'; $htmlHeadXtra[] = ''; $htmlHeadXtra[] = ''; $this_section = SECTION_PLATFORM_ADMIN; api_protect_admin_script(true); /** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int User ID * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier */ function login_user($user_id) { //init --------------------------------------------------------------------- //Load $_user to be sure we clean it before logging in global $uidReset, $loginFailed, $_configuration, $_user; $main_user_table = Database :: get_main_table(TABLE_MAIN_USER); $main_admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $track_e_login_table = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); //logic -------------------------------------------------------------------- unset($_user['user_id']); // uid not in session ? prevent any hacking if (!isset ($user_id)) { $uidReset = true; return; } if ($user_id != strval(intval($user_id))) { return false; } $sql_query = "SELECT * FROM $main_user_table WHERE user_id='$user_id'"; $sql_result = api_sql_query($sql_query, __FILE__, __LINE__); $result = Database :: fetch_array($sql_result); // check if the user is allowed to 'login_as' $can_login_as = (api_is_platform_admin() OR (api_is_session_admin() && $result['status'] == 5 )); if (!$can_login_as) { return false; } $firstname = $result['firstname']; $lastname = $result['lastname']; $user_id = $result['user_id']; //$message = "Attempting to login as ".$firstname." ".$lastname." (id ".$user_id.")"; $message = sprintf(get_lang('AttemptingToLoginAs'),$firstname,$lastname,$user_id); $loginFailed = false; $uidReset = false; if ($user_id) { // a uid is given (log in succeeded) if ($_configuration['tracking_enabled']) { $sql_query = "SELECT user.*, a.user_id is_admin, UNIX_TIMESTAMP(login.login_date) login_date FROM $main_user_table LEFT JOIN $main_admin_table a ON user.user_id = a.user_id LEFT JOIN $track_e_login_table login ON user.user_id = login.login_user_id WHERE user.user_id = '".$user_id."' ORDER BY login.login_date DESC LIMIT 1"; } else { $sql_query = "SELECT user.*, a.user_id is_admin FROM $main_user_table LEFT JOIN $main_admin_table a ON user.user_id = a.user_id WHERE user.user_id = '".$user_id."'"; } $sql_result = Database::query($sql_query, __FILE__, __LINE__); if (Database::num_rows($sql_result) > 0) { // Extracting the user data $user_data = Database::fetch_array($sql_result); //Delog the current user LoginDelete($_SESSION["_user"]["user_id"]); // Cleaning session variables unset($_SESSION['_user']); unset($_SESSION['is_platformAdmin']); unset($_SESSION['is_allowedCreateCourse']); unset($_SESSION['_uid']); $_user['firstName'] = $user_data['firstname']; $_user['lastName'] = $user_data['lastname']; $_user['mail'] = $user_data['email']; $_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $user_data['official_code']; $_user['picture_uri'] = $user_data['picture_uri']; $_user['user_id'] = $user_data['user_id']; $_user['status'] = $user_data['status']; $is_platformAdmin = (bool) (!is_null($user_data['is_admin'])); $is_allowedCreateCourse = (bool) ($user_data['status'] == 1); // Filling session variables with new data $_SESSION['_uid'] = $user_id; $_SESSION['_user'] = $_user; $_SESSION['is_platformAdmin'] = $is_platformAdmin; $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse; $_SESSION['login_as'] = true; // will be usefull later to know if the user is actually an admin or not (example reporting)s $target_url = api_get_path(WEB_PATH)."user_portal.php"; //$message .= "
Login successful. Go to $target_url"; $message .= '
'.sprintf(get_lang('LoginSuccessfulGoToX'),''.$target_url.''); Display :: display_header(get_lang('UserList')); Display :: display_normal_message($message,false); Display :: display_footer(); exit; } else { exit ("
WARNING UNDEFINED UID !! "); } } } /** * Get the total number of users on the platform * @see SortableTable#get_total_number_of_items() */ function get_number_of_users() { $user_table = Database :: get_main_table(TABLE_MAIN_USER); $sql = "SELECT COUNT(u.user_id) AS total_number_of_items FROM $user_table u"; // adding the filter to see the user's only of the current access_url global $_configuration; if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { $access_url_rel_user_table= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)"; } if ( isset ($_GET['keyword'])) { $keyword = Database::escape_string($_GET['keyword']); $sql .= " WHERE (u.firstname LIKE '%".$keyword."%' OR u.lastname LIKE '%".$keyword."%' OR u.username LIKE '%".$keyword."%' OR u.email LIKE '%".$keyword."%' OR u.official_code LIKE '%".$keyword."