$cats = Category::load($category);
$stud_id = api_is_allowed_to_edit() ? null : api_get_user_id();
$allcat = $cats[0]->get_subcategories($stud_id);
$alleval = $cats[0]->get_evaluations($stud_id);
$alllink = $cats[0]->get_links($stud_id);
}
$addparams = array('selectcat' => $cats[0]->get_id());
if (isset($_GET['search'])) {
$addparams['search'] = $keyword;
}
if (isset($_GET['studentoverview'])) {
$addparams['studentoverview'] = '';
}
if (isset($allcat_info) && count($allcat_info) >= 0 && (isset($_GET['selectcat']) && $_GET['selectcat'] == 0) && isset($_GET['search']) && strlen(trim($_GET['search'])) > 0) {
$allcat = $allcat_info;
} else {
$allcat = $allcat;
}
$gradebooktable = new GradebookTable($cats[0], $allcat, $alleval, $alllink, $addparams);
if (empty($allcat) && empty($alleval) && empty($alllink) && !$is_platform_admin && $is_course_admin && !isset($_GET['selectcat']) && api_is_course_tutor()) {
Display::display_normal_message(get_lang('GradebookWelcomeMessage') . '<br /><br /><form name="createcat" method="post" action="' . api_get_self() . '?createallcategories=1"><input type="submit" value="' . get_lang('CreateAllCat') . '"></form>', false);
}
// Here we are in a sub category
if ($category != '0') {
DisplayGradebook::header($cats[0], 1, $_GET['selectcat'], $is_course_admin, $is_platform_admin, $simple_search_form);
} else {
// This is the root category
DisplayGradebook::header($cats[0], count($allcat) == '0' && !isset($_GET['search']) ? 0 : 1, 0, $is_course_admin, $is_platform_admin, $simple_search_form);
}
$gradebooktable->display();
Display::display_footer();
$session_id = intval($_REQUEST['id_session']);
if ($from == 'myspace') {
$from_myspace = true;
$this_section = "session_my_space";
} else {
$this_section = SECTION_COURSES;
}
// Access restrictions.
$is_allowedToTrack =
api_is_platform_admin() ||
api_is_allowed_to_create_course() ||
api_is_session_admin() ||
api_is_drh() ||
api_is_course_tutor() ||
api_is_course_admin();
if (!$is_allowedToTrack) {
api_not_allowed(true);
exit;
}
// If the user is a HR director (drh)
if (api_is_drh()) {
// Blocking course for drh
if (api_drh_can_access_all_session_content()) {
// If the drh has been configured to be allowed to see all session content, give him access to the session courses
$coursesFromSession = SessionManager::getAllCoursesFollowedByUser(api_get_user_id(), null);
if (!empty($coursesFromSession)) {
$coursesFromSession = array_keys($coursesFromSession);
Database::query($sql);
if ($origin == 'tracking_course') {
//Redirect to the course detail in lp
header('location: exercise.php?course=' . Security::remove_XSS($_GET['course']));
exit;
} else {
//Redirect to the reporting
header('location: ../mySpace/myStudents.php?origin=' . $origin . '&student=' . $student_id . '&details=true&course=' . $course_id . '&session_id=' . $session_id);
exit;
}
}
}
$actions = null;
if ($is_allowedToEdit && $origin != 'learnpath') {
// the form
if (api_is_platform_admin() || api_is_course_admin() || api_is_course_tutor() || api_is_course_coach()) {
$actions .= '<a href="admin.php?exerciseId=' . intval($_GET['exerciseId']) . '">' . Display::return_icon('back.png', get_lang('GoBackToQuestionList'), '', ICON_SIZE_MEDIUM) . '</a>';
$actions .= '<a href="live_stats.php?' . api_get_cidreq() . '&exerciseId=' . $exercise_id . '">' . Display::return_icon('activity_monitor.png', get_lang('LiveResults'), '', ICON_SIZE_MEDIUM) . '</a>';
$actions .= '<a href="stats.php?' . api_get_cidreq() . '&exerciseId=' . $exercise_id . '">' . Display::return_icon('statistics.png', get_lang('ReportByQuestion'), '', ICON_SIZE_MEDIUM) . '</a>';
$actions .= '<a id="export_opener" href="' . api_get_self() . '?export_report=1&exerciseId=' . intval($_GET['exerciseId']) . '" >' . Display::return_icon('save.png', get_lang('Export'), '', ICON_SIZE_MEDIUM) . '</a>';
// clean result before a selected date icon
$actions .= Display::url(Display::return_icon('clean_before_date.png', get_lang('CleanStudentsResultsBeforeDate'), '', ICON_SIZE_MEDIUM), '#', array('onclick' => "javascript:display_date_picker()"));
// clean result before a selected date datepicker popup
$actions .= Display::span(Display::input('input', 'datepicker_start', get_lang('SelectADateOnTheCalendar'), array('onmouseover' => 'datepicker_input_mouseover()', 'id' => 'datepicker_start', 'onchange' => 'datepicker_input_changed()', 'readonly' => 'readonly')) . Display::button('delete', get_lang('Delete'), array('onclick' => 'submit_datepicker()')), array('style' => 'display:none', 'id' => 'datepicker_span'));
}
} else {
$actions .= '<a href="exercise.php">' . Display::return_icon('back.png', get_lang('GoBackToQuestionList'), '', ICON_SIZE_MEDIUM) . '</a>';
}
//Deleting an attempt
if (($is_allowedToEdit || $is_tutor || api_is_coach()) && isset($_GET['delete']) && $_GET['delete'] == 'delete' && !empty($_GET['did']) && $locked == false) {
$exe_id = intval($_GET['did']);
} else {
Display::display_header(get_lang('ExportPDF'));
}
}
if (isset($_GET['print'])) {
$printable_data = GradebookUtils::get_printable_data($cat[0], $users, $alleval, $alllinks, $params, $mainCourseCategory[0]);
echo print_table($printable_data[1], $printable_data[0], get_lang('FlatView'), $cat[0]->get_name());
exit;
}
if (!empty($_GET['export_report']) && $_GET['export_report'] == 'export_report') {
if (api_is_platform_admin() || api_is_course_admin() || api_is_course_coach() || $isDrhOfCourse) {
$user_id = null;
if (empty($_SESSION['export_user_fields'])) {
$_SESSION['export_user_fields'] = false;
}
if (!api_is_allowed_to_edit(false, false) and !api_is_course_tutor()) {
$user_id = api_get_user_id();
}
$printable_data = GradebookUtils::get_printable_data($cat[0], $users, $alleval, $alllinks, $params, $mainCourseCategory[0]);
switch ($_GET['export_format']) {
case 'xls':
$export = new GradeBookResult();
$export->exportCompleteReportXLS($printable_data);
break;
case 'doc':
$export = new GradeBookResult();
$export->exportCompleteReportDOC($printable_data);
exit;
break;
case 'csv':
default:
*/
$pathopen = isset($_REQUEST['pathopen']) ? $_REQUEST['pathopen'] : null;
// Including the global initialization file
require_once '../inc/global.inc.php';
$current_course_tool = TOOL_TRACKING;
$course_info = api_get_course_info();
$from_myspace = false;
$from = isset($_GET['from']) ? $_GET['from'] : null;
if ($from == 'myspace') {
$from_myspace = true;
$this_section = "session_my_space";
} else {
$this_section = SECTION_COURSES;
}
// Access restrictions.
