diff --git a/main/admin/sub_language.class.php b/main/admin/sub_language.class.php index ad5378e8d7..d8ad124e5a 100755 --- a/main/admin/sub_language.class.php +++ b/main/admin/sub_language.class.php @@ -213,7 +213,7 @@ class SubLanguageManager { /** * Make available the language * @param Integer The language id - * @return void() + * @return void */ public static function make_available_language ($language_id) { $tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE); diff --git a/main/gradebook/gradebook_edit_all.php b/main/gradebook/gradebook_edit_all.php index 0733d55df9..30eed0e966 100755 --- a/main/gradebook/gradebook_edit_all.php +++ b/main/gradebook/gradebook_edit_all.php @@ -157,7 +157,7 @@ if ($my_api_cidreq=='') { } ?>
- +
diff --git a/main/gradebook/index.php b/main/gradebook/index.php index 96c87c52cd..ccf1af9796 100755 --- a/main/gradebook/index.php +++ b/main/gradebook/index.php @@ -714,7 +714,7 @@ if (isset ($_GET['studentoverview'])) { $pdf->ezText($organization_name,22,array('justification'=>'left')); $pdf->ezSetY(580); $pdf->ezText($portal_name,22,array('justification'=>'right')); - $pdf->ezStream(); + $pdf->ezStream();*/ } exit; } else { //in any other case (no search, no pdf), print the available gradebooks diff --git a/main/gradebook/lib/be/abstractlink.class.php b/main/gradebook/lib/be/abstractlink.class.php index df3d1d106a..571e9614f8 100755 --- a/main/gradebook/lib/be/abstractlink.class.php +++ b/main/gradebook/lib/be/abstractlink.class.php @@ -166,7 +166,7 @@ abstract class AbstractLink implements GradebookItem $sql .= ' visible = '.intval($visible); $paramcount ++; } - + $result = Database::query($sql); $links = AbstractLink::create_objects_from_sql_result($result); return $links; diff --git a/main/gradebook/lib/be/evaluation.class.php b/main/gradebook/lib/be/evaluation.class.php index b471b0c3d8..f99462c427 100755 --- a/main/gradebook/lib/be/evaluation.class.php +++ b/main/gradebook/lib/be/evaluation.class.php @@ -131,7 +131,7 @@ class Evaluation implements GradebookItem public function load ($id = null, $user_id = null, $course_code = null, $category_id = null, $visible = null) { $tbl_grade_evaluations = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_EVALUATION); - $sql='SELECT id,name,description,user_id,course_code,category_id,date,weight,max,visible,type FROM '.$tbl_grade_evaluations; + $sql='SELECT id,name,description,user_id,course_code,category_id,created_at,weight,max,visible,type FROM '.$tbl_grade_evaluations; $paramcount = 0; if (isset ($id)) { $sql.= ' WHERE id = '.intval($id); @@ -161,7 +161,7 @@ class Evaluation implements GradebookItem $sql .= ' visible = '.intval($visible); $paramcount ++; } - + $result = Database::query($sql); $alleval = Evaluation::create_evaluation_objects_from_sql_result($result); return $alleval; diff --git a/main/gradebook/lib/be/linkfactory.class.php b/main/gradebook/lib/be/linkfactory.class.php index 1d4e4aaf5c..905f9912fc 100755 --- a/main/gradebook/lib/be/linkfactory.class.php +++ b/main/gradebook/lib/be/linkfactory.class.php @@ -6,13 +6,14 @@ // - add include // - change create() and get_all_types() // Please do not change existing values, they are used in the database ! -define('LINK_EXERCISE', 1); -define('LINK_DROPBOX',2); -define('LINK_STUDENTPUBLICATION',3); -define('LINK_LEARNPATH',4); -define('LINK_FORUM_THREAD',5); +define('LINK_EXERCISE', 1); +define('LINK_DROPBOX', 2); +define('LINK_STUDENTPUBLICATION', 3); +define('LINK_LEARNPATH', 4); +define('LINK_FORUM_THREAD', 