header("Location: ${urlServer}");
exit();
}
if ($uid) {
require_once 'include/action.php';
$action = new action();
$action->record(MODULE_ID_VIDEO);
}
// ----------------------
// download video
// ----------------------
$res2 = Database::get()->querySingle("SELECT * FROM video
WHERE course_id = ?d AND id = ?d", $course_id, $_GET['id']);
if (!$res2) {
header("Location: ${urlServer}");
exit();
}
$valid = ($uid || course_status($course_id) == COURSE_OPEN) ? true : token_validate($row2['path'], $_GET['token'], 30);
if (!$valid) {
header("Location: ${urlServer}");
exit();
}
$vObj = MediaResourceFactory::initFromVideo($res2);
$real_file = $webDir . "/video/" . q($_GET['course']) . q($vObj->getPath());
send_file_to_client($real_file, my_basename(q($vObj->getUrl())), $disposition, true);
}
// no user application. user account has been created with pending mail verification
elseif (!empty($u_id)) {
$qry = "SELECT id, username, email, verified_mail FROM user WHERE id = $u_id";
$id = $u_id;
}
// no id given
else {
$user_error_msg = $langMailVerifyNoId;
}
$res = Database::get()->querySingle($qry);
if ($res) {
$username = $res->username;
$email = $res->email;
// success
if (token_validate($username . $email . $id, $code)) {
$verified_mail = intval($res->verified_mail);
// update user's application
if (!empty($req_id) and ($verified_mail !== 1)) {
Database::get()->query("UPDATE user_request SET verified_mail = 1 WHERE id = ?d", $req_id);
$department = $tree->getFullPath($res->faculty_id);
$prof = isset($res->status) && intval($res->status) === 1 ? 1 : NULL;
$givenname = $res->givenname;
$surname = $res->surname;
$am = $res->am;
$usercomment = $res->comment;
$usermail = $res->email;
$userphone = $res->phone;
$subject = $prof ? $mailsubject : $mailsubject2;
$MailMessage = $mailbody1 . $mailbody2 . "$givenname $surname\n\n" .
==============================================================================
@Description: Contact the admin with an e-mail message
when an account has been deactivated
This script allows a user the send an e-mail to the admin, requesting
the re-activation of his/her account
==============================================================================
*/
require_once '../../include/baseTheme.php';
require_once 'include/sendMail.inc.php';
$pageName = $langContactAdmin;
$userid = isset($_GET['userid']) ? intval($_GET['userid']) : 0;
if ($userid and isset($_GET['h']) and token_validate("userid=$userid", $_GET['h'])) {
$info = Database::get()->querySingle("SELECT * FROM user WHERE id = ?d", $userid);
if ($info) {
$firstname = $info->givenname;
$lastname = $info->surname;
$email = $info->email;
} else {
$firstname = $lastname = $email = '';
}
if (isset($_POST['submit'])) {
$body = isset($_POST['body']) ? $_POST['body'] : '';
$tool_content .= "<table width='99%'><tbody><tr><td>";
$to = get_config('email_helpdesk');
$emailsubject = $langAccountActivate;
$emailbody = "$langAccountActivateMessage\n\n$firstname $lastname\ne-mail: $email\n" .
