subscribe_user.php 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735
  1. <?php
  2. /* For licensing terms, see /license.txt*/
  3. /**
  4. * This script allows teachers to subscribe existing users
  5. * to their course.
  6. * @package chamilo.user
  7. */
  8. /**
  9. * Code
  10. */
  11. // name of the language file that needs to be included
  12. $language_file = array('registration','admin');
  13. require_once '../inc/global.inc.php';
  14. $current_course_tool = TOOL_USER;
  15. // the section (for the tabs)
  16. $this_section = SECTION_COURSES;
  17. // notice for unauthorized people.
  18. api_protect_course_script(true);
  19. if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'false') {
  20. if (!api_is_platform_admin()) {
  21. api_not_allowed(true);
  22. }
  23. }
  24. // access restriction
  25. if (!api_is_allowed_to_edit()) {
  26. api_not_allowed(true);
  27. }
  28. $tool_name = get_lang("SubscribeUserToCourse");
  29. $type = isset($_REQUEST['type']) ? Security::remove_XSS($_REQUEST['type']) : null;
  30. if ($type == 'teacher') {
  31. $tool_name = get_lang("SubscribeUserToCourseAsTeacher");
  32. }
  33. //extra entries in breadcrumb
  34. $interbreadcrumb[] = array ("url" => "user.php", "name" => get_lang("ToolUser"));
  35. if (isset($_GET['keyword']) && $_GET['keyword']) {
  36. $interbreadcrumb[] = array ("url" => "subscribe_user.php?type=".Security::remove_XSS($_GET['type']), "name" => $tool_name);
  37. $tool_name = get_lang('SearchResults');
  38. }
  39. Display :: display_header($tool_name, "User");
  40. // Build search-form
  41. echo '<div class="actions">';
  42. $actions = null;
  43. if (isset($_GET['keyword'])) {
  44. $actions .= '<a href="subscribe_user.php?type='.$type.'">'.Display::return_icon('clean_group.gif').' '.get_lang('ClearSearchResults').'</a>';
  45. }
  46. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value'])) {
  47. $actions .= '<a href="subscribe_user.php?type='.$type.'">'.Display::return_icon('clean_group.gif').' '.get_lang('ClearFilterResults').'</a>';
  48. }
  49. if (api_get_setting('ProfilingFilterAddingUsers') == 'true') {
  50. display_extra_profile_fields_filter($type);
  51. }
  52. // Build search-form
  53. $form = new FormValidator('search_user', 'get', '', '', null, false);
  54. $renderer = $form->defaultRenderer();
  55. $renderer->setElementTemplate('<span>{element}</span> ');
  56. $form->add_textfield('keyword', '', false);
  57. $form->addElement('hidden', 'type', $type);
  58. $form->addElement('style_submit_button', 'submit', get_lang('SearchButton'), 'class="search"');
  59. $form->addElement('static', 'additionalactions', null, $actions);
  60. $form->display();
  61. echo '</div>';
  62. /*
  63. MAIN SECTION
  64. */
  65. $current_session_id = api_get_session_id();
  66. $list_register_user='';
  67. $list_not_register_user='';
  68. if (isset ($_REQUEST['register'])) {
  69. if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
  70. if (!empty($current_session_id)) {
  71. $result_simple_sub = SessionManager::set_coach_to_course_session(intval($_REQUEST['user_id']), $current_session_id, $_course['sysCode']);
  72. } else {
  73. $result_simple_sub = CourseManager :: subscribe_user(intval($_REQUEST['user_id']), $_course['sysCode'],COURSEMANAGER);
  74. }
  75. } else {
  76. $result_simple_sub=CourseManager :: subscribe_user(intval($_REQUEST['user_id']), $_course['sysCode']);
  77. }
  78. $user_id_temp=$_SESSION['session_user_id'];
  79. if (is_array($user_id_temp)) {
  80. $counter = count($user_id_temp);
  81. for ($j=0; $j<$counter;$j++) {
  82. if ($user_id_temp[$j]==$_GET['user_id']) {
  83. if ($result_simple_sub) {
  84. Display::display_confirmation_message($_SESSION['session_user_name'][$j].' '.get_lang('AddedToCourse'));
  85. } else {
  86. Display::display_error_message($_SESSION['session_user_name'][$j].' '.get_lang('NotAddedToCourse'));
  87. }
  88. }
  89. }
  90. unset($_SESSION['session_user_id']);
  91. unset($_SESSION['session_user_name']);
  92. }
  93. }
  94. if (isset ($_POST['action'])) {
  95. switch ($_POST['action']) {
  96. case 'subscribe' :
  97. if (is_array($_POST['user'])) {
  98. foreach ($_POST['user'] as $index => $user_id) {
