function LoginCheck($uid)
{
$_course = api_get_course_info();
$uid = (int) $uid;
$online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
if (!empty($uid)) {
$user_ip = '';
if (!empty($_SERVER['REMOTE_ADDR'])) {
$user_ip = Database::escape_string(api_get_real_ip());
}
$login_date = api_get_utc_datetime();
$access_url_id = 1;
if (api_get_multiple_access_url() && api_get_current_access_url_id() != -1) {
$access_url_id = api_get_current_access_url_id();
}
$session_id = api_get_session_id();
// if the $_course array exists this means we are in a course and we have to store this in the who's online table also
// to have the x users in this course feature working
if (is_array($_course) && count($_course) > 0 && !empty($_course['id'])) {
$query = "REPLACE INTO " . $online_table . " (login_id,login_user_id,login_date,user_ip, c_id, session_id, access_url_id)\n VALUES ({$uid},{$uid},'{$login_date}','{$user_ip}', '" . $_course['real_id'] . "' , '{$session_id}' , '{$access_url_id}' )";
} else {
$query = "REPLACE INTO " . $online_table . " (login_id,login_user_id,login_date,user_ip, c_id, session_id, access_url_id)\n VALUES ({$uid},{$uid},'{$login_date}','{$user_ip}', 0, '{$session_id}', '{$access_url_id}')";
}
Database::query($query);
}
}
/**
* Create a session
* @author Carlos Vargas <*****@*****.**>, from existing code
* @param string $name
* @param string $startDate (YYYY-MM-DD hh:mm:ss)
* @param string $endDate (YYYY-MM-DD hh:mm:ss)
* @param string $displayStartDate (YYYY-MM-DD hh:mm:ss)
* @param string $displayEndDate (YYYY-MM-DD hh:mm:ss)
* @param string $coachStartDate (YYYY-MM-DD hh:mm:ss)
* @param string $coachEndDate (YYYY-MM-DD hh:mm:ss)
* @param mixed $coachId If integer, this is the session coach id, if string, the coach ID will be looked for from the user table
* @param integer $sessionCategoryId ID of the session category in which this session is registered
* @param integer $visibility Visibility after end date (0 = read-only, 1 = invisible, 2 = accessible)
* @param bool $fixSessionNameIfExists
* @param string $duration
* @param string $description Optional. The session description
* @param int $showDescription Optional. Whether show the session description
* @param array $extraFields
* @param int $sessionAdminId Optional. If this sessions was created by a session admin, assign it to him
* @param boolean $sendSubscritionNotification Optional.
* Whether send a mail notification to users being subscribed
* @todo use an array to replace all this parameters or use the model.lib.php ...
* @return mixed Session ID on success, error message otherwise
* */
public static function create_session($name, $startDate, $endDate, $displayStartDate, $displayEndDate, $coachStartDate, $coachEndDate, $coachId, $sessionCategoryId, $visibility = 1, $fixSessionNameIfExists = false, $duration = null, $description = null, $showDescription = 0, $extraFields = array(), $sessionAdminId = 0, $sendSubscritionNotification = false)
{
global $_configuration;
//Check portal limits
$access_url_id = 1;
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
}
if (is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_sessions']) && $_configuration[$access_url_id]['hosting_limit_sessions'] > 0) {
$num = self::count_sessions();
if ($num >= $_configuration[$access_url_id]['hosting_limit_sessions']) {
api_warn_hosting_contact('hosting_limit_sessions');
return get_lang('PortalSessionsLimitReached');
}
}
$name = Database::escape_string(trim($name));
$sessionCategoryId = intval($sessionCategoryId);
$visibility = intval($visibility);
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$startDate = Database::escape_string($startDate);
$endDate = Database::escape_string($endDate);
if (empty($name)) {
$msg = get_lang('SessionNameIsRequired');
return $msg;
} elseif (empty($coachId)) {
$msg = get_lang('CoachIsRequired');
return $msg;
} elseif (!empty($startDate) && !api_is_valid_date($startDate, 'Y-m-d H:i') && !api_is_valid_date($startDate, 'Y-m-d H:i:s')) {
$msg = get_lang('InvalidStartDate');
return $msg;
} elseif (!empty($endDate) && !api_is_valid_date($endDate, 'Y-m-d H:i') && !api_is_valid_date($endDate, 'Y-m-d H:i:s')) {
$msg = get_lang('InvalidEndDate');
return $msg;
} elseif (!empty($startDate) && !empty($endDate) && $startDate >= $endDate) {
$msg = get_lang('StartDateShouldBeBeforeEndDate');
return $msg;
} else {
$ready_to_create = false;
if ($fixSessionNameIfExists) {
$name = self::generateNextSessionName($name);
if ($name) {
$ready_to_create = true;
} else {
$msg = get_lang('SessionNameAlreadyExists');
return $msg;
}
} else {
$rs = Database::query("SELECT 1 FROM {$tbl_session} WHERE name='" . $name . "'");
if (Database::num_rows($rs)) {
$msg = get_lang('SessionNameAlreadyExists');
return $msg;
}
$ready_to_create = true;
}
if ($ready_to_create) {
$sessionAdminId = !empty($sessionAdminId) ? $sessionAdminId : api_get_user_id();
$values = array('name' => $name, 'id_coach' => $coachId, 'session_admin_id' => $sessionAdminId, 'visibility' => $visibility, 'description' => $description, 'show_description' => intval($showDescription), 'send_subscription_notification' => $sendSubscritionNotification);
if (!empty($startDate)) {
$values['access_start_date'] = $startDate;
}
if (!empty($endDate)) {
$values['access_end_date'] = $endDate;
}
if (!empty($displayStartDate)) {
$values['display_start_date'] = $displayStartDate;
}
if (!empty($displayEndDate)) {
$values['display_end_date'] = $displayEndDate;
}
if (!empty($coachStartDate)) {
$values['coach_access_start_date'] = $coachStartDate;
}
if (!empty($coachEndDate)) {
$values['coach_access_end_date'] = $coachEndDate;
}
if (!empty($sessionCategoryId)) {
$values['session_category_id'] = $sessionCategoryId;
}
$session_id = Database::insert($tbl_session, $values);
$duration = intval($duration);
if (!empty($duration)) {
$sql = "UPDATE {$tbl_session} SET\n access_start_date = NULL,\n access_end_date = NULL,\n display_start_date = NULL,\n display_end_date = NULL,\n coach_access_start_date = NULL,\n coach_access_end_date = NULL,\n duration = {$duration}\n WHERE id = {$session_id}";
Database::query($sql);
} else {
$sql = "UPDATE {$tbl_session}\n SET duration = 0\n WHERE id = {$session_id}";
Database::query($sql);
}
if (!empty($session_id)) {
$extraFields['item_id'] = $session_id;
$sessionFieldValue = new ExtraFieldValue('session');
$sessionFieldValue->saveFieldValues($extraFields);
/*
Sends a message to the user_id = 1
$user_info = api_get_user_info(1);
$complete_name = $user_info['firstname'].' '.$user_info['lastname'];
$subject = api_get_setting('siteName').' - '.get_lang('ANewSessionWasCreated');
$message = get_lang('ANewSessionWasCreated')." <br /> ".get_lang('NameOfTheSession').' : '.$name;
api_mail_html($complete_name, $user_info['email'], $subject, $message);
*
*/
//Adding to the correct URL
$access_url_id = api_get_current_access_url_id();
UrlManager::add_session_to_url($session_id, $access_url_id);
// add event to system log
$user_id = api_get_user_id();
Event::addEvent(LOG_SESSION_CREATE, LOG_SESSION_ID, $session_id, api_get_utc_datetime(), $user_id);
}
return $session_id;
}
}
}
/**
* Create a session
* @author Carlos Vargas <*****@*****.**>, from existing code
* @param string name
* @param integer Start year (yyyy)
* @param integer Start month (mm)
* @param integer Start day (dd)
* @param integer End year (yyyy)
* @param integer End month (mm)
* @param integer End day (dd)
* @param integer Number of days that the coach can access the session before the start date
* @param integer Number of days that the coach can access the session after the end date
* @param integer If 1, means there are no date limits
* @param mixed If integer, this is the session coach id, if string, the coach ID will be looked for from the user table
* @param integer ID of the session category in which this session is registered
* @param integer Visibility after end date (0 = read-only, 1 = invisible, 2 = accessible)
* @param string Start limit = true if the start date has to be considered
* @param string End limit = true if the end date has to be considered
* @param string $fix_name
* @todo use an array to replace all this parameters or use the model.lib.php ...
