public static function not_found()
 {
     Header::response_code(404);
     exit;
 }
Example #2
0
/**
 * Displays message "You are not allowed here..." and exits the entire script.
 * @param bool  $print_headers    Whether or not to print headers (default = false -> does not print them)
 *
 * @author Roan Embrechts
 * @author Yannick Warnier
 * @author Patrick Cool <*****@*****.**>, Ghent University
 *
 * @version 1.0, February 2004
 * @version dokeos 1.8, August 2006
 */
function api_not_allowed($print_headers = false, $message = null)
{
    if (api_get_setting('sso_authentication') === 'true') {
        global $osso;
        if ($osso) {
            $osso->logout();
        }
    }
    Header::response_code(403);
    $home_url = api_get_path(WEB_PATH);
    $user_id = api_get_user_id();
    $course = api_get_course_id();
    global $this_section;
    if (empty($user_id)) {
        // Why the CustomPages::enabled() need to be to set the request_uri
        $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
    }
    if (CustomPages::enabled() && !isset($user_id)) {
        CustomPages::display(CustomPages::INDEX_UNLOGGED);
    }
    $origin = isset($_GET['origin']) ? $_GET['origin'] : '';
    $msg = null;
    if (isset($message)) {
        $msg = $message;
    } else {
        $msg = Display::return_message(get_lang('NotAllowedClickBack') . '<br/><br/><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a>', 'error', false);
    }
    $msg = Display::div($msg, array('align' => 'center'));
    $show_headers = 0;
    if ($print_headers && $origin != 'learnpath') {
        $show_headers = 1;
    }
    $tpl = new Template(null, $show_headers, $show_headers);
    $tpl->assign('hide_login_link', 1);
    $tpl->assign('content', $msg);
    if ($user_id != 0 && !api_is_anonymous() && (!isset($course) || $course == -1) && empty($_GET['cidReq'])) {
        // if the access is not authorized and there is some login information
        // but the cidReq is not found, assume we are missing course data and send the user
        // to the user_portal
        $tpl->display_one_col_template();
        exit;
    }
    if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE || $this_section == SECTION_PLATFORM_ADMIN)) {
        //only display form and return to the previous URL if there was a course ID included
        if ($user_id != 0 && !api_is_anonymous()) {
            //if there is a user ID, then the user is not allowed but the session is still there. Say so and exit
            $tpl->assign('content', $msg);
            $tpl->display_one_col_template();
            exit;
        }
        if (!is_null(api_get_course_id())) {
            api_set_firstpage_parameter(api_get_course_id());
        }
        // If the user has no user ID, then his session has expired
        $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']);
        $action = str_replace('&amp;', '&', $action);
        $form = new FormValidator('formLogin', 'post', $action, null, array('class' => 'form-stacked'));
        $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'span3 autocapitalize_off'));
        //new
        $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'span3'));
        //new
        $form->addElement('style_submit_button', 'submitAuth', get_lang('LoginEnter'), array('class' => 'btn span3'));
        // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (above)
        $content = Display::return_message(get_lang('NotAllowed'), 'error', false);
        $content .= '<h4>' . get_lang('LoginToGoToThisCourse') . '</h4>';
        if (api_is_cas_activated()) {
            $content .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
            $content .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_id()) . "'>" . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center'));
            $content .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
            $content .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>";
            $content .= "<div style='display:none;'>";
        }
        $content .= '<div class="well_login">';
        $content .= $form->return_form();
        $content .= '</div>';
        if (api_is_cas_activated()) {
            $content .= "</div>";
        }
        $content .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a></p>';
        $tpl->setLoginBodyClass();
        $tpl->assign('content', $content);
        $tpl->display_one_col_template();
        exit;
    }
    if ($user_id != 0 && !api_is_anonymous()) {
        $tpl->display_one_col_template();
        exit;
    }
    $msg = null;
    // The session is over and we were not in a course,
    // or we try to get directly to a private course without being logged
    if (!is_null(api_get_course_int_id())) {
        api_set_firstpage_parameter(api_get_course_id());
        $tpl->setLoginBodyClass();
        $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']);
        $action = str_replace('&amp;', '&', $action);
        $form = new FormValidator('formLogin', 'post', $action, null, array('class' => 'form-stacked'));
        $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'span3 autocapitalize_off'));
        //new
        $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'span3'));
        //new
        $form->addElement('style_submit_button', 'submitAuth', get_lang('LoginEnter'), array('class' => 'btn span3'));
        // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (bellow)
        $msg = Display::return_message(get_lang('NotAllowed'), 'error', false);
        $msg .= '<h4>' . get_lang('LoginToGoToThisCourse') . '</h4>';
        if (api_is_cas_activated()) {
            $msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
            $msg .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_int_id()) . "'>" . getCASLogoHTML() . " " . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center'));
            $msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
            $msg .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>";
            $msg .= "<div style='display:none;'>";
        }
        $msg .= '<div class="well_login">';
        $msg .= $form->return_form();
        $msg .= '</div>';
        if (api_is_cas_activated()) {
            $msg .= "</div>";
        }
        $msg .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a></p>';
    } else {
        // we were not in a course, return to home page
        $msg = Display::return_message(get_lang('NotAllowed') . '<br/><br/><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a><br />', 'error', false);
    }
    $tpl->assign('content', $msg);
    $tpl->display_one_col_template();
    exit;
}