/** * Sends the user to the master URL for a check of active connection */ public function ask_master() { $tempKey = api_generate_password(32); $params = 'sso_referer=' . urlencode($this->referer) . '&sso_target=' . urlencode($this->target) . '&sso_challenge=' . $tempKey; Session::write('tempkey', $tempKey); if (strpos($this->master_url, "?") === false) { $params = "?{$params}"; } else { $params = "&{$params}"; } header('Location: ' . $this->master_url . $params); exit; }
/** * Sends the user to the master URL for a check of active connection */ public function ask_master() { // Generate a single usage token that must be encoded by the master $_SESSION['sso_challenge'] = api_generate_password(48); // Redirect browser to the master URL $params = 'sso_referer=' . urlencode($this->referer) . '&sso_target=' . urlencode($this->target) . '&sso_challenge=' . urlencode($_SESSION['sso_challenge']); if (strpos($this->master_url, "?") === false) { $params = "?{$params}"; } else { $params = "&{$params}"; } header('Location: ' . $this->master_url . $params); exit; }
/** * Adds missing user-information (which isn't required, like password, username, etc). */ function complete_missing_data($user) { // 1. Create a username if necessary. if (UserManager::is_username_empty($user['UserName'])) { $user['UserName'] = UserManager::create_unique_username($user['FirstName'], $user['LastName']); } // 2. Generate a password if necessary. if (!isset($user['Password']) || strlen($user['Password']) == 0) { $user['Password'] = api_generate_password(); } // 3. set status if not allready set. if (!isset($user['Status']) || strlen($user['Status']) == 0) { $user['Status'] = 'user'; } // 4. Set authsource if not allready set. if (!isset($user['AuthSource']) || strlen($user['AuthSource']) == 0) { $user['AuthSource'] = PLATFORM_AUTH_SOURCE; } return $user; }
/** * Update user information with all the parameters passed to this function * @param int The ID of the user to be updated * @param string The user's firstname * @param string The user's lastname * @param string The user's username (login) * @param string The user's password * @param string The authentication source (default: "platform") * @param string The user's e-mail address * @param int The user's status * @param string The user's official code (usually just an internal institutional code) * @param string The user's phone number * @param string The user's picture URL (internal to the Chamilo directory) * @param int The user ID of the person who registered this user (optional, defaults to null) * @param int The department of HR in which the user is registered (optional, defaults to 0) * @param array A series of additional fields to add to this user as extra fields (optional, defaults to null) * @return boolean true if the user information was updated * @assert (false, false, false, false, false, false, false, false, false, false, false, false, false) === false */ public static function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '', $send_email = false, $reset_password = 0) { $hook = HookUpdateUser::create(); if (!empty($hook)) { $hook->notifyUpdateUser(HOOK_EVENT_TYPE_PRE); } global $_configuration; $original_password = $password; if (empty($user_id)) { return false; } $user_info = api_get_user_info($user_id, false, true); if ($reset_password == 0) { $password = null; $auth_source = $user_info['auth_source']; } elseif ($reset_password == 1) { $original_password = $password = api_generate_password(); $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 2) { $password = $password; $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 3) { $password = $password; $auth_source = $auth_source; } if ($user_id != strval(intval($user_id))) { return false; } if ($user_id === false) { return false; } //Checking the user language $languages = api_get_languages(); if (!in_array($language, $languages['folder'])) { $language = api_get_setting('platformLanguage'); } $change_active = 0; if ($user_info['active'] != $active) { $change_active = 1; } $userManager = self::getManager(); /** @var Chamilo\UserBundle\Entity\User $user */ $user = self::getRepository()->find($user_id); if (empty($user)) { return false; } if (!empty($expiration_date)) { $expiration_date = api_get_utc_datetime($expiration_date); $expiration_date = new \DateTime($expiration_date, new DateTimeZone('UTC')); } $user->setLastname($lastname)->setFirstname($firstname)->setUsername($username)->setStatus($status)->setAuthSource($auth_source)->setLanguage($language)->setEmail($email)->setOfficialCode($official_code)->setPhone($phone)->setPictureUri($picture_uri)->setExpirationDate($expiration_date)->setActive($active)->setHrDeptId($hr_dept_id); if (!is_null($password)) { $user->setPlainPassword($password); } $userManager->updateUser($user, true); if ($change_active == 1) { if ($active == 1) { $event_title = LOG_USER_ENABLE; } else { $event_title = LOG_USER_DISABLE; } Event::addEvent($event_title, LOG_USER_ID, $user_id); } if (is_array($extra) && count($extra) > 0) { $res = true; foreach ($extra as $fname => $fvalue) { $res = $res && self::update_extra_field_value($user_id, $fname, $fvalue); } } if (!empty($email) && $send_email) { $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS); $emailsubject = '[' . api_get_setting('siteName') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('siteName'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); $email_admin = api_get_setting('emailAdministrator'); if (api_is_multiple_url_enabled()) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1) { $url = api_get_access_url($access_url_id); $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($firstname, $lastname)) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $username . ($reset_password > 0 ? "\n" . get_lang('Pass') . " : " . stripslashes($original_password) : "") . "\n\n" . get_lang('Address') . " " . api_get_setting('siteName') . " " . get_lang('Is') . " : " . $url['url'] . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('SignatureFormula') . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator'); } } else { $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($firstname, $lastname)) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $username . ($reset_password > 0 ? "\n" . get_lang('Pass') . " : " . stripslashes($original_password) : "") . "\n\n" . get_lang('Address') . " " . api_get_setting('siteName') . " " . get_lang('Is') . " : " . $_configuration['root_web'] . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('SignatureFormula') . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator'); } api_mail_html($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin); } if (!empty($hook)) { $hook->notifyUpdateUser(HOOK_EVENT_TYPE_POST); } return $user->getId(); }
// we may use the following construct: // $root = @simplexml_load_string(api_utf8_encode_xml(file_get_contents($_FILES['import_file']['tmp_name']))); // To ease debugging let us use: $content = file_get_contents($_FILES['import_file']['tmp_name']); $content = api_utf8_encode_xml($content); $root = @simplexml_load_string($content); unset($content); if (is_object($root)) { if (count($root->Users->User) > 0) { // Creating/updating users from <Sessions> <Users> base node. foreach ($root->Users->User as $node_user) { $username = $username_old = trim(api_utf8_decode($node_user->Username)); if (UserManager::is_username_available($username)) { $password = api_utf8_decode($node_user->Password); if (empty($password)) { $password = api_generate_password(); } switch ($node_user->Status) { case 'student': $status = 5; break; case 'teacher': $status = 1; break; default: $status = 5; $error_message .= get_lang('StudentStatusWasGivenTo') . ' : ' . $username . '<br />'; } $result = UserManager::create_user(api_utf8_decode($node_user->Firstname), api_utf8_decode($node_user->Lastname), $status, api_utf8_decode($node_user->Email), $username, $password, api_utf8_decode($node_user->OfficialCode), null, api_utf8_decode($node_user->Phone), null, PLATFORM_AUTH_SOURCE, null, 1, 0, null, null, $send_mail); } else { $lastname = trim(api_utf8_decode($node_user->Lastname));
/** * Resets a password * @author Olivier Cauberghe <*****@*****.**>, Ghent University */ public static function reset_password($secret, $id, $by_username = false) { $tbl_user = Database::get_main_table(TABLE_MAIN_USER); $id = intval($id); $sql = "SELECT\n user_id AS uid,\n lastname AS lastName,\n firstname AS firstName,\n username AS loginName,\n password,\n email\n FROM " . $tbl_user . "\n WHERE user_id = {$id}"; $result = Database::query($sql); $num_rows = Database::num_rows($result); if ($result && $num_rows > 0) { $user = Database::fetch_array($result); } else { return get_lang('CouldNotResetPassword'); } if (self::get_secret_word($user['email']) == $secret) { // OK, secret word is good. Now change password and mail it. $user['password'] = api_generate_password(); UserManager::updatePassword($id, $user['password']); return self::send_password_to_user($user, $by_username); } else { return get_lang('NotAllowed'); } }
$form->addRule('username', sprintf(get_lang('UsernameMaxXCharacters'), (string) USERNAME_MAX_LENGTH), 'maxlength', USERNAME_MAX_LENGTH); $form->addRule('username', get_lang('UsernameWrong'), 'username'); $form->addRule('username', get_lang('UserTaken'), 'username_available'); } // PASSWORD $form->addElement('password', 'pass1', get_lang('Pass'), array('id' => 'pass1', 'size' => 20, 'autocomplete' => 'off')); $checkPass = api_get_setting('security.allow_strength_pass_checker'); if ($checkPass == 'true') { $form->addElement('label', null, '<div id="password_progress"></div>'); } $form->addElement('password', 'pass2', get_lang('Confirmation'), array('id' => 'pass2', 'size' => 20, 'autocomplete' => 'off')); $form->addRule('pass1', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('pass2', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule(array('pass1', 'pass2'), get_lang('PassTwo'), 'compare'); if (CHECK_PASS_EASY_TO_FIND) { $form->addRule('password1', get_lang('PassTooEasy') . ': ' . api_generate_password(), 'callback', 'api_check_password'); } // PHONE if (in_array('phone', $allowedFields)) { $form->addElement('text', 'phone', get_lang('Phone'), array('size' => 20)); if (api_get_setting('registration', 'phone') == 'true') { $form->addRule('phone', get_lang('ThisFieldIsRequired'), 'required'); } } // LANGUAGE if (in_array('language', $allowedFields)) { if (api_get_setting('registration', 'language') == 'true') { $form->addElement('select_language', 'language', get_lang('Language')); } } // STUDENT/TEACHER