* @return mixed Session ID on success, error message otherwise
* */
public static function create_session(
$sname,
$syear_start,
$smonth_start,
$sday_start,
$syear_end,
$smonth_end,
$sday_end,
$snb_days_acess_before,
$snb_days_acess_after,
$nolimit,
$coach_username,
$id_session_category,
$id_visibility,
$start_limit = true,
$end_limit = true,
$fix_name = false,
$duration = null,
$showDescription = null
) {
global $_configuration;
//Check portal limits
$access_url_id = 1;
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
}
if (is_array($_configuration[$access_url_id]) &&
isset($_configuration[$access_url_id]['hosting_limit_sessions']) &&
$_configuration[$access_url_id]['hosting_limit_sessions'] > 0
) {
$num = self::count_sessions();
if ($num >= $_configuration[$access_url_id]['hosting_limit_sessions']) {
api_warn_hosting_contact('hosting_limit_sessions');
return get_lang('PortalSessionsLimitReached');
}
}
$name = Database::escape_string(trim($sname));
$year_start = intval($syear_start);
$month_start = intval($smonth_start);
$day_start = intval($sday_start);
$year_end = intval($syear_end);
$month_end = intval($smonth_end);
$day_end = intval($sday_end);
$nb_days_acess_before = intval($snb_days_acess_before);
$nb_days_acess_after = intval($snb_days_acess_after);
$id_session_category = intval($id_session_category);
$id_visibility = intval($id_visibility);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
if (is_int($coach_username)) {
$id_coach = $coach_username;
} else {
$sql = 'SELECT user_id FROM ' . $tbl_user . ' WHERE username="******"';
$rs = Database::query($sql);
$id_coach = Database::result($rs, 0, 'user_id');
}
if (empty($nolimit)) {
$date_start = "$year_start-" . (($month_start < 10) ? "0$month_start" : $month_start) . "-" . (($day_start < 10) ? "0$day_start" : $day_start);
$date_end = "$year_end-" . (($month_end < 10) ? "0$month_end" : $month_end) . "-" . (($day_end < 10) ? "0$day_end" : $day_end);
} else {
$id_visibility = 1; // by default session visibility is read only
$date_start = "0000-00-00";
$date_end = "0000-00-00";
}
if (empty($end_limit)) {
$date_end = "0000-00-00";
$id_visibility = 1; // by default session visibility is read only
}
if (empty($start_limit)) {
$date_start = "0000-00-00";
}
if (empty($name)) {
$msg = get_lang('SessionNameIsRequired');
return $msg;
} elseif (empty($coach_username)) {
$msg = get_lang('CoachIsRequired');
return $msg;
} elseif (!empty($start_limit) && empty($nolimit) && (!$month_start || !$day_start || !$year_start || !checkdate($month_start, $day_start, $year_start))) {
$msg = get_lang('InvalidStartDate');
return $msg;
} elseif (!empty($end_limit) && empty($nolimit) && (!$month_end || !$day_end || !$year_end || !checkdate($month_end, $day_end, $year_end))) {
$msg = get_lang('InvalidEndDate');
return $msg;
} elseif (!empty($start_limit) && !empty($end_limit) && empty($nolimit) && $date_start >= $date_end) {
$msg = get_lang('StartDateShouldBeBeforeEndDate');
return $msg;
} else {
$ready_to_create = false;
if ($fix_name) {
$name = self::generate_nice_next_session_name($name);
if ($name) {
$ready_to_create = true;
} else {
$msg = get_lang('SessionNameAlreadyExists');
return $msg;
}
} else {
$rs = Database::query("SELECT 1 FROM $tbl_session WHERE name='" . $name . "'");
if (Database::num_rows($rs)) {
$msg = get_lang('SessionNameAlreadyExists');
return $msg;
}
$ready_to_create = true;
}
if ($ready_to_create) {
$sql = "INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id,visibility)
VALUES('" . $name . "','$date_start','$date_end','$id_coach'," . api_get_user_id() . "," . $nb_days_acess_before . ", " . $nb_days_acess_after . ", " . $id_session_category . ", " . $id_visibility . ")";
Database::query($sql);
$session_id = Database::insert_id();
if (self::durationPerUserIsEnabled()) {
$duration = intval($duration);
if (empty($duration)) {
$duration = null;
} else {
$sql = "UPDATE $tbl_session SET
date_start = '0000-00-00',
date_end = '0000-00-00'
WHERE id = $session_id";
Database::query($sql);
}
$sql = "UPDATE $tbl_session
SET duration = '$duration'
WHERE id = $session_id";
Database::query($sql);
}
if (!is_null($showDescription)) {
$showDescription = intval($showDescription);
$sql = "UPDATE $tbl_session
SET show_description = '$showDescription'
WHERE id = $session_id";
Database::query($sql);
}
if (!empty($session_id)) {
/*
Sends a message to the user_id = 1
$user_info = api_get_user_info(1);
$complete_name = $user_info['firstname'].' '.$user_info['lastname'];
$subject = api_get_setting('siteName').' - '.get_lang('ANewSessionWasCreated');
$message = get_lang('ANewSessionWasCreated')." <br /> ".get_lang('NameOfTheSession').' : '.$name;
api_mail_html($complete_name, $user_info['email'], $subject, $message);
*
*/
//Adding to the correct URL
$access_url_id = api_get_current_access_url_id();
UrlManager::add_session_to_url($session_id, $access_url_id);
// add event to system log
$user_id = api_get_user_id();
event_system(LOG_SESSION_CREATE, LOG_SESSION_ID, $session_id, api_get_utc_datetime(), $user_id);
}
return $session_id;
}
}
}
/** Used by the widescale plugin */
static function get_user_data($from, $number_of_items, $column, $direction, $get_count = false)
{
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$select = "SELECT\n u.user_id,\n u.username,\n u.firstname,\n u.lastname,\n ufv1.field_value as exam_password\n ";
if ($get_count) {
$select = "SELECT count(u.user_id) as total_rows";
}
$sql = "{$select} FROM {$user_table} u ";
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.user_id=url_rel_user.user_id)";
}
$extra_fields = array('exam_password', 'exam_room', 'exam_schedule');
$counter = 1;
$where_condition = "";
$and_conditions = array();
foreach ($extra_fields as $keyword_extra_data) {
$extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data);
$field_id = $extra_info['id'];
$table_alias = "ufv{$counter}";
$sql .= " INNER JOIN user_field_values {$table_alias} ON u.user_id = {$table_alias}.user_id AND {$table_alias}.field_id = {$field_id} ";
$counter++;
if ($keyword_extra_data == 'exam_password') {
continue;
}
$keyword_extra_data_text = UserManager::get_extra_user_data_by_field(api_get_user_id(), $extra_info['field_variable']);
$keyword_extra_data_text = $keyword_extra_data_text[$extra_info['field_variable']];
if (!empty($keyword_extra_data_text)) {
$and_conditions[] = " {$table_alias}.field_value LIKE '%" . trim($keyword_extra_data_text) . "%' ";
}
}
if (!empty($and_conditions)) {
$where_condition = implode(' AND ', $and_conditions);
}
if (!empty($where_condition)) {
$sql .= " WHERE {$where_condition} ";
}
$sql .= " AND u.user_id <> " . api_get_user_id();
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$sql .= " AND url_rel_user.access_url_id=" . api_get_current_access_url_id();
}
if (!in_array($direction, array('ASC', 'DESC'))) {
$direction = 'ASC';
}
if (in_array($column, array('username', 'firstname', 'lastname'))) {
$column = $column;
}
$from = intval($from);
$number_of_items = intval($number_of_items);
//Returns counts and exits function
if ($get_count) {
$res = Database::query($sql);
$user = Database::fetch_array($res);
return $user['total_rows'];
}
$sql .= " ORDER BY {$column} {$direction} ";
$sql .= " LIMIT {$from}, {$number_of_items}";
$res = Database::query($sql);
$users = array();
while ($user = Database::fetch_array($res, 'ASSOC')) {
$users[] = $user;
}
return $users;
}
public static function who_is_online_count($time_limit = null, $friends = false)
{
if (empty($time_limit)) {
$time_limit = api_get_setting('time_limit_whosonline');
} else {
$time_limit = intval($time_limit);
}
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$friend_user_table = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$query = '';
$online_time = time() - $time_limit * 60;
$current_date = api_get_utc_datetime($online_time);
if ($friends) {
// who friends from social network is online
$query = "SELECT DISTINCT count(login_user_id) as count\n FROM {$track_online_table} INNER JOIN {$friend_user_table} ON (friend_user_id = login_user_id)\n WHERE login_date >= '{$current_date}' AND friend_user_id <> '" . api_get_user_id() . "' AND relation_type='" . USER_RELATION_TYPE_FRIEND . "' AND user_id = '" . api_get_user_id() . "' ";
} else {
// All users online
$query = "SELECT count(login_id) as count\n FROM {$track_online_table} track INNER JOIN {$table_user} u ON (u.user_id=track.login_user_id)\n WHERE u.status != " . ANONYMOUS . " AND login_date >= '{$current_date}' ";
}
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
if ($friends) {
// friends from social network is online
$query = "SELECT DISTINCT count(login_user_id) as count\n FROM {$track_online_table} track\n INNER JOIN {$friend_user_table} ON (friend_user_id = login_user_id)\n WHERE track.access_url_id = {$access_url_id} AND login_date >= '" . $current_date . "' AND friend_user_id <> '" . api_get_user_id() . "' AND relation_type='" . USER_RELATION_TYPE_FRIEND . "' ";
} else {
// all users online
$query = "SELECT count(login_id) as count FROM {$track_online_table} track\n INNER JOIN {$table_user} u ON (u.user_id=track.login_user_id)\n WHERE u.status != " . ANONYMOUS . " AND track.access_url_id = {$access_url_id} AND login_date >= '{$current_date}' ";
}
}
}
//Dev purposes show all users online
/*$table_user = Database::get_main_table(TABLE_MAIN_USER);
$query = "SELECT count(*) as count FROM ".$table_user ." ";*/
$result = Database::query($query);
if (Database::num_rows($result) > 0) {
$row = Database::fetch_array($result);
return $row['count'];
} else {
return false;
}
}
/**
* Add subscribed users to a user by relation type
* @param int $userId The user id
* @param array $subscribedUsersId The id of suscribed users
* @param action $relationType The relation type
*/
public static function subscribeUsersToUser($userId, $subscribedUsersId, $relationType)
{
$userRelUserTable = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$userRelAccessUrlTable = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$userId = intval($userId);
$relationType = intval($relationType);
$affectedRows = 0;
if (api_get_multiple_access_url()) {
//Deleting assigned users to hrm_id
$sql = "SELECT s.user_id FROM {$userRelUserTable} s " . "INNER JOIN {$userRelAccessUrlTable} a ON (a.user_id = s.user_id) " . "WHERE friend_user_id = {$userId} " . "AND relation_type = {$relationType} " . "AND access_url_id = " . api_get_current_access_url_id() . "";
} else {
$sql = "SELECT user_id FROM {$userRelUserTable} " . "WHERE friend_user_id = {$userId} " . "AND relation_type = {$relationType}";
}
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
while ($row = Database::fetch_array($result)) {
$sql = "DELETE FROM {$userRelUserTable} " . "WHERE user_id = {$row['user_id']} " . "AND friend_user_id = {$userId} " . "AND relation_type = {$relationType}";
Database::query($sql);
}
}
// Inserting new user list
if (is_array($subscribedUsersId)) {
foreach ($subscribedUsersId as $subscribedUserId) {
$subscribedUserId = intval($subscribedUserId);
$sql = "INSERT IGNORE INTO {$userRelUserTable}(user_id, friend_user_id, relation_type) " . "VALUES ({$subscribedUserId}, {$userId}, {$relationType})";
$result = Database::query($sql);
$affectedRows = Database::affected_rows($result);
}
}
return $affectedRows;
}
/**
* Prepares the shared SQL query for the user table.
