$res = Database::get()->query("INSERT INTO user_request SET\n\t\t\tgivenname = ?s, surname = ?s, username = ?s, email = ?s,\n\t\t\tam = ?s, faculty_id = ?d, phone = ?s,\n\t\t\tstate = 1, status = {$status},\n\t\t\tverified_mail = ?d, date_open = " . DBHelper::timeAfter() . ",\n\t\t\tcomment = ?s, lang = ?s, request_ip = ?s", $givenname, $surname, $username, $usermail, $am, $department, $userphone, $verified_mail, $usercomment, $language, $_SERVER['REMOTE_ADDR']);
$request_id = $res->lastInsertID;
// email does not need verification -> mail helpdesk
if (!$email_verification_required) {
//----------------------------- Email Request Message --------------------------
$dep_body = $tree->getFullPath($department);
$subject = $prof ? $mailsubject : $mailsubject2;
$MailMessage = $mailbody1 . $mailbody2 . "{$givenname} {$surname}\n\n" . $mailbody3 . $mailbody4 . $mailbody5 . ($prof ? $mailbody6 : $mailbody8) . "\n\n{$langFaculty}: {$dep_body}\n{$langComments}: {$usercomment}\n" . "{$langAm}: {$am}\n" . "{$langProfUname}: {$username}\n{$langProfEmail} : {$usermail}\n" . "{$contactphone}: {$userphone}\n\n\n{$logo}\n\n";
$emailAdministrator = get_config('email_sender');
if (!send_mail($siteName, $emailAdministrator, '', $emailhelpdesk, $subject, $MailMessage, $charset, "Reply-To: {$usermail}")) {
$tool_content .= "<div class='alert alert-warning'>{$langMailErrorMessage} <a href='mailto:{$emailhelpdesk}' class='mainpage'>{$emailhelpdesk}</a>.</div>";
}
// User Message
$tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$success}</div><p>{$infoprof}<br /><br />{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>";
} else {
$hmac = token_generate($username . $usermail . $request_id);
//----------------------------- Email Verification -----------------------
$subject = $langMailVerificationSubject;
$MailMessage = sprintf($mailbody1 . $langMailVerificationBody1, $urlServer . 'modules/auth/mail_verify.php?h=' . $hmac . '&rid=' . $request_id);
$emailhelpdesk = get_config('email_helpdesk');
$emailAdministrator = get_config('email_sender');
if (!send_mail($siteName, $emailAdministrator, '', $usermail, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) {
$mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $usermail, $urlServer . "modules/auth/registration.php", "<a href='mailto:{$emailhelpdesk}' class='mainpage'>{$emailhelpdesk}</a>.</div>");
$tool_content .= $mail_ver_error;
draw($tool_content, 0);
exit;
}
// User Message
$tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "<br />{$langMailVerificationSuccess}\n\t\t\t{$langMailVerificationSuccess2}</div><br /><p>{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>";
}
draw($tool_content, 0);
}
echo "<div class='row margin-right-thin margin-left-thin margin-top-thin'>
<div class='col-xs-12'>
<div class='alert $class text-center'>
$str_1[0]
</div>
</div>
</div>\n";
} else {
$user_id = (int) trim($str_1[1]);
$str_2 = explode(' - ', $str_1[0]);
$datetime = $str_2[0];
$str_3 = explode(' : ', $str_2[1]);
$username = $str_3[0];
$usertext = $str_3[1];
$token = token_generate($user_id, true);
echo "<div class='row margin-right-thin margin-left-thin margin-top-thin'>
<div class='col-xs-12'>
<div class='media'>
<a class='media-left' href='{$urlServer}main/profile/display_profile.php?id=$user_id&token=$token'>
". profile_image($user_id, IMAGESIZE_SMALL) ."
