예제 #1
0
/**
 * Check whether this survey has ended. If so, display message and exit rhis script
 */
function check_time_availability($surv_data)
{
    $start_date = mktime(0, 0, 0, substr($surv_data['start_date'], 5, 2), substr($surv_data['start_date'], 8, 2), substr($surv_data['start_date'], 0, 4));
    $end_date = mktime(0, 0, 0, substr($surv_data['end_date'], 5, 2), substr($surv_data['end_date'], 8, 2), substr($surv_data['end_date'], 0, 4));
    $cur_date = time();
    if ($cur_date < $start_date) {
        api_not_allowed(true, Display::return_message(get_lang('SurveyNotAvailableYet'), 'warning', false));
    }
    if ($cur_date > $end_date) {
        api_not_allowed(true, Display::return_message(get_lang('SurveyNotAvailableAnymore'), 'warning', false));
    }
}
예제 #2
0
 function check_lock_permissions()
 {
     if (api_is_platform_admin()) {
         return true;
     } else {
         if ($this->is_locked()) {
             api_not_allowed();
         }
     }
 }
예제 #3
0
/**
*	@package chamilo.messages
*/
/**
* This script shows a compose area (wysiwyg editor if supported, otherwise
* a simple textarea) where the user can type a message.
* There are three modes
* - standard: type a message, select a user to send it to, press send
* - reply on message (when pressing reply when viewing a message)
* - send to specific user (when pressing send message in the who is online list)
*/
$cidReset = true;
//require_once '../inc/global.inc.php';
api_block_anonymous_users();
if (api_get_setting('message.allow_message_tool') != 'true') {
    api_not_allowed();
}
$nameTools = api_xml_http_response_encode(get_lang('Messages'));
/*	Constants and variables */
$htmlHeadXtra[] = '
<script language="javascript">
function validate(form, list) {
	if(list.selectedIndex<0) {
    	alert("Please select someone to send the message to.")
    	return false
	} else {
    	return true
    }
}

