<?php // $Id: usermanager.lib.php 17842 2009-01-19 21:39:37Z herodoto $
/*
==============================================================================
	Dokeos - elearning and course management software

	Copyright (c) 2004-2009 Dokeos SPRL
	Copyright (c) 2003 Ghent University (UGent)
	Copyright (c) 2001 Universite catholique de Louvain (UCL)
	Copyright (c) various contributors
	Copyright (c) Bart Mollet, Hogeschool Gent

	For a full list of contributors, see "credits.txt".
	The full license can be read in "license.txt".

	This program is free software; you can redistribute it and/or
	modify it under the terms of the GNU General Public License
	as published by the Free Software Foundation; either version 2
	of the License, or (at your option) any later version.

	See the GNU General Public License for more details.

	Contact: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium, info@dokeos.com
==============================================================================
*/
/**
==============================================================================
*	This library provides functions for user management.
*	Include/require it in your code to use its functionality.
*
*	@package dokeos.library
==============================================================================
*/
// define constants for user extra field types
define('USER_FIELD_TYPE_TEXT',1);
define('USER_FIELD_TYPE_TEXTAREA',2);
define('USER_FIELD_TYPE_RADIO',3);
define('USER_FIELD_TYPE_SELECT',4);
define('USER_FIELD_TYPE_SELECT_MULTIPLE',5);
define('USER_FIELD_TYPE_DATE',6);
define('USER_FIELD_TYPE_DATETIME',7);
define('USER_FIELD_TYPE_DOUBLE_SELECT',8);
define('USER_FIELD_TYPE_DIVIDER',9);

class UserManager
{
	/**
	  * Creates a new user for the platform
	  * @author Hugues Peeters <peeters@ipm.ucl.ac.be>,
	  * 		Roan Embrechts <roan_embrechts@yahoo.com>
	  *
	  * @param	string	Firstname
	  * @param	string	Lastname
	  * @param	int   	Status (1 for course tutor, 5 for student, 6 for anonymous)
	  * @param	string	e-mail address
	  * @param	string	Login
	  * @param	string	Password
	  * @param	string	Any official code (optional)
	  * @param	int	  	User language	(optional)
	  * @param	string	Phone number	(optional)
	  * @param	string	Picture URI		(optional)
	  * @param	string	Authentication source	(optional, defaults to 'platform', dependind on constant)
	  * @param	string	Account expiration date (optional, defaults to '0000-00-00 00:00:00')
	  * @param	int		Whether the account is enabled or disabled by default
 	  * @param	int		The user ID of the person who registered this user (optional, defaults to null)
 	  * @param	int		The department of HR in which the user is registered (optional, defaults to 0)
	  * @return int     new user id - if the new user creation succeeds
	  *         boolean false otherwise
	  *
	  * @desc The function tries to retrieve $_user['user_id'] from the global space.
	  * if it exists, $_user['user_id'] is the creator id       If       a problem arises,
	  * it stores the error message in global $api_failureList
	  */
	function create_user($firstName, $lastName, $status, $email, $loginName, $password, $official_code = '', $language='', $phone = '', $picture_uri = '', $auth_source = PLATFORM_AUTH_SOURCE, $expiration_date = '0000-00-00 00:00:00', $active = 1, $hr_dept_id=0, $extra=null)
	{
		global $_user, $userPasswordCrypted;
		
		// database table definition
		$table_user = Database::get_main_table(TABLE_MAIN_USER);
		
		// default langauge
		if ($language=='')
		{
			$language = api_get_setting('platformLanguage');
		}
		
		if ($_user['user_id'])
		{
			$creator_id = $_user['user_id'];
		}
		else
		{
			$creator_id = '';
		}
		// First check wether the login already exists
		if (! UserManager::is_username_available($loginName))
			return api_set_failure('login-pass already taken');
		//$password = "PLACEHOLDER";
		$password = ($userPasswordCrypted ? md5($password) : $password);
		$sql = "INSERT INTO $table_user
					                SET lastname = '".Database::escape_string(trim($lastName))."',
					                firstname = '".Database::escape_string(trim($firstName))."',
					                username = '".Database::escape_string(trim($loginName))."',
					                status = '".Database::escape_string($status)."',
					                password = '".Database::escape_string($password)."',
					                email = '".Database::escape_string($email)."',
					                official_code	= '".Database::escape_string($official_code)."',
					                picture_uri 	= '".Database::escape_string($picture_uri)."',
					                creator_id  	= '".Database::escape_string($creator_id)."',
					                auth_source = '".Database::escape_string($auth_source)."',
				                    phone = '".Database::escape_string($phone)."',
				                    language = '".Database::escape_string($language)."', 
				                    registration_date = now(),
				                    expiration_date = '".Database::escape_string($expiration_date)."',
									hr_dept_id = '".Database::escape_string($hr_dept_id)."',
									active = '".Database::escape_string($active)."'";
		$result = api_sql_query($sql);
		if ($result)
		{
			//echo "id returned";			
			$return=Database::get_last_insert_id();
			global $_configuration;
			if (api_is_platform_admin(true) && $_configuration['multiple_access_urls']==true) {				
				require_once (api_get_path(LIBRARY_PATH).'urlmanager.lib.php');			
				if (api_get_current_access_url_id()!=-1)
					UrlManager::add_user_to_url($return, api_get_current_access_url_id());
				else
					UrlManager::add_user_to_url($return, 1);					
			}
		}
		else
		{
			//echo "false - failed" ;
			$return=false;
		}
		if(is_array($extra) AND count($extra)>0)
		{
			$res = true;
			foreach($extra as $fname => $fvalue)
			{
				$res = $res && UserManager::update_extra_field($return,$fname,$fvalue);
			}
		}
		return $return;
	}

	/**
	 * Can user be deleted?
	 * This functions checks if there's a course in which the given user is the
	 * only course administrator. If that is the case, the user can't be
	 * deleted because the course would remain without a course admin.
	 * @param int $user_id The user id
	 * @return boolean true if user can be deleted
	 */
	function can_delete_user($user_id)
	{
		$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
		$sql = "SELECT * FROM $table_course_user WHERE status = '1' AND user_id = '".$user_id."'";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		while ($course = Database::fetch_object($res))
		{
			$sql = "SELECT user_id FROM $table_course_user WHERE status='1' AND course_code ='".$course->course_code."'";
			$res2 = api_sql_query($sql,__FILE__,__LINE__);
			if (Database::num_rows($res2) == 1)
			{
				return false;
			}
		}
		return true;
	}

	/**
	 * Delete a user from the platform
	 * @param int $user_id The user id
	 * @return boolean true if user is succesfully deleted, false otherwise
	 */
	function delete_user($user_id)
	{
		if (!UserManager :: can_delete_user($user_id))
		{
			return false;
		}
		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
		$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
		$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
		$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
		$table_admin = Database :: get_main_table(TABLE_MAIN_ADMIN);
		$table_session_user = Database :: get_main_table(TABLE_MAIN_SESSION_USER);
		$table_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);

		// Unsubscribe the user from all groups in all his courses
		$sql = "SELECT * FROM $table_course c, $table_course_user cu WHERE cu.user_id = '".$user_id."' AND c.code = cu.course_code";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		while ($course = Database::fetch_object($res))
		{
			$table_group = Database :: get_course_table(TABLE_GROUP_USER, $course->db_name);
			$sql = "DELETE FROM $table_group WHERE user_id = '".$user_id."'";
			api_sql_query($sql,__FILE__,__LINE__);
		}

