/**
* This method check if a user is allowed to see the block inside dashboard interface
* @param int User id
* @return bool Is block visible for user
*/
public function is_block_visible_for_user($user_id)
{
$user_info = api_get_user_info($user_id);
$user_status = $user_info['status'];
$is_block_visible_for_user = false;
if (UserManager::is_admin($user_id) || in_array($user_status, $this->permission)) {
$is_block_visible_for_user = true;
}
return $is_block_visible_for_user;
}
/**
* Get a list of courses (code, url, title, teacher, language) and return to caller
* Function registered as service. Returns strings in UTF-8.
* @param string User name in Chamilo
* @param string Signature (composed of the sha1(username+apikey)
* @param mixed Array or string. Type of visibility of course (public, public-registered, private, closed)
* @return array Courses list (code=>[title=>'title',url='http://...',teacher=>'...',language=>''],code=>[...],...)
*/
function WSCourseList($username, $signature, $visibilities = 'public') {
if (empty($username) or empty($signature)) { return -1; }
global $_configuration;
$info = api_get_user_info_from_username($username);
$user_id = $info['user_id'];
if (!UserManager::is_admin($user_id)) { return -1; }
$list = UserManager::get_api_keys($user_id, 'dokeos');
$key = '';
foreach ($list as $key) {
break;
}
$local_key = $username.$key;
if (!api_is_valid_secret_key($signature, $local_key) && !api_is_valid_secret_key($signature, $username.$_configuration['security_key'])) {
return -1; // The secret key is incorrect.
}
//public-registered = open
$vis = array('public' => '3', 'public-registered' => '2', 'private' => '1', 'closed' => '0');
$courses_list = array();
if (!is_array($visibilities)) {
$visibilities = split(',', $visibilities);
}
foreach ($visibilities as $visibility) {
if (!in_array($visibility, array_keys($vis))) {
return array('error_msg' => 'Security check failed');
}
$courses_list_tmp = CourseManager::get_courses_list(null, null, null, null, $vis[$visibility]);
foreach ($courses_list_tmp as $index => $course) {
$course_info = CourseManager::get_course_information($course['code']);
$courses_list[] = array('code' => $course['code'], 'title' => api_utf8_encode($course_info['title']), 'url' => api_get_path(WEB_COURSE_PATH).$course_info['directory'].'/', 'teacher' => api_utf8_encode($course_info['tutor_name']), 'language' => $course_info['course_language']);
}
}
return $courses_list;
}
?>
<table border="0" cellpadding="5" cellspacing="0" width="100%" align="center">
<tr>
<td align="left"></td>
<td align="left"></td>
<td width="" align="center"> </td>
</tr>
<tr>
<td width="45%" align="center"><b><?php
echo get_lang('SessionsListInPlatform');
?>
:</b></td>
<td width="10%"> </td>
<td align="center" width="45%"><b>
<?php
if (UserManager::is_admin($user_id)) {
echo get_lang('AssignedSessionsListToPlatformAdministrator');
} else {
if ($user_info['status'] == SESSIONADMIN) {
echo get_lang('AssignedSessionsListToSessionsAdministrator');
} else {
echo get_lang('AssignedSessionsListToHumanResourcesManager');
}
}
?>
: </b></td>
</tr>
<?php
if ($add_type == 'multiple') {
?>
// Make *sure* the login isn't too long
if (isset($values['username'])) {
$values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH);
}
if (api_get_setting('registration.allow_registration_as_teacher') == 'false') {
$values['status'] = STUDENT;
}
if (empty($values['official_code']) && !empty($values['username'])) {
$values['official_code'] = api_strtoupper($values['username']);
}
if (api_get_setting('profile.login_is_email') == 'true') {
$values['username'] = $values['email'];
}
if ($user_already_registered_show_terms && api_get_setting('registration.allow_terms_conditions') == 'true') {
$user_id = $_SESSION['term_and_condition']['user_id'];
$is_admin = UserManager::is_admin($user_id);
Session::write('is_platformAdmin', $is_admin);
} else {
// Moved here to include extra fields when creating a user. Formerly placed after user creation
// Register extra fields
$extras = array();
foreach ($values as $key => $value) {
if (substr($key, 0, 6) == 'extra_') {
//an extra field
$extras[substr($key, 6)] = $value;
} elseif (strpos($key, 'remove_extra_') !== false) {
$extra_value = Security::filter_filename(urldecode(key($value)));
// To remove from user_field_value and folder
UserManager::update_extra_field_value($user_id, substr($key, 13), $extra_value);
}
}
/**
* Build the modify-column of the table
* @param int The user id
* @param string URL params to add to table links
* @param array Row of elements to alter
* @return string Some HTML-code with modify-buttons
*/
function modify_filter($user_id, $url_params, $row)
{
global $charset, $_admins_list;
$is_admin = in_array($user_id, $_admins_list);
$statusname = api_get_status_langvars();
$user_is_anonymous = false;
$current_user_status_label = $row['7'];
if ($current_user_status_label == $statusname[ANONYMOUS]) {
$user_is_anonymous = true;
}
$result = '';
if (!$user_is_anonymous) {
$icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_' . $user_id . '"> </div>
