/**
* change the visibility of a course
*
* @return void
*/
function change_visibility_action()
{
if ((Config::get()->ALLOW_DOZENT_VISIBILITY || $GLOBALS['perm']->have_perm('admin')) && !LockRules::Check($GLOBALS['SessionSeminar'], 'seminar_visibility') && Seminar_Session::check_ticket(Request::option('studip_ticket'))) {
$course = Course::findCurrent();
if (!$course->visible) {
StudipLog::log('SEM_VISIBLE', $course->id);
$course->visible = 1;
$msg = _("Die Veranstaltung wurde sichtbar gemacht.");
} else {
StudipLog::log('SEM_INVISIBLE', $course->id);
$course->visible = 0;
$msg = _("Die Veranstaltung wurde versteckt.");
}
if ($course->store()) {
PageLayout::postMessage(MessageBox::success($msg));
}
}
$this->redirect($this->url_for('/index'));
}
function show_action()
{
$this->url_params = array();
if (Request::get('from')) {
$this->url_params['from'] = Request::get('from');
}
if (Request::get('open_node')) {
$this->url_params['open_node'] = Request::get('open_node');
}
if (!Request::isXhr()) {
Navigation::activateItem('course/admin/study_areas');
$sidebar = Sidebar::get();
$sidebar->setImage('sidebar/admin-sidebar.png');
if ($this->course) {
$links = new ActionsWidget();
foreach (Navigation::getItem('/course/admin/main') as $nav) {
if ($nav->isVisible(true)) {
$image = $nav->getImage();
$links->addLink($nav->getTitle(), URLHelper::getLink($nav->getURL(), array('studip_ticket' => Seminar_Session::get_ticket())), $image);
}
}
$sidebar->addWidget($links);
// Entry list for admin upwards.
if ($GLOBALS['perm']->have_studip_perm("admin", $GLOBALS['SessionSeminar'])) {
$list = new SelectorWidget();
$list->setUrl("?#admin_top_links");
$list->setSelectParameterName("cid");
foreach (AdminCourseFilter::get()->getCoursesForAdminWidget() as $seminar) {
$list->addElement(new SelectElement($seminar['Seminar_id'], $seminar['Name']), 'select-' . $seminar['Seminar_id']);
}
$list->setSelection($this->course->id);
$sidebar->addWidget($list);
}
}
}
if (Request::get('open_node')) {
$this->values['StudyAreasWizardStep']['open_node'] = Request::get('open_node');
}
$this->tree = $this->step->getStepTemplate($this->values, 0, 0);
}
public function decline_inst_action($inst_id)
{
$institut = Institute::find($inst_id);
$ticket_check = Seminar_Session::check_ticket(Request::option('studipticket'));
if (Request::option('cmd') != 'kill' && Request::get('cmd') != 'back') {
$this->flash['decline_inst'] = true;
$this->flash['inst_id'] = $inst_id;
$this->flash['name'] = $institut->name;
$this->flash['studipticket'] = Seminar_Session::get_ticket();
} else {
if (Request::get('cmd') == 'kill' && $ticket_check && Request::get('cmd') != 'back') {
$query = "DELETE FROM user_inst WHERE user_id = ? AND Institut_id = ? AND inst_perms = 'user'";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($GLOBALS['user']->id, $inst_id));
if ($statement->rowCount() > 0) {
PageLayout::postMessage(MessageBox::success(sprintf(_("Die Zuordnung zur Einrichtung %s wurde aufgehoben."), "<b>" . htmlReady($institut->name) . "</b>")));
} else {
PageLayout::postMessage(MessageBox::error(_('Datenbankfehler')));
}
}
}
$this->redirect('my_institutes/index');
}
/**
* default action of this controller: proxy media data
*/
public function index_action()
{
$url = Request::get('url');
$media_proxy = new MediaProxy();
$config = Config::GetInstance();
$modified_since = NULL;
if (!Seminar_Session::is_current_session_authenticated() || $config->getValue('LOAD_EXTERNAL_MEDIA') != 'proxy') {
throw new AccessDeniedException();
}
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
$modified_since = strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
}
ini_set('default_socket_timeout', 5);
$this->render_nothing();
//stop output buffering started in Trails_Dispatcher::dispatch()
while (ob_get_level()) {
ob_end_clean();
}
try {
$media_proxy->readURL($url, $modified_since);
} catch (MediaProxyException $ex) {
header($ex->getMessage());
}
}
/**
* Check if media proxy should be used and if so return the respective URL.
