chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Format code, improve code: use user.id instead of user.user_id, add escape_string + intval

Browse Source
pull/2487/head
jmontoyaa 9 years ago
parent 4be7777cb4
commit 7d9481e703
3 changed files with 87 additions and 93 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 16
      main/inc/lib/usermanager.lib.php
  2. 16
      main/inc/lib/userportal.lib.php
  3. 148
      main/user/subscribe_user.php

16
main/inc/lib/usermanager.lib.php
Unescape View File

@ -2613,7 +2613,7 @@ class UserManager
case SESSION_AVAILABLE:
break;
case SESSION_INVISIBLE:
if ($ignore_visibility_for_admins == false) {
if ($ignore_visibility_for_admins === false) {
continue 2;
}
}
@ -2635,6 +2635,7 @@ class UserManager
/**
* Gives a list of [session_id-course_code] => [status] for the current user.
* @param integer $user_id
* @param int $sessionLimit
* @return array list of statuses (session_id-course_code => status)
*/
public static function get_personal_session_course_list($user_id, $sessionLimit = null)
@ -2881,9 +2882,6 @@ class UserManager
}
}
$personal_course_list = array();
$courses = array();
/* This query is very similar to the query below, but it will check the
session_rel_course_user table if there are courses registered
to our user or not */
@ -2904,8 +2902,10 @@ class UserManager
$where_access_url
ORDER BY sc.position ASC";
$result = Database::query($sql);
$personal_course_list = array();
$courses = array();
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
while ($result_row = Database::fetch_array($result, 'ASSOC')) {
$result_row['status'] = 5;
@ -2932,7 +2932,7 @@ class UserManager
WHERE
s.id = $session_id AND
(
(scu.user_id=$user_id AND scu.status=2) OR
(scu.user_id = $user_id AND scu.status=2) OR
s.id_coach = $user_id
)
$where_access_url
@ -2963,8 +2963,8 @@ class UserManager
}
} else {
//check if user is general coach for this session
$s = api_get_session_info($session_id);
if ($s['id_coach'] == $user_id) {
$sessionInfo = api_get_session_info($session_id);
if ($sessionInfo['id_coach'] == $user_id) {
$course_list = SessionManager::get_course_list_by_session_id($session_id);
if (!empty($course_list)) {

16
main/inc/lib/userportal.lib.php
Unescape View File

@ -1088,13 +1088,12 @@ class IndexManager
*/
public function returnCoursesAndSessions($user_id)
{
global $_configuration;
$gamificationModeIsActive = api_get_setting('gamification_mode');
$listCourse = '';
$specialCourseList = '';
$load_history = isset($_GET['history']) && intval($_GET['history']) == 1 ? true : false;
$viewGridCourses = api_get_configuration_value('view_grid_courses');
$showSimpleSessionInfo = api_get_configuration_value('show_simple_session_info');
$coursesWithoutCategoryTemplate = '/user_portal/classic_courses_without_category.tpl';
$coursesWithCategoryTemplate = '/user_portal/classic_courses_with_category.tpl';
@ -1102,12 +1101,10 @@ class IndexManager
if ($load_history) {
// Load sessions in category in *history*
$session_categories = UserManager::get_sessions_by_category($user_id, true);
} else {
// Load sessions in category
$session_categories = UserManager::get_sessions_by_category($user_id, false);
}
$html = '';
// Showing history title
if ($load_history) {
@ -1286,12 +1283,8 @@ class IndexManager
$params['num_users'] = $session_box['num_users'];
$params['num_courses'] = $session_box['num_courses'];
$params['courses'] = $html_courses_session;
//$params['extra_fields'] = $session_box['extra_fields'];
if (
isset($_configuration['show_simple_session_info']) &&
$_configuration['show_simple_session_info']
) {
if ($showSimpleSessionInfo) {
$params['show_simple_session_info'] = true;
}
@ -1381,10 +1374,7 @@ class IndexManager
$sessionParams[0]['courses'] = $html_courses_session;
$sessionParams[0]['show_simple_session_info'] = false;
if (
isset($_configuration['show_simple_session_info']) &&
$_configuration['show_simple_session_info']
) {
if ($showSimpleSessionInfo) {
$sessionParams[0]['show_simple_session_info'] = true;
}

