Checking if user is added in the URL via a session see BT#3685

skala
Julio Montoya 13 years ago
parent 897d79f15c
commit 8501f0e593
  1. 122
      main/admin/access_url_check_user_session.php
  2. 85
      main/admin/resume_session.php

@ -0,0 +1,122 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @author Bart Mollet, Julio Montoya lot of fixes
* @package chamilo.admin
*/
/* INIT SECTION */
// name of the language file that needs to be included
$language_file = 'admin';
$cidReset = true;
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php';
// setting the section (for the tabs)
$this_section = SECTION_PLATFORM_ADMIN;
api_protect_admin_script(true);
$tool_name = get_lang('SessionOverview');
$interbreadcrumb[]=array('url' => 'index.php','name' => get_lang('PlatformAdmin'));
$interbreadcrumb[]=array('url' => 'session_list.php','name' => get_lang('SessionList'));
// Database Table Definitions
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
$table_access_url_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$action = $_GET['action'];
switch($action) {
case 'add_user_to_url':
$user_id = $_REQUEST['user_id'];
$result = UrlManager::add_user_to_url($user_id);
$user_info = api_get_user_info($user_id);
if ($result) {
$message = Display::return_message(get_lang('UserAdded').' '.api_get_person_name($user_info['firstname'], $user_info['lastname']), 'confirm');
}
break;
}
Display::display_header($tool_name);
if (!empty($message)) {
echo $message;
}
$multiple_url_is_on = api_get_multiple_access_url();
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
$session_list = SessionManager::get_sessions_list();
$url_id = api_get_current_access_url_id();
$html = '';
$show_users_with_problems = isset($_REQUEST['show_users_with_problems']) && $_REQUEST['show_users_with_problems'] == 1 ? true : false;
if ($show_users_with_problems) {
$html .= '<a href="'.api_get_self().'?show_users_with_problems=0">'.get_lang('ShowAllUsers').'</a>';
} else {
$html .= '<a href="'.api_get_self().'?show_users_with_problems=1">'.get_lang('ShowUsersNotAddedInTheURL').'</a>';
}
foreach($session_list as $session_item) {
$session_id = $session_item['id'];
$html .= '<h3>'.$session_item['name'].'</h3>';
$access_where = "(access_url_id = $url_id OR access_url_id is null )";
if ($show_users_with_problems) {
$access_where = "(access_url_id is null)";
}
$sql = "SELECT u.user_id, lastname, firstname, username, access_url_id
FROM $tbl_user u
INNER JOIN $tbl_session_rel_user su
ON u.user_id = su.id_user AND su.relation_type<>".SESSION_RELATION_TYPE_RRHH."
LEFT OUTER JOIN $table_access_url_user uu ON (uu.user_id = u.user_id)
WHERE su.id_session = $session_id AND $access_where
$order_clause";
$result = Database::query($sql);
$users = Database::store_result($result);
if (!empty($users)) {
$html .= '<table class="data_table"><tr><th>'.get_lang('User').'<th>'.get_lang('Actions').'</th></tr>';
foreach ($users as $user) {
$user_link = '';
if (!empty($user['user_id'])) {
$user_link = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.intval($user['user_id']).'">'.api_htmlentities(api_get_person_name($user['firstname'], $user['lastname']),ENT_QUOTES,$charset).' ('.$user['username'].')</a>';
}
$link_to_add_user_in_url = '';
if ($multiple_url_is_on) {
if ($user['access_url_id'] != $url_id) {
$user_link .= ' '.Display::return_icon('warning.png', get_lang('UserNotAddedInURL'), array(), 22);
$add = Display::return_icon('add.png', get_lang('AddUsersToURL'), array(), 22);
$link_to_add_user_in_url = '<a href="'.api_get_self().'?'.Security::remove_XSS($_SERVER['QUERY_STRING']).'&action=add_user_to_url&id_session='.$id_session.'&user_id='.$user['user_id'].'">'.$add.'</a>';
}
}
$html .= '<tr>
<td>
<b>'.$user_link.'</b>
</td>
<td>
'.$link_to_add_user_in_url.'
