/**
* Process an authorization request.
*
* Operations:
* - Auto creates users.
* - Sets up user object for linked accounts.
*
* @param string $oidcuniqid The OIDC unique identifier received.
* @param array $tokenparams Received token parameters.
* @param \auth_oidc\jwt $idtoken Received id token.
* @return bool Success/Failure.
*/
public function request_user_authorise($oidcuniqid, $tokenparams, $idtoken)
{
global $USER, $SESSION;
$this->must_be_ready();
$username = $oidcuniqid;
$email = $idtoken->claim('email');
$firstname = $idtoken->claim('given_name');
$lastname = $idtoken->claim('family_name');
// Office 365 uses "upn".
$upn = $idtoken->claim('upn');
if (!empty($upn)) {
$username = $upn;
$email = $upn;
}
$create = false;
try {
$user = new \User();
$user->find_by_instanceid_username($this->instanceid, $username, true);
if ($user->get('suspendedcusr')) {
die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason')));
}
} catch (\AuthUnknownUserException $e) {
if ($this->can_auto_create_users() === true) {
$institution = new \Institution($this->institution);
if ($institution->isFull()) {
throw new \XmlrpcClientException('OpenID Connect login attempt failed because the institution is full.');
}
$user = new \User();
$create = true;
} else {
return false;
}
}
if ($create === true) {
$user->passwordchange = 0;
$user->active = 1;
$user->deleted = 0;
$user->expiry = null;
$user->expirymailsent = 0;
$user->lastlogin = time();
$user->firstname = $firstname;
$user->lastname = $lastname;
$user->email = $email;
$user->authinstance = $this->instanceid;
db_begin();
$user->username = get_new_username($username);
$user->id = create_user($user, array(), $this->institution, $this, $username);
$userobj = $user->to_stdclass();
$userarray = (array) $userobj;
db_commit();
$user = new User();
$user->find_by_id($userobj->id);
}
$user->commit();
$USER->reanimate($user->id, $this->instanceid);
$SESSION->set('authinstance', $this->instanceid);
return true;
}
function denyregistration_submit(Pieform $form, $values)
{
global $USER, $SESSION;
if (isset($values['message']) && !empty($values['message'])) {
$message = get_string('registrationdeniedmessagereason', 'auth.internal', $values['firstname'], get_config('sitename'), $values['message'], display_name($USER));
} else {
$message = get_string('registrationdeniedmessage', 'auth.internal', $values['firstname'], get_config('sitename'), display_name($USER));
}
try {
delete_records('usr_registration', 'email', $values['email']);
$user = (object) $values;
$user->admin = 0;
$user->staff = 0;
email_user($user, $USER, get_string('registrationdeniedemailsubject', 'auth.internal', get_config('sitename')), $message);
} catch (EmailException $e) {
log_warn($e);
die_info(get_string('registrationdeniedunsuccessful', 'admin'));
} catch (SQLException $e) {
log_warn($e);
die_info(get_string('registrationdeniedunsuccessful', 'admin'));
}
$SESSION->add_ok_msg(get_string('registrationdeniedsuccessful', 'admin'));
redirect('/admin/users/pendingregistrations.php?institution=' . $values['institution']);
}
/**
* Grab a delegate object for auth stuff
*/
public function request_user_authorise($token, $remotewwwroot)
{
global $USER, $SESSION;
$this->must_be_ready();
$peer = get_peer($remotewwwroot);
if ($peer->deleted != 0 || $this->config['theyssoin'] != 1) {
throw new XmlrpcClientException('We don\'t accept SSO connections from ' . institution_display_name($peer->institution));
}
$client = new Client();
$client->set_method('auth/mnet/auth.php/user_authorise')->add_param($token)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($remotewwwroot);
$remoteuser = (object) $client->response;
if (empty($remoteuser) or !property_exists($remoteuser, 'username')) {
// Caught by land.php
throw new AccessDeniedException();
}
$create = false;
$update = false;
if ('1' == $this->config['updateuserinfoonlogin']) {
$update = true;
}
// Retrieve a $user object. If that fails, create a blank one.
try {
$user = new User();
if (get_config('usersuniquebyusername')) {
// When turned on, this setting means that it doesn't matter
// which other application the user SSOs from, they will be
// given the same account in Mahara.
//
// This setting is one that has security implications unless
// only turned on by people who know what they're doing. In
// particular, every system linked to Mahara should be making
// sure that same username == same person. This happens for
// example if two Moodles are using the same LDAP server for
// authentication.
//
// If this setting is on, it must NOT be possible to self
// register on the site for ANY institution - otherwise users
// could simply pick usernames of people's accounts they wished
// to steal.
if ($institutions = get_column('institution', 'name', 'registerallowed', '1')) {
log_warn("usersuniquebyusername is turned on but registration is allowed for an institution. " . "No institution can have registration allowed for it, for security reasons.\n" . "The following institutions have registration enabled:\n " . join("\n ", $institutions));
throw new AccessDeniedException();
}
if (!get_config('usersallowedmultipleinstitutions')) {
log_warn("usersuniquebyusername is turned on but usersallowedmultipleinstitutions is off. " . "This makes no sense, as users will then change institution every time they log in from " . "somewhere else. Please turn this setting on in Site Options");
throw new AccessDeniedException();
}
$user->find_by_username($remoteuser->username);
} else {
$user->find_by_instanceid_username($this->instanceid, $remoteuser->username, true);
}
if ($user->get('suspendedcusr')) {
die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason')));
}
} catch (AuthUnknownUserException $e) {
if (!empty($this->config['weautocreateusers'])) {
$institution = new Institution($this->institution);
if ($institution->isFull()) {
$institution->send_admin_institution_is_full_message();
throw new XmlrpcClientException('SSO attempt from ' . $institution->displayname . ' failed - institution is full');