</script>';
예제 #4
0
            $clean_url .= '/';
            $home_old = api_get_path(SYS_APP_PATH) . 'home/';
            $home = api_get_path(SYS_APP_PATH) . 'home/' . $clean_url;
        }
    }
    if (file_exists($home . 'register_top_' . $user_selected_language . '.html')) {
        $home_top_temp = @(string) file_get_contents($home . 'register_top_' . $user_selected_language . '.html');
        $open = str_replace('{rel_path}', api_get_path(REL_PATH), $home_top_temp);
        $open = api_to_system_encoding($open, api_detect_encoding(strip_tags($open)));
        if (!empty($open)) {
            $content = '<div class="well_border">' . $open . '</div>';
        }
    }
    // Forbidden to self-register
    if ($isNotAllowedHere) {
        api_not_allowed(true, get_lang('RegistrationDisabled'));
    }
    if (api_get_setting('registration.allow_registration') == 'approval') {
        $content .= Display::return_message(get_lang('YourAccountHasToBeApproved'));
    }
    //if openid was not found
    if (!empty($_GET['openid_msg']) && $_GET['openid_msg'] == 'idnotfound') {
        $content .= Display::return_message(get_lang('OpenIDCouldNotBeFoundPleaseRegister'));
    }
}
// Terms and conditions
if (api_get_setting('registration.allow_terms_conditions') == 'true') {
    $language = api_get_interface_language();
    $language = api_get_language_id($language);
    $term_preview = LegalManager::get_last_condition($language);
    if (!$term_preview) {
 /**
  * @param int $id
  * @return bool
  */
 static function protect_session_edit($id = null)
 {
     if (api_is_platform_admin()) {
         return false;
     }
     if (api_is_session_admin()) {
         return false;
     }
     $blockTeachers = !api_is_teacher() || api_is_teacher() && api_get_setting('allow_teachers_to_create_sessions') == 'false';
     if ($blockTeachers) {
         api_not_allowed(true);
     }
     if (!empty($id)) {
         $session_info = self::fetch($id);
         if (empty($session_info)) {
             api_not_allowed(true);
         }
         if ($blockTeachers && !api_is_platform_admin() && api_get_setting('allow_session_admins_to_manage_all_sessions') != 'true') {
             if ($session_info['session_admin_id'] != api_get_user_id()) {
                 api_not_allowed(true);
             }
         }
         //Blocking teachers that want to edit another session
         if ($blockTeachers == false && $session_info['id_coach'] != api_get_user_id()) {
             api_not_allowed(true);
         }
     }
 }
예제 #6
0
}
/*	DOWNLOAD A FILE */
/* AUTHORIZATION */
// Check if the id makes sense
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    api_not_allowed(true);
    exit;
}
// Check if the user is allowed to download the file
$allowed_to_download = false;
if (user_can_download_file($_GET['id'], api_get_user_id())) {
    $allowed_to_download = true;
}
/*		ERROR IF NOT ALLOWED TO DOWNLOAD */
if (!$allowed_to_download) {
    api_not_allowed(true, Display::return_message(get_lang('YouAreNotAllowedToDownloadThisFile'), 'error'));
    exit;
} else {
    /*      DOWNLOAD THE FILE */
    // the user is allowed to download the file
    $_SESSION['_seen'][$_course['id']][TOOL_DROPBOX][] = intval($_GET['id']);
    $work = new Dropbox_Work($_GET['id']);
    $path = dropbox_cnf('sysPath') . '/' . $work->filename;
    //path to file as stored on server
    if (!Security::check_abs_path($path, dropbox_cnf('sysPath') . '/')) {
        exit;
    }
    $file = $work->title;
    DocumentManager::file_send_for_download($path, true, $file);
    exit;
}
 /**
  * Gets attendance base in the table:
  * TABLE_STATISTIC_TRACK_E_COURSE_ACCESS
  * @param bool $showForm
  * @throws ViewException
  */
 public function getAttendanceBaseInLogin($showForm = false, $exportToPdf = true)
 {
     $table = null;
     $formToDisplay = null;
     $startDate = null;
     $endDate = null;
     $sessionId = api_get_session_id();
     if ($showForm) {
         $form = new FormValidator('search', 'post', api_get_self() . '?' . api_get_cidreq() . '&action=calendar_logins');
         $form->addDateRangePicker('range', get_lang('DateRange'));
         $form->addButton('submit', get_lang('Submit'));
         if ($form->validate()) {
             $values = $form->getSubmitValues();
             $startDate = api_get_utc_datetime($values['range_start']);
             $endDate = api_get_utc_datetime($values['range_end']);
         }
         $formToDisplay = $form->returnForm();
     } else {
         if (!empty($sessionId)) {
             $sessionInfo = api_get_session_info($sessionId);
             $startDate = $sessionInfo['access_start_date'];
             $endDate = $sessionInfo['access_end_date'];
         }
     }
     $attendance = new Attendance();
     if ($exportToPdf) {
         $result = $attendance->exportAttendanceLogin($startDate, $endDate);
         if (empty($result)) {
             api_not_allowed(true, get_lang('NoDataAvailable'));
         }
     }
     $table = $attendance->getAttendanceLoginTable($startDate, $endDate);
     $data = array('form' => $formToDisplay, 'table' => $table);
     $this->view->set_data($data);
     $this->view->set_layout('layout');
     $this->view->set_template('calendar_logins');
     $this->view->render();
 }
예제 #8
0
$this_section = SECTION_COURSES;
if (!api_is_allowed_to_edit(false, true)) {
    api_not_allowed(true);
}
// Database table definitions
$table_survey = Database::get_course_table(TABLE_SURVEY);
$table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database::get_main_table(TABLE_MAIN_COURSE);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$course_id = api_get_course_int_id();
// Getting the survey information
$survey_id = Security::remove_XSS($_GET['survey_id']);
$survey_data = SurveyManager::get_survey($survey_id);
if (empty($survey_data)) {
    api_not_allowed(true, get_lang('InvallidSurvey'));
}
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
    $urlname .= '...';
}
// Breadcrumbs
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey_list.php?' . api_get_cidreq(), 'name' => get_lang('SurveyList'));
if (api_is_course_admin()) {
    $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey.php?survey_id=' . $survey_id . '&' . api_get_cidreq(), 'name' => $urlname);
} else {
    $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'survey/survey_invite.php?survey_id=' . $survey_id . '&' . api_get_cidreq(), 'name' => $urlname);
}
$tool_name = get_lang('SurveyPublication');
// Displaying the header
Display::display_header($tool_name, 'Survey');
예제 #9
0
 /**
  * @Route("/add_course", name="add_course")
  * @Method({"GET|POST"})
  * @Security("has_role('ROLE_USER')")
  *
  * @return Response
  */
 public function addCourseAction()
 {
     // "Course validation" feature. This value affects the way of a new course creation:
     // true  - the new course is requested only and it is created after approval;
     // false - the new course is created immediately, after filling this form.
     $courseValidation = false;
     if (api_get_setting('course.course_validation') == 'true' && !api_is_platform_admin()) {
         $courseValidation = true;
     }
     // Displaying the header.
     $tool_name = $courseValidation ? get_lang('CreateCourseRequest') : get_lang('CreateSite');
     if (api_get_setting('course.allow_users_to_create_courses') == 'false' && !api_is_platform_admin()) {
         api_not_allowed(true);
     }
     // Check access rights.
     if (!api_is_allowed_to_create_course()) {
         api_not_allowed(true);
     }
     $url = $this->generateUrl('add_course');
     // Build the form.
     $form = new \FormValidator('add_course', 'post', $url);
     // Form title
     $form->addElement('header', $tool_name);
     // Title
     $form->addElement('text', 'title', array(get_lang('CourseName'), get_lang('Ex')), array('id' => 'title'));
     $form->applyFilter('title', 'html_filter');
     $form->addRule('title', get_lang('ThisFieldIsRequired'), 'required');
     $form->addButtonAdvancedSettings('advanced_params');
     $form->addElement('html', '<div id="advanced_params_options" style="display:none">');
     // Category category.
     $url = api_get_path(WEB_AJAX_PATH) . 'course.ajax.php?a=search_category';
     $form->addElement('select_ajax', 'category_code', get_lang('CourseFaculty'), null, array('url' => $url));
     // Course code
     $form->addText('wanted_code', array(get_lang('Code'), get_lang('OnlyLettersAndNumbers')), '', array('maxlength' => \CourseManager::MAX_COURSE_LENGTH_CODE, 'pattern' => '[a-zA-Z0-9]+', 'title' => get_lang('OnlyLettersAndNumbers')));
     $form->applyFilter('wanted_code', 'html_filter');
     $form->addRule('wanted_code', get_lang('Max'), 'maxlength', \CourseManager::MAX_COURSE_LENGTH_CODE);
     // The teacher
     //array(get_lang('Professor'), null), null, array('size' => '60', 'disabled' => 'disabled'));
     $titular =& $form->addElement('hidden', 'tutor_name', '');
     if ($courseValidation) {
         // Description of the requested course.
         $form->addElement('textarea', 'description', get_lang('Description'), array('rows' => '3'));
         // Objectives of the requested course.
         $form->addElement('textarea', 'objetives', get_lang('Objectives'), array('rows' => '3'));
         // Target audience of the requested course.
         $form->addElement('textarea', 'target_audience', get_lang('TargetAudience'), array('rows' => '3'));
     }
     // Course language.
     $form->addElement('select_language', 'course_language', get_lang('Ln'), array(), array('style' => 'width:150px'));
     $form->applyFilter('select_language', 'html_filter');
     // Exemplary content checkbox.
     $form->addElement('checkbox', 'exemplary_content', null, get_lang('FillWithExemplaryContent'));
     if ($courseValidation) {
         // A special URL to terms and conditions that is set
         // in the platform settings page.
         $terms_and_conditions_url = trim(api_get_setting('course_validation_terms_and_conditions_url'));
         // If the special setting is empty,
         // then we may get the URL from Chamilo's module "Terms and conditions",
         // if it is activated.
         if (empty($terms_and_conditions_url)) {
             if (api_get_setting('registration.allow_terms_conditions') == 'true') {
                 $terms_and_conditions_url = api_get_path(WEB_CODE_PATH);
                 $terms_and_conditions_url .= 'auth/inscription.php?legal';
             }
         }
         if (!empty($terms_and_conditions_url)) {
             // Terms and conditions to be accepted before sending a course request.
             $form->addElement('checkbox', 'legal', null, get_lang('IAcceptTermsAndConditions'), 1);
             $form->addRule('legal', get_lang('YouHaveToAcceptTermsAndConditions'), 'required');
             // Link to terms and conditions.
             $link_terms_and_conditions = '
                 <script>
                 function MM_openBrWindow(theURL, winName, features) { //v2.0
                     window.open(theURL,winName,features);
                 }
                 </script>
             ';
             $link_terms_and_conditions .= \Display::url(get_lang('ReadTermsAndConditions'), '#', ['onclick' => "javascript:MM_openBrWindow('{$terms_and_conditions_url}', 'Conditions', 'scrollbars=yes, width=800');"]);
             $form->addElement('label', null, $link_terms_and_conditions);
         }
     }
     $obj = new \GradeModel();
     $obj->fill_grade_model_select_in_form($form);
     $form->addElement('html', '</div>');
     // Submit button.
     $form->addButtonCreate($courseValidation ? get_lang('CreateThisCourseRequest') : get_lang('CreateCourseArea'));
     // Set default values.
     if (isset($_user['language']) && $_user['language'] != '') {
         $values['course_language'] = $_user['language'];
     } else {
         $values['course_language'] = api_get_setting('language.platform_language');
     }
     $form->setDefaults($values);
     $message = null;
     $content = null;
     // Validate the form.
     if ($form->validate()) {
         $course_values = $form->exportValues();
         $wanted_code = $course_values['wanted_code'];
         //$category_code = $course_values['category_code'];
         $category_code = '';
         $title = $course_values['title'];
         $course_language = $course_values['course_language'];
         $exemplary_content = !empty($course_values['exemplary_content']);
         if ($courseValidation) {
             $description = $course_values['description'];
             $objetives = $course_values['objetives'];
             $target_audience = $course_values['target_audience'];
         }
         if ($wanted_code == '') {
             $wanted_code = \CourseManager::generate_course_code(api_substr($title, 0, \CourseManager::MAX_COURSE_LENGTH_CODE));
         }
         // Check whether the requested course code has already been occupied.
         if (!$courseValidation) {
             $course_code_ok = !\CourseManager::course_code_exists($wanted_code);
         } else {
             $course_code_ok = !\CourseRequestManager::course_code_exists($wanted_code);
         }
         if ($course_code_ok) {
             if (!$courseValidation) {
                 $params = array();
                 $params['title'] = $title;
                 $params['exemplary_content'] = $exemplary_content;
                 $params['wanted_code'] = $wanted_code;
                 $params['course_category'] = $category_code;
                 $params['course_language'] = $course_language;
                 $params['gradebook_model_id'] = isset($course_values['gradebook_model_id']) ? $course_values['gradebook_model_id'] : null;
                 $course_info = \CourseManager::create_course($params);
                 if (!empty($course_info)) {
                     $url = api_get_path(WEB_CODE_PATH);
                     $url .= 'course_info/start.php?cidReq=';
                     $url .= $course_info['code'];
                     $url .= '&first=1';
                     header('Location: ' . $url);
                     exit;
                 } else {
                     $this->addFlash('error', $this->trans('CourseCreationFailed'));
                     // Display the form.
                     $content = $form->returnForm();
                 }
             } else {
                 // Create a request for a new course.
                 $request_id = \CourseRequestManager::create_course_request($wanted_code, $title, $description, $category_code, $course_language, $objetives, $target_audience, api_get_user_id(), $exemplary_content);
                 if ($request_id) {
                     $course_request_info = \CourseRequestManager::get_course_request_info($request_id);
                     $message = (is_array($course_request_info) ? '<strong>' . $course_request_info['code'] . '</strong> : ' : '') . get_lang('CourseRequestCreated');
                     \Display::return_message($message, 'confirmation', false);
                     \Display::return_message('div', \Display::url(get_lang('Enter'), api_get_path(WEB_PATH) . 'user_portal.php', ['class' => 'btn btn-default']), ['style' => 'float: left; margin:0px; padding: 0px;']);
                 } else {
                     \Display::return_message(get_lang('CourseRequestCreationFailed'), 'error', false);
                     // Display the form.
                     $content = $form->returnForm();
                 }
             }
         } else {
             \Display::return_message(get_lang('CourseCodeAlreadyExists'), 'error', false);
             // Display the form.
             $content = $form->returnForm();
         }
     } else {
         if (!$courseValidation) {
             $this->addFlash('warning', get_lang('Explanation'));
         }
         // Display the form.
         $content = $form->returnForm();
     }
     return $this->render('ChamiloCoreBundle:Index:userportal.html.twig', array('content' => $content));
 }
예제 #10
0
<?php

