@ -12,8 +12,9 @@ use ChamiloSession as Session;
$cidReset = true;
require_once __DIR__.'/../inc/global.inc.php';
$current_access_url_id = api_get_current_access_url_id( );
api_protect_admin_script(true );
$current_access_url_id = api_get_current_access_url_id();
$action = isset($_REQUEST["action"]) ? $_REQUEST["action"] : null;
// Blocks the possibility to delete a user
@ -24,8 +25,6 @@ if (api_get_configuration_value('deny_delete_users')) {
$url = api_get_path(WEB_AJAX_PATH).'course.ajax.php?a=get_user_courses';
$urlSession = api_get_path(WEB_AJAX_PATH).'session.ajax.php?a=get_user_sessions';
$extraField = new ExtraField('user');
$variables = $extraField->get_all_extra_field_by_type(ExtraField::FIELD_TYPE_TAG);
$variablesSelect = $extraField->get_all_extra_field_by_type(ExtraField::FIELD_TYPE_SELECT);
@ -44,81 +43,81 @@ Session::write('variables_to_show', $variablesToShow);
$htmlHeadXtra[] = '< script >
function load_course_list (div_course,my_user_id) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(objeto) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(objeto) {
$("div#"+div_course).html("< img src = \'../inc/lib/javascript/indicator.gif\' / > "); },
type: "POST",
url: "'.$url.'",
data: "user_id="+my_user_id,
success: function(datos) {
$("div#"+div_course).html(datos);
$("div#div_"+my_user_id).attr("class","blackboard_show");
$("div#div_"+my_user_id).attr("style","");
}
});
type: "POST",
url: "'.$url.'",
data: "user_id="+my_user_id,
success: function(datos) {
$("div#"+div_course).html(datos);
$("div#div_"+my_user_id).attr("class","blackboard_show");
$("div#div_"+my_user_id).attr("style","");
}
});
}
function load_session_list(div_session, my_user_id) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(objeto) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(objeto) {
$("div#"+div_session).html("< img src = \'../inc/lib/javascript/indicator.gif\' / > "); },
type: "POST",
url: "'.$urlSession.'",
data: "user_id="+my_user_id,
success: function(datos) {
$("div#"+div_session).html(datos);
$("div#div_s_"+my_user_id).attr("class","blackboard_show");
$("div#div_s_"+my_user_id).attr("style","");
}
});
type: "POST",
url: "'.$urlSession.'",
data: "user_id="+my_user_id,
success: function(datos) {
$("div#"+div_session).html(datos);
$("div#div_s_"+my_user_id).attr("class","blackboard_show");
$("div#div_s_"+my_user_id).attr("style","");
}
});
}
function active_user(element_div) {
id_image=$(element_div).attr("id");
image_clicked=$(element_div).attr("src");
image_clicked_info = image_clicked.split("/");
image_real_clicked = image_clicked_info[image_clicked_info.length-1];
var status = 1;
if (image_real_clicked == "accept.png") {
status = 0;
}
user_id=id_image.split("_");
ident="#img_"+user_id[1];
if (confirm("'.get_lang('AreYouSureToEditTheUserStatus', '').'")) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(objeto) {
$(ident).attr("src","'.Display::returnIconPath('loading1.gif').'"); }, //candy eye stuff
type: "GET",
url: "'.api_get_path(WEB_AJAX_PATH).'user_manager.ajax.php?a=active_user",
data: "user_id="+user_id[1]+"& status="+status,
success: function(data) {
if (data == 1) {
$(ident).attr("src", "'.Display::returnIconPath('accept.png').'");
$(ident).attr("title","'.get_lang('Lock').'");
}
id_image=$(element_div).attr("id");
image_clicked=$(element_div).attr("src");
image_clicked_info = image_clicked.split("/");
image_real_clicked = image_clicked_info[image_clicked_info.length-1];
var status = 1;
if (image_real_clicked == "accept.png") {
status = 0;
}
user_id=id_image.split("_");
ident="#img_"+user_id[1];
if (confirm("'.get_lang('AreYouSureToEditTheUserStatus', '').'")) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(objeto) {
$(ident).attr("src","'.Display::returnIconPath('loading1.gif').'"); }, //candy eye stuff
type: "GET",
url: "'.api_get_path(WEB_AJAX_PATH).'user_manager.ajax.php?a=active_user",
data: "user_id="+user_id[1]+"& status="+status,
success: function(data) {
if (data == 1) {
