12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607 |
- <?php
- use Chamilo\CoreBundle\Component\Utils\ChamiloApi;
- use ChamiloSession as Session;
- if (api_is_facebook_auth_activated() && !api_get_user_id()) {
- require_once api_get_path(SYS_PATH).'main/auth/external_login/facebook.inc.php';
- if (isset($facebook_config['appId']) && isset($facebook_config['secret'])) {
- facebookConnect();
- }
- }
- if (isset($_SESSION['conditional_login']['uid']) && $_SESSION['conditional_login']['can_login'] === true) {
- $uData = api_get_user_info($_SESSION['conditional_login']['uid']);
- ConditionalLogin::check_conditions($uData);
- $_user['user_id'] = $_SESSION['conditional_login']['uid'];
- $_user['status'] = $uData['status'];
- Session::write('_user', $_user);
- Session::erase('conditional_login');
- $uidReset = true;
- Event::eventLogin($_user['user_id']);
- }
- $logout = isset($_GET['logout']) ? $_GET['logout'] : '';
- $gidReq = isset($_GET['gidReq']) ? (int) $_GET['gidReq'] : '';
- $logoutInfo = [];
- if (!empty($logout) || !empty($cidReset)) {
- $uid = 0;
- if (!empty($_SESSION['_user']) && !empty($_SESSION['_user']['user_id'])) {
- $uid = $_SESSION['_user']['user_id'];
- }
- $cid = 0;
- if (!empty($_SESSION['_cid'])) {
- $cid = api_get_course_int_id($_SESSION['_cid']);
- }
- $logoutInfo = [
- 'uid' => $uid,
- 'cid' => $cid,
- 'sid' => api_get_session_id(),
- ];
- }
- $courseCodeFromSession = api_get_course_id();
- $cidReq = isset($_GET['cidReq']) ? Database::escape_string($_GET['cidReq']) : '';
- $cidReset = isset($cidReset) ? (bool) $cidReset : false;
- $cDir = isset($_GET['cDir']) && !empty($_GET['cDir']) ? $_GET['cDir'] : '';
- if (!empty($cDir) && empty($cidReq)) {
- $courseCode = CourseManager::getCourseCodeFromDirectory($cDir);
- if (!empty($courseCode)) {
- $cidReq = $courseCode;
- }
- }
- if (empty($cidReq) && !empty($courseCodeFromSession)) {
- $cidReq = $courseCodeFromSession;
- }
- if (empty($cidReset)) {
- if ($courseCodeFromSession != $cidReq) {
- $cidReset = true;
- }
- } else {
- $cidReq = null;
- }
- $gidReset = isset($gidReset) ? $gidReset : '';
- $login = isset($_POST["login"]) ? $_POST["login"] : '';
- $logging_in = false;
- if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) {
-
- $_user['user_id'] = $_SESSION['_user']['user_id'];
-
-
- if (isset($_SESSION['_user']['uidReset']) && $_SESSION['_user']['uidReset']) {
- $uidReset = true;
- }
- } else {
- if (isset($_user['user_id'])) {
- unset($_user['user_id']);
- }
- $termsAndCondition = Session::read('term_and_condition');
-
- if (api_get_setting('allow_terms_conditions') === 'true' &&
- api_get_setting('load_term_conditions_section') === 'login'
- ) {
- if (isset($_POST['login']) && isset($_POST['password']) &&
- isset($termsAndCondition['user_id'])
- ) {
-
- $user_id = $termsAndCondition['user_id'];
-
- $legal_type = null;
-
- if (isset($_POST['legal_info'])) {
- $info_legal = explode(':', $_POST['legal_info']);
- $legal_type = LegalManager::get_type_of_terms_and_conditions(
- $info_legal[0],
- $info_legal[1]
- );
- }
-
- if ($legal_type == 1) {
- if ((isset($_POST['legal_accept']) && $_POST['legal_accept'] == '1')) {
- $legal_option = true;
- } else {
- $legal_option = false;
- }
- }
-
- if ($legal_type == 0) {
- $legal_option = true;
- }
- if (isset($_POST['legal_accept_type']) && $legal_option === true) {
- $cond_array = explode(':', $_POST['legal_accept_type']);
- if (!empty($cond_array[0]) && !empty($cond_array[1])) {
- $time = time();
- $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time;
- UserManager::update_extra_field_value(
- $user_id,
- 'legal_accept',
- $condition_to_save
- );
- }
- }
- }
- }
-
- if (api_get_setting('cas_activate') == 'true') {
- $cas_activated = true;
- } else {
- $cas_activated = false;
- }
- $cas_login = false;
- if ($cas_activated && !isset($_user['user_id']) && !isset($_POST['login']) && !$logout) {
- require_once api_get_path(SYS_PATH).'main/auth/cas/authcas.php';
- $cas_login = cas_is_authenticated();
- }
- if ((isset($_POST['login']) && isset($_POST['password'])) || ($cas_login)) {
-
- if ($cas_login && empty($_POST['login'])) {
- $login = $cas_login;
- } else {
- $login = $_POST['login'];
- $password = $_POST['password'];
- }
- $userManager = UserManager::getManager();
- $userRepository = UserManager::getRepository();
-
- $user_table = Database::get_main_table(TABLE_MAIN_USER);
- $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status, salt
- FROM $user_table
- WHERE username = '".Database::escape_string($login)."'";
- $result = Database::query($sql);
- $captchaValidated = true;
- $captcha = api_get_setting('allow_captcha');
- $allowCaptcha = $captcha == 'true';
