Adding new admin function in usermanager add_user_as_admin, delete_user_admin using UserManager::is_admin see 4682

main/admin/user_add.php

@@ -20,9 +20,6 @@ $this_section = SECTION_PLATFORM_ADMIN;
 // User permissions
 api_protect_admin_script();
 
-// Database table definitions
-$table_admin 	= Database::get_main_table(TABLE_MAIN_ADMIN);
-
 $htmlHeadXtra[] = '
 <script type="text/javascript">
 <!--
@@ -235,7 +232,7 @@ $form->addGroup($html_results_enabled);
 if( $form->validate()) {
 	$check = Security::check_token('post');
 	if ($check) {
-		$user = $form->exportValues();			
+		$user = $form->exportValues();
 		$lastname       = $user['lastname'];
 		$firstname      = $user['firstname'];
 		$official_code  = $user['official_code'];
@@ -248,7 +245,7 @@ if( $form->validate()) {
 		$platform_admin = intval($user['admin']['platform_admin']);
 		$send_mail      = intval($user['mail']['send_mail']);
 		$hr_dept_id     = intval($user['hr_dept_id']);
-        
+
 		if (count($extAuthSource) > 0 && $user['password']['password_auto'] == '2') {
 			$auth_source = $user['password']['auth_source'];
 			$password = 'PLACEHOLDER';
@@ -256,25 +253,25 @@ if( $form->validate()) {
 			$auth_source = PLATFORM_AUTH_SOURCE;
 			$password = $user['password']['password_auto'] == '1' ? api_generate_password() : $user['password']['password'];
 		}
-        
+
 		if ($user['radio_expiration_date'] == '1') {
 			$expiration_date = $user['expiration_date'];
 		} else {
 			$expiration_date = '0000-00-00 00:00:00';
 		}
-        
+
 		$active = intval($user['active']);
-    
+
         if (api_get_setting('login_is_email') == 'true') {
             $username = $email;
         }
 
 		$user_id = UserManager::create_user($firstname, $lastname, $status, $email, $username, $password, $official_code, $language, $phone, null, $auth_source, $expiration_date, $active, $hr_dept_id, null, null, $send_mail);
-        
+
 		Security::clear_token();
 		$tok = Security::get_token();
 		if ($user_id === false) {
-			//If any error ocurred during user creation, print it (api_failureList 
+			//If any error ocurred during user creation, print it (api_failureList
 			// stores values as separate words, so rework it
 			$message = '';
 			$message_bits = explode(' ',api_get_last_failure());
@@ -293,8 +290,7 @@ if( $form->validate()) {
 				}
 			}
 			if ($platform_admin) {
-				$sql = "INSERT INTO $table_admin SET user_id = '".$user_id."'";
-				Database::query($sql);
+                UserManager::add_user_as_admin($user_id);
 			}
 			$message = get_lang('UserAdded');
 		}

main/admin/user_edit.php

@@ -339,11 +339,9 @@ if ( $form->validate()) {
 		}
 		if ($user_id != $_SESSION['_uid']) {
 			if ($platform_admin == 1) {
-				$sql = "INSERT IGNORE INTO $table_admin SET user_id = '".$user_id."'";
-				Database::query($sql);
+                UserManager::add_user_as_admin($user_id);
 			} else {
-				$sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'";
-				Database::query($sql);
+                UserManager::remove_user_admin($user_id);
 			}
 		}
 

main/exercice/exercise_result.php

@@ -45,9 +45,6 @@ $this_section = SECTION_COURSES;
 /* 	ACCESS RIGHTS  */
 api_protect_course_script(true);
 
-// Database table definitions
-$main_admin_table       = Database::get_main_table(TABLE_MAIN_ADMIN);
-
 if ($debug){ error_log('Entering exercise_result.php: '.print_r($_POST,1));}
 
 // general parameters passed via POST/GET
@@ -65,7 +62,7 @@ if (empty($objExercise)) {
 	if (!empty($exercise_stat_info) && isset($exercise_stat_info['exe_exo_id'])) {
 		header("Location: overview.php?exerciseId=".$exercise_stat_info['exe_exo_id']);
 		exit;
-	}	
+	}
     api_not_allowed();
 }
 
@@ -93,7 +90,7 @@ $show_results     = false;
 $show_only_score  = false;
 
 if ($objExercise->results_disabled == 0) {
-    $show_results = true;	
+    $show_results = true;
 }
 
 if ($objExercise->results_disabled == 2) {
@@ -121,7 +118,7 @@ $safe_lp_id              = $exercise_stat_info['orig_lp_id'];
 $safe_lp_item_id         = $exercise_stat_info['orig_lp_item_id'];
 $safe_lp_item_view_id    = $exercise_stat_info['orig_lp_item_view_id'];
 
