$cats = Category::load($category); $stud_id = api_is_allowed_to_edit() ? null : api_get_user_id(); $allcat = $cats[0]->get_subcategories($stud_id); $alleval = $cats[0]->get_evaluations($stud_id); $alllink = $cats[0]->get_links($stud_id); } $addparams = array('selectcat' => $cats[0]->get_id()); if (isset($_GET['search'])) { $addparams['search'] = $keyword; } if (isset($_GET['studentoverview'])) { $addparams['studentoverview'] = ''; } if (isset($allcat_info) && count($allcat_info) >= 0 && (isset($_GET['selectcat']) && $_GET['selectcat'] == 0) && isset($_GET['search']) && strlen(trim($_GET['search'])) > 0) { $allcat = $allcat_info; } else { $allcat = $allcat; } $gradebooktable = new GradebookTable($cats[0], $allcat, $alleval, $alllink, $addparams); if (empty($allcat) && empty($alleval) && empty($alllink) && !$is_platform_admin && $is_course_admin && !isset($_GET['selectcat']) && api_is_course_tutor()) { Display::display_normal_message(get_lang('GradebookWelcomeMessage') . '<br /><br /><form name="createcat" method="post" action="' . api_get_self() . '?createallcategories=1"><input type="submit" value="' . get_lang('CreateAllCat') . '"></form>', false); } // Here we are in a sub category if ($category != '0') { DisplayGradebook::header($cats[0], 1, $_GET['selectcat'], $is_course_admin, $is_platform_admin, $simple_search_form); } else { // This is the root category DisplayGradebook::header($cats[0], count($allcat) == '0' && !isset($_GET['search']) ? 0 : 1, 0, $is_course_admin, $is_platform_admin, $simple_search_form); } $gradebooktable->display(); Display::display_footer();
$session_id = intval($_REQUEST['id_session']); if ($from == 'myspace') { $from_myspace = true; $this_section = "session_my_space"; } else { $this_section = SECTION_COURSES; } // Access restrictions. $is_allowedToTrack = api_is_platform_admin() || api_is_allowed_to_create_course() || api_is_session_admin() || api_is_drh() || api_is_course_tutor() || api_is_course_admin(); if (!$is_allowedToTrack) { api_not_allowed(true); exit; } // If the user is a HR director (drh) if (api_is_drh()) { // Blocking course for drh if (api_drh_can_access_all_session_content()) { // If the drh has been configured to be allowed to see all session content, give him access to the session courses $coursesFromSession = SessionManager::getAllCoursesFollowedByUser(api_get_user_id(), null); if (!empty($coursesFromSession)) { $coursesFromSession = array_keys($coursesFromSession);
Database::query($sql); if ($origin == 'tracking_course') { //Redirect to the course detail in lp header('location: exercise.php?course=' . Security::remove_XSS($_GET['course'])); exit; } else { //Redirect to the reporting header('location: ../mySpace/myStudents.php?origin=' . $origin . '&student=' . $student_id . '&details=true&course=' . $course_id . '&session_id=' . $session_id); exit; } } } $actions = null; if ($is_allowedToEdit && $origin != 'learnpath') { // the form if (api_is_platform_admin() || api_is_course_admin() || api_is_course_tutor() || api_is_course_coach()) { $actions .= '<a href="admin.php?exerciseId=' . intval($_GET['exerciseId']) . '">' . Display::return_icon('back.png', get_lang('GoBackToQuestionList'), '', ICON_SIZE_MEDIUM) . '</a>'; $actions .= '<a href="live_stats.php?' . api_get_cidreq() . '&exerciseId=' . $exercise_id . '">' . Display::return_icon('activity_monitor.png', get_lang('LiveResults'), '', ICON_SIZE_MEDIUM) . '</a>'; $actions .= '<a href="stats.php?' . api_get_cidreq() . '&exerciseId=' . $exercise_id . '">' . Display::return_icon('statistics.png', get_lang('ReportByQuestion'), '', ICON_SIZE_MEDIUM) . '</a>'; $actions .= '<a id="export_opener" href="' . api_get_self() . '?export_report=1&exerciseId=' . intval($_GET['exerciseId']) . '" >' . Display::return_icon('save.png', get_lang('Export'), '', ICON_SIZE_MEDIUM) . '</a>'; // clean result before a selected date icon $actions .= Display::url(Display::return_icon('clean_before_date.png', get_lang('CleanStudentsResultsBeforeDate'), '', ICON_SIZE_MEDIUM), '#', array('onclick' => "javascript:display_date_picker()")); // clean result before a selected date datepicker popup $actions .= Display::span(Display::input('input', 'datepicker_start', get_lang('SelectADateOnTheCalendar'), array('onmouseover' => 'datepicker_input_mouseover()', 'id' => 'datepicker_start', 'onchange' => 'datepicker_input_changed()', 'readonly' => 'readonly')) . Display::button('delete', get_lang('Delete'), array('onclick' => 'submit_datepicker()')), array('style' => 'display:none', 'id' => 'datepicker_span')); } } else { $actions .= '<a href="exercise.php">' . Display::return_icon('back.png', get_lang('GoBackToQuestionList'), '', ICON_SIZE_MEDIUM) . '</a>'; } //Deleting an attempt if (($is_allowedToEdit || $is_tutor || api_is_coach()) && isset($_GET['delete']) && $_GET['delete'] == 'delete' && !empty($_GET['did']) && $locked == false) { $exe_id = intval($_GET['did']);
} else { Display::display_header(get_lang('ExportPDF')); } } if (isset($_GET['print'])) { $printable_data = GradebookUtils::get_printable_data($cat[0], $users, $alleval, $alllinks, $params, $mainCourseCategory[0]); echo print_table($printable_data[1], $printable_data[0], get_lang('FlatView'), $cat[0]->get_name()); exit; } if (!empty($_GET['export_report']) && $_GET['export_report'] == 'export_report') { if (api_is_platform_admin() || api_is_course_admin() || api_is_course_coach() || $isDrhOfCourse) { $user_id = null; if (empty($_SESSION['export_user_fields'])) { $_SESSION['export_user_fields'] = false; } if (!api_is_allowed_to_edit(false, false) and !api_is_course_tutor()) { $user_id = api_get_user_id(); } $printable_data = GradebookUtils::get_printable_data($cat[0], $users, $alleval, $alllinks, $params, $mainCourseCategory[0]); switch ($_GET['export_format']) { case 'xls': $export = new GradeBookResult(); $export->exportCompleteReportXLS($printable_data); break; case 'doc': $export = new GradeBookResult(); $export->exportCompleteReportDOC($printable_data); exit; break; case 'csv': default:
