1 | <?php |
||
2 | /* For licensing terms, see /license.txt */ |
||
3 | |||
4 | use Chamilo\UserBundle\Entity\User; |
||
5 | use ChamiloSession as Session; |
||
6 | |||
7 | /** |
||
8 | * Class Login. |
||
9 | * |
||
10 | * @author Olivier Cauberghe <[email protected]>, Ghent University |
||
11 | * @author Julio Montoya <[email protected]> |
||
12 | * |
||
13 | * @package chamilo.login |
||
14 | */ |
||
15 | class Login |
||
16 | { |
||
17 | /** |
||
18 | * Get user account list. |
||
19 | * |
||
20 | * @param array $user array with keys: email, password, uid, loginName |
||
21 | * @param bool $reset |
||
22 | * @param bool $by_username |
||
23 | * |
||
24 | * @return string |
||
25 | */ |
||
26 | public static function get_user_account_list($user, $reset = false, $by_username = false) |
||
27 | { |
||
28 | $portal_url = api_get_path(WEB_PATH); |
||
29 | |||
30 | if (api_is_multiple_url_enabled()) { |
||
31 | $access_url_id = api_get_current_access_url_id(); |
||
32 | if ($access_url_id != -1) { |
||
33 | $url = api_get_access_url($access_url_id); |
||
34 | $portal_url = $url['url']; |
||
35 | } |
||
36 | } |
||
37 | |||
38 | if ($reset) { |
||
39 | if ($by_username) { |
||
40 | $secret_word = self::get_secret_word($user['email']); |
||
41 | if ($reset) { |
||
42 | $reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$user['uid']; |
||
43 | $reset_link = Display::url($reset_link, $reset_link); |
||
44 | } else { |
||
45 | $reset_link = get_lang('Pass')." : $user[password]"; |
||
46 | } |
||
47 | $user_account_list = get_lang('YourRegistrationData')." : \n". |
||
48 | get_lang('UserName').' : '.$user['loginName']."\n". |
||
49 | get_lang('ResetLink').' : '.$reset_link; |
||
50 | |||
51 | if ($user_account_list) { |
||
52 | $user_account_list = "\n-----------------------------------------------\n".$user_account_list; |
||
53 | } |
||
54 | } else { |
||
55 | foreach ($user as $this_user) { |
||
56 | $secret_word = self::get_secret_word($this_user['email']); |
||
57 | if ($reset) { |
||
58 | $reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$this_user['uid']; |
||
59 | $reset_link = Display::url($reset_link, $reset_link); |
||
60 | } else { |
||
61 | $reset_link = get_lang('Pass')." : $this_user[password]"; |
||
62 | } |
||
63 | $user_account_list[] = |
||
64 | get_lang('YourRegistrationData')." : \n". |
||
65 | get_lang('UserName').' : '.$this_user['loginName']."\n". |
||
66 | get_lang('ResetLink').' : '.$reset_link; |
||
67 | } |
||
68 | if ($user_account_list) { |
||
69 | $user_account_list = implode("\n-----------------------------------------------\n", $user_account_list); |
||
70 | } |
||
71 | } |
||
72 | } else { |
||
73 | if (!$by_username) { |
||
74 | $user = $user[0]; |
||
75 | } |
||
76 | $reset_link = get_lang('Pass')." : $user[password]"; |
||
77 | $user_account_list = |
||
78 | get_lang('YourRegistrationData')." : \n". |
||
79 | get_lang('UserName').' : '.$user['loginName']."\n". |
||
80 | $reset_link.''; |
||
81 | } |
||
82 | |||
83 | return $user_account_list; |
||
84 | } |
||
85 | |||
86 | /** |
||
87 | * This function sends the actual password to the user. |
||
88 | * |
||
89 | * @param int $user |
||
90 | * |
||
91 | * @return string |
||
92 | * |
||
93 | * @author Olivier Cauberghe <[email protected]>, Ghent University |
||
94 | */ |
||
95 | public static function send_password_to_user($user, $by_username = false) |
||
96 | { |
||
97 | $email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT |
||
98 | |||
99 | if ($by_username) { // Show only for lost password |
||
100 | $user_account_list = self::get_user_account_list($user, false, $by_username); // BODY |
||
101 | $email_to = $user['email']; |
||
102 | } else { |
||
103 | $user_account_list = self::get_user_account_list($user); // BODY |
||
104 | $email_to = $user[0]['email']; |
||
105 | } |
||
106 | |||
107 | $portal_url = api_get_path(WEB_PATH); |
||
108 | if (api_is_multiple_url_enabled()) { |
||
109 | $access_url_id = api_get_current_access_url_id(); |
||
110 | if ($access_url_id != -1) { |
||
111 | $url = api_get_access_url($access_url_id); |
||
112 | $portal_url = $url['url']; |
||
113 | } |
||
114 | } |
||
115 | |||
