = UserManager::create_user(
$firstName,
$lastName,
$status,
$email,
$loginName,
$password,
$official_code,
$language,
$phone,
$picture_uri,
$auth_source,
$expiration_date,
$active,
$hr_dept_id
);
if ($userId) {
if (api_is_multiple_url_enabled()) {
if (api_get_current_access_url_id() != -1) {
UrlManager::add_user_to_url($return, api_get_current_access_url_id());
UrlManager::add_user_to_url($userId, api_get_current_access_url_id());
} else {
UrlManager::add_user_to_url($return, 1);
UrlManager::add_user_to_url($userId, 1);
}
} else {
// We add by default the access_url_user table with access_url_id = 1
UrlManager::add_user_to_url($return, 1);
UrlManager::add_user_to_url($userId, 1);
}
// Save new fieldlabel into user_field table.
$field_id = UserManager::create_extra_field(
// Save new field label into user_field table.
UserManager::create_extra_field(
$original_user_id_name,
1,
$original_user_id_name,
''
);
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
$return,
UserManager::update_extra_field_value(
$userId,
$original_user_id_name,
$original_user_id_value
);
@ -375,16 +370,16 @@ function WSCreateUsers($params) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save new fieldlabel into user_field table.
$field_id = UserManager::create_extra_field(
// Save new field label into user_field table.
UserManager::create_extra_field(
$extra_field_name,
1,
$extra_field_name,
''
);
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
$return,
UserManager::update_extra_field_value(
$userId,
$extra_field_name,
$extra_field_value
);
@ -395,7 +390,7 @@ function WSCreateUsers($params) {
continue;
}
$results[] = $return;
$results[] = $userId;
} // end principal foreach
@ -490,7 +485,7 @@ function WSCreateUser($params) {
}
if (!empty($params['expiration_date'])) {
$expiration_date = $params['expiration_date'];
$expirationDateStatement = " expiration_date = '".Database::escape_string($expiration_date)."', ";
//$expirationDateStatement = " expiration_date = '".Database::escape_string($expiration_date)."', ";
}
// check if exits x_user_id into user_field_values table
@ -498,41 +493,42 @@ function WSCreateUser($params) {
$original_user_id_value,
$original_user_id_name
);
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
if ($user_id > 0) {
// Check whether user is not active.
$sql = "SELECT user_id FROM $table_user
WHERE id ='".$user_id."' AND active= '0'";
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
$count_user_id = Database::num_rows($resu);
if ($count_user_id > 0) {
$sql = "UPDATE $table_user SET
lastname='".Database::escape_string($lastName)."',
firstname='".Database::escape_string($firstName)."',
username='".Database::escape_string($loginName)."',";
/** @var User $user */
$user = $userRepository->find($user_id);
if ($user && $user->isActive() == false) {
if (!is_null($password)) {
$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',";
$user->setPlainPassword($password);
}
if (!is_null($auth_source)) {
$sql .= " auth_source='".Database::escape_string($auth_source)."',";
$user->setAuthSource($auth_source);
}
$sql .= "
email='".Database::escape_string($email)."',
status='".Database::escape_string($status)."',
official_code='".Database::escape_string($official_code)."',
phone='".Database::escape_string($phone)."',
$expirationDateStatement
active=1,
hr_dept_id=".intval($hr_dept_id);
$sql .= " WHERE id=".$r_check_user[0];
Database::query($sql);
return $r_check_user[0];
if (!empty($params['expiration_date'])) {
$expiration_date = new DateTime($params['expiration_date']);
}
$user->setLastname($lastName)
->setFirstname($firstName)
->setUsername($loginName)
->setEmail($email)
->setStatus($status)
->setOfficialCode($official_code)
->setPhone($phone)
->setExpirationDate($expiration_date)
->setHrDeptId($hr_dept_id)
->setActive(true);
$userManager->updateUser($user, true);
return $user_id;
} else {
return 0;
//return 0; // user id already exits
}
}
@ -553,7 +549,7 @@ function WSCreateUser($params) {
return 0;
}
$password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
/*$password = ($_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password);
$sql = "INSERT INTO $table_user SET
lastname = '".Database::escape_string(trim($lastName))."',
firstname = '".Database::escape_string(trim($firstName))."',
@ -571,32 +567,48 @@ function WSCreateUser($params) {
