From c657323dd14f85333d67644755c82805319771a8 Mon Sep 17 00:00:00 2001
From: Julio Montoya <gugli100@gmail.com>
Date: Wed, 16 Jul 2008 00:13:13 +0200
Subject: [PATCH] [svn r15793] No more column coach in userInfo.php we can now
 edit the teacher option (see FS#2701 )

---
 main/user/user.php        | 66 +++++++++++++++++++---------
 main/user/userInfo.php    | 91 ++++++++++++++++++++++++++-------------
 main/user/userInfoLib.php | 15 ++++---
 3 files changed, 115 insertions(+), 57 deletions(-)
diff --git a/main/user/user.php b/main/user/user.php
index ab48d8f0db..c20ff0decf 100644
--- a/main/user/user.php
+++ b/main/user/user.php
@@ -39,6 +39,7 @@
 *	@todo convert normal table display to display function (refactor virtual course display function)
 *	@todo display table functions need support for align and valign (e.g. to center text in cells) (this is now possible)
 *	@author Roan Embrechts, refactoring + virtual courses support
+*	@author Julio Montoya Armas Several fixes
 *	@package dokeos.user
 ==============================================================================
 */
@@ -381,7 +382,7 @@ $is_allowed_to_track = ($is_courseAdmin || $is_courseTutor) && $_configuration['
 */
 Display::display_introduction_section(TOOL_USER, $is_allowed);
 
- if( api_is_allowed_to_edit())
+if( api_is_allowed_to_edit())
 {
 	echo "<div align=\"right\">";
 	echo '<a href="user.php?'.api_get_cidreq().'&action=export&amp;type=csv">'.Display::return_icon('excel.gif', get_lang('ExportAsCSV')).'&nbsp;'.get_lang('ExportAsCSV').'</a> | ';
@@ -394,6 +395,18 @@ Display::display_introduction_section(TOOL_USER, $is_allowed);
 	}
 	echo "</div>";
 }
+/*
+if (1) // platform setting api_get_setting('subscribe_user_by_coach')
+{
+	if (!api_is_allowed_to_edit() && $is_courseTutor) 
+	{
+		echo "<div align=\"right\">";
+		echo '<a href="subscribe_user.php?'.api_get_cidreq().'">'.Display::return_icon('add_user_big.gif',get_lang("SubscribeUserToCourse")).'&nbsp;'.get_lang("SubscribeUserToCourse").'</a>';
+		echo "</div>";
+	}
+}*/
+
+
 /*
 --------------------------------------
 	DISPLAY USERS LIST
@@ -432,23 +445,25 @@ function get_number_of_users()
 		$a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], true);
 	}
 
-	foreach($a_course_users as $user_id=>$o_course_user){
-
-		if( (isset ($_GET['keyword']) && search_keyword($o_course_user['firstname'],$o_course_user['lastname'],$o_course_user['username'],$o_course_user['official_code'],$_GET['keyword'])) || !isset($_GET['keyword']) || empty($_GET['keyword'])){
+	foreach($a_course_users as $user_id=>$o_course_user)
+	{
+		if( (isset ($_GET['keyword']) && search_keyword($o_course_user['firstname'],$o_course_user['lastname'],$o_course_user['username'],$o_course_user['official_code'],$_GET['keyword'])) || !isset($_GET['keyword']) || empty($_GET['keyword']))
+		{
 			$counter++;			
 		}
 	}
-
 	return $counter;
 	
 }
 
-function search_keyword($firstname,$lastname,$username,$official_code,$keyword){
-
-	if(strripos($firstname,$keyword)!==false || strripos($lastname,$keyword)!==false || strripos($username,$keyword)!==false || strripos($official_code,$keyword)!==false){
+function search_keyword($firstname,$lastname,$username,$official_code,$keyword)
+{
+	if(strripos($firstname,$keyword)!==false || strripos($lastname,$keyword)!==false || strripos($username,$keyword)!==false || strripos($official_code,$keyword)!==false)
+	{
 		return true;
 	}
-	else{
+	else
+	{
 		return false;
 	}
 
