/** * @package chamilo.survey * @author Arnaud Ligot <*****@*****.**> * @version $Id: $ * * A small peace of code to enable user to access images included into survey * which are accessible by non authenticated users. This file is included * by document/download.php */ function check_download_survey($course, $invitation, $doc_url) { require_once 'survey.lib.php'; // Getting all the course information $_course = CourseManager::get_course_information($course); $course_id = $_course['real_id']; // Database table definitions $table_survey = Database::get_course_table(TABLE_SURVEY); $table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION); $table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION); $table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION); // Now we check if the invitationcode is valid $sql = "SELECT * FROM {$table_survey_invitation}\n\t WHERE\n\t c_id = {$course_id} AND\n\t invitation_code = '" . Database::escape_string($invitation) . "'"; $result = Database::query($sql); if (Database::num_rows($result) < 1) { Display::display_error_message(get_lang('WrongInvitationCode'), false); Display::display_footer(); exit; } $survey_invitation = Database::fetch_assoc($result); // Now we check if the user already filled the survey if ($survey_invitation['answered'] == 1) { Display::display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false); Display::display_footer(); exit; } // Very basic security check: check if a text field from a survey/answer/option contains the name of the document requested // Fetch survey ID // If this is the case there will be a language choice $sql = "SELECT * FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t code='" . Database::escape_string($survey_invitation['survey_code']) . "'"; $result = Database::query($sql); if (Database::num_rows($result) > 1) { if ($_POST['language']) { $survey_invitation['survey_id'] = $_POST['language']; } else { echo '<form id="language" name="language" method="POST" action="' . api_get_self() . '?course=' . $_GET['course'] . '&invitationcode=' . $_GET['invitationcode'] . '">'; echo ' <select name="language">'; while ($row = Database::fetch_assoc($result)) { echo '<option value="' . $row['survey_id'] . '">' . $row['lang'] . '</option>'; } echo '</select>'; echo ' <input type="submit" name="Submit" value="' . get_lang('Ok') . '" />'; echo '</form>'; display::display_footer(); exit; } } else { $row = Database::fetch_assoc($result); $survey_invitation['survey_id'] = $row['survey_id']; } $sql = "SELECT count(*)\n\t FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n title LIKE '%{$doc_url}%'\n or subtitle LIKE '%{$doc_url}%'\n or intro LIKE '%{$doc_url}%'\n or surveythanks LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n survey_question LIKE '%{$doc_url}%'\n or survey_question_comment LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question_option}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n option_text LIKE '%{$doc_url}%'\n )"; $result = Database::query($sql); if (Database::num_rows($result) == 0) { Display::display_error_message(get_lang('WrongInvitationCode'), false); Display::display_footer(); exit; } return $_course; }
public function send_invitation($username, $password, $userfriend_id, $content_message = '') { global $charset; if ($this->verifyUserPass($username, $password) == "valid") { $user_id = UserManager::get_user_id_from_username($username); $message_title = get_lang('Invitation'); $count_is_true = SocialManager::send_invitation_friend($user_id, $userfriend_id, $message_title, $content_message); if ($count_is_true) { return Display::display_normal_message(api_htmlentities(get_lang('InvitationHasBeenSent'), ENT_QUOTES, $charset), false); } else { return Display::display_error_message(api_htmlentities(get_lang('YouAlreadySentAnInvitation'), ENT_QUOTES, $charset), false); } } return get_lang('InvalidId'); }
/** * Handle the subscribe action. * * @return bool */ function action_subscribe_user() { $action = self::get('action'); if ($action != self::ACTION_SUBSCRIBE) { return false; } $course_code = self::post(self::PARAM_SUBSCRIBE); if (empty($course_code)) { return false; } $registration_code = self::post(self::PARAM_PASSCODE); if ($this->subscribe_user($course_code, $registration_code)) { Display::display_confirmation_message(get_lang('EnrollToCourseSuccessful')); return; } if (!empty($registration_code)) { Display::display_error_message(get_lang('CourseRegistrationCodeIncorrect')); } $this->display_form($course_code); return true; }
/** * This function will import the zip file with the respective qti2 * @param array $uploaded_file ($_FILES) */ function ch_qti2_import_file($array_file) { $unzip = 0; $lib_path = api_get_path(LIBRARY_PATH); $process = FileManager::process_uploaded_file($array_file); if (preg_match('/\\.zip$/i', $array_file['name'])) { // if it's a zip, allow zip upload $unzip = 1; } if ($process && $unzip == 1) { $main_path = api_get_path(SYS_CODE_PATH); require_once $main_path . 'exercice/export/exercise_import.inc.php'; require_once $main_path . 'exercice/export/qti2/qti2_classes.php'; $imported = import_exercise($array_file['name']); if ($imported) { header('Location: exercice.php?' . api_get_cidreq()); } else { Display::display_error_message(get_lang('UplNoFileUploaded')); return false; } } }