}
$user = new User();
$create = true;
} else {
log_debug("User authorisation request from {$remotewwwroot} failed - " . "remote user '{$remoteuser->username}' is unknown to us and auto creation of users is turned off");
return false;
}
}
/*******************************************/
if ($create) {
$user->passwordchange = 1;
$user->active = 1;
$user->deleted = 0;
//TODO: import institution's expiry?:
//$institution = new Institution($peer->institution);
$user->expiry = null;
$user->expirymailsent = 0;
$user->lastlogin = time();
$user->firstname = $remoteuser->firstname;
$user->lastname = $remoteuser->lastname;
$user->email = $remoteuser->email;
$imported = array('firstname', 'lastname', 'email');
//TODO: import institution's per-user-quota?:
//$user->quota = $userrecord->quota;
$user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent;
db_begin();
$user->username = get_new_username($remoteuser->username);
$user->id = create_user($user, array(), $this->institution, $this, $remoteuser->username);
$locked = $this->import_user_settings($user, $remoteuser);
$locked = array_merge($imported, $locked);
/*
* We need to convert the object to a stdclass with its own
* custom method because it uses overloaders in its implementation
* and its properties wouldn't be visible to a simple cast operation
* like (array)$user
*/
$userobj = $user->to_stdclass();
$userarray = (array) $userobj;
db_commit();
// Now we have fired the create event, we need to re-get the data
// for this user
$user = new User();
$user->find_by_id($userobj->id);
} elseif ($update) {
$imported = array('firstname', 'lastname', 'email');
foreach ($imported as $field) {
if ($user->{$field} != $remoteuser->{$field}) {
$user->{$field} = $remoteuser->{$field};
set_profile_field($user->id, $field, $user->{$field});
}
}
if (isset($remoteuser->idnumber)) {
if ($user->studentid != $remoteuser->idnumber) {
$user->studentid = $remoteuser->idnumber;
set_profile_field($user->id, 'studentid', $user->studentid);
}
$imported[] = 'studentid';
}
$locked = $this->import_user_settings($user, $remoteuser);
$locked = array_merge($imported, $locked);
$user->lastlastlogin = $user->lastlogin;
$user->lastlogin = time();
//TODO: import institution's per-user-quota?:
//$user->quota = $userrecord->quota;
$user->commit();
}
if (get_config('usersuniquebyusername')) {
// Add them to the institution they have SSOed in by
$user->join_institution($peer->institution);
}
// See if we need to create/update a profile Icon image
if ($create || $update) {
$client->set_method('auth/mnet/auth.php/fetch_user_image')->add_param($remoteuser->username)->send($remotewwwroot);
$imageobject = (object) $client->response;
$u = preg_replace('/[^A-Za-z0-9 ]/', '', $user->username);
$filename = get_config('dataroot') . 'temp/mpi_' . intval($this->instanceid) . '_' . $u;
if (array_key_exists('f1', $client->response)) {
$imagecontents = base64_decode($client->response['f1']);
if (file_put_contents($filename, $imagecontents)) {
$imageexists = false;
$icons = false;
if ($update) {
$newchecksum = sha1_file($filename);
$icons = get_records_select_array('artefact', 'artefacttype = \'profileicon\' AND owner = ? ', array($user->id), '', 'id');
if (false != $icons) {
foreach ($icons as $icon) {
$iconfile = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $icon->id % 256 . '/' . $icon->id;
$checksum = sha1_file($iconfile);
if ($newchecksum == $checksum) {
$imageexists = true;
unlink($filename);
break;
}
}
}
}
if (false == $imageexists) {
$filesize = filesize($filename);
if (!$user->quota_allowed($filesize)) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
require_once 'file.php';
$imagesize = getimagesize($filename);
if (!$imagesize || !is_image_type($imagesize[2])) {
$error = get_string('filenotimage');
}
$mime = $imagesize['mime'];
$width = $imagesize[0];
$height = $imagesize[1];
$imagemaxwidth = get_config('imagemaxwidth');
$imagemaxheight = get_config('imagemaxheight');
if ($width > $imagemaxwidth || $height > $imagemaxheight) {
$error = get_string('profileiconimagetoobig', 'artefact.file', $width, $height, $imagemaxwidth, $imagemaxheight);
}
try {
$user->quota_add($filesize);
} catch (QuotaException $qe) {
$error = get_string('profileiconuploadexceedsquota', 'artefact.file', get_config('wwwroot'));
}
require_once get_config('docroot') . '/artefact/lib.php';
require_once get_config('docroot') . '/artefact/file/lib.php';
// Entry in artefact table
$artefact = new ArtefactTypeProfileIcon();
$artefact->set('owner', $user->id);
$artefact->set('parent', ArtefactTypeFolder::get_folder_id(get_string('imagesdir', 'artefact.file'), get_string('imagesdirdesc', 'artefact.file'), null, true, $user->id));
$artefact->set('title', ArtefactTypeFileBase::get_new_file_title(get_string('profileicon', 'artefact.file'), (int) $artefact->get('parent'), $user->id));
// unique title
$artefact->set('description', get_string('uploadedprofileicon', 'artefact.file'));
$artefact->set('note', get_string('profileicon', 'artefact.file'));
$artefact->set('size', $filesize);
$artefact->set('filetype', $mime);
$artefact->set('width', $width);
$artefact->set('height', $height);
$artefact->commit();
$id = $artefact->get('id');
// Move the file into the correct place.
$directory = get_config('dataroot') . 'artefact/file/profileicons/originals/' . $id % 256 . '/';
check_dir_exists($directory);
rename($filename, $directory . $id);
if ($create || empty($icons)) {
$user->profileicon = $id;
}
}
$user->commit();
} else {
log_warn(get_string('cantcreatetempprofileiconfile', 'artefact.file', $filename));
}
}
if ($update) {
$locked[] = 'profileicon';
}
}
/*******************************************/
// We know who our user is now. Bring her back to life.
$USER->reanimate($user->id, $this->instanceid);
// Set session variables to let the application know this session was
// initiated by MNET. Don't forget that users could initiate their
// sessions without MNET sometimes, which is why this data is stored in
// the session object.