*
* @param string $url URL to media file.
* @return mixed URL string to media file (possibly 'proxied')
* or NULL if URL is invalid.
*/
function getMediaUrl($url)
{
// even though proxied URLs shouldn't be stored in the database, the
// next line will handle those cases where they're accidentally there
$url = decodeMediaProxyUrl($url);
// handle internal media links
if (isStudipMediaUrl($url)) {
return transformInternalIdnaLink($url);
}
if (isInternalLink($url)) {
// link is studip-internal, but not to a valid media location
throw new InvalidInternalLinkException($url);
}
// handle external media links
$external_media = \Config::get()->LOAD_EXTERNAL_MEDIA;
if ($external_media === 'proxy' && \Seminar_Session::is_current_session_authenticated()) {
// media proxy must be accessed by an internal link
return encodeMediaProxyUrl($url);
}
if ($external_media === 'allow') {
return $url;
}
throw new ExternalMediaDeniedException($url);
}
/**
* This action remove a user from course
* @param $course_id
*/
public function decline_action($course_id, $waiting = null)
{
$current_seminar = Seminar::getInstance($course_id);
$ticket_check = Seminar_Session::check_ticket(Request::option('studipticket'));
if (LockRules::Check($course_id, 'participants')) {
$lockdata = LockRules::getObjectRule($course_id);
PageLayout::postMessage(MessageBox::error(sprintf(_("Sie können sich nicht von der Veranstaltung <b>%s</b> abmelden."), htmlReady($current_seminar->name))));
if ($lockdata['description']) {
PageLayout::postMessage(MessageBox::info(formatLinks($lockdata['description'])));
}
$this->redirect('my_courses/index');
return;
}
if (Request::option('cmd') == 'back') {
$this->redirect('my_courses/index');
return;
}
if (Request::option('cmd') != 'kill' && Request::option('cmd') != 'kill_admission') {
if ($current_seminar->admission_binding && Request::get('cmd') != 'suppose_to_kill_admission' && !LockRules::Check($current_seminar->getId(), 'participants')) {
PageLayout::postMessage(MessageBox::error(sprintf(_("Die Veranstaltung <b>%s</b> ist als <b>bindend</b> angelegt.\n Wenn Sie sich abmelden wollen, müssen Sie sich an die Lehrende der Veranstaltung wenden."), htmlReady($current_seminar->name))));
$this->redirect('my_courses/index');
return;
}
if (Request::get('cmd') == 'suppose_to_kill') {
// check course admission
list(, $admission_end_time) = @array_values($current_seminar->getAdmissionTimeFrame());
$admission_enabled = $current_seminar->isAdmissionEnabled();
$admission_locked = $current_seminar->isAdmissionLocked();
if ($admission_enabled || $admission_locked || (int) $current_seminar->admission_prelim == 1) {
$message = sprintf(_('Wollen Sie sich von der teilnahmebeschränkten Veranstaltung "%s" wirklich abmelden? Sie verlieren damit die Berechtigung für die Veranstaltung und müssen sich ggf. neu anmelden!'), $current_seminar->name);
} else {
if (isset($admission_end_time) && $admission_end_time < time()) {
$message = sprintf(_('Wollen Sie sich von der teilnahmebeschränkten Veranstaltung "%s" wirklich abmelden? Der Anmeldzeitraum ist abgelaufen und Sie können sich nicht wieder anmelden!'), $current_seminar->name);
} else {
$message = sprintf(_('Wollen Sie sich von der Veranstaltung "%s" wirklich abmelden?'), $current_seminar->name);
}
}
$this->flash['cmd'] = 'kill';
} else {
