function process_login()
{
global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails;
if (isset($_POST['uname'])) {
$posted_uname = canonicalize_whitespace($_POST['uname']);
} else {
$posted_uname = '';
}
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$auth = get_auth_active_methods();
$is_eclass_unique = is_eclass_unique();
if (isset($_POST['submit'])) {
unset($_SESSION['uid']);
$auth_allow = 0;
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$auth_allow = 8;
} else {
$sqlLogin = "******";
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname);
//print_r($result);
// cas might have alternative authentication defined
$exists = 0;
if (!isset($_COOKIE) or count($_COOKIE) == 0) {
// Disallow login when cookies are disabled
$auth_allow = 5;
} elseif ($pass === '') {
// Disallow login with empty password
$auth_allow = 4;
} else {
if ($myrow) {
$exists = 1;
if (!empty($auth)) {
if (in_array($myrow->password, $auth_ids)) {
// alternate methods login
$auth_allow = alt_login($myrow, $posted_uname, $pass);
} else {
// eclass login
$auth_allow = login($myrow, $posted_uname, $pass);
}
} else {
$tool_content .= "<br>{$langInvalidAuth}<br>";
}
}
}
if (!$exists and !$auth_allow) {
Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass));
$auth_allow = 4;
}
}
if (!isset($_SESSION['uid'])) {
switch ($auth_allow) {
case 1:
$warning .= "";
session_regenerate_id();
break;
case 2:
$warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
break;
case 3:
$warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>";
break;
case 4:
$warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
increaseLoginFailure();
break;
case 5:
$warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>";
break;
case 6:
$warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>";
break;
case 7:
$warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>";
break;
case 8:
$warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>";
break;
default:
break;
}
} else {
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')");
if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
$next = "modules/auth/mail_verify_change.php";
} elseif (isset($_POST['next'])) {
$next = $_POST['next'];
} else {
$next = '';
}
resetLoginFailure();
redirect_to_home_page($next);
}
}
// end of user authentication
}
function register_posted_variables($var_array, $what = 'all', $callback = null)
{
global $missing_posted_variables;
if (!isset($missing_posted_variables)) {
$missing_posted_variables = array();
}
$all_set = true;
$any_set = false;
foreach ($var_array as $varname => $required) {
if (isset($_POST[$varname])) {
$GLOBALS[$varname] = canonicalize_whitespace($_POST[$varname]);
if ($required and empty($GLOBALS[$varname])) {
$missing_posted_variables[$varname] = true;
$all_set = false;
}
if (!empty($GLOBALS[$varname])) {
$any_set = true;
}
} else {
$GLOBALS[$varname] = '';
if ($required) {
$missing_posted_variables[$varname] = true;
$all_set = false;
}
}
if (is_callable($callback)) {
$GLOBALS[$varname] = $callback($GLOBALS[$varname]);
}
}
if ($what == 'any') {
return $any_set;
} else {
return $all_set;
}
}
/**
* A function to generate event block in month calendar
* @param object $event event to format
* @param string $color event color
* @return icalendar list of user events
*/
public static function icalendar()
{
$ical = "BEGIN:VCALENDAR" . PHP_EOL;
$ical .= "VERSION:2.0" . PHP_EOL;
$show_personal_bak = Calendar_Events::$calsettings->show_personal;
$show_course_bak = Calendar_Events::$calsettings->show_course;
$show_deadline_bak = Calendar_Events::$calsettings->show_deadline;
$show_admin_bak = Calendar_Events::$calsettings->show_admin;
Calendar_Events::set_calendar_settings(1, 1, 1, 1);
Calendar_Events::get_calendar_settings();
$eventlist = Calendar_Events::get_calendar_events();
Calendar_Events::set_calendar_settings($show_personal_bak, $show_course_bak, $show_deadline_bak, $show_admin_bak);
Calendar_Events::get_calendar_settings();
$events = array();
foreach ($eventlist as $event) {
$ical .= "BEGIN:VEVENT" . PHP_EOL;
$startdatetime = new DateTime($event->start);
$ical .= "DTSTART:" . $startdatetime->format("Ymd\\THis") . PHP_EOL;
$duration = new DateTime($event->duration);
$ical .= "DURATION:" . $duration->format("\\P\\TH\\Hi\\Ms\\S") . PHP_EOL;
$ical .= "SUMMARY:[" . strtoupper($event->event_group) . "] " . $event->title . PHP_EOL;
