/** * This method check if a user is allowed to see the block inside dashboard interface * @param int User id * @return bool Is block visible for user */ public function is_block_visible_for_user($user_id) { $user_info = api_get_user_info($user_id); $user_status = $user_info['status']; $is_block_visible_for_user = false; if (UserManager::is_admin($user_id) || in_array($user_status, $this->permission)) { $is_block_visible_for_user = true; } return $is_block_visible_for_user; }
/** * Get a list of courses (code, url, title, teacher, language) and return to caller * Function registered as service. Returns strings in UTF-8. * @param string User name in Chamilo * @param string Signature (composed of the sha1(username+apikey) * @param mixed Array or string. Type of visibility of course (public, public-registered, private, closed) * @return array Courses list (code=>[title=>'title',url='http://...',teacher=>'...',language=>''],code=>[...],...) */ function WSCourseList($username, $signature, $visibilities = 'public') { if (empty($username) or empty($signature)) { return -1; } global $_configuration; $info = api_get_user_info_from_username($username); $user_id = $info['user_id']; if (!UserManager::is_admin($user_id)) { return -1; } $list = UserManager::get_api_keys($user_id, 'dokeos'); $key = ''; foreach ($list as $key) { break; } $local_key = $username.$key; if (!api_is_valid_secret_key($signature, $local_key) && !api_is_valid_secret_key($signature, $username.$_configuration['security_key'])) { return -1; // The secret key is incorrect. } //public-registered = open $vis = array('public' => '3', 'public-registered' => '2', 'private' => '1', 'closed' => '0'); $courses_list = array(); if (!is_array($visibilities)) { $visibilities = split(',', $visibilities); } foreach ($visibilities as $visibility) { if (!in_array($visibility, array_keys($vis))) { return array('error_msg' => 'Security check failed'); } $courses_list_tmp = CourseManager::get_courses_list(null, null, null, null, $vis[$visibility]); foreach ($courses_list_tmp as $index => $course) { $course_info = CourseManager::get_course_information($course['code']); $courses_list[] = array('code' => $course['code'], 'title' => api_utf8_encode($course_info['title']), 'url' => api_get_path(WEB_COURSE_PATH).$course_info['directory'].'/', 'teacher' => api_utf8_encode($course_info['tutor_name']), 'language' => $course_info['course_language']); } } return $courses_list; }
?> <table border="0" cellpadding="5" cellspacing="0" width="100%" align="center"> <tr> <td align="left"></td> <td align="left"></td> <td width="" align="center"> </td> </tr> <tr> <td width="45%" align="center"><b><?php echo get_lang('SessionsListInPlatform'); ?> :</b></td> <td width="10%"> </td> <td align="center" width="45%"><b> <?php if (UserManager::is_admin($user_id)) { echo get_lang('AssignedSessionsListToPlatformAdministrator'); } else { if ($user_info['status'] == SESSIONADMIN) { echo get_lang('AssignedSessionsListToSessionsAdministrator'); } else { echo get_lang('AssignedSessionsListToHumanResourcesManager'); } } ?> : </b></td> </tr> <?php if ($add_type == 'multiple') { ?>
// Make *sure* the login isn't too long if (isset($values['username'])) { $values['username'] = api_substr($values['username'], 0, USERNAME_MAX_LENGTH); } if (api_get_setting('registration.allow_registration_as_teacher') == 'false') { $values['status'] = STUDENT; } if (empty($values['official_code']) && !empty($values['username'])) { $values['official_code'] = api_strtoupper($values['username']); } if (api_get_setting('profile.login_is_email') == 'true') { $values['username'] = $values['email']; } if ($user_already_registered_show_terms && api_get_setting('registration.allow_terms_conditions') == 'true') { $user_id = $_SESSION['term_and_condition']['user_id']; $is_admin = UserManager::is_admin($user_id); Session::write('is_platformAdmin', $is_admin); } else { // Moved here to include extra fields when creating a user. Formerly placed after user creation // Register extra fields $extras = array(); foreach ($values as $key => $value) { if (substr($key, 0, 6) == 'extra_') { //an extra field $extras[substr($key, 6)] = $value; } elseif (strpos($key, 'remove_extra_') !== false) { $extra_value = Security::filter_filename(urldecode(key($value))); // To remove from user_field_value and folder UserManager::update_extra_field_value($user_id, substr($key, 13), $extra_value); } }