$SESSION->set('mnetuser', $user->id);
$SESSION->set('authinstance', $this->instanceid);
if (isset($_SERVER['HTTP_REFERER'])) {
$SESSION->set('mnetuserfrom', $_SERVER['HTTP_REFERER']);
}
if ($update && isset($locked)) {
$SESSION->set('lockedfields', $locked);
}
return true;
}
if (param_integer('rerun', 0)) {
delete_records('config', 'field', '_upgrade');
}
if (!($lastupgrade = get_field('config', 'value', 'field', '_upgrade'))) {
try {
insert_record('config', (object) array('field' => '_upgrade', 'value' => $start));
} catch (SQLException $e) {
if (!($lastupgrade = get_field('config', 'value', 'field', '_upgrade'))) {
$lastupgrade = '???';
}
}
}
if (!empty($lastupgrade)) {
$laststart = format_date($lastupgrade, 'strftimedatetimeshort');
log_debug('Not upgrading; unfinished upgrade from ' . $laststart . ' still in progress');
die_info(get_string('upgradeinprogress', 'admin', $laststart));
}
}
$loadingicon = 'icon icon-spinner icon-pulse left';
$successicon = 'icon icon-check text-success left';
$failureicon = 'icon icon-exclamation-triangle left';
$warningicon = 'icon icon-exclamation-triangle left';
// Remove all files in the smarty and dwoo caches
// TODO post 1.2 remove the smarty part
require_once 'file.php';
$basedir = get_config('dataroot') . 'smarty/compile/';
$dh = new DirectoryIterator($basedir);
foreach ($dh as $themedir) {
if ($themedir->isDot()) {
continue;
}
/**
* Called when the auth_saml_login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* Copied and modified from core login_submit
*
* @param object $form The Pieform form object
* @param array $values The submitted values
*/
function auth_saml_login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = trim($values['login_username']);
$password = $values['login_password'];
$authenticated = false;
$oldlastlogin = 0;
try {
$authenticated = login_test_all_user_authinstance($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
redirect('/auth/saml/index.php');
}
} catch (AuthUnknownUserException $e) {
$SESSION->add_error_msg(get_string('loginfailed'));
redirect('/auth/saml/index.php');
}
auth_check_admin_section();
// Check if the user's account has been deleted
if ($USER->deleted) {
$USER->logout();
die_info(get_string('accountdeleted'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
$USER->logout();
die_info(get_string('accountexpired'));
}
// Check if the user's account has become inactive
$inactivetime = get_config('defaultaccountinactiveexpire');
if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) {
$USER->logout();
die_info(get_string('accountinactive'));
}
// Check if the user's account has been suspended
if ($USER->suspendedcusr) {
$suspendedctime = strftime(get_string('strftimedaydate'), $USER->suspendedctime);
$suspendedreason = $USER->suspendedreason;
$USER->logout();
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// User is allowed to log in
auth_check_required_fields();
// all happy - carry on now
redirect('/auth/saml/index.php');
}
public function addUserAsMember($user)
{
global $USER;
if ($this->isFull()) {
$this->send_admin_institution_is_full_message();
die_info(get_string('institutionmaxusersexceeded', 'admin'));
}
if (is_numeric($user)) {
$user = get_record('usr', 'id', $user);
}
// The user hasn't been added yet, so we have to manually use this institution's lang
if ($this->lang != 'default') {
$lang = $this->lang;
} else {
$lang = get_user_language($user->id);
}
$userinst = new StdClass();
$userinst->institution = $this->name;
$studentid = get_field('usr_institution_request', 'studentid', 'usr', $user->id, 'institution', $this->name);
if (!empty($studentid)) {
$userinst->studentid = $studentid;
} else {
if (!empty($user->studentid)) {
$userinst->studentid = $user->studentid;
}
}
$userinst->usr = $user->id;
$now = time();
$userinst->ctime = db_format_timestamp($now);
$defaultexpiry = $this->defaultmembershipperiod;
if (!empty($defaultexpiry)) {
$userinst->expiry = db_format_timestamp($now + $defaultexpiry);
}
$message = (object) array('users' => array($user->id), 'subject' => get_string_from_language($lang, 'institutionmemberconfirmsubject'), 'message' => get_string_from_language($lang, 'institutionmemberconfirmmessage', 'mahara', $this->displayname));
db_begin();
if (!get_config('usersallowedmultipleinstitutions')) {
delete_records('usr_institution', 'usr', $user->id);
delete_records('usr_institution_request', 'usr', $user->id);
}
insert_record('usr_institution', $userinst);
delete_records('usr_institution_request', 'usr', $userinst->usr, 'institution', $this->name);
execute_sql("\n DELETE FROM {usr_tag}\n WHERE usr = ? AND tag " . db_ilike() . " 'lastinstitution:%'", array($user->id));
// Copy institution views and collection to the user's portfolio
$checkviewaccess = empty($user->newuser) && !$USER->get('admin');
$userobj = new User();
$userobj->find_by_id($user->id);
$userobj->copy_institution_views_collections_to_new_member($this->name);
require_once 'activity.php';
activity_occurred('maharamessage', $message);
handle_event('updateuser', $userinst->usr);
// Give institution members access to user's profile page
require_once 'view.php';
if ($profileview = $userobj->get_profile_view()) {
$profileview->add_owner_institution_access(array($this->name));
}
db_commit();
}
function register_submit(Pieform $form, $values)
{
global $SESSION;
// store password encrypted
// don't die_info, since reloading the page shows the login form.
// instead, redirect to some other page that says this
safe_require('auth', 'internal');
$values['salt'] = substr(md5(rand(1000000, 9999999)), 2, 8);
$values['password'] = AuthInternal::encrypt_password($values['password1'], $values['salt']);
$values['key'] = get_random_key();
// @todo the expiry date should be configurable
$values['expiry'] = db_format_timestamp(time() + 86400);
$values['lang'] = $SESSION->get('lang');
try {
insert_record('usr_registration', $values);
$f = fopen('/tmp/donal.txt', 'w');
fwrite($f, get_string('registeredemailmessagetext', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('sitename')));
$user = (object) $values;
$user->admin = 0;
$user->staff = 0;
email_user($user, null, get_string('registeredemailsubject', 'auth.internal', get_config('sitename')), get_string('registeredemailmessagetext', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('sitename')), get_string('registeredemailmessagehtml', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('wwwroot'), $values['key'], get_config('sitename')));
} catch (EmailException $e) {
log_warn($e);
die_info(get_string('registrationunsuccessful', 'auth.internal'));
} catch (SQLException $e) {
log_warn($e);
die_info(get_string('registrationunsuccessful', 'auth.internal'));
}
// Add a marker in the session to say that the user has registered
$_SESSION['registered'] = true;
redirect('/register.php');
}
function auth_register_submit(Pieform $form, $values)
{
global $SESSION;
safe_require('auth', 'internal');
$values['key'] = get_random_key();
$values['lang'] = $SESSION->get('lang');
// If the institution requires approval, mark the record as pending
// @todo the expiry date should be configurable
if ($confirm = get_config('requireregistrationconfirm') || get_field('institution', 'registerconfirm', 'name', $values['institution'])) {
if (isset($values['authtype']) && $values['authtype'] != 'internal') {
$authinstance = get_record('auth_instance', 'institution', $values['institution'], 'authname', $values['authtype'] ? $values['authtype'] : 'internal');
$auth = AuthFactory::create($authinstance->id);
$confirm = !$auth->weautocreateusers;
}
if ($confirm) {
$values['pending'] = 1;
$values['expiry'] = db_format_timestamp(time() + 86400 * 14);
// now + 2 weeks
} else {
$values['pending'] = 0;
$values['expiry'] = db_format_timestamp(time() + 86400);
}
} else {
$values['pending'] = 0;
$values['expiry'] = db_format_timestamp(time() + 86400);
}
if (function_exists('local_register_submit')) {
local_register_submit($values);
}
try {
if (!record_exists('usr_registration', 'email', $values['email'])) {
insert_record('usr_registration', $values);
} else {
update_record('usr_registration', $values, array('email' => $values['email']));
}
$user = (object) $values;
$user->admin = 0;
$user->staff = 0;
// If the institution requires approval, notify institutional admins.
