chamilo-lms/main/lp/storageapi.php

<?php
// Storage API
// PHP Backend
// CBlue SPRL, Jean-Karim Bockstael, <jeankarim@cblue.be>

require_once '../inc/global.inc.php';

// variable cleaning...
foreach (["svkey", "svvalue"] as $key) {
    $_REQUEST[$key] = Database::escape_string($_REQUEST[$key]);
}

foreach (["svuser", "svcourse", "svsco", "svlength", "svasc"] as $key) {
    $_REQUEST[$key] = intval($_REQUEST[$key]);
}

switch ($_REQUEST['action']) {
    case "get":
        print storage_get($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
        break;
    case "set":
        if (storage_can_set($_REQUEST['svuser'])) {
            echo storage_set($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svvalue']);
        }
        break;
    case "getall":
        print storage_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco']);
        break;
    case "stackpush":
        if (storage_can_set($_REQUEST['svuser'])) {
            echo storage_stack_push($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svvalue']);
        }
        break;
    case "stackpop":
        if (storage_can_set($_REQUEST['svuser'])) {
            echo storage_stack_pop($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
        }
        break;
    case "stacklength":
        print storage_stack_length($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
        break;
    case "stackclear":
        if (storage_can_set($_REQUEST['svuser'])) {
            echo storage_stack_clear($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
        }
        break;
    case "stackgetall":
        if (storage_can_set($_REQUEST['svuser'])) {
            echo storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
        }
        break;
    case "getposition":
        print storage_get_position($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc']);
        break;
    case "getleaders":
        print storage_get_leaders($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc'], $_REQUEST['svlength']);
        break;
    case "usersgetall":
// security issue
        print "NOT allowed, security issue, see sources";
//		print storage_get_all_users();
        break;
    default:
        // Do nothing
}

function storage_can_set($sv_user)
{
    // platform admin can change any user's stored values, other users can only change their own values
    $allowed = ((api_is_platform_admin()) || (!empty($sv_user) && $sv_user == api_get_user_id()));
    if (!$allowed) {
        echo "ERROR : Not allowed";
    }

    return $allowed;
}

function storage_get($sv_user, $sv_course, $sv_sco, $sv_key)
{
    $sql = "select sv_value
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."
        where user_id= '$sv_user'
        and sco_id = '$sv_sco'
        and course_id = '$sv_course'
        and sv_key = '$sv_key'";
    $res = Database::query($sql);
    if (Database::num_rows($res) > 0) {
        $row = Database::fetch_assoc($res);

        return Security::remove_XSS($row['sv_value']);
    } else {
        return null;
    }
}

function storage_get_leaders($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length)
{
    // get leaders
    $sql_leaders = "select u.user_id, firstname, lastname, email, username, sv_value as value
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." sv,
            ".Database::get_main_table(TABLE_MAIN_USER)." u
        where u.user_id=sv.user_id
        and sco_id = '$sv_sco'
        and course_id = '$sv_course'
        and sv_key = '$sv_key'
        order by sv_value ".($sv_asc ? "ASC" : "DESC")." limit $sv_length";
    //	$sql_data = "select sv.user_id as user_id, sv_key as variable, sv_value as value
    //		from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." sv
    //		where sv.user_id in (select u2.user_id from ($sql_leaders) u2)
    //		and sco_id = '$sv_sco'
    //		and course_id = '$sv_course'";
    //	$resData = Database::query($sql_data);
    //	$data = Array();
    //	while($row = Database::fetch_assoc($resData))
    //		$data[] = $row; // fetching all data
//
    $resLeaders = Database::query($sql_leaders);
    $result = [];
    while ($row = Database::fetch_assoc($resLeaders)) {
        $row["values"] = [];
        //		foreach($data as $dataRow) {
        //			if ($dataRow["user_id"] = $row["user_id"])
        //				$row["values"][$dataRow["variable"]] = $dataRow["value"];
        //		}
        $row['sv_value'] = Security::remove_XSS($row['sv_value']);
        $result[] = $row;
    }

