From d28f5445a07ea3f4fb8174f3ab2371735c4398c3 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 23 Jul 2012 13:07:02 +0200 Subject: [PATCH] Fixes bug while importing sessions via a XML file see #4069 --- main/admin/example_session.xml | 4 +- main/admin/session_import.php | 215 ++++++++++------------------ main/admin/session_list.php | 9 ++ main/admin/user_information.php | 3 +- main/inc/lib/add_course.lib.inc.php | 3 + main/inc/lib/usermanager.lib.php | 19 ++- 6 files changed, 107 insertions(+), 146 deletions(-) diff --git a/main/admin/example_session.xml b/main/admin/example_session.xml index 3b8af63523..48bd96d0ec 100644 --- a/main/admin/example_session.xml +++ b/main/admin/example_session.xml @@ -24,8 +24,8 @@ The Universe Coach - 2008/08/89 - 2012/12/12 + 2008/08/01 + 2020/12/12 jmontoya jmontoya2 diff --git a/main/admin/session_import.php b/main/admin/session_import.php index 9d440d0e59..abe3bad4ac 100644 --- a/main/admin/session_import.php +++ b/main/admin/session_import.php @@ -18,6 +18,10 @@ require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php'; $form_sent = 0; $error_message = ''; // Avoid conflict with the global variable $error_msg (array type) in add_course.conf.php. +if (isset($_GET['action']) && $_GET['action'] == 'show_message') { + $error_message = Security::remove_XSS($_GET['message']); +} + $tbl_user = Database::get_main_table(TABLE_MAIN_USER); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); @@ -72,63 +76,45 @@ if ($_POST['formSent']) { if (count($root->Users->User) > 0) { // Creating/updating users from base node. - foreach ($root->Users->User as $node_user) { + foreach ($root->Users->User as $node_user) { $username = $username_old = trim(api_utf8_decode($node_user->Username)); - $username = UserManager::purify_username($username, $purification_option_for_usernames); - if (UserManager::is_username_available($username)) { - if (UserManager::is_username_too_long($username_old)) { - $error_message .= get_lang('UsernameTooLongWasCut').' '.get_lang('From').' '.$username_old.' '.get_lang('To').' '.$username.'
'; - } - $lastname = trim(api_utf8_decode($node_user->Lastname)); - $firstname = trim(api_utf8_decode($node_user->Firstname)); + if (UserManager::is_username_available($username)) { $password = api_utf8_decode($node_user->Password); if (empty($password)) { $password = api_generate_password(); } - $email = trim(api_utf8_decode($node_user->Email)); - $official_code = trim(api_utf8_decode($node_user->OfficialCode)); - $phone = trim(api_utf8_decode($node_user->Phone)); - $status = trim(api_utf8_decode($node_user->Status)); - switch ($status) { - case 'student' : $status = 5; break; - case 'teacher' : $status = 1; break; - default : $status = 5; $error_message .= get_lang('StudentStatusWasGivenTo').' : '.$username.'