		// Unsubscribe user from all classes
		$sql = "DELETE FROM $table_class_user WHERE user_id = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);

		// Unsubscribe user from all courses
		$sql = "DELETE FROM $table_course_user WHERE user_id = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);
		
		// Unsubscribe user from all courses in sessions
		$sql = "DELETE FROM $table_session_course_user WHERE id_user = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);
		
		// Unsubscribe user from all sessions
		$sql = "DELETE FROM $table_session_user WHERE id_user = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);

		// Delete user picture
		$user_info = api_get_user_info($user_id);
		if(strlen($user_info['picture_uri']) > 0)
		{
			$img_path = api_get_path(SYS_CODE_PATH).'upload/users/'.$user_id.'/'.$user_info['picture_uri'];
			unlink($img_path);
		}

		// Delete the personal course categories
		$course_cat_table = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
		$sql = "DELETE FROM $course_cat_table WHERE user_id = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);

		// Delete user from database
		$sql = "DELETE FROM $table_user WHERE user_id = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);

		// Delete user from the admin table
		$sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);

		// Delete the personal agenda-items from this user
		$agenda_table = Database :: get_user_personal_table(TABLE_PERSONAL_AGENDA);
		$sql = "DELETE FROM $agenda_table WHERE user = '".$user_id."'";
		api_sql_query($sql,__FILE__,__LINE__);

		$gradebook_results_table = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
		$sql = 'DELETE FROM '.$gradebook_results_table.' WHERE user_id = '.$user_id;
		api_sql_query($sql, __FILE__, __LINE__);

		$user = Database::fetch_array($res);
		$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
		$sqlv = "DELETE FROM $t_ufv WHERE user_id = $user_id";
		$resv = api_sql_query($sqlv,__FILE__,__LINE__);
		
		return true;
	}

	/**
	 * Update user information with new openid
	 * @param int $user_id
	 * @param string $openid
	 * @return boolean true if the user information was updated
	 */
	function update_openid($user_id, $openid)
	{
		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
		$sql = "UPDATE $table_user SET
				openid='".Database::escape_string($openid)."'";
		$sql .=	" WHERE user_id='$user_id'";
		return api_sql_query($sql,__FILE__,__LINE__);
	}
	/**
	 * Update user information
	 * @param int $user_id
	 * @param string $firstname
	 * @param string $lastname
	 * @param string $username
	 * @param string $password
	 * @param string $auth_source
	 * @param string $email
	 * @param int $status
	 * @param string $official_code
	 * @param string $phone
	 * @param string $picture_uri
	 * @param int The user ID of the person who registered this user (optional, defaults to null)
	 * @param int The department of HR in which the user is registered (optional, defaults to 0)
	 * @param	array	A series of additional fields to add to this user as extra fields (optional, defaults to null)
	 * @return boolean true if the user information was updated
	 */
	function update_user($user_id, $firstname, $lastname, $username, $password = null, $auth_source = null, $email, $status, $official_code, $phone, $picture_uri, $expiration_date, $active, $creator_id= null, $hr_dept_id=0, $extra=null)
	{
		global $userPasswordCrypted;
		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
		$sql = "UPDATE $table_user SET
				lastname='".Database::escape_string($lastname)."',
				firstname='".Database::escape_string($firstname)."',
				username='".Database::escape_string($username)."',";
		if(!is_null($password))
		{
			$password = $userPasswordCrypted ? md5($password) : $password;
			$sql .= " password='".Database::escape_string($password)."',";
		}
		if(!is_null($auth_source))
		{
			$sql .=	" auth_source='".Database::escape_string($auth_source)."',";
		}
		$sql .=	"
				email='".Database::escape_string($email)."',
				status='".Database::escape_string($status)."',
				official_code='".Database::escape_string($official_code)."',
				phone='".Database::escape_string($phone)."',
				picture_uri='".Database::escape_string($picture_uri)."',
				expiration_date='".Database::escape_string($expiration_date)."',
				active='".Database::escape_string($active)."',
				hr_dept_id=".intval($hr_dept_id);
		if(!is_null($creator_id))
		{
			$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
		}
		$sql .=	" WHERE user_id='$user_id'";
		$return = api_sql_query($sql,__FILE__,__LINE__);
		if(is_array($extra) and count($extra)>0)
		{
			$res = true;
			foreach($extra as $fname => $fvalue)
			{
				$res = $res && UserManager::update_extra_field($user_id,$fname,$fvalue);
			}
		}

		return $return;
	}

	/**
	 * Check if a username is available
	 * @param string the wanted username
	 * @return boolean true if the wanted username is available
	 */
	function is_username_available($username)
	{
		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
		$sql = "SELECT username FROM $table_user WHERE username = '".addslashes($username)."'";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		return Database::num_rows($res) == 0;
	}

	/**
	* @param array $conditions a list of condition (exemple : status=>STUDENT)
	* @param array $order_by a list of fields on which sort
	* @return array An array with all users of the platform.
	* @todo optional course code parameter, optional sorting parameters...
	*/
	function get_user_list($conditions = array(), $order_by = array())
	{
		$user_table = Database :: get_main_table(TABLE_MAIN_USER);
		$return_array = array();
		$sql_query = "SELECT * FROM $user_table";
		if(count($conditions)>0)
		{
			$sql_query .= ' WHERE ';
			foreach($conditions as $field=>$value)
			{
				$sql_query .= $field.' = '.$value;
			}
		}
		if(count($order_by)>0)
		{
			$sql_query .= ' ORDER BY '.implode(',',$order_by);
		}
		$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
		while ($result = Database::fetch_array($sql_result))
		{
			$return_array[] = $result;
		}
		return $return_array;
	}
	
	
	
	/**
	 * Get user information
	 * @param 	string 	The username
	 * @return array All user information as an associative array
	 */
	function get_user_info($username)
	{
		$user_table = Database :: get_main_table(TABLE_MAIN_USER);
		$sql = "SELECT * FROM $user_table WHERE username='".$username."'";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		if(Database::num_rows($res)>0)
		{
			$user = Database::fetch_array($res);
		}
		else
		{
			$user = false;
		}
		return $user;
	}
	
	/**
	 * Get user information
	 * @param	string	The id
	 * @param	boolean	Whether to return the user's extra fields (defaults to false)
	 * @return	array 	All user information as an associative array
	 */
	function get_user_info_by_id($user_id,$user_fields=false)
	{
		$user_id = intval($user_id);
		$user_table = Database :: get_main_table(TABLE_MAIN_USER);
		$sql = "SELECT * FROM $user_table WHERE user_id=".$user_id;
		$res = api_sql_query($sql,__FILE__,__LINE__);
		if(Database::num_rows($res)>0)
		{
			$user = Database::fetch_array($res);
			$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
			$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
			$sqlf = "SELECT * FROM $t_uf ORDER BY field_order";
			$resf = api_sql_query($sqlf,__FILE__,__LINE__);
			if(Database::num_rows($resf)>0)
			{
				while($rowf = Database::fetch_array($resf))
				{
					$sqlv = "SELECT * FROM $t_ufv WHERE field_id = ".$rowf['id']." AND user_id = ".$user['user_id']." ORDER BY id DESC";
					$resv = api_sql_query($sqlv,__FILE__,__LINE__);
					if(Database::num_rows($resv)>0)
					{
						//There should be only one value for a field and a user
						$rowv = Database::fetch_array($resv);
						$user['extra'][$rowf['field_variable']] = $rowv['field_value'];
					}
					else
					{
						$user['extra'][$rowf['field_variable']] = '';
					}
				}
			}
			