116 | $email_body = get_lang('YourAccountParam')." ".$portal_url."\n\n$user_account_list"; |
||
117 | // SEND MESSAGE |
||
118 | $sender_name = api_get_person_name( |
||
119 | api_get_setting('administratorName'), |
||
120 | api_get_setting('administratorSurname'), |
||
121 | null, |
||
122 | PERSON_NAME_EMAIL_ADDRESS |
||
123 | ); |
||
124 | $email_body = nl2br($email_body); |
||
125 | |||
126 | $email_admin = api_get_setting('emailAdministrator'); |
||
127 | $result = api_mail_html('', $email_to, $email_subject, $email_body, $sender_name, $email_admin); |
||
128 | if ($result == 1) { |
||
129 | return get_lang('YourPasswordHasBeenReset'); |
||
130 | } else { |
||
131 | $mail = Display::encrypted_mailto_link( |
||
132 | api_get_setting('emailAdministrator'), |
||
133 | api_get_person_name( |
||
134 | api_get_setting('administratorName'), |
||
135 | api_get_setting('administratorSurname') |
||
136 | ) |
||
137 | ); |
||
138 | |||
139 | return sprintf( |
||
140 | get_lang('ThisPlatformWasUnableToSendTheEmailPleaseContactXForMoreInformation'), |
||
141 | |||
142 | ); |
||
143 | } |
||
144 | } |
||
145 | |||
146 | /** |
||
147 | * Handle encrypted password, send an email to a user with his password. |
||
148 | * |
||
149 | * @param int user id |
||
150 | * @param bool $by_username |
||
151 | * |
||
152 | * @return string |
||
153 | * |
||
154 | * @author Olivier Cauberghe <[email protected]>, Ghent University |
||
155 | */ |
||
156 | public static function handle_encrypted_password($user, $by_username = false) |
||
157 | { |
||
158 | $email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT |
||
159 | |||
160 | if ($by_username) { |
||
161 | // Show only for lost password |
||
162 | $user_account_list = self::get_user_account_list($user, true, $by_username); // BODY |
||
163 | $email_to = $user['email']; |
||
164 | } else { |
||
165 | $user_account_list = self::get_user_account_list($user, true); // BODY |
||
166 | $email_to = $user[0]['email']; |
||
167 | } |
||
168 | $email_body = get_lang('DearUser')." :\n".get_lang('password_request')."\n"; |
||
169 | $email_body .= $user_account_list."\n-----------------------------------------------\n\n"; |
||
170 | $email_body .= get_lang('PasswordEncryptedForSecurity'); |
||
171 | $email_body .= "\n\n". |
||
172 | get_lang('SignatureFormula').",\n". |
||
173 | api_get_setting('administratorName')." ". |
||
174 | api_get_setting('administratorSurname')."\n". |
||
175 | get_lang('PlataformAdmin')." - ". |
||
176 | api_get_setting('siteName'); |
||
177 | |||
178 | $sender_name = api_get_person_name( |
||
179 | api_get_setting('administratorName'), |
||
180 | api_get_setting('administratorSurname'), |
||
181 | null, |
||
182 | PERSON_NAME_EMAIL_ADDRESS |
||
183 | ); |
||
184 | $email_admin = api_get_setting('emailAdministrator'); |
||
185 | $email_body = nl2br($email_body); |
||
186 | |||
187 | $result = @api_mail_html( |
||
188 | '', |
||
189 | $email_to, |
||
190 | $email_subject, |
||
191 | $email_body, |
||
192 | $sender_name, |
||
193 | $email_admin |
||
194 | ); |
||
195 | |||
196 | if ($result == 1) { |
||
197 | $passwordEncryption = api_get_configuration_value('password_encryption'); |
||
198 | if ($passwordEncryption === 'none') { |
||
199 | return get_lang('YourPasswordHasBeenEmailed'); |
||
200 | } |
||
201 | |||
202 | return get_lang('AnEmailToResetYourPasswordHasBeenSent'); |
||
203 | } else { |
||
204 | $admin_email = Display::encrypted_mailto_link( |
||
205 | api_get_setting('emailAdministrator'), |
||
206 | api_get_person_name( |
||
207 | api_get_setting('administratorName'), |
||
208 | api_get_setting('administratorSurname') |
||
209 | ) |
||
210 | ); |
||
211 | $message = sprintf( |
||
212 | get_lang('ThisPlatformWasUnableToSendTheEmailPleaseContactXForMoreInformation'), |
||
213 | $admin_email |
||
214 | ); |
||
215 | |||
216 | return $message; |
||
217 | } |
||
218 | } |
||
219 | |||
220 | public static function sendResetEmail(User $user) |
||
221 | { |
||
222 | $uniqueId = api_get_unique_id(); |
||
223 | $user->setConfirmationToken($uniqueId); |
||
224 | $user->setPasswordRequestedAt(new \DateTime()); |
||
225 | |||
226 | Database::getManager()->persist($user); |
||
