Example #1
0
function process_login()
{
    global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails;
    if (isset($_POST['uname'])) {
        $posted_uname = canonicalize_whitespace($_POST['uname']);
    } else {
        $posted_uname = '';
    }
    $pass = isset($_POST['pass']) ? $_POST['pass'] : '';
    $auth = get_auth_active_methods();
    $is_eclass_unique = is_eclass_unique();
    if (isset($_POST['submit'])) {
        unset($_SESSION['uid']);
        $auth_allow = 0;
        if (get_config('login_fail_check')) {
            $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n                                        AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n                                        AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
        }
        if (get_config('login_fail_check') && $r) {
            $auth_allow = 8;
        } else {
            $sqlLogin = "******";
            if (get_config('case_insensitive_usernames')) {
                $sqlLogin = "******";
            } else {
                $sqlLogin = "******";
            }
            $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n                                FROM user WHERE username {$sqlLogin}", $posted_uname);
            //print_r($result);
            // cas might have alternative authentication defined
            $exists = 0;
            if (!isset($_COOKIE) or count($_COOKIE) == 0) {
                // Disallow login when cookies are disabled
                $auth_allow = 5;
            } elseif ($pass === '') {
                // Disallow login with empty password
                $auth_allow = 4;
            } else {
                if ($myrow) {
                    $exists = 1;
                    if (!empty($auth)) {
                        if (in_array($myrow->password, $auth_ids)) {
                            // alternate methods login
                            $auth_allow = alt_login($myrow, $posted_uname, $pass);
                        } else {
                            // eclass login
                            $auth_allow = login($myrow, $posted_uname, $pass);
                        }
                    } else {
                        $tool_content .= "<br>{$langInvalidAuth}<br>";
                    }
                }
            }
            if (!$exists and !$auth_allow) {
                Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass));
                $auth_allow = 4;
            }
        }
        if (!isset($_SESSION['uid'])) {
            switch ($auth_allow) {
                case 1:
                    $warning .= "";
                    session_regenerate_id();
                    break;
                case 2:
                    $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
                    break;
                case 3:
                    $warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&amp;h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>";
                    break;
                case 4:
                    $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
                    increaseLoginFailure();
                    break;
                case 5:
                    $warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>";
                    break;
                case 6:
                    $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>";
                    break;
                case 7:
                    $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>";
                    break;
                case 8:
                    $warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>";
                    break;
                default:
                    break;
            }
        } else {
            Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')");
            if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
                $_SESSION['mail_verification_required'] = 1;
                $next = "modules/auth/mail_verify_change.php";
            } elseif (isset($_POST['next'])) {
                $next = $_POST['next'];
            } else {
                $next = '';
            }
            resetLoginFailure();
            redirect_to_home_page($next);
        }
    }
    // end of user authentication
}
Example #2
0
function register_posted_variables($var_array, $what = 'all', $callback = null)
{
    global $missing_posted_variables;
    if (!isset($missing_posted_variables)) {
        $missing_posted_variables = array();
    }
    $all_set = true;
    $any_set = false;
    foreach ($var_array as $varname => $required) {
        if (isset($_POST[$varname])) {
            $GLOBALS[$varname] = canonicalize_whitespace($_POST[$varname]);
            if ($required and empty($GLOBALS[$varname])) {
                $missing_posted_variables[$varname] = true;
                $all_set = false;
            }
            if (!empty($GLOBALS[$varname])) {
                $any_set = true;
            }
        } else {
            $GLOBALS[$varname] = '';
            if ($required) {
                $missing_posted_variables[$varname] = true;
                $all_set = false;
            }
        }
        if (is_callable($callback)) {
            $GLOBALS[$varname] = $callback($GLOBALS[$varname]);
        }
    }
    if ($what == 'any') {
        return $any_set;
    } else {
        return $all_set;
    }
}
 /**
  * A function to generate event block in month calendar
  * @param object $event event to format
  * @param string $color event color
  * @return icalendar list of user events
  */
 public static function icalendar()
 {
     $ical = "BEGIN:VCALENDAR" . PHP_EOL;
     $ical .= "VERSION:2.0" . PHP_EOL;
     $show_personal_bak = Calendar_Events::$calsettings->show_personal;
     $show_course_bak = Calendar_Events::$calsettings->show_course;
     $show_deadline_bak = Calendar_Events::$calsettings->show_deadline;
     $show_admin_bak = Calendar_Events::$calsettings->show_admin;
     Calendar_Events::set_calendar_settings(1, 1, 1, 1);
     Calendar_Events::get_calendar_settings();
     $eventlist = Calendar_Events::get_calendar_events();
     Calendar_Events::set_calendar_settings($show_personal_bak, $show_course_bak, $show_deadline_bak, $show_admin_bak);
     Calendar_Events::get_calendar_settings();
     $events = array();
     foreach ($eventlist as $event) {
         $ical .= "BEGIN:VEVENT" . PHP_EOL;
         $startdatetime = new DateTime($event->start);
         $ical .= "DTSTART:" . $startdatetime->format("Ymd\\THis") . PHP_EOL;
         $duration = new DateTime($event->duration);
         $ical .= "DURATION:" . $duration->format("\\P\\TH\\Hi\\Ms\\S") . PHP_EOL;
         $ical .= "SUMMARY:[" . strtoupper($event->event_group) . "] " . $event->title . PHP_EOL;
         $ical .= "DESCRIPTION:" . canonicalize_whitespace(strip_tags($event->content)) . PHP_EOL;
         if ($event->event_group == 'deadline') {
             $ical .= "BEGIN:VALARM" . PHP_EOL;
             $ical .= "TRIGGER:-PT24H" . PHP_EOL;
             $ical .= "DURATION:PT10H" . PHP_EOL;
             $ical .= "ACTION:DISPLAY" . PHP_EOL;
             $ical .= "DESCRIPTION:DEADLINE REMINDER for " . canonicalize_whitespace(strip_tags($event->title)) . PHP_EOL;
             $ical .= "END:VALARM" . PHP_EOL;
         }
         $ical .= "END:VEVENT" . PHP_EOL;
     }
     $ical .= "END:VCALENDAR" . PHP_EOL;
     return $ical;
 }
Example #4
0
function process_login() {
    global $warning, $surname, $givenname, $email, $status, $is_admin,
        $language, $session, $langInvalidId, $langAccountInactive1,
        $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer,
        $langHere, $auth_ids, $inactive_uid, $langTooManyFails, $urlAppend;

