WebSVN – Moodle – Diff – /leaderslinked/service.php

 require_once($CFG->libdir . '/gdlib.php');
 require_once($CFG->dirroot . '/user/lib.php');
 require_once(__DIR__ . '/rsa.php');
 require_once(__DIR__ . '/lib.php');
+/**
-// Obtención y sanitización de parámetros de la petición
+ * Valida los parámetros de seguridad de la petición
-$username   = trim(isset($_REQUEST['username']) ? filter_var($_REQUEST['username'], FILTER_SANITIZE_STRING) : '');
+ * @param array $params Parámetros de la petición
-$password   = trim(isset($_REQUEST['password']) ? filter_var($_REQUEST['password'], FILTER_SANITIZE_STRING) : '');
-$timestamp  = trim(isset($_REQUEST['timestamp']) ? filter_var($_REQUEST['timestamp'], FILTER_SANITIZE_STRING) : '');
-$rand       = intval(isset($_REQUEST['rand']) ? filter_var($_REQUEST['rand'], FILTER_SANITIZE_NUMBER_INT) : 0, 10);
-$data       = trim(isset($_REQUEST['data']) ? filter_var($_REQUEST['data'], FILTER_SANITIZE_STRING) : '');
+ * @return array|false Array con los parámetros validados o false si hay error
-/*
-$data = '';
-$input = fopen("php://input", "r");
+ */
-while ($line = fread($input, 1024))
+function validateSecurityParams($params)
-{
-    $data .= $line;
-}
-fclose($input);*/
-/*
+{
-echo 'username = '. $username . PHP_EOL;
+    $username = trim(isset($params['username']) ? filter_var($params['username'], FILTER_SANITIZE_STRING) : '');
-echo 'password = '. $password . PHP_EOL;
+    $password = trim(isset($params['password']) ? filter_var($params['password'], FILTER_SANITIZE_STRING) : '');
-echo 'rand = '. $rand . PHP_EOL;
+    $timestamp = trim(isset($params['timestamp']) ? filter_var($params['timestamp'], FILTER_SANITIZE_STRING) : '');
-echo 'timestamp = '. $timestamp . PHP_EOL;
+    $rand = intval(isset($params['rand']) ? filter_var($params['rand'], FILTER_SANITIZE_NUMBER_INT) : 0, 10);
+    $data = trim(isset($params['data']) ? filter_var($params['data'], FILTER_SANITIZE_STRING) : '');
+    if (empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {
-echo 'data = '. $data . PHP_EOL;
+        return ['error' => 'ERROR_SECURITY1', 'message' => 'Missing or invalid security parameters'];
+    }
-/*
-list($usec, $sec) = explode(' ', microtime());
+    if ($username != LLWS_USERNAME) {
-$seed = intval($sec + ((float) $usec * 100000));
+        return ['error' => 'ERROR_SECURITY2', 'message' => 'Invalid username'];
+    }
-$username   = LLWS_USERNAME;
+    $dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);
-$timestamp  = date('Y-m-d\TH:i:s');
+    if (!$dt) {
+        return ['error' => 'ERROR_SECURITY3', 'message' => 'Invalid timestamp format'];
+    }
-mt_srand($seed, MT_RAND_MT19937);
-$rand =  mt_rand();
+    $t0 = $dt->getTimestamp();
-$password   = LLWS_PASSWORD;
+    $t1 = strtotime('-5 minutes');
-$password  = password_hash($username.'-'. $password. '-' . $rand. '-' . $timestamp, PASSWORD_DEFAULT);
+    $t2 = strtotime('+5 minutes');
-$data       = $rsa->encrypt(json_encode(['email' => 'usuario4@test.com', 'first_name' => 'usuario4', 'last_name' => 'test']));
+    if ($t0 < $t1 || $t0 > $t2) {
-*/
+        return ['error' => 'ERROR_SECURITY4', 'message' => 'Timestamp out of valid range'];
+    }
-// Validación de parámetros de seguridad
+    if (!password_verify($username . '-' . LLWS_PASSWORD . '-' . $rand . '-' . $timestamp, $password)) {
+        return ['error' => 'ERROR_SECURITY5', 'message' => 'Invalid password'];
-if (empty($username) || empty($password) || empty($timestamp) || empty($rand) || !is_integer($rand)) {
+    }
     echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY1']);
+    return [
+        'username' => $username,
-    exit;
+        'password' => $password,
-}
+        'timestamp' => $timestamp,
+        'rand' => $rand,
+        'data' => $data
+    ];
+}
-// Validación del nombre de usuario
-if ($username != LLWS_USERNAME) {
+/**
-    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY2']);
