$tool_content .= "</div> </div> <!-- end of col-xs-6 --> </div> <!-- end of row --> </div> <!-- end of col-xs-12 profile-pers-info --> </div> <!-- end of pers_info row -->"; if (!empty($userdata->description)) { $tool_content .= "<div id='profile-about-me' class='row'> <div class='col-xs-12 col-md-10 col-md-offset-2 profile-pers-info'> <h4>$langProfileAboutMe</h4><div> ".standard_text_escape($userdata->description)."</div></div></div>"; } $tool_content .= " <div id='profile-departments' class='row'> <div class='col-xs-12 col-md-10 col-md-offset-2 profile-pers-info'> <div><span class='tag'>$langHierarchyNode : </span>"; $departments = $user->getDepartmentIds($id); $i = 1; foreach ($departments as $dep) { $br = ($i < count($departments)) ? '<br/>' : ''; $tool_content .= $tree->getFullPath($dep) . $br; $i++; } $tool_content .= "</div> <div> <span class='tag'>$langProfileMemberSince : </span><span class='tag-value'>$userdata->registered_at</span> </div> </div> </div>"; //render custom profile fields content $tool_content .= render_profile_fields_content(array('user_id' => $id)); $tool_content .= "</div>
} if ($search == 'inactive') { $criteria[] = 'expires_at < ' . DBHelper::timeAfter(); } // Department search $depqryadd = ''; $dep = (isset($_POST['department'])) ? intval($_POST['department']) : 0; if ($dep || isDepartmentAdmin()) { $depqryadd = ', user_department'; $subs = array(); if ($dep) { $subs = $tree->buildSubtrees(array($dep)); } else if (isDepartmentAdmin()) { $subs = $user->getDepartmentIds($uid); } $count = 0; foreach ($subs as $key => $id) { $terms[] = $id; validateNode($id, isDepartmentAdmin()); $count++; } $pref = ($c) ? 'a' : 'user'; $criteria[] = $pref . '.id = user_department.user'; $criteria[] = 'department IN (' . implode(', ', array_fill(0, $count, '?s')) . ')'; } if (isset($_POST['move_submit'])) {
$criteria[] = 'email LIKE ?s'; $terms[] = '%' . $email . '%'; if ($search == 'inactive') { $criteria[] = 'expires_at < ' . DBHelper::timeAfter(); } // Department search $depqryadd = ''; $dep = isset($_POST['department']) ? intval($_POST['department']) : 0; if ($dep || isDepartmentAdmin()) { $depqryadd = ', user_department'; $subs = array(); if ($dep) { $subs = $tree->buildSubtrees(array($dep)); } else { if (isDepartmentAdmin()) { $subs = $user->getDepartmentIds($uid); } } $count = 0; foreach ($subs as $key => $id) { $terms[] = $id; validateNode($id, isDepartmentAdmin()); $count++; } $pref = $c ? 'a' : 'user'; $criteria[] = $pref . '.user.id = user_department.user'; $criteria[] = 'department IN (' . array_fill(0, $count, '?s') . ')'; } $qry_criteria = count($criteria) ? implode(' AND ', $criteria) : ''; // end filter/criteria if (!empty($c)) {
if (isDepartmentAdmin()) { $olddeps = $course->getDepartmentIds($cId); foreach ($departments as $depId) { if (!in_array($depId, $olddeps)) { validateNode(intval($depId), true); } } foreach ($olddeps as $depId) { if (!in_array($depId, $departments)) { validateNode($depId, true); } } } // Update query Database::get()->query("UPDATE course SET title = ?s,\n prof_names = ?s\n WHERE code = ?s", $_POST['title'], $_POST['titulary'], $_GET['c']); $course->refresh($cId, $departments); $tool_content .= "<div class='alert alert-success'>{$langModifDone}</div>"; } else { $row = Database::get()->querySingle("SELECT course.code AS code, course.title AS title, course.prof_names AS prof_name, course.id AS id\n FROM course\n WHERE course.code = ?s", $_GET['c']); $tool_content .= "<div class='form-wrapper'>\n\t<form role='form' class='form-horizontal' action='" . $_SERVER['SCRIPT_NAME'] . "?c=" . q($_GET['c']) . "' method='post' onsubmit='return validateNodePickerForm();'>\n\t<fieldset>\n <div class='form-group'>\n\t <label for='Faculty' class='col-sm-2 control-label'>{$langFaculty}:</label>\n <div class='col-sm-10'>"; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $course->getDepartmentIds($row->id), 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $course->getDepartmentIds($row->id))); } $head_content .= $js; $tool_content .= $html; $tool_content .= "</div></div>"; $tool_content .= "<div class='form-group'>\n <label for='fcode' class='col-sm-2 control-label'>{$langCode}</label>\n <div class='col-sm-10'>\n <input type='text' class='form-control' name='fcode' id='fcode' value='{$row->code}' size='60' />\n </div>\n </div>\n <div class='form-group'>\n <label for='title' class='col-sm-2 control-label'>{$langCourseTitle}:</label>\n <div class='col-sm-10'>\n\t\t<input type='text' class='form-control' name='title' id='title' value='" . q($row->title) . "' size='60' />\n\t </div>\n </div>\n <div class='form-group'>\n <label for='titulary' class='col-sm-2 control-label'>{$langTeachers}:</label>\n <div class='col-sm-10'>\n\t\t<input type='text' class='form-control' name='titulary' id='titulary' value='" . q($row->prof_name) . "' size='60' />\n\t </div>\n </div>\n <div class='form-group'>\n <div class='col-sm-10 col-sm-offset-4'>\n <input class='btn btn-primary' type='submit' name='submit' value='{$langModify}'>\n </div>\n </div>\n </fieldset>\n\t</form>\n </div>"; } draw($tool_content, 3, null, $head_content);
