chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

User: Add deleting users in 2 steps - refs #5097

Browse Source
pull/5217/head
christianbeeznst 2 years ago
parent df65d9b8ef
commit ce73a7ebd8
34 changed files with 456 additions and 181 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 37
      assets/css/app.scss
  2. 4
      public/main/admin/access_url_add_users_to_url.php
  3. 2
      public/main/admin/access_url_check_user_session.php
  4. 10
      public/main/admin/dashboard_add_users_to_user.php
  5. 6
      public/main/admin/user_edit.php
  6. 262
      public/main/admin/user_list.php
  7. 2
      public/main/admin/user_list_consent.php
  8. 8
      public/main/cron/request_removal_reminder.php
  9. 1
      public/main/inc/ajax/exercise.ajax.php
  10. 2
      public/main/inc/lib/SkillModel.php
  11. 3
      public/main/inc/lib/TicketManager.php
  12. 2
      public/main/inc/lib/access_url_edit_users_to_url_functions.lib.php
  13. 9
      public/main/inc/lib/course.lib.php
  14. 2
      public/main/inc/lib/exercise.lib.php
  15. 2
      public/main/inc/lib/groupmanager.lib.php
  16. 6
      public/main/inc/lib/myspace.lib.php
  17. 10
      public/main/inc/lib/online.inc.php
  18. 13
      public/main/inc/lib/sessionmanager.lib.php
  19. 23
      public/main/inc/lib/statistics.lib.php
  20. 4
      public/main/inc/lib/sub_language.class.php
  21. 2
      public/main/inc/lib/tracking.lib.php
  22. 4
      public/main/inc/lib/urlmanager.lib.php
  23. 5
      public/main/inc/lib/usergroup.lib.php
  24. 70
      public/main/inc/lib/usermanager.lib.php
  25. 1
      public/main/inc/lib/zombie/zombie_manager.class.php
  26. 23
      public/main/user/add_users_to_session.php
  27. 4
      public/main/user/resume_session.php
  28. 10
      public/main/user/subscribe_user.php
  29. 3
      public/main/user/user.php
  30. 7
      public/main/user/user_export.php
  31. 17
      src/CoreBundle/Controller/SecurityController.php
  32. 16
      src/CoreBundle/Entity/User.php
  33. 34
      src/CoreBundle/Migrations/Schema/V200/Version20240306204200.php
  34. 33
      src/CoreBundle/Repository/Node/UserRepository.php

37
assets/css/app.scss
Unescape View File

@ -385,6 +385,43 @@
cursor: pointer;
}
.users-list {
.nav-tabs {
display: flex;
list-style-type: none;
padding: 0;
border-bottom: 1px solid #ddd;
margin: 0 0 20px;
}
.nav-tabs .nav-item {
margin-bottom: -1px;
}
.nav-tabs .nav-link {
display: block;
padding: 0.5rem 1rem;
margin-right: 0.1rem;
background: #f8f8f8;
border: 1px solid #ddd;
border-radius: 0.25rem 0.25rem 0 0;
text-decoration: none;
color: #555;
}
.nav-tabs .nav-link:hover {
background-color: #e9ecef;
}
.nav-tabs .nav-link.active {
color: #495057;
background-color: #fff;
border-color: #ddd #ddd #fff;
border-bottom-color: transparent;
font-weight: bolder;
}
}
//@import 'primevue-md-light-indigo/theme.css';
//@import '~primevue/resources/primevue.min.css';
//@import '~primeflex/primeflex.css';

4
public/main/admin/access_url_add_users_to_url.php
Unescape View File

@ -66,7 +66,7 @@ if ($_POST['form_sent']) {
/* Display GUI */
if (empty($first_letter_user)) {
$sql = "SELECT count(*) as nb_users FROM $tbl_user";
$sql = "SELECT count(*) as nb_users FROM $tbl_user WHERE active <> -1";
$result = Database::query($sql);
$num_row = Database::fetch_array($result);
if ($num_row['nb_users'] > 1000) {
@ -81,7 +81,7 @@ $first_letter_user_lower = Database::escape_string(api_strtolower($first_letter_
$target_name = api_sort_by_first_name() ? 'firstname' : 'lastname';
$target_name = 'lastname';
$sql = "SELECT user_id,lastname,firstname,username FROM $tbl_user
WHERE ".$target_name." LIKE '".$first_letter_user_lower."%' OR ".$target_name." LIKE '".$first_letter_user_lower."%'
WHERE active <> -1 AND ".$target_name." LIKE '".$first_letter_user_lower."%' OR ".$target_name." LIKE '".$first_letter_user_lower."%'
ORDER BY ".(count($users) > 0 ? '(user_id IN('.implode(',', $users).')) DESC,' : '').' '.$target_name;
$result = Database::query($sql);
$db_users = Database::store_result($result);

2
public/main/admin/access_url_check_user_session.php
Unescape View File

@ -78,7 +78,7 @@ foreach ($session_list as $session_item) {
ON u.id = su.user_id AND su.relation_type <> ".Session::DRH."
LEFT OUTER JOIN $table_access_url_user uu
ON (uu.user_id = u.id)
WHERE su.session_id = $session_id AND $access_where
WHERE su.session_id = $session_id AND $access_where AND u.active <> -1
$order_clause";
$result = Database::query($sql);

10
public/main/admin/dashboard_add_users_to_user.php
Unescape View File

@ -103,7 +103,7 @@ function search_users($needle, $type = 'multiple')
$sql = "SELECT user.id as user_id, username, lastname, firstname
FROM $tbl_user user
LEFT JOIN $tbl_access_url_rel_user au ON (au.user_id = user.id)
WHERE
WHERE user.active <> -1 AND
".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND
status NOT IN(".DRH.', '.SESSIONADMIN.', '.STUDENT_BOSS.") AND
user.id NOT IN ($user_anonymous, $current_user_id, $user_id)
@ -114,7 +114,7 @@ function search_users($needle, $type = 'multiple')
} else {
$sql = "SELECT id as user_id, username, lastname, firstname
FROM $tbl_user user
WHERE
WHERE user.active <> -1 AND
".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND
status NOT IN(".DRH.', '.SESSIONADMIN.', '.STUDENT_BOSS.") AND
id NOT IN ($user_anonymous, $current_user_id, $user_id)
@ -132,7 +132,7 @@ function search_users($needle, $type = 'multiple')
$sql = 'SELECT user.id as user_id, username, lastname, firstname
FROM '.$tbl_user.' user
INNER JOIN '.$tbl_user_rel_access_url.' url_user ON (url_user.user_id=user.id)
WHERE
WHERE user.active <> -1 AND
access_url_id = '.$access_url_id.' AND
(
username LIKE "'.$needle.'%" OR
@ -400,7 +400,7 @@ if (api_is_multiple_url_enabled()) {
FROM $tbl_user user
LEFT JOIN $tbl_access_url_rel_user au
ON (au.user_id = user.id)
WHERE
WHERE user.active <> -1 AND
$without_assigned_users
user.id NOT IN ($user_anonymous, $current_user_id, $user_id) AND
status NOT IN(".DRH.', '.SESSIONADMIN.', '.ANONYMOUS.") $search_user AND
@ -410,7 +410,7 @@ if (api_is_multiple_url_enabled()) {
} else {
$sql = "SELECT id as user_id, username, lastname, firstname
FROM $tbl_user user
WHERE
WHERE user.active <> -1 AND
$without_assigned_users
id NOT IN ($user_anonymous, $current_user_id, $user_id) AND
status NOT IN(".DRH.', '.SESSIONADMIN.', '.ANONYMOUS.")

