Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chamilo-lms/main/inc/lib/usermanager.lib.php

304 lines
11 KiB

<?php
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2004 Dokeos S.A.
Copyright (c) 2003 Ghent University (UGent)
Copyright (c) 2001 Universite catholique de Louvain (UCL)
Copyright (c) various contributors
Copyright (c) Bart Mollet, Hogeschool Gent
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact: Dokeos, 181 rue Royale, B-1000 Brussels, Belgium, info@dokeos.com
==============================================================================
*/
/**
==============================================================================
* This library provides functions for user management.
* Include/require it in your code to use its functionality.
*
* @package dokeos.library
==============================================================================
*/
class UserManager
{
/**
* Creates a new user for the platform
* @author Hugues Peeters <peeters@ipm.ucl.ac.be>,
* Roan Embrechts <roan_embrechts@yahoo.com>
*
* @param string $firstName
* string $lastName
* int $status
* string $email
* string $loginName
* string $password
* string $official_code (optional)
* string $phone (optional)
* string $picture_uri (optional)
* string $auth_source (optional)
*
* @return int new user id - if the new user creation succeeds
* boolean false otherwise
*
* @desc The function tries to retrieve $_user['user_id'] from the global space.
* if it exists, $_user['user_id'] is the creator id If a problem arises,
* it stores the error message in global $api_failureList
*
* @todo Add the user language to the parameters
*/
function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language="english", $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expiration_date = '0000-00-00 00:00:00', $active = 1)
{
global $_user, $userPasswordCrypted;
$table_user = Database::get_main_table(TABLE_MAIN_USER);
if ($_user['user_id'])
{
$creator_id = $_user['user_id'];
}
else
{
$creator_id = '';
}
// First check wether the login already exists
if (! UserManager::is_username_available($loginName))
return api_set_failure('login-pass already taken');
//$password = "PLACEHOLDER";
$password = ($userPasswordCrypted ? md5($password) : $password);
$sql = "INSERT INTO $table_user
SET lastname = '".mysql_real_escape_string($lastName)."',
firstname = '".mysql_real_escape_string($firstName)."',
username = '".mysql_real_escape_string($loginName)."',
status = '".mysql_real_escape_string($status)."',
password = '".mysql_real_escape_string($password)."',
email = '".mysql_real_escape_string($email)."',
official_code = '".mysql_real_escape_string($official_code)."',
picture_uri = '".mysql_real_escape_string($picture_uri)."',
creator_id = '".mysql_real_escape_string($creator_id)."',
auth_source = '".mysql_real_escape_string($auth_source)."',
phone = '".mysql_real_escape_string($phone)."',
language = '".mysql_real_escape_string($language)."',
registration_date = now(),
expiration_date = '".mysql_real_escape_string($expiration_date)."',
active = '".mysql_real_escape_string($active)."'";
$result = api_sql_query($sql);
if ($result)
{
//echo "id returned";
return mysql_insert_id();
}
else
{
//echo "false - failed" ;
return false;
}
}
/**
* Can user be deleted?
* This functions checks if there's a course in which the given user is the
* only course administrator. If that is the case, the user can't be
* deleted because the course would remain without a course admin.
