chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use database::insert/update functions.

Browse Source
1.10.x
Julio Montoya 10 years ago
parent 4d970551d9
commit 6f5068fafe
13 changed files with 270 additions and 190 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 18
      main/exercice/savescores.php
  2. 15
      main/gradebook/lib/GradebookUtils.php
  3. 68
      main/gradebook/lib/be/abstractlink.class.php
  4. 33
      main/gradebook/lib/be/evaluation.class.php
  5. 20
      main/gradebook/lib/scoredisplay.class.php
  6. 4
      main/inc/lib/course.lib.php
  7. 22
      main/inc/lib/document.lib.php
  8. 22
      main/inc/lib/events.lib.php
  9. 40
      main/inc/lib/groupmanager.lib.php
  10. 50
      main/inc/lib/message.lib.php
  11. 13
      main/inc/lib/sessionmanager.lib.php
  12. 36
      main/inc/lib/system_announcements.lib.php
  13. 45
      main/inc/lib/thematic.lib.php

18
main/exercice/savescores.php
Unescape View File

@ -51,15 +51,17 @@ function save_scores($file, $score)
// anonymous
$user_id = "NULL";
}
$sql = "INSERT INTO $TABLETRACK_HOTPOTATOES (exe_name, exe_user_id, exe_date, c_id, exe_result, exe_weighting) VALUES (
'".Database::escape_string($file)."',
".intval($user_id).",
'".Database::escape_string($date)."',
$c_id,
'".Database::escape_string($score)."',
'".Database::escape_string($weighting)."')";
Database::query($sql);
$params = [
'exe_name' => $file,
'exe_user_id' => $user_id,
'exe_date' => $date,
'c_id' => $c_id,
'exe_result' => $score,
'exe_weighting' => $weighting,
];
Database::insert($TABLETRACK_HOTPOTATOES, $params);
if ($origin == 'learnpath') {
//if we are in a learning path, save the score in the corresponding

15
main/gradebook/lib/GradebookUtils.php
Unescape View File

@ -585,15 +585,20 @@ class GradebookUtils
*/
public static function register_user_info_about_certificate($cat_id, $user_id, $score_certificate, $date_certificate)
{
$table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$sql = 'SELECT COUNT(*) as count FROM ' . $table_certificate . ' gc
$table = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$sql = 'SELECT COUNT(*) as count
FROM ' . $table . ' gc
WHERE gc.cat_id="' . intval($cat_id) . '" AND user_id="' . intval($user_id) . '" ';
$rs_exist = Database::query($sql);
$row = Database::fetch_array($rs_exist);
if ($row['count'] == 0) {
$sql = 'INSERT INTO ' . $table_certificate . ' (cat_id,user_id,score_certificate,created_at)
VALUES ("' . intval($cat_id) . '","' . intval($user_id) . '","' . Database::escape_string($score_certificate) . '","' . Database::escape_string($date_certificate) . '")';
Database::query($sql);
$params = [
'cat_id' => $cat_id,
'user_id' => $user_id,
'score_certificate' => $score_certificate,
'created_at' => $date_certificate
];
Database::insert($table, $params);
}
}