6
public/main/admin/user_edit.php
Unescape View File

@ -435,7 +435,11 @@ if ($form->validate()) {
$expiration_date = $user['expiration_date'];
}
$active = $user_data['platform_admin'] ? 1 : intval($user['active']);
if (isset($user['active'])) {
$active = $user_data['platform_admin'] ? 1 : intval($user['active']);
} else {
$active = -1;
}
//If the user is set to admin the status will be overwrite by COURSEMANAGER = 1
if (1 == $platform_admin) {

262
public/main/admin/user_list.php
Unescape View File

@ -18,6 +18,8 @@ $urlId = api_get_current_access_url_id();
$currentUserId = api_get_user_id();
$action = $_REQUEST['action'] ?? '';
$view = $_GET['view'] ?? 'all';
$showDeletedUsers = 'deleted' === $view;
// Login as can be used by different roles
if (isset($_GET['user_id']) && 'login_as' === $action) {
@ -73,37 +75,27 @@ if ($variables) {
Session::write('variables_to_show', $variablesToShow);
$htmlHeadXtra[] = '<script>
function active_user(element_div) {
id_image=$(element_div).attr("id");
image_clicked=$(element_div).attr("src");
image_clicked_info = image_clicked.split("/");
image_real_clicked = image_clicked_info[image_clicked_info.length-1];
var status = 1;
if (image_real_clicked == "accept.png") {
status = 0;
}
user_id=id_image.split("_");
ident="#img_"+user_id[1];
if (confirm("'.get_lang('AreYouSureToEditTheUserStatus', '').'")) {
$.ajax({
function active_user(element) {
var userId = $(element).attr("id").split("_")[1];
var isActive = $(element).hasClass("mdi-check-circle");
var newStatus = isActive ? 0 : 1;
var confirmMessage = isActive ? "'.get_lang('Are you sure you want to lock this user?', '').'" : "'.get_lang('Are you sure you want to unlock this user?', '').'";
if (confirm(confirmMessage)) {
$.ajax({
contentType: "application/x-www-form-urlencoded",
beforeSend: function(myObject) {
$(ident).attr("src","'.Display::returnIconPath('loading1.gif').'"); }, //candy eye stuff
beforeSend: function() {
$(element).attr("class", "mdi mdi-loading mdi-spin ch-tool-icon");
},
type: "GET",
url: "'.api_get_path(WEB_AJAX_PATH).'user_manager.ajax.php?a=active_user",
data: "user_id="+user_id[1]+"&status="+status,
data: "user_id=" + userId + "&status=" + newStatus,
success: function(data) {
if (data == 1) {
$(ident).attr("src", "'.Display::returnIconPath('accept.png', ICON_SIZE_TINY).'");
$(ident).attr("title","'.get_lang('Lock').'");
}
if (data == 0) {
$(ident).attr("src","'.Display::returnIconPath('error.png').'");
$(ident).attr("title","'.get_lang('Unlock').'");
}
if (data == -1) {
$(ident).attr("src", "'.Display::returnIconPath('warning.png').'");
$(ident).attr("title","'.get_lang('Action not allowed').'");
$(element).attr("class", "mdi mdi-check-circle ch-tool-icon");
$(element).attr("title", "'.get_lang('Lock').'");
} else {
$(element).attr("class", "mdi mdi-alert ch-tool-icon");
$(element).attr("title", "'.get_lang('Unlock').'");
}
}
});
@ -171,7 +163,7 @@ function trimVariables()
*
* @return string SQL query
*/
function prepare_user_sql_query($getCount)
function prepare_user_sql_query(bool $getCount, $showDeletedUsers = false)
{
$sql = '';
$user_table = Database::get_main_table(TABLE_MAIN_USER);
@ -393,6 +385,12 @@ function prepare_user_sql_query($getCount)
}
}
if ($showDeletedUsers) {
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE u.active = -1' : ' AND u.active = -1';
} else {
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE u.active <> -1' : ' AND u.active <> -1';
}
return $sql;
}
@ -401,9 +399,9 @@ function prepare_user_sql_query($getCount)
*
* @see SortableTable#get_total_number_of_items()
*/
function get_number_of_users()
function get_number_of_users($showDeletedUsers = false)
{
$sql = prepare_user_sql_query(true);
$sql = prepare_user_sql_query(true, $showDeletedUsers);
$res = Database::query($sql);
$obj = Database::fetch_object($res);
@ -422,9 +420,9 @@ function get_number_of_users()
*
* @see SortableTable#get_table_data($from)
*/
function get_user_data($from, $number_of_items, $column, $direction)
function get_user_data($from, $number_of_items, $column, $direction, $showDeletedUsers = false): array
{
$sql = prepare_user_sql_query(false);
$sql = prepare_user_sql_query(false, $showDeletedUsers);
if (!in_array($direction, ['ASC', 'DESC'])) {
$direction = 'ASC';
}
@ -508,6 +506,50 @@ function user_filter($name, $params, $row)
return '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.$row[0].'">'.$name.'</a>';
}
function modify_deleted_filter($user_id, $url_params, $row) {
$result = '';
$editProfileUrl = Display::getProfileEditionLink($user_id, true);
$result .= '<a href="'.$editProfileUrl.'">'.
Display::getMdiIcon('pencil', 'ch-tool-icon', null, 22, get_lang('Edit')).'</a>';
$restoreUrl = "user_list.php?$url_params&".
http_build_query([
'action' => 'restore',
'user_id' => $user_id,
'sec_token' => Security::getTokenFromSession(),
'view' => Security::remove_XSS($_GET['view']),
]);
$result .= Display::url(
Display::getMdiIcon('restore', 'ch-tool-icon', null, 22, get_lang('Restore')),
$restoreUrl,
[
'title' => get_lang('Restore'),
'data-title' => addslashes(api_htmlentities(get_lang("Please confirm your choice"))),
'class' => 'delete-swal',
]
);
$deleteUrl = "user_list.php?$url_params&".
http_build_query([
'action' => 'destroy',
'user_id' => $user_id,
'sec_token' => Security::getTokenFromSession(),
'view' => Security::remove_XSS($_GET['view']),
]);
$result .= Display::url(
Display::getMdiIcon('delete-forever', 'ch-tool-icon', null, 22, get_lang('DeletePermanently')),
$deleteUrl,
[
'title' => get_lang('DeletePermanently'),
'data-title' => addslashes(api_htmlentities(get_lang("Please confirm your choice"))),
'class' => 'delete-swal',
]
);
return $result;
}
/**
* Build the modify-column of the table.
*
@ -1006,6 +1048,106 @@ if (!empty($action)) {
}
}
break;
case 'restore':
$userIds = [];
$isMassDeletion = false;
if (api_is_platform_admin() && !empty($_POST['id']) && is_array($_POST['id'])) {
$userIds = $_POST['id'];
$isMassDeletion = true;
} elseif (!empty($_GET['user_id'])) {
$userIds[] = $_GET['user_id'];
}
$numberOfAffectedUsers = 0;
foreach ($userIds as $userId) {
if ($userId != $currentUserId && UserManager::change_active_state($userId, 1)) {
$numberOfAffectedUsers++;
}
}
if ($isMassDeletion) {
if (count($userIds) == $numberOfAffectedUsers) {
$message = Display::return_message(
get_lang('Selected users restored'),
'confirmation'
);
} else {
$message = Display::return_message(
get_lang('Some of the selected users have not been restored. We recommend you confirm which, by using the advanced search.'),
'error'
);
}
} else {
if ($numberOfAffectedUsers > 0) {
$message = Display::return_message(
get_lang('The user has been restored.'),
'confirmation'
);
} else {
$message = Display::return_message(
get_lang('The user has not been restored. Please confirm the user ID and try again.'),
'error'
);
}
}
Display::addFlash($message);
if (!$isMassDeletion) {
header('Location: '.api_get_self().'?view='.$view);
exit;
}
break;
case 'destroy':
$userIds = [];
$isMassDeletion = false;
if (api_is_platform_admin() && !empty($_POST['id']) && is_array($_POST['id'])) {
$userIds = $_POST['id'];
$isMassDeletion = true;
} elseif (!empty($_GET['user_id'])) {
$userIds[] = $_GET['user_id'];
}
$numberOfAffectedUsers = 0;
foreach ($userIds as $userId) {
if ($userId != $currentUserId && UserManager::delete_user($userId, true)) {
$numberOfAffectedUsers++;
}
}
if ($isMassDeletion) {
if (count($userIds) == $numberOfAffectedUsers) {
$message = Display::return_message(
get_lang('Selected users deleted permanently'),
'confirmation'
);
} else {
$message = Display::return_message(
get_lang('Some of the selected users have not been deleted. We recommend you confirm which, by using the advanced search.'),
'error'
);
}
} else {
if ($numberOfAffectedUsers > 0) {
$message = Display::return_message(
get_lang('The user has been deleted permanently'),
'confirmation'
);
} else {
$message = Display::return_message(
get_lang('The user has not been deleted. Please confirm the user ID and try again.'),
'error'
);
}
}
Display::addFlash($message);
if (!$isMassDeletion) {
header('Location: '.api_get_self().'?view='.$view);
exit;
}
break;
case 'anonymize':
$message = UserManager::anonymizeUserWithVerification($_GET['user_id']);
Display::addFlash($message);
@ -1027,6 +1169,7 @@ $form->addText(
'placeholder' => get_lang('Search users'),
]
);
$form->addElement('hidden', 'view', $view);
$form->addButtonSearch(get_lang('Search'));
$searchAdvanced = '
@ -1039,7 +1182,7 @@ $searchAdvanced = '
$actionsLeft = '';
$actionsCenter = '';
$actionsRight = '';
if (api_is_platform_admin()) {
if (api_is_platform_admin() && !$showDeletedUsers) {
$actionsLeft .= '<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_add.php">'.
Display::getMdiIcon('account-plus', 'ch-tool-icon-gradient', null, 32, get_lang('Add a user')).'</a>';
}
@ -1065,6 +1208,7 @@ if (isset($_GET['keyword'])) {
}
// Create a sortable table with user-data
$parameters['sec_token'] = Security::get_token();
$parameters['view'] = $view;
$_admins_list = array_keys(UserManager::get_all_administrators());
Session::write('admin_list', $_admins_list);
@ -1077,7 +1221,7 @@ $form = new FormValidator(
[],
FormValidator::LAYOUT_HORIZONTAL
);
$form->addElement('hidden', 'view', $view);
$form->addElement('header', get_lang('Advanced search'));
$form->addText('keyword_firstname', get_lang('First name'), false);
$form->addText('keyword_lastname', get_lang('Last name'), false);
@ -1142,8 +1286,8 @@ $form = '<div id="advanced_search_form" style="display:none;">'.$form->returnFor
$table = new SortableTable(
'users',
'get_number_of_users',
'get_user_data',
function() use ($showDeletedUsers) { return get_number_of_users($showDeletedUsers); },
function($from, $number_of_items, $column, $direction) use ($showDeletedUsers) { return get_user_data($from, $number_of_items, $column, $direction, $showDeletedUsers); },
(api_is_western_name_order() xor api_sort_by_first_name()) ? 3 : 2,
20,
'ASC'
@ -1173,24 +1317,32 @@ $table->set_column_filter(4, 'user_filter');
$table->set_column_filter(6, 'email_filter');
$table->set_column_filter(7, 'status_filter');
$table->set_column_filter(8, 'active_filter');
$table->set_column_filter(11, 'modify_filter');
$actionsList = [];
if ($showDeletedUsers) {
$table->set_column_filter(11, 'modify_deleted_filter');
$actionsList['restore'] = get_lang('Restore');
if (api_is_platform_admin() &&
!api_get_configuration_value('deny_delete_users')
) {
$actionsList['destroy'] = get_lang('Destroy');
}
} else {
$table->set_column_filter(11, 'modify_filter');
if (api_is_platform_admin() &&
!api_get_configuration_value('deny_delete_users')
) {
$actionsList['delete'] = get_lang('Remove from portal');
}
$actionsList['disable'] = get_lang('Disable');
$actionsList['enable'] = get_lang('Enable');
}
$table->set_form_actions($actionsList);
// Hide email column if login is email, to avoid column with same data
if ('true' === api_get_setting('login_is_email')) {
$table->setHideColumn(6);
}
// Only show empty actions bar if delete users has been blocked
$actionsList = [];
if (api_is_platform_admin() &&
!api_get_configuration_value('deny_delete_users')
) {
$actionsList['delete'] = get_lang('Remove from portal');
}
$actionsList['disable'] = get_lang('Disable');
$actionsList['enable'] = get_lang('Enable');
$table->set_form_actions($actionsList);
$table_result = $table->return_table();
$extra_search_options = '';
@ -1259,7 +1411,21 @@ if (0 == $table->get_total_number_of_items()) {
}
}
}
$toolbarActions = Display::toolbarAction('toolbarUser', [$actionsLeft, $actionsCenter.$actionsRight]);
$tabsHtml = '
<div class="users-list">
<ul class="nav nav-tabs">
<li class="nav-item '.($view == 'all' ? 'active' : '').'">
<a class="nav-link '.($view == 'all' ? 'active' : '').'" href="user_list.php?view=all">Todos los Usuarios</a>
</li>
<li class="nav-item '.($view == 'deleted' ? 'active' : '').'">
<a class="nav-link '.($view == 'deleted' ? 'active' : '').'" href="user_list.php?view=deleted">Usuarios Eliminados</a>
</li>
</ul>
</div>';
$toolbarActions = $tabsHtml;
$toolbarActions .= Display::toolbarAction('toolbarUser', [$actionsLeft, $actionsCenter.$actionsRight]);
$tpl = new Template($tool_name);
$tpl->assign('actions', $toolbarActions);

