if ($is_editor or $is_tutor) {
if (isset($_POST['submit'])) {
$sender = Database::get()->querySingle("SELECT email, surname, givenname FROM user
WHERE id = ?d", $uid);
$sender_name = $sender->givenname . ' ' . $sender->surname;
$sender_email = $sender->email;
$emailsubject = $title . " - " . $_POST['subject'];
$emailbody = "$_POST[body_mail]\n\n$langSender: $sender->surname $sender->givenname <$sender->email>\n$langProfLesson\n";
$req = Database::get()->queryArray("SELECT user_id FROM group_members WHERE group_id = ?d", $group_id);
foreach ($req as $userid) {
$email = Database::get()->querySingle("SELECT email FROM user WHERE id = $userid->user_id")->email;
if (get_user_email_notification($userid->user_id, $course_id)) {
$linkhere = " <a href='${urlServer}main/profile/emailunsubscribe.php?cid=$course_id'>$langHere</a>.";
$unsubscribe = "<br /><br />$langNote: " . sprintf($langLinkUnsubscribe, $title);
$emailbody .= $unsubscribe . $linkhere;
if (email_seems_valid($email) and ! send_mail($sender_name, $sender_email, '', $email, $emailsubject, $emailbody, $charset)) {
$tool_content .= "<h4>$langMailError</h4>";
}
}
}
// aldo send email to professor
send_mail($sender_name, $sender_email, '', $sender_email, $emailsubject, $emailbody, $charset);
$tool_content .= "<div class='alert alert-success'>$langEmailSuccess<br>";
$tool_content .= "<a href='index.php?course=$course_code'>$langBack</a></div>";
} else {
$tool_content .= "<div class='form-wrapper'>
<form class='form-horizontal' role='form' action='$_SERVER[SCRIPT_NAME]?course=$course_code' method='post'>
<fieldset>
<input type='hidden' name='group_id' value='$group_id'>
<div class='form-group'>
<label>$langMailSubject</label>
$tool_content .= "<div class='alert alert-danger'>{$langForbidden}</div>";
draw($tool_content, 0);
exit;
}
if (!$prof and $eclass_stud_reg != 1) {
$tool_content .= "<div class='alert alert-danger'>{$langForbidden}</div>";
draw($tool_content, 0);
exit;
}
$am_required = !$prof && get_config('am_required');
$errors = array();
$all_set = register_posted_variables(array('usercomment' => true, 'givenname' => true, 'surname' => true, 'username' => true, 'userphone' => $prof, 'usermail' => true, 'am' => $am_required, 'department' => true, 'captcha_code' => false));
if (!$all_set) {
$errors[] = $langFieldsMissing;
}
if (!email_seems_valid($usermail)) {
$errors[] = $langEmailWrong;
$all_set = false;
} else {
$usermail = mb_strtolower(trim($usermail));
}
// check if the username is already in use
$username = canonicalize_whitespace($username);
if (user_exists($username)) {
$errors[] = $langUserFree;
$all_set = false;
}
// check if exists user request with the same username
if (user_app_exists($username)) {
$errors[] = $langUserFree3;
$all_set = false;
$uname = canonicalize_whitespace($uname);
// check if the username is already in use
$username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $uname);
if ($username_check) {
$registration_errors[] = $langUserFree;
}
if ($display_captcha) {
// captcha check
require_once 'include/securimage/securimage.php';
$securimage = new Securimage();
if ($securimage->check($_POST['captcha_code']) == false) {
$registration_errors[] = $langCaptchaWrong;
}
}
}
if (!empty($email) and !email_seems_valid($email)) {
$registration_errors[] = $langEmailWrong;
} else {
$email = mb_strtolower(trim($email));
}
if ($password != $_POST['password1']) { // check if the two passwords match
$registration_errors[] = $langPassTwice;
}
//check for validation errors in custom profile fields
$cpf_check = cpf_validate_format();
if ($cpf_check[0] === false) {
unset($cpf_check[0]);
foreach ($cpf_check as $cpf_error) {
$registration_errors[] = $cpf_error;
}
}
if ($email != $_SESSION['email']) {
$_SESSION['email'] = $email;
Database::get()->query("UPDATE user SET email = ?s WHERE id = ?d", $email, $uid);
}
//send new code
$hmac = token_generate($_SESSION['uname'] . $email . $uid);
$subject = $langMailChangeVerificationSubject;
