diff --git a/main/course_description/course_description_controller.php b/main/course_description/course_description_controller.php index fb42c01d47..a95e01068a 100644 --- a/main/course_description/course_description_controller.php +++ b/main/course_description/course_description_controller.php @@ -2,190 +2,183 @@ /* For licensing terms, see /license.txt */ /** + * Class CourseDescriptionController * This file contains class used like controller, it should be included inside a dispatcher file (e.g: index.php) * @author Christian Fasanando * @package chamilo.course_description */ +class CourseDescriptionController +{ + private $toolname; + private $view; -/** - * Controller script. Prepares the common background variables to give to the scripts corresponding to - * the requested action - * @package chamilo.course_description - */ -class CourseDescriptionController { // extends Controller { - - private $toolname; - private $view; - /** * Constructor */ - public function __construct() { - $this->toolname = 'course_description'; - $this->view = new View($this->toolname); + public function __construct() + { + $this->toolname = 'course_description'; + $this->view = new View($this->toolname); } /** * It's used for listing course description, * render to listing view * @param boolean true for listing history (optional) - * @param array message for showing by action['edit','add','destroy'] (optional) + * @param array message for showing by action['edit','add','destroy'] (optional) */ - public function listing($history=false, $messages=array()) { + public function listing($history=false, $messages=array()) + { $course_description = new CourseDescription(); $session_id = api_get_session_id(); - $course_description->set_session_id($session_id); - $data = array(); - - $course_description_data = $course_description->get_description_data(); - - $data['descriptions'] = $course_description_data['descriptions']; - $data['default_description_titles'] = $course_description->get_default_description_title(); - $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); - $data['default_description_icon'] = $course_description->get_default_description_icon(); - $data['messages'] = $messages; - + $course_description->set_session_id($session_id); + $data = array(); + $course_description_data = $course_description->get_description_data(); + $data['descriptions'] = $course_description_data['descriptions']; + $data['default_description_titles'] = $course_description->get_default_description_title(); + $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); + $data['default_description_icon'] = $course_description->get_default_description_icon(); + $data['messages'] = $messages; $browser = api_get_navigator(); if (strpos($data['descriptions'], 'view->set_data($data); - $this->view->set_layout('layout'); - $this->view->set_template('listing'); - $this->view->render(); + + // render to the view + $this->view->set_data($data); + $this->view->set_layout('layout'); + $this->view->set_template('listing'); + $this->view->render(); } - + /** * It's used for editing a course description, * render to listing or edit view * @param int description type */ public function edit($id, $description_type) - { - $course_description = new CourseDescription(); - $session_id = api_get_session_id(); - $course_description->set_session_id($session_id); - $data = array(); - $data['id'] = $id; - if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { - if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) { - - $check = Security::check_token(); - if ($check) { - $title = $_POST['title']; - if (api_get_setting('wcag_anysurfer_public_pages') == 'true') { - $content = WCAG_Rendering::prepareXHTML(); - } else { - $content = $_POST['contentDescription']; - } - $description_type = $_POST['description_type']; - $id = $_POST['id']; - $progress = $_POST['progress']; - $course_description->set_description_type($description_type); - $course_description->set_title($title); - $course_description->set_content($content); - - $course_description->set_progress($progress); - - $thematic_advance = $course_description->get_data_by_id($id); - - if (!empty($thematic_advance)) { - $course_description->set_id($id); - $affected_rows = $course_description->update(); - } else { - $affected_rows = $course_description->insert(); - } - Security::clear_token(); + { + $course_description = new CourseDescription(); + $session_id = api_get_session_id(); + $course_description->set_session_id($session_id); + $data = array(); + $data['id'] = $id; + if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { + if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) { + $check = Security::check_token(); + if ($check) { + $title = $_POST['title']; + if (api_get_setting('wcag_anysurfer_public_pages') == 'true') { + $content = WCAG_Rendering::prepareXHTML(); + } else { + $content = $_POST['contentDescription']; } + $description_type = $_POST['description_type']; + $id = $_POST['id']; + $progress = $_POST['progress']; + $course_description->set_description_type($description_type); + $course_description->set_title($title); + $course_description->set_content($content); + $course_description->set_progress($progress); + $thematic_advance = $course_description->get_data_by_id($id); - if ($affected_rows) { - $message['edit'] = true; + if (!empty($thematic_advance)) { + $course_description->set_id($id); + $affected_rows = $course_description->update(); + } else { + $affected_rows = $course_description->insert(); } - $this->listing(false, $message); - } else { - $data['error'] = 1; - $data['default_description_titles'] = $course_description->get_default_description_title(); - $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); - $data['default_description_icon'] = $course_description->get_default_description_icon(); - $data['question'] = $course_description->get_default_question(); - $data['information'] = $course_description->get_default_information(); - $data['description_title'] = $_POST['title']; - $data['description_content'] = $_POST['contentDescription']; - $data['description_type'] = $_POST['description_type']; - $data['progress'] = $_POST['progress']; - $data['descriptions'] = $course_description->get_data_by_id($_POST['id']); - // render to the view - $this->view->set_data($data); - $this->view->set_layout('layout'); - $this->view->set_template('edit'); - $this->view->render(); + Security::clear_token(); } - } else { + if ($affected_rows) { + $message['edit'] = true; + } + $this->listing(false, $message); + } else { + $data['error'] = 1; $data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_icon'] = $course_description->get_default_description_icon(); $data['question'] = $course_description->get_default_question(); $data['information'] = $course_description->get_default_information(); - - $data['description_type'] = $description_type; - - if (!empty($id)) { - if (isset($_GET['id_session'])) { - $session_id = intval($_GET['id_session']); - } - $course_description_data = $course_description->get_data_by_id($id, null, $session_id); - $data['description_type'] = $course_description_data['description_type']; - $data['description_title'] = $course_description_data['description_title']; - $data['description_content'] = $course_description_data['description_content']; - $data['progress'] = $course_description_data['progress']; - $data['descriptions'] = $course_description->get_data_by_description_type($description_type, null, $session_id); - } - // render to the view + $data['description_title'] = $_POST['title']; + $data['description_content'] = $_POST['contentDescription']; + $data['description_type'] = $_POST['description_type']; + $data['progress'] = $_POST['progress']; + $data['descriptions'] = $course_description->get_data_by_id($_POST['id']); + // render to the view $this->view->set_data($data); $this->view->set_layout('layout'); $this->view->set_template('edit'); $this->view->render(); } + } else { + + $data['default_description_titles'] = $course_description->get_default_description_title(); + $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); + $data['default_description_icon'] = $course_description->get_default_description_icon(); + $data['question'] = $course_description->get_default_question(); + $data['information'] = $course_description->get_default_information(); + + $data['description_type'] = $description_type; + + if (!empty($id)) { + if (isset($_GET['id_session'])) { + $session_id = intval($_GET['id_session']); + } + $course_description_data = $course_description->get_data_by_id($id, null, $session_id); + $data['description_type'] = $course_description_data['description_type']; + $data['description_title'] = $course_description_data['description_title']; + $data['description_content'] = $course_description_data['description_content']; + $data['progress'] = $course_description_data['progress']; + $data['descriptions'] = $course_description->get_data_by_description_type($description_type, null, $session_id); + } + + // render