function process_login() { global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails; if (isset($_POST['uname'])) { $posted_uname = canonicalize_whitespace($_POST['uname']); } else { $posted_uname = ''; } $pass = isset($_POST['pass']) ? $_POST['pass'] : ''; $auth = get_auth_active_methods(); $is_eclass_unique = is_eclass_unique(); if (isset($_POST['submit'])) { unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' \n AND COUNT > " . intval(get_config('login_fail_threshold')) . " \n AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $sqlLogin = "******"; if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail\n FROM user WHERE username {$sqlLogin}", $posted_uname); //print_r($result); // cas might have alternative authentication defined $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($pass === '') { // Disallow login with empty password $auth_allow = 4; } else { if ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login $auth_allow = alt_login($myrow, $posted_uname, $pass); } else { // eclass login $auth_allow = login($myrow, $posted_uname, $pass); } } else { $tool_content .= "<br>{$langInvalidAuth}<br>"; } } } if (!$exists and !$auth_allow) { Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname, 'pass' => $pass)); $auth_allow = 4; } } if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: $warning .= ""; session_regenerate_id(); break; case 2: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; break; case 3: $warning .= "<div class='alert alert-warning'>{$langAccountInactive1} " . "<a href='modules/auth/contactadmin.php?userid={$inactive_uid}&h=" . token_generate("userid={$inactive_uid}") . "'>{$langAccountInactive2}</a></div>"; break; case 4: $warning .= "<div class='alert alert-warning'>{$langInvalidId}</div>"; increaseLoginFailure(); break; case 5: $warning .= "<div class='alert alert-warning'>{$langNoCookies}</div>"; break; case 6: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/index.php'>{$langHere}</a></div>"; break; case 7: $warning .= "<div class='alert alert-warning'>{$langEnterPlatform} <a href='{$urlServer}secure/cas.php'>{$langHere}</a></div>"; break; case 8: $warning .= "<div class='alert alert-warning'>{$langTooManyFails}</div>"; break; default: break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ({$_SESSION['uid']}, '{$_SERVER['REMOTE_ADDR']}', NOW(), 'LOGIN')"); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = "modules/auth/mail_verify_change.php"; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } } // end of user authentication }
function register_posted_variables($var_array, $what = 'all', $callback = null) { global $missing_posted_variables; if (!isset($missing_posted_variables)) { $missing_posted_variables = array(); } $all_set = true; $any_set = false; foreach ($var_array as $varname => $required) { if (isset($_POST[$varname])) { $GLOBALS[$varname] = canonicalize_whitespace($_POST[$varname]); if ($required and empty($GLOBALS[$varname])) { $missing_posted_variables[$varname] = true; $all_set = false; } if (!empty($GLOBALS[$varname])) { $any_set = true; } } else { $GLOBALS[$varname] = ''; if ($required) { $missing_posted_variables[$varname] = true; $all_set = false; } } if (is_callable($callback)) { $GLOBALS[$varname] = $callback($GLOBALS[$varname]); } } if ($what == 'any') { return $any_set; } else { return $all_set; } }
/** * A function to generate event block in month calendar * @param object $event event to format * @param string $color event color * @return icalendar list of user events */ public static function icalendar() { $ical = "BEGIN:VCALENDAR" . PHP_EOL; $ical .= "VERSION:2.0" . PHP_EOL; $show_personal_bak = Calendar_Events::$calsettings->show_personal; $show_course_bak = Calendar_Events::$calsettings->show_course; $show_deadline_bak = Calendar_Events::$calsettings->show_deadline; $show_admin_bak = Calendar_Events::$calsettings->show_admin; Calendar_Events::set_calendar_settings(1, 1, 1, 1); Calendar_Events::get_calendar_settings(); $eventlist = Calendar_Events::get_calendar_events(); Calendar_Events::set_calendar_settings($show_personal_bak, $show_course_bak, $show_deadline_bak, $show_admin_bak); Calendar_Events::get_calendar_settings(); $events = array(); foreach ($eventlist as $event) { $ical .= "BEGIN:VEVENT" . PHP_EOL; $startdatetime = new DateTime($event->start); $ical .= "DTSTART:" . $startdatetime->format("Ymd\\THis") . PHP_EOL; $duration = new DateTime($event->duration); $ical .= "DURATION:" . $duration->format("\\P\\TH\\Hi\\Ms\\S") . PHP_EOL; $ical .= "SUMMARY:[" . strtoupper($event->event_group) . "] " . $event->title . PHP_EOL; $ical .= "DESCRIPTION:" . canonicalize_whitespace(strip_tags($event->content)) . PHP_EOL; if ($event->event_group == 'deadline') { $ical .= "BEGIN:VALARM" . PHP_EOL; $ical .= "TRIGGER:-PT24H" . PHP_EOL; $ical .= "DURATION:PT10H" . PHP_EOL; $ical .= "ACTION:DISPLAY" . PHP_EOL; $ical .= "DESCRIPTION:DEADLINE REMINDER for " . canonicalize_whitespace(strip_tags($event->title)) . PHP_EOL; $ical .= "END:VALARM" . PHP_EOL; } $ical .= "END:VEVENT" . PHP_EOL; } $ical .= "END:VCALENDAR" . PHP_EOL; return $ical; }
