function edit_filter($id, $url_params, $row) { global $charset; $return = '<a href="user_fields_add.php?action=edit&field_id=' . $row[0] . '&field_type=' . $row[2] . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon('edit.png', get_lang('Edit')) . '</a>'; $return .= ' <a href="' . api_get_self() . '?action=delete&field_id=' . $row[0] . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete')) . '</a>'; return $return; }
$is_member = $usergroup->is_group_member($group_id); if ($group_info['visibility'] == GROUP_PERMISSION_CLOSED && !$is_member) { api_not_allowed(true); } } if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') { $group_role = $usergroup->get_user_group_role(api_get_user_id(), $group_id); if (api_is_platform_admin() || in_array($group_role, array(GROUP_USER_PERMISSION_ADMIN, GROUP_USER_PERMISSION_MODERATOR))) { $usergroup->delete_topic($group_id, $topic_id); header("Location: groups.php?id={$group_id}&action=show_message&msg=topic_deleted"); exit; } } $content = null; // save message group $currentToken = Security::getCurrentToken(); if (isset($_POST['action'])) { $title = isset($_POST['title']) ? $_POST['title'] : null; $content = $_POST['content']; $group_id = intval($_POST['group_id']); $parent_id = intval($_POST['parent_id']); if ($_POST['action'] == 'reply_message_group') { $title = Text::cut($content, 50); } if ($_POST['action'] == 'edit_message_group') { $edit_message_id = intval($_POST['message_id']); $res = MessageManager::send_message(0, $title, $content, $_FILES, '', $group_id, $parent_id, $edit_message_id, 0, $topic_id); } else { if ($_POST['action'] == 'add_message_group' && !$is_member) { api_not_allowed(); }
} if ($active == '0') { $action = 'unlock'; $image = 'wrong'; } // you cannot lock the default if ($row['id'] == '1') { $status = Display::return_icon($image . '.gif', get_lang(ucfirst($action))); } else { $status = '<a href="access_urls.php?action=' . $action . '&url_id=' . $row['id'] . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon($image . '.gif', get_lang(ucfirst($action))) . '</a>'; } //Actions $url_id = $row['id']; $actions = Display::url(Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL), "access_url_edit.php?url_id={$url_id}"); if ($url_id != '1') { $actions .= '<a href="access_urls.php?action=delete_url&url_id=' . $url_id . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } $urls[] = array($url, $name, $type, $tech, $contact, $status, $actions); } $table = new SortableTableFromArrayConfig($urls, 2, 50, 'urls'); $table->set_additional_parameters($parameters); //$table->set_header(0, ''); $table->set_header(0, 'URL'); $table->set_header(1, get_lang('Name')); $table->set_header(2, get_lang('URLType')); $table->set_header(3, 'Dl/Ul/Delay in Kbit/s'); $table->set_header(4, get_lang('Contact')); $table->set_header(5, get_lang('Active')); $table->set_header(6, get_lang('Modify'), false); $table->display(); /* FOOTER */
/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $_admins_list, $delete_user_available, $app; $is_admin = false; $userId = api_get_user_id(); if (is_array($_admins_list)) { $is_admin = in_array($user_id, $_admins_list); } $statusname = api_get_status_langvars(); $user_is_anonymous = false; $current_user_status_label = $row['7']; if ($current_user_status_label == $statusname[ANONYMOUS]) { $user_is_anonymous = true; } $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for // students (not teachers nor other admins), and only if all options // match to say this user has the permission to do so // $_configuration['login_as_forbidden_globally'], defined in // configuration.php, is the master key to these conditions global $_configuration; if (empty($_configuration['login_as_forbidden_globally']) && (api_is_global_platform_admin() || api_get_setting('login_as_allowed') === 'true' && (api_is_platform_admin() || api_is_session_admin() && $current_user_status_label == $statusname[STUDENT]))) { if (!$user_is_anonymous) { if ($app['security']->isGranted('ROLE_GLOBAL_ADMIN')) { // everything looks good, show "login as" link if ($user_id != $userId) { $result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user='******'">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if this user in particular can't be edited, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if anonymous user but other users show the option, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } // Else don't show anything, because the option is not available at all //$result .= Display::url('<i class="icon-key icon-large"></i>', 'roles'); if ($current_user_status_label != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')) . ' '; } else { $result .= '<a href="../mySpace/myStudents.php?student=' . $user_id . '">' . Display::return_icon('statistics.gif', get_lang('Reporting')) . '</a> '; } if (api_is_platform_admin(true)) { if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } else { if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) { $result .= '<a href="dashboard_add_users_to_user.php?user='******'">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>'; $result .= '<a href="dashboard_add_courses_to_user.php?user='******'">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> '; $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } else { if ($current_user_status_label == $statusname[SESSIONADMIN]) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; if ($delete_user_available) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }
function actions_filter($option_id, $url_params, $row) { global $number_of_options; if ($row[0] != 1) { $return .= '<a href="' . api_get_self() . '?action=moveup&option_id=' . $option_id . '&field_id=' . Security::remove_XSS($_GET['field_id']) . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon('up.gif', get_lang('Up')) . '</a>'; } else { $return .= Display::return_icon('blank.gif', '', array('width' => '21px')); } // the down icon only has to appear when the row can be moved down (all but the last row) if ($row[0] != $number_of_options) { $return .= '<a href="' . api_get_self() . '?action=movedown&option_id=' . $option_id . '&field_id=' . Security::remove_XSS($_GET['field_id']) . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon('down.gif', get_lang('Down')) . '</a>'; } return $return; }
// Breadcrumbs. $interbreadcrumb[] = array('url' => api_get_path(WEB_PATH) . 'user_portal.php', 'name' => get_lang('MyCourses')); if (empty($nameTools)) { $nameTools = get_lang('CourseManagement'); } else { if (!in_array($action, array('sortmycourses', 'createcoursecategory', 'display_random_courses', 'display_courses', 'subscribe'))) { $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'auth/courses.php', 'name' => get_lang('CourseManagement')); } if ($action == 'createcoursecategory') { $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH) . 'auth/courses.php?action=sortmycourses', 'name' => get_lang('SortMyCourses')); } $interbreadcrumb[] = array('url' => '#', 'name' => $nameTools); } // course description controller object $courses_controller = new CoursesController(); $ctok = Security::getCurrentToken(); // We are moving a course or category of the user up/down the list (=Sort My Courses). if (isset($_GET['move'])) { if (isset($_GET['course'])) { if ($ctok == $_GET['sec_token']) { $courses_controller->move_course($_GET['move'], $_GET['course'], $_GET['category']); } } if (isset($_GET['category']) && !$_GET['course']) { if ($ctok == $_GET['sec_token']) { $courses_controller->move_category($_GET['move'], $_GET['category']); } } } // We are moving the course of the user to a different user defined course category (=Sort My Courses). if (isset($_POST['submit_change_course_category'])) {
/** * This function checks that the token generated in get_token() has been kept (prevents * Cross-Site Request Forgeries attacks) * @param string $request_type The array in which to get the token ('get' or 'post') * * @return bool True if it's the right token, false otherwise * */ public static function check_token($request_type = 'post') { $currentSessionToken = Security::getCurrentToken(); switch ($request_type) { case 'request': if (isset($currentSessionToken) && isset($_REQUEST['sec_token']) && $currentSessionToken === $_REQUEST['sec_token']) { return true; } return false; case 'get': if (isset($currentSessionToken) && isset($_GET['sec_token']) && $currentSessionToken === $_GET['sec_token']) { return true; } return false; case 'post': if (isset($currentSessionToken) && isset($_POST['sec_token']) && $currentSessionToken === $_POST['sec_token']) { return true; } return false; default: if (isset($currentSessionToken) && isset($request_type) && $currentSessionToken === $request_type) { return true; } return false; } return false; // Just in case, don't let anything slip. }
/** * Subscribe the user to a given course * @param string Course code * @return string Message about results */ public function subscribe_user($course_code) { $user_id = api_get_user_id(); $all_course_information = CourseManager::get_course_information($course_code); if ($all_course_information['registration_code'] == '' || $_POST['course_registration_code'] == $all_course_information['registration_code']) { if (api_is_platform_admin()) { $status_user_in_new_course = COURSEMANAGER; } else { $status_user_in_new_course = null; } if (CourseManager::add_user_to_course($user_id, $all_course_information['real_id'], $status_user_in_new_course)) { $send = api_get_course_setting('email_alert_to_teacher_on_new_user_in_course', $course_code); if ($send == 1) { CourseManager::email_to_tutor($user_id, $course_code, $send_to_tutor_also = false); } else { if ($send == 2) { CourseManager::email_to_tutor($user_id, $course_code, $send_to_tutor_also = true); } } $url = Display::url($all_course_information['title'], api_get_course_url($course_code)); $message = sprintf(get_lang('EnrollToCourseXSuccessful'), $url); } else { $message = get_lang('ErrorContactPlatformAdmin'); } return array('message' => $message); } else { if (isset($_POST['course_registration_code']) && $_POST['course_registration_code'] != $all_course_information['registration_code']) { return false; } $message = get_lang('CourseRequiresPassword') . '<br />'; $message .= $all_course_information['title'] . ' (' . $all_course_information['visual_code'] . ') '; $action = api_get_path(WEB_CODE_PATH) . "auth/courses.php?action=subscribe_user_with_password&sec_token=" . Security::getCurrentToken(); $form = new FormValidator('subscribe_user_with_password', 'post', $action); $form->addElement('hidden', 'sec_token', Security::getCurrentToken()); $form->addElement('hidden', 'subscribe_user_with_password', $all_course_information['code']); $form->addElement('text', 'course_registration_code'); $form->addElement('button', 'submit', get_lang('SubmitRegistrationCode')); $content = $form->return_form(); return array('message' => $message, 'content' => $content); } }