2
public/main/admin/user_list_consent.php
Unescape View File

@ -173,6 +173,8 @@ function prepare_user_sql_query($getCount)
$sql .= " AND url_rel_user.access_url_id = ".api_get_current_access_url_id();
}
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE u.active <> -1' : ' AND u.active <> -1';
return $sql;
}

8
public/main/cron/request_removal_reminder.php
Unescape View File

@ -25,7 +25,7 @@ foreach ($urlList as $url) {
// adding the filter to see the user's only of the current access_url
if (api_get_multiple_access_url()) {
$access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql .= " INNER JOIN $access_url_rel_user_table url_rel_user
$sql .= " INNER JOIN $access_url_rel_user_table url_rel_user
ON (u.id = url_rel_user.user_id)";
}
@ -36,12 +36,12 @@ foreach ($urlList as $url) {
$extraFieldValue = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
$sql .= " INNER JOIN $extraFieldValue v
ON (
u.id = v.item_id AND
u.id = v.item_id AND
(field_id = $extraFieldId OR field_id = $extraFieldIdDeleteAccount) AND
v.value = 1
) ";
$sql .= " WHERE 1 = 1 ";
$sql .= " WHERE 1 = 1 AND u.active <> -1 ";
if (api_get_multiple_access_url()) {
$sql .= " AND url_rel_user.access_url_id = ".api_get_current_access_url_id();
@ -67,7 +67,7 @@ foreach ($urlList as $url) {
$userInfo = api_get_user_info($userId);
if ($userInfo) {
$content = sprintf(
get_lang('The user %s is waiting for an action about it\'s personal data request.
get_lang('The user %s is waiting for an action about it\'s personal data request.
To manage personal data requests you can follow this link : %s'),
$userInfo['complete_name'],

1
public/main/inc/ajax/exercise.ajax.php
Unescape View File

@ -237,6 +237,7 @@ switch ($action) {
GROUP BY exe_user_id
) as aa
ON aa.exe_user_id = u.id
WHERE u.active <> -1
ORDER BY `$sidx` $sord
LIMIT $start, $limit";

2
public/main/inc/lib/SkillModel.php
Unescape View File

@ -1243,7 +1243,7 @@ class SkillModel extends Model
ON (s.id = su.skill_id)
INNER JOIN {$this->table_user} u
ON u.id = su.user_id, (SELECT @rownum:=0) r
WHERE 1=1 $where_condition
WHERE 1=1 AND u.active <> -1 $where_condition
GROUP BY username
ORDER BY skills_acquired desc
LIMIT $start , $limit) AS T1, (SELECT @rownum:=0) r";