148
main/user/subscribe_user.php
Unescape View File

@ -231,7 +231,7 @@ function get_number_of_users()
if (isset($_REQUEST['type']) && $_REQUEST['type'] === 'teacher') {
if (api_get_session_id() != 0) {
$sql = "SELECT COUNT(u.user_id)
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu
ON
@ -243,68 +243,68 @@ function get_number_of_users()
u.status = 1 AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
if (api_is_multiple_url_enabled()) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT COUNT(u.user_id)
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu
ON
u.user_id = cu.user_id and cu.c_id = '".api_get_course_int_id()."' AND
session_id ='".$sessionId."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
WHERE
cu.user_id IS NULL AND
access_url_id= $url_access_id AND
u.status = 1 AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL)
";
}
}
} else {
$sql = "SELECT COUNT(u.user_id)
FROM $user_table u
LEFT JOIN $course_user_table cu
ON u.user_id = cu.user_id and c_id='".api_get_course_int_id()."'
WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
if (api_is_multiple_url_enabled()) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu
ON
u.user_id = cu.user_id AND cu.c_id = '".api_get_course_int_id()."' AND
session_id ='".$sessionId."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
WHERE
cu.user_id IS NULL AND
access_url_id= $url_access_id AND
u.status = 1 AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL)
";
}
}
} else {
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $course_user_table cu
ON u.user_id = cu.user_id and c_id='".api_get_course_int_id()."'
WHERE cu.user_id IS NULL AND u.status<>".DRH." ";
if (api_is_multiple_url_enabled()) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
if (api_is_multiple_url_enabled()) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT COUNT(u.user_id)
FROM $user_table u
LEFT JOIN $course_user_table cu
ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
}
}
}
} else {
// students
if ($sessionId != 0) {
$sql = "SELECT COUNT(u.user_id)
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu
ON
u.user_id = cu.user_id AND
c_id='".api_get_course_int_id()."' AND
session_id ='".$sessionId."'
WHERE
cu.user_id IS NULL AND
u.status<>".DRH." AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $course_user_table cu
ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id ";
}
}
}
} else {
// students
if ($sessionId != 0) {
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu
ON
u.user_id = cu.user_id AND
c_id='".api_get_course_int_id()."' AND
session_id ='".$sessionId."'
WHERE
cu.user_id IS NULL AND
u.status<>".DRH." AND
(u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
if (api_is_multiple_url_enabled()) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT COUNT(u.user_id)
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu
ON
@ -312,7 +312,7 @@ function get_number_of_users()
c_id='".api_get_course_int_id()."' AND
session_id ='".$sessionId."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
ON (url_rel_user.user_id = u.id)
WHERE
cu.user_id IS NULL AND
u.status<>".DRH." AND
@ -321,7 +321,7 @@ function get_number_of_users()
}
}
} else {
$sql = "SELECT COUNT(u.user_id)
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $course_user_table cu
ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'";
@ -350,16 +350,17 @@ function get_number_of_users()
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT COUNT(u.user_id)
$sql = "SELECT COUNT(u.id)
FROM $user_table u
LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and c_id='".api_get_course_int_id()."'
LEFT JOIN $course_user_table cu
ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
ON (url_rel_user.user_id = u.id)
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id AND u.status <> ".DRH." ";
}
}
}
}
}
}
// when there is a keyword then we are searching and we have to change the SQL statement
if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
@ -425,7 +426,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
$is_western_name_order = api_is_western_name_order();
if (api_get_setting('show_email_addresses') === 'true') {
$select_fields = "u.user_id AS col0,
$select_fields = "u.id AS col0,
u.official_code AS col1,
".($is_western_name_order
? "u.firstname AS col2,
@ -474,12 +475,11 @@ function get_user_data($from, $number_of_items, $column, $direction)
(u.official_code <> 'ADMIN' OR u.official_code IS NULL) AND
field_values.field_id = '".intval($field_identification[0])."' AND
field_values.value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
}
$sql .= " AND access_url_id= $url_access_id";
} else {
$sql .= "WHERE cu.user_id IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
}
$sql .= " AND access_url_id = $url_access_id";
} else {
// adding a teacher NOT through a session
$sql = "SELECT $select_fields
@ -664,7 +664,9 @@ function get_user_data($from, $number_of_items, $column, $direction)
// Sorting and pagination (used by the sortable table)
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$from = (int) $from;
$number_of_items = (int) $number_of_items;
$sql .= " LIMIT $from, $number_of_items";
$res = Database::query($sql);
$users = array ();
@ -695,6 +697,8 @@ function reg_filter($user_id)
} else {
$type = STUDENT;
}
$user_id = (int) $user_id;
$result = '<a class="btn btn-small btn-primary" href="'.api_get_self().'?register=yes&type='.$type.'&user_id='.$user_id.'">'.
get_lang("reg").'</a>';
@ -710,7 +714,6 @@ function reg_filter($user_id)
* @param string $url_params
* @return string Some HTML-code with the lock/unlock button
*/
function active_filter($active, $url_params, $row)
{
$_user = api_get_user_info();
@ -723,7 +726,7 @@ function active_filter($active, $url_params, $row)
$action = 'AccountInactive';
$image = 'error';
}
$result = null;
$result = '';
if ($row['0'] <> $_user['user_id']) {
// you cannot lock yourself out otherwise you could disable all the accounts
// including your own => everybody is locked out and nobody can change it anymore.
@ -754,6 +757,7 @@ function search_additional_profile_fields($keyword)
$tableExtraField = Database::get_main_table(TABLE_EXTRA_FIELD);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$keyword = Database::escape_string($keyword);
// getting the field option text that match this keyword (for radio buttons and checkboxes)
$sql = "SELECT * FROM $table_user_field_options
WHERE display_text LIKE '%".$keyword."%'";

Write Preview
Loading…
Cancel
Save