public/main/auth/set_temp_password.php
<?php
/* For license terms, see /license.txt */
use ChamiloSession as Session;
/**
* This page aims at requesting a password from a user to access a course
* protected by password. If the password matches the course password, we
* store the fact that user can access it during its session.
*/
$cidReset = true;
require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES;
$courseId = isset($_GET['course_id']) ? intval($_GET['course_id']) : null;
$sessionId = isset($_GET['session_id']) ? intval($_GET['session_id']) : null;
$userId = api_get_user_id();
/**
* Security check.
*/
if (empty($courseId)) {
api_not_allowed();
}
$courseInfo = api_get_course_info_by_id($courseId);
// Build the form
$form = new FormValidator(
'set_temp_password',
'POST',
api_get_self().'?course_id='.$courseId.'&session_id='.$sessionId
);
$form->addElement('header', get_lang('This course requires a password'));
$form->addElement('hidden', 'course_id', $courseId);
$form->addElement('hidden', 'session_id', $sessionId);
$form->addElement('password', 'course_password', get_lang('Password'));
$form->addButtonSave(get_lang('Accept'));
if ($form->validate()) {
$formValues = $form->exportValues();
if (sha1($formValues['course_password']) === $courseInfo['registration_code']) {
Session::write('course_password_'.$courseInfo['real_id'], true);
header('Location: '.api_get_course_url($courseInfo['real_id'], $sessionId).
'&action=subscribe&sec_token='.Security::get_existing_token());
exit;
} else {
Display::addFlash(
Display::return_message(get_lang('The course password is incorrect'), 'error')
);
}
}
$tpl = new Template(null);
$tpl->assign('content', $form->toHtml());
$tpl->display_one_col_template();