Source for file main_api.lib.php
Documentation is available at main_api.lib.php
=============================================================================== Dokeos - elearning and course management software Copyright (c) 2004-2008 Dokeos S.A. Copyright (c) 2003 Ghent University (UGent) Copyright (c) 2001 Universite catholique de Louvain (UCL) Copyright (c) Hugues Peeters Copyright (c) Christophe Gesche Copyright (c) Roan Embrechts (Vrije Universiteit Brussel) Copyright (c) Patrick Cool Copyright (c) Olivier Brouckaert Copyright (c) Toon Van Hoecke For a full list of contributors, see "credits.txt". The full license can be read in "license.txt". This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. See the GNU General Public License for more details. Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium =============================================================================== ============================================================================== * This is a code library for Dokeos. * It is included by default in every Dokeos file * (through including the global.inc.php) * @package dokeos.library ============================================================================== ============================================================================== ============================================================================== /** global status of a user: student */ /** global status of a user: course manager */ /** global status of a user: session admin */ /** global status of a user: human ressource manager */ /** global status of a user: human ressource manager */ $_status_list[DRH] = 'drh'; //COURSE VISIBILITY CONSTANTS /** only visible for course admin */ define('COURSE_VISIBILITY_CLOSED', 0); /** only visible for users registered in the course*/ define('COURSE_VISIBILITY_REGISTERED', 1); /** open for all registered users on the platform */ define('COURSE_VISIBILITY_OPEN_PLATFORM', 2); /** open for the whole world */ define('COURSE_VISIBILITY_OPEN_WORLD', 3); define('SUBSCRIBE_ALLOWED', 1); define('SUBSCRIBE_NOT_ALLOWED', 0); define('UNSUBSCRIBE_ALLOWED', 1); define('UNSUBSCRIBE_NOT_ALLOWED', 0); //CONSTANTS FOR api_get_path FUNCTION define('WEB_PATH', 'WEB_PATH'); define('SYS_PATH', 'SYS_PATH'); define('REL_PATH', 'REL_PATH'); define('WEB_COURSE_PATH', 'WEB_COURSE_PATH'); define('SYS_COURSE_PATH', 'SYS_COURSE_PATH'); define('REL_COURSE_PATH', 'REL_COURSE_PATH'); define('REL_CODE_PATH', 'REL_CODE_PATH'); define('WEB_CODE_PATH', 'WEB_CODE_PATH'); define('SYS_CODE_PATH', 'SYS_CODE_PATH'); define('SYS_LANG_PATH', 'SYS_LANG_PATH'); define('WEB_IMG_PATH', 'WEB_IMG_PATH'); define('WEB_CSS_PATH', 'WEB_CSS_PATH'); define('GARBAGE_PATH', 'GARBAGE_PATH'); define('SYS_PLUGIN_PATH', 'SYS_PLUGIN_PATH'); define('PLUGIN_PATH', 'PLUGIN_PATH'); define('WEB_PLUGIN_PATH', 'WEB_PLUGIN_PATH'); define('SYS_ARCHIVE_PATH', 'SYS_ARCHIVE_PATH'); define('INCLUDE_PATH', 'INCLUDE_PATH'); define('LIBRARY_PATH', 'LIBRARY_PATH'); define('CONFIGURATION_PATH', 'CONFIGURATION_PATH'); define('WEB_LIBRARY_PATH','WEB_LIBRARY_PATH'); //CONSTANTS defining all tools, using the english version define('TOOL_DOCUMENT', 'document'); define('TOOL_HOTPOTATOES', 'hotpotatoes'); define('TOOL_CALENDAR_EVENT', 'calendar_event'); define('TOOL_COURSE_DESCRIPTION', 'course_description'); define('TOOL_LEARNPATH', 'learnpath'); define('TOOL_ANNOUNCEMENT', 'announcement'); define('TOOL_FORUM', 'forum'); define('TOOL_THREAD', 'thread'); define('TOOL_DROPBOX', 'dropbox'); define('TOOL_GROUP', 'group'); define('TOOL_BLOGS', 'blog_management'); // Smartblogs (Kevin Van Den Haute :: kevin@develop-it.be) define('TOOL_CONFERENCE', 'conference'); define('TOOL_STUDENTPUBLICATION', 'student_publication'); define('TOOL_TRACKING', 'tracking'); define('TOOL_HOMEPAGE_LINK', 'homepage_link'); define('TOOL_COURSE_SETTING', 'course_setting'); define('TOOL_BACKUP', 'backup'); define('TOOL_COPY_COURSE_CONTENT', 'copy_course_content'); define('TOOL_RECYCLE_COURSE', 'recycle_course'); define('TOOL_COURSE_HOMEPAGE', 'course_homepage'); define('TOOL_COURSE_RIGHTS_OVERVIEW', 'course_rights'); define('TOOL_UPLOAD','file_upload'); define('TOOL_COURSE_MAINTENANCE','course_maintenance'); define('TOOL_VISIO_CONFERENCE','visio_conference'); define('TOOL_VISIO_CLASSROOM','visio_classroom'); define('TOOL_SURVEY','survey'); // CONSTANTS defining dokeos sections define('SECTION_CAMPUS', 'mycampus'); define('SECTION_COURSES', 'mycourses'); define('SECTION_MYPROFILE', 'myprofile'); define('SECTION_MYAGENDA', 'myagenda'); define('SECTION_COURSE_ADMIN', 'course_admin'); define('SECTION_PLATFORM_ADMIN', 'platform_admin'); define('SECTION_MYGRADEBOOK', 'mygradebook'); // CONSTANT name for local authentication source define('PLATFORM_AUTH_SOURCE', 'platform'); //CONSTANT defining the default HotPotatoes files directory define('DIR_HOTPOTATOES','/HotPotatoes_files'); ============================================================================== use these to protect your scripts ============================================================================== * Function used to protect a course script. * The function blocks access when * - there is no $_SESSION["_course"] defined; or * - $is_allowed_in_course is set to false (this depends on the course * visibility and user status). * This is only the first proposal, test and improve! * @param boolean Option to print headers when displaying error message. Default: false * @todo replace global variable global $is_allowed_in_course; //if (!isset ($_SESSION["_course"]) || !$is_allowed_in_course) if (!$is_allowed_in_course) * Function used to protect an admin script. * The function blocks access when the user has no platform admin rights. * This is only the first proposal, test and improve! * Function used to prevent anonymous users from accessing a script. if (!