/** * @package chamilo.survey * @author Arnaud Ligot <*****@*****.**> * @version $Id: $ * * A small peace of code to enable user to access images included into survey * which are accessible by non authenticated users. This file is included * by document/download.php */ function check_download_survey($course, $invitation, $doc_url) { require_once 'survey.lib.php'; // Getting all the course information $_course = CourseManager::get_course_information($course); $course_id = $_course['real_id']; // Database table definitions $table_survey = Database::get_course_table(TABLE_SURVEY); $table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION); $table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION); $table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION); // Now we check if the invitationcode is valid $sql = "SELECT * FROM {$table_survey_invitation}\n\t WHERE\n\t c_id = {$course_id} AND\n\t invitation_code = '" . Database::escape_string($invitation) . "'"; $result = Database::query($sql); if (Database::num_rows($result) < 1) { Display::display_error_message(get_lang('WrongInvitationCode'), false); Display::display_footer(); exit; } $survey_invitation = Database::fetch_assoc($result); // Now we check if the user already filled the survey if ($survey_invitation['answered'] == 1) { Display::display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false); Display::display_footer(); exit; } // Very basic security check: check if a text field from a survey/answer/option contains the name of the document requested // Fetch survey ID // If this is the case there will be a language choice $sql = "SELECT * FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t code='" . Database::escape_string($survey_invitation['survey_code']) . "'"; $result = Database::query($sql); if (Database::num_rows($result) > 1) { if ($_POST['language']) { $survey_invitation['survey_id'] = $_POST['language']; } else { echo '<form id="language" name="language" method="POST" action="' . api_get_self() . '?course=' . $_GET['course'] . '&invitationcode=' . $_GET['invitationcode'] . '">'; echo ' <select name="language">'; while ($row = Database::fetch_assoc($result)) { echo '<option value="' . $row['survey_id'] . '">' . $row['lang'] . '</option>'; } echo '</select>'; echo ' <input type="submit" name="Submit" value="' . get_lang('Ok') . '" />'; echo '</form>'; display::display_footer(); exit; } } else { $row = Database::fetch_assoc($result); $survey_invitation['survey_id'] = $row['survey_id']; } $sql = "SELECT count(*)\n\t FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n title LIKE '%{$doc_url}%'\n or subtitle LIKE '%{$doc_url}%'\n or intro LIKE '%{$doc_url}%'\n or surveythanks LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n survey_question LIKE '%{$doc_url}%'\n or survey_question_comment LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question_option}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n option_text LIKE '%{$doc_url}%'\n )"; $result = Database::query($sql); if (Database::num_rows($result) == 0) { Display::display_error_message(get_lang('WrongInvitationCode'), false); Display::display_footer(); exit; } return $_course; }
$stud_id = api_is_allowed_to_edit() ? null : api_get_user_id(); $allcat = $cats[0]->get_subcategories($stud_id); $alleval = $cats[0]->get_evaluations($stud_id); $alllink = $cats[0]->get_links($stud_id); } $addparams = array('selectcat' => $cats[0]->get_id()); if (isset($_GET['search'])) { $addparams['search'] = $keyword; } if (isset($_GET['studentoverview'])) { $addparams['studentoverview'] = ''; } if (isset($allcat_info) && count($allcat_info) >= 0 && (isset($_GET['selectcat']) && $_GET['selectcat'] == 0) && isset($_GET['search']) && strlen(trim($_GET['search'])) > 0) { $allcat = $allcat_info; } else { $allcat = $allcat; } $gradebooktable = new GradebookTable($cats[0], $allcat, $alleval, $alllink, $addparams); if (empty($allcat) && empty($alleval) && empty($alllink) && !