		}
		else
		{
			$user = false;
		}
		return $user;
	}

	//for survey
	function get_teacher_list($course_id, $sel_teacher='')
	{
		$user_course_table = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
		$user_table = Database :: get_main_table(TABLE_MAIN_USER);
		$sql_query = "SELECT * FROM $user_table a, $user_course_table b where a.user_id=b.user_id AND b.status=1 AND b.course_code='$course_id'";
		$sql_result = api_sql_query($sql_query,__FILE__,__LINE__);
		echo "<select name=\"author\">";
		while ($result = Database::fetch_array($sql_result))
		{
			if($sel_teacher==$result['user_id']) $selected ="selected";
			echo "\n<option value=\"".$result['user_id']."\" $selected>".$result['firstname']."</option>";
		}
		echo "</select>";
	}
	
	/**
	 * Get user picture URL or path from user ID (returns an array).
	 * The return format is a complete path, enabling recovery of the directory
	 * with dirname() or the file with basename(). This also works for the
	 * functions dealing with the user's productions, as they are located in
	 * the same directory.
	 * @param	integer	User ID
	 * @param	string	Type of path to return (can be 'none','system','rel','web')
	 * @param	bool	Whether we want to have the directory name returned 'as if' there was a file or not (in the case we want to know which directory to create - otherwise no file means no split subdir)
	 * @param	bool	If we want that the function returns the /main/img/unknown.jpg image set it at true 
	 * @return	array 	Array of 2 elements: 'dir' and 'file' which contain the dir and file as the name implies if image does not exist it will return the unknow image if anonymous parameter is true if not it returns an empty array
	 */
	function get_user_picture_path_by_id($id,$type='none',$preview=false,$anonymous=false)
	{
		if(empty($id) or empty($type))
		{
			if ($anonymous) 
			{
				$dir='';
				switch($type)
				{
					case 'system': //return the complete path to the file, from root
						$dir = api_get_path(SYS_CODE_PATH).'img/';
						break;
					case 'rel': //return the relative path to the file, from the Dokeos base dir
						$dir = api_get_path(REL_CODE_PATH).'img/';
						break;
					case 'web': //return the complete web URL to the file 
						$dir = api_get_path(WEB_CODE_PATH).'img/';
						break;
					case 'none': //return only the picture_uri (as is, without subdir)
					default:
						break;
				}
				$file_anonymous='unknown.jpg';
				return array('dir'=>$dir,'file'=>$file_anonymous);
			}
			else 
			{
				return array('dir'=>'','file'=>'');
			}			
		}
		
		$user_id = intval($id);
		$user_table = Database :: get_main_table(TABLE_MAIN_USER);
		$sql = "SELECT picture_uri FROM $user_table WHERE user_id=".$user_id;
		$res = api_sql_query($sql,__FILE__,__LINE__);
		
		$user=array();
		
		if(Database::num_rows($res)>0)
		{
			$user = Database::fetch_array($res);			
		}
		else
		{									
			if ($anonymous) 
			{
				$dir='';
				switch($type)
				{
					case 'system': //return the complete path to the file, from root
						$dir = api_get_path(SYS_CODE_PATH).'img/';
						break;
					case 'rel': //return the relative path to the file, from the Dokeos base dir
						$dir = api_get_path(REL_CODE_PATH).'img/';
						break;
					case 'web': //return the complete web URL to the file 
						$dir = api_get_path(WEB_CODE_PATH).'img/';
						break;
					case 'none': //return only the picture_uri (as is, without subdir)
					default:
						break;
				}
				$file_anonymous='unknown.jpg';
				return array('dir'=>$dir,'file'=>$file_anonymous);
			}
			else 
			{
				return array('dir'=>'','file'=>'');	
			}		
		}
				
		$path = trim($user['picture_uri']);
		
		if (empty($path)) 
		{
			if ($anonymous)
			{
				switch($type)
				{
					case 'system': //return the complete path to the file, from root
						$dir = api_get_path(SYS_CODE_PATH).'img/';
						break;
					case 'rel': //return the relative path to the file, from the Dokeos base dir
						$dir = api_get_path(REL_CODE_PATH).'img/';
						break;
					case 'web': //return the complete web URL to the file 
						$dir = api_get_path(WEB_CODE_PATH).'img/';
						break;
					case 'none': //return only the picture_uri (as is, without subdir)
					default:
						break;
				}
				$file_anonymous='unknown.jpg';
				return array('dir'=>$dir,'file'=>$file_anonymous);			
			}
		}		
		
		$dir = '';
		$first = '';
		
		if(api_get_setting('split_users_upload_directory') === 'true')
		{
			if(!empty($path))
			{
				$first = substr($path,0,1).'/';
			}
			elseif($preview==true)
			{
				$first = substr(''.$user_id,0,1).'/';
			}
		}
		$first .= $user_id.'/';
				
		switch($type)
		{
			case 'system': //return the complete path to the file, from root
				$dir = api_get_path(SYS_CODE_PATH).'upload/users/'.$first;
				break;
			case 'rel': //return the relative path to the file, from the Dokeos base dir
				$dir = api_get_path(REL_CODE_PATH).'upload/users/'.$first;
				break;
			case 'web': //return the complete web URL to the file 
				$dir = api_get_path(WEB_CODE_PATH).'upload/users/'.$first;
				break;
			case 'none': //return only the picture_uri (as is, without subdir)
			default:
				break;
		}
		return array('dir'=>$dir,'file'=>$path);
	}

/*
-----------------------------------------------------------
	PRODUCTIONS FUNCTIONS
-----------------------------------------------------------
*/

	/**
	 * Returns an XHTML formatted list of productions for a user, or FALSE if he
	 * doesn't have any.
	 *
	 * If there has been a request to remove a production, the function will return
	 * without building the list unless forced to do so by the optional second
	 * parameter. This increases performance by avoiding to read through the
	 * productions on the filesystem before the removal request has been carried
	 * out because they'll have to be re-read afterwards anyway.
	 *
	 * @param	$user_id	User id
	 * @param	$force	Optional parameter to force building after a removal request
	 * @return	A string containing the XHTML code to dipslay the production list, or FALSE
	 */
	function build_production_list($user_id, $force = false, $showdelete=false)
	{
		if (!$force && !empty($_POST['remove_production']))
			return true; // postpone reading from the filesystem
	
		$productions = UserManager::get_user_productions($user_id);
	
		if (empty($productions))
			return false;
	
		$production_path = UserManager::get_user_picture_path_by_id($user_id,'web',true);
		$production_dir = $production_path['dir'].$user_id.'/';
		$del_image = api_get_path(WEB_CODE_PATH).'img/delete.gif';
		$del_text = get_lang('Delete');
	