/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $charset, $_admins_list; $is_admin = in_array($user_id, $_admins_list); $statusname = api_get_status_langvars(); $user_is_anonymous = false; $current_user_status_label = $row['7']; if ($current_user_status_label == $statusname[ANONYMOUS]) { $user_is_anonymous = true; } $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for students (not teachers nor other admins) if (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]) { if (!$user_is_anonymous) { if (api_global_admin_can_edit_admin($user_id)) { $result .= '<a href="user_list.php?action=login_as&user_id=' . $user_id . '&sec_token=' . $_SESSION['sec_token'] . '">' . Display::return_icon('login_as.png', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' '; } } else { $result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' '; } } else { $result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')) . ' '; } if ($current_user_status_label != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' '; } else { $result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> '; } if (api_is_platform_admin(true)) { $editProfileUrl = Display::getProfileEditionLink($user_id, true); if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="' . $editProfileUrl . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } else { if ($current_user_status_label == $statusname[SESSIONADMIN]) { $result .= Display::url(Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')), "dashboard_add_sessions_to_user.php?user={$user_id}"); } else { if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id) || $current_user_status_label == $statusname[STUDENT_BOSS]) { $result .= Display::url(Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL), "dashboard_add_users_to_user.php?user={$user_id}"); } if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) { $result .= Display::url(Display::return_icon('course_add.gif', get_lang('AssignCourses')), "dashboard_add_courses_to_user.php?user={$user_id}"); $result .= Display::url(Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')), "dashboard_add_sessions_to_user.php?user={$user_id}"); } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '&modal_size=lg" class="agenda_opener ajax">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; $deleteAllowed = !api_get_configuration_value('deny_delete_users'); if ($deleteAllowed) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . $_SESSION['sec_token'] . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, $charset)) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }
/** * Get list of courses for a given user * @param int $user_id * @param boolean $include_sessions Whether to include courses from session or not * @param boolean $adminGetsAllCourses If the user is platform admin, * whether he gets all the courses or just his. Note: This does *not* include all sessions * @return array List of codes and db name * @author isaac flores paz */ public static function get_courses_list_by_user_id($user_id, $include_sessions = false, $adminGetsAllCourses = false) { $user_id = intval($user_id); $course_list = array(); $codes = array(); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); $tbl_user_course_category = Database::get_main_table(TABLE_USER_COURSE_CATEGORY); $special_course_list = self::get_special_course_list(); if ($adminGetsAllCourses && UserManager::is_admin($user_id)) { // get the whole courses list $sql = "SELECT DISTINCT(course.code), course.id as real_id\n FROM {$tbl_course} course"; } else { $with_special_courses = $without_special_courses = ''; if (!empty($special_course_list)) { $sc_string = '"' . implode('","', $special_course_list) . '"'; $with_special_courses = ' course.code IN (' . $sc_string . ')'; $without_special_courses = ' AND course.code NOT IN (' . $sc_string . ')'; } if (!empty($with_special_courses)) { $sql = "SELECT DISTINCT(course.code), course.id as real_id\n FROM " . $tbl_course_user . " course_rel_user\n LEFT JOIN " . $tbl_course . " course\n ON course.id = course_rel_user.c_id\n LEFT JOIN " . $tbl_user_course_category . " user_course_category\n ON course_rel_user.user_course_cat = user_course_category.id\n WHERE {$with_special_courses}\n GROUP BY course.code\n ORDER BY user_course_category.sort,course.title,course_rel_user.sort ASC"; $rs_special_course = Database::query($sql); if (Database::num_rows($rs_special_course) > 0) { while ($result_row = Database::fetch_array($rs_special_course)) { $result_row['special_course'] = 