$form->applyFilter('field_name', 'trim');
$form->addRule('field_name', get_lang('ThisFieldIsRequired'), 'required');
$form->addRule('field_name', get_lang('OnlyLettersAndNumbersAllowed'), 'username');
$form->addRule('field_name', '', 'maxlength', 20);
// Set default values (only not empty when editing)
$defaults = array();
if (is_numeric($_REQUEST['field_id'])) {
    $form_information = get_specific_field_list(array('id' => (int) $_GET['field_id']));
    $defaults['field_name'] = $form_information[0]['name'];
// Submit button
$form->addElement('style_submit_button', 'submit', get_lang('Add'), 'class="add"');
// Validate form
if ($form->validate()) {
    $field = $form->exportValues();
    $field_name = $field['field_name'];
    if (is_numeric($field['field_id']) && $field['field_id'] != 0 && !empty($field['field_id'])) {
        edit_specific_field($field['field_id'], $field['field_name']);
        $message = get_lang('FieldEdited');
    } else {
        $field_id = add_specific_field($field_name);
        $message = get_lang('FieldAdded');
    header('Location: specific_fields.php?message=' . $message);
    //exit ();
// Display form
Beispiel #2
$form->addGroup($group, 'mail', get_lang('SendMailToNewUser'), ' ');
// Set default values
$defaults = array();
$defaults['username'] = $userInfo['username'];
$defaults['mail']['send_mail'] = 0;
$defaults['password']['password_auto'] = 1;
// Submit button
$select_level = array();
$html_results_enabled[] = $form->addButtonUpdate(get_lang('Update'), 'submit', true);
// Validate form
if ($form->validate()) {
    $check = Security::check_token('post');
    if ($check) {
        $user = $form->exportValues();
        $email = $userInfo['email'];
        $username = $userInfo['username'];
        $send_mail = intval($user['mail']['send_mail']);
        $auth_source = PLATFORM_AUTH_SOURCE;
        $resetPassword = $user['password']['password_auto'] == '1' ? 0 : 2;
        if (count($extAuthSource) > 0 && $user['password']['password_auto'] == '2') {
            //$auth_source = $user['password']['auth_source'];
            //$password = '******';
        } else {
            //$auth_source = PLATFORM_AUTH_SOURCE;
            //$password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
        $auth_source = $userInfo['auth_source'];
        $password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
        UserManager::update_user($userId, $userInfo['firstname'], $userInfo['lastname'], $userInfo['username'], $password, $auth_source, $userInfo['email'], $userInfo['status'], $userInfo['official_code'], $userInfo['phone'], $userInfo['picture_uri'], $userInfo['expiration_date'], $userInfo['active'], $userInfo['creator_id'], $userInfo['hr_dept_id'], null, $userInfo['language'], null, false, $resetPassword);
 * form to add a category
 * @todo move to TestCategory.class.php
 * @param string $action
function add_category_form($action)
    $action = Security::remove_XSS($action);
    // initiate the object
    $form = new FormValidator('note', 'post', api_get_self() . '?action=' . $action);
    // Setting the form elements
    $form->addElement('header', get_lang('AddACategory'));
    $form->addElement('text', 'category_name', get_lang('CategoryName'), array('size' => '95'));
    $form->addHtmlEditor('category_description', get_lang('CategoryDescription'), false, false, array('ToolbarSet' => 'test_category', 'Height' => '200'));
    $form->addButtonCreate(get_lang('AddTestCategory'), 'SubmitNote');
    // setting the rules
    $form->addRule('category_name', get_lang('ThisFieldIsRequired'), 'required');
    // The validation or display
    if ($form->validate()) {
        $check = Security::check_token('post');
        if ($check) {
            $values = $form->exportValues();
            $v_name = Security::remove_XSS($values['category_name'], COURSEMANAGER);
            $v_description = Security::remove_XSS($values['category_description'], COURSEMANAGER);
            $objcat = new TestCategory(0, $v_name, $v_description);
            if ($objcat->addCategoryInBDD()) {
            } else {
    } else {
        $token = Security::get_token();
        $form->addElement('hidden', 'sec_token');
        $form->setConstants(array('sec_token' => $token));
 * Display the search form for the forum and display the search results
 * @return void display an HTML search results
 * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
 * @version march 2008, dokeos 1.8.5
function forum_search()
    // Initialize the object.
    $form = new FormValidator('forumsearch', 'post', 'forumsearch.php?' . api_get_cidreq());
    // Setting the form elements.
    $form->addElement('header', '', get_lang('ForumSearch'));
    $form->addElement('text', 'search_term', get_lang('SearchTerm'), array('autofocus'));
    $form->applyFilter('search_term', 'html_filter');
    $form->addElement('static', 'search_information', '', get_lang('ForumSearchInformation'));
    // Setting the rules.
    $form->addRule('search_term', get_lang('ThisFieldIsRequired'), 'required');
    $form->addRule('search_term', get_lang('TooShort'), 'minlength', 3);
    // Validation or display.
    if ($form->validate()) {
        $values = $form->exportValues();
        // Display the search results.
