Issues in userInfo.php - All Issues - Inspection of "WebServices: set visibility to student work" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( bce6cd...c146d9 )

by Angel Fernando Quiroz

created 2021-08-24 22:43 UTC

main/extra/userInfo.php (1 issue)

Labels

Bug 1

Severity

Major 1

Julio Montoya 1

<?php
/* For licensing terms, see /license.txt */

require_once '../inc/global.inc.php';
require_once 'userInfoLib.php';

$allow = api_get_configuration_value('extra');
if (empty($allow)) {
    exit;
}

$TABLECALHORAIRE = Database :: get_course_table(cal_horaire);

$htmlHeadXtra[] = '<script>
function show_image(image,width,height) {
	width = parseInt(width) + 20;
	height = parseInt(height) + 20;
	window_x = window.open(image,\'windowX\',\'width=\'+ width + \', height=\'+ height + \'\');
}
</script>';

$editMainUserInfo = Security::remove_XSS($_REQUEST['editMainUserInfo']);
$uInfo = $editMainUserInfo;
$this_section = SECTION_COURSES;

$nameTools = get_lang('Users');
api_protect_course_script(true);
$tool_info = api_get_tool_information_by_name(TOOL_USER);

if (api_is_anonymous()) {
    api_not_allowed(true);
}

//prepare variables used in userInfoLib.php functions
$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);

if ($tool_info['visibility'] == 1) {
    $interbreadcrumb[] = ['url' => 'user.php', 'name' => get_lang('Users')];
}

if ($origin != 'learnpath') { //so we are not in learnpath tool
    Display :: display_header($nameTools, "User");
    $origin = Security::remove_XSS($_GET['origin']);
} else {
    ?> <link rel="stylesheet" type="text/css" href="<?php echo api_get_path(WEB_CODE_PATH); ?>css/default.css" /> <?php
}

$currentCourse = api_get_course_id();
$current_session_id = api_get_session_id();
/*
 * data  found  in settings  are :
 *	$uid
 *	$isAdmin
 *	$isAdminOfCourse
 *	$_configuration['main_database']
 *	$currentCourseID
 */

$userIdViewed = Security::remove_XSS($_REQUEST['uInfo']);

/**
 * Connection layer between Chamilo and the current script.
 */
$courseCode = api_get_course_id();
$userIdViewer = api_get_user_id(); // id fo the user currently online
$allowedToEditContent = ($userIdViewer == $userIdViewed) || $is_platformAdmin;
$allowedToEditDef = api_is_allowed_to_edit(null, true);
$is_allowedToTrack = api_is_allowed_to_edit(null, true);
$displayMode = "viewContentList";
$removeDef = Security::remove_XSS($_GET['removeDef']);
$editDef = Security::remove_XSS($_GET['editDef']);
$moveUpDef = Security::remove_XSS($_GET['moveUpDef']);
$moveDownDef = Security::remove_XSS($_GET['moveDownDef']);

if ($allowedToEditDef) {
    if (!empty($_POST['submitDef'])) {
        if (!empty($_POST['id'])) {
            edit_cat_def($_POST['id'], $_POST['title'], $_POST['comment'], $_POST['nbline']);
        } else {
            create_cat_def($_POST['title'], $_POST['comment'], $_POST['nbline']);
        }
        $displayMode = "viewDefList";
    } elseif (!empty($_GET['removeDef'])) {
        remove_cat_def($_GET['removeDef'], true);
        $displayMode = "viewDefList";
    } elseif (!empty($_GET['editDef'])) {
        $displayMode = "viewDefEdit";
    } elseif (!empty($_POST['addDef'])) {
        $displayMode = "viewDefEdit";
    } elseif (!empty($_GET['moveUpDef'])) {
        move_cat_rank($_GET['moveUpDef'], "up");
        $displayMode = "viewDefList";
    } elseif (!empty($_GET['moveDownDef'])) {
        move_cat_rank($_GET['moveDownDef'], "down");
        $displayMode = "viewDefList";
    } elseif (!empty($_POST['viewDefList'])) {
        $displayMode = "viewDefList";
    } elseif (!empty($_GET['editMainUserInfo'])) {
        $userIdViewed = strval(intval($_GET['editMainUserInfo']));
        $displayMode = "viewMainInfoEdit";
    } elseif (!empty($_REQUEST['submitMainUserInfo'])) {
        $userIdViewed = strval(intval($_REQUEST['submitMainUserInfo']));
        if ($current_session_id) {
        } else {
            if (!empty($_POST['promoteCourseAdmin']) && $_POST['promoteCourseAdmin']) {
                $userProperties['status'] = 1;
            } else {
                $userProperties['status'] = 5;
            }
            if (!empty($_POST['promoteTutor']) && $_POST['promoteTutor']) {
                $userProperties['tutor'] = 1;
            } else {
                $userProperties['tutor'] = 0;
            }
            $userhoraire_name = $_POST['hor_name'];
            $course_id = $_course['real_id'];
            update_user_course_properties($userIdViewed, $courseCode, $userProperties, $userhoraire_name, $course_id);
        }
        $displayMode = "viewContentList";
    }
}

if ($allowedToEditContent) {
    if (isset($_POST['submitContent'])) {
        if ($_POST['cntId']) {
            // submit a content change
            edit_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
        } else {
            // submit a totally new content
            fill_new_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
        }
        $displayMode = "viewContentList";
    } elseif (!empty($_GET['editContent'])) {
        $displayMode = "viewContentEdit";
        $userIdViewed = $userIdViewed;
    }
}
if (api_is_allowed_to_edit(null, true)) {
    echo '<div class="actions">';
    if ($origin == 'users') {
        echo '<a href="user.php?'.api_get_cidreq().'&origin='.$origin.'">'.
            Display::return_icon('back.png', get_lang('BackUser'), '', ICON_SIZE_MEDIUM).'</a>';
    } else {
        echo '<a href="javascript:history.back(1)">'.
            Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>';
    }

