list($_SESSION['session_name']) = Database::fetch_array($rs); } else { Session::erase('session_name'); Session::erase('id_session'); } if (!empty($_GET['gidReq'])) { $_SESSION['_gid'] = intval($_GET['gidReq']); } else { Session::erase('_gid'); } if (!isset($_SESSION['login_as'])) { //Course login if (isset($_user['user_id'])) { event_course_login($_course['code'], $_user['user_id'], api_get_session_id()); } } } else { //exit("WARNING UNDEFINED CID !! "); header('location:'.api_get_path(WEB_PATH)); } } else { Session::erase('_cid'); Session::erase('_real_cid'); Session::erase('_course'); if (!empty($_SESSION)) { foreach ($_SESSION as $key => $session_item) { if (strpos($key, 'lp_autolunch_') === false) { continue;
/** * * @global bool $is_platformAdmin * @global bool $is_allowedCreateCourse * @global object $_user * @global int $_cid * @global array $_course * @global type $_real_cid * @global type $_courseUser * @global type $is_courseAdmin * @global type $is_courseTutor * @global type $is_courseCoach * @global type $is_courseMember * @global type $is_sessionAdmin * @global type $is_allowed_in_course * * @param type $course_id * @param type $reset */ static function init_course($course_id, $reset) { global $_configuration; global $is_platformAdmin; global $is_allowedCreateCourse; global $_user; global $_cid; global $_course; global $_real_cid; global $_courseUser; global $is_courseAdmin; //course teacher global $is_courseTutor; //course teacher - some rights global $is_courseCoach; //course coach global $is_courseMember; //course student global $is_sessionAdmin; global $is_allowed_in_course; if ($reset) { // Course session data refresh requested or empty data if ($course_id) { $course_table = Database::get_main_table(TABLE_MAIN_COURSE); $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); $sql = "SELECT course.*, course_category.code faCode, course_category.name faName\n FROM {$course_table}\n LEFT JOIN {$course_cat_table}\n ON course.category_code = course_category.code\n WHERE course.code = '{$course_id}'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $course_data = Database::fetch_array($result); //@TODO real_cid should be cid, for working with numeric course id $_real_cid = $course_data['id']; $_cid = $course_data['code']; $_course = array(); $_course['real_id'] = $course_data['id']; $_course['id'] = $course_data['code']; //auto-assigned integer $_course['code'] = $course_data['code']; $_course['name'] = $course_data['title']; $_course['title'] = $course_data['title']; $_course['official_code'] = $course_data['visual_code']; // use in echo $_course['sysCode'] = $course_data['code']; // use as key in db $_course['path'] = $course_data['directory']; // use as key in path $_course['dbName'] = $course_data['db_name']; // use as key in db list $_course['db_name'] = $course_data['db_name']; // not needed in Chamilo 1.9 $_course['dbNameGlu'] = $_configuration['table_prefix'] . $course_data['db_name'] . $_configuration['db_glue']; // use in all queries //not needed in Chamilo 1.9 $_course['titular'] = $course_data['tutor_name']; // this should be deprecated and use the table course_rel_user $_course['language'] = $course_data['course_language']; $_course['extLink']['url'] = $course_data['department_url']; $_course['extLink']['name'] = $course_data['department_name']; $_course['categoryCode'] = $course_data['faCode']; $_course['categoryName'] = $course_data['faName']; $_course['visibility'] = $course_data['visibility']; $_course['subscribe_allowed'] = $course_data['subscribe']; $_course['unsubscribe'] = $course_data['unsubscribe']; $_course['activate_legal'] = $course_data['activate_legal']; $_course['show_score'] = $course_data['show_score']; //used in the work tool Session::write('_cid', $_cid); Session::write('_course', $_course); //@TODO real_cid should be cid, for working with numeric course id Session::write('_real_cid', $_real_cid); // if a session id has been given in url, we store the session // Database Table Definitions $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); if (!empty($_GET['id_session'])) { $_SESSION['id_session'] = intval($_GET['id_session']); $sql = 'SELECT name FROM ' . $tbl_session . ' WHERE id="' . intval($_SESSION['id_session']) . '"'; $rs = Database::query($sql); list($_SESSION['session_name']) = Database::fetch_array($rs); } else { Session::erase('session_name'); Session::erase('id_session'); } if (!isset($_SESSION['login_as'])) { //Course login if (isset($_user['user_id'])) { event_course_login($_course['sysCode'], $_user['user_id'], api_get_session_id()); } } } else { //exit("WARNING UNDEFINED CID !! "); header('location:' . api_get_path(WEB_PATH)); } } else { Session::erase('_cid'); Session::erase('_real_cid'); Session::erase('_course'); if (!empty($_SESSION)) { foreach ($_SESSION as $key => $session_item) { if (strpos($key, 'lp_autolunch_') === false) { continue; } else { if (isset($_SESSION[$key])) { Session::erase($key); } } } } //Deleting session info if (api_get_session_id()) { Session::erase('id_session'); Session::erase('session_name'); } } } else { // Continue with the previous values if (empty($_SESSION['_course']) or empty($_SESSION['_cid'])) { //no previous values... $_cid = -1; //set default values that will be caracteristic of being unset $_course = -1; } else { $_cid = $_SESSION['_cid']; $_course = $_SESSION['_course']; // these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid. // Moreover, if we want to track a course with another session it can be usefull if (!empty($_GET['id_session'])) { $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $sql = 'SELECT name FROM ' . $tbl_session . ' WHERE id="' . intval($_SESSION['id_session']) . '"'; $rs = Database::query($sql); list($_SESSION['session_name']) = Database::fetch_array($rs); $_SESSION['id_session'] = intval($_GET['id_session']); } if (!isset($_SESSION['login_as'])) { $save_course_access = true; //The value $_dont_save_user_course_access should be added before the call of global.inc.php see the main/inc/chat.ajax.php file //Disables the updates in the TRACK_E_COURSE_ACCESS table if (isset($_dont_save_user_course_access) && $_dont_save_user_course_access == true) { $save_course_access = false; } if ($save_course_access) { $course_tracking_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); /* * When $_configuration['session_lifetime'] is too big 100 hours (in order to let users take exercises with no problems) * the function Tracking::get_time_spent_on_the_course() returns big values (200h) due the condition: * login_course_date > now() - INTERVAL $session_lifetime SECOND * */ /* if (isset($_configuration['session_lifetime'])) { $session_lifetime = $_configuration['session_lifetime']; } else { $session_lifetime = 3600; // 1 hour } */ $session_lifetime = 3600; // 1 hour $course_code = $_course['sysCode']; $time = api_get_utc_datetime(); if (isset($_user['user_id']) && !empty($_user['user_id'])) { //We select the last record for the current course in the course tracking table //But only if the login date is < than now + max_life_time $sql = "SELECT course_access_id FROM {$course_tracking_table}\n WHERE user_id = " . intval($_user['user_id']) . " AND\n course_code = '{$course_code}' AND\n session_id = " . api_get_session_id() . " AND\n login_course_date > now() - INTERVAL {$session_lifetime} SECOND\n ORDER BY login_course_date DESC LIMIT 0,1"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $i_course_access_id = Database::result($result, 0, 0); //We update the course tracking table $sql = "UPDATE {$course_tracking_table} SET logout_course_date = '{$time}', counter = counter+1\n WHERE course_access_id = " . intval($i_course_access_id) . " AND session_id = " . api_get_session_id(); //error_log($sql); Database::query($sql); } else { $sql = "INSERT INTO {$course_tracking_table} (course_code, user_id, login_course_date, logout_course_date, counter, session_id)" . "VALUES('" . $course_code . "', '" . $_user['user_id'] . "', '{$time}', '{$time}', '1','" . api_get_session_id() . "')"; //error_log($sql); Database::query($sql); } } } } } } /* COURSE / USER REL. INIT */ $session_id = api_get_session_id(); $user_id = isset($_user['user_id']) ? $_user['user_id'] : null; //Course permissions $is_courseAdmin = false; //course teacher $is_courseTutor = false; //course teacher - some rights $is_courseMember = false; //course student //Course - User permissions $is_sessionAdmin = false; if ($reset) { if (isset($user_id) && $user_id && isset($_cid) && $_cid) { //Check if user is subscribed in a course $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); $sql = "SELECT * FROM {$course_user_table}\n WHERE user_id = '" . $user_id . "' AND relation_type <> " . COURSE_RELATION_TYPE_RRHH . "\n AND course_code = '{$course_id}'"; $result = Database::query($sql); $cuData = null; if (Database::num_rows($result) > 0) { // this user have a recorded state for this course $cuData = Database::fetch_array($result, 'ASSOC'); $is_courseAdmin = (bool) ($cuData['status'] == 1); $is_courseTutor = (bool) ($cuData['tutor_id'] == 1); $is_courseMember = true; //Checking if the user filled the course legal agreement if ($_course['activate_legal'] == 1 && !api_is_platform_admin()) { $user_is_subscribed = CourseManager::is_user_accepted_legal($user_id, $_course['id'], $session_id); if (!$user_is_subscribed) { $url = api_get_path(WEB_CODE_PATH) . 