Merge branch '1.11.x' of github.com:chamilo/chamilo-lms into 1.11.x

Author: ywarnier

app/config/mail.conf.dist.php

@@ -40,6 +40,7 @@
 $platform_email['DKIM_DOMAIN'] = 'mydomain.com'; //the domain for e-mail sending, not necessarily api_get_path(WEB_PATH)
 $platform_email['DKIM_PRIVATE_KEY_STRING'] = ''; //the private key in a string format
 $platform_email['DKIM_PRIVATE_KEY'] = ''; //the private key as the path to a file. The file needs to be accessible to PHP!
+$platform_email['DKIM_PASSPHRASE'] = ''; //the passohrase for the private key defined in the last 2 lines
 // Some e-mail clients do not understand the descriptive LD+JSON format,
 // showing it as a loose JSON string to the final user. If this is your case,
 // you might want to set the variable below to 'false' to disable this header.

main/admin/add_users_to_usergroup.php

@@ -25,6 +25,7 @@
 
 // setting the name of the tool
 $tool_name = get_lang('SubscribeUsersToClass');
+$showAllStudentByDefault = api_get_configuration_value('usergroup_add_user_show_all_student_by_default');
 
 $htmlHeadXtra[] = '
 <script>
@@ -35,6 +36,11 @@
     });
 });
 
+function activeUsers(originalUrl) {
+    var searchValue = document.getElementById("first_letter_user").value;
+    window.location.href = originalUrl + "&firstLetterUser=" + encodeURIComponent(searchValue);
+}
+
 function add_user_to_session (code, content) {
     document.getElementById("user_to_add").value = "";
     document.getElementById("ajax_list_users_single").innerHTML = "";
@@ -87,7 +93,7 @@ function change_select(reset) {
     if (reset) {
         document.formulaire["first_letter_user"].value = "";
 
-        if ('.(api_get_configuration_value('usergroup_add_user_show_all_student_by_default') ? 0 : 1).') {
+        if ('.($showAllStudentByDefault ? 0 : 1).') {
             document.formulaire["form_sent"].value = "1";
 
             return;
@@ -129,10 +135,10 @@ function change_select(reset) {
 
 $first_letter_user = '';
 
-if (isset($_POST['form_sent']) && $_POST['form_sent']) {
+if ((isset($_POST['form_sent']) && $_POST['form_sent']) || isset($_REQUEST['firstLetterUser'])) {
     $form_sent = $_POST['form_sent'];
     $elements_posted = $_POST['elements_in_name'] ?? null;
-    $first_letter_user = $_POST['firstLetterUser'];
+    $first_letter_user = Security::remove_XSS($_REQUEST['firstLetterUser']);
 
     if (!is_array($elements_posted)) {
         $elements_posted = [];
@@ -247,7 +253,9 @@ function change_select(reset) {
 }
 
 $activeUser = isset($_REQUEST['active_users']) ? (int) $_REQUEST['active_users'] : null;
-$conditions['active'] = $activeUser;
+if (1 === $activeUser) {
+    $conditions['active'] = $activeUser;
+}
 
 $filterData = [];
 if ($searchForm->validate()) {
@@ -268,7 +276,7 @@ function change_select(reset) {
 foreach ($list_in as $listedUserId) {
     $userInfo = api_get_user_info($listedUserId);
 
-    if (isset($activeUser) && ((int) $activeUser != $userInfo['active'])) {
+    if (1 === $activeUser && empty($userInfo['active'])) {
         $hideElementsIn[] = $listedUserId;
         continue;
     }
@@ -279,7 +287,7 @@ function change_select(reset) {
 $user_with_any_group = !empty($_REQUEST['user_with_any_group']);
 $user_list = [];
 
-if (!empty($conditions)) {
+if (!(!$showAllStudentByDefault && !isset($_POST['firstLetterUser']) && !isset($_REQUEST['active_users'])) && !$user_with_any_group) {
     $user_list = UserManager::getUserListLike($conditions, $order, true, 'OR');
 }
 
@@ -306,17 +314,16 @@ function change_select(reset) {
             continue;
         }
 
-        if (isset($activeUser) && ((int) $activeUser != $item['active'])) {
-            continue;
-        }
-
         if (!in_array($item['user_id'], $list_in)) {
             $elements_not_in[$item['user_id']] = formatCompleteName($item, $orderListByOfficialCode);
         }
     }
 }
 
