chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing more queries due the new database changes (single database) see #3910

Browse Source
skala
Julio Montoya 14 years ago
parent 98c3b8fe03
commit 1c9ddb4341
15 changed files with 184 additions and 149 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 21
      main/blog/blog.php
  2. 6
      main/forum/iframe_thread.php
  3. 4
      main/forum/viewforum.php
  4. 4
      main/inc/ajax/lp.ajax.php
  5. 81
      main/inc/lib/blog.lib.php
  6. 6
      main/newscorm/aicc.class.php
  7. 116
      main/newscorm/learnpath.class.php
  8. 2
      main/newscorm/learnpath_functions.inc.php
  9. 3
      main/newscorm/lp_add.php
  10. 3
      main/newscorm/lp_add_item.php
  11. 11
      main/newscorm/lp_admin_view.php
  12. 5
      main/newscorm/lp_edit_item.php
  13. 6
      main/newscorm/lp_move_item.php
  14. 3
      main/newscorm/lp_view_item.php
  15. 62
      main/newscorm/resourcelinker.inc.php

21
main/blog/blog.php
Unescape View File

@ -20,7 +20,6 @@ $this_section=SECTION_COURSES;
// notice for unauthorized people.
api_protect_course_script(true);
//session
if(isset($_GET['id_session'])) {
$_SESSION['id_session'] = intval($_GET['id_session']);
@ -43,16 +42,15 @@ $current_page = $_GET['action'];
PROCESSING
*/
$safe_post_title = Security::remove_XSS($_POST['post_title']);
$safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']);
$safe_post_full_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['post_full_text'])), COURSEMANAGERLOWSECURITY);
$safe_comment_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['comment_text'])), COURSEMANAGERLOWSECURITY);
$safe_comment_title = Security::remove_XSS($_POST['comment_title']);
$safe_task_name = Security::remove_XSS($_POST['task_name']);
$safe_task_description = Security::remove_XSS($_POST['task_description']);
$safe_post_title = Security::remove_XSS($_POST['post_title']);
$safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']);
$safe_post_full_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['post_full_text'])), COURSEMANAGERLOWSECURITY);
$safe_comment_text = Security::remove_XSS(stripslashes(api_html_entity_decode($_POST['comment_text'])), COURSEMANAGERLOWSECURITY);
$safe_comment_title = Security::remove_XSS($_POST['comment_title']);
$safe_task_name = Security::remove_XSS($_POST['task_name']);
$safe_task_description = Security::remove_XSS($_POST['task_description']);
if (!empty($_POST['new_post_submit']) AND !empty($_POST['post_title']))
{
if (!empty($_POST['new_post_submit']) AND !empty($_POST['post_title'])) {
Blog :: create_post($safe_post_title, $safe_post_full_text, $safe_post_file_comment,$blog_id);
$return_message = array('type' => 'confirmation', 'message' => get_lang('BlogAdded'));
}
@ -352,6 +350,8 @@ if ($flag == '1')
$user_task = false;
$course_id = api_get_course_int_id();
if (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) {
$task_id = (int)$_GET['task_id'];
} else {
@ -361,6 +361,7 @@ if (isset ($_GET['task_id']) && is_numeric($_GET['task_id'])) {
$sql = "SELECT COUNT(*) as number
FROM ".$tbl_blogs_tasks_rel_user."
WHERE
c_id = $course_id AND
blog_id = ".$blog_id." AND
user_id = ".api_get_user_id()." AND
task_id = ".$task_id;

6
main/forum/iframe_thread.php
Unescape View File

@ -85,6 +85,8 @@ if (!api_is_allowed_to_edit(false, true) AND ($current_forum['visibility'] == 0
}
}
$course_id = api_get_course_int_id();
/* Display Forum Category and the Forum information */
// We are getting all the information about the current forum and forum category.
@ -92,7 +94,9 @@ if (!api_is_allowed_to_edit(false, true) AND ($current_forum['visibility'] == 0
// but the problem is that the visibility of the forum AND forum cateogory are stored in the item_property table.
$sql = "SELECT * FROM $table_posts posts, $table_users users
WHERE posts.thread_id='".$current_thread['thread_id']."'
WHERE
posts.c_id = $course_id AND
posts.thread_id='".$current_thread['thread_id']."'
AND posts.poster_id=users.user_id
ORDER BY posts.post_id ASC";
$result = Database::query($sql);

