chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing queries due the single database changes see #3910

Browse Source
skala
Julio Montoya 13 years ago
parent 7db54fb732
commit 309a69423c
14 changed files with 254 additions and 241 deletions
  1. 49
      main/chat/chat_functions.lib.php
  2. 20
      main/chat/chat_hidden.php
  3. 2
      main/chat/chat_whoisonline.php
  4. 2
      main/inc/lib/display.lib.php
  5. 2
      main/inc/lib/link.lib.php
  6. 106
      main/survey/fillsurvey.php
  7. 15
      main/survey/preview.php
  8. 8
      main/survey/question.php
  9. 6
      main/survey/reporting.php
  10. 214
      main/survey/survey.lib.php
  11. 23
      main/survey/survey.php
  12. 16
      main/survey/survey_invite.php
  13. 11
      main/work/work.lib.php
  14. 21
      main/work/work.php

49
main/chat/chat_functions.lib.php
Unescape View File

@ -10,10 +10,11 @@
*/
function exit_of_chat($user_id) {
$user_id = intval($user_id);
$course_id = api_get_course_int_id();
$list_course = array();
$list_course = CourseManager::get_courses_list_by_user_id($user_id);
$group_id = intval($_SESSION['id_group']);
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$extra_condition = '';
@ -22,11 +23,11 @@ function exit_of_chat($user_id) {
} else {
$extra_condition = api_get_session_condition($session_id);
}
$extra_condition.= " AND course_id = $course_id";
foreach ($list_course as $courses) {
$response = user_connected_in_chat($user_id,$courses['db_name']);
$response = user_connected_in_chat($user_id);
if ($response === true) {
$tbl_chat_connected = Database::get_course_chat_connected_table($courses['db_name']);
$tbl_chat_connected = Database::get_course_table(CHAT_CONNECTED_TABLE);
$sql = 'DELETE FROM '.$tbl_chat_connected.' WHERE user_id='.$user_id.$extra_condition;
Database::query($sql);
}
@ -39,12 +40,14 @@ function exit_of_chat($user_id) {
* @param string the database name
* @return boolean
*/
function user_connected_in_chat ($user_id, $database_name) {
$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
function user_connected_in_chat ($user_id) {
$tbl_chat_connected = Database::get_course_table(CHAT_CONNECTED_TABLE);
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$user_id = intval($user_id);
$course_id = api_get_course_int_id();
$extra_condition = '';
if (!empty($group_id)) {
@ -53,7 +56,7 @@ function user_connected_in_chat ($user_id, $database_name) {
$extra_condition = api_get_session_condition($session_id);
}
$sql = 'SELECT COUNT(*) AS count FROM '.$tbl_chat_connected .' c WHERE user_id='.$user_id.$extra_condition;
$sql = 'SELECT COUNT(*) AS count FROM '.$tbl_chat_connected .' c WHERE c_id = '.$course_id.' AND user_id='.$user_id.$extra_condition;
$result = Database::query($sql);
$count = Database::fetch_array($result,'ASSOC');
return $count['count'] == 1;
@ -63,16 +66,12 @@ function user_connected_in_chat ($user_id, $database_name) {
* @param string $database_name (optional)
* @return void
*/
function disconnect_user_of_chat($database_name = '') {
function disconnect_user_of_chat() {
$list_info_user_in_chat = array();
if (!empty($database_name)) {
$list_info_user_in_chat = users_list_in_chat($database_name);
} else {
$list_info_user_in_chat = users_list_in_chat();
}
$course_id = api_get_course_int_id();
$list_info_user_in_chat = users_list_in_chat();
$course_id = api_get_course_int_id();
$cd_date = date('Y-m-d',time());
$cdate_h = date('H',time());
$cdate_m = date('i',time());
@ -87,14 +86,9 @@ function disconnect_user_of_chat($database_name = '') {
$date_db_s = date('s', strtotime($list_info_user['last_connection']));
$date_count_time_seconds=$date_db_h*3600 + $date_db_m*60 + $date_db_s;
if ($cd_date == $date_db_date) {
if (($cd_count_time_seconds - $date_count_time_seconds) > 5) {
$tbl_chat_connected = Database::get_course_chat_connected_table();
if (!empty($database_name)) {
$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
}
$sql = 'DELETE FROM '.$tbl_chat_connected.' WHERE user_id='.$list_info_user['user_id'];
if (($cd_count_time_seconds - $date_count_time_seconds) > 5) {
$tbl_chat_connected = Database::get_course_table(CHAT_CONNECTED_TABLE);
$sql = 'DELETE FROM '.$tbl_chat_connected.' WHERE c_id = '.$course_id.' AND user_id ='.$list_info_user['user_id'];
Database::query($sql);
}
}
@ -106,9 +100,11 @@ function disconnect_user_of_chat($database_name = '') {
* @param string $database_name (optional)
* @return array user list in chat
*/
function users_list_in_chat ($database_name = '') {
function users_list_in_chat() {
$list_users_in_chat = array();
$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
$tbl_chat_connected = Database::get_course_table(CHAT_CONNECTED_TABLE);
$course_id = api_get_course_int_id();
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$extra_condition = '';
@ -117,6 +113,7 @@ function users_list_in_chat ($database_name = '') {
} else{
$extra_condition = api_get_session_condition($session_id, false);
}
$extra_condition.= " AND c_id = $course_id ";
$sql = 'SELECT user_id,last_connection FROM '.$tbl_chat_connected.$extra_condition;
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {

20
main/chat/chat_hidden.php
Unescape View File

@ -16,12 +16,13 @@ define('FRAME', 'hidden');
$language_file = array('chat');
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'course.lib.php';
require_once api_get_path(LIBRARY_PATH).'groupmanager.lib.php';
require_once 'chat_functions.lib.php';
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_chat_connected = Database::get_course_chat_connected_table();
$tbl_chat_connected = Database::get_course_table(CHAT_CONNECTED_TABLE);
$course_id = api_get_course_int_id();
$query = "SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result = Database::query($query);
@ -31,10 +32,6 @@ list($pseudo_user) = Database::fetch_row($result);
$isAllowed = !(empty($pseudo_user) || !$_cid);
$isMaster = (bool)$is_courseAdmin;
/*if(!$isAllowed) {
exit();
}*/
$date_now = date('Y-m-d');
$group_id = intval($_SESSION['_gid']);
@ -49,6 +46,8 @@ if (!empty($group_id)) {
$extra_condition = $session_condition;
}
$extra_condition.= " AND c_id = $course_id";
// get chat path
$chat_path = '';
$document_path = api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
@ -83,9 +82,9 @@ $result = Database::query($sql);
// The user_id exists so we must do an UPDATE and not a INSERT
$current_time = date('Y-m-d H:i:s');
if (Database::num_rows($result) == 0) {
$query = "INSERT INTO $tbl_chat_connected(user_id,last_connection,session_id,to_group_id) VALUES('".$_user['user_id']."','$current_time','$session_id','$group_id')";
$query = "INSERT INTO $tbl_chat_connected(c_id, user_id,last_connection,session_id,to_group_id) VALUES($course_id, '".$_user['user_id']."','$current_time','$session_id','$group_id')";
} else {
$query = "UPDATE $tbl_chat_connected set last_connection='".$current_time."' WHERE user_id='".$_user['user_id']."' AND session_id='$session_id' AND to_group_id='$group_id'";
$query = "UPDATE $tbl_chat_connected set last_connection='".$current_time."' WHERE c_id = $course_id AND user_id='".$_user['user_id']."' AND session_id='$session_id' AND to_group_id='$group_id'";
}
Database::query($query);
@ -112,12 +111,10 @@ if (api_get_setting('show_navigation_menu') != 'false') {
}
}
?>
<form name="formHidden" method="post" action="<?php echo api_get_self().'?cidReq='.$_GET['cidReq']; ?>">
<input type="hidden" name="chat_size_old" value="<?php echo $chat_size_new; ?>">
<input type="hidden" name="connected_old" value="<?php echo $connected_new; ?>">
</form>
<?php
if ($_SESSION["origin"] == 'whoisonline') { //check if our target has denied our request or not
@ -132,5 +129,4 @@ if ($_SESSION["origin"] == 'whoisonline') { //check if our target has denied ou
$result = Database::query($sql);
}
}
require 'footer_frame.inc.php';
require 'footer_frame.inc.php';

