|
|
|
@ -77,7 +77,7 @@ class sso { |
|
|
|
|
|
|
|
|
|
|
|
//lookup the user in the main database |
|
|
|
//lookup the user in the main database |
|
|
|
$user_table = Database::get_main_table(TABLE_MAIN_USER); |
|
|
|
$user_table = Database::get_main_table(TABLE_MAIN_USER); |
|
|
|
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date |
|
|
|
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status |
|
|
|
FROM $user_table |
|
|
|
FROM $user_table |
|
|
|
WHERE username = '".trim(Database::escape_string($sso['username']))."'"; |
|
|
|
WHERE username = '".trim(Database::escape_string($sso['username']))."'"; |
|
|
|
$result = Database::query($sql); |
|
|
|
$result = Database::query($sql); |
|
|
|
@ -104,84 +104,78 @@ class sso { |
|
|
|
//Check if the account is active (not locked) |
|
|
|
//Check if the account is active (not locked) |
|
|
|
if ($uData['active']=='1') { |
|
|
|
if ($uData['active']=='1') { |
|
|
|
// check if the expiration date has not been reached |
|
|
|
// check if the expiration date has not been reached |
|
|
|
if ($uData['expiration_date'] > date('Y-m-d H:i:s') |
|
|
|
if ($uData['expiration_date'] > date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { |
|
|
|
OR $uData['expiration_date']=='0000-00-00 00:00:00') { |
|
|
|
|
|
|
|
//If Multiple URL is enabled |
|
|
|
//If Multiple URL is enabled |
|
|
|
if (api_get_multiple_access_url()) { |
|
|
|
if (api_get_multiple_access_url()) { |
|
|
|
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); |
|
|
|
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table |
|
|
|
//Check if user is an admin |
|
|
|
//Getting the current access_url_id of the platform |
|
|
|
$sql = "SELECT user_id FROM $admin_table |
|
|
|
|
|
|
|
WHERE user_id = '".intval($uData['user_id'])."' LIMIT 1"; |
|
|
|
|
|
|
|
$result = Database::query($sql); |
|
|
|
|
|
|
|
$my_user_is_admin = false; |
|
|
|
|
|
|
|
if (Database::num_rows($result) > 0) { |
|
|
|
|
|
|
|
$my_user_is_admin = true; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
//Check the access_url configuration setting if |
|
|
|
|
|
|
|
// the user is registered in the |
|
|
|
|
|
|
|
// access_url_rel_user table |
|
|
|
|
|
|
|
//Getting the current access_url_id |
|
|
|
|
|
|
|
// of the platform |
|
|
|
|
|
|
|
$current_access_url_id = api_get_current_access_url_id(); |
|
|
|
$current_access_url_id = api_get_current_access_url_id(); |
|
|
|
// my user is subscribed in these |
|
|
|
// my user is subscribed in these |
|
|
|
//sites: $my_url_list |
|
|
|
//sites: $my_url_list |
|
|
|
$my_url_list = api_get_access_url_from_user($uData['user_id']); |
|
|
|
$my_url_list = api_get_access_url_from_user($uData['user_id']); |
|
|
|
if ($my_user_is_admin === false) { |
|
|
|
} else { |
|
|
|
if (is_array($my_url_list) && count($my_url_list)>0 ) { |
|
|
|
$current_access_url_id = 1; |
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
$my_url_list = array(1); |
|
|
|
// the user has permission to enter at this site |
|
|
|
} |
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
|
|
|
|
Session::write('_user', $_user); |
|
|
|
$my_user_is_admin = UserManager::is_admin($uData['user_id']); |
|
|
|
event_login(); |
|
|
|
|
|
|
|
// Redirect to homepage |
|
|
|
if ($my_user_is_admin === false) { |
|
|
|
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; |
|
|
|
if (is_array($my_url_list) && count($my_url_list) > 0 ) { |
|
|
|
header('Location: '. $sso_target); |
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
exit; |
|
|
|
// the user has permission to enter at this site |
|
|
|
} else { |
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
// user does not have permission for this site |
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
$loginFailed = true; |
|
|
|
Session::write('_user', $_user); |
|
|
|
Session::erase('_uid'); |
|
|
|
event_login(); |
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
// Redirect to homepage |
|
|
|
exit; |
|
|
|
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; |
|
|
|
} |
|
|
|
header('Location: '. $sso_target); |
|
|
|
|
|
|
|
exit; |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
// there is no URL in the multiple |
|
|
|
// user does not have permission for this site |
|
|
|
// urls list for this user |
|
|
|
|
|
|
|
$loginFailed = true; |
|
|
|
$loginFailed = true; |
|
|
|
Session::erase('_uid'); |
|
|
|
Session::erase('_uid'); |
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
exit; |
|
|
|
exit; |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
//Only admins of the "main" (first) Chamilo |
|
|
|
// there is no URL in the multiple |
|
|
|
// portal can login wherever they want |
|
|
|
// urls list for this user |
|
|
|
if (in_array(1, $my_url_list)) { |
|
|
|
$loginFailed = true; |
|
|
|
//Check if this admin is admin on the |
|
|
|
Session::erase('_uid'); |
|
|
|
// principal portal |
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
exit; |
|
|
|
Session::write('_user', $_user); |
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
//Only admins of the "main" (first) Chamilo |
|
|
|
|
|
|
|
// portal can login wherever they want |
|
|
|
|
|
|
|
if (in_array(1, $my_url_list)) { |
|
|
|
|
|
|
|
//Check if this admin is admin on the |
|
|
|
|
|
|
|
// principal portal |
|
|
|
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
|
|
|
|
$is_platformAdmin = $uData['status'] == COURSEMANAGER; |
|
|
|
|
|
|
|
Session::write('is_platformAdmin', $is_platformAdmin); |
|
|
|
|
|
|
|
Session::write('_user', $_user); |
|
|
|
|
|
|
|
event_login(); |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
//Secondary URL admin wants to login |
|
|
|
|
|
|
|
// so we check as a normal user |
|
|
|
|
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
|
|
|
|
Session::write('_user',$_user); |
|
|
|
event_login(); |
|
|
|
event_login(); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
//Secondary URL admin wants to login |
|
|
|
$loginFailed = true; |
|
|
|
// so we check as a normal user |
|
|
|
Session::erase('_uid'); |
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
exit; |
|
|
|
Session::write('_user',$_user); |
|
|
|
|
|
|
|
event_login(); |
|
|
|
|
|
|
|
} else { |
|
|
|
|
|
|
|
$loginFailed = true; |
|
|
|
|
|
|
|
Session::erase('_uid'); |
|
|
|
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
|
|
|
exit; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
} |
|
|
|
//Single URL access (Only 1 portal) |
|
|
|
|
|
|
|
$_user = api_get_user_info($_user['user_id']); |
|
|
|
|
|
|
|
Session::write('_user', $_user); |
|
|
|
|
|
|
|
event_login(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
// user account expired |
|
|
|
// user account expired |
|
|
|
$loginFailed = true; |
|
|
|
$loginFailed = true; |
|
|
|
|
Julio Montoya
12 years ago