to the view + $this->view->set_data($data); + $this->view->set_layout('layout'); + $this->view->set_template('edit'); + $this->view->render(); } + } - /** - * It's used for adding a course description, - * render to listing or add view - */ - public function add() { + /** + * It's used for adding a course description, + * render to listing or add view + */ + public function add() + { $course_description = new CourseDescription(); $session_id = api_get_session_id(); $course_description->set_session_id($session_id); - - $data = array(); - if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { + + $data = array(); + if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") { if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) { - - $check = Security::check_token(); + + $check = Security::check_token(); if ($check) { $title = $_POST['title']; if (api_get_setting('wcag_anysurfer_public_pages')=='true') { $content = WCAG_Rendering::prepareXHTML(); } else { $content = $_POST['contentDescription']; - } - $description_type = $_POST['description_type']; - if ($description_type >= ADD_BLOCK) { + } + $description_type = $_POST['description_type']; + if ($description_type >= ADD_BLOCK) { $course_description->set_description_type($description_type); $course_description->set_title($title); $course_description->set_content($content); $affected_rows = $course_description->insert(api_get_course_int_id()); } - Security::clear_token(); - } - if ($affected_rows) { - $message['add'] = true; + Security::clear_token(); + } + if ($affected_rows) { + $message['add'] = true; } - $this->listing(false,$message); + $this->listing(false,$message); } else { $data['error'] = 1; $data['default_description_titles'] = $course_description->get_default_description_title(); @@ -195,43 +188,44 @@ class CourseDescriptionController { // extends Controller { $data['information'] = $course_description->get_default_information(); $data['description_title'] = $_POST['title']; $data['description_content'] = $_POST['contentDescription']; - $data['description_type'] = $_POST['description_type']; + $data['description_type'] = $_POST['description_type']; $this->view->set_data($data); $this->view->set_layout('layout'); - $this->view->set_template('add'); + $this->view->set_template('add'); $this->view->render(); - } - } else { + } + } else { $data['default_description_titles'] = $course_description->get_default_description_title(); $data['default_description_title_editable'] = $course_description->get_default_description_title_editable(); $data['default_description_icon'] = $course_description->get_default_description_icon(); $data['question'] = $course_description->get_default_question(); $data['information'] = $course_description->get_default_information(); - $data['description_type'] = $course_description->get_max_description_type(); + $data['description_type'] = $course_description->get_max_description_type(); // render to the view $this->view->set_data($data); - $this->view->set_layout('layout'); - $this->view->set_template('add'); - $this->view->render(); + $this->view->set_layout('layout'); + $this->view->set_template('add'); + $this->view->render(); } } - + /** * It's used for destroy a course description, * render to listing view * @param int description type */ - public function destroy($id) { + public function destroy($id) + { $course_description = new CourseDescription(); $session_id = api_get_session_id(); - $course_description->set_session_id($session_id); + $course_description->set_session_id($session_id); if (!empty($id)) { $course_description->set_id($id); $affected_rows = $course_description->delete(); - } - if ($affected_rows) { - $message['destroy'] = true; } - $this->listing(false, $message); + if ($affected_rows) { + $message['destroy'] = true; + } + $this->listing(false, $message); } } diff --git a/main/exercice/exercise.class.php b/main/exercice/exercise.class.php index 198f8ac292..eb6abe39d6 100644 --- a/main/exercice/exercise.class.php +++ b/main/exercice/exercise.class.php @@ -4213,38 +4213,41 @@ class Exercise { return api_htmlentities($in_title); } - + /** - * @param int courseid - * @param int sessionid + * @param int $courseId + * @param int $sessionId * @return array exercises */ public function getExercisesByCouseSession($courseId, $sessionId) { + $courseId = intval($courseId); + $sessionId = intval($sessionId); + $tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST); - $sql = "SELECT * FROM $tbl_quiz cq " - . "WHERE " - . "cq.c_id = %s AND " - . "( cq.session_id = %s OR cq.session_id = 0 ) AND " - . "cq.active = 0 " - . "ORDER BY cq.id"; + $sql = "SELECT * FROM $tbl_quiz cq + WHERE + cq.c_id = %s AND + (cq.session_id = %s OR cq.session_id = 0) AND + cq.active = 0 + ORDER BY cq.id"; $sql = sprintf($sql, $courseId, $sessionId); - + $result = Database::query($sql); - + $rows = array(); - while($row = Database::fetch_array($result, 'ASSOC')) { - $rows[] = $row; + while ($row = Database::fetch_array($result, 'ASSOC')) { + $rows[] = $row; } - + return $rows; } - - + /** - * @param int courseid - * @param int sessionid - * @param array quizId + * + * @param int $courseId + * @param int $sessionId + * @param array $quizId * @return array exercises */ public function getExerciseAndResult($courseId, $sessionId, $quizId = array()) @@ -4253,14 +4256,12 @@ class Exercise return array(); } - $ids = is_array($quizId) ? $quizId : array($quizId); - $ids = array_map('intval', $quizId); - $ids = implode(',', $quizId); + $sessionId = intval($sessionId); - $tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST); + $ids = is_array($quizId) ? $quizId : array($quizId); + $ids = array_map('intval', $ids); + $ids = implode(',', $ids); $track_exercises = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES); - - $whSession = ""; if ($sessionId != 0) { $sql = "SELECT * FROM $track_exercises te " . "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id " @@ -4270,9 +4271,8 @@ class Exercise . "te.session_id = %s AND " . "cq.id IN (%s) " . "ORDER BY cq.id "; - + $sql = sprintf($sql, $courseId, $sessionId, $ids); - $whSession = "te.session_id = %s AND "; } else { $sql = "SELECT * FROM $track_exercises te " . "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id " @@ -4283,16 +4283,12 @@ class Exercise . "ORDER BY cq.id "; $sql = sprintf($sql, $courseId, $ids); } - - $sql = sprintf($sql, $courseId, $sessionId, $ids); - $result = Database::query($sql); - $rows = array(); - while($row = Database::fetch_array($result, 'ASSOC')) { - $rows[] = $row; + while ($row = Database::fetch_array($result, 'ASSOC')) { + $rows[] = $row; } - + return $rows; } } diff --git a/main/inc/lib/tracking.lib.php b/main/inc/lib/tracking.lib.php index 7b2c2501bd..9e590e016f 100644 --- a/main/inc/lib/tracking.lib.php +++ b/main/inc/lib/tracking.lib.php @@ -3980,13 +3980,16 @@ class Tracking INNER JOIN $ttrack_attempt ta ON ta.exe_id = te.exe_id INNER JOIN $tquiz q ON q.id = te.exe_exo_id INNER JOIN $tquiz_rel_question rq ON rq.exercice_id = q.id AND rq.c_id = q.c_id - INNER JOIN $tquiz_question qq ON qq.id = rq.question_id - AND qq.c_id = rq.c_id - AND qq.position = rq.question_order - AND ta.question_id = rq.question_id - WHERE te.exe_cours_id = '$whereCourseCode' ".(empty($whereSessionParams)?'':"AND te.session_id IN ($whereSessionParams)")." - AND q.c_id = $courseIdx - $where $order $limit"; + INNER JOIN $tquiz_question qq + ON + qq.id = rq.question_id AND + qq.c_id = rq.c_id AND + qq.position = rq.question_order AND + ta.question_id = rq.question_id + WHERE + te.exe_cours_id = '$whereCourseCode' ".(empty($whereSessionParams)?'':"AND te.session_id IN ($whereSessionParams)")." + AND q.c_id = $courseIdx + $where $order $limit"; $sql_query = vsprintf($sql, $whereParams); // Now browse through the results and get the data @@ -4030,7 +4033,9 @@ class Tracking } // Now fill users data - $sqlUsers = "SELECT user_id, username, lastname, firstname FROM $tuser WHERE user_id IN (".implode(',',$userIds).")"; + $sqlUsers = "SELECT user_id, username, lastname, firstname + FROM $tuser + WHERE user_id IN (".implode(',',$userIds).")"; $resUsers = Database::query($sqlUsers); while ($rowUser = Database::fetch_assoc($resUsers)) { $users[$rowUser['user_id']] = $rowUser; @@ -4064,8 +4069,6 @@ class Tracking question, answer, */ - - } return $data; } diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php index 922c61719d..000aae1251 100644 --- a/main/inc/lib/usermanager.lib.php +++ b/main/inc/lib/usermanager.lib.php @@ -956,13 +956,15 @@ class UserManager } if (!is_null($order)) { + $order = Database::escape_string($order); $sql .= ' ORDER BY ' . $order; } if (!is_null($limit)) { + $limit = Database::escape_string($limit); $sql .= ' LIMIT ' . $limit; } - + $rs = Database::query($sql); $result = array(); while ($row = Database::fetch_array($rs)) {