// temporary configuration of in which folder to upload the file in each course. // Should default to '', and start with a '/' and end without it, if defined $subDir = ''; $tool_name = get_lang('ImportPDFIntroToCourses'); $interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin')); set_time_limit(0); Display::display_header($tool_name); if ($_POST['formSent']) { if (empty($_FILES['import_file']['tmp_name'])) { $error_message = get_lang('UplUploadFailed'); Display::display_error_message($error_message, false); } else { $allowed_file_mimetype = array('zip'); $ext_import_file = substr($_FILES['import_file']['name'], strrpos($_FILES['import_file']['name'], '.') + 1); if (!in_array($ext_import_file, $allowed_file_mimetype)) { Display::display_error_message(get_lang('YouMustImportAZipFile')); } else { $errors = import_pdfs($courses, $subDir); if (count($errors) == 0) { error_log('Course intros imported successfully in ' . __FILE__ . ', line ' . __LINE__); } } } } if (count($errors) != 0) { $error_message = '<ul>'; foreach ($errors as $index => $error_course) { $error_message .= '<li>' . get_lang('Course') . ': ' . $error_course['Title'] . ' (' . $error_course['Code'] . ')</li>'; } $error_message .= '</ul>'; Display::display_normal_message($error_message, false);
/** * Adds a user to the Dokeos database or updates its data * @param string username (and uid inside LDAP) * @author Mustapha Alouani */ function ldap_add_user($login) { global $ldap_basedn, $ldap_host, $ldap_port, $ldap_rdn, $ldap_pass; $ds = ldap_connect($ldap_host, $ldap_port); ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); if ($ds) { $str_query = "(uid=" . $login . ")"; $r = false; $res = ldap_handle_bind($ds, $r); $sr = ldap_search($ds, $ldap_basedn, $str_query); //echo "Le nombre de resultats est : ".ldap_count_entries($ds,$sr)."<p>"; $info = ldap_get_entries($ds, $sr); for ($key = 0; $key < $info['count']; $key++) { $lastname = api_convert_encoding($info[$key]['sn'][0], api_get_system_encoding(), 'UTF-8'); $firstname = api_convert_encoding($info[$key]['givenname'][0], api_get_system_encoding(), 'UTF-8'); $email = $info[$key]['mail'][0]; // Get uid from dn $dn_array = ldap_explode_dn($info[$key]['dn'], 1); $username = $dn_array[0]; // uid is first key $outab[] = $info[$key]['edupersonprimaryaffiliation'][0]; // Ici "student" //$val = ldap_get_values_len($ds, $entry, "userPassword"); //$val = ldap_get_values_len($ds, $info[$key], "userPassword"); //$password = $val[0]; // TODO the password, if encrypted at the source, will be encrypted twice, which makes it useless. Try to fix that. $password = $info[$key]['userPassword'][0]; $structure = $info[$key]['edupersonprimaryorgunitdn'][0]; $array_structure = explode(",", $structure); $array_val = explode("=", $array_structure[0]); $etape = $array_val[1]; $array_val = explode("=", $array_structure[1]); $annee = $array_val[1]; // Pour faciliter la gestion on ajoute le code "etape-annee" $official_code = $etape . "-" . $annee; $auth_source = 'ldap'; // Pas de date d'expiration d'etudiant (a recuperer par rapport au shadow expire LDAP) $expiration_date = '0000-00-00 00:00:00'; $active = 1; if (empty($status)) { $status = 5; } if (empty($phone)) { $phone = ''; } if (empty($picture_uri)) { $picture_uri = ''; } // Ajout de l'utilisateur if (UserManager::is_username_available($username)) { $user_id = UserManager::create_user($firstname, $lastname, $status, $email, $username, $password, $official_code, api_get_setting('platformLanguage'), $phone, $picture_uri, $auth_source, $expiration_date, $active); } else { $user = UserManager::get_user_info($username); $user_id = $user['user_id']; UserManager::update_user($user_id, $firstname, $lastname, $username, null, null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active); } } } else { Display::display_error_message(get_lang('LDAPConnectionError')); } return $user_id; }
$df = DocumentManager::get_default_certificate_id($_course['code']); if (!isset($df)) { DocumentManager::attach_gradebook_certificate($_course['code'], $document_id); } $certificate_condition = '&certificate=true'; } header('Location: document.php?' . api_get_cidreq() . '&id=' . $folder_id . $selectcat . $certificate_condition); exit; } else { Display::display_header($nameTools, 'Doc'); Display::display_error_message(get_lang('Impossible')); Display::display_footer(); } } else { Display::display_header($nameTools, 'Doc'); Display::display_error_message(get_lang('Impossible')); Display::display_footer(); } } else { // Interbreadcrumb for the current directory root path // Copied from document.php $dir_array = explode('/', $dir); $array_len = count($dir_array); // Interbreadcrumb for the current directory root path if (empty($document_data['parents'])) { $interbreadcrumb[] = array('url' => '#', 'name' => $document_data['title']); } else { foreach ($document_data['parents'] as $document_sub_data) { $interbreadcrumb[] = array('url' => $document_sub_data['document_url'], 'name' => $document_sub_data['title']); } }
/** * Replace a document in the actual db * * @param XapianDocument $doc xapian document to push into the db * @param Xapian::docid $did xapian document id of the document to replace */ function replace_document($doc, $did) { if (!is_a($doc, 'XapianDocument')) { return false; } if ($this->db == null) { $this->connectDb(); } try { $this->getDb()->replace_document((int) $did, $doc); $this->getDb()->flush(); } catch (Exception $e) { Display::display_error_message($e->getMessage()); return 1; } }
