//print message and exit
F_print_error('WARNING', $l['m_different_passwords']);
$formstatus = FALSE;
F_stripslashes_formfields();
}
} else {
//print message and exit
F_print_error('WARNING', $l['m_empty_password']);
$formstatus = FALSE;
F_stripslashes_formfields();
}
if ($formstatus) {
mt_srand((double) microtime() * 1000000);
$user_verifycode = md5(uniqid(mt_rand(), true));
// verification code
$user_ip = getNormalizedIP($_SERVER['REMOTE_ADDR']);
// get the user's IP number
$user_regdate = date(K_TIMESTAMP_FORMAT);
// get the registration date and time
if (K_USRREG_EMAIL_CONFIRM) {
$usrlevel = 0;
} else {
$usrlevel = 1;
}
$sql = 'INSERT INTO ' . K_TABLE_USERS . ' (
user_regdate,
user_ip,
user_name,
user_email,
user_password,
user_regnumber,
/**
* Converts a string containing an IP address into its integer value.
* @param $ip (string) IP address to convert.
* @return int IP address as integer number.
* @since 7.1.000 (2009-02-13)
*/
function getIpAsInt($ip)
{
$ip = getNormalizedIP($ip);
$ip = str_replace(':', '', $ip);
return hexdec($ip);
}
\'' . date(K_TIMESTAMP_FORMAT, time() + 300) . '\',
\'300\'
)';
if (!F_db_query($sqltu, $db)) {
F_display_db_error();
}
$otp = true;
}
}
}
}
if (!K_OTP_LOGIN or $otp) {
// sets some user's session data
$_SESSION['session_user_id'] = $m['user_id'];
$_SESSION['session_user_name'] = $m['user_name'];
$_SESSION['session_user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
$_SESSION['session_user_level'] = $m['user_level'];
$_SESSION['session_user_firstname'] = urlencode($m['user_firstname']);
$_SESSION['session_user_lastname'] = urlencode($m['user_lastname']);
// read client cookie
if (isset($_COOKIE['LastVisit'])) {
$_SESSION['session_last_visit'] = intval($_COOKIE['LastVisit']);
} else {
$_SESSION['session_last_visit'] = 0;
}
$logged = true;
} else {
$login_error = true;
}
} elseif (!F_check_unique(K_TABLE_USERS, 'user_name=\'' . F_escape_sql($_POST['xuser_name']) . '\'')) {
// the user name exist but the password is wrong
/**
* Updates question log data (register user's answers and calculate scores).
* @param $test_id (int) test ID
* @param $testlog_id (int) test log ID
* @param $answer_id (array) answer_id form field value
* @param $answer_text (string) answer text
* @param $reaction_time (int) reaction time in milliseconds
* @return boolean TRUE in case of success, FALSE otherwise
*/
function F_updateQuestionLog($test_id, $testlog_id, $answer_id = 0, $answer_text = '', $reaction_time = 0)
{
require_once '../config/tce_config.php';
global $db, $l;
$question_id = 0;
// question ID
$question_type = 3;
// question type
$question_difficulty = 1;
// question difficulty
$oldtext = '';
// old text answer
$answer_changed = false;
// true when answer change
$answer_score = 0;
// answer total score
$num_answers = 0;
// counts alternative answers
$test_id = intval($test_id);
$testlog_id = intval($testlog_id);
$unanswered = true;
// get test data
$testdata = F_getTestData($test_id);
// get question information
$sql = 'SELECT *
FROM ' . K_TABLE_TESTS_LOGS . ', ' . K_TABLE_QUESTIONS . '
WHERE testlog_question_id=question_id
AND testlog_id=' . $testlog_id . '
LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
// get previous answer text
$oldtext = $m['testlog_answer_text'];
$question_id = $m['question_id'];
$question_type = $m['question_type'];
$question_difficulty = $m['question_difficulty'];
}
} else {
F_display_db_error();
return false;
}
// calculate question score
$question_right_score = $testdata['test_score_right'] * $question_difficulty;
$question_wrong_score = $testdata['test_score_wrong'] * $question_difficulty;
$question_unanswered_score = $testdata['test_score_unanswered'] * $question_difficulty;
if ($question_type != 3) {
$sql = 'SELECT *
FROM ' . K_TABLE_LOG_ANSWER . ', ' . K_TABLE_ANSWERS . '
WHERE logansw_answer_id=answer_id
AND logansw_testlog_id=' . $testlog_id . '
ORDER BY logansw_order';
if ($r = F_db_query($sql, $db)) {
while ($m = F_db_fetch_array($r)) {
$num_answers++;
// update each answer
$sqlu = 'UPDATE ' . K_TABLE_LOG_ANSWER . ' SET';
switch ($question_type) {
case 1:
// MCSA - Multiple Choice Single Answer