5); //define('LINK_WORK',6); -define('LINK_ATTENDANCE',7); +define('LINK_ATTENDANCE', 7); + require_once 'gradebookitem.class.php'; require_once 'abstractlink.class.php'; require_once 'exerciselink.class.php'; @@ -22,6 +23,7 @@ require_once 'studentpublicationlink.class.php'; require_once 'learnpathlink.class.php'; require_once 'forumthreadlink.class.php'; require_once 'attendancelink.class.php'; + /** * Factory for link objects * @author Bert Steppé diff --git a/main/gradebook/lib/gradebook_functions.inc.php b/main/gradebook/lib/gradebook_functions.inc.php index c1d93701a3..cd638067d3 100755 --- a/main/gradebook/lib/gradebook_functions.inc.php +++ b/main/gradebook/lib/gradebook_functions.inc.php @@ -1,14 +1,15 @@ , Hogeschool Ghent +* @author Julio Montoya adding security functions * @version april 2007 */ require_once ('gradebook_functions_users.inc.php'); - /** * Adds a resource to the unique gradebook of a given course * @param string Course code @@ -118,7 +119,7 @@ function block_students() { */ function get_course_name_from_code($code) { $tbl_main_categories= Database :: get_main_table(TABLE_MAIN_COURSE); - $sql= 'SELECT title,code FROM ' . $tbl_main_categories . 'WHERE code = "' . $code . '"'; + $sql= 'SELECT title, code FROM ' . $tbl_main_categories . 'WHERE code = "' . Database::escape_string($code) . '"'; $result= Database::query($sql); if ($col= Database::fetch_array($result)) { return $col['title']; @@ -235,17 +236,10 @@ function build_edit_icons_link($link, $selectcat) { * @return int false on error or link ID */ function is_resource_in_course_gradebook($course_code, $resource_type, $resource_id, $session_id = 0) { - /* See defines in lib/be/linkfactory.class.php - define('LINK_EXERCISE',1); - define('LINK_DROPBOX',2); - define('LINK_STUDENTPUBLICATION',3); - define('LINK_LEARNPATH',4); - define('LINK_FORUM_THREAD',5), - define('LINK_WORK',6); - */ - require_once(api_get_path(SYS_CODE_PATH).'gradebook/lib/be/linkfactory.class.php'); - require_once (api_get_path(SYS_CODE_PATH).'gradebook/lib/be.inc.php'); - require_once(api_get_path(SYS_CODE_PATH).'gradebook/lib/be/linkfactory.class.php'); + require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/be/linkfactory.class.php'; + require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/be.inc.php'; + require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/be/linkfactory.class.php'; + // TODO find the corresponding category (the first one for this course, ordered by ID) $t = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY); $l = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK); @@ -262,7 +256,7 @@ function is_resource_in_course_gradebook($course_code, $resource_type, $resource } $row = Database::fetch_array($res); $category = $row['id']; - $sql = "SELECT * FROM $l l WHERE l.category_id = $category AND type = ".(int) $resource_type." and ref_id = ".(int) $resource_id; + $sql = "SELECT id FROM $l l WHERE l.category_id = $category AND type = ".(int) $resource_type." and ref_id = ".(int) $resource_id; $res = Database::query($sql); if (Database::num_rows($res)<1) { return false; @@ -285,15 +279,15 @@ function remove_resource_from_course_gradebook($link_id) { return true; } /** - * return the database name + * Return the database name * @param int * @return String */ function get_database_name_by_link_id($id_link) { $course_table = Database::get_main_table(TABLE_MAIN_COURSE); $tbl_grade_links = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); - $res=Database::query('SELECT db_name from '.