| [ Index ] |
|
Code source de Claroline 188 |
1 <?php // $Id: claro_init_local.inc.php,v 1.108.2.11 2007/10/19 09:50:57 mathieu Exp $ 2 if ( count( get_included_files() ) == 1 ) die( '---' ); 3 4 //---------------------------------------------------------------------- 5 // CLAROLINE 6 //---------------------------------------------------------------------- 7 // Copyright (c) 2001-2006 Universite catholique de Louvain (UCL) 8 //---------------------------------------------------------------------- 9 // This program is under the terms of the GENERAL PUBLIC LICENSE (GPL) 10 // as published by the FREE SOFTWARE FOUNDATION. The GPL is available 11 // through the world-wide-web at http://www.gnu.org/copyleft/gpl.html 12 //---------------------------------------------------------------------- 13 // Authors: see 'credits' file 14 //---------------------------------------------------------------------- 15 16 /******************************************************************************* 17 * 18 * SCRIPT PURPOSE 19 * 20 * This script initializes and manages main Claroline session informations. It 21 * keeps available session informations always up to date. 22 * 23 * You can request a course id. It will check if the course Id requested is the 24 * same as the current one. If it isn't it will update session information from 25 * the database. You can also force the course reset if you want ($cidReset). 26 * 27 * All the course informations are store in the $_course array. 28 * 29 * You can request a group id. It will check if the group Id requested is the 30 * same as the current one. If it isn't it will update session information from 31 * the database. You can also force the course reset if you want ($gidReset). 32 * 33 * All the current group information are stored in the $_group array 34 * 35 * The course id is stored in $_cid session variable. 36 * The group id is stored in $_gid session variable. 37 * 38 * 39 * VARIABLES AFFECTING THE SCRIPT BEHAVIOR 40 * 41 * string $login 42 * string $password 43 * boolean $logout 44 * 45 * string $cidReq : course Id requested 46 * boolean $cidReset : ask for a course Reset, if no $cidReq is provided in the 47 * same time, all course informations is removed from the 48 * current session 49 * 50 * int $gidReq : group Id requested 51 * boolean $gidReset : ask for a group Reset, if no $gidReq is provided in the 52 * same time, all group informations is removed from the 53 * current session 54 * 55 * int $tidReq : tool Id requested 56 * boolean $tidReset : ask for a tool reset, if no $tidReq or $tlabelReq is 57 * provided in the same time, all information concerning 58 * the current tool is removed from the current sesssion 59 * 60 * $tlabelReq : more generic call to a tool. Each tool are identified by 61 * a unique id into the course. But tools which are part of 62 * the claroline release have also an generic label. 63 * Tool label and tool id are decoupled. It means that one 64 * can have several token of the same tool with different 65 * settings in the same course. 66 * 67 * VARIABLES SET AND RETURNED BY THE SCRIPT 68 * 69 * Here is resumed below all the variables set and returned by this script. 70 * 71 * USER VARIABLES 72 * 73 * int $_uid (the user id) 74 * 75 * string $_user ['firstName'] 76 * string $_user ['lastName' ] 77 * string $_user ['mail' ] 78 * string $_user ['officialEmail' ] 79 * string $_user ['lastLogin'] 80 * 81 * boolean $is_platformAdmin 82 * boolean $is_allowedCreateCourse 83 * 84 * COURSE VARIABLES 85 * 86 * string $_cid (the course id) 87 * 88 * string $_course['name' ] 89 * string $_course['officialCode'] 90 * string $_course['sysCode' ] 91 * string $_course['path' ] 92 * string $_course['dbName' ] 93 * string $_course['dbNameGlu' ] 94 * string $_course['titular' ] 95 * string $_course['language' ] 96 * string $_course['extLinkUrl' ] 97 * string $_course['extLinkName' ] 98 * string $_course['categoryCode'] 99 * string $_course['categoryName'] 100 * 101 * PROPERTIES IN ALL GROUPS OF THE COURSE 102 * 103 * boolean $_groupProperties ['registrationAllowed'] 104 * boolean $_groupProperties ['private' ] 105 * int $_groupProperties ['nbGroupPerUser' ] 106 * boolean $_groupProperties ['tools'] ['CLFRM'] 107 * boolean $_groupProperties ['tools'] ['CLDOC'] 108 * boolean $_groupProperties ['tools'] ['CLWIKI'] 109 * boolean $_groupProperties ['tools'] ['CLCHT'] 110 * 111 * REL COURSE USER VARIABLES 112 * int $_profileId 113 * string $_courseUser['role'] 114 * boolean $is_courseMember 115 * boolean $is_courseTutor 116 * boolean $is_courseAdmin 117 * 118 * REL COURSE GROUP VARIABLES 119 * 120 * int $_gid (the group id) 121 * 122 * string $_group ['name' ] 123 * string $_group ['description'] 124 * int $_group ['tutorId' ] 125 * int $_group ['forumId' ] 126 * string $_group ['directory' ] 127 * int $_group ['maxMember' ] 128 * 129 * boolean $is_groupMember 130 * boolean $is_groupTutor 131 * boolean $is_groupAllowed 132 * 133 * TOOL VARIABLES 134 * 135 * int $_tid 136 * 137 * string $_courseTool['label' ] 138 * string $_courseTool['name' ] 139 * string $_courseTool['visibility' ] 140 * string $_courseTool['url' ] 141 * string $_courseTool['icon' ] 142 * string $_courseTool['access_manager'] 143 * 144 * REL USER TOOL COURSE VARIABLES 145 * boolean $is_toolAllowed 146 * 147 * LIST OF THE TOOLS AVAILABLE FOR THE CURRENT USER 148 * 149 * int $_courseToolList[]['id' ] 150 * string $_courseToolList[]['label' ] 151 * string $_courseToolList[]['name' ] 152 * string $_courseToolList[]['visibility' ] 153 * string $_courseToolList[]['icon' ] 154 * string $_courseToolList[]['access_manager'] 155 * string $_courseToolList[]['url' ] 156 * 157 * 158 * IMPORTANT ADVICE FOR DEVELOPERS 159 * 160 * We strongly encourage developers to use a connection layer at the top of 161 * their scripts rather than use these variables, as they are, inside the core 162 * of their scripts. It will make Claroline code maintenance much easier. 163 * 164 * For example, a common practice is to connect the user status with action 165 * permission flag at the top of the script like this : 166 * 167 * $is_allowedToEdit = $is_courseAdmin 168 * 169 * 170 * SCRIPT STRUCTURE 171 * 172 * 1. The script determines if there is an authentication attempt. This part 173 * only chek if the login name and password are valid. Afterwards, it set the 174 * $_uid (user id) and the $uidReset flag. Other user informations are retrieved 175 * later. It's also in this section that optional external authentication 176 * devices step in. 177 * 178 * 2. The script determines what other session informations have to be set or 179 * reset, setting correctly $cidReset (for course) and $gidReset (for group). 180 * 181 * 3. If needed, the script retrieves the other user informations (first name, 182 * last name, ...) and stores them in session. 183 * 184 * 4. If needed, the script retrieves the course information and stores them 185 * in session 186 * 187 * 5. The script initializes the user status and permission for current course 188 * 189 * 6. If needed, the script retrieves group informations an store them in 190 * session. 191 * 192 * 7. The script initializes the user status and permission for the current group. 193 * 194 * 8. The script initializes the user status and permission for the current tool 195 * 196 * 9. The script get the list of all the tool available into the current course 197 * for the current user. 198 ******************************************************************************/ 199 200 $extAuthSource = array(); // initialise extAuthSource Array (before include of auth.conf.php) - fix Remote File Inclusion (bug 707) 201 $claro_extauth_sso_system = null; 202 203 require claro_get_conf_repository() . 'auth.drivers.conf.php'; 204 require_once claro_get_conf_repository() . 'auth.sso.conf.php'; 205 require_once claro_get_conf_repository() . 'auth.extra.conf.php'; 206 207 if ( get_conf('claro_extauth_sso_system','cas') != '' ) 208 { 209 $ext_auth_sso_file = realpath(claro_get_conf_repository() . 'auth.' . get_conf('claro_extauth_sso_system','cas') . '.conf.php'); 210 211 if ( file_exists($ext_auth_sso_file) ) 212 { 213 require_once $ext_auth_sso_file; 214 } 215 } 216 217 /*=========================================================================== 218 Set claro_init_local.inc.php variables coming from HTTP request into the 219 global name space. 