diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index 0623e0a97a..c626b7ec0a 100755 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -92,7 +92,7 @@ * reset, setting correctly $cidReset (for course) and $gidReset (for group). * * 3. If needed, the script retrieves the other user informations (first name, - * last name, ...) and stores them in session. +* last name, ...) and stores them in session. * * 4. If needed, the script retrieves the course information and stores them * in session @@ -109,8 +109,8 @@ */ /* - INIT SECTION - variables should be initialised here + INIT SECTION + variables should be initialised here */ //require_once api_get_path(LIBRARY_PATH).'conditionallogin.lib.php'; moved to autologin @@ -119,13 +119,13 @@ use \ChamiloSession as Session; //Conditional login -if (isset($_SESSION['conditional_login']['uid']) && $_SESSION['conditional_login']['can_login']=== true){ +if (isset($_SESSION['conditional_login']['uid']) && $_SESSION['conditional_login']['can_login'] === true) { $uData = UserManager::get_user_info_by_id($_SESSION['conditional_login']['uid']); ConditionalLogin::check_conditions($uData); $_user['user_id'] = $_SESSION['conditional_login']['uid']; $_user['status'] = $uData['status']; - Session::write('_user',$_user); + Session::write('_user', $_user); Session::erase('conditional_login'); $uidReset=true; event_login(); @@ -144,7 +144,10 @@ $cidReq = isset($_GET["cidReq"]) ? Database::escape_string($_GET["cidReq"]) : $c $cidReset = isset($cidReset) ? Database::escape_string($cidReset) : ''; // $cidReset can be set in URL-parameter -$cidReset = (isset($_GET['cidReq']) && ((isset($_SESSION['_cid']) && $_GET['cidReq']!=$_SESSION['_cid']) || (!isset($_SESSION['_cid'])))) ? Database::escape_string($_GET["cidReq"]) : $cidReset; +$cidReset = ( + isset($_GET['cidReq']) && ((isset($_SESSION['_cid']) + && $_GET['cidReq']!=$_SESSION['_cid']) || (!isset($_SESSION['_cid']))) + ) ? Database::escape_string($_GET["cidReq"]) : $cidReset; // $cDir is a special url param sent by courses/.htaccess $cDir = (!empty($_GET['cDir']) ? $_GET['cDir'] : null); @@ -199,11 +202,11 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { } if (isset($_POST['legal_accept_type']) && $legal_option===true) { - $cond_array = explode(':',$_POST['legal_accept_type']); - if (!empty($cond_array[0]) && !empty($cond_array[1])){ + $cond_array = explode(':', $_POST['legal_accept_type']); + if (!empty($cond_array[0]) && !empty($cond_array[1])) { $time = time(); $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; - UserManager::update_extra_field_value($user_id,'legal_accept',$condition_to_save); + UserManager::update_extra_field_value($user_id, 'legal_accept', $condition_to_save); } } } @@ -217,14 +220,14 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { } $cas_login = false; - if ($cas_activated AND !isset($_user['user_id']) and !isset($_POST['login']) && !$logout) { + if ($cas_activated and !isset($_user['user_id']) and !isset($_POST['login']) && !$logout) { require_once(api_get_path(SYS_PATH).'main/auth/cas/authcas.php'); $cas_login = cas_is_authenticated(); } - if ((isset($_POST['login']) AND isset($_POST['password']) ) OR ($cas_login) ) { + if ((isset($_POST['login']) and isset($_POST['password'])) or ($cas_login)) { // $login && $password are given to log in - if ( $cas_login && empty($_POST['login']) ) { + if ($cas_login && empty($_POST['login'])) { $login = $cas_login; } else { $login = $_POST['login']; @@ -299,10 +302,12 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { $password = api_get_encrypted_password(trim(stripslashes($password))); // Check the user's password - if (($password == $uData['password'] OR $cas_login) AND (trim($login) == $uData['username'])) { + if (($password == $uData['password'] or $cas_login) and (trim($login) == $uData['username'])) { $update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type'); $update_type= $update_type['update_type']; - if (!empty($extAuthSource[$update_type]['updateUser']) && file_exists($extAuthSource[$update_type]['updateUser'])) { + if (!empty($extAuthSource[$update_type]['updateUser']) + && file_exists($extAuthSource[$update_type]['updateUser']) + ) { include_once $extAuthSource[$update_type]['updateUser']; } @@ -310,17 +315,24 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { if ($uData['active'] == '1') { // Check if the expiration date has not been reached - if ($uData['expiration_date'] > date('Y-m-d H:i:s') OR $uData['expiration_date'] == '0000-00-00 00:00:00') { + if ($uData['expiration_date'] > date('Y-m-d H:i:s') + or $uData['expiration_date'] == '0000-00-00 00:00:00' + ) { + global $_configuration; - if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) { + if (isset($_configuration['multiple_access_urls']) + && $_configuration['multiple_access_urls'] + ) { + //Check if user is an admin $my_user_is_admin = UserManager::is_admin($uData['user_id']); // This user is subscribed in these sites => $my_url_list $my_url_list = api_get_access_url_from_user($uData['user_id']); - //Check the access_url configuration setting if the user is registered in the access_url_rel_user table + //Check the access_url configuration setting if + // the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); @@ -342,7 +354,8 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { // Fix cas redirection loop // https://support.chamilo.org/issues/6124 - $location = api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'; + $location = api_get_path(WEB_PATH) + .'index.php?loginFailed=1&error=access_url_inactive'; if ($cas_login) { cas_logout(null, $location); } else { @@ -350,25 +363,30 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { } exit; } - } else { //Only admins of the "main" (first) Chamilo portal can login wherever they want - if (in_array(1, $my_url_list)) { //Check if this admin have the access_url_id = 1 which means the principal + } else { + //Only admins of the "main" (first) Chamilo portal can login wherever they want + if (in_array(1, $my_url_list)) { + //Check if this admin have the access_url_id = 1 which means the principal ConditionalLogin::check_conditions($uData); $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; - Session::write('_user',$_user); + Session::write('_user', $_user); event_login(); } else { //This means a secondary admin wants to login so we check as he's a normal user if (in_array($current_access_url_id, $my_url_list)) { $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; - Session::write('_user',$_user); + Session::write('_user', $_user); event_login(); } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + header( + 'Location: '.api_get_path(WEB_PATH) + .'index.php?loginFailed=1&error=access_url_inactive' + ); exit; } } @@ -378,7 +396,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; - Session::write('_user',$_user); + Session::write('_user', $_user); event_login(); $logging_in = true; } @@ -386,14 +404,20 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); + header( + 'Location: '.api_get_path(WEB_PATH) + .'index.php?loginFailed=1&error=account_expired' + ); exit; } } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); + header( + 'Location: '.api_get_path(WEB_PATH) + .'index.php?loginFailed=1&error=account_inactive' + ); exit; } } else { @@ -419,7 +443,10 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { } } - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); + header( + 'Location: '.api_get_path(WEB_PATH) + .'index.php?loginFailed=1&error=user_password_incorrect' + ); exit; } @@ -428,7 +455,9 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { //e.g. registered by a teacher //do nothing (code may be added later) } - } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login'])) { + } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) + && file_exists($extAuthSource[$uData['auth_source']]['login']) + ) { /* * Process external authentication * on the basis of the given login name @@ -442,7 +471,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { /* >>>>>>>> External authentication modules <<<<<<<<< */ } else { // no standard Chamilo login - try external authentification //huh... nothing to do... we shouldn't get here - error_log('Chamilo Authentication file defined in $extAuthSource could not be found - this might prevent your system from doing the corresponding authentication process',0); + error_log( + 'Chamilo Authentication file defined in'. + ' $extAuthSource could not be found - this might prevent'. + ' your system from doing the corresponding authentication'. + ' process', + 0 + ); } } else { // login failed, Database::num_rows($result) <= 0 @@ -467,21 +502,31 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { */ if (isset($extAuthSource) && is_array($extAuthSource)) { - foreach($extAuthSource as $thisAuthSource) { + foreach ($extAuthSource as $thisAuthSource) { if (!empty($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) { include_once($thisAuthSource['newUser']); } else { - error_log('Chamilo Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); + error_log( + 'Chamilo Authentication file '. $thisAuthSource['newUser']. + ' could not be found - this might prevent your system from using'. + ' the authentication process in the user creation process', + 0 + ); } } } //end if is_array($extAuthSource) if ($loginFailed) { //If we are here username given is wrong Session::write('loginFailed', '1'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); + header( + 'Location: '.api_get_path(WEB_PATH) + .'index.php?loginFailed=1&error=user_password_incorrect' + ); exit; } } //end else login failed - } elseif (api_get_setting('sso_authentication') === 'true' && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))) { + } elseif (api_get_setting('sso_authentication') === 'true' + && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI'])) + ) { /** * TODO: * - Work on a better validation for webservices paths. Current is very poor and exit @@ -500,7 +545,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { online_logout($_SESSION['_user']['user_id'], false); $osso->logout(); //redirects and exits } - } elseif(!$logout) { + } elseif (!$logout) { // Handle cookie comming from Master Server // Use this first line if you want users to still see the // homepage without connecting @@ -520,23 +565,29 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { $protocol = api_get_setting('sso_authentication_protocol'); // sso_authentication_domain can list // several, comma-separated, domains - $master_urls = preg_split('/,/',api_get_setting('sso_authentication_domain')); + $master_urls = preg_split('/,/', api_get_setting('sso_authentication_domain')); if (!empty($master_urls)) { $master_auth_uri = api_get_setting('sso_authentication_auth_uri'); foreach ($master_urls as $mu) { - if (empty($mu)) { continue; } + if (empty($mu)) { + continue; + } // For each URL, check until we find *one* that matches the $_GET['sso_referer'], // then skip other possibilities // Do NOT compare the whole referer, as this might cause confusing errors with friendly urls, // like in Drupal /?q=user& vs /user? - $referer = substr($_GET['sso_referer'], 0, strrpos($_GET['sso_referer'],'/')); - if ($protocol.trim($mu) === $referer) { + $referrer = substr($_GET['sso_referer'], 0, strrpos($_GET['sso_referer'], '/')); + if ($protocol.trim($mu) === $referrer) { $matches_domain = true; break; } } } else { - error_log('Your sso_authentication_master param is empty. Check the platform configuration, security section. It can be a list of comma-separated domains'); + error_log( + 'Your sso_authentication_master param is empty. '. + 'Check the platform configuration, security section. '. + 'It can be a list of comma-separated domains' + ); } } if ($matches_domain) { @@ -567,7 +618,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { if ($res['status'] == 'success') { $id1 = Database::escape_string($res['openid.identity']); //have another id with or without the final '/' - $id2 = (substr($id1,-1,1)=='/'?substr($id1,0,-1):$id1.'/'); + $id2 = (substr($id1, -1, 1)=='/'?substr($id1, 0, -1):$id1.'/'); //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT user_id, username, password, auth_source, active, expiration_date @@ -586,11 +637,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { // check if the account is active (not locked) if ($uData['active']=='1') { // check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + if ($uData['expiration_date']>date('Y-m-d H:i:s') + or $uData['expiration_date']=='0000-00-00 00:00:00' + ) { $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; - Session::write('_user',$_user); + Session::write('_user', $_user); event_login(); } else { $loginFailed = true; @@ -614,7 +667,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { } } else { //Redirect to the subscription form - header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php?username='.$res['openid.sreg.nickname'].'&email='.