/**
  * Create a Shibboleth session for the user ID
  *
  * @param  string $uid - The user ID
  * @return $_user (array) - The user infos array created when the user logs in
  */
 function login($uid)
 {
     /* This must be set for local.inc.php to register correctly the global variables in session
      * This is BAD. Logic should be migrated into a function and stop relying on global variables.
      */
     global $_uid, $is_allowedCreateCourse, $is_platformAdmin, $_real_cid, $is_courseAdmin;
     global $is_courseMember, $is_courseTutor, $is_courseCoach, $is_allowed_in_course, $is_sessionAdmin, $_gid;
     $_uid = $uid;
     //is_allowedCreateCourse
     $user = User::store()->get_by_user_id($uid);
     if (empty($user)) {
         return;
     }
     $this->logout();
     Session::instance();
     Session::write('_uid', $_uid);
     global $_user;
     $_user = (array) $user;
     $_SESSION['_user'] = $_user;
     $_SESSION['_user']['user_id'] = $_uid;
     $_SESSION['noredirection'] = true;
     //must be called before 'init_local.inc.php'
     Event::event_login($_uid);
     //used in 'init_local.inc.php' this is BAD but and should be changed
     $loginFailed = false;
     $uidReset = true;
     $gidReset = true;
     $cidReset = false;
     //FALSE !!
     $mainDbName = Database::get_main_database();
     $includePath = api_get_path(SYS_INC_PATH);
     $no_redirection = true;
     require "{$includePath}/local.inc.php";
     return $_user;
 }
Example #2
0
*	@package chamilo.auth.ldap
*/
/**
 * An external authentification module needs to set
 * - $loginFailed
 * - $uidReset
 * - $_user['user_id']
 * - register the $_user['user_id'] in the session
 *
 * As the LDAP code shows, this is not as difficult as you might think.
 * LDAP authentification module
 * this calls the loginWithLdap function
 * from the LDAP library, and sets a few
 * variables based on the result.
 */
//require_once('../../inc/global.inc.php'); - this script should be loaded by the /index.php script anyway, so global is already loaded
use ChamiloSession as Session;
require_once 'authldap.php';
$loginLdapSucces = ldap_login($login, $password);
if ($loginLdapSucces) {
    $loginFailed = false;
    $uidReset = true;
    $_user['user_id'] = $uData['user_id'];
    Session::write('_uid', $_uid);
    // Jand: copied from event_login in events.lib.php to enable login statistics:
    Event::event_login($uData['user_id']);
} else {
    $loginFailed = true;
    unset($_user['user_id']);
    $uidReset = false;
}
Example #3
0
     }
     $values = api_get_user_info($user_id);
 }
 /* SESSION REGISTERING */
 /* @todo move this in a function */
 $_user['firstName'] = stripslashes($values['firstname']);
 $_user['lastName'] = stripslashes($values['lastname']);
 $_user['mail'] = $values['email'];
 $_user['language'] = $values['language'];
 $_user['user_id'] = $user_id;
 $is_allowedCreateCourse = isset($values['status']) && $values['status'] == 1;
 $usersCanCreateCourse = api_get_setting('course.allow_users_to_create_courses') == 'true';
 Session::write('_user', $_user);
 Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
 // Stats
 Event::event_login($user_id);
 // last user login date is now
 $user_last_login_datetime = 0;
 // used as a unix timestamp it will correspond to : 1 1 1970
 Session::write('user_last_login_datetime', $user_last_login_datetime);
 $recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
 $text_after_registration = '<p>' . get_lang('Dear', null, $_user['language']) . ' ' . stripslashes(Security::remove_XSS($recipient_name)) . ',<br /><br />' . get_lang('PersonalSettings', null, $_user['language']) . ".</p>";
 $form_data = array('button' => Display::button('next', get_lang('Next', null, $_user['language']), array('class' => 'btn btn-primary btn-large')), 'message' => null, 'action' => api_get_path(WEB_PATH) . 'user_portal.php');
 if (api_get_setting('registration.allow_terms_conditions') == 'true' && $user_already_registered_show_terms) {
     $form_data['action'] = api_get_path(WEB_PATH) . 'user_portal.php';
 } else {
     if (!empty($values['email'])) {
         $text_after_registration .= '<p>' . get_lang('MailHasBeenSent', null, $_user['language']) . '.</p>';
     }
     if ($is_allowedCreateCourse) {
         if ($usersCanCreateCourse) {
Example #4
0
 *          - index.php?loginFailed=1&error=user_password_incorrect
 *          - index.php?loginFailed=1&error=unrecognize_sso_origin');
 * */
use ChamiloSession as Session;
require_once dirname(__FILE__) . '/ldap.inc.php';
require_once dirname(__FILE__) . '/functions.inc.php';
$ldap_user = extldap_authenticate($login, $password);
if ($ldap_user !== false) {
    $chamilo_user = extldap_get_chamilo_user($ldap_user);
    //username is not on the ldap, we have to use $login variable
    $chamilo_user['username'] = $login;
    $chamilo_uid = external_add_user($chamilo_user);
