/**
* Creates a new url access
*
* @author Julio Montoya <*****@*****.**>,
*
* @param string The URL of the site
* @param string The description of the site
* @param int is active or not
* @param int the user_id of the owner
* @param int The type of URL (1=multiple-access-url, 2=sincro-server, 3=sincro-client)
* @param array If the type is different than 1, then there might be extra URL parameters to take into account
* @return boolean if success
*/
public static function add($url, $description, $active, $type = 1, $extra_params)
{
$tms = time();
$type = intval($type);
$table_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL);
$u = api_get_user_id();
if ($u == 0) {
$u = api_get_anonymous_id();
}
if ($type > 1) {
$active = 0;
}
$sql = "INSERT INTO {$table_access_url} " . " SET url \t= '" . Database::escape_string($url) . "', " . " description = '" . Database::escape_string($description) . "', " . " active \t\t= {$active}, " . " created_by \t= {$u}, " . " url_type = {$type}, " . " tms = FROM_UNIXTIME(" . $tms . ")";
$result = Database::query($sql);
$id = Database::insert_id();
if ($result !== false && $type == 3 && count($extra_params) > 0) {
// Register extra parameters in the branch_sync table
$t = Database::get_main_table(TABLE_BRANCH_SYNC);
$sql = "INSERT INTO {$t} SET " . " access_url_id = {$id} " . (!empty($extra_params['ip']) ? ", branch_ip = '" . Database::escape_string($extra_params['ip']) . "'" : "") . (!empty($extra_params['name']) ? ", branch_name = '" . Database::escape_string($extra_params['name']) . "'" : "") . (!empty($extra_params['last_sync']) ? ", last_sync_trans_id = '" . Database::escape_string($extra_params['last_sync']) . "'" : "") . (!empty($extra_params['dwn_speed']) ? ", dwn_speed = '" . Database::escape_string($extra_params['dwn_speed']) . "'" : "") . (!empty($extra_params['up_speed']) ? ", up_speed = '" . Database::escape_string($extra_params['up_speed']) . "'" : "") . (!empty($extra_params['delay']) ? ", delay = '" . Database::escape_string($extra_params['delay']) . "'" : "") . (!empty($extra_params['admin_mail']) ? ", admin_mail = '" . Database::escape_string($extra_params['admin_mail']) . "'" : "") . (!empty($extra_params['admin_name']) ? ", admin_name = '" . Database::escape_string($extra_params['admin_name']) . "'" : "") . (!empty($extra_params['admin_phone']) ? ", admin_phone = '" . Database::escape_string($extra_params['admin_phone']) . "'" : "") . (!empty($extra_params['latitude']) ? ", latitude = '" . Database::escape_string($extra_params['latitude']) . "'" : "") . (!empty($extra_params['longitude']) ? ", longitude = '" . Database::escape_string($extra_params['longitude']) . "'" : "") . ", last_sync_trans_date = '" . api_get_utc_datetime() . "'";
$result = $result && Database::query($sql);
}
return $result;
}
$redirect = !empty($_GET['no_redirect']) ? false : true;
$controller->logout($redirect);
}
/* Table definitions */
/* Constants and CONFIGURATION parameters */
/** @todo these configuration settings should move to the Chamilo config settings. */
/** Defines wether or not anonymous visitors can see a list of the courses on the Chamilo homepage that are open to the world. */
$_setting['display_courses_to_anonymous_users'] = 'true';
/* LOGIN */
/**
* Registers in the track_e_default table (view in important activities in admin
* interface) a possible attempted break in, sending auth data through get.
* @todo This piece of code should probably move to local.inc.php where the actual login / logout procedure is handled. The real use of this code block should be seriously considered as well. This form should just use a security token and get done with it.
