function parameter_controlFN($neededObjAr = array(), $allowedUsersAr = array()) { $invalid_session = FALSE; $invalid_user = FALSE; $invalid_node = FALSE; $invalid_course = FALSE; $invalid_course_instance = FALSE; $invalid_user_level = FALSE; $guest_user_not_allowed = FALSE; /* * ADA common data handler */ $common_dh = isset($GLOBALS['common_dh']) ? $GLOBALS['common_dh'] : null; if (!$common_dh instanceof AMA_Common_DataHandler) { $common_dh = AMA_Common_DataHandler::instance(); $GLOBALS['common_dh'] = $common_dh; } /* * User object: always load a user */ $sess_id_user = isset($_SESSION['sess_id_user']) ? (int) $_SESSION['sess_id_user'] : 0; $sess_userObj = read_user($sess_id_user); if (ADA_Error::isError($sess_userObj)) { $sess_userObj->handleError(); } $_SESSION['sess_id_user'] = $sess_id_user; if ($sess_userObj instanceof ADAGenericUser) { $_SESSION['sess_userObj'] = $sess_userObj; /* * Check if this user is allowed to access the current module */ if (!in_array($sess_userObj->getType(), $allowedUsersAr)) { header('Location: ' . $sess_userObj->getHomePage()); exit; } } else { unset($_SESSION['sess_userObj']); $invalid_user = TRUE; } $id_profile = $sess_userObj->getType(); /* * Get needed object for this user from $neededObjAr */ if (is_array($neededObjAr) && isset($neededObjAr[$id_profile]) && is_array($neededObjAr[$id_profile])) { $thisUserNeededObjAr = $neededObjAr[$id_profile]; } else { $thisUserNeededObjAr = array(); } /* * * 'default_tester' AL MOMENTO VIENE RICHIESTO SOLO DA USER.php * QUI ABBIAMO NECESSITA' DI CANCELLARE LA VARIABILE DI SESSIONE * sess_id_course. * Gia' che ci siamo facciamo unset anche di sess_id_node * e di sess_id_course_instance * * Tester selection: * * se ho richiesto la connessione al database del tester di default, * controllo che il tipo di utente sia ADAUser (al momento e' l'unico ad * avere questa necessita'). * * se non ho richiesto la connessione al tester di default, allora verifico * se l'utente e' di tipo ADAUser, e ottengo la connessione al database * tester appropriato. */ if (in_array('default_tester', $thisUserNeededObjAr) && $id_profile == AMA_TYPE_STUDENT) { $_SESSION['sess_selected_tester'] = NULL; unset($_SESSION['sess_id_course']); unset($_SESSION['sess_id_course_instance']); unset($_SESSION['sess_id_node']); } else { if ($id_profile == AMA_TYPE_STUDENT) { if (isset($_REQUEST['id_course'])) { $id_course = DataValidator::is_uinteger($_REQUEST['id_course']); } else { $id_course = false; } if (isset($_SESSION['sess_id_course'])) { $sess_id_course = DataValidator::is_uinteger($_SESSION['sess_id_course']); } else { $sess_id_course = false; } if (isset($_REQUEST['id_node'])) { $req_id_node = DataValidator::validate_node_id($_REQUEST['id_node']); } else { $req_id_node = false; } if ($id_course === FALSE && $sess_id_course === FALSE && $req_id_node !== FALSE) { $id_course = substr($req_id_node, 0, strpos($req_id_node, '_')); } if ($id_course !== FALSE && $id_course !== $sess_id_course) { $tester_infoAr = $common_dh->get_tester_info_from_id_course($id_course); if (AMA_Common_DataHandler::isError($tester_infoAr)) { $selected_tester = NULL; } else { $selected_tester = $tester_infoAr['puntatore']; } $_SESSION['sess_selected_tester'] = $selected_tester; } } } /* * ADA tester data handler * Data validation on $sess_selected_tester is performed by MultiPort::getDSN() */ /** * giorgio 12/ago/2013 * set selected tester if it's not a multiprovider environment */ if (!MULTIPROVIDER && isset($GLOBALS['user_provider'])) { $sess_selected_tester = $GLOBALS['user_provider']; } else { $sess_selected_tester = isset($_SESSION['sess_selected_tester']) ? $_SESSION['sess_selected_tester'] : null; } //$dh = AMA_DataHandler::instance(MultiPort::getDSN($sess_selected_tester)); $sess_selected_tester_dsn = MultiPort::getDSN($sess_selected_tester); $_SESSION['sess_selected_tester_dsn'] = $sess_selected_tester_dsn; $dh = new AMA_DataHandler($sess_selected_tester_dsn); $GLOBALS['dh'] = $dh; if (empty($GLOBALS['sess_id'])) { $invalid_session = TRUE; } /* * Node object */ // TODO: portare in sessione $nodeObj? if (in_array('node', $thisUserNeededObjAr)) { $id_node = isset($_REQUEST['id_node']) ? DataValidator::validate_node_id($_REQUEST['id_node']) : false; $sess_id_node = isset($_SESSION['sess_id_node']) ? DataValidator::validate_node_id($_SESSION['sess_id_node']) : false; if ($id_node !