</a>
<div class='media-body bubble'>
<div class='label label-success media-heading'>$datetime</div>
<small>$langBlogPostUser ". display_user($user_id, false, false) ."</small>
<div class='margin-top-thin'>
" . $usertext . "
</div>
</div>
</div>
</div>
}
} elseif (isset($_POST['send_link'])) {
$email = isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : '';
$userName = isset($_POST['userName']) ? canonicalize_whitespace($_POST['userName']) : '';
/* * *** If valid e-mail address was entered, find user and send email **** */
$res = Database::get()->querySingle("SELECT u.id, u.surname, u.givenname, u.username, u.password, u.status FROM user u\n\t LEFT JOIN admin a ON (a.user_id = u.id)\n\t WHERE u.email = ?s AND\n\t BINARY u.username = ?s AND \n\t a.user_id IS NULL AND \n\t (u.last_passreminder IS NULL OR DATE_SUB(CURRENT_TIMESTAMP, INTERVAL 1 HOUR) >= u.last_passreminder)", $email, $userName);
//exclude admins and currently pending requests
$found_editable_password = false;
if ($res) {
$text = $langPassResetIntro . $emailhelpdesk;
$text .= $langHowToResetTitle;
if (password_is_editable($res->password)) {
$found_editable_password = true;
//prepare instruction for password reset
$text .= $langPassResetGoHere;
$text .= $urlServer . "modules/auth/lostpass.php?u={$res->id}&h=" . token_generate('password' . $res->id, true);
// store the timestamp of this action (password reminding and token generation)
Database::get()->query("UPDATE user SET last_passreminder = CURRENT_TIMESTAMP WHERE id = ?d", $res->id);
} else {
//other type of auth...
$auth = array_search($res->password, $auth_ids) or 1;
$tool_content = "<div class='alert alert-danger'>\n <p><strong>{$langPassCannotChange1}</strong></p>\n <p>{$langPassCannotChange2} " . get_auth_info($auth) . ". {$langPassCannotChange3} <a href='mailto:{$emailhelpdesk}'>{$emailhelpdesk}</a> {$langPassCannotChange4}</p>\n {$homelink}</div>";
}
/* * *** Account details found, now send e-mail **** */
if ($found_editable_password) {
$emailsubject = $lang_remind_pass;
if (!send_mail('', '', '', $email, $emailsubject, $text, $charset)) {
$tool_content = "<div class='alert alert-danger'>\n <p><strong>{$langAccountEmailError1}</strong></p>\n <p>{$langAccountEmailError2} {$email}.</p>\n <p>{$langAccountEmailError3} <a href='mailto:{$emailhelpdesk}'>{$emailhelpdesk}</a>.</p></div>\n {$homelink}";
} elseif (!isset($auth)) {
$tool_content .= "<div class='alert alert-success'>{$lang_pass_email_ok} <strong>" . q($email) . "</strong></div>{$homelink}";
}
$q1 = Database::get()->query("INSERT INTO user_request SET\n givenname = ?s, surname = ?s, username = ?s, password = '******',\n email = ?s, faculty_id = ?d, phone = ?s,\n am = ?s, state = 1, status = ?d, verified_mail = ?d,\n date_open = " . DBHelper::timeAfter() . ", comment = ?s, lang = ?s,\n request_ip = ?s", $givenname_form, $surname_form, $uname, $email, $depid, $userphone, $am, $status, $verified_mail, $usercomment, $language, $_SERVER['REMOTE_ADDR']);
$request_id = $q1->lastInsertID;
// email does not need verification -> mail helpdesk
if (!$email_verification_required) {
$emailAdministrator = get_config('email_sender');
// send email
$MailMessage = $mailbody1 . $mailbody2 . "{$givenname_form} {$surname_form}\n\n" . $mailbody3 . $mailbody4 . $mailbody5 . "{$mailbody6}\n\n" . "{$langFaculty}: " . $tree->getFullPath($depid) . "\n \n{$langComments}: {$usercomment}\n" . "{$langProfUname} : {$uname}\n{$langProfEmail} : {$email}\n" . "{$contactphone} : {$userphone}\n\n\n{$logo}\n\n";
if (!send_mail($siteName, $emailAdministrator, $gunet, $emailhelpdesk, $mailsubject, $MailMessage, $charset, "Reply-To: {$email}")) {
$tool_content .= "<div class='alert alert-warning'>{$langMailErrorMessage} <a href='mailto:{$emailhelpdesk}'>{$emailhelpdesk}</a></div>";
draw($tool_content, 0);
exit;
}
$tool_content .= "<div class='alert alert-success'>{$greeting},<br />{$success}<br /></div><p>{$infoprof}</p><br />\n <p>« <a href='{$urlServer}'>{$langBack}</a></p>";
} else {
