$navigator, 'version' => $version); } /** * @return True if user selfregistration is allowed, false otherwise. */ function api_is_self_registration_allowed() { if(isset($GLOBALS['allowSelfReg'])) { return $GLOBALS["allowSelfReg"]; } else { return false; } } /** * Returns a full path to a certain Dokeos area, which you specify * through a parameter. * * See $_configuration['course_folder'] in the configuration.php * to alter the WEB_COURSE_PATH and SYS_COURSE_PATH parameters. * * @param one of the following constants: * WEB_PATH, SYS_PATH, REL_PATH, WEB_COURSE_PATH, SYS_COURSE_PATH, * REL_COURSE_PATH, REL_CODE_PATH, WEB_CODE_PATH, SYS_CODE_PATH, * SYS_LANG_PATH, WEB_IMG_PATH, GARBAGE_PATH, PLUGIN_PATH, SYS_ARCHIVE_PATH, * INCLUDE_PATH, LIBRARY_PATH, CONFIGURATION_PATH * * @example assume that your server root is /var/www/ dokeos is installed in a subfolder dokeos/ and the URL of your campus is http://www.mydokeos.com * The other configuration paramaters have not been changed. * The different api_get_paths will give * WEB_PATH http://www.mydokeos.com * SYS_PATH /var/www/ * REL_PATH dokeos/ * WEB_COURSE_PATH http://www.mydokeos.com/courses/ * SYS_COURSE_PATH /var/www/dokeos/courses/ * REL_COURSE_PATH * REL_CODE_PATH * WEB_CODE_PATH * SYS_CODE_PATH * SYS_LANG_PATH * WEB_IMG_PATH * GARBAGE_PATH * PLUGIN_PATH * SYS_ARCHIVE_PATH * INCLUDE_PATH * LIBRARY_PATH * CONFIGURATION_PATH */ function api_get_path($path_type) { global $_configuration; if (!isset($_configuration['access_url']) || $_configuration['access_url']==1 || $_configuration['access_url']=='') { //by default we call the $_configuration['root_web'] we don't query to the DB //$url_info= api_get_access_url(1); //$root_web = $url_info['url']; $root_web = $_configuration['root_web']; } else { //we look into the DB the function api_get_access_url //this funcion have a problem because we can't called to the Database:: functions $url_info= api_get_access_url($_configuration['access_url']); if ($url_info['active']==1) { $root_web = $url_info['url']; } else { $root_web = $_configuration['root_web']; } } switch ($path_type) { case WEB_PATH : // example: http://www.mydokeos.com/ or http://www.mydokeos.com/portal/ if you're using // a subdirectory of your document root for Dokeos if (substr($root_web,-1) == '/') { return $root_web; } else { return $root_web.'/'; } break; case SYS_PATH : // example: /var/www/ if (substr($_configuration['root_sys'],-1) == '/') { return $_configuration['root_sys']; } else { return $_configuration['root_sys'].'/'; } break; case REL_PATH : // example: dokeos/ if (substr($_configuration['url_append'], -1) === '/') { return $_configuration['url_append']; } else { return $_configuration['url_append'].'/'; } break; case WEB_COURSE_PATH : // example: http://www.mydokeos.com/courses/ return $root_web.$_configuration['course_folder']; break; case SYS_COURSE_PATH : // example: /var/www/dokeos/courses/ return $_configuration['root_sys'].$_configuration['course_folder']; break; case REL_COURSE_PATH : // example: courses/ or dokeos/courses/ return api_get_path(REL_PATH).$_configuration['course_folder']; break; case REL_CODE_PATH : // example: main/ or dokeos/main/ return api_get_path(REL_PATH).$_configuration['code_append']; break; case WEB_CODE_PATH : // example: http://www.mydokeos.com/main/ //return $GLOBALS['clarolineRepositoryWeb']; // this was changed return $root_web.$_configuration['code_append']; break; case SYS_CODE_PATH : // example: /var/www/dokeos/main/ return $GLOBALS['clarolineRepositorySys']; break; case SYS_LANG_PATH : // example: /var/www/dokeos/main/lang/ return api_get_path(SYS_CODE_PATH).'lang/'; break; case WEB_IMG_PATH : // example: http://www.mydokeos.com/main/img/ return api_get_path(WEB_CODE_PATH).'img/'; break; case GARBAGE_PATH : // example: /var/www/dokeos/main/garbage/ return $GLOBALS['garbageRepositorySys']; break; case SYS_PLUGIN_PATH : // example: /var/www/dokeos/plugin/ return api_get_path(SYS_PATH).'plugin/'; break; case WEB_PLUGIN_PATH : // example: http://www.mydokeos.com/plugin/ return api_get_path(WEB_PATH).'plugin/'; break; case SYS_ARCHIVE_PATH : // example: /var/www/dokeos/archive/ return api_get_path(SYS_PATH).'archive/'; break; case INCLUDE_PATH : // Generated by main/inc/global.inc.php // example: /var/www/dokeos/main/inc/ return str_replace('\\', '/', $GLOBALS['includePath']).'/'; break; case LIBRARY_PATH : // example: /var/www/dokeos/main/inc/lib/ return api_get_path(INCLUDE_PATH).'lib/'; break; case WEB_LIBRARY_PATH : // example: http://www.mydokeos.com/main/inc/lib/ return api_get_path(WEB_CODE_PATH).'inc/lib/'; break; case CONFIGURATION_PATH : // example: /var/www/dokeos/main/inc/conf/ return api_get_path(INCLUDE_PATH).'conf/'; break; default : return; break; } } /** * This function returns the id of the user which is stored in the $_user array. * * @example The function can be used to check if a user is logged in * if (api_get_user_id()) * @return integer the id of the current user */ function api_get_user_id() { if (empty($GLOBALS['_user']['user_id'])) { return 0; } return $GLOBALS['_user']['user_id']; } /** * @param $user_id (integer): the id of the user * @return $user_info (array): user_id, lastname, firstname, username, email, ... * @author Patrick Cool * @version 21 September 2004 * @desc find all the information about a user. If no paramater is passed you find all the information about the current user. */ function api_get_user_info($user_id = '') { global $tbl_user; if ($user_id == '') { return $GLOBALS["_user"]; } else { $sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_USER)." WHERE user_id='".mysql_real_escape_string($user_id)."'"; $result = api_sql_query($sql, __FILE__, __LINE__); if(mysql_num_rows($result) > 0) { $result_array = mysql_fetch_array($result); // this is done so that it returns the same array-index-names // ideally the names of the fields of the user table are renamed so that they match $_user (or vice versa) // $_user should also contain every field of the user table (except password maybe). This would make the // following lines obsolete (and the code cleaner and slimmer !!! $user_info['firstName'] = $result_array['firstname']; $user_info['lastName'] = $result_array['lastname']; $user_info['mail'] = $result_array['email']; $user_info['picture_uri'] = $result_array['picture_uri']; $user_info['user_id'] = $result_array['user_id']; $user_info['official_code'] = $result_array['official_code']; $user_info['status'] = $result_array['status']; $user_info['auth_source'] = $result_array['auth_source']; $user_info['username'] = $result_array['username']; $user_info['theme'] = $result_array['theme']; return $user_info; } return false; } } /** * Returns the current course id (integer) */ function api_get_course_id() { return $GLOBALS["_cid"]; } /** * Returns the current course directory * * This function relies on api_get_course_info() * @param string The course code - optional (takes it from session if not given) * @return string The directory where the course is located inside the Dokeos "courses" directory * @author Yannick Warnier */ function api_get_course_path($course_code=null) { if(!empty($course_code)) { $info = api_get_course_info($course_code); } else { $info = api_get_course_info(); } return $info['path']; } /** * Gets a course setting from the current course_setting table. Try always using integer values. * @param string The name of the setting we want from the table * @return mixed The value of that setting in that table. Return -1 if not found. */ function api_get_course_setting($setting_name) { $table = Database::get_course_table(TABLE_COURSE_SETTING); $setting_name = mysql_real_escape_string($setting_name); $sql = "SELECT * FROM $table WHERE variable = '$setting_name'"; $res = api_sql_query($sql,__FILE__,__LINE__); if (Database::num_rows($res)>0) { $row = Database::fetch_array($res); return $row['value']; } return -1; } /** * Gets an anonymous user ID * * For some tools that need tracking, like the learnpath tool, it is necessary * to have a usable user-id to enable some kind of tracking, even if not * perfect. An anonymous ID is taken from the users table by looking for a * status of "6" (anonymous). * @return int User ID of the anonymous user, or O if no anonymous user found */ function api_get_anonymous_id() { $table = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT user_id FROM $table WHERE status = 6"; $res = api_sql_query($sql,__FILE__,__LINE__); if (Database::num_rows($res)>0) { $row = Database::fetch_array($res); //error_log('api_get_anonymous_id() returns '.$row['user_id'],0); return $row['user_id']; } else {//no anonymous user was found return 0; } } /** * Returns the cidreq parameter name + current course id */ function api_get_cidreq() { if (!empty ($GLOBALS["_cid"])) { return 'cidReq='.htmlspecialchars($GLOBALS["_cid"]); } return ''; } /** * Returns the current course info array. * Note: this array is only defined if the user is inside a course. * Array elements: * ['name'] * ['official_code'] * ['sysCode'] * ['path'] * ['dbName'] * ['dbNameGlu'] * ['titular'] * ['language'] * ['extLink']['url' ] * ['extLink']['name'] * ['categoryCode'] * ['categoryName'] * Now if the course_code is given, the returned array gives info about that * particular course, not specially the current one. * @todo same behaviour as api_get_user_info so that api_get_course_id becomes absolete too */ function api_get_course_info($course_code=null) { if (!empty($course_code)) { $course_code = Database::escape_string($course_code); $course_table = Database::get_main_table(TABLE_MAIN_COURSE); $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); $sql = "SELECT `course`.*, `course_category`.`code` `faCode`, `course_category`.`name` `faName` FROM $course_table LEFT JOIN $course_cat_table ON `course`.`category_code` = `course_category`.`code` WHERE `course`.