		$production_list = '<ul id="productions">';
	
		foreach ($productions as $file)
		{
			$production_list .= '<li><a href="'.$production_dir.urlencode($file).'" target="_blank">'.htmlentities($file).'</a>';
			if ($showdelete)
			{
				$production_list .= '<input type="image" name="remove_production['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($file).'" onclick="return confirmation(\''.htmlentities($file).'\');" /></li>';
			}
		}
	
		$production_list .= '</ul>';
	
		return $production_list;
	}
	
	/**
	 * Returns an array with the user's productions.
	 *
	 * @param	$user_id	User id
	 * @return	An array containing the user's productions
	 */
	function get_user_productions($user_id)
	{
		$production_path = UserManager::get_user_picture_path_by_id($user_id,'system',true);
		$production_repository = $production_path['dir'].$user_id.'/';
		$productions = array();
	
		if (is_dir($production_repository))
		{
			$handle = opendir($production_repository);
	
			while ($file = readdir($handle))
			{
				if ($file == '.' || $file == '..' || $file == '.htaccess' || is_dir($production_repository.$file))
					continue; // skip current/parent directory and .htaccess
	
				$productions[] = $file;
			}
		}
	
		return $productions; // can be an empty array
	}
	
	/**
	 * Remove a user production.
	 *
	 * @param	$user_id		User id
	 * @param	$production	The production to remove
	 */
	function remove_user_production($user_id, $production)
	{
		$production_path = UserManager::get_user_picture_path_by_id($user_id,'system',true);
		unlink($production_path['dir'].$user_id.'/'.$production);
	}
	/**
	 * Update an extra field. This function is called when a user changes his/her profile
	 * and by consequence fills or edits his/her extra fields. 
	 * 
	 * @param	integer	Field ID
	 * @param	array	Database columns and their new value
	 * @return	boolean	true if field updated, false otherwise
	 */
	function update_extra_field($fid,$columns)
	{
		//TODO check that values added are values proposed for enumerated field types
		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$fid = Database::escape_string($fid);
		$sqluf = "UPDATE $t_uf SET ";
		$known_fields = array('id','field_variable','field_type','field_display_text','field_default_value','field_order','field_visible','field_changeable');
		$safecolumns = array(); 
		foreach($columns as $index => $newval)
		{
			if(in_array($index,$known_fields))
			{			
				$safecolumns[$index] = Database::escape_string($newval);
				$sqluf .= $index." = '".$safecolumns[$index]."', ";
			}
		}
		$time = time();
		$sqluf .= " tms = FROM_UNIXTIME($time) WHERE id='$fid'";
		$resuf = api_sql_query($sqluf,__FILE__,__LINE__);
		return $resuf;
	}
	/**
	 * Update an extra field value for a given user
	 * @param	integer	User ID
	 * @param	string	Field variable name
	 * @param	string	Field value
	 * @return	boolean	true if field updated, false otherwise
	 */
	function update_extra_field_value($user_id,$fname,$fvalue='')
	{
		//TODO check that values added are values proposed for enumerated field types
		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$t_ufo = Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
		$fname = Database::escape_string($fname);
		$fvalues = '';
		if(is_array($fvalue))
		{
			foreach($fvalue as $val)
			{
				$fvalues .= Database::escape_string($val).';';
			}
			if(!empty($fvalues))
			{
				$fvalues = substr($fvalues,0,-1);
			}
		}
		else
		{
			$fvalues = Database::escape_string($fvalue);
		}
		$sqluf = "SELECT * FROM $t_uf WHERE field_variable='$fname'";
		$resuf = api_sql_query($sqluf,__FILE__,__LINE__);
		if(Database::num_rows($resuf)==1)
		{ //ok, the field exists
			//	Check if enumerated field, if the option is available 
			$rowuf = Database::fetch_array($resuf);
			switch($rowuf['field_type'])
			{
				case 3:
				case 4:
				case 5:
					$sqluo = "SELECT * FROM $t_ufo WHERE field_id = ".$rowuf['id'];
					$resuo = api_sql_query($sqluo,__FILE__,__LINE__);
					$values = split(';',$fvalues);
					if(Database::num_rows($resuo)>0)
					{
						$check = false;
						while($rowuo = Database::fetch_array($resuo))
						{
							if(in_array($rowuo['option_value'],$values))
							{
								$check = true;
								break;
							}
						}
						if($check == false)
						{
							return false; //option value not found
						}
					}
					else
					{
						return false; //enumerated type but no option found
					}
					break;
				case 1:
				case 2:
				default:
					break;
			}
			$tms = time();
			$sqlufv = "SELECT * FROM $t_ufv WHERE user_id = $user_id AND field_id = ".$rowuf['id']." ORDER BY id";
			$resufv = api_sql_query($sqlufv,__FILE__,__LINE__);
			$n = Database::num_rows($resufv);
			if($n>1)
			{
				//problem, we already have to values for this field and user combination - keep last one
				while($rowufv = Database::fetch_array($resufv))
				{
					if($n > 1)
					{
						$sqld = "DELETE FROM $t_ufv WHERE id = ".$rowufv['id'];
						$resd = api_sql_query($sqld,__FILE__,__LINE__);
						$n--;
					}
					$rowufv = Database::fetch_array($resufv);
					if($rowufv['field_value'] != $fvalues)
					{ 
						$sqlu = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
						$resu = api_sql_query($sqlu,__FILE__,__LINE__);
						return($resu?true:false);					
					}
					return true;
				}
			}
			elseif($n==1)
			{
				//we need to update the current record
				$rowufv = Database::fetch_array($resufv);
				if($rowufv['field_value'] != $fvalues)
				{
					$sqlu = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
					//error_log('UM::update_extra_field_value: '.$sqlu);
					$resu = api_sql_query($sqlu,__FILE__,__LINE__);
					return($resu?true:false);
				}
				return true;
			}
			else
			{
				$sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms) " .
					"VALUES ($user_id,".$rowuf['id'].",'$fvalues',FROM_UNIXTIME($tms))";
				//error_log('UM::update_extra_field_value: '.$sqli);
				$resi = api_sql_query($sqli,__FILE__,__LINE__);
				return($resi?true:false);
			}
		}
		else
		{
			return false; //field not found
		}
	}
	/**
	 * Get an array of extra fieds with field details (type, default value and options)
	 * @param	integer	Offset (from which row)
	 * @param	integer	Number of items
	 * @param	integer	Column on which sorting is made
	 * @param	string	Sorting direction
	 * @param	boolean	Optional. Whether we get all the fields or just the visible ones
	 * @return	array	Extra fields details (e.g. $list[2]['type'], $list[4]['options'][2]['title']
	 */
	function get_extra_fields($from=0, $number_of_items=0, $column=5, $direction='ASC', $all_visibility=true)
	{
		$fields = array();
		$t_uf = Database :: get_main_table(TABLE_MAIN_USER_FIELD);
		$t_ufo = Database :: get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		$columns = array('id','field_variable','field_type','field_display_text','field_default_value','field_order','tms');
		$sort_direction = '';
		if(in_array(strtoupper($direction),array('ASC','DESC')))
		{
			$sort_direction = strtoupper($direction);
		}
		$sqlf = "SELECT * FROM $t_uf ";
		if($all_visibility==false)
		{
			$sqlf .= " WHERE field_visible = 1 ";
		}
		$sqlf .= " ORDER BY ".$columns[$column]." $sort_direction " ;
		if($number_of_items != 0)
		{
			$sqlf .= " LIMIT ".Database::escape_string($from).','.Database::escape_string($number_of_items);
		}
		$resf = api_sql_query($sqlf,__FILE__,__LINE__);
		if(Database::num_rows($resf)>0)
		{
			while($rowf = Database::fetch_array($resf))
			{
				
