$perpage = intval($_POST['perpage']);
if (isset($CFG['GEN']['fixedhomelayout']) && $CFG['GEN']['homelayout']) {
$deflayout = explode('|', $CFG['GEN']['homelayout']);
foreach ($CFG['GEN']['fixedhomelayout'] as $k) {
$homelayout[$k] = $deflayout[$k];
}
}
$layoutstr = implode('|', $homelayout);
if (is_uploaded_file($_FILES['stupic']['tmp_name'])) {
processImage($_FILES['stupic'], $userid, 200, 200);
processImage($_FILES['stupic'], 'sm' . $userid, 40, 40);
$chguserimg = ",hasuserimg=1";
} else {
if (isset($_POST['removepic'])) {
deletecoursefile('userimg_' . $userid . '.jpg');
deletecoursefile('userimg_sm' . $userid . '.jpg');
$chguserimg = ",hasuserimg=0";
} else {
$chguserimg = '';
}
}
$_POST['theme'] = str_replace(array('/', '..'), '', $_POST['theme']);
$query = "UPDATE imas_users SET FirstName='{$_POST['firstname']}',LastName='{$_POST['lastname']}',email='{$_POST['email']}',msgnotify={$msgnot},qrightsdef={$qrightsdef},deflib='{$deflib}',usedeflib='{$usedeflib}',homelayout='{$layoutstr}',theme='{$_POST['theme']}',listperpage='{$perpage}'{$chguserimg} ";
$query .= "WHERE id='{$userid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
if (isset($_POST['dochgpw'])) {
$query = "SELECT password FROM imas_users WHERE id = '{$userid}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$line = mysql_fetch_array($result, MYSQL_ASSOC);
if ((md5($_POST['oldpw']) == $line['password'] || isset($CFG['GEN']['newpasswords']) && password_verify($_POST['oldpw'], $line['password'])) && $_POST['newpw1'] == $_POST['newpw2'] && $myrights > 5) {
if (isset($CFG['GEN']['newpasswords'])) {
function delitembyid($itemid)
{
$query = "SELECT itemtype,typeid FROM imas_items WHERE id='{$itemid}'";
$result = mysql_query($query) or die("Query failed :{$query} " . mysql_error());
list($itemtype, $typeid) = mysql_fetch_row($result);
if ($itemtype == "InlineText") {
$query = "DELETE FROM imas_inlinetext WHERE id='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "SELECT filename FROM imas_instr_files WHERE itemid='{$typeid}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
//$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/';
while ($row = mysql_fetch_row($result)) {
$safefn = addslashes($row[0]);
$query = "SELECT id FROM imas_instr_files WHERE filename='{$safefn}'";
$r2 = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($r2) == 1) {
//unlink($uploaddir . $row[0]);
deletecoursefile($row[0]);
}
}
$query = "DELETE FROM imas_instr_files WHERE itemid='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
} else {
if ($itemtype == "LinkedText") {
$query = "SELECT text FROM imas_linkedtext WHERE id='{$typeid}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$text = mysql_result($result, 0, 0);
if (substr($text, 0, 5) == 'file:') {
//delete file if not used
$safetext = addslashes($text);
$query = "SELECT id FROM imas_linkedtext WHERE text='{$safetext}'";
//any others using file?