*/ $pathopen = isset($_REQUEST['pathopen']) ? $_REQUEST['pathopen'] : null; // Including the global initialization file require_once '../inc/global.inc.php'; $current_course_tool = TOOL_TRACKING; $course_info = api_get_course_info(); $from_myspace = false; $from = isset($_GET['from']) ? $_GET['from'] : null; if ($from == 'myspace') { $from_myspace = true; $this_section = "session_my_space"; } else { $this_section = SECTION_COURSES; } // Access restrictions. $is_allowedToTrack = api_is_platform_admin() || api_is_allowed_to_create_course() || api_is_session_admin() || api_is_drh() || api_is_course_tutor(); if (!$is_allowedToTrack) { api_not_allowed(); exit; } // Including additional libraries. require_once api_get_path(SYS_CODE_PATH) . 'resourcelinker/resourcelinker.inc.php'; // Starting the output buffering when we are exporting the information. $export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false; $session_id = intval($_REQUEST['id_session']); if ($export_csv) { ob_start(); } if (empty($session_id)) { $session_id = api_get_session_id(); }
/** * This function displays the form that is used to add a post. This can be a new thread or a reply. * @param array $current_forum * @param array $forum_setting * @param string $action is the parameter that determines if we are * 1. newthread: adding a new thread (both empty) => No I-frame * 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled) * 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only) * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here) * @return void HMTL * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function show_add_post_form($current_forum, $forum_setting, $action = '', $id = '', $form_values = '') { $_user = api_get_user_info(); $action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : null; // Initialize the object. $myThread = isset($_GET['thread']) ? $_GET['thread'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_post = isset($_GET['post']) ? $_GET['post'] : ''; $my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $form = new FormValidator('thread', 'post', api_get_self() . '?' . http_build_query(['forum' => intval($my_forum), 'gradebook' => $my_gradebook, 'thread' => intval($myThread), 'post' => intval($my_post), 'action' => $action]) . '&' . api_get_cidreq()); $form->setConstants(array('forum' => '5')); // Setting the form elements. $form->addElement('hidden', 'forum_id', intval($my_forum)); $form->addElement('hidden', 'thread_id', intval($myThread)); $form->addElement('hidden', 'gradebook', $my_gradebook); // If anonymous posts are allowed we also display a form to allow the user to put his name or username in. if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addElement('text', 'poster_name', get_lang('Name')); $form->applyFilter('poster_name', 'html_filter'); } $form->addElement('text', 'post_title', get_lang('Title')); $form->addHtmlEditor('post_text', get_lang('Text'), true, null, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student')); $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required'); $iframe = null; $myThread = Security::remove_XSS($myThread); if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread' && !empty($myThread)) { $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?" . api_get_cidreq() . "&forum=" . Security::remove_XSS($my_forum) . "&thread=" . $myThread . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>"; } if (!empty($iframe)) { $form->addElement('label', get_lang('Thread'), $iframe); } $form->addElement('advanced_settings', 'advanced_params', get_lang('AdvancedParameters')); $form->addElement('html', '<div id="advanced_params_options" style="display:none">'); if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$myThread) { // Thread qualify if (Gradebook::is_active()) { //Loading gradebook select GradebookUtils::load_gradebook_select_in_tool($form); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"'); } else { $form->addElement('hidden', 'thread_qualify_gradebook', false); } $form->addElement('html', '<div id="options_field" style="display:none">'); $form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric')); $form->applyFilter('numeric_calification', 'html_filter'); $form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook')); $form->applyFilter('calification_notebook_title', 'html_filter'); $form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), array('value' => '0.00', 'onfocus' => "javascript: this.select();")); $form->applyFilter('weight_calification', 'html_filter'); $group = array(); $group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('Yes'), 1); $group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('No'), 0); $form->addGroup($group, '', [get_lang('ForumThreadPeerScoring'), get_lang('ForumThreadPeerScoringComment')], ' '); $form->addElement('html', '</div>'); } if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) { $form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')'); } if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') { $form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost')); } if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) { $values = $form->exportValues(); } $form->addElement('html', '</div>'); if (in_array($action, ['quote', 'replymessage'])) { $form->addFile('user_upload[]', get_lang('Attachment')); $form->addButton('add_attachment', get_lang('AddAttachment'), 'paperclip', 'default', 'default', null, ['id' => 'reply-add-attachment']); } else { $form->addFile('user_upload', get_lang('Attachment')); } // Setting the class and text of the form title and submit button. if ($action == 'quote') { $form->addButtonCreate(get_lang('QuoteMessage'), 'SubmitPost'); } elseif ($action == 'replythread') { $form->addButtonCreate(get_lang('ReplyToThread'), 'SubmitPost'); } elseif ($action == 'replymessage') { $form->addButtonCreate(get_lang('ReplyToMessage'), 'SubmitPost'); } else { $form->addButtonCreate(get_lang('CreateThread'), 'SubmitPost'); } if (!empty($form_values)) { $defaults['post_title'] = prepare4display($form_values['post_title']); $defaults['post_text'] = prepare4display($form_values['post_text']); $defaults['post_notification'] = strval(intval($form_values['post_notification'])); $defaults['thread_sticky'] = strval(intval($form_values['thread_sticky'])); $defaults['thread_peer_qualify'] = intval($form_values['thread_peer_qualify']); } else { $defaults['thread_peer_qualify'] = 0; } // If we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea. if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) { // We also need to put the parent_id of the post in a hidden form when // we are quoting or replying to a message (<> reply to a thread !!!) $form->addElement('hidden', 'post_parent_id', intval($my_post)); // If we are replying or are quoting then we display a default title. $values = get_post_information($my_post); $defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES); // When we are quoting a message then we have to put that message into the wysiwyg editor. // Note: The style has to be hardcoded here because using class="quote" didn't work. if ($action == 'quote') { $defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>'; } } $form->setDefaults(isset($defaults) ? $defaults : null); // The course admin can make a thread sticky (=appears with special icon and always on top). $form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required'); if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required'); } // Validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); if (isset($values['thread_qualify_gradebook']) && $values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) { Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.history.go(-1);">' . get_lang('Back') . '</a>', false); return false; } Security::clear_token(); return $values; } } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); // Delete from $_SESSION forum attachment from other posts // and keep only attachments for new post clearAttachedFiles(FORUM_NEW_POST); // Get forum attachment ajax table to add it to form $attachmentAjaxTable = getAttachmentsAjaxTable(0, $current_forum['forum_id']); $ajaxHtml = $attachmentAjaxTable; $form->addElement('html', $ajaxHtml); $form->display(); } }
folders download file / folder (download icon) same action on multiple documents extended feedback * @package chamilo.dropbox */ /** * Code */ /* INIT SECTION */ use ChamiloSession as Session; $language_file = array('dropbox', 'document'); // including the basic Chamilo initialisation file require_once '../inc/global.inc.php'; $is_allowed_in_course = api_is_allowed_in_course(); $is_courseTutor = api_is_course_tutor(); $is_courseAdmin = api_is_course_admin(); $current_course_tool = TOOL_DROPBOX; // the dropbox configuration parameters $dropbox_cnf = (require_once 'dropbox_config.inc.php'); Session::write('dropbox_conf', $dropbox_cnf); // the dropbox file that contains additional functions require_once 'dropbox_functions.inc.php'; require_once api_get_path(LIBRARY_PATH) . 'mail.lib.inc.php'; require_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php'; // protecting the script api_protect_course_script(); /* Libraries */ // including the library for the dropbox require_once 'dropbox_class.inc.php'; // including some libraries that are also used in the documents tool
/** * Gets the tools of a certain category. Returns an array expected * by show_tools_category() * @param string $course_tool_category contains the category of tools to * display: "toolauthoring", "toolinteraction", "tooladmin", "tooladminplatform", "toolplugin" * @return array */ public static function get_tools_category($course_tool_category) { $course_tool_table = Database::get_course_table(TABLE_TOOL_LIST); $is_platform_admin = api_is_platform_admin(); $all_tools_list = array(); // Condition for the session $session_id = api_get_session_id(); $course_id = api_get_course_int_id(); $condition_session = api_get_session_condition($session_id, true, true, 't.session_id'); switch ($course_tool_category) { case TOOL_STUDENT_VIEW: $conditions = ' WHERE visibility = 1 AND (category = "authoring" OR category = "interaction" OR category = "plugin") '; if ((api_is_coach() || api_is_course_tutor()) && $_SESSION['studentview'] != 'studentview') { $conditions = ' WHERE (visibility = 1 AND (category = "authoring" OR category = "interaction" OR category = "plugin") OR (name = "' . TOOL_TRACKING . '") ) '; } $sql = "SELECT *\n FROM {$course_tool_table} t\n {$conditions} AND\n c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; case TOOL_AUTHORING: $sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'authoring' AND c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; case TOOL_INTERACTION: $sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'interaction' AND c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; case TOOL_ADMIN_VISIBLE: $sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'admin' AND visibility ='1' AND c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; case TOOL_ADMIN_PLATFORM: $sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'admin' AND c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; case TOOL_DRH: $sql = "SELECT * FROM {$course_tool_table} t\n WHERE name IN ('tracking') AND c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; case TOOL_COURSE_PLUGIN: //Other queries recover id, name, link, image, visibility, admin, address, added_tool, target, category and session_id // but plugins are not present in the tool table, only globally and inside the course_settings table once configured $sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'plugin' AND c_id = {$course_id} {$condition_session}\n ORDER BY id"; $result = Database::query($sql); break; } //Get the list of hidden tools - this might imply performance slowdowns // if the course homepage is loaded many times, so the list of hidden // tools might benefit from a shared memory storage later on $list = api_get_settings('Tools', 'list', api_get_current_access_url_id()); $hide_list = array(); $check = false; foreach ($list as $line) { // Admin can see all tools even if the course_hide_tools configuration is set if ($is_platform_admin) { continue; } if ($line['variable'] == 'course_hide_tools' and $line['selected_value'] == 'true') { $hide_list[] = $line['subkey']; $check = true; } } while ($temp_row = Database::fetch_assoc($result)) { $add = false; if ($check) { if (!in_array($temp_row['name'], $hide_list)) { $add = true; } } else { $add = true; } if ($temp_row['image'] == 'scormbuilder.gif') { $lp_id = self::get_published_lp_id_from_link($temp_row['link']); $lp = new learnpath(api_get_course_id(), $lp_id, api_get_user_id()); $path = $lp->get_preview_image_path(ICON_SIZE_BIG); $add = $lp->is_lp_visible_for_student($lp_id, api_get_user_id(), api_get_course_id(), api_get_session_id()); if ($path) { $temp_row['custom_image'] = $path; } } if ($add) { $all_tools_list[] = $temp_row; } } // Grabbing all the links that have the property on_homepage set to 1 $course_link_table = Database::get_course_table(TABLE_LINK); $course_item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY); $condition_session = api_get_session_condition($session_id, true, true, 'tip.session_id'); switch ($course_tool_category) { case TOOL_AUTHORING: $sql_links = "SELECT tl.*, tip.visibility\n FROM {$course_link_table} tl\n LEFT JOIN {$course_item_property_table} tip\n ON tip.tool='link' AND tip.ref=tl.id\n WHERE\n tl.c_id = {$course_id} AND\n tip.c_id = {$course_id} AND\n tl.on_homepage='1' {$condition_session}"; break; case TOOL_INTERACTION: $sql_links = null; /* $sql_links = "SELECT tl.*, tip.visibility FROM $course_link_table tl LEFT JOIN $course_item_property_table tip ON tip.tool='link' AND tip.ref=tl.id WHERE tl.on_homepage='1' "; */ break; case TOOL_STUDENT_VIEW: $sql_links = "SELECT tl.*, tip.visibility\n FROM {$course_link_table} tl\n LEFT JOIN {$course_item_property_table} tip\n ON tip.tool='link' AND tip.ref=tl.id\n WHERE\n tl.c_id \t\t= {$course_id} AND\n tip.c_id \t\t= {$course_id} AND\n tl.on_homepage\t='1' {$condition_session}"; break; case TOOL_ADMIN: $sql_links = "SELECT tl.*, tip.visibility\n FROM {$course_link_table} tl\n LEFT JOIN {$course_item_property_table} tip\n ON tip.tool='link' AND tip.ref=tl.id\n WHERE\n tl.c_id = {$course_id} AND\n tip.c_id = {$course_id} AND\n tl.on_homepage='1' {$condition_session}"; break; default: $sql_links = null; break; } // Edited by Kevin Van Den Haute (kevin@develop-it.be) for integrating Smartblogs if ($sql_links != null) { $result_links = Database::query($sql_links); if (Database::num_rows($result_links) > 0) { while ($links_row = Database::fetch_array($result_links, 'ASSOC')) { $properties = array(); $properties['name'] = $links_row['title']; $properties['session_id'] = $links_row['session_id']; $properties['link'] = $links_row['url']; $properties['visibility'] = $links_row['visibility']; $properties['image'] = $links_row['visibility'] == '0' ? 'file_html.png' : 'file_html.png'; $properties['adminlink'] = api_get_path(WEB_CODE_PATH) . 'link/link.php?action=editlink&id=' . $links_row['id']; $properties['target'] = $links_row['target']; $tmp_all_tools_list[] = $properties; } } } if (isset($tmp_all_tools_list)) { foreach ($tmp_all_tools_list as $tool) { if ($tool['image'] == 'blog.gif') { // Init $tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER); // Get blog id $blog_id = substr($tool['link'], strrpos($tool['link'], '=') + 1, strlen($tool['link'])); // Get blog members if ($is_platform_admin) { $sql_blogs = "SELECT * FROM {$tbl_blogs_rel_user} blogs_rel_user\n WHERE blog_id =" . $blog_id; } else { $sql_blogs = "SELECT * FROM {$tbl_blogs_rel_user} blogs_rel_user\n WHERE blog_id =" . $blog_id . " AND user_id = " . api_get_user_id(); } $result_blogs = Database::query($sql_blogs); if (Database::num_rows($result_blogs) > 0) { $all_tools_list[] = $tool; } } else { $all_tools_list[] = $tool; } } } return $all_tools_list; }
