2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2010 */
6 /* Inclusive Design Institute */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 function apply_category_theme($category_id) {
16 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
20 // apply the theme for this category:
21 $sql = "SELECT theme FROM ".TABLE_PREFIX."course_cats WHERE cat_id=$category_id";
22 $result = mysql_query($sql, $db);
23 if (($cat_row = mysql_fetch_assoc($result)) && $cat_row['theme']) {
24 $_SESSION['prefs']['PREF_THEME'] = $cat_row['theme'];
26 $th = get_default_theme();
27 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
30 $th = get_default_theme();
31 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
36 function count_login( ) {
37 global $db, $moduleFactory;
39 $module =& $moduleFactory->getModule(AT_MODULE_DIR_STANDARD.'/statistics');
40 if (!$module->isEnabled()) {
43 if ($_SESSION['is_guest']) {
44 $sql = "INSERT INTO ".TABLE_PREFIX."course_stats VALUES ($_SESSION[course_id], NOW(), 1, 0)";
46 $sql = "INSERT INTO ".TABLE_PREFIX."course_stats VALUES ($_SESSION[course_id], NOW(), 0, 1)";
49 $result = @mysql_query($sql, $db);
52 /* that entry already exists, then update it. */
53 if ($_SESSION['is_guest']) {
54 $sql = "UPDATE ".TABLE_PREFIX."course_stats SET guests=guests+1 WHERE course_id=$_SESSION[course_id] AND login_date=CURDATE()";
56 $sql = "UPDATE ".TABLE_PREFIX."course_stats SET members=members+1 WHERE course_id=$_SESSION[course_id] AND login_date=CURDATE()";
58 $result = @mysql_query($sql, $db);
62 function get_groups($course_id) {
67 if (authenticate(AT_PRIV_GROUPS, true)) {
68 $sql = "SELECT G.group_id FROM ".TABLE_PREFIX."groups G INNER JOIN ".TABLE_PREFIX."groups_types T USING (type_id) WHERE T.course_id=$course_id";
70 $sql = "SELECT G.group_id FROM ".TABLE_PREFIX."groups G INNER JOIN (".TABLE_PREFIX."groups_types T, ".TABLE_PREFIX."groups_members M) ON (G.type_id=T.type_id AND G.group_id=M.group_id) WHERE T.course_id=$course_id AND M.member_id=$_SESSION[member_id]";
72 $result = mysql_query($sql, $db);
73 while ($row = mysql_fetch_assoc($result)) {
74 $groups[$row['group_id']] = $row['group_id'];
80 $_user_location = 'public';
81 define('AT_INCLUDE_PATH', 'include/');
82 require(AT_INCLUDE_PATH.'vitals.inc.php');
84 if($_config['just_social'] == 1){
85 header('Location: mods/_standard/social/index_mystart.php');
88 $set_to_public = false;
89 if ($_SERVER['PHP_SELF'] == $_base_path."acl.php") {
90 //search through the auth table and find password that matches get password
91 $key = $addslashes(key($_GET));
92 $sql = "SELECT * FROM ".TABLE_PREFIX."course_access WHERE password='$key' AND (expiry_date > NOW() OR expiry_date+0 = 0) AND enabled=1";
93 $result = mysql_query($sql, $db);
94 if ($row = mysql_fetch_assoc($result)) {
95 $set_to_public = true;
96 $_REQUEST['course'] = $row['course_id'];
97 $_SESSION['member_id'] = 0;
98 $_SESSION['valid_user'] = false;
99 $_SESSION['login'] = 'guest';
104 if (isset($_GET['admin']) && isset($_SESSION['is_super_admin'])) {
105 $sql = "SELECT login, `privileges`, language FROM ".TABLE_PREFIX."admins WHERE login='$_SESSION[is_super_admin]' AND `privileges`>0";
106 $result = mysql_query($sql, $db);
108 if ($row = mysql_fetch_assoc($result)) {
109 $sql = "UPDATE ".TABLE_PREFIX."admins SET last_login=NOW() WHERE login='$_SESSION[is_super_admin]'";
110 mysql_query($sql, $db);
112 $_SESSION['login'] = $row['login'];
113 $_SESSION['valid_user'] = true;
114 $_SESSION['course_id'] = -1;
115 $_SESSION['privileges'] = intval($row['privileges']);
116 $_SESSION['lang'] = $row['language'];
117 assign_session_prefs(unserialize(stripslashes($_config['pref_defaults'])), 1);
118 unset($_SESSION['member_id']);
119 unset($_SESSION['is_super_admin']);
121 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
123 $msg->addFeedback('LOGIN_SUCCESS');
125 header('Location: admin/index.php');
130 if (!empty($_REQUEST['pu'])) {
131 //request ib stands for 'is bounced', this is to avoid the infinite 302 redirect
132 //A better way to deal with this rather than using querystring? (Session won't work)
133 //Session doesn't work,leads to bounce out error as well.
