/** * Create a Shibboleth session for the user ID * * @param string $uid - The user ID * @return $_user (array) - The user infos array created when the user logs in */ function login($uid) { /* This must be set for local.inc.php to register correctly the global variables in session * This is BAD. Logic should be migrated into a function and stop relying on global variables. */ global $_uid, $is_allowedCreateCourse, $_real_cid, $_courseUser; global $is_courseMember, $is_courseTutor, $is_allowed_in_course, $_gid; $_uid = $uid; //is_allowedCreateCourse $user = User::store()->get_by_user_id($uid); if (empty($user)) { return; } $this->logout(); Chamilo::session()->start(); Session::write('_uid', $_uid); global $_user; $_user = (array) $user; $_SESSION['_user'] = $_user; $_SESSION['_user']['user_id'] = $_uid; $_SESSION['noredirection'] = true; //must be called before 'init_local.inc.php' event_login(); //used in 'init_local.inc.php' this is BAD but and should be changed $loginFailed = false; $uidReset = true; $gidReset = true; $cidReset = false; //FALSE !! $mainDbName = Database::get_main_database(); $includePath = api_get_path(INCLUDE_PATH); $no_redirection = true; require "{$includePath}/local.inc.php"; return $_user; }
} $values = api_get_user_info($user_id); } /* SESSION REGISTERING */ /* @todo move this in a function */ $_user['firstName'] = stripslashes($values['firstname']); $_user['lastName'] = stripslashes($values['lastname']); $_user['mail'] = $values['email']; $_user['language'] = $values['language']; $_user['user_id'] = $user_id; $is_allowedCreateCourse = isset($values['status']) && $values['status'] == 1; $usersCanCreateCourse = api_get_setting('allow_users_to_create_courses') == 'true'; Session::write('_user', $_user); Session::write('is_allowedCreateCourse', $is_allowedCreateCourse); // Stats event_login(); // last user login date is now $user_last_login_datetime = 0; // used as a unix timestamp it will correspond to : 1 1 1970 Session::write('user_last_login_datetime', $user_last_login_datetime); $recipient_name = api_get_person_name($values['firstname'], $values['lastname']); $text_after_registration = '<p>' . get_lang('Dear', null, $_user['language']) . ' ' . stripslashes(Security::remove_XSS($recipient_name)) . ',<br /><br />' . get_lang('PersonalSettings', null, $_user['language']) . ".</p>"; $form_data = array('button' => Display::button('next', get_lang('Next', null, $_user['language']), array('class' => 'btn btn-primary btn-large')), 'message' => null, 'action' => api_get_path(WEB_PATH) . 'user_portal.php'); if (api_get_setting('allow_terms_conditions') == 'true' && $user_already_registered_show_terms) { $form_data['action'] = api_get_path(WEB_PATH) . 'user_portal.php'; } else { if (!empty($values['email'])) { $text_after_registration .= '<p>' . get_lang('MailHasBeenSent', null, $_user['language']) . '.</p>'; } if ($is_allowedCreateCourse) { if ($usersCanCreateCourse) {
/** * Validates the received active connection data with the database * @return bool Return the loginFailed variable value to local.inc.php */ public function check_user() { global $_user; $loginFailed = false; //change the way we recover the cookie depending on how it is formed $sso = $this->decode_cookie($_GET['sso_cookie']); //error_log('check_user'); //error_log('sso decode cookie: '.print_r($sso,1)); //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { //error_log('user exists'); $uData = Database::fetch_array($result); //Check the user's password if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { //This user's authentification is managed by Chamilo itself // check the user's password // password hash comes already parsed in sha1, md5 or none /* error_log($sso['secret']); error_log($uData['password']); error_log($sso['username']); error_log($uData['username']); */ global $_configuration; // Two possible authentication methods here: legacy using password // and new using a temporary, session-fixed, tempkey if ($sso['username'] == $uData['username'] && $sso['secret'] === sha1($uData['username'] . Session::read('tempkey') . $_configuration['security_key']) or $sso['secret'] === sha1($uData['password']) && $sso['username'] == $uData['username']) { //error_log('user n password are ok'); //Check if the account is active (not locked) if ($uData['active'] == '1') { // check if the expiration date has not been reached if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') { //If Multiple URL is enabled if (api_get_multiple_access_url()) { //Check the access_url configuration setting if // the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); // my user is subscribed in these //sites: $my_url_list $my_url_list = api_get_access_url_from_user($uData['user_id']); } else { $current_access_url_id = 1; $my_url_list = array(1); } $my_user_is_admin = UserManager::is_admin($uData['user_id']); if ($my_user_is_admin === false) { if (is_array($my_url_list) && count($my_url_list) > 0) { if (in_array($current_access_url_id, $my_url_list)) { // the user has permission to enter at this site $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); Session::write('_user', $_user); event_login(); // Redirect to homepage $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . '.index.php'; header('Location: ' . $sso_target); exit; } else { // user does not have permission for this site $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } else { // there is no URL in the multiple // urls list for this user $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } else { //Only admins of the "main" (first) Chamilo // portal can login wherever they want if (in_array(1, $my_url_list)) { //Check if this admin is admin on the // principal portal $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); $is_platformAdmin = $uData['status'] == COURSEMANAGER; Session::write('is_platformAdmin', $is_platformAdmin); Session::write('_user', $_user); event_login(); } else { //Secondary URL admin wants to login // so we check as a normal user if (in_array($current_access_url_id, $my_url_list)) { $_user['user_id'] = $uData['user_id']; $_user = api_get_user_info($_user['user_id']); Session::write('_user', $_user); event_login(); } else { $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive'); exit; } } } } else { // user account expired $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired'); exit; } } else { //User not active $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive'); exit; } } else { //SHA1 of password is wrong $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password'); exit; } } else { //Auth_source is wrong $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source'); exit; } } else { //No user by that login $loginFailed = true; Session::erase('_uid'); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found'); exit; } return $loginFailed; }