    } else {
$interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
$tpl = new Template(get_lang('ResourcesSequencing'));
$sessionListFromDatabase = SessionManager::get_sessions_list();
$sessionList = [];
if (!empty($sessionListFromDatabase)) {
    foreach ($sessionListFromDatabase as $sessionItem) {
        $sessionList[$sessionItem['id']] = $sessionItem['name'] . ' (' . $sessionItem['id'] . ')';
$formSequence = new FormValidator('sequence_form', 'post', api_get_self(), null, null, 'inline');
$formSequence->addText('name', get_lang('Sequence'), true, ['cols-size' => [3, 8, 1]]);
$formSequence->addButtonCreate(get_lang('AddSequence'), 'submit_sequence', false, ['cols-size' => [3, 8, 1]]);
$em = Database::getManager();
// Add sequence
if ($formSequence->validate()) {
    $values = $formSequence->exportValues();
    $sequence = new Sequence();
    header('Location: ' . api_get_self());
$selectSequence = new FormValidator('');
$selectSequence->addHidden('sequence_type', 'session');
$em = Database::getManager();
$sequenceList = $em->getRepository('ChamiloCoreBundle:Sequence')->findAll();
$selectSequence->addSelect('sequence', get_lang('Sequence'), $sequenceList, ['id' => 'sequence_id', 'cols-size' => [3, 7, 2]]);
$form = new FormValidator('');
$form->addHtml("<div class='col-md-6'>");
$form->addHidden('sequence_type', 'session');
Beispiel #6
     // Edit form
     $edit_form = new FormValidator('glossary', 'post', api_get_self() . '?' . api_get_cidreq() . '&action=' . Security::remove_XSS($_GET['action']) . '&glossary_id=' . Security::remove_XSS($_GET['glossary_id']));
     $edit_form->addElement('hidden', 'glossary_id');
     $edit_form->addElement('text', 'glossary_title', get_lang('TermName'), array('size' => '30'));
     $edit_form->addElement('html_editor', 'glossary_comment', get_lang('Definition'), 'style="vertical-align:middle"', $editor_config);
     $edit_form->addElement('style_submit_button', 'SubmitGlossary', get_lang('SaveDefinition'), 'class="save"');
     // setting the defaults
     $defaults = get_glossary_information(Security::remove_XSS($_GET['glossary_id']));
     // setting the rules
     $edit_form->addRule('glossary_title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
     // The validation or display
     if ($edit_form->validate()) {
         $check = Security::check_token('post');
         if ($check) {
             $values = $edit_form->exportValues();
         header('Location:index.php?' . api_get_cidReq());
     } else {
         $token = Security::get_token();
         $edit_form->addElement('hidden', 'sec_token');
         $edit_form->setConstants(array('sec_token' => $token));
 } else {
     if (isset($_GET['action']) && $_GET['action'] == 'delete_glossary') {
         //To delete glossary
         header('Location:index.php?' . api_get_cidReq());
Beispiel #7
$result = Database::query($sql);
while ($course = Database::fetch_object($result)) {
    $courses[$course->code] = $course->visual_code . ' - ' . $course->title;
$form = new FormValidator('export_users');
$form->addElement('header', $tool_name);
$form->addElement('radio', 'file_type', get_lang('OutputFileType'), 'XML', 'xml');
$form->addElement('radio', 'file_type', null, 'CSV', 'csv');
$form->addElement('radio', 'file_type', null, 'XLS', 'xls');
$form->addElement('checkbox', 'addcsvheader', get_lang('AddCSVHeader'), get_lang('YesAddCSVHeader'), '1');
$form->addElement('select', 'course_code', get_lang('OnlyUsersFromCourse'), $courses);
$form->setDefaults(array('file_type' => 'csv'));
if ($form->validate()) {
    $export = $form->exportValues();
    $file_type = $export['file_type'];
    $course_code = Database::escape_string($export['course_code']);
    $courseInfo = api_get_course_info($course_code);
    $courseId = $courseInfo['real_id'];
    $sql = "SELECT\n\t\t\t\tu.user_id \tAS UserId,\n\t\t\t\tu.lastname \tAS LastName,\n\t\t\t\tu.firstname \tAS FirstName,\n\t\t\t\tu.email \t\tAS Email,\n\t\t\t\tu.username\tAS UserName,\n\t\t\t\t" . ($_configuration['password_encryption'] != 'none' ? " " : "u.password AS Password, ") . "\n\t\t\t\tu.auth_source\tAS AuthSource,\n\t\t\t\tu.status\t\tAS Status,\n\t\t\t\tu.official_code\tAS OfficialCode,\n\t\t\t\tu.phone\t\tAS Phone";
    if (strlen($course_code) > 0) {
        $sql .= " FROM {$user_table} u, {$course_user_table} cu\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tu.user_id = cu.user_id AND\n\t\t\t\t\t\tcu.c_id = {$courseId} AND\n\t\t\t\t\t\tcu.relation_type<>" . COURSE_RELATION_TYPE_RRHH . "\n\t\t\t\t\tORDER BY lastname,firstname";
        $filename = 'export_users_' . $course_code . '_' . api_get_local_time();
    } else {
        if (api_is_multiple_url_enabled()) {
            $tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
            $access_url_id = api_get_current_access_url_id();
            if ($access_url_id != -1) {
                $sql .= " FROM {$user_table} u\n\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} as user_rel_url\n\t\t\t\tON (u.user_id= user_rel_url.user_id)\n\t\t\t\tWHERE access_url_id = {$access_url_id}\n\t\t\t\tORDER BY lastname,firstname";
Beispiel #8
  * @param string $action
 public function getSearchPages($action)
