Source for file local.inc.php
Documentation is available at local.inc.php
============================================================================== Dokeos - elearning and course management software Copyright (c) 2004-2008 Dokeos SPRL Copyright (c) 2003-2005 Ghent University (UGent) Copyright (c) 2001 Universite catholique de Louvain (UCL) Copyright (c) Hugues Peeters Copyright (c) Roan Embrechts (Vrije Universiteit Brussel) Copyright (c) Patrick Cool For a full list of contributors, see "credits.txt". The full license can be read in "license.txt". This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See the GNU General Public License for more details. Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium ============================================================================== ============================================================================== * This script initializes and manages Dokeos session information. It * keeps available session information up to date. * You can request a course id. It will check if the course Id requested is the * same as the current one. If it isn't it will update session information from * the database. You can also force the course reset if you want ($cidReset). * All the course information is stored in the $_course array. * You can request a group id. The script will check if the group id requested is the * same as the current one. If it isn't it will update session information from * the database. You can also force the course reset if you want ($gidReset). The course id is stored in $_cid session variable. * The group id is stored in $_gid session variable. * VARIABLES AFFECTING THE SCRIPT BEHAVIOR * string $cidReq : course id requested * boolean $cidReset : ask for a course Reset, if no $cidReq is provided in the * same time, all course informations is removed from the * int $gidReq : group Id requested * boolean $gidReset : ask for a group Reset, if no $gidReq is provided in the * same time, all group informations is removed from the * VARIABLES SET AND RETURNED BY THE SCRIPT * All the variables below are set and returned by this script. * string $_user ['firstName' ] * string $_user ['lastName' ] * string $_user ['mail' ] * string $_user ['lastLogin' ] * string $_user ['official_code'] * string $_user ['picture_uri' ] * string $_user['user_id'] * boolean $is_platformAdmin * boolean $is_allowedCreateCourse * string $_cid (the course id) * int $_course['id' ] - auto-assigned integer * string $_course['name' ] - the title of the course * string $_course['official_code'] - the visual / fake / official code * string $_course['sysCode' ] * string $_course['path' ] * string $_course['dbName' ] * string $_course['dbNameGlu' ] * string $_course['titular' ] * string $_course['language' ] * string $_course['extLink' ]['url' ] * string $_course['extLink' ]['name'] * string $_course['categoryCode'] * string $_course['categoryName'] * boolean $is_courseMember * boolean $is_courseTutor * boolean $is_courseAdmin * int $_gid (the group id) * IMPORTANT ADVICE FOR DEVELOPERS * We strongly encourage developers to use a connection layer at the top of * their scripts rather than use these variables, as they are, inside the core * of their scripts. It will make code maintenance much easier. * Many if the functions you need you can already find in the * We encourage you to use functions to access these global "kernel" variables. * You can add them to e.g. the main API library. * 1. The script determines if there is an authentication attempt. This part * only chek if the login name and password are valid. Afterwards, it set the * $_user['user_id'] (user id) and the $uidReset flag. Other user informations are retrieved * later. It's also in this section that optional external authentication * 2. The script determines what other session informations have to be set or * reset, setting correctly $cidReset (for course) and $gidReset (for group). * 3. If needed, the script retrieves the other user informations (first name, * last name, ...) and stores them in session. * 4. If needed, the script retrieves the course information and stores them * 5. The script