user.php 39 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087
  1. <?php
  2. /* For licensing terms, see /license.txt */
  3. /**
  4. * This script displays a list of the users of the current course.
  5. * Course admins can change user permissions, subscribe and unsubscribe users...
  6. *
  7. * show users registered in courses
  8. *
  9. * @author Roan Embrechts
  10. * @author Julio Montoya, Several fixes
  11. *
  12. * @package chamilo.user
  13. */
  14. $use_anonymous = true;
  15. require_once __DIR__.'/../inc/global.inc.php';
  16. $current_course_tool = TOOL_USER;
  17. $this_section = SECTION_COURSES;
  18. // notice for unauthorized people.
  19. api_protect_course_script(true, false, 'user');
  20. if (!api_is_platform_admin(true)) {
  21. if (!api_is_course_admin() && !api_is_coach()) {
  22. if (api_get_course_setting('allow_user_view_user_list') == 0) {
  23. api_not_allowed(true);
  24. }
  25. }
  26. }
  27. $sessionId = api_get_session_id();
  28. $is_western_name_order = api_is_western_name_order();
  29. $sort_by_first_name = api_sort_by_first_name();
  30. $course_info = api_get_course_info();
  31. $user_id = api_get_user_id();
  32. $_user = api_get_user_info();
  33. $courseCode = $course_info['code'];
  34. $courseId = $course_info['real_id'];
  35. $type = isset($_REQUEST['type']) ? (int) $_REQUEST['type'] : STUDENT;
  36. $canEditUsers = api_get_setting('allow_user_course_subscription_by_course_admin') == 'true' || api_is_platform_admin();
  37. // Can't auto unregister from a session
  38. if (!empty($sessionId)) {
  39. $course_info['unsubscribe'] = 0;
  40. }
  41. /* Un registering a user section */
  42. if (api_is_allowed_to_edit(null, true)) {
  43. if (isset($_POST['action'])) {
  44. switch ($_POST['action']) {
  45. case 'unsubscribe':
  46. // Make sure we don't unsubscribe current user from the course
  47. if (is_array($_POST['user'])) {
  48. $user_ids = array_diff($_POST['user'], [$user_id]);
  49. if (count($user_ids) > 0) {
  50. CourseManager::unsubscribe_user($user_ids, $courseCode);
  51. Display::addFlash(
  52. Display::return_message(get_lang('The selected users have been unsubscribed from the course'))
  53. );
  54. }
  55. }
  56. }
  57. }
  58. }
  59. // Getting extra fields that have the filter option "on"
  60. $extraField = new ExtraField('user');
  61. $extraFields = $extraField->get_all(['filter = ?' => 1]);
  62. $user_image_pdf_size = 80;
  63. $canEdit = api_is_allowed_to_edit(null, true);
  64. $canRead = api_is_allowed_to_edit(null, true) || api_is_coach();
  65. if (isset($_GET['action'])) {
  66. switch ($_GET['action']) {
  67. case 'set_tutor':
  68. if (!$canEdit) {
  69. api_not_allowed();
  70. }
  71. $userId = isset($_GET['user_id']) ? (int) $_GET['user_id'] : null;
  72. $isTutor = isset($_GET['is_tutor']) ? (int) $_GET['is_tutor'] : 0;
  73. $userInfo = api_get_user_info($userId);
  74. if (!empty($userId)) {
  75. if (!$sessionId) {
  76. if ($userInfo['status'] != INVITEE) {
  77. CourseManager::updateUserCourseTutor(
  78. $userId,
  79. $courseId,
  80. $isTutor
  81. );
  82. Display::addFlash(
  83. Display::return_message(get_lang('Update successful'))
  84. );
  85. } else {
  86. Display::addFlash(
  87. Display::return_message(
  88. get_lang('Invitees cannot be tutors'),
  89. 'error'
  90. )
  91. );
  92. }
  93. }
  94. }
  95. break;
  96. case 'export':
  97. if (!$canRead) {
  98. api_not_allowed();
  99. }
  100. $table_users = Database::get_main_table(TABLE_MAIN_USER);
  101. $is_western_name_order = api_is_western_name_order();
  102. $data = [];
  103. $a_users = [];
  104. $current_access_url_id = api_get_current_access_url_id();
  105. $extra_fields = UserManager::get_extra_user_data(
  106. api_get_user_id(),
  107. false,
  108. false,
  109. false,
  110. true
  111. );
  112. $extra_fields = array_keys($extra_fields);
  113. $select_email_condition = '';
  114. if (api_get_setting('show_email_addresses') === 'true') {
  115. $select_email_condition = ' user.email, ';
  116. if ($sort_by_first_name) {
  117. $a_users[0] = [
  118. 'id',
  119. get_lang('First name'),
  120. get_lang('Last name'),
  121. get_lang('Username'),
  122. get_lang('e-mail'),
  123. get_lang('Phone'),