// email needs verification -> mail user
$hmac = token_generate($uname . $email . $request_id);
$emailhelpdesk = get_config('email_helpdesk');
$emailAdministrator = get_config('email_sender');
$subject = $langMailVerificationSubject;
$MailMessage = sprintf($mailbody1 . $langMailVerificationBody1, $urlServer . 'modules/auth/mail_verify.php?ver=' . $hmac . '&rid=' . $request_id);
if (!send_mail($siteName, $emailAdministrator, '', $email, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) {
$mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $email, $urlServer . "modules/auth/registration.php", "<a href='mailto:{$emailhelpdesk}' class='mainpage'>{$emailhelpdesk}</a>.</div>");
$tool_content .= $mail_ver_error;
draw($tool_content, 0);
exit;
}
// User Message
$tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$langMailVerificationSuccess}: <strong>{$email}</strong></div>\n <p>{$langMailVerificationSuccess4}.<br /><br />{$click} <a href='{$urlServer}'\n class='mainpage'>{$langHere}</a> {$langBackPage}</p>";
}
} elseif (!empty($_SESSION['uname_app_exists'])) {
$tool_content .= "<div class='alert alert-danger'>{$langUserFree3}<br><br>{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</div>";
$ebook_url_base = "{$urlServer}modules/ebook/show.php/$course_code/$ebook_id/";
if ($show_orphan_file and $file_path) {
if (!preg_match('/\.html?$/i', $file_path)) {
if (!$is_in_playmode)
send_file_by_url_file_path($file_path);
else {
require_once 'include/lib/multimediahelper.class.php';
$path_components = explode('/', str_replace('//', chr(1), $file_path));
$file_info = public_path_to_disk_path($path_components, '');
$mediaPath = file_url($file_info->path, $file_info->filename);
$mediaURL = $urlServer . 'modules/ebook/document.php?course=' . $course_code . '&ebook_id=' . $ebook_id . '&download=' . $file_info->path;
$token = token_generate($file_info->path, true);
$mediaAccess = $mediaPath . '?token=' . $token;
echo MultimediaHelper::mediaHtmlObjectRaw($mediaAccess, $mediaURL, $mediaPath);
exit();
}
}
}
$pageName = $langEBook;
if ($unit !== false) {
$exit_fullscreen_link = $urlAppend . "modules/units/index.php?course=$course_code&id=$unit";
$unit_parameter = 'unit=' . $unit;
} else {
$exit_fullscreen_link = $urlAppend . "modules/ebook/index.php?course_code=$course_code";
$unit_parameter = '';
if (isset($_SESSION['mail_verification_required'])) {
unset($_SESSION['mail_verification_required']);
}
header("Location:" . $urlServer);
exit;
}
if (!empty($_POST['submit'])) {
if (!empty($_POST['email']) && email_seems_valid($_POST['email'])) {
$email = $_POST['email'];
// user put a new email address update db and session
if ($email != $_SESSION['email']) {
$_SESSION['email'] = $email;
Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid);
}
//send new code
$hmac = token_generate($_SESSION['uname'] . $email . $uid);
$subject = $langMailChangeVerificationSubject;
$MailMessage = sprintf($mailbody1 . $langMailVerificationChangeBody, $urlServer . 'modules/auth/mail_verify.php?h=' . $hmac . '&id=' . $uid);
$emailhelpdesk = get_config('email_helpdesk');
$emailAdministrator = get_config('email_sender');
if (!send_mail($siteName, $emailAdministrator, '', $email, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) {
$mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $email, $urlServer . "auth/registration.php", "<a href='mailto:" . q($emailhelpdesk) . "' class='mainpage'>" . q($emailhelpdesk) . "</a>.</div>");
$tool_content .= $mail_ver_error;
} else {
$tool_content .= "<div class='alert alert-success'>{$langMailVerificationSuccess4}</div> ";
}
} else {
$tool_content .= "<div class='alert alert-danger'>{$langMailVerificationWrong}</div> ";
}
} elseif (!empty($_SESSION['mail_verification_required']) && $_SESSION['mail_verification_required'] === 1) {
$tool_content .= "<div class='alert alert-info'>{$langMailVerificationReq}</div> ";
function process_login()
{
global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails;
if (isset($_POST['uname'])) {