-    exit;
-}
+ * Procesa y decodifica los datos de la petición
-// Validación del formato del timestamp
-$dt = \DateTime::createFromFormat('Y-m-d\TH:i:s', $timestamp);
-if (!$dt) {
+ * @param string $data Datos encriptados
-    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY3']);
+ * @return array|false Array con los datos decodificados o false si hay error
-    exit;
+ */
-}
+function processRequestData($data)
+{
-// Validación del rango de tiempo del timestamp (±5 minutos)
+    if (empty($data)) {
-$t0 = $dt->getTimestamp();
+        return ['error' => 'ERROR_PARAMETERS1', 'message' => 'No data provided'];
-$t1 = strtotime('-5 minutes');
+    }
-$t2 = strtotime('+5 minutes');
+    $data = base64_decode($data);
+    if (empty($data)) {
-if ($t0 < $t1 || $t0 > $t2) {
+        return ['error' => 'ERROR_PARAMETERS2', 'message' => 'Invalid base64 data'];
-    //echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY4']) ;
+    }
-    //exit;
-}
+    try {
-// Validación de la contraseña
+        $rsa = new rsa();
-if (!password_verify($username . '-' . LLWS_PASSWORD . '-' . $rand . '-' . $timestamp, $password)) {
-    echo json_encode(['success' => false, 'data' => 'ERROR_SECURITY5']);
+        $rsa->setKeys(LLWS_RSA_N, LLWS_RSA_D, LLWS_RSA_E);
-    exit;
-}
-// Validación de datos
-if (empty($data)) {
-    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS1']);
+        $data = $rsa->decrypt($data);
-    exit;
-}
+    } catch (Throwable $e) {
-// Decodificación de datos en base64
+        return ['error' => 'ERROR_PARAMETERS3', 'message' => 'Decryption failed'];
-$data = base64_decode($data);
+    }
-if (empty($data)) {
-    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS2']);
+    $data = (array) json_decode($data);
-    exit;
+    if (empty($data)) {
+        return ['error' => 'ERROR_PARAMETERS4', 'message' => 'Invalid JSON data'];
-}
+    }
-// Desencriptación de datos usando RSA
+    $email = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');
+    $first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');
-try {
+    $last_name = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');
-    $rsa = new rsa();
-    $rsa->setKeys(LLWS_RSA_N, LLWS_RSA_D, LLWS_RSA_E);
+    if (!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name)) {
+        return ['error' => 'ERROR_PARAMETERS5', 'message' => 'Invalid user data'];
-    $data = $rsa->decrypt($data);
+    }
+    return [
-} catch (Throwable $e) {
+        'email' => $email,
+        'first_name' => $first_name,
-    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS3']);
+        'last_name' => $last_name,
-    exit;
+        'image_filename' => trim(isset($data['image_filename']) ? filter_var($data['image_filename'], FILTER_SANITIZE_STRING) : ''),
-}
-// Conversión de datos a array
-$data = (array) json_decode($data);
-if (empty($data)) {
-    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS4']);
-    exit;
-}
+        'image_content' => trim(isset($data['image_content']) ? filter_var($data['image_content'], FILTER_SANITIZE_STRING) : '')
+    ];
-// Extracción y validación de datos del usuario
-$email      = trim(isset($data['email']) ? filter_var($data['email'], FILTER_SANITIZE_EMAIL) : '');
+}
-$first_name = trim(isset($data['first_name']) ? filter_var($data['first_name'], FILTER_SANITIZE_STRING) : '');
-$last_name  = trim(isset($data['last_name']) ? filter_var($data['last_name'], FILTER_SANITIZE_STRING) : '');
+/**
+ * Gestiona la creación o actualización del usuario
-if (!filter_var($email, FILTER_VALIDATE_EMAIL) || empty($first_name) || empty($last_name)) {
+ * @param array $userData Datos del usuario
-    echo json_encode(['success' => false, 'data' => 'ERROR_PARAMETERS5']);
+ * @return array|false Array con el usuario o false si hay error
-    exit;
+ */
-}
+function manageUser($userData)
+{
-// Búsqueda o creación de usuario
