chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Adding course int id see #3910

Browse Source
skala
Julio Montoya 14 years ago
parent f34cad338b
commit 295e32b22d
6 changed files with 67 additions and 50 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 25
      main/dropbox/dropbox_class.inc.php
  2. 6
      main/dropbox/dropbox_config.inc.php
  3. 9
      main/dropbox/dropbox_download.php
  4. 63
      main/dropbox/dropbox_functions.inc.php
  5. 7
      main/work/work.lib.php
  6. 3
      main/work/work.php

25
main/dropbox/dropbox_class.inc.php
Unescape View File

@ -210,15 +210,6 @@ class Dropbox_Work {
} }
$this->feedback2= $feedback2; $this->feedback2= $feedback2;
} }
/*
$result = Database::query("SELECT feedback_date, feedback, cat_id FROM ".
dropbox_cnf('tbl_post')." WHERE dest_user_id='".$_user['user_id'].
"' AND file_id='".$id."'");
if ($res = Database::fetch_array($result)) {
$this->feedback_date = $res['feedback_date'];
$this->feedback = $res['feedback'];
$this->category = $res['cat_id'];
} // do not fail if there is no recipient = current user...*/
} }
} }
@ -322,6 +313,8 @@ class Dropbox_SentWork extends Dropbox_Work
function _createExistingSentWork ($id) { function _createExistingSentWork ($id) {
global $dropbox_cnf; global $dropbox_cnf;
$course_id = api_get_course_int_id();
// Call constructor of Dropbox_Work object // Call constructor of Dropbox_Work object
$this->Dropbox_Work($id); $this->Dropbox_Work($id);
@ -332,7 +325,7 @@ class Dropbox_SentWork extends Dropbox_Work
$this->recipients = array(); $this->recipients = array();
$sql = "SELECT dest_user_id, feedback_date, feedback $sql = "SELECT dest_user_id, feedback_date, feedback
FROM ".$dropbox_cnf['tbl_post']." FROM ".$dropbox_cnf['tbl_post']."
WHERE file_id='".Database::escape_string($id)."'"; WHERE c_id = $course_id AND file_id='".Database::escape_string($id)."'";
$result = Database::query($sql); $result = Database::query($sql);
while ($res = Database::fetch_array($result)) { while ($res = Database::fetch_array($result)) {
// Check for deleted users // Check for deleted users
@ -532,12 +525,14 @@ class Dropbox_Person
*/ */
function deleteReceivedWorkFolder($id) { function deleteReceivedWorkFolder($id) {
global $dropbox_cnf; global $dropbox_cnf;
$course_id = api_get_course_int_id();
$id = intval($id); $id = intval($id);
$sql = "DELETE FROM ".$dropbox_cnf['tbl_file']." WHERE cat_id = '".$id."' "; $sql = "DELETE FROM ".$dropbox_cnf['tbl_file']." WHERE c_id = $course_id AND cat_id = '".$id."' ";
if (!Database::query($sql)) return false; if (!Database::query($sql)) return false;
$sql = "DELETE FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id = '".$id."' "; $sql = "DELETE FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id = '".$id."' ";
if (!Database::query($sql)) return false; if (!Database::query($sql)) return false;
$sql = "DELETE FROM ".$dropbox_cnf['tbl_post']." WHERE cat_id = '".$id."' "; $sql = "DELETE FROM ".$dropbox_cnf['tbl_post']." WHERE c_id = $course_id AND cat_id = '".$id."' ";
if (!Database::query($sql)) return false; if (!Database::query($sql)) return false;
return true; return true;
} }
@ -618,6 +613,8 @@ class Dropbox_Person
* @param unknown_type $text * @param unknown_type $text
*/ */
function updateFeedback($id, $text) { function updateFeedback($id, $text) {
$course_id = api_get_course_int_id();
global $_course, $dropbox_cnf; global $_course, $dropbox_cnf;
$id = intval($id); $id = intval($id);
@ -641,7 +638,7 @@ class Dropbox_Person
Database::query("UPDATE ".$dropbox_cnf['tbl_post']." SET feedback_date='". Database::query("UPDATE ".$dropbox_cnf['tbl_post']." SET feedback_date='".
Database::escape_string($feedback_date)."', feedback='".Database::escape_string($text). Database::escape_string($feedback_date)."', feedback='".Database::escape_string($text).
"' WHERE dest_user_id='".$this->userId."' AND file_id='".$id."'"); "' WHERE c_id = $course_id AND dest_user_id='".$this->userId."' AND file_id='".$id."'");
// Update item_property table // Update item_property table