-if ($origin == 'learnpath') {		
+if ($origin == 'learnpath') {
 ?>
 	<form method="get" action="exercice.php?<?php echo api_get_cidreq() ?>">
 	<input type="hidden" name="origin" 					value="<?php echo $origin; ?>" />
@@ -133,21 +130,21 @@ if ($origin == 'learnpath') {
 
 $i = $total_score = $total_weight = 0;
 
-//We check if the user attempts before sending to the exercise_result.php                
+//We check if the user attempts before sending to the exercise_result.php
 if ($objExercise->selectAttempts() > 0) {
-    $attempt_count = get_attempt_count(api_get_user_id(), $objExercise->id, $safe_lp_id, $safe_lp_item_id, $safe_lp_item_view_id);                
-    if ($attempt_count >= $objExercise->selectAttempts()) {        
+    $attempt_count = get_attempt_count(api_get_user_id(), $objExercise->id, $safe_lp_id, $safe_lp_item_id, $safe_lp_item_view_id);
+    if ($attempt_count >= $objExercise->selectAttempts()) {
         Display :: display_warning_message(sprintf(get_lang('ReachedMaxAttempts'), $objExercise->selectTitle(), $objExercise->selectAttempts()), false);
         if ($origin != 'learnpath') {
             //we are not in learnpath tool
             Display::display_footer();
-        }                                      
+        }
         exit;
     }
 }
 
 
-$user_info   = api_get_user_info(api_get_user_id());     
+$user_info   = api_get_user_info(api_get_user_id());
 if ($show_results || $show_only_score) {
     echo $exercise_header = $objExercise->show_exercise_result_header(api_get_person_name($user_info['firstName'], $user_info['lastName']));
 }
@@ -172,43 +169,43 @@ if (!empty($question_list)) {
 	foreach ($question_list as $questionId) {
 	    // destruction of the Question object
 		unset($objQuestionTmp);
-		
+
 		// gets the student choice for this question
 		$choice                = $exerciseResult[$questionId];
-	    
+
 		// creates a temporary Question object
 		$objQuestionTmp        = Question :: read($questionId);
-			
-		//this variable commes from exercise_submit_modal.php	
-	
-		//$hotspot_delineation_result = $_SESSION['hotspot_delineation_result'][$objExercise->selectId()][$quesId]; 
-		
+
+		//this variable commes from exercise_submit_modal.php
+
+		//$hotspot_delineation_result = $_SESSION['hotspot_delineation_result'][$objExercise->selectId()][$quesId];
+
 		if ($show_results) {
 		    // show category
 		    Testcategory::displayCategoryAndTitle($objQuestionTmp->id);
-	    	// show titles    	
+	    	// show titles
 	    	echo $objQuestionTmp->return_header($objExercise->feedback_type, $counter);
-	    	$counter++;    	
+	    	$counter++;
 		}
-		
+
 	    // We're inside *one* question. Go through each possible answer for this question
-	    $result = $objExercise->manage_answer($exercise_stat_info['exe_id'], $questionId, null ,'exercise_result', array(), false, true, $show_results, $objExercise->selectPropagateNeg(), $hotspot_delineation_result);	    
-	   	
-	    $total_score     += $result['score'];    
-	    $total_weight    += $result['weight'];    
+	    $result = $objExercise->manage_answer($exercise_stat_info['exe_id'], $questionId, null ,'exercise_result', array(), false, true, $show_results, $objExercise->selectPropagateNeg(), $hotspot_delineation_result);
+
+	    $total_score     += $result['score'];
+	    $total_weight    += $result['weight'];
 	} // end foreach() block that loops over all questions
 }
 
 if ($origin != 'learnpath') {
     if ($show_results || $show_only_score) {
         echo '<div id="question_score">';
-        echo get_lang('YourTotalScore')." ";	
+        echo get_lang('YourTotalScore')." ";
         if ($objExercise->selectPropagateNeg() == 0 && $total_score < 0) {
     	    $total_score = 0;
-        }     
+        }
         echo show_score($total_score, $total_weight, false, true, true, $objExercise->selectPassPercentage());
         echo '</div>';
-    }    
+    }
 }
 
 // Tracking of results
@@ -217,8 +214,8 @@ if ($origin != 'learnpath') {
 
 $quiz_duration = (!empty($_SESSION['quizStartTime']) ? time() - $_SESSION['quizStartTime'] : 0);
 
-if (api_is_allowed_to_session_edit()) {	
-	update_event_exercice($exercise_stat_info['exe_id'], $objExercise->selectId(), $total_score, $total_weight, api_get_session_id(), $safe_lp_id, $safe_lp_item_id, $safe_lp_item_view_id, $quiz_duration, $question_list, '');	
+if (api_is_allowed_to_session_edit()) {
+	update_event_exercice($exercise_stat_info['exe_id'], $objExercise->selectId(), $total_score, $total_weight, api_get_session_id(), $safe_lp_id, $safe_lp_item_id, $safe_lp_item_view_id, $quiz_duration, $question_list, '');
 }
 