+    global $DB;
-$user = ll_get_user_by_email($email);
-if ($user) {
-    $new_user = false;
-} else {
-    $new_user = true;
-    $username = ll_get_username_available($first_name, $last_name);
-    $user = ll_create_user($username, $email, $first_name, $last_name);
     $user = ll_get_user_by_email($userData['email']);
-    // Procesamiento de imagen de perfil si se proporciona
+    if ($user) {
+        return ['user' => $user, 'is_new' => false];
+    }
+    $username = ll_get_username_available($userData['first_name'], $userData['last_name']);
+    $user = ll_create_user($username, $userData['email'], $userData['first_name'], $userData['last_name']);
-    if ($user) {
+    if (!$user) {
-        $filename   = trim(isset($data['image_filename']) ? filter_var($data['image_filename'], FILTER_SANITIZE_EMAIL) : '');
+        return ['error' => 'ERROR_MOODLE1', 'message' => 'Failed to create user'];
-        $content    = trim(isset($data['image_content']) ? filter_var($data['image_content'], FILTER_SANITIZE_STRING) : '');
-        if ($filename && $content) {
-            $tempfile = __DIR__ . DIRECTORY_SEPARATOR . $filename;
+    }
-            try {
                 file_put_contents($filename, base64_decode($content));
+    if ($userData['image_filename'] && $userData['image_content']) {
+        $tempfile = __DIR__ . DIRECTORY_SEPARATOR . $userData['image_filename'];
-                if (file_exists($tempfile)) {
+        try {
+            file_put_contents($tempfile, base64_decode($userData['image_content']));
+            if (file_exists($tempfile)) {
+                $usericonid = process_new_icon(context_user::instance($user->id, MUST_EXIST), 'user', 'icon', 0, $tempfile);
+                if ($usericonid) {
-                    $usericonid = process_new_icon(context_user::instance($user->id, MUST_EXIST), 'user', 'icon', 0, $tempfile);
+                    $DB->set_field('user', 'picture', $usericonid, array('id' => $user->id));
+                }
                     if ($usericonid) {
-                        $DB->set_field('user', 'picture', $usericonid, array('id' => $user->id));
+        } catch (\Throwable $e) {
             // Log error but continue
         } finally {
-            } catch (\Throwable $e) {
+            if (file_exists($tempfile)) {
-            } finally {
+                unlink($tempfile);
                 if (file_exists($tempfile)) {
                     unlink($tempfile);
+    }
-            }
     return ['user' => $user, 'is_new' => true];
+}
 /**
-// Verificación de creación de usuario
+ * Gestiona la inscripción en cursos
+                    }
+                }
+            }
+        }
+    }
+    return true;
+}
+/**
-// Obtención de datos completos del usuario y login
+ * Gestiona el inicio de sesión del usuario
+ * @param object $user Usuario a iniciar sesión
+ * @return array|false Array con los datos de la sesión o false si hay error
-$user = get_complete_user_data('id', $user->id);
+ */
+function manageUserSession($user)
+{
+    global $CFG, $SESSION;
-if ($user) {
-    // Si hay una sesión existente, cerrarla primero
+    // Cerrar sesión existente si la hay
     if (isloggedin()) {
         require_logout();
     }
+    // Limpiar todas las cookies de sesión
+    if (isset($_COOKIE)) {
+        foreach ($_COOKIE as $name => $value) {
+            setcookie($name, '', time() - 3600, '/');
+            unset($_COOKIE[$name]);
+        }
+    }
+    // Limpiar la cookie de Moodle específicamente
     set_moodle_cookie('');
-    // Verificar si la cuenta está confirmada
-    if (empty($user->confirmed)) {
-        echo json_encode(['success' => false, 'data' => 'ACCOUNT_NOT_CONFIRMED']);
+    if (empty($user->confirmed)) {
-        exit;
         return ['error' => 'ACCOUNT_NOT_CONFIRMED', 'message' => 'Account not confirmed'];
+    }
     // Verificar si la contraseña ha expirado (solo para autenticación LDAP)
