*
*/
$require_login = true;
$require_valid_uid = true;
$mail_ver_excluded = true;
include '../../include/baseTheme.php';
include 'include/sendMail.inc.php';
$pageName = $langMailVerify;
$uid = isset($_SESSION['uid']) && !empty($_SESSION['uid']) ? $_SESSION['uid'] : NULL;
if (empty($uid)) {
$tool_content .= "<div class='alert alert-danger'>{$langMailVerificationError2}</div> ";
draw($tool_content, 0);
exit;
}
// user might already verified mail account or verification is no more needed
if (!get_config('email_verification_required') or get_mail_ver_status($uid) == EMAIL_VERIFIED) {
if (isset($_SESSION['mail_verification_required'])) {
unset($_SESSION['mail_verification_required']);
}
header("Location:" . $urlServer);
exit;
}
if (!empty($_POST['submit'])) {
if (!empty($_POST['email']) && email_seems_valid($_POST['email'])) {
$email = $_POST['email'];
// user put a new email address update db and session
if ($email != $_SESSION['email']) {
$_SESSION['email'] = $email;
Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid);
}
//send new code
} else {
// change email subscription for all courses
foreach ($_SESSION['courses'] as $course_code => $c_value) {
if (@array_key_exists($course_code, $_POST['c_unsub'])) {
Database::get()->query("UPDATE course_user SET receive_mail = 1\n WHERE user_id = ?d AND course_id = " . course_code_to_id($course_code), $uid);
} else {
Database::get()->query("UPDATE course_user SET receive_mail = 0\n WHERE user_id = ?d AND course_id = " . course_code_to_id($course_code), $uid);
}
}
$tool_content .= "<div class='alert alert-success'>{$langWikiEditionSucceed}. <br /></div>" . action_bar(array(array('title' => $langBack, 'url' => "../profile/profile.php", 'icon' => 'fa-reply', 'level' => 'primary-label')));
}
} else {
$tool_content .= action_bar(array(array('title' => $langBack, 'url' => 'display_profile.php', 'icon' => 'fa-reply', 'level' => 'primary-label')));
$tool_content .= "<form action='{$_SERVER['SCRIPT_NAME']}' method='post'>";
if (get_config('email_verification_required') && get_config('dont_mail_unverified_mails')) {
$user_email_status = get_mail_ver_status($uid);
if ($user_email_status == EMAIL_VERIFICATION_REQUIRED or $user_email_status == EMAIL_UNVERIFIED) {
$link = "<a href = '../auth/mail_verify_change.php?from_profile=TRUE'>{$langHere}</a>.";
$tool_content .= "<div class='alert alert-warning'>{$langMailNotVerified} {$link}</div>";
}
}
if (!get_user_email_notification_from_courses($uid)) {
$head_content .= '<script type="text/javascript">$(control_deactivate);</script>';
$tool_content .= "<div class='alert alert-info'>{$langEmailUnsubscribeWarning}</div>\n <input type='checkbox' id='unsub' name='unsub' value='1'> {$langEmailFromCourses}";
}
$tool_content .= "<div class='alert alert-info'>{$langInfoUnsubscribe}</div>\n <div id='unsubscontrols'>";
if (isset($_POST['cid'])) {
// one course only
$cid = intval($_POST['cid']);
$course_title = course_id_to_title($cid);
$selected = get_user_email_notification($uid, $cid) ? 'checked' : '';
/**
* @brief checks if user is notified via email from a given course
* @param type $user_id
* @param type $course_id
* @return boolean
*/
function get_user_email_notification($user_id, $course_id = null)
{
// checks if a course is active or not
if (isset($course_id)) {
if (course_status($course_id) == COURSE_INACTIVE) {
return false;
}
}
// checks if user has verified his email address
if (get_config('email_verification_required') && get_config('dont_mail_unverified_mails')) {
$verified_mail = get_mail_ver_status($user_id);
if ($verified_mail == EMAIL_VERIFICATION_REQUIRED or $verified_mail == EMAIL_UNVERIFIED) {
return false;
}
}
// checks if user has choosen not to be notified by email from all courses
if (!get_user_email_notification_from_courses($user_id)) {
return false;
}
if (isset($course_id)) {
// finally checks if user has choosen not to be notified from a specific course
$r = Database::get()->querySingle("SELECT receive_mail FROM course_user\n WHERE user_id = ?d\n AND course_id = ?d", $user_id, $course_id);
if ($r) {
$row = $r->receive_mail;
return $row;
} else {
return false;
}
}
return true;
}
function shib_cas_login($type)
{
global $surname, $givenname, $email, $status, $language, $urlServer, $is_admin, $is_power_user, $is_usermanage_user, $is_departmentmanage_user, $langUserAltAuth;
$alt_auth_stud_reg = get_config('alt_auth_stud_reg');
if ($alt_auth_stud_reg == 2) {
$autoregister = TRUE;
} else {
$autoregister = FALSE;
}
if ($type == 'shibboleth') {
$uname = $_SESSION['shib_uname'];
$email = $_SESSION['shib_email'];
$shib_surname = $_SESSION['shib_surname'];
$shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6");
if ($shibsettings) {
if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') {
$shibseparator = $shibsettings->auth_settings;
}
if (strpos($shib_surname, $shibseparator)) {
$temp = explode($shibseparator, $shib_surname);
$givenname = $temp[0];
$surname = $temp[1];
}
}
} elseif ($type == 'cas') {
$uname = $_SESSION['cas_uname'];
$surname = $_SESSION['cas_surname'];
$givenname = $_SESSION['cas_givenname'];
$email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : '';
}
// user is authenticated, now let's see if he is registered also in db
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$r = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail\n\t\t\t\t\t\tFROM user WHERE username {$sqlLogin}", $uname);
if ($r) {
// if user found
foreach ($r as $info) {
if ($info->password != $type) {
// has different auth method - redirect to home page
unset($_SESSION['shib_uname']);
unset($_SESSION['shib_email']);
unset($_SESSION['shib_surname']);
unset($_SESSION['cas_uname']);
unset($_SESSION['cas_email']);
unset($_SESSION['cas_surname']);
unset($_SESSION['cas_givenname']);
Session::Messages($langUserAltAuth, 'alert-danger');
redirect_to_home_page();
} else {
// don't force email address from CAS/Shibboleth.
// user might prefer a different one
if (!empty($info->email)) {
$email = $info->email;
}
if (!empty($info->status)) {
$status = $info->status;
}
// update user information
Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s\n WHERE id = ?d", $surname, $givenname, $email, $info->id);
// check for admin privileges
$admin_rights = get_admin_rights($info->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1;
// admin user is always active
$_SESSION['is_admin'] = 1;
$is_admin = 1;
} elseif ($admin_rights == POWER_USER) {
$_SESSION['is_power_user'] = 1;
$is_power_user = 1;
} elseif ($admin_rights == USERMANAGE_USER) {
$_SESSION['is_usermanage_user'] = 1;
$is_usermanage_user = 1;
} elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
$_SESSION['is_departmentmanage_user'] = 1;
$is_departmentmanage_user = 1;
}
$_SESSION['uid'] = $info->id;
if (isset($_SESSION['langswitch'])) {
$language = $_SESSION['langswitch'];
} else {
$language = $info->lang;
}
}
}
} elseif ($autoregister and !get_config('am_required')) {
// else create him automatically
if (get_config('email_verification_required')) {
$verified_mail = 0;
$_SESSION['mail_verification_required'] = 1;
} else {
$verified_mail = 2;
}
$_SESSION['uid'] = Database::get()->query("INSERT INTO user SET surname = ?, givenname = ?, password = ?, \n username = ?s, email = ?s, status = ?d, lang = 'el', \n registered_at = " . DBHelper::timeAfter() . ", expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ", whitelist = ''", $surname, $givenname, $type, $uname, $email, USER_STUDENT)->lastInsertID;
$language = $_SESSION['langswitch'] = 'el';
} else {
// user not registered, automatic registration disabled
// redirect to registration screen
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
session_destroy();
header("Location: {$urlServer}modules/auth/registration.php");
exit;
}
$_SESSION['uname'] = $uname;
$_SESSION['surname'] = $surname;
$_SESSION['givenname'] = $givenname;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
//$_SESSION['is_admin'] = $is_admin;
$_SESSION['shib_user'] = 1;
// now we are shibboleth user
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action)\n\t\t\t\t\tVALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', " . DBHelper::timeAfter() . ", 'LOGIN')");
if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
// init.php is already loaded so redirect from here