* See get_user_data() and get_number_of_users().
*
* @param boolean $is_count Whether to count, or get data
* @return string SQL query
*/
function prepare_user_sql_query($is_count)
{
$sql = "";
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
if ($is_count) {
$sql .= "SELECT COUNT(u.id) AS total_number_of_items FROM {$user_table} u";
} else {
$sql .= "SELECT u.id AS col0, u.official_code AS col2, ";
if (api_is_western_name_order()) {
$sql .= "u.firstname AS col3, u.lastname AS col4, ";
} else {
$sql .= "u.lastname AS col3, u.firstname AS col4, ";
}
$sql .= " u.username AS col5,\n u.email AS col6,\n u.status AS col7,\n u.active AS col8,\n u.id AS col9,\n u.registration_date AS col10,\n u.expiration_date AS exp,\n u.password\n FROM {$user_table} u";
}
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.id=url_rel_user.user_id)";
}
$keywordList = array('keyword_firstname', 'keyword_lastname', 'keyword_username', 'keyword_email', 'keyword_officialcode', 'keyword_status', 'keyword_active', 'check_easy_passwords');
$keywordListValues = array();
$atLeastOne = false;
foreach ($keywordList as $keyword) {
$keywordListValues[$keyword] = null;
if (isset($_GET[$keyword]) && !empty($_GET[$keyword])) {
$keywordListValues[$keyword] = $_GET[$keyword];
$atLeastOne = true;
}
}
if ($atLeastOne == false) {
$keywordListValues = array();
}
if (isset($keyword_extra_data) && !empty($keyword_extra_data)) {
$extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data);
$field_id = $extra_info['id'];
$sql .= " INNER JOIN user_field_values ufv ON u.id=ufv.user_id AND ufv.field_id={$field_id} ";
}
if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
$keywordFiltered = Database::escape_string("%" . $_GET['keyword'] . "%");
$sql .= " WHERE (\n u.firstname LIKE '{$keywordFiltered}' OR\n u.lastname LIKE '{$keywordFiltered}' OR\n concat(u.firstname, ' ', u.lastname) LIKE '{$keywordFiltered}' OR\n concat(u.lastname,' ',u.firstname) LIKE '{$keywordFiltered}' OR\n u.username LIKE '{$keywordFiltered}' OR\n u.official_code LIKE '{$keywordFiltered}' OR\n u.email LIKE '{$keywordFiltered}'\n )\n ";
} elseif (isset($keywordListValues) && !empty($keywordListValues)) {
$query_admin_table = '';
$keyword_admin = '';
if (isset($keywordListValues['keyword_status']) && $keywordListValues['keyword_status'] == PLATFORM_ADMIN) {
$query_admin_table = " , {$admin_table} a ";
$keyword_admin = ' AND a.user_id = u.id ';
$keywordListValues['keyword_status'] = '%';
}
$keyword_extra_value = '';
if (isset($keyword_extra_data) && !empty($keyword_extra_data) && !empty($keyword_extra_data_text)) {
$keyword_extra_value = " AND ufv.field_value LIKE '%" . trim($keyword_extra_data_text) . "%' ";
}
$sql .= " {$query_admin_table}\n WHERE (\n u.firstname LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_firstname'] . "%") . "' AND\n u.lastname LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_lastname'] . "%") . "' AND\n u.username LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_username'] . "%") . "' AND\n u.email LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_email'] . "%") . "' AND\n u.official_code LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_officialcode'] . "%") . "' AND\n u.status LIKE '" . Database::escape_string($keywordListValues['keyword_status']) . "'\n {$keyword_admin}\n {$keyword_extra_value}\n ";
if (isset($keyword_active) && !isset($keyword_inactive)) {
$sql .= " AND u.active='1'";
} elseif (isset($keyword_inactive) && !isset($keyword_active)) {
$sql .= " AND u.active='0'";
}
$sql .= " ) ";
}
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$sql .= " AND url_rel_user.access_url_id=" . api_get_current_access_url_id();
}
return $sql;
}
<?php
/* For licensing terms, see /license.txt */
/**
* @package chamilo.admin
* @author Julio Montoya <*****@*****.**>
*/
$cidReset = true;
//require_once '../inc/global.inc.php';
$this_section = SECTION_PLATFORM_ADMIN;
api_protect_global_admin_script();
if (!api_get_multiple_access_url()) {
header('Location: index.php');
exit;
}
// Create the form
$form = new FormValidator('add_url');
if ($form->validate()) {
$check = Security::check_token('post');
if ($check) {
$url_array = $form->getSubmitValues();
$url = Security::remove_XSS($url_array['url']);
$description = Security::remove_XSS($url_array['description']);
$active = intval($url_array['active']);
$url_id = $url_array['id'];
$url_to_go = 'access_urls.php';
if ($url_id != '') {
//we can't change the status of the url with id=1
if ($url_id == 1) {
$active = 1;
}
/**
* Validates the received active connection data with the database
* @return bool Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//get token that should have been used and delete it
//from session since it can only be used once
$sso_challenge = '';
if (isset($_SESSION['sso_challenge'])) {
$sso_challenge = $_SESSION['sso_challenge'];
unset($_SESSION['sso_challenge']);
}
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
if ($sso['secret'] === sha1($uData['username'] . $sso_challenge . api_get_security_key()) && $sso['username'] == $uData['username']) {
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['id']);
} else {
$current_access_url_id = 1;
$my_url_list = array(1);
}
$my_user_is_admin = UserManager::is_admin($uData['id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['id'];
$_user = api_get_user_info($_user['user_id']);
$_user['uidReset'] = true;
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
// Redirect to homepage
$sso_target = '';
if (!empty($sso['ruri'])) {
//The referrer URI is *only* used if
// the user credentials are OK, which
// should be protection enough
// against evil URL spoofing...
$sso_target = api_get_path(WEB_PATH) . base64_decode($sso['ruri']);
} else {
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . 'index.php';
}
header('Location: ' . $sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
Event::event_login($_user['user_id']);
} else {
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
/**
* Move in template.lib
*/
private function loadAdminMenu()
{
$template = $this->get('template');
// Access restrictions.
