Commit 7f89750e authored by Penny Leach's avatar Penny Leach
Browse files
parents 65f0d688 b3415f79
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage core
* @author Penny Leach <penny@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
require('init.php');
$smarty = smarty();
$smarty->assign('page_content', get_site_page_content('about'));
$smarty->display('sitepage.tpl');
?>
......@@ -48,6 +48,7 @@ if ($install) {
$user->password = 'mahara';
$user->institution = 'mahara';
$user->passwordchange = 1;
$user->admin = 1;
$user->firstname = 'Admin';
$user->lastname = 'User';
$user->email = 'admin@example.org';
......
......@@ -17,7 +17,7 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage auth/internal
* @subpackage auth-internal
* @author Nigel McNie <nigel@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
......@@ -27,5 +27,10 @@
defined('INTERNAL') || die();
$string['internal'] = 'Internal';
$string['passwordinvalidform'] = 'Your password must be at least six characters long and contain at least one digit and two letters';
$string['passwordtooeasy'] = 'Your password is too easy! Please choose a harder password';
$string['passwordnotchanged'] = 'You did not change your password, please choose a new password';
$string['passwordsaved'] = 'Your new password has been saved';
$string['passwordsdonotmatch'] = 'The passwords do not match';
?>
......@@ -204,13 +204,15 @@ function auth_setup () {
// Check the time that the session is set to log out. If the user does
// not have a session, this time will be 0.
$sessionlogouttime = $SESSION->get('logout_time');
if ($sessionlogouttime > time()) {
if ($sessionlogouttime && isset($_GET['logout'])) {
if (isset($_GET['logout'])) {
log_debug('logging user ' . $SESSION->get('username') . ' out');
$SESSION->logout();
$SESSION->add_ok_msg(get_string('loggedoutok'));
redirect(get_config('wwwroot'));
}
}
if ($sessionlogouttime > time()) {
// The session is still active, so continue it.
log_debug('session still active from previous time');
$USER = $SESSION->renew();
......@@ -231,7 +233,8 @@ function auth_setup () {
// There is no session, so we check to see if one needs to be started.
// Build login form. If the form is submitted it will be handled here,
// and set $USER for us.
// and set $USER for us (this will happen when users hit a page and
// specify login data immediately
require_once('form.php');
$form = new Form(auth_get_login_form());
if ($USER) {
......@@ -270,9 +273,8 @@ function auth_get_authtype_for_institution($institution) {
* via the internal form difficult.
*/
function auth_check_password_change($user) {
global $SESSION;
log_debug('checking if the user needs to change their password');// @todo change this to $user instead of $SESSION, as long as it's safe
if (auth_get_authtype_for_institution($SESSION->get('institution')) == 'internal' && $SESSION->get('passwordchange')) {
log_debug('checking if the user needs to change their password');
if (auth_get_authtype_for_institution($user->institution) == 'internal' && $user->passwordchange) {
log_debug('user DOES need to change their password');
require_once('form.php');
$form = array(
......@@ -311,27 +313,36 @@ function auth_check_password_change($user) {
/**
* Check if the given user's account has expired
*
* @param object $user The user to check for the expired password.
* @todo maybe later, just use $USER because that's all we are actually checking...
* @private
*/
function auth_check_user_expired($user) {
log_debug('Checking to see if the user has expired');
if ($user->expiry > 0 && time() > $user->expiry) {
// Trash the $USER object, used for checking if the user is logged in
// Trash the $USER object, used for checking if the user is logged in.
// Smarty uses it otherwise...
global $USER;
$USER = null;
die_info('Sorry, your account has expired');
die_info(get_string('accountexpired'));
}
}
function auth_check_user_suspended() {
/**
* Check if the given user's account has been suspended
*
* @param object $user The user to check for the suspended account.
* @private
*/
function auth_check_user_suspended($user) {
global $USER;
log_debug('Checking to see if the user is suspended');
$suspend = get_record('usr_suspension', 'usr', $USER->id);
log_debug($suspend);
$suspend = get_record('usr_suspension', 'usr', $user->id);
if ($suspend) {
global $USER;
$USER = null;
die_info('Sorry, your account has been SUSPENDED!');
die_info(get_string('accountsuspended', 'mahara', $suspend->ctime, $suspend->reason));
}
}
......@@ -346,6 +357,10 @@ function auth_check_user_suspended() {
* can be removed from the Auth class, and instead just be part of AuthInternal
* since they don't need to be specified for other types.
*
* Furthermore, I think that the change_password stuff (as well as suspended
* and expired) are also quite possibly related to internal only. This will
* require a lot of thought about how to best structure it.
