/**
* @package chamilo.survey
* @author Arnaud Ligot <*****@*****.**>
* @version $Id: $
*
* A small peace of code to enable user to access images included into survey
* which are accessible by non authenticated users. This file is included
* by document/download.php
*/
function check_download_survey($course, $invitation, $doc_url)
{
require_once 'survey.lib.php';
// Getting all the course information
$_course = CourseManager::get_course_information($course);
$course_id = $_course['real_id'];
// Database table definitions
$table_survey = Database::get_course_table(TABLE_SURVEY);
$table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION);
// Now we check if the invitationcode is valid
$sql = "SELECT * FROM {$table_survey_invitation}\n\t WHERE\n\t c_id = {$course_id} AND\n\t invitation_code = '" . Database::escape_string($invitation) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) < 1) {
Display::display_error_message(get_lang('WrongInvitationCode'), false);
Display::display_footer();
exit;
}
$survey_invitation = Database::fetch_assoc($result);
// Now we check if the user already filled the survey
if ($survey_invitation['answered'] == 1) {
Display::display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false);
Display::display_footer();
exit;
}
// Very basic security check: check if a text field from a survey/answer/option contains the name of the document requested
// Fetch survey ID
// If this is the case there will be a language choice
$sql = "SELECT * FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t code='" . Database::escape_string($survey_invitation['survey_code']) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 1) {
if ($_POST['language']) {
$survey_invitation['survey_id'] = $_POST['language'];
} else {
echo '<form id="language" name="language" method="POST" action="' . api_get_self() . '?course=' . $_GET['course'] . '&invitationcode=' . $_GET['invitationcode'] . '">';
echo ' <select name="language">';
while ($row = Database::fetch_assoc($result)) {
echo '<option value="' . $row['survey_id'] . '">' . $row['lang'] . '</option>';
}
echo '</select>';
echo ' <input type="submit" name="Submit" value="' . get_lang('Ok') . '" />';
echo '</form>';
display::display_footer();
exit;
}
} else {
$row = Database::fetch_assoc($result);
$survey_invitation['survey_id'] = $row['survey_id'];
}
$sql = "SELECT count(*)\n\t FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n title LIKE '%{$doc_url}%'\n or subtitle LIKE '%{$doc_url}%'\n or intro LIKE '%{$doc_url}%'\n or surveythanks LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n survey_question LIKE '%{$doc_url}%'\n or survey_question_comment LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question_option}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n option_text LIKE '%{$doc_url}%'\n )";
$result = Database::query($sql);
if (Database::num_rows($result) == 0) {
Display::display_error_message(get_lang('WrongInvitationCode'), false);
Display::display_footer();
exit;
}
return $_course;
}
$stud_id = api_is_allowed_to_edit() ? null : api_get_user_id();
$allcat = $cats[0]->get_subcategories($stud_id);
$alleval = $cats[0]->get_evaluations($stud_id);
$alllink = $cats[0]->get_links($stud_id);
}
$addparams = array('selectcat' => $cats[0]->get_id());
if (isset($_GET['search'])) {
$addparams['search'] = $keyword;
}
if (isset($_GET['studentoverview'])) {
$addparams['studentoverview'] = '';
}
if (isset($allcat_info) && count($allcat_info) >= 0 && (isset($_GET['selectcat']) && $_GET['selectcat'] == 0) && isset($_GET['search']) && strlen(trim($_GET['search'])) > 0) {
$allcat = $allcat_info;
} else {
$allcat = $allcat;
}
$gradebooktable = new GradebookTable($cats[0], $allcat, $alleval, $alllink, $addparams);
