/**
* Check whether this survey has ended. If so, display message and exit rhis script
*/
function check_time_availability($surv_data)
{
$start_date = mktime(0, 0, 0, substr($surv_data['start_date'], 5, 2), substr($surv_data['start_date'], 8, 2), substr($surv_data['start_date'], 0, 4));
$end_date = mktime(0, 0, 0, substr($surv_data['end_date'], 5, 2), substr($surv_data['end_date'], 8, 2), substr($surv_data['end_date'], 0, 4));
$cur_date = time();
if ($cur_date < $start_date) {
api_not_allowed(true, Display::return_message(get_lang('SurveyNotAvailableYet'), 'warning', false));
}
if ($cur_date > $end_date) {
api_not_allowed(true, Display::return_message(get_lang('SurveyNotAvailableAnymore'), 'warning', false));
}
}
function check_lock_permissions()
{
if (api_is_platform_admin()) {
return true;
} else {
if ($this->is_locked()) {
api_not_allowed();
}
}
}
/**
* @package chamilo.messages
*/
/**
* This script shows a compose area (wysiwyg editor if supported, otherwise
* a simple textarea) where the user can type a message.
* There are three modes
* - standard: type a message, select a user to send it to, press send
* - reply on message (when pressing reply when viewing a message)
* - send to specific user (when pressing send message in the who is online list)
*/
$cidReset = true;
//require_once '../inc/global.inc.php';
api_block_anonymous_users();
if (api_get_setting('message.allow_message_tool') != 'true') {
api_not_allowed();
}
$nameTools = api_xml_http_response_encode(get_lang('Messages'));
/* Constants and variables */
$htmlHeadXtra[] = '
<script language="javascript">
function validate(form, list) {
if(list.selectedIndex<0) {
alert("Please select someone to send the message to.")
return false
} else {
return true
}
}
</script>';
$clean_url .= '/';
$home_old = api_get_path(SYS_APP_PATH) . 'home/';
$home = api_get_path(SYS_APP_PATH) . 'home/' . $clean_url;
}
}
if (file_exists($home . 'register_top_' . $user_selected_language . '.html')) {
$home_top_temp = @(string) file_get_contents($home . 'register_top_' . $user_selected_language . '.html');
$open = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top_temp);
$open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
if (!empty($open)) {
$content = '<div class="well_border">' . $open . '</div>';
}
}
// Forbidden to self-register
if ($isNotAllowedHere) {
api_not_allowed(true, get_lang('RegistrationDisabled'));
}
if (api_get_setting('registration.allow_registration') == 'approval') {
$content .= Display::return_message(get_lang('YourAccountHasToBeApproved'));
}
//if openid was not found
if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
$content .= Display::return_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'));
}
}
// Terms and conditions
if (api_get_setting('registration.allow_terms_conditions') == 'true') {
$language = api_get_interface_language();
$language = api_get_language_id($language);
$term_preview = LegalManager::get_last_condition($language);
if (!$term_preview) {
/**
* @param int $id
* @return bool
*/
static function protect_session_edit($id = null)
{
if (api_is_platform_admin()) {
return false;
}
if (api_is_session_admin()) {
return false;
}
$blockTeachers = !api_is_teacher() || api_is_teacher() && api_get_setting('allow_teachers_to_create_sessions') == 'false';
if ($blockTeachers) {
api_not_allowed(true);
}
if (!empty($id)) {
$session_info = self::fetch($id);
if (empty($session_info)) {
api_not_allowed(true);
}
if ($blockTeachers && !api_is_platform_admin() && api_get_setting('allow_session_admins_to_manage_all_sessions') != 'true') {
if ($session_info['session_admin_id'] != api_get_user_id()) {
api_not_allowed(true);
}
}
//Blocking teachers that want to edit another session
if ($blockTeachers == false && $session_info['id_coach'] != api_get_user_id()) {
api_not_allowed(true);
}
}
}
}
/* DOWNLOAD A FILE */
/* AUTHORIZATION */
// Check if the id makes sense
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
api_not_allowed(true);
exit;
}
// Check if the user is allowed to download the file
$allowed_to_download = false;
if (user_can_download_file($_GET['id'], api_get_user_id())) {
$allowed_to_download = true;
}
/* ERROR IF NOT ALLOWED TO DOWNLOAD */
if (!$allowed_to_download) {
api_not_allowed(true, Display::return_message(get_lang('YouAreNotAllowedToDownloadThisFile'), 'error'));
exit;
} else {
/* DOWNLOAD THE FILE */
// the user is allowed to download the file
$_SESSION['_seen'][$_course['id']][TOOL_DROPBOX][] = intval($_GET['id']);
$work = new Dropbox_Work($_GET['id']);
$path = dropbox_cnf('sysPath') . '/' . $work->filename;
//path to file as stored on server
if (!Security::check_abs_path($path, dropbox_cnf('sysPath') . '/')) {
exit;
}
$file = $work->title;
DocumentManager::file_send_for_download($path, true, $file);
exit;
}
/**
* Gets attendance base in the table:
* TABLE_STATISTIC_TRACK_E_COURSE_ACCESS
* @param bool $showForm
* @throws ViewException
*/
public function getAttendanceBaseInLogin($showForm = false, $exportToPdf = true)
{
$table = null;
$formToDisplay = null;
$startDate = null;
$endDate = null;
$sessionId = api_get_session_id();
if ($showForm) {
$form = new FormValidator('search', 'post', api_get_self() . '?' . api_get_cidreq() . '&action=calendar_logins');
$form->addDateRangePicker('range', get_lang('DateRange'));
$form->addButton('submit', get_lang('Submit'));
if ($form->validate()) {
$values = $form->getSubmitValues();
$startDate = api_get_utc_datetime($values['range_start']);
$endDate = api_get_utc_datetime($values['range_end']);
}
$formToDisplay = $form->returnForm();
} else {
if (!empty($sessionId)) {
$sessionInfo = api_get_session_info($sessionId);
$startDate = $sessionInfo['access_start_date'];
$endDate = $sessionInfo['access_end_date'];
}
}
$attendance = new Attendance();
if ($exportToPdf) {
$result = $attendance->exportAttendanceLogin($startDate, $endDate);
if (empty($result)) {
api_not_allowed(true, get_lang('NoDataAvailable'));
}
}
$table = $attendance->getAttendanceLoginTable($startDate, $endDate);
$data = array('form' => $formToDisplay, 'table' => $table);
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('calendar_logins');
$this->view->render();
}
$this_section = SECTION_COURSES;
if (!api_is_allowed_to_edit(false, true)) {
api_not_allowed(true);
}
// Database table definitions
$table_survey = Database::get_course_table(TABLE_SURVEY);
$table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database::get_main_table(TABLE_MAIN_COURSE);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$course_id = api_get_course_int_id();
// Getting the survey information
$survey_id = Security::remove_XSS($_GET['survey_id']);
$survey_data = SurveyManager::get_survey($survey_id);
if (empty($survey_data)) {
api_not_allowed(true, get_lang('InvallidSurvey'));
}
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
$urlname .= '...';
}
// Breadcrumbs
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey_list.php?' . api_get_cidreq(), 'name' => get_lang('SurveyList'));
if (api_is_course_admin()) {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey.php?survey_id=' . $survey_id . '&' . api_get_cidreq(), 'name' => $urlname);
} else {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey_invite.php?survey_id=' . $survey_id . '&' . api_get_cidreq(), 'name' => $urlname);
}
$tool_name = get_lang('SurveyPublication');
// Displaying the header
Display::display_header($tool_name, 'Survey');
/**
* @Route("/add_course", name="add_course")
* @Method({"GET|POST"})
* @Security("has_role('ROLE_USER')")
*
* @return Response
*/
public function addCourseAction()
{
// "Course validation" feature. This value affects the way of a new course creation:
// true - the new course is requested only and it is created after approval;
// false - the new course is created immediately, after filling this form.
