diff --git a/main/mySpace/access_details.php b/main/mySpace/access_details.php index 4ac86187c0..81ef7b6b73 100644 --- a/main/mySpace/access_details.php +++ b/main/mySpace/access_details.php @@ -133,7 +133,7 @@ include_once(api_get_path(LIBRARY_PATH).'pchart/pCache.class.php'); $connections = get_connections_to_course($user_id, $course_code); $i = 0; if (api_is_xml_http_request()) { - $type = $_GET['type']; + $type = Security::remove_XSS($_GET['type']); $main_year = $main_month_year = $main_day = array(); foreach ($connections as $key=>$data) { //creating the main array @@ -238,8 +238,19 @@ if (api_is_xml_http_request()) { } $nameTools= get_lang('AccessDetails'); -$interbreadcrumb[] = array ("url" => "../user/user.php?cidReq=".$_GET['course'], "name" => get_lang("Users")); -$interbreadcrumb[] = array ("url" => "myStudents.php?cidReq=".$_GET['course']."&student=".$_GET['student']."&details=true&origin=user_course", "name" => get_lang('DetailsStudentInCourse')); + + +//StudentDetails +if (isset($_GET['origin']) && strcmp($_GET['origin'],'tracking_course')===0) { + $interbreadcrumb[] = array ("url" => "../tracking/courseLog.php?cidReq=".Security::remove_XSS($_GET['course'])."&studentlist=true&id_session=".api_get_session_id(), "name" => get_lang("Tracking")); + $interbreadcrumb[] = array ("url" => "myStudents.php?student=".Security::remove_XSS($_GET['student'])."&details=true&origin=".Security::remove_XSS($_GET['origin'])."&course=".Security::remove_XSS($_GET['course']).'&cidReq='.Security::remove_XSS($_GET['course']), "name" => get_lang('DetailsStudentInCourse')); + $interbreadcrumb[] = array ("url" => "#", "name" => get_lang("Details")); +} elseif (isset($_GET['origin']) && strcmp($_GET['origin'],'user_course')===0) { + $interbreadcrumb[] = array ("url" => "../user/user.php?cidReq=".Security::remove_XSS($_GET['course']), "name" => get_lang("Users")); + $interbreadcrumb[] = array ("url" => "myStudents.php?student=".Security::remove_XSS($_GET['student'])."&details=true&origin=".Security::remove_XSS($_GET['origin'])."&course=".Security::remove_XSS($_GET['course']).'&cidReq='.Security::remove_XSS($_GET['course']), "name" => get_lang('DetailsStudentInCourse')); + $interbreadcrumb[] = array ("url" => "#", "name" => get_lang("Details")); +} + $htmlHeadXtra[] = ''; //jQuery $htmlHeadXtra[] = ''; @@ -254,7 +265,7 @@ $(function() { ' ; -Display :: display_header($nameTools); +Display :: display_header(''); $TBL_USERINFO_DEF = Database :: get_course_table(TABLE_USER_INFO); $mainUserInfo = api_get_user_info($user_id, $course_code); @@ -264,10 +275,10 @@ $main_date_array = array(); foreach ($connections as $key=>$data) { $result_to_print .= '  '.date('d-m-Y (H:i:s)',$data['login']).' - '.calculHours($data['logout']-$data['login']).'
'."\n"; } - -echo '',get_lang('User'),': ',$mainUserInfo['firstName'],' ',$mainUserInfo['lastName'],'
'; -echo ''.get_lang('Course').': ',$course_code,'

'; - +api_display_tool_title(get_lang('DetailsStudentInCourse')); +echo '
'; +echo ''.get_lang('User').': '.$mainUserInfo['firstName'].' '.$mainUserInfo['lastName'].'     '.get_lang('Course').': '.$course_code.'
'; +echo '
'; ?>

'; -echo '',get_lang('DateAndTimeOfAccess'),' - ',get_lang('Duration'),'

'; +echo '
',get_lang('DateAndTimeOfAccess'),' - ',get_lang('Duration'),'

