chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge

Browse Source
skala
Julio Montoya 16 years ago
parent 432ba51738 e11a35120e
commit 021be495d4
16 changed files with 106 additions and 162 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 24
      main/gradebook/gradebook.php
  2. 24
      main/gradebook/gradebook_add_cat.php
  3. 5
      main/gradebook/gradebook_display_certificate.php
  4. 58
      main/gradebook/lib/be/category.class.php
  5. 63
      main/gradebook/lib/be/evaluation.class.php
  6. 4
      main/gradebook/lib/be/forumthreadlink.class.php
  7. 4
      main/gradebook/lib/be/gradebookitem.class.php
  8. 2
      main/gradebook/lib/be/learnpathlink.class.php
  9. 12
      main/gradebook/lib/be/studentpublicationlink.class.php
  10. 16
      main/gradebook/lib/fe/gradebooktable.class.php
  11. 2
      main/gradebook/lib/flatview_data_generator.class.php
  12. 2
      main/gradebook/lib/gradebook_data_generator.class.php
  13. 11
      main/gradebook/lib/gradebook_functions.inc.php
  14. 19
      main/gradebook/lib/gradebook_functions_users.inc.php
  15. 2
      main/gradebook/lib/user_data_generator.class.php
  16. 20
      main/inc/introductionSection.inc.php

24
main/gradebook/gradebook.php
Unescape View File

@ -1,27 +1,5 @@
<?php
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2008 Dokeos Latinoamerica SAC
Copyright (c) 2006-2008 Dokeos SPRL
Copyright (c) 2006 Ghent University (UGent)
Copyright (c) various contributors
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/* For licensing terms, see /license.txt */
$language_file= 'gradebook';
// $cidReset : This is the main difference with gradebook.php, here we say,
// basically, that we are inside a course, and many things depend from that

24
main/gradebook/gradebook_add_cat.php
Unescape View File

@ -1,27 +1,5 @@
<?php
/*
==============================================================================
Dokeos - elearning and course management software
Copyright (c) 2008 Dokeos Latinoamerica SAC
Copyright (c) 2006 Dokeos SPRL
Copyright (c) 2006 Ghent University (UGent)
Copyright (c) various contributors
For a full list of contributors, see "credits.txt".
The full license can be read in "license.txt".
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See the GNU General Public License for more details.
Contact address: Dokeos, 108 rue du Corbeau, B-1030 Brussels, Belgium
Mail: info@dokeos.com
==============================================================================
*/
/* For licensing terms, see /license.txt */
$language_file = 'gradebook';
require_once '../inc/global.inc.php';
$_in_course = true;

5
main/gradebook/gradebook_display_certificate.php
Unescape View File

@ -55,8 +55,7 @@ if (isset($_GET['user_id']) && $_GET['user_id']==strval(intval($_GET['user_id'])
?>
<tr>
<td width="100%" class="actions"><?php echo get_lang('Student').' : '. $value['firstname'].' '.$value['lastname'] ?>
</td>
</td>
</tr>
<tr>
<td>
@ -67,7 +66,7 @@ if (isset($_GET['user_id']) && $_GET['user_id']==strval(intval($_GET['user_id'])
?>
<tr >
<td width="50%"><?php echo get_lang('Score').' : '.$value_certificate['score_certificate'] ?></td>
<td width="30%"><?php echo get_lang('Date').' : '.$value_certificate['date_certificate'] ?></td>
<td width="30%"><?php echo get_lang('Date').' : '.api_convert_and_format_date($value_certificate['created_at']) ?></td>
<td width="20%"><a onclick="return confirmation();" href="gradebook_display_certificate.php?action=delete&<?php echo 'user_id='.$value_certificate['user_id'].'&amp;cat_id='.$value_certificate['cat_id'] ?>"><?php echo Display::return_icon('delete.gif',get_lang('Delete')); ?></a></td>
</tr>
<?php

