示例#1
0
 * For licensing terms, see /license.txt
 *
 * Allow the user to login to a course after reaching a course URL (e.g. http://chamilo.chamilo.org/courses/MYCOURSE/?id_session=0 )
 * See https://support.chamilo.org/issues/6768
 *
 * Author : hubert.borderiou@grenet.fr
 *
 */
require '../inc/global.inc.php';
require_once api_get_path(SYS_PATH) . 'main/auth/cas/authcas.php';
$msg = null;
if (isset($_GET['firstpage'])) {
    $firstpage = $_GET['firstpage'];
    // if course is public, go to course without auth
    $tab_course_info = api_get_course_info($firstpage);
    api_set_firstpage_parameter($firstpage);
    $tpl = new Template(null, 1, 1);
    $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']);
    $action = str_replace('&', '&', $action);
    $form = new FormValidator('formLogin', 'post', $action, null, array('class' => 'form-stacked'));
    $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'span3 autocapitalize_off'));
    //new
    $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'span3'));
    //new
    $form->addElement('style_submit_button', 'submitAuth', get_lang('LoginEnter'), array('class' => 'btn span3'));
    // see same text in main_api.lib.php function api_not_allowed
    if (api_is_cas_activated()) {
        $msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
        $msg .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_id()) . "'>" . getCASLogoHTML() . " " . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center'));
        $msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
        $msg .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>";
示例#2
0
// When loading a chamilo page do not include the hot courses and news
if (!isset($_REQUEST['include'])) {
    if (api_get_setting('show_hot_courses') == 'true') {
        $hot_courses = $controller->return_hot_courses();
    }
    $announcements_block = $controller->return_announcements();
}
$controller->tpl->assign('hot_courses', $hot_courses);
$controller->tpl->assign('announcements_block', $announcements_block);
$controller->tpl->assign('home_page_block', $controller->return_home_page());
$controller->tpl->assign('navigation_course_links', $controller->return_navigation_links());
$controller->tpl->assign('notice_block', $controller->return_notice());
$controller->tpl->assign('main_navigation_block', $controller->return_navigation_links());
$controller->tpl->assign('help_block', $controller->return_help());
if (api_is_platform_admin() || api_is_drh()) {
    $controller->tpl->assign('skills_block', $controller->return_skills_links());
}
if (api_is_anonymous()) {
    $controller->tpl->setLoginBodyClass();
}
// direct login to course
if (isset($_GET['firstpage'])) {
    api_set_firstpage_parameter($_GET['firstpage']);
    // if we are already logged, go directly to course
    if (api_user_is_login()) {
        echo "<script type='text/javascript'>self.location.href='index.php?firstpage=" . Security::remove_XSS($_GET['firstpage']) . "'</script>";
    }
} else {
    api_delete_firstpage_parameter();
}
$controller->tpl->display_two_col_template();
示例#3
0
/**
 * Displays message "You are not allowed here..." and exits the entire script.
 * @param bool   $print_headers    Whether or not to print headers (default = false -> does not print them)
 * @param string $message
 */
function api_not_allowed($print_headers = false, $message = null)
{
    $message = get_lang('NotAllowed');
    throw new Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException($message);
    if (api_get_setting('sso_authentication') === 'true') {
        global $osso;
        if ($osso) {
            $osso->logout();
        }
    }
    $home_url = api_get_path(WEB_PATH);
    $user_id = api_get_user_id();
    $course = api_get_course_id();
    global $this_section;
    if (CustomPages::enabled() && !isset($user_id)) {
        if (empty($user_id)) {
            // Why the CustomPages::enabled() need to be to set the request_uri
            $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
        }
        CustomPages::display(CustomPages::INDEX_UNLOGGED);
    }
    $origin = isset($_GET['origin']) ? $_GET['origin'] : '';
    $msg = null;
    if (isset($message)) {
        $msg = $message;
    } else {
        $msg = Display::return_message(get_lang('NotAllowedClickBack') . '<br/><br/><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a>', 'error', false);
    }
    $msg = Display::div($msg, array('align' => 'center'));
    $show_headers = 0;
    if ($print_headers && $origin != 'learnpath') {
        $show_headers = 1;
    }
    $tpl = new Template(null, $show_headers, $show_headers);
    $tpl->assign('hide_login_link', 1);
    $tpl->assign('content', $msg);
    if ($user_id != 0 && !api_is_anonymous() && (!isset($course) || $course == -1) && empty($_GET['cidReq'])) {
        // if the access is not authorized and there is some login information
        // but the cidReq is not found, assume we are missing course data and send the user
        // to the user_portal
        $tpl->display_one_col_template();
        exit;
    }