Session::erase('error_message'); } if (!empty($my_folder_data['description'])) { echo '<p><div><strong>'.get_lang('Description').':</strong><p>'.Security::remove_XSS($my_folder_data['description']).'</p></div></p>'; } $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null; $item_id = isset($_REQUEST['item_id']) ? intval($_REQUEST['item_id']) : null; switch ($action) { case 'delete': $fileDeleted = deleteWorkItem($item_id, $courseInfo); if (!$fileDeleted) { Display::display_error_message(get_lang('YouAreNotAllowedToDeleteThisDocument')); } else { Display::display_confirmation_message(get_lang('TheDocumentHasBeenDeleted')); } break; } $result = getWorkDateValidationStatus($work_data); echo $result['message']; $check_qualification = intval($my_folder_data['qualification']); if (!empty($work_data['enable_qualification']) && !empty($check_qualification)) { $type = 'simple'; $columns = array( get_lang('Type'),
$classes = array(); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_class = Database::get_main_table(TABLE_MAIN_CLASS); $tool_name = get_lang('AddClassesToACourse'); $interbreadcrumb[] = array("url" => 'index.php', "name" => get_lang('PlatformAdmin')); Display::display_header($tool_name); //api_display_tool_title($tool_name); if ($_POST['formSent']) { $form_sent = $_POST['formSent']; $classes = is_array($_POST['ClassList']) ? $_POST['ClassList'] : array(); $courses = is_array($_POST['CourseList']) ? $_POST['CourseList'] : array(); $first_letter_class = $_POST['firstLetterClass']; $first_letter_course = $_POST['firstLetterCourse']; if ($form_sent == 1) { if (count($classes) == 0 || count($courses) == 0) { Display::display_error_message(get_lang('AtLeastOneClassAndOneCourse')); } elseif (api_substr($_POST['formSubmit'], -2) == '>>') { foreach ($courses as $course_code) { foreach ($classes as $class_id) { ClassManager::subscribe_to_course($class_id, $course_code); } } Display::display_normal_message(get_lang('ClassesSubscribed')); } else { // remove classes from courses foreach ($courses as $course_code) { foreach ($classes as $class_id) { ClassManager::unsubscribe_from_course($class_id, $course_code); } } Display::display_normal_message(get_lang('ClassesUnSubscribed'));
Display::display_error_message(get_lang("CannotDeleteGlossary") . ':' . $term['id']); } } } //$data = Import::csv_to_array($_FILES['file']['tmp_name']); $data = Import::csv_reader($_FILES['file']['tmp_name']); $good = 0; $bad = 0; foreach ($data as $item) { if (GlossaryManager::save_glossary(array('glossary_title' => $item['term'], 'glossary_comment' => $item['definition']), false)) { $good++; } else { $bad++; } } Display::display_confirmation_message(get_lang("TermsImported") . ':' . $good); if ($bad) { Display::display_error_message(get_lang("TermsNotImported") . ':' . $bad); } GlossaryManager::display_glossary(); } break; default: GlossaryManager::display_glossary(); break; } } else { GlossaryManager::display_glossary(); } // Footer Display::display_footer();
/** * Creates a comment on a post in a given blog * @author Toon Keppens * @param String $title * @param String $full_text * @param Integer $blog_id * @param Integer $post_id * @param Integer $parent_id */ public static function create_comment($title, $full_text, $file_comment, $blog_id, $post_id, $parent_id, $task_id = 'NULL') { $_user = api_get_user_info(); $_course = api_get_course_info(); $blog_table_attachment = Database::get_course_table(TABLE_BLOGS_ATTACHMENT); $upload_ok = true; $has_attachment = false; $current_date = date('Y-m-d H:i:s', time()); $course_id = api_get_course_int_id(); if (!empty($_FILES['user_upload']['name'])) { $upload_ok = process_uploaded_file($_FILES['user_upload']); $has_attachment = true; } if ($upload_ok) { // Table Definition $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); // Create the comment $sql = "INSERT INTO {$tbl_blogs_comments} (c_id, title, comment, author_id, date_creation, blog_id, post_id, parent_comment_id, task_id )\n\t\t\t\t\tVALUES ({$course_id}, '" . Database::escape_string($title) . "', '" . Database::escape_string($full_text) . "', '" . (int) $_user['user_id'] . "','" . $current_date . "', '" . (int) $blog_id . "', '" . (int) $post_id . "', '" . (int) $parent_id . "', '" . (int) $task_id . "')"; Database::query($sql); // Empty post values, or they are shown on the page again $last_id = Database::insert_id(); if ($last_id) { $sql = "UPDATE {$tbl_blogs_comments} SET comment_id = iid WHERE iid = {$last_id}"; Database::query($sql); } if ($has_attachment) { $courseDir = $_course['path'] . '/upload/blog'; $sys_course_path = api_get_path(SYS_COURSE_PATH); $updir = $sys_course_path . $courseDir; // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($_FILES['user_upload']['name']), $_FILES['user_upload']['type']); // user's file name $file_name = $_FILES['user_upload']['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); $new_path = $updir . '/' . $new_file_name; $result = @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path); $comment = Database::escape_string($file_comment); // Storing the attachments if any if ($result) { $sql = 'INSERT INTO ' . $blog_table_attachment . '(c_id, filename,comment, path, post_id,size,blog_id,comment_id) ' . "VALUES ({$course_id}, '" . Database::escape_string($file_name) . "', '" . $comment . "', '" . Database::escape_string($new_file_name) . "' , '" . $post_id . "', '" . $_FILES['user_upload']['size'] . "', '" . $blog_id . "', '" . $last_id . "' )"; Database::query($sql); $id = Database::insert_id(); if ($id) { $sql = "UPDATE {$blog_table_attachment} SET id = iid WHERE iid = {$id}"; Database::query($sql); } } } } } }
