Skip to content

Commit

Permalink
Delete encrypt reference, improve hash validation, add secret_key plu…
Browse files Browse the repository at this point in the history 
…gin setting, update tpl - refs BT#9092
  • Loading branch information
Daniel Barreto committed Feb 12, 2015
1 parent c6fd153 commit 2f800f7
Show file tree
Hide file tree
Showing 58 changed files with 200 additions and 12,080 deletions.
128 changes: 47 additions & 81 deletions plugin/advancedsubscription/ajax/advsub.ajax.php
View file
@@ -1,32 +1,34 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Created by PhpStorm.
* User: dbarreto
* Date: 22/12/14
* Time: 01:51 PM
* Script to receipt request to subscribe and confirmation action to queue
* @author Daniel Alejandro Barreto Alva <daniel.barreto@beeznest.com>
* @package chamilo.plugin.advancedsubscription
*/

/**
* Init
*/
require_once __DIR__ . '/../config.php';

$plugin = AdvancedSubscriptionPlugin::create();
$hash = $_REQUEST['v'];
unset($_REQUEST['v']);
$data['a'] = $a = $_REQUEST['a'];
$data['s'] = $s = intval($_REQUEST['s']);
$hash = Security::remove_XSS($_REQUEST['v']);
$data['a'] = Security::remove_XSS($_REQUEST['a']);
$data['s'] = intval($_REQUEST['s']);
$data['current_user_id'] = intval($_REQUEST['current_user_id']);
$data['u'] = $u = intval($_REQUEST['u']);
$data['q'] = $q = intval($_REQUEST['q']);
$data['e'] = $e = intval($_REQUEST['e']);
$verified = $plugin->checkHash($data, $hash);
$data['is_connected'] = isset($_REQUEST['is_connected']) ? $_REQUEST['is_connected'] : false;
$data['profile_completed'] = isset($_REQUEST['profile_completed']) ? $_REQUEST['profile_completed'] : 0;
$data['u'] = intval($_REQUEST['u']);
$data['q'] = intval($_REQUEST['q']);
$data['e'] = intval($_REQUEST['e']);
$data['is_connected'] = isset($_REQUEST['is_connected']) ? boolval($_REQUEST['is_connected']) : false;
$data['profile_completed'] = isset($_REQUEST['profile_completed']) ? floatval($_REQUEST['profile_completed']) : 0;
$verified = $plugin->checkHash($data, $hash) || $data['a'] == 'subscribe';
// Init result array
$result = array('error' => true, 'errorMessage' => 'There was an error');
if ($verified) {
switch($a) {
switch($data['a']) {
case 'check': // Check minimum requirements
try {
$res = AdvancedSubscriptionPlugin::create()->isAbleToRequest($u, $data);
$res = AdvancedSubscriptionPlugin::create()->isAbleToRequest($data['u'], $data);
if ($res) {
$result['error'] = false;
$result['errorMessage'] = 'No error';
Expand All @@ -40,26 +42,26 @@
}
break;
case 'subscribe': // Subscription
$bossId = UserManager::getStudentBoss($u);
$res = AdvancedSubscriptionPlugin::create()->startSubscription($u, $s, $data);
$bossId = UserManager::getStudentBoss($data['u']);
$res = AdvancedSubscriptionPlugin::create()->startSubscription($data['u'], $data['s'], $data);
if ($res === true) {
// send mail to superior
$sessionArray = api_get_session_info($s);
$sessionArray = api_get_session_info($data['s']);
$extraSession = new ExtraFieldValue('session');
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'description');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'description');
$sessionArray['description'] = $var['field_valiue'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'target');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'target');
$sessionArray['target'] = $var['field_valiue'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'mode');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'mode');
$sessionArray['mode'] = $var['field_valiue'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'publication_end_date');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'publication_end_date');
$sessionArray['publication_end_date'] = $var['field_value'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'recommended_number_of_participants');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'recommended_number_of_participants');
$sessionArray['recommended_number_of_participants'] = $var['field_valiue'];
$studentArray = api_get_user_info($u);
$studentArray = api_get_user_info($data['u']);
$studentArray['picture'] = UserManager::get_user_picture_path_by_id($studentArray['user_id'], 'web', false, true);
$studentArray['picture'] = UserManager::get_picture_user($studentArray['user_id'], $studentArray['picture']['file'], 22, USER_IMAGE_SIZE_MEDIUM);
$superiorId = UserManager::getStudentBoss($u);
$superiorId = UserManager::getStudentBoss($data['u']);
if (!empty($superiorId)) {
$superiorArray = api_get_user_info($superiorId);
} else {
Expand All @@ -79,7 +81,7 @@
if (empty($superiorId)) { // Does not have boss
$res = $plugin->updateQueueStatus($data, ADV_SUB_QUEUE_STATUS_BOSS_APPROVED);
if (!empty($res)) {
$data['admin_view_url'] = api_get_path(WEB_PLUGIN_PATH) . 'advancedsubscription/src/admin_view.php?s=' . $s;
$data['admin_view_url'] = api_get_path(WEB_PLUGIN_PATH) . 'advancedsubscription/src/admin_view.php?s=' . $data['s'];
$result['mailIds'] = $plugin->sendMail($data, ADV_SUB_ACTION_STUDENT_REQUEST_NO_BOSS);
if (!empty($result['mailIds'])) {
$result['error'] = false;
Expand All @@ -95,31 +97,10 @@
}
}
} else {
$dataUrl['a'] = $data['a'];
$dataUrl['s'] = intval($data['s']);
$dataUrl['current_user_id'] = intval($data['current_user_id']);
$dataUrl['u'] = intval($data['u']);
$dataUrl['q'] = intval($data['q']);
$dataUrl['e'] = intval($data['e']);