</td>
</tr>';
}
$html .= '</table>';
} else {
//$html .= get_lang('');
}
}
echo $html;
// footer
Display :: display_footer();

@ -31,10 +31,12 @@ $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
$tbl_session_rel_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$tbl_class = Database::get_main_table(TABLE_MAIN_CLASS);
$tbl_class_rel_user = Database::get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
$table_access_url_session = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$table_access_url_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$id_session = (int)$_GET['id_session'];
$sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start,"%d-%m-%Y") as date_start, DATE_FORMAT(date_end,"%d-%m-%Y") as date_end, lastname, firstname, username, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id, visibility
@ -59,7 +61,18 @@ if (Database::num_rows($rs)>0) {
$session_category = $rows_session_category['name'];
}
if($_GET['action'] == 'delete') {
$action = $_GET['action'];
switch($action) {
case 'add_user_to_url':
$user_id = $_REQUEST['user_id'];
$result = UrlManager::add_user_to_url($user_id);
$user_info = api_get_user_info($user_id);
if ($result) {
$message = Display::return_message(get_lang('UserAdded').' '.api_get_person_name($user_info['firstname'], $user_info['lastname']), 'confirm');
}
break;
case 'delete':
$idChecked = $_GET['idChecked'];
if(is_array($idChecked)) {
$my_temp = array();
@ -94,6 +107,7 @@ if($_GET['action'] == 'delete') {
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session'");
}
break;
}
Display::display_header($tool_name);
@ -101,14 +115,20 @@ if (!empty($_GET['warn'])) {
Display::display_warning_message(urldecode($_GET['warn']));
}
if (!empty($message)) {
echo $message;
}
echo Display::tag('h1', Display::return_icon('session.png', get_lang('Session')).' '.$session['name']);
//echo Display::tag('h3', $tool_name);
?>
<!-- General properties -->
<table class="data_table" width="100%">
<tr>
<th colspan="2"><?php echo get_lang('GeneralProperties'); ?>
<a href="session_edit.php?page=resume_session.php&id=<?php echo $id_session; ?>"><?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a>
<th colspan="2">
<?php echo get_lang('GeneralProperties'); ?>
<a href="session_edit.php?page=resume_session.php&id=<?php echo $id_session; ?>">
<?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?>
</a>
</th>
</tr>
<tr>
@ -173,7 +193,9 @@ echo Display::tag('h1', Display::return_icon('session.png', get_lang('Session'))
<?php
if (api_get_multiple_access_url()) {
$multiple_url_is_on = api_get_multiple_access_url();
if ($multiple_url_is_on) {
echo '<tr><td>';
echo 'URL';
echo '</td>';
@ -191,21 +213,19 @@ if (api_get_multiple_access_url()) {
<table class="data_table" width="100%">
<tr>
<th colspan="4"><?php echo get_lang('CourseList'); ?>
<a href="add_courses_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>"><?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a></th>
<a href="add_courses_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>">
<?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a>
</th>
</tr>
<tr>
<tr>
<th width="35%"><?php echo get_lang('CourseTitle'); ?></th>
<th width="30%"><?php echo get_lang('CourseCoach'); ?></th>
<th width="20%"><?php echo get_lang('UsersNumber'); ?></th>
<th width="15%"><?php echo get_lang('Actions'); ?></th>
</tr>
</tr>
<?php
if ($session['nbr_courses'] == 0){
echo '
<tr>
echo '<tr>
<td colspan="4">'.get_lang('NoCoursesForThisSession').'</td>
</tr>';
} else {
@ -215,7 +235,6 @@ if ($session['nbr_courses']==0){
WHERE course_code = code
AND id_session='$id_session'
ORDER BY title";
$result=Database::query($sql);
$courses=Database::store_result($result);
foreach($courses as $course) {
@ -274,24 +293,37 @@ if ($session['nbr_courses']==0){
<table class="data_table" width="100%">
<tr>
<th colspan="4"><?php echo get_lang('UserList'); ?>
<a href="add_users_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>"><?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?></a></th>
<a href="add_users_to_session.php?page=resume_session.php&id_session=<?php echo $id_session; ?>">
<?php Display::display_icon('edit.png', get_lang('Edit'), array(), 22); ?>
</a></th>
</th>
</tr>
</tr>
<?php
if ($session['nbr_users']==0) {
echo '
<tr>
echo '<tr>
<td colspan="2">'.get_lang('NoUsersForThisSession').'</td>
</tr>';
} else {
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
$sql = 'SELECT '.$tbl_user.'.user_id, lastname, firstname, username '.