    if (!is_numeric($_GET['editMainUserInfo'])) {
        if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') {
            echo '<a href="userInfo.php?'.api_get_cidreq(
                ).'&origin='.$origin.'&editMainUserInfo='.$userIdViewed.'">'.
                Display::return_icon('edit.png', get_lang('EditUser'), '', ICON_SIZE_MEDIUM).get_lang(
                    'EditUser'
                ).'</a>';
        }
    } else {
        if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') {
            echo '<a href="userInfo.php?'.api_get_cidreq().'&origin='.$origin.'&uInfo='.$userIdViewed.'">'.
                Display::return_icon(
                    'user.png',
                    get_lang('ViewUser'),
                    '',
                    ICON_SIZE_MEDIUM
                ).get_lang('ViewUser').'</a>';
        }
    }
    echo '<a href="../mySpace/myStudents.php?'.api_get_cidreq().'&origin=user_course&student='.$userIdViewed.'&details=true&course='.$_course['id'].'">'.Display::return_icon('statistics.png', get_lang('UserStatistics'), '', ICON_SIZE_MEDIUM).get_lang('UserStatistics').'</a>';
    echo '</div>';
} else {
    if ($tool_info['visibility'] == 1) {
        echo '<div class="actions">';
        if ($origin == 'users') {
            echo '<a href="user.php?'.api_get_cidreq().'&origin='.$origin.'">'.
                Display::return_icon(
                    'back.png',
                    get_lang('BackUser'),
                    '',
                    ICON_SIZE_MEDIUM
                ).'</a>';
        } else {
            echo '<a href="javascript:history.back(1)">'.Display::return_icon(
                    'back.png',
                    get_lang('Back'),
                    '',
                    ICON_SIZE_MEDIUM
                ).'</a>';
        }
        echo '</div>';
    }
}

// get information about user id viewed
$user_info_viewed = api_get_user_info($userIdViewed);
$is_session_course_coach = UserManager::is_session_course_coach(
    $userIdViewed,
    $_course['sysCode'],
    $current_session_id
);

if ($displayMode == "viewDefEdit") {
    /* CATEGORIES DEFINITIONS : EDIT */
    $catToEdit = get_cat_def($_GET['editDef']);
    $edit_heading_form = new FormValidator('edit_heading_form');
    $edit_heading_form->addElement('hidden', 'id');
    $edit_heading_form->add_textfield('title', get_lang('Title'));
    $edit_heading_form->addElement('textarea', 'comment', get_lang('Comment'), ['cols' => 60, 'rows' => 4]);
    $possible_line_nrs[1] = '1 '.get_lang('Line');
    $possible_line_nrs[3] = '3 '.get_lang('Lines');
    $possible_line_nrs[5] = '5 '.get_lang('Lines');
    $possible_line_nrs[10] = '10 '.get_lang('Lines');
    $possible_line_nrs[15] = '15 '.get_lang('Lines');
    $edit_heading_form->addElement('select', 'nbline', get_lang('LineNumber'), $possible_line_nrs);
    $edit_heading_form->addElement('submit', 'submitDef', get_lang('Ok'));
    $edit_heading_form->setDefaults($catToEdit);
    $edit_heading_form->display();
} elseif ($displayMode == "viewDefList") {
    $catList = get_cat_def_list();
    if ($catList) {
        foreach ($catList as $thisCat) {
            // displays Title and comments
            echo "<p>", "<b>".htmlize($thisCat['title'])."</b><br>\n", "<i>".htmlize($thisCat['comment'])."</i>\n", "</p>";
            // displays lines
            echo "<blockquote>\n", "<font color=\"gray\">\n";
            for ($i = 1; $i <= $thisCat['nbline']; $i++) {
                echo "<br>__________________________________________\n";
            }
            echo "</font>\n", "</blockquote>\n";
            // displays commands
            echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&removeDef=", $thisCat['catId'], "\">", "<img src=\"../img/delete.gif\" border=\"0\" alt=\"".get_lang('Remove')."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES, $charset))."')) return false;\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&editDef=", $thisCat['catId'], "\">", "<img src=\"../img/edit.gif\" border=\"0\" alt=\"".get_lang('Edit')."\" />", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveUpDef=", $thisCat['catId'], "\">", "<img src=\"../img/up.gif\" border=\"0\" alt=\"".get_lang('MoveUp')."\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveDownDef=", $thisCat['catId'], "\">", "<img src=\"../img/down.gif\" border=\"0\" alt=\"".get_lang('MoveDown')."\">", "</a>\n";
        } // end for each
    } // end if ($catList)