227 | Database::getManager()->flush(); |
||
228 | |||
229 | $url = api_get_path(WEB_CODE_PATH).'auth/reset.php?token='.$uniqueId; |
||
230 | $link = "<a href=\"$url\">$url</a>"; |
||
231 | $mailSubject = get_lang('ResetPasswordInstructions'); |
||
232 | $mailBody = sprintf( |
||
233 | get_lang('ResetPasswordCommentWithUrl'), |
||
234 | $link |
||
235 | ); |
||
236 | |||
237 | api_mail_html( |
||
238 | UserManager::formatUserFullName($user), |
||
239 | $user->getEmail(), |
||
240 | $mailSubject, |
||
241 | $mailBody |
||
242 | ); |
||
243 | Display::addFlash(Display::return_message(get_lang('CheckYourEmailAndFollowInstructions'))); |
||
244 | } |
||
245 | |||
246 | /** |
||
247 | * Gets the secret word. |
||
248 | * |
||
249 | * @author Olivier Cauberghe <[email protected]>, Ghent University |
||
250 | */ |
||
251 | public static function get_secret_word($add) |
||
252 | { |
||
253 | return $secret_word = sha1($add); |
||
254 | } |
||
255 | |||
256 | /** |
||
257 | * Resets a password. |
||
258 | * |
||
259 | * @author Olivier Cauberghe <[email protected]>, Ghent University |
||
260 | */ |
||
261 | public static function reset_password($secret, $id, $by_username = false) |
||
262 | { |
||
263 | $tbl_user = Database::get_main_table(TABLE_MAIN_USER); |
||
264 | $id = (int) $id; |
||
265 | $sql = "SELECT |
||
266 | user_id AS uid, |
||
267 | lastname AS lastName, |
||
268 | firstname AS firstName, |
||
269 | username AS loginName, |
||
270 | password, |
||
271 | email, |
||
272 | auth_source |
||
273 | FROM $tbl_user |
||
274 | WHERE user_id = $id"; |
||
275 | $result = Database::query($sql); |
||
276 | $num_rows = Database::num_rows($result); |
||
277 | |||
278 | if ($result && $num_rows > 0) { |
||
279 | $user = Database::fetch_array($result); |
||
280 | |||
281 | if ($user['auth_source'] === 'extldap') { |
||
282 | return get_lang('CouldNotResetPassword'); |
||
283 | } |
||
284 | } else { |
||
285 | return get_lang('CouldNotResetPassword'); |
||
286 | } |
||
287 | |||
288 | if (self::get_secret_word($user['email']) == $secret) { |
||
289 | // OK, secret word is good. Now change password and mail it. |
||
290 | $user['password'] = api_generate_password(); |
||
291 | UserManager::updatePassword($id, $user['password']); |
||
292 | |||
293 | return self::send_password_to_user($user, $by_username); |
||
294 | } |
||
295 | |||
296 | return get_lang('NotAllowed'); |
||
297 | } |
||
298 | |||
299 | /** |
||
300 | * @global bool $is_platformAdmin |
||
301 | * @global bool $is_allowedCreateCourse |
||
302 | * @global object $_user |
||
303 | * |
||
304 | * @param bool $reset |
||
305 | */ |
||
306 | public static function init_user($user_id, $reset) |
||
307 | { |
||
308 | global $is_platformAdmin; |
||
309 | global $is_allowedCreateCourse; |
||
310 | global $_user; |
||
311 | |||
312 | if (isset($reset) && $reset) { // session data refresh requested |
||
313 | unset($_SESSION['_user']['uidReset']); |
||
314 | $is_platformAdmin = false; |
||
315 | $is_allowedCreateCourse = false; |
||
316 | $_user['user_id'] = $user_id; |
||
317 | |||
318 | if (isset($_user['user_id']) && $_user['user_id'] && !api_is_anonymous()) { |
||
319 | // a uid is given (log in succeeded) |
||
320 | $user_table = Database::get_main_table(TABLE_MAIN_USER); |
||
321 | $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); |
||
322 | |||
323 | $sql = "SELECT user.*, a.user_id is_admin |
||
324 | FROM $user_table |
||
325 | LEFT JOIN $admin_table a |
||
326 | ON user.user_id = a.user_id |
||
327 | WHERE user.user_id = ".$_user['user_id']; |
||
328 | |||
329 | $result = Database::query($sql); |
||
330 | |||
331 | if (Database::num_rows($result) > 0) { |
||
332 | // Extracting the user data |
||
333 | |||
334 | $uData = Database::fetch_array($result); |
||
335 | |||
336 | $_user['firstName'] = $uData['firstname']; |
||
337 | $_user['lastName'] = $uData['lastname']; |
||
338 | $_user['mail'] = $uData['email']; |
||
339 | $_user['official_code'] = $uData['official_code']; |
||
340 | $_user['picture_uri'] = $uData['picture_uri']; |
||
341 | $_user['user_id'] = $uData['user_id']; |
||
342 | $_user['language'] = $uData['language']; |
||