$ical .= "DESCRIPTION:" . canonicalize_whitespace(strip_tags($event->content)) . PHP_EOL;
if ($event->event_group == 'deadline') {
$ical .= "BEGIN:VALARM" . PHP_EOL;
$ical .= "TRIGGER:-PT24H" . PHP_EOL;
$ical .= "DURATION:PT10H" . PHP_EOL;
$ical .= "ACTION:DISPLAY" . PHP_EOL;
$ical .= "DESCRIPTION:DEADLINE REMINDER for " . canonicalize_whitespace(strip_tags($event->title)) . PHP_EOL;
$ical .= "END:VALARM" . PHP_EOL;
}
$ical .= "END:VEVENT" . PHP_EOL;
}
$ical .= "END:VCALENDAR" . PHP_EOL;
return $ical;
}
function process_login() {
global $warning, $surname, $givenname, $email, $status, $is_admin,
$language, $session, $langInvalidId, $langAccountInactive1,
$langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer,
$langHere, $auth_ids, $inactive_uid, $langTooManyFails, $urlAppend;
if (isset($_POST['uname'])) {
$posted_uname = canonicalize_whitespace($_POST['uname']);
} else {
$posted_uname = '';
}
$pass = isset($_POST['pass']) ? trim($_POST['pass']): '';
$auth = get_auth_active_methods();
if (isset($_POST['submit'])) {
unset($_SESSION['uid']);
$auth_allow = 0;
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
AND COUNT > " . intval(get_config('login_fail_threshold')) . "
AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$auth_allow = 8;
} else {
$sqlLogin = "******";
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail
FROM user WHERE username $sqlLogin", $posted_uname);
$guest_user = get_config('course_guest') != 'off' && $myrow && $myrow->status == USER_GUEST;
// cas might have alternative authentication defined
$exists = 0;
if (!isset($_COOKIE) or count($_COOKIE) == 0) {
// Disallow login when cookies are disabled
$auth_allow = 5;
} elseif ($pass === '' and !$guest_user) {
// Disallow login with empty password except for course guest users
$auth_allow = 4;
} else {
if ($myrow) {
$exists = 1;
if (!empty($auth)) {
if (in_array($myrow->password, $auth_ids)) {
// alternate methods login
$auth_allow = alt_login($myrow, $posted_uname, $pass);
} else {
// eclass login
$auth_allow = login($myrow, $posted_uname, $pass);
}
} else {
$tool_content .= "<br>$langInvalidAuth<br>";
}
}
}
if (!$exists and !$auth_allow) {
Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname));
$auth_allow = 4;
}
}
$invalidIdMessage = sprintf($langInvalidId, $urlAppend . 'modules/auth/registration.php');
if (!isset($_SESSION['uid'])) {
switch ($auth_allow) {
case 1:
session_regenerate_id();
break;
case 2:
if (isset($_GET['login_page'])) {
Session::flash('login_error', $invalidIdMessage);
redirect_to_home_page('main/login_form.php');
} else {
$warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>";
}
break;
case 3: $warning .= "<div class='alert alert-warning'>$langAccountInactive1 " .
"<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" .
token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></div>";
break;
case 4:
if (isset($_GET['login_page'])) {
Session::flash('login_error', $invalidIdMessage);
redirect_to_home_page('main/login_form.php');
} else {
$warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>";
increaseLoginFailure();
}
break;
case 5: $warning .= "<div class='alert alert-warning'>$langNoCookies</div>";
break;
case 6: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></div>";
break;
case 7: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></div>";
break;
case 8: $warning .= "<div class='alert alert-warning'>$langTooManyFails</div>";
break;
default:
break;
}
} else {
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) "
. "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')");
$session->setLoginTimestamp();
if (get_config('email_verification_required') and
get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
$next = 'modules/auth/mail_verify_change.php';
} elseif (isset($_POST['next'])) {
$next = $_POST['next'];
} else {
$next = '';
}
resetLoginFailure();
redirect_to_home_page($next);
}
} // end of user authentication
}
Session::Messages("{$langErrorDelete}: {$line}", 'alert-danger');
redirect_to_home_page('modules/admin/multideluser.php');
}
}
}
}
redirect_to_home_page('modules/admin/multideluser.php');
} else {
$usernames = '';
if (isset($_POST['dellall_submit'])) {
// get the incoming values
$search = isset($_POST['search']) ? $_POST['search'] : '';
$c = isset($_POST['c']) ? intval($_POST['c']) : '';
$lname = isset($_POST['lname']) ? $_POST['lname'] : '';