$am = isset($_GET['am']) ? $_GET['am'] : ''; $verified_mail = isset($_GET['verified_mail']) ? intval($_GET['verified_mail']) : 3; $user_type = isset($_GET['user_type']) ? intval($_GET['user_type']) : ''; $auth_type = isset($_GET['auth_type']) ? intval($_GET['auth_type']) : ''; $email = isset($_GET['email']) ? mb_strtolower(trim($_GET['email'])) : ''; $reg_flag = isset($_GET['reg_flag']) ? intval($_GET['reg_flag']) : ''; $user_registered_at = isset($_GET['user_registered_at']) ? $_GET['user_registered_at'] : ''; if (isset($_GET['department'])) { $depts_defaults = array('params' => 'name="department"', 'tree' => array('0' => $langAllFacultes), 'multiple' => false, 'defaults' => array_map('intval', $_GET['department'])); } else { $depts_defaults = array('params' => 'name="department"', 'tree' => array('0' => $langAllFacultes), 'multiple' => false); } if (isDepartmentAdmin()) { $allowables = array('allowables' => $user->getDepartmentIds($uid)); $depts_defaults = array_merge($depts_defaults, $allowables); } // Display Actions Toolbar $tool_content .= action_bar(array( array('title' => $langAllUsers, 'url' => "listusers.php?search=yes", 'icon' => 'fa-search', 'level' => 'primary-label'), array('title' => $langInactiveUsers, 'url' => "listusers.php?search=inactive", 'icon' => 'fa-search', 'level' => 'primary-label'), array('title' => $langBack, 'url' => "index.php",
break; case "3": $typeSel[0] = "selected"; break; default: $typeSel[-1] = "selected"; break; } } $tool_content .= "<div class='form-group'>\n <label for='formsearchtype' class='col-sm-2 control-label'>{$langCourseVis}:</label>\n <div class='col-sm-10'>\n <select class='form-control' name='formsearchtype'>\n <option value='-1' " . @$typeSel[-1] . ">{$langAllTypes}</option>\n <option value='2' " . @$typeSel[2] . ">{$langTypeOpen}</option>\n <option value='1' " . @$typeSel[1] . ">{$langTypeRegistration}</option>\n <option value='0' " . @$typeSel[0] . ">{$langTypeClosed}</option>\n <option value='3' " . @$typeSel[3] . ">{$langCourseInactiveShort}</option>\n </select>\n </div>\n </div>"; $reg_flag_data = array(); $reg_flag_data[1] = $langAfter; $reg_flag_data[2] = $langBefore; $tool_content .= "<div class='form-group'><label class='col-sm-2 control-label'>{$langCreationDate}:</label>"; $tool_content .= "<div class='col-sm-5'>" . selection($reg_flag_data, 'reg_flag', $reg_flag, 'class="form-control"') . "</div>"; $tool_content .= "<div class='col-sm-5'>"; $tool_content .= "<input class='form-control' id='id_date' name='date' type='text' value='{$date}' data-date-format='dd-mm-yyyy' placeholder='{$langCreationDate}'> \n </div>"; $tool_content .= "</div>"; $tool_content .= "<div class='form-group'><label class='col-sm-2 control-label'>{$langFaculty}:</label>"; $tool_content .= "<div class='col-sm-10'>"; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildNodePicker(array('params' => 'name="formsearchfaculte"', 'tree' => array('0' => $langAllFacultes), 'useKey' => "id", 'multiple' => false, 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildNodePicker(array('params' => 'name="formsearchfaculte"', 'tree' => array('0' => $langAllFacultes), 'useKey' => "id", 'multiple' => false)); } $head_content .= $js; $tool_content .= $html; $tool_content .= "</div></div>"; $tool_content .= "<div class='form-group'>\n <div class='col-sm-10 col-sm-offset-2'>\n <input class='btn btn-primary' type='submit' name='search_submit' value='{$langSearch}'>\n <a href='index.php' class='btn btn-default'>{$langCancel}</a> \n </div>\n </div>"; $tool_content .= "</fieldset></form></div>"; draw($tool_content, 3, null, $head_content);
case '10': $course_license = 10; break; default: $course_license = 0; break; } } // disable visibility if it is opencourses certified if (get_config('opencourses_enable') && $isOpenCourseCertified) { $_POST['formvisible'] = '2'; } $departments = isset($_POST['department']) ? $_POST['department'] : array(); $deps_valid = true; foreach ($departments as $dep) { if (get_config('restrict_teacher_owndep') && !$is_admin && !in_array($dep, $user->getDepartmentIds($uid))) { $deps_valid = false; } } //===================course format and start and finish date=============== //check if there is a start and finish date if weekly selected if ($_POST['view_type'] || $_POST['start_date'] || $_POST['finish_date']) { if (!$_POST['start_date']) { //if no start date do not allow weekly view and show alert message $view_type = 'units'; $_POST['start_date'] = '0000-00-00'; $_POST['finish_date'] = '0000-00-00'; $noWeeklyMessage = 1; } else { //if there is start date create the weeks from that start date //Number of the previous week records for this course