== FALSE) { $dataHa = $dh->get_node_info($id_node); if (AMA_DataHandler::isError($dataHa) || !is_array($dataHa)) { $invalid_node = TRUE; } else { $_SESSION['sess_id_node'] = $id_node; } } elseif ($sess_id_node !== FALSE) { $dataHa = $dh->get_node_info($sess_id_node); if (AMA_DataHandler::isError($dataHa) || !is_array($dataHa)) { $invalid_node = TRUE; } else { $_SESSION['sess_id_node'] = $sess_id_node; } } else { $invalid_node = TRUE; } /** * @author giorgio 18/mag/2015 * * Could be that a non-student has request a node from * the default tester in a multiprovider environment * Check this before giving up an marking the node as invalid */ if (MULTIPROVIDER && $id_profile != AMA_TYPE_STUDENT && $invalid_node === true && $id_node !== false) { $invalid_node = checkAndSetPublicTester('node', $id_node); } } /* * Course object */ if (in_array('course', $thisUserNeededObjAr)) { $id_course = isset($_REQUEST['id_course']) ? DataValidator::is_uinteger($_REQUEST['id_course']) : false; $sess_id_course = isset($_SESSION['sess_id_course']) ? DataValidator::is_uinteger($_SESSION['sess_id_course']) : false; /* extracting the course id from node id, if given */ if (isset($_SESSION['sess_id_node']) && !$invalid_node && $id_course === false) { // if ($nodeObj instanceof Node){ $courseIdFromNodeId = substr($_SESSION['sess_id_node'], 0, strpos($_SESSION['sess_id_node'], '_')); $sess_courseObj = read_course($courseIdFromNodeId); if (ADA_Error::isError($sess_courseObj)) { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } else { if ($sess_userObj instanceof ADAGuest && !$sess_courseObj->getIsPublic()) { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } else { $_SESSION['sess_courseObj'] = $sess_courseObj; $_SESSION['sess_id_course'] = $courseIdFromNodeId; } } } elseif ($id_course !== FALSE) { $sess_courseObj = read_course($id_course); if (ADA_Error::isError($sess_courseObj)) { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } else { if ($sess_userObj instanceof ADAGuest && !$sess_courseObj->getIsPublic()) { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } else { $_SESSION['sess_courseObj'] = $sess_courseObj; $_SESSION['sess_id_course'] = $id_course; } } } elseif ($sess_id_course !== FALSE) { $sess_courseObj = read_course($sess_id_course); if (ADA_Error::isError($sess_courseObj)) { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } else { if ($sess_userObj instanceof ADAGuest && !$sess_courseObj->getIsPublic()) { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } else { $_SESSION['sess_courseObj'] = $sess_courseObj; $_SESSION['sess_id_course'] = $sess_courseObj->getId(); } } } else { unset($_SESSION['sess_courseObj']); $invalid_course = TRUE; } /** * @author giorgio 18/mag/2015 * * Could be that a non-student has request a course from * the default tester in a multiprovider environment * Check this before giving up an marking the course as invalid */ if (MULTIPROVIDER && $id_profile != AMA_TYPE_STUDENT && $invalid_course === true && ($id_course !== false || $sess_id_course !== false)) { $invalid_course = checkAndSetPublicTester('course', $id_course !