File manager - Edit - /home/missmand/public_html/learning/old/main/admin/user_list_methods.php
Back
<?php /** * Make sure this function is protected because it does NOT check password! * * This function defines globals. * @param int User ID * @return bool False on failure, redirection on success * @author Evie Embrechts * @author Yannick Warnier <yannick.warnier@dokeos.com> */ function login_user($user_id) { $user_id = intval($user_id); if (empty($user_id)) { return false; } if ($user_id != strval(intval($user_id))) { return false; } //Only superadmins can login to admin accounts if (!api_global_admin_can_edit_admin($user_id)) { return false; } //Load $_user to be sure we clean it before logging in global $uidReset, $loginFailed, $_configuration, $_user; $main_user_table = Database::get_main_table(TABLE_MAIN_USER); $main_admin_table = Database::get_main_table(TABLE_MAIN_ADMIN); $track_e_login_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LOGIN); unset($_user['user_id']); // uid not in session ? prevent any hacking $user_info = api_get_user_info($user_id); // check if the user is allowed to 'login_as' $can_login_as = (api_is_platform_admin() OR (api_is_session_admin() && $user_info['status'] == 5 )); if (!$can_login_as) { return false; } $firstname = $user_info['firstname']; $lastname = $user_info['lastname']; $user_id = $user_info['user_id']; //$message = "Attempting to login as ".api_get_person_name($firstname, $lastname)." (id ".$user_id.")"; if (api_is_western_name_order()) { $message = sprintf(get_lang('AttemptingToLoginAs'),$firstname,$lastname,$user_id); } else { $message = sprintf(get_lang('AttemptingToLoginAs'), $lastname, $firstname, $user_id); } $loginFailed = false; $uidReset = false; if ($user_id) { // a uid is given (log in succeeded) $sql_query = "SELECT user.*, a.user_id is_admin, UNIX_TIMESTAMP(login.login_date) login_date FROM $main_user_table LEFT JOIN $main_admin_table a ON user.user_id = a.user_id LEFT JOIN $track_e_login_table login ON user.user_id = login.login_user_id WHERE user.user_id = '".$user_id."' ORDER BY login.login_date DESC LIMIT 1"; $sql_result = Database::query($sql_query); if (Database::num_rows($sql_result) > 0) { // Extracting the user data $user_data = Database::fetch_array($sql_result); //Delog the current user LoginDelete($_SESSION["_user"]["user_id"]); // Cleaning session variables unset($_SESSION['_user']); unset($_SESSION['is_platformAdmin']); unset($_SESSION['is_allowedCreateCourse']); unset($_SESSION['_uid']); $_user['firstName'] = $user_data['firstname']; $_user['lastName'] = $user_data['lastname']; $_user['mail'] = $user_data['email']; $_user['lastLogin'] = $user_data['login_date']; $_user['official_code'] = $user_data['official_code']; $_user['picture_uri'] = $user_data['picture_uri']; $_user['user_id'] = $user_data['user_id']; $_user['status'] = $user_data['status']; $is_platformAdmin = (bool) (!is_null($user_data['is_admin'])); $is_allowedCreateCourse = (bool) ($user_data['status'] == 1); // Filling session variables with new data $_SESSION['_uid'] = $user_id; $_SESSION['_user'] = $_user; $_SESSION['is_platformAdmin'] = $is_platformAdmin; $_SESSION['is_allowedCreateCourse'] = $is_allowedCreateCourse; $_SESSION['login_as'] = true; // will be useful later to know if the user is actually an admin or not (example reporting)s $target_url = api_get_path(WEB_PATH)."user_portal.php"; //$message .= "<br/>Login successful. Go to <a href=\"$target_url\">$target_url</a>"; $message .= '<br />'.sprintf(get_lang('LoginSuccessfulGoToX'),'<a href="'.$target_url.'">'.$target_url.'