usermanager.lib.php 211 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597559855995600560156025603560456055606560756085609561056115612561356145615561656175618561956205621562256235624562556265627562856295630563156325633563456355636563756385639564056415642564356445645564656475648564956505651565256535654565556565657
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. use Chamilo\CoreBundle\Entity\ExtraField as EntityExtraField;
  4. use Chamilo\UserBundle\Entity\User;
  5. use Chamilo\CoreBundle\Entity\SkillRelUser;
  6. use Chamilo\CoreBundle\Entity\SkillRelUserComment;
  7. use Symfony\Component\Security\Core\Encoder\BCryptPasswordEncoder;
  8. use Symfony\Component\Security\Core\Encoder\EncoderFactory;
  9. use Symfony\Component\Security\Core\Encoder\MessageDigestPasswordEncoder;
  10. use Symfony\Component\Security\Core\Encoder\PlaintextPasswordEncoder;
  11. /**
  12. *
  13. * Class UserManager
  14. *
  15. * This library provides functions for user management.
  16. * Include/require it in your code to use its functionality.
  17. * @package chamilo.library
  18. * @author Julio Montoya <gugli100@gmail.com> Social network groups added 2009/12
  19. *
  20. */
  21. class UserManager
  22. {
  23. // This constants are deprecated use the constants located in ExtraField
  24. const USER_FIELD_TYPE_TEXT = 1;
  25. const USER_FIELD_TYPE_TEXTAREA = 2;
  26. const USER_FIELD_TYPE_RADIO = 3;
  27. const USER_FIELD_TYPE_SELECT = 4;
  28. const USER_FIELD_TYPE_SELECT_MULTIPLE = 5;
  29. const USER_FIELD_TYPE_DATE = 6;
  30. const USER_FIELD_TYPE_DATETIME = 7;
  31. const USER_FIELD_TYPE_DOUBLE_SELECT = 8;
  32. const USER_FIELD_TYPE_DIVIDER = 9;
  33. const USER_FIELD_TYPE_TAG = 10;
  34. const USER_FIELD_TYPE_TIMEZONE = 11;
  35. const USER_FIELD_TYPE_SOCIAL_PROFILE = 12;
  36. const USER_FIELD_TYPE_FILE = 13;
  37. const USER_FIELD_TYPE_MOBILE_PHONE_NUMBER = 14;
  38. private static $encryptionMethod;
  39. /**
  40. * Constructor
  41. * @assert () === null
  42. */
  43. public function __construct()
  44. {
  45. }
  46. /**
  47. * Repository is use to query the DB, selects, etc
  48. * @return Chamilo\UserBundle\Entity\Repository\UserRepository
  49. */
  50. public static function getRepository()
  51. {
  52. return Database::getManager()->getRepository('ChamiloUserBundle:User');
  53. }
  54. /**
  55. * Create/update/delete methods are available in the UserManager
  56. * (based in the Sonata\UserBundle\Entity\UserManager)
  57. *
  58. * @return Chamilo\UserBundle\Entity\Manager\UserManager
  59. */
  60. public static function getManager()
  61. {
  62. static $userManager;
  63. if (!isset($userManager)) {
  64. $encoderFactory = self::getEncoderFactory();
  65. $userManager = new Chamilo\UserBundle\Entity\Manager\UserManager(
  66. $encoderFactory,
  67. new \FOS\UserBundle\Util\Canonicalizer(),
  68. new \FOS\UserBundle\Util\Canonicalizer(),
  69. Database::getManager(),
  70. 'Chamilo\\UserBundle\\Entity\\User'
  71. );
  72. }
  73. return $userManager;
  74. }
  75. /**
  76. * @param string $encryptionMethod
  77. */
  78. public static function setPasswordEncryption($encryptionMethod)
  79. {
  80. self::$encryptionMethod = $encryptionMethod;
  81. }
  82. /**
  83. * @return bool|mixed
  84. */
  85. public static function getPasswordEncryption()
  86. {
  87. $encryptionMethod = self::$encryptionMethod;
  88. if (empty($encryptionMethod)) {
  89. $encryptionMethod = api_get_configuration_value('password_encryption');
  90. }
  91. return $encryptionMethod;
  92. }
  93. /**
  94. * @return EncoderFactory
  95. */
  96. private static function getEncoderFactory()
  97. {
  98. $encryption = self::getPasswordEncryption();
  99. $encoders = array(
  100. 'Chamilo\\UserBundle\\Entity\\User' => new \Chamilo\UserBundle\Security\Encoder($encryption),
  101. );
  102. $encoderFactory = new EncoderFactory($encoders);
  103. return $encoderFactory;
  104. }
  105. /**
  106. * @param User $user
  107. *
  108. * @return \Symfony\Component\Security\Core\Encoder\PasswordEncoderInterface
  109. */
  110. private static function getEncoder(User $user)
  111. {
  112. $encoderFactory = self::getEncoderFactory();
  113. return $encoderFactory->getEncoder($user);
  114. }
  115. /**
  116. * Validates the password
  117. *
  118. * @param $encoded
  119. * @param $raw
  120. * @param $salt
  121. * @return bool
  122. */
  123. public static function isPasswordValid($encoded, $raw, $salt)
  124. {
  125. $encoder = new \Chamilo\UserBundle\Security\Encoder(self::getPasswordEncryption());
  126. $validPassword = $encoder->isPasswordValid($encoded, $raw, $salt);
  127. return $validPassword;
  128. }
  129. /**
  130. * @param string $raw
  131. * @param User $user
  132. *
  133. * @return bool
  134. */
  135. public static function encryptPassword($raw, User $user)
  136. {
  137. $encoder = self::getEncoder($user);
  138. $encodedPassword = $encoder->encodePassword(
  139. $raw,
  140. $user->getSalt()
  141. );
  142. return $encodedPassword;
  143. }
  144. /**
  145. * @param int $userId
  146. * @param string $password
  147. *
  148. */
  149. public static function updatePassword($userId, $password)
  150. {
  151. $repository = self::getRepository();
  152. /** @var User $user */
  153. $user = $repository->find($userId);
  154. $userManager = self::getManager();
  155. $user->setPlainPassword($password);
  156. $userManager->updateUser($user, true);
  157. }
  158. /**
  159. * Creates a new user for the platform
  160. * @author Hugues Peeters <peeters@ipm.ucl.ac.be>,
  161. * @author Roan Embrechts <roan_embrechts@yahoo.com>
  162. * @param string $firstName
  163. * @param string $lastName
  164. * @param int $status (1 for course tutor, 5 for student, 6 for anonymous)
  165. * @param string $email
  166. * @param string $loginName
  167. * @param string $password
  168. * @param string $official_code Any official code (optional)
  169. * @param string $language User language (optional)
  170. * @param string $phone Phone number (optional)
  171. * @param string $picture_uri Picture URI (optional)
  172. * @param string $authSource Authentication source (optional, defaults to 'platform', dependind on constant)
  173. * @param string $expirationDate Account expiration date (optional, defaults to null)
  174. * @param int $active Whether the account is enabled or disabled by default
  175. * @param int $hr_dept_id The department of HR in which the user is registered (optional, defaults to 0)
  176. * @param array $extra Extra fields
  177. * @param string $encrypt_method Encrypt method used if password is given encrypted. Set to an empty string by default
  178. * @param bool $send_mail
  179. * @param bool $isAdmin
  180. * @param string $address
  181. * @param bool $sendEmailToAllAdmins
  182. * @param FormValidator $form
  183. *
  184. * @return mixed new user id - if the new user creation succeeds, false otherwise
  185. * @desc The function tries to retrieve user id from the session.
  186. * If it exists, the current user id is the creator id. If a problem arises,
  187. * @assert ('Sam','Gamegie',5,'sam@example.com','jo','jo') > 1
  188. * @assert ('Pippin','Took',null,null,'jo','jo') === false
  189. */
  190. public static function create_user(
  191. $firstName,
  192. $lastName,
  193. $status,
  194. $email,
  195. $loginName,
  196. $password,
  197. $official_code = '',
  198. $language = '',
  199. $phone = '',
  200. $picture_uri = '',
  201. $authSource = PLATFORM_AUTH_SOURCE,
  202. $expirationDate = null,
  203. $active = 1,
  204. $hr_dept_id = 0,
  205. $extra = [],
  206. $encrypt_method = '',
  207. $send_mail = false,
  208. $isAdmin = false,
  209. $address = '',
  210. $sendEmailToAllAdmins = false,
  211. $form = null
  212. ) {
  213. $currentUserId = api_get_user_id();
  214. $hook = HookCreateUser::create();
  215. if (!empty($hook)) {
  216. $hook->notifyCreateUser(HOOK_EVENT_TYPE_PRE);
  217. }
  218. // First check wether the login already exists
  219. if (!self::is_username_available($loginName)) {
  220. Display::addFlash(
  221. Display::return_message(get_lang('LoginAlreadyTaken'))
  222. );
  223. return false;
  224. }
  225. global $_configuration;
  226. $original_password = $password;
  227. $access_url_id = 1;
  228. if (api_get_multiple_access_url()) {
  229. $access_url_id = api_get_current_access_url_id();
  230. }
  231. if (isset($_configuration[$access_url_id]) &&
  232. is_array($_configuration[$access_url_id]) &&
  233. isset($_configuration[$access_url_id]['hosting_limit_users']) &&
  234. $_configuration[$access_url_id]['hosting_limit_users'] > 0) {
  235. $num = self::get_number_of_users();
  236. if ($num >= $_configuration[$access_url_id]['hosting_limit_users']) {
  237. api_warn_hosting_contact('hosting_limit_users');
  238. Display::addFlash(Display::return_message(get_lang('PortalUsersLimitReached'), 'warning'));
  239. return false;
  240. }
  241. }
  242. if ($status === 1 &&
  243. isset($_configuration[$access_url_id]) &&
  244. is_array($_configuration[$access_url_id]) &&
  245. isset($_configuration[$access_url_id]['hosting_limit_teachers']) &&
  246. $_configuration[$access_url_id]['hosting_limit_teachers'] > 0
  247. ) {
  248. $num = self::get_number_of_users(1);
  249. if ($num >= $_configuration[$access_url_id]['hosting_limit_teachers']) {
  250. Display::addFlash(Display::return_message(get_lang('PortalTeachersLimitReached'), 'warning'));
  251. api_warn_hosting_contact('hosting_limit_teachers');
  252. return false;
  253. }
  254. }
  255. if (empty($password)) {
  256. if ($authSource === PLATFORM_AUTH_SOURCE) {
  257. Display::addFlash(
  258. Display::return_message(
  259. get_lang('ThisFieldIsRequired').': '.get_lang(
  260. 'Password'
  261. ),
  262. 'warning'
  263. )
  264. );
  265. return false;
  266. }
  267. // We use the authSource as password.
  268. // The real validation will be by processed by the auth
  269. // source not Chamilo
  270. $password = $authSource;
  271. }
  272. // database table definition
  273. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  274. // Checking the user language
  275. $languages = api_get_languages();
  276. $language = strtolower($language);
  277. if (isset($languages['folder'])) {
  278. if (!in_array($language, $languages['folder'])) {
  279. $language = api_get_setting('platformLanguage');
  280. }
  281. }
  282. if (!empty($currentUserId)) {
  283. $creator_id = $currentUserId;
  284. } else {
  285. $creator_id = 0;
  286. }
  287. $currentDate = api_get_utc_datetime();
  288. $now = new DateTime();
  289. if (empty($expirationDate) || $expirationDate == '0000-00-00 00:00:00') {
  290. // Default expiration date
  291. // if there is a default duration of a valid account then
  292. // we have to change the expiration_date accordingly
  293. // Accept 0000-00-00 00:00:00 as a null value to avoid issues with
  294. // third party code using this method with the previous (pre-1.10)
  295. // value of 0000...
  296. if (api_get_setting('account_valid_duration') != '') {
  297. $expirationDate = new DateTime($currentDate);
  298. $days = intval(api_get_setting('account_valid_duration'));
  299. $expirationDate->modify('+'.$days.' day');
  300. }
  301. } else {
  302. $expirationDate = api_get_utc_datetime($expirationDate);
  303. $expirationDate = new \DateTime($expirationDate, new DateTimeZone('UTC'));
  304. }
  305. $userManager = self::getManager();
  306. /** @var User $user */
  307. $user = $userManager->createUser();
  308. $user
  309. ->setLastname($lastName)
  310. ->setFirstname($firstName)
  311. ->setUsername($loginName)
  312. ->setStatus($status)
  313. ->setPlainPassword($password)
  314. ->setEmail($email)
  315. ->setOfficialCode($official_code)
  316. ->setPictureUri($picture_uri)
  317. ->setCreatorId($creator_id)
  318. ->setAuthSource($authSource)
  319. ->setPhone($phone)
  320. ->setAddress($address)
  321. ->setLanguage($language)
  322. ->setRegistrationDate($now)
  323. ->setHrDeptId($hr_dept_id)
  324. ->setActive($active)
  325. ->setEnabled($active)
  326. ;
  327. if (!empty($expirationDate)) {
  328. $user->setExpirationDate($expirationDate);
  329. }
  330. $userManager->updateUser($user);
  331. $userId = $user->getId();
  332. if (!empty($userId)) {
  333. $return = $userId;
  334. $sql = "UPDATE $table_user SET user_id = $return WHERE id = $return";
  335. Database::query($sql);
  336. if ($isAdmin) {
  337. self::add_user_as_admin($user);
  338. }
  339. if (api_get_multiple_access_url()) {
  340. UrlManager::add_user_to_url($userId, api_get_current_access_url_id());
  341. } else {
  342. //we are adding by default the access_url_user table with access_url_id = 1
  343. UrlManager::add_user_to_url($userId, 1);
  344. }
  345. if (is_array($extra) && count($extra) > 0) {
  346. foreach ($extra as $fname => $fvalue) {
  347. self::update_extra_field_value($userId, $fname, $fvalue);
  348. }
  349. } else {
  350. // Create notify settings by default
  351. self::update_extra_field_value($userId, 'mail_notify_invitation', '1');
  352. self::update_extra_field_value($userId, 'mail_notify_message', '1');
  353. self::update_extra_field_value($userId, 'mail_notify_group_message', '1');
  354. }
  355. self::update_extra_field_value($userId, 'already_logged_in', 'false');
  356. if (!empty($email) && $send_mail) {
  357. $recipient_name = api_get_person_name(
  358. $firstName,
  359. $lastName,
  360. null,
  361. PERSON_NAME_EMAIL_ADDRESS
  362. );
  363. $tplSubject = new Template(
  364. null,
  365. false,
  366. false,
  367. false,
  368. false,
  369. false
  370. );
  371. $layoutSubject = $tplSubject->get_template(
  372. 'mail/subject_registration_platform.tpl'
  373. );
  374. $emailSubject = $tplSubject->fetch($layoutSubject);
  375. $sender_name = api_get_person_name(
  376. api_get_setting('administratorName'),
  377. api_get_setting('administratorSurname'),
  378. null,
  379. PERSON_NAME_EMAIL_ADDRESS
  380. );
  381. $email_admin = api_get_setting('emailAdministrator');
  382. $url = api_get_path(WEB_PATH);
  383. if (api_is_multiple_url_enabled()) {
  384. $access_url_id = api_get_current_access_url_id();
  385. if ($access_url_id != -1) {
  386. $urlInfo = api_get_access_url($access_url_id);
  387. if ($urlInfo) {
  388. $url = $urlInfo['url'];
  389. }
  390. }
  391. }
  392. $tplContent = new Template(null, false, false, false, false, false);
  393. // variables for the default template
  394. $tplContent->assign('complete_name', stripslashes(api_get_person_name($firstName, $lastName)));
  395. $tplContent->assign('login_name', $loginName);
  396. $tplContent->assign('original_password', stripslashes($original_password));
  397. $tplContent->assign('mailWebPath', $url);
  398. $tplContent->assign('new_user', $user);
  399. // ofaj
  400. $urlSearch = api_get_path(WEB_PATH).'search.php';
  401. $linkSearch = Display::url($urlSearch, $urlSearch);
  402. $tplContent->assign('search_link', $linkSearch);
  403. $layoutContent = $tplContent->get_template('mail/content_registration_platform.tpl');
  404. $emailBody = $tplContent->fetch($layoutContent);
  405. /* MANAGE EVENT WITH MAIL */
  406. if (EventsMail::check_if_using_class('user_registration')) {
  407. $values["about_user"] = $return;
  408. $values["password"] = $original_password;
  409. $values["send_to"] = array($return);
  410. $values["prior_lang"] = null;
  411. EventsDispatcher::events('user_registration', $values);
  412. } else {
  413. $phoneNumber = isset($extra['mobile_phone_number']) ? $extra['mobile_phone_number'] : null;
  414. $additionalParameters = array(
  415. 'smsType' => SmsPlugin::WELCOME_LOGIN_PASSWORD,
  416. 'userId' => $return,
  417. 'mobilePhoneNumber' => $phoneNumber,
  418. 'password' => $original_password,
  419. );
  420. api_mail_html(
  421. $recipient_name,
  422. $email,
  423. $emailSubject,
  424. $emailBody,
  425. $sender_name,
  426. $email_admin,
  427. null,
  428. null,
  429. null,
  430. $additionalParameters
  431. );
  432. }
  433. if ($sendEmailToAllAdmins) {
  434. $adminList = self::get_all_administrators();
  435. $tplContent = new Template(null, false, false, false, false, false);
  436. // variables for the default template
  437. $tplContent->assign('complete_name', stripslashes(api_get_person_name($firstName, $lastName)));
  438. /*$lang = $user->getLanguage();
  439. if ($lang === 'french2') {
  440. $user->setLanguage('french');
  441. }*/
  442. $langData = api_get_language_info(api_get_language_id($user->getLanguage()));
  443. $user->setLanguage($langData['original_name']);
  444. $renderer = FormValidator::getDefaultRenderer();
  445. $tplContent->assign('user_added', $user);
  446. // ofaj
  447. $elementTemplate = ' {label}: {element} <br />';
  448. $renderer->setElementTemplate($elementTemplate);
  449. /** @var FormValidator $form */
  450. $form->freeze(null, $elementTemplate);
  451. $form->removeElement('submit');
  452. # $form->removeElement('password');
  453. $form->removeElement('pass1');
  454. $form->removeElement('pass2');
  455. $form->removeElement('search');
  456. $formData = $form->returnForm();
  457. $url = api_get_path(WEB_CODE_PATH).'admin/user_information.php?user_id='.$user->getId();
  458. $tplContent->assign('link', Display::url($url, $url));
  459. $tplContent->assign('form', $formData);
  460. $layoutContent = $tplContent->get_template('mail/content_registration_platform_to_admin.tpl');
  461. $emailBody = $tplContent->fetch($layoutContent);
  462. $subject = '['.api_get_setting('siteName').'] '.get_lang('NewStudentRegistered');
  463. foreach ($adminList as $adminId => $data) {
  464. MessageManager::send_message_simple($adminId, $subject, $emailBody);
  465. }
  466. }
  467. /* ENDS MANAGE EVENT WITH MAIL */
  468. }
  469. if (!empty($hook)) {
  470. $hook->setEventData(array(
  471. 'return' => $userId,
  472. 'originalPassword' => $original_password,
  473. ));
  474. $hook->notifyCreateUser(HOOK_EVENT_TYPE_POST);
  475. }
  476. Event::addEvent(LOG_USER_CREATE, LOG_USER_ID, $userId);
  477. } else {
  478. Display::addFlash(Display::return_message(get_lang('ErrorContactPlatformAdmin')));
  479. return false;
  480. }
  481. return $return;
  482. }
  483. /**
  484. * Can user be deleted? This function checks whether there's a course
  485. * in which the given user is the
  486. * only course administrator. If that is the case, the user can't be
  487. * deleted because the course would remain without a course admin.
  488. * @param int $user_id The user id
  489. * @return boolean true if user can be deleted
  490. * @assert (null) === false
  491. * @assert (-1) === false
  492. * @assert ('abc') === false
  493. */
  494. public static function can_delete_user($user_id)
  495. {
  496. $deny = api_get_configuration_value('deny_delete_users');
  497. if ($deny) {
  498. return false;
  499. }
  500. $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  501. if ($user_id != strval(intval($user_id))) {
  502. return false;
  503. }
  504. if ($user_id === false) {
  505. return false;
  506. }
  507. $sql = "SELECT * FROM $table_course_user
  508. WHERE status = 1 AND user_id = ".$user_id;
  509. $res = Database::query($sql);
  510. while ($course = Database::fetch_object($res)) {
  511. $sql = "SELECT id FROM $table_course_user
  512. WHERE status=1 AND c_id = ".intval($course->c_id);
  513. $res2 = Database::query($sql);
  514. if (Database::num_rows($res2) == 1) {
  515. return false;
  516. }
  517. }
  518. return true;
  519. }
  520. /**
  521. * Delete a user from the platform, and all its belongings. This is a
  522. * very dangerous function that should only be accessible by
  523. * super-admins. Other roles should only be able to disable a user,
  524. * which removes access to the platform but doesn't delete anything.
  525. * @param int The ID of th user to be deleted
  526. * @return boolean true if user is successfully deleted, false otherwise
  527. * @assert (null) === false
  528. * @assert ('abc') === false
  529. */
  530. public static function delete_user($user_id)
  531. {
  532. if ($user_id != strval(intval($user_id))) {
  533. return false;
  534. }
  535. if ($user_id === false) {
  536. return false;
  537. }
  538. if (!self::can_delete_user($user_id)) {
  539. return false;
  540. }
  541. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  542. $usergroup_rel_user = Database::get_main_table(TABLE_USERGROUP_REL_USER);
  543. $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  544. $table_course = Database::get_main_table(TABLE_MAIN_COURSE);
  545. $table_session = Database::get_main_table(TABLE_MAIN_SESSION);
  546. $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
  547. $table_session_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
  548. $table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  549. $table_group = Database::get_course_table(TABLE_GROUP_USER);
  550. $table_work = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
  551. // Unsubscribe the user from all groups in all his courses
  552. $sql = "SELECT c.id
  553. FROM $table_course c
  554. INNER JOIN $table_course_user cu
  555. ON (c.id = cu.c_id)
  556. WHERE
  557. cu.user_id = '".$user_id."' AND
  558. relation_type<>".COURSE_RELATION_TYPE_RRHH."
  559. ";
  560. $res = Database::query($sql);
  561. while ($course = Database::fetch_object($res)) {
  562. $sql = "DELETE FROM $table_group
  563. WHERE c_id = {$course->id} AND user_id = $user_id";
  564. Database::query($sql);
  565. }
  566. // Unsubscribe user from usergroup_rel_user
  567. $sql = "DELETE FROM $usergroup_rel_user WHERE user_id = '".$user_id."'";
  568. Database::query($sql);
  569. // Unsubscribe user from all courses
  570. $sql = "DELETE FROM $table_course_user WHERE user_id = '".$user_id."'";
  571. Database::query($sql);
  572. // Unsubscribe user from all courses in sessions
  573. $sql = "DELETE FROM $table_session_course_user WHERE user_id = '".$user_id."'";
  574. Database::query($sql);
  575. // If the user was added as a id_coach then set the current admin as coach see BT#
  576. $currentUserId = api_get_user_id();
  577. $sql = "UPDATE $table_session SET id_coach = $currentUserId
  578. WHERE id_coach = '".$user_id."'";
  579. Database::query($sql);
  580. $sql = "UPDATE $table_session SET id_coach = $currentUserId
  581. WHERE session_admin_id = '".$user_id."'";
  582. Database::query($sql);
  583. // Unsubscribe user from all sessions
  584. $sql = "DELETE FROM $table_session_user
  585. WHERE user_id = '".$user_id."'";
  586. Database::query($sql);
  587. // Delete user picture
  588. /* TODO: Logic about api_get_setting('split_users_upload_directory') == 'true'
  589. a user has 4 different sized photos to be deleted. */
  590. $user_info = api_get_user_info($user_id);
  591. if (strlen($user_info['picture_uri']) > 0) {
  592. $path = self::getUserPathById($user_id, 'system');
  593. $img_path = $path.$user_info['picture_uri'];
  594. if (file_exists($img_path)) {
  595. unlink($img_path);
  596. }
  597. }
  598. // Delete the personal course categories
  599. $course_cat_table = Database::get_main_table(TABLE_USER_COURSE_CATEGORY);
  600. $sql = "DELETE FROM $course_cat_table WHERE user_id = '".$user_id."'";
  601. Database::query($sql);
  602. // Delete user from the admin table
  603. $sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'";
  604. Database::query($sql);
  605. // Delete the personal agenda-items from this user
  606. $agenda_table = Database::get_main_table(TABLE_PERSONAL_AGENDA);
  607. $sql = "DELETE FROM $agenda_table WHERE user = '".$user_id."'";
  608. Database::query($sql);
  609. $gradebook_results_table = Database::get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
  610. $sql = 'DELETE FROM '.$gradebook_results_table.' WHERE user_id = '.$user_id;
  611. Database::query($sql);
  612. $extraFieldValue = new ExtraFieldValue('user');
  613. $extraFieldValue->deleteValuesByItem($user_id);
  614. UrlManager::deleteUserFromAllUrls($user_id);
  615. if (api_get_setting('allow_social_tool') == 'true') {
  616. $userGroup = new UserGroup();
  617. //Delete user from portal groups
  618. $group_list = $userGroup->get_groups_by_user($user_id);
  619. if (!empty($group_list)) {
  620. foreach ($group_list as $group_id => $data) {
  621. $userGroup->delete_user_rel_group($user_id, $group_id);
  622. }
  623. }
  624. // Delete user from friend lists
  625. SocialManager::remove_user_rel_user($user_id, true);
  626. }
  627. // Removing survey invitation
  628. SurveyManager::delete_all_survey_invitations_by_user($user_id);
  629. // Delete students works
  630. $sql = "DELETE FROM $table_work WHERE user_id = $user_id AND c_id <> 0";
  631. Database::query($sql);
  632. $sql = "UPDATE c_item_property SET to_user_id = NULL
  633. WHERE to_user_id = '".$user_id."'";
  634. Database::query($sql);
  635. $sql = "UPDATE c_item_property SET insert_user_id = NULL
  636. WHERE insert_user_id = '".$user_id."'";
  637. Database::query($sql);
  638. $sql = "UPDATE c_item_property SET lastedit_user_id = NULL
  639. WHERE lastedit_user_id = '".$user_id."'";
  640. Database::query($sql);
  641. // Skills
  642. $em = Database::getManager();
  643. $criteria = ['user' => $user_id];
  644. $skills = $em->getRepository('ChamiloCoreBundle:SkillRelUser')->findBy($criteria);
  645. if ($skills) {
  646. /** @var SkillRelUser $skill */
  647. foreach ($skills as $skill) {
  648. $comments = $skill->getComments();
  649. if ($comments) {
  650. /** @var SkillRelUserComment $comment */
  651. foreach ($comments as $comment) {
  652. $em->remove($comment);
  653. }
  654. }
  655. $em->remove($skill);
  656. }
  657. $em->flush();
  658. }
  659. // ExtraFieldSavedSearch
  660. $criteria = ['user' => $user_id];
  661. $searchList = $em->getRepository('ChamiloCoreBundle:ExtraFieldSavedSearch')->findBy($criteria);
  662. if ($searchList) {
  663. foreach ($searchList as $search) {
  664. $em->remove($search);
  665. }
  666. $em->flush();
  667. }
  668. $connection = Database::getManager()->getConnection();
  669. $tableExists = $connection->getSchemaManager()->tablesExist(['plugin_bbb_room']);
  670. if ($tableExists) {
  671. // Delete user from database
  672. $sql = "DELETE FROM plugin_bbb_room WHERE participant_id = $user_id";
  673. Database::query($sql);
  674. }
  675. // Delete user/ticket relationships :(
  676. $tableExists = $connection->getSchemaManager()->tablesExist(['ticket_ticket']);
  677. if ($tableExists) {
  678. TicketManager::deleteUserFromTicketSystem($user_id);
  679. }
  680. $tableExists = $connection->getSchemaManager()->tablesExist(['c_lp_category_user']);
  681. if ($tableExists) {
  682. $sql = "DELETE FROM c_lp_category_user WHERE user_id = $user_id";
  683. Database::query($sql);
  684. }
  685. // Delete user from database
  686. $sql = "DELETE FROM $table_user WHERE id = '".$user_id."'";
  687. Database::query($sql);
  688. // Add event to system log
  689. $user_id_manager = api_get_user_id();
  690. Event::addEvent(
  691. LOG_USER_DELETE,
  692. LOG_USER_ID,
  693. $user_id,
  694. api_get_utc_datetime(),
  695. $user_id_manager
  696. );
  697. Event::addEvent(
  698. LOG_USER_DELETE,
  699. LOG_USER_OBJECT,
  700. $user_info,
  701. api_get_utc_datetime(),
  702. $user_id_manager
  703. );
  704. $cacheAvailable = api_get_configuration_value('apc');
  705. if ($cacheAvailable === true) {
  706. $apcVar = api_get_configuration_value('apc_prefix').'userinfo_'.$user_id;
  707. if (apcu_exists($apcVar)) {
  708. apcu_delete($apcVar);
  709. }
  710. }
  711. return true;
  712. }
  713. /**
  714. * Deletes users completely. Can be called either as:
  715. * - UserManager::delete_users(1, 2, 3); or
  716. * - UserManager::delete_users(array(1, 2, 3));
  717. * @param array|int $ids
  718. * @return boolean True if at least one user was successfuly deleted. False otherwise.
