<?php
// Copyright (c) 2009, LoveMachine Inc.
// All Rights Reserved.
// http://www.lovemachineinc.com
include "../config.php";
require_once "../class.session_handler.php";
include "../helper/check_session.php";
include "../functions.php";
if (!checkReferer()) {
die;
}
if (empty($_GET["term"])) {
die("[]");
}
$q = strtolower($_GET["term"]);
//the $_GET on limit here is safe because max will return '0' for anything that does not evaluate to a number)
$limit = !empty($_GET["limit"]) ? $_GET["limit"] : 8;
$limit = max($limit, 8);
// getting default company_id
$company_id = 0;
$sql = "select id from " . COMPANY . " where lower(name)='" . COMPANY_NAME . "'";
$res = mysql_query($sql);
if ($res && ($row = mysql_fetch_assoc($res))) {
$company_id = $row['id'];
}
$query = "select distinct(skill) from " . USERS . " \n\t where skill like '" . mysql_real_escape_string($q) . "%' and company_id='{$company_id}' and id <> '" . $_SESSION['userid'] . "' order by skill limit " . $limit;
$result = mysql_query($query);
$ret = '[';
while ($row = mysql_fetch_assoc($result)) {
if ($ret != '[') {
/**
* Handle launch and/or set up the LTI session and global variables
*
* Make sure we have the values we need in the LTI session
* This routine will not start a session if none exists. It will
* die is there if no session_name() (PHPSESSID) cookie or
* parameter. No need to create any fresh sessions here.
*
* @param $needed (optional, mixed) Indicates which of
* the data structures are * needed. If this is omitted,
* this assumes that CONTEXT, LINK, and USER data are required.
* If LTIX::NONE is present, then none of the three are rquired.
* If some combination of the three are needed, this accepts
* an array of the LTIX::CONTEXT, LTIX: LINK, and LTIX::USER
* can be passed in.
*
*/
public static function requireData($needed = self::ALL)
{
global $CFG, $USER, $CONTEXT, $LINK;
if ($needed == self::NONE) {
$needed = array();
}
if ($needed == self::ALL) {
$needed = array(self::CONTEXT, self::LINK, self::USER);
}
if (is_string($needed)) {
$needed = array($needed);
}
// Check if we are processing an LTI launch. If so, handle it
self::launchCheck();
// Check to see if the session already exists.
$sess = session_name();
if (ini_get('session.use_cookies') != '0') {
if (!isset($_COOKIE[$sess])) {
send403();
die_with_error_log("Missing session cookie - please re-launch");
}
} else {
// non-cookie session
if (isset($_POST[$sess]) || isset($_GET[$sess])) {
// We tried to set a session..
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
send403();
die_with_error_log('Missing ' . $sess . ' from POST data');
} else {
send403();
die_with_error_log('This tool should be launched from a learning system using LTI');
}
}
}
// Start a session if it has not been started..
if (session_id() == "") {
session_start();
// Should reassociate
}
// This happens from time to time when someone closes and reopens a laptop
// Or their computer goes to sleep and wakes back up hours later.
// So it is just a warning - nothing much we can do except tell them.
if (!isset($_SESSION['lti'])) {
// $debug = safe_var_dump($_SESSION);
// error_log($debug);
send403();
error_log('Session expired - please re-launch ' . session_id());
die('Session expired - please re-launch');
// with error_log
}
// Check the referrer...
$trusted = checkReferer() || checkCSRF();
// Check to see if we switched browsers or IP addresses
// TODO: Change these to warnings once we get more data
if (!$trusted && isset($_SESSION['HTTP_USER_AGENT'])) {
if (!isset($_SERVER['HTTP_USER_AGENT']) || $_SESSION['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
send403();
die_with_error_log("Session has expired", " " . session_id() . " HTTP_USER_AGENT " . $_SESSION['HTTP_USER_AGENT'] . ' ::: ' . isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'Empty user agent', 'DIE:');
}
}
// We only check the first three octets as some systems wander throught the addresses on
// class C - Perhaps it is even NAT - who knows - but we forgive those on the same Class C
if (!$trusted && isset($_SESSION['REMOTE_ADDR']) && isset($_SERVER['REMOTE_ADDR'])) {
$sess_pieces = explode('.', $_SESSION['REMOTE_ADDR']);
$serv_pieces = explode('.', $_SERVER['REMOTE_ADDR']);
if (count($sess_pieces) == 4 && count($serv_pieces) == 4) {
if ($sess_pieces[0] != $serv_pieces[0] || $sess_pieces[1] != $serv_pieces[1] || $sess_pieces[2] != $serv_pieces[2]) {
send403();
die_with_error_log('Session address has expired', " " . session_id() . " REMOTE_ADDR " . $_SESSION['REMOTE_ADDR'] . ' ' . $_SERVER['REMOTE_ADDR'], 'DIE:');
}
}
}
// Check to see if the user has navigated to a new place in the hierarchy
if (isset($_SESSION['script_path']) && getScriptPath() != 'core/blob' && strpos(getScriptPath(), $_SESSION['script_path']) !== 0) {
send403();
die_with_error_log('Improper navigation detected', " " . session_id() . " script_path " . $_SESSION['script_path'] . ' / ' . getScriptPath(), 'DIE:');
}
$LTI = $_SESSION['lti'];
if (is_array($needed)) {
foreach ($needed as $feature) {
