예제 #1
0
function LoginCheck($uid)
{
    $_course = api_get_course_info();
    $uid = (int) $uid;
    $online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
    if (!empty($uid)) {
        $user_ip = '';
        if (!empty($_SERVER['REMOTE_ADDR'])) {
            $user_ip = Database::escape_string(api_get_real_ip());
        }
        $login_date = api_get_utc_datetime();
        $access_url_id = 1;
        if (api_get_multiple_access_url() && api_get_current_access_url_id() != -1) {
            $access_url_id = api_get_current_access_url_id();
        }
        $session_id = api_get_session_id();
        // if the $_course array exists this means we are in a course and we have to store this in the who's online table also
        // to have the x users in this course feature working
        if (is_array($_course) && count($_course) > 0 && !empty($_course['id'])) {
            $query = "REPLACE INTO " . $online_table . " (login_id,login_user_id,login_date,user_ip, c_id, session_id, access_url_id)\n                      VALUES ({$uid},{$uid},'{$login_date}','{$user_ip}', '" . $_course['real_id'] . "' , '{$session_id}' , '{$access_url_id}' )";
        } else {
            $query = "REPLACE INTO " . $online_table . " (login_id,login_user_id,login_date,user_ip, c_id, session_id, access_url_id)\n                      VALUES ({$uid},{$uid},'{$login_date}','{$user_ip}', 0, '{$session_id}', '{$access_url_id}')";
        }
        Database::query($query);
    }
}
예제 #2
0
 /**
  * Create a session
  * @author Carlos Vargas <*****@*****.**>, from existing code
  * @param   string  $name
  * @param   string  $startDate (YYYY-MM-DD hh:mm:ss)
  * @param   string  $endDate (YYYY-MM-DD hh:mm:ss)
  * @param   string  $displayStartDate (YYYY-MM-DD hh:mm:ss)
  * @param   string  $displayEndDate (YYYY-MM-DD hh:mm:ss)
  * @param   string  $coachStartDate (YYYY-MM-DD hh:mm:ss)
  * @param   string  $coachEndDate (YYYY-MM-DD hh:mm:ss)
  * @param   mixed   $coachId If integer, this is the session coach id, if string, the coach ID will be looked for from the user table
  * @param   integer $sessionCategoryId ID of the session category in which this session is registered
  * @param   integer $visibility Visibility after end date (0 = read-only, 1 = invisible, 2 = accessible)
  * @param   bool    $fixSessionNameIfExists
  * @param   string  $duration
  * @param   string  $description Optional. The session description
  * @param   int     $showDescription Optional. Whether show the session description
  * @param   array   $extraFields
  * @param   int     $sessionAdminId Optional. If this sessions was created by a session admin, assign it to him
  * @param boolean $sendSubscritionNotification Optional.
  *          Whether send a mail notification to users being subscribed
  * @todo use an array to replace all this parameters or use the model.lib.php ...
  * @return mixed       Session ID on success, error message otherwise
  * */
 public static function create_session($name, $startDate, $endDate, $displayStartDate, $displayEndDate, $coachStartDate, $coachEndDate, $coachId, $sessionCategoryId, $visibility = 1, $fixSessionNameIfExists = false, $duration = null, $description = null, $showDescription = 0, $extraFields = array(), $sessionAdminId = 0, $sendSubscritionNotification = false)
 {
     global $_configuration;
     //Check portal limits
     $access_url_id = 1;
     if (api_get_multiple_access_url()) {
         $access_url_id = api_get_current_access_url_id();
     }
     if (is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_sessions']) && $_configuration[$access_url_id]['hosting_limit_sessions'] > 0) {
         $num = self::count_sessions();
         if ($num >= $_configuration[$access_url_id]['hosting_limit_sessions']) {
             api_warn_hosting_contact('hosting_limit_sessions');
             return get_lang('PortalSessionsLimitReached');
         }
     }
     $name = Database::escape_string(trim($name));
     $sessionCategoryId = intval($sessionCategoryId);
     $visibility = intval($visibility);
     $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
     $startDate = Database::escape_string($startDate);
     $endDate = Database::escape_string($endDate);
     if (empty($name)) {
         $msg = get_lang('SessionNameIsRequired');
         return $msg;
     } elseif (empty($coachId)) {
         $msg = get_lang('CoachIsRequired');
         return $msg;
     } elseif (!empty($startDate) && !api_is_valid_date($startDate, 'Y-m-d H:i') && !api_is_valid_date($startDate, 'Y-m-d H:i:s')) {
         $msg = get_lang('InvalidStartDate');
         return $msg;
     } elseif (!empty($endDate) && !api_is_valid_date($endDate, 'Y-m-d H:i') && !api_is_valid_date($endDate, 'Y-m-d H:i:s')) {
         $msg = get_lang('InvalidEndDate');
         return $msg;
     } elseif (!empty($startDate) && !empty($endDate) && $startDate >= $endDate) {
         $msg = get_lang('StartDateShouldBeBeforeEndDate');
         return $msg;
     } else {
         $ready_to_create = false;
         if ($fixSessionNameIfExists) {
             $name = self::generateNextSessionName($name);
             if ($name) {
                 $ready_to_create = true;
             } else {
                 $msg = get_lang('SessionNameAlreadyExists');
                 return $msg;
             }
         } else {
             $rs = Database::query("SELECT 1 FROM {$tbl_session} WHERE name='" . $name . "'");
             if (Database::num_rows($rs)) {
                 $msg = get_lang('SessionNameAlreadyExists');
                 return $msg;
             }
             $ready_to_create = true;
         }
         if ($ready_to_create) {
             $sessionAdminId = !empty($sessionAdminId) ? $sessionAdminId : api_get_user_id();
             $values = array('name' => $name, 'id_coach' => $coachId, 'session_admin_id' => $sessionAdminId, 'visibility' => $visibility, 'description' => $description, 'show_description' => intval($showDescription), 'send_subscription_notification' => $sendSubscritionNotification);
             if (!empty($startDate)) {
                 $values['access_start_date'] = $startDate;
             }
             if (!empty($endDate)) {
                 $values['access_end_date'] = $endDate;
             }
             if (!empty($displayStartDate)) {
                 $values['display_start_date'] = $displayStartDate;
             }
             if (!empty($displayEndDate)) {
                 $values['display_end_date'] = $displayEndDate;
             }
             if (!empty($coachStartDate)) {
                 $values['coach_access_start_date'] = $coachStartDate;
             }
             if (!empty($coachEndDate)) {
                 $values['coach_access_end_date'] = $coachEndDate;
             }
             if (!empty($sessionCategoryId)) {
                 $values['session_category_id'] = $sessionCategoryId;
             }
             $session_id = Database::insert($tbl_session, $values);
             $duration = intval($duration);
             if (!empty($duration)) {
                 $sql = "UPDATE {$tbl_session} SET\n                        access_start_date = NULL,\n                        access_end_date = NULL,\n                        display_start_date = NULL,\n                        display_end_date = NULL,\n                        coach_access_start_date = NULL,\n                        coach_access_end_date = NULL,\n                        duration = {$duration}\n                    WHERE id = {$session_id}";
                 Database::query($sql);
             } else {
                 $sql = "UPDATE {$tbl_session}\n                        SET duration = 0\n                        WHERE id = {$session_id}";
                 Database::query($sql);
             }
             if (!empty($session_id)) {
                 $extraFields['item_id'] = $session_id;
                 $sessionFieldValue = new ExtraFieldValue('session');
                 $sessionFieldValue->saveFieldValues($extraFields);
                 /*
                  Sends a message to the user_id = 1
                 
                  $user_info = api_get_user_info(1);
                  $complete_name = $user_info['firstname'].' '.$user_info['lastname'];
                  $subject = api_get_setting('siteName').' - '.get_lang('ANewSessionWasCreated');
                  $message = get_lang('ANewSessionWasCreated')." <br /> ".get_lang('NameOfTheSession').' : '.$name;
                  api_mail_html($complete_name, $user_info['email'], $subject, $message);
                 *
                 */
                 //Adding to the correct URL
                 $access_url_id = api_get_current_access_url_id();
                 UrlManager::add_session_to_url($session_id, $access_url_id);
                 // add event to system log
                 $user_id = api_get_user_id();
                 Event::addEvent(LOG_SESSION_CREATE, LOG_SESSION_ID, $session_id, api_get_utc_datetime(), $user_id);
             }
             return $session_id;
         }
     }
 }
    /**
     * Create a session
     * @author Carlos Vargas <*****@*****.**>, from existing code
     * @param	string 		name
     * @param 	integer		Start year (yyyy)
     * @param 	integer		Start month (mm)
     * @param 	integer		Start day (dd)
     * @param 	integer		End year (yyyy)
     * @param 	integer		End month (mm)
     * @param 	integer		End day (dd)
     * @param 	integer		Number of days that the coach can access the session before the start date
     * @param 	integer		Number of days that the coach can access the session after the end date
     * @param 	integer		If 1, means there are no date limits
     * @param 	mixed		If integer, this is the session coach id, if string, the coach ID will be looked for from the user table
     * @param 	integer		ID of the session category in which this session is registered
     * @param  integer     Visibility after end date (0 = read-only, 1 = invisible, 2 = accessible)
     * @param  string      Start limit = true if the start date has to be considered
     * @param  string      End limit = true if the end date has to be considered
     * @param  string $fix_name
     * @todo use an array to replace all this parameters or use the model.lib.php ...
     * @return mixed       Session ID on success, error message otherwise
     * */
    public static function create_session(
        $sname,
        $syear_start,
        $smonth_start,
        $sday_start,
        $syear_end,
        $smonth_end,
        $sday_end,
        $snb_days_acess_before,
        $snb_days_acess_after,
        $nolimit,
        $coach_username,
        $id_session_category,
        $id_visibility,
        $start_limit = true,
        $end_limit = true,
        $fix_name = false,
        $duration = null,
        $showDescription = null
    ) {
        global $_configuration;

        //Check portal limits
        $access_url_id = 1;

        if (api_get_multiple_access_url()) {
            $access_url_id = api_get_current_access_url_id();
        }

        if (is_array($_configuration[$access_url_id]) &&
            isset($_configuration[$access_url_id]['hosting_limit_sessions']) &&
            $_configuration[$access_url_id]['hosting_limit_sessions'] > 0
        ) {
            $num = self::count_sessions();
            if ($num >= $_configuration[$access_url_id]['hosting_limit_sessions']) {
                api_warn_hosting_contact('hosting_limit_sessions');
                return get_lang('PortalSessionsLimitReached');
            }
        }