`code` = '$course_code'"; $result = api_sql_query($sql,__FILE__,__LINE__); $_course = array(); if (Database::num_rows($result)>0) { global $_configuration; $cData = Database::fetch_array($result); $_course['id' ] = $cData['code' ]; //auto-assigned integer $_course['name' ] = $cData['title' ]; $_course['official_code'] = $cData['visual_code' ]; // use in echo $_course['sysCode' ] = $cData['code' ]; // use as key in db $_course['path' ] = $cData['directory' ]; // use as key in path $_course['dbName' ] = $cData['db_name' ]; // use as key in db list $_course['dbNameGlu' ] = $_configuration['table_prefix'] . $cData['db_name'] . $_configuration['db_glue']; // use in all queries $_course['titular' ] = $cData['tutor_name' ]; $_course['language' ] = $cData['course_language' ]; $_course['extLink' ]['url' ] = $cData['department_url' ]; $_course['extLink' ]['name'] = $cData['department_name']; $_course['categoryCode'] = $cData['faCode' ]; $_course['categoryName'] = $cData['faName' ]; $_course['visibility' ] = $cData['visibility']; $_course['subscribe_allowed'] = $cData['subscribe']; $_course['unubscribe_allowed'] = $cData['unsubscribe']; } return $_course; } else { global $_course; return $_course; } } /* ============================================================================== DATABASE QUERY MANAGEMENT ============================================================================== */ /** * Executes an SQL query * You have to use addslashes() on each value that you want to record into the database * * @author Olivier Brouckaert * @param string $query - SQL query * @param string $file - optional, the file path and name of the error (__FILE__) * @param string $line - optional, the line of the error (__LINE__) * @return resource - the return value of the query */ function api_sql_query($query, $file = '', $line = 0) { $result = @mysql_query($query); if ($line && !$result) { $info = '
';
			$info .= 'MYSQL ERROR :
 ';
			$info .= mysql_error();
			$info .= '
';
			$info .= 'QUERY       :
 ';
			$info .= $query;
			$info .= '
';
			$info .= 'FILE        :
 ';
			$info .= ($file == '' ? ' unknown ' : $file);
			$info .= '
';
			$info .= 'LINE        :
 ';
			$info .= ($line == 0 ? ' unknown ' : $line);
			$info .= '
'; //@ mysql_close(); //die($info); echo $info; } return $result; } /** * Store the result of a query into an array * * @author Olivier Brouckaert * @param resource $result - the return value of the query * @return array - the value returned by the query */ function api_store_result($result) { $tab = array (); while ($row = mysql_fetch_array($result)) { $tab[] = $row; } return $tab; } /* ============================================================================== SESSION MANAGEMENT ============================================================================== */ /** * Start the Dokeos session. * * The default lifetime for session is set here. It is not possible to have it * as a database setting as it is used before the database connection has been made. * It is taken from the configuration file, and if it doesn't exist there, it is set * to 360000 seconds * * @author Olivier Brouckaert * @param string variable - the variable name to save into the session */ function api_session_start($already_installed = true) { global $storeSessionInDb; global $_configuration; /* causes too many problems and is not configurable dynamically * if($already_installed){ $session_lifetime = 360000; if(isset($_configuration['session_lifetime'])) { $session_lifetime = $_configuration['session_lifetime']; } session_set_cookie_params($session_lifetime,api_get_path(REL_PATH)); }*/ if (is_null($storeSessionInDb)) { $storeSessionInDb = false; } if ($storeSessionInDb && function_exists('session_set_save_handler')) { include_once (api_get_path(LIBRARY_PATH).'session_handler.class.php'); $session_handler = new session_handler(); @ session_set_save_handler(array (& $session_handler, 'open'), array (& $session_handler, 'close'), array (& $session_handler, 'read'), array (& $session_handler, 'write'), array (& $session_handler, 'destroy'), array (& $session_handler, 'garbage')); } session_name('dk_sid'); session_start(); if ($already_installed) { if (empty ($_SESSION['checkDokeosURL'])) { $_SESSION['checkDokeosURL'] = api_get_path(WEB_PATH); } elseif ($_SESSION['checkDokeosURL'] != api_get_path(WEB_PATH)) { api_session_clear(); } } } /** * save a variable into the session * * BUG: function works only with global variables * * @author Olivier Brouckaert * @param string variable - the variable name to save into the session */ function api_session_register($variable) { global $$variable; session_register($variable); $_SESSION[$variable] = $$variable; } /** * Remove a variable from the session. * * @author Olivier Brouckaert * @param string variable - the variable name to remove from the session */ function api_session_unregister($variable) { if(isset($GLOBALS[$variable])) { unset ($GLOBALS[$variable]); } if(isset($_SESSION[$variable])) { $_SESSION[$variable] = null; session_unregister($variable); } } /** * Clear the session * * @author Olivier Brouckaert */ function api_session_clear() { session_regenerate_id(); session_unset(); $_SESSION = array (); } /** * Destroy the session * * @author Olivier Brouckaert */ function api_session_destroy() { session_unset(); $_SESSION = array (); session_destroy(); } /* ============================================================================== STRING MANAGEMENT ============================================================================== */ function api_add_url_param($url, $param) { if (empty ($param)) { return $url; } if (strstr($url, '?')) { if ($param[0] != '&') { $param = '&'.$param; } list (, $query_string) = explode('?', $url); $param_list1 = explode('&', $param); $param_list2 = explode('&', $query_string); $param_list1_keys = $param_list1_vals = array (); foreach ($param_list1 as $key => $enreg) { list ($param_list1_keys[$key], $param_list1_vals[$key]) = explode('=', $enreg); } $param_list1 = array ('keys' => $param_list1_keys, 'vals' => $param_list1_vals); foreach ($param_list2 as $enreg) { $enreg = explode('=', $enreg); $key = array_search($enreg[0], $param_list1['keys']); if (!is_null($key) && !is_bool($key)) { $url = str_replace($enreg[0].'='.$enreg[1], $enreg[0].'='.$param_list1['vals'][$key], $url); $param = str_replace('&'.$enreg[0].'='.$param_list1['vals'][$key], '', $param); } } $url .= $param; } else { $url = $url.'?'.$param; } return $url; } /** * Returns a difficult to guess password. * @param int $length, the length of the password * @return string the generated password */ function api_generate_password($length = 8) { $characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'; if ($length < 2) { $length = 2; } $password = ''; for ($i = 0; $i < $length; $i ++) { $password .= $characters[rand() % strlen($characters)]; } return $password; } /** * Checks a password to see wether it is OK to use. * @param string $password * @return true if the password is acceptable, false otherwise */ function api_check_password($password) { $lengthPass = strlen($password); if ($lengthPass < 5) { return false; } $passLower = strtolower($password); $cptLettres = $cptChiffres = 0; $consecutif = 0; $codeCharPrev = 0; for ($i = 0; $i < $lengthPass; $i ++) { $codeCharCur = ord($passLower[$i]); if ($i && abs($codeCharCur - $codeCharPrev) <= 1) { $consecutif ++; if ($consecutif == 3) { return false; } } else { $consecutif = 1; } if ($codeCharCur >= 97 && $codeCharCur <= 122) { $cptLettres ++; } elseif ($codeCharCur >= 48 && $codeCharCur <= 57) { $cptChiffres ++; } else { return false; } $codeCharPrev = $codeCharCur; } return ($cptLettres >= 3 && $cptChiffres >= 2) ? true : false; } /** * Clear the user ID from the session if it was the anonymous user. Generally * used on out-of-tools pages to remove a user ID that could otherwise be used * in the wrong context. * This function is to be used in conjunction with the api_set_anonymous() * function to simulate the user existence in case of an anonymous visit. * @param bool database check switch - passed to api_is_anonymous() * @return bool true if succesfully unregistered, false if not anonymous. */ function api_clear_anonymous($db_check=false) { global $_user; if (api_is_anonymous($_user['user_id'],$db_check)) { unset($_user['user_id']); api_session_unregister('_uid'); return true; } else { return false; } } /** * truncates a string * * @author Brouckaert Olivier * @param string text - text to truncate * @param integer length - length of the truncated text * @param string endStr - suffix * @param boolean middle - if true, truncates on string middle */ function api_trunc_str($text, $length = 30, $endStr = '...', $middle = false) { if (strlen($text) <= $length) { return $text; } if ($middle) { $text = rtrim(substr($text, 0, round($length / 2))).$endStr.ltrim(substr($text, -round($length / 2))); } else { $text = rtrim(substr($text, 0, $length)).$endStr; } return $text; } // deprecated, use api_trunc_str() instead function shorten($input, $length = 15) { $length = intval($length); if (!