4
main/forum/viewforum.php
Unescape View File

@ -326,6 +326,8 @@ $threads = get_threads($my_forum); // Note: This has to be cleaned first.
$whatsnew_post_info = isset($_SESSION['whatsnew_post_info']) ? $_SESSION['whatsnew_post_info'] : null;
$course_id = api_get_course_int_id();
$counter = 0;
if (is_array($threads)) {
foreach ($threads as $row) {
@ -393,7 +395,7 @@ if (is_array($threads)) {
$attachment_list = get_attachment($row['post_id']);
$id_attach = !empty($attachment_list) ? $attachment_list['id'] : '';
$sql_post_id = "SELECT post_id FROM $table_posts WHERE post_title='".Database::escape_string($row['thread_title'])."'";
$sql_post_id = "SELECT post_id FROM $table_posts WHERE c_id = $course_id AND post_title='".Database::escape_string($row['thread_title'])."'";
$result_post_id = Database::query($sql_post_id);
$row_post_id = Database::fetch_array($result_post_id);

4
main/inc/ajax/lp.ajax.php
Unescape View File

@ -8,6 +8,8 @@ require_once '../global.inc.php';
api_protect_course_script(true);
$action = $_REQUEST['a'];
$course_id = api_get_course_int_id();
switch ($action) {
case 'update_lp_item_order':
if (api_is_allowed_to_edit(null, true)) {
@ -34,7 +36,7 @@ switch ($action) {
$params['previous_item_id'] = isset($new_array[$i-1]) && isset($new_array[$i-1]['id']) ? $new_array[$i-1]['id'] : 0;
$params['next_item_id'] = isset($new_array[$i+1]) && isset($new_array[$i+1]['id']) ? $new_array[$i+1]['id'] : 0;
$params['parent_item_id'] = $parent_id;
Database::update($tbl_lp_item, $params, array('id = ? '=>intval($id)));
Database::update($tbl_lp_item, $params, array('id = ? AND c_id = ? '=> array(intval($id), $course_id)));
$counter ++;
}
Display::display_confirmation_message(get_lang('Saved'));