$dataUrl['e'] = ADV_SUB_QUEUE_STATUS_BOSS_APPROVED;
$student['acceptUrl'] = api_get_path(WEB_PLUGIN_PATH) . 'advancedsubscription/ajax/advsub.ajax.php?' .
'a=confirm&' .
's=' . $s . '&' .
'current_user_id=' . $dataUrl['current_user_id'] . '&' .
'e=' . ADV_SUB_QUEUE_STATUS_BOSS_APPROVED . '&' .
'u=' . $student['user_id'] . '&' .
'q=' . $student['queue_id'] . '&' .
'v=' . $plugin->generateHash($dataUrl);
$dataUrl['e'] = ADV_SUB_QUEUE_STATUS_BOSS_DISAPPROVED;
$student['rejectUrl'] = api_get_path(WEB_PLUGIN_PATH) . 'advancedsubscription/ajax/advsub.ajax.php?' .
'a=confirm&' .
's=' . $s . '&' .
'current_user_id=' . $dataUrl['current_user_id'] . '&' .
'e=' . ADV_SUB_QUEUE_STATUS_BOSS_APPROVED . '&' .
'u=' . $student['user_id'] . '&' .
'q=' . $student['queue_id'] . '&' .
'v=' . $plugin->generateHash($dataUrl);
$data['e'] = ADV_SUB_QUEUE_STATUS_BOSS_APPROVED;
$student['acceptUrl'] = $plugin->getQueueUrl($data);
$data['e'] = ADV_SUB_QUEUE_STATUS_BOSS_DISAPPROVED;
$student['rejectUrl'] = $plugin->getQueueUrl($data);
$result['mailIds'] = $plugin->sendMail($data, ADV_SUB_ACTION_STUDENT_REQUEST);
if (!empty($result['mailIds'])) {
$result['error'] = false;
Expand All @@ -143,42 +124,27 @@
$result['pass'] = false;
}

