subscribe_user.php 35 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858
  1. <?php
  2. /* For licensing terms, see /license.txt*/
  3. use Chamilo\CoreBundle\Entity\ExtraField;
  4. use ExtraField as ExtraFieldModel;
  5. /**
  6. * This script allows teachers to subscribe existing users
  7. * to their course.
  8. *
  9. * @package chamilo.user
  10. */
  11. require_once __DIR__.'/../inc/global.inc.php';
  12. $current_course_tool = TOOL_USER;
  13. // the section (for the tabs)
  14. $this_section = SECTION_COURSES;
  15. // notice for unauthorized people.
  16. api_protect_course_script(true);
  17. if (api_get_setting('allow_user_course_subscription_by_course_admin') === 'false') {
  18. if (!api_is_platform_admin()) {
  19. api_not_allowed(true);
  20. }
  21. }
  22. // Access restriction
  23. if (!api_is_allowed_to_edit()) {
  24. api_not_allowed(true);
  25. }
  26. $tool_name = get_lang('SubscribeUserToCourse');
  27. $type = isset($_REQUEST['type']) ? intval($_REQUEST['type']) : STUDENT;
  28. $keyword = isset($_REQUEST['keyword']) ? Security::remove_XSS($_REQUEST['keyword']) : null;
  29. $courseInfo = api_get_course_info();
  30. if ($type == COURSEMANAGER) {
  31. $tool_name = get_lang('SubscribeUserToCourseAsTeacher');
  32. }
  33. //extra entries in breadcrumb
  34. $interbreadcrumb[] = [
  35. 'url' => 'user.php?'.api_get_cidreq(),
  36. 'name' => get_lang('ToolUser'),
  37. ];
  38. if ($keyword) {
  39. $interbreadcrumb[] = [
  40. 'url' => 'subscribe_user.php?type='.$type.'&'.api_get_cidreq(),
  41. 'name' => $tool_name,
  42. ];
  43. $tool_name = get_lang('SearchResults');
  44. }
  45. $sessionId = api_get_session_id();
  46. $list_register_user = '';
  47. $list_not_register_user = '';
  48. if (isset($_REQUEST['register'])) {
  49. $userInfo = api_get_user_info($_REQUEST['user_id']);
  50. if ($userInfo) {
  51. if ($type === COURSEMANAGER) {
  52. if (!empty($sessionId)) {
  53. $message = $userInfo['complete_name_with_username'].' '.get_lang('AddedToCourse');
  54. SessionManager::set_coach_to_course_session(
  55. $_REQUEST['user_id'],
  56. $sessionId,
  57. $courseInfo['real_id']
  58. );
  59. Display::addFlash(Display::return_message($message));
  60. } else {
  61. CourseManager::subscribeUser(
  62. $_REQUEST['user_id'],
  63. $courseInfo['code'],
  64. COURSEMANAGER
  65. );
  66. }
  67. } else {
  68. CourseManager::subscribeUser(
  69. $_REQUEST['user_id'],
  70. $courseInfo['code']
  71. );
  72. }
  73. }
  74. header('Location:'.api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'&type='.$type);
  75. exit;
  76. }
  77. if (isset($_POST['action'])) {
  78. switch ($_POST['action']) {
  79. case 'subscribe':
  80. if (is_array($_POST['user'])) {
  81. $isSuscribe = [];
  82. foreach ($_POST['user'] as $index => $user_id) {
  83. $userInfo = api_get_user_info($user_id);
  84. if ($userInfo) {
  85. if ($type === COURSEMANAGER) {
  86. if (!empty($sessionId)) {
  87. $message = $userInfo['complete_name_with_username'].' '.get_lang('AddedToCourse');
  88. $result = SessionManager::set_coach_to_course_session(
  89. $user_id,
  90. $sessionId,
  91. $courseInfo['real_id']
  92. );
  93. if ($result) {
  94. $isSuscribe[] = $message;
  95. }
  96. } else {
  97. CourseManager::subscribeUser($user_id, $courseInfo['code'], COURSEMANAGER);
  98. }
  99. } else {
  100. CourseManager::subscribeUser($user_id, $courseInfo['code']);
  101. }
  102. }
  103. }
  104. if (!empty($isSuscribe)) {
  105. foreach ($isSuscribe as $info) {
  106. Display::addFlash(Display::return_message($info));