				$fields[$rowf['id']] = array(
					0=>$rowf['id'],
					1=>$rowf['field_variable'],
					2=>$rowf['field_type'],
					//3=>(empty($rowf['field_display_text'])?'':get_lang($rowf['field_display_text'],'')),
					//temporarily removed auto-translation. Need update to get_lang() to know if translation exists (todo)
					3=>(empty($rowf['field_display_text'])?'':$rowf['field_display_text']),
					4=>$rowf['field_default_value'],
					5=>$rowf['field_order'],
					6=>$rowf['field_visible'],
					7=>$rowf['field_changeable'],
					8=>array()
				);
				$sqlo = "SELECT * FROM $t_ufo WHERE field_id = ".$rowf['id']." ORDER BY option_order ASC";
				$reso = api_sql_query($sqlo,__FILE__,__LINE__);
				if(Database::num_rows($reso)>0)
				{
					while($rowo = Database::fetch_array($reso))
					{
						$fields[$rowf['id']][8][$rowo['id']] = array(
							0=>$rowo['id'],
							1=>$rowo['option_value'],
							//2=>(empty($rowo['option_display_text'])?'':get_lang($rowo['option_display_text'],'')),
							2=>(empty($rowo['option_display_text'])?'':$rowo['option_display_text']),
							3=>$rowo['option_order']
						);
					}					
				}
			}
		}
			
		return $fields;
	}
	
	/**
	 * Get the list of options attached to an extra field
	 * @param string $fieldname the name of the field
	 * @return array the list of options
	 */
	function get_extra_field_options($field_name)
	{
		$t_uf = Database :: get_main_table(TABLE_MAIN_USER_FIELD);
		$t_ufo = Database :: get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		
		$sql = 'SELECT options.* 
				FROM '.$t_ufo.' options 
				INNER JOIN '.$t_uf.' fields
					ON fields.id = options.field_id
					AND fields.field_variable="'.Database::escape_string($field_name).'"';
		$rs = api_sql_query($sql, __FILE__, __LINE__);
		return api_store_result($rs);
	}
	
	
	/**
	 * Get the number of extra fields currently recorded
	 * @param	boolean	Optional switch. true (default) returns all fields, false returns only visible fields
	 * @return	integer	Number of fields
	 */
	function get_number_of_extra_fields($all_visibility=true)
	{
		$t_uf = Database :: get_main_table(TABLE_MAIN_USER_FIELD);
		$sqlf = "SELECT * FROM $t_uf ";
		if($all_visibility == false)
		{
			$sqlf .= " WHERE field_visible = 1 ";
		}
		$sqlf .= " ORDER BY field_order";
		$resf = api_sql_query($sqlf,__FILE__,__LINE__);
		return Database::num_rows($resf);
	}
	/**
	  * Creates a new extra field
	  * @param	string	Field's internal variable name
	  * @param	int		Field's type
	  * @param	string	Field's language var name
	  * @param	string	Field's default value
	  * @param	string	Optional comma-separated list of options to provide for select and radio
	  * @return int     new user id - if the new user creation succeeds, false otherwise
	  */
	function create_extra_field($fieldvarname, $fieldtype, $fieldtitle, $fielddefault, $fieldoptions='')
	{		
		// database table definition
		$table_field 		= Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$table_field_options= Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		
		// First check wether the login already exists
		if (! UserManager::is_extra_field_available($fieldvarname))
			return api_set_failure('login-pass already taken');
		$sql = "SELECT MAX(field_order) FROM $table_field";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		$order = 0;
		if(Database::num_rows($res)>0)
		{
			$row = Database::fetch_array($res);
			$order = $row[0]+1;
		}
		$time = time();
		$sql = "INSERT INTO $table_field
					                SET field_type = '".Database::escape_string($fieldtype)."',
					                field_variable = '".Database::escape_string($fieldvarname)."',
					                field_display_text = '".Database::escape_string($fieldtitle)."',
					                field_default_value = '".Database::escape_string($fielddefault)."',
					                field_order = '$order',
					                tms = FROM_UNIXTIME($time)";
		$result = api_sql_query($sql);
		if ($result)
		{
			//echo "id returned";
			$return=Database::get_last_insert_id();
		}
		else
		{
			//echo "false - failed" ;
			return false;
		}
		
		if(!empty($fieldoptions) && in_array($fieldtype,array(USER_FIELD_TYPE_RADIO,USER_FIELD_TYPE_SELECT,USER_FIELD_TYPE_SELECT_MULTIPLE,USER_FIELD_TYPE_DOUBLE_SELECT)))
		{
			if($fieldtype == USER_FIELD_TYPE_DOUBLE_SELECT)
			{
				$twolist = explode('|', $fieldoptions);
				$counter = 0;
				foreach ($twolist as $individual_list)
				{
					$splitted_individual_list = split(';',$individual_list);
					foreach	($splitted_individual_list as $individual_list_option)				
					{
						//echo 'counter:'.$counter; 
						if ($counter == 0)
						{
							$list[] = $individual_list_option;
						}
						else 
						{
							$list[] = str_repeat('*',$counter).$individual_list_option;
						}
					}
					$counter++;
				}
			}
			else 
			{
				$list = split(';',$fieldoptions);
			}
			foreach($list as $option)
			{
				$option = Database::escape_string($option);
				$sql = "SELECT * FROM $table_field_options WHERE field_id = $return AND option_value = '".$option."'";
				$res = api_sql_query($sql,__FILE__,__LINE__);
				if(Database::num_rows($res)>0)
				{
					//the option already exists, do nothing
				}
				else
				{
					$sql = "SELECT MAX(option_order) FROM $table_field_options WHERE field_id = $return";
					$res = api_sql_query($sql,__FILE__,__LINE__);
					$max = 1;
					if(Database::num_rows($res)>0)
					{
						$row = Database::fetch_array($res);
						$max = $row[0]+1;
					}
					$time = time();
					$sql = "INSERT INTO $table_field_options (field_id,option_value,option_display_text,option_order,tms) VALUES ($return,'$option','$option',$max,FROM_UNIXTIME($time))";
					$res = api_sql_query($sql,__FILE__,__LINE__);
					if($res === false)
					{
						$return = false;
					}
				}
			}
		}
		return $return;
	}
	
