define('SECTION_PLUGINTYPE', 'artefact');
define('SECTION_PLUGINNAME', 'internal');
define('SECTION_PAGE', 'view');
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'group.php';
require_once 'pieforms/pieform.php';
require_once get_config('libroot') . 'view.php';
if (param_variable('acceptfriend_submit', null)) {
acceptfriend_form(param_integer('id'));
} else {
if (param_variable('addfriend_submit', null)) {
addfriend_form(param_integer('id'));
}
}
$loggedinid = $USER->get('id');
if ($profileurlid = param_alphanumext('profile', null)) {
if (!($user = get_record('usr', 'urlid', $profileurlid, 'deleted', 0))) {
if ($USER->is_logged_in()) {
throw new UserNotFoundException("User {$profileurlid} not found");
} else {
// For logged-out users we show "access denied" in order to prevent an enumeration attack
throw new AccessDeniedException(get_string('youcannotviewthisusersprofile', 'error'));
}
}
$userid = $user->id;
} else {
if (!empty($loggedinid)) {
$userid = param_integer('id', $loggedinid);
} else {
$userid = param_integer('id');
}
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006-2008 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
require 'init.php';
$name = param_alphanumext('name', 'captcha');
// Get 5 random letters.
$code = get_random_key(5);
$angles = array(40, 0, 340, 20, 310);
$lefts = array(30, 50, 70, 95, 110);
$bottoms = array(24, 20, 28, 34, 33);
$file = theme_get_path('images/captcha.png');
$img = imagecreatefrompng($file);
$black = imagecolorallocate($img, 60, 60, 60);
$ttf = theme_get_path('captcha.ttf');
$captcha = '';
for ($i = 0; $i < strlen($code); $i++) {
imagettftext($img, 18, $angles[$i], $lefts[$i], $bottoms[$i], $black, $ttf, $code[$i]);
$captcha .= $code[$i];
}
$SESSION->set($name, $captcha);
define('TITLE', get_string('pagetitle', 'search.elasticsearch'));
safe_require('search', 'elasticsearch');
define('SECTION_PLUGINTYPE', 'search');
define('SECTION_PLUGINNAME', 'elasticsearch');
define('SECTION_PAGE', 'elasticsearch');
global $USER;
if (!get_config('publicsearchallowed') && !$USER->is_logged_in()) {
throw new AccessDeniedException();
}
$options = array();
$query = param_variable('query', '');
$mainfacetterm = param_alpha('mainfacetterm', null);
$options['secfacetterm'] = param_alpha('secfacetterm', '');
$options['owner'] = param_alpha('owner', '');
$options['tagsonly'] = param_boolean('tagsonly', false);
$options['sort'] = param_alphanumext('sort', null);
$options['license'] = param_variable('license', '');
$offset = param_integer('offset', 0);
$filter = param_alpha('filter', $USER->get('admin') ? 'all' : 'myinstitutions');
$limit = param_integer('limit', 10);
$filter = 'all';
$query = PluginSearchElasticsearch::clean_query($query);
$data = PluginSearchElasticsearch::search_all($query, $limit, $offset, $options, $mainfacetterm, $USER);
$data['query'] = $query;
// License
if (get_config('licensemetadata')) {
$data['license_on'] = true;
$license_options = array();
$licenses = get_records_assoc('artefact_license', null, null, 'displayname');
foreach ($licenses as $l) {
$license_options[$l->name] = $l->displayname;
$elements = array();
$elements['membership'] = array('type' => 'html', 'value' => '<h4>' . get_string('Membership', 'group') . '</h4>');
$cancreatecontrolled = $USER->get('admin') || $USER->get('staff') || $USER->is_institutional_admin() || $USER->is_institutional_staff();
$elements['open'] = array('type' => 'switchbox', 'title' => get_string('Open', 'group'), 'description' => get_string('opendescription', 'group'), 'defaultvalue' => $group_data->open, 'disabled' => !$cancreatecontrolled && $group_data->controlled);
if ($cancreatecontrolled || $group_data->controlled) {
$elements['controlled'] = array('type' => 'switchbox', 'title' => get_string('Controlled', 'group'), 'description' => get_string('controlleddescription', 'group'), 'defaultvalue' => $group_data->controlled, 'disabled' => !$cancreatecontrolled);
} else {
$form['elements']['controlled'] = array('type' => 'hidden', 'value' => $group_data->controlled);
}
$elements['request'] = array('type' => 'switchbox', 'title' => get_string('request', 'group'), 'description' => get_string('requestdescription', 'group'), 'defaultvalue' => !$group_data->open && $group_data->request, 'disabled' => $group_data->open);
// The grouptype determines the allowed roles
$grouptypeoptions = group_get_grouptype_options($group_data->grouptype);
// Hide the grouptype option if it was passed in as a parameter, if the user
// isn't allowed to change it, or if there's only one option.