*/
if (isset($_GET['submitAuth']) && $_GET['submitAuth'] == 1) {
$i = api_get_anonymous_id();
Event::addEvent(LOG_ATTEMPTED_FORCED_LOGIN, 'tried_hacking_get', $_SERVER['REMOTE_ADDR'] . (empty($_POST['login']) ? '' : '/' . $_POST['login']), null, $i);
echo 'Attempted breakin - sysadmins notified.';
session_destroy();
die;
}
// Delete session neccesary for legal terms
if (api_get_setting('allow_terms_conditions') == 'true') {
Session::erase('term_and_condition');
}
//If we are not logged in and customapages activated
if (!api_get_user_id() && CustomPages::enabled()) {
if (Request::get('loggedout')) {
CustomPages::display(CustomPages::LOGGED_OUT);
} else {
CustomPages::display(CustomPages::INDEX_UNLOGGED);
// setting the section (for the tabs)
$this_section = SECTION_PLATFORM_ADMIN;
// Access restrictions
api_protect_admin_script(true);
// setting breadcrumbs
$interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
$interbreadcrumb[] = array('url' => 'user_list.php', 'name' => get_lang('UserList'));
// Database Table Definitions
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
$tbl_session_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
// initializing variables
$id_session = intval($_GET['id_session']);
$user_id = intval($_GET['user']);
$user_info = api_get_user_info($user_id);
$user_anonymous = api_get_anonymous_id();
$current_user_id = api_get_user_id();
// setting the name of the tool
if (UserManager::is_admin($user_id)) {
$tool_name = get_lang('AssignSessionsToPlatformAdministrator');
} else {
if ($user_info['status'] == SESSIONADMIN) {
$tool_name = get_lang('AssignSessionsToSessionsAdministrator');
} else {
$tool_name = get_lang('AssignSessionsToHumanResourcesManager');
}
}
$add_type = 'multiple';
if (isset($_GET['add_type']) && $_GET['add_type'] != '') {
$add_type = Security::remove_XSS($_REQUEST['add_type']);
}
/**
* Record an event for this attempt at answering an exercise
* @param float Score achieved
* @param string Answer given
* @param integer Question ID
* @param integer Exercise attempt ID a.k.a exe_id (from track_e_exercise)
* @param integer Position
* @param integer Exercise ID (from c_quiz)
* @param bool update results?
* @param string Filename (for audio answers - using nanogong)
* @param integer User ID The user who's going to get this score. Default value of null means "get from context".
* @param integer Course ID (from the "id" column of course table). Default value of null means "get from context".
* @param integer Session ID (from the session table). Default value of null means "get from context".
* @param integer Learnpath ID (from c_lp table). Default value of null means "get from context".
* @param integer Learnpath item ID (from the c_lp_item table). Default value of null means "get from context".
* @return boolean Result of the insert query
*/
public static function saveQuestionAttempt($score, $answer, $question_id, $exe_id, $position, $exercise_id = 0, $updateResults = false, $nano = null, $user_id = null, $course_id = null, $session_id = null, $learnpath_id = null, $learnpath_item_id = null)
{
global $debug;
$question_id = Database::escape_string($question_id);
$exe_id = Database::escape_string($exe_id);
$position = Database::escape_string($position);
$now = api_get_utc_datetime();
// check user_id or get from context
if (empty($user_id)) {
$user_id = api_get_user_id();
// anonymous
if (empty($user_id)) {
$user_id = api_get_anonymous_id();
}
}
// check course_id or get from context
if (empty($course_id) or intval($course_id) != $course_id) {
$course_id = api_get_course_int_id();
}
// check session_id or get from context
if (empty($session_id)) {
$session_id = api_get_session_id();
}
// check learnpath_id or get from context
if (empty($learnpath_id)) {
global $learnpath_id;
}
// check learnpath_item_id or get from context
if (empty($learnpath_item_id)) {
global $learnpath_item_id;
}
$TBL_TRACK_ATTEMPT = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT);
if ($debug) {
error_log("----- entering saveQuestionAttempt() function ------");
error_log("answer: {$answer}");
error_log("score: {$score}");
error_log("question_id : {$question_id}");
error_log("position: {$position}");
}
//Validation in case of fraud with active control time
if (!ExerciseLib::exercise_time_control_is_valid($exercise_id, $learnpath_id, $learnpath_item_id)) {
if ($debug) {
error_log("exercise_time_control_is_valid is false");
}
$score = 0;
$answer = 0;
}
$file = '';
if (isset($nano)) {
$file = Database::escape_string(basename($nano->load_filename_if_exists(false)));
}
$session_id = api_get_session_id();
if (!empty($question_id) && !empty($exe_id) && !empty($user_id)) {
$attempt = array('user_id' => $user_id, 'question_id' => $question_id, 'answer' => $answer, 'marks' => $score, 'c_id' => $course_id, 'session_id' => $session_id, 'position' => $position, 'tms' => $now, 'filename' => $file);
// Check if attempt exists.