function process_login() { global $warning, $surname, $givenname, $email, $status, $is_admin, $language, $session, $langInvalidId, $langAccountInactive1, $langAccountInactive2, $langNoCookies, $langEnterPlatform, $urlServer, $langHere, $auth_ids, $inactive_uid, $langTooManyFails, $urlAppend; if (isset($_POST['uname'])) { $posted_uname = canonicalize_whitespace($_POST['uname']); } else { $posted_uname = ''; } $pass = isset($_POST['pass']) ? trim($_POST['pass']): ''; $auth = get_auth_active_methods(); if (isset($_POST['submit'])) { unset($_SESSION['uid']); $auth_allow = 0; if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND COUNT > " . intval(get_config('login_fail_threshold')) . " AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) { $auth_allow = 8; } else { $sqlLogin = "******"; if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $myrow = Database::get()->querySingle("SELECT id, surname, givenname, password, username, status, email, lang, verified_mail FROM user WHERE username $sqlLogin", $posted_uname); $guest_user = get_config('course_guest') != 'off' && $myrow && $myrow->status == USER_GUEST; // cas might have alternative authentication defined $exists = 0; if (!isset($_COOKIE) or count($_COOKIE) == 0) { // Disallow login when cookies are disabled $auth_allow = 5; } elseif ($pass === '' and !$guest_user) { // Disallow login with empty password except for course guest users $auth_allow = 4; } else { if ($myrow) { $exists = 1; if (!empty($auth)) { if (in_array($myrow->password, $auth_ids)) { // alternate methods login $auth_allow = alt_login($myrow, $posted_uname, $pass); } else { // eclass login $auth_allow = login($myrow, $posted_uname, $pass); } } else { $tool_content .= "<br>$langInvalidAuth<br>"; } } } if (!$exists and !$auth_allow) { Log::record(0, 0, LOG_LOGIN_FAILURE, array('uname' => $posted_uname)); $auth_allow = 4; } } $invalidIdMessage = sprintf($langInvalidId, $urlAppend . 'modules/auth/registration.php'); if (!isset($_SESSION['uid'])) { switch ($auth_allow) { case 1: session_regenerate_id(); break; case 2: if (isset($_GET['login_page'])) { Session::flash('login_error', $invalidIdMessage); redirect_to_home_page('main/login_form.php'); } else { $warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>"; } break; case 3: $warning .= "<div class='alert alert-warning'>$langAccountInactive1 " . "<a href='modules/auth/contactadmin.php?userid=$inactive_uid&h=" . token_generate("userid=$inactive_uid") . "'>$langAccountInactive2</a></div>"; break; case 4: if (isset($_GET['login_page'])) { Session::flash('login_error', $invalidIdMessage); redirect_to_home_page('main/login_form.php'); } else { $warning .= "<div class='alert alert-warning'>$invalidIdMessage</div>"; increaseLoginFailure(); } break; case 5: $warning .= "<div class='alert alert-warning'>$langNoCookies</div>"; break; case 6: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}secure/index.php'>$langHere</a></div>"; break; case 7: $warning .= "<div class='alert alert-warning'>$langEnterPlatform <a href='{$urlServer}modules/auth/cas.php'>$langHere</a></div>"; break; case 8: $warning .= "<div class='alert alert-warning'>$langTooManyFails</div>"; break; default: break; } } else { Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) " . "VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', NOW(), 'LOGIN')"); $session->setLoginTimestamp(); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; $next = 'modules/auth/mail_verify_change.php'; } elseif (isset($_POST['next'])) { $next = $_POST['next']; } else { $next = ''; } resetLoginFailure(); redirect_to_home_page($next); } } // end of user authentication }
