Example #1
0
 public function delete($id)
 {
     parent::delete($id);
     event_system(LOG_CAREER_DELETE, LOG_CAREER_ID, $id, api_get_utc_datetime(), api_get_user_id());
 }
 /**
  * Updates the group_rel_user table  with a given user and group ids
  * @author Julio Montoya
  * @param int  $user_id
  * @param int $group_id
  * @param int $relation_type
  *
  * @return bool
  **/
 public static function update_user_role($user_id, $group_id, $relation_type = GROUP_USER_PERMISSION_READER)
 {
     $table_group_rel_user = Database::get_main_table(TABLE_MAIN_USER_REL_GROUP);
     if (empty($user_id) || empty($group_id) || empty($relation_type)) {
         return false;
     }
     $group_id = intval($group_id);
     $user_id = intval($user_id);
     $sql = "UPDATE {$table_group_rel_user}\n   \t\t\t\tSET relation_type = " . intval($relation_type) . "\n   \t\t\t\tWHERE\n                    user_id = {$user_id} AND\n                    group_id = {$group_id}\n            ";
     Database::query($sql);
     event_system(LOG_GROUP_PORTAL_USER_UPDATE_ROLE, LOG_GROUP_PORTAL_REL_USER_ARRAY, array('user_id' => $user_id, 'group_id' => $group_id, 'relation_type' => $relation_type));
     return true;
 }
 /**
  * Updates a transaction using the given query parameters
  * @param array Query parameters
  * @return bool The result of the transaction row update
  */
 static function update_transaction($params)
 {
     //return false;
     $table = Database::get_main_table(TABLE_BRANCH_TRANSACTION);
     if (empty($params['id'])) {
         error_log('No transaction id provided during update_transaction');
         return false;
     }
     $params['time_update'] = api_get_utc_datetime();
     error_log("Transaction updated #{$params['id']} with status_id = {$params['status_id']}");
     //Failed - do something else
     if ($params['status_id'] == MigrationCustom::TRANSACTION_STATUS_FAILED) {
         //event_system($event_type, $event_value_type, $event_value, $datetime = null, $user_id = null, $course_code = null) {
         event_system('transaction_error', 'transaction_id', $params['id'], $params['time_update']);
     }
     return Database::update($table, $params, array('id = ?' => $params['id']));
 }
    /**
     * Delete sessions categories
     * @author Jhon Hinojosa <*****@*****.**>, from existing code
     * @param	array	id_checked
     * @param	bool	include delete session
     * @param	bool	optional, true if the function is called by a webservice, false otherwise.
     * @return	void	Nothing, or false on error
     * The parameters is a array to delete sessions
     * */
    public static function delete_session_category($id_checked, $delete_session = false, $from_ws = false)
    {
        $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
        $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
        if (is_array($id_checked)) {
            $id_checked = Database::escape_string(implode(',', $id_checked));
        } else {
            $id_checked = intval($id_checked);
        }

        //Setting session_category_id to 0
        $sql = "UPDATE $tbl_session SET session_category_id = 0
                WHERE session_category_id IN (" . $id_checked . ")";
        Database::query($sql);

        $sql = "SELECT id FROM $tbl_session WHERE session_category_id IN (" . $id_checked . ")";
        $result = Database::query($sql);
        while ($rows = Database::fetch_array($result)) {
            $session_id = $rows['id'];
            if ($delete_session) {
                if ($from_ws) {
                    SessionManager::delete_session($session_id, true);
                } else {
                    SessionManager::delete_session($session_id);
                }
            }
        }
        $sql = "DELETE FROM $tbl_session_category WHERE id IN (" . $id_checked . ")";
        Database::query($sql);

        // Add event to system log
        $user_id = api_get_user_id();
        event_system(
            LOG_SESSION_CATEGORY_DELETE,
            LOG_SESSION_CATEGORY_ID,
            $id_checked,
            api_get_utc_datetime(),
            $user_id
        );