6
main/dropbox/dropbox_config.inc.php
Unescape View File

@ -9,12 +9,13 @@ $DEBUG = false; // TODO: Is this needed?
/** /**
* DATABASE TABLE VARIABLES * DATABASE TABLE VARIABLES
*/ */
$dropbox_cnf['tbl_user'] = Database::get_main_table(TABLE_MAIN_USER);
$dropbox_cnf['tbl_course_user'] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_post'] = Database::get_course_table(TABLE_DROPBOX_POST); $dropbox_cnf['tbl_post'] = Database::get_course_table(TABLE_DROPBOX_POST);
$dropbox_cnf['tbl_file'] = Database::get_course_table(TABLE_DROPBOX_FILE); $dropbox_cnf['tbl_file'] = Database::get_course_table(TABLE_DROPBOX_FILE);
$dropbox_cnf['tbl_person'] = Database::get_course_table(TABLE_DROPBOX_PERSON); $dropbox_cnf['tbl_person'] = Database::get_course_table(TABLE_DROPBOX_PERSON);
$dropbox_cnf['tbl_intro'] = Database::get_course_table(TABLE_TOOL_INTRO); $dropbox_cnf['tbl_intro'] = Database::get_course_table(TABLE_TOOL_INTRO);
$dropbox_cnf['tbl_user'] = Database::get_main_table(TABLE_MAIN_USER);
$dropbox_cnf['tbl_course_user'] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_category'] = Database::get_course_table(TABLE_DROPBOX_CATEGORY); $dropbox_cnf['tbl_category'] = Database::get_course_table(TABLE_DROPBOX_CATEGORY);
$dropbox_cnf['tbl_feedback'] = Database::get_course_table(TABLE_DROPBOX_FEEDBACK); $dropbox_cnf['tbl_feedback'] = Database::get_course_table(TABLE_DROPBOX_FEEDBACK);
@ -43,5 +44,4 @@ $dropbox_cnf['mailingWhereSTUDENTID'] = 'official_code';
$dropbox_cnf['mailingWhereUSERID'] = 'username'; $dropbox_cnf['mailingWhereUSERID'] = 'username';
$dropbox_cnf['mailingWhereLOGINNAME'] = 'username'; $dropbox_cnf['mailingWhereLOGINNAME'] = 'username';
$dropbox_cnf['mailingFileRegexp'] = '/^(.+)\.\w{1,4}$/'; $dropbox_cnf['mailingFileRegexp'] = '/^(.+)\.\w{1,4}$/';
$dropbox_cnf['sent_received_tabs'] = true; $dropbox_cnf['sent_received_tabs'] = true;