$length) { $length = 15; } return api_trunc_str($input, $length); } /** * handling simple and double apostrofe in order that strings be stored properly in database * * @author Denes Nagy * @param string variable - the variable to be revised */ function domesticate($input) { $input = stripslashes($input); $input = str_replace("'", "''", $input); $input = str_replace('"', "''", $input); return ($input); } /* ============================================================================== FAILURE MANAGEMENT ============================================================================== */ /* * The Failure Management module is here to compensate * the absence of an 'exception' device in PHP 4. */ /** * $api_failureList - array containing all the failure recorded * in order of arrival. */ $api_failureList = array (); /** * Fills a global array called $api_failureList * This array collects all the failure occuring during the script runs * The main purpose is allowing to manage the display messages externaly * from the functions or objects. This strengthens encupsalation principle * * @author Hugues Peeters * @param string $failureType - the type of failure * @global array $api_failureList * @return bolean false to stay consistent with the main script */ function api_set_failure($failureType) { global $api_failureList; $api_failureList[] = $failureType; return false; } /** * Sets the current user as anonymous if it hasn't been identified yet. This * function should be used inside a tool only. The function api_clear_anonymous() * acts in the opposite direction by clearing the anonymous user's data every * time we get on a course homepage or on a neutral page (index, admin, my space) * @return bool true if set user as anonymous, false if user was already logged in or anonymous id could not be found */ function api_set_anonymous() { global $_user; if(!empty($_user['user_id'])) { return false; } else { $user_id = api_get_anonymous_id(); if($user_id == 0) { return false; } else { api_session_unregister('_user'); $_user['user_id'] = $user_id; $_user['is_anonymous'] = true; api_session_register('_user'); $GLOBALS['_user'] = $_user; return true; } } } /** * get the last failure stored in $api_failureList; * * @author Hugues Peeters * @param void * @return string - the last failure stored */ function api_get_last_failure() { global $api_failureList; return $api_failureList[count($api_failureList) - 1]; } /** * collects and manage failures occuring during script execution * The main purpose is allowing to manage the display messages externaly * from functions or objects. This strengthens encupsalation principle * * @author Hugues Peeters * @package dokeos.library */ class api_failure { /* * IMPLEMENTATION NOTE : For now the $api_failureList list is set to the * global scope, as PHP 4 is unable to manage static variable in class. But * this feature is awaited in PHP 5. The class is already written to minize * the change when static class variable will be possible. And the API won't * change. */ public $api_failureList = array (); /** * Pile the last failure in the failure list * * @author Hugues Peeters * @param string $failureType - the type of failure * @global array $api_failureList * @return bolean false to stay consistent with the main script */ function set_failure($failureType) { global $api_failureList; $api_failureList[] = $failureType; return false; } /** * get the last failure stored * * @author Hugues Peeters * @param void * @return string - the last failure stored */ function get_last_failure() { global $api_failureList; if(count($api_failureList)==0){return '';} return $api_failureList[count($api_failureList) - 1]; } } /* ============================================================================== CONFIGURATION SETTINGS ============================================================================== */ /** * DEPRECATED, use api_get_setting instead */ function get_setting($variable, $key = NULL) { global $_setting; return api_get_setting($variable, $key); } /** * Gets the current Dokeos (not PHP/cookie) session ID, if active * @return int O if no active session, the session ID otherwise */ function api_get_session_id() { if (empty($_SESSION['id_session'])) { return 0; } else { return (int) $_SESSION['id_session']; } } /** * Gets the current or given session name * @param int Session ID (optional) * @return string The session name, or null if unfound */ function api_get_session_name($session_id) { if (empty($session_id)) { $session_id = api_get_session_id(); if (empty($session_id)) {return null;} } $t = Database::get_main_table(TABLE_MAIN_SESSION); $s = "SELECT name FROM $t WHERE id = ".(int)$session_id; $r = api_sql_query($s,__FILE__,__LINE__); $c = Database::num_rows($r); if ($c > 0) { //technically, there can be only one, but anyway we take the first $rec = Database::fetch_array($r); return $rec['name']; } return null; } /** * Returns the value of a setting from the web-adjustable admin config settings. * * WARNING true/false are stored as string, so when comparing you need to check e.g. * if(api_get_setting("show_navigation_menu") == "true") //CORRECT * instead of * if(api_get_setting("show_navigation_menu") == true) //INCORRECT * @param string The variable name * @param string The subkey (sub-variable) if any. Defaults to NULL * @author Rene Haentjens * @author Bart Mollet */ function api_get_setting($variable, $key = NULL) { global $_setting; return is_null($key) ? (!empty($_setting[$variable])?$_setting[$variable]:null) : $_setting[$variable][$key]; } /** * Returns an escaped version of $_SERVER['PHP_SELF'] to avoid XSS injection * @return string Escaped version of $_SERVER['PHP_SELF'] */ function api_get_self() { return htmlentities($_SERVER['PHP_SELF']); } /* ============================================================================== LANGUAGE SUPPORT ============================================================================== */ /** * Whenever the server type in the Dokeos Config settings is * set to test/development server you will get an indication that a language variable * is not translated and a link to a suggestions form of DLTT. * * @return language variable '$lang'.$variable or language variable $variable. * * @author Roan Embrechts * @author Patrick Cool */ function get_lang($variable, $notrans = 'DLTT') { $ot = '[='; //opening tag for missing vars $ct = '=]'; //closing tag for missing vars if(api_get_setting('hide_dltt_markup') == 'true') { $ot = ''; $ct = ''; } if (api_get_setting('server_type') != 'test') { $lvv = isset ($GLOBALS['lang'.$variable]) ? $GLOBALS['lang'.$variable] : (isset ($GLOBALS[$variable]) ? $GLOBALS[$variable] : $ot.$variable.$ct); if (!is_string($lvv)) return $lvv; return str_replace("\\'", "'", $lvv); } if (!is_string($variable)) return $ot.'get_lang(?)'.$ct; global $language_interface, $language_files; //language file specified in tool $langpath = api_get_path(SYS_CODE_PATH).'lang/'; if (isset ($language_files)) { if (!is_array($language_files)) { @include ($langpath.$language_interface.'/'.$language_files.'.inc.php'); } else { foreach ($language_files as $index => $language_file) { @include ($langpath.$language_interface.'/'.$language_file.'.inc.php'); } } } @ eval ('$langvar = $'.$variable.';'); // Note (RH): $$var doesn't work with arrays, see PHP doc if (isset ($langvar) && is_string($langvar) && strlen($langvar) > 0) { return str_replace("\\'", "'", $langvar); } @ eval ('$langvar = $lang'.$variable.';'); if (isset ($langvar) && is_string($langvar) && strlen($langvar) > 0) { return str_replace("\\'", "'", $langvar); } if ($notrans != 'DLTT') return $ot.$variable.$ct; if (!is_array($language_files)) { $language_file = $language_files; } else { $language_file = implode('.inc.php',$language_files); } return $ot.$variable.$ct."#"; } /** * Gets the current interface language * @return string The current language of the interface */ function api_get_interface_language() { global $language_interface; return $language_interface; } /* ============================================================================== USER PERMISSIONS ============================================================================== */ /** * Check if current user is a platform administrator * @return boolean True if the user has platform admin rights, * false otherwise. */ function api_is_platform_admin($allow_sessions_admins = false) { if($_SESSION['is_platformAdmin']) { return true; } else { global $_user; if ($allow_sessions_admins && $_user['status']==SESSIONADMIN) { return true; } } return false; } /** * Check if current user is allowed to create courses * @return boolean True if the user has course creation rights, * false otherwise. */ function api_is_allowed_to_create_course() { return $_SESSION["is_allowedCreateCourse"]; } /** * Check if the current user is a course administrator * @return boolean True if current user is a course administrator */ function api_is_course_admin() { return $_SESSION["is_courseAdmin"]; } /** * Check if the current user is a course coach * @return bool True if current user is a course coach */ function api_is_course_coach() { return $_SESSION['is_courseCoach']; } /** * Check if the current user is a course tutor * @return bool True if current user is a course tutor */ function api_is_course_tutor() { return $_SESSION['is_courseTutor']; } /** * Check if the current user is a course or session coach * @return boolean True if current user is a course or session coach */ function api_is_coach() { global $_user; global $sessionIsCoach; $sql = "SELECT DISTINCT id, name, date_start, date_end FROM session INNER JOIN session_rel_course ON session_rel_course.id_coach = '".mysql_real_escape_string($_user['user_id'])."' ORDER BY date_start, date_end, name"; $result = api_sql_query($sql,__FILE__,__LINE__); $sessionIsCoach = api_store_result($result); $sql = "SELECT DISTINCT id, name, date_start, date_end FROM session WHERE session.id_coach = '".mysql_real_escape_string($_user['user_id'])."' ORDER BY date_start, date_end, name"; $result = api_sql_query($sql,__FILE__,__LINE__); $sessionIsCoach = array_merge($sessionIsCoach , api_store_result($result)); if(count($sessionIsCoach) > 0) { return true; } else { return false; } } /* ============================================================================== DISPLAY OPTIONS student view, title, message boxes,... ============================================================================== */ /** * Displays the title of a tool. * Normal use: parameter is a string: * api_display_tool_title("My Tool") * * Optionally, there can be a subtitle below * the normal title, and / or a supra title above the normal title. * * e.g. supra title: * group * GROUP PROPERTIES * * e.g. subtitle: * AGENDA * calender & events tool * * @author Hugues Peeters * @param mixed $titleElement - it could either be a string or an array * containing 'supraTitle', 'mainTitle', * 'subTitle' * @return void */ function api_display_tool_title($titleElement) { if (is_string($titleElement)) { $tit = $titleElement; unset ($titleElement); $titleElement['mainTitle'] = $tit; } echo '

'; if (!empty($titleElement['supraTitle'])) { echo ''.$titleElement['supraTitle'].'