if ($answer_id == 0) {
// unanswered
$answer_score = $question_unanswered_score;
if ($m['logansw_selected'] != -1) {
$answer_changed = true;
}
$sqlu .= ' logansw_selected=-1';
} elseif ($answer_id == $m['logansw_answer_id']) {
$unanswered = false;
// selected
if (F_getBoolean($m['answer_isright'])) {
$answer_score = $question_right_score;
} else {
$answer_score = $question_wrong_score;
}
if ($m['logansw_selected'] != 1) {
$answer_changed = true;
}
$sqlu .= ' logansw_selected=1';
} else {
$unanswered = false;
// unselected
if ($m['logansw_selected'] == 1) {
$answer_changed = true;
}
$sqlu .= ' logansw_selected=0';
}
break;
case 2:
// MCMA - Multiple Choice Multiple Answer
if (isset($answer_id[$m['logansw_answer_id']])) {
// radiobutton or selected checkbox
$answer_id[$m['logansw_answer_id']] = intval($answer_id[$m['logansw_answer_id']]);
if ($answer_id[$m['logansw_answer_id']] == -1) {
// unanswered
$answer_score += $question_unanswered_score;
} elseif (F_getBoolean($m['answer_isright']) and $answer_id[$m['logansw_answer_id']] == 1) {
// right (selected)
$unanswered = false;
$answer_score += $question_right_score;
} elseif (!F_getBoolean($m['answer_isright']) and $answer_id[$m['logansw_answer_id']] == 0) {
// right (unselected)
$unanswered = false;
$answer_score += $question_right_score;
} else {
// wrong
$unanswered = false;
$answer_score += $question_wrong_score;
}
if ($m['logansw_selected'] != $answer_id[$m['logansw_answer_id']]) {
$answer_changed = true;
}
$sqlu .= ' logansw_selected=' . $answer_id[$m['logansw_answer_id']] . '';
} else {
// unselected checkbox
$unanswered = false;
if (F_getBoolean($m['answer_isright'])) {
$answer_score += $question_wrong_score;
} else {
$answer_score += $question_right_score;
}
if ($m['logansw_selected'] != 0) {
$answer_changed = true;
}
$sqlu .= ' logansw_selected=0';
}
break;
case 4:
// ORDER
if (isset($answer_id[$m['logansw_answer_id']]) and $answer_id[$m['logansw_answer_id']] > 0) {
// selected
$unanswered = false;
$answer_id[$m['logansw_answer_id']] = intval($answer_id[$m['logansw_answer_id']]);
if ($answer_id[$m['logansw_answer_id']] == $m['answer_position']) {
$answer_score += $question_right_score;
} else {
$answer_score += $question_wrong_score;
}
if ($answer_id[$m['logansw_answer_id']] != $m['logansw_position']) {
$answer_changed = true;
}
$sqlu .= ' logansw_position=' . $answer_id[$m['logansw_answer_id']] . ', logansw_selected=1';
} else {
// unanswered
$answer_score += $question_unanswered_score;
if ($m['logansw_position'] > 0) {
$answer_changed = true;
}
$sqlu .= ' logansw_selected=-1, logansw_position=0';
}
break;
}
// end of switch
$sqlu .= ' WHERE logansw_testlog_id=' . $testlog_id . ' AND logansw_answer_id=' . $m['logansw_answer_id'] . '';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error();
return false;
}
}
if ($question_type > 1) {
// normalize score
if (F_getBoolean($testdata['test_mcma_partial_score'])) {
// use partial scoring for MCMA and ORDER questions
$answer_score = round($answer_score / $num_answers, 3);
} else {
// all-or-nothing points
if ($answer_score >= $question_right_score * $num_answers) {
// right
$answer_score = $question_right_score;
} elseif ($answer_score == $question_unanswered_score * $num_answers) {
// unanswered
$answer_score = $question_unanswered_score;
} else {
// wrong
$answer_score = $question_wrong_score;
}
}
}
} else {
F_display_db_error();
return false;
}
}
// update log if answer is changed
if ($answer_changed or $oldtext != $answer_text) {
if (strlen($answer_text) > 0) {
$unanswered = false;
$answer_score = 'NULL';
// check exact answers score
$sql = 'SELECT *
FROM ' . K_TABLE_ANSWERS . '
WHERE answer_question_id=' . $question_id . '
AND answer_enabled=\'1\'
AND answer_isright=\'1\'';
if ($r = F_db_query($sql, $db)) {
while ($m = F_db_fetch_array($r)) {
if (strcasecmp(trim($answer_text), $m['answer_description']) == 0) {
$answer_score += $question_right_score;
break;
}
}
} else {
F_display_db_error();
return false;
}
}
if ($unanswered) {
$change_time = '';
} else {
$change_time = date(K_TIMESTAMP_FORMAT);
}
$sqlu = 'UPDATE ' . K_TABLE_TESTS_LOGS . ' SET';
