Fixing queries in the classmanager.lib.php (adding intvals, escape_string), adding breadcrumb and some icons see #4071

14 years ago · 378324adb6
parent 9e9a3a53c8
commit 378324adb6
8 changed files with 86 additions and 95 deletions
--- a/main/admin/class_add.php
+++ b/main/admin/class_add.php
@ -24,6 +24,7 @@ api_protect_admin_script();

 // Setting breadcrumbs.
 $interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
+$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('Classes'));

 // Setting the name of the tool.
 $tool_name = get_lang("AddClasses");
--- a/main/admin/class_edit.php
+++ b/main/admin/class_edit.php
@ -13,9 +13,8 @@ $language_file = 'admin';
 $cidReset = true;

 // Including some necessary dokeos files.
-include '../inc/global.inc.php';
+require_once '../inc/global.inc.php';
 require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
-require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';

 // Setting the section (for the tabs).
 $this_section = SECTION_PLATFORM_ADMIN;
@ -27,6 +26,7 @@ api_protect_admin_script();
 $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
 $interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('AdminClasses'));

+
 // Setting the name of the tool.
 $tool_name = get_lang('AddClasses');

--- a/main/admin/class_import.php
+++ b/main/admin/class_import.php
@ -57,7 +57,6 @@ include '../inc/global.inc.php';
 require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
 require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
 require_once api_get_path(LIBRARY_PATH).'import.lib.php';
-require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';

 // Setting the section (for the tabs).
 $this_section = SECTION_PLATFORM_ADMIN;
@ -67,6 +66,7 @@ api_protect_admin_script();

 // setting breadcrumbs
 $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
+$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('Classes'));

 // Database Table Definitions

@ -103,10 +103,9 @@ if ($form->validate()) {
 }

 $form->display();
-
 ?>
 <p><?php echo get_lang('CSVMustLookLike').' ('.get_lang('MandatoryFields').')'; ?> :</p>
-<blockquote>
+
 <pre>
  <b>ClassName</b>
  <b>1A</b>
@ -114,7 +113,6 @@ $form->display();
  <b>2A group 1</b>
  <b>2A group 2</b>
 </pre>
-</blockquote>
 <?php

 // Displaying the footer.
--- a/main/admin/class_information.php
+++ b/main/admin/class_information.php
@ -13,12 +13,12 @@ $language_file = 'admin';

 $cidReset = true;

-require '../inc/global.inc.php';
+require_once '../inc/global.inc.php';
 $this_section = SECTION_PLATFORM_ADMIN;

 api_protect_admin_script();

-require api_get_path(LIBRARY_PATH).'classmanager.lib.php';
+require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';

 if (!isset($_GET['id'])) {
    api_not_allowed();
@ -38,7 +38,6 @@ Display::display_header($tool_name);
 * Show all users subscribed in this class.
 */
 echo '<h4>'.get_lang('Users').'</h4>';
-echo '<blockquote>';
 $users = ClassManager::get_users($class_id);
 if (count($users) > 0) {
    $is_western_name_order = api_is_western_name_order();
@ -67,14 +66,13 @@ if (count($users) > 0) {
        }
        $row[] = Display :: encrypted_mailto_link($user['email'], $user['email']);
        $row[] = $user['status'] == 5 ? get_lang('Student') : get_lang('Teacher');
-        $row[] = '<a href="user_information.php?user_id='.$user['user_id'].'">'.Display::return_icon('synthese_view.gif').'</a>';
+        $row[] = '<a href="user_information.php?user_id='.$user['user_id'].'">'.Display::return_icon('synthese_view.gif', get_lang('Info')).'</a>';
        $data[] = $row;
    }
    Display::display_sortable_table($table_header,$data,array(),array(),array('id'=>$_GET['id']));
 } else {
    echo get_lang('NoUsersInClass');
 }
-echo '</blockquote>';