  99. $user_id=intval($user_id);
  100. if(isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
  101. if (!empty($current_session_id)) {
  102. $is_suscribe[] = SessionManager::set_coach_to_course_session($user_id, $current_session_id, $_course['sysCode']);
  103. } else {
  104. $is_suscribe[] = CourseManager::subscribe_user($user_id, $_course['sysCode'],COURSEMANAGER);
  105. }
  106. } else {
  107. $is_suscribe[]=CourseManager::subscribe_user($user_id, $_course['sysCode']);
  108. }
  109. $is_suscribe_user_id[]=$user_id;
  110. }
  111. }
  112. $user_id_temp=$_SESSION['session_user_id'];
  113. $user_name_temp=$_SESSION['session_user_name'];
  114. unset($_SESSION['session_user_id']);
  115. unset($_SESSION['session_user_name']);
  116. $counter=0;
  117. $is_suscribe_counter=count($is_suscribe_user_id);
  118. $list_register_user='';
  119. //if ($$is_suscribe_counter!=1) {
  120. for ($i=0; $i<$is_suscribe_counter;$i++) {
  121. for ($j=0; $j<count($user_id_temp);$j++) {
  122. if ($is_suscribe_user_id[$i]==$user_id_temp[$j]) {
  123. if ($is_suscribe[$i]) {
  124. $list_register_user.=" - ".$user_name_temp[$j].'<br/>';
  125. $temp_unique_user=$user_name_temp[$j];
  126. $counter++;
  127. } else {
  128. $list_not_register_user.=" - ".$user_name_temp[$j].'<br/>';
  129. }
  130. }
  131. }
  132. }
  133. //} else {
  134. //$list_register_user=$temp_unique_user; // only 1 user register
  135. //}
  136. if (!empty($list_register_user)) {
  137. if ($is_suscribe_counter==1) {
  138. $register_user_message=$temp_unique_user.' '.get_lang('AddedToCourse');
  139. Display::display_confirmation_message($register_user_message,false);
  140. } else {
  141. $register_user_message='<br />'.get_lang('UsersRegistered').'<br/><br />'.$list_register_user;
  142. Display::display_confirmation_message($register_user_message,false);
  143. }
  144. }
  145. if (!empty($list_not_register_user)) {
  146. $not_register_user_message='<br />'.get_lang('UsersNotRegistered').'<br/><br /><br />'.$list_not_register_user;
  147. Display::display_error_message($not_register_user_message,false);
  148. }
  149. break;
  150. }
  151. }
  152. if (!empty($_SESSION['session_user_id'])) {
  153. unset($_SESSION['session_user_id']);
  154. }
  155. if (!empty($_SESSION['session_user_name'])) {
  156. unset($_SESSION['session_user_name']);
  157. }
  158. $is_western_name_order = api_is_western_name_order();
  159. $sort_by_first_name = api_sort_by_first_name();
  160. // Build table
  161. $table = new SortableTable('subscribe_users', 'get_number_of_users', 'get_user_data', ($is_western_name_order xor $sort_by_first_name) ? 3 : 2);
  162. $parameters['keyword'] = isset($_REQUEST['keyword']) ? Security::remove_XSS($_REQUEST['keyword']) : null;
  163. $parameters ['type'] = isset($_REQUEST['type']) ? $type : null;
  164. $table->set_additional_parameters($parameters);
  165. $col = 0;
  166. $table->set_header($col ++, '', false);
  167. $table->set_header($col ++, get_lang('OfficialCode'));
  168. if (api_is_western_name_order()) {
  169. $table->set_header($col ++, get_lang('FirstName'));
  170. $table->set_header($col ++, get_lang('LastName'));
  171. } else {
  172. $table->set_header($col ++, get_lang('LastName'));
  173. $table->set_header($col ++, get_lang('FirstName'));
  174. }
  175. if (api_get_setting('show_email_addresses') == 'true') {
  176. $table->set_header($col ++, get_lang('Email'));
  177. $table->set_column_filter($col -1, 'email_filter');
  178. }
  179. $table->set_header($col ++, get_lang('Active'),false);
  180. $table->set_column_filter($col -1, 'active_filter');
  181. $table->set_header($col ++, get_lang('Actions'), false);
  182. $table->set_column_filter($col -1, 'reg_filter');
  183. $table->set_form_actions(array ('subscribe' => get_lang('reg')), 'user');
  184. if (!empty($_POST['keyword'])) {
  185. $keyword_name=Security::remove_XSS($_POST['keyword']);
  186. echo '<br/>'.get_lang('SearchResultsFor').' <span style="font-style: italic ;"> '.$keyword_name.' </span><br>';
  187. }
  188. // Display table
  189. $table->display();
  190. // footer
  191. Display :: display_footer();
  192. /* SHOW LIST OF USERS */
  193. /**
  194. * * Get the users to display on the current page.