343 | $_user['auth_source'] = $uData['auth_source']; |
||
344 | $_user['theme'] = $uData['theme']; |
||
345 | $_user['status'] = $uData['status']; |
||
346 | |||
347 | $is_platformAdmin = (bool) (!is_null($uData['is_admin'])); |
||
348 | $is_allowedCreateCourse = (bool) (($uData['status'] == 1) or (api_get_setting('drhCourseManagerRights') and $uData['status'] == 4)); |
||
349 | ConditionalLogin::check_conditions($uData); |
||
350 | |||
351 | Session::write('_user', $_user); |
||
352 | UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true'); |
||
353 | Session::write('is_platformAdmin', $is_platformAdmin); |
||
354 | Session::write('is_allowedCreateCourse', $is_allowedCreateCourse); |
||
355 | } else { |
||
356 | header('location:'.api_get_path(WEB_PATH)); |
||
357 | //exit("WARNING UNDEFINED UID !! "); |
||
358 | } |
||
359 | } else { // no uid => logout or Anonymous |
||
360 | Session::erase('_user'); |
||
361 | Session::erase('_uid'); |
||
362 | } |
||
363 | |||
364 | Session::write('is_platformAdmin', $is_platformAdmin); |
||
365 | Session::write('is_allowedCreateCourse', $is_allowedCreateCourse); |
||
366 | } else { // continue with the previous values |
||
367 | $_user = $_SESSION['_user']; |
||
368 | $is_platformAdmin = $_SESSION['is_platformAdmin']; |
||
369 | $is_allowedCreateCourse = $_SESSION['is_allowedCreateCourse']; |
||
370 | } |
||
371 | } |
||
372 | |||
373 | /** |
||
374 | * @deprecated |
||
375 | * |
||
376 | * @global bool $is_platformAdmin |
||
377 | * @global bool $is_allowedCreateCourse |
||
378 | * @global object $_user |
||
379 | * @global int $_cid |
||
380 | * @global array $_course |
||
381 | * @global int $_real_cid |
||
382 | * @global type $_courseUser |
||
383 | * @global type $is_courseAdmin |
||
384 | * @global type $is_courseTutor |
||
385 | * @global type $is_session_general_coach |
||
386 | * @global type $is_courseMember |
||
387 | * @global type $is_sessionAdmin |
||
388 | * @global type $is_allowed_in_course |
||
389 | * |
||
390 | * @param type $course_id |
||
391 | * @param bool $reset |
||
392 | */ |
||
393 | public static function init_course($course_id, $reset) |
||
394 | { |
||
395 | global $is_platformAdmin; |
||
396 | global $_user; |
||
397 | |||
398 | global $_cid; |
||
399 | global $_course; |
||
400 | global $_real_cid; |
||
401 | |||
402 | global $is_courseAdmin; //course teacher |
||
403 | global $is_courseTutor; //course teacher - some rights |
||
404 | global $is_session_general_coach; //course coach |
||
405 | global $is_courseMember; //course student |
||
406 | global $is_sessionAdmin; |
||
407 | global $is_allowed_in_course; |
||
408 | |||
409 | if ($reset) { |
||
410 | // Course session data refresh requested or empty data |
||
411 | if ($course_id) { |
||
412 | $course_table = Database::get_main_table(TABLE_MAIN_COURSE); |
||
413 | $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); |
||
414 | $sql = "SELECT course.*, course_category.code faCode, course_category.name faName |
||
415 | FROM $course_table |
||
416 | LEFT JOIN $course_cat_table |
||
417 | ON course.category_code = course_category.code |
||
418 | WHERE course.code = '$course_id'"; |
||
419 | $result = Database::query($sql); |
||
420 | |||
421 | if (Database::num_rows($result) > 0) { |
||
422 | $course_data = Database::fetch_array($result); |
||
423 | //@TODO real_cid should be cid, for working with numeric course id |
||
424 | $_real_cid = $course_data['id']; |
||
425 | |||
426 | $_cid = $course_data['code']; |
||
427 | $_course = []; |
||
428 | $_course['real_id'] = $course_data['id']; |
||
429 | $_course['id'] = $course_data['code']; //auto-assigned integer |
||
430 | $_course['code'] = $course_data['code']; |
||
431 | $_course['name'] = $course_data['title']; |
||
432 | $_course['title'] = $course_data['title']; |
||
433 | $_course['official_code'] = $course_data['visual_code']; // use in echo |
||
434 | $_course['sysCode'] = $course_data['code']; // use as key in db |
||
435 | $_course['path'] = $course_data['directory']; // use as key in path |
||
436 | $_course['titular'] = $course_data['tutor_name']; // this should be deprecated and use the table course_rel_user |
||