$courseValidation = false;
if (api_get_setting('course.course_validation') == 'true' && !api_is_platform_admin()) {
$courseValidation = true;
}
// Displaying the header.
$tool_name = $courseValidation ? get_lang('CreateCourseRequest') : get_lang('CreateSite');
if (api_get_setting('course.allow_users_to_create_courses') == 'false' && !api_is_platform_admin()) {
api_not_allowed(true);
}
// Check access rights.
if (!api_is_allowed_to_create_course()) {
api_not_allowed(true);
}
$url = $this->generateUrl('add_course');
// Build the form.
$form = new \FormValidator('add_course', 'post', $url);
// Form title
$form->addElement('header', $tool_name);
// Title
$form->addElement('text', 'title', array(get_lang('CourseName'), get_lang('Ex')), array('id' => 'title'));
$form->applyFilter('title', 'html_filter');
$form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
$form->addButtonAdvancedSettings('advanced_params');
$form->addElement('html', '<div id="advanced_params_options" style="display:none">');
// Category category.
$url = api_get_path(WEB_AJAX_PATH) . 'course.ajax.php?a=search_category';
$form->addElement('select_ajax', 'category_code', get_lang('CourseFaculty'), null, array('url' => $url));
// Course code
$form->addText('wanted_code', array(get_lang('Code'), get_lang('OnlyLettersAndNumbers')), '', array('maxlength' => \CourseManager::MAX_COURSE_LENGTH_CODE, 'pattern' => '[a-zA-Z0-9]+', 'title' => get_lang('OnlyLettersAndNumbers')));
$form->applyFilter('wanted_code', 'html_filter');
$form->addRule('wanted_code', get_lang('Max'), 'maxlength', \CourseManager::MAX_COURSE_LENGTH_CODE);
// The teacher
//array(get_lang('Professor'), null), null, array('size' => '60', 'disabled' => 'disabled'));
$titular =& $form->addElement('hidden', 'tutor_name', '');
if ($courseValidation) {
// Description of the requested course.
$form->addElement('textarea', 'description', get_lang('Description'), array('rows' => '3'));
// Objectives of the requested course.
$form->addElement('textarea', 'objetives', get_lang('Objectives'), array('rows' => '3'));
// Target audience of the requested course.
$form->addElement('textarea', 'target_audience', get_lang('TargetAudience'), array('rows' => '3'));
}
// Course language.
$form->addElement('select_language', 'course_language', get_lang('Ln'), array(), array('style' => 'width:150px'));
$form->applyFilter('select_language', 'html_filter');
// Exemplary content checkbox.
$form->addElement('checkbox', 'exemplary_content', null, get_lang('FillWithExemplaryContent'));
if ($courseValidation) {
// A special URL to terms and conditions that is set
// in the platform settings page.
$terms_and_conditions_url = trim(api_get_setting('course_validation_terms_and_conditions_url'));
// If the special setting is empty,
// then we may get the URL from Chamilo's module "Terms and conditions",
// if it is activated.
if (empty($terms_and_conditions_url)) {
if (api_get_setting('registration.allow_terms_conditions') == 'true') {
$terms_and_conditions_url = api_get_path(WEB_CODE_PATH);
$terms_and_conditions_url .= 'auth/inscription.php?legal';
}
}
if (!empty($terms_and_conditions_url)) {
// Terms and conditions to be accepted before sending a course request.
$form->addElement('checkbox', 'legal', null, get_lang('IAcceptTermsAndConditions'), 1);
$form->addRule('legal', get_lang('YouHaveToAcceptTermsAndConditions'), 'required');
// Link to terms and conditions.
$link_terms_and_conditions = '
<script>
function MM_openBrWindow(theURL, winName, features) { //v2.0
window.open(theURL,winName,features);
}
</script>
';
$link_terms_and_conditions .= \Display::url(get_lang('ReadTermsAndConditions'), '#', ['onclick' => "javascript:MM_openBrWindow('{$terms_and_conditions_url}', 'Conditions', 'scrollbars=yes, width=800');"]);
$form->addElement('label', null, $link_terms_and_conditions);
}
}
$obj = new \GradeModel();
$obj->fill_grade_model_select_in_form($form);
$form->addElement('html', '</div>');
// Submit button.
$form->addButtonCreate($courseValidation ? get_lang('CreateThisCourseRequest') : get_lang('CreateCourseArea'));
// Set default values.
if (isset($_user['language']) && $_user['language'] != '') {
$values['course_language'] = $_user['language'];
} else {
$values['course_language'] = api_get_setting('language.platform_language');
}
$form->setDefaults($values);
$message = null;
$content = null;
// Validate the form.
if ($form->validate()) {
$course_values = $form->exportValues();
$wanted_code = $course_values['wanted_code'];
//$category_code = $course_values['category_code'];
$category_code = '';
$title = $course_values['title'];
$course_language = $course_values['course_language'];
$exemplary_content = !empty($course_values['exemplary_content']);
if ($courseValidation) {
$description = $course_values['description'];
$objetives = $course_values['objetives'];
$target_audience = $course_values['target_audience'];
}
if ($wanted_code == '') {
$wanted_code = \CourseManager::generate_course_code(api_substr($title, 0, \CourseManager::MAX_COURSE_LENGTH_CODE));
}
// Check whether the requested course code has already been occupied.
if (!$courseValidation) {
$course_code_ok = !\CourseManager::course_code_exists($wanted_code);
} else {
$course_code_ok = !\CourseRequestManager::course_code_exists($wanted_code);
}
if ($course_code_ok) {
if (!$courseValidation) {
$params = array();
$params['title'] = $title;
$params['exemplary_content'] = $exemplary_content;
$params['wanted_code'] = $wanted_code;
$params['course_category'] = $category_code;
$params['course_language'] = $course_language;
$params['gradebook_model_id'] = isset($course_values['gradebook_model_id']) ? $course_values['gradebook_model_id'] : null;
$course_info = \CourseManager::create_course($params);
if (!empty($course_info)) {
$url = api_get_path(WEB_CODE_PATH);
$url .= 'course_info/start.php?cidReq=';
$url .= $course_info['code'];
$url .= '&first=1';
header('Location: ' . $url);
exit;
} else {
$this->addFlash('error', $this->trans('CourseCreationFailed'));
// Display the form.
$content = $form->returnForm();
}
} else {
// Create a request for a new course.
$request_id = \CourseRequestManager::create_course_request($wanted_code, $title, $description, $category_code, $course_language, $objetives, $target_audience, api_get_user_id(), $exemplary_content);
if ($request_id) {
$course_request_info = \CourseRequestManager::get_course_request_info($request_id);
$message = (is_array($course_request_info) ? '<strong>' . $course_request_info['code'] . '</strong> : ' : '') . get_lang('CourseRequestCreated');
\Display::return_message($message, 'confirmation', false);
\Display::return_message('div', \Display::url(get_lang('Enter'), api_get_path(WEB_PATH) . 'user_portal.php', ['class' => 'btn btn-default']), ['style' => 'float: left; margin:0px; padding: 0px;']);
} else {
\Display::return_message(get_lang('CourseRequestCreationFailed'), 'error', false);
// Display the form.
$content = $form->returnForm();
}
}
} else {
\Display::return_message(get_lang('CourseCodeAlreadyExists'), 'error', false);
// Display the form.
$content = $form->returnForm();
}
} else {
if (!$courseValidation) {
$this->addFlash('warning', get_lang('Explanation'));
}
// Display the form.
