root/releases/0.6rc2/lib/lmslib.php

Revision 269, 3.5 kB (checked in by ben, 3 years ago)

--

  • Property svn:eol-style set to native
Line 
1 <?php
2 /** library of functions to deal with lms integration
3 */
4
5 // constants for validation
6 define('LMS_NO_SUCH_HOST','NO SUCH LMSHOST');
7 define('LMS_NO_SUCH_USER','NO SUCH USER');
8 define('LMS_INVALID_HASH','INVALID HASH');
9 define('LMS_INVALID_NETWORK','INVALID IP ADDRESS');
10 define('LMS_SNOOPY_USER_AGENT','Elgg/LMS integration');
11
12 require_once($CFG->dirroot.'/lib/snoopy/Snoopy.class.inc');
13
14 function find_lms_user($installid,$username,$signature,$confirmaction=null,$firstname=null,$lastname=null,$email=null) {
15     global $CFG;
16     // find this host from the installid
17     if (empty($CFG->lmshosts) || !is_array($CFG->lmshosts) || !array_key_exists($installid,$CFG->lmshosts)) {
18         return LMS_NO_SUCH_HOST;
19     }
20     $host = $CFG->lmshosts[$installid];
21     
22     // validate our md5 hash
23     if ($confirmaction == 'signupconfirmation') {
24         $stringtohash = $installid.'|'.$username.'|'.$firstname.'|'.$lastname.'|'.$email.'|'.$host['token'];
25     } else {
26         $stringtohash = $installid.'|'.$username.'|'.$host['token'];
27         // firstname, lastname and email cannot be relied upon not to change
28         // so we only want to add them to the hash on signup, not for auth or anything else.
29     }
30     $checksig = md5($stringtohash);
31     if ($checksig != $signature) {
32         return LMS_INVALID_HASH;
33     }
34     
35     // if we have an ip address, check it.
36     if (array_key_exists('networkaddress',$host) && empty($confirmaction)) {
37         if (!address_in_subnet(getremoteaddr(),$host['networkaddress'])) {
38             return LMS_INVALID_NETWORK;
39         }
40     }   
41
42     if (!empty($confirmaction) && !empty($host['confirmurl'])) {
43         $client = new Snoopy();
44         $client->agent = LMS_SNOOPY_USER_AGENT;
45         $client->read_timeout = 5;
46         $client->use_gzip = true;
47         $postdata = array('action' => $confirmaction, 'username' => $username, 'signature' => $signature);
48         @$client->submit($host['confirmurl'],$postdata);
49         if ($client->results != 'OK') {
50             return clean_param($client->results,PARAM_CLEAN);
51         }
52     }
53
54     // find our user (we only want to check username and installid, the others could potentially change..
55     if (!$user = get_record_sql('SELECT u.* FROM '.$CFG->prefix.'users u
56                         JOIN '.$CFG->prefix.'users_alias ua ON ua.user_id = u.ident
57                         WHERE ua.installid = ? AND ua.username = ?',array($installid,$username))) {
58         return LMS_NO_SUCH_USER;
59     }
60     return $user;
61 }
62
63 function lms_get_folder($installid,$foldername,$user) {
64     
65     // look for the installid folder first.
66     if (!$folder = get_record('file_folders','owner',$user->ident,'name',$installid)) {
67          // we have to make it.
68          $folder = new StdClass;
69          $folder->name = $installid;
70          $folder->owner = $user->ident;
71          $folder->files_owner = $user->ident;
72          $folder->parent = -1;
73          $folder->access = 'user'.$user->ident; // ew
74          $folder->ident = insert_record('file_folders',$folder);
75      }
76     
77     if (!$subfolder = get_record('file_folders','owner',$user->ident,'name',$foldername,'parent',$folder->ident)) {
78          // we have to make it.
79          $subfolder = new StdClass;
80          $subfolder->name = $foldername;
81          $subfolder->owner = $user->ident;
82          $subfolder->files_owner = $user->ident;
83          $subfolder->parent = $folder->ident;
84          $subfolder->access = 'user'.$user->ident; // ew
85          $subfolder->ident = insert_record('file_folders',$subfolder);
86     }
87
88     return $subfolder;
89 }
90
91 ?>
Note: See TracBrowser for help on using the browser.