9
main/dropbox/dropbox_download.php
Unescape View File

@ -27,6 +27,7 @@ require_once 'dropbox_class.inc.php';
require_once api_get_path(LIBRARY_PATH).'document.lib.php'; require_once api_get_path(LIBRARY_PATH).'document.lib.php';
/* DOWNLOAD A FOLDER */ /* DOWNLOAD A FOLDER */
$course_id = api_get_course_int_id();
if (isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action'] == 'downloadcategory' AND isset($_GET['sent_received'])) { if (isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action'] == 'downloadcategory' AND isset($_GET['sent_received'])) {
// step 1: constructingd' the sql statement. Due to the nature off the classes of the dropbox the categories for sent files are stored in the table // step 1: constructingd' the sql statement. Due to the nature off the classes of the dropbox the categories for sent files are stored in the table
@ -45,7 +46,11 @@ if (isset($_GET['cat_id']) AND is_numeric($_GET['cat_id']) AND $_GET['action'] =
} }
if ($_GET['sent_received'] == 'received') { if ($_GET['sent_received'] == 'received') {
$sql = "SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf['tbl_file']." file, ".$dropbox_cnf['tbl_person']." person, ".$dropbox_cnf['tbl_post']." post $sql = "SELECT DISTINCT file.id, file.filename, file.title FROM ".$dropbox_cnf['tbl_file']." file, ".$dropbox_cnf['tbl_person']." person, ".$dropbox_cnf['tbl_post']." post
WHERE post.cat_id='".Database::escape_string($_GET['cat_id'])."' WHERE
file.c_id = $course_id AND
person.c_id = $course_id AND
post.c_id = $course_id AND
post.cat_id='".Database::escape_string($_GET['cat_id'])."'
AND person.user_id='".Database::escape_string($_user['user_id'])."' AND person.user_id='".Database::escape_string($_user['user_id'])."'
AND person.file_id=file.id AND person.file_id=file.id
AND post.file_id=file.id AND post.file_id=file.id
@ -80,7 +85,7 @@ if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
$allowed_to_download = false; $allowed_to_download = false;
// Check if the user has sent or received the file. // Check if the user has sent or received the file.
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_person']." WHERE file_id='".intval($_GET['id'])."' AND user_id='".api_get_user_id()."'"; $sql = "SELECT * FROM ".$dropbox_cnf['tbl_person']." WHERE c_id = $course_id AND file_id='".intval($_GET['id'])."' AND user_id='".api_get_user_id()."'";
$result = Database::query($sql); $result = Database::query($sql);
if (Database::num_rows($result) > 0) { if (Database::num_rows($result) > 0) {
$allowed_to_download = true; $allowed_to_download = true;

