public static function redirect() { global $param; $param = isset($param) ? $param : ''; $redirect_url = ''; /* //If session request url is setted, we go there if (!empty($_SESSION['request_uri'])) { $req = $_SESSION['request_uri']; unset($_SESSION['request_uri']); header('location: '.$req); exit(); } */ if (api_is_student() && !api_get_setting('student_page_after_login') == '') { $redirect_url = html_entity_decode(api_get_setting('student_page_after_login')); if ($redirect_url[0] == "/") { $redirect_url = substr(api_get_path(WEB_PATH), 0, -1) . $redirect_url; } } if (api_is_teacher() && !api_get_setting('teacher_page_after_login') == '') { $redirect_url = html_entity_decode(api_get_setting('teacher_page_after_login')); if ($redirect_url[0] == "/") { $redirect_url = substr(api_get_path(WEB_PATH), 0, -1) . $redirect_url; } } if (api_is_drh() && !api_get_setting('drh_page_after_login') == '') { $redirect_url = html_entity_decode(api_get_setting('drh_page_after_login')); if ($redirect_url[0] == "/") { $redirect_url = substr(api_get_path(WEB_PATH), 0, -1) . $redirect_url; } } if (api_is_session_admin() && !api_get_setting('sessionadmin_page_after_login') == '') { $redirect_url = html_entity_decode(api_get_setting('sessionadmin_page_after_login')); if ($redirect_url[0] == "/") { $redirect_url = substr(api_get_path(WEB_PATH), 0, -1) . $redirect_url; } } if (!empty($redirect_url)) { header('Location: ' . $redirect_url . $param); exit; } // Custom pages if (CustomPages::enabled()) { CustomPages::display(CustomPages::INDEX_LOGGED); } header('location: ' . api_get_path(WEB_PATH) . api_get_setting('page_after_login') . $param); exit; }
* interface) a possible attempted break in, sending auth data through get. * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it. */ if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) { $i = api_get_anonymous_id(); Event::addEvent(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'] . (empty($_POST['login']) ? '' : '/' . $_POST['login']), null, $i); echo 'Attempted breakin - sysadmins notified.'; session_destroy(); die; } // Delete session neccesary for legal terms if (api_get_setting('allow_terms_conditions') == 'true') { Session::erase('term_and_condition'); } //If we are not logged in and customapages activated if (!api_get_user_id() && CustomPages::enabled()) { if (Request::get('loggedout')) { CustomPages::display(CustomPages::LOGGED_OUT); } else { CustomPages::display(CustomPages::INDEX_UNLOGGED); } } /** * @todo This piece of code should probably move to local.inc.php where the actual login procedure is handled. * @todo Check if this code is used. I think this code is never executed because after clicking the submit button * the code does the stuff in local.inc.php and then redirects to index.php or user_portal.php depending * on api_get_setting('page_after_login'). */ if (!empty($_POST['submitAuth'])) { // The user has been already authenticated, we are now to find the last login of the user. if (isset($_user['user_id'])) {
} else { $form_register->addElement('html', $form_data['go_button']); } $text_after_registration .= $form_register->returnForm(); // Just in case Session::erase('course_redirect'); Session::erase('exercise_redirect'); if (CustomPages::enabled()) { CustomPages::display(CustomPages::REGISTRATION_FEEDBACK, array('info' => $text_after_registration)); } else { //$tpl = new Template($tool_name); echo Container::getTemplating()->render('@template_style/auth/inscription.html.twig', ['inscription_content' => $content, 'text_after_registration' => $text_after_registration, 'hide_header' => $hideHeaders]); } } else { // Custom pages if (CustomPages::enabled()) { CustomPages::display(CustomPages::REGISTRATION, array('form' => $form)); } else { if (!api_is_anonymous()) { // Saving user to course if it was set. if (!empty($course_code_redirect)) { $course_info = api_get_course_info($course_code_redirect); if (!empty($course_info)) { if (in_array($course_info['visibility'], array(COURSE_VISIBILITY_OPEN_PLATFORM, COURSE_VISIBILITY_OPEN_WORLD))) { CourseManager::subscribe_user($user_id, $course_info['code']); } } } CourseManager::redirectToCourse([]); } //$tpl = new Template($tool_name);