</a>'); Display :: display_header(get_lang('UserList')); Display :: display_normal_message($message,false); Display :: display_footer(); exit; } else { exit ("<br />WARNING UNDEFINED UID !! "); } } } /** * Get the total number of users on the platform * @see SortableTable#get_total_number_of_items() */ function get_number_of_users() { $user_table = Database :: get_main_table(TABLE_MAIN_USER); $sql = "SELECT COUNT(u.user_id) AS total_number_of_items FROM $user_table u"; // adding the filter to see the user's only of the current access_url if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) { $access_url_rel_user_table= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)"; } if (isset($_GET['keyword_extra_data'])) { $keyword_extra_data = Database::escape_string($_GET['keyword_extra_data']); if (!empty($keyword_extra_data)) { $extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data); $field_id = $extra_info['id']; $sql.= " INNER JOIN user_field_values ufv ON u.user_id=ufv.user_id AND ufv.field_id=$field_id "; } } if ( isset ($_GET['keyword'])) { $keyword = Database::escape_string(trim($_GET['keyword'])); $sql .= " WHERE (u.firstname LIKE '%".$keyword."%' OR u.lastname LIKE '%".$keyword."%' OR concat(u.firstname,' ',u.lastname) LIKE '%".$keyword."%' OR concat(u.lastname,' ',u.firstname) LIKE '%".$keyword."%' OR u.username LIKE '%".$keyword."%' OR u.email LIKE '%".$keyword."%' OR u.official_code LIKE '%".$keyword."%') "; } elseif (isset ($_GET['keyword_firstname'])) { $admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $keyword_firstname = Database::escape_string($_GET['keyword_firstname']); $keyword_lastname = Database::escape_string($_GET['keyword_lastname']); $keyword_email = Database::escape_string($_GET['keyword_email']); $keyword_officialcode = Database::escape_string($_GET['keyword_officialcode']); $keyword_username = Database::escape_string($_GET['keyword_username']); $keyword_status = Database::escape_string($_GET['keyword_status']); $query_admin_table = ''; $keyword_admin = ''; if ($keyword_status == SESSIONADMIN) { $keyword_status = '%'; $query_admin_table = " , $admin_table a "; $keyword_admin = ' AND a.user_id = u.user_id '; } $keyword_extra_value = ''; if (isset($_GET['keyword_extra_data'])) { if (!empty($_GET['keyword_extra_data']) && !empty($_GET['keyword_extra_data_text'])) { $keyword_extra_data_text = Database::escape_string($_GET['keyword_extra_data_text']); $keyword_extra_value = " AND ufv.field_value LIKE '%".trim($keyword_extra_data_text)."%' "; } } $keyword_active = isset($_GET['keyword_active']); $keyword_inactive = isset($_GET['keyword_inactive']); $sql .= $query_admin_table . " WHERE (u.firstname LIKE '%".$keyword_firstname."%' " . "AND u.lastname LIKE '%".$keyword_lastname."%' " . "AND u.username LIKE '%".$keyword_username."%' " . "AND u.email LIKE '%".$keyword_email."%' " . "AND u.official_code LIKE '%".$keyword_officialcode."%'" . "AND u.status LIKE '".$keyword_status."'" . $keyword_admin.$keyword_extra_value; if($keyword_active && !$keyword_inactive) { $sql .= " AND u.active='1'"; } elseif($keyword_inactive && !$keyword_active) { $sql .= " AND u.active='0'"; } $sql .= " ) "; } // adding the filter to see the user's only of the current access_url if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) { $sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id(); } $res = Database::query($sql); $obj = Database::fetch_object($res); return $obj->total_number_of_items; } /** * Get the users to display on the current page (fill the sortable-table) * @param int offset of first user to recover * @param int Number of users to get * @param int Column to sort on * @param string Order (ASC,DESC) * @see SortableTable#get_table_data($from) */ function get_user_data($from, $number_of_items, $column, $direction) { global $origin; $user_table = Database :: get_main_table(TABLE_MAIN_USER); $admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $sql = "SELECT u.user_id AS col0, u.official_code AS col2, ".