use ChamiloSession as Session; global $cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri; // phpCAS /* If we are not logged and in our browser enter an URL with a name of a course e.g. http://www.chamilo.fr/chamilo/courses/COURSTESTOSETE/?id_session=0 We go to page api_not_allowed : > You are not allowed to see this page. > Sorry, you are not allowed to access this page, or maybe your connection has expired. > Please click your browser's \"Back\" button or follow the link below to return to the previous page If we click on the link to go to homepage, some datas are entered in $_SESSION and if we enter our CAS loggin, we go to api_not_allowad_page again and again As a result, if we are not logged on, we have to destroy the session variables, before calling CAS page */ if (api_is_anonymous()) { Session::destroy(); } if (cas_configured()) { $firstpage = ""; if (isset($_GET['firstpage'])) { $firstpage = $_GET['firstpage']; setcookie("GotoCourse", $firstpage); } if (!is_object($PHPCAS_CLIENT)) { phpCAS::client($cas_auth_ver, $cas_auth_server, $cas_auth_port, $cas_auth_uri); phpCAS::setNoCasServerValidation(); } phpCAS::forceAuthentication(); header('Location: ' . api_get_path(WEB_PATH) . api_get_setting('page_after_login')); } else { header('Location: ' . api_get_path(WEB_PATH));
/** * This function handles the logout and is called whenever there is a $_GET['logout'] * @return void Directly redirects the user or leaves him where he is, but doesn't return anything * @author Fernando P. García <*****@*****.**> */ function online_logout($user_id = null, $logout_redirect = false) { global $extAuthSource; // Database table definition $tbl_track_login = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN); if (empty($user_id)) { $user_id = isset($_GET['uid']) ? intval($_GET['uid']) : 0; } //Changing global chat status to offline if (api_is_global_chat_enabled()) { $chat = new Chat(); $chat->setUserStatus(0); } // selecting the last login of the user $sql = "SELECT login_id, login_date\n \t\tFROM {$tbl_track_login}\n \t\tWHERE login_user_id = {$user_id}\n \t\tORDER BY login_date DESC\n \t\tLIMIT 0,1"; $q_last_connection = Database::query($sql); if (Database::num_rows($q_last_connection) > 0) { $i_id_last_connection = Database::result($q_last_connection, 0, "login_id"); } if (!isset($_SESSION['login_as'])) { $current_date = api_get_utc_datetime(); $sql = "UPDATE {$tbl_track_login} SET logout_date='" . $current_date . "'\n \t\tWHERE login_id='{$i_id_last_connection}'"; Database::query($sql); } //LoginDelete($user_id); //from inc/lib/online.inc.php - removes the "online" status //the following code enables the use of an external logout function. //example: define a $extAuthSource['ldap']['logout']="file.php" in configuration.php // then a function called ldap_logout() inside that file // (using *authent_name*_logout as the function name) and the following code // will find and execute it $uinfo = api_get_user_info($user_id); if ($uinfo['auth_source'] != PLATFORM_AUTH_SOURCE && is_array($extAuthSource)) { if (is_array($extAuthSource[$uinfo['auth_source']])) { $subarray = $extAuthSource[$uinfo['auth_source']]; if (!empty($subarray['logout']) && file_exists($subarray['logout'])) { require_once $subarray['logout']; $logout_function = $uinfo['auth_source'] . '_logout'; if (function_exists($logout_function)) { $logout_function($uinfo); } } } } require_once api_get_path(SYS_PATH) . 'main/chat/chat_functions.lib.php'; exit_of_chat($user_id); session_regenerate_id(); Session::destroy(); if ($logout_redirect) { header("Location: index.php"); return; } }
/** * If accepted tear down session, log in user and returns true. * If not accepted do nothing and returns false. * * @return boolean */ public function login() { if (!$this->accept()) { return false; } /** * ! important this is to ensure we don't grant access for other parts */ Session::destroy(); /** * We don't allow redirection since access is granted only for this call */ global $no_redirection, $noredirection; $no_redirection = true; $noredirection = true; Session::write('noredirection', $noredirection); $user_id = $this->get_user_id(); $course_code = $this->get_course_code(); $group_id = $this->get_group_id(); Login::init_user($user_id, true); Login::init_course($course_code, true); Login::init_group($group_id, true); return true; }
/** * This function delete the test course from the database and destroy the sessions. * @param string the course code than will be delete. * @return void */ function delete_test_course($course_code = 'TESTCOURSE') { $res = CourseManager::delete_course($course_code); $path = api_get_path(SYS_PATH) . 'archive'; if ($handle = opendir($path)) { while (false !== ($file = readdir($handle))) { if (strpos($file, $course_code) !== false) { if (is_dir($path . '/' . $file)) { api_rmdirr($path . '/' . $file); } } } closedir($handle); } // Check api session destroy if (!headers_sent() && session_id() != "") { $res = Session::destroy(); } }