'; - } - // Adding the current user to the platform. - $sql = "INSERT INTO $tbl_user SET - username = '".Database::escape_string($username)."', - lastname = '".Database::escape_string($lastname)."', - firstname = '".Database::escape_string($firstname)."', - password = '".(api_get_encrypted_password($password))."', - email = '".Database::escape_string($email)."', - official_code = '".Database::escape_string($official_code)."', - phone = '".Database::escape_string($phone)."', - status = '".Database::escape_string($status)."'"; - - // When it is applicable, adding the access_url rel user relationship too. - Database::query($sql); - $return = Database::insert_id(); - - if ($_configuration['multiple_access_urls']) { - if (api_get_current_access_url_id() != -1) { - UrlManager::add_user_to_url($return, api_get_current_access_url_id()); - } else { - UrlManager::add_user_to_url($return, 1); - } - } else { - // We add by default in the access_url_user table with access_url_id = 1. - UrlManager::add_user_to_url($return, 1); - } - // Sending email to the current user. - if ($send_mail) { - $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS); - $emailsubject = '['.api_get_setting('siteName').'] '.get_lang('YourReg').' '.api_get_setting('siteName'); - $emailbody = "[NOTE:] ".get_lang('ThisIsAutomaticEmailNoReply').".\n\n".get_lang('langDear').' '.api_get_person_name($firstname, $lastname).",\n\n".get_lang('langYouAreReg').' '.api_get_setting('siteName') .' '.get_lang('langSettings')." $username\n". get_lang('langPass')." : $password\n\n".get_lang('langAddress') .' '. get_lang('langIs') .' '. $serverAddress ."\n\n".get_lang('YouWillSoonReceiveMailFromCoach')."\n\n". get_lang('langProblem'). "\n\n". get_lang('langFormula'); - $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS); - $email_admin = api_get_setting('emailAdministrator'); - @api_mail($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin); + switch ($node_user->Status) { + case 'student' : + $status = 5; + break; + case 'teacher' : + $status = 1; + break; + default : + $status = 5; + $error_message .= get_lang('StudentStatusWasGivenTo').' : '.$username.'
'; } + + $result = UserManager::create_user( + api_utf8_decode($node_user->Firstname), + api_utf8_decode($node_user->Lastname), + $status, + api_utf8_decode($node_user->Email), + $username, + $password, + api_utf8_decode($node_user->OfficialCode), + null, + api_utf8_decode($node_user->Phone), + null, + PLATFORM_AUTH_SOURCE, + null, + 1, + 0, + null, + null, + $send_mail + ); } else { $lastname = trim(api_utf8_decode($node_user->Lastname)); $firstname = trim(api_utf8_decode($node_user->Firstname)); @@ -159,34 +145,36 @@ if ($_POST['formSent']) { } // Creating courses from base node. - /* + if (count($root->Courses->Course) > 0) { foreach ($root->Courses->Course as $courseNode) { - $course_code = trim(api_utf8_decode($courseNode->CourseCode)); - $title = trim(api_utf8_decode($courseNode->CourseTitle)); - $description = trim(api_utf8_decode($courseNode->CourseDescription)); - $language = api_get_valid_language(api_utf8_decode($courseNode->CourseLanguage)); - $username = trim(api_utf8_decode($courseNode->CourseTeacher)); - + + $params = array(); + if (empty($courseNode->CourseTitle)) { + $params['title'] = api_utf8_decode($courseNode->CourseCode); + } else { + $params['title'] = api_utf8_decode($courseNode->CourseTitle); + } + $params['wanted_code'] = api_utf8_decode($courseNode->CourseCode); + $params['tutor_name'] = null; + $params['course_category'] = null; + $params['course_language'] = api_get_valid_language(api_utf8_decode($courseNode->CourseLanguage)); + $params['user_id'] = api_get_user_id(); + // Looking up for the teacher. + $username = trim(api_utf8_decode($courseNode->CourseTeacher)); $sql = "SELECT user_id, lastname, firstname FROM $tbl_user WHERE username='$username'"; $rs = Database::query($sql); list($user_id, $lastname, $firstname) = Database::fetch_array($rs); - - if (empty($title)) { - $title = $course_code; - } - - $course_info = CourseManager::create_course($title, $course_code, lang2db($description), false, - api_get_person_name($firstname, $lastname, null, null, $language), '', $language, $user_id); + + $params['teachers'] = $user_id; + CourseManager::create_course($params); } - }*/ + } // Creating sessions from base node. if (count($root->Session) > 0) { - foreach ($root->Session as $node_session) { - $course_counter = 0; $user_counter = 0; @@ -208,7 +196,7 @@ if ($_POST['formSent']) { $date_start = trim(api_utf8_decode($node_session->DateStart)); // Just in case - encoding conversion. if (!empty($date_start)) { - list($year_start, $month_start, $day_start) = explode('-', $date_start); + list($year_start, $month_start, $day_start) = explode('/', $date_start); if(empty($year_start) || empty($month_start) || empty($day_start)) { $error_message .= get_lang('WrongDate').' : '.$date_start.'
