Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
chamilo-lms/main/webservices/cm_webservice.php

320 lines
9.0 KiB

<?php
/* For licensing terms, see /license.txt */
use Chamilo\UserBundle\Entity\User;
/**
* @package chamilo.webservices
*/
require_once __DIR__.'/../inc/global.inc.php';
$libpath = api_get_path(LIBRARY_PATH);
/**
* Error returned by one of the methods of the web service. Contains an error code and an error message
*/
class WSCMError
{
/**
* Error handler. This needs to be a class that implements the interface WSErrorHandler
*
* @var WSErrorHandler
*/
protected static $_handler;
/**
* Error code
*
* @var int
*/
public $code;
/**
* Error message
*
* @var string
*/
public $message;
/**
* Constructor
*
* @param int Error code
* @param string Error message
*/
public function __construct($code, $message)
{
$this->code = $code;
$this->message = $message;
}
/**
* Sets the error handler
*
* @param WSErrorHandler $handler Error handler
*/
public static function setErrorHandler($handler)
{
if ($handler instanceof WSErrorHandler) {
self::$_handler = $handler;
}
}
/**
* Returns the error handler
*
* @return WSErrorHandler Error handler
*/
public static function getErrorHandler()
{
return self::$_handler;
}
/**
* Transforms the error into an array
*
* @return array Associative array with code and message
*/
public function toArray()
{
return array('code' => $this->code, 'message' => $this->message);
}
}
/**
* Interface that must be implemented by any error handler
*/
interface WSCMErrorHandler
{
/**
* Handle method
*
* @param WSError $error Error
*/
public function handle($error);
}
/**
* Main class of the webservice. Webservice classes extend this class
*/
class WSCM
{
/**
* Chamilo configuration
*
* @var array
*/
protected $_configuration;
/**
* Constructor
*/
public function __construct()
{
$this->_configuration = $GLOBALS['_configuration'];
}
/**
* Verifies the API key
*
* @param string $secret_key Secret key
* @return mixed WSError in case of failure, null in case of success
*/
protected function verifyKey($secret_key)
{
$ip = trim($_SERVER['REMOTE_ADDR']);
// if we are behind a reverse proxy, assume it will send the
// HTTP_X_FORWARDED_FOR header and use this IP instead
if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
list($ip1, $ip2) = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
$ip = trim($ip1);
}
$security_key = $ip.$this->_configuration['security_key'];
if (!api_is_valid_secret_key($secret_key, $security_key)) {
return new WSCMError(1, "API key is invalid");
} else {
return null;
}
}
/**
* Verifies if the user is valid
*
* @param string $username of the user in chamilo
* @param string $pass of the same user (in MD5 of SHA)
*
* @return mixed "valid" if username e password are correct! Else, return a message error
*/
public function verifyUserPass($username, $pass)
{
$login = $username;
$password = $pass;
$userRepo = UserManager::getRepository();
/** @var User $uData */
$uData = $userRepo->findOneBy([
'username' => trim(addslashes($login))
]);
if ($uData) {
if ($uData->getAuthSource() == PLATFORM_AUTH_SOURCE) {
$passwordEncoded = UserManager::encryptPassword($password, $uData);
// Check the user's password
if ($passwordEncoded == $uData->getPassword() && (trim($login) == $uData->getUsername())) {
// Check if the account is active (not locked)
if ($uData->getActive()) {
// Check if the expiration date has not been reached
$now = new DateTime();
if ($uData->getExpirationDate() > $now || !$uData->getExpirationDate()) {
return "valid";
} else {
return get_lang('AccountExpired');
}
} else {
return get_lang('AccountInactive');
}
} else {
return get_lang('InvalidId');
}
} else {
return get_lang('AccountURLInactive');
}
}
return get_lang('InvalidId');
}
/**
* Gets the real user id based on the user id field name and value.
* Note that if the user id field name is "chamilo_user_id", it will use the user id
* in the system database
*
* @param string $user_id_field_name User id field name
* @param string $user_id_value User id value
* @return mixed System user id if the user was found, WSError otherwise
*/
protected function getUserId($user_id_field_name, $user_id_value)
{
if ($user_id_field_name == "chamilo_user_id") {
if (UserManager::is_user_id_valid(intval($user_id_value))) {
return intval($user_id_value);
} else {
return new WSCMError(100, "User not found");
}
} else {
$user_id = UserManager::get_user_id_from_original_id(
$user_id_value,
$user_id_field_name
);
if ($user_id == 0) {
return new WSCMError(100, "User not found");
} else {
return $user_id;
}
}
}
/**
* Gets the real course id based on the course id field name and value.
* Note that if the course id field name is "chamilo_course_id", it will use the course id
* in the system database
*
* @param string $course_id_field_name Course id field name
* @param string $course_id_value Course id value
* @return mixed System course id if the course was found, WSError otherwise
*/
protected function getCourseId($course_id_field_name, $course_id_value)
{
if ($course_id_field_name == "chamilo_course_id") {
if (CourseManager::get_course_code_from_course_id($course_id_value) != null) {
return intval($course_id_value);
} else {
return new WSCMError(200, "Course not found");
}
} else {
$courseId = CourseManager::get_course_code_from_original_id(
$course_id_value,
$course_id_field_name
);
if (empty($courseId)) {
return new WSCMError(200, "Course not found");
} else {
return $courseId;
}
}
}
/**
* Gets the real session id based on the session id field name and value.
* Note that if the session id field name is "chamilo_session_id", it will use the session id
* in the system database
*
* @param string $session_id_field_name Session id field name
* @param string $session_id_value Session id value
* @return mixed System session id if the session was found, WSError otherwise
*/
protected function getSessionId($session_id_field_name, $session_id_value)
{
if ($session_id_field_name == "chamilo_session_id") {
$session = SessionManager::fetch((int) $session_id_value);
if (!empty($session)) {
return intval($session_id_value);
} else {
return new WSCMError(300, "Session not found");
}
} else {
$session_id = SessionManager::getSessionIdFromOriginalId(
$session_id_value,
$session_id_field_name
);
if ($session_id == 0) {
return new WSCMError(300, "Session not found");
} else {
return $session_id;
}
}
}
/**
* Handles an error by calling the WSError error handler
*
* @param WSError $error Error
*/
protected function handleError($error)
{
$handler = WSCMError::getErrorHandler();
$handler->handle($error);
}
/**
* Gets a successful result
*
* @return array Array with a code of 0 and a message 'Operation was successful'
*/
protected function getSuccessfulResult()
{
return array('code' => 0, 'message' => 'Operation was successful');
}
/**
* Test function. Returns the string success
*
* @return string Success
*/
public function test()
{
return "success";
}
/**
* *Strictly* reverts PHP's nl2br() effects (whether it was used in XHTML mode or not)
* @param string $string
* @return string
*/
public function nl2br_revert($string)
{
return preg_replace('`<br(?: /)?>([\\n\\r])`', '$1', $string);
}
}