include '../../include/baseTheme.php';
require_once 'modules/auth/auth.inc.php';
require_once 'include/lib/hierarchy.class.php';
require_once 'include/lib/user.class.php';
require_once 'modules/admin/custom_profile_fields_functions.php';
$tree = new Hierarchy();
$user = new User();
$toolName = $langMyProfile;
$userdata = array();
if (isset($_GET['id']) and isset($_GET['token'])) {
$id = intval($_GET['id']);
if (!token_validate($id, $_GET['token'], 3600)) {
forbidden($_SERVER['REQUEST_URI']);
}
$pageName = $langUserProfile;
} else {
$id = $uid;
}
$userdata = Database::get()->querySingle("SELECT surname, givenname, username, email, status, phone, am, registered_at,
has_icon, description, password,
email_public, phone_public, am_public
FROM user
WHERE id = ?d", $id);
if ($userdata) {
$auth = array_search($userdata->password, $auth_ids);
* Panepistimiopolis Ilissia, 15784, Athens, Greece
* e-mail: info@openeclass.org
* ========================================================================
*/
if (!isset($_GET['username']) || !isset($_GET['token']) || !isset($_GET['session'])) {
exit;
}
$username = $_GET['username'];
$token = $_GET['token'];
$session_id = $_GET['session'];
session_id($session_id);
session_start();
require_once '../../include/init.php';
require_once 'modules/auth/auth.inc.php';
// validate token timestamp
if (!token_validate($username . $session_id, $token, 500)) {
exit;
}
$exists = Database::get()->querySingle("SELECT 1 AS `exists` FROM user_sso WHERE username = ?s AND token = ?s AND session_id = ?s", $username, $token, $session_id);
if ($exists && intval($exists->exists) === 1) {
foreach (array_keys($_SESSION) as $key) {
unset($_SESSION[$key]);
}
$user = Database::get()->querySingle("SELECT * FROM user WHERE username COLLATE utf8_bin = ?s", $username);
$is_active = check_activity($user->id);
$admin_rights = get_admin_rights($user->id);
if ($admin_rights == ADMIN_USER) {
$is_active = 1;
// admin user is always active
$_SESSION['is_admin'] = 1;
} elseif ($admin_rights == POWER_USER) {
$homelink = "<br><p><a href='{$urlAppend}'>{$langHome}</a></p>\n";
function password_is_editable($password)
{
global $auth_ids;
if (in_array($password, $auth_ids)) {
return false;
// not editable, external auth method
} else {
return true;
// editable
}
}
if (isset($_REQUEST['u']) and isset($_REQUEST['h'])) {
$change_ok = false;
$userUID = intval($_REQUEST['u']);
$valid = token_validate('password' . $userUID, $_REQUEST['h'], TOKEN_VALID_TIME);
$res = Database::get()->querySingle("SELECT id FROM user WHERE id = ?d AND password NOT IN ('" . implode("', '", $auth_ids) . "')", $userUID);
$error_messages = array();
if ($valid and $res) {
if (isset($_POST['newpass']) and isset($_POST['newpass1']) and count($error_messages = acceptable_password($_POST['newpass'], $_POST['newpass1'])) == 0) {
$hasher = new PasswordHash(8, false);
$q1 = Database::get()->query("UPDATE user SET password = ?s\n WHERE id = ?d", $hasher->HashPassword($_POST['newpass']), $userUID);
if ($q1->affectedRows > 0) {
$tool_content = "<div class='alert alert-success'><p>{$langAccountResetSuccess1}</p></div>\n {$homelink}";
$change_ok = true;
}
} elseif (count($error_messages)) {
$tool_content .= "<div class='alert alert-warning'><ul><li>" . implode("</li>\n<li>", $error_messages) . "</li></ul></div>";
}
if (!$change_ok) {
$tool_content .= "\n <div class='form-wrapper'>\n <form method='post' action='{$_SERVER['SCRIPT_NAME']}'>\n <input type='hidden' name='u' value='{$userUID}'>\n <input type='hidden' name='h' value='" . q($_REQUEST['h']) . "'>\n <fieldset>\n <legend>{$langPassword}</legend>\n <table class='tbl'>\n <tr>\n <th>{$langNewPass1}</th>\n <td><input type='password' size='40' name='newpass' value='' id='password' autocomplete='off'/> <span id='result'></span></td>\n </tr>\n <tr>\n <th>{$langNewPass2}</th>\n <td><input type='password' size='40' name='newpass1' value='' autocomplete='off'></td>\n </tr>\n <tr>\n <th> </th>\n <td><input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'></td>\n </tr>\n </table>\n </fieldset>\n </form>\n </div>";
/**
* @brief Check whether an RSS link token is valid for the current module and user
*/
function rss_token_valid($token, $uid)
{
global $course_code, $course_id, $module_id, $modules;