        $name = Database::escape_string(trim($sname));
        $year_start = intval($syear_start);
        $month_start = intval($smonth_start);
        $day_start = intval($sday_start);
        $year_end = intval($syear_end);
        $month_end = intval($smonth_end);
        $day_end = intval($sday_end);
        $nb_days_acess_before = intval($snb_days_acess_before);
        $nb_days_acess_after = intval($snb_days_acess_after);
        $id_session_category = intval($id_session_category);
        $id_visibility = intval($id_visibility);
        $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
        $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);

        if (is_int($coach_username)) {
            $id_coach = $coach_username;
        } else {
            $sql = 'SELECT user_id FROM ' . $tbl_user . ' WHERE username="******"';
            $rs = Database::query($sql);
            $id_coach = Database::result($rs, 0, 'user_id');
        }

        if (empty($nolimit)) {
            $date_start = "$year_start-" . (($month_start < 10) ? "0$month_start" : $month_start) . "-" . (($day_start < 10) ? "0$day_start" : $day_start);
            $date_end = "$year_end-" . (($month_end < 10) ? "0$month_end" : $month_end) . "-" . (($day_end < 10) ? "0$day_end" : $day_end);
        } else {
            $id_visibility = 1; // by default session visibility is read only
            $date_start = "0000-00-00";
            $date_end = "0000-00-00";
        }

        if (empty($end_limit)) {
            $date_end = "0000-00-00";
            $id_visibility = 1; // by default session visibility is read only
        }

        if (empty($start_limit)) {
            $date_start = "0000-00-00";
        }

        if (empty($name)) {
            $msg = get_lang('SessionNameIsRequired');
            return $msg;
        } elseif (empty($coach_username)) {
            $msg = get_lang('CoachIsRequired');
            return $msg;
        } elseif (!empty($start_limit) && empty($nolimit) && (!$month_start || !$day_start || !$year_start || !checkdate($month_start, $day_start, $year_start))) {
            $msg = get_lang('InvalidStartDate');
            return $msg;
        } elseif (!empty($end_limit) && empty($nolimit) && (!$month_end || !$day_end || !$year_end || !checkdate($month_end, $day_end, $year_end))) {
            $msg = get_lang('InvalidEndDate');
            return $msg;
        } elseif (!empty($start_limit) && !empty($end_limit) && empty($nolimit) && $date_start >= $date_end) {
            $msg = get_lang('StartDateShouldBeBeforeEndDate');
            return $msg;
        } else {
            $ready_to_create = false;
            if ($fix_name) {
                $name = self::generate_nice_next_session_name($name);
                if ($name) {
                    $ready_to_create = true;
                } else {
                    $msg = get_lang('SessionNameAlreadyExists');
                    return $msg;
                }
            } else {
                $rs = Database::query("SELECT 1 FROM $tbl_session WHERE name='" . $name . "'");
                if (Database::num_rows($rs)) {
                    $msg = get_lang('SessionNameAlreadyExists');
                    return $msg;
                }
                $ready_to_create = true;
            }

            if ($ready_to_create) {
                $sql = "INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id,visibility)
                        VALUES('" . $name . "','$date_start','$date_end','$id_coach'," . api_get_user_id() . "," . $nb_days_acess_before . ", " . $nb_days_acess_after . ", " . $id_session_category . ", " . $id_visibility . ")";
                Database::query($sql);
                $session_id = Database::insert_id();

                if (self::durationPerUserIsEnabled()) {
                    $duration = intval($duration);

                    if (empty($duration)) {
                        $duration = null;
                    } else {
                        $sql = "UPDATE $tbl_session SET
                                  date_start = '0000-00-00',
                                  date_end = '0000-00-00'
                                WHERE id = $session_id";
                        Database::query($sql);
                    }
                    $sql = "UPDATE $tbl_session
                            SET duration = '$duration'
                            WHERE id = $session_id";
                    Database::query($sql);
                }

                if (!is_null($showDescription)) {
                    $showDescription = intval($showDescription);
                    $sql = "UPDATE $tbl_session
                            SET show_description = '$showDescription'
                            WHERE id = $session_id";
                    Database::query($sql);
                }

                if (!empty($session_id)) {
                    /*
                      Sends a message to the user_id = 1

                      $user_info = api_get_user_info(1);
                      $complete_name = $user_info['firstname'].' '.$user_info['lastname'];
                      $subject = api_get_setting('siteName').' - '.get_lang('ANewSessionWasCreated');
                      $message = get_lang('ANewSessionWasCreated')." <br /> ".get_lang('NameOfTheSession').' : '.$name;
                      api_mail_html($complete_name, $user_info['email'], $subject, $message);
                     *
                     */
                    //Adding to the correct URL
                    $access_url_id = api_get_current_access_url_id();
                    UrlManager::add_session_to_url($session_id, $access_url_id);

                    // add event to system log
                    $user_id = api_get_user_id();
                    event_system(LOG_SESSION_CREATE, LOG_SESSION_ID, $session_id, api_get_utc_datetime(), $user_id);
                }
                return $session_id;
            }
        }
    }
예제 #4
0
 /** Used by the widescale plugin */
 static function get_user_data($from, $number_of_items, $column, $direction, $get_count = false)
 {
     $user_table = Database::get_main_table(TABLE_MAIN_USER);
     $select = "SELECT\n                     u.user_id,\n                     u.username,\n                     u.firstname,\n                     u.lastname,\n                     ufv1.field_value as exam_password\n                     ";
     if ($get_count) {
         $select = "SELECT count(u.user_id) as total_rows";
     }
     $sql = "{$select} FROM {$user_table} u ";
     // adding the filter to see the user's only of the current access_url
     if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
         $access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
         $sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.user_id=url_rel_user.user_id)";
     }
     $extra_fields = array('exam_password', 'exam_room', 'exam_schedule');
     $counter = 1;
     $where_condition = "";
     $and_conditions = array();
     foreach ($extra_fields as $keyword_extra_data) {
         $extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data);
         $field_id = $extra_info['id'];
         $table_alias = "ufv{$counter}";
         $sql .= " INNER JOIN user_field_values {$table_alias} ON u.user_id = {$table_alias}.user_id AND {$table_alias}.field_id = {$field_id} ";
         $counter++;
         if ($keyword_extra_data == 'exam_password') {
             continue;
         }
         $keyword_extra_data_text = UserManager::get_extra_user_data_by_field(api_get_user_id(), $extra_info['field_variable']);
         $keyword_extra_data_text = $keyword_extra_data_text[$extra_info['field_variable']];
         if (!empty($keyword_extra_data_text)) {
             $and_conditions[] = " {$table_alias}.field_value LIKE '%" . trim($keyword_extra_data_text) . "%' ";
         }
     }
     if (!empty($and_conditions)) {
         $where_condition = implode(' AND ', $and_conditions);
     }
     if (!empty($where_condition)) {
         $sql .= " WHERE  {$where_condition} ";
     }
     $sql .= " AND u.user_id <> " . api_get_user_id();
     // adding the filter to see the user's only of the current access_url
     if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
         $sql .= " AND url_rel_user.access_url_id=" . api_get_current_access_url_id();
     }
     if (!in_array($direction, array('ASC', 'DESC'))) {
         $direction = 'ASC';
     }
     if (in_array($column, array('username', 'firstname', 'lastname'))) {
         $column = $column;
     }
     $from = intval($from);
     $number_of_items = intval($number_of_items);
     //Returns counts and exits function
     if ($get_count) {
         $res = Database::query($sql);
         $user = Database::fetch_array($res);
         return $user['total_rows'];
     }
     $sql .= " ORDER BY {$column} {$direction} ";
     $sql .= " LIMIT {$from}, {$number_of_items}";
     $res = Database::query($sql);
     $users = array();
     while ($user = Database::fetch_array($res, 'ASSOC')) {
         $users[] = $user;
     }
     return $users;
 }
예제 #5
0
 public static function who_is_online_count($time_limit = null, $friends = false)
 {
     if (empty($time_limit)) {
         $time_limit = api_get_setting('time_limit_whosonline');
     } else {
         $time_limit = intval($time_limit);
     }
     $track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
     $friend_user_table = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
     $query = '';
     $online_time = time() - $time_limit * 60;
     $current_date = api_get_utc_datetime($online_time);
     if ($friends) {
         // 	who friends from social network is online
         $query = "SELECT DISTINCT count(login_user_id) as count\n                      FROM {$track_online_table} INNER JOIN {$friend_user_table} ON (friend_user_id = login_user_id)\n                      WHERE login_date >= '{$current_date}' AND friend_user_id <> '" . api_get_user_id() . "' AND relation_type='" . USER_RELATION_TYPE_FRIEND . "' AND user_id = '" . api_get_user_id() . "' ";
     } else {
         // All users online
         $query = "SELECT count(login_id) as count\n                      FROM {$track_online_table} track INNER JOIN {$table_user} u ON (u.user_id=track.login_user_id)\n                      WHERE u.status != " . ANONYMOUS . " AND login_date >= '{$current_date}'  ";
     }
     if (api_get_multiple_access_url()) {
         $access_url_id = api_get_current_access_url_id();
         if ($access_url_id != -1) {
             if ($friends) {
                 // 	friends from social network is online
                 $query = "SELECT DISTINCT count(login_user_id) as count\n                                FROM {$track_online_table} track\n                                INNER JOIN {$friend_user_table} ON (friend_user_id = login_user_id)\n                                WHERE track.access_url_id = {$access_url_id} AND login_date >= '" . $current_date . "' AND friend_user_id <> '" . api_get_user_id() . "' AND relation_type='" . USER_RELATION_TYPE_FRIEND . "'  ";
             } else {
                 // all users online
                 $query = "SELECT count(login_id) as count FROM {$track_online_table} track\n                              INNER JOIN {$table_user} u ON (u.user_id=track.login_user_id)\n                              WHERE u.status != " . ANONYMOUS . " AND track.access_url_id =  {$access_url_id} AND login_date >= '{$current_date}' ";
             }
         }
     }
     //Dev purposes show all users online
     /*$table_user = Database::get_main_table(TABLE_MAIN_USER);
       $query = "SELECT count(*)  as count FROM ".$table_user ."   ";*/
     $result = Database::query($query);
     if (Database::num_rows($result) > 0) {
         $row = Database::fetch_array($result);
         return $row['count'];
     } else {
         return false;
     }
 }
예제 #6
0
 /**
  * Add subscribed users to a user by relation type
  * @param int $userId The user id
  * @param array $subscribedUsersId The id of suscribed users
  * @param action $relationType The relation type
  */
 public static function subscribeUsersToUser($userId, $subscribedUsersId, $relationType)
 {
     $userRelUserTable = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
     $userRelAccessUrlTable = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
     $userId = intval($userId);
     $relationType = intval($relationType);
     $affectedRows = 0;
     if (api_get_multiple_access_url()) {
         //Deleting assigned users to hrm_id
         $sql = "SELECT s.user_id FROM {$userRelUserTable} s " . "INNER JOIN {$userRelAccessUrlTable} a ON (a.user_id = s.user_id) " . "WHERE friend_user_id = {$userId} " . "AND relation_type = {$relationType} " . "AND access_url_id = " . api_get_current_access_url_id() . "";
     } else {
         $sql = "SELECT user_id FROM {$userRelUserTable} " . "WHERE friend_user_id = {$userId} " . "AND relation_type = {$relationType}";
     }
     $result = Database::query($sql);
     if (Database::num_rows($result) > 0) {
         while ($row = Database::fetch_array($result)) {
             $sql = "DELETE FROM {$userRelUserTable} " . "WHERE user_id = {$row['user_id']} " . "AND friend_user_id = {$userId} " . "AND relation_type = {$relationType}";
             Database::query($sql);
         }
     }
     // Inserting new user list
     if (is_array($subscribedUsersId)) {
         foreach ($subscribedUsersId as $subscribedUserId) {
             $subscribedUserId = intval($subscribedUserId);
             $sql = "INSERT IGNORE INTO {$userRelUserTable}(user_id, friend_user_id, relation_type) " . "VALUES ({$subscribedUserId}, {$userId}, {$relationType})";
             $result = Database::query($sql);
             $affectedRows = Database::affected_rows($result);
         }
     }
     return $affectedRows;
 }
예제 #7
0
/**
 * Prepares the shared SQL query for the user table.
 * See get_user_data() and get_number_of_users().
 *
 * @param boolean $is_count Whether to count, or get data
 * @return string SQL query
 */
function prepare_user_sql_query($is_count)
{
    $sql = "";
    $user_table = Database::get_main_table(TABLE_MAIN_USER);
    $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
    if ($is_count) {
        $sql .= "SELECT COUNT(u.id) AS total_number_of_items FROM {$user_table} u";
    } else {
        $sql .= "SELECT u.id AS col0, u.official_code AS col2, ";
        if (api_is_western_name_order()) {
            $sql .= "u.firstname AS col3, u.lastname AS col4, ";
        } else {
            $sql .= "u.lastname AS col3, u.firstname AS col4, ";
        }
        $sql .= " u.username AS col5,\n                    u.email AS col6,\n                    u.status AS col7,\n                    u.active AS col8,\n                    u.id AS col9,\n                    u.registration_date AS col10,\n                    u.expiration_date AS exp,\n                    u.password\n                FROM {$user_table} u";
    }
    // adding the filter to see the user's only of the current access_url
    if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
        $access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
        $sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.id=url_rel_user.user_id)";
    }
    $keywordList = array('keyword_firstname', 'keyword_lastname', 'keyword_username', 'keyword_email', 'keyword_officialcode', 'keyword_status', 'keyword_active', 'check_easy_passwords');
    $keywordListValues = array();
    $atLeastOne = false;
    foreach ($keywordList as $keyword) {
        $keywordListValues[$keyword] = null;
        if (isset($_GET[$keyword]) && !empty($_GET[$keyword])) {
            $keywordListValues[$keyword] = $_GET[$keyword];
            $atLeastOne = true;
        }
    }
    if ($atLeastOne == false) {
        $keywordListValues = array();
    }
    if (isset($keyword_extra_data) && !empty($keyword_extra_data)) {
        $extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data);
        $field_id = $extra_info['id'];
        $sql .= " INNER JOIN user_field_values ufv ON u.id=ufv.user_id AND ufv.field_id={$field_id} ";
    }
    if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
        $keywordFiltered = Database::escape_string("%" . $_GET['keyword'] . "%");
        $sql .= " WHERE (\n                    u.firstname LIKE '{$keywordFiltered}' OR\n                    u.lastname LIKE '{$keywordFiltered}' OR\n                    concat(u.firstname, ' ', u.lastname) LIKE '{$keywordFiltered}' OR\n                    concat(u.lastname,' ',u.firstname) LIKE '{$keywordFiltered}' OR\n                    u.username LIKE '{$keywordFiltered}' OR\n                    u.official_code LIKE '{$keywordFiltered}' OR\n                    u.email LIKE '{$keywordFiltered}'\n                )\n        ";
    } elseif (isset($keywordListValues) && !empty($keywordListValues)) {
        $query_admin_table = '';
        $keyword_admin = '';
        if (isset($keywordListValues['keyword_status']) && $keywordListValues['keyword_status'] == PLATFORM_ADMIN) {
            $query_admin_table = " , {$admin_table} a ";
            $keyword_admin = ' AND a.user_id = u.id ';
            $keywordListValues['keyword_status'] = '%';
        }
        $keyword_extra_value = '';
        if (isset($keyword_extra_data) && !empty($keyword_extra_data) && !empty($keyword_extra_data_text)) {
            $keyword_extra_value = " AND ufv.field_value LIKE '%" . trim($keyword_extra_data_text) . "%' ";
        }
        $sql .= " {$query_admin_table}\n                WHERE (\n                    u.firstname LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_firstname'] . "%") . "' AND\n                    u.lastname LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_lastname'] . "%") . "' AND\n                    u.username LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_username'] . "%") . "' AND\n                    u.email LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_email'] . "%") . "' AND\n                    u.official_code LIKE '" . Database::escape_string("%" . $keywordListValues['keyword_officialcode'] . "%") . "' AND\n                    u.status LIKE '" . Database::escape_string($keywordListValues['keyword_status']) . "'\n                    {$keyword_admin}\n                    {$keyword_extra_value}\n                ";
        if (isset($keyword_active) && !isset($keyword_inactive)) {
            $sql .= " AND u.active='1'";
        } elseif (isset($keyword_inactive) && !isset($keyword_active)) {
            $sql .= " AND u.active='0'";
        }
        $sql .= " ) ";
    }
    // adding the filter to see the user's only of the current access_url
    if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
        $sql .= " AND url_rel_user.access_url_id=" . api_get_current_access_url_id();
    }
    return $sql;
}
예제 #8
0
<?php