api_protect_admin_script(true);
// @todo fix register/check version
$message = null;
if (!empty($_POST['Register'])) {
register_site();
$message = \Display::return_message(get_lang('VersionCheckEnabled'), 'confirmation');
}
$blocks = array();
$adminUrl = api_get_path(WEB_CODE_PATH) . 'admin/';
/* Users */
$blocks['users']['icon'] = \Display::return_icon('members.gif', get_lang('Users'), array(), ICON_SIZE_SMALL, false);
$blocks['users']['label'] = api_ucfirst(get_lang('Users'));
if (api_is_platform_admin()) {
$search_form = $this->getSearchForm($adminUrl . 'user_list.php')->return_form();
$blocks['users']['search_form'] = $search_form;
$items = array(array('url' => $adminUrl . 'user_list.php', 'label' => get_lang('UserList')), array('url' => $adminUrl . 'user_add.php', 'label' => get_lang('AddUsers')), array('url' => $adminUrl . 'user_export.php', 'label' => get_lang('ExportUserListXMLCSV')), array('url' => $adminUrl . 'user_import.php', 'label' => get_lang('ImportUserListXMLCSV')));
if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
$items[] = array('url' => $adminUrl . 'ldap_users_list.php', 'label' => get_lang('ImportLDAPUsersIntoPlatform'));
}
$items[] = array('url' => $adminUrl . 'extra_fields.php?type=user', 'label' => get_lang('ManageUserFields'));
$items[] = array('url' => api_get_path(WEB_PUBLIC_PATH) . 'admin/administrator/roles', 'label' => get_lang('Roles'));
} else {
$items = array(array('url' => $adminUrl . 'user_list.php', 'label' => get_lang('UserList')), array('url' => $adminUrl . 'user_add.php', 'label' => get_lang('AddUsers')), array('url' => $adminUrl . 'user_import.php', 'label' => get_lang('ImportUserListXMLCSV')));
}
$blocks['users']['items'] = $items;
$blocks['users']['extra'] = null;
if (api_is_platform_admin()) {
/* Courses */
$blocks['courses']['icon'] = \Display::return_icon('course.gif', get_lang('Courses'), array(), ICON_SIZE_MEDIUM, false);
$blocks['courses']['label'] = api_ucfirst(get_lang('Courses'));
$search_form = $this->getSearchForm($adminUrl . 'course_list.php')->return_form();
$blocks['courses']['search_form'] = $search_form;
$items = array();
$items[] = array('url' => $adminUrl . 'course_list.php', 'label' => get_lang('CourseList'));
if (api_get_setting('course_validation') != 'true') {
$items[] = array('url' => $adminUrl . 'course_add.php', 'label' => get_lang('AddCourse'));
} else {
$items[] = array('url' => $adminUrl . 'course_request_review.php', 'label' => get_lang('ReviewCourseRequests'));
$items[] = array('url' => $adminUrl . 'course_request_accepted.php', 'label' => get_lang('AcceptedCourseRequests'));
$items[] = array('url' => $adminUrl . 'course_request_rejected.php', 'label' => get_lang('RejectedCourseRequests'));
}
$items[] = array('url' => $adminUrl . 'course_export.php', 'label' => get_lang('ExportCourses'));
$items[] = array('url' => $adminUrl . 'course_import.php', 'label' => get_lang('ImportCourses'));
$items[] = array('url' => $adminUrl . 'course_category.php', 'label' => get_lang('AdminCategories'));
$items[] = array('url' => $adminUrl . 'subscribe_user2course.php', 'label' => get_lang('AddUsersToACourse'));
$items[] = array('url' => $adminUrl . 'course_user_import.php', 'label' => get_lang('ImportUsersToACourse'));
$items[] = array('url' => $adminUrl . 'extra_fields.php?type=course', 'label' => get_lang('ManageCourseFields'));
$items[] = array('url' => $adminUrl . 'extra_fields.php?type=question', 'label' => get_lang('ManageQuestionFields'));
if (api_get_setting('gradebook_enable_grade_model') == 'true') {
$items[] = array('url' => $adminUrl . 'grade_models.php', 'label' => get_lang('GradeModel'));
}
if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
$items[] = array('url' => $adminUrl . 'ldap_import_students.php', 'label' => get_lang('ImportLDAPUsersIntoCourse'));
}
$blocks['courses']['items'] = $items;
$blocks['courses']['extra'] = null;
/* Platform */
$blocks['platform']['icon'] = \Display::return_icon('platform.png', get_lang('Platform'), array(), ICON_SIZE_MEDIUM, false);
$blocks['platform']['label'] = api_ucfirst(get_lang('Platform'));
$form = $this->getSearchForm($adminUrl . 'settings.php');
$form->addElement('hidden', 'category', 'search_setting');
$search_form = $form->return_form();
$blocks['platform']['search_form'] = $search_form;
$items = array();
$items[] = array('url' => $adminUrl . 'settings.php', 'label' => get_lang('PlatformConfigSettings'));
$items[] = array('url' => $adminUrl . 'settings.php?category=Plugins', 'label' => get_lang('Plugins'));
$items[] = array('url' => $adminUrl . 'settings.php?category=Regions', 'label' => get_lang('Regions'));
$items[] = array('url' => $adminUrl . 'system_announcements.php', 'label' => get_lang('SystemAnnouncements'));
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'calendar/agenda_js.php?type=admin', 'label' => get_lang('GlobalAgenda'));
$items[] = array('url' => $adminUrl . 'configure_homepage.php', 'label' => get_lang('ConfigureHomePage'));
$items[] = array('url' => $adminUrl . 'configure_inscription.php', 'label' => get_lang('ConfigureInscription'));
$items[] = array('url' => $adminUrl . 'statistics/index.php', 'label' => get_lang('Statistics'));
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'mySpace/company_reports.php', 'label' => get_lang('Reports'));
/* Event settings */
if (api_get_setting('activate_email_template') == 'true') {
$items[] = array('url' => $adminUrl . 'event_controller.php?action=listing', 'label' => get_lang('EventMessageManagement'));
}
if (api_get_multiple_access_url()) {
if (api_is_global_platform_admin()) {
$items[] = array('url' => $adminUrl . 'access_urls.php', 'label' => get_lang('ConfigureMultipleAccessURLs'));
}
}
if (api_get_setting('allow_reservation') == 'true') {
//$items[] = array('url' => $adminUrl.'../reservation/m_category.php', 'label' => get_lang('BookingSystem'));
}
if (api_get_setting('allow_terms_conditions') == 'true') {
$items[] = array('url' => $adminUrl . 'legal_add.php', 'label' => get_lang('TermsAndConditions'));
}
$blocks['platform']['items'] = $items;
$blocks['platform']['extra'] = null;
}
/* Sessions */
$blocks['sessions']['icon'] = \Display::return_icon('session.png', get_lang('Sessions'), array(), ICON_SIZE_SMALL, false);
$blocks['sessions']['label'] = api_ucfirst(get_lang('Sessions'));
$search_form = $this->getSearchForm(api_get_path(WEB_CODE_PATH) . 'session/session_list.php')->return_form();
$blocks['sessions']['search_form'] = $search_form;
$items = array();
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_list.php', 'label' => get_lang('ListSession'));
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_add.php', 'label' => get_lang('AddSession'));
$items[] = array('url' => 'session_category_list.php', 'label' => get_lang('ListSessionCategory'));
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_import.php', 'label' => get_lang('ImportSessionListXMLCSV'));
if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
$items[] = array('url' => $adminUrl . 'ldap_import_students_to_session.php', 'label' => get_lang('ImportLDAPUsersIntoSession'));
}
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_export.php', 'label' => get_lang('ExportSessionListXMLCSV'));
$items[] = array('url' => $adminUrl . '../coursecopy/copy_course_session.php', 'label' => get_lang('CopyFromCourseInSessionToAnotherSession'));
if (api_is_platform_admin()) {
if (is_dir(api_get_path(SYS_TEST_PATH) . 'datafiller/')) {
// option only visible in development mode. Enable through code if required
$items[] = array('url' => $adminUrl . 'user_move_stats.php', 'label' => get_lang('MoveUserStats'));
}
$items[] = array('url' => $adminUrl . 'career_dashboard.php', 'label' => get_lang('CareersAndPromotions'));
}
$items[] = array('url' => $adminUrl . 'usergroups.php', 'label' => get_lang('Classes'));
$items[] = array('url' => $adminUrl . 'exercise_report.php', 'label' => get_lang('ExerciseReport'));
$items[] = array('url' => $adminUrl . 'extra_fields.php?type=session', 'label' => get_lang('ManageSessionFields'));
$blocks['sessions']['items'] = $items;
$blocks['sessions']['extra'] = null;
/* Settings */
if (api_is_platform_admin()) {
$blocks['settings']['icon'] = \Display::return_icon('settings.png', get_lang('System'), array(), ICON_SIZE_SMALL, false);
$blocks['settings']['label'] = api_ucfirst(get_lang('System'));
$items = array();
$items[] = array('url' => $adminUrl . 'special_exports.php', 'label' => get_lang('SpecialExports'));
if (!empty($_configuration['db_admin_path'])) {
$items[] = array('url' => $_configuration['db_admin_path'], 'label' => get_lang('AdminDatabases') . ' (' . get_lang('DBManagementOnlyForServerAdmin') . ') ');
}
$items[] = array('url' => $adminUrl . 'system_status.php', 'label' => get_lang('SystemStatus'));
if (is_dir(api_get_path(SYS_TEST_PATH) . 'datafiller/')) {
$items[] = array('url' => $adminUrl . 'filler.php', 'label' => get_lang('DataFiller'));
}
$items[] = array('url' => $adminUrl . 'archive_cleanup.php', 'label' => get_lang('ArchiveDirCleanup'));
$items[] = array('url' => $adminUrl . 'system_management.php', 'label' => get_lang('SystemManagement'));
$blocks['settings']['items'] = $items;
$blocks['settings']['extra'] = null;
$blocks['settings']['search_form'] = null;
//Skills
if (api_get_setting('allow_skills_tool') == 'true') {
$blocks['skills']['icon'] = \Display::return_icon('logo.png', get_lang('Skills'), array(), ICON_SIZE_SMALL, false);
$blocks['skills']['label'] = get_lang('Skills');
$items = array();
//$items[] = array('url' => $adminUrl.'skills.php', 'label' => get_lang('SkillsTree'));
$items[] = array('url' => $adminUrl . 'skills_wheel.php', 'label' => get_lang('SkillsWheel'));
$items[] = array('url' => $adminUrl . 'skills_import.php', 'label' => get_lang('SkillsImport'));
//$items[] = array('url' => $adminUrl.'skills_profile.php', 'label' => get_lang('SkillsProfile'));
$items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'social/skills_ranking.php', 'label' => get_lang('SkillsRanking'));
$items[] = array('url' => $adminUrl . 'skills_gradebook.php', 'label' => get_lang('SkillsAndGradebooks'));
$blocks['skills']['items'] = $items;
$blocks['skills']['extra'] = null;
$blocks['skills']['search_form'] = null;
}
/** Chamilo.org */
$blocks['chamilo']['icon'] = \Display::return_icon('logo.png', 'Chamilo.org', array(), ICON_SIZE_SMALL, false);
$blocks['chamilo']['label'] = 'Chamilo.org';
$items = array();
$items[] = array('url' => 'http://www.chamilo.org/', 'label' => get_lang('ChamiloHomepage'));
$items[] = array('url' => 'http://www.chamilo.org/forum', 'label' => get_lang('ChamiloForum'));
$items[] = array('url' => '../../documentation/installation_guide.html', 'label' => get_lang('InstallationGuide'));
$items[] = array('url' => '../../documentation/changelog.html', 'label' => get_lang('ChangesInLastVersion'));
$items[] = array('url' => '../../documentation/credits.html', 'label' => get_lang('ContributorsList'));
$items[] = array('url' => '../../documentation/security.html', 'label' => get_lang('SecurityGuide'));
$items[] = array('url' => '../../documentation/optimization.html', 'label' => get_lang('OptimizationGuide'));
$items[] = array('url' => 'http://www.chamilo.org/extensions', 'label' => get_lang('ChamiloExtensions'));
$items[] = array('url' => 'http://www.chamilo.org/en/providers', 'label' => get_lang('ChamiloOfficialServicesProviders'));
$blocks['chamilo']['items'] = $items;
$blocks['chamilo']['extra'] = null;
$blocks['chamilo']['search_form'] = null;
}
$admin_ajax_url = api_get_path(WEB_AJAX_PATH) . 'admin.ajax.php';
$template->assign('web_admin_ajax_url', $admin_ajax_url);
$template->assign('blocks', $blocks);
}
/**
* Gives a list of people online now (and in the last $valid minutes)
* @return array For each line, a list of user IDs and login dates, or FALSE on error or empty results
*/
public static function whoIsOnline($from, $number_of_items, $column = null, $direction = null, $time_limit = null, $friends = false)
{
// Time limit in seconds?