    return json_encode($result);
}

function storage_get_position($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length)
{
    $sql = "select count(list.user_id) as position
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." search,
            ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." list
        where search.user_id= '$sv_user'
        and search.sco_id = '$sv_sco'
        and search.course_id = '$sv_course'
        and search.sv_key = '$sv_key'
        and list.sv_value ".($sv_asc ? "<=" : ">=")." search.sv_value
        and list.sco_id = search.sco_id
        and list.course_id = search.course_id
        and list.sv_key = search.sv_key
        order by list.sv_value";
    $res = Database::query($sql);
    if (Database::num_rows($res) > 0) {
        $row = Database::fetch_assoc($res);

        return $row['position'];
    } else {
        return null;
    }
}

function storage_set($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value)
{
    $sv_value = Database::escape_string($sv_value);
    $sql = "replace into ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."
        (user_id, sco_id, course_id, sv_key, sv_value)
        values
        ('$sv_user','$sv_sco','$sv_course','$sv_key','$sv_value')";
    $res = Database::query($sql);

    return Database::affected_rows($res);
}

function storage_getall($sv_user, $sv_course, $sv_sco)
{
    $sql = "select sv_key, sv_value
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."
        where user_id= '$sv_user'
        and sco_id = '$sv_sco'
        and course_id = '$sv_course'";
    $res = Database::query($sql);
    $data = [];
    while ($row = Database::fetch_assoc($res)) {
        $row['sv_value'] = Security::remove_XSS($row['sv_value']);
        $row['sv_key'] = Security::remove_XSS($row['sv_key']);
        $data[] = $row;
    }

    return json_encode($data);
}

function storage_stack_push($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value)
{
    $sv_value = Database::escape_string($sv_value);
    Database::query("start transaction");
    $sqlorder = "select ifnull((select max(stack_order)
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        where user_id= '$sv_user'
        and sco_id='$sv_sco'
        and course_id='$sv_course'
        and sv_key='$sv_key'
        ), 0) as stack_order";
    $resorder = Database::query($sqlorder);
    $row = Database::fetch_assoc($resorder);
    $stack_order = (1 + $row['stack_order']);
    $sqlinsert = "insert into ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        (user_id, sco_id, course_id, sv_key, stack_order, sv_value)
        values
        ('$sv_user', '$sv_sco', '$sv_course', '$sv_key', '$stack_order', '$sv_value')";
    $resinsert = Database::query($sqlinsert);
    if ($resorder && $resinsert) {
        Database::query("commit");

        return 1;
    } else {
        Database::query("rollback");

        return 0;
    }
}

function storage_stack_pop($sv_user, $sv_course, $sv_sco, $sv_key)
{
    Database::query("start transaction");
    $sqlselect = "select sv_value, stack_order
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        where user_id= '$sv_user'
        and sco_id='$sv_sco'
        and course_id='$sv_course'
        and sv_key='$sv_key'
        order by stack_order desc
        limit 1";
    $resselect = Database::query($sqlselect);
    $rowselect = Database::fetch_assoc($resselect);
    $stack_order = $rowselect['stack_order'];
    $sqldelete = "delete
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        where user_id= '$sv_user'
        and sco_id='$sv_sco'
        and course_id='$sv_course'
        and sv_key='$sv_key'
        and stack_order='$stack_order'";
    $resdelete = Database::query($sqldelete);
    if ($resselect && $resdelete) {
        Database::query("commit");

        return Security::remove_XSS($rowselect['sv_value']);
    } else {
        Database::query("rollback");

        return null;
    }
}

function storage_stack_length($sv_user, $sv_course, $sv_sco, $sv_key)
{
    $sql = "select count(*) as length
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        where user_id= '$sv_user'
        and sco_id='$sv_sco'
        and course_id='$sv_course'
        and sv_key='$sv_key'";
    $res = Database::query($sql);
    $row = Database::fetch_assoc($res);