(api_is_western_name_order() ? "u.firstname AS col3, u.lastname AS col4," : "u.lastname AS col3, u.firstname AS col4,")." u.username AS col5, u.email AS col6, u.status AS col7, u.active AS col8, u.user_id AS col9, u.registration_date AS col10 ". ", u.expiration_date AS exp ". " FROM $user_table u "; // adding the filter to see the user's only of the current access_url if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) { $access_url_rel_user_table= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)"; } if (isset($_GET['keyword_extra_data'])) { $keyword_extra_data = Database::escape_string($_GET['keyword_extra_data']); if (!empty($keyword_extra_data)) { $extra_info = UserManager::get_extra_field_information_by_name($keyword_extra_data); $field_id = $extra_info['id']; $sql.= " INNER JOIN user_field_values ufv ON u.user_id=ufv.user_id AND ufv.field_id=$field_id "; } } if (isset ($_GET['keyword'])) { $keyword = Database::escape_string(trim($_GET['keyword'])); $sql .= " WHERE (u.firstname LIKE '%".$keyword."%' OR u.lastname LIKE '%".$keyword."%' OR concat(u.firstname,' ',u.lastname) LIKE '%".$keyword."%' OR concat(u.lastname,' ',u.firstname) LIKE '%".$keyword."%' OR u.username LIKE '%".$keyword."%' OR u.official_code LIKE '%".$keyword."%' OR u.email LIKE '%".$keyword."%' )"; } elseif (isset ($_GET['keyword_firstname'])) { $keyword_firstname = Database::escape_string($_GET['keyword_firstname']); $keyword_lastname = Database::escape_string($_GET['keyword_lastname']); $keyword_email = Database::escape_string($_GET['keyword_email']); $keyword_officialcode = Database::escape_string($_GET['keyword_officialcode']); $keyword_username = Database::escape_string($_GET['keyword_username']); $keyword_status = Database::escape_string($_GET['keyword_status']); $query_admin_table = ''; $keyword_admin = ''; if ($keyword_status == SESSIONADMIN) { $keyword_status = '%'; $query_admin_table = " , $admin_table a "; $keyword_admin = ' AND a.user_id = u.user_id '; } $keyword_extra_value = ''; if (isset($_GET['keyword_extra_data'])) { if (!empty($_GET['keyword_extra_data']) && !empty($_GET['keyword_extra_data_text'])) { $keyword_extra_data_text = Database::escape_string($_GET['keyword_extra_data_text']); $keyword_extra_value = " AND ufv.field_value LIKE '%".trim($keyword_extra_data_text)."%' "; } } $keyword_active = isset($_GET['keyword_active']); $keyword_inactive = isset($_GET['keyword_inactive']); $sql .= $query_admin_table." WHERE (u.firstname LIKE '%".$keyword_firstname."%' " . "AND u.lastname LIKE '%".$keyword_lastname."%' " . "AND u.username LIKE '%".$keyword_username."%' " . "AND u.email LIKE '%".$keyword_email."%' " . "AND u.official_code LIKE '%".$keyword_officialcode."%' " . "AND u.status LIKE '".$keyword_status."'" . $keyword_admin.$keyword_extra_value; if ($keyword_active && !$keyword_inactive) { $sql .= " AND u.active='1'"; } elseif($keyword_inactive && !$keyword_active) { $sql .= " AND u.active='0'"; } $sql .= " ) "; } // adding the filter to see the user's only of the current access_url if ((api_is_platform_admin() || api_is_session_admin()) && api_get_multiple_access_url()) { $sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id(); } if (!in_array($direction, array('ASC','DESC'))) { $direction = 'ASC'; } $column = intval($column); $from = intval($from); $number_of_items = intval($number_of_items); $sql .= " ORDER BY col$column $direction "; $sql .= " LIMIT $from,$number_of_items"; $res = Database::query($sql); $users = array (); $t = time(); while ($user = Database::fetch_row($res)) { $image_path = UserManager::get_user_picture_path_by_id($user[0], 'web', false, true); $user_profile = UserManager::get_picture_user($user[0], $image_path['file'], 22, USER_IMAGE_SIZE_SMALL, ' width="22" height="22" '); if (!api_is_anonymous()) { $photo = '<center><a href="'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$user[0].'" title="'.get_lang('Info').'"