     echo '<div class="actions">' . get_lang('SearchPages') . '</div>';
     if (isset($_GET['mode_table'])) {
         if (!isset($_GET['SearchPages_table_page_nr'])) {
             $_GET['search_term'] = isset($_POST['search_term']) ? $_POST['search_term'] : '';
             $_GET['search_content'] = isset($_POST['search_content']) ? $_POST['search_content'] : '';
             $_GET['all_vers'] = isset($_POST['all_vers']) ? $_POST['all_vers'] : '';
         self::display_wiki_search_results($_GET['search_term'], $_GET['search_content'], $_GET['all_vers']);
     } else {
         // initiate the object
         $form = new FormValidator('wiki_search', 'post', api_get_self() . '?cidReq=' . api_get_course_id() . '&action=' . api_htmlentities($action) . '&session_id=' . api_get_session_id() . '&group_id=' . api_get_group_id() . '&mode_table=yes1');
         // Setting the form elements
         $form->addText('search_term', get_lang('SearchTerm'), true, array('autofocus' => 'autofocus'));
         $form->addElement('checkbox', 'search_content', null, get_lang('AlsoSearchContent'));
         $form->addElement('checkbox', 'all_vers', null, get_lang('IncludeAllVersions'));
         $form->addButtonSearch(get_lang('Search'), 'SubmitWikiSearch');
         // setting the rules
         $form->addRule('search_term', get_lang('TooShort'), 'minlength', 3);
         //TODO: before fixing the pagination rules worked, not now
         if ($form->validate()) {
             $values = $form->exportValues();
             self::display_wiki_search_results($values['search_term'], $values['search_content'], $values['all_vers']);
         } else {
 * Add (or edit) a template. This function displays the form and also takes
 * care of uploading the image and storing the information in the database
 * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
 * @version August 2008
 * @since Dokeos 1.8.6
function add_edit_template()
    // Initialize the object.
    $id = isset($_GET['id']) ? '&id=' . Security::remove_XSS($_GET['id']) : '';
    $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . Security::remove_XSS($_GET['action']) . $id);
    // Setting the form elements: the header.
    if ($_GET['action'] == 'add') {
        $title = get_lang('AddTemplate');
    } else {
        $title = get_lang('EditTemplate');
    $form->addElement('header', '', $title);
    // Setting the form elements: the title of the template.
    $form->addText('title', get_lang('Title'), false);
    // Setting the form elements: the content of the template (wysiwyg editor).
    $form->addHtmlEditor('template_text', get_lang('Text'), false, false, array('ToolbarSet' => 'AdminTemplates', 'Width' => '100%', 'Height' => '400'));
    // Setting the form elements: the form to upload an image to be used with the template.
    $form->addElement('file', 'template_image', get_lang('Image'), '');
    // Setting the form elements: a little bit information about the template image.
    $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70'));
    // Getting all the information of the template when editing a template.
    if ($_GET['action'] == 'edit') {
        // Database table definition.
        $table_system_template = Database::get_main_table('system_template');
        $sql = "SELECT * FROM {$table_system_template} WHERE id = " . intval($_GET['id']) . "";
        $result = Database::query($sql);
        $row = Database::fetch_array($result);
        $defaults['template_id'] = intval($_GET['id']);
        $defaults['template_text'] = $row['content'];
        // Forcing get_lang().
        $defaults['title'] = get_lang($row['title']);
        // Adding an extra field: a hidden field with the id of the template we are editing.
        $form->addElement('hidden', 'template_id');
        // Adding an extra field: a preview of the image that is currently used.
        if (!empty($row['image'])) {
            $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>');
        } else {
            $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_APP_PATH) . 'home/default_platform_document/template_thumb/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>');
        // Setting the information of the template that we are editing.
    // Setting the form elements: the submit button.
    $form->addButtonSave(get_lang('Ok'), 'submit');
    // Setting the rules: the required fields.
    $form->addRule('template_image', get_lang('ThisFieldIsRequired'), 'required');
    $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
    $form->addRule('template_text', get_lang('ThisFieldIsRequired'), 'required');
    // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed)
    if ($form->validate()) {
        $check = Security::check_token('post');
        if ($check) {
            // Exporting the values.
            $values = $form->exportValues();
            // Upload the file.
            if (!empty($_FILES['template_image']['name'])) {
                $upload_ok = process_uploaded_file($_FILES['template_image']);
                if ($upload_ok) {
                    // Try to add an extension to the file if it hasn't one.
                    $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
                    // The upload directory.
