|
|
|
|
@ -212,10 +212,9 @@ if (api_get_setting('allow_terms_conditions')=='true') { |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ((isset($_POST['login']) && isset($_POST['password']))) { |
|
|
|
|
if ((isset($_POST['login']) && isset($_POST['password']))) { |
|
|
|
|
// $login && $password are given to log in |
|
|
|
|
$login = $_POST['login']; |
|
|
|
|
$password = $_POST['password']; |
|
|
|
|
@ -243,7 +242,7 @@ if (api_get_setting('allow_terms_conditions')=='true') { |
|
|
|
|
if (isset($_POST['password']) && isset($_SESSION['info_current_user'][2]) && $_POST['password']==$_SESSION['info_current_user'][2]) { |
|
|
|
|
$password=$_POST['password']; |
|
|
|
|
} else { |
|
|
|
|
$password = api_get_encrypted_password($password); |
|
|
|
|
$password = api_get_encrypted_password($password); |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
$password = api_get_encrypted_password($password); |
|
|
|
|
@ -272,31 +271,51 @@ if (api_get_setting('allow_terms_conditions')=='true') { |
|
|
|
|
// Check if the expiration date has not been reached |
|
|
|
|
if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { |
|
|
|
|
global $_configuration; |
|
|
|
|
if ($_configuration['multiple_access_urls']==true) { |
|
|
|
|
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table |
|
|
|
|
//Getting the current access_url_id of the platform |
|
|
|
|
$current_access_url_id = api_get_current_access_url_id(); |
|
|
|
|
// my user is subscribed in these sites => $my_url_list |
|
|
|
|
$my_url_list = api_get_access_url_from_user($uData['user_id']); |
|
|
|
|
|
|
|
|
|
if (is_array($my_url_list) && count($my_url_list)>0 ){ |
|
|
|
|
// the user have the permissions to enter at this site |
|
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
event_login(); |
|
|
|
|
} else { |
|
|
|
|
|
|
|
|
|
if ($_configuration['multiple_access_urls'] == true) { |
|
|
|
|
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); |
|
|
|
|
|
|
|
|
|
//Check if user is an admin |
|
|
|
|
$sql = "SELECT user_id FROM $admin_table |
|
|
|
|
WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; |
|
|
|
|
$result = Database::query($sql); |
|
|
|
|
|
|
|
|
|
$my_user_is_admin = false; |
|
|
|
|
if (Database::num_rows($result) > 0) { |
|
|
|
|
$my_user_is_admin = true; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
if ($my_user_is_admin === false) { |
|
|
|
|
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table |
|
|
|
|
//Getting the current access_url_id of the platform |
|
|
|
|
$current_access_url_id = api_get_current_access_url_id(); |
|
|
|
|
// my user is subscribed in these sites => $my_url_list |
|
|
|
|
$my_url_list = api_get_access_url_from_user($uData['user_id']); |
|
|
|
|
|
|
|
|
|
if (is_array($my_url_list) && count($my_url_list)>0 ){ |
|
|
|
|
// the user have the permissions to enter at this site |
|
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
event_login(); |
|
|
|
|
} else { |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
//All admins can login in any multiple URL |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
event_login(); |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
@ -399,10 +418,10 @@ if (api_get_setting('allow_terms_conditions')=='true') { |
|
|
|
|
* - $master variable should be recovered from chamilo settings. |
|
|
|
|
*/ |
|
|
|
|
$master = array( |
|
|
|
|
'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', |
|
|
|
|
'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', |
|
|
|
|
'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', |
|
|
|
|
'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', |
|
|
|
|
'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', |
|
|
|
|
'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', |
|
|
|
|
'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', |
|
|
|
|
'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', |
|
|
|
|
); |
|
|
|
|
$referer = $master['protocol'] . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; |
|
|
|
|
if (isset($_SESSION['_user']['user_id'])) { |
|
|
|
|
@ -418,73 +437,90 @@ if (api_get_setting('allow_terms_conditions')=='true') { |
|
|
|
|
header('Location: '. $master['protocol'] . $master['domain'] . $master['deauth_uri']); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} elseif(!$logout) { |
|
|
|
|
$master_url = $master['domain'] . $master['auth_uri']; |
|
|
|
|
// Handle cookie comming from Master Server |
|
|
|
|
if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { |
|
|
|
|
// Target to redirect after success SSO |
|
|
|
|
$target = api_get_path(WEB_PATH); |
|
|
|
|
// Redirect to master server |
|
|
|
|
header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); |
|
|
|
|
exit; |
|
|
|
|
} elseif (isset($_GET['sso_cookie'])) { |
|
|
|
|
if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { |
|
|
|
|
$sso = unserialize(base64_decode($_GET['sso_cookie'])); |
|
|
|
|
//lookup the user in the main database |
|
|
|
|
$user_table = Database::get_main_table(TABLE_MAIN_USER); |
|
|
|
|
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date |
|
|
|
|
} elseif(!$logout) { |
|
|
|
|
$master_url = $master['domain'] . $master['auth_uri']; |
|
|
|
|
// Handle cookie comming from Master Server |
|
|
|
|
if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { |
|
|
|
|
// Target to redirect after success SSO |
|
|
|
|
$target = api_get_path(WEB_PATH); |
|
|
|
|
// Redirect to master server |
|
|
|
|