    if (!empty($_SERVER['REQUEST_URI']) && (!empty($_GET['cidReq']) || $this_section == SECTION_MYPROFILE || $this_section == SECTION_PLATFORM_ADMIN)) {
        $courseCode = api_get_course_id();
        // Only display form and return to the previous URL if there was a course ID included
        if ($user_id != 0 && !api_is_anonymous()) {
            //if there is a user ID, then the user is not allowed but the session is still there. Say so and exit
            $tpl->assign('content', $msg);
            $tpl->display_one_col_template();
            exit;
        }
        if (!is_null($courseCode)) {
            api_set_firstpage_parameter($courseCode);
        }
        // If the user has no user ID, then his session has expired
        $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']);
        $action = str_replace('&amp;', '&', $action);
        $form = new FormValidator('formLogin', 'post', $action, null, array(), FormValidator::LAYOUT_BOX_NO_LABEL);
        $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'autocapitalize_off'));
        $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password')));
        $form->addButton('submitAuth', get_lang('LoginEnter'), '', 'primary');
        // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (above)
        $content = Display::return_message(get_lang('NotAllowed'), 'error', false);
        if (!empty($courseCode)) {
            $content .= '<h4>' . get_lang('LoginToGoToThisCourse') . '</h4>';
        }
        if (api_is_cas_activated()) {
            $content .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
            $content .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_id()) . "'>" . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center'));
            $content .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
            $content .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>";
            $content .= "<div style='display:none;'>";
        }
        $content .= '<div class="well_login">';
        $content .= $form->return_form();
        $content .= '</div>';
        if (api_is_cas_activated()) {
            $content .= "</div>";
        }
        if (!empty($courseCode)) {
            $content .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a></p>';
        } else {
            $content .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('CampusHomepage') . '</a></p>';
        }
        $tpl->setLoginBodyClass();
        $tpl->assign('content', $content);
        $tpl->display_one_col_template();
        exit;
    }
    if ($user_id != 0 && !api_is_anonymous()) {
        $tpl->display_one_col_template();
        exit;
    }
    $msg = null;
    // The session is over and we were not in a course,
    // or we try to get directly to a private course without being logged
    if (!is_null(api_get_course_int_id())) {
        api_set_firstpage_parameter(api_get_course_id());
        $tpl->setLoginBodyClass();
        $action = api_get_self() . '?' . Security::remove_XSS($_SERVER['QUERY_STRING']);
        $action = str_replace('&amp;', '&', $action);
        $form = new FormValidator('formLogin', 'post', $action, null, array('class' => 'form-stacked'));
        $form->addElement('text', 'login', null, array('placeholder' => get_lang('UserName'), 'class' => 'col-md-3 autocapitalize_off'));
        //new
        $form->addElement('password', 'password', null, array('placeholder' => get_lang('Password'), 'class' => 'col-md-3'));
        //new
        $form->addButtonNext(get_lang('LoginEnter'), 'submitAuth');
        // see same text in auth/gotocourse.php and main_api.lib.php function api_not_allowed (bellow)
        $msg = Display::return_message(get_lang('NotAllowed'), 'error', false);
        $msg .= '<h4>' . get_lang('LoginToGoToThisCourse') . '</h4>';
        if (api_is_cas_activated()) {
            $msg .= Display::return_message(sprintf(get_lang('YouHaveAnInstitutionalAccount'), api_get_setting("Institution")), '', false);
            $msg .= Display::div("<br/><a href='" . get_cas_direct_URL(api_get_course_int_id()) . "'>" . getCASLogoHTML() . " " . sprintf(get_lang('LoginWithYourAccount'), api_get_setting("Institution")) . "</a><br/><br/>", array('align' => 'center'));
            $msg .= Display::return_message(get_lang('YouDontHaveAnInstitutionAccount'));
            $msg .= "<p style='text-align:center'><a href='#' onclick='\$(this).parent().next().toggle()'>" . get_lang('LoginWithExternalAccount') . "</a></p>";
            $msg .= "<div style='display:none;'>";
        }
        $msg .= '<div class="well">';
        $msg .= $form->return_form();
        $msg .= '</div>';
        if (api_is_cas_activated()) {
            $msg .= "</div>";
        }
        $msg .= '<hr/><p style="text-align:center"><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a></p>';
    } else {
        // we were not in a course, return to home page
        $msg = Display::return_message(get_lang('NotAllowed') . '<br/><br/><a href="' . $home_url . '">' . get_lang('ReturnToCourseHomepage') . '</a><br />', 'error', false);
    }
    $tpl->assign('content', $msg);
    $tpl->display_one_col_template();
    exit;
}