/** * Handle encrypted password, send an email to a user with his password * * @param int user id * @param bool $by_username * * @author Olivier Cauberghe <*****@*****.**>, Ghent University */ public static function handle_encrypted_password($user, $by_username = false) { $email_subject = "[" . api_get_setting('siteName') . "] " . get_lang('LoginRequest'); // SUBJECT if ($by_username) { // Show only for lost password $user_account_list = self::get_user_account_list($user, true, $by_username); // BODY $email_to = $user['email']; } else { $user_account_list = self::get_user_account_list($user, true); // BODY $email_to = $user[0]['email']; } $email_body = get_lang('DearUser') . " :\n" . get_lang('password_request') . "\n"; $email_body .= $user_account_list . "\n-----------------------------------------------\n\n"; $email_body .= get_lang('PasswordEncryptedForSecurity'); $email_body .= "\n\n" . get_lang('SignatureFormula') . ",\n" . api_get_setting('administratorName') . " " . api_get_setting('administratorSurname') . "\n" . get_lang('PlataformAdmin') . " - " . api_get_setting('siteName'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); $email_admin = api_get_setting('emailAdministrator'); if (@api_mail_html('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) { if (CustomPages::enabled()) { return get_lang('YourPasswordHasBeenEmailed'); } else { Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed')); } } else { $admin_email = Display::encrypted_mailto_link(api_get_setting('emailAdministrator'), api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))); $message = sprintf(get_lang('ThisPlatformWasUnableToSendTheEmailPleaseContactXForMoreInformation'), $admin_email); if (CustomPages::enabled()) { return $message; } else { Display::display_error_message($message, false); } } }
/** * Displays message "You are not allowed here..." and exits the entire script. * @param bool $print_headers Whether or not to print headers (default = false -> does not print them) * @param string $message */ function api_not_allowed($print_headers = false, $message = null) { $message = get_lang('NotAllowed'); throw new Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException($message); if (api_get_setting('sso_authentication') === 'true') { global $osso; if ($osso) { $osso->logout(); } } $home_url = api_get_path(WEB_PATH); $user_id = api_get_user_id(); $course = api_get_course_id(); global $this_section; if (CustomPages::enabled() && !isset($user_id)) { if (empty($user_id)) { // Why the CustomPages::enabled() need to be to set the request_uri $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; } CustomPages::display(CustomPages::INDEX_UNLOGGED); } $origin = isset($_GET['origin']) ? $_GET['origin'] : ''; $msg = null; if (isset($message)) { $msg = $message; } else { $msg = Display::return_message(get_lang('NotAllowedClickBack') . '<br/><br/><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a>', 'error', false); } $msg = Display::div($msg, array('align' => 'center')); $show_headers = 0; if ($print_headers && $origin != 'learnpath') { $show_headers = 1; } $tpl = new Template(null, $show_headers, $show_headers); $tpl->assign('hide_login_link', 1); $tpl->assign('content', $msg); if ($user_id != 0 && !api_is_anonymous() && (!isset($course) || $course == -1) && empty($_GET['cidReq'])) { // if the access is not authorized and there is some login information // but the cidReq is not found, assume we are missing course data and send the user // to the user_portal $tpl->display_one_col_template(); exit; } if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE || $this_section == SECTION_PLATFORM_ADMIN)) { $courseCode = api_get_course_id(); // Only display form and return to the previous URL if there was a course ID included if ($user_id != 0 && !api_is_anonymous()) { //if there is a user ID, then the user is not allowed but the session is still there. Say so and exit $tpl->assign('content', $msg); $tpl->display_one_col_template(); exit; } if (!is_null($courseCode)) { api_set_firstpage_parameter($courseCode); } // If the user has no user ID, then his session has expired $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']); $action = str_replace('&', '&', $action); $form = new FormValidator('formLogin', 'post', $action, null, array(), FormValidator::LAYOUT_BOX_NO_LABEL); $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'autocapitalize_off')); $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'))); $form->addButton('submitAuth', get_lang('LoginEnter'), '', 'primary'); // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (above) $content = Display::return_message(get_lang('NotAllowed'), 'error', false); if (!empty($courseCode)) { $content .