@@ -468,22 +483,22 @@ function get_user_data($from, $number_of_items, $column, $direction)
 	// order by
 	switch($column)
 	{
-		case 1 : $order_by = 'ORDER BY user.firstname';break;
-		case 2:  $order_by = 'ORDER BY user.lastname';break;
-		case 5:  $order_by = 'ORDER BY user.official_code';break;
-		default : $order_by = 'ORDER BY user.lastname';break;
+		case 1 :  $order_by = 'ORDER BY user.firstname';break;
+		case 2 :  $order_by = 'ORDER BY user.lastname';break;
+		case 5 :  $order_by = 'ORDER BY user.official_code';break;
+		default:  $order_by = 'ORDER BY user.lastname';break;
 	}
 	$order_by .= ' '.$direction;
 
-	if(!empty($_SESSION["id_session"])){
-		
+	if(!empty($_SESSION["id_session"]))
+	{		
 		$a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], true, $_SESSION['id_session'], $limit, $order_by);
 	}
 	else
 	{		
 		$a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], true, 0, $limit, $order_by);
 	}
-		
+	
 	foreach($a_course_users as $user_id=>$o_course_user)
 	{
 		if( (isset ($_GET['keyword']) && search_keyword($o_course_user['firstname'],$o_course_user['lastname'],$o_course_user['username'],$o_course_user['official_code'],$_GET['keyword'])) || !isset($_GET['keyword']) || empty($_GET['keyword'])){
@@ -503,19 +518,27 @@ function get_user_data($from, $number_of_items, $column, $direction)
 				$temp[] = $o_course_user['official_code'];
 				
 				
-
+	/*			// deprecated feature
 				if(isset($o_course_user['tutor_id']) && $o_course_user['tutor_id']==1)
+				{
 					$temp[] = get_lang('Tutor');
+				}
 				else
+				{
 					$temp[] = '-';
+				}
+	*/			
 				if(isset($o_course_user['status']) && $o_course_user['status']==1)
+				{
 					$temp[] = get_lang('CourseManager');
+				}
 				else
+				{
 					$temp[] = '-';
+				}
 					
 				$temp[] = $o_course_user['active'];
-				$temp[] = $user_id;
-				
+				$temp[] = $user_id;				
 			}
 			else
 			{
@@ -629,10 +652,11 @@ $table->set_header($header_nr++, get_lang('OfficialCode'));
 
 if( api_is_allowed_to_edit())
 {
-	$table->set_header($header_nr++, get_lang('Tutor'),false);
+	// deprecated feature 
+	// $table->set_header($header_nr++, get_lang('Tutor'),false);
 	$table->set_header($header_nr++, get_lang('CourseManager'),false);
 	$table->set_header($header_nr++, get_lang('Active'),false);
-	$table->set_column_filter(8,'active_filter');
+	$table->set_column_filter(7,'active_filter');
 }
 
 //actions column
diff --git a/main/user/userInfo.php b/main/user/userInfo.php
index eb1c3d6dd7..b1faf708dc 100644
--- a/main/user/userInfo.php
+++ b/main/user/userInfo.php
@@ -1,4 +1,4 @@
-<?php // $Id: userInfo.php 14725 2008-04-02 15:31:22Z elixir_inter $
+<?php // $Id: userInfo.php 15793 2008-07-15 22:13:13Z juliomontoya $
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
@@ -32,6 +32,7 @@
 *	(3) display
 *	@author original author (unknown, probably thomas,hugues,moosh)
 *	@author Roan Embrechts, minor modification: virtual courses support
+*	@author Julio Montoya Armas Several fixes
 *	@package dokeos.user
 ==============================================================================
 */
@@ -41,14 +42,16 @@
 	   INIT SECTION
 ==============================================================================
 */
-$editMainUserInfo = $_REQUEST['editMainUserInfo'];
-$uInfo = strval(intval($_REQUEST['uInfo']));
+
 // name of the language file that needs to be included
 $language_file = array ('registration', 'userInfo');
 
 include ("../inc/global.inc.php");
 require_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');
 require_once (api_get_path(LIBRARY_PATH).'usermanager.lib.php');
+
+$editMainUserInfo = Security::remove_XSS($_REQUEST['editMainUserInfo']);
+$uInfo = $editMainUserInfo; 
 $this_section = SECTION_COURSES;
 