</a>';
$icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_s_' . $user_id . '"> </div>
</a>';
} else {
$result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' ';
$result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' ';
}
if (api_is_platform_admin()) {
if (!$user_is_anonymous) {
$result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> ';
} else {
$result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' ';
}
}
//only allow platform admins to login_as, or session admins only for students (not teachers nor other admins)
if (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]) {
if (!$user_is_anonymous) {
if (api_global_admin_can_edit_admin($user_id)) {
$result .= '<a href="user_list.php?action=login_as&user_id=' . $user_id . '&sec_token=' . $_SESSION['sec_token'] . '">' . Display::return_icon('login_as.png', get_lang('LoginAs')) . '</a> ';
} else {
$result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' ';
}
} else {
$result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' ';
}
} else {
$result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' ';
}
if ($current_user_status_label != $statusname[STUDENT]) {
$result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' ';
} else {
$result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> ';
}
if (api_is_platform_admin(true)) {
$editProfileUrl = Display::getProfileEditionLink($user_id, true);
if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) {
$result .= '<a href="' . $editProfileUrl . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
} else {
$result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
}
}
if ($is_admin) {
$result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL));
} else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
}
// actions for assigning sessions, courses or users
if (api_is_session_admin()) {
/*if ($row[0] == api_get_user_id()) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> ';
}*/
} else {
if ($current_user_status_label == $statusname[SESSIONADMIN]) {
$result .= Display::url(Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')), "dashboard_add_sessions_to_user.php?user={$user_id}");
} else {
if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id) || $current_user_status_label == $statusname[STUDENT_BOSS]) {
$result .= Display::url(Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL), "dashboard_add_users_to_user.php?user={$user_id}");
}
if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) {
$result .= Display::url(Display::return_icon('course_add.gif', get_lang('AssignCourses')), "dashboard_add_courses_to_user.php?user={$user_id}");
$result .= Display::url(Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')), "dashboard_add_sessions_to_user.php?user={$user_id}");
}
}
}
if (api_is_platform_admin()) {
$result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '&modal_size=lg" class="agenda_opener ajax">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>';
$deleteAllowed = !api_get_configuration_value('deny_delete_users');
if ($deleteAllowed) {
if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . $_SESSION['sec_token'] . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>';
} else {
$result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL);
}
}
}
return $result;
}
/**
* Get list of courses for a given user
* @param int $user_id
* @param boolean $include_sessions Whether to include courses from session or not
* @param boolean $adminGetsAllCourses If the user is platform admin,
* whether he gets all the courses or just his. Note: This does *not* include all sessions
* @return array List of codes and db name
* @author isaac flores paz
*/
public static function get_courses_list_by_user_id($user_id, $include_sessions = false, $adminGetsAllCourses = false)
{
$user_id = intval($user_id);
$course_list = array();
$codes = array();
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_user_course_category = Database::get_main_table(TABLE_USER_COURSE_CATEGORY);
$special_course_list = self::get_special_course_list();
if ($adminGetsAllCourses && UserManager::is_admin($user_id)) {
// get the whole courses list
$sql = "SELECT DISTINCT(course.code), course.id as real_id\n FROM {$tbl_course} course";
} else {
$with_special_courses = $without_special_courses = '';
if (!empty($special_course_list)) {
$sc_string = '"' . implode('","', $special_course_list) . '"';
$with_special_courses = ' course.code IN (' . $sc_string . ')';
$without_special_courses = ' AND course.code NOT IN (' . $sc_string . ')';
}
if (!empty($with_special_courses)) {
$sql = "SELECT DISTINCT(course.code), course.id as real_id\n FROM " . $tbl_course_user . " course_rel_user\n LEFT JOIN " . $tbl_course . " course\n ON course.id = course_rel_user.c_id\n LEFT JOIN " . $tbl_user_course_category . " user_course_category\n ON course_rel_user.user_course_cat = user_course_category.id\n WHERE {$with_special_courses}\n GROUP BY course.code\n ORDER BY user_course_category.sort,course.title,course_rel_user.sort ASC";