 /**
 * Show all courses in which this class is subscribed.
--- a/main/admin/class_list.php
+++ b/main/admin/class_list.php
@ -63,20 +63,19 @@ function get_class_data($from, $number_of_items, $column, $direction) {
 function modify_filter($class_id) {
    $class_id = Security::remove_XSS($class_id);
    $result = '<a href="class_information.php?id='.$class_id.'">'.Display::return_icon('synthese_view.gif', get_lang('Info')).'</a>';
-    $result .= '<a href="class_edit.php?idclass='.$class_id.'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
-    $result .= '<a href="class_list.php?action=delete_class&amp;class_id='.$class_id.'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."'".')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
-    $result .= '<a href="subscribe_user2class.php?idclass='.$class_id.'">'.Display::return_icon('add_multiple_users.gif', get_lang('AddUsersToAClass')).'</a>';
+    $result .= ' <a href="class_edit.php?idclass='.$class_id.'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
+    $result .= ' <a href="subscribe_user2class.php?idclass='.$class_id.'">'.Display::return_icon('add_multiple_users.gif', get_lang('AddUsersToAClass')).'</a>';
+    $result .= ' <a href="class_list.php?action=delete_class&amp;class_id='.$class_id.'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."'".')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
    return $result;
 }

 require api_get_path(LIBRARY_PATH).'fileManage.lib.php';
 require api_get_path(LIBRARY_PATH).'classmanager.lib.php';
-require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';

 $tool_name = get_lang('ClassList');
 $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));

-Display :: display_header($tool_name);
+//Display :: display_header($tool_name);
 //api_display_tool_title($tool_name);

 if (isset($_POST['action'])) {
@ -88,7 +87,7 @@ if (isset($_POST['action'])) {
                foreach ($classes as $index => $class_id) {
                    ClassManager :: delete_class($class_id);
                }
-                Display :: display_normal_message(get_lang('ClassesDeleted'));
+                $message = Display :: return_message(get_lang('ClassesDeleted'));
            }
            break;
    }
@ -98,10 +97,10 @@ if (isset($_GET['action'])) {
    switch ($_GET['action']) {
        case 'delete_class':
            ClassManager :: delete_class($_GET['class_id']);
-            Display :: display_normal_message(get_lang('ClassDeleted'));
+            $message = Display :: return_message(get_lang('ClassDeleted'));
            break;
        case 'show_message':
-            Display :: display_normal_message(Security::remove_XSS(stripslashes($_GET['message'])));
+            $message = Display :: return_message(Security::remove_XSS(stripslashes($_GET['message'])));
            break;
    }
 }
@ -112,7 +111,7 @@ $renderer =& $form->defaultRenderer();
 $renderer->setElementTemplate('<span>{element}</span> ');
 $form->addElement('text', 'keyword', get_lang('keyword'));
 $form->addElement('submit', 'submit', get_lang('Search'));
-$form->display();
+$content .= $form->return_form();

 // Create the sortable table with class information
 $table = new SortableTable('classes', 'get_number_of_classes', 'get_class_data', 1);
@ -123,7 +122,15 @@ $table->set_header(2, get_lang('NumberOfUsers'));
 $table->set_header(3, '', false);
 $table->set_column_filter(3, 'modify_filter');
 $table->set_form_actions(array ('delete_classes' => get_lang('DeleteSelectedClasses')), 'class');
-$table->display();