initializes the user permission status and permission for the * 6. If needed, the script retrieves group informations an store them in * 7. The script initializes the user status and permission for the group level. * @package dokeos.include ============================================================================== ============================================================================== variables should be initialised here ============================================================================== // parameters passed via GET $logout = isset ($_GET["logout"]) ? $_GET["logout"] : ''; //this fixes some problems with generic functionalities like //My Agenda & What's New icons linking to courses // $cidReq can be set in the index.php file of a course-area // $cidReq can be set in URL-parameter // $cidReset can be set in URL-parameter $cidReset = isset ($_GET["cidReq"])&& $_GET["cidReq"]!= $_SESSION['_cid'] ? Database::escape_string($_GET["cidReq"]) : $cidReset; $gidReset = isset ($gidReset) ? $gidReset : ''; // $gidReset can be set in URL-parameter // parameters passed via POST $login = isset ($_POST["login"]) ? $_POST["login"] : ''; // passed through other means //$cidReq -- passed from course folder index.php ============================================================================== ============================================================================== if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) // uid is in session => login already done, continue with this value $_user['user_id'] = $_SESSION['_user']['user_id']; if (isset ($_user['user_id'])){ unset ($_user['user_id']); } if(isset ($_POST['login']) && isset ($_POST['password'])) // $login && $password are given to log in $login = $_POST['login']; $password = $_POST['password']; //lookup the user in the main database $sql = "SELECT user_id, username, password, auth_source, active, expiration_date //the authentification of this user is managed by Dokeos itself // determine if the password needs to be encrypted before checking // $userPasswordCrypted is set in an external configuration file if ($userPasswordCrypted) $password = md5($password); // check the user's password if ($password == $uData['password'] AND (trim($login) == $uData['username'])) // check if the account is active (not locked) if ($uData['active']== '1') // check if the expiration date has not been reached if ($uData['expiration_date']> date('Y-m-d H:i:s') OR $uData['expiration_date']== '0000-00-00 00:00:00') $_user['user_id'] = $uData['user_id']; include(api_get_path(LIBRARY_PATH). "events.lib.inc.php"); else // login failed: username or password incorrect if (isset ($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) //first login for a not self registred //e.g. registered by a teacher //do nothing (code may be added later) elseif(!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login'])) * Process external authentication * on the basis of the given login name $loginFailed = true; // Default initialisation. It could // change after the external authentication $key = $uData['auth_source']; //'ldap','shibboleth'... /* >>>>>>>> External authentication modules <<<<<<<<< */ // see configuration.php to define these include_once($extAuthSource[$key]['login']); /* >>>>>>>> External authentication modules <<<<<<<<< */ else // no standard Dokeos login - try external authentification //huh... nothing to do... we shouldn't get here error_log('Dokeos Authentication file '. $extAuthSource[$uData['auth_source']]['login']. ' could not be found - this might prevent your system from doing the corresponding authentication process',0); if(!empty($_SESSION['request_uri'])) $req = $_SESSION['request_uri']; unset ($_SESSION['request_uri']); else // login failed, mysql_num_rows($result) <= 0 $loginFailed = true; // Default initialisation. It could // change after the external authentication * there is no entry for the $login user in the Dokeos * database. This also means there is no auth_source for the user. * We let all external procedures attempt to add him/her * Process external login on the basis * of the authentication source list * provided by the