[svn r12204] Updated all table names to use Database class (called in dropbox_config.inc.php) and removed dangerous ` signs

skala
Yannick Warnier 18 years ago
parent 325bc6eb48
commit 24042b9485
  1. 41
      main/dropbox/dropbox_class.inc.php
  2. 16
      main/dropbox/dropbox_config.inc.php
  3. 6
      main/dropbox/dropbox_download.php
  4. 52
      main/dropbox/dropbox_functions.inc.php
  5. 31
      main/dropbox/dropbox_init.inc.php
  6. 2
      main/dropbox/dropbox_submit.php
  7. 4
      main/dropbox/index.php

@ -160,7 +160,7 @@ class Dropbox_Work {
// with updated information (authors, descriptio, upload_date)
$this->isOldWork = FALSE;
$sql="SELECT id, upload_date
FROM `".dropbox_cnf("fileTbl")."`
FROM ".dropbox_cnf("tbl_file")."
WHERE filename = '".addslashes($this->filename)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array($result);
@ -171,7 +171,7 @@ class Dropbox_Work {
{
$this->id = $res["id"];
$this->upload_date = $res["upload_date"];
$sql = "UPDATE `".dropbox_cnf("fileTbl")."`
$sql = "UPDATE ".dropbox_cnf("tbl_file")."
SET filesize = '".addslashes($this->filesize)."'
, title = '".addslashes($this->title)."'
, description = '".addslashes($this->description)."'
@ -183,7 +183,7 @@ class Dropbox_Work {
else
{
$this->upload_date = $this->last_upload_date;
$sql="INSERT INTO `".dropbox_cnf("fileTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_file")."
(uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date)
VALUES ('".addslashes($this->uploader_id)."'
, '".addslashes($this->filename)."'
@ -200,7 +200,7 @@ class Dropbox_Work {
}
// insert entries into person table
$sql="INSERT INTO `".dropbox_cnf("personTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_person")."
(file_id, user_id)
VALUES ('".addslashes($this->id)."'
, '".addslashes($this->uploader_id)."'
@ -222,7 +222,7 @@ class Dropbox_Work {
// get the data from DB
$sql="SELECT uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, cat_id
FROM `".dropbox_cnf("fileTbl")."`
FROM ".dropbox_cnf("tbl_file")."
WHERE id='".addslashes($id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array($result,MYSQL_ASSOC);
@ -258,7 +258,7 @@ class Dropbox_Work {
if ($_GET['action']=='viewfeedback' AND $this->id==$_GET['id'])
{
$feedback2=array();
$sql_feedback = "SELECT * FROM `".dropbox_cnf("tbl_feedback")."` WHERE file_id='".$id."' ORDER BY feedback_id ASC";
$sql_feedback = "SELECT * FROM ".dropbox_cnf("tbl_feedback")." WHERE file_id='".$id."' ORDER BY feedback_id ASC";
$result = api_sql_query($sql_feedback, __FILE__, __LINE__);
while ($row_feedback=mysql_fetch_array($result))
{
@ -270,8 +270,8 @@ class Dropbox_Work {
/*
// RH: Feedback
$result = api_sql_query("SELECT feedback_date, feedback, cat_id FROM `".
dropbox_cnf("postTbl")."` WHERE dest_user_id='".$_user['user_id'].
$result = api_sql_query("SELECT feedback_date, feedback, cat_id FROM ".
dropbox_cnf("tbl_post")." WHERE dest_user_id='".$_user['user_id'].
"' AND file_id='".$id."'",__FILE__,__LINE__);
if ($res = mysql_fetch_array($result))
{
@ -355,13 +355,13 @@ class Dropbox_SentWork extends Dropbox_Work
// insert data in dropbox_post and dropbox_person table for each recipient
foreach ($this->recipients as $rec)
{
$sql="INSERT INTO `".dropbox_cnf("postTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_post")."
(file_id, dest_user_id)
VALUES ('".addslashes($this->id)."', '".addslashes($rec["id"])."')";
$result = api_sql_query($sql); //if work already exists no error is generated
//insert entries into person table
$sql="INSERT INTO `".dropbox_cnf("personTbl")."`
$sql="INSERT INTO ".dropbox_cnf("tbl_person")."
(file_id, user_id)
VALUES ('".addslashes($this->id)."'
, '".addslashes($rec["id"])."'
@ -401,7 +401,7 @@ class Dropbox_SentWork extends Dropbox_Work
//Fill in recipients array/
$this->recipients = array(); // RH: Feedback: added to SELECT
$sql="SELECT dest_user_id, feedback_date, feedback
FROM `".dropbox_cnf("postTbl")."`
FROM ".dropbox_cnf("tbl_post")."
WHERE file_id='".addslashes($id)."'";
$result = api_sql_query($sql,__FILE__,__LINE__);
while ($res = mysql_fetch_array($result))
@ -452,11 +452,14 @@ class Dropbox_Person
//Note: perhaps include an ex coursemember check to delete old files
$post_tbl = Database::get_course_table();
$person_tbl = Database::get_course_table();
$file_tbl = Database::get_course_table();
// find all entries where this person is the recipient
$sql = "SELECT r.file_id
FROM
`".dropbox_cnf("postTbl")."` r
, `".dropbox_cnf("personTbl")."` p
".dropbox_cnf("tbl_post")." r
, ".dropbox_cnf("tbl_person")." p
WHERE r.dest_user_id = '".addslashes($this->userId)."'
AND r.dest_user_id = p.user_id
AND r.file_id = p.file_id";
@ -467,7 +470,7 @@ class Dropbox_Person
// find all entries where this person is the sender/uploader
$sql = "SELECT f.id
FROM `".dropbox_cnf("fileTbl")."` f, `".dropbox_cnf("personTbl")."` p
FROM ".dropbox_cnf("tbl_file")." f, ".dropbox_cnf("tbl_person")." p
WHERE f.uploader_id = '".addslashes($this->userId)."'
AND f.uploader_id = p.user_id
AND f.id = p.file_id";
@ -588,7 +591,7 @@ class Dropbox_Person
//delete entries in person table concerning received works
foreach ($this->receivedWork as $w)
{
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
}
removeUnusedFiles(); //check for unused files
@ -617,7 +620,7 @@ class Dropbox_Person
}
//delete entries in person table concerning received works
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
removeUnusedFiles(); //check for unused files
}
@ -630,7 +633,7 @@ class Dropbox_Person
//delete entries in person table concerning sent works
foreach ($this->sentWork as $w)
{
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$w->id."'",__FILE__,__LINE__);
removeMoreIfMailing($w->id); // RH: Mailing: see init1
}
removeUnusedFiles(); //check for unused files
@ -658,7 +661,7 @@ class Dropbox_Person
//$file_id = $this->sentWork[$index]->id; // RH: Mailing
//delete entries in person table concerning sent works
api_sql_query("DELETE FROM `".dropbox_cnf("personTbl")."` WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
api_sql_query("DELETE FROM ".dropbox_cnf("tbl_person")." WHERE user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);
removeMoreIfMailing($id); // RH: Mailing: see init1
removeUnusedFiles(); //check for unused files
@ -690,7 +693,7 @@ class Dropbox_Person
$this->receivedWork[$wi]->feedback_date = $feedback_date;
$this->receivedWork[$wi]->feedback = $text;
api_sql_query("UPDATE `".dropbox_cnf("postTbl")."` SET feedback_date='".
api_sql_query("UPDATE ".dropbox_cnf("tbl_post")." SET feedback_date='".
addslashes($feedback_date)."', feedback='".addslashes($text).
"' WHERE dest_user_id='".$this->userId."' AND file_id='".$id."'",__FILE__,__LINE__);