    echo "<center>\n",
        "<form method=\"post\" action=\"".api_get_self()."\">",
        "<input type=\"submit\" name=\"addDef\" class=\"plus\" value=\"".get_lang('AddNewHeading')."\" />",
    "</form>\n",
    "<center>\n";
} elseif ($displayMode == 'viewContentEdit') {
    /* CATEGORIES CONTENTS : EDIT */
    $catToEdit = get_cat_content($userIdViewed, $_GET['editContent']);
    $content_heading_form = new FormValidator('content_heading_form');
    $content_heading_form->addElement('hidden', 'cntId');
    $content_heading_form->addElement('hidden', 'catId');
    $content_heading_form->addElement('hidden', 'uInfo');
    $content_heading_form->addElement('static', null, $catToEdit['title'], htmlize($catToEdit['comment']));
    if ($catToEdit['nbline'] == 1) {
        $content_heading_form->addElement('text', 'content', null, ['size' => 80]);
    } else {
        $content_heading_form->addElement(
            'textarea',
            'content',
            null,
            ['cols' => 60, 'rows' => $catToEdit['nbline']]
        );
    }
    $content_heading_form->addElement('submit', 'submitContent', get_lang('Ok'));
    $defaults = $catToEdit;
    $defaults['cntId'] = $catToEdit['contentId'];
    $defaults['uInfo'] = $userIdViewed;
    $content_heading_form->setDefaults($defaults);
    $content_heading_form->display();
} elseif ($displayMode == "viewMainInfoEdit") {
    $mainUserInfo = api_get_user_info($userIdViewed);
    if ($mainUserInfo) {
        ($mainUserInfo['status'] == COURSEMANAGER) ? $courseAdminChecked = "checked" : $courseAdminChecked = "";
        $image_array = UserManager::get_user_picture_path_by_id($userIdViewed, 'web', false, true);
        // get the path,width and height from original picture
        $big_image = $image_array['dir'].'big_'.$image_array['file'];
        $big_image_size = api_getimagesize($big_image);
        $big_image_width = $big_image_size['width'];
        $big_image_height = $big_image_size['height'];
        $url_big_image = $big_image.'?rnd='.time();

        if ($image_array['file'] == 'unknown.jpg') {
            echo '<img src="'.$image_array['dir'].$image_array['file'].'" border="1">';
        } else {
            echo '<input type="image" src="'.$image_array['dir'].$image_array['file'].'" onclick="return show_image(\''.$url_big_image.'\',\''.$big_image_width.'\',\''.$big_image_height.'\');"/>';
        }

        echo "<form action=\"".api_get_self()."\" method=\"post\">\n",
            "<input type=\"hidden\" name=\"submitMainUserInfo\" value=\"$userIdViewed\" />\n",
            "<table width=\"80%\" border=\"0\">",
            "<tr align=\"center\" bgcolor=\"#E6E6E6\">\n",
            "<td align=\"left\">", get_lang('Name'), "</td>\n",
            "<td width=\"100px\" align=\"left\">", get_lang('Schedule'), "</td>\n";
        echo "</tr>\n",
            "<tr align=\"center\">",
            "<td align=\"left\"><b>", htmlize(api_get_person_name($mainUserInfo['firstName'], $mainUserInfo['lastName'])), "</b></td>\n",
         "<td align=\"left\"><b>", $mainUserInfo['official_code'], "</td>";
        //récupérer horaire de l'élève
        $course_id = $_course['real_id']; ?>
        <SELECT NAME='hor_name'>
            <OPTION VALUE='<?php echo $mainUserInfo['official_code']; ?>'><?php echo get_lang('select_calendar_student'); ?></OPTION>
            <?php
            $sql = "SELECT distinct name FROM $TABLECALHORAIRE
            where c_id = $course_id ";
        $result2 = Database::query($sql);
        while ($row = Database::fetch_array($result2)) {
            $horaire_name = $row["name"]; ?>
                    <OPTION VALUE='<?php echo $horaire_name; ?>'><?php echo "$horaire_name "; ?></OPTION>
            <?php
        } ?>
        </SELECT>
         <?php
         echo '<p></p>  ';
        if (!($is_courseAdmin && $_user['user_id'] == $userIdViewed)) {
        } else {
            echo "<td>", get_lang('CourseManager'), "</td>\n";
        }
        echo "<td><button class=\"save\" type=\"submit\" name=\"submit\">".get_lang('SaveChanges')."</button></td>\n", "</tr>", "</table>", "</form>\n";
        if (api_get_setting('show_email_addresses') == 'true') {
            echo "<p>".Display:: encrypted_mailto_link($mainUserInfo['email'], $mainUserInfo['email'])."</p>";
        }

        if (api_get_setting('extended_profile') == 'true') {
            //    MY PERSONAL OPEN AREA
            if (!empty($mainUserInfo['openarea'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyPersonalOpenArea').'</strong></div><div>'.$mainUserInfo['openarea'].'</div>';
            }
            //    MY COMPETENCES
            if (!empty($mainUserInfo['competences'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyCompetences').'</strong></div><div>'.$mainUserInfo['competences'].'</div>';
            }
            //    MY DIPLOMAS
            if (!empty($mainUserInfo['diplomas'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyDiplomas').'</strong></div><div>'.$mainUserInfo['diplomas'].'</div>';
            }
            // WHAT I AM ABLE TO TEACH
            if (!empty($mainUserInfo['teach'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyTeach').'</strong></div><div>'.$mainUserInfo['teach'].'</div>';
            }
            //    MY PRODUCTIONS
            if (!empty($mainUserInfo['competences'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyProductions').'</strong></div><div>'.UserManager::build_production_list($mainUserInfo['user_id']).'</div>';
            }
        }
    } else {
        Display::return_message(get_lang('ThisStudentIsSubscribeThroughASession'));
    }
} elseif ($displayMode == "viewContentList") {
    // default display
    $virtual_course_code = $_GET["virtual_course"];
    if (isset($virtual_course_code)) {
        $courseCode = $virtual_course_code;
        $allowedToEditDef = false;
    }
    $mainUserInfo = api_get_user_info($userIdViewed);
    if ($mainUserInfo) {
        $image_array = UserManager::get_user_picture_path_by_id($userIdViewed, 'web', false, true);
        // get the path,width and height from original picture
        $big_image = $image_array['dir'].'big_'.$image_array['file'];
        $big_image_size = api_getimagesize($big_image);
        $big_image_width = $big_image_size['width'];
        $big_image_height = $big_image_size['height'];
        $url_big_image = $big_image.'?rnd='.time();

        if ($image_array['file'] == 'unknown.jpg') {
            echo '<img src="'.$image_array['dir'].$image_array['file'].'" border="1">';
        } else {
            echo '<input type="image" src="'.$image_array['dir'].$image_array['file'].'" onclick="return show_image(\''.$url_big_image.'\',\''.$big_image_width.'\',\''.$big_image_height.'\');"/>';
        }

