Commit aa0c18bc authored by User expired's avatar User expired
Browse files

Merge branch 'uibk' of git.uibk.ac.at:c102215/tcexam_uibk into uibk

parents 7956300f 1d36c5d6
......@@ -42,7 +42,6 @@ require_once('../code/tce_page_header.php');
require_once('../../shared/code/tce_functions_form.php');
require_once('../../shared/code/tce_functions_otp.php');
require_once('tce_functions_user_select.php');
require_once('tce_functions_uibk_addons.php');
if (isset($_REQUEST['user_id'])) {
$user_id = intval($_REQUEST['user_id']);
......@@ -79,23 +78,7 @@ switch($menu_mode) { // process submitted data
F_print_error('ERROR', $l['m_authorization_denied']);
break;
}
//user can't be deleted if they own any tests or modules -> pass rights to other user
if (F_check_user_in_tables($user_id)){
F_print_error('WARNING', $l['m_user_found_in_tables']);
?>
<div class="confirmbox">
<form action="<?php echo 'tce_inheritfrom_user.php?user_id_old='.$user_id; ?>" method="post" enctype="multipart/form-data" id="form_inherit">
<div>
<input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" />
<input type="hidden" name="user_name" id="user_name" value="<?php echo stripslashes($user_name); ?>" />
<?php F_submit_button('inherit', $l['w_inherit'], $l['h_inherit']); ?>
</div>
</form>
</div>
<?php
break;
}
else F_print_error('WARNING', $l['m_delete_confirm']);
F_print_error('WARNING', $l['m_delete_confirm']);
?>
<div class="confirmbox">
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" enctype="multipart/form-data" id="form_delete">
......
......@@ -196,32 +196,6 @@ function F_show_select_questions_only($wherequery, $subject_module_id, $subject_
echo $questlist;
return TRUE;
}
/**
* check if user_id can be found in any tables
* tables involved: subjects, tests
* @author Ewald Strohmar-Mauler
* @since 2016-11
* @param $user_id (string) user id
* @return false in case of empty result, true otherwise
*/
function F_check_user_in_tables($user_id) {
global $l, $db;
$sql = 'SELECT * FROM '.K_TABLE_SUBJECTS.' WHERE subject_user_id = ' . $user_id .';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
} else {
$num = F_db_num_rows($r);
if ($num > 0) return true;
}
$sql = 'SELECT * FROM '.K_TABLE_TESTS.' WHERE test_user_id = ' . $user_id .';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
} else {
$num = F_db_num_rows($r);
if ($num > 0) return true;
}
return false;
}
//============================================================+
......
<?php
//============================================================+
// File name : tce_inheritfrom_user.php
// Begin : 2017-01-10
// Last Update : 2017-
//
// Description : Form to pass user's rights on modules and tests to another user
//
// Author: ESM
//
//============================================================+
/**
* @file
* Form to pass user's rights on modules and tests to another user
* @package com.tecnick.tcexam.admin
* @author ESM
* @since 2017-01-10
*/
require_once('../config/tce_config.php');
$pagelevel = K_AUTH_ADMIN_USERS;
require_once('../../shared/code/tce_authorization.php');
$thispage_title = $l['t_user_inherit'];
$goback= false;
require_once('../code/tce_page_header.php');
require_once('../../shared/code/tce_functions_form.php');
require_once('../../shared/code/tce_functions_otp.php');
require_once('tce_functions_user_select.php');
if (isset($_REQUEST['user_id_old'])) {
$user_id_old = intval($_REQUEST['user_id_old']);
if (!F_isAuthorizedEditorForUser($user_id_old)) {
F_print_error('ERROR', $l['m_authorization_denied']);
exit;
}
}
if (isset($_REQUEST['user_id'])) {
$user_id = intval($_REQUEST['user_id']);
if (!F_isAuthorizedEditorForUser($user_id)) {
F_print_error('ERROR', $l['m_authorization_denied']);
exit;
}
}
if (isset($_REQUEST['group_id'])) {
$group_id = intval($_REQUEST['group_id']);
if (!F_isAuthorizedEditorForGroup($group_id)) {
F_print_error('ERROR', $l['m_authorization_denied']);
exit;
}
}
if (isset($_REQUEST['user_level'])) {
$user_level = intval($_REQUEST['user_level']);
if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
if ($user_id_old == $_SESSION['session_user_id']) {
// you cannot change your own level
$user_level = $_SESSION['session_user_level'];
} else {
// you cannot create a user with a level equal or higher than yours
$user_level = min(max(0, ($_SESSION['session_user_level'] - 1)), $user_level);
}
}
}
switch($menu_mode) { // process submitted data
case 'update':{
if (!isset($_REQUEST['user_id_old']) OR !isset($_REQUEST['user_id'] )) {
F_print_error('WARNING', $l['m_form_missing_fields']);
F_stripslashes_formfields();
break;
}
//db update
$sql = 'UPDATE '.K_TABLE_MODULES.' SET
module_user_id='.$_POST["user_id"].'