@ -33,14 +33,14 @@ $DEBUG = TRUE;
*       DATABASE TABLE VARIABLES
* --------------------------------------
*/
$dropbox_cnf["postTbl"] = $_course["dbNameGlu"] . "dropbox_post";
$dropbox_cnf["fileTbl"] = $_course["dbNameGlu"] . "dropbox_file";
$dropbox_cnf["personTbl"] = $_course["dbNameGlu"] . "dropbox_person";
$dropbox_cnf["introTbl"] = $_course["dbNameGlu"] . "tool_intro";
$dropbox_cnf["userTbl"] = $_configuration['main_database'] . "`.`user";
$dropbox_cnf["courseUserTbl"] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_category'] = $_course["dbNameGlu"] . "dropbox_category";
$dropbox_cnf['tbl_feedback'] = $_course["dbNameGlu"] . "dropbox_feedback";
$dropbox_cnf['tbl_post'] = Database::get_course_table(TABLE_DROPBOX_POST);
$dropbox_cnf['tbl_file'] = Database::get_course_table(TABLE_DROPBOX_FILE);
$dropbox_cnf['tbl_person'] = Database::get_course_table(TABLE_DROPBOX_PERSON);
$dropbox_cnf['tbl_intro'] = Database::get_course_table(TABLE_TOOL_INTRO);
$dropbox_cnf['tbl_user'] = Database::get_main_table(TABLE_MAIN_USER);
$dropbox_cnf['tbl_course_user'] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_category'] = Database::get_course_table(TABLE_DROPBOX_CATEGORY);
$dropbox_cnf['tbl_feedback'] = Database::get_course_table(TABLE_DROPBOX_FEEDBACK);
/**
* --------------------------------------