if (admission_seminar_user_get_position($GLOBALS['user']->id, $course_id) === false) {
$message = sprintf(_('Wollen Sie sich von der Anmeldeliste der Veranstaltung "%s" wirklich abmelden?'), $current_seminar->name);
} else {
$message = sprintf(_('Wollen Sie sich von der Warteliste der Veranstaltung "%s" wirklich abmelden? Sie verlieren damit die bereits erreichte Position und müssen sich ggf. neu anmelden!'), $current_seminar->name);
}
$this->flash['cmd'] = 'kill_admission';
}
$this->flash['decline_course'] = true;
$this->flash['course_id'] = $course_id;
$this->flash['message'] = $message;
$this->flash['studipticket'] = Seminar_Session::get_ticket();
$this->redirect('my_courses/index');
return;
} else {
if (!LockRules::Check($course_id, 'participants') && $ticket_check && Request::option('cmd') != 'back' && Request::get('cmd') != 'kill_admission') {
$query = "DELETE FROM seminar_user WHERE user_id = ? AND Seminar_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($GLOBALS['user']->id, $course_id));
if ($statement->rowCount() == 0) {
PageLayout::postMessage(MessageBox::error(_('In der ausgewählten Veranstaltung wurde die gesuchten Personen nicht gefunden und konnte daher nicht ausgetragen werden.')));
} else {
// LOGGING
StudipLog::log('SEM_USER_DEL', $course_id, $GLOBALS['user']->id, 'Hat sich selbst ausgetragen');
// enable others to do something after the user has been deleted
NotificationCenter::postNotification('UserDidLeaveCourse', $course_id, $GLOBALS['user']->id);
// Delete from statusgroups
RemovePersonStatusgruppeComplete(get_username(), $course_id);
// Are successor available
update_admission($course_id);
PageLayout::postMessage(MessageBox::success(sprintf(_("Erfolgreich von Veranstaltung <b>%s</b> abgemeldet."), htmlReady($current_seminar->name))));
}
} else {
// LOGGING
StudipLog::log('SEM_USER_DEL', $course_id, $GLOBALS['user']->id, 'Hat sich selbst aus der Warteliste ausgetragen');
if ($current_seminar->isAdmissionEnabled()) {
$prio_delete = AdmissionPriority::unsetPriority($current_seminar->getCourseSet()->getId(), $GLOBALS['user']->id, $course_id);
}
$query = "DELETE FROM admission_seminar_user WHERE user_id = ? AND seminar_id = ?";
$statement = DBManager::get()->prepare($query);
$statement->execute(array($GLOBALS['user']->id, $course_id));
if ($statement->rowCount() || $prio_delete) {
//Warteliste neu sortieren
renumber_admission($course_id);
//Pruefen, ob es Nachruecker gibt
update_admission($course_id);
PageLayout::postMessage(MessageBox::success(sprintf(_("Der Eintrag in der Anmelde- bzw. Warteliste der Veranstaltung <b>%s</b> wurde aufgehoben.\n Wenn Sie an der Veranstaltung teilnehmen wollen, müssen Sie sich erneut bewerben."), htmlReady($current_seminar->name))));
}
}
$this->redirect('my_courses/index');
return;
}
}
/**
* @return bool|string
*/
function auth_doregister()
{
global $_language_path;
$this->error_msg = "";
// check for direct link to register2.php
if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
$_SESSION['_language'] = get_accepted_languages();
}
$_language_path = init_i18n($_SESSION['_language']);
$this->auth["uname"] = Request::username('username');
// This provides access for "crcregister.ihtml"
$validator = new email_validation_class();
// Klasse zum Ueberpruefen der Eingaben
$validator->timeout = 10;
// Wie lange warten wir auf eine Antwort des Mailservers?