    if ($chamilo_uid !== false) {
        $loginFailed = false;
        $_user['user_id'] = $chamilo_uid;
        $_user['status'] = isset($chamilo_user['status']) ? $chamilo_user['status'] : 5;
        $_user['uidReset'] = true;
        Session::write('_user', $_user);
        $uidReset = true;
        // Is user admin?
        if ($chamilo_user['admin'] === true) {
            $is_platformAdmin = true;
            Database::query("INSERT INTO admin values ('{$chamilo_uid}')");
        }
        Event::event_login($chamilo_uid);
    }
} else {
    $loginFailed = true;
    $uidReset = false;
    unset($_user['user_id']);
}
Example #5
0
// include common authentication functions
require_once dirname(__FILE__) . '/functions.inc.php';
// call the login checker (defined below)
$isValid = loginWSAuthenticate($login, $password, $wsUrl);
// if the authentication was successful, proceed
if ($isValid === 1) {
    //error_log('WS authentication worked');
    $chamiloUser = UserManager::get_user_info($login);
    $loginFailed = false;
    $_user['user_id'] = $chamiloUser['user_id'];
    $_user['status'] = isset($chamiloUser['status']) ? $chamiloUser['status'] : 5;
    $_user['uidReset'] = true;
    Session::write('_user', $_user);
    $uidReset = true;
    $logging_in = true;
    Event::event_login($_user['user_id']);
} else {
    //error_log('WS authentication error - user not approved by external WS');
    $loginFailed = true;
    $uidReset = false;
    if (isset($_user) && isset($_user['user_id'])) {
        unset($_user['user_id']);
    }
}
/**
 * Checks whether a user has the right to enter on the platform or not
 * @param string The username, as provided in form
 * @param string The cleartext password, as provided in form
 * @param string The WS URL, as provided at the beginning of this script
 */
function loginWSAuthenticate($username, $password, $wsUrl)
Example #6
0
 /**
  * Validates the received active connection data with the database
  * @return	bool	Return the loginFailed variable value to local.inc.php
  */
 public function check_user()
 {
     global $_user;
     $loginFailed = false;
     //change the way we recover the cookie depending on how it is formed
     $sso = $this->decode_cookie($_GET['sso_cookie']);
     //get token that should have been used and delete it
     //from session since it can only be used once
     $sso_challenge = '';
     if (isset($_SESSION['sso_challenge'])) {
         $sso_challenge = $_SESSION['sso_challenge'];
         unset($_SESSION['sso_challenge']);
     }
     //lookup the user in the main database
     $user_table = Database::get_main_table(TABLE_MAIN_USER);
     $sql = "SELECT id, username, password, auth_source, active, expiration_date, status\n                FROM {$user_table}\n                WHERE username = '******'username'])) . "'";
     $result = Database::query($sql);
     if (Database::num_rows($result) > 0) {
         $uData = Database::fetch_array($result);
         //Check the user's password
         if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
             if ($sso['secret'] === sha1($uData['username'] . $sso_challenge . api_get_security_key()) && $sso['username'] == $uData['username']) {
                 //Check if the account is active (not locked)
                 if ($uData['active'] == '1') {
                     // check if the expiration date has not been reached
                     if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
                         //If Multiple URL is enabled
                         if (api_get_multiple_access_url()) {
                             //Check the access_url configuration setting if the user is registered in the access_url_rel_user table
                             //Getting the current access_url_id of the platform
                             $current_access_url_id = api_get_current_access_url_id();
                             // my user is subscribed in these
                             //sites: $my_url_list
                             $my_url_list = api_get_access_url_from_user($uData['id']);
                         } else {
                             $current_access_url_id = 1;
                             $my_url_list = array(1);
                         }
                         $my_user_is_admin = UserManager::is_admin($uData['id']);
                         if ($my_user_is_admin === false) {
                             if (is_array($my_url_list) && count($my_url_list) > 0) {
                                 if (in_array($current_access_url_id, $my_url_list)) {
                                     // the user has permission to enter at this site
                                     $_user['user_id'] = $uData['id'];
                                     $_user = api_get_user_info($_user['user_id']);
                                     $_user['uidReset'] = true;