Session::Messages("{$langErrorDelete}: {$line}", 'alert-danger'); redirect_to_home_page('modules/admin/multideluser.php'); } } } } redirect_to_home_page('modules/admin/multideluser.php'); } else { $usernames = ''; if (isset($_POST['dellall_submit'])) { // get the incoming values $search = isset($_POST['search']) ? $_POST['search'] : ''; $c = isset($_POST['c']) ? intval($_POST['c']) : ''; $lname = isset($_POST['lname']) ? $_POST['lname'] : ''; $fname = isset($_POST['fname']) ? $_POST['fname'] : ''; $uname = isset($_POST['uname']) ? canonicalize_whitespace($_POST['uname']) : ''; $am = isset($_POST['am']) ? $_POST['am'] : ''; $verified_mail = isset($_POST['verified_mail']) ? intval($_POST['verified_mail']) : 3; $user_type = isset($_POST['user_type']) ? $_POST['user_type'] : ''; $auth_type = isset($_POST['auth_type']) ? $_POST['auth_type'] : ''; $email = isset($_POST['email']) ? mb_strtolower(trim($_POST['email'])) : ''; $reg_flag = isset($_POST['reg_flag']) ? intval($_POST['reg_flag']) : ''; $hour = isset($_POST['hour']) ? $_POST['hour'] : 0; $minute = isset($_POST['minute']) ? $_POST['minute'] : 0; // Criteria/Filters $criteria = array(); $terms = array(); if (isset($_POST['date']) or $hour or $minute) { $date = explode('-', $_POST['date']); if (count($date) == 3) { $day = intval($date[0]);
if (Database::get()->query("UPDATE document SET filename=?s WHERE {$group_sql} AND path = ?s", $_POST['renameTo'] . '.xml', $_POST['sourceFile'] . '.xml')->affectedRows > 0) { metaRenameDomDocument($basedir . $_POST['sourceFile'] . '.xml', $_POST['renameTo']); } } Session::Messages($langElRen, 'alert-success'); redirect_to_home_page($redirect_base_url, true); } // Step 1: Show rename dialog box if (isset($_GET['rename'])) { $fileName = Database::get()->querySingle("SELECT filename FROM document\n WHERE {$group_sql} AND\n path = ?s", $_GET['rename'])->filename; $dialogBox .= "\n \n <div id='rename_doc_file' class='row'>\n <div class='col-xs-12'>\n <div class='form-wrapper'>\n <form class='form-horizontal' role='form' method='post' action='{$_SERVER['SCRIPT_NAME']}?course={$course_code}'>\n <fieldset> \n <input type='hidden' name='sourceFile' value='" . q($_GET['rename']) . "' />\n {$group_hidden_input}\n <div class='form-group'>\n <label for='renameTo' class='col-sm-2 control-label word-wrapping' >" . q($fileName) . "</label>\n <div class='col-sm-10'>\n <input class='form-control' type='text' name='renameTo' value='" . q($fileName) . "' />\n </div>\n </div>\n <div class='form-group'>\n <div class='col-sm-offset-2 col-sm-10'>\n <input class='btn btn-primary' type='submit' value='{$langRename}' >\n </div>\n </div>\n </fieldset>\n </form>\n </div>\n </div>\n </div>"; } // create directory // step 2: create the new directory if (isset($_POST['newDirPath'])) { $newDirName = canonicalize_whitespace($_POST['newDirName']); if (!empty($newDirName)) { $newDirPath = make_path($_POST['newDirPath'], array($newDirName)); // $path_already_exists: global variable set by make_path() if ($path_already_exists) { $action_message = "<div class='alert alert-danger'>{$langFileExists}</div>"; } else { $r = Database::get()->querySingle("SELECT id FROM document WHERE {$group_sql} AND path = ?s", $newDirPath); Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_DOCUMENT, $r->id); $action_message = "<div class='alert alert-success'>{$langDirCr}</div>"; } } } // step 1: display a field to enter the new dir name if (isset($_GET['createDir'])) { $createDir = q($_GET['createDir']);
function quote($s) { return "'" . addslashes(canonicalize_whitespace($s)) . "'"; }
$require_help = true; $helpTopic = 'User'; require_once '../../include/baseTheme.php'; require_once 'include/log.php'; $toolName = $langUsers; $pageName = $langAddManyUsers; $navigation[] = array("url" => "index.php?course={$course_code}", "name" => $langUsers); $tool_content .= action_bar(array(array('title' => $langBack, 'url' => "index.php?course={$course_code}", 'icon' => 'fa-reply', 'level' => 'primary'))); if (isset($_POST['submit'])) { $ok = array(); $not_found = array(); $existing = array(); $field = $_POST['type'] == 'am' ? 'am' : 'username'; $line = strtok($_POST['user_info'], "\n"); while ($line !== false) { $userid = finduser(canonicalize_whitespace($line), $field); if (!$userid) { $not_found[] = $line; } else { if (adduser($userid, $course_id)) { $ok[] = $userid; } else { $existing[] = $userid; } } $line = strtok("\n"); } if (count($not_found)) { $tool_content .= "<div class='alert alert-warning'>{$langUsersNotExist}<br>"; foreach ($not_found as $uname) { $tool_content .= q($uname) . '<br>';
