$uid, 'cid' => $cid, 'sid' => api_get_session_id(), ]; } $courseCodeFromSession = api_get_course_id(); // $cidReq can be set in URL-parameter $cidReq = isset($_GET['cidReq']) ? Database::escape_string($_GET['cidReq']) : ''; $cidReset = isset($cidReset) ? (bool) $cidReset : false; // $cDir is a special url param sent from a redirection from /courses/[DIR]/index.php... // It replaces cidReq in some opportunities $cDir = !empty($_GET['cDir']) ? $_GET['cDir'] : ''; // if there is a cDir parameter in the URL and $cidReq could not be determined if (!empty($cDir) && empty($cidReq)) { $courseCode = CourseManager::getCourseCodeFromDirectory($cDir); if (!empty($courseCode)) { $cidReq = $courseCode; } } if (empty($cidReq) && !empty($courseCodeFromSession)) { $cidReq = $courseCodeFromSession; } if (empty($cidReset)) { if ($courseCodeFromSession != $cidReq) { $cidReset = true; } } else { $cidReq = null; } $gidReset = $gidReset ?? ''; // $gidReset can be set in URL-parameter // parameters passed via POST $login = $_POST["login"] ?? ''; // register if the user is just logging in, in order to redirect him $logging_in = false; /* MAIN CODE */ if (array_key_exists('forceCASAuthentication', $_POST)) { unset($_SESSION['_user']); unset($_user); if (api_is_anonymous()) { Session::destroy(); } } // Not allowed for users with auth_source ims_lti outsite a tool provider if ('true' === api_get_plugin_setting('lti_provider', 'enabled')) { global $cidReset; require_once api_get_path(SYS_PLUGIN_PATH).'lti_provider/src/LtiProvider.php'; $isLtiRequest = LtiProvider::create()->isLtiRequest($_REQUEST, $_SESSION); $user = api_get_user_info(); if ($cidReset) { $isLtiRequest = false; } if (!empty($user) && IMS_LTI_SOURCE === $user['auth_source'] && !$isLtiRequest) { if (isset($_SESSION['_ltiProvider']) && !empty($_SESSION['_ltiProvider']['launch_url'])) { $redirectLti = $_SESSION['_ltiProvider']['launch_url'].'&from=lti_provider'; header('Location: '.$redirectLti); exit; } } } if (!empty($_SESSION['_user']['user_id']) && !($login || $logout)) { // uid is in session => login already done, continue with this value $_user['user_id'] = $_SESSION['_user']['user_id']; //Check if we have to reset user data //This param can be used to reload user data if user has been logged by external script if (isset($_SESSION['_user']['uidReset']) && $_SESSION['_user']['uidReset']) { $uidReset = true; } } else { if (isset($_user['user_id'])) { unset($_user['user_id']); } $termsAndCondition = Session::read('term_and_condition'); // Platform legal terms and conditions if (api_get_setting('allow_terms_conditions') === 'true' && api_get_setting('load_term_conditions_section') === 'login' ) { if (isset($_POST['login']) && isset($_POST['password']) && isset($termsAndCondition['user_id']) ) { // user id $user_id = $termsAndCondition['user_id']; // Update the terms & conditions $legal_type = null; //verify type of terms and conditions if (isset($_POST['legal_info'])) { $info_legal = explode(':', $_POST['legal_info']); $legal_type = LegalManager::get_type_of_terms_and_conditions( $info_legal[0], $info_legal[1] ); } // is necessary verify check if ($legal_type == 1) { if ((isset($_POST['legal_accept']) && $_POST['legal_accept'] == '1')) { $legal_option = true; } else { $legal_option = false; } } // no is check option if ($legal_type == 0) { $legal_option = true; } if (isset($_POST['legal_accept_type']) && $legal_option === true) { $cond_array = explode(':', $_POST['legal_accept_type']); if (!empty($cond_array[0]) && !empty($cond_array[1])) { $time = time(); $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; UserManager::update_extra_field_value( $user_id, 'legal_accept', $condition_to_save ); } } } } // IF cas is activated and user isn't logged in if ('true' === api_get_setting('cas_activate') && !isset($_user['user_id']) && !isset($_POST['login']) && !$logout ) { // load the CAS system to authenticate the user require_once __DIR__.'/../auth/cas/cas_var.inc.php'; $load = true; if (isset($cas['skip_force_redirect_in'])) { $skipCas = $cas['skip_force_redirect_in']; foreach ($skipCas as $folder) { if (false !== strpos($_SERVER['REQUEST_URI'], $folder)) { $load = false; break; } } } if ($load) { // redirect to CAS server if not authenticated yet and so configured if (is_array($cas) && array_key_exists('force_redirect', $cas) && $cas['force_redirect'] || array_key_exists('forceCASAuthentication', $_POST) || array_key_exists('checkLoginCas', $_GET) || array_key_exists('ticket', $_GET) ) { phpCAS::forceAuthentication(); } // check whether we are authenticated if (phpCAS::isAuthenticated()) { // the user was successfully authenticated by the CAS server, read its CAS user identification $casUser = phpCAS::getUser(); // make sure the user exists in the database $login = UserManager::casUserLoginName($casUser); $_user = null; if (false === $login) { // the CAS-authenticated user does not yet exist in internal database // see whether we are supposed to create it switch (api_get_setting('cas_add_user_activate')) { case PLATFORM_AUTH_SOURCE: // create the new user from its CAS user identifier $login = UserManager::createCASAuthenticatedUserFromScratch($casUser); $_user = api_get_user_info_from_username($login); UserManager::updateCasUser($_user); break; case LDAP_AUTH_SOURCE: // find the new user's LDAP record from its CAS user identifier and copy information $login = UserManager::createCASAuthenticatedUserFromLDAP($casUser); $_user = api_get_user_info_from_username($login); break; default: // no automatic user creation is configured, just complain about it throw new Exception(get_lang('NoUserMatched')); } } else { $_user = api_get_user_info_from_username($login); switch (api_get_setting('cas_add_user_activate')) { case PLATFORM_AUTH_SOURCE: UserManager::updateCasUser($_user); break; } } // $login is set and the user exists in the database // Check if the account is active (not locked) if ($_user['active'] == '1') { // Check if the expiration date has not been reached if ($_user['expiration_date'] > date('Y-m-d H:i:s') || empty($_user['expiration_date']) ) { global $_configuration; if (api_is_multiple_url_enabled()) { // Check if user is an admin $my_user_is_admin = UserManager::is_admin($_user['user_id']); // This user is subscribed in these sites => $my_url_list $my_url_list = api_get_access_url_from_user($_user['user_id']); //Check the access_url configuration setting if // the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); // the user have the permissions to enter at this site if (is_array($my_url_list) && in_array($current_access_url_id, $my_url_list) ) { } else { phpCAS::logout(); $location = api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=access_url_inactive'; header('Location: '.