  124. get_lang('Code'),
  125. get_lang('active'),
  126. ];
  127. } else {
  128. $a_users[0] = [
  129. 'id',
  130. get_lang('Last name'),
  131. get_lang('First name'),
  132. get_lang('Username'),
  133. get_lang('e-mail'),
  134. get_lang('Phone'),
  135. get_lang('Code'),
  136. get_lang('active'),
  137. ];
  138. }
  139. } else {
  140. if ($sort_by_first_name) {
  141. $a_users[0] = [
  142. 'id',
  143. get_lang('First name'),
  144. get_lang('Last name'),
  145. get_lang('Username'),
  146. get_lang('Phone'),
  147. get_lang('Code'),
  148. get_lang('active'),
  149. ];
  150. } else {
  151. $a_users[0] = [
  152. 'id',
  153. get_lang('Last name'),
  154. get_lang('First name'),
  155. get_lang('Username'),
  156. get_lang('Phone'),
  157. get_lang('Code'),
  158. get_lang('active'),
  159. ];
  160. }
  161. }
  162. $legal = '';
  163. if (isset($course_info['activate_legal']) && $course_info['activate_legal'] == 1) {
  164. $legal = ', legal_agreement';
  165. $a_users[0][] = get_lang('Legal agreement accepted');
  166. }
  167. if ($_GET['format'] === 'pdf') {
  168. $select_email_condition = ' user.email, ';
  169. if ($is_western_name_order) {
  170. $a_users[0] = [
  171. '#',
  172. get_lang('Picture'),
  173. get_lang('Code'),
  174. get_lang('First name').', '.get_lang('Last name'),
  175. get_lang('e-mail'),
  176. get_lang('Phone'),
  177. ];
  178. } else {
  179. $a_users[0] = [
  180. '#',
  181. get_lang('Picture'),
  182. get_lang('Code'),
  183. get_lang('Last name').', '.get_lang('First name'),
  184. get_lang('e-mail'),
  185. get_lang('Phone'),
  186. ];
  187. }
  188. }
  189. $a_users[0] = array_merge($a_users[0], $extra_fields);
  190. // users subscribed to the course through a session.
  191. if (api_get_session_id()) {
  192. $table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
  193. $sql = "SELECT DISTINCT
  194. user.user_id, ".($is_western_name_order ? "user.firstname, user.lastname" : "user.lastname, user.firstname").",
  195. user.username,
  196. $select_email_condition
  197. phone,
  198. user.official_code,
  199. active
  200. $legal
  201. FROM $table_session_course_user as session_course_user,
  202. $table_users as user ";
  203. if (api_is_multiple_url_enabled()) {
  204. $sql .= ' , '.Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER).' au ';
  205. }
  206. $sql .= "
  207. WHERE c_id = $courseId
  208. AND session_course_user.user_id = user.user_id
  209. AND session_id = $sessionId
  210. ";
  211. if (api_is_multiple_url_enabled()) {
  212. $sql .= " AND user.user_id = au.user_id AND access_url_id = $current_access_url_id ";
  213. }
  214. // only users no coaches/teachers
  215. if ($type == COURSEMANAGER) {
  216. $sql .= " AND session_course_user.status = 2 ";
  217. } else {
  218. $sql .= " AND session_course_user.status = 0 ";
  219. }
  220. $sql .= $sort_by_first_name ? ' ORDER BY user.firstname, user.lastname' : ' ORDER BY user.lastname, user.firstname';
  221. $rs = Database::query($sql);
  222. $counter = 1;
  223. while ($user = Database:: fetch_array($rs, 'ASSOC')) {
  224. if (isset($user['legal_agreement'])) {
  225. if ($user['legal_agreement'] == 1) {
  226. $user['legal_agreement'] = get_lang('Yes');
  227. } else {
  228. $user['legal_agreement'] = get_lang('No');
  229. }
  230. }
  231. $extra_fields = UserManager::get_extra_user_data(
  232. $user['user_id'],
  233. false,
  234. false,
  235. false,
  236. true
  237. );
  238. if (!empty($extra_fields)) {
  239. foreach ($extra_fields as $key => $extra_value) {
  240. $user[$key] = $extra_value;
  241. }
  242. }
  243. $data[] = $user;
  244. if ($_GET['format'] === 'pdf') {
  245. $user_info = api_get_user_info($user['user_id']);
  246. $user_image = '<img src="'.$user_info['avatar'].'" width ="'.$user_image_pdf_size.'px" />';
  247. if ($is_western_name_order) {
  248. $user_pdf = [
  249. $counter,
  250. $user_image,
  251. $user['official_code'],
  252. $user['firstname'].', '.$user['lastname'],
  253. $user['email'],
  254. $user['phone'],
  255. ];
  256. } else {
  257. $user_pdf = [
  258. $counter,
  259. $user_image,
  260. $user['official_code'],
  261. $user['lastname'].', '.$user['firstname'],
  262. $user['email'],