220 ===========================================================================*/ 221 222 $AllowedPhpRequestList = array('logout', 'uidReset', 223 'cidReset', 'cidReq', 224 'gidReset', 'gidReq', 225 'tidReset', 'tidReq', 'tlabelReq'); 226 227 foreach($AllowedPhpRequestList as $thisPhpRequestName) 228 { 229 // some claroline scripts set these variables before calling 230 // the claro init process. Avoid variable setting if it is the case. 231 232 if ( isset($GLOBALS[$thisPhpRequestName]) ) continue; 233 234 if ( isset($_REQUEST[$thisPhpRequestName] ) ) 235 { 236 $GLOBALS[$thisPhpRequestName] = $_REQUEST[$thisPhpRequestName]; 237 } 238 else 239 { 240 $GLOBALS[$thisPhpRequestName] = null; 241 } 242 } 243 244 $login = isset($_REQUEST['login' ]) ? trim( $_REQUEST['login' ] ) : null; 245 $password = isset($_REQUEST['password']) ? trim( $_REQUEST['password'] ) : null; 246 247 /*=========================================================================== 248 Get table name 249 ===========================================================================*/ 250 251 $tbl_mdb_names = claro_sql_get_main_tbl(); 252 253 $tbl_user = $tbl_mdb_names['user' ]; 254 $tbl_track_e_login = $tbl_mdb_names['track_e_login' ]; 255 $tbl_course = $tbl_mdb_names['course' ]; 256 $tbl_category = $tbl_mdb_names['category' ]; 257 $tbl_rel_course_user = $tbl_mdb_names['rel_course_user']; 258 $tbl_tool = $tbl_mdb_names['tool' ]; 259 $tbl_sso = $tbl_mdb_names['sso' ]; 260 261 /*--------------------------------------------------------------------------- 262 Check authentification 263 ---------------------------------------------------------------------------*/ 264 265 // default variables initialization 266 $claro_loginRequested = false; 267 $claro_loginSucceeded = false; 268 $logout_uid = null; 269 270 if ( !empty($_SESSION['_uid']) && $logout ) 271 { 272 // logout 273 274 // needed to notify that a user has just loggued out 275 $logout_uid = $_SESSION['_uid']; 276 277 // logout from CAS server 278 if ( get_conf('claro_CasEnabled', false) && get_conf('claro_CasGlobalLogout') ) 279 { 280 require get_path('rootSys').'/claroline/auth/extauth/cas/casProcess.inc.php'; 281 } 282 283 session_destroy(); 284 } 285 286 if ( ! empty($_SESSION['_uid']) && ! ($login || $logout) ) 287 { 288 // uid is in session => login already done, continue with this value 289 $_uid = $_SESSION['_uid']; 290 291 if ( !empty($_SESSION['is_platformAdmin']) ) $is_platformAdmin = $_SESSION['is_platformAdmin']; 292 else $is_platformAdmin = false; 293 294 if ( !empty($_SESSION['is_allowedCreateCourse']) ) $is_allowedCreateCourse = $_SESSION['is_allowedCreateCourse']; 295 else $is_allowedCreateCourse = false; 296 } 297 else 298 { 299 $_uid = null; // uid not in session ? prevent any hacking 300 $uidReset = false; 301 302 /* Claroline CAS authentication */ 303 304 if ( get_conf('claro_CasEnabled', false) 305 && isset($_REQUEST['authModeReq']) 306 && $_REQUEST['authModeReq'] == 'CAS' 307 ) 308 { 309 require get_path('rootSys').'/claroline/auth/extauth/cas/casProcess.inc.php'; 310 } 311 312 /* Claroline Shibboleth / Switch AAI */ 313 314 if ( get_conf('claro_ShibbolethEnabled',false) ) 315 { 316 require get_path('rootSys').'/claroline/auth/extauth/shibboleth/shibbolethProcess.inc.php'; 317 } 318 319 /* Claroline LCS */ 320 321 if ( get_conf('claro_LcsEnabled',false) ) 322 { 323 require '/var/www/lcs/includes/headerauth.inc.php'; 324 require '/var/www/Annu/includes/ldap.inc.php'; 325 326 list($lcs_idpers,$lcs_login)= isauth(); 327 328 // force reconnection to claroline database 329 $db = @mysql_connect($dbHost, $dbLogin, $dbPass, false, CLIENT_FOUND_ROWS); 330 331 if (isset($lcs_login)) // LCS is a special case of external authentication 332 { 333 require get_path('rootSys').'/claroline/auth/extauth/lcs/lcsProcess.inc.php'; 334 } 335 } 336 337 if ( $login && $password ) // $login && $password are given to log in 338 { 339 $_SESSION = array(); // frees all session variables currently registered 340 341 $claro_loginRequested = true; 342 343 // lookup the user in the Claroline database 344 $sql = 'SELECT user_id, username, password, authSource 345 FROM `' . $tbl_user . '` 346 WHERE ' 347 . ( get_conf('claro_authUsernameCaseSensitive',true) ? 'BINARY' : '') 348 . ' username = "'. addslashes($login) .'"' 349 ; 350 351 $result = claro_sql_query($sql); 352 353 if ( mysql_num_rows($result) > 0) 354 { 355 while ( ( $uData = mysql_fetch_array($result) ) && ! $claro_loginSucceeded ) 356 { 357 if ( $uData['authSource'] == 'claroline' ) 358 { 359 // the authentification of this user is managed by claroline itself 360 361 // determine first if the password needs to be crypted before checkin 362 // $userPasswordCrypted is set in main configuration file 363 364 if ( get_conf('userPasswordCrypted',false) ) $password = md5($password); 365 366 // check the user's password 367 if ( $password == $uData['password'] ) 368 { 369 $_uid = $uData['user_id']; 370 $uidReset = true; 371 $claro_loginSucceeded = true; 372 } 373 else // abnormal login -> login failed 374 { 375 $_uid = null; 376 $claro_loginSucceeded = false; 377 } 378 } 379 else // no standard claroline login - try external authentification 380 { 381 /* 382 * Process external authentication 383 * on the basis of the given login name 384 */ 385 386 $key = $uData['authSource']; 387 388 $_uid = include_once($extAuthSource[$key]['login']); 389 390 if ( $_uid !