68
main/gradebook/lib/be/abstractlink.class.php
Unescape View File

@ -335,18 +335,17 @@ abstract class AbstractLink implements GradebookItem
$row_testing = Database::fetch_array($result);
if ($row_testing[0] == 0) {
$sql = 'INSERT INTO '.$tbl_grade_links.' (type, ref_id, user_id, course_code, category_id, weight, visible, created_at) VALUES ('
.intval($this->get_type())
.','.intval($this->get_ref_id())
.','.intval($this->get_user_id())
.",'".Database::escape_string($this->get_course_code())."'"
.','.intval($this->get_category_id())
.",'".Database::escape_string($this->get_weight())."'"
.','.intval($this->is_visible());
$sql .= ','.'"'.$date_current = api_get_local_time().'"';
$sql .= ")";
Database::query($sql);
$inserted_id = Database::insert_id();
$params = [
'type' => $this->get_type(),
'ref_id' => $this->get_ref_id(),
'user_id' => $this->get_user_id(),
'course_code' => $this->get_course_code(),
'category_id' => $this->get_category_id(),
'weight' => $this->get_weight(),
'visible' => $this->is_visible(),
'created_at' => api_get_utc_datetime(),
];
$inserted_id = Database::insert($tbl_grade_links, $params);
$this->set_id($inserted_id);
return $inserted_id;
}
@ -363,20 +362,21 @@ abstract class AbstractLink implements GradebookItem
public function save()
{
$this->save_linked_data();
$tbl_grade_links = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$sql = "UPDATE $tbl_grade_links SET
type = ".intval($this->get_type()).",
ref_id = ".intval($this->get_ref_id()).",
user_id = ".intval($this->get_user_id()).",
course_code = '".Database::escape_string($this->get_course_code())."',
category_id = ".intval($this->get_category_id()).",
weight = '".Database::escape_string($this->get_weight())."',
visible = ".intval($this->is_visible())."
WHERE id = ".intval($this->id);
$table = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$params = [
'type' => $this->get_type(),
'ref_id' => $this->get_ref_id(),
'user_id' => $this->get_user_id(),
'course_code' => $this->get_course_code(),
'category_id' => $this->get_category_id(),
'weight' => $this->get_weight(),
'visible' => $this->is_visible(),
];
Database::insert($table, $params, ['id = ?' => $this->id]);
AbstractLink::add_link_log($this->id);
Database::query($sql);
}
/**
@ -384,14 +384,14 @@ abstract class AbstractLink implements GradebookItem
*/
public static function add_link_log($idevaluation, $nameLog = null)
{
$tbl_grade_linkeval_log = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG);
$dateobject=AbstractLink::load ($idevaluation,null,null,null,null);
$current_date_server=api_get_utc_datetime();
$table = Database:: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG);
$dateobject = AbstractLink::load($idevaluation, null, null, null, null);
$current_date_server = api_get_utc_datetime();
$arreval = get_object_vars($dateobject[0]);
$description_log = isset($arreval['description']) ? $arreval['description']:'';
if (empty($nameLog)) {
if (isset($_POST['name_link'])) {
$name_log = isset($_POST['name_link']) ? Security::remove_XSS($_POST['name_link']) : $arreval['course_code'];
$name_log = isset($_POST['name_link']) ? $_POST['name_link'] : $arreval['course_code'];
} elseif (isset($_POST['link_' . $idevaluation]) && $_POST['link_' . $idevaluation]) {
$name_log = $_POST['link_' . $idevaluation];
} else {
@ -400,10 +400,18 @@ abstract class AbstractLink implements GradebookItem
} else {
$name_log = $nameLog;
}
$sql="INSERT INTO ".$tbl_grade_linkeval_log."(id_linkeval_log, name,description,created_at,weight,visible,type,user_id_log)
VALUES('".Database::escape_string($arreval['id'])."','".Database::escape_string($name_log)."','".Database::escape_string($description_log)."','".Database::escape_string($current_date_server)."','".Database::escape_string($arreval['weight'])."','".Database::escape_string($arreval['visible'])."','Link',".api_get_user_id().")";
Database::query($sql);
$params = [
'id_linkeval_log' => $arreval['id'],
'name' => $name_log,
'description' => $description_log,
'created_at' => $current_date_server,
'weight' => $arreval['weight'],
'visible' => $arreval['visible'],
'type' => 'Link',
'user_id_log' => api_get_user_id(),
];
Database::insert($table, $params);
}
/**

