* */ $require_login = true; $require_valid_uid = true; $mail_ver_excluded = true; include '../../include/baseTheme.php'; include 'include/sendMail.inc.php'; $pageName = $langMailVerify; $uid = isset($_SESSION['uid']) && !empty($_SESSION['uid']) ? $_SESSION['uid'] : NULL; if (empty($uid)) { $tool_content .= "<div class='alert alert-danger'>{$langMailVerificationError2}</div> "; draw($tool_content, 0); exit; } // user might already verified mail account or verification is no more needed if (!get_config('email_verification_required') or get_mail_ver_status($uid) == EMAIL_VERIFIED) { if (isset($_SESSION['mail_verification_required'])) { unset($_SESSION['mail_verification_required']); } header("Location:" . $urlServer); exit; } if (!empty($_POST['submit'])) { if (!empty($_POST['email']) && email_seems_valid($_POST['email'])) { $email = $_POST['email']; // user put a new email address update db and session if ($email != $_SESSION['email']) { $_SESSION['email'] = $email; Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid); } //send new code
} else { // change email subscription for all courses foreach ($_SESSION['courses'] as $course_code => $c_value) { if (@array_key_exists($course_code, $_POST['c_unsub'])) { Database::get()->query("UPDATE course_user SET receive_mail = 1\n WHERE user_id = ?d AND course_id = " . course_code_to_id($course_code), $uid); } else { Database::get()->query("UPDATE course_user SET receive_mail = 0\n WHERE user_id = ?d AND course_id = " . course_code_to_id($course_code), $uid); } } $tool_content .= "<div class='alert alert-success'>{$langWikiEditionSucceed}. <br /></div>" . action_bar(array(array('title' => $langBack, 'url' => "../profile/profile.php", 'icon' => 'fa-reply', 'level' => 'primary-label'))); } } else { $tool_content .= action_bar(array(array('title' => $langBack, 'url' => 'display_profile.php', 'icon' => 'fa-reply', 'level' => 'primary-label'))); $tool_content .= "<form action='{$_SERVER['SCRIPT_NAME']}' method='post'>"; if (get_config('email_verification_required') && get_config('dont_mail_unverified_mails')) { $user_email_status = get_mail_ver_status($uid); if ($user_email_status == EMAIL_VERIFICATION_REQUIRED or $user_email_status == EMAIL_UNVERIFIED) { $link = "<a href = '../auth/mail_verify_change.php?from_profile=TRUE'>{$langHere}</a>."; $tool_content .= "<div class='alert alert-warning'>{$langMailNotVerified} {$link}</div>"; } } if (!get_user_email_notification_from_courses($uid)) { $head_content .= '<script type="text/javascript">$(control_deactivate);</script>'; $tool_content .= "<div class='alert alert-info'>{$langEmailUnsubscribeWarning}</div>\n <input type='checkbox' id='unsub' name='unsub' value='1'> {$langEmailFromCourses}"; } $tool_content .= "<div class='alert alert-info'>{$langInfoUnsubscribe}</div>\n <div id='unsubscontrols'>"; if (isset($_POST['cid'])) { // one course only $cid = intval($_POST['cid']); $course_title = course_id_to_title($cid); $selected = get_user_email_notification($uid, $cid) ? 'checked' : '';
/** * @brief checks if user is notified via email from a given course * @param type $user_id * @param type $course_id * @return boolean */ function get_user_email_notification($user_id, $course_id = null) { // checks if a course is active or not if (isset($course_id)) { if (course_status($course_id) == COURSE_INACTIVE) { return false; } } // checks if user has verified his email address if (get_config('email_verification_required') && get_config('dont_mail_unverified_mails')) { $verified_mail = get_mail_ver_status($user_id); if ($verified_mail == EMAIL_VERIFICATION_REQUIRED or $verified_mail == EMAIL_UNVERIFIED) { return false; } } // checks if user has choosen not to be notified by email from all courses if (!get_user_email_notification_from_courses($user_id)) { return false; } if (isset($course_id)) { // finally checks if user has choosen not to be notified from a specific course $r = Database::get()->querySingle("SELECT receive_mail FROM course_user\n WHERE user_id = ?d\n AND course_id = ?d", $user_id, $course_id); if ($r) { $row = $r->receive_mail; return $row; } else { return false; } } return true; }
