redirect("public/");
}
} elseif ($settings['subject_authentication'] == 'migration') {
// if we migrate
if ($participant_id) {
$participant = orsee_db_load_array("participants", $participant_id, "participant_id");
// if pw exists, the send to login page
if ($participant['password_crypted']) {
if (isset($mobile) && $mobile) {
redirect("public/participant_login_mob.php");
} else {
redirect("public/participant_login.php");
}
} else {
// prepare password reset: generate token, save token to db and session
$participant['pwreset_token'] = create_random_token(get_entropy($participant));
$pars = array(':token' => $participant['pwreset_token'], ':participant_id' => $participant['participant_id'], ':now' => time());
$query = "UPDATE " . table('participants') . " \n\t\t\t\t\t\t\t\t\tSET pwreset_token = :token,\n\t\t\t\t\t\t\t\t\tpwreset_request_time = :now \n\t\t\t\t\t\t\t\t\tWHERE participant_id= :participant_id";
$done = or_query($query, $pars);
$_SESSION['pw_reset_token'] = $participant['pwreset_token'];
// send to pw rest page
message(lang('please_choose_a_password_for_your_account'));
redirect("public/participant_reset_pw.php");
}
} else {
// and if we only allow username/passsword, send to login page
if (isset($mobile) && $mobile) {
redirect("public/participant_login_mob.php");
} else {
redirect("public/participant_login.php");
}
}
}
}
}
if ($continue) {
$participant = $_REQUEST;
unset($_SESSION['pauthdata']['pw_provided']);
unset($_SESSION['pauthdata']['submitted_checked_pw']);
unset($_SESSION['captcha_string']);
$new_id = participant__create_participant_id($participant);
$participant['participant_id'] = $new_id['participant_id'];
$participant['participant_id_crypt'] = $new_id['participant_id_crypt'];
if ($settings['subject_authentication'] != 'token') {
$participant['password_crypted'] = unix_crypt($participant['password']);
}
$participant['confirmation_token'] = create_random_token(get_entropy($participant));
$participant['creation_time'] = time();
$participant['last_profile_update'] = $participant['creation_time'];
$participant['status_id'] = 0;
$participant['subpool_id'] = $_SESSION['subpool_id'];
if (!isset($participant['language']) || !$participant['language']) {
$participant['language'] = $settings['public_standard_language'];
}
$done = orsee_db_save_array($participant, "participants", $participant['participant_id'], "participant_id");
if ($done) {
log__participant("subscribe", $participant['lname'] . ', ' . $participant['fname']);
$proceed = false;
$done = experimentmail__confirmation_mail($participant);
message(lang('successfully_registered'));
redirect("public/");
} else {
function cas_authenticate($url, $conn, $ticket = NULL)
{
// Case 0: No ticket. Go to CAS.
if (!$ticket) {
header("Location: https://sso.pdx.edu/cas/login?service=" . $url);
exit;
}
// Case 1: Just got back from CAS. Verify.
$link = "https://sso.pdx.edu/cas/proxyValidate?ticket=" . $ticket . "&service=" . $url;
$cas_username = get_url($link, NULL);
// Error if invalid CAS ticket.
if (strpos($cas_username, "cas:authenticationFailure") !== false) {
exit("Your CAS ticket was not valid");
}
// Assign user-specific variables
$matches = array();
preg_match("#<cas:UID>(.*?)</cas:UID>#", $cas_username, $matches);
$user = $matches[1];
$email = $user . "@pdx.edu";
$username = array();
preg_match("#<cas:DISPLAY_NAME>(.*?)</cas:DISPLAY_NAME>#", $cas_username, $username);
$tokens = explode(" ", $username[1]);
// Query the database
$SQL = "SELECT * FROM or_participants WHERE Email = ?";
$query = $conn->prepare($SQL);
$query->bindParam(1, $email, PDO::PARAM_STR);
$query->execute();
$row = $query->fetch();
// This user doesn't exist. Add to the database.
if (!$row) {
// Assign some variables.
$now = date('Ymd');
$pending_update = 'y';
$language = "en";
$status_id = 0;
$subscriptions = "|1|,|2|";
// students get subscribed to everything
$new_id = participant__create_participant_id($tokens);
// Prepare the SQL statement
$SQL = 'INSERT INTO or_participants (
subpool_id,
subscriptions,
rules_signed,
status_id,
pending_profile_update_request,
language,
email,
fname,
lname,
last_activity,
confirmation_token,
participant_id,
participant_id_crypt
) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)';
// Bind the params
$result = $conn->prepare($SQL);
$result->bindParam(1, $_SESSION['subpool_id'], PDO::PARAM_INT);
$result->bindParam(2, $subscriptions, PDO::PARAM_STR);
$result->bindParam(3, $_SESSION['rules'], PDO::PARAM_STR);
$result->bindParam(4, $status_id, PDO::PARAM_INT);
$result->bindParam(5, $pending_update, PDO::PARAM_STR);
$result->bindParam(6, $language, PDO::PARAM_STR);
$result->bindParam(7, $email, PDO::PARAM_STR);
$result->bindParam(8, $tokens[0], PDO::PARAM_STR);
$result->bindParam(9, $tokens[1], PDO::PARAM_STR);
$result->bindParam(10, $now, PDO::PARAM_STR);
$result->bindParam(11, create_random_token(get_entropy($tokens)), PDO::PARAM_STR);
$result->bindParam(12, $new_id['participant_id'], PDO::PARAM_STR);
$result->bindParam(13, $new_id['participant_id_crypt'], PDO::PARAM_STR);
$outcome = $result->execute();
// DB operation failed somehow
if (!$outcome) {
exit("An error occurred. Please try again later or contact the system administrator if the issue persists.");
}
// Get the freshly added row from the database and send the confirmation email.
$query->execute();
$row = $query->fetch();
experimentmail__confirmation_mail($row);
}
// Error if inactive user
if ($row['locked'] == 1) {
exit("User is inactive. Please contact the system administrator.");
}
// User exists in our DB, so just use that one.
setcookie("cookieUserName", $user, time() + 60 * 60 * 24 * 365);
return $row;
}
