function get_selection_data($ufiltering)
{
global $SESSION, $DB, $CFG;
// get the SQL filter
list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest' => $CFG->siteguest));
$total = $DB->count_records_select('user', "id<>:exguest AND deleted <> 1", array('exguest' => $CFG->siteguest));
$acount = $DB->count_records_select('user', $sqlwhere, $params);
$scount = count($SESSION->bulk_users);
$userlist = array('acount' => $acount, 'scount' => $scount, 'ausers' => false, 'susers' => false, 'total' => $total);
$userlist['ausers'] = $DB->get_records_select_menu('user', $sqlwhere, $params, 'fullname', 'id,' . fullname_sql() . ' AS fullname', 0, MAX_BULK_USERS);
if ($scount) {
if ($scount < MAX_BULK_USERS) {
$in = implode(',', $SESSION->bulk_users);
} else {
$bulkusers = array_slice($SESSION->bulk_users, 0, MAX_BULK_USERS, true);
$in = implode(',', $bulkusers);
}
$userlist['susers'] = $DB->get_records_select_menu('user', "id IN ({$in})", null, 'fullname', 'id,' . fullname_sql() . ' AS fullname');
}
return $userlist;
}
require_capability('moodle/user:delete', get_context_instance(CONTEXT_SYSTEM));
$return = $CFG->wwwroot . '/' . $CFG->admin . '/user/user_bulk.php';
if (empty($SESSION->bulk_users)) {
redirect($return);
}
echo $OUTPUT->header();
//TODO: add support for large number of users
if ($confirm and confirm_sesskey()) {
list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
$rs = $DB->get_recordset_select('user', "id {$in}", $params);
foreach ($rs as $user) {
if (!is_siteadmin($user) and $USER->id != $user->id and delete_user($user)) {
unset($SESSION->bulk_users[$user->id]);
} else {
echo $OUTPUT->notification(get_string('deletednot', '', fullname($user, true)));
}
}
$rs->close();
session_gc();
// remove stale sessions
redirect($return, get_string('changessaved'));
} else {
list($in, $params) = $DB->get_in_or_equal($SESSION->bulk_users);
$userlist = $DB->get_records_select_menu('user', "id {$in}", $params, 'fullname', 'id,' . fullname_sql() . ' AS fullname');
$usernames = implode(', ', $userlist);
echo $OUTPUT->heading(get_string('confirmation', 'admin'));
$formcontinue = new single_button(new moodle_url('user_bulk_delete.php', array('confirm' => 1)), get_string('yes'));
$formcancel = new single_button(new moodle_url('user_bulk.php'), get_string('no'), 'get');
echo $OUTPUT->confirm(get_string('deletecheckfull', '', $usernames), $formcontinue, $formcancel);
}
echo $OUTPUT->footer();
function print_log_ods($course, $user, $date, $order = 'l.time DESC', $modname, $modid, $modaction, $groupid)
{
global $CFG, $DB;
require_once "{$CFG->libdir}/odslib.class.php";
if (!($logs = build_logs_array($course, $user, $date, $order, '', '', $modname, $modid, $modaction, $groupid))) {
return false;
}
$courses = array();
if ($course->id == SITEID) {
$courses[0] = '';
if ($ccc = get_courses('all', 'c.id ASC', 'c.id,c.shortname')) {
foreach ($ccc as $cc) {
$courses[$cc->id] = $cc->shortname;
}
}
} else {
$courses[$course->id] = $course->shortname;
}
$count = 0;
$ldcache = array();
$tt = getdate(time());
$today = mktime(0, 0, 0, $tt["mon"], $tt["mday"], $tt["year"]);
$strftimedatetime = get_string("strftimedatetime");
$nroPages = ceil(count($logs) / (EXCELROWS - FIRSTUSEDEXCELROW + 1));
$filename = 'logs_' . userdate(time(), get_string('backupnameformat', 'langconfig'), 99, false);
$filename .= '.ods';
$workbook = new MoodleODSWorkbook('-');
$workbook->send($filename);
$worksheet = array();
$headers = array(get_string('course'), get_string('time'), get_string('ip_address'), get_string('fullnamecourse'), get_string('action'), get_string('info'));
// Creating worksheets
for ($wsnumber = 1; $wsnumber <= $nroPages; $wsnumber++) {
$sheettitle = get_string('logs') . ' ' . $wsnumber . '-' . $nroPages;
$worksheet[$wsnumber] =& $workbook->add_worksheet($sheettitle);
$worksheet[$wsnumber]->set_column(1, 1, 30);
$worksheet[$wsnumber]->write_string(0, 0, get_string('savedat') . userdate(time(), $strftimedatetime));
$col = 0;
foreach ($headers as $item) {
$worksheet[$wsnumber]->write(FIRSTUSEDEXCELROW - 1, $col, $item, '');
$col++;
}
}
if (empty($logs['logs'])) {
$workbook->close();
return true;
}
$formatDate =& $workbook->add_format();