%') "; } elseif (isset ($_GET['keyword_firstname'])) { $admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $keyword_firstname = Database::escape_string($_GET['keyword_firstname']); $keyword_lastname = Database::escape_string($_GET['keyword_lastname']); $keyword_email = Database::escape_string($_GET['keyword_email']); $keyword_officialcode = Database::escape_string($_GET['keyword_officialcode']); $keyword_username = Database::escape_string($_GET['keyword_username']); $keyword_status = Database::escape_string($_GET['keyword_status']); $query_admin_table = ''; $keyword_admin = ''; if ($keyword_status == SESSIONADMIN) { $keyword_status = '%'; $query_admin_table = " , $admin_table a "; $keyword_admin = ' AND a.user_id = u.user_id '; } $keyword_active = isset($_GET['keyword_active']); $keyword_inactive = isset($_GET['keyword_inactive']); $sql .= $query_admin_table . " WHERE (u.firstname LIKE '%".$keyword_firstname."%' " . "AND u.lastname LIKE '%".$keyword_lastname."%' " . "AND u.username LIKE '%".$keyword_username."%' " . "AND u.email LIKE '%".$keyword_email."%' " . "AND u.official_code LIKE '%".$keyword_officialcode."%' " . "AND u.status LIKE '".$keyword_status."'" . $keyword_admin; if($keyword_active && !$keyword_inactive) { $sql .= " AND u.active='1'"; } elseif($keyword_inactive && !$keyword_active) { $sql .= " AND u.active='0'"; } $sql .= " ) "; } // adding the filter to see the user's only of the current access_url if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { $sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id(); } $res = api_sql_query($sql, __FILE__, __LINE__); $obj = Database::fetch_object($res); return $obj->total_number_of_items; } /** * Get the users to display on the current page (fill the sortable-table) * @param int offset of first user to recover * @param int Number of users to get * @param int Column to sort on * @param string Order (ASC,DESC) * @see SortableTable#get_table_data($from) */ function get_user_data($from, $number_of_items, $column, $direction) { $user_table = Database :: get_main_table(TABLE_MAIN_USER); $sql = "SELECT u.user_id AS col0, u.official_code AS col1, u.lastname AS col2, u.firstname AS col3, u.username AS col4, u.email AS col5, u.status AS col6, u.active AS col7, u.user_id AS col8 ". ", u.expiration_date AS exp ". " FROM $user_table u "; // adding the filter to see the user's only of the current access_url global $_configuration; if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { $access_url_rel_user_table= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)"; } if (isset ($_GET['keyword'])) { $keyword = Database::escape_string($_GET['keyword']); $sql .= " WHERE (u.firstname LIKE '%".$keyword."%' OR u.lastname LIKE '%".$keyword."%' OR u.username LIKE '%".$keyword."%' OR u.official_code LIKE '%".$keyword."%' OR u.email LIKE '%".$keyword."%' )"; } elseif (isset ($_GET['keyword_firstname'])) { $admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $keyword_firstname = Database::escape_string($_GET['keyword_firstname']); $keyword_lastname = Database::escape_string($_GET['keyword_lastname']); $keyword_email = Database::escape_string($_GET['keyword_email']); $keyword_officialcode = Database::escape_string($_GET['keyword_officialcode']); $keyword_username = Database::escape_string($_GET['keyword_username']); $keyword_status = Database::escape_string($_GET['keyword_status']); $query_admin_table = ''; $keyword_admin = ''; if ($keyword_status == SESSIONADMIN) { $keyword_status = '%'; $query_admin_table = " , $admin_table a "; $keyword_admin = ' AND a.user_id = u.user_id '; } $keyword_active = isset($_GET['keyword_active']); $keyword_inactive = isset($_GET['keyword_inactive']); $sql .= $query_admin_table." WHERE (u.firstname LIKE '%".$keyword_firstname."%' " . "AND u.lastname LIKE '%".$keyword_lastname."%' " . "AND u.username LIKE '%".$keyword_username."%' " . "AND u.email LIKE '%".$keyword_email."%' " . "AND u.official_code LIKE '%".$keyword_officialcode."%' " . "AND u.status LIKE '".$keyword_status."'" . $keyword_admin; if ($keyword_active && !$keyword_inactive) { $sql .= " AND u.active='1'"; } elseif($keyword_inactive && !$keyword_active) { $sql .= " AND u.active='0'"; } $sql .= " ) "; } // adding the filter to see the user's only of the current access_url if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { $sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id(); } if (!in_array($direction, array('ASC','DESC'))) { $direction = 'ASC'; } $column = intval($column); $from = intval($from); $number_of_items = intval($number_of_items); $sql .= " ORDER BY col$column $direction "; $sql .= " LIMIT $from,$number_of_items"; $res = api_sql_query($sql, __FILE__, __LINE__); $users = array (); $t = time(); while ($user = Database::fetch_row($res)) { if ($user[7] == 1 && $user[9] != '0000-00-00 00:00:00') { // check expiration date $expiration_time = convert_mysql_date($user[9]); // if expiration date is passed, store a special value for active field if ($expiration_time < $t) { $user[7] = '-1'; } } // forget about the expiration date field $users[] = array($user[0],$user[1],$user[2],$user[3],$user[4],$user[5],$user[6],$user[7],$user[8]); } return $users; } /** * Returns a mailto-link * @param string $email An email-address * @return string HTML-code with a mailto-link */ function email_filter($email) { return Display :: encrypted_mailto_link($email, $email); } /** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id,$url_params,$row) { global $charset; global $_user; $result .= '