  107. }
  108. }
  109. }
  110. header('Location:'.api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'&type='.$type);
  111. exit;
  112. break;
  113. }
  114. }
  115. $is_western_name_order = api_is_western_name_order();
  116. $sort_by_first_name = api_sort_by_first_name();
  117. // Build table
  118. $table = new SortableTable(
  119. 'subscribe_users',
  120. 'get_number_of_users',
  121. 'get_user_data',
  122. ($is_western_name_order xor $sort_by_first_name) ? 3 : 2
  123. );
  124. $parameters['keyword'] = $keyword;
  125. $parameters['type'] = $type;
  126. $table->set_additional_parameters($parameters);
  127. $col = 0;
  128. $table->set_header($col++, '', false);
  129. $table->set_header($col++, get_lang('OfficialCode'));
  130. if (api_is_western_name_order()) {
  131. $table->set_header($col++, get_lang('FirstName'));
  132. $table->set_header($col++, get_lang('LastName'));
  133. } else {
  134. $table->set_header($col++, get_lang('LastName'));
  135. $table->set_header($col++, get_lang('FirstName'));
  136. }
  137. if (api_get_setting('show_email_addresses') == 'true') {
  138. $table->set_header($col++, get_lang('Email'));
  139. $table->set_column_filter($col - 1, 'email_filter');
  140. }
  141. $table->set_header($col++, get_lang('Active'), false);
  142. $table->set_column_filter($col - 1, 'active_filter');
  143. $table->set_header($col++, get_lang('Actions'), false);
  144. $table->set_column_filter($col - 1, 'reg_filter');
  145. $table->set_form_actions(['subscribe' => get_lang('reg')], 'user');
  146. if (!empty($_POST['keyword'])) {
  147. $keyword_name = Security::remove_XSS($_POST['keyword']);
  148. echo '<br/>'.get_lang('SearchResultsFor').' <span style="font-style: italic ;"> '.$keyword_name.' </span><br>';
  149. }
  150. Display :: display_header($tool_name, 'User');
  151. // Build search-form
  152. switch ($type) {
  153. case STUDENT:
  154. $url = api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'';
  155. break;
  156. case COURSEMANAGER:
  157. $url = api_get_path(WEB_CODE_PATH).'user/user.php?'.api_get_cidreq().'&type='.COURSEMANAGER;
  158. break;
  159. }
  160. $actionsLeft = Display::url(
  161. Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM),
  162. $url
  163. );
  164. if (isset($_GET['subscribe_user_filter_value']) && !empty($_GET['subscribe_user_filter_value'])) {
  165. $actionsLeft .= '<a href="subscribe_user.php?type='.$type.'">'.
  166. Display::return_icon('clean_group.gif').' '.get_lang('ClearFilterResults').'</a>';
  167. }
  168. $extraForm = '';
  169. if (api_get_setting('ProfilingFilterAddingUsers') === 'true') {
  170. $extraForm = display_extra_profile_fields_filter();
  171. }
  172. // Build search-form
  173. $form = new FormValidator(
  174. 'search_user',
  175. 'get',
  176. api_get_self().'?'.api_get_cidreq(),
  177. '',
  178. null,
  179. FormValidator::LAYOUT_INLINE
  180. );
  181. $form->addText('keyword', '', false);
  182. $form->addElement('hidden', 'type', $type);
  183. $form->addElement('hidden', 'cidReq', api_get_course_id());
  184. $form->addButtonSearch(get_lang('Search'));
  185. echo Display::toolbarAction('toolbar-subscriber', [$actionsLeft, $extraForm, $form->returnForm()], [4, 4, 4]);
  186. $option = $type == COURSEMANAGER ? 2 : 1;
  187. echo UserManager::getUserSubscriptionTab($option);
  188. // Display table
  189. $table->display();
  190. Display::display_footer();
  191. /* SHOW LIST OF USERS */
  192. /**
  193. ** Get the users to display on the current page.
