[svn r14753] Améliorer l'outil Travaux : affichage des répertoires (FS#2395)

18 years ago · 40802af8eb
parent 41912d4513
commit 40802af8eb
7 changed files with 990 additions and 614 deletions
--- a/main/install/index.php
+++ b/main/install/index.php
@ -99,7 +99,7 @@ $update_from_version_6=array('1.6','1.6.1','1.6.2','1.6.3','1.6.4','1.6.5');
 //upgrading from any subversion of 1.8 avoids the additional step of upgrading from 1.6
 $update_from_version_8=array('1.8','1.8.2','1.8.3','1.8.4');
 $my_old_version = '';
-$tmp_version = get_config_param('dokeos_verion');
+$tmp_version = get_config_param('dokeos_version');
 if(!empty($_POST['old_version']))
 {
 	$my_old_version = $_POST['old_version'];
--- a/main/install/install_functions.inc.php
+++ b/main/install/install_functions.inc.php
@ -240,7 +240,9 @@ function get_config_param($param,$updatePath='')
 					$configFile[$enreg[0]]=$enreg[1];
-					if($enreg[0] == $param)
+					$a=explode("'",$enreg[0]);
 					$key_tmp=$a[1];							
 					if($key_tmp== $param)					
 					{					
 						$val=$enreg[1];					
 					} 
--- a/main/install/install_upgrade.lib.php
+++ b/main/install/install_upgrade.lib.php
@ -3,7 +3,7 @@
 ==============================================================================
 	Dokeos - elearning and course management software
-	Copyright (c) 2004-2005 Dokeos S.A.
+	Copyright (c) 2004-2008 Dokeos S.P.R.L
 	Copyright (c) Roan Embrechts, Vrije Universiteit Brussel
 	Copyright (c) Bart Mollet, Hogeschool Gent
@ -17,7 +17,7 @@
 	See the GNU General Public License for more details.
-	Contact address: Dokeos, 44 rue des palais, B-1030 Brussels, Belgium
+	Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
 	Mail: info@dokeos.com
 ==============================================================================
 */
@ -492,4 +492,28 @@ function get_sql_file_contents($file,$section,$print_errors=true)
 	//now we have our section's SQL statements group ready, return
 	return $section_contents;
 }
 function directory_to_array($directory)
 {
 	$array_items = array();
 	if ($handle = opendir($directory)) 
 	{
 		while (false !== ($file = readdir($handle))) 
 		{
 			if ($file != "." && $file != "..") 
 			{
 				if (is_dir($directory. "/" . $file)) 
 				{
 					$array_items = array_merge($array_items, directoryToArray($directory. "/" . $file));					
 					$file = $directory . "/" . $file;					
 					$array_items[] = preg_replace("/\/\//si", "/", $file);
 				}	
 			}
 		}
 		closedir($handle);
 	}
 	return $array_items;
 }
 ?>
--- a/main/install/migrate-db-1.8.4-1.8.5-pre.sql
+++ b/main/install/migrate-db-1.8.4-1.8.5-pre.sql
@ -109,3 +109,4 @@ INSERT INTO course_setting(variable,value,category) VALUES ('allow_learning_path
 ALTER TABLE forum_post ADD INDEX idx_forum_post_thread_id (thread_id);
 ALTER TABLE forum_post ADD INDEX idx_forum_post_visible (visible);
 ALTER TABLE forum_thread ADD INDEX idx_forum_thread_forum_id (forum_id);
 ALTER TABLE student_publication ADD COLUMN filetype SET('file','folder')  NOT NULL DEFAULT 'file' AFTER sent_date;
--- a/main/install/update-db-1.8.4-1.8.5.inc.php
+++ b/main/install/update-db-1.8.4-1.8.5.inc.php
@ -1,4 +1,4 @@
-<?php // $Id: update-db-1.8.4-1.8.5.inc.php 14543 2008-03-09 17:32:54Z yannoo $
+<?php // $Id: update-db-1.8.4-1.8.5.inc.php 14753 2008-04-03 22:20:25Z juliomontoya $
 /* See license terms in /dokeos_license.txt */
 /**
 ==============================================================================
@ -14,6 +14,7 @@
 ==============================================================================
 */
 //load helper functions
 require_once("install_upgrade.lib.php");
@ -229,21 +230,30 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 	$prefix = ''; 
 	if ($singleDbForm)
 	{
-		$prefix = $_configuration['table_prefix'];
+		$prefix =  get_config_param ('table_prefix');			
 	}
 	//get the courses databases queries list (c_q_list)
 	$c_q_list = get_sql_file_contents('migrate-db-'.$old_file_version.'-'.$new_file_version.'-pre.sql','course');
 	if(count($c_q_list)>0)
 	{
 		//get the courses list
-		if(strlen($dbNameForm)>40){
+		if(strlen($dbNameForm)>40)
 		{
 			error_log('Database name '.$dbNameForm.' is too long, skipping',0);
-		}elseif(!in_array($dbNameForm,$dblist)){
+		}
 		elseif(!in_array($dbNameForm,$dblist))
 		{
 			error_log('Database '.$dbNameForm.' was not found, skipping',0);				
-		}else{
+		}
 		else
 		{
 			mysql_select_db($dbNameForm);
 			$res = mysql_query("SELECT code,db_name,directory,course_language FROM course WHERE target_course_code IS NULL");
 			if($res===false){die('Error while querying the courses list in update_db.inc.php');}
 			if(mysql_num_rows($res)>0)
 			{
 				$i=0;
@ -275,7 +285,9 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 						if($only_test)
 						{
 							error_log("mysql_query(".$row_course['db_name'].",$query)",0);
-						}else{
+						}
 						else
 						{
 							$res = mysql_query($query);						
 							if($log)
 							{
@ -285,12 +297,15 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 					}
 					$mytable = $row_course['db_name'].".lp_item";
 					if($singleDbForm)
 					{
 						$mytable = "$prefix{$row_course['db_name']}_lp_item";
 					}
 					$mysql = "SELECT * FROM $mytable WHERE min_score != 0 AND prerequisite != ''";
 					$myres = mysql_query($query);
 					if($myres!==false && mysql_num_rows($myres)>0)
 					{
 						while($myrow = mysql_fetch_array($myres))
@ -309,7 +324,52 @@ if (defined('DOKEOS_INSTALL') || defined('DOKEOS_COURSE_UPDATE'))
 							}
 						}
 					}
-					$sql = "UPDATE $mydb.lp_item SET ";
+										
 					// Work Tool Folder Update
 					// we search into DB all the folders in the work tool
 					if($singleDbForm)
 					{																								
 						$my_course_table = "$prefix{$row_course['db_name']}_student_publication";																
 					}
 					else
 					{															
 						$my_course_table = $row_course['db_name'].".student_publication";
 					}					
 					$sys_course_path = $_configuration['root_sys'].$_configuration['course_folder'];
 					$course_dir=$sys_course_path.$row_course['directory'].'/work';
 					$dir_to_array =directory_to_array($course_dir,true);					
 					$only_dir=array();
 					$sql_select= "SELECT filetype FROM " . $my_course_table . " WHERE  filetype = 'folder'";
 					$result = mysql_query($sql_select);
 					$num_row=mysql_num_rows($result);
 					// check if there are already folder registered  
 					if ($num_row == 0)
 					{			
 						for($i=0;$i<count($dir_to_array);$i++)
 						{
 							$only_dir[]=substr($dir_to_array[$i],strlen($course_dir), strlen($dir_to_array[$i]));				
 						}
 						for($i=0;$i<count($only_dir);$i++)
 						{							
 							$sql_insert_all= "INSERT INTO " . $my_course_table . " SET url = '" . $only_dir[$i] . "', " .