$posted_uname = canonicalize_whitespace($_POST['uname']);
} else {
$posted_uname = '';
}
$pass = isset($_POST['pass']) ? $_POST['pass'] : '';
$auth = get_auth_active_methods();
$is_eclass_unique = is_eclass_unique();
if (isset($_POST['submit'])) {
unset($_SESSION['uid']);
$auth_allow = 0;
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$auth_allow = 8;
} else {
$sqlLogin = "******";
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname);
//print_r($result);
// cas might have alternative authentication defined
$exists = 0;
if (!isset($_COOKIE) or count($_COOKIE) == 0) {
// Disallow login when cookies are disabled
$auth_allow = 5;
} elseif ($pass === '') {
// Disallow login with empty password
$auth_allow = 4;
} else {
if ($myrow) {
$exists = 1;
if (!empty($auth)) {
if (in_array($myrow->password, $auth_ids)) {
// alternate methods login
$auth_allow = alt_login($myrow, $posted_uname, $pass);
} else {
// eclass login
$auth_allow = login($myrow, $posted_uname, $pass);
}
} else {
$tool_content .= "<br>{$langInvalidAuth}<br>";
}
}
}
if (!$exists and !$auth_allow) {
Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass));
$auth_allow = 4;
}
}
if (!isset($_SESSION['uid'])) {
switch ($auth_allow) {
case 1:
$warning .= "";
session_regenerate_id();
break;
case 2:
$warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
break;
case 3:
$warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>";
break;
case 4:
$warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>";
increaseLoginFailure();
break;
case 5:
$warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>";
break;
case 6:
$warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>";
break;
case 7:
$warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>";
break;
case 8:
$warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>";
break;
default:
break;
}
} else {
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')");
if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
$next = "modules/auth/mail_verify_change.php";
} elseif (isset($_POST['next'])) {
$next = $_POST['next'];
} else {
$next = '';
}
resetLoginFailure();
redirect_to_home_page($next);
}
}
// end of user authentication
}
function hybridauth_login() {
//this is needed so as to include the HybridAuth error codes
global $language, $language_codes, $siteName, $Institution, $InstitutionUrl;
if (isset($language)) {
// include_messages
include "lang/$language/common.inc.php";
$extra_messages = "config/{$language_codes[$language]}.inc.php";
if (file_exists($extra_messages)) {
include $extra_messages;
} else {
$extra_messages = false;
}
include "lang/$language/messages.inc.php";
if ($extra_messages) {
include $extra_messages;
}
}
// end HybridAuth messages inclusion
global $warning;
// include HubridAuth libraries
require_once 'modules/auth/methods/hybridauth/config.php';
require_once 'modules/auth/methods/hybridauth/Hybrid/Auth.php';
$config = get_hybridauth_config();
// check for errors and whatnot
$warning = '';
if (isset($_GET['error'])) {
Session::Messages(q(trim(strip_tags($_GET['error']))));
}
// if user select a provider to login with
// then inlcude hybridauth config and main class
// then try to authenticate te current user
// finally redirect him to his profile page
if (isset($_GET['provider'])) {
try {
// create an instance for Hybridauth with the configuration file path as parameter
$hybridauth = new Hybrid_Auth($config);
// set selected provider name
$provider = @trim(strip_tags($_GET["provider"]));
// try to authenticate the selected $provider
$adapter = $hybridauth->authenticate( $provider );
// grab the user profile
$user_data = $adapter->getUserProfile();
//user profile debug print
//echo $user_data->displayName;
//echo $user_data->email;
//echo $user_data->photoURL;
//echo $user_data->identifier;
} catch (Exception $e) {
// In case we have errors 6 or 7, then we have to use Hybrid_Provider_Adapter::logout() to
// let hybridauth forget all about the user so we can try to authenticate again.