$fname = isset($_POST['fname']) ? $_POST['fname'] : '';
$uname = isset($_POST['uname']) ? canonicalize_whitespace($_POST['uname']) : '';
$am = isset($_POST['am']) ? $_POST['am'] : '';
$verified_mail = isset($_POST['verified_mail']) ? intval($_POST['verified_mail']) : 3;
$user_type = isset($_POST['user_type']) ? $_POST['user_type'] : '';
$auth_type = isset($_POST['auth_type']) ? $_POST['auth_type'] : '';
$email = isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : '';
$reg_flag = isset($_POST['reg_flag']) ? intval($_POST['reg_flag']) : '';
$hour = isset($_POST['hour']) ? $_POST['hour'] : 0;
$minute = isset($_POST['minute']) ? $_POST['minute'] : 0;
// Criteria/Filters
$criteria = array();
$terms = array();
if (isset($_POST['date']) or $hour or $minute) {
$date = explode('-', $_POST['date']);
if (count($date) == 3) {
$day = intval($date[0]);
if (Database::get()->query("UPDATE document SET filename=?s WHERE {$group_sql} AND path = ?s", $_POST['renameTo'] . '.xml', $_POST['sourceFile'] . '.xml')->affectedRows > 0) {
metaRenameDomDocument($basedir . $_POST['sourceFile'] . '.xml', $_POST['renameTo']);
}
}
Session::Messages($langElRen, 'alert-success');
redirect_to_home_page($redirect_base_url, true);
}
// Step 1: Show rename dialog box
if (isset($_GET['rename'])) {
$fileName = Database::get()->querySingle("SELECT filename FROM document\n WHERE {$group_sql} AND\n path = ?s", $_GET['rename'])->filename;
$dialogBox .= "\n \n <div id='rename_doc_file' class='row'>\n <div class='col-xs-12'>\n <div class='form-wrapper'>\n <form class='form-horizontal' role='form' method='post' action='{$_SERVER['SCRIPT_NAME']}?course={$course_code}'>\n <fieldset> \n <input type='hidden' name='sourceFile' value='" . q($_GET['rename']) . "' />\n {$group_hidden_input}\n <div class='form-group'>\n <label for='renameTo' class='col-sm-2 control-label word-wrapping' >" . q($fileName) . "</label>\n <div class='col-sm-10'>\n <input class='form-control' type='text' name='renameTo' value='" . q($fileName) . "' />\n </div>\n </div>\n <div class='form-group'>\n <div class='col-sm-offset-2 col-sm-10'>\n <input class='btn btn-primary' type='submit' value='{$langRename}' >\n </div>\n </div>\n </fieldset>\n </form>\n </div>\n </div>\n </div>";
}
// create directory
// step 2: create the new directory
if (isset($_POST['newDirPath'])) {
$newDirName = canonicalize_whitespace($_POST['newDirName']);
if (!empty($newDirName)) {
$newDirPath = make_path($_POST['newDirPath'], array($newDirName));
// $path_already_exists: global variable set by make_path()
if ($path_already_exists) {
$action_message = "<div class='alert alert-danger'>{$langFileExists}</div>";
} else {
$r = Database::get()->querySingle("SELECT id FROM document WHERE {$group_sql} AND path = ?s", $newDirPath);
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $r->id);
$action_message = "<div class='alert alert-success'>{$langDirCr}</div>";
}
}
}
// step 1: display a field to enter the new dir name
if (isset($_GET['createDir'])) {
$createDir = q($_GET['createDir']);
function quote($s) {
return "'" . addslashes(canonicalize_whitespace($s)) . "'";
}
$require_help = true;
$helpTopic = 'User';
require_once '../../include/baseTheme.php';
require_once 'include/log.php';
$toolName = $langUsers;
$pageName = $langAddManyUsers;
$navigation[] = array("url" => "index.php?course={$course_code}", "name" => $langUsers);
$tool_content .= action_bar(array(array('title' => $langBack, 'url' => "index.php?course={$course_code}", 'icon' => 'fa-reply', 'level' => 'primary')));
if (isset($_POST['submit'])) {
$ok = array();
$not_found = array();
$existing = array();
$field = $_POST['type'] == 'am' ? 'am' : 'username';
$line = strtok($_POST['user_info'], "\n");
while ($line !== false) {
$userid = finduser(canonicalize_whitespace($line), $field);
if (!$userid) {
$not_found[] = $line;
} else {
if (adduser($userid, $course_id)) {
$ok[] = $userid;
} else {
$existing[] = $userid;
}
}
$line = strtok("\n");
}
if (count($not_found)) {
$tool_content .= "<div class='alert alert-warning'>{$langUsersNotExist}<br>";
foreach ($not_found as $uname) {
$tool_content .= q($uname) . '<br>';
require_once 'modules/create_course/functions.php';
$toolName = $langMultiCourse;
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin);
$tool_content .= action_bar(array(array('title' => $langBack, 'url' => "index.php", 'icon' => 'fa-reply', 'level' => 'primary-label')));