'; break; @@ -218,9 +206,9 @@ if ($_POST['formSent']) { $date_end = trim(api_utf8_decode($node_session->DateEnd)); if (!empty($date_start)) { - list($year_end, $month_end, $day_end) = explode('-', $date_end); + list($year_end, $month_end, $day_end) = explode('/', $date_end); if (empty($year_end) || empty($month_end) || empty($day_end)) { - $error_message .= get_lang('WrongDate').' : '.$date_end.'
'; + $error_message .= get_lang('Error').' : '.$date_end.'
'; break; } else { $time_end = mktime(0, 0, 0, $month_end, $day_end, $year_end); @@ -300,10 +288,8 @@ if ($_POST['formSent']) { } // Associate the session with access_url. - global $_configuration; - require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php'; - if ($_configuration['multiple_access_urls']) { - $tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); + global $_configuration; + if ($_configuration['multiple_access_urls']) { $access_url_id = api_get_current_access_url_id(); UrlManager::add_session_to_url($session_id, $access_url_id); } else { @@ -774,9 +760,6 @@ if ($_POST['formSent']) { // Display the header. Display::display_header($tool_name); -// display the tool title -// api_display_tool_title($tool_name); - if (count($inserted_in_course) > 1) { $msg = get_lang('SeveralCoursesSubscribedToSessionBecauseOfSameVisualCode').': '; foreach ($inserted_in_course as $code => $title) { @@ -786,72 +769,29 @@ if (count($inserted_in_course) > 1) { Display::display_warning_message($msg); } -/* - - update session by default is true - - : - - - - - - - */ -?> - -
- -'; echo ''.Display::return_icon('back.png', get_lang('BackTo').' '.get_lang('PlatformAdmin'),'',ICON_SIZE_MEDIUM).''; echo ''; -?> - - - - - - - - - - - - - - - - - - - - - - - - - - -
- -
:
: - ()
- > ()
-
: - -
  - -
-
+$form = new FormValidator('import_sessions', 'post', api_get_self(), null, array('enctype' => 'multipart/form-data')); +$form->addElement('hidden', 'formSent', 1); +$form->addElement('file', 'import_file', get_lang('ImportFileLocation')); + +$form->addElement('radio', 'file_type', array(get_lang('FileType'), ''.get_lang('ExampleXMLFile').''), 'CSV', 'csv'); +$form->addElement('radio', 'file_type', array(null, ''.get_lang('ExampleCSVFile').''), 'XML', 'xml'); + +$form->addElement('checkbox', 'sendMail', null, get_lang('SendMailToUsers')); +$form->addElement('button', 'submit', get_lang('ImportSession')); + +$defaults = array('sendMail' => 'true','file_type' => 'csv'); +$form->setDefaults($defaults); +$form->display(); + +?>

:

@@ -884,7 +824,7 @@ if (!empty($error_message)) { <Courses> <Course> <CourseCode>xxx</CourseCode> - <CourseTeacher>xxx</CourseTeacher> + <CourseTeacher>teacher_username</CourseTeacher> <CourseLanguage>xxx</CourseLanguage> <CourseTitle>xxx</CourseTitle> <CourseDescription>xxx</CourseDescription> @@ -926,5 +866,4 @@ if (!empty($error_message)) { "index.php","name" => get_lang('PlatformAdmin' $tool_name = get_lang('SessionList'); Display::display_header($tool_name); +$error_message = ''; // Avoid conflict with the global variable $error_msg (array type) in add_course.conf.php. +if (isset($_GET['action']) && $_GET['action'] == 'show_message') { + $error_message = Security::remove_XSS($_GET['message']); +} + +if (!empty($error_message)) { + Display::display_normal_message($error_message, false); +} + //jqgrid will use this URL to do the selects $url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_sessions'; if (isset($_REQUEST['keyword'])) { diff --git a/main/admin/user_information.php b/main/admin/user_information.php