$content = $form->returnForm();
}
return $this->render('ChamiloCoreBundle:Index:userportal.html.twig', array('content' => $content));
}
<?php
/* For licensing terms, see /license.txt */
/**
* Search user certificates if them are publics
* @author Angel Fernando Quiroz Campos <*****@*****.**>
* @package chamilo.gradebook
*/
use ChamiloSession as Session;
$cidReset = true;
require_once '../inc/global.inc.php';
if (api_get_setting('allow_public_certificates') != 'true') {
api_not_allowed(true, Display::return_message(get_lang('CertificatesNotPublic'), 'warning'));
}
$userId = isset($_GET['id']) ? intval($_GET['id']) : 0;
$userList = $userInfo = $courseList = $sessionList = [];
$searchForm = new FormValidator('search_form', 'post', null, null);
$searchForm->addText('firstname', get_lang('FirstName'));
$searchForm->addText('lastname', get_lang('LastName'));
$searchForm->addButtonSearch();
if ($searchForm->validate()) {
$firstname = $searchForm->getSubmitValue('firstname');
$lastname = $searchForm->getSubmitValue('lastname');
$userList = UserManager::getUserByName($firstname, $lastname);
if (empty($userList)) {
Display::addFlash(Display::return_message(get_lang('NoResults'), 'warning'));
header('Location: ' . api_get_self());
exit;
}
} elseif ($userId > 0) {
$userInfo = api_get_user_info($userId);
$documentPath = $saveDir.'/'.$drawFileName;
//add new document to disk
file_put_contents( $documentPath, $contents );
if ($currentTool=='document/createdraw') {
//add document to database
$doc_id = add_document($_course, $relativeUrlPath.'/'.$drawFileName, 'file', filesize($documentPath), $title);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);
} elseif($currentTool=='document/editdraw') {
//check path
if (!isset($_SESSION['draw_file'])){
api_not_allowed();//from Chamilo
die();
}
if ($_SESSION['draw_file'] == $drawFileName ){
$document_id = DocumentManager::get_document_id($_course, $relativeUrlPath.'/'.$drawFileName);
update_existing_document($_course, $document_id, filesize($documentPath), null);
api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', $_user['user_id'], $groupId, null, null, null, $current_session_id);
} else {
//add a new document
$doc_id = add_document($_course, $relativeUrlPath.'/'.$drawFileName, 'file', filesize($documentPath), $title);
api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);
}
}
//clean sessions and add messages and return to current document list
unset($_SESSION['draw_dir']);
/**
* Checks whether the Archive directory is present and writeable. If not,
* prints a warning message.
*/
function api_check_archive_dir()
{
if (is_dir(api_get_path(SYS_ARCHIVE_PATH)) && !is_writable(api_get_path(SYS_ARCHIVE_PATH))) {
$message = Display::return_message(get_lang('ArchivesDirectoryNotWriteableContactAdmin'), 'warning');
api_not_allowed(true, $message);
}
}
/**
* @param Application $app
* @return string
*/
public function indexAction(Application $app)
{
$request = $app['request'];
$language_file = array('admin', 'exercice', 'gradebook', 'tracking');
// 1. Setting variables needed by jqgrid
$action = $request->get('a');
$page = $request->get('page');
//page
$limit = $request->get('rows');
//quantity of rows
$sidx = $request->get('sidx');
//index (field) to filter
$sord = $request->get('sord');
//asc or desc
if (strpos(strtolower($sidx), 'asc') !== false) {
$sidx = str_replace(array('asc', ','), '', $sidx);
$sord = 'asc';
}
if (strpos(strtolower($sidx), 'desc') !== false) {
$sidx = str_replace(array('desc', ','), '', $sidx);
$sord = 'desc';
}
if (!in_array($sord, array('asc', 'desc'))) {
$sord = 'desc';
}
if (!in_array($action, array('get_exercise_results', 'get_hotpotatoes_exercise_results', 'get_work_user_list', 'get_timelines', 'get_user_skill_ranking', 'get_usergroups_teacher', 'get_question_list', 'get_user_list_plugin_widescale'))) {
api_protect_admin_script(true);
}
if ($action == 'get_user_list_plugin_widescale') {
$allowed = api_is_drh() || api_is_platform_admin();
if (!$allowed) {
api_not_allowed();
}
}
// Search features.
// If there is no search request sent by jqgrid, $where should be empty.
$where_condition = "";
$operation = $request->get('oper');
$export_format = $request->get('export_format');
$search_field = $request->get('searchField');
$search_oper = $request->get('searchOper');
$search_string = $request->get('searchString');
$isSearch = $request->get('_search');
$filters = $request->get('filters');
$type = $request->get('type');
$extra_fields = array();
$questionFields = array();
if ($isSearch == 'true') {
$where_condition = ' 1 = 1 ';
$where_condition_in_form = $this->getWhereClause($search_field, $search_oper, $search_string);
if (!empty($where_condition_in_form)) {
$where_condition .= ' AND ' . $where_condition_in_form;
}
$filters = isset($filters) ? json_decode($filters) : false;
// for now
if (!empty($filters)) {
switch ($action) {
case 'get_questions':
$extraFieldtype = 'question';
break;
case 'get_sessions':
$extraFieldtype = 'session';
break;
}
// Extra field.
$extraField = new \ExtraField($extraFieldtype);
$result = $extraField->getExtraFieldRules($filters, 'extra_');
$extra_fields = $result['extra_fields'];
$condition_array = $result['condition_array'];
if (!empty($condition_array)) {
$where_condition .= ' AND ( ';
$where_condition .= implode($filters->groupOp, $condition_array);
$where_condition .= ' ) ';
}
// Question field.
$resultQuestion = $extraField->getExtraFieldRules($filters, 'question_');
$questionFields = $resultQuestion['extra_fields'];
$condition_array = $resultQuestion['condition_array'];
if (!empty($condition_array)) {
$where_condition .= ' AND ( ';
$where_condition .= implode($filters->groupOp, $condition_array);
$where_condition .= ' ) ';
}
}
}
// get index row - i.e. user click to sort $sord = $_GET['sord'];
// get the direction
if (!$sidx) {
$sidx = 1;
}
//2. Selecting the count FIRST
//@todo rework this
switch ($action) {
case 'get_questions':
$categoryId = $request->get('categoryId');
$exerciseId = $request->get('exerciseId');
//$courseId = null; //$request->get('courseId');
$courseId = $request->get('courseId');
// Question manager can view all questions
if (api_is_question_manager()) {
$courseId = null;
}
$count = \Question::getQuestions($app, $categoryId, $exerciseId, $courseId, array('where' => $where_condition, 'extra' => $extra_fields, 'question' => $questionFields), true);
break;
case 'get_user_list_plugin_widescale':
$count = \UserManager::get_user_data(null, null, null, null, true);
break;
case 'get_question_list':
require_once api_get_path(SYS_CODE_PATH) . 'exercice/exercise.class.php';
$exerciseId = $request->get('exerciseId');
$exercise = new \Exercise(api_get_course_int_id());
$exercise->read($exerciseId);
$count = $exercise->selectNbrQuestions();
break;
case 'get_group_reporting':
$course_id = $request->get('course_id');
$group_id = $request->get('gidReq');
$count = \Tracking::get_group_reporting($course_id, $group_id, 'count');
break;
case 'get_user_course_report_resumed':
$count = \CourseManager::get_count_user_list_from_course_code(true, 'ruc');
break;
case 'get_user_course_report':
$count = \CourseManager::get_count_user_list_from_course_code(false);
break;
case 'get_course_exercise_medias':
$course_id = api_get_course_int_id();
$count = \Question::get_count_course_medias($course_id);
break;
case 'get_user_skill_ranking':
$skill = new \Skill();
$count = $skill->get_user_list_skill_ranking_count();
break;
case 'get_work_user_list':
require_once api_get_path(SYS_CODE_PATH) . 'work/work.lib.php';
$work_id = $request->get('work_id');
//$_REQUEST['work_id'];
$count = get_count_work($work_id);
break;
case 'get_exercise_results':
$exercise_id = $request->get('exerciseId');
//$_REQUEST['exerciseId'];
$filter_by_user = $request->get('filter_by_user');
if (isset($filter_by_user) && !empty($filter_by_user)) {
$filter_user = intval($filter_by_user);
if ($where_condition == "") {
$where_condition .= " te.exe_user_id = '{$filter_user}'";
} else {
$where_condition .= " AND te.exe_user_id = '{$filter_user}'";
