chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Plugin: Learning calendar: Extra code cleanup

Browse Source
pull/2624/head
Yannick Warnier 7 years ago
parent afea681ed3
commit 0fbc5a5107
12 changed files with 100 additions and 97 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/extra/create_exam.php
  2. 4
      main/extra/create_intervention.php
  3. 6
      main/extra/create_school_calendar.php
  4. 2
      main/extra/delete_exam.php
  5. 15
      main/extra/edit_exam.php
  6. 2
      main/extra/group_space_tracking.php
  7. 30
      main/extra/print_myStudents.php
  8. 8
      main/extra/save_school_calendar.php
  9. 2
      main/extra/update_intervention.php
  10. 6
      main/extra/upgrade_school_calendar.php
  11. 4
      main/extra/userInfo.php
  12. 114
      main/extra/userInfoLib.php

4
main/extra/create_exam.php
Unescape View File

@ -16,8 +16,8 @@ $score_rep1 = isset($_GET['score_rep1']) ? Database::escape_string($_GET['score_
$score_rep2 = isset($_GET['score_rep2']) ? Database::escape_string($_GET['score_rep2']) : '';
$coment = isset($_GET['coment']) ? Database::escape_string($_GET['coment']) : '';
$sql = "INSERT INTO $table (exe_user_id,c_id,mod_no,score_ex,score_rep1,score_rep2,coment)
VALUES ('$ex_user_id','0','$mod_no','$score_ex', '$score_rep1', '$score_rep2', '$coment')";
$sql = "INSERT INTO $table (exe_user_id, c_id, mod_no, score_ex, score_rep1, score_rep2, coment)
VALUES ($ex_user_id, 0, '$mod_no', '$score_ex', '$score_rep1', '$score_rep2', '$coment')";
Database::query($sql);
header("location: myStudents.php?student=$ex_user_id");
exit;

4
main/extra/create_intervention.php
Unescape View File

@ -14,8 +14,8 @@ $date = isset($_POST['date']) ? Database::escape_string($_POST['date']) : '';
$level = isset($_POST['level']) ? Database::escape_string($_POST['level']) : '';
$ex_user_id = isset($_POST['ex_user_id']) ? Database::escape_string($_POST['ex_user_id']) : '';
$sql = "INSERT INTO $table (exe_user_id,c_id,level,exe_date,inter_coment)
VALUES ('$ex_user_id','0','$level','$date', '$comment')";
$sql = "INSERT INTO $table (exe_user_id,c_id,level,exe_date,inter_coment)
VALUES ($ex_user_id, 0, '$level', '$date', '$comment')";
Database::query($sql);
header("location: myStudents.php?student=$ex_user_id");
exit;

6
main/extra/create_school_calendar.php
Unescape View File

@ -15,9 +15,9 @@ $view = $_REQUEST['view'];
Display::display_header($nameTools, "Tracking");
$title = isset($_POST['title']) ? $_POST['title'] : "";
$je = isset($_POST['je']) ? $_POST['je'] : "";
$me = isset($_POST['me']) ? $_POST['me'] : "";
$ye = isset($_POST['ye']) ? $_POST['ye'] : "";
$je = isset($_POST['je']) ? Security::remove_XSS($_POST['je']) : "";
$me = isset($_POST['me']) ? Security::remove_XSS($_POST['me']) : "";
$ye = isset($_POST['ye']) ? Security::remove_XSS($_POST['ye']) : "";
foreach ($_POST as $index => $valeur) {
$$index = Database::escape_string(trim($valeur));

2
main/extra/delete_exam.php
Unescape View File

@ -14,7 +14,7 @@ $ex_user_id = isset($_GET['student_id']) ? (int) $_GET['student_id'] : 0;
$num = isset($_GET['num']) ? (int) $_GET['num'] : 0;
$table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES);
$sql = "DELETE FROM $table WHERE exe_id ='$num'";
$sql = "DELETE FROM $table WHERE exe_id = $num";
Database::query($sql);
header("location: myStudents.php?student=$ex_user_id");

