/** * @param int $id * @return bool|void */ public function delete($id) { parent::delete($id); Event::addEvent(LOG_CAREER_DELETE, LOG_CAREER_ID, $id, api_get_utc_datetime(), api_get_user_id()); }
/** * Cleans the student's results only for the Exercise tool (Not from the LP) * The LP results are NOT deleted by default, otherwise put $cleanLpTests = true * Works with exercises in sessions * @param bool $cleanLpTests * @param string $cleanResultBeforeDate * * @return int quantity of user's exercises deleted */ public function clean_results($cleanLpTests = false, $cleanResultBeforeDate = null) { $table_track_e_exercises = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES); $table_track_e_attempt = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT); $sql_where = ' AND orig_lp_id = 0 AND orig_lp_item_id = 0'; // if we want to delete results from LP too if ($cleanLpTests) { $sql_where = ""; } // if we want to delete attempts before date $cleanResultBeforeDate // $cleanResultBeforeDate must be a valid UTC-0 date yyyy-mm-dd if (!empty($cleanResultBeforeDate)) { $cleanResultBeforeDate = Database::escape_string($cleanResultBeforeDate); if (api_is_valid_date($cleanResultBeforeDate)) { $sql_where .= " AND exe_date <= '{$cleanResultBeforeDate}' "; } else { return 0; } } $sql = "SELECT exe_id\n FROM {$table_track_e_exercises}\n WHERE\n c_id = " . api_get_course_int_id() . " AND\n exe_exo_id = " . $this->id . " AND\n session_id = " . api_get_session_id() . " " . $sql_where; $result = Database::query($sql); $exe_list = Database::store_result($result); // deleting TRACK_E_ATTEMPT table // check if exe in learning path or not $i = 0; if (is_array($exe_list) && count($exe_list) > 0) { foreach ($exe_list as $item) { $sql = "DELETE FROM {$table_track_e_attempt}\n WHERE exe_id = '" . $item['exe_id'] . "'"; Database::query($sql); $i++; } } $session_id = api_get_session_id(); // delete TRACK_E_EXERCISES table $sql = "DELETE FROM {$table_track_e_exercises}\n WHERE c_id = " . api_get_course_int_id() . "\n AND exe_exo_id = " . $this->id . "\n {$sql_where}\n AND session_id = " . $session_id . ""; Database::query($sql); Event::addEvent(LOG_EXERCISE_RESULT_DELETE, LOG_EXERCISE_ID, $this->id, null, null, api_get_course_int_id(), $session_id); return $i; }
function WSUnsuscribeCoursesFromSession($params) { if (!WSHelperVerifyKey($params)) { return return_error(WS_ERROR_SECRET_KEY); } // Initialisation $tbl_session_rel_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); $coursessessions_params = $params['coursessessions']; $results = array(); $orig_course_id_value = array(); $orig_session_id_value = array(); foreach ($coursessessions_params as $coursesession_param) { $original_session_id_value = $coursesession_param['original_session_id_value']; $original_session_id_name = $coursesession_param['original_session_id_name']; $original_course_id_name = $coursesession_param['original_course_id_name']; $original_course_id_values = $coursesession_param['original_course_id_values']; $orig_session_id_value[] = $original_session_id_value; $id_session = SessionManager::getSessionIdFromOriginalId($original_session_id_value, $original_session_id_name); if (empty($id_session)) { $results[] = 0; continue; } // Get courses list from row_original_course_id_values $course_list = array(); $courseIdList = []; foreach ($original_course_id_values as $row_original_course_list) { $course_code = Database::escape_string($row_original_course_list['course_code']); // Check whether exits $x_course_code into user_field_values table. $courseInfo = CourseManager::getCourseInfoFromOriginalId($row_original_course_list['course_code'], $original_course_id_name); if (empty($courseInfo) || isset($courseInfo) && $courseInfo['visibility'] == 0) { continue; // Course_code doesn't exist' } $course_list[] = $courseInfo['code']; $courseIdList[] = $courseInfo['real_id']; } if (empty($course_list)) { $results[] = 0; continue; } $orig_course_id_value[] = implode(',', $course_list); foreach ($courseIdList as $courseId) { $courseId = intval($courseId); Database::query("DELETE FROM {$tbl_session_rel_course}\n WHERE c_id ='{$courseId}' AND session_id='{$id_session}'"); $result = Database::query("DELETE FROM {$tbl_session_rel_course_rel_user} WHERE c_id='{$courseId}' AND session_id = '{$id_session}'"); Event::addEvent(LOG_SESSION_DELETE_COURSE, LOG_COURSE_ID, $courseId, api_get_utc_datetime(), api_get_user_id(), $courseId, $id_session); $return = Database::affected_rows($result); } $nbr_courses = 0; $sql = "SELECT nbr_courses FROM {$tbl_session} WHERE id = '{$id_session}'"; $res_nbr_courses = Database::query($sql); $row_nbr_courses = Database::fetch_row($res_nbr_courses); if (Database::num_rows($res_nbr_courses) > 0) { $nbr_users = $row_nbr_courses[0] - $return; } // Update number of users in the session. $update_sql = "UPDATE {$tbl_session} SET nbr_courses= {$nbr_courses} WHERE id='{$id_session}' "; Database::query($update_sql); $results[] = 1; continue; } $count_results = count($results); $output = array(); for ($i = 0; $i < $count_results; $i++) { $output[] = array('original_course_id_values' => $orig_course_id_value[$i], 'original_session_id_value' => $orig_session_id_value[$i], 'result' => $results[$i]); } return $output; }
/** * Function register_course to create a record in the course table of the main database * @param array Course details (see code for details) * @return int Created course ID * @todo use an array called $params instead of lots of params * @assert (null) === false */ public static function register_course($params) { global $error_msg, $firstExpirationDelay; $title = $params['title']; $code = $params['code']; $visual_code = $params['visual_code']; $directory = $params['directory']; $tutor_name = isset($params['tutor_name']) ? $params['tutor_name'] : null; //$description = $params['description']; $category_code = isset($params['course_category']) ? $params['course_category'] : ''; $course_language = isset($params['course_language']) && !empty($params['course_language']) ? $params['course_language'] : api_get_setting('language.platform_language'); $user_id = empty($params['user_id']) ? api_get_user_id() : intval($params['user_id']); $department_name = isset($params['department_name']) ? $params['department_name'] : null; $department_url = isset($params['department_url']) ? $params['department_url'] : null; $disk_quota = isset($params['disk_quota']) ? $params['disk_quota'] : null; if (!isset($params['visibility'])) { $default_course_visibility = api_get_setting('course.courses_default_creation_visibility'); if ($default_course_visibility != '') { $visibility = $default_course_visibility; } else { $visibility = COURSE_VISIBILITY_OPEN_PLATFORM; } } else { $visibility = $params['visibility']; } $subscribe = isset($params['subscribe']) ? intval($params['subscribe']) : ($visibility == COURSE_VISIBILITY_OPEN_PLATFORM ? 1 : 0); $unsubscribe = isset($params['unsubscribe']) ? intval($params['unsubscribe']) : 0; $expiration_date = isset($params['expiration_date']) ? $params['expiration_date'] : null; $teachers = isset($params['teachers']) ? $params['teachers'] : null; $status = isset($params['status']) ? $params['status'] : null; $TABLECOURSE = Database::get_main_table(TABLE_MAIN_COURSE); $TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER); $ok_to_register_course = true; // Check whether all the needed parameters are present. if (empty($code)) { $error_msg[] = 'courseSysCode is missing'; $ok_to_register_course = false; } if (empty($visual_code)) { $error_msg[] = 'courseScreenCode is missing'; $ok_to_register_course = false; } if (empty($directory)) { $error_msg[] = 'courseRepository is missing'; $ok_to_register_course = false; } if (empty($title)) { $error_msg[] = 'title is missing'; $ok_to_register_course = false; } if (empty($expiration_date)) { $expiration_date = api_get_utc_datetime(time() + $firstExpirationDelay); } else { $expiration_date = api_get_utc_datetime($expiration_date); } if ($visibility < 0 || $visibility > 4) { $error_msg[] = 'visibility is invalid'; $ok_to_register_course = false; } if (empty($disk_quota)) { $disk_quota = api_get_setting('document.default_document_quotum'); } $time = api_get_utc_datetime(); if (stripos($department_url, 'http://') === false && stripos($department_url, 'https://') === false) { $department_url = 'http://' . $department_url; } //just in case