63
main/dropbox/dropbox_functions.inc.php
Unescape View File

@ -103,6 +103,8 @@ function handle_multiple_actions() {
* @version march 2006 * @version march 2006
*/ */
function delete_category($action, $id) { function delete_category($action, $id) {
$course_id = api_get_course_int_id();
global $dropbox_cnf; global $dropbox_cnf;
global $_user, $is_courseAdmin, $is_courseTutor; global $_user, $is_courseAdmin, $is_courseTutor;
@ -122,11 +124,11 @@ function delete_category($action, $id) {
} }
// step 1: delete the category // step 1: delete the category
$sql = "DELETE FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id='".Database::escape_string($id)."' AND $sentreceived='1'"; $sql = "DELETE FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."' AND $sentreceived='1'";
$result = Database::query($sql); $result = Database::query($sql);
// step 2: delete all the documents in this category // step 2: delete all the documents in this category
$sql = "SELECT * FROM ".$entries_table." WHERE cat_id='".Database::escape_string($id)."'"; $sql = "SELECT * FROM ".$entries_table." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."'";
$result = Database::query($sql); $result = Database::query($sql);
while($row = Database::fetch_array($result)) { while($row = Database::fetch_array($result)) {
@ -192,22 +194,22 @@ function display_move_form($part, $id, $target = array(), $extra_params) {
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version march 2006 * @version march 2006
*/ */
function store_move($id, $target, $part) function store_move($id, $target, $part) {
{
global $_user; global $_user;
global $dropbox_cnf; global $dropbox_cnf;
$course_id = api_get_course_int_id();
if ((isset($id) AND $id != '') AND (isset($target) AND $target != '') AND (isset($part) AND $part != '')) { if ((isset($id) AND $id != '') AND (isset($target) AND $target != '') AND (isset($part) AND $part != '')) {
if ($part == 'received') { if ($part == 'received') {
$sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."' $sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id='".Database::escape_string($target)."'
WHERE dest_user_id='".Database::escape_string($_user['user_id'])."' WHERE c_id = $course_id AND dest_user_id='".Database::escape_string($_user['user_id'])."'
AND file_id='".Database::escape_string($id)."'"; AND file_id='".Database::escape_string($id)."'";
Database::query($sql); Database::query($sql);
$return_message = get_lang('ReceivedFileMoved'); $return_message = get_lang('ReceivedFileMoved');
} }
if ($part == 'sent') { if ($part == 'sent') {
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."' $sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id='".Database::escape_string($target)."'
WHERE uploader_id='".Database::escape_string($_user['user_id'])."' WHERE c_id = $course_id AND uploader_id='".Database::escape_string($_user['user_id'])."'
AND id='".Database::escape_string($id)."'"; AND id='".Database::escape_string($id)."'";
Database::query($sql); Database::query($sql);
$return_message = get_lang('SentFileMoved'); $return_message = get_lang('SentFileMoved');
@ -278,6 +280,7 @@ function display_file_checkbox($id, $part) {
* @version march 2006 * @version march 2006
*/ */
function get_dropbox_categories($filter = '') { function get_dropbox_categories($filter = '') {
$course_id = api_get_course_int_id();
global $_user; global $_user;
global $dropbox_cnf; global $dropbox_cnf;
@ -286,7 +289,7 @@ function get_dropbox_categories($filter = '') {
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$condition_session = api_get_session_condition($session_id); $condition_session = api_get_session_condition($session_id);
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' $condition_session"; $sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND user_id='".$_user['user_id']."' $condition_session";
$result = Database::query($sql); $result = Database::query($sql);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
@ -313,6 +316,7 @@ function get_dropbox_categories($filter = '') {
* @version march 2006 * @version march 2006
*/ */
function store_addcategory() { function store_addcategory() {
$course_id = api_get_course_int_id();
global $_user; global $_user;
global $dropbox_cnf; global $dropbox_cnf;
@ -332,12 +336,10 @@ function store_addcategory() {
return array('type' => 'error', 'message' => get_lang('ErrorPleaseGiveCategoryName')); return array('type' => 'error', 'message' => get_lang('ErrorPleaseGiveCategoryName'));
} }
$course_id = api_get_course_int_id();
if (!$_POST['edit_id']) { if (!$_POST['edit_id']) {
$session_id = api_get_session_id(); $session_id = api_get_session_id();
// step 3a, we check if the category doesn't already exist // step 3a, we check if the category doesn't already exist
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'"; $sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
$result = Database::query($sql); $result = Database::query($sql);