        return true;
    }
Example #5
0
 switch ($_GET['category']) {
     case 'Regions':
         handle_regions();
         break;
     case 'Plugins':
         // Displaying the extensions: Plugins.
         // This will be available to all the sites (access_urls).
         $securityToken = isset($_GET['sec_token']) ? Security::remove_XSS($_GET['sec_token']) : null;
         if (isset($_POST['submit_dashboard_plugins']) && Security::check_token($securityToken)) {
             Security::clear_token();
             $affected_rows = DashboardManager::store_dashboard_plugins($_POST);
             if ($affected_rows) {
                 // add event to system log
                 $user_id = api_get_user_id();
                 $category = $_GET['category'];
                 event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id);
                 Display::display_confirmation_message(get_lang('DashboardPluginsHaveBeenUpdatedSucesslly'));
             }
         }
         echo '<script>
             $(function(){
                 $("#tabs").tabs();
             });
             </script>';
         echo '<div id="tabs">';
         echo '<ul>';
         echo '<li><a href="#tabs-1">' . get_lang('Plugins') . '</a></li>';
         echo '<li><a href="#tabs-2">' . get_lang('DashboardPlugins') . '</a></li>';
         echo '<li><a href="#tabs-3">' . get_lang('ConfigureExtensions') . '</a></li>';
         echo '</ul>';
         echo '<div id="tabs-1">';
 public function delete($id)
 {
 	if (parent::delete($id)) {
        SessionManager::clear_session_ref_promotion($id);
 	   event_system(LOG_PROMOTION_DELETE, LOG_PROMOTION_ID, $id, api_get_utc_datetime(), api_get_user_id());
     } else {
         return false;
     }
 }
    $sessionAction = new SessionAction();
    $selectedDocuments = $sessionAction->get();
    if (removeTrailingSlash($sessionAction->getFolder()) == getParentPath($_POST['original_path']) && sizeof($selectedDocuments)) {
        if (($key = array_search(basename($_POST['original_path']), $selectedDocuments)) !== false) {
            $selectedDocuments[$key] = $_POST['name'];
            $sessionAction->set($selectedDocuments);
        }
    } elseif (removeTrailingSlash($sessionAction->getFolder()) == removeTrailingSlash($_POST['original_path'])) {
        $sessionAction->setFolder($_POST['original_path']);
    }
    $path = addTrailingSlash(getParentPath($_POST['original_path'])) . $_POST['name'];
    if (is_file($path)) {
        include_once CLASS_FILE;
        $file = new file($path);
        $fileInfo = $file->getFileInfo();
        $fileInfo['mtime'] = date(DATE_TIME_FORMAT, $fileInfo['mtime']);
    } else {
        include_once CLASS_MANAGER;
        $manager = new manager($path, false);
        $fileInfo = $manager->getFolderInfo();
        $fileInfo['mtime'] = date(DATE_TIME_FORMAT, $fileInfo['mtime']);
    }
    event_system(LOG_MY_FOLDER_CHANGE, LOG_MY_FOLDER_PATH, $_POST['original_path']);
    event_system(LOG_MY_FOLDER_CHANGE, LOG_MY_FOLDER_NEW_PATH, $path);
}
echo "{";
echo "error:'" . $error . "' ";
foreach ($fileInfo as $k => $v) {
    echo "," . $k . ":'" . $v . "' ";
}
echo "}";
 /**
  * Disables or enables a user
  *
  * @param int user_id
  * @param int Enable or disable
  * @return void
  * @assert (-1,0) === false
  * @assert (1,1) === true
  */
 public static function change_active_state($user_id, $active, $send_email_if_activated = false)
 {
     $user_id = intval($user_id);
     $active = intval($active);
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
     $sql = "UPDATE {$table_user} SET active = '{$active}' WHERE user_id = '{$user_id}';";
     Database::query($sql);
     $log_event = LOG_USER_DEACTIVATED;
     if ($active == 1) {
         $log_event = LOG_USER_ACTIVATED;
         if ($send_email_if_activated) {
             $user_info = api_get_user_info($user_id);
             $recipient_name = api_get_person_name($user_info['firstname'], $user_info['lastname'], null, PERSON_NAME_EMAIL_ADDRESS);
             $emailsubject = '[' . api_get_setting('siteName') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('siteName');
             $emailbody = get_lang('Dear') . " " . stripslashes($recipient_name) . ",\n\n";
             $emailbody .= sprintf(get_lang('YourAccountOnXHasJustBeenApprovedByOneOfOurAdministrators'), api_get_setting('siteName')) . "\n";
             $emailbody .= sprintf(get_lang('YouCanNowLoginAtXUsingTheLoginAndThePasswordYouHaveProvided'), api_get_path(WEB_PATH)) . ",\n\n";
             $emailbody .= get_lang('HaveFun') . "\n\n";
             $emailbody .= get_lang('Problem') . "\n\n" . get_lang('Formula');
             $emailbody .= api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator');
             MessageManager::send_message_simple($user_id, $emailsubject, $emailbody);
         }
     }
     $user_info = api_get_user_info($user_id);
     event_system($log_event, LOG_USER_ID, $user_id, api_get_utc_datetime(), api_get_user_id());
     event_system($log_event, LOG_USER_OBJECT, $user_info, api_get_utc_datetime(), api_get_user_id());
 }
Example #9
0
 /**
  * function register_course to create a record in the course table of the main database
  * @param string    $course_sys_code
  * @param string    $course_screen_code
  * @param string    $course_repository
  * @param string    $course_db_name
  * @param string    $tutor_name
  * @param string    $category
  * @param string    $title              complete name of course
  * @param string    $course_language    lang for this course
  * @param string    $uid                uid of owner
  * @param integer                       Expiration date in unix time representation
  * @param array                         Optional array of teachers' user ID
  * @return int      0
  * @todo use an array called $params instead of lots of params
  */
 static function register_course($params)
 {
     global $error_msg, $firstExpirationDelay;
     $title = $params['title'];
     $code = $params['code'];
     $visual_code = $params['visual_code'];
     $directory = isset($params['directory']) ? $params['directory'] : null;
     $tutor_name = isset($params['tutor_name']) ? $params['tutor_name'] : null;
     //$description        = $params['description'];
     $category_code = isset($params['category_code']) ? $params['category_code'] : null;
     $course_language = isset($params['course_language']) && !empty($params['course_language']) ? $params['course_language'] : api_get_setting('platformLanguage');
     $user_id = empty($params['user_id']) ? api_get_user_id() : intval($params['user_id']);
     $department_name = isset($params['department_name']) ? $params['department_name'] : null;
     $department_url = isset($params['department_url']) ? $params['department_url'] : null;
     $disk_quota = isset($params['disk_quota']) ? $params['disk_quota'] : null;
     if (!isset($params['visibility'])) {
         $default_course_visibility = api_get_setting('courses_default_creation_visibility');
         if (isset($default_course_visibility)) {
             $visibility = $default_course_visibility;
         } else {
             $visibility = COURSE_VISIBILITY_OPEN_PLATFORM;
         }
     } else {
         $visibility = $params['visibility'];
     }
     $subscribe = isset($params['subscribe']) ? intval($params['subscribe']) : ($visibility == COURSE_VISIBILITY_OPEN_PLATFORM ? 1 : 0);
     $unsubscribe = isset($params['unsubscribe']) ? intval($params['unsubscribe']) : 0;
     $expiration_date = isset($params['expiration_date']) ? $params['expiration_date'] : null;
     $teachers = isset($params['teachers']) ? $params['teachers'] : null;
     $status = isset($params['status']) ? $params['status'] : null;
     $TABLECOURSE = Database::get_main_table(TABLE_MAIN_COURSE);
     $TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER);
     $ok_to_register_course = true;
     // Check whether all the needed parameters are present.
     if (empty($code)) {
         $error_msg[] = 'courseSysCode is missing';
         $ok_to_register_course = false;
     }
     if (empty($visual_code)) {
         $error_msg[] = 'courseScreenCode is missing';
         $ok_to_register_course = false;
     }
     if (empty($directory)) {
         $error_msg[] = 'courseRepository is missing';
         $ok_to_register_course = false;
     }
     if (empty($title)) {
         $error_msg[] = 'title is missing';
         $ok_to_register_course = false;
     }
     if (empty($expiration_date)) {
         $expiration_date = api_get_utc_datetime(time() + $firstExpirationDelay);
     } else {
         $expiration_date = api_get_utc_datetime($expiration_date);
     }
     if ($visibility < 0 || $visibility > 3) {
         $error_msg[] = 'visibility is invalid';
         $ok_to_register_course = false;
     }
     if (empty($disk_quota)) {
         $disk_quota = api_get_setting('default_document_quotum');
     }
     $time = api_get_utc_datetime();
     if (stripos($department_url, 'http://') === false && stripos($department_url, 'https://') === false) {
         $department_url = 'http://' . $department_url;
     }
     //just in case
     if ($department_url == 'http://') {
         $department_url = '';
     }
     $course_id = 0;
     if ($ok_to_register_course) {
         // Here we must add 2 fields.
         $sql = "INSERT INTO " . $TABLECOURSE . " SET\n                code            = '" . Database::escape_string($code) . "',\n                directory       = '" . Database::escape_string($directory) . "',\n                course_language = '" . Database::escape_string($course_language) . "',\n                title           = '" . Database::escape_string($title) . "',\n                description     = '" . Database::escape_string(get_lang('CourseDescription')) . "',\n                category_code   = '" . Database::escape_string($category_code) . "',\n                visibility      = '" . $visibility . "',\n                show_score      = '1',\n                disk_quota      = '" . intval($disk_quota) . "',\n                creation_date   = '{$time}',\n                expiration_date = '" . $expiration_date . "',\n                last_edit       = '{$time}',\n                last_visit      = NULL,\n                tutor_name      = '" . Database::escape_string($tutor_name) . "',\n                department_name = '" . Database::escape_string($department_name) . "',\n                department_url  = '" . Database::escape_string($department_url) . "',\n                subscribe       = '" . intval($subscribe) . "',\n                unsubscribe     = '" . intval($unsubscribe) . "',\n                visual_code     = '" . Database::escape_string($visual_code) . "'";
         Database::query($sql);
         $course_id = Database::insert_id();
         if ($course_id) {
             $sort = api_max_sort_value('0', api_get_user_id());
             $i_course_sort = CourseManager::userCourseSort($user_id, $code);
             if (!empty($user_id)) {
                 $sql = "INSERT INTO " . $TABLECOURSUSER . " SET\n                            c_id     = '" . Database::escape_string($course_id) . "',\n                            user_id         = '" . intval($user_id) . "',\n                            status          = '1',\n                            role            = '" . Database::escape_string(get_lang('Professor')) . "',\n                            tutor_id        = '0',\n                            sort            = '" . $i_course_sort . "',\n                            user_course_cat = '0'";
                 Database::query($sql);
             }
             if (!empty($teachers)) {
                 if (!is_array($teachers)) {
                     $teachers = array($teachers);
                 }
                 foreach ($teachers as $key) {
                     //just in case
                     if ($key == $user_id) {
                         continue;
                     }
                     if (empty($key)) {
                         continue;
                     }
                     $sql = "INSERT INTO " . $TABLECOURSUSER . " SET\n                            course_code     = '" . Database::escape_string($code) . "',\n                            user_id         = '" . Database::escape_string($key) . "',\n                            status          = '1',\n                            role            = '',\n                            tutor_id        = '0',\n                            sort            = '" . ($sort + 1) . "',\n                            user_course_cat = '0'";
                     Database::query($sql);
                 }
             }
             // Adding the course to an URL
             if (api_is_multiple_url_enabled()) {
                 $url_id = 1;
                 if (api_get_current_access_url_id() != -1) {
                     $url_id = api_get_current_access_url_id();
                 }
                 UrlManager::add_course_to_url($course_id, $url_id);
             } else {
                 UrlManager::add_course_to_url($course_id, 1);
             }
             // Add event to the system log.
             $user_id = api_get_user_id();
             event_system(LOG_COURSE_CREATE, LOG_COURSE_CODE, $code, api_get_utc_datetime(), $user_id, $code);
             $send_mail_to_admin = api_get_setting('send_email_to_admin_when_create_course');
             // @todo Improve code to send to all current portal administrators.
             if ($send_mail_to_admin == 'true') {
                 $siteName = api_get_setting('siteName');
                 $recipient_email = api_get_setting('emailAdministrator');
                 $recipient_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'));
                 $iname = api_get_setting('Institution');
                 $subject = get_lang('NewCourseCreatedIn') . ' ' . $siteName . ' - ' . $iname;
                 $message = get_lang('Dear') . ' ' . $recipient_name . ",\n\n" . get_lang('MessageOfNewCourseToAdmin') . ' ' . $siteName . ' - ' . $iname . "\n";
                 $message .= get_lang('CourseName') . ' ' . $title . "\n";
                 $message .= get_lang('Category') . ' ' . $category_code . "\n";
                 $message .= get_lang('Tutor') . ' ' . $tutor_name . "\n";
                 $message .= get_lang('Language') . ' ' . $course_language;
                 @api_mail_html($recipient_name, $recipient_email, $subject, $message, $siteName, $recipient_email);
             }
         }
     }
     return $course_id;
 }
                            if ($current_session_id == 0) {
                                $chamiloFolder = '/shared_folder/sf_user_' . api_get_user_id() . $chamiloFolder;