- if (Database::num_rows($result) > 0) {
- $uData = Database::fetch_array($result, 'ASSOC');
- if ($allowCaptcha) {
-
- if (isset($_POST['captcha'])) {
-
- $captchaText = $_POST['captcha'];
-
- $obj = isset($_SESSION['template.lib']) ? $_SESSION['template.lib'] : null;
- if ($obj) {
- $obj->getPhrase();
- if ($obj->getPhrase() != $captchaText) {
- $captchaValidated = false;
- } else {
- $captchaValidated = true;
- }
- }
- if (isset($_SESSION['captcha_question'])) {
- $captcha_question = $_SESSION['captcha_question'];
- $captcha_question->destroy();
- }
- }
-
- if ($captchaValidated == false) {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_captcha');
- exit;
- }
-
- $blockedUntilDate = api_get_user_blocked_by_captcha($login);
- if (isset($blockedUntilDate) && !empty($blockedUntilDate)) {
- if (time() > api_strtotime($blockedUntilDate, 'UTC')) {
- api_clean_account_captcha($login);
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=blocked_by_captcha');
- exit;
- }
- }
- }
- if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE ||
- $uData['auth_source'] == CAS_AUTH_SOURCE
- ) {
- $validPassword = UserManager::isPasswordValid(
- $uData['password'],
- $password,
- $uData['salt']
- );
- $checkUserFromExternalWebservice = false;
-
- if ($validPassword === false) {
-
- $options = api_get_configuration_value('webservice_validation');
- if (!empty($options) && isset($options['options']) && !empty($options['options'])) {
- $options = $options['options'];
- $soapclient = new nusoap_client($options['wsdl']);
- $function = $options['check_login_function'];
- $params = [
- 'login' => $uData['username'],
- 'password' => $password,
- ];
- $result = $soapclient->call($function, [serialize($params)]);
- if ($error = $soapclient->getError()) {
- error_log('error');
- error_log(print_r($error, 1));
- } elseif ((int) $result === 1) {
- $checkUserFromExternalWebservice = true;
- }
- }
- }
-
- if (($validPassword || $cas_login || $checkUserFromExternalWebservice) &&
- (trim($login) == $uData['username'])
- ) {
-
-
- if (isset($_REQUEST['redirect_after_not_allow_page']) &&
- $_REQUEST['redirect_after_not_allow_page'] == 1
- ) {
- $cidReset = true;
- }
- $update_type = UserManager::get_extra_user_data_by_field(
- $uData['user_id'],
- 'update_type'
- );
- $update_type = isset($update_type['update_type']) ? $update_type['update_type'] : '';
- if (!empty($extAuthSource[$update_type]['updateUser'])
- && file_exists($extAuthSource[$update_type]['updateUser'])
- ) {
- include_once $extAuthSource[$update_type]['updateUser'];
- }
-
- if ($uData['active'] == '1') {
-
- if ($uData['expiration_date'] > date('Y-m-d H:i:s')
- || empty($uData['expiration_date'])
- ) {
- global $_configuration;
- if (api_is_multiple_url_enabled()) {
-
- $my_user_is_admin = UserManager::is_admin($uData['user_id']);
-
- $my_url_list = api_get_access_url_from_user($uData['user_id']);
-
-
-
- $current_access_url_id = api_get_current_access_url_id();
- if ($my_user_is_admin === false) {
-
- if (is_array($my_url_list) &&
- in_array($current_access_url_id, $my_url_list)
- ) {
- ConditionalLogin::check_conditions($uData);
- $_user['user_id'] = $uData['user_id'];
- $_user['status'] = $uData['status'];
- Session::write('_user', $_user);
- Event::eventLogin($_user['user_id']);
- $logging_in = true;
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
-
-
- $location = api_get_path(WEB_PATH)
- .'index.php?loginFailed=1&error=access_url_inactive';
- if ($cas_login) {
- cas_logout(null, $location);
- Event::courseLogout($logoutInfo);
- } else {
- header('Location: '.$location);
- }
- exit;
- }
- } else {
-
- if (in_array(1, $my_url_list)) {
-
- ConditionalLogin::check_conditions($uData);
- $_user['user_id'] = $uData['user_id'];
- $_user['status'] = $uData['status'];
- Session::write('_user', $_user);
- Event::eventLogin($_user['user_id']);
- $logging_in = true;
- } else {
-
- if (in_array($current_access_url_id, $my_url_list)) {
- $_user['user_id'] = $uData['user_id'];
- $_user['status'] = $uData['status'];
- Session::write('_user', $_user);
- Event::eventLogin($_user['user_id']);
- $logging_in = true;
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header(
- 'Location: '.api_get_path(WEB_PATH)
- .'index.php?loginFailed=1&error=access_url_inactive'
- );
- exit;
- }
- }
- }
- } else {
- ConditionalLogin::check_conditions($uData);
- $_user['user_id'] = $uData['user_id'];
- $_user['status'] = $uData['status'];
- Session::write('_user', $_user);
- Event::eventLogin($uData['user_id']);
- $logging_in = true;
- }
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header(
- 'Location: '.api_get_path(WEB_PATH)
- .'index.php?loginFailed=1&error=account_expired'