'course_info/legal.php?course_code=' . $_course['code'] . '&session_id=' . $session_id; header('Location: ' . $url); exit; } } $_courseUser['role'] = $cuData['role']; Session::write('_courseUser', $_courseUser); } //We are in a session course? Check session permissions if (!empty($session_id)) { //I'm not the teacher of the course if ($is_courseAdmin == false) { // this user has no status related to this course // The user is subscribed in a session? The user is a Session coach a Session admin ? $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); //Session coach, session admin, course coach admin $sql = "SELECT session.id_coach, session_admin_id, session_rcru.id_user\n \t\tFROM {$tbl_session} session, {$tbl_session_course_user} session_rcru\n\t\t\t\t\t WHERE session_rcru.id_session = session.id AND\n\t\t\t\t\t session_rcru.course_code = '{$_cid}' AND\n\t\t\t\t\t session_rcru.id_user = '******' AND\n session_rcru.id_session = {$session_id} AND\n\t\t\t\t\t session_rcru.status = 2"; $result = Database::query($sql); $row = Database::store_result($result); //I'm a session admin? if (isset($row) && isset($row[0]) && $row[0]['session_admin_id'] == $user_id) { $_courseUser['role'] = 'Professor'; $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_courseCoach = false; $is_sessionAdmin = true; } else { //Im a coach or a student? $sql = "SELECT id_user, status FROM " . $tbl_session_course_user . "\n WHERE course_code = '{$_cid}' AND\n id_user = '******' AND\n id_session = '" . $session_id . "'\n LIMIT 1"; $result = Database::query($sql); if (Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); $session_course_status = $row['status']; switch ($session_course_status) { case '2': // coach - teacher $_courseUser['role'] = 'Professor'; $is_courseMember = true; $is_courseTutor = true; $is_courseCoach = true; $is_sessionAdmin = false; if (api_get_setting('extend_rights_for_coach') == 'true') { $is_courseAdmin = true; } else { $is_courseAdmin = false; } Session::write('_courseUser', $_courseUser); break; case '0': //student $is_courseMember = true; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; Session::write('_courseUser', $_courseUser); break; default: //unregister user $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; Session::erase('_courseUser'); break; } } else { //unregister user $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; Session::erase('_courseUser'); } } } //If I'm the admin platform i'm a teacher of the course if ($is_platformAdmin) { $is_courseAdmin = true; } } } else { // keys missing => not anymore in the course - user relation // course $is_courseMember = false; $is_courseAdmin = false; $is_courseTutor = false; $is_courseCoach = false; $is_sessionAdmin = false; Session::erase('_courseUser'); } //Checking the course access $is_allowed_in_course = false; if (isset($_course)) { switch ($_course['visibility']) { case COURSE_VISIBILITY_OPEN_WORLD: //3 $is_allowed_in_course = true; break; case COURSE_VISIBILITY_OPEN_PLATFORM: //2 if (isset($user_id) && !api_is_anonymous($user_id)) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_REGISTERED: //1 if ($is_platformAdmin || $is_courseMember) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_CLOSED: //0 if ($is_platformAdmin || $is_courseAdmin) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_HIDDEN: //4 if ($is_platformAdmin) { $is_allowed_in_course = true; } break; } } // check the session visibility if ($is_allowed_in_course == true) { //if I'm in a session if ($session_id != 0) { if (!$is_platformAdmin) { // admin and session coach are *not* affected to the invisible session mode // the coach is not affected because he can log in some days after the end date of a session $session_visibility = api_get_session_visibility($session_id); switch ($session_visibility) { case SESSION_INVISIBLE: $is_allowed_in_course = false; break; } //checking date } } } // save the states Session::write('is_courseAdmin', $is_courseAdmin); Session::write('is_courseMember', $is_courseMember); Session::write('is_courseTutor', $is_courseTutor); Session::write('is_courseCoach', $is_courseCoach); Session::write('is_allowed_in_course', $is_allowed_in_course); Session::write('is_sessionAdmin', $is_sessionAdmin); } else { // continue with the previous values if (isset($_SESSION['_courseUser'])) { $_courseUser = $_SESSION['_courseUser']; } $is_courseAdmin = $_SESSION['is_courseAdmin']; $is_courseTutor = $_SESSION['is_courseTutor']; $is_courseCoach = $_SESSION['is_courseCoach']; $is_courseMember = $_SESSION['is_courseMember']; $is_allowed_in_course = $_SESSION['is_allowed_in_course']; } }
} else { Session::write('id_session', $sessionId); } } } if ($groupReset) { Session::erase('_gid'); if (!empty($groupId)) { Session::write('_gid', $groupId); } } if (!isset($_SESSION['login_as'])) { $userId = api_get_user_id(); // Course login if (isset($userId)) { event_course_login(api_get_course_int_id(), $userId, api_get_session_id()); } } }; /** Only course admin has access. */ $userCourseAdmin = function (Request $request) use($app) { if (api_is_allowed_to_edit()) { return null; } else { return $app->abort(401); } }; /** Set user permissions inside a course teacher? coach? etc */ $userPermissionsInsideACourse = function (Request $request) use($app) { $courseId = api_get_course_int_id(); $userId = api_get_user_id();