/** * Function that removes the need to directly use is_courseAdmin global in * tool scripts. It returns true or false depending on the user's rights in * this particular course. * Optionally checking for tutor and coach roles here allows us to use the * student_view feature altogether with these roles as well. * @param bool Whether to check if the user has the tutor role * @param bool Whether to check if the user has the coach role * @param bool Whether to check if the user has the session coach role * @param bool check the student view or not * * @author Roan Embrechts * @author Patrick Cool * @author Julio Montoya * @version 1.1, February 2004 * @return boolean, true: the user has the rights to edit, false: he does not */ function api_is_allowed_to_edit($tutor = false, $coach = false, $session_coach = false, $check_student_view = true) { $my_session_id = api_get_session_id(); $is_allowed_coach_to_edit = api_is_coach(null, null, $check_student_view); $session_visibility = api_get_session_visibility($my_session_id); $studentView = Session::read('studentview'); // Admins can edit anything. if (api_is_platform_admin(false)) { //The student preview was on if ($check_student_view && $studentView == "studentview") { return false; } else { return true; } } $is_courseAdmin = api_is_course_admin(); if (!$is_courseAdmin && $tutor) { // If we also want to check if the user is a tutor... $is_courseAdmin = $is_courseAdmin || api_is_course_tutor(); } if (!$is_courseAdmin && $coach) { // If we also want to check if the user is a coach...'; // Check if session visibility is read only for coaches. if ($session_visibility == SESSION_VISIBLE_READ_ONLY) { $is_allowed_coach_to_edit = false; } if (api_get_setting('session.allow_coach_to_edit_course_session') == 'true') { // Check if coach is allowed to edit a course. $is_courseAdmin = $is_courseAdmin || $is_allowed_coach_to_edit; } else { $is_courseAdmin = $is_courseAdmin; } } if (!$is_courseAdmin && $session_coach) { $is_courseAdmin = $is_courseAdmin || $is_allowed_coach_to_edit; } // Check if the student_view is enabled, and if so, if it is activated. if (api_get_setting('course.student_view_enabled') == 'true') { if (!empty($my_session_id)) { // Check if session visibility is read only for coaches. if ($session_visibility == SESSION_VISIBLE_READ_ONLY) { $is_allowed_coach_to_edit = false; } if (api_get_setting('session.allow_coach_to_edit_course_session') == 'true') { // Check if coach is allowed to edit a course. $is_allowed = $is_allowed_coach_to_edit; } else { $is_allowed = false; } if ($check_student_view) { $is_allowed = $is_allowed && $studentView != 'studentview'; } } else { if ($check_student_view) { $is_allowed = $is_courseAdmin && $studentView != 'studentview'; } else { $is_allowed = $is_courseAdmin; } } return $is_allowed; } else { return $is_courseAdmin; } }
/** * @return array|null|string */ function store_add_dropbox() { $_course = api_get_course_info(); $_user = api_get_user_info(); $dropbox_cnf = getDropboxConf(); // Validating the form data // there are no recipients selected if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) { return get_lang('YouMustSelectAtLeastOneDestinee'); } else { // Check if all the recipients are valid $thisIsAMailing = false; $thisIsJustUpload = false; foreach ($_POST['recipients'] as $rec) { if ($rec == 'mailing') { $thisIsAMailing = true; } elseif ($rec == 'upload') { $thisIsJustUpload = true; } elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) { return get_lang('InvalideUserDetected'); } elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) { return get_lang('InvalideGroupDetected'); } } } // we are doing a mailing but an additional recipient is selected if ($thisIsAMailing && count($_POST['recipients']) != 1) { return get_lang('MailingSelectNoOther'); } // we are doing a just upload but an additional recipient is selected. // note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails) if ($thisIsJustUpload && count($_POST['recipients']) != 1) { return get_lang('MailingJustUploadSelectNoOther'); } if (empty($_FILES['file']['name'])) { $error = true; return get_lang('NoFileSpecified'); } // are we overwriting a previous file or sending a new one $dropbox_overwrite = false; if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) { $dropbox_overwrite = true; } // doing the upload $dropbox_filename = $_FILES['file']['name']; $dropbox_filesize = $_FILES['file']['size']; $dropbox_filetype = $_FILES['file']['type']; $dropbox_filetmpname = $_FILES['file']['tmp_name']; // check if the filesize does not exceed the allowed size. if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) { return get_lang('DropboxFileTooBig'); // TODO: The "too big" message does not fit in the case of uploading zero-sized file. } // check if the file is actually uploaded if (!is_uploaded_file($dropbox_filetmpname)) { // check user fraud : no clean error msg. return get_lang('TheFileIsNotUploaded'); } $upload_ok = process_uploaded_file($_FILES['file'], true); if (!