81
main/inc/lib/blog.lib.php
Unescape View File

@ -25,13 +25,15 @@ class Blog {
* @return String Blog Title
*/
public static function get_blog_title ($blog_id) {
$course_id = api_get_course_int_id();
if(is_numeric($blog_id)) {
// init
$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_name
FROM " . $tbl_blogs . "
WHERE blog_id = " . intval($blog_id);
WHERE c_id = $course_id AND blog_id = " . intval($blog_id);
$result = Database::query($sql);
$blog = Database::fetch_array($result);
@ -51,7 +53,8 @@ class Blog {
public static function get_blog_subtitle ($blog_id) {
// init
$tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE blog_id ='".intval($blog_id)."'";
$course_id = api_get_course_int_id();
$sql = "SELECT blog_subtitle FROM $tbl_blogs WHERE c_id = $course_id AND blog_id ='".intval($blog_id)."'";
$result = Database::query($sql);
$blog = Database::fetch_array($result);
return stripslashes($blog['blog_subtitle']);
@ -237,12 +240,12 @@ class Blog {
if(!empty($_FILES['user_upload']['name'])) {
require_once('fileUpload.lib.php');
$upload_ok = process_uploaded_file($_FILES['user_upload']);
require_once 'fileUpload.lib.php';
$upload_ok = process_uploaded_file($_FILES['user_upload']);
$has_attachment=true;
}
if($upload_ok) {
if ($upload_ok) {
// Table Definitions
$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
@ -264,12 +267,9 @@ class Blog {
// user's file name
$file_name =$_FILES['user_upload']['name'];
if (!filter_extension($new_file_name))
{
if (!filter_extension($new_file_name)) {
Display :: display_error_message(get_lang('UplUnableToSaveFileFilteredExtension'));
}
else
{
} else {
$new_file_name = uniqid('');
$new_path=$updir.'/'.$new_file_name;
$result= @move_uploaded_file($_FILES['user_upload']['tmp_name'], $new_path);
@ -280,8 +280,7 @@ class Blog {
$sql='INSERT INTO '.$blog_table_attachment.'(c_id, filename,comment, path, post_id,size, blog_id,comment_id) '.
"VALUES ($course_id, '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$last_post_id."', '".intval($_FILES['user_upload']['size'])."', '".$blog_id."', '0' )";
$result=Database::query($sql);
$message.=' / '.get_lang('AttachmentUpload');
exit;
$message.=' / '.get_lang('AttachmentUpload');
}
}
}
@ -1335,8 +1334,9 @@ class Blog {
*/
public static function display_task_list ($blog_id) {
global $charset;
if(api_is_allowed('BLOG_' . $blog_id, 'article_add'))
{
$course_id = api_get_course_int_id();
if(api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
// Init
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$counter = 0;
@ -1360,8 +1360,7 @@ class Blog {
"</tr>\n";
$sql = "
SELECT
$sql = " SELECT
blog_id,
task_id,
blog_id,
@ -1370,10 +1369,8 @@ class Blog {
color,
system_task
FROM " . $tbl_blogs_tasks . "
WHERE blog_id = " . (int)$blog_id . "
ORDER BY
system_task,
title";
WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
ORDER BY system_task, title";
$result = Database::query($sql);
@ -1665,8 +1662,7 @@ class Blog {
$year = date("Y");
global $MonthsLong;
$course_id = api_get_course_int_id();
$course_id = api_get_course_int_id();
// Get users in this blog / make select list of it
$sql = "SELECT user.user_id, user.firstname, user.lastname FROM $tbl_users user
@ -1693,10 +1689,8 @@ class Blog {
color,
system_task
FROM " . $tbl_blogs_tasks . "
WHERE blog_id = " . (int)$blog_id . "
ORDER BY
system_task,
title";
WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
ORDER BY system_task, title";
$result = Database::query($sql);
$select_task_list = '<select name="task_task_id">';
@ -1815,9 +1809,10 @@ class Blog {
$sql = "
SELECT target_date
FROM $tbl_blogs_tasks_rel_user
WHERE blog_id = '".(int)$blog_id."'
AND user_id = '".(int)$user_id."'
AND task_id = '".(int)$task_id."'";
WHERE c_id = $course_id AND
blog_id = '".(int)$blog_id."' AND
user_id = '".(int)$user_id."' AND
task_id = '".(int)$task_id."'";
$result = Database::query($sql);
$row = Database::fetch_assoc($result);
@ -1849,7 +1844,7 @@ class Blog {
color,
system_task
FROM " . $tbl_blogs_tasks . "
WHERE blog_id = " . (int)$blog_id . "
WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
ORDER BY system_task, title";
$result = Database::query($sql);
@ -1948,7 +1943,8 @@ class Blog {
$sql = "
SELECT COUNT(*) as 'number'
FROM " . $tbl_blogs_tasks_rel_user . "
WHERE blog_id = " . (int)$blog_id . "
WHERE c_id = $course_id AND
blog_id = " . (int)$blog_id . "
AND user_id = " . (int)$user_id . "
AND task_id = " . (int)$task_id . "
";
@ -1985,6 +1981,7 @@ class Blog {
$sql = "SELECT COUNT(*) as 'number'
FROM " . $tbl_blogs_tasks_rel_user . "
WHERE
c_id = $course_id AND
blog_id = " . (int)$blog_id . " AND
user_id = " . (int)$user_id . " AND
task_id = " . (int)$task_id . "
@ -2802,25 +2799,23 @@ function get_blog_attachment($blog_id, $post_id=null,$comment_id=null)
$post_id = Database::escape_string($post_id);
$row=array();
$where='';
if (!empty ($post_id) && is_numeric($post_id))
{
if (!empty ($post_id) && is_numeric($post_id)) {
$where.=' AND post_id ="'.$post_id.'" ';
}
if (!empty ($comment_id) && is_numeric($comment_id) )
{
if (!empty ($post_id) )
{
if (!empty ($comment_id) && is_numeric($comment_id)) {
if (!empty ($post_id)) {
$where.= ' AND ';
}
$where.=' comment_id ="'.$comment_id.'" ';
}
$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$course_id = api_get_course_int_id();
$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where;
$result=Database::query($sql);
if (Database::num_rows($result)!=0)
{
if (Database::num_rows($result)!=0) {
$row=Database::fetch_array($result);
}
return $row;
@ -2843,6 +2838,8 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
$blog_id = Database::escape_string($blog_id);
$comment_id = Database::escape_string($comment_id);
$post_id = Database::escape_string($post_id);
$course_id = api_get_course_int_id();
// delete files in DB
if (!empty ($post_id) && is_numeric($post_id) )
@ -2864,7 +2861,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
$sys_course_path = api_get_path(SYS_COURSE_PATH);
$updir = $sys_course_path.$courseDir;
$sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$sql= 'SELECT path FROM '.$blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where;
$result=Database::query($sql);
while ($row=Database::fetch_row($result))
@ -2875,7 +2872,7 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
@ unlink($file);
}
}
$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE blog_id ="'.intval($blog_id).'" '.$where;
$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where;
Database::query($sql);
}
/**

6
main/newscorm/aicc.class.php
Unescape View File

@ -227,6 +227,8 @@ class aicc extends learnpath {
* @return bool Returns -1 on error
*/
function import_aicc($course_code) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) { error_log('New LP - In aicc::import_aicc('.$course_code.')', 0); }
// Get table names.
$new_lp = 'lp';
@ -237,9 +239,7 @@ class aicc extends learnpath {
$res = Database::query($sql);
if (Database::num_rows($res) < 1) { error_log('New LP - Database for '.$course_code.' not found '.__FILE__.' '.__LINE__, 0); return -1; }
$row = Database::fetch_array($res);
$course_id = api_get_course_int_id();
$new_lp = Database::get_course_table(TABLE_LP_MAIN);
$new_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$get_max = "SELECT MAX(display_order) FROM $new_lp WHERE c_id = $course_id";

