function ldap_auth()
{
$ldap_server = 'ldap://127.0.0.1/';
$ldap_domain = 'dc=rugion,dc=ru';
//$ldap_userbase = 'ou=users,ou=chelyabinsk,' . $ldap_domain;
//$ldap_user = '******' . $_SERVER['PHP_AUTH_USER'] . ',' . $ldap_userbase;
$ldap_user = '******';
$ldap_pass = $_SERVER['PHP_AUTH_PW'];
$ldapconn_s = ldap_connect($ldap_server) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn_s, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($ldapconn_s) {
$ldapbind_s = @ldap_bind($ldapconn_s);
$result = ldap_search($ldapconn_s, $ldap_domain, "(&(uid=" . $_SERVER['PHP_AUTH_USER'] . ")(objectClass=sambaSamAccount)(!(sambaAcctFlags=[DU ])))");
$info = ldap_get_entries($ldapconn_s, $result);
$ldap_user = $info[0]["dn"];
}
ldap_close($ldapconn_s);
// connect to ldap server
$ldapconn = ldap_connect($ldap_server) or die("Could not connect to LDAP server.");
ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
if ($ldapconn) {
// try to bind/authenticate against ldap
$ldapbind = @ldap_bind($ldapconn, $ldap_user, $ldap_pass) || forbidden();
// "LDAP bind successful...";
error_log("success: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER']);
}
ldap_close($ldapconn);
}
if (!(resource_access($visible, $public) or isset($status) and $status == USER_TEACHER)) {
not_found($downloadDir);
}
}
// Allow unlimited time for creating the archive
set_time_limit(0);
if ($format == '.dir') {
$real_filename = $real_filename . '.zip';
$dload_filename = $webDir . '/courses/temp/' . safe_filename('zip');
zip_documents_directory($dload_filename, $downloadDir, $can_upload);
$delete = true;
} elseif ($extra_path) {
if ($real_path = common_doc_path($extra_path, true)) {
// Common document
if (!$common_doc_visible) {
forbidden($downloadDir);
}
$dload_filename = $real_path;
$delete = false;
} else {
// External document - redirect to URL
redirect($extra_path);
}
} else {
$dload_filename = $basedir . $downloadDir;
$delete = false;
}
send_file_to_client($dload_filename, $real_filename, null, true, $delete);
exit;
}
if ($can_upload) {
<?php
// +-------------------------------------------------+
// © 2002-2004 PMB Services / www.sigb.net pmb@sigb.net et contributeurs (voir www.sigb.net)
// +-------------------------------------------------+
// $Id: global_vars.inc.php,v 1.9 2008-09-23 22:16:29 dbellamy Exp $
// fichier de configuration générale
// prevents direct script access
pt_register("SERVER", "REQUEST_URI");
if (preg_match('/global_vars\\.inc\\.php/', $REQUEST_URI)) {
require_once './forbidden.inc.php';
forbidden();
}
/* VERSION SUPER GLOBALS */
/* on commence par tout unset... */
//$arr = array_merge(&$_ENV, &$_GET, &$_POST, &$_COOKIE, &$_FILES, &$_REQUEST, &$_SERVER);
//while(list($__key__PMB) = each($arr)) unset(${$__key__PMB});
//$arr = array_merge(&$HTTP_GET_VARS, &$HTTP_POST_VARS,&$HTTP_POST_FILES,&$HTTP_COOKIE_VARS, &$HTTP_SERVER_VARS, &$HTTP_ENV_VARS );
//while(list($__key__PMB) = each($arr)) unset(${$__key__PMB});
function add_sl(&$var)
{
if (is_array($var)) {
reset($var);
while (list($k, $v) = each($var)) {
add_sl($var[$k]);
}
} else {
$var = addslashes($var);
}
}
/* on récupère tout sans se poser de question, attention à la sécurité ! */
$db = preg_replace('/[^a-z0-9]/i', '', $db);
try {
$tt = @Tyrant::connect("/tmp/{$db}.sock", 0);
} catch (Tyrant_Exception $e) {
include "../lib/spyc.php";
if (!file_exists("../{$db}.yaml")) {
forbidden('genome does not exist');
}
$genome_config = Spyc::YAMLLoad("../{$db}.yaml");
try {
if (!is_array($genome_config['output_tch'])) {
throw new Exception("ttserver should be local");
}
$tt = @Tyrant::connect($genome_config['output_tch'][0], $genome_config['output_tch'][1]);
} catch (Exception $e) {
forbidden('Could not connect to ttserver');
}
}
header('Content-Type: ' . (substr($f, -4) == ".png" ? 'image/png' : 'application/json'));
$value = $tt[$f];
if ($value === null) {
header('HTTP/1.1 404 Not Found');
} else {
header('Expires: ' . gmdate("D, d M Y H:i:s", time() + 60 * 60 * 3) . " GMT");
header('Cache-Control: public, max-age=10800');
if ($value == '-') {