15
main/extra/edit_exam.php
Unescape View File

@ -52,15 +52,14 @@ $student_idd = isset($_GET['student_id']) ? (int) $_GET['student_id'] : '';
</td>
<td><input type=text name=score_rep1 size=1 value=".$a_exam['score_rep1']."></td>
<td><input type=text name=score_rep2 size=1 value=".$a_exam['score_rep2']."></td>
"; ?>
<td><textarea name="coment" cols="65" rows="2"><?php echo $coment; ?></textarea><br></td>
<INPUT type=hidden name=ex_idd value= <?php echo "$exe_id"; ?>/>
<INPUT type=hidden name=student_id value= <?php echo "$student_idd"; ?>/>
<td>
<input type="submit" value="Sauvegarder" name="B1">
</td>
<td><textarea name=\"coment\" cols=\"65\" rows=\"2\">$coment</textarea><br /></td>
<INPUT type=hidden name=ex_idd value=\"$exe_id\" />
<INPUT type=hidden name=student_id value=\"$student_idd\" />
<td>
<input type=\"submit\" value=\"".get_lang('Save')."\" name=\"B1\">
</td>
</tr>
<?php
";
}
?>
</table>

2
main/extra/group_space_tracking.php
Unescape View File

@ -212,7 +212,7 @@ while ($resulta = Database::fetch_array($result)) {
$sqlexam = "SELECT mod_no
FROM $tbl_stats_exercices
WHERE exe_user_id = '$user_in_groupe'
AND c_id = '0' AND (score_ex = 'SU' || score_rep1 = 'SU' || score_rep2 ='SU')
AND c_id = 0 AND (score_ex = 'SU' || score_rep1 = 'SU' || score_rep2 ='SU')
ORDER BY mod_no ASC";
$resultexam = Database::query($sqlexam);
while ($a_exam = Database::fetch_array($resultexam)) {

30
main/extra/print_myStudents.php
Unescape View File

@ -145,12 +145,12 @@ if (isset($_GET['user_id']) && $_GET['user_id'] != '') {
}
$session_id = isset($_GET['id_session']) ? intval($_GET['id_session']) : 0;
$student_id = intval($_GET['student']);
$student_id = (int) $_GET['student'];
// Action behaviour
$check = Security::check_token('get');
if (!empty($_GET['student'])) { // infos about user
if (!empty($student_id)) { // infos about user
$info_user = api_get_user_info($student_id);
}
if (api_is_drh() && !UserManager::is_user_followed_by_drh($student_id, $_user['user_id'])) {
@ -184,10 +184,9 @@ $info_user['name'] = api_get_person_name($info_user['firstname'], $info_user['la
<?php
$sqlexam = "SELECT *
FROM $tbl_stats_exercices
WHERE exe_user_id = ".$_GET['student']."
AND c_id = '0' AND mod_no != '0'
ORDER BY mod_no ASC
";
WHERE exe_user_id = $student_id
AND c_id = 0 AND mod_no != '0'
ORDER BY mod_no ASC";
$resultexam = Database::query($sqlexam);
while ($a_exam = Database::fetch_array($resultexam)) {
//$ex_id = $a_exam['ex_id'];
@ -197,27 +196,26 @@ $info_user['name'] = api_get_person_name($info_user['firstname'], $info_user['la
$score_rep2 = $a_exam['score_rep2'];
$coment = stripslashes($a_exam['coment']);
echo "
<tr><center>
<tr>
<td> ".$a_exam['mod_no']."
</td>
<td><center>
<td>
".$a_exam['score_ex']."
</td>
<td><center>
<td>
".$a_exam['score_rep1']."
</td>
<td><center>
<td>
".$a_exam['score_rep2']."
</td>
<td>$coment
<td>
$coment
</td>
</tr>
";
$exe_idd = $a_exam['exe_id'];
$student_id = $_GET['student']; ?>
</tr>
<?php
}
?>
?>
</table>
</form>
<strong><?php echo get_lang('imprime_sommaire'); ?> </strong>