require_once 'modules/create_course/functions.php'; $toolName = $langMultiCourse; $navigation[] = array('url' => 'index.php', 'name' => $langAdmin); $tool_content .= action_bar(array(array('title' => $langBack, 'url' => "index.php", 'icon' => 'fa-reply', 'level' => 'primary-label'))); if (isset($_POST['submit'])) { $line = strtok($_POST['courses'], "\n"); $departments = isset($_POST['department']) ? $_POST['department'] : array(); // validation in case it skipped JS validation for department(s) if (count($departments) < 1 || empty($departments[0])) { Session::Messages($langEmptyAddNode); header("Location:" . $urlServer . "modules/admin/multicourse.php"); exit; } $vis = intval($_POST['formvisible']); while ($line !== false) { $line = canonicalize_whitespace($line); if (!empty($line)) { $info = explode('|', $line); $title = $info[0]; $prof_uid = null; $prof_not_found = false; if (isset($info[1])) { $prof_info = trim($info[1]); $prof_uid = find_prof(trim($info[1])); if ($prof_info and !$prof_uid) { $prof_not_found = true; } } if ($prof_uid) { $prof_name = uid_to_name($prof_uid); } else {
function storeDelosResources($jsonObj) { global $course_id; $submittedResources = $_POST['delosResources']; $submittedCategory = $_POST['selectcategory']; foreach ($submittedResources as $rid) { $stored = Database::get()->querySingle("SELECT id FROM videolink WHERE course_id = ?d AND category = ?d AND url LIKE '%rid=" . $rid . "'", $course_id, $submittedCategory); foreach ($jsonObj->resources as $resource) { if ($resource->resourceID === $rid) { $vL = $resource->videoLecture; $url = $jsonObj->playerBasePath . '?rid=' . $rid; $title = $vL->title; $description = $vL->description; $creator = $vL->rights->creator->name; $publisher = $vL->organization->name; $date = $vL->date; if ($stored) { $id = $stored->id; $q = Database::get()->query("UPDATE videolink SET url = ?s, title = ?s, description = ?s, creator = ?s, publisher = ?s, date = ?t WHERE course_id = ?d AND category = ?d AND id = ?d", canonicalize_url($url), $title, $description, $creator, $publisher, $date, $course_id, $submittedCategory, $id); } else { $q = Database::get()->query('INSERT INTO videolink (course_id, url, title, description, category, creator, publisher, date) VALUES (?d, ?s, ?s, ?s, ?d, ?s, ?s, ?t)', $course_id, canonicalize_url($url), $title, $description, $submittedCategory, $creator, $publisher, $date); $id = $q->lastInsertID; } Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEOLINK, $id); $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+'); Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, array('id' => $id, 'url' => canonicalize_url($url), 'title' => $title, 'description' => $txt_description)); } } } }
$tool_content .= "<div class='alert alert-success'>$langFileNot<br> <a href='$_SERVER[SCRIPT_NAME]?course=$course_code'>$langBack</a></div>"; draw($tool_content, $menuTypeID, null, $head_content); exit; } $path = '/' . $safe_filename; $url = $file_name; $id = Database::get()->query('INSERT INTO video (course_id, path, url, title, description, category, creator, publisher, date) VALUES (?s, ?s, ?s, ?s, ?s, ?d, ?s, ?s, ?s)' , $course_id, $path, $url, $_POST['title'], $_POST['description'], $_POST['selectcategory'] , $_POST['creator'], $_POST['publisher'], $_POST['date'])->lastInsertID; Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_VIDEO, $id); $txt_description = ellipsize(canonicalize_whitespace(strip_tags($_POST['description'])), 50, '+'); Log::record($course_id, MODULE_ID_VIDEO, LOG_INSERT, @array('id' => $id, 'path' => $path, 'url' => $_POST['url'], 'title' => $_POST['title'], 'description' => $txt_description)); $tool_content .= "<div class='alert alert-success'>$langFAdd</div>"; } } Session::Messages($langFAdd, "alert-success"); redirect_to_home_page("modules/video/index.php"); } // end of add_submit if (isset($_POST['add_submit_delos'])) { if (isset($_POST['delosResources'])) { $jsonObj = requestDelosJSON(); storeDelosResources($jsonObj);
/** * Deletes an existing note and logs the action * @param int $noteid id in table note */ public static function delete_note($noteid){ global $uid; $note = Database::get()->querySingle("SELECT title, content FROM note WHERE id = ?d ", $noteid); $content = ellipsize_html(canonicalize_whitespace(strip_tags($note->content)), 50, '+'); Database::get()->query("DELETE FROM note WHERE id = ?d", $noteid); Indexer::queueAsync(Indexer::REQUEST_REMOVE, Indexer::RESOURCE_NOTE, $noteid); Log::record(0, MODULE_ID_NOTES, LOG_DELETE, array('user_id' => $uid, 'id' => $noteid, 'title' => $note->title, 'content' => $content)); }
require_once 'modules/auth/methods/imapform.php'; break; case 4: require_once 'modules/auth/methods/ldapform.php'; break; case 5: require_once 'modules/auth/methods/dbform.php'; break; case 6: require_once 'modules/auth/methods/shibform.php'; break; case 7: require_once 'modules/auth/methods/casform.php'; break; default: break; } if ($auth != 6 && $auth != 7) { $tool_content .= "\n <div class='alert alert-info'>{$langTestAccount}</div>\n <div class='form-group'>\n <label for='test_username' class='col-sm-2 control-label'>{$langUsername}:</label>\n <div class='col-sm-10'>\n <input class='form-control' type='text' name='test_username' id='test_username' value='" . q(canonicalize_whitespace($test_username)) . "' autocomplete='off'>\n </div>\n </div>\n <div class='form-group'>\n <label for='test_password' class='col-sm-2 control-label'>{$langPass}:</label>\n <div class='col-sm-10'>\n <input class='form-control' type='password' name='test_password' id='test_password' value='" . q($test_password) . "' autocomplete='off'>\n </div>\n </div>"; } $tool_content .= "\n <div class='form-group'>\n <div class='col-sm-10 col-sm-offset-2'>\n <input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'>\n <a class='btn btn-default' href='auth.php'>{$langCancel}</a> \n </div>\n </div>\n </fieldset>\n </form>\n </div>"; } draw($tool_content, 3); function pack_settings($settings) { $items = array(); foreach ($settings as $key => $value) { $items[] = "{$key}={$value}"; } return implode('|', $items); }
} if (!empty($_POST['id'])) { $id = intval($_POST['id']); Database::get()->query("UPDATE announcement SET content = ?s, title = ?s, `date` = " . DBHelper::timeAfter() . ", start_display = ?t, stop_display = ?t WHERE id = ?d", $newContent, $antitle, $start_display, $stop_display, $id); $log_type = LOG_MODIFY; $message = "<div class='alert alert-success'>{$langAnnModify}</div>"; } else { // add new announcement $orderMax = Database::get()->querySingle("SELECT MAX(`order`) AS maxorder FROM announcement\n WHERE course_id = ?d", $course_id)->maxorder; $order = $orderMax + 1; // insert $id = Database::get()->query("INSERT INTO announcement\n SET content = ?s,\n title = ?s, `date` = " . DBHelper::timeAfter() . ",\n course_id = ?d, `order` = ?d,\n visible = 1,\n start_display = ?t,\n stop_display = ?t", $newContent, $antitle, $course_id, $order, $start_display, $stop_display)->lastInsertID; $log_type = LOG_INSERT; } Indexer::queueAsync(Indexer::REQUEST_STORE, Indexer::RESOURCE_ANNOUNCEMENT, $id); $txt_content = ellipsize_html(canonicalize_whitespace(strip_tags($_POST['newContent'])), 50, '+'); Log::record($course_id, MODULE_ID_ANNOUNCE, $log_type, array('id' => $id, 'email' => $send_mail, 'title' => $_POST['antitle'], 'content' => $txt_content)); // send email if ($send_mail) { $recipients_emaillist = ""; foreach ($_POST['recipients'] as $re) { $recipients_emaillist .= empty($recipients_emaillist) ? "'{$re}'" : ",'{$re}'"; } $emailContent = "{$professorMessage}: " . q($_SESSION['givenname']) . " " . q($_SESSION['surname']) . "<br>\n<br>\n" . q($_POST['antitle']) . "<br>\n<br>\n" . $_POST['newContent']; $emailSubject = "{$professorMessage} ({$public_code} - " . q($title) . " - {$langAnnouncement})"; // select students email list $countEmail = 0; $invalid = 0; $recipients = array(); $emailBody = html2text($emailContent); $linkhere = " <a href='{$urlServer}main/profile/emailunsubscribe.php?cid={$course_id}'>{$langHere}</a>.";
/** * @brief Enter the modified info submitted from the category form into the database * @global type $course_id * @global type $langCategoryAdded * @global type $langCategoryModded * @global type $categoryname * @global type $description */ function submit_category() { global $course_id, $langCategoryAdded, $langCategoryModded, $categoryname, $description; register_posted_variables(array('categoryname' => true, 'description' => true), 'all', 'trim'); $set_sql = "SET name = ?s, description = ?s"; $terms = array($categoryname, purify($description)); if (isset($_POST['id'])) { $id = getDirectReference($_POST['id']); Database::get()->query("UPDATE `link_category` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id); $log_type = LOG_MODIFY; } else { $order = Database::get()->querySingle("SELECT MAX(`order`) as maxorder FROM `link_category` WHERE course_id = ?d", $course_id)->maxorder; $order++; $id = Database::get()->query("INSERT INTO `link_category` $set_sql, course_id = ?d, `order` = ?d", $terms, $course_id, $order)->lastInsertID; $log_type = LOG_INSERT; } $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+'); Log::record($course_id, MODULE_ID_LINKS, $log_type, array('id' => $id, 'category' => $categoryname, 'description' => $txt_description)); }