  195. */
  196. function get_number_of_users() {
  197. global $_configuration;
  198. // Database table definition
  199. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  200. $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  201. $tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  202. $table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
  203. if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
  204. if (api_get_session_id() != 0) {
  205. $sql = "SELECT COUNT(u.user_id)
  206. FROM $user_table u
  207. LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and cu.c_id ='".api_get_course_int_id()."' AND id_session ='".api_get_session_id()."'
  208. WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  209. if ($_configuration['multiple_access_urls']) {
  210. $url_access_id = api_get_current_access_url_id();
  211. if ($url_access_id !=-1) {
  212. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  213. $sql = "SELECT COUNT(u.user_id) FROM $user_table u
  214. LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and cu.c_id ='".api_get_course_int_id()."' AND id_session ='".api_get_session_id()."'
  215. INNER JOIN $tbl_url_rel_user as url_rel_user
  216. ON (url_rel_user.user_id = u.user_id)
  217. WHERE cu.id_user IS NULL AND access_url_id= $url_access_id AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  218. }
  219. }
  220. } else {
  221. $sql = "SELECT COUNT(u.user_id) FROM $user_table u LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id='".api_get_course_int_id()."'
  222. WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  223. if (api_is_multiple_url_enabled()) {
  224. $url_access_id = api_get_current_access_url_id();
  225. if ($url_access_id !=-1) {
  226. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  227. $sql = "SELECT COUNT(u.user_id) FROM $user_table u
  228. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id AND cu.c_id='".api_get_course_int_id()."'
  229. INNER JOIN $tbl_url_rel_user as url_rel_user
  230. ON (url_rel_user.user_id = u.user_id)
  231. WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
  232. }
  233. }
  234. }
  235. } else {
  236. // students
  237. if (api_get_session_id() != 0) {
  238. $sql = "SELECT COUNT(u.user_id)
  239. FROM $user_table u
  240. LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and cu.c_id='".api_get_course_int_id()."' AND id_session ='".api_get_session_id()."'
  241. WHERE cu.id_user IS NULL AND u.status<>".DRH." AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  242. if ($_configuration['multiple_access_urls']) {
  243. $url_access_id = api_get_current_access_url_id();
  244. if ($url_access_id !=-1) {
  245. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  246. $sql = "SELECT COUNT(u.user_id)
  247. FROM $user_table u
  248. LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and cu.c_id='".api_get_course_int_id()."' AND id_session ='".api_get_session_id()."'
  249. INNER JOIN $tbl_url_rel_user as url_rel_user
  250. ON (url_rel_user.user_id = u.user_id)
  251. WHERE cu.id_user IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  252. }
  253. }
  254. } else {
  255. $sql = "SELECT COUNT(u.user_id)
  256. FROM $user_table u
  257. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id ='".api_get_course_int_id()."'";
  258. // we change the SQL when we have a filter
  259. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
  260. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  261. $sql .= "
  262. LEFT JOIN $table_user_field_values field_values
  263. ON field_values.user_id = u.user_id
  264. WHERE cu.user_id IS NULL AND u.status<>".DRH."
  265. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  266. AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
  267. } else {
  268. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  269. }
  270. if (isset($_configuration['multiple_access_urls']) && $_configuration['multiple_access_urls']) {
  271. $url_access_id = api_get_current_access_url_id();
  272. if ($url_access_id !=-1) {
  273. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  274. $sql = "SELECT COUNT(u.user_id)
  275. FROM $user_table u
  276. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id ='".api_get_course_int_id()."'