8
main/extra/save_school_calendar.php
Unescape View File

@ -41,10 +41,10 @@ foreach ($_POST as $index => $valeur) {
$num = $a_exam['cal_day_num'];
$c_date = $a_exam['cal_date'];
echo "
<td><input type=text name=d_cal_date size=8 value=".$c_date."></td>
<td><input type=text name=d_number size=5 value=".$num."></td>
<td><input type=text name=d_title size=8 value=".$name."></td>
<td><input name=d_id size=8 value=".$id."></td>";
<td><input type=text name=d_cal_date size=8 value=".$c_date."></td>
<td><input type=text name=d_number size=5 value=".$num."></td>
<td><input type=text name=d_title size=8 value=".$name."></td>
<td><input name=d_id size=8 value=".$id."></td>";
if ($i % $nbcol == ($nbcol - 1)) {
echo "</tr>";
}

2
main/extra/update_intervention.php
Unescape View File

@ -12,7 +12,7 @@ $table = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCISES);
$ex_id = isset($_POST['exe_id']) ? (int) $_POST['exe_id'] : '';
$student_id = isset($_POST['student_id']) ? (int) $_POST['student_id'] : '';
$inter_coment = isset($_POST['inter_coment']) ? Database::escape_string($_POST['inter_coment']) : '';
$sql = "UPDATE $table SET inter_coment='$inter_coment' WHERE exe_id = '$ex_id' ";
$sql = "UPDATE $table SET inter_coment='$inter_coment' WHERE exe_id = $ex_id";
Database::query($sql);
header("location:../extra/myStudents.php?student=$student_id");
exit;

6
main/extra/upgrade_school_calendar.php
Unescape View File

@ -24,8 +24,10 @@ foreach ($_POST as $index => $valeur) {
?>
<?php echo get_lang('edit_save'); ?>
<?php
$sql4 = "UPDATE set_module SET cal_day_num='$d_number' WHERE id = '$d_id' ";
$d_id = (int) $d_id;
$d_number = (int) $d_number;
$sql4 = "UPDATE set_module SET cal_day_num = $d_number WHERE id = $d_id ";
Database::query($sql4);
print_r(unserialize($_POST['aaa']));
print_r(unserialize(Security::remove_XSS($_POST['aaa'])));
Display::display_footer();

4
main/extra/userInfo.php
Unescape View File

@ -414,7 +414,7 @@ if ($displayMode == "viewDefEdit") {
}
}
} else {
Display::display_normal_message(get_lang('ThisStudentIsSubscribeThroughASession'));
Display::return_message(get_lang('ThisStudentIsSubscribeThroughASession'), 'normal');
}
if (api_get_setting('allow_user_headings') == 'true' && $allowedToEditDef) {
@ -442,7 +442,7 @@ if ($displayMode == "viewDefEdit") {
}
// Edit command
if ($allowedToEditContent) {
echo "<br><br>\n",
echo "<br /><br />\n",
"<a href=\"".api_get_self()."?".api_get_cidreq(
)."&editContent=", $thisCat['catId'], "&uInfo=", $userIdViewed, "\">",
"<img src=\"../img/edit.gif\" border=\"0\" alt=\"edit\">",

