chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixing queries in the classmanager.lib.php (adding intvals, escape_string), adding breadcrumb and some icons see #4071

Browse Source
skala
Julio Montoya 14 years ago
parent 9e9a3a53c8
commit 378324adb6
8 changed files with 86 additions and 95 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 3
      main/admin/class_add.php
  2. 4
      main/admin/class_edit.php
  3. 8
      main/admin/class_import.php
  4. 8
      main/admin/class_information.php
  5. 31
      main/admin/class_list.php
  6. 47
      main/admin/class_user_import.php
  7. 3
      main/admin/index.php
  8. 77
      main/inc/lib/classmanager.lib.php

3
main/admin/class_add.php
Unescape View File

@ -24,6 +24,7 @@ api_protect_admin_script();
// Setting breadcrumbs.
$interbreadcrumb[] = array('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('Classes'));
// Setting the name of the tool.
$tool_name = get_lang("AddClasses");
@ -44,4 +45,4 @@ Display :: display_header($tool_name);
$form->display();
// Displaying the footer.
Display :: display_footer();
Display :: display_footer();

4
main/admin/class_edit.php
Unescape View File

@ -13,9 +13,8 @@ $language_file = 'admin';
$cidReset = true;
// Including some necessary dokeos files.
include '../inc/global.inc.php';
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
// Setting the section (for the tabs).
$this_section = SECTION_PLATFORM_ADMIN;
@ -27,6 +26,7 @@ api_protect_admin_script();
$interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('AdminClasses'));
// Setting the name of the tool.
$tool_name = get_lang('AddClasses');

8
main/admin/class_import.php
Unescape View File

@ -57,7 +57,6 @@ include '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'fileManage.lib.php';
require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
require_once api_get_path(LIBRARY_PATH).'import.lib.php';
require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
// Setting the section (for the tabs).
$this_section = SECTION_PLATFORM_ADMIN;
@ -67,6 +66,7 @@ api_protect_admin_script();
// setting breadcrumbs
$interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('Classes'));
// Database Table Definitions
@ -103,10 +103,9 @@ if ($form->validate()) {
}
$form->display();
?>
<p><?php echo get_lang('CSVMustLookLike').' ('.get_lang('MandatoryFields').')'; ?> :</p>
<blockquote>
<pre>
<b>ClassName</b>
<b>1A</b>
@ -114,8 +113,7 @@ $form->display();
<b>2A group 1</b>
<b>2A group 2</b>
</pre>
</blockquote>
<?php
// Displaying the footer.
Display :: display_footer();
Display :: display_footer();

8
main/admin/class_information.php
Unescape View File

@ -13,12 +13,12 @@ $language_file = 'admin';
$cidReset = true;
require '../inc/global.inc.php';
require_once '../inc/global.inc.php';
$this_section = SECTION_PLATFORM_ADMIN;
api_protect_admin_script();
require api_get_path(LIBRARY_PATH).'classmanager.lib.php';
require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
if (!isset($_GET['id'])) {
api_not_allowed();
@ -38,7 +38,6 @@ Display::display_header($tool_name);
* Show all users subscribed in this class.
*/
echo '<h4>'.get_lang('Users').'</h4>';
echo '<blockquote>';
$users = ClassManager::get_users($class_id);
if (count($users) > 0) {
$is_western_name_order = api_is_western_name_order();
@ -67,14 +66,13 @@ if (count($users) > 0) {
}
$row[] = Display :: encrypted_mailto_link($user['email'], $user['email']);
$row[] = $user['status'] == 5 ? get_lang('Student') : get_lang('Teacher');
$row[] = '<a href="user_information.php?user_id='.$user['user_id'].'">'.Display::return_icon('synthese_view.gif').'</a>';
$row[] = '<a href="user_information.php?user_id='.$user['user_id'].'">'.Display::return_icon('synthese_view.gif', get_lang('Info')).'</a>';
$data[] = $row;
}
Display::display_sortable_table($table_header,$data,array(),array(),array('id'=>$_GET['id']));
} else {
echo get_lang('NoUsersInClass');
}
echo '</blockquote>';
/**
* Show all courses in which this class is subscribed.