$course_table.' c inner join '.$tbl_grade_links.' l - on c.code=l.course_code WHERE l.id='.$id_link.' OR l.category_id='.$id_link); + $res=Database::query('SELECT db_name FROM '.$course_table.' c INNER JOIN '.$tbl_grade_links.' l + ON c.code=l.course_code WHERE l.id='.intval($id_link).' OR l.category_id='.intval($id_link)); $my_db_name=Database::fetch_array($res,'ASSOC'); return $my_db_name['db_name']; } @@ -402,8 +396,8 @@ function parse_xml_data($file) { function update_user_info_about_certificate ($cat_id,$user_id,$path_certificate) { $table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE); if (!UserManager::is_user_certified($cat_id,$user_id)) { - $sql='UPDATE '.$table_certificate.' SET path_certificate="'.$path_certificate.'" - WHERE cat_id="'.$cat_id.'" AND user_id="'.$user_id.'" '; + $sql='UPDATE '.$table_certificate.' SET path_certificate="'.Database::escape_string($path_certificate).'" + WHERE cat_id="'.intval($cat_id).'" AND user_id="'.intval($user_id).'" '; $rs=Database::query($sql,__FILE__,__LINE__); } } @@ -419,12 +413,12 @@ function parse_xml_data($file) { function register_user_info_about_certificate ($cat_id,$user_id,$score_certificate, $date_certificate) { $table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE); $sql_exist='SELECT COUNT(*) as count FROM '.$table_certificate.' gc - WHERE gc.cat_id="'.$cat_id.'" AND user_id="'.$user_id.'" '; + WHERE gc.cat_id="'.intval($cat_id).'" AND user_id="'.intval($user_id).'" '; $rs_exist=Database::query($sql_exist,__FILE__,__LINE__); $row=Database::fetch_array($rs_exist); if ($row['count']==0) { - echo $sql='INSERT INTO '.$table_certificate.' (cat_id,user_id,score_certificate,date_certificate) - VALUES("'.$cat_id.'","'.$user_id.'","'.$score_certificate.'","'.$date_certificate.'")'; + $sql='INSERT INTO '.$table_certificate.' (cat_id,user_id,score_certificate,date_certificate) + VALUES("'.intval($cat_id).'","'.intval($user_id).'","'.Database::escape_string($score_certificate).'","'.Database::escape_string($date_certificate).'")'; $rs=Database::query($sql,__FILE__,__LINE__); } @@ -437,7 +431,7 @@ function parse_xml_data($file) { */ function get_certificate_date_by_user_id ($cat_id,$user_id) { $table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE); - $sql_get_date='SELECT date_certificate FROM '.$table_certificate.' WHERE cat_id="'.$cat_id.'" AND user_id="'.$user_id.'"'; + $sql_get_date='SELECT date_certificate FROM '.$table_certificate.' WHERE cat_id="'.intval($cat_id).'" AND user_id="'.intval($user_id).'"'; $rs_get_date=Database::query($sql_get_date,__FILE__,__LINE__); $row_get_date=Database::fetch_array($rs_get_date,'ASSOC'); return $row_get_date['date_certificate']; diff --git a/main/img/attendance.gif b/main/img/attendance.gif index 42ef08a90e..211fe655d8 100644 Binary files a/main/img/attendance.gif and b/main/img/attendance.gif differ diff --git a/main/img/attendance_na.gif b/main/img/attendance_na.gif index f2a98c943d..6b0df3e0a5 100644 Binary files a/main/img/attendance_na.gif and b/main/img/attendance_na.gif differ diff --git a/main/img/view_choose_na.gif b/main/img/view_choose_na.gif new file mode 100644 index 0000000000..ad42fb956e Binary files /dev/null and b/main/img/view_choose_na.gif differ diff --git a/main/img/view_fullscreen_na.gif b/main/img/view_fullscreen_na.gif new file mode 100644 index 0000000000..eb5caa606f Binary files /dev/null and b/main/img/view_fullscreen_na.gif differ diff --git a/main/inc/global.inc.php