 											"title        = '',
 											description 	= '',
 									    	author      	= '',
 											active		= '0',
 											accepted	= '1',
 											filetype	= 'folder',
 											post_group_id 	= '0',
 											sent_date	= '0000-00-00 00:00:00' ";		  
 							mysql_query($sql_insert_all);
 						}
 					}
 				}
 			}
 		}
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@ -3,7 +3,7 @@
 ==============================================================================
 	Dokeos - elearning and course management software
-	Copyright (c) 2004-2008 Dokeos S.A.
+	Copyright (c) 2004-2008 Dokeos SPRL
 	For a full list of contributors, see "credits.txt".
 	The full license can be read in "license.txt".
@ -267,72 +267,138 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
 	{
 		$sql_get_publications_list = 	"SELECT * " .
 										"FROM  ".$work_table." " .
-										"WHERE url LIKE '$sub_course_dir%' " .
+										"WHERE url LIKE BINARY '$sub_course_dir%' " .
-										"AND url NOT LIKE '$sub_course_dir%/%' " .
+										"AND url NOT LIKE BINARY '$sub_course_dir%/%' " .
 		                 				"ORDER BY id";
 		$sql_get_publications_num = 	"SELECT count(*) " .
 										"FROM  ".$work_table." " .
 										"WHERE url LIKE BINARY '$sub_course_dir%' " .
 										"AND url NOT LIKE BINARY '$sub_course_dir%/%' " .
 		                 				"ORDER BY id";
 	}
 	else
 	{
 		if (!empty($_SESSION['toolgroup']))
 		{
 			$group_query = " WHERE post_group_id = '".$_SESSION['toolgroup']."' "; // set to select only messages posted by the user's group
-			$subdirs_query = "AND url NOT LIKE '$sub_course_dir%/%' AND url LIKE '$sub_course_dir%'";
+			$subdirs_query = "AND url NOT LIKE BINARY '$sub_course_dir%/%' AND url LIKE BINARY '$sub_course_dir%'";
 		}
 		else
 		{
 			$group_query = '';
 			$subdirs_query = "WHERE url NOT LIKE '$sub_course_dir%/%' AND url LIKE '$sub_course_dir%'";
 		}
 		$sql_get_publications_list =	"SELECT * FROM  $work_table $group_query $subdirs_query ORDER BY id";
 		$sql_get_publications_num = "SELECT count(url) " .
 										"FROM  ".$work_table." " .
 										"WHERE url LIKE BINARY '$sub_course_dir%' " .
 										"AND url NOT LIKE BINARY '$sub_course_dir%/%' " .
 		                 				"ORDER BY id";
 	}
 	$sql_result = api_sql_query($sql_get_publications_list,__FILE__,__LINE__);
 	$sql_result_num = api_sql_query($sql_get_publications_num,__FILE__,__LINE__);
 	$row=Database::fetch_array($sql_result_num);
 	$count_files=$row[0];
 	$table_header[] = array(get_lang('Type'),true,'style="width:40px"');
 	$table_header[] = array(get_lang('Title'),true);
-	//$table_header[] = array(get_lang('Description'),true);
+		
 	if ($count_files!=0)
 	{
 		$table_header[] = array(get_lang('Authors'),true);
 	}
 	$table_header[] = array(get_lang('Date'),true);
-	//if( $is_allowed_to_edit)
+	
-	//{
+	if( $is_allowed_to_edit)
 	{
 	$table_header[] = array(get_lang('Modify'),true);
-	//}
+	}
 	$table_header[] = array('RealDate',false);
 	// An array with the setting of the columns -> 1: columns that we will show, 0:columns that will be hide 
-	$column_show[]=1;
+	$column_show[]=1; // type
-	$column_show[]=1;
+	$column_show[]=1; // title
-	$column_show[]=1;
+	
-	$column_show[]=1;
+	if ($count_files!=0)
-	$column_show[]=1;
+	{
-	$column_show[]=0;	
+		$column_show[]=1;	 // authors
 	}
 	$column_show[]=1; //date
 	if( $is_allowed_to_edit)
 	{
 		$column_show[]=1; //modify
 	}
 	$column_show[]=0;	 //real date in correct format
 	// Here we change the way how the colums are going to be sort
 	// in this case the the column of LastResent ( 4th element in $column_header) we will be order like the column RealDate 
 	// because in the column RealDate we have the days in a correct format "2008-03-12 10:35:48"
-	$column_order[]=1;
+	$column_order[]=1; //type
-	$column_order[]=2;
+	$column_order[]=2; // title
-	$column_order[]=3;
+	
-	$column_order[]=6;
+	if ($count_files!=0)
 	{
 		$column_order[]=3; //authors
 	}
 	$column_order[]=6; // date
 	if( $is_allowed_to_edit)
 	{
 		$column_order[]=5;
 	}
 	$column_order[]=6;
 	$table_data = array();
 	$dirs_list = get_subdirs_list($work_dir);
 	$my_sub_dir = str_replace('work/','',$sub_course_dir);
 	// List of all folders
 	foreach($dirs_list as $dir)
 	{
 		if ($my_sub_dir=='')
 		{	
 				$mydir_temp = '/'.$dir;
 		}
 		else
 		{
 			$mydir_temp = '/'.$my_sub_dir.$dir;
 		}
 		// select the directory's date
        /*$sql_select_directory= "SELECT sent_date FROM ".$work_table." WHERE " .