== false ? $id_course : $sess_id_course); if ($invalid_course === false) { $invalid_node = false; $sess_courseObj = $_SESSION['sess_courseObj']; // SESSION set by checkAndSetPublicTester } } } else { unset($_SESSION['sess_courseObj']); } /** * If in a valid NON PUBLIC course and user is student or tutor * and * $_SESSION['sess_id_course'] (that is the course_id the user is going into) * IS NOT EQUAL TO * $sess_id_course (that is the course_id the user is coming form) * * The user has clicked a cross course link, and is handled by unsetting the * $_SESSION['sess_id_course_instance'] and looking for a course instance * to which the user is subscribed. * */ if ($invalid_course === FALSE && $invalid_node === FALSE && isset($sess_courseObj) && !$sess_courseObj->getIsPublic() && in_array($sess_userObj->getType(), array(AMA_TYPE_STUDENT, AMA_TYPE_TUTOR)) && is_numeric($sess_id_course) && intval($_SESSION['sess_id_course']) !== intval($sess_id_course)) { /** * unset sess_id_course_instance */ unset($_SESSION['sess_id_course_instance']); /** * Try to find an instance of target course where used is subscribed */ $getAll = true; /** * Need to get instance the user is allowed to browse, based on user type */ switch ($sess_userObj->getType()) { case AMA_TYPE_STUDENT: $instances = $dh->get_course_instance_for_this_student_and_course_model($sess_userObj->getId(), $_SESSION['sess_id_course'], $getAll); break; case AMA_TYPE_TUTOR: $instances = $dh->get_course_instance_for_this_student_and_course_model($sess_userObj->getId(), $_SESSION['sess_id_course'], $getAll); if (AMA_DB::isError($instances) || !is_array($instances) || count($instances) <= 0) { $instances = array(); } $tutorInstances = $dh->get_tutors_assigned_course_instance($sess_userObj->getId(), $_SESSION['sess_id_course'], $sess_userObj->isSuper()); if (!AMA_DB::isError($tutorInstances) && is_array($tutorInstances) && count($tutorInstances) > 0) { /** * the returned array is array[id_tutor]=>array[key]=>array['id_istanza_corso'] * and needs to be converted to reflect the structre returned in student case */ foreach ($tutorInstances[$sess_userObj->getId()] as $tutorInstance) { $instances[]['id_istanza_corso'] = $tutorInstance['id_istanza_corso']; } } break; } if (!AMA_DB::isError($instances) && count($instances) > 0) { if (count($instances) == 1) { /** * User is subscribed to one instance only, good! * Set the $target_course_instance var and proceed */ $target_course_instance = $instances[0]['id_istanza_corso']; } else { if (count($instances) > 1 && !isset($_REQUEST['id_course_instance'])) { /** * If there's more than one instance, must build an array of * found instances to ask the user to select one. * * This array is returned in the 'course' key of the returned * array and so $invalid_course must be populated accordingly. * * The node that was requested is returned in the 'node' key of * the returned array and so $invalid_node must be populated. */ foreach ($instances as $instance) { $invalid_course[] = $instance['id_istanza_corso']; $invalid_node = $_SESSION['sess_id_node']; } } else { if (isset($_REQUEST['id_course_instance'])) { $target_course_instance = $_REQUEST['id_course_instance']; } } } } else { /** * Mark the course as invalid, and unset session var */ $invalid_course = TRUE; unset($_SESSION['sess_id_course']); } } /* * Course_instance object */ if (in_array('course_instance', $thisUserNeededObjAr)) { /* * Se ci troviamo nel tester pubblico, allora non dobbiamo leggere un'istanza corso * dato che non ce ne sono. */ if (!$invalid_course && !$sess_courseObj->getIsPublic()) { if (isset($target_course_instance)) { $id_course_instance = DataValidator::is_uinteger($target_course_instance); } else { if (isset($_REQUEST['id_course_instance'])) { $id_course_instance = DataValidator::is_uinteger($_REQUEST['id_course_instance']); // FIXME: qui ci va $_REQUEST['id_course_instance'] } else { $id_course_instance = false; } } $sess_id_course_instance = isset($_SESSION['sess_id_course_instance']) ? DataValidator::is_uinteger($_SESSION['sess_id_course_instance']) : false; if ($id_course_instance !