                    $upload_dir = api_get_path(SYS_APP_PATH) . 'home/default_platform_document/template_thumb/';
                    // Create the directory if it does not exist.
                    if (!is_dir($upload_dir)) {
                        mkdir($upload_dir, api_get_permissions_for_new_directories());
                    // Resize the preview image to max default and upload.
                    $temp = new Image($_FILES['template_image']['tmp_name']);
                    $picture_info = $temp->get_image_info();
                    $max_width_for_picture = 100;
                    if ($picture_info['width'] > $max_width_for_picture) {
                    $temp->send_image($upload_dir . $new_file_name);
            // Store the information in the database (as insert or as update).
            $table_system_template = Database::get_main_table('system_template');
            if ($_GET['action'] == 'add') {
                $content_template = Security::remove_XSS($values['template_text'], COURSEMANAGERLOWSECURITY);
                $params = ['title' => $values['title'], 'content' => $content_template, 'image' => $new_file_name];
                Database::insert($table_system_template, $params);
                // Display a feedback message.
                echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>';
            } else {
                $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>' . Database::escape_string($values['template_text']) . '</body>';
                $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "', content = '" . $content_template . "'";
                if (!empty($new_file_name)) {
                    $sql .= ", image = '" . Database::escape_string($new_file_name) . "'";
                $sql .= " WHERE id = " . intval($_GET['id']) . "";
                // Display a feedback message.
    } else {
        $token = Security::get_token();
        $form->addElement('hidden', 'sec_token');
        $form->setConstants(array('sec_token' => $token));
        // Display the form.
 $values['course_language'] = $course_request_info['course_language'];
 $values['title'] = $course_request_info['title'];
 $values['description'] = $course_request_info['description'];
 $values['category_code'] = $course_request_info['category_code'];
 $values['tutor_name'] = $course_request_info['tutor_name'];
 $values['visual_code'] = $course_request_info['visual_code'];
 $values['request_date'] = $course_request_info['request_date'];
 $values['objetives'] = $course_request_info['objetives'];
 $values['target_audience'] = $course_request_info['target_audience'];
 $values['status'] = $course_request_info['status'];
 $values['info'] = $course_request_info['info'];
 $values['exemplary_content'] = $course_request_info['exemplary_content'];
 // Validate the form and perform the ordered actions.
 if ($form->validate()) {
     $course_request_values = $form->exportValues();
     // Filter incoming data.
     foreach ($course_request_values as &$value) {
         $value = trim(Security::remove_XSS(stripslashes($value)));
     // Detection which submit button has been pressed.
     $submit_button = isset($_POST['save_button']) ? 'save_button' : (isset($_POST['accept_button']) ? 'accept_button' : (isset($_POST['reject_button']) ? 'reject_button' : (isset($_POST['ask_info_button']) ? 'ask_info_button' : 'submit_button')));
     // Check the course code for avoiding duplication.
     $course_code_ok = $course_request_values['wanted_code'] == $course_request_info['code'] ? true : !CourseRequestManager::course_code_exists($course_request_values['wanted_code']);
     if ($course_code_ok) {
         $message = array();
         $is_error_message = false;
         // Update the course request.
         $update_ok = CourseRequestManager::update_course_request($id, $course_request_values['wanted_code'], $course_request_values['title'], $course_request_values['description'], $course_request_values['category_code'], $course_request_values['course_language'], $course_request_values['objetives'], $course_request_values['target_audience'], $course_request_values['user_id'], $course_request_values['exemplary_content']);
         if ($update_ok) {
             $message[] = sprintf(get_lang('CourseRequestUpdated'), $course_request_values['wanted_code']);
 * Add (or edit) a template. This function displays the form and also takes care of uploading the image and storing the information in the database
 * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
 * @version August 2008
 * @since Dokeos 1.8.6
function add_edit_template()
    // initiate the object
    $form = new FormValidator('template', 'post', 'settings.php?category=Templates&action=' . $_GET['action'] . '&id=' . $_GET['id']);
    // settting the form elements: the header
    if ($_GET['action'] == 'add') {
        $title = get_lang('AddTemplate');
    } else {
        $title = get_lang('EditTemplate');
    $form->addElement('header', '', $title);
    // settting the form elements: the title of the template
    $form->add_textfield('title', get_lang('Title'), false);
    // settting the form elements: the content of the template (wysiwyg editor)
    $form->addElement('html_editor', 'template_text', get_lang('Text'));
    // settting the form elements: the form to upload an image to be used with the template
    $form->addElement('file', 'template_image', get_lang('Image'), '');
    // settting the form elements: a little bit information about the template image
    $form->addElement('static', 'file_comment', '', get_lang('TemplateImageComment100x70'));
    // getting all the information of the template when editing a template
    if ($_GET['action'] == 'edit') {
        // Database table definition