// Display the recived error,
// to know more please refer to Exceptions handling section on the userguide
switch($e->getCode()) {
case 0: Session::Messages($GLOBALS['langProviderError1']); break;
case 1: Session::Messages($GLOBALS['langProviderError2']); break;
case 2: Session::Messages($GLOBALS['langProviderError3']); break;
case 3: Session::Messages($GLOBALS['langProviderError4']); break;
case 4: Session::Messages($GLOBALS['langProviderError5']); break;
case 5: Session::Messages($GLOBALS['langProviderError6']); break;
case 6: Session::Messages($GLOBALS['langProviderError7']); $adapter->logout(); break;
case 7: Session::Messages($GLOBALS['langProviderError8']); $adapter->logout(); break;
}
// debug messages for hybridauth errors
//$warning .= "<br /><br /><b>Original error message:</b> " . $e->getMessage();
//$warning .= "<hr /><pre>Trace:<br />" . $e->getTraceAsString() . "</pre>";
return false;
}
} //endif( isset( $_GET["provider"] ) && $_GET["provider"] )
// *****************************
// from here on runs an alternative version of proccess_login() where
// instead of a password, the provider user id is used and matched against
// the corresponding field in the db table.
global $surname, $givenname, $email, $status, $is_admin, $language,
$langInvalidId, $langAccountInactive1, $langAccountInactive2,
$langNoCookies, $langEnterPlatform, $urlServer, $langHere,
$auth_ids, $inactive_uid, $langTooManyFails;
$pass = $user_data->identifier; //password = provider user id
$auth = get_auth_active_methods();
//$is_eclass_unique = is_eclass_unique();
unset($_SESSION['uid']);
$auth_allow = 0;
if (get_config('login_fail_check')) {
$r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "'
AND COUNT > " . intval(get_config('login_fail_threshold')) . "
AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail");
}
if (get_config('login_fail_check') && $r) {
$auth_allow = 8;
} else {
$auth_id = array_search(strtolower($provider), $auth_ids);
$myrow = Database::get()->querySingle("SELECT user.id, surname,
givenname, password, username, status, email, lang,
verified_mail, uid
FROM user, user_ext_uid
WHERE user.id = user_ext_uid.user_id AND
user_ext_uid.auth_id = ?d AND
user_ext_uid.uid = ?s",
$auth_id, $user_data->identifier);
$exists = 0;
if (!isset($_COOKIE) or count($_COOKIE) == 0) {
// Disallow login when cookies are disabled
$auth_allow = 5;
} elseif ($myrow) {
$exists = 1;
if (!empty($auth)) {
if (in_array($myrow->password, $auth_ids)) {
// alternate methods login
//$auth_allow = alt_login($myrow, $provider, $pass); //this should NOT be called during HybridAuth!
} else {
// eclass login
$auth_allow = login($myrow, $provider, $pass, $provider);
}
} else {
$tool_content .= "<br>$langInvalidAuth<br>";
}
}
if (!$exists and !$auth_allow) {
// Since HybridAuth was used and there is not user id matched in the db, send the user to the registration form.
header('Location: ' . $urlServer . 'modules/auth/registration.php?provider=' . $provider);
// from this point and on, the code does not need to run since the user is redirected to the registration page
$auth_allow = 4;
}
}
if (!isset($_SESSION['uid'])) {
switch ($auth_allow) {
case 1:
session_regenerate_id();
break;
case 2:
$warning .= "<p class='alert alert-warning'>$langInvalidId</p>";
break;
case 3:
$warning .= "<p class='alert alert-warning'>$langAccountInactive1 " .
"<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" .
