/** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int $userId * * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <*****@*****.**> */ function loginUser($userId) { $userId = intval($userId); $userInfo = api_get_user_info($userId); // Check if the user is allowed to 'login_as' $canLoginAs = api_can_login_as($userId); if (!$canLoginAs || empty($userInfo)) { return false; } $firstname = $userInfo['firstname']; $lastname = $userInfo['lastname']; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $userId); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $userId); } if ($userId) { // Logout the current user LoginDelete(api_get_user_id()); Session::erase('_user'); Session::erase('is_platformAdmin'); Session::erase('is_allowedCreateCourse'); Session::erase('_uid'); // Cleaning session variables $_user['firstName'] = $userInfo['firstname']; $_user['lastName'] = $userInfo['lastname']; $_user['mail'] = $userInfo['email']; //$_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $userInfo['official_code']; $_user['picture_uri'] = $userInfo['picture_uri']; $_user['user_id'] = $userId; $_user['id'] = $userId; $_user['status'] = $userInfo['status']; // Filling session variables with new data Session::write('_uid', $userId); Session::write('_user', $userInfo); Session::write('is_platformAdmin', (bool) UserManager::is_admin($userId)); Session::write('is_allowedCreateCourse', (bool) ($userInfo['status'] == 1)); // will be useful later to know if the user is actually an admin or not (example reporting) Session::write('login_as', true); $target_url = api_get_path(WEB_PATH) . "user_portal.php"; $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>'); Display::display_header(get_lang('UserList')); Display::display_normal_message($message, false); Display::display_footer(); exit; } }
/** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int User ID * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <*****@*****.**> */ function login_user($user_id) { $user_id = intval($user_id); $user_info = api_get_user_info($user_id); // Check if the user is allowed to 'login_as' $can_login_as = api_can_login_as($user_id); if (!$can_login_as) { return false; } //Load $_user to be sure we clean it before logging in global $uidReset, $loginFailed, $_user; $main_user_table = Database::get_main_table(TABLE_MAIN_USER); $main_admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); $track_e_login_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); unset($_user['user_id']); // uid not in session ? prevent any hacking $firstname = $user_info['firstname']; $lastname = $user_info['lastname']; $user_id = $user_info['user_id']; //$message = "Attempting to login as ".api_get_person_name($firstname, $lastname)." (id ".$user_id.")"; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $user_id); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $user_id); } $loginFailed = false; $uidReset = false; if ($user_id) { // a uid is given (log in succeeded) $sql_query = "SELECT user.*, a.user_id is_admin,\n\t\t\tUNIX_TIMESTAMP(login.login_date) login_date\n\t\t\tFROM {$main_user_table}\n\t\t\tLEFT JOIN {$main_admin_table} a\n\t\t\tON user.user_id = a.user_id\n\t\t\tLEFT JOIN {$track_e_login_table} login\n\t\t\tON user.user_id = login.login_user_id\n\t\t\tWHERE user.user_id = '" . $user_id . "'\n\t\t\tORDER BY login.login_date DESC LIMIT 1"; $sql_result = Database::query($sql_query); if (Database::num_rows($sql_result) > 0) { // Extracting the user data $user_data = Database::fetch_array($sql_result); //Delog the current user LoginDelete($_SESSION["_user"]["user_id"]); // Cleaning session variables unset($_SESSION['_user']); unset($_SESSION['is_platformAdmin']); unset($_SESSION['is_allowedCreateCourse']); unset($_SESSION['_uid']); $_user['firstName'] = $user_data['firstname']; $_user['lastName'] = $user_data['lastname']; $_user['mail'] = $user_data['email']; $_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $user_data['official_code']; $_user['picture_uri'] = $user_data['picture_uri']; $_user['user_id'] = $user_data['user_id']; $_user['status'] = $user_data['status']; $is_platformAdmin = (bool) (!is_null($user_data['is_admin'])); $is_allowedCreateCourse = (bool) ($user_data['status'] == 1); // Filling session variables with new data $_SESSION['_uid'] = $user_id; $_SESSION['_user'] = $_user; $_SESSION['is_platformAdmin'] = $is_platformAdmin; $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse; $_SESSION['login_as'] = true; // will be useful later to know if the user is actually an admin or not (example reporting)s $target_url = api_get_path(WEB_PATH) . "user_portal.php"; $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>'); Display::display_header(get_lang('UserList')); Display::display_normal_message($message, false); Display::display_footer(); exit; } else { exit("<br />WARNING UNDEFINED UID !! "); } } }
