/** * @param int $userId */ function preventMultipleLogin($userId) { $table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE); $userId = intval($userId); if (api_get_settings('prevent_multiple_simultaneous_login') === 'true') { if (!empty($userId) && !api_is_anonymous()) { $isFirstLogin = Session::read('first_user_login'); if (empty($isFirstLogin)) { $sql = "SELECT login_id FROM {$table}\n WHERE login_user_id = " . $userId . " LIMIT 1"; $result = Database::query($sql); $loginData = array(); if (Database::num_rows($result)) { $loginData = Database::fetch_array($result); } $userIsReallyOnline = user_is_online($userId); // Trying double login. if (!empty($loginData) && $userIsReallyOnline == true) { session_regenerate_id(); Session::destroy(); header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=multiple_connection_not_allowed'); exit; } else { // First time Session::write('first_user_login', 1); } } } } }
/** * True if portfolios are enabled. False otherwise. * * @return boolean */ public static function is_enabled() { if (api_is_anonymous()) { return false; } $user_id = api_get_user_id(); if (empty($user_id)) { return false; } $portfolios = self::all(); if (count($portfolios) == 0) { return false; } return true; }
/** * * @return string */ public function indexAction(Application $app, $id) { $actions = null; if (api_is_platform_admin()) { $actions = '<a href="' . api_get_path(WEB_PATH) . 'main/admin/system_announcements.php">' . \Display::return_icon('edit.png', get_lang('EditSystemAnnouncement'), array(), 32) . '</a>'; } if (api_is_anonymous()) { $visibility = \SystemAnnouncementManager::VISIBLE_GUEST; } else { $visibility = api_is_allowed_to_create_course() ? \SystemAnnouncementManager::VISIBLE_TEACHER : \SystemAnnouncementManager::VISIBLE_STUDENT; } $content = \SystemAnnouncementManager::display_announcements_slider($visibility, $id); $app['template']->assign('content', $content); $app['template']->assign('actions', $actions); $response = $app['template']->renderLayout('layout_1_col.tpl'); return new Response($response, 200, array()); }
private function get_announcements($username, $course_code, $announcement_id = 0) { $session_id = api_get_session_id(); $condition_session = api_get_session_condition($session_id); $announcement_id = $announcement_id == 0 ? "" : "AND announcement.id=" . $announcement_id; $user_id = UserManager::get_user_id_from_username($username); //$listOfCourses = CourseManager::get_course_information_by_id($course_id); $course_info = CourseManager::get_course_information($course_code); $course_db = $course_info['db_name']; $tbl_item_property = Database::get_course_table(TABLE_ITEM_PROPERTY, $course_db); $tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT, $course_db); $maximum = '12'; $group_memberships = GroupManager::get_group_ids($course_info['real_id'], $user_id); if (api_get_group_id() == 0) { $cond_user_id = " AND ( ip.to_user_id='" . $user_id . "'" . "OR ip.to_group_id IN (0, " . implode(", ", $group_memberships) . ")) "; } else { $cond_user_id = " AND ( ip.to_user_id='" . $user_id . "'" . "OR ip.to_group_id IN (0, " . api_get_group_id() . ")) "; } // the user is member of several groups => display personal announcements AND his group announcements AND the general announcements if (is_array($group_memberships) && count($group_memberships) > 0) { $sql = "SELECT\n announcement.*, ip.visibility, ip.to_group_id, ip.insert_user_id\n FROM {$tbl_announcement} announcement, {$tbl_item_property} ip\n WHERE announcement.id = ip.ref\n AND ip.tool='announcement'\n AND ip.visibility='1'\n {$announcement_id}\n {$cond_user_id}\n {$condition_session}\n GROUP BY ip.ref\n ORDER BY display_order DESC\n LIMIT 0,{$maximum}"; } else { // the user is not member of any group // this is an identified user => show the general announcements AND his personal announcements if ($user_id) { if (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous()) { $cond_user_id = " AND (ip.lastedit_user_id = '" . api_get_user_id() . "' OR ( ip.to_user_id='" . $user_id . "' OR ip.to_group_id='0')) "; } else { $cond_user_id = " AND ( ip.to_user_id='" . $user_id . "' OR ip.to_group_id='0') "; } $sql = "SELECT\n announcement.*, ip.visibility, ip.to_group_id, ip.insert_user_id\n FROM {$tbl_announcement} announcement, {$tbl_item_property} ip\n WHERE announcement.id = ip.ref\n AND ip.tool='announcement'\n AND ip.visibility='1'\n {$announcement_id}\n {$cond_user_id}\n {$condition_session}\n GROUP BY ip.ref\n ORDER BY display_order DESC\n LIMIT 0,{$maximum}"; } else { if (api_get_course_setting('allow_user_edit_announcement')) { $cond_user_id = " AND (ip.lastedit_user_id = '" . api_get_user_id() . "' OR ip.to_group_id='0') "; } else { $cond_user_id = " AND ip.to_group_id='0' "; } // the user is not identiefied => show only the general announcements $sql = "SELECT\n announcement.*, ip.visibility, ip.to_group_id, ip.insert_user_id\n FROM {$tbl_announcement} announcement, {$tbl_item_property} ip\n WHERE announcement.id = ip.ref\n AND ip.tool='announcement'\n AND ip.visibility='1'\n AND ip.to_group_id='0'\n {$announcement_id}\n {$condition_session}\n GROUP BY ip.ref\n ORDER BY display_order DESC\n LIMIT 0,{$maximum}"; } } $result = Database::query($sql); return $result; }
<?php // Show the CAS button to login using CAS require_once api_get_path(SYS_PATH) . 'main/auth/cas/authcas.php'; $_template['show_message'] = false; if (api_is_anonymous()) { $_template['cas_activated'] = api_is_cas_activated(); $_template['cas_configured'] = cas_configured(); $_template['show_message'] = true; // the default title $button_label = "Connexion via CAS"; if (!empty($plugin_info['settings']['add_cas_login_button_cas_button_label'])) { $button_label = api_htmlentities($plugin_info['settings']['add_cas_login_button_cas_button_label']); } // the comm $comm_label = api_htmlentities($plugin_info['settings']['add_cas_login_button_cas_button_comment']); // URL of the image $url_label = $plugin_info['settings']['add_cas_login_button_cas_image_url']; $_template['button_label'] = $button_label; $_template['comm_label'] = $comm_label; $_template['url_label'] = $url_label; }
static function display_notes() { global $_user; if (!$_GET['direction']) { $sort_direction = 'ASC'; $link_sort_direction = 'DESC'; } elseif ($_GET['direction'] == 'ASC') { $sort_direction = 'ASC'; $link_sort_direction = 'DESC'; } else { $sort_direction = 'DESC'; $link_sort_direction = 'ASC'; } // action links echo '<div class="actions">'; if (!api_is_anonymous()) { if (api_get_session_id() == 0) echo '<a href="index.php?' . api_get_cidreq() . '&action=addnote">' . Display::return_icon('new_note.png', get_lang('NoteAddNew'), '', '32') . '</a>'; elseif (api_is_allowed_to_session_edit(false, true)) { echo '<a href="index.php?' . api_get_cidreq() . '&action=addnote">' . Display::return_icon('new_note.png', get_lang('NoteAddNew'), '', '32') . '</a>'; } } else { echo '<a href="javascript:void(0)">' . Display::return_icon('new_note.png', get_lang('NoteAddNew'), '', '32') . '</a>'; } echo '<a href="index.php?' . api_get_cidreq() . '&action=changeview&view=creation_date&direction=' . $link_sort_direction . '">' . Display::return_icon('notes_order_by_date_new.png', get_lang('OrderByCreationDate'), '', '32') . '</a>'; echo '<a href="index.php?' . api_get_cidreq() . '&action=changeview&view=update_date&direction=' . $link_sort_direction . '">' . Display::return_icon('notes_order_by_date_mod.png', get_lang('OrderByModificationDate'), '', '32') . '</a>'; echo '<a href="index.php?' . api_get_cidreq() . '&action=changeview&view=title&direction=' . $link_sort_direction . '">' . Display::return_icon('notes_order_by_title.png', get_lang('OrderByTitle'), '', '32') . '</a>'; echo '</div>'; if (!in_array($_SESSION['notebook_view'], array('creation_date', 'update_date', 'title'))) { $_SESSION['notebook_view'] = 'creation_date'; } // Database table definition $t_notebook = Database :: get_course_table(TABLE_NOTEBOOK); $order_by = ""; if ($_SESSION['notebook_view'] == 'creation_date' || $_SESSION['notebook_view'] == 'update_date') { $order_by = " ORDER BY " . $_SESSION['notebook_view'] . " $sort_direction "; } else { $order_by = " ORDER BY " . $_SESSION['notebook_view'] . " $sort_direction "; } //condition for the session $session_id = api_get_session_id(); $condition_session = api_get_session_condition($session_id); $cond_extra = ($_SESSION['notebook_view'] == 'update_date') ? " AND update_date <> '0000-00-00 00:00:00'" : " "; $course_id = api_get_course_int_id(); $sql = "SELECT * FROM $t_notebook WHERE c_id = $course_id AND user_id = '" . api_get_user_id() . "' $condition_session $cond_extra $order_by"; $result = Database::query($sql); while ($row = Database::fetch_array($result)) { //validacion when belongs to a session $session_img = api_get_session_image($row['session_id'], $_user['status']); $creation_date = api_get_local_time($row['creation_date'], null, date_default_timezone_get()); $update_date = api_get_local_time($row['update_date'], null, date_default_timezone_get()); echo '<div class="sectiontitle">'; echo '<span style="float: right;"> (' . get_lang('CreationDate') . ': ' . date_to_str_ago($creation_date) . ' <span class="dropbox_date">' . $creation_date . '</span>'; if ($row['update_date'] <> $row['creation_date']) { echo ', ' . get_lang('UpdateDate') . ': ' . date_to_str_ago($update_date) . ' <span class="dropbox_date">' . $update_date . '</span>'; } echo ')</span>'; echo $row['title'] . $session_img; echo '</div>'; echo '<div class="sectioncomment">' . $row['description'] . '</div>'; echo '<div>'; echo '<a href="' . api_get_self() . '?action=editnote&notebook_id=' . $row['notebook_id'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL) . '</a>'; echo '<a href="' . api_get_self() . '?action=deletenote&notebook_id=' . $row['notebook_id'] . '" onclick="return confirmation(\'' . $row['title'] . '\');">' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>'; echo '</div>'; } }
$my_file_comment = Database::escape_string($_REQUEST['file_comment']); store_edited_agenda_item($my_id_attach, $my_file_comment); display_agenda_items(); } else { $id = (int) $_GET['id']; show_add_form($id); } } else { display_agenda_items(); } break; case "delete": $id = (int) $_GET['id']; if (!(api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $id))) { // a coach can only delete an element belonging to his session if (api_is_allowed_to_edit() && !api_is_anonymous()) { if (!empty($id)) { $res_del = delete_agenda_item($id); if ($res_del) { Display::display_normal_message(get_lang("AgendaDeleteSuccess")); } } } } display_agenda_items(); break; case "showhide": $id = (int) $_GET['id']; if (!(api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $id))) { // a coach can only delete an element belonging to his session showhide_agenda_item($id);