if ($confirm) {
$fullname = sprintf("%s %s", trim($user->firstname), trim($user->lastname));
$institution = new Institution($values['institution']);
$pendingregistrationslink = sprintf("%sadmin/users/pendingregistrations.php?institution=%s", get_config('wwwroot'), $values['institution']);
// list of admins for this institution
if (count($institution->admins()) > 0) {
$admins = $institution->admins();
} else {
// use site admins if the institution doesn't have any
$admins = get_column('usr', 'id', 'admin', 1, 'deleted', 0);
}
require_once get_config('libroot') . 'pieforms/pieform/elements/expiry.php';
$expirytime = pieform_element_expiry_get_expiry_from_seconds(get_config('defaultregistrationexpirylifetime'));
if ($expirytime == null) {
$expirystring = get_config('defaultregistrationexpirylifetime') . ' ' . get_string('seconds', 'performance');
} else {
if ($expirytime['units'] == 'noenddate') {
$expirystring = get_string('element.expiry.noenddate', 'pieforms');
} else {
$expirystring = $expirytime['number'] . ' ' . get_string('element.expiry.' . $expirytime['units'], 'pieforms');
}
}
// email each admin
// @TODO Respect the notification preferences of the admins.
foreach ($admins as $admin) {
$adminuser = new User();
$adminuser->find_by_id($admin);
email_user($adminuser, null, get_string('pendingregistrationadminemailsubject', 'auth.internal', $institution->displayname, get_config('sitename')), get_string('pendingregistrationadminemailtext', 'auth.internal', $adminuser->firstname, $institution->displayname, $pendingregistrationslink, $expirystring, $fullname, $values['email'], $values['reason'], get_config('sitename')), get_string('pendingregistrationadminemailhtml', 'auth.internal', $adminuser->firstname, $institution->displayname, $pendingregistrationslink, $pendingregistrationslink, $expirystring, $fullname, $values['email'], $values['reason'], get_config('sitename')));
}
email_user($user, null, get_string('approvalemailsubject', 'auth.internal', get_config('sitename')), get_string('approvalemailmessagetext', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('sitename')), get_string('approvalemailmessagehtml', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('sitename')));
$_SESSION['registeredokawaiting'] = true;
} else {
if (isset($values['authtype']) && $values['authtype'] == 'browserid') {
redirect('/register.php?key=' . $values['key']);
} else {
email_user($user, null, get_string('registeredemailsubject', 'auth.internal', get_config('sitename')), get_string('registeredemailmessagetext', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('sitename')), get_string('registeredemailmessagehtml', 'auth.internal', $values['firstname'], get_config('sitename'), get_config('wwwroot'), $values['key'], get_config('wwwroot'), $values['key'], get_config('sitename')));
}
// Add a marker in the session to say that the user has registered
$_SESSION['registered'] = true;
}
} catch (EmailException $e) {
log_warn($e);
die_info(get_string('registrationunsuccessful', 'auth.internal'));
} catch (SQLException $e) {
log_warn($e);
die_info(get_string('registrationunsuccessful', 'auth.internal'));
}
redirect($values['goto']);
}
function adduser_submit(Pieform $form, $values)
{
global $USER, $SESSION, $TRANSPORTER;
db_begin();
raise_time_limit(180);
// Create user
$user = (object) array('authinstance' => $values['authinstance'], 'username' => $values['username'], 'firstname' => $values['firstname'] ? $values['firstname'] : 'Imported', 'lastname' => $values['lastname'] ? $values['lastname'] : 'User', 'email' => $values['email'], 'password' => $values['password'], 'passwordchange' => 1);
if ($USER->get('admin')) {
// Not editable by institutional admins
$user->staff = (int) ($values['staff'] == 'on');
$user->admin = (int) ($values['admin'] == 'on');
}
if ($USER->get('admin') || get_config_plugin('artefact', 'file', 'institutionaloverride')) {
$user->quota = $values['quota'];
}
$authinstance = get_record('auth_instance', 'id', $values['authinstance']);
$remoteauth = false;
if ($authinstance->authname != 'internal') {
$remoteauth = true;
}
if (!isset($values['remoteusername'])) {
$values['remoteusername'] = null;
}
$user->id = create_user($user, array(), $authinstance->institution, $remoteauth, $values['remoteusername'], $values);
if (isset($user->admin) && $user->admin) {
require_once 'activity.php';
activity_add_admin_defaults(array($user->id));
}
if ($values['institutionadmin']) {
set_field('usr_institution', 'admin', 1, 'usr', $user->id, 'institution', $authinstance->institution);
}
if (isset($values['leap2afile'])) {
// And we're good to go
$importdata = (object) array('token' => '', 'usr' => $user->id, 'queue' => (int) (!PluginImport::import_immediately_allowed()), 'ready' => 0, 'expirytime' => db_format_timestamp(time() + 60 * 60 * 24), 'format' => 'leap', 'loglevel' => PluginImportLeap::LOG_LEVEL_VERBOSE, 'logtargets' => LOG_TARGET_FILE, 'profile' => true);
$importer = PluginImport::create_importer(null, $TRANSPORTER, $importdata);
try {
$importer->process();
log_info("Imported user account {$user->id} from Leap2A file, see " . $importer->get('logfile') . ' for a full log');
} catch (ImportException $e) {
log_info("Leap2A import failed: " . $e->getMessage());
die_info(get_string('leap2aimportfailed', 'admin'));
}
// Reload the user details, as various fields are changed by the
// importer when importing (e.g. firstname/lastname)
$user = get_record('usr', 'id', $user->id);
}
db_commit();
if (!empty($user->email)) {
try {
email_user($user, $USER, get_string('accountcreated', 'mahara', get_config('sitename')), get_string('accountcreatedchangepasswordtext', 'mahara', $user->firstname, get_config('sitename'), $user->username, $values['password'], get_config('wwwroot'), get_config('sitename')), get_string('accountcreatedchangepasswordhtml', 'mahara', $user->firstname, get_config('wwwroot'), get_config('sitename'), $user->username, $values['password'], get_config('wwwroot'), get_config('wwwroot'), get_config('sitename')));
} catch (EmailException $e) {
$SESSION->add_error_msg(get_string('newuseremailnotsent', 'admin'));
}
}
$SESSION->add_ok_msg(get_string('newusercreated', 'admin'));
redirect('/admin/users/edit.php?id=' . $user->id);
}
function do_import()
{
global $IMPORTER;
safe_require('import', 'leap');
try {
$result = $IMPORTER->do_import_from_requests();
} catch (ImportException $e) {
log_info("Leap2A import failed: " . $e->getMessage());
die_info(get_string('importfailed', 'import'));
}
if ($IMPORTER) {
delete_records('import_entry_requests', 'importid', $IMPORTER->get('importertransport')->get('importid'), 'ownerid', $IMPORTER->get('usr'));
remove_importer_from_session();
}
$smarty = smarty();
$smarty->assign('PAGEHEADING', get_string('importresult', 'import'));
$smarty->assign('form', $result);
$smarty->display('form.tpl');
}
function forgotpass_submit(Pieform $form, $values)
{
global $SESSION;
try {
if (!($user = get_record_sql('SELECT * FROM {usr} WHERE LOWER(email) = ?', array(strtolower($values['emailusername']))))) {