if ($department_url == 'http://') { $department_url = ''; } $course_id = 0; if ($ok_to_register_course) { // Here we must add 2 fields. $sql = "INSERT INTO " . $TABLECOURSE . " SET\n code = '" . Database::escape_string($code) . "',\n directory = '" . Database::escape_string($directory) . "',\n course_language = '" . Database::escape_string($course_language) . "',\n title = '" . Database::escape_string($title) . "',\n description = '" . self::lang2db(get_lang('CourseDescription')) . "',\n category_code = '" . Database::escape_string($category_code) . "',\n visibility = '" . $visibility . "',\n show_score = '1',\n disk_quota = '" . intval($disk_quota) . "',\n creation_date = '{$time}',\n expiration_date = '" . $expiration_date . "',\n last_edit = '{$time}',\n last_visit = NULL,\n tutor_name = '" . Database::escape_string($tutor_name) . "',\n department_name = '" . Database::escape_string($department_name) . "',\n department_url = '" . Database::escape_string($department_url) . "',\n subscribe = '" . intval($subscribe) . "',\n unsubscribe = '" . intval($unsubscribe) . "',\n visual_code = '" . Database::escape_string($visual_code) . "'"; Database::query($sql); $course_id = Database::insert_id(); if ($course_id) { $sort = api_max_sort_value('0', api_get_user_id()); // Default true $addTeacher = isset($params['add_user_as_teacher']) ? $params['add_user_as_teacher'] : true; if ($addTeacher) { $i_course_sort = CourseManager::userCourseSort($user_id, $code); if (!empty($user_id)) { $sql = "INSERT INTO " . $TABLECOURSUSER . " SET\n c_id = '" . $course_id . "',\n user_id = '" . intval($user_id) . "',\n status = '1',\n is_tutor = '0',\n sort = '" . $i_course_sort . "',\n user_course_cat = '0'"; Database::query($sql); } } if (!empty($teachers)) { if (!is_array($teachers)) { $teachers = array($teachers); } foreach ($teachers as $key) { //just in case if ($key == $user_id) { continue; } if (empty($key)) { continue; } $sql = "INSERT INTO " . $TABLECOURSUSER . " SET\n c_id = '" . Database::escape_string($course_id) . "',\n user_id = '" . Database::escape_string($key) . "',\n status = '1',\n is_tutor = '0',\n sort = '" . ($sort + 1) . "',\n user_course_cat = '0'"; Database::query($sql); } } // Adding the course to an URL. if (api_is_multiple_url_enabled()) { $url_id = 1; if (api_get_current_access_url_id() != -1) { $url_id = api_get_current_access_url_id(); } UrlManager::add_course_to_url($course_id, $url_id); } else { UrlManager::add_course_to_url($course_id, 1); } // Add event to the system log. $user_id = api_get_user_id(); Event::addEvent(LOG_COURSE_CREATE, LOG_COURSE_CODE, $code, api_get_utc_datetime(), $user_id, $course_id); $send_mail_to_admin = api_get_setting('course.send_email_to_admin_when_create_course'); // @todo Improve code to send to all current portal administrators. if ($send_mail_to_admin == 'true') { $siteName = api_get_setting('platform.site_name'); $recipient_email = api_get_setting('admin.administrator_email'); $recipient_name = api_get_person_name(api_get_setting('admin.administrator_name'), api_get_setting('admin.administrator_surname')); $iname = api_get_setting('platform.institution'); $subject = get_lang('NewCourseCreatedIn') . ' ' . $siteName . ' - ' . $iname; $message = get_lang('Dear') . ' ' . $recipient_name . ",\n\n" . get_lang('MessageOfNewCourseToAdmin') . ' ' . $siteName . ' - ' . $iname . "\n"; $message .= get_lang('CourseName') . ' ' . $title . "\n"; $message .= get_lang('Category') . ' ' . $category_code . "\n"; $message .= get_lang('Tutor') . ' ' . $tutor_name . "\n"; $message .= get_lang('Language') . ' ' . $course_language; $userInfo = api_get_user_info($user_id); $additionalParameters = array('smsType' => SmsPlugin::NEW_COURSE_BEEN_CREATED, 'userId' => $user_id, 'courseName' => $title, 'creatorUsername' => $userInfo['username']); api_mail_html($recipient_name, $recipient_email, $subject, $message, $siteName, $recipient_email, null, null, null, $additionalParameters); } } } return $course_id; }
/** * @param $exe_id * @param $user_id * @param int $courseId * @param $question_id * @param int $sessionId */ public static function delete_attempt_hotspot($exe_id, $user_id, $courseId, $question_id, $sessionId = null) { $table_track_attempt = Database::get_main_table(TABLE_STATISTIC_TRACK_E_HOTSPOT); $exe_id = intval($exe_id); $user_id = intval($user_id); $courseId = intval($courseId); $question_id = intval($question_id); if (!isset($sessionId)) { $sessionId = api_get_session_id(); } $sql = "DELETE FROM {$table_track_attempt}\n WHERE hotspot_exe_id = {$exe_id} AND\n hotspot_user_id = {$user_id} AND\n c_id = {$courseId} AND\n hotspot_question_id = {$question_id} "; Database::query($sql); Event::addEvent(LOG_QUESTION_RESULT_DELETE, LOG_EXERCISE_ATTEMPT_QUESTION_ID, $exe_id . '-' . $question_id, null, null, $courseId, $sessionId); }
<center> Are you sure you want to logout?<br/> <a onclick="load('logout', 'logout', 'none', {})">Yes</a> | <a onclick="load('home', 'none', 'none', {})">No</a> </center> <?php } else { $_SESSION['user'] = $_SESSION['real']; unset($_SESSION['real']); ?> <script> window.location = 'main.php'; </script> <?php } } else { if ($action == 'logout') { if (isset($_SESSION['user'])) { Event::addEvent($_SESSION['user']->getName() . ' has logged out.', $_SESSION['user'], 4); } else { Event::addEvent('A user\'s session has timed out.', new User(0), 4); } session_destroy(); setcookie('user', null, time() - 60 * 60); ?> <script> window.location = 'index.php'; </script> <?php } }
/** * Delete sessions categories * @author Jhon Hinojosa <*****@*****.**>, from existing code * @param array id_checked * @param bool include delete session * @param bool optional, true if the function is called by a webservice, false otherwise. * @return void Nothing, or false on error * The parameters is a array to delete sessions * */ public static function delete_session_category($id_checked, $delete_session = false, $from_ws = false) { $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); if (is_array($id_checked)) { $id_checked = Database::escape_string(implode(',', $id_checked)); } else { $id_checked = intval($id_checked); } //Setting session_category_id to 0 $sql = "UPDATE {$tbl_session} SET session_category_id = 0\n WHERE session_category_id IN (" . $id_checked . ")"; Database::query($sql); $sql = "SELECT id FROM {$tbl_session} WHERE session_category_id IN (" . $id_checked . ")"; $result = Database::query($sql); while ($rows = Database::fetch_array($result)) { $session_id = $rows['id']; if ($delete_session) { if ($from_ws) { SessionManager::delete($session_id, true); } else { SessionManager::delete($session_id); } } } $sql = "DELETE FROM {$tbl_session_category} WHERE id IN (" . $id_checked . ")"; Database::query($sql); // Add event to system log $user_id = api_get_user_id(); Event::addEvent(LOG_SESSION_CATEGORY_DELETE, LOG_SESSION_CATEGORY_ID, $id_checked, api_get_utc_datetime(), $user_id); return true; }
$to = $email; $subject = 'IRIN - New Account'; $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1" . "\r\n"; $headers .= "From: IRIN <*****@*****.**>" . "\r\n"; $message = 'A new account has been created with your email address.<br /><br /><b>Login ID:</b> ' . $login . '<br /><b>New Password:</b> ' . $password . '<br /><b>Name:</b> ' . $name; //mail($to, $subject, $message, $headers); $mail->setFrom('*****@*****.**', 'IRIN'); $mail->addAddress($to); $mail->Subject = $subject; $mail->Body = $message; if (!$mail->send()) { throw new MailException($mail->ErrorInfo); } echo 'true'; Event::addEvent($name . '\'s account has been created.', $_SESSION['user'], 1); } } } } } else { if ($action == 'switch') { if (!isset($_SESSION['real'])) { $_SESSION['real'] = $_SESSION['user']; } $_SESSION['user'] = new User($_GET['id']); ?> <script> window.location = 'main.php'; </script> <?php
<?php } else { if ($do == 'add') { $version = $_POST['version']; ?> <?php switch ($_POST['ver']) { case "alpha": $version .= 'α'; break; case "beta": $version .= 'β'; break; } Version::create($version); Event::addEvent('Version ' . $version . ' has been added.', $_SESSION['user'], 1); } } } else { if ($action == 'current') { $version = new Version($_GET['id']); $version->makeCurrent(); Event::addEvent('Version ' . $version->getVersion() . ' is now the current version.', $_SESSION['user'], 2); ?> <script> load('version', 'none', 'none'); </script> <?php } } }