} else { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forum=' . Security::remove_XSS($my_forum) . '&action=delete&content=thread&id=' . $row['thread_id'] . $origin_string . "\" onclick=\"javascript:if(!confirm('" . addslashes(api_htmlentities(get_lang('DeleteCompleteThread'), ENT_QUOTES)) . "')) return false;\">" . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } display_visible_invisible_icon('thread', $row['thread_id'], $row['visibility'], array('forum' => $my_forum, 'origin' => $origin, 'gidReq' => $groupId)); display_lock_unlock_icon('thread', $row['thread_id'], $row['locked'], array('forum' => $my_forum, 'origin' => $origin, 'gidReq' => api_get_group_id())); echo '<a href="viewforum.php?' . api_get_cidreq() . '&forum=' . Security::remove_XSS($my_forum) . '&action=move&thread=' . $row['thread_id'] . $origin_string . '">' . Display::return_icon('move.png', get_lang('MoveThread'), array(), ICON_SIZE_SMALL) . '</a>'; } } $iconnotify = 'send_mail.gif'; if (is_array(isset($_SESSION['forum_notification']['thread']) ? $_SESSION['forum_notification']['thread'] : null)) { if (in_array($row['thread_id'], $_SESSION['forum_notification']['thread'])) { $iconnotify = 'send_mail_checked.gif'; } } $icon_liststd = 'user.png'; if (!api_is_anonymous() && api_is_allowed_to_session_edit(false, true)) { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forum=' . Security::remove_XSS($my_forum) . '&origin=' . $origin . '&action=notify&content=thread&id=' . $row['thread_id'] . '">' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . '</a>'; } if (api_is_allowed_to_edit(null, true) && $origin != 'learnpath') { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forum=' . Security::remove_XSS($my_forum) . '&origin=' . $origin . '&action=liststd&content=thread&id=' . $row['thread_id'] . '">' . Display::return_icon($icon_liststd, get_lang('StudentList'), array(), ICON_SIZE_SMALL) . '</a>'; } echo '</td></tr>'; } $counter++; } } echo '</table>'; echo isset($table_list) ? $table_list : ''; /* FOOTER */ if ($origin != 'learnpath') { Display::display_footer();
echo '</td>'; echo '<td class="td_actions">'; if (api_is_allowed_to_edit(false, true) && !($forum['session_id'] == 0 && intval(isset($_SESSION['id_session']) ? $_SESSION['id_session'] : null) != 0)) { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forumcategory=' . Security::remove_XSS($_GET['forumcategory']) . '&action=edit&content=forum&id=' . $forum['forum_id'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a>'; echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forumcategory=' . Security::remove_XSS($_GET['forumcategory']) . '&action=delete&content=forum&id=' . $forum['forum_id'] . "\" onclick=\"javascript:if(!confirm('" . addslashes(api_htmlentities(get_lang('DeleteForum'), ENT_QUOTES)) . "')) return false;\">" . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; display_visible_invisible_icon('forum', $forum['forum_id'], $forum['visibility'], array('forumcategory' => $_GET['forumcategory'])); display_lock_unlock_icon('forum', $forum['forum_id'], $forum['locked'], array('forumcategory' => $_GET['forumcategory'])); display_up_down_icon('forum', $forum['forum_id'], $forums_in_category); } $iconnotify = 'send_mail.gif'; if (is_array(isset($_SESSION['forum_notification']['forum']) ? $_SESSION['forum_notification']['forum'] : null)) { if (in_array($forum['forum_id'], $_SESSION['forum_notification']['forum'])) { $iconnotify = 'send_mail_checked.gif'; } } if (!api_is_anonymous()) { echo '<a href="' . api_get_self() . '?' . api_get_cidreq() . '&forumcategory=' . Security::remove_XSS($_GET['forumcategory']) . '&action=notify&content=forum&id=' . $forum['forum_id'] . '">' . Display::return_icon($iconnotify, get_lang('NotifyMe')) . '</a>'; } echo '</td></tr>'; } } } if (count($forum_list) == 0) { echo '<tr><td>' . get_lang('NoForumInThisCategory') . '</td></tr>'; } echo '</table>'; } /* FOOTER */ if ($origin != 'learnpath') { Display::display_footer(); }
/** * Get the users to display on the current page. */ function get_user_data($from, $number_of_items, $column, $direction) { global $origin; global $course_info; global $is_western_name_order; global $session_id; $a_users = array(); // limit $limit = 'LIMIT ' . intval($from) . ',' . intval($number_of_items); if (!in_array($direction, array('ASC', 'DESC'))) { $direction = 'ASC'; } switch ($column) { case 2: //official code $order_by = 'ORDER BY user.official_code ' . $direction; break; case 3: if ($is_western_name_order) { $order_by = 'ORDER BY user.firstname ' . $direction . ', user.lastname ' . $direction; } else { $order_by = 'ORDER BY user.lastname ' . $direction . ', user.firstname ' . $direction; } break; case 4: if ($is_western_name_order) { $order_by = 'ORDER BY user.lastname ' . $direction . ', user.firstname ' . $direction; } else { $order_by = 'ORDER BY user.firstname ' . $direction . ', user.lastname ' . $direction; } break; case 5: //username $order_by = 'ORDER BY user.username ' . $direction; break; default: if ($is_western_name_order) { $order_by = 'ORDER BY user.lastname ' . $direction . ', user.firstname ' . $direction; } else { $order_by = 'ORDER BY user.firstname ' . $direction . ', user.lastname ' . $direction; } break; } $session_id = api_get_session_id(); $course_code = api_get_course_id(); $keyword = isset($_REQUEST['keyword']) ? $_REQUEST['keyword'] : null; $a_course_users = CourseManager::get_user_list_from_course_code($course_code, $session_id, $limit, $order_by, null, $keyword); foreach ($a_course_users as $user_id => $o_course_user) { $groups_name = GroupManager::get_user_group_name($user_id); $temp = array(); if (api_is_allowed_to_edit(null, true)) { //if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') { $temp[] = $user_id; //} $image_path = UserManager::get_user_picture_path_by_id($user_id, 'web', false, true); $user_profile = UserManager::get_picture_user($user_id, $image_path['file'], 22, USER_IMAGE_SIZE_SMALL, ' width="22" height="22" '); if (!api_is_anonymous()) { $photo = '<a href="userInfo.php?' . api_get_cidreq() . '&origin=' . $origin . '&uInfo=' . $user_id . '" title="' . get_lang('Info') . '" ><img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" title="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" /></a>'; } else { $photo = '<img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" title="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" />'; } $temp[] = $photo; $temp[] = $o_course_user['official_code']; if ($is_western_name_order) { $temp[] = $o_course_user['firstname']; $temp[] = $o_course_user['lastname']; } else { $temp[] = $o_course_user['lastname']; $temp[] = $o_course_user['firstname']; } $temp[] = $o_course_user['username']; $temp[] = isset($o_course_user['role']) ? $o_course_user['role'] : null; //Description $temp[] = implode(', ', $groups_name); //Group // Status $default_status = '-'; if (isset($o_course_user['status_rel']) && $o_course_user['status_rel'] == 1 || isset($o_course_user['status_session']) && $o_course_user['status_session'] == 2) { $default_status = get_lang('CourseManager'); } elseif (isset($o_course_user['tutor_id']) && $o_course_user['tutor_id'] == 1) { $default_status = get_lang('Tutor'); } $temp[] = $default_status; //Active $temp[] = $o_course_user['active']; //User id for actions $temp[] = $user_id; } else { $image_path = UserManager::get_user_picture_path_by_id($user_id, 'web', false, true); $image_repository = $image_path['dir']; $existing_image = $image_path['file']; if (!api_is_anonymous()) { $photo = '<a href="userInfo.php?' . api_get_cidreq() . '&origin=' . $origin . '&uInfo=' . $user_id . '" title="' . get_lang('Info') . '" ><img src="' . $image_repository . $existing_image . '" alt="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" width="22" height="22" title="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" /></a>'; } else { $photo = '<img src="' . $image_repository . $existing_image . '" alt="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" width="22" height="22" title="' . api_get_person_name($o_course_user['firstname'], $o_course_user['lastname']) . '" />'; } $temp[] = $user_id; $temp[] = $photo; $temp[] = $o_course_user['official_code']; if ($is_western_name_order) { $temp[] = $o_course_user['firstname']; $temp[] = $o_course_user['lastname']; } else { $temp[] = $o_course_user['lastname']; $temp[] = $o_course_user['firstname']; } $temp[] = $o_course_user['username']; $temp[] = $o_course_user['role']; $temp[] = implode(', ', $groups_name); //Group if ($course_info['unsubscribe'] == 1) { //User id for actions $temp[] = $user_id; } //$temp[] = $o_course_user['official_code']; } $a_users[$user_id] = $temp; } return $a_users; }
/** * Return a link to go to the course, validating the visibility of the * course and the user status * @param int User ID * @param array Course details array * @param array List of courses to which the user is subscribed (if not provided, will be generated) * @return mixed 'enter' for a link to go to the course or 'register' for a link to subscribe, or false if no access */ static function get_access_link_by_user($uid, $course, $user_courses = array()) { if (empty($uid) or empty($course)) { return false; } if (empty($user_courses)) { // get the array of courses to which the user is subscribed $user_courses = CourseManager::get_courses_list_by_user_id($uid); foreach ($user_courses as $k => $v) { $user_courses[$k] = $v['real_id']; } } if (!isset($course['real_id']) && empty($course['real_id'])) { $course = api_get_course_info($course['code']); } if ($course['visibility'] == COURSE_VISIBILITY_HIDDEN) { return array(); } $is_admin = api_is_platform_admin_by_id($uid); $options = array(); // Register button if (!api_is_anonymous($uid) && ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM) && $course['subscribe'] == SUBSCRIBE_ALLOWED && (!in_array($course['real_id'], $user_courses) || empty($user_courses))) { $options[] = 'register'; } // Go To Course button (only if admin, if course public or if student already subscribed) if ($is_admin || $course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD && empty($course['registration_code']) || api_user_is_login($uid) && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM && empty($course['registration_code']) || in_array($course['real_id'], $user_courses) && $course['visibility'] != COURSE_VISIBILITY_CLOSED) { $options[] = 'enter'; } if ($is_admin || $course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD && empty($course['registration_code']) || api_user_is_login($uid) && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM && empty($course['registration_code']) || in_array($course['real_id'], $user_courses) && $course['visibility'] != COURSE_VISIBILITY_CLOSED) { $options[] = 'enter'; } if ($course['visibility'] != COURSE_VISIBILITY_HIDDEN && empty($course['registration_code']) && $course['unsubscribe'] == UNSUBSCRIBE_ALLOWED && api_user_is_login($uid) && in_array($course['real_id'], $user_courses)) { $options[] = 'unsubscribe'; } return $options; }