$(ident).attr("src", "'.Display::returnIconPath('accept.png').'");
$(ident).attr("title","'.get_lang('Lock').'");
}
if (data == 0) {
$(ident).attr("src","'.Display::returnIconPath('error.png').'");
$(ident).attr("title","'.get_lang('Unlock').'");
}
$(ident).attr("src","'.Display::returnIconPath('error.png').'");
$(ident).attr("title","'.get_lang('Unlock').'");
}
if (data == -1) {
$(ident).attr("src", "'.Display::returnIconPath('warning.png').'");
$(ident).attr("title","'.get_lang('ActionNotAllowed').'");
$(ident).attr("title","'.get_lang('ActionNotAllowed').'");
}
}
});
}
}
});
}
}
function clear_course_list(div_course) {
$("div#"+div_course).html(" ");
$("div#"+div_course).hide("");
$("div#"+div_course).html(" ");
$("div#"+div_course).hide("");
}
function clear_session_list(div_session) {
$("div#"+div_session).html(" ");
$("div#"+div_session).hide("");
$("div#"+div_session).html(" ");
$("div#"+div_session).hide("");
}
function display_advanced_search_form () {
@ -146,8 +145,8 @@ $(document).ready(function() {
//Load user calendar
function load_calendar(user_id, month, year) {
var url = "'.api_get_path(WEB_AJAX_PATH).'agenda.ajax.php?a=get_user_agenda& user_id=" +user_id + "&month="+month+"&year="+year;
$(".modal-body").load(url);
var url = "'.api_get_path(WEB_AJAX_PATH).'agenda.ajax.php?a=get_user_agenda& user_id=" +user_id + "&month="+month+"&year="+year;
$(".modal-body").load(url);
}
< / script > ';
@ -192,8 +191,6 @@ if ($action == 'login_as') {
Security::clear_token();
}
api_protect_admin_script(true);
/**
* Prepares the shared SQL query for the user table.
* See get_user_data() and get_number_of_users().
@ -232,7 +229,8 @@ function prepare_user_sql_query($is_count)
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) & & api_get_multiple_access_url()) {
$access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql .= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.id=url_rel_user.user_id)";
$sql .= " INNER JOIN $access_url_rel_user_table url_rel_user
ON (u.id=url_rel_user.user_id)";
}
$keywordList = array(
@ -440,9 +438,9 @@ function get_user_data($from, $number_of_items, $column, $direction)
$users = array();
$t = time();
while ($user = Database::fetch_row($res)) {
$userPicture = UserManager::getUserPicture($user[0], USER_IMAGE_SIZE_SMALL);
$photo = '< img src = "'.$userPicture.'" width = "22" height = "22" alt = "'.api_get_person_name($user[2], $user[3]).'" title = "'.api_get_person_name($user[2], $user[3]).'" / > ';
while ($user = Database::fetch_row($res)) {
$userPicture = UserManager::getUserPicture($user[0], USER_IMAGE_SIZE_SMALL);
$photo = '< img src = "'.$userPicture.'" width = "22" height = "22" alt = "'.api_get_person_name($user[2], $user[3]).'" title = "'.api_get_person_name($user[2], $user[3]).'" / > ';
if ($user[7] == 1 & & !empty($user[10])) {
// check expiration date
@ -479,7 +477,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
*/
function email_filter($email)
{
return Display :: encrypted_mailto_link($email, $email);
return Display :: encrypted_mailto_link($email, $email);
}
/**
@ -489,7 +487,7 @@ function email_filter($email)
*/
function user_filter($name, $params, $row)
{
return '< a href = "'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$row[0].'" > '.$name.'< / a > ';
return '< a href = "'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$row[0].'" > '.$name.'< / a > ';
}
/**
@ -507,34 +505,34 @@ function modify_filter($user_id, $url_params, $row)
$user_is_anonymous = false;
$current_user_status_label = $row['7'];
if ($current_user_status_label == $statusname[ANONYMOUS]) {
$user_is_anonymous = true;
}
$result = '';
if (!$user_is_anonymous) {
if ($current_user_status_label == $statusname[ANONYMOUS]) {
$user_is_anonymous = true;
}
$result = '';
if (!$user_is_anonymous) {
$icon = Display::return_icon(
'course.png',
get_lang('Courses'),
array('onmouseout' => 'clear_course_list (\'div_'.$user_id.'\')')
);
$result .= '< a href = "javascript:void(0)" onclick = "load_course_list(\'div_'.$user_id.'\','.$user_id.')" >
'.$icon.'