$location); exit; } } Session::write('_user', $_user); Event::eventLogin($_user['user_id']); } else { phpCAS::logout(); header( 'Location: '.api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=account_expired' ); exit; } } else { phpCAS::logout(); header( 'Location: '.api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=account_inactive' ); exit; } // update the user record from LDAP if so required by settings if ('true' === api_get_setting("update_user_info_cas_with_ldap")) { UserManager::updateUserFromLDAP($login); } $doNotRedirectToCourse = true; // we should already be on the right page, no need to redirect } } //If plugin oauth2 is activated with force_redirect and user isn't logged in } elseif ('true' === api_get_plugin_setting('oauth2', 'enable') && 'true' === api_get_plugin_setting('oauth2', 'force_redirect') && !isset($_user['user_id']) && !isset($_POST['login']) && !$logout ) { $skipFolderOauth = []; $skipFolderOauth = explode(',', api_get_plugin_setting('oauth2', 'skip_force_redirect_in')); $load = true; foreach ($skipFolderOauth as $folder) { if (false !== strpos($_SERVER['REQUEST_URI'], $folder)) { $load = false; break; } } if ($load) { $plugin = OAuth2::create(); $provider = $plugin->getProvider(); // If we don't have an authorization code then get one if (!array_key_exists('code', $_GET)) { // Fetch the authorization URL from the provider; this returns the // urlAuthorize option and generates and applies any necessary parameters // (e.g. state). $authorizationUrl = $provider->getAuthorizationUrl(); // Get the state generated for you and store it to the session. ChamiloSession::write('oauth2state', $provider->getState()); // Redirect the user to the authorization URL. header('Location: '.$authorizationUrl); exit; } // Check given state against previously stored one to mitigate CSRF attack if (!array_key_exists('state', $_GET) || ($_GET['state'] !== ChamiloSession::read('oauth2state'))) { ChamiloSession::erase('oauth2state'); exit('Invalid state'); } } } elseif (isset($_POST['login']) && isset($_POST['password'])) { // $login && $password are given to log in if (empty($login) || !empty($_POST['login'])) { $login = $_POST['login']; $password = $_POST['password']; } // unset the "login_as" flag if we just connected with a username and password. Session::erase('login_as'); $userManager = UserManager::getManager(); $userRepository = UserManager::getRepository(); // Lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status, salt, last_login FROM $user_table WHERE username = '".Database::escape_string($login)."'"; $result = Database::query($sql); $captchaValidated = true; $captcha = api_get_setting('allow_captcha'); $allowCaptcha = $captcha == 'true'; if (Database::num_rows($result) > 0) { $uData = Database::fetch_array($result, 'ASSOC'); if ($allowCaptcha) { // Checking captcha if (isset($_POST['captcha'])) { // Check captcha $captchaText = $_POST['captcha']; /** @var Text_CAPTCHA $obj */ $obj = $_SESSION['template.lib'] ?? null; if ($obj) { $obj->getPhrase(); if ($obj->getPhrase() != $captchaText) { $captchaValidated = false; } else { $captchaValidated = true; } } if (isset($_SESSION['captcha_question'])) { $captcha_question = $_SESSION['captcha_question']; $captcha_question->destroy(); } } // Redirect to login page if (!$captchaValidated) { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=wrong_captcha'); exit; } // Check if account is blocked by captcha user extra field see function api_block_account_captcha() $blockedUntilDate = api_get_user_blocked_by_captcha($login); if (!empty($blockedUntilDate)) { if (time() > api_strtotime($blockedUntilDate, 'UTC')) { api_clean_account_captcha($login); } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=blocked_by_captcha'); exit; } } } if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE || $uData['auth_source'] == CAS_AUTH_SOURCE ) { $validPassword = isset($password) && UserManager::checkPassword( $uData['password'], $password, $uData['salt'], $uData['user_id'] ); $checkUserFromExternalWebservice = false; // If user can't connect directly to chamilo then check the webservice setting if ($validPassword === false) { // Use external webservice to $options = api_get_configuration_value('webservice_validation'); if (!empty($options) && !empty($options['options'])) { $options = $options['options']; $soapclient = new nusoap_client($options['wsdl']); $function = $options['check_login_function']; $params = [ 'login' => $uData['username'], 'password' => $password, ]; $result = $soapclient->call($function, [serialize($params)]); if ($error = $soapclient->getError()) { error_log('error'); error_log(print_r($error, 1)); } elseif ((int) $result === 1) { $checkUserFromExternalWebservice = true; } } $checkLoginCredentialHook = CheckLoginCredentialsHook::create(); if (!empty($checkLoginCredentialHook)) { $checkLoginCredentialHook->setEventData([ 'user' => $uData, 'credentials' => [ 'username' => $login, 'password' => $password, ], ]); $validPassword = $checkLoginCredentialHook->notifyLoginCredentials(); } } // Check the user's password if (($validPassword || $checkUserFromExternalWebservice) && (trim($login) == $uData['username']) ) { // Means that the login was loaded in a different page than index.php // we force the reload of the course access using cidReset just in case if (isset($_REQUEST['redirect_after_not_allow_page']) && $_REQUEST['redirect_after_not_allow_page'] == 1 ) { $cidReset = true; } $update_type = UserManager::get_extra_user_data_by_field( $uData['user_id'], 'update_type' ); $update_type = $update_type['update_type'] ?? ''; if (!empty($extAuthSource[$update_type]['updateUser']) && file_exists($extAuthSource[$update_type]['updateUser']) ) { include_once $extAuthSource[$update_type]['updateUser']; } // Check if the account is active (not locked) if ($uData['active'] == '1') { // Check if the expiration date has not been reached if ($uData['expiration_date'] > date('Y-m-d H:i:s') || empty($uData['expiration_date']) ) { global $_configuration; if (api_is_multiple_url_enabled()) { // Check if user is an admin $my_user_is_admin = UserManager::is_admin($uData['user_id']); // This user is subscribed in these sites => $my_url_list $my_url_list = api_get_access_url_from_user($uData['user_id']); //Check the access_url configuration setting if // the user is registered in the access_url_rel_user table //Getting the current access_url_id of the platform $current_access_url_id = api_get_current_access_url_id(); if ($my_user_is_admin === false) { // the user have the permissions to enter at this site if (is_array($my_url_list) && in_array($current_access_url_id, $my_url_list) ) { UserManager::redirectToResetPassword($uData['user_id']); ConditionalLogin::check_conditions($uData); $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; Session::write('_user', $_user); Event::eventLoginAttempt($uData['username'], true); Event::eventLogin($_user['user_id']); $logging_in = true; } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); Event::eventLoginAttempt($uData['username']); UserManager::blockIfMaxLoginAttempts($uData); // Fix cas redirection loop // https://support.chamilo.org/issues/6124 $location = api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=access_url_inactive'; header('Location: '.$location); exit; } } else { // Only admins of the "main" (first) Chamilo portal can login wherever they want if (in_array(1, $my_url_list)) { // Check if this admin have the access_url_id = 1 which means the principal ConditionalLogin::check_conditions($uData); $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; Session::write('_user', $_user); Event::eventLogin($_user['user_id']); Event::eventLoginAttempt($uData['username'], true); $logging_in = true; } else { //This means a secondary admin wants to login so we check as he's a normal user if (in_array($current_access_url_id, $my_url_list)) { UserManager::redirectToResetPassword($uData['user_id']); $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; Session::write('_user', $_user); Event::eventLogin($_user['user_id']); Event::eventLoginAttempt($uData['username'], true); $logging_in = true; } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); Event::eventLoginAttempt($uData['username']); UserManager::blockIfMaxLoginAttempts($uData); header( 'Location: '.api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=access_url_inactive' ); exit; } } } } else { UserManager::redirectToResetPassword($uData['user_id']); ConditionalLogin::check_conditions($uData); $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; Session::write('_user', $_user); Event::eventLogin($uData['user_id']); Event::eventLoginAttempt($uData['username'], true); $logging_in = true; } } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header( 'Location: '.api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=account_expired' ); exit; } } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header( 'Location: '.api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=account_inactive' ); exit; } } else { // login failed: username or password incorrect $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); Event::eventLoginAttempt($uData['username']); UserManager::blockIfMaxLoginAttempts($uData); if ($allowCaptcha) { if (isset($_SESSION['loginFailedCount'])) { $_SESSION['loginFailedCount']++; } else { $_SESSION['loginFailedCount'] = 1; } $numberMistakesToBlockAccount = api_get_setting('captcha_number_mistakes_to_block_account'); if (isset($_SESSION['loginFailedCount'])) { if ($_SESSION['loginFailedCount'] >= $numberMistakesToBlockAccount) { api_block_account_captcha($login); } } } header( 'Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=user_password_incorrect' ); exit; } // update user expiration date when the login is the first time if (isset($_user['status']) && STUDENT == $_user['status']) { $userExpirationXDate = api_get_configuration_value('update_student_expiration_x_date'); $userSpentTime = Tracking::get_time_spent_on_the_platform($_user['user_id'], 'ever'); if (false !== $userExpirationXDate && empty($userSpentTime)) { $expDays = (int) $userExpirationXDate['days']; $expMonths = (int) $userExpirationXDate['months']; $date = new DateTime(); $duration = "P{$expMonths}M{$expDays}D"; $date->add(new DateInterval($duration)); $newExpirationDate = $date->format('Y-m-d H:i:s'); UserManager::updateExpirationDate($_user['user_id'], $newExpirationDate); } } if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { //first login for a not self registered //e.g. registered by a teacher //do nothing (code may be added later) } } elseif (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login']) ) { /* * Process external authentication * on the basis of the given login name */ $loginFailed = true; // Default initialisation. It could // change after the external authentication $key = $uData['auth_source']; //'ldap','shibboleth'... // Check if organisationemail email exist for this user and replace the current login with $extraFieldValue = new ExtraFieldValue('user'); $newLogin = $extraFieldValue->get_values_by_handler_and_field_variable( $uData['user_id'], 'organisationemail' ); if (!empty($newLogin) && isset($newLogin['value'])) { $login = $newLogin['value']; } /* >>>>>>>> External authentication modules <<<<<<<<< */ // see configuration.php to define these include_once $extAuthSource[$key]['login']; /* >>>>>>>> External authentication modules <<<<<<<<< */ } else { // no standard Chamilo login - try external authentication //huh... nothing to do... we shouldn't get here error_log( 'Chamilo Authentication file defined in'. ' $extAuthSource could not be found - this might prevent'. ' your system from doing the corresponding authentication'. ' process', 0 ); } } else { Event::eventLoginAttempt($login); UserManager::blockIfMaxLoginAttempts(['username' => $login, 'last_login' => null]); $extraFieldValue = new ExtraFieldValue('user'); $uData = $extraFieldValue->get_item_id_from_field_variable_and_field_value( 'organisationemail', $login ); if (!empty($uData)) { $uData = api_get_user_info($uData['item_id']); if (!empty($extAuthSource[$uData['auth_source']]['login']) && file_exists($extAuthSource[$uData['auth_source']]['login']) ) { /* * Process external authentication * on the basis of the given login name */ $loginFailed = true; // Default initialisation. It could // change after the external authentication $key = $uData['auth_source']; //'ldap','shibboleth'... /* >>>>>>>> External authentication modules <<<<<<<<< */ // see configuration.php to define these include_once $extAuthSource[$key]['login']; } } else { // change after the external authentication // login failed, Database::num_rows($result) <= 0 $loginFailed = true; // Default initialisation. It could } // login failed, Database::num_rows($result) <= 0 $loginFailed = true; // Default initialisation. It could // change after the external authentication /* * In this section: * there is no entry for the $login user in the Chamilo * database. This also means there is no auth_source for the user. * We let all external procedures attempt to add him/her * to the system. * * Process external login on the basis * of the authentication source list * provided by the configuration settings. * If the login succeeds, for going further, * Chamilo needs the $_user['user_id'] variable to be * set and registered in the session. It's the * responsibility of the external login script * to provide this $_user['user_id']. */ if (isset($extAuthSource) && is_array($extAuthSource)) { foreach ($extAuthSource as $thisAuthSource) { if (!empty($thisAuthSource['login']) && file_exists($thisAuthSource['login'])) { include_once $thisAuthSource['login']; } if (isset($thisAuthSource['newUser'])) { if (file_exists($thisAuthSource['newUser'])) { include_once $thisAuthSource['newUser']; } else { error_log( 'Chamilo Authentication external file'. ' could not be found - this might prevent your system from using'. ' the authentication process in the user creation process', 0 ); } } } } //end if is_array($extAuthSource) $checkUserInfo = Session::read('_user'); if ($loginFailed && empty($checkUserInfo)) { //If we are here username given is wrong Session::write('loginFailed', '1'); header( 'Location: '.api_get_path(WEB_PATH) .'index.php?loginFailed=1&error=user_password_incorrect' ); exit; } } //end else login failed } elseif (api_get_setting('sso_authentication') === 'true' && !in_array('webservices', explode('/', $_SERVER['REQUEST_URI'])) ) { /** * TODO: * - Work on a better validation for webservices paths. Current is very poor and exit. */ $subsso = api_get_setting('sso_authentication_subclass'); if (!empty($subsso)) { require_once api_get_path(SYS_CODE_PATH).'auth/sso/sso.'.$subsso.'.class.php'; $subsso = 'sso'.$subsso; $osso = new $subsso(); //load the subclass } else { $osso = new sso(); } if (isset($_SESSION['_user']['user_id'])) { if ($logout) { // Make custom redirect after logout online_logout($_SESSION['_user']['user_id'], false); Event::courseLogout($logoutInfo); $osso->logout(); //redirects and exits } } elseif (!$logout) { // Handle cookie from Master Server $forceSsoRedirect = api_get_setting('sso_force_redirect'); if ($forceSsoRedirect === 'true') { // all users to be redirected unless they are connected (removed req on sso_cookie) $redirectToMasterConditions = !isset($_REQUEST['sso_referer']) && !isset($_GET['loginFailed']); } else { // Users to still see the homepage without connecting $redirectToMasterConditions = !isset($_REQUEST['sso_referer']) && !isset($_GET['loginFailed']) && isset($_GET['sso_cookie']); } if ($redirectToMasterConditions) { // Redirect to master server $osso->ask_master(); } elseif (isset($_REQUEST['sso_cookie'])) { // Here we are going to check the origin of // what the call says should be used for // authentication, and ensure we know it $matches_domain = false; if (isset($_REQUEST['sso_referer'])) { $protocol = api_get_setting('sso_authentication_protocol'); // sso_authentication_domain can list // several, comma-separated, domains $master_urls = preg_split('/,/', api_get_setting('sso_authentication_domain')); if (!empty($master_urls)) { $master_auth_uri = api_get_setting('sso_authentication_auth_uri'); foreach ($master_urls as $mu) { if (empty($mu)) { continue; } // For each URL, check until we find *one* that matches the $_GET['sso_referer'], // then skip other possibilities // Do NOT compare the whole referer, as this might cause confusing errors with friendly urls, // like in Drupal /?q=user& vs /user? $referrer = substr($_REQUEST['sso_referer'], 0, strrpos($_REQUEST['sso_referer'], '/')); if ($protocol.trim($mu) === $referrer) { $matches_domain = true; break; } } } else { error_log( 'Your sso_authentication_master param is empty. '. 'Check the platform configuration, security section. '. 'It can be a list of comma-separated domains' ); } } if ($matches_domain) { //make all the process of checking //if the user exists (delegated to the sso class) $osso->check_user(); } else { error_log('Check the sso_referer URL in your script, it doesn\'t match any of the possibilities'); //Request comes from unknown source $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header('Location: '.api_get_path(WEB_PATH).'index.php?loginFailed=1&error=unrecognize_sso_origin'); exit; } } //end logout ... else ... login } elseif ($logout) { //if there was an attempted logout without a previous login, log // this anonymous user out as well but avoid redirect online_logout(null, false); Event::courseLogout($logoutInfo); $osso->logout(); //redirects and exits } } elseif (api_get_setting('openid_authentication') == 'true') { include api_get_path(SYS_CODE_PATH).'auth/openid/login.php'; $openidForm = openid_form(); if ($openidForm->validate() && $openidForm->isSubmitted()) { $openidUrl = $openidForm->exportValue('openid_url'); if (openid_is_allowed_provider($openidUrl)) { openid_begin($openidUrl, api_get_path(WEB_PATH).'index.php'); //this last function should trigger a redirect, so we can die here safely exit('Openid login redirection should be in progress'); } else { $loginFailed = true; } } elseif (!empty($_GET['openid_identity'])) { //it's usual for PHP to replace '.' (dot) by '_' (underscore) in URL parameters $res = openid_complete($_GET); if ($res['status'] == 'success') { $id1 = Database::escape_string($res['openid.identity']); //have another id with or without the final '/' $id2 = (substr($id1, -1, 1) == '/' ? substr($id1, 0, -1) : $id1.'