114
main/extra/userInfoLib.php
Unescape View File

@ -70,7 +70,7 @@ function edit_cat_def($id, $title, $comment, $nbline)
$comment = Database::escape_string(trim($comment));
$nbline = strval(intval($nbline));
$sql = "UPDATE ".$TBL_USERINFO_DEF." SET
$sql = "UPDATE $TBL_USERINFO_DEF SET
title = '$title',
comment = '$comment',
line_count = '$nbline'
@ -105,7 +105,7 @@ function remove_cat_def($id, $force = false)
if ((0 == (int) $id || $id == "ALL") || !is_bool($force)) {
return false;
}
$sqlCondition = " WHERE id = '$id'";
$sqlCondition = " WHERE id = $id";
if (!$force) {
$sql = "SELECT * FROM $TBL_USERINFO_CONTENT $sqlCondition";
$result = Database::query($sql);
@ -140,7 +140,7 @@ function move_cat_rank($id, $direction) // up & down.
return false;
}
$sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = '$id'";
$sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = $id";
$result = Database::query($sql);
if (Database::num_rows($result) < 1) {
@ -185,7 +185,7 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
}
// this request find the 2 line to be switched (on rank value)
$sql = "SELECT id, rank FROM ".$TBL_USERINFO_DEF."
$sql = "SELECT id, rank FROM $TBL_USERINFO_DEF
WHERE rank $compOp $rank
ORDER BY rank $sort LIMIT 2";
@ -198,9 +198,9 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
$thisCat = Database::fetch_array($result);
$nextCat = Database::fetch_array($result);
$sql1 = "UPDATE ".$TBL_USERINFO_DEF." SET rank ='".$nextCat['rank'].
$sql1 = "UPDATE $TBL_USERINFO_DEF SET rank ='".$nextCat['rank'].
"' WHERE id = '".$thisCat['id']."'";
$sql2 = "UPDATE ".$TBL_USERINFO_DEF." SET rank ='".$thisCat['rank'].
$sql2 = "UPDATE $TBL_USERINFO_DEF SET rank ='".$thisCat['rank'].
"' WHERE id = '".$nextCat['id']."'";
Database::query($sql1);
@ -220,26 +220,28 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
*/
function update_user_course_properties($user_id, $course_code, $properties, $horaire_name, $course_id)
{
global $tbl_coursUser,$_user;
global $tbl_coursUser, $_user;
$sqlChangeStatus = "";
$user_id = strval(intval($user_id)); //filter integer
$user_id = (int) $user_id; //filter integer
$course_code = Database::escape_string($course_code);
$course_id = (int) $course_id;
$horaire_name = Database::escape_string($horaire_name);
$status = Database::escape_string($properties['status']);
$tutor = Database::escape_string($properties['tutor']);
if ($user_id != $_user['user_id']) {
$sqlChangeStatus = "status = '".Database::escape_string($properties['status'])."',";
$sqlChangeStatus = "status = '$status',";
}
$sql = "UPDATE $tbl_coursUser
SET ".$sqlChangeStatus."
is_tutor = '".Database::escape_string($properties['tutor'])."'
WHERE
user_id = '".$user_id."' AND
c_id = '".$course_id."'";
SET $sqlChangeStatus
is_tutor = '$tutor'
WHERE user_id = $user_id AND c_id = $course_id";
Database::query($sql);
//update official-code: Horaire
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$sql2 = "UPDATE $table_user
SET official_code = '".$horaire_name."'
WHERE user_id = '".$user_id."'";
SET official_code = '$horaire_name'
WHERE user_id = $user_id";
Database::query($sql2);
//on récupère l'horaire
$tbl_personal_agenda = Database:: get_main_table(TABLE_PERSONAL_AGENDA);
@ -247,9 +249,9 @@ function update_user_course_properties($user_id, $course_code, $properties, $hor
$jour = 0;
$sql3 = "SELECT date FROM $TABLECALDATES
WHERE
horaire_name = '".$horaire_name."' AND
horaire_name = '$horaire_name' AND
status = 'C' AND
c_id = '".$course_id."'
c_id = $course_id
ORDER BY date ";
$result3 = Database::query($sql3);
