search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
NOBUG: Fixed file access permissions
[moodle.git] / user / messageselect.php
blob9d7412d428c171603088af96a3f5ae2edbd307c3
1 <?php
2 // This file is part of Moodle - http://moodle.org/
3 //
4 // Moodle is free software: you can redistribute it and/or modify
5 // it under the terms of the GNU General Public License as published by
6 // the Free Software Foundation, either version 3 of the License, or
7 // (at your option) any later version.
8 //
9 // Moodle is distributed in the hope that it will be useful,
10 // but WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 // GNU General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License
15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * This file is part of the User section Moodle
19 *
20 * @copyright 1999 Martin Dougiamas http://dougiamas.com
21 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
22 * @package core_user
23 */
24
25 require_once('../config.php');
26 require_once($CFG->dirroot.'/message/lib.php');
27 require_once($CFG->dirroot . '/course/lib.php');
28
29 $id = required_param('id', PARAM_INT);
30 $messagebody = optional_param('messagebody', '', PARAM_CLEANHTML);
31 $send = optional_param('send', '', PARAM_BOOL);
32 $preview = optional_param('preview', '', PARAM_BOOL);
33 $edit = optional_param('edit', '', PARAM_BOOL);
34 $returnto = optional_param('returnto', '', PARAM_LOCALURL);
35 $format = optional_param('format', FORMAT_MOODLE, PARAM_INT);
36 $deluser = optional_param('deluser', 0, PARAM_INT);
37
38 $url = new moodle_url('/user/messageselect.php', array('id' => $id));
39 if ($messagebody !== '') {
40 $url->param('messagebody', $messagebody);
41 }
42 if ($send !== '') {
43 $url->param('send', $send);
44 }
45 if ($preview !== '') {
46 $url->param('preview', $preview);
47 }
48 if ($edit !== '') {
49 $url->param('edit', $edit);
50 }
51 if ($returnto !== '') {
52 $url->param('returnto', $returnto);
53 }
54 if ($format !== FORMAT_MOODLE) {
55 $url->param('format', $format);
56 }
57 if ($deluser !== 0) {
58 $url->param('deluser', $deluser);
59 }
60 $PAGE->set_url($url);
61
62 if (!$course = $DB->get_record('course', array('id' => $id))) {
63 print_error('invalidcourseid');
64 }
65
66 require_login($course);
67
68 $coursecontext = context_course::instance($id); // Course context.
69 $systemcontext = context_system::instance(); // SYSTEM context.
70 require_capability('moodle/course:bulkmessaging', $coursecontext);
71
72 if (empty($SESSION->emailto)) {
73 $SESSION->emailto = array();
74 }
75 if (!array_key_exists($id, $SESSION->emailto)) {
76 $SESSION->emailto[$id] = array();
77 }
78
79 if ($deluser) {
80 if (array_key_exists($id, $SESSION->emailto) && array_key_exists($deluser, $SESSION->emailto[$id])) {
81 unset($SESSION->emailto[$id][$deluser]);
82 }
83 }
84
85 if (empty($SESSION->emailselect[$id]) || $messagebody) {
86 $SESSION->emailselect[$id] = array('messagebody' => $messagebody);
87 }
88
89 $messagebody = $SESSION->emailselect[$id]['messagebody'];
90
91 $count = 0;
92
93 if ($data = data_submitted()) {
94 require_sesskey();
95 $namefields = get_all_user_name_fields(true);
96 foreach ($data as $k => $v) {
97 if (preg_match('/^(user|teacher)(\d+)$/', $k, $m)) {
98 if (!array_key_exists($m[2], $SESSION->emailto[$id])) {
99 if ($user = $DB->get_record_select('user', "id = ?", array($m[2]), 'id, '.
100 $namefields . ', idnumber, email, mailformat, lastaccess, lang, '.