437 | $_course['language'] = $course_data['course_language']; |
||
438 | $_course['extLink']['url'] = $course_data['department_url']; |
||
439 | $_course['extLink']['name'] = $course_data['department_name']; |
||
440 | $_course['categoryCode'] = $course_data['faCode']; |
||
441 | $_course['categoryName'] = $course_data['faName']; |
||
442 | $_course['visibility'] = $course_data['visibility']; |
||
443 | $_course['subscribe_allowed'] = $course_data['subscribe']; |
||
444 | $_course['unsubscribe'] = $course_data['unsubscribe']; |
||
445 | $_course['activate_legal'] = $course_data['activate_legal']; |
||
446 | $_course['show_score'] = $course_data['show_score']; //used in the work tool |
||
447 | |||
448 | Session::write('_cid', $_cid); |
||
449 | Session::write('_course', $_course); |
||
450 | |||
451 | //@TODO real_cid should be cid, for working with numeric course id |
||
452 | Session::write('_real_cid', $_real_cid); |
||
453 | |||
454 | // if a session id has been given in url, we store the session |
||
455 | |||
456 | // Database Table Definitions |
||
457 | $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); |
||
458 | |||
459 | if (!empty($_GET['id_session'])) { |
||
460 | $_SESSION['id_session'] = intval($_GET['id_session']); |
||
461 | $sql = 'SELECT name FROM '.$tbl_session.' WHERE id="'.intval($_SESSION['id_session']).'"'; |
||
462 | $rs = Database::query($sql); |
||
463 | if ($rs != null) { |
||
464 | list($_SESSION['session_name']) = Database::fetch_array($rs); |
||
465 | } |
||
466 | } else { |
||
467 | Session::erase('session_name'); |
||
468 | Session::erase('id_session'); |
||
469 | } |
||
470 | |||
471 | if (!isset($_SESSION['login_as'])) { |
||
472 | // Course login |
||
473 | if (isset($_user['user_id'])) { |
||
474 | Event::eventCourseLogin( |
||
475 | api_get_course_int_id(), |
||
476 | $_user['user_id'], |
||
477 | api_get_session_id() |
||
478 | ); |
||
479 | } |
||
480 | } |
||
481 | } else { |
||
482 | //exit("WARNING UNDEFINED CID !! "); |
||
483 | header('location:'.api_get_path(WEB_PATH)); |
||
484 | } |
||
485 | } else { |
||
486 | Session::erase('_cid'); |
||
487 | Session::erase('_real_cid'); |
||
488 | Session::erase('_course'); |
||
489 | |||
490 | if (!empty($_SESSION)) { |
||
491 | foreach ($_SESSION as $key => $session_item) { |
||
492 | if (strpos($key, 'lp_autolaunch_') === false) { |
||
493 | continue; |
||
494 | } else { |
||
495 | if (isset($_SESSION[$key])) { |
||
496 | Session::erase($key); |
||
497 | } |
||
498 | } |
||
499 | } |
||
500 | } |
||
501 | //Deleting session info |
||
502 | if (api_get_session_id()) { |
||
503 | Session::erase('id_session'); |
||
504 | Session::erase('session_name'); |
||
505 | } |
||
506 | } |
||
507 | } else { |
||
508 | // Continue with the previous values |
||
509 | if (empty($_SESSION['_course']) or empty($_SESSION['_cid'])) { //no previous values... |
||
510 | $_cid = -1; //set default values that will be caracteristic of being unset |
||
511 | $_course = -1; |
||
512 | } else { |
||
513 | $_cid = $_SESSION['_cid']; |
||
514 | $_course = $_SESSION['_course']; |
||
515 | |||
516 | // these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid. |
||
517 | // Moreover, if we want to track a course with another session it can be usefull |
||
518 | if (!empty($_GET['id_session'])) { |
||
519 | $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); |
||
520 | $sql = 'SELECT name FROM '.$tbl_session.' WHERE id="'.intval($_SESSION['id_session']).'"'; |
||
521 | $rs = Database::query($sql); |
||
522 | if ($rs != null) { |
||
523 | list($_SESSION['session_name']) = Database::fetch_array($rs); |
||
524 | } |
||
525 | $_SESSION['id_session'] = intval($_GET['id_session']); |
||
526 | } |
||
527 | |||
528 | if (!isset($_SESSION['login_as'])) { |
||
529 | $save_course_access = true; |
||
530 | |||
531 | //The value $_dont_save_user_course_access should be added before the call of global.inc.php see the main/inc/chat.ajax.php file |
||
532 | //Disables the updates in the TRACK_E_COURSE_ACCESS table |
||
533 | global $_dont_save_user_course_access; |
||
534 | if (isset($_dont_save_user_course_access) && $_dont_save_user_course_access == true) { |
||
535 | $save_course_access = false; |