$MailMessage = sprintf($mailbody1 . $langMailVerificationChangeBody, $urlServer . 'modules/auth/mail_verify.php?h=' . $hmac . '&id=' . $uid);
$emailhelpdesk = get_config('email_helpdesk');
$emailAdministrator = get_config('email_sender');
if (!send_mail($siteName, $emailAdministrator, '', $email, $subject, $MailMessage, $charset, "Reply-To: {$emailhelpdesk}")) {
$mail_ver_error = sprintf("<div class='alert alert-warning'>" . $langMailVerificationError, $email, $urlServer . "auth/registration.php", "<a href='mailto:" . q($emailhelpdesk) . "' class='mainpage'>" . q($emailhelpdesk) . "</a>.</div>");
$tool_content .= $mail_ver_error;
} else {
$tool_content .= "<div class='alert alert-success'>{$langMailVerificationSuccess4}</div> ";
}
} else {
$tool_content .= "<div class='alert alert-danger'>{$langMailVerificationWrong}</div> ";
}
} elseif (!empty($_SESSION['mail_verification_required']) && $_SESSION['mail_verification_required'] === 1) {
$tool_content .= "<div class='alert alert-info'>{$langMailVerificationReq}</div> ";
}
if (empty($_POST['email']) or !email_seems_valid($_POST['email'])) {
$tool_content .= "<br /><br /><form method='post' action='{$_SERVER['SCRIPT_NAME']}'>\n <fieldset>\n <legend>{$langUserData}</legend>\n <table class='tbl' with='100%'> \n <tr>\n <th class='left'>{$lang_email}:</th>\n <td><input type='text' name='email' size='30' maxlength='40' value='" . q($_SESSION['email']) . "' /></td>\n <td><small>({$langMailVerificationAddrChange})</small></td>\n </tr>\n <tr>\n <th class='left'> </th>\n <td colspan='2'><input class='btn btn-primary' type='submit' name='submit' value='{$langMailVerificationNewCode}' /></td>\n </tr>\n </table> \n </fieldset>\n </form>";
}
if (isset($_GET['from_profile'])) {
draw($tool_content, 1);
} else {
draw($tool_content, 0);
}
exit;
$emailSubject = "{$professorMessage} ({$public_code} - " . q($title) . " - {$langAnnouncement})";
// select students email list
$countEmail = 0;
$invalid = 0;
$recipients = array();
$emailBody = html2text($emailContent);
$linkhere = " <a href='{$urlServer}main/profile/emailunsubscribe.php?cid={$course_id}'>{$langHere}</a>.";
$unsubscribe = "<br /><br />{$langNote}: " . sprintf($langLinkUnsubscribe, $title);
$emailContent .= $unsubscribe . $linkhere;
$general_to = 'Members of course ' . $course_code;
Database::get()->queryFunc("SELECT course_user.user_id as id, user.email as email\n FROM course_user, user\n WHERE course_id = ?d AND user.id IN ({$recipients_emaillist}) AND \n course_user.user_id = user.id", function ($person) use(&$countEmail, &$recipients, &$invalid, $course_id, $general_to, $emailSubject, $emailBody, $emailContent, $charset) {
$countEmail++;
$emailTo = $person->email;
$user_id = $person->id;
// check email syntax validity
if (!email_seems_valid($emailTo)) {
$invalid++;
} elseif (get_user_email_notification($user_id, $course_id)) {
// checks if user is notified by email
array_push($recipients, $emailTo);
}
// send mail message per 50 recipients
if (count($recipients) >= 50) {
send_mail_multipart("{$_SESSION['givenname']} {$_SESSION['surname']}", $_SESSION['email'], $general_to, $recipients, $emailSubject, $emailBody, $emailContent, $charset);
$recipients = array();
}
}, $course_id);
if (count($recipients) > 0) {
send_mail_multipart("{$_SESSION['givenname']} {$_SESSION['surname']}", $_SESSION['email'], $general_to, $recipients, $emailSubject, $emailBody, $emailContent, $charset);
}
$messageInvalid = " {$langOn} {$countEmail} {$langRegUser}, {$invalid} {$langInvalidMail}";
validateUploadedFile($_FILES['userimage']['name'], 1);
$type = $_FILES['userimage']['type'];
$image_file = $_FILES['userimage']['tmp_name'];
if (!copy_resized_image($image_file, $type, IMAGESIZE_LARGE, IMAGESIZE_LARGE, $image_path . '_' . IMAGESIZE_LARGE . '.jpg')) {
Session::Messages($langInvalidPicture);
redirect_to_home_page("main/profile/profile.php");
}
if (!copy_resized_image($image_file, $type, IMAGESIZE_SMALL, IMAGESIZE_SMALL, $image_path . '_' . IMAGESIZE_SMALL . '.jpg')) {
Session::Messages($langInvalidPicture);