session_start(); require_once '../classes/connection.class.php'; require_once '../classes/event.class.php'; $addeventobj = new Event(); /*echo '<pre>'; print_r($addeventobj); echo '</pre>'; exit; */ $event_id = mysqli_real_escape_string($addeventobj->conxn, $_POST['event_id']); $event_title = mysqli_real_escape_string($addeventobj->conxn, $_POST['title']); $event_desc = mysqli_real_escape_string($addeventobj->conxn, $_POST['desc']); $event_date = mysqli_real_escape_string($addeventobj->conxn, $_POST['date']); $addeventobj->setEventID($event_id); $addeventobj->setEventTitle($event_title); $addeventobj->setEventDesc($event_desc); $addeventobj->setEventDate($event_date); //$adduserobj->setError($er); //$adduserobj->setMessage($msg); $addeventobj->addEvent(); /*echo '<pre>'; print_r ($adduserobj); echo '</pre>'; exit;*/ if ($addeventobj) { header('location:../index.php?page=event&action=view'); $_SESSION['msg'] = $addeventobj->msg = "The event has been added sucessfully"; } else { echo $_SESSION['msg'] = $addeventobj->msg = "Sorry the event has not been added, please try again later"; }
/** * @param int $id * @return bool */ public function delete($id) { if (parent::delete($id)) { SessionManager::clear_session_ref_promotion($id); Event::addEvent(LOG_PROMOTION_DELETE, LOG_PROMOTION_ID, $id, api_get_utc_datetime(), api_get_user_id()); } else { return false; } }
/** * @param $locked */ public function lock_all_items($locked) { if (api_get_setting('gradebook.gradebook_locking_enabled') == 'true') { $this->lock($locked); $evals_to_lock = $this->get_evaluations(); if (!empty($evals_to_lock)) { foreach ($evals_to_lock as $item) { $item->lock($locked); } } $link_to_lock = $this->get_links(); if (!empty($link_to_lock)) { foreach ($link_to_lock as $item) { $item->lock($locked); } } $event_type = LOG_GRADEBOOK_UNLOCKED; if ($locked == 1) { $event_type = LOG_GRADEBOOK_LOCKED; } Event::addEvent($event_type, LOG_GRADEBOOK_ID, $this->id); } }
/** * Updates the group_rel_user table with a given user and group ids * @author Julio Montoya * @param int $user_id * @param int $group_id * @param int $relation_type * * @return bool **/ public static function update_user_role($user_id, $group_id, $relation_type = GROUP_USER_PERMISSION_READER) { if (empty($user_id) || empty($group_id) || empty($relation_type)) { return false; } $em = Database::getManager(); $group_id = intval($group_id); $user_id = intval($user_id); $usergroupUser = $em->getRepository('ChamiloCoreBundle:UsergroupRelUser')->findOneBy(['user' => $user_id, 'usergroup' => $group_id]); if (!$usergroupUser) { return false; } $usergroupUser->setRelationType($relation_type); $em->merge($usergroupUser); $em->flush(); Event::addEvent(LOG_GROUP_PORTAL_USER_UPDATE_ROLE, LOG_GROUP_PORTAL_REL_USER_ARRAY, array('user_id' => $user_id, 'group_id' => $group_id, 'relation_type' => $relation_type)); return true; }
/** * This function displays a wiki entry * @author Patrick Cool <*****@*****.**>, Ghent University * @author Juan Carlos Raña Trabado * @param string $newtitle * @return string html code **/ public function display_wiki_entry($newtitle) { $tbl_wiki = $this->tbl_wiki; $tbl_wiki_conf = $this->tbl_wiki_conf; $condition_session = $this->condition_session; $groupfilter = $this->groupfilter; $page = $this->page; $session_id = api_get_session_id(); $course_id = api_get_course_int_id(); if ($newtitle) { $pageMIX = $newtitle; //display the page after it is created } else { $pageMIX = $page; //display current page } $filter = null; if (isset($_GET['view']) && $_GET['view']) { $_clean['view'] = (int) Database::escape_string($_GET['view']); $filter = ' AND w.id="' . $_clean['view'] . '"'; } //first, check page visibility in the first page version $sql = 'SELECT * FROM ' . $tbl_wiki . ' WHERE c_id = ' . $course_id . ' AND reflink="' . Database::escape_string($pageMIX) . '" AND ' . $groupfilter . $condition_session . ' ORDER BY id ASC'; $result = Database::query($sql); $row = Database::fetch_array($result); $KeyVisibility = $row['visibility']; // second, show the last version $sql = 'SELECT * FROM ' . $tbl_wiki . ' w , ' . $tbl_wiki_conf . ' wc WHERE wc.c_id = ' . $course_id . ' AND w.c_id = ' . $course_id . ' AND wc.page_id = w.page_id AND w.reflink = "' . Database::escape_string($pageMIX) . '" AND w.session_id = ' . $session_id . ' AND w.' . $groupfilter . ' ' . $filter . ' ORDER BY id DESC'; $result = Database::query($sql); $row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version //log users access to wiki (page_id) if (!empty($row['page_id'])) { Event::addEvent(LOG_WIKI_ACCESS, LOG_WIKI_PAGE_ID, $row['page_id']); } //update visits if ($row['id']) { $sql = 'UPDATE ' . $tbl_wiki . ' SET hits=(hits+1) WHERE c_id = ' . $course_id . ' AND id=' . $row['id'] . ''; Database::query($sql); } // if both are empty and we are displaying the index page then we display the default text. if ($row['content'] == '' and $row['title'] == '' and $page == 'index') { if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { //Table structure for better export to pdf $default_table_for_content_Start = '<table align="center" border="0"><tr><td align="center">'; $default_table_for_content_End = '</td></tr></table>'; $content = $default_table_for_content_Start . sprintf(get_lang('DefaultContent'), api_get_path(WEB_IMG_PATH)) . $default_table_for_content_End; $title = get_lang('DefaultTitle'); } else { return self::setMessage(Display::display_normal_message(get_lang('WikiStandBy'), false, true)); } } else { $content = Security::remove_XSS(api_html_entity_decode($row['content']), COURSEMANAGERLOWSECURITY); $title = api_html_entity_decode($row['title']); } //assignment mode: identify page type $icon_assignment = null; if ($row['assignment'] == 1) { $icon_assignment = Display::return_icon('wiki_assignment.png', get_lang('AssignmentDescExtra'), '', ICON_SIZE_SMALL); } elseif ($row['assignment'] == 2) { $icon_assignment = Display::return_icon('wiki_work.png', get_lang('AssignmentWork'), '', ICON_SIZE_SMALL); } //task mode $icon_task = null; if (!empty($row['task'])) { $icon_task = Display::return_icon('wiki_task.png', get_lang('StandardTask'), '', ICON_SIZE_SMALL); } //Show page. Show page to all users if isn't hide page. Mode assignments: if student is the author, can view if ($KeyVisibility == "1" || api_is_allowed_to_edit(false, true) || api_is_platform_admin() || $row['assignment'] == 2 && $KeyVisibility == "0" && api_get_user_id() == $row['user_id']) { echo '<div id="wikititle">'; $protect_page = null; $lock_unlock_protect = null; // page action: protecting (locking) the page if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { if (self::check_protect_page() == 1) { $protect_page = Display::return_icon('lock.png', get_lang('PageLockedExtra'), '', ICON_SIZE_SMALL); $lock_unlock_protect = 'unlock'; } else { $protect_page = Display::return_icon('unlock.png', get_lang('PageUnlockedExtra'), '', ICON_SIZE_SMALL); $lock_unlock_protect = 'lock'; } } if ($row['id']) { echo '<span style="float:right;">'; echo '<a href="index.php?action=showpage&actionpage=' . $lock_unlock_protect . '&title=' . api_htmlentities(urlencode($page)) . '">' . $protect_page . '</a>'; echo '</span>'; } $visibility_page = null; $lock_unlock_visibility = null; //page action: visibility if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { if (self::check_visibility_page() == 1) { // TODO: FIX This hides the icon eye closed to users of work they can see yours //if(($row['assignment']==2 && $KeyVisibility=="0" && (api_get_user_id()==$row['user_id']))==false) //{ // // } $visibility_page = Display::return_icon('visible.png', get_lang('ShowPageExtra'), '', ICON_SIZE_SMALL); $lock_unlock_visibility = 'invisible'; } else { $visibility_page = Display::return_icon('invisible.png', get_lang('HidePageExtra'), '', ICON_SIZE_SMALL); $lock_unlock_visibility = 'visible'; } } if ($row['id']) { echo '<span style="float:right;">'; echo '<a href="index.php?action=showpage&actionpage=' . $lock_unlock_visibility . '&title=' . api_htmlentities(urlencode($page)) . '">' . $visibility_page . '</a>'; echo '</span>'; } //page action: notification if (api_is_allowed_to_session_edit()) { if (self::check_notify_page($page) == 1) { $notify_page = Display::return_icon('messagebox_info.png', get_lang('NotifyByEmail'), '', ICON_SIZE_SMALL); $lock_unlock_notify_page = 'unlocknotify'; } else { $notify_page = Display::return_icon('mail.png', get_lang('CancelNotifyByEmail'), '', ICON_SIZE_SMALL); $lock_unlock_notify_page = 'locknotify'; } } echo '<span style="float:right;">'; echo '<a href="index.php?action=showpage&actionpage=' . $lock_unlock_notify_page . '&title=' . api_htmlentities(urlencode($page)) . '">' . $notify_page . '</a>'; echo '</span>'; //ONly available if row['id'] is set if ($row['id']) { //page action: export to pdf echo '<span style="float:right;">'; echo '<form name="form_export2PDF" method="get" action="' . api_get_path(WEB_CODE_PATH) . 