  263. $user['phone'],
  264. ];
  265. }
  266. $a_users[] = $user_pdf;
  267. } else {
  268. $a_users[] = $user;
  269. }
  270. $counter++;
  271. }
  272. }
  273. if ($sessionId == 0) {
  274. // users directly subscribed to the course
  275. $table_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
  276. $sql = "SELECT DISTINCT
  277. user.user_id, ".($is_western_name_order ? "user.firstname, user.lastname" : "user.lastname, user.firstname").",
  278. user.username,
  279. $select_email_condition
  280. phone,
  281. user.official_code,
  282. active $legal
  283. FROM $table_course_user as course_user, $table_users as user ";
  284. if (api_is_multiple_url_enabled()) {
  285. $sql .= ' , '.Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER).' au ';
  286. }
  287. $sql .= " WHERE
  288. c_id = '$courseId' AND
  289. course_user.relation_type <> ".COURSE_RELATION_TYPE_RRHH." AND
  290. course_user.user_id = user.user_id ";
  291. if (api_is_multiple_url_enabled()) {
  292. $sql .= " AND user.user_id = au.user_id AND access_url_id = $current_access_url_id ";
  293. }
  294. // only users no teachers/coaches
  295. if ($type == COURSEMANAGER) {
  296. $sql .= " AND course_user.status = 1 ";
  297. } else {
  298. $sql .= " AND course_user.status = 5 ";
  299. }
  300. $sql .= ($sort_by_first_name ? " ORDER BY user.firstname, user.lastname" : " ORDER BY user.lastname, user.firstname");
  301. $rs = Database::query($sql);
  302. $counter = 1;
  303. while ($user = Database::fetch_array($rs, 'ASSOC')) {
  304. if (isset($user['legal_agreement'])) {
  305. if ($user['legal_agreement'] == 1) {
  306. $user['legal_agreement'] = get_lang('Yes');
  307. } else {
  308. $user['legal_agreement'] = get_lang('No');
  309. }
  310. }
  311. $extra_fields = UserManager::get_extra_user_data(
  312. $user['user_id'],
  313. false,
  314. false,
  315. false,
  316. true
  317. );
  318. if (!empty($extra_fields)) {
  319. foreach ($extra_fields as $key => $extra_value) {
  320. $user[$key] = $extra_value;
  321. }
  322. }
  323. if ($_GET['format'] === 'pdf') {
  324. $user_info = api_get_user_info($user['user_id']);
  325. $user_image = '<img src="'.$user_info['avatar'].'" width ="'.$user_image_pdf_size.'px" />';
  326. if ($is_western_name_order) {
  327. $user_pdf = [
  328. $counter,
  329. $user_image,
  330. $user['official_code'],
  331. $user['firstname'].', '.$user['lastname'],
  332. $user['email'],
  333. $user['phone'],
  334. ];
  335. } else {
  336. $user_pdf = [
  337. $counter,
  338. $user_image,
  339. $user['official_code'],
  340. $user['lastname'].', '.$user['firstname'],
  341. $user['email'],
  342. $user['phone'],
  343. ];
  344. }
  345. $a_users[] = $user_pdf;
  346. } else {
  347. $a_users[] = $user;
  348. }
  349. $data[] = $user;
  350. $counter++;
  351. }
  352. }
  353. $fileName = get_lang('Learners list');
  354. $pdfTitle = get_lang('Learners list');
  355. if ($type == COURSEMANAGER) {
  356. $fileName = get_lang('Trainers');
  357. $pdfTitle = get_lang('Trainers');
  358. }
  359. switch ($_GET['format']) {
  360. case 'csv':
  361. Export::arrayToCsv($a_users, $fileName);
  362. exit;
  363. case 'xls':
  364. Export::arrayToXls($a_users, $fileName);
  365. exit;
  366. case 'pdf':
  367. $header_attributes = [
  368. ['style' => 'width:10px'],
  369. ['style' => 'width:30px'],
  370. ['style' => 'width:50px'],
  371. ['style' => 'width:500px'],
  372. ];
  373. $params = [
  374. 'filename' => $fileName,
  375. 'pdf_title' => $pdfTitle,
  376. 'header_attributes' => $header_attributes,
  377. ];
  378. Export::export_table_pdf($a_users, $params);
  379. exit;
  380. }
  381. }
  382. }
  383. if (api_is_allowed_to_edit(null, true)) {
  384. // Unregister user from course
  385. if (isset($_REQUEST['unregister']) && $_REQUEST['unregister']) {
  386. if (isset($_GET['user_id']) && is_numeric($_GET['user_id']) &&
  387. ($_GET['user_id'] != $_user['user_id'] || api_is_platform_admin())
  388. ) {
  389. $user_id = (int) $_GET['user_id'];
  390. $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
  391. $tbl_session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
  392. $tbl_session_rel_user = Database::get_main_table(TABLE_MAIN_SESSION_USER);
