2 /************************************************************************/
\r
4 /************************************************************************/
\r
5 /* Copyright (c) 2002-2007 by Greg Gay, Joel Kronenberg & Heidi Hazelton*/
\r
6 /* Adaptive Technology Resource Centre / University of Toronto */
\r
7 /* http://atutor.ca */
\r
9 /* This program is free software. You can redistribute it and/or */
\r
10 /* modify it under the terms of the GNU General Public License */
\r
11 /* as published by the Free Software Foundation. */
\r
12 /************************************************************************/
\r
15 function checkUserInfo($record) {
\r
16 global $db, $addslashes;
\r
18 if(empty($record['remove'])) {
\r
19 $record['remove'] = FALSE;
\r
22 //error flags for this record
\r
23 $record['err_email'] = FALSE;
\r
24 $record['err_uname'] = FALSE;
\r
25 $record['exists'] = FALSE;
\r
27 $record['email'] = trim($record['email']);
\r
30 if ($record['email'] == '') {
\r
31 $record['err_email'] = _AT('import_err_email_missing');
\r
32 } else if (!eregi("^[a-z0-9\._-]+@+[a-z0-9\._-]+\.+[a-z]{2,6}$", $record['email'])) {
\r
33 $record['err_email'] = _AT('import_err_email_invalid');
\r
36 $record['email'] = $addslashes($record['email']);
\r
38 $sql="SELECT * FROM ".TABLE_PREFIX."members WHERE email LIKE '$record[email]'";
\r
39 $result = mysql_query($sql,$db);
\r
40 if (mysql_num_rows($result) != 0) {
\r
41 $row = mysql_fetch_assoc($result);
\r
42 $record['exists'] = _AT('import_err_email_exists');
\r
43 $record['fname'] = $row['first_name'];
\r
44 $record['lname'] = $row['last_name'];
\r
45 $record['email'] = $row['email'];
\r
46 $record['uname'] = $row['login'];
\r
47 $record['status'] = $row['status'];
\r
50 /* username check */
\r
51 if (empty($record['uname'])) {
\r
52 $record['uname'] = stripslashes (strtolower (substr ($record['fname'], 0, 1).$_POST['sep_choice'].$record['lname']));
\r
55 $record['uname'] = preg_replace("{[^a-zA-Z0-9._-]}","", trim($record['uname']));
\r
57 if (!(eregi("^[a-zA-Z0-9._-]([a-zA-Z0-9._-])*$", $record['uname']))) {
\r
58 $record['err_uname'] = _AT('import_err_username_invalid');
\r
61 if (isset($record['status']) && $record['status'] == AT_STATUS_DISABLED) {
\r
62 $record['err_disabled'] = true;
\r
64 $record['err_disabled'] = false;
\r
67 $record['uname'] = $addslashes($record['uname']);
\r
69 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE login='$record[uname]'";
\r
70 $result = mysql_query($sql,$db);
\r
71 if ((mysql_num_rows($result) != 0) && !$record['exists']) {
\r
72 $record['err_uname'] = _AT('import_err_username_exists');
\r
74 $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."admins WHERE login='$record[uname]'",$db);
\r
75 if (mysql_num_rows($result) != 0) {
\r
76 $record['err_uname'] = _AT('import_err_username_exists');
\r
80 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE first_name='$record[fname]' AND last_name='$record[lname]' LIMIT 1";
\r
81 $result = mysql_query($sql,$db);
\r
82 if ((mysql_num_rows($result) != 0) && !$record['exists']) {
\r
83 $record['err_uname'] = _AT('import_err_full_name_exists');
\r
86 /* removed record? */
\r
87 if ($record['remove']) {
\r
89 $record['err_email'] = '';
\r
90 $record['err_uname'] = '';
\r
91 $record['err_disabled'] = '';
\r
94 $record['fname'] = htmlspecialchars(stripslashes(trim($record['fname'])));
\r
95 $record['lname'] = htmlspecialchars(stripslashes(trim($record['lname'])));
\r
96 $record['email'] = htmlspecialchars(stripslashes(trim($record['email'])));
\r
97 $record['uname'] = htmlspecialchars(stripslashes(trim($record['uname'])));
\r
102 function add_users($user_list, $enroll, $course) {
\r
107 require_once(AT_INCLUDE_PATH.'classes/phpmailer/atutormailer.class.php');