/* For licensing terms, see /license.txt */
/**
 * 	@package chamilo.admin
 * 	@author Julio Montoya <*****@*****.**>
 */
$cidReset = true;
//require_once '../inc/global.inc.php';
$this_section = SECTION_PLATFORM_ADMIN;
api_protect_global_admin_script();
if (!api_get_multiple_access_url()) {
    header('Location: index.php');
    exit;
}
// Create the form
$form = new FormValidator('add_url');
if ($form->validate()) {
    $check = Security::check_token('post');
    if ($check) {
        $url_array = $form->getSubmitValues();
        $url = Security::remove_XSS($url_array['url']);
        $description = Security::remove_XSS($url_array['description']);
        $active = intval($url_array['active']);
        $url_id = $url_array['id'];
        $url_to_go = 'access_urls.php';
        if ($url_id != '') {
            //we can't change the status of the url with id=1
            if ($url_id == 1) {
                $active = 1;
            }
예제 #9
0
 /**
  * Validates the received active connection data with the database
  * @return	bool	Return the loginFailed variable value to local.inc.php
  */
 public function check_user()
 {
     global $_user;
     $loginFailed = false;
     //change the way we recover the cookie depending on how it is formed
     $sso = $this->decode_cookie($_GET['sso_cookie']);
     //get token that should have been used and delete it
     //from session since it can only be used once
     $sso_challenge = '';
     if (isset($_SESSION['sso_challenge'])) {
         $sso_challenge = $_SESSION['sso_challenge'];
         unset($_SESSION['sso_challenge']);
     }
     //lookup the user in the main database
     $user_table = Database::get_main_table(TABLE_MAIN_USER);
     $sql = "SELECT id, username, password, auth_source, active, expiration_date, status\n                FROM {$user_table}\n                WHERE username = '******'username'])) . "'";
     $result = Database::query($sql);
     if (Database::num_rows($result) > 0) {
         $uData = Database::fetch_array($result);
         //Check the user's password
         if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
             if ($sso['secret'] === sha1($uData['username'] . $sso_challenge . api_get_security_key()) && $sso['username'] == $uData['username']) {
                 //Check if the account is active (not locked)
                 if ($uData['active'] == '1') {
                     // check if the expiration date has not been reached
                     if (empty($uData['expiration_date']) or $uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
                         //If Multiple URL is enabled
                         if (api_get_multiple_access_url()) {
                             //Check the access_url configuration setting if the user is registered in the access_url_rel_user table
                             //Getting the current access_url_id of the platform
                             $current_access_url_id = api_get_current_access_url_id();
                             // my user is subscribed in these
                             //sites: $my_url_list
                             $my_url_list = api_get_access_url_from_user($uData['id']);
                         } else {
                             $current_access_url_id = 1;
                             $my_url_list = array(1);
                         }
                         $my_user_is_admin = UserManager::is_admin($uData['id']);
                         if ($my_user_is_admin === false) {
                             if (is_array($my_url_list) && count($my_url_list) > 0) {
                                 if (in_array($current_access_url_id, $my_url_list)) {
                                     // the user has permission to enter at this site
                                     $_user['user_id'] = $uData['id'];
                                     $_user = api_get_user_info($_user['user_id']);
                                     $_user['uidReset'] = true;
                                     Session::write('_user', $_user);
                                     Event::event_login($_user['user_id']);
                                     // Redirect to homepage
                                     $sso_target = '';
                                     if (!empty($sso['ruri'])) {
                                         //The referrer URI is *only* used if
                                         // the user credentials are OK, which
                                         // should be protection enough
                                         // against evil URL spoofing...
                                         $sso_target = api_get_path(WEB_PATH) . base64_decode($sso['ruri']);
                                     } else {
                                         $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . 'index.php';
                                     }
                                     header('Location: ' . $sso_target);
                                     exit;
                                 } else {
                                     // user does not have permission for this site
                                     $loginFailed = true;
                                     Session::erase('_uid');
                                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                     exit;
                                 }
                             } else {
                                 // there is no URL in the multiple
                                 // urls list for this user
                                 $loginFailed = true;
                                 Session::erase('_uid');
                                 header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                 exit;
                             }
                         } else {
                             //Only admins of the "main" (first) Chamilo
                             // portal can login wherever they want
                             if (in_array(1, $my_url_list)) {
                                 //Check if this admin is admin on the
                                 // principal portal
                                 $_user['user_id'] = $uData['id'];
                                 $_user = api_get_user_info($_user['user_id']);
                                 $is_platformAdmin = $uData['status'] == COURSEMANAGER;
                                 Session::write('is_platformAdmin', $is_platformAdmin);
                                 Session::write('_user', $_user);
                                 Event::event_login($_user['user_id']);
                             } else {
                                 //Secondary URL admin wants to login
                                 // so we check as a normal user
                                 if (in_array($current_access_url_id, $my_url_list)) {
                                     $_user['user_id'] = $uData['user_id'];
                                     $_user = api_get_user_info($_user['user_id']);
                                     Session::write('_user', $_user);
                                     Event::event_login($_user['user_id']);
                                 } else {
                                     $loginFailed = true;
                                     Session::erase('_uid');
                                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                     exit;
                                 }
                             }
                         }
                     } else {
                         // user account expired
                         $loginFailed = true;
                         Session::erase('_uid');
                         header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
                         exit;
                     }
                 } else {
                     //User not active
                     $loginFailed = true;
                     Session::erase('_uid');
                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
                     exit;
                 }
             } else {
                 //SHA1 of password is wrong
                 $loginFailed = true;
                 Session::erase('_uid');
                 header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
                 exit;
             }
         } else {
             //Auth_source is wrong
             $loginFailed = true;
             Session::erase('_uid');
             header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
             exit;
         }
     } else {
         //No user by that login
         $loginFailed = true;
         Session::erase('_uid');
         header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
         exit;
     }
     return $loginFailed;
 }
예제 #10
0
 /**
  * Move in template.lib
  */
 private function loadAdminMenu()
 {
     $template = $this->get('template');
     // Access restrictions.
     api_protect_admin_script(true);
     // @todo fix register/check version
     $message = null;
     if (!empty($_POST['Register'])) {
         register_site();
         $message = \Display::return_message(get_lang('VersionCheckEnabled'), 'confirmation');
     }
     $blocks = array();
     $adminUrl = api_get_path(WEB_CODE_PATH) . 'admin/';
     /* Users */
     $blocks['users']['icon'] = \Display::return_icon('members.gif', get_lang('Users'), array(), ICON_SIZE_SMALL, false);
     $blocks['users']['label'] = api_ucfirst(get_lang('Users'));
     if (api_is_platform_admin()) {
         $search_form = $this->getSearchForm($adminUrl . 'user_list.php')->return_form();
         $blocks['users']['search_form'] = $search_form;
         $items = array(array('url' => $adminUrl . 'user_list.php', 'label' => get_lang('UserList')), array('url' => $adminUrl . 'user_add.php', 'label' => get_lang('AddUsers')), array('url' => $adminUrl . 'user_export.php', 'label' => get_lang('ExportUserListXMLCSV')), array('url' => $adminUrl . 'user_import.php', 'label' => get_lang('ImportUserListXMLCSV')));
         if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
             $items[] = array('url' => $adminUrl . 'ldap_users_list.php', 'label' => get_lang('ImportLDAPUsersIntoPlatform'));
         }
         $items[] = array('url' => $adminUrl . 'extra_fields.php?type=user', 'label' => get_lang('ManageUserFields'));
         $items[] = array('url' => api_get_path(WEB_PUBLIC_PATH) . 'admin/administrator/roles', 'label' => get_lang('Roles'));
     } else {
         $items = array(array('url' => $adminUrl . 'user_list.php', 'label' => get_lang('UserList')), array('url' => $adminUrl . 'user_add.php', 'label' => get_lang('AddUsers')), array('url' => $adminUrl . 'user_import.php', 'label' => get_lang('ImportUserListXMLCSV')));
     }
     $blocks['users']['items'] = $items;
     $blocks['users']['extra'] = null;
     if (api_is_platform_admin()) {
         /* Courses */
         $blocks['courses']['icon'] = \Display::return_icon('course.gif', get_lang('Courses'), array(), ICON_SIZE_MEDIUM, false);
         $blocks['courses']['label'] = api_ucfirst(get_lang('Courses'));
         $search_form = $this->getSearchForm($adminUrl . 'course_list.php')->return_form();
         $blocks['courses']['search_form'] = $search_form;
         $items = array();
         $items[] = array('url' => $adminUrl . 'course_list.php', 'label' => get_lang('CourseList'));
         if (api_get_setting('course_validation') != 'true') {
             $items[] = array('url' => $adminUrl . 'course_add.php', 'label' => get_lang('AddCourse'));
         } else {
             $items[] = array('url' => $adminUrl . 'course_request_review.php', 'label' => get_lang('ReviewCourseRequests'));
             $items[] = array('url' => $adminUrl . 'course_request_accepted.php', 'label' => get_lang('AcceptedCourseRequests'));
             $items[] = array('url' => $adminUrl . 'course_request_rejected.php', 'label' => get_lang('RejectedCourseRequests'));
         }
         $items[] = array('url' => $adminUrl . 'course_export.php', 'label' => get_lang('ExportCourses'));
         $items[] = array('url' => $adminUrl . 'course_import.php', 'label' => get_lang('ImportCourses'));
         $items[] = array('url' => $adminUrl . 'course_category.php', 'label' => get_lang('AdminCategories'));
         $items[] = array('url' => $adminUrl . 'subscribe_user2course.php', 'label' => get_lang('AddUsersToACourse'));
         $items[] = array('url' => $adminUrl . 'course_user_import.php', 'label' => get_lang('ImportUsersToACourse'));
         $items[] = array('url' => $adminUrl . 'extra_fields.php?type=course', 'label' => get_lang('ManageCourseFields'));
         $items[] = array('url' => $adminUrl . 'extra_fields.php?type=question', 'label' => get_lang('ManageQuestionFields'));
         if (api_get_setting('gradebook_enable_grade_model') == 'true') {
             $items[] = array('url' => $adminUrl . 'grade_models.php', 'label' => get_lang('GradeModel'));
         }
         if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
             $items[] = array('url' => $adminUrl . 'ldap_import_students.php', 'label' => get_lang('ImportLDAPUsersIntoCourse'));
         }
         $blocks['courses']['items'] = $items;
         $blocks['courses']['extra'] = null;
         /* Platform */
         $blocks['platform']['icon'] = \Display::return_icon('platform.png', get_lang('Platform'), array(), ICON_SIZE_MEDIUM, false);
         $blocks['platform']['label'] = api_ucfirst(get_lang('Platform'));
         $form = $this->getSearchForm($adminUrl . 'settings.php');
         $form->addElement('hidden', 'category', 'search_setting');
         $search_form = $form->return_form();
         $blocks['platform']['search_form'] = $search_form;
         $items = array();
         $items[] = array('url' => $adminUrl . 'settings.php', 'label' => get_lang('PlatformConfigSettings'));
         $items[] = array('url' => $adminUrl . 'settings.php?category=Plugins', 'label' => get_lang('Plugins'));
         $items[] = array('url' => $adminUrl . 'settings.php?category=Regions', 'label' => get_lang('Regions'));
         $items[] = array('url' => $adminUrl . 'system_announcements.php', 'label' => get_lang('SystemAnnouncements'));
         $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'calendar/agenda_js.php?type=admin', 'label' => get_lang('GlobalAgenda'));
         $items[] = array('url' => $adminUrl . 'configure_homepage.php', 'label' => get_lang('ConfigureHomePage'));
         $items[] = array('url' => $adminUrl . 'configure_inscription.php', 'label' => get_lang('ConfigureInscription'));
         $items[] = array('url' => $adminUrl . 'statistics/index.php', 'label' => get_lang('Statistics'));