WHERE module_user_id='.$_POST["user_id_old"].';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
}
$sql = 'UPDATE '.K_TABLE_SUBJECTS.' SET
subject_user_id='.$_POST["user_id"].'
WHERE subject_user_id='.$_POST["user_id_old"].';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
}
$sql = 'UPDATE '.K_TABLE_TESTS.' SET
test_user_id='.$_POST["user_id"].'
WHERE test_user_id = ' . $_POST["user_id_old"] .';';
if (!$r = F_db_query($sql, $db)) {
F_display_db_error(false);
}
F_print_error('MESSAGE', $l['m_user_updated']);
//go back to tce_edit_user
$goback = true;
break;
}
default :{
break;
}
} //end of switch
echo '<div class="container">'.K_NEWLINE;
echo '<div class="tceformbox">'.K_NEWLINE;
echo '<form action="'.$_SERVER['SCRIPT_NAME'].'" method="post" enctype="multipart/form-data" id="form_userinherit">'.K_NEWLINE;
//old user
echo '<div class="row">'.K_NEWLINE;
echo '<span class="label">'.K_NEWLINE;
echo '<label for="user_id_old">'.$l['w_user_old'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
echo '<select name="user_id_old" id="user_id_old" size="0" onchange="document.getElementById(\'form_userinherit\').submit()">'.K_NEWLINE;
echo '<option value="0" style="background-color:#009900;color:white;"';
echo '>+</option>'.K_NEWLINE;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE user_id='. $_REQUEST["user_id_old"].";";
if ($r = F_db_query($sql, $db)) {
$countitem = 1;
while($m = F_db_fetch_array($r)) {
echo '<option value="'.$m['user_id'].'"';
if ($m['user_id'] == $user_id_old) {
echo ' selected="selected"';
}
echo '>'.$countitem.'. '.htmlspecialchars($m['user_lastname'].' '.$m['user_firstname'].' - '.$m['user_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
$countitem++;
}
} else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</select>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo "<br /><br />";
//new user
echo '<div class="row">'.K_NEWLINE;
echo '<span class="label">'.K_NEWLINE;
echo '<label for="user_id">'.$l['w_user_new'].'</label>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '<span class="formw">'.K_NEWLINE;
echo '<select name="user_id" id="user_id" size="0" onchange="document.getElementById(\'form_usereditor\').submit()">'.K_NEWLINE;
echo '<option value="0" style="background-color:#009900;color:white;"';
$user_id = FALSE;
echo '>+</option>'.K_NEWLINE;
$sql = 'SELECT user_id, user_lastname, user_firstname, user_name FROM '.K_TABLE_USERS.' WHERE (user_id>1 AND user_level >= 6)';
$sql .= ' ORDER BY user_lastname, user_firstname, user_name';
F_print_error('INFO', $sql);
if ($r = F_db_query($sql, $db)) {
$countitem = 1;
while($m = F_db_fetch_array($r)) {
echo '<option value="'.$m['user_id'].'"';
echo '>'.$countitem.'. '.htmlspecialchars($m['user_lastname'].' '.$m['user_firstname'].' - '.$m['user_name'].'', ENT_NOQUOTES, $l['a_meta_charset']).'</option>'.K_NEWLINE;
$countitem++;
}
} else {
echo '</select></span></div>'.K_NEWLINE;
F_display_db_error();
}
echo '</select>'.K_NEWLINE;
echo '</span>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo getFormNoscriptSelect('selectrecord');
echo '<div class="row"><hr /></div>'.K_NEWLINE;
if (!$goback){
F_submit_button('update', $l['w_inherit'], $l['h_inherit']);
} else
{
echo '<a href="tce_edit_user.php?user_id='.$_POST["user_id_old"].'" class="xmlbutton">'.$l['w_back'].'</a>';
}
echo '<input type="hidden" name="user_name_new" id="user_name_new" value="'.$user_id .'" />'.K_NEWLINE;
echo '<input type="hidden" name="ff_required" id="ff_required" value="user_name" />'.K_NEWLINE;
echo '<input type="hidden" name="ff_required_labels" id="ff_required_labels" value="'.htmlspecialchars($l['w_name'], ENT_COMPAT, $l['a_meta_charset']).'" />'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo '</form>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
echo '</div>'.K_NEWLINE;
require_once('../code/tce_page_footer.php');
//============================================================+
// END OF FILE
//============================================================+
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment