Add form login when api_not_allowed is called BT#12851

main/inc/lib/api.lib.php

@@ -3250,8 +3250,10 @@ function api_is_anonymous($user_id = null, $db_check = false)
  * @param bool   $print_headers    Whether or not to print headers (default = false -> does not print them)
  * @param string $message
  */
-function api_not_allowed($print_headers = false, $message = null)
-{
+function api_not_allowed(
+    $print_headers = false,
+    $message = null
+) {
     if (api_get_setting('sso_authentication') === 'true') {
         global $osso;
         if ($osso) {
@@ -3279,15 +3281,19 @@ function api_not_allowed($print_headers = false, $message = null)
         $msg = $message;
     } else {
         $msg = Display::return_message(
-            get_lang('NotAllowedClickBack').'<br/><br/><button onclick="goBack();">'.get_lang('GoBack').'</button><script>function goBack(){window.history.back();}</script>',
+            get_lang('NotAllowedClickBack').'
+            <script>function goBack(){window.history.back();}</script>',
             'error',
             false
         );
+        $msg .= '<p class="text-center">
+             <a onclick="goBack();" class="btn btn-default" href="'.$home_url.'">'.get_lang('GoBack').'</a>
+             </p>';
     }
 
     $msg = Display::div($msg, array('align'=>'center'));
-    $show_headers = 0;
 
+    $show_headers = 0;
     if ($print_headers && $origin != 'learnpath') {
         $show_headers = 1;
     }
@@ -3327,29 +3333,7 @@ function api_not_allowed($print_headers = false, $message = null)
         }
 
         // If the user has no user ID, then his session has expired
-        $action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
-        $action = str_replace('&amp;', '&', $action);
-        $form = new FormValidator(
-            'formLogin',
-            'post',
-            $action,
-            null,
-            array(),
-            FormValidator::LAYOUT_BOX_NO_LABEL
-        );
-        $form->addElement(
-            'text',
-            'login',
-            null,
-            array('placeholder' => get_lang('UserName'), 'autocapitalize' => 'none')
-        );
-        $form->addElement(
-            'password',
-            'password',
-            null,
-            array('placeholder' => get_lang('Password'), 'autocapitalize' => 'none')
-        );
-        $form->addButton('submitAuth', get_lang('LoginEnter'), '', 'primary');
+        $form = api_get_not_allowed_login_form();
 
         // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (above)
         $content = Display::return_message(get_lang('NotAllowed'), 'error', false);
@@ -3392,19 +3376,12 @@ function api_not_allowed($print_headers = false, $message = null)
     }
 
     $msg = null;
-
     // The session is over and we were not in a course,
     // or we try to get directly to a private course without being logged
     $courseId = api_get_course_int_id();
     if (!empty($courseId)) {
         api_set_firstpage_parameter(api_get_course_id());
         $tpl->setLoginBodyClass();
-        $action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
-        $action = str_replace('&amp;', '&', $action);
-        $form = new FormValidator('formLogin', 'post', $action, null, array('class'=>'form-stacked'));
-        $form->addElement('text', 'login', null, array('autocapitalize' => 'none', 'placeholder' => get_lang('UserName'), 'class' => 'col-md-3'));
-        $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'col-md-3')); //new
-        $form->addButtonNext(get_lang('LoginEnter'), 'submitAuth');
 
         // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (bellow)
         $msg = Display::return_message(get_lang('NotAllowed'), 'error', false);
@@ -3417,6 +3394,7 @@ function api_not_allowed($print_headers = false, $message = null)
             $msg .= "<p style='text-align:center'><a href='#' onclick='$(this).parent().next().toggle()'>".get_lang('LoginWithExternalAccount')."</a></p>";
             $msg .= "<div style='display:none;'>";
         }
+        $form = api_get_not_allowed_login_form();
         $msg .= '<div class="well">';
         $msg .= $form->returnForm();
         $msg .= '</div>';
@@ -3426,13 +3404,25 @@ function api_not_allowed($print_headers = false, $message = null)
     } else {
         // we were not in a course, return to home page
         $msg = Display::return_message(
-            get_lang('NotAllowed').'<br/><br/><a href="'.$home_url.'">'.get_lang('BackHome').'</a><br />',
+            get_lang('NotAllowed'),
             'error',
             false
         );
+
+        $msg .= '<p class="text-center">
+                 <a class="btn btn-default" href="'.$home_url.'">'.get_lang('BackHome').'</a>
+                 </p>';
+
         if (!empty($message)) {
             $msg = $message;
         }
+
+        if (api_is_anonymous()) {
+            $form = api_get_not_allowed_login_form();
+            $msg .= '<div class="well">';
+            $msg .= $form->returnForm();
+            $msg .= '</div>';
+        }
     }
 