'; if (api_is_platform_admin()) { $result .= ''.Display::return_icon('synthese_view.gif', get_lang('Info')).' '; } $statusname = api_get_status_langvars(); //only allow platform admins to login_as, or session admins only for students (not teachers nor other admins) if (api_is_platform_admin() or (api_is_session_admin() && $row['6'] == $statusname[STUDENT])) { $result .= ''.Display::return_icon('login_as.gif', get_lang('LoginAs')).' '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).' '; } if ($row['6'] != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')).' '; } else { $result .= ''.Display::return_icon('statistics.gif', get_lang('Reporting')).' '; } if (api_is_platform_admin()) { $result .= ''.Display::return_icon('edit.gif', get_lang('Edit')).' '; if ($row[0]<>$_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ''.Display::return_icon('delete.gif', get_lang('Delete')).''; } else { $result .= Display::return_icon('delete_na.gif', get_lang('Delete')); } } return $result; } /** * Build the active-column of the table to lock or unlock a certain user * lock = the user can no longer use this account * @author Patrick Cool , Ghent University * @param int $active the current state of the account * @param int $user_id The user id * @param string $url_params * @return string Some HTML-code with the lock/unlock button */ function active_filter($active, $url_params, $row) { global $_user; if ($active=='1') { $action='lock'; $image='right'; } elseif ($active=='-1') { $action='edit'; $image='expired'; } elseif ($active=='0') { $action='unlock'; $image='wrong'; } if ($action=='edit') { $result = Display::return_icon($image.'.gif', get_lang('AccountExpired')); }elseif ($row['0']<>$_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result = ''.Display::return_icon($image.'.gif', get_lang(ucfirst($action))).''; } return $result; } /** * Lock or unlock a user * @author Patrick Cool , Ghent University * @param int $status, do we want to lock the user ($status=lock) or unlock it ($status=unlock) * @param int $user_id The user id * @return language variable */ function lock_unlock_user($status,$user_id) { $user_table = Database :: get_main_table(TABLE_MAIN_USER); if ($status=='lock') { $status_db='0'; $return_message=get_lang('UserLocked'); } if ($status=='unlock') { $status_db='1'; $return_message=get_lang('UserUnlocked'); } if(($status_db=='1' OR $status_db=='0') AND is_numeric($user_id)) { $sql="UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'"; $result = api_sql_query($sql, __FILE__, __LINE__); } if ($result) { return $return_message; } } /** * Instead of displaying the integer of the status, we give a translation for the status * * @param integer $status * @return string translation * * @version march 2008 * @author Patrick Cool , Ghent University, Belgium */ function status_filter($status) { $statusname = api_get_status_langvars(); return $statusname[$status]; } /** ============================================================================== INIT SECTION ============================================================================== */ $action = $_GET["action"]; $login_as_user_id = $_GET["user_id"]; // Login as ... if ($_GET['action'] == "login_as" && isset ($login_as_user_id)) { login_user($login_as_user_id); } if (isset ($_GET['search']) && $_GET['search'] == 'advanced') { $interbreadcrumb[] = array ("url" => 'index.php', "name" => get_lang('PlatformAdmin')); $interbreadcrumb[] = array ("url" => 'user_list.php', "name" => get_lang('UserList')); $tool_name = get_lang('SearchAUser'); Display :: display_header($tool_name); //api_display_tool_title($tool_name); $form = new FormValidator('advanced_search','get'); $form->addElement('header', '', $tool_name); $form->add_textfield('keyword_firstname',get_lang('FirstName'),false); $form->add_textfield('keyword_lastname',get_lang('LastName'),false); $form->add_textfield('keyword_username',get_lang('LoginName'),false); $form->add_textfield('keyword_email',get_lang('Email'),false); $form->add_textfield('keyword_officialcode',get_lang('OfficialCode'),false); $status_options = array(); $status_options['%'] = get_lang('All'); $status_options[STUDENT] = get_lang('Student'); $status_options[COURSEMANAGER] = get_lang('Teacher'); $status_options[SESSIONADMIN] = get_lang('Administrator');// $form->addElement('select','keyword_status',get_lang('Status'),$status_options); $active_group = array(); $active_group[] = $form->createElement('checkbox','keyword_active','',get_lang('Active')); $active_group[] = $form->createElement('checkbox','keyword_inactive','',get_lang('Inactive')); $form->addGroup($active_group,'',get_lang('ActiveAccount'),'