$expirationDateStatement
hr_dept_id = '".Database::escape_string($hr_dept_id)."',
active = '".Database::escape_string($active)."'";
$result = Database::query($sql);
$result = Database::query($sql);-*/
/** @var User $user */
$userId = UserManager::create_user(
$firstName,
$lastName,
$status,
$email,
$loginName,
$password,
$official_code,
$language,
$phone,
$picture_uri,
$auth_source,
$expiration_date,
$active,
$hr_dept_id
);
if ($result) {
//echo "id returned";
$return = Database::insert_id();
if ($userId) {
if (api_is_multiple_url_enabled()) {
if (api_get_current_access_url_id() != -1) {
UrlManager::add_user_to_url($return, api_get_current_access_url_id());
UrlManager::add_user_to_url($userId, api_get_current_access_url_id());
} else {
UrlManager::add_user_to_url($return, 1);
UrlManager::add_user_to_url($userId, 1);
}
} else {
// We add by default the access_url_user table with access_url_id = 1
UrlManager::add_user_to_url($return, 1);
UrlManager::add_user_to_url($userId, 1);
}
// Save new fieldlabel into user_field table.
$field_id = UserManager::create_extra_field(
UserManager::create_extra_field(
$original_user_id_name,
1,
$original_user_id_name,
''
);
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
$return,
UserManager::update_extra_field_value(
$userId,
$original_user_id_name,
$original_user_id_value
);
@ -605,16 +617,16 @@ function WSCreateUser($params) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save new fieldlabel into user_field table.
$field_id = UserManager::create_extra_field(
// Save new field label into user_field table.
UserManager::create_extra_field(
$extra_field_name,
1,
$extra_field_name,
''
);
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
$return,
UserManager::update_extra_field_value(
$userId,
$extra_field_name,
$extra_field_value
);
@ -624,7 +636,7 @@ function WSCreateUser($params) {
return 0;
}
return $return;
return $userId;
}
/* Register WSCreateUsersPasswordCrypted function */
@ -1298,6 +1310,10 @@ function WSEditUserCredentials($params)
return return_error(WS_ERROR_SECRET_KEY);
}
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$original_user_id_value = $params['original_user_id_value'];
@ -1337,17 +1353,22 @@ function WSEditUserCredentials($params)
return 0;
}
$sql = "UPDATE $table_user SET
username='".Database::escape_string($username)."'";
/** @var User $user */
$user = $userRepository->find($user_id);
if ($user) {
if (!is_null($password)) {
$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= ", password='".Database::escape_string($password)."' ";
$user->setUsername($username);
if (!is_null($password)) {
$user->setPlainPassword($password);
}
$userManager->updateUser($user, true);
return true;
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql);
return $return;
return false;
}
// Prepare output params, in this case will return an array
@ -1390,10 +1411,14 @@ function WSEditUsers($params)
{
global $_configuration;
if(!WSHelperVerifyKey($params)) {
if (!WSHelperVerifyKey($params)) {
return return_error(WS_ERROR_SECRET_KEY);
}
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$users_params = $params['users'];
@ -1458,20 +1483,27 @@ function WSEditUsers($params)
continue;
}
// Edit lastname and firstname only if not empty
$sql = "UPDATE $table_user SET ";
/** @var User $user */
$user = $userRepository->find($user_id);
if (!empty($lastname)) {
$sql .= " lastname='".Database::escape_string($lastname)."', ";
$user->setLastname($lastname);
//$sql .= " lastname='".Database::escape_string($lastname)."', ";
}
if (!empty($firstname)) {
$sql .= " firstname='".Database::escape_string($firstname)."', ";
$user->setFirstname($firstname);
//$sql .= " firstname='".Database::escape_string($firstname)."', ";
}
$sql .= " username='".Database::escape_string($username)."',";
$user->setUsername($username);
//$sql .= " username='".Database::escape_string($username)."',";
if (!is_null($password)) {
$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',";
//$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
//$sql .= " password='".Database::escape_string($password)."',";
$user->setPlainPassword($password);
}
if (!is_null($auth_source)) {
$sql .= " auth_source='".Database::escape_string($auth_source)."',";
$user->setAuthSource($auth_source);
}
// Exception for admins in case no status is provided in WS call...