     $tpl->assign('content', $msg);
@@ -3440,6 +3430,44 @@ function api_not_allowed($print_headers = false, $message = null)
     exit;
 }
 
+/**
+ * @return FormValidator
+ */
+function api_get_not_allowed_login_form()
+{
+    $action = api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']);
+    $action = str_replace('&amp;', '&', $action);
+    Session::write('redirect_after_not_allow_page', $action);
+    $action .= '&redirect_after_not_allow_page=1';
+
+    $form = new FormValidator(
+        'formLogin',
+        'post',
+        $action,
+        null,
+        array('class' => 'form-stacked')
+    );
+    $form->addElement(
+        'text',
+        'login',
+        null,
+        array(
+            'autocapitalize' => 'none',
+            'placeholder' => get_lang('UserName'),
+            'class' => 'col-md-3'
+        )
+    );
+    $form->addElement(
+        'password',
+        'password',
+        null,
+        array('placeholder' => get_lang('Password'), 'class' => 'col-md-3')
+    ); //new
+    $form->addButtonNext(get_lang('LoginEnter'), 'submitAuth');
+
+    return $form;
+}
+
 /**
  * Gets a UNIX timestamp from a database (MySQL) datetime format string
  * @param $last_post_datetime standard output date in a sql query
@@ -7506,7 +7534,10 @@ function api_can_login_as($loginAsUserId, $userId = null)
     $isDrh = function() use($loginAsUserId) {
         if (api_is_drh()) {
             if (api_drh_can_access_all_session_content()) {
-                $users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus('drh_all', api_get_user_id());
+                $users = SessionManager::getAllUsersFromCoursesFromAllSessionFromStatus(
+                    'drh_all',
+                    api_get_user_id()
+                );
                 $userList = array();
                 if (is_array($users)) {
                     foreach ($users as $user) {
@@ -7517,7 +7548,9 @@ function api_can_login_as($loginAsUserId, $userId = null)
                     return true;
                 }
             } else {
-                if (api_is_drh() && UserManager::is_user_followed_by_drh($loginAsUserId, api_get_user_id())) {
+                if (api_is_drh() &&
+                    UserManager::is_user_followed_by_drh($loginAsUserId, api_get_user_id())
+                ) {
                     return true;
                 }
             }
@@ -7564,7 +7597,7 @@ function api_delete_firstpage_parameter()
  */
 function exist_firstpage_parameter()
 {
-    return (isset($_COOKIE['GotoCourse']) && $_COOKIE['GotoCourse'] != "");
+    return isset($_COOKIE['GotoCourse']) && $_COOKIE['GotoCourse'] != '';
 }
 
 /**

main/inc/lib/banner.lib.php

@@ -216,7 +216,6 @@ function returnNotificationMenu()
 
     $user_id = api_get_user_id();
     $sessionId = api_get_session_id();
-
     $html = '';
 
     if ((api_get_setting('showonline', 'world') == 'true' && !$user_id) ||
@@ -238,8 +237,7 @@ function returnNotificationMenu()
         }
 
         // Display the who's online for the course
-        if (
-            $number_online_in_course &&
+        if ($number_online_in_course &&
             (
                 is_array($_course) &&
                 api_get_setting('showonline', 'course') == 'true' && isset($_course['sysCode'])
@@ -251,7 +249,6 @@ function returnNotificationMenu()
                 .' '.$number_online_in_course.' </a></li>';
         }
 
-
         if (isset($user_id) && $sessionId != 0) {
             $numberOnlineInSession = getOnlineUsersInSessionCount($sessionId);
 

main/inc/lib/redirect.class.php

@@ -1,6 +1,8 @@
 <?php
 /* For licensing terms, see /license.txt */
 
+use ChamiloSession as Session;
+
 /**
  * Send a redirect to the user agent and exist
  * @author Laurent Opprecht <laurent@opprecht.info> for the Univesity of Geneva
@@ -57,9 +59,17 @@ class Redirect
         $url = isset($_SESSION['request_uri']) ? Security::remove_XSS($_SESSION['request_uri']) : '';
         unset($_SESSION['request_uri']);
 
+        $afterLogin = Session::read('redirect_after_not_allow_page');
+
+        if (!empty($afterLogin) && isset($_GET['redirect_after_not_allow_page'])) {
+            Session::erase('redirect_after_not_allow_page');
+            self::navigate($afterLogin);
+        }
         if (!empty($url)) {
             self::navigate($url);
-        } elseif ($logging_in || (isset($_REQUEST['sso_referer']) && !empty($_REQUEST['sso_referer']))) {
+        } elseif ($logging_in ||
+            (isset($_REQUEST['sso_referer']) && !empty($_REQUEST['sso_referer']))
+        ) {
             if (isset($user_id)) {
                 // Make sure we use the appropriate role redirection in case one has been defined
                 $user_status = api_get_user_status($user_id);