}
}
$count = \ExerciseLib::get_count_exam_results($exercise_id, $where_condition);
break;
case 'get_hotpotatoes_exercise_results':
$hotpot_path = $request->get('path');
//$_REQUEST['path'];
$count = \ExerciseLib::get_count_exam_hotpotatoes_results($hotpot_path);
break;
case 'get_sessions':
$list_type = $request->get('list_type');
if ($list_type == 'simple' || empty($list_type)) {
$count = \SessionManager::get_sessions_admin(array('where' => $where_condition, 'extra' => $extra_fields), true);
} else {
$count = \SessionManager::get_count_admin_complete(array('where' => $where_condition, 'extra' => $extra_fields));
}
break;
case 'get_extra_fields':
$obj = new \ExtraField($type);
$count = $obj->get_count();
break;
case 'get_extra_field_options':
$field_id = $request->get('field_id');
$obj = new \ExtraFieldOption($type);
$count = $obj->get_count_by_field_id($field_id);
break;
case 'get_timelines':
$obj = new \Timeline();
$count = $obj->get_count();
break;
case 'get_gradebooks':
$obj = new \Gradebook();
$count = $obj->get_count();
break;
case 'get_event_email_template':
$obj = new \EventEmailTemplate();
$count = $obj->get_count();
break;
case 'get_careers':
$obj = new \Career();
$count = $obj->get_count();
break;
case 'get_promotions':
$obj = new \Promotion();
$count = $obj->get_count();
break;
case 'get_grade_models':
$obj = new \GradeModel();
$count = $obj->get_count();
break;
case 'get_usergroups':
$obj = new \UserGroup();
$count = $obj->get_count();
break;
case 'get_usergroups_teacher':
$obj = new \UserGroup();
$course_id = api_get_course_int_id();
if ($type == 'registered') {
$count = $obj->get_usergroup_by_course_with_data_count($course_id);
} else {
$count = $obj->get_count();
}
break;
default:
exit;
}
//3. Calculating first, end, etc
$total_pages = 0;
if ((int) $count > 0) {
if (!empty($limit)) {
$total_pages = ceil($count / $limit);
}
}
if ($page > $total_pages) {
$page = $total_pages;
}
$start = $limit * $page - $limit;
if ($start < 0) {
$start = 0;
}
//4. Deleting an element if the user wants to
if ($operation == 'del') {
$obj->delete($request->get('id'));
}
$is_allowedToEdit = api_is_allowed_to_edit(null, true) || api_is_allowed_to_edit(true) || api_is_drh();
//5. Querying the DB for the elements
$columns = array();
switch ($action) {
case 'get_questions':
$columns = \Question::getQuestionColumns(api_get_course_id(), $extra_fields, $questionFields, true);
$columns = $columns['simple_column_name'];
$result = \Question::getQuestions($app, $categoryId, $exerciseId, $courseId, array('where' => $where_condition, 'order' => "{$sidx} {$sord}", 'extra' => $extra_fields, 'question' => $questionFields, 'limit' => "{$start} , {$limit}"));
//var_dump($result);
break;
case 'get_user_list_plugin_widescale':
$columns = array('username', 'firstname', 'lastname', 'exam_password');
$column_names = array(get_lang('Username'), get_lang('Firstname'), get_lang('Lastname'), get_lang('Password'));
$result = \UserManager::get_user_data($start, $limit, $sidx, $sord);
break;
case 'get_question_list':
if (isset($exercise) && !empty($exercise)) {
$columns = array('question', 'type', 'category', 'level', 'score', 'actions');
$result = $exercise->getQuestionListPagination($start, $limit, $sidx, $sord, $where_condition);
}
break;
case 'get_group_reporting':
$columns = array('name', 'time', 'progress', 'score', 'works', 'messages', 'actions');
$result = \Tracking::get_group_reporting($course_id, $group_id, 'all', $start, $limit, $sidx, $sord, $where_condition);
break;
case 'get_course_exercise_medias':
$columns = array('question');
$result = \Question::get_course_medias($course_id, $start, $limit, $sidx, $sord, $where_condition);
if (!empty($result)) {
foreach ($result as &$media) {
$media['id'] = $media['iid'];
}
}
break;
case 'get_user_course_report_resumed':
$columns = array('extra_ruc', 'training_hours', 'count_users', 'count_users_registered', 'average_hours_per_user', 'count_certificates');
$column_names = array(get_lang('Company'), get_lang('TrainingHoursAccumulated'), get_lang('CountOfSubscriptions'), get_lang('CountOfUsers'), get_lang('AverageHoursPerStudent'), get_lang('CountCertificates'));
$result = \CourseManager::get_user_list_from_course_code(null, null, "LIMIT {$start}, {$limit}", " {$sidx} {$sord}", null, null, true, true, 'ruc');
$new_result = array();
if (!empty($result)) {
foreach ($result as $row) {
$row['training_hours'] = api_time_to_hms($row['training_hours']);
$row['average_hours_per_user'] = api_time_to_hms($row['average_hours_per_user']);
$new_result[] = $row;
}
$result = $new_result;
}
break;
case 'get_user_course_report':
$columns = array('course', 'user', 'time', 'certificate', 'progress_100', 'progress');
$column_names = array(get_lang('Course'), get_lang('User'), get_lang('ManHours'), get_lang('CertificateGenerated'), get_lang('Approved'), get_lang('CourseAdvance'));
$extra_fields = \UserManager::get_extra_fields(0, 100, null, null, true, true);
if (!empty($extra_fields)) {
foreach ($extra_fields as $extra) {
$columns[] = $extra['1'];
$column_names[] = $extra['3'];
}
}
$result = \CourseManager::get_user_list_from_course_code(null, null, "LIMIT {$start}, {$limit}", " {$sidx} {$sord}", null, null, true);
break;
case 'get_user_skill_ranking':
$columns = array('photo', 'firstname', 'lastname', 'skills_acquired', 'currently_learning', 'rank');
$result = $skill->get_user_list_skill_ranking($start, $limit, $sidx, $sord, $where_condition);
$result = \ArrayClass::msort($result, 'skills_acquired', 'asc');
$skills_in_course = array();
if (!empty($result)) {
//$counter = 1;
foreach ($result as &$item) {
$user_info = api_get_user_info($item['user_id']);
$personal_course_list = \UserManager::get_personal_session_course_list($item['user_id']);
$count_skill_by_course = array();
foreach ($personal_course_list as $course_item) {
if (!isset($skills_in_course[$course_item['code']])) {
$count_skill_by_course[$course_item['code']] = $skill->get_count_skills_by_course($course_item['code']);
$skills_in_course[$course_item['code']] = $count_skill_by_course[$course_item['code']];
} else {
$count_skill_by_course[$course_item['code']] = $skills_in_course[$course_item['code']];
}
}
$item['photo'] = \Display::img($user_info['avatar_small']);
$item['currently_learning'] = !empty($count_skill_by_course) ? array_sum($count_skill_by_course) : 0;
}
}
break;
case 'get_work_user_list':
if (isset($type) && $type == 'simple') {
$columns = array('type', 'firstname', 'lastname', 'username', 'title', 'qualification', 'sent_date', 'qualificator_id', 'actions');
} else {
$columns = array('type', 'firstname', 'lastname', 'username', 'title', 'sent_date', 'actions');
}
$result = get_work_user_list($start, $limit, $sidx, $sord, $work_id, $where_condition);
break;
case 'get_exercise_results':
$course = api_get_course_info();
//used inside get_exam_results_data()
$documentPath = api_get_path(SYS_COURSE_PATH) . $course['path'] . "/document";
if ($is_allowedToEdit) {
$columns = array('firstname', 'lastname', 'username', 'group_name', 'exe_duration', 'start_date', 'exe_date', 'score', 'status', 'lp', 'actions');
} else {
//$columns = array('exe_duration', 'start_date', 'exe_date', 'score', 'status', 'actions');
}
$result = \ExerciseLib::get_exam_results_data($start, $limit, $sidx, $sord, $exercise_id, $where_condition);
break;
case 'get_hotpotatoes_exercise_results':
$course = api_get_course_info();
//used inside get_exam_results_data()
$documentPath = api_get_path(SYS_COURSE_PATH) . $course['path'] . "/document";
$columns = array('firstname', 'lastname', 'username', 'group_name', 'exe_date', 'score', 'actions');
$result = ExerciseLib::get_exam_results_hotpotatoes_data($start, $limit, $sidx, $sord, $hotpot_path, $where_condition);
//get_exam_results_data($start, $limit, $sidx, $sord, $exercise_id, $where_condition);
break;
case 'get_sessions':
$session_columns = \SessionManager::get_session_columns($list_type);
$columns = $session_columns['simple_column_name'];
if ($list_type == 'simple') {