@ -1488,28 +1520,32 @@ function WSEditUsers($params)
$status = 1;
}
$sql .= "
email='".Database::escape_string($email)."',
status='".Database::escape_string($status)."',
official_code='".Database::escape_string($official_code)."',
phone='".Database::escape_string($phone)."',
picture_uri='".Database::escape_string($picture_uri)."',
expiration_date='".Database::escape_string($expiration_date)."',
active='".Database::escape_string($active)."',
hr_dept_id=".intval($hr_dept_id);
if (!empty($expiration_date)) {
$expiration_date = new DateTime($expiration_date);
}
$user
->setEmail($email)
->setStatus($status)
->setOfficialCode($official_code)
->setPhone($phone)
->setExpirationDate($expiration_date)
->setHrDeptId($hr_dept_id)
->setActive(true);
if (!is_null($creator_id)) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
$user->setCreatorId($creator_id);
//$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql);
$userManager->updateUser($user, true);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
UserManager::update_extra_field_value(
$user_id,
$extra_field_name,
$extra_field_value
@ -1517,13 +1553,13 @@ function WSEditUsers($params)
}
}
$results[] = $return;
$results[] = $user->getId();
continue;
}
$count_results = count($results);
$output = array();
for($i = 0; $i < $count_results; $i++) {
for ($i = 0; $i < $count_results; $i++) {
$output[] = array(
'original_user_id_value' => $orig_user_id_value[$i],
'result' => $results[$i],
@ -1569,13 +1605,16 @@ $server->register('WSEditUser', // method name
);
// Define the method WSEditUser
function WSEditUser($params) {
global $_configuration;
function WSEditUser($params)
{
if(!WSHelperVerifyKey($params)) {
if (!WSHelperVerifyKey($params)) {
return return_error(WS_ERROR_SECRET_KEY);
}
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$original_user_id_value = $params['original_user_id_value'];
@ -1629,21 +1668,30 @@ function WSEditUser($params) {
if (!empty($r_username[0])) {
return 0;
}
// Edit lastname an firstname only if not empty
$sql = "UPDATE $table_user SET ";
/** @var User $user */
$user = $userRepository->find($user_id);
if (!empty($lastname)) {
$sql .= " lastname='".Database::escape_string($lastname)."', ";
$user->setLastname($lastname);
//$sql .= " lastname='".Database::escape_string($lastname)."', ";
}
if (!empty($firstname)) {
$sql .= " firstname='".Database::escape_string($firstname)."', ";
$user->setFirstname($firstname);
//$sql .= " firstname='".Database::escape_string($firstname)."', ";
}
$sql .= " username='".Database::escape_string($username)."',";
$user->setUsername($username);
//$sql .= " username='".Database::escape_string($username)."',";
if (!is_null($password)) {
$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',";
//$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
//$sql .= " password='".Database::escape_string($password)."',";
$user->setPlainPassword($password);
}
if (!is_null($auth_source)) {
$sql .= " auth_source='".Database::escape_string($auth_source)."',";
$user->setAuthSource($auth_source);
}
// Exception for admins in case no status is provided in WS call...