    if (isset($_POST['uname'])) {
        $posted_uname = canonicalize_whitespace($_POST['uname']);
    } else {
        $posted_uname = '';
    }

    $pass = isset($_POST['pass']) ? trim($_POST['pass']): '';
    $auth = get_auth_active_methods();

    if (isset($_POST['submit'])) {
        unset($_SESSION['uid']);
        $auth_allow = 0;

        if (get_config('login_fail_check')) {
            $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
                                        AND COUNT > " . intval(get_config('login_fail_threshold')) . "
                                        AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
        }
        if (get_config('login_fail_check') && $r) {
            $auth_allow = 8;
        } else {
            $sqlLogin = "******";
            if (get_config('case_insensitive_usernames')) {
                $sqlLogin = "******";
            } else {
                $sqlLogin = "******";
            }
            $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail
                                FROM user WHERE username $sqlLogin", $posted_uname);
            $guest_user = get_config('course_guest') != 'off' && $myrow && $myrow->status == USER_GUEST;

            // cas might have alternative authentication defined
            $exists = 0;
            if (!isset($_COOKIE) or count($_COOKIE) == 0) {
                // Disallow login when cookies are disabled
                $auth_allow = 5;
            } elseif ($pass === '' and !$guest_user) {
                // Disallow login with empty password except for course guest users
                $auth_allow = 4;
            } else {
                if ($myrow) {
                    $exists = 1;
                    if (!empty($auth)) {
                        if (in_array($myrow->password, $auth_ids)) {
                            // alternate methods login
                            $auth_allow = alt_login($myrow, $posted_uname, $pass);
                        } else {
                            // eclass login
                            $auth_allow = login($myrow, $posted_uname, $pass);
                        }
                    } else {
                        $tool_content .= "<br>$langInvalidAuth<br>";
                    }
                }
            }
            if (!$exists and !$auth_allow) {
                Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname));
                $auth_allow = 4;
            }
        }