$formatDate->set_num_format(get_string('log_excel_date_format'));
$row = FIRSTUSEDEXCELROW;
$wsnumber = 1;
$myxls =& $worksheet[$wsnumber];
foreach ($logs['logs'] as $log) {
if (isset($ldcache[$log->module][$log->action])) {
$ld = $ldcache[$log->module][$log->action];
} else {
$ld = $DB->get_record('log_display', array('module' => $log->module, 'action' => $log->action));
$ldcache[$log->module][$log->action] = $ld;
}
if ($ld && !empty($log->info)) {
// ugly hack to make sure fullname is shown correctly
if ($ld->mtable == 'user' and $ld->field == fullname_sql()) {
$log->info = fullname($DB->get_record($ld->mtable, array('id' => $log->info)), true);
} else {
$log->info = $DB->get_field($ld->mtable, $ld->field, array('id' => $log->info));
}
}
// Filter log->info
$log->info = format_string($log->info);
$log->info = strip_tags(urldecode($log->info));
// Some XSS protection
if ($nroPages > 1) {
if ($row > EXCELROWS) {
$wsnumber++;
$myxls =& $worksheet[$wsnumber];
$row = FIRSTUSEDEXCELROW;
}
}
$myxls->write_string($row, 0, $courses[$log->course]);
$myxls->write_date($row, 1, $log->time);
$myxls->write_string($row, 2, $log->ip);
$fullname = fullname($log, has_capability('moodle/site:viewfullnames', get_context_instance(CONTEXT_COURSE, $course->id)));
$myxls->write_string($row, 3, $fullname);
$myxls->write_string($row, 4, $log->module . ' ' . $log->action);
$myxls->write_string($row, 5, $log->info);
$row++;
}
$workbook->close();
return true;
}
/**
* @todo Finish documenting this function
*
* @param string $sort An SQL field to sort by
* @param string $dir The sort direction ASC|DESC
* @param int $page The page or records to return
* @param int $recordsperpage The number of records to return per page
* @param string $search A simple string to search for
* @param string $firstinitial Users whose first name starts with $firstinitial
* @param string $lastinitial Users whose last name starts with $lastinitial
* @param string $extraselect An additional SQL select statement to append to the query
* @param array $extraparams Additional parameters to use for the above $extraselect
* @return array Array of {@link $USER} records
*/
function get_users_listing($sort = 'lastaccess', $dir = 'ASC', $page = 0, $recordsperpage = 0, $search = '', $firstinitial = '', $lastinitial = '', $extraselect = '', array $extraparams = null)
{
global $DB;
$fullname = fullname_sql();
$select = "deleted <> 1";
$params = array();
if (!empty($search)) {
$search = trim($search);
$select .= " AND (" . $DB->sql_like($fullname, ':search1', false, false) . " OR " . $DB->sql_like('email', ':search2', false, false) . " OR username = :search3)";
$params['search1'] = "%{$search}%";
$params['search2'] = "%{$search}%";
$params['search3'] = "{$search}";
}
if ($firstinitial) {
$select .= " AND " . $DB->sql_like('firstname', ':fni', false, false);
$params['fni'] = "{$firstinitial}%";
}
if ($lastinitial) {
$select .= " AND " . $DB->sql_like('lastname', ':lni', false, false);
$params['lni'] = "{$lastinitial}%";
}
if ($extraselect) {
$select .= " AND {$extraselect}";
$params = $params + (array) $extraparams;
}
if ($sort) {
$sort = " ORDER BY {$sort} {$dir}";
}
/// warning: will return UNCONFIRMED USERS
return $DB->get_records_sql("SELECT id, username, email, firstname, lastname, city, country, lastaccess, confirmed, mnethostid\n FROM {user}\n WHERE {$select}\n {$sort}", $params, $page, $recordsperpage);
}
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Definition of log events
*
* @package core
* @subpackage admin
* @copyright 2010 Petr Skoda (http://skodak.org)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die;
global $DB;
// TODO: this is a hack, we should really do something with the SQL in SQL tables
