2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 function apply_category_theme($category_id) {
16 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
20 // apply the theme for this category:
21 $sql = "SELECT theme FROM ".TABLE_PREFIX."course_cats WHERE cat_id=$category_id";
22 $result = mysql_query($sql, $db);
23 if (($cat_row = mysql_fetch_assoc($result)) && $cat_row['theme']) {
24 $_SESSION['prefs']['PREF_THEME'] = $cat_row['theme'];
26 $th = get_default_theme();
27 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
30 $th = get_default_theme();
31 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
36 function count_login( ) {
37 global $db, $moduleFactory;
39 $module =& $moduleFactory->getModule(AT_MODULE_DIR_STANDARD.'/statistics');
40 if (!$module->isEnabled()) {
43 if ($_SESSION['is_guest']) {
44 $sql = "INSERT INTO ".TABLE_PREFIX."course_stats VALUES ($_SESSION[course_id], NOW(), 1, 0)";
46 $sql = "INSERT INTO ".TABLE_PREFIX."course_stats VALUES ($_SESSION[course_id], NOW(), 0, 1)";
49 $result = @mysql_query($sql, $db);
52 /* that entry already exists, then update it. */
53 if ($_SESSION['is_guest']) {
54 $sql = "UPDATE ".TABLE_PREFIX."course_stats SET guests=guests+1 WHERE course_id=$_SESSION[course_id] AND login_date=CURDATE()";
56 $sql = "UPDATE ".TABLE_PREFIX."course_stats SET members=members+1 WHERE course_id=$_SESSION[course_id] AND login_date=CURDATE()";
58 $result = @mysql_query($sql, $db);
62 function get_groups($course_id) {
67 if (authenticate(AT_PRIV_GROUPS, true)) {
68 $sql = "SELECT G.group_id FROM ".TABLE_PREFIX."groups G INNER JOIN ".TABLE_PREFIX."groups_types T USING (type_id) WHERE T.course_id=$course_id";
70 $sql = "SELECT G.group_id FROM ".TABLE_PREFIX."groups G INNER JOIN (".TABLE_PREFIX."groups_types T, ".TABLE_PREFIX."groups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id=$course_id AND M.member_id=$_SESSION[member_id]";
72 $result = mysql_query($sql, $db);
73 while ($row = mysql_fetch_assoc($result)) {
74 $groups[$row['group_id']] = $row['group_id'];
80 $_user_location = 'public';
81 define('AT_INCLUDE_PATH', 'include/');
82 require(AT_INCLUDE_PATH.'vitals.inc.php');
84 if($_config['just_social'] == 1){
85 header('Location: mods/_standard/social/index_mystart.php');
88 $set_to_public = false;
89 if ($_SERVER['PHP_SELF'] == $_base_path."acl.php") {
90 //search through the auth table and find password that matches get password
91 $key = $addslashes(key($_GET));
92 $sql = "SELECT * FROM ".TABLE_PREFIX."course_access WHERE password='$key' AND (expiry_date > NOW() OR expiry_date+0 = 0) AND enabled=1";
93 $result = mysql_query($sql, $db);
94 if ($row = mysql_fetch_assoc($result)) {
95 $set_to_public = true;
96 $_GET['course'] = $row['course_id'];
97 $_SESSION['member_id'] = 0;
98 $_SESSION['valid_user'] = false;
99 $_SESSION['login'] = 'guest';
104 if (isset($_GET['admin']) && isset($_SESSION['is_super_admin'])) {
105 $sql = "SELECT login, `privileges`, language FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[is_super_admin]' AND `privileges`>0";
106 $result = mysql_query($sql, $db);
108 if ($row = mysql_fetch_assoc($result)) {
109 $sql = "UPDATE ".TABLE_PREFIX."admins SET last_login=NOW() WHERE login='$_SESSION[is_super_admin]'";
110 mysql_query($sql, $db);
112 $_SESSION['login'] = $row['login'];
113 $_SESSION['valid_user'] = true;
114 $_SESSION['course_id'] = -1;
115 $_SESSION['privileges'] = intval($row['privileges']);
116 $_SESSION['lang'] = $row['language'];
117 assign_session_prefs(unserialize(stripslashes($_config['pref_defaults'])));
118 unset($_SESSION['member_id']);
119 unset($_SESSION['is_super_admin']);
121 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
123 $msg->addFeedback('LOGIN_SUCCESS');
125 header('Location: admin/index.php');
130 if (!empty($_REQUEST['pu'])) {
131 //request ib stands for 'is bounced', this is to avoid the infinite 302 redirect
132 //A better way to deal with this rather than using querystring? (Session won't work)
133 //Session doesn't work,leads to bounce out error as well.