3
public/main/inc/lib/TicketManager.php
Unescape View File

@ -1281,7 +1281,7 @@ class TicketManager
FROM $table_support_messages message
INNER JOIN $table_main_user user
ON (message.sys_insert_user_id = user.id)
WHERE
WHERE user.active <> -1 AND
message.ticket_id = '$ticketId' ";
$result = Database::query($sql);
$ticket['messages'] = [];
@ -1812,6 +1812,7 @@ class TicketManager
}
}
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE user.active <> -1' : ' AND user.active <> -1';
$sql .= " LIMIT $from,$number_of_items";
$result = Database::query($sql);

2
public/main/inc/lib/access_url_edit_users_to_url_functions.lib.php
Unescape View File

@ -39,7 +39,7 @@ class AccessUrlEditUsersToUrl
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
$sql = 'SELECT u.id as user_id, username, lastname, firstname
FROM '.$tbl_user.' u
WHERE
WHERE u.active <> -1 AND
(
username LIKE "'.$needle.'%" OR
firstname LIKE "'.$needle.'%" OR

9
public/main/inc/lib/course.lib.php
Unescape View File

@ -1375,6 +1375,7 @@ class CourseManager
$sqlInjectJoins
";
$where[] = ' session_course_user.c_id IS NOT NULL ';
$where[] = ' user.active <> -1 ';
// 2 = coach
// 0 = student
@ -1451,7 +1452,7 @@ class CourseManager
}
}
$sql .= " WHERE
$sql .= " WHERE user.active <> -1 AND
$filter_by_status_condition
".implode(' OR ', $where);
@ -1758,7 +1759,7 @@ class CourseManager
$sql .= " LEFT JOIN $tblUrlUser au ON (au.user_id = user.id) ";
}
$sql .= ' WHERE '.implode(' OR ', $where);
$sql .= ' WHERE user.active <> -1 AND '.implode(' OR ', $where);
if ($multiple_access_url) {
$current_access_url_id = api_get_current_access_url_id();
@ -1880,7 +1881,7 @@ class CourseManager
FROM ".Database::get_main_table(TABLE_MAIN_COURSE_USER)." cu
INNER JOIN $userTable u
ON cu.user_id = u.id
WHERE c_id = $courseId AND cu.status = ".STUDENT;
WHERE u.active <> -1 AND c_id = $courseId AND cu.status = ".STUDENT;
if (!$includeInvitedUsers) {
$sql .= " AND u.status != ".INVITEE;
@ -1923,7 +1924,7 @@ class CourseManager
$joinSession
INNER JOIN $userTable u
ON scu.user_id = u.id
WHERE scu.c_id = $courseId AND scu.status = ".SessionEntity::STUDENT;
WHERE u.active <> -1 AND scu.c_id = $courseId AND scu.status = ".SessionEntity::STUDENT;
if (!empty($date_from) && !empty($date_to)) {
$date_from = Database::escape_string($date_from);

2
public/main/inc/lib/exercise.lib.php
Unescape View File

@ -2094,6 +2094,8 @@ HOTSPOT;
";
}
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE user.active <> -1' : ' AND user.active <> -1';
if (empty($sql)) {
return false;
}

2
public/main/inc/lib/groupmanager.lib.php
Unescape View File

@ -1133,7 +1133,7 @@ class GroupManager
ON (gu.group_id = g.iid)
INNER JOIN $user_table u
ON (u.id = gu.user_id)
WHERE
WHERE u.active <> -1 AND
g.iid = $group_id";
if (!empty($column) && !empty($direction)) {

6
public/main/inc/lib/myspace.lib.php
Unescape View File

@ -518,7 +518,7 @@ class MySpace
MAX(login_date) as login_date
FROM $tbl_user u, $tbl_session_course_user scu, $tbl_track_login
WHERE
scu.user_id = u.id AND scu.status=".SessionEntity::COURSE_COACH." AND login_user_id=u.id
u.active <> -1 AND scu.user_id = u.id AND scu.status=".SessionEntity::COURSE_COACH." AND login_user_id=u.id
GROUP BY user_id ";
if (api_is_multiple_url_enabled()) {
@ -1958,7 +1958,7 @@ class MySpace
FROM $tbl_user AS u
INNER JOIN $tbl_session_rel_course_rel_user AS scu
ON u.id = scu.user_id
WHERE scu.session_id = '".$session_id."' AND scu.c_id = '".$courseId."'";
WHERE u.active <> -1 AND scu.session_id = '".$session_id."' AND scu.c_id = '".$courseId."'";
$result_users = Database::query($sql);
$time_spent = 0;
$progress = 0;
@ -2138,7 +2138,7 @@ class MySpace
FROM $tbl_user AS u
INNER JOIN $tbl_session_rel_course_rel_user AS scu
ON u.id = scu.user_id
WHERE scu.session_id = '".$session_id."' AND scu.c_id = '".$courseId."'";
WHERE u.active <> -1 AND scu.session_id = '".$session_id."' AND scu.c_id = '".$courseId."'";
$result_users = Database::query($sql);
$time_spent = 0;
$progress = 0;

10
public/main/inc/lib/online.inc.php
Unescape View File

@ -316,7 +316,7 @@ function who_is_online(
$query = "SELECT DISTINCT login_user_id, login_date
FROM ".$track_online_table." e
INNER JOIN ".$table_user." u ON (u.id = e.login_user_id)
WHERE u.status != ".ANONYMOUS." AND login_date >= '".$current_date."'
WHERE u.active <> -1 AND u.status != ".ANONYMOUS." AND login_date >= '".$current_date."'
ORDER BY `$column` $direction
LIMIT $from, $number_of_items";
}
@ -341,7 +341,7 @@ function who_is_online(
FROM ".$track_online_table." track
INNER JOIN ".$table_user." u
ON (u.id=track.login_user_id)
WHERE u.status != ".ANONYMOUS." AND track.access_url_id = $access_url_id AND
WHERE u.active <> -1 AND u.status != ".ANONYMOUS." AND track.access_url_id = $access_url_id AND
login_date >= '".$current_date."'
ORDER BY `$column` $direction
LIMIT $from, $number_of_items";
@ -400,7 +400,7 @@ function who_is_online_count($time_limit = null, $friends = false)
$query = "SELECT count(login_id) as count
FROM $track_online_table track INNER JOIN $table_user u
ON (u.id=track.login_user_id)
WHERE u.status != ".ANONYMOUS." AND login_date >= '$current_date' ";
WHERE u.active <> -1 AND u.status != ".ANONYMOUS." AND login_date >= '$current_date' ";
}
if (api_get_multiple_access_url()) {
@ -421,6 +421,7 @@ function who_is_online_count($time_limit = null, $friends = false)
$query = "SELECT count(login_id) as count FROM $track_online_table track
INNER JOIN $table_user u ON (u.id=track.login_user_id)
WHERE
u.active <> -1 AND
u.status != ".ANONYMOUS." AND
track.access_url_id = $access_url_id AND
login_date >= '$current_date' ";
@ -488,6 +489,7 @@ function who_is_online_in_this_course($from, $number_of_items, $uid, $time_limit
ON (o.login_user_id = u.id)
$urlJoin
WHERE
u.active <> -1 AND
u.status <> '".ANONYMOUS."' AND
o.c_id = $courseId AND
o.login_date >= '$current_date'
@ -545,6 +547,7 @@ function who_is_online_in_this_course_count(
ON (login_user_id = u.id)
$urlJoin
WHERE
u.active <> -1 AND
u.status <> '".ANONYMOUS."' AND
c_id = $courseId AND
login_date >= '$current_date'
@ -594,6 +597,7 @@ function whoIsOnlineInThisSessionCount($timeLimit, $sessionId)
ON (login_user_id = u.id)
$urlJoin
WHERE
u.active <> -1 AND
u.status <> '".ANONYMOUS."' AND
session_id = $sessionId AND
login_date >= '$current_date'