break;
case 'encrypt': // Encrypt
$res = $plugin->encrypt($data);
if (!empty($res) && strlen($res) > 16) {
$result['error'] = false;
$result['errorMessage'] = 'No error';
$result['pass'] = true;
} else {
if (is_string($res)) {
$result['errorMessage'] = $res;
} else {
$result['errorMessage'] = 'User can not be subscribed';
}
$result['pass'] = false;
}
break;
case 'confirm':
if (isset($e)) {
$res = $plugin->updateQueueStatus($data, $e);
if (isset($data['e'])) {
$res = $plugin->updateQueueStatus($data, $data['e']);
if ($res === true) {
$sessionArray = api_get_session_info($s);
$sessionArray = api_get_session_info($data['s']);
$extraSession = new ExtraFieldValue('session');
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'description');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'description');
$sessionArray['description'] = $var['field_valiue'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'target');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'target');
$sessionArray['target'] = $var['field_valiue'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'mode');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'mode');
$sessionArray['mode'] = $var['field_valiue'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'publication_end_date');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'publication_end_date');
$sessionArray['publication_end_date'] = $var['field_value'];
$var = $extraSession->get_values_by_handler_and_field_variable($s, 'recommended_number_of_participants');
$var = $extraSession->get_values_by_handler_and_field_variable($data['s'], 'recommended_number_of_participants');
$sessionArray['recommended_number_of_participants'] = $var['field_valiue'];
$studentArray = api_get_user_info($u);
$studentArray = api_get_user_info($data['u']);
$studentArray['picture'] = UserManager::get_user_picture_path_by_id($studentArray['user_id'], 'web', false, true);
$studentArray['picture'] = UserManager::get_picture_user($studentArray['user_id'], $studentArray['picture']['file'], 22, USER_IMAGE_SIZE_MEDIUM);
$superiorId = UserManager::getStudentBoss($u);
$superiorId = UserManager::getStudentBoss($data['u']);
if (!empty($superiorId)) {
$superiorArray = api_get_user_info($superiorId);
} else {
Expand All @@ -194,9 +160,9 @@
$data['admins'] = $adminsArray;
$data['session'] = $sessionArray;
$data['signature'] = api_get_setting('Institution');
$data['admin_view_url'] = api_get_path(WEB_PLUGIN_PATH) . 'advancedsubscription/src/admin_view.php?s=' . $s;
$data['admin_view_url'] = api_get_path(WEB_PLUGIN_PATH) . 'advancedsubscription/src/admin_view.php?s=' . $data['s'];
if (empty($data['action'])) {
switch ($e) {
switch ($data['e']) {
case ADV_SUB_QUEUE_STATUS_BOSS_APPROVED:
$data['action'] = ADV_SUB_ACTION_SUPERIOR_APPROVE;
break;
Expand All @@ -215,8 +181,8 @@
}

// Student Session inscription
if ($e == ADV_SUB_QUEUE_STATUS_ADMIN_APPROVED) {
SessionManager::suscribe_users_to_session($s, array($u), null, false);
if ($data['e'] == ADV_SUB_QUEUE_STATUS_ADMIN_APPROVED) {
SessionManager::suscribe_users_to_session($data['s'], array($data['u']), null, false);
}

$result['mailIds'] = $plugin->sendMail($data, $data['action']);
Expand Down
1 change: 0 additions & 1 deletion plugin/advancedsubscription/config.php
View file
Expand Up @@ -25,7 +25,6 @@

require_once __DIR__ . '/../../main/inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH) . 'plugin.class.php';
require_once __DIR__ . '/resources/phpcrypt/phpCrypt.php';
require_once api_get_path(LIBRARY_PATH) . 'plugin.class.php';
require_once api_get_path(PLUGIN_PATH) . 'advancedsubscription/src/AdvancedSubscriptionPlugin.class.php';
require_once api_get_path(PLUGIN_PATH) . 'advancedsubscription/src/HookAdvancedSubscription.class.php';
3 changes: 0 additions & 3 deletions plugin/advancedsubscription/resources/phpcrypt/.gitignore
View file

This file was deleted.

157 changes: 0 additions & 157 deletions plugin/advancedsubscription/resources/phpcrypt/CHANGELOG
View file

This file was deleted.

0 comments on commit 2f800f7

Please sign in to comment.