/* For licensing terms, see /license.txt */
/**
 * Search user certificates if them are publics
 * @author Angel Fernando Quiroz Campos <*****@*****.**>
 * @package chamilo.gradebook
 */
use ChamiloSession as Session;
$cidReset = true;
require_once '../inc/global.inc.php';
if (api_get_setting('allow_public_certificates') != 'true') {
    api_not_allowed(true, Display::return_message(get_lang('CertificatesNotPublic'), 'warning'));
}
$userId = isset($_GET['id']) ? intval($_GET['id']) : 0;
$userList = $userInfo = $courseList = $sessionList = [];
$searchForm = new FormValidator('search_form', 'post', null, null);
$searchForm->addText('firstname', get_lang('FirstName'));
$searchForm->addText('lastname', get_lang('LastName'));
$searchForm->addButtonSearch();
if ($searchForm->validate()) {
    $firstname = $searchForm->getSubmitValue('firstname');
    $lastname = $searchForm->getSubmitValue('lastname');
    $userList = UserManager::getUserByName($firstname, $lastname);
    if (empty($userList)) {
        Display::addFlash(Display::return_message(get_lang('NoResults'), 'warning'));
        header('Location: ' . api_get_self());
        exit;
    }
} elseif ($userId > 0) {
    $userInfo = api_get_user_info($userId);
예제 #11
0
$documentPath = $saveDir.'/'.$drawFileName;

//add new document to disk
file_put_contents( $documentPath, $contents );

if ($currentTool=='document/createdraw') {
    //add document to database
    $doc_id = add_document($_course, $relativeUrlPath.'/'.$drawFileName, 'file', filesize($documentPath), $title);
    api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);

} elseif($currentTool=='document/editdraw') {

    //check path
    if (!isset($_SESSION['draw_file'])){
        api_not_allowed();//from Chamilo
        die();
    }
    if ($_SESSION['draw_file'] == $drawFileName ){
        $document_id = DocumentManager::get_document_id($_course, $relativeUrlPath.'/'.$drawFileName);
        update_existing_document($_course, $document_id, filesize($documentPath), null);
        api_item_property_update($_course, TOOL_DOCUMENT, $document_id, 'DocumentUpdated', $_user['user_id'], $groupId, null, null, null, $current_session_id);
    } else {
        //add a new document
        $doc_id = add_document($_course, $relativeUrlPath.'/'.$drawFileName, 'file', filesize($documentPath), $title);
        api_item_property_update($_course, TOOL_DOCUMENT, $doc_id, 'DocumentAdded', $_user['user_id'], $groupId, null, null, null, $current_session_id);
    }
}