if (!($user = get_record_sql('SELECT * FROM {usr} WHERE LOWER(username) = ?', array(strtolower($values['emailusername']))))) {
die_info(get_string('forgotpassnosuchemailaddressorusername'));
}
}
$pwrequest = new StdClass();
$pwrequest->usr = $user->id;
$pwrequest->expiry = db_format_timestamp(time() + 86400);
$pwrequest->key = get_random_key();
$sitename = get_config('sitename');
$fullname = display_name($user);
email_user($user, null, get_string('forgotusernamepasswordemailsubject', 'mahara', $sitename), get_string('forgotusernamepasswordemailmessagetext', 'mahara', $fullname, $sitename, $user->username, get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key, get_config('wwwroot') . 'contact.php', $sitename), get_string('forgotusernamepasswordemailmessagehtml', 'mahara', $fullname, $sitename, $user->username, get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key, get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key, get_config('wwwroot') . 'contact.php', $sitename));
insert_record('usr_password_request', $pwrequest);
} catch (SQLException $e) {
die_info(get_string('forgotpassemailsendunsuccessful'));
} catch (EmailDisabledException $e) {
die_info(get_string('forgotpassemaildisabled'));
} catch (EmailException $e) {
die_info(get_string('forgotpassemailsendunsuccessful'));
}
// Add a marker in the session to say that the user has registered
$_SESSION['pwchangerequested'] = true;
redirect('/forgotpass.php');
}
*/
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/export');
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'view.php';
require_once 'collection.php';
define('TITLE', get_string('exportyourportfolio', 'export'));
define('SECTION_PLUGINTYPE', 'core');
define('SECTION_PLUGINNAME', 'export');
define('SECTION_PAGE', 'index');
$SESSION->set('exportdata', '');
$SESSION->set('exportfile', '');
$exportoptions = array();
$exportplugins = plugins_installed('export');
if (!$exportplugins) {
die_info(get_string('noexportpluginsenabled', 'export'));
}
foreach ($exportplugins as $plugin) {
safe_require('export', $plugin->name);
$exportoptions[$plugin->name] = array('text' => call_static_method(generate_class_name('export', $plugin->name), 'get_title'), 'description' => call_static_method(generate_class_name('export', $plugin->name), 'get_description'));
}
$elements = array('format' => array('type' => 'radio', 'options' => $exportoptions, 'defaultvalue' => 'html'), 'what' => array('type' => 'radio', 'options' => array('all' => get_string('allmydata', 'export'), 'views' => get_string('justsomeviews', 'export')), 'defaultvalue' => 'all'), 'includefeedback' => array('type' => 'switchbox', 'class' => 'last', 'title' => get_string('includefeedback', 'export'), 'description' => get_string('includefeedbackdescription', 'export'), 'defaultvalue' => 1));
if ($viewids = get_column_sql('SELECT id FROM {view} WHERE owner = ? AND type = ? ORDER BY title', array($USER->get('id'), 'portfolio'))) {
foreach ($viewids as $viewid) {
$view = new View($viewid);
$elements['view_' . $viewid] = array('type' => 'checkbox', 'class' => 'checkbox', 'title' => $view->get('title'), 'description' => $view->get('description'), 'viewlink' => $view->get_url(true, true));
}
$jsfiles = array('js/preview.js', 'js/export.js');
$collections = get_records_sql_array('
SELECT c.id, c.name, c.description
FROM {collection} c JOIN {collection_view} cv ON c.id = cv.collection
/**
* Called when the login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* @param object $form The Pieform form object
* @param array $values The submitted values
* @access private
*/
function login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = $values['login_username'];
$password = $values['login_password'];
$authenticated = false;
$oldlastlogin = 0;
try {
$authenticated = $USER->login($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// If the user doesn't exist, check for institutions that
// want to create users automatically.
try {
// Reset the LiveUser object, since we are attempting to create a
// new user
$SESSION->destroy_session();
$USER = new LiveUser();
$authinstances = get_records_sql_array('
SELECT a.id, a.instancename, a.priority, a.authname, a.institution, i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
ORDER BY a.institution, a.priority, a.instancename', null);
if ($authinstances == false) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
$USER->username = $username;
reset($authinstances);
while ((list(, $authinstance) = each($authinstances)) && false == $authenticated) {
$auth = AuthFactory::create($authinstance->id);
if (!$auth->can_auto_create_users()) {
continue;
}
if ($auth->authenticate_user_account($USER, $password)) {
$authenticated = true;
} else {
continue;
}
// Check now to see if the institution has its maximum quota of users
require_once 'institution.php';
$institution = new Institution($authinstance->institution);
if ($institution->isFull()) {
throw new AuthUnknownUserException('Institution has too many users');
}
$USER->authinstance = $authinstance->id;
$userdata = $auth->get_user_info($username);
if (empty($userdata)) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
// Check for a suspended institution
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
}
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = $userdata->firstname;
}
if (isset($userdata->lastname)) {
$USER->lastname = $userdata->lastname;
}
if (isset($userdata->email)) {
$USER->email = $userdata->email;
} else {
// The user will be asked to populate this when they log in.
$USER->email = null;
}
try {
create_user($USER, array(), $institution);
$USER->reanimate($USER->id, $authinstance->id);
} catch (Exception $e) {
db_rollback();
throw $e;
}
}
if (!$authenticated) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// We weren't able to authenticate the user for some reason that
// probably isn't their fault (e.g. ldap extension not available
// when using ldap authentication)
log_info($e->getMessage());
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
}
// Only admins in the admin section!
if (!$USER->get('admin') && (defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
// Check if the user's account has been deleted
if ($USER->deleted) {
$USER->logout();
die_info(get_string('accountdeleted'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
$USER->logout();
die_info(get_string('accountexpired'));
}
// Check if the user's account has become inactive
$inactivetime = get_config('defaultaccountinactiveexpire');
if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) {
$USER->logout();
die_info(get_string('accountinactive'));
}
// Check if the user's account has been suspended
if ($USER->suspendedcusr) {
$suspendedctime = $USER->suspendedctime;
$suspendedreason = $USER->suspendedreason;
$USER->logout();
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// User is allowed to log in
//$USER->login($userdata);
auth_check_password_change();
auth_check_required_fields();
}
/**
* Called when the login form is submitted. Validates the user and password, and
* if they are valid, starts a new session for the user.