if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
return false;
}
$username = trim(Request::get('username'));
$Vorname = trim(Request::get('Vorname'));
$Nachname = trim(Request::get('Nachname'));
// accept only registered domains if set
$cfg = Config::GetInstance();
$email_restriction = $cfg->getValue('EMAIL_DOMAIN_RESTRICTION');
if ($email_restriction) {
$Email = trim(Request::get('Email')) . '@' . trim(Request::get('emaildomain'));
} else {
$Email = trim(Request::get('Email'));
}
if (!$validator->ValidateUsername($username)) {
$this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist zu kurz!") . "<br>";
return false;
}
// username syntaktisch falsch oder zu kurz
// auf doppelte Vergabe wird weiter unten getestet.
if (!$validator->ValidatePassword(Request::quoted('password'))) {
$this->error_msg = $this->error_msg . _("Das Passwort ist zu kurz!") . "<br>";
return false;
}
if (!$validator->ValidateName($Vorname)) {
$this->error_msg = $this->error_msg . _("Der Vorname fehlt oder ist unsinnig!") . "<br>";
return false;
}
// Vorname nicht korrekt oder fehlend
if (!$validator->ValidateName($Nachname)) {
$this->error_msg = $this->error_msg . _("Der Nachname fehlt oder ist unsinnig!") . "<br>";
return false;
// Nachname nicht korrekt oder fehlend
}
if (!$validator->ValidateEmailAddress($Email)) {
$this->error_msg = $this->error_msg . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "<br>";
return false;
}
// E-Mail syntaktisch nicht korrekt oder fehlend
$REMOTE_ADDR = $_SERVER["REMOTE_ADDR"];
$Zeit = date("H:i:s, d.m.Y", time());
if (!$validator->ValidateEmailHost($Email)) {
// Mailserver nicht erreichbar, ablehnen
$this->error_msg = $this->error_msg . _("Der Mailserver ist nicht erreichbar, bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken und empfangen können!") . "<br>";
return false;
} else {
// Server ereichbar
if (!$validator->ValidateEmailBox($Email)) {
// aber user unbekannt. Mail an abuse!
StudipMail::sendAbuseMessage("Register", "Emailbox unbekannt\n\nUser: {$username}\nEmail: {$Email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n");
$this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse ist nicht erreichbar, bitte überprüfen Sie Ihre Angaben!") . "<br>";
return false;
} else {
// Alles paletti, jetzt kommen die Checks gegen die Datenbank...
}
}
$check_uname = StudipAuthAbstract::CheckUsername($username);
if ($check_uname['found']) {
// error_log("username schon vorhanden", 0);
$this->error_msg = $this->error_msg . _("Der gewählte Benutzername ist bereits vorhanden!") . "<br>";
return false;
// username schon vorhanden
}
if (count(User::findBySQL("Email LIKE " . DbManager::get()->quote($Email)))) {
$this->error_msg = $this->error_msg . _("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer verwendet. Sie müssen eine andere E-Mail-Adresse angeben!") . "<br>";
return false;
// Email schon vorhanden
}
// alle Checks ok, Benutzer registrieren...
$hasher = UserManagement::getPwdHasher();
$new_user = new User();
$new_user->username = $username;
$new_user->perms = 'user';
$new_user->password = $hasher->HashPassword(Request::get('password'));
$new_user->vorname = $Vorname;
$new_user->nachname = $Nachname;
$new_user->email = $Email;
$new_user->geschlecht = Request::int('geschlecht');
$new_user->title_front = trim(Request::get('title_front', Request::get('title_front_chooser')));
$new_user->title_rear = trim(Request::get('title_rear', Request::get('title_rear_chooser')));
$new_user->auth_plugin = 'standard';
$new_user->store();
if ($new_user->user_id) {
self::sendValidationMail($new_user);
$this->auth["perm"] = $new_user->perms;
return $new_user->user_id;
}
}
public function execute($last_result, $parameters = array())
{
$sess = new Seminar_Session();
$sess->set_container();
return $sess->gc();
}
<?php
# Lifter010: TODO
/* * * * * * * * * * * * *
* * * I N F O B O X * * *
* * * * * * * * * * * * */
$sidebar = Sidebar::get();
$sidebar->setImage('sidebar/admin-sidebar.png');
if (Course::findCurrent()) {
$links = new ActionsWidget();
foreach (Navigation::getItem('/course/admin/main') as $nav) {
if ($nav->isVisible(true)) {
$links->addLink($nav->getTitle(), URLHelper::getLink($nav->getURL(), array('studip_ticket' => Seminar_Session::get_ticket())), $nav->getImage(), $nav->getLinkAttributes());
}
}
$sidebar->addWidget($links);
// Entry list for admin upwards.