    return $row['length'];
}

function storage_stack_clear($sv_user, $sv_course, $sv_sco, $sv_key)
{
    $sql = "delete
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        where user_id= '$sv_user'
        and sco_id='$sv_sco'
        and course_id='$sv_course'
        and sv_key='$sv_key'";
    $res = Database::query($sql);

    return Database::num_rows($res);
}

function storage_stack_getall($sv_user, $sv_course, $sv_sco, $sv_key)
{
    $sql = "select stack_order as stack_order, sv_value as value
        from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
        where user_id= '$sv_user'
        and sco_id='$sv_sco'
        and course_id='$sv_course'
        and sv_key='$sv_key'";
    $res = Database::query($sql);
    $results = [];
    while ($row = Database::fetch_assoc($res)) {
        $row['value'] = Security::remove_XSS($row['value']);
        $results[] = $row;
    }

    return json_encode($results);
}

function storage_get_all_users()
{
    $sql = "select user_id, username, firstname, lastname
        from ".Database::get_main_table(TABLE_MAIN_USER)."
        order by user_id asc";
    $res = Database::query($sql);
    $results = [];
    while ($row = Database::fetch_assoc($res)) {
        $results[] = $row;
    }

    return json_encode($results);
}
Custom storage API to persist values from LPs. 15 years ago			`<?php`
			`// Storage API`
			`// PHP Backend`
Storage API : Added a stack-based data storage. 15 years ago			`// CBlue SPRL, Jean-Karim Bockstael, <jeankarim@cblue.be>`
Custom storage API to persist values from LPs. 15 years ago
Applied fixes from FlintCI 8 years ago			`require_once '../inc/global.inc.php';`
Custom storage API to persist values from LPs. 15 years ago
documentAPI + gestion leaderboard in storage API 14 years ago			`// variable cleaning...`
Applied fixes from FlintCI 8 years ago			`foreach (["svkey", "svvalue"] as $key) {`
Minor- Format code 10 years ago			`$_REQUEST[$key] = Database::escape_string($_REQUEST[$key]);`
			`}`
documentAPI + gestion leaderboard in storage API 14 years ago
Applied fixes from FlintCI 8 years ago			`foreach (["svuser", "svcourse", "svsco", "svlength", "svasc"] as $key) {`
Minor- Format code 10 years ago			`$_REQUEST[$key] = intval($_REQUEST[$key]);`
			`}`
documentAPI + gestion leaderboard in storage API 14 years ago
Custom storage API to persist values from LPs. 15 years ago			`switch ($_REQUEST['action']) {`
Minor- Format code 10 years ago			`case "get":`
			`print storage_get($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);`
			`break;`
			`case "set":`
			`if (storage_can_set($_REQUEST['svuser'])) {`
Applied fixes from FlintCI 8 years ago			`echo storage_set($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svvalue']);`
Minor- Format code 10 years ago			`}`
			`break;`
			`case "getall":`
			`print storage_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco']);`
			`break;`
			`case "stackpush":`
			`if (storage_can_set($_REQUEST['svuser'])) {`
Applied fixes from FlintCI 8 years ago			`echo storage_stack_push($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svvalue']);`
Minor- Format code 10 years ago			`}`
			`break;`
			`case "stackpop":`
			`if (storage_can_set($_REQUEST['svuser'])) {`
Applied fixes from FlintCI 8 years ago			`echo storage_stack_pop($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);`
Minor- Format code 10 years ago			`}`
			`break;`
			`case "stacklength":`
			`print storage_stack_length($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);`
			`break;`
			`case "stackclear":`
			`if (storage_can_set($_REQUEST['svuser'])) {`
Applied fixes from FlintCI 8 years ago			`echo storage_stack_clear($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);`
Minor- Format code 10 years ago			`}`
			`break;`
			`case "stackgetall":`
Applied fixes from FlintCI 8 years ago			`if (storage_can_set($_REQUEST['svuser'])) {`
Applied fixes from FlintCI 8 years ago			`echo storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);`
Applied fixes from FlintCI 8 years ago			`}`
Minor- Format code 10 years ago			`break;`
			`case "getposition":`
			`print storage_get_position($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc']);`
			`break;`
			`case "getleaders":`
			`print storage_get_leaders($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc'], $_REQUEST['svlength']);`
			`break;`
			`case "usersgetall":`
documentAPI + gestion leaderboard in storage API 14 years ago			`// security issue`
Minor- Format code 10 years ago			`print "NOT allowed, security issue, see sources";`
documentAPI + gestion leaderboard in storage API 14 years ago			`// print storage_get_all_users();`
Minor- Format code 10 years ago			`break;`
			`default:`
			`// Do nothing`
Custom storage API to persist values from LPs. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_can_set($sv_user)`
			`{`
Minor- Format code 10 years ago			`// platform admin can change any user's stored values, other users can only change their own values`