$rs_special_course = Database::query($sql);
if (Database::num_rows($rs_special_course) > 0) {
while ($result_row = Database::fetch_array($rs_special_course)) {
$result_row['special_course'] = 1;
$course_list[] = $result_row;
$codes[] = $result_row['real_id'];
}
}
}
// get course list not auto-register. Use Distinct to avoid multiple
// entries when a course is assigned to a HRD (DRH) as watcher
$sql = "SELECT DISTINCT(course.code), course.id as real_id\n FROM {$tbl_course} course\n INNER JOIN {$tbl_course_user} cru ON course.id = cru.c_id\n WHERE cru.user_id='{$user_id}' {$without_special_courses}";
}
$result = Database::query($sql);
if (Database::num_rows($result)) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
$course_list[] = $row;
$codes[] = $row['real_id'];
}
}
if ($include_sessions === true) {
$sql = "SELECT DISTINCT(c.code), c.id as real_id\n FROM " . Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER) . " s,\n " . Database::get_main_table(TABLE_MAIN_COURSE) . " c\n WHERE user_id = {$user_id} AND s.c_id = c.id";
$r = Database::query($sql);
while ($row = Database::fetch_array($r, 'ASSOC')) {
if (!in_array($row['real_id'], $codes)) {
$course_list[] = $row;
}
}
}
return $course_list;
}
/**
* @param int $ticket_id
* @param int $user_id
* @return array
*/
public static function get_ticket_detail_by_id($ticket_id, $user_id)
{
$ticket_id = intval($ticket_id);
$user_id = intval($user_id);
$table_support_category = Database::get_main_table(
TABLE_TICKET_CATEGORY
);
$table_support_tickets = Database::get_main_table(TABLE_TICKET_TICKET);
$table_support_priority = Database::get_main_table(
TABLE_TICKET_PRIORITY
);
$table_support_status = Database::get_main_table(TABLE_TICKET_STATUS);
$table_support_messages = Database::get_main_table(
TABLE_TICKET_MESSAGE
);
$table_support_message_attachments = Database::get_main_table(
TABLE_TICKET_MESSAGE_ATTACHMENTS
);
$table_main_user = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT
ticket.* ,cat.name ,
status.name as status, priority.priority
FROM $table_support_tickets ticket,
$table_support_category cat ,
$table_support_priority priority ,
$table_support_status status
WHERE
ticket.ticket_id = '$ticket_id'
AND cat.category_id = ticket.category_id
AND priority.priority_id = ticket.priority_id
AND status.status_id = ticket.status_id ";
if (!UserManager::is_admin($user_id)) {
$sql .= "AND ticket.request_user = '******'";
}
$result = Database::query($sql);
$ticket = array();
if (Database::num_rows($result) > 0) {
while ($row = Database::fetch_assoc($result)) {
$row['course'] = null;
$row['start_date'] = api_convert_and_format_date(
api_get_local_time($row['start_date']), DATE_TIME_FORMAT_LONG, _api_get_timezone()
);
$row['end_date'] = api_convert_and_format_date(
api_get_local_time($row['end_date']), DATE_TIME_FORMAT_LONG, _api_get_timezone()
);
$row['sys_lastedit_datetime'] = api_convert_and_format_date(
api_get_local_time($row['sys_lastedit_datetime']), DATE_TIME_FORMAT_LONG, _api_get_timezone()
);
$row['course_url'] = null;
if ($row['course_id'] != 0) {
$course = api_get_course_info_by_id($row['course_id']);
$row['course_url'] = '<a href="' . api_get_path(WEB_COURSE_PATH) . $course['path'] . '">' . $course['name'] . '</a>';
}
$userInfo = api_get_user_info($row['request_user']);
$row['user_url'] = '<a href="' . api_get_path(WEB_PATH) . 'main/admin/user_information.php?user_id=' . $row['request_user'] . '">
' . api_get_person_name($userInfo['firstname'], $userInfo['lastname']) . '</a>';
$ticket['usuario'] = $userInfo;
$ticket['ticket'] = $row;
}
$sql = "SELECT * FROM $table_support_messages message,
$table_main_user user
WHERE message.ticket_id = '$ticket_id'
AND message.sys_insert_user_id = user.user_id ";
$result = Database::query($sql);
$ticket['messages'] = array();
$attach_icon = Display::return_icon('attachment.gif', '');
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
$webPath = api_get_path(WEB_PATH);
while ($row = Database::fetch_assoc($result)) {
$message = $row;
$completeName = api_get_person_name($row['firstname'], $row['lastname']);
$href = $webPath . 'main/admin/user_information.php?user_id=' . $row['user_id'];
//Check if user is an admin
$sql_admin = "SELECT user_id FROM $admin_table
WHERE user_id = '" . intval($message['user_id']) . "'
LIMIT 1";
$result_admin = Database::query($sql_admin);
$message['admin'] = false;
if (Database::num_rows($result_admin) > 0) {
$message['admin'] = true;
}
$message['user_created'] = "<a href='$href'> $completeName </a>";
$sql_atachment = "SELECT * FROM $table_support_message_attachments
WHERE message_id = " . $row['message_id'] . "
AND ticket_id= '$ticket_id' ";
$result_attach = Database::query($sql_atachment);
while ($row2 = Database::fetch_assoc($result_attach)) {
$archiveURL = $archiveURL = $webPath . "plugin/" . PLUGIN_NAME . '/src/download.php?ticket_id=' . $ticket_id . '&file=';
$row2['attachment_link'] = $attach_icon . ' <a href="' . $archiveURL . $row2['path'] . '&title=' . $row2['filename'] . '">' . $row2['filename'] . '</a> (' . $row2['size'] . ')';