33
main/gradebook/lib/be/evaluation.class.php
Unescape View File

@ -352,7 +352,7 @@ class Evaluation implements GradebookItem
}
/**
* @param $idevaluation
* @param int $idevaluation
*/
public function add_evaluation_log($idevaluation)
{
@ -363,13 +363,22 @@ class Evaluation implements GradebookItem
$dateobject = $eval->load($idevaluation,null,null,null,null);
$arreval = get_object_vars($dateobject[0]);
if (!empty($arreval['id'])) {
$sql_eval='SELECT weight from '.$tbl_grade_evaluations.' WHERE id='.$arreval['id'];
$rs=Database::query($sql_eval);
$row_old_weight=Database::fetch_array($rs,'ASSOC');
$current_date=api_get_utc_datetime();
$sql = "INSERT INTO ".$tbl_grade_linkeval_log."(id_linkeval_log,name,description,created_at,weight,visible,type,user_id_log)
VALUES('".Database::escape_string($arreval['id'])."','".Database::escape_string($arreval['name'])."','".Database::escape_string($arreval['description'])."','".$current_date."','".Database::escape_string($row_old_weight['weight'])."','".Database::escape_string($arreval['visible'])."','evaluation',".api_get_user_id().")";
Database::query($sql);
$sql = 'SELECT weight from '.$tbl_grade_evaluations.'
WHERE id='.$arreval['id'];
$rs = Database::query($sql);
$row_old_weight = Database::fetch_array($rs, 'ASSOC');
$current_date = api_get_utc_datetime();
$params = [
'id_linkeval_log' => $arreval['id'],
'name' => $arreval['name'],
'description' => $arreval['description'],
'created_at' => $current_date,
'weight' => $row_old_weight['weight'],
'visible' => $arreval['visible'],
'type' => 'evaluation',
'user_id_log' => api_get_user_id()
];
Database::insert($tbl_grade_linkeval_log, $params);
}
}
}
@ -478,8 +487,9 @@ class Evaluation implements GradebookItem
public function has_results()
{
$tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
$sql='SELECT count(id) AS number FROM '.$tbl_grade_results
.' WHERE evaluation_id = '.intval($this->id);
$sql = 'SELECT count(id) AS number
FROM '.$tbl_grade_results.'
WHERE evaluation_id = '.intval($this->id);
$result = Database::query($sql);
$number=Database::fetch_row($result);
@ -492,7 +502,8 @@ class Evaluation implements GradebookItem
public function delete_results()
{
$tbl_grade_results = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_RESULT);
$sql = 'DELETE FROM '.$tbl_grade_results.' WHERE evaluation_id = '.intval($this->id);
$sql = 'DELETE FROM '.$tbl_grade_results.'
WHERE evaluation_id = '.intval($this->id);
Database::query($sql);
}

20
main/gradebook/lib/scoredisplay.class.php
Unescape View File

@ -195,7 +195,7 @@ class ScoreDisplay
* @param int score color percent (optional)
* @param int gradebook category id (optional)
*/
public function update_custom_score_display_settings ($displays, $scorecolpercent = 0, $category_id = null)
public function update_custom_score_display_settings($displays, $scorecolpercent = 0, $category_id = null)
{
$this->custom_display = $displays;
$this->custom_display_conv = $this->convert_displays($this->custom_display);
@ -207,21 +207,23 @@ class ScoreDisplay
}
// remove previous settings
$tbl_display = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_SCORE_DISPLAY);
$sql = 'DELETE FROM '.$tbl_display.' WHERE category_id = '.$category_id;
$table = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_SCORE_DISPLAY);
$sql = 'DELETE FROM '.$table.' WHERE category_id = '.$category_id;
Database::query($sql);
// add new settings
$sql = 'INSERT INTO '.$tbl_display.' (id, score, display, category_id, score_color_percent) VALUES ';
$count = 0;
foreach ($displays as $display) {
if ($count > 0) {
$sql .= ',';
}
$sql .= "(NULL, '".$display['score']."', '".Database::escape_string($display['display'])."', ".$category_id.", ".intval($scorecolpercent).")";
$params = [
'score' => $display['score'],
'display' => $display['display'],
'category_id' => $category_id,
'score_color_percent' => $scorecolpercent,
];
Database::insert($table, $params);
$count++;
}
Database::query($sql);
}
/**