2
main/chat/chat_whoisonline.php
Unescape View File

@ -60,7 +60,7 @@ if (!empty($course)) {
t3.relation_type<>".COURSE_RELATION_TYPE_RRHH." AND
t3.course_code = '".$_course['sysCode']."' AND
t2.last_connection>'".$date_inter."' $extra_condition
ORDER BY username";
ORDER BY username";
$result = Database::query($query);
$users = Database::store_result($result);
} else {

2
main/inc/lib/display.lib.php
Unescape View File

@ -1098,7 +1098,7 @@ class Display {
// If it's a survey, make sure the user's invited. Otherwise drop it.
if ($item_property['tool'] == TOOL_SURVEY) {
$survey_info = survey_manager::get_survey($item_property['ref'], 0, $course_code);
$invited_users = SurveyUtil::get_invited_users($survey_info['code'], $course_database);
$invited_users = SurveyUtil::get_invited_users($survey_info['code'], $course_code);
if (!in_array($user_id, $invited_users['course_users'])) continue;
}
// If it's a learning path, ensure it is currently visible to the user

2
main/inc/lib/link.lib.php
Unescape View File

@ -401,7 +401,7 @@ function editlinkcategory($type) {
"category_id='" . Database :: escape_string($_POST['selectcategory']) . "', " .
"display_order='" . $max_display_order . "', " .
"on_homepage='" . Database :: escape_string($onhomepage) . " ' $mytarget " .
" WHERE id='" . intval($_POST['id']) . "'";
" WHERE c_id = $course_id AND id='" . intval($_POST['id']) . "'";
Database :: query($sql);
// Update search enchine and its values table if enabled.