-if (api_get_configuration_value('usergroup_add_user_show_all_student_by_default')
+if (!$showAllStudentByDefault && !isset($_POST['firstLetterUser']) && !isset($_REQUEST['active_users'])) {
+    $elements_not_in = [];
+}
+if ($showAllStudentByDefault
     && empty($elements_not_in)
     && empty($first_letter_user)
 ) {
@@ -362,13 +369,13 @@ function formatCompleteName(array $userInfo, bool $orderListByOfficialCode): str
 echo '<a href="'.api_get_self().'?id='.$id.'&action=export">'.
     Display::return_icon('export_csv.png', get_lang('Export'), [], ICON_SIZE_MEDIUM).'</a>';
 
-$newUrl = api_get_self().'?id='.$id.'&active_users=1';
-$buttonLabel = get_lang('OnlyShowActiveUsers');
-if ($activeUser) {
-    $buttonLabel = get_lang('ShowAllUsers') ;
-    $newUrl = api_get_self().'?id='.$id;
-}
-echo '<a href="' . htmlspecialchars($newUrl) . '" class="btn btn-default">' . $buttonLabel . '</a>';
+$isActiveUser = !empty($activeUser);
+$activeUsersParam = $isActiveUser ? '0' : '1';
+$newUrl = api_get_self() . '?id=' . $id . '&active_users=' . $activeUsersParam;
+$buttonLabelKey = $isActiveUser ? 'ShowAllUsers' : 'OnlyShowActiveUsers';
+$buttonLabel = get_lang($buttonLabelKey);
+
+echo '<a href="#" onclick="activeUsers(\'' . htmlspecialchars($newUrl) . '\'); return false;" class="btn btn-default">' . $buttonLabel . '</a>';
 
 echo '</div>';
 

main/admin/index.php

@@ -194,6 +194,15 @@
                 return !in_array($item['url'], $urls);
             });
         }
+
+        $allowJustification = ((api_get_plugin_setting('justification', 'tool_enable') === 'true') && (api_get_plugin_setting('justification', 'access_for_session_admin') === 'true'));
+        if ($allowJustification) {
+            $items[] = [
+                'class' => 'item-justification-list',
+                'url' => api_get_path(WEB_PLUGIN_PATH).'justification/list.php',
+                'label' => get_lang('Justification'),
+            ];
+        }
     }
 
     if (api_get_configuration_value('allow_session_admin_extra_access')) {

main/admin/statistics/index.php

@@ -1501,7 +1501,7 @@
         foreach ($intervals as $minutes) {
             $sql = "SELECT count(distinct(user_id))
                 FROM $table WHERE
-                DATE_ADD(tms, INTERVAL '$minutes' MINUTE) > UTC_TIMESTAMP()";
+                tms > DATE_SUB(UTC_TIMESTAMP(), INTERVAL '$minutes' MINUTE)";
             $query = Database::query($sql);
             $counts[$minutes] = 0;
             if (Database::num_rows($query) > 0) {

main/admin/user_import.php

@@ -153,6 +153,8 @@ function validate_data($users, $checkUniqueEmail = false)
                 } else {
                     $userFromEmail = api_get_user_info_from_email($user['Email']);
                     if (!empty($userFromEmail)) {
+                        $user['id'] = $userFromEmail['id'];
+                        $user['UserName'] = $userFromEmail['username'];
                         $user['message'] .= Display::return_message(get_lang('EmailUsedTwice'), 'warning');
                         $user['has_error'] = true;
                     } else {