@ -1660,28 +1708,33 @@ function WSEditUser($params) {
$status = 1;
}
$sql .= "
email='".Database::escape_string($email)."',
status='".Database::escape_string($status)."',
official_code='".Database::escape_string($official_code)."',
phone='".Database::escape_string($phone)."',
picture_uri='".Database::escape_string($picture_uri)."',
expiration_date='".Database::escape_string($expiration_date)."',
active='".Database::escape_string($active)."',
hr_dept_id=".intval($hr_dept_id);
if (!empty($expiration_date)) {
$expiration_date = new DateTime($expiration_date);
}
$user
->setEmail($email)
->setStatus($status)
->setOfficialCode($official_code)
->setPhone($phone)
->setPictureUri($picture_uri)
->setExpirationDate($expiration_date)
->setHrDeptId($hr_dept_id)
->setActive(true);
if (!is_null($creator_id)) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
$user->setCreatorId($creator_id);
//$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql);
$userManager->updateUser($user, true);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
UserManager::update_extra_field_value(
$user_id,
$extra_field_name,
$extra_field_value
@ -1689,7 +1742,7 @@ function WSEditUser($params) {
}
}
return $return;
return $user_id;
}
/* Register WSEditUserWithPicture function */
@ -1729,13 +1782,17 @@ $server->register('WSEditUserWithPicture', // method name
);
// Define the method WSEditUserWithPicture
function WSEditUserWithPicture($params) {
function WSEditUserWithPicture($params)
{
global $_configuration;
if(!WSHelperVerifyKey($params)) {
if (!WSHelperVerifyKey($params)) {
return return_error(WS_ERROR_SECRET_KEY);
}
$userManager = UserManager::getManager();
$userRepository = UserManager::getRepository();
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$original_user_id_value = $params['original_user_id_value'];
@ -1761,7 +1818,6 @@ function WSEditUserWithPicture($params) {
$extra_list = $params['extra'];
if (!empty($params['expiration_date'])) {
$expiration_date = $params['expiration_date'];
$expirationDateStatement = " expiration_date = '" . Database::escape_string($expiration_date) . "', ";
}
if (!empty($params['password'])) {
@ -1803,26 +1859,33 @@ function WSEditUserWithPicture($params) {
if (!empty($r_username[0])) {
return 0;
}
// Edit lastname an firstname only if not empty
$sql = "UPDATE $table_user SET ";
/** @var User $user */
$user = $userRepository->find($user_id);
if (!empty($lastname)) {
$sql .= " lastname='".Database::escape_string($lastname)."', ";
$user->setLastname($lastname);
//$sql .= " lastname='".Database::escape_string($lastname)."', ";
}
if (!empty($firstname)) {
$sql .= " firstname='".Database::escape_string($firstname)."', ";
$user->setFirstname($firstname);
//$sql .= " firstname='".Database::escape_string($firstname)."', ";
}
$sql .= " username='".Database::escape_string($username)."',";
$user->setUsername($username);
//$sql .= " username='".Database::escape_string($username)."',";
if (!is_null($password)) {
$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
$sql .= " password='".Database::escape_string($password)."',";
//$password = $_configuration['password_encryption'] ? api_get_encrypted_password($password) : $password;
//$sql .= " password='".Database::escape_string($password)."',";
$user->setPlainPassword($password);
}
if (!is_null($auth_source)) {
$sql .= " auth_source='".Database::escape_string($auth_source)."',";
$user->setAuthSource($auth_source);
}
// Exception for admins in case no status is provided in WS call...
$t_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
$sqladmin = "SELECT id FROM $t_admin WHERE id = ".intval($user_id);
$sqladmin = "SELECT user_id FROM $t_admin WHERE user_id = ".intval($user_id);
$resadmin = Database::query($sqladmin);
$is_admin = Database::num_rows($resadmin);
@ -1834,28 +1897,32 @@ function WSEditUserWithPicture($params) {
$status = 1;
}
$sql .= "
email='".Database::escape_string($email)."',
status='".Database::escape_string($status)."',
official_code='".Database::escape_string($official_code)."',
phone='".Database::escape_string($phone)."',
picture_uri='".Database::escape_string($picture_uri)."',
$expirationDateStatement
active= ".intval($active).",
hr_dept_id=".intval($hr_dept_id);
if (!empty($expiration_date)) {
$expiration_date = new DateTime($expiration_date);
}
$user
->setEmail($email)
->setStatus($status)
->setOfficialCode($official_code)
->setPhone($phone)
->setExpirationDate($expiration_date)
->setHrDeptId($hr_dept_id)
->setActive(true);
if (!is_null($creator_id)) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
$user->setCreatorId($creator_id);
//$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE id=$user_id";
$return = @Database::query($sql);
$userManager->updateUser($user, true);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save the external system's id into user_field_value table.