token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></p>";
break;
case 4:
$warning .= "<p class='alert alert-warning'>$langInvalidId</p>";
increaseLoginFailure();
break;
case 5:
$warning .= "<p class='alert alert-warning'>$langNoCookies</p>";
break;
case 6:
$warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></p>";
break;
case 7:
$warning .= "<p class='alert alert-info'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></p>";
break;
case 8:
$warning .= "<p class='alert alert-danger''>$langTooManyFails</p>";
break;
}
} else {
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) "
. "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')");
if (get_config('email_verification_required') and
get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
$next = "modules/auth/mail_verify_change.php";
} elseif (isset($_POST['next'])) {
$next = $_POST['next'];
} else {
$next = '';
}
resetLoginFailure();
redirect_to_home_page($next);
}
}
function register()
{
$param = json_decode(file_get_contents('php://input'), true);
//用户名
$username = $param['username'];
if (empty($username)) {
err_ret(-205, 'lack of param', '缺少参数');
}
//密码
$password = $param['password'];
if (empty($password)) {
err_ret(-205, 'lack of param', '缺少参数');
}
//昵称
$nicker = $param['nicker'];
if (empty($nicker)) {
err_ret(-205, 'lack of param', '缺少参数');
}
$gender = $param['gender'];
if ($gender != 0 && $gender != 1) {
$gender = 0;
//默认 男
}
//头像
$header = $param['header'];
if (empty($header)) {
$header = '';
}
//短信验证码
$verifycode = $param['verifycode'];
if (empty($verifycode)) {
err_ret(-306, 'lack of param verfiy', '验证码不能为空');
}
//注册时间
$regtime = time();
$model = new Model('user_info');
//判断手机号是否注册过
$data['username'] = $username;
$result = $model->where($data)->select();
if (count($result) > 0) {
err_ret(-305, 'phone number is registered', '手机号已经注册过');
}
//数据库插入一条记录,生成新用户
$data['username'] = $username;
$data['password'] = $password;
$data['nicker'] = $nicker;
$data['header'] = $header;
$data['regtime'] = $regtime;
$data['gender'] = $gender;
$lastId = $model->add($data);
if (!$lastId) {
err_ret(-311, 'register add new user failed', '注册添加新用户时失败');
}
//删除此用户临时短信验证码
$delete_model = new Model('verify_tmp');
$condition['phone'] = $username;
$condition['verifycode'] = $verifycode;
$delete_model->where($condition)->delete();
// 删除id为最大的用户的短信验证码
//生成用户token并保存
$token = token_generate($lastId);
$where['id'] = $lastId;
$save['xtoken'] = $token;
$count = $model->where($where)->save($save);
if ($count == 0) {
err_ret(-501, 'save token failed', '保存token失败');
}
//注册环信
Vendor('EasemobApi.EasemobApi');
$ease = new \Easemob();
$result_arr = $ease->registerUser($username, $password, $nicker);
if (isset($result_arr['error'])) {
$delete_data['username'] = $username;
$model->where($delete_data)->delete();
err_ret(-205, 'failed registered', '注册失败');
}
$info['errno'] = 0;
$info['xtoken'] = $token;
$info['data']['nicker'] = $nicker;
$info['data']['header'] = $header;
$info['data']['uid'] = $lastId;
echo json_encode($info);
}
function display_user($user, $print_email = false, $icon = true, $class = "")
{
global $langAnonymous, $urlAppend;
if (count($user) == 0) {
return '-';
} elseif (is_array($user)) {
$begin = true;
$html = '';
foreach ($user as $user_data) {
if (!isset($user->user_id)) {
if ($begin) {
$begin = false;
} else {
$html .= '<br>';
}
$html .= display_user($user_data->user_id, $print_email);
}
}
return $html;
} elseif (!is_array($user)) {
$r = Database::get()->querySingle("SELECT id, surname, givenname, email, has_icon FROM user WHERE id = ?d", $user);
if ($r) {
$user = $r;
} else {
if ($icon) {
return profile_image(0, IMAGESIZE_SMALL) . ' ' . $langAnonymous;
} else {
return $langAnonymous;
}
}
}
if ($print_email) {
$email = trim($user->email);
$print_email = $print_email && !empty($email);
}
if ($icon) {
$icon = profile_image($user->id, IMAGESIZE_SMALL, true) . ' ';
}
if (!empty($class)) {
$class_str = "class='{$class}'";
} else {
$class_str = "";
}
$token = token_generate($user->id, true);
return "{$icon}<a {$class_str} href='{$urlAppend}main/profile/display_profile.php?id={$user->id}&token={$token}'>" . q($user->givenname) . " " . q($user->surname) . "</a>" . ($print_email ? ' (' . mailto(trim($user->email), 'e-mail address hidden') . ')' : '');
}
LEFT JOIN admin a ON (a.user_id = u.id)
WHERE u.email = ?s AND
BINARY u.username = ?s AND
a.user_id IS NULL AND
(u.last_passreminder IS NULL OR DATE_SUB(CURRENT_TIMESTAMP, INTERVAL 1 HOUR) >= u.last_passreminder)", $email, $userName); //exclude admins and currently pending requests
$found_editable_password = false;
if ($res) {
$text = $langPassResetIntro . $emailhelpdesk;
$text .= $langHowToResetTitle;
if (password_is_editable($res->password)) {
$found_editable_password = true;
//prepare instruction for password reset
$text .= $langPassResetGoHere;
$text .= $urlServer . "modules/auth/lostpass.php?u=$res->id&h=" .