'; } if (!empty($titleElement['mainTitle'])) { echo $titleElement['mainTitle']; } if (!empty($titleElement['subTitle'])) { echo '
'.$titleElement['subTitle'].''; } echo '

'; } /** * Display options to switch between student view and course manager view * * Changes in version 1.2 (Patrick Cool) * Student view switch now behaves as a real switch. It maintains its current state until the state * is changed explicitly * * Changes in version 1.1 (Patrick Cool) * student view now works correctly in subfolders of the document tool * student view works correctly in the new links tool * * Example code for using this in your tools: * //if ( $is_courseAdmin && api_get_setting('student_view_enabled') == 'true' ) * //{ * // display_tool_view_option($isStudentView); * //} * //and in later sections, use api_is_allowed_to_edit() * @author Roan Embrechts * @author Patrick Cool * @version 1.2 * @todo rewrite code so it is easier to understand */ function api_display_tool_view_option() { if (api_get_setting('student_view_enabled') != "true") { return ''; } $output_string=''; $sourceurl = ''; $is_framed = false; // Exceptions apply for all multi-frames pages if (strpos($_SERVER['REQUEST_URI'],'chat/chat_banner.php')!==false) { //the chat is a multiframe bit that doesn't work too well with the student_view, so do not show the link $is_framed = true; return ''; } // Uncomment to remove student view link from document view page if (strpos($_SERVER['REQUEST_URI'],'document/headerpage.php')!==false) { $sourceurl = str_replace('document/headerpage.php','document/showinframes.php',$_SERVER['REQUEST_URI']); //showinframes doesn't handle student view anyway... //return ''; $is_framed = true; } // Uncomment to remove student view link from document view page if (strpos($_SERVER['REQUEST_URI'],'newscorm/lp_header.php')!==false) { if (empty($_GET['lp_id'])) { return ''; } $sourceurl = substr($_SERVER['REQUEST_URI'],0,strpos($_SERVER['REQUEST_URI'],'?')); $sourceurl = str_replace('newscorm/lp_header.php','newscorm/lp_controller.php?'.api_get_cidreq().'&action=view&lp_id='.intval($_GET['lp_id']).'&isStudentView='.($_SESSION['studentview']=='studentview'?'false':'true'),$sourceurl); //showinframes doesn't handle student view anyway... //return ''; $is_framed = true; } // check if the $_SERVER['REQUEST_URI'] contains already url parameters (thus a questionmark) if (!$is_framed) { if (!strstr($_SERVER['REQUEST_URI'], "?")) { $sourceurl = api_get_self()."?".api_get_cidreq(); } else { $sourceurl = $_SERVER['REQUEST_URI']; //$sourceurl = str_replace('&', '&', $sourceurl); } } if(!empty($_SESSION['studentview'])) { if ($_SESSION['studentview']=='studentview') { // we have to remove the isStudentView=true from the $sourceurl $sourceurl = str_replace('&isStudentView=true', '', $sourceurl); $sourceurl = str_replace('&isStudentView=false', '', $sourceurl); $output_string .= ''.get_lang("CourseManagerview").''; } elseif ($_SESSION['studentview']=='teacherview') { //switching to teacherview $sourceurl = str_replace('&isStudentView=true', '', $sourceurl); $sourceurl = str_replace('&isStudentView=false', '', $sourceurl); $output_string .= ''.get_lang("StudentView").''; } } else { $output_string .= ''.get_lang("StudentView").''; } echo $output_string; } /** * Displays the contents of an array in a messagebox. * @param array $info_array An array with the messages to show */ function api_display_array($info_array) { foreach ($info_array as $element) { $message .= $element."
"; } Display :: display_normal_message($message); } /** * Displays debug info * @param string $debug_info The message to display * @author Roan Embrechts * @version 1.1, March 2004 */ function api_display_debug_info($debug_info) { $message = "Debug info
"; $message .= $debug_info; Display :: display_normal_message($message); } /** * @deprecated, use api_is_allowed_to_edit() instead */ function is_allowed_to_edit() { return api_is_allowed_to_edit(); } /** * Function that removes the need to directly use is_courseAdmin global in * tool scripts. It returns true or false depending on the user's rights in * this particular course. * Optionally checking for tutor and coach roles here allows us to use the * student_view feature altogether with these roles as well. * @param bool Whether to check if the user has the tutor role * @param bool Whether to check if the user has the coach role * * @author Roan Embrechts * @author Patrick Cool * @version 1.1, February 2004 * @return boolean, true: the user has the rights to edit, false: he does not */ function api_is_allowed_to_edit($tutor=false,$coach=false) { $is_courseAdmin = api_is_course_admin() || api_is_platform_admin() || api_is_coach(); if(!$is_courseAdmin && $tutor == true) { //if we also want to check if the user is a tutor... $is_courseAdmin = $is_courseAdmin || api_is_course_tutor(); } if(!$is_courseAdmin && $coach == true) { //if we also want to check if the user is a coach...'; $is_courseAdmin = $is_courseAdmin || api_is_course_coach(); } if(api_get_setting('student_view_enabled') == 'true') { //check if the student_view is enabled, and if so, if it is activated $is_allowed = $is_courseAdmin && $_SESSION['studentview'] != "studentview"; return $is_allowed; } else { return $is_courseAdmin; } } /** * this fun * @param $tool the tool we are checking ifthe user has a certain permission * @param $action the action we are checking (add, edit, delete, move, visibility) * @author Patrick Cool , Ghent University * @version 1.0 */ function api_is_allowed($tool, $action, $task_id = 0) { global $_course; global $_user; if (api_is_course_admin()) { return true; } //if(!$_SESSION['total_permissions'][$_course['code']] and $_course) if ($_course) { require_once(api_get_path(SYS_CODE_PATH) . 'permissions/permissions_functions.inc.php'); require_once(api_get_path(LIBRARY_PATH) . "/groupmanager.lib.php"); // getting the permissions of this user if ($task_id == 0) { $user_permissions = get_permissions('user', $_user['user_id']); $_SESSION['total_permissions'][$_course['code']] = $user_permissions; } // getting the permissions of the task if ($task_id != 0) { $task_permissions = get_permissions('task', $task_id); /* !!! */$_SESSION['total_permissions'][$_course['code']] = $task_permissions; } //print_r($_SESSION['total_permissions']); // getting the permissions of the groups of the user //$groups_of_user = GroupManager::get_group_ids($_course['db_name'], $_user['user_id']); //foreach($groups_of_user as $group) //$this_group_permissions = get_permissions('group', $group); // getting the permissions of the courseroles of the user $user_courserole_permissions = get_roles_permissions('user', $_user['user_id']); // getting the permissions of the platformroles of the user //$user_platformrole_permissions = get_roles_permissions('user', $_user['user_id'], ', platform'); // getting the permissions of the roles of the groups of the user //foreach($groups_of_user as $group) //$this_group_courserole_permissions = get_roles_permissions('group', $group); // getting the permissions of the platformroles of the groups of the user //foreach($groups_of_user as $group) //$this_group_platformrole_permissions = get_roles_permissions('group', $group, 'platform'); } // ifthe permissions are limited we have to map the extended ones to the limited ones if (api_get_setting('permissions') == 'limited') { if ($action == 'Visibility') { $action = 'Edit'; } if($action == 'Move') { $action = 'Edit'; } } // the session that contains all the permissions already exists for this course // so there is no need to requery everything. //my_print_r($_SESSION['total_permissions'][$_course['code']][$tool]); if (in_array($action, $_SESSION['total_permissions'][$_course['code']][$tool])) { return true; } else { return false; } } /** * Tells whether this user is an anonymous user * @param int User ID (optional, will take session ID if not provided) * @param bool Whether to check in the database (true) or simply in the session (false) to see if the current user is the anonymous user * @return bool true if this user is anonymous, false otherwise */ function api_is_anonymous($user_id=null,$db_check=false) { if(!isset($user_id)) { $user_id = api_get_user_id(); } if($db_check) { $info = api_get_user_info($user_id); if($info['status'] == 6) { return true; } } else { global $_user; if (!isset($_user)) { //in some cases, api_set_anonymous doesn't seem to be //triggered in local.inc.php. Make sure it is. //Occurs in agenda for admin links - YW global $use_anonymous; if (isset($use_anonymous) && $use_anonymous == true) { api_set_anonymous(); } return true; } if (isset($_user['is_anonymous']) and $_user['is_anonymous'] === true) { return true; } } return false; } /** * Displays message "You are not allowed here..." and exits the entire script. * @param bool Whether or not to print headers (default = false -> does not print them) * * @author Roan Embrechts * @author Yannick Warnier * @author Patrick Cool , Ghent University * * @version 1.0, February 2004 * @version dokeos 1.8, August 2006 */ function api_not_allowed($print_headers = false) { $home_url = api_get_path(WEB_PATH); $user = api_get_user_id(); $course = api_get_course_id(); if ((isset($user) && !api_is_anonymous()) && (!isset($course) || $course==-1) && empty($_GET['cidReq'])) {//if the access is not authorized and there is some login information // but the cidReq is not found, assume we are missing course data and send the user // to the user_portal if (!headers_sent() or $print_headers){Display::display_header('');} echo '
'; Display::display_error_message(get_lang('NotAllowedClickBack').'

'.get_lang('BackToPreviousPage').'
',false); echo '
'; if ($print_headers){Display::display_footer();} die(); } elseif (!empty($_SERVER['REQUEST_URI']) && !empty($_GET['cidReq'])) { //only display form and return to the previous URL if there was a course ID included if (!empty($user) && !api_is_anonymous()) { if (!headers_sent() or $print_headers) { Display::display_header('');} echo '
'; Display::display_error_message(get_lang('NotAllowedClickBack').'

'.get_lang('BackToPreviousPage').'
',false); echo '
'; if ($print_headers) {Display::display_footer();} die(); } else { include_once (api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php');$form = new FormValidator('formLogin','post',api_get_self().'?'.$_SERVER['QUERY_STRING']); $form->addElement('static',null,null,'Username'); $form->addElement('text','login','',array('size'=>15)); $form->addElement('static',null,null,'Password'); $form->addElement('password','password','',array('size'=>15)); $form->addElement('submit','submitAuth',get_lang('Ok')); $test = $form->return_form(); if(!headers_sent() or $print_headers){Display::display_header('');} echo '
'; Display::display_error_message(get_lang('NotAllowed').'

'.get_lang('PleaseLoginAgainFromFormBelow').'
