@ -92,7 +92,7 @@
* reset, setting correctly $cidReset (for course) and $gidReset (for group). * reset, setting correctly $cidReset (for course) and $gidReset (for group).
* *
* 3. If needed, the script retrieves the other user informations (first name, * 3. If needed, the script retrieves the other user informations (first name,
* last name, ...) and stores them in session.* last name, ...) and stores them in session.
* *
* 4. If needed, the script retrieves the course information and stores them * 4. If needed, the script retrieves the course information and stores them
* in session * in session
@ -119,13 +119,13 @@
use \ChamiloSession as Session; use \ChamiloSession as Session;
//Conditional login //Conditional login
if (isset($_SESSION['conditional_login']['uid']) & & $_SESSION['conditional_login']['can_login']=== true){ if (isset($_SESSION['conditional_login']['uid']) & & $_SESSION['conditional_login']['can_login'] === true) {
$uData = UserManager::get_user_info_by_id($_SESSION['conditional_login']['uid']); $uData = UserManager::get_user_info_by_id($_SESSION['conditional_login']['uid']);
ConditionalLogin::check_conditions($uData); ConditionalLogin::check_conditions($uData);
$_user['user_id'] = $_SESSION['conditional_login']['uid']; $_user['user_id'] = $_SESSION['conditional_login']['uid'];
$_user['status'] = $uData['status']; $_user['status'] = $uData['status'];
Session::write('_user',$_user); Session::write('_user', $_user);
Session::erase('conditional_login'); Session::erase('conditional_login');
$uidReset=true; $uidReset=true;
event_login(); event_login();
@ -144,7 +144,10 @@ $cidReq = isset($_GET["cidReq"]) ? Database::escape_string($_GET["cidReq"]) : $c
$cidReset = isset($cidReset) ? Database::escape_string($cidReset) : ''; $cidReset = isset($cidReset) ? Database::escape_string($cidReset) : '';
// $cidReset can be set in URL-parameter // $cidReset can be set in URL-parameter
$cidReset = (isset($_GET['cidReq']) & & ((isset($_SESSION['_cid']) & & $_GET['cidReq']!=$_SESSION['_cid']) || (!isset($_SESSION['_cid'])))) ? Database::escape_string($_GET["cidReq"]) : $cidReset; $cidReset = (
isset($_GET['cidReq']) & & ((isset($_SESSION['_cid'])
& & $_GET['cidReq']!=$_SESSION['_cid']) || (!isset($_SESSION['_cid'])))
) ? Database::escape_string($_GET["cidReq"]) : $cidReset;
// $cDir is a special url param sent by courses/.htaccess // $cDir is a special url param sent by courses/.htaccess
$cDir = (!empty($_GET['cDir']) ? $_GET['cDir'] : null); $cDir = (!empty($_GET['cDir']) ? $_GET['cDir'] : null);
@ -199,11 +202,11 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
if (isset($_POST['legal_accept_type']) & & $legal_option===true) { if (isset($_POST['legal_accept_type']) & & $legal_option===true) {
$cond_array = explode(':',$_POST['legal_accept_type']); $cond_array = explode(':', $_POST['legal_accept_type']);
if (!empty($cond_array[0]) & & !empty($cond_array[1])){ if (!empty($cond_array[0]) & & !empty($cond_array[1])) {
$time = time(); $time = time();
$condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time;
UserManager::update_extra_field_value($user_id,'legal_accept',$condition_to_save); UserManager::update_extra_field_value($user_id, 'legal_accept', $condition_to_save);
} }
} }
} }
@ -217,14 +220,14 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
$cas_login = false; $cas_login = false;
if ($cas_activated AND !isset($_user['user_id']) and !isset($_POST['login']) & & !$logout) { if ($cas_activated and !isset($_user['user_id']) and !isset($_POST['login']) & & !$logout) {
require_once(api_get_path(SYS_PATH).'main/auth/cas/authcas.php'); require_once(api_get_path(SYS_PATH).'main/auth/cas/authcas.php');
$cas_login = cas_is_authenticated(); $cas_login = cas_is_authenticated();
} }
if ((isset($_POST['login']) AND isset($_POST['password']) ) OR ($cas_login) ) { if ((isset($_POST['login']) and isset($_POST['password'])) or ($cas_login)) {
// $login & & $password are given to log in // $login & & $password are given to log in
if ( $cas_login & & empty($_POST['login']) ) { if ($cas_login & & empty($_POST['login'])) {
$login = $cas_login; $login = $cas_login;
} else { } else {
$login = $_POST['login']; $login = $_POST['login'];
@ -299,10 +302,12 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
$password = api_get_encrypted_password(trim(stripslashes($password))); $password = api_get_encrypted_password(trim(stripslashes($password)));
// Check the user's password // Check the user's password
if (($password == $uData['password'] OR $cas_login) AND (trim($login) == $uData['username'])) { if (($password == $uData['password'] or $cas_login) and (trim($login) == $uData['username'])) {
$update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type'); $update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type');
$update_type= $update_type['update_type']; $update_type= $update_type['update_type'];
if (!empty($extAuthSource[$update_type]['updateUser']) & & file_exists($extAuthSource[$update_type]['updateUser'])) { if (!empty($extAuthSource[$update_type]['updateUser'])