(isset ($_user['user_id']) && $_user['user_id']) || api_is_anonymous($_user['user_id'],true)) ============================================================================== don't access kernel variables directly, use these functions instead ============================================================================== * @return an array with the navigator name and version if (strstr($_SERVER['HTTP_USER_AGENT'], 'Opera')) list (, $version) = explode('Opera', $_SERVER['HTTP_USER_AGENT']); elseif (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) $navigator = 'Internet Explorer'; list (, $version) = explode('MSIE', $_SERVER['HTTP_USER_AGENT']); elseif (strstr($_SERVER['HTTP_USER_AGENT'], 'Gecko')) list (, $version) = explode('; rv:', $_SERVER['HTTP_USER_AGENT']); elseif (strstr($_SERVER['HTTP_USER_AGENT'], 'Netscape')) list (, $version) = explode('Netscape', $_SERVER['HTTP_USER_AGENT']); return array ('name' => $navigator, 'version' => $version); * @return True if user selfregistration is allowed, false otherwise. if(isset ($GLOBALS['allowSelfReg'])) return $GLOBALS["allowSelfReg"]; * Returns a full path to a certain Dokeos area, which you specify * See $_configuration['course_folder'] in the configuration.php * to alter the WEB_COURSE_PATH and SYS_COURSE_PATH parameters. * @param one of the following constants: * WEB_PATH, SYS_PATH, REL_PATH, WEB_COURSE_PATH, SYS_COURSE_PATH, * REL_COURSE_PATH, REL_CODE_PATH, WEB_CODE_PATH, SYS_CODE_PATH, * SYS_LANG_PATH, WEB_IMG_PATH, GARBAGE_PATH, PLUGIN_PATH, SYS_ARCHIVE_PATH, * INCLUDE_PATH, LIBRARY_PATH, CONFIGURATION_PATH * @example assume that your server root is /var/www/ dokeos is installed in a subfolder dokeos/ and the URL of your campus is http://www.mydokeos.com * The other configuration paramaters have not been changed. * The different api_get_paths will give * WEB_PATH http://www.mydokeos.com * WEB_COURSE_PATH http://www.mydokeos.com/courses/ * SYS_COURSE_PATH /var/www/dokeos/courses/ // example: http://www.mydokeos.com/ or http://www.mydokeos.com/portal/ if you're using // a subdirectory of your document root for Dokeos if(substr($_configuration['root_web'],- 1) == '/') return $_configuration['root_web']; return $_configuration['root_web']. '/'; if(substr($_configuration['root_sys'],- 1) == '/') return $_configuration['root_sys']; return $_configuration['root_sys']. '/'; if (substr($_configuration['url_append'], - 1) === '/') return $_configuration['url_append']; return $_configuration['url_append']. '/'; // example: http://www.mydokeos.com/courses/ return $_configuration['root_web']. $_configuration['course_folder']; // example: /var/www/dokeos/courses/ return $_configuration['root_sys']. $_configuration['course_folder']; // example: courses/ or dokeos/courses/ // example: main/ or dokeos/main/ // example: http://www.mydokeos.com/main/ return $GLOBALS['clarolineRepositoryWeb']; // example: /var/www/dokeos/main/ return $GLOBALS['clarolineRepositorySys']; // example: /var/www/dokeos/main/lang/ // example: http://www.mydokeos.com/main/img/ // example: /var/www/dokeos/main/garbage/ return $GLOBALS['garbageRepositorySys']; // example: /var/www/dokeos/plugin/ // example: http://www.mydokeos.com/plugin/ // example: /var/www/dokeos/archive/ // Generated by main/inc/global.inc.php // example: /var/www/dokeos/main/inc/ return str_replace('\\', '/', $GLOBALS['includePath']). '/'; // example: /var/www/dokeos/main/inc/lib/ // example: http://www.mydokeos.com/main/inc/lib/ // example: /var/www/dokeos/main/inc/conf/ * This function returns the id of the user which is stored in the $_user array. * @example The function can be used to check if a user is logged in * @return integer the id of the current user if(empty($GLOBALS['_user']['user_id'])) return $GLOBALS['_user']['user_id']; * @param $user_id (integer): the id of the user * @return $user_info (array): user_id, lastname, firstname, username, email, ... * @author Patrick Cool <patrick.cool@UGent.be> * @version 21 September 2004 * @desc find all the information about a user. If no paramater is passed you find all the information about the current user. return $GLOBALS["_user"]; // this is done so that it returns the same array-index-names // ideally the names of the fields of the user table are renamed so that they match $_user (or vice versa) // $_user should also contain every field of the user table (except password maybe). This would make the // following lines obsolete (and the code cleaner and slimmer !!! $user_info['firstName'] = $result_array['firstname']; $user_info['lastName'] = $result_array['lastname']; $user_info['mail'] = $result_array['email']; $user_info['picture_uri'] = $result_array['picture_uri']; $user_info['user_id'] = $result_array['user_id']; $user_info['official_code'] = $result_array['official_code']; $user_info['status'] = $result_array['status']; $user_info['auth_source'] = $result_array['auth_source']; $user_info['username'] = $result_array['username']; $user_info['theme'] = $result_array['theme']; * Returns the current course id (integer) * Returns the current course directory * This function relies on api_get_course_info() * @param string The course code - optional (takes it from session if not given) * @return string The directory where the course is located inside the Dokeos "courses" directory * @author Yannick Warnier <yannick.warnier@dokeos.com> * Gets a course setting from the current course_setting table. Try always using integer values. * @param string The name of the setting we want from the table * @return mixed The value of that setting in that table. Return -1 if not found. $sql = "SELECT * FROM $table WHERE variable = '$setting_name'"; * Gets an anonymous user ID * For some tools that need tracking, like the learnpath tool, it is necessary * to have a usable user-id to enable some kind of tracking, even if not * perfect. An anonymous ID is taken from the users table by looking for a * status of "6" (anonymous). * @return int User ID of the anonymous user, or O if no anonymous user found $sql = "SELECT user_id FROM $table WHERE status = 6"; //error_log('api_get_anonymous_id() returns '.$row['user_id'],0); else //no anonymous user was found * Returns the cidreq parameter name + current course id if (!empty ($GLOBALS["_cid"])) * Returns the current course info array. * Note: this array is only defined if the user is inside a course. * Now if the course_code is given, the returned array gives info about that * particular course, not specially the current one. * @todo same behaviour as api_get_user_info so that api_get_course_id becomes absolete too $sql = "SELECT `course`.*, `course_category`.`code` `faCode`, `course_category`.`name` `faName` LEFT JOIN $course_cat_table ON `course`.`category_code` = `course_category`.`code` WHERE `course`.