106
main/survey/fillsurvey.php
Unescape View File

@ -24,7 +24,7 @@ if (!isset($_GET['cidReq'])) {
}
// Including the global initialization file
require '../inc/global.inc.php';
require_once '../inc/global.inc.php';
// Including additional libraries
//require_once api_get_path(LIBRARY_PATH).'survey.lib.php';
@ -41,14 +41,18 @@ Display :: display_header(get_lang('ToolSurvey'));
// getting all the course information
$_course = CourseManager::get_course_information($_GET['course']);
$course_id = api_get_course_int_id();
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY, $_course['db_name']);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER, $_course['db_name']);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION, $_course['db_name']);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION, $_course['db_name']);
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION, $_course['db_name']);
// First we check if the needed parameters are present
if ((!isset($_GET['course']) || !isset($_GET['invitationcode']))&& !isset($_GET['user_id'])) {
@ -69,7 +73,7 @@ if ($invitationcode == 'auto' && isset($_GET['scode'])){
$scode = Database::escape_string($_GET['scode']); // Survey_code of the survey
$autoInvitationcode = "auto-$userid-$scode"; // New invitation code from userid
// The survey code must exist in this course, or the URL is invalid
$sql = "SELECT * FROM $table_survey WHERE code ='" . $scode . "'";
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code ='" . $scode . "'";
$result = Database::query($sql);
if (Database :: num_rows($result) > 0) { // Ok
// Check availability
@ -77,11 +81,11 @@ if ($invitationcode == 'auto' && isset($_GET['scode'])){
$tempdata = survey_manager :: get_survey($row['survey_id']);
check_time_availability($tempdata); //exit if survey not available anymore
// Check for double invitation records (insert should be done once)
$sql = "SELECT user from $table_survey_invitation WHERE invitation_code = '".Database::escape_string($autoInvitationcode)."'";
$sql = "SELECT user from $table_survey_invitation WHERE c_id = $course_id AND invitation_code = '".Database::escape_string($autoInvitationcode)."'";
$result = Database::query($sql);
if (Database :: num_rows($result) == 0) { // Ok
$sql = "INSERT INTO $table_survey_invitation (c_id, survey_code,user, invitation_code, invitation_date) ";
$sql .= " values ($course_id, \"$scode\", \"$userid\", \"$autoInvitationcode\", now())";
$sql .= " VALUES ($course_id, \"$scode\", \"$userid\", \"$autoInvitationcode\", now())";
Database::query($sql);
}
// From here we use the new invitationcode auto-userid-surveycode string
@ -91,7 +95,7 @@ if ($invitationcode == 'auto' && isset($_GET['scode'])){
}
// Now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '" . Database :: escape_string($invitationcode) . "'";
$sql = "SELECT * FROM $table_survey_invitation WHERE c_id = $course_id AND invitation_code = '" . Database :: escape_string($invitationcode) . "'";
$result = Database::query($sql); // false = suppress errors
if (Database::num_rows($result) < 1) {
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
@ -109,7 +113,7 @@ if ($survey_invitation['answered'] == 1 && !isset($_GET['user_id'])) {
// Checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = Database::query($sql);
if (Database::num_rows($result) > 1) {
@ -129,7 +133,7 @@ if (Database::num_rows($result) > 1) {
exit();
}
} else {
$row=Database::fetch_array($result, 'ASSOC');
$row = Database::fetch_array($result, 'ASSOC');
$survey_invitation['survey_id'] = $row['survey_id'];
}
@ -141,12 +145,13 @@ $survey_data['survey_id'] = $survey_invitation['survey_id'];
if (count($_POST) > 0) {
if ($survey_data['survey_type'] === '0') {
// Getting all the types of the question (because of the special treatment of the score question type
$sql = "SELECT * FROM $table_survey_question WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'";
$sql = "SELECT * FROM $table_survey_question WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
$types[$row['question_id']] = $row['type'];
}
// Looping through all the post values
foreach ($_POST as $key => & $value) {
@ -174,7 +179,7 @@ if (count($_POST) > 0) {
// All the other question types (open question, multiple choice, percentage, ...)
else {
if ($types[$survey_question_id] == 'percentage') {
$sql = "SELECT * FROM $table_survey_question_option WHERE question_option_id='".Database::escape_string($value)."'";
$sql = "SELECT * FROM $table_survey_question_option WHERE c_id = $course_id AND question_option_id='".Database::escape_string($value)."'";
$result = Database::query($sql);
$row = Database::fetch_array($result, 'ASSOC');
$option_value = $row['option_text'];
@ -200,7 +205,7 @@ if (count($_POST) > 0) {
$shuffle= ' ORDER BY RAND() ';
}
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
AND survey_group_pri='0' $shuffle";
$result = Database::query($sql);
// There is only one question type for conditional surveys
@ -215,7 +220,7 @@ if (count($_POST) > 0) {
// Finding the question id by removing 'question'
$survey_question_id = str_replace('question', '', $key);
// We select the correct answer and the puntuacion
$sql = "SELECT value FROM $table_survey_question_option WHERE question_option_id='".Database::escape_string($value)."'";
$sql = "SELECT value FROM $table_survey_question_option WHERE c_id = $course_id AND question_option_id='".Database::escape_string($value)."'";
$result = Database::query($sql);
$row = Database::fetch_array($result, 'ASSOC');
$option_value = $row['value'];
@ -271,8 +276,7 @@ if ($survey_data['form_fields']!='' && $survey_data['anonymous'] == 0 && is_arra
}
}
// We use the same form as in auth/profile.php
require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
// We use the same form as in auth/profile.php
$form = new FormValidator('profile', 'post', api_get_self() . "?" . str_replace('&show_form=1', '&show_form=1', $_SERVER['QUERY_STRING']), null,
array('style' => 'width: 75%; float: ' . ($text_dir == 'rtl' ? 'right;' : 'left;'))
);
@ -573,7 +577,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
if ($survey_data['survey_type'] === '0') {
if (empty($_SESSION['paged_questions'])) {
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
ORDER BY sort ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -602,10 +606,9 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '" . Database :: escape_string($survey_invitation['survey_id']) . "'
AND survey_question.question_id NOT IN (SELECT sa.question_id FROM ".$table_survey_answer." sa WHERE sa.user='".$my_user_id."') AND
survey_question_option.c_id = $course_id AND
AND survey_question.question_id NOT IN (SELECT sa.question_id FROM ".$table_survey_answer." sa WHERE sa.user='".$my_user_id."') AND
survey_question.c_id = $course_id
ORDER BY survey_question.sort, survey_question_option.sort ASC";
} else {
@ -613,11 +616,10 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type, survey_question.max_value,
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".Database::escape_string($survey_invitation['survey_id'])."' AND
survey_question.question_id IN (".implode(',',$paged_questions[$_GET['show']]).") AND
survey_question_option.c_id = $course_id AND
survey_question.question_id IN (".implode(',',$paged_questions[$_GET['show']]).") AND
survey_question.c_id = $course_id
ORDER BY survey_question.sort, survey_question_option.sort ASC";
}
@ -666,8 +668,10 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
$sql = "SELECT survey_group_pri, user, SUM(value) as value
FROM $table_survey_answer as survey_answer INNER JOIN $table_survey_question as survey_question
ON (survey_question.question_id = survey_answer.question_id)
WHERE survey_answer.survey_id='".$my_survey_id."' AND
survey_answer.user='".$current_user."'
WHERE survey_answer.survey_id='".$my_survey_id."' AND
survey_answer.user='".$current_user."' AND
survey_answer.c_id = $course_id AND
survey_question.c_id = $course_id AND
GROUP BY survey_group_pri
ORDER BY survey_group_pri
";
@ -684,12 +688,19 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
// Get the total score for each group of questions
$totals = array();
$sql = "SELECT SUM(temp.value) as value, temp.survey_group_pri FROM
(SELECT MAX(value) as value, survey_group_pri, survey_question.question_id
(
SELECT MAX(value) as value, survey_group_pri, survey_question.question_id
FROM $table_survey_question as survey_question
INNER JOIN $table_survey_question_option as survey_question_option
ON (survey_question.question_id = survey_question_option.question_id)
WHERE survey_question.survey_id='".$my_survey_id."' AND survey_group_sec1='0' AND survey_group_sec2='0'
GROUP BY survey_group_pri, survey_question.question_id) as temp
WHERE survey_question.survey_id='".$my_survey_id."' AND
survey_question.c_id = $course_id AND
survey_question_option.c_id = $course_id AND
survey_group_sec1='0' AND
survey_group_sec2='0'
GROUP BY survey_group_pri, survey_question.question_id
) as temp
GROUP BY temp.survey_group_pri
ORDER BY temp.survey_group_pri";
@ -716,14 +727,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
// Sort the results by score (getting a list of group IDs by score into $groups)
arsort($final_results);
$groups=array_keys($final_results);
/*
echo '<pre>';
echo 'Group id => %';
echo '<br />';
print_r($final_results);
echo '</pre>';
*/
$groups=array_keys($final_results);
$result = array();
$count_result = 0;
foreach ($final_results as $key => & $sub_result) {
@ -778,8 +782,6 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
// We force the exit of the survey undeterminated
$equal_count=10;
}
//echo '<pre>';
//print_r($result);
// If we have only 3 or less equal scores (i.e. 0,1 or 2 equalities), then we can use the three first groups
if ($equal_count < 4) {
@ -857,7 +859,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
if (empty($_SESSION['page_questions_sec']) && !is_array($_SESSION['page_questions_sec']) && count($_SESSION['page_questions_sec'] == 0)) {
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".$my_survey_id."'
WHERE c_id = $course_id AND survey_id = '".$my_survey_id."'
AND ($secondary )
ORDER BY sort ASC";
$result = Database::query($sql);
@ -898,9 +900,10 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '".$my_survey_id."'
AND survey_question.question_id IN (".implode(',',$paged_questions_sec[$val]).")
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".$my_survey_id."' AND
survey_question.c_id = $course_id AND
survey_question.question_id IN (".implode(',',$paged_questions_sec[$val]).")
ORDER $shuffle ";
$result = Database::query($sql);
@ -952,7 +955,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
if (empty($_SESSION['paged_questions'])) {
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_invitation['survey_id'])."'
AND survey_group_sec1='0' AND survey_group_sec2='0'
ORDER ".$order_sql." ";
//echo '<br />'; echo '<br />';
@ -1001,9 +1004,10 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE survey_question.survey_id = '" . Database :: escape_string($survey_invitation['survey_id']) . "'
AND survey_question.question_id IN (" .$imploded. ")
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '" . Database :: escape_string($survey_invitation['survey_id']) . "' AND
survey_question.c_id = $course_id AND
survey_question.question_id IN (" .$imploded. ")
ORDER $order_sql ";
$result = Database::query($sql);
$question_counter_max = Database :: num_rows($result);
@ -1042,7 +1046,7 @@ if (isset($_GET['show']) || isset($_POST['personality'])) {
}
// Selecting the maximum number of pages
$sql = "SELECT * FROM $table_survey_question WHERE type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_invitation['survey_id'])."'";
$sql = "SELECT * FROM $table_survey_question WHERE c_id = $course_id AND type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_invitation['survey_id'])."'";
$result = Database::query($sql);
$numberofpages = Database::num_rows($result) + 1;
@ -1208,4 +1212,4 @@ function check_time_availability($surv_data) {
Display :: display_footer();
exit;
}
}
}

15
main/survey/preview.php
Unescape View File

@ -27,6 +27,8 @@ $table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUEST
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$course_id = api_get_course_int_id();
// We exit here if ther is no valid $_GET parameter
if (!isset($_GET['survey_id']) || !is_numeric($_GET['survey_id'])){
Display :: display_header(get_lang('SurveyPreview'));
@ -94,8 +96,8 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView'] ==
$questions_displayed = array();
$paged_questions = array();
$counter = 0;
$sql = "SELECT * FROM $table_survey_question
WHERE survey_id = '".Database::escape_string($survey_id)."'
$sql = "SELECT * FROM $table_survey_question
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($survey_id)."'
ORDER BY sort ASC";
$result = Database::query($sql);
@ -107,16 +109,13 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView'] ==
}
}
$course_id = api_get_course_int_id();
if (array_key_exists($_GET['show'], $paged_questions)) {
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.sort, survey_question.type, survey_question.max_value,
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".Database::escape_string($survey_id)."' AND
survey_question.question_id IN (".Database::escape_string(implode(',',$paged_questions[$_GET['show']])).") AND
survey_question_option.c_id = $course_id AND
survey_question.question_id IN (".Database::escape_string(implode(',',$paged_questions[$_GET['show']])).") AND
survey_question.c_id = $course_id
ORDER BY survey_question.sort, survey_question_option.sort ASC";
@ -143,7 +142,7 @@ if (api_is_course_admin() || (api_is_course_admin() && $_GET['isStudentView'] ==
}
}
// Selecting the maximum number of pages
$sql = "SELECT * FROM $table_survey_question WHERE type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_id)."'";
$sql = "SELECT * FROM $table_survey_question WHERE c_id = $course_id AND type='".Database::escape_string('pagebreak')."' AND survey_id='".Database::escape_string($survey_id)."'";
$result = Database::query($sql);
$numberofpages = Database::num_rows($result) + 1;
// Displaying the form with the questions