         $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'mySpace/company_reports.php', 'label' => get_lang('Reports'));
         /* Event settings */
         if (api_get_setting('activate_email_template') == 'true') {
             $items[] = array('url' => $adminUrl . 'event_controller.php?action=listing', 'label' => get_lang('EventMessageManagement'));
         }
         if (api_get_multiple_access_url()) {
             if (api_is_global_platform_admin()) {
                 $items[] = array('url' => $adminUrl . 'access_urls.php', 'label' => get_lang('ConfigureMultipleAccessURLs'));
             }
         }
         if (api_get_setting('allow_reservation') == 'true') {
             //$items[] = array('url' => $adminUrl.'../reservation/m_category.php', 	'label' => get_lang('BookingSystem'));
         }
         if (api_get_setting('allow_terms_conditions') == 'true') {
             $items[] = array('url' => $adminUrl . 'legal_add.php', 'label' => get_lang('TermsAndConditions'));
         }
         $blocks['platform']['items'] = $items;
         $blocks['platform']['extra'] = null;
     }
     /* Sessions */
     $blocks['sessions']['icon'] = \Display::return_icon('session.png', get_lang('Sessions'), array(), ICON_SIZE_SMALL, false);
     $blocks['sessions']['label'] = api_ucfirst(get_lang('Sessions'));
     $search_form = $this->getSearchForm(api_get_path(WEB_CODE_PATH) . 'session/session_list.php')->return_form();
     $blocks['sessions']['search_form'] = $search_form;
     $items = array();
     $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_list.php', 'label' => get_lang('ListSession'));
     $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_add.php', 'label' => get_lang('AddSession'));
     $items[] = array('url' => 'session_category_list.php', 'label' => get_lang('ListSessionCategory'));
     $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_import.php', 'label' => get_lang('ImportSessionListXMLCSV'));
     if (isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap']) > 0) {
         $items[] = array('url' => $adminUrl . 'ldap_import_students_to_session.php', 'label' => get_lang('ImportLDAPUsersIntoSession'));
     }
     $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'session/session_export.php', 'label' => get_lang('ExportSessionListXMLCSV'));
     $items[] = array('url' => $adminUrl . '../coursecopy/copy_course_session.php', 'label' => get_lang('CopyFromCourseInSessionToAnotherSession'));
     if (api_is_platform_admin()) {
         if (is_dir(api_get_path(SYS_TEST_PATH) . 'datafiller/')) {
             // option only visible in development mode. Enable through code if required
             $items[] = array('url' => $adminUrl . 'user_move_stats.php', 'label' => get_lang('MoveUserStats'));
         }
         $items[] = array('url' => $adminUrl . 'career_dashboard.php', 'label' => get_lang('CareersAndPromotions'));
     }
     $items[] = array('url' => $adminUrl . 'usergroups.php', 'label' => get_lang('Classes'));
     $items[] = array('url' => $adminUrl . 'exercise_report.php', 'label' => get_lang('ExerciseReport'));
     $items[] = array('url' => $adminUrl . 'extra_fields.php?type=session', 'label' => get_lang('ManageSessionFields'));
     $blocks['sessions']['items'] = $items;
     $blocks['sessions']['extra'] = null;
     /* Settings */
     if (api_is_platform_admin()) {
         $blocks['settings']['icon'] = \Display::return_icon('settings.png', get_lang('System'), array(), ICON_SIZE_SMALL, false);
         $blocks['settings']['label'] = api_ucfirst(get_lang('System'));
         $items = array();
         $items[] = array('url' => $adminUrl . 'special_exports.php', 'label' => get_lang('SpecialExports'));
         if (!empty($_configuration['db_admin_path'])) {
             $items[] = array('url' => $_configuration['db_admin_path'], 'label' => get_lang('AdminDatabases') . ' (' . get_lang('DBManagementOnlyForServerAdmin') . ') ');
         }
         $items[] = array('url' => $adminUrl . 'system_status.php', 'label' => get_lang('SystemStatus'));
         if (is_dir(api_get_path(SYS_TEST_PATH) . 'datafiller/')) {
             $items[] = array('url' => $adminUrl . 'filler.php', 'label' => get_lang('DataFiller'));
         }
         $items[] = array('url' => $adminUrl . 'archive_cleanup.php', 'label' => get_lang('ArchiveDirCleanup'));
         $items[] = array('url' => $adminUrl . 'system_management.php', 'label' => get_lang('SystemManagement'));
         $blocks['settings']['items'] = $items;
         $blocks['settings']['extra'] = null;
         $blocks['settings']['search_form'] = null;
         //Skills
         if (api_get_setting('allow_skills_tool') == 'true') {
             $blocks['skills']['icon'] = \Display::return_icon('logo.png', get_lang('Skills'), array(), ICON_SIZE_SMALL, false);
             $blocks['skills']['label'] = get_lang('Skills');
             $items = array();
             //$items[] = array('url' => $adminUrl.'skills.php',           'label' => get_lang('SkillsTree'));
             $items[] = array('url' => $adminUrl . 'skills_wheel.php', 'label' => get_lang('SkillsWheel'));
             $items[] = array('url' => $adminUrl . 'skills_import.php', 'label' => get_lang('SkillsImport'));
             //$items[] = array('url' => $adminUrl.'skills_profile.php',   'label' => get_lang('SkillsProfile'));
             $items[] = array('url' => api_get_path(WEB_CODE_PATH) . 'social/skills_ranking.php', 'label' => get_lang('SkillsRanking'));
             $items[] = array('url' => $adminUrl . 'skills_gradebook.php', 'label' => get_lang('SkillsAndGradebooks'));
             $blocks['skills']['items'] = $items;
             $blocks['skills']['extra'] = null;
             $blocks['skills']['search_form'] = null;
         }
         /** Chamilo.org */
         $blocks['chamilo']['icon'] = \Display::return_icon('logo.png', 'Chamilo.org', array(), ICON_SIZE_SMALL, false);
         $blocks['chamilo']['label'] = 'Chamilo.org';
         $items = array();
         $items[] = array('url' => 'http://www.chamilo.org/', 'label' => get_lang('ChamiloHomepage'));
         $items[] = array('url' => 'http://www.chamilo.org/forum', 'label' => get_lang('ChamiloForum'));
         $items[] = array('url' => '../../documentation/installation_guide.html', 'label' => get_lang('InstallationGuide'));
         $items[] = array('url' => '../../documentation/changelog.html', 'label' => get_lang('ChangesInLastVersion'));
         $items[] = array('url' => '../../documentation/credits.html', 'label' => get_lang('ContributorsList'));
         $items[] = array('url' => '../../documentation/security.html', 'label' => get_lang('SecurityGuide'));
         $items[] = array('url' => '../../documentation/optimization.html', 'label' => get_lang('OptimizationGuide'));
         $items[] = array('url' => 'http://www.chamilo.org/extensions', 'label' => get_lang('ChamiloExtensions'));
         $items[] = array('url' => 'http://www.chamilo.org/en/providers', 'label' => get_lang('ChamiloOfficialServicesProviders'));
         $blocks['chamilo']['items'] = $items;
         $blocks['chamilo']['extra'] = null;
         $blocks['chamilo']['search_form'] = null;
     }
     $admin_ajax_url = api_get_path(WEB_AJAX_PATH) . 'admin.ajax.php';
     $template->assign('web_admin_ajax_url', $admin_ajax_url);
     $template->assign('blocks', $blocks);
 }
예제 #11
0
 /**
  * Gives a list of people online now (and in the last $valid minutes)
  * @return  array       For each line, a list of user IDs and login dates, or FALSE on error or empty results
  */
 public static function whoIsOnline($from, $number_of_items, $column = null, $direction = null, $time_limit = null, $friends = false)
 {
     // Time limit in seconds?
     if (empty($time_limit)) {
         $time_limit = api_get_setting('display.time_limit_whosonline');
     } else {
         $time_limit = intval($time_limit);
     }
     $from = intval($from);
     $number_of_items = intval($number_of_items);
     if (empty($column)) {
         $column = 'picture_uri';
         if ($friends) {
             $column = 'login_date';
         }
     }
     if (empty($direction)) {
         $direction = 'DESC';
     } else {
         if (!in_array(strtolower($direction), array('asc', 'desc'))) {
             $direction = 'DESC';
         }
     }
     $online_time = time() - $time_limit * 60;
     $current_date = api_get_utc_datetime($online_time);
     $track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
     $friend_user_table = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
     $table_user = Database::get_main_table(TABLE_MAIN_USER);
     if ($friends) {
         // 	who friends from social network is online
         $query = "SELECT DISTINCT login_user_id, login_date\n\t\t\t\t  FROM {$track_online_table} INNER JOIN {$friend_user_table}\n\t\t\t\t  ON (friend_user_id = login_user_id)\n\t\t\t\t  WHERE\n\t\t\t\t    login_date >= '" . $current_date . "' AND\n                    friend_user_id <> '" . api_get_user_id() . "' AND\n                    relation_type='" . USER_RELATION_TYPE_FRIEND . "' AND\n                    user_id = '" . api_get_user_id() . "'\n                  ORDER BY {$column} {$direction}\n                  LIMIT {$from}, {$number_of_items}";
     } else {
         $query = "SELECT DISTINCT login_user_id, login_date\n                    FROM " . $track_online_table . " e\n\t\t            INNER JOIN " . $table_user . " u ON (u.id = e.login_user_id)\n                  WHERE u.status != " . ANONYMOUS . " AND login_date >= '" . $current_date . "'\n                  ORDER BY {$column} {$direction}\n                  LIMIT {$from}, {$number_of_items}";
     }
     if (api_get_multiple_access_url()) {
         $access_url_id = api_get_current_access_url_id();
         if ($access_url_id != -1) {
             if ($friends) {
                 // 	friends from social network is online
                 $query = "SELECT distinct login_user_id, login_date\n\t\t\t\t\t\t\tFROM {$track_online_table} track INNER JOIN {$friend_user_table}\n\t\t\t\t\t\t\tON (friend_user_id = login_user_id)\n\t\t\t\t\t\t\tWHERE   track.access_url_id =  {$access_url_id} AND\n                                    login_date >= '" . $current_date . "' AND\n                                    friend_user_id <> '" . api_get_user_id() . "' AND\n                                    relation_type='" . USER_RELATION_TYPE_FRIEND . "'\n                            ORDER BY {$column} {$direction}\n                            LIMIT {$from}, {$number_of_items}";
             } else {
                 // all users online
                 $query = "SELECT login_user_id, login_date\n\t\t\t\t\t\t  FROM " . $track_online_table . " track\n                          INNER JOIN " . $table_user . " u\n                          ON (u.id=track.login_user_id)\n\t\t\t\t\t\t  WHERE u.status != " . ANONYMOUS . " AND track.access_url_id =  {$access_url_id} AND\n                                login_date >= '" . $current_date . "'\n                          ORDER BY {$column} {$direction}\n                          LIMIT {$from}, {$number_of_items}";
             }
         }
     }
     //This query will show all registered users. Only for dev purposes.
     /*$query = "SELECT DISTINCT u.id as login_user_id, login_date FROM ".$track_online_table ."  e , $table_user u
       GROUP by u.id
       ORDER BY $column $direction
       LIMIT $from, $number_of_items";*/
     $result = Database::query($query);
     if ($result) {
         $users_online = array();
         while (list($login_user_id, $login_date) = Database::fetch_row($result)) {
             $users_online[] = $login_user_id;
         }
         return $users_online;
     } else {
         return false;
     }
 }
예제 #12
0
 /**
  * @return null|string
  */
 public function returnMenu()
 {
     return null;
     $navigation = $this->navigation_array;
     $navigation = $navigation['navigation'];
     // Displaying the tabs
     $lang = api_get_user_language();
     // Preparing home folder for multiple urls
     if (api_get_multiple_access_url()) {
         $access_url_id = api_get_current_access_url_id();
         if ($access_url_id != -1) {
             $url_info = api_get_current_access_url_info();
             $url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
             $clean_url = api_replace_dangerous_char($url);
             $clean_url = str_replace('/', '-', $clean_url);
             $clean_url .= '/';
             $homep = $this->app['path.data'] . 'home/' . $clean_url;
             //homep for Home Path
             //we create the new dir for the new sites
             if (!is_dir($homep)) {
                 mkdir($homep, api_get_permissions_for_new_directories());
             }
         }
     } else {
         $homep = $this->app['path.data'] . 'home/';
     }
     $ext = '.html';
     $menutabs = 'home_tabs';
     $home_top = '';
     if (is_file($homep . $menutabs . '_' . $lang . $ext) && is_readable($homep . $menutabs . '_' . $lang . $ext)) {
         $home_top = @(string) file_get_contents($homep . $menutabs . '_' . $lang . $ext);
     } elseif (is_file($homep . $menutabs . $lang . $ext) && is_readable($homep . $menutabs . $lang . $ext)) {
         $home_top = @(string) file_get_contents($homep . $menutabs . $lang . $ext);
     }
     $home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
     $open = str_replace('{rel_path}', $this->app['path.data'], $home_top);
     $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
     $lis = '';
     if (!empty($open)) {
         if (strpos($open, 'show_menu') === false) {
             if (api_is_anonymous()) {
                 $navigation[SECTION_CAMPUS] = null;
             }
         } else {
             $lis .= $open;
         }
     }
     if (count($navigation) > 0 || !empty($lis)) {
         $pre_lis = '';
         foreach ($navigation as $section => $navigation_info) {
             if (isset($GLOBALS['this_section'])) {
                 $current = $section == $GLOBALS['this_section'] ? ' id="current" class="active" ' : '';
             } else {
                 $current = '';
             }
             if (!empty($navigation_info['title'])) {
                 $pre_lis .= '<li' . $current . ' ><a  href="' . $navigation_info['url'] . '" target="_top">' . $navigation_info['title'] . '</a></li>';
             }
         }
         $lis = $pre_lis . $lis;
     }
     $menu = null;
     if (!empty($lis)) {
         $menu .= $lis;
     }
     return $menu;
 }
예제 #13
0
                <td><button type="submit" class="<?php 
        echo $class;
        ?>
" value="<?php 
        echo $text;
        ?>
" ><?php 
        echo $text;
        ?>
</button></td>
            </tr>
        </table>
    </form>