  719. * @author Laurent Opprecht
  720. * @uses UserManager::delete_user() to actually delete each user
  721. * @assert (null) === false
  722. * @assert (-1) === false
  723. * @assert (array(-1)) === false
  724. */
  725. public static function delete_users($ids = array())
  726. {
  727. $result = false;
  728. $ids = is_array($ids) ? $ids : func_get_args();
  729. if (!is_array($ids) || count($ids) == 0) {
  730. return false;
  731. }
  732. $ids = array_map('intval', $ids);
  733. foreach ($ids as $id) {
  734. if (empty($id) || $id < 1) {
  735. continue;
  736. }
  737. $deleted = self::delete_user($id);
  738. $result = $deleted || $result;
  739. }
  740. return $result;
  741. }
  742. /**
  743. * Disable users. Can be called either as:
  744. * - UserManager::deactivate_users(1, 2, 3);
  745. * - UserManager::deactivate_users(array(1, 2, 3));
  746. * @param array|int $ids
  747. * @return boolean
  748. * @author Laurent Opprecht
  749. * @assert (null) === false
  750. * @assert (array(-1)) === false
  751. */
  752. public static function deactivate_users($ids = array())
  753. {
  754. if (empty($ids)) {
  755. return false;
  756. }
  757. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  758. $ids = is_array($ids) ? $ids : func_get_args();
  759. $ids = array_map('intval', $ids);
  760. $ids = implode(',', $ids);
  761. $sql = "UPDATE $table_user SET active = 0 WHERE id IN ($ids)";
  762. $r = Database::query($sql);
  763. if ($r !== false) {
  764. Event::addEvent(LOG_USER_DISABLE, LOG_USER_ID, $ids);
  765. }
  766. return $r;
  767. }
  768. /**
  769. * Enable users. Can be called either as:
  770. * - UserManager::activate_users(1, 2, 3);
  771. * - UserManager::activate_users(array(1, 2, 3));
  772. * @param array|int IDs of the users to enable
  773. * @return boolean
  774. * @author Laurent Opprecht
  775. * @assert (null) === false
  776. * @assert (array(-1)) === false
  777. */
  778. public static function activate_users($ids = array())
  779. {
  780. if (empty($ids)) {
  781. return false;
  782. }
  783. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  784. $ids = is_array($ids) ? $ids : func_get_args();
  785. $ids = array_map('intval', $ids);
  786. $ids = implode(',', $ids);
  787. $sql = "UPDATE $table_user SET active = 1 WHERE id IN ($ids)";
  788. $r = Database::query($sql);
  789. if ($r !== false) {
  790. Event::addEvent(LOG_USER_ENABLE, LOG_USER_ID, $ids);
  791. }
  792. return $r;
  793. }
  794. /**
  795. * Update user information with new openid
  796. * @param int $user_id
  797. * @param string $openid
  798. * @return boolean true if the user information was updated
  799. * @assert (false,'') === false
  800. * @assert (-1,'') === false
  801. */
  802. public static function update_openid($user_id, $openid)
  803. {
  804. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  805. if ($user_id != strval(intval($user_id))) {
  806. return false;
  807. }
  808. if ($user_id === false) {
  809. return false;
  810. }
  811. $sql = "UPDATE $table_user SET
  812. openid='".Database::escape_string($openid)."'";
  813. $sql .= " WHERE id= $user_id";
  814. return Database::query($sql);
  815. }
  816. /**
  817. * Update user information with all the parameters passed to this function
  818. * @param int The ID of the user to be updated
  819. * @param string The user's firstname
  820. * @param string The user's lastname
  821. * @param string The user's username (login)
  822. * @param string The user's password
  823. * @param string The authentication source (default: "platform")
  824. * @param string The user's e-mail address
  825. * @param int The user's status
  826. * @param string The user's official code (usually just an internal institutional code)
  827. * @param string The user's phone number
  828. * @param string The user's picture URL (internal to the Chamilo directory)
  829. * @param int The user ID of the person who registered this user (optional, defaults to null)
  830. * @param int The department of HR in which the user is registered (optional, defaults to 0)
  831. * @param array A series of additional fields to add to this user as extra fields (optional, defaults to null)
  832. * @return boolean|integer False on error, or the user ID if the user information was updated
  833. * @assert (false, false, false, false, false, false, false, false, false, false, false, false, false) === false
  834. */
  835. public static function update_user(
  836. $user_id,
  837. $firstname,
  838. $lastname,
  839. $username,
  840. $password = null,
  841. $auth_source = null,
  842. $email,
  843. $status,
  844. $official_code,
  845. $phone,
  846. $picture_uri,
  847. $expiration_date,
  848. $active,
  849. $creator_id = null,
  850. $hr_dept_id = 0,
  851. $extra = null,
  852. $language = 'english',
  853. $encrypt_method = '',
  854. $send_email = false,
  855. $reset_password = 0,
  856. $address = null
  857. ) {
  858. $hook = HookUpdateUser::create();
  859. if (!empty($hook)) {
  860. $hook->notifyUpdateUser(HOOK_EVENT_TYPE_PRE);
  861. }
  862. $original_password = $password;
  863. if ($user_id != strval(intval($user_id))) {
  864. return false;
  865. }
  866. if (empty($user_id)) {
  867. return false;
  868. }
  869. $userManager = self::getManager();
  870. /** @var Chamilo\UserBundle\Entity\User $user */
  871. $user = self::getRepository()->find($user_id);
  872. if (empty($user)) {
  873. return false;
  874. }
  875. if ($reset_password == 0) {
  876. $password = null;
  877. $auth_source = $user->getAuthSource();
  878. } elseif ($reset_password == 1) {
  879. $original_password = $password = api_generate_password();
  880. $auth_source = PLATFORM_AUTH_SOURCE;
  881. } elseif ($reset_password == 2) {
  882. $password = $password;
  883. $auth_source = PLATFORM_AUTH_SOURCE;
  884. } elseif ($reset_password == 3) {
  885. $password = $password;
  886. $auth_source = $auth_source;
  887. }
  888. // Checking the user language
  889. $languages = api_get_languages();
  890. if (!in_array($language, $languages['folder'])) {
  891. $language = api_get_setting('platformLanguage');
  892. }
  893. $change_active = 0;
  894. $isUserActive = $user->getActive();
  895. if ($isUserActive != $active) {
  896. $change_active = 1;
  897. }
  898. $originalUsername = $user->getUsername();
  899. // If username is different from original then check if it exists.
  900. if ($originalUsername !== $username) {
  901. $available = self::is_username_available($username);
  902. if ($available === false) {
  903. return false;
  904. }
  905. }
  906. if (!empty($expiration_date)) {
  907. $expiration_date = api_get_utc_datetime($expiration_date);
  908. $expiration_date = new \DateTime(
  909. $expiration_date,
  910. new DateTimeZone('UTC')
  911. );
  912. }
  913. $user
  914. ->setLastname($lastname)
  915. ->setFirstname($firstname)
  916. ->setUsername($username)
  917. ->setStatus($status)
  918. ->setAuthSource($auth_source)
  919. ->setLanguage($language)
  920. ->setEmail($email)
  921. ->setOfficialCode($official_code)
  922. ->setPhone($phone)
  923. ->setAddress($address)
  924. ->setPictureUri($picture_uri)
  925. ->setExpirationDate($expiration_date)
  926. ->setActive($active)
  927. ->setEnabled($active)
  928. ->setHrDeptId($hr_dept_id)
  929. ;
  930. if (!is_null($password)) {
  931. $user->setPlainPassword($password);
  932. }
  933. $userManager->updateUser($user, true);
  934. if ($change_active == 1) {
  935. if ($active == 1) {
  936. $event_title = LOG_USER_ENABLE;
  937. } else {
  938. $event_title = LOG_USER_DISABLE;
  939. }
  940. Event::addEvent($event_title, LOG_USER_ID, $user_id);
  941. }
  942. if (is_array($extra) && count($extra) > 0) {
  943. $res = true;
  944. foreach ($extra as $fname => $fvalue) {
  945. $res = $res && self::update_extra_field_value(
  946. $user_id,
  947. $fname,
  948. $fvalue
  949. );
  950. }
  951. }
  952. if (!empty($email) && $send_email) {
  953. $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS);
  954. $emailsubject = '['.api_get_setting('siteName').'] '.get_lang('YourReg').' '.api_get_setting('siteName');
  955. $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
  956. $email_admin = api_get_setting('emailAdministrator');
  957. if (api_is_multiple_url_enabled()) {
  958. $access_url_id = api_get_current_access_url_id();
  959. if ($access_url_id != -1) {
  960. $url = api_get_access_url($access_url_id);
  961. $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstname, $lastname)).",\n\n".
  962. get_lang('YouAreReg')." ".api_get_setting('siteName')." ".get_lang('WithTheFollowingSettings')."\n\n".
  963. get_lang('Username')." : ".$username.(($reset_password > 0) ? "\n".
  964. get_lang('Pass')." : ".stripslashes($original_password) : "")."\n\n".
  965. get_lang('Address')." ".api_get_setting('siteName')." ".get_lang('Is')." : ".$url['url']."\n\n".
  966. get_lang('Problem')."\n\n".
  967. get_lang('SignatureFormula').",\n\n".
  968. api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".
  969. get_lang('Manager')." ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".
  970. get_lang('Email')." : ".api_get_setting('emailAdministrator');
  971. }
  972. } else {
  973. $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstname, $lastname)).",\n\n".
  974. get_lang('YouAreReg')." ".api_get_setting('siteName')." ".get_lang('WithTheFollowingSettings')."\n\n".
  975. get_lang('Username')." : ".$username.(($reset_password > 0) ? "\n".
  976. get_lang('Pass')." : ".stripslashes($original_password) : "")."\n\n".
  977. get_lang('Address')." ".api_get_setting('siteName')." ".get_lang('Is')." : ".api_get_path(WEB_PATH)."\n\n".
  978. get_lang('Problem')."\n\n".
  979. get_lang('SignatureFormula').",\n\n".
  980. api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n".
  981. get_lang('Manager')." ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n".
  982. get_lang('Email')." : ".api_get_setting('emailAdministrator');
  983. }
  984. $emailbody = nl2br($emailbody);
  985. api_mail_html(
  986. $recipient_name,
  987. $email,
  988. $emailsubject,
  989. $emailbody,
  990. $sender_name,
  991. $email_admin
  992. );
  993. }
  994. if (!empty($hook)) {
  995. $hook->notifyUpdateUser(HOOK_EVENT_TYPE_POST);
  996. }
  997. $cacheAvailable = api_get_configuration_value('apc');
  998. if ($cacheAvailable === true) {
  999. $apcVar = api_get_configuration_value('apc_prefix').'userinfo_'.$user_id;
  1000. if (apcu_exists($apcVar)) {
  1001. apcu_delete($apcVar);
  1002. }
  1003. }
  1004. return $user->getId();
  1005. }
  1006. /**
  1007. * Disables or enables a user
  1008. * @param int $user_id
  1009. * @param int $active Enable or disable
  1010. * @return void
  1011. * @assert (-1,0) === false
  1012. * @assert (1,1) === true
  1013. */
  1014. private static function change_active_state($user_id, $active)
  1015. {
  1016. if (strval(intval($user_id)) != $user_id) {
  1017. return false;
  1018. }
  1019. if ($user_id < 1) {
  1020. return false;
  1021. }
  1022. $user_id = intval($user_id);
  1023. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  1024. $sql = "UPDATE $table_user SET active = '$active' WHERE id = $user_id";
  1025. $r = Database::query($sql);
  1026. $ev = LOG_USER_DISABLE;
  1027. if ($active == 1) {
  1028. $ev = LOG_USER_ENABLE;
  1029. }
  1030. if ($r !== false) {
  1031. Event::addEvent($ev, LOG_USER_ID, $user_id);
  1032. }
  1033. return $r;
  1034. }
  1035. /**
  1036. * Disables a user
  1037. * @param int User id
  1038. * @return bool
  1039. * @uses UserManager::change_active_state() to actually disable the user
  1040. * @assert (0) === false
  1041. */
  1042. public static function disable($user_id)
  1043. {
  1044. if (empty($user_id)) {
  1045. return false;
  1046. }
  1047. self::change_active_state($user_id, 0);
  1048. return true;
  1049. }
  1050. /**
  1051. * Enable a user
  1052. * @param int User id
  1053. * @return bool
  1054. * @uses UserManager::change_active_state() to actually disable the user
  1055. * @assert (0) === false
  1056. */
  1057. public static function enable($user_id)
  1058. {
  1059. if (empty($user_id)) {
  1060. return false;
  1061. }
  1062. self::change_active_state($user_id, 1);
  1063. return true;
  1064. }
  1065. /**
  1066. * Returns the user's id based on the original id and field name in
  1067. * the extra fields. Returns 0 if no user was found. This function is
  1068. * mostly useful in the context of a web services-based sinchronization
  1069. * @param string Original user id
  1070. * @param string Original field name
  1071. * @return int User id
  1072. * @assert ('0','---') === 0
  1073. */
  1074. public static function get_user_id_from_original_id($original_user_id_value, $original_user_id_name)
  1075. {
  1076. $t_uf = Database::get_main_table(TABLE_EXTRA_FIELD);
  1077. $t_ufv = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
  1078. $extraFieldType = EntityExtraField::USER_FIELD_TYPE;
  1079. $sql = "SELECT item_id as user_id
  1080. FROM $t_uf uf
  1081. INNER JOIN $t_ufv ufv
  1082. ON ufv.field_id=uf.id
  1083. WHERE
  1084. variable='$original_user_id_name' AND
  1085. value='$original_user_id_value' AND
  1086. extra_field_type = $extraFieldType
  1087. ";
  1088. $res = Database::query($sql);
  1089. $row = Database::fetch_object($res);
  1090. if ($row) {
  1091. return $row->user_id;
  1092. } else {
  1093. return 0;
  1094. }
  1095. }
  1096. /**
  1097. * Check if a username is available
  1098. * @param string $username the wanted username
  1099. * @return boolean true if the wanted username is available
  1100. * @assert ('') === false
  1101. * @assert ('xyzxyzxyz') === true
  1102. */
  1103. public static function is_username_available($username)
  1104. {
  1105. if (empty($username)) {
  1106. return false;
  1107. }
  1108. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  1109. $sql = "SELECT username FROM $table_user
  1110. WHERE username = '".Database::escape_string($username)."'";
  1111. $res = Database::query($sql);
  1112. return Database::num_rows($res) == 0;
  1113. }
  1114. /**
  1115. * Creates a username using person's names, i.e. creates jmontoya from Julio Montoya.
  1116. * @param string $firstname The first name of the user.
  1117. * @param string $lastname The last name of the user.
  1118. * @return string Suggests a username that contains only ASCII-letters and digits,
  1119. * without check for uniqueness within the system.
  1120. * @author Julio Montoya Armas
  1121. * @author Ivan Tcholakov, 2009 - rework about internationalization.
  1122. * @assert ('','') === false
  1123. * @assert ('a','b') === 'ab'
  1124. */
  1125. public static function create_username($firstname, $lastname)
  1126. {
  1127. if (empty($firstname) && empty($lastname)) {
  1128. return false;
  1129. }
  1130. $firstname = api_substr(preg_replace(USERNAME_PURIFIER, '', $firstname), 0, 1); // The first letter only.
  1131. //Looking for a space in the lastname
  1132. $pos = api_strpos($lastname, ' ');
  1133. if ($pos !== false) {
  1134. $lastname = api_substr($lastname, 0, $pos);
  1135. }
  1136. $lastname = preg_replace(USERNAME_PURIFIER, '', $lastname);
  1137. $username = $firstname.$lastname;
  1138. if (empty($username)) {
  1139. $username = 'user';
  1140. }
  1141. $username = URLify::transliterate($username);
  1142. return strtolower(substr($username, 0, USERNAME_MAX_LENGTH - 3));
  1143. }
  1144. /**
  1145. * Creates a unique username, using:
  1146. * 1. the first name and the last name of a user;
  1147. * 2. an already created username but not checked for uniqueness yet.
  1148. * @param string $firstname The first name of a given user. If the second parameter $lastname is NULL, then this
  1149. * parameter is treated as username which is to be checked for uniqueness and to be modified when it is necessary.
  1150. * @param string $lastname The last name of the user.
  1151. * @return string Returns a username that contains only ASCII-letters and digits, and that is unique within the system.
  1152. * Note: When the method is called several times with same parameters, its results look like the following sequence: ivan, ivan2, ivan3, ivan4, ...
  1153. * @author Ivan Tcholakov, 2009
  1154. */
  1155. public static function create_unique_username($firstname, $lastname = null)
  1156. {
  1157. if (is_null($lastname)) {
  1158. // In this case the actual input parameter $firstname should contain ASCII-letters and digits only.
  1159. // For making this method tolerant of mistakes, let us transliterate and purify the suggested input username anyway.
  1160. // So, instead of the sentence $username = $firstname; we place the following:
  1161. $username = strtolower(preg_replace(USERNAME_PURIFIER, '', $firstname));
  1162. } else {
  1163. $username = self::create_username($firstname, $lastname);
  1164. }
  1165. if (!self::is_username_available($username)) {
  1166. $i = 2;
  1167. $temp_username = substr($username, 0, USERNAME_MAX_LENGTH - strlen((string) $i)).$i;
  1168. while (!self::is_username_available($temp_username)) {
  1169. $i++;
  1170. $temp_username = substr($username, 0, USERNAME_MAX_LENGTH - strlen((string) $i)).$i;
  1171. }
  1172. $username = $temp_username;
  1173. }
  1174. $username = URLify::transliterate($username);
  1175. return $username;
  1176. }
  1177. /**
  1178. * Modifies a given username accordingly to the specification for valid characters and length.
  1179. * @param $username string The input username.
  1180. * @param bool $strict (optional) When this flag is TRUE, the result is guaranteed for full compliance,
  1181. * otherwise compliance may be partial. The default value is FALSE.
  1182. * @return string The resulting purified username.
  1183. */
  1184. public static function purify_username($username, $strict = false)
  1185. {
  1186. if ($strict) {
  1187. // 1. Conversion of unacceptable letters (latinian letters with accents for example)
  1188. // into ASCII letters in order they not to be totally removed.
  1189. // 2. Applying the strict purifier.
  1190. // 3. Length limitation.
  1191. $return = api_get_setting('login_is_email') === 'true' ? substr(preg_replace(USERNAME_PURIFIER_MAIL, '', $username), 0, USERNAME_MAX_LENGTH) : substr(preg_replace(USERNAME_PURIFIER, '', $username), 0, USERNAME_MAX_LENGTH);
  1192. $return = URLify::transliterate($return);
  1193. return $return;
  1194. }
  1195. // 1. Applying the shallow purifier.
  1196. // 2. Length limitation.
  1197. return substr(preg_replace(USERNAME_PURIFIER_SHALLOW, '', $username), 0, USERNAME_MAX_LENGTH);
  1198. }
  1199. /**
  1200. * Checks whether the user id exists in the database
  1201. *
  1202. * @param int User id
  1203. * @return bool True if user id was found, false otherwise
  1204. */
  1205. public static function is_user_id_valid($userId)
  1206. {
  1207. $resultData = Database::select(
  1208. 'COUNT(1) AS count',
  1209. Database::get_main_table(TABLE_MAIN_USER),
  1210. [
  1211. 'where' => ['id = ?' => intval($userId)],
  1212. ],
  1213. 'first'
  1214. );
  1215. if ($resultData === false) {
  1216. return false;
  1217. }
  1218. return $resultData['count'] > 0;
  1219. }
  1220. /**
  1221. * Checks whether a given username matches to the specification strictly. The empty username is assumed here as invalid.
  1222. * Mostly this function is to be used in the user interface built-in validation routines for providing feedback while usernames are enterd manually.
  1223. * @param string $username The input username.
  1224. * @return bool Returns TRUE if the username is valid, FALSE otherwise.
  1225. */
  1226. public static function is_username_valid($username)
  1227. {
  1228. return !empty($username) && $username == self::purify_username($username, true);
  1229. }
  1230. /**
  1231. * Checks whether a username is empty. If the username contains whitespace characters, such as spaces, tabulators, newlines, etc.,
  1232. * it is assumed as empty too. This function is safe for validation unpurified data (during importing).
  1233. * @param string $username The given username.
  1234. * @return bool Returns TRUE if length of the username exceeds the limit, FALSE otherwise.
  1235. */
  1236. public static function is_username_empty($username)
  1237. {
  1238. return (strlen(self::purify_username($username, false)) == 0);
  1239. }
  1240. /**
  1241. * Checks whether a username is too long or not.
  1242. * @param string $username The given username, it should contain only ASCII-letters and digits.
  1243. * @return bool Returns TRUE if length of the username exceeds the limit, FALSE otherwise.
  1244. */
  1245. public static function is_username_too_long($username)
  1246. {
  1247. return (strlen($username) > USERNAME_MAX_LENGTH);
  1248. }
  1249. /**
  1250. * Get the users by ID
  1251. * @param array $ids student ids
  1252. * @param string $active
  1253. * @param string $order
  1254. * @param string $limit
  1255. * @return array $result student information
  1256. */
  1257. public static function get_user_list_by_ids($ids = array(), $active = null, $order = null, $limit = null)
  1258. {
  1259. if (empty($ids)) {
  1260. return array();
  1261. }
  1262. $ids = is_array($ids) ? $ids : array($ids);
  1263. $ids = array_map('intval', $ids);
  1264. $ids = implode(',', $ids);
  1265. $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
  1266. $sql = "SELECT * FROM $tbl_user WHERE id IN ($ids)";
  1267. if (!is_null($active)) {
  1268. $sql .= ' AND active='.($active ? '1' : '0');
  1269. }
  1270. if (!is_null($order)) {
  1271. $order = Database::escape_string($order);
  1272. $sql .= ' ORDER BY '.$order;
  1273. }
  1274. if (!is_null($limit)) {
  1275. $limit = Database::escape_string($limit);
  1276. $sql .= ' LIMIT '.$limit;
  1277. }
  1278. $rs = Database::query($sql);
  1279. $result = array();
  1280. while ($row = Database::fetch_array($rs)) {
  1281. $result[] = $row;
  1282. }
  1283. return $result;
  1284. }
  1285. /**
  1286. * Get a list of users of which the given conditions match with an = 'cond'
  1287. * @param array $conditions a list of condition (example : status=>STUDENT)
  1288. * @param array $order_by a list of fields on which sort
  1289. * @return array An array with all users of the platform.
  1290. * @todo optional course code parameter, optional sorting parameters...
