/** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int User ID * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <*****@*****.**> */ function login_user($user_id) { $user_id = intval($user_id); $user_info = api_get_user_info($user_id); // Check if the user is allowed to 'login_as' $can_login_as = api_can_login_as($user_id); if (!$can_login_as) { return false; } //Load $_user to be sure we clean it before logging in global $uidReset, $loginFailed, $_user; $main_user_table = Database::get_main_table(TABLE_MAIN_USER); $main_admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); $track_e_login_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); unset($_user['user_id']); // uid not in session ? prevent any hacking $firstname = $user_info['firstname']; $lastname = $user_info['lastname']; $user_id = $user_info['user_id']; //$message = "Attempting to login as ".api_get_person_name($firstname, $lastname)." (id ".$user_id.")"; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $user_id); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $user_id); } $loginFailed = false; $uidReset = false; if ($user_id) { // a uid is given (log in succeeded) $sql_query = "SELECT user.*, a.user_id is_admin,\n\t\t\tUNIX_TIMESTAMP(login.login_date) login_date\n\t\t\tFROM {$main_user_table}\n\t\t\tLEFT JOIN {$main_admin_table} a\n\t\t\tON user.user_id = a.user_id\n\t\t\tLEFT JOIN {$track_e_login_table} login\n\t\t\tON user.user_id = login.login_user_id\n\t\t\tWHERE user.user_id = '" . $user_id . "'\n\t\t\tORDER BY login.login_date DESC LIMIT 1"; $sql_result = Database::query($sql_query); if (Database::num_rows($sql_result) > 0) { // Extracting the user data $user_data = Database::fetch_array($sql_result); //Delog the current user LoginDelete($_SESSION["_user"]["user_id"]); // Cleaning session variables unset($_SESSION['_user']); unset($_SESSION['is_platformAdmin']); unset($_SESSION['is_allowedCreateCourse']); unset($_SESSION['_uid']); $_user['firstName'] = $user_data['firstname']; $_user['lastName'] = $user_data['lastname']; $_user['mail'] = $user_data['email']; $_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $user_data['official_code']; $_user['picture_uri'] = $user_data['picture_uri']; $_user['user_id'] = $user_data['user_id']; $_user['status'] = $user_data['status']; $is_platformAdmin = (bool) (!is_null($user_data['is_admin'])); $is_allowedCreateCourse = (bool) ($user_data['status'] == 1); // Filling session variables with new data $_SESSION['_uid'] = $user_id; $_SESSION['_user'] = $_user; $_SESSION['is_platformAdmin'] = $is_platformAdmin; $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse; $_SESSION['login_as'] = true; // will be useful later to know if the user is actually an admin or not (example reporting)s $target_url = api_get_path(WEB_PATH) . "user_portal.php"; $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>'); Display::display_header(get_lang('UserList')); Display::display_normal_message($message, false); Display::display_footer(); exit; } else { exit("<br />WARNING UNDEFINED UID !! "); } } }
/** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int $userId * * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <*****@*****.**> */ function loginUser($userId) { $userId = intval($userId); $userInfo = api_get_user_info($userId); // Check if the user is allowed to 'login_as' $canLoginAs = api_can_login_as($userId); if (!$canLoginAs || empty($userInfo)) { return false; } $firstname = $userInfo['firstname']; $lastname = $userInfo['lastname']; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $userId); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $userId); } if ($userId) { // Logout the current user LoginDelete(api_get_user_id()); Session::erase('_user'); Session::erase('is_platformAdmin'); Session::erase('is_allowedCreateCourse'); Session::erase('_uid'); // Cleaning session variables $_user['firstName'] = $userInfo['firstname']; $_user['lastName'] = $userInfo['lastname']; $_user['mail'] = $userInfo['email']; //$_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $userInfo['official_code']; $_user['picture_uri'] = $userInfo['picture_uri']; $_user['user_id'] = $userId; $_user['id'] = $userId; $_user['status'] = $userInfo['status']; // Filling session variables with new data Session::write('_uid', $userId); Session::write('_user', $userInfo); Session::write('is_platformAdmin', (bool) UserManager::is_admin($userId)); Session::write('is_allowedCreateCourse', (bool) ($userInfo['status'] == 1)); // will be useful later to know if the user is actually an admin or not (example reporting) Session::write('login_as', true); $target_url = api_get_path(WEB_PATH) . "user_portal.php"; $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>'); Display::display_header(get_lang('UserList')); Display::display_normal_message($message, false); Display::display_footer(); exit; } }
/** * This function handles the logout and is called whenever there is a $_GET['logout'] * @return void Directly redirects the user or leaves him where he is, but doesn't return anything * @author Fernando P. García <*****@*****.**> */ function online_logout($user_id = null, $logout_redirect = false) { global $_configuration, $extAuthSource; // Database table definition $tbl_track_login = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); if (empty($user_id)) { $user_id = intval($_GET['uid']); } //Changing global chat status to offline if (api_is_global_chat_enabled()) { $chat = new Chat(); $chat->set_user_status(0); } // selecting the last login of the user $sql_last_connection="SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$user_id' ORDER BY login_date DESC LIMIT 0,1"; $q_last_connection=Database::query($sql_last_connection); if (Database::num_rows($q_last_connection)>0) { $i_id_last_connection=Database::result($q_last_connection,0,"login_id"); } if (!isset($_SESSION['login_as'])) { $current_date = api_get_utc_datetime(); $s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'"; Database::query($s_sql_update_logout_date); } LoginDelete($user_id); //from inc/lib/online.inc.php - removes the "online" status //the following code enables the use of an external logout function. //example: define a $extAuthSource['ldap']['logout']="file.php" in configuration.php // then a function called ldap_logout() inside that file // (using *authent_name*_logout as the function name) and the following code // will find and execute it $uinfo = api_get_user_info($user_id); if (($uinfo['auth_source'] != PLATFORM_AUTH_SOURCE) && is_array($extAuthSource)) { if (is_array($extAuthSource[$uinfo['auth_source']])) { $subarray = $extAuthSource[$uinfo['auth_source']]; if (!empty($subarray['logout']) && file_exists($subarray['logout'])) { require_once($subarray['logout']); $logout_function = $uinfo['auth_source'].'_logout'; if (function_exists($logout_function)) { $logout_function($uinfo); } } } } require_once api_get_path(SYS_PATH) . 'main/chat/chat_functions.lib.php'; exit_of_chat($user_id); session_regenerate_id(); Session::destroy(); if ($logout_redirect) { header("Location: index.php"); return; } }