Format code, adding Database::escape_string() due recent merge.

1.9.x
Julio Montoya 11 years ago
parent 7f7aa78051
commit 39daaec711
  1. 268
      main/course_description/course_description_controller.php
  2. 64
      main/exercice/exercise.class.php
  3. 23
      main/inc/lib/tracking.lib.php
  4. 4
      main/inc/lib/usermanager.lib.php

@ -2,190 +2,183 @@
/* For licensing terms, see /license.txt */
/**
* Class CourseDescriptionController
* This file contains class used like controller, it should be included inside a dispatcher file (e.g: index.php)
* @author Christian Fasanando <christian1827@gmail.com>
* @package chamilo.course_description
*/
class CourseDescriptionController
{
private $toolname;
private $view;
/**
* Controller script. Prepares the common background variables to give to the scripts corresponding to
* the requested action
* @package chamilo.course_description
*/
class CourseDescriptionController { // extends Controller {
private $toolname;
private $view;
/**
* Constructor
*/
public function __construct() {
$this->toolname = 'course_description';
$this->view = new View($this->toolname);
public function __construct()
{
$this->toolname = 'course_description';
$this->view = new View($this->toolname);
}
/**
* It's used for listing course description,
* render to listing view
* @param boolean true for listing history (optional)
* @param array message for showing by action['edit','add','destroy'] (optional)
* @param array message for showing by action['edit','add','destroy'] (optional)
*/
public function listing($history=false, $messages=array()) {
public function listing($history=false, $messages=array())
{
$course_description = new CourseDescription();
$session_id = api_get_session_id();
$course_description->set_session_id($session_id);
$data = array();
$course_description_data = $course_description->get_description_data();
$data['descriptions'] = $course_description_data['descriptions'];
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['messages'] = $messages;
$course_description->set_session_id($session_id);
$data = array();
$course_description_data = $course_description->get_description_data();
$data['descriptions'] = $course_description_data['descriptions'];
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['messages'] = $messages;
$browser = api_get_navigator();
if (strpos($data['descriptions'], '<iframe') !== false && $browser['name'] == 'Chrome') {
header("X-XSS-Protection: 0");
}
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('listing');
$this->view->render();
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('listing');
$this->view->render();
}
/**
* It's used for editing a course description,
* render to listing or edit view
* @param int description type
*/
public function edit($id, $description_type)
{
$course_description = new CourseDescription();
$session_id = api_get_session_id();
$course_description->set_session_id($session_id);
$data = array();
$data['id'] = $id;
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) {
$check = Security::check_token();
if ($check) {
$title = $_POST['title'];
if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
$content = WCAG_Rendering::prepareXHTML();
} else {
$content = $_POST['contentDescription'];
}
$description_type = $_POST['description_type'];
$id = $_POST['id'];
$progress = $_POST['progress'];
$course_description->set_description_type($description_type);
$course_description->set_title($title);
$course_description->set_content($content);
$course_description->set_progress($progress);
$thematic_advance = $course_description->get_data_by_id($id);
if (!empty($thematic_advance)) {
$course_description->set_id($id);
$affected_rows = $course_description->update();
} else {
$affected_rows = $course_description->insert();
}
Security::clear_token();
{
$course_description = new CourseDescription();
$session_id = api_get_session_id();
$course_description->set_session_id($session_id);
$data = array();
$data['id'] = $id;
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) {
$check = Security::check_token();
if ($check) {
$title = $_POST['title'];
if (api_get_setting('wcag_anysurfer_public_pages') == 'true') {
$content = WCAG_Rendering::prepareXHTML();
} else {
$content = $_POST['contentDescription'];
}
$description_type = $_POST['description_type'];
$id = $_POST['id'];
$progress = $_POST['progress'];
$course_description->set_description_type($description_type);
$course_description->set_title($title);
$course_description->set_content($content);
$course_description->set_progress($progress);
$thematic_advance = $course_description->get_data_by_id($id);
if ($affected_rows) {
$message['edit'] = true;
if (!empty($thematic_advance)) {
$course_description->set_id($id);
$affected_rows = $course_description->update();
} else {
$affected_rows = $course_description->insert();
}
$this->listing(false, $message);
} else {
$data['error'] = 1;
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information();
$data['description_title'] = $_POST['title'];
$data['description_content'] = $_POST['contentDescription'];
$data['description_type'] = $_POST['description_type'];
$data['progress'] = $_POST['progress'];
$data['descriptions'] = $course_description->get_data_by_id($_POST['id']);
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('edit');
$this->view->render();
Security::clear_token();
}
} else {
if ($affected_rows) {
$message['edit'] = true;
}
$this->listing(false, $message);
} else {
$data['error'] = 1;
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information();
$data['description_type'] = $description_type;
if (!empty($id)) {
if (isset($_GET['id_session'])) {
$session_id = intval($_GET['id_session']);
}
$course_description_data = $course_description->get_data_by_id($id, null, $session_id);
$data['description_type'] = $course_description_data['description_type'];
$data['description_title'] = $course_description_data['description_title'];
$data['description_content'] = $course_description_data['description_content'];
$data['progress'] = $course_description_data['progress'];
$data['descriptions'] = $course_description->get_data_by_description_type($description_type, null, $session_id);
}
// render to the view
$data['description_title'] = $_POST['title'];
$data['description_content'] = $_POST['contentDescription'];
$data['description_type'] = $_POST['description_type'];
$data['progress'] = $_POST['progress'];
$data['descriptions'] = $course_description->get_data_by_id($_POST['id']);
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('edit');
$this->view->render();
}
} else {
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information();
$data['description_type'] = $description_type;
if (!empty($id)) {
if (isset($_GET['id_session'])) {
$session_id = intval($_GET['id_session']);
}
$course_description_data = $course_description->get_data_by_id($id, null, $session_id);
$data['description_type'] = $course_description_data['description_type'];
$data['description_title'] = $course_description_data['description_title'];
$data['description_content'] = $course_description_data['description_content'];
$data['progress'] = $course_description_data['progress'];
$data['descriptions'] = $course_description->get_data_by_description_type($description_type, null, $session_id);
}
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('edit');
$this->view->render();
}
}
/**
* It's used for adding a course description,
* render to listing or add view
*/
public function add() {
/**
* It's used for adding a course description,
* render to listing or add view
*/
public function add()
{
$course_description = new CourseDescription();
$session_id = api_get_session_id();
$course_description->set_session_id($session_id);
$data = array();
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
$data = array();
if (strtoupper($_SERVER['REQUEST_METHOD']) == "POST") {
if (!empty($_POST['title']) && !empty($_POST['contentDescription'])) {
$check = Security::check_token();
$check = Security::check_token();
if ($check) {
$title = $_POST['title'];
if (api_get_setting('wcag_anysurfer_public_pages')=='true') {
$content = WCAG_Rendering::prepareXHTML();
} else {
$content = $_POST['contentDescription'];
}
$description_type = $_POST['description_type'];
if ($description_type >= ADD_BLOCK) {
}
$description_type = $_POST['description_type'];
if ($description_type >= ADD_BLOCK) {
$course_description->set_description_type($description_type);
$course_description->set_title($title);
$course_description->set_content($content);
$affected_rows = $course_description->insert(api_get_course_int_id());
}
Security::clear_token();
}
if ($affected_rows) {
$message['add'] = true;
Security::clear_token();
}
if ($affected_rows) {
$message['add'] = true;
}
$this->listing(false,$message);
$this->listing(false,$message);
} else {
$data['error'] = 1;
$data['default_description_titles'] = $course_description->get_default_description_title();
@ -195,43 +188,44 @@ class CourseDescriptionController { // extends Controller {
$data['information'] = $course_description->get_default_information();
$data['description_title'] = $_POST['title'];
$data['description_content'] = $_POST['contentDescription'];
$data['description_type'] = $_POST['description_type'];
$data['description_type'] = $_POST['description_type'];
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('add');
$this->view->set_template('add');
$this->view->render();
}
} else {
}
} else {
$data['default_description_titles'] = $course_description->get_default_description_title();
$data['default_description_title_editable'] = $course_description->get_default_description_title_editable();
$data['default_description_icon'] = $course_description->get_default_description_icon();
$data['question'] = $course_description->get_default_question();
$data['information'] = $course_description->get_default_information();
$data['description_type'] = $course_description->get_max_description_type();
$data['description_type'] = $course_description->get_max_description_type();
// render to the view
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('add');
$this->view->render();
$this->view->set_layout('layout');
$this->view->set_template('add');
$this->view->render();
}
}
/**
* It's used for destroy a course description,
* render to listing view
* @param int description type
*/
public function destroy($id) {
public function destroy($id)
{
$course_description = new CourseDescription();
$session_id = api_get_session_id();
$course_description->set_session_id($session_id);
$course_description->set_session_id($session_id);
if (!empty($id)) {
$course_description->set_id($id);
$affected_rows = $course_description->delete();
}
if ($affected_rows) {
$message['destroy'] = true;
}
$this->listing(false, $message);
if ($affected_rows) {
$message['destroy'] = true;
}
$this->listing(false, $message);
}
}