if (!$id) {
$grouptypeparam = param_alphanumext('grouptype', 0);
if (isset($grouptypeoptions[$grouptypeparam])) {
$group_data->grouptype = $grouptypeparam;
$forcegrouptype = true;
}
} else {
if (!isset($grouptypeoptions[$group_data->grouptype])) {
// The user can't create groups of this type. Probably a non-staff user
// who's been promoted to admin of a controlled group.
$forcegrouptype = true;
}
}
if (!empty($forcegrouptype) || count($grouptypeoptions) < 2) {
$form['elements']['grouptype'] = array('type' => 'hidden', 'value' => $group_data->grouptype);
} else {
$elements['grouptype'] = array('type' => 'select', 'title' => get_string('Roles', 'group'), 'options' => $grouptypeoptions, 'defaultvalue' => $group_data->grouptype, 'help' => true);
/**
* Check if the form is supposed to be collapsed
* @param array $element The element to render
* @return boolean if the fieldset should be collapsed
*/
function pieform_is_collapsed(Pieform $form, $element)
{
$formname = $form->get_name();
$iscollapsed = !empty($element['collapsed']);
// if name element is not set, element should not be collapsed
if (!isset($element['name'])) {
return false;
}
$valid = param_alphanumext('fs', null) !== $element['name'];
// Work out whether any of the children have errors on them
foreach ($element['elements'] as $subelement) {
if (isset($subelement['error'])) {
return false;
// collapsible element should be open
}
}
if (isset($element['name'])) {
$openparam = $formname . '_' . $element['name'] . '_open';
}
if ($iscollapsed && $valid && !param_boolean($openparam, false)) {
return true;
}
return false;
}
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('ADMIN', 1);
define('MENUITEM', 'configextensions/webservices/logs');
define('SECTION_PAGE', 'webservicelogs');
require dirname(dirname(dirname(__FILE__))) . '/init.php';
require_once 'webservicessearchlib.php';
define('TITLE', get_string('webservices_title', 'auth.webservice'));
require_once 'pieforms/pieform.php';
$userquery = param_variable('userquery', null);
$username = !empty($userquery) ? get_field('usr', 'username', 'id', $userquery) : '';
$functionquery = param_variable('functionquery', null);
$functionname = !empty($functionquery) ? get_field('external_functions', 'name', 'id', $functionquery) : '';
$search = (object) array('userquery' => $username, 'functionquery' => $functionname, 'protocol' => trim(param_alphanumext('protocol', 'all')), 'authtype' => trim(param_alphanum('authtype', 'all')), 'onlyerrors' => 'on' == param_alphanum('onlyerrors', 'off') ? 1 : 0, 'sortby' => param_alpha('sortby', 'timelogged'), 'sortdir' => param_alpha('sortdir', 'desc'), 'offset' => param_integer('offset', 0), 'limit' => param_integer('limit', 10));
if ($USER->get('admin')) {
$institutions = get_records_array('institution', '', '', 'displayname');
$search->institution = param_alphanum('institution', 'all');
} else {
$institutions = get_records_select_array('institution', "name IN ('" . join("','", array_keys($USER->get('admininstitutions'))) . "')", null, 'displayname');
$search->institution_requested = param_alphanum('institution_requested', 'all');
}
list($html, $columns, $searchurl, $pagination) = build_webservice_log_search_results($search);
$institutionselect = '';
if (count($institutions) > 1) {
$selecttype = $USER->get('admin') ? 'institution' : 'institution_requested';
$options = array('all' => get_string('All'));
foreach ($institutions as $institution) {
$options[$institution->name] = $institution->displayname;
}
*
* @package mahara
* @subpackage artefact-multirecipientnotification
* @author David Ballhausen, Tobias Zeuch
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('JSON', 1);
require dirname(dirname(dirname(__FILE__))) . '/init.php';
safe_require('artefact', 'multirecipientnotification');
global $USER;
global $THEME;
$readone = param_integer('readone', 0);
$table = param_alphanumext('table', 'notification_internal_activity');
$markasread = param_integer('markasread', 0);
$delete = param_integer('delete', 0);
if ($readone) {