Security: Fix logical flaw allowing unauthenticated users to send data to a specific table 1 year ago			`$allowed = ((api_is_platform_admin()) \|\| (!empty($sv_user) && $sv_user == api_get_user_id()));`
Minor- Format code 10 years ago			`if (!$allowed) {`
Applied fixes from FlintCI 8 years ago			`echo "ERROR : Not allowed";`
Minor- Format code 10 years ago			`}`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return $allowed;`
Storage API : Back-end security to prevent users from modifying other user's stored values, platform admin can change any user's stored values. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_get($sv_user, $sv_course, $sv_sco, $sv_key)`
			`{`
Minor- Format code 10 years ago			`$sql = "select sv_value`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."`
			`where user_id= '$sv_user'`
			`and sco_id = '$sv_sco'`
			`and course_id = '$sv_course'`
			`and sv_key = '$sv_key'";`
			`$res = Database::query($sql);`
			`if (Database::num_rows($res) > 0) {`
			`$row = Database::fetch_assoc($res);`
Minor: Format code 1 year ago
Security: Filter variables for XSS before returning in LP's storageapi 1 year ago			`return Security::remove_XSS($row['sv_value']);`
Applied fixes from FlintCI 8 years ago			`} else {`
Minor- Format code 10 years ago			`return null;`
			`}`
Custom storage API to persist values from LPs. 15 years ago			`}`
Minor - format code, white spaces 12 years ago
Applied fixes from FlintCI 8 years ago			`function storage_get_leaders($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length)`
			`{`
Minor- Format code 10 years ago			`// get leaders`
			`$sql_leaders = "select u.user_id, firstname, lastname, email, username, sv_value as value`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." sv,`
			`".Database::get_main_table(TABLE_MAIN_USER)." u`
			`where u.user_id=sv.user_id`
			`and sco_id = '$sv_sco'`
			`and course_id = '$sv_course'`
			`and sv_key = '$sv_key'`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 9 years ago			`order by sv_value ".($sv_asc ? "ASC" : "DESC")." limit $sv_length";`
Applied fixes from FlintCI 8 years ago			`// $sql_data = "select sv.user_id as user_id, sv_key as variable, sv_value as value`
			`// from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." sv`
			`// where sv.user_id in (select u2.user_id from ($sql_leaders) u2)`
			`// and sco_id = '$sv_sco'`
			`// and course_id = '$sv_course'";`
			`// $resData = Database::query($sql_data);`
			`// $data = Array();`
			`// while($row = Database::fetch_assoc($resData))`
			`// $data[] = $row; // fetching all data`
documentAPI + gestion leaderboard in storage API 14 years ago			`//`
Minor- Format code 10 years ago			`$resLeaders = Database::query($sql_leaders);`
Applied fixes from FlintCI 8 years ago			`$result = [];`
Minor- Format code 10 years ago			`while ($row = Database::fetch_assoc($resLeaders)) {`
Applied fixes from FlintCI 8 years ago			`$row["values"] = [];`
			`// foreach($data as $dataRow) {`
			`// if ($dataRow["user_id"] = $row["user_id"])`
			`// $row["values"][$dataRow["variable"]] = $dataRow["value"];`
			`// }`
Security: Filter variables for XSS before returning in LP's storageapi 1 year ago			`$row['sv_value'] = Security::remove_XSS($row['sv_value']);`
Minor- Format code 10 years ago			`$result[] = $row;`
			`}`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return json_encode($result);`
documentAPI + gestion leaderboard in storage API 14 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_get_position($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length)`
			`{`
Minor- Format code 10 years ago			`$sql = "select count(list.user_id) as position`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." search,`
			`".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." list`
			`where search.user_id= '$sv_user'`
			`and search.sco_id = '$sv_sco'`
			`and search.course_id = '$sv_course'`
			`and search.sv_key = '$sv_key'`
Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com 9 years ago			`and list.sv_value ".($sv_asc ? "<=" : ">=")." search.sv_value`
Minor- Format code 10 years ago			`and list.sco_id = search.sco_id`
			`and list.course_id = search.course_id`
			`and list.sv_key = search.sv_key`
Applied fixes from FlintCI 8 years ago			`order by list.sv_value";`
Minor- Format code 10 years ago			`$res = Database::query($sql);`
			`if (Database::num_rows($res) > 0) {`
			`$row = Database::fetch_assoc($res);`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return $row['position'];`
Applied fixes from FlintCI 8 years ago			`} else {`
Minor- Format code 10 years ago			`return null;`
			`}`
documentAPI + gestion leaderboard in storage API 14 years ago			`}`
Custom storage API to persist values from LPs. 15 years ago
Applied fixes from FlintCI 8 years ago			`function storage_set($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value)`
			`{`
Minor- Format code 10 years ago			`$sv_value = Database::escape_string($sv_value);`