  393. $sql = "SELECT user.user_id
  394. FROM $tbl_user user
  395. INNER JOIN $tbl_session_rel_user reluser
  396. ON user.user_id = reluser.user_id AND reluser.relation_type <> ".SESSION_RELATION_TYPE_RRHH."
  397. INNER JOIN $tbl_session_rel_course rel_course
  398. ON rel_course.session_id = reluser.session_id
  399. WHERE
  400. user.user_id = $user_id AND
  401. rel_course.c_id = $courseId ";
  402. $result = Database::query($sql);
  403. $row = Database::fetch_array($result, 'ASSOC');
  404. if ($row['user_id'] == $user_id || $row['user_id'] == "") {
  405. CourseManager::unsubscribe_user($_GET['user_id'], $courseCode);
  406. Display::addFlash(
  407. Display::return_message(get_lang('User is now unsubscribed'))
  408. );
  409. } else {
  410. Display::addFlash(
  411. Display::return_message(
  412. get_lang('This learner is subscribed in this training through a training session. You cannot edit his information')
  413. )
  414. );
  415. }
  416. }
  417. }
  418. } else {
  419. // If student can unsubscribe
  420. if (isset($_REQUEST['unregister']) && $_REQUEST['unregister'] == 'yes') {
  421. if ($course_info['unsubscribe'] == 1) {
  422. $user_id = api_get_user_id();
  423. CourseManager::unsubscribe_user($user_id, $course_info['code']);
  424. header('Location: '.api_get_path(WEB_PATH).'user_portal.php');
  425. exit;
  426. }
  427. }
  428. }
  429. // $is_allowed_in_course is first defined in local.inc.php
  430. if (!api_is_allowed_in_course()) {
  431. api_not_allowed(true);
  432. }
  433. // Statistics
  434. Event::event_access_tool(TOOL_USER);
  435. $default_column = 3;
  436. $tableLabel = $type === STUDENT ? 'student' : 'teacher';
  437. $table = new SortableTable(
  438. $tableLabel.'_list',
  439. 'get_number_of_users',
  440. 'get_user_data',
  441. $default_column
  442. );
  443. $parameters['keyword'] = isset($_GET['keyword']) ? Security::remove_XSS($_GET['keyword']) : null;
  444. $parameters['sec_token'] = Security::get_token();
  445. $parameters['id_session'] = api_get_session_id();
  446. $parameters['type'] = $type;
  447. $table->set_additional_parameters($parameters);
  448. $header_nr = 0;
  449. $indexList = [];
  450. $table->set_header($header_nr++, '', false);
  451. $indexList['photo'] = $header_nr;
  452. $table->set_header($header_nr++, get_lang('Photo'), false);
  453. $indexList['official_code'] = $header_nr;
  454. $table->set_header($header_nr++, get_lang('Code'));
  455. if ($is_western_name_order) {
  456. $indexList['firstname'] = $header_nr;
  457. $table->set_header($header_nr++, get_lang('First name'));
  458. $indexList['lastname'] = $header_nr;
  459. $table->set_header($header_nr++, get_lang('Last name'));
  460. } else {
  461. $indexList['lastname'] = $header_nr;
  462. $table->set_header($header_nr++, get_lang('Last name'));
  463. $indexList['firstname'] = $header_nr;
  464. $table->set_header($header_nr++, get_lang('First name'));
  465. }
  466. $indexList['username'] = $header_nr;
  467. $table->set_header($header_nr++, get_lang('Login'));
  468. $indexList['groups'] = $header_nr;
  469. $table->set_header($header_nr++, get_lang('Group'), false);
  470. $hideFields = api_get_configuration_value('hide_user_field_from_list');
  471. if (!empty($hideFields)) {
  472. $hideFields = $hideFields['fields'];
  473. foreach ($hideFields as $fieldToHide) {
  474. if (isset($indexList[$fieldToHide])) {
  475. $table->setHideColumn($indexList[$fieldToHide]);
  476. }
  477. }
  478. }
  479. $table->setHideColumn('is_tutor');
  480. $table->setHideColumn('user_status_in_course');
  481. if (api_is_allowed_to_edit(null, true)) {
  482. $table->set_header($header_nr++, get_lang('Status'), false);
  483. $table->set_header($header_nr++, get_lang('active'), false);
  484. if ($canEditUsers) {
  485. $table->set_column_filter(8, 'active_filter');
  486. } else {
  487. $table->set_column_filter(8, 'active_filter');
  488. }
  489. foreach ($extraFields as $extraField) {
  490. $table->set_header($header_nr++, $extraField['display_text'], false);
  491. }
  492. // Actions column
  493. $table->set_header($header_nr++, get_lang('Action'), false);
  494. $table->set_column_filter($header_nr - 1, 'modify_filter');
  495. if ($canEditUsers) {