  1291. * @todo security filter order by
  1292. */
  1293. public static function get_user_list(
  1294. $conditions = [],
  1295. $order_by = [],
  1296. $limit_from = false,
  1297. $limit_to = false
  1298. ) {
  1299. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  1300. $userUrlTable = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  1301. $urlId = api_get_current_access_url_id();
  1302. $return_array = array();
  1303. $sql = "SELECT user.* FROM $user_table user
  1304. INNER JOIN $userUrlTable url_user
  1305. ON (user.user_id = url_user.user_id)
  1306. WHERE url_user.access_url_id = $urlId
  1307. ";
  1308. if (count($conditions) > 0) {
  1309. foreach ($conditions as $field => $value) {
  1310. $field = Database::escape_string($field);
  1311. $value = Database::escape_string($value);
  1312. $sql .= " AND $field = '$value'";
  1313. }
  1314. }
  1315. if (count($order_by) > 0) {
  1316. $sql .= ' ORDER BY '.Database::escape_string(implode(',', $order_by), null, false);
  1317. }
  1318. if (is_numeric($limit_from) && is_numeric($limit_from)) {
  1319. $limit_from = intval($limit_from);
  1320. $limit_to = intval($limit_to);
  1321. $sql .= " LIMIT $limit_from, $limit_to";
  1322. }
  1323. $sql_result = Database::query($sql);
  1324. while ($result = Database::fetch_array($sql_result)) {
  1325. $result['complete_name'] = api_get_person_name($result['firstname'], $result['lastname']);
  1326. $return_array[] = $result;
  1327. }
  1328. return $return_array;
  1329. }
  1330. /**
  1331. * Get a list of users of which the given conditions match with a LIKE '%cond%'
  1332. * @param array $conditions a list of condition (exemple : status=>STUDENT)
  1333. * @param array $order_by a list of fields on which sort
  1334. * @return array An array with all users of the platform.
  1335. * @todo optional course code parameter, optional sorting parameters...
  1336. * @todo security filter order_by
  1337. */
  1338. public static function get_user_list_like(
  1339. $conditions = array(),
  1340. $order_by = array(),
  1341. $simple_like = false,
  1342. $condition = 'AND'
  1343. ) {
  1344. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  1345. $tblAccessUrlRelUser = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  1346. $return_array = array();
  1347. $sql_query = "SELECT user.id FROM $user_table user ";
  1348. if (api_is_multiple_url_enabled()) {
  1349. $sql_query .= " INNER JOIN $tblAccessUrlRelUser auru ON auru.user_id = user.id ";
  1350. }
  1351. if (count($conditions) > 0) {
  1352. $sql_query .= ' WHERE ';
  1353. $temp_conditions = array();
  1354. foreach ($conditions as $field => $value) {
  1355. $field = Database::escape_string($field);
  1356. $value = Database::escape_string($value);
  1357. if ($simple_like) {
  1358. $temp_conditions[] = $field." LIKE '$value%'";
  1359. } else {
  1360. $temp_conditions[] = $field.' LIKE \'%'.$value.'%\'';
  1361. }
  1362. }
  1363. if (!empty($temp_conditions)) {
  1364. $sql_query .= implode(' '.$condition.' ', $temp_conditions);
  1365. }
  1366. if (api_is_multiple_url_enabled()) {
  1367. $sql_query .= ' AND auru.access_url_id = '.api_get_current_access_url_id();
  1368. }
  1369. } else {
  1370. if (api_is_multiple_url_enabled()) {
  1371. $sql_query .= ' WHERE auru.access_url_id = '.api_get_current_access_url_id();
  1372. }
  1373. }
  1374. if (count($order_by) > 0) {
  1375. $sql_query .= ' ORDER BY '.Database::escape_string(implode(',', $order_by), null, false);
  1376. }
  1377. $sql_result = Database::query($sql_query);
  1378. while ($result = Database::fetch_array($sql_result)) {
  1379. $userInfo = api_get_user_info($result['id']);
  1380. $return_array[] = $userInfo;
  1381. }
  1382. return $return_array;
  1383. }
  1384. /**
  1385. * Get user picture URL or path from user ID (returns an array).
  1386. * The return format is a complete path, enabling recovery of the directory
  1387. * with dirname() or the file with basename(). This also works for the
  1388. * functions dealing with the user's productions, as they are located in
  1389. * the same directory.
  1390. * @param integer $id User ID
  1391. * @param string $type Type of path to return (can be 'system', 'web')
  1392. * @param array $userInfo user information to avoid query the DB
  1393. * returns the /main/img/unknown.jpg image set it at true
  1394. *
  1395. * @return array Array of 2 elements: 'dir' and 'file' which contain
  1396. * the dir and file as the name implies if image does not exist it will
  1397. * return the unknow image if anonymous parameter is true if not it returns an empty array
  1398. */
  1399. public static function get_user_picture_path_by_id($id, $type = 'web', $userInfo = [])
  1400. {
  1401. switch ($type) {
  1402. case 'system': // Base: absolute system path.
  1403. $base = api_get_path(SYS_CODE_PATH);
  1404. break;
  1405. case 'web': // Base: absolute web path.
  1406. default:
  1407. $base = api_get_path(WEB_CODE_PATH);
  1408. break;
  1409. }
  1410. $anonymousPath = array(
  1411. 'dir' => $base.'img/',
  1412. 'file' => 'unknown.jpg',
  1413. 'email' => ''
  1414. );
  1415. if (empty($id) || empty($type)) {
  1416. return $anonymousPath;
  1417. }
  1418. $id = intval($id);
  1419. if (empty($userInfo)) {
  1420. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  1421. $sql = "SELECT email, picture_uri FROM $user_table
  1422. WHERE id=".$id;
  1423. $res = Database::query($sql);
  1424. if (!Database::num_rows($res)) {
  1425. return $anonymousPath;
  1426. }
  1427. $user = Database::fetch_array($res);
  1428. if (empty($user['picture_uri'])) {
  1429. return $anonymousPath;
  1430. }
  1431. } else {
  1432. $user = $userInfo;
  1433. }
  1434. $pictureFilename = trim($user['picture_uri']);
  1435. $dir = self::getUserPathById($id, $type);
  1436. return array(
  1437. 'dir' => $dir,
  1438. 'file' => $pictureFilename,
  1439. 'email' => $user['email']
  1440. );
  1441. }
  1442. /**
  1443. * *** READ BEFORE REVIEW THIS FUNCTION ***
  1444. * This function is a exact copy from get_user_picture_path_by_id() and it was create it to avoid
  1445. * a recursive calls for get_user_picture_path_by_id() in another functions when you update a user picture
  1446. * in same script, so you can find this function usage in update_user_picture() function.
  1447. *
  1448. * @param integer $id User ID
  1449. * @param string $type Type of path to return (can be 'system', 'web')
  1450. * @param array $userInfo user information to avoid query the DB
  1451. * returns the /main/img/unknown.jpg image set it at true
  1452. *
  1453. * @return array Array of 2 elements: 'dir' and 'file' which contain
  1454. * the dir and file as the name implies if image does not exist it will
  1455. * return the unknown image if anonymous parameter is true if not it returns an empty array
  1456. */
  1457. public static function getUserPicturePathById($id, $type = 'web', $userInfo = [])
  1458. {
  1459. switch ($type) {
  1460. case 'system': // Base: absolute system path.
  1461. $base = api_get_path(SYS_CODE_PATH);
  1462. break;
  1463. case 'web': // Base: absolute web path.
  1464. default:
  1465. $base = api_get_path(WEB_CODE_PATH);
  1466. break;
  1467. }
  1468. $anonymousPath = array(
  1469. 'dir' => $base.'img/',
  1470. 'file' => 'unknown.jpg',
  1471. 'email' => ''
  1472. );
  1473. if (empty($id) || empty($type)) {
  1474. return $anonymousPath;
  1475. }
  1476. $id = intval($id);
  1477. if (empty($userInfo)) {
  1478. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  1479. $sql = "SELECT email, picture_uri FROM $user_table WHERE id=$id";
  1480. $res = Database::query($sql);
  1481. if (!Database::num_rows($res)) {
  1482. return $anonymousPath;
  1483. }
  1484. $user = Database::fetch_array($res);
  1485. if (empty($user['picture_uri'])) {
  1486. return $anonymousPath;
  1487. }
  1488. } else {
  1489. $user = $userInfo;
  1490. }
  1491. $pictureFilename = trim($user['picture_uri']);
  1492. $dir = self::getUserPathById($id, $type);
  1493. return array(
  1494. 'dir' => $dir,
  1495. 'file' => $pictureFilename,
  1496. 'email' => $user['email'],
  1497. );
  1498. }
  1499. /**
  1500. * Get user path from user ID (returns an array).
  1501. * The return format is a complete path to a folder ending with "/"
  1502. * In case the first level of subdirectory of users/ does not exist, the
  1503. * function will attempt to create it. Probably not the right place to do it
  1504. * but at least it avoids headaches in many other places.
  1505. * @param integer $id User ID
  1506. * @param string $type Type of path to return (can be 'system', 'web', 'last')
  1507. * @return string User folder path (i.e. /var/www/chamilo/app/upload/users/1/1/)
  1508. */
  1509. public static function getUserPathById($id, $type)
  1510. {
  1511. $id = intval($id);
  1512. if (!$id) {
  1513. return null;
  1514. }
  1515. $userPath = "users/$id/";
  1516. if (api_get_setting('split_users_upload_directory') === 'true') {
  1517. $userPath = 'users/'.substr((string) $id, 0, 1).'/'.$id.'/';
  1518. // In exceptional cases, on some portals, the intermediate base user
  1519. // directory might not have been created. Make sure it is before
  1520. // going further.
  1521. $rootPath = api_get_path(SYS_UPLOAD_PATH).'users/'.substr((string) $id, 0, 1);
  1522. if (!is_dir($rootPath)) {
  1523. $perm = api_get_permissions_for_new_directories();
  1524. try {
  1525. mkdir($rootPath, $perm);
  1526. } catch (Exception $e) {
  1527. error_log($e->getMessage());
  1528. }
  1529. }
  1530. }
  1531. switch ($type) {
  1532. case 'system': // Base: absolute system path.
  1533. $userPath = api_get_path(SYS_UPLOAD_PATH).$userPath;
  1534. break;
  1535. case 'web': // Base: absolute web path.
  1536. $userPath = api_get_path(WEB_UPLOAD_PATH).$userPath;
  1537. break;
  1538. case 'last': // Only the last part starting with users/
  1539. break;
  1540. }
  1541. return $userPath;
  1542. }
  1543. /**
  1544. * Gets the current user image
  1545. * @param string $user_id
  1546. * @param int $size it can be USER_IMAGE_SIZE_SMALL,
  1547. * USER_IMAGE_SIZE_MEDIUM, USER_IMAGE_SIZE_BIG or USER_IMAGE_SIZE_ORIGINAL
  1548. * @param bool $addRandomId
  1549. * @param array $userInfo to avoid query the DB
  1550. *
  1551. * @return string
  1552. */
  1553. public static function getUserPicture(
  1554. $user_id,
  1555. $size = USER_IMAGE_SIZE_MEDIUM,
  1556. $addRandomId = true,
  1557. $userInfo = []
  1558. ) {
  1559. // Make sure userInfo is defined. Otherwise, define it!
  1560. if (empty($userInfo) || !is_array($userInfo) || count($userInfo) == 0) {
  1561. if (empty($user_id)) {
  1562. return '';
  1563. } else {
  1564. $userInfo = api_get_user_info($user_id);
  1565. }
  1566. }
  1567. $imageWebPath = self::get_user_picture_path_by_id($user_id, 'web', $userInfo);
  1568. $pictureWebFile = $imageWebPath['file'];
  1569. $pictureWebDir = $imageWebPath['dir'];
  1570. $pictureAnonymousSize = '128';
  1571. $gravatarSize = 22;
  1572. $realSizeName = 'small_';
  1573. switch ($size) {
  1574. case USER_IMAGE_SIZE_SMALL:
  1575. $pictureAnonymousSize = '32';
  1576. $realSizeName = 'small_';
  1577. $gravatarSize = 22;
  1578. break;
  1579. case USER_IMAGE_SIZE_MEDIUM:
  1580. $pictureAnonymousSize = '64';
  1581. $realSizeName = 'medium_';
  1582. $gravatarSize = 50;
  1583. break;
  1584. case USER_IMAGE_SIZE_ORIGINAL:
  1585. $pictureAnonymousSize = '128';
  1586. $realSizeName = '';
  1587. $gravatarSize = 200;
  1588. break;
  1589. case USER_IMAGE_SIZE_BIG:
  1590. $pictureAnonymousSize = '128';
  1591. $realSizeName = 'big_';
  1592. $gravatarSize = 200;
  1593. break;
  1594. }
  1595. $gravatarEnabled = api_get_setting('gravatar_enabled');
  1596. $anonymousPath = Display::returnIconPath('unknown.png', $pictureAnonymousSize);
  1597. if ($pictureWebFile == 'unknown.jpg' || empty($pictureWebFile)) {
  1598. if ($gravatarEnabled === 'true') {
  1599. $file = self::getGravatar(
  1600. $imageWebPath['email'],
  1601. $gravatarSize,
  1602. api_get_setting('gravatar_type')
  1603. );
  1604. if ($addRandomId) {
  1605. $file .= '&rand='.uniqid();
  1606. }
  1607. return $file;
  1608. }
  1609. return $anonymousPath;
  1610. }
  1611. $pictureSysPath = self::get_user_picture_path_by_id($user_id, 'system');
  1612. $file = $pictureSysPath['dir'].$realSizeName.$pictureWebFile;
  1613. $picture = '';
  1614. if (file_exists($file)) {
  1615. $picture = $pictureWebDir.$realSizeName.$pictureWebFile;
  1616. } else {
  1617. $file = $pictureSysPath['dir'].$pictureWebFile;
  1618. if (file_exists($file) && !is_dir($file)) {
  1619. $picture = $pictureWebFile['dir'].$pictureWebFile;
  1620. }
  1621. }
  1622. if (empty($picture)) {
  1623. return $anonymousPath;
  1624. }
  1625. if ($addRandomId) {
  1626. $picture .= '?rand='.uniqid();
  1627. }
  1628. return $picture;
  1629. }
  1630. /**
  1631. * Creates new user photos in various sizes of a user, or deletes user photos.
  1632. * Note: This method relies on configuration setting from main/inc/conf/profile.conf.php
  1633. * @param int $user_id The user internal identification number.
  1634. * @param string $file The common file name for the newly created photos.
  1635. * It will be checked and modified for compatibility with the file system.
  1636. * If full name is provided, path component is ignored.
  1637. * If an empty name is provided, then old user photos are deleted only,
  1638. * @see UserManager::delete_user_picture() as the prefered way for deletion.
  1639. * @param string $source_file The full system name of the image from which user photos will be created.
  1640. * @param string $cropParameters Optional string that contents "x,y,width,height" of a cropped image format
  1641. * @return string/bool Returns the resulting common file name of created images which usually should be stored in database.
  1642. * When deletion is requested returns empty string. In case of internal error or negative validation returns FALSE.
  1643. */
  1644. public static function update_user_picture($user_id, $file = null, $source_file = null, $cropParameters = '')
  1645. {
  1646. if (empty($user_id)) {
  1647. return false;
  1648. }
  1649. $delete = empty($file);
  1650. if (empty($source_file)) {
  1651. $source_file = $file;
  1652. }
  1653. // User-reserved directory where photos have to be placed.
  1654. $path_info = self::getUserPicturePathById($user_id, 'system');
  1655. $path = $path_info['dir'];
  1656. // If this directory does not exist - we create it.
  1657. if (!file_exists($path)) {
  1658. mkdir($path, api_get_permissions_for_new_directories(), true);
  1659. }
  1660. // The old photos (if any).
  1661. $old_file = $path_info['file'];
  1662. // Let us delete them.
  1663. if ($old_file != 'unknown.jpg') {
  1664. if (KEEP_THE_OLD_IMAGE_AFTER_CHANGE) {
  1665. $prefix = 'saved_'.date('Y_m_d_H_i_s').'_'.uniqid('').'_';
  1666. @rename($path.'small_'.$old_file, $path.$prefix.'small_'.$old_file);
  1667. @rename($path.'medium_'.$old_file, $path.$prefix.'medium_'.$old_file);
  1668. @rename($path.'big_'.$old_file, $path.$prefix.'big_'.$old_file);
  1669. @rename($path.$old_file, $path.$prefix.$old_file);
  1670. } else {
  1671. @unlink($path.'small_'.$old_file);
  1672. @unlink($path.'medium_'.$old_file);
  1673. @unlink($path.'big_'.$old_file);
  1674. @unlink($path.$old_file);
  1675. }
  1676. }
  1677. // Exit if only deletion has been requested. Return an empty picture name.
  1678. if ($delete) {
  1679. return '';
  1680. }
  1681. // Validation 2.
  1682. $allowed_types = api_get_supported_image_extensions();
  1683. $file = str_replace('\\', '/', $file);
  1684. $filename = (($pos = strrpos($file, '/')) !== false) ? substr($file, $pos + 1) : $file;
  1685. $extension = strtolower(substr(strrchr($filename, '.'), 1));
  1686. if (!in_array($extension, $allowed_types)) {
  1687. return false;
  1688. }
  1689. // This is the common name for the new photos.
  1690. if (KEEP_THE_NAME_WHEN_CHANGE_IMAGE && $old_file != 'unknown.jpg') {
  1691. $old_extension = strtolower(substr(strrchr($old_file, '.'), 1));
  1692. $filename = in_array($old_extension, $allowed_types) ? substr($old_file, 0, -strlen($old_extension)) : $old_file;
  1693. $filename = (substr($filename, -1) == '.') ? $filename.$extension : $filename.'.'.$extension;
  1694. } else {
  1695. $filename = api_replace_dangerous_char($filename);
  1696. if (PREFIX_IMAGE_FILENAME_WITH_UID) {
  1697. $filename = uniqid('').'_'.$filename;
  1698. }
  1699. // We always prefix user photos with user ids, so on setting
  1700. // api_get_setting('split_users_upload_directory') === 'true'
  1701. // the correspondent directories to be found successfully.
  1702. $filename = $user_id.'_'.$filename;
  1703. }
  1704. //Crop the image to adjust 1:1 ratio
  1705. $image = new Image($source_file);
  1706. $image->crop($cropParameters);
  1707. // Storing the new photos in 4 versions with various sizes.
  1708. $userPath = self::getUserPathById($user_id, 'system');
  1709. // If this path does not exist - we create it.
  1710. if (!file_exists($userPath)) {
  1711. mkdir($userPath, api_get_permissions_for_new_directories(), true);
  1712. }
  1713. $small = new Image($source_file);
  1714. $small->resize(32);
  1715. $small->send_image($userPath.'small_'.$filename);
  1716. $medium = new Image($source_file);
  1717. $medium->resize(85);
  1718. $medium->send_image($userPath.'medium_'.$filename);
  1719. $normal = new Image($source_file);
  1720. $normal->resize(200);
  1721. $normal->send_image($userPath.$filename);
  1722. $big = new Image($source_file); // This is the original picture.
  1723. $big->send_image($userPath.'big_'.$filename);
  1724. $result = $small && $medium && $normal && $big;
  1725. return $result ? $filename : false;
  1726. }
  1727. /**
  1728. * Update User extra field file type into {user_folder}/{$extra_field}
  1729. * @param int $user_id The user internal identification number
  1730. * @param string $extra_field The $extra_field The extra field name
  1731. * @param null $file The filename
  1732. * @param null $source_file The temporal filename
  1733. * @return bool|null return filename if success, but false
  1734. */
  1735. public static function update_user_extra_file($user_id, $extra_field = '', $file = null, $source_file = null)
  1736. {
  1737. // Add Filter
  1738. $source_file = Security::filter_filename($source_file);
  1739. $file = Security::filter_filename($file);
  1740. if (empty($user_id)) {
  1741. return false;
  1742. }
  1743. if (empty($source_file)) {
  1744. $source_file = $file;
  1745. }
  1746. // User-reserved directory where extra file have to be placed.
  1747. $path_info = self::get_user_picture_path_by_id($user_id, 'system');
  1748. $path = $path_info['dir'];
  1749. if (!empty($extra_field)) {
  1750. $path .= $extra_field.'/';
  1751. }
  1752. // If this directory does not exist - we create it.
  1753. if (!file_exists($path)) {
  1754. @mkdir($path, api_get_permissions_for_new_directories(), true);
  1755. }
  1756. if (filter_extension($file)) {
  1757. if (@move_uploaded_file($source_file, $path.$file)) {
  1758. if ($extra_field) {
  1759. return $extra_field.'/'.$file;
  1760. } else {
  1761. return $file;
  1762. }
  1763. }
  1764. }
  1765. return false; // this should be returned if anything went wrong with the upload
  1766. }
  1767. /**
  1768. * Deletes user photos.
  1769. * Note: This method relies on configuration setting from main/inc/conf/profile.conf.php
  1770. * @param int $user_id The user internal identitfication number.
  1771. * @return string/bool Returns empty string on success, FALSE on error.
  1772. */
  1773. public static function delete_user_picture($user_id)
  1774. {
  1775. return self::update_user_picture($user_id);
  1776. }
  1777. /**
  1778. * Returns an XHTML formatted list of productions for a user, or FALSE if he
  1779. * doesn't have any.
  1780. *
  1781. * If there has been a request to remove a production, the function will return
  1782. * without building the list unless forced to do so by the optional second
  1783. * parameter. This increases performance by avoiding to read through the
  1784. * productions on the filesystem before the removal request has been carried
  1785. * out because they'll have to be re-read afterwards anyway.
  1786. *
  1787. * @param int $user_id User id
  1788. * @param bool $force Optional parameter to force building after a removal request
  1789. * @param bool $showDelete
  1790. *
  1791. * @return string A string containing the XHTML code to display the production list, or FALSE
  1792. */
  1793. public static function build_production_list($user_id, $force = false, $showDelete = false)
  1794. {
  1795. if (!$force && !empty($_POST['remove_production'])) {
  1796. return true; // postpone reading from the filesystem
  1797. }
  1798. $productions = self::get_user_productions($user_id);
  1799. if (empty($productions)) {
  1800. return false;
  1801. }
  1802. $production_dir = self::getUserPathById($user_id, 'web');
  1803. $del_image = Display::returnIconPath('delete.png');
  1804. $add_image = Display::returnIconPath('archive.png');
  1805. $del_text = get_lang('Delete');
  1806. $production_list = '';
  1807. if (count($productions) > 0) {
  1808. $production_list = '<div class="files-production"><ul id="productions">';
  1809. foreach ($productions as $file) {
  1810. $production_list .= '<li><img src="'.$add_image.'" /><a href="'.$production_dir.urlencode($file).'" target="_blank">'.htmlentities($file).'</a>';
  1811. if ($showDelete) {
  1812. $production_list .= '&nbsp;&nbsp;<input style="width:16px;" type="image" name="remove_production['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($file).'" onclick="javascript: return confirmation(\''.htmlentities($file).'\');" /></li>';
  1813. }
  1814. }
  1815. $production_list .= '</ul></div>';
  1816. }
  1817. return $production_list;
  1818. }
  1819. /**
  1820. * Returns an array with the user's productions.
  1821. *
  1822. * @param $user_id User id
  1823. * @return array An array containing the user's productions
  1824. */
  1825. public static function get_user_productions($user_id)
  1826. {
  1827. $production_repository = self::getUserPathById($user_id, 'system');
  1828. $productions = array();
  1829. if (is_dir($production_repository)) {
  1830. $handle = opendir($production_repository);
  1831. while ($file = readdir($handle)) {
  1832. if ($file == '.' ||
  1833. $file == '..' ||
  1834. $file == '.htaccess' ||
  1835. is_dir($production_repository.$file)
  1836. ) {
  1837. // skip current/parent directory and .htaccess
  1838. continue;
  1839. }
  1840. if (preg_match('/('.$user_id.'|[0-9a-f]{13}|saved)_.+\.(png|jpg|jpeg|gif)$/i', $file)) {
  1841. // User's photos should not be listed as productions.
  1842. continue;
  1843. }
  1844. $productions[] = $file;
  1845. }
  1846. }
  1847. return $productions;
  1848. }
  1849. /**
  1850. * Remove a user production.