@ -4213,38 +4213,41 @@ class Exercise
{
return api_htmlentities($in_title);
}
/**
* @param int courseid
* @param int sessionid
* @param int $courseId
* @param int $sessionId
* @return array exercises
*/
public function getExercisesByCouseSession($courseId, $sessionId)
{
$courseId = intval($courseId);
$sessionId = intval($sessionId);
$tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST);
$sql = "SELECT * FROM $tbl_quiz cq "
. "WHERE "
. "cq.c_id = %s AND "
. "( cq.session_id = %s OR cq.session_id = 0 ) AND "
. "cq.active = 0 "
. "ORDER BY cq.id";
$sql = "SELECT * FROM $tbl_quiz cq
WHERE
cq.c_id = %s AND
(cq.session_id = %s OR cq.session_id = 0) AND
cq.active = 0
ORDER BY cq.id";
$sql = sprintf($sql, $courseId, $sessionId);
$result = Database::query($sql);
$rows = array();
while($row = Database::fetch_array($result, 'ASSOC')) {
$rows[] = $row;
while ($row = Database::fetch_array($result, 'ASSOC')) {
$rows[] = $row;
}
return $rows;
}
/**
* @param int courseid
* @param int sessionid
* @param array quizId
*
* @param int $courseId
* @param int $sessionId
* @param array $quizId
* @return array exercises
*/
public function getExerciseAndResult($courseId, $sessionId, $quizId = array())
@ -4253,14 +4256,12 @@ class Exercise
return array();
}
$ids = is_array($quizId) ? $quizId : array($quizId);
$ids = array_map('intval', $quizId);
$ids = implode(',', $quizId);
$sessionId = intval($sessionId);
$tbl_quiz = Database::get_course_table(TABLE_QUIZ_TEST);
$ids = is_array($quizId) ? $quizId : array($quizId);
$ids = array_map('intval', $ids);
$ids = implode(',', $ids);
$track_exercises = Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES);
$whSession = "";
if ($sessionId != 0) {
$sql = "SELECT * FROM $track_exercises te "
. "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id "
@ -4270,9 +4271,8 @@ class Exercise
. "te.session_id = %s AND "
. "cq.id IN (%s) "
. "ORDER BY cq.id ";
$sql = sprintf($sql, $courseId, $sessionId, $ids);
$whSession = "te.session_id = %s AND ";
} else {
$sql = "SELECT * FROM $track_exercises te "
. "INNER JOIN c_quiz cq ON cq.id = te.exe_exo_id "
@ -4283,16 +4283,12 @@ class Exercise
. "ORDER BY cq.id ";
$sql = sprintf($sql, $courseId, $ids);
}
$sql = sprintf($sql, $courseId, $sessionId, $ids);
$result = Database::query($sql);
$rows = array();
while($row = Database::fetch_array($result, 'ASSOC')) {
$rows[] = $row;
while ($row = Database::fetch_array($result, 'ASSOC')) {
$rows[] = $row;
}
return $rows;
}
}

