function getTabNavigation($course_id) { #$navigation = new AutoNavigation(_('Teilnehmende')); $navigation = new Navigation(_('Teilnehmende')); $navigation->setImage(Icon::create('persons', 'info_alt')); $navigation->setActiveImage(Icon::create('persons', 'info')); $navigation->addSubNavigation('view', new Navigation(_('Teilnehmende'), 'dispatch.php/course/members')); if (Course::find($course_id)->aux_lock_rule) { $navigation->addSubNavigation('additional', new Navigation(_('Zusatzangaben'), 'dispatch.php/course/members/additional')); } $navigation->addSubNavigation('view_groups', new Navigation(_('Funktionen / Gruppen'), 'statusgruppen.php?view=statusgruppe_sem')); if ($GLOBALS['perm']->have_studip_perm('tutor', $course_id) && !LockRules::check($course_id, 'groups')) { $navigation->addSubNavigation('edit_groups', new Navigation(_('Funktionen / Gruppen verwalten'), 'admin_statusgruppe.php?new_sem=TRUE&range_id=' . $course_id)); } return array('members' => $navigation); }
/** * Initialize the subnavigation of this item. This method * is called once before the first item is added or removed. */ public function initSubNavigation() { global $user, $perm; parent::initSubNavigation(); $username = Request::username('username', $user->username); $current_user = $username == $user->username ? $user : User::findByUsername($username); // profile $navigation = new Navigation(_('Profil'), 'dispatch.php/profile/index'); $this->addSubNavigation('index', $navigation); if ($perm->have_profile_perm('user', $current_user->user_id)) { // avatar $navigation = new Navigation(_('Bild'), 'dispatch.php/settings/avatar'); $this->addSubNavigation('avatar', $navigation); // profile data $navigation = new Navigation(_('Nutzerdaten')); $navigation->addSubNavigation('profile', new Navigation(_('Grunddaten'), 'dispatch.php/settings/account')); if (($perm->get_profile_perm($current_user->user_id) == 'user' || $perm->have_perm('root') && Config::get()->ALLOW_ADMIN_USERACCESS) && !StudipAuthAbstract::CheckField('auth_user_md5.password', $current_user->auth_plugin) && !LockRules::check($current_user->user_id, 'password')) { $navigation->addSubNavigation('password', new Navigation(_('Passwort ändern'), 'dispatch.php/settings/password')); } $navigation->addSubNavigation('details', new Navigation(_('Weitere Daten'), 'dispatch.php/settings/details')); if (!in_array($current_user->perms, words('user admin root'))) { $navigation->addSubNavigation('studies', new Navigation(_('Studiendaten'), 'dispatch.php/settings/studies')); } if ($current_user->perms != 'root') { if (count(UserDomain::getUserDomains())) { $navigation->addSubNavigation('userdomains', new Navigation(_('Nutzerdomänen'), 'dispatch.php/settings/userdomains')); } if ($perm->is_staff_member($current_user->user_id)) { $navigation->addSubNavigation('statusgruppen', new Navigation(_('Einrichtungsdaten'), 'dispatch.php/settings/statusgruppen')); } } $this->addSubNavigation('edit', $navigation); if ($perm->have_perm('autor')) { $navigation = new Navigation(_('Einstellungen')); $navigation->addSubNavigation('general', new Navigation(_('Allgemeines'), 'dispatch.php/settings/general')); $navigation->addSubNavigation('privacy', new Navigation(_('Privatsphäre'), 'dispatch.php/settings/privacy')); $navigation->addSubNavigation('messaging', new Navigation(_('Nachrichten'), 'dispatch.php/settings/messaging')); if (get_config('CALENDAR_ENABLE')) { $navigation->addSubNavigation('calendar_new', new Navigation(_('Terminkalender'), 'dispatch.php/settings/calendar')); } if (!