  194. */
  195. function get_number_of_users()
  196. {
  197. // Database table definition
  198. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  199. $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  200. $tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  201. $table_user_field_values = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
  202. $courseCode = api_get_course_id();
  203. $sessionId = api_get_session_id();
  204. if (isset($_REQUEST['type']) && $_REQUEST['type'] === 'teacher') {
  205. if (api_get_session_id() != 0) {
  206. $sql = "SELECT COUNT(u.id)
  207. FROM $user_table u
  208. LEFT JOIN $tbl_session_rel_course_user cu
  209. ON
  210. u.user_id = cu.user_id AND
  211. c_id = '".api_get_course_int_id()."' AND
  212. session_id ='".$sessionId."'
  213. WHERE
  214. cu.user_id IS NULL AND
  215. u.status = 1 AND
  216. (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  217. if (api_is_multiple_url_enabled()) {
  218. $url_access_id = api_get_current_access_url_id();
  219. if ($url_access_id != -1) {
  220. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  221. $sql = "SELECT COUNT(u.id)
  222. FROM $user_table u
  223. LEFT JOIN $tbl_session_rel_course_user cu
  224. ON
  225. u.user_id = cu.user_id AND cu.c_id = '".api_get_course_int_id()."' AND
  226. session_id ='".$sessionId."'
  227. INNER JOIN $tbl_url_rel_user as url_rel_user
  228. ON (url_rel_user.user_id = u.user_id)
  229. WHERE
  230. cu.user_id IS NULL AND
  231. access_url_id= $url_access_id AND
  232. u.status = 1 AND
  233. (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
  234. ";
  235. }
  236. }
  237. } else {
  238. $sql = "SELECT COUNT(u.id)
  239. FROM $user_table u
  240. LEFT JOIN $course_user_table cu
  241. ON u.user_id = cu.user_id and c_id='".api_get_course_int_id()."'
  242. WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  243. if (api_is_multiple_url_enabled()) {
  244. $url_access_id = api_get_current_access_url_id();
  245. if ($url_access_id != -1) {
  246. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  247. $sql = "SELECT COUNT(u.id)
  248. FROM $user_table u
  249. LEFT JOIN $course_user_table cu
  250. ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'
  251. INNER JOIN $tbl_url_rel_user as url_rel_user
  252. ON (url_rel_user.user_id = u.user_id)
  253. WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
  254. }
  255. }
  256. }
  257. } else {
  258. // students
  259. if ($sessionId != 0) {
  260. $sql = "SELECT COUNT(u.id)
  261. FROM $user_table u
  262. LEFT JOIN $tbl_session_rel_course_user cu
  263. ON
  264. u.user_id = cu.user_id AND
  265. c_id='".api_get_course_int_id()."' AND
  266. session_id ='".$sessionId."'
  267. WHERE
  268. cu.user_id IS NULL AND
  269. u.status<>".DRH." AND
  270. (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  271. if (api_is_multiple_url_enabled()) {
  272. $url_access_id = api_get_current_access_url_id();
  273. if ($url_access_id != -1) {
  274. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  275. $sql = "SELECT COUNT(u.id)
  276. FROM $user_table u
  277. LEFT JOIN $tbl_session_rel_course_user cu
  278. ON
  279. u.user_id = cu.user_id AND
  280. c_id='".api_get_course_int_id()."' AND
  281. session_id ='".$sessionId."'
  282. INNER JOIN $tbl_url_rel_user as url_rel_user
  283. ON (url_rel_user.user_id = u.id)
  284. WHERE
  285. cu.user_id IS NULL AND
  286. u.status<>".DRH." AND
  287. access_url_id= $url_access_id AND
  288. (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  289. }
  290. }
  291. } else {
  292. $sql = "SELECT COUNT(u.id)
  293. FROM $user_table u
  294. LEFT JOIN $course_user_table cu
  295. ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'";
  296. // we change the SQL when we have a filter
  297. if (isset($_GET['subscribe_user_filter_value']) &&
  298. !empty($_GET['subscribe_user_filter_value']) &&
  299. api_get_setting('ProfilingFilterAddingUsers') === 'true'
  300. ) {
  301. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  302. $sql .= "
  303. LEFT JOIN $table_user_field_values field_values
  304. ON field_values.item_id = u.user_id
  305. WHERE
  306. cu.user_id IS NULL AND
  307. u.status <> ".DRH." AND
  308. field_values.field_id = '".intval($field_identification[0])."' AND
  309. field_values.value = '".Database::escape_string($field_identification[1])."'
