function add_update_course($course_data, $isadmin = FALSE)
{
require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
global $addslashes;
global $db;
global $system_courses;
global $MaxCourseSize;
global $msg;
global $_config;
global $_config_defaults;
global $stripslashes;
$Backup = new Backup($db);
$missing_fields = array();
if ($course_data['title'] == '') {
$missing_fields[] = _AT('title');
}
if (!$course_data['instructor']) {
$missing_fields[] = _AT('instructor');
}
if ($missing_fields) {
$missing_fields = implode(', ', $missing_fields);
$msg->addError(array('EMPTY_FIELDS', $missing_fields));
}
$course_data['access'] = $addslashes($course_data['access']);
$course_data['title'] = $addslashes($course_data['title']);
$course_data['description'] = $addslashes($course_data['description']);
$course_data['hide'] = $addslashes($course_data['hide']);
$course_data['pri_lang'] = $addslashes($course_data['pri_lang']);
$course_data['created_date'] = $addslashes($course_data['created_date']);
$course_data['copyright'] = $addslashes($course_data['copyright']);
$course_data['icon'] = $addslashes($course_data['icon']);
$course_data['banner'] = $addslashes($course_data['banner']);
$course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']);
$course_data['course'] = intval($course_data['course']);
$course_data['notify'] = intval($course_data['notify']);
$course_data['hide'] = intval($course_data['hide']);
$course_data['instructor'] = intval($course_data['instructor']);
$course_data['category_parent'] = intval($course_data['category_parent']);
$course_data['rss'] = intval($course_data['rss']);
// Course directory name (aka course slug)
if ($course_data['course_dir_name'] != '') {
//validate the course_dir_name, allow only alphanumeric, underscore.
if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) {
$msg->addError('COURSE_DIR_NAME_INVALID');
}
//check if the course_dir_name is already being used
$sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'";
$num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE);
if (intval($num_of_dir['cnt']) > 0) {
$msg->addError('COURSE_DIR_NAME_IN_USE');
}
}
// Custom icon
if ($_FILES['customicon']['name'] != '') {
// Use custom icon instead if it exists
$course_data['icon'] = $addslashes($_FILES['customicon']['name']);
}
if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) {
// Check if filesize is too large for a POST
$msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes')));
}
if ($course_data['release_date']) {
$day_release = intval($course_data['day_release']);
$month_release = intval($course_data['month_release']);
$year_release = intval($course_data['year_release']);
$hour_release = intval($course_data['hour_release']);
$min_release = intval($course_data['min_release']);
if (!checkdate($month_release, $day_release, $year_release)) {
//or date is in the past
$msg->addError('RELEASE_DATE_INVALID');
}
if (strlen($month_release) == 1) {
$month_release = "0{$month_release}";
}
if (strlen($day_release) == 1) {
$day_release = "0{$day_release}";
}
if (strlen($hour_release) == 1) {
$hour_release = "0{$hour_release}";
}
if (strlen($min_release) == 1) {
$min_release = "0{$min_release}";
}
$release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00";
} else {
$release_date = "0000-00-00 00:00:00";
}
if ($course_data['end_date']) {
$day_end = intval($course_data['day_end']);
$month_end = intval($course_data['month_end']);
$year_end = intval($course_data['year_end']);
$hour_end = intval($course_data['hour_end']);
$min_end = intval($course_data['min_end']);
if (!checkdate($month_end, $day_end, $year_end)) {
//or date is in the past
$msg->addError('END_DATE_INVALID');
}
if (strlen($month_end) == 1) {
$month_end = "0{$month_end}";
}
if (strlen($day_end) == 1) {
$day_end = "0{$day_end}";
}
if (strlen($hour_end) == 1) {
$hour_end = "0{$hour_end}";
}
if (strlen($min_end) == 1) {
$min_end = "0{$min_end}";
}
$end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
} else {
$end_date = "0000-00-00 00:00:00";
}
$initial_content_info = explode('_', $course_data['initial_content'], 2);
//admin
$course_quotas = '';
if ($isadmin) {
$instructor = $course_data['instructor'];
$quota = intval($course_data['quota']);
$quota_entered = intval($course_data['quota_entered']);
$filesize = intval($course_data['filesize']);
$filesize_entered = intval($course_data['filesize_entered']);
//if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2)
if ($quota == '2') {
if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) {
$quota = AT_COURSESIZE_DEFAULT;
} else {
$quota = floatval($quota_entered);
$quota = megabytes_to_bytes($quota);
}
}
//if they checked 'other', set filesize=entered value, if it is empty or negative, set to default
if ($filesize == '2') {
if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) {
$filesize = AT_FILESIZE_DEFAULT;
$msg->addFeedback('COURSE_DEFAULT_FSIZE');