<?php 
    } elseif (api_get_multiple_access_url() && api_get_current_access_url_id() != 1) {
        Display::display_error_message(get_lang('CourseCategoriesAreGlobal'));
    }
} else {
    if ($delError == 0) {
        ?>
    <div class="actions">
                <?php 
        if (!empty($category) && empty($action)) {
            $myquery = "SELECT parent_id FROM {$tbl_category} WHERE code='{$category}'";
            $result = Database::query($myquery);
            $parent_id = 0;
            if (Database::num_rows($result) > 0) {
                $parent_id = Database::fetch_array($result);
            }
            $parent_id['parent_id'] ? $link = ' (' . $parent_id['parent_id'] . ')' : ($link = '');
예제 #14
0
 /**
  * Return tab of params to display a course title in the My Courses tab
  * Check visibility, right, and notification icons, and load_dirs option
  * @param $courseId
  * @param bool $loadDirs
  * @return array
  */
 public static function getCourseParamsForDisplay($courseId, $loadDirs = false)
 {
     $user_id = api_get_user_id();
     // Table definitions
     $TABLECOURS = Database::get_main_table(TABLE_MAIN_COURSE);
     $TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER);
     $TABLE_ACCESS_URL_REL_COURSE = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
     $current_url_id = api_get_current_access_url_id();
     // Get course list auto-register
     $special_course_list = self::get_special_course_list();
     $without_special_courses = '';
     if (!empty($special_course_list)) {
         $without_special_courses = ' AND course.code NOT IN ("' . implode('","', $special_course_list) . '")';
     }
     //AND course_rel_user.relation_type<>".COURSE_RELATION_TYPE_RRHH."
     $sql = "SELECT course.id, course.title, course.code, course.subscribe subscr, course.unsubscribe unsubscr, course_rel_user.status status,\n                course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat\n                FROM    {$TABLECOURS}      course,\n                        {$TABLECOURSUSER}  course_rel_user, " . $TABLE_ACCESS_URL_REL_COURSE . " url\n                WHERE   course.id=" . intval($courseId) . "\n                        AND course.id = course_rel_user.c_id\n                        AND url.c_id = course.id\n                        AND course_rel_user.user_id = " . intval($user_id) . "\n                        {$without_special_courses} ";
     // If multiple URL access mode is enabled, only fetch courses
     // corresponding to the current URL.
     if (api_get_multiple_access_url() && $current_url_id != -1) {
         $sql .= " AND url.course_code=course.code AND access_url_id=" . intval($current_url_id);
     }
     // Use user's classification for courses (if any).
     $sql .= " ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC";
     $result = Database::query($sql);
     // Browse through all courses. We can only have one course because of the  course.id=".intval($courseId) in sql query
     $course = Database::fetch_array($result);
     $course_info = api_get_course_info($course['code']);
     //$course['id_session'] = null;
     $course_info['id_session'] = null;
     $course_info['status'] = $course['status'];
     // For each course, get if there is any notification icon to show
     // (something that would have changed since the user's last visit).
     $show_notification = Display::show_notification($course_info);
     // New code displaying the user's status in respect to this course.
     $status_icon = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
     $params = array();
     $params['right_actions'] = '';
     if (api_is_platform_admin()) {
         if ($loadDirs) {
             $params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
             $params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
             $params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
         } else {
             $params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
         }
         if ($course_info['status'] == COURSEMANAGER) {
             //echo Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'), array('style'=>'width: 11px; height: 11px;'));
         }
     } else {
         if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
             if ($loadDirs) {
                 $params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
                 $params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
             } else {
                 if ($course_info['status'] == COURSEMANAGER) {
                     $params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
                 }
             }
         }
     }
     $course_title_url = '';
     if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
         $course_title_url = api_get_path(WEB_COURSE_PATH) . $course_info['path'] . '/?id_session=0';
         $course_title = Display::url($course_info['title'], $course_title_url);
     } else {
         $course_title = $course_info['title'] . " " . Display::tag('span', get_lang('CourseClosed'), array('class' => 'item_closed'));
     }
     // Start displaying the course block itself
     if (api_get_setting('display_coursecode_in_courselist') == 'true') {
         $course_title .= ' (' . $course_info['visual_code'] . ') ';
     }
     $teachers = '';
     if (api_get_setting('display_teacher_in_courselist') == 'true') {
         $teachers = CourseManager::get_teacher_list_from_course_code_to_string($course['code'], self::USER_SEPARATOR, true);
     }
     $params['link'] = $course_title_url;
     $params['icon'] = $status_icon;
     $params['title'] = $course_title;
     $params['teachers'] = $teachers;
     if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
         $params['notifications'] = $show_notification;
     }
     return $params;
 }
예제 #15
0
/**
 * Get home path
 * @return string
 */
function api_get_home_path()
{
    $home = 'app/home/';
    if (api_get_multiple_access_url()) {
        $access_url_id = api_get_current_access_url_id();
        $url_info = api_get_access_url($access_url_id);
        $url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
        $clean_url = api_replace_dangerous_char($url);
        $clean_url = str_replace('/', '-', $clean_url);
        $clean_url .= '/';
        $home = 'app/home/' . $clean_url;
    }
    return $home;
}
예제 #16
0
function api_get_home_path()
{
    return null;
    $home = 'home/';
    $access_url_id = api_get_current_access_url_id();
    if (api_get_multiple_access_url() && $access_url_id != -1) {
        $url_info = api_get_current_access_url_info();
        $url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
        $clean_url = api_replace_dangerous_char($url);
        $clean_url = str_replace('/', '-', $clean_url);
        $clean_url .= '/';
        // if $clean_url ==  "localhost/" means that the multiple URL was not well configured we don't rename the $home variable
        if ($clean_url != 'localhost/') {
            //$home          = 'home/'.$clean_url;
        }
        $home = 'home/' . $clean_url;
    }
    return $home;
}
$action = $_GET['action'];
switch ($action) {
    case 'add_user_to_url':
        $user_id = $_REQUEST['user_id'];
        $result = UrlManager::add_user_to_url($user_id, $url_id);
        $user_info = api_get_user_info($user_id);
        if ($result) {
            $message = Display::return_message(get_lang('UserAdded') . ' ' . api_get_person_name($user_info['firstname'], $user_info['lastname']), 'confirm');
        }
        break;
}
Display::display_header($tool_name);
if (!empty($message)) {
    echo $message;
}
$multiple_url_is_on = api_get_multiple_access_url();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
$session_list = SessionManager::get_sessions_list();
$html = '';
$show_users_with_problems = isset($_REQUEST['show_users_with_problems']) && $_REQUEST['show_users_with_problems'] == 1 ? true : false;
if ($show_users_with_problems) {
    $html .= '<a href="' . api_get_self() . '?show_users_with_problems=0">' . get_lang('ShowAllUsers') . '</a>';
} else {
    $html .= '<a href="' . api_get_self() . '?show_users_with_problems=1">' . get_lang('ShowUsersNotAddedInTheURL') . '</a>';
}
foreach ($session_list as $session_item) {
    $session_id = $session_item['id'];
    $html .= '<h3>' . $session_item['name'] . '</h3>';
    $access_where = "(access_url_id = {$url_id} OR access_url_id is null )";
    if ($show_users_with_problems) {
        $access_where = "(access_url_id is null)";
예제 #18
0
 /**
  * Validates the received active connection data with the database
  * @return	bool	Return the loginFailed variable value to local.inc.php
  */
 public function check_user()
 {
     global $_user;
     $loginFailed = false;
     //change the way we recover the cookie depending on how it is formed
     $sso = $this->decode_cookie($_GET['sso_cookie']);
     //error_log('check_user');
     //error_log('sso decode cookie: '.print_r($sso,1));
     //lookup the user in the main database
     $user_table = Database::get_main_table(TABLE_MAIN_USER);
     $sql = "SELECT user_id, username, password, auth_source, active, expiration_date, status\n                FROM {$user_table}\n                WHERE username = '******'username'])) . "'";
     $result = Database::query($sql);
     if (Database::num_rows($result) > 0) {
         //error_log('user exists');
         $uData = Database::fetch_array($result);
         //Check the user's password
         if ($uData['auth_source'] == PLATFORM_AUTH_SOURCE) {
             //This user's authentification is managed by Chamilo itself
             // check the user's password
             // password hash comes already parsed in sha1, md5 or none
             /*
             error_log($sso['secret']);
             error_log($uData['password']);
             error_log($sso['username']);
             error_log($uData['username']);
             */
             global $_configuration;
             // Two possible authentication methods here: legacy using password
             // and new using a temporary, session-fixed, tempkey
             if ($sso['username'] == $uData['username'] && $sso['secret'] === sha1($uData['username'] . Session::read('tempkey') . $_configuration['security_key']) or $sso['secret'] === sha1($uData['password']) && $sso['username'] == $uData['username']) {
                 //error_log('user n password are ok');
                 //Check if the account is active (not locked)
                 if ($uData['active'] == '1') {
                     // check if the expiration date has not been reached
                     if ($uData['expiration_date'] > date('Y-m-d H:i:s') or $uData['expiration_date'] == '0000-00-00 00:00:00') {
                         //If Multiple URL is enabled
                         if (api_get_multiple_access_url()) {
                             //Check the access_url configuration setting if
                             // the user is registered in the access_url_rel_user table
                             //Getting the current access_url_id of the platform
                             $current_access_url_id = api_get_current_access_url_id();
                             // my user is subscribed in these
                             //sites: $my_url_list
                             $my_url_list = api_get_access_url_from_user($uData['user_id']);
                         } else {
                             $current_access_url_id = 1;
                             $my_url_list = array(1);
                         }
                         $my_user_is_admin = UserManager::is_admin($uData['user_id']);
                         if ($my_user_is_admin === false) {
                             if (is_array($my_url_list) && count($my_url_list) > 0) {
                                 if (in_array($current_access_url_id, $my_url_list)) {
                                     // the user has permission to enter at this site
                                     $_user['user_id'] = $uData['user_id'];
                                     $_user = api_get_user_info($_user['user_id']);
                                     Session::write('_user', $_user);
                                     event_login();
                                     // Redirect to homepage
                                     $sso_target = isset($sso['target']) ? $sso['target'] : api_get_path(WEB_PATH) . '.index.php';
                                     header('Location: ' . $sso_target);
                                     exit;
                                 } else {
                                     // user does not have permission for this site
                                     $loginFailed = true;
                                     Session::erase('_uid');
                                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                     exit;
                                 }
                             } else {
                                 // there is no URL in the multiple
                                 // urls list for this user
                                 $loginFailed = true;
                                 Session::erase('_uid');
                                 header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                 exit;
                             }
                         } else {
                             //Only admins of the "main" (first) Chamilo
                             // portal can login wherever they want
                             if (in_array(1, $my_url_list)) {
                                 //Check if this admin is admin on the
                                 // principal portal
                                 $_user['user_id'] = $uData['user_id'];
                                 $_user = api_get_user_info($_user['user_id']);
                                 $is_platformAdmin = $uData['status'] == COURSEMANAGER;
                                 Session::write('is_platformAdmin', $is_platformAdmin);
                                 Session::write('_user', $_user);
                                 event_login();
                             } else {