main/admin/user_list.php

@@ -476,22 +476,44 @@ function get_user_data($from, $number_of_items, $column, $direction)
                 $user[7] = '-1';
             }
         }
-
-        // forget about the expiration date field
-        $users[] = [
-            $user[0], // id
-            $photo,
-            $user[1],
-            $user[2],
-            $user[3],
-            $user[4], // username
-            $user[5], // email
-            $user[6],
-            $user[7], // active
-            api_get_local_time($user[8]),
-            api_get_local_time($user[9], null, null, true),
-            $user[0],
-        ];
+        if (api_get_configuration_value('admin_user_list_add_first_connexion_column')) {
+            $firstConnectionDate = Tracking::get_first_connection_date($user[0]);
+            if ($firstConnectionDate == '') {
+                $firstConnectionDate = get_lang('NoConnexion');
+            }
+            // forget about the expiration date field
+            $users[] = [
+                $user[0], // id
+                $photo,
+                $user[1],
+                $user[2],
+                $user[3],
+                $user[4], // username
+                $user[5], // email
+                $user[6],
+                $user[7], // active
+                api_get_local_time($user[8]),
+                api_get_local_time($user[9], null, null, true),
+                $firstConnectionDate,
+                $user[0],
+            ];
+        } else {
+            // forget about the expiration date field
+            $users[] = [
+                $user[0], // id
+                $photo,
+                $user[1],
+                $user[2],
+                $user[3],
+                $user[4], // username
+                $user[5], // email
+                $user[6],
+                $user[7], // active
+                api_get_local_time($user[8]),
+                api_get_local_time($user[9], null, null, true),
+                $user[0],
+            ];
+        }
     }
 
     return $users;
@@ -542,7 +564,7 @@ function modify_filter($user_id, $url_params, $row)
     $is_admin = in_array($user_id, $_admins_list);
     $statusname = api_get_status_langvars();
     $user_is_anonymous = false;
-    $current_user_status_label = $row['7'];
+    $current_user_status_label = $statusname[$row['7']];
 
     if ($current_user_status_label == $statusname[ANONYMOUS]) {
         $user_is_anonymous = true;
@@ -1077,14 +1099,20 @@ class="btn btn-default advanced_options" onclick="display_advanced_search_form()
 $table->set_header(8, get_lang('Active'));
 $table->set_header(9, get_lang('RegistrationDate'));
 $table->set_header(10, get_lang('LatestLogin'));
-$table->set_header(11, get_lang('Action'), false);
+if (api_get_configuration_value('admin_user_list_add_first_connexion_column')) {
+    $table->set_header(11, get_lang('FirstLoginInPlatform'), false);
+    $table->set_header(12, get_lang('Action'), false);
+    $table->set_column_filter(12, 'modify_filter');
+} else {
+    $table->set_header(11, get_lang('Action'), false);
+    $table->set_column_filter(11, 'modify_filter');
+}
 
 $table->set_column_filter(3, 'user_filter');
 $table->set_column_filter(4, 'user_filter');
 $table->set_column_filter(6, 'email_filter');
 $table->set_column_filter(7, 'status_filter');
 $table->set_column_filter(8, [UserManager::class, 'getActiveFilterForTable']);
-$table->set_column_filter(11, 'modify_filter');
 
 // Hide email column if login is email, to avoid column with same data
 if (api_get_setting('login_is_email') === 'true') {

main/admin/user_move_stats.php

@@ -60,12 +60,14 @@
                         echo 'User added to the session';
                     }
                     // Registering user to the new session
-                    SessionManager::subscribeUsersToSession(
-                        $new_session_id,
-                        [$user_id],
-                        false,
-                        false
-                    );
+                    if ($update_database) {
+                        SessionManager::subscribeUsersToSession(
+                            $new_session_id,
+                            [$user_id],
+                            false,
+                            false
+                        );
+                    }
                 }
 
                 $course_info = api_get_course_info($origin_course_code);
@@ -247,8 +249,8 @@ function get_courses_list_by_user_id_based_in_exercises($user_id)
             echo '<tr>';
             foreach ($course_list as $course) {
                 echo '<td>';
-                if (isset($course['id_session']) && !empty($course['id_session'])) {
-                    echo '<b>'.get_lang('SessionName').'</b> '.$my_session_list[$course['id_session']].'<br />';
+                if (isset($course['session_id']) && !empty($course['session_id'])) {
+                    echo '<b>'.get_lang('SessionName').'</b> '.$my_session_list[$course['session_id']].'<br />';
                 }
                 echo $course['name'];
                 echo ' ('.$course['code'].') ';
@@ -262,10 +264,10 @@ function get_courses_list_by_user_id_based_in_exercises($user_id)
 
             foreach ($course_list as $course) {
                 $course_code = $course['code'];
-                if (empty($course['id_session'])) {
+                if (empty($course['session_id'])) {
                     $session_id = 0;
                 } else {
-                    $session_id = $course['id_session'];
+                    $session_id = $course['session_id'];
                 }
                 echo '<td>';
                 echo get_lang('MoveTo');