	/**
	  * Save the changes in the definition of the extra user profile field
	  * The function is called after you (as admin) decide to store the changes you have made to one of the fields you defined
	  * 
	  * There is quite some logic in this field
	  * 1.  store the changes to the field (tupe, name, label, default text)
	  * 2.  remove the options and the choices of the users from the database that no longer occur in the form field 'possible values'. We should only remove
	  * 	the options (and choices) that do no longer have to appear. We cannot remove all options and choices because if you remove them all 
	  * 	and simply re-add them all then all the user who have already filled this form will loose their selected value. 
	  * 3.	we add the options that are newly added
	  * 
	  * @example 	current options are a;b;c and the user changes this to a;b;x (removing c and adding x)
	  * 			we first remove c (and also the entry in the option_value table for the users who have chosen this)
	  * 			we then add x
	  * 			a and b are neither removed nor added
	  * 
	  * @param 	integer $fieldid		the id of the field we are editing
	  * @param	string	$fieldvarname	the internal variable name of the field
	  * @param	int		$fieldtype		the type of the field
	  * @param	string	$fieldtitle		the title of the field
	  * @param	string	$fielddefault	the default value of the field
	  * @param	string	$fieldoptions	Optional comma-separated list of options to provide for select and radio
	  * @return boolean true
	  * 
	  * 
	  * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Belgium
	  * @version July 2008
	  * @since Dokeos 1.8.6
	  */
	function save_extra_field_changes($fieldid, $fieldvarname, $fieldtype, $fieldtitle, $fielddefault, $fieldoptions='')
	{		
		// database table definition
		$table_field 				= Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$table_field_options		= Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		$table_field_options_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
		
		// we first update the field definition with the new values
		$time = time();
		$sql = "UPDATE $table_field
					                SET field_type = '".Database::escape_string($fieldtype)."',
					                field_variable = '".Database::escape_string($fieldvarname)."',
					                field_display_text = '".Database::escape_string($fieldtitle)."',
					                field_default_value = '".Database::escape_string($fielddefault)."',
					                tms = FROM_UNIXTIME($time)
					                WHERE id = '".Database::escape_string($fieldid)."'";
		$result = api_sql_query($sql,__FILE__,__LINE__);

		// we create an array with all the options (will be used later in the script)
		if ($fieldtype == USER_FIELD_TYPE_DOUBLE_SELECT) {
			$twolist = explode('|', $fieldoptions);
			$counter = 0;
			foreach ($twolist as $individual_list) {
				$splitted_individual_list = split(';',$individual_list);
				foreach	($splitted_individual_list as $individual_list_option) {
					//echo 'counter:'.$counter; 
					if ($counter == 0) {
						$list[] = trim($individual_list_option);
					} else {
						$list[] = str_repeat('*',$counter).trim($individual_list_option);
					}
				}
				$counter++;
			}
		}
		else 
		{
			$templist = split(';',$fieldoptions);
			$list = array_map('trim', $templist);
		}		

		// Remove all the field options (and also the choices of the user) that are NOT in the new list of options
		$sql = "SELECT * FROM $table_field_options WHERE option_value NOT IN ('".implode("','", $list)."') AND field_id = '".Database::escape_string($fieldid)."'";
		$result = api_sql_query($sql,__FILE__,__LINE__);
		$return['deleted_options'] = 0;
		while ($row = Database::fetch_array($result))
		{
			// deleting the option
			$sql_delete_option = "DELETE FROM $table_field_options WHERE id='".Database::escape_string($row['id'])."'";
			$result_delete_option = api_sql_query($sql_delete_option,__FILE__,__LINE__);
			$return['deleted_options']++;
			
			// deleting the answer of the user who has chosen this option
			$sql_delete_option_value = "DELETE FROM $table_field_options_values WHERE field_id = '".Database::escape_string($fieldid)."' AND field_value = '".Database::escape_string($row['option_value'])."'";
			$result_delete_option_value = api_sql_query($sql_delete_option_value,__FILE__,__LINE__);
			$return['deleted_option_values'] = $return['deleted_option_values'] + Database::affected_rows();
		}
		
		// we now try to find the field options that are newly added
		$sql = "SELECT * FROM $table_field_options WHERE field_id = '".Database::escape_string($fieldid)."'";
		$result = api_sql_query($sql,__FILE__,__LINE__);
		while ($row = Database::fetch_array($result))
		{
			// we remove every option that is already in the database from the $list
			if (in_array(trim($row['option_display_text']),$list))
			{
				$key = array_search(trim($row['option_display_text']),$list);
				unset($list[$key]);
			}
		}
		
		// we store the new field options in the database
		foreach ($list as $key=>$option)
		{
			$sql = "SELECT MAX(option_order) FROM $table_field_options WHERE field_id = '".Database::escape_string($fieldid)."'";
			$res = api_sql_query($sql,__FILE__,__LINE__);
			$max = 1;
			if(Database::num_rows($res)>0)
			{
				$row = Database::fetch_array($res);
				$max = $row[0]+1;
			}
			$time = time();
			$sql = "INSERT INTO $table_field_options (field_id,option_value,option_display_text,option_order,tms) VALUES ('".Database::escape_string($fieldid)."','".Database::escape_string($option)."','".Database::escape_string($option)."',$max,FROM_UNIXTIME($time))";				
			$result = api_sql_query($sql,__FILE__,__LINE__);
		}
		return true;
	}	
	
	/**
	 * Check if a field is available
	 * @param	string	the wanted username
	 * @return	boolean	true if the wanted username is available
	 */
	function is_extra_field_available($fieldname)
	{
		$t_uf = Database :: get_main_table(TABLE_MAIN_USER_FIELD);
		$sql = "SELECT * FROM $t_uf WHERE field_variable = '".Database::escape_string($fieldname)."'";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		return Database::num_rows($res) <= 0;
	}
	/**
	 * Gets user extra fields data
	 * @param	integer	User ID
	 * @param	boolean	Whether to prefix the fields indexes with "extra_" (might be used by formvalidator)
	 * @param	boolean	Whether to return invisible fields as well
	 * @param	boolean	Whether to split multiple-selection fields or not
	 * @return	array	Array of fields => value for the given user
	 */
	function get_extra_user_data($user_id, $prefix=false, $all_visibility = true, $splitmultiple=false)
	{
		$extra_data = array();
		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
		$user_id = Database::escape_string($user_id);
		$sql = "SELECT f.id as id, f.field_variable as fvar, f.field_type as type FROM $t_uf f ";
		if($all_visibility == false)
		{
			$sql .= " WHERE f.field_visible = 1 ";
		}
		$sql .= " ORDER BY f.field_order";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		if(Database::num_rows($res)>0)
		{
			while($row = Database::fetch_array($res))
			{
				$sqlu = "SELECT field_value as fval " .
						" FROM $t_ufv " .
						" WHERE field_id=".$row['id']."" .
						" AND user_id=".$user_id;
				$resu = api_sql_query($sqlu,__FILE__,__LINE__);
				$fval = '';
				// get default value
				$sql_df = "SELECT field_default_value as fval_df " .
						" FROM $t_uf " .
						" WHERE id=".$row['id'];
				$res_df = api_sql_query($sql_df,__FILE__,__LINE__);						
				if(Database::num_rows($resu)>0)
				{
					$rowu = Database::fetch_array($resu);					
					$fval = $rowu['fval'];
					if($row['type'] ==  USER_FIELD_TYPE_SELECT_MULTIPLE)
					{
						$fval = split(';',$rowu['fval']);
					}					
				} else {					
					$row_df = Database::fetch_array($res_df);
					$fval = $row_df['fval_df'];
				}
				if($prefix)
				{
					if ($row['type'] ==  USER_FIELD_TYPE_RADIO)
					{
						$extra_data['extra_'.$row['fvar']]['extra_'.$row['fvar']] = $fval;
					}
					else
					{
						$extra_data['extra_'.$row['fvar']] = $fval;
					} 
				}
				else
				{
					if ($row['type'] ==  USER_FIELD_TYPE_RADIO)
					{
						$extra_data['extra_'.$row['fvar']]['extra_'.$row['fvar']] = $fval;
					}
					else
					{
						$extra_data[$row['fvar']] = $fval;
					} 
				}
			}
		}
		
		return $extra_data;
	}	
	
	function get_extra_user_data_by_field($user_id, $field_variable, $prefix=false, $all_visibility = true, $splitmultiple=false)
	{
		$extra_data = array();
		$t_uf = Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
		$user_id = Database::escape_string($user_id);
		$sql = "SELECT f.id as id, f.field_variable as fvar, f.field_type as type FROM $t_uf f ";
		