  496. $table->set_form_actions(['unsubscribe' => get_lang('Unsubscribe')], 'user');
  497. }
  498. } else {
  499. if ($course_info['unsubscribe'] == 1) {
  500. $table->set_header($header_nr++, get_lang('Action'), false);
  501. $table->set_column_filter($header_nr - 1, 'modify_filter');
  502. }
  503. }
  504. /* Header */
  505. if (isset($origin) && $origin === 'learnpath') {
  506. Display::display_reduced_header();
  507. } else {
  508. if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
  509. $interbreadcrumb[] = [
  510. 'url' => 'user.php?'.api_get_cidreq(),
  511. 'name' => get_lang('Users'),
  512. ];
  513. $tool_name = get_lang('Search results');
  514. } else {
  515. $tool_name = get_lang('Users');
  516. $origin = 'users';
  517. }
  518. Display::display_header($tool_name, 'User');
  519. }
  520. // Tool introduction
  521. Display::display_introduction_section(TOOL_USER, 'left');
  522. $actions = '';
  523. $selectedTab = 1;
  524. if ($canRead) {
  525. echo '<div class="actions">';
  526. switch ($type) {
  527. case STUDENT:
  528. $selectedTab = 1;
  529. $url = api_get_path(WEB_CODE_PATH).'user/subscribe_user.php?'.api_get_cidreq().'&type='.STUDENT;
  530. $icon = Display::url(
  531. Display::return_icon('add-user.png', get_lang('Add'), [], ICON_SIZE_MEDIUM),
  532. $url
  533. );
  534. break;
  535. case COURSEMANAGER:
  536. $selectedTab = 2;
  537. $url = api_get_path(WEB_CODE_PATH).'user/subscribe_user.php?'.api_get_cidreq().'&type='.COURSEMANAGER;
  538. $icon = Display::url(
  539. Display::return_icon('add-teacher.png', get_lang('Add'), [], ICON_SIZE_MEDIUM),
  540. $url
  541. );
  542. break;
  543. }
  544. echo '<div class="row">';
  545. echo '<div class="col-md-6">';
  546. if ($canEdit) {
  547. echo $icon;
  548. }
  549. if ($canRead) {
  550. $actions .= '<a href="user.php?'.api_get_cidreq().'&action=export&format=csv&type='.$type.'">'.
  551. Display::return_icon('export_csv.png', get_lang('CSV export'), [], ICON_SIZE_MEDIUM).'</a> ';
  552. $actions .= '<a href="user.php?'.api_get_cidreq().'&action=export&format=xls&type='.$type.'">'.
  553. Display::return_icon('export_excel.png', get_lang('Excel export'), [], ICON_SIZE_MEDIUM).'</a> ';
  554. }
  555. if ($canEditUsers && $canEdit) {
  556. $actions .= '<a href="user_import.php?'.api_get_cidreq().'&action=import&type='.$type.'">'.
  557. Display::return_icon('import_csv.png', get_lang('Import users list'), [], ICON_SIZE_MEDIUM).'</a> ';
  558. }
  559. if ($canRead) {
  560. $actions .= '<a href="user.php?'.api_get_cidreq().'&action=export&format=pdf&type='.$type.'">'.
  561. Display::return_icon('pdf.png', get_lang('Export to PDF'), [], ICON_SIZE_MEDIUM).'</a> ';
  562. }
  563. echo $actions;
  564. echo '</div>';
  565. echo '<div class="col-md-6">';
  566. echo '<div class="pull-right">';
  567. // Build search-form
  568. $form = new FormValidator(
  569. 'search_user',
  570. 'get',
  571. api_get_self().'?type='.$type,
  572. '',
  573. null,
  574. FormValidator::LAYOUT_INLINE
  575. );
  576. $form->addHidden('type', $type);
  577. $form->addText('keyword', '', false);
  578. $form->addElement('hidden', 'cidReq', api_get_course_id());
  579. $form->addButtonSearch(get_lang('Search'));
  580. $form->display();
  581. echo '</div>';
  582. echo '</div>';
  583. echo '</div>';
  584. $allowTutors = api_get_setting('allow_tutors_to_assign_students_to_session');
  585. if (api_is_allowed_to_edit() && $allowTutors === 'true') {
  586. $actions .= ' <a class="btn btn-default" href="session_list.php?'.api_get_cidreq().'">'.
  587. get_lang('Course sessions').'</a>';
  588. }
  589. echo '</div>';
  590. }
  591. echo UserManager::getUserSubscriptionTab($selectedTab);
  592. $table->display();
  593. if (!empty($_GET['keyword']) && !empty($_GET['submit'])) {
  594. $keyword_name = Security::remove_XSS($_GET['keyword']);
  595. echo '<br/>'.get_lang('Search resultsFor').' <span style="font-style: italic ;"> '.$keyword_name.' </span><br>';
  596. }
  597. if (!isset($origin) || $origin != 'learnpath') {
  598. Display::display_footer();
  599. }
  600. /* Helper functions for the users lists in course */
  601. /**
  602. * Get the users to display on the current page.