        $invalidIdMessage = sprintf($langInvalidId, $urlAppend . 'modules/auth/registration.php');
        if (!isset($_SESSION['uid'])) {
            switch ($auth_allow) {
                case 1:
                    session_regenerate_id();
                    break;
                case 2:
                    if (isset($_GET['login_page'])) {
                        Session::flash('login_error', $invalidIdMessage);
                        redirect_to_home_page('main/login_form.php');
                    } else {
                        $warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>";
                    }
                    break;
                case 3: $warning .= "<div class='alert alert-warning'>$langAccountInactive1 " .
                            "<a href='modules/auth/contactadmin.php?userid=$inactive_uid&amp;h=" .
                            token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></div>";
                    break;
                case 4:
                    if (isset($_GET['login_page'])) {
                        Session::flash('login_error', $invalidIdMessage);
                        redirect_to_home_page('main/login_form.php');
                    } else {
                        $warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>";
                        increaseLoginFailure();
                    }
                    break;
                case 5: $warning .= "<div class='alert alert-warning'>$langNoCookies</div>";
                    break;
                case 6: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></div>";
                    break;
                case 7: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></div>";
                    break;
                case 8: $warning .= "<div class='alert alert-warning'>$langTooManyFails</div>";
                    break;
                default:
                    break;
            }
        } else {
            Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) "
                    . "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')");
            $session->setLoginTimestamp();
            if (get_config('email_verification_required') and
                    get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
                $_SESSION['mail_verification_required'] = 1;
                $next = 'modules/auth/mail_verify_change.php';
            } elseif (isset($_POST['next'])) {
                $next = $_POST['next'];
            } else {
                $next = '';
            }
            resetLoginFailure();
            redirect_to_home_page($next);
        }
    }  // end of user authentication
}
Example #5
0
                    Session::Messages("{$langErrorDelete}: {$line}", 'alert-danger');
                    redirect_to_home_page('modules/admin/multideluser.php');
                }
            }
        }
    }
    redirect_to_home_page('modules/admin/multideluser.php');
} else {
    $usernames = '';
    if (isset($_POST['dellall_submit'])) {
        // get the incoming values
        $search = isset($_POST['search']) ? $_POST['search'] : '';
        $c = isset($_POST['c']) ? intval($_POST['c']) : '';
        $lname = isset($_POST['lname']) ? $_POST['lname'] : '';
        $fname = isset($_POST['fname']) ? $_POST['fname'] : '';
        $uname = isset($_POST['uname']) ? canonicalize_whitespace($_POST['uname']) : '';
        $am = isset($_POST['am']) ? $_POST['am'] : '';
        $verified_mail = isset($_POST['verified_mail']) ? intval($_POST['verified_mail']) : 3;
        $user_type = isset($_POST['user_type']) ? $_POST['user_type'] : '';
        $auth_type = isset($_POST['auth_type']) ? $_POST['auth_type'] : '';
        $email = isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : '';
        $reg_flag = isset($_POST['reg_flag']) ? intval($_POST['reg_flag']) : '';
        $hour = isset($_POST['hour']) ? $_POST['hour'] : 0;
        $minute = isset($_POST['minute']) ? $_POST['minute'] : 0;
        // Criteria/Filters
        $criteria = array();
        $terms = array();
        if (isset($_POST['date']) or $hour or $minute) {
            $date = explode('-', $_POST['date']);
            if (count($date) == 3) {
                $day = intval($date[0]);
Example #6
0
         if (Database::get()->query("UPDATE document SET filename=?s WHERE {$group_sql} AND path = ?s", $_POST['renameTo'] . '.xml', $_POST['sourceFile'] . '.xml')->affectedRows > 0) {
             metaRenameDomDocument($basedir . $_POST['sourceFile'] . '.xml', $_POST['renameTo']);
         }
     }
     Session::Messages($langElRen, 'alert-success');
     redirect_to_home_page($redirect_base_url, true);
 }
 // Step 1: Show rename dialog box
 if (isset($_GET['rename'])) {
     $fileName = Database::get()->querySingle("SELECT filename FROM document\n                                             WHERE {$group_sql} AND\n                                                   path = ?s", $_GET['rename'])->filename;
     $dialogBox .= "\n            \n            <div id='rename_doc_file' class='row'>\n                <div class='col-xs-12'>\n                    <div class='form-wrapper'>\n                        <form class='form-horizontal' role='form' method='post' action='{$_SERVER['SCRIPT_NAME']}?course={$course_code}'>\n                            <fieldset>                                \n                                    <input type='hidden' name='sourceFile' value='" . q($_GET['rename']) . "' />\n                                    {$group_hidden_input}\n                                    <div class='form-group'>\n                                        <label for='renameTo' class='col-sm-2 control-label word-wrapping' >" . q($fileName) . "</label>\n                                        <div class='col-sm-10'>\n                                            <input class='form-control' type='text' name='renameTo' value='" . q($fileName) . "' />\n                                        </div>\n                                    </div>\n                                    <div class='form-group'>\n                                        <div class='col-sm-offset-2 col-sm-10'>\n                                            <input class='btn btn-primary' type='submit' value='{$langRename}' >\n                                        </div>\n                                    </div>\n                            </fieldset>\n                        </form>\n                    </div>\n                </div>\n            </div>";
 }
 // create directory
 // step 2: create the new directory
 if (isset($_POST['newDirPath'])) {
     $newDirName = canonicalize_whitespace($_POST['newDirName']);
     if (!empty($newDirName)) {
         $newDirPath = make_path($_POST['newDirPath'], array($newDirName));
         // $path_already_exists: global variable set by make_path()
         if ($path_already_exists) {
             $action_message = "<div class='alert alert-danger'>{$langFileExists}</div>";
         } else {
             $r = Database::get()->querySingle("SELECT id FROM document WHERE {$group_sql} AND path = ?s", $newDirPath);
             Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $r->id);
             $action_message = "<div class='alert alert-success'>{$langDirCr}</div>";
         }
     }
 }
 // step 1: display a field to enter the new dir name
 if (isset($_GET['createDir'])) {
     $createDir = q($_GET['createDir']);
Example #7
0
function quote($s) {
    return "'" . addslashes(canonicalize_whitespace($s)) . "'";
}
Example #8
0
$require_help = true;
$helpTopic = 'User';
require_once '../../include/baseTheme.php';
require_once 'include/log.php';
$toolName = $langUsers;
$pageName = $langAddManyUsers;
$navigation[] = array("url" => "index.php?course={$course_code}", "name" => $langUsers);
$tool_content .= action_bar(array(array('title' => $langBack, 'url' => "index.php?course={$course_code}", 'icon' => 'fa-reply', 'level' => 'primary')));
if (isset($_POST['submit'])) {
    $ok = array();
    $not_found = array();
    $existing = array();
    $field = $_POST['type'] == 'am' ? 'am' : 'username';
    $line = strtok($_POST['user_info'], "\n");
    while ($line !== false) {
        $userid = finduser(canonicalize_whitespace($line), $field);
        if (!$userid) {
            $not_found[] = $line;
        } else {
            if (adduser($userid, $course_id)) {
                $ok[] = $userid;
            } else {
                $existing[] = $userid;
            }
        }
        $line = strtok("\n");
    }
    if (count($not_found)) {
        $tool_content .= "<div class='alert alert-warning'>{$langUsersNotExist}<br>";
        foreach ($not_found as $uname) {
            $tool_content .= q($uname) . '<br>';
Example #9
0
require_once 'modules/create_course/functions.php';
$toolName = $langMultiCourse;
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin);
$tool_content .= action_bar(array(array('title' => $langBack, 'url' => "index.php", 'icon' => 'fa-reply', 'level' => 'primary-label')));
if (isset($_POST['submit'])) {
    $line = strtok($_POST['courses'], "\n");
    $departments = isset($_POST['department']) ? $_POST['department'] : array();
    // validation in case it skipped JS validation for department(s)
    if (count($departments) < 1 || empty($departments[0])) {
        Session::Messages($langEmptyAddNode);
        header("Location:" . $urlServer . "modules/admin/multicourse.php");
        exit;
    }
    $vis = intval($_POST['formvisible']);
    while ($line !== false) {
        $line = canonicalize_whitespace($line);
        if (!empty($line)) {
            $info = explode('|', $line);
            $title = $info[0];
            $prof_uid = null;
            $prof_not_found = false;
            if (isset($info[1])) {
                $prof_info = trim($info[1]);
                $prof_uid = find_prof(trim($info[1]));
                if ($prof_info and !$prof_uid) {
                    $prof_not_found = true;
                }
            }
            if ($prof_uid) {
                $prof_name = uid_to_name($prof_uid);
            } else {
Example #10
0
function storeDelosResources($jsonObj) {
    global $course_id;
    $submittedResources = $_POST['delosResources'];
    $submittedCategory = $_POST['selectcategory'];