if (!token_validate($modules[$module_id]['link'] . $uid . $course_code, $token)) {
return false;
}
$q = Database::get()->querySingle('SELECT status FROM course_user
WHERE course_id = ?d AND user_id = ?d', $course_id, $uid);
if (!$q or !$q->status) {
return false;
}
return true;
}
// $disk_path is set if common file link
$disk_path = common_doc_path($file_info->extra_path, true);
if (!$disk_path) {
// external file URL
header("Location: {$file_info->extra_path}");
exit;
} elseif (!$common_doc_visible) {
forbidden(preg_replace('/^.*file\\.php/', '', $uri));
}
} else {
// Normal file
$disk_path = $basedir . $file_info->path;
}
if (file_exists($disk_path)) {
if (!$is_in_playmode) {
$valid = $uid || course_status($course_id) == COURSE_OPEN ? true : token_validate($file_info->path, $_GET['token'], 30);
if (!$valid) {
not_found(preg_replace('/^.*file\\.php/', '', $uri));
exit;
}
send_file_to_client($disk_path, $file_info->filename);
} else {
require_once 'include/lib/fileDisplayLib.inc.php';
require_once 'include/lib/multimediahelper.class.php';
$mediaPath = file_url($file_info->path, $file_info->filename);
$mediaURL = $urlServer . 'modules/document/index.php?course=' . $course_code . '&download=' . $file_info->path;
if (defined('GROUP_DOCUMENTS')) {
$mediaURL = $urlServer . 'modules/group/index.php?course=' . $course_code . '&group_id=' . $group_id . '&download=' . $file_info->path;
}
$token = token_generate($file_info->path, true);
$mediaAccess = $mediaPath . '?token=' . $token;
exit;
} elseif (!$common_doc_visible) {
forbidden(preg_replace('/^.*file\.php/', '', $uri));
}
} else {
// Normal file
$disk_path = $basedir . $file_info->path;
}
if (file_exists($disk_path)) {
if (!$is_in_playmode) {
$valid = $uid ||
defined('COMMON_DOCUMENTS') ||
defined('MY_DOCUMENTS') ||
course_status($course_id) == COURSE_OPEN ||
(isset($_GET['token']) && token_validate($file_info->path, $_GET['token'], 30));
if (!$valid) {
not_found(preg_replace('/^.*file\.php/', '', $uri));
exit();
}
send_file_to_client($disk_path, $file_info->filename);
} else {
require_once 'include/lib/fileDisplayLib.inc.php';
require_once 'include/lib/multimediahelper.class.php';
$mediaPath = file_url($file_info->path, $file_info->filename);
$mediaURL = $urlServer . 'modules/document/index.php?course=' . $course_code . '&download=' . $file_info->path;
if (defined('GROUP_DOCUMENTS'))
$mediaURL = $urlServer . 'modules/group/index.php?course=' . $course_code . '&group_id=' . $group_id . '&download=' . $file_info->path;
$token = token_generate($file_info->path, true);
$mediaAccess = $mediaPath . '?token=' . $token;
/**
* Allows checking if a honeypot is valid
*
* Function will verify all honeypot fields and remove them afterwards.
*/
function checkHoneypot()
{
if ($this->form['honeypot']) {
if (isset($_REQUEST[token_hash('hp_empty')]) && !isset($_REQUEST[token_hash('hp_removed')]) && isset($_REQUEST[token_hash('hp_token')]) && isset($_REQUEST[token_hash('hp_timestamp')])) {
$empty = $_REQUEST[token_hash('hp_empty')];
// Grab the empty field
$token = $_REQUEST[token_hash('hp_token')];
// Grab the token field
$timestamp = $_REQUEST[token_hash('hp_timestamp')];
// Grab the timestamp field
if ($empty == '' && token_validate($token) && time() - $timestamp <= 1800 && time() - $timestamp > 0) {
unset($_REQUEST[token_hash('hp_empty')]);
// Unset all fields...
unset($_REQUEST[token_hash('hp_token')]);
unset($_REQUEST[token_hash('hp_timestamp')]);
return true;
// ...and return true
} else {
return false;
}
// Fields do not match
} else {
return false;
}
// Fields are not all set (or not set)
} else {
return true;
}
// Field does not require a honeypot check
}
/**
*
* @global type $basedir
* @global type $uid
* @param type $file_path
* @param type $initial_path
*/
function send_file_by_url_file_path($file_path, $initial_path = '')
{
global $basedir, $uid;
$path_components = explode('/', str_replace('//', chr(1), $file_path));
$file_info = public_path_to_disk_path($path_components, $initial_path);
$valid = $uid ? true : token_validate($file_info->path, $_GET['token'], 30);
if (!$valid) {
header("Location: {$urlServer}");
exit;
}
if (!send_file_to_client($basedir . $file_info->path, $file_info->filename, null, false)) {
not_found($file_path);
}
exit;
}