58
main/gradebook/lib/be/category.class.php
Unescape View File

@ -152,7 +152,7 @@ class Category implements GradebookItem
} else {
$sql .= ' WHERE';
}
$sql .= ' user_id = '.$user_id;
$sql .= ' user_id = '.intval($user_id);
$paramcount ++;
}
if (isset($course_code)) {
@ -160,7 +160,7 @@ class Category implements GradebookItem
if ($paramcount != 0) { $sql .= ' AND'; }
else { $sql .= ' WHERE'; }
if ($course_code == '0') { $sql .= ' course_code is null '; }
else { $sql .= " course_code = '".$course_code."'"; }
else { $sql .= " course_code = '".Database::escape_string($course_code)."'"; }
if (!empty($session)) {
$sql .= ' AND session_id = '.(int) $session.' ';
} else {
@ -180,7 +180,7 @@ class Category implements GradebookItem
} else {
$sql .= ' WHERE';
}
$sql .= ' parent_id = '.$parent_id;
$sql .= ' parent_id = '.intval($parent_id);
$paramcount ++;
}
if (isset($visible)) {
@ -190,7 +190,7 @@ class Category implements GradebookItem
} else {
$sql .= ' WHERE';
}
$sql .= ' visible = '.$visible;
$sql .= ' visible = '.intval($visible);
$paramcount ++;
}
@ -256,20 +256,20 @@ class Category implements GradebookItem
$sql .= ', session_id';
}
$sql .= ") VALUES ('".Database::escape_string($this->get_name())."'"
.','.$this->get_user_id()
.','.$this->get_weight()
.','.$this->is_visible();
.','.intval($this->get_user_id())
.','.Database::escape_string($this->get_weight())
.','.intval($this->is_visible());
if (isset($this->description)) {
$sql .= ",'".Database::escape_string($this->get_description())."'";
}
if (isset($this->course_code)) {
$sql .= ",'".$this->get_course_code()."'";
$sql .= ",'".Database::escape_string($this->get_course_code())."'";
}
if (isset($this->parent)) {
$sql .= ','.$this->get_parent_id();
$sql .= ','.intval($this->get_parent_id());
}
if (!empty($this->session_id)) {
$sql .= ', '.$this->get_session_id();
$sql .= ', '.intval($this->get_session_id());
}
$sql .= ')';
@ -292,28 +292,28 @@ class Category implements GradebookItem
} else {
$sql .= 'null';
}
$sql .= ', user_id = '.$this->get_user_id()
$sql .= ', user_id = '.intval($this->get_user_id())
.', course_code = ';
if (isset($this->course_code)) {
$sql .= "'".$this->get_course_code()."'";
$sql .= "'".Database::escape_string($this->get_course_code())."'";
} else {
$sql .= 'null';
}
$sql .= ', parent_id = ';
if (isset ($this->parent)) {
$sql .= $this->get_parent_id();
$sql .= intval($this->get_parent_id());
} else {
$sql .= 'null';
}
$sql .= ', certif_min_score = ';
if (isset ($this->certificate_min_score) && strcmp($this->certificate_min_score,'')!==0) {
$sql .= $this->get_certificate_min_score();
$sql .= Database::escape_string($this->get_certificate_min_score());
} else {
$sql .= 'null';
}
$sql .= ', weight = '.$this->get_weight()
.', visible = '.$this->is_visible()
.' WHERE id = '.$this->id;
$sql .= ', weight = '.Database::escape_string($this->get_weight())
.', visible = '.intval($this->is_visible())
.' WHERE id = '.intval($this->id);
Database::query($sql);
}
@ -323,7 +323,7 @@ class Category implements GradebookItem
*/
public function delete() {
$tbl_grade_categories = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$sql = 'DELETE FROM '.$tbl_grade_categories.' WHERE id = '.$this->id;
$sql = 'DELETE FROM '.$tbl_grade_categories.' WHERE id = '.intval($this->id);
Database::query($sql);
}
/**
@ -331,7 +331,7 @@ class Category implements GradebookItem
*/
public function update_category_delete($course_id){