/** * Displays step 3 - a form where the user can enter the installation settings * regarding the databases - login and password, names, prefixes, single * or multiple databases, tracking or not... * @param string $installType * @param string $dbHostForm * @param string $dbUsernameForm * @param string $dbPassForm * @param string $dbNameForm * @param string $installationProfile */ function display_database_settings_form($installType, $dbHostForm, $dbUsernameForm, $dbPassForm, $dbNameForm, $installationProfile = '') { if ($installType == 'update') { global $_configuration; $dbHostForm = $_configuration['db_host']; $dbUsernameForm = $_configuration['db_user']; $dbPassForm = $_configuration['db_password']; $dbNameForm = $_configuration['main_database']; echo '<div class="RequirementHeading"><h2>' . display_step_sequence() . get_lang('DBSetting') . '</h2></div>'; echo '<div class="RequirementContent">'; echo get_lang('DBSettingUpgradeIntro'); echo '</div>'; } else { echo '<div class="RequirementHeading"><h2>' . display_step_sequence() . get_lang('DBSetting') . '</h2></div>'; echo '<div class="RequirementContent">'; echo get_lang('DBSettingIntro'); echo '</div>'; } ?> <div class="panel panel-default"> <div class="panel-body"> <div class="form-group"> <label class="col-sm-4"><?php echo get_lang('DBHost'); ?> </label> <?php if ($installType == 'update') { ?> <div class="col-sm-5"> <input type="hidden" name="dbHostForm" value="<?php echo htmlentities($dbHostForm); ?> " /><?php echo $dbHostForm; ?> </div> <div class="col-sm-3"></div> <?php } else { ?> <div class="col-sm-5"> <input type="text" size="25" maxlength="50" name="dbHostForm" value="<?php echo htmlentities($dbHostForm); ?> " /> </div> <div class="col-sm-3"><?php echo get_lang('EG') . ' localhost'; ?> </div> <?php } ?> </div> <div class="form-group"> <?php //database user username $example_login = get_lang('EG') . ' root'; displayDatabaseParameter($installType, get_lang('DBLogin'), 'dbUsernameForm', $dbUsernameForm, $example_login); ?> </div> <div class="form-group"> <?php //database user password $example_password = get_lang('EG') . ' ' . api_generate_password(); displayDatabaseParameter($installType, get_lang('DBPassword'), 'dbPassForm', $dbPassForm, $example_password); ?> </div> <div class="form-group"> <?php //Database Name fix replace weird chars if ($installType != INSTALL_TYPE_UPDATE) { $dbNameForm = str_replace(array('-', '*', '$', ' ', '.'), '', $dbNameForm); $dbNameForm = api_replace_dangerous_char($dbNameForm); } displayDatabaseParameter($installType, get_lang('MainDB'), 'dbNameForm', $dbNameForm, ' ', null, 'id="optional_param1"'); ?> </div> <?php if ($installType != INSTALL_TYPE_UPDATE) { ?> <div class="form-group"> <div class="col-sm-3"></div> <div class="col-sm-9"> <button type="submit" class="btn btn-primary" name="step3" value="step3"> <i class="fa fa-refresh"> </i> <?php echo get_lang('CheckDatabaseConnection'); ?> </button> </div> </div> <?php } ?> </div> </div> <?php $database_exists_text = ''; $manager = null; try { $manager = connectToDatabase($dbHostForm, $dbUsernameForm, $dbPassForm, null); $databases = $manager->getConnection()->getSchemaManager()->listDatabases(); if (in_array($dbNameForm, $databases)) { $database_exists_text = '<div class="alert alert-warning">' . get_lang('ADatabaseWithTheSameNameAlreadyExists') . '</div>'; } } catch (Exception $e) { $database_exists_text = $e->getMessage(); } if ($manager->getConnection()->isConnected()) { ?> <?php echo $database_exists_text; ?> <div id="db_status" class="alert alert-success"> Database host: <strong><?php echo $manager->getConnection()->getHost(); ?> </strong><br /> Database driver: <strong><?php echo $manager->getConnection()->getDriver()->getName(); ?> </strong><br /> </div> <?php } else { ?> <?php echo $database_exists_text; ?> <div id="db_status" style="float:left;" class="alert alert-danger"> <div style="float:left;"> <?php echo get_lang('FailedConectionDatabase'); ?> </strong> </div> </div> <?php } ?> <div class="form-group"> <div class="col-sm-6"> <button type="submit" name="step2" class="btn btn-default pull-right" value="< <?php echo get_lang('Previous'); ?> " > <i class="fa fa-backward"> </i> <?php echo get_lang('Previous'); ?> </button> </div> <div class="col-sm-6"> <input type="hidden" name="is_executable" id="is_executable" value="-" /> <?php if ($manager) { ?> <button type="submit" class="btn btn-success" name="step4" value="<?php echo get_lang('Next'); ?> >" > <i class="fa fa-forward"> </i> <?php echo get_lang('Next'); ?> </button> <?php } else { ?> <button disabled="disabled" type="submit" class="btn btn-success disabled" name="step4" value="<?php echo get_lang('Next'); ?> >" > <i class="fa fa-forward"> </i> <?php echo get_lang('Next'); ?> </button> <?php } ?> </div> </div> <?php }
/** * Displays step 3 - a form where the user can enter the installation settings * regarding the databases - login and password, names, prefixes, single * or multiple databases, tracking or not... */ function display_database_settings_form($installType, $dbHostForm, $dbUsernameForm, $dbPassForm, $dbPrefixForm, $enableTrackingForm, $singleDbForm, $dbNameForm) { if ($installType == 'update') { global $_configuration, $update_from_version_6; if (in_array($_POST['old_version'], $update_from_version_6)) { $dbHostForm = get_config_param('dbHost'); $dbUsernameForm = get_config_param('dbLogin'); $dbPassForm = get_config_param('dbPass'); $dbPrefixForm = get_config_param('dbNamePrefix'); $enableTrackingForm = get_config_param('is_trackingEnabled'); $singleDbForm = get_config_param('singleDbEnabled'); $dbHostForm = get_config_param('mainDbName'); $dbStatsForm = get_config_param('statsDbName'); $dbScormForm = get_config_param('scormDbName'); $dbUserForm = get_config_param('user_personal_database'); $dbScormExists = true; } else { $dbHostForm = $_configuration['db_host']; $dbUsernameForm = $_configuration['db_user']; $dbPassForm = $_configuration['db_password']; $dbPrefixForm = $_configuration['db_prefix']; $enableTrackingForm = isset($_configuration['tracking_enabled']) ? $_configuration['tracking_enabled'] : null; $singleDbForm = isset($_configuration['single_database']) ? $_configuration['single_database'] : null; $dbNameForm = $_configuration['main_database']; $dbStatsForm = isset($_configuration['statistics_database']) ? $_configuration['statistics_database'] : null; $dbScormForm = isset($_configuration['scorm_database']) ? $_configuration['scorm_database'] : null; $dbUserForm = isset($_configuration['user_personal_database']) ? $_configuration['user_personal_database'] : null; $dbScormExists = true; } if (empty($dbScormForm)) { if ($singleDbForm) { $dbScormForm = $dbNameForm; } else { $dbScormForm = $dbPrefixForm . 