$upload_ok) { return null; } // Try to add an extension to the file if it hasn't got one $dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype); // Replace dangerous characters $dropbox_filename = replace_dangerous_char($dropbox_filename); // Transform any .php file in .phps fo security $dropbox_filename = php2phps($dropbox_filename); //filter extension if (!filter_extension($dropbox_filename)) { return get_lang('UplUnableToSaveFileFilteredExtension'); } // set title $dropbox_title = $dropbox_filename; // set author if (!isset($_POST['authors'])) { $_POST['authors'] = getUserNameFromId($_user['user_id']); } // note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload if ($dropbox_overwrite) { $dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor()); foreach ($dropbox_person->sentWork as $w) { if ($w->title == $dropbox_filename) { if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) { return get_lang('MailingNonMailingError'); } if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) { return get_lang('MailingJustUploadSelectNoOther'); } $dropbox_filename = $w->filename; $found = true; // note: do we still need this? break; } } } else { // rename file to login_filename_uniqueId format $dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid(''); } // creating the array that contains all the users who will receive the file $new_work_recipients = array(); foreach ($_POST['recipients'] as $rec) { if (strpos($rec, 'user_') === 0) { $new_work_recipients[] = substr($rec, strlen('user_')); } elseif (strpos($rec, 'group_') === 0) { $userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_'))); foreach ($userList as $usr) { if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) { $new_work_recipients[] = $usr['user_id']; } } } } @move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename); $b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox'); if ($b_send_mail) { foreach ($new_work_recipients as $recipient_id) { $recipent_temp = UserManager::get_user_info_by_id($recipient_id); $additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']); api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters); } } new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients); Security::clear_token(); return get_lang('FileUploadSucces'); }
require_once api_get_path(SYS_CODE_PATH) . 'gradebook/lib/be.inc.php'; // Setting the tabs $this_section = SECTION_COURSES; $htmlHeadXtra[] = api_get_js('qtip2/jquery.qtip.min.js'); $htmlHeadXtra[] = api_get_css(api_get_path(WEB_LIBRARY_PATH) . 'javascript/qtip2/jquery.qtip.min.css'); // Access control api_protect_course_script(true); // including additional libraries require_once 'exercise.class.php'; require_once 'question.class.php'; require_once 'answer.class.php'; require_once 'hotpotatoes.lib.php'; /* Constants and variables */ $is_allowedToEdit = api_is_allowed_to_edit(null, true); $is_tutor = api_is_allowed_to_edit(true); $is_tutor_course = api_is_course_tutor(); $TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT); $TBL_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY); $TBL_EXERCICE_QUESTION = Database::get_course_table(TABLE_QUIZ_TEST_QUESTION); $TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST); $TBL_TRACK_EXERCICES = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCICES); // document path $documentPath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . "/document"; // picture path $picturePath = $documentPath . '/images'; // audio path $audioPath = $documentPath . '/audio'; // hotpotatoes $uploadPath = DIR_HOTPOTATOES; //defined in main_api $exercicePath = api_get_self();
$user_id = isset($_GET['student_id']) ? intval($_GET['student_id']) : api_get_user_id(); $courseCode = isset($_GET['course']) ? Security::remove_XSS($_GET['course']) : api_get_course_id(); $origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null; $lp_id = intval($_GET['lp_id']); $csv_content = array(); $course_info = api_get_course_info($courseCode); if (empty($course_info) || empty($lp_id)) { api_not_allowed(); } $userInfo = api_get_user_info($user_id); $name = $userInfo['complete_name']; if (!api_is_platform_admin(true) && !CourseManager :: is_course_teacher(api_get_user_id(), $courseCode) && !Tracking :: is_allowed_to_coach_student(api_get_user_id(), $user_id) && !api_is_drh() && !api_is_course_tutor()) { api_not_allowed(); } if ($origin == 'user_course') { $interbreadcrumb[] = array ("url" => api_get_path(WEB_COURSE_PATH).$course_info['directory'], 'name' => $course_info['name']); $interbreadcrumb[] = array ("url" => "../user/user.php?cidReq=".$courseCode, "name" => get_lang("Users")); } else if($origin == 'tracking_course') { $interbreadcrumb[] = array ("url" => "../tracking/courseLog.php?cidReq=".$courseCode.'&id_session='.$session_id, "name" => get_lang("Tracking")); } else { $interbreadcrumb[] = array ("url" => "index.php", "name" => get_lang('MySpace')); $interbreadcrumb[] = array ("url" => "student.php", "name" => get_lang("MyStudents")); $interbreadcrumb[] = array ("url" => "myStudents.php?student=".$user_id, "name" => get_lang("StudentDetails")); $nameTools=get_lang("DetailsStudentInCourse"); }
} require_once api_get_path(SYS_CODE_PATH) . 'newscorm/learnpath.class.php'; require_once api_get_path(SYS_CODE_PATH) . 'newscorm/learnpathItem.class.php'; $session_id = isset($_REQUEST['id_session']) && !empty($_REQUEST['id_session']) ? intval($_REQUEST['id_session']) : api_get_session_id(); $export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false; if ($export_csv) { ob_start(); } $csv_content = array(); $user_id = intval($_GET['student_id']); if (isset($_GET['course'])) { $cidReq = Security::remove_XSS($_GET['course']); } $user_infos = UserManager::get_user_info_by_id($user_id); $name = api_get_person_name($user_infos['firstname'], $user_infos['lastname']); if (!api_is_platform_admin(true) && !CourseManager::is_course_teacher(api_get_user_id(), api_get_course_int_id()) && !Tracking::is_allowed_to_coach_student(api_get_user_id(), $_GET['student_id']) && !api_is_drh() && !api_is_course_tutor()) { api_not_allowed(); } $course_exits = CourseManager::course_exists($cidReq); if (!empty($course_exits)) { $course_info = api_get_course_info($cidReq); } else { api_not_allowed(); } if (!empty($_GET['origin']) && $_GET['origin'] == 'user_course') { $interbreadcrumb[] = array("url" => api_get_path(WEB_COURSE_PATH) . $course_info['directory'], 'name' => $course_info['name']); $interbreadcrumb[] = array("url" => "../user/user.php?cidReq=" . $cidReq, "name" => get_lang("Users")); } else { if (!empty($_GET['origin']) && $_GET['origin'] == 'tracking_course') { $interbreadcrumb[] = array("url" => "../tracking/courseLog.php?cidReq=" . $cidReq . '&id_session=' . $session_id, "name" => get_lang("Tracking")); } else {