/'); //lookup the user in the main database $user_table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT user_id, username, password, auth_source, active, expiration_date FROM $user_table WHERE openid = '$id1' OR openid = '$id2' "; $result = Database::query($sql); if ($result !== false) { if (Database::num_rows($result) > 0) { $uData = Database::fetch_array($result); if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) { //the authentification of this user is managed by Chamilo itself // check if the account is active (not locked) if ($uData['active'] == '1') { // check if the expiration date has not been reached if ($uData['expiration_date'] > date('Y-m-d H:i:s') || empty($uData['expiration_date']) ) { $_user['user_id'] = $uData['user_id']; $_user['status'] = $uData['status']; Session::write('_user', $_user); Event::eventLogin($_user['user_id']); } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header('Location: index.php?loginFailed=1&error=account_expired'); exit; } } else { $loginFailed = true; Session::erase('_uid'); Session::write('loginFailed', '1'); header('Location: index.php?loginFailed=1&error=account_inactive'); exit; } if (isset($uData['creator_id']) && $_user['user_id'] != $uData['creator_id']) { //first login for a not self registred //e.g. registered by a teacher //do nothing (code may be added later) } } } else { // Redirect to the subscription form Session::write('loginFailed', '1'); header( 'Location: '.api_get_path(WEB_CODE_PATH) .'auth/inscription.php?username='.$res['openid.sreg.nickname'] .'&email='.$res['openid.sreg.email'] .'&openid='.$res['openid.identity'] .'&openid_msg=idnotfound' ); exit; //$loginFailed = true; } } else { $loginFailed = true; } } else { $loginFailed = true; } } } elseif (KeyAuth::is_enabled()) { $success = KeyAuth::instance()->login(); if ($success) { $use_anonymous = false; } } $uidReset = true; $cidReset = true; $gidReset = true; } // end else $maxAnons = api_get_configuration_value('max_anonymous_users'); // Now check for anonymous user mode if (isset($use_anonymous) && $use_anonymous) { //if anonymous mode is set, then try to set the current user as anonymous //if he doesn't have a login yet $anonResult = api_set_anonymous(); if ($maxAnons >= 2 && $anonResult) { $uidReset = true; Event::eventLogin($_user['user_id']); } } else { //if anonymous mode is not set, then check if this user is anonymous. If it //is, clean it from being anonymous (make him a nobody :-)) api_clear_anonymous(); } // if the requested course is different from the course in session if (!empty($cidReq) && (!isset($_SESSION['_cid']) || ($cidReq != $_SESSION['_cid'])) ) { $cidReset = true; $gidReset = true; // As groups depend from courses, group id is reset } /* USER INIT */ if (isset($uidReset) && $uidReset) { // session data refresh requested unset($_SESSION['_user']['uidReset']); $is_platformAdmin = false; $is_allowedCreateCourse = false; $isAnonymous = api_is_anonymous(); if ($maxAnons >= 2) { $isAnonymous = false; } if (isset($_user['user_id']) && $_user['user_id'] && !$isAnonymous) { // a uid is given (log in succeeded) $_SESSION['loginFailed'] = false; unset($_SESSION['loginFailedCount']); unset($_SESSION['loginToBlock']); $user_table = Database::get_main_table(TABLE_MAIN_USER); $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); $track_e_login = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN); $sql = "SELECT * FROM $user_table WHERE id = ".$_user['user_id']; $result = Database::query($sql); if (Database::num_rows($result) > 0) { // Extracting the user data $uData = Database::fetch_array($result); $_user = _api_format_user($uData, false); $is_platformAdmin = UserManager::is_admin($_user['user_id']); $is_allowedCreateCourse = $uData['status'] == COURSEMANAGER || (api_get_setting('drhCourseManagerRights') && $uData['status'] == DRH); ConditionalLogin::check_conditions($uData); Session::write('_user', $_user); UserManager::update_extra_field_value($_user['id'], 'already_logged_in', 'true'); Session::write('is_platformAdmin', $is_platformAdmin); Session::write('is_allowedCreateCourse', $is_allowedCreateCourse); } else { header('Location:'.api_get_path(WEB_PATH)); exit; } } else { if (!api_is_anonymous()) { // no uid => logout or Anonymous Session::erase('_user'); Session::erase('_uid'); } } Session::write('is_platformAdmin', $is_platformAdmin); Session::write('is_allowedCreateCourse', $is_allowedCreateCourse); } else { // continue with the previous values $_user = $_SESSION['_user']; $is_platformAdmin = $_SESSION['is_platformAdmin'] ?? false; $is_allowedCreateCourse = $_SESSION['is_allowedCreateCourse'] ?? false; } $logoutCourseCalled = false; if (!isset($_SESSION['login_as'])) { $save_course_access = true; $_course = Session::read('_course'); if ($_course && isset($_course['real_id'])) { // The value $_dont_save_user_course_access should be added before // the call of global.inc.php see the main/inc/chat.ajax.php file // Disables the updates in the TRACK_E_COURSE_ACCESS table if (isset($_dont_save_user_course_access) && $_dont_save_user_course_access) { $save_course_access = false; } else { $logoutCourseCalled = true; Event::courseLogout($logoutInfo); } } } $sessionIdFromGet = isset($_GET['id_session']) ? (int) $_GET['id_session'] : false; // if a session id has been given in url, we store the session if course was set: $sessionIdFromSession = api_get_session_id(); $checkFromDatabase = false; // User change from session id if (($sessionIdFromGet !== false && $sessionIdFromGet !