*
* @param Form $form The form to check
* @param array $values The values to check
*/
......@@ -361,7 +376,7 @@ function change_password_validate(Form $form, $values) {
// Check that the password is in valid form
if (!$form->get_error('password1')
&& !call_static_method('AuthInternal', 'is_password_valid', $values['password1'])) {
$form->set_error('password1', 'Your password is not in a valid form');
$form->set_error('password1', get_string('passwordinvalidform', 'auth.internal'));
}
// The password must not be too easy :)
......@@ -369,18 +384,17 @@ function change_password_validate(Form $form, $values) {
'mahara', 'password', $SESSION->get('username')
);
if (!$form->get_error('password1') && in_array($values['password1'], $suckypasswords)) {
$form->set_error('password1', 'Your password is too easy! Please choose a harder password');
$form->set_error('password1', get_string('passwordtooeasy', 'auth.internal'));
}
// The password cannot be the same as the old one
// @todo Use $USER to get the old password (if $USER has the password...)
if (!$form->get_error('password1') && $values['password1'] == get_field('usr', 'password', 'username', $SESSION->get('username'))) {
$form->set_error('password1', 'Your did not change your password!');
if (!$form->get_error('password1') && $values['password1'] == $USER->password) {
$form->set_error('password1', get_string('passwordnotchanged', 'auth.internal'));
}
// The passwords must match
if (!$form->get_error('password1') && !$form->get_error('password2') && $values['password1'] != $values['password2']) {
$form->set_error('password2', 'Your passwords do not match');
$form->set_error('password2', get_string('passwordsdonotmatch', 'auth.internal'));
}
}
else {
......@@ -414,7 +428,7 @@ function change_password_submit($values) {
update_record('usr', $user, $where);
$SESSION->set('passwordchange', 0);
$SESSION->add_ok_msg('Your new password has been saved');
$SESSION->add_ok_msg(get_string('passwordsaved', 'auth.internal'));
redirect(get_config('wwwroot'));
exit;
}
......@@ -448,9 +462,11 @@ function auth_draw_login_page($message=null, Form $form=null) {
else {
require_once('form.php');
$loginform = form(auth_get_login_form());
// If this is true, the form was submitted even before being built.
// This happens when a user's session times out and they resend post
// data. The request should just continue if so.
/*
* If $USER is set, the form was submitted even before being built.
* This happens when a user's session times out and they resend post
* data. The request should just continue if so.
*/
if ($USER) {
return;
}
......
......@@ -59,8 +59,18 @@ class Session {
'logout_time' => 0,
'id' => 0,
'username' => '',
'password' => '',
'institution' => 'mahara',
'passwordchange' => false,
'institution' => 'mahara'
'deleted' => false,
'expiry' => 0,
'lastlogin' => 0,
'staff' => false,
'admin' => false,
'firstname' => '',
'lastname' => '',
'prefname' => '',
'email' => ''
);
// Resume an existing session if required
if (isset($_COOKIE['PHPSESSID'])) {
......
<?php
/**
* This program is part of Mahara
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
* @package mahara
* @subpackage core
* @author Penny Leach <penny@catalyst.net.nz>
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL
* @copyright (C) 2006,2007 Catalyst IT Ltd http://catalyst.net.nz
*
*/
define('INTERNAL', 1);
require('init.php');
$smarty = smarty();
$smarty->assign('page_content', get_site_page_content('contactus'));
$smarty->display('sitepage.tpl');
?>
......@@ -42,12 +42,17 @@ if (!$SESSION->is_logged_in()) {
$form = auth_get_login_form();
$form['renderer'] = 'div';
$login_form = form($form);
$pagename = 'loggedouthome';
}
else {
$pagename = 'home';
}
$smarty = smarty();
if (!$SESSION->is_logged_in()) {
$smarty->assign('login_form', $login_form);
}
$smarty->assign('page_content', get_site_page_content($pagename));
$smarty->display('index.tpl');
?>
// Expects strings array
function get_string(s) {
// @todo Still need to sprintf these strings.
var flatargs = flattenArguments(arguments);
if (arguments.length > 1) {
argstr = '(' + flatargs.slice(1).join(',') + ')';
} else {
argstr = '';
}
var args = flattenArguments(arguments).slice(1);
if (typeof(strings) == 'undefined' || typeof(strings[s]) == 'undefined') {
return '[[[' + s + argstr + ']]]';
return '[[[' + s + ((args.length > 0) ? ('(' + args.join(',') + ')') : '') + ']]]';
}
var str = strings[s];
// @todo Need to sprintf these strings properly.