		$sql.=" WHERE f.field_variable = '$field_variable' ";
		
		if($all_visibility == false)
		{
			$sql .= " AND f.field_visible = 1 ";
		}
			
		$sql .= " ORDER BY f.field_order";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		if(Database::num_rows($res)>0)
		{
			while($row = Database::fetch_array($res))
			{
				$sqlu = "SELECT field_value as fval " .
						" FROM $t_ufv " .
						" WHERE field_id=".$row['id']."" .
						" AND user_id=".$user_id;
				$resu = api_sql_query($sqlu,__FILE__,__LINE__);
				$fval = '';
				if(Database::num_rows($resu)>0)
				{
					$rowu = Database::fetch_array($resu);
					$fval = $rowu['fval'];
					if($row['type'] ==  USER_FIELD_TYPE_SELECT_MULTIPLE)
					{
						$fval = split(';',$rowu['fval']);
					}
				}
				if($prefix)
				{
					$extra_data['extra_'.$row['fvar']] = $fval; 
				}
				else
				{
					$extra_data[$row['fvar']] = $fval; 
				}
			}
		}		
		return $extra_data;
	}
	
	
	
	
	/**
	 * Get all the extra field information of a certain field (also the options)
	 *
	 * @param integer $field_name the name of the field we want to know everything of
	 * @return array $return containing all th information about the extra profile field 
	 * @author Julio Montoya
	 * @since Dokeos 1.8.6
	 */
	function get_extra_field_information_by_name($field_variable)
	{
		// database table definition
		$table_field 			= Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$table_field_options	= Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		
		// all the information of the field
		$sql = "SELECT * FROM $table_field WHERE field_variable='".Database::escape_string($field_variable)."'";
		$result = api_sql_query($sql,__FILE__,__LINE__);
		$return = Database::fetch_array($result);
		
		// all the options of the field
		$sql = "SELECT * FROM $table_field_options WHERE field_variable='".Database::escape_string($field_variable)."' ORDER BY option_order ASC";
		$result = api_sql_query($sql,__FILE__,__LINE__);
		while ($row = Database::fetch_array($result))
		{
			$return['options'][$row['id']] = $row;
		}		
		return $return;
	}
	
	
	/**
	 * Get all the extra field information of a certain field (also the options)
	 *
	 * @param integer $field_name the name of the field we want to know everything of
	 * @return array $return containing all th information about the extra profile field 
	 * @author Julio Montoya
	 * @since Dokeos 1.8.6
	 */
	function get_extra_field_information($field_id)
	{
		// database table definition
		$table_field 			= Database::get_main_table(TABLE_MAIN_USER_FIELD);
		$table_field_options	= Database::get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
		
		// all the information of the field
		$sql = "SELECT * FROM $table_field WHERE id='".Database::escape_string($field_id)."'";
		$result = api_sql_query($sql,__FILE__,__LINE__);
		$return = Database::fetch_array($result);
		
		// all the options of the field
		$sql = "SELECT * FROM $table_field_options WHERE field_id='".Database::escape_string($field_id)."' ORDER BY option_order ASC";
		$result = api_sql_query($sql,__FILE__,__LINE__);
		while ($row = Database::fetch_array($result))
		{
			$return['options'][$row['id']] = $row;
		}		
		return $return;
	}
	
	
	
	/**
	 * Gives a list of [session_id-course_code] => [status] for the current user.
	 * @param integer $user_id
	 * @return array  list of statuses (session_id-course_code => status)
	 */
	function get_personal_session_course_list($user_id)
	{
		// Database Table Definitions
		$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
		$tbl_course 				= Database :: get_main_table(TABLE_MAIN_COURSE);
		$tbl_user 					= Database :: get_main_table(TABLE_MAIN_USER);
		$tbl_session 				= Database :: get_main_table(TABLE_MAIN_SESSION);
		$tbl_session_user			= Database :: get_main_table(TABLE_MAIN_SESSION_USER);
		$tbl_course_user 			= Database :: get_main_table(TABLE_MAIN_COURSE_USER);
		$tbl_session_course 		= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
		$tbl_session_course_user 	= Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
	
		// variable initialisation
		$personal_course_list_sql = '';
		$personal_course_list = array();
	
		//Courses in which we suscribed out of any session
		/*$personal_course_list_sql = "SELECT course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i,
											course.tutor_name t, course.course_language l, course_rel_user.status s, course_rel_user.sort sort,
											course_rel_user.user_course_cat user_course_cat
											FROM    ".$tbl_course."       course,".$main_course_user_table."   course_rel_user
											WHERE course.code = course_rel_user.course_code"."
											AND   course_rel_user.user_id = '".$user_id."'
											ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC,i";*/
	
		$tbl_user_course_category    = Database :: get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
		
		$personal_course_list_sql = "SELECT course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, course.tutor_name t, course.course_language l, course_rel_user.status s, course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat
										FROM    ".$tbl_course_user." course_rel_user
										LEFT JOIN ".$tbl_course." course
										ON course.code = course_rel_user.course_code
										LEFT JOIN ".$tbl_user_course_category." user_course_category
										ON course_rel_user.user_course_cat = user_course_category.id
										WHERE  course_rel_user.user_id = '".$user_id."'
										ORDER BY user_course_category.sort, course_rel_user.sort ASC, i";
		
		$course_list_sql_result = api_sql_query($personal_course_list_sql, __FILE__, __LINE__);
		
		while ($result_row = Database::fetch_array($course_list_sql_result))
		{
			$personal_course_list[] = $result_row;
		}
	
		// get the list of sessions where the user is subscribed as student
		$sessions_sql = "SELECT DISTINCT id, name, date_start, date_end
								FROM $tbl_session_user, $tbl_session
								WHERE id_session=id AND id_user=$user_id
								AND (date_start <= CURDATE() AND date_end >= CURDATE() OR date_start='0000-00-00')
								ORDER BY date_start, date_end, name";
		$result = api_sql_query($sessions_sql,__FILE__,__LINE__);
	
		$sessions=api_store_result($result);
	
		$sessions = array_merge($sessions , api_store_result($result));
	