                            } else {
                                $chamiloFolder = '/shared_folder_session_' . $current_session_id . '/sf_user_' . api_get_user_id() . $chamiloFolder;
                            }
                        }
                    }
                    $doc_id = add_document($_course, $chamiloFolder, 'file', $chamiloFileSize, $chamiloFile);
                    //get Chamilo
                    $current_session_id = api_get_session_id();
                    api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', api_get_user_id(), api_get_group_id(), null, null, null, $current_session_id);
                    //get Chamilo
                }
                // end bridge
                $obj->close();
                foreach ($tem as $k => $v) {
                    $info .= sprintf(", %s:'%s'", $k, $v);
                }
                $info .= sprintf(", url:'%s'", getFileUrl($path));
                $info .= sprintf(", tipedit:'%s'", TIP_DOC_RENAME);
                // Log to TRACK_E_DEFAULT
                event_system(LOG_MY_FOLDER_UPLOAD, LOG_MY_FOLDER_PATH, $fullPath);
            } else {
                $error = ERR_FILE_NOT_AVAILABLE;
            }
        }
    }
}
echo "error:'" . $error . "'";
echo $info;
echo "}";
Example #11
0
 /**
  * Delete a course
  * This function deletes a whole course-area from the platform. When the
  * given course is a virtual course, the database and directory will not be
  * deleted.
  * When the given course is a real course, also all virtual courses refering
  * to the given course will be deleted.
  * Considering the fact that we remove all traces of the course in the main
  * database, it makes sense to remove all tracking as well (if stats databases exist)
  * so that a new course created with this code would not use the remains of an older
  * course.
  *
  * @param string The code of the course to delete
  * @todo When deleting a virtual course: unsubscribe users from that virtual
  * course from the groups in the real course if they are not subscribed in
  * that real course.
  * @todo Remove globals
  */
 public static function delete_course($code)
 {
     $table_course = Database::get_main_table(TABLE_MAIN_COURSE);
     $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
     //$table_course_class                 = Database::get_main_table(TABLE_MAIN_COURSE_CLASS);
     $table_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
     $table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
     $table_course_survey = Database::get_main_table(TABLE_MAIN_SHARED_SURVEY);
     $table_course_survey_question = Database::get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION);
     $table_course_survey_question_option = Database::get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
     $table_course_rel_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
     $table_stats_hotpots = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_HOTPOTATOES);
     $table_stats_attempt = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT);
     $table_stats_exercises = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES);
     $table_stats_access = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ACCESS);
     $table_stats_lastaccess = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS);
     $table_stats_course_access = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
     $table_stats_online = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
     $table_stats_default = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_DEFAULT);
     $table_stats_downloads = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_DOWNLOADS);
     $table_stats_links = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LINKS);
     $table_stats_uploads = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_UPLOADS);
     $codeFiltered = Database::escape_string($code);
     $sql = "SELECT * FROM {$table_course} WHERE code='" . $codeFiltered . "'";
     $res = Database::query($sql);
     if (Database::num_rows($res) == 0) {
         return;
     }
     $count = 0;
     if (api_is_multiple_url_enabled()) {
         require_once api_get_path(LIBRARY_PATH) . 'urlmanager.lib.php';
         $url_id = 1;
         if (api_get_current_access_url_id() != -1) {
             $url_id = api_get_current_access_url_id();
         }
         UrlManager::delete_url_rel_course($code, $url_id);
         $count = UrlManager::getcountUrlRelCourse($code);
     }
     if ($count == 0) {
         self::create_database_dump($code);
         if (!self::is_virtual_course_from_system_code($code)) {
             // If this is not a virtual course, look for virtual courses that depend on this one, if any
             $virtual_courses = self::get_virtual_courses_linked_to_real_course($code);
             foreach ($virtual_courses as $index => $virtual_course) {
                 // Unsubscribe all classes from the virtual course
                 /*$sql = "DELETE FROM $table_course_class WHERE course_code='".$virtual_course['code']."'";
                   Database::query($sql);*/
                 // Unsubscribe all users from the virtual course
                 $sql = "DELETE FROM {$table_course_user} WHERE course_code='" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 // Delete the course from the sessions tables
                 $sql = "DELETE FROM {$table_session_course} WHERE course_code='" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_session_course_user} WHERE course_code='" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 // Delete the course from the survey tables
                 $sql = "DELETE FROM {$table_course_survey} WHERE course_code='" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 /*$sql = "DELETE FROM $table_course_survey_user WHERE db_name='".$virtual_course['db_name']."'";
                   Database::query($sql);
                   $sql = "DELETE FROM $table_course_survey_reminder WHERE db_name='".$virtual_course['db_name']."'";
                   Database::query($sql);*/
                 // Delete the course from the stats tables
                 $sql = "DELETE FROM {$table_stats_hotpots} WHERE exe_cours_id = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_attempt} WHERE course_code = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_exercises} WHERE exe_cours_id = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_access} WHERE access_cours_code = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_lastaccess} WHERE access_cours_code = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_course_access} WHERE course_code = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_online} WHERE course = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_default} WHERE default_cours_code = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_downloads} WHERE down_cours_id = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_links} WHERE links_cours_id = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 $sql = "DELETE FROM {$table_stats_uploads} WHERE upload_cours_id = '" . $virtual_course['code'] . "'";
                 Database::query($sql);
                 // Delete the course from the course table
                 $sql = "DELETE FROM {$table_course} WHERE code='" . $virtual_course['code'] . "'";
                 Database::query($sql);
             }
             $sql = "SELECT * FROM {$table_course} WHERE code='" . $codeFiltered . "'";
             $res = Database::query($sql);
             $course = Database::fetch_array($res);
             $course_tables = get_course_tables();
             //Cleaning c_x tables
             if (!empty($course['id'])) {
                 foreach ($course_tables as $table) {
                     $table = Database::get_course_table($table);
                     $sql = "DELETE FROM {$table} WHERE c_id = {$course['id']} ";
                     Database::query($sql);
                 }
             }
             $course_dir = api_get_path(SYS_COURSE_PATH) . $course['directory'];
             $archive_dir = api_get_path(SYS_ARCHIVE_PATH) . $course['directory'] . '_' . time();
             if (is_dir($course_dir)) {
                 rename($course_dir, $archive_dir);
             }
         }
         // Unsubscribe all classes from the course
         /*$sql = "DELETE FROM $table_course_class WHERE course_code='".$code."'";
           Database::query($sql);*/
         // Unsubscribe all users from the course
         $sql = "DELETE FROM {$table_course_user} WHERE course_code='" . $codeFiltered . "'";
         Database::query($sql);
         // Delete the course from the sessions tables
         $sql = "DELETE FROM {$table_session_course} WHERE course_code='" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_session_course_user} WHERE course_code='" . $codeFiltered . "'";
         Database::query($sql);
         // Delete from Course - URL
         $sql = "DELETE FROM {$table_course_rel_url} WHERE course_code = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = 'SELECT survey_id FROM ' . $table_course_survey . ' WHERE course_code="' . $codeFiltered . '"';
         $result_surveys = Database::query($sql);
         while ($surveys = Database::fetch_array($result_surveys)) {
             $survey_id = $surveys[0];
             $sql = 'DELETE FROM ' . $table_course_survey_question . ' WHERE survey_id="' . $survey_id . '"';
             Database::query($sql);
             $sql = 'DELETE FROM ' . $table_course_survey_question_option . ' WHERE survey_id="' . $survey_id . '"';
             Database::query($sql);
             $sql = 'DELETE FROM ' . $table_course_survey . ' WHERE survey_id="' . $survey_id . '"';
             Database::query($sql);
         }
         // Delete the course from the stats tables
         $sql = "DELETE FROM {$table_stats_hotpots} WHERE exe_cours_id = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_attempt} WHERE course_code = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_exercises} WHERE exe_cours_id = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_access} WHERE access_cours_code = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_lastaccess} WHERE access_cours_code = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_course_access} WHERE course_code = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_online} WHERE course = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_default} WHERE default_cours_code = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_downloads} WHERE down_cours_id = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_links} WHERE links_cours_id = '" . $codeFiltered . "'";
         Database::query($sql);
         $sql = "DELETE FROM {$table_stats_uploads} WHERE upload_cours_id = '" . $codeFiltered . "'";
         Database::query($sql);
         // Delete the course from the database
         $sql = "DELETE FROM {$table_course} WHERE code='" . $codeFiltered . "'";
         Database::query($sql);
         // delete extra course fields
         $t_cf = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
         $t_cfv = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
         $sql = "SELECT distinct field_id FROM {$t_cfv} WHERE course_code = '{$codeFiltered}'";
         $res_field_ids = Database::query($sql);
         $field_ids = array();
         while ($row_field_id = Database::fetch_row($res_field_ids)) {
             $field_ids[] = $row_field_id[0];
         }
         // Delete from table_course_field_value from a given course_code
         $sql_course_field_value = "DELETE FROM {$t_cfv} WHERE course_code = '{$codeFiltered}'";
         Database::query($sql_course_field_value);
         $sql = "SELECT distinct field_id FROM {$t_cfv}";
         $res_field_all_ids = Database::query($sql);
         $field_all_ids = array();
         while ($row_field_all_id = Database::fetch_row($res_field_all_ids)) {
             $field_all_ids[] = $row_field_all_id[0];
         }
         if (is_array($field_ids) && count($field_ids) > 0) {
             foreach ($field_ids as $field_id) {
                 // check if field id is used into table field value
                 if (is_array($field_all_ids)) {
                     if (in_array($field_id, $field_all_ids)) {
                         continue;
                     } else {
                         $sql_course_field = "DELETE FROM {$t_cf} WHERE id = '{$field_id}'";
                         Database::query($sql_course_field);
                     }
                 }
             }
         }
         // Add event to system log
         $user_id = api_get_user_id();
         event_system(LOG_COURSE_DELETE, LOG_COURSE_CODE, $code, api_get_utc_datetime(), $user_id, $code);
     }
 }
Example #12
0
    $controller->logout();
}
/* Table definitions */
/* Constants and CONFIGURATION parameters */
/** @todo these configuration settings should move to the Chamilo config settings. */
/** Defines wether or not anonymous visitors can see a list of the courses on the Chamilo homepage that are open to the world. */
$_setting['display_courses_to_anonymous_users'] = 'true';
/* LOGIN */
/**
 * Registers in the track_e_default table (view in important activities in admin
 * interface) a possible attempted break in, sending auth data through get.
 * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it.
 */
if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
    $i = api_get_anonymous_id();
    event_system(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'] . (empty($_POST['login']) ? '' : '/' . $_POST['login']), null, $i);
    echo 'Attempted breakin - sysadmins notified.';
    session_destroy();
    die;
}
// Delete session neccesary for legal terms
if (api_get_setting('allow_terms_conditions') == 'true') {
    unset($_SESSION['term_and_condition']);
}
//If we are not logged in and customapages activated
if (!api_get_user_id() && CustomPages::enabled()) {
    if (Request::get('loggedout')) {
        CustomPages::display(CustomPages::LOGGED_OUT);
    } else {
        CustomPages::display(CustomPages::INDEX_UNLOGGED);
    }
Example #13
0
    /**
     * This function displays a wiki entry
     * @author Patrick Cool <*****@*****.**>, Ghent University
     * @author Juan Carlos Raña Trabado
     * @param string $newtitle
     * @return string html code
     **/
    public function display_wiki_entry($newtitle)
    {
        $tbl_wiki = $this->tbl_wiki;
        $tbl_wiki_conf = $this->tbl_wiki_conf;
        $condition_session = $this->condition_session;
        $groupfilter = $this->groupfilter;
        $page = $this->page;