                                 //Secondary URL admin wants to login
                                 // so we check as a normal user
                                 if (in_array($current_access_url_id, $my_url_list)) {
                                     $_user['user_id'] = $uData['user_id'];
                                     $_user = api_get_user_info($_user['user_id']);
                                     Session::write('_user', $_user);
                                     event_login();
                                 } else {
                                     $loginFailed = true;
                                     Session::erase('_uid');
                                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=access_url_inactive');
                                     exit;
                                 }
                             }
                         }
                     } else {
                         // user account expired
                         $loginFailed = true;
                         Session::erase('_uid');
                         header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_expired');
                         exit;
                     }
                 } else {
                     //User not active
                     $loginFailed = true;
                     Session::erase('_uid');
                     header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=account_inactive');
                     exit;
                 }
             } else {
                 //SHA1 of password is wrong
                 $loginFailed = true;
                 Session::erase('_uid');
                 header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_password');
                 exit;
             }
         } else {
             //Auth_source is wrong
             $loginFailed = true;
             Session::erase('_uid');
             header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=wrong_authentication_source');
             exit;
         }
     } else {
         //No user by that login
         $loginFailed = true;
         Session::erase('_uid');
         header('Location: ' . api_get_path(WEB_PATH) . 'index.php?loginFailed=1&error=user_not_found');
         exit;
     }
     return $loginFailed;
 }
예제 #19
0
 /**
  * @param int $user_id
  * @param $filter
  * @param bool $load_dirs
  * @param int $getCount
  * @param int $start
  * @param null $maxPerPage
  * @return null|string
  */
 public static function displayCourses($user_id, $filter, $load_dirs, $getCount, $start = null, $maxPerPage = null)
 {
     // Table definitions
     $TABLECOURS = Database::get_main_table(TABLE_MAIN_COURSE);
     $TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER);
     $TABLE_ACCESS_URL_REL_COURSE = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
     $current_url_id = api_get_current_access_url_id();
     // Get course list auto-register
     $special_course_list = self::get_special_course_list();
     $without_special_courses = '';
     if (!empty($special_course_list)) {
         //$without_special_courses = ' AND course.code NOT IN ("'.implode('","',$special_course_list).'")';
     }
     $select = " SELECT DISTINCT\n                    course.id,\n                    course.title,\n                    course.code,\n                    course.subscribe subscr,\n                    course.unsubscribe unsubscr,\n                    course_rel_user.status status,\n                    course_rel_user.sort sort,\n                    course_rel_user.user_course_cat user_course_cat,\n                    course.id as real_id\n        ";
     $from = "{$TABLECOURS} course, {$TABLECOURSUSER}  course_rel_user, {$TABLE_ACCESS_URL_REL_COURSE} url ";
     $where = "  course.id = course_rel_user.c_id AND\n                    url.c_id = course.id AND\n                    course_rel_user.user_id = '" . $user_id . "' AND\n                    course_rel_user.user_course_cat = 0\n                    ";
     $order = " ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC";
     if ($getCount) {
         $select = "SELECT count(course.id) as total";
     }
     $sql = "{$select} FROM {$from} WHERE {$where} {$without_special_courses} ";
     // corresponding to the current URL.
     if (api_get_multiple_access_url() && $current_url_id != -1) {
         $sql .= " AND url.c_id = course.id AND access_url_id='" . $current_url_id . "'";
     }
     $sql .= $order;
     if (isset($start) && isset($maxPerPage)) {
         $start = intval($start);
         $maxPerPage = intval($maxPerPage);
         $limitCondition = " LIMIT {$start}, {$maxPerPage}";
         $sql .= $limitCondition;
     }
     if ($getCount) {
         $result = Database::query($sql);
         $row = Database::fetch_array($result);
         return $row['total'];
     }
     $result = Database::query($sql);
     $html = null;
     $course_list = array();
     // Browse through all courses.
     while ($course = Database::fetch_array($result)) {
         $course_info = api_get_course_info($course['code']);
         $course_info['id_session'] = null;
         $course_info['status'] = $course['status'];
         //In order to avoid doubles
         if (in_array($course_info['real_id'], $course_list)) {
             continue;
         } else {
             $course_list[] = $course_info['real_id'];
         }
         // For each course, get if there is any notification icon to show
         // (something that would have changed since the user's last visit).
         $show_notification = Display::show_notification($course_info);
         // New code displaying the user's status in respect to this course.
         $status_icon = Display::return_icon('blackboard.png', $course_info['title'], array(), ICON_SIZE_LARGE);
         $params = array();
         $params['right_actions'] = '';
         if (api_is_platform_admin()) {
             if ($load_dirs) {
                 $params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
                 $params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
                 $params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
             } else {
                 $params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
             }
             if ($course_info['status'] == COURSEMANAGER) {
                 //echo Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'), array('style'=>'width: 11px; height: 11px;'));
             }
         } else {
             if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
                 if ($load_dirs) {
                     $params['right_actions'] .= '<a id="document_preview_' . $course_info['real_id'] . '_0" class="document_preview" href="javascript:void(0);">' . Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
                     $params['right_actions'] .= Display::div('', array('id' => 'document_result_' . $course_info['real_id'] . '_0', 'class' => 'document_preview_container'));
                 } else {
                     if ($course_info['status'] == COURSEMANAGER) {
                         $params['right_actions'] .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'course_info/infocours.php?cidReq=' . $course['code'] . '">' . Display::return_icon('edit.png', get_lang('Edit'), array('align' => 'absmiddle'), ICON_SIZE_SMALL) . '</a>';
                     }
                 }
             }
         }
         $course_title_url = '';
         if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
             //$course_title_url = api_get_path(WEB_COURSE_PATH).$course_info['path'].'/index.php?id_session=0';
             $course_title_url = api_get_path(WEB_COURSE_PATH) . $course_info['code'] . '/index.php?id_session=0';
             $course_title = Display::url($course_info['title'], $course_title_url);
         } else {
             $course_title = $course_info['title'] . " " . Display::tag('span', get_lang('CourseClosed'), array('class' => 'item_closed'));
         }
         // Start displaying the course block itself
         if (api_get_setting('course.display_coursecode_in_courselist') == 'true') {
             $course_title .= ' (' . $course_info['visual_code'] . ') ';
         }
         $teachers = null;
         if (api_get_setting('course.display_teacher_in_courselist') == 'true') {
             $teachers = $course_info['teacher_list_formatted'];
         }
         $params['link'] = $course_title_url;
         $params['icon'] = $status_icon;
         $params['title'] = $course_title;
         $params['teachers'] = $teachers;
         if ($course_info['visibility'] != COURSE_VISIBILITY_CLOSED) {
             $params['notifications'] = $show_notification;
         }
         $is_subcontent = true;
         if (empty($user_category_id)) {
             $is_subcontent = false;
         }
         $html .= self::course_item_html($params, $is_subcontent);
     }
     return $html;
 }
예제 #20
0
function return_menu()
{
    $navigation = return_navigation_array();
    $navigation = $navigation['navigation'];
    // Displaying the tabs
    $lang = '';
    //el for "Edit Language"
    if (!empty($_SESSION['user_language_choice'])) {
        $lang = $_SESSION['user_language_choice'];
    } elseif (!empty($_SESSION['_user']['language'])) {
        $lang = $_SESSION['_user']['language'];
    } else {
        $lang = get_setting('platformLanguage');
    }
    //Preparing home folder for multiple urls
    if (api_get_multiple_access_url()) {
        $access_url_id = api_get_current_access_url_id();
        if ($access_url_id != -1) {
            $url_info = api_get_access_url($access_url_id);
            $url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
            $clean_url = replace_dangerous_char($url);
            $clean_url = str_replace('/', '-', $clean_url);
            $clean_url .= '/';
            $homep = api_get_path(SYS_PATH) . 'home/' . $clean_url;
            //homep for Home Path
            //we create the new dir for the new sites
            if (!is_dir($homep)) {
                mkdir($homep, api_get_permissions_for_new_directories());
            }
        }
    } else {
        $homep = api_get_path(SYS_PATH) . 'home/';
    }
    $ext = '.html';
    $menutabs = 'home_tabs';
    $mtloggedin = 'home_tabs_logged_in';
    $home_top = '';
    if (is_file($homep . $menutabs . '_' . $lang . $ext) && is_readable($homep . $menutabs . '_' . $lang . $ext)) {
        $home_top = @(string) file_get_contents($homep . $menutabs . '_' . $lang . $ext);
    } elseif (is_file($homep . $menutabs . $lang . $ext) && is_readable($homep . $menutabs . $lang . $ext)) {
        $home_top = @(string) file_get_contents($homep . $menutabs . $lang . $ext);
    } else {
        //$errorMsg = get_lang('HomePageFilesNotReadable');
    }
    $home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
    $open = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top);
    $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
    $open_mtloggedin = '';
    if (api_get_user_id() && !api_is_anonymous()) {
        if (is_file($homep . $mtloggedin . '_' . $lang . $ext) && is_readable($homep . $mtloggedin . '_' . $lang . $ext)) {
            $home_top = @(string) file_get_contents($homep . $mtloggedin . '_' . $lang . $ext);
            $home_top = str_replace('::private', '', $home_top);
        } elseif (is_file($homep . $mtloggedin . $lang . $ext) && is_readable($homep . $mtloggedin . $lang . $ext)) {
            $home_top = @(string) file_get_contents($homep . $mtloggedin . $lang . $ext);
            $home_top = str_replace('::private', '', $home_top);
        } else {
            //$errorMsg = get_lang('HomePageFilesNotReadable');
        }
        $home_top = api_to_system_encoding($home_top, api_detect_encoding(strip_tags($home_top)));
        $open_mtloggedin = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top);
        $open_mtloggedin = api_to_system_encoding($open_mtloggedin, api_detect_encoding(strip_tags($open_mtloggedin)));
    }
    $lis = '';
    if (!empty($open) or !empty($open_mtloggedin)) {
        if (strpos($open . $open_mtloggedin, 'show_menu') === false) {
            if (api_is_anonymous()) {
                $navigation[SECTION_CAMPUS] = null;
            }
        } else {
            //$lis .= Display::tag('li', $open);
            if (api_get_user_id() && !api_is_anonymous()) {
                $lis .= $open_mtloggedin;
            } else {
                $lis .= $open;
            }
        }
    }
    if (count($navigation) > 0 || !empty($lis)) {
        $pre_lis = '';
        foreach ($navigation as $section => $navigation_info) {
            $key = !empty($navigation_info['key']) ? 'tab-' . $navigation_info['key'] : '';
            if (isset($GLOBALS['this_section'])) {
                $current = $section == $GLOBALS['this_section'] ? ' id="current" class="active ' . $key . '" ' : ' class="' . $key . '"';
            } else {
                $current = '';
            }
            if (!empty($navigation_info['title'])) {
                $pre_lis .= '<li' . $current . '><a  href="' . $navigation_info['url'] . '" target="_top">' . $navigation_info['title'] . '</a></li>';
            }
        }
        $lis = $pre_lis . $lis;
    }
    $menu = null;
    if (!empty($lis)) {
        $menu .= $lis;
    }
    return $menu;
}
예제 #21
0
/**
 * Get the total number of users on the platform
 * @return int  The number of users
 * @see SortableTable#get_total_number_of_items()
 */
function get_number_of_users()
{
    $user_table = Database::get_main_table(TABLE_MAIN_USER);
    $sql = "SELECT COUNT(u.user_id) AS total_number_of_items FROM {$user_table} u";
    if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
        $access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
        $sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.user_id=url_rel_user.user_id)";
    }
    if (isset($_GET['keyword'])) {
        $keyword = Database::escape_string(trim($_GET['keyword']));