 //If is not valid
@@ -232,12 +229,12 @@ if (isset($session_control_key) && !exercise_time_control_is_valid($objExercise-
 //Unset session for clock time
 exercise_time_control_delete($objExercise->id);
 
-if ($origin != 'learnpath') {	
+if ($origin != 'learnpath') {
 	Display::display_footer();
 } else {
 	$lp_mode =  $_SESSION['lp_mode'];
 	$url = '../newscorm/lp_controller.php?cidReq='.api_get_course_id().'&action=view&lp_id='.$safe_lp_id.'&lp_item_id='.$safe_lp_item_id.'&exeId='.$exercise_stat_info['exe_id'].'&fb_type='.$objExercise->feedback_type;
-	//echo $total_score.','.$total_weight;	exit;	
+	//echo $total_score.','.$total_weight;	exit;
 	$href = ($lp_mode == 'fullscreen')?' window.opener.location.href="'.$url.'" ':' top.location.href="'.$url.'" ';
 	echo '<script type="text/javascript">'.$href.'</script>'."\n";
 	//record the results in the learning path, using the SCORM interface (API)
@@ -246,8 +243,8 @@ if ($origin != 'learnpath') {
 }
 
 // Send notification..
-if (!api_is_allowed_to_edit(null,true)) {	
-    $objExercise->send_notification($arrques, $arrans, $origin);	
+if (!api_is_allowed_to_edit(null,true)) {
+    $objExercise->send_notification($arrques, $arrans, $origin);
 }
 if (api_is_allowed_to_session_edit()) {
 	Session::erase('objExercise');

main/inc/lib/usermanager.lib.php

@@ -3695,4 +3695,23 @@ EOF;
         $types[self::USER_FIELD_TYPE_TIMEZONE]        = get_lang('FieldTypeTimezone');
         $types[self::USER_FIELD_TYPE_SOCIAL_PROFILE]  = get_lang('FieldTypeSocialProfile');
     }
+
+    function add_user_as_admin($user_id) {
+        $table_admin = Database :: get_main_table(TABLE_MAIN_ADMIN);
+        $user_id = intval($user_id);
+
+        if (!self::is_admin($user_id)) {
+            $sql = "INSERT INTO $table_admin SET user_id = '".$user_id."'";
+            Database::query($sql);
+        }
+    }
+
+    function remove_user_admin($user_id) {
+        $table_admin = Database :: get_main_table(TABLE_MAIN_ADMIN);
+        $user_id = intval($user_id);
+        if (self::is_admin($user_id)) {
+            $sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'";
+            Database::query($sql);
+        }
+    }
 }

main/inc/local.inc.php

@@ -264,7 +264,7 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
 						$temp_user_id = $uData['user_id'];
 
 						$term_and_condition_status = api_check_term_condition($temp_user_id);//false or true
-                        
+
 						if ($term_and_condition_status === false) {
                             $_SESSION['term_and_condition'] = array('user_id'   => $temp_user_id,
                                                                     'login'     => $login,
@@ -295,17 +295,8 @@ if (!empty($_SESSION['_user']['user_id']) && ! ($login || $logout)) {
 							global $_configuration;
 
                             if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) {
-								$admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
-
 								//Check if user is an admin
-								$sql = "SELECT user_id FROM $admin_table
-										WHERE user_id = '".intval($uData['user_id'])."' LIMIT 1";
-								$result = Database::query($sql);
-
-								$my_user_is_admin = false;
-								if (Database::num_rows($result) > 0) {
-									$my_user_is_admin = true;
-								}
+                                $my_user_is_admin = UserManager::is_admin($uData['user_id']);
 
 								// This user is subscribed in these sites => $my_url_list
 								$my_url_list = api_get_access_url_from_user($uData['user_id']);

main/install/db_main.sql

@@ -82,7 +82,7 @@ CREATE TABLE IF NOT EXISTS admin (
 
 /*!40000 ALTER TABLE admin DISABLE KEYS */;
 LOCK TABLES admin WRITE;
-INSERT INTO admin VALUES (1);
+INSERT INTO admin VALUES (1, 1);
 UNLOCK TABLES;
 /*!40000 ALTER TABLE admin ENABLE KEYS */;
 

main/mySpace/user_add.php

@@ -7,6 +7,32 @@ $cidReset = true;
 
 exit; //@deprecated file seems to be unused
 
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 // including necessary libraries
 require_once '../inc/global.inc.php';
 $libpath = api_get_path(LIBRARY_PATH);