 							   "url LIKE BINARY '".$mydir_temp."' AND filetype = 'folder'";
 		*/					   
 		$sql_select_directory= "SELECT prop.lastedit_date, author FROM ".$iprop_table." prop INNER JOIN ".$work_table." work ON (prop.ref=work.id) WHERE " .
 							   	    "work.url LIKE BINARY '".$mydir_temp."' AND work.filetype = 'folder' AND prop.tool='work' ";													   
 		$result=api_sql_query($sql_select_directory,__FILE__,__LINE__);
 		$row=Database::fetch_array($result);
 		$direc_date= $row['lastedit_date']; //directory's date
 		$author= $row['author']; //directory's author			
 		$mydir = $my_sub_dir.$dir;
 		if ($is_allowed_to_edit) 
 		{		
 			$clean_edit_dir=Security :: remove_XSS(Database::escape_string($_GET['edit_dir']));			
-			
+			// form edit directory				
 			if(isset($clean_edit_dir) && $clean_edit_dir==$mydir)
 			{	
 				$form_folder = new FormValidator('edit_dir', 'post', api_get_self().'?curdirpath='.$my_sub_dir.'&edit_dir='.$mydir);
@ -352,30 +418,62 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
 					$dir = $values['dir_name'];
 					$display_edit_form=false;					
 				}
 			}
 		}
 		$action = '';
 		//display info depending on the permissions
 		$row = array();
 		$class = '';										
-		$url = implode("/", array_map("rawurlencode", explode("/", $work->url)));
+		$row[] = '<img src="../img/folder_document.gif" border="0" hspace="5" align="middle" alt="'.get_lang('Folder').'" />'; //image
 		$a_count_directory=count_dir($work_dir.'/'.$dir,false);
 		$cant_files=$a_count_directory[0];
 		$cant_dir=$a_count_directory[1];
-		$row[] = '<img src="../img/folder_document.gif" alt="dir" border="0" hspace="5" align="middle" />'; //image
+		$text_file=get_lang('FilesUpload');
 		$text_dir=get_lang('Directories');
 		if ($cant_files==1)
 		{
 			$text_file=strtolower(get_lang('FileUpload'));			
 		}
 		if ($cant_dir==1)
 		{
 			$text_dir=get_lang('directory');	
 		}
 		if ($cant_dir!=0) 
 		{
 			$dirtext=' ('.$cant_dir.' '.$text_dir.')';
 		}
 		else
 		{
 			$dirtext='';
 		}
 		if($display_edit_form)
 		{
-			$row[] = $form_folder->toHtml(); // form to edit the directory's name
+			$row[] = '<span class="invisible" style="display:none">'.$dir.'</span>'.$form_folder->toHtml(); // form to edit the directory's name
 		}
 		else
 		{
-			$row[] = '<a href="'.api_get_self().'?'.api_get_cidreq().'&curdirpath='.$mydir.'"'.$class.'>'.$dir.'</a>'; // title of directory
+			$row[] = '<a href="'.api_get_self().'?'.api_get_cidreq().'&curdirpath='.$mydir.'"'.$class.'>'.$dir.'</a><br>'.$cant_files.' '.$text_file.$dirtext;				
 		}
 		if ($count_files!=0)
 		{
 			$row[] = "";
 		}	
-		$row[] = ''; //authors		
+		if ($direc_date!='' && $direc_date!='0000-00-00 00:00:00') 
-		$row[] = ''; //date		
+		{
 			$row[]= date_to_str_ago($direc_date).'<br><span class="dropbox_date">'.$direc_date.'</span>';
 		}
 		else
 		{
 			$row[]='';			
 		}	
 		if( $is_allowed_to_edit)
 		{
@ -388,7 +486,6 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
 		{
 			$row[] = "";
 		}		
 		$table_data[] = $row;
 	}
@ -455,15 +552,12 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
 			$table_data[] = $row;
 		}
 	}
-	//if( count($table_data) > 0)
+
 	//{
 	$sorting_options=array();
 	$sorting_options['column']=1; 
 	$paging_options=array();
 	Display::display_sortable_config_table($table_header,$table_data,$sorting_options, $paging_options,NULL,$column_show,$column_order);
 	//}
 }
 /**
 * Returns a list of subdirectories found in the given directory.
@ -657,17 +751,26 @@ function create_unexisting_work_directory($base_work_dir,$desired_dir_name)
 * @param	string	The directory name as the bit after "work/", without trailing slash
 * @return	integer	-1 on error
 */
-function del_dir($base_work_dir,$dir){
+function del_dir($base_work_dir,$dir)
 {
 	if(empty($dir) or $dir=='/'){return -1;}//not authorized
 	//escape hacks
 /*
 	$dir = str_replace('../','',$dir);
 	$dir = str_replace('..','',$dir);
 	$dir = str_replace('./','',$dir);
 	$dir = str_replace('.','',$dir);
-	if(!is_dir($base_work_dir.$dir)) {return -1;}
+*/
 	$check = Security::check_abs_path($base_work_dir.$dir,$base_work_dir);
 	if (!$check || !is_dir($base_work_dir.$dir)) return -1;
 	$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
-	$sql = "DELETE FROM $table WHERE url LIKE 'work/".$dir."/%'";
+	$sql = "DELETE FROM $table WHERE url LIKE BINARY 'work/".$dir."/%'";
 	$res = api_sql_query($sql,__FILE__,__LINE__);
 	//delete from DB the directories
 	$sql = "DELETE FROM $table WHERE filetype = 'folder' AND url LIKE BINARY '/".$dir."%'";
 	$res = api_sql_query($sql,__FILE__,__LINE__);	
 	require_once(api_get_path(LIBRARY_PATH).'/fileManage.lib.php');
 	my_delete($base_work_dir.$dir);
 }
@ -693,7 +796,8 @@ function get_work_path($id){
 * @param	string	Destination directory where the work has been moved (must end with a '/')
 * @return	-1 on error, sql query result on success
 */
-function update_work_url($id,$new_path){
+function update_work_url($id,$new_path)
 {
 	if(empty($id)) return -1;
 	$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
 	$sql = "SELECT * FROM $table WHERE id=$id";
@ -723,22 +827,174 @@ function update_dir_name($path, $new_name)
 	include_once(api_get_path(LIBRARY_PATH) . "/fileUpload.lib.php");
 	$path_to_dir = dirname($path);
 	if($path_to_dir=='.') 