'scorm'; $dbScormExists = false; } } if (empty($dbUserForm)) { $dbUserForm = $singleDbForm ? $dbNameForm : $dbPrefixForm . 'chamilo_user'; } echo '<div class="RequirementHeading"><h2>' . display_step_sequence() . translate('DBSetting') . '</h2></div>'; echo '<div class="RequirementContent">'; echo translate('DBSettingUpgradeIntro'); echo '</div>'; } else { if (empty($dbPrefixForm)) { //make sure there is a default value for db prefix $dbPrefixForm = ''; } echo '<div class="RequirementHeading"><h2>' . display_step_sequence() . translate('DBSetting') . '</h2></div>'; echo '<div class="RequirementContent">'; echo translate('DBSettingIntro'); echo '</div>'; } ?> </td> </tr> <tr> <td> <table class="data_table_no_border"> <tr> <td width="40%"><?php echo translate('DBHost'); ?> </td> <?php if ($installType == 'update') { ?> <td width="30%"><input type="hidden" name="dbHostForm" value="<?php echo htmlentities($dbHostForm); ?> "/><?php echo $dbHostForm; ?> </td> <td width="30%"> </td> <?php } else { ?> <td width="30%"> <input type="text" size="25" maxlength="50" name="dbHostForm" value="<?php echo htmlentities($dbHostForm); ?> " /></td> <td width="30%"><?php echo translate('EG') . ' localhost'; ?> </td> <?php } ?> </tr> <tr> <?php //database user username $example_login = translate('EG') . ' root'; display_database_parameter($installType, translate('DBLogin'), 'dbUsernameForm', $dbUsernameForm, $example_login); //database user password $example_password = translate('EG') . ' ' . api_generate_password(); display_database_parameter($installType, translate('DBPassword'), 'dbPassForm', $dbPassForm, $example_password); echo '<input type="hidden" name="enableTrackingForm" value="1" />'; $style = ''; if ($installType == INSTALL_TYPE_UPDATE) { $style = ''; } //Database Name fix replace weird chars if ($installType != INSTALL_TYPE_UPDATE) { $dbNameForm = str_replace(array('-', '*', '$', ' ', '.'), '', $dbNameForm); $dbNameForm = api_replace_dangerous_char($dbNameForm); } display_database_parameter($installType, translate('MainDB'), 'dbNameForm', $dbNameForm, ' ', null, 'id="optional_param1" ' . $style); ?> <tr> <td></td> <td> <button type="submit" class="btn" name="step3"value="<?php echo translate('CheckDatabaseConnection'); ?> "> <?php echo translate('CheckDatabaseConnection'); ?> </button> </td> </tr> <tr> <td> <?php $dbConnect = testDatabaseConnect($dbHostForm, $dbUsernameForm, $dbPassForm, $singleDbForm, $dbPrefixForm, $dbNameForm); $database_exists_text = ''; if ($dbConnect) { $multipleDbCheck = Database::query("CREATE DATABASE " . mysql_real_escape_string($dbNameForm)); if ($multipleDbCheck !== false) { Database::query("DROP DATABASE IF EXISTS " . mysql_real_escape_string($dbNameForm)); $user_can_create_databases = true; } if ($user_can_create_databases) { $database_exists_text = '<div class="normal-message">' . sprintf(translate('DatabaseXWillBeCreated'), $dbNameForm, $dbUsernameForm) . '</div>'; } else { $dbConnect = 0; $database_exists_text = '<div class="warning-message">' . sprintf(translate('DatabaseXCantBeCreatedUserXDoestHaveEnoughPermissions'), $dbNameForm, $dbUsernameForm) . '</div>'; } } else { echo '<div class="warning-message">' . sprintf(translate('UserXCantHaveAccessInTheDatabaseX'), $dbUsernameForm, $dbNameForm) . '</div>'; } if ($dbConnect == 1) { ?> <td colspan="2"> <?php echo $database_exists_text; ?> <div id="db_status" class="confirmation-message"> <div style="clear:both;"></div> </div> </td> <?php } else { ?> <td colspan="2"> <?php echo $database_exists_text; ?> <div id="db_status" style="float:left;" class="error-message"> <div style="float:left;"> <strong><?php echo translate('FailedConectionDatabase'); ?> </strong><br/> </div> </div> </td> <?php } ?> </tr> <tr> <td> <button type="submit" name="step2" class="back" value="< <?php echo translate('Previous'); ?> "><?php echo translate('Previous'); ?> </button> </td> <td> </td> <td align="right"> <input type="hidden" name="is_executable" id="is_executable" value="-"/> <?php if ($dbConnect == 1) { ?> <button type="submit" class="btn next" name="step4" value="<?php echo translate('Next'); ?> >" <?php if ($dbConnect == 1) { echo 'autofocus="autofocus"'; } ?> /><?php echo translate('Next'); ?> </button> <?php } else { ?> <button disabled="disabled" type="submit" class="btn next disabled" name="step4" value="<?php echo translate('Next'); ?> >"/><?php echo translate('Next'); ?> </button> <?php } ?> </td> </tr> </table> <?php }