$tool_content .= selection($verified_mail_data, "verified_mail", intval($info->verified_mail), "class='form-control'"); $tool_content .= "</div></div>"; $tool_content .= "<div class='form-group'> <label class='col-sm-2 control-label'>$langAm: </label> <div class='col-sm-10'><input type='text' name='am' size='50' value='" . q($info->am) . "' /></div> </div> <div class='form-group'> <label class='col-sm-2 control-label'>$langTel: </label> <div class='col-sm-10'><input type='text' name='phone' size='50' value='" . q($info->phone) . "' /></div> </div> <div class='form-group'> <label class='col-sm-2 control-label'>$langFaculty:</label> <div class='col-sm-10'>"; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildUserNodePicker(array('defaults' => $user->getDepartmentIds($u), 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildUserNodePicker(array('defaults' => $user->getDepartmentIds($u))); } $head_content .= $js; $tool_content .= $html; $tool_content .= "</div></div> <div class='form-group'> <label class='col-sm-2 control-label'>$langProperty:</label> <div class='col-sm-10'>"; if ($info->status == USER_GUEST) { // if we are guest user do not display selection $tool_content .= selection(array(USER_GUEST => $langGuest), 'newstatus', intval($info->status), "class='form-control'"); } else { $tool_content .= selection(array(USER_TEACHER => $langTeacher, USER_STUDENT => $langStudent), 'newstatus', intval($info->status), "class='form-control'"); }
break; case EMAIL_VERIFIED: $message = icon('fa-check', $langMailVerificationYesU); break; case EMAIL_UNVERIFIED: $link = "<a href = '../auth/mail_verify_change.php?from_profile=TRUE'>{$langHere}</a>."; $message = "<div class='alert alert-warning'>{$langMailNotVerified} {$link}</div>"; default: break; } $tool_content .= "<div class='form-group'><label for='mailstatus' class='col-sm-2 control-label'>{$langVerifiedMail}</label>\n {$message}</div>"; } if (!get_config('restrict_owndep')) { $tool_content .= "<div class='form-group'><label for='faculty' class='col-sm-2 control-label'>{$langFaculty}:</label>"; $tool_content .= "<div class='col-sm-10'>"; list($js, $html) = $tree->buildUserNodePicker(array('defaults' => $userObj->getDepartmentIds($uid))); $head_content .= $js; $tool_content .= $html; $tool_content .= "</div></div>"; } $tool_content .= "<div class='form-group'><label for='language' class='col-sm-2 control-label'>{$langLanguage}:</label>\n <div class='col-sm-10'>" . lang_select_options('userLanguage', "class='form-control'") . "</div>\n </div>"; if ($icon) { $message_pic = $langReplacePicture; $picture = profile_image($uid, IMAGESIZE_SMALL) . " "; $delete = ' ' . icon('fa-times', $langDelete, '#', 'id="delete"') . ' '; } else { $picture = $delete = ''; $message_pic = $langAddPicture; } $tool_content .= "<div class='form-group'>\n <label for='picture' class='col-sm-2 control-label'>{$message_pic}</label>\n <div class='col-sm-10'><span>{$picture}{$delete}</span><input type='file' name='userimage' size='30'></div>\n </div>\n <div class='form-group'> \n <label for='desription' class='col-sm-2 control-label'>{$langDescription}:</label>\n <div class='col-sm-10'>" . rich_text_editor('desc_form', 5, 20, $desc_form) . "</div>\n </div>\n <div class='col-sm-offset-2 col-sm-10'> \n <input class='btn btn-primary' type='submit' name='submit' value='{$langSubmit}'>\n <a href='display_profile.php' class='btn btn-default'>{$langCancel}</a>\n </div> \n </fieldset>\n </form>\n </div>"; draw($tool_content, 1, null, $head_content);
} }).change(); }); /* ]]> */ </script> hContent; register_posted_variables(array('title' => true, 'password' => true, 'prof_names' => true)); if (empty($prof_names)) { $prof_names = "{$_SESSION['givenname']} {$_SESSION['surname']}"; } $departments = isset($_POST['department']) ? $_POST['department'] : array(); $deps_valid = true; foreach ($departments as $dep) { if (get_config('restrict_teacher_owndep') && !$is_admin && !in_array($dep, $user->getDepartmentIds($uid))) { $deps_valid = false; } } // Check if the teacher is allowed to create in the departments he chose if (!$deps_valid) { $tool_content .= "<div class='alert alert-danger'>{$langCreateCourseNotAllowedNode}</div>\n <p class='pull-right'><a class='btn btn-default' href='{$_SERVER['PHP_SELF']}'>{$langBack}</a></p>"; draw($tool_content, 1, null, $head_content); exit; } // display form if (!isset($_POST['create_course'])) { $allow_only_defaults = get_config('restrict_teacher_owndep') && !$is_admin ? true : false; list($js, $html) = $tree->buildCourseNodePicker(array('defaults' => $user->getDepartmentIds($uid), 'allow_only_defaults' => $allow_only_defaults)); $head_content .= $js; foreach ($license as $id => $l_info) {