$result = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($result) == 1) {
//$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/';
$filename = substr($text, 5);
//unlink($uploaddir . $filename);
deletecoursefile($filename);
}
}
$query = "DELETE FROM imas_linkedtext WHERE id='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
} else {
if ($itemtype == "Forum") {
$query = "DELETE FROM imas_forums WHERE id='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "SELECT id FROM imas_forum_posts WHERE forumid='{$typeid}' AND files<>''";
$result = mysql_query($query) or die("Query failed : {$query} " . mysql_error());
while ($row = mysql_fetch_row($result)) {
deleteallpostfiles($row[0]);
}
$query = "DELETE FROM imas_forum_subscriptions WHERE forumid='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_forum_views WHERE threadid IN (SELECT id FROM imas_forum_threads WHERE forumid='{$typeid}')";
mysql_query($query) or die("Query failed : {$query} " . mysql_error());
$query = "DELETE FROM imas_forum_posts WHERE forumid='{$typeid}'";
mysql_query($query) or die("Query failed : {$query} " . mysql_error());
$query = "DELETE FROM imas_forum_threads WHERE forumid='{$typeid}'";
mysql_query($query) or die("Query failed : {$query} " . mysql_error());
} else {
if ($itemtype == "Assessment") {
deleteallaidfiles($typeid);
$query = "DELETE FROM imas_assessment_sessions WHERE assessmentid='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_questions WHERE assessmentid='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_assessments WHERE id='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
} else {
if ($itemtype == "Drill") {
$query = "DELETE FROM imas_drillassess_sessions WHERE drillassessid='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_drillassess WHERE id='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
} else {
if ($itemtype == 'Wiki') {
$query = "DELETE FROM imas_wikis WHERE id='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_wiki_revisions WHERE wikiid='{$typeid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_wiki_views WHERE wikiid='{$typeid}'";
mysql_query($query) or die("Query failed : {$query} " . mysql_error());
}
}
}
}
}
}
$query = "DELETE FROM imas_items WHERE id='{$itemid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
}
//already have id; update
$query = "SELECT text FROM imas_linkedtext WHERE id='{$_GET['id']}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$text = trim(mysql_result($result, 0, 0));
if (substr($text, 0, 5) == 'file:') {
//has file
$safetext = addslashes($text);
if ($_POST['text'] != $safetext) {
//if not same file, delete old if not used
$query = "SELECT id FROM imas_linkedtext WHERE text='{$safetext}'";
//any others using file?
$result = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($result) == 1) {
//$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/';
$filename = substr($text, 5);
deletecoursefile($filename);
//if (file_exists($uploaddir . $filename)) {
// unlink($uploaddir . $filename);
//}
}
}
}
if (!$processingerror) {
$query = "UPDATE imas_linkedtext SET title='{$_POST['title']}',summary='{$_POST['summary']}',text='{$_POST['text']}',startdate={$startdate},enddate={$enddate},avail='{$_POST['avail']}',oncal='{$oncal}',caltag='{$caltag}',target='{$_POST['target']}',outcomes='{$outcomes}',points={$points} ";
$query .= "WHERE id='{$_GET['id']}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
}
} else {
if (!$processingerror) {
//add new
$query = "INSERT INTO imas_linkedtext (courseid,title,summary,text,startdate,enddate,avail,oncal,caltag,target,outcomes,points) VALUES ";
mysql_query($query) or die("Query failed : " . mysql_error());
} else {
$query = "UPDATE imas_students SET code={$code},section={$section},timelimitmult='{$timelimitmult}',hidefromcourselist={$hide} WHERE userid='{$_GET['uid']}' AND courseid='{$cid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "UPDATE imas_students SET locked={$locked} WHERE userid='{$_GET['uid']}' AND courseid='{$cid}' AND locked=0";
mysql_query($query) or die("Query failed : " . mysql_error());
}
require '../includes/userpics.php';
if (is_uploaded_file($_FILES['stupic']['tmp_name'])) {
processImage($_FILES['stupic'], $_GET['uid'], 200, 200);
processImage($_FILES['stupic'], 'sm' . $_GET['uid'], 40, 40);
$chguserimg = "hasuserimg=1";
} else {
if (isset($_POST['removepic'])) {
deletecoursefile('userimg_' . $_GET['uid'] . '.jpg');