$res['openid.sreg.email'].'&openid='.$res['openid.identity'].'&openid_msg=idnotfound'); + header( + 'Location: '.api_get_path(WEB_CODE_PATH) + .'auth/inscription.php?username='.$res['openid.sreg.nickname'] + .'&email='.$res['openid.sreg.email'] + .'&openid='.$res['openid.identity'] + .'&openid_msg=idnotfound' + ); Session::write('loginFailed', '1'); exit; //$loginFailed = true; @@ -651,7 +710,9 @@ if (isset($use_anonymous) && $use_anonymous) { // if there is a cDir parameter in the URL (coming from courses/.htaccess redirection) if (!empty($cDir)) { $c = CourseManager::get_course_id_from_path($cDir); - if ($c) { $cidReq = $c; } + if ($c) { + $cidReq = $c; + } } // if the requested course is different from the course in session @@ -698,14 +759,14 @@ if (isset($uidReset) && $uidReset) { $_user = _api_format_user($uData, false); $_user['lastLogin'] = api_strtotime($uData['login_date'], 'UTC'); - $is_platformAdmin = (bool) (! is_null( $uData['is_admin'])); + $is_platformAdmin = (bool) (! is_null($uData['is_admin'])); $is_allowedCreateCourse = (bool) (($uData ['status'] == COURSEMANAGER) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == DRH)); ConditionalLogin::check_conditions($uData); - Session::write('_user',$_user); + Session::write('_user', $_user); UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true'); Session::write('is_platformAdmin', $is_platformAdmin); - Session::write('is_allowedCreateCourse',$is_allowedCreateCourse); + Session::write('is_allowedCreateCourse', $is_allowedCreateCourse); } else { header('location:'.api_get_path(WEB_PATH)); //exit("WARNING UNDEFINED UID !! "); @@ -739,8 +800,8 @@ if (isset($cidReset) && $cidReset) { $_cid = $_course['code']; Session::write('_real_cid', $_real_cid); - Session::write('_cid', $_cid); - Session::write('_course', $_course); + Session::write('_cid', $_cid); + Session::write('_course', $_course); // if a session id has been given in url, we store the session @@ -781,8 +842,8 @@ if (isset($cidReset) && $cidReset) { Session::erase('_course'); if (!empty($_SESSION)) { - foreach($_SESSION as $key => $session_item) { - if (strpos($key,'lp_autolunch_') === false) { + foreach ($_SESSION as $key => $session_item) { + if (strpos($key, 'lp_autolunch_') === false) { continue; } else { if (isset($_SESSION[$key])) { @@ -813,12 +874,12 @@ if (isset($cidReset) && $cidReset) { $_cid = $_course['code']; Session::write('_real_cid', $_real_cid); - Session::write('_cid', $_cid); - Session::write('_course', $_course); + Session::write('_cid', $_cid); + Session::write('_course', $_course); } } - if (empty($_SESSION['_course']) OR empty($_SESSION['_cid'])) { //no previous values... + if (empty($_SESSION['_course']) or empty($_SESSION['_cid'])) { //no previous values... $_cid = -1; //set default values that will be caracteristic of being unset $_course = -1; } else { @@ -892,7 +953,7 @@ if (isset($cidReset) && $cidReset) { ORDER BY login_course_date DESC LIMIT 0,1"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { - $i_course_access_id = Database::result($result,0,0); + $i_course_access_id = Database::result($result, 0, 0); //We update the course tracking table $sql = "UPDATE $course_tracking_table SET logout_course_date = '$time', counter = counter+1 WHERE course_access_id = ".intval($i_course_access_id)." AND session_id = ".api_get_session_id(); @@ -927,8 +988,7 @@ $is_courseAdmin = false; $is_courseTutor = false; $is_courseMember = false; -if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) -{ +if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) { if (isset($_cid) && $_cid) { $my_user_id = isset($user_id) ? intval($user_id) : 0; $variable = 'accept_legal_'.$my_user_id.'_'.$_course['real_id'].'_'.$session_id; @@ -967,7 +1027,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) $is_courseMember = true; $_courseUser['role'] = $cuData['role']; - Session::write('_courseUser',$_courseUser); + Session::write('_courseUser', $_courseUser); } // We are in a session course? Check session permissions @@ -1120,7 +1180,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset)) case COURSE_VISIBILITY_OPEN_WORLD: //3 $is_allowed_in_course = true; break; - case COURSE_VISIBILITY_OPEN_PLATFORM : //2 + case COURSE_VISIBILITY_OPEN_PLATFORM: //2 if (isset($user_id) && !api_is_anonymous($user_id)) { $is_allowed_in_course = true; }