$sql = "SELECT exe_id FROM {$TBL_TRACK_ATTEMPT}\n WHERE\n c_id = {$course_id} AND\n session_id = {$session_id} AND\n exe_id = {$exe_id} AND\n user_id = {$user_id} AND\n question_id = {$question_id} AND\n position = {$position}";
$result = Database::query($sql);
if (Database::num_rows($result)) {
if ($debug) {
error_log("Attempt already exist: exe_id: {$exe_id} - user_id:{$user_id} - question_id:{$question_id}");
}
if ($updateResults == false) {
//The attempt already exist do not update use update_event_exercise() instead
return false;
}
} else {
$attempt['exe_id'] = $exe_id;
}
if ($debug) {
error_log("updateResults : {$updateResults}");
error_log("Saving question attempt: ");
error_log($sql);
}
$recording_table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ATTEMPT_RECORDING);
if ($updateResults == false) {
$attempt_id = Database::insert($TBL_TRACK_ATTEMPT, $attempt);
if (defined('ENABLED_LIVE_EXERCISE_TRACKING')) {
if ($debug) {
error_log("Saving e attempt recording ");
}
$attempt_recording = array('exe_id' => $attempt_id, 'question_id' => $question_id, 'marks' => $score, 'insert_date' => $now, 'author' => '', 'session_id' => $session_id);
Database::insert($recording_table, $attempt_recording);
}
} else {
Database::update($TBL_TRACK_ATTEMPT, $attempt, array('exe_id = ? AND question_id = ? AND user_id = ? ' => array($exe_id, $question_id, $user_id)));
if (defined('ENABLED_LIVE_EXERCISE_TRACKING')) {
$attempt_recording = array('exe_id' => $exe_id, 'question_id' => $question_id, 'marks' => $score, 'insert_date' => $now, 'author' => '', 'session_id' => $session_id);
Database::update($recording_table, $attempt_recording, array('exe_id = ? AND question_id = ? AND session_id = ? ' => array($exe_id, $question_id, $session_id)));
}
$attempt_id = $exe_id;
}
return $attempt_id;
} else {
return false;
}
}
/**
* Checks wether a user can or can't view the contents of a course.
*
* @param int $userid User id or NULL to get it from $_SESSION
* @param int $cid Course id to check whether the user is allowed.
* @return bool
*/
function api_is_course_visible_for_user($userid = null, $cid = null)
{
if ($userid == null) {
$userid = api_get_user_id();
}
if (empty($userid) || strval(intval($userid)) != $userid) {
if (api_is_anonymous()) {
$userid = api_get_anonymous_id();
} else {
return false;
}
}
$cid = Database::escape_string($cid);
$courseInfo = api_get_course_info($cid);
$courseId = $courseInfo['real_id'];
$is_platformAdmin = api_is_platform_admin();
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY);
$sql = "SELECT\n {$course_table}.category_code,\n {$course_table}.visibility,\n {$course_table}.code,\n {$course_cat_table}.code\n FROM {$course_table}\n LEFT JOIN {$course_cat_table}\n ON {$course_table}.category_code = {$course_cat_table}.code\n WHERE\n {$course_table}.code = '{$cid}'\n LIMIT 1";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$visibility = Database::fetch_array($result);
$visibility = $visibility['visibility'];
} else {
$visibility = 0;
}
// Shortcut permissions in case the visibility is "open to the world".
if ($visibility === COURSE_VISIBILITY_OPEN_WORLD) {
return true;
}
$tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT\n is_tutor, status\n FROM {$tbl_course_user}\n WHERE\n user_id = '{$userid}' AND\n relation_type <> '" . COURSE_RELATION_TYPE_RRHH . "' AND\n c_id = {$courseId}\n LIMIT 1";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
// This user has got a recorded state for this course.
$cuData = Database::fetch_array($result);
$is_courseMember = true;
$is_courseTutor = $cuData['is_tutor'] == 1;
$is_courseAdmin = $cuData['status'] == 1;
}
if (!$is_courseAdmin) {
// This user has no status related to this course.
// Is it the session coach or the session admin?
$tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
$tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$sql = "SELECT\n session.id_coach, session_admin_id, session.id\n FROM\n {$tbl_session} as session\n INNER JOIN {$tbl_session_course}\n ON session_rel_course.session_id = session.id\n AND session_rel_course.c_id = '{$courseId}'\n LIMIT 1";
$result = Database::query($sql);
$row = Database::store_result($result);
if ($row[0]['id_coach'] == $userid) {
$is_courseMember = true;
$is_courseTutor = true;
$is_courseAdmin = false;
$is_courseCoach = true;
$is_sessionAdmin = false;
} elseif ($row[0]['session_admin_id'] == $userid) {
$is_courseMember = false;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_courseCoach = false;
$is_sessionAdmin = true;
} else {
// Check if the current user is the course coach.