31
main/admin/class_list.php
Unescape View File

@ -63,20 +63,19 @@ function get_class_data($from, $number_of_items, $column, $direction) {
function modify_filter($class_id) {
$class_id = Security::remove_XSS($class_id);
$result = '<a href="class_information.php?id='.$class_id.'">'.Display::return_icon('synthese_view.gif', get_lang('Info')).'</a>';
$result .= '<a href="class_edit.php?idclass='.$class_id.'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
$result .= '<a href="class_list.php?action=delete_class&amp;class_id='.$class_id.'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."'".')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
$result .= '<a href="subscribe_user2class.php?idclass='.$class_id.'">'.Display::return_icon('add_multiple_users.gif', get_lang('AddUsersToAClass')).'</a>';
$result .= ' <a href="class_edit.php?idclass='.$class_id.'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
$result .= ' <a href="subscribe_user2class.php?idclass='.$class_id.'">'.Display::return_icon('add_multiple_users.gif', get_lang('AddUsersToAClass')).'</a>';
$result .= ' <a href="class_list.php?action=delete_class&amp;class_id='.$class_id.'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."'".')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
return $result;
}
require api_get_path(LIBRARY_PATH).'fileManage.lib.php';
require api_get_path(LIBRARY_PATH).'classmanager.lib.php';
require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
$tool_name = get_lang('ClassList');
$interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
Display :: display_header($tool_name);
//Display :: display_header($tool_name);
//api_display_tool_title($tool_name);
if (isset($_POST['action'])) {
@ -88,7 +87,7 @@ if (isset($_POST['action'])) {
foreach ($classes as $index => $class_id) {
ClassManager :: delete_class($class_id);
}
Display :: display_normal_message(get_lang('ClassesDeleted'));
$message = Display :: return_message(get_lang('ClassesDeleted'));
}
break;
}
@ -98,10 +97,10 @@ if (isset($_GET['action'])) {
switch ($_GET['action']) {
case 'delete_class':
ClassManager :: delete_class($_GET['class_id']);
Display :: display_normal_message(get_lang('ClassDeleted'));
$message = Display :: return_message(get_lang('ClassDeleted'));
break;
case 'show_message':
Display :: display_normal_message(Security::remove_XSS(stripslashes($_GET['message'])));
$message = Display :: return_message(Security::remove_XSS(stripslashes($_GET['message'])));
break;
}
}
@ -112,7 +111,7 @@ $renderer =& $form->defaultRenderer();
$renderer->setElementTemplate('<span>{element}</span> ');
$form->addElement('text', 'keyword', get_lang('keyword'));
$form->addElement('submit', 'submit', get_lang('Search'));
$form->display();
$content .= $form->return_form();
// Create the sortable table with class information
$table = new SortableTable('classes', 'get_number_of_classes', 'get_class_data', 1);
@ -123,7 +122,15 @@ $table->set_header(2, get_lang('NumberOfUsers'));
$table->set_header(3, '', false);
$table->set_column_filter(3, 'modify_filter');
$table->set_form_actions(array ('delete_classes' => get_lang('DeleteSelectedClasses')), 'class');
$table->display();
// Displaying the footer.
Display :: display_footer();
$content .= $table->return_table();
$actions .= Display::url(Display::return_icon('add.png', get_lang('Add'), array(), 32), 'class_add.php');
$actions .= Display::url(Display::return_icon('import_csv.png', get_lang('AddUsersToAClass'), array(), 32), 'class_user_import.php');
$actions .= Display::url(Display::return_icon('import_csv.png', get_lang('ImportClassListCSV'), array(), 32), 'class_import.php');
$tpl = new Template($tool_name);
$tpl->assign('content', $content);
$tpl->assign('actions', $actions);
$tpl->assign('message', $message);
$tpl->display_one_col_template();