        $table_system_template = Database::get_main_table('system_template');
        $sql = "SELECT * FROM {$table_system_template} WHERE id = '" . Database::escape_string($_GET['id']) . "'";
        $result = api_sql_query($sql, __FILE__, __LINE__);
        $row = Database::fetch_array($result);
        $defaults['template_id'] = $_GET['id'];
        $defaults['template_text'] = $row['content'];
        $defaults['title'] = $row['title'];
        // adding an extra field: a hidden field with the id of the template we are editing
        $form->addElement('hidden', 'template_id');
        // adding an extrra field: a preview of the image that is currently used
        if (!empty($row['image'])) {
            $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/' . $row['image'] . '" alt="' . get_lang('TemplatePreview') . '"/>');
        } else {
            $form->addElement('static', 'template_image_preview', '', '<img src="' . api_get_path(WEB_PATH) . 'home/default_platform_document/noimage.gif" alt="' . get_lang('NoTemplatePreview') . '"/>');
        // setting the information of the template that we are editing
    // settting the form elements: the submit button
    $form->addElement('style_submit_button', 'submit', get_lang('Ok'), 'class="save"');
    // setting the rules: the required fields
    $form->addRule('title', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
    $form->addRule('template_text', '<div class="required">' . get_lang('ThisFieldIsRequired'), 'required');
    // if the form validates (complies to all rules) we save the information, else we display the form again (with error message if needed)
    if ($form->validate()) {
        // exporting the values
        $values = $form->exportValues();
        // upload the file
        if (!empty($_FILES['template_image']['name'])) {
            include_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php';
            $upload_ok = process_uploaded_file($_FILES['template_image']);
            if ($upload_ok) {
                // Try to add an extension to the file if it hasn't one
                $new_file_name = add_ext_on_mime(stripslashes($_FILES['template_image']['name']), $_FILES['template_image']['type']);
                // upload dir
                $upload_dir = api_get_path(SYS_PATH) . 'home/default_platform_document/';
                // create dir if not exists
                if (!is_dir($upload_dir)) {
                    $perm = api_get_setting('permissions_for_new_directories');
                    $perm = octdec(!empty($perm) ? $perm : '0770');
                    $res = @mkdir($upload_dir, $perm);
                // resize image to max default and upload
                require_once api_get_path(LIBRARY_PATH) . 'image.lib.php';
                $temp = new image($_FILES['template_image']['tmp_name']);
                $picture_infos = @getimagesize($_FILES['template_image']['tmp_name']);
                $max_width_for_picture = 100;
                if ($picture_infos[0] > $max_width_for_picture) {
                    $thumbwidth = $max_width_for_picture;
                    if (empty($thumbwidth) or $thumbwidth == 0) {
                        $thumbwidth = $max_width_for_picture;
                    $new_height = round($thumbwidth / $picture_infos[0] * $picture_infos[1]);
                    $temp->resize($thumbwidth, $new_height, 0);
                $type = $picture_infos[2];
                switch (!empty($type)) {
                    case 2:
                        $temp->send_image('JPG', $upload_dir . $new_file_name);
                    case 3:
                        $temp->send_image('PNG', $upload_dir . $new_file_name);
                    case 1:
                        $temp->send_image('GIF', $upload_dir . $new_file_name);
        // store the information in the database (as insert or as update)
        $table_system_template = Database::get_main_table('system_template');
        if ($_GET['action'] == 'add') {
            $sql = "INSERT INTO {$table_system_template} (title, content, image) VALUES ('" . Database::escape_string($values['title']) . "','" . Database::escape_string($values['template_text']) . "','" . Database::escape_string($new_file_name) . "')";
            $result = api_sql_query($sql, __FILE__, __LINE__);
            // display a feedback message
            echo '<a href="settings.php?category=Templates&amp;action=add">' . Display::return_icon('add_template.gif', get_lang('AddTemplate')) . get_lang('AddTemplate') . '</a>';
        } else {
            $sql = "UPDATE {$table_system_template} set title = '" . Database::escape_string($values['title']) . "',\n\t\t\t\t\t\t\t\t\t\t\t   \t\t  content = '" . Database::escape_string($values['template_text']) . "'";
            if (!empty($new_file_name)) {
                $sql .= ", image = '" . Database::escape_string($new_file_name) . "'";
            $sql .= " WHERE id='" . Database::escape_string($_GET['id']) . "'";
            $result = api_sql_query($sql, __FILE__, __LINE__);
            // display a feedback message
    } else {
        // display the form
Beispiel #12
     * Displays a form with all the additionally defined user fields of the profile
     * and give you the opportunity to include these in the CSV export
     * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
     * @version Dokeos 1.8.6
     * @since November 2008
    public static function display_user_overview_export_options()
        // include the user manager and formvalidator library
        if ($_GET['export'] == 'options') {
            // get all the defined extra fields
            $extrafields = UserManager::get_extra_fields(0, 50, 5, 'ASC', false, 1);