$tbl_grade_categories = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$sql = 'UPDATE '.$tbl_grade_categories.' SET visible=3 WHERE course_code ="'.$course_id.'"';
$sql = 'UPDATE '.$tbl_grade_categories.' SET visible=3 WHERE course_code ="'.Database::escape_string($course_id).'"';
Database::query($sql);
}
/**
@ -339,7 +339,7 @@ class Category implements GradebookItem
*/
public function show_message_resource_delete($course_id) {
$tbl_grade_categories = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$sql = 'SELECT count(*) AS num from '.$tbl_grade_categories.' WHERE course_code ="'.$course_id.'" AND visible=3';
$sql = 'SELECT count(*) AS num from '.$tbl_grade_categories.' WHERE course_code ="'.Database::escape_string($course_id).'" AND visible=3';
$res=Database::query($sql);
$option=Database::fetch_array($res,'ASSOC');
if ($option['num']>=1) {
@ -357,7 +357,7 @@ class Category implements GradebookItem
return null;
} else {
$tbl_category=Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$sql='SELECT name,description,user_id,course_code,parent_id,weight,visible,certif_min_score,session_id FROM '.$tbl_category.' c WHERE c.id='.$selectcat;
$sql='SELECT name,description,user_id,course_code,parent_id,weight,visible,certif_min_score,session_id FROM '.$tbl_category.' c WHERE c.id='.intval($selectcat);
$result=Database::query($sql);
$row=Database::fetch_array($result,'ASSOC');
return $row;
@ -378,7 +378,7 @@ class Category implements GradebookItem
$tbl_grade_categories = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$sql = 'SELECT count(id) AS number'
.' FROM '.$tbl_grade_categories
." WHERE name = '".$name."'";
." WHERE name = '".Database::escape_string($name)."'";
if (api_is_allowed_to_create_course()) {
$parent = Category::load($parent);
@ -387,7 +387,7 @@ class Category implements GradebookItem
$main_course_user_table = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql .= ' AND user_id IN ('
.' SELECT user_id FROM '.$main_course_user_table
." WHERE course_code = '".$code."'"
." WHERE course_code = '".Database::escape_string($code)."'"
.' AND status = '.COURSEMANAGER
.')';
} else {
@ -400,11 +400,11 @@ class Category implements GradebookItem
if (!isset ($parent)) {
$sql.= ' AND parent_id is null';
} else {
$sql.= ' AND parent_id = '.$parent;
$sql.= ' AND parent_id = '.intval($parent);
}
$result = Database::query($sql);
$number=Database::fetch_row($result);
$number = Database::fetch_row($result);
return ($number[0] != 0);
}
@ -560,7 +560,7 @@ class Category implements GradebookItem
$sql .= ' AND course_code in'
.' (SELECT course_code'
.' FROM '.$main_course_user_table
.' WHERE user_id = '.$stud_id
.' WHERE user_id = '.intval($stud_id)
.' AND status = '.STUDENT
.')';
}
@ -587,7 +587,7 @@ class Category implements GradebookItem
}
}elseif (api_is_platform_admin()) {
if (isset($session_id) && $session_id!=0) {
$sql.=' AND session_id='.$session_id;
$sql.=' AND session_id='.intval($session_id);
} else {
$sql.=' AND coalesce(session_id,0)=0';
}
@ -633,7 +633,7 @@ class Category implements GradebookItem
$sql .= ' AND course_code in'
.' (SELECT course_code'
.' FROM '.$main_course_user_table
.' WHERE user_id = '.$user_id
.' WHERE user_id = '.intval($user_id)
.')';
}
$result = Database::query($sql);
@ -857,7 +857,7 @@ class Category implements GradebookItem
.' WHERE cc.code = cu.course_code'
.' AND cu.status = '.COURSEMANAGER;
if (!api_is_platform_admin()) {
$sql .= ' AND cu.user_id = '.$user_id;
$sql .= ' AND cu.user_id = '.intval($user_id);
}
$result = Database::query($sql);