= '<h4>' . get_lang('LoginToGoToThisCourse') . '</h4>'; } if (api_is_cas_activated()) { $content .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false); $content .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_id()) . "'>" . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center')); $content .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount')); $content .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>"; $content .= "<div style='display:none;'>"; } $content .= '<div class="well_login">'; $content .= $form->return_form(); $content .= '</div>'; if (api_is_cas_activated()) { $content .= "</div>"; } if (!empty($courseCode)) { $content .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a></p>'; } else { $content .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('CampusHomepage') . '</a></p>'; } $tpl->setLoginBodyClass(); $tpl->assign('content', $content); $tpl->display_one_col_template(); exit; } if ($user_id != 0 && !api_is_anonymous()) { $tpl->display_one_col_template(); exit; } $msg = null; // The session is over and we were not in a course, // or we try to get directly to a private course without being logged if (!is_null(api_get_course_int_id())) { api_set_firstpage_parameter(api_get_course_id()); $tpl->setLoginBodyClass(); $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']); $action = str_replace('&', '&', $action); $form = new FormValidator('formLogin', 'post', $action, null, array('class' => 'form-stacked')); $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'col-md-3 autocapitalize_off')); //new $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'col-md-3')); //new $form->addButtonNext(get_lang('LoginEnter'), 'submitAuth'); // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (bellow) $msg = Display::return_message(get_lang('NotAllowed'), 'error', false); $msg .= '<h4>' . get_lang('LoginToGoToThisCourse') . '</h4>'; if (api_is_cas_activated()) { $msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false); $msg .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_int_id()) . "'>" . getCASLogoHTML() . " " . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center')); $msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount')); $msg .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>"; $msg .= "<div style='display:none;'>"; } $msg .= '<div class="well">'; $msg .= $form->return_form(); $msg .= '</div>'; if (api_is_cas_activated()) { $msg .= "</div>"; } $msg .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a></p>'; } else { // we were not in a course, return to home page $msg = Display::return_message(get_lang('NotAllowed') . '<br/><br/><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a><br />', 'error', false); } $tpl->assign('content', $msg); $tpl->display_one_col_template(); exit; }
exit; } $userResetPasswordSetting = api_get_setting('user_reset_password'); if ($userResetPasswordSetting === 'true') { $user = Database::getManager()->getRepository('ChamiloUserBundle:User')->find($user['uid']); Login::sendResetEmail($user, true); if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) { CustomPages::display(CustomPages::INDEX_UNLOGGED, ['info' => get_lang('CheckYourEmailAndFollowInstructions')]); exit; } header('Location: ' . api_get_path(WEB_PATH)); exit; } $messageText = Login::handle_encrypted_password($user, true); if (CustomPages::enabled() && CustomPages::exists(CustomPages::INDEX_UNLOGGED)) { CustomPages::display(CustomPages::INDEX_UNLOGGED, ['info' => $messageText]); exit; } Display::addFlash(Display::return_message($messageText)); header('Location: ' . api_get_path(WEB_PATH)); exit; } if (CustomPages::enabled() && CustomPages::exists(CustomPages::LOST_PASSWORD)) { CustomPages::display(CustomPages::LOST_PASSWORD, ['form' => $form->returnForm()]); exit; } $controller = new IndexManager($tool_name); $controller->set_login_form(); $controller->tpl->assign('form', $form->returnForm()); $template = $controller->tpl->get_template('auth/lost_password.tpl'); $controller->tpl->display($template);
