Issue #306 - Platform admin: Various corrections in the scripts for xml-import of sessions and users, increasing reliability when data with extra-whitespace is imported.

15 years ago · 24e356e318
parent bde25205ae
commit 24e356e318
3 changed files with 55 additions and 43 deletions
--- a/main/admin/session_import.php
+++ b/main/admin/session_import.php
@ -73,7 +73,7 @@ if ($_POST['formSent']) {

 					// Creating/updating users from <Sessions> <Users> base node.
 					foreach ($root->Users->User as $node_user) {
-						$username = api_utf8_decode($node_user->Username);
+						$username = trim(api_utf8_decode($node_user->Username));
 						$was_cut = false;
 						if (UserManager::is_username_too_long($username)) {
 							// The given username is too long.
@ -86,16 +86,16 @@ if ($_POST['formSent']) {
 							if ($was_cut) {
 								$error_msg .= get_lang('UsernameTooLongWasCut').' '.get_lang('From').' '.$user_name_dist.' '.get_lang('To').' '.$username.' <br />';
 							}
-							$lastname = api_utf8_decode($node_user->Lastname);
-							$firstname = api_utf8_decode($node_user->Firstname);
+							$lastname = trim(api_utf8_decode($node_user->Lastname));
+							$firstname = trim(api_utf8_decode($node_user->Firstname));
 							$password = api_utf8_decode($node_user->Password);
 							if (empty($password)) {
 								$password = api_generate_password();
 							}
-							$email = api_utf8_decode($node_user->Email);
-							$official_code = api_utf8_decode($node_user->OfficialCode);
-							$phone = api_utf8_decode($node_user->Phone);
-							$status = api_utf8_decode($node_user->Status);
+							$email = trim(api_utf8_decode($node_user->Email));
+							$official_code = trim(api_utf8_decode($node_user->OfficialCode));
+							$phone = trim(api_utf8_decode($node_user->Phone));
+							$status = trim(api_utf8_decode($node_user->Status));
 							switch ($status) {
 								case 'student' : $status = 5; break;
 								case 'teacher' : $status = 1; break;
@ -138,13 +138,13 @@ if ($_POST['formSent']) {
 								@api_mail($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin);
 							}
 						} else {
-							$lastname = api_utf8_decode($node_user->Lastname);
-							$firstname = api_utf8_decode($node_user->Firstname);
+							$lastname = trim(api_utf8_decode($node_user->Lastname));
+							$firstname = trim(api_utf8_decode($node_user->Firstname));
 							$password = api_utf8_decode($node_user->Password);
-							$email = api_utf8_decode($node_user->Email);
-							$official_code = api_utf8_decode($node_user->OfficialCode);
-							$phone = api_utf8_decode($node_user->Phone);
-							$status = api_utf8_decode($node_user->Status);
+							$email = trim(api_utf8_decode($node_user->Email));
+							$official_code = trim(api_utf8_decode($node_user->OfficialCode));
+							$phone = trim(api_utf8_decode($node_user->Phone));
+							$status = trim(api_utf8_decode($node_user->Status));
 							switch ($status) {
 								case 'student' : $status = 5; break;
 								case 'teacher' : $status = 1; break;
@ -169,11 +169,11 @@ if ($_POST['formSent']) {
 				// Creating  courses from <Sessions> <Courses> base node.
 				if (count($root->Courses->Course) > 0) {
 					foreach ($root->Courses->Course as $courseNode) {
-						$course_code = api_utf8_decode($courseNode->CourseCode);
-						$title = api_utf8_decode($courseNode->CourseTitle);
+						$course_code = trim(api_utf8_decode($courseNode->CourseCode));
+						$title = trim(api_utf8_decode($courseNode->CourseTitle));
 						$description = api_utf8_decode($courseNode->CourseDescription);
-						$language = api_utf8_decode($courseNode->CourseLanguage);
-						$username = api_utf8_decode($courseNode->CourseTeacher);
+						$language = trim(api_utf8_decode($courseNode->CourseLanguage));
+						$username = trim(api_utf8_decode($courseNode->CourseTeacher));