printf('<courseobject>'); foreach ($_SESSION['_course'] as $key => $val) { printf('<%s>%s</%s>', $key, api_utf8_encode($val), $key); } printf('</courseobject>'); printf('<userobject>'); foreach ($_SESSION['_user'] as $key => $val) { if ($key != "auth_source") { if (($key == "lastName" || $key == "firstName") && strlen($val) == 0) { $val = get_lang('Unknown'); } printf('<%s>%s</%s>', $key, api_utf8_encode($val), $key); } } printf('<sid>%s</sid>', session_id()); $isadmin = CourseManager::get_user_in_course_status($_SESSION['_user']['user_id'], $_SESSION['_course']['sysCode']) == COURSEMANAGER || api_is_platform_admin() || api_is_course_tutor() || api_is_course_admin() || api_is_course_coach() ? "true" : "false"; printf('<key>%s</key>', md5($confkey . $challenge)); printf('<challenge>%s</challenge>', $challenge); printf('<isUploadAllowed>%s</isUploadAllowed>', $isadmin); printf('<canStartModerator>%s</canStartModerator>', $isadmin == 'true' || $_SESSION["roomType"] == "conference" ? 'true' : 'false'); printf('<mustStartModerator>%s</mustStartModerator>', $isadmin == 'true' || $_SESSION["roomType"] == "conference" ? 'true' : 'false'); printf('</userobject>'); printf('<config>'); printf('<host>' . api_get_setting('service_visio', 'visio_host') . '</host>'); printf('<port>' . api_get_setting('service_visio', 'visio_port') . '</port>'); printf('</config>'); $path = preg_replace('/^([^:]*:\\/\\/)/', '', api_get_path(WEB_PATH)); $path = str_replace('/', '_', $path); printf('<roomConfig>'); printf('<portal>%s</portal>', $path); printf('<roomType>%s</roomType>', $_SESSION['roomType']);
/** * This function displays the form that is used to add a post. This can be a new thread or a reply. * @param $action is the parameter that determines if we are * 1. newthread: adding a new thread (both empty) => No I-frame * 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled) * 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only) * 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here) * @return void HMTL * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function show_add_post_form($action = '', $id = '', $form_values = '') { global $forum_setting; global $current_forum; global $_user; global $origin; $gradebook = Security::remove_XSS($_GET['gradebook']); // Setting the class and text of the form title and submit button. if ($_GET['action'] == 'quote') { $class = 'save'; $text = get_lang('QuoteMessage'); } elseif ($_GET['action'] == 'replythread') { $class = 'save'; $text = get_lang('ReplyToThread'); } elseif ($_GET['action'] == 'replymessage') { $class = 'save'; $text = get_lang('ReplyToMessage'); } else { $class = 'add'; $text = get_lang('CreateThread'); } // Initialize the object. $my_thread = isset($_GET['thread']) ? $_GET['thread'] : ''; $my_forum = isset($_GET['forum']) ? $_GET['forum'] : ''; $my_action = isset($_GET['action']) ? $_GET['action'] : ''; $my_post = isset($_GET['post']) ? $_GET['post'] : ''; $my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : ''; $form = new FormValidator('thread', 'post', api_get_self() . '?forum=' . Security::remove_XSS($my_forum) . '&gradebook=' . $gradebook . '&thread=' . Security::remove_XSS($my_thread) . '&post=' . Security::remove_XSS($my_post) . '&action=' . Security::remove_XSS($my_action) . '&origin=' . $origin); $form->setConstants(array('forum' => '5')); $form->addElement('header', $text); // Settting the form elements. $form->addElement('hidden', 'forum_id', intval($my_forum)); $form->addElement('hidden', 'thread_id', intval($my_thread)); $form->addElement('hidden', 'gradebook', $my_gradebook); // If anonymous posts are allowed we also display a form to allow the user to put his name or username in. if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addElement('text', 'poster_name', get_lang('Name')); $form->applyFilter('poster_name', 'html_filter'); } $form->addElement('text', 'post_title', get_lang('Title')); $form->addElement('html_editor', 'post_text', get_lang('Text'), true, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student')); $form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('advanced_settings', '<a href="javascript://" onclick="return advanced_parameters()"> <span id="img_plus_and_minus"> ' . Display::return_icon('div_show.gif', get_lang('Show'), array('style' => 'vertical-align:middle')) . ' ' . get_lang('AdvancedParameters') . '</span></a>'); $form->addElement('html', '<div id="id_qualify" style="display:none">'); if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$my_thread) { // Thread qualify if (Gradebook::is_active()) { //Loading gradebook select load_gradebook_select_in_tool($form); $form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"'); } else { $form->addElement('hidden', 'thread_qualify_gradebook', false); } $form->addElement('html', '<div id="options_field" style="display:none">'); $form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric')); $form->applyFilter('numeric_calification', 