* @brief Allows platform admin to login as another user without asking for password */ $require_admin = true; require_once '../../include/baseTheme.php'; $pageName = $langChangeUser; $navigation[] = array('url' => 'index.php', 'name' => $langAdmin); if (isset($_REQUEST['username'])) { $sql = "SELECT user.id, surname, username, password, givenname, status, email,\n admin.user_id AS is_admin, lang\n FROM user LEFT JOIN admin ON user.id = admin.user_id\n WHERE username "; if (get_config('case_insensitive_usernames')) { $sql .= '= ?s'; } else { $sql .= 'COLLATE utf8_bin = ?s'; } $myrow = Database::get()->querySingle($sql, $_REQUEST['username']); if ($myrow) { $_SESSION['uid'] = $myrow->id; $_SESSION['surname'] = $myrow->surname; $_SESSION['givenname'] = $myrow->givenname; $_SESSION['status'] = $myrow->status; $_SESSION['email'] = $myrow->email; $_SESSION['is_admin'] = !!$myrow->is_admin; // double 'not' to handle NULL $_SESSION['uname'] = $myrow->username; $_SESSION['langswitch'] = $myrow->lang; redirect_to_home_page(); } else { $tool_content = "<div class='alert alert-danger'>" . sprintf($langChangeUserNotFound, canonicalize_whitespace(q($_POST['username']))) . "</div>"; } } $tool_content .= "<div class='form-wrapper'>\n <form class='form-horizontal' role='form' action='{$_SERVER['SCRIPT_NAME']}' method='post'>\n <div class='form-group'>\n <label for = 'username' class='col-sm-3 control-label'>{$langUsername}:</label>\n <div class='col-sm-9'>\n <input id='username' type='text' name='username' placeholder='{$langUsername}'>\n </div>\n </div>\n </form>\n </div>"; draw($tool_content, 3);
function notify_users($forum_id, $forum_name, $topic_id, $subject, $message, $topic_date) { global $logo, $langNewForumNotify, $course_code, $course_code, $course_id, $langForumFrom, $uid, $langBodyForumNotify, $langInForums, $urlServer, $langdate, $langSender, $langCourse, $langCategory, $langForum, $langSubject, $langNote, $langLinkUnsubscribe, $langHere, $charset, $langMailBody; $subject_notify = "$logo - $langNewForumNotify"; $category_id = forum_category($forum_id); $cat_name = category_name($category_id); $c = course_code_to_title($course_code); $name = uid_to_name($uid); $title = course_id_to_title($course_id); $header_html_topic_notify = "<!-- Header Section --> <div id='mail-header'> <br> <div> <div id='header-title'>$langBodyForumNotify <a href='{$urlServer}courses/$course_code'>".q($title)."</a>.</div> <ul id='forum-category'> <li><span><b>$langCategory:</b></span> <span>" . q($cat_name) . "</span></li> <li><span><b>$langForum:</b></span> <span><a href='{$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id'>" . q($forum_name) . "</a></span></li> <li><span><b>$langForumFrom :</b></span> <span>$name</span></li> <li><span><b>$langdate:</b></span> <span> $topic_date </span></li> </ul> </div> </div>"; $body_html_topic_notify = "<!-- Body Section --> <div id='mail-body'> <br> <div><b>$langSubject:</b> <span class='left-space'><a href='{$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id&topic=$topic_id'>" . q($subject) . "</a></span></div><br> <div><b>$langMailBody:</b></div> <div id='mail-body-inner'> $message </div> </div>"; $footer_html_topic_notify = "<!-- Footer Section --> <div id='mail-footer'> <br> <div> <small>" . sprintf($langLinkUnsubscribe, q($title)) ." <a href='${urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langHere</a></small> </div> </div>"; $html_topic_notify = $header_html_topic_notify.$body_html_topic_notify.$footer_html_topic_notify; $plain_message = html2text($message); $plain_topic_notify = "$langBodyForumNotify $langInForums\n" . "$langSender: $name\n" . "$langCourse: $title\n {$urlServer}courses/$course_code/\n" . "$langCategory: $cat_name\n" . "$langForum: $forum_name\n {$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id\n" . "$langSubject: $subject\n {$urlServer}modules/forum/viewforum.php?course=$course_code&forum=$forum_id&topic=$topic_id\n" . "--------------------------------------------\n$plain_message\n" . "--------------------------------------------\n" . "$langNote: " . canonicalize_whitespace(str_replace('<br />', "\n", sprintf($langLinkUnsubscribe, q($title)))) . " $langHere:\n${urlServer}main/profile/emailunsubscribe.php?cid=$course_id\n"; $users = Database::get()->queryArray("SELECT DISTINCT user_id FROM forum_notify WHERE (forum_id = ?d OR cat_id = ?d) AND notify_sent = 1 AND course_id = ?d AND user_id != ?d", $forum_id, $category_id, $course_id, $uid); $email = array(); foreach ($users as $user) { if (get_user_email_notification($user->user_id, $course_id)) { $email[] = uid_to_email($user->user_id); } } send_mail_multipart('', '', '', $email, $subject_notify, $plain_topic_notify, $html_topic_notify, $charset); }