63
main/gradebook/lib/be/evaluation.class.php
Unescape View File

@ -210,25 +210,24 @@ class Evaluation implements GradebookItem
}
$sql .= ',created_at';
$sql .= ',type';
$sql .= ") VALUES ('".Database::escape_string(Security::remove_XSS($this->get_name()))."'"
.','.$this->get_user_id()
.','.$this->get_weight()
.','.$this->get_max()
.','.$this->is_visible();
$sql .= ") VALUES ('".Database::escape_string($this->get_name())."'"
.','.intval($this->get_user_id())
.','.intval($this->get_weight())
.','.intval($this->get_max())
.','.intval($this->is_visible());
if (isset($this->description)) {
$sql .= ",'".Database::escape_string(Security::remove_XSS($this->get_description()))."'";
$sql .= ",'".Database::escape_string($this->get_description())."'";
}
if (isset($this->course_code)) {
$sql .= ",'".$this->get_course_code()."'";
$sql .= ",'".Database::escape_string($this->get_course_code())."'";
}
if (isset($this->category)) {
$sql .= ','.$this->get_category_id();
$sql .= ','.intval($this->get_category_id());
}
if (empty($this->type))
{
if (empty($this->type)) {
$this->type = 'evaluation';
}
$sql .= ',\''.$this->type.'\'';
$sql .= ',\''.Database::escape_string($this->type).'\'';
$sql .= ", '".api_get_utc_datetime()."'";
$sql .= ")";
@ -252,7 +251,8 @@ if (empty($this->type))
$rs=Database::query($sql_eval);
$row_old_weight=Database::fetch_array($rs,'ASSOC');
$current_date=api_get_utc_datetime();
$sql="INSERT INTO ".$tbl_grade_linkeval_log."(id_linkeval_log,name,description,created_at,weight,visible,type,user_id_log)VALUES('".Database::escape_string($arreval['id'])."','".Database::escape_string($arreval['name'])."','".Database::escape_string($arreval['description'])."','".$current_date."','".Database::escape_string($row_old_weight['weight'])."','".Database::escape_string($arreval['visible'])."','evaluation',".api_get_user_id().")";
$sql="INSERT INTO ".$tbl_grade_linkeval_log."(id_linkeval_log,name,description,created_at,weight,visible,type,user_id_log)
VALUES('".Database::escape_string($arreval['id'])."','".Database::escape_string($arreval['name'])."','".Database::escape_string($arreval['description'])."','".$current_date."','".Database::escape_string($row_old_weight['weight'])."','".Database::escape_string($arreval['visible'])."','evaluation',".api_get_user_id().")";
Database::query($sql);
}
}
@ -263,35 +263,34 @@ if (empty($this->type))
public function save() {
$tbl_grade_evaluations = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_EVALUATION);
$sql = 'UPDATE '.$tbl_grade_evaluations
." SET name = '".Database::escape_string(Security::remove_XSS($this->get_name()))."'"
." SET name = '".Database::escape_string($this->get_name())."'"
.', description = ';
if (isset($this->description)) {
$sql .= "'".Database::escape_string(Security::remove_XSS($this->get_description()))."'";
$sql .= "'".Database::escape_string($this->get_description())."'";
}else {
$sql .= 'null';
}
$sql .= ', user_id = '.$this->get_user_id()
$sql .= ', user_id = '.intval($this->get_user_id())
.', course_code = ';
if (isset($this->course_code)) {
$sql .= "'".$this->get_course_code()."'";
$sql .= "'".Database::escape_string($this->get_course_code())."'";
} else {
$sql .= 'null';
}
$sql .= ', category_id = ';
if (isset($this->category)) {
$sql .= $this->get_category_id();
$sql .= intval($this->get_category_id());
} else {
$sql .= 'null';
}
$sql .= ', weight = '.$this->get_weight()
.', max = '.$this->get_max()
.', visible = '.$this->is_visible()
.' WHERE id = '.$this->id;
$sql .= ', weight = '.Database::escape_string($this->get_weight())
.', max = '.Database::escape_string($this->get_max())
.', visible = '.intval($this->is_visible())
.' WHERE id = '.intval($this->id);
//recorded history
$eval_log=new Evaluation();
$eval_log->add_evaluation_log($this->id);
Database::query($sql);
}
/**
@ -299,7 +298,7 @@ if (empty($this->type))
*/
public function delete() {
$tbl_grade_evaluations = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_EVALUATION);
$sql = 'DELETE FROM '.$tbl_grade_evaluations.' WHERE id = '.$this->id;
$sql = 'DELETE FROM '.$tbl_grade_evaluations.' WHERE id = '.intval($this->id);
Database::query($sql);
}
@ -318,7 +317,7 @@ if (empty($this->type))
$tbl_grade_evaluations = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_EVALUATION);
$sql = 'SELECT count(id) AS number'
.' FROM '.$tbl_grade_evaluations
." WHERE name = '".$name."'";
." WHERE name = '".Database::escape_string($name)."'";
if (api_is_allowed_to_create_course()) {
$parent = Category::load($parent);
@ -327,7 +326,7 @@ if (empty($this->type))
$main_course_user_table = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql .= ' AND user_id IN ('
.' SELECT user_id FROM '.$main_course_user_table
." WHERE course_code = '".$code."'"
." WHERE course_code = '".Database::escape_string($code)."'"
.' AND status = '.COURSEMANAGER
.')';
} else {
@ -341,7 +340,7 @@ if (empty($this->type))
if (!isset ($parent)) {
$sql.= ' AND category_id is null';
} else {
$sql.= ' AND category_id = '.$parent;
$sql.= ' AND category_id = '.intval($parent);
}
$result = Database::query($sql);
$number=Database::fetch_row($result);
@ -355,7 +354,7 @@ if (empty($this->type))
public function has_results() {
$tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
$sql='SELECT count(id) AS number FROM '.$tbl_grade_results
.' WHERE evaluation_id = '.$this->id;
.' WHERE evaluation_id = '.intval($this->id);
$result = Database::query($sql);
$number=Database::fetch_row($result);
@ -367,7 +366,7 @@ if (empty($this->type))
*/
public function delete_results() {
$tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
$sql = 'DELETE FROM '.$tbl_grade_results.' WHERE evaluation_id = '.$this->id;
$sql = 'DELETE FROM '.$tbl_grade_results.' WHERE evaluation_id = '.intval($this->id);
Database::query($sql);
}
@ -496,12 +495,12 @@ if (empty($this->type))
$sql = 'SELECT * FROM '.$tbl_grade_evaluations
.' WHERE id IN'
.'(SELECT evaluation_id FROM '.$tbl_grade_results
.' WHERE user_id = '.$stud_id.' AND score IS NOT NULL)';
.' WHERE user_id = '.intval($stud_id).' AND score IS NOT NULL)';
if (!api_is_allowed_to_create_course()) {
$sql .= ' AND visible = 1';
}
if (isset($cat_id)) {
$sql .= ' AND category_id = '.$cat_id;
$sql .= ' AND category_id = '.intval($cat_id);
} else {
$sql .= ' AND category_id >= 0';
}
@ -521,11 +520,11 @@ if (empty($this->type))
$tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
$sql = 'SELECT user_id,lastname,firstname,username FROM '.$tbl_user
." WHERE lastname LIKE '".$first_letter_user."%'"
." WHERE lastname LIKE '".Database::escape_string($first_letter_user)."%'"
.' AND status = '.STUDENT
.' AND user_id NOT IN'
.' (SELECT user_id FROM '.$tbl_grade_results
.' WHERE evaluation_id = '.$this->id
.' WHERE evaluation_id = '.intval($this->id)
.' )'
.' ORDER BY lastname';

