lib/lmslib.php

   1 <?php
   2 /** library of functions to deal with lms integration
   3 */
   4
   5 // constants for validation
   6 define('LMS_NO_SUCH_HOST','NO SUCH LMSHOST');
   7 define('LMS_NO_SUCH_USER','NO SUCH USER');
   8 define('LMS_INVALID_HASH','INVALID HASH');
   9 define('LMS_INVALID_NETWORK','INVALID IP ADDRESS');
  10 define('LMS_SNOOPY_USER_AGENT','Elgg/LMS integration');
  11
  12 require_once($CFG->dirroot.'/lib/snoopy/Snoopy.class.inc');
  13
  14 function find_lms_user($installid,$username,$signature,$confirmaction=null,$firstname=null,$lastname=null,$email=null) {
  15     global $CFG;
  16     // find this host from the installid
  17     if (empty($CFG->lmshosts) || !is_array($CFG->lmshosts) || !array_key_exists($installid,$CFG->lmshosts)) {
  18         return LMS_NO_SUCH_HOST;
  19     }
  20     $host = $CFG->lmshosts[$installid];
  21
  22     // validate our md5 hash
  23     if ($confirmaction == 'signupconfirmation') {
  24         $stringtohash = $installid.'|'.$username.'|'.$firstname.'|'.$lastname.'|'.$email.'|'.$host['token'];
  25     } else {
  26         $stringtohash = $installid.'|'.$username.'|'.$host['token'];
  27         // firstname, lastname and email cannot be relied upon not to change
  28         // so we only want to add them to the hash on signup, not for auth or anything else.
  29     }
  30     $checksig = md5($stringtohash);
  31     if ($checksig != $signature) {
  32         return LMS_INVALID_HASH;
  33     }
  34
  35     // if we have an ip address, check it.
  36     if (array_key_exists('networkaddress',$host) && empty($confirmaction)) {
  37         if (!address_in_subnet(getremoteaddr(),$host['networkaddress'])) {
  38             return LMS_INVALID_NETWORK;
  39         }
  40     }
  41
  42     if (!empty($confirmaction) && !empty($host['confirmurl'])) {
  43         $client = new Snoopy();
  44         $client->agent = LMS_SNOOPY_USER_AGENT;
  45         $client->read_timeout = 5;
  46         $client->use_gzip = true;
  47         $postdata = array('action' => $confirmaction, 'username' => $username, 'signature' => $signature);
  48         @$client->submit($host['confirmurl'],$postdata);
  49         if ($client->results != 'OK') {
  50             return clean_param($client->results,PARAM_CLEAN);
  51         }
  52     }
  53
  54     // find our user (we only want to check username and installid, the others could potentially change..
  55     if (!$user = get_record_sql('SELECT u.* FROM '.$CFG->prefix.'users u
  56                         JOIN '.$CFG->prefix.'users_alias ua ON ua.user_id = u.ident
  57                         WHERE ua.installid = ? AND ua.username = ?',array($installid,$username))) {
  58         return LMS_NO_SUCH_USER;
  59     }
  60     return $user;
  61 }
  62
  63 function lms_get_folder($installid,$foldername,$user) {
  64
  65     // look for the installid folder first.
  66     if (!$folder = get_record('file_folders','owner',$user->ident,'name',$installid)) {
  67          // we have to make it.
  68          $folder = new StdClass;
  69          $folder->name = $installid;
  70          $folder->owner = $user->ident;
  71          $folder->files_owner = $user->ident;
  72          $folder->parent = -1;
  73          $folder->access = 'user'.$user->ident; // ew
  74          $folder->ident = insert_record('file_folders',$folder);
  75      }
  76
  77     if (!$subfolder = get_record('file_folders','owner',$user->ident,'name',$foldername,'parent',$folder->ident)) {
  78          // we have to make it.
  79          $subfolder = new StdClass;
  80          $subfolder->name = $foldername;
  81          $subfolder->owner = $user->ident;
  82          $subfolder->files_owner = $user->ident;
  83          $subfolder->parent = $folder->ident;
  84          $subfolder->access = 'user'.$user->ident; // ew
  85          $subfolder->ident = insert_record('file_folders',$subfolder);
  86     }
  87
  88     return $subfolder;
  89 }
  90
  91 ?>