if (empty($allcat) && empty($alleval) && empty($alllink) && !$is_platform_admin && $is_course_admin && !isset($_GET['selectcat']) && api_is_course_tutor()) {
Display::display_normal_message(get_lang('GradebookWelcomeMessage') . '<br /><br /><form name="createcat" method="post" action="' . api_get_self() . '?createallcategories=1"><input type="submit" value="' . get_lang('CreateAllCat') . '"></form>', false);
}
// Here we are in a sub category
if ($category != '0') {
DisplayGradebook::header($cats[0], 1, $_GET['selectcat'], $is_course_admin, $is_platform_admin, $simple_search_form);
} else {
// This is the root category
DisplayGradebook::header($cats[0], count($allcat) == '0' && !isset($_GET['search']) ? 0 : 1, 0, $is_course_admin, $is_platform_admin, $simple_search_form);
}
$gradebooktable->display();
Display::display_footer();
/**
* Check whether this survey has ended. If so, display message and exit rhis script
*/
function check_time_availability($surv_data) {
$start_date = mktime(0, 0, 0, substr($surv_data['start_date'], 5, 2), substr($surv_data['start_date'], 8, 2), substr($surv_data['start_date'], 0, 4));
$end_date = mktime(0, 0, 0, substr($surv_data['end_date'], 5, 2), substr($surv_data['end_date'], 8, 2), substr($surv_data['end_date'], 0, 4));
$cur_date = time();
if ($cur_date < $start_date) {
Display :: display_warning_message(get_lang('SurveyNotAvailableYet'), false);
Display :: display_footer();
exit;
}
if ($cur_date > $end_date) {
Display :: display_warning_message(get_lang('SurveyNotAvailableAnymore'), false);
Display :: display_footer();
exit;
}
}
/**
* This function checks the parameters that are used in this page
*
* @return string The header, an error and the footer if any parameter fails, else it returns true
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version February 2007
*/
static function check_parameters($people_filled)
{
$error = false;
// Getting the survey data
$survey_data = SurveyManager::get_survey($_GET['survey_id']);
// $_GET['survey_id'] has to be numeric
if (!is_numeric($_GET['survey_id'])) {
$error = get_lang('IllegalSurveyId');
}
// $_GET['action']
$allowed_actions = array('overview', 'questionreport', 'userreport', 'comparativereport', 'completereport', 'deleteuserreport');
if (isset($_GET['action']) && !in_array($_GET['action'], $allowed_actions)) {
$error = get_lang('ActionNotAllowed');
}
// User report
if (isset($_GET['action']) && $_GET['action'] == 'userreport') {
if ($survey_data['anonymous'] == 0) {
foreach ($people_filled as $key => &$value) {
$people_filled_userids[] = $value['invited_user'];
}
} else {
$people_filled_userids = $people_filled;
}
if (isset($_GET['user']) && !in_array($_GET['user'], $people_filled_userids)) {
$error = get_lang('UnknowUser');
}
}
// Question report
if (isset($_GET['action']) && $_GET['action'] == 'questionreport') {
if (isset($_GET['question']) && !is_numeric($_GET['question'])) {
$error = get_lang('UnknowQuestion');
}
}
if ($error) {
$tool_name = get_lang('Reporting');
Display::display_header($tool_name);
Display::display_error_message(get_lang('Error') . ': ' . $error, false);
Display::display_footer();
exit;
} else {
return true;
}
}
/**
* This function is called when the user is not allowed in this forum/thread/...
* @return bool display message of "not allowed"
*
* @author Patrick Cool <*****@*****.**>, Ghent University
* @version february 2006, dokeos 1.8
*/
function forum_not_allowed_here()
{
Display::display_error_message(get_lang('NotAllowedHere'));
Display::display_footer();
return false;
}
/**
* Make sure this function is protected because it does NOT check password!
*
* This function defines globals.