& & file_exists($extAuthSource[$update_type]['updateUser'])
) {
include_once $extAuthSource[$update_type]['updateUser']; include_once $extAuthSource[$update_type]['updateUser'];
} }
@ -310,17 +315,24 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
if ($uData['active'] == '1') { if ($uData['active'] == '1') {
// Check if the expiration date has not been reached // Check if the expiration date has not been reached
if ($uData['expiration_date'] > date('Y-m-d H:i:s') OR $uData['expiration_date'] == '0000-00-00 00:00:00') { if ($uData['expiration_date'] > date('Y-m-d H:i:s')
or $uData['expiration_date'] == '0000-00-00 00:00:00'
) {
global $_configuration; global $_configuration;
if (isset($_configuration['multiple_access_urls']) & & $_configuration['multiple_access_urls']) { if (isset($_configuration['multiple_access_urls'])
& & $_configuration['multiple_access_urls']
) {
//Check if user is an admin //Check if user is an admin
$my_user_is_admin = UserManager::is_admin($uData['user_id']); $my_user_is_admin = UserManager::is_admin($uData['user_id']);
// This user is subscribed in these sites => $my_url_list // This user is subscribed in these sites => $my_url_list
$my_url_list = api_get_access_url_from_user($uData['user_id']); $my_url_list = api_get_access_url_from_user($uData['user_id']);
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table //Check the access_url configuration setting if
// the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform //Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id(); $current_access_url_id = api_get_current_access_url_id();
@ -342,7 +354,8 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
// Fix cas redirection loop // Fix cas redirection loop
// https://support.chamilo.org/issues/6124 // https://support.chamilo.org/issues/6124
$location = api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'; $location = api_get_path(WEB_PATH)
.'index.php?loginFailed=1&error=access_url_inactive';
if ($cas_login) { if ($cas_login) {
cas_logout(null, $location); cas_logout(null, $location);
} else { } else {
@ -350,25 +363,30 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
exit; exit;
} }
} else { //Only admins of the "main" (first) Chamilo portal can login wherever they want } else {
if (in_array(1, $my_url_list)) { //Check if this admin have the access_url_id = 1 which means the principal //Only admins of the "main" (first) Chamilo portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin have the access_url_id = 1 which means the principal
ConditionalLogin::check_conditions($uData); ConditionalLogin::check_conditions($uData);
$_user['user_id'] = $uData['user_id']; $_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status']; $_user['status'] = $uData['status'];
Session::write('_user',$_user); Session::write('_user', $_user);
event_login(); event_login();
} else { } else {
//This means a secondary admin wants to login so we check as he's a normal user //This means a secondary admin wants to login so we check as he's a normal user
if (in_array($current_access_url_id, $my_url_list)) { if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id']; $_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status']; $_user['status'] = $uData['status'];
Session::write('_user',$_user); Session::write('_user', $_user);
event_login(); event_login();
} else { } else {
$loginFailed = true; $loginFailed = true;
Session::erase('_uid'); Session::erase('_uid');
Session::write('loginFailed', '1'); Session::write('loginFailed', '1');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1& error=access_url_inactive'
);
exit; exit;
} }
} }
@ -378,7 +396,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
$_user['user_id'] = $uData['user_id']; $_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status']; $_user['status'] = $uData['status'];
Session::write('_user',$_user); Session::write('_user', $_user);
event_login(); event_login();
$logging_in = true; $logging_in = true;
} }
@ -386,14 +404,20 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
$loginFailed = true; $loginFailed = true;
Session::erase('_uid'); Session::erase('_uid');
Session::write('loginFailed', '1'); Session::write('loginFailed', '1');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_expired'); header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1& error=account_expired'
);
exit; exit;
} }
} else { } else {
$loginFailed = true; $loginFailed = true;
Session::erase('_uid'); Session::erase('_uid');
Session::write('loginFailed', '1'); Session::write('loginFailed', '1');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=account_inactive'); header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1& error=account_inactive'
);
exit; exit;
} }
} else { } else {
@ -419,7 +443,10 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
} }
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1& error=user_password_incorrect'
);
exit; exit;
} }
@ -428,7 +455,9 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
//e.g. registered by a teacher //e.g. registered by a teacher