'; echo $result_to_print; /* Login time against logout time diff --git a/main/mySpace/myStudents.php b/main/mySpace/myStudents.php index ae58b4e899..a0c2f8c8f6 100644 --- a/main/mySpace/myStudents.php +++ b/main/mySpace/myStudents.php @@ -1,4 +1,4 @@ - api_get_path(WEB_COURSE_PATH).$course_infos['directory'], 'name' => $course_infos['title']); } - $interbreadcrumb[] = array ("url" => "../user/user.php?cidReq=".$_GET['course'], "name" => get_lang("Users")); + $interbreadcrumb[] = array ("url" => "../user/user.php?cidReq=".$get_course_code, "name" => get_lang("Users")); } else if (!empty($_GET['origin']) && $_GET['origin'] == 'tracking_course') { - $course_infos = CourseManager :: get_course_information($_GET['course']); + $course_infos = CourseManager :: get_course_information($get_course_code); if (empty($cidReq)) { $interbreadcrumb[] = array ("url" => api_get_path(WEB_COURSE_PATH).$course_infos['directory'], 'name' => $course_infos['title']); } - $interbreadcrumb[] = array ("url" => "../tracking/courseLog.php?cidReq=".$_GET['course'].'&studentlist=true&id_session='.(empty($_SESSION['id_session'])?'':$_SESSION['id_session']), "name" => get_lang("Tracking")); + $interbreadcrumb[] = array ("url" => "../tracking/courseLog.php?cidReq=".$get_course_code.'&studentlist=true&id_session='.(empty($_SESSION['id_session'])?'':$_SESSION['id_session']), "name" => get_lang("Tracking")); } else if (!empty($_GET['origin']) && $_GET['origin'] == 'resume_session') { $interbreadcrumb[]=array('url' => '../admin/index.php',"name" => get_lang('PlatformAdmin')); $interbreadcrumb[]=array('url' => "../admin/session_list.php","name" => get_lang('SessionList')); - $interbreadcrumb[]=array('url' => "../admin/resume_session.php?id_session=".$_GET['id_session'],"name" => get_lang('SessionOverview')); + $interbreadcrumb[]=array('url' => "../admin/resume_session.php?id_session=".Security::remove_XSS($_GET['id_session']),"name" => get_lang('SessionOverview')); } else { $interbreadcrumb[] = array ("url" => "index.php", "name" => get_lang('MySpace')); if (isset($_GET['id_coach']) && intval($_GET['id_coach'])!=0) { - $interbreadcrumb[] = array ("url" => "student.php?id_coach=".$_GET['id_coach'], "name" => get_lang("CoachStudents")); - $interbreadcrumb[] = array ("url" => "myStudents.php?student=".$_GET['student'].'&id_coach='.$_GET['id_coach'], "name" => get_lang("StudentDetails")); + $interbreadcrumb[] = array ("url" => "student.php?id_coach=".Security::remove_XSS($_GET['id_coach']), "name" => get_lang("CoachStudents")); + $interbreadcrumb[] = array ("url" => "myStudents.php?student=".Security::remove_XSS($_GET['student']).'&id_coach='.Security::remove_XSS($_GET['id_coach']), "name" => get_lang("StudentDetails")); } else { $interbreadcrumb[] = array ("url" => "student.php", "name" => get_lang("MyStudents")); - $interbreadcrumb[] = array ("url" => "myStudents.php?student=".$_GET['student'], "name" => get_lang("StudentDetails")); + $interbreadcrumb[] = array ("url" => "myStudents.php?student=".Security::remove_XSS($_GET['student']), "name" => get_lang("StudentDetails")); } } $nameTools=get_lang("DetailsStudentInCourse"); @@ -195,7 +195,8 @@ if(!empty($_GET['student'])) // is the user online ? $statistics_database = Database :: get_statistic_database(); - $a_usersOnline = WhoIsOnline($_GET['student'], $statistics_database, 30); + $student_on_line=Security::remove_XSS($_GET['student']); + $a_usersOnline = WhoIsOnline($student_on_line, $statistics_database, 30); foreach($a_usersOnline as $a_online) { if(in_array($_GET['student'],$a_online)) @@ -210,7 +211,7 @@ if(!empty($_GET['student'])) } $avg_student_progress = $avg_student_score = $nb_courses = 0; - $sql = 'SELECT course_code FROM '.$tbl_course_user.' WHERE user_id='.$a_infosUser['user_id']; + $sql = 'SELECT course_code FROM '.$tbl_course_user.' WHERE user_id='.Database::escape_string($a_infosUser['user_id']); $rs = api_sql_query($sql, __FILE__, __LINE__); $a_courses = array(); while($row = Database :: fetch_array($rs)) @@ -226,17 +227,17 @@ if(!empty($_GET['student'])) $a_courses[$row['course_code']] = $row['course_code']; } - - if(!CourseManager::is_user_subscribed_in_course($a_infosUser['user_id'], $_GET['course'], true)) + $course_id=Security::remove_XSS($_GET['course']); + if(!CourseManager::is_user_subscribed_in_course($a_infosUser['user_id'],$course_id, true)) { unset($a_courses[$key]); } else { $nb_courses++; - $avg_student_progress = Tracking :: get_avg_student_progress($a_infosUser['user_id'],$_GET['course']); + $avg_student_progress = Tracking :: get_avg_student_progress($a_infosUser['user_id'],$course_id); //the score inside the Reporting table - $avg_student_score = Tracking :: get_avg_student_score($a_infosUser['user_id'],$_GET['course']); + $avg_student_score = Tracking :: get_avg_student_score($a_infosUser['user_id'],$course_id); } $avg_student_progress = round($avg_student_progress,2); @@ -252,7 +253,7 @@ if(!empty($_GET['student'])) $last_connection_date=get_lang('NoConnexion'); } - $time_spent_on_the_course = api_time_to_hms(Tracking :: get_time_spent_on_the_course($a_infosUser['user_id'], $_GET['course'])); + $time_spent_on_the_course = api_time_to_hms(Tracking :: get_time_spent_on_the_course($a_infosUser['user_id'], $course_id)); // cvs informations $csv_content[] = array(get_lang('Informations')); $csv_content[] = array(get_lang('Name'), get_lang('Email'), get_lang('Tel')); @@ -455,7 +456,7 @@ if(!empty($_GET['student'])) { //only show link to connection details if course and student were defined in the URL echo ''; echo ''; - echo '  '.get_lang('AccessDetails').' '; + echo '  '.get_lang('AccessDetails').' '; echo ''; echo ''; } @@ -472,8 +473,8 @@ if(!empty($_GET['student']))