/** * Check whether the user type should be exclude. * Such as invited or anonymous users * @param boolean $checkDB Optional. Whether check the user status * @param int $userId Options. The user id * * @return boolean */ function api_is_excluded_user_type($checkDB = false, $userId = 0) { if ($checkDB) { $userId = empty($userId) ? api_get_user_id() : intval($userId); if ($userId == 0) { return true; } $userInfo = api_get_user_info($userId); switch ($userInfo['status']) { case INVITEE: //no break; //no break; case ANONYMOUS: return true; default: return false; } } $isInvited = api_is_invitee(); $isAnonymous = api_is_anonymous(); if ($isInvited || $isAnonymous) { return true; } return false; }
/** * @param string $message * @param array $_course * @param int $group_id * @param int $session_id * @param bool $preview */ function saveMessage($message, $userId, $_course, $session_id, $group_id, $preview = true) { $userInfo = api_get_user_info($userId); $fullName = $userInfo['complete_name']; $isMaster = (bool) api_is_course_admin(); $document_path = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/document'; if (!empty($group_id)) { $group_info = GroupManager::get_group_properties($group_id); $basepath_chat = $group_info['directory'] . '/chat_files'; } else { $basepath_chat = '/chat_files'; } $chat_path = $document_path . $basepath_chat . '/'; if (!is_dir($chat_path)) { if (is_file($chat_path)) { @unlink($chat_path); } } $date_now = date('Y-m-d'); $message = trim($message); $timeNow = date('d/m/y H:i:s'); if (!empty($group_id)) { $basename_chat = 'messages-' . $date_now . '_gid-' . $group_id; } elseif (!empty($session_id)) { $basename_chat = 'messages-' . $date_now . '_sid-' . $session_id; } else { $basename_chat = 'messages-' . $date_now; } if (!api_is_anonymous()) { if (!empty($message)) { Emojione\Emojione::$imagePathPNG = api_get_path(WEB_LIBRARY_PATH) . 'javascript/emojione/png/'; Emojione\Emojione::$ascii = true; // Parsing emojis $message = Emojione\Emojione::toImage($message); // Parsing text to understand markdown (code highlight) $message = MarkdownExtra::defaultTransform($message); // Security XSS $message = Security::remove_XSS($message); if ($preview == true) { return $message; } if (!file_exists($chat_path . $basename_chat . '.log.html')) { $doc_id = add_document($_course, $basepath_chat . '/' . $basename_chat . '.log.html', 'file', 0, $basename_chat . '.log.html'); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $userId, $group_id, null, null, null, $session_id); api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'invisible', $userId, $group_id, null, null, null, $session_id); item_property_update_on_folder($_course, $basepath_chat, $userId); } else { $doc_id = DocumentManager::get_document_id($_course, $basepath_chat . '/' . $basename_chat . '.log.html'); } $fp = fopen($chat_path . $basename_chat . '.log.html', 'a'); $userPhoto = Usermanager::getUserPicture($userId, USER_IMAGE_SIZE_MEDIUM); $filePhoto = '<img class="chat-image" src="' . $userPhoto . '"/>'; if ($isMaster) { fputs($fp, '<div class="message-teacher"><div class="content-message"><div class="chat-message-block-name">' . $fullName . '</div><div class="chat-message-block-content">' . $message . '</div><div class="message-date">' . $timeNow . '</div></div><div class="icon-message"></div>' . $filePhoto . '</div>' . "\n"); } else { fputs($fp, '<div class="message-student">' . $filePhoto . '<div class="icon-message"></div><div class="content-message"><div class="chat-message-block-name">' . $fullName . '</div><div class="chat-message-block-content">' . $message . '</div><div class="message-date">' . $timeNow . '</div></div></div>' . "\n"); } fclose($fp); $chat_size = filesize($chat_path . $basename_chat . '.log.html'); update_existing_document($_course, $doc_id, $chat_size); item_property_update_on_folder($_course, $basepath_chat, $userId); } } }
} else { require 'downloadfolder.inc.php'; } // Launch event Event::event_download($document_data['url']); exit; } break; case 'export_to_pdf': if (api_get_setting('students_export2pdf') == 'true' || api_is_allowed_to_edit() || api_is_platform_admin()) { DocumentManager::export_to_pdf($document_id, $course_code); } break; case 'copytomyfiles': // Copy a file to general my files user's if (api_get_setting('social.allow_social_tool') == 'true' && api_get_setting('document.users_copy_files') == 'true' && api_get_user_id() != 0 && !api_is_anonymous()) { // Get the document data from the ID $document_info = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), true, $sessionId); if ($sessionId != 0 && !$document_info) { /* If there is a session defined and asking for the document from the session didn't work, try it from the course (out of a session context)*/ $document_info = DocumentManager::get_document_data_by_id($document_id, api_get_course_id(), 0); } $parent_id = $document_info['parent_id']; $my_path = UserManager::getUserPathById(api_get_user_id(), 'system'); $user_folder = $my_path . 'my_files/'; $my_path = null; if (!file_exists($user_folder)) { $perm = api_get_permissions_for_new_directories(); @mkdir($user_folder, $perm, true);
<?php // Show the CAS button to logout to your CAS session global $_user; $_template['show_message'] = false; if (!api_is_anonymous() && api_get_setting('cas_activate') == 'true' && $_user['auth_source'] == CAS_AUTH_SOURCE) { $_template['show_message'] = true; // the default title $logout_label = "Deconnexion de CAS"; if (!empty($plugin_info['settings']['add_cas_logout_button_cas_logout_label'])) { $logout_label = api_htmlentities($plugin_info['settings']['add_cas_logout_button_cas_logout_label']); } // the comm $logout_comment = api_htmlentities($plugin_info['settings']['add_cas_logout_button_cas_logout_comment']); // URL of the image $logout_image_url = $plugin_info['settings']['add_cas_logout_button_cas_logout_image_url']; $_template['logout_label'] = $logout_label; $_template['logout_comment'] = $logout_comment; $_template['logout_image_url'] = $logout_image_url; }
/** * @param int $filter * @param string $view * @return string */ public function displayActions($view, $filter = 0) { $courseInfo = api_get_course_info(); $actionsLeft = ''; $actionsLeft .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_js.php?type={$this->type}'>" . Display::return_icon('calendar.png', get_lang('Calendar'), '', ICON_SIZE_MEDIUM) . "</a>"; $courseCondition = ''; if (!empty($courseInfo)) { $courseCondition = api_get_cidreq(); } $actionsLeft .= "<a href='" . api_get_path(WEB_CODE_PATH) . "calendar/agenda_list.php?type={$this->type}&" . $courseCondition . "'>" . Display::return_icon('week.png', get_lang('AgendaList'), '', ICON_SIZE_MEDIUM) . "</a>"; $form = ''; if (api_is_allowed_to_edit(false, true) || api_get_course_setting('allow_user_edit_agenda') && !api_is_anonymous() && api_is_allowed_to_session_edit(false, true) || GroupManager::user_has_access(api_get_user_id(), api_get_group_id(), GroupManager::GROUP_TOOL_CALENDAR) && GroupManager::is_tutor_of_group(api_get_user_id(), api_get_group_id())) { $actionsLeft .= Display::url(Display::return_icon('new_event.png', get_lang('AgendaAdd'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=add&type=" . $this->type); $actionsLeft .= Display::url(Display::return_icon('import_calendar.png', get_lang('ICalFileImport'), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . "calendar/agenda.php?" . api_get_cidreq() . "&action=importical&type=" . $this->type); if ($this->type == 'course') { if (!isset($_GET['action'])) { $form = new FormValidator('form-search', 'post', '', '', array(), FormValidator::LAYOUT_INLINE); $attributes = array('multiple' => false, 'id' => 'select_form_id_search'); $selectedValues = $this->parseAgendaFilter($filter); $this->showToForm($form, $selectedValues, $attributes); $form = $form->returnForm(); } } } if (api_is_platform_admin() || api_is_teacher() || api_is_student_boss() || api_is_drh() || api_is_session_admin() || api_is_coach()) { if ($this->type == 'personal') { $form = null; if (!isset($_GET['action'])) { $form = new FormValidator('form-search', 'get', api_get_self() . '?type=personal&', '', array(), FormValidator::LAYOUT_INLINE); $sessions = SessionManager::get_sessions_by_user(api_get_user_id()); $form->addHidden('type', 'personal'); $sessions = array_column($sessions, 'session_name', 'session_id'); $sessions = ['0' => get_lang('SelectAnOption')] + $sessions; $form->addSelect('session_id', get_lang('Session'), $sessions, ['id' => 'session_id', 'onchange' => 'submit();']); //$form->addButtonFilter(get_lang('Filter')); //$renderer = $form->defaultRenderer(); //$renderer->setCustomElementTemplate('<div class="col-md-6">{element}</div>'); $form->addButtonReset(get_lang('Reset')); $form = $form->returnForm(); } } } $actionsRight = ''; if ($view == 'calendar') { $actionsRight .= $form; } $toolbar = Display::toolbarAction('toolbar-agenda', array(0 => $actionsLeft, 1 => $actionsRight), 2, false); return $toolbar; }
