Checking if user is added in the URL via a session see BT#3685

14 years ago · 8501f0e593
parent 897d79f15c
commit 8501f0e593
2 changed files with 233 additions and 68 deletions
--- a/main/admin/access_url_check_user_session.php
+++ b/main/admin/access_url_check_user_session.php
@ -0,0 +1,122 @@
 <?php
 /* For licensing terms, see /license.txt */
 /**
 *	@author Bart Mollet, Julio Montoya lot of fixes
 *	@package chamilo.admin
 */
 /*		INIT SECTION */
 // name of the language file that needs to be included
 $language_file = 'admin';
 $cidReset = true;
 require_once '../inc/global.inc.php';
 require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php';
 // setting the section (for the tabs)
 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
 $tool_name = get_lang('SessionOverview');
 $interbreadcrumb[]=array('url' => 'index.php','name' => get_lang('PlatformAdmin'));
 $interbreadcrumb[]=array('url' => 'session_list.php','name' => get_lang('SessionList'));
 // Database Table Definitions
 $tbl_user							= Database::get_main_table(TABLE_MAIN_USER);
 $tbl_session_rel_user				= Database::get_main_table(TABLE_MAIN_SESSION_USER);
 $table_access_url_user              = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
 $action = $_GET['action'];
 switch($action) {
    case 'add_user_to_url':        
        $user_id = $_REQUEST['user_id'];
        $result = UrlManager::add_user_to_url($user_id);
        $user_info = api_get_user_info($user_id);
        if ($result) {
            $message = Display::return_message(get_lang('UserAdded').' '.api_get_person_name($user_info['firstname'], $user_info['lastname']), 'confirm');
        }
        break;    
 }
 Display::display_header($tool_name);
 if (!empty($message)) {
    echo $message;
 }
 $multiple_url_is_on = api_get_multiple_access_url();
 $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
 $session_list = SessionManager::get_sessions_list();
 $url_id = api_get_current_access_url_id();
 $html = '';
 $show_users_with_problems = isset($_REQUEST['show_users_with_problems']) && $_REQUEST['show_users_with_problems'] == 1 ? true : false;
 if ($show_users_with_problems) {
    $html .= '<a href="'.api_get_self().'?show_users_with_problems=0">'.get_lang('ShowAllUsers').'</a>';
 } else {
    $html .= '<a href="'.api_get_self().'?show_users_with_problems=1">'.get_lang('ShowUsersNotAddedInTheURL').'</a>';
 }
 foreach($session_list  as $session_item) {
    $session_id = $session_item['id'];
    $html .= '<h3>'.$session_item['name'].'</h3>';
    $access_where = "(access_url_id = $url_id OR access_url_id is null )";
    if ($show_users_with_problems) {
        $access_where = "(access_url_id is null)";
    }
    $sql = "SELECT u.user_id, lastname, firstname, username, access_url_id
            FROM $tbl_user u
            INNER JOIN $tbl_session_rel_user su
            ON u.user_id = su.id_user AND su.relation_type<>".SESSION_RELATION_TYPE_RRHH."
            LEFT OUTER JOIN $table_access_url_user uu ON (uu.user_id = u.user_id)
            WHERE su.id_session = $session_id AND $access_where
            $order_clause";
    $result = Database::query($sql);
    $users  = Database::store_result($result);
    if (!empty($users)) {
        $html .= '<table class="data_table"><tr><th>'.get_lang('User').'<th>'.get_lang('Actions').'</th></tr>';   
        foreach ($users as $user) {
            $user_link = '';
            if (!empty($user['user_id'])) {
                $user_link = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.intval($user['user_id']).'">'.api_htmlentities(api_get_person_name($user['firstname'], $user['lastname']),ENT_QUOTES,$charset).' ('.$user['username'].')</a>';
            }
            $link_to_add_user_in_url = '';
            if ($multiple_url_is_on) {
                if ($user['access_url_id'] != $url_id) {            
                    $user_link .= ' '.Display::return_icon('warning.png', get_lang('UserNotAddedInURL'), array(), 22);
                    $add = Display::return_icon('add.png', get_lang('AddUsersToURL'), array(), 22);                    
                    $link_to_add_user_in_url = '<a href="'.api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']).'&action=add_user_to_url&id_session='.$id_session.'&user_id='.$user['user_id'].'">'.$add.'</a>';
                }                
            }
            $html .= '<tr>
                    <td>
                        <b>'.$user_link.'</b>
                    </td>
                    <td>
                        '.$link_to_add_user_in_url.'