*
* @param object $form The Pieform form object
* @param array $values The submitted values
* @access private
*/
function login_submit(Pieform $form, $values)
{
global $SESSION, $USER;
$username = $values['login_username'];
$password = $values['login_password'];
$authenticated = false;
$oldlastlogin = 0;
try {
$authenticated = $USER->login($username, $password);
if (empty($authenticated)) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// If the user doesn't exist, check for institutions that
// want to create users automatically.
try {
// Reset the LiveUser object, since we are attempting to create a
// new user
$SESSION->destroy_session();
$USER = new LiveUser();
$authinstances = get_records_sql_array('
SELECT a.id, a.instancename, a.priority, a.authname, a.institution, i.suspended, i.displayname
FROM {institution} i JOIN {auth_instance} a ON a.institution = i.name
ORDER BY a.institution, a.priority, a.instancename', null);
if ($authinstances == false) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
$USER->username = $username;
reset($authinstances);
while ((list(, $authinstance) = each($authinstances)) && false == $authenticated) {
$auth = AuthFactory::create($authinstance->id);
if (!$auth->can_auto_create_users()) {
continue;
}
// catch semi-fatal auth errors, but allow next auth instance to be
// tried
try {
if ($auth->authenticate_user_account($USER, $password)) {
$authenticated = true;
} else {
continue;
}
} catch (AuthInstanceException $e) {
continue;
}
// Check now to see if the institution has its maximum quota of users
require_once 'institution.php';
$institution = new Institution($authinstance->institution);
if ($institution->isFull()) {
throw new AuthUnknownUserException('Institution has too many users');
}
$USER->authinstance = $authinstance->id;
$userdata = $auth->get_user_info($username);
if (empty($userdata)) {
throw new AuthUnknownUserException("\"{$username}\" is not known");
}
// Check for a suspended institution
if ($authinstance->suspended) {
$sitename = get_config('sitename');
throw new AccessTotallyDeniedException(get_string('accesstotallydenied_institutionsuspended', 'mahara', $authinstance->displayname, $sitename));
}
// We have the data - create the user
$USER->lastlogin = db_format_timestamp(time());
if (isset($userdata->firstname)) {
$USER->firstname = $userdata->firstname;
}
if (isset($userdata->lastname)) {
$USER->lastname = $userdata->lastname;
}
if (isset($userdata->email)) {
$USER->email = $userdata->email;
} else {
// The user will be asked to populate this when they log in.
$USER->email = null;
}
try {
// If this authinstance is a parent auth for some xmlrpc authinstance, pass it along to create_user
// so that this username also gets recorded as the username for sso from the remote sites.
$remoteauth = count_records('auth_instance_config', 'field', 'parent', 'value', $authinstance->id) ? $authinstance : null;
create_user($USER, array(), $institution, $remoteauth);
$USER->reanimate($USER->id, $authinstance->id);
} catch (Exception $e) {
db_rollback();
throw $e;
}
}
if (!$authenticated) {
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
} catch (AuthUnknownUserException $e) {
// We weren't able to authenticate the user for some reason that
// probably isn't their fault (e.g. ldap extension not available
// when using ldap authentication)
log_info($e->getMessage());
$SESSION->add_error_msg(get_string('loginfailed'));
return;
}
}
// Only admins in the admin section!
if (!$USER->get('admin') && (defined('ADMIN') || defined('INSTITUTIONALADMIN') && !$USER->is_institutional_admin())) {
$SESSION->add_error_msg(get_string('accessforbiddentoadminsection'));
redirect();
}
// Check if the user's account has been deleted
if ($USER->deleted) {
$USER->logout();
die_info(get_string('accountdeleted'));
}
// Check if the user's account has expired
if ($USER->expiry > 0 && time() > $USER->expiry) {
$USER->logout();
die_info(get_string('accountexpired'));
}
// Check if the user's account has become inactive
$inactivetime = get_config('defaultaccountinactiveexpire');
if ($inactivetime && $oldlastlogin > 0 && $oldlastlogin + $inactivetime < time()) {
$USER->logout();
die_info(get_string('accountinactive'));
}
// Check if the user's account has been suspended
if ($USER->suspendedcusr) {
$suspendedctime = strftime(get_string('strftimedaydate'), $USER->suspendedctime);
$suspendedreason = $USER->suspendedreason;
$USER->logout();
die_info(get_string('accountsuspended', 'mahara', $suspendedctime, $suspendedreason));
}
// User is allowed to log in
//$USER->login($userdata);
auth_check_required_fields();
if (get_config('httpswwwroot') && !defined('JSON')) {
// If we are using HTTPS for logins we need to go back to
// non-HTTPS URLs. Otherwise, Javascript (and possibly CSS)
// breaks. Don't use get_full_script_path(), as it doesn't
// work if someone sets httpswwwroot to something like
// 'https://x.y.z.w:443/...' (unlikely, but
// possible). get_full_script_path() doesn't gives us the
// ':443' part and things break horribly.
$parts = parse_url(get_config('httpswwwroot'));
$httpsrequest = rtrim($parts['path'], '/');
redirect(hsc(substr(get_script_path(), strlen($httpsrequest))));
}
}
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/export');
require dirname(dirname(__FILE__)) . '/init.php';
require_once 'view.php';
require_once 'collection.php';
define('TITLE', get_string('exportyourportfolio', 'export'));
$SESSION->set('exportdata', '');
$SESSION->set('exportfile', '');
$exportoptions = array();
$exportplugins = plugins_installed('export');
if (!$exportplugins) {
die_info(get_string('noexportpluginsenabled', 'export'));
}
if (!is_executable(get_config('pathtozip'))) {
log_info("Either you do not have the 'zip' command installed, or the config setting 'pathtozip' is not pointing at your zip command." . " Until you fix this, you will not be able to use the export system.");
die_info(get_string('zipnotinstalled', 'export'));
}
foreach ($exportplugins as $plugin) {
safe_require('export', $plugin->name);
$exportoptions[$plugin->name] = array('text' => call_static_method(generate_class_name('export', $plugin->name), 'get_title'), 'description' => call_static_method(generate_class_name('export', $plugin->name), 'get_description'));
}
$elements = array('format' => array('type' => 'radio', 'options' => $exportoptions, 'defaultvalue' => 'html', 'separator' => '</div><div>'), 'what' => array('type' => 'radio', 'options' => array('all' => get_string('allmydata', 'export'), 'views' => get_string('justsomeviews', 'export')), 'separator' => '</div><div>', 'defaultvalue' => 'all'), 'includefeedback' => array('type' => 'checkbox', 'title' => get_string('includefeedback', 'export'), 'description' => get_string('includefeedbackdescription', 'export'), 'separator' => '</div><div>', 'defaultvalue' => 1));
if ($viewids = get_column('view', 'id', 'owner', $USER->get('id'), 'type', 'portfolio')) {
foreach ($viewids as $viewid) {
$view = new View($viewid);
$elements['view_' . $viewid] = array('type' => 'checkbox', 'title' => $view->get('title'), 'description' => $view->get('description'), 'viewlink' => $view->get_url(true, true));