/** * Update user information with all the parameters passed to this function * @param int The ID of the user to be updated * @param string The user's firstname * @param string The user's lastname * @param string The user's username (login) * @param string The user's password * @param string The authentication source (default: "platform") * @param string The user's e-mail address * @param int The user's status * @param string The user's official code (usually just an internal institutional code) * @param string The user's phone number * @param string The user's picture URL (internal to the Chamilo directory) * @param int The user ID of the person who registered this user (optional, defaults to null) * @param int The department of HR in which the user is registered (optional, defaults to 0) * @param array A series of additional fields to add to this user as extra fields (optional, defaults to null) * @return boolean true if the user information was updated * @assert (false) === false */ public static function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email = null, $status = STUDENT, $official_code = null, $phone = null, $picture_uri = null, $expiration_date = null, $active = 1, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '', $send_email = false, $reset_password = 0) { global $_configuration; $original_password = $password; $user_info = api_get_user_info($user_id, false, true); if ($reset_password == 0) { $password = null; $auth_source = $user_info['auth_source']; } elseif ($reset_password == 1) { $original_password = $password = api_generate_password(); $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 2) { $password = $password; $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 3) { $password = $password; $auth_source = $auth_source; } if ($user_id != strval(intval($user_id))) { return false; } if ($user_id === false) { return false; } // Checking the user language. $languages = api_get_platform_isocodes(); if (!in_array($language, $languages)) { $language = Container::getTranslator()->getLocale(); } if (!is_null($password)) { if ($encrypt_method == '') { $password = api_get_encrypted_password($password); } else { if ($_configuration['password_encryption'] === $encrypt_method) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { return api_set_failure('encrypt_method invalid'); } else { if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) { return api_set_failure('encrypt_method invalid'); } } } else { return api_set_failure('encrypt_method invalid'); } } } $em = Database::getManager(); /** @var Chamilo\UserBundle\Entity\User $user */ $user = $em->getRepository('ChamiloUserBundle:User')->find($user_id); if (is_array($extra) && count($extra) > 0) { $res = true; foreach ($extra as $name => $value) { //$userField = $em->getRepository('ChamiloUserBundle:UserField')->findOneByName($name); $res = $res && self::update_extra_field_value($user_id, $name, $value); } } if ($user_info['active'] != $active) { self::change_active_state($user_id, $active); } // Updating user $user->setLastname($lastname)->setFirstname($firstname)->setUsername($username)->setAuthSource($auth_source)->setLanguage($language)->setEmail($email)->setOfficialCode($official_code)->setPhone($phone)->setPictureUri($picture_uri)->setExpirationDate($expiration_date)->setActive($active)->setHrDeptId($hr_dept_id); if (!empty($original_password)) { $user->setPlainPassword($original_password); } if (is_array($status)) { foreach ($status as $groupId) { $group = $em->getRepository('ChamiloUserBundle:Group')->find($groupId); $user->addGroup($group); } } else { $group = $em->getRepository('ChamiloUserBundle:Group')->find($status); $user->addGroup($group); } Container::getUserManager()->updateUser($user, true); if (!empty($email) && $send_email) { $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS); $emailsubject = '[' . api_get_setting('platform.site_name') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('platform.site_name'); $sender_name = api_get_person_name(api_get_setting('platform.administrator_name'), api_get_setting('platform.administrator_surname'), null, PERSON_NAME_EMAIL_ADDRESS); $email_admin = api_get_setting('platform.administrator_email'); $emailbody = null; /*api_mail_html($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin);*/ } $user_info = api_get_user_info($user_id); Event::addEvent(LOG_USER_UPDATED, LOG_USER_ID, $user_id, api_get_utc_datetime(), api_get_user_id()); Event::addEvent(LOG_USER_UPDATED, LOG_USER_OBJECT, $user_info, api_get_utc_datetime(), api_get_user_id()); return $user_id; }
/** * * @param User $object */ protected function before_save($object) { $object->username = $object->username ? $object->username : $this->generate_username(); $object->password = $object->password ? $object->password : api_generate_password(); $object->language = $object->language ? $object->language : $this->default_language(); }
// Extract the path to append to the url if Chamilo is not installed on the web root directory. $urlAppendPath = api_remove_trailing_slash(api_get_path(REL_PATH)); $urlForm = api_get_path(WEB_PATH); $pathForm = api_get_path(SYS_PATH); $emailForm = 'webmaster@localhost'; if (!empty($_SERVER['SERVER_ADMIN'])) { $emailForm = $_SERVER['SERVER_ADMIN']; } $email_parts = explode('@', $emailForm); if (isset($email_parts[1]) && $email_parts[1] == 'localhost') { $emailForm .= '.localdomain'; } $adminLastName = get_lang('DefaultInstallAdminLastname'); $adminFirstName = get_lang('DefaultInstallAdminFirstname'); $loginForm = 'admin'; $passForm = api_generate_password(); $campusForm = 'My campus'; $educationForm = 'Albert Einstein'; $adminPhoneForm = '(000) 001 02 03'; $institutionForm = 'My Organisation'; $institutionUrlForm = 'http://www.chamilo.org'; $languageForm = api_get_interface_language(); $checkEmailByHashSent = 0; $ShowEmailNotCheckedToStudent = 1; $userMailCanBeEmpty = 1; $allowSelfReg = 1; $allowSelfRegProf = 1; $encryptPassForm = 'sha1'; $session_lifetime = 360000; if (!empty($_GET['profile'])) { $installationProfile = api_htmlentities($_GET['profile'], ENT_QUOTES);
