diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php index c3ac9d09d3..4673c50706 100755 --- a/main/inc/lib/usermanager.lib.php +++ b/main/inc/lib/usermanager.lib.php @@ -2613,7 +2613,7 @@ class UserManager case SESSION_AVAILABLE: break; case SESSION_INVISIBLE: - if ($ignore_visibility_for_admins == false) { + if ($ignore_visibility_for_admins === false) { continue 2; } } @@ -2635,6 +2635,7 @@ class UserManager /** * Gives a list of [session_id-course_code] => [status] for the current user. * @param integer $user_id + * @param int $sessionLimit * @return array list of statuses (session_id-course_code => status) */ public static function get_personal_session_course_list($user_id, $sessionLimit = null) @@ -2881,9 +2882,6 @@ class UserManager } } - $personal_course_list = array(); - $courses = array(); - /* This query is very similar to the query below, but it will check the session_rel_course_user table if there are courses registered to our user or not */ @@ -2904,8 +2902,10 @@ class UserManager $where_access_url ORDER BY sc.position ASC"; - $result = Database::query($sql); + $personal_course_list = array(); + $courses = array(); + $result = Database::query($sql); if (Database::num_rows($result) > 0) { while ($result_row = Database::fetch_array($result, 'ASSOC')) { $result_row['status'] = 5; @@ -2932,7 +2932,7 @@ class UserManager WHERE s.id = $session_id AND ( - (scu.user_id=$user_id AND scu.status=2) OR + (scu.user_id = $user_id AND scu.status=2) OR s.id_coach = $user_id ) $where_access_url @@ -2963,8 +2963,8 @@ class UserManager } } else { //check if user is general coach for this session - $s = api_get_session_info($session_id); - if ($s['id_coach'] == $user_id) { + $sessionInfo = api_get_session_info($session_id); + if ($sessionInfo['id_coach'] == $user_id) { $course_list = SessionManager::get_course_list_by_session_id($session_id); if (!empty($course_list)) { diff --git a/main/inc/lib/userportal.lib.php b/main/inc/lib/userportal.lib.php index 5914877151..08597f2917 100755 --- a/main/inc/lib/userportal.lib.php +++ b/main/inc/lib/userportal.lib.php @@ -1088,13 +1088,12 @@ class IndexManager */ public function returnCoursesAndSessions($user_id) { - global $_configuration; - $gamificationModeIsActive = api_get_setting('gamification_mode'); $listCourse = ''; $specialCourseList = ''; $load_history = isset($_GET['history']) && intval($_GET['history']) == 1 ? true : false; $viewGridCourses = api_get_configuration_value('view_grid_courses'); + $showSimpleSessionInfo = api_get_configuration_value('show_simple_session_info'); $coursesWithoutCategoryTemplate = '/user_portal/classic_courses_without_category.tpl'; $coursesWithCategoryTemplate = '/user_portal/classic_courses_with_category.tpl'; @@ -1102,12 +1101,10 @@ class IndexManager if ($load_history) { // Load sessions in category in *history* $session_categories = UserManager::get_sessions_by_category($user_id, true); - } else { // Load sessions in category $session_categories = UserManager::get_sessions_by_category($user_id, false); } - $html = ''; // Showing history title if ($load_history) { @@ -1286,12 +1283,8 @@ class IndexManager $params['num_users'] = $session_box['num_users']; $params['num_courses'] = $session_box['num_courses']; $params['courses'] = $html_courses_session; - //$params['extra_fields'] = $session_box['extra_fields']; - if ( - isset($_configuration['show_simple_session_info']) && - $_configuration['show_simple_session_info'] - ) { + if ($showSimpleSessionInfo) { $params['show_simple_session_info'] = true; } @@ -1381,10 +1374,7 @@ class IndexManager $sessionParams[0]['courses'] = $html_courses_session; $sessionParams[0]['show_simple_session_info'] = false; - if ( - isset($_configuration['show_simple_session_info']) && - $_configuration['show_simple_session_info'] - ) { + if ($showSimpleSessionInfo) { $sessionParams[0]['show_simple_session_info'] = true; } diff --git a/main/user/subscribe_user.php b/main/user/subscribe_user.php index 28d3498162..afc2d37058 100755 --- a/main/user/subscribe_user.php +++ b/main/user/subscribe_user.php @@ -231,7 +231,7 @@ function get_number_of_users() if (isset($_REQUEST['type']) && $_REQUEST['type'] === 'teacher') { if (api_get_session_id() != 0) { - $sql = "SELECT COUNT(u.user_id) + $sql = "SELECT COUNT(u.id) FROM $user_table u LEFT JOIN $tbl_session_rel_course_user cu ON @@ -243,68 +243,68 @@ function get_number_of_users() u.status = 1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; - if (api_is_multiple_url_enabled()) { - $url_access_id = api_get_current_access_url_id(); - if ($url_access_id !