  1851. *
  1852. * @param int $user_id User id
  1853. * @param string $production The production to remove
  1854. */
  1855. public static function remove_user_production($user_id, $production)
  1856. {
  1857. $production_path = self::get_user_picture_path_by_id($user_id, 'system');
  1858. $production_file = $production_path['dir'].$production;
  1859. if (is_file($production_file)) {
  1860. unlink($production_file);
  1861. return true;
  1862. }
  1863. return false;
  1864. }
  1865. /**
  1866. * Update an extra field value for a given user
  1867. * @param integer $userId User ID
  1868. * @param string $variable Field variable name
  1869. * @param string $value Field value
  1870. *
  1871. * @return boolean true if field updated, false otherwise
  1872. */
  1873. public static function update_extra_field_value($userId, $variable, $value = '')
  1874. {
  1875. $extraFieldValue = new ExtraFieldValue('user');
  1876. $params = [
  1877. 'item_id' => $userId,
  1878. 'variable' => $variable,
  1879. 'value' => $value
  1880. ];
  1881. return $extraFieldValue->save($params);
  1882. }
  1883. /**
  1884. * Get an array of extra fields with field details (type, default value and options)
  1885. * @param integer Offset (from which row)
  1886. * @param integer Number of items
  1887. * @param integer Column on which sorting is made
  1888. * @param string Sorting direction
  1889. * @param boolean Optional. Whether we get all the fields or just the visible ones
  1890. * @param int Optional. Whether we get all the fields with field_filter 1 or 0 or everything
  1891. * @return array Extra fields details (e.g. $list[2]['type'], $list[4]['options'][2]['title']
  1892. */
  1893. public static function get_extra_fields(
  1894. $from = 0,
  1895. $number_of_items = 0,
  1896. $column = 5,
  1897. $direction = 'ASC',
  1898. $all_visibility = true,
  1899. $field_filter = null
  1900. ) {
  1901. $fields = array();
  1902. $t_uf = Database::get_main_table(TABLE_EXTRA_FIELD);
  1903. $t_ufo = Database::get_main_table(TABLE_EXTRA_FIELD_OPTIONS);
  1904. $columns = array(
  1905. 'id',
  1906. 'variable',
  1907. 'field_type',
  1908. 'display_text',
  1909. 'default_value',
  1910. 'field_order',
  1911. 'filter'
  1912. );
  1913. $column = intval($column);
  1914. $sort_direction = '';
  1915. if (in_array(strtoupper($direction), array('ASC', 'DESC'))) {
  1916. $sort_direction = strtoupper($direction);
  1917. }
  1918. $extraFieldType = EntityExtraField::USER_FIELD_TYPE;
  1919. $sqlf = "SELECT * FROM $t_uf WHERE extra_field_type = $extraFieldType ";
  1920. if (!$all_visibility) {
  1921. $sqlf .= " AND visible_to_self = 1 ";
  1922. }
  1923. if (!is_null($field_filter)) {
  1924. $field_filter = intval($field_filter);
  1925. $sqlf .= " AND filter = $field_filter ";
  1926. }
  1927. $sqlf .= " ORDER BY ".$columns[$column]." $sort_direction ";
  1928. if ($number_of_items != 0) {
  1929. $sqlf .= " LIMIT ".intval($from).','.intval($number_of_items);
  1930. }
  1931. $resf = Database::query($sqlf);
  1932. if (Database::num_rows($resf) > 0) {
  1933. while ($rowf = Database::fetch_array($resf)) {
  1934. $fields[$rowf['id']] = array(
  1935. 0 => $rowf['id'],
  1936. 1 => $rowf['variable'],
  1937. 2 => $rowf['field_type'],
  1938. 3 => empty($rowf['display_text']) ? '' : $rowf['display_text'],
  1939. 4 => $rowf['default_value'],
  1940. 5 => $rowf['field_order'],
  1941. 6 => $rowf['visible_to_self'],
  1942. 7 => $rowf['changeable'],
  1943. 8 => $rowf['filter'],
  1944. 9 => array(),
  1945. 10 => '<a name="'.$rowf['id'].'"></a>',
  1946. );
  1947. $sqlo = "SELECT * FROM $t_ufo
  1948. WHERE field_id = ".$rowf['id']."
  1949. ORDER BY option_order ASC";
  1950. $reso = Database::query($sqlo);
  1951. if (Database::num_rows($reso) > 0) {
  1952. while ($rowo = Database::fetch_array($reso)) {
  1953. $fields[$rowf['id']][9][$rowo['id']] = array(
  1954. 0 => $rowo['id'],
  1955. 1 => $rowo['option_value'],
  1956. 2 => empty($rowo['display_text']) ? '' : $rowo['display_text'],
  1957. 3 => $rowo['option_order']
  1958. );
  1959. }
  1960. }
  1961. }
  1962. }
  1963. return $fields;
  1964. }
  1965. /**
  1966. * Build a list of extra file already uploaded in $user_folder/{$extra_field}/
  1967. * @param $user_id
  1968. * @param $extra_field
  1969. * @param bool $force
  1970. * @param bool $showDelete
  1971. * @return bool|string
  1972. */
  1973. public static function build_user_extra_file_list($user_id, $extra_field, $force = false, $showDelete = false)
  1974. {
  1975. if (!$force && !empty($_POST['remove_'.$extra_field])) {
  1976. return true; // postpone reading from the filesystem
  1977. }
  1978. $extra_files = self::get_user_extra_files($user_id, $extra_field);
  1979. if (empty($extra_files)) {
  1980. return false;
  1981. }
  1982. $path_info = self::get_user_picture_path_by_id($user_id, 'web');
  1983. $path = $path_info['dir'];
  1984. $del_image = Display::returnIconPath('delete.png');
  1985. $del_text = get_lang('Delete');
  1986. $extra_file_list = '';
  1987. if (count($extra_files) > 0) {
  1988. $extra_file_list = '<div class="files-production"><ul id="productions">';
  1989. foreach ($extra_files as $file) {
  1990. $filename = substr($file, strlen($extra_field) + 1);
  1991. $extra_file_list .= '<li>'.Display::return_icon('archive.png').'<a href="'.$path.$extra_field.'/'.urlencode($filename).'" target="_blank">'.htmlentities($filename).'</a> ';
  1992. if ($showDelete) {
  1993. $extra_file_list .= '<input style="width:16px;" type="image" name="remove_extra_'.$extra_field.'['.urlencode($file).']" src="'.$del_image.'" alt="'.$del_text.'" title="'.$del_text.' '.htmlentities($filename).'" onclick="javascript: return confirmation(\''.htmlentities($filename).'\');" /></li>';
  1994. }
  1995. }
  1996. $extra_file_list .= '</ul></div>';
  1997. }
  1998. return $extra_file_list;
  1999. }
  2000. /**
  2001. * Get valid filenames in $user_folder/{$extra_field}/
  2002. * @param $user_id
  2003. * @param $extra_field
  2004. * @param bool $full_path
  2005. * @return array
  2006. */
  2007. public static function get_user_extra_files($user_id, $extra_field, $full_path = false)
  2008. {
  2009. if (!$full_path) {
  2010. // Nothing to do
  2011. } else {
  2012. $path_info = self::get_user_picture_path_by_id($user_id, 'system');
  2013. $path = $path_info['dir'];
  2014. }
  2015. $extra_data = self::get_extra_user_data_by_field($user_id, $extra_field);
  2016. $extra_files = $extra_data[$extra_field];
  2017. if (is_array($extra_files)) {
  2018. foreach ($extra_files as $key => $value) {
  2019. if (!$full_path) {
  2020. // Relative path from user folder
  2021. $files[] = $value;
  2022. } else {
  2023. $files[] = $path.$value;
  2024. }
  2025. }
  2026. } elseif (!empty($extra_files)) {
  2027. if (!$full_path) {
  2028. // Relative path from user folder
  2029. $files[] = $extra_files;
  2030. } else {
  2031. $files[] = $path.$extra_files;
  2032. }
  2033. }
  2034. return $files; // can be an empty array
  2035. }
  2036. /**
  2037. * Remove an {$extra_file} from the user folder $user_folder/{$extra_field}/
  2038. * @param $user_id
  2039. * @param $extra_field
  2040. * @param $extra_file
  2041. * @return bool
  2042. */
  2043. public static function remove_user_extra_file($user_id, $extra_field, $extra_file)
  2044. {
  2045. $extra_file = Security::filter_filename($extra_file);
  2046. $path_info = self::get_user_picture_path_by_id($user_id, 'system');
  2047. if (strpos($extra_file, $extra_field) !== false) {
  2048. $path_extra_file = $path_info['dir'].$extra_file;
  2049. } else {
  2050. $path_extra_file = $path_info['dir'].$extra_field.'/'.$extra_file;
  2051. }
  2052. if (is_file($path_extra_file)) {
  2053. unlink($path_extra_file);
  2054. return true;
  2055. }
  2056. return false;
  2057. }
  2058. /**
  2059. * Creates a new extra field
  2060. * @param string $variable Field's internal variable name
  2061. * @param int $fieldType Field's type
  2062. * @param string $displayText Field's language var name
  2063. * @param string $default Field's default value
  2064. * @return int
  2065. */
  2066. public static function create_extra_field($variable, $fieldType, $displayText, $default)
  2067. {
  2068. $extraField = new ExtraField('user');
  2069. $params = [
  2070. 'variable' => $variable,
  2071. 'field_type' => $fieldType,
  2072. 'display_text' => $displayText,
  2073. 'default_value' => $default
  2074. ];
  2075. return $extraField->save($params);
  2076. }
  2077. /**
  2078. * Check if a field is available
  2079. * @param string $variable
  2080. * @return boolean
  2081. */
  2082. public static function is_extra_field_available($variable)
  2083. {
  2084. $extraField = new ExtraField('user');
  2085. $data = $extraField->get_handler_field_info_by_field_variable($variable);
  2086. return !empty($data) ? true : false;
  2087. }
  2088. /**
  2089. * Gets user extra fields data
  2090. * @param integer User ID
  2091. * @param boolean Whether to prefix the fields indexes with "extra_" (might be used by formvalidator)
  2092. * @param boolean Whether to return invisible fields as well
  2093. * @param boolean Whether to split multiple-selection fields or not
  2094. * @return array Array of fields => value for the given user
  2095. */
  2096. public static function get_extra_user_data(
  2097. $user_id,
  2098. $prefix = false,
  2099. $all_visibility = true,
  2100. $splitmultiple = false,
  2101. $field_filter = null
  2102. ) {
  2103. // A sanity check.
  2104. if (empty($user_id)) {
  2105. $user_id = 0;
  2106. } else {
  2107. if ($user_id != strval(intval($user_id)))
  2108. return array();
  2109. }
  2110. $extra_data = array();
  2111. $t_uf = Database::get_main_table(TABLE_EXTRA_FIELD);
  2112. $t_ufv = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
  2113. $user_id = intval($user_id);
  2114. $sql = "SELECT f.id as id, f.variable as fvar, f.field_type as type
  2115. FROM $t_uf f
  2116. WHERE
  2117. extra_field_type = ".EntityExtraField::USER_FIELD_TYPE."
  2118. ";
  2119. $filter_cond = '';
  2120. if (!$all_visibility) {
  2121. if (isset($field_filter)) {
  2122. $field_filter = intval($field_filter);
  2123. $filter_cond .= " AND filter = $field_filter ";
  2124. }
  2125. $sql .= " AND f.visible_to_self = 1 $filter_cond ";
  2126. } else {
  2127. if (isset($field_filter)) {
  2128. $field_filter = intval($field_filter);
  2129. $sql .= " AND filter = $field_filter ";
  2130. }
  2131. }
  2132. $sql .= " ORDER BY f.field_order";
  2133. $res = Database::query($sql);
  2134. if (Database::num_rows($res) > 0) {
  2135. while ($row = Database::fetch_array($res)) {
  2136. if ($row['type'] == self::USER_FIELD_TYPE_TAG) {
  2137. $tags = self::get_user_tags_to_string($user_id, $row['id'], false);
  2138. $extra_data['extra_'.$row['fvar']] = $tags;
  2139. } else {
  2140. $sqlu = "SELECT value as fval
  2141. FROM $t_ufv
  2142. WHERE field_id=".$row['id']." AND item_id = ".$user_id;
  2143. $resu = Database::query($sqlu);
  2144. // get default value
  2145. $sql_df = "SELECT default_value as fval_df FROM $t_uf
  2146. WHERE id=".$row['id'];
  2147. $res_df = Database::query($sql_df);
  2148. if (Database::num_rows($resu) > 0) {
  2149. $rowu = Database::fetch_array($resu);
  2150. $fval = $rowu['fval'];
  2151. if ($row['type'] == self::USER_FIELD_TYPE_SELECT_MULTIPLE) {
  2152. $fval = explode(';', $rowu['fval']);
  2153. }
  2154. } else {
  2155. $row_df = Database::fetch_array($res_df);
  2156. $fval = $row_df['fval_df'];
  2157. }
  2158. // We get here (and fill the $extra_data array) even if there
  2159. // is no user with data (we fill it with default values)
  2160. if ($prefix) {
  2161. if ($row['type'] == self::USER_FIELD_TYPE_RADIO) {
  2162. $extra_data['extra_'.$row['fvar']]['extra_'.$row['fvar']] = $fval;
  2163. } else {
  2164. $extra_data['extra_'.$row['fvar']] = $fval;
  2165. }
  2166. } else {
  2167. if ($row['type'] == self::USER_FIELD_TYPE_RADIO) {
  2168. $extra_data['extra_'.$row['fvar']]['extra_'.$row['fvar']] = $fval;
  2169. } else {
  2170. $extra_data[$row['fvar']] = $fval;
  2171. }
  2172. }
  2173. }
  2174. }
  2175. }
  2176. return $extra_data;
  2177. }
  2178. /** Get extra user data by field
  2179. * @param int user ID
  2180. * @param string the internal variable name of the field
  2181. * @return array with extra data info of a user i.e array('field_variable'=>'value');
  2182. */
  2183. public static function get_extra_user_data_by_field(
  2184. $user_id,
  2185. $field_variable,
  2186. $prefix = false,
  2187. $all_visibility = true,
  2188. $splitmultiple = false
  2189. ) {
  2190. // A sanity check.
  2191. if (empty($user_id)) {
  2192. $user_id = 0;
  2193. } else {
  2194. if ($user_id != strval(intval($user_id)))
  2195. return array();
  2196. }
  2197. $extra_data = array();
  2198. $t_uf = Database::get_main_table(TABLE_EXTRA_FIELD);
  2199. $t_ufv = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
  2200. $user_id = intval($user_id);
  2201. $sql = "SELECT f.id as id, f.variable as fvar, f.field_type as type
  2202. FROM $t_uf f
  2203. WHERE f.variable = '$field_variable' ";
  2204. if (!$all_visibility) {
  2205. $sql .= " AND f.visible_to_self = 1 ";
  2206. }
  2207. $sql .= " AND extra_field_type = ".EntityExtraField::USER_FIELD_TYPE;
  2208. $sql .= " ORDER BY f.field_order";
  2209. $res = Database::query($sql);
  2210. if (Database::num_rows($res) > 0) {
  2211. while ($row = Database::fetch_array($res)) {
  2212. $sqlu = "SELECT value as fval FROM $t_ufv v INNER JOIN $t_uf f
  2213. ON (v.field_id = f.id)
  2214. WHERE
  2215. extra_field_type = ".EntityExtraField::USER_FIELD_TYPE." AND
  2216. field_id = ".$row['id']." AND
  2217. item_id = ".$user_id;
  2218. $resu = Database::query($sqlu);
  2219. $fval = '';
  2220. if (Database::num_rows($resu) > 0) {
  2221. $rowu = Database::fetch_array($resu);
  2222. $fval = $rowu['fval'];
  2223. if ($row['type'] == self::USER_FIELD_TYPE_SELECT_MULTIPLE) {
  2224. $fval = explode(';', $rowu['fval']);
  2225. }
  2226. }
  2227. if ($prefix) {
  2228. $extra_data['extra_'.$row['fvar']] = $fval;
  2229. } else {
  2230. $extra_data[$row['fvar']] = $fval;
  2231. }
  2232. }
  2233. }
  2234. return $extra_data;
  2235. }
  2236. /**
  2237. * Get the extra field information for a certain field (the options as well)
  2238. * @param int $variable The name of the field we want to know everything about
  2239. * @return array Array containing all the information about the extra profile field
  2240. * (first level of array contains field details, then 'options' sub-array contains options details,
  2241. * as returned by the database)
  2242. * @author Julio Montoya
  2243. * @since v1.8.6
  2244. */
  2245. public static function get_extra_field_information_by_name($variable)
  2246. {
  2247. $extraField = new ExtraField('user');
  2248. return $extraField->get_handler_field_info_by_field_variable($variable);
  2249. }
  2250. /**
  2251. * Get the extra field information for user tag (the options as well)
  2252. * @param int $variable The name of the field we want to know everything about
  2253. * @return array Array containing all the information about the extra profile field
  2254. * (first level of array contains field details, then 'options' sub-array contains options details,
  2255. * as returned by the database)
  2256. * @author José Loguercio
  2257. * @since v1.11.0
  2258. */
  2259. public static function get_extra_field_tags_information_by_name($variable)
  2260. {
  2261. $extraField = new ExtraField('user');
  2262. return $extraField->get_handler_field_info_by_tags($variable);
  2263. }
  2264. /**
  2265. * @param string $type
  2266. *
  2267. * @return array
  2268. */
  2269. public static function get_all_extra_field_by_type($type)
  2270. {
  2271. $extraField = new ExtraField('user');
  2272. return $extraField->get_all_extra_field_by_type($type);
  2273. }
  2274. /**
  2275. * Get all the extra field information of a certain field (also the options)
  2276. *
  2277. * @param int $fieldId the ID of the field we want to know everything of
  2278. * @return array $return containing all th information about the extra profile field
  2279. * @author Julio Montoya
  2280. * @deprecated
  2281. * @since v1.8.6
  2282. */
  2283. public static function get_extra_field_information($fieldId)
  2284. {
  2285. $extraField = new ExtraField('user');
  2286. return $extraField->getFieldInfoByFieldId($fieldId);
  2287. }
  2288. /**
  2289. * Get extra user data by value
  2290. * @param string $variable the internal variable name of the field
  2291. * @param string $value the internal value of the field
  2292. * @param bool $all_visibility
  2293. *
  2294. * @return array with extra data info of a user i.e array('field_variable'=>'value');
  2295. */
  2296. public static function get_extra_user_data_by_value($variable, $value, $all_visibility = true)
  2297. {
  2298. $extraFieldValue = new ExtraFieldValue('user');
  2299. $extraField = new ExtraField('user');
  2300. $info = $extraField->get_handler_field_info_by_field_variable($variable);
  2301. if (false === $info) {
  2302. return [];
  2303. }
  2304. $data = $extraFieldValue->get_item_id_from_field_variable_and_field_value(
  2305. $variable,
  2306. $value,
  2307. false,
  2308. false,
  2309. true
  2310. );
  2311. $result = [];
  2312. if (!empty($data)) {
  2313. foreach ($data as $item) {
  2314. $result[] = $item['item_id'];
  2315. }
  2316. }
  2317. return $result;
  2318. }
  2319. /**
  2320. * Get extra user data by tags value
  2321. *
  2322. * @param int $fieldId the ID of the field we want to know everything of
  2323. * @param string $tag the tag name for search
  2324. * @return array with extra data info of a user
  2325. * @author José Loguercio
  2326. * @since v1.11.0
  2327. */
  2328. public static function get_extra_user_data_by_tags($fieldId, $tag)
  2329. {
  2330. $extraField = new ExtraField('user');
  2331. $result = $extraField->getAllUserPerTag($fieldId, $tag);
  2332. $array = [];
  2333. foreach ($result as $index => $user) {
  2334. $array[] = $user['user_id'];
  2335. }
  2336. return $array;
  2337. }
  2338. /**
  2339. * Get extra user data by field variable
  2340. * @param string $variable field variable
  2341. * @return array data
  2342. */
  2343. public static function get_extra_user_data_by_field_variable($variable)
  2344. {
  2345. $extra_information_by_variable = self::get_extra_field_information_by_name($variable);
  2346. $field_id = intval($extra_information_by_variable['id']);
  2347. $extraField = new ExtraFieldValue('user');
  2348. $data = $extraField->getValuesByFieldId($field_id);
  2349. if (!empty($data) > 0) {
  2350. foreach ($data as $row) {
  2351. $user_id = $row['item_id'];
  2352. $data[$user_id] = $row;
  2353. }
  2354. }
  2355. return $data;
  2356. }
  2357. /**
  2358. * Get extra user data tags by field variable
  2359. *
  2360. * @param string $variable field variable
  2361. * @return array
  2362. */
  2363. public static function get_extra_user_data_for_tags($variable)
  2364. {
  2365. $data = self::get_extra_field_tags_information_by_name($variable);
  2366. return $data;
  2367. }
  2368. /**
  2369. * Gives a list of [session_category][session_id] for the current user.
  2370. * @param integer $user_id
  2371. * @param boolean $is_time_over whether to fill the first element or not (to give space for courses out of categories)
  2372. * @param boolean $ignore_visibility_for_admins optional true if limit time from session is over, false otherwise
  2373. * @param boolean $ignoreTimeLimit ignore time start/end
  2374. * @return array list of statuses [session_category][session_id]
  2375. *
  2376. * @todo ensure multiple access urls are managed correctly
  2377. */
  2378. public static function get_sessions_by_category(
  2379. $user_id,
  2380. $is_time_over = true,
  2381. $ignore_visibility_for_admins = false,
  2382. $ignoreTimeLimit = false
  2383. ) {
  2384. if ($user_id != strval(intval($user_id))) {
  2385. return array();
  2386. }
  2387. // Get the list of sessions per user
  2388. $now = new DateTime('now', new DateTimeZone('UTC'));
  2389. $dql = "SELECT DISTINCT
  2390. s.id,
  2391. s.name,
  2392. s.accessStartDate AS access_start_date,
  2393. s.accessEndDate AS access_end_date,
  2394. sc.id AS session_category_id,
  2395. sc.name AS session_category_name,
  2396. sc.dateStart AS session_category_date_start,
  2397. sc.dateEnd AS session_category_date_end,
  2398. s.coachAccessStartDate AS coach_access_start_date,
  2399. s.coachAccessEndDate AS coach_access_end_date
  2400. FROM ChamiloCoreBundle:Session AS s
  2401. INNER JOIN ChamiloCoreBundle:SessionRelCourseRelUser AS scu WITH scu.session = s
  2402. INNER JOIN ChamiloCoreBundle:AccessUrlRelSession AS url WITH url.sessionId = s.id
  2403. LEFT JOIN ChamiloCoreBundle:SessionCategory AS sc WITH s.category = sc
  2404. WHERE (scu.user = :user OR s.generalCoach = :user) AND url.accessUrlId = :url
  2405. ORDER BY sc.name, s.name";
  2406. $dql = Database::getManager()
  2407. ->createQuery($dql)
  2408. ->setParameters(
  2409. ['user' => $user_id, 'url' => api_get_current_access_url_id()]
  2410. )
  2411. ;
  2412. $sessionData = $dql->getResult();
  2413. $categories = [];
  2414. foreach ($sessionData as $row) {
  2415. $session_id = $row['id'];
  2416. $coachList = SessionManager::getCoachesBySession($session_id);
  2417. $categoryStart = $row['session_category_date_start'] ? $row['session_category_date_start']->format('Y-m-d') : '';
  2418. $categoryEnd = $row['session_category_date_end'] ? $row['session_category_date_end']->format('Y-m-d') : '';
  2419. $courseList = self::get_courses_list_by_session(
  2420. $user_id,
  2421. $session_id
  2422. );
  2423. // User portal filters:
  2424. if ($ignoreTimeLimit === false) {
  2425. if ($is_time_over) {
  2426. // History
  2427. if (empty($row['access_end_date'])) {
  2428. continue;
  2429. } else {
  2430. if ($row['access_end_date'] > $now) {
  2431. continue;
  2432. }
  2433. }
  2434. } else {
  2435. // Current user portal
  2436. $isGeneralCoach = SessionManager::user_is_general_coach($user_id, $row['id']);
  2437. $isCoachOfCourse = in_array($user_id, $coachList);
  2438. if (api_is_platform_admin() || $isGeneralCoach || $isCoachOfCourse) {
  2439. // Teachers can access the session depending in the access_coach date
  2440. } else {
  2441. if (isset($row['access_end_date']) &&
  2442. !empty($row['access_end_date'])
  2443. ) {
  2444. if ($row['access_end_date'] <= $now) {
  2445. continue;
  2446. }
  2447. }
  2448. }
  2449. }
  2450. }
  2451. $categories[$row['session_category_id']]['session_category'] = array(
  2452. 'id' => $row['session_category_id'],
  2453. 'name' => $row['session_category_name'],
  2454. 'date_start' => $categoryStart,
  2455. 'date_end' => $categoryEnd
  2456. );
  2457. $visibility = api_get_session_visibility(
  2458. $session_id,
  2459. null,
  2460. $ignore_visibility_for_admins
  2461. );
  2462. if ($visibility != SESSION_VISIBLE) {
  2463. // Course Coach session visibility.
  2464. $blockedCourseCount = 0;
  2465. $closedVisibilityList = array(
  2466. COURSE_VISIBILITY_CLOSED,
  2467. COURSE_VISIBILITY_HIDDEN
  2468. );
  2469. foreach ($courseList as $course) {
  2470. // Checking session visibility
  2471. $sessionCourseVisibility = api_get_session_visibility(
  2472. $session_id,
  2473. $course['real_id'],
  2474. $ignore_visibility_for_admins
  2475. );
  2476. $courseIsVisible = !in_array(
  2477. $course['visibility'],
  2478. $closedVisibilityList
  2479. );
  2480. if ($courseIsVisible === false || $sessionCourseVisibility == SESSION_INVISIBLE) {
  2481. $blockedCourseCount++;
  2482. }
  2483. }
  2484. // If all courses are blocked then no show in the list.
  2485. if ($blockedCourseCount === count($courseList)) {
  2486. $visibility = SESSION_INVISIBLE;
  2487. } else {
  2488. $visibility = $sessionCourseVisibility;
  2489. }
  2490. }
  2491. switch ($visibility) {
  2492. case SESSION_VISIBLE_READ_ONLY:
  2493. case SESSION_VISIBLE:
  2494. case SESSION_AVAILABLE:
  2495. break;
  2496. case SESSION_INVISIBLE:
  2497. if ($ignore_visibility_for_admins === false) {
  2498. continue 2;
  2499. }
  2500. }
  2501. $categories[$row['session_category_id']]['sessions'][$row['id']] = array(
  2502. 'session_name' => $row['name'],
  2503. 'session_id' => $row['id'],
  2504. 'access_start_date' => $row['access_start_date'] ? $row['access_start_date']->format('Y-m-d H:i:s') : null,
  2505. 'access_end_date' => $row['access_end_date'] ? $row['access_end_date']->format('Y-m-d H:i:s') : null,
  2506. 'coach_access_start_date' => $row['coach_access_start_date'] ? $row['coach_access_start_date']->format('Y-m-d H:i:s') : null,
  2507. 'coach_access_end_date' => $row['coach_access_end_date'] ? $row['coach_access_end_date']->format('Y-m-d H:i:s') : null,
  2508. 'courses' => $courseList
  2509. );
  2510. }
  2511. return $categories;
  2512. }
  2513. /**
  2514. * Gives a list of [session_id-course_code] => [status] for the current user.
  2515. * @param integer $user_id
  2516. * @param int $sessionLimit
  2517. * @return array list of statuses (session_id-course_code => status)
  2518. */
  2519. public static function get_personal_session_course_list($user_id, $sessionLimit = null)
  2520. {
  2521. // Database Table Definitions
  2522. $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
  2523. $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
  2524. $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
  2525. $tbl_session_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
  2526. $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  2527. $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  2528. if ($user_id != strval(intval($user_id))) {
  2529. return array();
  2530. }
  2531. // We filter the courses from the URL
  2532. $join_access_url = $where_access_url = '';
  2533. if (api_get_multiple_access_url()) {
  2534. $access_url_id = api_get_current_access_url_id();
  2535. if ($access_url_id != -1) {
  2536. $tbl_url_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
  2537. $join_access_url = "LEFT JOIN $tbl_url_course url_rel_course ON url_rel_course.c_id = course.id";
  2538. $where_access_url = " AND access_url_id = $access_url_id ";
  2539. }
  2540. }
  2541. // Courses in which we subscribed out of any session
  2542. $tbl_user_course_category = Database::get_main_table(TABLE_USER_COURSE_CATEGORY);
  2543. $sql = "SELECT
  2544. course.code,
  2545. course_rel_user.status course_rel_status,
  2546. course_rel_user.sort sort,
  2547. course_rel_user.user_course_cat user_course_cat
  2548. FROM $tbl_course_user course_rel_user
  2549. LEFT JOIN $tbl_course course
  2550. ON course.id = course_rel_user.c_id
  2551. LEFT JOIN $tbl_user_course_category user_course_category
  2552. ON course_rel_user.user_course_cat = user_course_category.id
  2553. $join_access_url
  2554. WHERE
  2555. course_rel_user.user_id = '".$user_id."' AND
  2556. course_rel_user.relation_type <> ".COURSE_RELATION_TYPE_RRHH."