  277. INNER JOIN $tbl_url_rel_user as url_rel_user
  278. ON (url_rel_user.user_id = u.user_id)
  279. WHERE cu.user_id IS NULL AND access_url_id= $url_access_id AND u.status<>".DRH." ";
  280. }
  281. }
  282. }
  283. }
  284. // when there is a keyword then we are searching and we have to change the SQL statement
  285. if (isset ($_GET['keyword']) AND !empty($_GET['keyword'])) {
  286. $keyword = Database::escape_string(trim($_REQUEST['keyword']));
  287. $sql .= " AND (firstname LIKE '%".$keyword."%' OR lastname LIKE '%".$keyword."%' OR email LIKE '%".$keyword."%' OR username LIKE '%".$keyword."%' OR official_code LIKE '%".$keyword."%')";
  288. // we also want to search for users who have something in their profile fields that matches the keyword
  289. if (api_get_setting('ProfilingFilterAddingUsers') == 'true') {
  290. $additional_users = search_additional_profile_fields($keyword);
  291. }
  292. // getting all the users of the course (to make sure that we do not display users that are already in the course)
  293. if (!empty($_SESSION["id_session"])) {
  294. $a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], $_SESSION['id_session']);
  295. } else {
  296. $a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], 0);
  297. }
  298. foreach ($a_course_users as $user_id=>$course_user) {
  299. $users_of_course[] = $course_user['user_id'];
  300. }
  301. }
  302. $sql .=" AND u.status <> ".ANONYMOUS." ";
  303. $res = Database::query($sql);
  304. $count_user = 0;
  305. if ($res) {
  306. $row = Database::fetch_row($res);
  307. $count_user = $row[0];
  308. }
  309. return $count_user;
  310. }
  311. /**
  312. * Get the users to display on the current page.
  313. */
  314. function get_user_data($from, $number_of_items, $column, $direction) {
  315. global $_configuration;
  316. $url_access_id = api_get_current_access_url_id();
  317. $course_code = api_get_course_id();
  318. $courseId = api_get_course_int_id();
  319. $session_id = api_get_session_id();
  320. // Database table definitions
  321. $user_table = Database::get_main_table(TABLE_MAIN_USER);
  322. $course_user_table = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  323. $tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  324. $table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
  325. $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
  326. // adding teachers
  327. $is_western_name_order = api_is_western_name_order();
  328. if (api_get_setting('show_email_addresses') == 'true') {
  329. $select_fields = "u.user_id AS col0,
  330. u.official_code AS col1,
  331. ".($is_western_name_order
  332. ? "u.firstname AS col2,
  333. u.lastname AS col3,"
  334. : "u.lastname AS col2,
  335. u.firstname AS col3,")."
  336. u.email AS col4,
  337. u.active AS col5,
  338. u.user_id AS col6";
  339. } else {
  340. $select_fields = "u.user_id AS col0,
  341. u.official_code AS col1,
  342. ".($is_western_name_order
  343. ? "u.firstname AS col2,
  344. u.lastname AS col3,"
  345. : "u.lastname AS col2,
  346. u.firstname AS col3,")."
  347. u.active AS col4,
  348. u.user_id AS col5";
  349. }
  350. if (isset($_REQUEST['type']) && $_REQUEST['type'] == 'teacher') {
  351. // adding a teacher through a session
  352. if (!empty($session_id)) {
  353. $sql = "SELECT $select_fields
  354. FROM $user_table u
  355. LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user AND cu.c_id ='".$courseId."' AND id_session ='".$session_id."'