if (empty($time_limit)) {
$time_limit = api_get_setting('display.time_limit_whosonline');
} else {
$time_limit = intval($time_limit);
}
$from = intval($from);
$number_of_items = intval($number_of_items);
if (empty($column)) {
$column = 'picture_uri';
if ($friends) {
$column = 'login_date';
}
}
if (empty($direction)) {
$direction = 'DESC';
} else {
if (!in_array(strtolower($direction), array('asc', 'desc'))) {
$direction = 'DESC';
}
}
$online_time = time() - $time_limit * 60;
$current_date = api_get_utc_datetime($online_time);
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$friend_user_table = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
if ($friends) {
// who friends from social network is online
$query = "SELECT DISTINCT login_user_id, login_date\n\t\t\t\t FROM {$track_online_table} INNER JOIN {$friend_user_table}\n\t\t\t\t ON (friend_user_id = login_user_id)\n\t\t\t\t WHERE\n\t\t\t\t login_date >= '" . $current_date . "' AND\n friend_user_id <> '" . api_get_user_id() . "' AND\n relation_type='" . USER_RELATION_TYPE_FRIEND . "' AND\n user_id = '" . api_get_user_id() . "'\n ORDER BY {$column} {$direction}\n LIMIT {$from}, {$number_of_items}";
} else {
$query = "SELECT DISTINCT login_user_id, login_date\n FROM " . $track_online_table . " e\n\t\t INNER JOIN " . $table_user . " u ON (u.id = e.login_user_id)\n WHERE u.status != " . ANONYMOUS . " AND login_date >= '" . $current_date . "'\n ORDER BY {$column} {$direction}\n LIMIT {$from}, {$number_of_items}";
}
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
if ($friends) {
// friends from social network is online
$query = "SELECT distinct login_user_id, login_date\n\t\t\t\t\t\t\tFROM {$track_online_table} track INNER JOIN {$friend_user_table}\n\t\t\t\t\t\t\tON (friend_user_id = login_user_id)\n\t\t\t\t\t\t\tWHERE track.access_url_id = {$access_url_id} AND\n login_date >= '" . $current_date . "' AND\n friend_user_id <> '" . api_get_user_id() . "' AND\n relation_type='" . USER_RELATION_TYPE_FRIEND . "'\n ORDER BY {$column} {$direction}\n LIMIT {$from}, {$number_of_items}";
} else {
// all users online
$query = "SELECT login_user_id, login_date\n\t\t\t\t\t\t FROM " . $track_online_table . " track\n INNER JOIN " . $table_user . " u\n ON (u.id=track.login_user_id)\n\t\t\t\t\t\t WHERE u.status != " . ANONYMOUS . " AND track.access_url_id = {$access_url_id} AND\n login_date >= '" . $current_date . "'\n ORDER BY {$column} {$direction}\n LIMIT {$from}, {$number_of_items}";
}
}
}
//This query will show all registered users. Only for dev purposes.
/*$query = "SELECT DISTINCT u.id as login_user_id, login_date FROM ".$track_online_table ." e , $table_user u
GROUP by u.id
ORDER BY $column $direction
LIMIT $from, $number_of_items";*/
$result = Database::query($query);
if ($result) {
$users_online = array();
while (list($login_user_id, $login_date) = Database::fetch_row($result)) {
$users_online[] = $login_user_id;
}
return $users_online;
} else {
return false;
}
}
/**
* @return null|string
*/
public function returnMenu()
{
return null;
$navigation = $this->navigation_array;
$navigation = $navigation['navigation'];
// Displaying the tabs
$lang = api_get_user_language();
// Preparing home folder for multiple urls
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$url_info = api_get_current_access_url_info();
$url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
$clean_url = api_replace_dangerous_char($url);
$clean_url = str_replace('/', '-', $clean_url);
$clean_url .= '/';
$homep = $this->app['path.data'] . 'home/' . $clean_url;
//homep for Home Path
//we create the new dir for the new sites
if (!is_dir($homep)) {
mkdir($homep, api_get_permissions_for_new_directories());
}
}
} else {
$homep = $this->app['path.data'] . 'home/';
}
$ext = '.html';
$menutabs = 'home_tabs';
$home_top = '';
if (is_file($homep . $menutabs . '_' . $lang . $ext) && is_readable($homep . $menutabs . '_' . $lang . $ext)) {
$home_top = @(string) file_get_contents($homep . $menutabs . '_' . $lang . $ext);
} elseif (is_file($homep . $menutabs . $lang . $ext) && is_readable($homep . $menutabs . $lang . $ext)) {
$home_top = @(string) file_get_contents($homep . $menutabs . $lang . $ext);
}
$home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
$open = str_replace('{rel_path}', $this->app['path.data'], $home_top);
$open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
$lis = '';
if (!empty($open)) {
if (strpos($open, 'show_menu') === false) {
if (api_is_anonymous()) {
$navigation[SECTION_CAMPUS] = null;
}
} else {
$lis .= $open;
}
}
if (count($navigation) > 0 || !empty($lis)) {
$pre_lis = '';
foreach ($navigation as $section => $navigation_info) {
if (isset($GLOBALS['this_section'])) {
$current = $section == $GLOBALS['this_section'] ? ' id="current" class="active" ' : '';
} else {
$current = '';
}
if (!empty($navigation_info['title'])) {
$pre_lis .= '<li' . $current . ' ><a href="' . $navigation_info['url'] . '" target="_top">' . $navigation_info['title'] . '</a></li>';
}
}
$lis = $pre_lis . $lis;
}
$menu = null;
if (!empty($lis)) {
$menu .= $lis;
}
return $menu;
}
<td><button type="submit" class="<?php
echo $class;
?>
" value="<?php
echo $text;
?>
" ><?php
echo $text;
?>
</button></td>
</tr>
</table>
</form>
<?php
} elseif (api_get_multiple_access_url() && api_get_current_access_url_id() != 1) {
Display::display_error_message(get_lang('CourseCategoriesAreGlobal'));
}
} else {
if ($delError == 0) {
?>
<div class="actions">
<?php
if (!empty($category) && empty($action)) {
$myquery = "SELECT parent_id FROM {$tbl_category} WHERE code='{$category}'";
$result = Database::query($myquery);
$parent_id = 0;
if (Database::num_rows($result) > 0) {
$parent_id = Database::fetch_array($result);
}
$parent_id['parent_id'] ? $link = ' (' . $parent_id['parent_id'] . ')' : ($link = '');
/**
* Return tab of params to display a course title in the My Courses tab
* Check visibility, right, and notification icons, and load_dirs option
* @param $courseId
* @param bool $loadDirs
* @return array
*/
public static function getCourseParamsForDisplay($courseId, $loadDirs = false)
{
$user_id = api_get_user_id();
// Table definitions
$TABLECOURS = Database::get_main_table(TABLE_MAIN_COURSE);
$TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$TABLE_ACCESS_URL_REL_COURSE = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$current_url_id = api_get_current_access_url_id();
// Get course list auto-register
$special_course_list = self::get_special_course_list();
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ("' . implode('","', $special_course_list) . '")';
}
//AND course_rel_user.relation_type<>".COURSE_RELATION_TYPE_RRHH."
$sql = "SELECT course.id, course.title, course.code, course.subscribe subscr, course.unsubscribe unsubscr, course_rel_user.status status,\n course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat\n FROM {$TABLECOURS} course,\n {$TABLECOURSUSER} course_rel_user, " . $TABLE_ACCESS_URL_REL_COURSE . " url\n WHERE course.id=" . intval($courseId) . "\n AND course.id = course_rel_user.c_id\n AND url.c_id = course.id\n AND course_rel_user.user_id = " . intval($user_id) . "\n {$without_special_courses} ";
// If multiple URL access mode is enabled, only fetch courses
// corresponding to the current URL.
if (api_get_multiple_access_url() && $current_url_id != -1) {
$sql .= " AND url.course_code=course.code AND access_url_id=" . intval($current_url_id);
}
// Use user's classification for courses (if any).
$sql .= " ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC";
$result = Database::query($sql);
// Browse through all courses. We can only have one course because of the course.id=".intval($courseId) in sql query
$course = Database::fetch_array($result);
$course_info = api_get_course_info($course['code']);
//$course['id_session'] = null;
$course_info['id_session'] = null;
$course_info['status'] = $course['status'];
// For each course, get if there is any notification icon to show
// (something that would have changed since the user's last visit).