configuration settings. * If the login succeeds, for going further, * Dokeos needs the $_user['user_id'] variable to be * set and registered in the session. It's the * responsability of the external login script * to provide this $_user['user_id']. foreach($extAuthSource as $thisAuthSource) if(!empty($thisAuthSource['newUser']) && file_exists($thisAuthSource['newUser'])) include_once($thisAuthSource['newUser']); error_log('Dokeos Authentication file '. $thisAuthSource['newUser']. ' could not be found - this might prevent your system from using the authentication process in the user creation process',0); } //end if is_array($extAuthSource) } //end else login failed if(!empty($_POST['openid_url'])) include('main/auth/openid/login.php'); //this last function should trigger a redirect, so we can die here safely die('Openid login redirection should be in progress'); elseif(!empty($_GET['openid_identity'])) { //it's usual for PHP to replace '.' (dot) by '_' (underscore) in URL parameters include('main/auth/openid/login.php'); if($res['status'] == 'success') //have another id with or without the final '/' //lookup the user in the main database $sql = "SELECT user_id, username, password, auth_source, active, expiration_date //$row = Database::fetch_array($res); //the authentification of this user is managed by Dokeos itself // check if the account is active (not locked) if ($uData['active']== '1') // check if the expiration date has not been reached if ($uData['expiration_date']> date('Y-m-d H:i:s') OR $uData['expiration_date']== '0000-00-00 00:00:00') $_user['user_id'] = $uData['user_id']; include(api_get_path(LIBRARY_PATH). "events.lib.inc.php"); header('Location: index.php?loginFailed=1&error=account_expired'); header('Location: index.php?loginFailed=1&error=account_inactive'); if (isset ($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) //first login for a not self registred //e.g. registered by a teacher //do nothing (code may be added later) //Redirect to the subscription form header('Location: '. api_get_path(WEB_CODE_PATH). 'auth/inscription.php?username='. $res['openid.sreg.nickname']. '&email='. $res['openid.sreg.email']. '&openid='. $res['openid.identity']. '&openid_msg=idnotfound'); // else {} => continue as anonymous user //Now check for anonymous user mode if(isset ($use_anonymous) && $use_anonymous == true) //if anonymous mode is set, then try to set the current user as anonymous //if he doesn't have a login yet //if anonymous mode is not set, then check if this user is anonymous. If it //is, clean it from being anonymous (make him a nobody :-)) // if the requested course is different from the course in session if (!empty($cidReq) && (!isset ($_SESSION['_cid']) or (isset ($_SESSION['_cid']) && $cidReq != $_SESSION['_cid']))) $gidReset = true; // As groups depend from courses, group id is reset // if the requested group is different from the group in session if ($gidReq && $gidReq != $_SESSION['_gid']) ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// if (isset ($uidReset) && $uidReset) // session data refresh requested $is_platformAdmin = false; $is_allowedCreateCourse = false; if (isset ($_user['user_id']) && $_user['user_id']) // a uid is given (log in succeeded) if ($_configuration['tracking_enabled']) $sql = "SELECT `user`.*, `a`.`user_id` `is_admin`, UNIX_TIMESTAMP(`login`.`login_date`) `login_date` LEFT JOIN $admin_table `a` ON `user`.`user_id` = `a`.`user_id` LEFT JOIN `". $_configuration['statistics_database']. "`.`track_e_login` `login` ON `user`.`user_id` = `login`.`login_user_id` WHERE `user`.`user_id` = '". $_user['user_id']. "' ORDER BY `login`.`login_date` DESC LIMIT 1"; $sql = "SELECT `user`.*, `a`.`user_id` `is_admin` LEFT JOIN $admin_table `a` ON `user`.`user_id` = `a`.`user_id` WHERE `user`.