//clean sessions and add messages and return to current document list
unset($_SESSION['draw_dir']);
예제 #12
0
/**
 * Checks whether the Archive directory is present and writeable. If not,
 * prints a warning message.
 */
function api_check_archive_dir()
{
    if (is_dir(api_get_path(SYS_ARCHIVE_PATH)) && !is_writable(api_get_path(SYS_ARCHIVE_PATH))) {
        $message = Display::return_message(get_lang('ArchivesDirectoryNotWriteableContactAdmin'), 'warning');
        api_not_allowed(true, $message);
    }
}
예제 #13
0
 /**
  * @param Application $app
  * @return string
  */
 public function indexAction(Application $app)
 {
     $request = $app['request'];
     $language_file = array('admin', 'exercice', 'gradebook', 'tracking');
     // 1. Setting variables needed by jqgrid
     $action = $request->get('a');
     $page = $request->get('page');
     //page
     $limit = $request->get('rows');
     //quantity of rows
     $sidx = $request->get('sidx');
     //index (field) to filter
     $sord = $request->get('sord');
     //asc or desc
     if (strpos(strtolower($sidx), 'asc') !== false) {
         $sidx = str_replace(array('asc', ','), '', $sidx);
         $sord = 'asc';
     }
     if (strpos(strtolower($sidx), 'desc') !== false) {
         $sidx = str_replace(array('desc', ','), '', $sidx);
         $sord = 'desc';
     }
     if (!in_array($sord, array('asc', 'desc'))) {
         $sord = 'desc';
     }
     if (!in_array($action, array('get_exercise_results', 'get_hotpotatoes_exercise_results', 'get_work_user_list', 'get_timelines', 'get_user_skill_ranking', 'get_usergroups_teacher', 'get_question_list', 'get_user_list_plugin_widescale'))) {
         api_protect_admin_script(true);
     }
     if ($action == 'get_user_list_plugin_widescale') {
         $allowed = api_is_drh() || api_is_platform_admin();
         if (!$allowed) {
             api_not_allowed();
         }
     }
     // Search features.
     // If there is no search request sent by jqgrid, $where should be empty.
     $where_condition = "";
     $operation = $request->get('oper');
     $export_format = $request->get('export_format');
     $search_field = $request->get('searchField');
     $search_oper = $request->get('searchOper');
     $search_string = $request->get('searchString');
     $isSearch = $request->get('_search');
     $filters = $request->get('filters');
     $type = $request->get('type');
     $extra_fields = array();
     $questionFields = array();
     if ($isSearch == 'true') {
         $where_condition = ' 1 = 1 ';
         $where_condition_in_form = $this->getWhereClause($search_field, $search_oper, $search_string);
         if (!empty($where_condition_in_form)) {
             $where_condition .= ' AND ' . $where_condition_in_form;
         }
         $filters = isset($filters) ? json_decode($filters) : false;
         // for now
         if (!empty($filters)) {
             switch ($action) {
                 case 'get_questions':
                     $extraFieldtype = 'question';
                     break;
                 case 'get_sessions':
                     $extraFieldtype = 'session';
                     break;
             }
             // Extra field.
             $extraField = new \ExtraField($extraFieldtype);
             $result = $extraField->getExtraFieldRules($filters, 'extra_');
             $extra_fields = $result['extra_fields'];
             $condition_array = $result['condition_array'];
             if (!empty($condition_array)) {
                 $where_condition .= ' AND ( ';
                 $where_condition .= implode($filters->groupOp, $condition_array);
                 $where_condition .= ' ) ';
             }
             // Question field.
             $resultQuestion = $extraField->getExtraFieldRules($filters, 'question_');
             $questionFields = $resultQuestion['extra_fields'];
             $condition_array = $resultQuestion['condition_array'];
             if (!empty($condition_array)) {
                 $where_condition .= ' AND ( ';
                 $where_condition .= implode($filters->groupOp, $condition_array);
                 $where_condition .= ' ) ';
             }
         }
     }
     // get index row - i.e. user click to sort $sord = $_GET['sord'];
     // get the direction
     if (!$sidx) {
         $sidx = 1;
     }
     //2. Selecting the count FIRST
     //@todo rework this
     switch ($action) {
         case 'get_questions':
             $categoryId = $request->get('categoryId');
             $exerciseId = $request->get('exerciseId');
             //$courseId = null; //$request->get('courseId');
             $courseId = $request->get('courseId');
             // Question manager can view all questions
             if (api_is_question_manager()) {
                 $courseId = null;
             }
             $count = \Question::getQuestions($app, $categoryId, $exerciseId, $courseId, array('where' => $where_condition, 'extra' => $extra_fields, 'question' => $questionFields), true);
             break;
         case 'get_user_list_plugin_widescale':
             $count = \UserManager::get_user_data(null, null, null, null, true);
             break;
         case 'get_question_list':
             require_once api_get_path(SYS_CODE_PATH) . 'exercice/exercise.class.php';
             $exerciseId = $request->get('exerciseId');
             $exercise = new \Exercise(api_get_course_int_id());
             $exercise->read($exerciseId);
             $count = $exercise->selectNbrQuestions();
             break;
         case 'get_group_reporting':
             $course_id = $request->get('course_id');
             $group_id = $request->get('gidReq');
             $count = \Tracking::get_group_reporting($course_id, $group_id, 'count');
             break;
         case 'get_user_course_report_resumed':
             $count = \CourseManager::get_count_user_list_from_course_code(true, 'ruc');
             break;
         case 'get_user_course_report':
             $count = \CourseManager::get_count_user_list_from_course_code(false);
             break;
         case 'get_course_exercise_medias':
             $course_id = api_get_course_int_id();
             $count = \Question::get_count_course_medias($course_id);
             break;
         case 'get_user_skill_ranking':
             $skill = new \Skill();
             $count = $skill->get_user_list_skill_ranking_count();
             break;
         case 'get_work_user_list':
             require_once api_get_path(SYS_CODE_PATH) . 'work/work.lib.php';
             $work_id = $request->get('work_id');
             //$_REQUEST['work_id'];
             $count = get_count_work($work_id);
             break;
         case 'get_exercise_results':
             $exercise_id = $request->get('exerciseId');
             //$_REQUEST['exerciseId'];
             $filter_by_user = $request->get('filter_by_user');
             if (isset($filter_by_user) && !empty($filter_by_user)) {
                 $filter_user = intval($filter_by_user);
                 if ($where_condition == "") {
                     $where_condition .= " te.exe_user_id  = '{$filter_user}'";
                 } else {
                     $where_condition .= " AND te.exe_user_id  = '{$filter_user}'";
                 }
             }
             $count = \ExerciseLib::get_count_exam_results($exercise_id, $where_condition);
             break;
         case 'get_hotpotatoes_exercise_results':
             $hotpot_path = $request->get('path');
             //$_REQUEST['path'];
             $count = \ExerciseLib::get_count_exam_hotpotatoes_results($hotpot_path);
             break;
         case 'get_sessions':
             $list_type = $request->get('list_type');
             if ($list_type == 'simple' || empty($list_type)) {
                 $count = \SessionManager::get_sessions_admin(array('where' => $where_condition, 'extra' => $extra_fields), true);
             } else {
                 $count = \SessionManager::get_count_admin_complete(array('where' => $where_condition, 'extra' => $extra_fields));
             }
             break;
         case 'get_extra_fields':
             $obj = new \ExtraField($type);
             $count = $obj->get_count();
             break;
         case 'get_extra_field_options':
             $field_id = $request->get('field_id');
             $obj = new \ExtraFieldOption($type);
             $count = $obj->get_count_by_field_id($field_id);
             break;
         case 'get_timelines':
             $obj = new \Timeline();
             $count = $obj->get_count();
             break;
         case 'get_gradebooks':
             $obj = new \Gradebook();
             $count = $obj->get_count();
             break;
         case 'get_event_email_template':
             $obj = new \EventEmailTemplate();
             $count = $obj->get_count();
             break;
         case 'get_careers':
             $obj = new \Career();
             $count = $obj->get_count();
             break;
         case 'get_promotions':
             $obj = new \Promotion();
             $count = $obj->get_count();
             break;
         case 'get_grade_models':
             $obj = new \GradeModel();
             $count = $obj->get_count();
             break;
         case 'get_usergroups':
             $obj = new \UserGroup();
             $count = $obj->get_count();
             break;
         case 'get_usergroups_teacher':
             $obj = new \UserGroup();
             $course_id = api_get_course_int_id();
             if ($type == 'registered') {
                 $count = $obj->get_usergroup_by_course_with_data_count($course_id);
             } else {
                 $count = $obj->get_count();
             }
             break;
         default:
             exit;
     }
     //3. Calculating first, end, etc
     $total_pages = 0;
     if ((int) $count > 0) {
         if (!empty($limit)) {
             $total_pages = ceil($count / $limit);
         }
     }
     if ($page > $total_pages) {
         $page = $total_pages;
     }
     $start = $limit * $page - $limit;
     if ($start < 0) {
         $start = 0;
     }
     //4. Deleting an element if the user wants to
     if ($operation == 'del') {
         $obj->delete($request->get('id'));
     }
     $is_allowedToEdit = api_is_allowed_to_edit(null, true) || api_is_allowed_to_edit(true) || api_is_drh();
     //5. Querying the DB for the elements
     $columns = array();
     switch ($action) {
         case 'get_questions':
             $columns = \Question::getQuestionColumns(api_get_course_id(), $extra_fields, $questionFields, true);
             $columns = $columns['simple_column_name'];
             $result = \Question::getQuestions($app, $categoryId, $exerciseId, $courseId, array('where' => $where_condition, 'order' => "{$sidx} {$sord}", 'extra' => $extra_fields, 'question' => $questionFields, 'limit' => "{$start} , {$limit}"));
             //var_dump($result);
             break;
         case 'get_user_list_plugin_widescale':
             $columns = array('username', 'firstname', 'lastname', 'exam_password');
             $column_names = array(get_lang('Username'), get_lang('Firstname'), get_lang('Lastname'), get_lang('Password'));
             $result = \UserManager::get_user_data($start, $limit, $sidx, $sord);
             break;
         case 'get_question_list':
             if (isset($exercise) && !empty($exercise)) {
                 $columns = array('question', 'type', 'category', 'level', 'score', 'actions');
                 $result = $exercise->getQuestionListPagination($start, $limit, $sidx, $sord, $where_condition);
             }
             break;
         case 'get_group_reporting':
             $columns = array('name', 'time', 'progress', 'score', 'works', 'messages', 'actions');
             $result = \Tracking::get_group_reporting($course_id, $group_id, 'all', $start, $limit, $sidx, $sord, $where_condition);
             break;
         case 'get_course_exercise_medias':
             $columns = array('question');
             $result = \Question::get_course_medias($course_id, $start, $limit, $sidx, $sord, $where_condition);
             if (!empty($result)) {
                 foreach ($result as &$media) {
                     $media['id'] = $media['iid'];
                 }
             }
             break;
         case 'get_user_course_report_resumed':
             $columns = array('extra_ruc', 'training_hours', 'count_users', 'count_users_registered', 'average_hours_per_user', 'count_certificates');
             $column_names = array(get_lang('Company'), get_lang('TrainingHoursAccumulated'), get_lang('CountOfSubscriptions'), get_lang('CountOfUsers'), get_lang('AverageHoursPerStudent'), get_lang('CountCertificates'));
             $result = \CourseManager::get_user_list_from_course_code(null, null, "LIMIT {$start}, {$limit}", " {$sidx} {$sord}", null, null, true, true, 'ruc');
             $new_result = array();
             if (!empty($result)) {
                 foreach ($result as $row) {
                     $row['training_hours'] = api_time_to_hms($row['training_hours']);
                     $row['average_hours_per_user'] = api_time_to_hms($row['average_hours_per_user']);
                     $new_result[] = $row;
                 }
                 $result = $new_result;
             }
             break;
         case 'get_user_course_report':
             $columns = array('course', 'user', 'time', 'certificate', 'progress_100', 'progress');
             $column_names = array(get_lang('Course'), get_lang('User'), get_lang('ManHours'), get_lang('CertificateGenerated'), get_lang('Approved'), get_lang('CourseAdvance'));
             $extra_fields = \UserManager::get_extra_fields(0, 100, null, null, true, true);
             if (!empty($extra_fields)) {
                 foreach ($extra_fields as $extra) {
                     $columns[] = $extra['1'];
                     $column_names[] = $extra['3'];
                 }
             }
             $result = \CourseManager::get_user_list_from_course_code(null, null, "LIMIT {$start}, {$limit}", " {$sidx} {$sord}", null, null, true);
             break;
         case 'get_user_skill_ranking':
             $columns = array('photo', 'firstname', 'lastname', 'skills_acquired', 'currently_learning', 'rank');
             $result = $skill->get_user_list_skill_ranking($start, $limit, $sidx, $sord, $where_condition);
             $result = \ArrayClass::msort($result, 'skills_acquired', 'asc');
             $skills_in_course = array();
             if (!empty($result)) {
                 //$counter = 1;
                 foreach ($result as &$item) {
                     $user_info = api_get_user_info($item['user_id']);
                     $personal_course_list = \UserManager::get_personal_session_course_list($item['user_id']);
                     $count_skill_by_course = array();
                     foreach ($personal_course_list as $course_item) {
                         if (!isset($skills_in_course[$course_item['code']])) {
                             $count_skill_by_course[$course_item['code']] = $skill->get_count_skills_by_course($course_item['code']);
                             $skills_in_course[$course_item['code']] = $count_skill_by_course[$course_item['code']];
                         } else {
                             $count_skill_by_course[$course_item['code']] = $skills_in_course[$course_item['code']];
                         }
                     }
                     $item['photo'] = \Display::img($user_info['avatar_small']);
                     $item['currently_learning'] = !empty($count_skill_by_course) ? array_sum($count_skill_by_course) : 0;
                 }
             }
             break;
         case 'get_work_user_list':
             if (isset($type) && $type == 'simple') {
                 $columns = array('type', 'firstname', 'lastname', 'username', 'title', 'qualification', 'sent_date', 'qualificator_id', 'actions');
             } else {
                 $columns = array('type', 'firstname', 'lastname', 'username', 'title', 'sent_date', 'actions');
             }
             $result = get_work_user_list($start, $limit, $sidx, $sord, $work_id, $where_condition);
             break;
         case 'get_exercise_results':
             $course = api_get_course_info();
             //used inside get_exam_results_data()
             $documentPath = api_get_path(SYS_COURSE_PATH) . $course['path'] . "/document";
             if ($is_allowedToEdit) {
                 $columns = array('firstname', 'lastname', 'username', 'group_name', 'exe_duration', 'start_date', 'exe_date', 'score', 'status', 'lp', 'actions');
             } else {
                 //$columns = array('exe_duration', 'start_date', 'exe_date', 'score', 'status', 'actions');
             }
             $result = \ExerciseLib::get_exam_results_data($start, $limit, $sidx, $sord, $exercise_id, $where_condition);
             break;
         case 'get_hotpotatoes_exercise_results':
             $course = api_get_course_info();
             //used inside get_exam_results_data()
             $documentPath = api_get_path(SYS_COURSE_PATH) . $course['path'] . "/document";
             $columns = array('firstname', 'lastname', 'username', 'group_name', 'exe_date', 'score', 'actions');
             $result = ExerciseLib::get_exam_results_hotpotatoes_data($start, $limit, $sidx, $sord, $hotpot_path, $where_condition);
             //get_exam_results_data($start, $limit, $sidx, $sord, $exercise_id, $where_condition);
             break;
         case 'get_sessions':
             $session_columns = \SessionManager::get_session_columns($list_type);
             $columns = $session_columns['simple_column_name'];
             if ($list_type == 'simple') {
                 $result = SessionManager::get_sessions_admin(array('where' => $where_condition, 'order' => "{$sidx} {$sord}", 'extra' => $extra_fields, 'limit' => "{$start} , {$limit}"), false);
             } else {
                 $result = SessionManager::get_sessions_admin_complete(array('where' => $where_condition, 'order' => "{$sidx} {$sord}", 'extra' => $extra_fields, 'limit' => "{$start} , {$limit}"));
             }
             break;
         case 'get_timelines':
             $columns = array('headline', 'actions');
             //$columns = array('headline', 'type', 'start_date', 'end_date', 'text', 'media', 'media_credit', 'media_caption', 'title_slide', 'parent_id');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'headline';
             }
             $course_id = api_get_course_int_id();
             $result = Database::select('*', $obj->table, array('where' => array('parent_id = ? AND c_id = ?' => array('0', $course_id)), 'order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             foreach ($result as $item) {
                 if (!$item['status']) {
                     $item['name'] = '<font style="color:#AAA">' . $item['name'] . '</font>';
                 }
                 $item['headline'] = Display::url($item['headline'], api_get_path(WEB_CODE_PATH) . 'timeline/view.php?id=' . $item['id']);
                 $item['actions'] = Display::url(Display::return_icon('add.png', get_lang('AddItems')), api_get_path(WEB_CODE_PATH) . 'timeline/?action=add_item&parent_id=' . $item['id']);
                 $item['actions'] .= Display::url(Display::return_icon('edit.png', get_lang('Edit')), api_get_path(WEB_CODE_PATH) . 'timeline/?action=edit&id=' . $item['id']);
