/** * Like {@link get_script_path()} but returns a URI relative to WWWROOT * @see get_script_path() * @return string */ function get_relative_script_path() { $maharadir = get_mahara_install_subdirectory(); // $maharadir always has a trailing '/' return substr(get_script_path(), strlen($maharadir) - 1); }
/** * Like {@link me()} but returns a full URL * @see me() * @return string */ function get_full_script_path() { global $CFG; if (!empty($CFG->wwwroot)) { $url = parse_url($CFG->wwwroot); } if (!empty($url['host'])) { $hostname = $url['host']; } else { if (!empty($_SERVER['SERVER_NAME'])) { $hostname = $_SERVER['SERVER_NAME']; } else { if (!empty($_ENV['SERVER_NAME'])) { $hostname = $_ENV['SERVER_NAME']; } else { if (!empty($_SERVER['HTTP_HOST'])) { $hostname = $_SERVER['HTTP_HOST']; } else { if (!empty($_ENV['HTTP_HOST'])) { $hostname = $_ENV['HTTP_HOST']; } else { log_warn('Warning: could not find the name of this server!'); return false; } } } } } if (!empty($url['port'])) { $hostname .= ':' . $url['port']; } else { if (!empty($_SERVER['SERVER_PORT'])) { if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) { $hostname .= ':' . $_SERVER['SERVER_PORT']; } } } if (isset($_SERVER['HTTPS'])) { $protocol = $_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://'; } else { if (isset($_SERVER['SERVER_PORT'])) { # Apache2 does not export $_SERVER['HTTPS'] $protocol = $_SERVER['SERVER_PORT'] == '443' ? 'https://' : 'http://'; } else { $protocol = 'http://'; } } $url_prefix = $protocol . $hostname; return $url_prefix . get_script_path(); }
function perf_to_log($info = null) { if (!get_config('perftolog')) { return true; } if (empty($info)) { $info = get_performance_info(); } $logstring = 'PERF: ' . strip_querystring(get_script_path()) . ': '; $logstring .= ' memory_total: ' . $info['memory_total'] . 'B (' . display_size($info['memory_total']) . ') memory_growth: ' . $info['memory_growth'] . 'B (' . display_size($info['memory_growth']) . ')'; $logstring .= ' time: ' . $info['realtime'] . 's'; $logstring .= ' includecount: ' . $info['includecount']; $logstring .= ' dbqueries: ' . $info['dbreads'] . ' reads, ' . $info['dbwrites'] . ' writes, ' . $info['dbcached'] . ' cached'; $logstring .= ' ticks: ' . $info['ticks'] . ' user: '******'utime'] . ' sys: ' . $info['stime'] . ' cuser: '******'cutime'] . ' csys: ' . $info['cstime']; $logstring .= ' serverload: ' . $info['serverload']; log_debug($logstring); }
/** * Called when the login form is submitted. Validates the user and password, and * if they are valid, starts a new session for the user. * * @param object $form The Pieform form object * @param array $values The submitted values * @access private */ function login_submit(Pieform $form, $values) { global $SESSION, $USER; $username = $values['login_username']; $password = $values['login_password']; $authenticated = false; $oldlastlogin = 0; try { $authenticated = $USER->login($username, $password); if (empty($authenticated)) { $SESSION->add_error_msg(get_string('loginfailed')); return; } } catch (AuthUnknownUserException $e) { // If the user doesn't exist, check for institutions that // want to create users automatically. try { // Reset the LiveUser object, since we are attempting to create a // new user $SESSION->destroy_session(); $USER = new LiveUser(); $authinstances = get_records_sql_array(' SELECT a.id, a.instancename, a.priority, a.authname, a.institution, i.suspended, i.displayname FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name ORDER BY a.institution, a.priority, a.instancename', null); if ($authinstances == false) { throw new AuthUnknownUserException("\"{$username}\" is not known"); } $USER->username = $username; reset($authinstances); while ((list(, $authinstance) = each($authinstances)) && false == $authenticated) { $auth = AuthFactory::create($authinstance->id); if (!$auth->can_auto_create_users()) { continue; } // catch semi-fatal auth errors, but allow next auth instance to be // tried try { if ($auth->authenticate_user_account($USER, $password)) { $authenticated = true; } else { continue; } } catch (AuthInstanceException $e) { continue; } // Check now to see if the institution has its maximum quota of users require_once 'institution.php'; $institution = new Institution($authinstance->institution); if ($institution->isFull()) { throw new AuthUnknownUserException('Institution has too many users'); } $USER->authinstance = $authinstance->id; $userdata = $auth->get_user_info($username); if (empty($userdata)) { throw new AuthUnknownUserException("\"{$username}\" is not known"); } // Check for a suspended institution if ($authinstance->suspended) { $sitename = get_config('sitename'); throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename)); } // We have the data - create the user $USER->lastlogin = db_format_timestamp(time()); if (isset($userdata->firstname)) { $USER->firstname = $userdata->firstname; } if (isset($userdata->lastname)) { $USER->lastname = $userdata->lastname; } if (isset($userdata->email)) { $USER->email = $userdata->email; } else { // The user will be asked to populate this when they log in. $USER->email = null; } try { // If this authinstance is a parent auth for some xmlrpc authinstance, pass it along to create_user // so that this username also gets recorded as the username for sso from the remote sites. $remoteauth = count_records('auth_instance_config', 'field', 'parent', 'value', $authinstance->id) ? $authinstance : null; create_user($USER, array(), $institution, $remoteauth); $USER->reanimate($USER->id, $authinstance->id); } catch (Exception $e) { db_rollback(); throw $e; } } if (!$authenticated) { $SESSION->add_error_msg(get_string('loginfailed')); return; } } catch (AuthUnknownUserException $e) { // We weren't able to authenticate the user for some reason that // probably isn't their fault (e.g. ldap extension not available // when using ldap authentication) log_info($e->getMessage()); $SESSION->add_error_msg(get_string('loginfailed')); return; } } // Only admins in the admin section! if (!$USER->get('admin') && (defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) { $SESSION->add_error_msg(get_string('accessforbiddentoadminsection')); redirect(); } // Check if the user's account has been deleted if ($USER->deleted) { $USER->logout(); die_info(get_string('accountdeleted')); } // Check if the user's account has expired if ($USER->expiry > 0 && time() > $USER->expiry) { $USER->logout(); die_info(get_string('accountexpired')); } // Check if the user's account has become inactive $inactivetime = get_config('defaultaccountinactiveexpire'); if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) { $USER->logout(); die_info(get_string('accountinactive')); } // Check if the user's account has been suspended if ($USER->suspendedcusr) { $suspendedctime = strftime(get_string('strftimedaydate'), $USER->suspendedctime); $suspendedreason = $USER->suspendedreason; $USER->logout(); die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason)); } // User is allowed to log in //$USER->login($userdata); auth_check_required_fields(); if (get_config('httpswwwroot') && !defined('JSON')) { // If we are using HTTPS for logins we need to go back to // non-HTTPS URLs. Otherwise, Javascript (and possibly CSS) // breaks. Don't use get_full_script_path(), as it doesn't // work if someone sets httpswwwroot to something like // 'https://x.y.z.w:443/...' (unlikely, but // possible). get_full_script_path() doesn't gives us the // ':443' part and things break horribly. $parts = parse_url(get_config('httpswwwroot')); $httpsrequest = rtrim($parts['path'], '/'); redirect(hsc(substr(get_script_path(), strlen($httpsrequest)))); } }