			`$sql = "replace into ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."`
			`(user_id, sco_id, course_id, sv_key, sv_value)`
			`values`
			`('$sv_user','$sv_sco','$sv_course','$sv_key','$sv_value')";`
			`$res = Database::query($sql);`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return Database::affected_rows($res);`
Custom storage API to persist values from LPs. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_getall($sv_user, $sv_course, $sv_sco)`
			`{`
Minor- Format code 10 years ago			`$sql = "select sv_key, sv_value`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."`
			`where user_id= '$sv_user'`
			`and sco_id = '$sv_sco'`
			`and course_id = '$sv_course'";`
			`$res = Database::query($sql);`
Applied fixes from FlintCI 8 years ago			`$data = [];`
Minor- Format code 10 years ago			`while ($row = Database::fetch_assoc($res)) {`
Security: Filter variables for XSS before returning in LP's storageapi 1 year ago			`$row['sv_value'] = Security::remove_XSS($row['sv_value']);`
			`$row['sv_key'] = Security::remove_XSS($row['sv_key']);`
Minor- Format code 10 years ago			`$data[] = $row;`
			`}`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return json_encode($data);`
Custom storage API to persist values from LPs. 15 years ago			`}`
Storage API : Added a stack-based data storage. 15 years ago
Applied fixes from FlintCI 8 years ago			`function storage_stack_push($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value)`
			`{`
Minor- Format code 10 years ago			`$sv_value = Database::escape_string($sv_value);`
			`Database::query("start transaction");`
			`$sqlorder = "select ifnull((select max(stack_order)`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`where user_id= '$sv_user'`
			`and sco_id='$sv_sco'`
			`and course_id='$sv_course'`
			`and sv_key='$sv_key'`
			`), 0) as stack_order";`
			`$resorder = Database::query($sqlorder);`
			`$row = Database::fetch_assoc($resorder);`
			`$stack_order = (1 + $row['stack_order']);`
			`$sqlinsert = "insert into ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`(user_id, sco_id, course_id, sv_key, stack_order, sv_value)`
			`values`
			`('$sv_user', '$sv_sco', '$sv_course', '$sv_key', '$stack_order', '$sv_value')";`
			`$resinsert = Database::query($sqlinsert);`
			`if ($resorder && $resinsert) {`
			`Database::query("commit");`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return 1;`
Applied fixes from FlintCI 8 years ago			`} else {`
Minor- Format code 10 years ago			`Database::query("rollback");`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return 0;`
			`}`
Storage API : Added a stack-based data storage. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_stack_pop($sv_user, $sv_course, $sv_sco, $sv_key)`
			`{`
Minor- Format code 10 years ago			`Database::query("start transaction");`
			`$sqlselect = "select sv_value, stack_order`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`where user_id= '$sv_user'`
			`and sco_id='$sv_sco'`
			`and course_id='$sv_course'`
			`and sv_key='$sv_key'`
			`order by stack_order desc`
			`limit 1";`
			`$resselect = Database::query($sqlselect);`
			`$rowselect = Database::fetch_assoc($resselect);`
			`$stack_order = $rowselect['stack_order'];`
			`$sqldelete = "delete`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`where user_id= '$sv_user'`
			`and sco_id='$sv_sco'`
			`and course_id='$sv_course'`
			`and sv_key='$sv_key'`
			`and stack_order='$stack_order'";`
			`$resdelete = Database::query($sqldelete);`
			`if ($resselect && $resdelete) {`
			`Database::query("commit");`
Minor: Format code 1 year ago
Security: Filter variables for XSS before returning in LP's storageapi 1 year ago			`return Security::remove_XSS($rowselect['sv_value']);`
Minor- Format code 10 years ago			`} else {`
			`Database::query("rollback");`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return null;`
			`}`
Storage API : Added a stack-based data storage. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_stack_length($sv_user, $sv_course, $sv_sco, $sv_key)`
			`{`
Minor- Format code 10 years ago			`$sql = "select count(*) as length`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`where user_id= '$sv_user'`
			`and sco_id='$sv_sco'`
			`and course_id='$sv_course'`
			`and sv_key='$sv_key'";`
			`$res = Database::query($sql);`
			`$row = Database::fetch_assoc($res);`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return $row['length'];`
Storage API : Added a stack-based data storage. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_stack_clear($sv_user, $sv_course, $sv_sco, $sv_key)`
			`{`
Minor- Format code 10 years ago			`$sql = "delete`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`where user_id= '$sv_user'`
			`and sco_id='$sv_sco'`
			`and course_id='$sv_course'`
			`and sv_key='$sv_key'";`
			`$res = Database::query($sql);`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return Database::num_rows($res);`
Storage API : Added a stack-based data storage. 15 years ago			`}`

