function search_users($needle, $type, $relation_type)
{
global $tbl_user, $tbl_user_rel_access_url, $tbl_group_rel_user, $group_id, $_configuration;
$xajax_response = new XajaxResponse();
$return = $return_origin = $return_destination = '';
$without_user_id = $without_user_id = $condition_relation = '';
if (!empty($group_id) && !empty($relation_type)) {
$group_id = intval($group_id);
$relation_type = intval($relation_type);
// get user_id from relation type and group id
$sql = "SELECT user_id FROM {$tbl_group_rel_user}\n\t\t\t\tWHERE group_id = '{$group_id}'\n\t\t\t\tAND relation_type IN (" . GROUP_USER_PERMISSION_ADMIN . "," . GROUP_USER_PERMISSION_READER . "," . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_MODERATOR . ", " . GROUP_USER_PERMISSION_HRM . ") ";
$res = Database::query($sql);
$user_ids = array();
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
$user_ids[] = $row[0];
}
$without_user_id = " AND user.user_id NOT IN(" . implode(',', $user_ids) . ") ";
}
if ($relation_type == GROUP_USER_PERMISSION_PENDING_INVITATION) {
$condition_relation = " AND groups.relation_type IN (" . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_READER . ") ";
} else {
$condition_relation = " AND groups.relation_type = '{$relation_type}' ";
}
// data for destination user list
$sql = "SELECT user.user_id, user.username, user.lastname, user.firstname\n\t\t\t\tFROM {$tbl_group_rel_user} groups\n\t\t\t\tINNER JOIN {$tbl_user} user ON user.user_id = groups.user_id\n\t\t\t\tWHERE groups.group_id = '{$group_id}' {$condition_relation} ";
$rs_destination = Database::query($sql);
if (Database::num_rows($rs_destination) > 0) {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($row = Database::fetch_array($rs_destination)) {
$person_name = api_get_person_name($row['firstname'], $row['lastname']);
$return_destination .= '<option value="' . $row['user_id'] . '">' . $person_name . ' (' . $row['username'] . ')</option>';
}
$return_destination .= '</select>';
} else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
}
$xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination));
} else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination));
if ($type == 'single') {
$return .= '';
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin));
}
}
if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$user_anonymous = api_get_anonymous_id();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
if ($type == 'single') {
if (!empty($group_id) && !empty($relation_type)) {
// search users where username or firstname or lastname begins likes $needle
$sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\tWHERE (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n\t\t\t\t\t\tAND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11";
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n\t\t\t\t\t\t\t\tWHERE access_url_id = '{$access_url_id}' AND (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n\t\t\t\t\t\t\t\tAND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11 ";
}
}
$rs_single = Database::query($sql);
$i = 0;
while ($user = Database::fetch_array($rs_single)) {
$i++;
if ($i <= 10) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return .= '<a href="javascript: void(0);" onclick="javascript: add_user(\'' . $user['user_id'] . '\',\'' . $person_name . ' (' . $user['username'] . ')' . '\')">' . $person_name . ' (' . $user['username'] . ')</a><br />';
} else {
$return .= '...<br />';
}
}
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
$xajax_response->addAlert(get_lang('YouMustChooseARelationType'));
$xajax_response->addClear('user_to_add', 'value');
}
} else {
// multiple
if (!empty($group_id) && !empty($relation_type)) {
$sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t WHERE " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%' AND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} ";
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n\t\t\t\t\t\t\t\tINNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n\t\t\t\t\t\t\t\tWHERE access_url_id = '{$access_url_id}'\n\t\t\t\t\t\t\t\tAND " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%'\n\t\t\t\t\t\t\t\tAND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} ";
}
}
$rs_multiple = Database::query($sql);
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($user = Database::fetch_array($rs_multiple)) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return_origin .= '<option value="' . $user['user_id'] . '">' . $person_name . ' (' . $user['username'] . ')</option>';
}
$return_origin .= '</select>';
$xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin));
}
}
}
return $xajax_response;
}