13
public/main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -447,6 +447,8 @@ class SessionManager
}
}
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE u.active <> -1' : ' AND u.active <> -1';
$result_rows = Database::query($sql);
$row = Database::fetch_array($result_rows);
$num = $row['total_rows'];
@ -4368,7 +4370,7 @@ class SessionManager
$sql .= " WHERE (au.access_url_id = $urlId OR au.access_url_id is null )";
}
$sql .= ' ORDER BY su.relation_type, ';
$sql .= ' AND u.active <> -1 ORDER BY su.relation_type, ';
$sql .= api_sort_by_first_name() ? ' u.firstname, u.lastname' : ' u.lastname, u.firstname';
$result = Database::query($sql);
@ -6164,7 +6166,7 @@ class SessionManager
$sessionConditions = '';
$courseConditions = '';
$userConditions = '';
$userConditions = ' AND u.active <> -1 ';
if (isset($active)) {
$active = (int) $active;
@ -7946,7 +7948,7 @@ class SessionManager
'getFullname'
);
} else {
$sql = "SELECT COUNT(1) FROM $tbl_user WHERE status = 1";
$sql = "SELECT COUNT(1) FROM $tbl_user WHERE active <> -1 AND status = 1";
$rs = Database::query($sql);
$countUsers = (int) Database::result($rs, 0, '0');
@ -7956,7 +7958,7 @@ class SessionManager
$sql = "SELECT id as user_id, lastname, firstname, username
FROM $tbl_user
WHERE status = '1' ".
WHERE active <> -1 AND status = '1' ".
$orderClause;
if (api_is_multiple_url_enabled()) {
@ -7968,6 +7970,7 @@ class SessionManager
INNER JOIN $userRelAccessUrlTable url_user
ON (url_user.user_id = user.id)
WHERE
user.active <> -1 AND
access_url_id = $accessUrlId AND
status = 1 "
.$orderClause;
@ -8317,7 +8320,7 @@ class SessionManager
$tbl_session_field_options = Database::get_main_table(TABLE_EXTRA_FIELD_OPTIONS);
$tblSessionRelUser = Database::get_main_table(TABLE_MAIN_SESSION_USER);
$where = 'WHERE 1 = 1 ';
$where = 'WHERE 1 = 1 AND u.active <> -1 ';
if (api_is_session_admin() &&
'false' == api_get_setting('allow_session_admins_to_see_all_sessions')

23
public/main/inc/lib/statistics.lib.php
Unescape View File

@ -143,6 +143,7 @@ class Statistics
$sql = "SELECT COUNT(DISTINCT(u.id)) AS number
FROM $user_table as u, $access_url_rel_user_table as url
WHERE
u.active <> -1 AND
u.id = url.user_id AND
access_url_id = $urlId
$status_filter $active_filter";
@ -162,7 +163,7 @@ class Statistics
} else {
$sql = "SELECT COUNT(DISTINCT(id)) AS number
FROM $user_table
WHERE 1 = 1 $status_filter $active_filter";
WHERE 1 = 1 AND active <> -1 AND $status_filter $active_filter";
if (isset($categoryCode)) {
$categoryCode = Database::escape_string($categoryCode);
$status_filter = isset($status) ? ' AND status = '.intval($status) : '';
@ -232,14 +233,14 @@ class Statistics
if (api_is_multiple_url_enabled()) {
$sql = "SELECT count(default_id) AS total_number_of_items
FROM $track_e_default, $table_user user, $access_url_rel_user_table url
WHERE
WHERE user.active <> -1 AND
default_user_id = user.id AND
user.id=url.user_id AND
access_url_id = '".$urlId."'";
} else {
$sql = "SELECT count(default_id) AS total_number_of_items
FROM $track_e_default, $table_user user
WHERE default_user_id = user.id ";
WHERE user.active <> -1 AND default_user_id = user.id ";
}
if (!empty($courseId)) {
@ -309,6 +310,7 @@ class Statistics
$table_user as user,
$access_url_rel_user_table as url
WHERE
user.active <> -1 AND
track_default.default_user_id = user.id AND
url.user_id = user.id AND
access_url_id= $urlId ";
@ -323,7 +325,7 @@ class Statistics
user.id as col6,
default_date as col7
FROM $track_e_default track_default, $table_user user
WHERE track_default.default_user_id = user.id ";
WHERE user.active <> -1 AND track_default.default_user_id = user.id ";
}
if (!empty($_GET['keyword'])) {
@ -864,6 +866,9 @@ class Statistics
$count1 = Database::fetch_object($res);
$sql = "SELECT COUNT(*) AS n FROM $user_table as u $table ".
"WHERE LENGTH(picture_uri) > 0 $url_condition2";
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE u.active <> -1' : ' AND u.active <> -1';
$res = Database::query($sql);
$count2 = Database::fetch_object($res);
// #users without picture
@ -1043,14 +1048,14 @@ class Statistics
if (api_is_multiple_url_enabled()) {
$sql = "SELECT lastname, firstname, username, COUNT($field) AS count_message
FROM $access_url_rel_user_table as url, $message_table m
LEFT JOIN $user_table u ON m.$field = u.id
LEFT JOIN $user_table u ON m.$field = u.id AND u.active <> -1
WHERE url.user_id = m.$field AND access_url_id='".$urlId."'
GROUP BY m.$field
ORDER BY count_message DESC ";
} else {
$sql = "SELECT lastname, firstname, username, COUNT($field) AS count_message
FROM $message_table m
LEFT JOIN $user_table u ON m.$field = u.id
LEFT JOIN $user_table u ON m.$field = u.id AND u.active <> -1
GROUP BY m.$field ORDER BY count_message DESC ";
}
$res = Database::query($sql);
@ -1083,7 +1088,7 @@ class Statistics
$sql = "SELECT lastname, firstname, username, COUNT(friend_user_id) AS count_friend
FROM $access_url_rel_user_table as url, $user_friend_table uf
LEFT JOIN $user_table u
ON (uf.user_id = u.id)
ON (uf.user_id = u.id) AND u.active <> -1
WHERE
uf.relation_type <> '".UserRelUser::USER_RELATION_TYPE_RRHH."' AND
uf.user_id = url.user_id AND
@ -1094,7 +1099,7 @@ class Statistics
$sql = "SELECT lastname, firstname, username, COUNT(friend_user_id) AS count_friend
FROM $user_friend_table uf
LEFT JOIN $user_table u
ON (uf.user_id = u.id)
ON (uf.user_id = u.id) AND u.active <> -1
WHERE uf.relation_type <> '".UserRelUser::USER_RELATION_TYPE_RRHH."'
GROUP BY uf.user_id
ORDER BY count_friend DESC ";
@ -1467,7 +1472,7 @@ class Statistics
INNER JOIN $tblLogin l
ON u.id = l.login_user_id
$urlJoin
WHERE l.login_date BETWEEN '$startDate' AND '$endDate'
WHERE u.active <> -1 AND l.login_date BETWEEN '$startDate' AND '$endDate'
$urlWhere
GROUP BY u.id";

4
public/main/inc/lib/sub_language.class.php
Unescape View File

@ -273,12 +273,12 @@ class SubLanguageManager
*
* @return bool
*/
public static function check_if_language_is_used($language_id)
public static function check_if_language_is_used(int $language_id): bool
{
$language_info = self::get_all_information_of_language($language_id);
$table = Database::get_main_table(TABLE_MAIN_USER);
$sql = 'SELECT count(*) AS count FROM '.$table.'
WHERE locale ="'.Database::escape_string($language_info['english_name']).'"';
WHERE locale ="'.Database::escape_string($language_info['english_name']).'" AND active <> -1';
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0 && Database::result($rs, '0', 'count') >= 1) {
return true;

2
public/main/inc/lib/tracking.lib.php
Unescape View File

@ -6490,7 +6490,7 @@ class Tracking
// Now fill users data
$sqlUsers = "SELECT id as user_id, username, lastname, firstname
FROM $tuser
WHERE id IN (".implode(',', $userIds).")";
WHERE active <> -1 AND id IN (".implode(',', $userIds).")";
$resUsers = Database::query($sqlUsers);
while ($rowUser = Database::fetch_assoc($resUsers)) {
$users[$rowUser['user_id']] = $rowUser;