$sql = "SELECT 1\n FROM {$tbl_session_course}\n WHERE session_rel_course.c_id = '{$courseId}'\n AND session_rel_course.id_coach = '{$userid}'\n LIMIT 1";
$result = Database::query($sql);
//if ($row = Database::fetch_array($result)) {
if (Database::num_rows($result) > 0) {
$is_courseMember = true;
$is_courseTutor = true;
$is_courseCoach = true;
$is_sessionAdmin = false;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT status FROM {$tbl_user}\n WHERE user_id = {$userid}\n LIMIT 1";
$result = Database::query($sql);
if (Database::result($result, 0, 0) == 1) {
$is_courseAdmin = true;
} else {
$is_courseAdmin = false;
}
} else {
// Check if the user is a student is this session.
$sql = "SELECT id\n FROM {$tbl_session_course_user}\n WHERE\n user_id = '{$userid}' AND\n c_id = '{$courseId}'\n LIMIT 1";
if (Database::num_rows($result) > 0) {
// This user haa got a recorded state for this course.
while ($row = Database::fetch_array($result)) {
$is_courseMember = true;
$is_courseTutor = false;
$is_courseAdmin = false;
$is_sessionAdmin = false;
}
}
}
}
}
switch ($visibility) {
case COURSE_VISIBILITY_OPEN_WORLD:
return true;
case COURSE_VISIBILITY_OPEN_PLATFORM:
return isset($userid);
case COURSE_VISIBILITY_REGISTERED:
case COURSE_VISIBILITY_CLOSED:
return $is_platformAdmin || $is_courseMember || $is_courseAdmin;
case COURSE_VISIBILITY_HIDDEN:
return $is_platformAdmin;
}
return false;
}
function search_users($needle, $type, $relation_type)
{
global $tbl_user, $tbl_user_rel_access_url, $tbl_group_rel_user, $group_id;
$xajax_response = new xajaxResponse();
$return = $return_origin = $return_destination = '';
$without_user_id = $without_user_id = $condition_relation = '';
if (!empty($group_id) && !empty($relation_type)) {
$group_id = intval($group_id);
$relation_type = intval($relation_type);
// get user_id from relation type and group id
$sql = "SELECT user_id FROM {$tbl_group_rel_user}\n WHERE group_id = '{$group_id}'\n AND relation_type IN (" . GROUP_USER_PERMISSION_ADMIN . "," . GROUP_USER_PERMISSION_READER . "," . GROUP_USER_PERMISSION_PENDING_INVITATION . "," . GROUP_USER_PERMISSION_MODERATOR . ", " . GROUP_USER_PERMISSION_HRM . ") ";
$res = Database::query($sql);
$user_ids = array();
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
$user_ids[] = $row[0];
}
$without_user_id = " AND user.user_id NOT IN(" . implode(',', $user_ids) . ") ";
}
$condition_relation = " AND groups.relation_type = '{$relation_type}' ";
// data for destination user list
$sql = "SELECT user.user_id, user.username, user.lastname, user.firstname\n FROM {$tbl_group_rel_user} groups\n INNER JOIN {$tbl_user} user ON user.user_id = groups.user_id\n WHERE groups.group_id = '{$group_id}' {$condition_relation} ";
$rs_destination = Database::query($sql);
if (Database::num_rows($rs_destination) > 0) {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($row = Database::fetch_array($rs_destination)) {
$person_name = api_get_person_name($row['firstname'], $row['lastname']);
$return_destination .= '<option value="' . $row['user_id'] . '">' . $person_name . ' (' . $row['username'] . ')</option>';
}
$return_destination .= '</select>';
} else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
}
$xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination));
} else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response->addAssign('ajax_destination_list', 'innerHTML', api_utf8_encode($return_destination));
if ($type == 'single') {
$return .= '';
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin));
}
}
if (!empty($needle) && !empty($type)) {
$user_anonymous = api_get_anonymous_id();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
if ($type == 'single') {
if (!empty($group_id) && !empty($relation_type)) {
// search users where username or firstname or lastname begins likes $needle
$sql = "SELECT user_id, username, lastname, firstname\n FROM {$tbl_user} user\n WHERE (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n AND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11";
if (api_is_multiple_url_enabled()) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM {$tbl_user} user\n INNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n WHERE access_url_id = '{$access_url_id}' AND (username LIKE '{$needle}%' OR firstname LIKE '{$needle}%' OR lastname LIKE '{$needle}%')\n AND user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} LIMIT 11 ";