134 if (!empty($_REQUEST['ib'])) {
138 //for pretty url iff mod_rewrite is not on
139 if ($_config['apache_mod_rewrite'] > 0){
140 //URL are in pretty format, but not in .htaccess RewriteRule format
141 //http://www.atutor.ca/atutor/mantis/view.php?id=3426
142 $page = url_rewrite($_REQUEST['pu'], AT_PRETTY_URL_NOT_HEADER, true) . '/ib/1';
144 if ($_config['pretty_url'])
146 $orig_url = AT_PRETTY_URL_HANDLER.$_REQUEST['pu'];
147 $page = (substr($_REQUEST['pu'], -1) == '/') ? ($orig_url. 'ib/1/') : ($orig_url .'/ib/1/');
150 $page = AT_PRETTY_URL_HANDLER.$_REQUEST['pu'] . SEP .'ib=1';
152 } elseif (!empty($_REQUEST['p'])) {
154 //p is a relative path, check that. #4773
155 if (strpos($_REQUEST['p'], 'http') !== false) {
156 //if not relative, reset it.
159 $page = urldecode($_REQUEST['p']);
160 } elseif (($_config['pretty_url'] > 0) && preg_match('/bounce.php\?course=([\d]+)$/', $_SERVER['REQUEST_URI'])==1) {
161 //for browse, and my start page url rewrite.
162 $page = url_rewrite($_SERVER['REQUEST_URI'], AT_PRETTY_URL_NOT_HEADER, true).'/index.php'; //force overwrite
165 if (isset($_POST['jump']) && abs($_POST['course']) > 0){
166 $_SESSION['course_id'] = abs($_POST['course']);
168 $page = url_rewrite('index.php');
171 if (substr($page, 0, 1) == '/') {
172 $page = substr($page, 1);
175 $_SESSION['enroll'] = AT_ENROLL_NO;
176 $_SESSION['s_cid'] = 0;
177 $_SESSION['privileges'] = 0;
178 $_SESSION['is_admin'] = false;
180 if ($_SESSION['course_id'] == -1) {
181 unset($_SESSION['valid_user']);
182 unset($_SESSION['is_guest']);
183 unset($_SESSION['login']);
184 unset($_SESSION['is_admin']);
185 unset($_SESSION['course_id']);
188 if (isset($_REQUEST['course'])) { // is set guests access protected course
189 $course = abs($_REQUEST['course']);
190 } else if (isset($_REQUEST['p_course'])) { // is set when pretty url is turned on, access public course
191 $course = abs($_REQUEST['p_course']);
196 if (($course === 0) && $_SESSION['valid_user']) {
197 $_SESSION['course_id'] = 0;
198 $_SESSION['last_updated'] = time()/60 - ONLINE_UPDATE - 1;
200 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
201 $th = get_default_theme();
202 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
204 /* http://atutor.ca/atutor/mantis/view.php?id=4587
205 * for users with no enrolled courses, default to the Browse Bourses screen instead of My Courses.