4
main/gradebook/lib/be/forumthreadlink.class.php
Unescape View File

@ -46,7 +46,7 @@ class ForumThreadLink extends AbstractLink
.' forum_thread WHERE thread_id NOT IN'
.' (SELECT ref_id FROM '.$tbl_grade_links
.' WHERE type = '.LINK_FORUM_THREAD
." AND course_code = '".$this->get_course_code()."'"
." AND course_code = '".Database::escape_string($this->get_course_code())."'"
.') AND forum_thread.session_id='.api_get_session_id().'';
$result = Database::query($sql);
@ -112,7 +112,7 @@ class ForumThreadLink extends AbstractLink
$sql = 'SELECT * FROM '.$thread_qualify.' WHERE thread_id = '.$this->get_ref_id();
if (isset($stud_id)){
$sql .= ' AND user_id = '."'".$stud_id."'";
$sql .= ' AND user_id = '."'".intval($stud_id)."'";
}
// order by id, that way the student's first attempt is accessed first

4
main/gradebook/lib/be/gradebookitem.class.php
Unescape View File

@ -8,7 +8,6 @@
interface GradebookItem
{
public function get_item_type();
public function get_id();
public function get_name();
public function get_description();
@ -16,9 +15,6 @@ interface GradebookItem
public function get_weight();
public function get_date();
public function is_visible();
public function get_icon_name();
public function calc_score($stud_id = null);
}

2
main/gradebook/lib/be/learnpathlink.class.php
Unescape View File

@ -108,7 +108,7 @@ class LearnpathLink extends AbstractLink
." WHERE lp_id = ".$this->get_ref_id();
if (isset($stud_id))
$sql .= ' AND user_id = '.$stud_id;
$sql .= ' AND user_id = '.intval($stud_id);
// order by id, that way the student's first attempt is accessed first
$sql .= ' ORDER BY view_count DESC';