',false); $form->addElement('style_submit_button', 'submit',get_lang('SearchUsers'),'class="search"'); $defaults['keyword_active'] = 1; $defaults['keyword_inactive'] = 1; $form->setDefaults($defaults); $form->display(); } else { $interbreadcrumb[] = array ("url" => 'index.php', "name" => get_lang('PlatformAdmin')); $tool_name = get_lang('UserList'); Display :: display_header($tool_name, ""); //api_display_tool_title($tool_name); if (isset ($_GET['action'])) { $check = Security::check_token('get'); if($check) { switch ($_GET['action']) { case 'show_message' : if (!empty($_GET['warn'])) { Display::display_warning_message(urldecode($_GET['warn'])); } if (!empty($_GET['message'])) { Display :: display_normal_message(stripslashes($_GET['message'])); } break; case 'delete_user' : if (api_is_platform_admin()) { if ($user_id != $_user['user_id'] && UserManager :: delete_user($_GET['user_id'])) { Display :: display_normal_message(get_lang('UserDeleted')); } else { Display :: display_error_message(get_lang('CannotDeleteUserBecauseOwnsCourse')); } } break; case 'lock' : $message=lock_unlock_user('lock',$_GET['user_id']); Display :: display_normal_message($message); break; case 'unlock'; $message=lock_unlock_user('unlock',$_GET['user_id']); Display :: display_normal_message($message); break; } Security::clear_token(); } } if (isset ($_POST['action'])) { $check = Security::check_token('get'); if($check) { switch ($_POST['action']) { case 'delete' : if (api_is_platform_admin()) { $number_of_selected_users = count($_POST['id']); $number_of_deleted_users = 0; if (is_array($_POST['id'])) { foreach ($_POST['id'] as $index => $user_id) { if($user_id != $_user['user_id']) { if(UserManager :: delete_user($user_id)) { $number_of_deleted_users++; } } } } if($number_of_selected_users == $number_of_deleted_users) { Display :: display_normal_message(get_lang('SelectedUsersDeleted')); } else { Display :: display_error_message(get_lang('SomeUsersNotDeleted')); } } break; } Security::clear_token(); } } // Create a search-box $form = new FormValidator('search_simple','get','','',null,false); $renderer =& $form->defaultRenderer(); $renderer->setElementTemplate('{element} '); $form->addElement('text','keyword',get_lang('keyword')); $form->addElement('style_submit_button', 'submit',get_lang('Search'),'class="search"'); $form->addElement('static','search_advanced_link',null,''.get_lang('AdvancedSearch').''); echo '

'; if (api_is_platform_admin()) { echo ''. ''.Display::return_icon('add_user_big.gif',get_lang('AddUsers')).get_lang('AddUsers').''. ''; } $form->display(); echo '

'; if (isset ($_GET['keyword'])) { $parameters = array ('keyword' => Security::remove_XSS($_GET['keyword'])); } elseif (isset ($_GET['keyword_firstname'])) { $parameters['keyword_firstname'] = Security::remove_XSS($_GET['keyword_firstname']); $parameters['keyword_lastname'] = Security::remove_XSS($_GET['keyword_lastname']); $parameters['keyword_email'] = Security::remove_XSS($_GET['keyword_email']); $parameters['keyword_officialcode'] = Security::remove_XSS($_GET['keyword_officialcode']); $parameters['keyword_status'] = Security::remove_XSS($_GET['keyword_status']); $parameters['keyword_active'] = Security::remove_XSS($_GET['keyword_active']); $parameters['keyword_inactive'] = Security::remove_XSS($_GET['keyword_inactive']); } // Create a sortable table with user-data $parameters['sec_token'] = Security::get_token(); $table = new SortableTable('users', 'get_number_of_users', 'get_user_data',2); $table->set_additional_parameters($parameters); $table->set_header(0, '', false); $table->set_header(1, get_lang('OfficialCode')); $table->set_header(2, get_lang('LastName')); $table->set_header(3, get_lang('FirstName')); $table->set_header(4, get_lang('LoginName')); $table->set_header(5, get_lang('Email')); $table->set_header(6, get_lang('Status')); $table->set_header(7, get_lang('Active')); $table->set_header(8, get_lang('Modify')); $table->set_column_filter(5, 'email_filter'); $table->set_column_filter(6, 'status_filter'); $table->set_column_filter(7, 'active_filter'); $table->set_column_filter(8, 'modify_filter'); if (api_is_platform_admin()) $table->set_form_actions(array ('delete' => get_lang('DeleteFromPlatform'))); $table->display(); } /* ============================================================================== FOOTER ============================================================================== */ Display :: display_footer(); ?>