 	{
 		$path_to_dir = '';
 	}
 	else
 	{
 		$path_to_dir .= '/';
 	}
 	my_rename($base_work_dir.'/'.$path,$new_name);			
 	$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
-	$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE "work/'.$path.'/%"';
+
 	//update all the files in the other directories according with the next query
 	$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE BINARY "work/'.$path.'/%"'; // like binary (Case Sensitive) 
 	$rs = api_sql_query($sql, __FILE__, __LINE__);		
 	$work_len=strlen('work/'.$path);	
 	while($work = Database :: fetch_array($rs))
 	{		 				 
-		$work_name = basename($work['url']);
+		$new_dir=$work['url'];		
-		//echo $work_name;
+		$name_with_directory=substr($new_dir,$work_len,strlen($new_dir));				
-		$sql = 'UPDATE '.$table.' SET url="work/'.$path_to_dir.$new_name.'/'.$work_name.'" WHERE id= '.$work['id'];
+		$sql = 'UPDATE '.$table.' SET url="work/'.$path_to_dir.$new_name.$name_with_directory.'" WHERE id= '.$work['id'];		
 		api_sql_query($sql, __FILE__, __LINE__);		
 	}
 	//update all the directory's children according with the next query 
 	$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE BINARY "/'.$path.'%"';
 	$rs = api_sql_query($sql, __FILE__, __LINE__);	
 	$work_len=strlen('/'.$path);	
 	while($work = Database :: fetch_array($rs))
 	{		
 		$new_dir=$work['url'];
 		$name_with_directory=substr($new_dir,$work_len,strlen($new_dir));	
 		$sql = 'UPDATE '.$table.' SET url="/'.$path_to_dir.$new_name.$name_with_directory.'" WHERE id= '.$work['id'];		
 		api_sql_query($sql, __FILE__, __LINE__);		
 	}	
 }
 /**
 * Return an array with all the folder's ids that are in the given path  
 * @param	string Path of the directory  
 * @return	array The list of ids of all the directories in the path 
 * @author 	Julio Montoya Dokeos
 * @version April 2008
 */
 function get_parent_directories($my_cur_dir_path)
 {
 			$list_parents = explode('/', $my_cur_dir_path);						
 			$dir_acum = '';
 			global $work_table;			
 			$list_id=array();
 			for ($i = 0; $i < count($list_parents) - 1; $i++)
 			{			
 				$where_sentence = "url  LIKE BINARY '" . $dir_acum . "/" . $list_parents[$i]."'";							
 				$dir_acum .= '/' . $list_parents[$i];							
 				$sql = "SELECT id FROM ". $work_table . " WHERE ". $where_sentence;								
 				$result = api_sql_query($sql, __FILE__, __LINE__);
 				$row= Database::fetch_array($result);									
 				$list_id[]=$row['id'];	
 			}			
 			return $list_id;
 }
 /**
 * Transform an all directory structure (only directories) in an array 
 * @param	string path of the directory
 * @return	array the directory structure into an array
 * @author 	Julio Montoya Dokeos
 * @version April 2008
 */ 
 function directory_to_array($directory)
 {
 	$array_items = array();
 	if ($handle = opendir($directory)) 
 	{
 		while (false !== ($file = readdir($handle))) 
 		{
 			if ($file != "." && $file != "..") 
 			{
 				if (is_dir($directory. "/" . $file)) 
 				{
 					$array_items = array_merge($array_items, directory_to_array($directory. "/" . $file));					
 					$file = $directory . "/" . $file;					
 					$array_items[] = preg_replace("/\/\//si", "/", $file);
 				}	
 			}
 		}
 		closedir($handle);
 	}
 	return $array_items;
 }
 /**
 * Insert into the DB of the course all the directories  
 * @param	string path of the /work directory of the course 
 * @return	-1 on error, sql query result on success
 * @author 	Julio Montoya Dokeos
 * @version April 2008
 */ 
 function insert_all_directory_in_course_table($base_work_dir)
 {	
 	$dir_to_array =directory_to_array($base_work_dir,true);	
 	$only_dir=array();	
 	for($i=0;$i<count($dir_to_array);$i++)
 	{
 		$only_dir[]=substr($dir_to_array[$i],strlen($base_work_dir), strlen($dir_to_array[$i]));				
 	}	
 	echo "<pre>";
 	print_r($only_dir);
 	echo "<pre>";
 	for($i=0;$i<count($only_dir);$i++)
 	{		
 		global $work_table;
 		$sql_insert_all= "INSERT INTO " . $work_table . " SET url = '" . $only_dir[$i] . "', " .
 							  "title        = '',
 			                   description 	= '',
 			                   author      	= '',
 							   active		= '0',
 							   accepted		= '1',
 							   filetype		= 'folder',
 							   post_group_id = '0',
 							   sent_date	= '0000-00-00 00:00:00' ";				  
 		//api_sql_query($sql_insert_all, __FILE__, __LINE__);			
 	}	
 }
 /**
 * This function displays the number of files contained in a directory
 *
 * @param	string the path of the directory 
 * @param	boolean true if we want the total quantity of files include in others child directorys , false only  files in the directory		
 * @return	array the first element is an integer with the number of files in the folder, the second element is the number of directories
 * @author 	Julio Montoya Dokeos
 * @version	April 2008
 */
 function count_dir($path_dir, $recurse)
 {
 	$count = 0;
 	$count_dir= 0;
    $d = dir($path_dir);   
    while ($entry = $d->Read())
    {    
    	if (!(($entry == "..") || ($entry == ".")))
 		{		
        	if (Is_Dir($path_dir.'/'.$entry))
        	{       		
        		$count_dir++;
          		if ($recurse)
          		{
            		$count += count_dir($path_dir . '/' . $entry, $recurse);
          		}
        	}
 			else
        	{
        		$count++;
        	}
 		}
 	}
 	$return_array=array();
 	$return_array[]=$count;
 	$return_array[]=$count_dir;	
    return $return_array;
 }
 ?>
--- a/main/work/work.php
+++ b/main/work/work.php
@ -1,9 +1,10 @@
 <?php
 /*
 ==============================================================================
 	Dokeos - elearning and course management software
-	Copyright (c) 2004-2008 Dokeos S.A.
