} else { $login_RET = false; } if (!$login_RET) { // $student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('$_REQUEST[USERNAME]') AND UPPER(s.PASSWORD)=UPPER('$_REQUEST[PASSWORD]') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='$DefaultSyear' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)")); $student_RET = DBGet(DBQuery("SELECT s.USERNAME,s.STUDENT_ID,s.LAST_LOGIN,s.FAILED_LOGIN,s.PASSWORD FROM STUDENTS s,STUDENT_ENROLLMENT se WHERE UPPER(s.USERNAME)=UPPER('{$_REQUEST['USERNAME']}') AND se.STUDENT_ID=s.STUDENT_ID AND se.SYEAR='" . Config('SYEAR') . "' AND CURRENT_DATE>=se.START_DATE AND (CURRENT_DATE<=se.END_DATE OR se.END_DATE IS NULL)")); if ($student_RET && match_password($student_RET[1]['PASSWORD'], $_REQUEST['PASSWORD'])) { $_REQUEST['PASSWORD'] = ''; } else { $student_RET = false; } } if (!$login_RET && !$student_RET && $RosarioAdmins) { // $admin_RET = DBGet(DBQuery("SELECT STAFF_ID FROM STAFF WHERE PROFILE='admin' AND SYEAR='$DefaultSyear' AND STAFF_ID IN ($RosarioAdmins) AND UPPER(PASSWORD)=UPPER('$_REQUEST[PASSWORD]')")); $admin_RET = DBGet(DBQuery("SELECT STAFF_ID,PASSWORD FROM STAFF WHERE PROFILE='admin' AND SYEAR='" . Config('SYEAR') . "' AND STAFF_ID IN ({$RosarioAdmins}) AND UPPER(USERNAME)=UPPER('{$_REQUEST['USERNAME']}')")); if ($admin_RET && match_password($admin_RET[1]['PASSWORD'], $_REQUEST['PASSWORD'])) { $_REQUEST['PASSWORD'] = ''; $login_RET = DBGet(DBQuery("SELECT USERNAME,PROFILE,STAFF_ID,LAST_LOGIN,FAILED_LOGIN FROM STAFF WHERE SYEAR='" . Config('SYEAR') . "' AND STAFF_ID='" . $admin_RET[1]['STAFF_ID'] . "'")); } } if ($login_RET && ($login_RET[1]['PROFILE'] == 'admin' || $login_RET[1]['PROFILE'] == 'teacher' || $login_RET[1]['PROFILE'] == 'parent')) { $_SESSION['STAFF_ID'] = $login_RET[1]['STAFF_ID']; $_SESSION['LAST_LOGIN'] = $login_RET[1]['LAST_LOGIN']; $failed_login = $login_RET[1]['FAILED_LOGIN']; DBQuery("UPDATE STAFF SET LAST_LOGIN=CURRENT_TIMESTAMP,FAILED_LOGIN=NULL WHERE STAFF_ID='" . $login_RET[1]['STAFF_ID'] . "'"); if (Config('LOGIN') == 'No') { Warehouse('header'); echo '</HEAD><BODY><FORM action="index.php" method="POST"><INPUT type="hidden" name="USERNAME" value="' . $_REQUEST['USERNAME'] . '"><INPUT type="hidden" name="PASSWORD" value="' . $_REQUEST['PASSWORD'] . '"><BR />'; PopTable('header', _('Confirm Successful Installation')); echo '<span class="center">'; echo '<h4>' . sprintf(_('You have successfully installed %s.'), ParseMLField(Config('TITLE'))) . '</h4><BR />';
$new_password = str_replace("''", "'", $_REQUEST['values']['new']); $verifiy_password = str_replace("''", "'", $_REQUEST['values']['verify']); if (mb_strtolower($new_password) != mb_strtolower($verifiy_password)) { $error = _('Your new passwords did not match.'); } elseif (!MoodlePasswordCheck($new_password)) { $error = _('Please enter a valid password'); } else { //modif Francois: enable password change for students if (User('PROFILE') == 'student') { $password_RET = DBGet(DBQuery("SELECT PASSWORD FROM STUDENTS WHERE STUDENT_ID='" . UserStudentID() . "'")); } else { $password_RET = DBGet(DBQuery("SELECT PASSWORD FROM STAFF WHERE STAFF_ID='" . User('STAFF_ID') . "' AND SYEAR='" . UserSyear() . "'")); } //modif Francois: add password encryption // if(mb_strtolower($password_RET[1]['PASSWORD'])!=mb_strtolower($current_password)) if (!match_password($password_RET[1]['PASSWORD'], $current_password)) { $error = _('Your current password was incorrect.'); } else { // DBQuery("UPDATE STAFF SET PASSWORD='******' WHERE STAFF_ID='".User('STAFF_ID')."' AND SYEAR='".UserSyear()."'"); if (User('PROFILE') == 'student') { DBQuery("UPDATE STUDENTS SET PASSWORD='******' WHERE STUDENT_ID='" . UserStudentID() . "'"); } else { DBQuery("UPDATE STAFF SET PASSWORD='******' WHERE STAFF_ID='" . User('STAFF_ID') . "' AND SYEAR='" . UserSyear() . "'"); } $note = _('Your new password was saved.'); //modif Francois: Moodle integrator $moodleError = Moodle($_REQUEST['modname'], 'core_user_update_users'); } } } else { $current_RET = DBGet(DBQuery("SELECT TITLE,VALUE,PROGRAM FROM PROGRAM_USER_CONFIG WHERE USER_ID='" . User('STAFF_ID') . "' AND PROGRAM IN ('Preferences','StudentFieldsSearch','StudentFieldsView','WidgetsSearch','StaffFieldsSearch','StaffFieldsView','StaffWidgetsSearch')"), array(), array('PROGRAM', 'TITLE'));