$depqryadd = ''; $dep = isset($_POST['department']) ? intval($_POST['department']) : 0; if ($dep || isDepartmentAdmin()) { $depqryadd = ', user_department'; $subs = array(); if ($dep) { $subs = $tree->buildSubtrees(array($dep)); } else { if (isDepartmentAdmin()) { $subs = $user->getDepartmentIds($uid); } } $count = 0; foreach ($subs as $key => $id) { $terms[] = $id; validateNode($id, isDepartmentAdmin()); $count++; } $pref = $c ? 'a' : 'user'; $criteria[] = $pref . '.user.id = user_department.user'; $criteria[] = 'department IN (' . array_fill(0, $count, '?s') . ')'; } $qry_criteria = count($criteria) ? implode(' AND ', $criteria) : ''; // end filter/criteria if (!empty($c)) { $qry_base = " FROM user AS a LEFT JOIN course_user AS b ON a.id = b.user_id {$depqryadd} WHERE b.course_id = ?d "; array_unshift($terms, $c); if ($qry_criteria) { $qry_base .= ' AND ' . $qry_criteria; } $qry = "SELECT DISTINCT a.username " . $qry_base . " ORDER BY a.username ASC";
$reqtype = ''; $linkreg = $langProfReg; $linkget = ''; } $navigation[] = array('url' => 'index.php', 'name' => $langAdmin); // Main body $close = isset($_GET['close']) ? $_GET['close'] : (isset($_POST['close']) ? $_POST['close'] : ''); $id = isset($_GET['id']) ? intval($_GET['id']) : (isset($_POST['id']) ? intval($_POST['id']) : ''); $show = isset($_GET['show']) ? $_GET['show'] : (isset($_POST['show']) ? $_POST['show'] : ''); // id validation if ($id > 0) { $req = Database::get()->querySingle("SELECT faculty_id FROM user_request WHERE id = ?d", $id); if ($req->faculty_id > 0) { validateNode($req->faculty_id, isDepartmentAdmin()); } } // department admin additional query where clause $depqryadd = ''; if (isDepartmentAdmin()) { $deps = $user->getDepartmentIds($uid); $depqryadd = ' AND faculty_id IN (' . implode(', ', $deps) . ')'; } // Deal with navigation switch ($show) { case "closed": $toolName = $langReqHaveClosed; $pagination_link = '&show=closed';
$tool_content .= action_bar(array(array('title' => $langBackAdmin, 'url' => "index.php", 'icon' => 'fa-reply', 'level' => 'primary-label'))); } // Update course basic information if (isset($_POST['submit'])) { $departments = isset($_POST['department']) ? $_POST['department'] : array(); // if depadmin then diff new/old deps and if new or deleted deps are out of juristinction, then error if (isDepartmentAdmin()) { $olddeps = $course->getDepartmentIds($cId); foreach ($departments as $depId) { if (!in_array($depId, $olddeps)) { validateNode(intval($depId), true); } } foreach ($olddeps as $depId) { if (!in_array($depId, $departments)) { validateNode($depId, true); } } } // Update query Database::get()->query("UPDATE course SET title = ?s,\n prof_names = ?s\n WHERE code = ?s", $_POST['title'], $_POST['titulary'], $_GET['c']); $course->refresh($cId, $departments); $tool_content .= "<div class='alert alert-success'>{$langModifDone}</div>"; } else { $row = Database::get()->querySingle("SELECT course.code AS code, course.title AS title, course.prof_names AS prof_name, course.id AS id\n FROM course\n WHERE course.code = ?s", $_GET['c']); $tool_content .= "<div class='form-wrapper'>\n\t<form role='form' class='form-horizontal' action='" . $_SERVER['SCRIPT_NAME'] . "?c=" . q($_GET['c']) . "' method='post' onsubmit='return validateNodePickerForm();'>\n\t<fieldset>\n <div class='form-group'>\n\t <label for='Faculty' class='col-sm-2 control-label'>{$langFaculty}:</label>\n <div class='col-sm-10'>"; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $course->getDepartmentIds($row->id), 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $course->getDepartmentIds($row->id))); }
$unparsed_lines = ''; $new_users_info = array(); $newstatus = $_POST['type'] == 'prof' ? 1 : 5; $departments = isset($_POST['facid']) ? $_POST['facid'] : array(); $am = $_POST['am']; $fields = preg_split('/[ \\t,]+/', $_POST['fields'], -1, PREG_SPLIT_NO_EMPTY); foreach ($fields as $field) { if (!in_array($field, $acceptable_fields)) { $tool_content = "<div class='alert alert-danger'>{$langMultiRegFieldError} <b>" . q($field) . "</b></div>"; draw($tool_content, 3, 'admin'); exit; } } // validation for departments foreach ($departments as $dep) { validateNode($dep, isDepartmentAdmin()); } $numfields = count($fields); $line = strtok($_POST['user_info'], "\n"); while ($line !== false) { $line = preg_replace('/#.*/', '', trim($line)); if (!empty($line)) { $userl = preg_split('/[ \\t]+/', $line); if (count($userl) >= $numfields) { $info = array(); foreach ($fields as $field) { $info[$field] = array_shift($userl); } if (!isset($info['email']) or !email_seems_valid($info['email'])) { $info['email'] = ''; }