8
main/survey/question.php
Unescape View File

@ -12,10 +12,9 @@
$language_file = 'survey';
// Including the global initialization file
require '../inc/global.inc.php';
require_once '../inc/global.inc.php';
// Including additional libraries
//require_once api_get_path(LIBRARY_PATH).'survey.lib.php';
require_once 'survey.lib.php';
$htmlHeadXtra[] = '<script type="text/javascript">
@ -49,9 +48,12 @@ if ($request_index != $is_valid_request) {
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$course_id = api_get_course_int_id();
// Getting the survey information
$survey_data = survey_manager::get_survey($_GET['survey_id']);
if (empty($survey_data)) {
@ -68,7 +70,7 @@ if (api_strlen(strip_tags($survey_data['title'])) > 40) {
}
if ($survey_data['survey_type'] == 1) {
$sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).' WHERE survey_id = '.(int)$_GET['survey_id'].' LIMIT 1';
$sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).' WHERE c_id = '.$course_id.' AND survey_id = '.(int)$_GET['survey_id'].' LIMIT 1';
$rs = Database::query($sql);
if(Database::num_rows($rs)===0) {
header('Location: survey.php?survey_id='.(int)$_GET['survey_id'].'&message='.'YouNeedToCreateGroups');

6
main/survey/reporting.php
Unescape View File

@ -61,9 +61,6 @@ if ($_POST['export_report']) {
}
}
// Including additional libraries
require_once api_get_path(LIBRARY_PATH).'course.lib.php';
// Checking the parameters
SurveyUtil::check_parameters();
@ -76,9 +73,6 @@ if (!api_is_allowed_to_edit(false, true)) {
}
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$user_info = Database :: get_main_table(TABLE_MAIN_SURVEY_REMINDER); // TODO: To be checked. TABLE_MAIN_SURVEY_REMINDER has not been defined.