@ -3980,13 +3980,16 @@ class Tracking
INNER JOIN $ttrack_attempt ta ON ta.exe_id = te.exe_id
INNER JOIN $tquiz q ON q.id = te.exe_exo_id
INNER JOIN $tquiz_rel_question rq ON rq.exercice_id = q.id AND rq.c_id = q.c_id
INNER JOIN $tquiz_question qq ON qq.id = rq.question_id
AND qq.c_id = rq.c_id
AND qq.position = rq.question_order
AND ta.question_id = rq.question_id
WHERE te.exe_cours_id = '$whereCourseCode' ".(empty($whereSessionParams)?'':"AND te.session_id IN ($whereSessionParams)")."
AND q.c_id = $courseIdx
$where $order $limit";
INNER JOIN $tquiz_question qq
ON
qq.id = rq.question_id AND
qq.c_id = rq.c_id AND
qq.position = rq.question_order AND
ta.question_id = rq.question_id
WHERE
te.exe_cours_id = '$whereCourseCode' ".(empty($whereSessionParams)?'':"AND te.session_id IN ($whereSessionParams)")."
AND q.c_id = $courseIdx
$where $order $limit";
$sql_query = vsprintf($sql, $whereParams);
// Now browse through the results and get the data
@ -4030,7 +4033,9 @@ class Tracking
}
// Now fill users data
$sqlUsers = "SELECT user_id, username, lastname, firstname FROM $tuser WHERE user_id IN (".implode(',',$userIds).")";
$sqlUsers = "SELECT user_id, username, lastname, firstname
FROM $tuser
WHERE user_id IN (".implode(',',$userIds).")";
$resUsers = Database::query($sqlUsers);
while ($rowUser = Database::fetch_assoc($resUsers)) {
$users[$rowUser['user_id']] = $rowUser;
@ -4064,8 +4069,6 @@ class Tracking
question,
answer,
*/
}
return $data;
}

@ -956,13 +956,15 @@ class UserManager
}
if (!is_null($order)) {
$order = Database::escape_string($order);
$sql .= ' ORDER BY ' . $order;
}
if (!is_null($limit)) {
$limit = Database::escape_string($limit);
$sql .= ' LIMIT ' . $limit;
}
$rs = Database::query($sql);
$result = array();
while ($row = Database::fetch_array($rs)) {

Loading…
Cancel
Save