if (!empty($email)) { send_mail($siteName, $emailAdministrator, '', $email, $emailsubject, $emailbody, $charset, "Reply-To: {$emailhelpdesk}"); } $myrow = Database::get()->querySingle("SELECT id, surname, givenname FROM user WHERE id = ?d", $last_id); if ($myrow) { $uid = $myrow->id; $surname = $myrow->surname; $givenname = $myrow->givenname; } if (!$vmail) { Database::get()->query("INSERT INTO loginout SET id_user = {$uid}, ip = '{$_SERVER['REMOTE_ADDR']}',`when` = NOW(), action = 'LOGIN'"); $_SESSION['uid'] = $uid; $_SESSION['status'] = USER_STUDENT; $_SESSION['givenname'] = $givenname; $_SESSION['surname'] = $surname; $_SESSION['uname'] = canonicalize_whitespace($username); $tool_content .= "<div class='alert alert-success'><p>{$greeting},</p><p>"; $tool_content .= !empty($email) ? $langPersonalSettings : $langPersonalSettingsLess; $tool_content .= "</p></div>\n <br /><br />\n <p>{$langPersonalSettingsMore}</p>"; } else { $tool_content .= "<div class='alert alert-success'>" . ($prof ? $langDearProf : $langDearUser) . "!<br />{$langMailVerificationSuccess}: <strong>{$email}</strong></div>\n <p>{$langMailVerificationSuccess4}.<br /><br />{$click} <a href='{$urlServer}' class='mainpage'>{$langHere}</a> {$langBackPage}</p>"; } } elseif (empty($_SESSION['uname_app_exists'])) { $email_verification_required = get_config('email_verification_required'); if (!$email_verification_required) { $verified_mail = 2; } else { $verified_mail = 0; } // check if mail address is valid if (!empty($email) and !email_seems_valid($email)) {
exit(); } echo RESPONSE_OK; exit(); } if (isset($_POST['uname']) && isset($_POST['pass'])) { $require_noerrors = true; require_once ('minit.php'); require_once ('include/CAS/CAS.php'); require_once ('modules/auth/auth.inc.php'); require_once ('include/phpass/PasswordHash.php'); $uname = canonicalize_whitespace($_POST['uname']); $pass = $_POST['pass']; foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } $sqlLogin = (get_config('case_insensitive_usernames')) ? "COLLATE utf8_general_ci = ?s" : "COLLATE utf8_bin = ?s"; $myrow = Database::get()->querySingle("SELECT * FROM user WHERE username $sqlLogin", $uname); if (get_config('login_fail_check')) { $r = Database::get()->querySingle("SELECT 1 FROM login_failure WHERE ip = '" . $_SERVER['REMOTE_ADDR'] . "' AND COUNT > " . intval(get_config('login_fail_threshold')) . " AND DATE_SUB(CURRENT_TIMESTAMP, interval " . intval(get_config('login_fail_deny_interval')) . " minute) < last_fail"); } if (get_config('login_fail_check') && $r) {
$missing = register_posted_variables($var_arr); if (!isset($_POST['department'])) { $departments = array(); $missing = false; } else { $departments = $_POST['department']; } $registration_errors = array(); // check if there are empty fields if (!$missing) { $registration_errors[] = $langFieldsMissing; } else { $uname = canonicalize_whitespace($uname); // check if the username is already in use $username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $uname); if ($username_check) { $registration_errors[] = $langUserFree; } if ($display_captcha) { // captcha check require_once 'include/securimage/securimage.php'; $securimage = new Securimage(); if ($securimage->check($_POST['captcha_code']) == false) { $registration_errors[] = $langCaptchaWrong; } } } if (!empty($email) and !email_seems_valid($email)) {
Log::record(0, 0, LOG_PROFILE, array('uid' => intval($_SESSION['uid']), 'addimage' => 1, 'imagetype' => $type)); } // check if email is valid if (get_config('email_required') | get_config('email_verification_required') and !email_seems_valid($email_form)) { Session::Messages($langEmailWrong); redirect_to_home_page("main/profile/profile.php"); } // check if there are empty fields if (!$all_ok) { Session::Messages($langFieldsMissing); redirect_to_home_page("main/profile/profile.php"); } if (!$allow_username_change) { $username_form = $_SESSION['uname']; } $username_form = canonicalize_whitespace($username_form); // check if username exists if ($username_form != $_SESSION['uname']) { $username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $username_form); if ($username_check) { Session::Messages($langUserFree); redirect_to_home_page("main/profile/profile.php"); } } // TODO: Allow admin to configure allowed username format if (!empty($email_form) && $email_form != $_SESSION['email'] && get_config('email_verification_required')) { $verified_mail_sql = ", verified_mail = " . EMAIL_UNVERIFIED; } else { $verified_mail_sql = ''; } // everything is ok