        $session_id = api_get_session_id();
        $course_id = api_get_course_int_id();

        if ($newtitle) {
            $pageMIX = $newtitle; //display the page after it is created
        } else {
            $pageMIX = $page;//display current page
        }

        $filter = null;
        if (isset($_GET['view']) && $_GET['view']) {
            $_clean['view'] = Database::escape_string($_GET['view']);
            $filter =' AND w.id="'.$_clean['view'].'"';
        }

        //first, check page visibility in the first page version
        $sql = 'SELECT * FROM '.$tbl_wiki.'
                WHERE
                    c_id = '.$course_id.' AND
                    reflink="'.Database::escape_string($pageMIX).'" AND
                   '.$groupfilter.$condition_session.'
              ORDER BY id ASC';
        $result=Database::query($sql);
        $row = Database::fetch_array($result);
        $KeyVisibility=$row['visibility'];

        // second, show the last version
        $sql = 'SELECT * FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' wc
                ON (wc.page_id = w.page_id AND wc.c_id = w.c_id)
                WHERE
                    w.c_id 		  = '.$course_id.' AND
                    w.reflink	  = "'.Database::escape_string($pageMIX).'" AND
                    w.session_id  = '.$session_id.' AND
                    w.'.$groupfilter.'  '.$filter.'
                ORDER BY id DESC';

        $result = Database::query($sql);
        $row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version