$is_allowedToTrack = api_is_platform_admin() || api_is_allowed_to_create_course() || api_is_session_admin() || api_is_drh() || api_is_course_tutor();
if (!$is_allowedToTrack) {
api_not_allowed();
exit;
}
// Including additional libraries.
require_once api_get_path(SYS_CODE_PATH) . 'resourcelinker/resourcelinker.inc.php';
// Starting the output buffering when we are exporting the information.
$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
$session_id = intval($_REQUEST['id_session']);
if ($export_csv) {
ob_start();
}
if (empty($session_id)) {
$session_id = api_get_session_id();
}
/**
* This function displays the form that is used to add a post. This can be a new thread or a reply.
* @param array $current_forum
* @param array $forum_setting
* @param string $action is the parameter that determines if we are
* 1. newthread: adding a new thread (both empty) => No I-frame
* 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled)
* 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only)
* 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here)
* @return void HMTL
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function show_add_post_form($current_forum, $forum_setting, $action = '', $id = '', $form_values = '')
{
$_user = api_get_user_info();
$action = isset($_GET['action']) ? Security::remove_XSS($_GET['action']) : null;
// Initialize the object.
$myThread = isset($_GET['thread']) ? $_GET['thread'] : '';
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
$my_post = isset($_GET['post']) ? $_GET['post'] : '';
$my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : '';
$form = new FormValidator('thread', 'post', api_get_self() . '?' . http_build_query(['forum' => intval($my_forum), 'gradebook' => $my_gradebook, 'thread' => intval($myThread), 'post' => intval($my_post), 'action' => $action]) . '&' . api_get_cidreq());
$form->setConstants(array('forum' => '5'));
// Setting the form elements.
$form->addElement('hidden', 'forum_id', intval($my_forum));
$form->addElement('hidden', 'thread_id', intval($myThread));
$form->addElement('hidden', 'gradebook', $my_gradebook);
// If anonymous posts are allowed we also display a form to allow the user to put his name or username in.
if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) {
$form->addElement('text', 'poster_name', get_lang('Name'));
$form->applyFilter('poster_name', 'html_filter');
}
$form->addElement('text', 'post_title', get_lang('Title'));
$form->addHtmlEditor('post_text', get_lang('Text'), true, null, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student'));
$form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required');
$iframe = null;
$myThread = Security::remove_XSS($myThread);
if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread' && !empty($myThread)) {
$iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?" . api_get_cidreq() . "&forum=" . Security::remove_XSS($my_forum) . "&thread=" . $myThread . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>";
}
if (!empty($iframe)) {
$form->addElement('label', get_lang('Thread'), $iframe);
}
$form->addElement('advanced_settings', 'advanced_params', get_lang('AdvancedParameters'));
$form->addElement('html', '<div id="advanced_params_options" style="display:none">');
if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$myThread) {
// Thread qualify
if (Gradebook::is_active()) {
//Loading gradebook select
GradebookUtils::load_gradebook_select_in_tool($form);
$form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"');
} else {
$form->addElement('hidden', 'thread_qualify_gradebook', false);
}
$form->addElement('html', '<div id="options_field" style="display:none">');
$form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric'));
$form->applyFilter('numeric_calification', 'html_filter');
$form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook'));
$form->applyFilter('calification_notebook_title', 'html_filter');
$form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), array('value' => '0.00', 'onfocus' => "javascript: this.select();"));
$form->applyFilter('weight_calification', 'html_filter');
$group = array();
$group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('Yes'), 1);
$group[] = $form->createElement('radio', 'thread_peer_qualify', null, get_lang('No'), 0);
$form->addGroup($group, '', [get_lang('ForumThreadPeerScoring'), get_lang('ForumThreadPeerScoringComment')], ' ');
$form->addElement('html', '</div>');
}
if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) {
$form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')');
}
if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') {
$form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost'));
}
if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) {
$values = $form->exportValues();
}
$form->addElement('html', '</div>');
if (in_array($action, ['quote', 'replymessage'])) {
$form->addFile('user_upload[]', get_lang('Attachment'));
$form->addButton('add_attachment', get_lang('AddAttachment'), 'paperclip', 'default', 'default', null, ['id' => 'reply-add-attachment']);
} else {
$form->addFile('user_upload', get_lang('Attachment'));
}
// Setting the class and text of the form title and submit button.
if ($action == 'quote') {
$form->addButtonCreate(get_lang('QuoteMessage'), 'SubmitPost');
} elseif ($action == 'replythread') {
$form->addButtonCreate(get_lang('ReplyToThread'), 'SubmitPost');
} elseif ($action == 'replymessage') {
$form->addButtonCreate(get_lang('ReplyToMessage'), 'SubmitPost');
} else {
$form->addButtonCreate(get_lang('CreateThread'), 'SubmitPost');
}
if (!empty($form_values)) {
$defaults['post_title'] = prepare4display($form_values['post_title']);
$defaults['post_text'] = prepare4display($form_values['post_text']);
$defaults['post_notification'] = strval(intval($form_values['post_notification']));
$defaults['thread_sticky'] = strval(intval($form_values['thread_sticky']));
$defaults['thread_peer_qualify'] = intval($form_values['thread_peer_qualify']);
} else {
$defaults['thread_peer_qualify'] = 0;
}
// If we are quoting a message we have to retrieve the information of the post we are quoting so that
// we can add this as default to the textarea.
if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) {
// We also need to put the parent_id of the post in a hidden form when
// we are quoting or replying to a message (<> reply to a thread !!!)