116
main/newscorm/learnpath.class.php
Unescape View File

@ -437,9 +437,6 @@ class learnpath {
$new_item_id = -1;
$id = $this->escape_string($id);
$course_id = api_get_course_int_id();
if ($type == 'quiz') {
$sql = 'SELECT SUM(ponderation)
FROM ' . Database :: get_course_table(TABLE_QUIZ_QUESTION) . ' as quiz_question
@ -454,7 +451,6 @@ class learnpath {
$max_score = 100;
}
if ($prerequisites != 0) {
$sql_ins = "INSERT INTO " . $tbl_lp_item . " (
c_id,
@ -1000,7 +996,7 @@ class learnpath {
error_log('New LP - learnpath::delete_item() - deleted ' . $num . ' children of element ' . $id, 0);
}
// Now delete the item.
$sql_del = "DELETE FROM $lp_item WHERE id = $id";
$sql_del = "DELETE FROM $lp_item WHERE c_id = $course_id AND id = $id";
if ($this->debug > 2) {
error_log('New LP - Deleting item: ' . $sql_del, 0);
}
@ -2925,8 +2921,6 @@ class learnpath {
$lp_item_table = Database::get_course_table(TABLE_LP_ITEM);
$lp_item_view_table = Database::get_course_table(TABLE_LP_ITEM_VIEW);
$item_id = Database::escape_string($item_id);
$sel = "SELECT l.lp_type as ltype, l.path as lpath, li.item_type as litype, li.path as lipath, li.parameters as liparams
FROM $lp_table l, $lp_item_table li
@ -3001,7 +2995,8 @@ class learnpath {
if ($type_quiz) {
$lp_item_id = Database :: escape_string($lp_item_id);
$lp_view_id = Database :: escape_string($lp_view_id);
$sql = "SELECT count(*) FROM $lp_item_view_table WHERE lp_item_id='" . (int) $lp_item_id . "' AND lp_view_id ='" . (int) $lp_view_id . "' AND status='completed'";
$sql = "SELECT count(*) FROM $lp_item_view_table
WHERE c_id = $course_id AND lp_item_id='" . (int) $lp_item_id . "' AND lp_view_id ='" . (int) $lp_view_id . "' AND status='completed'";
$result = Database::query($sql);
$row_count = Database :: fetch_row($result);
$count_item_view = (int) $row_count[0];
@ -3271,6 +3266,7 @@ class learnpath {
* @return integer New display order, or false on error
*/
public function move_item($id, $direction) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::move_item(' . $id . ',' . $direction . ')', 0);
}
@ -3412,6 +3408,7 @@ class learnpath {
* @param integer Learnpath ID
*/
public function move_up($lp_id) {
$course_id = api_get_course_int_id();
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$sql = "SELECT * FROM $lp_table WHERE c_id = ".$course_id." ORDER BY display_order";
$res = Database::query($sql);
@ -3452,6 +3449,7 @@ class learnpath {
* @param integer Learnpath ID
*/
public function move_down($lp_id) {
$course_id = api_get_course_int_id();
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$sql = "SELECT * FROM $lp_table ORDER BY display_order";
$res = Database::query($sql);
@ -3845,6 +3843,8 @@ class learnpath {
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_encoding()', 0);
}
$course_id = api_get_course_int_id();
/* // Deprecated code (Chamilo 1.8.8).
$enc = strtoupper($enc);
@ -3900,6 +3900,8 @@ class learnpath {
error_log('New LP - In learnpath::set_jslib()', 0);
}
$lp = $this->get_id();
$course_id = api_get_course_int_id();
if ($lp != 0) {
$tbl_lp = Database :: get_course_table(TABLE_LP_MAIN);
$sql = "UPDATE $tbl_lp SET js_lib = '$lib' WHERE c_id = ".$course_id." AND id = " . $lp;
@ -3923,6 +3925,7 @@ class learnpath {
return false;
$this->maker = $this->escape_string($name);
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$course_id = api_get_course_int_id();
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET content_maker = '" . $this->maker . "' WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
@ -3947,6 +3950,7 @@ class learnpath {
$this->name = $this->escape_string($name);
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$course_id = api_get_course_int_id();
$sql = "UPDATE $lp_table SET name = '" . $this->name . "' WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new name : ' . $this->name, 0);
@ -3970,6 +3974,7 @@ class learnpath {
* @return boolean False on error, true otherwise
*/
public function set_terms_by_prefix($terms_string, $prefix) {
$course_id = api_get_course_int_id();
if (api_get_setting('search_enabled') !== 'true')
return false;
@ -3995,7 +4000,7 @@ class learnpath {
$items_table = Database :: get_course_table(TABLE_LP_ITEM);
// TODO: Make query secure agains XSS : use member attr instead of post var.
$lp_id = intval($_POST['lp_id']);
$sql = "SELECT * FROM $items_table WHERE lp_id = $lp_id";
$sql = "SELECT * FROM $items_table WHERE c_id = $course_id AND lp_id = $lp_id";
$result = Database::query($sql);
$di = new DokeosIndexer();
@ -4048,6 +4053,7 @@ class learnpath {
* @return bool Returns true if theme name is not empty
*/
public function set_theme($name = '') {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_theme()', 0);
}
@ -4069,9 +4075,11 @@ class learnpath {
* @return bool Returns true if theme name is not empty
*/
public function set_preview_image($name = '') {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_preview_image()', 0);
}
$this->preview_image = $this->escape_string($name);
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
@ -4089,6 +4097,7 @@ class learnpath {
* @return bool Returns true if author's name is not empty
*/
public function set_author($name = '') {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_author()', 0);
}
@ -4108,24 +4117,24 @@ class learnpath {
* @return bool Returns true if author's name is not empty
*/
public function set_hide_toc_frame($hide) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_hide_toc_frame()', 0);
}
if (intval($hide) == $hide){
$this->hide_toc_frame = $hide;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET hide_toc_frame = '" . $this->hide_toc_frame . "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new preview hide_toc_frame : ' . $this->author, 0);
}
$res = Database::query($sql);
return true;
}
else {
return false;
}
if (intval($hide) == $hide){
$this->hide_toc_frame = $hide;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET hide_toc_frame = '" . $this->hide_toc_frame . "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new preview hide_toc_frame : ' . $this->author, 0);
}
$res = Database::query($sql);
return true;
} else {
return false;
}
}
/**
@ -4134,6 +4143,7 @@ class learnpath {
* @return bool returns true if prerequisite is not empty
*/
public function set_prerequisite($prerequisite) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_prerequisite()', 0);
}
@ -4155,6 +4165,7 @@ class learnpath {
* @return boolean True on success / False on error
*/
public function set_proximity($name = '') {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_proximity()', 0);
}
@ -4191,6 +4202,7 @@ class learnpath {
* @return boolean True on success / False on error
*/
public function set_use_max_score($use_max_score = 1) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_use_max_score()', 0);
}
@ -4213,6 +4225,7 @@ class learnpath {
* @return bool Returns true if author's name is not empty
*/
public function set_expired_on($expired_on) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_expired_on()', 0);
}
@ -4239,6 +4252,7 @@ class learnpath {
* @return bool Returns true if author's name is not empty
*/
public function set_publicated_on($publicated_on) {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_expired_on()', 0);
}
@ -4391,6 +4405,7 @@ class learnpath {
* @return string The current default view mode ('fullscreen' or 'embedded')
*/
public function update_default_view_mode() {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::update_default_view_mode()', 0);
}
@ -4424,6 +4439,7 @@ class learnpath {
* @return boolean True if auto-commit has been set to 'on', false otherwise
*/
public function update_default_scorm_commit() {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::update_default_scorm_commit()', 0);
}
@ -4457,8 +4473,8 @@ class learnpath {
* @return bool True on success, false on failure
*/
public function update_display_order() {
$course_id = api_get_course_int_id();
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM $lp_table WHERE c_id = ".$course_id." ORDER BY display_order";
$res = Database::query($sql);
@ -4488,6 +4504,7 @@ class learnpath {
* @return boolean True if prevent_reinit has been set to 'on', false otherwise (or 1 or 0 in this case)
*/
public function update_reinit() {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::update_reinit()', 0);
}
@ -4547,7 +4564,8 @@ class learnpath {
* @author ndiechburg <noel@cblue.be>
**/
public function set_attempt_mode($mode) {
switch ($mode) {
$course_id = api_get_course_int_id();
switch ($mode) {
case 'seriousgame' :
$sg_mode = 1;
$prevent_reinit = 1;
@ -4584,28 +4602,27 @@ class learnpath {
* @return boolean
* @author ndiechburg <noel@cblue.be>
**/
public function switch_attempt_mode()
{
if ($this->debug > 0) {
error_log('New LP - In learnpath::switch_attempt_mode()', 0);
}
$mode = $this->get_attempt_mode();
switch ($mode) {
case 'single' :
$next_mode = 'multiple';
break;
case 'multiple' :
$next_mode = 'seriousgame';
break;
case 'seriousgame' :
$next_mode = 'single';
break;
default :
$next_mode = 'single';
break;
public function switch_attempt_mode() {
if ($this->debug > 0) {
error_log('New LP - In learnpath::switch_attempt_mode()', 0);
}
$mode = $this->get_attempt_mode();
switch ($mode) {
case 'single' :
$next_mode = 'multiple';
break;
case 'multiple' :
$next_mode = 'seriousgame';
break;
case 'seriousgame' :
$next_mode = 'single';
break;
default :
$next_mode = 'single';
break;
}
$this->set_attempt_mode($next_mode);
}
$this->set_attempt_mode($next_mode);
}
/**
* Swithc the lp in ktm mode. This is a special scorm mode with unique attempt but possibility to do again a completed item.
@ -4613,8 +4630,8 @@ class learnpath {
* @return boolean true if seriousgame_mode has been set to 1, false otherwise
* @author ndiechburg <noel@cblue.be>
**/
public function set_seriousgame_mode()
{
public function set_seriousgame_mode() {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_seriousgame_mode()', 0);
}
@ -4646,6 +4663,7 @@ class learnpath {
* @return boolean True if scorm_debug has been set to 'on', false otherwise (or 1 or 0 in this case)
*/
public function update_scorm_debug() {
$course_id = api_get_course_int_id();
if ($this->debug > 0) {
error_log('New LP - In learnpath::update_scorm_debug()', 0);
}