$result = SessionManager::get_sessions_admin(array('where' => $where_condition, 'order' => "{$sidx} {$sord}", 'extra' => $extra_fields, 'limit' => "{$start} , {$limit}"), false);
} else {
$result = SessionManager::get_sessions_admin_complete(array('where' => $where_condition, 'order' => "{$sidx} {$sord}", 'extra' => $extra_fields, 'limit' => "{$start} , {$limit}"));
}
break;
case 'get_timelines':
$columns = array('headline', 'actions');
//$columns = array('headline', 'type', 'start_date', 'end_date', 'text', 'media', 'media_credit', 'media_caption', 'title_slide', 'parent_id');
if (!in_array($sidx, $columns)) {
$sidx = 'headline';
}
$course_id = api_get_course_int_id();
$result = Database::select('*', $obj->table, array('where' => array('parent_id = ? AND c_id = ?' => array('0', $course_id)), 'order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
foreach ($result as $item) {
if (!$item['status']) {
$item['name'] = '<font style="color:#AAA">' . $item['name'] . '</font>';
}
$item['headline'] = Display::url($item['headline'], api_get_path(WEB_CODE_PATH) . 'timeline/view.php?id=' . $item['id']);
$item['actions'] = Display::url(Display::return_icon('add.png', get_lang('AddItems')), api_get_path(WEB_CODE_PATH) . 'timeline/?action=add_item&parent_id=' . $item['id']);
$item['actions'] .= Display::url(Display::return_icon('edit.png', get_lang('Edit')), api_get_path(WEB_CODE_PATH) . 'timeline/?action=edit&id=' . $item['id']);
$item['actions'] .= Display::url(Display::return_icon('delete.png', get_lang('Delete')), api_get_path(WEB_CODE_PATH) . 'timeline/?action=delete&id=' . $item['id']);
$new_result[] = $item;
}
$result = $new_result;
break;
case 'get_gradebooks':
$columns = array('name', 'certificates', 'skills', 'actions', 'has_certificates');
if (!in_array($sidx, $columns)) {
$sidx = 'name';
}
$result = Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
foreach ($result as $item) {
if ($item['parent_id'] != 0) {
continue;
}
$skills = $obj->get_skills_by_gradebook($item['id']);
//Fixes bug when gradebook doesn't have names
if (empty($item['name'])) {
$item['name'] = $item['course_code'];
} else {
//$item['name'] = $item['name'].' ['.$item['course_code'].']';
}
$item['name'] = Display::url($item['name'], api_get_path(WEB_CODE_PATH) . 'gradebook/index.php?id_session=0&cidReq=' . $item['course_code']);
if (!empty($item['certif_min_score']) && !empty($item['document_id'])) {
$item['certificates'] = Display::return_icon('accept.png', get_lang('WithCertificate'), array(), ICON_SIZE_SMALL);
$item['has_certificates'] = '1';
} else {
$item['certificates'] = Display::return_icon('warning.png', get_lang('NoCertificate'), array(), ICON_SIZE_SMALL);
$item['has_certificates'] = '0';
}
if (!empty($skills)) {
foreach ($skills as $skill) {
$item['skills'] .= Display::span($skill['name'], array('class' => 'label_tag skill'));
}
}
$new_result[] = $item;
}
$result = $new_result;
break;
case 'get_event_email_template':
$columns = array('subject', 'event_type_name', 'language_id', 'activated', 'actions');
if (!in_array($sidx, $columns)) {
$sidx = 'subject';
}
$result = Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
foreach ($result as $item) {
$language_info = api_get_language_info($item['language_id']);
$item['language_id'] = $language_info['english_name'];
$item['actions'] = Display::url(Display::return_icon('edit.png', get_lang('Edit')), api_get_path(WEB_CODE_PATH) . 'admin/event_type.php?action=edit&event_type_name=' . $item['event_type_name']);
$item['actions'] .= Display::url(Display::return_icon('delete.png', get_lang('Delete')), api_get_path(WEB_CODE_PATH) . 'admin/event_controller.php?action=delete&id=' . $item['id']);
/*if (!$item['status']) {
$item['name'] = '<font style="color:#AAA">'.$item['subject'].'</font>';
}*/
$new_result[] = $item;
}
$result = $new_result;
break;
case 'get_careers':
$columns = array('name', 'description', 'actions');
if (!in_array($sidx, $columns)) {
$sidx = 'name';
}
$result = Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
foreach ($result as $item) {
if (!$item['status']) {
$item['name'] = '<font style="color:#AAA">' . $item['name'] . '</font>';
}
$new_result[] = $item;
}
$result = $new_result;
break;
case 'get_promotions':
$columns = array('name', 'career', 'description', 'actions');
if (!in_array($sidx, $columns)) {
$sidx = 'name';
}
$result = Database::select('p.id,p.name, p.description, c.name as career, p.status', "{$obj->table} p LEFT JOIN " . Database::get_main_table(TABLE_CAREER) . " c ON c.id = p.career_id ", array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
foreach ($result as $item) {
if (!$item['status']) {
$item['name'] = '<font style="color:#AAA">' . $item['name'] . '</font>';
}
$new_result[] = $item;
}
$result = $new_result;
break;
case 'get_grade_models':
$columns = array('name', 'description', 'actions');
if (!in_array($sidx, $columns)) {
$sidx = 'name';
}
$result = Database::select('*', "{$obj->table} ", array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
foreach ($result as $item) {
$new_result[] = $item;
}
$result = $new_result;
break;
case 'get_usergroups':
$columns = array('name', 'users', 'courses', 'sessions', 'group_type', 'actions');
$result = Database::select('*', $obj->table, array('order' => "name {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
if (!empty($result)) {
foreach ($result as $group) {
$group['sessions'] = count($obj->get_sessions_by_usergroup($group['id']));
$group['courses'] = count($obj->get_courses_by_usergroup($group['id']));
$group['users'] = count($obj->get_users_by_usergroup($group['id']));
switch ($group['group_type']) {
case '0':
$group['group_type'] = Display::label(get_lang('Class'), 'info');
break;
case '1':
$group['group_type'] = Display::label(get_lang('Social'), 'success');
break;
}
$new_result[] = $group;
}
$result = $new_result;
}
$columns = array('name', 'users', 'courses', 'sessions', 'group_type');
if (!in_array($sidx, $columns)) {
$sidx = 'name';
}
//Multidimensional sort
ArrayClass::msort($result, $sidx);
break;
case 'get_extra_fields':
$obj = new \ExtraField($type);
$columns = array('field_display_text', 'field_variable', 'field_type', 'field_changeable', 'field_visible', 'field_filter', 'field_order');
$result = \Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
$new_result = array();
if (!empty($result)) {
foreach ($result as $item) {
$item['field_type'] = $obj->get_field_type_by_id($item['field_type']);
$item['field_changeable'] = $item['field_changeable'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
$item['field_visible'] = $item['field_visible'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
$item['field_filter'] = $item['field_filter'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
$new_result[] = $item;
}
$result = $new_result;
}
break;
case 'get_extra_field_options':
$obj = new \ExtraFieldOption($type);
$columns = array('option_display_text', 'option_value', 'option_order');
$result = \Database::select('*', $obj->table, array('where' => array("field_id = ? " => $field_id), 'order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
/*$new_result = array();
if (!empty($result)) {
foreach ($result as $item) {
$item['field_type'] = $obj->get_field_type_by_id($item['field_type']);
$item['field_changeable'] = $item['field_changeable'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
$item['field_visible'] = $item['field_visible'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
$item['field_filter'] = $item['field_filter'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
$new_result[] = $item;
}
$result = $new_result;
}*/
break;
case 'get_usergroups_teacher':
$columns = array('name', 'users', 'actions');
$options = array('order' => "name {$sord}", 'LIMIT' => "{$start} , {$limit}");
$options['course_id'] = $course_id;
switch ($type) {
case 'not_registered':
$options['where'] = array(" (course_id IS NULL OR course_id != ?) " => $course_id);
$result = $obj->get_usergroup_not_in_course($options);
break;
case 'registered':