/** * @param \Silex\Application $app * * @return \Symfony\Component\HttpFoundation\Response */ public function indexAction(Application $app) { $template = $this->getTemplate(); /*$user = $this->getManager()->getRepository('Entity\User')->find(1); foreach($user->getPortals() as $portal) { var_dump($portal->getUrl()); }*/ /* $token = $app['security']->getToken(); if (null !== $token) { $user = $token->getUser(); }*/ /*\ChamiloSession::write('name', 'clara'); var_dump(\ChamiloSession::read('name')); var_dump($_SESSION['name']);*/ //var_dump(\ChamiloSession::read('aaa')); /*\ChamiloSession::write('name', 'clar'); echo \ChamiloSession::read('name'); $app['session']->set('name', 'julio'); echo $app['session']->get('name');*/ /* $token = $app['security']->getToken(); if (null !== $token) { $user = $token->getUser(); var_dump($user ); } if ($app['security']->isGranted('ROLE_ADMIN')) { }*/ /** @var \Entity\User $user */ /*$em = $app['orm.ems']['db_write']; $user = $em->getRepository('Entity\User')->find(6); $role = $em->getRepository('Entity\Role')->findOneByRole('ROLE_STUDENT'); $user->getRolesObj()->add($role); $em->persist($user); $em->flush();*/ //$user->roles->add($status); /*$roles = $user->getRolesObj(); foreach ($roles as $role) { }*/ // $countries = Intl::getRegionBundle()->getCountryNames('es'); //var_dump($countries); /*$formatter = new \IntlDateFormatter(\Locale::getDefault(), \IntlDateFormatter::NONE, \IntlDateFormatter::NONE); //http://userguide.icu-project.org/formatparse/datetime for date formats $formatter->setPattern("EEEE d MMMM Y"); echo $formatter->format(time());*/ //@todo improve this JS includes should be added using twig $extra = array(api_get_jquery_libraries_js(array('bxslider')), '<script> $(document).ready(function(){ $("#slider").bxSlider({ infiniteLoop : true, auto : true, pager : true, autoHover : true, pause : 10000 }); }); </script>'); if (api_get_setting('use_virtual_keyboard') == 'true') { $extra[] = api_get_css(api_get_path(WEB_LIBRARY_PATH) . 'javascript/keyboard/keyboard.css'); $extra[] = api_get_js('keyboard/jquery.keyboard.js'); } $app['extraJS'] = $extra; $app['this_section'] = SECTION_CAMPUS; $request = $app['request']; if (api_get_setting('allow_terms_conditions') == 'true') { unset($_SESSION['term_and_condition']); } // If we are not logged in and custompages activated if (!api_get_user_id() && \CustomPages::enabled()) { $loggedOut = $request->get('loggedout'); if ($loggedOut) { \CustomPages::display(\CustomPages::LOGGED_OUT); } else { \CustomPages::display(\CustomPages::INDEX_UNLOGGED); } } /** @var \PageController $pageController */ $pageController = $app['page_controller']; if (api_get_setting('display_categories_on_homepage') == 'true') { $template->assign('course_category_block', $pageController->return_courses_in_categories()); } // @todo Custom Facebook connection lib could be replaced with opauth // Facebook connection, if activated if (api_is_facebook_auth_activated() && !api_get_user_id()) { facebook_connect(); } $this->setLoginForm($app); if (!api_is_anonymous()) { $pageController->setProfileBlock(); $pageController->setUserImageBlock(); if (api_is_platform_admin()) { $pageController->setCourseBlock(); } else { $pageController->return_teacher_link(); } } // Hot courses & announcements $hotCourses = null; $announcementsBlock = null; // When loading a chamilo page do not include the hot courses and news if (!isset($_REQUEST['include'])) { if (api_get_setting('show_hot_courses') == 'true') { $hotCourses = $pageController->returnHotCourses(); } $announcementsBlock = $pageController->return_announcements(); } $template->assign('hot_courses', $hotCourses); $template->assign('announcements_block', $announcementsBlock); // Homepage $template->assign('home_page_block', $pageController->returnHomePage()); // Navigation links $pageController->returnNavigationLinks($template->getNavigationLinks()); $pageController->returnNotice(); $pageController->returnHelp(); if (api_is_platform_admin() || api_is_drh()) { $pageController->returnSkillsLinks(); } $response = $template->renderLayout('layout_2_col.tpl'); return new Response($response, 200, array()); }