documentAPI + gestion leaderboard in storage API

14 years ago · 205946b2ab
parent ca04bce15d
commit 205946b2ab
6 changed files with 279 additions and 12 deletions
--- a/main/document/remote.php
+++ b/main/document/remote.php
@ -0,0 +1,101 @@
+<?php
+// By Arnaud Ligot <arnaud@cblue.be>
+// Based on work done for old videoconference application
+
+// params:
+// action=list cidReq=course_Code cwd=folder		result: json output
+
+// I have about 30 minutes to write this peace of code so if somebody has more time, feel free to rewrite it...
+
+
+
+/* See license terms in /license.txt */
+
+/* FIX for IE cache when using https */
+session_cache_limiter("none");
+
+/*==== DEBUG ====*/
+$debug=0;
+
+
+if ($debug>0)
+{
+	// dump the request
+	$v = array_keys(get_defined_vars());
+	error_log(var_export($v, true),3, '/tmp/log');
+
+	foreach (array_keys(get_defined_vars()) as $k) {
+		if ($k == 'GLOBALS')
+			continue;
+		error_log($k, 3, '/tmp/log');
+		error_log(var_export($$k, true), 3, '/tmp/log');
+	}
+
+}
+
+/*==== INCLUDE ====*/
+require_once '../inc/global.inc.php';
+api_block_anonymous_users();
+require_once (api_get_path(LIBRARY_PATH)."course.lib.php");
+require_once (api_get_path(LIBRARY_PATH)."document.lib.php");
+require_once ("../newscorm/learnpath.class.php");
+
+/*==== Variables initialisation ====*/
+$action = $_REQUEST["action"]; //safe as only used in if()'s
+$seek = array('/','%2F','..');
+$destroy = array('','','');
+$cidReq = str_replace($seek,$destroy,$_REQUEST["cidReq"]);
+$cidReq = Security::remove_XSS($cidReq);
+
+$user_id = api_get_user_id();
+$coursePath = api_get_path(SYS_COURSE_PATH).$cidReq.'/document';
+$_course = CourseManager::get_course_information($cidReq);
+if ($_course == null) die ("problem when fetching course information");
+
+// stupid variable initialisation for old version of DocumentManager functions.
+$_course['path'] = $_course['directory'];
+$_course['dbName'] = $_course['db_name'];
+
+$is_manager = (CourseManager::get_user_in_course_status($user_id, $cidReq) == COURSEMANAGER);
+
+if ($debug>0) error_log($coursePath, 0);
+
+// FIXME: check security around $_REQUEST["cwd"]
+$cwd = $_REQUEST["cwd"];
+
+
+// treat /..
+$nParent = 0; // the number of /.. into the url
+while (substr($cwd, -3, 3) == "/..")
+{
+	// go to parent directory
+	$cwd= substr($cwd, 0, -3);
+	if (strlen($cwd) == 0) $cwd="/";
+	$nParent++;
+}
+for (;$nParent >0; $nParent--){
+	$cwd = (strrpos($cwd,'/')>-1 ? substr($cwd, 0, strrpos($cwd,'/')) : $cwd);
+}
+
+if (strlen($cwd) == 0) $cwd="/";
+
+if (Security::check_abs_path($cwd,api_get_path(SYS_PATH)))
+	die();
+
+
+if ($action == "list")
+{
+	/*==== List files ====*/
+	if ($debug>0) error_log("sending file list",0);
+	
+	// get files list
+	$files = DocumentManager::get_all_document_data($_course, $cwd, 0, NULL, false);
+
+	// adding download link to files
+	foreach($files as $k=>$f) 
+		if ($f['filetype'] == 'file')
+			$files[$k]['download'] = api_get_path(WEB_CODE_PATH)."/document/document.php?cidReq=$cidReq&action=download&id=".urlencode($f['path']);
+	print json_encode($files);
+	exit;
+}
+?>
--- a/main/newscorm/js/documentapi.js
+++ b/main/newscorm/js/documentapi.js
@ -0,0 +1,28 @@
+// JS interface enabling scrom content to use main/document/remote.php easily
+// CBlue SPRL, Arnaud Ligot <arnaud@cblue.be>
+
+
+lms_documents_list = function(path) {
+	var result;
+	$.ajax({
+		async: false,
+		type: "POST",
+		datatype: "json",
+		url: "../document/remote.php",
+		data: {
+			action: "list",
+			cwd: path,
+			cidReq: chamilo_courseCode,
+		},
+		success: function(data) {
+			result = eval("("+data+")");
+		}
+	});
+	return result;
+}
+
+// Accessor object
+function DOCUMENTAPIobject() {
+	this.list = lms_documents_list;
+}
+var DOCUMENTAPI = new DOCUMENTAPIobject();
--- a/main/newscorm/js/storageapi.js
+++ b/main/newscorm/js/storageapi.js
@ -48,6 +48,51 @@ lms_storage_getValue_user = function(sv_key, sv_user) {
 	return result;
 }

