PageRenderTime 63ms CodeModel.GetById 34ms RepoModel.GetById 1ms app.codeStats 0ms

/mahara_login.php

https://github.com/atutor/mahara
PHP | 199 lines | 123 code | 37 blank | 39 comment | 25 complexity | fdf921ec607882fda894bfddbd7aefbd MD5 | raw file
    

  1. <?php

    2. 

  2. 

    3. 

  3. /*

    4. 

  4.     This belongs to the ATutor Mahara module page. It is called within an iframe or 

    5. 

  5.     a new window from index.php and allows a user to access

    6. 

  6.     his/her ePortfolio account on Mahara through their account on ATutor.

    7. 

  7. 

    8. 

  8.     Login information for Mahara is passed using cookies (password encrypted in SHA1).

    9. 

  9.     This is to avoid conflicting sessions between ATutor and Mahara from within

    10. 

  10.     the same script.

    11. 

  11. 

    12. 

  12.     by: Boon-Hau Teh

    13. 

  13. */

    14. 

  14. 

    15. 

  15. $_user_location = 'public';

    16. 

  16. 

    17. 

  17. define('AT_INCLUDE_PATH', '../../include/');

    18. 

  18. 

    19. 

  19. 

    20. 

  20. /*~~~~~~~~~~~~~few essentials copied from ATutor's vitals.inc.php~~~~~~~~~~~~*/

    21. 

  21. 

    22. 

  22.     /**** 0. start system configuration options block ****/

    23. 

  23.     error_reporting(0);

    24. 

  24.     if (!defined(AT_REDIRECT_LOADED)){

    25. 

  25.         include_once(AT_INCLUDE_PATH.'config.inc.php');

    26. 

  26.     }

    27. 

  27.     error_reporting(AT_ERROR_REPORTING);

    28. 

  28. 

    29. 

  29.     if (!defined('AT_INSTALL') || !AT_INSTALL) {

    30. 

  30.         header('Cache-Control: no-store, no-cache, must-revalidate');

    31. 

  31.         header('Pragma: no-cache');

    32. 

  32. 

    33. 

  33.         $relative_path = substr(AT_INCLUDE_PATH, 0, -strlen('include/'));

    34. 

  34.         header('Location: ' . $relative_path . 'install/not_installed.php');

    35. 

  35.         exit;

    36. 

  36.     }

    37. 

  37. 

    38. 

  38.     /*** 1. constants ***/

    39. 

  39.     if (!defined(AT_REDIRECT_LOADED)){

    40. 

  40.         require_once(AT_INCLUDE_PATH.'lib/constants.inc.php');

    41. 

  41.     }

    42. 

  42. 

    43. 

  43.     $db = @mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);

    44. 

  44.     if (!$db) {

    45. 

  45.         /* AT_ERROR_NO_DB_CONNECT */

    46. 

  46.         require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');

    47. 

  47.         $err =& new ErrorHandler();

    48. 

  48.         trigger_error('VITAL#Unable to connect to db.', E_USER_ERROR);

    49. 

  49.         exit;

    50. 

  50.     }

    51. 

  51.     if (!@mysql_select_db(DB_NAME, $db)) {

    52. 

  52.         require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');

    53. 

  53.         $err =& new ErrorHandler();

    54. 

  54.         trigger_error('VITAL#DB connection established, but database "'.DB_NAME.'" cannot be selected.',

    55. 

  55.                         E_USER_ERROR);

    56. 

  56.         exit;

    57. 

  57.     }

    58. 

  58. 

    59. 

  59.     /* get config variables. if they're not in the db then it uses the installation default value in constants.inc.php */

    60. 

  60.     $sql    = "SELECT * FROM ".TABLE_PREFIX."config";

    61. 

  61.     $result = mysql_query($sql, $db);

    62. 

  62.     while ($row = mysql_fetch_assoc($result)) { 

    63. 

  63.         $_config[$row['name']] = $row['value'];

    64. 

  64.     }

    65. 

  65. 

    66. 

  66.     /***** 7. start language block *****/

    67. 

  67.         // set current language

    68. 

  68.         require(AT_INCLUDE_PATH . 'classes/Language/LanguageManager.class.php');

    69. 

  69.         $languageManager =& new LanguageManager();

    70. 

  70. 

    71. 

  71.         $myLang =& $languageManager->getMyLanguage();

    72. 

  72. 

    73. 

  73.         if ($myLang === FALSE) {

    74. 

  74.             echo 'There are no languages installed!';

    75. 

  75.             exit;

    76. 

  76.         }

    77. 

  77.         $myLang->saveToSession();

    78. 

  78.         if (isset($_GET['lang']) && $_SESSION['valid_user']) {

    79. 

  79.             if ($_SESSION['course_id'] == -1) {

    80. 

  80.                 $myLang->saveToPreferences($_SESSION['login'], 1);	//1 for admin			

    81. 

  81.             } else {

    82. 

  82.                 $myLang->saveToPreferences($_SESSION['member_id'], 0);	//0 for non-admin

    83. 

  83.             }

    84. 

  84.         }

    85. 

  85.         $myLang->sendContentTypeHeader();

    86. 

  86. 

    87. 

  87.         /* set right-to-left language */

    88. 

  88.         $rtl = '';

    89. 

  89.         if ($myLang->isRTL()) {

    90. 

  90.             $rtl = 'rtl_'; /* basically the prefix to a rtl variant directory/filename. eg. rtl_tree */

    91. 

  91.         }

    92. 

  92.     /***** end language block ****/

    93. 

  93. 

    94. 

  94. /*~~~~~~~~~~~~~~~~~~~~~~~end of vitals.inc.php~~~~~~~~~~~~~~~~~~~~~~*/

    95. 

  95. 