== $sessionIdFromSession) || $cidReset) { $cidReset = true; $checkFromDatabase = true; Session::erase('session_name'); Session::erase('id_session'); // Deleting session from $_SESSION means also deleting $_SESSION['_course'] and group info Session::erase('_real_cid'); Session::erase('_cid'); Session::erase('oLP'); Session::erase('_course'); Session::erase('_gid'); } if ($checkFromDatabase && !empty($sessionIdFromGet)) { $sessionInfo = api_get_session_info($sessionIdFromGet); if (!empty($sessionInfo)) { Session::write('session_name', $sessionInfo['name']); Session::write('id_session', $sessionInfo['id']); } else { $cidReset = true; $gidReset = true; Session::erase('session_name'); Session::erase('id_session'); // Deleting session from $_SESSION means also deleting $_SESSION['_course'] and group info Session::erase('_real_cid'); Session::erase('_cid'); Session::erase('oLP'); Session::erase('_course'); Session::erase('_gid'); api_not_allowed(true); } } /* COURSE INIT */ if ($cidReset) { // Course session data refresh requested or empty data if ($cidReq) { $_course = api_get_course_info($cidReq); if (!empty($_course)) { //@TODO real_cid should be cid, for working with numeric course id $_real_cid = $_course['real_id']; $_cid = $_course['code']; Session::write('_real_cid', $_real_cid); Session::write('_cid', $_cid); Session::write('_course', $_course); if (!empty($_GET['gidReq'])) { $_SESSION['_gid'] = (int) $_GET['gidReq']; } else { Session::erase('_gid'); } // Course login if (isset($_user['user_id'])) { Event::eventCourseLogin( api_get_course_int_id(), api_get_user_id(), api_get_session_id() ); } } else { //exit("WARNING UNDEFINED CID !! "); header('Location:'.api_get_path(WEB_PATH)); exit; } } else { // Leave a logout time in the track_e_course_access table if we were in a course if (!$logoutCourseCalled) { Event::courseLogout($logoutInfo); } Session::erase('_cid'); Session::erase('oLP'); Session::erase('_real_cid'); Session::erase('_course'); Session::erase('session_name'); Session::erase('id_session'); if (!empty($_SESSION)) { foreach ($_SESSION as $key => $session_item) { // Clear session keys related to SortableTable if (strpos($key, 'table_') === 0 || strpos($key, 'sortable_table_') === 0) { if (isset($_SESSION[$key])) { Session::erase($key); } } // Clear session keys related to lp_autolaunch_ if (strpos($key, 'lp_autolaunch_') !== false) { if (isset($_SESSION[$key])) { Session::erase($key); } } } } // Clear the general clean_sortable_table flag if it exists Session::erase('clean_sortable_table'); if (api_get_group_id()) { Session::erase('_gid'); } if (api_is_in_gradebook()) { api_remove_in_gradebook(); } } } else { // Continue with the previous values if (empty($_SESSION['_course']) && !empty($_SESSION['_cid'])) { //Just in case $_course is empty we try to load if the c_id still exists $_course = api_get_course_info($_SESSION['_cid']); if (!empty($_course)) { $_real_cid = $_course['real_id']; $_cid = $_course['code']; Session::write('_real_cid', $_real_cid); Session::write('_cid', $_cid); Session::write('_course', $_course); } } if (empty($_SESSION['_course']) || empty($_SESSION['_cid'])) { //no previous values... $_cid = -1; // Set default values $_course = -1; } else { $_cid = $_SESSION['_cid']; $_course = $_SESSION['_course']; if (!empty($_REQUEST['gidReq'])) { $_SESSION['_gid'] = (int) $_REQUEST['gidReq']; $group_table = Database::get_course_table(TABLE_GROUP); $sql = "SELECT * FROM $group_table WHERE c_id = ".$_course['real_id']." AND id = '$gidReq'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { // This group has recorded status related to this course $gpData = Database::fetch_array($result); $_gid = $gpData['id']; Session::write('_gid', $_gid); } } else { Session::write('_gid', 0); } } } /* COURSE / USER REL. INIT */ $session_id = api_get_session_id(); $user_id = $_user['user_id'] ?? null; //Course permissions //if this code is uncommented in some platforms the is_courseAdmin is not correctly saved see BT#5789 /*$is_courseAdmin = false; //course teacher $is_courseTutor = false; //course teacher - some rights $is_courseMember = false; //course student $is_session_general_coach = false; //course coach */ // Course - User permissions $is_sessionAdmin = false; $is_session_general_coach = false; //course coach $is_courseAdmin = false; $is_courseTutor = false; $is_courseMember = false; if ((isset($uidReset) && $uidReset) || $cidReset) { if (isset($user_id) && $user_id && isset($_real_cid) && $_real_cid) { // Check if user is subscribed in a course $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); $sql = "SELECT * FROM $course_user_table WHERE user_id = $user_id AND relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND c_id = $_real_cid"; $result = Database::query($sql); $cuData = null; if (Database::num_rows($result) > 0) { // this user have a recorded state for this course $cuData = Database::fetch_array($result, 'ASSOC'); $is_courseAdmin = $cuData['status'] == 1; $is_courseTutor = $cuData['is_tutor'] == 1; $is_courseMember = true; } // We are in a session course? Check session permissions if (!empty($session_id)) { if (!empty($_course)) { if (!SessionManager::relation_session_course_exist($session_id, $_course['real_id'])) { // Deleting all access. Session::erase('session_name'); Session::erase('id_session'); Session::erase('_real_cid'); Session::erase('_cid'); Session::erase('oLP'); Session::erase('_course'); Session::erase('_gid'); Session::erase('is_courseAdmin'); Session::erase('is_courseMember'); Session::erase('is_courseTutor'); Session::erase('is_session_general_coach'); Session::erase('is_allowed_in_course'); Session::erase('is_sessionAdmin'); api_not_allowed(true); } } // I'm not the teacher of the course if ($is_courseAdmin == false) { // This user has no status related to this course // The user is subscribed in a session? The user is a Session coach a Session admin? $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); // Session coach, session admin or course coach admin $sql = "SELECT session.id_coach, session_admin_id, session_rcru.user_id FROM $tbl_session session, $tbl_session_course_user session_rcru WHERE session_rcru.session_id = session.id AND session_rcru.c_id = $_real_cid AND session_rcru.user_id = $user_id AND