+lms_storage_getPosition_user = function(sv_key, sv_user, sv_asc) {
+	var result;
+	$.ajax({
+		async: false,
+		type: "POST",
+		url: "storageapi.php",
+		data: {
+			action: "getposition",
+			svkey: sv_key,
+			svuser: sv_user,
+			svcourse: sv_course,
+			svsco: sv_sco,
+			svasc: sv_asc
+		},
+		success: function(data) {
+			result = data;
+		}
+	});
+	return result;
+}
+
+lms_storage_getLeaders_user = function(sv_key, sv_user, sv_asc, sv_length) {
+	var result;
+	$.ajax({
+		async: false,
+		type: "POST",
+		url: "storageapi.php",
+		data: {
+			action: "getleaders",
+			svkey: sv_key,
+			svuser: sv_user,
+			svcourse: sv_course,
+			svsco: sv_sco,
+			svasc: sv_asc,
+			svlength: sv_length
+		},
+		success: function(data) {
+			result = eval("("+data+")");
+		}
+	});
+	return result;
+}
+
+
+
 lms_storage_getAll_user = function(sv_user) {
 	var result;
 	$.ajax({
@ -61,7 +106,7 @@ lms_storage_getAll_user = function(sv_user) {
 			svsco: sv_sco
 		},
 		success: function(data) {
-			result = eval(data);
+			result = eval("("+data+")");
 		}
 	});
 	return result;
@ -162,7 +207,7 @@ lms_storage_stack_getAll_user = function(sv_key, sv_user) {
 			svsco: sv_sco
 		},
 		success: function(data) {
-			result = eval(data);
+			result = eval("("+data+")");
 		}
 	});
 	return result;
@ -178,7 +223,7 @@ lms_storage_getAllUsers = function() {
 			action: "usersgetall"
 		},
 		success: function(data) {
-			result = eval(data);
+			result = eval("("+data+")");
 		}
 	});
 	return result;
@ -192,6 +237,14 @@ lms_storage_getValue = function(sv_key) {
 	return lms_storage_getValue_user(sv_key, sv_user);
 }

+lms_storage_getPosition = function(sv_key, sv_asc) {
+	return lms_storage_getPosition_user(sv_key, sv_user, sv_asc);
+}
+
+lms_storage_getLeaders = function(sv_key, sv_asc, sv_length) {
+	return lms_storage_getLeaders_user(sv_key, sv_user, sv_asc, sv_length);
+}
+
 lms_storage_getAll = function() {
 	return lms_storage_getAll_user(sv_user);
 }
@ -226,6 +279,10 @@ function STORAGEAPIobject() {
 	this.getValue_user = lms_storage_getValue_user;
 	this.getAll = lms_storage_getAll;
 	this.getAll_user = lms_storage_getAll_user;
+	this.getPosition_user = lms_storage_getPosition_user;
+	this.getPosition = lms_storage_getPosition;
+	this.getLeaders_user = lms_storage_getLeaders_user;
+	this.getLeaders = lms_storage_getLeaders;
 	this.stack_push = lms_storage_stack_push;
 	this.stack_push_user = lms_storage_stack_push_user;
 	this.stack_pop = lms_storage_stack_pop;
--- a/main/newscorm/lp_controller.php
+++ b/main/newscorm/lp_controller.php
@ -54,13 +54,6 @@ $(window).load(function () {
 });
 </script>';

-// Storage API
-$htmlHeadXtra[] = '<script type="text/javascript">
-var sv_user = \''.api_get_user_id().'\';
-var sv_course = \''.api_get_course_id().'\';
-var sv_sco = \''.$_REQUEST['lp_id'].'\';
-</script>';
-$htmlHeadXtra[] = '<script type="text/javascript" src="js/storageapi.js"></script>';
 // Flag to allow for anonymous user - needs to be set before global.inc.php.
 $use_anonymous = true;

--- a/main/newscorm/lp_view.php
+++ b/main/newscorm/lp_view.php
@ -120,6 +120,20 @@ if (isset($exerciseResult) || isset($_SESSION['exerciseResult'])) {
 unset($_SESSION['objExercise']);
 unset($_SESSION['questionList']);