echo $tt['.null'];
} else {
echo $value;
}
}
require_once 'modules/auth/auth.inc.php';
require_once 'include/lib/hierarchy.class.php';
require_once 'include/lib/user.class.php';
require_once 'modules/admin/custom_profile_fields_functions.php';
$tree = new Hierarchy();
$user = new User();
$toolName = $langMyProfile;
$userdata = array();
if (isset($_GET['id']) and isset($_GET['token'])) {
$id = intval($_GET['id']);
if (!token_validate($id, $_GET['token'], 3600)) {
forbidden($_SERVER['REQUEST_URI']);
}
$pageName = $langUserProfile;
} else {
$id = $uid;
}
$userdata = Database::get()->querySingle("SELECT surname, givenname, username, email, status, phone, am, registered_at,
has_icon, description, password,
email_public, phone_public, am_public
FROM user
WHERE id = ?d", $id);
if ($userdata) {
$auth = array_search($userdata->password, $auth_ids);
if (!$auth) {
function receive_body($ch, $body_data)
{
global $header, $header_parsed, $is_track, $body_buffer;
$len = strlen($body_data);
$content_type = NULL;
$header_lines = preg_split('/[\\r\\n]+/', $header);
foreach ($header_lines as $index => $line) {
if (preg_match('/^\\s*Content-Type\\s*:\\s*(.*)/i', $line, $matches)) {
$content_type = $matches[1];
}
}
if ($content_type !== NULL && strpos($content_type, 'text/plain') === FALSE) {
if (!headers_sent()) {
forbidden();
}
return $len;
}
if (!headers_sent()) {
header('Content-Type: ' . $content_type);
}
if ($is_track === NULL) {
$body_buffer .= $body_data;
$is_track = is_track($body_buffer);
if ($is_track) {
echo $body_buffer;
flush();
}
} elseif ($is_track === TRUE) {
echo $body_data;
flush();
} elseif ($is_track === FALSE) {
if (!headers_sent()) {
forbidden();
}
return $len;
}
return $len;
}
function requirelogin()
{
if (loggedin()) {
return;
}
if (isset($_REQUEST["async"])) {
forbidden();
}
$_SESSION["nextpage"] = $_SERVER["REQUEST_URI"];
include "content/login.php";
exit;
}
include "{$file_reg}";
echo $language['back_topindex'];
} elseif ($id == "profile") {
echo $language['title_profile'];
include "{$file_check_auth}";
include "{$file_profile}";
} else {
if ($forum_ext != "") {
if ($forums['rights'][$forum_id] <= $user_rights) {
if ($vars['log_index'] == "true") {
include "{$file_write_log}";
}
echo "<center><b>" . $forums['title'][$forum_id] . "</b></center>";
include "{$file_showall}";
} else {
forbidden($forums['rights'][$forum_id]);
}
} else {
echo $language['version_1.7'][1];
include "{$file_all_forums}";
}
}
} else {
echo "{$text_error}";
}
echo "<hr class=tbl1><center>";
include "{$file_buttons}";
echo "</center><hr class=tbl1>";
if ($vars['show_statistic'] == "true") {
include "{$file_statistic}";
}
private function keys()
{
$pattern = isAke($this->args, 'pattern');
if (!strlen($pattern)) {
forbidden('no pattern');
}
$keys = glob($this->dir . $pattern);
$collection = array();
if (!empty($keys)) {
foreach ($keys as $key) {
$key = str_replace($this->dir, '', $key);
array_push($collection, $key);
}
}
success($collection);
}
function rss_check_access()
{
global $course_code, $course_id, $course_status, $module_id;
if (isset($_GET['c'])) {
$course_code = $_GET['c'];
$course_id = course_code_to_id($course_code);
$course_status = course_status($course_id);
} else {
$course_code = '';
$course_id = false;
}
if ($course_id === false) {
header("HTTP/1.0 404 Not Found");
echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head>', '<title>404 Not Found</title></head><body>', '<h1>Not Found</h1><p>The requested course "', htmlspecialchars($course_code), '" does not exist.</p></body></html>';
exit;
}
if ($course_status == COURSE_INACTIVE or !visible_module($module_id) or $course_status != COURSE_OPEN and !(isset($_GET['token']) and isset($_GET['uid']) and rss_token_valid($_GET['token'], $_GET['uid']))) {
forbidden($_SERVER['REQUEST_URI']);
}
}
print ' <script src="/js/init.js"></script>' . "\n";
print ' <script src="/js/main.js"></script>' . "\n";
// Plotting tools
print ' <script src="/jsplots/plotly-latest.min.js"></script>' . "\n";
print ' <script src="/jsplots/initPlots.js"></script>' . "\n";