< div class = "blackboard_hide" id = "div_'.$user_id.'" > < / div >
< / a > ';
$result .= '< a href = "javascript:void(0)" onclick = "load_course_list(\'div_'.$user_id.'\','.$user_id.')" >
'.$icon.'
< div class = "blackboard_hide" id = "div_'.$user_id.'" > < / div >
< / a > ';
$icon = Display::return_icon(
'session.png',
get_lang('Sessions'),
array('onmouseout' => 'clear_session_list (\'div_s_'.$user_id.'\')')
);
$result .= '< a href = "javascript:void(0)" onclick = "load_session_list(\'div_s_'.$user_id.'\','.$user_id.')" >
'.$icon.'
< div class = "blackboard_hide" id = "div_s_'.$user_id.'" > < / div >
< / a > ';
} else {
$result .= Display::return_icon('course_na.png', get_lang('Courses')).' ';
$result .= Display::return_icon('course_na.png', get_lang('Sessions')).' ';
}
$result .= '< a href = "javascript:void(0)" onclick = "load_session_list(\'div_s_'.$user_id.'\','.$user_id.')" >
'.$icon.'
< div class = "blackboard_hide" id = "div_s_'.$user_id.'" > < / div >
< / a > ';
} else {
$result .= Display::return_icon('course_na.png', get_lang('Courses')).' ';
$result .= Display::return_icon('course_na.png', get_lang('Sessions')).' ';
}
if (api_is_platform_admin()) {
if (!$user_is_anonymous) {
@ -548,7 +546,8 @@ function modify_filter($user_id, $url_params, $row)
if (api_is_platform_admin() || (api_is_session_admin() & & $current_user_status_label == $statusname[STUDENT])) {
if (!$user_is_anonymous) {
if (api_global_admin_can_edit_admin($user_id)) {
$result .= '< a href = "user_list.php?action=login_as&user_id='.$user_id.'&sec_token='.$_SESSION['sec_token'].'" > '.Display::return_icon('login_as.png', get_lang('LoginAs')).'< / a > ';
$result .= '< a href = "user_list.php?action=login_as&user_id='.$user_id.'&sec_token='.Security::getTokenFromSession().'" > '.
Display::return_icon('login_as.png', get_lang('LoginAs')).'< / a > ';
} else {
$result .= Display::return_icon('login_as_na.png', get_lang('LoginAs')).' ';
}
@ -583,26 +582,25 @@ function modify_filter($user_id, $url_params, $row)
);
}
if ($is_admin) {
if ($is_admin) {
$result .= Display::return_icon(
'admin_star.png',
get_lang('IsAdministrator'),
array('width' => ICON_SIZE_SMALL, 'heigth' => ICON_SIZE_SMALL)
);
} else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
}
} else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
}
// actions for assigning sessions, courses or users
if (!api_is_session_admin()) {
// actions for assigning sessions, courses or users
if (!api_is_session_admin()) {
if ($current_user_status_label == $statusname[SESSIONADMIN]) {
$result .= Display::url(
Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')),
"dashboard_add_sessions_to_user.php?user={$user_id}"
);
} else {
if (
$current_user_status_label == $statusname[DRH] ||
if ($current_user_status_label == $statusname[DRH] ||
UserManager::is_admin($user_id) ||
$current_user_status_label == $statusname[STUDENT_BOSS]
) {
@ -624,11 +622,17 @@ function modify_filter($user_id, $url_params, $row)
);
}
}
}
}
if (api_is_platform_admin()) {
$result .= ' < a data-title = "'.get_lang('FreeBusyCalendar').'" href = "'.api_get_path(WEB_AJAX_PATH).'agenda.ajax.php?a=get_user_agenda&user_id='.$user_id.'&modal_size=lg" class = "agenda_opener ajax" > '.
Display::return_icon('calendar.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL).'< / a > ';
Display::return_icon(
'calendar.png',
get_lang('FreeBusyCalendar'),
array(),
ICON_SIZE_SMALL
).