            // creating the form with all the defined extra fields
            $form = new FormValidator('exportextrafields', 'post', api_get_self()."?view=".Security::remove_XSS($_GET['view']).'&display='.Security::remove_XSS($_GET['display']).'&export='.Security::remove_XSS($_GET['export']));

            if (is_array($extrafields) && count($extrafields) > 0) {
                foreach ($extrafields as $key => $extra) {
                    $form->addElement('checkbox', 'extra_export_field'.$extra[0], '', $extra[3]);
                $form->addElement('style_submit_button','submit', get_lang('Ok'),'class="save"' );

                // setting the default values for the form that contains all the extra fields
                if (is_array($_SESSION['additional_export_fields'])) {
                    foreach ($_SESSION['additional_export_fields'] as $key => $value) {
                        $defaults['extra_export_field'.$value] = 1;
            } else {
                $form->addElement('html', Display::display_warning_message(get_lang('ThereAreNotExtrafieldsAvailable')));

            if ($form->validate()) {
                // exporting the form values
                $values = $form->exportValues();

                // re-initialising the session that contains the additional fields that need to be exported
                $_SESSION['additional_export_fields'] = array();

                // adding the fields that are checked to the session
                $message = '';
                foreach ($values as $field_ids => $value) {
                    if ($value == 1 && strstr($field_ids,'extra_export_field')) {
                        $_SESSION['additional_export_fields'][] = str_replace('extra_export_field', '', $field_ids);

                // adding the fields that will be also exported to a message string
                if (is_array($_SESSION['additional_export_fields'])) {
                    foreach ($_SESSION['additional_export_fields'] as $key => $extra_field_export) {
                        $message .= '<li>'.$extrafields[$extra_field_export][3].'</li>';

                // Displaying a feedback message
                if (!empty($_SESSION['additional_export_fields'])) {
                    Display::display_confirmation_message(get_lang('FollowingFieldsWillAlsoBeExported').': <br /><ul>'.$message.'</ul>', false);
                } else  {
                    Display::display_confirmation_message(get_lang('NoAdditionalFieldsWillBeExported'), false);
                $message = '';
            } else {

        } else {
            if (!empty($_SESSION['additional_export_fields'])) {
                // get all the defined extra fields
                $extrafields = UserManager::get_extra_fields(0, 50, 5, 'ASC');

                foreach ($_SESSION['additional_export_fields'] as $key => $extra_field_export) {
                    $message .= '<li>'.$extrafields[$extra_field_export][3].'</li>';

                Display::display_normal_message(get_lang('FollowingFieldsWillAlsoBeExported').': <br /><ul>'.$message.'</ul>', false);
                $message = '';
$groups = GroupPortalManager::get_groups_list($group_id);
$groups[0] = get_lang('NoParentship');
$group_data['parent_group'] = GroupPortalManager::get_parent_group($group_id);
$form->addElement('select', 'parent_group', get_lang('GroupParentship'), $groups, array());
// Status
$status = array();
$status[GROUP_PERMISSION_OPEN] = get_lang('Open');
$status[GROUP_PERMISSION_CLOSED] = get_lang('Closed');
$form->addElement('select', 'visibility', get_lang('GroupPermissions'), $status, array());
// Submit button
$form->addElement('style_submit_button', 'submit', get_lang('ModifyInformation'), 'class="save"');
// Set default values
// Validate form
if ($form->validate()) {
    $group = $form->exportValues();
    $picture_element = $form->getElement('picture');
    $picture = $picture_element->getValue();
    $picture_uri = $group_data['picture_uri'];
    if ($group['delete_picture']) {
        $picture_uri = GroupPortalManager::delete_group_picture($group_id);
    } elseif (!empty($picture['name'])) {
        $picture_uri = GroupPortalManager::update_group_picture($group_id, $_FILES['picture']['name'], $_FILES['picture']['tmp_name']);
    $name = $group['name'];
    $description = $group['description'];
    $url = $group['url'];
    $status = intval($group['visibility']);
    $parent_group_id = intval($group['parent_group']);
    GroupPortalManager::update($group_id, $name, $description, $url, $status, $picture_uri);
    GroupPortalManager::set_parent_group($group_id, $parent_group_id);
 * Display the search form for the forum and display the search results
 * @return void display an HTML search results
 * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
 * @version march 2008, dokeos 1.8.5
function forum_search()
    global $origin;
    // Initialize the object.
    $form = new FormValidator('forumsearch', 'post', 'forumsearch.php?origin=' . $origin . '');
    // Settting the form elements.
    $form->addElement('header', '', get_lang('ForumSearch'));
    $form->addElement('text', 'search_term', get_lang('SearchTerm'), 'class="input_titles" id="search_title"');
    $form->applyFilter('search_term', 'html_filter');
    $form->addElement('static', 'search_information', '', get_lang('ForumSearchInformation'));
    $form->addElement('style_submit_button', null, get_lang('Search'), 'class="search"');
    // Setting the rules.
    $form->addRule('search_term', get_lang('ThisFieldIsRequired'), 'required');
    $form->addRule('search_term', get_lang('TooShort'), 'minlength', 3);
    // Validation or display.
    if ($form->validate()) {
        $values = $form->exportValues();
        // Display the search results.