  310. ";
  311. } else {
  312. $sql .= "WHERE cu.user_id IS NULL AND u.status <> ".DRH." ";
  313. }
  314. if (api_is_multiple_url_enabled()) {
  315. $url_access_id = api_get_current_access_url_id();
  316. if ($url_access_id != -1) {
  317. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  318. $sql = "SELECT COUNT(u.id)
  319. FROM $user_table u
  320. LEFT JOIN $course_user_table cu
  321. ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'
  322. INNER JOIN $tbl_url_rel_user as url_rel_user
  323. ON (url_rel_user.user_id = u.id)
  324. WHERE cu.user_id IS NULL AND access_url_id= $url_access_id AND u.status <> ".DRH." ";
  325. }
  326. }
  327. }
  328. }
  329. // when there is a keyword then we are searching and we have to change the SQL statement
  330. if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
  331. $keyword = Database::escape_string(trim($_REQUEST['keyword']));
  332. $sql .= " AND (
  333. firstname LIKE '%".$keyword."%' OR
  334. lastname LIKE '%".$keyword."%' OR
  335. email LIKE '%".$keyword."%' OR
  336. username LIKE '%".$keyword."%' OR
  337. official_code LIKE '%".$keyword."%'
  338. )";
  339. // we also want to search for users who have something in their profile fields that matches the keyword
  340. if (api_get_setting('ProfilingFilterAddingUsers') === 'true') {
  341. $additional_users = search_additional_profile_fields($keyword);
  342. }
  343. // getting all the users of the course (to make sure that we do not display users that are already in the course)
  344. if (!empty($sessionId)) {
  345. $a_course_users = CourseManager:: get_user_list_from_course_code(
  346. $courseCode,
  347. $sessionId
  348. );
  349. } else {
  350. $a_course_users = CourseManager:: get_user_list_from_course_code(
  351. $courseCode,
  352. 0
  353. );
  354. }
  355. foreach ($a_course_users as $user_id => $course_user) {
  356. $users_of_course[] = $course_user['user_id'];
  357. }
  358. }
  359. $sql .= " AND u.status <> ".ANONYMOUS." ";
  360. $res = Database::query($sql);
  361. $count_user = 0;
  362. if ($res) {
  363. $row = Database::fetch_row($res);
  364. $count_user = $row[0];
  365. }
  366. return $count_user;
  367. }
  368. /**
  369. * Get the users to display on the current page.
  370. */
  371. function get_user_data($from, $number_of_items, $column, $direction)
  372. {
  373. $url_access_id = api_get_current_access_url_id();
  374. $course_code = api_get_course_id();
  375. $sessionId = api_get_session_id();
  376. $courseId = api_get_course_int_id();
  377. // Database table definitions
  378. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  379. $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  380. $tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  381. $table_user_field_values = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
  382. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  383. // adding teachers
  384. $is_western_name_order = api_is_western_name_order();
  385. if (api_get_setting('show_email_addresses') === 'true') {
  386. $select_fields = "u.id AS col0,
  387. u.official_code AS col1,
  388. ".($is_western_name_order
  389. ? "u.firstname AS col2,
  390. u.lastname AS col3,"
  391. : "u.lastname AS col2,
  392. u.firstname AS col3,")."
  393. u.email AS col4,
  394. u.active AS col5,
  395. u.user_id AS col6";
  396. } else {
  397. $select_fields = "u.user_id AS col0,
  398. u.official_code AS col1,
  399. ".($is_western_name_order
  400. ? "u.firstname AS col2,
  401. u.lastname AS col3,"
  402. : "u.lastname AS col2,
  403. u.firstname AS col3,")."
