summaryrefslogtreecommitdiffstats
path: root/inc/user.inc.php
diff options
context:
space:
mode:
Diffstat (limited to 'inc/user.inc.php')
-rw-r--r--inc/user.inc.php23
1 files changed, 19 insertions, 4 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php
index 28a1fd5..16ec77d 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -81,7 +81,7 @@ class User
public static function isTutor()
{
- return isset(self::$user['role']) && self::$user['role'] === 'tutor';
+ return isset(self::$user['role']) && self::$user['role'] === 'TUTOR';
}
public static function isAdmin()
@@ -158,18 +158,30 @@ class User
. ' aber der IdP Ihrer Einrichtung scheint die benötigten Metadaten nicht'
. ' an den bwLehrpool-SP zu übermitteln. Bitte wenden Sie sich an den Support.');
}
+ Session::delete();
return false;
}
// Try user from local DB
self::$user = Database::queryFirst('SELECT userid, shibid, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
self::$isInDb = self::$user !== false;
+ if (!self::$isInDb) {
+ Session::delete();
+ }
return self::$isInDb;
}
// Try bwIDM etc.
if (!$hasSession) {
+ // Make sure cookies are enabled
+ if (!empty($_SERVER['Shib-Session-ID'])) {
+ if (isset($_GET['force-cookie']))
+ die('Bitte aktivieren Sie Cookies und Javascript!');
+
+ }
Session::create();
Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand()));
Session::save();
+ if (!empty($_SERVER['Shib-Session-ID']))
+ Util::redirect('?do=Main&force-cookie=true.dat');
}
self::$isShib = true;
if (!isset($_SERVER['sn']))
@@ -187,10 +199,13 @@ class User
'email' => $_SERVER['mail'],
);
// Figure out whether the user should be considered a tutor
- if (isset($_SERVER['affiliation']) && preg_match('/(^|;)employee@/', $_SERVER['affiliation']))
- self::$user['role'] = 'tutor';
+ if (isset($_SERVER['affiliation']) && (strpos(";{$_SERVER['affiliation']}", ';employee@') !== false
+ || strpos(";{$_SERVER['affiliation']}", ';staff@') !== false))
+ self::$user['role'] = 'TUTOR';
elseif (isset($_SERVER['entitlement']) && strpos(";{$_SERVER['entitlement']};", ';http://bwidm.de/entitlement/bwLehrpool;') !== false)
- self::$user['role'] = 'tutor';
+ self::$user['role'] = 'TUTOR';
+ else
+ self::$user['role'] = 'STUDENT';
// Try to figure out organization
if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out))
self::$user['organization'] = $out[1];