`user_id` = '". $_user['user_id']. "'"; // Extracting the user data $_user ['firstName'] = $uData ['firstname' ]; $_user ['lastName' ] = $uData ['lastname' ]; $_user ['mail' ] = $uData ['email' ]; $_user ['lastLogin'] = $uData ['login_date']; $_user ['official_code'] = $uData ['official_code']; $_user ['picture_uri'] = $uData ['picture_uri']; $_user ['user_id'] = $uData ['user_id']; $_user ['language'] = $uData ['language']; $_user ['auth_source'] = $uData ['auth_source']; $_user ['theme'] = $uData ['theme']; $_user ['status'] = $uData ['status']; $is_platformAdmin = (bool) (! is_null( $uData['is_admin'])); $is_allowedCreateCourse = (bool) ($uData ['status'] == 1); //exit("WARNING UNDEFINED UID !! "); else // no uid => logout or Anonymous else // continue with the previous values $_user = $_SESSION['_user']; $is_platformAdmin = $_SESSION['is_platformAdmin']; $is_allowedCreateCourse = $_SESSION['is_allowedCreateCourse']; ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// if (isset ($cidReset) && $cidReset) // course session data refresh requested or empty data $sql = "SELECT `course`.*, `course_category`.`code` `faCode`, `course_category`.`name` `faName` LEFT JOIN $course_cat_table ON `course`.`category_code` = `course_category`.`code` WHERE `course`.`code` = '$cidReq'"; $_course['id' ] = $cData['code' ]; //auto-assigned integer $_course['name' ] = $cData['title' ]; $_course['official_code'] = $cData['visual_code' ]; // use in echo $_course['sysCode' ] = $cData['code' ]; // use as key in db $_course['path' ] = $cData['directory' ]; // use as key in path $_course['dbName' ] = $cData['db_name' ]; // use as key in db list $_course['dbNameGlu' ] = $_configuration['table_prefix'] . $cData['db_name'] . $_configuration['db_glue']; // use in all queries $_course['titular' ] = $cData['tutor_name' ]; $_course['language' ] = $cData['course_language' ]; $_course['extLink' ]['url' ] = $cData['department_url' ]; $_course['extLink' ]['name'] = $cData['department_name']; $_course['categoryCode'] = $cData['faCode' ]; $_course['categoryName'] = $cData['faName' ]; $_course['visibility' ] = $cData['visibility']; $_course['subscribe_allowed'] = $cData['subscribe']; $_course['unubscribe_allowed'] = $cData['unsubscribe']; if($_configuration['tracking_enabled'] && !isset ($_SESSION['login_as'])) //We add a new record in the course tracking table $sql= "INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" . "VALUES('". $_course['official_code']. "', '". $_user['user_id']. "', NOW(), NOW(), '1')"; // if a session id has been given in url, we store the session // Database Table Definitions if(!empty($_GET['id_session'])) $sql = 'SELECT name FROM '. $tbl_session . ' WHERE id="'. $_SESSION['id_session'] . '"'; //exit("WARNING UNDEFINED CID !! "); else // continue with the previous values if(empty($_SESSION['_course']) OR empty($_SESSION['_cid'])) { //no previous values... $_cid = - 1; //set default values that will be caracteristic of being unset $_cid = $_SESSION['_cid' ]; $_course = $_SESSION['_course']; // these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid. // Moreover, if we want to track a course with another session it can be usefull if(!empty($_GET['id_session'])) $sql = 'SELECT name FROM '. $tbl_session . ' WHERE id="'. $_SESSION['id_session'] . '"'; if($_configuration['tracking_enabled'] && !isset ($_SESSION['login_as'])) //We select the last record for the current course in the course tracking table $sql= "SELECT course_access_id FROM $course_tracking_table WHERE user_id=". intval($_user ['user_id']). " ORDER BY login_course_date DESC LIMIT 0,1"; //We update the course tracking table $sql= "UPDATE $course_tracking_table " . "SET logout_course_date = NOW(), " . "WHERE course_access_id=". intval($i_course_access_id); $sql= "INSERT INTO $course_tracking_table(course_code, user_id, login_course_date, logout_course_date, counter)" . "VALUES('". $_course['official_code']. "', '". $_user['user_id']. "', NOW(), NOW(), '1')"; ////////////////////////////////////////////////////////////////////////////// // COURSE / USER REL. INIT ////////////////////////////////////////////////////////////////////////////// if ((isset ($uidReset) && $uidReset) || (isset ($cidReset) && $cidReset)) // session data refresh requested if (isset ($_user['user_id']) && $_user['user_id'] && isset ($_cid) && $_cid) // have keys to search data $sql = "SELECT * FROM $course_user_table WHERE `user_id` = '". $_user['user_id']. "' AND `course_code` = '$cidReq'"; if (mysql_num_rows($result) > 