207 $sql = 'SELECT COUNT(*) AS count FROM '.TABLE_PREFIX.'course_enrollment WHERE member_id='.$_SESSION['member_id'];
208 $result = mysql_query($sql, $db);
209 $row = mysql_fetch_assoc($result);
210 if ($row['count'] == 0) {
211 header('Location: users/browse.php');
214 header('Location: users/index.php');
216 } else if (($course === 0) && !$_SESSION['valid_user']) { // guests
217 header('Location: '.AT_BASE_HREF.'login.php');
219 } else if ($course == -1) {
220 $_SESSION['course_id'] = 0;
221 $_SESSION['last_updated'] = time()/60 - ONLINE_UPDATE - 1;
223 if (defined('AT_ENABLE_CATEGORY_THEMES') && AT_ENABLE_CATEGORY_THEMES) {
224 $th = get_default_theme();
225 $_SESSION['prefs']['PREF_THEME'] = $th['dir_name'];
228 header('Location: users/index.php');
232 $sql = "SELECT member_id, content_packaging, cat_id, access, title, UNIX_TIMESTAMP(release_date) AS u_release_date, UNIX_TIMESTAMP(end_date) AS u_end_date FROM ".TABLE_PREFIX."courses WHERE course_id=$course";
233 $result = mysql_query($sql,$db);
234 if (!$row = mysql_fetch_assoc($result)) {
235 $msg->addError('ITEM_NOT_FOUND');
236 if ($_SESSION['member_id']) {
237 header('Location: '.AT_BASE_HREF.'users/index.php');
239 header('Location: '.AT_BASE_HREF.'login.php');
244 if (!$_SESSION['member_id']) {
245 assign_session_prefs(unserialize(stripslashes($_config['pref_defaults'])), 1);
248 $owner_id = $row['member_id'];
249 $_SESSION['packaging'] = $row['content_packaging'];
251 $_SESSION['groups'] = array();
252 unset($_SESSION['fs_owner_type']);
253 unset($_SESSION['fs_owner_id']);
254 unset($_SESSION['fs_folder_id']);
257 if ($set_to_public) {
258 $row['access'] = "public";
261 switch ($row['access']){
264 $dest = './'.$page.'?f='.$addslashes($_GET['f']);
268 apply_category_theme($row['cat_id']);
270 if (!$_SESSION['valid_user'] && ($row['u_release_date'] < time()) && (!$row['u_end_date'] || $row['u_end_date'] > time())) {
271 $_SESSION['course_id'] = $course;
273 $_SESSION['login'] = 'guest';
274 $_SESSION['valid_user'] = false;
275 $_SESSION['member_id'] = 0;
276 $_SESSION['is_admin'] = false;
277 $_SESSION['is_guest'] = true;
279 /* add guest login to counter: */
281 if ($_config['pretty_url'])
283 if (!strpos($dest, '/p_course/')) $dest .= '/p_course/'.$course;
284 header('Location: '.$dest);
287 } else if (!$_SESSION['valid_user']) {
288 if ($row['u_release_date'] > time()) {
289 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
291 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
293 header('Location: '.AT_BASE_HREF.'browse.php');
297 $_SESSION['course_id'] = $course;
298 /* check if we're an admin here */
299 if ($owner_id == $_SESSION['member_id']) {
300 $_SESSION['is_admin'] = true;
301 $_SESSION['enroll'] = AT_ENROLL_YES;
303 $_SESSION['is_admin'] = false;
307 /* title wont be needed. comes from the cache. */
308 $_SESSION['course_title'] = $row['title'];
310 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
311 $result = mysql_query($sql, $db);
312 if ($row2 = mysql_fetch_assoc($result)) {
313 /* we have requested or are enrolled in this course */
314 $_SESSION['enroll'] = AT_ENROLL_YES;
315 $_SESSION['s_cid'] = $row2['last_cid'];
316 $_SESSION['privileges'] = $row2['privileges'];
319 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
320 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
321 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
323 } else if ($row['u_release_date'] > time()) {
324 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
326 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
327 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
328 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
330 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
331 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
334 /* add member login to counter: */
335 if (!$_SESSION['is_admin'] && $_SESSION['member_id'] > 0) {
339 /* update users_online */
342 $_SESSION['groups'] = get_groups($course);
344 header('Location: '.$dest);
350 if (!$_SESSION['valid_user']) {
351 header('Location: ./login.php?course='.intval($course));
354 /* we're already logged in */
355 $_SESSION['course_id'] = $course;
357 apply_category_theme($row['cat_id']);
359 /* check if we're an admin here */
360 if ($owner_id == $_SESSION['member_id']) {
361 $_SESSION['is_admin'] = true;
362 $_SESSION['enroll'] = AT_ENROLL_YES;
364 $_SESSION['is_admin'] = false;
365 /* add member login to counter: */