=-1) { - $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); - $sql = "SELECT COUNT(u.user_id) - FROM $user_table u - LEFT JOIN $tbl_session_rel_course_user cu - ON - u.user_id = cu.user_id and cu.c_id = '".api_get_course_int_id()."' AND - session_id ='".$sessionId."' - INNER JOIN $tbl_url_rel_user as url_rel_user - ON (url_rel_user.user_id = u.user_id) - WHERE - cu.user_id IS NULL AND - access_url_id= $url_access_id AND - u.status = 1 AND - (u.official_code <> 'ADMIN' OR u.official_code IS NULL) - "; - } - } - } else { - $sql = "SELECT COUNT(u.user_id) - FROM $user_table u - LEFT JOIN $course_user_table cu - ON u.user_id = cu.user_id and c_id='".api_get_course_int_id()."' - WHERE cu.user_id IS NULL AND u.status<>".DRH." "; + if (api_is_multiple_url_enabled()) { + $url_access_id = api_get_current_access_url_id(); + if ($url_access_id !=-1) { + $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); + $sql = "SELECT COUNT(u.id) + FROM $user_table u + LEFT JOIN $tbl_session_rel_course_user cu + ON + u.user_id = cu.user_id AND cu.c_id = '".api_get_course_int_id()."' AND + session_id ='".$sessionId."' + INNER JOIN $tbl_url_rel_user as url_rel_user + ON (url_rel_user.user_id = u.user_id) + WHERE + cu.user_id IS NULL AND + access_url_id= $url_access_id AND + u.status = 1 AND + (u.official_code <> 'ADMIN' OR u.official_code IS NULL) + "; + } + } + } else { + $sql = "SELECT COUNT(u.id) + FROM $user_table u + LEFT JOIN $course_user_table cu + ON u.user_id = cu.user_id and c_id='".api_get_course_int_id()."' + WHERE cu.user_id IS NULL AND u.status<>".DRH." "; - if (api_is_multiple_url_enabled()) { - $url_access_id = api_get_current_access_url_id(); - if ($url_access_id !=-1) { - $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); + if (api_is_multiple_url_enabled()) { + $url_access_id = api_get_current_access_url_id(); + if ($url_access_id !=-1) { + $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); - $sql = "SELECT COUNT(u.user_id) - FROM $user_table u - LEFT JOIN $course_user_table cu - ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."' - INNER JOIN $tbl_url_rel_user as url_rel_user - ON (url_rel_user.user_id = u.user_id) - WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id "; - } - } - } - } else { - // students - if ($sessionId != 0) { - $sql = "SELECT COUNT(u.user_id) - FROM $user_table u - LEFT JOIN $tbl_session_rel_course_user cu - ON - u.user_id = cu.user_id AND - c_id='".api_get_course_int_id()."' AND - session_id ='".$sessionId."' - WHERE - cu.user_id IS NULL AND - u.status<>".DRH." AND - (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; + $sql = "SELECT COUNT(u.id) + FROM $user_table u + LEFT JOIN $course_user_table cu + ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."' + INNER JOIN $tbl_url_rel_user as url_rel_user + ON (url_rel_user.user_id = u.user_id) + WHERE cu.user_id IS NULL AND u.status<>".DRH." AND access_url_id= $url_access_id "; + } + } + } + } else { + // students + if ($sessionId != 0) { + $sql = "SELECT COUNT(u.id) + FROM $user_table u + LEFT JOIN $tbl_session_rel_course_user cu + ON + u.user_id = cu.user_id AND + c_id='".api_get_course_int_id()."' AND + session_id ='".$sessionId."' + WHERE + cu.user_id IS NULL AND + u.status<>".DRH." AND + (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; if (api_is_multiple_url_enabled()) { $url_access_id = api_get_current_access_url_id(); if ($url_access_id !