    foreach ($submittedResources as $rid) {
        $stored = Database::get()->querySingle("SELECT id 
            FROM videolink 
            WHERE course_id = ?d 
            AND category = ?d 
            AND url LIKE '%rid=" . $rid . "'", $course_id, $submittedCategory);
        foreach ($jsonObj->resources as $resource) {
            if ($resource->resourceID === $rid) {
                $vL = $resource->videoLecture;
                $url = $jsonObj->playerBasePath . '?rid=' . $rid;
                $title = $vL->title;
                $description = $vL->description;
                $creator = $vL->rights->creator->name;
                $publisher = $vL->organization->name;
                $date = $vL->date;

                if ($stored) {
                    $id = $stored->id;
                    $q = Database::get()->query("UPDATE videolink SET 
                        url = ?s, title = ?s, description = ?s, creator = ?s, publisher = ?s, date = ?t 
                        WHERE course_id = ?d 
                        AND category = ?d 
                        AND id = ?d", canonicalize_url($url), $title, $description, $creator, $publisher, $date, $course_id, $submittedCategory, $id);
                } else {
                    $q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date)
                        VALUES (?d, ?s, ?s, ?s, ?d, ?s, ?s, ?t)', $course_id, canonicalize_url($url), $title, $description, $submittedCategory, $creator, $publisher, $date);
                    $id = $q->lastInsertID;
                }
                Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id);
                $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
                Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, array('id' => $id,
                    'url' => canonicalize_url($url),
                    'title' => $title,
                    'description' => $txt_description));
            }
        }
    }
}
Example #11
0
                    $tool_content .= "<div class='alert alert-success'>$langFileNot<br>
                                                <a href='$_SERVER[SCRIPT_NAME]?course=$course_code'>$langBack</a></div>";
                    draw($tool_content, $menuTypeID, null, $head_content);
                    exit;
                }
                
                $path = '/' . $safe_filename;
                $url = $file_name;
                $id = Database::get()->query('INSERT INTO video
                                                       (course_id, path, url, title, description, category, creator, publisher, date)
                                                       VALUES (?s, ?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)'
                                , $course_id, $path, $url, $_POST['title'], $_POST['description'], $_POST['selectcategory']
                                , $_POST['creator'], $_POST['publisher'], $_POST['date'])->lastInsertID;

                Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEO, $id);
                $txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+');
                Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id,
                    'path' => $path,
                    'url' => $_POST['url'],
                    'title' => $_POST['title'],
                    'description' => $txt_description));
                $tool_content .= "<div class='alert alert-success'>$langFAdd</div>";
            }
        }
        Session::Messages($langFAdd, "alert-success");
        redirect_to_home_page("modules/video/index.php");
    } // end of add_submit
    if (isset($_POST['add_submit_delos'])) {
        if (isset($_POST['delosResources'])) {
            $jsonObj = requestDelosJSON();
            storeDelosResources($jsonObj);
Example #12
0
 /**
  * Deletes an existing note and logs the action 
  * @param int $noteid id in table note
  */
 public static function delete_note($noteid){
     global $uid;
     $note = Database::get()->querySingle("SELECT title, content FROM note WHERE id = ?d ", $noteid);
     $content = ellipsize_html(canonicalize_whitespace(strip_tags($note->content)), 50, '+');
     Database::get()->query("DELETE FROM note WHERE id = ?d", $noteid);
     Indexer::queueAsync(Indexer::REQUEST_REMOVE, Indexer::RESOURCE_NOTE, $noteid);
     Log::record(0, MODULE_ID_NOTES, LOG_DELETE, array('user_id' => $uid, 'id' => $noteid,
         'title' => $note->title,
         'content' => $content));
 }
Example #13
0
            require_once 'modules/auth/methods/imapform.php';
            break;
        case 4:
            require_once 'modules/auth/methods/ldapform.php';
            break;
        case 5:
            require_once 'modules/auth/methods/dbform.php';
            break;
        case 6:
            require_once 'modules/auth/methods/shibform.php';
            break;
        case 7:
            require_once 'modules/auth/methods/casform.php';
            break;
        default:
            break;
    }
    if ($auth != 6 && $auth != 7) {
        $tool_content .= "\n                <div class='alert alert-info'>{$langTestAccount}</div>\n                <div class='form-group'>\n                    <label for='test_username' class='col-sm-2 control-label'>{$langUsername}:</label>\n                    <div class='col-sm-10'>\n                        <input class='form-control' type='text' name='test_username' id='test_username' value='" . q(canonicalize_whitespace($test_username)) . "' autocomplete='off'>\n                    </div>\n                </div>\n                <div class='form-group'>\n                    <label for='test_password' class='col-sm-2 control-label'>{$langPass}:</label>\n                    <div class='col-sm-10'>\n                        <input class='form-control' type='password' name='test_password' id='test_password' value='" . q($test_password) . "' autocomplete='off'>\n                    </div>\n                </div>";
    }
    $tool_content .= "\n                <div class='form-group'>\n                    <div class='col-sm-10 col-sm-offset-2'>\n                        <input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'>\n                        <a class='btn btn-default' href='auth.php'>{$langCancel}</a>                \n                    </div>\n                </div>\n            </fieldset>\n        </form>\n    </div>";
}
draw($tool_content, 3);
function pack_settings($settings)
{
    $items = array();
    foreach ($settings as $key => $value) {
        $items[] = "{$key}={$value}";
    }
    return implode('|', $items);
}
Example #14
0
 }
 if (!empty($_POST['id'])) {
     $id = intval($_POST['id']);
     Database::get()->query("UPDATE announcement SET content = ?s, title = ?s, `date` = " . DBHelper::timeAfter() . ", start_display = ?t, stop_display = ?t  WHERE id = ?d", $newContent, $antitle, $start_display, $stop_display, $id);
     $log_type = LOG_MODIFY;
     $message = "<div class='alert alert-success'>{$langAnnModify}</div>";
 } else {
     // add new announcement
     $orderMax = Database::get()->querySingle("SELECT MAX(`order`) AS maxorder FROM announcement\n                                                   WHERE course_id = ?d", $course_id)->maxorder;
     $order = $orderMax + 1;
     // insert
     $id = Database::get()->query("INSERT INTO announcement\n                                         SET content = ?s,\n                                             title = ?s, `date` = " . DBHelper::timeAfter() . ",\n                                             course_id = ?d, `order` = ?d,\n                                             visible = 1,\n                                             start_display = ?t,\n                                             stop_display = ?t", $newContent, $antitle, $course_id, $order, $start_display, $stop_display)->lastInsertID;
     $log_type = LOG_INSERT;
 }
 Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_ANNOUNCEMENT, $id);
 $txt_content = ellipsize_html(canonicalize_whitespace(strip_tags($_POST['newContent'])), 50, '+');
 Log::record($course_id, MODULE_ID_ANNOUNCE, $log_type, array('id' => $id, 'email' => $send_mail, 'title' => $_POST['antitle'], 'content' => $txt_content));
 // send email
 if ($send_mail) {
     $recipients_emaillist = "";
     foreach ($_POST['recipients'] as $re) {
         $recipients_emaillist .= empty($recipients_emaillist) ? "'{$re}'" : ",'{$re}'";
     }
     $emailContent = "{$professorMessage}: " . q($_SESSION['givenname']) . " " . q($_SESSION['surname']) . "<br>\n<br>\n" . q($_POST['antitle']) . "<br>\n<br>\n" . $_POST['newContent'];
     $emailSubject = "{$professorMessage} ({$public_code} - " . q($title) . " - {$langAnnouncement})";
     // select students email list
     $countEmail = 0;
     $invalid = 0;
     $recipients = array();
     $emailBody = html2text($emailContent);
     $linkhere = "&nbsp;<a href='{$urlServer}main/profile/emailunsubscribe.php?cid={$course_id}'>{$langHere}</a>.";
Example #15
0
/**
 * @brief Enter the modified info submitted from the category form into the database
 * @global type $course_id
 * @global type $langCategoryAdded
 * @global type $langCategoryModded
 * @global type $categoryname
 * @global type $description
 */
function submit_category() {
    global $course_id, $langCategoryAdded, $langCategoryModded,
    $categoryname, $description;

    register_posted_variables(array('categoryname' => true,
                                    'description' => true), 'all', 'trim');
    $set_sql = "SET name = ?s, description = ?s";
    $terms = array($categoryname, purify($description));