369 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
370 $result = mysql_query($sql, $db);
371 if ($row2 = mysql_fetch_assoc($result)) {
372 /* we have requested or are enrolled in this course */
373 $_SESSION['enroll'] = AT_ENROLL_YES;
374 $_SESSION['s_cid'] = $row2['last_cid'];
375 $_SESSION['privileges'] = $row2['privileges'];
378 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
379 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
380 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
382 } else if ($row['u_release_date'] > time()) {
383 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
385 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
386 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
387 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
389 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
390 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
394 $_SESSION['course_title'] = $row['title'];
396 /* update users_online */
399 $_SESSION['groups'] = get_groups($course);
402 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
405 header('Location: ./'.$addslashes($page));
411 if (!$_SESSION['valid_user']) {
412 /* user not logged in: */
413 header('Location: ./login.php?course='.intval($course));
417 if ($owner_id == $_SESSION['member_id']) {
418 /* we own this course. so we dont have to enroll or get the groups */
420 $_SESSION['is_admin'] = true;
421 $_SESSION['course_id'] = $course;
422 $_SESSION['course_title'] = $row['title'];
423 $_SESSION['enroll'] = AT_ENROLL_YES;
425 $sql = "SELECT last_cid FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
426 $result = mysql_query($sql, $db);
427 $row2 = mysql_fetch_assoc($result);
429 $_SESSION['s_cid'] = $row2['last_cid'];
431 /* update users_online */
434 apply_category_theme($row['cat_id']);
436 $_SESSION['groups'] = get_groups($course);
438 if (!empty($_GET['f'])) {
439 header('Location: ./'.$page.'?f='.$addslashes($_GET['f']));
442 if ($row['u_release_date'] > time()) {
443 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
444 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
445 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
447 header('Location: ./'.$addslashes($page));
451 /* check if we're enrolled */
452 $sql = "SELECT * FROM ".TABLE_PREFIX."course_enrollment WHERE member_id=$_SESSION[member_id] AND course_id=$course";
453 $result = mysql_query($sql, $db);
455 if (!$row2 = mysql_fetch_assoc($result)) {
456 /* we have not requested enrollment in this course */
457 $_SESSION['course_id'] = 0;
458 header('Location: users/private_enroll.php?course='.intval($course));
462 if (($row['u_release_date'] > time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
463 $msg->addError(array('COURSE_NOT_RELEASED', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
464 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
466 } else if ($row['u_release_date'] > time()) {
467 $msg->addInfo(array('COURSE_RELEASE', AT_Date(_AT('announcement_date_format'), $row['u_release_date'], AT_DATE_UNIX_TIMESTAMP)));
469 } else if ($row['u_end_date'] && ($row['u_end_date'] < time()) && !($_SESSION['is_admin'] || $_SESSION['privileges'])) {
470 $msg->addError(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
471 header('Location: '.AT_BASE_HREF.'bounce.php?course=0');
473 } else if ($row['u_end_date'] && $row['u_end_date'] < time()) {
474 $msg->addInfo(array('COURSE_ENDED', AT_Date(_AT('announcement_date_format'), $row['u_end_date'], AT_DATE_UNIX_TIMESTAMP)));
476 /* we have requested or are enrolled in this course */
478 apply_category_theme($row['cat_id']);
480 $_SESSION['enroll'] = AT_ENROLL_YES;
481 $_SESSION['s_cid'] = $row2['last_cid'];
483 if ($row2['approved'] == 'n') {
484 /* we have not been approved to enroll in this course */
485 $_SESSION['course_id'] = 0;
486 header('Location: users/private_enroll.php?course='.$course);
490 /* enrollment has been approved or student is alumni */
491 if ($row2['approved'] == 'a') {
492 $_SESSION['enroll'] = AT_ENROLL_ALUMNUS;
494 /* we're already logged in */
495 $_SESSION['course_id'] = $course;
497 /* check if we're an admin here */
498 $_SESSION['privileges'] = $row2['privileges'];
499 $_SESSION['course_title'] = $row['title'];
501 /* update users_online */
504 $_SESSION['groups'] = get_groups($course);
506 /* add member login to counter: */
510 header('Location: '.$page.'?f='.$addslashes($_GET['f']));
513 header('Location: '.$addslashes($page));