'.$test,false); echo '
'; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; if ($print_headers) {Display::display_footer();} die(); } } else { if (!empty($user) && !api_is_anonymous()) { if (!headers_sent() or $print_headers) {Display::display_header('');} echo '
'; Display::display_error_message(get_lang('NotAllowedClickBack').'

'.get_lang('BackToPreviousPage').'
',false); echo '
'; if ($print_headers) {Display::display_footer();} die(); } else { //if no course ID was included in the requested URL, redirect to homepage if ($print_headers) {Display::display_header('');} echo '
'; Display::display_error_message(get_lang('NotAllowed').'

'.get_lang('PleaseLoginAgainFromHomepage').'
',false); echo '
'; if ($print_headers) {Display::display_footer();} die(); } } } /* ============================================================================== WHAT'S NEW functions for the what's new icons in the user course list ============================================================================== */ /** * @param $last_post_datetime standard output date in a sql query * @return unix timestamp * @author Toon Van Hoecke * @version October 2003 * @desc convert sql date to unix timestamp */ function convert_mysql_date($last_post_datetime) { list ($last_post_date, $last_post_time) = split(" ", $last_post_datetime); list ($year, $month, $day) = explode("-", $last_post_date); list ($hour, $min, $sec) = explode(":", $last_post_time); $announceDate = mktime($hour, $min, $sec, $month, $day, $year); return $announceDate; } /** * Gets item visibility from the item_property table * @param array Course properties array (result of api_get_course_info()) * @param string Tool (learnpath, document, etc) * @param int The item ID in the given tool * @return int -1 on error, 0 if invisible, 1 if visible */ function api_get_item_visibility($_course,$tool,$id) { if (!is_array($_course) or count($_course)==0 or empty($tool) or empty($id)) return -1; $tool = Database::escape_string($tool); $id = Database::escape_string($id); $TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY,$_course['dbName']); $sql = "SELECT * FROM $TABLE_ITEMPROPERTY WHERE tool = '$tool' AND ref = $id"; $res = api_sql_query($sql); if($res === false or Database::num_rows($res)==0) return -1; $row = Database::fetch_array($res); return $row['visibility']; } /** * Updates or adds item properties to the Item_propetry table * Tool and lastedit_type are language independant strings (langvars->get_lang!) * * @param $_course : array with course properties * @param $tool : tool id, linked to 'rubrique' of the course tool_list (Warning: language sensitive !!) * @param $item_id : id of the item itself, linked to key of every tool ('id', ...), "*" = all items of the tool * @param $lastedit_type : add or update action (1) message to be translated (in trad4all) : e.g. DocumentAdded, DocumentUpdated; * (2) "delete"; (3) "visible"; (4) "invisible"; * @param $user_id : id of the editing/adding user * @param $to_group_id : id of the intended group ( 0 = for everybody), only relevant for $type (1) * @param $to_user_id : id of the intended user (always has priority over $to_group_id !), only relevant for $type (1) * @param string $start_visible 0000-00-00 00:00:00 format * @param unknown_type $end_visible 0000-00-00 00:00:00 format * @return boolean False if update fails. * @author Toon Van Hoecke , Ghent University * @version January 2005 * @desc update the item_properties table (if entry not exists, insert) of the course */ function api_item_property_update($_course, $tool, $item_id, $lastedit_type, $user_id, $to_group_id = 0, $to_user_id = NULL, $start_visible = 0, $end_visible = 0) { $tool = Database::escape_string($tool); $item_id = Database::escape_string($item_id); $lastedit_type = Database::escape_string($lastedit_type); $user_id = Database::escape_string($user_id); $to_group_id = Database::escape_string($to_group_id); $to_user_id = Database::escape_string($to_user_id); $start_visible = Database::escape_string($start_visible); $end_visible = Database::escape_string($end_visible); $to_filter = ""; $time = time(); $time = date("Y-m-d H:i:s", $time); $TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY,$_course['dbName']); if ($to_user_id <= 0) { $to_user_id = NULL;//no to_user_id set } $start_visible = ($start_visible == 0) ? "0000-00-00 00:00:00" : $start_visible; $end_visible = ($end_visible == 0) ? "0000-00-00 00:00:00" : $end_visible; // set filters for $to_user_id and $to_group_id, with priority for $to_user_id $filter = "tool='$tool' AND ref='$item_id'"; if ($item_id == "*") { $filter = "tool='$tool' AND visibility<>'2'"; // for all (not deleted) items of the tool } // check if $to_user_id and $to_group_id are passed in the function call // if both are not passed (both are null) then it is a message for everybody and $to_group_id should be 0 ! if (is_null($to_user_id) && is_null($to_group_id)) { $to_group_id = 0; } if (!is_null($to_user_id)) { $to_filter = " AND to_user_id='$to_user_id'"; // set filter to intended user } else { if (!is_null($to_group_id) and $to_group_id == strval(intval($to_group_id))) { $to_filter = " AND to_group_id='$to_group_id'"; // set filter to intended group } } // update if possible $set_type = ""; switch ($lastedit_type) { case "delete" : // delete = make item only visible for the platform admin $visibility = '2'; $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id', visibility='$visibility' $set_type WHERE $filter"; break; case "visible" : // change item to visible $visibility = '1'; $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id', visibility='$visibility' $set_type WHERE $filter"; break; case "invisible" : // change item to invisible $visibility = '0'; $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id', visibility='$visibility' $set_type WHERE $filter"; break; default : // item will be added or updated $set_type = ", lastedit_type='$lastedit_type' "; $visibility = '1'; $filter .= $to_filter; $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id' $set_type WHERE $filter"; } $res = mysql_query($sql); // insert if no entries are found (can only happen in case of $lastedit_type switch is 'default') if (mysql_affected_rows() == 0) { if (!is_null($to_user_id)) { // $to_user_id has more priority than $to_group_id $to_field = "to_user_id"; $to_value = $to_user_id; } else { // $to_user_id is not set $to_field = "to_group_id"; $to_value = $to_group_id; } $sql = "INSERT INTO $TABLE_ITEMPROPERTY (tool, ref, insert_date,insert_user_id,lastedit_date,lastedit_type, lastedit_user_id,$to_field, visibility, start_visible, end_visible) VALUES ('$tool','$item_id','$time', '$user_id', '$time', '$lastedit_type','$user_id', '$to_value','$visibility','$start_visible','$end_visible')"; $res = mysql_query($sql); if (!$res) { return FALSE; } } return TRUE; } /* ============================================================================== Language Dropdown ============================================================================== */ /** * Displays a combobox so the user can select his/her preferred language. * @param string The desired name= value for the select * @return string */ function api_get_languages_combo($name="language") { $ret = ""; $platformLanguage = api_get_setting('platformLanguage'); /* retrieve a complete list of all the languages. */ $language_list = api_get_languages(); if (count($language_list['name']) < 2) { return $ret; } /* the the current language of the user so that his/her language occurs as * selected in the dropdown menu */ if(isset($_SESSION['user_language_choice'])) $default = $_SESSION['user_language_choice']; else $default = $platformLanguage; $languages = $language_list['name']; $folder = $language_list['folder']; $ret .= ''; return $ret; } /** * Displays a form (drop down menu) so the user can select his/her preferred language. * The form works with or without javascript * @param boolean Hide form if only one language available (defaults to false = show the box anyway) * @return void Display the box directly */ function api_display_language_form($hide_if_no_choice=false) { $platformLanguage = api_get_setting('platformLanguage'); $dirname = api_get_path(SYS_PATH)."main/lang/"; // this line is probably no longer needed // retrieve a complete list of all the languages. $language_list = api_get_languages(); if (count($language_list['name'])<=1 && $hide_if_no_choice == true) { return; //don't show any form } // the the current language of the user so that his/her language occurs as selected in the dropdown menu if(isset($_SESSION['user_language_choice'])) { $user_selected_language = $_SESSION['user_language_choice']; } if (!isset ($user_selected_language)) $user_selected_language = $platformLanguage; $original_languages = $language_list['name']; $folder = $language_list['folder']; // this line is probably no longer needed ?> ", ""; echo ""; echo ""; } /** * Return a list of all the languages that are made available by the admin. * @return array An array with all languages. Structure of the array is * array['name'] = An array with the name of every language * array['folder'] = An array with the corresponding dokeos-folder */ function api_get_languages() { $tbl_language = Database::get_main_table(TABLE_MAIN_LANGUAGE); $sql = "SELECT * FROM $tbl_language WHERE available='1' ORDER BY original_name ASC"; $result = api_sql_query($sql, __FILE__, __LINE__); while ($row = mysql_fetch_array($result)) { $language_list['name'][] = $row['original_name']; $language_list['folder'][] = $row['dokeos_folder']; } return $language_list; } /** * Get language isocode column from the language table, taking the current language as a query * @return string The isocode (two-letters code or 5 letters code, fr or fr-BE) or null if error */ function api_get_language_isocode() { $tbl_language = Database::get_main_table(TABLE_MAIN_LANGUAGE); $sql = "SELECT isocode FROM $tbl_language WHERE dokeos_folder = '".api_get_interface_language()."'"; $res = api_sql_query($sql,__FILE__,__LINE__); if(mysql_num_rows($res)) { $row = mysql_fetch_array($res); return $row['isocode']; } return null; } /** * Returns a list of CSS themes currently available in the CSS folder * @return array List of themes directories from the css folder */ function api_get_themes() { $cssdir = api_get_path(SYS_PATH).'main/css/'; $list_dir= array(); $list_name= array(); if (@is_dir($cssdir)) { $themes = @scandir($cssdir); if (is_array($themes)) { if($themes !