  603. */
  604. function get_number_of_users()
  605. {
  606. $counter = 0;
  607. $sessionId = api_get_session_id();
  608. $courseCode = api_get_course_id();
  609. $active = isset($_GET['active']) ? $_GET['active'] : null;
  610. $type = isset($_REQUEST['type']) ? intval($_REQUEST['type']) : STUDENT;
  611. if (empty($sessionId)) {
  612. $status = $type;
  613. } else {
  614. if ($type == COURSEMANAGER) {
  615. $status = 2;
  616. } else {
  617. $status = 0;
  618. }
  619. }
  620. if (!empty($sessionId)) {
  621. $a_course_users = CourseManager::get_user_list_from_course_code(
  622. $courseCode,
  623. $sessionId,
  624. null,
  625. null,
  626. $status,
  627. null,
  628. false,
  629. false,
  630. null,
  631. null,
  632. null,
  633. $active
  634. );
  635. } else {
  636. $a_course_users = CourseManager::get_user_list_from_course_code(
  637. $courseCode,
  638. 0,
  639. null,
  640. null,
  641. $status,
  642. null,
  643. false,
  644. false,
  645. null,
  646. null,
  647. null,
  648. $active
  649. );
  650. }
  651. foreach ($a_course_users as $o_course_user) {
  652. if ((
  653. isset($_GET['keyword']) &&
  654. searchUserKeyword(
  655. $o_course_user['firstname'],
  656. $o_course_user['lastname'],
  657. $o_course_user['username'],
  658. $o_course_user['official_code'],
  659. $_GET['keyword']
  660. )
  661. ) || !isset($_GET['keyword']) || empty($_GET['keyword'])
  662. ) {
  663. $counter++;
  664. }
  665. }
  666. return $counter;
  667. }
  668. /**
  669. * @param string $firstname
  670. * @param string $lastname
  671. * @param string $username
  672. * @param string $official_code
  673. * @param $keyword
  674. *
  675. * @return bool
  676. */
  677. function searchUserKeyword($firstname, $lastname, $username, $official_code, $keyword)
  678. {
  679. if (api_strripos($firstname, $keyword) !== false ||
  680. api_strripos($lastname, $keyword) !== false ||
  681. api_strripos($username, $keyword) !== false ||
  682. api_strripos($official_code, $keyword) !== false
  683. ) {
  684. return true;
  685. } else {
  686. return false;
  687. }
  688. }
  689. /**
  690. * Get the users to display on the current page.
  691. *
  692. * @param int $from Offset
  693. * @param int $number_of_items
  694. * @param int $column The column on which to sort
  695. * @param string $direction ASC or DESC, for the sort order of the query results
  696. *
  697. * @return array
  698. */
  699. function get_user_data($from, $number_of_items, $column, $direction)
  700. {
  701. global $is_western_name_order;
  702. global $extraFields;
  703. $type = isset($_REQUEST['type']) ? intval($_REQUEST['type']) : STUDENT;
  704. $course_info = api_get_course_info();
  705. $sessionId = api_get_session_id();
  706. $course_code = $course_info['code'];
  707. $a_users = [];
  708. $limit = null;
  709. $from = (int) $from;
  710. $number_of_items = (int) $number_of_items;
  711. // limit
  712. if (!isset($_GET['keyword']) || empty($_GET['keyword'])) {
  713. $limit = 'LIMIT '.$from.','.$number_of_items;
  714. }
  715. if (!in_array($direction, ['ASC', 'DESC'])) {
  716. $direction = 'ASC';
  717. }
  718. switch ($column) {
  719. case 2: //official code
  720. $order_by = 'ORDER BY user.official_code '.$direction;
  721. break;
  722. case 3:
  723. if ($is_western_name_order) {
  724. $order_by = 'ORDER BY user.firstname '.$direction.', user.lastname '.$direction;
  725. } else {
  726. $order_by = 'ORDER BY user.lastname '.$direction.', user.firstname '.$direction;
  727. }
  728. break;
  729. case 4:
  730. if ($is_western_name_order) {
  731. $order_by = 'ORDER BY user.lastname '.$direction.', user.firstname '.$direction;
  732. } else {
  733. $order_by = 'ORDER BY user.firstname '.$direction.', user.lastname '.$direction;
  734. }
  735. break;
  736. case 5: //username
  737. $order_by = 'ORDER BY user.username '.$direction;
  738. break;
  739. default:
  740. if ($is_western_name_order) {
  741. $order_by = 'ORDER BY user.lastname '.$direction.', user.firstname '.$direction;
  742. } else {
  743. $order_by = 'ORDER BY user.firstname '.$direction.', user.lastname '.$direction;
  744. }
  745. break;
  746. }
  747. $active = isset($_GET['active']) ? $_GET['active'] : null;