101 'maildisplay, auth, suspended, deleted, emailstop, username')) {
102 $SESSION->emailto[$id][$m[2]] = $user;
103 $count++;
104 }
105 }
106 }
107 }
108 }
109
110 if ($course->id == SITEID) {
111 $strtitle = get_string('sitemessage');
112 $PAGE->set_pagelayout('admin');
113 } else {
114 $strtitle = get_string('coursemessage');
115 $PAGE->set_pagelayout('incourse');
116 }
117
118 $link = null;
119 if (course_can_view_participants($coursecontext) || course_can_view_participants($systemcontext)) {
120 $link = new moodle_url("/user/index.php", array('id' => $course->id));
121 }
122 $PAGE->navbar->add(get_string('participants'), $link);
123 $PAGE->navbar->add($strtitle);
124 $PAGE->set_title($strtitle);
125 $PAGE->set_heading($strtitle);
126 echo $OUTPUT->header();
127 // If messaging is disabled on site, we can still allow users with capabilities to send emails instead.
128 if (empty($CFG->messaging)) {
129 echo $OUTPUT->notification(get_string('messagingdisabled', 'message'));
130 }
131
132 if ($count) {
133 if ($count == 1) {
134 $heading = get_string('addedrecip', 'moodle', $count);
135 } else {
136 $heading = get_string('addedrecips', 'moodle', $count);
137 }
138 echo $OUTPUT->heading($heading);
139 }
140
141 if (!empty($messagebody) && !$edit && !$deluser && ($preview || $send)) {
142 require_sesskey();
143 if (count($SESSION->emailto[$id])) {
144 if (!empty($preview)) {
145 echo '<form method="post" action="messageselect.php" style="margin: 0 20px;">
146 <input type="hidden" name="returnto" value="'.s($returnto).'" />
147 <input type="hidden" name="id" value="'.$id.'" />
148 <input type="hidden" name="format" value="'.$format.'" />
149 <input type="hidden" name="sesskey" value="' . sesskey() . '" />
150 ';
151 echo "<h3>".get_string('previewhtml')."</h3>";
152 echo "<div class=\"messagepreview\">\n".format_text($messagebody, $format)."\n</div>\n";
153 echo '<p align="center"><input type="submit" name="send" value="'.get_string('sendmessage', 'message').'" />'."\n";
154 echo '<input type="submit" name="edit" value="'.get_string('update').'" /></p>';
155 echo "\n</form>";
156 } else if (!empty($send)) {
157 $fails = array();
158 foreach ($SESSION->emailto[$id] as $user) {
159 if (!message_post_message($USER, $user, $messagebody, $format)) {
160 $user->fullname = fullname($user);
161 $fails[] = get_string('messagedselecteduserfailed', 'moodle', $user);
162 };
163 }
164 if (empty($fails)) {
165 echo $OUTPUT->heading(get_string('messagedselectedusers'));
166 unset($SESSION->emailto[$id]);
167 unset($SESSION->emailselect[$id]);
168 } else {
169 echo $OUTPUT->heading(get_string('messagedselectedcountusersfailed', 'moodle', count($fails)));
170 echo '<ul>';
171 foreach ($fails as $f) {
172 echo '<li>', $f, '</li>';
173 }
174 echo '</ul>';
175 }
176 echo '<p align="center"><a href="index.php?id='.$id.'">'.get_string('backtoparticipants').'</a></p>';
177 }
178 echo $OUTPUT->footer();
179 exit;
180 } else {
181 echo $OUTPUT->notification(get_string('nousersyet'));
182 }
183 }
184
185 echo '<p align="center"><a href="'.$returnto.'">'.get_string("keepsearching").'</a>'.
186 ((count($SESSION->emailto[$id])) ? ', '.get_string('usemessageform') : '').'</p>';
187
188 if ((!empty($send) || !empty($preview) || !empty($edit)) && (empty($messagebody))) {
189 echo $OUTPUT->notification(get_string('allfieldsrequired'));
190 }
191
192 if (count($SESSION->emailto[$id])) {
193 require_sesskey();
194 require("message.html");
195 }
196
197 $PAGE->requires->yui_module('moodle-core-formchangechecker',
198 'M.core_formchangechecker.init',
199 array(array(
200 'formid' => 'theform'
201 ))
202 );
203 $PAGE->requires->string_for_js('changesmadereallygoaway', 'moodle');
204
205 echo $OUTPUT->footer();
Read-only mirror of the Moodle CVS