        //log users access to wiki (page_id)
        if (!empty($row['page_id'])) {
            event_system(LOG_WIKI_ACCESS, LOG_WIKI_PAGE_ID, $row['page_id']);
        }
        //update visits
        if ($row['id']) {
            $sql='UPDATE '.$tbl_wiki.' SET hits=(hits+1) WHERE c_id = '.$course_id.' AND id='.$row['id'].'';
            Database::query($sql);
        }

        // if both are empty and we are displaying the index page then we display the default text.
        if ($row['content']=='' AND $row['title']=='' AND $page=='index') {
            if (api_is_allowed_to_edit(false,true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) {
                //Table structure for better export to pdf
                $default_table_for_content_Start='<table align="center" border="0"><tr><td align="center">';
                $default_table_for_content_End='</td></tr></table>';
                $content = $default_table_for_content_Start.sprintf(get_lang('DefaultContent'),api_get_path(WEB_IMG_PATH)).$default_table_for_content_End;
                $title=get_lang('DefaultTitle');
            } else {
                return self::setMessage(Display::display_normal_message(get_lang('WikiStandBy'), false, true));
            }
        } else {
            $content = Security::remove_XSS($row['content']);
            $title = Security::remove_XSS($row['title']);
        }

        //assignment mode: identify page type
        $icon_assignment = null;
        if ($row['assignment']==1) {
            $icon_assignment = Display::return_icon('wiki_assignment.png', get_lang('AssignmentDescExtra'),'',ICON_SIZE_SMALL);
        } elseif($row['assignment']==2) {
            $icon_assignment = Display::return_icon('wiki_work.png', get_lang('AssignmentWork'),'',ICON_SIZE_SMALL);
        }

        //task mode
        $icon_task = null;
        if (!empty($row['task'])) {
            $icon_task=Display::return_icon('wiki_task.png', get_lang('StandardTask'),'',ICON_SIZE_SMALL);
        }

        //Show page. Show page to all users if isn't hide page. Mode assignments: if student is the author, can view
        if ($KeyVisibility == "1" ||
            api_is_allowed_to_edit(false,true) ||
            api_is_platform_admin() ||
            ($row['assignment']==2 && $KeyVisibility=="0" && (api_get_user_id()==$row['user_id']))
        ) {
            echo '<div id="wikititle">';
            $protect_page = null;
            $lock_unlock_protect = null;
            // page action: protecting (locking) the page
            if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) {
                if (self::check_protect_page()==1) {
                    $protect_page = Display::return_icon('lock.png', get_lang('PageLockedExtra'),'',ICON_SIZE_SMALL);
                    $lock_unlock_protect='unlock';
                } else {
                    $protect_page = Display::return_icon('unlock.png', get_lang('PageUnlockedExtra'),'',ICON_SIZE_SMALL);
                    $lock_unlock_protect='lock';
                }
            }

            if ($row['id']) {
                echo '<span style="float:right;">';
                echo '<a href="index.php?action=showpage&amp;actionpage='.$lock_unlock_protect.'&amp;title='.api_htmlentities(urlencode($page)).'">'.$protect_page.'</a>';
                echo '</span>';
            }
            $visibility_page = null;
            $lock_unlock_visibility = null;
            //page action: visibility
            if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) {
                if (self::check_visibility_page() == 1) {
                    $visibility_page= Display::return_icon('visible.png', get_lang('ShowPageExtra'),'', ICON_SIZE_SMALL);
                    $lock_unlock_visibility='invisible';

                } else {
                    $visibility_page= Display::return_icon('invisible.png', get_lang('HidePageExtra'),'', ICON_SIZE_SMALL);
                    $lock_unlock_visibility='visible';
                }
            }

            if ($row['id']) {
                echo '<span style="float:right;">';
                echo '<a href="index.php?action=showpage&amp;actionpage='.$lock_unlock_visibility.'&amp;title='.api_htmlentities(urlencode($page)).'">'.$visibility_page.'</a>';
                echo '</span>';
            }

            //page action: notification
            if (api_is_allowed_to_session_edit()) {
                if (self::check_notify_page($page)==1) {
                    $notify_page= Display::return_icon('messagebox_info.png', get_lang('NotifyByEmail'),'',ICON_SIZE_SMALL);
                    $lock_unlock_notify_page='unlocknotify';
                } else {
                    $notify_page= Display::return_icon('mail.png', get_lang('CancelNotifyByEmail'),'',ICON_SIZE_SMALL);
                    $lock_unlock_notify_page='locknotify';
                }
            }

            echo '<span style="float:right;">';
            echo '<a href="index.php?action=showpage&amp;actionpage='.$lock_unlock_notify_page.'&amp;title='.api_htmlentities(urlencode($page)).'">'.$notify_page.'</a>';
            echo '</span>';

            //ONly available if row['id'] is set
            if ($row['id']) {
                //page action: export to pdf
                echo '<span style="float:right;">';
                echo '<form name="form_export2PDF" method="get" action="'.api_get_path(WEB_CODE_PATH).'wiki/index.php?'.api_get_cidreq().'" >';
                echo '<input type="hidden" name="action" value="export_to_pdf">';
                echo '<input type="hidden" name="wiki_id" value="'.$row['id'].'">';
                echo '<input type="image" src="'.api_get_path(WEB_IMG_PATH).'icons/22/pdf.png" border ="0" title="'.get_lang('ExportToPDF').'" alt="'.get_lang('ExportToPDF').'" style=" width:22px; border:none; margin-top: -9px">';
                echo '</form>';
                echo '</span>';

                // Page action: copy last version to doc area
                if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) {
                    echo '<span style="float:right;">';
                    echo '<form name="form_export2DOC" method="get" action="'.api_get_path(WEB_CODE_PATH).'wiki/index.php?'.api_get_cidreq().'" >';
                    echo '<input type=hidden name="action" value="export2doc">';
                    echo '<input type=hidden name="doc_id" value="'.$row['id'].'">';
                    echo '<input type="image" src="'.api_get_path(WEB_IMG_PATH).'icons/22/export_to_documents.png" border ="0" title="'.get_lang('ExportToDocArea').'" alt="'.get_lang('ExportToDocArea').'" style=" width:22px; border:none; margin-top: -6px">';
                    echo '</form>';
                    echo '</span>';
                }

                if (api_is_unoconv_installed()) {
                    echo '<span style="float:right;">';
                    echo '<a href="'.api_get_path(WEB_CODE_PATH).'wiki/index.php?action=export_to_doc_file&id='.$row['id'].'">'.
                        Display::return_icon('export_doc.png', get_lang('ExportToDoc'), array(), ICON_SIZE_SMALL).'</a>';
                    echo '</span>';
                }
            }

