diff --git a/app/controllers/LoginRegController.php b/app/controllers/LoginRegController.php index 5659c1bb77..69a6fba1a6 100644 --- a/app/controllers/LoginRegController.php +++ b/app/controllers/LoginRegController.php @@ -69,7 +69,7 @@ function registerForm($t_user = "") { $va_elements = array(); foreach($va_profile_prefs as $vs_pref) { $va_pref_info = $t_user->getPreferenceInfo($vs_pref); - $va_elements[$vs_pref] = array('element' => $t_user->preferenceHtmlFormElement($vs_pref), 'formatted_element' => $t_user->preferenceHtmlFormElement($vs_pref, "
".$va_pref_info['label']."
^ELEMENT
"), 'bs_formatted_element' => $t_user->preferenceHtmlFormElement($vs_pref, "
^ELEMENT
\n", array("classname" => "form-control")), 'info' => $va_pref_info, 'label' => $va_pref_info['label']); + $va_elements[$vs_pref] = array('element' => $t_user->preferenceHtmlFormElement($vs_pref), 'formatted_element' => $t_user->preferenceHtmlFormElement($vs_pref, "
".$va_pref_info['label']."
^ELEMENT
"), 'bs_formatted_element' => $t_user->preferenceHtmlFormElement($vs_pref, "
^ELEMENT
\n", array("classname" => "form-control")), 'info' => $va_pref_info, 'label' => $va_pref_info['label']); } $this->view->setVar("profile_settings", $va_elements); @@ -135,7 +135,9 @@ function profileSave() { $ps_password = $this->request->getParameter("password", pString); $ps_password2 = $this->request->getParameter("password2", pString); $ps_security = $this->request->getParameter("security", pString); - $va_errors = array(); + $ps_group_code = $this->request->getParameter("group_code", pString); + + $va_errors = []; if (!caCheckEmailAddress($ps_email)) { $va_errors["email"] = _t("E-mail address is not valid."); @@ -187,6 +189,12 @@ function profileSave() { $t_user->set("password", $ps_password); } } + + $t_group_to_join = null; + if (strlen($ps_group_code) && !($t_group_to_join = $this->_validateGroup($ps_group_code))){ + $va_errors["group_code"] = _t("Group code %1 is not valid", $ps_group_code); + } + // Check user profile responses $va_profile_prefs = $t_user->getValidPreferences('profile'); if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) { @@ -210,7 +218,19 @@ function profileSave() { $va_errors["general"] = join("; ", $t_user->getErrors()); }else{ #success - $this->notification->addNotification(_t("Updated profile"), __NOTIFICATION_TYPE_INFO__); + + # User has provided a group code + if ($t_group_to_join && ($group_id = $t_group_to_join->getPrimaryKey())) { + if(!$t_user->inGroup($group_id)){ + $t_user->addToGroups($group_id); + $vs_group_message = _t("You were added to group %1", $t_group_to_join->get('name')); + }else{ + $vs_group_message = _t("You are already a member of group %1", $t_group_to_join->get('name')); + } + } + + + $this->notification->addNotification(_t("Updated profile").($vs_group_message ? "
{$vs_group_message}" : ""), __NOTIFICATION_TYPE_INFO__); // If we are editing the user record of the currently logged in user // we have a problem: the request object flushes out changes to its own user object // for the logged-in user at the end of the request overwriting any changes we've made. @@ -239,14 +259,13 @@ function login() { $this->loginForm(); } else { # --- user is joining a user group from a supplied link - if(Session::getVar("join_user_group_id")){ + if(Session::getVar("join_user_group_id") && $this->_validateGroup(Session::getVar("join_user_group_id"))){ if(!$this->request->user->inGroup(Session::getVar("join_user_group_id"))){ $this->request->user->addToGroups(Session::getVar("join_user_group_id")); - Session::setVar("join_user_group_id", ""); + Session::setVar('join_user_group_id', ''); $vs_group_message = _t(" and added to the group"); }else{ - Session::setVar("join_user_group_id", ""); - $vs_group_message = _t(" you are already a member of the group"); + Session::setVar('join_user_group_id', ''); } } if($this->request->isAjax()){ @@ -264,7 +283,7 @@ function login() { $vs_action = 'Index'; } $vs_url = caNavUrl($this->request, $vs_module_path, $vs_controller, $vs_action); - $this->notification->addNotification(_t("You have been logged in").$vs_group_message, __NOTIFICATION_TYPE_INFO__); + $this->notification->addNotification(_t("You have been logged in").($vs_group_message ? "