if ($GLOBALS['perm']->have_studip_perm("admin", $GLOBALS['SessionSeminar'])) {
$list = new SelectorWidget();
$list->setUrl("?#admin_top_links");
$list->setSelectParameterName("cid");
foreach (AdminCourseFilter::get()->getCoursesForAdminWidget() as $seminar) {
$list->addElement(new SelectElement($seminar['Seminar_id'], $seminar['Name']), 'select-' . $seminar['Seminar_id']);
}
$list->setSelection($this->course_id);
$sidebar->addWidget($list);
}
}
?>
<ul class="boxed-grid">
/**
* check if the passed ticket is valid
*
* @param string $studipticket the ticket-id to check
*
* @return bool
*/
function check_ticket($studipticket)
{
return Seminar_Session::check_ticket($studipticket);
}
public function index_action()
{
global $perm, $PATH_EXPORT;
$sem = Seminar::getInstance($this->course_id);
// old message style
if ($_SESSION['sms_msg']) {
$this->msg = $_SESSION['sms_msg'];
unset($_SESSION['sms_msg']);
}
$this->sort_by = Request::option('sortby', 'nachname');
$this->order = Request::option('order', 'desc');
$this->sort_status = Request::get('sort_status');
Navigation::activateItem('/course/members/view');
if (Request::int('toggle')) {
$this->order = $this->order == 'desc' ? 'asc' : 'desc';
}
$filtered_members = $this->members->getMembers($this->sort_status, $this->sort_by . ' ' . $this->order, !$this->is_tutor ? $this->user_id : null);
if ($this->is_tutor) {
$filtered_members = array_merge($filtered_members, $this->members->getAdmissionMembers($this->sort_status, $this->sort_by . ' ' . $this->order));
$this->awaiting = $filtered_members['awaiting']->toArray('user_id username vorname nachname visible mkdate');
$this->accepted = $filtered_members['accepted']->toArray('user_id username vorname nachname visible mkdate');
$this->claiming = $filtered_members['claiming']->toArray('user_id username vorname nachname visible mkdate');
}
// Check autor-perms
if (!$this->is_tutor) {
SkipLinks::addIndex(_("Sichtbarkeit ändern"), 'change_visibility');
// filter invisible user
$this->invisibles = count($filtered_members['autor']->findBy('visible', 'no')) + count($filtered_members['user']->findBy('visible', 'no'));
$current_user_id = $this->user_id;
$exclude_invisibles = function ($user) use($current_user_id) {
return $user['visible'] != 'no' || $user['user_id'] == $current_user_id;
};
$filtered_members['autor'] = $filtered_members['autor']->filter($exclude_invisibles);
$filtered_members['user'] = $filtered_members['user']->filter($exclude_invisibles);
$this->my_visibility = $this->getUserVisibility();
if (!$this->my_visibility['iam_visible']) {
$this->invisibles--;
}
}
// get member informations
$this->dozenten = $filtered_members['dozent']->toArray('user_id username vorname nachname');
$this->tutoren = $filtered_members['tutor']->toArray('user_id username vorname nachname mkdate');
$this->autoren = $filtered_members['autor']->toArray('user_id username vorname nachname visible mkdate');
$this->users = $filtered_members['user']->toArray('user_id username vorname nachname visible mkdate');
$this->studipticket = Seminar_Session::get_ticket();
$this->subject = $this->getSubject();
$this->groups = $this->status_groups;
// Check Seminar
if ($this->is_tutor && $sem->isAdmissionEnabled()) {
$this->course = $sem;
$distribution_time = $sem->getCourseSet()->getSeatDistributionTime();
if ($sem->getCourseSet()->hasAlgorithmRun()) {
$this->waitingTitle = _("Warteliste");
if (!$sem->admission_disable_waitlist_move) {
$this->waitingTitle .= ' (' . _("automatisches Nachrücken ist eingeschaltet") . ')';
} else {
$this->waitingTitle .= ' (' . _("automatisches Nachrücken ist ausgeschaltet") . ')';
}
$this->semAdmissionEnabled = 2;
$this->waiting_type = 'awaiting';
} else {
$this->waitingTitle = sprintf(_("Anmeldeliste (Losverfahren am %s)"), strftime('%x %R', $distribution_time));
$this->semAdmissionEnabled = 1;
$this->awaiting = $this->claiming;
$this->waiting_type = 'claiming';
}
}
// Set the infobox
$this->createSidebar($filtered_members, $course);
if ($this->is_locked && $this->is_tutor) {
$lockdata = LockRules::getObjectRule($this->course_id);
if ($lockdata['description']) {
PageLayout::postMessage(MessageBox::info(formatLinks($lockdata['description'])));
}
}
// Check for waitlist availability (influences available actions)
// People can be moved to waitlist if waitlist available and no automatic moving up.