// step 3b, we add the category if it does not exist yet. // step 3b, we add the category if it does not exist yet.
@ -351,7 +353,7 @@ function store_addcategory() {
} }
} else { } else {
$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."' $sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
WHERE user_id='".Database::escape_string($_user['user_id'])."' WHERE c_id = $course_id AND user_id='".Database::escape_string($_user['user_id'])."'
AND cat_id='".Database::escape_string($_POST['edit_id'])."'"; AND cat_id='".Database::escape_string($_POST['edit_id'])."'";
Database::query($sql); Database::query($sql);
return array('type' => 'confirmation', 'message' => get_lang('CategoryModified')); return array('type' => 'confirmation', 'message' => get_lang('CategoryModified'));
@ -368,13 +370,16 @@ function store_addcategory() {
* @version march 2006 * @version march 2006
*/ */
function display_addcategory_form($category_name = '', $id = '', $action) { function display_addcategory_form($category_name = '', $id = '', $action) {
$course_id = api_get_course_int_id();
global $dropbox_cnf; global $dropbox_cnf;
$course_id = api_get_course_int_id();
$title = get_lang('AddNewCategory'); $title = get_lang('AddNewCategory');
if (isset($id) AND $id != '') { if (isset($id) AND $id != '') {
// retrieve the category we are editing // retrieve the category we are editing
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE cat_id='".Database::escape_string($id)."'"; $sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id='".Database::escape_string($id)."'";
$result = Database::query($sql); $result = Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
@ -507,7 +512,6 @@ function display_add_form() {
//list of all users in this course and all virtual courses combined with it //list of all users in this course and all virtual courses combined with it
if (api_get_session_id()) { if (api_get_session_id()) {
$complete_user_list_for_dropbox = array(); $complete_user_list_for_dropbox = array();
if (api_get_setting('dropbox_allow_student_to_student')=='true' || $_user['status'] != STUDENT) { if (api_get_setting('dropbox_allow_student_to_student')=='true' || $_user['status'] != STUDENT) {
$complete_user_list_for_dropbox = CourseManager :: get_user_list_from_course_code($course_info['code'], true, api_get_session_id()); $complete_user_list_for_dropbox = CourseManager :: get_user_list_from_course_code($course_info['code'], true, api_get_session_id());
@ -661,17 +665,19 @@ function isCourseMember($user_id) {
* If there are, all entries concerning the file are deleted from the db + the file is deleted from the server * If there are, all entries concerning the file are deleted from the db + the file is deleted from the server
*/ */
function removeUnusedFiles() { function removeUnusedFiles() {
$course_id = api_get_course_int_id();
// select all files that aren't referenced anymore // select all files that aren't referenced anymore
$sql = "SELECT DISTINCT f.id, f.filename $sql = "SELECT DISTINCT f.id, f.filename
FROM " . dropbox_cnf('tbl_file') . " f FROM " . dropbox_cnf('tbl_file') . " f
LEFT JOIN " . dropbox_cnf('tbl_person') . " p ON f.id = p.file_id LEFT JOIN " . dropbox_cnf('tbl_person') . " p ON f.id = p.file_id
WHERE p.user_id IS NULL"; WHERE f.c_id = $course_id AND p.c_id = $course_id AND p.user_id IS NULL";
$result = Database::query($sql); $result = Database::query($sql);
while ($res = Database::fetch_array($result)) { while ($res = Database::fetch_array($result)) {
//delete the selected files from the post and file tables //delete the selected files from the post and file tables
$sql = "DELETE FROM " . dropbox_cnf('tbl_post') . " WHERE file_id='" . $res['id'] . "'"; $sql = "DELETE FROM " . dropbox_cnf('tbl_post') . " WHERE c_id = $course_id AND file_id='" . $res['id'] . "'";
$result1 = Database::query($sql); $result1 = Database::query($sql);
$sql = "DELETE FROM " . dropbox_cnf('tbl_file') . " WHERE id='" . $res['id'] . "'"; $sql = "DELETE FROM " . dropbox_cnf('tbl_file') . " WHERE c_id = $course_id AND id='" . $res['id'] . "'";
$result1 = Database::query($sql); $result1 = Database::query($sql);
//delete file from server //delete file from server
@ -692,21 +698,21 @@ function removeUnusedFiles() {
* @todo check if this function is still necessary. * @todo check if this function is still necessary.
*/ */
function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '') { function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '') {
$course_id = api_get_course_int_id();
global $dropbox_cnf; global $dropbox_cnf;
$mailingPseudoId = intval($mailingPseudoId); $mailingPseudoId = intval($mailingPseudoId);
$sql = "SELECT f.uploader_id $sql = "SELECT f.uploader_id
FROM " . $dropbox_cnf['tbl_file'] . " f FROM " . $dropbox_cnf['tbl_file'] . " f
LEFT JOIN " . $dropbox_cnf['tbl_post'] . " p ON f.id = p.file_id LEFT JOIN " . $dropbox_cnf['tbl_post'] . " p ON f.id = p.file_id
WHERE p.dest_user_id = '" . $mailingPseudoId . "'"; WHERE f.c_id = $course_id AND p.c_id = $course_id AND