+	Copyright (c) 2004-2008 Dokeos S.P.R.L
 	For a full list of contributors, see "credits.txt".
 	The full license can be read in "license.txt".
@ -26,7 +27,7 @@
 * 	@author Patrick Cool <patrick.cool@UGent.be>, Ghent University - ability for course admins to specify wether uploaded documents are visible or invisible by default.
 * 	@author Roan Embrechts, code refactoring and virtual course support
 * 	@author Frederic Vauthier, directories management
-*  	@version $Id: work.php 14679 2008-03-21 14:15:28Z elixir_inter $
+*  	@version $Id: work.php 14753 2008-04-03 22:20:25Z juliomontoya $
 *
 * 	@todo refactor more code into functions, use quickforms, coding standards, ...
 */
@ -83,16 +84,19 @@
 */
 // name of the language file that needs to be included
-$language_file = array('work','document','admin');
+$language_file = array (
 	'work',
 	'document',
 	'admin'
 );
 // Section (for the tabs)
 $this_section = SECTION_COURSES;
 // @todo why is this needed?
 //session
-if(isset($_GET['id_session']))
+if (isset ($_GET['id_session'])) {
-{
+	$_SESSION['id_session'] = Database::escape_string($_GET['id_session']);
 	$_SESSION['id_session'] = $_GET['id_session'];
 }
 $htmlHeadXtra[] = '<script>
@ -136,7 +140,6 @@ require_once('work.lib.php');
 $main_course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
 $work_table = Database :: get_course_table(TABLE_STUDENT_PUBLICATION);
 $iprop_table = Database :: get_course_table(TABLE_ITEM_PROPERTY);
 /*
 -----------------------------------------------------------
 	Constants and variables
@ -171,32 +174,26 @@ $course_dir   = $sys_course_path.$_course['path'];
 $base_work_dir = $course_dir . '/work';
 $http_www = api_get_path('WEB_COURSE_PATH') . $_course['path'] . '/work';
 $cur_dir_path = '';
-if(isset($_GET['curdirpath']) && $_GET['curdirpath']!='')
+if (isset ($_GET['curdirpath']) && $_GET['curdirpath'] != '') {
 {
 	//$cur_dir_path = preg_replace('#[\.]+/#','',$_GET['curdirpath']); //escape '..' hack attempts
 	//now using common security approach with security lib
 	$in_course = Security :: check_abs_path($base_work_dir . '/' . $_GET['curdirpath'], $base_work_dir);
-	if(!$in_course)
+	if (!$in_course) {
 	{
 		$cur_dir_path = "/";
 	} else {
 		$cur_dir_path = $_GET['curdirpath'];
 	}
 }
-elseif (isset($_POST['curdirpath']) && $_POST['curdirpath']!='')
+elseif (isset ($_POST['curdirpath']) && $_POST['curdirpath'] != '') {
 {
 	//$cur_dir_path = preg_replace('#[\.]+/#','/',$_POST['curdirpath']); //escape '..' hack attempts
 	//now using common security approach with security lib
 	$in_course = Security :: check_abs_path($base_work_dir . '/' . $_POST['curdirpath'], $base_work_dir);
-	if(!$in_course)
+	if (!$in_course) {
 	{
 		$cur_dir_path = "/";
 	} else {
 		$cur_dir_path = $_POST['curdirpath'];
 	}
-}
+} else {
 else
 {
 	$cur_dir_path = '/';
 }
 if ($cur_dir_path == '.') {
@ -204,7 +201,6 @@ if($cur_dir_path == '.'){
 }
 $cur_dir_path_url = urlencode($cur_dir_path);
 //prepare a form of path that can easily be added at the end of any url ending with "work/"
 $my_cur_dir_path = $cur_dir_path;
 if ($my_cur_dir_path == '/')
@ -223,16 +219,13 @@ elseif(substr($my_cur_dir_path,-1,1)!='/')
 $link_target_parameter = ""; //or e.g. "target=\"_blank\"";
 $always_show_tool_options = false;
 $always_show_upload_form = false;
-if ($always_show_tool_options)
+if ($always_show_tool_options) {
 {
 	$display_tool_options = true;
 }
-if ($always_show_upload_form)
+if ($always_show_upload_form) {
 {
 	$display_upload_form = true;
 }
-
+api_protect_course_script(true);
 api_protect_course_script();
 /*
 -----------------------------------------------------------
@ -240,14 +233,12 @@ api_protect_course_script();
 -----------------------------------------------------------
 */
-if(isset($_POST['cancelForm']) && !empty($_POST['cancelForm']))
+if (isset ($_POST['cancelForm']) && !empty ($_POST['cancelForm'])) {
 {
 	header('Location: ' . api_get_self() . "?origin=$origin");
 	exit ();
 }
-if ($_POST['submitWork'] || $submitGroupWorkUrl)
+if ($_POST['submitWork'] || $submitGroupWorkUrl) {
 {
 	// these libraries are only used for upload purpose
 	// so we only include them when necessary
 	include_once (api_get_path(INCLUDE_PATH) . "lib/fileUpload.lib.php");
@ -257,24 +248,19 @@ if ($_POST['submitWork'] || $submitGroupWorkUrl)
 // If the POST's size exceeds 8M (default value in php.ini) the $_POST array is emptied
 // If that case happens, we set $submitWork to 1 to allow displaying of the error message
 // The redirection with header() is needed to avoid apache to show an error page on the next request
-if($_SERVER['REQUEST_METHOD'] == 'POST' && !sizeof($_POST))
+if ($_SERVER['REQUEST_METHOD'] == 'POST' && !sizeof($_POST)) {
-{
+	if (strstr($_SERVER['REQUEST_URI'], '?')) {
 	if(strstr($_SERVER['REQUEST_URI'],'?'))