/** * A function to generate event block in month calendar * @param object $event event to format * @param string $color event color * @return icalendar list of user events */ function icalendar($cid){ global $course_id; if(!isset($course_id)){ $course_id=$cid; } $ical = "BEGIN:VCALENDAR".PHP_EOL; $ical .= "VERSION:2.0".PHP_EOL; $eventlist = get_course_events(); foreach($eventlist as $event){ $ical .= "BEGIN:VEVENT".PHP_EOL; $startdatetime = new DateTime($event->start); $ical .= "DTSTART:".$startdatetime->format("Ymd\THis").PHP_EOL; $duration = new DateTime($event->duration); $ical .= "DURATION:".$duration->format("\P\TH\Hi\Ms\S").PHP_EOL; $ical .= "SUMMARY:[".strtoupper($event->event_group)."] ".$event->title.PHP_EOL; $ical .= "DESCRIPTION:".canonicalize_whitespace(strip_tags($event->content)).PHP_EOL; if($event->event_group == 'deadline') { $ical .= "BEGIN:VALARM".PHP_EOL; $ical .= "TRIGGER:-PT24H".PHP_EOL; $ical .= "DURATION:PT10H".PHP_EOL; $ical .= "ACTION:DISPLAY".PHP_EOL; $ical .= "DESCRIPTION:DEADLINE REMINDER for ".canonicalize_whitespace(strip_tags($event->title)).PHP_EOL; $ical .= "END:VALARM".PHP_EOL; } $ical .= "END:VEVENT".PHP_EOL; } $ical .= "END:VCALENDAR".PHP_EOL; return $ical; }
if ($_SESSION['u_prof'] and !$alt_auth_prof_reg) { $tool_content .= "<div class='alert alert-danger'>$langForbidden</div>"; draw($tool_content, 0); exit; } $tool_content .= "<div class='form-wrapper'>"; $tool_content .= "<form class='form-horizontal' role='form' method='post' action='altsearch.php'>"; $tool_content .= "<fieldset>" . q($settings['auth_instructions']) . ""; if (isset($_SESSION['prof']) and $_SESSION['prof']) { $tool_content .= "<input type='hidden' name='p' value='1'>"; } if (($auth != 7) and ($auth != 6)) { $set_uname = isset($_GET['uname']) ? (" value='" . q(canonicalize_whitespace($_GET['uname'])) . "'") : ''; $tool_content .= "<div class='form-group'> <label for='UserName' class='col-sm-2 control-label'>$langUsername</label> <div class='col-sm-10'> <input type='text' size='30' maxlength='30' name='uname' autocomplete='off' $set_uname placeholder='$langUserNotice'> </div> </div> <div class='form-group'> <label for='Pass' class='col-sm-2 control-label'>$langPass</label> <div class='col-sm-10'> <input type='password' size='30' maxlength='30' name='passwd' autocomplete='off' placeholder='$langPass'> </div> </div>"; } $tool_content .= "<input type='hidden' name='auth' value='$auth'>";
case 11: case 12: case 13: require_once 'modules/auth/methods/hybridauthform.php'; //generic HybridAuth form for provider settings hybridAuthForm($auth); break; default: break; } if ($auth > 1 and $auth < 6) { $tool_content .= " <div class='alert alert-info'>$langTestAccount</div> <div class='form-group'> <label for='test_username' class='col-sm-2 control-label'>$langUsername:</label> <div class='col-sm-10'> <input class='form-control' type='text' name='test_username' id='test_username' value='" . q(canonicalize_whitespace($test_username)) . "' autocomplete='off'> </div> </div> <div class='form-group'> <label for='test_password' class='col-sm-2 control-label'>$langPass:</label> <div class='col-sm-10'> <input class='form-control' type='password' name='test_password' id='test_password' value='" . q($test_password) . "' autocomplete='off'> </div> </div>"; } $tool_content .= " <div class='form-group'> <div class='col-sm-10 col-sm-offset-2'> <input class='btn btn-primary' type='submit' name='submit' value='$langModify'> <a class='btn btn-default' href='auth.php'>$langCancel</a> </div>
function submit_category() { global $course_id, $langCategoryAdded, $langCategoryModded, $categoryname, $description, $langFormErrors, $course_code; register_posted_variables(array('categoryname' => true, 'description' => true), 'all', 'trim'); $set_sql = "SET name = ?s, description = ?s"; $terms = array($categoryname, purify($description)); $v = new Valitron\Validator($_POST); $v->rule('required', array('categoryname')); if($v->validate()) { if (isset($_POST['id'])) { $id = getDirectReference($_POST['id']); Database::get()->query("UPDATE `group_category` $set_sql WHERE course_id = ?d AND id = ?d", $terms, $course_id, $id); $log_type = LOG_MODIFY; } else { $id = Database::get()->query("INSERT INTO `group_category` $set_sql, course_id = ?d", $terms, $course_id)->lastInsertID; $log_type = LOG_INSERT; } $txt_description = ellipsize(canonicalize_whitespace(strip_tags($description)), 50, '+'); Log::record($course_id, MODULE_ID_LINKS, $log_type, array('id' => $id, 'category' => $categoryname, 'description' => $txt_description)); } else { Session::flashPost()->Messages($langFormErrors)->Errors($v->errors()); redirect_to_home_page("modules/group/group_category.php?course=$course_code&addcategory=1"); } }