header("Location:" . $urlServer . "modules/auth/mail_verify_change.php");
}
}
if (frm.elements["recipients[]"].selectedIndex < 0) {
alert("' . $langNoUserSelected . '");
return false;
} else {
return true;
}
}
</script>';
if ($course_id != 0) {
if ($status != USER_GUEST and !get_user_email_notification($uid, $course_id)) {
$tool_content .= "<div class='alert alert-warning'>$langNoUserEmailNotification
(<a href='{$urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langModify</a>)</div>";
}
} else {
if (!get_mail_ver_status($uid)) {
$tool_content .= "<div class='alert alert-warning'>$langNoUserEmailNotification
(<a href='{$urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langModify</a>)</div>";
}
}
$courseParam = ($course_id === 0) ? '' : '?course=' . $course_code;
if (isset($_GET['mid'])) {
if ($courseParam != '') {
$msg_id_param = '&mid='.intval($_GET['mid']);
} else {
$msg_id_param = '?mid='.intval($_GET['mid']);
}
} else {
$msg_id_param = '';
}
if (isset($_GET['from_profile'])) {
$navigation[] = array('url' => $urlAppend . 'main/profile/display_profile.php',
'name' => $langMyProfile);
}
$uid = (isset($_SESSION['uid']) && !empty($_SESSION['uid'])) ? $_SESSION['uid'] : NULL;
if (empty($uid)) {
$tool_content .= "<div class='alert alert-danger'>$langMailVerificationError2</div> ";
draw($tool_content, 0);
exit;
}
// email address may have already been verified or verification may no longer be needed
if (!get_config('email_verification_required') or
get_mail_ver_status($uid) == EMAIL_VERIFIED or
(isset($_POST['enter']) and !get_config('email_required'))) {
if (isset($_SESSION['mail_verification_required'])) {
unset($_SESSION['mail_verification_required']);
}
redirect_to_home_page('main/portfolio.php');
}
if (!empty($_POST['submit'])) {
if (!empty($_POST['email']) && email_seems_valid($_POST['email'])) {
$email = $_POST['email'];
// user put a new email address update db and session
if ($email != $_SESSION['email']) {
$_SESSION['email'] = $email;
Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid);
}
function shib_cas_login($type) {
global $surname, $givenname, $email, $status, $language, $session,
$urlServer, $is_admin, $is_power_user, $is_usermanage_user,
$is_departmentmanage_user, $langUserAltAuth, $langRegistrationDenied;
$alt_auth_stud_reg = get_config('alt_auth_stud_reg');
if ($alt_auth_stud_reg == 2) {
$autoregister = TRUE;
} else {
$autoregister = FALSE;
}
if ($type == 'shibboleth') {
$uname = $_SESSION['shib_uname'];
$email = $_SESSION['shib_email'];
$shib_surname = $_SESSION['shib_surname'];
$shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6");
if ($shibsettings) {
if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') {
$shibseparator = $shibsettings->auth_settings;
}
if (strpos($shib_surname, $shibseparator)) {
$temp = explode($shibseparator, $shib_surname);
$givenname = $temp[0];
$surname = $temp[1];
}
}
} elseif ($type == 'cas') {
$uname = $_SESSION['cas_uname'];
$surname = $_SESSION['cas_surname'];
$givenname = $_SESSION['cas_givenname'];
$email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : '';
$am = isset($_SESSION['cas_userstudentid']) ? $_SESSION['cas_userstudentid'] : '';
}
// Attributes passed to login_hook()
$attributes = array();
if (isset($_SESSION['cas_attributes'])) {
foreach ($_SESSION['cas_attributes'] as $name => $value) {
$attributes[strtolower($name)] = $value;
}
}
// user is authenticated, now let's see if he is registered also in db
if (get_config('case_insensitive_usernames')) {
$sqlLogin = "******";
} else {
$sqlLogin = "******";
}
$info = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail
FROM user WHERE username $sqlLogin", $uname);
if ($info) {
// if user found
if ($info->password != $type) {
// has different auth method - redirect to home page
unset($_SESSION['shib_uname']);
unset($_SESSION['shib_email']);
unset($_SESSION['shib_surname']);
unset($_SESSION['cas_uname']);
unset($_SESSION['cas_email']);
unset($_SESSION['cas_surname']);
unset($_SESSION['cas_givenname']);
unset($_SESSION['cas_userstudentid']);
Session::Messages($langUserAltAuth, 'alert-danger');
redirect_to_home_page();
} else {
// don't force email address from CAS/Shibboleth.