'html_filter'); $form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook')); $form->applyFilter('calification_notebook_title', 'html_filter'); $form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), 'value="0.00" Style="width:40px" onfocus="javascript: this.select();"'); $form->applyFilter('weight_calification', 'html_filter'); $form->addElement('html', '</div>'); } if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) { $form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')'); } if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') { $form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost')); } if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) { $values = $form->exportValues(); } // User upload $form->addElement('static', null, null, get_lang('AddAnAttachment')); $form->addElement('file', 'user_upload', get_lang('FileName'), ''); $form->addElement('textarea', 'file_comment', get_lang('FileComment'), array('rows' => 4, 'cols' => 34)); $form->applyFilter('file_comment', 'html_filter'); $form->addElement('html', '</div>'); $form->addElement('style_submit_button', 'SubmitPost', $text, 'class="' . $class . '"'); $form->add_real_progress_bar('DocumentUpload', 'user_upload'); if (!empty($form_values)) { $defaults['post_title'] = prepare4display($form_values['post_title']); $defaults['post_text'] = prepare4display($form_values['post_text']); $defaults['post_notification'] = strval(intval($form_values['post_notification'])); $defaults['thread_sticky'] = strval(intval($form_values['thread_sticky'])); } // If we are quoting a message we have to retrieve the information of the post we are quoting so that // we can add this as default to the textarea. if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) { // We also need to put the parent_id of the post in a hidden form when we are quoting or replying to a message (<> reply to a thread !!!) $form->addElement('hidden', 'post_parent_id', strval(intval($my_post))); // Note: This has to be cleaned first. // If we are replying or are quoting then we display a default title. $values = get_post_information($my_post); // Note: This has to be cleaned first. $defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES); // When we are quoting a message then we have to put that message into the wysiwyg editor. // Note: The style has to be hardcoded here because using class="quote" didn't work. if ($action == 'quote') { $defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>'; } } $form->setDefaults(isset($defaults) ? $defaults : null); // The course admin can make a thread sticky (=appears with special icon and always on top). $form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required'); if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) { $form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required'); } // Validation or display if ($form->validate()) { $check = Security::check_token('post'); if ($check) { $values = $form->exportValues(); if ($values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) { Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.back()">' . get_lang('Back') . '</a>', false); return false; } Security::clear_token(); return $values; } } else { $token = Security::get_token(); $form->addElement('hidden', 'sec_token'); $form->setConstants(array('sec_token' => $token)); $iframe = null; if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread') { $iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?forum=" . Security::remove_XSS($my_forum) . "&thread=" . Security::remove_XSS($my_thread) . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>"; } if (!empty($iframe)) { $form->addElement('label', get_lang('Thread'), $iframe); } $form->display(); } }
$this_section = SECTION_COURSES; } $session_id = isset($_REQUEST['id_session']) && !empty($_REQUEST['id_session']) ? intval($_REQUEST['id_session']) : api_get_session_id(); $export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false; $user_id = isset($_GET['student_id']) ? intval($_GET['student_id']) : api_get_user_id(); $courseCode = isset($_GET['course']) ? Security::remove_XSS($_GET['course']) : api_get_course_id(); $origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null; $lp_id = intval($_GET['lp_id']); $csv_content = array(); $course_info = api_get_course_info($courseCode); if (empty($course_info) || empty($lp_id)) { api_not_allowed(); } $userInfo = api_get_user_info($user_id); $name = $userInfo['complete_name']; if (!api_is_platform_admin(true) && !CourseManager::is_course_teacher(api_get_user_id(), $courseCode) && !Tracking::is_allowed_to_coach_student(api_get_user_id(), $user_id) && !api_is_drh() && !api_is_course_tutor()) { api_not_allowed(); } if ($origin == 'user_course') { $interbreadcrumb[] = array("url" => api_get_path(WEB_COURSE_PATH) . $course_info['directory'], 'name' => $course_info['name']); $interbreadcrumb[] = array("url" => "../user/user.php?cidReq=" . $courseCode, "name" => get_lang("Users")); } else { if ($origin == 'tracking_course') { $interbreadcrumb[] = array("url" => "../tracking/courseLog.php?cidReq=" . $courseCode . '&id_session=' . $session_id, "name" => get_lang("Tracking")); } else { $interbreadcrumb[] = array("url" => "index.php", "name" => get_lang('MySpace')); $interbreadcrumb[] = array("url" => "student.php", "name" => get_lang("MyStudents")); $interbreadcrumb[] = array("url" => "myStudents.php?student=" . $user_id, "name" => get_lang("StudentDetails")); $nameTools = get_lang("DetailsStudentInCourse"); } }