echo '<div class="actions">'; echo '<a href="javascript: window.history.go(-1);" ">' . Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM) . '</a>'; echo '<a href="javascript: void(0);" onclick="javascript: window.print();">' . Display::return_icon('printer.png', get_lang('Print'), '', ICON_SIZE_MEDIUM) . '</a>'; echo '<a href="' . api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']) . '&export=csv">' . Display::return_icon('export_csv.png', get_lang('ExportAsCSV'), '', ICON_SIZE_MEDIUM) . '</a> '; echo '<a href="' . api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']) . '&export=xls">' . Display::return_icon('export_excel.png', get_lang('ExportAsXLS'), '', ICON_SIZE_MEDIUM) . '</a> '; if (!empty($user_info['email'])) { $send_mail = '<a href="mailto:' . $user_info['email'] . '">' . Display::return_icon('mail_send.png', get_lang('SendMail'), '', ICON_SIZE_MEDIUM) . '</a>'; } else { $send_mail = Display::return_icon('mail_send_na.png', get_lang('SendMail'), '', ICON_SIZE_MEDIUM); } echo $send_mail; if (!empty($student_id) && !empty($_GET['course'])) { // Only show link to connection details if course and student were defined in the URL echo '<a href="access_details.php?student=' . $student_id . '&course=' . Security::remove_XSS($_GET['course']) . '&origin=' . $origin . '&cidReq=' . Security::remove_XSS($_GET['course']) . '&id_session=' . $sessionId . '">' . Display::return_icon('statistics.png', get_lang('AccessDetails'), '', ICON_SIZE_MEDIUM) . '</a>'; } if (api_can_login_as($student_id)) { echo '<a href="' . api_get_path(WEB_CODE_PATH) . 'admin/user_list.php?action=login_as&user_id=' . $student_id . '&sec_token=' . $token . '">' . Display::return_icon('login_as.png', get_lang('LoginAs'), null, ICON_SIZE_MEDIUM) . '</a>'; } if ($alloAssignSkill) { echo Display::url(Display::return_icon('skill-badges.png', get_lang('AssignSkill'), null, ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . 'badge/assign.php?' . http_build_query(['user' => $student_id])); } echo '</div>'; // is the user online ? if (UserManager::user_is_online($_GET['student'])) { $online = get_lang('Yes'); } else { $online = get_lang('No'); } // get average of score and average of progress by student $avg_student_progress = $avg_student_score = 0; $course_code = isset($_GET['course']) ? Security::remove_XSS($_GET['course']) : null;
$title = get_lang('YourCourseList'); $courses = CourseManager::get_courses_followed_by_drh(api_get_user_id()); } } else { $session_name = api_get_session_name($sessionId); $title = api_htmlentities($session_name, ENT_QUOTES, $charset) . ' : ' . get_lang('CourseListInSession'); $courses = Tracking::get_courses_list_from_session($sessionId); } $a_courses = array_keys($courses); if (!api_is_session_admin()) { $menu_items[] = Display::url(Display::return_icon('stats.png', get_lang('MyStats'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "auth/my_progress.php"); $menu_items[] = Display::url(Display::return_icon('user.png', get_lang('Students'), array(), ICON_SIZE_MEDIUM), "index.php?view=drh_students&display=yourstudents"); $menu_items[] = Display::url(Display::return_icon('teacher.png', get_lang('Trainers'), array(), ICON_SIZE_MEDIUM), 'teachers.php'); $menu_items[] = Display::url(Display::return_icon('course_na.png', get_lang('Courses'), array(), ICON_SIZE_MEDIUM), '#'); $menu_items[] = Display::url(Display::return_icon('session.png', get_lang('Sessions'), array(), ICON_SIZE_MEDIUM), 'session.php'); if (api_can_login_as($user_id)) { $link = '<a href="' . api_get_path(WEB_CODE_PATH) . 'admin/user_list.php?action=login_as&user_id=' . $user_id . '&sec_token=' . Security::get_existing_token() . '">' . Display::return_icon('login_as.png', get_lang('LoginAs'), null, ICON_SIZE_MEDIUM) . '</a> '; $menu_items[] = $link; } } $actionsLeft = $actionsRight = ''; $nb_menu_items = count($menu_items); if ($nb_menu_items > 1) { foreach ($menu_items as $key => $item) { $actionsLeft .= $item; } } if (count($a_courses) > 0) { $actionsRight .= Display::url(Display::return_icon('printer.png', get_lang('Print'), array(), 32), 'javascript: void(0);', array('onclick' => 'javascript: window.print();')); } $toolbar = Display::toolbarAction('toolbar-course', $content = array(0 => $actionsLeft, 1 => $actionsRight));