 $nameTools = get_lang("Users");
@@ -71,7 +74,6 @@ if ($origin != 'learnpath')
 else
 {
 ?> <link rel="stylesheet" type="text/css" href="<?php echo api_get_path(WEB_CODE_PATH);?>css/default.css" /> <?php
-
 }
 
 $currentCourse = $currentCourseID;
@@ -100,6 +102,7 @@ $courseCode = $currentCourseID = $_course['sysCode'];
 $tbl_coursUser = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
 
 $userIdViewer = $_user['user_id']; // id fo the user currently online
+
 //$userIdViewed = $_GET['userIdViewed']; // Id of the user we want to view
 
 $allowedToEditContent = ($userIdViewer == $userIdViewed) || $is_platformAdmin;
@@ -122,7 +125,6 @@ include ("userInfoLib.php");
 */
 
 $displayMode = "viewContentList";
-
 $removeDef =  Security::remove_XSS($_GET['removeDef']); 
 $editDef = Security::remove_XSS($_GET['editDef']); 
 $moveUpDef = Security::remove_XSS($_GET['moveUpDef']); 
@@ -175,18 +177,43 @@ if ($allowedToEditDef)
 		$userIdViewed = strval(intval($_GET['editMainUserInfo']));
 		$displayMode = "viewMainInfoEdit";
 	}
-	elseif (!empty($_GET['submitMainUserInfo']))
-	{
-		$userIdViewed = strval(intval($_GET['submitMainUserInfo']));
-
-		$promoteCourseAdmin ? $userProperties['status'] = 1 : $userProperties['status'] = 5;
-		$promoteTutor ? $userProperties['tutor'] = 1 : $userProperties['tutor'] = 0;
-
-		$userProperties['role'] = $role;
-
-		update_user_course_properties($userIdViewed, $courseCode, $userProperties);
-
-		$displayMode = "viewContentList";
+	elseif (!empty($_POST['submitMainUserInfo']))
+	{	
+		if (isset ($_POST['submitMainUserInfo']))
+		{
+			$userIdViewed = strval(intval($_POST['submitMainUserInfo']));
+			//is teacher		
+			$promoteCourseAdmin=$_POST['promoteCourseAdmin'];			
+			$userProperties['status'] = 5; 	
+			if ($promoteCourseAdmin)
+			{
+				$userProperties['status'] = 1;
+			}				 	
+			
+			/* deprecated feature
+			 
+			// is coach
+			if (isset ($_POST['promoteTutor']))
+			{
+				$promoteTutor=$_POST['promoteTutor'];
+				$userProperties['tutor'] = 0;
+				if ($promoteTutor)
+				{
+					$userProperties['tutor'] = 1;
+				}							
+			}
+			*/
+			// role is a string
+			if (isset ($_POST['role']))
+			{
+				$role=$_POST['role'];	 
+				$userProperties['role'] = $role;
+			}			
+				
+			update_user_course_properties($userIdViewed, $courseCode, $userProperties);
+			
+			$displayMode = "viewContentList";
+		}	
 	}
 }
 
@@ -195,14 +222,16 @@ if ($allowedToEditDef)
 if ($allowedToEditContent)
 {
 	if (isset($_POST['submitContent']))
-	{
+	{		
 		if ($_POST['cntId']) // submit a content change
 		{
 			edit_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
+	
 		}
 		else // submit a totally new content
 		{
 			fill_new_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
+	
 		}
 
 		$displayMode = "viewContentList";
@@ -210,7 +239,7 @@ if ($allowedToEditContent)
 	elseif (!empty($_GET['editContent']))
 	{
 		$displayMode = "viewContentEdit";
-
+	
 		$userIdViewed = $userIdViewed;
 	}
 }
@@ -320,20 +349,20 @@ elseif ($displayMode == "viewMainInfoEdit")
 		$image_array=UserManager::get_user_picture_path_by_id($userIdViewed,'web',false,true);						
 		echo '<img src="'.$image_array['dir'].$image_array['file'].'" border="1">';			
 		 
