} } } } if ($continue) { $participant = $_REQUEST; unset($_SESSION['pauthdata']['pw_provided']); unset($_SESSION['pauthdata']['submitted_checked_pw']); unset($_SESSION['captcha_string']); $new_id = participant__create_participant_id($participant); $participant['participant_id'] = $new_id['participant_id']; $participant['participant_id_crypt'] = $new_id['participant_id_crypt']; if ($settings['subject_authentication'] != 'token') { $participant['password_crypted'] = unix_crypt($participant['password']); } $participant['confirmation_token'] = create_random_token(get_entropy($participant)); $participant['creation_time'] = time(); $participant['last_profile_update'] = $participant['creation_time']; $participant['status_id'] = 0; $participant['subpool_id'] = $_SESSION['subpool_id']; if (!isset($participant['language']) || !$participant['language']) { $participant['language'] = $settings['public_standard_language']; } $done = orsee_db_save_array($participant, "participants", $participant['participant_id'], "participant_id"); if ($done) { log__participant("subscribe", $participant['lname'] . ', ' . $participant['fname']); $proceed = false; $done = experimentmail__confirmation_mail($participant); message(lang('successfully_registered')); redirect("public/"); } else {
$sub_arr[] = $old_exptype_name_to_id[trim($sub)]; } } $n['subscriptions'] = id_array_to_db_string($sub_arr); $n['pending_profile_update_request'] = 'n'; $n['last_enrolment'] = 0; $n['last_profile_update'] = $o['creation_time']; $n['last_activity'] = max($n['last_enrolment'], $n['last_profile_update']); $n['status_id'] = $participant_status_mapping[$o['deleted']][$o['excluded']]; if ($o['deleted'] == 'y') { $n['deletion_time'] = time(); } else { $n['deletion_time'] = 0; } if ($replace_tokens == 'y') { $n['participant_id_crypt'] = make_p_token(get_entropy($n)); } foreach ($pform_mapping as $oldf => $newf) { if ($newf && isset($o[$oldf])) { $n[$newf] = $o[$oldf]; } } $n = convert_array_to_UTF8($n); if ($do_insert) { $done = orsee_db_save_array($n, "participants", $n['participant_id'], "participant_id"); } } } if ($import_sessions) { echo "Importing sessions from " . table('sessions') . "\n"; $dquery = "DELETE FROM " . $new_db_name . "." . table('sessions') . "";
function participant__create_participant_id($pdata = array()) { $exists = true; while ($exists) { $participant_id = mt_rand(0, 1000000000); $participant_id_crypt = make_p_token(get_entropy($pdata)); $pars = array(':participant_id' => $participant_id, ':participant_id_crypt' => $participant_id_crypt); $query = "SELECT participant_id FROM " . table('participants') . "\n WHERE participant_id= :participant_id OR participant_id_crypt= :participant_id_crypt"; $line = orsee_query($query, $pars); if (isset($line['participant_id'])) { $exists = true; } else { $exists = false; } } return array('participant_id' => $participant_id, 'participant_id_crypt' => $participant_id_crypt); }
redirect("public/"); } } elseif ($settings['subject_authentication'] == 'migration') { // if we migrate if ($participant_id) { $participant = orsee_db_load_array("participants", $participant_id, "participant_id"); // if pw exists, the send to login page if ($participant['password_crypted']) { if (isset($mobile) && $mobile) { redirect("public/participant_login_mob.php"); } else { redirect("public/participant_login.php"); } } else { // prepare password reset: generate token, save token to db and session $participant['pwreset_token'] = create_random_token(get_entropy($participant)); $pars = array(':token' => $participant['pwreset_token'], ':participant_id' => $participant['participant_id'], ':now' => time()); $query = "UPDATE " . table('participants') . " \n\t\t\t\t\t\t\t\t\tSET pwreset_token = :token,\n\t\t\t\t\t\t\t\t\tpwreset_request_time = :now \n\t\t\t\t\t\t\t\t\tWHERE participant_id= :participant_id"; $done = or_query($query, $pars); $_SESSION['pw_reset_token'] = $participant['pwreset_token']; // send to pw rest page message(lang('please_choose_a_password_for_your_account')); redirect("public/participant_reset_pw.php"); } } else { // and if we only allow username/passsword, send to login page if (isset($mobile) && $mobile) { redirect("public/participant_login_mob.php"); } else { redirect("public/participant_login.php"); }
function cas_authenticate($url, $conn, $ticket = NULL) { // Case 0: No ticket. Go to CAS. if (!$ticket) { header("Location: https://sso.pdx.edu/cas/login?service=" . $url); exit; } // Case 1: Just got back from CAS. Verify. $link = "https://sso.pdx.edu/cas/proxyValidate?ticket=" . $ticket . "&service=" . $url; $cas_username = get_url($link, NULL); // Error if invalid CAS ticket. if (strpos($cas_username, "cas:authenticationFailure") !== false) { exit("Your CAS ticket was not valid"); } // Assign user-specific variables $matches = array(); preg_match("#<cas:UID>(.*?)</cas:UID>#", $cas_username, $matches); $user = $matches[1]; $email = $user . "@pdx.edu"; $username = array(); preg_match("#<cas:DISPLAY_NAME>(.*?)</cas:DISPLAY_NAME>#", $cas_username, $username); $tokens = explode(" ", $username[1]); // Query the database $SQL = "SELECT * FROM or_participants WHERE Email = ?"; $query = $conn->prepare($SQL); $query->bindParam(1, $email, PDO::PARAM_STR); $query->execute(); $row = $query->fetch(); // This user doesn't exist. Add to the database. if (!$row) { // Assign some variables. $now = date('Ymd'); $pending_update = 'y'; $language = "en"; $status_id = 0; $subscriptions = "|1|,|2|"; // students get subscribed to everything $new_id = participant__create_participant_id($tokens); // Prepare the SQL statement $SQL = 'INSERT INTO or_participants ( subpool_id, subscriptions, rules_signed, status_id, pending_profile_update_request, language, email, fname, lname, last_activity, confirmation_token, participant_id, participant_id_crypt ) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)'; // Bind the params $result = $conn->prepare($SQL); $result->bindParam(1, $_SESSION['subpool_id'], PDO::PARAM_INT); $result->bindParam(2, $subscriptions, PDO::PARAM_STR); $result->bindParam(3, $_SESSION['rules'], PDO::PARAM_STR); $result->bindParam(4, $status_id, PDO::PARAM_INT); $result->bindParam(5, $pending_update, PDO::PARAM_STR); $result->bindParam(6, $language, PDO::PARAM_STR); $result->bindParam(7, $email, PDO::PARAM_STR); $result->bindParam(8, $tokens[0], PDO::PARAM_STR); $result->bindParam(9, $tokens[1], PDO::PARAM_STR); $result->bindParam(10, $now, PDO::PARAM_STR); $result->bindParam(11, create_random_token(get_entropy($tokens)), PDO::PARAM_STR); $result->bindParam(12, $new_id['participant_id'], PDO::PARAM_STR); $result->bindParam(13, $new_id['participant_id_crypt'], PDO::PARAM_STR); $outcome = $result->execute(); // DB operation failed somehow if (!$outcome) { exit("An error occurred. Please try again later or contact the system administrator if the issue persists."); } // Get the freshly added row from the database and send the confirmation email. $query->execute(); $row = $query->fetch(); experimentmail__confirmation_mail($row); } // Error if inactive user if ($row['locked'] == 1) { exit("User is inactive. Please contact the system administrator."); } // User exists in our DB, so just use that one. setcookie("cookieUserName", $user, time() + 60 * 60 * 24 * 365); return $row; }