  2557. $where_access_url
  2558. ORDER BY user_course_category.sort, course_rel_user.sort, course.title ASC";
  2559. $course_list_sql_result = Database::query($sql);
  2560. $personal_course_list = array();
  2561. if (Database::num_rows($course_list_sql_result) > 0) {
  2562. while ($result_row = Database::fetch_array($course_list_sql_result, 'ASSOC')) {
  2563. $course_info = api_get_course_info($result_row['code']);
  2564. $result_row['course_info'] = $course_info;
  2565. $personal_course_list[] = $result_row;
  2566. }
  2567. }
  2568. $coachCourseConditions = null;
  2569. // Getting sessions that are related to a coach in the session_rel_course_rel_user table
  2570. if (api_is_allowed_to_create_course()) {
  2571. $sessionListFromCourseCoach = array();
  2572. $sql = " SELECT DISTINCT session_id
  2573. FROM $tbl_session_course_user
  2574. WHERE user_id = $user_id AND status = 2 ";
  2575. $result = Database::query($sql);
  2576. if (Database::num_rows($result)) {
  2577. $result = Database::store_result($result);
  2578. foreach ($result as $session) {
  2579. $sessionListFromCourseCoach[] = $session['session_id'];
  2580. }
  2581. }
  2582. if (!empty($sessionListFromCourseCoach)) {
  2583. $condition = implode("','", $sessionListFromCourseCoach);
  2584. $coachCourseConditions = " OR ( s.id IN ('$condition'))";
  2585. }
  2586. }
  2587. // Get the list of sessions where the user is subscribed
  2588. // This is divided into two different queries
  2589. $sessions = array();
  2590. $sessionLimitRestriction = '';
  2591. if (!empty($sessionLimit)) {
  2592. $sessionLimit = (int) $sessionLimit;
  2593. $sessionLimitRestriction = "LIMIT $sessionLimit";
  2594. }
  2595. $sql = "SELECT DISTINCT s.id, name, access_start_date, access_end_date
  2596. FROM $tbl_session_user su INNER JOIN $tbl_session s
  2597. ON (s.id = su.session_id)
  2598. WHERE (
  2599. su.user_id = $user_id AND
  2600. su.relation_type <> ".SESSION_RELATION_TYPE_RRHH."
  2601. )
  2602. $coachCourseConditions
  2603. ORDER BY access_start_date, access_end_date, name
  2604. $sessionLimitRestriction
  2605. ";
  2606. $result = Database::query($sql);
  2607. if (Database::num_rows($result) > 0) {
  2608. while ($row = Database::fetch_assoc($result)) {
  2609. $sessions[$row['id']] = $row;
  2610. }
  2611. }
  2612. $sql = "SELECT DISTINCT
  2613. id, name, access_start_date, access_end_date
  2614. FROM $tbl_session s
  2615. WHERE (
  2616. id_coach = $user_id
  2617. )
  2618. $coachCourseConditions
  2619. ORDER BY access_start_date, access_end_date, name";
  2620. $result = Database::query($sql);
  2621. if (Database::num_rows($result) > 0) {
  2622. while ($row = Database::fetch_assoc($result)) {
  2623. if (empty($sessions[$row['id']])) {
  2624. $sessions[$row['id']] = $row;
  2625. }
  2626. }
  2627. }
  2628. if (api_is_allowed_to_create_course()) {
  2629. foreach ($sessions as $enreg) {
  2630. $session_id = $enreg['id'];
  2631. $session_visibility = api_get_session_visibility($session_id);
  2632. if ($session_visibility == SESSION_INVISIBLE) {
  2633. continue;
  2634. }
  2635. // This query is horribly slow when more than a few thousand
  2636. // users and just a few sessions to which they are subscribed
  2637. $sql = "SELECT DISTINCT
  2638. course.code code,
  2639. course.title i,
  2640. ".(api_is_western_name_order() ? "CONCAT(user.firstname,' ',user.lastname)" : "CONCAT(user.lastname,' ',user.firstname)")." t,
  2641. email, course.course_language l,
  2642. 1 sort,
  2643. category_code user_course_cat,
  2644. access_start_date,
  2645. access_end_date,
  2646. session.id as session_id,
  2647. session.name as session_name
  2648. FROM $tbl_session_course_user as session_course_user
  2649. INNER JOIN $tbl_course AS course
  2650. ON course.id = session_course_user.c_id
  2651. INNER JOIN $tbl_session as session
  2652. ON session.id = session_course_user.session_id
  2653. LEFT JOIN $tbl_user as user
  2654. ON user.id = session_course_user.user_id OR session.id_coach = user.id
  2655. WHERE
  2656. session_course_user.session_id = $session_id AND (
  2657. (session_course_user.user_id = $user_id AND session_course_user.status = 2)
  2658. OR session.id_coach = $user_id
  2659. )
  2660. ORDER BY i";
  2661. $course_list_sql_result = Database::query($sql);
  2662. while ($result_row = Database::fetch_array($course_list_sql_result, 'ASSOC')) {
  2663. $result_row['course_info'] = api_get_course_info($result_row['code']);
  2664. $key = $result_row['session_id'].' - '.$result_row['code'];
  2665. $personal_course_list[$key] = $result_row;
  2666. }
  2667. }
  2668. }
  2669. foreach ($sessions as $enreg) {
  2670. $session_id = $enreg['id'];
  2671. $session_visibility = api_get_session_visibility($session_id);
  2672. if ($session_visibility == SESSION_INVISIBLE) {
  2673. continue;
  2674. }
  2675. /* This query is very similar to the above query,
  2676. but it will check the session_rel_course_user table if there are courses registered to our user or not */
  2677. $sql = "SELECT DISTINCT
  2678. course.code code,
  2679. course.title i, CONCAT(user.lastname,' ',user.firstname) t,
  2680. email,
  2681. course.course_language l,
  2682. 1 sort,
  2683. category_code user_course_cat,
  2684. access_start_date,
  2685. access_end_date,
  2686. session.id as session_id,
  2687. session.name as session_name,
  2688. IF((session_course_user.user_id = 3 AND session_course_user.status=2),'2', '5')
  2689. FROM $tbl_session_course_user as session_course_user
  2690. INNER JOIN $tbl_course AS course
  2691. ON course.id = session_course_user.c_id AND session_course_user.session_id = $session_id
  2692. INNER JOIN $tbl_session as session
  2693. ON session_course_user.session_id = session.id
  2694. LEFT JOIN $tbl_user as user ON user.id = session_course_user.user_id
  2695. WHERE session_course_user.user_id = $user_id
  2696. ORDER BY i";
  2697. $course_list_sql_result = Database::query($sql);
  2698. while ($result_row = Database::fetch_array($course_list_sql_result, 'ASSOC')) {
  2699. $result_row['course_info'] = api_get_course_info($result_row['code']);
  2700. $key = $result_row['session_id'].' - '.$result_row['code'];
  2701. if (!isset($personal_course_list[$key])) {
  2702. $personal_course_list[$key] = $result_row;
  2703. }
  2704. }
  2705. }
  2706. return $personal_course_list;
  2707. }
  2708. /**
  2709. * Gives a list of courses for the given user in the given session
  2710. * @param integer $user_id
  2711. * @param integer $session_id
  2712. * @return array list of statuses (session_id-course_code => status)
  2713. */
  2714. public static function get_courses_list_by_session($user_id, $session_id)
  2715. {
  2716. // Database Table Definitions
  2717. $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
  2718. $tableCourse = Database::get_main_table(TABLE_MAIN_COURSE);
  2719. $tbl_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  2720. $tbl_session_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
  2721. $user_id = intval($user_id);
  2722. $session_id = intval($session_id);
  2723. //we filter the courses from the URL
  2724. $join_access_url = $where_access_url = '';
  2725. if (api_get_multiple_access_url()) {
  2726. $urlId = api_get_current_access_url_id();
  2727. if ($urlId != -1) {
  2728. $tbl_url_session = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
  2729. $join_access_url = " , $tbl_url_session url_rel_session ";
  2730. $where_access_url = " AND access_url_id = $urlId AND url_rel_session.session_id = $session_id ";
  2731. }
  2732. }
  2733. /* This query is very similar to the query below, but it will check the
  2734. session_rel_course_user table if there are courses registered
  2735. to our user or not */
  2736. $sql = "SELECT DISTINCT
  2737. c.visibility,
  2738. c.id as real_id,
  2739. c.code as course_code,
  2740. sc.position
  2741. FROM $tbl_session_course_user as scu
  2742. INNER JOIN $tbl_session_course sc
  2743. ON (scu.session_id = sc.session_id AND scu.c_id = sc.c_id)
  2744. INNER JOIN $tableCourse as c
  2745. ON (scu.c_id = c.id)
  2746. $join_access_url
  2747. WHERE
  2748. scu.user_id = $user_id AND
  2749. scu.session_id = $session_id
  2750. $where_access_url
  2751. ORDER BY sc.position ASC, c.id";
  2752. $personal_course_list = array();
  2753. $courses = array();
  2754. $result = Database::query($sql);
  2755. if (Database::num_rows($result) > 0) {
  2756. while ($result_row = Database::fetch_array($result, 'ASSOC')) {
  2757. $result_row['status'] = 5;
  2758. if (!in_array($result_row['real_id'], $courses)) {
  2759. $personal_course_list[] = $result_row;
  2760. $courses[] = $result_row['real_id'];
  2761. }
  2762. }
  2763. }
  2764. if (api_is_allowed_to_create_course()) {
  2765. $sql = "SELECT DISTINCT
  2766. c.visibility,
  2767. c.id as real_id,
  2768. c.code as course_code,
  2769. sc.position
  2770. FROM $tbl_session_course_user as scu
  2771. INNER JOIN $tbl_session as s
  2772. ON (scu.session_id = s.id)
  2773. INNER JOIN $tbl_session_course sc
  2774. ON (scu.session_id = sc.session_id AND scu.c_id = sc.c_id)
  2775. INNER JOIN $tableCourse as c
  2776. ON (scu.c_id = c.id)
  2777. $join_access_url
  2778. WHERE
  2779. s.id = $session_id AND
  2780. (
  2781. (scu.user_id = $user_id AND scu.status = 2) OR
  2782. s.id_coach = $user_id
  2783. )
  2784. $where_access_url
  2785. ORDER BY sc.position ASC";
  2786. $result = Database::query($sql);
  2787. if (Database::num_rows($result) > 0) {
  2788. while ($result_row = Database::fetch_array($result, 'ASSOC')) {
  2789. $result_row['status'] = 2;
  2790. if (!in_array($result_row['real_id'], $courses)) {
  2791. $personal_course_list[] = $result_row;
  2792. $courses[] = $result_row['real_id'];
  2793. }
  2794. }
  2795. }
  2796. }
  2797. if (api_is_drh()) {
  2798. $sessionList = SessionManager::get_sessions_followed_by_drh($user_id);
  2799. $sessionList = array_keys($sessionList);
  2800. if (in_array($session_id, $sessionList)) {
  2801. $courseList = SessionManager::get_course_list_by_session_id($session_id);
  2802. if (!empty($courseList)) {
  2803. foreach ($courseList as $course) {
  2804. if (!in_array($course['id'], $courses)) {
  2805. $personal_course_list[] = $course;
  2806. }
  2807. }
  2808. }
  2809. }
  2810. } else {
  2811. //check if user is general coach for this session
  2812. $sessionInfo = api_get_session_info($session_id);
  2813. if ($sessionInfo['id_coach'] == $user_id) {
  2814. $courseList = SessionManager::get_course_list_by_session_id($session_id);
  2815. if (!empty($courseList)) {
  2816. foreach ($courseList as $course) {
  2817. if (!in_array($course['id'], $courses)) {
  2818. $personal_course_list[] = $course;
  2819. }
  2820. }
  2821. }
  2822. }
  2823. }
  2824. return $personal_course_list;
  2825. }
  2826. /**
  2827. * Get user id from a username
  2828. * @param string $username
  2829. * @return int User ID (or false if not found)
  2830. */
  2831. public static function get_user_id_from_username($username)
  2832. {
  2833. if (empty($username)) {
  2834. return false;
  2835. }
  2836. $username = trim($username);
  2837. $username = Database::escape_string($username);
  2838. $t_user = Database::get_main_table(TABLE_MAIN_USER);
  2839. $sql = "SELECT id FROM $t_user WHERE username = '$username'";
  2840. $res = Database::query($sql);
  2841. if ($res === false) {
  2842. return false;
  2843. }
  2844. if (Database::num_rows($res) !== 1) {
  2845. return false;
  2846. }
  2847. $row = Database::fetch_array($res);
  2848. return $row['id'];
  2849. }
  2850. /**
  2851. * Get the users files upload from his share_folder
  2852. * @param string $user_id User ID
  2853. * @param string $course course directory
  2854. * @param string $resourcetype resourcetype: images, all
  2855. * @return int User ID (or false if not found)
  2856. */
  2857. public static function get_user_upload_files_by_course($user_id, $course, $resourcetype = 'all')
  2858. {
  2859. $return = '';
  2860. if (!empty($user_id) && !empty($course)) {
  2861. $user_id = intval($user_id);
  2862. $path = api_get_path(SYS_COURSE_PATH).$course.'/document/shared_folder/sf_user_'.$user_id.'/';
  2863. $web_path = api_get_path(WEB_COURSE_PATH).$course.'/document/shared_folder/sf_user_'.$user_id.'/';
  2864. $file_list = array();
  2865. if (is_dir($path)) {
  2866. $handle = opendir($path);
  2867. while ($file = readdir($handle)) {
  2868. if ($file == '.' || $file == '..' || $file == '.htaccess' || is_dir($path.$file)) {
  2869. continue; // skip current/parent directory and .htaccess
  2870. }
  2871. $file_list[] = $file;
  2872. }
  2873. if (count($file_list) > 0) {
  2874. $return = "<h4>$course</h4>";
  2875. $return .= '<ul class="thumbnails">';
  2876. }
  2877. $extensionList = ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'tif'];
  2878. foreach ($file_list as $file) {
  2879. if ($resourcetype == "all") {
  2880. $return .= '<li><a href="'.$web_path.urlencode($file).'" target="_blank">'.htmlentities($file).'</a></li>';
  2881. } elseif ($resourcetype == "images") {
  2882. //get extension
  2883. $ext = explode('.', $file);
  2884. if (isset($ext[1]) && in_array($ext[1], $extensionList)) {
  2885. $return .= '<li class="span2">
  2886. <a class="thumbnail" href="'.$web_path.urlencode($file).'" target="_blank">
  2887. <img src="'.$web_path.urlencode($file).'" >
  2888. </a>
  2889. </li>';
  2890. }
  2891. }
  2892. }
  2893. if (count($file_list) > 0) {
  2894. $return .= '</ul>';
  2895. }
  2896. }
  2897. }
  2898. return $return;
  2899. }
  2900. /**
  2901. * Gets the API key (or keys) and return them into an array
  2902. * @param int Optional user id (defaults to the result of api_get_user_id())
  2903. * @return array Non-indexed array containing the list of API keys for this user, or FALSE on error
  2904. */
  2905. public static function get_api_keys($user_id = null, $api_service = 'dokeos')
  2906. {
  2907. if ($user_id != strval(intval($user_id)))
  2908. return false;
  2909. if (empty($user_id)) {
  2910. $user_id = api_get_user_id();
  2911. }
  2912. if ($user_id === false)
  2913. return false;
  2914. $service_name = Database::escape_string($api_service);
  2915. if (is_string($service_name) === false) {
  2916. return false;
  2917. }
  2918. $t_api = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
  2919. $sql = "SELECT * FROM $t_api WHERE user_id = $user_id AND api_service='$api_service';";
  2920. $res = Database::query($sql);
  2921. if ($res === false)
  2922. return false; //error during query
  2923. $num = Database::num_rows($res);
  2924. if ($num == 0)
  2925. return false;
  2926. $list = array();
  2927. while ($row = Database::fetch_array($res)) {
  2928. $list[$row['id']] = $row['api_key'];
  2929. }
  2930. return $list;
  2931. }
  2932. /**
  2933. * Adds a new API key to the users' account
  2934. * @param int Optional user ID (defaults to the results of api_get_user_id())
  2935. * @return boolean True on success, false on failure
  2936. */
  2937. public static function add_api_key($user_id = null, $api_service = 'dokeos')
  2938. {
  2939. if ($user_id != strval(intval($user_id)))
  2940. return false;
  2941. if (empty($user_id)) {
  2942. $user_id = api_get_user_id();
  2943. }
  2944. if ($user_id === false)
  2945. return false;
  2946. $service_name = Database::escape_string($api_service);
  2947. if (is_string($service_name) === false) {
  2948. return false;
  2949. }
  2950. $t_api = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
  2951. $md5 = md5((time() + ($user_id * 5)) - rand(10000, 10000)); //generate some kind of random key
  2952. $sql = "INSERT INTO $t_api (user_id, api_key,api_service) VALUES ($user_id,'$md5','$service_name')";
  2953. $res = Database::query($sql);
  2954. if ($res === false)
  2955. return false; //error during query
  2956. $num = Database::insert_id();
  2957. return ($num == 0) ? false : $num;
  2958. }
  2959. /**
  2960. * Deletes an API key from the user's account
  2961. * @param int API key's internal ID
  2962. * @return boolean True on success, false on failure
  2963. */
  2964. public static function delete_api_key($key_id)
  2965. {
  2966. if ($key_id != strval(intval($key_id)))
  2967. return false;
  2968. if ($key_id === false)
  2969. return false;
  2970. $t_api = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
  2971. $sql = "SELECT * FROM $t_api WHERE id = ".$key_id;
  2972. $res = Database::query($sql);
  2973. if ($res === false)
  2974. return false; //error during query
  2975. $num = Database::num_rows($res);
  2976. if ($num !== 1)
  2977. return false;
  2978. $sql = "DELETE FROM $t_api WHERE id = ".$key_id;
  2979. $res = Database::query($sql);
  2980. if ($res === false)
  2981. return false; //error during query
  2982. return true;
  2983. }
  2984. /**
  2985. * Regenerate an API key from the user's account
  2986. * @param int user ID (defaults to the results of api_get_user_id())
  2987. * @param string API key's internal ID
  2988. * @return int num
  2989. */
  2990. public static function update_api_key($user_id, $api_service)
  2991. {
  2992. if ($user_id != strval(intval($user_id)))
  2993. return false;
  2994. if ($user_id === false)
  2995. return false;
  2996. $service_name = Database::escape_string($api_service);
  2997. if (is_string($service_name) === false) {
  2998. return false;
  2999. }
  3000. $t_api = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
  3001. $sql = "SELECT id FROM $t_api WHERE user_id=".$user_id." AND api_service='".$api_service."'";
  3002. $res = Database::query($sql);
  3003. $num = Database::num_rows($res);
  3004. if ($num == 1) {
  3005. $id_key = Database::fetch_array($res, 'ASSOC');
  3006. self::delete_api_key($id_key['id']);
  3007. $num = self::add_api_key($user_id, $api_service);
  3008. } elseif ($num == 0) {
  3009. $num = self::add_api_key($user_id, $api_service);
  3010. }
  3011. return $num;
  3012. }
  3013. /**
  3014. * @param int user ID (defaults to the results of api_get_user_id())
  3015. * @param string API key's internal ID
  3016. * @return int row ID, or return false if not found
  3017. */
  3018. public static function get_api_key_id($user_id, $api_service)
  3019. {
  3020. if ($user_id != strval(intval($user_id)))
  3021. return false;
  3022. if ($user_id === false)
  3023. return false;
  3024. if (empty($api_service))
  3025. return false;
  3026. $t_api = Database::get_main_table(TABLE_MAIN_USER_API_KEY);
  3027. $api_service = Database::escape_string($api_service);
  3028. $sql = "SELECT id FROM $t_api WHERE user_id=".$user_id." AND api_service='".$api_service."'";
  3029. $res = Database::query($sql);
  3030. if (Database::num_rows($res) < 1) {
  3031. return false;
  3032. }
  3033. $row = Database::fetch_array($res, 'ASSOC');
  3034. return $row['id'];
  3035. }
  3036. /**
  3037. * Checks if a user_id is platform admin
  3038. * @param int user ID
  3039. * @return boolean True if is admin, false otherwise
  3040. * @see main_api.lib.php::api_is_platform_admin() for a context-based check
  3041. */
  3042. public static function is_admin($user_id)
  3043. {
  3044. if (empty($user_id) || $user_id != strval(intval($user_id))) {
  3045. return false;
  3046. }
  3047. $admin_table = Database::get_main_table(TABLE_MAIN_ADMIN);
  3048. $sql = "SELECT * FROM $admin_table WHERE user_id = $user_id";
  3049. $res = Database::query($sql);
  3050. return Database::num_rows($res) === 1;
  3051. }
  3052. /**
  3053. * Get the total count of users
  3054. * @param int Status of users to be counted
  3055. * @param int Access URL ID (optional)
  3056. * @return mixed Number of users or false on error
  3057. */
  3058. public static function get_number_of_users($status = 0, $access_url_id = 1)
  3059. {
  3060. $t_u = Database::get_main_table(TABLE_MAIN_USER);
  3061. $t_a = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  3062. $sql = "SELECT count(u.id)
  3063. FROM $t_u u
  3064. INNER JOIN $t_a url_user
  3065. ON (u.id = url_user.user_id)
  3066. WHERE url_user.access_url_id = $access_url_id
  3067. ";
  3068. if (is_int($status) && $status > 0) {
  3069. $sql .= " AND u.status = $status ";
  3070. }
  3071. $res = Database::query($sql);
  3072. if (Database::num_rows($res) === 1) {
  3073. return (int) Database::result($res, 0, 0);
  3074. }
  3075. return false;
  3076. }
  3077. /**
  3078. * @author Isaac flores <isaac.flores@dokeos.com>
  3079. * @param string The email administrator
  3080. * @param integer The user id
  3081. * @param string The message title
  3082. * @param string The content message
  3083. */
  3084. public static function send_message_in_outbox($email_administrator, $user_id, $title, $content)
  3085. {
  3086. $table_message = Database::get_main_table(TABLE_MESSAGE);
  3087. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  3088. $title = api_utf8_decode($title);
  3089. $content = api_utf8_decode($content);
  3090. $email_administrator = Database::escape_string($email_administrator);
  3091. //message in inbox
  3092. $sql_message_outbox = 'SELECT id from '.$table_user.' WHERE email="'.$email_administrator.'" ';
  3093. //$num_row_query = Database::num_rows($sql_message_outbox);
  3094. $res_message_outbox = Database::query($sql_message_outbox);
  3095. $array_users_administrator = array();
  3096. while ($row_message_outbox = Database::fetch_array($res_message_outbox, 'ASSOC')) {
  3097. $array_users_administrator[] = $row_message_outbox['id'];
  3098. }
  3099. //allow to insert messages in outbox
  3100. for ($i = 0; $i < count($array_users_administrator); $i++) {
  3101. $sql_insert_outbox = "INSERT INTO $table_message(user_sender_id, user_receiver_id, msg_status, send_date, title, content ) ".
  3102. " VALUES (".
  3103. "'".(int) $user_id."', '".(int) ($array_users_administrator[$i])."', '4', '".api_get_utc_datetime()."','".Database::escape_string($title)."','".Database::escape_string($content)."'".
  3104. ")";
  3105. Database::query($sql_insert_outbox);
  3106. }
  3107. }
  3108. /**
  3109. *
  3110. * Gets the tags of a specific field_id
  3111. * USER TAGS
  3112. *
  3113. * Instructions to create a new user tag by Julio Montoya <gugli100@gmail.com>
  3114. *
  3115. * 1. Create a new extra field in main/admin/user_fields.php with the "TAG" field type make it available and visible.
  3116. * Called it "books" for example.
  3117. * 2. Go to profile main/auth/profile.php There you will see a special input (facebook style) that will show suggestions of tags.
  3118. * 3. All the tags are registered in the user_tag table and the relationship between user and tags is in the user_rel_tag table
  3119. * 4. Tags are independent this means that tags can't be shared between tags + book + hobbies.
  3120. * 5. Test and enjoy.
  3121. *
  3122. * @param string $tag
  3123. * @param int $field_id field_id
  3124. * @param string $return_format how we are going to result value in array or in a string (json)
  3125. * @param $limit
  3126. *
  3127. * @return mixed
  3128. *
  3129. */
  3130. public static function get_tags($tag, $field_id, $return_format = 'json', $limit = 10)
  3131. {
  3132. // database table definition
  3133. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3134. $field_id = intval($field_id);
  3135. $limit = intval($limit);
  3136. $tag = trim(Database::escape_string($tag));
  3137. // all the information of the field
  3138. $sql = "SELECT DISTINCT id, tag from $table_user_tag
  3139. WHERE field_id = $field_id AND tag LIKE '$tag%' ORDER BY tag LIMIT $limit";
  3140. $result = Database::query($sql);
  3141. $return = array();
  3142. if (Database::num_rows($result) > 0) {
  3143. while ($row = Database::fetch_array($result, 'ASSOC')) {
  3144. $return[] = array('key' => $row['tag'], 'value' => $row['tag']);
  3145. }
  3146. }
  3147. if ($return_format === 'json') {
  3148. $return = json_encode($return);
  3149. }
  3150. return $return;
  3151. }
  3152. /**
  3153. * @param int $field_id
  3154. * @param int $limit
  3155. *
  3156. * @return array
  3157. */
  3158. public static function get_top_tags($field_id, $limit = 100)
  3159. {
  3160. // database table definition
  3161. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3162. $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
  3163. $field_id = intval($field_id);
  3164. $limit = intval($limit);
  3165. // all the information of the field
  3166. $sql = "SELECT count(*) count, tag FROM $table_user_tag_values uv
  3167. INNER JOIN $table_user_tag ut
  3168. ON(ut.id = uv.tag_id)
  3169. WHERE field_id = $field_id
  3170. GROUP BY tag_id
  3171. ORDER BY count DESC
  3172. LIMIT $limit";
  3173. $result = Database::query($sql);
  3174. $return = array();
  3175. if (Database::num_rows($result) > 0) {
  3176. while ($row = Database::fetch_array($result, 'ASSOC')) {
  3177. $return[] = $row;
  3178. }
  3179. }
  3180. return $return;
  3181. }
  3182. /**
  3183. * Get user's tags
  3184. * @param int $user_id
  3185. * @param int $field_id
  3186. *
  3187. * @return array
  3188. */
  3189. public static function get_user_tags($user_id, $field_id)
  3190. {
  3191. // database table definition
  3192. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3193. $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
  3194. $field_id = intval($field_id);
  3195. $user_id = intval($user_id);
  3196. // all the information of the field
  3197. $sql = "SELECT ut.id, tag, count
  3198. FROM $table_user_tag ut
  3199. INNER JOIN $table_user_tag_values uv
  3200. ON (uv.tag_id=ut.ID)
  3201. WHERE field_id = $field_id AND user_id = $user_id
  3202. ORDER BY tag";
  3203. $result = Database::query($sql);
  3204. $return = array();
  3205. if (Database::num_rows($result) > 0) {
  3206. while ($row = Database::fetch_array($result, 'ASSOC')) {
  3207. $return[$row['id']] = array('tag' => $row['tag'], 'count' => $row['count']);
  3208. }
  3209. }
  3210. return $return;
  3211. }
  3212. /**
  3213. * Get user's tags
  3214. * @param int $user_id
  3215. * @param int $field_id
  3216. * @param bool $show_links show links or not
  3217. *
  3218. * @return array
  3219. */
  3220. public static function get_user_tags_to_string($user_id, $field_id, $show_links = true)
  3221. {
  3222. // database table definition
  3223. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3224. $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
  3225. $field_id = intval($field_id);
  3226. $user_id = intval($user_id);
  3227. // all the information of the field
  3228. $sql = "SELECT ut.id, tag,count FROM $table_user_tag ut
  3229. INNER JOIN $table_user_tag_values uv
  3230. ON (uv.tag_id = ut.id)
  3231. WHERE field_id = $field_id AND user_id = $user_id
  3232. ORDER BY tag";
  3233. $result = Database::query($sql);
  3234. $return = array();
  3235. if (Database::num_rows($result) > 0) {
  3236. while ($row = Database::fetch_array($result, 'ASSOC')) {
  3237. $return[$row['id']] = array('tag' => $row['tag'], 'count' => $row['count']);
  3238. }
  3239. }
  3240. $user_tags = $return;
  3241. $tag_tmp = array();
  3242. foreach ($user_tags as $tag) {
  3243. if ($show_links) {
  3244. $tag_tmp[] = '<a href="'.api_get_path(WEB_PATH).'main/search/index.php?q='.$tag['tag'].'">'.$tag['tag'].'</a>';
  3245. } else {
  3246. $tag_tmp[] = $tag['tag'];
  3247. }
  3248. }
  3249. if (is_array($user_tags) && count($user_tags) > 0) {
  3250. $return = implode(', ', $tag_tmp);
  3251. } else {
  3252. return '';
  3253. }
  3254. return $return;
  3255. }
  3256. /**
  3257. * Get the tag id
  3258. * @param int $tag
  3259. * @param int $field_id
  3260. * @return int returns 0 if fails otherwise the tag id
  3261. */
  3262. public static function get_tag_id($tag, $field_id)
  3263. {
  3264. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3265. $tag = Database::escape_string($tag);
  3266. $field_id = intval($field_id);
  3267. //with COLLATE latin1_bin to select query in a case sensitive mode
  3268. $sql = "SELECT id FROM $table_user_tag
  3269. WHERE tag LIKE '$tag' AND field_id = $field_id";
  3270. $result = Database::query($sql);
  3271. if (Database::num_rows($result) > 0) {
  3272. $row = Database::fetch_array($result, 'ASSOC');
  3273. return $row['id'];
  3274. } else {
  3275. return 0;
  3276. }
  3277. }
  3278. /**
  3279. * Get the tag id
  3280. * @param int $tag_id
  3281. * @param int $field_id
  3282. *
  3283. * @return int 0 if fails otherwise the tag id
  3284. */
  3285. public static function get_tag_id_from_id($tag_id, $field_id)
  3286. {
  3287. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3288. $tag_id = intval($tag_id);
  3289. $field_id = intval($field_id);
  3290. $sql = "SELECT id FROM $table_user_tag
  3291. WHERE id = '$tag_id' AND field_id = $field_id";
  3292. $result = Database::query($sql);
  3293. if (Database::num_rows($result) > 0) {
  3294. $row = Database::fetch_array($result, 'ASSOC');
  3295. return $row['id'];
  3296. } else {
  3297. return false;
  3298. }
  3299. }
  3300. /**
  3301. * Adds a user-tag value
  3302. * @param mixed $tag
  3303. * @param int $user_id
  3304. * @param int $field_id field id of the tag
  3305. * @return bool
  3306. */
  3307. public static function add_tag($tag, $user_id, $field_id)
  3308. {
  3309. // database table definition
  3310. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3311. $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
  3312. $tag = trim(Database::escape_string($tag));
  3313. $user_id = intval($user_id);
  3314. $field_id = intval($field_id);
  3315. $tag_id = self::get_tag_id($tag, $field_id);
  3316. /* IMPORTANT
  3317. * @todo we don't create tags with numbers
  3318. *
  3319. */
  3320. if (is_numeric($tag)) {
  3321. //the form is sending an id this means that the user select it from the list so it MUST exists
  3322. /* $new_tag_id = self::get_tag_id_from_id($tag,$field_id);
  3323. if ($new_tag_id !== false) {
  3324. $sql = "UPDATE $table_user_tag SET count = count + 1 WHERE id = $new_tag_id";
  3325. $result = Database::query($sql);
  3326. $last_insert_id = $new_tag_id;
  3327. } else {
  3328. $sql = "INSERT INTO $table_user_tag (tag, field_id,count) VALUES ('$tag','$field_id', count + 1)";
  3329. $result = Database::query($sql);
  3330. $last_insert_id = Database::insert_id();
  3331. } */
  3332. }
  3333. //this is a new tag
  3334. if ($tag_id == 0) {
  3335. //the tag doesn't exist
  3336. $sql = "INSERT INTO $table_user_tag (tag, field_id,count) VALUES ('$tag','$field_id', count + 1)";
  3337. Database::query($sql);
  3338. $last_insert_id = Database::insert_id();
  3339. } else {
  3340. //the tag exists we update it
  3341. $sql = "UPDATE $table_user_tag SET count = count + 1 WHERE id = $tag_id";
  3342. Database::query($sql);
  3343. $last_insert_id = $tag_id;
  3344. }
  3345. if (!empty($last_insert_id) && ($last_insert_id != 0)) {
  3346. //we insert the relationship user-tag
  3347. $sql = "SELECT tag_id FROM $table_user_tag_values
  3348. WHERE user_id = $user_id AND tag_id = $last_insert_id ";
  3349. $result = Database::query($sql);
  3350. //if the relationship does not exist we create it
  3351. if (Database::num_rows($result) == 0) {
  3352. $sql = "INSERT INTO $table_user_tag_values SET user_id = $user_id, tag_id = $last_insert_id";
  3353. Database::query($sql);
  3354. }
  3355. }
  3356. }
  3357. /**
  3358. * Deletes an user tag
  3359. * @param int $user_id
  3360. * @param int $field_id
  3361. *
  3362. */
  3363. public static function delete_user_tags($user_id, $field_id)
  3364. {
  3365. // database table definition
  3366. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3367. $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
  3368. $tags = self::get_user_tags($user_id, $field_id);
  3369. if (is_array($tags) && count($tags) > 0) {
  3370. foreach ($tags as $key => $tag) {
  3371. if ($tag['count'] > '0') {
  3372. $sql = "UPDATE $table_user_tag SET count = count - 1 WHERE id = $key ";
  3373. Database::query($sql);
  3374. }
  3375. $sql = "DELETE FROM $table_user_tag_values
  3376. WHERE user_id = $user_id AND tag_id = $key";
  3377. Database::query($sql);
  3378. }
  3379. }
  3380. }
  3381. /**
  3382. * Process the tag list comes from the UserManager::update_extra_field_value() function
  3383. * @param array $tags the tag list that will be added
  3384. * @param int $user_id
  3385. * @param int $field_id
  3386. *
  3387. * @return bool
  3388. */
  3389. public static function process_tags($tags, $user_id, $field_id)
  3390. {
  3391. // We loop the tags and add it to the DB
  3392. if (is_array($tags)) {
  3393. foreach ($tags as $tag) {
  3394. self::add_tag($tag, $user_id, $field_id);
  3395. }
  3396. } else {
  3397. self::add_tag($tags, $user_id, $field_id);
  3398. }
  3399. return true;
  3400. }
  3401. /**
  3402. * Returns a list of all administrators
  3403. *
  3404. * @return array
  3405. */
  3406. public static function get_all_administrators()
  3407. {
  3408. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  3409. $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
  3410. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  3411. $access_url_id = api_get_current_access_url_id();
  3412. if (api_get_multiple_access_url()) {
  3413. $sql = "SELECT admin.user_id, username, firstname, lastname, email, active
  3414. FROM $tbl_url_rel_user as url
  3415. INNER JOIN $table_admin as admin
  3416. ON (admin.user_id=url.user_id)
  3417. INNER JOIN $table_user u
  3418. ON (u.id=admin.user_id)
  3419. WHERE access_url_id ='".$access_url_id."'";
  3420. } else {
  3421. $sql = "SELECT admin.user_id, username, firstname, lastname, email, active
  3422. FROM $table_admin as admin
  3423. INNER JOIN $table_user u
  3424. ON (u.id=admin.user_id)";
  3425. }
  3426. $result = Database::query($sql);
  3427. $return = array();
  3428. if (Database::num_rows($result) > 0) {
  3429. while ($row = Database::fetch_array($result, 'ASSOC')) {
  3430. $return[$row['user_id']] = $row;
  3431. }
  3432. }
  3433. return $return;
  3434. }
  3435. /**
  3436. * Search an user (tags, first name, last name and email )
  3437. * @param string $tag
  3438. * @param int $field_id field id of the tag
  3439. * @param int $from where to start in the query
  3440. * @param int $number_of_items
  3441. * @param bool $getCount get count or not
  3442. * @return array
  3443. */
  3444. public static function get_all_user_tags(
  3445. $tag,
  3446. $field_id = 0,
  3447. $from = 0,
  3448. $number_of_items = 10,
  3449. $getCount = false
  3450. ) {
  3451. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  3452. $table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
  3453. $table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
  3454. $access_url_rel_user_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  3455. $field_id = intval($field_id);
  3456. $from = intval($from);
  3457. $number_of_items = intval($number_of_items);
  3458. $where_field = "";
  3459. $where_extra_fields = self::get_search_form_where_extra_fields();
  3460. if ($field_id != 0) {
  3461. $where_field = " field_id = $field_id AND ";
  3462. }
  3463. // all the information of the field
  3464. if ($getCount) {
  3465. $select = "SELECT count(DISTINCT u.id) count";
  3466. } else {
  3467. $select = "SELECT DISTINCT u.id, u.username, firstname, lastname, email, tag, picture_uri";
  3468. }
  3469. $sql = " $select
  3470. FROM $user_table u
  3471. INNER JOIN $access_url_rel_user_table url_rel_user
  3472. ON (u.id = url_rel_user.user_id)
  3473. LEFT JOIN $table_user_tag_values uv
  3474. ON (u.id AND uv.user_id AND uv.user_id = url_rel_user.user_id)
  3475. LEFT JOIN $table_user_tag ut ON (uv.tag_id = ut.id)
  3476. WHERE
  3477. ($where_field tag LIKE '".Database::escape_string($tag."%")."') OR
  3478. (
  3479. u.firstname LIKE '".Database::escape_string("%".$tag."%")."' OR
  3480. u.lastname LIKE '".Database::escape_string("%".$tag."%")."' OR
  3481. u.username LIKE '".Database::escape_string("%".$tag."%")."' OR
  3482. concat(u.firstname, ' ', u.lastname) LIKE '".Database::escape_string("%".$tag."%")."' OR
  3483. concat(u.lastname, ' ', u.firstname) LIKE '".Database::escape_string("%".$tag."%")."'
  3484. )
  3485. ".(!empty($where_extra_fields) ? $where_extra_fields : '')."
  3486. AND url_rel_user.access_url_id=".api_get_current_access_url_id();
  3487. $keyword_active = true;
  3488. // only active users
  3489. if ($keyword_active) {
  3490. $sql .= " AND u.active='1'";
  3491. }
  3492. // avoid anonymous
  3493. $sql .= " AND u.status <> 6 ";
  3494. $sql .= " ORDER BY username";
  3495. $sql .= " LIMIT $from , $number_of_items";
  3496. $result = Database::query($sql);
  3497. $return = array();
  3498. if (Database::num_rows($result) > 0) {
  3499. if ($getCount) {
  3500. $row = Database::fetch_array($result, 'ASSOC');
  3501. return $row['count'];
  3502. }
  3503. while ($row = Database::fetch_array($result, 'ASSOC')) {
  3504. if (isset($return[$row['id']]) &&
  3505. !empty($return[$row['id']]['tag'])
  3506. ) {
  3507. $url = Display::url(
  3508. $row['tag'],
  3509. api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'],
  3510. array('class' => 'tag')
  3511. );
  3512. $row['tag'] = $url;
  3513. }
  3514. $return[$row['id']] = $row;
  3515. }
  3516. }
  3517. return $return;
  3518. }
  3519. /**
  3520. * Get extra filtrable user fields (only type select)
  3521. * @return array
  3522. */
  3523. public static function get_extra_filtrable_fields()
  3524. {
  3525. $extraFieldList = self::get_extra_fields();
  3526. $extraFiltrableFields = array();
  3527. if (is_array($extraFieldList)) {
  3528. foreach ($extraFieldList as $extraField) {
  3529. // If is enabled to filter and is a "<select>" field type
  3530. if ($extraField[8] == 1 && $extraField[2] == 4) {
  3531. $extraFiltrableFields[] = array(
  3532. 'name' => $extraField[3],
  3533. 'variable' => $extraField[1],
  3534. 'data' => $extraField[9],
  3535. );
  3536. }
  3537. }
  3538. }
  3539. if (is_array($extraFiltrableFields) && count($extraFiltrableFields) > 0) {
  3540. return $extraFiltrableFields;
  3541. }
  3542. }
  3543. /**
  3544. * Get extra where clauses for finding users based on extra filtrable user fields (type select)
  3545. * @return string With AND clauses based on user's ID which have the values to search in extra user fields
  3546. */
  3547. public static function get_search_form_where_extra_fields()
  3548. {
  3549. $useExtraFields = false;
  3550. $extraFields = self::get_extra_filtrable_fields();
  3551. $extraFieldResult = array();
  3552. if (is_array($extraFields) && count($extraFields) > 0) {
  3553. foreach ($extraFields as $extraField) {
  3554. $varName = 'field_'.$extraField['variable'];
  3555. if (self::is_extra_field_available($extraField['variable'])) {
  3556. if (isset($_GET[$varName]) && $_GET[$varName] != '0') {
  3557. $useExtraFields = true;
  3558. $extraFieldResult[] = self::get_extra_user_data_by_value(
  3559. $extraField['variable'],
  3560. $_GET[$varName]
  3561. );
  3562. }
  3563. }
  3564. }
  3565. }
  3566. if ($useExtraFields) {
  3567. $finalResult = array();
  3568. if (count($extraFieldResult) > 1) {
  3569. for ($i = 0; $i < count($extraFieldResult) - 1; $i++) {
  3570. if (is_array($extraFieldResult[$i]) && is_array($extraFieldResult[$i + 1])) {
  3571. $finalResult = array_intersect($extraFieldResult[$i], $extraFieldResult[$i + 1]);
  3572. }
  3573. }
  3574. } else {
  3575. $finalResult = $extraFieldResult[0];
  3576. }
  3577. if (is_array($finalResult) && count($finalResult) > 0) {
  3578. $whereFilter = " AND u.id IN ('".implode("','", $finalResult)."') ";
  3579. } else {
  3580. //no results
  3581. $whereFilter = " AND u.id = -1 ";
  3582. }
  3583. return $whereFilter;
  3584. }
  3585. }
  3586. /**
  3587. * Show the search form
  3588. * @param string $query the value of the search box
  3589. * @return string HTML form
  3590. */
  3591. public static function get_search_form($query, $defaultParams = [])
  3592. {
  3593. $searchType = isset($_GET['search_type']) ? $_GET['search_type'] : null;
  3594. $form = new FormValidator(
  3595. 'search_user',
  3596. 'get',
  3597. api_get_path(WEB_PATH).'main/social/search.php',
  3598. '',
  3599. array(),
  3600. FormValidator::LAYOUT_HORIZONTAL
  3601. );
  3602. $form->addText('q', get_lang('UsersGroups'), false, array(
  3603. "id" => "q"
  3604. ));
  3605. $options = array(
  3606. 0 => get_lang('Select'),
  3607. 1 => get_lang('User'),
  3608. 2 => get_lang('Group'),
  3609. );
  3610. $form->addSelect(
  3611. 'search_type',
  3612. get_lang('Type'),
  3613. $options,
  3614. array('onchange' => 'javascript: extra_field_toogle();', 'id' => 'search_type')
  3615. );
  3616. // Extra fields
  3617. $extraFields = self::get_extra_filtrable_fields();
  3618. $defaults = [];
  3619. if (is_array($extraFields) && count($extraFields) > 0) {
  3620. foreach ($extraFields as $extraField) {
  3621. $varName = 'field_'.$extraField['variable'];
  3622. $options = [
  3623. 0 => get_lang('Select'),
  3624. ];
  3625. foreach ($extraField['data'] as $option) {
  3626. $checked = '';
  3627. if (isset($_GET[$varName])) {
  3628. if ($_GET[$varName] == $option[1]) {
  3629. $defaults[$option[1]] = true;
  3630. }
  3631. }
  3632. $options[$option[1]] = $option[1];
  3633. }
  3634. $form->addSelect($varName, $extraField['name'], $options);
  3635. }
  3636. }
  3637. $defaults['search_type'] = intval($searchType);
  3638. $defaults['q'] = api_htmlentities(Security::remove_XSS($query));
  3639. if (!empty($defaultParams)) {
  3640. $defaults = array_merge($defaults, $defaultParams);
  3641. }
  3642. $form->setDefaults($defaults);
  3643. $form->addButtonSearch(get_lang('Search'));
  3644. $js = '<script>
  3645. extra_field_toogle();
  3646. function extra_field_toogle() {
  3647. if (jQuery("select[name=search_type]").val() != "1") { jQuery(".extra_field").hide(); } else { jQuery(".extra_field").show(); }
  3648. }
  3649. </script>';
  3650. return $js.$form->returnForm();
  3651. }
  3652. /**
  3653. * Shows the user menu
  3654. */
  3655. public static function show_menu()
  3656. {
  3657. echo '<div class="actions">';
  3658. echo '<a href="/main/auth/profile.php">'.Display::return_icon('profile.png').' '.get_lang('PersonalData').'</a>';
  3659. echo '<a href="/main/messages/inbox.php">'.Display::return_icon('inbox.png').' '.get_lang('Inbox').'</a>';
  3660. echo '<a href="/main/messages/outbox.php">'.Display::return_icon('outbox.png').' '.get_lang('Outbox').'</a>';
  3661. echo '<span style="float:right; padding-top:7px;">'.
  3662. '<a href="/main/auth/profile.php?show=1">'.Display::return_icon('edit.gif').' '.get_lang('Configuration').'</a>';
  3663. '</span>';
  3664. echo '</div>';
  3665. }
  3666. /**
  3667. * Allow to register contact to social network
  3668. * @param int $friend_id user friend id
  3669. * @param int $my_user_id user id
  3670. * @param int $relation_type relation between users see constants definition
  3671. */
  3672. public static function relate_users($friend_id, $my_user_id, $relation_type)
  3673. {
  3674. $tbl_my_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  3675. $friend_id = intval($friend_id);
  3676. $my_user_id = intval($my_user_id);
  3677. $relation_type = intval($relation_type);
  3678. $sql = 'SELECT COUNT(*) as count FROM '.$tbl_my_friend.'
  3679. WHERE
  3680. friend_user_id='.$friend_id.' AND
  3681. user_id='.$my_user_id.' AND
  3682. relation_type <> '.USER_RELATION_TYPE_RRHH.' ';
  3683. $result = Database::query($sql);
  3684. $row = Database::fetch_array($result, 'ASSOC');
  3685. $current_date = api_get_utc_datetime();
  3686. if ($row['count'] == 0) {
  3687. $sql = 'INSERT INTO '.$tbl_my_friend.'(friend_user_id,user_id,relation_type,last_edit)
  3688. VALUES ('.$friend_id.','.$my_user_id.','.$relation_type.',"'.$current_date.'")';
  3689. Database::query($sql);
  3690. return true;
  3691. }
  3692. $sql = 'SELECT COUNT(*) as count, relation_type FROM '.$tbl_my_friend.'
  3693. WHERE
  3694. friend_user_id='.$friend_id.' AND
  3695. user_id='.$my_user_id.' AND
  3696. relation_type <> '.USER_RELATION_TYPE_RRHH.' ';
  3697. $result = Database::query($sql);
  3698. $row = Database::fetch_array($result, 'ASSOC');
  3699. if ($row['count'] == 1) {
  3700. //only for the case of a RRHH
  3701. if ($row['relation_type'] != $relation_type && $relation_type == USER_RELATION_TYPE_RRHH) {
  3702. $sql = 'INSERT INTO '.$tbl_my_friend.'(friend_user_id,user_id,relation_type,last_edit)
  3703. VALUES ('.$friend_id.','.$my_user_id.','.$relation_type.',"'.$current_date.'")';
  3704. } else {
  3705. $sql = 'UPDATE '.$tbl_my_friend.' SET relation_type='.$relation_type.'
  3706. WHERE friend_user_id='.$friend_id.' AND user_id='.$my_user_id;
  3707. }
  3708. Database::query($sql);
  3709. return true;
  3710. }
  3711. return false;
  3712. }
  3713. /**
  3714. * Deletes a contact
  3715. * @param int user friend id
  3716. * @param bool true will delete ALL friends relationship from $friend_id
  3717. * @author isaac flores paz <isaac.flores@dokeos.com>
  3718. * @author Julio Montoya <gugli100@gmail.com> Cleaning code
  3719. */
  3720. public static function remove_user_rel_user($friend_id, $real_removed = false, $with_status_condition = '')
  3721. {
  3722. $tbl_my_friend = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  3723. $tbl_my_message = Database::get_main_table(TABLE_MESSAGE);
  3724. $friend_id = intval($friend_id);
  3725. if ($real_removed) {
  3726. $extra_condition = '';
  3727. if ($with_status_condition != '') {
  3728. $extra_condition = ' AND relation_type = '.intval($with_status_condition);
  3729. }
  3730. $sql = 'DELETE FROM '.$tbl_my_friend.'
  3731. WHERE relation_type <> '.USER_RELATION_TYPE_RRHH.' AND friend_user_id='.$friend_id.' '.$extra_condition;
  3732. Database::query($sql);
  3733. $sql = 'DELETE FROM '.$tbl_my_friend.'
  3734. WHERE relation_type <> '.USER_RELATION_TYPE_RRHH.' AND user_id='.$friend_id.' '.$extra_condition;
  3735. Database::query($sql);
  3736. } else {
  3737. $user_id = api_get_user_id();
  3738. $sql = 'SELECT COUNT(*) as count FROM '.$tbl_my_friend.'
  3739. WHERE
  3740. user_id='.$user_id.' AND
  3741. relation_type NOT IN('.USER_RELATION_TYPE_DELETED.', '.USER_RELATION_TYPE_RRHH.') AND
  3742. friend_user_id='.$friend_id;
  3743. $result = Database::query($sql);
  3744. $row = Database::fetch_array($result, 'ASSOC');
  3745. if ($row['count'] == 1) {
  3746. //Delete user rel user
  3747. $sql_i = 'UPDATE '.$tbl_my_friend.' SET relation_type='.USER_RELATION_TYPE_DELETED.'
  3748. WHERE user_id='.$user_id.' AND friend_user_id='.$friend_id;
  3749. $sql_j = 'UPDATE '.$tbl_my_message.' SET msg_status='.MESSAGE_STATUS_INVITATION_DENIED.'
  3750. WHERE user_receiver_id='.$user_id.' AND user_sender_id='.$friend_id.' AND update_date="0000-00-00 00:00:00" ';
  3751. //Delete user
  3752. $sql_ij = 'UPDATE '.$tbl_my_friend.' SET relation_type='.USER_RELATION_TYPE_DELETED.'
  3753. WHERE user_id='.$friend_id.' AND friend_user_id='.$user_id;
  3754. $sql_ji = 'UPDATE '.$tbl_my_message.' SET msg_status='.MESSAGE_STATUS_INVITATION_DENIED.'
  3755. WHERE user_receiver_id='.$friend_id.' AND user_sender_id='.$user_id.' AND update_date="0000-00-00 00:00:00" ';
  3756. Database::query($sql_i);
  3757. Database::query($sql_j);
  3758. Database::query($sql_ij);
  3759. Database::query($sql_ji);
  3760. }
  3761. }
  3762. }
  3763. /**
  3764. * @param int $userId
  3765. * @return array
  3766. */
  3767. public static function getDrhListFromUser($userId)
  3768. {
  3769. $tblUser = Database::get_main_table(TABLE_MAIN_USER);
  3770. $tblUserRelUser = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  3771. $tblUserRelAccessUrl = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  3772. $userId = intval($userId);
  3773. $orderBy = null;
  3774. if (api_is_western_name_order()) {
  3775. $orderBy .= " ORDER BY firstname, lastname ";
  3776. } else {
  3777. $orderBy .= " ORDER BY lastname, firstname ";
  3778. }
  3779. $sql = "SELECT u.id, username, u.firstname, u.lastname
  3780. FROM $tblUser u
  3781. INNER JOIN $tblUserRelUser uru ON (uru.friend_user_id = u.id)
  3782. INNER JOIN $tblUserRelAccessUrl a ON (a.user_id = u.id)
  3783. WHERE
  3784. access_url_id = ".api_get_current_access_url_id()." AND
  3785. uru.user_id = '$userId' AND
  3786. relation_type = '".USER_RELATION_TYPE_RRHH."'