if (!empty($unparsed_lines)) { $tool_content .= "<p><b>{$langErrors}</b></p><pre>" . q($unparsed_lines) . "</pre>"; } $tool_content .= "<table class='table-default'><tr><th>{$langSurname}</th><th>{$langName}</th><th>e-mail</th><th>{$langPhone}</th><th>{$langAm}</th><th>username</th><th>password</th></tr>\n"; foreach ($new_users_info as $n) { $tool_content .= "<tr><td>" . q($n[1]) . "</td><td>" . q($n[2]) . "</td><td>" . q($n[3]) . "</td><td>" . q($n[4]) . "</td><td>" . q($n[5]) . "</td><td>" . q($n[6]) . "</td><td>" . q($n[7]) . "</td></tr>\n"; } $tool_content .= "</table>"; } else { Database::get()->queryFunc("SELECT id, name FROM hierarchy WHERE allow_course = true ORDER BY name", function ($n) use(&$facs) { $facs[$n->id] = $n->name; }); $access_options = array(ACCESS_PRIVATE => $langProfileInfoPrivate, ACCESS_PROFS => $langProfileInfoProfs, ACCESS_USERS => $langProfileInfoUsers); $tool_content .= "<div class='alert alert-info'>{$langMultiRegUserInfo}</div>\n <div class='form-wrapper'>\n <form class='form-horizontal' role='form' method='post' action='{$_SERVER['SCRIPT_NAME']}' onsubmit='return validateNodePickerForm();' >\n <fieldset> \n <div class='form-group'>\n <label for='fields' class='col-sm-3 control-label'>{$langMultiRegFields}:</label>\n <div class='col-sm-9'>\n <input class='form-control' id='fields' type='text' name='fields' value='first last id email phone'>\n </div>\n </div>\n <div class='form-group'>\n <label for='user_info' class='col-sm-3 control-label'>{$langUsersData}:</label>\n <div class='col-sm-9'>\n <textarea class='auth_input form-control' name='user_info' id='user_info' rows='10'></textarea>\n </div>\n </div>\n <div class='form-group'>\n <label for='type' class='col-sm-3 control-label'>{$langMultiRegType}:</label>\n <div class='col-sm-9'>\n <select class='form-control' name='type' id='type'>\n <option value='stud'>{$langsOfStudents}</option>\n <option value='prof'>{$langOfTeachers}</option>\n </select>\n </div>\n </div>\n <div class='form-group'>\n <label for='prefix' class='col-sm-3 control-label'>{$langMultiRegPrefix}:</label>\n <div class='col-sm-9'>\n <input class='form-control' type='text' name='prefix' id='prefix' value='user'>\n </div>\n </div>\n <div class='form-group'>\n <label class='col-sm-3 control-label'>{$langFaculty}:</label>\n <div class='col-sm-9'>"; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildUserNodePicker(array('params' => 'name="facid[]"', 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildUserNodePicker(array('params' => 'name="facid[]"')); } $head_content .= $js; $tool_content .= $html; $tool_content .= "</div>\n </div>\n <div class='form-group'>\n <label for='am' class='col-sm-3 control-label'>{$langAm}:</label>\n <div class='col-sm-9'>\n <input class='form-control' type='text' name='am' id='am'>\n </div>\n </div>\n <div class='form-group'>\n <label for='lang' class='col-sm-3 control-label'>{$langLanguage}:</label>\n <div class='col-sm-9'>" . lang_select_options('lang', 'class="form-control"') . "</div>\n </div>\n <div class='form-group'>\n <label for='email_public' class='col-sm-3 control-label'>{$langEmail}</label>\n <div class='col-sm-9'>" . selection($access_options, 'email_public', ACCESS_PRIVATE, 'class="form-control"') . "</div>\n </div>\n <div class='form-group'>\n <label for='am_public' class='col-sm-3 control-label'>{$langAm}</label>\n <div class='col-sm-9'>" . selection($access_options, 'am_public', ACCESS_PRIVATE, 'class="form-control"') . "</div>\n </div>\n <div class='form-group'>\n <label for='phone_public' class='col-sm-3 control-label'>{$langPhone}</label>\n <div class='col-sm-9'>" . selection($access_options, 'phone_public', ACCESS_PRIVATE, 'class="form-control"') . "</div>\n </div>\n <div class='form-group'>\n <label for='send_mail' class='col-sm-3 control-label'>{$langInfoMail}</label>\n <div class='col-sm-9'>\n <div class='checkbox'>\n <label>\n <input name='send_mail' id='send_mail' type='checkbox'> {$langMultiRegSendMail}\n </label>\n </div> \n </div>\n </div>\n <div class='form-group'>\n <div class='col-sm-9 col-sm-offset-3'>\n <input class='btn btn-primary' type='submit' name='submit' value='{$langSubmit}'>\n <a class='btn btn-default' href='index.php'>{$langCancel}</a>\n </div>\n </div> \n </fieldset>\n </form>\n </div>"; } draw($tool_content, 3, null, $head_content); function create_user($status, $uname, $password, $surname, $givenname, $email, $departments, $am, $phone, $lang, $send_mail, $email_public, $phone_public, $am_public) { global $charset, $langAsProf, $langYourReg, $siteName, $langDestination, $langYouAreReg, $langSettings, $langPass, $langAddress, $langIs, $urlServer, $langProblem, $administratorName, $administratorSurname, $langManager, $langTel, $langEmail, $emailhelpdesk, $profsuccess, $usersuccess, $user; if ($status == 1) { $message = $profsuccess; $type_message = $langAsProf; } else {