`code` = '$course_code'"; $_course['id' ] = $cData['code' ]; //auto-assigned integer $_course['name' ] = $cData['title' ]; $_course['official_code'] = $cData['visual_code' ]; // use in echo $_course['sysCode' ] = $cData['code' ]; // use as key in db $_course['path' ] = $cData['directory' ]; // use as key in path $_course['dbName' ] = $cData['db_name' ]; // use as key in db list $_course['dbNameGlu' ] = $_configuration['table_prefix'] . $cData['db_name'] . $_configuration['db_glue']; // use in all queries $_course['titular' ] = $cData['tutor_name' ]; $_course['language' ] = $cData['course_language' ]; $_course['extLink' ]['url' ] = $cData['department_url' ]; $_course['extLink' ]['name'] = $cData['department_name']; $_course['categoryCode'] = $cData['faCode' ]; $_course['categoryName'] = $cData['faName' ]; $_course['visibility' ] = $cData['visibility']; $_course['subscribe_allowed'] = $cData['subscribe']; $_course['unubscribe_allowed'] = $cData['unsubscribe']; ============================================================================== DATABASE QUERY MANAGEMENT ============================================================================== * You have to use addslashes() on each value that you want to record into the database * @author Olivier Brouckaert * @param string $query - SQL query * @param string $file - optional, the file path and name of the error (__FILE__) * @param string $line - optional, the line of the error (__LINE__) * @return resource - the return value of the query $info .= '<b>MYSQL ERROR :</b><br/> '; $info .= '<b>QUERY :</b><br/> '; $info .= '<b>FILE :</b><br/> '; $info .= ($file == '' ? ' unknown ' : $file); $info .= '<b>LINE :</b><br/> '; $info .= ($line == 0 ? ' unknown ' : $line); * Store the result of a query into an array * @author Olivier Brouckaert * @param resource $result - the return value of the query * @return array - the value returned by the query ============================================================================== ============================================================================== * Start the Dokeos session. * The default lifetime for session is set here. It is not possible to have it * as a database setting as it is used before the database connection has been made. * It is taken from the configuration file, and if it doesn't exist there, it is set * @author Olivier Brouckaert * @param string variable - the variable name to save into the session global $storeSessionInDb; /* causes too many problems and is not configurable dynamically $session_lifetime = 360000; if(isset($_configuration['session_lifetime'])) $session_lifetime = $_configuration['session_lifetime']; session_set_cookie_params($session_lifetime,api_get_path(REL_PATH)); $storeSessionInDb = false; @ session_set_save_handler(array (& $session_handler, 'open'), array (& $session_handler, 'close'), array (& $session_handler, 'read'), array (& $session_handler, 'write'), array (& $session_handler, 'destroy'), array (& $session_handler, 'garbage')); if (empty ($_SESSION['checkDokeosURL'])) * save a variable into the session * BUG: function works only with global variables * @author Olivier Brouckaert * @param string variable - the variable name to save into the session $_SESSION[$variable] = $ $variable; * Remove a variable from the session. * @author Olivier Brouckaert * @param string variable - the variable name to remove from the session if(isset ($GLOBALS[$variable])) unset ($GLOBALS[$variable]); if(isset ($_SESSION[$variable])) $_SESSION[$variable] = null; * @author Olivier Brouckaert * @author Olivier Brouckaert ============================================================================== ============================================================================== list (, $query_string) = explode('?', $url); $param_list1 = explode('&', $param); $param_list2 = explode('&', $query_string); $param_list1_keys = $param_list1_vals = array (); foreach ($param_list1 as $key => $enreg) list ($param_list1_keys[$key], $param_list1_vals[$key]) = explode('=', $enreg); $param_list1 = array ('keys' => $param_list1_keys, 'vals' => $param_list1_vals); foreach ($param_list2 as $enreg) $url = str_replace($enreg[0]. '='. $enreg[1], $enreg[0]. '='. $param_list1['vals'][$key], $url); $param = str_replace('&'. $enreg[0]. '='. $param_list1['vals'][$key], '', $param); * Returns a difficult to guess password. * @param int $length, the length of the password * @return string the generated password $characters = 'abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789'; for ($i = 0; $i < $length; $i ++ ) $password .= $characters[rand() % strlen($characters)]; * Checks a password to see wether it is OK to use. * @param string $password * @return true if the password is acceptable, false otherwise $lengthPass = strlen($password); $cptLettres = $cptChiffres = 0; for ($i = 0; $i < $lengthPass; $i ++ ) $codeCharCur = ord($passLower[$i]); if ($i && abs($codeCharCur - $codeCharPrev) <= 1) if ($codeCharCur >= 97 && $codeCharCur <= 122) elseif ($codeCharCur >= 48 && $codeCharCur <= 57) $codeCharPrev = $codeCharCur; return ($cptLettres >= 3 && $cptChiffres >= 2) ? true : false; * Clear the user ID from the session if it was the anonymous user. Generally * used on out-of-tools pages to remove a user ID that could otherwise be used * This function is to be used in conjunction with the api_set_anonymous() * function to simulate the user existence in case of an anonymous visit. * @param bool database check switch - passed to api_is_anonymous() * @return bool true if succesfully unregistered, false if not anonymous. unset ($_user['user_id']); * @author Brouckaert Olivier * @param string text - text to truncate * @param integer length - length of the truncated text * @param string endStr - suffix * @param boolean middle - if true, truncates on string middle function api_trunc_str($text, $length = 30, $endStr = '...', $middle = false) // deprecated, use api_trunc_str() instead function shorten($input, $length = 15) * handling simple and double apostrofe in order that strings be stored properly in database * @param string variable - the variable to be revised ============================================================================== ============================================================================== * The Failure Management module is here to compensate * the absence of an 'exception' device in PHP 4. * $api_failureList - array containing all the failure recorded $api_failureList = array (); * Fills a global array called $api_failureList * This array collects all the failure occuring during the script runs * The main purpose is allowing to manage the display messages externaly * from the functions or objects. This strengthens encupsalation principle * @author Hugues Peeters <peeters@ipm.ucl.ac.be> * @param string $failureType - the type of failure * @global array $api_failureList * @return bolean false to stay consistent with the main script $api_failureList[] = $failureType; * Sets the current user as anonymous if it hasn't been identified yet. This * function should be used inside a tool only. The function