$res = UserManager::update_extra_field_value(
UserManager::update_extra_field_value(
$user_id,
$extra_field_name,
$extra_field_value
@ -1863,7 +1930,7 @@ function WSEditUserWithPicture($params) {
}
}
return $return;
return $user_id;
}
/* Register WSEditUsersPasswordCrypted function */
@ -2545,14 +2612,14 @@ function WSCreateCourse($params)
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save the external system's id into course_field_value table.
$res = CourseManager::update_course_extra_field_value(
$r_check_course[0],
CourseManager::update_course_extra_field_value(
$courseInfo['code'],
$extra_field_name,
$extra_field_value
);
}
}
$results[] = $r_check_course[0];
$results[] = $courseInfo['code'];
continue;
} else {
$results[] = 0;
@ -2587,15 +2654,15 @@ function WSCreateCourse($params)
if (!empty($course_info)) {
$course_code = $course_info['code'];
// Save new fieldlabel into course_field table
$field_id = CourseManager::create_course_extra_field(
// Save new field label into course_field table
CourseManager::create_course_extra_field(
$original_course_id_name,
1,
$original_course_id_name
);
// Save the external system's id into user_field_value table.
$res = CourseManager::update_course_extra_field_value(
CourseManager::update_course_extra_field_value(
$course_code,
$original_course_id_name,
$original_course_id_value
@ -2606,13 +2673,13 @@ function WSCreateCourse($params)
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save new fieldlabel into course_field table.
$field_id = CourseManager::create_course_extra_field(
CourseManager::create_course_extra_field(
$extra_field_name,
1,
$extra_field_name
);
// Save the external system's id into course_field_value table.
$res = CourseManager::update_course_extra_field_value(
CourseManager::update_course_extra_field_value(
$course_code,
$extra_field_name,
$extra_field_value
@ -2627,7 +2694,7 @@ function WSCreateCourse($params)
$count_results = count($results);
$output = array();
for($i = 0; $i < $count_results; $i++) {
for ($i = 0; $i < $count_results; $i++) {
$output[] = array(
'original_course_id_value' => $orig_course_id_value[$i],
'result' => $results[$i],
@ -2772,7 +2839,7 @@ function WSCreateCourseByTitle($params)
visibility = '3'
WHERE id ='".$courseInfo['real_id']."'";
Database::query($sql);
$results[] = $r_check_course[0];
$results[] = $courseInfo['real_id'];
continue;
} else {
$results[] = 0;
@ -2802,22 +2869,22 @@ function WSCreateCourseByTitle($params)
$params['tutor_name'] = $tutor_name;
$params['course_language'] = $course_language;
$params['user_id'] = api_get_user_id();
$params['visibility'] = $visibility;
//$params['visibility'] = $visibility;
$course_info = create_course($params);
$course_info = CourseManager::create_course($params);
if (!empty($course_info)) {
$course_code = $course_info['code'];
// Save new fieldlabel into course_field table.
$field_id = CourseManager::create_course_extra_field(
CourseManager::create_course_extra_field(
$original_course_id_name,
1,
$original_course_id_name
);
// Save the external system's id into user_field_value table.
$res = CourseManager::update_course_extra_field_value(
CourseManager::update_course_extra_field_value(
$course_code,
$original_course_id_name,
$original_course_id_value
@ -2828,13 +2895,13 @@ function WSCreateCourseByTitle($params)
$extra_field_name = $extra['field_name'];
$extra_field_value = $extra['field_value'];
// Save new fieldlabel into course_field table.