            //export to print
            ?>
            <script>
                function goprint() {
                    var a = window.open('','','width=800,height=600');
                    a.document.open("text/html");
                    a.document.write(document.getElementById('wikicontent').innerHTML);
                    a.document.close();
                    a.print();
                }
            </script>
            <?php
            echo '<span style="float:right; cursor: pointer;">';
            echo Display::return_icon('printer.png', get_lang('Print'),array('onclick' => "javascript: goprint();"),ICON_SIZE_SMALL);
            echo '</span>';

            if (empty($title)) {
                $title=get_lang('DefaultTitle');
            }

            if (self::wiki_exist($title)) {
                echo $icon_assignment.'&nbsp;'.$icon_task.'&nbsp;'.api_htmlentities($title);
            } else {
                echo api_htmlentities($title);
            }

            echo '</div>';
            echo '<div id="wikicontent">'. self::make_wiki_link_clickable(
                    self::detect_external_link(
                        self::detect_anchor_link(
                            self::detect_mail_link(
                                self::detect_ftp_link(
                                    self::detect_irc_link(
                                        self::detect_news_link($content)
                                    )
                                )
                            )
                        )
                    )
                ).'</div>';
            echo '<div id="wikifooter">'.get_lang('Progress').': '.($row['progress']*10).'%&nbsp;&nbsp;&nbsp;'.get_lang('Rating').': '.$row['score'].'&nbsp;&nbsp;&nbsp;'.get_lang('Words').': '.self::word_count($content).'</div>';
        } //end filter visibility
    }
    /**
     * Creates a new extra field
     * @param    string    Field's internal variable name
     * @param    int        Field's type
     * @param    string    Field's language var name
     * @param    string    Field's default value
     * @param    string    Optional comma-separated list of options to provide for select and radio
     * @return int     new user id - if the new user creation succeeds, false otherwise
     */
    public static function create_extra_field($fieldvarname, $fieldtype, $fieldtitle, $fielddefault, $fieldoptions = '')
    {
        // database table definition
        $table_field = Database::get_main_table(TABLE_MAIN_USER_FIELD);
        $table_field_options = Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);

        // First check wether the login already exists
        if (self::is_extra_field_available($fieldvarname)) {
            return api_set_failure('login-pass already taken');
        }
        $sql = "SELECT MAX(field_order) FROM $table_field";
        $res = Database::query($sql);
        $order = 0;
        if (Database::num_rows($res) > 0) {
            $row = Database::fetch_array($res);
            $order = $row[0] + 1;
        }
        $time = time();
        $sql = "INSERT INTO $table_field
                SET field_type = '".Database::escape_string($fieldtype)."',
                field_variable = '".Database::escape_string($fieldvarname)."',
                field_display_text = '".Database::escape_string($fieldtitle)."',
                field_default_value = '".Database::escape_string($fielddefault)."',
                field_order = '$order',
                tms = FROM_UNIXTIME($time)";
        $result = Database::query($sql);
        if ($result) {
            //echo "id returned";
            $return = Database::insert_id();
            event_system(LOG_USER_FIELD_CREATE, LOG_USER_FIELD_VARIABLE, Database::escape_string($fieldvarname));
        } else {
            //echo "false - failed" ;
            return false;
        }

        if (!empty($fieldoptions) && in_array($fieldtype, array(self::USER_FIELD_TYPE_RADIO, self::USER_FIELD_TYPE_SELECT, self::USER_FIELD_TYPE_SELECT_MULTIPLE, self::USER_FIELD_TYPE_DOUBLE_SELECT))) {
            if ($fieldtype == self::USER_FIELD_TYPE_DOUBLE_SELECT) {
                $twolist = explode('|', $fieldoptions);
                $counter = 0;
                foreach ($twolist as $individual_list) {
                    $splitted_individual_list = explode(';', $individual_list);
                    foreach ($splitted_individual_list as $individual_list_option) {
                        //echo 'counter:'.$counter;
                        if ($counter == 0) {
                            $list[] = $individual_list_option;
                        } else {
                            $list[] = str_repeat('*', $counter).$individual_list_option;
                        }
                    }
                    $counter++;
                }
            } else {
                $list = explode(';', $fieldoptions);
            }
            foreach ($list as $option) {
                $option = Database::escape_string($option);
                $sql = "SELECT * FROM $table_field_options WHERE field_id = $return AND option_value = '".$option."'";
                $res = Database::query($sql);
                if (Database::num_rows($res) > 0) {
                    //the option already exists, do nothing
                } else {
                    $sql = "SELECT MAX(option_order) FROM $table_field_options WHERE field_id = $return";
                    $res = Database::query($sql);
                    $max = 1;
                    if (Database::num_rows($res) > 0) {
                        $row = Database::fetch_array($res);
                        $max = $row[0] + 1;
                    }
                    $time = time();
                    $sql = "INSERT INTO $table_field_options (field_id,option_value,option_display_text,option_order,tms)
                            VALUES ($return,'$option','$option',$max,FROM_UNIXTIME($time))";
                    $res = Database::query($sql);
                    if ($res === false) {
                        $return = false;
                    }
                }
            }
        }
        return $return;
    }
<?php