- );
- exit;
- }
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header(
- 'Location: '.api_get_path(WEB_PATH)
- .'index.php?loginFailed=1&error=account_inactive'
- );
- exit;
- }
- } else {
-
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- if ($allowCaptcha) {
- if (isset($_SESSION['loginFailedCount'])) {
- $_SESSION['loginFailedCount']++;
- } else {
- $_SESSION['loginFailedCount'] = 1;
- }
- $numberMistakesToBlockAccount = api_get_setting('captcha_number_mistakes_to_block_account');
- if (isset($_SESSION['loginFailedCount'])) {
- if ($_SESSION['loginFailedCount'] >= $numberMistakesToBlockAccount) {
- api_block_account_captcha($login);
- }
- }
- }
- header(
- 'Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect'
- );
- exit;
- }
- if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) {
-
-
-
- }
- } elseif (!empty($extAuthSource[$uData['auth_source']]['login'])
- && file_exists($extAuthSource[$uData['auth_source']]['login'])
- ) {
-
- $loginFailed = true;
-
- $key = $uData['auth_source'];
-
- $extraFieldValue = new ExtraFieldValue('user');
- $newLogin = $extraFieldValue->get_values_by_handler_and_field_variable(
- $uData['user_id'],
- 'organisationemail'
- );
- if (!empty($newLogin) && isset($newLogin['value'])) {
- $login = $newLogin['value'];
- }
-
-
- include_once $extAuthSource[$key]['login'];
-
- } else {
-
- error_log(
- 'Chamilo Authentication file defined in'.
- ' $extAuthSource could not be found - this might prevent'.
- ' your system from doing the corresponding authentication'.
- ' process',
- 0
- );
- }
- } else {
- $extraFieldValue = new ExtraFieldValue('user');
- $uData = $extraFieldValue->get_item_id_from_field_variable_and_field_value(
- 'organisationemail',
- $login
- );
- if (!empty($uData)) {
- $uData = api_get_user_info($uData['item_id']);
- if (!empty($extAuthSource[$uData['auth_source']]['login'])
- && file_exists($extAuthSource[$uData['auth_source']]['login'])
- ) {
-
- $loginFailed = true;
-
- $key = $uData['auth_source'];
-
-
- include_once $extAuthSource[$key]['login'];
- }
- } else {
-
-
- $loginFailed = true;
- }
-
- $loginFailed = true;
-
-
- if (isset($extAuthSource) && is_array($extAuthSource)) {
- foreach ($extAuthSource as $thisAuthSource) {
- if (!empty($thisAuthSource['login']) && file_exists($thisAuthSource['login'])) {
- include_once $thisAuthSource['login'];
- }
- if (isset($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) {
- include_once $thisAuthSource['newUser'];
- } else {
- error_log(
- 'Chamilo Authentication external file'.
- ' could not be found - this might prevent your system from using'.
- ' the authentication process in the user creation process',
- 0
- );
- }
- }
- }
- $checkUserInfo = Session::read('_user');
- if ($loginFailed && empty($checkUserInfo)) {
-
- Session::write('loginFailed', '1');
- header(
- 'Location: '.api_get_path(WEB_PATH)
- .'index.php?loginFailed=1&error=user_password_incorrect'
- );
- exit;
- }
- }
- } elseif (api_get_setting('sso_authentication') === 'true'
- && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI']))
- ) {
-
- $subsso = api_get_setting('sso_authentication_subclass');
- if (!empty($subsso)) {
- require_once api_get_path(SYS_CODE_PATH).'auth/sso/sso.'.$subsso.'.class.php';
- $subsso = 'sso'.$subsso;
- $osso = new $subsso();
- } else {
- $osso = new sso();
- }
- if (isset($_SESSION['_user']['user_id'])) {
- if ($logout) {
-
- online_logout($_SESSION['_user']['user_id'], false);
- Event::courseLogout($logoutInfo);
- $osso->logout();
- }
- } elseif (!$logout) {
-
- $forceSsoRedirect = api_get_setting('sso_force_redirect');
- if ($forceSsoRedirect === 'true') {
-
- $redirectToMasterConditions = !isset($_REQUEST['sso_referer']) && !isset($_GET['loginFailed']);
- } else {
-
- $redirectToMasterConditions = !isset($_REQUEST['sso_referer']) && !isset($_GET['loginFailed']) && isset($_GET['sso_cookie']);
- }
- if ($redirectToMasterConditions) {
-
- $osso->ask_master();
- } elseif (isset($_REQUEST['sso_cookie'])) {
-
-
-
- $matches_domain = false;
- if (isset($_REQUEST['sso_referer'])) {
- $protocol = api_get_setting('sso_authentication_protocol');
-
-
- $master_urls = preg_split('/,/', api_get_setting('sso_authentication_domain'));
- if (!empty($master_urls)) {
- $master_auth_uri = api_get_setting('sso_authentication_auth_uri');
- foreach ($master_urls as $mu) {
- if (empty($mu)) {
- continue;
- }
-
-
-
-
- $referrer = substr($_REQUEST['sso_referer'], 0, strrpos($_REQUEST['sso_referer'], '/'));
- if ($protocol.trim($mu) === $referrer) {
- $matches_domain = true;
- break;
- }
- }
- } else {
- error_log(
- 'Your sso_authentication_master param is empty. '.