$field_id = CourseManager::create_course_extra_field(
CourseManager::create_course_extra_field(
$extra_field_name,
1,
$extra_field_name
);
// Save the external system's id into course_field_value table.
$res = CourseManager::update_course_extra_field_value(
CourseManager::update_course_extra_field_value(
$course_code,
$extra_field_name,
$extra_field_value
@ -2991,6 +3058,7 @@ function WSEditCourse($params){
}
$course_code = $courseInfo['code'];
$courseId = $courseInfo['real_id'];
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT concat(lastname,'',firstname) as tutor_name
@ -3795,7 +3863,7 @@ function WSEditSession($params)
$id_coach = $session_param['user_id'];
$extra_list = $session_param['extra'];
$id SessionManager::getSessionIdFromOriginalId(
$id = SessionManager::getSessionIdFromOriginalId(
$original_session_id_value,
$original_session_id_name
);
@ -4145,8 +4213,9 @@ function WSSubscribeUserToCourse($params) {
// Course was not found
$result['result'] = 0;
} else {
if ($debug) error_log('WSSubscribeUserToCourse course_code: '.$course_code);
$course_code = $courseInfo['code'];
if ($debug) error_log('WSSubscribeUserToCourse course_code: '.$course_code);
if (!CourseManager::add_user_to_course($user_id, $course_code, $status)) {
$result['result'] = 0;
}
@ -4658,19 +4727,19 @@ function WSSuscribeUsersToSession($params)
$orig_user_id_value[] = implode(',', $usersList);
if ($id_session!= strval(intval($id_session))) {
if ($sessionId != strval(intval($sessionId))) {
$results[] = 0;
continue;
}
$sql = "SELECT user_id FROM $tbl_session_rel_user
WHERE session_id='$id_session' AND relation_type<>".SESSION_RELATION_TYPE_RRHH."";
WHERE session_id='$sessionId' AND relation_type<>".SESSION_RELATION_TYPE_RRHH."";
$result = Database::query($sql);
$existingUsers = array();
while($row = Database::fetch_array($result)){
$existingUsers[] = $row['user_id'];
}
$sql = "SELECT c_id FROM $tbl_session_rel_course WHERE session_id='$id_session'";
$sql = "SELECT c_id FROM $tbl_session_rel_course WHERE session_id='$sessionId'";
$result=Database::query($sql);
$CourseList = array();
@ -4688,7 +4757,7 @@ function WSSuscribeUsersToSession($params)
if (!in_array($enreg_user, $existingUsers)) {
$enreg_user = Database::escape_string($enreg_user);
$sql = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(session_id, c_id, user_id)
VALUES('$id_session', '$enreg_course', '$enreg_user')";
VALUES('$sessionId', '$enreg_course', '$enreg_user')";
$result = Database::query($sql);
if (Database::affected_rows($result)) {
$nbr_users++;
@ -4698,7 +4767,7 @@ function WSSuscribeUsersToSession($params)
// count users in this session-course relation
$sql = "SELECT COUNT(user_id) as nbUsers
FROM $tbl_session_rel_course_rel_user
WHERE session_id = '$id_session' AND c_id='$enreg_course'";
WHERE session_id = '$sessionId' AND c_id='$enreg_course'";
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
// update the session-course relation to add the users total
@ -4713,15 +4782,15 @@ function WSSuscribeUsersToSession($params)
$enreg_user = Database::escape_string($enreg_user);
$nbr_users++;
$sql = "INSERT IGNORE INTO $tbl_session_rel_user(session_id, user_id)
VALUES ('$id_session','$enreg_user')";
VALUES ('$sessionId','$enreg_user')";
Database::query($sql);
}
// update number of users in the session
$nbr_users = count($usersList);
$sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$id_session' ";
$sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$sessionId' ";