if (isset($_POST['submit'])) {
$line = strtok($_POST['courses'], "\n");
$departments = isset($_POST['department']) ? $_POST['department'] : array();
// validation in case it skipped JS validation for department(s)
if (count($departments) < 1 || empty($departments[0])) {
Session::Messages($langEmptyAddNode);
header("Location:" . $urlServer . "modules/admin/multicourse.php");
exit;
}
$vis = intval($_POST['formvisible']);
while ($line !== false) {
$line = canonicalize_whitespace($line);
if (!empty($line)) {
$info = explode('|', $line);
$title = $info[0];
$prof_uid = null;
$prof_not_found = false;
if (isset($info[1])) {
$prof_info = trim($info[1]);
$prof_uid = find_prof(trim($info[1]));
if ($prof_info and !$prof_uid) {
$prof_not_found = true;
}
}
if ($prof_uid) {
$prof_name = uid_to_name($prof_uid);
} else {
function storeDelosResources($jsonObj) {
global $course_id;
$submittedResources = $_POST['delosResources'];
$submittedCategory = $_POST['selectcategory'];
foreach ($submittedResources as $rid) {
$stored = Database::get()->querySingle("SELECT id
FROM videolink
WHERE course_id = ?d
AND category = ?d
AND url LIKE '%rid=" . $rid . "'", $course_id, $submittedCategory);
foreach ($jsonObj->resources as $resource) {
if ($resource->resourceID === $rid) {
$vL = $resource->videoLecture;
$url = $jsonObj->playerBasePath . '?rid=' . $rid;
$title = $vL->title;
$description = $vL->description;
$creator = $vL->rights->creator->name;
$publisher = $vL->organization->name;
$date = $vL->date;
if ($stored) {
$id = $stored->id;
$q = Database::get()->query("UPDATE videolink SET
url = ?s, title = ?s, description = ?s, creator = ?s, publisher = ?s, date = ?t
WHERE course_id = ?d
AND category = ?d
AND id = ?d", canonicalize_url($url), $title, $description, $creator, $publisher, $date, $course_id, $submittedCategory, $id);
} else {
$q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date)
VALUES (?d, ?s, ?s, ?s, ?d, ?s, ?s, ?t)', $course_id, canonicalize_url($url), $title, $description, $submittedCategory, $creator, $publisher, $date);
$id = $q->lastInsertID;
}
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id);
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, array('id' => $id,
'url' => canonicalize_url($url),
'title' => $title,
'description' => $txt_description));
}
}
}
}
$tool_content .= "<div class='alert alert-success'>$langFileNot<br>
<a href='$_SERVER[SCRIPT_NAME]?course=$course_code'>$langBack</a></div>";
draw($tool_content, $menuTypeID, null, $head_content);
exit;
}
$path = '/' . $safe_filename;
$url = $file_name;
$id = Database::get()->query('INSERT INTO video
(course_id, path, url, title, description, category, creator, publisher, date)
VALUES (?s, ?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)'
, $course_id, $path, $url, $_POST['title'], $_POST['description'], $_POST['selectcategory']
, $_POST['creator'], $_POST['publisher'], $_POST['date'])->lastInsertID;
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEO, $id);
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+');
Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id,
'path' => $path,
'url' => $_POST['url'],
'title' => $_POST['title'],
'description' => $txt_description));
$tool_content .= "<div class='alert alert-success'>$langFAdd</div>";
}
}
Session::Messages($langFAdd, "alert-success");
redirect_to_home_page("modules/video/index.php");
} // end of add_submit
if (isset($_POST['add_submit_delos'])) {
if (isset($_POST['delosResources'])) {
$jsonObj = requestDelosJSON();
storeDelosResources($jsonObj);
/**
* Deletes an existing note and logs the action
* @param int $noteid id in table note
*/
public static function delete_note($noteid){
global $uid;
$note = Database::get()->querySingle("SELECT title, content FROM note WHERE id = ?d ", $noteid);
$content = ellipsize_html(canonicalize_whitespace(strip_tags($note->content)), 50, '+');
Database::get()->query("DELETE FROM note WHERE id = ?d", $noteid);
Indexer::queueAsync(Indexer::REQUEST_REMOVE, Indexer::RESOURCE_NOTE, $noteid);
Log::record(0, MODULE_ID_NOTES, LOG_DELETE, array('user_id' => $uid, 'id' => $noteid,
'title' => $note->title,
'content' => $content));
}
require_once 'modules/auth/methods/imapform.php';
break;
case 4:
require_once 'modules/auth/methods/ldapform.php';
break;
case 5:
require_once 'modules/auth/methods/dbform.php';
break;
case 6:
require_once 'modules/auth/methods/shibform.php';
break;
case 7:
require_once 'modules/auth/methods/casform.php';
break;
default:
break;
}
if ($auth != 6 && $auth != 7) {
$tool_content .= "\n <div class='alert alert-info'>{$langTestAccount}</div>\n <div class='form-group'>\n <label for='test_username' class='col-sm-2 control-label'>{$langUsername}:</label>\n <div class='col-sm-10'>\n <input class='form-control' type='text' name='test_username' id='test_username' value='" . q(canonicalize_whitespace($test_username)) . "' autocomplete='off'>\n </div>\n </div>\n <div class='form-group'>\n <label for='test_password' class='col-sm-2 control-label'>{$langPass}:</label>\n <div class='col-sm-10'>\n <input class='form-control' type='password' name='test_password' id='test_password' value='" . q($test_password) . "' autocomplete='off'>\n </div>\n </div>";
}
$tool_content .= "\n <div class='form-group'>\n <div class='col-sm-10 col-sm-offset-2'>\n <input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'>\n <a class='btn btn-default' href='auth.php'>{$langCancel}</a> \n </div>\n </div>\n </fieldset>\n </form>\n </div>";
}
draw($tool_content, 3);
function pack_settings($settings)
{
$items = array();
foreach ($settings as $key => $value) {
$items[] = "{$key}={$value}";
}
return implode('|', $items);
}
}
if (!empty($_POST['id'])) {
$id = intval($_POST['id']);
Database::get()->query("UPDATE announcement SET content = ?s, title = ?s, `date` = " . DBHelper::timeAfter() . ", start_display = ?t, stop_display = ?t WHERE id = ?d", $newContent, $antitle, $start_display, $stop_display, $id);
$log_type = LOG_MODIFY;
$message = "<div class='alert alert-success'>{$langAnnModify}</div>";
} else {
// add new announcement
$orderMax = Database::get()->querySingle("SELECT MAX(`order`) AS maxorder FROM announcement\n WHERE course_id = ?d", $course_id)->maxorder;
$order = $orderMax + 1;
// insert
$id = Database::get()->query("INSERT INTO announcement\n SET content = ?s,\n title = ?s, `date` = " . DBHelper::timeAfter() . ",\n course_id = ?d, `order` = ?d,\n visible = 1,\n start_display = ?t,\n stop_display = ?t", $newContent, $antitle, $course_id, $order, $start_display, $stop_display)->lastInsertID;
$log_type = LOG_INSERT;
}
Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_ANNOUNCEMENT, $id);
$txt_content = ellipsize_html(canonicalize_whitespace(strip_tags($_POST['newContent'])), 50, '+');
Log::record($course_id, MODULE_ID_ANNOUNCE, $log_type, array('id' => $id, 'email' => $send_mail, 'title' => $_POST['antitle'], 'content' => $txt_content));
// send email
if ($send_mail) {
$recipients_emaillist = "";
foreach ($_POST['recipients'] as $re) {
$recipients_emaillist .= empty($recipients_emaillist) ? "'{$re}'" : ",'{$re}'";
}
$emailContent = "{$professorMessage}: " . q($_SESSION['givenname']) . " " . q($_SESSION['surname']) . "<br>\n<br>\n" . q($_POST['antitle']) . "<br>\n<br>\n" . $_POST['newContent'];
$emailSubject = "{$professorMessage} ({$public_code} - " . q($title) . " - {$langAnnouncement})";
// select students email list
$countEmail = 0;
$invalid = 0;
$recipients = array();
$emailBody = html2text($emailContent);
$linkhere = " <a href='{$urlServer}main/profile/emailunsubscribe.php?cid={$course_id}'>{$langHere}</a>.";
/**
* @brief Enter the modified info submitted from the category form into the database
* @global type $course_id
* @global type $langCategoryAdded
* @global type $langCategoryModded
* @global type $categoryname
* @global type $description
*/
function submit_category() {
global $course_id, $langCategoryAdded, $langCategoryModded,
$categoryname, $description;
register_posted_variables(array('categoryname' => true,
'description' => true), 'all', 'trim');
$set_sql = "SET name = ?s, description = ?s";
$terms = array($categoryname, purify($description));
if (isset($_POST['id'])) {
$id = getDirectReference($_POST['id']);
Database::get()->query("UPDATE `link_category` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id);
$log_type = LOG_MODIFY;
} else {
$order = Database::get()->querySingle("SELECT MAX(`order`) as maxorder FROM `link_category`
WHERE course_id = ?d", $course_id)->maxorder;
$order++;
$id = Database::get()->query("INSERT INTO `link_category` $set_sql, course_id = ?d, `order` = ?d", $terms, $course_id, $order)->lastInsertID;