12
main/gradebook/lib/be/studentpublicationlink.class.php
Unescape View File

@ -34,7 +34,7 @@ class StudentPublicationLink extends AbstractLink
.' FROM '.$this->get_itemprop_table().' prop, '
.$this->get_studpub_table().' pub'
." WHERE prop.tool = 'work'"
.' AND prop.insert_user_id = '.$stud_id
.' AND prop.insert_user_id = '.intval($stud_id)
.' AND prop.ref = pub.id'
." AND pub.title = '".Database::escape_string($eval->get_name())."' AND pub.session_id=".api_get_session_id()."";
@ -80,7 +80,7 @@ class StudentPublicationLink extends AbstractLink
.' pup WHERE has_properties != '."''".' AND id NOT IN'
.' (SELECT ref_id FROM '.$tbl_grade_links
.' WHERE type = '.LINK_STUDENTPUBLICATION
." AND course_code = '".$this->get_course_code()."'"
." AND course_code = '".Database::escape_string($this->get_course_code())."'"
.') AND pub.session_id='.api_get_session_id().'';
$result = Database::query($sql);
@ -118,7 +118,7 @@ class StudentPublicationLink extends AbstractLink
public function has_results() {
$course_info = api_get_course_info($this->course_code);
$tbl_grade_links = Database :: get_course_table(TABLE_STUDENT_PUBLICATION,$course_info['dbName']);
$sql = 'SELECT count(*) AS number FROM '.$tbl_grade_links." WHERE parent_id = '".$this->get_ref_id()."' AND session_id=".api_get_session_id()."";
$sql = 'SELECT count(*) AS number FROM '.$tbl_grade_links." WHERE parent_id = '".intval($this->get_ref_id())."' AND session_id=".api_get_session_id()."";
$result = Database::query($sql);
$number=Database::fetch_row($result);
return ($number[0] != 0);
@ -132,7 +132,7 @@ class StudentPublicationLink extends AbstractLink
if (is_null($database_name)===true) {
return false;
}
$sql = 'SELECT * FROM '.$tbl_stats." WHERE id = '".$this->get_ref_id()."' AND session_id=".api_get_session_id()."";
$sql = 'SELECT * FROM '.$tbl_stats." WHERE id = '".intval($this->get_ref_id())."' AND session_id=".api_get_session_id()."";
$query = Database::query($sql);
$assignment = Database::fetch_array($query);
@ -247,7 +247,7 @@ class StudentPublicationLink extends AbstractLink
if ($tbl_name=='') {
return false;
} elseif (!isset($this->exercise_data)) {
$sql = 'SELECT * FROM '.$this->get_studpub_table()." WHERE id = '".$this->get_ref_id()."' AND session_id=".api_get_session_id()."";
$sql = 'SELECT * FROM '.$this->get_studpub_table()." WHERE id = '".intval($this->get_ref_id())."' AND session_id=".api_get_session_id()."";
$query = Database::query($sql);
$this->exercise_data = Database::fetch_array($query);
}
@ -264,7 +264,7 @@ class StudentPublicationLink extends AbstractLink
public function is_valid_link() {
$sql = 'SELECT count(id) from '.$this->get_studpub_table()
.' WHERE id = '.$this->get_ref_id().' AND session_id='.api_get_session_id().'';
.' WHERE id = '.intval($this->get_ref_id()).' AND session_id='.api_get_session_id().'';
$result = Database::query($sql);
$number=Database::fetch_row($result);
return ($number[0] != 0);

16
main/gradebook/lib/fe/gradebooktable.class.php
Unescape View File

@ -117,6 +117,7 @@ class GradebookTable extends SortableTable
$course_code=api_get_course_id();
$status_user=api_get_status_of_user_in_course ($user_id,$course_code);
$data_array = $this->datagen->get_data($sorting, $from, $this->per_page);
// generate the data to display
$sortable_data = array();
$weight_total_links = 0;
@ -197,9 +198,8 @@ class GradebookTable extends SortableTable
<img src="'.api_get_path(WEB_CODE_PATH) . 'img/dokeos.gif" /></a>&nbsp;'.$scoretotal_display;
//register gradebook certificate
$current_user_id=api_get_user_id();
$date_certificate=date('Y-m-d H:i:s',time());
register_user_info_about_certificate($id,$current_user_id,$my_score_in_gradebook,$date_certificate);
$current_user_id=api_get_user_id();
register_user_info_about_certificate($id,$current_user_id,$my_score_in_gradebook,api_get_utc_datetime());
} else {
$certificates = '-';
@ -209,15 +209,14 @@ class GradebookTable extends SortableTable
if ($get_date=='' || is_null($get_date)) {
$row[4]='-';
} else {
$row[4] = date('d/m/y H:i:s',strtotime($get_date));
$row[4] = api_convert_and_format_date($get_date);
}
$row[] = $certificates;
} elseif ($_GET['selectcat'] == 1) {
} else {
if (isset($certificate_min_score) && (int)$item_value >= (int)$certificate_min_score) {
//register gradebook certificate
$current_user_id=api_get_user_id();
$date_certificate=date('Y-m-d H:i:s',time());
register_user_info_about_certificate($id,$current_user_id,$my_score_in_gradebook,$date_certificate);
register_user_info_about_certificate($_GET['selectcat'],$current_user_id,$my_score_in_gradebook,api_get_utc_datetime());
}
}
@ -227,8 +226,7 @@ class GradebookTable extends SortableTable
// warning messages
if (api_is_allowed_to_edit()) {
if (api_is_allowed_to_edit()) {
if (isset($_GET['selectcat']) && $_GET['selectcat'] > 0 && $_GET['view'] <> 'presence') {
$id_cat = intval($_GET['selectcat']);
$category = Category :: load($id_cat);