 	{
 		header('Location: ' . $_SERVER['REQUEST_URI'] . '&submitWork=1');
 		exit ();
-	}
+	} else {
 	else
 	{
 		header('Location: ' . $_SERVER['REQUEST_URI'] . '?submitWork=1');
 		exit ();
 	}
 }
 //toolgroup comes from group. the but of tis variable is to limit post to the group of the student
 if (!api_is_course_admin()) {
-	if (!empty($_GET['toolgroup']))
+	if (!empty ($_GET['toolgroup'])) {
-	{
+		$toolgroup = Database::escape_string($_GET['toolgroup']);
 		$toolgroup=$_GET['toolgroup'];
 		api_session_register('toolgroup');
 	}
 }
@ -284,12 +270,11 @@ if (!api_is_course_admin()){
 -----------------------------------------------------------
 */
-
+if ($origin != 'learnpath') {
-
+	$interbreadcrumb[] = array (
-if ($origin != 'learnpath')
+		'url' => $url_dir,
-{
+		'name' => get_lang('StudentPublications'
-	$interbreadcrumb[]= array ('url'=>$url_dir, 'name'=> get_lang('StudentPublications'));	
+	));
 	//if (!$display_tool_options  && !$display_upload_form)
 	//{
@ -297,51 +282,49 @@ if ($origin != 'learnpath')
 	$dir_array = explode("/", $cur_dir_path);
 	$array_len = count($dir_array);
-		if ($array_len >0)
+	if ($array_len > 0) {
 		{
 		$url_dir = 'work.php?&curdirpath=/';
-			$interbreadcrumb[]= array ('url'=>$url_dir, 'name'=> get_lang('HomeDirectory'));		
+		$interbreadcrumb[] = array (
 			'url' => $url_dir,
 			'name' => get_lang('HomeDirectory'
 		));
 	}
 	$dir_acum = '';
-		for ($i=0; $i<$array_len;$i++)
+	for ($i = 0; $i < $array_len; $i++) {
 		{ 
 		$url_dir = 'work.php?&curdirpath=' . $dir_acum . $dir_array[$i];
-			$interbreadcrumb[]= array ('url'=>$url_dir, 'name'=> $dir_array[$i]);
+		$interbreadcrumb[] = array (
 			'url' => $url_dir,
 			'name' => $dir_array[$i]
 		);
 		$dir_acum .= $dir_array[$i] . '/';
 	}
 	//	}
-	if($display_upload_form)
+	if ($display_upload_form) {
 	{
 		//$tool_name = get_lang("UploadADocument");
 		//$interbreadcrumb[] = array ("url" => "work.php", "name" => get_lang('StudentPublications'));
-		$interbreadcrumb[] = array ("url" => "work.php", "name" => get_lang('UploadADocument'));
+		$interbreadcrumb[] = array (
 			"url" => "work.php",
 			"name" => get_lang('UploadADocument'));
 	}
-	if($display_tool_options)
+	if ($display_tool_options) {
 	{
 		//$tool_name = get_lang("EditToolOptions");
 		//$interbreadcrumb[] = array ("url" => "work.php", "name" => get_lang('StudentPublications'));
-		$interbreadcrumb[] = array ("url" => "work.php", "name" => get_lang('EditToolOptions'));
+		$interbreadcrumb[] = array (
 			"url" => "work.php",
 			"name" => get_lang('EditToolOptions'));
 	}
 	//--------------------------------------------------
 	Display :: display_header(null);
-}
+} else {
 else
 {
 	//we are in the learnpath tool
 	include api_get_path(INCLUDE_PATH) . 'reduced_header.inc.php';
 }
 //stats
 event_access_tool(TOOL_STUDENTPUBLICATION);
@ -369,7 +352,6 @@ else
 	$uploadvisibledisabled = $row["show_score"];
 }
 /*
 -----------------------------------------------------------
 	Introduction section
@ -405,8 +387,7 @@ if (api_is_allowed_to_edit())
 		if ($result1) 
 		{
-			while ($thisUrl = mysql_fetch_array($result1))
+			while ($thisUrl = Database::fetch_array($result1)) {
 			{
 				// check the url really points to a file in the work area
 				// (some work links can come from groups area...)
 				//if (substr (dirname($thisUrl['url']), -4) == "work")
@ -430,7 +411,6 @@ if (api_is_allowed_to_edit())
 		if ($result) 
 		{
 			$row = mysql_fetch_array($result);
 			$workTitle = $row['title'];
 			$workAuthor = $row['author'];
 			$workDescription = $row['description'];
@ -438,8 +418,6 @@ if (api_is_allowed_to_edit())
 		}
 	}
 	/*-------------------------------------------
 		MAKE INVISIBLE WORK COMMAND
 	  -----------------------------------------*/
@ -468,8 +446,6 @@ if (api_is_allowed_to_edit())
 		}				
 	}
 	/*-------------------------------------------
 		MAKE VISIBLE WORK COMMAND
 	  -----------------------------------------*/
@ -497,20 +473,67 @@ if (api_is_allowed_to_edit())
 			api_sql_query($sql, __FILE__, __LINE__);
 		}
 		// update all the parents in the table item propery		
 		$list_id=get_parent_directories($my_cur_dir_path);
 		for ($i = 0; $i < count($list_id); $i++)
 		{
 			api_item_property_update($_course, 'work', $list_id[$i], get_lang('FolderUpdated'), $user_id);								
 		}			
 	}
 	/*--------------------
 	 * Create dir command
 	 ---------------------*/
-	if(!empty($_REQUEST['create_dir']) && !empty($_REQUEST['new_dir'])){
+	if (!empty ($_REQUEST['create_dir']) && !empty ($_REQUEST['new_dir'])) 
 	{
 		//create the directory
 		//needed for directory creation
 		include_once (api_get_path(LIBRARY_PATH) . "fileUpload.lib.php");
 		$added_slash = (substr($cur_dir_path, -1, 1) == '/') ? '' : '/';		
 		$dir_name = $cur_dir_path . $added_slash . replace_dangerous_char($_POST['new_dir']);		
 		$created_dir = create_unexisting_work_directory($base_work_dir, $dir_name);
 		// we insert here the directory in the table $work_table		
 		$dir_name_sql=''; 
 		if ($created_dir) 
 		{			
-			//Display::display_normal_message("<strong>".$created_dir."</strong> was created!");
+			if ($cur_dir_path=='/')
 			{			
 				$dir_name_sql = $created_dir;
 			}		
 			else
 			{
 				$dir_name_sql = '/'.$created_dir;			
 			}
 			$sql_add_publication = "INSERT INTO " . $work_table . " SET " .			