$form->addElement('hidden', 'post_parent_id', intval($my_post));
// If we are replying or are quoting then we display a default title.
$values = get_post_information($my_post);
$defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES);
// When we are quoting a message then we have to put that message into the wysiwyg editor.
// Note: The style has to be hardcoded here because using class="quote" didn't work.
if ($action == 'quote') {
$defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>';
}
}
$form->setDefaults(isset($defaults) ? $defaults : null);
// The course admin can make a thread sticky (=appears with special icon and always on top).
$form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required');
if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) {
$form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required');
}
// Validation or display
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
$values = $form->exportValues();
if (isset($values['thread_qualify_gradebook']) && $values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) {
Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.history.go(-1);">' . get_lang('Back') . '</a>', false);
return false;
}
Security::clear_token();
return $values;
}
} else {
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
// Delete from $_SESSION forum attachment from other posts
// and keep only attachments for new post
clearAttachedFiles(FORUM_NEW_POST);
// Get forum attachment ajax table to add it to form
$attachmentAjaxTable = getAttachmentsAjaxTable(0, $current_forum['forum_id']);
$ajaxHtml = $attachmentAjaxTable;
$form->addElement('html', $ajaxHtml);
$form->display();
}
}
folders
download file / folder (download icon)
same action on multiple documents
extended feedback
* @package chamilo.dropbox
*/
/**
* Code
*/
/* INIT SECTION */
use ChamiloSession as Session;
$language_file = array('dropbox', 'document');
// including the basic Chamilo initialisation file
require_once '../inc/global.inc.php';
$is_allowed_in_course = api_is_allowed_in_course();
$is_courseTutor = api_is_course_tutor();
$is_courseAdmin = api_is_course_admin();
$current_course_tool = TOOL_DROPBOX;
// the dropbox configuration parameters
$dropbox_cnf = (require_once 'dropbox_config.inc.php');
Session::write('dropbox_conf', $dropbox_cnf);
// the dropbox file that contains additional functions
require_once 'dropbox_functions.inc.php';
require_once api_get_path(LIBRARY_PATH) . 'mail.lib.inc.php';
require_once api_get_path(LIBRARY_PATH) . 'fileUpload.lib.php';
// protecting the script
api_protect_course_script();
/* Libraries */
// including the library for the dropbox
require_once 'dropbox_class.inc.php';
// including some libraries that are also used in the documents tool
/**
* Gets the tools of a certain category. Returns an array expected
* by show_tools_category()
* @param string $course_tool_category contains the category of tools to
* display: "toolauthoring", "toolinteraction", "tooladmin", "tooladminplatform", "toolplugin"
* @return array
*/
public static function get_tools_category($course_tool_category)
{
$course_tool_table = Database::get_course_table(TABLE_TOOL_LIST);
$is_platform_admin = api_is_platform_admin();
$all_tools_list = array();
// Condition for the session
$session_id = api_get_session_id();
$course_id = api_get_course_int_id();
$condition_session = api_get_session_condition($session_id, true, true, 't.session_id');
switch ($course_tool_category) {
case TOOL_STUDENT_VIEW:
$conditions = ' WHERE visibility = 1 AND (category = "authoring" OR category = "interaction" OR category = "plugin") ';
if ((api_is_coach() || api_is_course_tutor()) && $_SESSION['studentview'] != 'studentview') {
$conditions = ' WHERE (visibility = 1 AND (category = "authoring" OR category = "interaction" OR category = "plugin") OR (name = "' . TOOL_TRACKING . '") ) ';
}
$sql = "SELECT *\n FROM {$course_tool_table} t\n {$conditions} AND\n c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
case TOOL_AUTHORING:
$sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'authoring' AND c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
case TOOL_INTERACTION:
$sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'interaction' AND c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
case TOOL_ADMIN_VISIBLE:
$sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'admin' AND visibility ='1' AND c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
case TOOL_ADMIN_PLATFORM:
$sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'admin' AND c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
case TOOL_DRH:
$sql = "SELECT * FROM {$course_tool_table} t\n WHERE name IN ('tracking') AND c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
case TOOL_COURSE_PLUGIN:
//Other queries recover id, name, link, image, visibility, admin, address, added_tool, target, category and session_id
// but plugins are not present in the tool table, only globally and inside the course_settings table once configured
$sql = "SELECT * FROM {$course_tool_table} t\n WHERE category = 'plugin' AND c_id = {$course_id} {$condition_session}\n ORDER BY id";
$result = Database::query($sql);
break;
}
//Get the list of hidden tools - this might imply performance slowdowns
// if the course homepage is loaded many times, so the list of hidden
// tools might benefit from a shared memory storage later on
$list = api_get_settings('Tools', 'list', api_get_current_access_url_id());
$hide_list = array();
$check = false;
foreach ($list as $line) {
// Admin can see all tools even if the course_hide_tools configuration is set
if ($is_platform_admin) {
continue;
}
if ($line['variable'] == 'course_hide_tools' and $line['selected_value'] == 'true') {
$hide_list[] = $line['subkey'];
$check = true;
}
}
while ($temp_row = Database::fetch_assoc($result)) {
$add = false;
if ($check) {
if (!in_array($temp_row['name'], $hide_list)) {
$add = true;
}
} else {
$add = true;