-// Displaying the footer.
-Display :: display_footer();
+$content .= $table->return_table();
+
+$actions .= Display::url(Display::return_icon('add.png', get_lang('Add'), array(), 32), 'class_add.php');
+$actions .= Display::url(Display::return_icon('import_csv.png', get_lang('AddUsersToAClass'), array(), 32), 'class_user_import.php');
+$actions .= Display::url(Display::return_icon('import_csv.png', get_lang('ImportClassListCSV'), array(), 32), 'class_import.php');
+
+$tpl = new Template($tool_name);
+$tpl->assign('content', $content);
+$tpl->assign('actions', $actions);
+$tpl->assign('message', $message);
+$tpl->display_one_col_template();
--- a/main/admin/class_user_import.php
+++ b/main/admin/class_user_import.php
@ -16,16 +16,24 @@ function validate_data($user_classes) {
    global $purification_option_for_usernames;
    $errors = array ();
    $classcodes = array ();
+    
+    if (!isset($_POST['subscribe']) && !isset($_POST['subscribe']))  {
+          $user_class['error'] = get_lang('SelectAnAction');
+          $errors[] = $user_class;
+          return $errors;
+    }
    foreach ($user_classes as $index => $user_class) {
        $user_class['line'] = $index + 1;
        // 1. Check whether mandatory fields are set.
        $mandatory_fields = array ('UserName', 'ClassName');
+        
        foreach ($mandatory_fields as $key => $field) {            
            if (!isset ($user_class[$field]) || strlen($user_class[$field]) == 0) {                
                $user_class['error'] = get_lang($field.'Mandatory');
                $errors[] = $user_class;
            }
        }
+        
        // 2. Check whether classcode exists.
        if (isset ($user_class['ClassName']) && strlen($user_class['ClassName']) != 0) {
            // 2.1 Check whether code has been allready used in this CVS-file.
@ -35,7 +43,7 @@ function validate_data($user_classes) {
                $sql = "SELECT * FROM $class_table WHERE name = '".Database::escape_string($user_class['ClassName'])."'";
                $res = Database::query($sql);
                if (Database::num_rows($res) == 0) {
-                    $user_class['error'] = get_lang('CodeDoesNotExists');
+                    $user_class['error'] = get_lang('CodeDoesNotExists').': '.$user_class['ClassName'];
                    $errors[] = $user_class;
                } else {
                    $classcodes[$user_class['CourseCode']] = 1;
@ -75,6 +83,7 @@ function save_data($users_classes) {
    // Data parsing: purification + conversion (UserName, ClassName) --> (user_is, class_id)
    $csv_data = array ();
    foreach ($users_classes as $index => $user_class) {
+        
        $sql1 = "SELECT user_id FROM $user_table WHERE username = '".Database::escape_string(UserManager::purify_username($user_class['UserName'], $purification_option_for_usernames))."'";
        $res1 = Database::query($sql1);
        $obj1 = Database::fetch_object($res1);
@ -96,6 +105,7 @@ function save_data($users_classes) {
        }
        $to_subscribe   = array_diff(array_keys($csv_subscriptions), array_keys($db_subscriptions));
        $to_unsubscribe = array_diff(array_keys($db_subscriptions), array_keys($csv_subscriptions));
+        
        // Subscriptions for new classes.
        if ($_POST['subscribe']) {
            foreach ($to_subscribe as $class_id) {
@ -122,10 +132,9 @@ function parse_csv_data($file) {
 }

 $language_file = array('admin', 'registration');
-
 $cidReset = true;

-include '../inc/global.inc.php';
+require_once '../inc/global.inc.php';

 $this_section = SECTION_PLATFORM_ADMIN;
 api_protect_admin_script(true);
@ -137,6 +146,7 @@ require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
 $tool_name = get_lang('AddUsersToAClass').' CSV';

 $interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
+$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('Classes'));

 // Set this option to true to enforce strict purification for usenames.
 $purification_option_for_usernames = false;
@ -148,8 +158,10 @@ $form->addElement('file', 'import_file', get_lang('ImportFileLocation'));
 $form->addElement('checkbox', 'subscribe', get_lang('Action'), get_lang('SubscribeUserIfNotAllreadySubscribed'));
 $form->addElement('checkbox', 'unsubscribe', '', get_lang('UnsubscribeUserIfSubscriptionIsNotInFile'));
 $form->addElement('style_submit_button', 'submit', get_lang('Import'), 'class="save"');
+
 if ($form->validate()) {
    $users_classes = parse_csv_data($_FILES['import_file']['tmp_name']);
+    
    $errors = validate_data($users_classes);
    if (count($errors) == 0) {        
        save_data($users_classes);
@ -164,28 +176,19 @@ api_display_tool_title($tool_name);
 if (count($errors) != 0) {
    $error_message = "\n";
    foreach ($errors as $index => $error_class_user) {
-        $error_message .= get_lang('Line').' '.$error_class_user['line'].': '.$error_class_user['error'].'</b>: ';
-        $error_message .= "\n";
+        $error_message .= get_lang('Line').' '.$error_class_user['line'].': '.$error_class_user['error'].'</b>';
+        $error_message .= "<br />";
    }
    $error_message .= "\n";
-    Display :: display_error_message($error_message);
+    Display :: display_error_message($error_message, false);
 }
-
 $form->display();
 ?>
 <p><?php echo get_lang('CSVMustLookLike').' ('.get_lang('MandatoryFields').')'; ?> :</p>
-<blockquote>
 <pre>
 <b>UserName</b>;<b>ClassName</b>
 jdoe;class01
 adam;class01
 </pre>
-</blockquote>
 <?php
-
-/*
-==============================================================================
-        FOOTER
-==============================================================================
-*/
 Display :: display_footer();
--- a/main/admin/index.php
+++ b/main/admin/index.php
@ -188,7 +188,6 @@ if (api_get_setting('use_session_mode') == 'true') {
 } elseif (api_is_platform_admin()) {