134 if (!empty($_REQUEST['ib'])) {
138 //for pretty url iff mod_rewrite is not on
139 if ($_config['apache_mod_rewrite'] > 0){
140 //URL are in pretty format, but not in .htaccess RewriteRule format
141 //http://www.atutor.ca/atutor/mantis/view.php?id=3426
142 $page = url_rewrite($_REQUEST['pu'], AT_PRETTY_URL_NOT_HEADER, true) . '/ib/1';
144 if ($_config['pretty_url'])
146 $orig_url = AT_PRETTY_URL_HANDLER.$_REQUEST['pu'];
147 $page = (substr($_REQUEST['pu'], -1) == '/') ? ($orig_url. 'ib/1/') : ($orig_url .'/ib/1/');
150 $page = AT_PRETTY_URL_HANDLER.$_REQUEST['pu'] . SEP .'ib=1';
152 } elseif (!empty($_REQUEST['p'])) {
154 $page = urldecode($_REQUEST['p']);
155 } elseif (($_config['pretty_url'] > 0) && preg_match('/bounce.php\?course=([\d]+)$/', $_SERVER['REQUEST_URI'])==1) {
156 //for browse, and my start page url rewrite.
157 $page = url_rewrite($_SERVER['REQUEST_URI'], AT_PRETTY_URL_NOT_HEADER, true).'/index.php'; //force overwrite
160 if (isset($_POST['jump']) && abs($_POST['course']) > 0){
161 $_SESSION['course_id'] = abs($_POST['course']);
163 $page = url_rewrite('index.php');
166 if (substr($page, 0, 1) == '/') {
167 $page = substr($page, 1);
170 $_SESSION['enroll'] = AT_ENROLL_NO;
171 $_SESSION['s_cid'] = 0;
172 $_SESSION['privileges'] = 0;
173 $_SESSION['is_admin'] = false;
175 if ($_SESSION['course_id'] == -1) {
176 unset($_SESSION['valid_user']);
177 unset($_SESSION['is_guest']);
178 unset($_SESSION['login']);
179 unset($_SESSION['is_admin']);
180 unset($_SESSION['course_id']);
183 if (isset($_REQUEST['course'])) { // is set guests access protected course
184 $course = abs($_REQUEST['course']);
185 } else if (isset($_REQUEST['p_course'])) { // is set when pretty url is turned on, access public course
186 $course = abs($_REQUEST['p_course']);
191 if (($course === 0) && $_SESSION['valid_user']) {
192 $_SESSION['course_id'] = 0;
193 $_SESSION['last_updated'] = time()/60 - ONLINE_UPDATE - 1;
195 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
196 $th = get_default_theme();
197 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
200 header('Location: users/index.php');
202 } else if (($course === 0) && !$_SESSION['valid_user']) { // guests
203 header('Location: '.AT_BASE_HREF.'login.php');
205 } else if ($course == -1) {
206 $_SESSION['course_id'] = 0;
207 $_SESSION['last_updated'] = time()/60 - ONLINE_UPDATE - 1;
209 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
210 $th = get_default_theme();
211 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
214 header('Location: users/index.php');
218 $sql = "SELECT member_id, content_packaging, cat_id, access, title, UNIX_TIMESTAMP(release_date) AS u_release_date, UNIX_TIMESTAMP(end_date) AS u_end_date FROM ".TABLE_PREFIX."courses WHERE course_id=$course";
219 $result = mysql_query($sql,$db);
220 if (!$row = mysql_fetch_assoc($result)) {
221 $msg->addError('ITEM_NOT_FOUND');
222 if ($_SESSION['member_id']) {
223 header('Location: '.AT_BASE_HREF.'users/index.php');
225 header('Location: '.AT_BASE_HREF.'login.php');
230 if (!$_SESSION['member_id']) {
231 assign_session_prefs(unserialize(stripslashes($_config['pref_defaults'])));
234 $owner_id = $row['member_id'];
235 $_SESSION['packaging'] = $row['content_packaging'];
237 $_SESSION['groups'] = array();
238 unset($_SESSION['fs_owner_type']);
239 unset($_SESSION['fs_owner_id']);
240 unset($_SESSION['fs_folder_id']);
243 if ($set_to_public) {
244 $row['access'] = "public";
247 switch ($row['access']){
250 $dest = './'.$page.'?f='.$addslashes($_GET['f']);
254 apply_category_theme($row['cat_id']);
256 if (!$_SESSION['valid_user'] && ($row['u_release_date'] < time()) && (!$row['u_end_date'] || $row['u_end_date'] > time())) {
257 $_SESSION['course_id'] = $course;
259 $_SESSION['login'] = 'guest';
260 $_SESSION['valid_user'] = false;
261 $_SESSION['member_id'] = 0;
262 $_SESSION['is_admin'] = false;
263 $_SESSION['is_guest'] = true;
265 /* add guest login to counter: */
267 if ($_config['pretty_url'])
269 if (!strpos($dest, '/p_course/')) $dest .= '/p_course/'.$course;
270 header('Location: '.$dest);
273 } else if (!$_SESSION['valid_user']) {
274 if ($row['u_release_date'] > time()) {
275 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
277 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
279 header('Location: '.AT_BASE_HREF.'browse.php');
283 $_SESSION['course_id'] = $course;
284 /* check if we're an admin here */
285 if ($owner_id == $_SESSION['member_id']) {
286 $_SESSION['is_admin'] = true;
287 $_SESSION['enroll'] = AT_ENROLL_YES;
289 $_SESSION['is_admin'] = false;
293 /* title wont be needed. comes from the cache. */
294 $_SESSION['course_title'] = $row['title'];
296 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
297 $result = mysql_query($sql, $db);
298 if ($row2 = mysql_fetch_assoc($result)) {
299 /* we have requested or are enrolled in this course */
300 $_SESSION['enroll'] = AT_ENROLL_YES;
301 $_SESSION['s_cid'] = $row2['last_cid'];
302 $_SESSION['privileges'] = $row2['privileges'];
305 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
306 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
307 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
