2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2008 by Greg Gay & Joel Kronenberg */
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 function apply_category_theme($category_id) {
16 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
20 // apply the theme for this category:
21 $sql = "SELECT theme FROM ".TABLE_PREFIX."course_cats WHERE cat_id=$category_id";
22 $result = mysql_query($sql, $db);
23 if (($cat_row = mysql_fetch_assoc($result)) && $cat_row['theme']) {
24 $_SESSION['prefs']['PREF_THEME'] = $cat_row['theme'];
26 $th = get_default_theme();
27 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
30 $th = get_default_theme();
31 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
36 function count_login( ) {
37 global $db, $moduleFactory;
39 $module =& $moduleFactory->getModule(AT_MODULE_DIR_STANDARD.'/statistics');
40 if (!$module->isEnabled()) {
43 if ($_SESSION['is_guest']) {
44 $sql = "INSERT INTO ".TABLE_PREFIX."course_stats VALUES ($_SESSION[course_id], NOW(), 1, 0)";
46 $sql = "INSERT INTO ".TABLE_PREFIX."course_stats VALUES ($_SESSION[course_id], NOW(), 0, 1)";
49 $result = @mysql_query($sql, $db);
52 /* that entry already exists, then update it. */
53 if ($_SESSION['is_guest']) {
54 $sql = "UPDATE ".TABLE_PREFIX."course_stats SET guests=guests+1 WHERE course_id=$_SESSION[course_id] AND login_date=CURDATE()";
56 $sql = "UPDATE ".TABLE_PREFIX."course_stats SET members=members+1 WHERE course_id=$_SESSION[course_id] AND login_date=CURDATE()";
58 $result = @mysql_query($sql, $db);
62 function get_groups($course_id) {
67 if (authenticate(AT_PRIV_GROUPS, true)) {
68 $sql = "SELECT G.group_id FROM ".TABLE_PREFIX."groups G INNER JOIN ".TABLE_PREFIX."groups_types T USING (type_id) WHERE T.course_id=$course_id";
70 $sql = "SELECT G.group_id FROM ".TABLE_PREFIX."groups G INNER JOIN (".TABLE_PREFIX."groups_types T, ".TABLE_PREFIX."groups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id=$course_id AND M.member_id=$_SESSION[member_id]";
72 $result = mysql_query($sql, $db);
73 while ($row = mysql_fetch_assoc($result)) {
74 $groups[$row['group_id']] = $row['group_id'];
80 $_user_location = 'public';
81 define('AT_INCLUDE_PATH', 'include/');
82 require(AT_INCLUDE_PATH.'vitals.inc.php');
84 if($_config['just_social'] == 1){
85 header('Location: mods/_standard/social/index_mystart.php');
88 $set_to_public = false;
89 if ($_SERVER['PHP_SELF'] == $_base_path."acl.php") {
90 //search through the auth table and find password that matches get password
91 $key = $addslashes(key($_GET));
92 $sql = "SELECT * FROM ".TABLE_PREFIX."course_access WHERE password='$key' AND (expiry_date > NOW() OR expiry_date+0 = 0) AND enabled=1";
93 $result = mysql_query($sql, $db);
94 if ($row = mysql_fetch_assoc($result)) {
95 $set_to_public = true;
96 $_GET['course'] = $row['course_id'];
97 $_SESSION['member_id'] = 0;
98 $_SESSION['valid_user'] = false;
99 $_SESSION['login'] = 'guest';
104 if (isset($_GET['admin']) && isset($_SESSION['is_super_admin'])) {
105 $sql = "SELECT login, `privileges`, language FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[is_super_admin]' AND `privileges`>0";
106 $result = mysql_query($sql, $db);
108 if ($row = mysql_fetch_assoc($result)) {
109 $sql = "UPDATE ".TABLE_PREFIX."admins SET last_login=NOW() WHERE login='$_SESSION[is_super_admin]'";
110 mysql_query($sql, $db);
112 $_SESSION['login'] = $row['login'];
113 $_SESSION['valid_user'] = true;
114 $_SESSION['course_id'] = -1;
115 $_SESSION['privileges'] = intval($row['privileges']);
116 $_SESSION['lang'] = $row['language'];
117 assign_session_prefs(unserialize(stripslashes($_config['pref_defaults'])));
118 unset($_SESSION['member_id']);
119 unset($_SESSION['is_super_admin']);
121 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
123 $msg->addFeedback('LOGIN_SUCCESS');
125 header('Location: admin/index.php');
130 if (!empty($_REQUEST['pu'])) {
131 //request ib stands for 'is bounced', this is to avoid the infinite 302 redirect
132 //A better way to deal with this rather than using querystring? (Session won't work)
133 //Session doesn't work,leads to bounce out error as well.