                                     Session::write('_user', $_user);
                                     Event::event_login($_user['user_id']);
                                     // Redirect to homepage
                                     $sso_target = '';
                                     if (!empty($sso['ruri'])) {
                                         //The referrer URI is *only* used if
                                         // the user credentials are OK, which
                                         // should be protection enough
                                         // against evil URL spoofing...
                                         $sso_target = api_get_path(WEB_PATH) . base64_decode($sso['ruri']);
                                     } else {
                                         $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . 'index.php';
                                     }
                                     header('Location: ' . $sso_target);
                                     exit;
                                 } else {
                                     // user does not have permission for this site
                                     $loginFailed = true;
                                     Session::erase('_uid');
                                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                     exit;
                                 }
                             } else {
                                 // there is no URL in the multiple
                                 // urls list for this user
                                 $loginFailed = true;
                                 Session::erase('_uid');
                                 header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                 exit;
                             }
                         } else {
                             //Only admins of the "main" (first) Chamilo
                             // portal can login wherever they want
                             if (in_array(1, $my_url_list)) {
                                 //Check if this admin is admin on the
                                 // principal portal
                                 $_user['user_id'] = $uData['id'];
                                 $_user = api_get_user_info($_user['user_id']);
                                 $is_platformAdmin = $uData['status'] == COURSEMANAGER;
                                 Session::write('is_platformAdmin', $is_platformAdmin);
                                 Session::write('_user', $_user);
                                 Event::event_login($_user['user_id']);
                             } else {
                                 //Secondary URL admin wants to login
                                 // so we check as a normal user
                                 if (in_array($current_access_url_id, $my_url_list)) {
                                     $_user['user_id'] = $uData['user_id'];
                                     $_user = api_get_user_info($_user['user_id']);
                                     Session::write('_user', $_user);
                                     Event::event_login($_user['user_id']);
                                 } else {
                                     $loginFailed = true;
                                     Session::erase('_uid');
                                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                     exit;
                                 }
                             }
                         }
                     } else {
                         // user account expired
                         $loginFailed = true;
                         Session::erase('_uid');
                         header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
                         exit;
                     }
                 } else {
                     //User not active
                     $loginFailed = true;
                     Session::erase('_uid');
                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
                     exit;
                 }
             } else {
                 //SHA1 of password is wrong
                 $loginFailed = true;
                 Session::erase('_uid');
                 header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
                 exit;
             }
         } else {
             //Auth_source is wrong
             $loginFailed = true;
             Session::erase('_uid');
             header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
             exit;
         }
     } else {
         //No user by that login
         $loginFailed = true;
         Session::erase('_uid');
         header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
         exit;
     }
     return $loginFailed;
 }