4
public/main/inc/lib/urlmanager.lib.php
Unescape View File

@ -225,11 +225,11 @@ class UrlManager
public static function get_url_rel_user_data($urlId = 0, $order_by = null)
{
$urlId = (int) $urlId;
$where = '';
$where = ' WHERE u.active <> -1 ';
$table_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
if (!empty($urlId)) {
$where = "WHERE $table_url_rel_user.access_url_id = ".$urlId;
$where = " AND $table_url_rel_user.access_url_id = ".$urlId;
}
if (empty($order_by)) {
$order_clause = api_sort_by_first_name(

5
public/main/inc/lib/usergroup.lib.php
Unescape View File

@ -1763,7 +1763,7 @@ class UserGroupModel extends Model
$sql = "SELECT u.* FROM $this->table_user u
INNER JOIN $this->usergroup_rel_user_table c
ON c.user_id = u.id
WHERE c.usergroup_id = $id"
WHERE u.active <> -1 AND c.usergroup_id = $id"
;
if (!empty($orderBy)) {
$orderBy = Database::escape_string($orderBy);
@ -2475,6 +2475,7 @@ class UserGroupModel extends Model
INNER JOIN $table_group_rel_user gu
ON (gu.user_id = u.id)
WHERE
u.active <> -1 AND
gu.usergroup_id= $group_id
$where_relation_condition
ORDER BY relation_type, firstname
@ -2519,7 +2520,7 @@ class UserGroupModel extends Model
FROM $tbl_user u
INNER JOIN $table_group_rel_user gu
ON (gu.user_id = u.id)
WHERE gu.usergroup_id= $group_id
WHERE u.active <> -1 AND gu.usergroup_id= $group_id
ORDER BY relation_type, firstname";
$result = Database::query($sql);

70
public/main/inc/lib/usermanager.lib.php
Unescape View File

@ -631,20 +631,15 @@ class UserManager
}
/**
* Delete a user from the platform, and all its belongings. This is a
* very dangerous function that should only be accessible by
* super-admins. Other roles should only be able to disable a user,
* which removes access to the platform but doesn't delete anything.
* Deletes a user from the system or marks the user as deleted based on the $destroy flag.
* If $destroy is false, the user is only marked as deleted (e.g., active = -1) but not actually removed from the database.
* This allows for the possibility of restoring the user at a later time. If $destroy is true, the user and all their relations
* are permanently removed from the database.
*
* @param int The ID of th user to be deleted
*
* @throws Exception
*
* @return bool true if user is successfully deleted, false otherwise
* @assert (null) === false
* @assert ('abc') === false
* Note: When $destroy is false, the user's relations are not removed, allowing for potential restoration. When $destroy is true,
* the function proceeds to remove all the user's relations, effectively cleaning up all references to the user in the system.
*/
public static function delete_user($user_id)
public static function delete_user(int $user_id, bool $destroy = false): bool
{
$user_id = (int) $user_id;
@ -656,6 +651,17 @@ class UserManager
return false;
}
$repository = Container::getUserRepository();
/** @var User $user */
$user = $repository->find($user_id);
$repository->deleteUser($user, $destroy);
if (!$destroy) {
return true;
}
$usergroup_rel_user = Database::get_main_table(TABLE_USERGROUP_REL_USER);
$table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$table_course = Database::get_main_table(TABLE_MAIN_COURSE);
@ -667,12 +673,6 @@ class UserManager
$table_work = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$userInfo = api_get_user_info($user_id);
$repository = Container::getUserRepository();
/** @var User $user */
$user = $repository->find($user_id);
$repository->deleteUser($user);
// Unsubscribe the user from all groups in all his courses
$sql = "SELECT c.id
@ -752,30 +752,11 @@ class UserManager
$userGroup->delete_user_rel_group($user_id, $group_id);
}
}
// Delete user from friend lists
//SocialManager::remove_user_rel_user($user_id, true);
}
// Removing survey invitation
SurveyManager::delete_all_survey_invitations_by_user($user_id);
// Delete students works
/*$sql = "DELETE FROM $table_work WHERE user_id = $user_id ";
Database::query($sql);*/
/*$sql = "UPDATE c_item_property SET to_user_id = NULL
WHERE to_user_id = '".$user_id."'";
Database::query($sql);
$sql = "UPDATE c_item_property SET insert_user_id = NULL
WHERE insert_user_id = '".$user_id."'";
Database::query($sql);
$sql = "UPDATE c_item_property SET lastedit_user_id = NULL
WHERE lastedit_user_id = '".$user_id."'";
Database::query($sql);*/
// Skills
$em = Database::getManager();
@ -1047,8 +1028,10 @@ class UserManager
$change_active = 0;
$isUserActive = $user->isActive();
if ($isUserActive != $active) {
$change_active = 1;
if ($active != -1) {
if ($isUserActive != $active) {
$change_active = 1;
}
}
$originalUsername = $user->getUsername();
@ -1082,7 +1065,7 @@ class UserManager
->setPhone($phone)
->setAddress($address)
->setExpirationDate($expiration_date)
->setActive((bool) $active)
->setActive($active)
->setHrDeptId((int) $hr_dept_id)
;
@ -3911,6 +3894,7 @@ class UserManager
INNER JOIN $table_user u
ON (u.id=admin.user_id)";
}
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE u.active <> -1' : ' AND u.active <> -1';
$result = Database::query($sql);
$return = [];
if (Database::num_rows($result) > 0) {
@ -5736,7 +5720,7 @@ SQL;
*
* @return string
*/
public static function deleteUserWithVerification($userId)
public static function deleteUserWithVerification($userId, bool $destroy = false)
{
$allowDelete = ('true' === api_get_setting('session.allow_delete_user_for_session_admin'));
$message = Display::return_message(get_lang('You cannot delete this user'), 'error');
@ -5758,7 +5742,7 @@ SQL;
($allowDelete && api_is_session_admin())
) {
if (api_global_admin_can_edit_admin($userId, null, $allowDelete)) {
if (self::delete_user($userId)) {
if (self::delete_user($userId, $destroy)) {
$message = Display::return_message(
get_lang('The user has been deleted').': '.$userToUpdateInfo['complete_name_with_username'],
'confirmation'
@ -6140,7 +6124,7 @@ SQL;
* @assert (-1,0) === false
* @assert (1,1) === true
*/
private static function change_active_state($user_id, $active)
public static function change_active_state($user_id, $active)
{
$user_id = (int) $user_id;
$active = (int) $active;

1
public/main/inc/lib/zombie/zombie_manager.class.php
Unescape View File

@ -86,6 +86,7 @@ class ZombieManager
$sql .= ' AND user.active = 1';
}
$sql .= !str_contains($sql, 'WHERE') ? ' WHERE user.active <> -1' : ' AND user.active <> -1';
$sql .= " ORDER BY `$column` $direction";
if (!is_null($from) && !is_null($count)) {
$count = (int) $count;