* @param int $user_id The user id
* @return boolean true if user can be deleted
*/
function can_delete_user($user_id)
{
$table_course_user = Database :: get_main_table(MAIN_COURSE_USER_TABLE);
$sql = "SELECT * FROM $table_course_user WHERE status = '1' AND user_id = '".$user_id."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
while ($course = mysql_fetch_object($res))
{
$sql = "SELECT user_id FROM $table_course_user WHERE status='1' AND course_code ='".$course->course_code."'";
$res2 = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($res2) == 1)
{
return false;
}
}
return true;
}
/**
* Delete a user from the platform
* @param int $user_id The user id
* @return boolean true if user is succesfully deleted, false otherwise
*/
function delete_user($user_id)
{
if (!UserManager :: can_delete_user($user_id))
{
return false;
}
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_course_user = Database :: get_main_table(MAIN_COURSE_USER_TABLE);
$table_class_user = Database :: get_main_table(MAIN_CLASS_USER_TABLE);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_admin = Database :: get_main_table(TABLE_MAIN_ADMIN);
// Unsubscribe the user from all groups in all his courses
$sql = "SELECT * FROM $table_course c, $table_course_user cu WHERE cu.user_id = '".$user_id."' AND c.code = cu.course_code";
$res = api_sql_query($sql,__FILE__,__LINE__);
while ($course = mysql_fetch_object($res))
{
$table_group = Database :: get_course_table(GROUP_USER_TABLE, $course->db_name);
$sql = "DELETE FROM $table_group WHERE user_id = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
}
// Unsubscribe user from all classes
$sql = "DELETE FROM $table_class_user WHERE user_id = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
// Unsubscribe user from all courses
$sql = "DELETE FROM $table_course_user WHERE user_id = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
// Delete user picture
$user_info = api_get_user_info($user_id);
if(strlen($user_info['picture_uri']) > 0)
{
$img_path = api_get_path(SYS_CODE_PATH).'upload/users/'.$user_info['picture_uri'];
unlink($img_path);
}
// Delete the personal course categories
$course_cat_table = Database::get_user_personal_table(USER_COURSE_CATEGORY_TABLE);
$sql = "DELETE FROM $course_cat_table WHERE user_id = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
// Delete user from database
$sql = "DELETE FROM $table_user WHERE user_id = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
// Delete user from the admin table
$sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
// Delete the personal agenda-items from this user
$agenda_table = Database :: get_user_personal_table(PERSONAL_AGENDA);
$sql = "DELETE FROM $agenda_table WHERE user = '".$user_id."'";
api_sql_query($sql,__FILE__,__LINE__);
return true;
}
/**
* Update user information
* @param int $user_id
* @param string $firstname
* @param string $lastname
* @param string $username
* @param string $password
* @param string $auth_source
* @param string $email
* @param int $status
* @param string $official_code
* @param string $phone
* @param string $picture_uri
* @param int $creator_id
* @return boolean true if the user information was updated
*/
function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id= null )
{
global $userPasswordCrypted;
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "UPDATE $table_user SET
lastname='".mysql_real_escape_string($lastname)."',
firstname='".mysql_real_escape_string($firstname)."',
username='".mysql_real_escape_string($username)."',";
if(!is_null($password))
{
$password = $userPasswordCrypted ? md5($password) : $password;
$sql .= " password='".mysql_real_escape_string($password)."',";
}
if(!is_null($auth_source))
{
$sql .= " auth_source='".mysql_real_escape_string($auth_source)."',";
}
$sql .= "
email='".mysql_real_escape_string($email)."',
status='".mysql_real_escape_string($status)."',
official_code='".mysql_real_escape_string($official_code)."',
phone='".mysql_real_escape_string($phone)."',
picture_uri='".mysql_real_escape_string($picture_uri)."',
expiration_date='".mysql_real_escape_string($expiration_date)."',
active='".mysql_real_escape_string($active)."'";
if(!is_null($creator_id))
{
$sql .= ", creator_id='".mysql_real_escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
return api_sql_query($sql,__FILE__,__LINE__);
}
/**
* Check if a username is available
* @param string the wanted username
* @return boolean true if the wanted username is available
*/
function is_username_available($username)
{
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT username FROM $table_user WHERE username = '".addslashes($username)."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
return mysql_num_rows($res) == 0;
}
/**
* @return an array with all users of the platform.
* @todo optional course code parameter, optional sorting parameters...
* @deprecated This function isn't used anywhere in the code.
*/
function get_user_list()
{
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql_query = "SELECT * FROM $user_table";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
while ($result = mysql_fetch_array($sql_result))
{
$return_array[] = $result;
}
return $return_array;
}
/**
* Get user information
* @param string $username The username
* @return array All user information as an associative array
*/
function get_user_info($username)
{
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT * FROM $user_table WHERE username='".$username."'";
$res = api_sql_query($sql,__FILE__,__LINE__);
$user = mysql_fetch_array($res,MYSQL_ASSOC);
return $user;
}
//for survey
function get_teacher_list($course_id, $sel_teacher='')
{
$user_course_table = Database :: get_main_table(MAIN_COURSE_USER_TABLE);
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql_query = "SELECT * FROM $user_table a, $user_course_table b where a.user_id=b.user_id AND b.status=1 AND b.course_code='$course_id'";
$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
echo "<select name=\"author\">";
while ($result = mysql_fetch_array($sql_result))
{
if($sel_teacher==$result[user_id]) $selected ="selected";
echo "\n<option value=\"".$result[user_id]."\" $selected>".$result[firstname]."</option>";
}
echo "</select>";
}
}
?>