134 if (!empty($_REQUEST['ib'])) {
138 //for pretty url iff mod_rewrite is not on
139 if ($_config['apache_mod_rewrite'] > 0){
140 //URL are in pretty format, but not in .htaccess RewriteRule format
141 //http://www.atutor.ca/atutor/mantis/view.php?id=3426
142 $page = url_rewrite($_REQUEST['pu'], AT_PRETTY_URL_NOT_HEADER, true) . '/ib/1';
144 $page = AT_PRETTY_URL_HANDLER.$_REQUEST['pu'] . SEP .'ib=1';
146 } elseif (!empty($_REQUEST['p'])) {
148 $page = urldecode($_REQUEST['p']);
149 } elseif (($_config['pretty_url'] > 0) && preg_match('/bounce.php\?course=([\d]+)$/', $_SERVER['REQUEST_URI'])==1) {
150 //for browse, and my start page url rewrite.
151 $page = url_rewrite($_SERVER['REQUEST_URI'], AT_PRETTY_URL_NOT_HEADER, true).'/index.php'; //force overwrite
154 if (isset($_POST['jump']) && abs($_POST['course']) > 0){
155 $_SESSION['course_id'] = abs($_POST['course']);
157 $page = url_rewrite('index.php');
160 if (substr($page, 0, 1) == '/') {
161 $page = substr($page, 1);
164 $_SESSION['enroll'] = AT_ENROLL_NO;
165 $_SESSION['s_cid'] = 0;
166 $_SESSION['privileges'] = 0;
167 $_SESSION['is_admin'] = false;
169 if ($_SESSION['course_id'] == -1) {
170 unset($_SESSION['valid_user']);
171 unset($_SESSION['is_guest']);
172 unset($_SESSION['login']);
173 unset($_SESSION['is_admin']);
174 unset($_SESSION['course_id']);
177 if (isset($_GET['course'])) {
178 $course = abs($_GET['course']);
179 } else if (isset($_POST['course'])) {
180 $course = abs($_POST['course']);
185 if (($course === 0) && $_SESSION['valid_user']) {
186 $_SESSION['course_id'] = 0;
187 $_SESSION['last_updated'] = time()/60 - ONLINE_UPDATE - 1;
189 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
190 $th = get_default_theme();
191 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
194 header('Location: users/index.php');
196 } else if (($course === 0) && !$_SESSION['valid_user']) { // guests
197 header('Location: '.AT_BASE_HREF.'login.php');
199 } else if ($course == -1) {
200 $_SESSION['course_id'] = 0;
201 $_SESSION['last_updated'] = time()/60 - ONLINE_UPDATE - 1;
203 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
204 $th = get_default_theme();
205 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
208 header('Location: users/index.php');
212 $sql = "SELECT member_id, content_packaging, cat_id, access, title, UNIX_TIMESTAMP(release_date) AS u_release_date, UNIX_TIMESTAMP(end_date) AS u_end_date FROM ".TABLE_PREFIX."courses WHERE course_id=$course";
213 $result = mysql_query($sql,$db);
214 if (!$row = mysql_fetch_assoc($result)) {
215 $msg->addError('ITEM_NOT_FOUND');
216 if ($_SESSION['member_id']) {
217 header('Location: '.AT_BASE_HREF.'users/index.php');
219 header('Location: '.AT_BASE_HREF.'login.php');
224 if (!$_SESSION['member_id']) {
225 assign_session_prefs(unserialize(stripslashes($_config['pref_defaults'])));
228 $owner_id = $row['member_id'];
229 $_SESSION['packaging'] = $row['content_packaging'];
231 $_SESSION['groups'] = array();
232 unset($_SESSION['fs_owner_type']);
233 unset($_SESSION['fs_owner_id']);
234 unset($_SESSION['fs_folder_id']);
237 if ($set_to_public) {
238 $row['access'] = "public";
241 switch ($row['access']){
243 apply_category_theme($row['cat_id']);
245 if (!$_SESSION['valid_user'] && ($row['u_release_date'] < time()) && (!$row['u_end_date'] || $row['u_end_date'] > time())) {
246 $_SESSION['course_id'] = $course;
248 $_SESSION['login'] = 'guest';
249 $_SESSION['valid_user'] = false;
250 $_SESSION['member_id'] = 0;
251 $_SESSION['is_admin'] = false;
252 $_SESSION['is_guest'] = true;
254 /* add guest login to counter: */
256 } else if (!$_SESSION['valid_user']) {
257 if ($row['u_release_date'] > time()) {
258 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
260 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
262 header('Location: '.AT_BASE_HREF.'browse.php');
266 $_SESSION['course_id'] = $course;
267 /* check if we're an admin here */
268 if ($owner_id == $_SESSION['member_id']) {
269 $_SESSION['is_admin'] = true;
270 $_SESSION['enroll'] = AT_ENROLL_YES;
272 $_SESSION['is_admin'] = false;
276 /* title wont be needed. comes from the cache. */
277 $_SESSION['course_title'] = $row['title'];
279 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
280 $result = mysql_query($sql, $db);
281 if ($row2 = mysql_fetch_assoc($result)) {
282 /* we have requested or are enrolled in this course */
283 $_SESSION['enroll'] = AT_ENROLL_YES;
284 $_SESSION['s_cid'] = $row2['last_cid'];
285 $_SESSION['privileges'] = $row2['privileges'];
288 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
289 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
290 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
292 } else if ($row['u_release_date'] > time()) {
293 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
295 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
296 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
297 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