  404. u.active AS col4,
  405. u.user_id AS col5";
  406. }
  407. if (isset($_REQUEST['type']) && $_REQUEST['type'] == COURSEMANAGER) {
  408. // adding a teacher through a session
  409. if (!empty($sessionId)) {
  410. $sql = "SELECT $select_fields
  411. FROM $user_table u
  412. LEFT JOIN $tbl_session_rel_course_user cu
  413. ON
  414. u.user_id = cu.user_id AND
  415. c_id ='".$courseId."' AND
  416. session_id ='".$sessionId."'
  417. INNER JOIN $tbl_url_rel_user as url_rel_user
  418. ON (url_rel_user.user_id = u.user_id) ";
  419. // applying the filter of the additional user profile fields
  420. if (isset($_GET['subscribe_user_filter_value']) &&
  421. !empty($_GET['subscribe_user_filter_value']) &&
  422. api_get_setting('ProfilingFilterAddingUsers') == 'true'
  423. ) {
  424. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  425. $sql .= "
  426. LEFT JOIN $table_user_field_values field_values
  427. ON field_values.item_id = u.user_id
  428. WHERE
  429. cu.user_id IS NULL AND
  430. u.status = 1 AND
  431. (u.official_code <> 'ADMIN' OR u.official_code IS NULL) AND
  432. field_values.field_id = '".intval($field_identification[0])."' AND
  433. field_values.value = '".Database::escape_string($field_identification[1])."'";
  434. } else {
  435. $sql .= "WHERE cu.user_id IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  436. }
  437. $sql .= " AND access_url_id = $url_access_id";
  438. } else {
  439. // adding a teacher NOT through a session
  440. $sql = "SELECT $select_fields
  441. FROM $user_table u
  442. LEFT JOIN $course_user_table cu
  443. ON u.user_id = cu.user_id AND c_id = '".$courseId."'";
  444. // applying the filter of the additional user profile fields
  445. if (isset($_GET['subscribe_user_filter_value']) &&
  446. !empty($_GET['subscribe_user_filter_value']) &&
  447. api_get_setting('ProfilingFilterAddingUsers') == 'true'
  448. ) {
  449. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  450. $sql .= "
  451. LEFT JOIN $table_user_field_values field_values
  452. ON field_values.item_id = u.user_id
  453. WHERE
  454. cu.user_id IS NULL AND u.status<>".DRH." AND
  455. field_values.field_id = '".intval($field_identification[0])."' AND
  456. field_values.value = '".Database::escape_string($field_identification[1])."'";
  457. } else {
  458. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  459. }
  460. // adding a teacher NOT trough a session on a portal with multiple URLs
  461. if (api_is_multiple_url_enabled()) {
  462. if ($url_access_id != -1) {
  463. $sql = "SELECT $select_fields
  464. FROM $user_table u
  465. LEFT JOIN $course_user_table cu
  466. ON u.user_id = cu.user_id and c_id='".$courseId."'
  467. INNER JOIN $tbl_url_rel_user as url_rel_user
  468. ON (url_rel_user.user_id = u.user_id) ";
  469. // applying the filter of the additional user profile fields
  470. if (isset($_GET['subscribe_user_filter_value']) &&
  471. !empty($_GET['subscribe_user_filter_value']) &&
  472. api_get_setting('ProfilingFilterAddingUsers') == 'true'
  473. ) {
  474. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  475. $sql .= "
  476. LEFT JOIN $table_user_field_values field_values
  477. ON field_values.item_id = u.user_id
  478. WHERE
  479. cu.user_id IS NULL AND
  480. u.status<>".DRH." AND
  481. field_values.field_id = '".intval($field_identification[0])."' AND
  482. field_values.value = '".Database::escape_string($field_identification[1])."'";
  483. } else {
  484. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
  485. }
  486. }
  487. }
  488. }
  489. } else {
  490. // adding a student
  491. if (!empty($sessionId)) {
  492. $sql = "SELECT $select_fields
  493. FROM $user_table u
  494. LEFT JOIN $tbl_session_rel_course_user cu
  495. ON
  496. u.user_id = cu.user_id AND
  497. c_id ='".$courseId."' AND
  498. session_id ='".$sessionId."' ";
  499. if (api_is_multiple_url_enabled()) {
  500. $sql .= " INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) ";
  501. }
  502. // applying the filter of the additional user profile fields
  503. if (isset($_GET['subscribe_user_filter_value']) &&
  504. !empty($_GET['subscribe_user_filter_value'])
  505. ) {
  506. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  507. $sql .= "
  508. LEFT JOIN $table_user_field_values field_values
  509. ON field_values.item_id = u.user_id
  510. WHERE