session_rcru.session_id = $session_id AND session_rcru.status = 2 "; $result = Database::query($sql); $row = Database::store_result($result); // Am I a session admin? if (isset($row) && isset($row[0]) && $row[0]['session_admin_id'] == $user_id) { $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_session_general_coach = false; $is_sessionAdmin = true; } else { // Am I a session coach for this session? $sql = "SELECT session.id, session.id_coach FROM $tbl_session session INNER JOIN $tbl_session_course sc ON sc.session_id = session.id WHERE session.id = $session_id AND session.id_coach = $user_id AND sc.c_id = $_real_cid"; $result = Database::query($sql); if (Database::num_rows($result)) { $is_courseMember = true; $is_courseTutor = false; $is_session_general_coach = true; $is_sessionAdmin = false; } else { // Am I a course coach or a student? $sql = "SELECT user_id, status FROM $tbl_session_course_user WHERE c_id = $_real_cid AND user_id = $user_id AND session_id = $session_id LIMIT 1"; $result = Database::query($sql); if (Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); $session_course_status = $row['status']; switch ($session_course_status) { case '2': // coach - teacher $is_courseMember = true; $is_courseTutor = true; $is_session_general_coach = false; $is_sessionAdmin = false; if (api_get_setting('extend_rights_for_coach') == 'true') { $is_courseAdmin = true; } else { $is_courseAdmin = false; } break; case '0': //Student $is_courseMember = true; $is_courseTutor = false; $is_courseAdmin = false; $is_session_general_coach = false; $is_sessionAdmin = false; // Check course dependency $entityManager = Database::getManager(); /** @var SequenceResourceRepository $repo */ $repo = $entityManager->getRepository('ChamiloCoreBundle:SequenceResource'); $sequences = $repo->getRequirements($_real_cid, SequenceResource::COURSE_TYPE); if ($sequences) { $sequenceList = $repo->checkRequirementsForUser($sequences, SequenceResource::COURSE_TYPE, $user_id, $session_id); $completed = $repo->checkSequenceAreCompleted($sequenceList); if (false === $completed) { api_not_allowed(true); } } break; default: //unregister user $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; $is_session_general_coach = false; break; } } else { // Unregister user $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; $is_session_general_coach = false; } } } // Drh can enter to a course as an student see BT#6770 if (api_drh_can_access_all_session_content()) { $sessionInfo = SessionManager::getSessionFollowedByDrh($user_id, $session_id); if (!empty($sessionInfo) && !empty($sessionInfo['course_list'])) { if (isset($sessionInfo['course_list'][$_course['real_id']])) { $is_courseMember = true; $is_courseTutor = false; $is_session_general_coach = false; $is_sessionAdmin = false; } } } } // If I'm the admin platform i'm a teacher of the course if ($is_platformAdmin) { $is_courseAdmin = true; } } else { // User has no access to the course // This will check if the course was added in one of his sessions // Then it will be redirected to that course-session if ($is_courseMember === false && $is_platformAdmin === false) { // Search session $courseSession = SessionManager::searchCourseInSessionsFromUser( $user_id, $_course['real_id'] ); $priorityList = []; if (!empty($courseSession)) { foreach ($courseSession as $courseSessionItem) { if (isset($courseSessionItem['session_id'])) { $customSessionId = $courseSessionItem['session_id']; $visibility = api_get_session_visibility($customSessionId, $_course['real_id']); if ($visibility == SESSION_INVISIBLE) { continue; } switch ($visibility) { case SESSION_AVAILABLE: $priorityList[1][] = $customSessionId; break; case SESSION_VISIBLE: $priorityList[2][] = $customSessionId; break; case SESSION_VISIBLE_READ_ONLY: $priorityList[3][] = $customSessionId; break; } } } } if (!empty($priorityList)) { ksort($priorityList); foreach ($priorityList as $sessionList) { if (empty($sessionList)) { continue; } foreach ($sessionList as $customSessionId) { $currentUrl = htmlentities($_SERVER['REQUEST_URI']); $currentUrl = str_replace('id_session=0', '', $currentUrl); $currentUrl = str_replace('&', '&', $currentUrl); if (strpos($currentUrl, '?') !== false) { $currentUrl = rtrim($currentUrl, '&'); $url = $currentUrl.'&id_session='.$customSessionId; } else { $url = $currentUrl.'?id_session='.$customSessionId; } $url = str_replace('&&', '&', $url); //$url = $_course['course_public_url'].'?id_session='.$customSessionId; Session::erase('_real_cid'); Session::erase('_cid'); Session::erase('oLP'); Session::erase('_course'); header('Location: '.$url); exit; } } } } } } else { // keys missing => not anymore in the course - user relation // course $is_courseMember = false; $is_courseAdmin = false; $is_courseTutor = false; $is_session_general_coach = false; $is_sessionAdmin = false; } if (isset($_cid) && $_cid) { $my_user_id = isset($user_id) ? (int) $user_id : 0; $variable = 'accept_legal_'.$my_user_id.'_'.$_course['real_id'].'_'.$session_id; $user_pass_open_course = false; if (api_check_user_access_to_legal($_course) && Session::read($variable)) { $user_pass_open_course = true; } // Checking if the user filled the course legal agreement if ($_course['activate_legal'] == 1 && !api_is_platform_admin() && !api_is_anonymous()) { $user_is_subscribed = CourseManager::is_user_accepted_legal( $user_id, $_course['id'], $session_id ) || $user_pass_open_course; if (!$user_is_subscribed) { $url = api_get_path(WEB_CODE_PATH).'course_info/legal.php?course_code='.$_course['code'].'&session_id='.$session_id; header('Location: '.