    if (isset($_POST['id'])) {
        $id = getDirectReference($_POST['id']);
        Database::get()->query("UPDATE `link_category` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id);
        $log_type = LOG_MODIFY;
    } else {
        $order = Database::get()->querySingle("SELECT MAX(`order`) as maxorder FROM `link_category`
                                      WHERE course_id = ?d", $course_id)->maxorder;
        $order++;
        $id = Database::get()->query("INSERT INTO `link_category` $set_sql, course_id = ?d, `order` = ?d", $terms, $course_id, $order)->lastInsertID;
        $log_type = LOG_INSERT;
    }
    $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
    Log::record($course_id, MODULE_ID_LINKS, $log_type, array('id' => $id,
        'category' => $categoryname,
        'description' => $txt_description));
}
Example #16
0
 * @brief  Allows platform admin to login as another user without asking for password
 */
$require_admin = true;
require_once '../../include/baseTheme.php';
$pageName = $langChangeUser;
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin);
if (isset($_REQUEST['username'])) {
    $sql = "SELECT user.id, surname, username, password, givenname, status, email,\n                   admin.user_id AS is_admin, lang\n                FROM user LEFT JOIN admin ON user.id = admin.user_id\n                WHERE username ";
    if (get_config('case_insensitive_usernames')) {
        $sql .= '= ?s';
    } else {
        $sql .= 'COLLATE utf8_bin = ?s';
    }
    $myrow = Database::get()->querySingle($sql, $_REQUEST['username']);
    if ($myrow) {
        $_SESSION['uid'] = $myrow->id;
        $_SESSION['surname'] = $myrow->surname;
        $_SESSION['givenname'] = $myrow->givenname;
        $_SESSION['status'] = $myrow->status;
        $_SESSION['email'] = $myrow->email;
        $_SESSION['is_admin'] = !!$myrow->is_admin;
        // double 'not' to handle NULL
        $_SESSION['uname'] = $myrow->username;
        $_SESSION['langswitch'] = $myrow->lang;
        redirect_to_home_page();
    } else {
        $tool_content = "<div class='alert alert-danger'>" . sprintf($langChangeUserNotFound, canonicalize_whitespace(q($_POST['username']))) . "</div>";
    }
}
$tool_content .= "<div class='form-wrapper'>\n            <form class='form-horizontal' role='form' action='{$_SERVER['SCRIPT_NAME']}' method='post'>\n            <div class='form-group'>\n            <label for = 'username' class='col-sm-3 control-label'>{$langUsername}:</label>\n                <div class='col-sm-9'>\n                    <input id='username' type='text' name='username' placeholder='{$langUsername}'>\n                </div>\n            </div>\n        </form>\n        </div>";
draw($tool_content, 3);
Example #17
0
function notify_users($forum_id, $forum_name, $topic_id, $subject, $message, $topic_date) {
    global $logo, $langNewForumNotify, $course_code, $course_code, $course_id, $langForumFrom,
        $uid, $langBodyForumNotify, $langInForums, $urlServer, $langdate, $langSender,
        $langCourse, $langCategory, $langForum, $langSubject, $langNote,
        $langLinkUnsubscribe, $langHere, $charset, $langMailBody;

    $subject_notify = "$logo - $langNewForumNotify";
    $category_id = forum_category($forum_id);
    $cat_name = category_name($category_id);
    $c = course_code_to_title($course_code);
    $name = uid_to_name($uid);
    $title = course_id_to_title($course_id);

    $header_html_topic_notify = "<!-- Header Section -->
    <div id='mail-header'>
        <br>
        <div>
            <div id='header-title'>$langBodyForumNotify <a href='{$urlServer}courses/$course_code'>".q($title)."</a>.</div>
            <ul id='forum-category'>
                <li><span><b>$langCategory:</b></span> <span>" . q($cat_name) . "</span></li>
                <li><span><b>$langForum:</b></span> <span><a href='{$urlServer}modules/forum/viewforum.php?course=$course_code&amp;forum=$forum_id'>" . q($forum_name) . "</a></span></li>
                <li><span><b>$langForumFrom :</b></span> <span>$name</span></li>
                <li><span><b>$langdate:</b></span> <span> $topic_date </span></li>
            </ul>
        </div>
    </div>";
    
    $body_html_topic_notify = "<!-- Body Section -->
    <div id='mail-body'>
        <br>
        <div><b>$langSubject:</b> <span class='left-space'><a href='{$urlServer}modules/forum/viewforum.php?course=$course_code&amp;forum=$forum_id&amp;topic=$topic_id'>" . q($subject) . "</a></span></div><br>
        <div><b>$langMailBody:</b></div>
        <div id='mail-body-inner'>
            $message
        </div>
    </div>";

    $footer_html_topic_notify = "<!-- Footer Section -->
    <div id='mail-footer'>
        <br>
        <div>
            <small>" . sprintf($langLinkUnsubscribe, q($title)) ." <a href='${urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langHere</a></small>
        </div>
    </div>";

    $html_topic_notify = $header_html_topic_notify.$body_html_topic_notify.$footer_html_topic_notify;

    $plain_message = html2text($message);
    $plain_topic_notify = "$langBodyForumNotify $langInForums\n" .
       "$langSender: $name\n" .
       "$langCourse: $title\n    {$urlServer}courses/$course_code/\n" .
       "$langCategory: $cat_name\n" .
       "$langForum: $forum_name\n    {$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id\n" . 
       "$langSubject: $subject\n    {$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id&topic=$topic_id\n" . 
       "--------------------------------------------\n$plain_message\n" .
       "--------------------------------------------\n" .
       "$langNote: " . canonicalize_whitespace(str_replace('<br />', "\n", sprintf($langLinkUnsubscribe, q($title)))) .
       " $langHere:\n${urlServer}main/profile/emailunsubscribe.php?cid=$course_id\n";