- 'Check the platform configuration, security section. '.
- 'It can be a list of comma-separated domains'
- );
- }
- }
- if ($matches_domain) {
-
-
- $osso->check_user();
- } else {
- error_log('Check the sso_referer URL in your script, it doesn\'t match any of the possibilities');
-
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=unrecognize_sso_origin');
- exit;
- }
- }
-
- } elseif ($logout) {
-
-
- online_logout(null, false);
- Event::courseLogout($logoutInfo);
- $osso->logout();
- }
- } elseif (api_get_setting('openid_authentication') == 'true') {
- if (!empty($_POST['openid_url'])) {
- include api_get_path(SYS_CODE_PATH).'auth/openid/login.php';
- openid_begin(trim($_POST['openid_url']), api_get_path(WEB_PATH).'index.php');
-
- die('Openid login redirection should be in progress');
- } elseif (!empty($_GET['openid_identity'])) {
- include api_get_path(SYS_CODE_PATH).'auth/openid/login.php';
- $res = openid_complete($_GET);
- if ($res['status'] == 'success') {
- $id1 = Database::escape_string($res['openid.identity']);
-
- $id2 = (substr($id1, -1, 1) == '/' ? substr($id1, 0, -1) : $id1.'/');
-
- $user_table = Database::get_main_table(TABLE_MAIN_USER);
- $sql = "SELECT user_id, username, password, auth_source, active, expiration_date
- FROM $user_table
- WHERE openid = '$id1'
- OR openid = '$id2' ";
- $result = Database::query($sql);
- if ($result !== false) {
- if (Database::num_rows($result) > 0) {
- $uData = Database::fetch_array($result);
- if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
-
-
- if ($uData['active'] == '1') {
-
- if ($uData['expiration_date'] > date('Y-m-d H:i:s')
- || empty($uData['expiration_date'])
- ) {
- $_user['user_id'] = $uData['user_id'];
- $_user['status'] = $uData['status'];
- Session::write('_user', $_user);
- Event::eventLogin($_user['user_id']);
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header('Location: index.php?loginFailed=1&error=account_expired');
- exit;
- }
- } else {
- $loginFailed = true;
- Session::erase('_uid');
- Session::write('loginFailed', '1');
- header('Location: index.php?loginFailed=1&error=account_inactive');
- exit;
- }
- if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) {
-
-
-
- }
- }
- } else {
-
- Session::write('loginFailed', '1');
- header(
- 'Location: '.api_get_path(WEB_CODE_PATH)
- .'auth/inscription.php?username='.$res['openid.sreg.nickname']
- .'&email='.$res['openid.sreg.email']
- .'&openid='.$res['openid.identity']
- .'&openid_msg=idnotfound'
- );
- exit;
-
- }
- } else {
- $loginFailed = true;
- }
- } else {
- $loginFailed = true;
- }
- }
- } elseif (KeyAuth::is_enabled()) {
- $success = KeyAuth::instance()->login();
- if ($success) {
- $use_anonymous = false;
- }
- }
- $uidReset = true;
- $cidReset = true;
- $gidReset = true;
- }
- $maxAnons = api_get_configuration_value('max_anonymous_users');
-
- if (isset($use_anonymous) && $use_anonymous) {
-
-
- $anonResult = api_set_anonymous();
- if ($maxAnons >= 2 && $anonResult) {
- $uidReset = true;
- Event::eventLogin($_user['user_id']);
- }
- } else {
-
-
- api_clear_anonymous();
- }
- if (!empty($cidReq) && (!isset($_SESSION['_cid']) ||
- (isset($_SESSION['_cid']) && $cidReq != $_SESSION['_cid']))
- ) {
- $cidReset = true;
- $gidReset = true;
- }
- if (isset($uidReset) && $uidReset) {
-
- unset($_SESSION['_user']['uidReset']);
- $is_platformAdmin = false;
- $is_allowedCreateCourse = false;
- $isAnonymous = api_is_anonymous();
- if ($maxAnons >= 2) {
- $isAnonymous = false;
- }
- if (isset($_user['user_id']) && $_user['user_id'] && !$isAnonymous) {
-
- $_SESSION['loginFailed'] = false;
- unset($_SESSION['loginFailedCount']);
- unset($_SESSION['loginToBlock']);
- $user_table = Database::get_main_table(TABLE_MAIN_USER);
- $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
- $track_e_login = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
- $sql = "SELECT user.*, a.user_id is_admin, login.login_date
- FROM $user_table
- LEFT JOIN $admin_table a
- ON user.user_id = a.user_id
- LEFT JOIN $track_e_login login
- ON user.user_id = login.login_user_id
- WHERE user.user_id = '".$_user['user_id']."'