/** * Create a html hyperlink depending on if it's a folder or a file * * @param array $document_data * @param int $show_as_icon - if it is true, only a clickable icon will be shown * @param int $visibility (1/0) * @param int $show_as_icon - if it is true, only a clickable icon will be shown * @return string url */ public static function create_document_link($document_data, $show_as_icon = false, $counter = null, $visibility) { global $dbl_click_id; $course_info = api_get_course_info(); $www = api_get_path(WEB_COURSE_PATH) . $course_info['path'] . '/document'; $webOdflist = DocumentManager::get_web_odf_extension_list(); // Get the title or the basename depending on what we're using if ($document_data['title'] != '') { $title = $document_data['title']; } else { $title = basename($document_data['path']); } $filetype = $document_data['filetype']; $size = $filetype == 'folder' ? get_total_folder_size($document_data['path'], api_is_allowed_to_edit(null, true)) : $document_data['size']; $path = $document_data['path']; $url_path = urlencode($document_data['path']); // Add class="invisible" on invisible files $visibility_class = $visibility == false ? ' class="muted"' : ''; $forcedownload_link = null; $forcedownload_icon = null; $prevent_multiple_click = null; if (!$show_as_icon) { // Build download link (icon) $forcedownload_link = $filetype == 'folder' ? api_get_self() . '?' . api_get_cidreq() . '&action=downloadfolder&id=' . $document_data['id'] : api_get_self() . '?' . api_get_cidreq() . '&action=download&id=' . $document_data['id']; // Folder download or file download? $forcedownload_icon = $filetype == 'folder' ? 'save_pack.png' : 'save.png'; // Prevent multiple clicks on zipped folder download $prevent_multiple_click = $filetype == 'folder' ? " onclick=\"javascript: if(typeof clic_{$dbl_click_id} == 'undefined' || !clic_{$dbl_click_id}) { clic_{$dbl_click_id}=true; window.setTimeout('clic_" . $dbl_click_id++ . "=false;',10000); } else { return false; }\"" : ''; } $target = '_self'; $is_browser_viewable_file = false; if ($filetype == 'file') { // Check the extension $ext = explode('.', $path); $ext = strtolower($ext[sizeof($ext) - 1]); // HTML-files an some other types are shown in a frameset by default. $is_browser_viewable_file = self::is_browser_viewable($ext); if ($is_browser_viewable_file) { if ($ext == 'pdf' || in_array($ext, $webOdflist)) { $url = api_get_self() . '?' . api_get_cidreq() . '&action=download&id=' . $document_data['id']; } else { $url = 'showinframes.php?' . api_get_cidreq() . '&id=' . $document_data['id']; } } else { // url-encode for problematic characters (we may not call them dangerous characters...) $path = str_replace('%2F', '/', $url_path) . '?' . api_get_cidreq(); $url = $www . $path; } /*$path = str_replace('%2F', '/', $url_path); //yox view hack otherwise the image can't be well read $url = $www . $path;*/ } else { $url = api_get_self() . '?' . api_get_cidreq() . '&id=' . $document_data['id']; } // The little download icon $tooltip_title = $title; $tooltip_title_alt = $tooltip_title; if ($path == '/shared_folder') { $tooltip_title_alt = get_lang('UserFolders'); } elseif (strstr($path, 'shared_folder_session_')) { $tooltip_title_alt = get_lang('UserFolders') . ' (' . api_get_session_name(api_get_session_id()) . ')'; } elseif (strstr($tooltip_title, 'sf_user_')) { $userinfo = api_get_user_info(substr($tooltip_title, 8)); $tooltip_title_alt = get_lang('UserFolder') . ' ' . $userinfo['complete_name']; } elseif ($path == '/chat_files') { $tooltip_title_alt = get_lang('ChatFiles'); } elseif ($path == '/learning_path') { $tooltip_title_alt = get_lang('LearningPaths'); } elseif ($path == '/video') { $tooltip_title_alt = get_lang('Video'); } elseif ($path == '/audio') { $tooltip_title_alt = get_lang('Audio'); } elseif ($path == '/flash') { $tooltip_title_alt = get_lang('Flash'); } elseif ($path == '/images') { $tooltip_title_alt = get_lang('Images'); } elseif ($path == '/images/gallery') { $tooltip_title_alt = get_lang('DefaultCourseImages'); } $current_session_id = api_get_session_id(); $copy_to_myfiles = $open_in_new_window_link = null; $curdirpath = isset($_GET['curdirpath']) ? Security::remove_XSS($_GET['curdirpath']) : null; $send_to = null; $checkExtension = $path; if (!$show_as_icon) { if ($filetype == 'folder') { if (api_is_allowed_to_edit() || api_is_platform_admin() || api_get_setting('students_download_folders') == 'true') { //filter when I am into shared folder, I can show for donwload only my shared folder if (DocumentManager::is_shared_folder($curdirpath, $current_session_id)) { if (preg_match('/shared_folder\\/sf_user_' . api_get_user_id() . '$/', urldecode($forcedownload_link)) || preg_match('/shared_folder_session_' . $current_session_id . '\\/sf_user_' . api_get_user_id() . '$/', urldecode($forcedownload_link)) || api_is_allowed_to_edit() || api_is_platform_admin()) { $force_download_html = $size == 0 ? '' : '<a href="' . $forcedownload_link . '" style="float:right"' . $prevent_multiple_click . '>' . Display::return_icon($forcedownload_icon, get_lang('Download'), array(), ICON_SIZE_SMALL) . '</a>'; } } elseif (!preg_match('/shared_folder/', urldecode($forcedownload_link)) || api_is_allowed_to_edit() || api_is_platform_admin()) { $force_download_html = $size == 0 ? '' : '<a href="' . $forcedownload_link . '" style="float:right"' . $prevent_multiple_click . '>' . Display::return_icon($forcedownload_icon, get_lang('Download'), array(), ICON_SIZE_SMALL) . '</a>'; } } } else { $force_download_html = $size == 0 ? '' : '<a href="' . $forcedownload_link . '" style="float:right"' . $prevent_multiple_click . '>' . Display::return_icon($forcedownload_icon, get_lang('Download'), array(), ICON_SIZE_SMALL) . '</a>'; } // Copy files to users myfiles if (api_get_setting('social.allow_social_tool') == 'true' && api_get_setting('document.users_copy_files') == 'true' && !api_is_anonymous()) { $copy_myfiles_link = $filetype == 'file' ? api_get_self() . '?' . api_get_cidreq() . '&action=copytomyfiles&id=' . $document_data['id'] : api_get_self() . '?' . api_get_cidreq(); if ($filetype == 'file') { $copy_to_myfiles = '<a href="' . $copy_myfiles_link . '" style="float:right"' . $prevent_multiple_click . '>' . Display::return_icon('briefcase.png', get_lang('CopyToMyFiles'), array(), ICON_SIZE_SMALL) . ' </a>'; } if ($filetype == 'file') { $send_to = Portfolio::share('document', $document_data['id'], array('style' => 'float:right;')); } } $pdf_icon = ''; $extension = pathinfo($path, PATHINFO_EXTENSION); if (!api_is_allowed_to_edit() && api_get_setting('students_export2pdf') == 'true' && $filetype == 'file' && in_array($extension, array('html', 'htm'))) { $pdf_icon = ' <a style="float:right".' . $prevent_multiple_click . ' href="' . api_get_self() . '?' . api_get_cidreq() . '&action=export_to_pdf&id=' . $document_data['id'] . '">' . Display::return_icon('pdf.png', get_lang('Export2PDF'), array(), ICON_SIZE_SMALL) . '</a> '; } if ($is_browser_viewable_file) { $open_in_new_window_link = '<a href="' . $www . str_replace('%2F', '/', $url_path) . '?' . api_get_cidreq() . '" style="float:right"' . $prevent_multiple_click . ' target="_blank">' . Display::return_icon('open_in_new_window.png', get_lang('OpenInANewWindow'), array(), ICON_SIZE_SMALL) . ' </a>'; } if ($filetype == 'file') { // Sound preview with jplayer if (preg_match('/mp3$/i', urldecode($checkExtension)) || preg_match('/wav$/i', urldecode($checkExtension)) && !preg_match('/_chnano_.wav$/i', urldecode($url)) || preg_match('/ogg$/i', urldecode($checkExtension))) { return '<span style="float:left" ' . $visibility_class . '>' . $title . '</span>' . $force_download_html . $send_to . $copy_to_myfiles . $open_in_new_window_link . $pdf_icon; } elseif (preg_match('/swf$/i', urldecode($checkExtension)) || preg_match('/png$/i', urldecode($checkExtension)) || preg_match('/gif$/i', urldecode($checkExtension)) || preg_match('/jpg$/i', urldecode($checkExtension)) || preg_match('/jpeg$/i', urldecode($checkExtension)) || preg_match('/bmp$/i', urldecode($checkExtension)) || preg_match('/svg$/i', urldecode($checkExtension)) || preg_match('/wav$/i', urldecode($checkExtension)) && preg_match('/_chnano_.wav$/i', urldecode($checkExtension)) && api_get_setting('document.enable_nanogong') == 'true') { // Simpler version of showinframesmin.php with no headers $url = 'show_content.php?' . api_get_cidreq() . '&id=' . $document_data['id']; $class = 'ajax'; if ($visibility == false) { $class = "ajax invisible"; } return Display::url($title, $url, ['class' => $class, 'title' => $tooltip_title_alt, 'data-title' => $title, 'style' => 'float: left;']) . $force_download_html . $send_to . $copy_to_myfiles . $open_in_new_window_link . $pdf_icon; } else { // For PDF Download the file. $pdfPreview = null; if ($ext != 'pdf' && !in_array($ext, $webOdflist)) { $url = 'showinframes.php?' . api_get_cidreq() . '&id=' . $document_data['id']; } else { $pdfPreview = Display::url(Display::return_icon('preview.gif', get_lang('Preview')), api_get_path(WEB_CODE_PATH) . 'document/showinframes.php?' . api_get_cidreq() . '&id=' . $document_data['id'], array('style' => 'float:right')); } // No plugin just the old and good showinframes.php page return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" style="float:left" ' . $visibility_class . ' >' . $title . '</a>' . $pdfPreview . $force_download_html . $send_to . $copy_to_myfiles . $open_in_new_window_link . $pdf_icon; } } else { return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" ' . $visibility_class . ' style="float:left">' . $title . '</a>' . $force_download_html . $send_to . $copy_to_myfiles . $open_in_new_window_link . $pdf_icon; } // end copy files to users myfiles } else { // Icon column if (preg_match('/shared_folder/', urldecode($checkExtension)) && preg_match('/shared_folder$/', urldecode($checkExtension)) == false && preg_match('/shared_folder_session_' . $current_session_id . '$/', urldecode($url)) == false) { if ($filetype == 'file') { //Sound preview with jplayer if (preg_match('/mp3$/i', urldecode($checkExtension)) || preg_match('/wav$/i', urldecode($checkExtension)) && !preg_match('/_chnano_.wav$/i', urldecode($url)) || preg_match('/ogg$/i', urldecode($checkExtension))) { $sound_preview = DocumentManager::generate_media_preview($counter); return $sound_preview; } elseif (preg_match('/swf$/i', urldecode($checkExtension)) || preg_match('/png$/i', urldecode($checkExtension)) || preg_match('/gif$/i', urldecode($checkExtension)) || preg_match('/jpg$/i', urldecode($checkExtension)) || preg_match('/jpeg$/i', urldecode($checkExtension)) || preg_match('/bmp$/i', urldecode($checkExtension)) || preg_match('/svg$/i', urldecode($checkExtension)) || preg_match('/wav$/i', urldecode($checkExtension)) && preg_match('/_chnano_.wav$/i', urldecode($checkExtension)) && api_get_setting('document.enable_nanogong') == 'true') { $url = 'showinframes.php?' . api_get_cidreq() . '&id=' . $document_data['id']; return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" ' . $visibility_class . ' style="float:left">' . DocumentManager::build_document_icon_tag($filetype, $path) . Display::return_icon('shared.png', get_lang('ResourceShared'), array()) . '</a>'; } else { return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" ' . $visibility_class . ' style="float:left">' . DocumentManager::build_document_icon_tag($filetype, $path) . Display::return_icon('shared.png', get_lang('ResourceShared'), array()) . '</a>'; } } else { return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" target="' . $target . '"' . $visibility_class . ' style="float:left">' . DocumentManager::build_document_icon_tag($filetype, $path) . Display::return_icon('shared.png', get_lang('ResourceShared'), array()) . '</a>'; } } else { if ($filetype == 'file') { // Sound preview with jplayer if (preg_match('/mp3$/i', urldecode($checkExtension)) || preg_match('/wav$/i', urldecode($checkExtension)) && !preg_match('/_chnano_.wav$/i', urldecode($url)) || preg_match('/ogg$/i', urldecode($checkExtension))) { $sound_preview = DocumentManager::generate_media_preview($counter); return $sound_preview; } elseif (preg_match('/html$/i', urldecode($checkExtension)) || preg_match('/htm$/i', urldecode($checkExtension)) || preg_match('/swf$/i', urldecode($checkExtension)) || preg_match('/png$/i', urldecode($checkExtension)) || preg_match('/gif$/i', urldecode($checkExtension)) || preg_match('/jpg$/i', urldecode($checkExtension)) || preg_match('/jpeg$/i', urldecode($checkExtension)) || preg_match('/bmp$/i', urldecode($checkExtension)) || preg_match('/svg$/i', urldecode($checkExtension)) || preg_match('/wav$/i', urldecode($checkExtension)) && preg_match('/_chnano_.wav$/i', urldecode($checkExtension)) && api_get_setting('document.enable_nanogong') == 'true') { $url = 'showinframes.php?' . api_get_cidreq() . '&id=' . $document_data['id']; //without preview return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" ' . $visibility_class . ' style="float:left">' . DocumentManager::build_document_icon_tag($filetype, $path) . '</a>'; } else { return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" ' . $visibility_class . ' style="float:left">' . DocumentManager::build_document_icon_tag($filetype, $path) . '</a>'; } } else { return '<a href="' . $url . '" title="' . $tooltip_title_alt . '" target="' . $target . '"' . $visibility_class . ' style="float:left">' . DocumentManager::build_document_icon_tag($filetype, $path) . '</a>'; } } } }
/** * * Get agenda events * @param int start tms * @param int end tms * @param int course id *integer* not the course code * @param int user id * */ public function get_events($start, $end, $course_id = null, $group_id = null, $user_id = 0) { switch ($this->type) { case 'admin': $this->get_platform_events($start, $end); break; case 'course': $session_id = api_get_session_id(); $course_info = api_get_course_info_by_id($course_id); $this->get_course_events($start, $end, $course_info, $group_id, $session_id, $user_id); break; case 'personal': default: //Getting personal events $this->get_personal_events($start, $end); //Getting platform/admin events $this->get_platform_events($start, $end); //Getting course events $my_course_list = array(); if (!api_is_anonymous()) { $session_list = SessionManager::get_sessions_by_user(api_get_user_id()); $my_course_list = CourseManager::get_courses_list_by_user_id(api_get_user_id(), true); } if (!empty($session_list)) { foreach ($session_list as $session_item) { $my_courses = $session_item['courses']; $my_session_id = $session_item['session_id']; if (!empty($my_courses)) { foreach ($my_courses as $course_item) { $course_info = api_get_course_info_by_id($course_item['id']); $this->get_course_events($start, $end, $course_info, 0, $my_session_id); } } } } if (!empty($my_course_list)) { foreach ($my_course_list as $course_info_item) { if (isset($course_id) && !empty($course_id)) { if ($course_info_item['real_id'] == $course_id) { $this->get_course_events($start, $end, $course_info_item); } } else { $this->get_course_events($start, $end, $course_info_item); } } } break; } if (!empty($this->events)) { return json_encode($this->events); } return ''; }
$group_properties = GroupManager::get_group_properties($group_id); $interbreadcrumb[] = array("url" => api_get_path(WEB_CODE_PATH) . "group/group.php?" . api_get_cidreq(), "name" => get_lang('Groups')); $interbreadcrumb[] = array("url" => api_get_path(WEB_CODE_PATH) . "group/group_space.php?" . api_get_cidreq(), "name" => get_lang('GroupSpace') . ' ' . $group_properties['name']); } if (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath') { //we are not in the learning path Display::display_header($nameTools, get_lang('Announcements')); } // Tool introduction if (empty($_GET['origin']) || $_GET['origin'] !== 'learnpath') { Display::display_introduction_section(TOOL_ANNOUNCEMENT); } // Actions $show_actions = false; $actionsLeft = ''; if ((api_is_allowed_to_edit(false, true) || api_get_course_setting('announcement.allow_user_edit_announcement') && !api_is_anonymous()) && (empty($_GET['origin']) || $_GET['origin'] !== 'learnpath')) { if (in_array($action, array('add', 'modify', 'view'))) { $actionsLeft .= "<a href='" . api_get_self() . "?" . api_get_cidreq() . "&origin=" . $origin . "'>" . Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM) . "</a>"; } else { $actionsLeft .= "<a href='" . api_get_self() . "?" . api_get_cidreq() . "&action=add&origin=" . $origin . "'>" . Display::return_icon('new_announce.png', get_lang('AddAnnouncement'), '', ICON_SIZE_MEDIUM) . "</a>"; } $show_actions = true; } else { if (in_array($action, array('view'))) { $actionsLeft .= "<a href='" . api_get_self() . "?" . api_get_cidreq() . "&origin=" . $origin . "'>" . Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM) . "</a>"; echo '</div>'; } } if (api_is_allowed_to_edit() && $announcement_number > 1) { if (api_get_group_id() == 0) { if (!isset($_GET['action'])) {
/** * This function tackles the XSS injections. * Filtering for XSS is very easily done by using the htmlentities() function. * This kind of filtering prevents JavaScript snippets to be understood as such. * @param string The variable to filter for XSS, this params can be a string or an array (example : array(x,y)) * @param int The user status,constant allowed (STUDENT, COURSEMANAGER, ANONYMOUS, COURSEMANAGERLOWSECURITY) * @param bool $filter_terms * @return mixed Filtered string or array */ public static function remove_XSS($var, $user_status = null, $filter_terms = false) { if ($filter_terms) { $var = self::filter_terms($var); } if (empty($user_status)) { if (api_is_anonymous()) { $user_status = ANONYMOUS; } else { if (api_is_allowed_to_edit()) { $user_status = COURSEMANAGER; } else { $user_status = STUDENT; } } } if ($user_status == COURSEMANAGERLOWSECURITY) { return $var; // No filtering. } static $purifier = array(); if (!isset($purifier[$user_status])) { $cache_dir = api_get_path(SYS_ARCHIVE_PATH) . 'Serializer'; if (!file_exists($cache_dir)) { mkdir($cache_dir, 0777); } $config = HTMLPurifier_Config::createDefault(); $config->set('Cache.SerializerPath', $cache_dir); $config->set('Core.Encoding', api_get_system_encoding()); $config->set('HTML.Doctype', 'XHTML 1.0 Transitional'); $config->set('HTML.MaxImgLength', '2560'); $config->set('HTML.TidyLevel', 'light'); $config->set('Core.ConvertDocumentToFragment', false); $config->set('Core.RemoveProcessingInstructions', true); if (api_get_setting('enable_iframe_inclusion') == 'true') { $config->set('Filter.Custom', array(new HTMLPurifier_Filter_AllowIframes())); } // Shows _target attribute in anchors $config->set('Attr.AllowedFrameTargets', array('_blank', '_top', '_self', '_parent')); if ($user_status == STUDENT) { global $allowed_html_student; $config->set('HTML.SafeEmbed', true); $config->set('HTML.SafeObject', true); $config->set('Filter.YouTube', true); $config->set('HTML.FlashAllowFullScreen', true); $config->set('HTML.Allowed', $allowed_html_student); } elseif ($user_status == COURSEMANAGER) { global $allowed_html_teacher; $config->set('HTML.SafeEmbed', true); $config->set('HTML.SafeObject', true); $config->set('Filter.YouTube', true); $config->set('HTML.FlashAllowFullScreen', true); $config->set('HTML.Allowed', $allowed_html_teacher); } else { global $allowed_html_anonymous; $config->set('HTML.Allowed', $allowed_html_anonymous); } // We need it for example for the flv player (ids of surrounding div-tags have to be preserved). $config->set('Attr.EnableID', true); $config->set('CSS.AllowImportant', true); // We need for the flv player the css definition display: none; $config->set('CSS.AllowTricky', true); $config->set('CSS.Proprietary', true); // Allow uri scheme. $config->set('URI.AllowedSchemes', array('http' => true, 'https' => true, 'mailto' => true, 'ftp' => true, 'nntp' => true, 'news' => true, 'data' => true)); $purifier[$user_status] = new HTMLPurifier($config); } if (is_array($var)) { return $purifier[$user_status]->purifyArray($var); } else { return $purifier[$user_status]->purify($var); } }
if (empty($course_info)) { api_not_allowed(); } $course_id = $course_info['real_id']; $surveyCode = isset($_GET['scode']) ? Database::escape_string($_GET['scode']) : ''; if ($surveyCode != "") { // Firstly we check if this survey is ready for anonymous use: $sql = "SELECT anonymous FROM $table_survey WHERE c_id = $course_id AND code ='".$surveyCode."'"; $resultAnonymous = Database::query($sql); $rowAnonymous = Database::fetch_array($resultAnonymous, 'ASSOC'); // If is anonymous and is not allowed to take the survey to anonymous users, forbid access: if (!isset($rowAnonymous['anonymous']) || ($rowAnonymous['anonymous'] == 0 && api_is_anonymous()) || count($rowAnonymous) == 0) { api_not_allowed(true); } // If is anonymous and it is allowed to take the survey as anonymous, mark survey as anonymous. } // Header Display :: display_header(get_lang('ToolSurvey')); // First we check if the needed parameters are present if ((!isset($_GET['course']) || !isset($_GET['invitationcode'])) && !isset($_GET['user_id'])) { Display :: display_error_message(get_lang('SurveyParametersMissingUseCopyPaste'), false); Display :: display_footer(); exit; }