== FALSE) { $course_instanceObj = read_course_instance_from_DB($id_course_instance); if (ADA_Error::isError($course_instanceObj)) { $invalid_course_instance = TRUE; } else { $UserType = $sess_userObj->getType(); switch ($sess_userObj->getType()) { case AMA_TYPE_STUDENT: $studentLevel = $dh->_get_student_level($sess_id_user, $id_course_instance); if (AMA_DataHandler::isError($studentLevel)) { $invalid_course_instance = TRUE; } break; case AMA_TYPE_TUTOR: if (!$sess_userObj->isSuper() && $course_instanceObj->getServiceLevel() != ADA_SERVICE_TUTORCOMMUNITY) { $tutorsInstance = $dh->course_instance_tutor_get($id_course_instance, $number = 2); if (AMA_DataHandler::isError($tutorsInstance)) { $invalid_course_instance = TRUE; } elseif (!in_array($sess_id_user, $tutorsInstance)) { $invalid_course_instance = TRUE; } } break; default: // $invalid_course_instance = TRUE; break; } if (!$invalid_course_instance) { $_SESSION['sess_id_course_instance'] = $id_course_instance; $sess_id_course_instance = $_SESSION['sess_id_course_instance']; } } } elseif ($sess_id_course_instance !== FALSE) { $instanceIdRequired = array(); if (isset($_SESSION['sess_id_node']) && !$invalid_node) { // if ($nodeObj instanceof Node) { // required a node $instanceIdRequired[] = isset($dataHa['instance']) ? $dataHa['instance'] : null; if ($instanceIdRequired[0] == 0) { // the node is NOT a note $field_list_ar = array(); if (isset($_SESSION['sess_id_course']) && !$invalid_course) { $courseIdRequired = $_SESSION['sess_id_course']; $InstanceIdList = $dh->course_instance_get_list($field_list_ar, $courseIdRequired); if (AMA_DataHandler::isError($InstanceIdList) || count($InstanceIdList) == 0) { $invalid_course_instance = TRUE; } } else { $invalid_course_instance = TRUE; } $instanceIdRequired = array(); foreach ($InstanceIdList as $InstanceId) { array_push($instanceIdRequired, $InstanceId[0]); } } // end if NOTE } elseif ($sess_courseObj instanceof Course) { $courseIdRequired = $sess_courseObj->id; $InstanceIdList = $dh->course_instance_get_list(array(), $courseIdRequired); if (AMA_DataHandler::isError($InstanceIdList) || count($InstanceIdList) == 0) { $invalid_course_instance = TRUE; } $instanceIdRequired = array(); foreach ($InstanceIdList as $InstanceId) { array_push($instanceIdRequired, $InstanceId[0]); } } // var_dump($instanceIdRequired,$sess_id_course_instance); $UserType = $sess_userObj->getType(); switch ($UserType) { case AMA_TYPE_STUDENT: case AMA_TYPE_TUTOR: if (!in_array($sess_id_course_instance, $instanceIdRequired)) { $invalid_course_instance = TRUE; } break; case AMA_TYPE_SWITCHER: case AMA_TYPE_AUTHOR: default: break; } //end switch UserType $course_instanceObj = read_course_instance_from_DB($sess_id_course_instance); if (ADA_Error::isError($course_instanceObj)) { $course_instanceObj->handleError(); } $_SESSION['sess_id_course_instance'] = $sess_id_course_instance; } else { $invalid_course_instance = TRUE; } } //end isUserBrowsingThePublicTester } // end if in_array /* * Check if current user is a ADAGuest user and that he/she has requested * a public course instance. */ // // if(in_array('user', $neededObjAr[$user_type]) && in_array('course_instance', $neededObjAr[$user_type])) { // if(!$invalid_user && $sess_userObj instanceof ADAGuest) { // if ($invalid_course_instance || $course_instanceObj->status != ADA_COURSEINSTANCE_STATUS_PUBLIC) { // $guest_user_not_allowed = TRUE; // } // } // } // TODO: controllo livello utente /* * controllare che sia settato $sess_user_level e che il valore sia tra 0 e * ADA_MAX_USER_LEVEL */ $parm_errorHa = array('session' => $invalid_session, 'user' => $invalid_user, 'user_level' => $invalid_user_level, 'course' => $invalid_course, 'course_instance' => $invalid_course_instance, 'node' => $invalid_node, 'guest_user_not_allowed' => $guest_user_not_allowed); return $parm_errorHa; }