+///// additional APIs
+$htmlHeadXtra[] = '<script type="text/javascript" language="javascript">
+chamilo_courseCode = "'.$course_code.'";
+</script>';
+// Document API
+$htmlHeadXtra[] = '<script src="js/documentapi.js" type="text/javascript" language="javascript"></script>';
+// Storage API
+$htmlHeadXtra[] = '<script type="text/javascript">
+var sv_user = \''.api_get_user_id().'\';
+var sv_course = chamilo_courseCode;
+var sv_sco = \''.$_REQUEST['lp_id'].'\';
+</script>'; // FIXME fetch sco and userid from a more reliable source directly in sotrageapi.js
+$htmlHeadXtra[] = '<script type="text/javascript" src="js/storageapi.js"></script>';
+
 /**
 * Get a link to the corresponding document.
 */
--- a/main/newscorm/storageapi.php
+++ b/main/newscorm/storageapi.php
@ -5,6 +5,14 @@

 require_once('../inc/global.inc.php');

+// variable cleaning...
+foreach (Array("svkey", "svvalue") as $key)
+	//FIXME use chamilo api
+	$_REQUEST[$key] = mysql_escape_string($_REQUEST[$key]);
+
+foreach (Array("svuser", "svcourse", "svsco", "svlength", "svasc") as $key)
+	$_REQUEST[$key] = intval($_REQUEST[$key]);
+
 switch ($_REQUEST['action']) {
 	case "get":
 		print storage_get($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
@ -36,10 +44,19 @@ switch ($_REQUEST['action']) {
 		}
 		break;
 	case "stackgetall":
-		print storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
+		if (storage_can_set($_REQUEST['svuser'])) 
+			print storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
+		break;
+	case "getposition":
+		print storage_get_position($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc']);
+		break;
+	case "getleaders":
+		print storage_get_leaders($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc'], $_REQUEST['svlength']);
 		break;
 	case "usersgetall":
-		print storage_get_all_users();
+// security issue
+		print "NOT allowed, security issue, see sources";
+//		print storage_get_all_users();
 		break;
 	default:
 		// Do nothing
@ -75,6 +92,63 @@ function storage_get($sv_user, $sv_course, $sv_sco, $sv_key) {
 		return null;
 	}
 }
+			
+function storage_get_leaders($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length) {
+
+	// get leaders
+	$sql_leaders = "select u.user_id, firstname, lastname, email, username, sv_value as value
+		from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." sv,
+			".Database::get_main_table(TABLE_MAIN_USER)." u
+		where u.user_id=sv.user_id
+		and sco_id = '$sv_sco'
+		and course_id = '$sv_course'
+		and sv_key = '$sv_key'
+		order by sv_value ".($sv_asc ? "ASC": "DESC")." limit $sv_length";
+//	$sql_data = "select sv.user_id as user_id, sv_key as variable, sv_value as value
+//		from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." sv
+//		where sv.user_id in (select u2.user_id from ($sql_leaders) u2)
+//		and sco_id = '$sv_sco'
+//		and course_id = '$sv_course'";
+//	$resData = Database::query($sql_data);
+//	$data = Array();
+//	while($row = Database::fetch_assoc($resData))
+//		$data[] = $row; // fetching all data
+//
+	$resLeaders = Database::query($sql_leaders);
+	$result = array();
+	while ($row = Database::fetch_assoc($resLeaders)) {
+		$row["values"] = array();
+//		foreach($data as $dataRow) {
+//			if ($dataRow["user_id"] = $row["user_id"])
+//				$row["values"][$dataRow["variable"]] = $dataRow["value"];
+//		}
+		$result[] = $row;
+	} 
+	return json_encode($result);
+}
+
+function storage_get_position($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length) {
+	$sql = "select count(list.user_id) as position 
+		from ".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." search,
+			".Database::get_main_table(TABLE_MAIN_STORED_VALUES)." list
+		where search.user_id= '$sv_user'
+		and search.sco_id = '$sv_sco'
+		and search.course_id = '$sv_course'
+		and search.sv_key = '$sv_key'
+		and list.sv_value ".($sv_asc ? "<=": ">=")." search.sv_value
+		and list.sco_id = search.sco_id
+		and list.course_id = search.course_id
+		and list.sv_key = search.sv_key
+		order by list.sv_value" ;
+	$res = Database::query($sql);
+	if (mysql_num_rows($res) > 0) {
+		$row = Database::fetch_assoc($res);
+		return $row['position'];
+	}
+	else {
+		return null;
+	}
+}

 function storage_set($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value) {
 	$sv_value = mysql_real_escape_string($sv_value);