        // is the user online?
        $online = '';
        if (user_is_online($userIdViewed)) {
            $online = Display::return_icon('online.gif', get_lang('OnLine'), ['style' => 'with="8"; height="8"']);
        }

        // DISPLAY TABLE HEADING
        if ($origin == 'learnpath') {
            $allowedToEditDef = false;
            $is_allowedToTrack = false;
        }

        echo "<table width=\"80%\" border=\"0\">",
        "<tr align=\"center\" bgcolor=\"#E6E6E6\">\n",
            "<td align=\"left\">".get_lang('Name')."</td>\n",
                "<td width=\"20%\" align=\"left\">".get_lang('Description')."</td>\n",
         "<td width=\"100px\" align=\"left\">", get_lang('OfficialCode'), "</td>\n";

        echo "</tr>\n",
        "<tr align=\"center\">\n",
            "<td  align=\"left\"><b>".$online.' '.htmlize(api_get_person_name($mainUserInfo['firstName'], $mainUserInfo['lastName']))."</b></td>\n",
        "<td align=\"left\"><b>", $mainUserInfo['official_code'], "</td>";
        // DISPLAY TABLE CONTENT
        if ($current_session_id) {
            if ($user_info_viewed['status'] == COURSEMANAGER) {
                echo "<td> - </td>\n";
            }
        } else {
            if ($user_info_viewed['status'] == STUDENT) {
                echo "<td> - </td>\n";
            } else {
                echo "<td> - </td>\n";
            }
        }

        echo "</tr></table>";
        if (api_get_setting("show_email_addresses") == "true") {
            echo "<p>".Display::encrypted_mailto_link($mainUserInfo['email'], $mainUserInfo['email'])."</p>";
        }

        if (api_get_setting('extended_profile') == 'true') {
            //    MY PERSONAL OPEN AREA
            if (!empty($mainUserInfo['openarea'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyPersonalOpenArea').'</strong></div><div>'.$mainUserInfo['openarea'].'</div>';
            }
            //    MY COMPETENCES
            if (!empty($mainUserInfo['competences'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyCompetences').'</strong></div><div>'.$mainUserInfo['competences'].'</div>';
            }
            //    MY DIPLOMAS
            if (!empty($mainUserInfo['diplomas'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyDiplomas').'</strong></div><div>'.$mainUserInfo['diplomas'].'</div>';
            }
            // WHAT I AM ABLE TO TEACH
            if (!empty($mainUserInfo['teach'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyTeach').'</strong></div><div>'.$mainUserInfo['teach'].'</div>';
            }
            //    MY PRODUCTIONS
            if (!empty($mainUserInfo['competences'])) {
                echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyProductions').'</strong></div><div>'.UserManager::build_production_list($mainUserInfo['user_id']).'</div>';
            }
        }
    } else {
        Display::return_message(get_lang('ThisStudentIsSubscribeThroughASession'), 'normal');
    }

    if (api_get_setting('allow_user_headings') == 'true' && $allowedToEditDef) {
        // only course administrators see this line
        echo "<div align=right>",
            "<form method=\"post\" action=\"".api_get_self()."\">",
        get_lang('CourseAdministratorOnly')," : ",
            "<input type=\"submit\" class=\"save\" name=\"viewDefList\" value=\"".get_lang('DefineHeadings')."\" />",
        "</form>",
        "<hr noshade size=\"1\" style=\"color:#99CCFF\">",
        "</div>\n";
    }

    $catList = get_course_user_info($userIdViewed);
    if ($catList) {
        foreach ($catList as $thisCat) {
            // Category title
            echo "<p><b>", $thisCat['title'], "</b></p>\n";
            // Category content
            echo "<blockquote>\n";
            if ($thisCat['content']) {
                echo htmlize($thisCat['content'])."\n";
            } else {
                echo "....";
            }
            // Edit command
            if ($allowedToEditContent) {
                echo "<br /><br />\n",
                    "<a href=\"".api_get_self()."?".api_get_cidreq(
                    )."&editContent=", $thisCat['catId'], "&uInfo=", $userIdViewed, "\">",
                "<img src=\"../img/edit.gif\" border=\"0\" alt=\"edit\">",
                "</a>\n";
            }
            echo "</blockquote>\n";
        }
    }
}

Display::display_footer();