$log_type = LOG_INSERT;
}
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
Log::record($course_id, MODULE_ID_LINKS, $log_type, array('id' => $id,
'category' => $categoryname,
'description' => $txt_description));
}
* @brief Allows platform admin to login as another user without asking for password
*/
$require_admin = true;
require_once '../../include/baseTheme.php';
$pageName = $langChangeUser;
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin);
if (isset($_REQUEST['username'])) {
$sql = "SELECT user.id, surname, username, password, givenname, status, email,\n admin.user_id AS is_admin, lang\n FROM user LEFT JOIN admin ON user.id = admin.user_id\n WHERE username ";
if (get_config('case_insensitive_usernames')) {
$sql .= '= ?s';
} else {
$sql .= 'COLLATE utf8_bin = ?s';
}
$myrow = Database::get()->querySingle($sql, $_REQUEST['username']);
if ($myrow) {
$_SESSION['uid'] = $myrow->id;
$_SESSION['surname'] = $myrow->surname;
$_SESSION['givenname'] = $myrow->givenname;
$_SESSION['status'] = $myrow->status;
$_SESSION['email'] = $myrow->email;
$_SESSION['is_admin'] = !!$myrow->is_admin;
// double 'not' to handle NULL
$_SESSION['uname'] = $myrow->username;
$_SESSION['langswitch'] = $myrow->lang;
redirect_to_home_page();
} else {
$tool_content = "<div class='alert alert-danger'>" . sprintf($langChangeUserNotFound, canonicalize_whitespace(q($_POST['username']))) . "</div>";
}
}
$tool_content .= "<div class='form-wrapper'>\n <form class='form-horizontal' role='form' action='{$_SERVER['SCRIPT_NAME']}' method='post'>\n <div class='form-group'>\n <label for = 'username' class='col-sm-3 control-label'>{$langUsername}:</label>\n <div class='col-sm-9'>\n <input id='username' type='text' name='username' placeholder='{$langUsername}'>\n </div>\n </div>\n </form>\n </div>";
draw($tool_content, 3);
function notify_users($forum_id, $forum_name, $topic_id, $subject, $message, $topic_date) {
global $logo, $langNewForumNotify, $course_code, $course_code, $course_id, $langForumFrom,
$uid, $langBodyForumNotify, $langInForums, $urlServer, $langdate, $langSender,
$langCourse, $langCategory, $langForum, $langSubject, $langNote,
$langLinkUnsubscribe, $langHere, $charset, $langMailBody;
$subject_notify = "$logo - $langNewForumNotify";
$category_id = forum_category($forum_id);
$cat_name = category_name($category_id);
$c = course_code_to_title($course_code);
$name = uid_to_name($uid);
$title = course_id_to_title($course_id);
$header_html_topic_notify = "<!-- Header Section -->
<div id='mail-header'>
<br>
<div>
<div id='header-title'>$langBodyForumNotify <a href='{$urlServer}courses/$course_code'>".q($title)."</a>.</div>
<ul id='forum-category'>
<li><span><b>$langCategory:</b></span> <span>" . q($cat_name) . "</span></li>
<li><span><b>$langForum:</b></span> <span><a href='{$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id'>" . q($forum_name) . "</a></span></li>
<li><span><b>$langForumFrom :</b></span> <span>$name</span></li>
<li><span><b>$langdate:</b></span> <span> $topic_date </span></li>
</ul>
</div>
</div>";
$body_html_topic_notify = "<!-- Body Section -->
<div id='mail-body'>
<br>
<div><b>$langSubject:</b> <span class='left-space'><a href='{$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id&topic=$topic_id'>" . q($subject) . "</a></span></div><br>
<div><b>$langMailBody:</b></div>
<div id='mail-body-inner'>
$message
</div>
</div>";
$footer_html_topic_notify = "<!-- Footer Section -->
<div id='mail-footer'>
<br>
<div>
<small>" . sprintf($langLinkUnsubscribe, q($title)) ." <a href='${urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langHere</a></small>
</div>
</div>";
$html_topic_notify = $header_html_topic_notify.$body_html_topic_notify.$footer_html_topic_notify;
$plain_message = html2text($message);
$plain_topic_notify = "$langBodyForumNotify $langInForums\n" .
"$langSender: $name\n" .
"$langCourse: $title\n {$urlServer}courses/$course_code/\n" .
"$langCategory: $cat_name\n" .
"$langForum: $forum_name\n {$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id\n" .
"$langSubject: $subject\n {$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id&topic=$topic_id\n" .
"--------------------------------------------\n$plain_message\n" .
"--------------------------------------------\n" .
"$langNote: " . canonicalize_whitespace(str_replace('<br />', "\n", sprintf($langLinkUnsubscribe, q($title)))) .