}
if ($temp_row['image'] == 'scormbuilder.gif') {
$lp_id = self::get_published_lp_id_from_link($temp_row['link']);
$lp = new learnpath(api_get_course_id(), $lp_id, api_get_user_id());
$path = $lp->get_preview_image_path(ICON_SIZE_BIG);
$add = $lp->is_lp_visible_for_student($lp_id, api_get_user_id(), api_get_course_id(), api_get_session_id());
if ($path) {
$temp_row['custom_image'] = $path;
}
}
if ($add) {
$all_tools_list[] = $temp_row;
}
}
// Grabbing all the links that have the property on_homepage set to 1
$course_link_table = Database::get_course_table(TABLE_LINK);
$course_item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$condition_session = api_get_session_condition($session_id, true, true, 'tip.session_id');
switch ($course_tool_category) {
case TOOL_AUTHORING:
$sql_links = "SELECT tl.*, tip.visibility\n FROM {$course_link_table} tl\n LEFT JOIN {$course_item_property_table} tip\n ON tip.tool='link' AND tip.ref=tl.id\n WHERE\n tl.c_id = {$course_id} AND\n tip.c_id = {$course_id} AND\n tl.on_homepage='1' {$condition_session}";
break;
case TOOL_INTERACTION:
$sql_links = null;
/*
$sql_links = "SELECT tl.*, tip.visibility
FROM $course_link_table tl
LEFT JOIN $course_item_property_table tip ON tip.tool='link' AND tip.ref=tl.id
WHERE tl.on_homepage='1' ";
*/
break;
case TOOL_STUDENT_VIEW:
$sql_links = "SELECT tl.*, tip.visibility\n FROM {$course_link_table} tl\n LEFT JOIN {$course_item_property_table} tip\n ON tip.tool='link' AND tip.ref=tl.id\n WHERE\n tl.c_id \t\t= {$course_id} AND\n tip.c_id \t\t= {$course_id} AND\n tl.on_homepage\t='1' {$condition_session}";
break;
case TOOL_ADMIN:
$sql_links = "SELECT tl.*, tip.visibility\n FROM {$course_link_table} tl\n LEFT JOIN {$course_item_property_table} tip\n ON tip.tool='link' AND tip.ref=tl.id\n WHERE\n tl.c_id = {$course_id} AND\n tip.c_id = {$course_id} AND\n tl.on_homepage='1' {$condition_session}";
break;
default:
$sql_links = null;
break;
}
// Edited by Kevin Van Den Haute (kevin@develop-it.be) for integrating Smartblogs
if ($sql_links != null) {
$result_links = Database::query($sql_links);
if (Database::num_rows($result_links) > 0) {
while ($links_row = Database::fetch_array($result_links, 'ASSOC')) {
$properties = array();
$properties['name'] = $links_row['title'];
$properties['session_id'] = $links_row['session_id'];
$properties['link'] = $links_row['url'];
$properties['visibility'] = $links_row['visibility'];
$properties['image'] = $links_row['visibility'] == '0' ? 'file_html.png' : 'file_html.png';
$properties['adminlink'] = api_get_path(WEB_CODE_PATH) . 'link/link.php?action=editlink&id=' . $links_row['id'];
$properties['target'] = $links_row['target'];
$tmp_all_tools_list[] = $properties;
}
}
}
if (isset($tmp_all_tools_list)) {
foreach ($tmp_all_tools_list as $tool) {
if ($tool['image'] == 'blog.gif') {
// Init
$tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER);
// Get blog id
$blog_id = substr($tool['link'], strrpos($tool['link'], '=') + 1, strlen($tool['link']));
// Get blog members
if ($is_platform_admin) {
$sql_blogs = "SELECT * FROM {$tbl_blogs_rel_user} blogs_rel_user\n WHERE blog_id =" . $blog_id;
} else {
$sql_blogs = "SELECT * FROM {$tbl_blogs_rel_user} blogs_rel_user\n WHERE blog_id =" . $blog_id . " AND user_id = " . api_get_user_id();
}
$result_blogs = Database::query($sql_blogs);
if (Database::num_rows($result_blogs) > 0) {
$all_tools_list[] = $tool;
}
} else {
$all_tools_list[] = $tool;
}
}
}
return $all_tools_list;
}
/**
* Function that removes the need to directly use is_courseAdmin global in
* tool scripts. It returns true or false depending on the user's rights in
* this particular course.
* Optionally checking for tutor and coach roles here allows us to use the
* student_view feature altogether with these roles as well.
* @param bool Whether to check if the user has the tutor role
* @param bool Whether to check if the user has the coach role
* @param bool Whether to check if the user has the session coach role
* @param bool check the student view or not
*
* @author Roan Embrechts
* @author Patrick Cool
* @author Julio Montoya
* @version 1.1, February 2004
* @return boolean, true: the user has the rights to edit, false: he does not
*/
function api_is_allowed_to_edit($tutor = false, $coach = false, $session_coach = false, $check_student_view = true)
{
$my_session_id = api_get_session_id();
$is_allowed_coach_to_edit = api_is_coach(null, null, $check_student_view);
$session_visibility = api_get_session_visibility($my_session_id);
$studentView = Session::read('studentview');
// Admins can edit anything.
if (api_is_platform_admin(false)) {
//The student preview was on
if ($check_student_view && $studentView == "studentview") {
return false;
} else {
return true;
}
}
$is_courseAdmin = api_is_course_admin();
if (!$is_courseAdmin && $tutor) {
// If we also want to check if the user is a tutor...
$is_courseAdmin = $is_courseAdmin || api_is_course_tutor();
}
if (!$is_courseAdmin && $coach) {
// If we also want to check if the user is a coach...';
// Check if session visibility is read only for coaches.
if ($session_visibility == SESSION_VISIBLE_READ_ONLY) {
$is_allowed_coach_to_edit = false;
}
if (api_get_setting('session.allow_coach_to_edit_course_session') == 'true') {
// Check if coach is allowed to edit a course.
$is_courseAdmin = $is_courseAdmin || $is_allowed_coach_to_edit;
} else {
$is_courseAdmin = $is_courseAdmin;
}
}
if (!$is_courseAdmin && $session_coach) {
$is_courseAdmin = $is_courseAdmin || $is_allowed_coach_to_edit;
}
// Check if the student_view is enabled, and if so, if it is activated.
if (api_get_setting('course.student_view_enabled') == 'true') {
if (!empty($my_session_id)) {
// Check if session visibility is read only for coaches.
if ($session_visibility == SESSION_VISIBLE_READ_ONLY) {
$is_allowed_coach_to_edit = false;
}
if (api_get_setting('session.allow_coach_to_edit_course_session') == 'true') {
// Check if coach is allowed to edit a course.