if ('notification_internal_activity' === $table) {
set_field($table, 'read', 1, 'id', $readone, 'usr', $USER->get('id'));
} else {
if ('artefact_multirecipient_notification' === $table) {
mark_as_read_mr(array($readone), $USER->get('id'));
}
}
$unread = $USER->add_unread(-1);
$data = array('newunreadcount' => $unread, 'newimage' => $THEME->get_url($unread ? 'images/newmail.png' : 'images/message.png'));
json_reply(false, array('data' => $data));
}
require_once get_config('libroot') . 'activity.php';
<?php
/**
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('JSON', 1);
require dirname(dirname(__FILE__)) . '/init.php';
$rawstring = param_alphanumext('string');
$section = param_alphanumext('section');
$args = param_variable('args', null);
if (!empty($args) && is_array($args)) {
array_unshift($args, $rawstring, $section);
$string = call_user_func_array('get_string', $args);
} else {
$string = get_string($rawstring, $section);
}
json_reply(false, array('message' => null, 'data' => array('string' => $string)));
define('MENUITEM', 'adminhome/statistics');
require dirname(dirname(__FILE__)) . '/init.php';
require get_config('libroot') . 'registration.php';
define('TITLE', get_string('sitestatistics', 'admin'));
$type = param_alpha('type', 'users');
$subpages = array('users', 'groups', 'views', 'content', 'historical', 'institutions');
$offset = param_integer('offset', 0);
$limit = param_integer('limit', 10);
if (!in_array($type, $subpages)) {
$type = 'users';
}
if ($type == 'historical') {
$field = param_alphanumext('field', 'count_usr');
}
if ($type == 'institutions') {
$sort = param_alphanumext('sort', 'displayname');
$sortdesc = param_boolean('sortdesc');
}
$sitedata = site_statistics(true);
switch ($type) {
case 'institutions':
$data = institution_comparison_statistics($limit, $offset, $sort, $sortdesc);
break;
case 'historical':
$data = historical_statistics($limit, $offset, $field);
break;
case 'content':
$data = content_statistics($limit, $offset);
break;
case 'groups':
$data = group_statistics($limit, $offset);
* @subpackage core
* @author Richard Mansfield
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
require 'init.php';
require_once 'file.php';
$type = param_alpha('type', null);
if ($type == 'sitemap') {
if (!get_config('generatesitemap')) {
throw new NotFoundException(get_string('filenotfound'));
}
if ($name = param_alphanumext('name', null)) {
if (!preg_match('/^sitemap_[a-z0-9_]+\\.xml(\\.gz)?$/', $name, $m)) {
throw new NotFoundException(get_string('filenotfound'));
}
$mimetype = empty($m[1]) ? 'text/xml' : 'application/gzip';
} else {
$name = 'sitemap_index.xml';
$mimetype = 'text/xml';
}
$path = get_config('dataroot') . 'sitemaps/' . $name;
} else {
$data = $SESSION->get('downloadfile');
if (!$USER->is_logged_in() || empty($data) || empty($data['file'])) {
throw new NotFoundException(get_string('filenotfound'));
}
$path = get_config('dataroot') . 'export/' . $USER->get('id') . '/' . $data['file'];
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
define('JSON', 1);
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'view.php';
$view = new View(param_integer('id'));
$change = param_boolean('change', false);
$action = param_alphanumext('action', '');
// If the view has been submitted, disallow editing
if ($view->is_submitted()) {
$submittedto = $view->submitted_to();
throw new AccessDeniedException(get_string('canteditsubmitted', 'view', $submittedto['name']));
}
// we actually ned to process stuff
if ($change) {
try {
$returndata = $view->process_changes();
json_reply(false, $returndata);
} catch (Exception $e) {
json_reply(true, $e->getMessage());
}
}
// else we're just reading data...
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006-2009 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
define('MENUITEM', '');
define('HOME', 1);
require 'init.php';
define('TITLE', get_string('home'));
// Check for whether the user is logged in, before processing the page. After
// this, we can guarantee whether the user is logged in or not for this page.