$message['atachments'][] = $row2;
}
$ticket['messages'][] = $message;
}
}
return $ticket;
}
if (($password == $uData['password'] or $cas_login) and trim($login) == $uData['username']) {
$uData = api_get_user_info($uData['user_id'], false, false, true);
$extraFields = $uData['extra_fields'];
// $update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type');
$update_type = isset($extraFields['extra_update_type']) ? $extraFields['extra_update_type'] : null;
if (!empty($extAuthSource[$update_type]['updateUser']) && file_exists($extAuthSource[$update_type]['updateUser'])) {
include_once $extAuthSource[$update_type]['updateUser'];
}
// Check if the account is active (not locked)
if ($uData['active'] == '1') {
// Check if the expiration date has not been reached
if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
global $_configuration;
if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) {
//Check if user is an admin
$my_user_is_admin = UserManager::is_admin($uData['user_id']);
// This user is subscribed in these sites => $my_url_list
$my_url_list = api_get_access_url_from_user($uData['user_id']);
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
// the user have the permissions to enter at this site
if (in_array($current_access_url_id, $my_url_list)) {
ConditionalLogin::check_conditions($uData);
Session::write('_user', $uData);
$logging_in = true;
} else {
$loginFailed = true;
Session::erase('_uid');
/**
* Build the modify-column of the table
* @param int The user id
* @param string URL params to add to table links
* @param array Row of elements to alter
* @return string Some HTML-code with modify-buttons
*/
function modify_filter($user_id, $url_params, $row)
{
global $_admins_list, $delete_user_available, $app;
$is_admin = false;
$userId = api_get_user_id();
if (is_array($_admins_list)) {
$is_admin = in_array($user_id, $_admins_list);
}
$statusname = api_get_status_langvars();
$user_is_anonymous = false;
$current_user_status_label = $row['7'];
if ($current_user_status_label == $statusname[ANONYMOUS]) {
$user_is_anonymous = true;
}
$result = '';
if (!$user_is_anonymous) {
$icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_' . $user_id . '"> </div>
</a>';
$icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')'));
$result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" >
' . $icon . '
<div class="blackboard_hide" id="div_s_' . $user_id . '"> </div>
</a>';
} else {
$result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' ';
$result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' ';
}
if (api_is_platform_admin()) {
if (!$user_is_anonymous) {
$result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> ';
} else {
$result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' ';
}
}
//only allow platform admins to login_as, or session admins only for
// students (not teachers nor other admins), and only if all options
// match to say this user has the permission to do so
// $_configuration['login_as_forbidden_globally'], defined in
// configuration.php, is the master key to these conditions
global $_configuration;
if (empty($_configuration['login_as_forbidden_globally']) && (api_is_global_platform_admin() || api_get_setting('login_as_allowed') === 'true' && (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]))) {
if (!$user_is_anonymous) {
if ($app['security']->isGranted('ROLE_GLOBAL_ADMIN')) {
// everything looks good, show "login as" link
if ($user_id != $userId) {
$result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user='******'">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> ';
} else {
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
} else {
// if this user in particular can't be edited, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
} else {
// if anonymous user but other users show the option, show disabled
$result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' ';
}
}
// Else don't show anything, because the option is not available at all
//$result .= Display::url('<i class="icon-key icon-large"></i>', 'roles');
if ($current_user_status_label != $statusname[STUDENT]) {
$result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' ';
} else {
$result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> ';
}
if (api_is_platform_admin(true)) {
if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) {
$result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
} else {
$result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> ';
}
}
if ($is_admin) {
$result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL));
} else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
}
// actions for assigning sessions, courses or users
if (api_is_session_admin()) {
/*if ($row[0] == api_get_user_id()) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> ';
}*/
} else {
if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) {
$result .= '<a href="dashboard_add_users_to_user.php?user='******'">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>';
