From 95ff741cde13fabf5bf2f35c24bbe8613a0c45a3 Mon Sep 17 00:00:00 2001
From: Arthur Portugal <yukiportu@msn.com>
Date: Wed, 20 Jan 2010 16:30:07 -0500
Subject: [PATCH] Added a validation for the array users CT#191

---
 main/webservices/user_import/import.lib.php | 158 ++++++++++----------
 1 file changed, 81 insertions(+), 77 deletions(-)

diff --git a/main/webservices/user_import/import.lib.php b/main/webservices/user_import/import.lib.php
index d63d4bb705..d7f8b2cafc 100755
--- a/main/webservices/user_import/import.lib.php
+++ b/main/webservices/user_import/import.lib.php
@@ -6,54 +6,56 @@ function validate_data($users) {
 	global $defined_auth_sources;
 	$errors = array ();
 	$usernames = array ();
-	foreach ($users as $index => $user) {
-		// 1. Check whether mandatory fields have been set.
-		$mandatory_fields = array ('LastName', 'FirstName');
-		if (api_get_setting('registration', 'email') == 'true') {
-			$mandatory_fields[] = 'Email';
-		}
-		foreach ($mandatory_fields as $key => $field) {
-			if (!isset ($user[$field]) || strlen($user[$field]) == 0) {
-				$user['error'] = get_lang($field.'Mandatory');
-				$errors[] = $user;
+	if(is_array($users)) {
+		foreach ($users as $index => $user) {
+			// 1. Check whether mandatory fields have been set.
+			$mandatory_fields = array ('LastName', 'FirstName');
+			if (api_get_setting('registration', 'email') == 'true') {
+				$mandatory_fields[] = 'Email';
 			}
-		}
-		// 2. Check username.
-		if (!UserManager::is_username_empty($username)) {
-			// 2.1. Check whether username was used twice in the import file.
-			if (isset($usernames[$user['UserName']])) {
-				$user['error'] = get_lang('UserNameUsedTwice');
-				$errors[] = $user;
+			foreach ($mandatory_fields as $key => $field) {
+				if (!isset ($user[$field]) || strlen($user[$field]) == 0) {
+					$user['error'] = get_lang($field.'Mandatory');
+					$errors[] = $user;
+				}
 			}
-			$usernames[$user['UserName']] = 1;
-			// 2.2. Check whether username is allready in use in database.
-			if (!UserManager::is_username_available($user['UserName'])) {
-				$user['error'] = get_lang('UserNameNotAvailable');
-				$errors[] = $user;
+			// 2. Check username.
+			if (!UserManager::is_username_empty($username)) {
+				// 2.1. Check whether username was used twice in the import file.
+				if (isset($usernames[$user['UserName']])) {
+					$user['error'] = get_lang('UserNameUsedTwice');
+					$errors[] = $user;
+				}
+				$usernames[$user['UserName']] = 1;
+				// 2.2. Check whether username is allready in use in database.
+				if (!UserManager::is_username_available($user['UserName'])) {
+					$user['error'] = get_lang('UserNameNotAvailable');
+					$errors[] = $user;
+				}
+				// 2.3. Check whether username is too long.
+				if (UserManager::is_username_too_long($user['UserName'])) {
+					$user['error'] = get_lang('UserNameTooLong');
+					$errors[] = $user;
+				}
 			}
-			// 2.3. Check whether username is too long.
-			if (UserManager::is_username_too_long($user['UserName'])) {
-				$user['error'] = get_lang('UserNameTooLong');
+			// 3. Check status.
+			if (isset ($user['Status']) && !api_status_exists($user['Status'])) {
+				$user['error'] = get_lang('WrongStatus');
 				$errors[] = $user;
 			}
-		}
-		// 3. Check status.
-		if (isset ($user['Status']) && !api_status_exists($user['Status'])) {
-			$user['error'] = get_lang('WrongStatus');
-			$errors[] = $user;
-		}
-		// 4. Check classname.
-		if (isset ($user['ClassName']) && strlen($user['ClassName']) != 0) {
-			if (!ClassManager :: class_name_exists($user['ClassName'])) {
-				$user['error'] = get_lang('ClassNameNotAvailable');
-				$errors[] = $user;
+			// 4. Check classname.