 								   "url         = '" . $dir_name_sql . "',
 							       title        = '',
 				                   description 	= '',
 				                   author      	= '',
 								   active		= '0',
 								   accepted		= '1',
 								   filetype 	= 'folder',
 								   post_group_id = '0',
 								   sent_date	= NOW()";
 			api_sql_query($sql_add_publication, __FILE__, __LINE__);
 			// add the directory	
 			$id = mysql_insert_id();
 			//Folder created
 			api_item_property_update($_course, 'work', $id, get_lang('DirCr'), $user_id);			
 			// update all the parents in the table item propery
 			$list_id=get_parent_directories($my_cur_dir_path);
 			for ($i = 0; $i < count($list_id); $i++)
 			{
 				api_item_property_update($_course, 'work', $list_id[$i], get_lang('FolderUpdated'), $user_id);								
 			}			
 			//-------------------------------------------------------------------------------
 			Display :: display_normal_message('<span title="' . $created_dir . '">' . get_lang('DirCr') . '</span>', false);
 			//uncomment if you want to enter the created dir
 			//$curdirpath = $created_dir;
@ -526,8 +549,9 @@ if (api_is_allowed_to_edit())
 	 --------------------*/
 	if (!empty ($_REQUEST['delete_dir'])) 
 	{		
-		del_dir($base_work_dir.'/',$_REQUEST['delete_dir']);
+		$delete_directory=$_REQUEST['delete_dir'];
-		Display::display_normal_message($_REQUEST['delete_dir'].' '.get_lang('DirDeleted'));
+		del_dir($base_work_dir . '/', $delete_directory);		
 		Display :: display_normal_message($delete_directory . ' ' . get_lang('DirDeleted'));
 	}
 	/* ----------------------
 	 * Move file form request
@ -544,12 +568,10 @@ if (api_is_allowed_to_edit())
 	{
 		include_once (api_get_path(LIBRARY_PATH) . "/fileManage.lib.php");
 		$move_to = $_POST['move_to'];
-		if($move_to == '/' or empty($move_to))
+		if ($move_to == '/' or empty ($move_to)) {
 		{
 			$move_to = '';
 		}
-		elseif(substr($move_to,-1,1)!='/')
+		elseif (substr($move_to, -1, 1) != '/') {
 		{
 			$move_to = $move_to . '/';
 		}
@ -558,13 +580,20 @@ if (api_is_allowed_to_edit())
 		{
 			//echo "got path $path";
 			//Display::display_normal_message('We want to move '.$_POST['move_file'].' to '.$_POST['move_to']);
-			if ( move($course_dir.'/'.$path,$base_work_dir.'/'.$move_to) )
+			if (move($course_dir . '/' . $path, $base_work_dir . '/' . $move_to)) {
 			{
 				//update db
 				update_work_url($_POST['move_file'], 'work/' . $move_to);
 				//set the current path
 				$cur_dir_path = $move_to;
 				$cur_dir_path_url = urlencode($move_to);
 				// update all the parents in the table item propery
 				$list_id=get_parent_directories($cur_dir_path);						
 				for ($i = 0; $i < count($list_id); $i++)
 				{					
 					api_item_property_update($_course, 'work', $list_id[$i], get_lang('FolderUpdated'), $user_id);								
 				}		
 				Display :: display_normal_message(get_lang('DirMv'));
 			} 
 			else 
@ -587,6 +616,7 @@ else
 {
 	$iprop_table = Database :: get_course_table(TABLE_ITEM_PROPERTY);
 	$user_id = api_get_user_id();
 	/*-------------------------------------------
 				DELETE WORK COMMAND
 	-----------------------------------------*/
@ -601,13 +631,16 @@ else
 			//Get the author ID for that document from the item_property table
 			$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . mysql_real_escape_string($delete);
 			$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
 			if (Database :: num_rows($author_qry) == 1)
 			{
 				//we found the current user is the author
 				$queryString1 = "SELECT url FROM  " . $work_table . "  WHERE id = '$delete'";
 				$queryString2 = "DELETE FROM  " . $work_table . "  WHERE id='$delete'";
 				$result1 = api_sql_query($queryString1, __FILE__, __LINE__);
 				$result2 = api_sql_query($queryString2, __FILE__, __LINE__);
 				if ($result1) 
 				{
 					api_item_property_update($_course, 'work', $delete, get_lang('DocumentDeleted'), $user_id);
@ -627,6 +660,7 @@ else
 	/*-------------------------------------------
 	           EDIT COMMAND WORK COMMAND
 	  -----------------------------------------*/
 	if ($edit) 
 	{		
 		//Get the author ID for that document from the item_property table
@ -637,11 +671,9 @@ else
 			//we found the current user is the author
 			$sql = "SELECT * FROM  " . $work_table . "  WHERE id='" . $edit . "'";
 			$result = api_sql_query($sql, __FILE__, __LINE__);
 			if ($result)
 			 {
 				$row = mysql_fetch_array($result);
 				$workTitle = $row['title'];
 				$workAuthor = $row['author'];
 				$workDescription = $row['description'];
@ -649,6 +681,7 @@ else
 			}
 		}
 	}
 }
 /*
@ -682,7 +715,6 @@ if($_POST['submitWork'] && $is_course_member && $check)
 		} 
 		else 
 		{
 			if (!$title) 
 			{
 				$title = $_FILES['file']['name'];
@ -705,46 +737,53 @@ if($_POST['submitWork'] && $is_course_member && $check)
 			{
 				$post_group_id = '0';
 			}
 			//if we come from the group tools the groupid will be saved in $work_table
 			move_uploaded_file($_FILES['file']['tmp_name'], $updir . $my_cur_dir_path . $new_file_name);
 			$url = "work/" . $my_cur_dir_path . $new_file_name;
 			$result = api_sql_query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
 			if (!mysql_num_rows($result)) 
 			{
 				api_sql_query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
 			}			
 			$current_date = date('Y-m-d H:i:s');
-			$sql_add_publication = "INSERT INTO ".$work_table."
+			$sql_add_publication = "INSERT INTO " . $work_table . " SET " .