@ -258,13 +260,13 @@ function update_user_course_properties($user_id, $course_code, $properties, $hor
}
//on efface ce qui est déjà inscrit
$sql4 = "DELETE FROM ".$tbl_personal_agenda."
WHERE user = '".$user_id."'
$sql4 = "DELETE FROM $tbl_personal_agenda
WHERE user = $user_id
AND text = 'Pour le calendrier, ne pas effacer'";
Database::query($sql4);
$sql = "DELETE FROM ".$tbl_personal_agenda."
WHERE user = '".$user_id."' AND title = 'Examen*'";
$sql = "DELETE FROM $tbl_personal_agenda
WHERE user = $user_id AND title = 'Examen*'";
Database::query($sql);
//à chaque date dans l'horaire
while ($res3 = Database::fetch_array($result3)) {
@ -274,12 +276,12 @@ function update_user_course_properties($user_id, $course_code, $properties, $hor
$jour = $jour + 1;
//on réinsère le nouvel horaire
$sql = "INSERT ".$tbl_personal_agenda." (user,title,text,date)
VALUES ('".$user_id."','".$jour."','Pour le calendrier, ne pas effacer','".$date."')";
VALUES ($user_id, $jour, 'Pour le calendrier, ne pas effacer', '$date')";
Database::query($sql);
// pour les inscrire examens dans agenda
$sql5 = "SELECT date FROM $TABLECALDATES
WHERE horaire_name = '".$horaire_name."' AND status = 'E'
AND c_id = '".$course_id."'
WHERE horaire_name = '$horaire_name' AND status = 'E'
AND c_id = '$course_id'
ORDER BY date
";
$result5 = Database::query($sql5);
@ -290,7 +292,7 @@ function update_user_course_properties($user_id, $course_code, $properties, $hor
$date = $res5['date'];
$date = api_get_utc_datetime($date);
//on réinsère le nouvel horaire
$sql7 = "INSERT ".$tbl_personal_agenda." (user,title,date) VALUES ('".$user_id."','Examen*','".$date."')";
$sql7 = "INSERT $tbl_personal_agenda (user, title, date) VALUES ($user_id, 'Examen*', '$date')";
Database::query($sql7);
}
}
@ -315,8 +317,8 @@ function fill_new_cat_content($definition_id, $user_id, $content = "", $user_ip
if (empty($user_ip)) {
$user_ip = $_SERVER['REMOTE_ADDR'];
}
$definition_id = strval(intval($definition_id));
$user_id = strval(intval($user_id));
$definition_id = (int) $definition_id;
$user_id = (int) $user_id;
$content = Database::escape_string(trim($content));
$user_ip = Database::escape_string(trim($user_ip));
@ -327,9 +329,9 @@ function fill_new_cat_content($definition_id, $user_id, $content = "", $user_ip
}
// Do not create if already exist
$sql = "SELECT id FROM ".$TBL_USERINFO_CONTENT."
$sql = "SELECT id FROM $TBL_USERINFO_CONTENT
WHERE definition_id = '$definition_id'
AND user_id = '$user_id'";
AND user_id = $user_id";
$result = Database::query($sql);
@ -337,10 +339,10 @@ function fill_new_cat_content($definition_id, $user_id, $content = "", $user_ip
return false;
}
$sql = "INSERT INTO ".$TBL_USERINFO_CONTENT." SET
$sql = "INSERT INTO $TBL_USERINFO_CONTENT SET
content = '$content',
definition_id = '$definition_id',
user_id = '$user_id',
definition_id = $definition_id,
user_id = $user_id,
editor_ip = '$user_ip',
edition_time = now()";
@ -365,8 +367,8 @@ function fill_new_cat_content($definition_id, $user_id, $content = "", $user_ip
function edit_cat_content($definition_id, $user_id, $content = "", $user_ip = "")
{
global $TBL_USERINFO_CONTENT;
$definition_id = strval(intval($definition_id));
$user_id = strval(intval($user_id));
$definition_id = (int) $definition_id;
$user_id = (int) $user_id;
$content = Database::escape_string(trim($content));
if (empty($user_ip)) {
$user_ip = $_SERVER['REMOTE_ADDR'];
@ -381,11 +383,11 @@ function edit_cat_content($definition_id, $user_id, $content = "", $user_ip = ""
return cleanout_cat_content($user_id, $definition_id);
}
$sql = "UPDATE ".$TBL_USERINFO_CONTENT." SET
$sql = "UPDATE $TBL_USERINFO_CONTENT SET