'wiki/index.php?' . api_get_cidreq() . '" >'; echo '<input type="hidden" name="action" value="export_to_pdf">'; echo '<input type="hidden" name="wiki_id" value="' . $row['id'] . '">'; echo '<input type="image" src="' . api_get_path(WEB_IMG_PATH) . 'icons/22/pdf.png" border ="0" title="' . get_lang('ExportToPDF') . '" alt="' . get_lang('ExportToPDF') . '" style=" width:22px; border:none; margin-top: -9px">'; echo '</form>'; echo '</span>'; // Page action: copy last version to doc area if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { echo '<span style="float:right;">'; echo '<form name="form_export2DOC" method="get" action="' . api_get_path(WEB_CODE_PATH) . 'wiki/index.php?' . api_get_cidreq() . '" >'; echo '<input type=hidden name="action" value="export2doc">'; echo '<input type=hidden name="doc_id" value="' . $row['id'] . '">'; echo '<input type="image" src="' . api_get_path(WEB_IMG_PATH) . 'icons/22/export_to_documents.png" border ="0" title="' . get_lang('ExportToDocArea') . '" alt="' . get_lang('ExportToDocArea') . '" style=" width:22px; border:none; margin-top: -6px">'; echo '</form>'; echo '</span>'; } if (api_is_unoconv_installed()) { echo '<span style="float:right;">'; echo '<a href="' . api_get_path(WEB_CODE_PATH) . 'wiki/index.php?action=export_to_doc_file&id=' . $row['id'] . '">' . Display::return_icon('export_doc.png', get_lang('ExportToDoc'), array(), ICON_SIZE_SMALL) . '</a>'; echo '</span>'; } } //export to print ?> <script> function goprint() { var a = window.open('','','width=800,height=600'); a.document.open("text/html"); a.document.write(document.getElementById('wikicontent').innerHTML); a.document.close(); a.print(); } </script> <?php echo '<span style="float:right; cursor: pointer;">'; echo Display::return_icon('printer.png', get_lang('Print'), array('onclick' => "javascript: goprint();"), ICON_SIZE_SMALL); echo '</span>'; if (empty($title)) { $title = get_lang('DefaultTitle'); } if (self::wiki_exist($title)) { echo $icon_assignment . ' ' . $icon_task . ' ' . api_htmlentities($title); } else { echo api_htmlentities($title); } echo '</div>'; echo '<div id="wikicontent">' . self::make_wiki_link_clickable(self::detect_external_link(self::detect_anchor_link(self::detect_mail_link(self::detect_ftp_link(self::detect_irc_link(self::detect_news_link($content))))))) . '</div>'; echo '<div id="wikifooter">' . get_lang('Progress') . ': ' . $row['progress'] * 10 . '% ' . get_lang('Rating') . ': ' . $row['score'] . ' ' . get_lang('Words') . ': ' . self::word_count($content) . '</div>'; } //end filter visibility }
/** * Set platform language * @param Integer The language id * @return void() */ public static function set_platform_language($language_id) { if (empty($language_id) or intval($language_id) != $language_id) { return false; } $tbl_admin_languages = Database::get_main_table(TABLE_MAIN_LANGUAGE); $tbl_settings_current = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $sql_update = "SELECT english_name FROM " . $tbl_admin_languages . " WHERE id='" . Database::escape_string($language_id) . "'"; $result = Database::query($sql_update); $lang = Database::fetch_array($result); $sql_update_2 = "UPDATE " . $tbl_settings_current . " SET selected_value='" . $lang['english_name'] . "' WHERE variable='platformLanguage'"; $result_2 = Database::query($sql_update_2); Event::addEvent(LOG_PLATFORM_LANGUAGE_CHANGE, LOG_PLATFORM_LANGUAGE, $lang['english_name']); return $result_2 !== false; }
} } } else { if ($action == 'delete') { if ($do == 'none') { ?> <a onclick="load('documents', 'delete', 'delete', {id: '<?php echo $_GET['id']; ?> '})">Continue?</a> (<b>NOTE:</b> This action cannot be reversed!) <?php } else { if ($do == 'delete') { $document = new Document($_GET['id']); $document->delete(); Event::addEvent('Document ' . $document->getPrefix()->getPrefixAbbrev() . $document->getID() . ' has been deleted.', $_SESSION['user'], 3); ?> <script> load('documents', 'view', 'none', {}); </script> <?php } } } else { if ($action == 'sign') { $document = new Document($_GET['id']); $document->sign($_SESSION['user']); ?> <script> load('documents', 'view', 'none', {id: '<?php echo $_GET['id'];
$fp = fopen($homep . $menuf . '_' . $lang . $ext, 'w'); fputs($fp, $home_menu); home_tabs($homep . $menuf . '_' . $lang . $ext); fclose($fp); foreach ($_languages['name'] as $key => $value) { $lang_name = $_languages['folder'][$key]; if (isset($_POST[$lang_name])) { $fp = fopen($homep . $menuf . '_' . $lang_name . $ext, 'w'); fputs($fp, $home_menu); home_tabs($homep . $menuf . '_' . $lang_name . $ext); fclose($fp); } } } } Event::addEvent(LOG_HOMEPAGE_CHANGED, $action, cut($link_name . ':' . $link_url, 254), api_get_utc_datetime(), api_get_user_id()); break; } //end of switch($action) if (empty($errorMsg)) { header('Location: ' . $selfUrl . '?language=' . $languageGet); exit; } } else { //if POST[formSent] is not set switch ($action) { case 'open_link': // Previously, filtering of GET['link'] was done here but it left // a security threat. Filtering has now been moved outside conditions break; case 'delete_tabs':
/** * Delete sessions categories * @author Jhon Hinojosa <*****@*****.**>, from existing code * @param array id_checked * @param bool include delete session * @param bool optional, true if the function is called by a webservice, false otherwise. * @return void Nothing, or false on error * The parameters is a array to delete sessions **/ public static function delete_session_category($id_checked, $delete_session = false, $from_ws = false) { $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); if (is_array($id_checked)) { $id_checked = Database::escape_string(implode(',', $id_checked)); } else { $id_checked = intval($id_checked); } //Setting session_category_id to 0 $sql = "UPDATE {$tbl_session} SET session_category_id = 0 WHERE session_category_id IN (" . $id_checked . ")"; Database::query($sql); $sql = "SELECT id FROM {$tbl_session} WHERE session_category_id IN (" . $id_checked . ")"; $result = @Database::query($sql); while ($rows = Database::fetch_array($result)) { $session_id = $rows['id']; if ($delete_session) { if ($from_ws) { SessionManager::delete_session($session_id, true); } else { SessionManager::delete_session($session_id); } } } $sql = "DELETE FROM {$tbl_session_category} WHERE id IN (" . $id_checked . ")"; $rs = Database::query($sql); $result = Database::affected_rows($rs); // Add event to system log $user_id = api_get_user_id(); Event::addEvent(LOG_SESSION_CATEGORY_DELETE, LOG_SESSION_CATEGORY_ID, $id_checked, api_get_utc_datetime(), $user_id); // delete extra session fields where field variable is "PERIODO" $t_sf = Database::get_main_table(TABLE_MAIN_SESSION_FIELD); $t_sfv = Database::get_main_table(TABLE_MAIN_SESSION_FIELD_VALUES); $sql = "SELECT t_sfv.field_id FROM {$t_sfv} t_sfv, {$t_sf} t_sf WHERE t_sfv.session_id = '{$id_checked}' AND t_sf.field_variable = 'PERIODO' "; $rs_field = Database::query($sql); $field_id = 0; if (Database::num_rows($rs_field) > 0) { $row_field = Database::fetch_row($rs_field); $field_id = $row_field[0]; $sql_delete_sfv = "DELETE FROM {$t_sfv} WHERE session_id = '{$id_checked}' AND field_id = '{$field_id}'"; $rs_delete_sfv = Database::query($sql_delete_sfv); } $sql = "SELECT * FROM {$t_sfv} WHERE field_id = '{$field_id}' "; $rs_field_id = Database::query($sql); if (Database::num_rows($rs_field_id) == 0) { $sql_delete_sf = "DELETE FROM {$t_sf} WHERE id = '{$field_id}'"; $rs_delete_sf = Database::query($sql_delete_sf); } return true; }