" $langHere:\n${urlServer}main/profile/emailunsubscribe.php?cid=$course_id\n";
$users = Database::get()->queryArray("SELECT DISTINCT user_id FROM forum_notify
WHERE (forum_id = ?d OR cat_id = ?d)
AND notify_sent = 1 AND course_id = ?d AND user_id != ?d", $forum_id, $category_id, $course_id, $uid);
$email = array();
foreach ($users as $user) {
if (get_user_email_notification($user->user_id, $course_id)) {
$email[] = uid_to_email($user->user_id);
}
}
send_mail_multipart('', '', '', $email, $subject_notify, $plain_topic_notify, $html_topic_notify, $charset);
}
if (!empty($email)) {
send_mail($siteName, $emailAdministrator, '', $email, $emailsubject, $emailbody, $charset, "Reply-To: {$emailhelpdesk}");
}
$myrow = Database::get()->querySingle("SELECT id, surname, givenname FROM user WHERE id = ?d", $last_id);
if ($myrow) {
$uid = $myrow->id;
$surname = $myrow->surname;
$givenname = $myrow->givenname;
}
if (!$vmail) {
Database::get()->query("INSERT INTO loginout SET id_user = {$uid}, ip = '{$_SERVER['REMOTE_ADDR']}',`when` = NOW(), action = 'LOGIN'");
$_SESSION['uid'] = $uid;
$_SESSION['status'] = USER_STUDENT;
$_SESSION['givenname'] = $givenname;
$_SESSION['surname'] = $surname;
$_SESSION['uname'] = canonicalize_whitespace($username);
$tool_content .= "<div class='alert alert-success'><p>{$greeting},</p><p>";
$tool_content .= !empty($email) ? $langPersonalSettings : $langPersonalSettingsLess;
$tool_content .= "</p></div>\n <br /><br />\n <p>{$langPersonalSettingsMore}</p>";
} else {
$tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$langMailVerificationSuccess}: <strong>{$email}</strong></div>\n <p>{$langMailVerificationSuccess4}.<br /><br />{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>";
}
} elseif (empty($_SESSION['uname_app_exists'])) {
$email_verification_required = get_config('email_verification_required');
if (!$email_verification_required) {
$verified_mail = 2;
} else {
$verified_mail = 0;
}
// check if mail address is valid
if (!empty($email) and !email_seems_valid($email)) {
exit();
}
echo RESPONSE_OK;
exit();
}
if (isset($_POST['uname']) && isset($_POST['pass'])) {
$require_noerrors = true;
require_once ('minit.php');
require_once ('include/CAS/CAS.php');
require_once ('modules/auth/auth.inc.php');
require_once ('include/phpass/PasswordHash.php');
$uname = canonicalize_whitespace($_POST['uname']);
$pass = $_POST['pass'];
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
$sqlLogin = (get_config('case_insensitive_usernames')) ? "COLLATE utf8_general_ci = ?s" : "COLLATE utf8_bin = ?s";
$myrow = Database::get()->querySingle("SELECT * FROM user WHERE username $sqlLogin", $uname);
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
AND COUNT > " . intval(get_config('login_fail_threshold')) . "
AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$missing = register_posted_variables($var_arr);
if (!isset($_POST['department'])) {
$departments = array();
$missing = false;
} else {
$departments = $_POST['department'];
}
$registration_errors = array();
// check if there are empty fields
if (!$missing) {
$registration_errors[] = $langFieldsMissing;
} else {
$uname = canonicalize_whitespace($uname);
// check if the username is already in use
$username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $uname);
if ($username_check) {
$registration_errors[] = $langUserFree;
}
if ($display_captcha) {
// captcha check
require_once 'include/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$registration_errors[] = $langCaptchaWrong;
}
}
}
if (!empty($email) and !email_seems_valid($email)) {
Log::record(0, 0, LOG_PROFILE, array('uid' => intval($_SESSION['uid']), 'addimage' => 1, 'imagetype' => $type));
}
// check if email is valid
if (get_config('email_required') | get_config('email_verification_required') and !email_seems_valid($email_form)) {
Session::Messages($langEmailWrong);
redirect_to_home_page("main/profile/profile.php");
}
// check if there are empty fields
if (!$all_ok) {
Session::Messages($langFieldsMissing);
redirect_to_home_page("main/profile/profile.php");
}
if (!$allow_username_change) {
$username_form = $_SESSION['uname'];
}
$username_form = canonicalize_whitespace($username_form);
// check if username exists
if ($username_form != $_SESSION['uname']) {
$username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $username_form);
if ($username_check) {
Session::Messages($langUserFree);
redirect_to_home_page("main/profile/profile.php");
}
}
// TODO: Allow admin to configure allowed username format
if (!empty($email_form) && $email_form != $_SESSION['email'] && get_config('email_verification_required')) {
$verified_mail_sql = ", verified_mail = " . EMAIL_UNVERIFIED;
} else {
$verified_mail_sql = '';
}