214
main/survey/survey.lib.php
Unescape View File

@ -262,7 +262,7 @@ class survey_manager {
} else {
// Check whether the code doesn't soon exists in this language
$sql = 'SELECT 1 FROM '.$table_survey.' WHERE c_id = '.$course_id.' AND code="'.Database::escape_string($values['survey_code']).'" AND lang="'.Database::escape_string($values['survey_language']).'" AND survey_id!='.intval($values['survey_id']);
$sql = 'SELECT 1 FROM '.$table_survey.' WHERE c_id = '.$course_id.' AND code="'.Database::escape_string($values['survey_code']).'" AND lang="'.Database::escape_string($values['survey_language']).'" AND survey_id!='.intval($values['survey_id']);
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$return['message'] = 'ThisSurveyCodeSoonExistsInThisLanguage';
@ -394,14 +394,16 @@ class survey_manager {
if ($shared) {
$table_survey = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY);
// Deleting the survey
$sql = "DELETE FROM $table_survey WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql);
} else {
$sql = "DELETE FROM $table_survey WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql);
}
// Deleting the survey
$sql = "DELETE from $table_survey WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql);
// Deleting groups of this survey
$sql = "DELETE from $table_survey_question_group WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
$sql = "DELETE FROM $table_survey_question_group WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql);
// Deleting the questions of the survey
@ -414,6 +416,8 @@ class survey_manager {
}
function copy_survey($parent_survey, $new_survey_id) {
$course_id = api_get_course_int_id();
// Database table definitions
$table_survey = Database::get_course_table(TABLE_SURVEY);
$table_survey_question_group = Database::get_course_table(TABLE_SURVEY_QUESTION_GROUP);
@ -421,7 +425,7 @@ class survey_manager {
$table_survey_options = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$parent_survey = Database::escape_string($parent_survey);
// Get groups
$sql = "SELECT * from $table_survey_question_group WHERE survey_id='".$parent_survey."'";
$sql = "SELECT * from $table_survey_question_group WHERE c_id = $course_id AND survey_id='".$parent_survey."'";
$res = Database::query($sql);
if (Database::num_rows($res) === 0) {
return true;
@ -436,7 +440,7 @@ class survey_manager {
}
// Get questions
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".$parent_survey."'";
$sql = "SELECT * FROM $table_survey_question WHERE c_id = $course_id AND survey_id='".$parent_survey."'";
$res = Database::query($sql);
while($row = Database::fetch_array($res, 'ASSOC')){
$sql2 = 'INSERT INTO '.$table_survey_question.' (c_id, survey_id,survey_question,survey_question_comment,type,display,sort,shared_question_id,max_value,survey_group_pri,survey_group_sec1,survey_group_sec2) VALUES '.
@ -447,7 +451,7 @@ class survey_manager {
}
// Get questions options
$sql = "SELECT * FROM $table_survey_options WHERE survey_id='".$parent_survey."'";
$sql = "SELECT * FROM $table_survey_options WHERE c_id = $course_id AND survey_id='".$parent_survey."'";
$res = Database::query($sql);
while($row = Database::fetch_array($res ,'ASSOC')){
$sql3 = 'INSERT INTO '.$table_survey_options.' (c_id, question_id,survey_id,option_text,sort,value) VALUES ('.
@ -468,9 +472,11 @@ class survey_manager {
*/
function empty_survey($survey_id) {
// Database table definitions
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$course_id = api_get_course_int_id();
$datas = survey_manager::get_survey($survey_id);
$session_where = '';
@ -478,13 +484,13 @@ class survey_manager {
$session_where = ' AND session_id = "'.api_get_session_id().'" ';
}
$sql = 'DELETE FROM '.$table_survey_invitation.' WHERE survey_code = "'.Database::escape_string($datas['code']).'" '.$session_where.' ';
$sql = 'DELETE FROM '.$table_survey_invitation.' WHERE c_id = '.$course_id.' AND survey_code = "'.Database::escape_string($datas['code']).'" '.$session_where.' ';
Database::query($sql);
$sql = 'DELETE FROM '.$table_survey_answer.' WHERE survey_id='.intval($survey_id);
$sql = 'DELETE FROM '.$table_survey_answer.' WHERE c_id = '.$course_id.' AND survey_id='.intval($survey_id);
Database::query($sql);
$sql = 'UPDATE '.$table_survey.' SET invited=0, answered=0 WHERE survey_id='.intval($survey_id);
$sql = 'UPDATE '.$table_survey.' SET invited=0, answered=0 WHERE c_id = '.$course_id.' AND survey_id='.intval($survey_id);
Database::query($sql);
return true;
@ -532,17 +538,6 @@ class survey_manager {
* @version February 2007
*/
function get_complete_survey_structure($survey_id, $shared = 0) {
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
if ($shared != 0) {
$table_survey = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION);
$table_survey_question = Database :: get_course_table(TABLE_SHARED_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
}
$structure = survey_manager::get_survey($survey_id, $shared);
$structure['questions'] = survey_manager::get_questions($survey_id);
}
@ -933,13 +928,17 @@ class survey_manager {
* @version January 2007
*/
function delete_all_survey_questions($survey_id, $shared = false) {
$course_id = api_get_course_int_id();
// Table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$sql = "DELETE from $table_survey_question WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
$course_condition = " c_id = $course_id AND ";
if ($shared) {
$table_survey_question = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION);
$sql = "DELETE from $table_survey_question WHERE survey_id='".Database::escape_string($survey_id)."'";
$course_condition = "";
$table_survey_question = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION);
}
$sql = "DELETE FROM $table_survey_question WHERE $course_condition survey_id='".Database::escape_string($survey_id)."'";
// Deleting the survey questions
@ -1022,6 +1021,7 @@ class survey_manager {
* @todo writing the update statement when editing a question
*/
function save_question_options($form_content, $survey_data) {
$course_id = api_get_course_int_id();
// A percentage question type has options 1 -> 100
if ($form_content['type'] == 'percentage') {
for($i = 1; $i < 101; $i++) {
@ -1038,13 +1038,11 @@ class survey_manager {
// We are editing a question so we first have to remove all the existing options from the database
if (is_numeric($form_content['question_id'])) {
$sql = "DELETE FROM $table_survey_question_option WHERE question_id = '".Database::escape_string($form_content['question_id'])."'";
$sql = "DELETE FROM $table_survey_question_option WHERE c_id = $course_id AND question_id = '".Database::escape_string($form_content['question_id'])."'";
$result = Database::query($sql);
}
$counter = 1;
$course_id = api_get_course_int_id();
if (is_array($form_content['answers'])) {
//foreach ($form_content['answers'] as $key => $answer) {
for ($i = 0; $i < count($form_content['answers']); $i++) {
@ -1112,14 +1110,20 @@ class survey_manager {
* @version January 2007
*/
function delete_all_survey_questions_options($survey_id, $shared = false) {
// Table definitions
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$course_id = api_get_course_int_id();
$course_condition = " c_id = $course_id AND ";
if ($shared) {
$table_survey_question = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
$course_condition = "";
$table_survey_question = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
}
$sql = "DELETE from $table_survey_question_option WHERE $course_condition survey_id='".Database::escape_string($survey_id)."'";
// Deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."'";
$res = Database::query($sql);
return true;
}
@ -1136,14 +1140,18 @@ class survey_manager {
* @version March 2007
*/
function delete_survey_question_option($survey_id, $question_id, $shared = false) {
$course_id = api_get_course_int_id();
$course_condition = " c_id = $course_id AND ";
// Table definitions
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
if ($shared) {
$course_condition = "";
$table_survey_question = Database :: get_main_table(TABLE_MAIN_SHARED_SURVEY_QUESTION_OPTION);
}
// Deleting the options of the survey questions
$sql = "DELETE from $table_survey_question_option WHERE survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$sql = "DELETE from $table_survey_question_option WHERE $course_condition survey_id='".Database::escape_string($survey_id)."' AND question_id='".Database::escape_string($question_id)."'";
$res = Database::query($sql);
return true;
}
@ -1373,6 +1381,7 @@ class survey_question {
* @version January 2007
*/
function handle_action($form_content) {
$course_id = api_get_course_int_id();
global $config;
// Moving an answer up
@ -1415,7 +1424,7 @@ class survey_question {
$message = survey_manager::save_question($form_content);
if ($message == 'QuestionAdded' || $message == 'QuestionUpdated' ) {
$sql='SELECT COUNT(*) FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION).' WHERE survey_id = '.intval($_GET['survey_id']);
$sql='SELECT COUNT(*) FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION).' WHERE c_id = '.$course_id.' AND survey_id = '.intval($_GET['survey_id']);
$res = Database :: fetch_array (Database::query($sql));
if ($config['survey']['debug']) {
@ -2162,9 +2171,10 @@ class SurveyUtil {
// Table definitions
$tbl_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$course_id = api_get_course_int_id();
// Getting the information of the question
$sql = "SELECT * FROM $tbl_survey_question WHERE survey_id='".Database::escape_string($survey_id)."' ORDER BY sort ASC";
$sql = "SELECT * FROM $tbl_survey_question WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."' ORDER BY sort ASC";
$result = Database::query($sql);
$total = Database::num_rows($result);
$counter = 1;
@ -2393,7 +2403,9 @@ class SurveyUtil {
* @version February 2007 - Updated March 2008
*/
function display_user_report() {
global $people_filled, $survey_data;
$course_id = api_get_course_int_id();
global $people_filled, $survey_data;
// Database table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
@ -2438,8 +2450,7 @@ class SurveyUtil {
echo '<option value="reporting.php?action='.Security::remove_XSS($_GET['action']).'&amp;survey_id='.Security::remove_XSS($_GET['survey_id']).'">'.get_lang('SelectUser').'</option>';
foreach ($people_filled as $key => & $person) {
if ($survey_data['anonymous'] == 0)
{
if ($survey_data['anonymous'] == 0) {
$name = api_get_person_name($person['firstname'], $person['lastname']);
$id = $person['user_id'];
if ($id == '') {
@ -2466,11 +2477,10 @@ class SurveyUtil {
$sql = "SELECT survey_question.question_id, survey_question.survey_id, survey_question.survey_question, survey_question.display, survey_question.max_value, survey_question.sort, survey_question.type,
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND
survey_question.c_id = $course_id AND
survey_question_option.c_id = $course_id
survey_question.c_id = $course_id
ORDER BY survey_question.sort, survey_question_option.sort ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -2486,7 +2496,7 @@ class SurveyUtil {
}
// Getting all the answers of the user
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."' AND user = '".Database::escape_string($_GET['user'])."'";
$sql = "SELECT * FROM $table_survey_answer WHERE c_id = $course_id AND survey_id = '".Database::escape_string($_GET['survey_id'])."' AND user = '".Database::escape_string($_GET['user'])."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
$answers[$row['question_id']][] = $row['option_id'];
@ -2537,6 +2547,7 @@ class SurveyUtil {
* @version February 2007 - Updated March 2008
*/
function display_question_report($survey_data) {
$course_id = api_get_course_int_id();
// Database table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
@ -2568,7 +2579,7 @@ class SurveyUtil {
echo '</div>';
// Getting the question information
$sql = "SELECT * FROM $table_survey_question WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND type<>'pagebreak' AND type<>'comment' ORDER BY sort ASC LIMIT ".$offset.",1";
$sql = "SELECT * FROM $table_survey_question WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."' AND type<>'pagebreak' AND type<>'comment' ORDER BY sort ASC LIMIT ".$offset.",1";
$result = Database::query($sql);
$question = Database::fetch_array($result);
@ -2594,7 +2605,7 @@ class SurveyUtil {
$options = SurveyUtil::display_question_report_score($survey_data, $question, $offset);
} elseif ($question['type'] == 'open') {
/** @todo Also get the user who has answered this */
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
$sql = "SELECT * FROM $table_survey_answer WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
@ -2603,7 +2614,7 @@ class SurveyUtil {
} else {
// Getting the options
$sql = "SELECT * FROM $table_survey_question_option
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
$result = Database::query($sql);
@ -2612,8 +2623,9 @@ class SurveyUtil {
}
// Getting the answers
$sql = "SELECT *, count(answer_id) as total FROM $table_survey_answer
WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