}
$jsfiles = array('js/preview.js', 'js/export.js');
$collections = get_records_sql_array('
SELECT c.id, c.name, c.description
FROM {collection} c JOIN {collection_view} cv ON c.id = cv.collection
// Log the user in and send them to the homepage
$USER = new LiveUser();
$USER->reanimate($user->id, $authinstance->id);
if (function_exists('local_post_register')) {
local_post_register($registration);
}
$SESSION->add_ok_msg(get_string('registrationcomplete', 'mahara', get_config('sitename')));
$SESSION->set('resetusername', true);
redirect();
}
create_registered_user();
}
// Default page - show the registration form
list($form, $registerconfirm) = auth_generate_registration_form('register', 'internal', '/register.php');
if (!$form) {
die_info(get_string('registeringdisallowed'));
}
list($formhtml, $js) = auth_generate_registration_form_js($form, $registerconfirm);
$registerdescription = get_string('registerwelcome');
if ($registerterms = get_config('registerterms')) {
$registerdescription .= ' ' . get_string('registeragreeterms');
}
$registerdescription .= ' ' . get_string('registerprivacy');
$smarty = smarty();
$smarty->assign('register_form', $formhtml);
$smarty->assign('registerdescription', $registerdescription);
if ($registerterms) {
$smarty->assign('termsandconditions', '<a name="user_acceptterms"></a>' . get_site_page_content('termsandconditions'));
}
$smarty->assign('PAGEHEADING', TITLE);
$smarty->assign('INLINEJAVASCRIPT', $js);
/**
* Grab a delegate object for auth stuff
*/
public function request_user_authorise($attributes)
{
global $USER, $SESSION;
$this->must_be_ready();
if (empty($attributes) or !array_key_exists($this->config['user_attribute'], $attributes) or !array_key_exists($this->config['institutionattribute'], $attributes)) {
throw new AccessDeniedException();
}
$remoteuser = $attributes[$this->config['user_attribute']][0];
$firstname = isset($attributes[$this->config['firstnamefield']][0]) ? $attributes[$this->config['firstnamefield']][0] : null;
$lastname = isset($attributes[$this->config['surnamefield']][0]) ? $attributes[$this->config['surnamefield']][0] : null;
$email = isset($attributes[$this->config['emailfield']][0]) ? $attributes[$this->config['emailfield']][0] : null;
$institutionname = $this->institution;
$create = false;
$update = false;
// Retrieve a $user object. If that fails, create a blank one.
try {
$isremote = $this->config['remoteuser'] ? true : false;
$user = new User();
if (get_config('usersuniquebyusername')) {
// When turned on, this setting means that it doesn't matter
// which other application the user SSOs from, they will be
// given the same account in Mahara.
//
// This setting is one that has security implications unless
// only turned on by people who know what they're doing. In
// particular, every system linked to Mahara should be making
// sure that same username == same person. This happens for
// example if two Moodles are using the same LDAP server for
// authentication.
//
// If this setting is on, it must NOT be possible to self
// register on the site for ANY institution - otherwise users
// could simply pick usernames of people's accounts they wished
// to steal.
if ($institutions = get_column('institution', 'name', 'registerallowed', '1')) {
log_warn("usersuniquebyusername is turned on but registration is allowed for an institution. " . "No institution can have registration allowed for it, for security reasons.\n" . "The following institutions have registration enabled:\n " . join("\n ", $institutions));
throw new AccessDeniedException();
}
if (!get_config('usersallowedmultipleinstitutions')) {
log_warn("usersuniquebyusername is turned on but usersallowedmultipleinstitutions is off. " . "This makes no sense, as users will then change institution every time they log in from " . "somewhere else. Please turn this setting on in Site Options");
throw new AccessDeniedException();
}
} else {
if (!$isremote) {
log_warn("usersuniquebyusername is turned off but remoteuser has not been set on for this institution: {$institutionname}. " . "This is a security risk as users from different institutions with different IdPs can hijack " . "each others accounts. Fix this in the institution level auth/saml settings.");
throw new AccessDeniedException();
}
}
if ($isremote) {
$user->find_by_instanceid_username($this->instanceid, $remoteuser, $isremote);
} else {
$user->find_by_username($remoteuser);
}
if ($user->get('suspendedcusr')) {
die_info(get_string('accountsuspended', 'mahara', strftime(get_string('strftimedaydate'), $user->get('suspendedctime')), $user->get('suspendedreason')));
}
if ('1' == $this->config['updateuserinfoonlogin']) {
$update = true;
}
} catch (AuthUnknownUserException $e) {
if (!empty($this->config['weautocreateusers'])) {
$institution = new Institution($this->institution);
if ($institution->isFull()) {
$institution->send_admin_institution_is_full_message();
throw new XmlrpcClientException('SSO attempt from ' . $institution->displayname . ' failed - institution is full');
}
$user = new User();
$create = true;
} else {
log_debug("User authorisation request from SAML failed - " . "remote user '{$remoteuser}' is unknown to us and auto creation of users is turned off");
return false;
}
}
/*******************************************/
if ($create) {
$user->passwordchange = 1;
$user->active = 1;
$user->deleted = 0;
$user->expiry = null;
$user->expirymailsent = 0;
$user->lastlogin = time();
$user->firstname = $firstname;
$user->lastname = $lastname;
$user->email = $email;
// must have these values
if (empty($firstname) || empty($lastname) || empty($email)) {
throw new AccessDeniedException(get_string('errormissinguserattributes1', 'auth.saml', get_config('sitename')));
}
$user->authinstance = empty($this->config['parent']) ? $this->instanceid : $this->parent;
db_begin();
$user->username = get_new_username($remoteuser, 40);
$user->id = create_user($user, array(), $institutionname, $this, $remoteuser);
/*
* We need to convert the object to a stdclass with its own
* custom method because it uses overloaders in its implementation
* and its properties wouldn't be visible to a simple cast operation
* like (array)$user
*/
$userobj = $user->to_stdclass();
$userarray = (array) $userobj;
db_commit();
// Now we have fired the create event, we need to re-get the data
// for this user
$user = new User();
$user->find_by_id($userobj->id);
if (get_config('usersuniquebyusername')) {
// Add them to the institution they have SSOed in by
$user->join_institution($institutionname);
}
} elseif ($update) {
if (!empty($firstname)) {
set_profile_field($user->id, 'firstname', $firstname);
$user->firstname = $firstname;
}
if (!empty($lastname)) {
set_profile_field($user->id, 'lastname', $lastname);
$user->lastname = $lastname;
}
if (!empty($email)) {
set_profile_field($user->id, 'email', $email);
$user->email = $email;
}
$user->lastlastlogin = $user->lastlogin;
$user->lastlogin = time();
}
$user->commit();
/*******************************************/
// We know who our user is now. Bring em back to life.