if (!$USER->is_logged_in()) {
$pagename = 'loggedouthome';
$lang = param_alphanumext('lang', null);
if (!empty($lang)) {
$SESSION->set('lang', $lang);
redirect();
}
} else {
$pagename = 'home';
}
if ($USER->is_logged_in()) {
// get the user's dashboard view
require_once get_config('libroot') . 'view.php';
$view = $USER->get_view_by_type('dashboard');
$stylesheets = array('<link rel="stylesheet" type="text/css" href="' . get_config('wwwroot') . 'theme/views.css">');
$smarty = smarty(array('paginator'), $stylesheets, array(), array('stylesheets' => array('style/views.css')));
if ($USER->get_account_preference('showhomeinfo')) {
// allow the user to choose never to see the info boxes again
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
define('MENUITEM', 'groups/info');
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'group.php';
require_once 'searchlib.php';
require_once get_config('docroot') . 'interaction/lib.php';
require_once get_config('libroot') . 'view.php';
safe_require('artefact', 'file');
if ($urlid = param_alphanumext('homepage', null)) {
define('GROUPURLID', $urlid);
$group = group_current_group();
} else {
define('GROUP', param_integer('id'));
$group = group_current_group();
}
if (!is_logged_in() && !$group->public) {
throw new AccessDeniedException();
}
define('TITLE', $group->name);
$group->role = group_user_access($group->id);
// logged in user can do stuff
if ($USER->is_logged_in()) {
$afterjoin = param_variable('next', 'view');
if ($group->role) {
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
if (!defined('INTERNAL')) {
define('INTERNAL', 1);
}
require_once dirname(dirname(__FILE__)) . '/init.php';
if (!defined('CRON')) {
define('JSON', 1);
json_headers();
$validtypes = array('Line', 'Bar', 'Radar', 'PolarArea', 'Pie', 'Doughnut');
$type = ucfirst(param_alphanum('type', false));
if (!in_array($type, $validtypes)) {
json_reply('missingparameter', '\'' . $type . '\' is not a valid graph type');
}
$graph = param_alphanumext('graph', null);
$colours = param_variable('colours', null);
$colours = json_decode($colours);
$extradata = param_variable('extradata', null);
$extradata = json_decode($extradata);
require_once get_config('libroot') . 'graph.php';
require_once get_config('libroot') . 'registration.php';
if (!function_exists($graph) || !in_array($graph, allowed_graph_functions())) {
json_reply('invalidparameter', 'Cannot call graph function \'' . $graph . '\'');
} else {
$data = $extradata ? $graph($type, $extradata) : $graph($type);
if (empty($data)) {
$data['empty'] = true;
json_reply(false, array('data' => $data));
}
$data['configs'] = isset($extradata->configs) ? $extradata->configs : (object) array();
});
\$('#activate_webservice_protos_xmlrpc_enabled').change(function() {
save_protos_switch('xmlrpc');
});
\$('#activate_webservice_protos_rest_enabled').change(function() {
save_protos_switch('rest');
});
\$('#activate_webservice_protos_oauth_enabled').change(function() {
save_protos_switch('oauth');
});
});
JS;
$smarty = smarty();
setpageicon($smarty, 'icon-puzzle-piece');
$smarty->assign('form', $form);
$smarty->assign('opened', param_alphanumext('open', ''));
$smarty->assign('SUBPAGENAV', $webservice_menu);
$smarty->assign('PAGEHEADING', $heading);
$smarty->assign('INLINEJAVASCRIPT', $inlinejs);
$smarty->assign('pagedescription', get_string('webservicesconfigdesc', 'auth.webservice'));
$smarty->display('auth:webservice:configform.tpl');
/* pieforms callback for activate_webservices for
*/
function activate_webservices_submit(Pieform $form, $values)
{
$enabled = $values['enabled'] ? 0 : 1;
set_config('webservice_enabled', $enabled);
// reload/upgrade the web services configuration
if ($enabled) {
// ensure that we have a webservice auth_instance
$authinstance = get_record('auth_instance', 'institution', 'mahara', 'authname', 'webservice');
} else {
if (!empty($institution)) {
$institutionelement['defaultvalue'] = $institution;
}
}
$institutionselector = pieform(array('name' => 'usertypeselect', 'elements' => array('institution' => $institutionelement)));
define('TITLE', get_string('institutionstatisticsfor', 'admin', get_field('institution', 'displayname', 'name', $institution)));
$type = param_alpha('type', 'users');
$subpages = array('users', 'views', 'content', 'historical');
$offset = param_integer('offset', 0);
$limit = param_integer('limit', 10);
if (!in_array($type, $subpages)) {
$type = 'users';
}
if ($type == 'historical') {
$field = param_alphanumext('field', 'count_members');
}
$institutiondata = institution_statistics($institution, true);
switch ($type) {
case 'historical':
$data = institution_historical_statistics($limit, $offset, $field, $institutiondata);
break;
case 'content':
$data = institution_content_statistics($limit, $offset, $institutiondata);
break;
case 'views':
$data = institution_view_statistics($limit, $offset, $institutiondata);
break;
case 'users':
default:
$data = institution_user_statistics($limit, $offset, $institutiondata);
*
* @package mahara
* @subpackage module-multirecipientnotification
* @author David Ballhausen, Tobias Zeuch
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('JSON', 1);
require dirname(dirname(dirname(__FILE__))) . '/init.php';
safe_require('module', 'multirecipientnotification');
global $USER;
global $THEME;
$readone = param_integer('readone', 0);
$list = param_alphanumext('list', 'notification_internal_activity');
$markasread = param_integer('markasread', 0);
$delete = param_integer('delete', 0);
if ($readone) {
if ('notification_internal_activity' === $list) {
set_field($list, 'read', 1, 'id', $readone, 'usr', $USER->get('id'));
} else {
if ('artefact_multirecipient_notification' === $list) {
mark_as_read_mr(array($readone), $USER->get('id'));
}
}
$unread = $USER->add_unread(-1);
$data = array('newunreadcount' => $unread);
json_reply(false, array('data' => $data));
}
require_once get_config('libroot') . 'activity.php';
/**
* Renders a fieldset. Fieldsets contain other elements, and do not count as a
* "true" element, in that they do not have a value and cannot be validated.