23
public/main/user/add_users_to_session.php
Unescape View File

@ -117,7 +117,7 @@ if ('true' === $allowTutors) {
// search users where username or firstname or lastname begins likes $needle
$sql = 'SELECT user.user_id, username, lastname, firstname
FROM '.$tbl_user.' user
WHERE (username LIKE "'.$needle.'%" OR firstname LIKE "'.$needle.'%"
WHERE user.active <> -1 AND (username LIKE "'.$needle.'%" OR firstname LIKE "'.$needle.'%"
OR lastname LIKE "'.$needle.'%") AND user.status<>6 AND user.status<>'.DRH.''.
$order_clause.
' LIMIT 11';
@ -125,7 +125,7 @@ if ('true' === $allowTutors) {
case 'multiple':
$sql = 'SELECT user.user_id, username, lastname, firstname
FROM '.$tbl_user.' user
WHERE '.(api_sort_by_first_name() ? 'firstname' : 'lastname').'
WHERE user.active <> -1 AND '.(api_sort_by_first_name() ? 'firstname' : 'lastname').'
LIKE "'.$needle.'%" AND
user.status<>'.DRH.' AND
user.status<>6 '.$cond_user_id.
@ -136,6 +136,7 @@ if ('true' === $allowTutors) {
FROM '.$tbl_user.' user
LEFT OUTER JOIN '.$tbl_session_rel_user.' s ON (s.user_id = user.user_id)
WHERE
user.active <> -1 AND
s.user_id IS NULL AND
user.status <>'.DRH.' AND
user.status <> 6 '.$cond_user_id.
@ -154,6 +155,7 @@ if ('true' === $allowTutors) {
INNER JOIN '.$tbl_user_rel_access_url.' url_user
ON (url_user.user_id=user.user_id)
WHERE
user.active <> -1 AND
access_url_id = '.$access_url_id.' AND
(username LIKE "'.$needle.'%" OR firstname LIKE "'.$needle.'%" OR lastname LIKE "'.$needle.'%") AND
user.status<>6 AND
@ -166,7 +168,7 @@ if ('true' === $allowTutors) {
FROM '.$tbl_user.' user
INNER JOIN '.$tbl_user_rel_access_url.' url_user
ON (url_user.user_id=user.user_id)
WHERE access_url_id = '.$access_url_id.' AND
WHERE user.active <> -1 AND access_url_id = '.$access_url_id.' AND
'.(api_sort_by_first_name() ? 'firstname' : 'lastname').' LIKE "'.$needle.'%" AND user.status<>'.DRH.' AND user.status<>6 '.$cond_user_id.
$order_clause;
break;
@ -178,6 +180,7 @@ if ('true' === $allowTutors) {
INNER JOIN '.$tbl_user_rel_access_url.' url_user
ON (url_user.user_id=user.user_id)
WHERE
user.active <> -1 AND
access_url_id = '.$access_url_id.' AND
s.user_id IS null AND
user.status<>'.DRH.' AND
@ -296,7 +299,7 @@ if ('true' === $allowTutors) {
$tbl_session_rel_user.user_id = u.id AND
$tbl_session_rel_user.relation_type = ".Session::STUDENT." AND
$tbl_session_rel_user.session_id = ".intval($id_session)."
WHERE u.status <> ".DRH." AND u.status<>6 $order_clause";
WHERE u.active <> -1 AND u.status <> ".DRH." AND u.status<>6 $order_clause";
if (api_is_multiple_url_enabled()) {
$tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
@ -311,7 +314,7 @@ if ('true' === $allowTutors) {
$tbl_session_rel_user.session_id = ".intval($id_session)."
INNER JOIN $tbl_user_rel_access_url url_user
ON (url_user.user_id=u.user_id)
WHERE access_url_id = $access_url_id AND u.status<>".DRH." AND u.status<>6
WHERE u.active <> -1 AND access_url_id = $access_url_id AND u.status<>".DRH." AND u.status<>6
$order_clause";
}
}
@ -382,7 +385,7 @@ if ('true' === $allowTutors) {
ON $tbl_session_rel_user.user_id = u.id AND
$tbl_session_rel_user.session_id = '$id_session' AND
$tbl_session_rel_user.relation_type = ".Session::STUDENT."
$where_filter AND u.status<>".DRH." AND u.status<>6
$where_filter AND u.status<>".DRH." AND u.status<>6 AND u.active <> -1
$order_clause";
} else {
$sql = "SELECT u.id as user_id, lastname, firstname, username, session_id
@ -391,7 +394,7 @@ if ('true' === $allowTutors) {
ON $tbl_session_rel_user.user_id = u.id AND
$tbl_session_rel_user.session_id = '$id_session' AND
$tbl_session_rel_user.relation_type = ".Session::STUDENT."
WHERE u.status <> ".DRH." AND u.status<>6
WHERE u.status <> ".DRH." AND u.status<>6 AND u.active <> -1
$order_clause";
}
@ -407,7 +410,7 @@ if ('true' === $allowTutors) {
$tbl_session_rel_user.session_id = '$id_session' AND
$tbl_session_rel_user.relation_type = ".Session::STUDENT."
INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=u.user_id)
WHERE access_url_id = $access_url_id $where_filter AND u.status<>".DRH." AND u.status<>6
WHERE access_url_id = $access_url_id $where_filter AND u.status<>".DRH." AND u.status<>6 AND u.active <> -1
$order_clause";
}
}
@ -435,7 +438,7 @@ if ('true' === $allowTutors) {
$tbl_session_rel_user.user_id = u.id AND
$tbl_session_rel_user.session_id = '$id_session' AND
$tbl_session_rel_user.relation_type = ".Session::STUDENT."
WHERE u.status <> ".DRH." AND u.status<>6 $order_clause";
WHERE u.active <> -1 AND u.status <> ".DRH." AND u.status<>6 $order_clause";
if (api_is_multiple_url_enabled()) {
$tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
@ -449,7 +452,7 @@ if ('true' === $allowTutors) {
$tbl_session_rel_user.session_id = '$id_session' AND
$tbl_session_rel_user.relation_type = ".Session::STUDENT."
INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=u.user_id)
WHERE access_url_id = $access_url_id AND u.status<>".DRH." AND u.status<>6
WHERE u.active <> -1 AND access_url_id = $access_url_id AND u.status<>".DRH." AND u.status<>6
$order_clause";
}
}

4
public/main/user/resume_session.php
Unescape View File

@ -230,14 +230,14 @@ if ('true' === $allowTutors) {
INNER JOIN $tbl_session_rel_user su
ON u.id = su.user_id AND su.relation_type = ".Session::STUDENT."
LEFT OUTER JOIN $table_access_url_user uu ON (uu.user_id = u.id)
WHERE su.session_id = $id_session AND (access_url_id = $url_id OR access_url_id is null )
WHERE u.active <> -1 AND su.session_id = $id_session AND (access_url_id = $url_id OR access_url_id is null )
$order_clause";
} else {
$sql = "SELECT u.id as user_id, lastname, firstname, username
FROM $tbl_user u
INNER JOIN $tbl_session_rel_user su
ON u.id = su.user_id AND su.relation_type = ".Session::STUDENT."
AND su.session_id = ".$id_session.$order_clause;
AND su.session_id = ".$id_session." WHERE u.active <> -1 ".$order_clause;
}
$result = Database::query($sql);

10
public/main/user/subscribe_user.php
Unescape View File

@ -253,6 +253,7 @@ function get_number_of_users()
c_id = $courseId AND
session_id = $sessionId
WHERE
u.active <> -1 AND
cu.user_id IS NULL
$teacherRoleFilter AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
@ -270,6 +271,7 @@ function get_number_of_users()
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.id)
WHERE
u.active <> -1 AND
cu.user_id IS NULL AND
access_url_id = $url_access_id
$teacherRoleFilter AND
@ -283,6 +285,7 @@ function get_number_of_users()
LEFT JOIN $course_user_table cu
ON u.id = cu.user_id and c_id = $courseId
WHERE
u.active <> -1 AND
cu.user_id IS NULL
$teacherRoleFilter ";
@ -298,6 +301,7 @@ function get_number_of_users()
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.id)
WHERE
u.active <> -1 AND
cu.user_id IS NULL
$teacherRoleFilter AND
access_url_id = $url_access_id ";
@ -315,6 +319,7 @@ function get_number_of_users()
c_id = $courseId AND
session_id = $sessionId
WHERE
u.active <> -1 AND
cu.user_id IS NULL
$studentRoleFilter AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
@ -333,6 +338,7 @@ function get_number_of_users()
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.id)
WHERE
u.active <> -1 AND
cu.user_id IS NULL
$studentRoleFilter AND
access_url_id = $url_access_id AND
@ -416,7 +422,7 @@ function get_number_of_users()
$users_of_course[] = $course_user['user_id'];
}
}
$sql .= " AND u.status <> ".ANONYMOUS." ";
$sql .= " AND u.status <> ".ANONYMOUS." AND u.active <> -1 ";
$res = Database::query($sql);
$count_user = 0;
@ -704,7 +710,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
}
}
$sql .= " AND u.status != ".ANONYMOUS." ";
$sql .= " AND u.status != ".ANONYMOUS." AND u.active <> -1 ";
$column = (int) $column;
$direction = !in_array(strtolower(trim($direction)), ['asc', 'desc']) ? 'asc' : $direction;
// Sorting and pagination (used by the sortable table)