$show_notification = Display::show_notification($course_info);
// New code displaying the user's status in respect to this course.
$status_icon = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
$params = array();
$params['right_actions'] = '';
if (api_is_platform_admin()) {
if ($loadDirs) {
$params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
$params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
$params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
} else {
$params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
}
if ($course_info['status'] == COURSEMANAGER) {
//echo Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'), array('style'=>'width: 11px; height: 11px;'));
}
} else {
if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
if ($loadDirs) {
$params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
$params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
} else {
if ($course_info['status'] == COURSEMANAGER) {
$params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
}
}
}
}
$course_title_url = '';
if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
$course_title_url = api_get_path(WEB_COURSE_PATH) . $course_info['path'] . '/?id_session=0';
$course_title = Display::url($course_info['title'], $course_title_url);
} else {
$course_title = $course_info['title'] . " " . Display::tag('span', get_lang('CourseClosed'), array('class' => 'item_closed'));
}
// Start displaying the course block itself
if (api_get_setting('display_coursecode_in_courselist') == 'true') {
$course_title .= ' (' . $course_info['visual_code'] . ') ';
}
$teachers = '';
if (api_get_setting('display_teacher_in_courselist') == 'true') {
$teachers = CourseManager::get_teacher_list_from_course_code_to_string($course['code'], self::USER_SEPARATOR, true);
}
$params['link'] = $course_title_url;
$params['icon'] = $status_icon;
$params['title'] = $course_title;
$params['teachers'] = $teachers;
if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
$params['notifications'] = $show_notification;
}
return $params;
}
/**
* Get home path
* @return string
*/
function api_get_home_path()
{
$home = 'app/home/';
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
$url_info = api_get_access_url($access_url_id);
$url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
$clean_url = api_replace_dangerous_char($url);
$clean_url = str_replace('/', '-', $clean_url);
$clean_url .= '/';
$home = 'app/home/' . $clean_url;
}
return $home;
}
function api_get_home_path()
{
return null;
$home = 'home/';
$access_url_id = api_get_current_access_url_id();
if (api_get_multiple_access_url() && $access_url_id != -1) {
$url_info = api_get_current_access_url_info();
$url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
$clean_url = api_replace_dangerous_char($url);
$clean_url = str_replace('/', '-', $clean_url);
$clean_url .= '/';
// if $clean_url == "localhost/" means that the multiple URL was not well configured we don't rename the $home variable
if ($clean_url != 'localhost/') {
//$home = 'home/'.$clean_url;
}
$home = 'home/' . $clean_url;
}
return $home;
}
$action = $_GET['action'];
switch ($action) {
case 'add_user_to_url':
$user_id = $_REQUEST['user_id'];
$result = UrlManager::add_user_to_url($user_id, $url_id);
$user_info = api_get_user_info($user_id);
if ($result) {
$message = Display::return_message(get_lang('UserAdded') . ' ' . api_get_person_name($user_info['firstname'], $user_info['lastname']), 'confirm');
}
break;
}
Display::display_header($tool_name);
if (!empty($message)) {
echo $message;
}
$multiple_url_is_on = api_get_multiple_access_url();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
$session_list = SessionManager::get_sessions_list();
$html = '';
$show_users_with_problems = isset($_REQUEST['show_users_with_problems']) && $_REQUEST['show_users_with_problems'] == 1 ? true : false;
if ($show_users_with_problems) {
$html .= '<a href="' . api_get_self() . '?show_users_with_problems=0">' . get_lang('ShowAllUsers') . '</a>';
} else {
$html .= '<a href="' . api_get_self() . '?show_users_with_problems=1">' . get_lang('ShowUsersNotAddedInTheURL') . '</a>';
}
foreach ($session_list as $session_item) {
$session_id = $session_item['id'];
$html .= '<h3>' . $session_item['name'] . '</h3>';
$access_where = "(access_url_id = {$url_id} OR access_url_id is null )";
if ($show_users_with_problems) {
$access_where = "(access_url_id is null)";
/**
* Validates the received active connection data with the database
* @return bool Return the loginFailed variable value to local.inc.php
*/
public function check_user()
{
global $_user;
$loginFailed = false;
//change the way we recover the cookie depending on how it is formed
$sso = $this->decode_cookie($_GET['sso_cookie']);
//error_log('check_user');
//error_log('sso decode cookie: '.print_r($sso,1));
//lookup the user in the main database
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status\n FROM {$user_table}\n WHERE username = '******'username'])) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
//error_log('user exists');
$uData = Database::fetch_array($result);
//Check the user's password
if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
//This user's authentification is managed by Chamilo itself
// check the user's password
// password hash comes already parsed in sha1, md5 or none
/*
error_log($sso['secret']);
error_log($uData['password']);
error_log($sso['username']);
error_log($uData['username']);
*/
global $_configuration;
// Two possible authentication methods here: legacy using password
// and new using a temporary, session-fixed, tempkey
if ($sso['username'] == $uData['username'] && $sso['secret'] === sha1($uData['username'] . Session::read('tempkey') . $_configuration['security_key']) or $sso['secret'] === sha1($uData['password']) && $sso['username'] == $uData['username']) {
//error_log('user n password are ok');
//Check if the account is active (not locked)
if ($uData['active'] == '1') {
// check if the expiration date has not been reached
if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
//If Multiple URL is enabled
if (api_get_multiple_access_url()) {
//Check the access_url configuration setting if
// the user is registered in the access_url_rel_user table
//Getting the current access_url_id of the platform
$current_access_url_id = api_get_current_access_url_id();
// my user is subscribed in these
//sites: $my_url_list
$my_url_list = api_get_access_url_from_user($uData['user_id']);
} else {
$current_access_url_id = 1;
$my_url_list = array(1);
}
$my_user_is_admin = UserManager::is_admin($uData['user_id']);
if ($my_user_is_admin === false) {
if (is_array($my_url_list) && count($my_url_list) > 0) {
if (in_array($current_access_url_id, $my_url_list)) {
// the user has permission to enter at this site
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
event_login();
// Redirect to homepage
$sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . '.index.php';
header('Location: ' . $sso_target);
exit;
} else {
// user does not have permission for this site
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
// there is no URL in the multiple
// urls list for this user
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
} else {
//Only admins of the "main" (first) Chamilo
// portal can login wherever they want
if (in_array(1, $my_url_list)) {
//Check if this admin is admin on the
// principal portal
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
$is_platformAdmin = $uData['status'] == COURSEMANAGER;
Session::write('is_platformAdmin', $is_platformAdmin);
Session::write('_user', $_user);
event_login();
} else {
//Secondary URL admin wants to login
// so we check as a normal user
if (in_array($current_access_url_id, $my_url_list)) {
$_user['user_id'] = $uData['user_id'];
$_user = api_get_user_info($_user['user_id']);
Session::write('_user', $_user);
event_login();
} else {
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
exit;
}
}
}
} else {
// user account expired
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
exit;
}
} else {
//User not active
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
exit;
}
} else {
//SHA1 of password is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
exit;
}
} else {
//Auth_source is wrong
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
exit;
}
} else {
//No user by that login
$loginFailed = true;
Session::erase('_uid');
header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
exit;
}
return $loginFailed;
}
/**
* @param int $user_id
* @param $filter
* @param bool $load_dirs
* @param int $getCount
* @param int $start
* @param null $maxPerPage
* @return null|string
*/
public static function displayCourses($user_id, $filter, $load_dirs, $getCount, $start = null, $maxPerPage = null)
{
// Table definitions
$TABLECOURS = Database::get_main_table(TABLE_MAIN_COURSE);
$TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$TABLE_ACCESS_URL_REL_COURSE = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$current_url_id = api_get_current_access_url_id();
// Get course list auto-register
$special_course_list = self::get_special_course_list();
$without_special_courses = '';
if (!empty($special_course_list)) {
//$without_special_courses = ' AND course.code NOT IN ("'.implode('","',$special_course_list).'")';
}
$select = " SELECT DISTINCT\n course.id,\n course.title,\n course.code,\n course.subscribe subscr,\n course.unsubscribe unsubscr,\n course_rel_user.status status,\n course_rel_user.sort sort,\n course_rel_user.user_course_cat user_course_cat,\n course.id as real_id\n ";
$from = "{$TABLECOURS} course, {$TABLECOURSUSER} course_rel_user, {$TABLE_ACCESS_URL_REL_COURSE} url ";
$where = " course.id = course_rel_user.c_id AND\n url.c_id = course.id AND\n course_rel_user.user_id = '" . $user_id . "' AND\n course_rel_user.user_course_cat = 0\n ";
$order = " ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC";
if ($getCount) {
$select = "SELECT count(course.id) as total";
}
$sql = "{$select} FROM {$from} WHERE {$where} {$without_special_courses} ";
// corresponding to the current URL.
if (api_get_multiple_access_url() && $current_url_id != -1) {
$sql .= " AND url.c_id = course.id AND access_url_id='" . $current_url_id . "'";
}
$sql .= $order;
if (isset($start) && isset($maxPerPage)) {
$start = intval($start);
$maxPerPage = intval($maxPerPage);
$limitCondition = " LIMIT {$start}, {$maxPerPage}";
$sql .= $limitCondition;
}
if ($getCount) {
$result = Database::query($sql);
$row = Database::fetch_array($result);
return $row['total'];
}
$result = Database::query($sql);
$html = null;
$course_list = array();
// Browse through all courses.
while ($course = Database::fetch_array($result)) {
$course_info = api_get_course_info($course['code']);
$course_info['id_session'] = null;
$course_info['status'] = $course['status'];
//In order to avoid doubles
if (in_array($course_info['real_id'], $course_list)) {
continue;
} else {
$course_list[] = $course_info['real_id'];
}
// For each course, get if there is any notification icon to show
// (something that would have changed since the user's last visit).