$is_allowed = $is_allowed_coach_to_edit;
} else {
$is_allowed = false;
}
if ($check_student_view) {
$is_allowed = $is_allowed && $studentView != 'studentview';
}
} else {
if ($check_student_view) {
$is_allowed = $is_courseAdmin && $studentView != 'studentview';
} else {
$is_allowed = $is_courseAdmin;
}
}
return $is_allowed;
} else {
return $is_courseAdmin;
}
}
/**
* @return array|null|string
*/
function store_add_dropbox()
{
$_course = api_get_course_info();
$_user = api_get_user_info();
$dropbox_cnf = getDropboxConf();
// Validating the form data
// there are no recipients selected
if (!isset($_POST['recipients']) || count($_POST['recipients']) <= 0) {
return get_lang('YouMustSelectAtLeastOneDestinee');
} else {
// Check if all the recipients are valid
$thisIsAMailing = false;
$thisIsJustUpload = false;
foreach ($_POST['recipients'] as $rec) {
if ($rec == 'mailing') {
$thisIsAMailing = true;
} elseif ($rec == 'upload') {
$thisIsJustUpload = true;
} elseif (strpos($rec, 'user_') === 0 && !isCourseMember(substr($rec, strlen('user_')))) {
return get_lang('InvalideUserDetected');
} elseif (strpos($rec, 'group_') !== 0 && strpos($rec, 'user_') !== 0) {
return get_lang('InvalideGroupDetected');
}
}
}
// we are doing a mailing but an additional recipient is selected
if ($thisIsAMailing && count($_POST['recipients']) != 1) {
return get_lang('MailingSelectNoOther');
}
// we are doing a just upload but an additional recipient is selected.
// note: why can't this be valid? It is like sending a document to yourself AND to a different person (I do this quite often with my e-mails)
if ($thisIsJustUpload && count($_POST['recipients']) != 1) {
return get_lang('MailingJustUploadSelectNoOther');
}
if (empty($_FILES['file']['name'])) {
$error = true;
return get_lang('NoFileSpecified');
}
// are we overwriting a previous file or sending a new one
$dropbox_overwrite = false;
if (isset($_POST['cb_overwrite']) && $_POST['cb_overwrite']) {
$dropbox_overwrite = true;
}
// doing the upload
$dropbox_filename = $_FILES['file']['name'];
$dropbox_filesize = $_FILES['file']['size'];
$dropbox_filetype = $_FILES['file']['type'];
$dropbox_filetmpname = $_FILES['file']['tmp_name'];
// check if the filesize does not exceed the allowed size.
if ($dropbox_filesize <= 0 || $dropbox_filesize > $dropbox_cnf['maxFilesize']) {
return get_lang('DropboxFileTooBig');
// TODO: The "too big" message does not fit in the case of uploading zero-sized file.
}
// check if the file is actually uploaded
if (!is_uploaded_file($dropbox_filetmpname)) {
// check user fraud : no clean error msg.
return get_lang('TheFileIsNotUploaded');
}
$upload_ok = process_uploaded_file($_FILES['file'], true);
if (!$upload_ok) {
return null;
}
// Try to add an extension to the file if it hasn't got one
$dropbox_filename = add_ext_on_mime($dropbox_filename, $dropbox_filetype);
// Replace dangerous characters
$dropbox_filename = replace_dangerous_char($dropbox_filename);
// Transform any .php file in .phps fo security
$dropbox_filename = php2phps($dropbox_filename);
//filter extension
if (!filter_extension($dropbox_filename)) {
return get_lang('UplUnableToSaveFileFilteredExtension');
}
// set title
$dropbox_title = $dropbox_filename;
// set author
if (!isset($_POST['authors'])) {
$_POST['authors'] = getUserNameFromId($_user['user_id']);
}
// note: I think we could better migrate everything from here on to separate functions: store_new_dropbox, store_new_mailing, store_just_upload
if ($dropbox_overwrite) {
$dropbox_person = new Dropbox_Person($_user['user_id'], api_is_course_admin(), api_is_course_tutor());
foreach ($dropbox_person->sentWork as $w) {
if ($w->title == $dropbox_filename) {
if ($w->recipients[0]['id'] > dropbox_cnf('mailingIdBase') xor $thisIsAMailing) {
return get_lang('MailingNonMailingError');
}
if ($w->recipients[0]['id'] == $_user['user_id'] xor $thisIsJustUpload) {
return get_lang('MailingJustUploadSelectNoOther');
}
$dropbox_filename = $w->filename;
$found = true;
// note: do we still need this?