WHERE c_id = $course_id AND
survey_id='".Database::escape_string($_GET['survey_id'])."' AND
question_id = '".Database::escape_string($question['question_id'])."'
GROUP BY option_id, value";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
@ -2671,7 +2683,7 @@ class SurveyUtil {
$sql_restriction = "AND value='".Database::escape_string($_GET['value'])."'";
}
$sql = "SELECT user FROM $table_survey_answer WHERE option_id = '".Database::escape_string($_GET['viewoption'])."' $sql_restriction";
$sql = "SELECT user FROM $table_survey_answer WHERE c_id = $course_id AND option_id = '".Database::escape_string($_GET['viewoption'])."' $sql_restriction";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$user_info = api_get_user_info($row['user']);
@ -2688,6 +2700,7 @@ class SurveyUtil {
* @return void (direct output)
*/
function display_question_report_score($survey_data, $question, $offset) {
$course_id = api_get_course_int_id();
// Database table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
@ -2697,7 +2710,7 @@ class SurveyUtil {
// Getting the options
$sql = "SELECT * FROM $table_survey_question_option
WHERE c_id = $course_id AND
WHERE c_id = $course_id AND
survey_id='".Database::escape_string($_GET['survey_id'])."'
AND question_id = '".Database::escape_string($question['question_id'])."'
ORDER BY sort ASC";
@ -2931,7 +2944,7 @@ class SurveyUtil {
// Getting all the answers of the users
$old_user = '';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$sql = "SELECT * FROM $table_survey_answer WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."' ORDER BY user ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
if ($old_user != $row['user'] && $old_user != '') {
@ -2975,9 +2988,9 @@ class SurveyUtil {
} else {
$user_displayed = '-';
}
echo ' <th><a href="'.api_get_self().'?action=userreport&survey_id='.Security::remove_XSS($_GET['survey_id']).'&user='.$user.'">'.$user_displayed.'</a></th>'; // the user column
echo '<th><a href="'.api_get_self().'?action=userreport&survey_id='.Security::remove_XSS($_GET['survey_id']).'&user='.$user.'">'.$user_displayed.'</a></th>'; // the user column
} else {
echo ' <th>'.$user.'</th>'; // the user column
echo '<th>'.$user.'</th>'; // the user column
}
} else {
echo '<th>-</th>';
@ -2997,8 +3010,7 @@ class SurveyUtil {
echo '<td align="center">';
echo $answers_of_user[$question_id]['0']['option_id'];
echo '</td>';
}
else {
} else {
foreach ($possible_option as $option_id => & $value) {
if ($questions[$question_id]['type'] == 'percentage') {
if (!empty($answers_of_user[$question_id][$option_id])) {
@ -3057,12 +3069,11 @@ class SurveyUtil {
$sql = "SELECT questions.question_id, questions.type, questions.survey_question, count(options.question_option_id) as number_of_options
FROM $table_survey_question questions LEFT JOIN $table_survey_question_option options
ON questions.question_id = options.question_id "
." WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND
questions.c_id = $course_id AND
options.c_id = $course_id
GROUP BY questions.question_id "
." ORDER BY questions.sort ASC";
ON questions.question_id = options.question_id AND options.c_id = $course_id
WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND
questions.c_id = $course_id
GROUP BY questions.question_id
ORDER BY questions.sort ASC";
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
// We show the questions if
@ -3100,11 +3111,9 @@ class SurveyUtil {
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND
survey_question.c_id = $course_id AND
survey_question_option.c_id = $course_id
survey_question.c_id = $course_id
ORDER BY survey_question.sort ASC, survey_question_option.sort ASC";
$result = Database::query($sql);
$possible_answers = array();
@ -3128,7 +3137,7 @@ class SurveyUtil {
// Getting all the answers of the users
$old_user = '';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."'";
$sql = "SELECT * FROM $table_survey_answer WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."'";
if ($user_id != 0) {
$sql .= "AND user='".Database::escape_string($user_id)."' ";
}
@ -3260,11 +3269,10 @@ class SurveyUtil {
// First line (questions)
$sql = "SELECT questions.question_id, questions.type, questions.survey_question, count(options.question_option_id) as number_of_options
FROM $table_survey_question questions LEFT JOIN $table_survey_question_option options ON questions.question_id = options.question_id
FROM $table_survey_question questions LEFT JOIN $table_survey_question_option options
ON questions.question_id = options.question_id AND options.c_id = $course_id
WHERE questions.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND
questions.c_id = $course_id AND
options.c_id = $course_id
questions.c_id = $course_id
GROUP BY questions.question_id
ORDER BY questions.sort ASC";
$result = Database::query($sql);
@ -3304,10 +3312,9 @@ class SurveyUtil {
survey_question_option.question_option_id, survey_question_option.option_text, survey_question_option.sort as option_sort
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND
survey_question.c_id = $course_id AND
survey_question_option.c_id = $course_id
survey_question.c_id = $course_id
ORDER BY survey_question.sort ASC, survey_question_option.sort ASC";
$result = Database::query($sql);
$possible_answers = array();
@ -3332,7 +3339,7 @@ class SurveyUtil {
$column = 0;
$old_user = '';
$answers_of_user = array();
$sql = "SELECT * FROM $table_survey_answer WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' ";
$sql = "SELECT * FROM $table_survey_answer WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."' ";
if ($user_id != 0) {
$sql .= "AND user='".Database::escape_string($user_id)."' ";
}
@ -3608,13 +3615,14 @@ class SurveyUtil {
* @version February 2007 - Updated March 2008
*/
function get_answers_of_question_by_user($survey_id, $question_id) {
$course_id = api_get_course_int_id();
// Database table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$sql = "SELECT * FROM $table_survey_answer
WHERE survey_id='".Database::escape_string($survey_id)."'
WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'
AND question_id='".Database::escape_string($question_id)."'
ORDER BY USER ASC";
$result = Database::query($sql);
@ -3678,6 +3686,7 @@ class SurveyUtil {
* @todo use survey_id parameter instead of $_GET
*/
function get_survey_invitations_data() {
$course_id = api_get_course_int_id();
// Database table definition
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
@ -3689,7 +3698,7 @@ class SurveyUtil {
'' as col4
FROM $table_survey_invitation survey_invitation
LEFT JOIN $table_user user ON survey_invitation.user = user.user_id
WHERE survey_invitation.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
WHERE survey_invitation.c_id = $course_id AND survey_invitation.survey_id = '".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$res = Database::query($sql);
while ($row = Database::fetch_array($res)) {
$survey_invitation_data[] = $row;
@ -3708,10 +3717,12 @@ class SurveyUtil {
* @version January 2007
*/
function get_number_of_survey_invitations() {
$course_id = api_get_course_int_id();
// Database table definition
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT count(user) AS total FROM $table_survey_invitation WHERE survey_id='".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$sql = "SELECT count(user) AS total FROM $table_survey_invitation WHERE c_id = $course_id AND survey_id='".Database::escape_string($_GET['survey_id'])."' AND session_id='".api_get_session_id()."' ";
$res = Database::query($sql);
$row = Database::fetch_array($res,'ASSOC');
return $row['total'];
@ -3727,6 +3738,7 @@ class SurveyUtil {
* @version January 2007
*/
function save_invite_mail($mailtext, $mail_subject, $reminder = 0) {
$course_id = api_get_course_int_id();
// Database table definition
$table_survey = Database :: get_course_table(TABLE_SURVEY);
@ -3737,7 +3749,8 @@ class SurveyUtil {
$mail_field = 'reminder_mail';
}
$sql = "UPDATE $table_survey SET mail_subject='".Database::escape_string($mail_subject)."', $mail_field = '".Database::escape_string($mailtext)."' WHERE survey_id = '".Database::escape_string($_GET['survey_id'])."'";
$sql = "UPDATE $table_survey SET mail_subject='".Database::escape_string($mail_subject)."', $mail_field = '".Database::escape_string($mailtext)."'
WHERE c_id = $course_id AND survey_id = '".Database::escape_string($_GET['survey_id'])."'";
$result = Database::query($sql);
}
@ -3880,18 +3893,20 @@ class SurveyUtil {
* @version January 2007
*/
function update_count_invited($survey_code) {
$course_id = api_get_course_int_id();
// Database table definition
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_survey = Database :: get_course_table(TABLE_SURVEY);
// Counting the number of people that are invited
$sql = "SELECT count(user) as total FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$sql = "SELECT count(user) as total FROM $table_survey_invitation WHERE c_id = $course_id AND survey_code = '".Database::escape_string($survey_code)."'";
$result = Database::query($sql);
$row = Database::fetch_array($result);
$total_invited = $row['total'];
// Updating the field in the survey table
$sql = "UPDATE $table_survey SET invited = '".Database::escape_string($total_invited)."' WHERE code = '".Database::escape_string($survey_code)."'";
$sql = "UPDATE $table_survey SET invited = '".Database::escape_string($total_invited)."' WHERE c_id = $course_id AND code = '".Database::escape_string($survey_code)."'";
$result = Database::query($sql);
}
@ -3907,13 +3922,15 @@ class SurveyUtil {
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version January 2007
*/
function get_invited_users($survey_code, $course_db = '') {
// Database table definition
if (!empty($course_db)) {
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION,$course_db);
} else {
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
}
function get_invited_users($survey_code, $course_code = '') {
if (!empty($course_code)) {
$course_info = api_get_course_info($course_code);
$course_id = $course_info['real_id'];
} else {
$course_id = api_get_course_int_id();
}
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
// Selecting all the invitations of this survey AND the additional emailaddresses (the left join)
@ -3921,7 +3938,7 @@ class SurveyUtil {
$sql = "SELECT user
FROM $table_survey_invitation as table_invitation
LEFT JOIN $table_user as table_user
ON table_invitation.user = table_user.user_id
ON table_invitation.user = table_user.user_id AND table_invitation.c_id = $course_id
WHERE survey_code='".Database::escape_string($survey_code)."'".$order_clause;
$defaults = array();
@ -3952,10 +3969,11 @@ class SurveyUtil {
* @version September 2007
*/
function get_invitations($survey_code) {
$course_id = api_get_course_int_id();
// Database table definition
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$sql = "SELECT * FROM $table_survey_invitation WHERE survey_code = '".Database::escape_string($survey_code)."'";
$sql = "SELECT * FROM $table_survey_invitation WHERE c_id = $course_id AND survey_code = '".Database::escape_string($survey_code)."'";
$result = Database::query($sql);
$return = array();
while ($row = Database::fetch_array($result)) {
@ -4182,9 +4200,13 @@ class SurveyUtil {
*/
function get_number_of_surveys() {
global $table_survey;
$course_id = api_get_course_int_id();
$search_restriction = SurveyUtil::survey_search_restriction();
if ($search_restriction) {
$search_restriction = 'WHERE '.$search_restriction;
$search_restriction = 'WHERE c_id = '.$course_id.' AND '.$search_restriction;
} else {
$search_restriction = "WHERE c_id = $course_id";
}
$sql = "SELECT count(survey_id) AS total_number_of_items FROM ".$table_survey.' '.$search_restriction;
$res = Database::query($sql);
@ -4358,6 +4380,7 @@ class SurveyUtil {
*/
function survey_list_user($user_id) {
global $_course;
$course_id = api_get_course_int_id();
// Database table definitions
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
@ -4367,7 +4390,7 @@ class SurveyUtil {
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$all_question_id = array();
$sql = 'SELECT question_id from '.$table_survey_question;
$sql = 'SELECT question_id from '.$table_survey_question." WHERE c_id = $course_id";
$result = Database::query($sql);
while($row=Database::fetch_array($result, 'ASSOC')) {
@ -4377,7 +4400,7 @@ class SurveyUtil {
$count = 0;
for ($i = 0; $i < count($all_question_id); $i++) {
$sql = 'SELECT COUNT(*) as count FROM '.$table_survey_answer.'
WHERE question_id='.Database::escape_string($all_question_id[$i]['question_id']).' AND user='.api_get_user_id();
WHERE c_id = '.$course_id.' AND question_id='.Database::escape_string($all_question_id[$i]['question_id']).' AND user='.api_get_user_id();
$result = Database::query($sql);
while ($row = Database::fetch_array($result, 'ASSOC')) {
if ($row['count'] == 0) {
@ -4390,9 +4413,6 @@ class SurveyUtil {
break;
}
}
$course_id = api_get_course_int_id();
echo '<table class="data_table">';
echo '<tr>';
echo ' <th>'.get_lang('SurveyName').'</th>';