index 7d3fb7e7a7..dd86d00f67 100644 --- a/main/admin/user_information.php +++ b/main/admin/user_information.php @@ -210,8 +210,7 @@ if (Database::num_rows($res) > 0) { * Show the URL in which this user is subscribed */ global $_configuration; -if ($_configuration['multiple_access_urls']) { - require_once(api_get_path(LIBRARY_PATH).'urlmanager.lib.php'); +if ($_configuration['multiple_access_urls']) { $url_list= UrlManager::get_access_url_from_user($user['user_id']); if (count($url_list) > 0) { $header = array(); diff --git a/main/inc/lib/add_course.lib.inc.php b/main/inc/lib/add_course.lib.inc.php index 0db06bbf73..4ae089e5e8 100644 --- a/main/inc/lib/add_course.lib.inc.php +++ b/main/inc/lib/add_course.lib.inc.php @@ -2699,6 +2699,9 @@ function register_course($params) { Database::query($sql); } if (!empty($teachers)) { + if (!is_array($teachers)) { + $teachers = array($teachers); + } foreach ($teachers as $key) { //just in case if ($key == $user_id) { diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php index d7031f0b00..bb93dfd193 100644 --- a/main/inc/lib/usermanager.lib.php +++ b/main/inc/lib/usermanager.lib.php @@ -68,16 +68,18 @@ class UserManager { if (api_get_multiple_access_url()) { $access_url_id = api_get_current_access_url_id(); } + if (is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_users']) && $_configuration[$access_url_id]['hosting_limit_users'] > 0) { $num = self::get_number_of_users(); if ($num >= $_configuration[$access_url_id]['hosting_limit_users']) { - return api_set_failure('portal users limit reached'); + return api_set_failure('portal users limit reached'); } } + if ($status === 1 && is_array($_configuration[$access_url_id]) && isset($_configuration[$access_url_id]['hosting_limit_teachers']) && $_configuration[$access_url_id]['hosting_limit_teachers'] > 0) { $num = self::get_number_of_users(1); if ($num >= $_configuration[$access_url_id]['hosting_limit_teachers']) { - return api_set_failure('portal teachers limit reached'); + return api_set_failure('portal teachers limit reached'); } } @@ -100,13 +102,16 @@ class UserManager { } else { $creator_id = ''; } + // First check wether the login already exists if (!self::is_username_available($loginName)) { return api_set_failure('login-pass already taken'); } + //$password = "PLACEHOLDER"; - if ($encrypt_method == '') { - $password = api_get_encrypted_password($password); + + if (empty($encrypt_method)) { + $password = api_get_encrypted_password($password); } else { if ($_configuration['password_encryption'] === $encrypt_method ) { if ($encrypt_method == 'md5' && !preg_match('/^[A-Fa-f0-9]{32}$/', $password)) { @@ -118,6 +123,8 @@ class UserManager { return api_set_failure('encrypt_method invalid'); } } + + //@todo replace this date with the api_get_utc_date function big problem with users that are already registered $current_date = date('Y-m-d H:i:s', time()); $sql = "INSERT INTO $table_user @@ -138,6 +145,7 @@ class UserManager { hr_dept_id = '".Database::escape_string($hr_dept_id)."', active = '".Database::escape_string($active)."'"; $result = Database::query($sql); + if ($result) { //echo "id returned"; $return = Database::insert_id(); @@ -188,6 +196,8 @@ class UserManager { } else { //echo "false - failed" ; $return = false; + echo $sql; + return api_set_failure('error inserting in Database'); } if (is_array($extra) && count($extra) > 0) { @@ -197,6 +207,7 @@ class UserManager { } } self::update_extra_field_value($return, 'already_logged_in', 'false'); + return $return; }