299 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
300 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
303 /* add member login to counter: */
304 if (!$_SESSION['is_admin'] && $_SESSION['member_id'] > 0) {
308 /* update users_online */
311 $_SESSION['groups'] = get_groups($course);
314 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
317 header('Location: ./'.$page);
323 if (!$_SESSION['valid_user']) {
324 header('Location: ./login.php?course='.intval($course));
327 /* we're already logged in */
328 $_SESSION['course_id'] = $course;
330 apply_category_theme($row['cat_id']);
332 /* check if we're an admin here */
333 if ($owner_id == $_SESSION['member_id']) {
334 $_SESSION['is_admin'] = true;
335 $_SESSION['enroll'] = AT_ENROLL_YES;
337 $_SESSION['is_admin'] = false;
338 /* add member login to counter: */
342 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
343 $result = mysql_query($sql, $db);
344 if ($row2 = mysql_fetch_assoc($result)) {
345 /* we have requested or are enrolled in this course */
346 $_SESSION['enroll'] = AT_ENROLL_YES;
347 $_SESSION['s_cid'] = $row2['last_cid'];
348 $_SESSION['privileges'] = $row2['privileges'];
351 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
352 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
353 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
355 } else if ($row['u_release_date'] > time()) {
356 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
358 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
359 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
360 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
362 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
363 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
367 $_SESSION['course_title'] = $row['title'];
369 /* update users_online */
372 $_SESSION['groups'] = get_groups($course);
375 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
378 header('Location: ./'.$addslashes($page));
384 if (!$_SESSION['valid_user']) {
385 /* user not logged in: */
386 header('Location: ./login.php?course='.intval($course));
390 if ($owner_id == $_SESSION['member_id']) {
391 /* we own this course. so we dont have to enroll or get the groups */
393 $_SESSION['is_admin'] = true;
394 $_SESSION['course_id'] = $course;
395 $_SESSION['course_title'] = $row['title'];
396 $_SESSION['enroll'] = AT_ENROLL_YES;
398 $sql = "SELECT last_cid FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
399 $result = mysql_query($sql, $db);
400 $row2 = mysql_fetch_assoc($result);
402 $_SESSION['s_cid'] = $row2['last_cid'];
404 /* update users_online */
407 apply_category_theme($row['cat_id']);
409 $_SESSION['groups'] = get_groups($course);
411 if (!empty($_GET['f'])) {
412 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
415 if ($row['u_release_date'] > time()) {
416 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
417 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
418 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
420 header('Location: ./'.$addslashes($page));
424 /* check if we're enrolled */
425 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
426 $result = mysql_query($sql, $db);
428 if (!$row2 = mysql_fetch_assoc($result)) {
429 /* we have not requested enrollment in this course */
430 $_SESSION['course_id'] = 0;
431 header('Location: users/private_enroll.php?course='.intval($course));
435 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
436 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
437 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
439 } else if ($row['u_release_date'] > time()) {
440 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
442 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
443 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
444 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
446 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
447 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
449 /* we have requested or are enrolled in this course */
451 apply_category_theme($row['cat_id']);
453 $_SESSION['enroll'] = AT_ENROLL_YES;
454 $_SESSION['s_cid'] = $row2['last_cid'];
456 if ($row2['approved'] == 'n') {
457 /* we have not been approved to enroll in this course */
458 $_SESSION['course_id'] = 0;
459 header('Location: users/private_enroll.php?course='.$course);
463 /* enrollment has been approved or student is alumni */
464 if ($row2['approved'] == 'a') {
465 $_SESSION['enroll'] = AT_ENROLL_ALUMNUS;
467 /* we're already logged in */
468 $_SESSION['course_id'] = $course;
470 /* check if we're an admin here */
471 $_SESSION['privileges'] = $row2['privileges'];
472 $_SESSION['course_title'] = $row['title'];
474 /* update users_online */
477 $_SESSION['groups'] = get_groups($course);
479 /* add member login to counter: */
483 header('Location: '.$page.'?f='.$addslashes($_GET['f']));
486 header('Location: '.$addslashes($page));