47
main/admin/class_user_import.php
Unescape View File

@ -16,26 +16,34 @@ function validate_data($user_classes) {
global $purification_option_for_usernames;
$errors = array ();
$classcodes = array ();
if (!isset($_POST['subscribe']) && !isset($_POST['subscribe'])) {
$user_class['error'] = get_lang('SelectAnAction');
$errors[] = $user_class;
return $errors;
}
foreach ($user_classes as $index => $user_class) {
$user_class['line'] = $index + 1;
// 1. Check whether mandatory fields are set.
$mandatory_fields = array ('UserName', 'ClassName');
foreach ($mandatory_fields as $key => $field) {
if (!isset ($user_class[$field]) || strlen($user_class[$field]) == 0) {
foreach ($mandatory_fields as $key => $field) {
if (!isset ($user_class[$field]) || strlen($user_class[$field]) == 0) {
$user_class['error'] = get_lang($field.'Mandatory');
$errors[] = $user_class;
}
}
// 2. Check whether classcode exists.
if (isset ($user_class['ClassName']) && strlen($user_class['ClassName']) != 0) {
// 2.1 Check whether code has been allready used in this CVS-file.
if (!isset ($classcodes[$user_class['ClassName']])) {
// 2.1.1 Check whether code exists in DB.
$class_table = Database :: get_main_table(TABLE_MAIN_CLASS);
$class_table = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $class_table WHERE name = '".Database::escape_string($user_class['ClassName'])."'";
$res = Database::query($sql);
if (Database::num_rows($res) == 0) {
$user_class['error'] = get_lang('CodeDoesNotExists');
$user_class['error'] = get_lang('CodeDoesNotExists').': '.$user_class['ClassName'];
$errors[] = $user_class;
} else {
$classcodes[$user_class['CourseCode']] = 1;
@ -49,7 +57,7 @@ function validate_data($user_classes) {
$user_class['error'] = get_lang('UserNameTooLong').': '.$user_class['UserName'];
$errors[] = $user_class;
}
$username = UserManager::purify_username($user_class['UserName'], $purification_option_for_usernames);
$username = UserManager::purify_username($user_class['UserName'], $purification_option_for_usernames);
// 3.2. Check whether username exists.
if (UserManager::is_username_available($username)) {
$user_class['error'] = get_lang('UnknownUser').': '.$username;
@ -75,6 +83,7 @@ function save_data($users_classes) {
// Data parsing: purification + conversion (UserName, ClassName) --> (user_is, class_id)
$csv_data = array ();
foreach ($users_classes as $index => $user_class) {
$sql1 = "SELECT user_id FROM $user_table WHERE username = '".Database::escape_string(UserManager::purify_username($user_class['UserName'], $purification_option_for_usernames))."'";
$res1 = Database::query($sql1);
$obj1 = Database::fetch_object($res1);
@ -85,7 +94,7 @@ function save_data($users_classes) {
$csv_data[$obj1->user_id][$obj2->id] = 1;
}
}
// Logic for processing the request (data + UI options).
$db_subscriptions = array();
foreach ($csv_data as $user_id => $csv_subscriptions) {
@ -94,8 +103,9 @@ function save_data($users_classes) {
while ($obj = Database::fetch_object($res)) {
$db_subscriptions[$obj->class_id] = 1;
}
$to_subscribe = array_diff(array_keys($csv_subscriptions), array_keys($db_subscriptions));
$to_subscribe = array_diff(array_keys($csv_subscriptions), array_keys($db_subscriptions));
$to_unsubscribe = array_diff(array_keys($db_subscriptions), array_keys($csv_subscriptions));
// Subscriptions for new classes.
if ($_POST['subscribe']) {
foreach ($to_subscribe as $class_id) {
@ -122,10 +132,9 @@ function parse_csv_data($file) {
}
$language_file = array('admin', 'registration');
$cidReset = true;
include '../inc/global.inc.php';
require_once '../inc/global.inc.php';
$this_section = SECTION_PLATFORM_ADMIN;
api_protect_admin_script(true);
@ -137,6 +146,7 @@ require_once api_get_path(LIBRARY_PATH).'classmanager.lib.php';
$tool_name = get_lang('AddUsersToAClass').' CSV';
$interbreadcrumb[] = array ('url' => 'index.php', 'name' => get_lang('PlatformAdmin'));
$interbreadcrumb[] = array ('url' => 'class_list.php', 'name' => get_lang('Classes'));
// Set this option to true to enforce strict purification for usenames.
$purification_option_for_usernames = false;
@ -148,10 +158,12 @@ $form->addElement('file', 'import_file', get_lang('ImportFileLocation'));
$form->addElement('checkbox', 'subscribe', get_lang('Action'), get_lang('SubscribeUserIfNotAllreadySubscribed'));
$form->addElement('checkbox', 'unsubscribe', '', get_lang('UnsubscribeUserIfSubscriptionIsNotInFile'));
$form->addElement('style_submit_button', 'submit', get_lang('Import'), 'class="save"');
if ($form->validate()) {
$users_classes = parse_csv_data($_FILES['import_file']['tmp_name']);
$errors = validate_data($users_classes);
if (count($errors) == 0) {
if (count($errors) == 0) {
save_data($users_classes);
header('Location: class_list.php?action=show_message&message='.urlencode(get_lang('FileImported')));
exit();
@ -164,28 +176,19 @@ api_display_tool_title($tool_name);
if (count($errors) != 0) {
$error_message = "\n";
foreach ($errors as $index => $error_class_user) {
$error_message .= get_lang('Line').' '.$error_class_user['line'].': '.$error_class_user['error'].'</b>: ';
$error_message .= "\n";
$error_message .= get_lang('Line').' '.$error_class_user['line'].': '.$error_class_user['error'].'</b>';
$error_message .= "<br />";
}
$error_message .= "\n";
Display :: display_error_message($error_message);
Display :: display_error_message($error_message, false);
}
$form->display();
?>
<p><?php echo get_lang('CSVMustLookLike').' ('.get_lang('MandatoryFields').')'; ?> :</p>
<blockquote>
<pre>
<b>UserName</b>;<b>ClassName</b>
jdoe;class01
adam;class01
</pre>
</blockquote>
<?php
/*
==============================================================================
FOOTER
==============================================================================
*/
Display :: display_footer();