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			require_once '../inc/global.inc.php';
5			require_once 'userInfoLib.php';
6
7			$allow = api_get_configuration_value('extra');
8			if (empty($allow)) {
9			exit;
10			}
11
12			$TABLECALHORAIRE = Database :: get_course_table(cal_horaire);
			0 ignored issues – show Bug introduced 2018-03-16 15:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `cal_horaire` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
13			$htmlHeadXtra[] = '<script>
14			function show_image(image,width,height) {
15			width = parseInt(width) + 20;
16			height = parseInt(height) + 20;
17			window_x = window.open(image,\'windowX\',\'width=\'+ width + \', height=\'+ height + \'\');
18			}
19			</script>';
20
21			$editMainUserInfo = Security::remove_XSS($_REQUEST['editMainUserInfo']);
22			$uInfo = $editMainUserInfo;
23			$this_section = SECTION_COURSES;
24
25			$nameTools = get_lang('Users');
26			api_protect_course_script(true);
27			$tool_info = api_get_tool_information_by_name(TOOL_USER);
28
29			if (api_is_anonymous()) {
30			api_not_allowed(true);
31			}
32
33			//prepare variables used in userInfoLib.php functions
34			$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
35			$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);
36
37			if ($tool_info['visibility'] == 1) {
38			$interbreadcrumb[] = ['url' => 'user.php', 'name' => get_lang('Users')];
39			}
40
41			if ($origin != 'learnpath') { //so we are not in learnpath tool
42			Display :: display_header($nameTools, "User");
43			$origin = Security::remove_XSS($_GET['origin']);
44			} else {
45			?> <link rel="stylesheet" type="text/css" href="<?php echo api_get_path(WEB_CODE_PATH); ?>css/default.css" /> <?php
46			}
47
48			$currentCourse = api_get_course_id();
49			$current_session_id = api_get_session_id();
50			/*
51			* data found in settings are :
52			* $uid
53			* $isAdmin
54			* $isAdminOfCourse
55			* $_configuration['main_database']
56			* $currentCourseID
57			*/
58
59			$userIdViewed = Security::remove_XSS($_REQUEST['uInfo']);
60
61			/**
62			* Connection layer between Chamilo and the current script.
63			*/
64			$courseCode = api_get_course_id();
65			$userIdViewer = api_get_user_id(); // id fo the user currently online
66			$allowedToEditContent = ($userIdViewer == $userIdViewed) \|\| $is_platformAdmin;
67			$allowedToEditDef = api_is_allowed_to_edit(null, true);
68			$is_allowedToTrack = api_is_allowed_to_edit(null, true);
69			$displayMode = "viewContentList";
70			$removeDef = Security::remove_XSS($_GET['removeDef']);
71			$editDef = Security::remove_XSS($_GET['editDef']);
72			$moveUpDef = Security::remove_XSS($_GET['moveUpDef']);
73			$moveDownDef = Security::remove_XSS($_GET['moveDownDef']);
74
75			if ($allowedToEditDef) {
76			if (!empty($_POST['submitDef'])) {
77			if (!empty($_POST['id'])) {
78			edit_cat_def($_POST['id'], $_POST['title'], $_POST['comment'], $_POST['nbline']);
79			} else {
80			create_cat_def($_POST['title'], $_POST['comment'], $_POST['nbline']);
81			}
82			$displayMode = "viewDefList";
83			} elseif (!empty($_GET['removeDef'])) {
84			remove_cat_def($_GET['removeDef'], true);
85			$displayMode = "viewDefList";
86			} elseif (!empty($_GET['editDef'])) {
87			$displayMode = "viewDefEdit";
88			} elseif (!empty($_POST['addDef'])) {
89			$displayMode = "viewDefEdit";
90			} elseif (!empty($_GET['moveUpDef'])) {
91			move_cat_rank($_GET['moveUpDef'], "up");
92			$displayMode = "viewDefList";
93			} elseif (!empty($_GET['moveDownDef'])) {
94			move_cat_rank($_GET['moveDownDef'], "down");
95			$displayMode = "viewDefList";
96			} elseif (!empty($_POST['viewDefList'])) {
97			$displayMode = "viewDefList";
98			} elseif (!empty($_GET['editMainUserInfo'])) {
99			$userIdViewed = strval(intval($_GET['editMainUserInfo']));
100			$displayMode = "viewMainInfoEdit";
101			} elseif (!empty($_REQUEST['submitMainUserInfo'])) {
102			$userIdViewed = strval(intval($_REQUEST['submitMainUserInfo']));
103			if ($current_session_id) {
104			} else {
105			if (!empty($_POST['promoteCourseAdmin']) && $_POST['promoteCourseAdmin']) {
106			$userProperties['status'] = 1;
107			} else {
108			$userProperties['status'] = 5;
109			}
110			if (!empty($_POST['promoteTutor']) && $_POST['promoteTutor']) {
111			$userProperties['tutor'] = 1;
112			} else {
113			$userProperties['tutor'] = 0;
114			}
115			$userhoraire_name = $_POST['hor_name'];
116			$course_id = $_course['real_id'];
117			update_user_course_properties($userIdViewed, $courseCode, $userProperties, $userhoraire_name, $course_id);
118			}
119			$displayMode = "viewContentList";
120			}
121			}
122
123			if ($allowedToEditContent) {
124			if (isset($_POST['submitContent'])) {
125			if ($_POST['cntId']) {
126			// submit a content change
127			edit_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
128			} else {
129			// submit a totally new content
130			fill_new_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
131			}
132			$displayMode = "viewContentList";
133			} elseif (!empty($_GET['editContent'])) {
134			$displayMode = "viewContentEdit";
135			$userIdViewed = $userIdViewed;
136			}