break;
}
}
} else {
// rename file to login_filename_uniqueId format
$dropbox_filename = getLoginFromId($_user['user_id']) . "_" . $dropbox_filename . "_" . uniqid('');
}
// creating the array that contains all the users who will receive the file
$new_work_recipients = array();
foreach ($_POST['recipients'] as $rec) {
if (strpos($rec, 'user_') === 0) {
$new_work_recipients[] = substr($rec, strlen('user_'));
} elseif (strpos($rec, 'group_') === 0) {
$userList = GroupManager::get_subscribed_users(substr($rec, strlen('group_')));
foreach ($userList as $usr) {
if (!in_array($usr['user_id'], $new_work_recipients) && $usr['user_id'] != $_user['user_id']) {
$new_work_recipients[] = $usr['user_id'];
}
}
}
}
@move_uploaded_file($dropbox_filetmpname, dropbox_cnf('sysPath') . '/' . $dropbox_filename);
$b_send_mail = api_get_course_setting('email_alert_on_new_doc_dropbox');
if ($b_send_mail) {
foreach ($new_work_recipients as $recipient_id) {
$recipent_temp = UserManager::get_user_info_by_id($recipient_id);
$additionalParameters = array('smsType' => ClockworksmsPlugin::NEW_FILE_SHARED_COURSE_BY, 'userId' => $recipient_id, 'courseTitle' => $_course['title'], 'userUsername' => $recipent_temp['username']);
api_mail_html(api_get_person_name($recipent_temp['firstname'] . ' ' . $recipent_temp['lastname'], null, PERSON_NAME_EMAIL_ADDRESS), $recipent_temp['email'], get_lang('NewDropboxFileUploaded'), get_lang('NewDropboxFileUploadedContent') . ' ' . api_get_path(WEB_CODE_PATH) . 'dropbox/index.php?cidReq=' . $_course['sysCode'] . "\n\n" . api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS) . "\n" . get_lang('Email') . " : " . $_user['mail'], api_get_person_name($_user['firstName'], $_user['lastName'], null, PERSON_NAME_EMAIL_ADDRESS), $_user['mail'], null, null, null, $additionalParameters);
}
}
new Dropbox_SentWork($_user['user_id'], $dropbox_title, $_POST['description'], strip_tags($_POST['authors']), $dropbox_filename, $dropbox_filesize, $new_work_recipients);
Security::clear_token();
return get_lang('FileUploadSucces');
}
require_once api_get_path(SYS_CODE_PATH) . 'gradebook/lib/be.inc.php';
// Setting the tabs
$this_section = SECTION_COURSES;
$htmlHeadXtra[] = api_get_js('qtip2/jquery.qtip.min.js');
$htmlHeadXtra[] = api_get_css(api_get_path(WEB_LIBRARY_PATH) . 'javascript/qtip2/jquery.qtip.min.css');
// Access control
api_protect_course_script(true);
// including additional libraries
require_once 'exercise.class.php';
require_once 'question.class.php';
require_once 'answer.class.php';
require_once 'hotpotatoes.lib.php';
/* Constants and variables */
$is_allowedToEdit = api_is_allowed_to_edit(null, true);
$is_tutor = api_is_allowed_to_edit(true);
$is_tutor_course = api_is_course_tutor();
$TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$TBL_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$TBL_EXERCICE_QUESTION = Database::get_course_table(TABLE_QUIZ_TEST_QUESTION);
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
$TBL_TRACK_EXERCICES = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCICES);
// document path
$documentPath = api_get_path(SYS_COURSE_PATH) . $_course['path'] . "/document";
// picture path
$picturePath = $documentPath . '/images';
// audio path
$audioPath = $documentPath . '/audio';
// hotpotatoes
$uploadPath = DIR_HOTPOTATOES;
//defined in main_api
$exercicePath = api_get_self();
$user_id = isset($_GET['student_id']) ? intval($_GET['student_id']) : api_get_user_id();
$courseCode = isset($_GET['course']) ? Security::remove_XSS($_GET['course']) : api_get_course_id();
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null;
$lp_id = intval($_GET['lp_id']);
$csv_content = array();
$course_info = api_get_course_info($courseCode);
if (empty($course_info) || empty($lp_id)) {
api_not_allowed();
}
$userInfo = api_get_user_info($user_id);
$name = $userInfo['complete_name'];
if (!api_is_platform_admin(true) &&
!CourseManager :: is_course_teacher(api_get_user_id(), $courseCode) &&
!Tracking :: is_allowed_to_coach_student(api_get_user_id(), $user_id) && !api_is_drh() && !api_is_course_tutor()) {
api_not_allowed();
}
if ($origin == 'user_course') {
$interbreadcrumb[] = array ("url" => api_get_path(WEB_COURSE_PATH).$course_info['directory'], 'name' => $course_info['name']);
$interbreadcrumb[] = array ("url" => "../user/user.php?cidReq=".$courseCode, "name" => get_lang("Users"));
} else if($origin == 'tracking_course') {
$interbreadcrumb[] = array ("url" => "../tracking/courseLog.php?cidReq=".$courseCode.'&id_session='.$session_id, "name" => get_lang("Tracking"));
} else {
$interbreadcrumb[] = array ("url" => "index.php", "name" => get_lang('MySpace'));
$interbreadcrumb[] = array ("url" => "student.php", "name" => get_lang("MyStudents"));
$interbreadcrumb[] = array ("url" => "myStudents.php?student=".$user_id, "name" => get_lang("StudentDetails"));
$nameTools=get_lang("DetailsStudentInCourse");
}
}
require_once api_get_path(SYS_CODE_PATH) . 'newscorm/learnpath.class.php';
require_once api_get_path(SYS_CODE_PATH) . 'newscorm/learnpathItem.class.php';
$session_id = isset($_REQUEST['id_session']) && !empty($_REQUEST['id_session']) ? intval($_REQUEST['id_session']) : api_get_session_id();
$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
if ($export_csv) {
ob_start();
}
$csv_content = array();
$user_id = intval($_GET['student_id']);
if (isset($_GET['course'])) {
$cidReq = Security::remove_XSS($_GET['course']);
}
$user_infos = UserManager::get_user_info_by_id($user_id);
$name = api_get_person_name($user_infos['firstname'], $user_infos['lastname']);
if (!api_is_platform_admin(true) && !CourseManager::is_course_teacher(api_get_user_id(), api_get_course_int_id()) && !Tracking::is_allowed_to_coach_student(api_get_user_id(), $_GET['student_id']) && !api_is_drh() && !api_is_course_tutor()) {
api_not_allowed();
}
$course_exits = CourseManager::course_exists($cidReq);
if (!empty($course_exits)) {
$course_info = api_get_course_info($cidReq);
} else {
api_not_allowed();
}
if (!empty($_GET['origin']) && $_GET['origin'] == 'user_course') {
$interbreadcrumb[] = array("url" => api_get_path(WEB_COURSE_PATH) . $course_info['directory'], 'name' => $course_info['name']);
$interbreadcrumb[] = array("url" => "../user/user.php?cidReq=" . $cidReq, "name" => get_lang("Users"));
} else {
if (!empty($_GET['origin']) && $_GET['origin'] == 'tracking_course') {
$interbreadcrumb[] = array("url" => "../tracking/courseLog.php?cidReq=" . $cidReq . '&id_session=' . $session_id, "name" => get_lang("Tracking"));
} else {
printf('<courseobject>');
foreach ($_SESSION['_course'] as $key => $val) {
printf('<%s>%s</%s>', $key, api_utf8_encode($val), $key);
}
printf('</courseobject>');
printf('<userobject>');
foreach ($_SESSION['_user'] as $key => $val) {
if ($key != "auth_source") {
if (($key == "lastName" || $key == "firstName") && strlen($val) == 0) {
$val = get_lang('Unknown');
}
printf('<%s>%s</%s>', $key, api_utf8_encode($val), $key);
}
}
printf('<sid>%s</sid>', session_id());
$isadmin = CourseManager::get_user_in_course_status($_SESSION['_user']['user_id'], $_SESSION['_course']['sysCode']) == COURSEMANAGER || api_is_platform_admin() || api_is_course_tutor() || api_is_course_admin() || api_is_course_coach() ? "true" : "false";
printf('<key>%s</key>', md5($confkey . $challenge));
printf('<challenge>%s</challenge>', $challenge);
printf('<isUploadAllowed>%s</isUploadAllowed>', $isadmin);
printf('<canStartModerator>%s</canStartModerator>', $isadmin == 'true' || $_SESSION["roomType"] == "conference" ? 'true' : 'false');
printf('<mustStartModerator>%s</mustStartModerator>', $isadmin == 'true' || $_SESSION["roomType"] == "conference" ? 'true' : 'false');
printf('</userobject>');
printf('<config>');
printf('<host>' . api_get_setting('service_visio', 'visio_host') . '</host>');
printf('<port>' . api_get_setting('service_visio', 'visio_port') . '</port>');
printf('</config>');
$path = preg_replace('/^([^:]*:\\/\\/)/', '', api_get_path(WEB_PATH));
$path = str_replace('/', '_', $path);
printf('<roomConfig>');
printf('<portal>%s</portal>', $path);
printf('<roomType>%s</roomType>', $_SESSION['roomType']);
/**
* This function displays the form that is used to add a post. This can be a new thread or a reply.