function shib_cas_login($type) { global $surname, $givenname, $email, $status, $language, $urlServer, $is_admin, $is_power_user, $is_usermanage_user, $is_departmentmanage_user, $langUserAltAuth; $alt_auth_stud_reg = get_config('alt_auth_stud_reg'); if ($alt_auth_stud_reg == 2) { $autoregister = TRUE; } else { $autoregister = FALSE; } if ($type == 'shibboleth') { $uname = $_SESSION['shib_uname']; $email = $_SESSION['shib_email']; $shib_surname = $_SESSION['shib_surname']; $shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6"); if ($shibsettings) { if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') { $shibseparator = $shibsettings->auth_settings; } if (strpos($shib_surname, $shibseparator)) { $temp = explode($shibseparator, $shib_surname); $givenname = $temp[0]; $surname = $temp[1]; } } } elseif ($type == 'cas') { $uname = $_SESSION['cas_uname']; $surname = $_SESSION['cas_surname']; $givenname = $_SESSION['cas_givenname']; $email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : ''; } // user is authenticated, now let's see if he is registered also in db if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $r = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail\n\t\t\t\t\t\tFROM user WHERE username {$sqlLogin}", $uname); if ($r) { // if user found foreach ($r as $info) { if ($info->password != $type) { // has different auth method - redirect to home page unset($_SESSION['shib_uname']); unset($_SESSION['shib_email']); unset($_SESSION['shib_surname']); unset($_SESSION['cas_uname']); unset($_SESSION['cas_email']); unset($_SESSION['cas_surname']); unset($_SESSION['cas_givenname']); Session::Messages($langUserAltAuth, 'alert-danger'); redirect_to_home_page(); } else { // don't force email address from CAS/Shibboleth. // user might prefer a different one if (!empty($info->email)) { $email = $info->email; } if (!empty($info->status)) { $status = $info->status; } // update user information Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s\n WHERE id = ?d", $surname, $givenname, $email, $info->id); // check for admin privileges $admin_rights = get_admin_rights($info->id); if ($admin_rights == ADMIN_USER) { $is_active = 1; // admin user is always active $_SESSION['is_admin'] = 1; $is_admin = 1; } elseif ($admin_rights == POWER_USER) { $_SESSION['is_power_user'] = 1; $is_power_user = 1; } elseif ($admin_rights == USERMANAGE_USER) { $_SESSION['is_usermanage_user'] = 1; $is_usermanage_user = 1; } elseif ($admin_rights == DEPARTMENTMANAGE_USER) { $_SESSION['is_departmentmanage_user'] = 1; $is_departmentmanage_user = 1; } $_SESSION['uid'] = $info->id; if (isset($_SESSION['langswitch'])) { $language = $_SESSION['langswitch']; } else { $language = $info->lang; } } } } elseif ($autoregister and !get_config('am_required')) { // else create him automatically if (get_config('email_verification_required')) { $verified_mail = 0; $_SESSION['mail_verification_required'] = 1; } else { $verified_mail = 2; } $_SESSION['uid'] = Database::get()->query("INSERT INTO user SET surname = ?, givenname = ?, password = ?, \n username = ?s, email = ?s, status = ?d, lang = 'el', \n registered_at = " . DBHelper::timeAfter() . ", expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ", whitelist = ''", $surname, $givenname, $type, $uname, $email, USER_STUDENT)->lastInsertID; $language = $_SESSION['langswitch'] = 'el'; } else { // user not registered, automatic registration disabled // redirect to registration screen foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } session_destroy(); header("Location: {$urlServer}modules/auth/registration.php"); exit; } $_SESSION['uname'] = $uname; $_SESSION['surname'] = $surname; $_SESSION['givenname'] = $givenname; $_SESSION['email'] = $email; $_SESSION['status'] = $status; //$_SESSION['is_admin'] = $is_admin; $_SESSION['shib_user'] = 1; // now we are shibboleth user Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action)\n\t\t\t\t\tVALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', " . DBHelper::timeAfter() . ", 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; // init.php is already loaded so redirect from here header("Location:" . $urlServer . "modules/auth/mail_verify_change.php"); } }