137			}
138			if (api_is_allowed_to_edit(null, true)) {
139			echo '<div class="actions">';
140			if ($origin == 'users') {
141			echo '<a href="user.php?'.api_get_cidreq().'&origin='.$origin.'">'.
142			Display::return_icon('back.png', get_lang('BackUser'), '', ICON_SIZE_MEDIUM).'</a>';
143			} else {
144			echo '<a href="javascript:history.back(1)">'.
145			Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>';
146			}
147
148			if (!is_numeric($_GET['editMainUserInfo'])) {
149			if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') {
150			echo '<a href="userInfo.php?'.api_get_cidreq(
151			).'&origin='.$origin.'&editMainUserInfo='.$userIdViewed.'">'.
152			Display::return_icon('edit.png', get_lang('EditUser'), '', ICON_SIZE_MEDIUM).get_lang(
153			'EditUser'
154			).'</a>';
155			}
156			} else {
157			if (api_get_setting('allow_user_course_subscription_by_course_admin') == 'true') {
158			echo '<a href="userInfo.php?'.api_get_cidreq().'&origin='.$origin.'&uInfo='.$userIdViewed.'">'.
159			Display::return_icon(
160			'user.png',
161			get_lang('ViewUser'),
162			'',
163			ICON_SIZE_MEDIUM
164			).get_lang('ViewUser').'</a>';
165			}
166			}
167			echo '<a href="../mySpace/myStudents.php?'.api_get_cidreq().'&origin=user_course&student='.$userIdViewed.'&details=true&course='.$_course['id'].'">'.Display::return_icon('statistics.png', get_lang('UserStatistics'), '', ICON_SIZE_MEDIUM).get_lang('UserStatistics').'</a>';
168			echo '</div>';
169			} else {
170			if ($tool_info['visibility'] == 1) {
171			echo '<div class="actions">';
172			if ($origin == 'users') {
173			echo '<a href="user.php?'.api_get_cidreq().'&origin='.$origin.'">'.
174			Display::return_icon(
175			'back.png',
176			get_lang('BackUser'),
177			'',
178			ICON_SIZE_MEDIUM
179			).'</a>';
180			} else {
181			echo '<a href="javascript:history.back(1)">'.Display::return_icon(
182			'back.png',
183			get_lang('Back'),
184			'',
185			ICON_SIZE_MEDIUM
186			).'</a>';
187			}
188			echo '</div>';
189			}
190			}
191
192			// get information about user id viewed
193			$user_info_viewed = api_get_user_info($userIdViewed);
194			$is_session_course_coach = UserManager::is_session_course_coach(
195			$userIdViewed,
196			$_course['sysCode'],
197			$current_session_id
198			);
199
200			if ($displayMode == "viewDefEdit") {
201			/* CATEGORIES DEFINITIONS : EDIT */
202			$catToEdit = get_cat_def($_GET['editDef']);
203			$edit_heading_form = new FormValidator('edit_heading_form');
204			$edit_heading_form->addElement('hidden', 'id');
205			$edit_heading_form->add_textfield('title', get_lang('Title'));
206			$edit_heading_form->addElement('textarea', 'comment', get_lang('Comment'), ['cols' => 60, 'rows' => 4]);
207			$possible_line_nrs[1] = '1 '.get_lang('Line');
208			$possible_line_nrs[3] = '3 '.get_lang('Lines');
209			$possible_line_nrs[5] = '5 '.get_lang('Lines');
210			$possible_line_nrs[10] = '10 '.get_lang('Lines');
211			$possible_line_nrs[15] = '15 '.get_lang('Lines');
212			$edit_heading_form->addElement('select', 'nbline', get_lang('LineNumber'), $possible_line_nrs);
213			$edit_heading_form->addElement('submit', 'submitDef', get_lang('Ok'));
214			$edit_heading_form->setDefaults($catToEdit);
215			$edit_heading_form->display();
216			} elseif ($displayMode == "viewDefList") {
217			$catList = get_cat_def_list();
218			if ($catList) {
219			foreach ($catList as $thisCat) {
220			// displays Title and comments
221			echo "<p>", "<b>".htmlize($thisCat['title'])."</b><br>\n", "<i>".htmlize($thisCat['comment'])."</i>\n", "</p>";
222			// displays lines
223			echo "<blockquote>\n", "<font color=\"gray\">\n";
224			for ($i = 1; $i <= $thisCat['nbline']; $i++) {
225			echo "<br>__________________________________________\n";
226			}
227			echo "</font>\n", "</blockquote>\n";
228			// displays commands
229			echo "<a href=\"".api_get_self()."?".api_get_cidreq()."&removeDef=", $thisCat['catId'], "\">", "<img src=\"../img/delete.gif\" border=\"0\" alt=\"".get_lang('Remove')."\" onclick=\"javascript:if(!confirm('".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES, $charset))."')) return false;\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&editDef=", $thisCat['catId'], "\">", "<img src=\"../img/edit.gif\" border=\"0\" alt=\"".get_lang('Edit')."\" />", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveUpDef=", $thisCat['catId'], "\">", "<img src=\"../img/up.gif\" border=\"0\" alt=\"".get_lang('MoveUp')."\">", "</a>", "<a href=\"".api_get_self()."?".api_get_cidreq()."&moveDownDef=", $thisCat['catId'], "\">", "<img src=\"../img/down.gif\" border=\"0\" alt=\"".get_lang('MoveDown')."\">", "</a>\n";
230			} // end for each
231			} // end if ($catList)
232
233			echo "<center>\n",
234			"<form method=\"post\" action=\"".api_get_self()."\">",
235			"<input type=\"submit\" name=\"addDef\" class=\"plus\" value=\"".get_lang('AddNewHeading')."\" />",
236			"</form>\n",
237			"<center>\n";
238			} elseif ($displayMode == 'viewContentEdit') {
239			/* CATEGORIES CONTENTS : EDIT */
240			$catToEdit = get_cat_content($userIdViewed, $_GET['editContent']);
241			$content_heading_form = new FormValidator('content_heading_form');