> <img src="'.$user_profile['file'].'" '.$user_profile['style'].' alt="'.api_get_person_name($user[2],$user[3]).'" title="'.api_get_person_name($user[2], $user[3]).'" /></a></center>'; } else { $photo = '<center><img src="'.$user_profile['file'].'" '.$user_profile['style'].' alt="'.api_get_person_name($user[2], $user[3]).'" title="'.api_get_person_name($user[2], $user[3]).'" /></center>'; } if ($user[7] == 1 && $user[10] != '0000-00-00 00:00:00') { // check expiration date $expiration_time = convert_sql_date($user[10]); // if expiration date is passed, store a special value for active field if ($expiration_time < $t) { $user[7] = '-1'; } } // forget about the expiration date field // BAT require_once(api_get_path(SYS_PATH) . 'main/subrole/subrole.php'); $role = ucfirst(get_subrole($user[0])); // /BAT $users[] = array($user[0], $photo, $user[1],$user[2], $user[3], $user[4], $user[5], $role, $user[7], api_get_local_time($user[9]), $user[0]); // modified by BAT } return $users; } /** * Returns a mailto-link * @param string $email An email-address * @return string HTML-code with a mailto-link */ function email_filter($email) { return Display :: encrypted_mailto_link($email, $email); } /** * Returns a mailto-link * @param string $email An email-address * @return string HTML-code with a mailto-link */ function user_filter($name, $params, $row) { return '<a href="'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$row[0].'">'.$name.'</a>'; } /** * Build the modify-column of the table * @param int The user id * @param string URL params to add to table links * @param array Row of elements to alter * @return string Some HTML-code with modify-buttons */ function modify_filter($user_id, $url_params, $row) { global $charset, $_admins_list, $delete_user_available; // BAT require_once(api_get_path(SYS_PATH) . 'main/subrole/subrole.php'); $is_admin = get_subrole($user_id) == ADMIN; // /BAT $statusname = api_get_status_langvars(); $user_is_anonymous = false; $current_user_status_label = $row['7']; if ($current_user_status_label == $statusname[ANONYMOUS]) { $user_is_anonymous =true; } $result = ''; if (!$user_is_anonymous) { $result .= '<a href="javascript:void(0)" onclick="load_course_list(\'div_'.$user_id.'\','.$user_id.')" > <img onmouseout="clear_course_list (\'div_'.$user_id.'\')" src="../img/course.gif" title="'.get_lang('Courses').'" alt="'.get_lang('Courses').'"/> <div class="blackboard_hide" id="div_'.$user_id.'"> </div> </a> '; } else { $result .= Display::return_icon('course_na.gif',get_lang('Courses')).' '; } if (api_is_platform_admin()) { if (!$user_is_anonymous) { $result .= '<a href="user_information.php?user_id='.$user_id.'">'.Display::return_icon('synthese_view.gif', get_lang('Info')).'</a> '; } else { $result .= Display::return_icon('synthese_view_na.gif', get_lang('Info')).' '; } } //only allow platform admins to login_as, or session admins only for students (not teachers nor other admins) if (api_is_platform_admin() || (api_is_session_admin() && $current_user_status_label == $statusname[STUDENT])) { if (!$user_is_anonymous) { if (api_global_admin_can_edit_admin($user_id)) { $result .= '<a href="user_list.php?action=login_as&user_id='.$user_id.'&sec_token='.$_SESSION['sec_token'].'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).' '; } //$result .= '<a href="user_list.php?action=login_as&user_id='.$user_id.'&sec_token='.$_SESSION['sec_token'].'">'.Display::return_icon('login_as.gif', get_lang('LoginAs')).'</a> '; } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).' '; } } else { $result .