*
* @param Pieform $form The form to render the element for
* @param array $element The element to render
* @return string The HTML for the element
*/
function pieform_element_fieldset(Pieform $form, $element)
{
/*{{{*/
global $_PIEFORM_FIELDSETS;
$result = "\n<fieldset";
$classes = array('pieform-fieldset');
if (!empty($element['class'])) {
$classes[] = Pieform::hsc($element['class']);
}
if (!empty($element['collapsible'])) {
if (!isset($element['legend']) || $element['legend'] === '') {
Pieform::info('Collapsible fieldsets should have a legend so they can be toggled');
}
$classes[] = 'collapsible';
$formname = $form->get_name();
if (!isset($_PIEFORM_FIELDSETS['forms'][$formname])) {
$_PIEFORM_FIELDSETS['forms'][$formname] = array('formname' => $formname);
}
if (isset($element['name'])) {
$openparam = $formname . '_' . $element['name'] . '_open';
}
// Work out whether any of the children have errors on them
$error = false;
foreach ($element['elements'] as $subelement) {
if (isset($subelement['error'])) {
$error = true;
break;
}
}
if (!empty($element['collapsed']) && !$error && (!isset($element['name']) || param_alphanumext('fs', null) != $element['name'] && !param_boolean($openparam, false))) {
$classes[] = 'collapsed';
}
}
$result .= ' class="' . implode(' ', $classes) . '"';
$result .= ">\n";
if (isset($element['legend'])) {
$result .= '<legend><h4>';
if (!empty($element['collapsible'])) {
$result .= '<a href="">' . Pieform::hsc($element['legend']) . '</a>';
if (isset($openparam)) {
$result .= '<input type="hidden" name="' . hsc($openparam) . '" class="open-fieldset-input" ' . 'value="' . intval(!in_array('collapsed', $classes)) . '">';
}
} else {
$result .= Pieform::hsc($element['legend']);
}
// Help icon
if (!empty($element['help'])) {
$function = $form->get_property('helpcallback');
if (function_exists($function)) {
$result .= $function($form, $element);
} else {
$result .= '<span class="help"><a href="" title="' . Pieform::hsc($element['help']) . '" onclick="return false;">?</a></span>';
}
}
$result .= "</h4></legend>\n";
}
if (!empty($element['renderer']) && $element['renderer'] == 'multicolumnfieldsettable') {
$result .= _render_elements_as_multicolumn($form, $element);
} else {
foreach ($element['elements'] as $subname => $subelement) {
if ($subelement['type'] == 'hidden') {
throw new PieformException("You cannot put hidden elements in fieldsets");
}
$result .= "\t" . pieform_render_element($form, $subelement);
}
}
$result .= "</fieldset>\n";
return $result;
}
$samlconfig = get_config_plugin('auth', 'saml', 'simplesamlphpconfig');
// get all the things that we will need from the SAML authentication
// and then shutdown the session control
SimpleSAML_Configuration::init($samlconfig);
$saml_session = SimpleSAML_Session::getInstance();
// do we have a logout request?
if (param_variable("logout", false)) {
// logout the saml session
$sp = $saml_session->getAuthority();
if (!$sp) {
$sp = 'default-sp';
}
$as = new SimpleSAML_Auth_Simple($sp);
$as->logout($CFG->wwwroot);
}
$sp = param_alphanumext('as', 'default-sp');
if (!in_array($sp, SimpleSAML_Auth_Source::getSources())) {
$sp = 'default-sp';
}
$as = new SimpleSAML_Auth_Simple($sp);
// Check the SimpleSAMLphp config is compatible
$saml_config = SimpleSAML_Configuration::getInstance();
$session_handler = $saml_config->getString('session.handler', false);
$store_type = $saml_config->getString('store.type', false);
if ($store_type == 'phpsession' || $session_handler == 'phpsession' || empty($store_type) && empty($session_handler)) {
throw new AuthInstanceException(get_string('errorbadssphp', 'auth.saml'));
}
// what is the session like?