== true && $_uid > 0 ) 391 { 392 $uidReset = true; 393 $claro_loginSucceeded = true; 394 } 395 else 396 { 397 $_uid = null; 398 $claro_loginSucceeded = false; 399 } 400 } // end try external authentication 401 } // end while 402 } 403 else // login failed, mysql_num_rows($result) <= 0 404 { 405 $claro_loginSucceeded = false; 406 407 /* 408 * In this section: 409 * there is no entry for the $login user in the claroline database. 410 * This also means there is no authSource for the user. We let all 411 * external procedures attempt to add him/her to the system. 412 * 413 * Process external login on the basis of the authentication sources 414 * list provided by the Claroline configuration settings. 415 * If the login succeeds, for going further, Claroline needs the 416 * $_uid variable to be set and registered in the session. It's the 417 * responsability of the external login script to provide this 418 * $_uid. 419 */ 420 421 if (isset($extAuthSource) && is_array($extAuthSource)) 422 { 423 foreach($extAuthSource as $thisAuthSource) 424 { 425 $_uid = include_once($thisAuthSource['newUser']); 426 427 if ( $_uid !== true && $_uid > 0 ) 428 { 429 $uidReset = true; 430 $claro_loginSucceeded = true; 431 break; 432 } 433 else 434 { 435 $_uid = null; 436 $claro_loginSucceeded = false; 437 } 438 } 439 } //end if is_array($extAuthSource) 440 441 } //end else login failed 442 } // end if $login & password 443 else 444 { 445 $claro_loginRequested = false; 446 } 447 } 448 449 /*--------------------------------------------------------------------------- 450 User initialisation 451 ---------------------------------------------------------------------------*/ 452 453 if ( $uidReset && !empty($_uid) ) // session data refresh requested && uid is given (log in succeeded) 454 { 455 // Update the current session id with a newly generated one ( PHP >= 4.3.2 ) 456 // This function is vital in preventing session fixation attacks 457 // function_exists('session_regenerate_id') && session_regenerate_id(); 458 459 $cidReset = true; 460 $gidReset = true; 461 462 $sql = "SELECT `user`.`prenom` AS firstName , 463 `user`.`nom` AS lastName , 464 `user`.`email` AS `mail` , 465 `user`.`officialEmail` AS `officialEmail` , 466 `user`.`language` , 467 `user`.`isCourseCreator` AS is_courseCreator , 468 `user`.`isPlatformAdmin` AS is_platformAdmin , 469 `user`.`creatorId` AS creatorId , " 470 471 . (get_conf('is_trackingEnabled') 472 ? "UNIX_TIMESTAMP(`login`.`login_date`)" 473 : "DATE_SUB(CURDATE(), INTERVAL 1 DAY)") . " AS lastLogin 474 475 FROM `".$tbl_user."` `user` " 476 477 . (get_conf('is_trackingEnabled') 478 ? "LEFT JOIN `". $tbl_track_e_login ."` `login` 479 ON `user`.`user_id` = `login`.`login_user_id` " 480 : '') 481 482 . "WHERE `user`.`user_id` = ". (int) $_uid 483 484 . (get_conf('is_trackingEnabled') 485 ? " ORDER BY `login`.`login_date` DESC LIMIT 1" 486 : '') 487 ; 488 489 $_user = claro_sql_query_get_single_row($sql); 490 491 /* Claroline Shibboleth / Switch AAI */ 492 493 if ( get_conf('claro_ShibbolethEnabled',false) && isset($_REQUEST['shibbolethLogin']) ) 494 { 495 // track login after user init to display hot items 496 event_login(); 497 } 498 499 if ( is_array($_user) ) 500 { 501 // Extracting the user data 502 503 $is_platformAdmin = (bool) ($_user['is_platformAdmin'] ); 504 $is_allowedCreateCourse = (bool) ($_user['is_courseCreator'] || $is_platformAdmin); 505 506 if ( $_uid != $_user['creatorId'] ) 507 { 508 // first login for a not self registred (e.g. registered by a teacher) 509 // do nothing (code may be added later) 510 $sql = "UPDATE `".$tbl_user."` 511 SET creatorId = user_id 512 WHERE user_id='" . (int)$_uid . "'"; 513 514 claro_sql_query($sql); 515 516 $_SESSION['firstLogin'] = true; 517 } 518 else 519 { 520 $_SESSION['firstLogin'] = false; 521 } 522 523 // RECORD SSO COOKIE 524 // $ssoEnabled set in conf/auth.soo.conf.php 525 526 if ( get_conf('ssoEnabled',false )) 527 { 528 $ssoCookieExpireTime = time() + get_conf('ssoCookiePeriodValidity',3600); 529 $ssoCookieValue = md5( mktime() . rand(100, 1000000) ); 530 531 $sql = "UPDATE `".