header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); |
|
|
|
|
exit; |
|
|
|
|
} elseif (isset($_GET['sso_cookie'])) { |
|
|
|
|
if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { |
|
|
|
|
$sso = unserialize(base64_decode($_GET['sso_cookie'])); |
|
|
|
|
//lookup the user in the main database |
|
|
|
|
$user_table = Database::get_main_table(TABLE_MAIN_USER); |
|
|
|
|
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date |
|
|
|
|
FROM $user_table |
|
|
|
|
WHERE username = '".trim(addslashes($sso['username']))."'"; |
|
|
|
|
|
|
|
|
|
$result = Database::query($sql); |
|
|
|
|
|
|
|
|
|
if (Database::num_rows($result) > 0) { |
|
|
|
|
$uData = Database::fetch_array($result); |
|
|
|
|
// check the user's password |
|
|
|
|
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { |
|
|
|
|
// Make sure password is encrypted with md5 |
|
|
|
|
if (!$userPasswordCrypted) { |
|
|
|
|
$uData['password'] = md5($uData['password']); |
|
|
|
|
} |
|
|
|
|
//the authentification of this user is managed by Dokeos itself// check the user's password |
|
|
|
|
// password hash comes into a sha1 |
|
|
|
|
if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { |
|
|
|
|
// check if the account is active (not locked) |
|
|
|
|
if ($uData['active']=='1') { |
|
|
|
|
// check if the expiration date has not been reached |
|
|
|
|
if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { |
|
|
|
|
global $_configuration; |
|
|
|
|
if ($_configuration['multiple_access_urls'] == true) { |
|
|
|
|
//check the access_url configuration setting if the user is registered in the access_url_rel_user table |
|
|
|
|
//getting the current access_url_id of the platform |
|
|
|
|
$current_access_url_id = api_get_current_access_url_id(); |
|
|
|
|
// my user is subscribed in these sites => $my_url_list |
|
|
|
|
$my_url_list = api_get_access_url_from_user($uData['user_id']); |
|
|
|
|
|
|
|
|
|
if (is_array($my_url_list) && count($my_url_list)>0 ) { |
|
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
|
// the user has permission to enter at this site |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
event_login(); |
|
|
|
|
|
|
|
|
|
// Redirect to homepage |
|
|
|
|
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; |
|
|
|
|
header('Location: '. $sso_target); |
|
|
|
|
} else { |
|
|
|
|
// user does not have permission for this site |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
// there is no URL in the multiple urls list for this user |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
$result = Database::query($sql); |
|
|
|
|
|
|
|
|
|
if (Database::num_rows($result) > 0) { |
|
|
|
|
$uData = Database::fetch_array($result); |
|
|
|
|
//Check the user's password |
|
|
|
|
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { |
|
|
|
|
// Make sure password is encrypted with md5 |
|
|
|
|
if (!$userPasswordCrypted) { |
|
|
|
|
$uData['password'] = md5($uData['password']); |
|
|
|
|
} |
|
|
|
|
//the authentification of this user is managed by Dokeos itself// check the user's password |
|
|
|
|
// password hash comes into a sha1 |
|
|
|
|
if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { |
|
|
|
|
//Check if the account is active (not locked) |
|
|
|
|
if ($uData['active']=='1') { |
|
|
|
|
// check if the expiration date has not been reached |
|
|
|
|
if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { |
|
|
|
|
global $_configuration; |
|
|
|
|
if ($_configuration['multiple_access_urls'] == true) { |
|
|
|
|
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); |
|
|
|
|
//Check if user is an admin |
|
|
|
|
$sql = "SELECT user_id FROM $admin_table |
|
|
|
|
WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; |
|
|
|
|
$result = Database::query($sql); |
|
|
|
|
$my_user_is_admin = false; |
|
|
|
|
if (Database::num_rows($result) > 0) { |
|
|
|
|
$my_user_is_admin = true; |
|
|
|
|
} |
|
|
|
|
if ($my_user_is_admin === false) { |
|
|
|
|
//check the access_url configuration setting if the user is registered in the access_url_rel_user table |
|
|
|
|
//getting the current access_url_id of the platform |
|
|
|
|
$current_access_url_id = api_get_current_access_url_id(); |
|
|
|
|
// my user is subscribed in these sites => $my_url_list |
|
|
|
|
$my_url_list = api_get_access_url_from_user($uData['user_id']); |
|
|
|
|
|
|
|
|
|
if (is_array($my_url_list) && count($my_url_list)>0 ) { |
|
|
|
|
if (in_array($current_access_url_id, $my_url_list)) { |
|
|
|
|
// the user has permission to enter at this site |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
event_login(); |
|
|
|
|
|
|
|
|
|
// Redirect to homepage |
|
|
|
|
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; |
|
|
|
|
header('Location: '. $sso_target); |
|
|
|
|
} else { |
|
|
|
|
// user does not have permission for this site |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
// there is no URL in the multiple urls list for this user |
|
|
|
|
$loginFailed = true; |
|
|
|
|
api_session_unregister('_uid'); |
|
|
|
|
header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); |
|
|
|
|
exit; |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
//User is an admin, he can login wherever he wants |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
api_session_register('_user'); |
|
|
|
|
event_login(); |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
//single URL access |
|
|
|
|
$_user['user_id'] = $uData['user_id']; |
|
|
|
|
|
Julio Montoya
15 years ago