$options['where'] = array(" usergroup.course_id = ? " => $course_id);
$result = $obj->get_usergroup_in_course($options);
break;
}
$new_result = array();
if (!empty($result)) {
foreach ($result as $group) {
$group['users'] = count($obj->get_users_by_usergroup($group['id']));
if ($obj->usergroup_was_added_in_course($group['id'], $course_id)) {
$url = 'class.php?action=remove_class_from_course&id=' . $group['id'];
$icon = Display::return_icon('delete.png', get_lang('Remove'));
} else {
$url = 'class.php?action=add_class_to_course&id=' . $group['id'];
$icon = Display::return_icon('add.png', get_lang('Add'));
}
$group['actions'] = Display::url($icon, $url);
$new_result[] = $group;
}
$result = $new_result;
}
if (!in_array($sidx, $columns)) {
$sidx = 'name';
}
//Multidimensional sort
\ArrayClass::msort($result, $sidx);
break;
default:
exit;
}
$allowed_actions = array('get_careers', 'get_promotions', 'get_usergroups', 'get_usergroups_teacher', 'get_gradebooks', 'get_sessions', 'get_exercise_results', 'get_hotpotatoes_exercise_results', 'get_work_user_list', 'get_timelines', 'get_grade_models', 'get_event_email_template', 'get_user_skill_ranking', 'get_extra_fields', 'get_extra_field_options', 'get_course_exercise_medias', 'get_user_course_report', 'get_user_course_report_resumed', 'get_group_reporting', 'get_question_list', 'get_user_list_plugin_widescale', 'get_questions');
//5. Creating an obj to return a json
if (in_array($action, $allowed_actions)) {
$response = new \stdClass();
$response->page = $page;
$response->total = $total_pages;
$response->records = $count;
if ($operation && $operation == 'excel') {
$j = 1;
$array = array();
if (empty($column_names)) {
$column_names = $columns;
}
//Headers
foreach ($column_names as $col) {
$array[0][] = $col;
}
foreach ($result as $row) {
foreach ($columns as $col) {
$array[$j][] = strip_tags($row[$col]);
}
$j++;
}
switch ($export_format) {
case 'xls':
Export::export_table_xls($array, 'company_report');
break;
case 'csv':
default:
Export::export_table_csv($array, 'company_report');
break;
}
exit;
}
$i = 0;
if (!empty($result)) {
foreach ($result as $row) {
//print_r($row);
// if results tab give not id, set id to $i otherwise id="null" for all <tr> of the jqgrid - ref #4235
if (!isset($row['id']) || isset($row['id']) && $row['id'] == "") {
$response->rows[$i]['id'] = $i;
} else {
$response->rows[$i]['id'] = $row['id'];
}
$array = array();
foreach ($columns as $col) {
$array[] = isset($row[$col]) ? $row[$col] : null;
}
$response->rows[$i]['cell'] = $array;
$i++;
}
}
return json_encode($response);
}
}
/**
* @param int $userId
* @param int $workId
* @param int $courseId
* @return bool
*/
function allowOnlySubscribedUser($userId, $workId, $courseId)
{
if (ADD_DOCUMENT_TO_WORK == false) {
return true;
}
if (api_is_platform_admin() || api_is_allowed_to_edit()) {
return true;
}
if (userIsSubscribedToWork($userId, $workId, $courseId) == false) {
api_not_allowed(true);
}
}
/**
* Block students
*/
public static function block_students()
{
if (!api_is_allowed_to_edit()) {
api_not_allowed();
}
}
/**
*
* @return boolean
*/
public function forbidden()
{
api_not_allowed();
return false;
}
/**
* Limit the access to Session Admins wheen the limit_session_admin_role
* configuration variable is set to true
*/
function api_protect_limit_for_session_admin()
{
$limitAdmin = api_get_setting('session.limit_session_admin_role');
if (api_is_session_admin() && $limitAdmin === 'true') {
api_not_allowed(true);
}
}
/**
* Kind of controller
* @param string $action
*/
public function handleAction($action)
{
$page = $this->page;
switch ($action) {
case 'export_to_pdf':
if (isset($_GET['wiki_id'])) {
self::export_to_pdf($_GET['wiki_id'], api_get_course_id());
exit;
}
break;
case 'export2doc':
if (isset($_GET['wiki_id'])) {
$export2doc = self::export2doc($_GET['wiki_id']);
if ($export2doc) {
self::setMessage(Display::display_confirmation_message(get_lang('ThePageHasBeenExportedToDocArea'), false, true));
}
}
break;
case 'restorepage':
self::restorePage();
break;
case 'more':
self::getStatsTable();
break;
case 'statistics':
self::getStats();
break;
case 'mactiveusers':
self::getActiveUsers($action);
break;
case 'usercontrib':
self::getUserContributions($_GET['user_id'], $action);
break;
case 'mostchanged':
$this->getMostChangedPages($action);
break;
case 'mvisited':
self::getMostVisited();
break;
case 'wanted':
$this->getWantedPages();
break;
case 'orphaned':
self::getOrphaned();
break;
case 'mostlinked':
self::getMostLinked();
break;
case 'delete':
self::deletePageWarning($page);
break;
case 'deletewiki':
$title = '<div class="actions">' . get_lang('DeleteWiki') . '</div>';
if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) {
$message = get_lang('ConfirmDeleteWiki');
$message .= '<p>
<a href="index.php?' . api_get_cidreq() . '">' . get_lang('No') . '</a>
|
<a href="' . api_get_self() . '?' . api_get_cidreq() . '&action=deletewiki&delete=yes">' . get_lang('Yes') . '</a>
</p>';
if (!isset($_GET['delete'])) {
self::setMessage($title . Display::display_warning_message($message, false, true));
}
} else {
self::setMessage(Display::display_normal_message(get_lang("OnlyAdminDeleteWiki"), false, true));
}
if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) {
if (isset($_GET['delete']) && $_GET['delete'] == 'yes') {
$return_message = self::delete_wiki();
self::setMessage(Display::display_confirmation_message($return_message, false, true));
$this->redirectHome();
}
}
break;
case 'searchpages':
self::getSearchPages($action);
break;
case 'links':
self::getLinks($page);
break;
case 'addnew':
if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false, true) == false) {
api_not_allowed();
}
echo '<div class="actions">' . get_lang('AddNew') . '</div>';
echo '<br/>';
//first, check if page index was created. chektitle=false
if (self::checktitle('index')) {
if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) {
self::setMessage(Display::display_normal_message(get_lang('GoAndEditMainPage'), false, true));
} else {
self::setMessage(Display::display_normal_message(get_lang('WikiStandBy'), false, true));
}
} elseif (self::check_addnewpagelock() == 0 && (api_is_allowed_to_edit(false, true) == false || api_is_platform_admin() == false)) {
self::setMessage(Display::display_error_message(get_lang('AddPagesLocked'), false, true));
} else {
if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id()) || $_GET['group_id'] == 0) {
self::display_new_wiki_form();
} else {
self::setMessage(Display::display_normal_message(get_lang('OnlyAddPagesGroupMembers'), false, true));
}
}
break;
case 'show':
self::display_wiki_entry($page);
break;
case 'showpage':
self::display_wiki_entry($page);
break;
case 'edit':
self::editPage();
break;
case 'history':
self::getHistory();
break;
case 'recentchanges':
self::recentChanges($page, $action);
break;
case 'allpages':
self::allPages($action);
break;
case 'discuss':
self::getDiscuss($page);
break;
case 'export_to_doc_file':
self::exportTo($_GET['id'], 'odt');
exit;
break;
}
}
<?php
/* For licensing terms, see /license.txt */
//require_once '../inc/global.inc.php';
if (api_get_setting('platform_unsubscribe_allowed') != 'true') {
api_not_allowed();
}
$tool_name = get_lang('Unsubscribe');
$message = Display::return_message(get_lang('UnsubscribeFromPlatform'), 'warning');
$form = new FormValidator('user_add');
$form->addElement('button', 'submit', get_lang('Unsubscribe'), array('onclick' => "javascript:if(!confirm('" . addslashes(api_htmlentities(get_lang("UnsubscribeFromPlatformConfirm"))) . "')) return false;"));
$content = $form->returnForm();
if ($form->validate()) {
$user_info = api_get_user_info();
$result = UserManager::delete_user($user_info['user_id']);
if ($result) {
$message = Display::return_message(sprintf(get_lang('UnsubscribeFromPlatformSuccess', $user_info['username'])));
$content = null;
online_logout($user_info['user_id'], false);
api_not_allowed(true, $message);
}
}
//$tpl = new Template($tool_name);
echo $actions;
echo $message;
echo $content;
$this_section = SECTION_COURSES;