$perm->have_perm('admin') and get_config('MAIL_NOTIFICATION_ENABLE')) { $navigation->addSubNavigation('notification', new Navigation(_('Benachrichtigung'), 'dispatch.php/settings/notification')); } if (isDefaultDeputyActivated() && $perm->get_perm() == 'dozent') { $navigation->addSubNavigation('deputies', new Navigation(_('Standardvertretung'), 'dispatch.php/settings/deputies')); } if (Config::Get()->API_ENABLED) { $navigation->addSubNavigation('api', new Navigation(_('API-Berechtigungen'), 'dispatch.php/api/authorizations')); } $this->addSubNavigation('settings', $navigation); } // user defined sections $navigation = new Navigation(_('Kategorien'), 'dispatch.php/settings/categories'); $this->addSubNavigation('categories', $navigation); } // user documents page if (Config::get()->PERSONALDOCUMENT_ENABLE && ($perm->have_profile_perm('user', $current_user->user_id) || Config::get()->PERSONALDOCUMENT_OPEN_ACCESS)) { $title = _('Meine Dateien'); if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS && $current_user->id !== $user->id) { $title = _('Dateibereich'); } $navigation = new Navigation($title, 'dispatch.php/document/files'); $this->addSubNavigation('files', $navigation); } }
case "admin_visibility.php": if ($perm->have_perm("admin") || (get_config('ALLOW_DOZENT_VISIBILITY') && $perm->have_perm('dozent'))) { if(!LockRules::check($seminar_id, 'seminar_visibility')){ ?> <input type="hidden" name="all_sem[]" value="<? echo $seminar_id ?>"> <input type="CHECKBOX" name="visibility_sem[<? echo $seminar_id ?>]" <? if (!Request::get('select_none') && (Request::get('select_all') || $result['visible'])) echo ' checked'; ?>> <? } else { echo $result['visible'] ? _("sichtbar") : _("versteckt"); } } break; case "archiv_assi.php": if ($perm->have_perm("admin") || (get_config('ALLOW_DOZENT_ARCHIV') && $perm->have_perm('dozent'))) { if(!LockRules::check($seminar_id, 'seminar_visibility')){ ?> <input type="hidden" name="archiv_sem[]" value="_id_<? echo $seminar_id ?>"> <input type="CHECKBOX" name="archiv_sem[]" <? if (Request::get('select_all')) echo ' checked'; ?>> <? } else { echo " "; } } break; case "dispatch.php": if ($this instanceof Course_StudyAreasController){ echo _("Studienbereiche") . '<br>', LinkButton::create(_("Bearbeiten"), $this->url_for('course/study_areas/show/' . $seminar_id)); } elseif ($this instanceof Course_BasicdataController){ echo _("Veranstaltung") . '<br>',
?> </td> </tr> <? endif; ?> <tr> <td> <label for="email" <? if (!$prelim) echo 'class="required"'; ?>> <?php echo _('E-Mail'); ?> : </label> </td> <td colspan="2"> <? if (StudipAuthAbstract::CheckField("auth_user_md5.Email", $auth_plugin) || LockRules::check($user['user_id'], 'email')) : ?> <?php echo htmlReady($user["Email"]); ?> <? else : ?> <input class="user_form" type="text" name="Email" id="email" value="<?php echo htmlReady($user['Email']); ?> " <? if (!$prelim) echo 'required'; ?>> <? if ($GLOBALS['MAIL_VALIDATE_BOX']) : ?> <label> <input type="checkbox" name="disable_mail_host_check" value="1"> <?php echo _('Mailboxüberprüfung deaktivieren'); ?>
/** * Determines whether a user is permitted to change a certain value * and if provided, whether the value has actually changed. * * @param String $field Which db field shall change * @param mixed $attribute Which attribute is related (optional, * automatically guessedif missing) * @param mixed $value Optional new value of the field (used to determine * whether the value has actually changed) * @return bool Indicates whether the value shall actually change */ public function shallChange($field, $attribute = null, $value = null) { $column = end(explode('.', $field)); $attribute = $attribute ?: strtolower($column); $global_mapping = array('email' => 'ALLOW_CHANGE_EMAIL', 'name' => 'ALLOW_CHANGE_NAME', 'title' => 'ALLOW_CHANGE_TITLE', 'username' => 'ALLOW_CHANGE_USERNAME'); if (isset($global_mapping[$attribute]) and !$GLOBALS[$global_mapping[$attribute]]) { return false; } return !($field && StudipAuthAbstract::CheckField($field, $this->user->auth_plugin)) && !LockRules::check($this->user->user_id, $attribute) && ($value === null || $this->user->{$column} != $value); }