api_clear_anonymous() * acts in the opposite direction by clearing the anonymous user's data every * time we get on a course homepage or on a neutral page (index, admin, my space) * @return bool true if set user as anonymous, false if user was already logged in or anonymous id could not be found if(!empty($_user['user_id'])) $_user['user_id'] = $user_id; $_user['is_anonymous'] = true; $GLOBALS['_user'] = $_user; * get the last failure stored in $api_failureList; * @author Hugues Peeters <hugues.peeters@claroline.net> * @return string - the last failure stored return $api_failureList[count($api_failureList) - 1]; * collects and manage failures occuring during script execution * The main purpose is allowing to manage the display messages externaly * from functions or objects. This strengthens encupsalation principle * @author Hugues Peeters <hugues.peeters@claroline.net> * @package dokeos.library * IMPLEMENTATION NOTE : For now the $api_failureList list is set to the * global scope, as PHP 4 is unable to manage static variable in class. But * this feature is awaited in PHP 5. The class is already written to minize * the change when static class variable will be possible. And the API won't * Pile the last failure in the failure list * @author Hugues Peeters <peeters@ipm.ucl.ac.be> * @param string $failureType - the type of failure * @global array $api_failureList * @return bolean false to stay consistent with the main script $api_failureList[] = $failureType; * get the last failure stored * @author Hugues Peeters <hugues.peeters@claroline.net> * @return string - the last failure stored return $api_failureList[count($api_failureList) - 1]; ============================================================================== ============================================================================== * DEPRECATED, use api_get_setting instead * Returns the value of a setting from the web-adjustable admin config settings. * WARNING true/false are stored as string, so when comparing you need to check e.g. * if(api_get_setting("show_navigation_menu") == "true") //CORRECT * if(api_get_setting("show_navigation_menu") == true) //INCORRECT * @param string The variable name * @param string The subkey (sub-variable) if any. Defaults to NULL return is_null($key) ? (!empty($_setting[$variable])? $_setting[$variable]: null) : $_setting[$variable][$key]; * Returns an escaped version of $_SERVER['PHP_SELF'] to avoid XSS injection * @return string Escaped version of $_SERVER['PHP_SELF'] ============================================================================== ============================================================================== * Whenever the server type in the Dokeos Config settings is * set to test/development server you will get an indication that a language variable * is not translated and a link to a suggestions form of DLTT. * @return language variable '$lang'.$variable or language variable $variable. function get_lang($variable, $notrans = 'DLTT') $ot = '[='; //opening tag for missing vars $ct = '=]'; //closing tag for missing vars $lvv = isset ($GLOBALS['lang'. $variable]) ? $GLOBALS['lang'. $variable] : (isset ($GLOBALS[$variable]) ? $GLOBALS[$variable] : $ot. $variable. $ct); return $ot. 'get_lang(?)'. $ct; global $language_interface, $language_files; //language file specified in tool if (isset ($language_files)) @include ($langpath. $language_interface. '/'. $language_files. '.inc.php'); foreach ($language_files as $index => $language_file) @include ($langpath. $language_interface. '/'. $language_file. '.inc.php'); @ eval ('$langvar = $'. $variable. ';'); // Note (RH): $$var doesn't work with arrays, see PHP doc @ eval ('$langvar = $lang'. $variable. ';'); return $ot. $variable. $ct; $language_file = $language_files; $language_file = implode('.inc.php',$language_files); return $ot. $variable. $ct. "<a href=\"http://www.dokeos.com/DLTT/suggestion.php?file=". $language_file. ".inc.php&variable=$". $variable. "&language=". $language_interface. "\" style=\"color:#FF0000\"><strong>#</strong></a>"; * Gets the current interface language * @return string The current language of the interface global $language_interface; return $language_interface; ============================================================================== ============================================================================== * Check if current user is a platform administrator * @return boolean True if the user has platform admin rights, if($_SESSION['is_platformAdmin']) if($allow_sessions_admins && $_user['status']== SESSIONADMIN) * Check if current user is allowed to create courses * @return boolean True if the user has course creation rights, return $_SESSION["is_allowedCreateCourse"]; * Check if the current user is a course administrator * @return boolean True if current user is a course administrator return $_SESSION["is_courseAdmin"]; * Check if the current user is a course coach * @return bool True if current user is a course coach return $_SESSION['is_courseCoach']; * Check if the current user is a course tutor * @return bool True if current user is a course tutor return $_SESSION['is_courseTutor']; * Check if the current user is a course or session coach * @return boolean True if current user is a course or session coach $sql = "SELECT DISTINCT id, name, date_start, date_end INNER JOIN session_rel_course ORDER BY date_start, date_end, name"; $sql = "SELECT DISTINCT id, name, date_start, date_end ORDER BY date_start, date_end, name"; if(count($sessionIsCoach) > 0) ============================================================================== student view, title, message boxes,... ============================================================================== * Displays the title of a tool. * Normal use: parameter is a string: * api_display_tool_title("My Tool") * Optionally, there can be a subtitle below * the normal title, and / or a supra title above the normal title. * @author Hugues Peeters <hugues.peeters@claroline.net> * @param mixed $titleElement - it could either be a string or an array * containing 'supraTitle', 'mainTitle', $titleElement['mainTitle'] = $tit; if (!empty($titleElement['supraTitle'])) echo '<small>'. $titleElement['supraTitle']. '</small><br>'; if (!empty($titleElement['mainTitle'])) echo $titleElement['mainTitle']; if (!empty($titleElement['subTitle'])) echo '<br><small>'. $titleElement['subTitle']. '</small>';* Display options to switch between student view and course manager view * Changes in version 1.2 (Patrick Cool) * Student view switch now behaves as a real switch. It maintains its current state until the state * Changes in version 1.1 (Patrick Cool) * student view now works correctly in subfolders of the document tool * student view works correctly in the new links tool * Example code for using this in your tools: * //if ( $is_courseAdmin && api_get_setting('student_view_enabled') == 'true' ) * // display_tool_view_option($isStudentView); * //and in later sections, use api_is_allowed_to_edit() * @todo rewrite code so it is easier to understand // Exceptions apply for all multi-frames pages if (strpos($_SERVER['REQUEST_URI'],'chat/chat_banner.php')!