for (var i = 0; i < args.length; i++) {
str = str.replace('%s',args[i]);
}
return strings[s] + argstr;
return str;
}
// Appends a status message to the end of elemid
......@@ -20,12 +19,20 @@ function displayMessage(m, /* optional */ elemid) {
color = 'green';
}
else if (m.type == 'info') {
color = '#aa6;';
//color = '#aa6;';
logDebug(m.message);
return;
}
if (typeof(elemid) == 'undefined') {
elemid = 'messages';
}
$(elemid).appendChild(DIV({'style':'color:'+color+';'},m.message));
var message = DIV({'style':'color:'+color+';'},m.message);
appendChildNodes(elemid, message);
callLater(2, function() {
removeElement(message);
//fade(message);
});
}
......@@ -39,7 +46,7 @@ function testRequired(e,formid) {
var labels = getElementsByTagAndClassName('label',null,formid);
for (var j = 0; j < labels.length; j++) {
if (getNodeAttribute(labels[j],'for') == e.name) {
displayMessage({'message':get_string('requiredfieldempty',scrapeText(labels[j])),
displayMessage({'message':get_string('namedfieldempty',scrapeText(labels[j])),
'type':'error'});
return false;
}
......
......@@ -51,7 +51,7 @@ use and modify Mahara provided you agree to:
<li>not modify or remove the original license and copyrights, and</li>
<li>apply this same license to any derivative work.</li></ul></p>
<p>Please feel free to [Contact Us] if you have any questions regarding
<p>Please feel free to <a href="contact.php">Contact Us</a> if you have any questions regarding
Mahara.</p>
<p><a href="http://mahara.org">http://mahara.org</a></p>';
......@@ -62,8 +62,8 @@ builder and social networking system, connecting users and creating
online communities. Mahara provides you with the tools to set up a
personal learning and development environment.</p>
<p>For more information you can read [About] Mahara or alternatively
please feel free to [Contact Us].</p>';
<p>For more information you can read <a href="about.php">About</a> Mahara or alternatively
please feel free to <a href="contact.php">Contact Us</a>.</p>';
$string['loggedouthomedefaultcontent'] = '<p>Welcome to Mahara</p>
<p>Mahara is a fully featured electronic portfolio, weblog, resume
......@@ -71,8 +71,8 @@ builder and social networking system, connecting users and creating
online communities. Mahara provides you with the tools to set up a
personal learning and development environment.</p>
<p>For more information you can read [About] Mahara or alternatively
please feel free to [Contact Us].</p>';
<p>For more information you can read <a href="about.php">About</a> Mahara or alternatively
please feel free to <a href="contact.php">Contact Us</a>.</p>';
$string['privacydefaultcontent'] = '<h3>Introduction</h3>
<p>We are committed to protecting your privacy and providing users with
......@@ -131,25 +131,27 @@ visit this site.</p>
<h3>Contact</h3>
<p>If you have any questions regarding this Statement or believe we
have not adhered to the above criteria, please [Contact Us] and we
have not adhered to the above criteria, please <a href="contact.php">Contact Us</a> and we
will use all reasonable efforts to remedy the issue.</p>';
$string['termsandconditionsdefaultcontent'] = '<p>Terms and Conditions</p>
<p>By using [eP Site Name] you are agreeing to the Terms and Conditions
given below.</p>
<p>Our obligations The [eP Site Name] Site Administrators will undertake
<p>Our obligations</p>
<p>The [eP Site Name] Site Administrators will undertake
all reasonable steps to provide all users with a safe , secure and
operational electronic portfolio system. If at any time you feel your
rights as a user have not been upheld or you have any questions
regarding the below, please [Contact Us] immediately.</p>
regarding the below, please <a href="contact.php">Contact Us</a> immediately.</p>
<p>[eP Site Name] will occasionally be unavailable for short periods of
time as we release new system features. We will endeavour to provide
at least 3 working days notice of any scheduled outage.</p>
<p>You are encouraged to report objectionable material or inappropriate
behaviour to the Site Administrator | [Contact Us] immediately. We
behaviour to the Site Administrator | <a href="contact.php">Contact Us</a> immediately. We
will ensure the matter is investigated in a timely manner.</p>
<p>Site Administrators may access your portfolio and its contents at
......@@ -157,7 +159,8 @@ anytime, however they will avoid doing so unless specifically required
to support your use of <eP SiteName> or as per these Terms and
Conditions.</p>