//do nothing (code may be added later) //do nothing (code may be added later)
} }
} elseif (!empty($extAuthSource[$uData['auth_source']]['login']) & & file_exists($extAuthSource[$uData['auth_source']]['login'])) { } elseif (!empty($extAuthSource[$uData['auth_source']]['login'])
& & file_exists($extAuthSource[$uData['auth_source']]['login'])
) {
/* /*
* Process external authentication * Process external authentication
* on the basis of the given login name * on the basis of the given login name
@ -442,7 +471,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
/* >>>>>>>> External authentication modules < < < < < < < < < */ /* >>>>>>>> External authentication modules < < < < < < < < < */
} else { // no standard Chamilo login - try external authentification } else { // no standard Chamilo login - try external authentification
//huh... nothing to do... we shouldn't get here //huh... nothing to do... we shouldn't get here
error_log('Chamilo Authentication file defined in $extAuthSource could not be found - this might prevent your system from doing the corresponding authentication process',0); error_log(
'Chamilo Authentication file defined in'.
' $extAuthSource could not be found - this might prevent'.
' your system from doing the corresponding authentication'.
' process',
0
);
} }
} else { } else {
// login failed, Database::num_rows($result) < = 0 // login failed, Database::num_rows($result) < = 0
@ -467,21 +502,31 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
*/ */
if (isset($extAuthSource) & & is_array($extAuthSource)) { if (isset($extAuthSource) & & is_array($extAuthSource)) {
foreach($extAuthSource as $thisAuthSource) { foreach ($extAuthSource as $thisAuthSource) {
if (!empty($thisAuthSource['newUser']) & & file_exists($thisAuthSource['newUser'])) { if (!empty($thisAuthSource['newUser']) & & file_exists($thisAuthSource['newUser'])) {
include_once($thisAuthSource['newUser']); include_once($thisAuthSource['newUser']);
} else { } else {
error_log('Chamilo Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); error_log(
'Chamilo Authentication file '. $thisAuthSource['newUser'].
' could not be found - this might prevent your system from using'.
' the authentication process in the user creation process',
0
);
} }
} }
} //end if is_array($extAuthSource) } //end if is_array($extAuthSource)
if ($loginFailed) { //If we are here username given is wrong if ($loginFailed) { //If we are here username given is wrong
Session::write('loginFailed', '1'); Session::write('loginFailed', '1');
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'); header(
'Location: '.api_get_path(WEB_PATH)
.'index.php?loginFailed=1& error=user_password_incorrect'
);
exit; exit;
} }
} //end else login failed } //end else login failed
} elseif (api_get_setting('sso_authentication') === 'true' & & !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))) { } elseif (api_get_setting('sso_authentication') === 'true'
& & !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))
) {
/** /**
* TODO: * TODO:
* - Work on a better validation for webservices paths. Current is very poor and exit * - Work on a better validation for webservices paths. Current is very poor and exit
@ -500,7 +545,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
online_logout($_SESSION['_user']['user_id'], false); online_logout($_SESSION['_user']['user_id'], false);
$osso->logout(); //redirects and exits $osso->logout(); //redirects and exits
} }
} elseif(!$logout) { } elseif (!$logout) {
// Handle cookie comming from Master Server // Handle cookie comming from Master Server
// Use this first line if you want users to still see the // Use this first line if you want users to still see the
// homepage without connecting // homepage without connecting
@ -520,23 +565,29 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
$protocol = api_get_setting('sso_authentication_protocol'); $protocol = api_get_setting('sso_authentication_protocol');
// sso_authentication_domain can list // sso_authentication_domain can list
// several, comma-separated, domains // several, comma-separated, domains
$master_urls = preg_split('/,/',api_get_setting('sso_authentication_domain')); $master_urls = preg_split('/,/', api_get_setting('sso_authentication_domain'));
if (!empty($master_urls)) { if (!empty($master_urls)) {
$master_auth_uri = api_get_setting('sso_authentication_auth_uri'); $master_auth_uri = api_get_setting('sso_authentication_auth_uri');
foreach ($master_urls as $mu) { foreach ($master_urls as $mu) {
if (empty($mu)) { continue; } if (empty($mu)) {
continue;
}
// For each URL, check until we find *one* that matches the $_GET['sso_referer'], // For each URL, check until we find *one* that matches the $_GET['sso_referer'],
// then skip other possibilities // then skip other possibilities
// Do NOT compare the whole referer, as this might cause confusing errors with friendly urls, // Do NOT compare the whole referer, as this might cause confusing errors with friendly urls,
// like in Drupal /?q=user& vs /user? // like in Drupal /?q=user& vs /user?