-
+		//"<td>", get_lang('Tutor'), "</td>\n",
 		echo "<form action=\"".api_get_self()."\" method=\"post\">\n",
 				"<input type=\"hidden\" name=\"submitMainUserInfo\" value=\"$userIdViewed\" />\n",
 				"<table width=\"80%\" border=\"0\">",
 					"<tr align=\"center\" bgcolor=\"#E6E6E6\">\n",
 						"<td align=\"left\">", get_lang('Name'), "</td>\n",
-						"<td align=\"left\">", get_lang('Role'), "</td>\n",
-						"<td>", get_lang('Tutor'), "</td>\n",
+						"<td align=\"left\">", get_lang('Role'), "</td>\n",						
 						"<td>", get_lang('CourseManager'), "</td>\n",
 					"</tr>\n",
 					"<tr align=\"center\">",
 						"<td align=\"left\"><b>", htmlize($mainUserInfo['firstName']), " ", htmlize($mainUserInfo['lastName']), "</b></td>\n",
-						"<td align=\"left\"><input type=\"text\" name =\"role\" value=\"", $mainUserInfo['role'], "\" maxlength=\"40\" /></td>",
-						"<td><input class=\"checkbox\" type=\"checkbox\" name=\"promoteTutor\" value=\"1\" ", $tutorChecked, " /></td>";
+						"<td align=\"left\"><input type=\"text\" name =\"role\" value=\"", $mainUserInfo['role'], "\" maxlength=\"40\" /></td>";
+						//deprecated feature
+						//"<td><input class=\"checkbox\" type=\"checkbox\" name=\"promoteTutor\" value=\"1\" ", $tutorChecked, " /></td>";
 
 		if (!($is_courseAdmin && $_user['user_id'] == $userIdViewed))
 		{
@@ -374,9 +403,9 @@ elseif ($displayMode == "viewContentList") // default display
 		//not supported yet: editing users of virtual courses
 		$allowedToEditDef = false;
 	}
-
+	
 	$mainUserInfo = get_main_user_info($userIdViewed, $courseCode);
-
+	
 	if ($mainUserInfo)
 	{
 		
@@ -385,15 +414,15 @@ elseif ($displayMode == "viewContentList") // default display
 		
 		//DISPLAY TABLE HEADING
 		if ($origin == 'learnpath') { $allowedToEditDef=false; $is_allowedToTrack=false; }
+		//"<td>",get_lang('Tutor'),"</td>\n",
 		echo	"<table width=\"80%\" border=\"0\">",
 
 				"<tr align=\"center\" bgcolor=\"#E6E6E6\">\n",
 				"<td align=\"left\">",get_lang('Name'),"</td>\n",
-				"<td align=\"left\">",get_lang('Description'),"</td>\n",
-				"<td>",get_lang('Tutor'),"</td>\n",
+				"<td align=\"left\">",get_lang('Role'),"</td>\n",				
 				"<td>",get_lang('CourseManager'),"</td>\n",
 				($allowedToEditDef?"<td>".get_lang('Edit')."</td>\n":""),
-                                ($is_allowedToTrack?"<td>".get_lang('Tracking')."</td>\n":""),
+                ($is_allowedToTrack?"<td>".get_lang('Tracking')."</td>\n":""),
 				"</tr>\n",
 
 				"<tr align=\"center\">\n",
@@ -402,6 +431,7 @@ elseif ($displayMode == "viewContentList") // default display
 				"<td  align=\"left\">",htmlize($mainUserInfo['role']),"</td>";
 