== false) { //the chat is a multiframe bit that doesn't work too well with the student_view, so do not show the link // Uncomment to remove student view link from document view page if(strpos($_SERVER['REQUEST_URI'],'document/headerpage.php')!== false) $sourceurl = str_replace('document/headerpage.php','document/showinframes.php',$_SERVER['REQUEST_URI']); //showinframes doesn't handle student view anyway... // Uncomment to remove student view link from document view page if(strpos($_SERVER['REQUEST_URI'],'newscorm/lp_header.php')!== false) if(empty($_GET['lp_id'])) $sourceurl = substr($_SERVER['REQUEST_URI'],0,strpos($_SERVER['REQUEST_URI'],'?')); $sourceurl = str_replace('newscorm/lp_header.php','newscorm/lp_controller.php?'. api_get_cidreq(). '&action=view&lp_id='. intval($_GET['lp_id']). '&isStudentView='. ($_SESSION['studentview']== 'studentview'? 'false': 'true'),$sourceurl); //showinframes doesn't handle student view anyway... // check if the $_SERVER['REQUEST_URI'] contains already url parameters (thus a questionmark) if (!strstr($_SERVER['REQUEST_URI'], "?")) $sourceurl = $_SERVER['REQUEST_URI']; //$sourceurl = str_replace('&', '&', $sourceurl); if(!empty($_SESSION['studentview'])) if ($_SESSION['studentview']== 'studentview') // we have to remove the isStudentView=true from the $sourceurl $sourceurl = str_replace('&isStudentView=true', '', $sourceurl); $sourceurl = str_replace('&isStudentView=false', '', $sourceurl); $output_string .= '<a href="'. $sourceurl. '&isStudentView=false" target="_top">'. get_lang("CourseManagerview"). '</a>'; elseif ($_SESSION['studentview']== 'teacherview') //switching to teacherview $sourceurl = str_replace('&isStudentView=true', '', $sourceurl); $sourceurl = str_replace('&isStudentView=false', '', $sourceurl); $output_string .= '<a href="'. $sourceurl. '&isStudentView=true" target="_top">'. get_lang("StudentView"). '</a>'; $output_string .= '<a href="'. $sourceurl. '&isStudentView=true" target="_top">'. get_lang("StudentView"). '</a>'; * Displays the contents of an array in a messagebox. * @param array $info_array An array with the messages to show foreach ($info_array as $element) $message .= $element. "<br>"; * @param string $debug_info The message to display * @version 1.1, March 2004 $message = "<i>Debug info</i><br>"; * @deprecated, use api_is_allowed_to_edit() instead * Function that removes the need to directly use is_courseAdmin global in * tool scripts. It returns true or false depending on the user's rights in * this particular course. * Optionally checking for tutor and coach roles here allows us to use the * student_view feature altogether with these roles as well. * @param bool Whether to check if the user has the tutor role * @param bool Whether to check if the user has the coach role * @version 1.1, February 2004 * @return boolean, true: the user has the rights to edit, false: he does not if(!$is_courseAdmin && $tutor == true) { //if we also want to check if the user is a tutor... if(!$is_courseAdmin && $coach == true) { //if we also want to check if the user is a coach... { //check if the student_view is enabled, and if so, if it is activated $is_allowed = $is_courseAdmin && $_SESSION['studentview'] != "studentview"; * @param $tool the tool we are checking ifthe user has a certain permission * @param $action the action we are checking (add, edit, delete, move, visibility) * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University //if(!$_SESSION['total_permissions'][$_course['code']] and $_course) // getting the permissions of this user $_SESSION['total_permissions'][$_course['code']] = $user_permissions; // getting the permissions of the task /* !!! */$_SESSION['total_permissions'][$_course['code']] = $task_permissions; //print_r($_SESSION['total_permissions']); // getting the permissions of the groups of the user //$groups_of_user = GroupManager::get_group_ids($_course['db_name'], $_user['user_id']); //foreach($groups_of_user as $group) //$this_group_permissions = get_permissions('group', $group); // getting the permissions of the courseroles of the user // getting the permissions of the platformroles of the user //$user_platformrole_permissions = get_roles_permissions('user', $_user['user_id'], ', platform'); // getting the permissions of the roles of the groups of the user //foreach($groups_of_user as $group) //$this_group_courserole_permissions = get_roles_permissions('group', $group); // getting the permissions of the platformroles of the groups of the user //foreach($groups_of_user as $group) //$this_group_platformrole_permissions = get_roles_permissions('group', $group, 'platform'); // ifthe permissions are limited we have to map the extended ones to the limited ones if($action == 'Visibility') // the session that contains all the permissions already exists for this course // so there is no need to requery everything. //my_print_r($_SESSION['total_permissions'][$_course['code']][$tool]); if(in_array($action, $_SESSION['total_permissions'][$_course['code']][$tool])) * Tells whether this user is an anonymous user * @param int User ID (optional, will take session ID if not provided) * @param bool Whether to check in the database (true) or simply in the session (false) to see if the current user is the anonymous user * @return bool true if this user is anonymous, false otherwise //in some cases, api_set_anonymous doesn't seem to be //triggered in local.inc.php. Make sure it is. //Occurs in agenda for admin links - YW if(isset ($use_anonymous) && $use_anonymous == true) if(isset ($_user['is_anonymous']) and $_user['is_anonymous'] === true) * Displays message "You are not allowed here..." and exits the entire script. * @param bool Whether or not to print headers (default = false -> does not print them) * @author Yannick Warnier * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @version 1.0, February 2004 * @version dokeos 1.8, August 2006 && (!isset ($course) || $course==- 1) && empty($_GET['cidReq'])) {//if the