                 $item['actions'] .= Display::url(Display::return_icon('delete.png', get_lang('Delete')), api_get_path(WEB_CODE_PATH) . 'timeline/?action=delete&id=' . $item['id']);
                 $new_result[] = $item;
             }
             $result = $new_result;
             break;
         case 'get_gradebooks':
             $columns = array('name', 'certificates', 'skills', 'actions', 'has_certificates');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'name';
             }
             $result = Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             foreach ($result as $item) {
                 if ($item['parent_id'] != 0) {
                     continue;
                 }
                 $skills = $obj->get_skills_by_gradebook($item['id']);
                 //Fixes bug when gradebook doesn't have names
                 if (empty($item['name'])) {
                     $item['name'] = $item['course_code'];
                 } else {
                     //$item['name'] =  $item['name'].' ['.$item['course_code'].']';
                 }
                 $item['name'] = Display::url($item['name'], api_get_path(WEB_CODE_PATH) . 'gradebook/index.php?id_session=0&cidReq=' . $item['course_code']);
                 if (!empty($item['certif_min_score']) && !empty($item['document_id'])) {
                     $item['certificates'] = Display::return_icon('accept.png', get_lang('WithCertificate'), array(), ICON_SIZE_SMALL);
                     $item['has_certificates'] = '1';
                 } else {
                     $item['certificates'] = Display::return_icon('warning.png', get_lang('NoCertificate'), array(), ICON_SIZE_SMALL);
                     $item['has_certificates'] = '0';
                 }
                 if (!empty($skills)) {
                     foreach ($skills as $skill) {
                         $item['skills'] .= Display::span($skill['name'], array('class' => 'label_tag skill'));
                     }
                 }
                 $new_result[] = $item;
             }
             $result = $new_result;
             break;
         case 'get_event_email_template':
             $columns = array('subject', 'event_type_name', 'language_id', 'activated', 'actions');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'subject';
             }
             $result = Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             foreach ($result as $item) {
                 $language_info = api_get_language_info($item['language_id']);
                 $item['language_id'] = $language_info['english_name'];
                 $item['actions'] = Display::url(Display::return_icon('edit.png', get_lang('Edit')), api_get_path(WEB_CODE_PATH) . 'admin/event_type.php?action=edit&event_type_name=' . $item['event_type_name']);
                 $item['actions'] .= Display::url(Display::return_icon('delete.png', get_lang('Delete')), api_get_path(WEB_CODE_PATH) . 'admin/event_controller.php?action=delete&id=' . $item['id']);
                 /*if (!$item['status']) {
                       $item['name'] = '<font style="color:#AAA">'.$item['subject'].'</font>';
                   }*/
                 $new_result[] = $item;
             }
             $result = $new_result;
             break;
         case 'get_careers':
             $columns = array('name', 'description', 'actions');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'name';
             }
             $result = Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             foreach ($result as $item) {
                 if (!$item['status']) {
                     $item['name'] = '<font style="color:#AAA">' . $item['name'] . '</font>';
                 }
                 $new_result[] = $item;
             }
             $result = $new_result;
             break;
         case 'get_promotions':
             $columns = array('name', 'career', 'description', 'actions');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'name';
             }
             $result = Database::select('p.id,p.name, p.description, c.name as career, p.status', "{$obj->table} p LEFT JOIN " . Database::get_main_table(TABLE_CAREER) . " c  ON c.id = p.career_id ", array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             foreach ($result as $item) {
                 if (!$item['status']) {
                     $item['name'] = '<font style="color:#AAA">' . $item['name'] . '</font>';
                 }
                 $new_result[] = $item;
             }
             $result = $new_result;
             break;
         case 'get_grade_models':
             $columns = array('name', 'description', 'actions');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'name';
             }
             $result = Database::select('*', "{$obj->table} ", array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             foreach ($result as $item) {
                 $new_result[] = $item;
             }
             $result = $new_result;
             break;
         case 'get_usergroups':
             $columns = array('name', 'users', 'courses', 'sessions', 'group_type', 'actions');
             $result = Database::select('*', $obj->table, array('order' => "name {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             if (!empty($result)) {
                 foreach ($result as $group) {
                     $group['sessions'] = count($obj->get_sessions_by_usergroup($group['id']));
                     $group['courses'] = count($obj->get_courses_by_usergroup($group['id']));
                     $group['users'] = count($obj->get_users_by_usergroup($group['id']));
                     switch ($group['group_type']) {
                         case '0':
                             $group['group_type'] = Display::label(get_lang('Class'), 'info');
                             break;
                         case '1':
                             $group['group_type'] = Display::label(get_lang('Social'), 'success');
                             break;
                     }
                     $new_result[] = $group;
                 }
                 $result = $new_result;
             }
             $columns = array('name', 'users', 'courses', 'sessions', 'group_type');
             if (!in_array($sidx, $columns)) {
                 $sidx = 'name';
             }
             //Multidimensional sort
             ArrayClass::msort($result, $sidx);
             break;
         case 'get_extra_fields':
             $obj = new \ExtraField($type);
             $columns = array('field_display_text', 'field_variable', 'field_type', 'field_changeable', 'field_visible', 'field_filter', 'field_order');
             $result = \Database::select('*', $obj->table, array('order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             $new_result = array();
             if (!empty($result)) {
                 foreach ($result as $item) {
                     $item['field_type'] = $obj->get_field_type_by_id($item['field_type']);
                     $item['field_changeable'] = $item['field_changeable'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
                     $item['field_visible'] = $item['field_visible'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
                     $item['field_filter'] = $item['field_filter'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
                     $new_result[] = $item;
                 }
                 $result = $new_result;
             }
             break;
         case 'get_extra_field_options':
             $obj = new \ExtraFieldOption($type);
             $columns = array('option_display_text', 'option_value', 'option_order');
             $result = \Database::select('*', $obj->table, array('where' => array("field_id = ? " => $field_id), 'order' => "{$sidx} {$sord}", 'LIMIT' => "{$start} , {$limit}"));
             /*$new_result = array();
               if (!empty($result)) {
                   foreach ($result as $item) {
                       $item['field_type']         = $obj->get_field_type_by_id($item['field_type']);
                       $item['field_changeable']   = $item['field_changeable'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
                       $item['field_visible']      = $item['field_visible'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
                       $item['field_filter']       = $item['field_filter'] ? Display::return_icon('right.gif') : Display::return_icon('wrong.gif');
                       $new_result[]        = $item;
                   }
                   $result = $new_result;
               }*/
             break;
         case 'get_usergroups_teacher':
             $columns = array('name', 'users', 'actions');
             $options = array('order' => "name {$sord}", 'LIMIT' => "{$start} , {$limit}");
             $options['course_id'] = $course_id;
             switch ($type) {
                 case 'not_registered':
                     $options['where'] = array(" (course_id IS NULL OR course_id != ?) " => $course_id);
                     $result = $obj->get_usergroup_not_in_course($options);
                     break;
                 case 'registered':
                     $options['where'] = array(" usergroup.course_id = ? " => $course_id);
                     $result = $obj->get_usergroup_in_course($options);
                     break;
             }
             $new_result = array();
             if (!empty($result)) {
                 foreach ($result as $group) {
                     $group['users'] = count($obj->get_users_by_usergroup($group['id']));
                     if ($obj->usergroup_was_added_in_course($group['id'], $course_id)) {
                         $url = 'class.php?action=remove_class_from_course&id=' . $group['id'];
                         $icon = Display::return_icon('delete.png', get_lang('Remove'));
                     } else {
                         $url = 'class.php?action=add_class_to_course&id=' . $group['id'];
                         $icon = Display::return_icon('add.png', get_lang('Add'));
                     }
                     $group['actions'] = Display::url($icon, $url);
                     $new_result[] = $group;
                 }
                 $result = $new_result;
             }
             if (!in_array($sidx, $columns)) {
                 $sidx = 'name';
             }
             //Multidimensional sort
             \ArrayClass::msort($result, $sidx);
             break;
         default:
             exit;
     }
     $allowed_actions = array('get_careers', 'get_promotions', 'get_usergroups', 'get_usergroups_teacher', 'get_gradebooks', 'get_sessions', 'get_exercise_results', 'get_hotpotatoes_exercise_results', 'get_work_user_list', 'get_timelines', 'get_grade_models', 'get_event_email_template', 'get_user_skill_ranking', 'get_extra_fields', 'get_extra_field_options', 'get_course_exercise_medias', 'get_user_course_report', 'get_user_course_report_resumed', 'get_group_reporting', 'get_question_list', 'get_user_list_plugin_widescale', 'get_questions');
     //5. Creating an obj to return a json
     if (in_array($action, $allowed_actions)) {
         $response = new \stdClass();
         $response->page = $page;
         $response->total = $total_pages;
         $response->records = $count;
         if ($operation && $operation == 'excel') {
             $j = 1;
             $array = array();
             if (empty($column_names)) {
                 $column_names = $columns;
             }
             //Headers
             foreach ($column_names as $col) {
                 $array[0][] = $col;
             }
             foreach ($result as $row) {
                 foreach ($columns as $col) {
                     $array[$j][] = strip_tags($row[$col]);
                 }
                 $j++;
             }
             switch ($export_format) {
                 case 'xls':
                     Export::export_table_xls($array, 'company_report');
                     break;
                 case 'csv':
                 default:
                     Export::export_table_csv($array, 'company_report');
                     break;
             }
             exit;
         }
         $i = 0;
         if (!empty($result)) {
             foreach ($result as $row) {
                 //print_r($row);
                 // if results tab give not id, set id to $i otherwise id="null" for all <tr> of the jqgrid - ref #4235
                 if (!isset($row['id']) || isset($row['id']) && $row['id'] == "") {
                     $response->rows[$i]['id'] = $i;
                 } else {
                     $response->rows[$i]['id'] = $row['id'];
                 }
                 $array = array();
                 foreach ($columns as $col) {
                     $array[] = isset($row[$col]) ? $row[$col] : null;
                 }
                 $response->rows[$i]['cell'] = $array;
                 $i++;
             }
         }
         return json_encode($response);
     }
 }
예제 #14
0
/**
 * @param int $userId
 * @param int $workId
 * @param int $courseId
 * @return bool
 */
function allowOnlySubscribedUser($userId, $workId, $courseId)
{
    if (ADD_DOCUMENT_TO_WORK == false) {
        return true;
    }
    if (api_is_platform_admin() || api_is_allowed_to_edit()) {
        return true;
    }
    if (userIsSubscribedToWork($userId, $workId, $courseId) == false) {
        api_not_allowed(true);
    }
}
예제 #15
0
 /**
  * Block students
  */
 public static function block_students()
 {
     if (!api_is_allowed_to_edit()) {
         api_not_allowed();
     }
 }
예제 #16
0
 /**
  * 
  * @return boolean 
  */
 public function forbidden()
 {
     api_not_allowed();
     return false;
 }
예제 #17
0
/**
 * Limit the access to Session Admins wheen the limit_session_admin_role
 * configuration variable is set to true
 */
function api_protect_limit_for_session_admin()
{
    $limitAdmin = api_get_setting('session.limit_session_admin_role');
    if (api_is_session_admin() && $limitAdmin === 'true') {
        api_not_allowed(true);
    }
}
예제 #18
0
 /**
  * Kind of controller
  * @param string $action
  */
 public function handleAction($action)
 {
     $page = $this->page;
     switch ($action) {
         case 'export_to_pdf':
             if (isset($_GET['wiki_id'])) {
                 self::export_to_pdf($_GET['wiki_id'], api_get_course_id());
                 exit;
             }
             break;
         case 'export2doc':
             if (isset($_GET['wiki_id'])) {
                 $export2doc = self::export2doc($_GET['wiki_id']);
                 if ($export2doc) {
                     self::setMessage(Display::display_confirmation_message(get_lang('ThePageHasBeenExportedToDocArea'), false, true));
                 }
             }
             break;
         case 'restorepage':
             self::restorePage();
             break;
         case 'more':
             self::getStatsTable();
             break;
         case 'statistics':
             self::getStats();
             break;
         case 'mactiveusers':
             self::getActiveUsers($action);
             break;
         case 'usercontrib':
             self::getUserContributions($_GET['user_id'], $action);
             break;
         case 'mostchanged':
             $this->getMostChangedPages($action);
             break;
         case 'mvisited':
             self::getMostVisited();
             break;
         case 'wanted':
             $this->getWantedPages();
             break;
         case 'orphaned':
             self::getOrphaned();
             break;
         case 'mostlinked':
             self::getMostLinked();
             break;
         case 'delete':
             self::deletePageWarning($page);
             break;
         case 'deletewiki':
             $title = '<div class="actions">' . get_lang('DeleteWiki') . '</div>';
             if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) {
                 $message = get_lang('ConfirmDeleteWiki');
                 $message .= '<p>
                     <a href="index.php?' . api_get_cidreq() . '">' . get_lang('No') . '</a>
                     &nbsp;&nbsp;|&nbsp;&nbsp;
                     <a href="' . api_get_self() . '?' . api_get_cidreq() . '&action=deletewiki&delete=yes">' . get_lang('Yes') . '</a>
                 </p>';
                 if (!isset($_GET['delete'])) {
                     self::setMessage($title . Display::display_warning_message($message, false, true));
                 }
             } else {
                 self::setMessage(Display::display_normal_message(get_lang("OnlyAdminDeleteWiki"), false, true));
             }
             if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) {
                 if (isset($_GET['delete']) && $_GET['delete'] == 'yes') {
                     $return_message = self::delete_wiki();
                     self::setMessage(Display::display_confirmation_message($return_message, false, true));
                     $this->redirectHome();
                 }
             }
             break;
         case 'searchpages':
             self::getSearchPages($action);
             break;
         case 'links':
             self::getLinks($page);
             break;
         case 'addnew':
             if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false, true) == false) {
                 api_not_allowed();
             }
             echo '<div class="actions">' . get_lang('AddNew') . '</div>';
             echo '<br/>';
             //first, check if page index was created. chektitle=false
             if (self::checktitle('index')) {
                 if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) {
                     self::setMessage(Display::display_normal_message(get_lang('GoAndEditMainPage'), false, true));
                 } else {
                     self::setMessage(Display::display_normal_message(get_lang('WikiStandBy'), false, true));
                 }
             } elseif (self::check_addnewpagelock() == 0 && (api_is_allowed_to_edit(false, true) == false || api_is_platform_admin() == false)) {
                 self::setMessage(Display::display_error_message(get_lang('AddPagesLocked'), false, true));
             } else {
                 if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id()) || $_GET['group_id'] == 0) {
                     self::display_new_wiki_form();
                 } else {
                     self::setMessage(Display::display_normal_message(get_lang('OnlyAddPagesGroupMembers'), false, true));
                 }
             }
             break;
         case 'show':
             self::display_wiki_entry($page);
             break;
         case 'showpage':
             self::display_wiki_entry($page);
             break;
         case 'edit':
             self::editPage();
             break;
         case 'history':
             self::getHistory();
             break;
         case 'recentchanges':
             self::recentChanges($page, $action);
             break;
         case 'allpages':
             self::allPages($action);
             break;
         case 'discuss':
             self::getDiscuss($page);
             break;
         case 'export_to_doc_file':
             self::exportTo($_GET['id'], 'odt');
             exit;
             break;
     }
 }
<?php