$langsvgedit = api_get_language_isocode(); $langsvgedit = isset($svgedit_code_translation_table[$langsvgedit]) ? $svgedit_code_translation_table[$langsvgedit] : $langsvgedit; $langsvgedit = file_exists(api_get_path(LIBRARY_PATH) . 'svg-edit/locale/lang.' . $langsvgedit . '.js') ? $langsvgedit : 'en'; $svg_url = api_get_path(WEB_LIBRARY_PATH) . 'svg-edit/svg-editor.php?lang=' . $langsvgedit; ?> <script> document.write ('<iframe id="frame" frameborder="0" scrolling="no" src="<?php echo $svg_url; ?> " width="100%" height="100%"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>'); function resizeIframe() { var height = window.innerHeight -50; //max lower size if (height<550) { height=550; } document.getElementById('frame').style.height = height +"px"; } document.getElementById('frame').onload = resizeIframe; window.onresize = resizeIframe; </script> <?php echo '<noscript>'; echo '<iframe style="height: 550px; width: 100%;" scrolling="no" frameborder="0" src="' . $svg_url . '"><noframes><p>Sorry, your browser does not handle frames</p></noframes></iframe>'; echo '</noscript>'; } else { Display::display_error_message(get_lang('BrowserDontSupportsSVG')); } Display::display_footer();
/** * Saves a message attachment files * @param array $file_attach $_FILES['name'] * @param string a comment about the uploaded file * @param int message id * @param int receiver user id (optional) * @param int sender user id (optional) * @param int group id (optional) * @return void */ public static function save_message_attachment_file($file_attach, $file_comment, $message_id, $receiver_user_id = 0, $sender_user_id = 0, $group_id = 0) { $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT); // Try to add an extension to the file if it hasn't one $new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $file_attach['type']); // user's file name $file_name = $file_attach['name']; if (!filter_extension($new_file_name)) { Display::display_error_message(get_lang('UplUnableToSaveFileFilteredExtension')); } else { $new_file_name = uniqid(''); if (!empty($receiver_user_id)) { $message_user_id = $receiver_user_id; } else { $message_user_id = $sender_user_id; } // User-reserved directory where photos have to be placed.* $userGroup = new UserGroup(); if (!empty($group_id)) { $path_user_info = $userGroup->get_group_picture_path_by_id($group_id, 'system', true); } else { $path_user_info['dir'] = UserManager::getUserPathById($message_user_id, 'system'); } $path_message_attach = $path_user_info['dir'] . 'message_attachments/'; // If this directory does not exist - we create it. if (!file_exists($path_message_attach)) { @mkdir($path_message_attach, api_get_permissions_for_new_directories(), true); } $new_path = $path_message_attach . $new_file_name; if (is_uploaded_file($file_attach['tmp_name'])) { @copy($file_attach['tmp_name'], $new_path); } // Storing the attachments if any $params = ['filename' => $file_name, 'comment' => $file_comment, 'path' => $new_file_name, 'message_id' => $message_id, 'size' => $file_attach['size']]; Database::insert($tbl_message_attach, $params); } }
$table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION); $table_survey_question_group = Database::get_course_table(TABLE_SURVEY_QUESTION_GROUP); $table_course = Database::get_main_table(TABLE_MAIN_COURSE); $table_user = Database::get_main_table(TABLE_MAIN_USER); $survey_id = intval($_GET['survey_id']); $course_id = api_get_course_int_id(); // Breadcrumbs $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey_list.php', 'name' => get_lang('SurveyList')); // Getting the survey information if (isset($_GET['survey_id'])) { $course_code = api_get_course_id(); if ($course_code != -1) { $survey_data = survey_manager::get_survey($survey_id); } else { Display::display_header(get_lang('ToolSurvey')); Display::display_error_message(get_lang('NotAllowed'), false); Display::display_footer(); exit; } } $tool_name = strip_tags($survey_data['title']); $is_survey_type_1 = $survey_data['survey_type'] == 1; if (api_strlen(strip_tags($survey_data['title'])) > 40) { $tool_name .= '...'; } if ($is_survey_type_1 && isset($_GET['action']) && ($_GET['action'] == 'addgroup' || $_GET['action'] == 'deletegroup')) { $_POST['name'] = trim($_POST['name']); if ($_GET['action'] == 'addgroup') { if (!empty($_POST['group_id'])) { Database::query('UPDATE ' . $table_survey_question_group . ' SET description = \'' . Database::escape_string($_POST['description']) . '\' WHERE c_id = ' . $course_id . ' AND id = \'' . Database::escape_string($_POST['group_id']) . '\'');
$userMessage = null; foreach ($user_to_show as $user) { if (!is_array($user)) { $user = array($user); } $user = array_filter($user); $userMessage .= implode(', ', $user) . "<br />"; } if ($type == 'confirmation') { Display::display_confirmation_message($message . ': <br />' . $userMessage, false); } else { Display::display_warning_message($message . ': <br />' . $userMessage, false); } } else { $empty_line_msg = $empty_line == 0 ? get_lang('ErrorsWhenImportingFile') : get_lang('ErrorsWhenImportingFile') . ': ' . get_lang('EmptyHeaderLine'); Display::display_error_message($empty_line_msg); } } $form->display(); echo get_lang('CSVMustLookLike'); echo '<blockquote><pre> username; jdoe; jmontoya; </pre> </blockquote>'; echo get_lang('Or'); echo '<blockquote><pre> id; 23; 1337;
// Check if the id makes sense if (!isset($_GET['id']) || !is_numeric($_GET['id'])) { Display::display_header($nameTools, 'Dropbox'); Display::display_error_message(get_lang('Error')); Display::display_footer(); exit; } // Check if the user is allowed to download the file $allowed_to_download = false; if (user_can_download_file($_GET['id'], api_get_user_id())) { $allowed_to_download = true; } /* ERROR IF NOT ALLOWED TO DOWNLOAD */ if (!$allowed_to_download) { Display::display_header($nameTools, 'Dropbox'); Display::display_error_message(get_lang('YouAreNotAllowedToDownloadThisFile')); Display::display_footer(); exit; } else { /* DOWNLOAD THE FILE */ // the user is allowed to download the file $_SESSION['_seen'][$_course['id']][TOOL_DROPBOX][] = intval($_GET['id']); $work = new Dropbox_Work($_GET['id']); $path = dropbox_cnf('sysPath') . '/' . $work->filename; //path to file as stored on server if (!Security::check_abs_path($path, dropbox_cnf('sysPath') . '/')) { exit; } $file = $work->title; $mimetype = DocumentManager::file_get_mime_type(true); $fileinfo = pathinfo($file);