||
536 | } else { |
||
537 | Event::courseLogout( |
||
538 | [ |
||
539 | 'uid' => intval($_user['user_id']), |
||
540 | 'cid' => api_get_course_int_id(), |
||
541 | 'sid' => api_get_session_id(), |
||
542 | ] |
||
543 | ); |
||
544 | } |
||
545 | } |
||
546 | } |
||
547 | } |
||
548 | /* COURSE / USER REL. INIT */ |
||
549 | |||
550 | $session_id = api_get_session_id(); |
||
551 | $user_id = isset($_user['user_id']) ? $_user['user_id'] : null; |
||
552 | |||
553 | //Course permissions |
||
554 | $is_courseAdmin = false; //course teacher |
||
555 | $is_courseTutor = false; //course teacher - some rights |
||
556 | $is_courseMember = false; //course student |
||
557 | //Course - User permissions |
||
558 | $is_sessionAdmin = false; |
||
559 | |||
560 | if ($reset) { |
||
561 | if (isset($user_id) && $user_id && isset($_cid) && $_cid) { |
||
562 | //Check if user is subscribed in a course |
||
563 | $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); |
||
564 | $sql = "SELECT * FROM $course_user_table |
||
565 | WHERE |
||
566 | user_id = '".$user_id."' AND |
||
567 | relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND |
||
568 | c_id = '".$_real_cid."'"; |
||
569 | $result = Database::query($sql); |
||
570 | |||
571 | $cuData = null; |
||
572 | if (Database::num_rows($result) > 0) { |
||
573 | // this user have a recorded state for this course |
||
574 | $cuData = Database::fetch_array($result, 'ASSOC'); |
||
575 | $is_courseAdmin = (bool) $cuData['status'] == 1; |
||
576 | $is_courseTutor = (bool) $cuData['is_tutor'] == 1; |
||
577 | $is_courseMember = true; |
||
578 | |||
579 | // Checking if the user filled the course legal agreement |
||
580 | if ($_course['activate_legal'] == 1 && !api_is_platform_admin()) { |
||
581 | $user_is_subscribed = CourseManager::is_user_accepted_legal( |
||
582 | $user_id, |
||
583 | $_course['id'], |
||
584 | $session_id |
||
585 | ); |
||
586 | |||
587 | if (!$user_is_subscribed) { |
||
588 | $url = api_get_path(WEB_CODE_PATH).'course_info/legal.php?course_code='.$_course['code'].'&session_id='.$session_id; |
||
589 | header('Location: '.$url); |
||
590 | exit; |
||
591 | } |
||
592 | } |
||
593 | } |
||
594 | |||
595 | //We are in a session course? Check session permissions |
||
596 | if (!empty($session_id)) { |
||
597 | //I'm not the teacher of the course |
||
598 | if ($is_courseAdmin == false) { |
||
0 ignored issues
–
show
|
|||
599 | // this user has no status related to this course |
||
600 | // The user is subscribed in a session? The user is a Session coach a Session admin ? |
||
601 | |||
602 | $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); |
||
603 | $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); |
||
604 | |||
605 | //Session coach, session admin, course coach admin |
||
606 | $sql = "SELECT session.id_coach, session_admin_id, session_rcru.user_id |
||
607 | FROM $tbl_session session, $tbl_session_course_user session_rcru |
||
608 | WHERE |
||
609 | session_rcru.session_id = session.id AND |
||
610 | session_rcru.c_id = '$_real_cid' AND |
||
611 | session_rcru.user_id = '$user_id' AND |
||
612 | session_rcru.session_id = $session_id AND |
||
613 | session_rcru.status = 2"; |
||
614 | |||
615 | $result = Database::query($sql); |
||
616 | $row = Database::store_result($result); |
||
617 | |||
618 | //I'm a session admin? |
||
619 | if (isset($row) && isset($row[0]) && $row[0]['session_admin_id'] == $user_id) { |
||
620 | $is_courseMember = false; |
||
621 | $is_courseTutor = false; |
||
622 | $is_courseAdmin = false; |
||
623 | $is_session_general_coach = false; |
||
624 | $is_sessionAdmin = true; |
||
625 | } else { |
||
626 | //Im a coach or a student? |
||
627 | $sql = "SELECT user_id, status |
||
628 | FROM ".$tbl_session_course_user." |
||
629 | WHERE |
||
630 | c_id = '$_cid' AND |
||
631 | user_id = '".$user_id."' AND |
||
632 | session_id = '".$session_id."' |
||
633 | LIMIT 1"; |
||
634 | $result = Database::query($sql); |
||
635 | |||
636 | if (Database::num_rows($result)) { |
||
637 | $row = Database::fetch_array($result, 'ASSOC'); |
||
638 | $session_course_status = $row['status']; |
||
639 | |||