$tool_content .= selection($auth_m, "auth_methods_form", '', "class='form-control'"); $tool_content .= "</div></div>"; } $tool_content .= "<div class='form-group'> <label for='prefix' class='col-sm-3 control-label'>$langMultiRegPrefix:</label> <div class='col-sm-9'> <input class='form-control' type='text' name='prefix' id='prefix' value='user'> </div> </div> <div class='form-group'> <label class='col-sm-3 control-label'>$langFaculty:</label> <div class='col-sm-9'>"; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildUserNodePicker(array('params' => 'name="facid[]"', 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildUserNodePicker(array('params' => 'name="facid[]"')); } $head_content .= $js; $tool_content .= $html; $tool_content .= "</div> </div> <div class='form-group'> <label for='am' class='col-sm-3 control-label'>$langAm:</label> <div class='col-sm-9'> <input class='form-control' type='text' name='am' id='am'> </div> </div> <div class='form-group'> <label for='lang' class='col-sm-3 control-label'>$langLanguage:</label>
$title = $langInsertUserInfo; } else { $pageName = $langProfReg; $title = $langNewProf; } $tool_content .= "<div class='form-wrapper'>\n <form class='form-horizontal' role='form' action='{$_SERVER['SCRIPT_NAME']}' method='post' onsubmit='return validateNodePickerForm();'>\n <fieldset>\n <div class='form-group'>\n <label for='Name' class='col-sm-2 control-label'>{$langName}:</label>\n <div class='col-sm-10'>\n <input class='form-control' id='Name' type='text' name='givenname_form' value='" . q($pn) . "' placeholder='{$langName}'>\n </div>\n </div>\n <div class='form-group'>\n <label for='Sur' class='col-sm-2 control-label'>{$langSurname}:</label>\n <div class='col-sm-10'>\n <input class='form-control' id='Sur' type='text' name='surname_form' value='" . q($ps) . "' placeholder='{$langSurname}'>\n </div>\n </div>\n <div class='form-group'>\n <label for='Username' class='col-sm-2 control-label'>{$langUsername}:</label>\n <div class='col-sm-10'>\n <input class='form-control' id='Username' type='text' name='uname' value='" . q($pu) . "' autocomplete='off' placeholder='{$langUsername}'>\n </div>\n </div>\n <div class='form-group'>\n <label for='passsword' class='col-sm-2 control-label'>{$langPass}:</label>\n <div class='col-sm-10'>\n <input class='form-control' type='text' name='password' value='" . genPass() . "' id='password' autocomplete='off' placeholder='{$langPass}'/><span id='result'></span>\n </div>\n </div>\n <div class='form-group'>\n <label for='email' class='col-sm-2 control-label'>{$langEmail}:</label>\n <div class='col-sm-10'>\n <input class='form-control' id='email' type='text' name='email_form' value='" . q($pe) . "' palceholder='{$langEmail}'>\n </div>\n </div>\n <div class='form-group'>\n <label for='emailverified' class='col-sm-2 control-label'>{$langEmailVerified}:</label>\n <div class='col-sm-10'>"; $verified_mail_data = array(0 => $m['pending'], 1 => $m['yes'], 2 => $m['no']); if (isset($pv)) { $tool_content .= selection($verified_mail_data, "verified_mail_form", $pv, "class='form-control'"); } else { $tool_content .= selection($verified_mail_data, "verified_mail_form", '', "class='form-control'"); } $tool_content .= "</div></div>\n <div class='form-group'>\n <label for='phone' class='col-sm-2 control-label'>{$langPhone}:</label>\n <div class='col-sm-10'> \n <input class='form-control' id='phone' type='text' name='phone' value='" . q($pphone) . "' placeholder='{$langPhone}'>\n </div>\n </div>\n <div class='form-group'>\n <label for='faculty' class='col-sm-2 control-label'>{$langFaculty}:</label>\n <div class='col-sm-10'>"; $depid = isset($pt) ? $pt : null; if (isDepartmentAdmin()) { list($js, $html) = $tree->buildNodePicker(array('params' => 'name="department"', 'defaults' => $depid, 'tree' => null, 'useKey' => 'id', 'where' => "AND node.allow_user = true", 'multiple' => false, 'allowables' => $user->getDepartmentIds($uid))); } else { list($js, $html) = $tree->buildNodePicker(array('params' => 'name="department"', 'defaults' => $depid, 'tree' => null, 'useKey' => 'id', 'where' => "AND node.allow_user = true", 'multiple' => false)); } $head_content .= $js; $tool_content .= $html; $tool_content .= "</div></div>\n <div class='form-group'>\n <label for='am' class='col-sm-2 control-label'>{$langAm}:</label>\n <div class='col-sm-10'>\n <input class='form-control' id='am' type='text' name='am' value='" . q($pam) . "' placeholder='{$langOptional}'>\n </div>\n </div>\n <div class='form-group'>\n <label for='lang' class='col-sm-2 control-label'>{$langLanguage}:</label>\n <div class='col-sm-10'>"; $tool_content .= lang_select_options('language', "class='form-control'", $language); $tool_content .= "</div></div>"; if (isset($_GET['id'])) { @($tool_content .