if (!$sem->admission_disable_waitlist && $sem->admission_disable_waitlist_move) {
$this->to_waitlist_actions = true;
}
}
/**
* @return bool
*/
function auth_validatelogin()
{
global $_language_path;
//prevent replay attack
if (!Seminar_Session::check_ticket(Request::option('login_ticket'))) {
return false;
}
// check for direct link
if (!$_SESSION['_language'] || $_SESSION['_language'] == "") {
$_SESSION['_language'] = get_accepted_languages();
}
$_language_path = init_i18n($_SESSION['_language']);
include 'config.inc.php';
$this->auth["uname"] = Request::get('loginname');
// This provides access for "loginform.ihtml"
$this->auth["jscript"] = Request::get('resolution') != "";
$this->auth['devicePixelRatio'] = Request::float('device_pixel_ratio');
$check_auth = StudipAuthAbstract::CheckAuthentication(Request::get('loginname'), Request::get('password'));
if ($check_auth['uid']) {
$uid = $check_auth['uid'];
if ($check_auth['need_email_activation'] == $uid) {
$this->need_email_activation = $uid;
$_SESSION['semi_logged_in'] = $uid;
return false;
}
$user = $check_auth['user'];
$this->auth["perm"] = $user->perms;
$this->auth["uname"] = $user->username;
$this->auth["auth_plugin"] = $user->auth_plugin;
$this->auth_set_user_settings($user);
Metrics::increment('core.login.succeeded');
return $uid;
} else {
Metrics::increment('core.login.failed');
$this->error_msg = $check_auth['error'];
return false;
}
}
/**
* Stud.IP markup for images, audio, video and flash-films
*/
protected static function markupMedia($markup, $matches)
{
$tag = $matches[1];
$params = explode(":", $matches[2]);
$url = $matches[3];
$whitespace = $matches[4];
foreach ($params as $key => $param) {
if ($param) {
if (is_numeric($param)) {
$width = $param;
} elseif (in_array($param, words("left center right"))) {
$position = $param;
} elseif ($key === 0 && $param[0] === "=") {
$title = substr($param, 1);
} elseif ($key < count($params) - 1) {
$virtual_url = $param . ":" . $params[$key + 1];
if (isURL($virtual_url)) {
$link = $virtual_url;
}
}
}
}
$format_strings = array('img' => '<img src="%s" style="%s" title="%s" alt="%s">', 'audio' => '<audio src="%s" style="%s" title="%s" alt="%s" controls></audio>', 'video' => '<video src="%s" style="%s" title="%s" alt="%s" controls></video>');
$url = TransformInternalLinks($url);
$pu = @parse_url($url);
if (($pu['scheme'] == 'http' || $pu['scheme'] == 'https') && ($pu['host'] == $_SERVER['HTTP_HOST'] || $pu['host'] . ':' . $pu['port'] == $_SERVER['HTTP_HOST']) && strpos($pu['path'], $GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP']) === 0) {
$intern = true;
$checkpath = urldecode(substr($pu['path'], strlen($GLOBALS['CANONICAL_RELATIVE_PATH_STUDIP'])));
if (strpos($checkpath, '../') === false) {
list($pu['first_target']) = explode('/', $checkpath);
} else {
$pu['first_target'] = false;
}
}
$LOAD_EXTERNAL_MEDIA = Config::GetInstance()->getValue('LOAD_EXTERNAL_MEDIA');
if ($intern && !in_array($pu['first_target'], array('sendfile.php', 'download', 'assets', 'pictures')) && !($pu['first_target'] === 'dispatch.php' && strpos($pu['path'], 'dispatch.php/document/download') !== false)) {
return $matches[0];
} elseif ((!$LOAD_EXTERNAL_MEDIA || $LOAD_EXTERNAL_MEDIA === 'deny') && !$intern) {
return $matches[0];
}
//Mediaproxy?