$tbl_sso."` 532 SET cookie = '".$ssoCookieValue."', 533 rec_time = NOW() 534 WHERE user_id = ". (int) $_uid; 535 536 $affectedRowCount = claro_sql_query_affected_rows($sql); 537 538 if ($affectedRowCount < 1) 539 { 540 $sql = "INSERT INTO `".$tbl_sso."` 541 SET cookie = '".$ssoCookieValue."', 542 rec_time = NOW(), 543 user_id = ". (int) $_uid; 544 545 claro_sql_query($sql); 546 } 547 548 $boolCookie = setcookie(get_conf('ssoCookieName','clarolineSsoCookie'), 549 $ssoCookieValue, 550 $ssoCookieExpireTime, 551 get_conf('ssoCookiePath','/'), 552 get_conf('ssoCookieDomain','sso.claroline.net')); 553 554 // Note. $ssoCookieName, $ssoCookieValussoCookieExpireTime, 555 // $soCookiePath and $ssoCookieDomain are coming from 556 // claroline/inc/conf/auth.conf.php 557 558 } // end if ssoEnabled 559 } 560 else 561 { 562 exit('WARNING UNDEFINED UID !! The requested user doesn\'t exist '); 563 } 564 } 565 elseif ( !empty($_uid) ) // elseif of if($uidReset) continue with the previous values 566 { 567 if ( !empty($_SESSION['_user']) ) $_user = $_SESSION['_user']; 568 else $_user = null; 569 } 570 else 571 { 572 // Anonymous, logout or login failed 573 $_user = null; 574 $_uid = null; 575 $is_platformAdmin = false; 576 $is_allowedCreateCourse = false; 577 } 578 579 580 /*--------------------------------------------------------------------------- 581 Course initialisation 582 ---------------------------------------------------------------------------*/ 583 584 // if the requested course is different from the course in session 585 586 if ( $cidReq && ( !isset($_SESSION['_cid']) || $cidReq != $_SESSION['_cid'] ) ) 587 { 588 $cidReset = true; 589 $gidReset = true; // As groups depend from courses, group id is reset 590 } 591 592 if ( $cidReset ) // course session data refresh requested 593 { 594 if ( $cidReq ) 595 { 596 $_course = claro_get_course_data($cidReq, true); 597 598 if ($_course == false) 599 { 600 claro_die(get_lang('Course %course_code doesn\'t exist', array('%course_code' => htmlspecialchars($cidReq) ))); 601 } 602 603 $_cid = $_course['sysCode']; 604 605 $_groupProperties = claro_get_main_group_properties($_cid); 606 607 if ($_groupProperties == false) claro_die('WARNING !! claro_get_main_group_properties() in INIT FAILED ! '.__LINE__); 608 } 609 else 610 { 611 $_cid = null; 612 $_course = null; 613 614 $_groupProperties ['registrationAllowed'] = false; 615 $_groupProperties ['tools'] ['CLFRM' ] = false; 616 $_groupProperties ['tools'] ['CLDOC' ] = false; 617 $_groupProperties ['tools'] ['CLWIKI' ] = false; 618 $_groupProperties ['tools'] ['CLCHT' ] = false; 619 $_groupProperties ['private' ] = true; 620 } 621 622 } 623 else // else of if($cidReset) - continue with the previous values 624 { 625 if ( !empty($_SESSION['_cid']) ) $_cid = $_SESSION['_cid']; 626 else $_cid = null; 627 628 if ( !empty($_SESSION['_course']) ) $_course = $_SESSION['_course']; 629 else $_course = null; 630 631 if ( !empty($_SESSION['_groupProperties']) ) $_groupProperties = $_SESSION['_groupProperties']; 632 else $_groupProperties = null; 633 } 634 635 /*--------------------------------------------------------------------------- 636 Course / user relation initialisation 637 ---------------------------------------------------------------------------*/ 638 639 if ( $uidReset || $cidReset ) // session data refresh requested 640 { 641 if ( $_uid && $_cid ) // have keys to search data 642 { 643 $sql = "SELECT profile_id as profileId, 644 isCourseManager, 645 tutor, 646 role 647 FROM `".$tbl_rel_course_user."` `cours_user` 648 WHERE `user_id` = '". (int) $_uid."' 649 AND `code_cours` = '". addslashes($cidReq) ."'"; 650 651 $result = claro_sql_query($sql) or claro_die ('WARNING !! Load profile (DB QUERY) FAILED ! '.