function getTabNavigation($course_id) { $sem_create_perm = in_array(get_config('SEM_CREATE_PERM'), array('root', 'admin', 'dozent')) ? get_config('SEM_CREATE_PERM') : 'dozent'; if ($GLOBALS['perm']->have_studip_perm('tutor', $course_id)) { $navigation = new Navigation(_('Verwaltung')); $navigation->setImage(Icon::create('admin', 'info_alt')); $navigation->setActiveImage(Icon::create('admin', 'info')); $main = new Navigation(_('Verwaltung'), 'dispatch.php/course/management'); $navigation->addSubNavigation('main', $main); if ($GLOBALS['SessSemName']['class'] !== "inst") { $item = new Navigation(_('Grunddaten'), 'dispatch.php/course/basicdata/view/' . $course_id); $item->setImage(Icon::create('edit', 'clickable')); $item->setDescription(_('Bearbeiten der Grundeinstellungen dieser Veranstaltung.')); $navigation->addSubNavigation('details', $item); $item = new Navigation(_('Infobild'), 'dispatch.php/course/avatar/update/' . $course_id); $item->setImage(Icon::create('file-pic', 'clickable')); $item->setDescription(_('Infobild dieser Veranstaltung bearbeiten oder löschen.')); $navigation->addSubNavigation('avatar', $item); $item = new Navigation(_('Studienbereiche'), 'dispatch.php/course/study_areas/show/' . $course_id); $item->setImage(Icon::create('module', 'clickable')); $item->setDescription(_('Zuordnung dieser Veranstaltung zu Studienbereichen für die Darstellung im Verzeichnis aller Veranstaltungen.')); $navigation->addSubNavigation('study_areas', $item); $item = new Navigation(_('Zeiten/Räume'), 'dispatch.php/course/timesrooms'); $item->setImage(Icon::create('date', 'clickable')); $item->setDescription(_('Regelmäßige Veranstaltungszeiten, Einzeltermine und Ortsangaben ändern.')); $navigation->addSubNavigation('dates', $item); if (get_config('RESOURCES_ENABLE') && get_config('RESOURCES_ALLOW_ROOM_REQUESTS')) { $item = new Navigation(_('Raumanfragen'), 'dispatch.php/course/room_requests/index/' . $course_id); $item->setImage(Icon::create('resources', 'clickable')); $item->setDescription(_('Raumanfragen zu Veranstaltungszeiten verwalten.')); $navigation->addSubNavigation('room_requests', $item); } $item = new Navigation(_('Zugangsberechtigungen'), 'dispatch.php/course/admission'); $item->setImage(Icon::create('lock-locked', 'clickable')); $item->setDescription(_('Zugangsbeschränkungen, Anmeldeverfahren oder einen Passwortschutz für diese Veranstaltung einrichten.')); $navigation->addSubNavigation('admission', $item); $item = new AutoNavigation(_('Zusatzangaben'), 'dispatch.php/admin/additional'); $item->setImage(Icon::create('add', 'clickable')); $item->setDescription(_('Vorlagen zur Erhebung weiterer Angaben von Teilnehmenden auswählen.')); $navigation->addSubNavigation('additional_data', $item); if ($GLOBALS['perm']->have_perm($sem_create_perm)) { if (!LockRules::check($course_id, 'seminar_copy')) { $item = new Navigation(_('Veranstaltung kopieren'), 'dispatch.php/course/wizard/copy/' . $course_id); $item->setImage(Icon::create('seminar+add', 'clickable')); $main->addSubNavigation('copy', $item); } if (get_config('ALLOW_DOZENT_ARCHIV') || $GLOBALS['perm']->have_perm('admin')) { $item = new Navigation(_('Veranstaltung archivieren'), 'archiv_assi.php'); $item->setImage(Icon::create('seminar+remove', 'clickable')); $main->addSubNavigation('archive', $item); } if ((get_config('ALLOW_DOZENT_VISIBILITY') || $GLOBALS['perm']->have_perm('admin')) && !LockRules::Check($course_id, 'seminar_visibility')) { $is_visible = Course::findCurrent()->visible; $item = new Navigation(_('Sichtbarkeit ändern') . ' (' . ($is_visible ? _('sichtbar') : _('unsichtbar')) . ')', 'dispatch.php/course/management/change_visibility'); $item->setImage(Icon::create('visibility-' . ($is_visible ? 