function delete_category_form($action) { if (isset($_GET['category_id']) && is_numeric($_GET['category_id'])) { $category_id = Security::remove_XSS($_GET['category_id']); $catobject = new TestCategory($category_id); if ($catobject->removeCategory()) { Display::display_confirmation_message(get_lang('DeleteCategoryDone')); } else { Display::display_error_message(get_lang('CannotDeleteCategoryError')); } } else { Display::display_error_message(get_lang('CannotDeleteCategoryError')); } }
*/ //require_once '../global.inc.php'; $action = $_GET['a']; switch ($action) { case 'send_message': $subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : null; $messageContent = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : null; if (empty($subject) || empty($messageContent)) { echo Display::display_error_message(get_lang('ErrorSendingMessage')); exit; } $result = MessageManager::send_message($_REQUEST['user_id'], $subject, $messageContent); if ($result) { echo Display::display_confirmation_message(get_lang('MessageHasBeenSent')); } else { echo Display::display_error_message(get_lang('ErrorSendingMessage')); } break; case 'send_invitation': $subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : null; $invitationContent = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : null; SocialManager::send_invitation_friend_user($_REQUEST['user_id'], $subject, $invitationContent); break; case 'find_users': if (api_is_anonymous()) { echo ''; break; } $track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE); $tbl_my_user = Database::get_main_table(TABLE_MAIN_USER); $tbl_my_user_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
} // if the warning message is too long then we display the warning message trough a session if (api_strlen($warning_message) > 150) { $_SESSION['session_message_import_skills'] = $warning_message; $warning_message = 'session_message'; } if ($error_kind_file) { $error_message = get_lang('YouMustImportAFileAccordingToSelectedOption'); } else { //header('Location: '.api_get_path(WEB_CODE_PATH).'admin/skills_import.php?action=show_message&warn='.urlencode($warning_message).'&message='.urlencode($see_message_import).'&sec_token='.$tok); //exit; } } Display::display_header($tool_name); if (!empty($error_message)) { Display::display_error_message($error_message); } if (!empty($see_message_import)) { Display::display_normal_message($see_message_import); } $form = new FormValidator('user_import', 'post', 'skills_import.php'); $form->addElement('header', '', $tool_name); $form->addElement('hidden', 'formSent'); $form->addElement('file', 'import_file', get_lang('ImportFileLocation')); $group = array(); $group[] = $form->createElement('radio', 'file_type', '', 'CSV (<a href="skill_example.csv" target="_blank">' . get_lang('ExampleCSVFile') . '</a>)', 'csv'); //$group[] = $form->createElement('radio', 'file_type', null, 'XML (<a href="skill_example.xml" target="_blank">'.get_lang('ExampleXMLFile').'</a>)', 'xml'); $form->addGroup($group, '', get_lang('FileType'), '<br/>'); $form->addElement('style_submit_button', 'submit', get_lang('Import'), 'class="save"'); $defaults['formSent'] = 1; $defaults['sendMail'] = 0;
// Displaying the form for adding or editing the question if (empty($_POST['save_question']) && in_array($_GET['type'], $possible_types)) { if (!isset($_POST['save_question'])) { // Displaying the header Display::display_header($tool_name, 'Survey'); echo $actions; // Displys message if exists if (isset($_SESSION['temp_sys_message'])) { $error_message = $_SESSION['temp_sys_message']; unset($_SESSION['temp_sys_message']); if ($error_message == 'PleaseEnterAQuestion' || $error_message == 'PleasFillAllAnswer'|| $error_message == 'PleaseChooseACondition'|| $error_message == 'ChooseDifferentCategories' ) { Display::display_error_message(get_lang($error_message), true); } } } $ch_type = 'ch_'.$_GET['type']; $form = new $ch_type; // The defaults values for the form $form_content['answers'] = array('', ''); if ($_GET['type'] == 'yesno') { $form_content['answers'][0] = get_lang('Yes'); $form_content['answers'][1] = get_lang('No'); } if ($_GET['type'] == 'personality') {
/** * update the information of a glossary term in the database * * @param array $values an array containing all the form elements * @return boolean True on success, false on failure * @author Christian Fasanando <*****@*****.**> * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @version januari 2009, dokeos 1.8.6 */ public static function update_glossary($values, $message = true) { // Database table definition $t_glossary = Database::get_course_table(TABLE_GLOSSARY); $course_id = api_get_course_int_id(); // check if the glossary term already exists if (GlossaryManager::glossary_exists($values['glossary_title'], $values['glossary_id'])) { // display the feedback message if ($message) { Display::display_error_message(get_lang('GlossaryTermAlreadyExistsYouShouldEditIt')); } return false; } else { $sql = "UPDATE {$t_glossary} SET\n name \t\t= '" . Database::escape_string($values['glossary_title']) . "',\n description\t= '" . Database::escape_string($values['glossary_comment']) . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t c_id = {$course_id} AND\n\t\t\t\t\t glossary_id = " . intval($values['glossary_id']); $result = Database::query($sql); if ($result === false) { return false; } //update glossary into item_property api_item_property_update(api_get_course_info(), TOOL_GLOSSARY, intval($values['glossary_id']), 'GlossaryUpdated', api_get_user_id()); // display the feedback message if ($message) { Display::display_confirmation_message(get_lang('TermUpdated')); } } return true; }