4
main/inc/lib/course.lib.php
Unescape View File

@ -4828,8 +4828,8 @@ class CourseManager
WHERE c_id = "' . $courseId . '" AND user_id = "' . $userId . '" ';
} else {
$sql = "INSERT INTO " . $course_user_table . " SET
c_id = '" . $courseId . "',
user_id = '" . $userId . "',
c_id = " . $courseId . ",
user_id = " . $userId . ",
status = '1',
is_tutor = '0',
sort = '0',

22
main/inc/lib/document.lib.php
Unescape View File

@ -1455,19 +1455,15 @@ class DocumentManager
{
// Database table definition
$table_template = Database::get_main_table(TABLE_MAIN_TEMPLATES);
// creating the sql statement
$sql = "INSERT INTO $table_template
(title, description, course_code, user_id, ref_doc, image)
VALUES (
'" . Database::escape_string($title) . "',
'" . Database::escape_string($description) . "',
'" . Database::escape_string($course_code) . "',
'" . intval($user_id) . "',
'" . Database::escape_string($document_id_for_template) . "',
'" . Database::escape_string($image) . "')";
Database::query($sql);
$params = [
'title' => $title,
'description' => $description,
'course_code' => $course_code,
'user_id' => $user_id,
'ref_doc' => $document_id_for_template,
'image' => $image,
];
Database::insert($table_template, $params);
return true;
}

22
main/inc/lib/events.lib.php
Unescape View File

@ -34,19 +34,19 @@ class Event
if ($pos === false && $referer != '') {
$ip = api_get_real_ip();
$remhost = @ getHostByAddr($ip);
if ($remhost == $ip)
$remhost = "Unknown"; // don't change this
if ($remhost == $ip) {
$remhost = "Unknown";
} // don't change this
$reallyNow = api_get_utc_datetime();
$sql = "INSERT INTO ".$TABLETRACK_OPEN."
(open_remote_host,
open_agent,
open_referer,
open_date)
VALUES
('".$remhost."',
'".Database::escape_string($_SERVER['HTTP_USER_AGENT'])."', '".Database::escape_string($referer)."', '$reallyNow')";
$res = Database::query($sql);
$params = [
'open_remote_host' => $remhost,
'open_agent' => $_SERVER['HTTP_USER_AGENT'],
'open_referer' => $referer,
'open_date' => $reallyNow,
];
Database::insert($TABLETRACK_OPEN, $params);
}
return 1;
}

40
main/inc/lib/groupmanager.lib.php
Unescape View File

@ -816,29 +816,31 @@ class GroupManager
if (!isset ($obj->new_order)) {
$obj->new_order = 1;
}
$sql = "INSERT INTO ".$table_group_category." SET
c_id = $course_id ,
title='".Database::escape_string($title)."',
display_order ='".$obj->new_order."',
description='".Database::escape_string($description)."',
doc_state = '".Database::escape_string($doc_state)."',
work_state = '".Database::escape_string($work_state)."',
calendar_state = '".Database::escape_string($calendar_state)."',
announcements_state = '".Database::escape_string($announcements_state)."',
forum_state = '".Database::escape_string($forum_state)."',
wiki_state = '".Database::escape_string($wiki_state)."',
chat_state = '".Database::escape_string($chat_state)."',
groups_per_user = '".Database::escape_string($groups_per_user)."',
self_reg_allowed = '".Database::escape_string($self_registration_allowed)."',
self_unreg_allowed = '".Database::escape_string($self_unregistration_allowed)."',
max_student = '".Database::escape_string($maximum_number_of_students)."' ";
Database::query($sql);
$categoryId = Database::insert_id();
if ($categoryId) {
$params = [
'c_id' => $course_id,
'title' => $title,
'display_order' => $obj->new_order,
'description' => $description,
'doc_state' => $doc_state,
'work_state' => $work_state,
'calendar_state' => $calendar_state,
'announcements_state' => $announcements_state,
'forum_state' => $forum_state,
'wiki_state' => $wiki_state,
'chat_state' => $chat_state,
'groups_per_user' => $groups_per_user,
'self_reg_allowed' => $self_registration_allowed,
'self_unreg_allowed' => $self_unregistration_allowed,
'max_student' => $maximum_number_of_students
];
$categoryId = Database::insert($table_group_category, $params);
if ($categoryId) {
$sql = "UPDATE $table_group_category SET id = iid
WHERE iid = $categoryId";
Database::query($sql);
return $categoryId;
}