p.dest_user_id = '" . $mailingPseudoId . "'";
$result = Database::query($sql); $result = Database::query($sql);
if (!($res = Database::fetch_array($result))) if (!($res = Database::fetch_array($result)))
die(get_lang('GeneralError').' (code 901)'); die(get_lang('GeneralError').' (code 901)');
if ($owner == 0) return $res['uploader_id']; if ($owner == 0) return $res['uploader_id'];
if ($res['uploader_id'] == $owner) return true; if ($res['uploader_id'] == $owner) return true;
die(get_lang('GeneralError').' (code '.$or_die.')'); die(get_lang('GeneralError').' (code '.$or_die.')');
} }
@ -715,6 +721,7 @@ function getUserOwningThisMailing($mailingPseudoId, $owner = 0, $or_die = '') {
* @todo check if this function is still necessary. * @todo check if this function is still necessary.
*/ */
function removeMoreIfMailing($file_id) { function removeMoreIfMailing($file_id) {
$course_id = api_get_course_int_id();
global $dropbox_cnf; global $dropbox_cnf;
// when deleting a mailing zip-file (posted to mailingPseudoId): // when deleting a mailing zip-file (posted to mailingPseudoId):
// 1. the detail window is no longer reachable, so // 1. the detail window is no longer reachable, so
@ -724,17 +731,17 @@ function removeMoreIfMailing($file_id) {
$file_id = intval($file_id); $file_id = intval($file_id);
$sql = "SELECT p.dest_user_id $sql = "SELECT p.dest_user_id
FROM " . $dropbox_cnf['tbl_post'] . " p FROM " . $dropbox_cnf['tbl_post'] . " p
WHERE p.file_id = '" . $file_id . "'"; WHERE c_id = $course_id AND p.file_id = '" . $file_id . "'";
$result = Database::query($sql); $result = Database::query($sql);
if ($res = Database::fetch_array($result)) { if ($res = Database::fetch_array($result)) {
$mailingPseudoId = $res['dest_user_id']; $mailingPseudoId = $res['dest_user_id'];
if ($mailingPseudoId > dropbox_cnf('mailingIdBase')) { if ($mailingPseudoId > dropbox_cnf('mailingIdBase')) {
$sql = "DELETE FROM " . dropbox_cnf('tbl_person') . " WHERE user_id='" . $mailingPseudoId . "'"; $sql = "DELETE FROM " . dropbox_cnf('tbl_person') . " WHERE c_id = $course_id AND user_id='" . $mailingPseudoId . "'";
$result1 = Database::query($sql); $result1 = Database::query($sql);
$sql = "UPDATE " . dropbox_cnf('tbl_file') . $sql = "UPDATE " . dropbox_cnf('tbl_file') .
" SET uploader_id='" . api_get_user_id() . "' WHERE uploader_id='" . $mailingPseudoId . "'"; " SET uploader_id='" . api_get_user_id() . "' WHERE c_id = $course_id AND uploader_id='" . $mailingPseudoId . "'";
$result1 = Database::query($sql); $result1 = Database::query($sql);
} }
} }
@ -974,13 +981,15 @@ function format_feedback($feedback) {
* @version march 2006 * @version march 2006
*/ */
function feedback_form() { function feedback_form() {
$course_id = api_get_course_int_id();
global $dropbox_cnf; global $dropbox_cnf;
$return = get_lang('AddNewFeedback').'<br />'; $return = get_lang('AddNewFeedback').'<br />';
// we now check if the other users have not delete this document yet. If this is the case then it is useless to see the // we now check if the other users have not delete this document yet. If this is the case then it is useless to see the
// add feedback since the other users will never get to see the feedback. // add feedback since the other users will never get to see the feedback.
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_person']." WHERE file_id = ".intval($_GET['id']); $sql = "SELECT * FROM ".$dropbox_cnf['tbl_person']." WHERE c_id = $course_id AND file_id = ".intval($_GET['id']);
$result = Database::query($sql); $result = Database::query($sql);
$number_users_who_see_file = Database::num_rows($result); $number_users_who_see_file = Database::num_rows($result);
if ($number_users_who_see_file > 1) { if ($number_users_who_see_file > 1) {
@ -1032,6 +1041,8 @@ function zip_download($array) {
global $dropbox_cnf; global $dropbox_cnf;
global $files; global $files;
$course_id = api_get_course_int_id();
$sys_course_path = api_get_path(SYS_COURSE_PATH); $sys_course_path = api_get_path(SYS_COURSE_PATH);
// zip library for creation of the zipfile // zip library for creation of the zipfile
@ -1045,7 +1056,9 @@ function zip_download($array) {
// note: we also have to add the check if the user has received or sent this file. // note: we also have to add the check if the user has received or sent this file.
$sql = "SELECT distinct file.filename, file.title, file.author, file.description $sql = "SELECT distinct file.filename, file.title, file.author, file.description
FROM ".$dropbox_cnf['tbl_file']." file, ".$dropbox_cnf['tbl_person']." person FROM ".$dropbox_cnf['tbl_file']." file, ".$dropbox_cnf['tbl_person']." person
WHERE file.id IN (".implode(', ',$array).") WHERE file.c_id = $course_id AND
person.c_id = $course_id AND
file.id IN (".implode(', ',$array).")
AND file.id=person.file_id AND file.id=person.file_id
AND person.user_id='".api_get_user_id()."'"; AND person.user_id='".api_get_user_id()."'";
$result = Database::query($sql); $result = Database::query($sql);