/** * Build the active-column of the table to lock or unlock a certain user * lock = the user can no longer use this account * @author Patrick Cool <*****@*****.**>, Ghent University * @param int $active the current state of the account * @param int $user_id The user id * @param string $url_params * @return string Some HTML-code with the lock/unlock button */ function active_filter($active, $url_params, $row) { global $_user; if ($active == '1') { $action = 'lock'; $image = 'right'; } elseif ($active == '-1') { $action = 'edit'; $image = 'expired'; } elseif ($active == '0') { $action = 'unlock'; $image = 'wrong'; } if ($action == 'edit') { $result = Display::return_icon($image . '.gif', get_lang('AccountExpired')); } elseif ($row['0'] != $_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result = '<a href="user_list.php?action=' . $action . '&user_id=' . $row['0'] . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '">' . Display::return_icon($image . '.gif', get_lang(ucfirst($action))) . '</a>'; } return $result; }
/** * Build the modify-column of the table * @param int $user_id The user id * @param string $url_params * @return string Some HTML-code with modify-buttons * @author Mustapha Alouani */ function modify_filter($user_id, $url_params, $row) { $url_params_id = "id[]=" . $row[0]; //$url_params_id="id=".$row[0]; $result .= '<a href="ldap_users_list.php?action=add_user&user_id=' . $user_id . '&id_session=' . Security::remove_XSS($_GET['id_session']) . '&' . $url_params_id . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES, api_get_system_encoding())) . "'" . ')) return false;">' . Display::return_icon('add_user.gif', get_lang('AddUsers')) . '</a>'; return $result; }
/** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $delete_user_available; $userId = api_get_user_id(); $is_admin = $row['is_admin']; $user_is_anonymous = $row['is_anonymous']; $result = ''; if (!$user_is_anonymous) { $icon = Display::return_icon('course.png', get_lang('Courses'), array('onmouseout' => 'clear_course_list (\'div_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_' . $user_id . '"> </div> </a>'; $icon = Display::return_icon('session.png', get_lang('Sessions'), array('onmouseout' => 'clear_session_list (\'div_s_' . $user_id . '\')')); $result .= '<a href="javascript:void(0)" onclick="load_session_list(\'div_s_' . $user_id . '\',' . $user_id . ')" > ' . $icon . ' <div class="blackboard_hide" id="div_s_' . $user_id . '"> </div> </a>'; } else { $result .= Display::return_icon('course_na.png', get_lang('Courses')) . ' '; $result .= Display::return_icon('course_na.png', get_lang('Sessions')) . ' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id=' . $user_id . '">' . Display::return_icon('synthese_view.gif', get_lang('Info')) . '</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')) . ' '; } } //only allow platform admins to login_as, or session admins only for // students (not teachers nor other admins), and only if all options // match to say this user has the permission to do so // $_configuration['login_as_forbidden_globally'], defined in // configuration.php, is the master key to these conditions if (Container::getSecurity()->isGranted('ROLE_GLOBAL_ADMIN')) { // everything looks good, show "login as" link if ($user_id != $userId) { $result .= '<a href="' . api_get_path(WEB_PUBLIC_PATH) . '?_switch_user='******'">' . Display::return_icon('login_as.gif', get_lang('LoginAs')) . '</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } } else { // if this user in particular can't be edited, show disabled $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')) . ' '; } if (api_is_platform_admin(true)) { if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="user_edit.php?user_id=' . $user_id . '">' . Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL) . '</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'), array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } //var_dump($row['groups']); if (api_is_platform_admin()) { if ($row['groups']->containsKey('drh') || $is_admin) { $result .= '<a href="dashboard_add_users_to_user.php?user='******'">' . Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'), '', ICON_SIZE_SMALL) . '</a>'; $result .= '<a href="dashboard_add_courses_to_user.php?user='******'">' . Display::return_icon('course_add.gif', get_lang('AssignCourses')) . '</a> '; $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } else { if ($row['groups']->containsKey('session_admin')) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='******'">' . Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')) . '</a> '; } } } if (api_is_platform_admin()) { $result .= ' <a href="' . api_get_path(WEB_AJAX_PATH) . 'agenda.ajax.php?a=get_user_agenda&user_id=' . $user_id . '" class="agenda_opener">' . Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL) . '</a>'; if ($delete_user_available) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id=' . $user_id . '&' . $url_params . '&sec_token=' . Security::getCurrentToken() . '" onclick="javascript:if(!confirm(' . "'" . addslashes(get_lang("ConfirmYourChoice")) . "'" . ')) return false;">' . Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL) . '</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; }