access is not authorized and there is some login information // but the cidReq is not found, assume we are missing course data and send the user echo '<div align="center">'; elseif(!empty($_SERVER['REQUEST_URI']) && !empty($_GET['cidReq'])) //only display form and return to the previous URL if there was a course ID included echo '<div align="center">'; $form->addElement('static',null,null,'Username'); $form->addElement('text','login','',array('size'=> 15)); $form->addElement('static',null,null,'Password'); $form->addElement('password','password','',array('size'=> 15)); $form->addElement('submit','submitAuth',get_lang('Ok')); $test = $form->return_form(); echo '<div align="center">'; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; echo '<div align="center">'; //if no course ID was included in the requested URL, redirect to homepage echo '<div align="center">';============================================================================== functions for the what's new icons ============================================================================== * @param $last_post_datetime standard output date in a sql query * @author Toon Van Hoecke <Toon.VanHoecke@UGent.be> * @desc convert sql date to unix timestamp list ($last_post_date, $last_post_time) = split(" ", $last_post_datetime); list ($year, $month, $day) = explode("-", $last_post_date); list ($hour, $min, $sec) = explode(":", $last_post_time); $announceDate = mktime($hour, $min, $sec, $month, $day, $year); * Gets item visibility from the item_property table * @param array Course properties array (result of api_get_course_info()) * @param string Tool (learnpath, document, etc) * @param int The item ID in the given tool * @return int -1 on error, 0 if invisible, 1 if visible if(!is_array($_course) or count($_course)== 0 or empty($tool) or empty($id)) return - 1; $sql = "SELECT * FROM $TABLE_ITEMPROPERTY WHERE tool = '$tool' AND ref = $id"; return $row['visibility']; * Updates or adds item properties to the Item_propetry table * Tool and lastedit_type are language independant strings (langvars->get_lang!) * @param $_course : array with course properties * @param $tool : tool id, linked to 'rubrique' of the course tool_list (Warning: language sensitive !!) * @param $item_id : id of the item itself, linked to key of every tool ('id', ...), "*" = all items of the tool * @param $lastedit_type : add or update action (1) message to be translated (in trad4all) : e.g. DocumentAdded, DocumentUpdated; * (2) "delete"; (3) "visible"; (4) "invisible"; * @param $user_id : id of the editing/adding user * @param $to_group_id : id of the intended group ( 0 = for everybody), only relevant for $type (1) * @param $to_user_id : id of the intended user (always has priority over $to_group_id !), only relevant for $type (1) * @param string $start_visible 0000-00-00 00:00:00 format * @param unknown_type $end_visible 0000-00-00 00:00:00 format * @return boolean False if update fails. * @author Toon Van Hoecke <Toon.VanHoecke@UGent.be>, Ghent University * @desc update the item_properties table (if entry not exists, insert) of the course function api_item_property_update($_course, $tool, $item_id, $lastedit_type, $user_id, $to_group_id = 0, $to_user_id = NULL, $start_visible = 0, $end_visible = 0) $time = date("Y-m-d H:i:s", $time); $to_user_id = NULL; //no to_user_id set $start_visible = ($start_visible == 0) ? "0000-00-00 00:00:00" : $start_visible; $end_visible = ($end_visible == 0) ? "0000-00-00 00:00:00" : $end_visible; // set filters for $to_user_id and $to_group_id, with priority for $to_user_id $filter = "tool='$tool' AND ref='$item_id'"; $filter = "tool='$tool' AND visibility<>'2'"; // for all (not deleted) items of the tool // check if $to_user_id and $to_group_id are passed in the function call // if both are not passed (both are null) then it is a message for everybody and $to_group_id should be 0 ! $to_filter = " AND to_user_id='$to_user_id'"; // set filter to intended user $to_filter = " AND to_group_id='$to_group_id'"; // set filter to intended group case "delete" : // delete = make item only visible for the platform admin $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id', visibility='$visibility' $set_type case "visible" : // change item to visible $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id', visibility='$visibility' $set_type case "invisible" : // change item to invisible $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id', visibility='$visibility' $set_type default : // item will be added or updated $set_type = ", lastedit_type='$lastedit_type' "; $sql = "UPDATE $TABLE_ITEMPROPERTY SET lastedit_date='$time', lastedit_user_id='$user_id' $set_type // insert if no entries are found (can only happen in case of $lastedit_type switch is 'default') if (!is_null($to_user_id)) // $to_user_id has more priority than $to_group_id $to_field = "to_user_id"; else // $to_user_id is not set $to_field = "to_group_id"; $to_value = $to_group_id; $sql = "INSERT INTO $TABLE_ITEMPROPERTY (tool, ref, insert_date,insert_user_id,lastedit_date,lastedit_type, lastedit_user_id,$to_field, visibility, start_visible, end_visible) VALUES ('$tool','$item_id','$time', '$user_id', '$time', '$lastedit_type','$user_id', '$to_value','$visibility','$start_visible','$end_visible')"; ============================================================================== ============================================================================== * Displays a form (drop down menu) so the user can select his/her preferred language. * The form works with or without javascript // retrieve a complete list of all the languages. // the the current language of the user so that his/her language occurs as selected in the dropdown menu if(isset ($_SESSION['user_language_choice'])) $user_selected_language = $_SESSION['user_language_choice']; if (!isset ($user_selected_language)) $user_selected_language = $platformLanguage; $original_languages = $language_list['name']; $folder = $language_list['folder']; // this line is probably no longer needed <script language="JavaScript" type="text/JavaScript"> function jumpMenu(targ,selObj,restore){ //v3.0 eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'"); if (restore) selObj.selectedIndex=0; echo "<form id=\"lang_form\" name=\"lang_form\" method=\"post\" action=\"". api_get_self(). "\">", "<select name=\"language_list\" onchange=\"jumpMenu('parent',this,0)\">"; foreach ($original_languages as $key => $value) if ($folder[$key] == $user_selected_language) $option_end = " selected=\"selected\" >"; echo "<option