$sqlu .= ' testlog_answer_text=' . F_empty_to_null($answer_text) . ',';
$sqlu .= ' testlog_score=' . $answer_score . ',';
$sqlu .= ' testlog_change_time=' . F_empty_to_null($change_time) . ',';
$sqlu .= ' testlog_reaction_time=' . intval($reaction_time) . ',';
$sqlu .= ' testlog_user_ip=\'' . getNormalizedIP($_SERVER['REMOTE_ADDR']) . '\'';
$sqlu .= ' WHERE testlog_id=' . $testlog_id . '';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error();
return false;
}
}
return true;
}
/**
* Sets the end element handler function for the XML parser parser.end_element_handler.
* @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
* @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
* @private
*/
private function endElementHandler($parser, $name)
{
global $l, $db;
require_once '../config/tce_config.php';
require_once 'tce_functions_user_select.php';
switch (strtolower($name)) {
case 'name':
case 'password':
case 'email':
case 'regdate':
case 'ip':
case 'firstname':
case 'lastname':
case 'birthdate':
case 'birthplace':
case 'regnumber':
case 'ssn':
case 'level':
case 'verifycode':
$this->current_data = F_escape_sql(F_xml_to_text($this->current_data));
$this->user_data[$this->current_element] = $this->current_data;
$this->current_element = '';
$this->current_data = '';
break;
case 'group':
$group_name = F_escape_sql(F_xml_to_text($this->current_data));
// check if group already exist
$sql = 'SELECT group_id
FROM ' . K_TABLE_GROUPS . '
WHERE group_name=\'' . $group_name . '\'
LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
// the group has been already added
$this->group_data[] = $m['group_id'];
} else {
// add new group
$sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
group_name
) VALUES (
\'' . $group_name . '\'
)';
if (!($ri = F_db_query($sqli, $db))) {
F_display_db_error(false);
} else {
$this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
}
}
} else {
F_display_db_error();
}
break;
case 'user':
// insert users
if (!empty($this->user_data['user_name'])) {
if (empty($this->user_data['user_regdate'])) {
$this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT);
}
if (empty($this->user_data['user_ip'])) {
$this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
}
if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) {
$this->user_data['user_level'] = 1;
}
if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
// you cannot edit a user with a level equal or higher than yours
$this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']);
// non-administrator can access only to his/her groups
if (empty($this->group_data)) {
break;
}
$common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data);
if (empty($common_groups)) {
break;
}
}
// check if user already exist
$sql = 'SELECT user_id,user_level
FROM ' . K_TABLE_USERS . '
WHERE user_name=\'' . $this->user_data['user_name'] . '\'
OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\'
OR user_ssn=\'' . $this->user_data['user_ssn'] . '\'
LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
// the user has been already added
$user_id = $m['user_id'];
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) {
//update user data
$sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
user_regdate=\'' . $this->user_data['user_regdate'] . '\',
user_ip=\'' . $this->user_data['user_ip'] . '\',
user_name=\'' . $this->user_data['user_name'] . '\',
user_email=' . F_empty_to_null($this->user_data['user_email']) . ',';
// update password only if it is specified
if (!empty($this->user_data['user_password'])) {
$sqlu .= ' user_password=\'' . md5($this->user_data['user_password']) . '\',';
}
$sqlu .= '
user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ',
user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ',
user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ',
user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ',
user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ',
user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ',
user_level=\'' . $this->user_data['user_level'] . '\',
user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . '
WHERE user_id=' . $user_id . '';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error(false);
return FALSE;
}
} else {
// no user is updated, so empty groups
$this->group_data = array();
}
} else {
// add new user
$sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' (
user_regdate,
user_ip,
user_name,
user_email,
user_password,
user_regnumber,
user_firstname,
user_lastname,
user_birthdate,
user_birthplace,
user_ssn,
user_level,
user_verifycode
) VALUES (
' . F_empty_to_null($this->user_data['user_regdate']) . ',
\'' . $this->user_data['user_ip'] . '\',
\'' . $this->user_data['user_name'] . '\',
' . F_empty_to_null($this->user_data['user_email']) . ',
\'' . md5($this->user_data['user_password']) . '\',
' . F_empty_to_null($this->user_data['user_regnumber']) . ',
' . F_empty_to_null($this->user_data['user_firstname']) . ',
' . F_empty_to_null($this->user_data['user_lastname']) . ',
' . F_empty_to_null($this->user_data['user_birthdate']) . ',
' . F_empty_to_null($this->user_data['user_birthplace']) . ',
' . F_empty_to_null($this->user_data['user_ssn']) . ',
\'' . $this->user_data['user_level'] . '\',
' . F_empty_to_null($this->user_data['user_verifycode']) . '
)';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error(false);
return FALSE;
} else {
$user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
}
}
} else {
F_display_db_error(false);
return FALSE;
}
// user's groups
if (!empty($this->group_data)) {
while (list($key, $group_id) = each($this->group_data)) {
// check if user-group already exist
$sqls = 'SELECT *
FROM ' . K_TABLE_USERGROUP . '
WHERE usrgrp_group_id=\'' . $group_id . '\'
AND usrgrp_user_id=\'' . $user_id . '\'
LIMIT 1';
if ($rs = F_db_query($sqls, $db)) {
if (!($ms = F_db_fetch_array($rs))) {
// associate group to user
$sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
usrgrp_user_id,
usrgrp_group_id
) VALUES (
' . $user_id . ',
' . $group_id . '
)';
if (!($rg = F_db_query($sqlg, $db))) {
F_display_db_error(false);
return FALSE;
}
}
} else {
F_display_db_error(false);
return FALSE;
}
}
}
}
break;
default:
break;
}
}
/**
* This method handles logout requests.
* @param $check_client true to check the client bofore handling the request,
* false not to perform any access control. True by default.
* @param $allowed_clients an array of host names allowed to send logout requests.
* By default, only the CAs server (declared in the constructor) will be allowed.
* @public
*/
function handleLogoutRequests($check_client = true, $allowed_clients = false)
{
phpCAS::traceBegin();
if (!$this->isLogoutRequest()) {
phpCAS::log("Not a logout request");
phpCAS::traceEnd();
return;
}
phpCAS::log("Logout requested");
phpCAS::log("SAML REQUEST: " . $_POST['logoutRequest']);
if ($check_client) {
if (!$allowed_clients) {
$allowed_clients = array($this->getServerHostname());
}
$client_ip = getNormalizedIP($_SERVER['REMOTE_ADDR']);
$client = gethostbyaddr($client_ip);
phpCAS::log("Client: " . $client);
$allowed = false;
foreach ($allowed_clients as $allowed_client) {
if ($client == $allowed_client) {
phpCAS::log("Allowed client '" . $allowed_client . "' matches, logout request is allowed");
$allowed = true;
break;
} else {
phpCAS::log("Allowed client '" . $allowed_client . "' does not match");
}
}
if (!$allowed) {
phpCAS::error("Unauthorized logout request from client '" . $client . "'");
printf("Unauthorized!");
phpCAS::traceExit();
exit;
}
} else {
phpCAS::log("No access control set");
}
// Extract the ticket from the SAML Request
preg_match("|<samlp:SessionIndex>(.*)</samlp:SessionIndex>|", $_POST['logoutRequest'], $tick, PREG_OFFSET_CAPTURE, 3);
$wrappedSamlSessionIndex = preg_replace('|<samlp:SessionIndex>|', '', $tick[0][0]);
$ticket2logout = preg_replace('|</samlp:SessionIndex>|', '', $wrappedSamlSessionIndex);
phpCAS::log("Ticket to logout: " . $ticket2logout);
$session_id = preg_replace('/[^\\w]/', '', $ticket2logout);
phpCAS::log("Session id: " . $session_id);
// fix New session ID
session_id($session_id);
$_COOKIE[session_name()] = $session_id;
$_GET[session_name()] = $session_id;
// Overwrite session
session_start();
session_unset();
session_destroy();
printf("Disconnected!");
phpCAS::traceExit();
exit;
}