} else {
$filesize = floatval($filesize_entered);
$filesize = megabytes_to_bytes($filesize);
}
}
$course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',";
} else {
$instructor = $_SESSION['member_id'];
if (!$course_data['course']) {
$course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ",";
$row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]);
if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) {
if ($MaxCourseSize < $row['contents']['file_manager']) {
$msg->addError('RESTORE_TOO_BIG');
}
} else {
$initial_content_info = intval($course_data['initial_content']);
}
} else {
unset($initial_content_info);
$course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',";
}
}
if ($msg->containsErrors()) {
return FALSE;
}
//display defaults
if (!$course_data['course']) {
$menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'";
} else {
$menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\'';
}
$sql = "REPLACE INTO %scourses \n SET \n course_id=%d, \n member_id='%s', \n access='%s', \n title='%s', \n description='%s', \n course_dir_name='%s', \n cat_id=%d, \n content_packaging='%s', \n notify=%d, \n hide=%d, \n {$course_quotas}\n primary_language='%s',\n created_date='%s',\n rss=%d,\n copyright='%s',\n icon='%s',\n banner='%s',\n release_date='%s', \n end_date='%s' \n {$menu_defaults}";
$result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date));
if (!$result) {
echo at_db_error();
echo 'DB Error';
exit;
}
$new_course_id = $_SESSION['course_id'] = at_insert_id();
if (isset($isadmin)) {
global $sqlout;
write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout);
}
if (isset($isadmin)) {
//get current instructor and unenroll from course if different from POST instructor
$old_instructor = $system_courses[$course_data['course']]['member_id'];
if ($old_instructor != $course_data['instructor']) {
//remove old from course enrollment
$sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor));
global $sqlout;
write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
}
}
//enroll new instructor
$sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)";
$result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id));
if (isset($isadmin)) {
global $sqlout;
write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout);
}
// create the course content directory
$path = AT_CONTENT_DIR . $new_course_id . '/';
@mkdir($path, 0700);
@copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html');
// create the course backup directory
$path = AT_BACKUP_DIR . $new_course_id . '/';
@mkdir($path, 0700);
@copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html');
/* insert some default content: */
if (!$course_data['course_id'] && $course_data['initial_content'] == '1') {
$contentManager = new ContentManager($db, $new_course_id);
$contentManager->initContent();
$cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00'));
$announcement = _AT('default_announcement');
$sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement));
if ($isadmin) {
global $sqlout;
write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout);
}
} else {
if (!$course_data['course'] && count($initial_content_info) == 2) {
$Backup->setCourseID($new_course_id);
$Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]);
}
}
// custom icon, have to be after directory is created
if ($_FILES['customicon']['tmp_name'] != '') {
$course_data['comments'] = trim($course_data['comments']);
$owner_id = $_SESSION['course_id'];
$owner_type = "1";
if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) {
$msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
} else {
if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) {
$msg->addError('FILE_NOT_SELECTED');
} else {
if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) {
$msg->addError('FILE_NOT_SAVED');
}
}
}
if (!$msg->containsErrors()) {
$course_data['description'] = $addslashes(trim($course_data['description']));
$_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']);
if ($course_data['comments']) {
$num_comments = 1;
} else {
$num_comments = 0;
}
$path = AT_CONTENT_DIR . $owner_id . "/custom_icons/";
if (!is_dir($path)) {
@mkdir($path);
}
// if we can upload custom course icon, it means GD is enabled, no need to check extension again.
$gd_info = gd_info();
$supported_images = array();
if ($gd_info['GIF Create Support']) {
$supported_images[] = 'gif';
}
if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) {
$supported_images[] = 'jpg';
}
if ($gd_info['PNG Support']) {
$supported_images[] = 'png';
}
// check if this is a supported file type
$filename = $stripslashes($_FILES['customicon']['name']);
$path_parts = pathinfo($filename);
$extension = strtolower($path_parts['extension']);
$image_attributes = getimagesize($_FILES['customicon']['tmp_name']);
if ($extension == 'jpeg') {
$extension = 'jpg';
}
// resize the original but don't backup a copy.