' FROM '.$tbl_user.
' INNER JOIN '.$tbl_session_rel_user.
' ON '.$tbl_user.'.user_id = '.$tbl_session_rel_user.'.id_user AND '.$tbl_session_rel_user.'.relation_type<>'.SESSION_RELATION_TYPE_RRHH.
' AND '.$tbl_session_rel_user.'.id_session = '.$id_session.$order_clause;
if ($multiple_url_is_on) {
$url_id = api_get_current_access_url_id();
$sql = "SELECT u.user_id, lastname, firstname, username, access_url_id
FROM $tbl_user u
INNER JOIN $tbl_session_rel_user su
ON u.user_id = su.id_user AND su.relation_type<>".SESSION_RELATION_TYPE_RRHH."
LEFT OUTER JOIN $table_access_url_user uu ON (uu.user_id = u.user_id)
WHERE su.id_session = $id_session AND (access_url_id = $url_id OR access_url_id is null )
$order_clause";
} else {
$sql = "SELECT u.user_id, lastname, firstname, username
FROM $tbl_user u
INNER JOIN $tbl_session_rel_user su
ON u.user_id = su.id_user AND su.relation_type<>".SESSION_RELATION_TYPE_RRHH."
AND su.id_session = ".$id_session.$order_clause;
}
$result = Database::query($sql);
$users = Database::store_result($result);
@ -301,6 +333,16 @@ if($session['nbr_users']==0){
if (!empty($user['user_id'])) {
$user_link = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.intval($user['user_id']).'">'.api_htmlentities(api_get_person_name($user['firstname'], $user['lastname']),ENT_QUOTES,$charset).' ('.$user['username'].')</a>';
}
$link_to_add_user_in_url = '';
if ($multiple_url_is_on) {
if ($user['access_url_id'] != $url_id) {
$user_link .= ' '.Display::return_icon('warning.png', get_lang('UserNotAddedInURL'), array(), 22);
$add = Display::return_icon('add.png', get_lang('AddUsersToURL'), array(), 22);
$link_to_add_user_in_url = '<a href="resume_session.php?action=add_user_to_url&id_session='.$id_session.'&user_id='.$user['user_id'].'">'.$add.'</a>';
}
}
echo '<tr>
<td width="90%">
<b>'.$user_link.'</b>
@ -309,6 +351,7 @@ if($session['nbr_users']==0){
<a href="../mySpace/myStudents.php?student='.$user['user_id'].''.$orig_param.'">'.Display::return_icon('statistics.gif', get_lang('Reporting')).'</a>&nbsp;
<a href="session_course_user.php?id_user='.$user['user_id'].'&id_session='.$id_session.'">'.Display::return_icon('course.gif', get_lang('BlockCoursesForThisUser')).'</a>&nbsp;
<a href="'.api_get_self().'?id_session='.$id_session.'&action=delete&user='.$user['user_id'].'" onclick="javascript:if(!confirm(\''.get_lang('ConfirmYourChoice').'\')) return false;">'.Display::return_icon('delete.png', get_lang('Delete')).'</a>
'.$link_to_add_user_in_url.'
</td>
</tr>';
}

Loading…
Cancel
Save