Applied fixes from FlintCI 8 years ago			`function storage_stack_getall($sv_user, $sv_course, $sv_sco, $sv_key)`
			`{`
Minor- Format code 10 years ago			`$sql = "select stack_order as stack_order, sv_value as value`
			`from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."`
			`where user_id= '$sv_user'`
			`and sco_id='$sv_sco'`
			`and course_id='$sv_course'`
			`and sv_key='$sv_key'";`
			`$res = Database::query($sql);`
Applied fixes from FlintCI 8 years ago			`$results = [];`
Minor- Format code 10 years ago			`while ($row = Database::fetch_assoc($res)) {`
Security: Filter variables for XSS before returning in LP's storageapi 1 year ago			`$row['value'] = Security::remove_XSS($row['value']);`
Minor- Format code 10 years ago			`$results[] = $row;`
			`}`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return json_encode($results);`
Storage API : Added a stack-based data storage. 15 years ago			`}`
Storage API : Added functions to get and set values from another users' storage, only a platform admin can change another user's storage. 15 years ago
Applied fixes from FlintCI 8 years ago			`function storage_get_all_users()`
			`{`
Minor- Format code 10 years ago			`$sql = "select user_id, username, firstname, lastname`
			`from ".Database::get_main_table(TABLE_MAIN_USER)."`
			`order by user_id asc";`
			`$res = Database::query($sql);`
Applied fixes from FlintCI 8 years ago			`$results = [];`
Minor- Format code 10 years ago			`while ($row = Database::fetch_assoc($res)) {`
			`$results[] = $row;`
			`}`
Applied fixes from FlintCI 8 years ago
Minor- Format code 10 years ago			`return json_encode($results);`
Storage API : Added functions to get and set values from another users' storage, only a platform admin can change another user's storage. 15 years ago			`}`