$width = $image_attributes[0];
$height = $image_attributes[1];
$original_img = $_FILES['customicon']['tmp_name'];
$thumbnail_img = $path . $_FILES['customicon']['name'];
if ($width > $height && $width > 79) {
$thumbnail_height = intval(79 * $height / $width);
$thumbnail_width = 79;
if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
$msg->addError('FILE_NOT_SAVED');
}
} else {
if ($width <= $height && $height > 79) {
$thumbnail_height = 100;
$thumbnail_width = intval(100 * $width / $height);
if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
$msg->addError('FILE_NOT_SAVED');
}
} else {
// no resizing, just copy the image.
// it's too small to resize.
copy($original_img, $thumbnail_img);
}
}
} else {
$msg->addError('FILE_NOT_SAVED');
}
}
//----------------------------------------
/* delete the RSS feeds just in case: */
if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) {
@unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml');
}
if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) {
@unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml');
}
if ($isadmin) {
$_SESSION['course_id'] = -1;
}
$_SESSION['course_title'] = $stripslashes($course_data['title']);
return $new_course_id;
}
$_POST['address'] = $addslashes($_POST['address']);
$_POST['postal'] = $addslashes($_POST['postal']);
$_POST['city'] = $addslashes($_POST['city']);
$_POST['province'] = $addslashes($_POST['province']);
$_POST['country'] = $addslashes($_POST['country']);
$_POST['phone'] = $addslashes($_POST['phone']);
if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
$status = AT_STATUS_UNCONFIRMED;
} else {
$status = AT_STATUS_STUDENT;
}
$now = date('Y-m-d H:i:s');
// we use this later for the email confirmation.
/* insert into the db */
$sql = "INSERT INTO %smembers \n\t\t (login,\n\t\t password,\n\t\t email,\n\t\t website,\n\t\t first_name,\n\t\t second_name,\n\t\t last_name,\n\t\t dob,\n\t\t gender,\n\t\t address,\n\t\t postal,\n\t\t city,\n\t\t province,\n\t\t country,\n\t\t phone,\n\t\t status,\n\t\t preferences,\n\t\t creation_date,\n\t\t language,\n\t\t inbox_notify,\n\t\t private_email,\n\t\t last_login)\n\t\t VALUES ('{$_POST['login']}',\n\t\t '{$_POST['password']}',\n\t\t '{$_POST['email']}',\n\t\t '{$_POST['website']}',\n\t\t '{$_POST['first_name']}',\n\t\t '{$_POST['second_name']}',\n\t\t '{$_POST['last_name']}', \n\t\t '{$dob}', \n\t\t '{$_POST['gender']}', \n\t\t '{$_POST['address']}',\n\t\t '{$_POST['postal']}',\n\t\t '{$_POST['city']}',\n\t\t '{$_POST['province']}',\n\t\t '{$_POST['country']}', \n\t\t '{$_POST['phone']}', \n\t\t {$status}, \n\t\t '{$_config['pref_defaults']}', \n\t\t '{$now}',\n\t\t '{$_SESSION['lang']}', \n\t\t {$_config['pref_inbox_notify']}, \n\t\t {$_POST['private_email']}, \n\t\t '0000-00-00 00:00:00')";
$result = queryDB($sql, array(TABLE_PREFIX)) or die(at_db_error());
$m_id = at_insert_id($db);
if (!$result) {
require AT_INCLUDE_PATH . 'header.inc.php';
$msg->addError('DB_NOT_UPDATED');
$msg->printAll();
require AT_INCLUDE_PATH . 'footer.inc.php';
exit;
}
if (isset($master_list_sql)) {
queryDB($master_list_sql, array(TABLE_PREFIX, $student_id, $student_pin));
}
//reset login attempts
if ($result) {
$sql = "DELETE FROM %smember_login_attempt WHERE login='******'";
queryDB($sql, array(TABLE_PREFIX, $_POST['login']));
function update_term($text, $context, $variable, $term)
{
global $addslashes, $db;
$term = $addslashes(trim($term));
$text = $addslashes(trim($text));
$context = $addslashes(trim($context));
if ($_SESSION['language'] == 'en') {
$sql = "UPDATE %slanguage_text SET text='%s', revised_date=NOW(), context='%s' WHERE variable='%s' AND term='%s' AND language_code='en'";
$result = queryDB($sql, array(TABLE_PREFIX, $text, $context, $variable, $term));
} else {
$sql = "REPLACE INTO %slanguage_text VALUES ('%s', '%s', '%s', '%s', NOW(), '')";
$trans = get_html_translation_table(HTML_ENTITIES);
$trans = array_flip($trans);
$sql = strtr($sql, $trans);
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['language'], $variable, $term, $text));
}
if ($result == 0) {
echo at_db_error();
echo '<div class="error">Error: changes not saved!</div>';
$success_error = '<div class="error">Error: changes not saved!</div>';
return $success_error;
} else {
echo '<div class="feedback2"">Success: changes saved.</div>';
$success_error = '<div class="feedback2"">Success: changes saved.</div>';
return $success_error;
}
}
/**
* Transverse the tree and update/insert entries based on the updated structure.
