diff --git a/main/inc/local.inc.php b/main/inc/local.inc.php index cfa470f16e..351c765415 100755 --- a/main/inc/local.inc.php +++ b/main/inc/local.inc.php @@ -212,10 +212,9 @@ if (api_get_setting('allow_terms_conditions')=='true') { } } } - } - if ((isset($_POST['login']) && isset($_POST['password']))) { + if ((isset($_POST['login']) && isset($_POST['password']))) { // $login && $password are given to log in $login = $_POST['login']; $password = $_POST['password']; @@ -243,7 +242,7 @@ if (api_get_setting('allow_terms_conditions')=='true') { if (isset($_POST['password']) && isset($_SESSION['info_current_user'][2]) && $_POST['password']==$_SESSION['info_current_user'][2]) { $password=$_POST['password']; } else { - $password = api_get_encrypted_password($password); + $password = api_get_encrypted_password($password); } } else { $password = api_get_encrypted_password($password); @@ -272,31 +271,51 @@ if (api_get_setting('allow_terms_conditions')=='true') { // Check if the expiration date has not been reached if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { global $_configuration; - if ($_configuration['multiple_access_urls']==true) { - //Check the access_url configuration setting if the user is registered in the access_url_rel_user table - //Getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - // my user is subscribed in these sites => $my_url_list - $my_url_list = api_get_access_url_from_user($uData['user_id']); - - if (is_array($my_url_list) && count($my_url_list)>0 ){ - // the user have the permissions to enter at this site - if (in_array($current_access_url_id, $my_url_list)) { - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - } else { + + if ($_configuration['multiple_access_urls'] == true) { + $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); + + //Check if user is an admin + $sql = "SELECT user_id FROM $admin_table + WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; + $result = Database::query($sql); + + $my_user_is_admin = false; + if (Database::num_rows($result) > 0) { + $my_user_is_admin = true; + } + + if ($my_user_is_admin === false) { + //Check the access_url configuration setting if the user is registered in the access_url_rel_user table + //Getting the current access_url_id of the platform + $current_access_url_id = api_get_current_access_url_id(); + // my user is subscribed in these sites => $my_url_list + $my_url_list = api_get_access_url_from_user($uData['user_id']); + + if (is_array($my_url_list) && count($my_url_list)>0 ){ + // the user have the permissions to enter at this site + if (in_array($current_access_url_id, $my_url_list)) { + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } else { + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { $loginFailed = true; api_session_unregister('_uid'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); exit; - } - } else { - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } + } + } else { + //All admins can login in any multiple URL + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + } } else { $_user['user_id'] = $uData['user_id']; api_session_register('_user'); @@ -399,10 +418,10 @@ if (api_get_setting('allow_terms_conditions')=='true') { * - $master variable should be recovered from chamilo settings. */ $master = array( - 'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', - 'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', - 'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', - 'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', + 'domain' => api_get_setting('sso_authentication_domain'), // 'localhost/project/drupal5', + 'auth_uri' => api_get_setting('sso_authentication_auth_uri'), // '/?q=user', + 'deauth_uri' => api_get_setting('sso_authentication_unauth_uri'), // '/?q=logout', + 'protocol' => api_get_setting('sso_authentication_protocol') // 'http://', ); $referer = $master['protocol'] . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; if (isset($_SESSION['_user']['user_id'])) { @@ -418,73 +437,90 @@ if (api_get_setting('allow_terms_conditions')=='true') { header('Location: '. $master['protocol'] . $master['domain'] . $master['deauth_uri']); exit; } - } elseif(!$logout) { - $master_url = $master['domain'] . $master['auth_uri']; - // Handle cookie comming from Master Server - if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { - // Target to redirect after success SSO - $target = api_get_path(WEB_PATH); - // Redirect to master server - header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); - exit; - } elseif (isset($_GET['sso_cookie'])) { - if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { - $sso = unserialize(base64_decode($_GET['sso_cookie'])); - //lookup the user in the main database - $user_table = Database::get_main_table(TABLE_MAIN_USER); - $sql = "SELECT user_id, username, password, auth_source, active, expiration_date + } elseif(!