7
main/work/work.lib.php
Unescape View File

@ -299,8 +299,9 @@ function get_work_count_by_student($user_id, $work_id) {
function get_work_assignment_by_id($id) { function get_work_assignment_by_id($id) {
$id = intval($id); $id = intval($id);
$course_id = api_get_course_int_id();
$table = Database :: get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT); $table = Database :: get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
$sql = "SELECT * FROM ".$table." WHERE publication_id = $id"; $sql = "SELECT * FROM ".$table." WHERE c_id = $course_id AND publication_id = $id";
$result = Database::query($sql); $result = Database::query($sql);
$return = array(); $return = array();
if (Database::num_rows($result)) { if (Database::num_rows($result)) {
@ -1072,10 +1073,10 @@ function build_work_directory_selector($folders, $curdirpath, $group_dir = '') {
* @return string html form * @return string html form
*/ */
function build_work_move_to_selector($folders, $curdirpath, $move_file, $group_dir = '') { function build_work_move_to_selector($folders, $curdirpath, $move_file, $group_dir = '') {
$course_id = api_get_course_int_id();
$move_file = intval($move_file); $move_file = intval($move_file);
$tbl_work = Database::get_course_table(TABLE_STUDENT_PUBLICATION); $tbl_work = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "SELECT title FROM $tbl_work WHERE id ='".$move_file."'"; $sql = "SELECT title FROM $tbl_work WHERE c_id = $course_id AND id ='".$move_file."'";
$result = Database::query($sql); $result = Database::query($sql);
$title = Database::fetch_row($result); $title = Database::fetch_row($result);
global $gradebook; global $gradebook;

3
main/work/work.php
Unescape View File

@ -1029,7 +1029,8 @@ switch ($action) {
$folders = array(); $folders = array();
$session_id = api_get_session_id(); $session_id = api_get_session_id();
$session_id == 0 ? $withsession = " AND session_id = 0 " : $withsession = " AND session_id='".$session_id."'"; $session_id == 0 ? $withsession = " AND session_id = 0 " : $withsession = " AND session_id='".$session_id."'";
$sql = "SELECT id, url, title FROM $work_table WHERE active IN (0, 1) AND url LIKE '/%' AND post_group_id = '".(empty($_SESSION['toolgroup'])?0:intval($_SESSION['toolgroup']))."'".$withsession; $sql = "SELECT id, url, title FROM $work_table
WHERE c_id = $course_id AND active IN (0, 1) AND url LIKE '/%' AND post_group_id = '".(empty($_SESSION['toolgroup'])?0:intval($_SESSION['toolgroup']))."'".$withsession;
$res = Database::query($sql); $res = Database::query($sql);
while($folder = Database::fetch_array($res)) { while($folder = Database::fetch_array($res)) {
$folders[$folder['id']] = $folder['title']; $folders[$folder['id']] = $folder['title'];

Write Preview
Loading…
Cancel
Save