    96. 

  96. 

    97. 

  97. 

    98. 

  98. 

    99. 

  99. 

    100. 

  100. // Read Mahara login information from cookies passed by ATutor

    101. 

  101. $usr = array();

    102. 

  102. if (isset($_COOKIE['ATutor_Mahara'])) {

    103. 

  103.     foreach ($_COOKIE['ATutor_Mahara'] as $name => $value) {

    104. 

  104.         $usr[$name] = $value;

    105. 

  105. 

    106. 

  106.         // expire the cookie

    107. 

  107.         ATutor.setcookie ("ATutor_Mahara[".$name."]", "", time() - 3600);

    108. 

  108.     }

    109. 

  109.     //expire the cookie array

    110. 

  110.     ATutor.setcookie ("ATutor_Mahara", "", time() - 3600);

    111. 

  111. } else {

    112. 

  112.     echo 'Unable to detect cookies or the session has timed out.  Please check that cookies are enabled on your browser and try again.';

    113. 

  113.     exit;

    114. 

  114. }

    115. 

  115. 

    116. 

  116. // Get password from ATutor's database

    117. 

  117. $sql    = "SELECT password FROM ".TABLE_PREFIX."mahara WHERE at_login='".$usr["at_login"]."' AND username='".$usr["username"]."' AND SHA1(password)='".$usr["password"]."'";

    118. 

  118. $result = mysql_query($sql, $db);

    119. 

  119. if (!($row = @mysql_fetch_array($result))) {

    120. 

  120.     echo 'Incorrect login information. Please check with course instructor or administrator.';

    121. 

  121.     exit;

    122. 

  122. } else {

    123. 

  123.     $pwd = $row[0];

    124. 

  124. 

    125. 

  125.     if (isset($_config['mahara'])) {

    126. 

  126. 

    127. 

  127.         /****** Taken from index.php of /mahara  *****/

    128. 

  128.         define('INTERNAL', 1);

    129. 

  129.         define('PUBLIC', 1);

    130. 

  130.         define('MENUITEM', '');

    131. 

  131.         define (MAHARA_PATH, $_config['mahara']);

    132. 

  132.         require (MAHARA_PATH.'init.php');

    133. 

  133.         define('TITLE', get_string('home'));

    134. 

  134. 

    135. 

  135.         // Check if user exists in Mahara

    136. 

  136.         if (!(record_exists('usr', 'username', $usr["username"]))) {

    137. 

  137.             // Reconnect to ATutor Database and remove the record from the mahara table

    138. 

  138.             $db_atutor = @mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);

    139. 

  139.             if (!$db_atutor) {

    140. 

  140.                 /* AT_ERROR_NO_DB_CONNECT */

    141. 

  141.                 require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');

    142. 

  142.                 $err =& new ErrorHandler();

    143. 

  143.                 trigger_error('VITAL#Unable to connect to db.', E_USER_ERROR);

    144. 

  144.                 exit;

    145. 

  145.             }

    146. 

  146.             if (!@mysql_select_db(DB_NAME, $db_atutor)) {

    147. 

  147.                 require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');

    148. 

  148.                 $err =& new ErrorHandler();

    149. 

  149.                 trigger_error('VITAL#DB connection established, but database "'.DB_NAME.'" cannot be selected.',

    150. 

  150.                                 E_USER_ERROR);

    151. 

  151.                 exit;

    152. 

  152.             }

    153. 

  153. 

    154. 

  154.             // Delete record from ATutor database since it should not be there

    155. 

  155.             $sql = "DELETE FROM ".TABLE_PREFIX."mahara WHERE at_login='".$usr["at_login"]."'";

    156. 

  156. 

    157. 

  157.             $result = mysql_query($sql, $db_atutor);

    158. 

  158. 

    159. 

  159.             echo "Successfully synchronized user login with Mahara database. Please refresh the page from ATutor.";

    160. 

  160.             exit;

    161. 

  161.         }

    162. 

  162. 

    163. 

  163.         session_start();

    164. 

  164. 

    165. 

  165.         /*~~~~~~~~~~~copied from index.php of Mahara~~~~~~~~~~~~~~~*/

    166. 

  166.         // Check for whether the user is logged in, before processing the page. After

    167. 

  167.         // this, we can guarantee whether the user is logged in or not for this page.

    168. 

  168.         if (!$USER->is_logged_in()) {

    169. 

  169.             $lang = param_alphanumext('lang', null);

    170. 

  170.             if (!empty($lang)) {

    171. 

  171.                 $SESSION->set('lang', $lang);

    172. 

  172.             }

    173. 

  173. 

    174. 

  174.             // Read login information

    175. 

  175.             $values['login_username'] = $usr["username"];

    176. 

  176.             $values['login_password'] = $pwd;

    177. 

  177.             $values['submit'] = "Login";

    178. 

  178.             $values['sesskey'] = "";

    179. 

  179.             $values['pieform_login'] = "";

    180. 

  180. 

    181. 

  181.             // login

    182. 

  182.             login_submit(null, $values);

    183. 

  183. 

    184. 

  184.             $adminpage = ($USER->get('admin')) ? 'admin/' : '';

    185. 

  185.         }

    186. 

  186. 

    187. 

  187.         /* Logged in session should be created.  Now redirect to the Mahara page

    188. 

  188.            and it should read from this session

    189. 

  189.          */

    190. 

  190.         header('Location: '.get_config('wwwroot').$adminpage);

    191. 

  191.         /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/

    192. 

  192.     } else {

    193. 

  193.         echo 'You have incorrect config settings for the Mahara module.';

    194. 

  194.         exit;

    195. 

  195.     }

    196. 

  196. }

    197. 

  197. 

    198. 

  198. 

    199. 

  199. ?>
    200.