$nameTools = get_lang('GroupSpace');
$interbreadcrumb[] = array('url' => 'group.php', 'name' => get_lang('Groups'));
/* Ensure all private groups // Juan Carlos Raña Trabado */
$forums_of_groups = get_forums_of_group($current_group['id']);
$forum_state_public = 0;
if (is_array($forums_of_groups)) {
foreach ($forums_of_groups as $key => $value) {
if ($value['forum_group_public_private'] == 'public') {
$forum_state_public = 1;
}
}
}
if ($current_group['doc_state'] != 1 && $current_group['calendar_state'] != 1 && $current_group['work_state'] != 1 && $current_group['announcements_state'] != 1 && $current_group['wiki_state'] != 1 && $current_group['chat_state'] != 1 && $forum_state_public != 1) {
if (!api_is_allowed_to_edit(null, true) && !GroupManager::is_user_in_group($user_id, $group_id)) {
api_not_allowed($print_headers);
}
}
/*
* Register to group
*/
$subscribe_group = '';
if (GroupManager::is_self_registration_allowed($user_id, $current_group['id'])) {
$subscribe_group = '<a class="btn" href="' . api_get_self() . '?selfReg=1&group_id=' . $current_group['id'] . '" onclick="javascript: if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES)) . "'" . ')) return false;">' . get_lang("RegIntoGroup") . '</a>';
}
/*
* Unregister from group
*/
$unsubscribe_group = '';
if (GroupManager::is_self_unregistration_allowed($user_id, $current_group['id'])) {
$unsubscribe_group = '<a class="btn" href="' . api_get_self() . '?selfUnReg=1" onclick="javascript: if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES)) . "'" . ')) return false;">' . get_lang("StudentUnsubscribe") . '</a>';
$track_exercise_info = ExerciseLib::get_exercise_track_exercise_info($id);
//No track info
if (empty($track_exercise_info)) {
api_not_allowed($show_headers);
}
$exercise_id = $track_exercise_info['exe_exo_id'];
$student_id = $track_exercise_info['exe_user_id'];
$current_user_id = api_get_user_id();
$objExercise = new Exercise();
if (!empty($exercise_id)) {
$objExercise->read($exercise_id);
}
// Only users can see their own results
if (!$is_allowedToEdit) {
if ($student_id != $current_user_id) {
api_not_allowed($show_headers);
}
}
$htmlHeadXtra[] = '<link rel="stylesheet" href="' . api_get_path(WEB_LIBRARY_JS_PATH) . 'hotspot/css/hotspot.css">';
$htmlHeadXtra[] = '<script src="' . api_get_path(WEB_LIBRARY_JS_PATH) . 'hotspot/js/hotspot.js"></script>';
if ($show_headers) {
$interbreadcrumb[] = array("url" => "exercise.php?" . api_get_cidreq(), "name" => get_lang('Exercises'));
$interbreadcrumb[] = array("url" => "#", "name" => get_lang('Result'));
$this_section = SECTION_COURSES;
Display::display_header();
} else {
$htmlHeadXtra[] = "\n <style>\n body { background: none;}\n </style>\n ";
Display::display_reduced_header();
}
ExerciseLib::display_question_list_by_attempt($objExercise, $id, false);
if ($show_headers) {
/**
* Get the file contents for an assigment
* @param int $id
* @param array $course_info
* @param int Session ID
* @return array|bool
*/
function getFileContents($id, $course_info, $sessionId = 0)
{
$id = intval($id);
if (empty($course_info) || empty($id)) {
return false;
}
if (empty($sessionId)) {
$sessionId = api_get_session_id();
}
$tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
if (!empty($course_info['real_id'])) {
$sql = 'SELECT * FROM '.$tbl_student_publication.'
WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
$result = Database::query($sql);
if ($result && Database::num_rows($result)) {
$row = Database::fetch_array($result, 'ASSOC');
$full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];
$item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);
if (empty($item_info)) {
api_not_allowed();
}
/*
field show_score in table course :
0 => New documents are visible for all users
1 => New documents are only visible for the teacher(s)
field visibility in table item_property :
0 => eye closed, invisible for all students
1 => eye open
field accepted in table c_student_publication :
0 => eye closed, invisible for all students
1 => eye open
( We should have visibility == accepted, otherwise there is an
inconsistency in the Database)
field value in table c_course_setting :
0 => Allow learners to delete their own publications = NO
1 => Allow learners to delete their own publications = YES
+------------------+-------------------------+------------------------+
|Can download work?| doc visible for all = 0 | doc visible for all = 1|
+------------------+-------------------------+------------------------+
| visibility = 0 | editor only | editor only |
| | | |
+------------------+-------------------------+------------------------+
| visibility = 1 | editor | editor |
| | + owner of the work | + any student |
+------------------+-------------------------+------------------------+
(editor = teacher + admin + anybody with right api_is_allowed_to_edit)
*/
$work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
$doc_visible_for_all = ($course_info['show_score'] == 1);
$is_editor = api_is_allowed_to_edit(true, true, true);
$student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);
if ($is_editor ||
($student_is_owner_of_work) ||
($doc_visible_for_all && $work_is_visible)
) {
$title = $row['title'];
if (array_key_exists('filename', $row) && !empty($row['filename'])) {
$title = $row['filename'];
}
$title = str_replace(' ', '_', $title);
event_download($title);
if (Security::check_abs_path(
$full_file_name,
api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
) {
return array(
'path' => $full_file_name,
'title' => $title
);
}
}
}
}
return false;
}
* @package chamilo.document
*
* @author Juan Carlos Raña Trabado
* @since 5/mar/2011
*/
/**
* Code
*/
require_once '../../../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
api_protect_course_script();
api_block_anonymous_users();
if (!isset($_GET['filename']) || !isset($_GET['file_field'])) {
api_not_allowed(false);
exit;
}
$courseInfo = api_get_course_info();
$fileUpload = null;
if (is_uploaded_file($_FILES[$_GET['file_field']]['tmp_name'])) {
$fileUpload = $_FILES[$_GET['file_field']];
} else {
exit;
}
$output = false;
$documentData = DocumentManager::upload_document($_FILES, $_GET['path'], null, null, 0, 'overwrite', false, $output);
<?php
//require_once '../inc/global.inc.php';
if (isset($_REQUEST['uInfo'])) {
$url = api_get_path(WEB_CODE_PATH) . "social/profile.php?u=" . intval($_REQUEST['uInfo']);
header("Location: {$url}");
exit;
}
api_not_allowed('true');
/**
* Displays the form to create a new post
* @author Toon Keppens
*
* @param Integer $blog_id
*/
public static function display_form_new_post($blog_id)
{
if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
$form = new FormValidator('add_post', 'post', api_get_path(WEB_CODE_PATH) . "blog/blog.php?action=new_post&blog_id=" . $blog_id . "&" . api_get_cidreq(), null, array('enctype' => 'multipart/form-data'));
$form->addHidden('post_title_edited', 'false');
$form->addHeader(get_lang('NewPost'));
$form->addText('title', get_lang('Title'));
$config = array();
if (!api_is_allowed_to_edit()) {
$config['ToolbarSet'] = 'ProjectStudent';
} else {
$config['ToolbarSet'] = 'Project';
}
$form->addHtmlEditor('full_text', get_lang('Content'), false, false, $config);
$form->addFile('user_upload', get_lang('AddAnAttachment'));
$form->addTextarea('post_file_comment', get_lang('FileComment'));
$form->addHidden('new_post_submit', 'true');
$form->addButton('save', get_lang('Save'));
$form->display();
} else {
api_not_allowed();
}
}
/**
* Displays the form to create a new post
* @author Toon Keppens
*
* @param Integer $blog_id
*/
public static function display_form_new_post($blog_id)
{
if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
echo '<script type="text/javascript">
function FCKeditor_OnComplete( editorInstance )
{
editorInstance.Events.AttachEvent( \'OnSelectionChange\', check_for_title ) ;
}
function check_for_title()
{
// This functions shows that you can interact directly with the editor area
// DOM. In this way you have the freedom to do anything you want with it.