b/main/inc/global.inc.php index ee7414ced4..e1c91c25a7 100755 --- a/main/inc/global.inc.php +++ b/main/inc/global.inc.php @@ -446,7 +446,7 @@ if (!empty($valid_languages)) { // to use it within the function get_lang(...). $language_interface_initial_value = $language_interface; -/* +/** * Include all necessary language files * - trad4all * - notification diff --git a/main/inc/introductionSection.inc.php b/main/inc/introductionSection.inc.php index 2e872b4e26..331d7a347f 100755 --- a/main/inc/introductionSection.inc.php +++ b/main/inc/introductionSection.inc.php @@ -30,6 +30,8 @@ require_once api_get_path(LIBRARY_PATH).'course_description.lib.php'; $TBL_INTRODUCTION = Database::get_course_table(TABLE_TOOL_INTRO); $intro_editAllowed = $is_allowed_to_edit; +$session_id = api_get_session_id(); + global $charset; $intro_cmdEdit = empty($_GET['intro_cmdEdit']) ? '' : $_GET['intro_cmdEdit']; @@ -91,9 +93,9 @@ if ($intro_editAllowed) { $form_values = $form->exportValues(); $intro_content = Security::remove_XSS(stripslashes(api_html_entity_decode($form_values['intro_content'])), COURSEMANAGERLOWSECURITY); - if (!empty($intro_content)) { - $sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."'"; + $sql = "REPLACE $TBL_INTRODUCTION SET id='$moduleId',intro_text='".Database::escape_string($intro_content)."', session_id='".$session_id."'"; + Database::query($sql); Display::display_confirmation_message(get_lang('IntroductionTextUpdated'), false); } else { @@ -107,7 +109,7 @@ if ($intro_editAllowed) { /* Delete Command */ if ($intro_cmdDel) { - Database::query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'"); + Database::query("DELETE FROM $TBL_INTRODUCTION WHERE id='".$moduleId."' AND session_id='".$session_id."'"); Display::display_confirmation_message(get_lang('IntroductionTextDeleted')); } } @@ -117,7 +119,7 @@ if ($intro_editAllowed) { /* Retrieves the module introduction text, if exist */ -$sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".$moduleId."'"; +$sql = "SELECT intro_text FROM $TBL_INTRODUCTION WHERE id='".$moduleId."' AND session_id='".$session_id."'"; $intro_dbQuery = Database::query($sql); $intro_dbResult = Database::fetch_array($intro_dbQuery); $intro_content = $intro_dbResult['intro_text']; diff --git a/main/inc/lib/add_course.lib.inc.php b/main/inc/lib/add_course.lib.inc.php index 8c800808bc..3bb587a6c8 100755 --- a/main/inc/lib/add_course.lib.inc.php +++ b/main/inc/lib/add_course.lib.inc.php @@ -1105,7 +1105,8 @@ function update_Db_course($courseDbName, $language = null) CREATE TABLE `".$TABLEINTROS . "` ( id varchar(50) NOT NULL, intro_text text NOT NULL, - PRIMARY KEY (id) + session_id INT NOT NULL DEFAULT 0, + PRIMARY KEY (id, session_id) )" . $charset_clause); /* @@ -2324,12 +2325,12 @@ function fill_Db_course($courseDbName, $courseRepository, $language,$default_doc */ $intro_text='
mr. Dokeos'.lang2db(get_lang('IntroductionText')).'
'; - Database::query("INSERT INTO `".$TABLEINTROS . "` VALUES ('" . TOOL_COURSE_HOMEPAGE . "','".$intro_text. "')"); - Database::query("INSERT INTO `".$TABLEINTROS . "` VALUES ('" . TOOL_STUDENTPUBLICATION . "','".lang2db(get_lang('IntroductionTwo')) . "')"); + Database::query("INSERT INTO `".$TABLEINTROS . "` VALUES ('" . TOOL_COURSE_HOMEPAGE . "','".$intro_text. "', 0)"); + Database::query("INSERT INTO `".$TABLEINTROS . "` VALUES ('" . TOOL_STUDENTPUBLICATION . "','".lang2db(get_lang('IntroductionTwo')) . "', 0)"); //wiki intro $intro_wiki='
'.lang2db(get_lang('IntroductionWiki')).'