__LINE__); 652 653 if ( mysql_num_rows($result) > 0 ) // this user have a recorded state for this course 654 { 655 $cuData = mysql_fetch_array($result); 656 657 $_profileId = $cuData['profileId']; 658 $is_courseMember = true; 659 $is_courseTutor = (bool) ($cuData['tutor' ] == 1 ); 660 $is_courseAdmin = (bool) ($cuData['isCourseManager'] == 1 ); 661 662 $_courseUser['role'] = $cuData['role' ]; // not used 663 664 } 665 else // this user has no status related to this course 666 { 667 $_profileId = claro_get_profile_id('guest'); 668 $is_courseMember = false; 669 $is_courseAdmin = false; 670 $is_courseTutor = false; 671 672 $_courseUser = null; // not used 673 } 674 675 $is_courseAdmin = (bool) ($is_courseAdmin || $is_platformAdmin); 676 677 } 678 else // keys missing => not anymore in the course - user relation 679 { 680 // course 681 $_profileId = claro_get_profile_id('anonymous'); 682 $is_courseMember = false; 683 $is_courseAdmin = false; 684 $is_courseTutor = false; 685 686 $_courseUser = null; // not used 687 } 688 689 $is_courseAllowed = (bool) ($_course['visibility'] || $is_courseMember || $is_platformAdmin); // here because it's a right and not a state 690 691 } 692 else // else of if ($uidReset || $cidReset) - continue with the previous values 693 { 694 if ( !empty($_SESSION['_profileId']) ) $_profileId = $_SESSION['_profileId']; 695 else $_profileId = false; 696 if ( !empty($_SESSION['is_courseMember']) ) $is_courseMember = $_SESSION['is_courseMember' ]; 697 else $is_courseMember = false; 698 if ( !empty($_SESSION['is_courseAdmin']) ) $is_courseAdmin = $_SESSION['is_courseAdmin' ]; 699 else $is_courseAdmin = false; 700 if ( !empty($_SESSION['is_courseAllowed']) ) $is_courseAllowed = $_SESSION['is_courseAllowed' ]; 701 else $is_courseAllowed = false; 702 if ( !empty($_SESSION['is_courseTutor']) ) $is_courseTutor = $_SESSION['is_courseTutor']; 703 else $is_courseTutor = false; 704 705 // not used 706 if ( !empty($_SESSION['_courseUser']) ) $_courseUser = $_SESSION['_courseUser' ]; 707 else $_courseUser = null; 708 } 709 710 /*--------------------------------------------------------------------------- 711 Course / tool relation initialisation 712 ---------------------------------------------------------------------------*/ 713 714 // if the requested tool is different from the current tool in session 715 // (special request can come from the tool id, or the tool label) 716 717 if ( ( $tidReq && $tidReq != $_SESSION['_tid'] ) 718 || ( $tlabelReq && ( ! isset($_SESSION['_courseTool']['label']) 719 || $tlabelReq != $_SESSION['_courseTool']['label']) ) 720 ) 721 { 722 $tidReset = true; 723 } 724 725 if ( $tidReset || $cidReset ) // session data refresh requested 726 { 727 if ( ( $tidReq || $tlabelReq) && $_cid ) // have keys to search data 728 { 729 $sql = " SELECT ctl.id AS id , 730 pct.id AS toolId , 731 pct.claro_label AS label , 732 ctl.script_name AS name , 733 ctl.visibility AS visibility , 734 pct.icon AS icon , 735 pct.access_manager AS access_manager, 736 pct.script_url AS url 737 738 FROM `".$_course['dbNameGlu']."tool_list` ctl, 739 `".$tbl_tool."` pct 740 741 WHERE `ctl`.`tool_id` = `pct`.`id` 742 AND (`ctl`.`id` = '". (int) $tidReq."' 743 OR (".(int) is_null($tidReq)." AND pct.claro_label = '". addslashes($tlabelReq) ."') 744 )"; 745 746 // Note : 'ctl' stands for 'course tool list' and 'pct' for 'platform course tool' 747 $_courseTool = claro_sql_query_get_single_row($sql); 748 749 if ( is_array($_courseTool) ) // this tool have a recorded state for this course 750 { 751 $_tid = $_courseTool['id']; 752 $_mainToolId = $_courseTool['toolId']; 753 } 754 else // this tool has no status related to this course 755 { 756 $activatedModules = get_module_label_list( true ); 757 758 if ( ! in_array( $tlabelReq, $activatedModules ) ) 759 { 760 exit('WARNING UNDEFINED TLABEL OR TID !! Your script declare be a tool wich is not registred'); 761 } 762 else 763 { 764 $_tid = null; 765 $_mainToolId = null; 766 $_courseTool = null; 767 } 768 } 769 } 770 else // keys missing => not anymore in the course - tool relation 771 { 772 // course 773 $_tid = null; 774 $_mainToolId = null; 775 $_courseTool = null; 776 } 777 778 } 779 else // continue with the previous values 780 { 781 if ( !empty($_SESSION['_tid']) ) $_tid = $_SESSION['_tid'] ; 782 else $_tid = null; 783 784 if ( !empty($_SESSION['_mainToolId']) ) $_mainToolId = $_SESSION['_mainToolId'] ; 785 else $_mainToolId = null; 786 787 if ( !empty( $_SESSION['_courseTool']) ) $_courseTool = $_SESSION['_courseTool']; 788 else $_courseTool = null; 789 } 790 791 /*--------------------------------------------------------------------------- 792 Group initialisation 793 ---------------------------------------------------------------------------*/ 794 795 // if the requested group is different from the group in session 796 797 if ( $gidReq && ( !isset($_SESSION['_gid']) || $gidReq != $_SESSION['_gid']) ) 798 { 799 $gidReset = true; 800 } 801 802 if ( $gidReset || $cidReset ) // session data refresh requested 803 { 804 if ( $gidReq && $_cid ) // have keys to search data 805 { 806 $sql = "SELECT g.id AS id , 807 g.name AS name , 808 g.description AS description , 809 g.tutor AS tutorId , 810 f.forum_id AS forumId , 811 g.secretDirectory AS directory , 812 g.maxStudent AS maxMember 813 814 FROM `".