/**
* Create a Shibboleth session for the user ID
*
* @param string $uid - The user ID
* @return $_user (array) - The user infos array created when the user logs in
*/
function login($uid)
{
/* This must be set for local.inc.php to register correctly the global variables in session
* This is BAD. Logic should be migrated into a function and stop relying on global variables.
*/
global $_uid, $is_allowedCreateCourse, $_real_cid, $_courseUser;
global $is_courseMember, $is_courseTutor, $is_allowed_in_course, $_gid;
$_uid = $uid;
//is_allowedCreateCourse
$user = User::store()->get_by_user_id($uid);
if (empty($user)) {
return;
}
$this->logout();
Chamilo::session()->start();
Session::write('_uid', $_uid);
global $_user;
$_user = (array) $user;
$_SESSION['_user'] = $_user;
$_SESSION['_user']['user_id'] = $_uid;
$_SESSION['noredirection'] = true;
//must be called before 'init_local.inc.php'
event_login();
//used in 'init_local.inc.php' this is BAD but and should be changed
$loginFailed = false;
$uidReset = true;
$gidReset = true;
$cidReset = false;
//FALSE !!
$mainDbName = Database::get_main_database();
$includePath = api_get_path(INCLUDE_PATH);
$no_redirection = true;
require "{$includePath}/local.inc.php";
return $_user;
}
}
$values = api_get_user_info($user_id);
}
/* SESSION REGISTERING */
/* @todo move this in a function */
$_user['firstName'] = stripslashes($values['firstname']);
$_user['lastName'] = stripslashes($values['lastname']);
$_user['mail'] = $values['email'];
$_user['language'] = $values['language'];
$_user['user_id'] = $user_id;
$is_allowedCreateCourse = isset($values['status']) && $values['status'] == 1;
$usersCanCreateCourse = api_get_setting('allow_users_to_create_courses') == 'true';
Session::write('_user', $_user);
Session::write('is_allowedCreateCourse', $is_allowedCreateCourse);
// Stats
event_login();
// last user login date is now
$user_last_login_datetime = 0;
// used as a unix timestamp it will correspond to : 1 1 1970
Session::write('user_last_login_datetime', $user_last_login_datetime);
$recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
$text_after_registration = '<p>' . get_lang('Dear', null, $_user['language']) . ' ' . stripslashes(Security::remove_XSS($recipient_name)) . ',<br /><br />' . get_lang('PersonalSettings', null, $_user['language']) . ".</p>";
$form_data = array('button' => Display::button('next', get_lang('Next', null, $_user['language']), array('class' => 'btn btn-primary btn-large')), 'message' => null, 'action' => api_get_path(WEB_PATH) . 'user_portal.php');
if (api_get_setting('allow_terms_conditions') == 'true' && $user_already_registered_show_terms) {
$form_data['action'] = api_get_path(WEB_PATH) . 'user_portal.php';
} else {
if (!empty($values['email'])) {
$text_after_registration .= '<p>' . get_lang('MailHasBeenSent', null, $_user['language']) . '.</p>';
}
if ($is_allowedCreateCourse) {
if ($usersCanCreateCourse) {
/**
* Validates the received active connection data with the database
* @return bool Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//error_log('check_user');
//error_log('sso decode cookie: '.print_r($sso,1));
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
//error_log('user exists');
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
//This user's authentification is managed by Chamilo itself
// check the user's password
// password hash comes already parsed in sha1, md5 or none
/*
error_log($sso['secret']);
error_log($uData['password']);
error_log($sso['username']);
error_log($uData['username']);
*/
global $_configuration;
// Two possible authentication methods here: legacy using password
// and new using a temporary, session-fixed, tempkey
if ($sso['username'] == $uData['username'] && $sso['secret'] === sha1($uData['username'] . Session::read('tempkey') . $_configuration['security_key']) or $sso['secret'] === sha1($uData['password']) && $sso['username'] == $uData['username']) {
//error_log('user n password are ok');
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if
// the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['user_id']);
} else {
$current_access_url_id = 1;
$my_url_list = array(1);
}
$my_user_is_admin = UserManager::is_admin($uData['user_id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
event_login();
// Redirect to homepage
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . '.index.php';
header('Location: ' . $sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
event_login();
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
event_login();
} else {
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