242			$content_heading_form->addElement('hidden', 'cntId');
243			$content_heading_form->addElement('hidden', 'catId');
244			$content_heading_form->addElement('hidden', 'uInfo');
245			$content_heading_form->addElement('static', null, $catToEdit['title'], htmlize($catToEdit['comment']));
246			if ($catToEdit['nbline'] == 1) {
247			$content_heading_form->addElement('text', 'content', null, ['size' => 80]);
248			} else {
249			$content_heading_form->addElement(
250			'textarea',
251			'content',
252			null,
253			['cols' => 60, 'rows' => $catToEdit['nbline']]
254			);
255			}
256			$content_heading_form->addElement('submit', 'submitContent', get_lang('Ok'));
257			$defaults = $catToEdit;
258			$defaults['cntId'] = $catToEdit['contentId'];
259			$defaults['uInfo'] = $userIdViewed;
260			$content_heading_form->setDefaults($defaults);
261			$content_heading_form->display();
262			} elseif ($displayMode == "viewMainInfoEdit") {
263			$mainUserInfo = api_get_user_info($userIdViewed);
264			if ($mainUserInfo) {
265			($mainUserInfo['status'] == COURSEMANAGER) ? $courseAdminChecked = "checked" : $courseAdminChecked = "";
266			$image_array = UserManager::get_user_picture_path_by_id($userIdViewed, 'web', false, true);
267			// get the path,width and height from original picture
268			$big_image = $image_array['dir'].'big_'.$image_array['file'];
269			$big_image_size = api_getimagesize($big_image);
270			$big_image_width = $big_image_size['width'];
271			$big_image_height = $big_image_size['height'];
272			$url_big_image = $big_image.'?rnd='.time();
273
274			if ($image_array['file'] == 'unknown.jpg') {
275			echo '<img src="'.$image_array['dir'].$image_array['file'].'" border="1">';
276			} else {
277			echo '<input type="image" src="'.$image_array['dir'].$image_array['file'].'" onclick="return show_image(\''.$url_big_image.'\',\''.$big_image_width.'\',\''.$big_image_height.'\');"/>';
278			}
279
280			echo "<form action=\"".api_get_self()."\" method=\"post\">\n",
281			"<input type=\"hidden\" name=\"submitMainUserInfo\" value=\"$userIdViewed\" />\n",
282			"<table width=\"80%\" border=\"0\">",
283			"<tr align=\"center\" bgcolor=\"#E6E6E6\">\n",
284			"<td align=\"left\">", get_lang('Name'), "</td>\n",
285			"<td width=\"100px\" align=\"left\">", get_lang('Schedule'), "</td>\n";
286			echo "</tr>\n",
287			"<tr align=\"center\">",
288			"<td align=\"left\"><b>", htmlize(api_get_person_name($mainUserInfo['firstName'], $mainUserInfo['lastName'])), "</b></td>\n",
289			"<td align=\"left\"><b>", $mainUserInfo['official_code'], "</td>";
290			//récupérer horaire de l'élève
291			$course_id = $_course['real_id']; ?>
292			<SELECT NAME='hor_name'>
293			<OPTION VALUE='<?php echo $mainUserInfo['official_code']; ?>'><?php echo get_lang('select_calendar_student'); ?></OPTION>
294			<?php
295			$sql = "SELECT distinct name FROM $TABLECALHORAIRE
296			where c_id = $course_id ";
297			$result2 = Database::query($sql);
298			while ($row = Database::fetch_array($result2)) {
299			$horaire_name = $row["name"]; ?>
300			<OPTION VALUE='<?php echo $horaire_name; ?>'><?php echo "$horaire_name "; ?></OPTION>
301			<?php
302			} ?>
303			</SELECT>
304			<?php
305			echo '<p></p> ';
306			if (!($is_courseAdmin && $_user['user_id'] == $userIdViewed)) {
307			} else {
308			echo "<td>", get_lang('CourseManager'), "</td>\n";
309			}
310			echo "<td><button class=\"save\" type=\"submit\" name=\"submit\">".get_lang('SaveChanges')."</button></td>\n", "</tr>", "</table>", "</form>\n";
311			if (api_get_setting('show_email_addresses') == 'true') {
312			echo "<p>".Display:: encrypted_mailto_link($mainUserInfo['email'], $mainUserInfo['email'])."</p>";
313			}
314
315			if (api_get_setting('extended_profile') == 'true') {
316			// MY PERSONAL OPEN AREA
317			if (!empty($mainUserInfo['openarea'])) {
318			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyPersonalOpenArea').'</strong></div><div>'.$mainUserInfo['openarea'].'</div>';
319			}
320			// MY COMPETENCES
321			if (!empty($mainUserInfo['competences'])) {
322			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyCompetences').'</strong></div><div>'.$mainUserInfo['competences'].'</div>';
323			}
324			// MY DIPLOMAS
325			if (!empty($mainUserInfo['diplomas'])) {
326			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyDiplomas').'</strong></div><div>'.$mainUserInfo['diplomas'].'</div>';
327			}
328			// WHAT I AM ABLE TO TEACH
329			if (!empty($mainUserInfo['teach'])) {
330			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyTeach').'</strong></div><div>'.$mainUserInfo['teach'].'</div>';
331			}
332			// MY PRODUCTIONS
333			if (!empty($mainUserInfo['competences'])) {
334			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyProductions').'</strong></div><div>'.UserManager::build_production_list($mainUserInfo['user_id']).'</div>';
335			}
336			}
337			} else {
338			Display::return_message(get_lang('ThisStudentIsSubscribeThroughASession'));
339			}
340			} elseif ($displayMode == "viewContentList") {
341			// default display
342			$virtual_course_code = $_GET["virtual_course"];
343			if (isset($virtual_course_code)) {