-			               SET url         = '".$url."',
+									       "url         = '" . $url . "',
 									       title       = '" . $title . "',
 						                   description = '" . $description . "',
 						                   author      = '" . $authors . "',
 										   active		= '" . $active . "',
 										   accepted		= '" . (!$uploadvisibledisabled) . "',
 										   post_group_id = '" . $post_group_id . "',
-							   sent_date	= NOW()";
+										   sent_date	=  ' ".$current_date ."' ";
 			api_sql_query($sql_add_publication, __FILE__, __LINE__);
 			$Id = mysql_insert_id();
 			api_item_property_update($_course, 'work', $Id, get_lang('DocumentAdded'), $user_id);
 			$succeed = true;
-		}
+			
 			// update all the parents in the table item propery
 			$list_id=get_parent_directories($my_cur_dir_path);						
 			for ($i = 0; $i < count($list_id); $i++)
 			{
 				api_item_property_update($_course, 'work', $list_id[$i], get_lang('FolderUpdated'), $user_id);								
 			}	
 		}
 	}
 	elseif ($newWorkUrl) 
 	{	
 		/*
 		 * SPECIAL CASE ! For a work coming from another area (i.e. groups)
 		 */		 
 	elseif ($newWorkUrl)
 	{
 		$url = str_replace('../../' . $_course['path'] . '/', '', $newWorkUrl);
 		if (!$title)
 		{		
 			$title = basename($workUrl);
@ -752,8 +791,7 @@ if($_POST['submitWork'] && $is_course_member && $check)
 		$result = api_sql_query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
-		if(!mysql_num_rows($result))
+		if (!Database::num_rows($result)) {
 		{
 			api_sql_query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
 		}
@ -766,9 +804,16 @@ if($_POST['submitWork'] && $is_course_member && $check)
 		api_sql_query($sql, __FILE__, __LINE__);
-		$insertId = mysql_insert_id();
+		$insertId = Database::insert_id();
 		api_item_property_update($_course, 'work', $insertId, get_lang('DocumentAdded'), $user_id);
 		$succeed = true;
 		// update all the parents in the table item propery
 		$list_id=get_parent_directories($my_cur_dir_path);						
 		for ($i = 0; $i < count($list_id); $i++)
 		{
 			api_item_property_update($_course, 'work', $list_id[$i], get_lang('FolderUpdated'), $user_id);								
 		}		
 	}
 	/*
@ -781,8 +826,7 @@ if($_POST['submitWork'] && $is_course_member && $check)
 		$is_author = false;
 		$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . mysql_real_escape_string($id);
 		$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
-		if(Database::num_rows($author_qry)==1)
+		if (Database :: num_rows($author_qry) == 1) {
 		{
 			$is_author = true;
 		}
@ -815,8 +859,7 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 {
 	//YW Tis part serve to send a e-mail to the tutors when a new file is sent
 	$send = api_get_course_setting('email_alert_manager_on_new_doc');
-	if($send>0)
+	if ($send > 0) {
 	{
 		// Lets predefine some variables. Be sure to change the from address!
 		$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
 		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
@ -824,8 +867,7 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 		$table_session_course = Database :: get_main_table(TABLE_MAIN_SESSION_COURSE);
 		$emailto = array ();
-		if(empty($_SESSION['id_session']))
+		if (empty ($_SESSION['id_session'])) {
 		{
 			$sql_resp = 'SELECT u.email as myemail FROM ' . $table_course_user . ' cu, ' . $table_user . ' u WHERE cu.course_code = ' . "'" . api_get_course_id() . "'" . ' AND cu.status = 1 AND u.user_id = cu.user_id';
 			$res_resp = api_sql_query($sql_resp, __FILE__, __LINE__);
 			while ($row_email = Database :: fetch_array($res_resp)) {
@ -833,9 +875,7 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 					$emailto[$row_email['myemail']] = $row_email['myemail'];
 				}
 			}
-		}
+		} else {
 		else
 		{
 			// coachs of the session
 			$sql_resp = 'SELECT user.email as myemail 
 									FROM ' . $table_session . ' session
@ -884,13 +924,14 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 		}
 	}
 	$message = get_lang('DocAdd');
-    if ($uploadvisibledisabled && !$is_allowed_to_edit)
+	if ($uploadvisibledisabled && !$is_allowed_to_edit) {
 	{
 		$message .= "<br />" . get_lang('_doc_unvisible') . "<br />";
 	}
 	//stats
-	if(!$Id) { $Id = $insertId; }
+	if (!$Id) {
 		$Id = $insertId;
 	}
 	event_upload($Id);
 	$submit_success_message = $message . "<br />\n";
 	Display :: display_normal_message($submit_success_message, false);
@ -904,24 +945,21 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 display_action_links($cur_dir_path, $always_show_tool_options, $always_show_upload_form);
 /*=======================================
 	 Display form to upload document
  =======================================*/
-	if($is_course_member)
+if ($is_course_member) {
 	{
 	if ($display_upload_form || $edit) 
 	{
 		$token = Security :: get_token(); //generate token to be used to check validity of request
-			if($edit){
+		if ($edit) 
 		{
 			//Get the author ID for that document from the item_property table
 			$is_author = false;
 			$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . $edit;
 			$author_qry = api_sql_query($author_sql, __FILE__, __LINE__);
-				if(Database::num_rows($author_qry)==1)
+			if (Database :: num_rows($author_qry) == 1) {
 				{
 				$is_author = true;
 			}
 		}
@ -931,7 +969,8 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 		$form = new FormValidator('form', 'POST', api_get_self() . "?curdirpath=" . Security :: remove_XSS($cur_dir_path) . "&origin=$origin", '', 'enctype="multipart/form-data"');
-			if(!empty($error_message)) Display::display_error_message($error_message);
+		if (!empty ($error_message))
 			Display :: display_error_message($error_message);
 		if ($submitGroupWorkUrl) // For user comming from group space to publish his work
 		{
@ -956,7 +995,6 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 							</div>';
 			$form->addElement('html', $html);
 		} 
 		else // else standard upload option
 		{
 			$form->addElement('file', 'file', get_lang('DownloadFile'), 'size="30" onchange="updateDocumentTitle(this.value)"');
@ -983,15 +1021,12 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 		$form->addElement('submit', 'submitWork', get_lang('Ok'));
 		if ($_POST['submitWork'] || $edit) 
 		{
 			$form->addElement('submit', 'cancelForm', get_lang('Cancel'));
 		}
 		$form->add_real_progress_bar('uploadWork', 'DownloadFile');
 		$form->setDefaults($defaults);
 		$form->display();
@ -1040,12 +1075,10 @@ if ($_POST['submitWork'] && $succeed &&!$id) //last value is to check this is no
 	$my_cur_dir_path = $cur_dir_path;
 }
-	if (!$display_upload_form && !$display_tool_options) 
+if (!$display_upload_form && !$display_tool_options) {
 	{
 	display_student_publications_list($base_work_dir . '/' . $my_cur_dir_path, 'work/' . $my_cur_dir_path, $currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin);
 }
 /*
 ==============================================================================
 		Footer