    } else {
Beispiel #15
            $parent_select->addOption($label, $folder);
            if ($selected != '') {
if ($is_certificate_mode) {
    $form->addElement('style_submit_button', 'submit', get_lang('CreateCertificate'), 'class="save"');
} else {
    $form->addElement('style_submit_button', 'submit', get_lang('CreateDoc'), 'class="save"');
// If form validates -> save the new document
if ($form->validate()) {
    $values = $form->exportValues();
    $readonly = isset($values['readonly']) ? 1 : 0;
    $values['title'] = trim($values['title']);
    if (!empty($values['curdirpath'])) {
        $dir = $values['curdirpath'];
    if ($dir[strlen($dir) - 1] != '/') {
        $dir .= '/';
    //Setting the filename
    $filename = $values['title'];
    $filename = addslashes(trim($filename));
    $filename = Security::remove_XSS($filename);
    $filename = api_replace_dangerous_char($filename);
    $filename = FileManager::disable_dangerous_file($filename);
    //Setting the title
Beispiel #16
 public static function displayTrackingAccessOverView($courseId, $sessionId, $studentId)
     $courseId = intval($courseId);
     $sessionId = intval($sessionId);
     $studentId = intval($studentId);
     $em = Database::getManager();
     $sessionRepo = $em->getRepository('ChamiloCoreBundle:Session');
     $courseList = [];
     $sessionList = [];
     $studentList = [];
     if (!empty($courseId)) {
         $course = $em->find('ChamiloCoreBundle:Course', $courseId);
         $courseList[$course->getId()] = $course->getTitle();
     if (!empty($sessionId)) {
         $session = $em->find('ChamiloCoreBundle:Session', $sessionId);
         $sessionList[$session->getId()] = $session->getName();
     if (!empty($studentId)) {
         $student = $em->find('ChamiloUserBundle:User', $studentId);
         $studentList[$student->getId()] = $student->getCompleteName();
     $form = new FormValidator('access_overview', 'GET');
     $form->addElement('select_ajax', 'course_id', get_lang('SearchCourse'), $courseList, ['url' => api_get_path(WEB_AJAX_PATH) . 'course.ajax.php?' . http_build_query(['a' => 'search_course_by_session_all', 'session_id' => $sessionId])]);
     $form->addElement('select_ajax', 'session_id', get_lang('SearchSession'), $sessionList, ['url_function' => "\n                    function () {\n                        var params = \$.param({\n                            a: 'search_session_by_course',\n                            course_id: \$('#course_id').val() || 0\n                        });\n\n                        return '" . api_get_path(WEB_AJAX_PATH) . "session.ajax.php?' + params;\n                    }\n                "]);
     $form->addSelect('profile', get_lang('Profile'), ['' => get_lang('Select'), STUDENT => get_lang('Student'), COURSEMANAGER => get_lang('CourseManager'), DRH => get_lang('Drh')], ['id' => 'profile']);
     $form->addElement('select_ajax', 'student_id', get_lang('SearchUsers'), $studentList, ['placeholder' => get_lang('All'), 'url_function' => "\n                    function () {\n                        var params = \$.param({\n                            a: 'search_user_by_course',\n                            session_id: \$('#session_id').val(),\n                            course_id: \$('#course_id').val()\n                        });\n\n                        return '" . api_get_path(WEB_AJAX_PATH) . "course.ajax.php?' + params;\n                    }\n                "]);
     $form->addDateRangePicker('date', get_lang('DateRange'), true, ['id' => 'date_range', 'format' => 'YYYY-MM-DD', 'timePicker' => 'false', 'validate_format' => 'Y-m-d']);
     $form->addHidden('display', 'accessoverview');
     $form->addRule('course_id', get_lang('Required'), 'required');
     $form->addRule('profile', get_lang('Required'), 'required');
     $form->addButton('submit', get_lang('Generate'), 'gear', 'primary');
     $table = null;
     if ($form->validate()) {
         $table = new SortableTable('tracking_access_overview', ['MySpace', 'getNumberOfRrackingAccessOverview'], ['MySpace', 'getUserDataAccessTrackingOverview'], 0);
         $table->additional_parameters = $form->exportValues();
         $table->set_header(0, get_lang('LoginDate'), true);
         $table->set_header(1, get_lang('Username'), true);
         if (api_is_western_name_order()) {
             $table->set_header(2, get_lang('FirstName'), true);
             $table->set_header(3, get_lang('LastName'), true);
         } else {
             $table->set_header(2, get_lang('LastName'), true);
             $table->set_header(3, get_lang('FirstName'), true);
         $table->set_header(4, get_lang('Clicks'), false);
         $table->set_header(5, get_lang('IP'), false);
         $table->set_header(6, get_lang('TimeLoggedIn'), false);
     $template = new Template(null, false, false, false, false, false, false);
     $template->assign('form', $form->returnForm());
     $template->assign('table', $table ? $table->return_table() : null);
     echo $template->fetch($template->get_template('my_space/accessoverview.tpl'));
  * Shows statistics about the time of last visit to each course.