* @param $action is the parameter that determines if we are
* 1. newthread: adding a new thread (both empty) => No I-frame
* 2. replythread: Replying to a thread ($action = replythread) => I-frame with the complete thread (if enabled)
* 3. replymessage: Replying to a message ($action =replymessage) => I-frame with the complete thread (if enabled) (I first thought to put and I-frame with the message only)
* 4. quote: Quoting a message ($action= quotemessage) => I-frame with the complete thread (if enabled). The message will be in the reply. (I first thought not to put an I-frame here)
* @return void HMTL
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function show_add_post_form($action = '', $id = '', $form_values = '')
{
global $forum_setting;
global $current_forum;
global $_user;
global $origin;
$gradebook = Security::remove_XSS($_GET['gradebook']);
// Setting the class and text of the form title and submit button.
if ($_GET['action'] == 'quote') {
$class = 'save';
$text = get_lang('QuoteMessage');
} elseif ($_GET['action'] == 'replythread') {
$class = 'save';
$text = get_lang('ReplyToThread');
} elseif ($_GET['action'] == 'replymessage') {
$class = 'save';
$text = get_lang('ReplyToMessage');
} else {
$class = 'add';
$text = get_lang('CreateThread');
}
// Initialize the object.
$my_thread = isset($_GET['thread']) ? $_GET['thread'] : '';
$my_forum = isset($_GET['forum']) ? $_GET['forum'] : '';
$my_action = isset($_GET['action']) ? $_GET['action'] : '';
$my_post = isset($_GET['post']) ? $_GET['post'] : '';
$my_gradebook = isset($_GET['gradebook']) ? Security::remove_XSS($_GET['gradebook']) : '';
$form = new FormValidator('thread', 'post', api_get_self() . '?forum=' . Security::remove_XSS($my_forum) . '&gradebook=' . $gradebook . '&thread=' . Security::remove_XSS($my_thread) . '&post=' . Security::remove_XSS($my_post) . '&action=' . Security::remove_XSS($my_action) . '&origin=' . $origin);
$form->setConstants(array('forum' => '5'));
$form->addElement('header', $text);
// Settting the form elements.
$form->addElement('hidden', 'forum_id', intval($my_forum));
$form->addElement('hidden', 'thread_id', intval($my_thread));
$form->addElement('hidden', 'gradebook', $my_gradebook);
// If anonymous posts are allowed we also display a form to allow the user to put his name or username in.
if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) {
$form->addElement('text', 'poster_name', get_lang('Name'));
$form->applyFilter('poster_name', 'html_filter');
}
$form->addElement('text', 'post_title', get_lang('Title'));
$form->addElement('html_editor', 'post_text', get_lang('Text'), true, api_is_allowed_to_edit(null, true) ? array('ToolbarSet' => 'Forum', 'Width' => '100%', 'Height' => '300') : array('ToolbarSet' => 'ForumStudent', 'Width' => '100%', 'Height' => '300', 'UserStatus' => 'student'));
$form->addRule('post_text', get_lang('ThisFieldIsRequired'), 'required');
$form->addElement('advanced_settings', '<a href="javascript://" onclick="return advanced_parameters()">
<span id="img_plus_and_minus"> ' . Display::return_icon('div_show.gif', get_lang('Show'), array('style' => 'vertical-align:middle')) . ' ' . get_lang('AdvancedParameters') . '</span></a>');
$form->addElement('html', '<div id="id_qualify" style="display:none">');
if ((api_is_course_admin() || api_is_course_coach() || api_is_course_tutor()) && !$my_thread) {
// Thread qualify
if (Gradebook::is_active()) {
//Loading gradebook select
load_gradebook_select_in_tool($form);
$form->addElement('checkbox', 'thread_qualify_gradebook', '', get_lang('QualifyThreadGradebook'), 'onclick="javascript:if(this.checked==true){document.getElementById(\'options_field\').style.display = \'block\';}else{document.getElementById(\'options_field\').style.display = \'none\';}"');
} else {
$form->addElement('hidden', 'thread_qualify_gradebook', false);
}
$form->addElement('html', '<div id="options_field" style="display:none">');
$form->addElement('text', 'numeric_calification', get_lang('QualificationNumeric'));
$form->applyFilter('numeric_calification', 'html_filter');
$form->addElement('text', 'calification_notebook_title', get_lang('TitleColumnGradebook'));
$form->applyFilter('calification_notebook_title', 'html_filter');
$form->addElement('text', 'weight_calification', get_lang('QualifyWeight'), 'value="0.00" Style="width:40px" onfocus="javascript: this.select();"');
$form->applyFilter('weight_calification', 'html_filter');
$form->addElement('html', '</div>');
}
if ($forum_setting['allow_post_notification'] && isset($_user['user_id'])) {
$form->addElement('checkbox', 'post_notification', '', get_lang('NotifyByEmail') . ' (' . $_user['mail'] . ')');
}
if ($forum_setting['allow_sticky'] && api_is_allowed_to_edit(null, true) && $action == 'newthread') {
$form->addElement('checkbox', 'thread_sticky', '', get_lang('StickyPost'));
}
if ($current_forum['allow_attachments'] == '1' || api_is_allowed_to_edit(null, true)) {
$values = $form->exportValues();
}
// User upload
$form->addElement('static', null, null, get_lang('AddAnAttachment'));
$form->addElement('file', 'user_upload', get_lang('FileName'), '');
$form->addElement('textarea', 'file_comment', get_lang('FileComment'), array('rows' => 4, 'cols' => 34));
$form->applyFilter('file_comment', 'html_filter');
$form->addElement('html', '</div>');
$form->addElement('style_submit_button', 'SubmitPost', $text, 'class="' . $class . '"');
$form->add_real_progress_bar('DocumentUpload', 'user_upload');
if (!empty($form_values)) {
$defaults['post_title'] = prepare4display($form_values['post_title']);
$defaults['post_text'] = prepare4display($form_values['post_text']);
$defaults['post_notification'] = strval(intval($form_values['post_notification']));
$defaults['thread_sticky'] = strval(intval($form_values['thread_sticky']));
}
// If we are quoting a message we have to retrieve the information of the post we are quoting so that
// we can add this as default to the textarea.