/* For licensing terms, see /license.txt */
/**
 * @author Logan Cai (cailongqun [at] yahoo [dot] com [dot] cn)
 * @link www.phpletter.com
 * @since 22/April/2007
 *
 */
require_once '../../../../../../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH) . 'fckeditor/editor/plugins/ajaxfilemanager/inc/config.php';
$error = "";
$info = '';
if (CONFIG_SYS_VIEW_ONLY || !CONFIG_OPTIONS_COPY) {
    $error = SYS_DISABLED;
} elseif (!isset($_POST['selectedDoc']) || !is_array($_POST['selectedDoc']) || sizeof($_POST['selectedDoc']) < 1) {
    $error = ERR_NOT_DOC_SELECTED_FOR_COPY;
} elseif (empty($_POST['currentFolderPath']) || !isUnderRoot($_POST['currentFolderPath'])) {
    $error = ERR_FOLDER_PATH_NOT_ALLOWED;
} else {
    require_once CLASS_SESSION_ACTION;
    $sessionAction = new SessionAction();
    $sessionAction->setAction($_POST['action_value']);
    $sessionAction->setFolder($_POST['currentFolderPath']);
    $sessionAction->set($_POST['selectedDoc']);
    $info = ',num:' . sizeof($_POST['selectedDoc']);
    foreach ($_POST['selectedDoc'] as $doc) {
        event_system(LOG_MY_FOLDER_COPY, LOG_MY_FOLDER_PATH, $doc);
    }
}
echo "{error:'" . $error . "'\n" . $info . "}";
                $sql = "UPDATE {$user_table} SET active='" . $status . "' WHERE user_id='" . $user_id . "'";
                $result = Database::query($sql);
                //Send and email if account is active
                if ($status == 1) {
                    $user_info = api_get_user_info($user_id);
                    $recipient_name = api_get_person_name($user_info['firstname'], $user_info['lastname'], null, PERSON_NAME_EMAIL_ADDRESS);
                    $emailsubject = '[' . api_get_setting('siteName') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('siteName');
                    $email_admin = api_get_setting('emailAdministrator');
                    $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
                    $emailbody = get_lang('Dear') . " " . stripslashes($recipient_name) . ",\n\n";
                    $emailbody .= sprintf(get_lang('YourAccountOnXHasJustBeenApprovedByOneOfOurAdministrators'), api_get_setting('siteName')) . "\n";
                    $emailbody .= sprintf(get_lang('YouCanNowLoginAtXUsingTheLoginAndThePasswordYouHaveProvided'), api_get_path(WEB_PATH)) . ",\n\n";
                    $emailbody .= get_lang('HaveFun') . "\n\n";
                    //$emailbody.=get_lang('Problem'). "\n\n". get_lang('SignatureFormula');
                    $emailbody .= api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname')) . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator');
                    $additionalParameters = array('smsType' => ClockworksmsPlugin::ACCOUNT_APPROVED_CONNECT, 'userId' => $user_id);
                    $result = api_mail($recipient_name, $user_info['mail'], $emailsubject, $emailbody, $sender_name, $email_admin, '', $additionalParameters);
                    event_system(LOG_USER_ENABLE, LOG_USER_ID, $user_id);
                } else {
                    event_system(LOG_USER_DISABLE, LOG_USER_ID, $user_id);
                }
                echo $status;
            }
        } else {
            echo '-1';
        }
        break;
    default:
        echo '';
}
exit;
 /**
  * Set platform language
  * @param Integer The language id
  * @return void()
  */
 public static function set_platform_language($language_id)
 {
     if (empty($language_id) or intval($language_id) != $language_id) {
         return false;
     }
     $tbl_admin_languages = Database::get_main_table(TABLE_MAIN_LANGUAGE);
     $tbl_settings_current = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT);
     $sql_update = "SELECT english_name FROM " . $tbl_admin_languages . " WHERE id='" . Database::escape_string($language_id) . "'";
     $result = Database::query($sql_update);
     $lang = Database::fetch_array($result);
     $sql_update_2 = "UPDATE " . $tbl_settings_current . " SET selected_value='" . $lang['english_name'] . "' WHERE variable='platformLanguage'";
     $result_2 = Database::query($sql_update_2);
     event_system(LOG_PLATFORM_LANGUAGE_CHANGE, LOG_PLATFORM_LANGUAGE, $lang['english_name']);
     return $result_2 !== false;
 }
 /**
  * Cleans the student's results only for the Exercise tool (Not from the LP)
  * The LP results are NOT deleted by default, otherwise put $cleanLpTests = true
  * Works with exercises in sessions
  * @param bool $cleanLpTests
  * @param string $cleanResultBeforeDate
  *
  * @return int quantity of user's exercises deleted
  */
 public function clean_results($cleanLpTests = false, $cleanResultBeforeDate = null)
 {
     $table_track_e_exercises = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES);
     $table_track_e_attempt = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT);
     $sql_where = '  AND
                     orig_lp_id = 0 AND
                     orig_lp_item_id = 0';
     // if we want to delete results from LP too
     if ($cleanLpTests) {
         $sql_where = "";
     }
     // if we want to delete attempts before date $cleanResultBeforeDate
     // $cleanResultBeforeDate must be a valid UTC-0 date yyyy-mm-dd
     if (!empty($cleanResultBeforeDate)) {
         $cleanResultBeforeDate = Database::escape_string($cleanResultBeforeDate);
         if (api_is_valid_date($cleanResultBeforeDate)) {
             $sql_where .= "  AND exe_date <= '{$cleanResultBeforeDate}' ";
         } else {
             return 0;
         }
     }
     $sql = "SELECT exe_id\n                FROM {$table_track_e_exercises}\n                WHERE\n                    exe_cours_id = '" . api_get_course_id() . "' AND\n                    exe_exo_id = " . $this->id . " AND\n                    session_id = " . api_get_session_id() . " " . $sql_where;
     $result = Database::query($sql);
     $exe_list = Database::store_result($result);
     // deleting TRACK_E_ATTEMPT table
     // check if exe in learning path or not
     $i = 0;
     if (is_array($exe_list) && count($exe_list) > 0) {
         foreach ($exe_list as $item) {
             $sql = "DELETE FROM {$table_track_e_attempt} WHERE exe_id = '" . $item['exe_id'] . "'";
             Database::query($sql);
             $i++;
         }
     }
     $session_id = api_get_session_id();
     // delete TRACK_E_EXERCICES table
     $sql = "DELETE FROM {$table_track_e_exercises}\n                WHERE exe_cours_id = '" . api_get_course_id() . "'\n                AND exe_exo_id = " . $this->id . "\n                {$sql_where}\n                AND session_id = " . $session_id . "";
     Database::query($sql);
     event_system(LOG_EXERCISE_RESULT_DELETE, LOG_EXERCISE_ID, $this->id, null, null, api_get_course_id(), $session_id);
     return $i;
 }
 include_once CLASS_FILE;
 $file = new file();
 //check if all files are allowed to cut or copy
 foreach ($selectedDocuments as $doc) {
     if (file_exists($doc) && isUnderRoot($doc)) {
         if (array_search(getRealPath($doc), $allDocs) === false || CONFIG_OVERWRITTEN) {
             if (CONFIG_OVERWRITTEN) {
                 $file->delete($doc);
             }
             if ($file->copyTo($doc, $_GET['current_folder_path'])) {
                 $finalPath = $destFolderPath . basename($doc);
                 $objFile = new file($finalPath);
                 $tem = $objFile->getFileInfo();
                 $obj = new manager($finalPath, false);
                 $fileType = $obj->getFileType($finalPath, is_dir($finalPath) ? true : false);
                 event_system(LOG_MY_FOLDER_PASTE, LOG_MY_FOLDER_PATH, $finalPath);
                 foreach ($fileType as $k => $v) {
                     $tem[$k] = $v;
                 }
                 /* 								foreach ($folderInfo as $k=>$v)
                            {
                            $tem['i_' . $k] = $v;
                            }
                            if($folderInfo['type'] == 'folder' && empty($folderInfo['subdir']) &&  empty($folderInfo['file']))
                            {
                            $tem['cssClass'] = 'folderEmpty';
                            } */
                 $tem['final_path'] = $finalPath;
                 $tem['path'] = backslashToSlash($finalPath);
                 $tem['type'] = is_dir($finalPath) ? 'folder' : 'file';
                 $tem['size'] = @transformFileSize($tem['size']);
/**
 * @param int $exe_id
 * @param int $user_id
 * @param string $course_code
 * @param int $question_id
 * @todo add session_id for 10
 */
function delete_attempt_hotspot($exe_id, $user_id, $course_code, $session_id = 0, $question_id)
{
    $table_track_attempt = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_HOTSPOT);
    $exe_id = intval($exe_id);
    $user_id = intval($user_id);
    $course_code = Database::escape_string($course_code);
    $session_id = intval($session_id);
    $question_id = intval($question_id);
    $sql = "DELETE FROM {$table_track_attempt}\n            WHERE hotspot_exe_id = {$exe_id} AND hotspot_user_id = {$user_id} AND hotspot_course_code = '{$course_code}' AND hotspot_question_id = {$question_id} ";
    Database::query($sql);
    event_system(LOG_QUESTION_RESULT_DELETE, LOG_EXERCISE_ATTEMPT_QUESTION_ID, $exe_id . '-' . $question_id, null, null, $course_code, $session_id);
}
                        //get Ajaxfilemanager