error_log('New LP - Included scormItem', 0); } require_once '../newscorm/aicc.class.php'; if ($debug > 0) { error_log('New LP - Included aicc', 0); } require_once '../newscorm/aiccItem.class.php'; if ($debug > 0) { error_log('New LP - Included aiccItem', 0); } require "../../main/inc/global.inc.php"; require_once 'get_translation.lib.php'; api_block_anonymous_users(); //$confkey = "0123456789abcdef0123456789abcdef"; $confkey = api_get_setting('service_visio', 'visio_pass'); $challenge = api_generate_password(32); //generate a 32 characters-long challenge key require_once api_get_path(LIBRARY_PATH) . "course.lib.php"; printf('<?xml version="1.0" encoding="UTF-8" ?>'); printf('<dokeosobject>'); printf('<courseobject>'); foreach ($_SESSION['_course'] as $key => $val) { printf('<%s>%s</%s>', $key, api_utf8_encode($val), $key); } printf('</courseobject>'); printf('<userobject>'); foreach ($_SESSION['_user'] as $key => $val) { if ($key != "auth_source") { if (($key == "lastName" || $key == "firstName") && strlen($val) == 0) { $val = get_lang('Unknown'); }
/** * Update user information with all the parameters passed to this function * @param int The ID of the user to be updated * @param string The user's firstname * @param string The user's lastname * @param string The user's username (login) * @param string The user's password * @param string The authentication source (default: "platform") * @param string The user's e-mail address * @param int The user's status * @param string The user's official code (usually just an internal institutional code) * @param string The user's phone number * @param string The user's picture URL (internal to the Chamilo directory) * @param int The user ID of the person who registered this user (optional, defaults to null) * @param int The department of HR in which the user is registered (optional, defaults to 0) * @param array A series of additional fields to add to this user as extra fields (optional, defaults to null) * @return boolean true if the user information was updated * @assert (false) === false */ public static function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email = null, $status = STUDENT, $official_code = null, $phone = null, $picture_uri = null, $expiration_date = null, $active = 1, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '', $send_email = false, $reset_password = 0) { global $_configuration; $original_password = $password; $user_info = api_get_user_info($user_id, false, true); if ($reset_password == 0) { $password = null; $auth_source = $user_info['auth_source']; } elseif ($reset_password == 1) { $original_password = $password = api_generate_password(); $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 2) { $password = $password; $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 3) { $password = $password; $auth_source = $auth_source; } if ($user_id != strval(intval($user_id))) { return false; } if ($user_id === false) { return false; } $table_user = Database::get_main_table(TABLE_MAIN_USER); //Checking the user language $languages = api_get_languages(); if (!in_array($language, $languages['folder'])) { $language = api_get_setting('platformLanguage'); } $sql = "UPDATE {$table_user} SET\n lastname='" . Database::escape_string($lastname) . "',\n firstname='" . Database::escape_string($firstname) . "',\n username='******',\n language='" . Database::escape_string($language) . "',"; if (!is_null($password)) { if ($encrypt_method == '') { $password = api_get_encrypted_password($password); } else { if ($_configuration['password_encryption'] === $encrypt_method) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { return api_set_failure('encrypt_method invalid'); } else { if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) { return api_set_failure('encrypt_method invalid'); } } } else { return api_set_failure('encrypt_method invalid'); } } $sql .= " password='******',"; } if (!is_null($auth_source)) { $sql .= " auth_source='" . Database::escape_string($auth_source) . "',"; } $sql .= "\n email='" . Database::escape_string($email) . "',\n status='" . Database::escape_string($status) . "',\n official_code='" . Database::escape_string($official_code) . "',\n phone='" . Database::escape_string($phone) . "',\n picture_uri='" . Database::escape_string($picture_uri) . "',\n expiration_date='" . Database::escape_string($expiration_date) . "',\n active='" . Database::escape_string($active) . "',\n hr_dept_id=" . intval($hr_dept_id); if (!is_null($creator_id)) { $sql .= ", creator_id='" . Database::escape_string($creator_id) . "'"; } $sql .= " WHERE user_id = '{$user_id}' "; $return = Database::query($sql); if (is_array($extra) && count($extra) > 0) { $res = true; foreach ($extra as $fname => $fvalue) { $res = $res && self::update_extra_field_value($user_id, $fname, $fvalue); } } if ($user_info['active'] != $active) { self::change_active_state($user_id, $active); } global $app; // Adding user /** @var Entity\User $user */ $em = $app['orm.ems']['db_write']; $user = $em->getRepository('Entity\\User')->find($user_id); $role = $em->getRepository('Entity\\Role')->find($status); $user->getRolesObj()->remove(0); $user->getRolesObj()->add($role); $em->persist($user); $em->flush(); if (!empty($email) && $send_email) { $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS); $emailsubject = '[' . api_get_setting('siteName') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('siteName'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); $email_admin = api_get_setting('emailAdministrator'); if ($_configuration['multiple_access_urls']) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1) { $url = api_get_current_access_url_info(); $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($firstname, $lastname)) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $username . ($reset_password > 0 ? "\n" . get_lang('Pass') . " : " . stripslashes($original_password) : "") . "\n\n" . get_lang('Address') . " " . api_get_setting('siteName') . " " . get_lang('Is') . " : " . $url['url'] . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('Formula') . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator'); } } else { $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($firstname, $lastname)) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('siteName') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $username . ($reset_password > 0 ? "\n" . get_lang('Pass') . " : " . stripslashes($original_password) : "") . "\n\n" . get_lang('Address') . " " . api_get_setting('siteName') . " " . get_lang('Is') . " : " . $_configuration['root_web'] . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('Formula') . ",\n\n" . api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator'); } @api_mail_html($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin); } $user_info = api_get_user_info($user_id); event_system(LOG_USER_UPDATED, LOG_USER_ID, $user_id, api_get_utc_datetime(), api_get_user_id()); event_system(LOG_USER_UPDATED, LOG_USER_OBJECT, $user_info, api_get_utc_datetime(), api_get_user_id()); return $return; }
if ($check) { $user = $form->exportValues(); $email = $userInfo['email']; $username = $userInfo['username']; $send_mail = intval($user['mail']['send_mail']); $auth_source = PLATFORM_AUTH_SOURCE; $resetPassword = $user['password']['password_auto'] == '1' ? 0 : 2; if (count($extAuthSource) > 0 && $user['password']['password_auto'] == '2') { //$auth_source = $user['password']['auth_source']; //$password = '******'; } else { //$auth_source = PLATFORM_AUTH_SOURCE; //$password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password']; } $auth_source = $userInfo['auth_source']; $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password']; UserManager::update_user($userId, $userInfo['firstname'], $userInfo['lastname'], $userInfo['username'], $password, $auth_source, $userInfo['email'], $userInfo['status'], $userInfo['official_code'], $userInfo['phone'], $userInfo['picture_uri'], $userInfo['expiration_date'], $userInfo['active'], $userInfo['creator_id'], $userInfo['hr_dept_id'], null, $userInfo['language'], null, false, $resetPassword); if (!empty($email) && $send_mail) { $emailsubject = '[' . api_get_setting('platform.site_name') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('platform.site_name'); $portal_url = api_get_path(WEB_PATH); if (api_is_multiple_url_enabled()) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1) { $url = api_get_access_url($access_url_id); $portal_url = $url['url']; } } $emailbody = get_lang('Dear') . " " . stripslashes(api_get_person_name($userInfo['firstname'], $userInfo['lastname'])) . ",\n\n" . get_lang('YouAreReg') . " " . api_get_setting('platform.site_name') . " " . get_lang('WithTheFollowingSettings') . "\n\n" . get_lang('Username') . " : " . $username . "\n" . get_lang('Pass') . " : " . stripslashes($password) . "\n\n" . get_lang('Address') . " " . api_get_setting('platform.site_name') . " " . get_lang('Is') . " : " . $portal_url . "\n\n" . get_lang('Problem') . "\n\n" . get_lang('SignatureFormula') . ",\n\n" . api_get_person_name(api_get_setting('admin.administrator_name'), api_get_setting('admin.administrator_surname')) . "\n" . get_lang('Manager') . " " . api_get_setting('platform.site_name') . "\nT. " . api_get_setting('admin.administrator_phone') . "\n" . get_lang('Email') . " : " . api_get_setting('admin.administrator_email'); $emailbody = nl2br($emailbody); api_mail_html(api_get_person_name($userInfo['firstname'], $userInfo['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $email, $emailsubject, $emailbody); }
/** * Adds missing user-information (which isn't required, like password, etc). */ function complete_missing_data($user) { // 1. Generate a password if it is necessary. if (!isset($user['Password']) || strlen($user['Password']) == 0) { $user['Password'] = api_generate_password(); } return $user; }
/** * Add missing user-information (which isn't required, like password, username etc). */ function complete_missing_data($user) { global $purification_option_for_usernames; // 1. Create a username if necessary. if (UserManager::is_username_empty($user['UserName'])) { $user['UserName'] = UserManager::create_unique_username($user['FirstName'], $user['LastName']); } else { $user['UserName'] = UserManager::purify_username($user['UserName'], $purification_option_for_usernames); } // 2. Generate a password if necessary. if (empty($user['Password'])) { $user['Password'] = api_generate_password(); } // 3. Set status if not allready set. if (empty($user['Status'])) { $user['Status'] = 'user'; } // 4. Set authsource if not allready set. if (empty($user['AuthSource'])) { $user['AuthSource'] = PLATFORM_AUTH_SOURCE; } return $user; }