$valid_saml_session = $saml_session->isValid($sp);
// figure out what the returnto URL should be
$wantsurl = param_variable("wantsurl", false);
<?php
/**
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('STAFF', 1);
require dirname(dirname(__FILE__)) . '/init.php';
$type = param_alphanumext('type');
if (preg_match('/^([a-z]*_)?(viewtypes|weekly)$/', $type) || $type == 'institutions' || $type == 'grouptypes') {
header('Content-type: ' . 'image/png');
if (!get_config('nocache')) {
$maxage = 3600;
header('Expires: ' . gmdate('D, d M Y H:i:s', time() + $maxage) . ' GMT');
header('Cache-Control: max-age=' . $maxage);
header('Pragma: public');
}
readfile(get_config('dataroot') . 'images/' . $type . '.png');
exit;
}
<?php
/**
*
* @package mahara
* @subpackage core
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL version 3 or later
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
*
*/
define('INTERNAL', 1);
define('JSON', 1);
define('PUBLIC', 1);
define('NOSESSKEY', 1);
require dirname(dirname(__FILE__)) . '/init.php';
json_headers();
$plugintype = param_alpha('plugintype');
$pluginname = param_alpha('pluginname');
$page = param_alphanumext('page', null);
$section = param_alphanumext('section', null);
$form = param_alphanumext('form', null);
$element = param_alphanumext('element', null);
$data = get_helpfile($plugintype, $pluginname, $form, $element, $page, $section);
if (empty($data)) {
json_reply('local', get_string('nohelpfound'));
}
$json = array('error' => false, 'content' => $data);
json_reply(false, $json);
* @copyright For copyright information on Mahara, please see the README file distributed with this software.
* @copyright (C) 2010-2013 Gregor Anzelj <*****@*****.**>
*
*/
define('INTERNAL', 1);
define('ADMIN', 1);
define('MENUITEM', 'configsite/sitefonts');
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'admin');
define('SECTION_PAGE', 'deletefont');
require_once dirname(dirname(dirname(dirname(__FILE__)))) . '/init.php';
require_once 'pieforms/pieform.php';
if (!get_config('skins')) {
throw new FeatureNotEnabledException();
}
$font = param_alphanumext('font');
$fontdata = null;
$fontdata = get_record('skin_fonts', 'name', $font);
if ($fontdata == false) {
throw new AccessDeniedException("Font not found");
}
// Admins can not delete 'common' fonts
if ($fontdata->fonttype == 'common') {
throw new AccessDeniedException("Cannot delete this font");
}
define('TITLE', get_string('deletespecifiedfont', 'skin', $fontdata->title));
// Check to see if the font is being used in a skin and if so indicate this to admin
$usedinskins = 0;
$skins = get_records_array('skin');
if (is_array($skins)) {
foreach ($skins as $skin) {
$usertoken = is_null($mnettoken) && get_config('allowpublicviews') ? param_alphanum('t', null) : null;
if ($mnettoken) {
if (!($viewid = get_view_from_token($mnettoken, false))) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
} else {
if ($usertoken) {
if (!($viewid = get_view_from_token($usertoken, true))) {
throw new AccessDeniedException(get_string('accessdenied', 'error'));
}
} else {
if ($pageurl = param_alphanumext('page', null)) {
if ($profile = param_alphanumext('profile', null)) {
$view = new View(array('urlid' => $pageurl, 'ownerurlid' => $profile));
} else {
if ($homepage = param_alphanumext('homepage', null)) {
$view = new View(array('urlid' => $pageurl, 'groupurlid' => $homepage));
} else {
throw new ViewNotFoundException(get_string('viewnotfoundexceptiontitle', 'error'));
}
}
$viewid = $view->get('id');
} else {
$viewid = param_integer('id');
}
}
}
$new = param_boolean('new');
$showmore = param_boolean('showmore');
if (!$showmore) {
$showmore = 0;
define('TITLE', get_string('sitestatistics', 'admin'));
$type = param_alpha('type', 'users');
$subpages = array('users', 'groups', 'views', 'content', 'historical', 'institutions', 'logins');
$offset = param_integer('offset', 0);
$limit = param_integer('limit', 10);
if (!in_array($type, $subpages)) {
$type = 'users';
}
if ($type == 'historical') {
$field = param_alphanumext('field', 'count_usr');
}
if ($type == 'institutions' || $type == 'logins') {
$sort = param_alphanumext('sort', 'displayname');
$sortdesc = param_boolean('sortdesc');
$start = param_alphanumext('start', null);
$end = param_alphanumext('end', null);
}
$sitedata = site_statistics(true);
switch ($type) {
case 'logins':
$data = institution_logins_statistics($limit, $offset, $sort, $sortdesc, $start, $end);
break;
case 'institutions':
$data = institution_comparison_statistics($limit, $offset, $sort, $sortdesc);
break;
case 'historical':
$data = historical_statistics($limit, $offset, $field);
break;
case 'content':
$data = content_statistics($limit, $offset);
break;
/**
* Handles authentication by setting up a session for a user if they are logged
* in.
