$depqryadd = '';
$dep = isset($_POST['department']) ? intval($_POST['department']) : 0;
if ($dep || isDepartmentAdmin()) {
$depqryadd = ', user_department';
$subs = array();
if ($dep) {
$subs = $tree->buildSubtrees(array($dep));
} else {
if (isDepartmentAdmin()) {
$subs = $user->getDepartmentIds($uid);
}
}
$count = 0;
foreach ($subs as $key => $id) {
$terms[] = $id;
validateNode($id, isDepartmentAdmin());
$count++;
}
$pref = $c ? 'a' : 'user';
$criteria[] = $pref . '.user.id = user_department.user';
$criteria[] = 'department IN (' . array_fill(0, $count, '?s') . ')';
}
$qry_criteria = count($criteria) ? implode(' AND ', $criteria) : '';
// end filter/criteria
if (!empty($c)) {
$qry_base = " FROM user AS a LEFT JOIN course_user AS b ON a.id = b.user_id {$depqryadd} WHERE b.course_id = ?d ";
array_unshift($terms, $c);
if ($qry_criteria) {
$qry_base .= ' AND ' . $qry_criteria;
}
$qry = "SELECT DISTINCT a.username " . $qry_base . " ORDER BY a.username ASC";
$reqtype = '';
$linkreg = $langProfReg;
$linkget = '';
}
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin);
// Main body
$close = isset($_GET['close']) ? $_GET['close'] : (isset($_POST['close']) ? $_POST['close'] : '');
$id = isset($_GET['id']) ? intval($_GET['id']) : (isset($_POST['id']) ? intval($_POST['id']) : '');
$show = isset($_GET['show']) ? $_GET['show'] : (isset($_POST['show']) ? $_POST['show'] : '');
// id validation
if ($id > 0) {
$req = Database::get()->querySingle("SELECT faculty_id FROM user_request WHERE id = ?d", $id);
if ($req->faculty_id > 0) {
validateNode($req->faculty_id, isDepartmentAdmin());
}
}
// department admin additional query where clause
$depqryadd = '';
if (isDepartmentAdmin()) {
$deps = $user->getDepartmentIds($uid);
$depqryadd = ' AND faculty_id IN (' . implode(', ', $deps) . ')';
}
// Deal with navigation
switch ($show) {
case "closed":
$toolName = $langReqHaveClosed;
$pagination_link = '&show=closed';
$tool_content .= action_bar(array(array('title' => $langBackAdmin, 'url' => "index.php", 'icon' => 'fa-reply', 'level' => 'primary-label')));
}
// Update course basic information
if (isset($_POST['submit'])) {
$departments = isset($_POST['department']) ? $_POST['department'] : array();
// if depadmin then diff new/old deps and if new or deleted deps are out of juristinction, then error
if (isDepartmentAdmin()) {
$olddeps = $course->getDepartmentIds($cId);
foreach ($departments as $depId) {
if (!in_array($depId, $olddeps)) {
validateNode(intval($depId), true);
}
}
foreach ($olddeps as $depId) {
if (!in_array($depId, $departments)) {
validateNode($depId, true);
}
}
}
// Update query
Database::get()->query("UPDATE course SET title = ?s,\n prof_names = ?s\n WHERE code = ?s", $_POST['title'], $_POST['titulary'], $_GET['c']);
$course->refresh($cId, $departments);
$tool_content .= "<div class='alert alert-success'>{$langModifDone}</div>";
} else {
$row = Database::get()->querySingle("SELECT course.code AS code, course.title AS title, course.prof_names AS prof_name, course.id AS id\n FROM course\n WHERE course.code = ?s", $_GET['c']);
$tool_content .= "<div class='form-wrapper'>\n\t<form role='form' class='form-horizontal' action='" . $_SERVER['SCRIPT_NAME'] . "?c=" . q($_GET['c']) . "' method='post' onsubmit='return validateNodePickerForm();'>\n\t<fieldset>\n <div class='form-group'>\n\t <label for='Faculty' class='col-sm-2 control-label'>{$langFaculty}:</label>\n <div class='col-sm-10'>";
if (isDepartmentAdmin()) {
list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $course->getDepartmentIds($row->id), 'allowables' => $user->getDepartmentIds($uid)));
} else {
list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $course->getDepartmentIds($row->id)));
}
$unparsed_lines = '';
$new_users_info = array();
$newstatus = $_POST['type'] == 'prof' ? 1 : 5;
$departments = isset($_POST['facid']) ? $_POST['facid'] : array();
$am = $_POST['am'];
$fields = preg_split('/[ \\t,]+/', $_POST['fields'], -1, PREG_SPLIT_NO_EMPTY);
foreach ($fields as $field) {
if (!in_array($field, $acceptable_fields)) {
$tool_content = "<div class='alert alert-danger'>{$langMultiRegFieldError} <b>" . q($field) . "</b></div>";
draw($tool_content, 3, 'admin');
exit;
}
}
// validation for departments
foreach ($departments as $dep) {
validateNode($dep, isDepartmentAdmin());
}
$numfields = count($fields);
$line = strtok($_POST['user_info'], "\n");
while ($line !== false) {
$line = preg_replace('/#.*/', '', trim($line));
if (!empty($line)) {
$userl = preg_split('/[ \\t]+/', $line);
if (count($userl) >= $numfields) {
$info = array();
foreach ($fields as $field) {
$info[$field] = array_shift($userl);
}
if (!isset($info['email']) or !email_seems_valid($info['email'])) {
$info['email'] = '';
}