2
main/gradebook/lib/flatview_data_generator.class.php
Unescape View File

@ -3,7 +3,7 @@
/**
* Class to select, sort and transform object data into array data,
* used for the teacher's flat view
* @author Bert Stepp<EFBFBD>
* @author Bert Steppé
*/
class FlatViewDataGenerator
{

2
main/gradebook/lib/gradebook_data_generator.class.php
Unescape View File

@ -3,7 +3,7 @@
/**
* Class to select, sort and transform object data into array data,
* used for the general gradebook view
* @author Bert Stepp<EFBFBD>
* @author Bert Steppé
*/
class GradebookDataGenerator
{

11
main/gradebook/lib/gradebook_functions.inc.php
Unescape View File

@ -417,7 +417,7 @@ function parse_xml_data($file) {
$rs_exist=Database::query($sql_exist,__FILE__,__LINE__);
$row=Database::fetch_array($rs_exist);
if ($row['count']==0) {
$sql='INSERT INTO '.$table_certificate.' (cat_id,user_id,score_certificate,date_certificate)
$sql='INSERT INTO '.$table_certificate.' (cat_id,user_id,score_certificate,created_at)
VALUES("'.intval($cat_id).'","'.intval($user_id).'","'.Database::escape_string($score_certificate).'","'.Database::escape_string($date_certificate).'")';
$rs=Database::query($sql,__FILE__,__LINE__);
}
@ -431,10 +431,10 @@ function parse_xml_data($file) {
*/
function get_certificate_date_by_user_id ($cat_id,$user_id) {
$table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$sql_get_date='SELECT date_certificate FROM '.$table_certificate.' WHERE cat_id="'.intval($cat_id).'" AND user_id="'.intval($user_id).'"';
$sql_get_date='SELECT created_at FROM '.$table_certificate.' WHERE cat_id="'.intval($cat_id).'" AND user_id="'.intval($user_id).'"';
$rs_get_date=Database::query($sql_get_date,__FILE__,__LINE__);
$row_get_date=Database::fetch_array($rs_get_date,'ASSOC');
return $row_get_date['date_certificate'];
return $row_get_date['created_at'];
}
/**
@ -450,7 +450,7 @@ function parse_xml_data($file) {
if (!is_null($cat_id) && $cat_id>0) {
$sql.=' WHERE cat_id='.Database::escape_string($cat_id);
}
$sql.=' ORDER BY u.firstname';
$sql.=' ORDER BY u.firstname';
$rs=Database::query($sql,__FILE__,__LINE__);
$list_users=array();
while ($row=Database::fetch_array($rs)) {
@ -467,11 +467,12 @@ function parse_xml_data($file) {
*/
function get_list_gradebook_certificates_by_user_id ($user_id,$cat_id=null) {
$table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$sql='SELECT gc.score_certificate,gc.date_certificate,gc.path_certificate,gc.cat_id,gc.user_id FROM '.$table_certificate.' gc
$sql='SELECT gc.score_certificate,gc.created_at,gc.path_certificate,gc.cat_id,gc.user_id FROM '.$table_certificate.' gc
WHERE gc.user_id="'.Database::escape_string($user_id).'" ';
if (!is_null($cat_id) && $cat_id>0) {
$sql.=' AND cat_id='.Database::escape_string($cat_id);
}
$rs = Database::query($sql,__FILE__,__LINE__);
$list_certificate=array();
while ($row=Database::fetch_array($rs)) {