2
main/newscorm/learnpath_functions.inc.php
Unescape View File

@ -700,7 +700,7 @@ function is_prereq($learnpath_id) {
$result_items = Database::query($sql_items);
while ($ar = Database::fetch_array($result_items)) {
$c = $ar['id'];
$sql_items2 = "SELECT * FROM $tbl_lp_item WHERE lp_id = $learnpath_id AND parent_item_id='$c' ORDER BY display_order ASC";
$sql_items2 = "SELECT * FROM $tbl_lp_item WHERE c_id = $course_id AND lp_id = $learnpath_id AND parent_item_id='$c' ORDER BY display_order ASC";
$result_items2 = Database::query($sql_items2);
while ($ar2 = Database::fetch_array($result_items2)) {
if ($ar2['prerequisite'] != '') {

3
main/newscorm/lp_add.php
Unescape View File

@ -86,7 +86,8 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
}
// From here on, we are admin because of the previous condition, so don't check anymore.
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$course_id = api_get_course_int_id();
$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
$result = Database::query($sql_query);
$therow = Database::fetch_array($result);

3
main/newscorm/lp_add_item.php
Unescape View File

@ -157,8 +157,9 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
exit;
}
// From here on, we are admin because of the previous condition, so don't check anymore.
$course_id = api_get_course_int_id();
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
$result = Database::query($sql_query);
$therow = Database::fetch_array($result);

11
main/newscorm/lp_admin_view.php
Unescape View File

@ -34,7 +34,7 @@ $language_file = "learnpath";
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
@ -54,7 +54,9 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
}
// From here on, we are admin because of the previous condition, so don't check anymore.
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$course_id = api_get_course_int_id();
$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
$result = Database::query($sql_query);
$therow = Database::fetch_array($result);
@ -242,7 +244,7 @@ if (isset($_POST['save_audio'])) {
}
}
if (count($lp_items_to_remove_audio)>0) {
$sql = "UPDATE $tbl_lp_item SET audio = '' WHERE id IN (".$in.")";
$sql = "UPDATE $tbl_lp_item SET audio = '' WHERE c_id = $course_id AND id IN (".$in.")";
$result = Database::query($sql);
}
@ -296,7 +298,8 @@ if (isset($_POST['save_audio'])) {
// Store the mp3 file in the lp_item table.
$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$sql_insert_audio = "UPDATE $tbl_lp_item SET audio = '".Database::escape_string($file)."' WHERE id = '".Database::escape_string($lp_item_id)."'";
$sql_insert_audio = "UPDATE $tbl_lp_item SET audio = '".Database::escape_string($file)."'
WHERE c_id = $course_id AND id = '".Database::escape_string($lp_item_id)."'";
Database::query($sql_insert_audio);
}
}

5
main/newscorm/lp_edit_item.php
Unescape View File

@ -74,7 +74,8 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
}
// From here on, we are admin because of the previous condition, so don't check anymore.
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$course_id = api_get_course_int_id();
$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
$result = Database::query($sql_query);
$therow = Database::fetch_array($result);
@ -138,7 +139,7 @@ echo '<table cellpadding="0" cellspacing="0" class="lp_build">';
$path_item = isset($_GET['path_item']) ? $_GET['path_item'] : 0;
$path_item = Database::escape_string($path_item);
$tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
$sql_doc = "SELECT path FROM " . $tbl_doc . " WHERE id = '". $path_item."' ";
$sql_doc = "SELECT path FROM " . $tbl_doc . " WHERE c_id = $course_id AND id = '". $path_item."' ";
$res_doc = Database::query($sql_doc);
$path_file = Database::result($res_doc, 0, 0);
$path_parts = pathinfo($path_file);