/* For licensing terms, see /license.txt */
//require_once '../inc/global.inc.php';
if (api_get_setting('platform_unsubscribe_allowed') != 'true') {
    api_not_allowed();
}
$tool_name = get_lang('Unsubscribe');
$message = Display::return_message(get_lang('UnsubscribeFromPlatform'), 'warning');
$form = new FormValidator('user_add');
$form->addElement('button', 'submit', get_lang('Unsubscribe'), array('onclick' => "javascript:if(!confirm('" . addslashes(api_htmlentities(get_lang("UnsubscribeFromPlatformConfirm"))) . "')) return false;"));
$content = $form->returnForm();
if ($form->validate()) {
    $user_info = api_get_user_info();
    $result = UserManager::delete_user($user_info['user_id']);
    if ($result) {
        $message = Display::return_message(sprintf(get_lang('UnsubscribeFromPlatformSuccess', $user_info['username'])));
        $content = null;
        online_logout($user_info['user_id'], false);
        api_not_allowed(true, $message);
    }
}
//$tpl = new Template($tool_name);
echo $actions;
echo $message;
echo $content;
예제 #20
0
$this_section = SECTION_COURSES;
$nameTools = get_lang('GroupSpace');
$interbreadcrumb[] = array('url' => 'group.php', 'name' => get_lang('Groups'));
/*	Ensure all private groups // Juan Carlos Raña Trabado */
$forums_of_groups = get_forums_of_group($current_group['id']);
$forum_state_public = 0;
if (is_array($forums_of_groups)) {
    foreach ($forums_of_groups as $key => $value) {
        if ($value['forum_group_public_private'] == 'public') {
            $forum_state_public = 1;
        }
    }
}
if ($current_group['doc_state'] != 1 && $current_group['calendar_state'] != 1 && $current_group['work_state'] != 1 && $current_group['announcements_state'] != 1 && $current_group['wiki_state'] != 1 && $current_group['chat_state'] != 1 && $forum_state_public != 1) {
    if (!api_is_allowed_to_edit(null, true) && !GroupManager::is_user_in_group($user_id, $group_id)) {
        api_not_allowed($print_headers);
    }
}
/*
 * Register to group
 */
$subscribe_group = '';
if (GroupManager::is_self_registration_allowed($user_id, $current_group['id'])) {
    $subscribe_group = '<a class="btn" href="' . api_get_self() . '?selfReg=1&amp;group_id=' . $current_group['id'] . '" onclick="javascript: if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES)) . "'" . ')) return false;">' . get_lang("RegIntoGroup") . '</a>';
}
/*
 * Unregister from group
 */
$unsubscribe_group = '';
if (GroupManager::is_self_unregistration_allowed($user_id, $current_group['id'])) {
    $unsubscribe_group = '<a class="btn" href="' . api_get_self() . '?selfUnReg=1" onclick="javascript: if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES)) . "'" . ')) return false;">' . get_lang("StudentUnsubscribe") . '</a>';
예제 #21
0
$track_exercise_info = ExerciseLib::get_exercise_track_exercise_info($id);
//No track info
if (empty($track_exercise_info)) {
    api_not_allowed($show_headers);
}
$exercise_id = $track_exercise_info['exe_exo_id'];
$student_id = $track_exercise_info['exe_user_id'];
$current_user_id = api_get_user_id();
$objExercise = new Exercise();
if (!empty($exercise_id)) {
    $objExercise->read($exercise_id);
}
// Only users can see their own results
if (!$is_allowedToEdit) {
    if ($student_id != $current_user_id) {
        api_not_allowed($show_headers);
    }
}
$htmlHeadXtra[] = '<link rel="stylesheet" href="' . api_get_path(WEB_LIBRARY_JS_PATH) . 'hotspot/css/hotspot.css">';
$htmlHeadXtra[] = '<script src="' . api_get_path(WEB_LIBRARY_JS_PATH) . 'hotspot/js/hotspot.js"></script>';
if ($show_headers) {
    $interbreadcrumb[] = array("url" => "exercise.php?" . api_get_cidreq(), "name" => get_lang('Exercises'));
    $interbreadcrumb[] = array("url" => "#", "name" => get_lang('Result'));
    $this_section = SECTION_COURSES;
    Display::display_header();
} else {
    $htmlHeadXtra[] = "\n    <style>\n    body { background: none;}\n    </style>\n    ";
    Display::display_reduced_header();
}
ExerciseLib::display_question_list_by_attempt($objExercise, $id, false);
if ($show_headers) {
예제 #22
0
/**
 * Get the file contents for an assigment
 * @param int $id
 * @param array $course_info
 * @param int Session ID
 * @return array|bool
 */
function getFileContents($id, $course_info, $sessionId = 0)
{
    $id = intval($id);
    if (empty($course_info) || empty($id)) {
        return false;
    }
    if (empty($sessionId)) {
        $sessionId = api_get_session_id();
    }