value=\"". api_get_self(). "?language=". $folder[$key]. "\"$option_end"; #echo substr($value,0,16); #cut string to keep 800x600 aspect echo "<noscript><input type=\"submit\" name=\"user_select_language\" value=\"". get_lang("Ok"). "\" /></noscript>";* Return a list of all the languages that are made available by the admin. * @return array An array with all languages. Structure of the array is * array['name'] = An array with the name of every language * array['folder'] = An array with the corresponding dokeos-folder $sql = "SELECT * FROM $tbl_language WHERE available='1' ORDER BY original_name ASC"; $language_list['name'][] = $row['original_name']; $language_list['folder'][] = $row['dokeos_folder']; * Get language isocode column from the language table, taking the current language as a query * @return string The isocode (two-letters code or 5 letters code, fr or fr-BE) or null if error * Returns a list of CSS themes currently available in the CSS folder * @return array List of themes directories from the css folder foreach($themes as $theme) ============================================================================== functions for the WYSIWYG html editor, TeX parsing... ============================================================================== * Displays the FckEditor WYSIWYG editor for online editing of html * @param string $name The name of the form-element * @param string $content The default content of the html-editor * @param int $height The height of the form element * @param int $width The width of the form element * @param string $optAttrib optional attributes for the form element function api_disp_html_area($name, $content = '', $height = '', $width = '100%', $optAttrib = '') global $_configuration, $_course, $fck_attribute; require_once(dirname(__FILE__ ). '/formvalidator/Element/html_editor.php'); $editor->setValue($content); $fck_attribute['Height'] = $height; $fck_attribute['Width'] = $width; global $_configuration, $_course, $fck_attribute; require_once(dirname(__FILE__ ). '/formvalidator/Element/html_editor.php'); $editor->setValue($content); $fck_attribute['Height'] = $height; $fck_attribute['Width'] = $width; return $editor->toHtml(); * Wrapper function for the standard php mail() function. Change this function * to your needs. The parameters must follow the same rules as the standard php * mail() function. Please look at the documentation on http: //www. php. * net/manual/en/function. mail.php * @param string $additional_headers * @param string $additional_parameters function api_send_mail($to, $subject, $message, $additional_headers = null, $additional_parameters = null) return mail($to, $subject, $message, $additional_headers, $additional_parameters); * Find the largest sort value in a given user_course_category * This function is used when we are moving a course to a different category * and also when a user subscribes to a courses (the new courses is added to the end * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @param int $user_course_category: the id of the user_course_category * @return int the value of the highest sort of the user_course_category $sql_max = "SELECT max(sort) as max_sort FROM $tbl_course_user WHERE user_id='". $user_id. "' AND user_course_cat='". $user_course_category. "'"; $max_sort = $row_max['max_sort']; * This function converts the string "true" or "false" to a boolean true or false. * This function is in the first place written for the Dokeos Config Settings (also named AWACS) * @param string "true" or "false" * @return boolean true or false * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * Determines the number of plugins installed for a given location if (isset ($_plugins[$location]) && is_array($_plugins[$location])) return count($_plugins[$location]); * including the necessary plugins * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University if (isset ($_plugins[$location]) && is_array($_plugins[$location])) foreach ($_plugins[$location] as $this_plugin) * Checks to see wether a certain plugin is installed. * @return boolean true if the plugin is installed, false otherwise. foreach ($plugin_list as $plugin_location) if ( array_search($plugin_name, $plugin_location) !== false ) return true; * Apply parsing to content to parse tex commandos that are seperated by [tex] * [/tex] to make it readable for techexplorer plugin. * @param string $text The text to parse * @return string The text after parsing. * @author Patrick Cool <patrick.cool@UGent.be> if (strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) $textext = str_replace(array ("[tex]", "[/tex]"), array ("<object classid=\"clsid:5AFAB315-AD87-11D3-98BB-002035EFB1A4\"><param name=\"autosize\" value=\"true\" /><param name=\"DataType\" value=\"0\" /><param name=\"Data\" value=\"", "\" /></object>"), $textext); $textext = str_replace(array ("[tex]", "[/tex]"), array ("<embed type=\"application/x-techexplorer\" texdata=\"", "\" autosize=\"true\" pluginspage=\"http://www.integretechpub.com/techexplorer/\">"), $textext); * Transform a number of seconds in hh:mm:ss format * @author Julian Prud'homme * @param integer the number of seconds * @return string the formated time $hours = floor($seconds / 3600); $min = floor(($seconds - ($hours * 3600)) / 60); $sec = floor($seconds - ($hours * 3600) - ($min * 60)); return $hours. ":". $min. ":". $sec; * function adapted from a php.net comment * copy recursively a folder * @param the source folder * @param an array of excluded file_name (without extension) * @param copied_files the returned array of copied files function copyr($source, $dest, $exclude= array(), $copied_files= array()) // Simple copy for a file if(!in_array($path_infos['filename'], $exclude)) // Make destination directory // Loop through the folder while (false !== $entry = $dir->read()) { if ($entry == '.' || $entry == '..') { if ($dest !