640 | switch ($session_course_status) { |
||
641 | case '2': // coach - teacher |
||
642 | $is_courseMember = true; |
||
643 | $is_courseTutor = true; |
||
644 | $is_session_general_coach = true; |
||
645 | $is_sessionAdmin = false; |
||
646 | |||
647 | if (api_get_setting('extend_rights_for_coach') == 'true') { |
||
648 | $is_courseAdmin = true; |
||
649 | } else { |
||
650 | $is_courseAdmin = false; |
||
651 | } |
||
652 | break; |
||
653 | case '0': //student |
||
654 | $is_courseMember = true; |
||
655 | $is_courseTutor = false; |
||
656 | $is_courseAdmin = false; |
||
657 | $is_sessionAdmin = false; |
||
658 | break; |
||
659 | default: |
||
660 | //unregister user |
||
661 | $is_courseMember = false; |
||
662 | $is_courseTutor = false; |
||
663 | $is_courseAdmin = false; |
||
664 | $is_sessionAdmin = false; |
||
665 | break; |
||
666 | } |
||
667 | } else { |
||
668 | //unregister user |
||
669 | $is_courseMember = false; |
||
670 | $is_courseTutor = false; |
||
671 | $is_courseAdmin = false; |
||
672 | $is_sessionAdmin = false; |
||
673 | } |
||
674 | } |
||
675 | } |
||
676 | |||
677 | //If I'm the admin platform i'm a teacher of the course |
||
678 | if ($is_platformAdmin) { |
||
679 | $is_courseAdmin = true; |
||
680 | } |
||
681 | } |
||
682 | } else { // keys missing => not anymore in the course - user relation |
||
683 | // course |
||
684 | $is_courseMember = false; |
||
685 | $is_courseAdmin = false; |
||
686 | $is_courseTutor = false; |
||
687 | $is_session_general_coach = false; |
||
688 | $is_sessionAdmin = false; |
||
689 | } |
||
690 | |||
691 | //Checking the course access |
||
692 | $is_allowed_in_course = false; |
||
693 | |||
694 | if (isset($_course)) { |
||
695 | switch ($_course['visibility']) { |
||
696 | case COURSE_VISIBILITY_OPEN_WORLD: //3 |
||
697 | $is_allowed_in_course = true; |
||
698 | break; |
||
699 | case COURSE_VISIBILITY_OPEN_PLATFORM: //2 |
||
700 | if (isset($user_id) && !api_is_anonymous($user_id)) { |
||
701 | $is_allowed_in_course = true; |
||
702 | } |
||
703 | break; |
||
704 | case COURSE_VISIBILITY_REGISTERED: //1 |
||
705 | if ($is_platformAdmin || $is_courseMember) { |
||
706 | $is_allowed_in_course = true; |
||
707 | } |
||
708 | break; |
||
709 | case COURSE_VISIBILITY_CLOSED: //0 |
||
710 | if ($is_platformAdmin || $is_courseAdmin) { |
||
711 | $is_allowed_in_course = true; |
||
712 | } |
||
713 | break; |
||
714 | case COURSE_VISIBILITY_HIDDEN: //4 |
||
715 | if ($is_platformAdmin) { |
||
716 | $is_allowed_in_course = true; |
||
717 | } |
||
718 | break; |
||
719 | } |
||
720 | } |
||
721 | |||
722 | // check the session visibility |
||
723 | if ($is_allowed_in_course == true) { |
||
0 ignored issues
–
show
|
|||
724 | //if I'm in a session |
||
725 | |||
726 | if ($session_id != 0) { |
||
727 | if (!$is_platformAdmin) { |
||
728 | // admin and session coach are *not* affected to the invisible session mode |
||
729 | // the coach is not affected because he can log in some days after the end date of a session |
||
730 | $session_visibility = api_get_session_visibility($session_id); |
||
731 | |||
732 | switch ($session_visibility) { |
||
733 | case SESSION_INVISIBLE: |
||
734 | $is_allowed_in_course = false; |
||
735 | break; |
||
736 | } |
||
737 | //checking date |
||
738 | } |
||
739 | } |
||
740 | } |
||
741 | |||
742 | // save the states |
||
743 | Session::write('is_courseAdmin', $is_courseAdmin); |
||
744 | Session::write('is_courseMember', $is_courseMember); |
||
745 | Session::write('is_courseTutor', $is_courseTutor); |
||
746 | Session::write('is_session_general_coach', $is_session_general_coach); |
||
747 | Session::write('is_allowed_in_course', $is_allowed_in_course); |
||
748 | Session::write('is_sessionAdmin', $is_sessionAdmin); |
||
749 | } else { |
||
750 | // continue with the previous values |
||
751 | $is_courseAdmin = Session::read('is_courseAdmin'); |
||
752 | $is_courseTutor = Session::read('is_courseTutor'); |
||
753 | $is_session_general_coach = Session::read('is_session_general_coach'); |
||
754 | $is_courseMember = Session::read('is_courseMember'); |
||
755 | $is_allowed_in_course = Session::read('is_allowed_in_course'); |
||
756 | } |
||
757 | } |
||