* @param array The tree from rebuild(), and the subtree from the recursion.
* @param int the ordering of this subtree respect to its parent.
* @param int parent content id
* @return null (nothing to return, it updates the db only)
*/
private function reconstruct($tree, $order, $content_parent_id, $table_prefix)
{
//a content page.
if (!is_array($tree)) {
$sql = "UPDATE %scontent SET ordering=%d, content_parent_id=%d WHERE content_id=%d";
$result = queryDB($sql, array($table_prefix, $order, $content_parent_id, $tree));
return $result;
}
foreach ($tree as $k => $v) {
if (preg_match('/order\\_([\\d]+)/', $k, $match) == 1) {
//order layer
$this->reconstruct($v, $match[1], $content_parent_id, $table_prefix);
//inherit the previous layer id
} else {
//content folder layer
$sql = "SELECT * FROM %scontent WHERE content_id=%d";
$old_content_row = queryDB($sql, array($table_prefix, $k), TRUE);
$sql = 'INSERT INTO %scontent (course_id, content_parent_id, ordering, last_modified, revision, formatting, release_date, keywords, content_path, title, use_customized_head, allow_test_export, content_type) VALUES (' . $old_content_row['course_id'] . ', ' . $content_parent_id . ', ' . $order . ', ' . '\'' . $old_content_row['last_modified'] . '\', ' . $old_content_row['revision'] . ', ' . $old_content_row['formatting'] . ', ' . '\'' . $old_content_row['release_date'] . '\', ' . '\'' . $old_content_row['keywords'] . '\', ' . '\'' . $old_content_row['content_path'] . '\', ' . '\'' . $old_content_row['title'] . '\', ' . $old_content_row['use_customized_head'] . ', ' . $old_content_row['allow_test_export'] . ', ' . '1)';
$result = queryDB($sql, array($table_prefix));
if ($result > 0) {
$folder_id = at_insert_id();
$this->reconstruct($v, '', $folder_id, $table_prefix);
} else {
//throw error
echo at_db_error();
}
}
}
}
/* This program is free software. You can redistribute it and/or*/
/* modify it under the terms of the GNU General Public License */
/* as published by the Free Software Foundation. */
/****************************************************************/
// $Id$
define('AT_INCLUDE_PATH', '../../../include/');
$_user_location = 'public';
include AT_INCLUDE_PATH . 'vitals.inc.php';
include AT_SOCIAL_INCLUDE . 'classes/Application.class.php';
if (empty($_GET['st']) || empty($_GET['name']) || !isset($_GET['value'])) {
header("HTTP/1.0 400 Bad Request", true);
echo "<html><body><h1>400 - Bad Request</h1></body></html>";
} else {
try {
$st = urldecode(base64_decode($_GET['st']));
$key = urldecode($_GET['name']);
$value = urldecode($_GET['value']);
$token = BasicSecurityToken::createFromToken($st, 15 * 60);
//TODO: Change 3600 to a constant
$app_id = $token->getAppId();
// $viewer = $token->getViewerId();
$app = new Application($app_id);
$result = $app->setApplicationSettings($_SESSION['member_id'], $key, $value);
if (!$result) {
echo "<html><body><h1>500 - SQL Error: </h1>" . at_db_error() . "</body></html>";
}
} catch (Exception $e) {
header("HTTP/1.0 400 Bad Request", true);
echo "<html><body><h1>400 - Bad Request</h1>" . $e->getMessage() . "</body></html>";
}
}