  356. INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) ";
  357. // applying the filter of the additional user profile fields
  358. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true') {
  359. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  360. $sql .= "
  361. LEFT JOIN $table_user_field_values field_values
  362. ON field_values.user_id = u.user_id
  363. WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
  364. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  365. AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
  366. } else {
  367. $sql .= "WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  368. }
  369. $sql .= " AND access_url_id= $url_access_id";
  370. } else {
  371. // adding a teacher NOT through a session
  372. $sql = "SELECT $select_fields
  373. FROM $user_table u
  374. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id = '".$courseId."'";
  375. // applying the filter of the additional user profile fields
  376. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
  377. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  378. $sql .= "
  379. LEFT JOIN $table_user_field_values field_values
  380. ON field_values.user_id = u.user_id
  381. WHERE cu.user_id IS NULL AND u.status<>".DRH."
  382. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  383. AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
  384. } else {
  385. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  386. }
  387. // adding a teacher NOT trough a session on a portal with multiple URLs
  388. if ($_configuration['multiple_access_urls']) {
  389. if ($url_access_id !=-1) {
  390. $sql = "SELECT $select_fields
  391. FROM $user_table u
  392. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id ='".$courseId."'
  393. INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) ";
  394. // applying the filter of the additional user profile fields
  395. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
  396. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  397. $sql .= "
  398. LEFT JOIN $table_user_field_values field_values
  399. ON field_values.user_id = u.user_id
  400. WHERE cu.user_id IS NULL AND u.status<>".DRH."
  401. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  402. AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
  403. } else {
  404. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
  405. }
  406. }
  407. }
  408. }
  409. } else {
  410. // adding a student
  411. if (!empty($session_id)) {
  412. $sql = "SELECT $select_fields
  413. FROM $user_table u
  414. LEFT JOIN $tbl_session_rel_course_user cu ON u.user_id = cu.id_user AND cu.c_id ='".$courseId."' AND id_session ='".$session_id."' ";
  415. if (api_is_multiple_url_enabled()) {
  416. $sql .= " INNER JOIN $tbl_url_rel_user as url_rel_user ON (url_rel_user.user_id = u.user_id) ";
  417. }
  418. // applying the filter of the additional user profile fields
  419. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value'])){
  420. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  421. $sql .= "
  422. LEFT JOIN $table_user_field_values field_values
  423. ON field_values.user_id = u.user_id
  424. WHERE cu.id_user IS NULL AND u.status<>".DRH." AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
  425. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  426. AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
  427. } else {
  428. $sql .= "WHERE cu.id_user IS NULL AND u.status<>".DRH." AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
  429. }
  430. if (api_is_multiple_url_enabled()) {
  431. $sql .= "AND access_url_id = $url_access_id";
  432. }
  433. } else {
  434. $sql = "SELECT $select_fields
  435. FROM $user_table u
  436. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id ='".$courseId."'";
  437. // applying the filter of the additional user profile fields
  438. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value'])){
  439. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  440. $sql .= "
  441. LEFT JOIN $table_user_field_values field_values
  442. ON field_values.user_id = u.user_id
  443. WHERE cu.user_id IS NULL AND u.status<>".DRH."
  444. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  445. AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
  446. } else {
  447. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
  448. }
  449. //showing only the courses of the current Chamilo access_url_id
  450. if (api_is_multiple_url_enabled()) {
  451. if ($url_access_id !=-1) {
  452. $sql = "SELECT $select_fields
  453. FROM $user_table u
  454. LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and cu.c_id ='".$courseId."'
  455. INNER JOIN $tbl_url_rel_user as url_rel_user
  456. ON (url_rel_user.user_id = u.user_id) ";
  457. // applying the filter of the additional user profile fields
  458. if (isset($_GET['subscribe_user_filter_value']) AND !empty($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
  459. $field_identification = explode('*',$_GET['subscribe_user_filter_value']);
  460. $sql .= "