deletecoursefile('userimg_sm' . $_GET['uid'] . '.jpg');
$chguserimg = "hasuserimg=0";
} else {
$chguserimg = '';
}
}
if ($chguserimg != '') {
$query = "UPDATE imas_users SET {$chguserimg} WHERE id='{$_GET['uid']}'";
mysql_query($query) or die("Query failed : " . mysql_error());
}
require "../header.php";
echo '<div class="breadcrumb">' . $curBreadcrumb . '</div>';
echo '<div id="headerlistusers" class="pagetitle"><h2>' . $pagetitle . '</h2></div>';
echo "<p>User info updated. ";
if ($updateusername) {
echo "User login changed to {$un}.";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$itemid = mysql_result($result, 0, 0);
$query = "DELETE FROM imas_items WHERE id='{$itemid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "DELETE FROM imas_inlinetext WHERE id='{$textid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "SELECT filename FROM imas_instr_files WHERE itemid='{$textid}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
//$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/';
while ($row = mysql_fetch_row($result)) {
$safefn = addslashes($row[0]);
$query = "SELECT id FROM imas_instr_files WHERE filename='{$safefn}'";
$r2 = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($r2) == 1) {
//unlink($uploaddir . $row[0]);
deletecoursefile($row[0]);
}
}
$query = "DELETE FROM imas_instr_files WHERE itemid='{$textid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "SELECT itemorder FROM imas_courses WHERE id='{$cid}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$items = unserialize(mysql_result($result, 0, 0));
$blocktree = explode('-', $block);
$sub =& $items;
for ($i = 1; $i < count($blocktree); $i++) {
$sub =& $sub[$blocktree[$i] - 1]['items'];
//-1 to adjust for 1-indexing
}
$key = array_search($itemid, $sub);
array_splice($sub, $key, 1);
$row = mysql_fetch_row($result);
$text = trim($row[0]);
$points = $row[1];
if (substr($text, 0, 5) == 'file:') {
//delete file if not used
$safetext = addslashes($text);
$query = "SELECT id FROM imas_linkedtext WHERE text='{$safetext}'";
//any others using file?
$result = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($result) == 1) {
/*$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/';
$filename = substr($text,5);
if (file_exists($uploaddir . $filename)) {
unlink($uploaddir . $filename);
}*/
deletecoursefile(substr($text, 5));
}
}
if ($points > 0) {
$query = "DELETE FROM imas_grades WHERE gradetypeid='{$textid}' AND gradetype='exttool'";
mysql_query($query) or die("Query failed : " . mysql_error());
}
$query = "DELETE FROM imas_linkedtext WHERE id='{$textid}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "SELECT itemorder FROM imas_courses WHERE id='{$_GET['cid']}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$items = unserialize(mysql_result($result, 0, 0));
$blocktree = explode('-', $block);
$sub =& $items;
for ($i = 1; $i < count($blocktree); $i++) {
$sub =& $sub[$blocktree[$i] - 1]['items'];
$query .= "WHERE id='{$_GET['id']}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
//update attached files
$query = "SELECT id,description,filename FROM imas_instr_files WHERE itemid='{$_GET['id']}'";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
while ($row = mysql_fetch_row($result)) {
if (isset($_POST['delfile-' . $row[0]])) {
$filestoremove[] = $row[0];
$query = "DELETE FROM imas_instr_files WHERE id='{$row[0]}'";
mysql_query($query) or die("Query failed : " . mysql_error());
$query = "SELECT id FROM imas_instr_files WHERE filename='{$row[2]}'";
$r2 = mysql_query($query) or die("Query failed : " . mysql_error());
if (mysql_num_rows($r2) == 0) {
//$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/';
//unlink($uploaddir . $row[2]);
deletecoursefile($row[2]);
}
} else {
if ($_POST['filedescr-' . $row[0]] != $row[1]) {
$query = "UPDATE imas_instr_files SET description='{$_POST['filedescr-' . $row[0]]}' WHERE id='{$row[0]}'";
mysql_query($query) or die("Query failed : " . mysql_error());
}
}
}
$newtextid = $_GET['id'];
} else {
//add new
$query = "INSERT INTO imas_inlinetext (courseid,title,text,startdate,enddate,avail,oncal,caltag,outcomes,isplaylist) VALUES ";
$query .= "('{$cid}','{$_POST['title']}','{$_POST['text']}',{$startdate},{$enddate},'{$_POST['avail']}','{$_POST['oncal']}','{$caltag}','{$outcomes}',{$isplaylist});";
$result = mysql_query($query) or die("Query failed : " . mysql_error());
$newtextid = mysql_insert_id();