    $users = Database::get()->queryArray("SELECT DISTINCT user_id FROM forum_notify
			WHERE (forum_id = ?d OR cat_id = ?d)
			AND notify_sent = 1 AND course_id = ?d AND user_id != ?d", $forum_id, $category_id, $course_id, $uid);
    $email = array();
    foreach ($users as $user) {
        if (get_user_email_notification($user->user_id, $course_id)) {
            $email[] = uid_to_email($user->user_id);
        }
    }
    send_mail_multipart('', '', '', $email, $subject_notify, $plain_topic_notify, $html_topic_notify, $charset);
}
Example #18
0
     if (!empty($email)) {
         send_mail($siteName, $emailAdministrator, '', $email, $emailsubject, $emailbody, $charset, "Reply-To: {$emailhelpdesk}");
     }
     $myrow = Database::get()->querySingle("SELECT id, surname, givenname FROM user WHERE id = ?d", $last_id);
     if ($myrow) {
         $uid = $myrow->id;
         $surname = $myrow->surname;
         $givenname = $myrow->givenname;
     }
     if (!$vmail) {
         Database::get()->query("INSERT INTO loginout SET id_user = {$uid}, ip = '{$_SERVER['REMOTE_ADDR']}',`when` = NOW(), action = 'LOGIN'");
         $_SESSION['uid'] = $uid;
         $_SESSION['status'] = USER_STUDENT;
         $_SESSION['givenname'] = $givenname;
         $_SESSION['surname'] = $surname;
         $_SESSION['uname'] = canonicalize_whitespace($username);
         $tool_content .= "<div class='alert alert-success'><p>{$greeting},</p><p>";
         $tool_content .= !empty($email) ? $langPersonalSettings : $langPersonalSettingsLess;
         $tool_content .= "</p></div>\n                                                <br /><br />\n                                                <p>{$langPersonalSettingsMore}</p>";
     } else {
         $tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$langMailVerificationSuccess}: <strong>{$email}</strong></div>\n                                                <p>{$langMailVerificationSuccess4}.<br /><br />{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>";
     }
 } elseif (empty($_SESSION['uname_app_exists'])) {
     $email_verification_required = get_config('email_verification_required');
     if (!$email_verification_required) {
         $verified_mail = 2;
     } else {
         $verified_mail = 0;
     }
     // check if mail address is valid
     if (!empty($email) and !email_seems_valid($email)) {
Example #19
0
        exit();
    }

    echo RESPONSE_OK;
    exit();
}


if (isset($_POST['uname']) && isset($_POST['pass'])) {
    $require_noerrors = true;
    require_once ('minit.php');
    require_once ('include/CAS/CAS.php');
    require_once ('modules/auth/auth.inc.php');
    require_once ('include/phpass/PasswordHash.php');

    $uname = canonicalize_whitespace($_POST['uname']);
    $pass = $_POST['pass'];

    foreach (array_keys($_SESSION) as $key) {
        unset($_SESSION[$key]);
    }

    $sqlLogin = (get_config('case_insensitive_usernames')) ? "COLLATE utf8_general_ci = ?s" : "COLLATE utf8_bin = ?s";
    $myrow = Database::get()->querySingle("SELECT * FROM user WHERE username $sqlLogin", $uname);
    
    if (get_config('login_fail_check')) {
        $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
                                    AND COUNT > " . intval(get_config('login_fail_threshold')) . "
                                    AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
    }
    if (get_config('login_fail_check') && $r) {
Example #20
0
    
    $missing = register_posted_variables($var_arr);

    if (!isset($_POST['department'])) {
        $departments = array();
        $missing = false;
    } else {
        $departments = $_POST['department'];
    }

    $registration_errors = array();
    // check if there are empty fields
    if (!$missing) {
        $registration_errors[] = $langFieldsMissing;
    } else {
        $uname = canonicalize_whitespace($uname);
        // check if the username is already in use
        $username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $uname);
        if ($username_check) {
            $registration_errors[] = $langUserFree;
        }
        if ($display_captcha) {
            // captcha check
            require_once 'include/securimage/securimage.php';
            $securimage = new Securimage();
            if ($securimage->check($_POST['captcha_code']) == false) {
                $registration_errors[] = $langCaptchaWrong;
            }
        }
    }
    if (!empty($email) and !email_seems_valid($email)) {
Example #21
0
     Log::record(0, 0, LOG_PROFILE, array('uid' => intval($_SESSION['uid']), 'addimage' => 1, 'imagetype' => $type));
 }
 // check if email is valid
 if (get_config('email_required') | get_config('email_verification_required') and !email_seems_valid($email_form)) {
     Session::Messages($langEmailWrong);
     redirect_to_home_page("main/profile/profile.php");
 }
 // check if there are empty fields
 if (!$all_ok) {
     Session::Messages($langFieldsMissing);
     redirect_to_home_page("main/profile/profile.php");
 }
 if (!$allow_username_change) {
     $username_form = $_SESSION['uname'];
 }
 $username_form = canonicalize_whitespace($username_form);
 // check if username exists
 if ($username_form != $_SESSION['uname']) {
     $username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $username_form);
     if ($username_check) {
         Session::Messages($langUserFree);
         redirect_to_home_page("main/profile/profile.php");
     }
 }
 // TODO: Allow admin to configure allowed username format
 if (!empty($email_form) && $email_form != $_SESSION['email'] && get_config('email_verification_required')) {
     $verified_mail_sql = ", verified_mail = " . EMAIL_UNVERIFIED;
 } else {
     $verified_mail_sql = '';
 }
 // everything is ok
Example #22
0
   /**
      * A function to generate event block in month calendar
      * @param object $event event to format
      * @param string $color event color
      * @return icalendar list of user events
     */
   function icalendar($cid){
       global $course_id;
       if(!isset($course_id)){
           $course_id=$cid;
       }
       $ical = "BEGIN:VCALENDAR".PHP_EOL;
       $ical .= "VERSION:2.0".PHP_EOL;