$show_notification = Display::show_notification($course_info);
// New code displaying the user's status in respect to this course.
$status_icon = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
$params = array();
$params['right_actions'] = '';
if (api_is_platform_admin()) {
if ($load_dirs) {
$params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
$params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
$params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
} else {
$params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
}
if ($course_info['status'] == COURSEMANAGER) {
//echo Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'), array('style'=>'width: 11px; height: 11px;'));
}
} else {
if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
if ($load_dirs) {
$params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
$params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
} else {
if ($course_info['status'] == COURSEMANAGER) {
$params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
}
}
}
}
$course_title_url = '';
if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
//$course_title_url = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/index.php?id_session=0';
$course_title_url = api_get_path(WEB_COURSE_PATH) . $course_info['code'] . '/index.php?id_session=0';
$course_title = Display::url($course_info['title'], $course_title_url);
} else {
$course_title = $course_info['title'] . " " . Display::tag('span', get_lang('CourseClosed'), array('class' => 'item_closed'));
}
// Start displaying the course block itself
if (api_get_setting('course.display_coursecode_in_courselist') == 'true') {
$course_title .= ' (' . $course_info['visual_code'] . ') ';
}
$teachers = null;
if (api_get_setting('course.display_teacher_in_courselist') == 'true') {
$teachers = $course_info['teacher_list_formatted'];
}
$params['link'] = $course_title_url;
$params['icon'] = $status_icon;
$params['title'] = $course_title;
$params['teachers'] = $teachers;
if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
$params['notifications'] = $show_notification;
}
$is_subcontent = true;
if (empty($user_category_id)) {
$is_subcontent = false;
}
$html .= self::course_item_html($params, $is_subcontent);
}
return $html;
}
function return_menu()
{
$navigation = return_navigation_array();
$navigation = $navigation['navigation'];
// Displaying the tabs
$lang = '';
//el for "Edit Language"
if (!empty($_SESSION['user_language_choice'])) {
$lang = $_SESSION['user_language_choice'];
} elseif (!empty($_SESSION['_user']['language'])) {
$lang = $_SESSION['_user']['language'];
} else {
$lang = get_setting('platformLanguage');
}
//Preparing home folder for multiple urls
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$url_info = api_get_access_url($access_url_id);
$url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
$clean_url = replace_dangerous_char($url);
$clean_url = str_replace('/', '-', $clean_url);
$clean_url .= '/';
$homep = api_get_path(SYS_PATH) . 'home/' . $clean_url;
//homep for Home Path
//we create the new dir for the new sites
if (!is_dir($homep)) {
mkdir($homep, api_get_permissions_for_new_directories());
}
}
} else {
$homep = api_get_path(SYS_PATH) . 'home/';
}
$ext = '.html';
$menutabs = 'home_tabs';
$mtloggedin = 'home_tabs_logged_in';
$home_top = '';
if (is_file($homep . $menutabs . '_' . $lang . $ext) && is_readable($homep . $menutabs . '_' . $lang . $ext)) {
$home_top = @(string) file_get_contents($homep . $menutabs . '_' . $lang . $ext);
} elseif (is_file($homep . $menutabs . $lang . $ext) && is_readable($homep . $menutabs . $lang . $ext)) {
$home_top = @(string) file_get_contents($homep . $menutabs . $lang . $ext);
} else {
//$errorMsg = get_lang('HomePageFilesNotReadable');
}
$home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
$open = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top);
$open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
$open_mtloggedin = '';
if (api_get_user_id() && !api_is_anonymous()) {
if (is_file($homep . $mtloggedin . '_' . $lang . $ext) && is_readable($homep . $mtloggedin . '_' . $lang . $ext)) {
$home_top = @(string) file_get_contents($homep . $mtloggedin . '_' . $lang . $ext);
$home_top = str_replace('::private', '', $home_top);
} elseif (is_file($homep . $mtloggedin . $lang . $ext) && is_readable($homep . $mtloggedin . $lang . $ext)) {
$home_top = @(string) file_get_contents($homep . $mtloggedin . $lang . $ext);
$home_top = str_replace('::private', '', $home_top);
} else {
//$errorMsg = get_lang('HomePageFilesNotReadable');
}
$home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
$open_mtloggedin = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top);
$open_mtloggedin = api_to_system_encoding($open_mtloggedin, api_detect_encoding(strip_tags($open_mtloggedin)));
}
$lis = '';
if (!empty($open) or !empty($open_mtloggedin)) {
if (strpos($open . $open_mtloggedin, 'show_menu') === false) {
if (api_is_anonymous()) {
$navigation[SECTION_CAMPUS] = null;
}
} else {
//$lis .= Display::tag('li', $open);
if (api_get_user_id() && !api_is_anonymous()) {
$lis .= $open_mtloggedin;
} else {
$lis .= $open;
}
}
}
if (count($navigation) > 0 || !empty($lis)) {
$pre_lis = '';
foreach ($navigation as $section => $navigation_info) {
$key = !empty($navigation_info['key']) ? 'tab-' . $navigation_info['key'] : '';
if (isset($GLOBALS['this_section'])) {
$current = $section == $GLOBALS['this_section'] ? ' id="current" class="active ' . $key . '" ' : ' class="' . $key . '"';
} else {
$current = '';
}
if (!empty($navigation_info['title'])) {
$pre_lis .= '<li' . $current . '><a href="' . $navigation_info['url'] . '" target="_top">' . $navigation_info['title'] . '</a></li>';
}
}
$lis = $pre_lis . $lis;
}
$menu = null;
if (!empty($lis)) {
$menu .= $lis;
}
return $menu;
}
/**
* Get the total number of users on the platform
* @return int The number of users
* @see SortableTable#get_total_number_of_items()
*/
function get_number_of_users()
{
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT COUNT(u.user_id) AS total_number_of_items FROM {$user_table} u";
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.user_id=url_rel_user.user_id)";
}
if (isset($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE (u.firstname LIKE '%{$keyword}%' OR\n u.lastname LIKE '%{$keyword}%' OR\n concat(u.firstname,' ',u.lastname) LIKE '%{$keyword}%' OR\n concat(u.lastname,' ',u.firstname) LIKE '%{$keyword}%' OR\n u.username LIKE '%{$keyword}%' OR\n u.email LIKE '%{$keyword}%' OR\n u.official_code LIKE '%{$keyword}%') ";
}
$res = Database::query($sql);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
/**
* Get home path
* @return string
*/
function api_get_home_path()
{
// FIX : Start the routing determination from central path definition
$home = api_get_path(SYS_HOME_PATH);
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
$url_info = api_get_access_url($access_url_id);
$url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
$clean_url = api_replace_dangerous_char($url);
$clean_url = str_replace('/', '-', $clean_url);
$clean_url .= '/';
if ($clean_url != 'localhost/') {
return "{$home}{$clean_url}";
}
}
return $home;
}
$form->setDefaults($categoryInfo);
$form->addButtonSave($text);
} else {
$class = "add";
$text = get_lang('AddCategory');
$form->setDefaults(array('auth_course_child' => 'TRUE'));
$form->addButtonCreate($text);
}
$form->display();
} elseif (api_get_multiple_access_url() && api_get_current_access_url_id() != 1) {
// If multiple URLs and not main URL, prevent edition and inform user
Display::display_warning_message(get_lang('CourseCategoriesAreGlobal'));
}
} else {
// If multiple URLs and not main URL, prevent deletion and inform user
if ($action == 'delete' && api_get_multiple_access_url() && api_get_current_access_url_id() != 1) {
Display::display_warning_message(get_lang('CourseCategoriesAreGlobal'));
}
echo '<div class="actions">';
$link = null;
if (!empty($parentInfo)) {
$parentCode = $parentInfo['parent_id'];
echo Display::url(Display::return_icon('back.png', get_lang("Back"), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . 'admin/course_category.php?category=' . $parentCode);
}
if (empty($parentInfo) || $parentInfo['auth_cat_child'] == 'TRUE') {
echo Display::url(Display::return_icon('new_folder.png', get_lang("AddACategory"), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . 'admin/course_category.php?action=add&category=' . Security::remove_XSS($category));
}
echo '</div>';
if (!empty($parentInfo)) {
echo Display::page_subheader($parentInfo['name'] . ' (' . $parentInfo['code'] . ')');
}
/**
* Get the users to display on the current page (fill the sortable-table)
* @param int offset of first user to recover
* @param int Number of users to get
* @param int Column to sort on
* @param string Order (ASC,DESC)
* @param bool
* @see SortableTable#get_table_data($from)
*/
function get_user_data($from, $number_of_items, $column, $direction, $get_count = false)
{
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