     $userauth = get_auth_plugin($user->auth);
     if (!isguestuser() && !empty($userauth->config->expiration) && $userauth->config->expiration == 1) {
-        $days2expire = $userauth->password_expire($user->username);
-        if (intval($days2expire) < 0) {
+        $days2expire = $userauth->password_expire($user->username);
-            echo json_encode(['success' => false, 'data' => 'PASSWORD_EXPIRED']);
+        if (intval($days2expire) < 0) {
-            exit;
             return ['error' => 'PASSWORD_EXPIRED', 'message' => 'Password has expired'];
-    }
     // Completar el proceso de inicio de sesión
-    complete_user_login($user);
+    }
     // Aplicar límite de inicio de sesión concurrente
-    \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
+    complete_user_login($user);
-    // Configurar cookie de nombre de usuario
+    \core\session\manager::apply_concurrent_login_limit($user->id, session_id());
     if (!empty($CFG->nolastloggedin)) {
-        // No almacenar último usuario conectado en cookie
+    if (!empty($CFG->nolastloggedin)) {
-    } else if (empty($CFG->rememberusername)) {
+        // No almacenar último usuario conectado en cookie
-        // Sin cookies permanentes, eliminar la anterior si existe
-        set_moodle_cookie('');
+    } else if (empty($CFG->rememberusername)) {
-    } else {
+        set_moodle_cookie('');
-        set_moodle_cookie($user->username);
-    }
     } else {
-    // Limpiar mensajes de error antes de la última redirección
-    unset($SESSION->loginerrormsg);
+        set_moodle_cookie($user->username);
     unset($SESSION->logininfomsg);
     // Descartar loginredirect si estamos redirigiendo
-    unset($SESSION->loginredirect);
+    unset($SESSION->loginerrormsg);
-    // Configurar la URL de destino
+    unset($SESSION->logininfomsg);
-    $urltogo = $CFG->wwwroot . '/my';
+    unset($SESSION->loginredirect);
     $SESSION->wantsurl = $urltogo;
     $urltogo = $CFG->wwwroot . '/my';
-    // Verificar que la sesión se haya iniciado correctamente
+    $SESSION->wantsurl = $urltogo;
     if (isloggedin() && !isguestuser()) {
-        // Enviar respuesta exitosa con datos del usuario
+    if (isloggedin() && !isguestuser()) {
-        echo json_encode([
+        return [
             'success' => true,
-            'data' => [
-                'userid' => $user->id,
-                'username' => $user->username,
-                'fullname' => fullname($user),
-                'email' => $user->email,
-                'redirect' => $urltogo
+            'data' => [
+                'userid' => $user->id,
+                'username' => $user->username,
+                'fullname' => fullname($user),
+                'email' => $user->email,
+                'redirect' => $urltogo
+            ]
+        ];
+    }
+    return ['error' => 'LOGIN_FAILED', 'message' => 'Login failed'];
+}
+// Procesamiento principal
+$securityResult = validateSecurityParams($_REQUEST);
+if (isset($securityResult['error'])) {
+    echo json_encode(['success' => false, 'data' => $securityResult['error']]);
+    exit;
+}
+$dataResult = processRequestData($securityResult['data']);
+if (isset($dataResult['error'])) {
+    echo json_encode(['success' => false, 'data' => $dataResult['error']]);
+    exit;
+}
+$userResult = manageUser($dataResult);
+if (isset($userResult['error'])) {
+    echo json_encode(['success' => false, 'data' => $userResult['error']]);
-            ]
+    exit;
         ]);
 if ($userResult['is_new']) {
+    manageCourseEnrollment($userResult['user']);
+}
+$user = get_complete_user_data('id', $userResult['user']->id);
+if (!$user) {
+    echo json_encode(['success' => false, 'data' => 'USER_NOT_FOUND']);
+    exit;
+}
-        // Redirigir al usuario
+$sessionResult = manageUserSession($user);

Proyectos de Subversion Moodle

(root)/leaderslinked/service.php – Rev 1398 → 1399