       $eventlist = get_course_events();
       foreach($eventlist as $event){
           $ical .= "BEGIN:VEVENT".PHP_EOL;
           $startdatetime = new DateTime($event->start);
           $ical .= "DTSTART:".$startdatetime->format("Ymd\THis").PHP_EOL;
           $duration = new DateTime($event->duration);
           $ical .= "DURATION:".$duration->format("\P\TH\Hi\Ms\S").PHP_EOL;
           $ical .= "SUMMARY:[".strtoupper($event->event_group)."] ".$event->title.PHP_EOL;
           $ical .= "DESCRIPTION:".canonicalize_whitespace(strip_tags($event->content)).PHP_EOL;
           if($event->event_group == 'deadline')
           {
               $ical .= "BEGIN:VALARM".PHP_EOL;
               $ical .= "TRIGGER:-PT24H".PHP_EOL;
               $ical .= "DURATION:PT10H".PHP_EOL;
               $ical .= "ACTION:DISPLAY".PHP_EOL;
               $ical .= "DESCRIPTION:DEADLINE REMINDER for ".canonicalize_whitespace(strip_tags($event->title)).PHP_EOL;
               $ical .= "END:VALARM".PHP_EOL;
           }
           $ical .= "END:VEVENT".PHP_EOL;
       }
       $ical .= "END:VCALENDAR".PHP_EOL;
       return $ical;
   }
Example #23
0
if ($_SESSION['u_prof'] and !$alt_auth_prof_reg) {
    $tool_content .= "<div class='alert alert-danger'>$langForbidden</div>";
    draw($tool_content, 0);
    exit;
}
$tool_content .= "<div class='form-wrapper'>";
$tool_content .= "<form class='form-horizontal' role='form' method='post' action='altsearch.php'>";
$tool_content .= "<fieldset>" . q($settings['auth_instructions']) . "";

if (isset($_SESSION['prof']) and $_SESSION['prof']) {
    $tool_content .= "<input type='hidden' name='p' value='1'>";
}

if (($auth != 7) and ($auth != 6)) {
    $set_uname = isset($_GET['uname']) ? (" value='" . q(canonicalize_whitespace($_GET['uname'])) . "'") : '';
    $tool_content .= "<div class='form-group'>
                        <label for='UserName' class='col-sm-2 control-label'>$langUsername</label>
                        <div class='col-sm-10'>
                            <input type='text' size='30' maxlength='30' name='uname' autocomplete='off' $set_uname placeholder='$langUserNotice'>
                        </div>
                    </div>
                    <div class='form-group'>
                        <label for='Pass' class='col-sm-2 control-label'>$langPass</label>
                        <div class='col-sm-10'>
                            <input type='password' size='30' maxlength='30' name='passwd' autocomplete='off' placeholder='$langPass'>
                        </div>
                    </div>";
}

$tool_content .= "<input type='hidden' name='auth' value='$auth'>";
Example #24
0
     case 11:
     case 12:
     case 13:
         require_once 'modules/auth/methods/hybridauthform.php'; //generic HybridAuth form for provider settings
         hybridAuthForm($auth);
         break;
     default:
         break;
 }
 if ($auth > 1 and $auth < 6) {
     $tool_content .= "
             <div class='alert alert-info'>$langTestAccount</div>
             <div class='form-group'>
                 <label for='test_username' class='col-sm-2 control-label'>$langUsername:</label>
                 <div class='col-sm-10'>
                     <input class='form-control' type='text' name='test_username' id='test_username' value='" . q(canonicalize_whitespace($test_username)) . "' autocomplete='off'>
                 </div>
             </div>
             <div class='form-group'>
                 <label for='test_password' class='col-sm-2 control-label'>$langPass:</label>
                 <div class='col-sm-10'>
                     <input class='form-control' type='password' name='test_password' id='test_password' value='" . q($test_password) . "' autocomplete='off'>
                 </div>
             </div>";
 }
 $tool_content .= "
             <div class='form-group'>
                 <div class='col-sm-10 col-sm-offset-2'>
                     <input class='btn btn-primary' type='submit' name='submit' value='$langModify'>
                     <a class='btn btn-default' href='auth.php'>$langCancel</a>
                 </div>
Example #25
0
function submit_category() {
    global $course_id, $langCategoryAdded, $langCategoryModded,
    $categoryname, $description, $langFormErrors, $course_code;
			
	
    register_posted_variables(array('categoryname' => true,
                                    'description' => true), 'all', 'trim');
    $set_sql = "SET name = ?s, description = ?s";
    $terms = array($categoryname, purify($description));
	$v = new Valitron\Validator($_POST);
	$v->rule('required', array('categoryname'));
	if($v->validate()) {

		if (isset($_POST['id'])) {
			$id = getDirectReference($_POST['id']);
			Database::get()->query("UPDATE `group_category` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id);
			$log_type = LOG_MODIFY;
		}
		else {
			$id = Database::get()->query("INSERT INTO `group_category` $set_sql, course_id = ?d", $terms, $course_id)->lastInsertID;
			$log_type = LOG_INSERT;
		}

    $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+');
    Log::record($course_id, MODULE_ID_LINKS, $log_type, array('id' => $id,
        'category' => $categoryname,
        'description' => $txt_description));
	} 
	else {
        Session::flashPost()->Messages($langFormErrors)->Errors($v->errors());
        redirect_to_home_page("modules/group/group_category.php?course=$course_code&addcategory=1");
		}

}