<?php /* For licensing terms, see /license.txt */ /** * View (MVC patter) for editing an attendance * @author Christian Fasanando <*****@*****.**> * @package chamilo.attendance */ // protect a course script api_protect_course_script(true); // error messages if ($error) { Display::display_error_message(get_lang('FormHasErrorsPleaseComplete'), false); } $param_gradebook = ''; if (isset($_SESSION['gradebook'])) { $param_gradebook = '&gradebook=' . Security::remove_XSS($_SESSION['gradebook']); } if (!$error) { $token = Security::get_token(); } $attendance_weight = floatval($attendance_weight); // display form $form = new FormValidator('attendance_edit', 'POST', 'index.php?action=attendance_edit&' . api_get_cidreq() . '&attendance_id=' . $attendance_id . $param_gradebook); $form->addElement('header', '', get_lang('Edit')); $form->addElement('hidden', 'sec_token', $token); $form->addElement('hidden', 'attendance_id', $attendance_id); $form->add_textfield('title', get_lang('Title'), true, array('size' => '50')); $form->applyFilter('title', 'html_filter'); $form->add_html_editor('description', get_lang('Description'), false, false, array('ToolbarSet' => 'TrainingDescription', 'Width' => '100%', 'Height' => '200')); // Adavanced Parameters
invitation_code = '".Database :: escape_string($invitationcode)."'"; $result = Database::query($sql); if (Database::num_rows($result) < 1) { Display :: display_error_message(get_lang('WrongInvitationCode'), false); Display :: display_footer(); exit; } $survey_invitation = Database::fetch_array($result, 'ASSOC'); // Now we check if the user already filled the survey if ( !isset($_POST['finish_survey']) && ($isAnonymous && isset($_SESSION['surveyuser'])) || ($survey_invitation['answered'] == 1 && !isset($_GET['user_id'])) ) { Display :: display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false); Display :: display_footer(); exit; } // Checking if there is another survey with this code. // If this is the case there will be a language choice $sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'"; $result = Database::query($sql); if (Database::num_rows($result) > 1) { if ($_POST['language']) { $survey_invitation['survey_id'] = $_POST['language'];
} $course_code = api_get_course_id(); $interbreadcrumb[] = array('url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?', 'name' => get_lang('Gradebook')); $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('GradebookListOfStudentsCertificates')); $this_section = SECTION_COURSES; Display::display_header(''); if (isset($_GET['action']) && $_GET['action'] == 'delete') { $check = Security::check_token('get'); if ($check) { $certificate = new Certificate($_GET['certificate_id']); $result = $certificate->delete(true); Security::clear_token(); if ($result == true) { Display::display_confirmation_message(get_lang('CertificateRemoved')); } else { Display::display_error_message(get_lang('CertificateNotRemoved')); } } } $token = Security::get_token(); echo Display::page_header(get_lang('GradebookListOfStudentsCertificates')); //@todo replace all this code with something like get_total_weight() $cats = Category::load($cat_id, null, null, null, null, null, false); if (!empty($cats)) { //with this fix the teacher only can view 1 gradebook if (api_is_platform_admin()) { $stud_id = api_is_allowed_to_edit() ? null : api_get_user_id(); } else { $stud_id = api_get_user_id(); } $total_weight = $cats[0]->get_weight();
<a href="<?php echo api_get_self(); ?> ?action=sortmycourses"><?php echo Display::return_icon('back.png', get_lang('Back'), '', '32'); ?> </a> </div> <?php if (!empty($message)) { Display::display_confirmation_message($message, false); } if (!empty($error)) { Display::display_error_message($error, false); } ?> <form name="create_course_category" method="post" action="<?php echo api_get_self(); ?> ?action=createcoursecategory"> <input type="hidden" name="sec_token" value="<?php echo $stok; ?> "> <input type="text" name="title_course_category" /> <button type="submit" class="save" name="create_course_category"><?php echo get_lang('AddCategory'); ?> </button>
} else { $errorDrh = 0; foreach ($courses as $course_code) { foreach ($users as $user_id) { $user = api_get_user_info($user_id); if ($user['status'] != DRH) { CourseManager::subscribe_user($user_id, $course_code); } else { $errorDrh = 1; } } } if ($errorDrh == 0) { Display::display_confirmation_message(get_lang('UsersAreSubscibedToCourse')); } else { Display::display_error_message(get_lang('HumanResourcesManagerShouldNotBeRegisteredToCourses')); } } } } /* Display GUI */ if (empty($first_letter_user)) { $sql = "SELECT count(*) as nb_users FROM {$tbl_user}"; $result = Database::query($sql); $num_row = Database::fetch_array($result); if ($num_row['nb_users'] > 1000) { //if there are too much users to gracefully handle with the HTML select list, // assign a default filter on users names $first_letter_user = '******'; } unset($result);