3
public/main/user/user.php
Unescape View File

@ -233,7 +233,7 @@ if (isset($_GET['action'])) {
$sql .= ' , '.Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER).' au ';
}
$sql .= "
WHERE c_id = $courseId
WHERE user.active <> -1 AND c_id = $courseId
AND session_course_user.user_id = user.id
AND session_id = $sessionId
";
@ -321,6 +321,7 @@ if (isset($_GET['action'])) {
$sql .= ' , '.Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER).' au ';
}
$sql .= " WHERE
user.active <> -1 AND
c_id = '$courseId' AND
course_user.relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND
course_user.user_id = user.id ";

7
public/main/user/user_export.php
Unescape View File

@ -77,6 +77,7 @@ if (strlen($course_code) > 0) {
ON (u.id = cu.user_id)
$extraUrlJoin
WHERE
u.active <> -1 AND
cu.c_id = $courseId AND
cu.relation_type<>".COURSE_RELATION_TYPE_RRHH."
$extraUrlCondition
@ -88,6 +89,7 @@ if (strlen($course_code) > 0) {
ON (u.id = scu.user_id)
$extraUrlJoin
WHERE
u.active <> -1 AND
scu.c_id = $courseSessionId AND
scu.session_id = $sessionId
$extraUrlCondition
@ -99,6 +101,7 @@ if (strlen($course_code) > 0) {
ON (u.id = su.user_id)
$extraUrlJoin
WHERE
u.active <> -1 AND
su.session_id = $sessionId
$extraUrlCondition
ORDER BY lastname,firstname";
@ -111,11 +114,11 @@ if (strlen($course_code) > 0) {
$sql .= " FROM $userTable u
INNER JOIN $tbl_user_rel_access_url as user_rel_url
ON (u.id = user_rel_url.user_id)
WHERE access_url_id = $access_url_id
WHERE u.active <> -1 AND access_url_id = $access_url_id
ORDER BY lastname,firstname";
}
} else {
$sql .= " FROM $userTable u ORDER BY lastname,firstname";
$sql .= " FROM $userTable u WHERE u.active <> -1 ORDER BY lastname,firstname";
}
$filename = 'export_users_'.api_get_local_time();
}

17
src/CoreBundle/Controller/SecurityController.php
Unescape View File

@ -21,6 +21,7 @@ use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Serializer\SerializerInterface;
use Symfony\Contracts\Translation\TranslatorInterface;
class SecurityController extends AbstractController
{
@ -34,7 +35,7 @@ class SecurityController extends AbstractController
) {}
#[Route('/login_json', name: 'login_json', methods: ['POST'])]
public function loginJson(Request $request, EntityManager $entityManager, SettingsManager $settingsManager, TokenStorageInterface $tokenStorage): Response
public function loginJson(Request $request, EntityManager $entityManager, SettingsManager $settingsManager, TokenStorageInterface $tokenStorage, TranslatorInterface $translator): Response
{
if (!$this->isGranted('IS_AUTHENTICATED_FULLY')) {
return $this->json(
@ -47,6 +48,20 @@ class SecurityController extends AbstractController
/** @var User $user */
$user = $this->getUser();
if ($user->getActive() !== 1) {
if ($user->getActive() === 0) {
$message = $translator->trans('Account not activated.');
} else {
$message = $translator->trans('Invalid credentials. Please try again or contact support if you continue to experience issues.');
}
$tokenStorage->setToken(null);
$request->getSession()->invalidate();
return $this->json(['error' => $message], 401);
}
$extraFieldValuesRepository = $this->entityManager->getRepository(ExtraFieldValues::class);
$legalTermsRepo = $this->entityManager->getRepository(Legal::class);
if ($user->hasRole('ROLE_STUDENT')

16
src/CoreBundle/Entity/User.php
Unescape View File

@ -635,8 +635,8 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
#[ORM\Column(name: 'expiration_date', type: 'datetime', unique: false, nullable: true)]
protected ?DateTime $expirationDate = null;
#[ORM\Column(name: 'active', type: 'boolean')]
protected bool $active;
#[ORM\Column(name: 'active', type: 'integer')]
protected int $active;
#[ORM\Column(name: 'openid', type: 'string', length: 255, unique: false, nullable: true)]
protected ?string $openid = null;
@ -728,7 +728,7 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
$this->authSource = 'platform';
$this->status = CourseRelUser::STUDENT;
$this->salt = sha1(uniqid('', true));
$this->active = true;
$this->active = 1;
$this->locked = false;
$this->expired = false;
$this->courses = new ArrayCollection();
@ -936,11 +936,7 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
*/
public function getIsActive(): bool
{
if ($this->active == 1) {
return true;
} else {
return false;
}
return $this->active === 1;
}
public function isEnabled(): bool
@ -1137,7 +1133,7 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
return $this;
}
public function getActive(): bool
public function getActive(): int
{
return $this->active;
}
@ -1147,7 +1143,7 @@ class User implements UserInterface, EquatableInterface, ResourceInterface, Reso
return $this->getIsActive();
}
public function setActive(bool $active): self
public function setActive(int $active): self
{
$this->active = $active;

34
src/CoreBundle/Migrations/Schema/V200/Version20240306204200.php
Unescape View File

@ -0,0 +1,34 @@
<?php
declare(strict_types=1);
/* For licensing terms, see /license.txt */
namespace Chamilo\CoreBundle\Migrations\Schema\V200;
use Chamilo\CoreBundle\Migrations\AbstractMigrationChamilo;
use Doctrine\DBAL\Schema\Schema;
class Version20240306204200 extends AbstractMigrationChamilo
{
public function getDescription(): string
{
return 'Modify user.active field from TINYINT to INT';
}
public function up(Schema $schema): void
{
$table = $schema->getTable('user');
if ($table->hasColumn('active')) {
$this->addSql('ALTER TABLE user CHANGE active active INT NOT NULL');
}
}
public function down(Schema $schema): void
{
$table = $schema->getTable('user');
if ($table->hasColumn('active')) {
$this->addSql('ALTER TABLE user CHANGE active active TINYINT(1) NOT NULL');
}
}
}

33
src/CoreBundle/Repository/Node/UserRepository.php
Unescape View File

@ -136,28 +136,33 @@ class UserRepository extends ResourceRepository implements PasswordUpgraderInter
return $rootUser;
}
public function deleteUser(User $user): void
public function deleteUser(User $user, bool $destroy = false): void
{
$em = $this->getEntityManager();
$type = $user->getResourceNode()->getResourceType();
$rootUser = $this->getRootUser();
// User children will be set to the root user.
$criteria = Criteria::create()->where(Criteria::expr()->eq('resourceType', $type));
$userNodeCreatedList = $user->getResourceNodes()->matching($criteria);
if ($destroy) {
$type = $user->getResourceNode()->getResourceType();
$rootUser = $this->getRootUser();
/** @var ResourceNode $userCreated */
foreach ($userNodeCreatedList as $userCreated) {
$userCreated->setCreator($rootUser);
}
$criteria = Criteria::create()->where(Criteria::expr()->eq('resourceType', $type));
$userNodeCreatedList = $user->getResourceNodes()->matching($criteria);
foreach ($userNodeCreatedList as $userCreated) {
$userCreated->setCreator($rootUser);
}
$em->remove($user->getResourceNode());
$em->remove($user->getResourceNode());
foreach ($user->getGroups() as $group) {
$user->removeGroup($group);
foreach ($user->getGroups() as $group) {
$user->removeGroup($group);
}
$em->remove($user);
} else {
$user->setActive(-1);
$em->persist($user);
}
$em->remove($user);
$em->flush();
}

Write Preview
Loading…
Cancel
Save