Esempio n. 1
0
/**
*	Make sure this function is protected because it does NOT check password!
*
*	This function defines globals.
*   @param  int     User ID
*   @return bool    False on failure, redirection on success
*	@author Evie Embrechts
*   @author Yannick Warnier <*****@*****.**>
*/
function login_user($user_id)
{
    $user_id = intval($user_id);
    $user_info = api_get_user_info($user_id);
    // Check if the user is allowed to 'login_as'
    $can_login_as = api_can_login_as($user_id);
    if (!$can_login_as) {
        return false;
    }
    //Load $_user to be sure we clean it before logging in
    global $uidReset, $loginFailed, $_user;
    $main_user_table = Database::get_main_table(TABLE_MAIN_USER);
    $main_admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
    $track_e_login_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN);
    unset($_user['user_id']);
    // uid not in session ? prevent any hacking
    $firstname = $user_info['firstname'];
    $lastname = $user_info['lastname'];
    $user_id = $user_info['user_id'];
    //$message = "Attempting to login as ".api_get_person_name($firstname, $lastname)." (id ".$user_id.")";
    if (api_is_western_name_order()) {
        $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $user_id);
    } else {
        $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $user_id);
    }
    $loginFailed = false;
    $uidReset = false;
    if ($user_id) {
        // a uid is given (log in succeeded)
        $sql_query = "SELECT user.*, a.user_id is_admin,\n\t\t\tUNIX_TIMESTAMP(login.login_date) login_date\n\t\t\tFROM {$main_user_table}\n\t\t\tLEFT JOIN {$main_admin_table} a\n\t\t\tON user.user_id = a.user_id\n\t\t\tLEFT JOIN {$track_e_login_table} login\n\t\t\tON user.user_id = login.login_user_id\n\t\t\tWHERE user.user_id = '" . $user_id . "'\n\t\t\tORDER BY login.login_date DESC LIMIT 1";
        $sql_result = Database::query($sql_query);
        if (Database::num_rows($sql_result) > 0) {
            // Extracting the user data
            $user_data = Database::fetch_array($sql_result);
            //Delog the current user
            LoginDelete($_SESSION["_user"]["user_id"]);
            // Cleaning session variables
            unset($_SESSION['_user']);
            unset($_SESSION['is_platformAdmin']);
            unset($_SESSION['is_allowedCreateCourse']);
            unset($_SESSION['_uid']);
            $_user['firstName'] = $user_data['firstname'];
            $_user['lastName'] = $user_data['lastname'];
            $_user['mail'] = $user_data['email'];
            $_user['lastLogin'] = $user_data['login_date'];
            $_user['official_code'] = $user_data['official_code'];
            $_user['picture_uri'] = $user_data['picture_uri'];
            $_user['user_id'] = $user_data['user_id'];
            $_user['status'] = $user_data['status'];
            $is_platformAdmin = (bool) (!is_null($user_data['is_admin']));
            $is_allowedCreateCourse = (bool) ($user_data['status'] == 1);
            // Filling session variables with new data
            $_SESSION['_uid'] = $user_id;
            $_SESSION['_user'] = $_user;
            $_SESSION['is_platformAdmin'] = $is_platformAdmin;
            $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse;
            $_SESSION['login_as'] = true;
            // will be useful later to know if the user is actually an admin or not (example reporting)s
            $target_url = api_get_path(WEB_PATH) . "user_portal.php";
            $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>');
            Display::display_header(get_lang('UserList'));
            Display::display_normal_message($message, false);
            Display::display_footer();
            exit;
        } else {
            exit("<br />WARNING UNDEFINED UID !! ");
        }
    }
}
Esempio n. 2
0
/**
*	Make sure this function is protected because it does NOT check password!
*
*	This function defines globals.
*   @param  int     $userId
 *
*   @return bool    False on failure, redirection on success
*	@author Evie Embrechts
*   @author Yannick Warnier <*****@*****.**>
*/
function loginUser($userId)
{
    $userId = intval($userId);
    $userInfo = api_get_user_info($userId);
    // Check if the user is allowed to 'login_as'
    $canLoginAs = api_can_login_as($userId);
    if (!$canLoginAs || empty($userInfo)) {
        return false;
    }
    $firstname = $userInfo['firstname'];
    $lastname = $userInfo['lastname'];
    if (api_is_western_name_order()) {
        $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $userId);
    } else {
        $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $userId);
    }
    if ($userId) {
        // Logout the current user
        LoginDelete(api_get_user_id());
        Session::erase('_user');
        Session::erase('is_platformAdmin');
        Session::erase('is_allowedCreateCourse');
        Session::erase('_uid');
        // Cleaning session variables
        $_user['firstName'] = $userInfo['firstname'];
        $_user['lastName'] = $userInfo['lastname'];
        $_user['mail'] = $userInfo['email'];
        //$_user['lastLogin'] = $user_data['login_date'];
        $_user['official_code'] = $userInfo['official_code'];
        $_user['picture_uri'] = $userInfo['picture_uri'];
        $_user['user_id'] = $userId;
        $_user['id'] = $userId;
        $_user['status'] = $userInfo['status'];
        // Filling session variables with new data
        Session::write('_uid', $userId);
        Session::write('_user', $userInfo);
        Session::write('is_platformAdmin', (bool) UserManager::is_admin($userId));
        Session::write('is_allowedCreateCourse', (bool) ($userInfo['status'] == 1));
        // will be useful later to know if the user is actually an admin or not (example reporting)
        Session::write('login_as', true);
        $target_url = api_get_path(WEB_PATH) . "user_portal.php";
        $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>');
        Display::display_header(get_lang('UserList'));
        Display::display_normal_message($message, false);
        Display::display_footer();
        exit;
    }
}
Esempio n. 3
0
/**
 * This function handles the logout and is called whenever there is a $_GET['logout']
 * @return void  Directly redirects the user or leaves him where he is, but doesn't return anything
 * @author Fernando P. García <*****@*****.**>
 */
function online_logout($user_id = null, $logout_redirect = false) {
    global $_configuration, $extAuthSource;