if (frm.elements["recipients[]"].selectedIndex < 0) { alert("' . $langNoUserSelected . '"); return false; } else { return true; } } </script>'; if ($course_id != 0) { if ($status != USER_GUEST and !get_user_email_notification($uid, $course_id)) { $tool_content .= "<div class='alert alert-warning'>$langNoUserEmailNotification (<a href='{$urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langModify</a>)</div>"; } } else { if (!get_mail_ver_status($uid)) { $tool_content .= "<div class='alert alert-warning'>$langNoUserEmailNotification (<a href='{$urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langModify</a>)</div>"; } } $courseParam = ($course_id === 0) ? '' : '?course=' . $course_code; if (isset($_GET['mid'])) { if ($courseParam != '') { $msg_id_param = '&mid='.intval($_GET['mid']); } else { $msg_id_param = '?mid='.intval($_GET['mid']); } } else { $msg_id_param = ''; }
if (isset($_GET['from_profile'])) { $navigation[] = array('url' => $urlAppend . 'main/profile/display_profile.php', 'name' => $langMyProfile); } $uid = (isset($_SESSION['uid']) && !empty($_SESSION['uid'])) ? $_SESSION['uid'] : NULL; if (empty($uid)) { $tool_content .= "<div class='alert alert-danger'>$langMailVerificationError2</div> "; draw($tool_content, 0); exit; } // email address may have already been verified or verification may no longer be needed if (!get_config('email_verification_required') or get_mail_ver_status($uid) == EMAIL_VERIFIED or (isset($_POST['enter']) and !get_config('email_required'))) { if (isset($_SESSION['mail_verification_required'])) { unset($_SESSION['mail_verification_required']); } redirect_to_home_page('main/portfolio.php'); } if (!empty($_POST['submit'])) { if (!empty($_POST['email']) && email_seems_valid($_POST['email'])) { $email = $_POST['email']; // user put a new email address update db and session if ($email != $_SESSION['email']) { $_SESSION['email'] = $email; Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid); }
function shib_cas_login($type) { global $surname, $givenname, $email, $status, $language, $session, $urlServer, $is_admin, $is_power_user, $is_usermanage_user, $is_departmentmanage_user, $langUserAltAuth, $langRegistrationDenied; $alt_auth_stud_reg = get_config('alt_auth_stud_reg'); if ($alt_auth_stud_reg == 2) { $autoregister = TRUE; } else { $autoregister = FALSE; } if ($type == 'shibboleth') { $uname = $_SESSION['shib_uname']; $email = $_SESSION['shib_email']; $shib_surname = $_SESSION['shib_surname']; $shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6"); if ($shibsettings) { if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') { $shibseparator = $shibsettings->auth_settings; } if (strpos($shib_surname, $shibseparator)) { $temp = explode($shibseparator, $shib_surname); $givenname = $temp[0]; $surname = $temp[1]; } } } elseif ($type == 'cas') { $uname = $_SESSION['cas_uname']; $surname = $_SESSION['cas_surname']; $givenname = $_SESSION['cas_givenname']; $email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : ''; $am = isset($_SESSION['cas_userstudentid']) ? $_SESSION['cas_userstudentid'] : ''; } // Attributes passed to login_hook() $attributes = array(); if (isset($_SESSION['cas_attributes'])) { foreach ($_SESSION['cas_attributes'] as $name => $value) { $attributes[strtolower($name)] = $value; } } // user is authenticated, now let's see if he is registered also in db if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $info = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail FROM user WHERE username $sqlLogin", $uname); if ($info) { // if user found if ($info->password != $type) { // has different auth method - redirect to home page unset($_SESSION['shib_uname']); unset($_SESSION['shib_email']); unset($_SESSION['shib_surname']); unset($_SESSION['cas_uname']); unset($_SESSION['cas_email']); unset($_SESSION['cas_surname']); unset($_SESSION['cas_givenname']); unset($_SESSION['cas_userstudentid']); Session::Messages($langUserAltAuth, 'alert-danger'); redirect_to_home_page(); } else { // don't force email address from CAS/Shibboleth. // user might prefer a different one if (!empty($info->email)) { $email = $info->email; } $userObj = new User(); $options = login_hook(array( 'user_id' => $info->id, 'attributes' => $attributes, 'status' => $info->status, 'departments' => $userObj->getDepartmentIds($info->id), 'am' => $am)); if (!$options['accept']) { foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } Session::Messages($langRegistrationDenied, 'alert-warning'); redirect_to_home_page(); } $status = $options['status']; // update user information Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s, status = ?d WHERE id = ?d", $surname, $givenname, $email, $status, $info->id); $userObj->refresh($info->id, $options['departments']); user_hook($_SESSION['uid']); // check for admin privileges $admin_rights = get_admin_rights($info->id); if ($admin_rights == ADMIN_USER) { $is_active = 1; // admin user is always active $_SESSION['is_admin'] = 1; $is_admin = 1; } elseif ($admin_rights == POWER_USER) { $_SESSION['is_power_user'] = 1; $is_power_user = 1; } elseif ($admin_rights == USERMANAGE_USER) { $_SESSION['is_usermanage_user'] = 1; $is_usermanage_user = 1; } elseif ($admin_rights == DEPARTMENTMANAGE_USER) { $_SESSION['is_departmentmanage_user'] = 1; $is_departmentmanage_user = 1; } $_SESSION['uid'] = $info->id; if (isset($_SESSION['langswitch'])) { $language = $_SESSION['langswitch']; } else { $language = $info->lang; } } } elseif ($autoregister and !(get_config('am_required') and empty($am))) { // if user not found and autoregister enabled, create user $verified_mail = EMAIL_UNVERIFIED; if (isset($_SESSION['cas_email'])) { $verified_mail = EMAIL_VERIFIED; } else { // redirect user to mail_verify_change.php $_SESSION['mail_verification_required'] = 1; } $options = login_hook(array( 'user_id' => null, 'attributes' => $attributes, 'am' => $am)); if (!$options['accept']) { foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } Session::Messages($langRegistrationDenied, 'alert-warning'); redirect_to_home_page(); } $status = $options['status']; $_SESSION['uid'] = Database::get()->query("INSERT INTO user SET surname = ?s, givenname = ?s, password = ?s, username = ?s, email = ?s, status = ?d, lang = ?s, am = ?s, verified_mail = ?d, registered_at = " . DBHelper::timeAfter() . ", expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ", whitelist = ''", $surname, $givenname, $type, $uname, $email, $status, $language, $options['am'], $verified_mail)->lastInsertID; $userObj = new User(); $userObj->refresh($_SESSION['uid'], $options['departments']); user_hook($_SESSION['uid']); } else { // user not registered, automatic registration disabled // redirect to registration screen foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } session_destroy(); redirect_to_home_page('modules/auth/registration.php'); exit; } $_SESSION['uname'] = $uname; $_SESSION['surname'] = $surname; $_SESSION['givenname'] = $givenname; $_SESSION['email'] = $email; $_SESSION['status'] = $status; //$_SESSION['is_admin'] = $is_admin; $_SESSION['shib_user'] = 1; // now we are shibboleth user Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', " . DBHelper::timeAfter() . ", 'LOGIN')"); $session->setLoginTimestamp(); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; // init.php is already loaded so redirect from here redirect_to_home_page('modules/auth/mail_verify_change.php'); } }