/** * Display list of courses in a category. * (for anonymous users) * * @version 1.1 * @author Patrick Cool <*****@*****.**>, Ghent University - refactoring and code cleaning * @author Julio Montoya <*****@*****.**>, Beeznest template modifs * @assert () !== 0 */ public function return_courses_in_categories() { $result = ''; $stok = Security::get_token(); // Initialization. $user_identified = api_get_user_id() > 0 && !api_is_anonymous(); $web_course_path = api_get_path(WEB_COURSE_PATH); $category = Database::escape_string($_GET['category']); $setting_show_also_closed_courses = api_get_setting('show_closed_courses') == 'true'; // Database table definitions. $main_course_table = Database::get_main_table(TABLE_MAIN_COURSE); $main_category_table = Database::get_main_table(TABLE_MAIN_CATEGORY); // Get list of courses in category $category. $sql_get_course_list = "SELECT * FROM {$main_course_table} cours\n WHERE category_code = '" . Database::escape_string($_GET['category']) . "'\n ORDER BY title, UPPER(visual_code)"; // Showing only the courses of the current access_url_id. if (api_is_multiple_url_enabled()) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id != -1) { $tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $sql_get_course_list = "SELECT * FROM {$main_course_table} as course INNER JOIN {$tbl_url_rel_course} as url_rel_course\n ON (url_rel_course.c_id = course.id)\n WHERE access_url_id = {$url_access_id} AND category_code = '" . Database::escape_string($_GET['category']) . "' ORDER BY title, UPPER(visual_code)"; } } // Removed: AND cours.visibility='".COURSE_VISIBILITY_OPEN_WORLD."' $sql_result_courses = Database::query($sql_get_course_list); while ($course_result = Database::fetch_array($sql_result_courses)) { $course_list[] = $course_result; } $platform_visible_courses = ''; // $setting_show_also_closed_courses if ($user_identified) { if ($setting_show_also_closed_courses) { $platform_visible_courses = ''; } else { $platform_visible_courses = " AND (t3.visibility='" . COURSE_VISIBILITY_OPEN_WORLD . "' OR t3.visibility='" . COURSE_VISIBILITY_OPEN_PLATFORM . "' )"; } } else { if ($setting_show_also_closed_courses) { $platform_visible_courses = ''; } else { $platform_visible_courses = " AND (t3.visibility='" . COURSE_VISIBILITY_OPEN_WORLD . "' )"; } } $sqlGetSubCatList = "\n SELECT t1.name,t1.code,t1.parent_id,t1.children_count,COUNT(DISTINCT t3.code) AS nbCourse\n FROM {$main_category_table} t1\n LEFT JOIN {$main_category_table} t2 ON t1.code=t2.parent_id\n LEFT JOIN {$main_course_table} t3 ON (t3.category_code=t1.code {$platform_visible_courses})\n WHERE t1.parent_id " . (empty($category) ? "IS NULL" : "='{$category}'") . "\n GROUP BY t1.name,t1.code,t1.parent_id,t1.children_count ORDER BY t1.tree_pos, t1.name"; // Showing only the category of courses of the current access_url_id if (api_is_multiple_url_enabled()) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id != -1) { $tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $sqlGetSubCatList = "\n SELECT t1.name,t1.code,t1.parent_id,t1.children_count,COUNT(DISTINCT t3.code) AS nbCourse\n FROM {$main_category_table} t1\n LEFT JOIN {$main_category_table} t2 ON t1.code=t2.parent_id\n LEFT JOIN {$main_course_table} t3 ON (t3.category_code=t1.code {$platform_visible_courses})\n INNER JOIN {$tbl_url_rel_course} as url_rel_course\n ON (url_rel_course.c_id = t3.id)\n WHERE access_url_id = {$url_access_id} AND t1.parent_id " . (empty($category) ? "IS NULL" : "='{$category}'") . "\n GROUP BY t1.name,t1.code,t1.parent_id,t1.children_count ORDER BY t1.tree_pos, t1.name"; } } $resCats = Database::query($sqlGetSubCatList); $thereIsSubCat = false; if (Database::num_rows($resCats) > 0) { $htmlListCat = Display::page_header(get_lang('CatList')); $htmlListCat .= '<ul>'; while ($catLine = Database::fetch_array($resCats)) { if ($catLine['code'] != $category) { $category_has_open_courses = $this->category_has_open_courses($catLine['code']); if ($category_has_open_courses) { // The category contains courses accessible to anonymous visitors. $htmlListCat .= '<li>'; $htmlListCat .= '<a href="' . api_get_self() . '?category=' . $catLine['code'] . '">' . $catLine['name'] . '</a>'; if (api_get_setting('show_number_of_courses') == 'true') { $htmlListCat .= ' (' . $catLine['nbCourse'] . ' ' . get_lang('Courses') . ')'; } $htmlListCat .= "</li>"; $thereIsSubCat = true; } elseif ($catLine['children_count'] > 0) { // The category has children, subcategories. $htmlListCat .= '<li>'; $htmlListCat .= '<a href="' . api_get_self() . '?category=' . $catLine['code'] . '">' . $catLine['name'] . '</a>'; $htmlListCat .= "</li>"; $thereIsSubCat = true; } elseif (api_get_setting('show_empty_course_categories') == 'true') { $htmlListCat .= '<li>'; $htmlListCat .= $catLine['name']; $htmlListCat .= "</li>"; $thereIsSubCat = true; } // Else don't set thereIsSubCat to true to avoid printing things if not requested. } else { $htmlTitre = '<p>'; if (api_get_setting('show_back_link_on_top_of_tree') == 'true') { $htmlTitre .= '<a href="' . api_get_self() . '"><< ' . get_lang('BackToHomePage') . '</a>'; } if (!is_null($catLine['parent_id']) || api_get_setting('show_back_link_on_top_of_tree') != 'true' && !is_null($catLine['code'])) { $htmlTitre .= '<a href="' . api_get_self() . '?category=' . $catLine['parent_id'] . '"><< ' . get_lang('Up') . '</a>'; } $htmlTitre .= "</p>"; if ($category != "" && !is_null($catLine['code'])) { $htmlTitre .= '<h3>' . $catLine['name'] . "</h3>"; } else { $htmlTitre .= '<h3>' . get_lang('Categories') . "</h3>"; } } } $htmlListCat .= "</ul>"; } $result .= $htmlTitre; if ($thereIsSubCat) { $result .= $htmlListCat; } while ($categoryName = Database::fetch_array($resCats)) { $result .= '<h3>' . $categoryName['name'] . "</h3>\n"; } $numrows = Database::num_rows($sql_result_courses); $courses_list_string = ''; $courses_shown = 0; if ($numrows > 0) { $courses_list_string .= Display::page_header(get_lang('CourseList')); $courses_list_string .= "<ul>"; if (api_get_user_id()) { $courses_of_user = $this->get_courses_of_user(api_get_user_id()); } foreach ($course_list as $course) { // $setting_show_also_closed_courses if (!$setting_show_also_closed_courses) { // If we do not show the closed courses // we only show the courses that are open to the world (to everybody) // and the courses that are open to the platform (if the current user is a registered user. if ($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM || $course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD) { $courses_shown++; $courses_list_string .= "<li>\n"; $courses_list_string .= '<a href="' . $web_course_path . $course['directory'] . '/">' . $course['title'] . '</a><br />'; $course_details = array(); if (api_get_setting('display_coursecode_in_courselist') == 'true') { $course_details[] = $course['visual_code']; } if (api_get_setting('display_teacher_in_courselist') == 'true') { $course_details[] = $course['tutor_name']; } if (api_get_setting('show_different_course_language') == 'true' && $course['course_language'] != api_get_setting('platformLanguage')) { $course_details[] = $course['course_language']; } $courses_list_string .= implode(' - ', $course_details); $courses_list_string .= "</li>\n"; } } else { // We DO show the closed courses. // The course is accessible if (link to the course homepage): // 1. the course is open to the world (doesn't matter if the user is logged in or not): $course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD); // 2. the user is logged in and the course is open to the world or open to the platform: ($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM); // 3. the user is logged in and the user is subscribed to the course and the course visibility is not COURSE_VISIBILITY_CLOSED; // 4. the user is logged in and the user is course admin of te course (regardless of the course visibility setting); // 5. the user is the platform admin api_is_platform_admin(). // $courses_shown++; $courses_list_string .= "<li>\n"; if ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM || $user_identified && key_exists($course['code'], $courses_of_user) && $course['visibility'] != COURSE_VISIBILITY_CLOSED || $courses_of_user[$course['code']]['status'] == '1' || api_is_platform_admin()) { $courses_list_string .= '<a href="' . $web_course_path . $course['directory'] . '/">'; } $courses_list_string .= $course['title']; if ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD || $user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM || $user_identified && key_exists($course['code'], $courses_of_user) && $course['visibility'] != COURSE_VISIBILITY_CLOSED || $courses_of_user[$course['code']]['status'] == '1' || api_is_platform_admin()) { $courses_list_string .= '</a><br />'; } $course_details = array(); if (api_get_setting('display_coursecode_in_courselist') == 'true') { $course_details[] = $course['visual_code']; } // if (api_get_setting('display_coursecode_in_courselist') == 'true' && api_get_setting('display_teacher_in_courselist') == 'true') { // $courses_list_string .= ' - '; // } if (api_get_setting('display_teacher_in_courselist') == 'true') { $course_details[] = $course['tutor_name']; } if (api_get_setting('show_different_course_language') == 'true' && $course['course_language'] != api_get_setting('platformLanguage')) { $course_details[] = $course['course_language']; } if (api_get_setting('show_different_course_language') == 'true' && $course['course_language'] != api_get_setting('platformLanguage')) { $course_details[] = $course['course_language']; } $courses_list_string .= implode(' - ', $course_details); // We display a subscription link if: // 1. it is allowed to register for the course and if the course is not already in the courselist of the user and if the user is identiefied // 2. if ($user_identified && !key_exists($course['code'], $courses_of_user)) { if ($course['subscribe'] == '1') { $courses_list_string .= '<form action="main/auth/courses.php?action=subscribe&category=' . Security::remove_XSS($_GET['category']) . '" method="post">'; $courses_list_string .= '<input type="hidden" name="sec_token" value="' . $stok . '">'; $courses_list_string .= '<input type="hidden" name="subscribe" value="' . $course['code'] . '" />'; $courses_list_string .= '<input type="image" name="unsub" src="main/img/enroll.gif" alt="' . get_lang('Subscribe') . '" />' . get_lang('Subscribe') . '</form>'; } else { $courses_list_string .= '<br />' . get_lang('SubscribingNotAllowed'); } } $courses_list_string .= "</li>"; } //end else } // end foreach $courses_list_string .= "</ul>"; } if ($courses_shown > 0) { // Only display the list of courses and categories if there was more than // 0 courses visible to the world (we're in the anonymous list here). $result .= $courses_list_string; } if ($category != '') { $result .= '<p><a href="' . api_get_self() . '"> ' . Display::return_icon('back.png', get_lang('BackToHomePage')) . get_lang('BackToHomePage') . '</a></p>'; } return $result; }