== false) { sort($themes); foreach($themes as $theme) { if(substr($theme,0,1)=='.') { //ignore continue; } else { if(@is_dir($cssdir.$theme)) { $list_dir[] = $theme; $list_name[] = ucwords(str_replace('_',' ',$theme)); } } } } } } $return=array(); $return[]=$list_dir; $return[]=$list_name; return $return; } /* ============================================================================== WYSIWYG HTML AREA functions for the WYSIWYG html editor, TeX parsing... ============================================================================== */ /** * Displays the FckEditor WYSIWYG editor for online editing of html * @param string $name The name of the form-element * @param string $content The default content of the html-editor * @param int $height The height of the form element * @param int $width The width of the form element * @param string $optAttrib optional attributes for the form element */ function api_disp_html_area($name, $content = '', $height = '', $width = '100%', $optAttrib = '') { global $_configuration, $_course, $fck_attribute; require_once(dirname(__FILE__).'/formvalidator/Element/html_editor.php'); $editor = new HTML_QuickForm_html_editor($name); $editor->setValue($content); if( $height != '') { $fck_attribute['Height'] = $height; } if( $width != '') { $fck_attribute['Width'] = $width; } echo $editor->toHtml(); } function api_return_html_area($name, $content = '', $height = '', $width = '100%', $optAttrib = '') { global $_configuration, $_course, $fck_attribute; require_once(dirname(__FILE__).'/formvalidator/Element/html_editor.php'); $editor = new HTML_QuickForm_html_editor($name); $editor->setValue($content); if( $height != '') { $fck_attribute['Height'] = $height; } if( $width != '') { $fck_attribute['Width'] = $width; } return $editor->toHtml(); } /** * Send an email. * * Wrapper function for the standard php mail() function. Change this function * to your needs. The parameters must follow the same rules as the standard php * mail() function. Please look at the documentation on http: //www. php. * net/manual/en/function. mail.php * @param string $to * @param string $subject * @param string $message * @param string $additional_headers * @param string $additional_parameters */ function api_send_mail($to, $subject, $message, $additional_headers = null, $additional_parameters = null) { return mail($to, $subject, $message, $additional_headers, $additional_parameters); } /** * Find the largest sort value in a given user_course_category * This function is used when we are moving a course to a different category * and also when a user subscribes to a courses (the new courses is added to the end * of the main category * @author Patrick Cool , Ghent University * @param int $user_course_category: the id of the user_course_category * @return int the value of the highest sort of the user_course_category */ function api_max_sort_value($user_course_category, $user_id) { $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); $sql_max = "SELECT max(sort) as max_sort FROM $tbl_course_user WHERE user_id='".$user_id."' AND user_course_cat='".$user_course_category."'"; $result_max = mysql_query($sql_max) or die(mysql_error()); if (mysql_num_rows($result_max) == 1) { $row_max = mysql_fetch_array($result_max); $max_sort = $row_max['max_sort']; } else { $max_sort = 0; } return $max_sort; } /** * This function converts the string "true" or "false" to a boolean true or false. * This function is in the first place written for the Dokeos Config Settings (also named AWACS) * @param string "true" or "false" * @return boolean true or false * @author Patrick Cool , Ghent University */ function string_2_boolean($string) { if ($string == "true") { return true; } if ($string == "false") { return false; } } /** * Determines the number of plugins installed for a given location */ function api_number_of_plugins($location) { global $_plugins; if (isset($_plugins[$location]) && is_array($_plugins[$location])) { return count($_plugins[$location]); } return 0; } /** * including the necessary plugins * @author Patrick Cool , Ghent University */ function api_plugin($location) { global $_plugins; if (isset($_plugins[$location]) && is_array($_plugins[$location])) { foreach ($_plugins[$location] as $this_plugin) { include (api_get_path(SYS_PLUGIN_PATH)."$this_plugin/index.php"); } } } /** * Checks to see wether a certain plugin is installed. * @return boolean true if the plugin is installed, false otherwise. */ function api_is_plugin_installed($plugin_list, $plugin_name) { foreach ($plugin_list as $plugin_location) { if ( array_search($plugin_name, $plugin_location) !== false ) return true; } return false; } /** * Apply parsing to content to parse tex commandos that are seperated by [tex] * [/tex] to make it readable for techexplorer plugin. * @param string $text The text to parse * @return string The text after parsing. * @author Patrick Cool * @version June 2004 */ function api_parse_tex($textext) { if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) { $textext = str_replace(array ("[tex]", "[/tex]"), array (""), $textext); } else { $textext = str_replace(array ("[tex]", "[/tex]"), array (""), $textext); } return $textext; } /** * Transform a number of seconds in hh:mm:ss format * @author Julian Prud'homme * @param integer the number of seconds * @return string the formated time */ function api_time_to_hms($seconds) { //if seconds = -1, it means we have wrong datas in the db if($seconds==-1) { return get_lang('Unknown').Display::return_icon('info2.gif',get_lang('WrongDatasForTimeSpentOnThePlatform')); } //How many hours ? $hours = floor($seconds / 3600); //How many minutes ? $min = floor(($seconds - ($hours * 3600)) / 60); //How many seconds $sec = floor($seconds - ($hours * 3600) - ($min * 60)); if ($sec < 10) $sec = "0".$sec; if ($min < 10) $min = "0".$min; return $hours.":".$min.":".$sec; } /** * function adapted from a php.net comment * copy recursively a folder * @param the source folder * @param the dest folder * @param an array of excluded file_name (without extension) * @param copied_files the returned array of copied files */ function copyr($source, $dest, $exclude=array(), $copied_files=array()) { // Simple copy for a file if (is_file($source)) { $path_infos = pathinfo($source); if(!in_array($path_infos['filename'], $exclude)) copy($source, $dest); return; } // Make destination directory if (!is_dir($dest)) { mkdir($dest); } // Loop through the folder $dir = dir($source); while (false !== $entry = $dir->read()) { // Skip pointers if ($entry == '.' || $entry == '..') { continue; } // Deep copy directories if ($dest !== "$source/$entry") { $zip_files = copyr("$source/$entry", "$dest/$entry", $exclude, $copied_files); } } // Clean up $dir->close(); return $zip_files; } function api_chmod_R($path, $filemode) { if (!is_dir($path)) return chmod($path, $filemode); $dh = opendir($path); while ($file = readdir($dh)) { if ($file != '.' && $file != '..') { $fullpath = $path.'/'.$file; if (!is_dir($fullpath)) { if (!chmod($fullpath, $filemode)) return FALSE; } else { if (!api_chmod_R($fullpath, $filemode)) return FALSE; } } } closedir($dh); if(chmod($path, $filemode)) return TRUE; else return FALSE; } /** * Get Dokeos version from the configuration files * @return string A string of type "1.8.4", or an empty string if the version could not be found */ function api_get_version() { global $_configuration; if(!empty($_configuration['dokeos_version'])) { return $_configuration['dokeos_version']; } else { return ''; } } /** * Check if status given in parameter exists in the platform * @param mixed the status (can be either int either string) * @return true if the status exists, else returns false */ function api_status_exists($status_asked) { global $_status_list; if (in_array($status_asked, $_status_list)) { return true; } else { return isset($_status_list[$status_asked]); } } /** * Check if status given in parameter exists in the platform * @param mixed the status (can be either int either string) * @return true if the status exists, else returns false */ function api_status_key($status) { global $_status_list; if (isset($_status_list[$status])) { return $status; } else { return array_search($status,$_status_list); } } /** * get the status langvars list * @return array the list of status with their translations */ function api_get_status_langvars() { return array( COURSEMANAGER=>get_lang('Teacher'), SESSIONADMIN=>get_lang('SessionsAdmin'), DRH=>get_lang('Drh'), STUDENT=>get_lang('Student'), ANONYMOUS=>get_lang('Anonymous') ); } /** * Sets a platform configuration setting to a given value * @param string The variable we want to update * @param string The value we want to record * @param string The sub-variable if any (in most cases, this will remain null) * @param string The category if any (in most cases, this will remain null) * @param int The access_url for which this parameter is valid */ function api_set_setting($var,$value,$subvar=null,$cat=null,$access_url=1) { if(empty($var)) { return false; } $t_settings = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $var = Database::escape_string($var); $value = Database::escape_string($value); $access_url = (int) $access_url; if(empty($access_url)){$access_url=1;} $select = "SELECT * FROM $t_settings WHERE variable = '$var' "; if(!empty($subvar)) { $subvar = Database::escape_string($subvar); $select .= " AND subkey = '$subvar'"; } if(!empty($cat)) { $cat = Database::escape_string($cat); $select .= " AND category = '$cat'"; } if($access_url > 1) { $select .= " AND access_url = $access_url"; } else { $select .= " AND access_url = 1 "; } $res = api_sql_query($select,__FILE__,__LINE__); if(Database::num_rows($res)>0) { //found item for this access_url $row = Database::fetch_array($res); $update = "UPDATE $t_settings SET selected_value = '$value' WHERE id = ".