        $sql .= " WHERE (u.firstname LIKE '%{$keyword}%' OR\n                  u.lastname LIKE '%{$keyword}%'  OR\n                  concat(u.firstname,' ',u.lastname) LIKE '%{$keyword}%'  OR\n                  concat(u.lastname,' ',u.firstname) LIKE '%{$keyword}%' OR\n                  u.username LIKE '%{$keyword}%' OR\n                  u.email LIKE '%{$keyword}%'  OR\n                  u.official_code LIKE '%{$keyword}%') ";
    }
    $res = Database::query($sql);
    $obj = Database::fetch_object($res);
    return $obj->total_number_of_items;
}
예제 #22
0
/**
 * Get home path
 * @return string
 */
function api_get_home_path()
{
    // FIX : Start the routing determination from central path definition
    $home = api_get_path(SYS_HOME_PATH);
    if (api_get_multiple_access_url()) {
        $access_url_id = api_get_current_access_url_id();
        $url_info = api_get_access_url($access_url_id);
        $url = api_remove_trailing_slash(preg_replace('/https?:\\/\\//i', '', $url_info['url']));
        $clean_url = api_replace_dangerous_char($url);
        $clean_url = str_replace('/', '-', $clean_url);
        $clean_url .= '/';
        if ($clean_url != 'localhost/') {
            return "{$home}{$clean_url}";
        }
    }
    return $home;
}
예제 #23
0
            $form->setDefaults($categoryInfo);
            $form->addButtonSave($text);
        } else {
            $class = "add";
            $text = get_lang('AddCategory');
            $form->setDefaults(array('auth_course_child' => 'TRUE'));
            $form->addButtonCreate($text);
        }
        $form->display();
    } elseif (api_get_multiple_access_url() && api_get_current_access_url_id() != 1) {
        // If multiple URLs and not main URL, prevent edition and inform user
        Display::display_warning_message(get_lang('CourseCategoriesAreGlobal'));
    }
} else {
    // If multiple URLs and not main URL, prevent deletion and inform user
    if ($action == 'delete' && api_get_multiple_access_url() && api_get_current_access_url_id() != 1) {
        Display::display_warning_message(get_lang('CourseCategoriesAreGlobal'));
    }
    echo '<div class="actions">';
    $link = null;
    if (!empty($parentInfo)) {
        $parentCode = $parentInfo['parent_id'];
        echo Display::url(Display::return_icon('back.png', get_lang("Back"), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . 'admin/course_category.php?category=' . $parentCode);
    }
    if (empty($parentInfo) || $parentInfo['auth_cat_child'] == 'TRUE') {
        echo Display::url(Display::return_icon('new_folder.png', get_lang("AddACategory"), '', ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH) . 'admin/course_category.php?action=add&category=' . Security::remove_XSS($category));
    }
    echo '</div>';
    if (!empty($parentInfo)) {
        echo Display::page_subheader($parentInfo['name'] . ' (' . $parentInfo['code'] . ')');
    }
예제 #24
0
/**
 * Get the users to display on the current page (fill the sortable-table)
 * @param   int     offset of first user to recover
 * @param   int     Number of users to get
 * @param   int     Column to sort on
 * @param   string  Order (ASC,DESC)
 * @param   bool
 * @see SortableTable#get_table_data($from)
 */
function get_user_data($from, $number_of_items, $column, $direction, $get_count = false)
{
    $user_table = Database::get_main_table(TABLE_MAIN_USER);
    $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
    $select = "SELECT\n                 u.user_id\t\t\t\tAS col0,\n                 u.official_code\t\tAS col2,\n\t\t\t\t " . (api_is_western_name_order() ? "u.firstname \t\t\tAS col3,\n                 u.lastname \t\t\tAS col4," : "u.lastname \t\t\tAS col3,\n                 u.firstname \t\t\tAS col4,") . "\n                 u.username\t\t\t\tAS col5,\n                 u.email\t\t\t\tAS col6,\n                 u.status\t\t\t\tAS col7,\n                 u.active\t\t\t\tAS col8,\n                 u.user_id\t\t\t\tAS col9,\n                 u.registration_date    AS col10,\n                 u.expiration_date      AS exp,\n                 u.password\n    ";
    if ($get_count) {
        $select = "SELECT count(u.user_id) as total_rows";
    }
    $sql = "{$select} FROM {$user_table} u ";
    // adding the filter to see the user's only of the current access_url
    if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
        $access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
        $sql .= " INNER JOIN {$access_url_rel_user_table} url_rel_user ON (u.user_id=url_rel_user.user_id)";
    }
    if (isset($_GET['keyword_extra_data'])) {
        $keyword_extra_data = Database::escape_string($_GET['keyword_extra_data']);
        if (!empty($keyword_extra_data)) {
            $extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data);
            $field_id = $extra_info['id'];
            $sql .= " INNER JOIN user_field_values ufv ON u.user_id=ufv.user_id AND ufv.field_id={$field_id} ";
        }
    }
    if (isset($_GET['keyword'])) {
        $keyword = Database::escape_string(trim($_GET['keyword']));
        $sql .= " WHERE (u.firstname LIKE '%" . $keyword . "%' OR u.lastname LIKE '%" . $keyword . "%' OR concat(u.firstname,' ',u.lastname) LIKE '%" . $keyword . "%' OR concat(u.lastname,' ',u.firstname) LIKE '%" . $keyword . "%' OR u.username LIKE '%" . $keyword . "%'  OR u.official_code LIKE '%" . $keyword . "%' OR u.email LIKE '%" . $keyword . "%' )";
    } elseif (isset($_GET['keyword_firstname'])) {
        $keyword_firstname = Database::escape_string($_GET['keyword_firstname']);
        $keyword_lastname = Database::escape_string($_GET['keyword_lastname']);
        $keyword_email = Database::escape_string($_GET['keyword_email']);
        $keyword_officialcode = Database::escape_string($_GET['keyword_officialcode']);
        $keyword_username = Database::escape_string($_GET['keyword_username']);
        $keyword_status = Database::escape_string($_GET['keyword_status']);
        $query_admin_table = '';
        $and_conditions = array();
        if ($keyword_status == SESSIONADMIN) {
            $keyword_status = '%';
            $query_admin_table = " , {$admin_table} a ";
            $and_conditions[] = ' a.user_id = u.user_id ';
        }
        if (isset($_GET['keyword_extra_data'])) {
            if (!empty($_GET['keyword_extra_data']) && !empty($_GET['keyword_extra_data_text'])) {
                $keyword_extra_data_text = Database::escape_string($_GET['keyword_extra_data_text']);
                $and_conditions[] = " ufv.field_value LIKE '%" . trim($keyword_extra_data_text) . "%' ";
            }
        }
        $keyword_active = isset($_GET['keyword_active']);
        $keyword_inactive = isset($_GET['keyword_inactive']);
        $sql .= $query_admin_table . " WHERE ( ";
        if (!empty($keyword_firstname)) {
            $and_conditions[] = "u.firstname LIKE '%" . $keyword_firstname . "%' ";
        }
        if (!empty($keyword_lastname)) {
            $and_conditions[] = "u.lastname LIKE '%" . $keyword_lastname . "%' ";
        }
        if (!empty($keyword_username)) {
            $and_conditions[] = "u.username LIKE '%" . $keyword_username . "%'  ";
        }
        if (!empty($keyword_email)) {
            $and_conditions[] = "u.email LIKE '%" . $keyword_email . "%' ";
        }
        if (!empty($keyword_officialcode)) {
            $and_conditions[] = "u.official_code LIKE '%" . $keyword_officialcode . "%' ";
        }
        if (!empty($keyword_status)) {
            $and_conditions[] = "u.status LIKE '" . $keyword_status . "' ";
        }
        if ($keyword_active && !$keyword_inactive) {
            $and_conditions[] = "  u.active='1' ";
        } elseif ($keyword_inactive && !$keyword_active) {
            $and_conditions[] = "  u.active='0' ";
        }
        if (!empty($and_conditions)) {
            $sql .= implode(' AND ', $and_conditions);
        }
        $sql .= " ) ";
    }
    // adding the filter to see the user's only of the current access_url
    if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) {
        $sql .= " AND url_rel_user.access_url_id=" . api_get_current_access_url_id();
    }
    $checkPassStrength = isset($_GET['check_easy_passwords']) && $_GET['check_easy_passwords'] == 1 ? true : false;
    if ($checkPassStrength) {
        $easyPasswordList = api_get_easy_password_list();
        $easyPasswordList = array_map('api_get_encrypted_password', $easyPasswordList);
        $easyPasswordList = array_map(array('Database', 'escape_string'), $easyPasswordList);
        $easyPassword = implode("' OR password LIKE '", $easyPasswordList);
        $sql .= "AND password LIKE '{$easyPassword}' ";
    }
    if (!in_array($direction, array('ASC', 'DESC'))) {
        $direction = 'ASC';
    }
    $column = intval($column);
    $from = intval($from);
    $number_of_items = intval($number_of_items);
    // Returns counts and exits function.
    if ($get_count) {
        $res = Database::query($sql);
        $user = Database::fetch_array($res);
        return $user['total_rows'];
    }
    $sql .= " ORDER BY col{$column} {$direction} ";
    $sql .= " LIMIT {$from},{$number_of_items}";
    $res = Database::query($sql);
    $users = array();
    $t = time();
    while ($user = Database::fetch_row($res)) {
        $userInfo = api_get_user_info($user[0]);
        $image_path = UserManager::get_user_picture_path_by_id($user[0], 'web', false, true);
        $user_profile = UserManager::get_picture_user($user[0], $image_path['file'], 22, USER_IMAGE_SIZE_SMALL, ' width="22" height="22" ');
        if (!api_is_anonymous()) {
            $photo = '<center><a href="' . $userInfo['profile_url'] . '" title="' . get_lang('Info') . '">
                            <img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . $userInfo['complete_name'] . '" title="' . $userInfo['complete_name'] . '" /></a></center>';
        } else {
            $photo = '<center><img src="' . $user_profile['file'] . '" ' . $user_profile['style'] . ' alt="' . $userInfo['complete_name'] . '" title="' . $userInfo['complete_name'] . '" /></center>';
        }
        if ($user[7] == 1 && $user[10] != '0000-00-00 00:00:00') {
            // check expiration date
            $expiration_time = api_convert_sql_date($user[10]);
            // if expiration date is passed, store a special value for active field
            if ($expiration_time < $t) {
                $user[7] = '-1';
            }
        }
        // forget about the expiration date field
        $users[] = array($user[0], $photo, $user[1], Display::url($user[2], $userInfo['profile_url']), Display::url($user[3], $userInfo['profile_url']), $user[4], $user[5], $user[6], $user[7], api_get_local_time($user[9]), $user[0]);
    }
    return $users;
}
예제 #25
0
     $subject = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : null;
     $invitationContent = isset($_REQUEST['content']) ? trim($_REQUEST['content']) : null;
     SocialManager::send_invitation_friend_user($_REQUEST['user_id'], $subject, $invitationContent);
     break;
 case 'find_users':
     if (api_is_anonymous()) {
         echo '';
         break;
     }
     $track_online_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE);
     $tbl_my_user = Database::get_main_table(TABLE_MAIN_USER);
     $tbl_my_user_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
     $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
     $tbl_access_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
     $search = Database::escape_string($_REQUEST['q']);
     $access_url_id = api_get_multiple_access_url() == 'true' ? api_get_current_access_url_id() : 1;
     $user_id = api_get_user_id();
     $is_western_name_order = api_is_western_name_order();
     $likeCondition = " AND (firstname LIKE '%{$search}%' OR lastname LIKE '%{$search}%' OR email LIKE '%{$search}%') ";
     if (api_get_setting('social.allow_social_tool') == 'true' && api_get_setting('message.allow_message_tool') == 'true') {
         // All users
         if (api_get_setting('message.allow_send_message_to_all_platform_users') == 'true' || api_is_platform_admin()) {
             if ($access_url_id != 0) {
                 $sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n                            FROM {$tbl_user} u LEFT JOIN {$tbl_access_url_rel_user} r ON u.user_id = r.user_id\n                            WHERE\n                                u.status <> 6  AND\n                                u.user_id <> {$user_id} AND\n                                r.access_url_id = {$access_url_id}\n                                {$likeCondition} ";
             } else {
                 $sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n                            FROM {$tbl_user} u\n                            WHERE\n                                u.status <> 6  AND\n                                u.user_id <> {$user_id}\n                                {$likeCondition} ";
             }
         } else {
             //only my contacts
             if ($access_url_id != 0) {
                 $sql = "SELECT DISTINCT u.user_id as id, u.firstname, u.lastname, u.email\n                            FROM {$tbl_access_url_rel_user} r, {$tbl_my_user_friend} uf\n                            INNER JOIN {$tbl_my_user} AS u\n                            ON uf.friend_user_id = u.user_id\n                            WHERE\n                                u.status <> 6 AND\n                                relation_type NOT IN(" . USER_RELATION_TYPE_DELETED . ", " . USER_RELATION_TYPE_RRHH . ") AND\n                                uf.user_id = {$user_id} AND\n                                friend_user_id <> {$user_id} AND\n                                u.user_id = r.user_id AND\n                                r.access_url_id = {$access_url_id}\n                                {$likeCondition}";
예제 #26
0
    /**
     * Subscribes users to human resource manager (Dashboard feature)
     *    @param    int         hr dept id
     * @param    array        Users id
     * @param    int            affected rows
     * */
    public static function suscribe_users_to_hr_manager($hr_dept_id, $users_id)
    {
        // Database Table Definitions
        $tbl_user_rel_user = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
        $tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);