50
main/inc/lib/message.lib.php
Unescape View File

@ -264,10 +264,19 @@ class MessageManager
Database::query($query);
$inbox_last_id = $edit_message_id;
} else {
$query = "INSERT INTO $table_message (user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date ) ".
"VALUES ('$user_sender_id', '$receiver_user_id', '1', '".$now."','$clean_subject','$clean_content','$group_id','$parent_id', '".$now."')";
Database::query($query);
$inbox_last_id = Database::insert_id();
$params = [
'user_sender_id' => $user_sender_id,
'user_receiver_id' => $receiver_user_id,
'msg_status' => '1',
'send_date' => $now,
'title' => $subject,
'content' => $content,
'group_id' => $group_id,
'parent_id' => $parent_id,
'update_date' => $now
];
$inbox_last_id = Database::insert($table_message, $params);
}
// Save attachment file for inbox messages
@ -289,11 +298,19 @@ class MessageManager
}
if (empty($group_id)) {
//message in outbox for user friend or group
$sql = "INSERT INTO $table_message (user_sender_id, user_receiver_id, msg_status, send_date, title, content, group_id, parent_id, update_date )
VALUES ('$user_sender_id', '$receiver_user_id', '4', '".$now."','$clean_subject','$clean_content', '$group_id', '$parent_id', '".$now."')";
Database::query($sql);
$outbox_last_id = Database::insert_id();
// message in outbox for user friend or group
$params = [
'user_sender_id' => $user_sender_id,
'user_receiver_id' => $receiver_user_id,
'msg_status' => '4',
'send_date' => $now,
'title' => $subject,
'content' => $content,
'group_id' => $group_id,
'parent_id' => $parent_id,
'update_date' => $now
];
$outbox_last_id = Database::insert($table_message, $params);
// save attachment file for outbox messages
if (is_array($file_attachments)) {
@ -574,13 +591,16 @@ class MessageManager
if (is_uploaded_file($file_attach['tmp_name'])) {
@copy($file_attach['tmp_name'], $new_path);
}
$safe_file_comment = Database::escape_string($file_comment);
$safe_file_name = Database::escape_string($file_name);
$safe_new_file_name = Database::escape_string($new_file_name);
// Storing the attachments if any
$sql = "INSERT INTO $tbl_message_attach(filename,comment, path,message_id,size)
VALUES ('$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$message_id', '".$file_attach['size']."' )";
Database::query($sql);
$params = [
'filename' => $file_name,
'comment' => $file_comment,
'path' => $new_file_name,
'message_id' => $message_id,
'size' => $file_attach['size']
];
Database::insert($tbl_message_attach, $params);
}
}

13
main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -2408,11 +2408,16 @@ class SessionManager
$msg = get_lang('StartDateShouldBeBeforeEndDate');
return $msg;
}
$access_url_id = api_get_current_access_url_id();
$sql = "INSERT INTO $tbl_session_category (name, date_start, date_end, access_url_id)
VALUES('" . Database::escape_string($name) . "','$date_start','$date_end', '$access_url_id')";
Database::query($sql);
$id_session = Database::insert_id();
$params = [
'name' => $name,
'date_start' => $date_start,
'date_end' => $date_end,
'access_url_id' => $access_url_id
];
$id_session = Database::insert($tbl_session_category, $params);
// Add event to system log
$user_id = api_get_user_id();
Event::addEvent(