@ -65,7 +65,7 @@ if ( isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action']=
if ($_GET['sent_received']=='sent')
{
// here we also incorporate the person table to make sure that deleted sent documents are not included.
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_person"]." person
WHERE file.uploader_id='".mysql_real_escape_string($_user['user_id'])."'
AND file.cat_id='".mysql_real_escape_string($_GET['cat_id'])."'
AND person.user_id='".mysql_real_escape_string($_user['user_id'])."'
@ -74,7 +74,7 @@ if ( isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action']=
}
if ($_GET['sent_received']=='received')
{
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person, `".$dropbox_cnf["postTbl"]."` post
$sql="SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_personTbl"]." person, ".$dropbox_cnf["tbl_post"]." post
WHERE post.cat_id='".mysql_real_escape_string($_GET['cat_id'])."'
AND person.user_id='".mysql_real_escape_string($_user['user_id'])."'
AND person.file_id=file.id
@ -121,7 +121,7 @@ if ( ! isset( $_GET['id']) || ! is_numeric( $_GET['id']))
$allowed_to_download=false;
// Check if the user has sent or received the file.
$sql="SELECT * FROM `".$dropbox_cnf["personTbl"]."` WHERE file_id='".mysql_real_escape_string($_GET['id'])."' AND user_id='".mysql_real_escape_string($_user['user_id'])."'";
$sql="SELECT * FROM ".$dropbox_cnf["tbl_person"]." WHERE file_id='".mysql_real_escape_string($_GET['id'])."' AND user_id='".mysql_real_escape_string($_user['user_id'])."'";
$result=api_sql_query($sql);
if (mysql_num_rows($result)>0)
{