switch ($_GET['category']) { case 'Regions': handle_regions(); break; case 'Plugins': // Displaying the extensions: Plugins. // This will be available to all the sites (access_urls). $securityToken = isset($_GET['sec_token']) ? Security::remove_XSS($_GET['sec_token']) : null; if (isset($_POST['submit_dashboard_plugins']) && Security::check_token($securityToken)) { Security::clear_token(); $affected_rows = DashboardManager::store_dashboard_plugins($_POST); if ($affected_rows) { // add event to system log $user_id = api_get_user_id(); $category = $_GET['category']; Event::addEvent(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); Display::display_confirmation_message(get_lang('DashboardPluginsUpdatedSuccessfully')); } } echo '<script> $(function(){ $("#tabs").tabs(); }); </script>'; echo '<div id="tabs">'; echo '<ul>'; echo '<li><a href="#tabs-1">' . get_lang('Plugins') . '</a></li>'; echo '<li><a href="#tabs-2">' . get_lang('DashboardPlugins') . '</a></li>'; echo '<li><a href="#tabs-3">' . get_lang('ConfigureExtensions') . '</a></li>'; echo '</ul>'; echo '<div id="tabs-1">';
/** * Updates the group_rel_user table with a given user and group ids * @author Julio Montoya * @param int $user_id * @param int $group_id * @param int $relation_type * * @return bool **/ public static function update_user_role($user_id, $group_id, $relation_type = GROUP_USER_PERMISSION_READER) { $table_group_rel_user = Database::get_main_table(TABLE_MAIN_USER_REL_GROUP); if (empty($user_id) || empty($group_id) || empty($relation_type)) { return false; } $group_id = intval($group_id); $user_id = intval($user_id); $sql = "UPDATE {$table_group_rel_user}\n \t\t\t\tSET relation_type = " . intval($relation_type) . "\n \t\t\t\tWHERE\n user_id = {$user_id} AND\n group_id = {$group_id}\n "; Database::query($sql); Event::addEvent(LOG_GROUP_PORTAL_USER_UPDATE_ROLE, LOG_GROUP_PORTAL_REL_USER_ARRAY, array('user_id' => $user_id, 'group_id' => $group_id, 'relation_type' => $relation_type)); return true; }
$sql = "UPDATE {$user_table} SET active='" . $status . "' WHERE user_id='" . $user_id . "'"; $result = Database::query($sql); //Send and email if account is active if ($status == 1) { $user_info = api_get_user_info($user_id); $recipient_name = api_get_person_name($user_info['firstname'], $user_info['lastname'], null, PERSON_NAME_EMAIL_ADDRESS); $emailsubject = '[' . api_get_setting('platform.site_name') . '] ' . get_lang('YourReg') . ' ' . api_get_setting('platform.site_name'); $email_admin = api_get_setting('admin.administrator_email'); $sender_name = api_get_person_name(api_get_setting('admin.administrator_name'), api_get_setting('admin.administrator_surname'), null, PERSON_NAME_EMAIL_ADDRESS); $emailbody = get_lang('Dear') . " " . stripslashes($recipient_name) . ",\n\n"; $emailbody .= sprintf(get_lang('YourAccountOnXHasJustBeenApprovedByOneOfOurAdministrators'), api_get_setting('platform.site_name')) . "\n"; $emailbody .= sprintf(get_lang('YouCanNowLoginAtXUsingTheLoginAndThePasswordYouHaveProvided'), api_get_path(WEB_PATH)) . ",\n\n"; $emailbody .= get_lang('HaveFun') . "\n\n"; //$emailbody.=get_lang('Problem'). "\n\n". get_lang('SignatureFormula'); $emailbody .= api_get_person_name(api_get_setting('admin.administrator_name'), api_get_setting('admin.administrator_surname')) . "\n" . get_lang('Manager') . " " . api_get_setting('platform.site_name') . "\nT. " . api_get_setting('administratorTelephone') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator'); $additionalParameters = array('smsType' => SmsPlugin::ACCOUNT_APPROVED_CONNECT, 'userId' => $user_id); $result = api_mail_html($recipient_name, $user_info['mail'], $emailsubject, $emailbody, $sender_name, $email_admin, null, null, $additionalParameters); Event::addEvent(LOG_USER_ENABLE, LOG_USER_ID, $user_id); } else { Event::addEvent(LOG_USER_DISABLE, LOG_USER_ID, $user_id); } echo $status; } } else { echo '-1'; } break; default: echo ''; } exit;
/** * function register_course to create a record in the course table of the main database * @param string $course_sys_code * @param string $course_screen_code * @param string $course_repository * @param string $course_db_name * @param string $tutor_name * @param string $category * @param string $title complete name of course * @param string $course_language lang for this course * @param string $uid uid of owner * @param integer Expiration date in unix time representation * @param array Optional array of teachers' user ID * @return int 0 * @todo use an array called $params instead of lots of params */ static function register_course($params) { global $error_msg, $firstExpirationDelay; $title = $params['title']; $code = $params['code']; $visual_code = $params['visual_code']; $directory = isset($params['directory']) ? $params['directory'] : null; $tutor_name = isset($params['tutor_name']) ? $params['tutor_name'] : null; $category_code = isset($params['category_code']) ? $params['category_code'] : null; $defaultLanguage = Container::getTranslator()->getLocale(); $course_language = isset($params['course_language']) && !empty($params['course_language']) ? $params['course_language'] : $defaultLanguage; $user_id = empty($params['user_id']) ? api_get_user_id() : intval($params['user_id']); $department_name = isset($params['department_name']) ? $params['department_name'] : null; $department_url = isset($params['department_url']) ? $params['department_url'] : null; $disk_quota = isset($params['disk_quota']) ? $params['disk_quota'] : null; if (!isset($params['visibility'])) { $default_course_visibility = api_get_setting('course.courses_default_creation_visibility'); if (isset($default_course_visibility)) { $visibility = $default_course_visibility; } else { $visibility = COURSE_VISIBILITY_OPEN_PLATFORM; } } else { $visibility = $params['visibility']; } $subscribe = isset($params['subscribe']) ? intval($params['subscribe']) : ($visibility == COURSE_VISIBILITY_OPEN_PLATFORM ? 1 : 0); $unsubscribe = isset($params['unsubscribe']) ? intval($params['unsubscribe']) : 0; $expiration_date = isset($params['expiration_date']) ? $params['expiration_date'] : null; $teachers = isset($params['teachers']) ? $params['teachers'] : null; $status = isset($params['status']) ? $params['status'] : null; $TABLECOURSE = Database::get_main_table(TABLE_MAIN_COURSE); $TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER); $ok_to_register_course = true; // Check whether all the needed parameters are present. if (empty($code)) { $error_msg[] = 'courseSysCode is missing'; $ok_to_register_course = false; } if (empty($visual_code)) { $error_msg[] = 'courseScreenCode is missing'; $ok_to_register_course = false; } if (empty($directory)) { $error_msg[] = 'courseRepository is missing'; $ok_to_register_course = false; } if (empty($title)) { $error_msg[] = 'title is missing'; $ok_to_register_course = false; } if (empty($expiration_date)) { $expiration_date = api_get_utc_datetime(time() + $firstExpirationDelay); } else { $expiration_date = api_get_utc_datetime($expiration_date); } if ($visibility < 0 || $visibility > 3) { $error_msg[] = 'visibility is invalid'; $ok_to_register_course = false; } if (empty($disk_quota)) { $disk_quota = api_get_setting('document.default_document_quotum'); } $time = api_get_utc_datetime(); if (stripos($department_url, 'http://') === false && stripos($department_url, 'https://') === false) { $department_url = 'http://' . $department_url; } //just in case if ($department_url == 'http://') { $department_url = ''; } $course_id = 0; if ($ok_to_register_course) { /** @var Course $course */ $course = self::getCourseManager()->create(); $course->setCode($code)->setDirectory($directory)->setCourseLanguage($course_language)->setTitle($title)->setDescription(get_lang('CourseDescription'))->setCategoryCode($category_code)->setVisibility($visibility)->setShowScore(1)->setDiskQuota($disk_quota)->setCreationDate(new \DateTime())->setExpirationDate(new \DateTime($expiration_date))->setDepartmentName($department_name)->setDepartmentUrl($department_url)->setSubscribe($subscribe)->setUnsubscribe($unsubscribe)->setVisualCode($visual_code); self::getCourseManager()->save($course, true); $course_id = $course->getId(); /*// Here we must add 2 fields. $sql = "INSERT INTO ".$TABLECOURSE . " SET code = '".Database :: escape_string($code) . "', directory = '".Database :: escape_string($directory) . "', course_language = '".Database :: escape_string($course_language) . "', title = '".Database :: escape_string($title) . "', description = '".Database::escape_string(get_lang('CourseDescription')) . "', category_code = '".Database :: escape_string($category_code) . "', visibility = '".