$url); exit; } } // Platform legal terms and conditions if (api_get_setting('allow_terms_conditions') === 'true' && api_get_setting('load_term_conditions_section') === 'course' ) { $termAndConditionStatus = api_check_term_condition($user_id); // @todo not sure why we need the login password and update_term_status if ($termAndConditionStatus === false) { Session::write('term_and_condition', ['user_id' => $user_id]); } else { Session::erase('term_and_condition'); } $termsAndCondition = Session::read('term_and_condition'); if (isset($termsAndCondition['user_id'])) { // user id $user_id = $termsAndCondition['user_id']; // Update the terms & conditions $legal_type = null; // Verify type of terms and conditions if (isset($_POST['legal_info'])) { $info_legal = explode(':', $_POST['legal_info']); $legal_type = LegalManager::get_type_of_terms_and_conditions( $info_legal[0], $info_legal[1] ); } // is necessary verify check if ($legal_type === 1) { if (isset($_POST['legal_accept']) && $_POST['legal_accept'] == '1') { $legal_option = true; } else { $legal_option = false; } } // no is check option if ($legal_type == 0) { $legal_option = true; } if (isset($_POST['legal_accept_type']) && $legal_option === true) { $cond_array = explode(':', $_POST['legal_accept_type']); if (!empty($cond_array[0]) && !empty($cond_array[1])) { $time = time(); $condition_to_save = intval($cond_array[0]).':'.intval($cond_array[1]).':'.$time; UserManager::update_extra_field_value( $user_id, 'legal_accept', $condition_to_save ); } } $redirect = true; $allow = api_get_configuration_value('allow_public_course_with_no_terms_conditions'); if ($allow === true && isset($_course['visibility']) && $_course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD ) { $redirect = false; } if ($redirect && !api_is_platform_admin()) { $url = api_get_path(WEB_CODE_PATH).'auth/inscription.php'; header('Location:'.$url); exit; } } } } // Checking the course access $is_allowed_in_course = false; if (isset($_course) && isset($_course['visibility'])) { switch ($_course['visibility']) { case COURSE_VISIBILITY_OPEN_WORLD: //3 $is_allowed_in_course = true; break; case COURSE_VISIBILITY_OPEN_PLATFORM: //2 $userAccess = api_get_configuration_value('block_registered_users_access_to_open_course_contents'); // If this setting is not set or equals false, allow registered users to access content from any open // course if ($userAccess == false) { if (isset($user_id) && !api_is_anonymous($user_id)) { $is_allowed_in_course = true; } } else { // If the setting == true, then only allow users to access the content of an open course if they are // directly subscribed to the course (so first check the registration to the course) $courseCode = $_course['code']; $isUserSubscribedInCourse = CourseManager::is_user_subscribed_in_course( $user_id, $courseCode, $session_id ); if (isset($user_id) && ($is_platformAdmin || $isUserSubscribedInCourse === true) && !api_is_anonymous($user_id)) { $is_allowed_in_course = true; } } break; case COURSE_VISIBILITY_REGISTERED: //1 if ($is_platformAdmin || $is_courseMember) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_CLOSED: //0 if ($is_platformAdmin || $is_courseAdmin) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_HIDDEN: //4 if ($is_platformAdmin) { $is_allowed_in_course = true; } break; } } if (!$is_platformAdmin) { if (!$is_courseMember && !empty($_course['registration_code']) && !Session::read('course_password_'.$_course['real_id'], false) ) { // if we are here we try to access to a course requiring password if ($is_allowed_in_course) { // the course visibility allows to access the course // with a password $url = api_get_path(WEB_CODE_PATH).'auth/set_temp_password.php?course_id='.$_course['real_id'].'&session_id='.$session_id; header('Location: '.$url); exit; } else { $is_courseMember = false; $is_courseAdmin = false; $is_courseTutor = false; $is_session_general_coach = false; $is_sessionAdmin = false; $is_allowed_in_course = false; } } } // check the session visibility if ($is_allowed_in_course == true) { //if I'm in a session if ($session_id != 0) { if (!$is_platformAdmin) { // admin is not affected to the invisible session mode $session_visibility = api_get_session_visibility($session_id); switch ($session_visibility) { case SESSION_INVISIBLE: $is_allowed_in_course = false; break; } } } } // save the states if (isset($is_courseAdmin)) { Session::write('is_courseAdmin', $is_courseAdmin); if ($is_courseAdmin) { $is_allowed_in_course = true; } } if (isset($is_courseMember)) { Session::write('is_courseMember', $is_courseMember); } if (isset($is_courseTutor)) { Session::write('is_courseTutor', $is_courseTutor); if ($is_courseTutor) { $is_allowed_in_course = true; } } Session::write('is_session_general_coach', $is_session_general_coach); Session::write('is_allowed_in_course', $is_allowed_in_course); Session::write('is_sessionAdmin', $is_sessionAdmin); } else { // Continue with the previous values $is_courseAdmin = $_SESSION['is_courseAdmin'] ?? false; $is_courseTutor = $_SESSION['is_courseTutor'] ?? false; $is_session_general_coach = $_SESSION['is_session_general_coach'] ?? false; $is_courseMember = $_SESSION['is_courseMember'] ?? false; $is_allowed_in_course = $_SESSION['is_allowed_in_course'] ?? false; } //set variable according to student_view_enabled choices if (api_get_setting('student_view_enabled') == "true") { $changed = false; if (isset($_GET['isStudentView'])) { if ($_GET['isStudentView'] == 'true') { if (!empty($_SESSION['studentview'])) { // switching to studentview $_SESSION['studentview'] = 'studentview'; $changed = true; } } elseif ($_GET['isStudentView'] == 'false') { if (!empty($_SESSION['studentview'])) { // switching to teacherview $_SESSION['studentview'] = 'teacherview'; $changed = true; } } } elseif (!empty($_SESSION['studentview'])) { //all is fine, no change to that, obviously } elseif (empty($_SESSION['studentview'])) { // We are in teacherview here $_SESSION['studentview'] = 'teacherview'; $changed = true; } if ($changed) { Session::write('clean_sortable_table', true); } } if (isset($_cid)) { $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $time = api_get_utc_datetime(); $sql = "UPDATE $tbl_course SET last_visit = '$time' WHERE code='$_cid'"; Database::query($sql); } // direct login to course if (isset($doNotRedirectToCourse)) { } elseif (exist_firstpage_parameter()) { // The GotoCourse cookie is probably deprecated api_delete_firstpage_parameter(); // delete the cookie } Event::eventCourseLoginUpdate( api_get_course_int_id(), api_get_user_id(), api_get_session_id() ); Redirect::session_request_uri($logging_in, $user_id); if (!ChamiloApi::isAjaxRequest() && api_get_configuration_value('allow_mandatory_survey')) { SurveyManager::protectByMandatory(); }