$result = Database::query($sql);
$return = Database::affected_rows($result);
Database::affected_rows($result);
$results[] = 1;
continue;

8
src/Chamilo/CoreBundle/Migrations/Schema/V110/Version20150511133949.php
Unescape View File

@ -6,7 +6,7 @@ use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
use Doctrine\DBAL\Schema\Schema;
/**
* Add salt
* Username changes
*/
class Version20150511133949 extends AbstractMigrationChamilo
{
@ -16,6 +16,9 @@ class Version20150511133949 extends AbstractMigrationChamilo
public function up(Schema $schema)
{
$this->addSql('ALTER TABLE user ADD salt VARCHAR(255) NOT NULL');
$this->addSql('ALTER TABLE user ADD username_canonical VARCHAR(100) NOT NULL');
$this->addSql('CREATE UNIQUE INDEX UNIQ_8D93D64992FC23A8 ON user (username_canonical)');
$this->addSql('ALTER TABLE user CHANGE password password VARCHAR(255) NOT NULL');
}
/**
@ -24,5 +27,8 @@ class Version20150511133949 extends AbstractMigrationChamilo
public function down(Schema $schema)
{
$this->addSql('ALTER TABLE user DROP salt');
$this->addSql('DROP INDEX UNIQ_8D93D64992FC23A8 ON user');
$this->addSql('ALTER TABLE user DROP username_canonical');
$this->addSql('ALTER TABLE user CHANGE password password VARCHAR(50) NOT NULL COLLATE utf8_unicode_ci');
}
}

15
src/Chamilo/UserBundle/Entity/Manager/UserManager.php
Unescape View File

@ -0,0 +1,15 @@
<?php
namespace Chamilo\UserBundle\Entity\Manager;
use Sonata\UserBundle\Entity\UserManager as BaseUserManager;
/**
* Class UserManager
*
* @package Chamilo\UserBundle\Entity\Manager
*/
class UserManager extends BaseUserManager
{
}

12
src/Chamilo/UserBundle/Entity/Repository/UserRepository.php
Unescape View File

@ -4,24 +4,24 @@
namespace Chamilo\UserBundle\Entity\Repository;
use Doctrine\ORM\EntityRepository;
use Doctrine\ORM\NoResultException;
//use Symfony\Component\Security\Core\Exception\UsernameNotFoundException;
//use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
use Chamilo\UserBundle\Entity\User as User;
/**
* Class UserRepository
*
* All functions that query the database (selects)
* Functions should return query builders.
*
* @package Chamilo\UserBundle\Repository
*/
class UserRepository extends EntityRepository
{
public function getGroupsByUser($userId)
{
$user = $this->find($userId);
}
/**
* @param string $keyword
*
* @return mixed
*/
public function searchUserByKeyword($keyword)

9
src/Chamilo/UserBundle/Entity/User.php
Unescape View File

@ -66,6 +66,13 @@ class User extends BaseUser //implements ParticipantInterface, ThemeUser
*/
protected $username;
/**
* @var string
*
* * @ORM\Column(name="username_canonical", type="string", length=100, nullable=false, unique=true)
*/
protected $usernameCanonical;
/**
* @var string
*
@ -90,7 +97,7 @@ class User extends BaseUser //implements ParticipantInterface, ThemeUser
/**
* @var string
*
* @ORM\Column(name="password", type="string", length=50, nullable=false, unique=false)
* @ORM\Column(name="password", type="string", length=255, nullable=false, unique=false)
*/
protected $password;

7
tests/main/inc/lib/main_api.lib.test.php
Unescape View File

@ -749,13 +749,6 @@ class TestMainApi extends UnitTestCase {
$this->assertTrue(isset($res));
}
function testApiGetEncryptedPassword(){
$pass= array ('password'=> '2222');
$res=api_get_encrypted_password($pass['password'],null);
$this->assertTrue($res);
$this->assertPattern('/\d/',$res);
}
function testApiIsValidSecretKey(){
global $_configuration;
$key = array(

Write Preview
Loading…
Cancel
Save