23
main/survey/survey.php
Unescape View File

@ -19,9 +19,7 @@ require_once '../inc/global.inc.php';
$this_section = SECTION_COURSES;
// Including additional libraries
//require_once api_get_path(LIBRARY_PATH).'survey.lib.php';
require_once 'survey.lib.php';
require_once api_get_path(LIBRARY_PATH).'course.lib.php';
/** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/
// Coach can't view this page
@ -44,6 +42,8 @@ $user_info = Database :: get_main_table(TABLE_MAIN_SURVEY_REMINDER); // TO
$survey_id = intval($_GET['survey_id']);
$course_id = api_get_course_int_id();
// Breadcrumbs
$interbreadcrumb[] = array ('url' => 'survey_list.php', 'name' => get_lang('SurveyList'));
@ -77,7 +77,8 @@ if ($is_survey_type_1 && $_GET['action'] == 'addgroup' || $_GET['action'] == 'de
if (($_GET['action'] == 'addgroup')) {
if (!empty($_POST['group_id'])) {
Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\' WHERE id = \''.Database::escape_string($_POST['group_id']).'\'');
Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\'
WHERE c_id = '.$course_id.' AND id = \''.Database::escape_string($_POST['group_id']).'\'');
$sendmsg = 'GroupUpdatedSuccessfully';
} elseif(!empty($_POST['name'])) {
Database::query('INSERT INTO '.$table_survey_question_group.' (c_id, name,description,survey_id) values ('.$course_id.', \''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
@ -88,7 +89,7 @@ if ($is_survey_type_1 && $_GET['action'] == 'addgroup' || $_GET['action'] == 'de
}
if ($_GET['action'] == 'deletegroup'){
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($survey_id));
Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.Database::escape_string($_GET['gid']).' and survey_id = '.Database::escape_string($survey_id));
$sendmsg = 'GroupDeletedSuccessfully';
}
header('Location:survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
@ -103,6 +104,7 @@ $my_action_survey = Security::remove_XSS($_GET['action']);
$my_question_id_survey = Security::remove_XSS($_GET['question_id']);
$my_survey_id_survey = Security::remove_XSS($_GET['survey_id']);
$message_information = Security::remove_XSS($_GET['message']);
if (isset($_GET['action'])) {
if (($_GET['action'] == 'moveup' || $_GET['action'] == 'movedown') && isset($_GET['question_id'])) {
survey_manager::move_survey_question($my_action_survey,$my_question_id_survey,$my_survey_id_survey);
@ -176,7 +178,7 @@ echo ' </tr>';
// Displaying the table contents with all the questions
$question_counter = 1;
$sql = "SELECT * FROM $table_survey_question_group WHERE survey_id = '".Database::escape_string($survey_id)."' ORDER BY id";
$sql = "SELECT * FROM $table_survey_question_group WHERE c_id = '.$course_id.' AND survey_id = '".Database::escape_string($survey_id)."' ORDER BY id";
$result = Database::query($sql);
$groups = array();
while ($row = Database::fetch_array($result)) {
@ -185,13 +187,12 @@ while ($row = Database::fetch_array($result)) {
$sql = "SELECT survey_question.*, count(survey_question_option.question_option_id) as number_of_options
FROM $table_survey_question survey_question
LEFT JOIN $table_survey_question_option survey_question_option
ON survey_question.question_id = survey_question_option.question_id
WHERE
survey_question.survey_id = '".Database::escape_string($survey_id)."' AND
survey_question.c_id = $course_id AND
survey_question_option.c_id = $course_id
ON survey_question.question_id = survey_question_option.question_id AND survey_question_option.c_id = $course_id
WHERE survey_question.survey_id = '".Database::escape_string($survey_id)."' AND
survey_question.c_id = $course_id
GROUP BY survey_question.question_id
ORDER BY survey_question.sort ASC";
$result = Database::query($sql);
$question_counter_max = Database::num_rows($result);
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -275,7 +276,7 @@ if ($is_survey_type_1) {
echo ' <th width="100">'.get_lang('Modify').'</th>';
echo ' </tr>';
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE survey_id = '.Database::escape_string($survey_id).' ORDER BY name';
$sql = 'SELECT id,name,description FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND survey_id = '.Database::escape_string($survey_id).' ORDER BY name';
$rs = Database::query($sql);
while($row = Database::fetch_array($rs,ASSOC)){