  511. cu.user_id IS NULL AND
  512. u.status<>".DRH." AND
  513. (u.official_code <> 'ADMIN' OR u.official_code IS NULL) AND
  514. field_values.field_id = '".intval($field_identification[0])."' AND
  515. field_values.value = '".Database::escape_string($field_identification[1])."'";
  516. } else {
  517. $sql .= "WHERE
  518. cu.user_id IS NULL AND
  519. u.status<>".DRH." AND
  520. (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  521. }
  522. if (api_is_multiple_url_enabled()) {
  523. $sql .= "AND access_url_id = $url_access_id";
  524. }
  525. } else {
  526. $sql = "SELECT $select_fields
  527. FROM $user_table u
  528. LEFT JOIN $course_user_table cu
  529. ON
  530. u.user_id = cu.user_id AND
  531. c_id ='".$courseId."'";
  532. // applying the filter of the additional user profile fields
  533. if (isset($_GET['subscribe_user_filter_value']) && !empty($_GET['subscribe_user_filter_value'])) {
  534. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  535. $sql .= "
  536. LEFT JOIN $table_user_field_values field_values
  537. ON field_values.item_id = u.user_id
  538. WHERE
  539. cu.user_id IS NULL AND
  540. u.status<>".DRH." AND
  541. field_values.field_id = '".intval($field_identification[0])."' AND
  542. field_values.value = '".Database::escape_string($field_identification[1])."'";
  543. } else {
  544. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  545. }
  546. //showing only the courses of the current Chamilo access_url_id
  547. if (api_is_multiple_url_enabled()) {
  548. if ($url_access_id != -1) {
  549. $sql = "SELECT $select_fields
  550. FROM $user_table u
  551. LEFT JOIN $course_user_table cu
  552. ON u.user_id = cu.user_id AND c_id='".$courseId."'
  553. INNER JOIN $tbl_url_rel_user as url_rel_user
  554. ON (url_rel_user.user_id = u.user_id) ";
  555. // applying the filter of the additional user profile fields
  556. if (isset($_GET['subscribe_user_filter_value']) &&
  557. !empty($_GET['subscribe_user_filter_value']) &&
  558. api_get_setting('ProfilingFilterAddingUsers') == 'true'
  559. ) {
  560. $field_identification = explode('*', $_GET['subscribe_user_filter_value']);
  561. $sql .= "
  562. LEFT JOIN $table_user_field_values field_values
  563. ON field_values.item_id = u.user_id
  564. WHERE
  565. cu.user_id IS NULL AND
  566. u.status<>".DRH." AND
  567. field_values.field_id = '".intval($field_identification[0])."' AND
  568. field_values.value = '".Database::escape_string($field_identification[1])."' AND
  569. access_url_id = $url_access_id
  570. ";
  571. } else {
  572. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
  573. }
  574. }
  575. }
  576. }
  577. }
  578. // adding additional WHERE statements to the SQL for the search functionality
  579. if (isset($_REQUEST['keyword'])) {
  580. $keyword = Database::escape_string(trim($_REQUEST['keyword']));
  581. $sql .= " AND (
  582. firstname LIKE '%".$keyword."%' OR
  583. lastname LIKE '%".$keyword."%' OR
  584. email LIKE '%".$keyword."%' OR
  585. username LIKE '%".$keyword."%' OR
  586. official_code LIKE '%".$keyword."%'
  587. )
  588. ";
  589. if (api_get_setting('ProfilingFilterAddingUsers') === 'true') {
  590. // we also want to search for users who have something in
  591. // their profile fields that matches the keyword
  592. $additional_users = search_additional_profile_fields($keyword);
  593. }
  594. // getting all the users of the course (to make sure that we do not
  595. // display users that are already in the course)
  596. if (!empty($sessionId)) {
  597. $a_course_users = CourseManager :: get_user_list_from_course_code($course_code, $sessionId);
  598. } else {
  599. $a_course_users = CourseManager :: get_user_list_from_course_code($course_code, 0);
  600. }
  601. foreach ($a_course_users as $user_id => $course_user) {
  602. $users_of_course[] = $course_user['user_id'];
  603. }
  604. }
  605. $sql .= " AND u.status != ".ANONYMOUS." ";
  606. // Sorting and pagination (used by the sortable table)
  607. $sql .= " ORDER BY col$column $direction ";
  608. $from = (int) $from;
  609. $number_of_items = (int) $number_of_items;
  610. $sql .= " LIMIT $from, $number_of_items";
  611. $res = Database::query($sql);
  612. $users = [];
  613. while ($user = Database::fetch_row($res)) {
  614. $users[] = $user;
  615. }
  616. return $users;
  617. }
  618. /**
  619. * Returns a mailto-link.