{$vs_group_message}" : ""), __NOTIFICATION_TYPE_INFO__); $this->response->setRedirect($vs_url); } } @@ -277,7 +296,7 @@ function logout() { if (sizeof($va_tmp)) { $vs_controller = array_pop($va_tmp); } if (sizeof($va_tmp)) { $vs_module_path = join('/', $va_tmp); } } else { - $vs_controller = 'Splash'; + $vs_controller = 'Front'; $vs_action = 'Index'; } $vs_url = caNavUrl($this->request, $vs_module_path, $vs_controller, $vs_action); @@ -291,7 +310,7 @@ function logout() { # ------------------------------------------------------- function register() { if (!caValidateCSRFToken($this->request, null, ['notifications' => $this->notification])) { - $this->register(); + $this->registerForm(); return; } if ( @@ -318,6 +337,7 @@ function register() { $ps_password2 = $this->request->getParameter("password2", pString); $ps_security = $this->request->getParameter("security", pString); $ps_captcha = $this->request->getParameter("g-recaptcha-response", pString); + $ps_group_code = $this->request->getParameter("group_code", pString); $va_errors = array(); @@ -351,21 +371,21 @@ function register() { } $co_security = $this->request->config->get('registration_security'); if($co_security == 'captcha'){ - if(strlen($this->request->config->get('google_recaptcha_sitekey')) != 40 || strlen($this->request->config->get('google_recaptcha_secretkey')) != 40){ - // Then the captcha will not work and should not be implemenented. - $co_security = 'equation_sum'; + if(!(defined("__CA_GOOGLE_RECAPTCHA_SECRET_KEY__") && __CA_GOOGLE_RECAPTCHA_SECRET_KEY__) || !(defined("__CA_GOOGLE_RECAPTCHA_KEY__") && __CA_GOOGLE_RECAPTCHA_KEY__)){ + //Then the captcha will not work and should not be implemenented. + $co_security = 'equation_sum'; } } if($co_security == 'captcha'){ if(!$ps_captcha){ - $va_errors["recaptcha"] = _t("Please complete the captcha"); + $va_errors["recaptcha"] = _t("Please complete the captcha"); } else { $va_request = curl_init(); curl_setopt($va_request, CURLOPT_URL, 'https://www.google.com/recaptcha/api/siteverify'); curl_setopt($va_request, CURLOPT_HEADER, 0); curl_setopt($va_request, CURLOPT_RETURNTRANSFER, 1); curl_setopt($va_request, CURLOPT_POST, 1); - $va_request_params = ['secret'=>$this->request->config->get('google_recaptcha_secretkey'), 'response'=>$ps_captcha]; + $va_request_params = ['secret'=>__CA_GOOGLE_RECAPTCHA_SECRET_KEY__, 'response'=>$ps_captcha]; curl_setopt($va_request, CURLOPT_POSTFIELDS, $va_request_params); $va_captcha_resp = curl_exec($va_request); $captcha_json = json_decode($va_captcha_resp, true); @@ -373,17 +393,28 @@ function register() { $va_errors["recaptcha"] = _t("Your Captcha was rejected, please try again"); } } - } elseif (!$ps_security) { - $va_errors["security"] = _t("Please answer the security question."); - } elseif($ps_security != $_REQUEST["sum"]){ - $va_errors["security"] = _t("Your answer was incorrect, please try again"); + } else { + if ((!$ps_security)) { + $va_errors["security"] = _t("Please answer the security question."); + }else{ + if($ps_security != $_REQUEST["sum"]){ + $va_errors["security"] = _t("Your answer was incorrect, please try again"); + } + } + } + + // check that group code exists if specified + $t_group_to_join = null; + if (strlen($ps_group_code) && !($t_group_to_join = $this->_validateGroup($ps_group_code))) { + $va_errors["group_code"] = _t("Group code %1 is not valid", $ps_group_code); } + // Check user profile responses $va_profile_prefs = $t_user->getValidPreferences('profile'); if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) { foreach($va_profile_prefs as $vs_pref) { $vs_pref_value = $this->request->getParameter('pref_'.$vs_pref, pString); - if (!$t_user->isValidPreferenceValue($vs_pref, $vs_pref_value) && ($t_user->numErrors() > 0)) { + if (!$t_user->isValidPreferenceValue($vs_pref, $vs_pref_value)) { $va_errors[$vs_pref] = join("; ", $t_user->getErrors()); $t_user->clearErrors(); @@ -448,7 +479,7 @@ function register() { # ------------- } } - $t_user->set("registered_on",_t("now")); + $t_user->set("registered_on","now"); // Save user profile responses if (is_array($va_profile_prefs) && sizeof($va_profile_prefs)) { @@ -475,20 +506,31 @@ function register() { $t_user->addRoles($va_default_roles); } # --- user is joining a user group from a supplied link - if(Session::getVar("join_user_group_id")){ + if(Session::getVar("join_user_group_id") && $this->_validateGroup(Session::getVar("join_user_group_id"))) { if(!$t_user->inGroup(Session::getVar("join_user_group_id"))){ $t_user->addToGroups(Session::getVar("join_user_group_id")); - Session::setVar("join_user_group_id", ""); + Session::setVar('join_user_group_id', ''); $vs_group_message = _t(" You were added to the group"); }else{ - Session::setVar("join_user_group_id", ""); + Session::setVar('join_user_group_id', ''); $vs_group_message = _t(" You are already a member of the group"); } } + + # User has provided a group code + if ($t_group_to_join && ($group_id = $t_group_to_join->getPrimaryKey())) { + if(!