= Display::return_icon('login_as_na.gif', get_lang('LoginAs')).' '; } if ($current_user_status_label != $statusname[STUDENT]) { $result .= Display::return_icon('statistics_na.gif', get_lang('Reporting')).' '; } else { $result .= '<a href="../mySpace/myStudents.php?student='.$user_id.'">'.Display::return_icon('statistics.gif', get_lang('Reporting')).'</a> '; } if (api_is_platform_admin(true)) { if (!$user_is_anonymous && api_global_admin_can_edit_admin($user_id, null, true)) { $result .= '<a href="user_edit.php?user_id='.$user_id.'">'.Display::return_icon('edit.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a> '; } else { $result .= Display::return_icon('edit_na.png', get_lang('Edit'), array(), ICON_SIZE_SMALL).'</a> '; } } if ($is_admin) { $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'),array('width'=> ICON_SIZE_SMALL, 'heigth'=> ICON_SIZE_SMALL)); } else { $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); } // actions for assigning sessions, courses or users if (api_is_session_admin()) { /*if ($row[0] == api_get_user_id()) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='.$user_id.'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; }*/ } else { if ($current_user_status_label == $statusname[DRH] || UserManager::is_admin($user_id)) { $result .= '<a href="dashboard_add_users_to_user.php?user='.$user_id.'">'.Display::return_icon('user_subscribe_course.png', get_lang('AssignUsers'),'',ICON_SIZE_SMALL).'</a>'; $result .= '<a href="dashboard_add_courses_to_user.php?user='.$user_id.'">'.Display::return_icon('course_add.gif', get_lang('AssignCourses')).'</a> '; $result .= '<a href="dashboard_add_sessions_to_user.php?user='.$user_id.'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; } else if ($current_user_status_label == $statusname[SESSIONADMIN]) { $result .= '<a href="dashboard_add_sessions_to_user.php?user='.$user_id.'">'.Display::return_icon('view_more_stats.gif', get_lang('AssignSessions')).'</a> '; } } if (api_is_platform_admin()) { $result .= ' <a href="'.api_get_path(WEB_AJAX_PATH).'agenda.ajax.php?a=get_user_agenda&user_id='.$user_id.'" class="agenda_opener">'.Display::return_icon('month.png', get_lang('FreeBusyCalendar'), array(), ICON_SIZE_SMALL).'</a>'; if ($delete_user_available) { if ($user_id != api_get_user_id() && !$user_is_anonymous && api_global_admin_can_edit_admin($user_id)) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result .= ' <a href="user_list.php?action=delete_user&user_id='.$user_id.'&'.$url_params.'&sec_token='.$_SESSION['sec_token'].'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;">'.Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'</a>'; } else { $result .= Display::return_icon('delete_na.png', get_lang('Delete'), array(), ICON_SIZE_SMALL); } } } return $result; } /** * Build the active-column of the table to lock or unlock a certain user * lock = the user can no longer use this account * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @param int $active the current state of the account * @param int $user_id The user id * @param string $url_params * @return string Some HTML-code with the lock/unlock button */ function active_filter($active, $url_params, $row) { global $_user; if ($active=='1') { $action='Lock'; $image='accept'; } elseif ($active=='-1') { $action='edit'; $image='warning'; } elseif ($active=='0') { $action='Unlock'; $image='error'; } $result = ''; if ($action=='edit') { $result = Display::return_icon($image.'.png', get_lang('AccountExpired'), array(), 16); } elseif ($row['0']<>$_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. $result = Display::return_icon($image.'.png', get_lang(ucfirst($action)), array('onclick'=>'active_user(this);', 'id'=>'img_'.$row['0']), 16).'</a>'; } return $result; }
| ver. 1.4 |
Github
|
.
| PHP 7.4.33 | Generation time: 0 |
proxy
|
phpinfo
|
Settings