if (isset($LTI[$feature])) {
continue;
}
die_with_error_log("This tool requires an LTI launch parameter:" . $feature);
}
}
// Check to see if the session needs to be extended due to this request
checkHeartBeat();
// Restart the number of continuous heartbeats
$_SESSION['HEARTBEAT_COUNT'] = 0;
// Populate the $USER $CONTEXT and $LINK objects
if (isset($LTI['user_id']) && !is_object($USER)) {
$USER = new \Tsugi\Core\User();
$USER->id = $LTI['user_id'];
if (isset($LTI['user_email'])) {
$USER->email = $LTI['user_email'];
}
if (isset($LTI['user_displayname'])) {
$USER->displayname = $LTI['user_displayname'];
$pieces = explode(' ', $USER->displayname);
if (count($pieces) > 0) {
$USER->firstname = $pieces[0];
}
if (count($pieces) > 1) {
$USER->lastname = $pieces[count($pieces) - 1];
}
}
$USER->instructor = isset($LTI['role']) && $LTI['role'] != 0;
}
if (isset($LTI['context_id']) && !is_object($CONTEXT)) {
$CONTEXT = new \Tsugi\Core\Context();
$CONTEXT->id = $LTI['context_id'];
if (isset($LTI['context_title'])) {
$CONTEXT->title = $LTI['context_title'];
}
}
if (isset($LTI['link_id']) && !is_object($LINK)) {
$LINK = new \Tsugi\Core\Link();
$LINK->id = $LTI['link_id'];
if (isset($LTI['grade'])) {
$LINK->grade = $LTI['grade'];
}
if (isset($LTI['link_title'])) {
$LINK->title = $LTI['link_title'];
}
if (isset($LTI['result_id'])) {
$LINK->result_id = $LTI['result_id'];
}
}
// Return the LTI structure
return $LTI;
}
if ($ftpAction == "editProcess") {
editProcess();
}
}
}
} else {
if ($ajaxRequest == 0) {
// Check if logout link has been clicked
checkLogOut();
// Include the header
displayHeader();
}
// Attempt to login with session or post vars
attemptLogin();
// Check referer
if (checkReferer() == 1) {
// Process any FTP actions
processActions();
// Display content when logged in
if ($_SESSION["loggedin"] == 1) {
if ($ajaxRequest == 0) {
displayFormStart();
displayFtpActions();
displayAjaxDivOpen();
}
// Display FTP folder history
displayFtpHistory();
// Display folder/file listing
displayFiles();
// Load error window
displayErrors();
function is_ok()
{
// check tokens, session vars, ip, referrer, cookie etc
// in case of problem, destroy session and redirect
global $auto_restrict;
$expired = false;
// fatal problem
if (!checkReferer()) {
return death("You are definitely NOT from here !");
}
if (!checkIP()) {
return death("Hey... you were banished, f**k off !");
}
if (!checkToken()) {
return death("You need a valid token to do that, boy !");
}
//
if (checkCookie()) {
return true;
}
if (!isset($_SESSION['id_user'])) {
return false;
}
if ($_SESSION['expire'] < time()) {
$expired = true;
}
$sid = Dechiffre($_SESSION['id_user'], $auto_restrict['encryption_key']);
$id = id_user();
if ($sid != $id || $expired == true) {
// problème d'identité
return false;
} else {
// all fine
//session can survive a bit more ^^
$_SESSION['expire'] = time() + 60 * $auto_restrict['session_expiration_delay'];
return true;
}
}
function is_ok()
{
# check tokens, session vars, ip, referrer, cookie etc
# in case of problem, destroy session and redirect
global $auto_restrict;
$expired = false;
if (!isset($_SESSION['id_user'])) {
return false;
}
# fatal problem
if (!checkReferer()) {
return death('<div class="error">You are definitely NOT from here !</div>');
}
if (!checkIP()) {
return death('<div class="error">Hey... you were banished, f**k off !</div>');
}
if (!checkToken()) {
return death('<div class="error">Invalid token</div>');
}
#
if (checkCookie()) {
return true;
}
if ($_SESSION['expire'] < time()) {
$expired = true;
}
$sid = Dechiffre($_SESSION['id_user'], $auto_restrict['users'][$_SESSION['login']]['encryption_key']);
$id = id_user();
if ($sid != $id || $expired == true) {
# problème d'identité
return false;
} else {
# all fine
#session can survive a bit more ^^
$_SESSION['expire'] = time() + 60 * $auto_restrict['session_expiration_delay'];
return true;
}
}
//
// Copyright (c) 2009, LoveMachine Inc.
// All Rights Reserved.
// http://www.lovemachineinc.com
//
include_once "config.php";
require_once "class.session_handler.php";
include_once "helper/check_session.php";
include_once "functions.php";
/* Only super admins can access this page. */
if (!isSuperAdmin()) {
header("location:login.php?redir=" . urlencode($_SERVER['REQUEST_URI']));
return;
}
/* Ajax requests must have HTTP referer set correctly. */
if (isset($_POST['ajax']) && !checkReferer()) {
die;
}
$con = mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD);
mysql_select_db(DB_NAME, $con);
/************************************** Start Pagination ************************************/
$limit = 20;
$page = isset($_REQUEST["page"]) ? $_REQUEST["page"] : 1;
//Get the page number to show, set default to 1
/********************************************************************************************/
if (isset($_POST['ajax']) && !empty($_POST['update']) && !empty($_POST['feature'])) {
// AJAX request from ourselves to update company features
$id = intval($_POST['update']);
if ($id <= 0) {
echo "fail";
die;