$is_platform_admin && $is_course_admin && !isset($_GET['selectcat']) && api_is_course_tutor()) { Display::display_normal_message(get_lang('GradebookWelcomeMessage') . '<br /><br /><form name="createcat" method="post" action="' . api_get_self() . '?createallcategories=1"><input type="submit" value="' . get_lang('CreateAllCat') . '"></form>', false); } // Here we are in a sub category if ($category != '0') { DisplayGradebook::header($cats[0], 1, $_GET['selectcat'], $is_course_admin, $is_platform_admin, $simple_search_form); } else { // This is the root category DisplayGradebook::header($cats[0], count($allcat) == '0' && !isset($_GET['search']) ? 0 : 1, 0, $is_course_admin, $is_platform_admin, $simple_search_form); } $gradebooktable->display(); Display::display_footer();
/** * Check whether this survey has ended. If so, display message and exit rhis script */ function check_time_availability($surv_data) { $start_date = mktime(0, 0, 0, substr($surv_data['start_date'], 5, 2), substr($surv_data['start_date'], 8, 2), substr($surv_data['start_date'], 0, 4)); $end_date = mktime(0, 0, 0, substr($surv_data['end_date'], 5, 2), substr($surv_data['end_date'], 8, 2), substr($surv_data['end_date'], 0, 4)); $cur_date = time(); if ($cur_date < $start_date) { Display :: display_warning_message(get_lang('SurveyNotAvailableYet'), false); Display :: display_footer(); exit; } if ($cur_date > $end_date) { Display :: display_warning_message(get_lang('SurveyNotAvailableAnymore'), false); Display :: display_footer(); exit; } }
/** * This function checks the parameters that are used in this page * * @return string The header, an error and the footer if any parameter fails, else it returns true * @author Patrick Cool <*****@*****.**>, Ghent University * @version February 2007 */ static function check_parameters($people_filled) { $error = false; // Getting the survey data $survey_data = SurveyManager::get_survey($_GET['survey_id']); // $_GET['survey_id'] has to be numeric if (!is_numeric($_GET['survey_id'])) { $error = get_lang('IllegalSurveyId'); } // $_GET['action'] $allowed_actions = array('overview', 'questionreport', 'userreport', 'comparativereport', 'completereport', 'deleteuserreport'); if (isset($_GET['action']) && !in_array($_GET['action'], $allowed_actions)) { $error = get_lang('ActionNotAllowed'); } // User report if (isset($_GET['action']) && $_GET['action'] == 'userreport') { if ($survey_data['anonymous'] == 0) { foreach ($people_filled as $key => &$value) { $people_filled_userids[] = $value['invited_user']; } } else { $people_filled_userids = $people_filled; } if (isset($_GET['user']) && !in_array($_GET['user'], $people_filled_userids)) { $error = get_lang('UnknowUser'); } } // Question report if (isset($_GET['action']) && $_GET['action'] == 'questionreport') { if (isset($_GET['question']) && !is_numeric($_GET['question'])) { $error = get_lang('UnknowQuestion'); } } if ($error) { $tool_name = get_lang('Reporting'); Display::display_header($tool_name); Display::display_error_message(get_lang('Error') . ': ' . $error, false); Display::display_footer(); exit; } else { return true; } }
/** * This function is called when the user is not allowed in this forum/thread/... * @return bool display message of "not allowed" * * @author Patrick Cool <*****@*****.**>, Ghent University * @version february 2006, dokeos 1.8 */ function forum_not_allowed_here() { Display::display_error_message(get_lang('NotAllowedHere')); Display::display_footer(); return false; }
/** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int $userId * * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <*****@*****.**> */ function loginUser($userId) { $userId = intval($userId); $userInfo = api_get_user_info($userId); // Check if the user is allowed to 'login_as' $canLoginAs = api_can_login_as($userId); if (!$canLoginAs || empty($userInfo)) { return false; } $firstname = $userInfo['firstname']; $lastname = $userInfo['lastname']; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $userId); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $userId); } if ($userId) { // Logout the current user LoginDelete(api_get_user_id()); Session::erase('_user'); Session::erase('is_platformAdmin'); Session::erase('is_allowedCreateCourse'); Session::erase('_uid'); // Cleaning session variables $_user['firstName'] = $userInfo['firstname']; $_user['lastName'] = $userInfo['lastname']; $_user['mail'] = $userInfo['email']; //$_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $userInfo['official_code']; $_user['picture_uri'] = $userInfo['picture_uri']; $_user['user_id'] = $userId; $_user['id'] = $userId; $_user['status'] = $userInfo['status']; // Filling session variables with new data Session::write('_uid', $userId); Session::write('_user', $userInfo); Session::write('is_platformAdmin', (bool) UserManager::is_admin($userId)); Session::write('is_allowedCreateCourse', (bool) ($userInfo['status'] == 1)); // will be useful later to know if the user is actually an admin or not (example reporting) Session::write('login_as', true); $target_url = api_get_path(WEB_PATH) . "user_portal.php"; $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>'); Display::display_header(get_lang('UserList')); Display::display_normal_message($message, false); Display::display_footer(); exit; } }
/** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int User ID * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <*****@*****.**> */ function login_user($user_id) { $user_id = intval($user_id); $user_info = api_get_user_info($user_id); // Check if the user is allowed to 'login_as' $can_login_as = api_can_login_as($user_id); if (!$can_login_as) { return false; } //Load $_user to be sure we clean it before logging in global $uidReset, $loginFailed, $_user; $main_user_table = Database::get_main_table(TABLE_MAIN_USER); $main_admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); $track_e_login_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); unset($_user['user_id']); // uid not in session ? prevent any hacking $firstname = $user_info['firstname']; $lastname = $user_info['lastname']; $user_id = $user_info['user_id']; //$message = "Attempting to login as ".api_get_person_name($firstname, $lastname)." (id ".$user_id.")"; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'), $firstname, $lastname, $user_id); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $user_id); } $loginFailed = false; $uidReset = false; if ($user_id) { // a uid is given (log in succeeded) $sql_query = "SELECT user.*, a.user_id is_admin,\n\t\t\tUNIX_TIMESTAMP(login.login_date) login_date\n\t\t\tFROM {$main_user_table}\n\t\t\tLEFT JOIN {$main_admin_table} a\n\t\t\tON user.user_id = a.user_id\n\t\t\tLEFT JOIN {$track_e_login_table} login\n\t\t\tON user.user_id = login.login_user_id\n\t\t\tWHERE user.user_id = '" . $user_id . "'\n\t\t\tORDER BY login.login_date DESC LIMIT 1"; $sql_result = Database::query($sql_query); if (Database::num_rows($sql_result) > 0) { // Extracting the user data $user_data = Database::fetch_array($sql_result); //Delog the current user LoginDelete($_SESSION["_user"]["user_id"]); // Cleaning session variables unset($_SESSION['_user']); unset($_SESSION['is_platformAdmin']); unset($_SESSION['is_allowedCreateCourse']); unset($_SESSION['_uid']); $_user['firstName'] = $user_data['firstname']; $_user['lastName'] = $user_data['lastname']; $_user['mail'] = $user_data['email']; $_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $user_data['official_code']; $_user['picture_uri'] = $user_data['picture_uri']; $_user['user_id'] = $user_data['user_id']; $_user['status'] = $user_data['status']; $is_platformAdmin = (bool) (!is_null($user_data['is_admin'])); $is_allowedCreateCourse = (bool) ($user_data['status'] == 1); // Filling session variables with new data $_SESSION['_uid'] = $user_id; $_SESSION['_user'] = $_user; $_SESSION['is_platformAdmin'] = $is_platformAdmin; $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse; $_SESSION['login_as'] = true; // will be useful later to know if the user is actually an admin or not (example reporting)s $target_url = api_get_path(WEB_PATH) . "user_portal.php"; $message .= '<br />' . sprintf(get_lang('LoginSuccessfulGoToX'), '<a href="' . $target_url . '">' . $target_url . '</a>'); Display::display_header(get_lang('UserList')); Display::display_normal_message($message, false); Display::display_footer(); exit; } else { exit("<br />WARNING UNDEFINED UID !! "); } } }