\r
109 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
\r
110 $status = AT_STATUS_UNCONFIRMED;
\r
112 $status = AT_STATUS_STUDENT;
\r
116 foreach ($user_list as $student) {
\r
117 if (!$student['remove']) {
\r
119 if (!$student['exists']) {
\r
120 $student = sql_quote($student);
\r
122 $sql = "INSERT INTO ".TABLE_PREFIX."members VALUES (NULL,'$student[uname]','$student[uname]','$student[email]','','$student[fname]','', '$student[lname]', '0000-00-00', 'n', '','','','','', '', $status, '$_config[pref_defaults]', NOW(),'$_config[default_language]', $_config[pref_inbox_notify], 1, '0000-00-00 00:00:00')";
\r
124 $result = mysql_query($sql, $db);
\r
125 if (mysql_affected_rows($db) == 1) {
\r
126 $m_id = mysql_insert_id($db);
\r
128 $student['exists'] = _AT('import_err_email_exists');
\r
130 $sql = "INSERT INTO ".TABLE_PREFIX."course_enrollment (member_id, course_id, approved, last_cid) VALUES ($m_id, $course, '$enroll', 0)";
\r
132 if ($result = mysql_query($sql,$db)) {
\r
133 $enrolled_list .= '<li>' . $student['uname'] . '</li>';
\r
135 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
\r
137 $sql = "SELECT email, creation_date FROM ".TABLE_PREFIX."members WHERE member_id=$m_id";
\r
138 $result = mysql_query($sql, $db);
\r
139 $row = mysql_fetch_assoc($result);
\r
140 $code = substr(md5($row['email'] . $row['creation_date'] . $m_id), 0, 10);
\r
142 // send email here.
\r
143 $confirmation_link = AT_BASE_HREF . 'confirm.php?id='.$m_id.SEP.'m='.$code;
\r
145 $subject = $_config['site_name'].': '._AT('email_confirmation_subject');
\r
146 $body = _AT(array('new_account_enroll_confirm', $_SESSION['course_title'], $confirmation_link))."\n\n";
\r
148 $subject = $_config['site_name'].': '._AT('account_information');
\r
149 $body = _AT(array('new_account_enroll',AT_BASE_HREF, $_SESSION['course_title']))."\n\n";
\r
152 //$body .= SITE_NAME.': '._AT('account_information')."\n";
\r
153 $body .= _AT('web_site') .' : '.AT_BASE_HREF."\n";
\r
154 $body .= _AT('login_name') .' : '.$student['uname'] . "\n";
\r
155 $body .= _AT('password') .' : '.$student['uname'] . "\n";
\r
157 $mail = new ATutorMailer;
\r
158 $mail->From = $_config['contact_email'];
\r
159 $mail->AddAddress($student['email']);
\r
160 $mail->Subject = $subject;
\r
161 $mail->Body = $body;
\r
166 $already_enrolled .= '<li>' . $student['uname'] . '</li>';
\r
169 //$msg->addError('LIST_IMPORT_FAILED');
\r
171 } else if (! $student['err_disabled']) {
\r
172 $sql = "SELECT member_id FROM ".TABLE_PREFIX."members WHERE email='$student[email]'";
\r
173 $result = mysql_query($sql, $db);
\r
174 if ($row = mysql_fetch_assoc($result)) {
\r
176 $m_id = $row['member_id'];
\r
178 $sql = "INSERT INTO ".TABLE_PREFIX."course_enrollment (member_id, course_id, approved, last_cid, role) VALUES ($m_id, $course, '$enroll', 0, '$role')";
\r
180 if($result = mysql_query($sql,$db)) {
\r
181 $enrolled_list .= '<li>' . $student['uname'] . '</li>';
\r
183 $sql = "REPLACE INTO ".TABLE_PREFIX."course_enrollment (member_id, course_id, approved, last_cid, role) VALUES ($m_id, $course, '$enroll', 0, '$role')";
\r
184 $result = mysql_query($sql,$db);
\r
185 $enrolled_list .= '<li>' . $student['uname'] . '</li>';
\r
188 } else if ($student['err_disabled']) {
\r
189 $not_enrolled_list .= '<li>' . $student['uname'] . '</li>';
\r
193 if ($already_enrolled) {
\r
194 $feedback = array('ALREADY_ENROLLED', $already_enrolled);
\r
195 $msg->addFeedback($feedback);
\r
197 if ($enrolled_list) {
\r
198 $feedback = array('ENROLLED', $enrolled_list);
\r
199 $msg->addFeedback($feedback);
\r
201 if ($not_enrolled_list) {
\r
202 $feedback = array('NOT_ENROLLED', $not_enrolled_list);
\r
203 $msg->addFeedback($feedback);
\r