diff --git a/main/auth/sso/sso.class.php b/main/auth/sso/sso.class.php index 6385908e16..e19217a16d 100644 --- a/main/auth/sso/sso.class.php +++ b/main/auth/sso/sso.class.php @@ -77,7 +77,7 @@ class sso { //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status FROM $user_table WHERE username = '".trim(Database::escape_string($sso['username']))."'"; $result = Database::query($sql); @@ -104,84 +104,78 @@ class sso { //Check if the account is active (not locked) if ($uData['active']=='1') { // check if the expiration date has not been reached - if ($uData['expiration_date'] > date('Y-m-d H:i:s') - OR $uData['expiration_date']=='0000-00-00 00:00:00') { + if ($uData['expiration_date'] > date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + //If Multiple URL is enabled if (api_get_multiple_access_url()) { - $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); - //Check if user is an admin - $sql = "SELECT user_id FROM $admin_table - WHERE user_id = '".intval($uData['user_id'])."' LIMIT 1"; - $result = Database::query($sql); - $my_user_is_admin = false; - if (Database::num_rows($result) > 0) { - $my_user_is_admin = true; - } - //Check the access_url configuration setting if - // the user is registered in the - // access_url_rel_user table - //Getting the current access_url_id - // of the platform + //Check the access_url configuration setting if the user is registered in the access_url_rel_user table + //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); // my user is subscribed in these //sites: $my_url_list $my_url_list = api_get_access_url_from_user($uData['user_id']); - if ($my_user_is_admin === false) { - if (is_array($my_url_list) && count($my_url_list)>0 ) { - if (in_array($current_access_url_id, $my_url_list)) { - // the user has permission to enter at this site - $_user = api_get_user_info($_user['user_id']); - Session::write('_user', $_user); - event_login(); - // Redirect to homepage - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; - header('Location: '. $sso_target); - exit; - } else { - // user does not have permission for this site - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } + } else { + $current_access_url_id = 1; + $my_url_list = array(1); + } + + $my_user_is_admin = UserManager::is_admin($uData['user_id']); + + if ($my_user_is_admin === false) { + if (is_array($my_url_list) && count($my_url_list) > 0 ) { + if (in_array($current_access_url_id, $my_url_list)) { + // the user has permission to enter at this site + $_user['user_id'] = $uData['user_id']; + $_user = api_get_user_info($_user['user_id']); + Session::write('_user', $_user); + event_login(); + // Redirect to homepage + $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; + header('Location: '. $sso_target); + exit; } else { - // there is no URL in the multiple - // urls list for this user + // user does not have permission for this site $loginFailed = true; Session::erase('_uid'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); exit; } - } else { - //Only admins of the "main" (first) Chamilo - // portal can login wherever they want - if (in_array(1, $my_url_list)) { - //Check if this admin is admin on the - // principal portal - $_user = api_get_user_info($_user['user_id']); - Session::write('_user', $_user); + } else { + // there is no URL in the multiple + // urls list for this user + $loginFailed = true; + Session::erase('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + //Only admins of the "main" (first) Chamilo + // portal can login wherever they want + if (in_array(1, $my_url_list)) { + //Check if this admin is admin on the + // principal portal + $_user['user_id'] = $uData['user_id']; + $_user = api_get_user_info($_user['user_id']); + $is_platformAdmin = $uData['status'] == COURSEMANAGER; + Session::write('is_platformAdmin', $is_platformAdmin); + Session::write('_user', $_user); + event_login(); + } else { + //Secondary URL admin wants to login + // so we check as a normal user + if (in_array($current_access_url_id, $my_url_list)) { + $_user['user_id'] = $uData['user_id']; + $_user = api_get_user_info($_user['user_id']); + Session::write('_user',$_user); event_login(); } else { - //Secondary URL admin wants to login - // so we check as a normal user - if (in_array($current_access_url_id, $my_url_list)) { - $_user = api_get_user_info($_user['user_id']); - Session::write('_user',$_user); - event_login(); - } else { - $loginFailed = true; - Session::erase('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } + $loginFailed = true; + Session::erase('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; } } - } else { - //Single URL access (Only 1 portal) - $_user = api_get_user_info($_user['user_id']); - Session::write('_user', $_user); - event_login(); - } + } } else { // user account expired $loginFailed = true;