 	$blocks['classes']['items'] = $items;	
-	
 	$blocks['classes']['icon']  = Display::return_icon('group.gif', get_lang('AdminClasses'));
 	$blocks['classes']['label'] = api_ucfirst(get_lang('AdminClasses'));
 	
--- a/main/inc/lib/classmanager.lib.php
+++ b/main/inc/lib/classmanager.lib.php
@ -7,12 +7,6 @@
 /**
 * Code
 */
-require_once (api_get_path(LIBRARY_PATH).'course.lib.php');
-/**
- * This library contains some functions for class-management.
- * @author Bart Mollet
- * @package chamilo.library
- */
 class ClassManager
 {
 	/**
@ -20,8 +14,8 @@ class ClassManager
 	 * note: This function can't be named get_class() because that's a standard
 	 * php-function.
 	 */
-	function get_class_info($class_id)
-	{
+	function get_class_info($class_id) {
+        $class_id = intval($class_id);        
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$sql = "SELECT * FROM $table_class WHERE id='".$class_id."'";
 		$res = Database::query($sql);
@ -32,8 +26,8 @@ class ClassManager
 	 * @param string $name The new name
 	 * @param int $class_id The class id
 	 */
-	function set_name($name, $class_id)
-	{
+	function set_name($name, $class_id) {
+        $class_id = intval($class_id);        
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$sql = "UPDATE $table_class SET name='".Database::escape_string($name)."' WHERE id='".$class_id."'";
 		$res = Database::query($sql);
@ -42,8 +36,7 @@ class ClassManager
 	 * Create a class
 	 * @param string $name
 	 */
-	function create_class($name)
-	{
+	function create_class($name) {
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$sql = "INSERT INTO $table_class SET name='".Database::escape_string($name)."'";
 		Database::query($sql);
@ -53,8 +46,7 @@ class ClassManager
 	 * Check if a classname is allready in use
 	 * @param string $name
 	 */
-	function class_name_exists($name)
-	{
+	function class_name_exists($name) {
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$sql = "SELECT * FROM $table_class WHERE name='".Database::escape_string($name)."'";
 		$res = Database::query($sql);
@ -66,8 +58,8 @@ class ClassManager
 	 * @todo Add option to unsubscribe class-members from the courses where the
 	 * class was subscibed to
 	 */
-	function delete_class($class_id)
-	{
+	function delete_class($class_id) {
+        $class_id = intval($class_id);        
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
 		$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
@ -83,15 +75,14 @@ class ClassManager
 	 * @param int $class_id
 	 * @return array
 	 */
-	function get_users($class_id)
-	{
+	function get_users($class_id) {        
+        $class_id = intval($class_id);        
 		$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
 		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
 		$sql = "SELECT * FROM $table_class_user cu, $table_user u WHERE cu.class_id = '".$class_id."' AND cu.user_id = u.user_id";
 		$res = Database::query($sql);
 		$users = array ();
-		while ($user = Database::fetch_array($res, 'ASSOC'))
-		{
+		while ($user = Database::fetch_array($res, 'ASSOC')) {
 			$users[] = $user;
 		}
 		return $users;
@ -102,14 +93,14 @@ class ClassManager
 	 * @param int $user_id The user id
 	 * @param int $class_id The class id
 	 */
-	function add_user($user_id, $class_id)
-	{
+	function add_user($user_id, $class_id) {
 		$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
+        $user_id  = intval($user_id);
+        $class_id = intval($class_id);
 		$sql = "INSERT IGNORE INTO $table_class_user SET user_id = '".$user_id."', class_id='".$class_id."'";
 		Database::query($sql);
 		$courses = ClassManager :: get_courses($class_id);
-		foreach ($courses as $index => $course)
-		{
+		foreach ($courses as $index => $course) {