  620. *
  621. * @param string $email An email-address
  622. *
  623. * @return string HTML-code with a mailto-link
  624. */
  625. function email_filter($email)
  626. {
  627. return Display :: encrypted_mailto_link($email, $email);
  628. }
  629. /**
  630. * Build the reg-column of the table.
  631. *
  632. * @param int $user_id The user id
  633. *
  634. * @return string Some HTML-code
  635. */
  636. function reg_filter($user_id)
  637. {
  638. if (isset($_REQUEST['type']) && $_REQUEST['type'] == COURSEMANAGER) {
  639. $type = COURSEMANAGER;
  640. } else {
  641. $type = STUDENT;
  642. }
  643. $user_id = (int) $user_id;
  644. $result = '<a class="btn btn-small btn-primary" href="'.api_get_self().'?'.api_get_cidreq().'&register=yes&type='.$type.'&user_id='.$user_id.'">'.
  645. get_lang("reg").'</a>';
  646. return $result;
  647. }
  648. /**
  649. * Build the active-column of the table to lock or unlock a certain user
  650. * lock = the user can no longer use this account.
  651. *
  652. * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
  653. *
  654. * @param int $active the current state of the account
  655. * @param string $url_params
  656. *
  657. * @return string Some HTML-code with the lock/unlock button
  658. */
  659. function active_filter($active, $url_params, $row)
  660. {
  661. $_user = api_get_user_info();
  662. if ($active == '1') {
  663. $action = 'AccountActive';
  664. $image = 'accept';
  665. }
  666. if ($active == '0') {
  667. $action = 'AccountInactive';
  668. $image = 'error';
  669. }
  670. $result = '';
  671. if ($row['0'] != $_user['user_id']) {
  672. // you cannot lock yourself out otherwise you could disable all the accounts
  673. // including your own => everybody is locked out and nobody can change it anymore.
  674. $result = Display::return_icon(
  675. $image.'.png',
  676. get_lang(ucfirst($action)),
  677. [],
  678. ICON_SIZE_TINY
  679. );
  680. }
  681. return $result;
  682. }
  683. /**
  684. * Search the additional user profile fields defined by the platform administrator in
  685. * platform administration > profiling for a given keyword.
  686. * We not only search in the predefined options but also in the input fields wherer
  687. * the user can enter some text.