$select = "SELECT\n u.user_id\t\t\t\tAS col0,\n u.official_code\t\tAS col2,\n\t\t\t\t " . (api_is_western_name_order() ? "u.firstname \t\t\tAS col3,\n u.lastname \t\t\tAS col4," : "u.lastname \t\t\tAS col3,\n u.firstname \t\t\tAS col4,") . "\n u.username\t\t\t\tAS col5,\n u.email\t\t\t\tAS col6,\n u.status\t\t\t\tAS col7,\n u.active\t\t\t\tAS col8,\n u.user_id\t\t\t\tAS col9,\n u.registration_date AS col10,\n u.expiration_date AS exp,\n u.password\n ";
if ($get_count) {
$select = "SELECT count(u.user_id) as total_rows";
}
$sql = "{$select} FROM {$user_table} u ";
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.user_id=url_rel_user.user_id)";
}
if (isset($_GET['keyword_extra_data'])) {
$keyword_extra_data = Database::escape_string($_GET['keyword_extra_data']);
if (!empty($keyword_extra_data)) {
$extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data);
$field_id = $extra_info['id'];
$sql .= " INNER JOIN user_field_values ufv ON u.user_id=ufv.user_id AND ufv.field_id={$field_id} ";
}
}
if (isset($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE (u.firstname LIKE '%" . $keyword . "%' OR u.lastname LIKE '%" . $keyword . "%' OR concat(u.firstname,' ',u.lastname) LIKE '%" . $keyword . "%' OR concat(u.lastname,' ',u.firstname) LIKE '%" . $keyword . "%' OR u.username LIKE '%" . $keyword . "%' OR u.official_code LIKE '%" . $keyword . "%' OR u.email LIKE '%" . $keyword . "%' )";
} elseif (isset($_GET['keyword_firstname'])) {
$keyword_firstname = Database::escape_string($_GET['keyword_firstname']);
$keyword_lastname = Database::escape_string($_GET['keyword_lastname']);
$keyword_email = Database::escape_string($_GET['keyword_email']);
$keyword_officialcode = Database::escape_string($_GET['keyword_officialcode']);
$keyword_username = Database::escape_string($_GET['keyword_username']);
$keyword_status = Database::escape_string($_GET['keyword_status']);
$query_admin_table = '';
$and_conditions = array();
if ($keyword_status == SESSIONADMIN) {
$keyword_status = '%';
$query_admin_table = " , {$admin_table} a ";
$and_conditions[] = ' a.user_id = u.user_id ';
}
if (isset($_GET['keyword_extra_data'])) {
if (!empty($_GET['keyword_extra_data']) && !empty($_GET['keyword_extra_data_text'])) {
$keyword_extra_data_text = Database::escape_string($_GET['keyword_extra_data_text']);
$and_conditions[] = " ufv.field_value LIKE '%" . trim($keyword_extra_data_text) . "%' ";
}
}
$keyword_active = isset($_GET['keyword_active']);
$keyword_inactive = isset($_GET['keyword_inactive']);
$sql .= $query_admin_table . " WHERE ( ";
if (!empty($keyword_firstname)) {
$and_conditions[] = "u.firstname LIKE '%" . $keyword_firstname . "%' ";
}
if (!empty($keyword_lastname)) {
$and_conditions[] = "u.lastname LIKE '%" . $keyword_lastname . "%' ";
}
if (!empty($keyword_username)) {
$and_conditions[] = "u.username LIKE '%" . $keyword_username . "%' ";
}
if (!empty($keyword_email)) {
$and_conditions[] = "u.email LIKE '%" . $keyword_email . "%' ";
}
if (!empty($keyword_officialcode)) {
$and_conditions[] = "u.official_code LIKE '%" . $keyword_officialcode . "%' ";
}
if (!empty($keyword_status)) {
$and_conditions[] = "u.status LIKE '" . $keyword_status . "' ";
}
if ($keyword_active && !$keyword_inactive) {
$and_conditions[] = " u.active='1' ";
} elseif ($keyword_inactive && !$keyword_active) {
$and_conditions[] = " u.active='0' ";
}
if (!empty($and_conditions)) {
$sql .= implode(' AND ', $and_conditions);
}
$sql .= " ) ";
}
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
$sql .= " AND url_rel_user.access_url_id=" . api_get_current_access_url_id();
}
$checkPassStrength = isset($_GET['check_easy_passwords']) && $_GET['check_easy_passwords'] == 1 ? true : false;
if ($checkPassStrength) {
$easyPasswordList = api_get_easy_password_list();
$easyPasswordList = array_map('api_get_encrypted_password', $easyPasswordList);
$easyPasswordList = array_map(array('Database', 'escape_string'), $easyPasswordList);
$easyPassword = implode("' OR password LIKE '", $easyPasswordList);
$sql .= "AND password LIKE '{$easyPassword}' ";
}
if (!in_array($direction, array('ASC', 'DESC'))) {
$direction = 'ASC';
}
$column = intval($column);
$from = intval($from);
$number_of_items = intval($number_of_items);
// Returns counts and exits function.
if ($get_count) {
$res = Database::query($sql);
$user = Database::fetch_array($res);
return $user['total_rows'];
}
$sql .= " ORDER BY col{$column} {$direction} ";
$sql .= " LIMIT {$from},{$number_of_items}";
$res = Database::query($sql);
$users = array();
$t = time();
while ($user = Database::fetch_row($res)) {
$userInfo = api_get_user_info($user[0]);
$image_path = UserManager::get_user_picture_path_by_id($user[0], 'web', false, true);
$user_profile = UserManager::get_picture_user($user[0], $image_path['file'], 22, USER_IMAGE_SIZE_SMALL, ' width="22" height="22" ');
if (!api_is_anonymous()) {
$photo = '<center><a href="' . $userInfo['profile_url'] . '" title="' . get_lang('Info') . '">
<img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . $userInfo['complete_name'] . '" title="' . $userInfo['complete_name'] . '" /></a></center>';
} else {
$photo = '<center><img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . $userInfo['complete_name'] . '" title="' . $userInfo['complete_name'] . '" /></center>';
}
if ($user[7] == 1 && $user[10] != '0000-00-00 00:00:00') {
// check expiration date
$expiration_time = api_convert_sql_date($user[10]);
// if expiration date is passed, store a special value for active field
if ($expiration_time < $t) {
$user[7] = '-1';
}
}
// forget about the expiration date field
$users[] = array($user[0], $photo, $user[1], Display::url($user[2], $userInfo['profile_url']), Display::url($user[3], $userInfo['profile_url']), $user[4], $user[5], $user[6], $user[7], api_get_local_time($user[9]), $user[0]);
}
return $users;
}
$subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : null;
$invitationContent = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : null;
SocialManager::send_invitation_friend_user($_REQUEST['user_id'], $subject, $invitationContent);
break;
case 'find_users':
if (api_is_anonymous()) {
echo '';
break;
}
$track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$tbl_my_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_my_user_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_access_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$search = Database::escape_string($_REQUEST['q']);
$access_url_id = api_get_multiple_access_url() == 'true' ? api_get_current_access_url_id() : 1;
$user_id = api_get_user_id();
$is_western_name_order = api_is_western_name_order();
$likeCondition = " AND (firstname LIKE '%{$search}%' OR lastname LIKE '%{$search}%' OR email LIKE '%{$search}%') ";
if (api_get_setting('social.allow_social_tool') == 'true' && api_get_setting('message.allow_message_tool') == 'true') {
// All users
if (api_get_setting('message.allow_send_message_to_all_platform_users') == 'true' || api_is_platform_admin()) {
if ($access_url_id != 0) {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_user} u LEFT JOIN {$tbl_access_url_rel_user} r ON u.user_id = r.user_id\n WHERE\n u.status <> 6 AND\n u.user_id <> {$user_id} AND\n r.access_url_id = {$access_url_id}\n {$likeCondition} ";
} else {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_user} u\n WHERE\n u.status <> 6 AND\n u.user_id <> {$user_id}\n {$likeCondition} ";
}
} else {
//only my contacts
if ($access_url_id != 0) {
$sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n FROM {$tbl_access_url_rel_user} r, {$tbl_my_user_friend} uf\n INNER JOIN {$tbl_my_user} AS u\n ON uf.friend_user_id = u.user_id\n WHERE\n u.status <> 6 AND\n relation_type NOT IN(" . USER_RELATION_TYPE_DELETED . ", " . USER_RELATION_TYPE_RRHH . ") AND\n uf.user_id = {$user_id} AND\n friend_user_id <> {$user_id} AND\n u.user_id = r.user_id AND\n r.access_url_id = {$access_url_id}\n {$likeCondition}";
/**
* Subscribes users to human resource manager (Dashboard feature)
* @param int hr dept id
* @param array Users id
* @param int affected rows
* */
public static function suscribe_users_to_hr_manager($hr_dept_id, $users_id)
{
// Database Table Definitions
$tbl_user_rel_user = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
$tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$hr_dept_id = intval($hr_dept_id);
$affected_rows = 0;
if (api_get_multiple_access_url()) {
//Deleting assigned users to hrm_id
$sql = "SELECT s.user_id FROM $tbl_user_rel_user s
INNER JOIN $tbl_user_rel_access_url a
ON (a.user_id = s.user_id)
WHERE
friend_user_id = $hr_dept_id AND
relation_type = '".USER_RELATION_TYPE_RRHH."' AND
access_url_id = ".api_get_current_access_url_id()."";
} else {
$sql = "SELECT user_id FROM $tbl_user_rel_user
WHERE
friend_user_id = $hr_dept_id AND
relation_type = '".USER_RELATION_TYPE_RRHH."' ";
}
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
while ($row = Database::fetch_array($result)) {
$sql = "DELETE FROM $tbl_user_rel_user
WHERE
user_id = '{$row['user_id']}' AND
friend_user_id = $hr_dept_id AND
relation_type = '".USER_RELATION_TYPE_RRHH."' ";
Database::query($sql);
}
}
// Inserting new user list
if (is_array($users_id)) {
foreach ($users_id as $user_id) {
$user_id = intval($user_id);
$sql = "INSERT IGNORE INTO $tbl_user_rel_user(user_id, friend_user_id, relation_type)
VALUES ('$user_id', $hr_dept_id, '".USER_RELATION_TYPE_RRHH."')";
Database::query($sql);
$affected_rows = Database::affected_rows();
}
}
return $affected_rows;
}