6
main/newscorm/lp_move_item.php
Unescape View File

@ -58,7 +58,7 @@ $_SESSION['oLP']->get_js_dropdown_array() .
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$tbl_lp_view = Database::get_course_table(TABLE_LP_VIEW);
@ -91,7 +91,9 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
}
// From here on, we are admin because of the previous condition, so don't check anymore.
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$course_id = api_get_course_int_id();
$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
$result = Database::query($sql_query);
$therow = Database::fetch_array($result);

3
main/newscorm/lp_view_item.php
Unescape View File

@ -95,7 +95,8 @@ if ((!$is_allowed_to_edit) || ($isStudentView)) {
}
// From here on, we are admin because of the previous condition, so don't check anymore.
$sql_query = "SELECT * FROM $tbl_lp WHERE id = $learnpath_id";
$course_id = api_get_course_int_id();
$sql_query = "SELECT * FROM $tbl_lp WHERE c_id = $course_id AND id = $learnpath_id";
$result=Database::query($sql_query);
$therow=Database::fetch_array($result);

62
main/newscorm/resourcelinker.inc.php
Unescape View File

@ -1584,7 +1584,9 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
$learnpath_id = intval($learnpath_id);
$id_in_path = intval($id_in_path);
$sql_item = "SELECT * FROM $tbl_lp_item WHERE lp_id = $learnpath_id AND id = $id_in_path";
$course_id = $_course['real_id'];
$sql_item = "SELECT * FROM $tbl_lp_item WHERE c_id = $course_id AND lp_id = $learnpath_id AND id = $id_in_path";
$res_item = Database::query($sql_item);
if (Database::num_rows($res_item) < 1) return -1; //exit
$row_item = Database::fetch_array($res_item);
@ -1607,16 +1609,16 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
$link .= $main_dir_path.'announcements/announcements.php?origin='.$origin.'&ann_id='.$id;
break;
case TOOL_LINK:
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
$result= Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id");
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK);
$result= Database::query("SELECT * FROM $TABLETOOLLINK WHERE c_id = $course_id AND id=$id");
$myrow=Database::fetch_array($result);
$thelink=$myrow["url"];
$link .= $thelink;
break;
case TOOL_QUIZ:
if (!empty($id)) {
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
$sql = "SELECT * FROM $TBL_EXERCICES WHERE id=$id";
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
$sql = "SELECT * FROM $TBL_EXERCICES WHERE c_id = $course_id AND id=$id";
$result= Database::query($sql);
$myrow=Database::fetch_array($result);
@ -1627,7 +1629,7 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
break;
case 'hotpotatoes': //lowercase because of strtolower above
$TBL_DOCUMENT = Database::get_course_table(TABLE_DOCUMENT);
$result = Database::query("SELECT * FROM ".$TBL_DOCUMENT." WHERE id=$id");
$result = Database::query("SELECT * FROM ".$TBL_DOCUMENT." WHERE c_id = $course_id AND id=$id");
$myrow = Database::fetch_array($result);
$path = $myrow['path'];
$link .= $main_dir_path.'exercice/showinframes.php?file='.$path.'' .
@ -1638,9 +1640,9 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
$link .= $main_dir_path.'forum/viewforum.php?forum='.$id.'&lp=true&origin=learnpath';
break;
case TOOL_THREAD: //forum post
$tbl_topics = Database::get_course_table(TABLE_FORUM_THREAD, $_course['database']);
$tbl_topics = Database::get_course_table(TABLE_FORUM_THREAD);
if (!empty($id)) {
$sql = "SELECT * FROM $tbl_topics where thread_id=$id";
$sql = "SELECT * FROM $tbl_topics WHERE c_id = $course_id AND thread_id=$id";
$result = Database::query($sql);
$myrow = Database::fetch_array($result);
$link .= $main_dir_path.'forum/viewthread.php?origin=learnpath&thread='.$id.'' .
@ -1648,8 +1650,8 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
}
break;
case TOOL_POST:
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
$result = Database::query("SELECT * FROM $tbl_post where post_id=$id");
$tbl_post = Database::get_course_table(TABLE_FORUM_POST);
$result = Database::query("SELECT * FROM $tbl_post WHERE c_id = $course_id AND post_id=$id");
$myrow = Database::fetch_array($result);
$title = $myrow['post_title'];
//$desc = $row_item['description'];
@ -1664,8 +1666,8 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
'&lp=true';
break;
case TOOL_DOCUMENT:
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT,$_course['database']);
$sql = "SELECT * FROM $tbl_doc WHERE id=$id";
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT);