$referer = substr($_GET['sso_referer'], 0, strrpos($_GET['sso_referer'],'/')); $referr er = substr($_GET['sso_referer'], 0, strrpos($_GET['sso_referer'], '/'));
if ($protocol.trim($mu) === $referer) { if ($protocol.trim($mu) === $referr er) {
$matches_domain = true; $matches_domain = true;
break; break;
} }
} }
} else { } else {
error_log('Your sso_authentication_master param is empty. Check the platform configuration, security section. It can be a list of comma-separated domains'); error_log(
'Your sso_authentication_master param is empty. '.
'Check the platform configuration, security section. '.
'It can be a list of comma-separated domains'
);
} }
} }
if ($matches_domain) { if ($matches_domain) {
@ -567,7 +618,7 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
if ($res['status'] == 'success') { if ($res['status'] == 'success') {
$id1 = Database::escape_string($res['openid.identity']); $id1 = Database::escape_string($res['openid.identity']);
//have another id with or without the final '/' //have another id with or without the final '/'
$id2 = (substr($id1,-1,1)=='/'?substr($id1,0,-1):$id1.'/'); $id2 = (substr($id1, -1, 1)=='/'?substr($id1, 0, -1):$id1.'/');
//lookup the user in the main database //lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER); $user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date $sql = "SELECT user_id, username, password, auth_source, active, expiration_date
@ -586,11 +637,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
// check if the account is active (not locked) // check if the account is active (not locked)
if ($uData['active']=='1') { if ($uData['active']=='1') {
// check if the expiration date has not been reached // check if the expiration date has not been reached
if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { if ($uData['expiration_date']>date('Y-m-d H:i:s')
or $uData['expiration_date']=='0000-00-00 00:00:00'
) {
$_user['user_id'] = $uData['user_id']; $_user['user_id'] = $uData['user_id'];
$_user['status'] = $uData['status']; $_user['status'] = $uData['status'];
Session::write('_user',$_user); Session::write('_user', $_user);
event_login(); event_login();
} else { } else {
$loginFailed = true; $loginFailed = true;
@ -614,7 +667,13 @@ if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
} }
} else { } else {
//Redirect to the subscription form //Redirect to the subscription form
header('Location: '.api_get_path(WEB_CODE_PATH).'auth/inscription.php?username='.$res['openid.sreg.nickname'].'&email='.$res['openid.sreg.email'].'&openid='.$res['openid.identity'].'&openid_msg=idnotfound'); header(
'Location: '.api_get_path(WEB_CODE_PATH)
.'auth/inscription.php?username='.$res['openid.sreg.nickname']
.'& email='.$res['openid.sreg.email']
.'& openid='.$res['openid.identity']
.'& openid_msg=idnotfound'
);
Session::write('loginFailed', '1'); Session::write('loginFailed', '1');
exit; exit;
//$loginFailed = true; //$loginFailed = true;
@ -651,7 +710,9 @@ if (isset($use_anonymous) && $use_anonymous) {
// if there is a cDir parameter in the URL (coming from courses/.htaccess redirection) // if there is a cDir parameter in the URL (coming from courses/.htaccess redirection)
if (!empty($cDir)) { if (!empty($cDir)) {
$c = CourseManager::get_course_id_from_path($cDir); $c = CourseManager::get_course_id_from_path($cDir);
if ($c) { $cidReq = $c; } if ($c) {
$cidReq = $c;
}
} }
// if the requested course is different from the course in session // if the requested course is different from the course in session
@ -698,14 +759,14 @@ if (isset($uidReset) && $uidReset) {
$_user = _api_format_user($uData, false); $_user = _api_format_user($uData, false);
$_user['lastLogin'] = api_strtotime($uData['login_date'], 'UTC'); $_user['lastLogin'] = api_strtotime($uData['login_date'], 'UTC');
$is_platformAdmin = (bool) (! is_null( $uData['is_admin'])); $is_platformAdmin = (bool) (! is_null($uData['is_admin']));
$is_allowedCreateCourse = (bool) (($uData ['status'] == COURSEMANAGER) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == DRH)); $is_allowedCreateCourse = (bool) (($uData ['status'] == COURSEMANAGER) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == DRH));