}
}
$rs_single = Database::query($sql);
$i = 0;
while ($user = Database::fetch_array($rs_single)) {
$i++;
if ($i <= 10) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return .= '<a href="javascript: void(0);" onclick="javascript: add_user(\'' . $user['user_id'] . '\',\'' . $person_name . ' (' . $user['username'] . ')' . '\')">' . $person_name . ' (' . $user['username'] . ')</a><br />';
} else {
$return .= '...<br />';
}
}
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
$xajax_response->addAlert(get_lang('YouMustChooseARelationType'));
$xajax_response->addClear('user_to_add', 'value');
}
} else {
// multiple
if (!empty($group_id) && !empty($relation_type)) {
$sql = "SELECT user_id, username, lastname, firstname FROM {$tbl_user} user\n WHERE " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%' AND user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} ";
if (api_is_multiple_url_enabled()) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname\n FROM {$tbl_user} user\n INNER JOIN {$tbl_user_rel_access_url} url_user ON (url_user.user_id=user.user_id)\n WHERE\n access_url_id = '{$access_url_id}' AND\n " . (api_sort_by_first_name() ? 'firstname' : 'lastname') . " LIKE '{$needle}%' AND\n user.user_id<>'{$user_anonymous}' {$without_user_id} {$order_clause} ";
}
}
$rs_multiple = Database::query($sql);
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($user = Database::fetch_array($rs_multiple)) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return_origin .= '<option value="' . $user['user_id'] . '">' . $person_name . ' (' . $user['username'] . ')</option>';
}
$return_origin .= '</select>';
$xajax_response->addAssign('ajax_origin_list_multiple', 'innerHTML', api_utf8_encode($return_origin));
}
}
}
return $xajax_response;
}
/**
* Record an event for this attempt at answering an exercise
* @param float Score achieved
* @param string Answer given
* @param integer Question ID
* @param integer Exercise ID
* @param integer Position
* @return boolean Result of the insert query
*/
function exercise_attempt($score, $answer, $question_id, $exe_id, $position, $exercise_id = 0, $nano = null)
{
require_once api_get_path(SYS_CODE_PATH) . 'exercice/exercise.lib.php';
global $debug, $learnpath_id, $learnpath_item_id;
$score = Database::escape_string($score);
$answer = Database::escape_string($answer);
$question_id = Database::escape_string($question_id);
$exe_id = Database::escape_string($exe_id);
$position = Database::escape_string($position);
$now = api_get_utc_datetime();
$user_id = api_get_user_id();
$TBL_TRACK_ATTEMPT = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT);
if ($debug) {
error_log("----- entering exercise_attempt() function ------");
}
if ($debug) {
error_log("answer: {$answer}");
}
if ($debug) {
error_log("score: {$score}");
}
if ($debug) {
error_log("question_id : {$question_id}");
}
if ($debug) {
error_log("position: {$position}");
}
//Validation in case of fraud with actived control time
if (!exercise_time_control_is_valid($exercise_id, $learnpath_id, $learnpath_item_id)) {
if ($debug) {
error_log("exercise_time_control_is_valid is false");
}
$score = 0;
$answer = 0;
}
if (!empty($user_id)) {
$user_id = "'" . $user_id . "'";
} else {
// anonymous
$user_id = api_get_anonymous_id();
}
$file = '';
if (isset($nano)) {
$file = Database::escape_string(basename($nano->load_filename_if_exists(false)));
}
$course_code = api_get_course_id();
$session_id = api_get_session_id();
if (!empty($question_id) && !empty($exe_id) && !empty($user_id)) {
// Check if attempt exists
$sql = "SELECT exe_id FROM {$TBL_TRACK_ATTEMPT}\n WHERE\n course_code = '{$course_code}' AND\n session_id = {$session_id} AND\n exe_id = {$exe_id} AND\n user_id = {$user_id} AND\n question_id = {$question_id} AND\n position = {$position}";
$result = Database::query($sql);
if (Database::num_rows($result)) {
if ($debug) {
error_log("Attempt already exist: exe_id: {$exe_id} - user_id:{$user_id} - question_id:{$question_id}");
}
//The attempt already exist do not update use update_event_exercice() instead
return false;
}