content = '$content',
editor_ip = '$user_ip',
edition_time = now()
WHERE definition_id = '$definition_id' AND user_id = '$user_id'";
WHERE definition_id = $definition_id AND user_id = $user_id";
Database::query($sql);
@ -406,15 +408,15 @@ function edit_cat_content($definition_id, $user_id, $content = "", $user_ip = ""
function cleanout_cat_content($user_id, $definition_id)
{
global $TBL_USERINFO_CONTENT;
$user_id = strval(intval($user_id));
$definition_id = strval(intval($definition_id));
$user_id = (int) $user_id;
$definition_id = (int) $definition_id;
if (0 == $user_id || 0 == $definition_id) {
return false;
}
$sql = "DELETE FROM ".$TBL_USERINFO_CONTENT."
WHERE user_id = '$user_id' AND definition_id = '$definition_id'";
$sql = "DELETE FROM $TBL_USERINFO_CONTENT
WHERE user_id = $user_id AND definition_id = $definition_id";
Database::query($sql);
@ -437,10 +439,11 @@ function get_course_user_info($user_id)
$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);
$user_id = (int) $user_id;
$sql = "SELECT cat.id catId, cat.title,
cat.comment , content.content
FROM ".$TBL_USERINFO_DEF." cat LEFT JOIN ".$TBL_USERINFO_CONTENT." content
ON cat.id = content.definition_id AND content.user_id = '$user_id'
FROM $TBL_USERINFO_DEF cat LEFT JOIN $TBL_USERINFO_CONTENT content
ON cat.id = content.definition_id AND content.user_id = $user_id
ORDER BY cat.rank, content.id";
$result = Database::query($sql);
@ -468,8 +471,9 @@ function get_course_user_info($user_id)
*/
function get_main_user_info($user_id, $courseCode)
{
$user_id = strval(intval($user_id));
$user_id = (int) $user_id;
$courseCode = Database::escape_string($courseCode);
$courseId = api_get_course_int_id($courseCode);
if (0 == $user_id) {
return false;
}
@ -481,8 +485,8 @@ function get_main_user_info($user_id, $courseCode)
cu.status status, cu.is_tutor as tutor_id
FROM $table_user u, $table_course_user cu
WHERE u.user_id = cu.user_id AND cu.relation_type<>".COURSE_RELATION_TYPE_RRHH."
AND u.user_id = '$user_id'
AND cu.c_id = '$c_id'";
AND u.user_id = $user_id
AND cu.c_id = $courseId";
$result = Database::query($sql);
@ -512,15 +516,15 @@ function get_cat_content($userId, $catId)
$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);
$userId = strval(intval($userId));
$catId = strval(intval($catId));
$userId = (int) $userId;
$catId = (int) $catId;
$sql = "SELECT cat.id catId, cat.title,
cat.comment , cat.line_count,
content.id contentId, content.content
FROM $TBL_USERINFO_DEF cat LEFT JOIN $TBL_USERINFO_CONTENT content
ON cat.id = content.definition_id
AND content.user_id = '$userId'
WHERE cat.id = '$catId' ";
AND content.user_id = $userId
WHERE cat.id = $catId ";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
@ -545,10 +549,10 @@ function get_cat_content($userId, $catId)
*/
function get_cat_def($catId)
{
$TBL_USERINFO_DEF = Database:: get_course_table(userinfo_def);
$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
$catId = strval(intval($catId));
$sql = "SELECT id, title, comment, line_count, rank FROM ".$TBL_USERINFO_DEF." WHERE id = '$catId'";
$catId = (int) $catId;
$sql = "SELECT id, title, comment, line_count, rank FROM $TBL_USERINFO_DEF WHERE id = $catId";
$result = Database::query($sql);
@ -574,10 +578,10 @@ function get_cat_def($catId)
*/
function get_cat_def_list()
{
$TBL_USERINFO_DEF = Database:: get_course_table(userinfo_def);
$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
$sql = "SELECT id catId, title, comment , line_count
FROM ".$TBL_USERINFO_DEF."
FROM $TBL_USERINFO_DEF
ORDER BY rank";
$result = Database::query($sql);

Write Preview
Loading…
Cancel
Save