= "<div class='form-group'><label for='comments' class='col-sm-2 control-label'>{$langComments}</label>\n <div class='col-sm-10'>" . q($pcom) . "</div>\n </div>\n <div class='form-group'><label for='date' class='col-sm-2 control-label'>{$langDate}</label>\n <div class='col-sm-10'>" . q($pdate) . "</div></div>"); $tool_content .= "<input type='hidden' name='rid' value='{$id}' />"; } $tool_content .= "<div class='col-sm-offset-2 col-sm-10'> \n <input class='btn btn-primary' type='submit' name='submit' value='{$langRegistration}'>\n </div> \n <input type='hidden' name='pstatus' value='{$pstatus}' />\n <input type='hidden' name='auth' value='1' />\n </fieldset>\n </form>\n </div>"; if ($pstatus == 5) { $reqtype = '?type=user';
FROM `hierarchy` AS node, `hierarchy` AS parent WHERE node.lft BETWEEN parent.lft AND parent.rgt GROUP BY node.id ORDER BY node.lft) AS hierarchydepth"; $maxdepth = Database::get()->querySingle($query)->maxdepth; // Construct a table $tool_content .= " <table class='table-default'> <tr> <td colspan='" . ($maxdepth + 4) . "' class='right'> $langManyExist: <b>$nodesCount</b> $langHierarchyNodes </td> </tr>"; $options = array('codesuffix' => true, 'defaults' => $user->getDepartmentIds($uid), 'allow_only_defaults' => (!$is_admin)); $joptions = json_encode($options); $head_content .= <<<hContent <script type="text/javascript"> /* <![CDATA[ */ $(function() { $( "#js-tree" ).jstree({ "plugins" : ["sort", "contextmenu"], "core" : { "data" : { "url" : "{$urlAppend}modules/hierarchy/nodes.php", "type" : "POST", "data" : function(node) {
$navigation[] = array('url' => 'index.php', 'name' => $langAdmin); // Display link back to index.php $tool_content .= action_bar(array( array('title' => $langBack, 'url' => "index.php", 'icon' => 'fa-reply', 'level' => 'primary-label'))); /* * *************************************************************************** MAIN BODY * **************************************************************************** */ // Send email after form post if (isset($_POST['submit']) && ($_POST['body_mail'] != '') && ($_POST['submit'] == $langSend)) { if (isDepartmentAdmin()) { $depwh = ' user_department.department IN (' . implode(', ', $user->getDepartmentIds($uid)) . ') '; } // where we want to send the email ? if ($_POST['sendTo'] == '0') { // All users if (isDepartmentAdmin()) { $sql = Database::get()->queryArray("SELECT email, id FROM user, user_department WHERE user.id = user_department.user AND " . $depwh); } else { $sql = Database::get()->queryArray("SELECT email, id FROM user"); } } elseif ($_POST['sendTo'] == "1") { // Only professors if (isDepartmentAdmin()) { $sql = Database::get()->queryArray("SELECT email, id FROM user, user_department WHERE user.id = user_department.user AND user.status = " . USER_TEACHER . " AND " . $depwh); } else { $sql = Database::get()->queryArray("SELECT email, id FROM user where status = " . USER_TEACHER . "");
} if (isset($_GET['reg_flag']) and !empty($_GET['date'])) { $query .= ' AND created ' . ($_GET['reg_flag'] == 1 ? '>=' : '<=') . ' ?s'; $date_created_at = DateTime::createFromFormat("d-m-Y H:i", $_GET['date']); $terms[] = $date_created_at->format("Y-m-d H:i:s"); } // Datatables internal search $filter_terms = array(); if (!empty($_GET['sSearch'])) { $filter_query = ' AND (title LIKE ?s OR prof_names LIKE ?s)'; $filter_terms[] = '%' . $_GET['sSearch'] . '%'; $filter_terms[] = '%' . $_GET['sSearch'] . '%'; } else { $filter_query = ''; } $query .= isDepartmentAdmin() ? ' AND course_department.department IN (' . implode(', ', $user->getDepartmentIds($uid)) . ') ' : ''; // sorting $extra_query = "ORDER BY course.title " . ($_GET['sSortDir_0'] == 'desc' ? 'DESC' : ''); // pagination if ($limit > 0) { $extra_query .= " LIMIT ?d, ?d"; $extra_terms = array($offset, $limit); } else { $extra_terms = array(); } $sql = Database::get()->queryArray("SELECT DISTINCT course.code, course.title, course.prof_names, course.visible, course.id\n FROM course, course_department, hierarchy\n WHERE course.id = course_department.course\n AND hierarchy.id = course_department.department\n {$query} {$filter_query} {$extra_query}", $terms, $filter_terms, $extra_terms); $all_results = Database::get()->querySingle("SELECT COUNT(*) as total FROM course, course_department, hierarchy\n WHERE course.id = course_department.course\n AND hierarchy.id = course_department.department\n {$query}", $terms)->total; $filtered_results = Database::get()->querySingle("SELECT COUNT(*) as total FROM course, course_department, hierarchy\n WHERE course.id = course_department.course\n AND hierarchy.id = course_department.department\n {$query} {$filter_query}", $terms, $filter_terms)->total; $data['iTotalRecords'] = $all_results; $data['iTotalDisplayRecords'] = $filtered_results; $data['aaData'] = array();
$status = USER_TEACHER; } else { $stat = Database::get()->querySingle("SELECT status FROM course_user\n WHERE user_id = ?d AND\n course_id = ?d", $uid, $course_id); if ($stat) { $status = $stat->status; } else { // the department manager has rights to the courses of his department(s) if ($is_departmentmanage_user && $is_usermanage_user && !$is_power_user && !$is_admin && isset($course_code)) { require_once 'include/lib/hierarchy.class.php'; require_once 'include/lib/course.class.php'; require_once 'include/lib/user.class.php'; $treeObj = new Hierarchy(); $courseObj = new Course(); $userObj = new User(); $atleastone = false; $subtrees = $treeObj->buildSubtrees($userObj->getDepartmentIds($uid)); $depIds = $courseObj->getDepartmentIds($course_id); foreach ($depIds as $depId) { if (in_array($depId, $subtrees)) { $atleastone = true; break; } } if ($atleastone) { $status = 1; $is_course_admin = true; $_SESSION['courses'][$course_code] = USER_DEPARTMENTMANAGER; } } } }
} // link to add a new node if (!isset($_REQUEST['action'])) { $tool_content .= action_bar(array(array('title' => $langAdd, 'url' => "{$_SERVER['SCRIPT_NAME']}?action=add", 'icon' => 'fa-plus-circle', 'level' => 'primary-label', 'button-class' => 'btn-success'), array('title' => $langBack, 'url' => "{$_SERVER['SCRIPT_NAME']}", 'icon' => 'fa-reply', 'level' => 'primary-label'))); } else { $tool_content .= action_bar(array(array('title' => $langBack, 'url' => "{$_SERVER['SCRIPT_NAME']}", 'icon' => 'fa-reply', 'level' => 'primary-label'))); } // Display all available nodes if (!isset($_GET['action'])) { // Count available nodes $nodesCount = Database::get()->querySingle("SELECT COUNT(*) as count from hierarchy")->count; $query = "SELECT max(depth) as maxdepth FROM (SELECT COUNT(parent.id) - 1 AS depth\n FROM `hierarchy` AS node, `hierarchy` AS parent\n WHERE node.lft BETWEEN parent.lft AND parent.rgt\n GROUP BY node.id\n ORDER BY node.lft) AS hierarchydepth"; $maxdepth = Database::get()->querySingle($query)->maxdepth; // Construct a table $tool_content .= "\n <table class='table-default'>\n <tr>\n <td colspan='" . ($maxdepth + 4) . "' class='right'>\n {$langManyExist}: <b>{$nodesCount}</b> {$langHierarchyNodes}\n </td>\n </tr>"; $xmldata = str_replace('"', '\\"', $tree->buildTreeDataSource(array('codesuffix' => true, 'defaults' => $user->getDepartmentIds($uid), 'allow_only_defaults' => !$is_admin))); $initopen = $tree->buildJSTreeInitOpen(); $head_content .= <<<hContent <script type="text/javascript"> /* <![CDATA[ */ \$(function() { \$( "#js-tree" ).jstree({ "plugins" : ["xml_data", "themes", "ui", "cookies", "types", "sort", "contextmenu"], "xml_data" : { "data" : "{$xmldata}", "xsl" : "nest" }, "core" : { "animation": 300,
hContent; register_posted_variables(array('title' => true, 'password' => true, 'prof_names' => true)); if (empty($prof_names)) { $prof_names = "$_SESSION[givenname] $_SESSION[surname]"; } // departments and validation $allow_only_defaults = get_config('restrict_teacher_owndep') && !$is_admin; $allowables = array(); if ($allow_only_defaults) { // Method: getDepartmentIdsAllowedForCourseCreation // fetches only specific tree nodes, not their sub-children //$user->getDepartmentIdsAllowedForCourseCreation($uid); // the code below searches for the allow_course flag in the user's department subtrees $userdeps = $user->getDepartmentIds($uid); $subs = $tree->buildSubtreesFull($userdeps); foreach ($subs as $node) { if (intval($node->allow_course) === 1) { $allowables[] = $node->id; } } } $departments = isset($_POST['department']) ? $_POST['department'] : array(); $deps_valid = true; foreach ($departments as $dep) { if ($allow_only_defaults && !in_array($dep, $allowables)) { $deps_valid = false; break; }
function shib_cas_login($type) { global $surname, $givenname, $email, $status, $language, $session, $urlServer, $is_admin, $is_power_user, $is_usermanage_user, $is_departmentmanage_user, $langUserAltAuth, $langRegistrationDenied; $alt_auth_stud_reg = get_config('alt_auth_stud_reg'); if ($alt_auth_stud_reg == 2) { $autoregister = TRUE; } else { $autoregister = FALSE; } if ($type == 'shibboleth') { $uname = $_SESSION['shib_uname']; $email = $_SESSION['shib_email']; $shib_surname = $_SESSION['shib_surname']; $shibsettings = Database::get()->querySingle("SELECT auth_settings FROM auth WHERE auth_id = 6"); if ($shibsettings) { if ($shibsettings->auth_settings != 'shibboleth' and $shibsettings->auth_settings != '') { $shibseparator = $shibsettings->auth_settings; } if (strpos($shib_surname, $shibseparator)) { $temp = explode($shibseparator, $shib_surname); $givenname = $temp[0]; $surname = $temp[1]; } } } elseif ($type == 'cas') { $uname = $_SESSION['cas_uname']; $surname = $_SESSION['cas_surname']; $givenname = $_SESSION['cas_givenname']; $email = isset($_SESSION['cas_email']) ? $_SESSION['cas_email'] : ''; $am = isset($_SESSION['cas_userstudentid']) ? $_SESSION['cas_userstudentid'] : ''; } // Attributes passed to login_hook() $attributes = array(); if (isset($_SESSION['cas_attributes'])) { foreach ($_SESSION['cas_attributes'] as $name => $value) { $attributes[strtolower($name)] = $value; } } // user is authenticated, now let's see if he is registered also in db if (get_config('case_insensitive_usernames')) { $sqlLogin = "******"; } else { $sqlLogin = "******"; } $info = Database::get()->querySingle("SELECT id, surname, username, password, givenname, status, email, lang, verified_mail FROM user WHERE username $sqlLogin", $uname); if ($info) { // if user found if ($info->password != $type) { // has different auth method - redirect to home page unset($_SESSION['shib_uname']); unset($_SESSION['shib_email']); unset($_SESSION['shib_surname']); unset($_SESSION['cas_uname']); unset($_SESSION['cas_email']); unset($_SESSION['cas_surname']); unset($_SESSION['cas_givenname']); unset($_SESSION['cas_userstudentid']); Session::Messages($langUserAltAuth, 'alert-danger'); redirect_to_home_page(); } else { // don't force email address from CAS/Shibboleth. // user might prefer a different one if (!empty($info->email)) { $email = $info->email; } $userObj = new User(); $options = login_hook(array( 'user_id' => $info->id, 'attributes' => $attributes, 'status' => $info->status, 'departments' => $userObj->getDepartmentIds($info->id), 'am' => $am)); if (!$options['accept']) { foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } Session::Messages($langRegistrationDenied, 'alert-warning'); redirect_to_home_page(); } $status = $options['status']; // update user information Database::get()->query("UPDATE user SET surname = ?s, givenname = ?s, email = ?s, status = ?d WHERE id = ?d", $surname, $givenname, $email, $status, $info->id); $userObj->refresh($info->id, $options['departments']); user_hook($_SESSION['uid']); // check for admin privileges $admin_rights = get_admin_rights($info->id); if ($admin_rights == ADMIN_USER) { $is_active = 1; // admin user is always active $_SESSION['is_admin'] = 1; $is_admin = 1; } elseif ($admin_rights == POWER_USER) { $_SESSION['is_power_user'] = 1; $is_power_user = 1; } elseif ($admin_rights == USERMANAGE_USER) { $_SESSION['is_usermanage_user'] = 1; $is_usermanage_user = 1; } elseif ($admin_rights == DEPARTMENTMANAGE_USER) { $_SESSION['is_departmentmanage_user'] = 1; $is_departmentmanage_user = 1; } $_SESSION['uid'] = $info->id; if (isset($_SESSION['langswitch'])) { $language = $_SESSION['langswitch']; } else { $language = $info->lang; } } } elseif ($autoregister and !(get_config('am_required') and empty($am))) { // if user not found and autoregister enabled, create user $verified_mail = EMAIL_UNVERIFIED; if (isset($_SESSION['cas_email'])) { $verified_mail = EMAIL_VERIFIED; } else { // redirect user to mail_verify_change.php $_SESSION['mail_verification_required'] = 1; } $options = login_hook(array( 'user_id' => null, 'attributes' => $attributes, 'am' => $am)); if (!$options['accept']) { foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } Session::Messages($langRegistrationDenied, 'alert-warning'); redirect_to_home_page(); } $status = $options['status']; $_SESSION['uid'] = Database::get()->query("INSERT INTO user SET surname = ?s, givenname = ?s, password = ?s, username = ?s, email = ?s, status = ?d, lang = ?s, am = ?s, verified_mail = ?d, registered_at = " . DBHelper::timeAfter() . ", expires_at = " . DBHelper::timeAfter(get_config('account_duration')) . ", whitelist = ''", $surname, $givenname, $type, $uname, $email, $status, $language, $options['am'], $verified_mail)->lastInsertID; $userObj = new User(); $userObj->refresh($_SESSION['uid'], $options['departments']); user_hook($_SESSION['uid']); } else { // user not registered, automatic registration disabled // redirect to registration screen foreach (array_keys($_SESSION) as $key) { unset($_SESSION[$key]); } session_destroy(); redirect_to_home_page('modules/auth/registration.php'); exit; } $_SESSION['uname'] = $uname; $_SESSION['surname'] = $surname; $_SESSION['givenname'] = $givenname; $_SESSION['email'] = $email; $_SESSION['status'] = $status; //$_SESSION['is_admin'] = $is_admin; $_SESSION['shib_user'] = 1; // now we are shibboleth user Database::get()->query("INSERT INTO loginout (loginout.id_user, loginout.ip, loginout.when, loginout.action) VALUES ($_SESSION[uid], '$_SERVER[REMOTE_ADDR]', " . DBHelper::timeAfter() . ", 'LOGIN')"); $session->setLoginTimestamp(); if (get_config('email_verification_required') and get_mail_ver_status($_SESSION['uid']) == EMAIL_VERIFICATION_REQUIRED) { $_SESSION['mail_verification_required'] = 1; // init.php is already loaded so redirect from here redirect_to_home_page('modules/auth/mail_verify_change.php'); } }