/** * Search courses that match the search term. * Search is done on the code, title and tutor fields. * * @param string $search_term * @return array */ function retrieve_courses($search_term) { if (empty($search_term)) { return array(); } $search_term = Database::escape_string($search_term); $course_table = Database::get_main_table(TABLE_MAIN_COURSE); if (api_is_anonymous()) { $course_fiter = 'visibility = ' . COURSE_VISIBILITY_OPEN_WORLD; } else { $course_fiter = 'visibility = ' . COURSE_VISIBILITY_OPEN_WORLD . ' OR '; $course_fiter .= 'visibility = ' . COURSE_VISIBILITY_OPEN_PLATFORM . ' OR '; $course_fiter .= '(visibility = ' . COURSE_VISIBILITY_REGISTERED . ' AND subscribe = 1)'; } $sql = <<<EOT SELECT * FROM {$course_table} WHERE ({$course_fiter}) AND (code LIKE '%{$search_term}%' OR visual_code LIKE '%{$search_term}%' OR title LIKE '%{$search_term}%' OR tutor_name LIKE '%{$search_term}%') ORDER BY title, visual_code ASC EOT; $result = array(); $resultset = Database::query($sql); while ($row = Database::fetch_array($resultset)) { $code = $row['code']; $result[$code] = array('code' => $code, 'directory' => $row['directory'], 'visual_code' => $row['visual_code'], 'title' => $row['title'], 'tutor' => $row['tutor_name'], 'subscribe' => $row['subscribe'], 'unsubscribe' => $row['unsubscribe']); } return $result; }
/** * Get the users to display on the current page (fill the sortable-table) * @param int offset of first user to recover * @param int Number of users to get * @param int Column to sort on * @param string Order (ASC,DESC) * @see SortableTable#get_table_data($from) */ function get_user_data($from, $number_of_items, $column, $direction) { $user_table = Database :: get_main_table(TABLE_MAIN_USER); if (api_is_western_name_order()) { $col34 = "u.firstname AS col3, u.lastname AS col4,"; } else { $col34 = "u.lastname AS col3, u.firstname AS col4,"; } $sql = "SELECT u.user_id AS col0, u.official_code AS col2, $col34 u.username AS col5, u.email AS col6, u.status AS col7, u.active AS col8, u.user_id AS col9, u.expiration_date AS exp FROM $user_table u "; if (isset($_GET['keyword'])) { $keyword = Database::escape_string(trim($_GET['keyword'])); $sql .= " WHERE (u.firstname LIKE '%$keyword%' OR u.lastname LIKE '%$keyword%' OR concat(u.firstname,' ',u.lastname) LIKE '%$keyword%' OR concat(u.lastname,' ',u.firstname) LIKE '%$keyword%' OR u.username LIKE '%$keyword%' OR u.official_code LIKE '%$keyword%' OR u.email LIKE '%$keyword%' )"; } if (!in_array($direction, array('ASC', 'DESC'))) { $direction = 'ASC'; } $column = intval($column); $from = intval($from); $number_of_items = intval($number_of_items); $sql .= " ORDER BY col$column $direction "; $sql .= " LIMIT $from,$number_of_items"; $res = Database::query($sql); $users = array(); $webPath = api_get_path(WEB_PATH); $selfPath = api_get_self(); while ($user = Database::fetch_row($res)) { $image_path = UserManager::get_user_picture_path_by_id($user[0], 'web', false, true); $user_profile = UserManager::get_picture_user($user[0], $image_path['file'], 22, USER_IMAGE_SIZE_SMALL, ' width="22" height="22" '); if (!api_is_anonymous()) { $photo = '<center><a href="' . $webPath . 'whoisonline.php?origin=user_list&id=' . $user[0] . '" title="' . get_lang('Info') . '"><img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . api_get_person_name($user[2], $user[3]) . '" title="' . api_get_person_name($user[2], $user[3]) . '" /></a></center>'; } else { $photo = '<center><img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . api_get_person_name($user[2], $user[3]) . '" title="' . api_get_person_name($user[2], $user[3]) . '" /></center>'; } $user_id = $user[0]; $button = '<a href="' . $selfPath . '?user_request=' . $user[0] . '">' . Display::return_icon('view_more_stats.gif', get_lang('Info')) . '</a>'; $button = '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')"> <img onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" src="' . $webPath . 'img/view_more_stats.gif" title="' . get_lang('Courses') . '" alt="' . get_lang('Courses') . '"/> </a> '; $users[] = array($photo, $user[1], $user[2], $user[3], $user[4], $user[5], $button); } return $users; }
$social_right_content .= '<div class="span9">' . UserManager::get_search_form($query) . '</div>'; } } $social_right_content .= SocialManager::display_user_list($user_list); } } if (isset($_GET['id'])) { if (api_get_setting('allow_social_tool') == 'true') { header("Location: " . api_get_path(WEB_CODE_PATH) . "social/profile.php?u=" . intval($_GET['id'])); exit; } else { SocialManager::display_individual_user($_GET['id']); } } } else { api_not_allowed(); exit; } $app['title'] = get_lang('UsersOnLineList'); $tpl = $app['template']; if (api_get_setting('allow_social_tool') == 'true' && !api_is_anonymous()) { $tpl->setHelp('Groups'); $tpl->assign('social_left_content', $social_left_content); $tpl->assign('social_right_content', $social_right_content); $social_layout = $tpl->get_template('layout/social_layout.tpl'); $tpl->display($social_layout); } else { $tpl->assign('header', get_lang('UsersOnLineList')); $tpl->assign('content', $social_right_content); $tpl->display_one_col_template(); }
/** * Returns the timezone to be converted to/from, based on user or admin preferences * * @return string The timezone chosen */ function _api_get_timezone() { return date_default_timezone_get(); $userId = api_get_user_id(); // First, get the default timezone of the server $to_timezone = date_default_timezone_get(); // Second, see if a timezone has been chosen for the platform /*$timezone_value = api_get_setting('timezone_value', 'timezones'); if ($timezone_value != null) { $to_timezone = $timezone_value; }*/ // If allowed by the administrator $use_users_timezone = api_get_setting('use_users_timezone', 'timezones'); if ($use_users_timezone == 'true' && !empty($userId) && !api_is_anonymous()) { $userInfo = api_get_user_info(); $extraFields = $userInfo['extra_fields']; // Get the timezone based on user preference, if it exists // $timezone_user = UserManager::get_extra_user_data_by_field($userId, 'timezone'); if (isset($extraFields['extra_timezone']) && $extraFields['extra_timezone'] != null) { $to_timezone = $extraFields['extra_timezone']; } } return $to_timezone; }
/** * Declare and define the template variable that will be used to load * javascript libraries in the header. */ public function set_js_files() { global $disable_js_and_css_files, $htmlHeadXtra; //JS files $js_files = array( 'modernizr.js', 'jquery.min.js', 'chosen/chosen.jquery.min.js', 'thickbox.js', 'bootstrap/bootstrap.js', 'mediaelement/mediaelement-and-player.min.js' ); if (api_is_global_chat_enabled()) { //Do not include the global chat in LP if ($this->show_learnpath == false && $this->show_footer == true && $this->hide_global_chat == false) { $js_files[] = 'chat/js/chat.js'; } } if (api_get_setting('accessibility_font_resize') == 'true') { $js_files[] = 'fontresize.js'; } if (api_get_setting('include_asciimathml_script') == 'true') { $js_files[] = 'asciimath/ASCIIMathML.js'; } $js_file_to_string = null; foreach ($js_files as $js_file) { $js_file_to_string .= api_get_js($js_file); } //Loading email_editor js if (!api_is_anonymous() && api_get_setting('allow_email_editor') == 'true') { $js_file_to_string .= $this->fetch('default/mail_editor/email_link.js.tpl'); } if (!$disable_js_and_css_files) { $this->assign('js_file_to_string', $js_file_to_string); //Adding jquery ui by default $extra_headers = api_get_jquery_ui_js(); //$extra_headers = ''; if (isset($htmlHeadXtra) && $htmlHeadXtra) { foreach ($htmlHeadXtra as & $this_html_head) { $extra_headers .= $this_html_head."\n"; } } $this->assign('extra_headers', $extra_headers); } }
/** * @param bool|true $setLoginForm */ public function setLoginForm($setLoginForm = true) { global $loginFailed; $userId = api_get_user_id(); if (!$userId || api_is_anonymous($userId)) { // Only display if the user isn't logged in. $this->assign('login_language_form', api_display_language_form(true)); if ($setLoginForm) { $this->assign('login_form', $this->displayLoginForm()); if ($loginFailed) { $this->assign('login_failed', $this::handleLoginFailed()); } } } }
$res = SocialManager::sendWallMessage(api_get_user_id(), $friendId, $messageContent, $messageId, MESSAGE_STATUS_WALL); $url = api_get_path(WEB_CODE_PATH) . 'social/profile.php'; $url .= empty($_SERVER['QUERY_STRING']) ? '' : '?' . Security::remove_XSS($_SERVER['QUERY_STRING']); header('Location: ' . $url); exit; } else { if (isset($_GET['messageId'])) { $messageId = Security::remove_XSS($_GET['messageId']); $status = SocialManager::deleteMessage($messageId); header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php'); exit; } else { if (isset($_GET['u'])) { //I'm your friend? I can see your profile? $user_id = intval($_GET['u']); if (api_is_anonymous($user_id, true)) { api_not_allowed(true); } // It's me! if (api_get_user_id() != $user_id) { $user_info = api_get_user_info($user_id); $show_full_profile = false; if (!$user_info) { // user does no exist !! api_not_allowed(true); } else { //checking the relationship between me and my friend $my_status = SocialManager::get_relation_between_contacts(api_get_user_id(), $user_id); if (in_array($my_status, array(USER_RELATION_TYPE_PARENT, USER_RELATION_TYPE_FRIEND, USER_RELATION_TYPE_GOODFRIEND))) { $show_full_profile = true; }
/** * * @global bool $is_platformAdmin * @global bool $is_allowedCreateCourse * @global object $_user * @global int $_cid * @global array $_course * @global int $_real_cid * @global type $_courseUser * @global type $is_courseAdmin * @global type $is_courseTutor * @global type $is_courseCoach * @global type $is_courseMember * @global type $is_sessionAdmin * @global type $is_allowed_in_course * * @param type $course_id * @param type $reset */ static function init_course($course_id, $reset) { global $_configuration; global $is_platformAdmin; global $is_allowedCreateCourse; global $_user; global $_cid; global $_course; global $_real_cid; global $is_courseAdmin; //course teacher global $is_courseTutor; //course teacher - some rights global $is_courseCoach; //course coach global $is_courseMember; //course student global $is_sessionAdmin; global $is_allowed_in_course; if ($reset) { // Course session data refresh requested or empty data if ($course_id) { $course_table = Database::get_main_table(TABLE_MAIN_COURSE); $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); $sql = "SELECT course.