if (!$intern && $LOAD_EXTERNAL_MEDIA === "proxy" && Seminar_Session::is_current_session_authenticated()) {
$media_url = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'dispatch.php/media_proxy?url=' . urlencode(decodeHTML(idna_link($url)));
} else {
$media_url = idna_link($url);
}
if ($tag === "flash") {
$width = $width ? $width : 200;
$height = round($width * 0.75);
$flash_config = $width > 200 ? $GLOBALS['FLASHPLAYER_DEFAULT_CONFIG_MAX'] : $GLOBALS['FLASHPLAYER_DEFAULT_CONFIG_MIN'];
$media = '<object type="application/x-shockwave-flash" id="FlashPlayer" data="' . Assets::url() . 'flash/player_flv.swf" width="' . $width . '" height="' . $height . '">
<param name="movie" value="' . Assets::url() . 'flash/player_flv.swf">
<param name="allowFullScreen" value="true">
<param name="FlashVars" value="flv=' . urlencode(decodeHTML($media_url)) . '&startimage=' . $link . $flash_config . '">
<embed src="' . Assets::url() . 'flash/player_flv.swf" movie="$media_url" type="application/x-shockwave-flash" FlashVars="flv=' . urlencode(decodeHTML($media_url)) . '&startimage=' . $link . $flash_config . '">
</object>';
} else {
$media = sprintf($format_strings[$tag], $media_url, isset($width) ? "width: " . $width . "px;" : "", $title, $title);
}
if ($tag === 'audio') {
$random_id = 'audio-' . substr(md5(uniqid('audio', true)), -8);
$media = str_replace('<audio ', '<audio id="' . $random_id . '" onerror="STUDIP.Audio.handle(this);" ', $media);
}
if ($link && $tag === "img") {
$media = sprintf('<a href="%s"%s>%s</a>', $link, !isLinkIntern($link) ? ' target="_blank"' : "", $media);
}
if ($position) {
$media = '<div style="text-align: ' . $position . '">' . $media . '</div>';
}
$media .= $whitespace;
return $media;
}
/**
* returns a random string token for XSRF prevention
* the string is stored in the session
*
* @static
* @return string
*/
public static function get_ticket()
{
if (!self::$studipticket) {
self::$studipticket = $_SESSION['last_ticket'] = md5(uniqid('studipticket', 1));
}
return self::$studipticket;
}
</h1>
<?endif;?>
<p style="padding-bottom:25px;"><?php
echo _("Bitte identifizieren Sie sich mit Benutzername und Passwort:");
?>
</p>
<form style="padding-bottom:25px;" name="login" method="post" action="<?php
echo URLHelper::getLink(Request::url(), array('cancel_login' => NULL));
?>
">
<?php
echo CSRFProtection::tokenTag();
?>
<input type="hidden" name="login_ticket" value="<?php
echo Seminar_Session::get_ticket();
?>
">
<input type="hidden" name="resolution" value="">
<input type="hidden" name="device_pixel_ratio" value="1">
<table border="0" cellspacing="0" cellpadding="4">
<tbody>
<tr valign="top" align="left">
<td>
<label for="loginname"><?php
echo _('Benutzername:');
?>
</label>
</td>
<td>
<input type="text" <?php