$row['id'] ; $res = api_sql_query($update,__FILE__,__LINE__); } else { //item not found for this access_url, we have to check if the whole thing is missing //(in which case we ignore the insert) or if there *is* a record but just for access_url=1 $select = "SELECT * FROM $t_settings WHERE variable = '$var' AND access_url = '1' "; if ($access_url==1) { if (!empty($subvar)) { $select .= " AND subkey = '$subvar'"; } if (!empty($cat)) { $select .= " AND category = '$cat'"; } $res = api_sql_query($select,__FILE__,__LINE__); if (Database::num_rows($select)>0) { //we have a setting for access_url 1, but none for the current one, so create one $row = Database::fetch_array($res); $insert = "INSERT INTO $t_settings " . "(variable,subkey," . "type,category," . "selected_value,title," . "comment,scope," . "subkeytext,access_url)" . " VALUES " . "('".$row['variable']."',".(!empty($row['subkey'])?"'".$row['subkey']."'":"NULL")."," . "'".$row['type']."','".$row['category']."'," . "'$value','".$row['title']."'," . "".(!empty($row['comment'])?"'".$row['comment']."'":"NULL").",'".(!empty($row['scope'])?"'".$row['scope']."'":"NULL")."'," . "'".(!empty($row['subkeytext'])?"'".$row['subkeytext']."'":"NULL")."',$access_url)"; $res = api_sql_query($insert,__FILE__,__LINE__); } else { // this setting does not exist error_log(__FILE__.':'.__LINE__.': Attempting to update setting '.$var.' ('.$subvar.') which does not exist at all',0); } } else { // other access url if (!empty($subvar)) { $select .= " AND subkey = '$subvar'"; } if (!empty($cat)) { $select .= " AND category = '$cat'"; } $res = api_sql_query($select,__FILE__,__LINE__); if (Database::num_rows($res)>0) { //we have a setting for access_url 1, but none for the current one, so create one $row = Database::fetch_array($res); if ($row['access_url_changeable']==1) { $insert = "INSERT INTO $t_settings " . "(variable,subkey," . "type,category," . "selected_value,title," . "comment,scope," . "subkeytext,access_url, access_url_changeable)" . " VALUES " . "('".$row['variable']."',". (!empty($row['subkey'])?"'".$row['subkey']."'":"NULL")."," . "'".$row['type']."','".$row['category']."'," . "'$value','".$row['title']."'," . "".(!empty($row['comment'])?"'".$row['comment']."'":"NULL").",". (!empty($row['scope'])?"'".$row['scope']."'":"NULL")."," . "'".(!empty($row['subkeytext'])?"'".$row['subkeytext']."'":"NULL")."',$access_url,".$row['access_url_changeable'].")"; $res = api_sql_query($insert,__FILE__,__LINE__); } } else { // this setting does not exist error_log(__FILE__.':'.__LINE__.': Attempting to update setting '.$var.' ('.$subvar.') which does not exist at all. The access_url is: '.$access_url.' ',0); } } } } /** * Sets a whole category of settings to one specific value * @param string Category * @param string Value * @param int Access URL. Optional. Defaults to 1 */ function api_set_settings_category($category,$value=null,$access_url=1) { if (empty($category)){return false;} $category = Database::escape_string($category); $t_s = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $access_url = (int) $access_url; if (empty($access_url)){$access_url=1;} if (isset($value)) { $value = Database::escape_string($value); $sql = "UPDATE $t_s SET selected_value = '$value' WHERE category = '$category' AND access_url = $access_url"; $res = api_sql_query($sql,__FILE__,__LINE__); if($res === false){ return false; } return true; } else { $sql = "UPDATE $t_s SET selected_value = NULL WHERE category = '$category' AND access_url = $access_url"; $res = api_sql_query($sql,__FILE__,__LINE__); if($res === false){ return false; } return true; } } /** * Get all available access urls in an array (as in the database) * @return array Array of database records */ function api_get_access_urls($from=0,$to=1000000,$order='url',$direction='ASC') { $result = array(); $t_au = Database::get_main_table(TABLE_MAIN_ACCESS_URL); $from = (int) $from; $to = (int) $to; $order = Database::escape_string($order); $direction = Database::escape_string($direction); $sql = "SELECT id, url, description, active, created_by, tms FROM $t_au ORDER BY $order $direction LIMIT $to OFFSET $from"; $res = api_sql_query($sql,__FILE__,__LINE__); if ($res !==false) { $result = api_store_result($res); } return $result; } /** * Get the access url info in an array * @param id of the access url * @return array Array with all the info (url, description, active, created_by, tms) from the access_url table * @author Julio Montoya Armas */ function api_get_access_url($id) { global $_configuration; $result = array(); // calling the Database:: library dont work this is handmade //$table_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL); $table='access_url'; $database = $_configuration['main_database']; $table_access_url = "`".$database."`.`".$table."`"; $sql = "SELECT url, description, active, created_by, tms FROM $table_access_url WHERE id = '$id' "; $res = api_sql_query($sql,__FILE__,__LINE__); $result = @mysql_fetch_array($res); return $result; } /** * Adds an access URL into the database * @param string URL * @param string Description * @param int Active (1= active, 0=disabled) * @return int The new database id, or the existing database id if this url already exists */ function api_add_access_url($u,$d='',$a=1) { $t_au = Database::get_main_table(TABLE_MAIN_ACCESS_URL); $u = Database::escape_string($u); $d = Database::escape_string($d); $a = (int) $a; $sql = "SELECT * FROM $t_au WHERE url LIKE '$u'"; $res = api_sql_query($sql,__FILE__,__LINE__); if($res === false) { //problem querying the database - return false return false; } else { if(Database::num_rows($res)>0) { return Database::result($res,0,'id'); } else { $ui = api_get_user_id(); $time = $sql = "INSERT INTO $t_au (url,description,active,created_by,tms)" ." VALUES ('$u','$d',$a,$ui,'')"; $res = api_sql_query($sql,__FILE__,__LINE__); if($res === false){return false;} return Database::insert_id(); } } } /** * Gets all the current settings for a specific access url * @param string The category, if any, that we want to get * @param string Whether we want a simple list (display a catgeory) or a grouped list (group by variable as in settings.php default). Values: 'list' or 'group' * @param int Access URL's ID. Optional. Uses 1 by default, which is the unique URL * @return array Array of database results for the current settings of the current access URL */ function api_get_settings($cat=null,$ordering='list',$access_url=1,$url_changeable=0) { $results = array(); $t_cs = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $access_url = (int) $access_url; $url_changeable_where=''; if ($url_changeable==1) { $url_changeable_where= " AND access_url_changeable= '1' "; } if (empty($access_url)) {$access_url=1;} $sql = "SELECT id, variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url, access_url_changeable " . " FROM $t_cs WHERE access_url = $access_url $url_changeable_where "; if(!empty($cat)) { $cat = Database::escape_string($cat); $sql .= " AND category='$cat' "; } if($ordering=='group') { $sql .= " GROUP BY variable ORDER BY id ASC"; } else { $sql .= " ORDER BY 1,2 ASC"; } $res = api_sql_query($sql,__FILE__,__LINE__); if ($res === false) {return $results;} $results = api_store_result($res); return $results; } /** * Gets the distinct settings categories * @param array Array of strings giving the categories we want to exclude * @param int Access URL. Optional. Defaults to 1 * @return array A list of categories */ function api_get_settings_categories($exceptions=array(),$access_url=1) { $result = array(); $access_url = (int) $access_url; $t_cs = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $list = "'".implode("','",$exceptions)."'"; $sql = "SELECT DISTINCT category FROM $t_cs"; if ($list != "'',''" and $list != "''" and !empty($list)) { $sql .= " WHERE category NOT IN ($list)"; } $r = api_sql_query($sql,__FILE__,__LINE__); if ($r === false) { return $result; } $result = api_store_result($r); return $result; } /** * Delete setting * @param string Variable * @param string Subkey * @param int Access URL * @return boolean False on failure, true on success */ function api_delete_setting($v,$s=NULL,$a=1) { if (empty($v)) {return false;} $t_cs = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $v = Database::escape_string($v); $a = (int) $a; if (empty($a)){$a=1;} if (!empty($s)) { $s = Database::escape_string($s); $sql = "DELETE FROM $t_cs WHERE variable = '$v' AND subkey = '$s' AND access_url = $a"; $r = api_sql_query($sql); return $r; } else { $sql = "DELETE FROM $t_cs WHERE variable = '$v' AND access_url = $a"; $r = api_sql_query($sql); return $r; } } /** * Delete all the settings from one category * @param string Category * @param int Access URL * @return boolean False on failure, true on success */ function api_delete_category_settings($c,$a=1) { if (empty($c)){return false;} $t_cs = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $c = Database::escape_string($c); $a = (int) $a; if(empty($a)){$a=1;} $sql = "DELETE FROM $t_cs WHERE category = '$c' AND access_url = $a"; $r = api_sql_query($sql); return $r; } /** * Sets a platform configuration setting to a given value * @param string The value we want to record * @param string The variable name we want to insert * @param string The subkey for the variable we want to insert * @param string The type for the variable we want to insert * @param string The category for the variable we want to insert * @param string The title * @param string The comment * @param string The scope * @param string The subkey text * @param int The access_url for which this parameter is valid * @param int The changeability of this setting for non-master urls * @return boolean true on success, false on failure */ function api_add_setting($val,$var,$sk=null,$type='textfield',$c=null,$title='',$com='',$sc=null,$skt=null,$a=1,$v=0) { if (empty($var) or !isset($val)) { return false; } $t_settings = Database::get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $var = Database::escape_string($var); $val = Database::escape_string($val); $a = (int) $a; if (empty($a)){$a=1;} //check if this variable doesn't exist already $select = "SELECT * FROM $t_settings WHERE variable = '$var' "; if (!empty($sk)) { $sk = Database::escape_string($sk); $select .