*, course_category.code faCode, course_category.name faName\n FROM {$course_table}\n LEFT JOIN {$course_cat_table}\n ON course.category_code = course_category.code\n WHERE course.code = '{$course_id}'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $course_data = Database::fetch_array($result); //@TODO real_cid should be cid, for working with numeric course id $_real_cid = $course_data['id']; $_cid = $course_data['code']; $_course = array(); $_course['real_id'] = $course_data['id']; $_course['id'] = $course_data['code']; //auto-assigned integer $_course['code'] = $course_data['code']; $_course['name'] = $course_data['title']; $_course['title'] = $course_data['title']; $_course['official_code'] = $course_data['visual_code']; // use in echo $_course['sysCode'] = $course_data['code']; // use as key in db $_course['path'] = $course_data['directory']; // use as key in path $_course['titular'] = $course_data['tutor_name']; // this should be deprecated and use the table course_rel_user $_course['language'] = $course_data['course_language']; $_course['extLink']['url'] = $course_data['department_url']; $_course['extLink']['name'] = $course_data['department_name']; $_course['categoryCode'] = $course_data['faCode']; $_course['categoryName'] = $course_data['faName']; $_course['visibility'] = $course_data['visibility']; $_course['subscribe_allowed'] = $course_data['subscribe']; $_course['unsubscribe'] = $course_data['unsubscribe']; $_course['activate_legal'] = $course_data['activate_legal']; $_course['show_score'] = $course_data['show_score']; //used in the work tool Session::write('_cid', $_cid); Session::write('_course', $_course); //@TODO real_cid should be cid, for working with numeric course id Session::write('_real_cid', $_real_cid); // if a session id has been given in url, we store the session // Database Table Definitions $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); if (!empty($_GET['id_session'])) { $_SESSION['id_session'] = intval($_GET['id_session']); $sql = 'SELECT name FROM ' . $tbl_session . ' WHERE id="' . intval($_SESSION['id_session']) . '"'; $rs = Database::query($sql); list($_SESSION['session_name']) = Database::fetch_array($rs); } else { Session::erase('session_name'); Session::erase('id_session'); } if (!isset($_SESSION['login_as'])) { //Course login if (isset($_user['user_id'])) { Event::event_course_login(api_get_course_int_id(), $_user['user_id'], api_get_session_id()); } } } else { //exit("WARNING UNDEFINED CID !! "); header('location:' . api_get_path(WEB_PATH)); } } else { Session::erase('_cid'); Session::erase('_real_cid'); Session::erase('_course'); if (!empty($_SESSION)) { foreach ($_SESSION as $key => $session_item) { if (strpos($key, 'lp_autolaunch_') === false) { continue; } else { if (isset($_SESSION[$key])) { Session::erase($key); } } } } //Deleting session info if (api_get_session_id()) { Session::erase('id_session'); Session::erase('session_name'); } } } else { // Continue with the previous values if (empty($_SESSION['_course']) or empty($_SESSION['_cid'])) { //no previous values... $_cid = -1; //set default values that will be caracteristic of being unset $_course = -1; } else { $_cid = $_SESSION['_cid']; $_course = $_SESSION['_course']; // these lines are usefull for tracking. Indeed we can have lost the id_session and not the cid. // Moreover, if we want to track a course with another session it can be usefull if (!empty($_GET['id_session'])) { $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $sql = 'SELECT name FROM ' . $tbl_session . ' WHERE id="' . intval($_SESSION['id_session']) . '"'; $rs = Database::query($sql); list($_SESSION['session_name']) = Database::fetch_array($rs); $_SESSION['id_session'] = intval($_GET['id_session']); } if (!isset($_SESSION['login_as'])) { $save_course_access = true; //The value $_dont_save_user_course_access should be added before the call of global.inc.php see the main/inc/chat.ajax.php file //Disables the updates in the TRACK_E_COURSE_ACCESS table if (isset($_dont_save_user_course_access) && $_dont_save_user_course_access == true) { $save_course_access = false; } if ($save_course_access) { $course_tracking_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); /* * When $_configuration['session_lifetime'] is too big 100 hours (in order to let users take exercises with no problems) * the function Tracking::get_time_spent_on_the_course() returns big values (200h) due the condition: * login_course_date > now() - INTERVAL $session_lifetime SECOND * */ /* if (isset($_configuration['session_lifetime'])) { $session_lifetime = $_configuration['session_lifetime']; } else { $session_lifetime = 3600; // 1 hour } */ $session_lifetime = 3600; // 1 hour $time = api_get_utc_datetime(); if (isset($_user['user_id']) && !empty($_user['user_id'])) { //We select the last record for the current course in the course tracking table //But only if the login date is < than now + max_life_time $sql = "SELECT course_access_id FROM {$course_tracking_table}\n WHERE\n user_id = " . intval($_user['user_id']) . " AND\n c_id = '" . api_get_course_int_id() . "' AND\n session_id = " . api_get_session_id() . " AND\n login_course_date > now() - INTERVAL {$session_lifetime} SECOND\n ORDER BY login_course_date DESC LIMIT 0,1"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $i_course_access_id = Database::result($result, 0, 0); //We update the course tracking table $sql = "UPDATE {$course_tracking_table}\n SET logout_course_date = '{$time}', counter = counter+1\n WHERE course_access_id = " . intval($i_course_access_id) . " AND session_id = " . api_get_session_id(); Database::query($sql); } else { $sql = "INSERT INTO {$course_tracking_table} (c_id, user_id, login_course_date, logout_course_date, counter, session_id)" . "VALUES('" . api_get_course_int_id() . "', '" . $_user['user_id'] . "', '{$time}', '{$time}', '1','" . api_get_session_id() . "')"; Database::query($sql); } } } } } } /* COURSE / USER REL. INIT */ $session_id = api_get_session_id(); $user_id = isset($_user['user_id']) ? $_user['user_id'] : null; //Course permissions $is_courseAdmin = false; //course teacher $is_courseTutor = false; //course teacher - some rights $is_courseMember = false; //course student //Course - User permissions $is_sessionAdmin = false; if ($reset) { if (isset($user_id) && $user_id && isset($_cid) && $_cid) { //Check if user is subscribed in a course $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); $sql = "SELECT * FROM {$course_user_table}\n WHERE\n user_id = '" . $user_id . "' AND\n relation_type <> " . COURSE_RELATION_TYPE_RRHH . " AND\n course_code = '{$course_id}'"; $result = Database::query($sql); $cuData = null; if (Database::num_rows($result) > 0) { // this user have a recorded state for this course $cuData = Database::fetch_array($result, 'ASSOC'); $is_courseAdmin = (bool) $cuData['status'] == 1; $is_courseTutor = (bool) $cuData['is_tutor'] == 1; $is_courseMember = true; // Checking if the user filled the course legal agreement if ($_course['activate_legal'] == 1 && !api_is_platform_admin()) { $user_is_subscribed = CourseManager::is_user_accepted_legal($user_id, $_course['id'], $session_id); if (!$user_is_subscribed) { $url = api_get_path(WEB_CODE_PATH) . 'course_info/legal.php?course_code=' . $_course['code'] . '&session_id=' . $session_id; header('Location: ' . $url); exit; } } } //We are in a session course? Check session permissions if (!empty($session_id)) { //I'm not the teacher of the course if ($is_courseAdmin == false) { // this user has no status related to this course // The user is subscribed in a session? The user is a Session coach a Session admin ? $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); //Session coach, session admin, course coach admin $sql = "SELECT session.id_coach, session_admin_id, session_rcru.user_id\n FROM {$tbl_session} session, {$tbl_session_course_user} session_rcru\n WHERE\n session_rcru.session_id = session.id AND\n session_rcru.c_id = '{$_real_cid}' AND\n session_rcru.user_id = '{$user_id}' AND\n session_rcru.session_id = {$session_id} AND\n session_rcru.status = 2"; $result = Database::query($sql); $row = Database::store_result($result); //I'm a session admin? if (isset($row) && isset($row[0]) && $row[0]['session_admin_id'] == $user_id) { $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_courseCoach = false; $is_sessionAdmin = true; } else { //Im a coach or a student? $sql = "SELECT user_id, status\n FROM " . $tbl_session_course_user . "\n WHERE\n c_id = '{$_cid}' AND\n user_id = '" . $user_id . "' AND\n session_id = '" . $session_id . "'\n LIMIT 1"; $result = Database::query($sql); if (Database::num_rows($result)) { $row = Database::fetch_array($result, 'ASSOC'); $session_course_status = $row['status']; switch ($session_course_status) { case '2': // coach - teacher $is_courseMember = true; $is_courseTutor = true; $is_courseCoach = true; $is_sessionAdmin = false; if (api_get_setting('extend_rights_for_coach') == 'true') { $is_courseAdmin = true; } else { $is_courseAdmin = false; } break; case '0': //student $is_courseMember = true; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; break; default: //unregister user $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; break; } } else { //unregister user $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; } } } //If I'm the admin platform i'm a teacher of the course if ($is_platformAdmin) { $is_courseAdmin = true; } } } else { // keys missing => not anymore in the course - user relation // course $is_courseMember = false; $is_courseAdmin = false; $is_courseTutor = false; $is_courseCoach = false; $is_sessionAdmin = false; } //Checking the course access $is_allowed_in_course = false; if (isset($_course)) { switch ($_course['visibility']) { case COURSE_VISIBILITY_OPEN_WORLD: //3 $is_allowed_in_course = true; break; case COURSE_VISIBILITY_OPEN_PLATFORM: //2 if (isset($user_id) && !api_is_anonymous($user_id)) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_REGISTERED: //1 if ($is_platformAdmin || $is_courseMember) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_CLOSED: //0 if ($is_platformAdmin || $is_courseAdmin) { $is_allowed_in_course = true; } break; case COURSE_VISIBILITY_HIDDEN: //4 if ($is_platformAdmin) { $is_allowed_in_course = true; } break; } } // check the session visibility if ($is_allowed_in_course == true) { //if I'm in a session if ($session_id != 0) { if (!$is_platformAdmin) { // admin and session coach are *not* affected to the invisible session mode // the coach is not affected because he can log in some days after the end date of a session $session_visibility = api_get_session_visibility($session_id); switch ($session_visibility) { case SESSION_INVISIBLE: $is_allowed_in_course = false; break; } //checking date } } } // save the states Session::write('is_courseAdmin', $is_courseAdmin); Session::write('is_courseMember', $is_courseMember); Session::write('is_courseTutor', $is_courseTutor); Session::write('is_courseCoach', $is_courseCoach); Session::write('is_allowed_in_course', $is_allowed_in_course); Session::write('is_sessionAdmin', $is_sessionAdmin); } else { // continue with the previous values $is_courseAdmin = $_SESSION['is_courseAdmin']; $is_courseTutor = $_SESSION['is_courseTutor']; $is_courseCoach = $_SESSION['is_courseCoach']; $is_courseMember = $_SESSION['is_courseMember']; $is_allowed_in_course = $_SESSION['is_allowed_in_course']; } }