3
main/admin/index.php
Unescape View File

@ -187,8 +187,7 @@ if (api_get_setting('use_session_mode') == 'true') {
} elseif (api_is_platform_admin()) {
$blocks['classes']['items'] = $items;
$blocks['classes']['items'] = $items;
$blocks['classes']['icon'] = Display::return_icon('group.gif', get_lang('AdminClasses'));
$blocks['classes']['label'] = api_ucfirst(get_lang('AdminClasses'));

77
main/inc/lib/classmanager.lib.php
Unescape View File

@ -7,12 +7,6 @@
/**
* Code
*/
require_once (api_get_path(LIBRARY_PATH).'course.lib.php');
/**
* This library contains some functions for class-management.
* @author Bart Mollet
* @package chamilo.library
*/
class ClassManager
{
/**
@ -20,8 +14,8 @@ class ClassManager
* note: This function can't be named get_class() because that's a standard
* php-function.
*/
function get_class_info($class_id)
{
function get_class_info($class_id) {
$class_id = intval($class_id);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE id='".$class_id."'";
$res = Database::query($sql);
@ -32,8 +26,8 @@ class ClassManager
* @param string $name The new name
* @param int $class_id The class id
*/
function set_name($name, $class_id)
{
function set_name($name, $class_id) {
$class_id = intval($class_id);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "UPDATE $table_class SET name='".Database::escape_string($name)."' WHERE id='".$class_id."'";
$res = Database::query($sql);
@ -42,8 +36,7 @@ class ClassManager
* Create a class
* @param string $name
*/
function create_class($name)
{
function create_class($name) {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "INSERT INTO $table_class SET name='".Database::escape_string($name)."'";
Database::query($sql);
@ -53,8 +46,7 @@ class ClassManager
* Check if a classname is allready in use
* @param string $name
*/
function class_name_exists($name)
{
function class_name_exists($name) {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE name='".Database::escape_string($name)."'";
$res = Database::query($sql);
@ -66,8 +58,8 @@ class ClassManager
* @todo Add option to unsubscribe class-members from the courses where the
* class was subscibed to
*/
function delete_class($class_id)
{
function delete_class($class_id) {
$class_id = intval($class_id);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
@ -83,15 +75,14 @@ class ClassManager
* @param int $class_id
* @return array
*/
function get_users($class_id)
{
function get_users($class_id) {
$class_id = intval($class_id);
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT * FROM $table_class_user cu, $table_user u WHERE cu.class_id = '".$class_id."' AND cu.user_id = u.user_id";
$res = Database::query($sql);
$users = array ();
while ($user = Database::fetch_array($res, 'ASSOC'))
{
while ($user = Database::fetch_array($res, 'ASSOC')) {
$users[] = $user;
}
return $users;
@ -102,14 +93,14 @@ class ClassManager
* @param int $user_id The user id
* @param int $class_id The class id
*/
function add_user($user_id, $class_id)
{
function add_user($user_id, $class_id) {
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$user_id = intval($user_id);
$class_id = intval($class_id);
$sql = "INSERT IGNORE INTO $table_class_user SET user_id = '".$user_id."', class_id='".$class_id."'";
Database::query($sql);