1; $course_list[] = $result_row; $codes[] = $result_row['real_id']; } } } // get course list not auto-register. Use Distinct to avoid multiple // entries when a course is assigned to a HRD (DRH) as watcher $sql = "SELECT DISTINCT(course.code), course.id as real_id\n FROM {$tbl_course} course\n INNER JOIN {$tbl_course_user} cru ON course.id = cru.c_id\n WHERE cru.user_id='{$user_id}' {$without_special_courses}"; } $result = Database::query($sql); if (Database::num_rows($result)) { while ($row = Database::fetch_array($result, 'ASSOC')) { $course_list[] = $row; $codes[] = $row['real_id']; } } if ($include_sessions === true) { $sql = "SELECT DISTINCT(c.code), c.id as real_id\n FROM " . Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER) . " s,\n " . Database::get_main_table(TABLE_MAIN_COURSE) . " c\n WHERE user_id = {$user_id} AND s.c_id = c.id"; $r = Database::query($sql); while ($row = Database::fetch_array($r, 'ASSOC')) { if (!in_array($row['real_id'], $codes)) { $course_list[] = $row; } } } return $course_list; }
/** * @param int $ticket_id * @param int $user_id * @return array */ public static function get_ticket_detail_by_id($ticket_id, $user_id) { $ticket_id = intval($ticket_id); $user_id = intval($user_id); $table_support_category = Database::get_main_table( TABLE_TICKET_CATEGORY ); $table_support_tickets = Database::get_main_table(TABLE_TICKET_TICKET); $table_support_priority = Database::get_main_table( TABLE_TICKET_PRIORITY ); $table_support_status = Database::get_main_table(TABLE_TICKET_STATUS); $table_support_messages = Database::get_main_table( TABLE_TICKET_MESSAGE ); $table_support_message_attachments = Database::get_main_table( TABLE_TICKET_MESSAGE_ATTACHMENTS ); $table_main_user = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT ticket.* ,cat.name , status.name as status, priority.priority FROM $table_support_tickets ticket, $table_support_category cat , $table_support_priority priority , $table_support_status status WHERE ticket.ticket_id = '$ticket_id' AND cat.category_id = ticket.category_id AND priority.priority_id = ticket.priority_id AND status.status_id = ticket.status_id "; if (!UserManager::is_admin($user_id)) { $sql .= "AND ticket.request_user = '******'"; } $result = Database::query($sql); $ticket = array(); if (Database::num_rows($result) > 0) { while ($row = Database::fetch_assoc($result)) { $row['course'] = null; $row['start_date'] = api_convert_and_format_date( api_get_local_time($row['start_date']), DATE_TIME_FORMAT_LONG, _api_get_timezone() ); $row['end_date'] = api_convert_and_format_date( api_get_local_time($row['end_date']), DATE_TIME_FORMAT_LONG, _api_get_timezone() ); $row['sys_lastedit_datetime'] = api_convert_and_format_date( api_get_local_time($row['sys_lastedit_datetime']), DATE_TIME_FORMAT_LONG, _api_get_timezone() ); $row['course_url'] = null; if ($row['course_id'] != 0) { $course = api_get_course_info_by_id($row['course_id']); $row['course_url'] = '<a href="' . api_get_path(WEB_COURSE_PATH) . $course['path'] . '">' . $course['name'] . '</a>'; } $userInfo = api_get_user_info($row['request_user']); $row['user_url'] = '<a href="' . api_get_path(WEB_PATH) . 'main/admin/user_information.php?user_id=' . $row['request_user'] . '"> ' . api_get_person_name($userInfo['firstname'], $userInfo['lastname']) . '</a>'; $ticket['usuario'] = $userInfo; $ticket['ticket'] = $row; } $sql = "SELECT * FROM $table_support_messages message, $table_main_user user WHERE message.ticket_id = '$ticket_id' AND message.sys_insert_user_id = user.user_id "; $result = Database::query($sql); $ticket['messages'] = array(); $attach_icon = Display::return_icon('attachment.gif', ''); $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); $webPath = api_get_path(WEB_PATH); while ($row = Database::fetch_assoc($result)) { $message = $row; $completeName = api_get_person_name($row['firstname'], $row['lastname']); $href = $webPath . 'main/admin/user_information.php?user_id=' . $row['user_id']; //Check if user is an admin $sql_admin = "SELECT user_id FROM $admin_table WHERE user_id = '" . intval($message['user_id']) . "' LIMIT 1"; $result_admin = Database::query($sql_admin); $message['admin'] = false; if (Database::num_rows($result_admin) > 0) { $message['admin'] = true; } $message['user_created'] = "<a href='$href'> $completeName </a>"; $sql_atachment = "SELECT * FROM $table_support_message_attachments WHERE message_id = " . $row['message_id'] . " AND ticket_id= '$ticket_id' "; $result_attach = Database::query($sql_atachment); while ($row2 = Database::fetch_assoc($result_attach)) { $archiveURL = $archiveURL = $webPath . "plugin/" . PLUGIN_NAME . '/src/download.php?ticket_id=' . $ticket_id . '&file='; $row2['attachment_link'] = $attach_icon . ' <a href="' . $archiveURL . $row2['path'] . '&title=' . $row2['filename'] . '">' . $row2['filename'] . '</a> (' . $row2['size'] . ')'; $message['atachments'][] = $row2; } $ticket['messages'][] = $message; } } return $ticket; }