// user might prefer a different one
if (!empty($info->email)) {
$email = $info->email;
}
$userObj = new User();
$options = login_hook(array(
'user_id' => $info->id,
'attributes' => $attributes,
'status' => $info->status,
'departments' => $userObj->getDepartmentIds($info->id),
'am' => $am));
if (!$options['accept']) {
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
Session::Messages($langRegistrationDenied, 'alert-warning');
redirect_to_home_page();
}
$status = $options['status'];
// update user information
Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s,
status = ?d WHERE id = ?d",
$surname, $givenname, $email, $status, $info->id);
$userObj->refresh($info->id, $options['departments']);
user_hook($_SESSION['uid']);
// check for admin privileges
$admin_rights = get_admin_rights($info->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1; // admin user is always active
$_SESSION['is_admin'] = 1;
$is_admin = 1;
} elseif ($admin_rights == POWER_USER) {
$_SESSION['is_power_user'] = 1;
$is_power_user = 1;
} elseif ($admin_rights == USERMANAGE_USER) {
$_SESSION['is_usermanage_user'] = 1;
$is_usermanage_user = 1;
} elseif ($admin_rights == DEPARTMENTMANAGE_USER) {
$_SESSION['is_departmentmanage_user'] = 1;
$is_departmentmanage_user = 1;
}
$_SESSION['uid'] = $info->id;
if (isset($_SESSION['langswitch'])) {
$language = $_SESSION['langswitch'];
} else {
$language = $info->lang;
}
}
} elseif ($autoregister and !(get_config('am_required') and empty($am))) {
// if user not found and autoregister enabled, create user
$verified_mail = EMAIL_UNVERIFIED;
if (isset($_SESSION['cas_email'])) {
$verified_mail = EMAIL_VERIFIED;
} else { // redirect user to mail_verify_change.php
$_SESSION['mail_verification_required'] = 1;
}
$options = login_hook(array(
'user_id' => null,
'attributes' => $attributes,
'am' => $am));
if (!$options['accept']) {
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
Session::Messages($langRegistrationDenied, 'alert-warning');
redirect_to_home_page();
}
$status = $options['status'];
$_SESSION['uid'] = Database::get()->query("INSERT INTO user
SET surname = ?s, givenname = ?s, password = ?s,
username = ?s, email = ?s, status = ?d, lang = ?s,
am = ?s, verified_mail = ?d,
registered_at = " . DBHelper::timeAfter() . ",
expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ",
whitelist = ''",
$surname, $givenname, $type, $uname, $email, $status,
$language, $options['am'], $verified_mail)->lastInsertID;
$userObj = new User();
$userObj->refresh($_SESSION['uid'], $options['departments']);
user_hook($_SESSION['uid']);
} else {
// user not registered, automatic registration disabled
// redirect to registration screen
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
session_destroy();
redirect_to_home_page('modules/auth/registration.php');
exit;
}
$_SESSION['uname'] = $uname;
$_SESSION['surname'] = $surname;
$_SESSION['givenname'] = $givenname;
$_SESSION['email'] = $email;
$_SESSION['status'] = $status;
//$_SESSION['is_admin'] = $is_admin;
$_SESSION['shib_user'] = 1; // now we are shibboleth user
Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action)
VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', " . DBHelper::timeAfter() . ", 'LOGIN')");
$session->setLoginTimestamp();
if (get_config('email_verification_required') and
get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) {
$_SESSION['mail_verification_required'] = 1;
// init.php is already loaded so redirect from here
redirect_to_home_page('modules/auth/mail_verify_change.php');
}
}