309 } else if ($row['u_release_date'] > time()) {
310 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
312 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
313 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
314 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
316 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
317 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
320 /* add member login to counter: */
321 if (!$_SESSION['is_admin'] && $_SESSION['member_id'] > 0) {
325 /* update users_online */
328 $_SESSION['groups'] = get_groups($course);
330 header('Location: '.$dest);
336 if (!$_SESSION['valid_user']) {
337 header('Location: ./login.php?course='.intval($course));
340 /* we're already logged in */
341 $_SESSION['course_id'] = $course;
343 apply_category_theme($row['cat_id']);
345 /* check if we're an admin here */
346 if ($owner_id == $_SESSION['member_id']) {
347 $_SESSION['is_admin'] = true;
348 $_SESSION['enroll'] = AT_ENROLL_YES;
350 $_SESSION['is_admin'] = false;
351 /* add member login to counter: */
355 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
356 $result = mysql_query($sql, $db);
357 if ($row2 = mysql_fetch_assoc($result)) {
358 /* we have requested or are enrolled in this course */
359 $_SESSION['enroll'] = AT_ENROLL_YES;
360 $_SESSION['s_cid'] = $row2['last_cid'];
361 $_SESSION['privileges'] = $row2['privileges'];
364 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
365 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
366 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
368 } else if ($row['u_release_date'] > time()) {
369 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
371 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
372 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
373 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
375 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
376 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
380 $_SESSION['course_title'] = $row['title'];
382 /* update users_online */
385 $_SESSION['groups'] = get_groups($course);
388 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
391 header('Location: ./'.$addslashes($page));
397 if (!$_SESSION['valid_user']) {
398 /* user not logged in: */
399 header('Location: ./login.php?course='.intval($course));
403 if ($owner_id == $_SESSION['member_id']) {
404 /* we own this course. so we dont have to enroll or get the groups */
406 $_SESSION['is_admin'] = true;
407 $_SESSION['course_id'] = $course;
408 $_SESSION['course_title'] = $row['title'];
409 $_SESSION['enroll'] = AT_ENROLL_YES;
411 $sql = "SELECT last_cid FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
412 $result = mysql_query($sql, $db);
413 $row2 = mysql_fetch_assoc($result);
415 $_SESSION['s_cid'] = $row2['last_cid'];
417 /* update users_online */
420 apply_category_theme($row['cat_id']);
422 $_SESSION['groups'] = get_groups($course);
424 if (!empty($_GET['f'])) {
425 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
428 if ($row['u_release_date'] > time()) {
429 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
430 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
431 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
433 header('Location: ./'.$addslashes($page));
437 /* check if we're enrolled */
438 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
439 $result = mysql_query($sql, $db);
441 if (!$row2 = mysql_fetch_assoc($result)) {
442 /* we have not requested enrollment in this course */
443 $_SESSION['course_id'] = 0;
444 header('Location: users/private_enroll.php?course='.intval($course));
448 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
449 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
450 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
452 } else if ($row['u_release_date'] > time()) {
453 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
455 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
456 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
457 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
459 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
460 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
462 /* we have requested or are enrolled in this course */
464 apply_category_theme($row['cat_id']);
466 $_SESSION['enroll'] = AT_ENROLL_YES;
467 $_SESSION['s_cid'] = $row2['last_cid'];
469 if ($row2['approved'] == 'n') {
470 /* we have not been approved to enroll in this course */
471 $_SESSION['course_id'] = 0;
472 header('Location: users/private_enroll.php?course='.$course);
476 /* enrollment has been approved or student is alumni */
477 if ($row2['approved'] == 'a') {
478 $_SESSION['enroll'] = AT_ENROLL_ALUMNUS;
480 /* we're already logged in */
481 $_SESSION['course_id'] = $course;
483 /* check if we're an admin here */
484 $_SESSION['privileges'] = $row2['privileges'];
485 $_SESSION['course_title'] = $row['title'];
487 /* update users_online */
490 $_SESSION['groups'] = get_groups($course);
492 /* add member login to counter: */
496 header('Location: '.$page.'?f='.$addslashes($_GET['f']));
499 header('Location: '.$addslashes($page));