if (($password == $uData['password'] or $cas_login) and trim($login) == $uData['username']) { $uData = api_get_user_info($uData['user_id'], false, false, true); $extraFields = $uData['extra_fields']; // $update_type = UserManager::get_extra_user_data_by_field($uData['user_id'], 'update_type'); $update_type = isset($extraFields['extra_update_type']) ? $extraFields['extra_update_type'] : null; if (!empty($extAuthSource[$update_type]['updateUser']) && file_exists($extAuthSource[$update_type]['updateUser'])) { include_once $extAuthSource[$update_type]['updateUser']; } // Check if the account is active (not locked) if ($uData['active'] == '1') { // Check if the expiration date has not been reached if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') { global $_configuration; if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) { //Check if user is an admin $my_user_is_admin = UserManager::is_admin($uData['user_id']); // This user is subscribed in these sites => $my_url_list $my_url_list = api_get_access_url_from_user($uData['user_id']); //Check the access_url configuration setting if the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); if ($my_user_is_admin === false) { if (is_array($my_url_list) && count($my_url_list) > 0) { // the user have the permissions to enter at this site if (in_array($current_access_url_id, $my_url_list)) { ConditionalLogin::check_conditions($uData); Session::write('_user', $uData); $logging_in = true; } else { $loginFailed = true; Session::erase('_uid');
/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $_admins_list, $delete_user_available, $app; $is_admin = false; $userId = api_get_user_id(); if (is_array($_admins_list)) { $is_admin = in_array($user_id, $_admins_list); } $statusname = api_get_status_langvars(); $user_is_anonymous = false; $current_user_status_label = $row['7']; if ($current_user_status_label == $statusname[ANONYMOUS]) { $user_is_anonymous = true; } $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for // students (not teachers nor other admins), and only if all options // match to say this user has the permission to do so // $_configuration['login_as_forbidden_globally'], defined in // configuration.php, is the master key to these conditions global $_configuration; if (empty($_configuration['login_as_forbidden_globally']) && (api_is_global_platform_admin() || api_get_setting('login_as_allowed') === 'true' && (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]))) { if (!$user_is_anonymous) { if ($app['security']->isGranted('ROLE_GLOBAL_ADMIN')) { // everything looks good, show "login as" link if ($user_id != $userId) { $result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user='******'">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if this user in particular can't be edited, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if anonymous user but other users show the option, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } // Else don't show anything, because the option is not available at all //$result .= Display::url('<i class="icon-key icon-large"></i>', 'roles'); if ($current_user_status_label != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' '; } else { $result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> '; } if (api_is_platform_admin(true)) { if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } else { if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) { $result .= '<a href="dashboard_add_users_to_user.php?user='******'">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>'; $result .= '<a href="dashboard_add_courses_to_user.php?user='******'">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> '; $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } else { if ($current_user_status_label == $statusname[SESSIONADMIN]) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; if ($delete_user_available) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }
/** * Validates the received active connection data with the database * @return bool Return the loginFailed variable value to local.inc.php */ public function check_user() { global $_user; $loginFailed = false; //change the way we recover the cookie depending on how it is formed $sso = $this->decode_cookie($_GET['sso_cookie']); //error_log('check_user'); //error_log('sso decode cookie: '.print_r($sso,1)); //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { //error_log('user exists'); $uData = Database::fetch_array($result); //Check the user's password if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { //This user's authentification is managed by Chamilo itself // check the user's password // password hash comes already parsed in sha1, md5 or none /* error_log($sso['secret']); error_log($uData['password']); error_log($sso['username']); error_log($uData['username']); */ global $_configuration; // Two possible authentication methods here: legacy using password // and new using a temporary, session-fixed, tempkey if ($sso['username'] == $uData['username'] && $sso['secret'] === sha1($uData['username'] . Session::read('tempkey') . $_configuration['security_key']) or $sso['secret'] === sha1($uData['password']) && $sso['username'] == $uData['username']) { //error_log('user n password are ok'); //Check if the account is active (not locked) if ($uData['active'] == '1') { // check if the expiration date has not been reached if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') { //If Multiple URL is enabled if (api_get_multiple_access_url()) { //Check the access_url configuration setting if // the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); // my user is subscribed in these //sites: $my_url_list $my_url_list = api_get_access_url_from_user($uData['user_id']); } else { $current_access_url_id = 1; $my_url_list = array(1); } $my_user_is_admin = UserManager::is_admin($uData['user_id']); if ($my_user_is_admin === false) { if (is_array($my_url_list) && count($my_url_list) > 0) { if (in_array($current_access_url_id, $my_url_list)) { // the user has permission to enter at this site $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); Session::write('_user', $_user); event_login(); // Redirect to homepage $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . '.index.php'; header('Location: ' . $sso_target); exit; } else { // user does not have permission for this site $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } else { // there is no URL in the multiple // urls list for this user $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } else { //Only admins of the "main" (first) Chamilo // portal can login wherever they want if (in_array(1, $my_url_list)) { //Check if this admin is admin on the // principal portal $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); $is_platformAdmin = $uData['status'] == COURSEMANAGER; Session::write('is_platformAdmin', $is_platformAdmin); Session::write('_user', $_user); event_login(); } else { //Secondary URL admin wants to login // so we check as a normal user if (in_array($current_access_url_id, $my_url_list)) { $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); Session::write('_user', $_user); event_login(); } else { $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } } } else { // user account expired $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired'); exit; } } else { //User not active $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive'); exit; } } else { //SHA1 of password is wrong $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password'); exit; } } else { //Auth_source is wrong $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source'); exit; } } else { //No user by that login $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found'); exit; } return $loginFailed; }
?> &id=<?php echo $document_id; ?> &createdir=1"> <?php Display::display_icon('new_folder.png', get_lang('CreateDir'), '', ICON_SIZE_MEDIUM); ?> </a> <?php } } $table_footer = ''; $total_size = 0; if (isset($docs_and_folders) && is_array($docs_and_folders)) { if (api_get_group_id() == 0 || (api_is_allowed_to_edit() || GroupManager::is_subscribed(api_get_user_id(), api_get_group_id()) || GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id()) || UserManager::is_admin(api_get_user_id()))) { // Create a sortable table with our data $sortable_data = array(); $count = 1; foreach ($docs_and_folders as $key => $document_data) { $row = array(); $row['id'] = $document_data['id']; $row['type'] = $document_data['filetype']; // If the item is invisible, wrap it in a span with class invisible $is_visible = DocumentManager::is_visible_by_id($document_data['id'], $course_info, api_get_session_id(), api_get_user_id(), false); $invisibility_span_open = $is_visible == 0 ? '<span class="muted">' : ''; $invisibility_span_close = $is_visible == 0 ? '</span>' : ''; // Size (or total size of a directory) $size = $document_data['filetype'] == 'folder' ? FileManager::get_total_folder_size($document_data['path'], $is_allowed_to_edit) : $document_data['size']; // Get the title or the basename depending on what we're using if ($document_data['title'] != '') {