                    </td>
                    </tr>';
        }
        $html .= '</table>';
    } else {
        //$html .= get_lang('');
    }
 }
 echo $html;
 // footer
 Display :: display_footer();
--- a/main/admin/resume_session.php
+++ b/main/admin/resume_session.php
@ -31,10 +31,12 @@ $tbl_course							= Database::get_main_table(TABLE_MAIN_COURSE);
 $tbl_user							= Database::get_main_table(TABLE_MAIN_USER);
 $tbl_session_rel_user				= Database::get_main_table(TABLE_MAIN_SESSION_USER);
 $tbl_session_rel_course_rel_user	= Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
 $tbl_class							= Database::get_main_table(TABLE_MAIN_CLASS);
 $tbl_class_rel_user					= Database::get_main_table(TABLE_MAIN_CLASS_USER);
 $tbl_session_category				= Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
 $table_access_url_session           = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
 $table_access_url_user           = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
 $id_session = (int)$_GET['id_session'];
 $sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start,"%d-%m-%Y") as date_start, DATE_FORMAT(date_end,"%d-%m-%Y") as date_end, lastname, firstname, username, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id, visibility
@ -45,7 +47,7 @@ $rs = Database::query($sql);
 $session = Database::store_result($rs);
 $session = $session[0];
-if(!api_is_platform_admin() && $session['session_admin_id']!=$_user['user_id']) {
+if(!api_is_platform_admin() && $session['session_admin_id'] != $_user['user_id']) {
 	api_not_allowed(true);
 }
@ -59,7 +61,18 @@ if (Database::num_rows($rs)>0) {
 	$session_category = $rows_session_category['name'];
 }
-if($_GET['action'] == 'delete') {
+$action = $_GET['action'];
 switch($action) {
    case 'add_user_to_url':        
        $user_id = $_REQUEST['user_id'];
        $result = UrlManager::add_user_to_url($user_id);
        $user_info = api_get_user_info($user_id);
        if ($result) {
            $message = Display::return_message(get_lang('UserAdded').' '.api_get_person_name($user_info['firstname'], $user_info['lastname']), 'confirm');
        }
        break;
    case 'delete':
        $idChecked = $_GET['idChecked'];
        if(is_array($idChecked)) {
            $my_temp = array();
@ -94,6 +107,7 @@ if($_GET['action'] == 'delete') {
            Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session'");
        }
        break;
 }
 Display::display_header($tool_name);
@ -101,14 +115,20 @@ if (!empty($_GET['warn'])) {
    Display::display_warning_message(urldecode($_GET['warn']));
 }
 if (!empty($message)) {
    echo $message;
 }
 echo Display::tag('h1', Display::return_icon('session.png', get_lang('Session')).' '.$session['name']);
 //echo Display::tag('h3', $tool_name);
 ?>
 <!-- General properties -->
 <table class="data_table" width="100%">
 <tr>
-  <th colspan="2"><?php echo get_lang('GeneralProperties'); ?>
+  <th colspan="2">
-  	<a href="session_edit.php?page=resume_session.php&id=<?php echo $id_session; ?>"><?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a>
+      <?php echo get_lang('GeneralProperties'); ?>
      <a href="session_edit.php?page=resume_session.php&id=<?php echo $id_session; ?>">
          <?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?>
      </a>
  </th>
 </tr>
 <tr>
@ -173,7 +193,9 @@ echo Display::tag('h1', Display::return_icon('session.png', get_lang('Session'))
 <?php 
-if (api_get_multiple_access_url()) {
+$multiple_url_is_on = api_get_multiple_access_url();
 if ($multiple_url_is_on) {
    echo '<tr><td>';   
    echo 'URL';    
    echo '</td>';
@ -191,21 +213,19 @@ if (api_get_multiple_access_url()) {
 <table class="data_table" width="100%">
 <tr>
  <th colspan="4"><?php echo get_lang('CourseList'); ?>
-  	<a href="add_courses_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>"><?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a></th>
+  	<a href="add_courses_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>">
        <?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a>  
  </th>
 </tr>
 <tr>
  <tr>
  <th width="35%"><?php echo get_lang('CourseTitle'); ?></th>
  <th width="30%"><?php echo get_lang('CourseCoach'); ?></th>
  <th width="20%"><?php echo get_lang('UsersNumber'); ?></th>
  <th width="15%"><?php echo get_lang('Actions'); ?></th>
 </tr>
 </tr>
 <?php
-if ($session['nbr_courses']==0){
+if ($session['nbr_courses'] == 0){
-	echo '
+	echo '<tr>
 		<tr>
 			<td colspan="4">'.get_lang('NoCoursesForThisSession').'</td>
 		</tr>';
 } else {
@ -215,10 +235,9 @@ if ($session['nbr_courses']==0){
 			WHERE course_code = code
 			AND	id_session='$id_session'
 			ORDER BY title";
 	$result=Database::query($sql);
 	$courses=Database::store_result($result);
-	foreach($courses as $course){
+	foreach($courses as $course) {
 		//select the number of users
 		$sql = " SELECT count(*) FROM $tbl_session_rel_user sru, $tbl_session_rel_course_rel_user srcru
@ -274,33 +293,56 @@ if ($session['nbr_courses']==0){
 <table class="data_table" width="100%">
 <tr>
  <th colspan="4"><?php echo get_lang('UserList'); ?>
-  	<a href="add_users_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>"><?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a></th>
+  	<a href="add_users_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>">
        <?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?>
    </a></th>
  </th>
 </tr>
 </tr>
 <?php
-if($session['nbr_users']==0){
+
-	echo '
+if ($session['nbr_users']==0) {
-		<tr>
+	echo '<tr>
 			<td colspan="2">'.get_lang('NoUsersForThisSession').'</td>
 		</tr>';
 } else {    
 	$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
-	$sql = 'SELECT '.$tbl_user.'.user_id, lastname, firstname, username '.