  461. LEFT JOIN $table_user_field_values field_values
  462. ON field_values.user_id = u.user_id
  463. WHERE cu.user_id IS NULL AND u.status<>".DRH."
  464. AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
  465. AND field_values.field_value = '".Database::escape_string($field_identification[1])."' AND access_url_id= $url_access_id ";
  466. } else {
  467. $sql .= "WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
  468. }
  469. }
  470. }
  471. }
  472. }
  473. // adding additional WHERE statements to the SQL for the search functionality
  474. if (isset ($_REQUEST['keyword'])) {
  475. $keyword = Database::escape_string(trim($_REQUEST['keyword']));
  476. $sql .= " AND (firstname LIKE '%".$keyword."%' OR lastname LIKE '%".$keyword."%' OR email LIKE '%".$keyword."%' OR username LIKE '%".$keyword."%' OR official_code LIKE '%".$keyword."%')";
  477. if (api_get_setting('ProfilingFilterAddingUsers') == 'true') {
  478. // we also want to search for users who have something in their profile fields that matches the keyword
  479. $additional_users = search_additional_profile_fields($keyword);
  480. }
  481. // getting all the users of the course (to make sure that we do not display users that are already in the course)
  482. if (!empty($session_id)) {
  483. $a_course_users = CourseManager :: get_user_list_from_course_code($course_code, $session_id);
  484. } else {
  485. $a_course_users = CourseManager :: get_user_list_from_course_code($course_code, 0);
  486. }
  487. foreach ($a_course_users as $user_id=>$course_user) {
  488. $users_of_course[] = $course_user['user_id'];
  489. }
  490. }
  491. $sql .=" AND u.status != ".ANONYMOUS." ";
  492. // Sorting and pagination (used by the sortable table)
  493. $sql .= " ORDER BY col$column $direction ";
  494. $sql .= " LIMIT $from,$number_of_items";
  495. $res = Database::query($sql);
  496. $users = array ();
  497. while ($user = Database::fetch_row($res)) {
  498. $users[] = $user;
  499. $_SESSION['session_user_id'][] = $user[0];
  500. if ($is_western_name_order) {
  501. $_SESSION['session_user_name'][] = api_get_person_name($user[2], $user[3]);
  502. } else {
  503. $_SESSION['session_user_name'][] = api_get_person_name($user[3], $user[2]);
  504. }
  505. }
  506. // adding additional users based on the search on the additional profile fields
  507. if (isset ($_REQUEST['keyword'])){
  508. if (isset($additional_users) && is_array($additional_users)) {
  509. foreach($additional_users as $additional_user_key=>$additional_user_value){
  510. if (!in_array($additional_user_key, $_SESSION['session_user_id']) AND !in_array($additional_user_key,$users_of_course)){
  511. $users[]= array($additional_user_value['col0'],$additional_user_value['col1'],$additional_user_value['col2'].'*',$additional_user_value['col3'].'*',$additional_user_value['col4'],$additional_user_value['col5'], $additional_user_value['col6']);
  512. }
  513. }
  514. }
  515. }
  516. return $users;
  517. }
  518. /**
  519. * Returns a mailto-link
  520. * @param string $email An email-address
  521. * @return string HTML-code with a mailto-link
  522. */
  523. function email_filter($email) {
  524. return Display :: encrypted_mailto_link($email, $email);
  525. }
  526. /**
  527. * Build the reg-column of the table
  528. * @param int $user_id The user id
  529. * @return string Some HTML-code
  530. */
  531. function reg_filter($user_id) {
  532. if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') $type='teacher'; else $type='student';
  533. $result = '<a class="btn btn-small btn-primary" href="'.api_get_self().'?register=yes&type='.$type.'&user_id='.$user_id.'&'.api_get_cidreq().'">'.get_lang("reg").'</a>';
  534. return $result;
  535. }
  536. /**
  537. * Build the active-column of the table to lock or unlock a certain user
  538. * lock = the user can no longer use this account
  539. * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
  540. * @param int $active the current state of the account
  541. * @param int $user_id The user id
  542. * @param string $url_params
  543. * @return string Some HTML-code with the lock/unlock button
  544. */
  545. function active_filter($active, $url_params, $row) {
  546. global $_user;
  547. if ($active=='1') {
  548. $action='AccountActive';
  549. $image='accept';
  550. }
  551. if ($active=='0') {
  552. $action='AccountInactive';
  553. $image='error';
  554. }
  555. if ($row['0']<>$_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
  556. $result = Display::return_icon($image.'.png', get_lang(ucfirst($action)), array() , ICON_SIZE_TINY);
  557. }
  558. return $result;
  559. }
  560. /**
  561. * Search the additional user profile fields defined by the platform administrator in
  562. * platform administration > profiling for a given keyword.
  563. * We not only search in the predefined options but also in the input fields wherer
  564. * the user can enter some text.