== "$source/$entry") { $zip_files = copyr("$source/$entry", "$dest/$entry", $exclude, $copied_files); return chmod($path, $filemode); if($file != '.' && $file != '..') { $fullpath = $path. '/'. $file; if (!chmod($fullpath, $filemode)) if(chmod($path, $filemode)) * Get Dokeos version from the configuration files * @return string A string of type "1.8.4", or an empty string if the version could not be found if(!empty($_configuration['dokeos_version'])) return $_configuration['dokeos_version']; * Check if status given in parameter exists in the platform * @param mixed the status (can be either int either string) * @return true if the status exists, else returns false if(in_array($status_asked, $_status_list)) return isset ($_status_list[$status_asked]); * Check if status given in parameter exists in the platform * @param mixed the status (can be either int either string) * @return true if the status exists, else returns false if(isset ($_status_list[$status])) * get the status langvars list * @return array the list of status with their translations * Sets a platform configuration setting to a given value * @param string The variable we want to update * @param string The value we want to record * @param string The sub-variable if any (in most cases, this will remain null) * @param string The category if any (in most cases, this will remain null) * @param int The access_url for which this parameter is valid if(empty($var)) { return false; } $access_url = (int) $access_url; if(empty($access_url)){$access_url= 1;} $select = "SELECT * FROM $t_settings WHERE variable = '$var' "; $select .= " AND subkey = '$subvar'"; $select .= " AND category = '$cat'"; $select .= " AND access_url = $access_url"; $select .= " AND access_url = 1 "; { //found item for this access_url $update = "UPDATE $t_settings SET selected_value = '$value' WHERE id = ". $row['id']; { //item not found for this access_url, we have to check if the whole thing is missing //(in which case we ignore the insert) or if there *is* a record but just for access_url=1 $select = "SELECT * FROM $t_settings WHERE variable = '$var' AND access_url = 1 "; $select .= " AND subkey = '$subvar'"; $select .= " AND category = '$cat'"; { //we have a setting for access_url 1, but none for the current one, so create one $insert = "INSERT INTO $t_settings " . "selected_value,title," . "subkeytext,access_url)" . "('". $row['variable']. "',". (!empty($row['subkey'])? "'". $row['subkey']. "'": "NULL"). "," . "'". $row['type']. "','". $row['category']. "'," . "'$value','". $row['title']. "'," . "". (!empty($row['comment'])? "'". $row['comment']. "'": "NULL"). ",'". (!empty($row['scope'])? "'". $row['scope']. "'": "NULL"). "'," . "'". (!empty($row['subkeytext'])? "'". $row['subkeytext']. "'": "NULL"). "',$access_url)"; { // this setting does not exist error_log(__FILE__. ':'.__LINE__. ': Attempting to update setting '. $var. ' ('. $subvar. ') which does not exist at all',0); * Sets a whole category of settings to one specific value * @param int Access URL. Optional. Defaults to 1 if(empty($category)){return false;} $access_url = (int) $access_url; if(empty($access_url)){$access_url= 1;} $sql = "UPDATE $t_s SET selected_value = '$value' WHERE category = '$category' AND access_url = $access_url"; if($res === false){ return false; } $sql = "UPDATE $t_s SET selected_value = NULL WHERE category = '$category' AND access_url = $access_url"; if($res === false){ return false; } * Get all available access urls in an array (as in the database) * @return array Array of database records $sql = "SELECT id, url, description, active, created_by, tms FROM $t_au ORDER BY $order $direction LIMIT $to OFFSET $from"; * Adds an access URL into the database * @param string Description * @param int Active (1= active, 0=disabled) * @return int The new database id, or the existing database id if this url already exists $sql = "SELECT * FROM $t_au WHERE url LIKE '$u'"; //problem querying the database - return false $sql = "INSERT INTO $t_au (url,description,active,created_by,tms)" . " VALUES ('$u','$d',$a,$ui,'')"; if($res === false){return false;} * Gets all the current settings for a specific access url * @param string The category, if any, that we want to get * @param string Whether we want a simple list (display a catgeory) or a grouped list (group by variable as in settings.php default). Values: 'list' or 'group' * @param int Access URL's ID. Optional. Uses 1 by default, which is the unique URL * @return array Array of database results for the current settings of the current access URL $access_url = (int) $access_url; if(empty($access_url)){$access_url= 1;} $sql = "SELECT id, variable, subkey, type, category, selected_value, title, comment, scope, subkeytext, access_url, access_url_changeable " . " FROM $t_cs WHERE access_url = $access_url "; $sql .= " AND category='$cat' "; $sql .= " GROUP BY variable ORDER BY id ASC"; $sql .= " ORDER BY 1,2 ASC"; if($res === false){return $results;} * Gets the distinct settings categories * @param array Array of strings giving the categories we want to exclude * @param int Access URL. Optional. Defaults to 1 * @return array A list of categories $access_url = (int) $access_url; $list = "'". implode("','",$exceptions). "'"; $sql = "SELECT DISTINCT category FROM $t_cs"; if($list != "'',''" and $list != "''" and !empty($list)) $sql .= " WHERE category NOT IN ($list)"; * @return boolean False on failure, true on success if(empty($v)){return false;} $sql = "DELETE FROM $t_cs WHERE variable = '$v' AND subkey = '$s' AND access_url = $a"; $sql = "DELETE FROM $t_cs WHERE variable = '$v' AND access_url = $a"; * Delete all the settings from one category * @return boolean False on failure, true on success if(empty($c)){return false;} $sql = "DELETE FROM $t_cs WHERE category = '$c' AND access_url = $a"; * Sets a platform configuration setting to a given value * @param string The value we want to record * @param string The variable name we want to insert * @param string The subkey for the variable we want to insert * @param string The type for the variable we want to insert * @param string The category for the variable we want to insert * @param string The title * @param string The comment * @param string The scope * @param string The subkey text * @param int The access_url for which this parameter is valid * @param int The changeability of this setting for non-master urls * @return boolean true on success, false on failure function api_add_setting($val,$var,$sk= null,$type= 'textfield',$c= null,$title= '',$com= '',$sc= null,$skt= null,$a= 1,$v= 0) if(empty($var) or !isset ($val)) { return false; } //check if this variable doesn't exist already $select = "SELECT * FROM $t_settings WHERE variable = '$var' "; $select .= " AND subkey = '$sk'"; $select .= " AND access_url = $a"; $select .= " AND access_url = 1 "; { //found item for this access_url { //item not found for this access_url, we have to check if the whole thing is missing //(in which case we ignore the insert) or if there *is* a record but just for access_url=1 $insert = "INSERT INTO $t_settings " . "(variable,selected_value," . "subkeytext,access_url,access_url_changeable)" . " VALUES ('$var','$val',"; if(isset ($title)) //title if(isset ($com)) //comment if(isset ($skt)) //subkey text
|