=-1) { $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); - $sql = "SELECT COUNT(u.user_id) + $sql = "SELECT COUNT(u.id) FROM $user_table u LEFT JOIN $tbl_session_rel_course_user cu ON @@ -312,7 +312,7 @@ function get_number_of_users() c_id='".api_get_course_int_id()."' AND session_id ='".$sessionId."' INNER JOIN $tbl_url_rel_user as url_rel_user - ON (url_rel_user.user_id = u.user_id) + ON (url_rel_user.user_id = u.id) WHERE cu.user_id IS NULL AND u.status<>".DRH." AND @@ -321,7 +321,7 @@ function get_number_of_users() } } } else { - $sql = "SELECT COUNT(u.user_id) + $sql = "SELECT COUNT(u.id) FROM $user_table u LEFT JOIN $course_user_table cu ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."'"; @@ -350,16 +350,17 @@ function get_number_of_users() if ($url_access_id !=-1) { $tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); - $sql = "SELECT COUNT(u.user_id) + $sql = "SELECT COUNT(u.id) FROM $user_table u - LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and c_id='".api_get_course_int_id()."' + LEFT JOIN $course_user_table cu + ON u.user_id = cu.user_id AND c_id='".api_get_course_int_id()."' INNER JOIN $tbl_url_rel_user as url_rel_user - ON (url_rel_user.user_id = u.user_id) + ON (url_rel_user.user_id = u.id) WHERE cu.user_id IS NULL AND access_url_id= $url_access_id AND u.status <> ".DRH." "; } } - } - } + } + } // when there is a keyword then we are searching and we have to change the SQL statement if (isset($_GET['keyword']) && !empty($_GET['keyword'])) { @@ -425,7 +426,7 @@ function get_user_data($from, $number_of_items, $column, $direction) $is_western_name_order = api_is_western_name_order(); if (api_get_setting('show_email_addresses') === 'true') { - $select_fields = "u.user_id AS col0, + $select_fields = "u.id AS col0, u.official_code AS col1, ".($is_western_name_order ? "u.firstname AS col2, @@ -474,12 +475,11 @@ function get_user_data($from, $number_of_items, $column, $direction) (u.official_code <> 'ADMIN' OR u.official_code IS NULL) AND field_values.field_id = '".intval($field_identification[0])."' AND field_values.value = '".Database::escape_string($field_identification[1])."'"; - } else { - $sql .= "WHERE cu.user_id IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; - } - - $sql .= " AND access_url_id= $url_access_id"; + } else { + $sql .= "WHERE cu.user_id IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) "; + } + $sql .= " AND access_url_id = $url_access_id"; } else { // adding a teacher NOT through a session $sql = "SELECT $select_fields @@ -664,7 +664,9 @@ function get_user_data($from, $number_of_items, $column, $direction) // Sorting and pagination (used by the sortable table) $sql .= " ORDER BY col$column $direction "; - $sql .= " LIMIT $from,$number_of_items"; + $from = (int) $from; + $number_of_items = (int) $number_of_items; + $sql .= " LIMIT $from, $number_of_items"; $res = Database::query($sql); $users = array (); @@ -695,6 +697,8 @@ function reg_filter($user_id) } else { $type = STUDENT; } + $user_id = (int) $user_id; + $result = ''. get_lang("reg").''; @@ -710,7 +714,6 @@ function reg_filter($user_id) * @param string $url_params * @return string Some HTML-code with the lock/unlock button */ - function active_filter($active, $url_params, $row) { $_user = api_get_user_info(); @@ -723,7 +726,7 @@ function active_filter($active, $url_params, $row) $action = 'AccountInactive'; $image = 'error'; } - $result = null; + $result = ''; if ($row['0'] <> $_user['user_id']) { // you cannot lock yourself out otherwise you could disable all the accounts // including your own => everybody is locked out and nobody can change it anymore. @@ -754,6 +757,7 @@ function search_additional_profile_fields($keyword) $tableExtraField = Database::get_main_table(TABLE_EXTRA_FIELD); $table_user = Database::get_main_table(TABLE_MAIN_USER); + $keyword = Database::escape_string($keyword); // getting the field option text that match this keyword (for radio buttons and checkboxes) $sql = "SELECT * FROM $table_user_field_options WHERE display_text LIKE '%".$keyword."%'";