 static function print_course_last_visit()
     $access_url_rel_course_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
     $current_url_id = api_get_current_access_url_id();
     $columns[0] = 'c_id';
     $columns[1] = 'access_date';
     $sql_order[SORT_ASC] = 'ASC';
     $sql_order[SORT_DESC] = 'DESC';
     $per_page = isset($_GET['per_page']) ? intval($_GET['per_page']) : 10;
     $page_nr = isset($_GET['page_nr']) ? intval($_GET['page_nr']) : 1;
     $column = isset($_GET['column']) ? intval($_GET['column']) : 0;
     $date_diff = isset($_GET['date_diff']) ? intval($_GET['date_diff']) : 60;
     if (!in_array($_GET['direction'], array(SORT_ASC, SORT_DESC))) {
         $direction = SORT_ASC;
     } else {
         $direction = isset($_GET['direction']) ? $_GET['direction'] : SORT_ASC;
     $form = new FormValidator('courselastvisit', 'get');
     $form->addElement('hidden', 'report', 'courselastvisit');
     $form->add_textfield('date_diff', get_lang('Days'), true);
     $form->addRule('date_diff', 'InvalidNumber', 'numeric');
     $form->addElement('style_submit_button', 'submit', get_lang('Search'), 'class="search"');
     if (!isset($_GET['date_diff'])) {
         $defaults['date_diff'] = 60;
     } else {
         $defaults['date_diff'] = Security::remove_XSS($_GET['date_diff']);
     $values = $form->exportValues();
     $date_diff = $values['date_diff'];
     $table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LASTACCESS);
     $tableCourse = Database::get_main_table(TABLE_MAIN_COURSE);
     if (api_is_multiple_url_enabled()) {
         $sql = "SELECT access_date, c.code FROM {$table} s , {$access_url_rel_course_table} u, {$tableCourse} c\n                    WHERE c.id = u.c_id AND c.id = s.c_id AND access_url_id='" . $current_url_id . "' " . "GROUP BY access_cours_code " . "HAVING s.c_id <> '' " . "AND DATEDIFF( '" . date('Y-m-d h:i:s') . "' , access_date ) <= " . $date_diff;
     } else {
         $sql = "SELECT access_date, c.code FROM {$table} , {$tableCourse} c\n                    WHERE c_id = c.id\n                    GROUP BY c_id\n                    HAVING c_id <> ''AND\n                    DATEDIFF( '" . date('Y-m-d h:i:s') . "' , access_date ) <= " . $date_diff;
     $res = Database::query($sql);
     $number_of_courses = Database::num_rows($res);
     $sql .= ' ORDER BY ' . $columns[$column] . ' ' . $sql_order[$direction];
     $from = ($page_nr - 1) * $per_page;
     $sql .= ' LIMIT ' . $from . ',' . $per_page;
     echo '<p>' . get_lang('LastAccess') . ' &gt;= ' . $date_diff . ' ' . get_lang('Days') . '</p>';
     $res = Database::query($sql);
     if (Database::num_rows($res) > 0) {
         $courses = array();
         while ($obj = Database::fetch_object($res)) {
             $course = array();
             $course[] = '<a href="' . api_get_path(WEB_PATH) . 'courses/' . $obj->code . '">' . $obj->code . ' <a>';
             //Allow sort by date hiding the numerical date
             $course[] = '<span style="display:none;">' . $obj->access_date . '</span>' . api_convert_and_format_date($obj->access_date);
             $courses[] = $course;
         $parameters['date_diff'] = $date_diff;
         $parameters['report'] = 'courselastvisit';
         $table_header[] = array(get_lang("CourseCode"), true);
         $table_header[] = array(get_lang("LastAccess"), true);
         Display::display_sortable_table($table_header, $courses, array('column' => $column, 'direction' => $direction), array(), $parameters);
     } else {
         echo get_lang('NoSearchResults');
  * function which process the creation of exercises
  * @param FormValidator $form the formvalidator instance
 function processCreation($form, $type = '')
     $values = $form->exportValues();
     if ($form->getSubmitValue('activate_start_date_check') == 1) {
         $start_time = $form->getSubmitValue('start_time');
         $start_time['F'] = sprintf('%02d', $start_time['F']);
         $start_time['i'] = sprintf('%02d', $start_time['i']);
         $start_time['d'] = sprintf('%02d', $start_time['d']);
         $this->start_time = $start_time['Y'] . '-' . $start_time['F'] . '-' . $start_time['d'] . ' ' . $start_time['H'] . ':' . $start_time['i'] . ':00';
     } else {
         $this->start_time = '0000-00-00 00:00:00';
     if ($form->getSubmitValue('activate_end_date_check') == 1) {
         $end_time = $form->getSubmitValue('end_time');
         $end_time['F'] = sprintf('%02d', $end_time['F']);
         $end_time['i'] = sprintf('%02d', $end_time['i']);
         $end_time['d'] = sprintf('%02d', $end_time['d']);
         $this->end_time = $end_time['Y'] . '-' . $end_time['F'] . '-' . $end_time['d'] . ' ' . $end_time['H'] . ':' . $end_time['i'] . ':00';
     } else {
         $this->end_time = '0000-00-00 00:00:00';
     if ($form->getSubmitValue('enabletimercontrol') == 1) {
         $expired_total_time = $form->getSubmitValue('enabletimercontroltotalminutes');
         if ($this->expired_time == 0) {
             $this->expired_time = $expired_total_time;
     } else {
         $this->expired_time = 0;
     if ($form->getSubmitValue('randomAnswers') == 1) {
         $this->random_answers = 1;
     } else {
         $this->random_answers = 0;