        $hr_dept_id = intval($hr_dept_id);
        $affected_rows = 0;

        if (api_get_multiple_access_url()) {
            //Deleting assigned users to hrm_id
            $sql = "SELECT s.user_id FROM $tbl_user_rel_user s
                    INNER JOIN $tbl_user_rel_access_url a
                    ON (a.user_id = s.user_id)
                    WHERE
                        friend_user_id = $hr_dept_id AND
                        relation_type = '".USER_RELATION_TYPE_RRHH."' AND
                        access_url_id = ".api_get_current_access_url_id()."";
        } else {
            $sql = "SELECT user_id FROM $tbl_user_rel_user
                    WHERE
                        friend_user_id = $hr_dept_id AND
                        relation_type = '".USER_RELATION_TYPE_RRHH."' ";
        }
        $result = Database::query($sql);
        if (Database::num_rows($result) > 0) {
            while ($row = Database::fetch_array($result)) {
                $sql = "DELETE FROM $tbl_user_rel_user
                        WHERE
                            user_id = '{$row['user_id']}' AND
                            friend_user_id = $hr_dept_id AND
                            relation_type = '".USER_RELATION_TYPE_RRHH."' ";
                Database::query($sql);
            }
        }

        // Inserting new user list
        if (is_array($users_id)) {
            foreach ($users_id as $user_id) {
                $user_id = intval($user_id);
                $sql = "INSERT IGNORE INTO $tbl_user_rel_user(user_id, friend_user_id, relation_type)
                               VALUES ('$user_id', $hr_dept_id, '".USER_RELATION_TYPE_RRHH."')";
                Database::query($sql);
                $affected_rows = Database::affected_rows();
            }
        }
        return $affected_rows;
    }