// Database Table Definitions $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_user = Database::get_main_table(TABLE_MAIN_USER); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_track_exercice = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES); /* MAIN CODE */ $sql_course = "SELECT title, code, id FROM {$tbl_course} as course ORDER BY title ASC"; $result_course = Database::query($sql_course); if (Database::num_rows($result_course) > 0) { if (isset($_POST['export'])) { $export_result = export_csv($header, $data, 'test.csv'); // TODO: There is no data for exporting yet. Display::display_error_message($export_result); } echo '<table class="data_table"><tr><th>' . get_lang('Course') . '</th><th>' . get_lang('TempsFrequentation') . '</th><th>' . get_lang('Progression') . '</th><th>' . get_lang('MoyenneTest') . '</th></tr>'; $header = array(get_lang('Course', ''), get_lang('TempsFrequentation', ''), get_lang('Progression', ''), get_lang('MoyenneTest', '')); while ($a_course = Database::fetch_array($result_course)) { // TODO: This query is to be checked, there are no HotPotatoes tests results. $sql_moy_test = "SELECT exe_result,exe_weighting\n\t\t\tFROM {$tbl_track_exercice}\n\t\t\tWHERE c_id = " . $a_course['id']; $result_moy_test = Database::query($sql_moy_test); $result = 0; $weighting = 0; while ($moy_test = Database::fetch_array($result_moy_test)) { $result = $result + $moy_test['exe_result']; $weighting = $weighting + $moy_test['exe_weighting']; } if ($weighting != 0) { $moyenne_test = round($result * 100 / $weighting);
function manage_form($default, $select_from_user_list = null, $sent_to = null) { $group_id = isset($_REQUEST['group_id']) ? intval($_REQUEST['group_id']) : null; $message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null; $param_f = isset($_GET['f']) && $_GET['f'] == 'social' ? 'social' : null; $form = new FormValidator('compose_message', null, api_get_self() . '?f=' . $param_f, null, array('enctype' => 'multipart/form-data')); if (empty($group_id)) { if (isset($select_from_user_list)) { $form->addText('id_text_name', get_lang('SendMessageTo'), true, array('id' => 'id_text_name', 'onkeyup' => 'send_request_and_search()', 'autocomplete' => 'off')); $form->addRule('id_text_name', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('html', '<div id="id_div_search" style="padding:0px" class="message-select-box" > </div>'); $form->addElement('hidden', 'user_list', 0, array('id' => 'user_list')); } else { if (!empty($sent_to)) { $form->addLabel(get_lang('SendMessageTo'), $sent_to); } if (empty($default['users'])) { //fb select $form->addElement('select_ajax', 'users', get_lang('SendMessageTo'), array(), ['multiple' => 'multiple', 'url' => api_get_path(WEB_AJAX_PATH) . 'message.ajax.php?a=find_users']); } else { $form->addElement('hidden', 'hidden_user', $default['users'][0], array('id' => 'hidden_user')); } } } else { $userGroup = new UserGroup(); $group_info = $userGroup->get($group_id); $form->addElement('label', get_lang('ToGroup'), api_xml_http_response_encode($group_info['name'])); $form->addElement('hidden', 'group_id', $group_id); $form->addElement('hidden', 'parent_id', $message_id); } $form->addText('title', get_lang('Subject'), true); $form->addHtmlEditor('content', get_lang('Message'), false, false, array('ToolbarSet' => 'Messages', 'Width' => '100%', 'Height' => '250')); if (isset($_GET['re_id'])) { $message_reply_info = MessageManager::get_message_by_id($_GET['re_id']); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_reply_info['title']; $form->addElement('hidden', 're_id', intval($_GET['re_id'])); $form->addElement('hidden', 'save_form', 'save_form'); //adding reply mail $user_reply_info = api_get_user_info($message_reply_info['user_sender_id']); $default['content'] = '<p><br/></p>' . sprintf(get_lang('XWroteY'), $user_reply_info['complete_name'], Security::filter_terms($message_reply_info['content'])); } if (empty($group_id)) { $form->addElement('label', '', '<div id="filepaths" class="form-group"> <div id="filepath_1"> <label>' . get_lang('FilesAttachment') . '</label> <input type="file" name="attach_1"/> <label>' . get_lang('Description') . '</label> <input id="file-descrtiption" type="text" name="legend[]" class="form-control"/> </div> </div>'); $form->addElement('label', '', '<span id="link-more-attach"><a href="javascript://" onclick="return add_image_form()">' . get_lang('AddOneMoreFile') . '</a></span> (' . sprintf(get_lang('MaximunFileSizeX'), format_file_size(api_get_setting('message.message_max_upload_filesize'))) . ')'); } $form->addButtonSend(get_lang('SendMessage'), 'compose'); $form->setRequiredNote('<span class="form_required">*</span> <small>' . get_lang('ThisFieldIsRequired') . '</small>'); if (!empty($group_id) && !empty($message_id)) { $message_info = MessageManager::get_message_by_id($message_id); $default['title'] = get_lang('MailSubjectReplyShort') . " " . $message_info['title']; } $form->setDefaults($default); $html = ''; if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $user_list = $default['users']; $file_comments = $_POST['legend']; $title = $default['title']; $content = $default['content']; $group_id = isset($default['group_id']) ? $default['group_id'] : null; $parent_id = isset($default['parent_id']) ? $default['parent_id'] : null; if (is_array($user_list) && count($user_list) > 0) { //all is well, send the message foreach ($user_list as $user) { $res = MessageManager::send_message($user, $title, $content, $_FILES, $file_comments, $group_id, $parent_id); if ($res) { $html .= MessageManager::display_success_message($user); } } } else { Display::display_error_message('ErrorSendingMessage'); } } Security::clear_token(); } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $html .= $form->returnForm(); } return $html; }