- ORDER BY login.login_date DESC LIMIT 1";
- $result = Database::query($sql);
- if (Database::num_rows($result) > 0) {
-
- $uData = Database::fetch_array($result);
- $_user = _api_format_user($uData, false);
- $is_platformAdmin = (bool) (!is_null($uData['is_admin']));
- $is_allowedCreateCourse = (bool) (($uData['status'] == COURSEMANAGER) || (api_get_setting('drhCourseManagerRights') && $uData['status'] == DRH));
- ConditionalLogin::check_conditions($uData);
- Session::write('_user', $_user);
- UserManager::update_extra_field_value($_user['user_id'], 'already_logged_in', 'true');
- Session::write('is_platformAdmin', $is_platformAdmin);
- Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
- } else {
- header('Location:'.api_get_path(WEB_PATH));
- exit;
-
- }
- } else {
- if (!api_is_anonymous()) {
-
- Session::erase('_user');
- Session::erase('_uid');
- }
- }
- Session::write('is_platformAdmin', $is_platformAdmin);
- Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
- } else {
- $_user = $_SESSION['_user'];
- $is_platformAdmin = isset($_SESSION['is_platformAdmin']) ? $_SESSION['is_platformAdmin'] : false;
- $is_allowedCreateCourse = isset($_SESSION['is_allowedCreateCourse']) ? $_SESSION['is_allowedCreateCourse'] : false;
- }
- $logoutCourseCalled = false;
- if (!isset($_SESSION['login_as'])) {
- $save_course_access = true;
- $_course = Session::read('_course');
- if ($_course && isset($_course['real_id'])) {
-
-
-
- if (isset($_dont_save_user_course_access) && $_dont_save_user_course_access == true) {
- $save_course_access = false;
- } else {
- $logoutCourseCalled = true;
- Event::courseLogout($logoutInfo);
- }
- }
- }
- $sessionIdFromGet = isset($_GET['id_session']) ? (int) $_GET['id_session'] : false;
- $sessionIdFromSession = api_get_session_id();
- $checkFromDatabase = false;
- if (($sessionIdFromGet !== false && $sessionIdFromGet !== $sessionIdFromSession) || $cidReset) {
- $cidReset = true;
- $checkFromDatabase = true;
- Session::erase('session_name');
- Session::erase('id_session');
-
- Session::erase('_real_cid');
- Session::erase('_cid');
- Session::erase('_course');
- Session::erase('_gid');
- }
- if ($checkFromDatabase && !empty($sessionIdFromGet)) {
- $sessionInfo = api_get_session_info($sessionIdFromGet);
- if (!empty($sessionInfo)) {
- Session::write('session_name', $sessionInfo['name']);
- Session::write('id_session', $sessionInfo['id']);
- } else {
- $cidReset = true;
- $gidReset = true;
- Session::erase('session_name');
- Session::erase('id_session');
-
- Session::erase('_real_cid');
- Session::erase('_cid');
- Session::erase('_course');
- Session::erase('_gid');
- api_not_allowed(true);
- }
- }
- if ($cidReset) {
-
- if ($cidReq) {
- $_course = api_get_course_info($cidReq);
- if (!empty($_course)) {
-
- $_real_cid = $_course['real_id'];
- $_cid = $_course['code'];
- Session::write('_real_cid', $_real_cid);
- Session::write('_cid', $_cid);
- Session::write('_course', $_course);
- if (!empty($_GET['gidReq'])) {
- $_SESSION['_gid'] = (int) $_GET['gidReq'];
- } else {
- Session::erase('_gid');
- }
-
- if (isset($_user['user_id'])) {
- Event::eventCourseLogin(
- api_get_course_int_id(),
- api_get_user_id(),
- api_get_session_id()
- );
- }
- } else {
-
- header('Location:'.api_get_path(WEB_PATH));
- exit;
- }
- } else {
-
- if ($logoutCourseCalled == false) {
- Event::courseLogout($logoutInfo);
- }
- Session::erase('_cid');
- Session::erase('_real_cid');
- Session::erase('_course');
- Session::erase('session_name');
- Session::erase('id_session');
- if (!empty($_SESSION)) {
- foreach ($_SESSION as $key => $session_item) {
- if (strpos($key, 'lp_autolaunch_') === false) {
- continue;
- } else {
- if (isset($_SESSION[$key])) {
- Session::erase($key);
- }
- }
- }
- }
- if (api_get_group_id()) {
- Session::erase('_gid');
- }
- if (api_is_in_gradebook()) {
- api_remove_in_gradebook();
- }
- }
- } else {
-
- if (empty($_SESSION['_course']) && !empty($_SESSION['_cid'])) {
-
- $_course = api_get_course_info($_SESSION['_cid']);
- if (!empty($_course)) {
- $_real_cid = $_course['real_id'];
- $_cid = $_course['code'];
- Session::write('_real_cid', $_real_cid);
- Session::write('_cid', $_cid);
- Session::write('_course', $_course);
- }
- }
- if (empty($_SESSION['_course']) || empty($_SESSION['_cid'])) {
- $_cid = -1;
- $_course = -1;
- } else {
- $_cid = $_SESSION['_cid'];
- $_course = $_SESSION['_course'];
- if (!empty($_REQUEST['gidReq'])) {
- $_SESSION['_gid'] = (int) $_REQUEST['gidReq'];
- $group_table = Database::get_course_table(TABLE_GROUP);
- $sql = "SELECT * FROM $group_table
- WHERE c_id = ".$_course['real_id']." AND id = '$gidReq'";
- $result = Database::query($sql);
- if (Database::num_rows($result) > 0) {
- $gpData = Database::fetch_array($result);
- $_gid = $gpData['id'];
- Session::write('_gid', $_gid);
- }
- } else {
- Session::write('_gid', 0);
- }
- }
- }
- $session_id = api_get_session_id();
- $user_id = isset($_user['user_id']) ? $_user['user_id'] : null;