= " AND subkey = '$sk'"; } if ($a > 1) { $select .= " AND access_url = $a"; } else { $select .= " AND access_url = 1 "; } $res = api_sql_query($select,__FILE__,__LINE__); if(Database::num_rows($res)>0) { //found item for this access_url $row = Database::fetch_array($res); return $row['id']; } else { //item not found for this access_url, we have to check if the whole thing is missing //(in which case we ignore the insert) or if there *is* a record but just for access_url=1 $insert = "INSERT INTO $t_settings " . "(variable,selected_value," . "type,category," . "subkey,title," . "comment,scope," . "subkeytext,access_url,access_url_changeable)" . " VALUES ('$var','$val',"; if (isset($type)) { $type = Database::escape_string($type); $insert .= "'$type',"; } else { $insert .= "NULL,"; } if(isset($c)) {//category $c = Database::escape_string($c); $insert .= "'$c',"; } else { $insert .= "NULL,"; } if (isset($sk)) { //subkey $sk = Database::escape_string($sk); $insert .= "'$sk',"; } else { $insert .= "NULL,"; } if(isset($title)) {//title $title = Database::escape_string($title); $insert .= "'$title',"; } else { $insert .= "NULL,"; } if (isset($com)) {//comment $com = Database::escape_string($com); $insert .= "'$com',"; } else { $insert .= "NULL,"; } if(isset($sc)) {//scope $sc = Database::escape_string($sc); $insert .= "'$sc',"; } else { $insert .= "NULL,"; } if (isset($skt)) {//subkey text $skt = Database::escape_string($skt); $insert .= "'$skt',"; } else { $insert .= "NULL,"; } $insert .= "$a,$v)"; $res = api_sql_query($insert,__FILE__,__LINE__); return $res; } } /** * Returns wether a user can or can't view the contents of a course. * * @param int $userid User id or NULL to get it from $_SESSION * @param int $cid Course id to check whether the user is allowed. * @return bool */ function api_is_course_visible_for_user( $userid = null, $cid = null ) { if ( $userid == null ) { $userid = $_SESSION['_user']['user_id']; } if( empty ($userid) or strval(intval($userid)) != $userid ) { if ( api_is_anonymous() ) { $userid = api_get_anonymous_id(); } else { return false; } } $cid = Database::escape_string($cid); global $is_platformAdmin; $course_table = Database::get_main_table(TABLE_MAIN_COURSE); $course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY); $sql = "SELECT $course_table.category_code, $course_table.visibility, $course_table.code, $course_cat_table.code FROM $course_table LEFT JOIN $course_cat_table ON $course_table.category_code = $course_cat_table.code WHERE $course_table.code = '$cid' LIMIT 1"; $result = api_sql_query($sql, __FILE__, __LINE__); if (Database::num_rows($result) > 0) { $visibility = Database::fetch_array($result); $visibility = $visibility['visibility']; } else { $visibility = 0; } //shortcut permissions in case the visibility is "open to the world" if ($visibility === COURSE_VISIBILITY_OPEN_WORLD) { return true; } if (api_get_setting('use_session_mode') != 'true') { $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER); $sql = "SELECT tutor_id, status FROM $course_user_table WHERE user_id = '$userid' AND course_code = '$cid' LIMIT 1"; $result = api_sql_query($sql, __FILE__, __LINE__); if ( Database::num_rows($result) > 0 ) { // this user have a recorded state for this course $cuData = Database::fetch_array($result); $is_courseMember = true; $is_courseTutor = ($cuData['tutor_id' ] == 1); $is_courseAdmin = ($cuData['status'] == 1); } else { // this user has no status related to this course $is_courseMember = false; $is_courseAdmin = false; $is_courseTutor = false; } $is_courseAdmin = ($is_courseAdmin || $is_platformAdmin); } else { $tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER); $sql = "SELECT tutor_id, status, role FROM $tbl_course_user WHERE user_id = '$userid' AND course_code = '$cid' LIMIT 1"; $result = api_sql_query($sql, __FILE__, __LINE__); if ( Database::num_rows($result) > 0 ) { // this user have a recorded state for this course $cuData = Database::fetch_array($result); $_courseUser['role'] = $cuData['role']; $is_courseMember = true; $is_courseTutor = ($cuData['tutor_id' ] == 1); $is_courseAdmin = ($cuData['status'] == 1); } if ( !$is_courseAdmin ) { // this user has no status related to this course // is it the session coach or the session admin ? $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER); $sql = "SELECT session.id_coach, session_admin_id, session.id FROM $tbl_session as session INNER JOIN $tbl_session_course ON session_rel_course.id_session = session.id AND session_rel_course.course_code = '$cid' LIMIT 1"; $result = api_sql_query($sql, __FILE__, __LINE__); $row = api_store_result($result); if ( $row[0]['id_coach'] == $userid ) { $_courseUser['role'] = 'Professor'; $is_courseMember = true; $is_courseTutor = true; $is_courseAdmin = false; $is_courseCoach = true; $is_sessionAdmin = false; api_session_register('_courseUser'); } elseif ( $row[0]['session_admin_id'] == $userid ) { $_courseUser['role'] = 'Professor'; $is_courseMember = false; $is_courseTutor = false; $is_courseAdmin = false; $is_courseCoach = false; $is_sessionAdmin = true; } else { // Check if the current user is the course coach $sql = "SELECT 1 FROM $tbl_session_course WHERE session_rel_course.course_code = '$cid' AND session_rel_course.id_coach = '$userid' LIMIT 1"; $result = api_sql_query($sql,__FILE__,__LINE__); if ($row = Database::fetch_array($result)) { $_courseUser['role'] = 'Professor'; $is_courseMember = true; $is_courseTutor = true; $is_courseCoach = true; $is_sessionAdmin = false; $tbl_user = Database :: get_main_table(TABLE_MAIN_USER); $sql = "SELECT status FROM $tbl_user WHERE user_id = $userid LIMIT 1"; $result = api_sql_query($sql); if ( Database::result($result, 0, 0) == 1 ){ $is_courseAdmin = true; } else { $is_courseAdmin = false; } } else { // Check if the user is a student is this session $sql = "SELECT id FROM $tbl_session_course_user WHERE id_user = '$userid' AND course_code = '$cid' LIMIT 1"; if ( Database::num_rows($result) > 0 ) { // this user have a recorded state for this course while ( $row = Database::fetch_array($result) ) { $is_courseMember = true; $is_courseTutor = false; $is_courseAdmin = false; $is_sessionAdmin = false; } } } } } } $is_allowed_in_course = false; switch ( $visibility ) { case COURSE_VISIBILITY_OPEN_WORLD: $is_allowed_in_course = true; break; case COURSE_VISIBILITY_OPEN_PLATFORM: if (isset($userid)) $is_allowed_in_course = true; break; case COURSE_VISIBILITY_REGISTERED: case COURSE_VISIBILITY_CLOSED: if ($is_platformAdmin || $is_courseMember || $is_courseAdmin) $is_allowed_in_course = true; break; default: $is_allowed_in_course = false; break; } return $is_allowed_in_course; } /** * Returns whether an element (forum, message, survey ...) belongs to a session or not * @param String the tool of the element * @param int the element id in database * @param int the session_id to compare with element session id * @return boolean true if the element is in the session, false else */ function api_is_element_in_the_session($tool, $element_id, $session_id=null) { if (is_null($session_id)) { $session_id = intval($_SESSION['id_session']); } // get informations to build query depending of the tool switch ($tool) { case TOOL_SURVEY : $table_tool = Database::get_course_table(TABLE_SURVEY); $key_field = 'survey_id'; break; case TOOL_ANNOUNCEMENT : $table_tool = Database::get_course_table(TABLE_ANNOUNCEMENT); $key_field = 'id'; break; case TOOL_AGENDA : $table_tool = Database::get_course_table(TABLE_AGENDA); $key_field = 'id'; break; case TOOL_GROUP : $table_tool = Database::get_course_table(TABLE_GROUP); $key_field = 'id'; break; default: return false; } $sql = 'SELECT session_id FROM '.$table_tool.' WHERE '.$key_field.'='.intval($element_id); $rs = api_sql_query($sql, __FILE__, __LINE__); if ($element_session_id = Database::result($rs, 0, 0)) { if ($element_session_id == intval($session_id)) { // element belongs to the session return true; } } return false; } /** * replaces "forbidden" characters in a filename string * * @author - Hugues Peeters * @author - Ren� Haentjens, UGent (RH) * @param - string $filename * @param - string $strict (optional) remove all non-ASCII * @return - the cleaned filename */ function replace_dangerous_char($filename, $strict = 'loose') { $filename = ereg_replace("\.+$", "", substr(strtr(ereg_replace( "[^!-~\x80-\xFF]", "_", trim($filename)), '\/:*?"<>|\'', /* Keep C1 controls for UTF-8 streams */ '-----_---_'), 0, 250)); if ($strict != 'strict') return $filename; return ereg_replace("[^!-~]", "x", $filename); } /** * Fixes the $_SERVER["REQUEST_URI"] that is empty in IIS6. * @author Ivan Tcholakov, 28-JUN-2006. */ function api_request_uri() { if (!empty($_SERVER['REQUEST_URI'])) { return $_SERVER['REQUEST_URI']; } else { $uri = $_SERVER['SCRIPT_NAME']; if (!empty($_SERVER['QUERY_STRING'])) { $uri .= '?'.$_SERVER['QUERY_STRING']; } $_SERVER['REQUEST_URI'] = $uri; return $uri; } } /** * Creates the "include_path" php-setting, following the rule that * PEAR packages of Dokeos should be read before other external packages. * To be used in global.inc.php only. * @author Ivan Tcholakov, 06-NOV-2008. */ function api_create_include_path_setting() { $include_path = ini_get('include_path'); if (!empty($include_path)) { $include_path_array = explode(PATH_SEPARATOR, $include_path); $dot_found = array_search('.', $include_path_array); if ($dot_found !== false) { $result = array(); foreach ($include_path_array as $path) { $result[] = $path; if ($path == '.') { // The path of Dokeos PEAR packages is to be inserted after the current directory path. $result[] = api_get_path(LIBRARY_PATH).'pear'; } } return implode(PATH_SEPARATOR, $result); } // Current directory is not listed in the include_path setting, low probability is here. return api_get_path(LIBRARY_PATH).'pear'.PATH_SEPARATOR.$include_path; } // The include_path setting is empty, low probability is here. return api_get_path(LIBRARY_PATH).'pear'; }