@ -126,13 +126,13 @@ function delete_category($action, $id)
if ($action=='deletereceivedcategory')
{
$sentreceived='received';
$entries_table=$dropbox_cnf['postTbl'];
$entries_table=$dropbox_cnf['tbl_post'];
$id_field='file_id';
}
elseif ($action=='deletesentcategory')
{
$sentreceived='sent';
$entries_table=$dropbox_cnf['fileTbl'];
$entries_table=$dropbox_cnf['tbl_file'];
$id_field='id';
}
else
@ -145,7 +145,7 @@ function delete_category($action, $id)
$result=api_sql_query($sql);
// step 2: delete all the documents in this category
$sql="SELECT * FROM `".$entries_table."` WHERE cat_id='".Database::escape_string($id)."'";
$sql="SELECT * FROM ".$entries_table." WHERE cat_id='".Database::escape_string($id)."'";
$result=api_sql_query($sql);
while ($row=mysql_fetch_array($result))
@ -209,7 +209,7 @@ function store_move($id, $target, $part)
{
if ($part=='received')
{
$sql="UPDATE `".$dropbox_cnf["postTbl"]."` SET cat_id='".Database::escape_string($target)."'
$sql="UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."'
WHERE dest_user_id='".Database::escape_string($_user['user_id'])."'
AND file_id='".Database::escape_string($id)."'
";
@ -218,7 +218,7 @@ function store_move($id, $target, $part)
}
if ($part=='sent')
{
$sql="UPDATE `".$dropbox_cnf["fileTbl"]."` SET cat_id='".Database::escape_string($target)."'
$sql="UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."'
WHERE uploader_id='".Database::escape_string($_user['user_id'])."'
AND id='".Database::escape_string($id)."'
";
@ -309,7 +309,7 @@ function get_dropbox_categories($filter='')
$return_array=array();
$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE user_id='".$_user['user_id']."'";
$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."'";
$result=api_sql_query($sql);
while ($row=mysql_fetch_array($result))
@ -367,14 +367,14 @@ function store_addcategory()
if (!$_POST['edit_id'])
{
// step 3a, we check if the category doesn't already exist
$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='".$sent."'";
$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='".$sent."'";
$result=api_sql_query($sql);
// step 3b, we add the category if it does not exist yet.
if (mysql_num_rows($result)==0)
{
$sql="INSERT INTO `".$dropbox_cnf['tbl_category']."` (cat_name, received, sent, user_id)
$sql="INSERT INTO ".$dropbox_cnf['tbl_category']." (cat_name, received, sent, user_id)
VALUES ('".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', '".Database::escape_string($_user['user_id'])."')";
api_sql_query($sql);
return get_lang('CategoryStored');
@ -386,7 +386,7 @@ function store_addcategory()
}
else
{
$sql="UPDATE `".$dropbox_cnf['tbl_category']."` SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
$sql="UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
WHERE user_id='".Database::escape_string($_user['user_id'])."'
AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
api_sql_query($sql);
@ -412,7 +412,7 @@ function display_addcategory_form($category_name='', $id='')
if (isset($id) AND $id<>'')
{
// retrieve the category we are editing
$sql="SELECT * FROM `".$dropbox_cnf['tbl_category']."` WHERE cat_id='".Database::escape_string($id)."'";
$sql="SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id='".Database::escape_string($id)."'";
$result=api_sql_query($sql);
$row=mysql_fetch_array($result);
@ -622,7 +622,7 @@ function getUserNameFromId ( $id) // RH: Mailing: return 'Mailing ' + id
}
$sql = "SELECT CONCAT(lastname,' ', firstname) AS name
FROM `" . dropbox_cnf("userTbl") . "`
FROM " . dropbox_cnf("tbl_user") . "
WHERE user_id='" . addslashes( $id) . "'";
$result = api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array( $result);
@ -638,7 +638,7 @@ function getUserNameFromId ( $id) // RH: Mailing: return 'Mailing ' + id
function getLoginFromId ( $id)
{
$sql = "SELECT username
FROM `" . dropbox_cnf("userTbl") . "`
FROM " . dropbox_cnf("tbl_user") . "
WHERE user_id='" . addslashes( $id) . "'";
$result =api_sql_query($sql,__FILE__,__LINE__);
$res = mysql_fetch_array( $result);
@ -667,16 +667,16 @@ function removeUnusedFiles( )
{
// select all files that aren't referenced anymore
$sql = "SELECT DISTINCT f.id, f.filename
FROM `" . dropbox_cnf("fileTbl") . "` f
LEFT JOIN `" . dropbox_cnf("personTbl") . "` p ON f.id = p.file_id
FROM " . dropbox_cnf("tbl_file") . " f
LEFT JOIN " . dropbox_cnf("tbl_person") . " p ON f.id = p.file_id
WHERE p.user_id IS NULL";
$result = api_sql_query($sql,__FILE__,__LINE__);
while ( $res = mysql_fetch_array( $result))
{
//delete the selected files from the post and file tables
$sql = "DELETE FROM `" . dropbox_cnf("postTbl") . "` WHERE file_id='" . $res['id'] . "'";
$sql = "DELETE FROM " . dropbox_cnf("tbl_post") . " WHERE file_id='" . $res['id'] . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
$sql = "DELETE FROM `" . dropbox_cnf("fileTbl") . "` WHERE id='" . $res['id'] . "'";
$sql = "DELETE FROM " . dropbox_cnf("tbl_file") . " WHERE id='" . $res['id'] . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
//delete file from server
@ -700,8 +700,8 @@ function removeUnusedFiles( )
function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '')
{
$sql = "SELECT f.uploader_id
FROM `" . dropbox_cnf("fileTbl") . "` f
LEFT JOIN `" . dropbox_cnf("postTbl") . "` p ON f.id = p.file_id
FROM " . dropbox_cnf("tbl_file") . " f
LEFT JOIN " . dropbox_cnf("tbl_post") . " p ON f.id = p.file_id
WHERE p.dest_user_id = '" . $mailingPseudoId . "'";
$result = api_sql_query($sql,__FILE__,__LINE__);
@ -727,7 +727,7 @@ function removeMoreIfMailing($file_id)
// for all content files, replace mailingPseudoId by owner as uploader
$sql = "SELECT p.dest_user_id
FROM `" . dropbox_cnf("postTbl") . "` p
FROM " . dropbox_cnf("tbl_post") . " p
WHERE p.file_id = '" . $file_id . "'";
$result = api_sql_query($sql,__FILE__,__LINE__);
@ -736,11 +736,11 @@ function removeMoreIfMailing($file_id)
$mailingPseudoId = $res['dest_user_id'];
if ( $mailingPseudoId > dropbox_cnf("mailingIdBase"))
{
$sql = "DELETE FROM `" . dropbox_cnf("personTbl") . "` WHERE user_id='" . $mailingPseudoId . "'";
$sql = "DELETE FROM " . dropbox_cnf("tbl_person") . " WHERE user_id='" . $mailingPseudoId . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
$sql = "UPDATE `" . dropbox_cnf("fileTbl") .
"` SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'";
$sql = "UPDATE " . dropbox_cnf("tbl_file") .
" SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'";
$result1 = api_sql_query($sql,__FILE__,__LINE__);
}
}
@ -1034,7 +1034,7 @@ function feedback_form()
// we now check if the other users have not delete this document yet. If this is the case then it is useless to see the
// add feedback since the other users will never get to see the feedback.
$sql="SELECT * FROM `".$dropbox_cnf["personTbl"]."` WHERE file_id='".Database::escape_string($_GET['id'])."'";
$sql="SELECT * FROM ".$dropbox_cnf["tbl_person"]." WHERE file_id='".Database::escape_string($_GET['id'])."'";
$result=api_sql_query($sql,__LINE__, __FILE__);
$number_users_who_see_file=mysql_num_rows($result);
if ($number_users_who_see_file>1)
@ -1070,7 +1070,7 @@ function store_feedback()
}
else
{
$sql="INSERT INTO `".$dropbox_cnf['tbl_feedback']."` (file_id, author_user_id, feedback, feedback_date) VALUES
$sql="INSERT INTO ".$dropbox_cnf['tbl_feedback']." (file_id, author_user_id, feedback, feedback_date) VALUES
('".Database::escape_string($_GET['id'])."','".Database::escape_string($_user['user_id'])."','".Database::escape_string($_POST['feedback'])."',NOW())";
api_sql_query($sql);
return get_lang('DropboxFeedbackStored');
@ -1112,7 +1112,7 @@ function zip_download ($array)
// note: we also have to add the check if the user has received or sent this file. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
$sql="SELECT distinct file.filename, file.title, file.author, file.description
FROM `".$dropbox_cnf["fileTbl"]."` file, `".$dropbox_cnf["personTbl"]."` person
FROM ".$dropbox_cnf["tbl_file"]." file, ".$dropbox_cnf["tbl_person"]." person
WHERE file.id IN (".implode(', ',$array).")
AND file.id=person.file_id
AND person.user_id='".$_user['user_id']."'";
@ -1362,7 +1362,7 @@ function get_total_number_feedback($file_id='')
{
global $dropbox_cnf;
$sql="SELECT COUNT(feedback_id) AS total, file_id FROM `".$dropbox_cnf['tbl_feedback']."` GROUP BY file_id";
$sql="SELECT COUNT(feedback_id) AS total, file_id FROM ".$dropbox_cnf['tbl_feedback']." GROUP BY file_id";
$result=api_sql_query($sql, __FILE__, __LINE__);
while ($row=mysql_fetch_array($result))
{