 		//DISPLAY TABLE CONTENT
+				/* deprecated feature
 				if ($mainUserInfo['tutor_id'] == 1)
 				{
 					echo "<td>",get_lang('Tutor'),"</td>\n";
@@ -410,6 +440,7 @@ elseif ($displayMode == "viewContentList") // default display
 				{
 					echo "<td> - </td>\n";
 				}
+				*/
 
 				if ($mainUserInfo['status'] == 1)
 				{
@@ -430,7 +461,7 @@ elseif ($displayMode == "viewContentList") // default display
 				}
                                 if ($is_allowedToTrack)
                                 {
-                                        echo	"<td>",
+                                   echo	"<td>",
 							"<a href=\"../mySpace/myStudents.php?".api_get_cidreq()."&origin=user_course&student=$userIdViewed&details=true&course=".$_course['id']."\">",
 							"<img border=\"0\" alt=\"".get_lang('Tracking')." : $userIdViewed\" src=\"../img/statistics.gif\" />",
 							"</a>",
diff --git a/main/user/userInfoLib.php b/main/user/userInfoLib.php
index cf679fe4c3..6ca605bce2 100644
--- a/main/user/userInfoLib.php
+++ b/main/user/userInfoLib.php
@@ -260,14 +260,17 @@ function update_user_course_properties($user_id, $course_code, $properties)
     $course_code = Database::escape_string($course_code);
     if ($user_id != $_user['user_id'])
     {
-    	$sqlChangeStatus = "status     = '".$properties['status']."',";
+    	$sqlChangeStatus = "status     = '".Database::escape_string($properties['status'])."',";
     }
-	$result = api_sql_query("UPDATE $tbl_coursUser
-	                        SET     role      		= '".$properties['role']."',
-	                                ".$sqlChangeStatus."
-	                                tutor_id      	= '".$properties['tutor']."'
+    
+    	//feature deprecated   tutor_id      	= '".Database::escape_string($properties['tutor'])."'
+    		$sql = "UPDATE $tbl_coursUser
+    						SET 	".$sqlChangeStatus."	           
+	                        role      		= '".Database::escape_string($properties['role'])."'	                                                     
 	                        WHERE   user_id	    	= '".$user_id."'
-	                        AND     course_code		= '".$course_code."'",__FILE__,__LINE__);
+	                        AND     course_code		= '".$course_code."'";
+	                        
+	$result = api_sql_query($sql,__FILE__,__LINE__);
 
 	if (mysql_affected_rows() > 0)
 	{

", get_lang('Name'), "	", get_lang('Role'), "	", get_lang('Tutor'), "	", get_lang('Role'), "	", get_lang('CourseManager'), "
", htmlize($mainUserInfo['firstName']), " ", htmlize($mainUserInfo['lastName']), "					",get_lang('Tutor'),"
",get_lang('Name'),"	",get_lang('Description'),"	",get_lang('Tutor'),"	",get_lang('Role'),"	",get_lang('CourseManager'),"	".get_lang('Edit')."	".get_lang('Tracking')."	".get_lang('Tracking')."
",htmlize($mainUserInfo['role']),"	",get_lang('Tutor'),"	-	", + echo "	", "", " $\"".get_lang('Tracking')."$ ", "", diff --git a/main/user/userInfoLib.php b/main/user/userInfoLib.php index cf679fe4c3..6ca605bce2 100644 --- a/main/user/userInfoLib.php +++ b/main/user/userInfoLib.php @@ -260,14 +260,17 @@ function update_user_course_properties($user_id, $course_code, $properties) $course_code = Database::escape_string($course_code); if ($user_id != $_user['user_id']) { - $sqlChangeStatus = "status = '".$properties['status']."',"; + $sqlChangeStatus = "status = '".Database::escape_string($properties['status'])."',"; } - $result = api_sql_query("UPDATE $tbl_coursUser - SET role = '".$properties['role']."', - ".$sqlChangeStatus." - tutor_id = '".$properties['tutor']."' + + //feature deprecated tutor_id = '".Database::escape_string($properties['tutor'])."' + $sql = "UPDATE $tbl_coursUser + SET ".$sqlChangeStatus." + role = '".Database::escape_string($properties['role'])."' WHERE user_id = '".$user_id."' - AND course_code = '".$course_code."'",__FILE__,__LINE__); + AND course_code = '".$course_code."'"; + + $result = api_sql_query($sql,__FILE__,__LINE__); if (mysql_affected_rows() > 0) {