// everything is ok
/**
* A function to generate event block in month calendar
* @param object $event event to format
* @param string $color event color
* @return icalendar list of user events
*/
function icalendar($cid){
global $course_id;
if(!isset($course_id)){
$course_id=$cid;
}
$ical = "BEGIN:VCALENDAR".PHP_EOL;
$ical .= "VERSION:2.0".PHP_EOL;
$eventlist = get_course_events();
foreach($eventlist as $event){
$ical .= "BEGIN:VEVENT".PHP_EOL;
$startdatetime = new DateTime($event->start);
$ical .= "DTSTART:".$startdatetime->format("Ymd\THis").PHP_EOL;
$duration = new DateTime($event->duration);
$ical .= "DURATION:".$duration->format("\P\TH\Hi\Ms\S").PHP_EOL;
$ical .= "SUMMARY:[".strtoupper($event->event_group)."] ".$event->title.PHP_EOL;
$ical .= "DESCRIPTION:".canonicalize_whitespace(strip_tags($event->content)).PHP_EOL;
if($event->event_group == 'deadline')
{
$ical .= "BEGIN:VALARM".PHP_EOL;
$ical .= "TRIGGER:-PT24H".PHP_EOL;
$ical .= "DURATION:PT10H".PHP_EOL;
$ical .= "ACTION:DISPLAY".PHP_EOL;
$ical .= "DESCRIPTION:DEADLINE REMINDER for ".canonicalize_whitespace(strip_tags($event->title)).PHP_EOL;
$ical .= "END:VALARM".PHP_EOL;
}
$ical .= "END:VEVENT".PHP_EOL;
}
$ical .= "END:VCALENDAR".PHP_EOL;
return $ical;
}
if ($_SESSION['u_prof'] and !$alt_auth_prof_reg) {
$tool_content .= "<div class='alert alert-danger'>$langForbidden</div>";
draw($tool_content, 0);
exit;
}
$tool_content .= "<div class='form-wrapper'>";
$tool_content .= "<form class='form-horizontal' role='form' method='post' action='altsearch.php'>";
$tool_content .= "<fieldset>" . q($settings['auth_instructions']) . "";
if (isset($_SESSION['prof']) and $_SESSION['prof']) {
$tool_content .= "<input type='hidden' name='p' value='1'>";
}
if (($auth != 7) and ($auth != 6)) {
$set_uname = isset($_GET['uname']) ? (" value='" . q(canonicalize_whitespace($_GET['uname'])) . "'") : '';
$tool_content .= "<div class='form-group'>
<label for='UserName' class='col-sm-2 control-label'>$langUsername</label>
<div class='col-sm-10'>
<input type='text' size='30' maxlength='30' name='uname' autocomplete='off' $set_uname placeholder='$langUserNotice'>
</div>
</div>
<div class='form-group'>
<label for='Pass' class='col-sm-2 control-label'>$langPass</label>
<div class='col-sm-10'>
<input type='password' size='30' maxlength='30' name='passwd' autocomplete='off' placeholder='$langPass'>
</div>
</div>";
}
$tool_content .= "<input type='hidden' name='auth' value='$auth'>";
case 11:
case 12:
case 13:
require_once 'modules/auth/methods/hybridauthform.php'; //generic HybridAuth form for provider settings
hybridAuthForm($auth);
break;
default:
break;
}
if ($auth > 1 and $auth < 6) {
$tool_content .= "
<div class='alert alert-info'>$langTestAccount</div>
<div class='form-group'>
<label for='test_username' class='col-sm-2 control-label'>$langUsername:</label>
<div class='col-sm-10'>
<input class='form-control' type='text' name='test_username' id='test_username' value='" . q(canonicalize_whitespace($test_username)) . "' autocomplete='off'>
</div>
</div>
<div class='form-group'>
<label for='test_password' class='col-sm-2 control-label'>$langPass:</label>
<div class='col-sm-10'>
<input class='form-control' type='password' name='test_password' id='test_password' value='" . q($test_password) . "' autocomplete='off'>
</div>
</div>";
}
$tool_content .= "
<div class='form-group'>
<div class='col-sm-10 col-sm-offset-2'>
<input class='btn btn-primary' type='submit' name='submit' value='$langModify'>
<a class='btn btn-default' href='auth.php'>$langCancel</a>
</div>
function submit_category() {
global $course_id, $langCategoryAdded, $langCategoryModded,
$categoryname, $description, $langFormErrors, $course_code;
register_posted_variables(array('categoryname' => true,
'description' => true), 'all', 'trim');
$set_sql = "SET name = ?s, description = ?s";
$terms = array($categoryname, purify($description));
$v = new Valitron\Validator($_POST);
$v->rule('required', array('categoryname'));
if($v->validate()) {
if (isset($_POST['id'])) {
$id = getDirectReference($_POST['id']);
Database::get()->query("UPDATE `group_category` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id);
$log_type = LOG_MODIFY;
}
else {
$id = Database::get()->query("INSERT INTO `group_category` $set_sql, course_id = ?d", $terms, $course_id)->lastInsertID;
$log_type = LOG_INSERT;
}
$txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
Log::record($course_id, MODULE_ID_LINKS, $log_type, array('id' => $id,
'category' => $categoryname,
'description' => $txt_description));
}
else {
Session::flashPost()->Messages($langFormErrors)->Errors($v->errors());
redirect_to_home_page("modules/group/group_category.php?course=$course_code&addcategory=1");
}
}