    $tbl_student_publication = Database::get_course_table(TABLE_STUDENT_PUBLICATION);

    if (!empty($course_info['real_id'])) {
        $sql = 'SELECT * FROM '.$tbl_student_publication.'
                WHERE c_id = '.$course_info['real_id'].' AND id = "'.$id.'"';
        $result = Database::query($sql);
        if ($result && Database::num_rows($result)) {
            $row = Database::fetch_array($result, 'ASSOC');
            $full_file_name = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/'.$row['url'];

            $item_info = api_get_item_property_info(api_get_course_int_id(), 'work', $row['id'], $sessionId);
            allowOnlySubscribedUser(api_get_user_id(), $row['parent_id'], $course_info['real_id']);

            if (empty($item_info)) {
                api_not_allowed();
            }

            /*
            field show_score in table course :
                0 =>    New documents are visible for all users
                1 =>    New documents are only visible for the teacher(s)
            field visibility in table item_property :
                0 => eye closed, invisible for all students
                1 => eye open
            field accepted in table c_student_publication :
                0 => eye closed, invisible for all students
                1 => eye open
            ( We should have visibility == accepted, otherwise there is an
            inconsistency in the Database)
            field value in table c_course_setting :
                0 => Allow learners to delete their own publications = NO
                1 => Allow learners to delete their own publications = YES

            +------------------+-------------------------+------------------------+
            |Can download work?| doc visible for all = 0 | doc visible for all = 1|
            +------------------+-------------------------+------------------------+
            |  visibility = 0  | editor only             | editor only            |
            |                  |                         |                        |
            +------------------+-------------------------+------------------------+
            |  visibility = 1  | editor                  | editor                 |
            |                  | + owner of the work     | + any student          |
            +------------------+-------------------------+------------------------+
            (editor = teacher + admin + anybody with right api_is_allowed_to_edit)
            */

            $work_is_visible = ($item_info['visibility'] == 1 && $row['accepted'] == 1);
            $doc_visible_for_all = ($course_info['show_score'] == 1);

            $is_editor = api_is_allowed_to_edit(true, true, true);
            $student_is_owner_of_work = user_is_author($row['id'], $row['user_id']);

            if ($is_editor ||
                ($student_is_owner_of_work) ||
                ($doc_visible_for_all && $work_is_visible)
            ) {
                $title = $row['title'];
                if (array_key_exists('filename', $row) && !empty($row['filename'])) {
                    $title = $row['filename'];
                }
                $title = str_replace(' ', '_', $title);
                event_download($title);
                if (Security::check_abs_path(
                    $full_file_name,
                    api_get_path(SYS_COURSE_PATH).api_get_course_path().'/')
                ) {
                    return array(
                        'path' => $full_file_name,
                        'title' => $title
                    );
                }
            }
        }
    }

    return false;
}
 * @package chamilo.document
 *
 * @author Juan Carlos Raña Trabado
 * @since 5/mar/2011
 */
/**
 * Code
 */
require_once '../../../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';

api_protect_course_script();
api_block_anonymous_users();

if (!isset($_GET['filename']) || !isset($_GET['file_field'])) {
    api_not_allowed(false);
    exit;
}

$courseInfo = api_get_course_info();

$fileUpload = null;
if (is_uploaded_file($_FILES[$_GET['file_field']]['tmp_name'])) {
    $fileUpload = $_FILES[$_GET['file_field']];
} else {
    exit;
}

$output = false;
$documentData = DocumentManager::upload_document($_FILES, $_GET['path'], null, null, 0, 'overwrite', false, $output);
예제 #24
0
<?php