16
main/survey/survey_invite.php
Unescape View File

@ -38,7 +38,9 @@ $table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$user_info = Database::get_main_table(TABLE_MAIN_SURVEY_REMINDER); // TODO: To be checked. TABLE_MAIN_SURVEY_REMINDER has not been defined.
$user_info = Database::get_main_table(TABLE_MAIN_SURVEY_REMINDER); // TODO: To be checked. TABLE_MAIN_SURVEY_REMINDER has not been defined.
$course_id = api_get_course_int_id();
// Getting the survey information
$survey_id = Security::remove_XSS($_GET['survey_id']);
@ -70,7 +72,7 @@ Display::display_header($tool_name,'Survey');
// Checking if there is another survey with this code.
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_data['code'])."'";
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_data['code'])."'";
$result = Database::query($sql);
if (Database::num_rows($result) > 1) {
Display::display_warning_message(get_lang('IdenticalSurveycodeWarning'));
@ -112,15 +114,13 @@ $users->setElementTemplate('
$users->setButtonAttributes('add', array('class' => 'arrowr'));
$users->setButtonAttributes('remove', array('class' => 'arrowl'));
// Additional users
$form->addElement('textarea', 'additional_users', get_lang('AdditonalUsers'), array('cols' => 50, 'rows' => 2));
// Additional users comment
$form->addElement('static', null, null, get_lang('AdditonalUsersComment'));
$form->addElement('textarea', 'additional_users', array(get_lang('AdditonalUsers'), get_lang('AdditonalUsersComment')), array('cols' => 50, 'rows' => 2));
// The title of the mail
$form->addElement('text', 'mail_title', get_lang('MailTitle'), array('size' => '80'));
// The text of the mail
$form->addElement('html_editor', 'mail_text', get_lang('MailText'), null, array('ToolbarSet' => 'Survey', 'Width' => '100%', 'Height' => '150'));
// Some explanation of the mail
$form->addElement('static', null, null, get_lang('UseLinkSyntax'));
$form->addElement('html_editor', 'mail_text', array(get_lang('MailText'), get_lang('UseLinkSyntax')), null, array('ToolbarSet' => 'Survey', 'Width' => '100%', 'Height' => '150'));
$form->addElement('checkbox', 'send_mail', '', get_lang('SendMail'));
// You cab send a reminder to unanswered people if the survey is not anonymous
if ($survey_data['anonymous'] != 1) {

11
main/work/work.lib.php
Unescape View File

@ -73,7 +73,7 @@ function display_action_links($id, $cur_dir_path, $always_show_tool_options, $al
}
if (api_is_allowed_to_edit(null, true)) {
global $publication;
global $publication, $token;
if (!empty($cur_dir_path)) {
if (empty($_GET['list']) or Security::remove_XSS($_GET['list']) == 'with') {
@ -82,9 +82,7 @@ function display_action_links($id, $cur_dir_path, $always_show_tool_options, $al
} else {
$display_output .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;id='.$id.'&amp;curdirpath='.$cur_dir_path.'&amp;origin='.$origin.'&amp;gradebook='.$gradebook.'&amp;list=with">'.
Display::return_icon('exercice_check.png', get_lang('ViewUsersWithTask'),'','32')."</a>\n";
$_SESSION['token'] = time();
$display_output .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;id='.$id.'&amp;curdirpath='.$cur_dir_path.'&amp;origin='.$origin.'&amp;gradebook='.$gradebook.'&amp;list=without&amp;action=send_mail&amp;sec_token='.$_SESSION['token'].'">'.
$display_output .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&amp;id='.$id.'&amp;curdirpath='.$cur_dir_path.'&amp;origin='.$origin.'&amp;gradebook='.$gradebook.'&amp;list=without&amp;action=send_mail&amp;sec_token='.$token.'">'.
Display::return_icon('mail_send.png', get_lang('ReminderMessage'),'','32')."</a>";
}
}
@ -1754,10 +1752,13 @@ function send_reminder_users_without_publication($task_data) {
$emailbody_user .= get_lang('WorkName').' : '.$task_title."\n\n".get_lang('Teacher').' : '.api_get_person_name($currentUserFirstName, $currentUserLastName)."\n".get_lang('Email').' : '.$currentUserEmail;
$list_users = get_list_users_without_publication($task_id);
var_dump($list_users);
foreach ($list_users as $user) {
$name_user = api_get_person_name($user[0], $user[1], null, PERSON_NAME_EMAIL_ADDRESS);
@api_mail($name_user, $user[3], $emailsubject, $emailbody_user, $sender_name, $email_admin);
$result = api_mail($name_user, $user[3], $emailsubject, $emailbody_user, $sender_name, $email_admin);
var_dump($result);
}
}
/**

21
main/work/work.php
Unescape View File

@ -62,16 +62,12 @@ include_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
require_once api_get_path(LIBRARY_PATH).'fileUpload.lib.php';
require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
$course_id = api_get_course_int_id();
$course_info = api_get_course_info();
$user_id = api_get_user_id();
// Section (for the tabs)
$this_section = SECTION_COURSES;
$ctok = $_SESSION['sec_token'];
$stok = Security::get_token();
$work_id = isset($_GET['id']) ? intval($_GET['id']) : null;
$my_folder_data = get_work_data_by_id($work_id);
@ -436,7 +432,8 @@ switch ($action) {
$form->addElement('hidden', 'active', 1);
$form->addElement('hidden', 'accepted', 1);
$form->addElement('hidden', 'item_to_edit', $item_id);
$form->addElement('hidden', 'sec_token', $stok);
$token = Security::get_token();
$form->addElement('hidden', 'sec_token', $token);
if ($item_id) {
$text = get_lang('UpdateWork');
@ -479,10 +476,11 @@ switch ($action) {
case 'downloadfolder':
//require 'downloadfolder.inc.php';
break;
case 'send_mail':
if ($_GET['sec_token'] == $_SESSION['token']) {
case 'send_mail':
var_dump($_SESSION['sec_token'], $_GET['sec_token']);
if (Security::check_token('get')) { echo 'dd';
send_reminder_users_without_publication($my_folder_data);
unset($_SESSION['token']);
Security::clear_token();
}
break;
case 'settings':
@ -518,12 +516,13 @@ switch ($action) {
case 'create_dir':
//show them the form for the directory name
if ($is_allowed_to_edit) {
$token = Security::get_token();
//create the form that asks for the directory name
$new_folder_text = '<form name="form1" method="POST">';
$new_folder_text .= '<div class="row"><div class="form_header">'.get_lang('CreateAssignment').'</div></div>';
$new_folder_text .= '<input type="hidden" name="action" value="add"/>';
$new_folder_text .= '<input type="hidden" name="curdirpath" value="' . Security :: remove_XSS($curdirpath) . '"/>';
$new_folder_text .= '<input type="hidden" name="sec_token" value="'.$stok.'" />';
$new_folder_text .= '<input type="hidden" name="sec_token" value="'.$token.'" />';
$new_folder_text .= '<div class="row">
<div class="label">
<span class="form_required">*</span> '.get_lang('AssignmentName').'
@ -616,7 +615,7 @@ switch ($action) {
// we insert here the directory in the table $work_table
$dir_name_sql = '';
if ($is_allowed_to_edit && $ctok == $_POST['sec_token']) {
if ($is_allowed_to_edit && Security::check_token('post')) {
if (!empty($created_dir)) {
if ($curdirpath == '/') {
@ -730,7 +729,7 @@ switch ($action) {
}
}
case 'upload':
if ($student_can_edit_in_session && isset($_POST['sec_token']) && $ctok == $_POST['sec_token']) {
if ($student_can_edit_in_session && isset($_POST['sec_token']) && Security::check_token('post')) {
//check the token inserted into the form
if (isset($_POST['submitWork']) && !empty($is_course_member)) {

Write Preview
Loading…
Cancel
Save