* @param int $userId
*
* @return bool False on failure, redirection on success
* @author Evie Embrechts
* @author Yannick Warnier <*****@*****.**>
*/
function loginUser($userId)
{
$userId = intval($userId);
$userInfo = api_get_user_info($userId);
// Check if the user is allowed to 'login_as'
$canLoginAs = api_can_login_as($userId);
if (!$canLoginAs || empty($userInfo)) {
return false;
}
$firstname = $userInfo['firstname'];
$lastname = $userInfo['lastname'];
if (api_is_western_name_order()) {
$message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $userId);
} else {
$message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $userId);
}
if ($userId) {
// Logout the current user
LoginDelete(api_get_user_id());
Session::erase('_user');
Session::erase('is_platformAdmin');
Session::erase('is_allowedCreateCourse');
Session::erase('_uid');
// Cleaning session variables
$_user['firstName'] = $userInfo['firstname'];
$_user['lastName'] = $userInfo['lastname'];
$_user['mail'] = $userInfo['email'];
//$_user['lastLogin'] = $user_data['login_date'];
$_user['official_code'] = $userInfo['official_code'];
$_user['picture_uri'] = $userInfo['picture_uri'];
$_user['user_id'] = $userId;
$_user['id'] = $userId;
$_user['status'] = $userInfo['status'];
// Filling session variables with new data
Session::write('_uid', $userId);
Session::write('_user', $userInfo);
Session::write('is_platformAdmin', (bool) UserManager::is_admin($userId));
Session::write('is_allowedCreateCourse', (bool) ($userInfo['status'] == 1));
// will be useful later to know if the user is actually an admin or not (example reporting)
Session::write('login_as', true);
$target_url = api_get_path(WEB_PATH) . "user_portal.php";
$message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>');
Display::display_header(get_lang('UserList'));
Display::display_normal_message($message, false);
Display::display_footer();
exit;
}
}
/**
* Make sure this function is protected because it does NOT check password!
*
* This function defines globals.
* @param int User ID
* @return bool False on failure, redirection on success
* @author Evie Embrechts
* @author Yannick Warnier <*****@*****.**>
*/
function login_user($user_id)
{
$user_id = intval($user_id);
$user_info = api_get_user_info($user_id);
// Check if the user is allowed to 'login_as'
$can_login_as = api_can_login_as($user_id);
if (!$can_login_as) {
return false;
}
//Load $_user to be sure we clean it before logging in
global $uidReset, $loginFailed, $_user;
$main_user_table = Database::get_main_table(TABLE_MAIN_USER);
$main_admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
$track_e_login_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN);
unset($_user['user_id']);
// uid not in session ? prevent any hacking
$firstname = $user_info['firstname'];
$lastname = $user_info['lastname'];
$user_id = $user_info['user_id'];
//$message = "Attempting to login as ".api_get_person_name($firstname, $lastname)." (id ".$user_id.")";
if (api_is_western_name_order()) {
$message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $user_id);
} else {
$message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $user_id);
}
$loginFailed = false;
$uidReset = false;
if ($user_id) {
// a uid is given (log in succeeded)
$sql_query = "SELECT user.*, a.user_id is_admin,\n\t\t\tUNIX_TIMESTAMP(login.login_date) login_date\n\t\t\tFROM {$main_user_table}\n\t\t\tLEFT JOIN {$main_admin_table} a\n\t\t\tON user.user_id = a.user_id\n\t\t\tLEFT JOIN {$track_e_login_table} login\n\t\t\tON user.user_id = login.login_user_id\n\t\t\tWHERE user.user_id = '" . $user_id . "'\n\t\t\tORDER BY login.login_date DESC LIMIT 1";
$sql_result = Database::query($sql_query);
if (Database::num_rows($sql_result) > 0) {
// Extracting the user data
$user_data = Database::fetch_array($sql_result);
//Delog the current user
LoginDelete($_SESSION["_user"]["user_id"]);
// Cleaning session variables
unset($_SESSION['_user']);
unset($_SESSION['is_platformAdmin']);
unset($_SESSION['is_allowedCreateCourse']);
unset($_SESSION['_uid']);
$_user['firstName'] = $user_data['firstname'];
$_user['lastName'] = $user_data['lastname'];
$_user['mail'] = $user_data['email'];
$_user['lastLogin'] = $user_data['login_date'];
$_user['official_code'] = $user_data['official_code'];
$_user['picture_uri'] = $user_data['picture_uri'];
$_user['user_id'] = $user_data['user_id'];
$_user['status'] = $user_data['status'];
$is_platformAdmin = (bool) (!is_null($user_data['is_admin']));
$is_allowedCreateCourse = (bool) ($user_data['status'] == 1);
// Filling session variables with new data
$_SESSION['_uid'] = $user_id;
$_SESSION['_user'] = $_user;
$_SESSION['is_platformAdmin'] = $is_platformAdmin;
$_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse;
$_SESSION['login_as'] = true;
// will be useful later to know if the user is actually an admin or not (example reporting)s
$target_url = api_get_path(WEB_PATH) . "user_portal.php";
$message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>');
Display::display_header(get_lang('UserList'));
Display::display_normal_message($message, false);
Display::display_footer();
exit;
} else {
exit("<br />WARNING UNDEFINED UID !! ");
}
}
}
function display_footer()
{
Display::display_footer();
}
/**
* Run the controller. Ensure security and execute requested action.