/** * Used to add a link or a category * @param string $type , "link" or "category" * @todo replace strings by constants * @author Patrick Cool <*****@*****.**>, Ghent University * @return bool True on success, false on failure */ public static function addlinkcategory($type) { global $catlinkstatus; global $msgErr; $ok = true; $_course = api_get_course_info(); $course_id = $_course['real_id']; $session_id = api_get_session_id(); if ($type == 'link') { $tbl_link = Database::get_course_table(TABLE_LINK); $title = Security::remove_XSS(stripslashes($_POST['title'])); $urllink = Security::remove_XSS($_POST['url']); $description = Security::remove_XSS($_POST['description']); $selectcategory = Security::remove_XSS($_POST['category_id']); if (!isset($_POST['on_homepage'])) { $onhomepage = 0; } else { $onhomepage = Security::remove_XSS($_POST['on_homepage']); } if (empty($_POST['target'])) { $target = '_self'; // Default target. } else { $target = Security::remove_XSS($_POST['target']); } $urllink = trim($urllink); $title = trim($title); $description = trim($description); // We ensure URL to be absolute. if (strpos($urllink, '://') === false) { $urllink = 'http://' . $urllink; } // If the title is empty, we use the URL as title. if ($title == '') { $title = $urllink; } // If the URL is invalid, an error occurs. if (!api_valid_url($urllink, true)) { // A check against an absolute URL Display::addFlash(Display::return_message(get_lang('GiveURL'), 'error')); return false; } else { // Looking for the largest order number for this category. $link = new Link(); $params = ['c_id' => $course_id, 'url' => $urllink, 'title' => $title, 'description' => $description, 'category_id' => $selectcategory, 'on_homepage' => $onhomepage, 'target' => $target, 'session_id' => $session_id]; $link_id = $link->save($params); $catlinkstatus = get_lang('LinkAdded'); if (api_get_setting('search_enabled') == 'true' && $link_id && extension_loaded('xapian')) { require_once api_get_path(LIBRARY_PATH) . 'search/ChamiloIndexer.class.php'; require_once api_get_path(LIBRARY_PATH) . 'search/IndexableChunk.class.php'; require_once api_get_path(LIBRARY_PATH) . 'specific_fields_manager.lib.php'; $course_int_id = $_course['real_id']; $courseCode = $_course['code']; $specific_fields = get_specific_field_list(); $ic_slide = new IndexableChunk(); // Add all terms to db. $all_specific_terms = ''; foreach ($specific_fields as $specific_field) { if (isset($_REQUEST[$specific_field['code']])) { $sterms = trim($_REQUEST[$specific_field['code']]); if (!empty($sterms)) { $all_specific_terms .= ' ' . $sterms; $sterms = explode(',', $sterms); foreach ($sterms as $sterm) { $ic_slide->addTerm(trim($sterm), $specific_field['code']); add_specific_field_value($specific_field['id'], $courseCode, TOOL_LINK, $link_id, $sterm); } } } } // Build the chunk to index. $ic_slide->addValue('title', $title); $ic_slide->addCourseId($courseCode); $ic_slide->addToolId(TOOL_LINK); $xapian_data = array(SE_COURSE_ID => $courseCode, SE_TOOL_ID => TOOL_LINK, SE_DATA => array('link_id' => (int) $link_id), SE_USER => (int) api_get_user_id()); $ic_slide->xapian_data = serialize($xapian_data); $description = $all_specific_terms . ' ' . $description; $ic_slide->addValue('content', $description); // Add category name if set. if (isset($selectcategory) && $selectcategory > 0) { $table_link_category = Database::get_course_table(TABLE_LINK_CATEGORY); $sql_cat = 'SELECT * FROM %s WHERE id=%d AND c_id = %d LIMIT 1'; $sql_cat = sprintf($sql_cat, $table_link_category, (int) $selectcategory, $course_int_id); $result = Database::query($sql_cat); if (Database::num_rows($result) == 1) { $row = Database::fetch_array($result); $ic_slide->addValue('category', $row['category_title']); } } $di = new ChamiloIndexer(); isset($_POST['language']) ? $lang = Database::escape_string($_POST['language']) : ($lang = 'english'); $di->connectDb(null, null, $lang); $di->addChunk($ic_slide); // Index and return search engine document id. $did = $di->index(); if ($did) { // Save it to db. $tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF); $sql = 'INSERT INTO %s (c_id, id, course_code, tool_id, ref_id_high_level, search_did) VALUES (NULL , \'%s\', \'%s\', %s, %s)'; $sql = sprintf($sql, $tbl_se_ref, $course_int_id, $courseCode, TOOL_LINK, $link_id, $did); Database::query($sql); } } Display::addFlash(Display::return_message(get_lang('LinkAdded'))); } } elseif ($type == 'category') { $tbl_categories = Database::get_course_table(TABLE_LINK_CATEGORY); $category_title = trim($_POST['category_title']); $description = trim($_POST['description']); if (empty($category_title)) { $msgErr = get_lang('GiveCategoryName'); Display::display_error_message(get_lang('GiveCategoryName')); $ok = false; } else { // Looking for the largest order number for this category. $result = Database::query("SELECT MAX(display_order) FROM {$tbl_categories}\n WHERE c_id = {$course_id} "); list($orderMax) = Database::fetch_row($result); $order = $orderMax + 1; $order = intval($order); $session_id = api_get_session_id(); $params = ['c_id' => $course_id, 'category_title' => $category_title, 'description' => $description, 'display_order' => $order, 'session_id' => $session_id]; $linkId = Database::insert($tbl_categories, $params); if ($linkId) { // iid $sql = "UPDATE {$tbl_categories} SET id = iid WHERE iid = {$linkId}"; Database::query($sql); // add link_category visibility // course ID is taken from context in api_set_default_visibility api_set_default_visibility($linkId, TOOL_LINK_CATEGORY); } Display::addFlash(Display::return_message(get_lang('CategoryAdded'))); } } return $ok; }