                        $chamiloPath = substr($fullPath, strlen($mainPath) - strlen($fullPath) - 1);
                        //find base_work_dir
                        $course_dir = $_course['path'] . "/document";
                        //get Chamilo
                        $sys_course_path = api_get_path(SYS_COURSE_PATH);
                        //get Chamilo
                        $base_work_dir = $sys_course_path . $course_dir;
                        // sample c:/xampp/htdocs/chamilo2009beta/courses/JUAN2009/document
                        //delete file
                        if (!$is_allowed_to_edit && DocumentManager::check_readonly($_course, api_get_user_id(), $chamiloPath)) {
                            $error = get_lang('CantDeleteReadonlyFiles');
                            //From Chamilo to Ajaxfilemanager
                        } else {
                            $deleted = DocumentManager::delete_document($_course, $chamiloPath, $base_work_dir);
                            //deleted by Chamilo
                            //$file->delete($doc); // disabled deleted by ajaxfilemanager
                        }
                    } else {
                        $file->delete($doc);
                        //deleted by ajaxfilemanager
                        event_system(LOG_USER_PERSONAL_DOC_DELETED, 'document_path', $doc);
                        event_system(LOG_MY_FOLDER_DELETE, LOG_MY_FOLDER_PATH, $doc);
                    }
                    //////end bridge to Chamilo
                }
            }
        }
    }
}
echo "{error:'" . $error . "'}";
/**
 * Wrapper for the templates
 *
 * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium
 * @author Julio Montoya.
 * @version August 2008
 * @since Dokeos 1.8.6
 */
function handle_templates()
{
    $action = isset($_GET['action']) ? $_GET['action'] : null;
    if ($action != 'add') {
        echo '<div class="actions" style="margin-left: 1px;">';
        echo '<a href="settings.php?category=Templates&amp;action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>';
        echo '</div>';
    }
    if ($action == 'add' || $action == 'edit' && is_numeric($_GET['id'])) {
        add_edit_template();
        // Add event to the system log.
        $user_id = api_get_user_id();
        $category = $_GET['category'];
        event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id);
    } else {
        if ($action == 'delete' && is_numeric($_GET['id'])) {
            delete_template($_GET['id']);
            // Add event to the system log
            $user_id = api_get_user_id();
            $category = $_GET['category'];
            event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id);
        }
        display_templates();
    }
}
 function lock_all_items($locked)
 {
     if (api_get_setting('gradebook_locking_enabled') == 'true') {
         $this->lock($locked);
         $evals_to_lock = $this->get_evaluations();
         if (!empty($evals_to_lock)) {
             foreach ($evals_to_lock as $item) {
                 $item->lock($locked);
             }
         }
         $link_to_lock = $this->get_links();
         if (!empty($link_to_lock)) {
             foreach ($link_to_lock as $item) {
                 $item->lock($locked);
             }
         }
         $event_type = LOG_GRADEBOOK_UNLOCKED;
         if ($locked == 1) {
             $event_type = LOG_GRADEBOOK_LOCKED;
         }
         event_system($event_type, LOG_GRADEBOOK_ID, $this->id);
     }
 }
                                 $fpo = fopen($homePath . $menuf . $ext, 'w');
                                 fputs($fpo, $home_menu);
                                 fclose($fpo);
                             }
                         }
                     } else {
                         $errorMsg = get_lang('HomePageFilesNotWritable');
                     }
                 } else {
                     //File does not exist
                     $fp = fopen($homePath . $menuf . '_' . $lang . $ext, 'w');
                     fputs($fp, $home_menu);
                     fclose($fp);
                 }
             }
             event_system(LOG_HOMEPAGE_CHANGED, $action, Text::cut($link_name . ':' . $link_url, 254), api_get_utc_datetime(), api_get_user_id());
             break;
     }
     //end of switch($action)
     if (empty($errorMsg)) {
         header('Location: ' . api_get_self());
         exit;
     }
 } else {
     //if POST[formSent] is not set
     switch ($action) {
         case 'open_link':
             // Previously, filtering of GET['link'] was done here but it left
             // a security threat. Filtering has now been moved outside conditions
             break;
         case 'delete_tabs':
 /**
  * Delete sessions categories
  * @author Jhon Hinojosa <*****@*****.**>, from existing code
  * @param    array    id_checked
  * @param    bool    include delete session
  * @param    bool    optional, true if the function is called by a webservice, false otherwise.
  * @return    void    Nothing, or false on error
  * The parameters is a array to delete sessions
  **/
 public static function delete_session_category($id_checked, $delete_session = false, $from_ws = false)
 {
     $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
     $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
     if (is_array($id_checked)) {
         $id_checked = Database::escape_string(implode(',', $id_checked));
     } else {
         $id_checked = intval($id_checked);
     }
     //Setting session_category_id to 0
     $sql = "UPDATE {$tbl_session} SET session_category_id = 0 WHERE session_category_id IN (" . $id_checked . ")";
     Database::query($sql);
     $sql = "SELECT id FROM {$tbl_session} WHERE session_category_id IN (" . $id_checked . ")";
     $result = @Database::query($sql);
     while ($rows = Database::fetch_array($result)) {
         $session_id = $rows['id'];
         if ($delete_session) {
             if ($from_ws) {
                 SessionManager::delete_session($session_id, true);
             } else {
                 SessionManager::delete_session($session_id);
             }
         }
     }
     $sql = "DELETE FROM {$tbl_session_category} WHERE id IN (" . $id_checked . ")";
     $rs = Database::query($sql);
     $result = Database::affected_rows($rs);
     // Add event to system log
     $user_id = api_get_user_id();
     event_system(LOG_SESSION_CATEGORY_DELETE, LOG_SESSION_CATEGORY_ID, $id_checked, api_get_utc_datetime(), $user_id);
     // delete extra session fields where field variable is "PERIODO"
     $t_sf = Database::get_main_table(TABLE_MAIN_SESSION_FIELD);
     $t_sfv = Database::get_main_table(TABLE_MAIN_SESSION_FIELD_VALUES);
     $sql = "SELECT t_sfv.field_id FROM {$t_sfv} t_sfv, {$t_sf} t_sf  WHERE t_sfv.session_id = '{$id_checked}' AND t_sf.field_variable = 'PERIODO' ";
     $rs_field = Database::query($sql);
     $field_id = 0;
     if (Database::num_rows($rs_field) > 0) {
         $row_field = Database::fetch_row($rs_field);
         $field_id = $row_field[0];
         $sql_delete_sfv = "DELETE FROM {$t_sfv} WHERE session_id = '{$id_checked}' AND field_id = '{$field_id}'";
         $rs_delete_sfv = Database::query($sql_delete_sfv);
     }
     $sql = "SELECT * FROM {$t_sfv} WHERE field_id = '{$field_id}' ";
     $rs_field_id = Database::query($sql);
     if (Database::num_rows($rs_field_id) == 0) {
         $sql_delete_sf = "DELETE FROM {$t_sf} WHERE id = '{$field_id}'";
         $rs_delete_sf = Database::query($sql_delete_sf);
     }
     return true;
 }
//Chamilo improve security
if (CONFIG_SYS_VIEW_ONLY || !CONFIG_OPTIONS_NEWFOLDER) {
    $error = SYS_DISABLED;
} elseif (empty($_POST['new_folder'])) {
    $error = ERR_FOLDER_NAME_EMPTY;
} elseif (!preg_match("/^[a-zA-Z0-9_\\- ]+\$/", $_POST['new_folder'])) {
    $error = ERR_FOLDER_FORMAT;
} elseif (empty($_POST['currentFolderPath']) || !isUnderRoot($_POST['currentFolderPath'])) {
    $error = ERR_FOLDER_PATH_NOT_ALLOWED;
} elseif (file_exists(addTrailingSlash($_POST['currentFolderPath']) . $_POST['new_folder'])) {
    $error = ERR_FOLDER_EXISTS;
} else {
    include_once CLASS_FILE;
    $file = new file();
    if ($file->mkdir(addTrailingSlash($_POST['currentFolderPath']) . $_POST['new_folder'], 0775)) {
        event_system(LOG_MY_FOLDER_CREATE, LOG_MY_FOLDER_PATH, $_POST['currentFolderPath'] . $_POST['new_folder']);
        include_once CLASS_MANAGER;
        $manager = new manager(addTrailingSlash($_POST['currentFolderPath']) . $_POST['new_folder'], false);
        $pathInfo = $manager->getFolderInfo(addTrailingSlash($_POST['currentFolderPath']) . $_POST['new_folder']);
        //bridge to Chamilo
        if (!empty($_course['path'])) {
            //only inside courses
            $mainPath = '../../../../../../../courses/' . $_course['path'] . '/document/';
            //get Chamilo
            $fullPath = $_POST['currentFolderPath'] . $_POST['new_folder'];
            //get Ajaxfilemanager
            $chamiloPath = substr($fullPath, strlen($mainPath) - strlen($fullPath) - 1);
            $_POST['new_folder'] = str_replace('_', ' ', $_POST['new_folder']);
            //Restore for interaction with Chamilo. Because fix long names. See: ajaxfilemanager/inc/class.manager.php
            $chamiloFile = $_POST['new_folder'];
            //get Ajaxfilemanager