$sql = "INSERT INTO {$TBL_TRACK_ATTEMPT} (exe_id, user_id, question_id, answer, marks, course_code, session_id, position, tms, filename)\n VALUES (\n " . $exe_id . ",\n " . $user_id . ",\n '" . $question_id . "',\n '" . $answer . "',\n '" . $score . "',\n '" . $course_code . "',\n '" . $session_id . "',\n '" . $position . "',\n '" . $now . "',\n '" . $file . "'\n )";
if ($debug) {
error_log("Saving question attempt: ");
}
if ($debug) {
error_log($sql);
}
$res = Database::query($sql);
if (defined('ENABLED_LIVE_EXERCISE_TRACKING')) {
$recording_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT_RECORDING);
if ($debug) {
error_log("Saving e attempt recording ");
}
$recording_changes = "INSERT INTO {$recording_table} (exe_id, question_id, marks, insert_date, author, session_id)\n VALUES ('{$exe_id}','{$question_id}','{$score}','" . api_get_utc_datetime() . "','', '" . api_get_session_id() . "') ";
Database::query($recording_changes);
}
return $res;
} else {
return false;
}
}
function search_users($needle, $type)
{
global $tbl_user, $tbl_group_rel_user, $group_id;
$xajax_response = new XajaxResponse();
$return = '';
if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$user_anonymous = api_get_anonymous_id();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
$cond_user_id = '';
if (!empty($id_session)) {
$group_id = Database::escape_string($group_id);
// check id_user from session_rel_user table
$sql = 'SELECT id_user FROM ' . $tbl_group_rel_user . ' WHERE usergroup_id ="' . (int) $group_id . '"';
$res = Database::query($sql);
$user_ids = array();
if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) {
$user_ids[] = (int) $row[0];
}
}
if (count($user_ids) > 0) {
$cond_user_id = ' AND user_id NOT IN(' . implode(",", $user_ids) . ')';
}
}
if ($type == 'single') {
// search users where username or firstname or lastname begins likes $needle
$sql = 'SELECT user_id, username, lastname, firstname FROM ' . $tbl_user . ' user
WHERE ( username LIKE "' . $needle . '%" OR
firstname LIKE "' . $needle . '%" OR
lastname LIKE "' . $needle . '%"
) AND
user_id<>"' . $user_anonymous . '"' . $order_clause . ' LIMIT 11';
} else {
$sql = 'SELECT user_id, username, lastname, firstname FROM ' . $tbl_user . ' user
WHERE ' . (api_sort_by_first_name() ? 'firstname' : 'lastname') . ' LIKE "' . $needle . '%" AND user_id<>"' . $user_anonymous . '"' . $cond_user_id . $order_clause;
}
if (api_is_multiple_url_enabled()) {
$tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
if ($type == 'single') {
$sql = 'SELECT user.user_id, username, lastname, firstname
FROM ' . $tbl_user . ' user
INNER JOIN ' . $tbl_user_rel_access_url . ' url_user ON (url_user.user_id=user.user_id)
WHERE access_url_id = ' . $access_url_id . ' AND (
username LIKE "' . $needle . '%" OR
firstname LIKE "' . $needle . '%" OR
lastname LIKE "' . $needle . '%")
AND user.user_id <> "' . $user_anonymous . '"' . $order_clause . ' LIMIT 11';
} else {
$sql = 'SELECT user.user_id, username, lastname, firstname
FROM ' . $tbl_user . ' user
INNER JOIN ' . $tbl_user_rel_access_url . ' url_user ON (url_user.user_id=user.user_id)
WHERE access_url_id = ' . $access_url_id . ' AND
' . (api_sort_by_first_name() ? 'firstname' : 'lastname') . ' LIKE "' . $needle . '%" AND
user.user_id<>"' . $user_anonymous . '"' . $cond_user_id . $order_clause;
}
}
}
$rs = Database::query($sql);
$i = 0;
if ($type == 'single') {
while ($user = Database::fetch_array($rs)) {
$i++;
if ($i <= 10) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return .= '<a href="javascript: void(0);" onclick="javascript: add_user(\'' . $user['user_id'] . '\',\'' . $person_name . ' (' . $user['username'] . ')' . '\')">' . $person_name . ' (' . $user['username'] . ')</a><br />';
} else {
$return .= '...<br />';
}
}
$xajax_response->addAssign('ajax_list_users_single', 'innerHTML', api_utf8_encode($return));
} else {
global $nosessionUsersList;
$return .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($user = Database::fetch_array($rs)) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return .= '<option value="' . $user['user_id'] . '">' . $person_name . ' (' . $user['username'] . ')</option>';
}
$return .= '</select>';
$xajax_response->addAssign('ajax_list_users_multiple', 'innerHTML', api_utf8_encode($return));
}
}
return $xajax_response;
}