0) // this user have a recorded state for this course $is_courseTutor = (bool) ($cuData['tutor_id' ] == 1 ); $is_courseAdmin = (bool) ($cuData['status'] == 1 ); else // this user has no status related to this course $is_courseMember = false; $is_courseAdmin = (bool) ($is_courseAdmin || $is_platformAdmin); $sql = "SELECT * FROM ". $tbl_course_user. " WHERE `user_id` = '". $_user['user_id']. "' AND `course_code` = '$cidReq'"; if (mysql_num_rows($result) > 0) // this user have a recorded state for this course $_courseUser['role'] = $cuData['role' ]; $is_courseTutor = (bool) ($cuData['tutor_id' ] == 1 ); $is_courseAdmin = (bool) ($cuData['status'] == 1 ); if (!$is_courseAdmin) // this user has no status related to this course // is it the session coach or the session admin ? $sql = "SELECT session.id_coach, session_admin_id FROM ". $tbl_session. " as session INNER JOIN ". $tbl_session_course. " ON session_rel_course.id_session = session.id AND session_rel_course.course_code='$_cid'"; if($row[0]['id_coach']== $_user['user_id']){ $_courseUser['role'] = 'Professor'; $is_sessionAdmin = false; else if($row[0]['session_admin_id']== $_user['user_id']){ $_courseUser['role'] = 'Professor'; $is_courseMember = false; // Check if the current user is the course coach FROM ". $tbl_session_course. " WHERE session_rel_course.course_code='$_cid' AND session_rel_course.id_coach = '". $_user['user_id']. "'"; $_courseUser['role'] = 'Professor'; $is_sessionAdmin = false; $sql= "SELECT status FROM ". $tbl_user. " WHERE user_id = ". $_user['user_id']. ""; // Check if the user is a student is this session $sql = "SELECT * FROM ". $tbl_session_course_user. " WHERE `id_user` = '". $_user['user_id']. "' AND `course_code` = '$cidReq'"; if (mysql_num_rows($result) > 0) // this user have a recorded state for this course $is_sessionAdmin = false; else // keys missing => not anymore in the course - user relation $is_courseMember = false; $is_sessionAdmin = false; //$is_courseAllowed=($_cid && ($_course['visibility'] || $is_courseMember || $is_platformAdmin))?true:false; $is_allowed_in_course = true; $is_allowed_in_course = true; $is_allowed_in_course = true; $is_allowed_in_course = true; else $is_allowed_in_course = false; //api_session_register('is_courseAllowed'); //deprecated old permission var else // continue with the previous values if (isset ($_SESSION ['_courseUser'])) $_courseUser = $_SESSION ['_courseUser']; $is_courseMember = $_SESSION ['is_courseMember' ]; $is_courseAdmin = $_SESSION ['is_courseAdmin' ]; //$is_courseAllowed = $_SESSION ['is_courseAllowed']; //deprecated $is_allowed_in_course = $_SESSION ['is_allowed_in_course']; $is_courseTutor = $_SESSION ['is_courseTutor' ]; $is_courseCoach = $_SESSION ['is_courseCoach' ]; ////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////// if ((isset ($gidReset) && $gidReset) || (isset ($cidReset) && $cidReset)) // session data refresh requested if ($gidReq && $_cid ) // have keys to search data $sql = "SELECT * FROM $group_table WHERE `id` = '$gidReq'"; if (mysql_num_rows($result) > 0) // This group has recorded status related to this course exit("WARNING UNDEFINED GID !! "); elseif(isset ($_SESSION['_gid']) or isset ($_gid)) // Keys missing => not anymore in the group - course relation elseif(isset ($_SESSION['_gid'])) // continue with the previous values $_gid = $_SESSION ['_gid' ]; { //if no previous value, assign caracteristic undefined value //set variable according to student_view_enabled choices if (isset ($_GET['isStudentView'])) if ($_GET['isStudentView'] == 'true') if (isset ($_SESSION['studentview'])) if (!empty($_SESSION['studentview'])) // switching to studentview $_SESSION['studentview'] = 'studentview'; elseif ($_GET['isStudentView'] == 'false') if (isset ($_SESSION['studentview'])) if (!empty($_SESSION['studentview'])) // switching to teacherview $_SESSION['studentview'] = 'teacherview'; elseif (!empty($_SESSION['studentview'])) //all is fine, no change to that, obviously elseif (empty($_SESSION['studentview'])) // We are in teacherview here $_SESSION['studentview'] = 'teacherview'; $sql= "UPDATE $tbl_course SET last_visit=NOW() WHERE code='$_cid'";
|