// Get the editor instance that we want to interact with.
var oEditor = FCKeditorAPI.GetInstance(\'post_full_text\') ;
// Get the Editor Area DOM (Document object).
var oDOM = oEditor.EditorDocument ;
var iLength ;
var contentText ;
var contentTextArray;
var bestandsnaamNieuw = "";
var bestandsnaamOud = "";
// The are two diffent ways to get the text (without HTML markups).
// It is browser specific.
if( document.all ) // If Internet Explorer.
{
contentText = oDOM.body.innerText ;
}
else // If Gecko.
{
var r = oDOM.createRange() ;
r.selectNodeContents( oDOM.body ) ;
contentText = r.toString() ;
}
// Compose title if there is none
contentTextArray = contentText.split(\' \') ;
var x=0;
for(x=0; (x<5 && x<contentTextArray.length); x++)
{
if(x < 4)
{
bestandsnaamNieuw += contentTextArray[x] + \' \';
}
else
{
bestandsnaamNieuw += contentTextArray[x] + \'...\';
}
}
if(document.getElementById(\'post_title_edited\').value == "false")
{
document.getElementById(\'post_title\').value = bestandsnaamNieuw;
}
}
function trim(s) {
while(s.substring(0,1) == \' \') {
s = s.substring(1,s.length);
}
while(s.substring(s.length-1,s.length) == \' \') {
s = s.substring(0,s.length-1);
}
return s;
}
function check_if_still_empty()
{
if(trim(document.getElementById(\'post_title\').value) != "")
{
document.getElementById(\'post_title_edited\').value = "true";
}
}
</script>';
echo '<form name="add_post" enctype="multipart/form-data" method="post" action="blog.php?action=new_post&blog_id=' . $blog_id . '">';
echo '<input type="hidden" name="post_title_edited" id="post_title_edited" value="false" />';
// form title
echo '<legend>' . get_lang('NewPost') . '</legend>';
// article title
echo '<div><span class="form_required">*</span>' . get_lang('Title') . ': <input name="post_title" id="post_title" type="text" size="60" onblur="check_if_still_empty()" /></div><br />';
// article text
$oFCKeditor = new FCKeditor('post_full_text');
$oFCKeditor->Width = '100%';
$oFCKeditor->Height = '200';
if (!api_is_allowed_to_edit()) {
$oFCKeditor->ToolbarSet = 'ProjectStudent';
} else {
$oFCKeditor->ToolbarSet = 'Project';
}
$oFCKeditor->Value = isset($_POST['post_full_text']) ? stripslashes($_POST['post_full_text']) : '';
echo '<div class="control-group">';
$oFCKeditor->Create();
echo '</div>';
// attachment
echo '<div class="control-group">
<label class="control-label">
' . get_lang('AddAnAttachment') . '
</label>
<div class="controls">
<input type="file" name="user_upload"/>
</div>
</div>';
// comment
echo '<div class="control-group">
<label class="control-label">
' . get_lang('FileComment') . '
</label>
<div class="controls">
<textarea name="post_file_comment" cols="34" /></textarea>
</div>
</div>';
// submit
echo '<div class="control-group">
<div class="controls">
<input type="hidden" name="action" value="" />
<input type="hidden" name="new_post_submit" value="true" />
<button class="save" type="submit" name="Submit">' . get_lang('Save') . '</button>
</div>
</div>';
echo '</form>';
} else {
api_not_allowed();
}
}
/**
* @param string $query
*
* @return Statement
*
* @throws \Doctrine\DBAL\DBALException
*/
public static function query($query)
{
$connection = self::getManager()->getConnection();
if (api_get_setting('server_type') == 'test') {
$result = $connection->executeQuery($query);
} else {
try {
$result = $connection->executeQuery($query);
} catch (Exception $e) {
error_log($e->getMessage());
api_not_allowed(false, get_lang('GeneralError'));
exit;
}
}
return $result;
}
/**
* @param $id
* @return bool
*/
public static function protect_teacher_session_edit($id)
{
if (!api_is_coach($id) && !api_is_platform_admin()) {
api_not_allowed(true);
} else {
return true;
}
}
header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php');
exit;
} else {
if (isset($_GET['u'])) {
//I'm your friend? I can see your profile?
$user_id = intval($_GET['u']);
if (api_is_anonymous($user_id, true)) {
api_not_allowed(true);
}
// It's me!
if (api_get_user_id() != $user_id) {
$user_info = api_get_user_info($user_id);
$show_full_profile = false;
if (!$user_info) {
// user does no exist !!
api_not_allowed(true);
} else {
//checking the relationship between me and my friend
$my_status = SocialManager::get_relation_between_contacts(api_get_user_id(), $user_id);
if (in_array($my_status, array(USER_RELATION_TYPE_PARENT, USER_RELATION_TYPE_FRIEND, USER_RELATION_TYPE_GOODFRIEND))) {
$show_full_profile = true;
}
//checking the relationship between my friend and me
$my_friend_status = SocialManager::get_relation_between_contacts($user_id, api_get_user_id());
if (in_array($my_friend_status, array(USER_RELATION_TYPE_PARENT, USER_RELATION_TYPE_FRIEND, USER_RELATION_TYPE_GOODFRIEND))) {
$show_full_profile = true;
} else {
// im probably not a good friend
$show_full_profile = false;
}
}
/**
* Displays the form to create a new post
* @author Toon Keppens
*
* @param Integer $blog_id
*/
public static function display_form_new_post($blog_id)
{
if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
$url = api_get_path(WEB_PUBLIC_PATH) . 'main/blog/blog.php?action=new_post&blog_id=' . $blog_id;
$form = new FormValidator('add_post', 'post', $url, null, array('enctype' => 'multipart/form-data'));
$form->addElement('header', get_lang('NewPost'));
$form->addElement('hidden', 'post_title_edited', 'false');
$form->addElement('hidden', 'new_post_submit', 'true');
self::setForm($form);
$form->display();
} else {
api_not_allowed();
}
}