$result = $USER->reanimate($user->id, $this->instanceid);
log_debug("remote user '{$remoteuser}' is now reanimated as '{$USER->username}' ");
$SESSION->set('authinstance', $this->instanceid);
return true;
}
function forgotpass_submit(Pieform $form, $values)
{
global $SESSION;
try {
if (!($user = get_record_sql('SELECT u.* FROM {usr} u
INNER JOIN {auth_instance} ai ON (u.authinstance = ai.id)
WHERE (LOWER(u.email) = ? OR LOWER(u.username) = ?)
AND ai.authname = \'internal\'', array_fill(0, 2, strtolower($values['emailusername']))))) {
die_info(get_string('forgotpassnosuchemailaddressorusername'));
}
$pwrequest = new StdClass();
$pwrequest->usr = $user->id;
$pwrequest->expiry = db_format_timestamp(time() + 86400);
$pwrequest->key = get_random_key();
$sitename = get_config('sitename');
$fullname = display_name($user);
// Override the disabled status of this e-mail address
$user->ignoredisabled = true;
email_user($user, null, get_string('forgotusernamepasswordemailsubject', 'mahara', $sitename), get_string('forgotusernamepasswordemailmessagetext', 'mahara', $fullname, $sitename, $user->username, get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key, get_config('wwwroot') . 'contact.php', $sitename), get_string('forgotusernamepasswordemailmessagehtml', 'mahara', $fullname, $sitename, $user->username, get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key, get_config('wwwroot') . 'forgotpass.php?key=' . $pwrequest->key, get_config('wwwroot') . 'contact.php', $sitename));
insert_record('usr_password_request', $pwrequest);
} catch (SQLException $e) {
die_info(get_string('forgotpassemailsendunsuccessful'));
} catch (EmailException $e) {
die_info(get_string('forgotpassemailsendunsuccessful'));
}
// Add a note if this e-mail address is over the bounce threshold to
// warn users that they may not receive the e-mail
if ($mailinfo = get_record_select('artefact_internal_profile_email', '"owner" = ? AND principal = 1', array($user->id))) {
if (check_overcount($mailinfo)) {
$SESSION->add_info_msg(get_string('forgotpassemailsentanyway1', 'mahara', get_config('sitename')));
}
}
// Unsetting disabled status overriding
unset($user->ignoredisabled);
// Add a marker in the session to say that the user has registered
$SESSION->set('pwchangerequested', true);
redirect('/forgotpass.php');
}
}
if ($delete = param_integer('delete', null)) {
ArtefactTypeBlogpost::delete_form($delete);
}
if (is_null($id)) {
if ($institutionname) {
$records = get_records_select_array('artefact', "artefacttype = 'blog' AND \"institution\" = ?", array($institutionname), 'id ASC');
if (!$records || count($records) > 1) {
// There are either no blogs for this institution or more than one so we need to send them to journal list page
// so they can add one or chose a particular blog by id.
redirect("/artefact/blog/index.php?institution={$institutionname}");
exit;
}
} else {
if (!($records = get_records_select_array('artefact', "artefacttype = 'blog' AND \"owner\" = ?", array($USER->get('id')), 'id ASC'))) {
die_info(get_string('nodefaultblogfound', 'artefact.blog', get_config('wwwroot')));
}
}
if ($records) {
if (count($records) > 1) {
// no id supplied and more than one journal so go to journal list page
redirect("/artefact/blog/index.php");
exit;
}
$id = $records[0]->id;
$blog = new ArtefactTypeBlog($id, $records[0]);
}
} else {
$blog = new ArtefactTypeBlog($id);
}
if (!empty($blog)) {
*
*/
define('INTERNAL', 1);
define('ADMIN', 1);
define('INSTALLER', 1);
require dirname(dirname(__FILE__)) . '/init.php';
define('TITLE', get_string('upgrades', 'admin'));
require get_config('libroot') . 'upgrade.php';
$smarty = smarty();
$upgrades = check_upgrades();
if (empty($upgrades['disablelogin'])) {
auth_setup();
}
unset($upgrades['disablelogin']);
if (!$upgrades) {
die_info(get_string('noupgrades', 'admin'));
}
// Remove all files in the smarty cache
require_once 'file.php';
$basedir = get_config('dataroot') . 'smarty/compile/';
$dh = new DirectoryIterator($basedir);
foreach ($dh as $themedir) {
if ($themedir->isDot()) {
continue;
}
$themedirname = $basedir . $themedir->getFilename();
rmdirr($themedirname);
clearstatcache();
check_dir_exists($themedirname);
}
$loadingicon = theme_get_url('images/loading.gif');
function do_import()
{
global $SESSION, $USER, $TRANSPORTER, $IMPORTER;
safe_require('import', 'leap');
// Get $TRANSPORTER and $IMPORTER from $SESSION
$importrecord = (object) array('data' => array('importid' => $SESSION->get('importid'), 'extracted' => $SESSION->get('extracted'), 'mimetype' => $SESSION->get('mimetype')));
$TRANSPORTER = new LocalImporterTransport($importrecord);
$importdata = (object) array('token' => '', 'usr' => $USER->get('id'), 'queue' => (int) false, 'ready' => 0, 'expirytime' => db_format_timestamp(time() + 60 * 60 * 24), 'format' => 'leap', 'loglevel' => PluginImportLeap::LOG_LEVEL_STANDARD, 'logtargets' => LOG_TARGET_FILE, 'profile' => true);
$IMPORTER = PluginImport::create_importer(null, $TRANSPORTER, $importdata);
try {
$result = $IMPORTER->do_import_from_requests();
} catch (ImportException $e) {
log_info("Leap2A import failed: " . $e->getMessage());
die_info(get_string('importfailed', 'import'));
}
$smarty = smarty();
$smarty->assign('PAGEHEADING', get_string('importresult', 'import'));
$smarty->assign('form', $result);
$smarty->display('form.tpl');
}
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @package mahara
* @subpackage import
* @author Catalyst IT Ltd
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006-2008 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
define('MENUITEM', 'myportfolio/import');
require dirname(dirname(__FILE__)) . '/init.php';
define('TITLE', get_string('import', 'import'));
$importplugins = plugins_installed('import');
if (!$importplugins) {
die_info(get_string('noimportpluginsenabled', 'import'));
}
$form = pieform(array('name' => 'import', 'elements' => array('file' => array('type' => 'file', 'title' => 'LEAP2A file', 'description' => 'Either a .zip file or just the LEAP2A XML file', 'rules' => array('required' => true)), 'submit' => array('type' => 'submit', 'value' => 'Import'))));
function import_validate(Pieform $form, $values)
{
if ($values['file']['type'] != 'application/zip' && $values['file']['type'] != 'text/xml') {
$form->set_error('file', 'The file must be a .zip or LEAP2A XML file');
}
}
function import_submit(Pieform $form, $values)
{
global $SESSION;
$date = time();
$nicedate = date('Y/m/d h:i:s', $date);
$uploaddir = get_config('dataroot') . 'import/test-' . $date . '/';
$filename = $uploaddir . $values['file']['name'];