token_generate('password' . $res->id, true);
// store the timestamp of this action (password reminding and token generation)
Database::get()->query("UPDATE user SET last_passreminder = CURRENT_TIMESTAMP WHERE id = ?d" , $res->id);
} else { //other type of auth...
$auth = array_search($res->password, $auth_ids) or 1;
$tool_content = "<div class='alert alert-danger'>
<p><strong>$langPassCannotChange1</strong></p>
<p>$langPassCannotChange2 " . get_auth_info($auth) .
". $langPassCannotChange3 <a href='mailto:$emailhelpdesk'>$emailhelpdesk</a> $langPassCannotChange4</p>
$homelink</div>";
}
/* * *** Account details found, now send e-mail **** */
if ($found_editable_password) {
$emailsubject = $lang_remind_pass;
if (!send_mail('', '', '', $email, $emailsubject, $text, $charset)) {
* Contact address: GUnet Asynchronous eLearning Group,
* Network Operations Center, University of Athens,
* Panepistimiopolis Ilissia, 15784, Athens, Greece
* e-mail: info@openeclass.org
* ======================================================================== */
$require_current_course = true;
$guest_allowed = true;
require_once '../../include/baseTheme.php';
require_once 'include/lib/multimediahelper.class.php';
require_once 'include/lib/mediaresource.factory.php';
require_once 'include/action.php';
$action = new action();
$action->record(MODULE_ID_VIDEO);
// ----------------------
// play video
// ----------------------
$row = Database::get()->querySingle("SELECT * FROM video WHERE course_id = ?d AND id = ?d", $course_id, $_GET['id']);
if ($row) {
$vObj = MediaResourceFactory::initFromVideo($row);
$token = token_generate($row->path, true); // generate new token
$vObj->setAccessURL($vObj->getAccessURL() . '&token=' . $token); // append token to accessurl
echo MultimediaHelper::mediaHtmlObject($vObj);
} else {
header("Location: ${urlServer}modules/video/index.php?course=$course_code");
}
/**
* Function used to print a honeypot
*
* This implements multiple mechanism to prevent bots on forms.
* hp field will be hidden via JavaScript - only bots will fill it out.
* hpr field will be removed via JavaScript - only bots will leave it in.
* hp_token will contain a session token bound to this session user + form
* hp_timestamp the current time.
*/
function getHoneypot()
{
if ($this->form['honeypot']) {
token_generate();
// Generate a new session token
$honeypot = array('<input class="hp" type="text" name="' . token_hash('hp_empty') . '" />', '<input class="hpr" type="text" name="' . token_hash('hp_removed') . '" />', '<input type="hidden" name="' . token_hash('hp_token') . '" value="' . session('token') . '" />', '<input type="hidden" name="' . token_hash('hp_timestamp') . '" value="' . time() . '" />');
if (shuffle($honeypot)) {
foreach ($honeypot as $field) {
echo $field;
}
// Output the honeypot fields
}
}
}
/**
* Provide replacement values for placeholder tokens.
*
* This hook is invoked when someone calls token_replace(). That function first
* scans the text for [type:token] patterns, and splits the needed tokens into
* groups by type. Then hook_tokens() is invoked on each token-type group,
* allowing your module to respond by providing replacement text for any of
* the tokens in the group that your module knows how to process.
*
* A module implementing this hook should also implement hook_token_info() in
* order to list its available tokens on editing screens.
*
* @param $type
* The machine-readable name of the type (group) of token being replaced, such
* as 'node', 'user', or another type defined by a hook_token_info()
* implementation.