758 | |||
759 | /** |
||
760 | * @global int $_cid |
||
761 | * @global array $_course |
||
762 | * @global int $_gid |
||
763 | * |
||
764 | * @param int $group_id |
||
765 | * @param bool $reset |
||
766 | */ |
||
767 | public static function init_group($group_id, $reset) |
||
768 | { |
||
769 | global $_cid; |
||
770 | global $_course; |
||
771 | global $_gid; |
||
772 | |||
773 | if ($reset) { // session data refresh requested |
||
774 | if ($group_id && $_cid && !empty($_course['real_id'])) { // have keys to search data |
||
775 | $group_table = Database::get_course_table(TABLE_GROUP); |
||
776 | $sql = "SELECT * FROM $group_table WHERE c_id = ".$_course['real_id']." AND id = '$group_id'"; |
||
777 | $result = Database::query($sql); |
||
778 | if (Database::num_rows($result) > 0) { // This group has recorded status related to this course |
||
779 | $gpData = Database::fetch_array($result); |
||
780 | $_gid = $gpData['id']; |
||
781 | Session::write('_gid', $_gid); |
||
782 | } else { |
||
783 | Session::erase('_gid'); |
||
784 | } |
||
785 | } elseif (isset($_SESSION['_gid']) || isset($_gid)) { |
||
786 | // Keys missing => not anymore in the group - course relation |
||
787 | Session::erase('_gid'); |
||
788 | } |
||
789 | } elseif (isset($_SESSION['_gid'])) { // continue with the previous values |
||
790 | $_gid = $_SESSION['_gid']; |
||
791 | } else { //if no previous value, assign caracteristic undefined value |
||
792 | $_gid = -1; |
||
793 | } |
||
794 | |||
795 | //set variable according to student_view_enabled choices |
||
796 | if (api_get_setting('student_view_enabled') == "true") { |
||
797 | if (isset($_GET['isStudentView'])) { |
||
798 | if ($_GET['isStudentView'] == 'true') { |
||
799 | if (isset($_SESSION['studentview'])) { |
||
800 | if (!empty($_SESSION['studentview'])) { |
||
801 | // switching to studentview |
||
802 | $_SESSION['studentview'] = 'studentview'; |
||
803 | } |
||
804 | } |
||
805 | } elseif ($_GET['isStudentView'] == 'false') { |
||
806 | if (isset($_SESSION['studentview'])) { |
||
807 | if (!empty($_SESSION['studentview'])) { |
||
808 | // switching to teacherview |
||
809 | $_SESSION['studentview'] = 'teacherview'; |
||
810 | } |
||
811 | } |
||
812 | } |
||
813 | //} elseif (!empty($_SESSION['studentview'])) { |
||
814 | //all is fine, no change to that, obviously |
||
815 | } elseif (empty($_SESSION['studentview'])) { |
||
816 | // We are in teacherview here |
||
817 | $_SESSION['studentview'] = 'teacherview'; |
||
818 | } |
||
819 | } |
||
820 | } |
||
821 | |||
822 | /** |
||
823 | * Returns true if user exists in the platform when asking the password. |
||
824 | * |
||
825 | * @param string $username (email or username) |
||
826 | * |
||
827 | * @return array|bool |
||
828 | */ |
||
829 | public static function get_user_accounts_by_username($username) |
||
830 | { |
||
831 | if (strpos($username, '@')) { |
||
832 | $username = api_strtolower($username); |
||
833 | $email = true; |
||
834 | } else { |
||
835 | $username = api_strtolower($username); |
||
836 | $email = false; |
||
837 | } |
||
838 | |||
839 | if ($email) { |
||
840 | $condition = "LOWER(email) = '".Database::escape_string($username)."' "; |
||
841 | } else { |
||
842 | $condition = "LOWER(username) = '".Database::escape_string($username)."'"; |
||
843 | } |
||
844 | |||
845 | $tbl_user = Database::get_main_table(TABLE_MAIN_USER); |
||
846 | $query = "SELECT |
||
847 | user_id AS uid, |
||
848 | lastname AS lastName, |
||
849 | firstname AS firstName, |
||
850 | username AS loginName, |
||
851 | password, |
||
852 | email, |
||
853 | status AS status, |
||
854 | official_code, |
||
855 | phone, |
||
856 | picture_uri, |
||
857 | creator_id, |
||
858 | auth_source |
||
859 | FROM $tbl_user |
||
860 | WHERE ( $condition AND active = 1) "; |
||
861 | $result = Database::query($query); |
||
862 | $num_rows = Database::num_rows($result); |
||
863 | if ($result && $num_rows > 0) { |
||
864 | return Database::fetch_assoc($result); |
||
865 | } |
||
866 | |||
867 | return false; |
||
868 | } |
||
869 | } |
||
870 |
When comparing two booleans, it is generally considered safer to use the strict comparison operator.