$logout) { + $master_url = $master['domain'] . $master['auth_uri']; + // Handle cookie comming from Master Server + if (!isset($_GET['sso_referer']) && !isset($_GET['loginFailed'])) { + // Target to redirect after success SSO + $target = api_get_path(WEB_PATH); + // Redirect to master server + header('Location: ' . $master['protocol'] . $master_url . '&sso_referer=' . urlencode($referer) . '&sso_target=' . urlencode($target)); + exit; + } elseif (isset($_GET['sso_cookie'])) { + if (isset($_GET['sso_referer']) ? $_GET['sso_referer'] === $master['protocol']. $master_url : FALSE) { + $sso = unserialize(base64_decode($_GET['sso_cookie'])); + //lookup the user in the main database + $user_table = Database::get_main_table(TABLE_MAIN_USER); + $sql = "SELECT user_id, username, password, auth_source, active, expiration_date FROM $user_table WHERE username = '".trim(addslashes($sso['username']))."'"; - $result = Database::query($sql); - - if (Database::num_rows($result) > 0) { - $uData = Database::fetch_array($result); - // check the user's password - if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { - // Make sure password is encrypted with md5 - if (!$userPasswordCrypted) { - $uData['password'] = md5($uData['password']); - } - //the authentification of this user is managed by Dokeos itself// check the user's password - // password hash comes into a sha1 - if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { - // check if the account is active (not locked) - if ($uData['active']=='1') { - // check if the expiration date has not been reached - if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { - global $_configuration; - if ($_configuration['multiple_access_urls'] == true) { - //check the access_url configuration setting if the user is registered in the access_url_rel_user table - //getting the current access_url_id of the platform - $current_access_url_id = api_get_current_access_url_id(); - // my user is subscribed in these sites => $my_url_list - $my_url_list = api_get_access_url_from_user($uData['user_id']); - - if (is_array($my_url_list) && count($my_url_list)>0 ) { - if (in_array($current_access_url_id, $my_url_list)) { - // the user has permission to enter at this site - $_user['user_id'] = $uData['user_id']; - api_session_register('_user'); - event_login(); - - // Redirect to homepage - $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; - header('Location: '. $sso_target); - } else { - // user does not have permission for this site - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } - } else { - // there is no URL in the multiple urls list for this user - $loginFailed = true; - api_session_unregister('_uid'); - header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); - exit; - } + $result = Database::query($sql); + + if (Database::num_rows($result) > 0) { + $uData = Database::fetch_array($result); + //Check the user's password + if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { + // Make sure password is encrypted with md5 + if (!$userPasswordCrypted) { + $uData['password'] = md5($uData['password']); + } + //the authentification of this user is managed by Dokeos itself// check the user's password + // password hash comes into a sha1 + if ($sso['secret'] === sha1($uData['password']) && ($sso['username'] == $uData['username'])) { + //Check if the account is active (not locked) + if ($uData['active']=='1') { + // check if the expiration date has not been reached + if ($uData['expiration_date']>date('Y-m-d H:i:s') OR $uData['expiration_date']=='0000-00-00 00:00:00') { + global $_configuration; + if ($_configuration['multiple_access_urls'] == true) { + $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); + //Check if user is an admin + $sql = "SELECT user_id FROM $admin_table + WHERE user_id = '".trim(addslashes($uData['user_id']))."' LIMIT 1"; + $result = Database::query($sql); + $my_user_is_admin = false; + if (Database::num_rows($result) > 0) { + $my_user_is_admin = true; + } + if ($my_user_is_admin === false) { + //check the access_url configuration setting if the user is registered in the access_url_rel_user table + //getting the current access_url_id of the platform + $current_access_url_id = api_get_current_access_url_id(); + // my user is subscribed in these sites => $my_url_list + $my_url_list = api_get_access_url_from_user($uData['user_id']); + + if (is_array($my_url_list) && count($my_url_list)>0 ) { + if (in_array($current_access_url_id, $my_url_list)) { + // the user has permission to enter at this site + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + + // Redirect to homepage + $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) .'.index.php'; + header('Location: '. $sso_target); + } else { + // user does not have permission for this site + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + // there is no URL in the multiple urls list for this user + $loginFailed = true; + api_session_unregister('_uid'); + header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=access_url_inactive'); + exit; + } + } else { + //User is an admin, he can login wherever he wants + $_user['user_id'] = $uData['user_id']; + api_session_register('_user'); + event_login(); + + } } else { //single URL access $_user['user_id'] = $uData['user_id'];