ConditionalLogin::check_conditions($uData); ConditionalLogin::check_conditions($uData);
Session::write('_user',$_user); Session::write('_user', $_user);
UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true'); UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true');
Session::write('is_platformAdmin', $is_platformAdmin); Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('is_allowedCreateCourse',$is_allowedCreateCourse); Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
} else { } else {
header('location:'.api_get_path(WEB_PATH)); header('location:'.api_get_path(WEB_PATH));
//exit("WARNING UNDEFINED UID !! "); //exit("WARNING UNDEFINED UID !! ");
@ -781,8 +842,8 @@ if (isset($cidReset) && $cidReset) {
Session::erase('_course'); Session::erase('_course');
if (!empty($_SESSION)) { if (!empty($_SESSION)) {
foreach($_SESSION as $key => $session_item) { foreach ($_SESSION as $key => $session_item) {
if (strpos($key,'lp_autolunch_') === false) { if (strpos($key, 'lp_autolunch_') === false) {
continue; continue;
} else { } else {
if (isset($_SESSION[$key])) { if (isset($_SESSION[$key])) {
@ -818,7 +879,7 @@ if (isset($cidReset) && $cidReset) {
} }
} }
if (empty($_SESSION['_course']) OR empty($_SESSION['_cid'])) { //no previous values... if (empty($_SESSION['_course']) or empty($_SESSION['_cid'])) { //no previous values...
$_cid = -1; //set default values that will be caracteristic of being unset $_cid = -1; //set default values that will be caracteristic of being unset
$_course = -1; $_course = -1;
} else { } else {
@ -892,7 +953,7 @@ if (isset($cidReset) && $cidReset) {
ORDER BY login_course_date DESC LIMIT 0,1"; ORDER BY login_course_date DESC LIMIT 0,1";
$result = Database::query($sql); $result = Database::query($sql);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
$i_course_access_id = Database::result($result,0,0); $i_course_access_id = Database::result($result, 0, 0);
//We update the course tracking table //We update the course tracking table
$sql = "UPDATE $course_tracking_table SET logout_course_date = '$time', counter = counter+1 $sql = "UPDATE $course_tracking_table SET logout_course_date = '$time', counter = counter+1
WHERE course_access_id = ".intval($i_course_access_id)." AND session_id = ".api_get_session_id(); WHERE course_access_id = ".intval($i_course_access_id)." AND session_id = ".api_get_session_id();
@ -927,8 +988,7 @@ $is_courseAdmin = false;
$is_courseTutor = false; $is_courseTutor = false;
$is_courseMember = false; $is_courseMember = false;
if ((isset($uidReset) & & $uidReset) || (isset($cidReset) & & $cidReset)) if ((isset($uidReset) & & $uidReset) || (isset($cidReset) & & $cidReset)) {
{
if (isset($_cid) & & $_cid) { if (isset($_cid) & & $_cid) {
$my_user_id = isset($user_id) ? intval($user_id) : 0; $my_user_id = isset($user_id) ? intval($user_id) : 0;
$variable = 'accept_legal_'.$my_user_id.'_'.$_course['real_id'].'_'.$session_id; $variable = 'accept_legal_'.$my_user_id.'_'.$_course['real_id'].'_'.$session_id;
@ -967,7 +1027,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset))
$is_courseMember = true; $is_courseMember = true;
$_courseUser['role'] = $cuData['role']; $_courseUser['role'] = $cuData['role'];
Session::write('_courseUser',$_courseUser); Session::write('_courseUser', $_courseUser);
} }
// We are in a session course? Check session permissions // We are in a session course? Check session permissions
@ -1120,7 +1180,7 @@ if ((isset($uidReset) && $uidReset) || (isset($cidReset) && $cidReset))
case COURSE_VISIBILITY_OPEN_WORLD: //3 case COURSE_VISIBILITY_OPEN_WORLD: //3
$is_allowed_in_course = true; $is_allowed_in_course = true;
break; break;
case COURSE_VISIBILITY_OPEN_PLATFORM : //2 case COURSE_VISIBILITY_OPEN_PLATFORM: //2
if (isset($user_id) & & !api_is_anonymous($user_id)) { if (isset($user_id) & & !api_is_anonymous($user_id)) {
$is_allowed_in_course = true; $is_allowed_in_course = true;
} }
Yannick Warnier
11 years ago