changed git call from https to git readonly

[atutor.git] / mods / mahara / mahara_login.php

<?php\r
\r
/*\r
    This belongs to the ATutor Mahara module page. It is called within an iframe or \r
    a new window from index.php and allows a user to access\r
    his/her ePortfolio account on Mahara through their account on ATutor.\r
\r
    Login information for Mahara is passed using cookies (password encrypted in SHA1).\r
    This is to avoid conflicting sessions between ATutor and Mahara from within\r
    the same script.\r
\r
    by: Boon-Hau Teh\r
*/\r
\r
$_user_location = 'public';\r
\r
define('AT_INCLUDE_PATH', '../../include/');\r
\r
\r
/*~~~~~~~~~~~~~few essentials copied from ATutor's vitals.inc.php~~~~~~~~~~~~*/\r
\r
    /**** 0. start system configuration options block ****/\r
    error_reporting(0);\r
    if (!defined(AT_REDIRECT_LOADED)){\r
        include_once(AT_INCLUDE_PATH.'config.inc.php');\r
    }\r
    error_reporting(AT_ERROR_REPORTING);\r
\r
    if (!defined('AT_INSTALL') || !AT_INSTALL) {\r
        header('Cache-Control: no-store, no-cache, must-revalidate');\r
        header('Pragma: no-cache');\r
\r
        $relative_path = substr(AT_INCLUDE_PATH, 0, -strlen('include/'));\r
        header('Location: ' . $relative_path . 'install/not_installed.php');\r
        exit;\r
    }\r
\r
    /*** 1. constants ***/\r
    if (!defined(AT_REDIRECT_LOADED)){\r
        require_once(AT_INCLUDE_PATH.'lib/constants.inc.php');\r
    }\r
\r
    $db = @mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);\r
    if (!$db) {\r
        /* AT_ERROR_NO_DB_CONNECT */\r
        require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');\r
        $err =& new ErrorHandler();\r
        trigger_error('VITAL#Unable to connect to db.', E_USER_ERROR);\r
        exit;\r
    }\r
    if (!@mysql_select_db(DB_NAME, $db)) {\r
        require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');\r
        $err =& new ErrorHandler();\r
        trigger_error('VITAL#DB connection established, but database "'.DB_NAME.'" cannot be selected.',\r
                        E_USER_ERROR);\r
        exit;\r
    }\r
\r
    /* get config variables. if they're not in the db then it uses the installation default value in constants.inc.php */\r
    $sql    = "SELECT * FROM ".TABLE_PREFIX."config";\r
    $result = mysql_query($sql, $db);\r
    while ($row = mysql_fetch_assoc($result)) { \r
        $_config[$row['name']] = $row['value'];\r
    }\r
\r
    /***** 7. start language block *****/\r
        // set current language\r
        require(AT_INCLUDE_PATH . 'classes/Language/LanguageManager.class.php');\r
        $languageManager =& new LanguageManager();\r
\r
        $myLang =& $languageManager->getMyLanguage();\r
\r
        if ($myLang === FALSE) {\r
            echo 'There are no languages installed!';\r
            exit;\r
        }\r
        $myLang->saveToSession();\r
        if (isset($_GET['lang']) && $_SESSION['valid_user']) {\r
            if ($_SESSION['course_id'] == -1) {\r
                $myLang->saveToPreferences($_SESSION['login'], 1);      //1 for admin                   \r
            } else {\r
                $myLang->saveToPreferences($_SESSION['member_id'], 0);  //0 for non-admin\r
            }\r
        }\r
        $myLang->sendContentTypeHeader();\r
\r
        /* set right-to-left language */\r
        $rtl = '';\r
        if ($myLang->isRTL()) {\r
            $rtl = 'rtl_'; /* basically the prefix to a rtl variant directory/filename. eg. rtl_tree */\r
        }\r
    /***** end language block ****/\r
\r
/*~~~~~~~~~~~~~~~~~~~~~~~end of vitals.inc.php~~~~~~~~~~~~~~~~~~~~~~*/\r
\r
\r
\r
\r
\r
// Read Mahara login information from cookies passed by ATutor\r
$usr = array();\r
if (isset($_COOKIE['ATutor_Mahara'])) {\r
    foreach ($_COOKIE['ATutor_Mahara'] as $name => $value) {\r
        $usr[$name] = $value;\r
\r