  748. if (empty($sessionId)) {
  749. $status = $type;
  750. } else {
  751. if ($type == COURSEMANAGER) {
  752. $status = 2;
  753. } else {
  754. $status = 0;
  755. }
  756. }
  757. $a_course_users = CourseManager::get_user_list_from_course_code(
  758. $course_code,
  759. $sessionId,
  760. $limit,
  761. $order_by,
  762. $status,
  763. null,
  764. false,
  765. false,
  766. null,
  767. [],
  768. [],
  769. $active
  770. );
  771. foreach ($a_course_users as $user_id => $o_course_user) {
  772. if ((
  773. isset($_GET['keyword']) &&
  774. searchUserKeyword(
  775. $o_course_user['firstname'],
  776. $o_course_user['lastname'],
  777. $o_course_user['username'],
  778. $o_course_user['official_code'],
  779. $_GET['keyword']
  780. )
  781. ) || !isset($_GET['keyword']) || empty($_GET['keyword'])
  782. ) {
  783. $groupsNameList = GroupManager::getAllGroupPerUserSubscription($user_id);
  784. $groupsNameListParsed = [];
  785. if (!empty($groupsNameList)) {
  786. $groupsNameListParsed = array_column($groupsNameList, 'name');
  787. }
  788. $temp = [];
  789. if (api_is_allowed_to_edit(null, true)) {
  790. $userInfo = api_get_user_info($user_id);
  791. $photo = Display::img($userInfo['avatar_small'], $userInfo['complete_name'], [], false);
  792. $temp[] = $user_id;
  793. $temp[] = $photo;
  794. $temp[] = $o_course_user['official_code'];
  795. if ($is_western_name_order) {
  796. $temp[] = $o_course_user['firstname'];
  797. $temp[] = $o_course_user['lastname'];
  798. } else {
  799. $temp[] = $o_course_user['lastname'];
  800. $temp[] = $o_course_user['firstname'];
  801. }
  802. $temp[] = $o_course_user['username'];
  803. // Groups.
  804. $temp[] = implode(', ', $groupsNameListParsed);
  805. // Status
  806. $default_status = get_lang('Learner');
  807. if ((isset($o_course_user['status_rel']) && $o_course_user['status_rel'] == 1) ||
  808. (isset($o_course_user['status_session']) && $o_course_user['status_session'] == 2)
  809. ) {
  810. $default_status = get_lang('Teacher');
  811. } elseif (isset($o_course_user['is_tutor']) && $o_course_user['is_tutor'] == 1) {
  812. $default_status = get_lang('Coach');
  813. }
  814. $temp[] = $default_status;
  815. // active
  816. $temp[] = $o_course_user['active'];
  817. $extraFieldOption = new ExtraFieldOption('user');
  818. $extraFieldValue = new ExtraFieldValue('user');
  819. if (!empty($extraFields)) {
  820. foreach ($extraFields as $extraField) {
  821. $data = $extraFieldValue->get_values_by_handler_and_field_id(
  822. $user_id,
  823. $extraField['id']
  824. );
  825. $optionList = $extraFieldOption->get_field_option_by_field_and_option(
  826. $extraField['id'],
  827. $data['value']
  828. );
  829. if (!empty($optionList)) {
  830. $options = implode(', ', array_column($optionList, 'display_text'));
  831. $temp[] = $options;
  832. } else {
  833. $temp[] = $data['value'];
  834. }
  835. }
  836. }
  837. // User id for actions
  838. $temp[] = $user_id;
  839. $temp['is_tutor'] = isset($o_course_user['is_tutor']) ? $o_course_user['is_tutor'] : '';
  840. $temp['user_status_in_course'] = isset($o_course_user['status_rel']) ? $o_course_user['status_rel'] : '';
  841. } else {
  842. $userInfo = api_get_user_info($user_id);
  843. $userPicture = $userInfo['avatar'];
  844. $photo = '<img src="'.$userPicture.'" alt="'.$userInfo['complete_name'].'" width="22" height="22" title="'.$userInfo['complete_name'].'" />';
  845. $temp[] = '';
  846. $temp[] = $photo;
  847. $temp[] = $o_course_user['official_code'];
  848. if ($is_western_name_order) {
  849. $temp[] = $o_course_user['firstname'];
  850. $temp[] = $o_course_user['lastname'];
  851. } else {
  852. $temp[] = $o_course_user['lastname'];
  853. $temp[] = $o_course_user['firstname'];
  854. }
  855. $temp[] = $o_course_user['username'];
  856. // Group.
  857. $temp[] = implode(', ', $groupsNameListParsed);
  858. if ($course_info['unsubscribe'] == 1) {
  859. //User id for actions
  860. $temp[] = $user_id;
  861. }
  862. }
  863. $a_users[$user_id] = $temp;
  864. }
  865. }
  866. return $a_users;
  867. }
  868. /**
  869. * Build the active-column of the table to lock or unlock a certain user
  870. * lock = the user can no longer use this account.