$visibility . "', show_score = '1', disk_quota = '".intval($disk_quota) . "', creation_date = '$time', expiration_date = '".$expiration_date . "', last_edit = '$time', last_visit = NULL, tutor_name = '".Database :: escape_string($tutor_name) . "', department_name = '".Database :: escape_string($department_name) . "', department_url = '".Database :: escape_string($department_url) . "', subscribe = '".intval($subscribe) . "', unsubscribe = '".intval($unsubscribe) . "', visual_code = '".Database :: escape_string($visual_code) . "'"; Database::query($sql); $course_id = Database::insert_id();*/ //$course->addUsers() if ($course_id) { $settingsManager = Container::getCourseSettingsManager(); $schemas = $settingsManager->getSchemas(); $schemas = array_keys($schemas); /** * @var string $key * @var \Sylius\Bundle\SettingsBundle\Schema\SchemaInterface $schema */ foreach ($schemas as $schema) { $settings = $settingsManager->loadSettings($schema); $settingsManager->setCourse($course); $settingsManager->saveSettings($schema, $settings); } $sort = api_max_sort_value('0', api_get_user_id()); $i_course_sort = CourseManager::userCourseSort($user_id, $code); if (!empty($user_id)) { $sql = "INSERT INTO " . $TABLECOURSUSER . " SET\n c_id = '" . Database::escape_string($course_id) . "',\n user_id = '" . intval($user_id) . "',\n status = '1',\n tutor_id = '0',\n sort = '" . $i_course_sort . "',\n user_course_cat = '0'"; Database::query($sql); } if (!empty($teachers)) { if (!is_array($teachers)) { $teachers = array($teachers); } foreach ($teachers as $key) { //just in case if ($key == $user_id) { continue; } if (empty($key)) { continue; } $sql = "INSERT INTO " . $TABLECOURSUSER . " SET\n c_id = '" . Database::escape_string($course_id) . "',\n user_id = '" . Database::escape_string($key) . "',\n status = '1',\n role = '',\n tutor_id = '0',\n sort = '" . ($sort + 1) . "',\n user_course_cat = '0'"; Database::query($sql); } } // Adding the course to an URL if (api_is_multiple_url_enabled()) { $url_id = 1; if (api_get_current_access_url_id() != -1) { $url_id = api_get_current_access_url_id(); } UrlManager::add_course_to_url($course_id, $url_id); } else { UrlManager::add_course_to_url($course_id, 1); } // Add event to the system log. $user_id = api_get_user_id(); Event::addEvent(LOG_COURSE_CREATE, LOG_COURSE_CODE, $code, api_get_utc_datetime(), $user_id, $code); $send_mail_to_admin = api_get_setting('course.send_email_to_admin_when_create_course'); // @todo Improve code to send to all current portal administrators. if ($send_mail_to_admin == 'true') { $siteName = api_get_setting('platform.site_name'); $recipient_email = api_get_setting('platform.administrator_email'); $recipient_name = api_get_person_name(api_get_setting('platform.administrator_name'), api_get_setting('platform.administrator_surname')); $iname = api_get_setting('platform.institution'); $subject = get_lang('NewCourseCreatedIn') . ' ' . $siteName . ' - ' . $iname; $body = get_lang('Dear') . ' ' . $recipient_name . ",\n\n" . get_lang('MessageOfNewCourseToAdmin') . ' ' . $siteName . ' - ' . $iname . "\n"; $body .= get_lang('CourseName') . ' ' . $title . "\n"; $body .= get_lang('Category') . ' ' . $category_code . "\n"; $body .= get_lang('Tutor') . ' ' . $tutor_name . "\n"; $body .= get_lang('Language') . ' ' . $course_language; //api_mail_html($recipient_name, $recipient_email, $subject, $message, $siteName, $recipient_email); $message = \Swift_Message::newInstance()->setSubject($subject)->setFrom($recipient_email)->setTo($recipient_email)->setBody(Container::getTemplate()->render('ChamiloCoreBundle:Mailer:Course/new_course.html.twig', array('recipient_name' => $recipient_name, 'sitename' => $siteName, 'institution' => $iname, 'course_name' => $title, 'category' => $category_code, 'tutor' => $tutor_name, 'language' => $course_language))); Container::getMailer()->send($message); } } } return $course_id; }
/** * Delete a course * This function deletes a whole course-area from the platform. When the * given course is a virtual course, the database and directory will not be * deleted. * When the given course is a real course, also all virtual courses refering * to the given course will be deleted. * Considering the fact that we remove all traces of the course in the main * database, it makes sense to remove all tracking as well (if stats databases exist) * so that a new course created with this code would not use the remains of an older * course. * * @param string The code of the course to delete * @todo When deleting a virtual course: unsubscribe users from that virtual * course from the groups in the real course if they are not subscribed in * that real course. * @todo Remove globals */ public static function delete_course($code) { $table_course = Database::get_main_table(TABLE_MAIN_COURSE); $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); $table_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); $table_course_survey = Database::get_main_table(TABLE_MAIN_SHARED_SURVEY); $table_course_survey_question = Database::get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION); $table_course_survey_question_option = Database::get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION); $table_course_rel_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); $table_stats_hotpots = Database::get_main_table(TABLE_STATISTIC_TRACK_E_HOTPOTATOES); $table_stats_attempt = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT); $table_stats_exercises = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES); $table_stats_access = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ACCESS); $table_stats_lastaccess = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LASTACCESS); $table_stats_course_access = Database::get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); $table_stats_online = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ONLINE); $table_stats_default = Database::get_main_table(TABLE_STATISTIC_TRACK_E_DEFAULT); $table_stats_downloads = Database::get_main_table(TABLE_STATISTIC_TRACK_E_DOWNLOADS); $table_stats_links = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LINKS); $table_stats_uploads = Database::get_main_table(TABLE_STATISTIC_TRACK_E_UPLOADS); $codeFiltered = Database::escape_string($code); $sql = "SELECT * FROM {$table_course} WHERE code='" . $codeFiltered . "'"; $res = Database::query($sql); if (Database::num_rows($res) == 0) { return; } $sql = "SELECT * FROM {$table_course}\n WHERE code = '" . $codeFiltered . "'"; $res = Database::query($sql); $course = Database::fetch_array($res); $courseId = $course['id']; $count = 0; if (api_is_multiple_url_enabled()) { $url_id = 1; if (api_get_current_access_url_id() != -1) { $url_id = api_get_current_access_url_id(); } UrlManager::delete_url_rel_course($courseId, $url_id); $count = UrlManager::getCountUrlRelCourse($courseId); } if ($count == 0) { self::create_database_dump($code); $course_tables = AddCourse::get_course_tables(); // Cleaning c_x tables if (!empty($courseId)) { foreach ($course_tables as $table) { $table = Database::get_course_table($table); $sql = "DELETE FROM {$table} WHERE c_id = {$courseId} "; Database::query($sql); } } $course_dir = api_get_path(SYS_COURSE_PATH) . $course['directory']; $archive_dir = api_get_path(SYS_ARCHIVE_PATH) . $course['directory'] . '_' . time(); if (is_dir($course_dir)) { rename($course_dir, $archive_dir); } // Unsubscribe all users from the course $sql = "DELETE FROM {$table_course_user} WHERE c_id='" . $courseId . "'"; Database::query($sql); // Delete the course from the sessions tables $sql = "DELETE FROM {$table_session_course} WHERE c_id='" . $courseId . "'"; Database::query($sql); $sql = "DELETE FROM {$table_session_course_user} WHERE c_id='" . $courseId . "'"; Database::query($sql); // Delete from Course - URL $sql = "DELETE FROM {$table_course_rel_url} WHERE c_id = '" . $courseId . "'"; Database::query($sql); $sql = 'SELECT survey_id FROM ' . $table_course_survey . ' WHERE course_code="' . $codeFiltered . '"'; $result_surveys = Database::query($sql); while ($surveys = Database::fetch_array($result_surveys)) { $survey_id = $surveys[0]; $sql = 'DELETE FROM ' . $table_course_survey_question . ' WHERE survey_id="' . $survey_id . '"'; Database::query($sql); $sql = 'DELETE FROM ' . $table_course_survey_question_option . ' WHERE survey_id="' . $survey_id . '"'; Database::query($sql); $sql = 'DELETE FROM ' . $table_course_survey . ' WHERE survey_id="' . $survey_id . '"'; Database::query($sql); } // Cleaning group categories $groupCategories = GroupManager::get_categories($course['code']); if (!empty($groupCategories)) { foreach ($groupCategories as $category) { GroupManager::delete_category($category['id'], $course['code']); } } // Cleaning groups $groups = GroupManager::get_groups(); if (!empty($groups)) { $groupList = array_column($groups, 'id'); GroupManager::delete_groups($groupList); } // Delete the course from the stats tables $sql = "DELETE FROM {$table_stats_hotpots} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_attempt} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_exercises} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_access} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_lastaccess} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_course_access} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_online} WHERE c_id = {$courseId}"; Database::query($sql); // Do not delete rows from track_e_default as these include course // creation and other important things that do not take much space // but give information on the course history //$sql = "DELETE FROM $table_stats_default WHERE c_id = $courseId"; //Database::query($sql); $sql = "DELETE FROM {$table_stats_downloads} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_links} WHERE c_id = {$courseId}"; Database::query($sql); $sql = "DELETE FROM {$table_stats_uploads} WHERE c_id = {$courseId}"; Database::query($sql); // Delete the course from the database $sql = "DELETE FROM {$table_course} WHERE code = '" . $codeFiltered . "'"; Database::query($sql); // delete extra course fields $extraFieldValues = new ExtraFieldValue('course'); $extraFieldValues->deleteValuesByItem($courseId); // Add event to system log $user_id = api_get_user_id(); Event::addEvent(LOG_COURSE_DELETE, LOG_COURSE_CODE, $code, api_get_utc_datetime(), $user_id, $courseId); } }
/** * This function displays a wiki entry * @author Patrick Cool <*****@*****.**>, Ghent University * @author Juan Carlos Raña Trabado * @param string $newtitle * @return string html code **/ public function display_wiki_entry($newtitle) { $tbl_wiki = $this->tbl_wiki; $tbl_wiki_conf = $this->tbl_wiki_conf; $condition_session = $this->condition_session; $groupfilter = $this->groupfilter; $page = $this->page; $session_id = api_get_session_id(); $course_id = api_get_course_int_id(); if ($newtitle) { $pageMIX = $newtitle; //display the page after it is created } else { $pageMIX = $page; //display current page } $filter = null; if (isset($_GET['view']) && $_GET['view']) { $_clean['view'] = Database::escape_string($_GET['view']); $filter = ' AND w.id="' . $_clean['view'] . '"'; } // First, check page visibility in the first page version $sql = 'SELECT * FROM ' . $tbl_wiki . ' WHERE c_id = ' . $course_id . ' AND reflink="' . Database::escape_string($pageMIX) . '" AND ' . $groupfilter . $condition_session . ' ORDER BY id ASC'; $result = Database::query($sql); $row = Database::fetch_array($result, 'ASSOC'); $KeyVisibility = $row['visibility']; // second, show the last version $sql = 'SELECT * FROM ' . $tbl_wiki . ' w INNER JOIN ' . $tbl_wiki_conf . ' wc ON (wc.page_id = w.page_id AND wc.c_id = w.c_id) WHERE w.c_id = ' . $course_id . ' AND w.reflink = "' . Database::escape_string($pageMIX) . '" AND w.session_id = ' . $session_id . ' AND w.' . $groupfilter . ' ' . $filter . ' ORDER BY id DESC'; $result = Database::query($sql); // we do not need a while loop since we are always displaying the last version $row = Database::fetch_array($result, 'ASSOC'); //log users access to wiki (page_id) if (!empty($row['page_id'])) { Event::addEvent(LOG_WIKI_ACCESS, LOG_WIKI_PAGE_ID, $row['page_id']); } //update visits if ($row['id']) { $sql = 'UPDATE ' . $tbl_wiki . ' SET hits=(hits+1) WHERE c_id = ' . $course_id . ' AND id=' . $row['id'] . ''; Database::query($sql); } // if both are empty and we are displaying the index page then we display the default text. if ($row['content'] == '' && $row['title'] == '' && $page == 'index') { if (api_is_allowed_to_edit(false, true) || api_is_platform_admin() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { //Table structure for better export to pdf $default_table_for_content_Start = '<table align="center" border="0"><tr><td align="center">'; $default_table_for_content_End = '</td></tr></table>'; $content = $default_table_for_content_Start . sprintf(get_lang('DefaultContent'), api_get_path(WEB_IMG_PATH)) . $default_table_for_content_End; $title = get_lang('DefaultTitle'); } else { return self::setMessage(Display::display_normal_message(get_lang('WikiStandBy'), false, true)); } } else { $content = Security::remove_XSS($row['content']); $title = Security::remove_XSS($row['title']); } //assignment mode: identify page type $icon_assignment = null; if ($row['assignment'] == 1) { $icon_assignment = Display::return_icon('wiki_assignment.png', get_lang('AssignmentDescExtra'), '', ICON_SIZE_SMALL); } elseif ($row['assignment'] == 2) { $icon_assignment = Display::return_icon('wiki_work.png', get_lang('AssignmentWork'), '', ICON_SIZE_SMALL); } //task mode $icon_task = null; if (!empty($row['task'])) { $icon_task = Display::return_icon('wiki_task.png', get_lang('StandardTask'), '', ICON_SIZE_SMALL); } // Show page. Show page to all users if isn't hide page. Mode assignments: if student is the author, can view if ($KeyVisibility == "1" || api_is_allowed_to_edit(false, true) || api_is_platform_admin() || $row['assignment'] == 2 && $KeyVisibility == "0" && api_get_user_id() == $row['user_id']) { $actionsLeft = ''; // menu edit page $editLink = '<a href="index.php?' . api_get_cidreq() . '&action=edit&title=' . api_htmlentities(urlencode($page)) . '"' . self::is_active_navigation_tab('edit') . '>' . Display::return_icon('edit.png', get_lang('EditThisPage'), '', ICON_SIZE_MEDIUM) . '</a>'; if (api_is_allowed_to_edit(false, true)) { $actionsLeft .= $editLink; } else { if ((api_is_allowed_in_course() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) && $page != 'index') { $actionsLeft .= $editLink; } else { $actionsLeft .= ''; } } $actionsRight = ''; $protect_page = null; $lock_unlock_protect = null; // page action: protecting (locking) the page if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { if (self::check_protect_page() == 1) { $protect_page = Display::return_icon('lock.png', get_lang('PageLockedExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_protect = 'unlock'; } else { $protect_page = Display::return_icon('unlock.png', get_lang('PageUnlockedExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_protect = 'lock'; } } if ($row['id']) { $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=showpage&actionpage=' . $lock_unlock_protect . '&title=' . api_htmlentities(urlencode($page)) . '">' . $protect_page . '</a>'; } $visibility_page = null; $lock_unlock_visibility = null; //page action: visibility if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { if (self::check_visibility_page() == 1) { $visibility_page = Display::return_icon('visible.png', get_lang('ShowPageExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_visibility = 'invisible'; } else { $visibility_page = Display::return_icon('invisible.png', get_lang('HidePageExtra'), '', ICON_SIZE_MEDIUM); $lock_unlock_visibility = 'visible'; } } if ($row['id']) { $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=showpage&actionpage=' . $lock_unlock_visibility . '&title=' . api_htmlentities(urlencode($page)) . '">' . $visibility_page . '</a>'; } //page action: notification if (api_is_allowed_to_session_edit()) { if (self::check_notify_page($page) == 1) { $notify_page = Display::return_icon('messagebox_info.png', get_lang('NotifyByEmail'), '', ICON_SIZE_MEDIUM); $lock_unlock_notify_page = 'unlocknotify'; } else { $notify_page = Display::return_icon('mail.png', get_lang('CancelNotifyByEmail'), '', ICON_SIZE_MEDIUM); $lock_unlock_notify_page = 'locknotify'; } } // Only available if row['id'] is set if ($row['id']) { if (api_is_allowed_to_session_edit(false, true) && api_is_allowed_to_edit() || GroupManager::is_user_in_group(api_get_user_id(), api_get_group_id())) { // menu discuss page $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=discuss&title=' . api_htmlentities(urlencode($page)) . '" ' . self::is_active_navigation_tab('discuss') . '>' . Display::return_icon('discuss.png', get_lang('DiscussThisPage'), '', ICON_SIZE_MEDIUM) . '</a>'; } //menu history $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=history&title=' . api_htmlentities(urlencode($page)) . '" ' . self::is_active_navigation_tab('history') . '>' . Display::return_icon('history.png', get_lang('ShowPageHistory'), '', ICON_SIZE_MEDIUM) . '</a>'; //menu linkspages $actionsRight .