* @param $tokens
* An array of tokens to be replaced. The keys are the machine-readable token
* names, and the values are the raw [type:token] strings that appeared in the
* original text.
* @param $data
* (optional) An associative array of data objects to be used when generating
* replacement values, as supplied in the $data parameter to token_replace().
* @param $options
* (optional) An associative array of options for token replacement; see
* token_replace() for possible values.
*
* @return
* An associative array of replacement values, keyed by the raw [type:token]
* strings from the original text.
*
* @see hook_token_info()
* @see hook_tokens_alter()
*/
function hook_tokens($type, $tokens, array $data = array(), array $options = array())
{
$url_options = array('absolute' => TRUE);
if (isset($options['language'])) {
$url_options['language'] = $options['language'];
$language_code = $options['language']->language;
} else {
$language_code = NULL;
}
$sanitize = !empty($options['sanitize']);
$replacements = array();
if ($type == 'node' && !empty($data['node'])) {
$node = $data['node'];
foreach ($tokens as $name => $original) {
switch ($name) {
// Simple key values on the node.
case 'nid':
$replacements[$original] = $node->nid;
break;
case 'title':
$replacements[$original] = $sanitize ? check_plain($node->title) : $node->title;
break;
case 'edit-url':
$replacements[$original] = url('node/' . $node->nid . '/edit', $url_options);
break;
// Default values for the chained tokens handled below.
// Default values for the chained tokens handled below.
case 'author':
$name = $node->uid == 0 ? variable_get('anonymous', t('Anonymous')) : $node->name;
$replacements[$original] = $sanitize ? filter_xss($name) : $name;
break;
case 'created':
$replacements[$original] = format_date($node->created, 'medium', '', NULL, $language_code);
break;
}
}
if ($author_tokens = token_find_with_prefix($tokens, 'author')) {
$author = user_load($node->uid);
$replacements += token_generate('user', $author_tokens, array('user' => $author), $options);
}
if ($created_tokens = token_find_with_prefix($tokens, 'created')) {
$replacements += token_generate('date', $created_tokens, array('date' => $node->created), $options);
}
}
return $replacements;
}
/**
* @brief Define the RSS constant, used by the template system, to the module's RSS link
*/
function define_rss_link()
{
global $uid, $course_code, $course_id, $module_id, $modules;
$module_name = $modules[$module_id]['link'];
$link = 'modules/' . $module_name . '/rss.php?c=' . $course_code;
$course_status = course_status($course_id);
if ($course_status == COURSE_INACTIVE) {
return;
} elseif ($course_status != COURSE_OPEN or $_SESSION['courses'][$course_code]) {
$link .= '&uid=' . $uid . '&token=' . token_generate($module_name . $uid . $course_code);
}
define('RSS', $link);
}
if ($q1) {
Database::get()->query('INSERT INTO user_ext_uid
SET user_id = ?d, auth_id = ?d, uid = ?s',
$q1->lastInsertID, $auth, $user_data->identifier);
}
}
$last_id = $q1->lastInsertID;
$userObj->refresh($last_id, $departments);
user_hook($last_id);
//fill custom profile fields
process_profile_fields_data(array('uid' => $last_id, 'origin' => 'student_register'));
if ($vmail) {
$hmac = token_generate($uname . $email . $last_id);
}
$emailsubject = "$langYourReg $siteName";
$telephone = get_config('phone');
$administratorName = get_config('admin_name');
$emailhelpdesk = get_config('email_helpdesk');
$emailbody = "$langDestination $givenname_form $surname_form\n" .
"$langYouAreReg $siteName $langSettings $uname\n" .
"$langPass: $password\n$langAddress $siteName: " .
"$urlServer\n" .
($vmail ? "\n$langMailVerificationSuccess.\n$langMailVerificationClick\n$urlServer" . "modules/auth/mail_verify.php?h=" . $hmac . "&id=" . $last_id . "\n" : "") .
"$langProblem\n$langFormula\n" .
"$administratorName\n" .
"$langManager $siteName \n$langTel $telephone\n" .
"$langEmail: $emailhelpdesk";
private function __construct()
{
$this->token = token_generate();
}