print ' <script src="/jsplots/plots.js"></script>' . "\n";
print ' <noscript>' . "\n";
print ' <link rel="stylesheet" href="/css/skel-noscript.css" />' . "\n";
print ' <link rel="stylesheet" href="/css/style.css" />' . "\n";
print ' <link rel="stylesheet" href="/css/style-wide.css" />' . "\n";
print ' </noscript>' . "\n";
print ' <check if="isset({{@css_bundle}})"><link href="{{@css_bundle}}" rel="stylesheet" media="screen"></check>' . "\n";
print ' </head>' . "\n";
print ' <body>' . "\n";
// Check access rights - basics
if (forbidden()) {
exitAccessError();
}
print ' <div id="header" class="skel-panels-fixed">' . "\n";
print ' <div class="top">' . "\n";
print ' <div id="logo" >' . "\n";
print ' <span class="image tapas"><img class="rounded" src="/img/tapas.jpg" alt="" /></span>' . "\n";
print ' <h1 id="title"><a href="/">TAPAS</a></h1>' . "\n";
print ' <hr>' . "\n";
print ' <span class="byline">Teaching Assistants</span>' . "\n";
print ' <span class="byline">Physics department</span>' . "\n";
print ' <span class="byline">Assignment System</span>' . "\n";
print ' <span class="byline">MIT</span>' . "\n";
print ' <hr>' . "\n";
print ' </div>' . "\n";
print ' <nav id="nav">' . "\n";
error($langNoRead);
}
}
$file_info = public_path_to_disk_path($path_components);
if (!$is_editor and !resource_access($file_info->visible, $file_info->public)) {
error($langNoRead);
}
if ($file_info->extra_path) {
// $disk_path is set if common file link
$disk_path = common_doc_path($file_info->extra_path, true);
if (!$disk_path) {
// external file URL
header("Location: {$file_info->extra_path}");
exit;
} elseif (!$common_doc_visible) {
forbidden(preg_replace('/^.*file\\.php/', '', $uri));
}
} else {
// Normal file
$disk_path = $basedir . $file_info->path;
}
if (file_exists($disk_path)) {
if (!$is_in_playmode) {
$valid = $uid || course_status($course_id) == COURSE_OPEN ? true : token_validate($file_info->path, $_GET['token'], 30);
if (!$valid) {
not_found(preg_replace('/^.*file\\.php/', '', $uri));
exit;
}
send_file_to_client($disk_path, $file_info->filename);
} else {
require_once 'include/lib/fileDisplayLib.inc.php';
}
$db = urlencode(isset($_GET['db']) ? preg_replace('/[^a-z0-9]/i', '', $_GET['db']) : 'hg18');
// This UCSC CGI expects 0-based coordinates
$left = max(intval($_GET['left']) - 1, 0);
$right = max(intval($_GET['right']) - 1, 0);
if (!file_exists("../{$db}.yaml")) {
forbidden('genome does not exist');
}
$genome_config = Spyc::YAMLLoad("../{$db}.yaml");
$ucsc_config = Spyc::YAMLLoad("../ucsc.yaml");
if (!$genome_config['bppp_limits']['nts_below']) {
forbidden('no nt segments available for this genome');
}
$max_length = $genome_config['max_nt_request'];
if ($right - $left <= 0 || $right - $left > $max_length) {
forbidden('invalid segment length');
}
$chr_order = $genome_config['chr_order'];
$chr_lengths = $genome_config['chr_lengths'];
$dna_url = $ucsc_config['browser_hosts']['local'] . $ucsc_config['browser_urls']['dna'];
$pos = 0;
$queries = array();
foreach ($chr_order as $chr) {
$len = $chr_lengths[$chr];
$next_pos = $pos + $len;
if ($left < $next_pos && $right > $pos) {
array_push($queries, array($db, $chr, max($left - $pos, 0), min($right - $pos, $len)));
}
$pos = $next_pos;
}
$pad_end = max($right - $pos, 0);
$response->getBody()->write(json_encode(array("code" => 200, "message" => "OK")));
return $response;
} catch (PDOException $e) {
return handleError($e, $response);
}
});
$app->post('/api/bids/place', function (Request $request, Response $response) {
if (!array_key_exists('cst_session_id', $request->getCookieParams())) {
logger($this)->addWarning('No contractor session id', getPath($request));
return forbidden($response);
}
$customerSessionId = $request->getCookieParams()["cst_session_id"];
$customer = getCustomer($customerSessionId);
if (!isset($customer)) {
logger($this)->addWarning('No contractor found by session id', array('cst_session_id' => $customerSessionId, 'uri' => $request->getUri()->getPath()));
return forbidden($response);
}
$bid = json_decode($request->getBody());