'< / a > ';
$deleteAllowed = !api_get_configuration_value('deny_delete_users');
if ($deleteAllowed) {
if ($user_id != api_get_user_id() & &
@ -636,14 +640,19 @@ function modify_filter($user_id, $url_params, $row)
api_global_admin_can_edit_admin($user_id)
) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result .= ' < a href = "user_list.php?action=delete_user&user_id='.$user_id.'&'.$url_params.'&sec_token='.$_SESSION['sec_token'] .'" onclick = "javascript:if(!confirm('." ' " . addslashes ( api_htmlentities ( get_lang ( " ConfirmYourChoice " ) ) ) . " ' " . ' ) ) return false ; " > '.Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'< / a > ';
$result .= ' < a href = "user_list.php?action=delete_user&user_id='.$user_id.'&'.$url_params.'&sec_token='.Security::getTokenFromSession() .'" onclick = "javascript:if(!confirm('." ' " . addslashes ( api_htmlentities ( get_lang ( " ConfirmYourChoice " ) ) ) . " ' " . ' ) ) return false ; " > '.Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'< / a > ';
} else {
$result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL);
$result .= Display::return_icon(
'delete_na.png',
get_lang('Delete'),
array(),
ICON_SIZE_SMALL
);
}
}
}
return $result;
return $result;
}
/**
@ -675,16 +684,16 @@ function active_filter($active, $params, $row)
if ($action === 'edit') {
$result = Display::return_icon($image.'.png', get_lang('AccountExpired'), array(), 16);
} elseif ($row['0'] < > $_user['user_id']) {
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
// you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
$result = Display::return_icon(
$image.'.png',
get_lang(ucfirst($action)),
array('onclick' => 'active_user(this);', 'id' => 'img_'.$row['0']),
16
);
}
}
return $result;
return $result;
}
/**
@ -696,9 +705,10 @@ function active_filter($active, $params, $row)
* @version march 2008
* @author Patrick Cool < patrick.cool @ UGent . be > , Ghent University, Belgium
*/
function status_filter($status) {
$statusname = api_get_status_langvars();
return $statusname[$status];
function status_filter($status)
{
$statusname = api_get_status_langvars();
return $statusname[$status];
}
if (isset($_GET['keyword']) || isset($_GET['keyword_firstname'])) {
@ -714,8 +724,8 @@ $message = '';
if (!empty($action)) {
$check = Security::check_token('get');
if ($check) {
switch ($action) {
if ($check) {
switch ($action) {
case 'add_user_to_my_url':
$user_id = $_REQUEST["user_id"];
$result = UrlManager::add_user_to_url($user_id, $current_access_url_id);
@ -725,52 +735,52 @@ if (!empty($action)) {
$message = Display::return_message($message, 'confirmation');
}
break;
case 'delete_user':
if (api_is_platform_admin()) {
case 'delete_user':
if (api_is_platform_admin()) {
$user_to_delete = $_GET['user_id'];
$userToDeleteInfo = api_get_user_info($user_to_delete);
$current_user_id = api_get_user_id();
if ($userToDeleteInfo & & $deleteUserAvailable & & api_global_admin_can_edit_admin($_GET['user_id'])) {
if ($user_to_delete != $current_user_id & & UserManager :: delete_user($_GET['user_id'])) {
$message = Display :: return_message(
get_lang('UserDeleted').': '.$userToDeleteInfo['complete_name_with_username'],
if ($userToDeleteInfo & & $deleteUserAvailable & & api_global_admin_can_edit_admin($_GET['user_id'])) {
if ($user_to_delete != $current_user_id & & UserManager :: delete_user($_GET['user_id'])) {
$message = Display :: return_message(
get_lang('UserDeleted').': '.$userToDeleteInfo['complete_name_with_username'],
'confirmation'
);
} else {
$message = Display :: return_message(get_lang('CannotDeleteUserBecauseOwnsCourse'), 'error');
}
} else {
$message = Display :: return_message(get_lang('CannotDeleteUser'), 'error');
}
Display::addFlash($message);
header('Location: '.api_get_self());
} else {
$message = Display :: return_message(get_lang('CannotDeleteUserBecauseOwnsCourse'), 'error');
}
} else {
$message = Display :: return_message(get_lang('CannotDeleteUser'), 'error');
}
Display::addFlash($message);
header('Location: '.api_get_self());
exit;
}
break;
}
break;
case 'delete':
if (api_is_platform_admin()) {
$number_of_selected_users = count($_POST['id']);
$number_of_deleted_users = 0;
if (is_array($_POST['id'])) {
foreach ($_POST['id'] as $index => $user_id) {
if ($user_id != $_user['user_id']) {
if (UserManager::delete_user($user_id)) {
$number_of_deleted_users++;
}
}
}
}
if ($number_of_selected_users == $number_of_deleted_users) {
if (api_is_platform_admin()) {
$number_of_selected_users = count($_POST['id']);
$number_of_deleted_users = 0;
if (is_array($_POST['id'])) {
foreach ($_POST['id'] as $index => $user_id) {
if ($user_id != $_user['user_id']) {
if (UserManager::delete_user($user_id)) {
$number_of_deleted_users++;
}
}
}
}
if ($number_of_selected_users == $number_of_deleted_users) {
$message = Display :: return_message(get_lang('SelectedUsersDeleted'), 'confirmation');
} else {
} else {
$message = Display :: return_message(get_lang('SomeUsersNotDeleted'), 'error');
}
}
break;
}
Security::clear_token();
}
}
}
break;
}
Security::clear_token();
}
}
// Create a search-box
@ -795,7 +805,7 @@ $actionsLeft = '';
$actionsCenter = '';
$actionsRight = '';
if (api_is_platform_admin()) {
$actionsRight .= '< a class = "pull-right" href = "'.api_get_path(WEB_CODE_PATH).'admin/user_add.php" > '.