function display_footer() { Display::display_footer(); }
/** * Run the controller. Ensure security and execute requested action. */ public function run() { if (!$this->accept()) { Display::display_header(); Display::display_error_message(get_lang('NotAuthorized')); Display::display_footer(); die; } $action = $this->get_action(); $format = $this->get_format(); $f = array($this, $action . '_' . $format); if (is_callable($f)) { call_user_func($f); } }
/** * Read the spreadsheet file using OLE, then parse * * @access public * @param filename * @todo return a valid value */ function read($sFileName) { /* require_once 'OLE.php'; $ole = new OLE(); $ole->read($sFileName); foreach ($ole->_list as $i => $pps) { if (($pps->Name == 'Workbook' || $pps->Name == 'Book') && $pps->Size >= SMALL_BLOCK_THRESHOLD) { $this->data = $ole->getData($i, 0, $ole->getDataLength($i)); } elseif ($pps->Name == 'Root Entry') { $this->data = $ole->getData($i, 0, $ole->getDataLength($i)); } //var_dump(strlen($ole->getData($i, 0, $ole->getDataLength($i))), $pps->Name, md5($this->data), $ole->getDataLength($i)); } //exit; $this->_parse(); return sizeof($this->sheets) > 0; */ $res = $this->_ole->read($sFileName); // oops, something goes wrong (Darko Miljanovic) if ($res === false) { // check error code if ($this->_ole->error == 1) { // bad file //die('The filename ' . $sFileName . ' is not readable'); Display::display_header(''); Display::display_error_message(get_lang('XLSFileNotValid')); Display::display_footer(); exit; } // check other error codes here (eg bad fileformat, etc...) } $this->data = $this->_ole->getWorkBook(); /* $res = $this->_ole->read($sFileName); if ($this->isError($res)) { // var_dump($res); return $this->raiseError($res); } $total = $this->_ole->ppsTotal(); for ($i = 0; $i < $total; $i++) { if ($this->_ole->isFile($i)) { $type = unpack("v", $this->_ole->getData($i, 0, 2)); if ($type[''] == 0x0809) { // check if it's a BIFF stream $this->_index = $i; $this->data = $this->_ole->getData($i, 0, $this->_ole->getDataLength($i)); break; } } } if ($this->_index === null) { return $this->raiseError("$file doesn't seem to be an Excel file"); } */ //echo "data =".$this->data; //$this->readRecords(); $this->_parse(); }
</div> <div noWrap="1" id="maindiv"> <?php if ($keywordscache == '') { ?>   <?php } else { ?> <input type="checkbox" id="restricttokwds">Keywords-restrictive search<br> <input type="button" class="btn" value="+" onClick="if (this.value == '+') deselectAll(event, this); openOrClose(this);"/> <input type="button" class="btm" id="btnOpenOrCloseAll" value="++" onClick="openOrCloseAll(this);"/> <input type="button" class="btn" value="?" onClick="openOrCloseHelp(this)"/>  <?php echo get_lang('ClickKw'), $keywordscache; } ?> </div> <div id='moreHelp' class='dvc'> <?php echo get_lang('KwHelp')?> </div> </div><!-- onMouseUp --> <?php /***** Example inserting in own domain (not used here) * PhpDig installed at: http://www.domain.com/phpdig/ * Want search page at: http://www.domain.com/search.php * Copy http://www.domain.com/phpdig/search.php to http://www.domain.com/search.php * Copy http://www.domain.com/phpdig/clickstats.php to http://www.domain.com/clickstats.php * Set $relative_script_path = './phpdig'; in search.php, clickstats.php, and function_phpdig_form.php * Add ($relative_script_path != "./phpdig") && to if statement *****/ echo "\n"; Display::display_footer(); ?>