  871. *
  872. * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
  873. *
  874. * @param int $active the current state of the account
  875. * @param string $urlParams
  876. *
  877. * @return string Some HTML-code with the lock/unlock button
  878. */
  879. function active_filter($active, $urlParams, $row)
  880. {
  881. $userId = api_get_user_id();
  882. $action = '';
  883. $image = '';
  884. if ($active == '1') {
  885. $action = 'Accountactive';
  886. $image = 'accept';
  887. }
  888. if ($active == '0') {
  889. $action = 'AccountInactive';
  890. $image = 'error';
  891. }
  892. $result = '';
  893. /* you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is
  894. locked out and nobody can change it anymore.*/
  895. if ($row[0] != $userId) {
  896. $result = '<center><img src="'.Display::returnIconPath($image.'.png', 16).'" border="0" alt="'.get_lang(ucfirst($action)).'" title="'.get_lang(ucfirst($action)).'"/></center>';
  897. }
  898. return $result;
  899. }
  900. /**
  901. * Build the modify-column of the table.
  902. *
  903. * @param int $user_id The user id
  904. *
  905. * @return string Some HTML-code
  906. */
  907. function modify_filter($user_id, $row, $data)
  908. {
  909. global $charset;
  910. $canEditUsers = api_get_setting('allow_user_course_subscription_by_course_admin') == 'true' || api_is_platform_admin();
  911. $is_allowed_to_track = api_is_allowed_to_edit(true, true);
  912. $user_id = $data[0];
  913. $userInfo = api_get_user_info($user_id);
  914. $isInvitee = $userInfo['status'] == INVITEE ? true : false;
  915. $course_info = $_course = api_get_course_info();
  916. $current_user_id = api_get_user_id();
  917. $sessionId = api_get_session_id();
  918. $type = isset($_REQUEST['type']) ? intval($_REQUEST['type']) : STUDENT;
  919. $result = '';
  920. if ($is_allowed_to_track) {
  921. $result .= '<a href="../mySpace/myStudents.php?'.api_get_cidreq().'&student='.$user_id.'&details=true&course='.$_course['id'].'&origin=user_course&id_session='.api_get_session_id().'" title="'.get_lang('Reporting').'">
  922. '.Display::return_icon('statistics.png', get_lang('Reporting')).'
  923. </a>';
  924. }
  925. // If platform admin, show the login_as icon (this drastically shortens
  926. // time taken by support to test things out)
  927. if (api_is_platform_admin()) {
  928. $result .= ' <a href="'.api_get_path(WEB_CODE_PATH).'admin/user_list.php?action=login_as&user_id='.$user_id.'&sec_token='.Security::getTokenFromSession().'">'.
  929. Display::return_icon('login_as.png', get_lang('Login as')).'</a>&nbsp;&nbsp;';
  930. }
  931. if (api_is_allowed_to_edit(null, true)) {
  932. if (empty($sessionId)) {
  933. $isTutor = isset($data['is_tutor']) ? intval($data['is_tutor']) : 0;
  934. $isTutor = empty($isTutor) ? 1 : 0;
  935. $text = get_lang('RemoveCoachStatus');
  936. if ($isTutor) {
  937. $text = get_lang('SetCoach');
  938. }
  939. if ($isInvitee) {
  940. $disabled = 'disabled';
  941. } else {
  942. $disabled = '';
  943. }
  944. $allow = api_get_configuration_value('extra');
  945. if ($allow) {
  946. $result .= '<a href="'.
  947. api_get_path(WEB_CODE_PATH).'extra/userInfo.php?'.api_get_cidreq().'&editMainUserInfo='.$user_id.'" title="'.get_lang('Edit').'" >'.
  948. Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).
  949. '</a>&nbsp;';
  950. }
  951. if ($data['user_status_in_course'] == STUDENT) {
  952. $result .= Display::url(
  953. $text,
  954. 'user.php?'.api_get_cidreq().'&action=set_tutor&is_tutor='.$isTutor.'&user_id='.$user_id.'&type='.$type,
  955. ['class' => 'btn btn-default '.$disabled]
  956. ).'&nbsp;';
  957. }
  958. }
  959. // edit
  960. if ($canEditUsers) {
  961. // unregister
  962. if ($user_id != $current_user_id || api_is_platform_admin()) {
  963. $result .= '<a class="btn btn-sm btn-danger delete-swal" href="'.api_get_self().'?'.api_get_cidreq().'&type='.$type.'&unregister=yes&user_id='.$user_id.'" title="'.addslashes(api_htmlentities(get_lang('Unsubscribe'))).' " >'.
  964. get_lang('Unsubscribe').'</a>&nbsp;';
  965. }
  966. }
  967. } else {
  968. // Show buttons for unsubscribe
  969. if ($course_info['unsubscribe'] == 1) {
  970. if ($user_id == $current_user_id) {
  971. $result .= '<a class="btn btn-sm btn-danger delete-swal" href="'.api_get_self().'?'.api_get_cidreq().'&type='.$type.'&unregister=yes&user_id='.$user_id.'" title="'.addslashes(api_htmlentities(get_lang('Unsubscribe'))).' >'.
  972. get_lang('Unsubscribe').'</a>&nbsp;';
  973. }
  974. }
  975. }
  976. return $result;
  977. }