<p>Your obligations The <Privacy Statement> should be considered an
<p>Your obligations</p>
<p> The <a href="privacy.php">Privacy Statement</a> should be considered an
extension of these Terms and Conditions and be read by all users.</p>
<p>Your [eP Site Name] account will expire after a given period of time
......@@ -198,14 +201,13 @@ nuisance or offensive by the Site Administrator.</p>
<p>Any unsolicited contact you receive as a result of personal
information you have publicly released via your portfolio is your
responsibility, however any misconduct in behaviour from users of the
system should be reported to the Site Administrator | [Contact Us]
system should be reported to the Site Administrator | <a href="contact.php">Contact Us</a>
immediately. We may occasionally make minor adjustments to our Terms
and Condition to reflect changes to the system and in response to user
feedback. As such we suggest you check the Terms and Conditions each
time you visit this site. We will however notify users of any major
changes to the Terms and Conditions via the [eP Site Name] homepage.</p>';
$string['uploadcopyrightdefaultcontent'] = '<p>Do you promise you\'ve got permission to use the file
you\'re about to upload, cross your heart, on pain of death, give up
your soul and your first-born, etc.?</p>';
you\'re about to upload? If infringing stuff gets posted here, it\'s not our fault, it\'s yours.</p>';
?>
......@@ -29,20 +29,25 @@ defined('INTERNAL') || die();
$string['about'] = 'About';
$string['home'] = 'Home';
$string['loggedouthome'] = 'Logged out Home';
$string['privacy'] = 'Privacy';
$string['sessiontimedout'] = 'Your session has timed out, please enter your login details to continue';
$string['termsandconditions'] = 'Terms and conditions';
$string['uploadcopyright'] = 'Upload copyright';
$string['cancel'] = 'Cancel';
$string['sitecontentnotfound'] = '%s text not available';
// auth
$string['accountexpired'] = 'Sorry, your account has expired';
$string['accountsuspended'] = 'Your account has been suspeneded as of %s. The reason for your suspension is:<blockquote>%s</blockquote>';
$string['loggedoutok'] = 'You have been logged out successfully';
$string['login'] = 'Log In';
$string['loginfailed'] = 'You have not provided the correct credentials to log in. Please check your username and password are correct.';
$string['password'] = 'Password';
$string['passworddesc'] = 'Your password';
$string['passwordhelp'] = 'The password you use to access the system.';
$string['privacy'] = 'Privacy';
$string['sessiontimedout'] = 'Your session has timed out, please enter your login details to continue';
$string['termsandconditions'] = 'Terms and conditions';
$string['uploadcopyright'] = 'Upload copyright';
$string['username'] = 'Username';
$string['usernamedesc'] = 'Your username';
$string['usernamehelp'] = 'The username you have been given to access this system.';
$string['cancel'] = 'Cancel';
// Admin site page editor
$string['discardchanges'] = 'Discard your changes to this page?';
......@@ -51,6 +56,7 @@ $string['pagename'] = 'Page name';
$string['pagetext'] = 'Page text';
// mahara.js
$string['namedfieldempty'] = 'The required field "%s" is empty';
$string['processingform'] = 'Processing form';
$string['requiredfieldempty'] = 'A required field is empty';
$string['unknownerror'] = 'An unknown error occurred (0x20f91a0)';
......
......@@ -41,7 +41,7 @@
<FIELD NAME="id" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="true" />
<FIELD NAME="username" TYPE="char" LENGTH="30" NOTNULL="true" />
<FIELD NAME="password" TYPE="char" LENGTH="40" NOTNULL="true" />
<FIELD NAME="institution" TYPE="char" LENGTH="255" NOTNULL="true"/>
<FIELD NAME="institution" TYPE="char" LENGTH="255" NOTNULL="true" DEFAULT="mahara"/>
<FIELD NAME="salt" TYPE="char" LENGTH="8" />
<FIELD NAME="passwordchange" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
<FIELD NAME="deleted" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" />
......
......@@ -520,6 +520,7 @@ function get_records_sql($sql,$values, $limitfrom='', $limitnum='') {
* Return value as for {@link get_rows}
*
* @param string $sql the SQL select query to execute.
* @param array values of placeholders in the SQL
* @param int $limitfrom return a subset of records, starting at this point (optional, required if $limitnum is set).
* @param int $limitnum return a subset comprising this many records (optional, required if $limitfrom is set).
* @return mixed an array of objects, or false if no records were found.
......