$logs = array(array('module' => 'user', 'action' => 'view', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'course', 'action' => 'user report', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'course', 'action' => 'view', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'update', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'enrol', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'unenrol', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'report log', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'report live', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'report outline', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'report participation', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'course', 'action' => 'report stats', 'mtable' => 'course', 'field' => 'fullname'), array('module' => 'message', 'action' => 'write', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'message', 'action' => 'read', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'message', 'action' => 'add contact', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'message', 'action' => 'remove contact', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'message', 'action' => 'block contact', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'message', 'action' => 'unblock contact', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'group', 'action' => 'view', 'mtable' => 'groups', 'field' => 'name'), array('module' => 'tag', 'action' => 'update', 'mtable' => 'tag', 'field' => 'name'));
$select .= $ccselect;
$joins[] = $ccjoin;
// limit list to users with some role only
if ($roleid) {
$wheres[] = "u.id IN (SELECT userid FROM {role_assignments} WHERE roleid = :roleid AND contextid {$contextlist})";
$params['roleid'] = $roleid;
}
$from = implode("\n", $joins);
if ($wheres) {
$where = "WHERE " . implode(" AND ", $wheres);
} else {
$where = "";
}
$totalcount = $DB->count_records_sql("SELECT COUNT(u.id) {$from} {$where}", $params);
if (!empty($search)) {
$fullname = fullname_sql('u.');
$wheres[] = "(" . $DB->sql_like($fullname, ':search1', false, false) . " OR " . $DB->sql_like('email', ':search2', false, false) . " OR " . $DB->sql_like('idnumber', ':search3', false, false) . ") ";
$params['search1'] = "%{$search}%";
$params['search2'] = "%{$search}%";
$params['search3'] = "%{$search}%";
}
list($twhere, $tparams) = $table->get_sql_where();
if ($twhere) {
$wheres[] = $twhere;
$params = array_merge($params, $tparams);
}
$from = implode("\n", $joins);
if ($wheres) {
$where = "WHERE " . implode(" AND ", $wheres);
} else {
$where = "";
/**
* Gets an array of the users that can be enrolled in this course.
*
* @global moodle_database $DB
* @param int $enrolid
* @param string $search
* @param bool $searchanywhere
* @param int $page Defaults to 0
* @param int $perpage Defaults to 25
* @return array Array(totalusers => int, users => array)
*/
public function get_potential_users($enrolid, $search = '', $searchanywhere = false, $page = 0, $perpage = 25)
{
global $DB, $CFG;
// Add some additional sensible conditions
$tests = array("id <> :guestid", 'u.deleted = 0', 'u.confirmed = 1');
$params = array('guestid' => $CFG->siteguest);
if (!empty($search)) {
$conditions = array(fullname_sql('u.'), 'u.email');
if ($searchanywhere) {
$searchparam = '%' . $search . '%';
} else {
$searchparam = $search . '%';
}
$i = 0;
foreach ($conditions as $key => $condition) {
$conditions[$key] = $DB->sql_like($condition, ":con{$i}00", false);
$params["con{$i}00"] = $searchparam;
$i++;
}
$tests[] = '(' . implode(' OR ', $conditions) . ')';
}
$wherecondition = implode(' AND ', $tests);
$ufields = user_picture::fields('u', array('username', 'lastaccess'));
$fields = 'SELECT ' . $ufields;
$countfields = 'SELECT COUNT(1)';
$sql = " FROM {user} u\n WHERE {$wherecondition}\n AND u.id NOT IN (SELECT ue.userid\n FROM {user_enrolments} ue\n JOIN {enrol} e ON (e.id = ue.enrolid AND e.id = :enrolid))";
$order = ' ORDER BY u.lastname ASC, u.firstname ASC';
$params['enrolid'] = $enrolid;
$totalusers = $DB->count_records_sql($countfields . $sql, $params);
$availableusers = $DB->get_records_sql($fields . $sql . $order, $params, $page * $perpage, $perpage);
return array('totalusers' => $totalusers, 'users' => $availableusers);
}
/**
* Search through course users
*
* If $coursid specifies the site course then this function searches
* through all undeleted and confirmed users
* @param int $courseid The course in question.
* @param string $searchtext the text to search for
* @param string $sort the column name to order by
* @param string $exceptions comma separated list of user IDs to exclude
* @return array An array of {@link $USER} records.