/** * Validates the received active connection data with the database * @return bool Return the loginFailed variable value to local.inc.php */ public function check_user() { global $_user; $loginFailed = false; //change the way we recover the cookie depending on how it is formed $sso = $this->decode_cookie($_GET['sso_cookie']); //get token that should have been used and delete it //from session since it can only be used once $sso_challenge = ''; if (isset($_SESSION['sso_challenge'])) { $sso_challenge = $_SESSION['sso_challenge']; unset($_SESSION['sso_challenge']); } //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $uData = Database::fetch_array($result); //Check the user's password if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { if ($sso['secret'] === sha1($uData['username'] . $sso_challenge . api_get_security_key()) && $sso['username'] == $uData['username']) { //Check if the account is active (not locked) if ($uData['active'] == '1') { // check if the expiration date has not been reached if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') { //If Multiple URL is enabled if (api_get_multiple_access_url()) { //Check the access_url configuration setting if the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); // my user is subscribed in these //sites: $my_url_list $my_url_list = api_get_access_url_from_user($uData['id']); } else { $current_access_url_id = 1; $my_url_list = array(1); } $my_user_is_admin = UserManager::is_admin($uData['id']); if ($my_user_is_admin === false) { if (is_array($my_url_list) && count($my_url_list) > 0) { if (in_array($current_access_url_id, $my_url_list)) { // the user has permission to enter at this site $_user['user_id'] = $uData['id']; $_user = api_get_user_info($_user['user_id']); $_user['uidReset'] = true; Session::write('_user', $_user); Event::event_login($_user['user_id']); // Redirect to homepage $sso_target = ''; if (!empty($sso['ruri'])) { //The referrer URI is *only* used if // the user credentials are OK, which // should be protection enough // against evil URL spoofing... $sso_target = api_get_path(WEB_PATH) . base64_decode($sso['ruri']); } else { $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . 'index.php'; } header('Location: ' . $sso_target); exit; } else { // user does not have permission for this site $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } else { // there is no URL in the multiple // urls list for this user $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } else { //Only admins of the "main" (first) Chamilo // portal can login wherever they want if (in_array(1, $my_url_list)) { //Check if this admin is admin on the // principal portal $_user['user_id'] = $uData['id']; $_user = api_get_user_info($_user['user_id']); $is_platformAdmin = $uData['status'] == COURSEMANAGER; Session::write('is_platformAdmin', $is_platformAdmin); Session::write('_user', $_user); Event::event_login($_user['user_id']); } else { //Secondary URL admin wants to login // so we check as a normal user if (in_array($current_access_url_id, $my_url_list)) { $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); Session::write('_user', $_user); Event::event_login($_user['user_id']); } else { $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } } } else { // user account expired $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired'); exit; } } else { //User not active $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive'); exit; } } else { //SHA1 of password is wrong $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password'); exit; } } else { //Auth_source is wrong $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source'); exit; } } else { //No user by that login $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found'); exit; } return $loginFailed; }