redirect_to_home_page("main/profile/profile.php");
}
Database::get()->query("UPDATE user SET has_icon = 1 WHERE id = ?d", $_SESSION['uid']);
Log::record(0, 0, LOG_PROFILE, array('uid' => intval($_SESSION['uid']), 'addimage' => 1, 'imagetype' => $type));
}
// check if email is valid
if (get_config('email_required') | get_config('email_verification_required') and !email_seems_valid($email_form)) {
Session::Messages($langEmailWrong);
redirect_to_home_page("main/profile/profile.php");
}
// check if there are empty fields
if (!$all_ok) {
Session::Messages($langFieldsMissing);
redirect_to_home_page("main/profile/profile.php");
}
if (!$allow_username_change) {
$username_form = $_SESSION['uname'];
}
$username_form = canonicalize_whitespace($username_form);
// check if username exists
if ($username_form != $_SESSION['uname']) {
$username_check = Database::get()->querySingle("SELECT username FROM user WHERE username = ?s", $username_form);
// validation for departments
foreach ($departments as $dep) {
validateNode($dep, isDepartmentAdmin());
}
$numfields = count($fields);
$line = strtok($_POST['user_info'], "\n");
while ($line !== false) {
$line = preg_replace('/#.*/', '', trim($line));
if (!empty($line)) {
$userl = preg_split('/[ \\t]+/', $line);
if (count($userl) >= $numfields) {
$info = array();
foreach ($fields as $field) {
$info[$field] = array_shift($userl);
}
if (!isset($info['email']) or !email_seems_valid($info['email'])) {
$info['email'] = '';
}
if (!empty($am)) {
if (!isset($info['id']) or empty($info['id'])) {
$info['id'] = $am;
} else {
$info['id'] = $am . ' - ' . $info['id'];
}
}
$surname = isset($info['last']) ? $info['last'] : '';
$givenname = isset($info['first']) ? $info['first'] : '';
if (!isset($info['username'])) {
$info['username'] = create_username($newstatus, $departments, $surname, $givenname, $_POST['prefix']);
}
if (!isset($info['password'])) {
}
$tool_content .= action_bar(array(array('title' => $langBack, 'url' => "../admin/index.php", 'icon' => 'fa-reply', 'level' => 'primary-label'), array('title' => $langBackRequests, 'url' => "../admin/listreq.php{$reqtype}", 'icon' => 'fa-reply', 'level' => 'primary', 'show' => isset($submit) and $success)));
}
if ($submit) {
// register user
$depid = intval(isset($_POST['department']) ? $_POST['department'] : 0);
$proflanguage = $session->validate_language_code(@$_POST['language']);
$verified_mail = isset($_REQUEST['verified_mail_form']) ? intval($_REQUEST['verified_mail_form']) : 2;
// check if user name exists
$user_exist = Database::get()->querySingle("SELECT username FROM user WHERE username=?s", $uname);
// check if there are empty fields
if (!$all_set) {
$tool_content .= "<div class='alert alert-danger'>{$langFieldsMissing} <br /><a href='{$backlink}'>{$langAgain}</a></div>";
} elseif ($user_exist) {
$tool_content .= "<div class='alert alert-danger'>{$langUserFree} <br /><a href='{$backlink}'>{$langAgain}</a></div>";
} elseif (!email_seems_valid($email_form)) {
$tool_content .= "<div class='alert alert-danger'>{$langEmailWrong} <br /><a href='{$backlink}'>{$langAgain}</a></div>";
} else {
validateNode(intval($depid), isDepartmentAdmin());
$hasher = new PasswordHash(8, false);
$password_encrypted = $hasher->HashPassword($password);
$uid = Database::get()->query("INSERT INTO user\n (surname, givenname, username, password, email, status, phone, am, registered_at, expires_at, lang, description, verified_mail, whitelist)\n VALUES (?s, ?s, ?s, ?s, ?s, ?d, ?s, ?s , " . DBHelper::timeAfter() . "\n , " . DBHelper::timeAfter(get_config('account_duration')) . "\n , ?s, '', ?s, '')", $surname_form, $givenname_form, $uname, $password_encrypted, $email_form, $pstatus, $phone, $am, $proflanguage, $verified_mail)->lastInsertID;
$user->refresh($uid, array(intval($depid)));
// close request if needed
if (!empty($rid)) {
$rid = intval($rid);
Database::get()->query("UPDATE user_request set state = 2, date_closed = NOW() WHERE id = ?d", $rid);
}
if ($pstatus == 1) {
$message = $profsuccess;
$reqtype = '';