		// get the list of sessions where the user is subscribed as coach in a course
		$sessions_sql = "SELECT DISTINCT id, name, date_start, date_end, DATE_SUB(date_start, INTERVAL nb_days_access_before_beginning DAY), ADDDATE(date_end, INTERVAL nb_days_access_after_end DAY)
								FROM $tbl_session as session
								INNER JOIN $tbl_session_course as session_rel_course
									ON session_rel_course.id_session = session.id
									AND session_rel_course.id_coach = $user_id
								WHERE 
									( CURDATE() >= DATE_SUB(date_start, INTERVAL nb_days_access_before_beginning DAY) AND
									  CURDATE() <= ADDDATE(date_end, INTERVAL nb_days_access_after_end DAY) OR 
									  date_start='0000-00-00')
								ORDER BY date_start, date_end, name";
		
		$result = api_sql_query($sessions_sql,__FILE__,__LINE__);
	
		$session_is_coach = api_store_result($result);
	
		$sessions = array_merge($sessions , $session_is_coach);
	
		// get the list of sessions where the user is subscribed as coach
		$sessions_sql = "SELECT DISTINCT id, name, date_start, date_end
								FROM $tbl_session as session
								WHERE session.id_coach = $user_id
                                AND
                                ( CURDATE() >= DATE_SUB(date_start, INTERVAL nb_days_access_before_beginning DAY) AND
                                  CURDATE() <= ADDDATE(date_end, INTERVAL nb_days_access_after_end DAY) OR
                                  date_start='0000-00-00')
								ORDER BY date_start, date_end, name";
		$result = api_sql_query($sessions_sql,__FILE__,__LINE__);
	
		$sessions = array_merge($sessions , api_store_result($result));
	
	
		if(api_is_allowed_to_create_course())
		{
			foreach($sessions as $enreg)
			{
				$id_session = $enreg['id'];
				$personal_course_list_sql = "SELECT DISTINCT course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, CONCAT(user.lastname,' ',user.firstname) t, email, course.course_language l, 1 sort, category_code user_course_cat, date_start, date_end, session.id as id_session, session.name as session_name
											 FROM $tbl_session_course as session_course
											 INNER JOIN $tbl_course AS course
											 	ON course.code = session_course.course_code
											 INNER JOIN $tbl_session as session
												ON session.id = session_course.id_session
											 LEFT JOIN $tbl_user as user
												ON user.user_id = session_course.id_coach
											 WHERE session_course.id_session = $id_session
											 AND (session_course.id_coach=$user_id OR session.id_coach=$user_id)
											ORDER BY i";
	
				$course_list_sql_result = api_sql_query($personal_course_list_sql, __FILE__, __LINE__);
	
				while ($result_row = Database::fetch_array($course_list_sql_result))
				{
					$result_row['s'] = 2;
					$key = $result_row['id_session'].' - '.$result_row['k'];
					$personal_course_list[$key] = $result_row;
				}
			}
	
		}
	
		foreach($sessions as $enreg)
		{
			$id_session = $enreg['id'];
			$personal_course_list_sql = "SELECT DISTINCT course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, CONCAT(user.lastname,' ',user.firstname) t, email, course.course_language l, 1 sort, category_code user_course_cat, date_start, date_end, session.id as id_session, session.name as session_name, IF(session_course.id_coach = ".$user_id.",'2', '5')
										 FROM $tbl_session_course as session_course
										 INNER JOIN $tbl_course AS course
										 	ON course.code = session_course.course_code
										 LEFT JOIN $tbl_user as user
											ON user.user_id = session_course.id_coach
										 INNER JOIN $tbl_session_course_user
											ON $tbl_session_course_user.id_session = $id_session
											AND $tbl_session_course_user.id_user = $user_id
										INNER JOIN $tbl_session  as session
											ON session_course.id_session = session.id
										 WHERE session_course.id_session = $id_session
										 ORDER BY i";
	
			$course_list_sql_result = api_sql_query($personal_course_list_sql, __FILE__, __LINE__);
	
			while ($result_row = Database::fetch_array($course_list_sql_result))
			{
				$key = $result_row['id_session'].' - '.$result_row['k'];
				$result_row['s'] = $result_row['14'];
	
				if(!isset($personal_course_list[$key]))
				{
					$personal_course_list[$key] = $result_row;
				}
			}
		}
		//print_r($personal_course_list);
	
		return $personal_course_list;
	}
	/**
	 * Get user id from a username
	 * @param	string	Username
	 * @return	int		User ID (or false if not found)
	 */
	function get_user_id_from_username($username) {
		$username = Database::escape_string($username);
		$t_user = Database::get_main_table(TABLE_MAIN_USER);
		$sql = "SELECT user_id FROM $t_user WHERE username = '$username'";
		$res = api_sql_query($sql,__FILE__,__LINE__);
		if ($res===false) { return false; }
		if (Database::num_rows($res)!==1) { return false; }
		$row = Database::fetch_array($res);
		return $row['user_id'];
	}
    /**
     * Gets the API key (or keys) and return them into an array
     * @param   int     Optional user id (defaults to the result of api_get_user_id())
     * @result  array   Non-indexed array containing the list of API keys for this user, or FALSE on error
     */
    function get_api_keys($user_id=null) {
    	if ($user_id != strval(intval($user_id))) return false;
        if (empty($user_id)) { $user_id = api_get_user_id(); }
        if ($user_id === false) return false;
        $t_api = Database::get_main_table('TABLE_MAIN_USER_API_KEY');
        $sql = "SELECT id, api_key FROM $t_api WHERE user_id = ".$user_id;
        $res = api_sql_query($sql,__FILE__,__LINE__);
        if ($res === false) return false; //error during query
        $num = Database::num_rows($res);
        if ($num == 0) return false;
        $list = array();
        while ($row = Database::fetch_array($res)) {
        	$list[$row['id']] = $row['api_key'];
        }
        return $list;
    }
    /**
     * Adds a new API key to the users' account
     * @param   int     Optional user ID (defaults to the results of api_get_user_id())
     * @return  boolean True on success, false on failure
     */
    function add_api_key($user_id=null) {
        if ($user_id != strval(intval($user_id))) return false;
        if (empty($user_id)) { $user_id = api_get_user_id(); }
        if ($user_id === false) return false;
        $t_api = Database::get_main_table('TABLE_MAIN_USER_API_KEY');
        $md5 = md5((time()+($user_id*5))-rand(10000)); //generate some kind of random key
        $sql = "INSERT INTO $t_api (user_id, api_key) VALUES ($user_id,'$md5')";
        $res = api_sql_query($sql,__FILE__,__LINE__);
        if ($res === false) return false; //error during query
        $num = Database::insert_id();
        if ($num == 0) return false;
        return $num;    	
    }
    /**
     * Deletes an API key from the user's account
     * @param   int     API key's internal ID
     * @return  boolean True on success, false on failure
     */
    function delete_api_key($key_id) {
        if ($key_id != strval(intval($key_id))) return false;
        if ($key_id === false) return false;
        $t_api = Database::get_main_table('TABLE_MAIN_USER_API_KEY');
        $sql = "SELECT * FROM $t_api WHERE id = ".$key_id;
        $res = api_sql_query($sql,__FILE__,__LINE__);
        if ($res === false) return false; //error during query
        $num = Database::num_rows($res);
        if ($num !== 1) return false;
        $sql = "DELETE FROM $t_api WHERE id = ".$key_id;        
        $res = api_sql_query($sql,__FILE__,__LINE__);
        if ($res === false) return false; //error during query
        return true;        
    }
}