'visible' : 'invisible'), 'clickable')); $main->addSubNavigation('visibility', $item); } if ($GLOBALS['perm']->have_perm('admin')) { $is_locked = Course::findCurrent()->lock_rule; $item = new Navigation(_('Sperrebene ändern') . ' (' . ($is_locked ? _('gesperrt') : _('nicht gesperrt')) . ')', 'dispatch.php/course/management/lock'); $item->setImage(Icon::create('lock-' . ($is_locked ? 'locked' : 'unlocked'), 'clickable'), ['data-dialog' => 'size=auto']); $main->addSubNavigation('lock', $item); } } // show entry for simulated participant view if (in_array($GLOBALS['perm']->get_studip_perm($course_id), words('tutor dozent'))) { $item = new Navigation('Studierendenansicht simulieren', 'dispatch.php/course/change_view?cid=' . Request::option('cid')); $item->setDescription(_('Hier können Sie sich die Veranstaltung aus der Sicht von Studierenden sehen.')); $item->setImage(Icon::create('visibility-invisible', 'clickable')); $main->addSubNavigation('change_view', $item); } } // endif modules only seminars if ($GLOBALS['perm']->have_studip_perm('tutor', $course_id)) { if (get_config('VOTE_ENABLE')) { $item = new Navigation(_('Umfragen und Tests'), 'admin_vote.php?view=vote_sem'); $item->setImage(Icon::create('vote', 'clickable')); $item->setDescription(_('Erstellen und bearbeiten von einfachen Umfragen und Tests.')); $navigation->addSubNavigation('vote', $item); $item = new Navigation(_('Evaluationen'), 'admin_evaluation.php?view=eval_sem'); $item->setImage(Icon::create('evaluation', 'clickable')); $item->setDescription(_('Richten Sie fragebogenbasierte Umfragen und Lehrevaluationen ein.')); $navigation->addSubNavigation('evaluation', $item); } } return array('admin' => $navigation); } else { return array(); } }
function edit_email($user, $email, $force = False) { $msg = ''; $query = "SELECT email, username, auth_plugin\n FROM auth_user_md5\n WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($user->user_id)); $row = $statement->fetch(PDO::FETCH_ASSOC); $email_cur = $row['email']; $username = $row['username']; $auth_plugin = $row['auth_plugin']; if ($email_cur == $email && !$force) { return array(True, $msg); } if (StudipAuthAbstract::CheckField("auth_user_md5.Email", $auth_plugin) || LockRules::check($user->user_id, 'email')) { return array(False, $msg); } if (!$GLOBALS['ALLOW_CHANGE_EMAIL']) { return array(False, $msg); } $validator = new email_validation_class(); ## Klasse zum Ueberpruefen der Eingaben $validator->timeout = 10; $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"]; $Zeit = date("H:i:s, d.m.Y", time()); // accept only registered domains if set $email_restriction = trim(get_config('EMAIL_DOMAIN_RESTRICTION')); if (!$validator->ValidateEmailAddress($email, $email_restriction)) { if ($email_restriction) { $email_restriction_msg_part = ''; $email_restriction_parts = explode(',', $email_restriction); for ($email_restriction_count = 0; $email_restriction_count < count($email_restriction_parts); $email_restriction_count++) { if ($email_restriction_count == count($email_restriction_parts) - 1) { $email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . '<br>'; } else { if (($email_restriction_count + 1) % 3) { $email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . ', '; } else { $email_restriction_msg_part .= '@' . trim($email_restriction_parts[$email_restriction_count]) . ',<br>'; } } } $msg .= 'error§' . sprintf(_("Die E-Mail-Adresse fehlt, ist falsch geschrieben oder gehört nicht zu folgenden Domains:%s"), '<br>' . $email_restriction_msg_part); } else { $msg .