*/
public function run()
{
if (!$this->accept()) {
Display::display_header();
Display::display_error_message(get_lang('NotAuthorized'));
Display::display_footer();
die;
}
$action = $this->get_action();
$format = $this->get_format();
$f = array($this, $action . '_' . $format);
if (is_callable($f)) {
call_user_func($f);
}
}
/**
* Read the spreadsheet file using OLE, then parse
*
* @access public
* @param filename
* @todo return a valid value
*/
function read($sFileName)
{
/*
require_once 'OLE.php';
$ole = new OLE();
$ole->read($sFileName);
foreach ($ole->_list as $i => $pps) {
if (($pps->Name == 'Workbook' || $pps->Name == 'Book') &&
$pps->Size >= SMALL_BLOCK_THRESHOLD) {
$this->data = $ole->getData($i, 0, $ole->getDataLength($i));
} elseif ($pps->Name == 'Root Entry') {
$this->data = $ole->getData($i, 0, $ole->getDataLength($i));
}
//var_dump(strlen($ole->getData($i, 0, $ole->getDataLength($i))), $pps->Name, md5($this->data), $ole->getDataLength($i));
}
//exit;
$this->_parse();
return sizeof($this->sheets) > 0;
*/
$res = $this->_ole->read($sFileName);
// oops, something goes wrong (Darko Miljanovic)
if ($res === false) {
// check error code
if ($this->_ole->error == 1) {
// bad file
//die('The filename ' . $sFileName . ' is not readable');
Display::display_header('');
Display::display_error_message(get_lang('XLSFileNotValid'));
Display::display_footer();
exit;
}
// check other error codes here (eg bad fileformat, etc...)
}
$this->data = $this->_ole->getWorkBook();
/*
$res = $this->_ole->read($sFileName);
if ($this->isError($res)) {
// var_dump($res);
return $this->raiseError($res);
}
$total = $this->_ole->ppsTotal();
for ($i = 0; $i < $total; $i++) {
if ($this->_ole->isFile($i)) {
$type = unpack("v", $this->_ole->getData($i, 0, 2));
if ($type[''] == 0x0809) { // check if it's a BIFF stream
$this->_index = $i;
$this->data = $this->_ole->getData($i, 0, $this->_ole->getDataLength($i));
break;
}
}
}
if ($this->_index === null) {
return $this->raiseError("$file doesn't seem to be an Excel file");
}
*/
//echo "data =".$this->data;
//$this->readRecords();
$this->_parse();
}
</div>
<div noWrap="1" id="maindiv">
<?php if ($keywordscache == '') { ?>   <?php } else { ?>
<input type="checkbox" id="restricttokwds">Keywords-restrictive search<br>
<input type="button" class="btn" value="+" onClick="if (this.value == '+') deselectAll(event, this); openOrClose(this);"/>
<input type="button" class="btm" id="btnOpenOrCloseAll" value="++" onClick="openOrCloseAll(this);"/>
<input type="button" class="btn" value="?" onClick="openOrCloseHelp(this)"/>
 <?php echo get_lang('ClickKw'), $keywordscache; } ?>
</div>
<div id='moreHelp' class='dvc'>
<?php echo get_lang('KwHelp')?>
</div>
</div><!-- onMouseUp -->
<?php
/***** Example inserting in own domain (not used here)
* PhpDig installed at: http://www.domain.com/phpdig/
* Want search page at: http://www.domain.com/search.php
* Copy http://www.domain.com/phpdig/search.php to http://www.domain.com/search.php
* Copy http://www.domain.com/phpdig/clickstats.php to http://www.domain.com/clickstats.php
* Set $relative_script_path = './phpdig'; in search.php, clickstats.php, and function_phpdig_form.php
* Add ($relative_script_path != "./phpdig") && to if statement
*****/
echo "\n"; Display::display_footer();
?>