36
main/inc/lib/system_announcements.lib.php
Unescape View File

@ -353,22 +353,32 @@ class SystemAnnouncementManager
$start = api_get_utc_datetime($date_start);
$end = api_get_utc_datetime($date_end);
$title = Database::escape_string($title);
$content = Database::escape_string($content);
//Fixing urls that are sent by email
$content = str_replace('src=\"/home/', 'src=\"'.api_get_path(WEB_PATH).'home/', $content);
$content = str_replace('file=/home/', 'file='.api_get_path(WEB_PATH).'home/', $content);
$langsql = is_null($lang) ? 'NULL' : "'".Database::escape_string($lang)."'";
$lang = is_null($lang) ? 'NULL' : $lang;
$current_access_url_id = 1;
if (api_is_multiple_url_enabled()) {
$current_access_url_id = api_get_current_access_url_id();
}
$sql = "INSERT INTO ".$db_table." (title,content,date_start,date_end,visible_teacher,visible_student,visible_guest, lang, access_url_id)
VALUES ('".$title."','".$content."','".$start."','".$end."','".$visible_teacher."','".$visible_student."','".$visible_guest."',".$langsql.", ".$current_access_url_id.")";
$params = [
'title' => $title,
'content' => $content,
'date_start' => $start,
'date_end' => $end,
'visible_teacher' => $visible_teacher,
'visible_student' => $visible_student,
'visible_guest' => $visible_guest,
'lang' => $lang,
'access_url_id' => $current_access_url_id,
];
$resultId = Database::insert($db_table, $params);
if ($resultId) {
if ($sendEmailTest) {
SystemAnnouncementManager::send_system_announcement_by_email(
@ -391,16 +401,10 @@ class SystemAnnouncementManager
}
}
$res = Database::query($sql);
if ($res === false) {
return false;
}
$id = null;
if ($add_to_calendar) {
$agenda = new Agenda();
$agenda->setType('admin');
$id = $agenda->addEvent(
$agenda->addEvent(
$date_start,
$date_end,
false,
@ -409,7 +413,11 @@ class SystemAnnouncementManager
);
}
return $id;
return $resultId;
}
return false;
}
/**

45
main/inc/lib/thematic.lib.php
Unescape View File

@ -292,22 +292,42 @@ class Thematic
if (empty($id)) {
// insert
$sql = "INSERT INTO $tbl_thematic (c_id, title, content, active, display_order, session_id)
VALUES ($this->course_int_id, '$title', '$content', 1, ".(intval($max_thematic_item)+1).", $session_id) ";
$result = Database::query($sql);
$last_id = Database::insert_id();
$params = [
'c_id' => $this->course_int_id,
'title' => $title,
'content' => $content,
'active' => 1,
'display_order' => intval($max_thematic_item) + 1,
'session_id' => $session_id
];
$last_id = Database::insert($tbl_thematic, $params);
if ($last_id) {
$sql = "UPDATE $tbl_thematic SET id = iid WHERE iid = $last_id";
Database::query($sql);
api_item_property_update($_course, 'thematic', $last_id,"ThematicAdded", $user_id);
api_item_property_update(
$_course,
'thematic',
$last_id,
"ThematicAdded",
$user_id
);
}
} else {
// update
$sql = "UPDATE $tbl_thematic SET title = '$title', content = '$content', session_id = $session_id
WHERE id = $id AND c_id = {$this->course_int_id}";
$result = Database::query($sql);
// Update
$params = [
'title' => $title,
'content' => $content,
'session_id' => $session_id
];
Database::update(
$tbl_thematic,
$params,
['id = ? AND c_id = ?' => [$id, $this->course_int_id]]
);
$last_id = $id;
if (Database::affected_rows($result)) {
// save inside item property table
api_item_property_update(
$_course,
@ -316,8 +336,9 @@ class Thematic
"ThematicUpdated",
$user_id
);
}
}
return $last_id;
}
@ -328,7 +349,7 @@ class Thematic
*/
public function thematic_destroy($thematic_id)
{
global $_course;
$_course = api_get_course_info();
$tbl_thematic = Database::get_course_table(TABLE_THEMATIC);
$affected_rows = 0;
$user_id = api_get_user_id();

Write Preview
Loading…
Cancel
Save