+			if (isset ($user['ClassName']) && strlen($user['ClassName']) != 0) {
+				if (!ClassManager :: class_name_exists($user['ClassName'])) {
+					$user['error'] = get_lang('ClassNameNotAvailable');
+					$errors[] = $user;
+				}
 			}
-		}
-		// 5. Check authentication source.
-		if (isset ($user['AuthSource']) && strlen($user['AuthSource']) != 0) {
-			if (!in_array($user['AuthSource'], $defined_auth_sources)) {
-				$user['error'] = get_lang('AuthSourceNotAvailable');
-				$errors[] = $user;
+			// 5. Check authentication source.
+			if (isset ($user['AuthSource']) && strlen($user['AuthSource']) != 0) {
+				if (!in_array($user['AuthSource'], $defined_auth_sources)) {
+					$user['error'] = get_lang('AuthSourceNotAvailable');
+					$errors[] = $user;
+				}
 			}
 		}
 	}
@@ -88,41 +90,43 @@ function complete_missing_data($user) {
  */
 function save_data($users) {
 	$user_table = Database :: get_main_table(TABLE_MAIN_USER);
-	foreach ($users as $index => $user) {
-		$user = complete_missing_data($user);
-
-		$user['Status'] = api_status_key($user['Status']);
-
-		$user_id = UserManager :: create_user($user['FirstName'], $user['LastName'], $user['Status'], $user['Email'], $user['UserName'], $user['Password'], $user['OfficialCode'], api_get_setting('PlatformLanguage'), $user['PhoneNumber'], '', $user['AuthSource']);
-		foreach ($user['Courses'] as $index => $course) {
-			if(CourseManager :: course_exists($course))
-				CourseManager :: subscribe_user($user_id, $course,$user['Status']);
-		}
-		if (strlen($user['ClassName']) > 0) {
-			$class_id = ClassManager :: get_class_id($user['ClassName']);
-			ClassManager :: add_user($user_id, $class_id);
-		}
-
-		// TODO: Hard-coded French texts.
-
-		// Qualite
-		if (!empty($user['Qualite'])) {
-			UserManager::update_extra_field_value($user_id, 'qualite', $user['Qualite']);
-		}
-
-		// Categorie
-		if (!empty($user['Categorie'])) {
-			UserManager::update_extra_field_value($user_id, 'categorie', $user['Categorie']);
-		}
-
-		// Etat
-		if (!empty($user['Etat'])) {
-			UserManager::update_extra_field_value($user_id, 'etat', $user['Etat']);
-		}
-
-		// Niveau
-		if (!empty($user['Niveau'])) {
-			UserManager::update_extra_field_value($user_id, 'niveau', $user['Niveau']);
+	if(is_array($users)) {
+		foreach ($users as $index => $user) {
+			$user = complete_missing_data($user);
+	
+			$user['Status'] = api_status_key($user['Status']);
+	
+			$user_id = UserManager :: create_user($user['FirstName'], $user['LastName'], $user['Status'], $user['Email'], $user['UserName'], $user['Password'], $user['OfficialCode'], api_get_setting('PlatformLanguage'), $user['PhoneNumber'], '', $user['AuthSource']);
+			foreach ($user['Courses'] as $index => $course) {
+				if(CourseManager :: course_exists($course))
+					CourseManager :: subscribe_user($user_id, $course,$user['Status']);
+			}
+			if (strlen($user['ClassName']) > 0) {
+				$class_id = ClassManager :: get_class_id($user['ClassName']);
+				ClassManager :: add_user($user_id, $class_id);
+			}
+	
+			// TODO: Hard-coded French texts.
+	
+			// Qualite
+			if (!empty($user['Qualite'])) {
+				UserManager::update_extra_field_value($user_id, 'qualite', $user['Qualite']);
+			}
+	
+			// Categorie
+			if (!empty($user['Categorie'])) {
+				UserManager::update_extra_field_value($user_id, 'categorie', $user['Categorie']);
+			}
+	
+			// Etat
+			if (!empty($user['Etat'])) {
+				UserManager::update_extra_field_value($user_id, 'etat', $user['Etat']);
+			}
+	
+			// Niveau
+			if (!empty($user['Niveau'])) {
+				UserManager::update_extra_field_value($user_id, 'niveau', $user['Niveau']);
+			}
 		}
 	}
 }