'; - Database::query("INSERT INTO `".$TABLEINTROS . "` VALUES ('" . TOOL_WIKI . "','".$intro_wiki. "')"); + Database::query("INSERT INTO `".$TABLEINTROS . "` VALUES ('" . TOOL_WIKI . "','".$intro_wiki. "', 0)"); /* ----------------------------------------------------------- diff --git a/main/inc/lib/mail.lib.inc.php b/main/inc/lib/mail.lib.inc.php index 4563c9ffc0..bd881fd59e 100755 --- a/main/inc/lib/mail.lib.inc.php +++ b/main/inc/lib/mail.lib.inc.php @@ -140,6 +140,10 @@ function api_mail_html($recipient_name, $recipient_email, $subject, $message, $s $mail->IsHTML(0); $mail->SMTPKeepAlive = true; + if (($sender_email != "") && ($sender_name != "")) { + $mail->AddReplyTo ($sender_email,$sender_name); + } + // attachments // $mail->AddAttachment($path); // $mail->AddAttachment($path,$filename); diff --git a/main/inc/lib/pear/HTML/QuickForm/date.php b/main/inc/lib/pear/HTML/QuickForm/date.php index 934f19aff0..6b14a9419c 100755 --- a/main/inc/lib/pear/HTML/QuickForm/date.php +++ b/main/inc/lib/pear/HTML/QuickForm/date.php @@ -56,11 +56,7 @@ class HTML_QuickForm_date extends HTML_QuickForm_group 'language' => 'en', 'format' => 'dMY', 'minYear' => 2001, - // Modified by Chamilo team, 16-MAR-2010. - // TODO: This modification to be re-thought. - //'maxYear' => 2090, - 'maxYear' => 2010, - // + 'maxYear' => 2090, 'addEmptyOption' => false, 'emptyOptionValue' => '', 'emptyOptionText' => ' ', @@ -288,6 +284,11 @@ class HTML_QuickForm_date extends HTML_QuickForm_group $this->_persistantFreeze = true; $this->_appendName = true; $this->_type = 'date'; + // Added by Ivan Tcholakov, 16-MAR-2010. + $current_year = intval(api_get_local_time()); + $this->_options['minYear'] = $current_year - 9; + $this->_options['maxYear'] = $current_year + 1; + // // set the options, do not bother setting bogus ones if (is_array($options)) { foreach ($options as $name => $value) { diff --git a/main/install/db_main.sql b/main/install/db_main.sql index e5ee44fb6f..28eafe5509 100644 --- a/main/install/db_main.sql +++ b/main/install/db_main.sql @@ -757,7 +757,7 @@ VALUES ('show_tabs', 'dashboard', 'checkbox', 'Platform', 'true', 'ShowTabsTitle', 'ShowTabsComment', NULL, 'TabsDashboard', 1), ('use_users_timezone', 'timezones', 'radio', 'Timezones', 'true', 'UseUsersTimezoneTitle','UseUsersTimezoneComment',NULL,'Timezones', 1), ('timezone_value', 'timezones', 'select', 'Timezones', '', 'TimezoneValueTitle','TimezoneValueComment',NULL,'Timezones', 1), -('dokeos_database_version', NULL, 'textfield', NULL,'1.8.7.10879','DokeosDatabaseVersion','',NULL,NULL,0); +('dokeos_database_version', NULL, 'textfield', NULL,'1.8.7.10983','DokeosDatabaseVersion','',NULL,NULL,0); UNLOCK TABLES; diff --git a/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql b/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql index 4995cf8755..6dc2ae0da2 100755 --- a/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql +++ b/main/install/migrate-db-1.8.6.2-1.8.7-pre.sql @@ -68,7 +68,7 @@ INSERT INTO settings_current (variable, subkey, type, category, selected_value, ALTER TABLE user_field_values CHANGE id id BIGINT NOT NULL AUTO_INCREMENT; ALTER TABLE user_field_values ADD INDEX (user_id, field_id); -UPDATE settings_current SET selected_value = '1.8.7.10741' WHERE variable = 'dokeos_database_version'; +UPDATE settings_current SET selected_value = '1.8.7.10983' WHERE variable = 'dokeos_database_version'; ALTER TABLE course_rel_user DROP PRIMARY KEY, ADD PRIMARY KEY (course_code, user_id, relation_type); ALTER TABLE session_rel_user DROP PRIMARY KEY, ADD PRIMARY KEY (id_session, id_user, relation_type); @@ -117,3 +117,4 @@ ALTER TABLE attendance ADD INDEX(active); ALTER TABLE lp_view ADD session_id INT NOT NULL DEFAULT 0; ALTER TABLE lp_view ADD INDEX(session_id); INSERT INTO course_setting (variable,value,category) VALUES ('allow_user_view_user_list',1,'user'); +ALTER TABLE tool_intro ADD COLUMN session_id INT NOT NULL DEFAULT 0 AFTER intro_text, DROP PRIMARY KEY, ADD PRIMARY KEY USING BTREE(id, session_id);