  3787. $orderBy
  3788. ";
  3789. $result = Database::query($sql);
  3790. return Database::store_result($result);
  3791. }
  3792. /**
  3793. * get users followed by human resource manager
  3794. * @param int $userId
  3795. * @param int $userStatus (STUDENT, COURSEMANAGER, etc)
  3796. * @param bool $getOnlyUserId
  3797. * @param bool $getSql
  3798. * @param bool $getCount
  3799. * @param int $from
  3800. * @param int $numberItems
  3801. * @param int $column
  3802. * @param string $direction
  3803. * @param int $active
  3804. * @param string $lastConnectionDate
  3805. * @return array users
  3806. */
  3807. public static function get_users_followed_by_drh(
  3808. $userId,
  3809. $userStatus = 0,
  3810. $getOnlyUserId = false,
  3811. $getSql = false,
  3812. $getCount = false,
  3813. $from = null,
  3814. $numberItems = null,
  3815. $column = null,
  3816. $direction = null,
  3817. $active = null,
  3818. $lastConnectionDate = null
  3819. ) {
  3820. return self::getUsersFollowedByUser(
  3821. $userId,
  3822. $userStatus,
  3823. $getOnlyUserId,
  3824. $getSql,
  3825. $getCount,
  3826. $from,
  3827. $numberItems,
  3828. $column,
  3829. $direction,
  3830. $active,
  3831. $lastConnectionDate,
  3832. DRH
  3833. );
  3834. }
  3835. /**
  3836. * Get users followed by human resource manager
  3837. * @param int $userId
  3838. * @param int $userStatus Filter users by status (STUDENT, COURSEMANAGER, etc)
  3839. * @param bool $getOnlyUserId
  3840. * @param bool $getSql
  3841. * @param bool $getCount
  3842. * @param int $from
  3843. * @param int $numberItems
  3844. * @param int $column
  3845. * @param string $direction
  3846. * @param int $active
  3847. * @param string $lastConnectionDate
  3848. * @param int $status the function is called by who? COURSEMANAGER, DRH?
  3849. * @param string $keyword
  3850. *
  3851. * @return array user list
  3852. */
  3853. public static function getUsersFollowedByUser(
  3854. $userId,
  3855. $userStatus = null,
  3856. $getOnlyUserId = false,
  3857. $getSql = false,
  3858. $getCount = false,
  3859. $from = null,
  3860. $numberItems = null,
  3861. $column = null,
  3862. $direction = null,
  3863. $active = null,
  3864. $lastConnectionDate = null,
  3865. $status = null,
  3866. $keyword = null
  3867. ) {
  3868. // Database Table Definitions
  3869. $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
  3870. $tbl_user_rel_user = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  3871. $tbl_user_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  3872. $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION);
  3873. $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  3874. $tbl_session_rel_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  3875. $tbl_session_rel_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
  3876. $tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
  3877. $userId = intval($userId);
  3878. $limitCondition = '';
  3879. if (isset($from) && isset($numberItems)) {
  3880. $from = intval($from);
  3881. $numberItems = intval($numberItems);
  3882. $limitCondition = "LIMIT $from, $numberItems";
  3883. }
  3884. $column = Database::escape_string($column);
  3885. $direction = in_array(strtolower($direction), array('asc', 'desc')) ? $direction : null;
  3886. $userConditions = '';
  3887. if (!empty($userStatus)) {
  3888. $userConditions .= ' AND u.status = '.intval($userStatus);
  3889. }
  3890. $select = " SELECT DISTINCT u.id user_id, u.username, u.lastname, u.firstname, u.email ";
  3891. if ($getOnlyUserId) {
  3892. $select = " SELECT DISTINCT u.id user_id";
  3893. }
  3894. $masterSelect = "SELECT DISTINCT * FROM ";
  3895. if ($getCount) {
  3896. $masterSelect = "SELECT COUNT(DISTINCT(user_id)) as count FROM ";
  3897. $select = " SELECT DISTINCT(u.id) user_id";
  3898. }
  3899. if (!is_null($active)) {
  3900. $active = intval($active);
  3901. $userConditions .= " AND u.active = $active ";
  3902. }
  3903. if (!empty($keyword)) {
  3904. $keyword = Database::escape_string($keyword);
  3905. $userConditions .= " AND (
  3906. u.username LIKE '%$keyword%' OR
  3907. u.firstname LIKE '%$keyword%' OR
  3908. u.lastname LIKE '%$keyword%' OR
  3909. u.official_code LIKE '%$keyword%' OR
  3910. u.email LIKE '%$keyword%'
  3911. )";
  3912. }
  3913. if (!empty($lastConnectionDate)) {
  3914. $lastConnectionDate = Database::escape_string($lastConnectionDate);
  3915. $userConditions .= " AND u.last_login <= '$lastConnectionDate' ";
  3916. }
  3917. $courseConditions = null;
  3918. $sessionConditionsCoach = null;
  3919. $sessionConditionsTeacher = null;
  3920. $drhConditions = null;
  3921. $teacherSelect = null;
  3922. switch ($status) {
  3923. case DRH:
  3924. $drhConditions .= " AND
  3925. friend_user_id = '$userId' AND
  3926. relation_type = '".USER_RELATION_TYPE_RRHH."'
  3927. ";
  3928. break;
  3929. case COURSEMANAGER:
  3930. $drhConditions .= " AND
  3931. friend_user_id = '$userId' AND
  3932. relation_type = '".USER_RELATION_TYPE_RRHH."'
  3933. ";
  3934. $sessionConditionsCoach .= " AND
  3935. (s.id_coach = '$userId')
  3936. ";
  3937. $sessionConditionsTeacher .= " AND
  3938. (scu.status = 2 AND scu.user_id = '$userId')
  3939. ";
  3940. $teacherSelect =
  3941. "UNION ALL (
  3942. $select
  3943. FROM $tbl_user u
  3944. INNER JOIN $tbl_session_rel_user sru ON (sru.user_id = u.id)
  3945. WHERE
  3946. (
  3947. sru.session_id IN (
  3948. SELECT DISTINCT(s.id) FROM $tbl_session s INNER JOIN
  3949. $tbl_session_rel_access_url session_rel_access_rel_user
  3950. ON session_rel_access_rel_user.session_id = s.id
  3951. WHERE access_url_id = ".api_get_current_access_url_id()."
  3952. $sessionConditionsCoach
  3953. ) OR sru.session_id IN (
  3954. SELECT DISTINCT(s.id) FROM $tbl_session s
  3955. INNER JOIN $tbl_session_rel_access_url url
  3956. ON (url.session_id = s.id)
  3957. INNER JOIN $tbl_session_rel_course_rel_user scu
  3958. ON (scu.session_id = s.id)
  3959. WHERE access_url_id = ".api_get_current_access_url_id()."
  3960. $sessionConditionsTeacher
  3961. )
  3962. )
  3963. $userConditions
  3964. )
  3965. UNION ALL(
  3966. $select
  3967. FROM $tbl_user u
  3968. INNER JOIN $tbl_course_user cu ON (cu.user_id = u.id)
  3969. WHERE cu.c_id IN (
  3970. SELECT DISTINCT(c_id) FROM $tbl_course_user
  3971. WHERE user_id = $userId AND status = ".COURSEMANAGER."
  3972. )
  3973. $userConditions
  3974. )"
  3975. ;
  3976. break;
  3977. case STUDENT_BOSS:
  3978. $drhConditions = " AND friend_user_id = $userId AND relation_type = ".USER_RELATION_TYPE_BOSS;
  3979. break;
  3980. }
  3981. $join = null;
  3982. $sql = " $masterSelect
  3983. (
  3984. (
  3985. $select
  3986. FROM $tbl_user u
  3987. INNER JOIN $tbl_user_rel_user uru ON (uru.user_id = u.id)
  3988. LEFT JOIN $tbl_user_rel_access_url a ON (a.user_id = u.id)
  3989. $join
  3990. WHERE
  3991. access_url_id = ".api_get_current_access_url_id()."
  3992. $drhConditions
  3993. $userConditions
  3994. )
  3995. $teacherSelect
  3996. ) as t1";
  3997. if ($getSql) {
  3998. return $sql;
  3999. }
  4000. if ($getCount) {
  4001. $result = Database::query($sql);
  4002. $row = Database::fetch_array($result);
  4003. return $row['count'];
  4004. }
  4005. $orderBy = null;
  4006. if ($getOnlyUserId == false) {
  4007. if (api_is_western_name_order()) {
  4008. $orderBy .= " ORDER BY firstname, lastname ";
  4009. } else {
  4010. $orderBy .= " ORDER BY lastname, firstname ";
  4011. }
  4012. if (!empty($column) && !empty($direction)) {
  4013. // Fixing order due the UNIONs
  4014. $column = str_replace('u.', '', $column);
  4015. $orderBy = " ORDER BY $column $direction ";
  4016. }
  4017. }
  4018. $sql .= $orderBy;
  4019. $sql .= $limitCondition;
  4020. $result = Database::query($sql);
  4021. $users = array();
  4022. if (Database::num_rows($result) > 0) {
  4023. while ($row = Database::fetch_array($result)) {
  4024. $users[$row['user_id']] = $row;
  4025. }
  4026. }
  4027. return $users;
  4028. }
  4029. /**
  4030. * Subscribes users to human resource manager (Dashboard feature)
  4031. * @param int $hr_dept_id
  4032. * @param array $users_id
  4033. * @param int affected rows
  4034. * */
  4035. public static function subscribeUsersToHRManager($hr_dept_id, $users_id)
  4036. {
  4037. return self::subscribeUsersToUser($hr_dept_id, $users_id, USER_RELATION_TYPE_RRHH);
  4038. }
  4039. /**
  4040. * Add subscribed users to a user by relation type
  4041. * @param int $userId The user id
  4042. * @param array $subscribedUsersId The id of suscribed users
  4043. * @param string $relationType The relation type
  4044. * @param bool $deleteUsersBeforeInsert
  4045. */
  4046. public static function subscribeUsersToUser($userId, $subscribedUsersId, $relationType, $deleteUsersBeforeInsert = false)
  4047. {
  4048. $userRelUserTable = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  4049. $userRelAccessUrlTable = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  4050. $userId = intval($userId);
  4051. $relationType = intval($relationType);
  4052. $affectedRows = 0;
  4053. if (api_get_multiple_access_url()) {
  4054. // Deleting assigned users to hrm_id
  4055. $sql = "SELECT s.user_id FROM $userRelUserTable s
  4056. INNER JOIN $userRelAccessUrlTable a ON (a.user_id = s.user_id)
  4057. WHERE
  4058. friend_user_id = $userId AND
  4059. relation_type = $relationType AND
  4060. access_url_id = ".api_get_current_access_url_id();
  4061. } else {
  4062. $sql = "SELECT user_id FROM $userRelUserTable
  4063. WHERE friend_user_id = $userId
  4064. AND relation_type = $relationType";
  4065. }
  4066. $result = Database::query($sql);
  4067. if (Database::num_rows($result) > 0) {
  4068. while ($row = Database::fetch_array($result)) {
  4069. $sql = "DELETE FROM $userRelUserTable
  4070. WHERE
  4071. user_id = {$row['user_id']} AND
  4072. friend_user_id = $userId AND
  4073. relation_type = $relationType";
  4074. Database::query($sql);
  4075. }
  4076. }
  4077. if ($deleteUsersBeforeInsert) {
  4078. $sql = "DELETE FROM $userRelUserTable
  4079. WHERE
  4080. user_id = $userId AND
  4081. relation_type = $relationType";
  4082. Database::query($sql);
  4083. }
  4084. // Inserting new user list
  4085. if (is_array($subscribedUsersId)) {
  4086. foreach ($subscribedUsersId as $subscribedUserId) {
  4087. $subscribedUserId = intval($subscribedUserId);
  4088. $sql = "INSERT IGNORE INTO $userRelUserTable (user_id, friend_user_id, relation_type)
  4089. VALUES ($subscribedUserId, $userId, $relationType)";
  4090. $result = Database::query($sql);
  4091. $affectedRows = Database::affected_rows($result);
  4092. }
  4093. }
  4094. return $affectedRows;
  4095. }
  4096. /**
  4097. * This function check if an user is followed by human resources manager
  4098. * @param int $user_id
  4099. * @param int $hr_dept_id Human resources manager
  4100. * @return bool
  4101. */
  4102. public static function is_user_followed_by_drh($user_id, $hr_dept_id)
  4103. {
  4104. // Database table and variables Definitions
  4105. $tbl_user_rel_user = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  4106. $user_id = intval($user_id);
  4107. $hr_dept_id = intval($hr_dept_id);
  4108. $result = false;
  4109. $sql = "SELECT user_id FROM $tbl_user_rel_user
  4110. WHERE
  4111. user_id = $user_id AND
  4112. friend_user_id = $hr_dept_id AND
  4113. relation_type = ".USER_RELATION_TYPE_RRHH;
  4114. $rs = Database::query($sql);
  4115. if (Database::num_rows($rs) > 0) {
  4116. $result = true;
  4117. }
  4118. return $result;
  4119. }
  4120. /**
  4121. * get user id of teacher or session administrator
  4122. * @param array $courseInfo
  4123. *
  4124. * @return int The user id
  4125. */
  4126. public static function get_user_id_of_course_admin_or_session_admin($courseInfo)
  4127. {
  4128. $session = api_get_session_id();
  4129. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  4130. $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  4131. $table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  4132. $courseId = $courseInfo['real_id'];
  4133. if ($session == 0 || is_null($session)) {
  4134. $sql = 'SELECT u.id uid FROM '.$table_user.' u
  4135. INNER JOIN '.$table_course_user.' ru
  4136. ON ru.user_id = u.id
  4137. WHERE
  4138. ru.status = 1 AND
  4139. ru.c_id = "'.$courseId.'" ';
  4140. $rs = Database::query($sql);
  4141. $num_rows = Database::num_rows($rs);
  4142. if ($num_rows == 1) {
  4143. $row = Database::fetch_array($rs);
  4144. return $row['uid'];
  4145. } else {
  4146. $my_num_rows = $num_rows;
  4147. $my_user_id = Database::result($rs, $my_num_rows - 1, 'uid');
  4148. return $my_user_id;
  4149. }
  4150. } elseif ($session > 0) {
  4151. $sql = 'SELECT u.id uid FROM '.$table_user.' u
  4152. INNER JOIN '.$table_session_course_user.' sru
  4153. ON sru.user_id=u.id
  4154. WHERE
  4155. sru.c_id="'.$courseId.'" AND
  4156. sru.status=2';
  4157. $rs = Database::query($sql);
  4158. $row = Database::fetch_array($rs);
  4159. return $row['uid'];
  4160. }
  4161. }
  4162. /**
  4163. * Determines if a user is a gradebook certified
  4164. * @param int $cat_id The category id of gradebook
  4165. * @param int $user_id The user id
  4166. * @return boolean
  4167. */
  4168. public static function is_user_certified($cat_id, $user_id)
  4169. {
  4170. $table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
  4171. $sql = 'SELECT path_certificate FROM '.$table_certificate.'
  4172. WHERE
  4173. cat_id="'.intval($cat_id).'" AND
  4174. user_id="'.intval($user_id).'"';
  4175. $rs = Database::query($sql);
  4176. $row = Database::fetch_array($rs);
  4177. if ($row['path_certificate'] == '' || is_null($row['path_certificate'])) {
  4178. return false;
  4179. } else {
  4180. return true;
  4181. }
  4182. }
  4183. /**
  4184. * Gets the info about a gradebook certificate for a user by course
  4185. * @param string $course_code The course code
  4186. * @param int $user_id The user id
  4187. * @return array if there is not information return false
  4188. */
  4189. public static function get_info_gradebook_certificate($course_code, $user_id)
  4190. {
  4191. $tbl_grade_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
  4192. $tbl_grade_category = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
  4193. $session_id = api_get_session_id();
  4194. if (empty($session_id)) {
  4195. $session_condition = ' AND (session_id = "" OR session_id = 0 OR session_id IS NULL )';
  4196. } else {
  4197. $session_condition = " AND session_id = $session_id";
  4198. }
  4199. $sql = 'SELECT * FROM '.$tbl_grade_certificate.' WHERE cat_id = (SELECT id FROM '.$tbl_grade_category.'
  4200. WHERE
  4201. course_code = "'.Database::escape_string($course_code).'" '.$session_condition.' LIMIT 1 ) AND
  4202. user_id='.intval($user_id);
  4203. $rs = Database::query($sql);
  4204. if (Database::num_rows($rs) > 0) {
  4205. $row = Database::fetch_array($rs, 'ASSOC');
  4206. $score = $row['score_certificate'];
  4207. $category_id = $row['cat_id'];
  4208. $cat = Category::load($category_id);
  4209. $displayscore = ScoreDisplay::instance();
  4210. if (isset($cat) && $displayscore->is_custom()) {
  4211. $grade = $displayscore->display_score(array($score, $cat[0]->get_weight()), SCORE_DIV_PERCENT_WITH_CUSTOM);
  4212. } else {
  4213. $grade = $displayscore->display_score(array($score, $cat[0]->get_weight()));
  4214. }
  4215. $row['grade'] = $grade;
  4216. return $row;
  4217. }
  4218. return false;
  4219. }
  4220. /**
  4221. * Gets the user path of user certificated
  4222. * @param int The user id
  4223. * @return array containing path_certificate and cat_id
  4224. */
  4225. public static function get_user_path_certificate($user_id)
  4226. {
  4227. $my_certificate = array();
  4228. $table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
  4229. $table_gradebook_category = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
  4230. $session_id = api_get_session_id();
  4231. $user_id = intval($user_id);
  4232. if ($session_id == 0 || is_null($session_id)) {
  4233. $sql_session = 'AND (session_id='.intval($session_id).' OR isnull(session_id)) ';
  4234. } elseif ($session_id > 0) {
  4235. $sql_session = 'AND session_id='.intval($session_id);
  4236. } else {
  4237. $sql_session = '';
  4238. }
  4239. $sql = "SELECT tc.path_certificate,tc.cat_id,tgc.course_code,tgc.name
  4240. FROM $table_certificate tc, $table_gradebook_category tgc
  4241. WHERE tgc.id = tc.cat_id AND tc.user_id = $user_id
  4242. ORDER BY tc.date_certificate DESC
  4243. LIMIT 5";
  4244. $rs = Database::query($sql);
  4245. while ($row = Database::fetch_array($rs)) {
  4246. $my_certificate[] = $row;
  4247. }
  4248. return $my_certificate;
  4249. }
  4250. /**
  4251. * This function check if the user is a coach inside session course
  4252. * @param int $user_id User id
  4253. * @param int $courseId
  4254. * @param int $session_id
  4255. * @return bool True if the user is a coach
  4256. *
  4257. */
  4258. public static function is_session_course_coach($user_id, $courseId, $session_id)
  4259. {
  4260. $tbl_session_course_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  4261. // Protect data
  4262. $user_id = intval($user_id);
  4263. $courseId = intval($courseId);
  4264. $session_id = intval($session_id);
  4265. $result = false;
  4266. $sql = "SELECT session_id FROM $tbl_session_course_rel_user
  4267. WHERE
  4268. session_id = $session_id AND
  4269. c_id = $courseId AND
  4270. user_id = $user_id AND
  4271. status = 2 ";
  4272. $res = Database::query($sql);
  4273. if (Database::num_rows($res) > 0) {
  4274. $result = true;
  4275. }
  4276. return $result;
  4277. }
  4278. /**
  4279. * This function returns an icon path that represents the favicon of the website of which the url given.
  4280. * Defaults to the current Chamilo favicon
  4281. * @param string $url1 URL of website where to look for favicon.ico
  4282. * @param string $url2 Optional second URL of website where to look for favicon.ico
  4283. * @return string Path of icon to load
  4284. */
  4285. public static function get_favicon_from_url($url1, $url2 = null)
  4286. {
  4287. $icon_link = '';
  4288. $url = $url1;
  4289. if (empty($url1)) {
  4290. $url = $url2;
  4291. if (empty($url)) {
  4292. $url = api_get_access_url(api_get_current_access_url_id());
  4293. $url = $url[0];
  4294. }
  4295. }
  4296. if (!empty($url)) {
  4297. $pieces = parse_url($url);
  4298. $icon_link = $pieces['scheme'].'://'.$pieces['host'].'/favicon.ico';
  4299. }
  4300. return $icon_link;
  4301. }
  4302. /**
  4303. *
  4304. * @param int student id
  4305. * @param int years
  4306. * @param bool show warning_message
  4307. * @param bool return_timestamp
  4308. */
  4309. public static function delete_inactive_student($student_id, $years = 2, $warning_message = false, $return_timestamp = false)
  4310. {
  4311. $tbl_track_login = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LOGIN);
  4312. $sql = 'SELECT login_date FROM '.$tbl_track_login.'
  4313. WHERE login_user_id = '.intval($student_id).'
  4314. ORDER BY login_date DESC LIMIT 0,1';
  4315. if (empty($years)) {
  4316. $years = 1;
  4317. }
  4318. $inactive_time = $years * 31536000; //1 year
  4319. $rs = Database::query($sql);
  4320. if (Database::num_rows($rs) > 0) {
  4321. if ($last_login_date = Database::result($rs, 0, 0)) {
  4322. $last_login_date = api_get_local_time($last_login_date, null, date_default_timezone_get());
  4323. if ($return_timestamp) {
  4324. return api_strtotime($last_login_date);
  4325. } else {
  4326. if (!$warning_message) {
  4327. return api_format_date($last_login_date, DATE_FORMAT_SHORT);
  4328. } else {
  4329. $timestamp = api_strtotime($last_login_date);
  4330. $currentTimestamp = time();
  4331. //If the last connection is > than 7 days, the text is red
  4332. //345600 = 7 days in seconds 63072000= 2 ans
  4333. // if ($currentTimestamp - $timestamp > 184590 )
  4334. if ($currentTimestamp - $timestamp > $inactive_time && self::delete_user($student_id)) {
  4335. echo Display::return_message(get_lang('UserDeleted'));
  4336. echo '<p>', 'id', $student_id, ':', $last_login_date, '</p>';
  4337. }
  4338. }
  4339. }
  4340. }
  4341. }
  4342. return false;
  4343. }
  4344. /**
  4345. * @param FormValidator $form
  4346. * @param $extra_data
  4347. * @param $form_name
  4348. * @param bool $admin_permissions
  4349. * @param null $user_id
  4350. * @deprecated
  4351. * @return array
  4352. */
  4353. public static function set_extra_fields_in_form(
  4354. $form,
  4355. $extra_data,
  4356. $admin_permissions = false,
  4357. $user_id = null
  4358. ) {
  4359. $user_id = intval($user_id);
  4360. // EXTRA FIELDS
  4361. $extra = self::get_extra_fields(0, 50, 5, 'ASC');
  4362. $jquery_ready_content = null;
  4363. foreach ($extra as $field_details) {
  4364. if (!$admin_permissions) {
  4365. if ($field_details[6] == 0) {
  4366. continue;
  4367. }
  4368. }
  4369. switch ($field_details[2]) {
  4370. case ExtraField::FIELD_TYPE_TEXT:
  4371. $form->addElement('text', 'extra_'.$field_details[1], $field_details[3], array('size' => 40));
  4372. $form->applyFilter('extra_'.$field_details[1], 'stripslashes');
  4373. $form->applyFilter('extra_'.$field_details[1], 'trim');
  4374. $form->applyFilter('extra_'.$field_details[1], 'html_filter');
  4375. if (!$admin_permissions) {
  4376. if ($field_details[7] == 0) {
  4377. $form->freeze('extra_'.$field_details[1]);
  4378. }
  4379. }
  4380. break;
  4381. case ExtraField::FIELD_TYPE_TEXTAREA:
  4382. $form->addHtmlEditor(
  4383. 'extra_'.$field_details[1],
  4384. $field_details[3],
  4385. false,
  4386. false,
  4387. array('ToolbarSet' => 'Profile', 'Width' => '100%', 'Height' => '130')
  4388. );
  4389. $form->applyFilter('extra_'.$field_details[1], 'stripslashes');
  4390. $form->applyFilter('extra_'.$field_details[1], 'trim');
  4391. if (!$admin_permissions) {
  4392. if ($field_details[7] == 0)
  4393. $form->freeze('extra_'.$field_details[1]);
  4394. }
  4395. break;
  4396. case ExtraField::FIELD_TYPE_RADIO:
  4397. $group = array();
  4398. foreach ($field_details[9] as $option_id => $option_details) {
  4399. $options[$option_details[1]] = $option_details[2];
  4400. $group[] = $form->createElement(
  4401. 'radio',
  4402. 'extra_'.$field_details[1],
  4403. $option_details[1],
  4404. $option_details[2].'<br />',
  4405. $option_details[1]
  4406. );
  4407. }
  4408. $form->addGroup($group, 'extra_'.$field_details[1], $field_details[3]);
  4409. if (!$admin_permissions) {
  4410. if ($field_details[7] == 0) {
  4411. $form->freeze('extra_'.$field_details[1]);
  4412. }
  4413. }
  4414. break;
  4415. case ExtraField::FIELD_TYPE_SELECT:
  4416. $get_lang_variables = false;
  4417. if (in_array(
  4418. $field_details[1],
  4419. array(
  4420. 'mail_notify_message',
  4421. 'mail_notify_invitation',
  4422. 'mail_notify_group_message',
  4423. )
  4424. )) {
  4425. $get_lang_variables = true;
  4426. }
  4427. $options = array();
  4428. foreach ($field_details[9] as $option_id => $option_details) {
  4429. if ($get_lang_variables) {
  4430. $options[$option_details[1]] = get_lang($option_details[2]);
  4431. } else {
  4432. $options[$option_details[1]] = $option_details[2];
  4433. }
  4434. }
  4435. if ($get_lang_variables) {
  4436. $field_details[3] = get_lang($field_details[3]);
  4437. }
  4438. $form->addElement(
  4439. 'select',
  4440. 'extra_'.$field_details[1],
  4441. $field_details[3],
  4442. $options,
  4443. array('id' => 'extra_'.$field_details[1])
  4444. );
  4445. if (!$admin_permissions) {
  4446. if ($field_details[7] == 0)
  4447. $form->freeze('extra_'.$field_details[1]);
  4448. }
  4449. break;
  4450. case ExtraField::FIELD_TYPE_SELECT_MULTIPLE:
  4451. $options = array();
  4452. foreach ($field_details[9] as $option_id => $option_details) {
  4453. $options[$option_details[1]] = $option_details[2];
  4454. }
  4455. $form->addElement(
  4456. 'select',
  4457. 'extra_'.$field_details[1],
  4458. $field_details[3],
  4459. $options,
  4460. array('multiple' => 'multiple')
  4461. );
  4462. if (!$admin_permissions) {
  4463. if ($field_details[7] == 0)
  4464. $form->freeze('extra_'.$field_details[1]);
  4465. }
  4466. break;
  4467. case ExtraField::FIELD_TYPE_DATE:
  4468. $form->addDatePicker('extra_'.$field_details[1], $field_details[3]);
  4469. $defaults['extra_'.$field_details[1]] = date('Y-m-d 12:00:00');
  4470. $form->setDefaults($defaults);
  4471. if (!$admin_permissions) {
  4472. if ($field_details[7] == 0)
  4473. $form->freeze('extra_'.$field_details[1]);
  4474. }
  4475. $form->applyFilter('theme', 'trim');
  4476. break;
  4477. case ExtraField::FIELD_TYPE_DATETIME:
  4478. $form->addDateTimePicker('extra_'.$field_details[1], $field_details[3]);
  4479. $defaults['extra_'.$field_details[1]] = date('Y-m-d 12:00:00');
  4480. $form->setDefaults($defaults);
  4481. if (!$admin_permissions) {
  4482. if ($field_details[7] == 0)
  4483. $form->freeze('extra_'.$field_details[1]);
  4484. }
  4485. $form->applyFilter('theme', 'trim');
  4486. break;
  4487. case ExtraField::FIELD_TYPE_DOUBLE_SELECT:
  4488. foreach ($field_details[9] as $key => $element) {
  4489. if ($element[2][0] == '*') {
  4490. $values['*'][$element[0]] = str_replace('*', '', $element[2]);
  4491. } else {
  4492. $values[0][$element[0]] = $element[2];
  4493. }
  4494. }
  4495. $group = '';
  4496. $group[] = $form->createElement('select', 'extra_'.$field_details[1], '', $values[0], '');
  4497. $group[] = $form->createElement('select', 'extra_'.$field_details[1].'*', '', $values['*'], '');
  4498. $form->addGroup($group, 'extra_'.$field_details[1], $field_details[3]);
  4499. if (!$admin_permissions) {
  4500. if ($field_details[7] == 0)
  4501. $form->freeze('extra_'.$field_details[1]);
  4502. }
  4503. /* Recoding the selected values for double : if the user has
  4504. selected certain values, we have to assign them to the
  4505. correct select form */
  4506. if (array_key_exists('extra_'.$field_details[1], $extra_data)) {
  4507. // exploding all the selected values (of both select forms)
  4508. $selected_values = explode(';', $extra_data['extra_'.$field_details[1]]);
  4509. $extra_data['extra_'.$field_details[1]] = array();
  4510. // looping through the selected values and assigning the selected values to either the first or second select form
  4511. foreach ($selected_values as $key => $selected_value) {
  4512. if (array_key_exists($selected_value, $values[0])) {
  4513. $extra_data['extra_'.$field_details[1]]['extra_'.$field_details[1]] = $selected_value;
  4514. } else {
  4515. $extra_data['extra_'.$field_details[1]]['extra_'.$field_details[1].'*'] = $selected_value;
  4516. }
  4517. }
  4518. }
  4519. break;
  4520. case ExtraField::FIELD_TYPE_DIVIDER:
  4521. $form->addElement('static', $field_details[1], '<br /><strong>'.$field_details[3].'</strong>');
  4522. break;
  4523. case ExtraField::FIELD_TYPE_TAG:
  4524. //the magic should be here
  4525. $user_tags = self::get_user_tags($user_id, $field_details[0]);
  4526. $tag_list = '';
  4527. if (is_array($user_tags) && count($user_tags) > 0) {
  4528. foreach ($user_tags as $tag) {
  4529. $tag_list .= '<option value="'.$tag['tag'].'" class="selected">'.$tag['tag'].'</option>';
  4530. }
  4531. }
  4532. $multi_select = '<select id="extra_'.$field_details[1].'" name="extra_'.$field_details[1].'">
  4533. '.$tag_list.'