$_course['dbNameGlu']."group_team` g 815 LEFT JOIN `".$_course['dbNameGlu']."bb_forums` f 816 817 ON g.id = f.group_id 818 WHERE `id` = '". (int) $gidReq."'"; 819 820 $_group = claro_sql_query_get_single_row($sql); 821 822 if ( is_array($_group) ) // This group has recorded status related to this course 823 { 824 $_gid = $_group ['id']; 825 } 826 else 827 { 828 exit('WARNING UNDEFINED GID !! The requested group doesn\'t exist'); 829 } 830 } 831 else // Keys missing => not anymore in the group - course relation 832 { 833 $_gid = null; 834 $_group = null; 835 } 836 } 837 else // continue with the previous values 838 { 839 if ( !empty($_SESSION ['_gid']) ) $_gid = $_SESSION ['_gid']; 840 else $_gid = null; 841 842 if ( !empty($_SESSION ['_group']) ) $_group = $_SESSION ['_group']; 843 else $_group = null; 844 } 845 846 /*--------------------------------------------------------------------------- 847 Group / User relation initialisation 848 ---------------------------------------------------------------------------*/ 849 850 if ($uidReset || $cidReset || $gidReset) // session data refresh requested 851 { 852 if ($_uid && $_cid && $_gid) // have keys to search data 853 { 854 $sql = "SELECT status, 855 role 856 FROM `" . $_course['dbNameGlu'] . "group_rel_team_user` 857 WHERE `user` = '". (int) $_uid . "' 858 AND `team` = '". (int) $gidReq . "'"; 859 860 $result = claro_sql_query($sql) or claro_die ('WARNING !! Load user course_group status (DB QUERY) FAILED ! '.__LINE__); 861 862 if (mysql_num_rows($result) > 0) // This user has a recorded status related to this course group 863 { 864 $gpuData = mysql_fetch_array($result); 865 866 $_groupUser ['status'] = $gpuData ['status']; 867 $_groupUser ['role' ] = $gpuData ['role' ]; 868 869 $is_groupMember = true; 870 } 871 else 872 { 873 $is_groupMember = false; 874 $_groupUser = null; 875 } 876 877 $is_groupTutor = ($_group['tutorId'] == $_uid); 878 879 } 880 else // Keys missing => not anymore in the user - group (of this course) relation 881 { 882 $is_groupMember = false; 883 $is_groupTutor = false; 884 885 $_groupUser = null; 886 } 887 888 // user group access is allowed or user is group member or user is admin 889 $is_groupAllowed = (bool) (!$_groupProperties['private'] || $is_groupMember || $is_courseAdmin || claro_is_group_tutor() || $is_platformAdmin) ; 890 891 } 892 else // continue with the previous values 893 { 894 if ( !empty($_SESSION['_groupUser']) ) $_groupUser = $_SESSION['_groupUser' ]; 895 else $_groupUser = null; 896 897 if ( !empty($_SESSION['is_groupMember']) ) $is_groupMember = $_SESSION['is_groupMember' ]; 898 else $is_groupMember = null; 899 900 if ( !empty($_SESSION['is_groupTutor']) ) $is_groupTutor = $_SESSION['is_groupTutor' ]; 901 else $is_groupTutor = null; 902 903 if ( !empty($_SESSION['is_groupAllowed']) ) $is_groupAllowed = $_SESSION['is_groupAllowed']; 904 else $is_groupAllowed = null; 905 } 906 907 /*--------------------------------------------------------------------------- 908 COURSE TOOL / USER / GROUP REL. INIT 909 ---------------------------------------------------------------------------*/ 910 911 if ( $uidReset || $cidReset || $gidReset || $tidReset ) // session data refresh requested 912 { 913 if ( $_tid && $_gid ) 914 { 915 //echo 'passed here'; 916 917 $toolLabel = trim( $_courseTool['label'] , '_'); 918 919 $is_toolAllowed = array_key_exists($toolLabel, $_groupProperties ['tools']) 920 && $_groupProperties ['tools'] [$toolLabel]; 921 922 if ( $_groupProperties ['private'] ) 923 { 924 $is_toolAllowed = $is_toolAllowed 925 && ( $is_groupMember || claro_is_group_tutor() ); 926 } 927 928 $is_toolAllowed = $is_toolAllowed || ( $is_courseAdmin || $is_platformAdmin ); 929 } 930 elseif ( $_tid ) 931 { 932 if ( ( ! $_courseTool['visibility'] && ! claro_is_allowed_tool_edit($_mainToolId,$_profileId,$_cid) ) 933 || ! claro_is_allowed_tool_read($_mainToolId,$_profileId,$_cid) ) 934 { 935 $is_toolAllowed = false; 936 } 937 else 938 { 939 $is_toolAllowed = true; 940 } 941 } 942 else 943 { 944 $is_toolAllowed = false; 945 } 946 947 } 948 else // continue with the previous values 949 { 950 if ( !empty( $_SESSION['is_toolAllowed']) ) $is_toolAllowed = $_SESSION['is_toolAllowed']; 951 else $is_toolAllowed = null; 952 } 953 954 /*--------------------------------------------------------------------------- 955 Course tool list initialisation for current user 956 ---------------------------------------------------------------------------*/ 957 958 if ($uidReset || $cidReset) 959 { 960 if ($_cid) // have course keys to search data 961 { 962 $_courseToolList = claro_get_course_tool_list($_cid, $_profileId, true, true); 963 } 964 else 965 { 966 $_courseToolList = null; 967 } 968 } 969 else // continue with the previous values 970 { 971 if ( !empty($_SESSION['_courseToolList']) ) $_courseToolList = $_SESSION['_courseToolList'] ; 972 else $_courseToolList = null; 973 } 974 975 /*=========================================================================== 976 Save all variables in session 977 ===========================================================================*/ 978 979 /*--------------------------------------------------------------------------- 980 User info in the platform 981 ---------------------------------------------------------------------------*/ 982 $_SESSION['_uid' ] = $_uid; 983 $_SESSION['_user' ] = $_user; 984 $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse; 985 $_SESSION['is_platformAdmin' ] = $is_platformAdmin; 986 987 /*--------------------------------------------------------------------------- 988 Course info of $_cid course 989 ---------------------------------------------------------------------------*/ 990 991 $_SESSION['_cid' ] = $_cid; 992 $_SESSION['_course' ] = $_course; 993 $_SESSION['_groupProperties'] = $_groupProperties; 994 995 /*--------------------------------------------------------------------------- 996 User rights of $_uid in $_cid course 997 ---------------------------------------------------------------------------*/ 998 999 $_SESSION['_profileId' ] = $_profileId; 1000 $_SESSION['is_courseAdmin' ] = $is_courseAdmin; 1001 $_SESSION['is_courseAllowed'] = $is_courseAllowed; 1002 $_SESSION['is_courseMember' ] = $is_courseMember; 1003 $_SESSION['is_courseTutor' ] = $is_courseTutor; 1004 1005 if ( isset($_courseUser) ) $_SESSION['_courseUser'] = $_courseUser; // not used 1006 1007 /*--------------------------------------------------------------------------- 1008 Tool info of $_tid in $_cid course 1009 ---------------------------------------------------------------------------*/ 1010 1011 $_SESSION['_tid' ] = $_tid; 1012 $_SESSION['_mainToolId'] = $_mainToolId; 1013 $_SESSION['_courseTool'] = $_courseTool; 1014 1015 /*--------------------------------------------------------------------------- 1016 Group info of $_gid in $_cid course 1017 ---------------------------------------------------------------------------*/ 1018 1019 $_SESSION['_gid' ] = $_gid; 1020 $_SESSION['_group' ] = $_group; 1021 $_SESSION['is_groupAllowed'] = $is_groupAllowed; 1022 $_SESSION['is_groupMember' ] = $is_groupMember; 1023 $_SESSION['is_groupTutor' ] = $is_groupTutor; 1024 1025 /*--------------------------------------------------------------------------- 1026 Tool in $_cid course allowed to $_uid user 1027 ---------------------------------------------------------------------------*/ 1028 1029 $_SESSION['is_toolAllowed'] = $is_toolAllowed; 1030 1031 /*--------------------------------------------------------------------------- 1032 List of available tools in $_cid course 1033 ---------------------------------------------------------------------------*/ 1034 1035 $_SESSION['_courseToolList'] = $_courseToolList; 1036 1037 /*=========================================================================== 1038 Set config for course ---> to move in claro_init_global 1039 ===========================================================================*/ 1040 1041 if (isset($_cid) && $_courseTool['label']) 1042 { 1043 $config_code = rtrim($_courseTool['label'],'_'); 1044 1045 if (file_exists(claro_get_conf_repository() . $config_code . '.conf.php')) 1046 include claro_get_conf_repository() . $config_code . '.conf.php'; 1047 if ( claro_is_in_a_course() && file_exists(get_conf('coursesRepositorySys') . $_course['path'] . '/conf/' . $config_code . '.conf.php')) 1048 require get_conf('coursesRepositorySys') . $_course['path'] . '/conf/' . $config_code . '.conf.php'; 1049 } 1050 1051 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 14:38:42 2007 | par Balluche grâce à PHPXref 0.7 |
|
|