if (($action == 'quote' || $action == 'replymessage') && isset($my_post)) {
// We also need to put the parent_id of the post in a hidden form when we are quoting or replying to a message (<> reply to a thread !!!)
$form->addElement('hidden', 'post_parent_id', strval(intval($my_post)));
// Note: This has to be cleaned first.
// If we are replying or are quoting then we display a default title.
$values = get_post_information($my_post);
// Note: This has to be cleaned first.
$defaults['post_title'] = get_lang('ReplyShort') . api_html_entity_decode($values['post_title'], ENT_QUOTES);
// When we are quoting a message then we have to put that message into the wysiwyg editor.
// Note: The style has to be hardcoded here because using class="quote" didn't work.
if ($action == 'quote') {
$defaults['post_text'] = '<div> </div><div style="margin: 5px;"><div style="font-size: 90%; font-style: italic;">' . get_lang('Quoting') . ' ' . api_get_person_name($values['firstname'], $values['lastname']) . ':</div><div style="color: #006600; font-size: 90%; font-style: italic; background-color: #FAFAFA; border: #D1D7DC 1px solid; padding: 3px;">' . prepare4display($values['post_text']) . '</div></div><div> </div><div> </div>';
}
}
$form->setDefaults(isset($defaults) ? $defaults : null);
// The course admin can make a thread sticky (=appears with special icon and always on top).
$form->addRule('post_title', get_lang('ThisFieldIsRequired'), 'required');
if ($current_forum['allow_anonymous'] == 1 && !isset($_user['user_id'])) {
$form->addRule('poster_name', get_lang('ThisFieldIsRequired'), 'required');
}
// Validation or display
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
$values = $form->exportValues();
if ($values['thread_qualify_gradebook'] == '1' && empty($values['weight_calification'])) {
Display::display_error_message(get_lang('YouMustAssignWeightOfQualification') . ' <a href="javascript:window.back()">' . get_lang('Back') . '</a>', false);
return false;
}
Security::clear_token();
return $values;
}
} else {
$token = Security::get_token();
$form->addElement('hidden', 'sec_token');
$form->setConstants(array('sec_token' => $token));
$iframe = null;
if ($forum_setting['show_thread_iframe_on_reply'] && $action != 'newthread') {
$iframe = "<iframe style=\"border: 1px solid black\" src=\"iframe_thread.php?forum=" . Security::remove_XSS($my_forum) . "&thread=" . Security::remove_XSS($my_thread) . "#" . Security::remove_XSS($my_post) . "\" width=\"100%\"></iframe>";
}
if (!empty($iframe)) {
$form->addElement('label', get_lang('Thread'), $iframe);
}
$form->display();
}
}
$this_section = SECTION_COURSES;
}
$session_id = isset($_REQUEST['id_session']) && !empty($_REQUEST['id_session']) ? intval($_REQUEST['id_session']) : api_get_session_id();
$export_csv = isset($_GET['export']) && $_GET['export'] == 'csv' ? true : false;
$user_id = isset($_GET['student_id']) ? intval($_GET['student_id']) : api_get_user_id();
$courseCode = isset($_GET['course']) ? Security::remove_XSS($_GET['course']) : api_get_course_id();
$origin = isset($_GET['origin']) ? Security::remove_XSS($_GET['origin']) : null;
$lp_id = intval($_GET['lp_id']);
$csv_content = array();
$course_info = api_get_course_info($courseCode);
if (empty($course_info) || empty($lp_id)) {
api_not_allowed();
}
$userInfo = api_get_user_info($user_id);
$name = $userInfo['complete_name'];
if (!api_is_platform_admin(true) && !CourseManager::is_course_teacher(api_get_user_id(), $courseCode) && !Tracking::is_allowed_to_coach_student(api_get_user_id(), $user_id) && !api_is_drh() && !api_is_course_tutor()) {
api_not_allowed();
}
if ($origin == 'user_course') {
$interbreadcrumb[] = array("url" => api_get_path(WEB_COURSE_PATH) . $course_info['directory'], 'name' => $course_info['name']);
$interbreadcrumb[] = array("url" => "../user/user.php?cidReq=" . $courseCode, "name" => get_lang("Users"));
} else {
if ($origin == 'tracking_course') {
$interbreadcrumb[] = array("url" => "../tracking/courseLog.php?cidReq=" . $courseCode . '&id_session=' . $session_id, "name" => get_lang("Tracking"));
} else {
$interbreadcrumb[] = array("url" => "index.php", "name" => get_lang('MySpace'));
$interbreadcrumb[] = array("url" => "student.php", "name" => get_lang("MyStudents"));
$interbreadcrumb[] = array("url" => "myStudents.php?student=" . $user_id, "name" => get_lang("StudentDetails"));
$nameTools = get_lang("DetailsStudentInCourse");
}
}