$result .= '<a href="dashboard_add_courses_to_user.php?user='******'">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> ';
$result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> ';
} else {
if ($current_user_status_label == $statusname[SESSIONADMIN]) {
$result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> ';
}
}
}
if (api_is_platform_admin()) {
$result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>';
if ($delete_user_available) {
if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>';
} else {
$result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL);
}
}
}
return $result;
}
/**
* Validates the received active connection data with the database
* @return bool Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//error_log('check_user');
//error_log('sso decode cookie: '.print_r($sso,1));
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
//error_log('user exists');
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
//This user's authentification is managed by Chamilo itself
// check the user's password
// password hash comes already parsed in sha1, md5 or none
/*
error_log($sso['secret']);
error_log($uData['password']);
error_log($sso['username']);
error_log($uData['username']);
*/
global $_configuration;
// Two possible authentication methods here: legacy using password
// and new using a temporary, session-fixed, tempkey
if ($sso['username'] == $uData['username'] && $sso['secret'] === sha1($uData['username'] . Session::read('tempkey') . $_configuration['security_key']) or $sso['secret'] === sha1($uData['password']) && $sso['username'] == $uData['username']) {
//error_log('user n password are ok');
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if
// the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['user_id']);
} else {
$current_access_url_id = 1;
$my_url_list = array(1);
}
$my_user_is_admin = UserManager::is_admin($uData['user_id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
event_login();
// Redirect to homepage
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . '.index.php';
header('Location: ' . $sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
event_login();
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
event_login();
} else {
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
?>
&id=<?php
echo $document_id;
?>
&createdir=1">
<?php
Display::display_icon('new_folder.png', get_lang('CreateDir'), '', ICON_SIZE_MEDIUM);
?>
</a>
<?php
}
}
$table_footer = '';
$total_size = 0;
if (isset($docs_and_folders) && is_array($docs_and_folders)) {
if (api_get_group_id() == 0 || (api_is_allowed_to_edit() || GroupManager::is_subscribed(api_get_user_id(), api_get_group_id()) || GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id()) || UserManager::is_admin(api_get_user_id()))) {
// Create a sortable table with our data
$sortable_data = array();
$count = 1;
foreach ($docs_and_folders as $key => $document_data) {
$row = array();
$row['id'] = $document_data['id'];
$row['type'] = $document_data['filetype'];
// If the item is invisible, wrap it in a span with class invisible
$is_visible = DocumentManager::is_visible_by_id($document_data['id'], $course_info, api_get_session_id(), api_get_user_id(), false);
$invisibility_span_open = $is_visible == 0 ? '<span class="muted">' : '';
$invisibility_span_close = $is_visible == 0 ? '</span>' : '';
// Size (or total size of a directory)
$size = $document_data['filetype'] == 'folder' ? FileManager::get_total_folder_size($document_data['path'], $is_allowed_to_edit) : $document_data['size'];
// Get the title or the basename depending on what we're using
if ($document_data['title'] != '') {
/**
* Validates the received active connection data with the database
* @return bool Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//get token that should have been used and delete it
//from session since it can only be used once
$sso_challenge = '';
if (isset($_SESSION['sso_challenge'])) {
$sso_challenge = $_SESSION['sso_challenge'];
unset($_SESSION['sso_challenge']);
}
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
if ($sso['secret'] === sha1($uData['username'] . $sso_challenge . api_get_security_key()) && $sso['username'] == $uData['username']) {
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['id']);
} else {
$current_access_url_id = 1;
$my_url_list = array(1);
}
$my_user_is_admin = UserManager::is_admin($uData['id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['id'];
$_user = api_get_user_info($_user['user_id']);
$_user['uidReset'] = true;
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
// Redirect to homepage
$sso_target = '';
if (!empty($sso['ruri'])) {
//The referrer URI is *only* used if
// the user credentials are OK, which
// should be protection enough
// against evil URL spoofing...
$sso_target = api_get_path(WEB_PATH) . base64_decode($sso['ruri']);
} else {
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . 'index.php';
}
header('Location: ' . $sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
} else {
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