+    if ($multiple_url_is_on) {
-			' FROM '.$tbl_user.
+        $url_id = api_get_current_access_url_id();        
-			' INNER JOIN '.$tbl_session_rel_user.
+        $sql = "SELECT u.user_id, lastname, firstname, username, access_url_id
-			' ON '.$tbl_user.'.user_id = '.$tbl_session_rel_user.'.id_user AND '.$tbl_session_rel_user.'.relation_type<>'.SESSION_RELATION_TYPE_RRHH.
+                FROM $tbl_user u
-			' AND '.$tbl_session_rel_user.'.id_session = '.$id_session.$order_clause;
+                INNER JOIN $tbl_session_rel_user su
                ON u.user_id = su.id_user AND su.relation_type<>".SESSION_RELATION_TYPE_RRHH."
                LEFT OUTER JOIN $table_access_url_user uu ON (uu.user_id = u.user_id)
                WHERE su.id_session = $id_session AND (access_url_id = $url_id OR access_url_id is null )
                $order_clause";
    } else {
        $sql = "SELECT u.user_id, lastname, firstname, username
                FROM $tbl_user u
                INNER JOIN $tbl_session_rel_user su
                ON u.user_id = su.id_user AND su.relation_type<>".SESSION_RELATION_TYPE_RRHH."
                AND su.id_session = ".$id_session.$order_clause;
    }
-	$result=Database::query($sql);
+	$result = Database::query($sql);
-	$users=Database::store_result($result);
+	$users  = Database::store_result($result);
 	$orig_param = '&origin=resume_session&id_session='.$id_session; // change breadcrumb in destination page
-	foreach($users as $user){
+	foreach ($users as $user){
        $user_link = '';
        if (!empty($user['user_id'])) {
            $user_link = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.intval($user['user_id']).'">'.api_htmlentities(api_get_person_name($user['firstname'], $user['lastname']),ENT_QUOTES,$charset).' ('.$user['username'].')</a>';
        }
        $link_to_add_user_in_url = '';
        if ($multiple_url_is_on) {
            if ($user['access_url_id'] != $url_id) {            
                $user_link .= ' '.Display::return_icon('warning.png', get_lang('UserNotAddedInURL'), array(), 22);
                $add = Display::return_icon('add.png', get_lang('AddUsersToURL'), array(), 22);
                $link_to_add_user_in_url = '<a href="resume_session.php?action=add_user_to_url&id_session='.$id_session.'&user_id='.$user['user_id'].'">'.$add.'</a>';
            }                
        }
 		echo '<tr>
                <td width="90%">
                    <b>'.$user_link.'</b>
@ -309,6 +351,7 @@ if($session['nbr_users']==0){
                    <a href="../mySpace/myStudents.php?student='.$user['user_id'].''.$orig_param.'">'.Display::return_icon('statistics.gif', get_lang('Reporting')).'</a>&nbsp;
                    <a href="session_course_user.php?id_user='.$user['user_id'].'&id_session='.$id_session.'">'.Display::return_icon('course.gif', get_lang('BlockCoursesForThisUser')).'</a>&nbsp;
                    <a href="'.api_get_self().'?id_session='.$id_session.'&action=delete&user='.$user['user_id'].'" onclick="javascript:if(!confirm(\''.get_lang('ConfirmYourChoice').'\')) return false;">'.Display::return_icon('delete.png', get_lang('Delete')).'</a>
                    '.$link_to_add_user_in_url.'
                </td>
                </tr>';
 	}