19
main/gradebook/lib/gradebook_functions_users.inc.php
Unescape View File

@ -2,20 +2,22 @@
/* For licensing terms, see /license.txt */
/**
* Various user related functions
* @package dokeos.gradebook
* @author Julio Montoya <gugli100@gmail.com> adding security functions
* @package chamilo.gradebook
*/
/**
* returns users within a course given by param
* @param $course_id
*/
function get_users_in_course($course_id) {
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_session_course_user = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname ASC' : ' ORDER BY lastname, firstname ASC';
$current_session = api_get_session_id();
$course_id = Databse::escape_string($course_id);
if (!empty($current_session)) {
$sql = "SELECT user.user_id,lastname,firstname
@ -31,9 +33,6 @@ function get_users_in_course($course_id) {
." AND course_rel_user.course_code='".$course_id."'"
.$order_clause;
}
$result = Database::query($sql);
return get_user_array_from_sql_result($result);
}
@ -71,7 +70,7 @@ function get_all_users ($evals = array(), $links = array()) {
$sql = 'SELECT user.user_id,lastname,firstname'
.' FROM '.$tbl_res.' as res, '.$tbl_user.' as user'
.' WHERE res.evaluation_id = '.$eval->get_id()
.' WHERE res.evaluation_id = '.intval($eval->get_id())
.' AND res.user_id = user.user_id';
$result = Database::query($sql);
$users = array_merge($users,get_user_array_from_sql_result($result));
@ -99,6 +98,8 @@ function find_students($mask= '') {
if (!api_is_allowed_to_create_course() || empty ($mask)) {
return null;
}
$mask = Database::escape_string($mask);
$tbl_user= Database :: get_main_table(TABLE_MAIN_USER);
$tbl_cru= Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql= 'SELECT DISTINCT user.user_id, user.lastname, user.firstname, user.email' . ' FROM ' . $tbl_user . ' user';
@ -126,7 +127,7 @@ function find_students($mask= '') {
*/
function get_user_info_from_id($userid) {
$user_table= Database :: get_main_table(TABLE_MAIN_USER);
$sql= 'SELECT * FROM ' . $user_table . ' WHERE user_id=' . $userid;
$sql= 'SELECT * FROM ' . $user_table . ' WHERE user_id=' . intval($userid);
$res= Database::query($sql);
$user= Database::fetch_array($res,ASSOC);
return $user;

2
main/gradebook/lib/user_data_generator.class.php
Unescape View File

@ -3,7 +3,7 @@
/**
* Class to select, sort and transform object data into array data,
* used for a student's general view
* @author Bert Stepp<EFBFBD>
* @author Bert Steppé
*/
class UserDataGenerator
{

20
main/inc/introductionSection.inc.php
Unescape View File

@ -32,7 +32,6 @@ $TBL_INTRODUCTION = Database::get_course_table(TABLE_TOOL_INTRO);
$intro_editAllowed = $is_allowed_to_edit;
$session_id = api_get_session_id();
global $charset;
$intro_cmdEdit = empty($_GET['intro_cmdEdit']) ? '' : $_GET['intro_cmdEdit'];
$intro_cmdUpdate = isset($_POST['intro_cmdUpdate']);
@ -85,17 +84,15 @@ $form->addElement('style_submit_button', 'intro_cmdUpdate', get_lang('SaveIntroT
/* INTRODUCTION MICRO MODULE - COMMANDS SECTION (IF ALLOWED) */
if ($intro_editAllowed) {
$moduleId = Database::escape_string($moduleId);
/* Replace command */
if ($intro_cmdUpdate) {
if ($form->validate()) {
$form_values = $form->exportValues();
$intro_content = Security::remove_XSS(stripslashes(api_html_entity_decode($form_values['intro_content'])), COURSEMANAGERLOWSECURITY);
$intro_content = Security::remove_XSS(stripslashes(api_html_entity_decode($form_values['intro_content'])), COURSEMANAGERLOWSECURITY);
if (!empty($intro_content)) {
$sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."', session_id='".$session_id."'";
$sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."', session_id='".intval($session_id)."'";
Database::query($sql);
Display::display_confirmation_message(get_lang('IntroductionTextUpdated'), false);
} else {
@ -107,9 +104,8 @@ if ($intro_editAllowed) {
}
/* Delete Command */
if ($intro_cmdDel) {
Database::query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."' AND session_id='".$session_id."'");
Database::query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."' AND session_id='".intval($session_id)."'");
Display::display_confirmation_message(get_lang('IntroductionTextDeleted'));
}
}
@ -119,7 +115,7 @@ if ($intro_editAllowed) {
/* Retrieves the module introduction text, if exist */
$sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".$moduleId."' AND session_id='".$session_id."'";
$sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".Database::escape_string($moduleId)."' AND session_id='".intval($session_id)."'";
$intro_dbQuery = Database::query($sql);
$intro_dbResult = Database::fetch_array($intro_dbQuery);
$intro_content = $intro_dbResult['intro_text'];
@ -222,7 +218,5 @@ if ($intro_dispCommand) {
}
echo '</div>';
echo $thematic_description_html;
echo '<div class="clear"></div>';
echo '<div class="clear"></div>';
Write Preview
Loading…
Cancel
Save