 						// Looking up for the teacher.
 						$sql = "SELECT user_id, lastname, firstname FROM $tbl_user WHERE username='$username'";
@ -245,8 +245,8 @@ if ($_POST['formSent']) {
 						$course_counter = 0;
 						$user_counter = 0;

-						$session_name = api_utf8_decode($node_session->SessionName);
-						$coach = api_utf8_decode($node_session->Coach);
+						$session_name = trim(api_utf8_decode($node_session->SessionName));
+						$coach = trim(api_utf8_decode($node_session->Coach));

 						if (!empty($coach)) {
 							$coach_id = UserManager::get_user_id_from_username($coach);
@ -260,7 +260,7 @@ if ($_POST['formSent']) {
 							$coach_id = api_get_user_id();
 						}

-						$date_start = api_utf8_decode($node_session->DateStart); // Just in case - encoding conversion.
+						$date_start = trim(api_utf8_decode($node_session->DateStart)); // Just in case - encoding conversion.

 						if (!empty($date_start)) {
 							list($year_start, $month_start, $day_start) = explode('-', $date_start);
@ -271,7 +271,7 @@ if ($_POST['formSent']) {
 								$time_start = mktime(0, 0, 0, $month_start, $day_start, $year_start);
 							}

-							$date_end = api_utf8_decode($node_session->DateEnd);
+							$date_end = trim(api_utf8_decode($node_session->DateEnd));
 							if (!empty($date_start)) {
 								list($year_end, $month_end, $day_end) = explode('-', $date_end);
 								if (empty($year_end) || empty($month_end) || empty($day_end)) {
@ -372,7 +372,7 @@ if ($_POST['formSent']) {

 						// Adding courses to a session.
 						foreach ($node_session->Course as $node_course) {
-							$course_code = Database::escape_string(api_utf8_decode($node_course->CourseCode));
+							$course_code = Database::escape_string(trim(api_utf8_decode($node_course->CourseCode)));
 							// Verify that the course pointed by the course code node exists.
 							if (CourseManager::course_exists($course_code)) {
 								// If the course exists we continue.
--- a/main/admin/user_import.php
+++ b/main/admin/user_import.php
@ -22,50 +22,50 @@ function validate_data($users) {
 	$errors = array();
 	$usernames = array();
 	foreach ($users as $index => $user) {
-		// 1. check if mandatory fields are set
+		// 1. Check if mandatory fields are set.
 		$mandatory_fields = array('LastName', 'FirstName');
 		if (api_get_setting('registration', 'email') == 'true') {
 			$mandatory_fields[] = 'Email';
 		}
 		foreach ($mandatory_fields as $key => $field) {
-			if (!isset ($user[$field]) || strlen($user[$field]) == 0) {
+			if (empty($user[$field])) {
 				$user['error'] = get_lang($field.'Mandatory');
 				$errors[] = $user;
 			}
 		}
-		// 2. check username
-		if (isset ($user['UserName']) && strlen($user['UserName']) != 0) {
-			// 2.1. check if no username was used twice in import file
+		// 2. Check username.
+		if (UserManager::is_username_empty($user['UserName'])) {
+			// 2.1. Check if no username was used twice in import file.
 			if (isset ($usernames[$user['UserName']])) {
 				$user['error'] = get_lang('UserNameUsedTwice');
 				$errors[] = $user;
 			}
 			$usernames[$user['UserName']] = 1;
-			// 2.2. check if username isn't allready in use in database
+			// 2.2. Check if username isn't allready in use in database.
 			if (!UserManager :: is_username_available($user['UserName'])) {
 				$user['error'] = get_lang('UserNameNotAvailable');
 				$errors[] = $user;
 			}
-			// 2.3. check if username isn't longer than the 20 allowed characters
+			// 2.3. Check if username isn't longer than the 20 allowed characters.
 			if (UserManager::is_username_too_long($user['UserName'])) {
 				$user['error'] = get_lang('UserNameTooLong');
 				$errors[] = $user;
 			}
 		}
-		// 3. check status
+		// 3. Check status.
 		if (isset ($user['Status']) && !api_status_exists($user['Status'])) {
 			$user['error'] = get_lang('WrongStatus');
 			$errors[] = $user;
 		}
 		// 4. Check classname
-		if (isset ($user['ClassName']) && strlen($user['ClassName']) != 0) {
+		if (!empty($user['ClassName'])) {
 			if (!ClassManager :: class_name_exists($user['ClassName'])) {
 				$user['error'] = get_lang('ClassNameNotAvailable');
 				$errors[] = $user;
 			}
 		}
 		// 5. Check authentication source
-		if (isset ($user['AuthSource']) && strlen($user['AuthSource']) != 0) {
+		if (!empty($user['AuthSource'])) {
 			if (!in_array($user['AuthSource'], $defined_auth_sources)) {
 				$user['error'] = get_lang('AuthSourceNotAvailable');
 				$errors[] = $user;
@ -80,19 +80,19 @@ function validate_data($users) {
 */
 function complete_missing_data($user) {
 	// 1. Create a username if necessary.
-	if (!isset ($user['UserName']) || strlen($user['UserName']) == 0) {
+	if (UserManager::is_username_empty($user['UserName'])) {
 		$user['UserName'] = UserManager::create_unique_username($user['FirstName'], $user['LastName']);
 	}
 	// 2. Generate a password if necessary.
-	if (!isset ($user['Password']) || strlen($user['Password']) == 0) {
+	if (empty($user['Password'])) {
 		$user['Password'] = api_generate_password();
 	}
 	// 3. Set status if not allready set.
-	if (!isset ($user['Status']) || strlen($user['Status']) == 0) {
+	if (empty($user['Status'])) {
 		$user['Status'] = 'user';
 	}
 	// 4. Set authsource if not allready set.
-	if (!isset ($user['AuthSource']) || strlen($user['AuthSource']) == 0) {
+	if (empty($user['AuthSource'])) {
 		$user['AuthSource'] = PLATFORM_AUTH_SOURCE;
 	}
 	return $user;
@ -144,7 +144,7 @@ function save_data($users) {
 					}
 				}
 			}
-			if (strlen($user['ClassName']) > 0) {
+			if (!empty($user['ClassName'])) {
 				$class_id = ClassManager :: get_class_id($user['ClassName']);
 				ClassManager :: add_user($user_id, $class_id);
 			}
@ -258,11 +258,11 @@ $cidReset = true;
 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script();