*/
function message_search_users($courseid, $searchtext, $sort = '', $exceptions = '')
{
global $CFG, $USER, $DB;
$fullname = fullname_sql();
if (!empty($exceptions)) {
$except = ' AND u.id NOT IN (' . $exceptions . ') ';
} else {
$except = '';
}
if (!empty($sort)) {
$order = ' ORDER BY ' . $sort;
} else {
$order = '';
}
$ufields = user_picture::fields('u');
if (!$courseid or $courseid == SITEID) {
$params = array($USER->id, "%{$searchtext}%");
return $DB->get_records_sql("SELECT {$ufields}, mc.id as contactlistid, mc.blocked\n FROM {user} u\n LEFT JOIN {message_contacts} mc\n ON mc.contactid = u.id AND mc.userid = ?\n WHERE u.deleted = '0' AND u.confirmed = '1'\n AND (" . $DB->sql_like($fullname, '?', false) . ")\n {$except}\n {$order}", $params);
} else {
//TODO: add enabled enrolment join here (skodak)
$context = get_context_instance(CONTEXT_COURSE, $courseid);
$contextlists = get_related_contexts_string($context);
// everyone who has a role assignment in this course or higher
$params = array($USER->id, "%{$searchtext}%");
$users = $DB->get_records_sql("SELECT {$ufields},\n FROM {user} u, mc.id as contactlistid, mc.blocked\n JOIN {role_assignments} ra ON ra.userid = u.id\n LEFT JOIN {message_contacts} mc\n ON mc.contactid = u.id AND mc.userid = ?\n WHERE u.deleted = '0' AND u.confirmed = '1'\n AND ra.contextid {$contextlists}\n AND (" . $DB->sql_like($fullname, '?', false) . ")\n {$except}\n {$order}", $params);
return $users;
}
}
/**
* @param string $search the text to search for.
* @param string $u the table alias for the user table in the query being
* built. May be ''.
* @return array an array with two elements, a fragment of SQL to go in the
* where clause the query, and an array containing any required parameters.
* this uses ? style placeholders.
*/
protected function search_sql($search, $u)
{
global $DB, $CFG;
$params = array();
$tests = array();
if ($u) {
$u .= '.';
}
// If we have a $search string, put a field LIKE '$search%' condition on each field.
if ($search) {
$conditions = array(fullname_sql($u), $conditions[] = $u . 'lastname');
foreach ($this->extrafields as $field) {
$conditions[] = $u . $field;
}
if ($this->searchanywhere) {
$searchparam = '%' . $search . '%';
} else {
$searchparam = $search . '%';
}
$i = 0;
foreach ($conditions as $key => $condition) {
$conditions[$key] = $DB->sql_like($condition, ":con{$i}00", false, false);
$params["con{$i}00"] = $searchparam;
$i++;
}
$tests[] = '(' . implode(' OR ', $conditions) . ')';
}
// Add some additional sensible conditions
$tests[] = $u . "id <> :guestid";
$params['guestid'] = $CFG->siteguest;
$tests[] = $u . 'deleted = 0';
$tests[] = $u . 'confirmed = 1';
// If we are being asked to exclude any users, do that.
if (!empty($this->exclude)) {
list($usertest, $userparams) = $DB->get_in_or_equal($this->exclude, SQL_PARAMS_NAMED, 'ex000', false);
$tests[] = $u . 'id ' . $usertest;
$params = array_merge($params, $userparams);
}
// If we are validating a set list of userids, add an id IN (...) test.
if (!empty($this->validatinguserids)) {
list($usertest, $userparams) = $DB->get_in_or_equal($this->validatinguserids, SQL_PARAMS_NAMED, 'val000');
$tests[] = $u . 'id ' . $usertest;
$params = array_merge($params, $userparams);
}
if (empty($tests)) {
$tests[] = '1 = 1';
}
// Combing the conditions and return.
return array(implode(' AND ', $tests), $params);
}
<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Definition of log events
*
* @package mod
* @subpackage forum
* @copyright 2010 Petr Skoda (http://skodak.org)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
defined('MOODLE_INTERNAL') || die;
global $DB;
// TODO: this is a hack, we should really do something with the SQL in SQL tables
$logs = array(array('module' => 'forum', 'action' => 'add', 'mtable' => 'forum', 'field' => 'name'), array('module' => 'forum', 'action' => 'update', 'mtable' => 'forum', 'field' => 'name'), array('module' => 'forum', 'action' => 'add discussion', 'mtable' => 'forum_discussions', 'field' => 'name'), array('module' => 'forum', 'action' => 'add post', 'mtable' => 'forum_posts', 'field' => 'subject'), array('module' => 'forum', 'action' => 'update post', 'mtable' => 'forum_posts', 'field' => 'subject'), array('module' => 'forum', 'action' => 'user report', 'mtable' => 'user', 'field' => fullname_sql()), array('module' => 'forum', 'action' => 'move discussion', 'mtable' => 'forum_discussions', 'field' => 'name'), array('module' => 'forum', 'action' => 'view subscribers', 'mtable' => 'forum', 'field' => 'name'), array('module' => 'forum', 'action' => 'view discussion', 'mtable' => 'forum_discussions', 'field' => 'name'), array('module' => 'forum', 'action' => 'view forum', 'mtable' => 'forum', 'field' => 'name'), array('module' => 'forum', 'action' => 'subscribe', 'mtable' => 'forum', 'field' => 'name'), array('module' => 'forum', 'action' => 'unsubscribe', 'mtable' => 'forum', 'field' => 'name'));