//require_once '../inc/global.inc.php';
if (isset($_REQUEST['uInfo'])) {
    $url = api_get_path(WEB_CODE_PATH) . "social/profile.php?u=" . intval($_REQUEST['uInfo']);
    header("Location: {$url}");
    exit;
}
api_not_allowed('true');
예제 #25
0
 /**
  * Displays the form to create a new post
  * @author Toon Keppens
  *
  * @param Integer $blog_id
  */
 public static function display_form_new_post($blog_id)
 {
     if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
         $form = new FormValidator('add_post', 'post', api_get_path(WEB_CODE_PATH) . "blog/blog.php?action=new_post&blog_id=" . $blog_id . "&" . api_get_cidreq(), null, array('enctype' => 'multipart/form-data'));
         $form->addHidden('post_title_edited', 'false');
         $form->addHeader(get_lang('NewPost'));
         $form->addText('title', get_lang('Title'));
         $config = array();
         if (!api_is_allowed_to_edit()) {
             $config['ToolbarSet'] = 'ProjectStudent';
         } else {
             $config['ToolbarSet'] = 'Project';
         }
         $form->addHtmlEditor('full_text', get_lang('Content'), false, false, $config);
         $form->addFile('user_upload', get_lang('AddAnAttachment'));
         $form->addTextarea('post_file_comment', get_lang('FileComment'));
         $form->addHidden('new_post_submit', 'true');
         $form->addButton('save', get_lang('Save'));
         $form->display();
     } else {
         api_not_allowed();
     }
 }
예제 #26
0
    /**
     * Displays the form to create a new post
     * @author Toon Keppens
     *
     * @param Integer $blog_id
     */
    public static function display_form_new_post($blog_id)
    {
        if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
            echo '<script type="text/javascript">
					function FCKeditor_OnComplete( editorInstance )
					{
					  editorInstance.Events.AttachEvent( \'OnSelectionChange\', check_for_title ) ;
					}

					function check_for_title()
					{
						// This functions shows that you can interact directly with the editor area
						// DOM. In this way you have the freedom to do anything you want with it.

						// Get the editor instance that we want to interact with.
						var oEditor = FCKeditorAPI.GetInstance(\'post_full_text\') ;

						// Get the Editor Area DOM (Document object).
						var oDOM = oEditor.EditorDocument ;

						var iLength ;
						var contentText ;
						var contentTextArray;
						var bestandsnaamNieuw = "";
						var bestandsnaamOud = "";

						// The are two diffent ways to get the text (without HTML markups).
						// It is browser specific.

						if( document.all )		// If Internet Explorer.
						{
							contentText = oDOM.body.innerText ;
						}
						else					// If Gecko.
						{
							var r = oDOM.createRange() ;
							r.selectNodeContents( oDOM.body ) ;
							contentText = r.toString() ;
						}

						// Compose title if there is none
						contentTextArray = contentText.split(\' \') ;
						var x=0;
						for(x=0; (x<5 && x<contentTextArray.length); x++)
						{
							if(x < 4)
							{
								bestandsnaamNieuw += contentTextArray[x] + \' \';
							}
							else
							{
								bestandsnaamNieuw += contentTextArray[x] + \'...\';
							}
						}

						if(document.getElementById(\'post_title_edited\').value == "false")
						{
							document.getElementById(\'post_title\').value = bestandsnaamNieuw;
						}
					}

					function trim(s) {
					 while(s.substring(0,1) == \' \') {
					  s = s.substring(1,s.length);
					 }
					 while(s.substring(s.length-1,s.length) == \' \') {
					  s = s.substring(0,s.length-1);
					 }
					 return s;
					}

					function check_if_still_empty()
					{
						if(trim(document.getElementById(\'post_title\').value) != "")
						{
							document.getElementById(\'post_title_edited\').value = "true";
						}
					}

			</script>';
            echo '<form name="add_post" enctype="multipart/form-data"  method="post" action="blog.php?action=new_post&blog_id=' . $blog_id . '">';
            echo '<input type="hidden" name="post_title_edited" id="post_title_edited" value="false" />';
            // form title
            echo '<legend>' . get_lang('NewPost') . '</legend>';
            // article title
            echo '<div><span class="form_required">*</span>' . get_lang('Title') . ': <input name="post_title" id="post_title" type="text" size="60" onblur="check_if_still_empty()" /></div><br />';
            // article text
            $oFCKeditor = new FCKeditor('post_full_text');
            $oFCKeditor->Width = '100%';
            $oFCKeditor->Height = '200';
            if (!api_is_allowed_to_edit()) {
                $oFCKeditor->ToolbarSet = 'ProjectStudent';
            } else {
                $oFCKeditor->ToolbarSet = 'Project';
            }
            $oFCKeditor->Value = isset($_POST['post_full_text']) ? stripslashes($_POST['post_full_text']) : '';
            echo '<div class="control-group">';
            $oFCKeditor->Create();
            echo '</div>';
            // attachment
            echo '<div class="control-group">
						<label class="control-label">
							' . get_lang('AddAnAttachment') . '
						</label>
						<div class="controls">
							<input type="file" name="user_upload"/>
						</div>
					</div>';
            // comment
            echo '<div class="control-group">
						<label class="control-label">
							' . get_lang('FileComment') . '
						</label>
						<div class="controls">
							<textarea name="post_file_comment" cols="34" /></textarea>
						</div>
					</div>';
            // submit
            echo '<div class="control-group">						
						<div class="controls">
								 <input type="hidden" name="action" value="" />
								 <input type="hidden" name="new_post_submit" value="true" />
								 <button class="save" type="submit" name="Submit">' . get_lang('Save') . '</button>
						</div>
					</div>';
            echo '</form>';
        } else {
            api_not_allowed();
        }
    }
예제 #27
0
 /**
  * @param string $query
  *
  * @return Statement
  *
  * @throws \Doctrine\DBAL\DBALException
  */
 public static function query($query)
 {
     $connection = self::getManager()->getConnection();
     if (api_get_setting('server_type') == 'test') {
         $result = $connection->executeQuery($query);
     } else {
         try {
             $result = $connection->executeQuery($query);
         } catch (Exception $e) {
             error_log($e->getMessage());
             api_not_allowed(false, get_lang('GeneralError'));
             exit;
         }
     }
     return $result;
 }
예제 #28
0
 /**
  * @param $id
  * @return bool
  */
 public static function protect_teacher_session_edit($id)
 {
     if (!api_is_coach($id) && !api_is_platform_admin()) {
         api_not_allowed(true);
     } else {
         return true;
     }
 }
예제 #29
0
     header('Location: ' . api_get_path(WEB_CODE_PATH) . 'social/profile.php');
     exit;
 } else {
     if (isset($_GET['u'])) {
         //I'm your friend? I can see your profile?
         $user_id = intval($_GET['u']);
         if (api_is_anonymous($user_id, true)) {
             api_not_allowed(true);
         }
         // It's me!
         if (api_get_user_id() != $user_id) {
             $user_info = api_get_user_info($user_id);
             $show_full_profile = false;
             if (!$user_info) {
                 // user does no exist !!
                 api_not_allowed(true);
             } else {
                 //checking the relationship between me and my friend
                 $my_status = SocialManager::get_relation_between_contacts(api_get_user_id(), $user_id);
                 if (in_array($my_status, array(USER_RELATION_TYPE_PARENT, USER_RELATION_TYPE_FRIEND, USER_RELATION_TYPE_GOODFRIEND))) {
                     $show_full_profile = true;
                 }
                 //checking the relationship between my friend and me
                 $my_friend_status = SocialManager::get_relation_between_contacts($user_id, api_get_user_id());
                 if (in_array($my_friend_status, array(USER_RELATION_TYPE_PARENT, USER_RELATION_TYPE_FRIEND, USER_RELATION_TYPE_GOODFRIEND))) {
                     $show_full_profile = true;
                 } else {
                     // im probably not a good friend
                     $show_full_profile = false;
                 }
             }
예제 #30
0
 /**
  * Displays the form to create a new post
  * @author Toon Keppens
  *
  * @param Integer $blog_id
  */
 public static function display_form_new_post($blog_id)
 {
     if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
         $url = api_get_path(WEB_PUBLIC_PATH) . 'main/blog/blog.php?action=new_post&blog_id=' . $blog_id;
         $form = new FormValidator('add_post', 'post', $url, null, array('enctype' => 'multipart/form-data'));
         $form->addElement('header', get_lang('NewPost'));
         $form->addElement('hidden', 'post_title_edited', 'false');
         $form->addElement('hidden', 'new_post_submit', 'true');
         self::setForm($form);
         $form->display();
     } else {
         api_not_allowed();
     }
 }