list($product, $amount, $price) = parseBid($bid);
if (!isset($product)) {
logger($this)->addWarning('Wrong bid', getPath($request));
return badRequest($response);
}
$customerId = $customer['id'];
if ($price > $customer['amount']) {
logger($this)->addWarning("Customer doesn't have enough funds to place the bid with price", array('customer_id' => $customerId, 'price' => $price));
return conflict($response);
}
try {
$bidId = insertBid($product, $amount, $price, $customerId);
$response->getBody()->write("api/bids/{$bidId}");
/**
* Clone an Exercise
*/
function duplicate() {
global $langCopy2, $course_id;
$clone_course_id = $_POST['clone_to_course_id'];
if (!check_editor(null, $clone_course_id)) {
forbidden();
}
$id = $this->id;
$exercise = $this->exercise.(($clone_course_id == $course_id)? " ($langCopy2)" : '');
$description = standard_text_escape($this->description);
$type = $this->type;
$startDate = $this->startDate;
$endDate = $this->endDate;
$tempSave = $this->tempSave;
$timeConstraint = $this->timeConstraint;
$attemptsAllowed = $this->attemptsAllowed;
$random = $this->random;
$active = $this->active;
$public = $this->public;
$results = $this->results;
$score = $this->score;
$ip_lock = $this->ip_lock;
$password_lock = $this->password_lock;
$assign_to_specific = $this->assign_to_specific;
$clone_id = Database::get()->query("INSERT INTO `exercise` (course_id, title, description, type, start_date,
end_date, temp_save, time_constraint, attempts_allowed, random, active, results, score, ip_lock, password_lock, assign_to_specific)
VALUES (?d, ?s, ?s, ?d, ?t, ?t, ?d, ?d, ?d, ?d, ?d, ?d, ?d, ?s, ?s, ?d)",
$clone_course_id, $exercise, $description, $type, $startDate, $endDate, $tempSave,
$timeConstraint, $attemptsAllowed, $random, $active, $results, $score, $ip_lock, $password_lock, $assign_to_specific)->lastInsertID;
if ($assign_to_specific) {
Database::get()->query("INSERT INTO `exercise_to_specific` (user_id, group_id, exercise_id)
SELECT user_id, group_id, ?d FROM `exercise_to_specific`
WHERE exercise_id = ?d", $clone_id, $id)->lastInsertID;
}
if ($clone_course_id != $course_id) {
// copy questions and answers to new course question pool
Database::get()->queryFunc("SELECT question_id AS id FROM exercise_with_questions
WHERE exercise_id = ?d",
function ($question) use ($clone_id, $clone_course_id) {
$question_clone_id = Database::get()->query("INSERT INTO exercise_question
(course_id, question, description, weight, q_position, type, difficulty, category)
SELECT ?d, question, description, weight, q_position, type, difficulty, 0
FROM `exercise_question` WHERE id = ?d", $clone_course_id, $question->id)->lastInsertID;
Database::get()->query("INSERT INTO exercise_with_questions
(question_id, exercise_id) VALUES (?d, ?d)", $question_clone_id, $clone_id);
Database::get()->query("INSERT INTO exercise_answer
(question_id, answer, correct, comment, weight, r_position)
SELECT ?d, answer, correct, comment, weight, r_position FROM exercise_answer
WHERE question_id = ?d",
$question_clone_id, $question->id);
},
$id);
} else {
// add question to new exercise
Database::get()->query("INSERT INTO `exercise_with_questions`
(question_id, exercise_id)
SELECT question_id, ?d FROM `exercise_with_questions`
WHERE exercise_id = ?d", $clone_id, $id);
}
}
//echo("$user_rights==".$themes_data[$i]['rights']);
if ($user_rights < $themes_data[$i]['rights']) {
forbidden($themes_data[$i]['rights']);
$error = true;
}
if ($error == false) {
if ($themes_data[$i]['names'] != "") {
$names = explode(",", $themes_data[$i]['names']);
$ok = false;
for ($s = 0; $s < count($names); $s++) {
if ($names[$s] == $CURRENT_USER["id"]) {
$ok = true;
}
}
if ($ok == false && $user_rights < $themes_data[$i]['namesrights']) {
forbidden($themes_data[$i]['namesrights']);
$error = true;
}
}
}
if ($error == false) {
$viewed = false;
$ipss = array();
$ipss = explode($smb, $themes_data[$i]['ips']);
$ip = get_ip_address();
for ($f = 0; $f < count($ipss); $f++) {
if ($ip == $ipss[$f]) {
$viewed = true;
}
}
if ($viewed == false) {