/** * Update user information with all the parameters passed to this function * @param int The ID of the user to be updated * @param string The user's firstname * @param string The user's lastname * @param string The user's username (login) * @param string The user's password * @param string The authentication source (default: "platform") * @param string The user's e-mail address * @param int The user's status * @param string The user's official code (usually just an internal institutional code) * @param string The user's phone number * @param string The user's picture URL (internal to the Chamilo directory) * @param int The user ID of the person who registered this user (optional, defaults to null) * @param int The department of HR in which the user is registered (optional, defaults to 0) * @param array A series of additional fields to add to this user as extra fields (optional, defaults to null) * @return boolean true if the user information was updated * @assert (false, false, false, false, false, false, false, false, false, false, false, false, false) === false */ public static function update_user( $user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id = null, $hr_dept_id = 0, $extra = null, $language = 'english', $encrypt_method = '', $send_email = false, $reset_password = 0 ) { global $_configuration; $original_password = $password; if (empty($user_id)) { return false; } $user_info = api_get_user_info($user_id, false, true); if ($reset_password == 0) { $password = null; $auth_source = $user_info['auth_source']; } elseif ($reset_password == 1) { $original_password = $password = api_generate_password(); $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 2) { $password = $password; $auth_source = PLATFORM_AUTH_SOURCE; } elseif ($reset_password == 3) { $password = $password; $auth_source = $auth_source; } if ($user_id != strval(intval($user_id))) return false; if ($user_id === false) return false; $table_user = Database :: get_main_table(TABLE_MAIN_USER); //Checking the user language $languages = api_get_languages(); if (!in_array($language, $languages['folder'])) { $language = api_get_setting('platformLanguage'); } $change_active = 0; if ($user_info['active'] != $active) { $change_active = 1; } $sql = "UPDATE $table_user SET lastname='".Database::escape_string($lastname)."', firstname='".Database::escape_string($firstname)."', username='******', language='".Database::escape_string($language)."',"; if (!is_null($password)) { if ($encrypt_method == '') { $password = api_get_encrypted_password($password); } else { if ($_configuration['password_encryption'] === $encrypt_method) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { return api_set_failure('encrypt_method invalid'); } else if ($encrypt_method == 'sha1' && !preg_match('/^[A-Fa-f0-9]{40}$/', $password)) { return api_set_failure('encrypt_method invalid'); } } else { return api_set_failure('encrypt_method invalid'); } } $sql .= " password='******',"; } if (!is_null($auth_source)) { $sql .= " auth_source='".Database::escape_string($auth_source)."',"; } $sql .= " email='".Database::escape_string($email)."', status='".Database::escape_string($status)."', official_code='".Database::escape_string($official_code)."', phone='".Database::escape_string($phone)."', picture_uri='".Database::escape_string($picture_uri)."', expiration_date='".Database::escape_string($expiration_date)."', active='".Database::escape_string($active)."', hr_dept_id=".intval($hr_dept_id); if (!is_null($creator_id)) { $sql .= ", creator_id='".intval($creator_id)."'"; } $sql .= " WHERE user_id='$user_id'"; $return = Database::query($sql); if ($change_active == 1 && $return) { if ($active == 1) { $event_title = LOG_USER_ENABLE; } else { $event_title = LOG_USER_DISABLE; } event_system($event_title, LOG_USER_ID, $user_id); } if (is_array($extra) && count($extra) > 0) { $res = true; foreach ($extra as $fname => $fvalue) { $res = $res && self::update_extra_field_value($user_id, $fname, $fvalue); } } if (!empty($email) && $send_email) { $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS); $emailsubject = '['.api_get_setting('siteName').'] '.get_lang('YourReg').' '.api_get_setting('siteName'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); $email_admin = api_get_setting('emailAdministrator'); if (api_is_multiple_url_enabled()) { $access_url_id = api_get_current_access_url_id(); if ($access_url_id != -1) { $url = api_get_access_url($access_url_id); $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstname, $lastname)).",\n\n".get_lang('YouAreReg')." ".api_get_setting('siteName')." ".get_lang('WithTheFollowingSettings')."\n\n".get_lang('Username')." : ".$username.(($reset_password > 0) ? "\n".get_lang('Pass')." : ".stripslashes($original_password) : "")."\n\n".get_lang('Address')." ".api_get_setting('siteName')." ".get_lang('Is')." : ".$url['url']."\n\n".get_lang('Problem')."\n\n".get_lang('SignatureFormula').",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".get_lang('Manager')." ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".get_lang('Email')." : ".api_get_setting('emailAdministrator'); } } else { $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstname, $lastname)).",\n\n".get_lang('YouAreReg')." ".api_get_setting('siteName')." ".get_lang('WithTheFollowingSettings')."\n\n".get_lang('Username')." : ".$username.(($reset_password > 0) ? "\n".get_lang('Pass')." : ".stripslashes($original_password) : "")."\n\n".get_lang('Address')." ".api_get_setting('siteName')." ".get_lang('Is')." : ".$_configuration['root_web']."\n\n".get_lang('Problem')."\n\n".get_lang('SignatureFormula').",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".get_lang('Manager')." ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".get_lang('Email')." : ".api_get_setting('emailAdministrator'); } @api_mail_html($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin); } return $return; }