$courses = ClassManager :: get_courses($class_id);
foreach ($courses as $index => $course)
{
foreach ($courses as $index => $course) {
CourseManager :: subscribe_user($user_id, $course['course_code']);
}
}
@ -119,16 +110,16 @@ class ClassManager
* @param int $user_id The user id
* @param int $class_id The class id
*/
function unsubscribe_user($user_id, $class_id)
{
function unsubscribe_user($user_id, $class_id) {
$class_id = intval($class_id);
$user_id = intval($user_id);
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$courses = ClassManager :: get_courses($class_id);
if (count($courses) != 0)
{
if (count($courses) != 0) {
$course_codes = array ();
foreach ($courses as $index => $course)
{
foreach ($courses as $index => $course) {
$course_codes[] = $course['course_code'];
$sql = "SELECT DISTINCT user_id FROM $table_class_user t1, $table_course_class t2 WHERE t1.class_id=t2.class_id AND course_code = '".$course['course_code']."' AND user_id = $user_id AND t2.class_id<>'$class_id'";
$res = Database::query($sql);
@ -146,15 +137,14 @@ class ClassManager
* @param int $class_id
* @return array
*/
function get_courses($class_id)
{
function get_courses($class_id) {
$class_id = intval($class_id);
$table_class_course = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $table_class_course cc, $table_course c WHERE cc.class_id = '".$class_id."' AND cc.course_code = c.code";
$res = Database::query($sql);
$courses = array ();
while ($course = Database::fetch_array($res, 'ASSOC'))
{
while ($course = Database::fetch_array($res, 'ASSOC')) {
$courses[] = $course;
}
return $courses;
@ -164,8 +154,7 @@ class ClassManager
* @param int $class_id The class id
* @param string $course_code The course code
*/
function subscribe_to_course($class_id, $course_code)
{
function subscribe_to_course($class_id, $course_code) {
$tbl_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
@ -173,8 +162,7 @@ class ClassManager
Database::query($sql);
$sql = "SELECT user_id FROM $tbl_class_user WHERE class_id = '".Database::escape_string($class_id)."'";
$res = Database::query($sql);
while ($user = Database::fetch_object($res))
{
while ($user = Database::fetch_object($res)) {
CourseManager :: subscribe_user($user->user_id, $course_code);
}
}
@ -212,8 +200,8 @@ class ClassManager
* @param string $name The class name
* @return int the ID of the class
*/
function get_class_id($name)
{
function get_class_id($name) {
$name = Database::escape_string($name);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_class WHERE name='".$name."'";
$res = Database::query($sql);
@ -225,18 +213,15 @@ class ClassManager
* @param string $course_code
* @return array An array with all classes (keys: 'id','code','name')
*/
function get_classes_in_course($course_code)
{
function get_classes_in_course($course_code) {
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$sql = "SELECT cl.* FROM $table_class cl, $table_course_class cc WHERE cc.course_code = '".Database::escape_string($course_code)."' AND cc.class_id = cl.id";
$res = Database::query($sql);
$classes = array ();
while ($class = Database::fetch_array($res, 'ASSOC'))
{
while ($class = Database::fetch_array($res, 'ASSOC')) {
$classes[] = $class;
}
return $classes;
}
}
?>
}
Write Preview
Loading…
Cancel
Save