= "error§" . _("Die E-Mail-Adresse fehlt oder ist falsch geschrieben!") . "§"; } return array(False, $msg); // E-Mail syntaktisch nicht korrekt oder fehlend } if (!$validator->ValidateEmailHost($email)) { // Mailserver nicht erreichbar, ablehnen $msg .= "error§" . _("Der Mailserver ist nicht erreichbar. Bitte überprüfen Sie, ob Sie E-Mails mit der angegebenen Adresse verschicken können!") . "§"; return array(False, $msg); } else { // Server ereichbar if (!$validator->ValidateEmailBox($email)) { // aber user unbekannt. Mail an abuse! StudipMail::sendAbuseMessage("edit_about", "Emailbox unbekannt\n\nUser: "******"\nEmail: {$email}\n\nIP: {$REMOTE_ADDR}\nZeit: {$Zeit}\n"); $msg .= "error§" . _("Die angegebene E-Mail-Adresse ist nicht erreichbar. Bitte überprüfen Sie Ihre Angaben!") . "§"; return array(False, $msg); } } $query = "SELECT Vorname, Nachname\n FROM auth_user_md5\n WHERE Email = ? AND user_id != ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($email, $user->user_id)); $row = $statement->fetch(PDO::FETCH_ASSOC); if ($row) { $msg .= "error§" . sprintf(_("Die angegebene E-Mail-Adresse wird bereits von einem anderen Benutzer (%s %s) verwendet. Bitte geben Sie eine andere E-Mail-Adresse an."), htmlReady($row['Vorname']), htmlReady($row['Nachname'])) . "§"; return array(False, $msg); } // This already moved to the controller // $query = "UPDATE auth_user_md5 SET Email = ? WHERE user_id = ?"; // $statement = DBManager::get()->prepare($query); // $statement->execute(array($email, $uid)); if (StudipAuthAbstract::CheckField("auth_user_md5.validation_key", $auth_plugin)) { $msg .= "msg§" . _("Ihre E-Mail-Adresse wurde geändert!") . "§"; return array(True, $msg); } else { // auth_plugin does not map validation_key (what if...?) // generate 10 char activation key $key = ''; mt_srand((double) microtime() * 1000000); for ($i = 1; $i <= 10; $i++) { $temp = mt_rand() % 36; if ($temp < 10) { $temp += 48; } else { $temp += 87; } // a = chr(97), z = chr(122) $key .= chr($temp); } $user->validation_key = $key; $activatation_url = $GLOBALS['ABSOLUTE_URI_STUDIP'] . 'activate_email.php?uid=' . $user->user_id . '&key=' . $user->validation_key; // include language-specific subject and mailbody with fallback to german $lang = $GLOBALS['_language_path']; // workaround if ($lang == '') { $lang = 'de'; } include_once "locale/{$lang}/LC_MAILS/change_self_mail.inc.php"; $mail = StudipMail::sendMessage($email, $subject, $mailbody); if (!$mail) { return array(True, $msg); } $query = "UPDATE auth_user_md5 SET validation_key = ? WHERE user_id = ?"; $statement = DBManager::get()->prepare($query); $statement->execute(array($user->validation_key, $user->user_id)); $msg .= "info§<b>" . sprintf(_('An Ihre neue E-Mail-Adresse <b>%s</b> wurde ein Aktivierungslink geschickt, dem Sie folgen müssen bevor Sie sich das nächste mal einloggen können.'), $email) . '</b>§'; log_event("USER_NEWPWD", $user->user_id); // logging } return array(True, $msg); }
"> <? endif ?> <?php echo htmlReady($entry->getName()); ?> <? if ($entry->isEditable() && !LockRules::check($user->user_id, $entry->getId()) && $entry->numberOfHTMLFields() == 1) : ?> </label> <? endif ?> <? if (!$entry->isVisible($user->perms)): ?> <?php echo tooltipIcon(_('Systemfeld (für die Person selbst nicht sichtbar)'), true); ?> <? endif; ?> </td> <td colspan="2"> <? if ($entry->isEditable() && !LockRules::check($user->user_id, $entry->getId())): ?> <?php echo $entry->getHTML('datafields'); ?> <? else: ?> <?php echo formatReady($entry->getDisplayValue(false)); ?> <br> <hr style="background: #888; border: 0; color: #888; height: 1px; "> <?php echo _('(Das Feld ist für die Bearbeitung gesperrt und kann ' . 'nur durch einen Administrator verändert werden.)'); ?> <? endif; ?> </td> </tr>