main/auth/justification.php

@@ -83,19 +83,32 @@
 $justificationContent = '';
 switch ($action) {
     case 'notify_justification':
-        //  notification to all admins action
-        $userInfo = api_get_user_info();
-        // get_all_administrators
-    $adminList = UserManager::get_all_administrators();
-    $link = api_get_path(WEB_PATH).'plugin/justification/justification_by_user.php?user_id='.api_get_user_id();
-    $emailToAdminSubject = $plugin->get_lang('JustificationsCompleted').': '.$userInfo['complete_name'];
-        $emailToAdminContent = $emailToAdminSubject.' <br /><br />'.'<a href="'.$link.'">'.$link.'</a>';
-        foreach ($adminList as $adminId => $data) {
-            MessageManager::send_message_simple(
-                $adminId,
-                $emailToAdminSubject,
-                $emailToAdminContent,
-                api_get_user_id());
+        $link = api_get_path(WEB_PATH).'plugin/justification/justification_by_user.php?user_id='.api_get_user_id();
+        $notificationEmailSubject = $plugin->get_lang('JustificationsCompleted').': '.$userInfo['complete_name'];
+        $notificationEmailContent = $notificationEmailSubject.' <br /><br />'.'<a href="'.$link.'">'.$link.'</a>';
+        if (api_get_plugin_setting('justification', 'notification_to_creator_only') === 'true') {
+            $sql = "select creator_id from user where user_id = " . api_get_user_id();
+            $result = Database::query($sql);
+            if (Database::num_rows($result) > 0) {
+                $row = Database::fetch_array($result);
+                $sendToAllAdmins = false;
+                MessageManager::send_message_simple(
+                    $row['creator_id'],
+                    $notificationEmailSubject,
+                    $notificationEmailContent,
+                    api_get_user_id());
+            }
+        }
+        if ($sendToAllAdmins) {
+            // get_all_administrators
+            $adminList = UserManager::get_all_administrators();
+            foreach ($adminList as $adminId => $data) {
+                MessageManager::send_message_simple(
+                    $adminId,
+                    $notificationEmailSubject,
+                    $notificationEmailContent,
+                    api_get_user_id());
+            }
         }
         Display::addFlash(Display::return_message(get_lang('MessageSent')));
         header('Location: '.api_get_self().'?a=notification_sent');

main/course_info/about.php

@@ -18,7 +18,7 @@
 
 require_once __DIR__.'/../inc/global.inc.php';
 
-if (api_get_setting('course_catalog_published') != 'true' && api_is_anonymous()) {
+if ((api_get_setting('course_catalog_published') != 'true' && api_is_anonymous()) || api_get_configuration_value('course_about_block_all_access') == 'true') {
     api_not_allowed(true);
 }
 

main/inc/ajax/announcement.ajax.php

@@ -14,6 +14,7 @@
 $courseId = api_get_course_int_id();
 $groupId = api_get_group_id();
 $sessionId = api_get_session_id();
+$currentUserId = api_get_user_id();
 
 $isTutor = false;
 if (!empty($groupId)) {
@@ -26,9 +27,13 @@
 
 switch ($action) {
     case 'preview':
+        $userInCourse = false;
+        if (CourseManager::is_user_subscribed_in_course($currentUserId, CourseManager::get_course_code_from_course_id($courseId), $sessionId)) {
+            $userInCourse = true;
+        }
         $allowToEdit = (
             api_is_allowed_to_edit(false, true) ||
-            (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous()) ||
+            (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous() && $userInCourse) ||
             ($sessionId && api_is_coach() && api_get_configuration_value('allow_coach_to_edit_announcements'))
         );
 
@@ -47,7 +52,11 @@
 
             // Last chance ... students can send announcements.
             if ($groupProperties['announcements_state'] == GroupManager::TOOL_PRIVATE_BETWEEN_USERS) {
-                $allowToEdit = true;
+                // check if user is a group member to give access
+                $groupInfo = GroupManager::get_group_properties($groupId);
+                if (array_key_exists($currentUserId,GroupManager::get_subscribed_users($groupInfo))) {
+                    $allowToEdit = true;
+                }
             }
         }