-require_once (api_get_path(LIBRARY_PATH).'fileManage.lib.php');
-require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
-require_once (api_get_path(LIBRARY_PATH).'classmanager.lib.php');
-require_once (api_get_path(LIBRARY_PATH).'import.lib.php');
-require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
+require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
+require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
+require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
+require_once api_get_path(LIBRARY_PATH).'import.lib.php';
+require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';

 $defined_auth_sources[] = PLATFORM_AUTH_SOURCE;
 if (is_array($extAuthSource)) {
@ -396,6 +396,7 @@ if ($count_fields > 0) {
 		$i++;
 	}
 }
+
 ?>
 <p><?php echo get_lang('CSVMustLookLike').' ('.get_lang('MandatoryFields').')'; ?> :</p>

--- a/main/inc/lib/usermanager.lib.php
+++ b/main/inc/lib/usermanager.lib.php
@ -405,6 +405,17 @@ class UserManager {
 		return $username;
 	}

+	/**
+	 * Checks whether a username is empty. If the username contains whitespace characters, such as spaces, tabulators, newlines, etc.,
+	 * it is assumed as empty too. So, this function is safe for validation unpurified data.
+	 * Note: The empty username is reserved for the anonymous user.
+	 * @param string $username			The given username.
+	 * @return bool						Returns TRUE if length of the username exceeds the limit, FALSE otherwise.
+	 */
+	public static function is_username_empty($username) {
+		return (strlen(trim($username)) == 0);
+	}
+
 	/**
 	 * Checks whether a username is too long or not.
 	 * @param string $username			The given username, it should contain only ASCII-letters and digits.
@ -420,7 +431,7 @@ class UserManager {
 	 * @return string					Retuens the username with length that does not exceed the defined limit.
 	 */
 	public static function cut_username($username) {
-		return substr($username, 0, USERNAME_MAX_LENGTH);
+		return substr(trim($username), 0, USERNAME_MAX_LENGTH);
 	}

 	/**