    // Database table definition
    $tbl_track_login = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN);

    if (empty($user_id)) {
        $user_id = intval($_GET['uid']);
    }

    //Changing global chat status to offline
    if (api_is_global_chat_enabled()) {
        $chat = new Chat();
        $chat->set_user_status(0);
    }

    // selecting the last login of the user
    $sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$user_id' ORDER BY login_date DESC LIMIT 0,1";
    $q_last_connection=Database::query($sql_last_connection);
    if (Database::num_rows($q_last_connection)>0) {
        $i_id_last_connection=Database::result($q_last_connection,0,"login_id");
    }

    if (!isset($_SESSION['login_as'])) {
        $current_date = api_get_utc_datetime();
        $s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'";
        Database::query($s_sql_update_logout_date);
    }
    LoginDelete($user_id); //from inc/lib/online.inc.php - removes the "online" status

    //the following code enables the use of an external logout function.
    //example: define a $extAuthSource['ldap']['logout']="file.php" in configuration.php
    // then a function called ldap_logout() inside that file
    // (using *authent_name*_logout as the function name) and the following code
    // will find and execute it
    $uinfo = api_get_user_info($user_id);
    if (($uinfo['auth_source'] != PLATFORM_AUTH_SOURCE) && is_array($extAuthSource)) {
        if (is_array($extAuthSource[$uinfo['auth_source']])) {
            $subarray = $extAuthSource[$uinfo['auth_source']];
            if (!empty($subarray['logout']) && file_exists($subarray['logout'])) {
                require_once($subarray['logout']);
                $logout_function = $uinfo['auth_source'].'_logout';
                if (function_exists($logout_function)) {
                    $logout_function($uinfo);
                }
            }
        }
    }

    require_once api_get_path(SYS_PATH) . 'main/chat/chat_functions.lib.php';
    exit_of_chat($user_id);
    session_regenerate_id();
    Session::destroy();
    if ($logout_redirect) {
        header("Location: index.php");
        return;
    }
}