  4534. </select>';
  4535. $form->addElement('label', $field_details[3], $multi_select);
  4536. $url = api_get_path(WEB_AJAX_PATH).'user_manager.ajax.php';
  4537. $complete_text = get_lang('StartToType');
  4538. //if cache is set to true the jquery will be called 1 time
  4539. $jquery_ready_content = <<<EOF
  4540. $("#extra_$field_details[1]").fcbkcomplete({
  4541. json_url: "$url?a=search_tags&field_id=$field_details[0]",
  4542. cache: false,
  4543. filter_case: true,
  4544. filter_hide: true,
  4545. complete_text:"$complete_text",
  4546. firstselected: true,
  4547. //onremove: "testme",
  4548. //onselect: "testme",
  4549. filter_selected: true,
  4550. newel: true
  4551. });
  4552. EOF;
  4553. break;
  4554. case ExtraField::FIELD_TYPE_TIMEZONE:
  4555. $form->addElement('select', 'extra_'.$field_details[1], $field_details[3], api_get_timezones(), '');
  4556. if ($field_details[7] == 0)
  4557. $form->freeze('extra_'.$field_details[1]);
  4558. break;
  4559. case ExtraField::FIELD_TYPE_SOCIAL_PROFILE:
  4560. // get the social network's favicon
  4561. $icon_path = self::get_favicon_from_url($extra_data['extra_'.$field_details[1]], $field_details[4]);
  4562. // special hack for hi5
  4563. $leftpad = '1.7';
  4564. $top = '0.4';
  4565. $domain = parse_url($icon_path, PHP_URL_HOST);
  4566. if ($domain == 'www.hi5.com' or $domain == 'hi5.com') {
  4567. $leftpad = '3';
  4568. $top = '0';
  4569. }
  4570. // print the input field
  4571. $form->addElement(
  4572. 'text',
  4573. 'extra_'.$field_details[1],
  4574. $field_details[3],
  4575. array(
  4576. 'size' => 60,
  4577. 'style' => 'background-image: url(\''.$icon_path.'\'); background-repeat: no-repeat; background-position: 0.4em '.$top.'em; padding-left: '.$leftpad.'em; ',
  4578. )
  4579. );
  4580. $form->applyFilter('extra_'.$field_details[1], 'stripslashes');
  4581. $form->applyFilter('extra_'.$field_details[1], 'trim');
  4582. if ($field_details[7] == 0)
  4583. $form->freeze('extra_'.$field_details[1]);
  4584. break;
  4585. case ExtraField::FIELD_TYPE_FILE:
  4586. $extra_field = 'extra_'.$field_details[1];
  4587. $form->addElement('file', $extra_field, $field_details[3], null, '');
  4588. if ($extra_file_list = self::build_user_extra_file_list($user_id, $field_details[1], '', true)) {
  4589. $form->addElement('static', $extra_field.'_list', null, $extra_file_list);
  4590. }
  4591. if ($field_details[7] == 0) {
  4592. $form->freeze($extra_field);
  4593. }
  4594. break;
  4595. case ExtraField::FIELD_TYPE_MOBILE_PHONE_NUMBER:
  4596. $form->addElement(
  4597. 'text',
  4598. 'extra_'.$field_details[1],
  4599. $field_details[3]." (".get_lang('CountryDialCode').")",
  4600. array('size' => 40, 'placeholder' => '(xx)xxxxxxxxx')
  4601. );
  4602. $form->applyFilter('extra_'.$field_details[1], 'stripslashes');
  4603. $form->applyFilter('extra_'.$field_details[1], 'trim');
  4604. $form->applyFilter('extra_'.$field_details[1], 'mobile_phone_number_filter');
  4605. $form->addRule(
  4606. 'extra_'.$field_details[1],
  4607. get_lang('MobilePhoneNumberWrong'),
  4608. 'mobile_phone_number'
  4609. );
  4610. if (!$admin_permissions) {
  4611. if ($field_details[7] == 0) {
  4612. $form->freeze('extra_'.$field_details[1]);
  4613. }
  4614. }
  4615. break;
  4616. }
  4617. }
  4618. $return = array();
  4619. $return['jquery_ready_content'] = $jquery_ready_content;
  4620. return $return;
  4621. }
  4622. /**
  4623. * @return array
  4624. */
  4625. public static function get_user_field_types()
  4626. {
  4627. $types = array();
  4628. $types[self::USER_FIELD_TYPE_TEXT] = get_lang('FieldTypeText');
  4629. $types[self::USER_FIELD_TYPE_TEXTAREA] = get_lang('FieldTypeTextarea');
  4630. $types[self::USER_FIELD_TYPE_RADIO] = get_lang('FieldTypeRadio');
  4631. $types[self::USER_FIELD_TYPE_SELECT] = get_lang('FieldTypeSelect');
  4632. $types[self::USER_FIELD_TYPE_SELECT_MULTIPLE] = get_lang('FieldTypeSelectMultiple');
  4633. $types[self::USER_FIELD_TYPE_DATE] = get_lang('FieldTypeDate');
  4634. $types[self::USER_FIELD_TYPE_DATETIME] = get_lang('FieldTypeDatetime');
  4635. $types[self::USER_FIELD_TYPE_DOUBLE_SELECT] = get_lang('FieldTypeDoubleSelect');
  4636. $types[self::USER_FIELD_TYPE_DIVIDER] = get_lang('FieldTypeDivider');
  4637. $types[self::USER_FIELD_TYPE_TAG] = get_lang('FieldTypeTag');
  4638. $types[self::USER_FIELD_TYPE_TIMEZONE] = get_lang('FieldTypeTimezone');
  4639. $types[self::USER_FIELD_TYPE_SOCIAL_PROFILE] = get_lang('FieldTypeSocialProfile');
  4640. $types[self::USER_FIELD_TYPE_FILE] = get_lang('FieldTypeFile');
  4641. $types[self::USER_FIELD_TYPE_MOBILE_PHONE_NUMBER] = get_lang('FieldTypeMobilePhoneNumber');
  4642. return $types;
  4643. }
  4644. /**
  4645. * @param User $user
  4646. */
  4647. public static function add_user_as_admin(User $user)
  4648. {
  4649. $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
  4650. if ($user) {
  4651. $userId = $user->getId();
  4652. if (!self::is_admin($userId)) {
  4653. $sql = "INSERT INTO $table_admin SET user_id = $userId";
  4654. Database::query($sql);
  4655. }
  4656. $user->addRole('ROLE_SUPER_ADMIN');
  4657. self::getManager()->updateUser($user, true);
  4658. }
  4659. }
  4660. /**
  4661. * @param int $userId
  4662. */
  4663. public static function remove_user_admin($userId)
  4664. {
  4665. $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
  4666. $userId = intval($userId);
  4667. if (self::is_admin($userId)) {
  4668. $sql = "DELETE FROM $table_admin WHERE user_id = $userId";
  4669. Database::query($sql);
  4670. }
  4671. }
  4672. /**
  4673. * @param string $from
  4674. * @param string $to
  4675. */
  4676. public static function update_all_user_languages($from, $to)
  4677. {
  4678. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  4679. $from = Database::escape_string($from);
  4680. $to = Database::escape_string($to);
  4681. if (!empty($to) && !empty($from)) {
  4682. $sql = "UPDATE $table_user SET language = '$to'
  4683. WHERE language = '$from'";
  4684. Database::query($sql);
  4685. }
  4686. }
  4687. /**
  4688. * Subscribe boss to students
  4689. *
  4690. * @param int $bossId The boss id
  4691. * @param array $usersId The users array
  4692. * @return int Affected rows
  4693. */
  4694. public static function subscribeBossToUsers($bossId, $usersId)
  4695. {
  4696. return self::subscribeUsersToUser($bossId, $usersId, USER_RELATION_TYPE_BOSS);
  4697. }
  4698. /**
  4699. * Subscribe boss to students
  4700. *
  4701. * @param int $studentId
  4702. * @param array $bossList
  4703. * @param bool $sendNotification
  4704. * @return int Affected rows
  4705. */
  4706. public static function subscribeUserToBossList($studentId, $bossList, $sendNotification = false)
  4707. {
  4708. if ($bossList) {
  4709. $studentId = (int) $studentId;
  4710. $studentInfo = api_get_user_info($studentId);
  4711. if (empty($studentInfo)) {
  4712. return false;
  4713. }
  4714. $userRelUserTable = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  4715. $sql = "DELETE FROM $userRelUserTable
  4716. WHERE user_id = $studentId AND relation_type = ".USER_RELATION_TYPE_BOSS;
  4717. Database::query($sql);
  4718. foreach ($bossList as $bossId) {
  4719. $bossId = (int) $bossId;
  4720. $sql = "INSERT IGNORE INTO $userRelUserTable (user_id, friend_user_id, relation_type)
  4721. VALUES ($studentId, $bossId, ".USER_RELATION_TYPE_BOSS.")";
  4722. $insertId = Database::query($sql);
  4723. if ($insertId && $sendNotification) {
  4724. $name = $studentInfo['complete_name'];
  4725. $url = api_get_path(WEB_CODE_PATH).'mySpace/myStudents.php?student='.$studentId;
  4726. $url = Display::url($url, $url);
  4727. $subject = sprintf(get_lang('UserXHasBeenAssignedToBoss'), $name);
  4728. $message = sprintf(get_lang('UserXHasBeenAssignedToBossWithUrlX'), $name, $url);
  4729. MessageManager::send_message_simple(
  4730. $bossId,
  4731. $subject,
  4732. $message
  4733. );
  4734. }
  4735. }
  4736. }
  4737. }
  4738. /**
  4739. * Get users followed by student boss
  4740. * @param int $userId
  4741. * @param int $userStatus (STUDENT, COURSEMANAGER, etc)
  4742. * @param bool $getOnlyUserId
  4743. * @param bool $getSql
  4744. * @param bool $getCount
  4745. * @param int $from
  4746. * @param int $numberItems
  4747. * @param int $column
  4748. * @param string $direction
  4749. * @param int $active
  4750. * @param string $lastConnectionDate
  4751. * @return array users
  4752. */
  4753. public static function getUsersFollowedByStudentBoss(
  4754. $userId,
  4755. $userStatus = 0,
  4756. $getOnlyUserId = false,
  4757. $getSql = false,
  4758. $getCount = false,
  4759. $from = null,
  4760. $numberItems = null,
  4761. $column = null,
  4762. $direction = null,
  4763. $active = null,
  4764. $lastConnectionDate = null
  4765. ) {
  4766. return self::getUsersFollowedByUser(
  4767. $userId,
  4768. $userStatus,
  4769. $getOnlyUserId,
  4770. $getSql,
  4771. $getCount,
  4772. $from,
  4773. $numberItems,
  4774. $column,
  4775. $direction,
  4776. $active,
  4777. $lastConnectionDate,
  4778. STUDENT_BOSS
  4779. );
  4780. }
  4781. /**
  4782. * Get the teacher (users with COURSEMANGER status) list
  4783. * @return array The list
  4784. */
  4785. public static function getTeachersList()
  4786. {
  4787. $userTable = Database::get_main_table(TABLE_MAIN_USER);
  4788. $resultData = Database::select('user_id, lastname, firstname, username', $userTable, array(
  4789. 'where' => array(
  4790. 'status = ?' => COURSEMANAGER
  4791. )
  4792. ));
  4793. foreach ($resultData as &$teacherData) {
  4794. $teacherData['completeName'] = api_get_person_name($teacherData['firstname'], $teacherData['lastname']);
  4795. }
  4796. return $resultData;
  4797. }
  4798. /**
  4799. * @return array
  4800. */
  4801. public static function getOfficialCodeGrouped()
  4802. {
  4803. $user = Database::get_main_table(TABLE_MAIN_USER);
  4804. $sql = "SELECT DISTINCT official_code
  4805. FROM $user
  4806. GROUP BY official_code";
  4807. $result = Database::query($sql);
  4808. $values = Database::store_result($result, 'ASSOC');
  4809. $result = array();
  4810. foreach ($values as $value) {
  4811. $result[$value['official_code']] = $value['official_code'];
  4812. }
  4813. return $result;
  4814. }
  4815. /**
  4816. * @param string $officialCode
  4817. * @return array
  4818. */
  4819. public static function getUsersByOfficialCode($officialCode)
  4820. {
  4821. $user = Database::get_main_table(TABLE_MAIN_USER);
  4822. $officialCode = Database::escape_string($officialCode);
  4823. $sql = "SELECT DISTINCT id
  4824. FROM $user
  4825. WHERE official_code = '$officialCode'
  4826. ";
  4827. $result = Database::query($sql);
  4828. $users = array();
  4829. while ($row = Database::fetch_array($result)) {
  4830. $users[] = $row['id'];
  4831. }
  4832. return $users;
  4833. }
  4834. /**
  4835. * Calc the expended time (in seconds) by a user in a course
  4836. * @param int $userId The user id
  4837. * @param int $courseId The course id
  4838. * @param int $sessionId Optional. The session id
  4839. * @param string $from Optional. From date
  4840. * @param string $until Optional. Until date
  4841. * @return int The time
  4842. */
  4843. public static function getTimeSpentInCourses($userId, $courseId, $sessionId = 0, $from = '', $until = '')
  4844. {
  4845. $userId = intval($userId);
  4846. $sessionId = intval($sessionId);
  4847. $trackCourseAccessTable = Database::get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
  4848. $whereConditions = array(
  4849. 'user_id = ? ' => $userId,
  4850. 'AND c_id = ? ' => $courseId,
  4851. 'AND session_id = ? ' => $sessionId
  4852. );
  4853. if (!empty($from) && !empty($until)) {
  4854. $whereConditions["AND (login_course_date >= '?' "] = $from;
  4855. $whereConditions["AND logout_course_date <= DATE_ADD('?', INTERVAL 1 DAY)) "] = $until;
  4856. }
  4857. $trackResult = Database::select(
  4858. 'SUM(UNIX_TIMESTAMP(logout_course_date) - UNIX_TIMESTAMP(login_course_date)) as total_time',
  4859. $trackCourseAccessTable,
  4860. array(
  4861. 'where' => $whereConditions
  4862. ), 'first'
  4863. );
  4864. if ($trackResult != false) {
  4865. return $trackResult['total_time'] ? $trackResult['total_time'] : 0;
  4866. }
  4867. return 0;
  4868. }
  4869. /**
  4870. * Get the boss user ID from a followed user id
  4871. * @param $userId
  4872. * @return bool
  4873. */
  4874. public static function getFirstStudentBoss($userId)
  4875. {
  4876. $userId = intval($userId);
  4877. if ($userId > 0) {
  4878. $userRelTable = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  4879. $row = Database::select(
  4880. 'DISTINCT friend_user_id AS boss_id',
  4881. $userRelTable,
  4882. array(
  4883. 'where' => array(
  4884. 'user_id = ? AND relation_type = ? LIMIT 1' => array(
  4885. $userId,
  4886. USER_RELATION_TYPE_BOSS,
  4887. )
  4888. )
  4889. )
  4890. );
  4891. if (!empty($row)) {
  4892. return $row[0]['boss_id'];
  4893. }
  4894. }
  4895. return false;
  4896. }
  4897. /**
  4898. * Get the boss user ID from a followed user id
  4899. * @param $userId
  4900. * @return bool
  4901. */
  4902. public static function getStudentBossList($userId)
  4903. {
  4904. $userId = intval($userId);
  4905. if ($userId > 0) {
  4906. $userRelTable = Database::get_main_table(TABLE_MAIN_USER_REL_USER);
  4907. $result = Database::select(
  4908. 'DISTINCT friend_user_id AS boss_id',
  4909. $userRelTable,
  4910. array(
  4911. 'where' => array(
  4912. 'user_id = ? AND relation_type = ? ' => array(
  4913. $userId,
  4914. USER_RELATION_TYPE_BOSS,
  4915. )
  4916. )
  4917. ),
  4918. 'all'
  4919. );
  4920. return $result;
  4921. }
  4922. return false;
  4923. }
  4924. /**
  4925. * @param int $bossId
  4926. * @param int $studentId
  4927. *
  4928. * @return bool
  4929. */
  4930. public static function userIsBossOfStudent($bossId, $studentId)
  4931. {
  4932. $result = false;
  4933. $bossList = self::getStudentBossList($studentId);
  4934. if ($bossList) {
  4935. $bossList = array_column($bossList, 'boss_id');
  4936. if (in_array($bossId, $bossList)) {
  4937. $result = true;
  4938. }
  4939. }
  4940. return $result;
  4941. }
  4942. /**
  4943. * Get either a Gravatar URL or complete image tag for a specified email address.
  4944. *
  4945. * @param string $email The email address
  4946. * @param string $s Size in pixels, defaults to 80px [ 1 - 2048 ]
  4947. * @param string $d Default imageset to use [ 404 | mm | identicon | monsterid | wavatar ]
  4948. * @param string $r Maximum rating (inclusive) [ g | pg | r | x ]
  4949. * @param boole $img True to return a complete IMG tag False for just the URL
  4950. * @param array $atts Optional, additional key/value attributes to include in the IMG tag
  4951. * @return String containing either just a URL or a complete image tag
  4952. * @source http://gravatar.com/site/implement/images/php/
  4953. */
  4954. private static function getGravatar(
  4955. $email,
  4956. $s = 80,
  4957. $d = 'mm',
  4958. $r = 'g',
  4959. $img = false,
  4960. $atts = array()
  4961. ) {
  4962. $url = 'http://www.gravatar.com/avatar/';
  4963. if (!empty($_SERVER['HTTPS'])) {
  4964. $url = 'https://secure.gravatar.com/avatar/';
  4965. }
  4966. $url .= md5(strtolower(trim($email)));
  4967. $url .= "?s=$s&d=$d&r=$r";
  4968. if ($img) {
  4969. $url = '<img src="'.$url.'"';
  4970. foreach ($atts as $key => $val)
  4971. $url .= ' '.$key.'="'.$val.'"';
  4972. $url .= ' />';
  4973. }
  4974. return $url;
  4975. }
  4976. /**
  4977. * Displays the name of the user and makes the link to the user profile
  4978. * @param array $userInfo
  4979. *
  4980. * @return string
  4981. */
  4982. public static function getUserProfileLink($userInfo)
  4983. {
  4984. if (isset($userInfo) && isset($userInfo['user_id'])) {
  4985. return Display::url(
  4986. $userInfo['complete_name_with_username'],
  4987. $userInfo['profile_url']
  4988. );
  4989. } else {
  4990. return get_lang('Anonymous');
  4991. }
  4992. }
  4993. /**
  4994. * Displays the name of the user and makes the link to the user profile
  4995. *
  4996. * @param $userInfo
  4997. *
  4998. * @return string
  4999. */
  5000. public static function getUserProfileLinkWithPicture($userInfo)
  5001. {
  5002. return Display::url(Display::img($userInfo['avatar']), $userInfo['profile_url']);
  5003. }
  5004. /**
  5005. * Get users whose name matches $firstname and $lastname
  5006. * @param string $firstname Firstname to search
  5007. * @param string $lastname Lastname to search
  5008. * @return array The user list
  5009. */
  5010. public static function getUserByName($firstname, $lastname)
  5011. {
  5012. $firstname = Database::escape_string($firstname);
  5013. $lastname = Database::escape_string($lastname);
  5014. $userTable = Database::get_main_table(TABLE_MAIN_USER);
  5015. $sql = <<<SQL
  5016. SELECT id, username, lastname, firstname
  5017. FROM $userTable
  5018. WHERE
  5019. firstname LIKE '$firstname%' AND
  5020. lastname LIKE '$lastname%'
  5021. SQL;
  5022. $result = Database::query($sql);
  5023. $users = [];
  5024. while ($resultData = Database::fetch_object($result)) {
  5025. $users[] = $resultData;
  5026. }
  5027. return $users;
  5028. }
  5029. /**
  5030. * @param int $optionSelected
  5031. * @return string
  5032. */
  5033. public static function getUserSubscriptionTab($optionSelected = 1)
  5034. {
  5035. $allowAdmin = api_get_setting('allow_user_course_subscription_by_course_admin');
  5036. if (($allowAdmin === 'true' && api_is_allowed_to_edit()) ||
  5037. api_is_platform_admin()
  5038. ) {
  5039. $userPath = api_get_path(WEB_CODE_PATH).'user/';
  5040. $headers = [
  5041. [
  5042. 'url' => $userPath.'user.php?'.api_get_cidreq().'&type='.STUDENT,
  5043. 'content' => get_lang('Students'),
  5044. ],
  5045. [
  5046. 'url' => $userPath.'user.php?'.api_get_cidreq().'&type='.COURSEMANAGER,
  5047. 'content' => get_lang('Teachers'),
  5048. ],
  5049. /*[
  5050. 'url' => $userPath.'subscribe_user.php?'.api_get_cidreq(),
  5051. 'content' => get_lang('Students'),
  5052. ],
  5053. [
  5054. 'url' => $userPath.'subscribe_user.php?type=teacher&'.api_get_cidreq(),
  5055. 'content' => get_lang('Teachers'),
  5056. ],*/
  5057. [
  5058. 'url' => api_get_path(WEB_CODE_PATH).'group/group.php?'.api_get_cidreq(),
  5059. 'content' => get_lang('Groups'),
  5060. ],
  5061. [
  5062. 'url' => $userPath.'class.php?'.api_get_cidreq(),
  5063. 'content' => get_lang('Classes'),
  5064. ]
  5065. ];
  5066. return Display::tabsOnlyLink($headers, $optionSelected);
  5067. }
  5068. }
  5069. /**
  5070. * @return int
  5071. */
  5072. public static function getCountActiveUsers()
  5073. {
  5074. $table = Database::get_main_table(TABLE_MAIN_USER);
  5075. $sql = "SELECT count(id) count FROM $table WHERE active = 1";
  5076. $result = Database::query($sql);
  5077. $row = Database::fetch_array($result);
  5078. return $row['count'];
  5079. }
  5080. }