- $is_sessionAdmin = false;
- $is_session_general_coach = false;
- $is_courseAdmin = false;
- $is_courseTutor = false;
- $is_courseMember = false;
- if ((isset($uidReset) && $uidReset) || $cidReset) {
- if (isset($_cid) && $_cid) {
- $my_user_id = isset($user_id) ? (int) $user_id : 0;
- $variable = 'accept_legal_'.$my_user_id.'_'.$_course['real_id'].'_'.$session_id;
- $user_pass_open_course = false;
- if (api_check_user_access_to_legal($_course['visibility']) && Session::read($variable)) {
- $user_pass_open_course = true;
- }
-
- if ($_course['activate_legal'] == 1 && !api_is_platform_admin() && !api_is_anonymous()) {
- $user_is_subscribed = CourseManager::is_user_accepted_legal(
- $user_id,
- $_course['id'],
- $session_id
- ) || $user_pass_open_course;
- if (!$user_is_subscribed) {
- $url = api_get_path(WEB_CODE_PATH).'course_info/legal.php?course_code='.$_course['code'].'&session_id='.$session_id;
- header('Location: '.$url);
- exit;
- }
- }
-
- if (api_get_setting('allow_terms_conditions') === 'true' &&
- api_get_setting('load_term_conditions_section') === 'course'
- ) {
- $termAndConditionStatus = api_check_term_condition($user_id);
-
- if ($termAndConditionStatus === false) {
- Session::write('term_and_condition', ['user_id' => $user_id]);
- } else {
- Session::erase('term_and_condition');
- }
- $termsAndCondition = Session::read('term_and_condition');
- if (isset($termsAndCondition['user_id'])) {
-
- $user_id = $termsAndCondition['user_id'];
-
- $legal_type = null;
-
- if (isset($_POST['legal_info'])) {
- $info_legal = explode(':', $_POST['legal_info']);
- $legal_type = LegalManager::get_type_of_terms_and_conditions(
- $info_legal[0],
- $info_legal[1]
- );
- }
-
- if ($legal_type === 1) {
- if (isset($_POST['legal_accept']) && $_POST['legal_accept'] == '1') {
- $legal_option = true;
- } else {
- $legal_option = false;
- }
- }
-
- if ($legal_type == 0) {
- $legal_option = true;
- }
- if (isset($_POST['legal_accept_type']) && $legal_option === true) {
- $cond_array = explode(':', $_POST['legal_accept_type']);
- if (!empty($cond_array[0]) && !empty($cond_array[1])) {
- $time = time();
- $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time;
- UserManager::update_extra_field_value(
- $user_id,
- 'legal_accept',
- $condition_to_save
- );
- }
- }
- $redirect = true;
- $allow = api_get_configuration_value('allow_public_course_with_no_terms_conditions');
- if ($allow === true &&
- isset($_course['visibility']) &&
- $_course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD
- ) {
- $redirect = false;
- }
- if ($redirect && !api_is_platform_admin()) {
- $url = api_get_path(WEB_CODE_PATH).'auth/inscription.php';
- header('Location:'.$url);
- exit;
- }
- }
- }
- }
- if (isset($user_id) && $user_id && isset($_real_cid) && $_real_cid) {
-
- $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
- $sql = "SELECT * FROM $course_user_table
- WHERE
- user_id = '".$user_id."' AND
- relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND
- c_id = '$_real_cid'";
- $result = Database::query($sql);
- $cuData = null;
- if (Database::num_rows($result) > 0) {
- $cuData = Database::fetch_array($result, 'ASSOC');
- $is_courseAdmin = $cuData['status'] == 1;
- $is_courseTutor = $cuData['is_tutor'] == 1;
- $is_courseMember = true;
- }
-
- if (!empty($session_id)) {
- if (!empty($session_id) && !empty($_course)) {
- if (!SessionManager::relation_session_course_exist($session_id, $_course['real_id'])) {
- api_not_allowed(true);
- }
- }
-
- if ($is_courseAdmin == false) {
-
-
- $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
- $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
- $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
-
- $sql = "SELECT session.id_coach, session_admin_id, session_rcru.user_id
- FROM $tbl_session session, $tbl_session_course_user session_rcru
- WHERE
- session_rcru.session_id = session.id AND
- session_rcru.c_id = '$_real_cid' AND
- session_rcru.user_id = '$user_id' AND
- session_rcru.session_id = $session_id AND
- session_rcru.status = 2
- ";
- $result = Database::query($sql);
- $row = Database::store_result($result);
-
- if (isset($row) && isset($row[0]) && $row[0]['session_admin_id'] == $user_id) {
- $is_courseMember = false;
- $is_courseTutor = false;
- $is_courseAdmin = false;
- $is_session_general_coach = false;
- $is_sessionAdmin = true;
- } else {
-
- $sql = "SELECT session.id, session.id_coach
- FROM $tbl_session session
- INNER JOIN $tbl_session_course sc
- ON sc.session_id = session.id
- WHERE session.id = $session_id
- AND session.id_coach = $user_id
- AND sc.c_id = '$_real_cid'";
- $result = Database::query($sql);
- if (Database::num_rows($result)) {
- $is_courseMember = true;
- $is_courseTutor = false;
- $is_session_general_coach = true;
- $is_sessionAdmin = false;
- } else {
-
- $sql = "SELECT cu.user_id, cu.status
- FROM $tbl_session_course_user cu
- WHERE
- c_id = '$_real_cid' AND
- cu.user_id = '".$user_id."' AND
- cu.session_id = '".$session_id."'