*
* This function combined with the Session class is smart - if the user is not
* logged in then they do not get a session, which prevents simple curl hits
* or search engine crawls to a page from getting sessions they won't use.
*
* Once the user has a session, they keep it even if the log out, so it can
* be reused. The session does expire, but the expiry time is typically a week
* or more.
*
* If the user is not authenticated for this page, then this function will
* exit, printing the login page. Therefore, after including init.php, you can
* be sure that the user is logged in, or has a valid guest key. However, no
* testing is done to make sure the user has the required permissions to see
* the page.
*
*/
function auth_setup()
{
global $SESSION, $USER;
// If the system is not installed, let the user through in the hope that
// they can fix this little problem :)
if (!get_config('installed')) {
$USER->logout();
return;
}
// Lock the site until core upgrades are done
require get_config('libroot') . 'version.php';
$siteclosed = $config->version > get_config('version');
$disablelogin = $config->disablelogin;
if (!$siteclosed && get_config('forcelocalupgrades')) {
require get_config('docroot') . 'local/version.php';
$siteclosed = $config->version > get_config('localversion');
}
$cfgsiteclosed = get_config('siteclosed');
if ($siteclosed && !$cfgsiteclosed || !$siteclosed && $cfgsiteclosed) {
// If the admin closed the site manually, open it automatically
// when an upgrade is successful.
if ($cfgsiteclosed && get_config('siteclosedbyadmin')) {
set_config('siteclosedbyadmin', false);
}
set_config('siteclosed', $siteclosed);
set_config('disablelogin', $disablelogin);
}
// Check the time that the session is set to log out. If the user does
// not have a session, this time will be 0.
$sessionlogouttime = $USER->get('logout_time');
// Need to doublecheck that the User's sessionid still has a match the usr_session table
// It can disappear if the current user has hacked the real user's account and the real user has
// reset the password clearing the session from usr_session.
$sessionexists = get_record('usr_session', 'usr', $USER->id, 'session', $USER->get('sessionid'));
$parentuser = $USER->get('parentuser');
if ($sessionlogouttime && isset($_GET['logout']) || $sessionexists === false && $USER->get('sessionid') != '' && empty($parentuser)) {
// Call the authinstance' logout hook
$authinstance = $SESSION->get('authinstance');
if ($authinstance) {
$authobj = AuthFactory::create($authinstance);
$authobj->logout();
} else {
log_debug("Strange: user " . $USER->get('username') . " had no authinstance set in their session");
}
if (function_exists('local_logout')) {
local_logout();
}
$USER->logout();
$SESSION->add_ok_msg(get_string('loggedoutok'));
redirect();
}
if ($sessionlogouttime > time()) {
// The session is still active, so continue it.