$t_user->inGroup($group_id)){ + $t_user->addToGroups($group_id); + $vs_group_message = _t("You were added to group %1", $t_group_to_join->get('name')); + }else{ + $vs_group_message = _t("You are already a member of group %1", $t_group_to_join->get('name')); + } + } # --- send email confirmation $o_view = new View($this->request, array($this->request->getViewsDirectoryPath())); - + $o_view->setVar("t_user", $t_user); + # -- generate email subject line from template $vs_subject_line = $o_view->render("mailTemplates/reg_conf_subject.tpl"); @@ -512,7 +554,6 @@ function register() { caSendmail($this->request->config->get("ca_admin_email"), $this->request->config->get("ca_admin_email"), $vs_subject_line, $vs_mail_message_text, $vs_mail_message_html); } - #$t_user = new ca_users(); $vs_action = $vs_controller = $vs_module_path = ''; if ($vs_default_action = $this->request->config->get('default_action')) { $va_tmp = explode('/', $vs_default_action); @@ -561,26 +602,30 @@ function register() { } # ------------------------------------------------------- function joinGroup() { - $t_user_group = new ca_user_groups(); - $pn_group_id = $this->request->getParameter("group_id", pInteger); - if($pn_group_id){ + $t_user_group = $this->_validateGroup($group_code = $this->request->getParameter("group_code", pString)); + + if (!$t_user_group) { + $this->view->setVar("message", _t("Group code %1 is not valid", $group_code)); + return; + } + if($t_user_group){ + $group_id = $t_user_group->getPrimaryKey(); + if($this->request->isLoggedIn()){ - if(!$this->request->user->inGroup($pn_group_id)){ - $this->request->user->addToGroups($pn_group_id); - Session::setVar("join_user_group_id", ""); - $vs_group_message = _t("You were added to the group"); + if(!$this->request->user->inGroup($group_id)){ + $this->request->user->addToGroups($group_id); + $group_message = _t("You were added to the group"); }else{ - Session::setVar("join_user_group_id", ""); - $vs_group_message = _t("You are already a member of the group"); + $group_message = _t("You are already a member of the group"); } - $this->notification->addNotification($vs_group_message, __NOTIFICATION_TYPE_INFO__); - if(!$vs_controller = $this->request->getParameter("section", pString)){ - $vs_controller = "Lightbox"; + Session::setVar('join_user_group_id', ''); + $this->notification->addNotification($group_message, __NOTIFICATION_TYPE_INFO__); + if(!$controller = $this->request->getParameter("section", pString)){ + $controller = "Lightbox"; } - $this->response->setRedirect(caNavUrl($this->request, "", $vs_controller, "Index")); - }else{ - $t_user_group->load($pn_group_id); - Session::setVar("join_user_group_id", $pn_group_id); + $this->response->setRedirect(caNavUrl($this->request, "", $controller, "Index")); + } else { + Session::setVar('join_user_group_id', $group_id); $this->view->setVar("message", _t("Login/Register to join \"%1\"", $t_user_group->get("name"))); $this->loginForm(); } @@ -720,4 +765,25 @@ function resetSave(){ } } # ------------------------------------------------------- + /** + * + */ + private function _validateGroup(string $group) { + if(!strlen($group)) { + $this->view->setVar("message", _t("Group code is empty")); + return false; + } + $t_user_group = null; + if(is_numeric($group)) { + $t_user_group = ca_user_groups::find(['group_id' => (int)$group, 'for_public_use' => 1], ['returnAs' => 'firstModelInstance']); + } else { + $t_user_group = ca_user_groups::find(['code' => (string)$group, 'for_public_use' => 1], ['returnAs' => 'firstModelInstance']); + } + if (!$t_user_group) { + $this->view->setVar("message", _t("Group %1 is not valid", $group)); + return false; + } + return $t_user_group; + } + # ------------------------------------------------------- } diff --git a/themes/default/views/Classroom/list_html.php b/themes/default/views/Classroom/list_html.php index 526d8e2a1a..14a0b76d88 100644 --- a/themes/default/views/Classroom/list_html.php +++ b/themes/default/views/Classroom/list_html.php @@ -155,7 +155,7 @@ if($va_user_group["description"]){ print "
"._t("Description")."
".$va_user_group["description"]."
"; } - print "
"._t("Url to join group")."
"; + print "
"._t("Url to join group")."
"; print "
"._t("Members")."
"; if(is_array($va_user_group["members"]) && sizeof($va_user_group["members"])){ print "