 			CourseManager :: subscribe_user($user_id, $course['course_code']);
 		}
 	}
@ -119,16 +110,16 @@ class ClassManager
 	 * @param int $user_id The user id
 	 * @param int $class_id The class id
 	 */
-	function unsubscribe_user($user_id, $class_id)
-	{
+	function unsubscribe_user($user_id, $class_id) {
+        $class_id = intval($class_id);        
+        $user_id  = intval($user_id);
+        
 		$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
 		$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
 		$courses = ClassManager :: get_courses($class_id);
-		if (count($courses) != 0)
-		{
+		if (count($courses) != 0) {
 			$course_codes = array ();
-			foreach ($courses as $index => $course)
-			{
+			foreach ($courses as $index => $course) {
 				$course_codes[] = $course['course_code'];
 				$sql = "SELECT DISTINCT user_id FROM $table_class_user t1, $table_course_class t2 WHERE t1.class_id=t2.class_id AND course_code = '".$course['course_code']."' AND user_id = $user_id AND t2.class_id<>'$class_id'";
 				$res = Database::query($sql);
@ -146,15 +137,14 @@ class ClassManager
 	 * @param int $class_id
 	 * @return array
 	 */
-	function get_courses($class_id)
-	{
+	function get_courses($class_id) {
+        $class_id = intval($class_id);       
 		$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
 		$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
 		$sql = "SELECT * FROM $table_class_course cc, $table_course c WHERE cc.class_id = '".$class_id."' AND cc.course_code = c.code";
 		$res = Database::query($sql);
 		$courses = array ();
-		while ($course = Database::fetch_array($res, 'ASSOC'))
-		{
+		while ($course = Database::fetch_array($res, 'ASSOC')) {
 			$courses[] = $course;
 		}
 		return $courses;
@ -164,8 +154,7 @@ class ClassManager
 	 * @param  int $class_id The class id
 	 * @param string $course_code The course code
 	 */
-	function subscribe_to_course($class_id, $course_code)
-	{
+	function subscribe_to_course($class_id, $course_code) {
 		$tbl_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
 		$tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
 		$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
@ -173,8 +162,7 @@ class ClassManager
 		Database::query($sql);
 		$sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".Database::escape_string($class_id)."'";
 		$res = Database::query($sql);
-		while ($user = Database::fetch_object($res))
-		{
+		while ($user = Database::fetch_object($res)) {
 			CourseManager :: subscribe_user($user->user_id, $course_code);
 		}
 	}
@ -212,8 +200,8 @@ class ClassManager
 	 * @param string $name The class name
 	 * @return int the ID of the class
 	 */
-	function get_class_id($name)
-	{
+	function get_class_id($name) {
+        $name = Database::escape_string($name);
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$sql = "SELECT * FROM $table_class WHERE name='".$name."'";
 		$res = Database::query($sql);
@ -225,18 +213,15 @@ class ClassManager
 	 * @param string $course_code
 	 * @return array An array with all classes (keys: 'id','code','name')
 	 */
-	function get_classes_in_course($course_code)
-	{
+	function get_classes_in_course($course_code) {
 		$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
 		$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
 		$sql = "SELECT cl.* FROM $table_class cl, $table_course_class cc WHERE cc.course_code = '".Database::escape_string($course_code)."' AND cc.class_id = cl.id";
 		$res = Database::query($sql);
 		$classes = array ();
-		while ($class = Database::fetch_array($res, 'ASSOC'))
-		{
+		while ($class = Database::fetch_array($res, 'ASSOC')) {
 			$classes[] = $class;
 		}
 		return $classes;
 	}
 }
-?>