......@@ -82,7 +82,7 @@ function form_renderer_table($builtelement, $rawelement) {
}
if (!empty($rawelement['error'])) {
$result .= "\t<tr>\n\t\t<td class=\"errmsg\">";
$result .= "\t<tr>\n\t\t<td colspan=\"2\" class=\"errmsg\">";
$result .= hsc($rawelement['error']);
$result .= "</td>\n\t</tr>\n";
}
......
......@@ -142,15 +142,6 @@ function ensure_internal_plugins_exist() {
function get_string($identifier, $section='mahara') {
$langconfigstrs = array('parentlanguage', 'strftimedate', 'strftimedateshort', 'strftimedatetime',
'strftimedaydate', 'strftimedaydatetime', 'strftimedayshort', 'strftimedaytime',
'strftimemonthyear', 'strftimerecent', 'strftimerecentfull', 'strftimetime',
'thislanguage');
if (in_array($identifier, $langconfigstrs)) {
$section = 'langconfig';
}
$variables = func_get_args();
if (count($variables) > 2) { // we have some stuff we need to sprintf
array_shift($variables);
......@@ -160,6 +151,40 @@ function get_string($identifier, $section='mahara') {
$variables = array();
}
return get_string_location($identifier, $section, $variables);
}
// get a string without sprintfing it.
function get_raw_string($identifier, $section='mahara') {
// For a raw string we don't want to format any arguments using
// sprintf, so the replace function passed to get_string_location
// should just return the first argument and ignore the second.
return get_string_location($identifier, $section, array(), create_function('$a,$b','return $a;'));
}
/**
* This function gets a language string identified by $identifier from
* an appropriate location, and formats the string and any arguments
* in $variables using the function $replacefunc.
*
* @param string $identifier
* @param string $section
* @param array $variables
* @param function $replacefunc
* @return string
*/
function get_string_location($identifier, $section, $variables, $replacefunc='format_langstring') {
$langconfigstrs = array('parentlanguage', 'strftimedate', 'strftimedateshort', 'strftimedatetime',
'strftimedaydate', 'strftimedaydatetime', 'strftimedayshort', 'strftimedaytime',
'strftimemonthyear', 'strftimerecent', 'strftimerecentfull', 'strftimetime',
'thislanguage');
if (in_array($identifier, $langconfigstrs)) {
$section = 'langconfig';
}
$lang = current_language();
// Define the locations of language strings for this section
......@@ -173,7 +198,7 @@ function get_string($identifier, $section='mahara') {
$extras = plugin_types(); // more later..
foreach ($extras as $tocheck) {
if (strpos($section,$tocheck . '.') === 0) {
$pluginname = substr($section,strlen($tocheck) + 1);
$pluginname = substr($section ,strlen($tocheck) + 1);
$locations[] = $docroot . $tocheck . '/' . $pluginname . '/lang/';
}
}
......@@ -185,7 +210,7 @@ function get_string($identifier, $section='mahara') {
$langfile = $location . $lang . '/' . $section . '.php';
if (is_readable($langfile)) {
if ($result = get_string_from_file($identifier, $langfile)) {
return format_langstring($result, $variables);
return $replacefunc($result, $variables);
}
}
}
......@@ -197,7 +222,6 @@ function get_string($identifier, $section='mahara') {
}
// Is a parent language defined? If so, try to find this string in a parent language file
foreach ($locations as $location) {
$langfile = $location . $lang . '/langconfig.php';
if (is_readable($langfile)) {
......@@ -205,7 +229,7 @@ function get_string($identifier, $section='mahara') {
$langfile = $location . $parentlang . '/' . $section . '.php';
if (is_readable($langfile)) {
if ($result = get_string_from_file($identifier, $langfile)) {
return format_langstring($result, $variables);
return $replacefunc($result, $variables);
}
}
}
......@@ -218,7 +242,7 @@ function get_string($identifier, $section='mahara') {
$langfile = $location . 'en.utf8/' . $section . '.php';
if (is_readable($langfile)) {
if ($result = get_string_from_file($identifier, $langfile)) {
return format_langstring($result, $variables);
return $replacefunc($result, $variables);
}
}
}
......@@ -227,7 +251,6 @@ function get_string($identifier, $section='mahara') {
}
/**
* This function is only used from {@link get_string()}.
*
......@@ -560,6 +583,13 @@ function site_content_pages() {
return array('about','home','loggedouthome','privacy','termsandconditions','uploadcopyright');
}
function get_site_page_content($pagename) {
if ($pagedata = @get_record('site_content','name',$pagename)) {
return $pagedata->content;
}
return get_string('sitecontentnotfound','mahara',get_string($pagename));
}
/**