chamilo-lms/main/inc/ajax/message.ajax.php

<?php
/* For licensing terms, see /license.txt */
/**
 * Responses to AJAX calls
 */
require_once '../global.inc.php';
$action = $_GET['a'];

switch ($action) {
	case 'find_users':

		if (api_is_anonymous()){
			echo '';
			break;
		}
		$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
		$tbl_my_user		= Database :: get_main_table(TABLE_MAIN_USER);
		$tbl_my_user_friend = Database :: get_main_table(TABLE_MAIN_USER_REL_USER);
		$tbl_user 			= Database :: get_main_table(TABLE_MAIN_USER);
		$search				= Database::escape_string($_REQUEST['tag']);
		$current_date		= date('Y-m-d H:i:s',time());

		$user_id = api_get_user_id();
		$is_western_name_order = api_is_western_name_order();

		if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') {
			//all users            
			if (api_get_setting('allow_send_message_to_all_platform_users') == 'true' || api_is_platform_admin() ) {        
				$sql = 'SELECT DISTINCT u.user_id as id, '.($is_western_name_order ? 'concat(u.firstname," ",u.lastname," ","( ",u.email," )")' : 'concat(u.lastname," ",u.firstname," ","( ",u.email," )")').' as name
				FROM '.$tbl_user.' u
		 		WHERE u.status <> 6  AND u.user_id <>'.(int)$user_id.' AND '.($is_western_name_order ? 'concat(u.firstname, " ", u.lastname)' : 'concat(u.lastname, " ", u.firstname)').' like CONCAT("%","'.$search.'","%") LIMIT 15';
			} else {
				require_once api_get_path(LIBRARY_PATH).'social.lib.php'; 
				//only my contacts
				$sql = 'SELECT DISTINCT u.user_id as id, '.($is_western_name_order ? 'concat(u.firstname," ",u.lastname," ","( ",u.email," )")' : 'concat(u.lastname," ",u.firstname," ","( ",u.email," )")').' as name
				FROM '.$tbl_my_user_friend.' uf INNER JOIN '.$tbl_my_user.' AS u  ON uf.friend_user_id = u.user_id ' .
		 		'WHERE u.status <> 6 AND relation_type NOT IN('.USER_RELATION_TYPE_DELETED.', '.USER_RELATION_TYPE_RRHH.') AND uf.user_id = '.$user_id.' AND friend_user_id<>'.$user_id.' AND '.($is_western_name_order ? 'concat(u.firstname, " ", u.lastname)' : 'concat(u.lastname, " ", u.firstname)').' like CONCAT("%","'.$search.'","%") ';
			}
		} elseif (api_get_setting('allow_social_tool')=='false' && api_get_setting('allow_message_tool')=='true') {
			
			$valid=api_get_setting('time_limit_whosonline');

			$sql='SELECT DISTINCT u.user_id as id, '.($is_western_name_order ? 'concat(u.firstname," ",u.lastname," ","( ",u.email," )")' : 'concat(u.lastname," ",u.firstname," ","( ",u.email," )")').' as name
			 FROM '.$tbl_my_user.' u INNER JOIN '.$track_online_table.' t ON u.user_id=t.login_user_id
			 WHERE DATE_ADD(login_date,INTERVAL "'.$valid.'" MINUTE) >= "'.$current_date.'" AND '.($is_western_name_order ? 'concat(u.firstname, " ", u.lastname)' : 'concat(u.lastname, " ", u.firstname)').' like CONCAT("%","'.$search.'","%") ';
		}
		$result=Database::query($sql);

		if (Database::num_rows($result)>0) {
				while ($row = Database::fetch_array($result,'ASSOC')) {
				$return[] = array('caption'=>$row['name'], 'value'=>$row['id']);
			}
		}
		echo json_encode($return);
		break;


	default:
		echo '';

}
exit;
?>
(no commit message) 15 years ago			`<?php`
Adding some exercises alpha improvements ... 14 years ago			`/* For licensing terms, see /license.txt */`
(no commit message) 15 years ago			`/**`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago			`* Responses to AJAX calls`
(no commit message) 15 years ago			`*/`
			`require_once '../global.inc.php';`
			`$action = $_GET['a'];`

Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago			`switch ($action) {`
(no commit message) 15 years ago			`case 'find_users':`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago
Improve security in ajax reponses 15 years ago			`if (api_is_anonymous()){`
			`echo '';`
			`break;`
			`}`
(no commit message) 15 years ago			`$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);`
			`$tbl_my_user = Database :: get_main_table(TABLE_MAIN_USER);`
Updating classes for new changes see BT#571 15 years ago			`$tbl_my_user_friend = Database :: get_main_table(TABLE_MAIN_USER_REL_USER);`
(no commit message) 15 years ago			`$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);`
Fixing ajax search reponse 14 years ago			`$search = Database::escape_string($_REQUEST['tag']);`
(no commit message) 15 years ago			`$current_date = date('Y-m-d H:i:s',time());`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago
(no commit message) 15 years ago			`$user_id = api_get_user_id();`
			`$is_western_name_order = api_is_western_name_order();`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago
(no commit message) 15 years ago			`if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') {`
Fixing ajax search reponse 14 years ago			`//all users`
Admin user can send message to everybody 14 years ago			`if (api_get_setting('allow_send_message_to_all_platform_users') == 'true' \|\| api_is_platform_admin() ) {`
(no commit message) 15 years ago			`$sql = 'SELECT DISTINCT u.user_id as id, '.($is_western_name_order ? 'concat(u.firstname," ",u.lastname," ","( ",u.email," )")' : 'concat(u.lastname," ",u.firstname," ","( ",u.email," )")').' as name`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago			`FROM '.$tbl_user.' u`
			`WHERE u.status <> 6 AND u.user_id <>'.(int)$user_id.' AND '.($is_western_name_order ? 'concat(u.firstname, " ", u.lastname)' : 'concat(u.lastname, " ", u.firstname)').' like CONCAT("%","'.$search.'","%") LIMIT 15';`
(no commit message) 15 years ago			`} else {`
Fixing sql query 15 years ago			`require_once api_get_path(LIBRARY_PATH).'social.lib.php';`
(no commit message) 15 years ago			`//only my contacts`
			`$sql = 'SELECT DISTINCT u.user_id as id, '.($is_western_name_order ? 'concat(u.firstname," ",u.lastname," ","( ",u.email," )")' : 'concat(u.lastname," ",u.firstname," ","( ",u.email," )")').' as name`
Fixing ajax search reponse 14 years ago			`FROM '.$tbl_my_user_friend.' uf INNER JOIN '.$tbl_my_user.' AS u ON uf.friend_user_id = u.user_id ' .`
			`'WHERE u.status <> 6 AND relation_type NOT IN('.USER_RELATION_TYPE_DELETED.', '.USER_RELATION_TYPE_RRHH.') AND uf.user_id = '.$user_id.' AND friend_user_id<>'.$user_id.' AND '.($is_western_name_order ? 'concat(u.firstname, " ", u.lastname)' : 'concat(u.lastname, " ", u.firstname)').' like CONCAT("%","'.$search.'","%") ';`
(no commit message) 15 years ago			`}`
			`} elseif (api_get_setting('allow_social_tool')=='false' && api_get_setting('allow_message_tool')=='true') {`
Fixing sql query 15 years ago
(no commit message) 15 years ago			`$valid=api_get_setting('time_limit_whosonline');`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago
(no commit message) 15 years ago			`$sql='SELECT DISTINCT u.user_id as id, '.($is_western_name_order ? 'concat(u.firstname," ",u.lastname," ","( ",u.email," )")' : 'concat(u.lastname," ",u.firstname," ","( ",u.email," )")').' as name`
			`FROM '.$tbl_my_user.' u INNER JOIN '.$track_online_table.' t ON u.user_id=t.login_user_id`
			`WHERE DATE_ADD(login_date,INTERVAL "'.$valid.'" MINUTE) >= "'.$current_date.'" AND '.($is_western_name_order ? 'concat(u.firstname, " ", u.lastname)' : 'concat(u.lastname, " ", u.firstname)').' like CONCAT("%","'.$search.'","%") ';`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago			`}`
			`$result=Database::query($sql);`

(no commit message) 15 years ago			`if (Database::num_rows($result)>0) {`
			`while ($row = Database::fetch_array($result,'ASSOC')) {`
			`$return[] = array('caption'=>$row['name'], 'value'=>$row['id']);`
			`}`
			`}`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago			`echo json_encode($return);`
Social network permission fixes , Friend tab should work (deleting a contact) see #190 15 years ago			`break;`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago

(no commit message) 15 years ago			`default:`
			`echo '';`
Feature #347 - System libraries: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls. 15 years ago
(no commit message) 15 years ago			`}`
			`exit;`
			`?>`