$actionsRight .= '< a class = "pull-right" href = "'.api_get_path(WEB_CODE_PATH).'admin/user_add.php" > '.
Display::return_icon('new_user.png', get_lang('AddUsers'), '', ICON_SIZE_MEDIUM).'< / a > ';
}
@ -803,8 +813,8 @@ $actionsLeft .= $form->returnForm();
$actionsCenter .= $searchAdvanced;
if (isset($_GET['keyword'])) {
$parameters = array('keyword' => Security::remove_XSS($_GET['keyword']));
} elseif (isset ($_GET['keyword_firstname'])) {
$parameters = array('keyword' => Security::remove_XSS($_GET['keyword']));
} elseif (isset($_GET['keyword_firstname'])) {
$parameters['keyword_firstname'] = Security::remove_XSS($_GET['keyword_firstname']);
$parameters['keyword_lastname'] = Security::remove_XSS($_GET['keyword_lastname']);
$parameters['keyword_username'] = Security::remove_XSS($_GET['keyword_username']);
@ -820,7 +830,14 @@ $parameters['sec_token'] = Security::get_token();
$_admins_list = array_keys(UserManager::get_all_administrators());
Session::write('admin_list', $_admins_list);
// Display Advanced search form.
$form = new FormValidator('advanced_search', 'get', '', '', array(), FormValidator::LAYOUT_HORIZONTAL);
$form = new FormValidator(
'advanced_search',
'get',
'',
'',
array(),
FormValidator::LAYOUT_HORIZONTAL
);
$form->addElement('html', '< div id = "advanced_search_form" style = "display:none;" > ');
$form->addElement('header', get_lang('AdvancedSearch'));
@ -877,11 +894,11 @@ $table->set_header(1, get_lang('Photo'), false);
$table->set_header(2, get_lang('OfficialCode'));
if (api_is_western_name_order()) {
$table->set_header(3, get_lang('FirstName'));
$table->set_header(4, get_lang('LastName'));
$table->set_header(3, get_lang('FirstName'));
$table->set_header(4, get_lang('LastName'));
} else {
$table->set_header(3, get_lang('LastName'));
$table->set_header(4, get_lang('FirstName'));
$table->set_header(3, get_lang('LastName'));
$table->set_header(4, get_lang('FirstName'));
}
$table->set_header(5, get_lang('LoginName'));
$table->set_header(6, get_lang('Email'));
@ -914,7 +931,6 @@ if ($table->get_total_number_of_items() == 0) {
$conditions = array('username' => $keyword);
$user_list = UserManager::get_user_list($conditions, array(), false, ' OR ');
if (!empty($user_list)) {
$extra_search_options = Display::page_subheader(get_lang('UsersFoundInOtherPortals'));
$table = new HTML_Table(array('class' => 'data_table'));
@ -944,7 +960,7 @@ if ($table->get_total_number_of_items() == 0) {
$row_table = array();
$row_table[] = api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].') ';
$row_table[] = $access_info_to_string;
$url = api_get_self().'?action=add_user_to_my_url&user_id='.$user['id'].'&sec_token='.$_SESSION['sec_token'] ;
$url = api_get_self().'?action=add_user_to_my_url&user_id='.$user['id'].'&sec_token='.Security::getTokenFromSession() ;
$row_table[] = Display::url(get_lang('AddUserToMyURL'), $url, array('class' => 'btn'));
foreach ($row_table as $cell) {
jmontoyaa
8 years ago