// Make sure that if a user's admin status has changed, they're kicked
// out of the admin section
if (in_admin_section()) {
// Reload site admin/staff permissions
$realuser = get_record('usr', 'id', $USER->id, null, null, null, null, 'admin,staff');
if (!$USER->get('admin') && $realuser->admin) {
// The user has been made into an admin
$USER->admin = 1;
} else {
if ($USER->get('admin') && !$realuser->admin) {
// The user's admin rights have been taken away
$USER->admin = 0;
}
}
if (!$USER->get('staff') && $realuser->staff) {
$USER->staff = 1;
} else {
if ($USER->get('staff') && !$realuser->staff) {
$USER->staff = 0;
}
}
// Reload institutional admin/staff permissions
$USER->reset_institutions();
auth_check_admin_section();
}
$USER->renew();
auth_check_required_fields();
} else {
if ($sessionlogouttime > 0) {
// The session timed out
$authinstance = $SESSION->get('authinstance');
if ($authinstance) {
$authobj = AuthFactory::create($authinstance);
$mnetuser = 0;
if ($SESSION->get('mnetuser') && $authobj->parent) {
// We wish to remember that the user is an MNET user - even though
// they're using the local login form
$mnetuser = $USER->get('id');
}
$authobj->logout();
$USER->logout();
if ($mnetuser != 0) {
$SESSION->set('mnetuser', $mnetuser);
$SESSION->set('authinstance', $authinstance);
}
} else {
log_debug("Strange: user " . $USER->get('username') . " had no authinstance set in their session");
}
if (defined('JSON')) {
json_reply('global', get_string('sessiontimedoutreload'), 1);
}
if (defined('IFRAME')) {
header('Content-type: text/html');
print_auth_frame();
exit;
}
// If the page the user is viewing is public, inform them that they can
// log in again
if (defined('PUBLIC')) {
// @todo this links to ?login - later it should do magic to make
// sure that whatever GET string is made it includes the old data
// correctly
$loginurl = $_SERVER['REQUEST_URI'];
$loginurl .= false === strpos($loginurl, '?') ? '?' : '&';
$loginurl .= 'login';
$SESSION->add_info_msg(get_string('sessiontimedoutpublic', 'mahara', hsc($loginurl)), false);
return;
}
auth_draw_login_page(get_string('sessiontimedout'));
} else {
// There is no session, so we check to see if one needs to be started.
// Build login form. If the form is submitted it will be handled here,
// and set $USER for us (this will happen when users hit a page and
// specify login data immediately
require_once 'pieforms/pieform.php';
$form = new Pieform(auth_get_login_form());
$SESSION->loginform = $form;
if ($USER->is_logged_in()) {
return;
}
// Check if the page is public or the site is configured to be public.
if (defined('PUBLIC') && !isset($_GET['login'])) {
if ($lang = param_alphanumext('lang', null)) {
$SESSION->set('lang', $lang);
}
return;
}
// No session and a json request
if (defined('JSON')) {
json_reply('global', get_string('nosessionreload'), 1);
}
auth_draw_login_page(null, $form);
exit;
}
}
}
define('PUBLIC', 1);
require dirname(dirname(dirname(__FILE__))) . '/init.php';
safe_require('artefact', 'survey');
json_headers();
function get_audio_player_code($wwwroot, $plugintype, $pluginname, $surveyname, $language, $filename)
{
$return = '<object width="290" height="30"';
$return .= '<param name="movie" value="' . $wwwroot . '/' . $plugintype . '/' . $pluginname . '/lib/wpaudioplayer/player.swf">';
$return .= '<param name="quality" value="high">';
$return .= '<param name="flashvars" value="playerID=1&soundFile=' . $wwwroot . '/' . $plugintype . '/' . $pluginname . '/surveys/' . $surveyname . '/' . $language . '/' . $filename . '">';
$return .= '<param name="wmode" value="transparent">';
$return .= '<p>Requires Flash Player 9 or better.</p>';
$return .= '<embed src="' . $wwwroot . '/' . $plugintype . '/' . $pluginname . '/lib/wpaudioplayer/player.swf" quality="high" wmode="transparent" flashvars="playerID=1&soundFile=' . $wwwroot . '/' . $plugintype . '/' . $pluginname . '/surveys/' . $surveyname . '/' . $language . '/' . $filename . '" width="290" height="30">';
$return .= '</embed>';
$return .= '</object>';
return $return;
}
$plugintype = param_alpha('plugintype');
$pluginname = param_alpha('pluginname');
$surveyname = param_alphanumext('survey');
$question = param_alphanumext('question');
$language = param_alphanumext('language', 'en.utf8');
$data = get_surveyhelpfile($plugintype, $pluginname, $surveyname, $question, $language);
// Replace <audio:filename.mp3> tag with HTML code for rendering flash wpaudioplayer...
$data = preg_replace('#<audio:([a-zA-Z0-9\\_\\-\\.]+)>#', get_audio_player_code(get_config('wwwroot'), $plugintype, $pluginname, $surveyname, $language, '$1'), $data);
if (empty($data)) {
json_reply('local', get_string('nohelpfound'));
}
$json = array('error' => false, 'content' => $data);
echo json_encode($json);
exit;