  565. *
  566. * For this we get the additional profile field options that match the (search) keyword,
  567. * then we find all the users who have entered the (search)keyword in a input field of the
  568. * additional profile fields or have chosen one of the matching predefined options
  569. *
  570. * @param string $keyword a keyword we are looking for in the additional profile fields
  571. * @return array $additional_users an array with the users who have an additional profile field that matches the keyword
  572. */
  573. function search_additional_profile_fields($keyword)
  574. {
  575. // database table definitions
  576. $table_user_field_options = Database :: get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
  577. $table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
  578. $table_user = Database::get_main_table(TABLE_MAIN_USER);
  579. // getting the field option text that match this keyword (for radio buttons and checkboxes)
  580. $sql_profiling = "SELECT * FROM $table_user_field_options WHERE option_display_text LIKE '%".$keyword."%'";
  581. $result_profiling = Database::query($sql_profiling);
  582. while ($profiling_field_options = Database::fetch_array($result_profiling)) {
  583. $profiling_field_options_exact_values[] = $profiling_field_options;
  584. }
  585. $profiling_field_options_exact_values_sql = null;
  586. foreach ($profiling_field_options_exact_values as $profilingkey=>$profilingvalue){
  587. $profiling_field_options_exact_values_sql .= "OR (field_id = '".$profilingvalue['field_id']."' AND field_value='".$profilingvalue['option_value']."') ";
  588. }
  589. // getting all the user ids of the users who have chosen on of the predefined fields that contain the keyword
  590. // or all the users who have entered the keyword in a free-form field
  591. $sql_profiling_values = "SELECT user.user_id as col0, user.official_code as col1, user.lastname as col2, user.firstname as col3, user.email as col4, user.active as col5, user.user_id as col6
  592. FROM $table_user user, $table_user_field_values user_values
  593. WHERE user.user_id = user_values.user_id
  594. AND ( field_value LIKE '%".$keyword."%'
  595. ".$profiling_field_options_exact_values_sql.")";
  596. $result_profiling_values = Database::query($sql_profiling_values);
  597. while ($profiled_users = Database::fetch_array($result_profiling_values)) {
  598. $additional_users[$profiled_users['col0']] = $profiled_users;
  599. }
  600. return $additional_users;
  601. }
  602. /**
  603. * This function displays a dropdown list with all the additional user profile fields defined by the platform administrator in
  604. * platform administration > profiling. Only the fields that have predefined fields are usefull for such a filter.
  605. *
  606. */
  607. function display_extra_profile_fields_filter($type) {
  608. // getting all the additional user profile fields
  609. $extra = UserManager::get_extra_fields(0,50,5,'ASC');
  610. $return='<option value="">'.get_lang('SelectFilter').'</option>';
  611. // looping through the additional user profile fields
  612. foreach($extra as $id => $field_details) {
  613. // $field_details[2] contains the type of the additional user profile field
  614. switch($field_details[2]) {
  615. // text fields cannot be used as a filter
  616. case ExtraField::FIELD_TYPE_TEXT:
  617. break;
  618. // text area fields cannot be used as a filter
  619. case ExtraField::FIELD_TYPE_TEXTAREA:
  620. break;
  621. case ExtraField::FIELD_TYPE_RADIO:
  622. case ExtraField::FIELD_TYPE_SELECT:
  623. case ExtraField::FIELD_TYPE_SELECT_MULTIPLE:
  624. $return .= '<optgroup label="'.$field_details[3].'">';
  625. foreach($field_details[9] as $option_id => $option_details) {
  626. if ($_GET['subscribe_user_filter_value'] == $field_details[0].'*'.$option_details[1]) {
  627. $selected = 'selected="selected"';
  628. } else {
  629. $selected = false;
  630. }
  631. $return .= '<option value="'.$field_details[0].'*'.$option_details[1].'" '.$selected.'>'.$option_details[2].'</option>';
  632. }
  633. $return .= '</optgroup>';
  634. break;
  635. }
  636. }
  637. echo '<form id="subscribe_user_filter" name="subscribe_user_filter" method="get" action="'.api_get_self().'?api_get_cidreq" style="float:left;">';
  638. echo ' <input type="hidden" name="type" id="type" value="'.$type.'" />';
  639. echo '<select name="subscribe_user_filter_value" id="subscribe_user_filter_value">'.$return.'</select>';
  640. echo '<button type="submit" name="submit_filter" id="submit_filter" value="" class="search">'.get_lang('Filter').'</button>';
  641. echo '</form>';
  642. }