@ -321,35 +321,4 @@ if(! $is_allowed_in_course || ! $is_courseMember)
}
exit();
}
/**
* ========================================
*       SANITY CHECK
* ========================================
* @todo This has to be moved to the install / update script
*/
if (mysql_query("SELECT * FROM `".$dropbox_cnf['tbl_category']."`")==false)
{
$sql="CREATE TABLE `".$dropbox_cnf['tbl_category']."` (
`cat_id` int(11) NOT NULL auto_increment,
`cat_name` text NOT NULL,
`received` enum('0','1') NOT NULL default '0',
`sent` enum('0','1') NOT NULL default '0',
`user_id` int(11) NOT NULL default '0',
PRIMARY KEY (`cat_id`)
);";
api_sql_query($sql);
}
if (mysql_query("SELECT cat_id FROM `".$dropbox_cnf["fileTbl"]."`")==false)
{
$sql="ALTER TABLE `".$dropbox_cnf["fileTbl"]."`
ADD `cat_id` int(11) NOT NULL default '0'";
api_sql_query($sql);
}
?>

@ -527,7 +527,7 @@ if ( isset( $_GET['mailingIndex'])) // examine or send
$sendDT = addslashes(date("Y-m-d H:i:s",time()));
// set filesize to zero on send, to avoid 2nd send (see index.php)
$sql = "UPDATE `".dropbox_cnf("fileTbl")."`
$sql = "UPDATE ".dropbox_cnf("tbl_file")."
SET filesize = '0'
, upload_date = '".$sendDT."', last_upload_date = '".$sendDT."'
WHERE id='".addslashes($mailing_item->id)."'";

@ -107,6 +107,10 @@ Version 1.3 (Patrick Cool)
- same action on multiple documents ([zip]download, move, delete)
- consistency with the docuements tool (open/download file, icons of documents, ...)
- zip download of complete folder
Version 1.4 (Yannick Warnier)
-----------------------------
- removed all self-built database tables names
==============================================================================
*/

Loading…
Cancel
Save