- LIMIT 1";
- $result = Database::query($sql);
- if (Database::num_rows($result)) {
- $row = Database::fetch_array($result, 'ASSOC');
- $session_course_status = $row['status'];
- switch ($session_course_status) {
- case '2':
- $is_courseMember = true;
- $is_courseTutor = true;
- $is_session_general_coach = false;
- $is_sessionAdmin = false;
- if (api_get_setting('extend_rights_for_coach') == 'true') {
- $is_courseAdmin = true;
- } else {
- $is_courseAdmin = false;
- }
- break;
- case '0':
- $is_courseMember = true;
- $is_courseTutor = false;
- $is_courseAdmin = false;
- $is_session_general_coach = false;
- $is_sessionAdmin = false;
- break;
- default:
-
- $is_courseMember = false;
- $is_courseTutor = false;
- $is_courseAdmin = false;
- $is_sessionAdmin = false;
- $is_session_general_coach = false;
- break;
- }
- } else {
-
- $is_courseMember = false;
- $is_courseTutor = false;
- $is_courseAdmin = false;
- $is_sessionAdmin = false;
- $is_session_general_coach = false;
- }
- }
- }
-
- if (api_drh_can_access_all_session_content()) {
- $sessionInfo = SessionManager::getSessionFollowedByDrh($user_id, $session_id);
- if (!empty($sessionInfo) && !empty($sessionInfo['course_list'])) {
- if (isset($sessionInfo['course_list'][$_course['real_id']])) {
- $is_courseMember = true;
- $is_courseTutor = false;
- $is_session_general_coach = false;
- $is_sessionAdmin = false;
- }
- }
- }
- }
-
- if ($is_platformAdmin) {
- $is_courseAdmin = true;
- }
- } else {
-
-
-
- if ($is_courseMember == false) {
-
- $courseSession = SessionManager::searchCourseInSessionsFromUser(
- $user_id,
- $_course['real_id']
- );
- $priorityList = [];
- if (!empty($courseSession)) {
- foreach ($courseSession as $courseSessionItem) {
- if (isset($courseSessionItem['session_id'])) {
- $customSessionId = $courseSessionItem['session_id'];
- $visibility = api_get_session_visibility($customSessionId, $_course['real_id']);
- if ($visibility == SESSION_INVISIBLE) {
- continue;
- }
- switch ($visibility) {
- case SESSION_AVAILABLE:
- $priorityList[1][] = $customSessionId;
- break;
- case SESSION_VISIBLE:
- $priorityList[2][] = $customSessionId;
- break;
- case SESSION_VISIBLE_READ_ONLY:
- $priorityList[3][] = $customSessionId;
- break;
- }
- }
- }
- }
- if (!empty($priorityList)) {
- ksort($priorityList);
- foreach ($priorityList as $sessionList) {
- if (empty($sessionList)) {
- continue;
- }
- foreach ($sessionList as $customSessionId) {
- $currentUrl = htmlentities($_SERVER['REQUEST_URI']);
- $currentUrl = str_replace('id_session=0', '', $currentUrl);
- $currentUrl = str_replace('&', '&', $currentUrl);
- if (strpos($currentUrl, '?') !== false) {
- $currentUrl = rtrim($currentUrl, '&');
- $url = $currentUrl.'&id_session='.$customSessionId;
- } else {
- $url = $currentUrl.'?id_session='.$customSessionId;
- }
- $url = str_replace('&&', '&', $url);
-
- Session::erase('_real_cid');
- Session::erase('_cid');
- Session::erase('_course');
- header('Location: '.$url);
- exit;
- }
- }
- }
- }
- }
- } else {
-
- $is_courseMember = false;
- $is_courseAdmin = false;
- $is_courseTutor = false;
- $is_session_general_coach = false;
- $is_sessionAdmin = false;
- }
-
- $is_allowed_in_course = false;
- if (isset($_course) && isset($_course['visibility'])) {
- switch ($_course['visibility']) {
- case COURSE_VISIBILITY_OPEN_WORLD:
- $is_allowed_in_course = true;
- break;
- case COURSE_VISIBILITY_OPEN_PLATFORM:
- $userAccess = api_get_configuration_value('block_registered_users_access_to_open_course_contents');
-
-
- if ($userAccess == false) {
- if (isset($user_id) && !api_is_anonymous($user_id)) {
- $is_allowed_in_course = true;
- }
- } else {
-
-
- $courseCode = $_course['code'];
- $isUserSubscribedInCourse = CourseManager::is_user_subscribed_in_course(
- $user_id,
- $courseCode,
- $session_id
- );
- if (isset($user_id) && ($is_platformAdmin || $isUserSubscribedInCourse === true) && !api_is_anonymous($user_id)) {
- $is_allowed_in_course = true;
- }
- }
- break;
- case COURSE_VISIBILITY_REGISTERED:
- if ($is_platformAdmin || $is_courseMember) {
- $is_allowed_in_course = true;
- }
- break;
- case COURSE_VISIBILITY_CLOSED:
- if ($is_platformAdmin || $is_courseAdmin) {
- $is_allowed_in_course = true;
- }
- break;
- case COURSE_VISIBILITY_HIDDEN:
- if ($is_platformAdmin) {
- $is_allowed_in_course = true;
- }
- break;
- }
- }
- if (!$is_platformAdmin) {
- if (!$is_courseMember &&
- isset($_course['registration_code']) &&
- !empty($_course['registration_code']) &&
- !Session::read('course_password_'.$_course['real_id'], false)
- ) {
-
- if ($is_allowed_in_course) {
-
-
- $url = api_get_path(WEB_CODE_PATH).'auth/set_temp_password.php?course_id='.$_course['real_id'].'&session_id='.$session_id;
- header('Location: '.$url);
- exit;
- } else {
- $is_courseMember = false;
- $is_courseAdmin = false;
- $is_courseTutor = false;
- $is_session_general_coach = false;
- $is_sessionAdmin = false;
- $is_allowed_in_course = false;
- }
- }
- }
- if ($is_allowed_in_course == true) {
-
- if ($session_id != 0) {
- if (!$is_platformAdmin) {
-
- $session_visibility = api_get_session_visibility($session_id);
- switch ($session_visibility) {
- case SESSION_INVISIBLE:
- $is_allowed_in_course = false;
- break;
- }
- }
- }
- }
-
- if (isset($is_courseAdmin)) {
- Session::write('is_courseAdmin', $is_courseAdmin);
- if ($is_courseAdmin) {
- $is_allowed_in_course = true;
- }
- }
- if (isset($is_courseMember)) {
- Session::write('is_courseMember', $is_courseMember);
- }
- if (isset($is_courseTutor)) {
- Session::write('is_courseTutor', $is_courseTutor);
- if ($is_courseTutor) {
- $is_allowed_in_course = true;
- }
- }
- Session::write('is_session_general_coach', $is_session_general_coach);
- Session::write('is_allowed_in_course', $is_allowed_in_course);
- Session::write('is_sessionAdmin', $is_sessionAdmin);
- } else {
-
- $is_courseAdmin = isset($_SESSION['is_courseAdmin']) ? $_SESSION['is_courseAdmin'] : false;
- $is_courseTutor = isset($_SESSION['is_courseTutor']) ? $_SESSION['is_courseTutor'] : false;
- $is_session_general_coach = isset($_SESSION['is_session_general_coach']) ? $_SESSION['is_session_general_coach'] : false;
- $is_courseMember = isset($_SESSION['is_courseMember']) ? $_SESSION['is_courseMember'] : false;
- $is_allowed_in_course = isset($_SESSION['is_allowed_in_course']) ? $_SESSION['is_allowed_in_course'] : false;
- }
- if (api_get_setting('student_view_enabled') == "true") {
- if (isset($_GET['isStudentView'])) {
- if ($_GET['isStudentView'] == 'true') {
- if (isset($_SESSION['studentview'])) {
- if (!empty($_SESSION['studentview'])) {
-
- $_SESSION['studentview'] = 'studentview';
- }
- }
- } elseif ($_GET['isStudentView'] == 'false') {
- if (isset($_SESSION['studentview'])) {
- if (!empty($_SESSION['studentview'])) {
-
- $_SESSION['studentview'] = 'teacherview';
- }
- }
- }
- } elseif (!empty($_SESSION['studentview'])) {
-
- } elseif (empty($_SESSION['studentview'])) {
-
- $_SESSION['studentview'] = 'teacherview';
- }
- }
- if (isset($_cid)) {
- $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
- $time = api_get_utc_datetime();
- $sql = "UPDATE $tbl_course SET last_visit = '$time' WHERE code='$_cid'";
- Database::query($sql);
- }
- if ((isset($cas_login) && $cas_login && exist_firstpage_parameter()) ||
- ($logging_in && exist_firstpage_parameter())
- ) {
- $redirectCourseDir = api_get_firstpage_parameter();
- api_delete_firstpage_parameter();
- if (!isset($_SESSION['request_uri'])) {
- if (CourseManager::getCourseCodeFromDirectory($redirectCourseDir)) {
- $_SESSION['noredirection'] = false;
- $_SESSION['request_uri'] = api_get_path(WEB_COURSE_PATH).$redirectCourseDir.'/';
- }
- }
- } elseif (api_user_is_login() && exist_firstpage_parameter()) {
- $redirectCourseDir = api_get_firstpage_parameter();
- api_delete_firstpage_parameter();
- if (CourseManager::getCourseCodeFromDirectory($redirectCourseDir)) {
- $_SESSION['noredirection'] = false;
- $_SESSION['request_uri'] = api_get_path(WEB_COURSE_PATH).$redirectCourseDir.'/';
- }
- }
- Event::eventCourseLoginUpdate(
- api_get_course_int_id(),
- api_get_user_id(),
- api_get_session_id()
- );
- Redirect::session_request_uri($logging_in, $user_id);
- if (!ChamiloApi::isAjaxRequest() && api_get_configuration_value('allow_mandatory_survey')) {
- SurveyManager::protectByMandatory();
- }
|