        // expire the cookie\r
        ATutor.setcookie ("ATutor_Mahara[".$name."]", "", time() - 3600);\r
    }\r
    //expire the cookie array\r
    ATutor.setcookie ("ATutor_Mahara", "", time() - 3600);\r
} else {\r
    echo 'Unable to detect cookies or the session has timed out.  Please check that cookies are enabled on your browser and try again.';\r
    exit;\r
}\r
\r
// Get password from ATutor's database\r
$sql    = "SELECT password FROM ".TABLE_PREFIX."mahara WHERE at_login='".$usr["at_login"]."' AND username='".$usr["username"]."' AND SHA1(password)='".$usr["password"]."'";\r
$result = mysql_query($sql, $db);\r
if (!($row = @mysql_fetch_array($result))) {\r
    echo 'Incorrect login information. Please check with course instructor or administrator.';\r
    exit;\r
} else {\r
    $pwd = $row[0];\r
\r
    if (isset($_config['mahara'])) {\r
\r
        /****** Taken from index.php of /mahara  *****/\r
        define('INTERNAL', 1);\r
        define('PUBLIC', 1);\r
        define('MENUITEM', '');\r
        define (MAHARA_PATH, $_config['mahara']);\r
        require (MAHARA_PATH.'init.php');\r
        define('TITLE', get_string('home'));\r
\r
        // Check if user exists in Mahara\r
        if (!(record_exists('usr', 'username', $usr["username"]))) {\r
            // Reconnect to ATutor Database and remove the record from the mahara table\r
            $db_atutor = @mysql_connect(DB_HOST . ':' . DB_PORT, DB_USER, DB_PASSWORD);\r
            if (!$db_atutor) {\r
                /* AT_ERROR_NO_DB_CONNECT */\r
                require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');\r
                $err =& new ErrorHandler();\r
                trigger_error('VITAL#Unable to connect to db.', E_USER_ERROR);\r
                exit;\r
            }\r
            if (!@mysql_select_db(DB_NAME, $db_atutor)) {\r
                require_once(AT_INCLUDE_PATH . 'classes/ErrorHandler/ErrorHandler.class.php');\r
                $err =& new ErrorHandler();\r
                trigger_error('VITAL#DB connection established, but database "'.DB_NAME.'" cannot be selected.',\r
                                E_USER_ERROR);\r
                exit;\r
            }\r
\r
            // Delete record from ATutor database since it should not be there\r
            $sql = "DELETE FROM ".TABLE_PREFIX."mahara WHERE at_login='".$usr["at_login"]."'";\r
\r
            $result = mysql_query($sql, $db_atutor);\r
\r
            echo "Successfully synchronized user login with Mahara database. Please refresh the page from ATutor.";\r
            exit;\r
        }\r
\r
        session_start();\r
\r
        /*~~~~~~~~~~~copied from index.php of Mahara~~~~~~~~~~~~~~~*/\r
        // Check for whether the user is logged in, before processing the page. After\r
        // this, we can guarantee whether the user is logged in or not for this page.\r
        if (!$USER->is_logged_in()) {\r
            $lang = param_alphanumext('lang', null);\r
            if (!empty($lang)) {\r
                $SESSION->set('lang', $lang);\r
            }\r
\r
            // Read login information\r
            $values['login_username'] = $usr["username"];\r
            $values['login_password'] = $pwd;\r
            $values['submit'] = "Login";\r
            $values['sesskey'] = "";\r
            $values['pieform_login'] = "";\r
\r
            // login\r
            login_submit(null, $values);\r
\r
            $adminpage = ($USER->get('admin')) ? 'admin/' : '';\r
        }\r
\r
        /* Logged in session should be created.  Now redirect to the Mahara page\r
           and it should read from this session\r
         */\r
        header('Location: '.get_config('wwwroot').$adminpage);\r
        /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/\r
    } else {\r
        echo 'You have incorrect config settings for the Mahara module.';\r
        exit;\r
    }\r
}\r
\r
\r
?>