$sql = "SELECT * FROM $tbl_doc WHERE c_id = $course_id AND id=$id";
$result = Database::query($sql);
$myrow = Database::fetch_array($result);
$docurl = str_replace('%2F', '/', urlencode($myrow['path']));
@ -1710,10 +1712,10 @@ function rl_get_resource_link_for_learnpath($course_code, $learnpath_id, $id_in_
*/
function rl_get_resource_name($course_code, $learnpath_id, $id_in_path) {
$_course = Database::get_course_info($course_code);
$course_id = $_course['real_id'];
$tbl_lp_item = Database::get_course_table(TABLE_LP_ITEM);
$sql_item = "SELECT * FROM $tbl_lp_item " .
"WHERE lp_id = $learnpath_id AND id = $id_in_path";
$sql_item = "SELECT * FROM $tbl_lp_item WHERE c_id = $course_id AND lp_id = $learnpath_id AND id = $id_in_path";
$res_item = Database::query($sql_item);
if (Database::num_rows($res_item) < 1) {
@ -1726,48 +1728,48 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path) {
switch ($type) {
case TOOL_CALENDAR_EVENT:
$TABLEAGENDA = Database::get_course_table(TABLE_AGENDA,$_course['database']);
$result = Database::query("SELECT * FROM $TABLEAGENDA WHERE id=$id");
$TABLEAGENDA = Database::get_course_table(TABLE_AGENDA);
$result = Database::query("SELECT * FROM $TABLEAGENDA WHERE c_id = $course_id AND id=$id");
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_ANNOUNCEMENT:
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT,$_course['database']);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE id=$id");
$tbl_announcement = Database::get_course_table(TABLE_ANNOUNCEMENT);
$result = Database::query("SELECT * FROM $tbl_announcement WHERE c_id = $course_id AND id=$id");
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_LINK:
// Doesn't take $target into account.
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK,$_course['database']);
$result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE id=$id");
$TABLETOOLLINK = Database::get_course_table(TABLE_LINK);
$result = Database::query("SELECT * FROM $TABLETOOLLINK WHERE c_id = $course_id AND id=$id");
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_QUIZ:
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST,$_course['database']);
$result = Database::query("SELECT * FROM $TBL_EXERCICES WHERE id=$id");
$TBL_EXERCICES = Database::get_course_table(TABLE_QUIZ_TEST);
$result = Database::query("SELECT * FROM $TBL_EXERCICES WHERE c_id = $course_id AND id=$id");
$myrow = Database::fetch_array($result);
$output = $myrow['title'];
break;
case TOOL_FORUM:
$TBL_FORUMS = Database::get_course_table(TABLE_FORUM,$_course['database']);
$result = Database::query("SELECT * FROM $TBL_FORUMS WHERE forum_id=$id");
$TBL_FORUMS = Database::get_course_table(TABLE_FORUM);
$result = Database::query("SELECT * FROM $TBL_FORUMS WHERE c_id = $course_id AND forum_id=$id");
$myrow = Database::fetch_array($result);
$output = $myrow['forum_name'];
break;
case TOOL_THREAD: //=topics
$tbl_post = Database::get_course_table(TABLE_FORUM_POST, $_course['database']);
$tbl_post = Database::get_course_table(TABLE_FORUM_POST);
// Grabbing the title of the post.
$sql_title = "SELECT * FROM $tbl_post WHERE post_id=".$id;
$sql_title = "SELECT * FROM $tbl_post WHERE c_id = $course_id AND post_id=".$id;
$result_title = Database::query($sql_title);
$myrow_title = Database::fetch_array($result_title);
$output = $myrow_title['post_title'];
break;
case TOOL_POST:
$tbl_post = Database::get_course_table(TABLE_FORUM_POST,$_course['database']);
$tbl_post = Database::get_course_table(TABLE_FORUM_POST);
//$tbl_post_text = Database::get_course_table(FORUM_POST_TEXT_TABLE);
$sql = "SELECT * FROM $tbl_post p WHERE p.post_id = $id";
$sql = "SELECT * FROM $tbl_post p WHERE c_id = $course_id AND p.post_id = $id";
$result = Database::query($sql);
$post = Database::fetch_array($result);
$output = $post['post_title'];
@ -1789,8 +1791,8 @@ function rl_get_resource_name($course_code, $learnpath_id, $id_in_path) {
}
break;
case 'hotpotatoes':
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT, $_course['database']);
$result = Database::query("SELECT * FROM $tbl_doc WHERE id=$id");
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT);
$result = Database::query("SELECT * FROM $tbl_doc WHERE c_id = $course_id AND id=$id");
$myrow = Database::fetch_array($result);
$pathname = explode('/', $myrow['path']); // Making a correct name for the link.
$last = count($pathname) - 1; // Making a correct name for the link.

Write Preview
Loading…
Cancel
Save