= '<a href="index.php?' . api_get_cidreq() . 'action=links&title=' . api_htmlentities(urlencode($page)) . '" ' . self::is_active_navigation_tab('links') . '>' . Display::return_icon('what_link_here.png', get_lang('LinksPages'), '', ICON_SIZE_MEDIUM) . '</a>'; //menu delete wikipage if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { $actionsRight .= '<a href="index.php?action=delete&' . api_get_cidreq() . '&title=' . api_htmlentities(urlencode($page)) . '"' . self::is_active_navigation_tab('delete') . '>' . Display::return_icon('delete.png', get_lang('DeleteThisPage'), '', ICON_SIZE_MEDIUM) . '</a>'; } $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=showpage&actionpage=' . $lock_unlock_notify_page . '&title=' . api_htmlentities(urlencode($page)) . '">' . $notify_page . '</a>'; // Page action: copy last version to doc area if (api_is_allowed_to_edit(false, true) || api_is_platform_admin()) { $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=export2doc&wiki_id=' . $row['id'] . '">' . Display::return_icon('export_to_documents.png', get_lang('ExportToDocArea'), '', ICON_SIZE_MEDIUM) . '</a>'; } $actionsRight .= '<a href="index.php?' . api_get_cidreq() . '&action=export_to_pdf&wiki_id=' . $row['id'] . '">' . Display::return_icon('pdf.png', get_lang('ExportToPDF'), '', ICON_SIZE_MEDIUM) . '</a>'; $unoconv = api_get_configuration_value('unoconv.binaries'); if ($unoconv) { $actionsRight .= '<a href="' . api_get_path(WEB_CODE_PATH) . 'wiki/index.php?action=export_to_doc_file&id=' . $row['id'] . '&' . api_get_cidreq() . '">' . Display::return_icon('export_doc.png', get_lang('ExportToDoc'), array(), ICON_SIZE_MEDIUM) . '</a>'; } //export to print ?> <script> function goprint() { var a = window.open('','','width=800,height=600'); a.document.open("text/html"); a.document.write(document.getElementById('wikicontent').innerHTML); a.document.close(); a.print(); } </script> <?php $actionsRight .= Display::url(Display::return_icon('printer.png', get_lang('Print'), '', ICON_SIZE_MEDIUM), '#', array('onclick' => "javascript: goprint();")); } echo Display::toolbarAction('toolbar-wikistudent', array(0 => $actionsLeft, 1 => $actionsRight)); if (empty($title)) { $pageTitle = get_lang('DefaultTitle'); } if (self::wiki_exist($title)) { $pageTitle = $icon_assignment . ' ' . $icon_task . ' ' . api_htmlentities($title); } else { $pageTitle = api_htmlentities($title); } $pageWiki = self::make_wiki_link_clickable(self::detect_external_link(self::detect_anchor_link(self::detect_mail_link(self::detect_ftp_link(self::detect_irc_link(self::detect_news_link($content))))))); $footerWiki = '<div id="wikifooter">' . get_lang('Progress') . ': ' . $row['progress'] * 10 . '% ' . get_lang('Rating') . ': ' . $row['score'] . ' ' . get_lang('Words') . ': ' . self::word_count($content) . '</div>'; echo Display::panel($pageWiki, $pageTitle, $footerWiki); } //end filter visibility }
</table> </form> <div id="loading" class="alert alert-info" role="alert" style="display: none"> </div> <?php } else { if ($do == 'add') { extract($_POST); Year::create($year, $era); if ($era == 1) { $dis = $year . ' UFY'; } else { $dis = $year . ' IRY'; } Event::addEvent('Year ' . $dis . ' has been added.', $_SESSION['user'], 1); } } } else { if ($action == 'current') { $year = new Year($_GET['id']); $year->makeCurrent(); Event::addEvent('Year ' . $year->getFullYear() . ' is now the current year.', $_SESSION['user'], 2); ?> <script> load('irclockup', 'none', 'none'); </script> <?php } } }
<td><?php echo $user->getClearance()->getClearanceName(); ?> </td> </tr> <tr> <th><label for="merits">Merits</label></th> <td><input type="number" id="merits" name="merits" value="<?php echo $user->getMerits(); ?> " required /></td> </tr> <tr> <td colspan=2><button id="edit" name="edit" class="btn btn-primary" type="button" onclick="editMerits()">Edit</button></td> </tr> </table> </form> <div id="loading" class="alert alert-info" role="alert" style="display: none"> </div> <?php } else { if ($do == 'edit') { extract($_POST); $user->changeMerits($merits); Event::addEvent($user->getName() . '\'s merits have been modified.', $_SESSION['user'], 2); } } } } }
/** * Disables or enables a user * @param int user_id * @param int Enable or disable * @return void * @assert (-1,0) === false * @assert (1,1) === true */ private static function change_active_state($user_id, $active) { if (strval(intval($user_id)) != $user_id) { return false; } if ($user_id < 1) { return false; } $user_id = intval($user_id); $table_user = Database::get_main_table(TABLE_MAIN_USER); $sql = "UPDATE {$table_user} SET active = '{$active}' WHERE id = {$user_id}"; $r = Database::query($sql); $ev = LOG_USER_DISABLE; if ($active == 1) { $ev = LOG_USER_ENABLE; } if ($r !== false) { Event::addEvent($ev, LOG_USER_ID, $user_id); } return $r; }
/** * Wrapper for the templates * * @author Patrick Cool <*****@*****.**>, Ghent University, Belgium * @author Julio Montoya. * @version August 2008 * @since Dokeos 1.8.6 */ function handle_templates() { /* Drive-by fix to avoid undefined var warnings, without repeating * isset() combos all over the place. */ $action = isset($_GET['action']) ? $_GET['action'] : "invalid"; if ($action != 'add') { echo '<div class="actions" style="margin-left: 1px;">'; echo '<a href="settings.php?category=Templates&action=add">' . Display::return_icon('new_template.png', get_lang('AddTemplate'), '', ICON_SIZE_MEDIUM) . '</a>'; echo '</div>'; } if ($action == 'add' || $action == 'edit' && is_numeric($_GET['id'])) { add_edit_template(); // Add event to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; Event::addEvent(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); } else { if ($action == 'delete' && is_numeric($_GET['id'])) { delete_template($_GET['id']); // Add event to the system log $user_id = api_get_user_id(); $category = $_GET['category']; Event::addEvent(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); } display_templates(); } }
$controller->logout($redirect); } /* Table definitions */ /* Constants and CONFIGURATION parameters */ /** @todo these configuration settings should move to the Chamilo config settings. */ /** Defines wether or not anonymous visitors can see a list of the courses on the Chamilo homepage that are open to the world. */ $_setting['display_courses_to_anonymous_users'] = 'true'; /* LOGIN */ /** * Registers in the track_e_default table (view in important activities in admin * interface) a possible attempted break in, sending auth data through get. * @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it. */ if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) { $i = api_get_anonymous_id(); Event::addEvent(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'] . (empty($_POST['login']) ? '' : '/' . $_POST['login']), null, $i); echo 'Attempted breakin - sysadmins notified.'; session_destroy(); die; } // Delete session neccesary for legal terms if (api_get_setting('allow_terms_conditions') == 'true') { Session::erase('term_and_condition'); } //If we are not logged in and customapages activated if (!api_get_user_id() && CustomPages::enabled()) { if (Request::get('loggedout')) { CustomPages::display(CustomPages::LOGGED_OUT); } else { CustomPages::display(CustomPages::INDEX_UNLOGGED); }
<td style="vertical-align: middle"><?php echo $code->getPurpose(); ?> </td> <td style="vertical-align: middle"><?php echo $code->getDate(); ?> </td> </tr> <?php } ?> </table> <?php } else { if ($action == 'generate') { /*$rand = rand(100, 999); $date = date('mdy'); $name = strtoupper($_SESSION['user']->getName()[0] . $_SESSION['user']->getName()[1]); $abbrev = ''; foreach (explode(' ', $_SESSION['user']->getAdmin()->getAdminRank()) as $word) { $abbrev .= strtoupper($word[0]); }*/ $code = CodeGen::generateCode($_SESSION['user']); CodeGen::add($code, $_SESSION['user'], $_POST['purpose']); Event::addEvent($_SESSION['user']->getName() . ' has generated an approval code.', $_SESSION['user'], 1); echo $code; } }