  688. *
  689. * For this we get the additional profile field options that match the (search) keyword,
  690. * then we find all the users who have entered the (search)keyword in a input field of the
  691. * additional profile fields or have chosen one of the matching predefined options
  692. *
  693. * @param string $keyword a keyword we are looking for in the additional profile fields
  694. *
  695. * @return array $additional_users an array with the users who have an additional profile field that matches the keyword
  696. */
  697. function search_additional_profile_fields($keyword)
  698. {
  699. // database table definitions
  700. $table_user_field_options = Database::get_main_table(TABLE_EXTRA_FIELD_OPTIONS);
  701. $table_user_field_values = Database::get_main_table(TABLE_EXTRA_FIELD_VALUES);
  702. $tableExtraField = Database::get_main_table(TABLE_EXTRA_FIELD);
  703. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  704. $keyword = Database::escape_string($keyword);
  705. // getting the field option text that match this keyword (for radio buttons and checkboxes)
  706. $sql = "SELECT * FROM $table_user_field_options
  707. WHERE display_text LIKE '%".$keyword."%'";
  708. $result_profiling = Database::query($sql);
  709. while ($profiling_field_options = Database::fetch_array($result_profiling)) {
  710. $profiling_field_options_exact_values[] = $profiling_field_options;
  711. }
  712. $profiling_field_options_exact_values_sql = '';
  713. foreach ($profiling_field_options_exact_values as $profilingkey => $profilingvalue) {
  714. $profiling_field_options_exact_values_sql .= " OR (field_id = '".$profilingvalue['field_id']."' AND value='".$profilingvalue['option_value']."') ";
  715. }
  716. $extraFieldType = ExtraField::USER_FIELD_TYPE;
  717. // getting all the user ids of the users who have chosen on of the predefined fields that contain the keyword
  718. // or all the users who have entered the keyword in a free-form field
  719. $sql = "SELECT
  720. user.user_id as col0,
  721. user.official_code as col1,
  722. user.lastname as col2,
  723. user.firstname as col3,
  724. user.email as col4,
  725. user.active as col5,
  726. user.user_id as col6
  727. FROM $table_user user, $table_user_field_values user_values, $tableExtraField e
  728. WHERE
  729. user.user_id = user_values.item_id AND
  730. user_values.field_id = e.id AND
  731. e.extra_field_type = $extraFieldType AND
  732. (value LIKE '%".$keyword."%'".$profiling_field_options_exact_values_sql.")";
  733. $result = Database::query($sql);
  734. $additional_users = [];
  735. while ($profiled_users = Database::fetch_array($result)) {
  736. $additional_users[$profiled_users['col0']] = $profiled_users;
  737. }
  738. return $additional_users;
  739. }
  740. /**
  741. * This function displays a dropdown list with all the additional user
  742. * profile fields defined by the platform administrator in
  743. * platform administration > profiling.
  744. * Only the fields that have predefined fields are usefull for such a filter.
  745. */
  746. function display_extra_profile_fields_filter()
  747. {
  748. // getting all the additional user profile fields
  749. $extra = UserManager::get_extra_fields(0, 50, 5, 'ASC');
  750. $return = '<option value="">'.get_lang('SelectFilter').'</option>';
  751. // looping through the additional user profile fields
  752. foreach ($extra as $id => $field_details) {
  753. // $field_details[2] contains the type of the additional user profile field
  754. switch ($field_details[2]) {
  755. // text fields cannot be used as a filter
  756. case ExtraFieldModel::FIELD_TYPE_TEXT:
  757. break;
  758. // text area fields cannot be used as a filter
  759. case ExtraFieldModel::FIELD_TYPE_TEXTAREA:
  760. break;
  761. case ExtraFieldModel::FIELD_TYPE_RADIO:
  762. case ExtraFieldModel::FIELD_TYPE_SELECT:
  763. case ExtraFieldModel::FIELD_TYPE_SELECT_MULTIPLE:
  764. $return .= '<optgroup label="'.$field_details[3].'">';
  765. foreach ($field_details[9] as $option_id => $option_details) {
  766. if (isset($_GET['subscribe_user_filter_value']) &&
  767. $_GET['subscribe_user_filter_value'] == $field_details[0].'*'.$option_details[1]
  768. ) {
  769. $selected = 'selected="selected"';
  770. } else {
  771. $selected = false;
  772. }
  773. $return .= '<option value="'.$field_details[0].'*'.$option_details[1].'" '.$selected.'>'.$option_details[2].'</option>';
  774. }
  775. $return .= '</optgroup>';
  776. break;
  777. }
  778. }
  779. $html = '<form class="form-inline" id="subscribe_user_filter" name="subscribe_user_filter" method="get" action="'.api_get_self().'?'.api_get_cidreq().'">';
  780. $html .= '<input type="hidden" name="type" id="type" value="'.Security::remove_XSS($_REQUEST['type']).'" />';
  781. $html .= '<select name="subscribe_user_filter_value" id="subscribe_user_filter_value">'.$return.'</select>';
  782. $html .= '<button type="submit" name="submit_filter" id="submit_filter" value="" class="search">'.get_lang('Filter').'</button>';
  783. $html .= '</form>';
  784. return $html;
  785. }