344			$courseCode = $virtual_course_code;
345			$allowedToEditDef = false;
346			}
347			$mainUserInfo = api_get_user_info($userIdViewed);
348			if ($mainUserInfo) {
349			$image_array = UserManager::get_user_picture_path_by_id($userIdViewed, 'web', false, true);
350			// get the path,width and height from original picture
351			$big_image = $image_array['dir'].'big_'.$image_array['file'];
352			$big_image_size = api_getimagesize($big_image);
353			$big_image_width = $big_image_size['width'];
354			$big_image_height = $big_image_size['height'];
355			$url_big_image = $big_image.'?rnd='.time();
356
357			if ($image_array['file'] == 'unknown.jpg') {
358			echo '<img src="'.$image_array['dir'].$image_array['file'].'" border="1">';
359			} else {
360			echo '<input type="image" src="'.$image_array['dir'].$image_array['file'].'" onclick="return show_image(\''.$url_big_image.'\',\''.$big_image_width.'\',\''.$big_image_height.'\');"/>';
361			}
362
363			// is the user online?
364			$online = '';
365			if (user_is_online($userIdViewed)) {
366			$online = Display::return_icon('online.gif', get_lang('OnLine'), ['style' => 'with="8"; height="8"']);
367			}
368
369			// DISPLAY TABLE HEADING
370			if ($origin == 'learnpath') {
371			$allowedToEditDef = false;
372			$is_allowedToTrack = false;
373			}
374
375			echo "<table width=\"80%\" border=\"0\">",
376			"<tr align=\"center\" bgcolor=\"#E6E6E6\">\n",
377			"<td align=\"left\">".get_lang('Name')."</td>\n",
378			"<td width=\"20%\" align=\"left\">".get_lang('Description')."</td>\n",
379			"<td width=\"100px\" align=\"left\">", get_lang('OfficialCode'), "</td>\n";
380
381			echo "</tr>\n",
382			"<tr align=\"center\">\n",
383			"<td align=\"left\"><b>".$online.' '.htmlize(api_get_person_name($mainUserInfo['firstName'], $mainUserInfo['lastName']))."</b></td>\n",
384			"<td align=\"left\"><b>", $mainUserInfo['official_code'], "</td>";
385			// DISPLAY TABLE CONTENT
386			if ($current_session_id) {
387			if ($user_info_viewed['status'] == COURSEMANAGER) {
388			echo "<td> - </td>\n";
389			}
390			} else {
391			if ($user_info_viewed['status'] == STUDENT) {
392			echo "<td> - </td>\n";
393			} else {
394			echo "<td> - </td>\n";
395			}
396			}
397
398			echo "</tr></table>";
399			if (api_get_setting("show_email_addresses") == "true") {
400			echo "<p>".Display::encrypted_mailto_link($mainUserInfo['email'], $mainUserInfo['email'])."</p>";
401			}
402
403			if (api_get_setting('extended_profile') == 'true') {
404			// MY PERSONAL OPEN AREA
405			if (!empty($mainUserInfo['openarea'])) {
406			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyPersonalOpenArea').'</strong></div><div>'.$mainUserInfo['openarea'].'</div>';
407			}
408			// MY COMPETENCES
409			if (!empty($mainUserInfo['competences'])) {
410			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyCompetences').'</strong></div><div>'.$mainUserInfo['competences'].'</div>';
411			}
412			// MY DIPLOMAS
413			if (!empty($mainUserInfo['diplomas'])) {
414			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyDiplomas').'</strong></div><div>'.$mainUserInfo['diplomas'].'</div>';
415			}
416			// WHAT I AM ABLE TO TEACH
417			if (!empty($mainUserInfo['teach'])) {
418			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyTeach').'</strong></div><div>'.$mainUserInfo['teach'].'</div>';
419			}
420			// MY PRODUCTIONS
421			if (!empty($mainUserInfo['competences'])) {
422			echo '<div style="margin-top:10px;" class="actions-message"><strong>'.get_lang('MyProductions').'</strong></div><div>'.UserManager::build_production_list($mainUserInfo['user_id']).'</div>';
423			}
424			}
425			} else {
426			Display::return_message(get_lang('ThisStudentIsSubscribeThroughASession'), 'normal');
427			}
428
429			if (api_get_setting('allow_user_headings') == 'true' && $allowedToEditDef) {
430			// only course administrators see this line
431			echo "<div align=right>",
432			"<form method=\"post\" action=\"".api_get_self()."\">",
433			get_lang('CourseAdministratorOnly')," : ",
434			"<input type=\"submit\" class=\"save\" name=\"viewDefList\" value=\"".get_lang('DefineHeadings')."\" />",
435			"</form>",
436			"<hr noshade size=\"1\" style=\"color:#99CCFF\">",
437			"</div>\n";
438			}
439
440			$catList = get_course_user_info($userIdViewed);
441			if ($catList) {
442			foreach ($catList as $thisCat) {
443			// Category title
444			echo "<p><b>", $thisCat['title'], "</b></p>\n";
445			// Category content
446			echo "<blockquote>\n";
447			if ($thisCat['content']) {
448			echo htmlize($thisCat['content'])."\n";
449			} else {
450			echo "....";
451			}
452			// Edit command
453			if ($allowedToEditContent) {
454			echo "<br /><br />\n",
455			"<a href=\"".api_get_self()."?".api_get_cidreq(
456			)."&editContent=", $thisCat['catId'], "&uInfo=", $userIdViewed, "\">",
457			"<img src=\"../img/edit.gif\" border=\"0\" alt=\"edit\">",
458			"</a>\n";
459			}
460			echo "</blockquote>\n";
461			}
462			}
463			}
464
465			Display::display_footer();
466

chamilo / chamilo-lms

Push — 1.11.x ( bce6cd...c146d9 )

main/extra/userInfo.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like